2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
17 * Alternatively, this software may be distributed under the terms of the
18 * GNU General Public License ("GPL") version 2 as published by the Free
19 * Software Foundation.
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * $Id: ieee80211_input.c 3809 2008-07-18 22:00:42Z proski $
39 * IEEE 802.11 input handling.
41 #ifndef AUTOCONF_INCLUDED
42 #include <linux/config.h>
44 #include <linux/version.h>
45 #include <linux/module.h>
46 #include <linux/skbuff.h>
47 #include <linux/netdevice.h>
48 #include <linux/etherdevice.h>
49 #include <linux/random.h>
50 #include <linux/if_vlan.h>
51 #include <net/iw_handler.h> /* wireless_send_event(..) */
52 #include <linux/wireless.h> /* SIOCGIWTHRSPY */
53 #include <linux/if_arp.h> /* ARPHRD_ETHER */
55 #include <net80211/if_llc.h>
56 #include <net80211/if_ethersubr.h>
57 #include <net80211/if_media.h>
58 #include <net80211/if_athproto.h>
60 #include <net80211/ieee80211_var.h>
62 #ifdef IEEE80211_DEBUG
66 * Decide if a received management frame should be
67 * printed when debugging is enabled. This filters some
68 * of the less interesting frames that come frequently
72 doprint(struct ieee80211vap
*vap
, int subtype
)
75 case IEEE80211_FC0_SUBTYPE_BEACON
:
76 return (vap
->iv_ic
->ic_flags
& IEEE80211_F_SCAN
);
77 case IEEE80211_FC0_SUBTYPE_PROBE_REQ
:
78 return (vap
->iv_opmode
== IEEE80211_M_IBSS
);
84 * Emit a debug message about discarding a frame or information
85 * element. One format is for extracting the mac address from
86 * the frame header; the other is for when a header is not
87 * available or otherwise appropriate.
89 #define IEEE80211_DISCARD(_vap, _m, _wh, _type, _fmt, ...) do { \
90 if ((_vap)->iv_debug & (_m)) \
91 ieee80211_discard_frame(_vap, _wh, _type, _fmt, __VA_ARGS__);\
93 #define IEEE80211_DISCARD_IE(_vap, _m, _wh, _type, _fmt, ...) do { \
94 if ((_vap)->iv_debug & (_m)) \
95 ieee80211_discard_ie(_vap, _wh, _type, _fmt, __VA_ARGS__);\
97 #define IEEE80211_DISCARD_MAC(_vap, _m, _mac, _type, _fmt, ...) do { \
98 if ((_vap)->iv_debug & (_m)) \
99 ieee80211_discard_mac(_vap, _mac, _type, _fmt, __VA_ARGS__);\
102 static const u_int8_t
*ieee80211_getbssid(struct ieee80211vap
*,
103 const struct ieee80211_frame
*);
104 static void ieee80211_discard_frame(struct ieee80211vap
*,
105 const struct ieee80211_frame
*, const char *, const char *, ...);
106 static void ieee80211_discard_ie(struct ieee80211vap
*,
107 const struct ieee80211_frame
*, const char *, const char *, ...);
108 static void ieee80211_discard_mac(struct ieee80211vap
*,
109 const u_int8_t mac
[IEEE80211_ADDR_LEN
], const char *,
112 #define IEEE80211_DISCARD(_vap, _m, _wh, _type, _fmt, ...)
113 #define IEEE80211_DISCARD_IE(_vap, _m, _wh, _type, _fmt, ...)
114 #define IEEE80211_DISCARD_MAC(_vap, _m, _mac, _type, _fmt, ...)
115 #endif /* IEEE80211_DEBUG */
117 static struct sk_buff
*ieee80211_defrag(struct ieee80211_node
*,
118 struct sk_buff
*, int);
119 static void ieee80211_deliver_data(struct ieee80211_node
*, struct sk_buff
*);
120 static struct sk_buff
*ieee80211_decap(struct ieee80211vap
*,
121 struct sk_buff
*, int);
122 static void ieee80211_send_error(struct ieee80211_node
*, const u_int8_t
*,
124 static void ieee80211_recv_pspoll(struct ieee80211_node
*, struct sk_buff
*);
125 static int accept_data_frame(struct ieee80211vap
*, struct ieee80211_node
*,
126 struct ieee80211_key
*, struct sk_buff
*, struct ether_header
*);
130 static int athff_decap(struct sk_buff
*);
132 #ifdef USE_HEADERLEN_RESV
133 static __be16
ath_eth_type_trans(struct sk_buff
*, struct net_device
*);
136 #if WIRELESS_EXT >= 16
138 * Given a node and the RSSI value of a just received frame from the node, this
139 * function checks if to raise an iwspy event because we iwspy the node and RSSI
140 * exceeds threshold (if active).
143 * @param ni: sender node
144 * @param rssi: RSSI value of received frame
147 iwspy_event(struct ieee80211vap
*vap
, struct ieee80211_node
*ni
, u_int rssi
)
149 if (vap
->iv_spy
.thr_low
&& vap
->iv_spy
.num
&& ni
&& (rssi
<
150 vap
->iv_spy
.thr_low
|| rssi
> vap
->iv_spy
.thr_high
)) {
152 for (i
= 0; i
< vap
->iv_spy
.num
; i
++) {
153 if (IEEE80211_ADDR_EQ(ni
->ni_macaddr
,
154 &(vap
->iv_spy
.mac
[i
* IEEE80211_ADDR_LEN
]))) {
156 union iwreq_data wrq
;
157 struct iw_thrspy thr
;
158 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DEBUG
,
159 "%s: we spy " MAC_FMT
160 ", threshold is active and rssi exceeds"
161 " it -> raise an iwspy event\n",
162 __func__
, MAC_ADDR(ni
->ni_macaddr
));
163 memset(&wrq
, 0, sizeof(wrq
));
165 memset(&thr
, 0, sizeof(struct iw_thrspy
));
166 memcpy(thr
.addr
.sa_data
, ni
->ni_macaddr
,
168 thr
.addr
.sa_family
= ARPHRD_ETHER
;
169 set_quality(&thr
.qual
, rssi
, vap
->iv_ic
->ic_channoise
);
170 set_quality(&thr
.low
, vap
->iv_spy
.thr_low
, vap
->iv_ic
->ic_channoise
);
171 set_quality(&thr
.high
, vap
->iv_spy
.thr_high
, vap
->iv_ic
->ic_channoise
);
172 wireless_send_event(vap
->iv_dev
,
173 SIOCGIWTHRSPY
, &wrq
, (char *)&thr
);
181 #define iwspy_event(_vap, _ni, _rssi)
182 #endif /* WIRELESS_EXT >= 16 */
185 * Process a received frame. The node associated with the sender
186 * should be supplied. If nothing was found in the node table then
187 * the caller is assumed to supply a reference to ic_bss instead.
188 * The RSSI and a timestamp are also supplied. The RSSI data is used
189 * during AP scanning to select a AP to associate with; it can have
190 * any units so long as values have consistent units and higher values
191 * mean ``better signal''. The receive timestamp is currently not used
192 * by the 802.11 layer.
194 * Context: softIRQ (tasklet)
197 ieee80211_input(struct ieee80211vap
*vap
, struct ieee80211_node
*ni_or_null
,
198 struct sk_buff
*skb
, int rssi
, u_int64_t rtsf
)
200 #define HAS_SEQ(type) ((type & 0x4) == 0)
201 struct ieee80211_node
*ni
= ni_or_null
;
202 struct ieee80211com
*ic
= vap
->iv_ic
;
203 struct net_device
*dev
= vap
->iv_dev
;
204 struct ieee80211_frame
*wh
;
205 struct ieee80211_key
*key
;
206 struct ether_header
*eh
;
211 u_int8_t dir
, type
= -1, subtype
;
215 if ((vap
->iv_dev
->flags
& (IFF_RUNNING
| IFF_UP
)) !=
216 (IFF_RUNNING
| IFF_UP
))
219 /* Initialize ni as in the previous API. */
220 if (ni_or_null
== NULL
) {
221 /* This function does not 'own' vap->iv_bss, so we cannot
222 * guarantee its existence during the following call, hence
223 * briefly grab our own reference. */
224 ni
= ieee80211_ref_node(vap
->iv_bss
);
226 KASSERT(skb
!= NULL
, ("null skb"));
227 KASSERT(ni
!= NULL
, ("null node"));
228 ni
->ni_inact
= ni
->ni_inact_reload
;
230 /* In monitor mode, send everything directly to bpf.
231 * Also do not process frames w/o i_addr2 any further.
232 * XXX: may want to include the CRC. */
233 if (vap
->iv_opmode
== IEEE80211_M_MONITOR
)
235 if (skb
->len
< sizeof(struct ieee80211_frame_min
)) {
236 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_ANY
,
237 ni
->ni_macaddr
, NULL
,
238 "too short (1): len %u", skb
->len
);
239 vap
->iv_stats
.is_rx_tooshort
++;
243 /* Bit of a cheat here, we use a pointer for a 3-address
244 * frame format but don't reference fields past outside
245 * ieee80211_frame_min w/o first validating the data is
247 wh
= (struct ieee80211_frame
*)skb
->data
;
249 if ((wh
->i_fc
[0] & IEEE80211_FC0_VERSION_MASK
) !=
250 IEEE80211_FC0_VERSION_0
) {
251 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_ANY
,
252 ni
->ni_macaddr
, NULL
, "wrong version %x", wh
->i_fc
[0]);
253 vap
->iv_stats
.is_rx_badversion
++;
257 dir
= wh
->i_fc
[1] & IEEE80211_FC1_DIR_MASK
;
258 type
= wh
->i_fc
[0] & IEEE80211_FC0_TYPE_MASK
;
259 subtype
= wh
->i_fc
[0] & IEEE80211_FC0_SUBTYPE_MASK
;
260 if ((ic
->ic_flags
& IEEE80211_F_SCAN
) == 0) {
261 switch (vap
->iv_opmode
) {
262 case IEEE80211_M_STA
:
264 if (!IEEE80211_ADDR_EQ(bssid
, vap
->iv_bssid
)) {
265 /* not interested in */
266 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
267 bssid
, NULL
, "%s", "not to bss");
268 vap
->iv_stats
.is_rx_wrongbss
++;
271 iwspy_event(vap
, ni
, rssi
);
273 case IEEE80211_M_IBSS
:
274 case IEEE80211_M_AHDEMO
:
275 if (dir
!= IEEE80211_FC1_DIR_NODS
)
277 else if (type
== IEEE80211_FC0_TYPE_CTL
)
280 if (skb
->len
< sizeof(struct ieee80211_frame
)) {
281 IEEE80211_DISCARD_MAC(vap
,
282 IEEE80211_MSG_ANY
, ni
->ni_macaddr
,
283 NULL
, "too short (2): len %u",
285 vap
->iv_stats
.is_rx_tooshort
++;
290 /* Do not try to find a node reference if the packet really did come from the BSS */
291 if (type
== IEEE80211_FC0_TYPE_DATA
&& ni
== vap
->iv_bss
&&
292 !IEEE80211_ADDR_EQ(vap
->iv_bss
->ni_macaddr
, wh
->i_addr2
)) {
293 /* Try to find sender in local node table. */
294 ni
= ieee80211_find_node(vap
->iv_bss
->ni_table
, wh
->i_addr2
);
297 * Fake up a node for this newly discovered
298 * member of the IBSS. This should probably
299 * done after an ACL check.
301 ni
= ieee80211_fakeup_adhoc_node(vap
,
304 /* NB: stat kept for alloc failure */
309 iwspy_event(vap
, ni
, rssi
);
311 case IEEE80211_M_HOSTAP
:
312 if (dir
!= IEEE80211_FC1_DIR_NODS
)
314 else if (type
== IEEE80211_FC0_TYPE_CTL
)
317 if (skb
->len
< sizeof(struct ieee80211_frame
)) {
318 IEEE80211_DISCARD_MAC(vap
,
319 IEEE80211_MSG_ANY
, ni
->ni_macaddr
,
320 NULL
, "too short (2): len %u",
322 vap
->iv_stats
.is_rx_tooshort
++;
328 * Validate the bssid.
331 if (!IEEE80211_ADDR_EQ(bssid
, vap
->iv_bssid
) &&
332 !IEEE80211_ADDR_EQ(bssid
, dev
->broadcast
)) {
334 * allow MGT frames to vap->iv_xrvap.
335 * this will allow roaming between XR and normal vaps
336 * without station dis associating from previous vap.
338 if (!(vap
->iv_xrvap
&&
339 IEEE80211_ADDR_EQ(bssid
, vap
->iv_xrvap
->iv_bssid
) &&
340 type
== IEEE80211_FC0_TYPE_MGT
&&
341 ni
!= vap
->iv_bss
)) {
342 /* not interested in */
343 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
344 bssid
, NULL
, "%s", "not to bss or xrbss");
345 vap
->iv_stats
.is_rx_wrongbss
++;
350 if (!IEEE80211_ADDR_EQ(bssid
, vap
->iv_bssid
) &&
351 !IEEE80211_ADDR_EQ(bssid
, dev
->broadcast
)) {
352 /* not interested in */
353 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
354 bssid
, NULL
, "%s", "not to bss");
355 vap
->iv_stats
.is_rx_wrongbss
++;
361 case IEEE80211_M_WDS
:
362 if (skb
->len
< sizeof(struct ieee80211_frame_addr4
)) {
363 IEEE80211_DISCARD_MAC(vap
,
364 IEEE80211_MSG_ANY
, ni
->ni_macaddr
,
365 NULL
, "too short (3): len %u",
367 vap
->iv_stats
.is_rx_tooshort
++;
371 if (!IEEE80211_ADDR_EQ(bssid
, vap
->iv_bssid
) &&
372 !IEEE80211_ADDR_EQ(bssid
, dev
->broadcast
)) {
373 /* not interested in */
374 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
375 bssid
, NULL
, "%s", "not to bss");
376 vap
->iv_stats
.is_rx_wrongbss
++;
379 if (!IEEE80211_ADDR_EQ(wh
->i_addr2
, vap
->wds_mac
)) {
380 /* not interested in */
381 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
382 wh
->i_addr2
, NULL
, "%s", "not from DS");
383 vap
->iv_stats
.is_rx_wrongbss
++;
388 /* XXX catch bad values */
391 /* since ieee80211_input() can be called multiple times for
392 * flooding VAPs when we don't know which VAP needs the packet -
393 * we don't want to update the wrong state when ni is assigned
394 * to the bss node to accomodate this case. */
395 if (IEEE80211_ADDR_EQ(wh
->i_addr2
, ni
->ni_macaddr
)) {
398 ni
->ni_last_rx
= jiffies
;
402 if (IEEE80211_QOS_HAS_SEQ(wh
)) {
403 tid
= ((struct ieee80211_qosframe
*)wh
)->
404 i_qos
[0] & IEEE80211_QOS_TID
;
405 if (TID_TO_WME_AC(tid
) >= WME_AC_VI
)
406 ic
->ic_wme
.wme_hipri_traffic
++;
410 rxseq
= le16toh(*(__le16
*)wh
->i_seq
);
411 if ((wh
->i_fc
[1] & IEEE80211_FC1_RETRY
) &&
412 IEEE80211_SEQ_LEQ(rxseq
, ni
->ni_rxseqs
[tid
])) {
413 /* duplicate, discard */
414 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
416 "seqno <%u,%u> fragno <%u,%u> tid %u",
417 rxseq
>> IEEE80211_SEQ_SEQ_SHIFT
,
418 ni
->ni_rxseqs
[tid
] >>
419 IEEE80211_SEQ_SEQ_SHIFT
,
420 rxseq
& IEEE80211_SEQ_FRAG_MASK
,
422 IEEE80211_SEQ_FRAG_MASK
,
424 vap
->iv_stats
.is_rx_dup
++;
425 IEEE80211_NODE_STAT(ni
, rx_dup
);
428 ni
->ni_rxseqs
[tid
] = rxseq
;
433 case IEEE80211_FC0_TYPE_DATA
:
434 hdrlen
= ieee80211_hdrsize(wh
);
435 if (skb
->len
< hdrlen
) {
436 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ANY
,
437 wh
, "data", "too short: len %u, expecting %u",
439 vap
->iv_stats
.is_rx_tooshort
++;
442 switch (vap
->iv_opmode
) {
443 case IEEE80211_M_STA
:
444 if ((dir
!= IEEE80211_FC1_DIR_FROMDS
) &&
445 (!((vap
->iv_flags_ext
& IEEE80211_FEXT_WDS
) &&
446 (dir
== IEEE80211_FC1_DIR_DSTODS
)))) {
447 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ANY
,
448 wh
, "data", "invalid dir 0x%x", dir
);
449 vap
->iv_stats
.is_rx_wrongdir
++;
453 if (IEEE80211_IS_MULTICAST(wh
->i_addr1
)) {
454 /* Discard multicast if IFF_MULTICAST not set */
455 if ((0 != memcmp(wh
->i_addr3
, dev
->broadcast
, ETH_ALEN
)) &&
456 (0 == (dev
->flags
& IFF_MULTICAST
))) {
457 IEEE80211_DISCARD(vap
, IEEE80211_MSG_INPUT
,
458 wh
, NULL
, "%s", "multicast disabled.");
459 printk(KERN_ERR
"CONFIG ERROR: multicast flag "
460 "cleared on radio, but multicast was used.\n");
461 vap
->iv_stats
.is_rx_mcastdisabled
++;
464 /* Discard echos of our own multicast or broadcast */
465 if (IEEE80211_ADDR_EQ(wh
->i_addr3
, vap
->iv_myaddr
)) {
467 * In IEEE802.11 network, multicast packet
468 * sent from me is broadcasted from AP.
469 * It should be silently discarded for
472 * NB: Linux has no IFF_ flag to indicate
473 * if an interface is SIMPLEX or not;
474 * so we always assume it to be true.
476 IEEE80211_DISCARD(vap
, IEEE80211_MSG_INPUT
,
477 wh
, NULL
, "%s", "multicast echo");
478 vap
->iv_stats
.is_rx_mcastecho
++;
482 * if it is brodcasted by me on behalf of
483 * a station behind me, drop it.
485 if (vap
->iv_flags_ext
& IEEE80211_FEXT_WDS
) {
486 struct ieee80211_node_table
*nt
;
487 struct ieee80211_node
*ni_wds
;
489 ni_wds
= ieee80211_find_wds_node(nt
, wh
->i_addr3
);
491 ieee80211_unref_node(&ni_wds
);
492 IEEE80211_DISCARD(vap
, IEEE80211_MSG_INPUT
,
494 "multicast echo originated from node behind me");
495 vap
->iv_stats
.is_rx_mcastecho
++;
501 case IEEE80211_M_IBSS
:
502 case IEEE80211_M_AHDEMO
:
503 if (dir
!= IEEE80211_FC1_DIR_NODS
) {
504 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ANY
,
505 wh
, "data", "invalid dir 0x%x", dir
);
506 vap
->iv_stats
.is_rx_wrongdir
++;
509 /* XXX no power-save support */
511 case IEEE80211_M_HOSTAP
:
512 if ((dir
!= IEEE80211_FC1_DIR_TODS
) &&
513 (dir
!= IEEE80211_FC1_DIR_DSTODS
)) {
514 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ANY
,
515 wh
, "data", "invalid dir 0x%x", dir
);
516 vap
->iv_stats
.is_rx_wrongdir
++;
519 /* check if source STA is associated */
520 if (ni
== vap
->iv_bss
) {
521 IEEE80211_DISCARD(vap
, IEEE80211_MSG_INPUT
,
522 wh
, "data", "%s", "unknown src");
523 /* NB: caller deals with reference */
524 if (vap
->iv_state
== IEEE80211_S_RUN
)
525 ieee80211_send_error(ni
, wh
->i_addr2
,
526 IEEE80211_FC0_SUBTYPE_DEAUTH
,
527 IEEE80211_REASON_NOT_AUTHED
);
528 vap
->iv_stats
.is_rx_notassoc
++;
531 if (ni
->ni_associd
== 0) {
532 IEEE80211_DISCARD(vap
, IEEE80211_MSG_INPUT
,
533 wh
, "data", "%s", "unassoc src");
534 IEEE80211_SEND_MGMT(ni
,
535 IEEE80211_FC0_SUBTYPE_DISASSOC
,
536 IEEE80211_REASON_NOT_ASSOCED
);
537 vap
->iv_stats
.is_rx_notassoc
++;
541 * If we're a 4 address packet, make sure we have an entry in
542 * the node table for the packet source address (addr4).
545 /* XXX: Useless node mgmt API; make better */
546 if (dir
== IEEE80211_FC1_DIR_DSTODS
) {
547 struct ieee80211_node_table
*nt
;
548 struct ieee80211_frame_addr4
*wh4
;
549 struct ieee80211_node
*ni_wds
;
551 if (!(vap
->iv_flags_ext
& IEEE80211_FEXT_WDS
)) {
552 IEEE80211_DISCARD(vap
, IEEE80211_MSG_INPUT
,
553 wh
, "data", "%s", "4 addr not allowed");
556 wh4
= (struct ieee80211_frame_addr4
*)skb
->data
;
558 ni_wds
= ieee80211_find_wds_node(nt
, wh4
->i_addr4
);
559 /* Last call increments ref count if !NULL */
560 if ((ni_wds
!= NULL
) && (ni_wds
!= ni
)) {
562 * node with source address (addr4) moved
563 * to another WDS capable station. remove the
564 * reference to the previous station and add
565 * reference to the new one
567 (void) ieee80211_remove_wds_addr(nt
, wh4
->i_addr4
);
568 ieee80211_add_wds_addr(nt
, ni
, wh4
->i_addr4
, 0);
571 ieee80211_add_wds_addr(nt
, ni
, wh4
->i_addr4
, 0);
573 ieee80211_unref_node(&ni_wds
);
577 * Check for power save state change.
579 if (!(ni
->ni_flags
& IEEE80211_NODE_UAPSD
)) {
580 if ((wh
->i_fc
[1] & IEEE80211_FC1_PWR_MGT
) ^
581 (ni
->ni_flags
& IEEE80211_NODE_PWR_MGT
))
582 ieee80211_node_pwrsave(ni
, wh
->i_fc
[1] & IEEE80211_FC1_PWR_MGT
);
583 } else if (ni
->ni_flags
& IEEE80211_NODE_PS_CHANGED
) {
584 int pwr_save_changed
= 0;
585 IEEE80211_LOCK_IRQ(ic
);
586 if ((*(__le16
*)(&wh
->i_seq
[0])) == ni
->ni_pschangeseq
) {
587 ni
->ni_flags
&= ~IEEE80211_NODE_PS_CHANGED
;
588 pwr_save_changed
= 1;
590 IEEE80211_UNLOCK_IRQ(ic
);
591 if (pwr_save_changed
)
592 ieee80211_node_pwrsave(ni
, wh
->i_fc
[1] & IEEE80211_FC1_PWR_MGT
);
595 case IEEE80211_M_WDS
:
596 if (dir
!= IEEE80211_FC1_DIR_DSTODS
) {
597 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ANY
,
598 wh
, "data", "invalid dir 0x%x", dir
);
599 vap
->iv_stats
.is_rx_wrongdir
++;
604 /* XXX here to keep compiler happy */
608 /* These frames have no further meaning. */
609 if ((subtype
== IEEE80211_FC0_SUBTYPE_NULL
) ||
610 (subtype
== IEEE80211_FC0_SUBTYPE_QOS_NULL
))
614 * Handle privacy requirements. Note that we
615 * must not be preempted from here until after
616 * we (potentially) call ieee80211_crypto_demic;
617 * otherwise we may violate assumptions in the
618 * crypto cipher modules used to do delayed update
619 * of replay sequence numbers.
621 if (wh
->i_fc
[1] & IEEE80211_FC1_PROT
) {
622 if ((vap
->iv_flags
& IEEE80211_F_PRIVACY
) == 0) {
624 * Discard encrypted frames when privacy is off.
626 IEEE80211_DISCARD(vap
, IEEE80211_MSG_INPUT
,
627 wh
, "WEP", "%s", "PRIVACY off");
628 vap
->iv_stats
.is_rx_noprivacy
++;
629 IEEE80211_NODE_STAT(ni
, rx_noprivacy
);
632 key
= ieee80211_crypto_decap(ni
, skb
, hdrlen
);
634 /* NB: stats+msgs handled in crypto_decap */
635 IEEE80211_NODE_STAT(ni
, rx_wepfail
);
638 wh
= (struct ieee80211_frame
*)skb
->data
;
639 wh
->i_fc
[1] &= ~IEEE80211_FC1_PROT
;
643 /* Next up, any fragmentation. */
644 if (!IEEE80211_IS_MULTICAST(wh
->i_addr1
)) {
645 skb
= ieee80211_defrag(ni
, skb
, hdrlen
);
647 /* Fragment dropped or frame not complete yet */
651 wh
= NULL
; /* no longer valid, catch any uses */
653 /* Next strip any MSDU crypto. bits. */
655 !ieee80211_crypto_demic(vap
, key
, skb
, hdrlen
, 0)) {
656 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
657 ni
->ni_macaddr
, "data", "%s", "demic error");
658 IEEE80211_NODE_STAT(ni
, rx_demicfail
);
662 /* Finally, strip the 802.11 header. */
663 skb
= ieee80211_decap(vap
, skb
, hdrlen
);
665 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
666 ni
->ni_macaddr
, "data", "%s", "decap error");
667 vap
->iv_stats
.is_rx_decap
++;
668 IEEE80211_NODE_STAT(ni
, rx_decap
);
671 eh
= (struct ether_header
*)skb
->data
;
673 if (!accept_data_frame(vap
, ni
, key
, skb
, eh
))
676 vap
->iv_devstats
.rx_packets
++;
677 vap
->iv_devstats
.rx_bytes
+= skb
->len
;
678 IEEE80211_NODE_STAT(ni
, rx_data
);
679 IEEE80211_NODE_STAT_ADD(ni
, rx_bytes
, skb
->len
);
680 ic
->ic_lastdata
= jiffies
;
684 llc
= (struct llc
*)(skb
->data
+ sizeof(struct ether_header
));
685 if (ntohs(llc
->llc_snap
.ether_type
) == (u_int16_t
)ATH_ETH_TYPE
) {
686 struct sk_buff
*skb1
= NULL
;
687 struct ether_header
*eh_tmp
;
688 struct athl2p_tunnel_hdr
*ath_hdr
;
689 unsigned int frame_len
;
691 /* NB: assumes linear (i.e., non-fragmented) skb */
693 /* get to the tunneled headers */
694 ath_hdr
= (struct athl2p_tunnel_hdr
*)
695 skb_pull(skb
, sizeof(struct ether_header
) + LLC_SNAPFRAMELEN
);
696 /* ignore invalid frames */
700 /* only implementing FF now. drop all others. */
701 if (ath_hdr
->proto
!= ATH_L2TUNNEL_PROTO_FF
) {
702 IEEE80211_DISCARD_MAC(vap
,
703 IEEE80211_MSG_SUPG
| IEEE80211_MSG_INPUT
,
704 eh
->ether_shost
, "fast-frame",
705 "bad atheros tunnel prot %u",
707 vap
->iv_stats
.is_rx_badathtnl
++;
710 vap
->iv_stats
.is_rx_ffcnt
++;
712 /* move past the tunneled header, with alignment */
713 skb_pull(skb
, roundup(sizeof(struct athl2p_tunnel_hdr
) - 2, 4) + 2);
714 eh_tmp
= (struct ether_header
*)skb
->data
;
716 /* ether_type must be length as FF frames are always LLC/SNAP encap'd */
717 frame_len
= ntohs(eh_tmp
->ether_type
);
719 skb1
= skb_copy(skb
, GFP_ATOMIC
);
722 ieee80211_skb_copy_noderef(skb
, skb1
);
724 /* we now have 802.3 MAC hdr followed by 802.2 LLC/SNAP; convert to EthernetII.
725 * Note that the frame is at least IEEE80211_MIN_LEN, due to the driver code. */
728 /* remove second frame from end of first */
729 skb_trim(skb
, sizeof(struct ether_header
) + frame_len
- LLC_SNAPFRAMELEN
);
731 /* prepare second tunneled frame */
732 skb_pull(skb1
, roundup(sizeof(struct ether_header
) + frame_len
, 4));
734 /* Fail if there is no space left for at least the necessary headers */
735 if (athff_decap(skb1
)) {
736 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
737 ni
->ni_macaddr
, "data", "%s", "Decapsulation error");
738 vap
->iv_stats
.is_rx_decap
++;
739 IEEE80211_NODE_STAT(ni
, rx_decap
);
740 ieee80211_dev_kfree_skb(&skb1
); /* This is a copy! */
744 /* Deliver the frames. */
745 ieee80211_deliver_data(ni
, skb
);
746 ieee80211_deliver_data(ni
, skb1
);
748 /* Assume non-atheros LLC type. */
749 ieee80211_deliver_data(ni
, skb
);
751 #else /* !ATH_SUPERG_FF */
752 ieee80211_deliver_data(ni
, skb
);
754 if (ni_or_null
== NULL
)
755 ieee80211_unref_node(&ni
);
756 /* XXX: Why doesn't this use 'goto out'?
757 * If it did, then the SKB would be accessed after we
758 * have given it to ieee80211_deliver_data and we get
760 return IEEE80211_FC0_TYPE_DATA
;
761 case IEEE80211_FC0_TYPE_MGT
:
762 /* WDS opmode does not support management frames. */
763 if (vap
->iv_opmode
== IEEE80211_M_WDS
) {
764 vap
->iv_stats
.is_rx_mgtdiscard
++;
767 IEEE80211_NODE_STAT(ni
, rx_mgmt
);
768 if (dir
!= IEEE80211_FC1_DIR_NODS
) {
769 vap
->iv_stats
.is_rx_wrongdir
++;
772 if (skb
->len
< sizeof(struct ieee80211_frame
)) {
773 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_ANY
,
774 ni
->ni_macaddr
, "mgt", "too short: len %u",
776 vap
->iv_stats
.is_rx_tooshort
++;
779 #ifdef IEEE80211_DEBUG
780 if ((ieee80211_msg_debug(vap
) && doprint(vap
, subtype
)) ||
781 ieee80211_msg_dumppkts(vap
)) {
783 "received %s from " MAC_FMT
" rssi %d\n",
784 ieee80211_mgt_subtype_name
[subtype
>>
785 IEEE80211_FC0_SUBTYPE_SHIFT
],
786 MAC_ADDR(wh
->i_addr2
), rssi
);
789 if (wh
->i_fc
[1] & IEEE80211_FC1_PROT
) {
790 if (subtype
!= IEEE80211_FC0_SUBTYPE_AUTH
) {
792 * Only shared key auth frames with a challenge
793 * should be encrypted, discard all others.
795 IEEE80211_DISCARD(vap
, IEEE80211_MSG_INPUT
,
796 wh
, ieee80211_mgt_subtype_name
[subtype
>>
797 IEEE80211_FC0_SUBTYPE_SHIFT
],
798 "%s", "WEP set but not permitted");
799 vap
->iv_stats
.is_rx_mgtdiscard
++; /* XXX */
802 if ((vap
->iv_flags
& IEEE80211_F_PRIVACY
) == 0) {
804 * Discard encrypted frames when privacy is off.
806 IEEE80211_DISCARD(vap
, IEEE80211_MSG_INPUT
,
807 wh
, "mgt", "%s", "WEP set but PRIVACY off");
808 vap
->iv_stats
.is_rx_noprivacy
++;
811 hdrlen
= ieee80211_hdrsize(wh
);
812 key
= ieee80211_crypto_decap(ni
, skb
, hdrlen
);
814 /* NB: stats+msgs handled in crypto_decap */
817 wh
= (struct ieee80211_frame
*)skb
->data
;
818 wh
->i_fc
[1] &= ~IEEE80211_FC1_PROT
;
820 ic
->ic_recv_mgmt(vap
, ni_or_null
, skb
, subtype
, rssi
, rtsf
);
823 case IEEE80211_FC0_TYPE_CTL
:
824 IEEE80211_NODE_STAT(ni
, rx_ctrl
);
825 vap
->iv_stats
.is_rx_ctl
++;
826 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
)
827 if (subtype
== IEEE80211_FC0_SUBTYPE_PS_POLL
)
828 ieee80211_recv_pspoll(ni
, skb
);
832 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ANY
,
833 wh
, NULL
, "bad frame type 0x%x", type
);
834 /* should not come here */
838 vap
->iv_devstats
.rx_errors
++;
840 ieee80211_dev_kfree_skb(&skb
);
841 if (ni_or_null
== NULL
)
842 ieee80211_unref_node(&ni
);
847 EXPORT_SYMBOL(ieee80211_input
);
849 * Context: softIRQ (tasklet)
852 ieee80211_input_all(struct ieee80211com
*ic
,
853 struct sk_buff
*skb
, int rssi
, u_int64_t rtsf
)
855 struct ieee80211vap
*vap
, *next_vap
;
856 struct sk_buff
*tskb
= NULL
;
857 int type
= -1; /* Used to determine when to blinks LEDs. */
859 /* Create a new SKB copy for each VAP except the last
860 * one, which gets the original SKB. */
861 vap
= TAILQ_FIRST(&ic
->ic_vaps
);
863 for (next_vap
= TAILQ_NEXT(vap
, iv_next
); next_vap
;
864 next_vap
= TAILQ_NEXT(next_vap
, iv_next
)) {
865 if ((next_vap
->iv_dev
->flags
& (IFF_RUNNING
| IFF_UP
))
866 == (IFF_RUNNING
| IFF_UP
))
874 tskb
= skb_copy(skb
, GFP_ATOMIC
);
877 /* XXX: Brilliant OOM handling. */
878 vap
->iv_devstats
.tx_dropped
++;
880 type
= ieee80211_input(vap
, NULL
, tskb
, rssi
, rtsf
);
885 ieee80211_dev_kfree_skb(&skb
);
888 EXPORT_SYMBOL(ieee80211_input_all
);
891 * Determines whether a frame should be accepted, based on information
892 * about the frame's origin and encryption, and policy for this vap.
894 static int accept_data_frame(struct ieee80211vap
*vap
,
895 struct ieee80211_node
*ni
, struct ieee80211_key
*key
,
896 struct sk_buff
*skb
, struct ether_header
*eh
)
898 #define IS_EAPOL(eh) ((eh)->ether_type == __constant_htons(ETHERTYPE_PAE))
899 #define PAIRWISE_SET(vap) ((vap)->iv_nw_keys[0].wk_cipher != &ieee80211_cipher_none)
901 /* encrypted eapol is always OK */
904 /* cleartext eapol is OK if we don't have pairwise keys yet */
905 if (!PAIRWISE_SET(vap
))
907 /* cleartext eapol is OK if configured to allow it */
908 if (!IEEE80211_VAP_DROPUNENC_EAPOL(vap
))
910 /* cleartext eapol is OK if other unencrypted is OK */
911 if (!(vap
->iv_flags
& IEEE80211_F_DROPUNENC
))
914 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
915 eh
->ether_shost
, "data",
916 "unauthorized port: ether type 0x%x len %u",
917 ntohs(eh
->ether_type
), skb
->len
);
918 vap
->iv_stats
.is_rx_unauth
++;
919 vap
->iv_devstats
.rx_errors
++;
920 IEEE80211_NODE_STAT(ni
, rx_unauth
);
924 if (!ieee80211_node_is_authorized(ni
)) {
926 * Deny any non-PAE frames received prior to
927 * authorization. For open/shared-key
928 * authentication the port is mark authorized
929 * after authentication completes. For 802.1x
930 * the port is not marked authorized by the
931 * authenticator until the handshake has completed.
933 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
934 eh
->ether_shost
, "data",
935 "unauthorized port: ether type 0x%x len %u",
936 ntohs(eh
->ether_type
), skb
->len
);
937 vap
->iv_stats
.is_rx_unauth
++;
938 vap
->iv_devstats
.rx_errors
++;
939 IEEE80211_NODE_STAT(ni
, rx_unauth
);
943 * When denying unencrypted frames, discard
944 * any non-PAE frames received without encryption.
946 if ((vap
->iv_flags
& IEEE80211_F_DROPUNENC
) && key
== NULL
) {
947 IEEE80211_NODE_STAT(ni
, rx_unencrypted
);
958 * This function reassemble fragments using the skb of the 1st fragment,
959 * if large enough. If not, a new skb is allocated to hold incoming
962 * Fragments are copied at the end of the previous fragment. A different
963 * strategy could have been used, where a non-linear skb is allocated and
964 * fragments attached to that skb.
966 static struct sk_buff
*
967 ieee80211_defrag(struct ieee80211_node
*ni
, struct sk_buff
*skb
, int hdrlen
)
969 struct ieee80211_frame
*wh
= (struct ieee80211_frame
*)skb
->data
;
970 u_int16_t rxseq
, last_rxseq
;
971 u_int8_t fragno
, last_fragno
;
972 u_int8_t more_frag
= wh
->i_fc
[1] & IEEE80211_FC1_MORE_FRAG
;
974 rxseq
= le16_to_cpu(*(__le16
*)wh
->i_seq
) >> IEEE80211_SEQ_SEQ_SHIFT
;
975 fragno
= le16_to_cpu(*(__le16
*)wh
->i_seq
) & IEEE80211_SEQ_FRAG_MASK
;
977 /* Quick way out, if there's nothing to defragment */
978 if (!more_frag
&& fragno
== 0 && ni
->ni_rxfrag
== NULL
)
982 * Remove frag to ensure it doesn't get reaped by timer.
984 if (ni
->ni_table
== NULL
) {
986 * Should never happen. If the node is orphaned (not in
987 * the table) then input packets should not reach here.
988 * Otherwise, a concurrent request that yanks the table
989 * should be blocked by other interlocking and/or by first
990 * shutting the driver down. Regardless, be defensive
993 /* XXX need msg+stat */
994 ieee80211_dev_kfree_skb(&skb
);
999 * Update the time stamp. As a side effect, it
1000 * also makes sure that the timer will not change
1001 * ni->ni_rxfrag for at least 1 second, or in
1002 * other words, for the remaining of this function.
1003 * XXX HUGE HORRIFIC HACK
1005 ni
->ni_rxfragstamp
= jiffies
;
1008 * Validate that fragment is in order and
1009 * related to the previous ones.
1011 if (ni
->ni_rxfrag
) {
1012 struct ieee80211_frame
*lwh
;
1014 lwh
= (struct ieee80211_frame
*)ni
->ni_rxfrag
->data
;
1015 last_rxseq
= le16_to_cpu(*(__le16
*)lwh
->i_seq
) >>
1016 IEEE80211_SEQ_SEQ_SHIFT
;
1017 last_fragno
= le16_to_cpu(*(__le16
*)lwh
->i_seq
) &
1018 IEEE80211_SEQ_FRAG_MASK
;
1019 if (rxseq
!= last_rxseq
1020 || fragno
!= last_fragno
+ 1
1021 || (!IEEE80211_ADDR_EQ(wh
->i_addr1
, lwh
->i_addr1
))
1022 || (!IEEE80211_ADDR_EQ(wh
->i_addr2
, lwh
->i_addr2
))
1023 || (ni
->ni_rxfrag
->end
- ni
->ni_rxfrag
->tail
<
1026 * Unrelated fragment or no space for it,
1027 * clear current fragments
1029 ieee80211_dev_kfree_skb(&ni
->ni_rxfrag
);
1033 /* If this is the first fragment */
1034 if (ni
->ni_rxfrag
== NULL
&& fragno
== 0) {
1035 ni
->ni_rxfrag
= skb
;
1036 /* If more frags are coming */
1038 if (skb_is_nonlinear(skb
)) {
1040 * We need a continous buffer to
1041 * assemble fragments
1043 ni
->ni_rxfrag
= skb_copy(skb
, GFP_ATOMIC
);
1044 if (ni
->ni_rxfrag
) {
1045 ieee80211_skb_copy_noderef(skb
, ni
->ni_rxfrag
);
1046 ieee80211_dev_kfree_skb(&skb
);
1050 * Check that we have enough space to hold
1051 * incoming fragments
1052 * XXX 4-address/QoS frames?
1054 else if ((skb_end_pointer(skb
) - skb
->head
) <
1055 (ni
->ni_vap
->iv_dev
->mtu
+ hdrlen
)) {
1056 ni
->ni_rxfrag
= skb_copy_expand(skb
, 0,
1057 (ni
->ni_vap
->iv_dev
->mtu
+ hdrlen
) -
1058 (skb_end_pointer(skb
) - skb
->head
),
1061 ieee80211_skb_copy_noderef(skb
, ni
->ni_rxfrag
);
1062 ieee80211_dev_kfree_skb(&skb
);
1066 if (ni
->ni_rxfrag
) {
1067 struct ieee80211_frame
*lwh
= (struct ieee80211_frame
*)
1068 ni
->ni_rxfrag
->data
;
1071 * We know we have enough space to copy,
1072 * we've verified that before
1074 /* Copy current fragment at end of previous one */
1075 memcpy(skb_tail_pointer(ni
->ni_rxfrag
),
1076 skb
->data
+ hdrlen
, skb
->len
- hdrlen
);
1077 /* Update tail and length */
1078 skb_put(ni
->ni_rxfrag
, skb
->len
- hdrlen
);
1079 /* Keep a copy of last sequence and fragno */
1080 *(__le16
*)lwh
->i_seq
= *(__le16
*)wh
->i_seq
;
1082 /* we're done with the fragment */
1083 ieee80211_dev_kfree_skb(&skb
);
1090 /* Last fragment received, we're done! */
1091 skb
= ni
->ni_rxfrag
;
1092 ni
->ni_rxfrag
= NULL
;
1098 ieee80211_deliver_data(struct ieee80211_node
*ni
, struct sk_buff
*skb
)
1100 struct ieee80211vap
*vap
= ni
->ni_vap
;
1101 struct net_device
*dev
= vap
->iv_dev
;
1102 struct ether_header
*eh
= (struct ether_header
*)skb
->data
;
1103 struct ieee80211_node
*tni
;
1106 #ifdef ATH_SUPERG_XR
1108 * if it is a XR vap, send the data to associated normal net
1109 * device. XR vap has a net device which is not registered with
1112 if (vap
->iv_xrvap
&& vap
->iv_flags
& IEEE80211_F_XR
)
1113 dev
= vap
->iv_xrvap
->iv_dev
;
1116 /* perform as a bridge within the vap */
1117 /* XXX intra-vap bridging only */
1118 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
&&
1119 (vap
->iv_flags
& IEEE80211_F_NOBRIDGE
) == 0) {
1120 struct sk_buff
*skb1
= NULL
;
1122 if (ETHER_IS_MULTICAST(eh
->ether_dhost
)) {
1123 /* Create a SKB for the BSS to send out. */
1124 skb1
= skb_copy(skb
, GFP_ATOMIC
);
1126 SKB_NI(skb1
) = ieee80211_ref_node(vap
->iv_bss
);
1129 /* Check if destination is associated with the
1130 * same VAP and authorized to receive traffic.
1131 * Beware of traffic destined for the VAP itself;
1132 * sending it will not work; just let it be
1133 * delivered normally. */
1134 struct ieee80211_node
*ni1
= ieee80211_find_node(
1135 &vap
->iv_ic
->ic_sta
, eh
->ether_dhost
);
1137 if ((ni1
->ni_vap
== vap
) &&
1138 (ni1
!= vap
->iv_bss
) &&
1139 ieee80211_node_is_authorized(ni1
)) {
1143 /* XXX: statistic? */
1144 ieee80211_unref_node(&ni1
);
1149 skb_reset_mac_header(skb1
);
1150 skb_set_network_header(skb1
, sizeof(struct ether_header
));
1152 skb1
->protocol
= __constant_htons(ETH_P_802_2
);
1154 /* This SKB is being emitted to the physical/parent
1155 * device, which maintains node references. However,
1156 * there is kernel code in between which does not.
1157 * Therefore, the ref. is cleaned if the SKB is
1160 /* XXX: Insert vlan tag before queuing it? */
1161 if (dev_queue_xmit(skb1
) == NET_XMIT_DROP
) {
1162 vap
->iv_devstats
.tx_dropped
++;
1164 ieee80211_unref_node(&tni
);
1166 /* SKB is no longer ours, either way after dev_queue_xmit. */
1172 vap
->iv_devstats
.rx_packets
++;
1173 vap
->iv_devstats
.rx_bytes
+= skb
->len
;
1174 dev
->last_rx
= jiffies
;
1177 #ifdef USE_HEADERLEN_RESV
1178 skb
->protocol
= ath_eth_type_trans(skb
, dev
);
1180 skb
->protocol
= eth_type_trans(skb
, dev
);
1183 if ((ni
->ni_vlan
!= 0) && (vap
->iv_vlgrp
!= NULL
))
1184 /* Attach VLAN tag. */
1185 ret
= vlan_hwaccel_rx(skb
,
1186 vap
->iv_vlgrp
, ni
->ni_vlan
);
1188 ret
= netif_rx(skb
);
1189 if (ret
== NET_RX_DROP
)
1190 vap
->iv_devstats
.rx_dropped
++;
1192 ieee80211_unref_node(&tni
);
1193 skb
= NULL
; /* SKB is no longer ours */
1197 /* This function removes the 802.11 header, including LLC/SNAP headers and
1198 * replaces it with an Ethernet II header. */
1199 static struct sk_buff
*
1200 ieee80211_decap(struct ieee80211vap
*vap
, struct sk_buff
*skb
, int hdrlen
)
1202 const struct llc snap_hdr
= {.llc_dsap
= LLC_SNAP_LSAP
,
1203 .llc_ssap
= LLC_SNAP_LSAP
,
1204 .llc_snap
.control
= LLC_UI
,
1205 .llc_snap
.org_code
= {0x0, 0x0, 0x0}};
1206 struct ieee80211_qosframe_addr4 wh
; /* Max size address frames */
1207 struct ether_header
*eh
;
1209 __be16 ether_type
= 0;
1211 memcpy(&wh
, skb
->data
, hdrlen
); /* Make a copy of the variably sized .11 header */
1213 llc
= (struct llc
*)skb_pull(skb
, hdrlen
);
1214 /* XXX: For some unknown reason some APs think they are from DEC and
1215 * use an OUI of 00-00-f8. This should be killed as soon as sanity is
1217 if ((skb
->len
>= LLC_SNAPFRAMELEN
) && (memcmp(&snap_hdr
, llc
, 5) == 0) &&
1218 ((llc
->llc_snap
.org_code
[2] == 0x0) ||
1219 (llc
->llc_snap
.org_code
[2] == 0xf8))) {
1220 ether_type
= llc
->llc_un
.type_snap
.ether_type
;
1221 skb_pull(skb
, LLC_SNAPFRAMELEN
);
1225 eh
= (struct ether_header
*)skb_push(skb
, sizeof(struct ether_header
));
1226 switch (wh
.i_fc
[1] & IEEE80211_FC1_DIR_MASK
) {
1227 case IEEE80211_FC1_DIR_NODS
:
1228 IEEE80211_ADDR_COPY(eh
->ether_dhost
, wh
.i_addr1
);
1229 IEEE80211_ADDR_COPY(eh
->ether_shost
, wh
.i_addr2
);
1231 case IEEE80211_FC1_DIR_TODS
:
1232 IEEE80211_ADDR_COPY(eh
->ether_dhost
, wh
.i_addr3
);
1233 IEEE80211_ADDR_COPY(eh
->ether_shost
, wh
.i_addr2
);
1235 case IEEE80211_FC1_DIR_FROMDS
:
1236 IEEE80211_ADDR_COPY(eh
->ether_dhost
, wh
.i_addr1
);
1237 IEEE80211_ADDR_COPY(eh
->ether_shost
, wh
.i_addr3
);
1239 case IEEE80211_FC1_DIR_DSTODS
:
1240 IEEE80211_ADDR_COPY(eh
->ether_dhost
, wh
.i_addr3
);
1241 IEEE80211_ADDR_COPY(eh
->ether_shost
, wh
.i_addr4
);
1246 eh
->ether_type
= htons(skb
->len
- sizeof(*eh
));
1248 eh
->ether_type
= ether_type
;
1254 * Install received rate set information in the node's state block.
1257 ieee80211_setup_rates(struct ieee80211_node
*ni
,
1258 const u_int8_t
*rates
, const u_int8_t
*xrates
, int flags
)
1260 struct ieee80211_rateset
*rs
= &ni
->ni_rates
;
1262 memset(rs
, 0, sizeof(*rs
));
1263 rs
->rs_nrates
= rates
[1];
1264 memcpy(rs
->rs_rates
, rates
+ 2, rs
->rs_nrates
);
1265 if (xrates
!= NULL
) {
1268 * Tack on 11g extended supported rate element.
1270 nxrates
= xrates
[1];
1271 if (rs
->rs_nrates
+ nxrates
> IEEE80211_RATE_MAXSIZE
) {
1272 struct ieee80211vap
*vap
= ni
->ni_vap
;
1274 nxrates
= IEEE80211_RATE_MAXSIZE
- rs
->rs_nrates
;
1275 IEEE80211_NOTE(vap
, IEEE80211_MSG_XRATE
, ni
,
1276 "extended rate set too large;"
1277 " only using %u of %u rates",
1278 nxrates
, xrates
[1]);
1279 vap
->iv_stats
.is_rx_rstoobig
++;
1281 memcpy(rs
->rs_rates
+ rs
->rs_nrates
, xrates
+2, nxrates
);
1282 rs
->rs_nrates
+= nxrates
;
1284 return ieee80211_fix_rate(ni
, flags
);
1288 ieee80211_auth_open(struct ieee80211_node
*ni
, struct ieee80211_frame
*wh
,
1289 int rssi
, u_int64_t rtsf
, u_int16_t seq
, u_int16_t status
)
1291 struct ieee80211vap
*vap
= ni
->ni_vap
;
1292 unsigned int tmpnode
= 0;
1294 if (ni
->ni_authmode
== IEEE80211_AUTH_SHARED
) {
1295 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1296 ni
->ni_macaddr
, "open auth",
1297 "bad sta auth mode %u", ni
->ni_authmode
);
1298 vap
->iv_stats
.is_rx_bad_auth
++; /* XXX maybe a unique error? */
1299 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
) {
1300 if (ni
== vap
->iv_bss
) {
1301 ni
= ieee80211_dup_bss(vap
, wh
->i_addr2
, 0);
1306 IEEE80211_SEND_MGMT(ni
, IEEE80211_FC0_SUBTYPE_AUTH
,
1307 (seq
+ 1) | (IEEE80211_STATUS_ALG
<< 16));
1310 ieee80211_unref_node(&ni
);
1314 switch (vap
->iv_opmode
) {
1315 case IEEE80211_M_IBSS
:
1316 if (vap
->iv_state
!= IEEE80211_S_RUN
||
1317 seq
!= IEEE80211_AUTH_OPEN_REQUEST
) {
1318 vap
->iv_stats
.is_rx_bad_auth
++;
1321 ieee80211_new_state(vap
, IEEE80211_S_AUTH
,
1322 wh
->i_fc
[0] & IEEE80211_FC0_SUBTYPE_MASK
);
1325 case IEEE80211_M_AHDEMO
:
1326 case IEEE80211_M_WDS
:
1327 /* should not come here */
1330 case IEEE80211_M_HOSTAP
:
1331 if (vap
->iv_state
!= IEEE80211_S_RUN
||
1332 seq
!= IEEE80211_AUTH_OPEN_REQUEST
) {
1333 vap
->iv_stats
.is_rx_bad_auth
++;
1336 /* always accept open authentication requests */
1337 if (ni
== vap
->iv_bss
) {
1338 ni
= ieee80211_dup_bss(vap
, wh
->i_addr2
, 0);
1344 IEEE80211_SEND_MGMT(ni
, IEEE80211_FC0_SUBTYPE_AUTH
, seq
+ 1);
1345 IEEE80211_NOTE(vap
, IEEE80211_MSG_DEBUG
| IEEE80211_MSG_AUTH
,
1346 ni
, "station authenticated (%s)", "open");
1348 * When 802.1x is not in use mark the port
1349 * authorized at this point so traffic can flow.
1351 if (ni
->ni_authmode
!= IEEE80211_AUTH_8021X
)
1352 ieee80211_node_authorize(ni
);
1354 ieee80211_unref_node(&ni
);
1357 case IEEE80211_M_STA
:
1358 if (vap
->iv_state
!= IEEE80211_S_AUTH
||
1359 seq
!= IEEE80211_AUTH_OPEN_RESPONSE
) {
1360 vap
->iv_stats
.is_rx_bad_auth
++;
1365 IEEE80211_MSG_DEBUG
| IEEE80211_MSG_AUTH
, ni
,
1366 "open auth failed (reason %d)", status
);
1367 vap
->iv_stats
.is_rx_auth_fail
++;
1368 ieee80211_new_state(vap
, IEEE80211_S_SCAN
,
1369 IEEE80211_SCAN_FAIL_STATUS
);
1371 ieee80211_new_state(vap
, IEEE80211_S_ASSOC
, 0);
1373 case IEEE80211_M_MONITOR
:
1379 * Send a management frame error response to the specified
1380 * station. If ni is associated with the station then use
1381 * it; otherwise allocate a temporary node suitable for
1382 * transmitting the frame and then free the reference so
1383 * it will go away as soon as the frame has been transmitted.
1386 ieee80211_send_error(struct ieee80211_node
*ni
,
1387 const u_int8_t
*mac
, int subtype
, int arg
)
1389 struct ieee80211vap
*vap
= ni
->ni_vap
;
1392 if (ni
== vap
->iv_bss
) {
1393 ni
= ieee80211_dup_bss(vap
, mac
, 1);
1401 IEEE80211_SEND_MGMT(ni
, subtype
, arg
);
1403 ieee80211_unref_node(&ni
);
1407 alloc_challenge(struct ieee80211_node
*ni
)
1409 if (ni
->ni_challenge
== NULL
)
1410 MALLOC(ni
->ni_challenge
, u_int32_t
*, IEEE80211_CHALLENGE_LEN
,
1411 M_DEVBUF
, M_NOWAIT
);
1412 if (ni
->ni_challenge
== NULL
) {
1413 IEEE80211_NOTE(ni
->ni_vap
,
1414 IEEE80211_MSG_DEBUG
| IEEE80211_MSG_AUTH
, ni
,
1415 "%s", "shared key challenge alloc failed");
1418 return (ni
->ni_challenge
!= NULL
);
1421 /* XXX TODO: add statistics */
1423 ieee80211_auth_shared(struct ieee80211_node
*ni
, struct ieee80211_frame
*wh
,
1424 u_int8_t
*frm
, u_int8_t
*efrm
, int rssi
, u_int64_t rtsf
,
1425 u_int16_t seq
, u_int16_t status
)
1427 struct ieee80211vap
*vap
= ni
->ni_vap
;
1428 u_int8_t
*challenge
;
1429 int allocbs
= 0, estatus
= 0;
1432 * NB: this can happen as we allow pre-shared key
1433 * authentication to be enabled w/o wep being turned
1434 * on so that configuration of these can be done
1435 * in any order. It may be better to enforce the
1436 * ordering in which case this check would just be
1437 * for sanity/consistency.
1439 if ((vap
->iv_flags
& IEEE80211_F_PRIVACY
) == 0) {
1440 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1441 ni
->ni_macaddr
, "shared key auth",
1442 "%s", " PRIVACY is disabled");
1443 estatus
= IEEE80211_STATUS_ALG
;
1447 * Pre-shared key authentication is evil; accept
1448 * it only if explicitly configured (it is supported
1449 * mainly for compatibility with clients like OS X).
1451 if (ni
->ni_authmode
!= IEEE80211_AUTH_AUTO
&&
1452 ni
->ni_authmode
!= IEEE80211_AUTH_SHARED
) {
1453 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1454 ni
->ni_macaddr
, "shared key auth",
1455 "bad sta auth mode %u", ni
->ni_authmode
);
1456 vap
->iv_stats
.is_rx_bad_auth
++; /* XXX maybe a unique error? */
1457 estatus
= IEEE80211_STATUS_ALG
;
1462 if (frm
+ 1 < efrm
) {
1463 if ((frm
[1] + 2) > (efrm
- frm
)) {
1464 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1465 ni
->ni_macaddr
, "shared key auth",
1466 "ie %d/%d too long",
1467 frm
[0], (frm
[1] + 2) - (efrm
- frm
));
1468 vap
->iv_stats
.is_rx_bad_auth
++;
1469 estatus
= IEEE80211_STATUS_CHALLENGE
;
1472 if (*frm
== IEEE80211_ELEMID_CHALLENGE
)
1477 case IEEE80211_AUTH_SHARED_CHALLENGE
:
1478 case IEEE80211_AUTH_SHARED_RESPONSE
:
1479 if (challenge
== NULL
) {
1480 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1481 ni
->ni_macaddr
, "shared key auth",
1482 "%s", "no challenge");
1483 vap
->iv_stats
.is_rx_bad_auth
++;
1484 estatus
= IEEE80211_STATUS_CHALLENGE
;
1487 if (challenge
[1] != IEEE80211_CHALLENGE_LEN
) {
1488 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1489 ni
->ni_macaddr
, "shared key auth",
1490 "bad challenge len %d", challenge
[1]);
1491 vap
->iv_stats
.is_rx_bad_auth
++;
1492 estatus
= IEEE80211_STATUS_CHALLENGE
;
1498 switch (vap
->iv_opmode
) {
1499 case IEEE80211_M_MONITOR
:
1500 case IEEE80211_M_AHDEMO
:
1501 case IEEE80211_M_IBSS
:
1502 case IEEE80211_M_WDS
:
1503 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1504 ni
->ni_macaddr
, "shared key auth",
1505 "bad operating mode %u", vap
->iv_opmode
);
1507 case IEEE80211_M_HOSTAP
:
1508 if (vap
->iv_state
!= IEEE80211_S_RUN
) {
1509 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1510 ni
->ni_macaddr
, "shared key auth",
1511 "bad state %u", vap
->iv_state
);
1512 estatus
= IEEE80211_STATUS_ALG
; /* XXX */
1516 case IEEE80211_AUTH_SHARED_REQUEST
:
1517 if (ni
== vap
->iv_bss
) {
1518 ni
= ieee80211_dup_bss(vap
, wh
->i_addr2
, 0);
1520 /* NB: no way to return an error */
1528 ni
->ni_last_rx
= jiffies
;
1529 if (!alloc_challenge(ni
)) {
1531 ieee80211_unref_node(&ni
);
1532 /* NB: don't return error so they rexmit */
1535 get_random_bytes(ni
->ni_challenge
,
1536 IEEE80211_CHALLENGE_LEN
);
1538 IEEE80211_MSG_DEBUG
| IEEE80211_MSG_AUTH
, ni
,
1539 "shared key %sauth request", allocbs
? "" : "re");
1541 case IEEE80211_AUTH_SHARED_RESPONSE
:
1542 if (ni
== vap
->iv_bss
) {
1543 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1544 ni
->ni_macaddr
, "shared key response",
1545 "%s", "unknown station");
1546 /* NB: don't send a response */
1549 if (ni
->ni_challenge
== NULL
) {
1550 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1551 ni
->ni_macaddr
, "shared key response",
1552 "%s", "no challenge recorded");
1553 vap
->iv_stats
.is_rx_bad_auth
++;
1554 estatus
= IEEE80211_STATUS_CHALLENGE
;
1557 if (memcmp(ni
->ni_challenge
, &challenge
[2],
1558 challenge
[1]) != 0) {
1559 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1560 ni
->ni_macaddr
, "shared key response",
1561 "%s", "challenge mismatch");
1562 vap
->iv_stats
.is_rx_auth_fail
++;
1563 estatus
= IEEE80211_STATUS_CHALLENGE
;
1567 IEEE80211_MSG_DEBUG
| IEEE80211_MSG_AUTH
, ni
,
1568 "station authenticated (%s)", "shared key");
1569 ieee80211_node_authorize(ni
);
1572 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_AUTH
,
1573 ni
->ni_macaddr
, "shared key auth",
1575 vap
->iv_stats
.is_rx_bad_auth
++;
1576 estatus
= IEEE80211_STATUS_SEQUENCE
;
1579 IEEE80211_SEND_MGMT(ni
, IEEE80211_FC0_SUBTYPE_AUTH
, seq
+ 1);
1582 case IEEE80211_M_STA
:
1583 if (vap
->iv_state
!= IEEE80211_S_AUTH
)
1586 case IEEE80211_AUTH_SHARED_PASS
:
1587 if (ni
->ni_challenge
!= NULL
) {
1588 FREE(ni
->ni_challenge
, M_DEVBUF
);
1589 ni
->ni_challenge
= NULL
;
1592 IEEE80211_NOTE_MAC(vap
,
1593 IEEE80211_MSG_DEBUG
| IEEE80211_MSG_AUTH
,
1594 ieee80211_getbssid(vap
, wh
),
1595 "shared key auth failed (reason %d)",
1597 vap
->iv_stats
.is_rx_auth_fail
++;
1598 /* XXX IEEE80211_SCAN_FAIL_STATUS */
1601 ieee80211_new_state(vap
, IEEE80211_S_ASSOC
, 0);
1603 case IEEE80211_AUTH_SHARED_CHALLENGE
:
1604 if (!alloc_challenge(ni
))
1606 /* XXX could optimize by passing recvd challenge */
1607 memcpy(ni
->ni_challenge
, &challenge
[2], challenge
[1]);
1608 IEEE80211_SEND_MGMT(ni
,
1609 IEEE80211_FC0_SUBTYPE_AUTH
, seq
+ 1);
1612 IEEE80211_DISCARD(vap
, IEEE80211_MSG_AUTH
,
1613 wh
, "shared key auth", "bad seq %d", seq
);
1614 vap
->iv_stats
.is_rx_bad_auth
++;
1620 ieee80211_unref_node(&ni
);
1623 /* Send an error response; but only when operating as an AP. */
1624 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
) {
1625 /* XXX hack to workaround calling convention */
1626 ieee80211_send_error(ni
, wh
->i_addr2
,
1627 IEEE80211_FC0_SUBTYPE_AUTH
,
1628 (seq
+ 1) | (estatus
<<16));
1629 /* Remove node state if it exists and isn't just a
1630 * temporary copy of the bss (dereferenced later) */
1631 if (!allocbs
&& (ni
!= vap
->iv_bss
))
1632 ieee80211_node_leave(ni
);
1633 } else if (vap
->iv_opmode
== IEEE80211_M_STA
) {
1635 * Kick the state machine. This short-circuits
1636 * using the mgt frame timeout to trigger the
1639 if (vap
->iv_state
== IEEE80211_S_AUTH
)
1640 ieee80211_new_state(vap
, IEEE80211_S_SCAN
, 0);
1643 ieee80211_unref_node(&ni
);
1646 /* Verify the existence and length of __elem or get out. */
1647 #define IEEE80211_VERIFY_ELEMENT(__elem, __maxlen) do { \
1648 if ((__elem) == NULL) { \
1649 IEEE80211_DISCARD(vap, IEEE80211_MSG_ELEMID, \
1650 wh, ieee80211_mgt_subtype_name[subtype >> \
1651 IEEE80211_FC0_SUBTYPE_SHIFT], \
1652 "%s", "no " #__elem); \
1653 vap->iv_stats.is_rx_elem_missing++; \
1656 if ((__elem)[1] > (__maxlen)) { \
1657 IEEE80211_DISCARD(vap, IEEE80211_MSG_ELEMID, \
1658 wh, ieee80211_mgt_subtype_name[subtype >> \
1659 IEEE80211_FC0_SUBTYPE_SHIFT], \
1660 "bad " #__elem " len %d", (__elem)[1]); \
1661 vap->iv_stats.is_rx_elem_toobig++; \
1666 #define IEEE80211_VERIFY_LENGTH(_len, _minlen) do { \
1667 if ((_len) < (_minlen)) { \
1668 IEEE80211_DISCARD(vap, IEEE80211_MSG_ELEMID, \
1669 wh, ieee80211_mgt_subtype_name[subtype >> \
1670 IEEE80211_FC0_SUBTYPE_SHIFT], \
1671 "%s", "ie too short"); \
1672 vap->iv_stats.is_rx_elem_toosmall++; \
1677 #ifdef IEEE80211_DEBUG
1679 ieee80211_ssid_mismatch(struct ieee80211vap
*vap
, const char *tag
,
1680 u_int8_t mac
[IEEE80211_ADDR_LEN
], u_int8_t
*ssid
)
1682 printk("[" MAC_FMT
"] discard %s frame, ssid mismatch: ",
1683 MAC_ADDR(mac
), tag
);
1684 ieee80211_print_essid(ssid
+ 2, ssid
[1]);
1688 #define IEEE80211_VERIFY_SSID(_ni, _ssid) do { \
1689 if ((_ssid)[1] != 0 && \
1690 ((_ssid)[1] != (_ni)->ni_esslen || \
1691 memcmp((_ssid) + 2, (_ni)->ni_essid, (_ssid)[1]) != 0)) { \
1692 if (ieee80211_msg_input(vap)) \
1693 ieee80211_ssid_mismatch(vap, \
1694 ieee80211_mgt_subtype_name[subtype >> \
1695 IEEE80211_FC0_SUBTYPE_SHIFT], \
1696 wh->i_addr2, _ssid); \
1697 vap->iv_stats.is_rx_ssidmismatch++; \
1701 #else /* !IEEE80211_DEBUG */
1702 #define IEEE80211_VERIFY_SSID(_ni, _ssid) do { \
1703 if ((_ssid)[1] != 0 && \
1704 ((_ssid)[1] != (_ni)->ni_esslen || \
1705 memcmp((_ssid) + 2, (_ni)->ni_essid, (_ssid)[1]) != 0)) { \
1706 vap->iv_stats.is_rx_ssidmismatch++; \
1710 #endif /* !IEEE80211_DEBUG */
1712 /* unaligned little endian access */
1713 #define LE_READ_2(p) \
1715 ((((const u_int8_t *)(p))[0] ) | \
1716 (((const u_int8_t *)(p))[1] << 8)))
1717 #define LE_READ_4(p) \
1719 ((((const u_int8_t *)(p))[0] ) | \
1720 (((const u_int8_t *)(p))[1] << 8) | \
1721 (((const u_int8_t *)(p))[2] << 16) | \
1722 (((const u_int8_t *)(p))[3] << 24)))
1725 iswpaoui(const u_int8_t
*frm
)
1727 return frm
[1] > 3 && LE_READ_4(frm
+2) == ((WPA_OUI_TYPE
<<24)|WPA_OUI
);
1731 iswmeoui(const u_int8_t
*frm
)
1733 return frm
[1] > 3 && LE_READ_4(frm
+2) == ((WME_OUI_TYPE
<<24)|WME_OUI
);
1737 iswmeparam(const u_int8_t
*frm
)
1739 return frm
[1] > 5 && LE_READ_4(frm
+2) == ((WME_OUI_TYPE
<<24)|WME_OUI
) &&
1740 frm
[6] == WME_PARAM_OUI_SUBTYPE
;
1744 iswmeinfo(const u_int8_t
*frm
)
1746 return frm
[1] > 5 && LE_READ_4(frm
+2) == ((WME_OUI_TYPE
<<24)|WME_OUI
) &&
1747 frm
[6] == WME_INFO_OUI_SUBTYPE
;
1751 isatherosoui(const u_int8_t
*frm
)
1753 return frm
[1] > 3 && LE_READ_4(frm
+2) == ((ATH_OUI_TYPE
<<24)|ATH_OUI
);
1757 * Convert a WPA cipher selector OUI to an internal
1758 * cipher algorithm. Where appropriate we also
1759 * record any key length.
1762 wpa_cipher(u_int8_t
*sel
, u_int8_t
*keylen
)
1764 #define WPA_SEL(x) (((x) << 24) | WPA_OUI)
1765 u_int32_t w
= LE_READ_4(sel
);
1768 case WPA_SEL(WPA_CSE_NULL
):
1769 return IEEE80211_CIPHER_NONE
;
1770 case WPA_SEL(WPA_CSE_WEP40
):
1772 *keylen
= 40 / NBBY
;
1773 return IEEE80211_CIPHER_WEP
;
1774 case WPA_SEL(WPA_CSE_WEP104
):
1776 *keylen
= 104 / NBBY
;
1777 return IEEE80211_CIPHER_WEP
;
1778 case WPA_SEL(WPA_CSE_TKIP
):
1779 return IEEE80211_CIPHER_TKIP
;
1780 case WPA_SEL(WPA_CSE_CCMP
):
1781 return IEEE80211_CIPHER_AES_CCM
;
1783 return 32; /* NB: so 1<< is discarded */
1788 * Convert a WPA key management/authentication algorithm
1789 * to an internal code.
1792 wpa_keymgmt(u_int8_t
*sel
)
1794 #define WPA_SEL(x) (((x)<<24)|WPA_OUI)
1795 u_int32_t w
= LE_READ_4(sel
);
1798 case WPA_SEL(WPA_ASE_8021X_UNSPEC
):
1799 return WPA_ASE_8021X_UNSPEC
;
1800 case WPA_SEL(WPA_ASE_8021X_PSK
):
1801 return WPA_ASE_8021X_PSK
;
1802 case WPA_SEL(WPA_ASE_NONE
):
1803 return WPA_ASE_NONE
;
1805 return 0; /* NB: so is discarded */
1810 * Parse a WPA information element to collect parameters
1811 * and validate the parameters against what has been
1812 * configured for the system.
1815 ieee80211_parse_wpa(struct ieee80211vap
*vap
, u_int8_t
*frm
,
1816 struct ieee80211_rsnparms
*rsn_parm
, const struct ieee80211_frame
*wh
)
1818 u_int8_t len
= frm
[1];
1823 * Check the length once for fixed parts: OUI, type,
1824 * version, mcast cipher, and 2 selector counts.
1825 * Other, variable-length data, must be checked separately.
1827 if (!(vap
->iv_flags
& IEEE80211_F_WPA1
)) {
1828 IEEE80211_DISCARD_IE(vap
,
1829 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
1830 wh
, "WPA", "vap not WPA, flags 0x%x", vap
->iv_flags
);
1831 return IEEE80211_REASON_IE_INVALID
;
1835 IEEE80211_DISCARD_IE(vap
,
1836 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
1837 wh
, "WPA", "too short, len %u", len
);
1838 return IEEE80211_REASON_IE_INVALID
;
1840 frm
+= 6, len
-= 4; /* NB: len is payload only */
1841 /* NB: iswapoui already validated the OUI and type */
1843 if (w
!= WPA_VERSION
) {
1844 IEEE80211_DISCARD_IE(vap
,
1845 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
1846 wh
, "WPA", "bad version %u", w
);
1847 return IEEE80211_REASON_IE_INVALID
;
1852 /* multicast/group cipher */
1853 w
= wpa_cipher(frm
, &rsn_parm
->rsn_mcastkeylen
);
1854 if (w
!= rsn_parm
->rsn_mcastcipher
) {
1855 IEEE80211_DISCARD_IE(vap
,
1856 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
1857 wh
, "WPA", "mcast cipher mismatch; got %u, expected %u",
1858 w
, rsn_parm
->rsn_mcastcipher
);
1859 return IEEE80211_REASON_IE_INVALID
;
1864 /* unicast ciphers */
1869 IEEE80211_DISCARD_IE(vap
,
1870 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
1871 wh
, "WPA", "ucast cipher data too short; len %u, n %u",
1873 return IEEE80211_REASON_IE_INVALID
;
1876 for (; n
> 0; n
--) {
1877 w
|= 1 << wpa_cipher(frm
, &rsn_parm
->rsn_ucastkeylen
);
1881 w
&= rsn_parm
->rsn_ucastcipherset
;
1883 IEEE80211_DISCARD_IE(vap
,
1884 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
1885 wh
, "WPA", "%s", "ucast cipher set empty");
1886 return IEEE80211_REASON_IE_INVALID
;
1888 if (w
& (1 << IEEE80211_CIPHER_TKIP
))
1889 rsn_parm
->rsn_ucastcipher
= IEEE80211_CIPHER_TKIP
;
1891 rsn_parm
->rsn_ucastcipher
= IEEE80211_CIPHER_AES_CCM
;
1893 /* key management algorithms */
1898 IEEE80211_DISCARD_IE(vap
,
1899 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
1900 wh
, "WPA", "key mgmt alg data too short; len %u, n %u",
1902 return IEEE80211_REASON_IE_INVALID
;
1905 for (; n
> 0; n
--) {
1906 w
|= wpa_keymgmt(frm
);
1910 w
&= rsn_parm
->rsn_keymgmtset
;
1912 IEEE80211_DISCARD_IE(vap
,
1913 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
1914 wh
, "WPA", "%s", "no acceptable key mgmt alg");
1915 return IEEE80211_REASON_IE_INVALID
;
1917 if (w
& WPA_ASE_8021X_UNSPEC
)
1918 rsn_parm
->rsn_keymgmt
= WPA_ASE_8021X_UNSPEC
;
1920 rsn_parm
->rsn_keymgmt
= WPA_ASE_8021X_PSK
;
1922 if (len
> 2) /* optional capabilities */
1923 rsn_parm
->rsn_caps
= LE_READ_2(frm
);
1929 * Convert an RSN cipher selector OUI to an internal
1930 * cipher algorithm. Where appropriate we also
1931 * record any key length.
1934 rsn_cipher(u_int8_t
*sel
, u_int8_t
*keylen
)
1936 #define RSN_SEL(x) (((x) << 24) | RSN_OUI)
1937 u_int32_t w
= LE_READ_4(sel
);
1940 case RSN_SEL(RSN_CSE_NULL
):
1941 return IEEE80211_CIPHER_NONE
;
1942 case RSN_SEL(RSN_CSE_WEP40
):
1944 *keylen
= 40 / NBBY
;
1945 return IEEE80211_CIPHER_WEP
;
1946 case RSN_SEL(RSN_CSE_WEP104
):
1948 *keylen
= 104 / NBBY
;
1949 return IEEE80211_CIPHER_WEP
;
1950 case RSN_SEL(RSN_CSE_TKIP
):
1951 return IEEE80211_CIPHER_TKIP
;
1952 case RSN_SEL(RSN_CSE_CCMP
):
1953 return IEEE80211_CIPHER_AES_CCM
;
1954 case RSN_SEL(RSN_CSE_WRAP
):
1955 return IEEE80211_CIPHER_AES_OCB
;
1957 return 32; /* NB: so 1<< is discarded */
1962 * Convert an RSN key management/authentication algorithm
1963 * to an internal code.
1966 rsn_keymgmt(u_int8_t
*sel
)
1968 #define RSN_SEL(x) (((x) << 24) | RSN_OUI)
1969 u_int32_t w
= LE_READ_4(sel
);
1972 case RSN_SEL(RSN_ASE_8021X_UNSPEC
):
1973 return RSN_ASE_8021X_UNSPEC
;
1974 case RSN_SEL(RSN_ASE_8021X_PSK
):
1975 return RSN_ASE_8021X_PSK
;
1976 case RSN_SEL(RSN_ASE_NONE
):
1977 return RSN_ASE_NONE
;
1979 return 0; /* NB: so is discarded */
1984 * Parse a WPA/RSN information element to collect parameters
1985 * and validate the parameters against what has been
1986 * configured for the system.
1989 ieee80211_parse_rsn(struct ieee80211vap
*vap
, u_int8_t
*frm
,
1990 struct ieee80211_rsnparms
*rsn_parm
, const struct ieee80211_frame
*wh
)
1992 u_int8_t len
= frm
[1];
1997 * Check the length once for fixed parts:
1998 * version, mcast cipher, and 2 selector counts.
1999 * Other, variable-length data, must be checked separately.
2001 if (!(vap
->iv_flags
& IEEE80211_F_WPA2
)) {
2002 IEEE80211_DISCARD_IE(vap
,
2003 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
2004 wh
, "RSN", "vap not RSN, flags 0x%x", vap
->iv_flags
);
2005 return IEEE80211_REASON_IE_INVALID
;
2009 IEEE80211_DISCARD_IE(vap
,
2010 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
2011 wh
, "RSN", "too short, len %u", len
);
2012 return IEEE80211_REASON_IE_INVALID
;
2016 if (w
!= RSN_VERSION
) {
2017 IEEE80211_DISCARD_IE(vap
,
2018 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
2019 wh
, "RSN", "bad version %u", w
);
2020 return IEEE80211_REASON_IE_INVALID
;
2025 /* multicast/group cipher */
2026 w
= rsn_cipher(frm
, &rsn_parm
->rsn_mcastkeylen
);
2027 if (w
!= rsn_parm
->rsn_mcastcipher
) {
2028 IEEE80211_DISCARD_IE(vap
,
2029 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
2030 wh
, "RSN", "mcast cipher mismatch; got %u, expected %u",
2031 w
, rsn_parm
->rsn_mcastcipher
);
2032 return IEEE80211_REASON_IE_INVALID
;
2037 /* unicast ciphers */
2041 if (len
< n
* 4 + 2) {
2042 IEEE80211_DISCARD_IE(vap
,
2043 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
2044 wh
, "RSN", "ucast cipher data too short; len %u, n %u",
2046 return IEEE80211_REASON_IE_INVALID
;
2049 for (; n
> 0; n
--) {
2050 w
|= 1 << rsn_cipher(frm
, &rsn_parm
->rsn_ucastkeylen
);
2054 w
&= rsn_parm
->rsn_ucastcipherset
;
2056 IEEE80211_DISCARD_IE(vap
,
2057 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
2058 wh
, "RSN", "%s", "ucast cipher set empty");
2059 return IEEE80211_REASON_IE_INVALID
;
2061 if (w
& (1<<IEEE80211_CIPHER_TKIP
))
2062 rsn_parm
->rsn_ucastcipher
= IEEE80211_CIPHER_TKIP
;
2064 rsn_parm
->rsn_ucastcipher
= IEEE80211_CIPHER_AES_CCM
;
2066 /* key management algorithms */
2071 IEEE80211_DISCARD_IE(vap
,
2072 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
2073 wh
, "RSN", "key mgmt alg data too short; len %u, n %u",
2075 return IEEE80211_REASON_IE_INVALID
;
2078 for (; n
> 0; n
--) {
2079 w
|= rsn_keymgmt(frm
);
2083 w
&= rsn_parm
->rsn_keymgmtset
;
2085 IEEE80211_DISCARD_IE(vap
,
2086 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WPA
,
2087 wh
, "RSN", "%s", "no acceptable key mgmt alg");
2088 return IEEE80211_REASON_IE_INVALID
;
2090 if (w
& RSN_ASE_8021X_UNSPEC
)
2091 rsn_parm
->rsn_keymgmt
= RSN_ASE_8021X_UNSPEC
;
2093 rsn_parm
->rsn_keymgmt
= RSN_ASE_8021X_PSK
;
2095 /* optional RSN capabilities */
2097 rsn_parm
->rsn_caps
= LE_READ_2(frm
);
2103 /* Record information element for later use. */
2105 ieee80211_saveie(u_int8_t
**iep
, const u_int8_t
*ie
)
2107 if ((*iep
== NULL
) || (ie
== NULL
) || ((*iep
)[1] != ie
[1])) {
2109 FREE(*iep
, M_DEVBUF
);
2112 MALLOC(*iep
, void*, ie
[1] + 2, M_DEVBUF
, M_NOWAIT
);
2114 if ((*iep
!= NULL
) && (ie
!= NULL
))
2115 memcpy(*iep
, ie
, ie
[1] + 2);
2117 EXPORT_SYMBOL(ieee80211_saveie
);
2120 ieee80211_parse_wmeie(u_int8_t
*frm
, const struct ieee80211_frame
*wh
,
2121 struct ieee80211_node
*ni
)
2126 IEEE80211_DISCARD_IE(ni
->ni_vap
,
2127 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WME
,
2128 wh
, "WME IE", "too short, len %u", len
);
2131 ni
->ni_uapsd
= frm
[WME_CAPINFO_IE_OFFSET
];
2133 ni
->ni_flags
|= IEEE80211_NODE_UAPSD
;
2134 switch (WME_UAPSD_MAXSP(ni
->ni_uapsd
)) {
2136 ni
->ni_uapsd_maxsp
= 2; break;
2138 ni
->ni_uapsd_maxsp
= 4; break;
2140 ni
->ni_uapsd_maxsp
= 6; break;
2142 ni
->ni_uapsd_maxsp
= WME_UAPSD_NODE_MAXQDEPTH
;
2145 IEEE80211_NOTE(ni
->ni_vap
, IEEE80211_MSG_POWER
, ni
,
2146 "UAPSD bit settings from STA: %02x", ni
->ni_uapsd
);
2152 ieee80211_parse_wmeparams(struct ieee80211vap
*vap
, u_int8_t
*frm
,
2153 const struct ieee80211_frame
*wh
, u_int8_t
*qosinfo
)
2155 #define MS(_v, _f) (((_v) & _f) >> _f##_S)
2156 struct ieee80211_wme_state
*wme
= &vap
->iv_ic
->ic_wme
;
2157 u_int len
= frm
[1], qosinfo_count
;
2162 if (len
< sizeof(struct ieee80211_wme_param
)-2) {
2163 IEEE80211_DISCARD_IE(vap
,
2164 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_WME
,
2165 wh
, "WME", "too short, len %u", len
);
2168 *qosinfo
= frm
[__offsetof(struct ieee80211_wme_param
, param_qosInfo
)];
2169 qosinfo_count
= *qosinfo
& WME_QOSINFO_COUNT
;
2170 /* XXX do proper check for wraparound */
2171 if (qosinfo_count
== wme
->wme_wmeChanParams
.cap_info_count
)
2173 frm
+= __offsetof(struct ieee80211_wme_param
, params_acParams
);
2174 for (i
= 0; i
< WME_NUM_AC
; i
++) {
2175 struct wmeParams
*wmep
=
2176 &wme
->wme_wmeChanParams
.cap_wmeParams
[i
];
2177 /* NB: ACI not used */
2178 wmep
->wmep_acm
= MS(frm
[0], WME_PARAM_ACM
);
2179 wmep
->wmep_aifsn
= MS(frm
[0], WME_PARAM_AIFSN
);
2180 wmep
->wmep_logcwmin
= MS(frm
[1], WME_PARAM_LOGCWMIN
);
2181 wmep
->wmep_logcwmax
= MS(frm
[1], WME_PARAM_LOGCWMAX
);
2182 wmep
->wmep_txopLimit
= LE_READ_2(frm
+ 2);
2185 wme
->wme_wmeChanParams
.cap_info_count
= qosinfo_count
;
2191 ieee80211_parse_athParams(struct ieee80211_node
*ni
, u_int8_t
*ie
)
2193 #ifdef ATH_SUPERG_DYNTURBO
2194 struct ieee80211vap
*vap
= ni
->ni_vap
;
2195 struct ieee80211com
*ic
= ni
->ni_ic
;
2196 #endif /* ATH_SUPERG_DYNTURBO */
2197 struct ieee80211_ie_athAdvCap
*athIe
=
2198 (struct ieee80211_ie_athAdvCap
*)ie
;
2200 ni
->ni_ath_flags
= athIe
->athAdvCap_capability
;
2201 if (ni
->ni_ath_flags
& IEEE80211_ATHC_COMP
)
2202 ni
->ni_ath_defkeyindex
= LE_READ_2(&athIe
->athAdvCap_defKeyIndex
);
2205 IEEE80211_NOTE(vap
, IEEE80211_MSG_SUPG
, ni
,
2206 "recv ath params: caps 0x%x flags 0x%x defkeyix %u",
2207 athIe
->athAdvCap_capability
, ni
->ni_ath_flags
,
2208 ni
->ni_ath_defkeyindex
);
2210 #ifdef ATH_SUPERG_DYNTURBO
2211 if (IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_ATHC_TURBOP
)) {
2212 u_int16_t curflags
, newflags
;
2215 * Check for turbo mode switch. Calculate flags
2216 * for the new mode and effect the switch.
2218 newflags
= curflags
= ic
->ic_bsschan
->ic_flags
;
2219 /* NB: ATHC_BOOST is not in ic_ath_cap, so get it from the ie */
2220 if (athIe
->athAdvCap_capability
& IEEE80211_ATHC_BOOST
)
2221 newflags
|= IEEE80211_CHAN_TURBO
;
2223 newflags
&= ~IEEE80211_CHAN_TURBO
;
2224 if (newflags
!= curflags
)
2225 ieee80211_dturbo_switch(ic
, newflags
);
2227 #endif /* ATH_SUPERG_DYNTURBO */
2231 forward_mgmt_to_app(struct ieee80211vap
*vap
, int subtype
, struct sk_buff
*skb
,
2232 struct ieee80211_frame
*wh
)
2234 struct net_device
*dev
= vap
->iv_dev
;
2235 int filter_type
= 0;
2238 case IEEE80211_FC0_SUBTYPE_BEACON
:
2239 filter_type
= IEEE80211_FILTER_TYPE_BEACON
;
2241 case IEEE80211_FC0_SUBTYPE_PROBE_REQ
:
2242 filter_type
= IEEE80211_FILTER_TYPE_PROBE_REQ
;
2244 case IEEE80211_FC0_SUBTYPE_PROBE_RESP
:
2245 filter_type
= IEEE80211_FILTER_TYPE_PROBE_RESP
;
2247 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ
:
2248 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ
:
2249 filter_type
= IEEE80211_FILTER_TYPE_ASSOC_REQ
;
2251 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP
:
2252 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP
:
2253 filter_type
= IEEE80211_FILTER_TYPE_ASSOC_RESP
;
2255 case IEEE80211_FC0_SUBTYPE_AUTH
:
2256 filter_type
= IEEE80211_FILTER_TYPE_AUTH
;
2258 case IEEE80211_FC0_SUBTYPE_DEAUTH
:
2259 filter_type
= IEEE80211_FILTER_TYPE_DEAUTH
;
2261 case IEEE80211_FC0_SUBTYPE_DISASSOC
:
2262 filter_type
= IEEE80211_FILTER_TYPE_DISASSOC
;
2268 if (filter_type
&& ((vap
->app_filter
& filter_type
) == filter_type
)) {
2269 struct sk_buff
*skb1
;
2271 skb1
= skb_copy(skb
, GFP_ATOMIC
);
2274 /* We duplicate the reference after skb_copy */
2275 ieee80211_skb_copy_noderef(skb
, skb1
);
2277 skb_reset_mac_header(skb1
);
2279 skb1
->ip_summed
= CHECKSUM_NONE
;
2280 skb1
->pkt_type
= PACKET_OTHERHOST
;
2281 skb1
->protocol
= __constant_htons(0x0019); /* ETH_P_80211_RAW */
2283 vap
->iv_devstats
.rx_packets
++;
2284 vap
->iv_devstats
.rx_bytes
+= skb1
->len
;
2286 if (SKB_NI(skb1
) != NULL
)
2287 ieee80211_unref_node(&SKB_NI(skb1
));
2288 if (netif_rx(skb1
) == NET_RX_DROP
)
2289 vap
->iv_devstats
.rx_dropped
++;
2294 ieee80211_saveath(struct ieee80211_node
*ni
, u_int8_t
*ie
)
2296 const struct ieee80211_ie_athAdvCap
*athIe
=
2297 (const struct ieee80211_ie_athAdvCap
*)ie
;
2299 ieee80211_saveie(&ni
->ni_ath_ie
, ie
);
2300 if (athIe
!= NULL
) {
2301 ni
->ni_ath_flags
= athIe
->athAdvCap_capability
;
2302 if (ni
->ni_ath_flags
& IEEE80211_ATHC_COMP
)
2303 ni
->ni_ath_defkeyindex
= LE_READ_2(&athIe
->athAdvCap_defKeyIndex
);
2305 ni
->ni_ath_flags
= 0;
2306 ni
->ni_ath_defkeyindex
= IEEE80211_INVAL_DEFKEY
;
2311 * Structure to be passed through ieee80211_iterate_nodes() to count_nodes()
2313 struct count_nodes_arg
{
2317 struct ieee80211_node
*new;
2320 /* Count nodes which don't support at least one of arg->subset. */
2322 count_nodes(void *_arg
, struct ieee80211_node
*ni
)
2324 struct count_nodes_arg
*arg
= (struct count_nodes_arg
*)_arg
;
2327 if (ni
->ni_suppchans
== NULL
)
2333 for (i
= 0; i
< arg
->k
; i
++)
2334 if (isclr(ni
->ni_suppchans
, arg
->subset
[i
])) {
2340 /* Structure to be passed through combinations() to channel_combination() */
2341 struct channel_combination_arg
{
2342 struct ieee80211com
*ic
;
2343 struct ieee80211_node
*new;
2348 #ifdef IEEE80211_DEBUG
2349 /* sprintf() set[] array consisting of k integers */
2351 ints_sprintf(const int k
, const int set
[])
2353 static char buf
[915]; /* 0-255: 10*2 + 90*3 + 156*4 + '\0' */
2356 for (i
= 0; i
< k
; i
++)
2357 ptr
+= snprintf(ptr
, buf
+ sizeof(buf
) - ptr
, "%d ", set
[i
]);
2362 /* Action done for each combination of channels that are not supported by
2363 * currently joining station. */
2365 channel_combination(const int k
, const int subset
[], void *_arg
)
2367 struct channel_combination_arg
*arg
=
2368 (struct channel_combination_arg
*)_arg
;
2369 struct ieee80211com
*ic
= arg
->ic
;
2370 struct count_nodes_arg cn_arg
= { k
, subset
, 0, arg
->new };
2371 int permil
, allowed
;
2372 int sta_assoc
= ic
->ic_sta_assoc
; /* make > 0 check consistent
2373 * with / operation */
2375 ieee80211_iterate_nodes(&arg
->ic
->ic_sta
,
2376 &count_nodes
, (void*)&cn_arg
);
2378 /* The following two sanity checks can theoretically fail due to lack
2379 * of locking, but since it is not fatal, we will just print a debug
2380 * msg and neglect it */
2381 if (cn_arg
.count
== 0) {
2382 IEEE80211_NOTE(arg
->new->ni_vap
, IEEE80211_MSG_ANY
, arg
->new,
2383 "%s", "ic_chan_nodes incosistency (incorrect "
2384 "uncommon channel count)");
2387 if (sta_assoc
== 0) {
2388 IEEE80211_NOTE(arg
->new->ni_vap
, IEEE80211_MSG_ANY
, arg
->new,
2389 "%s", "no STAs associated, so there should be "
2390 "no \"uncommon\" channels");
2394 permil
= 1000 * cn_arg
.count
/ sta_assoc
;
2395 allowed
= ic
->ic_sc_slcg
* k
;
2396 /* clamp it to provide more sensible output */
2400 IEEE80211_NOTE(arg
->new->ni_vap
, IEEE80211_MSG_ASSOC
|IEEE80211_MSG_DOTH
,
2401 arg
->new, "Making channels %savailable would require "
2402 "kicking out %d stations,", ints_sprintf(k
, subset
),
2404 IEEE80211_NOTE(arg
->new->ni_vap
, IEEE80211_MSG_ASSOC
|IEEE80211_MSG_DOTH
,
2405 arg
->new, "what is %d permils of all associated STAs "
2406 "(slcg permits < %d).", permil
, allowed
);
2408 if (permil
> allowed
)
2410 if (allowed
- permil
> arg
->benefit
) {
2411 memcpy(arg
->best
, subset
, k
* sizeof(*subset
));
2412 arg
->benefit
= allowed
- permil
;
2416 /* Enumerate all combinations of k-element subset of n-element set via a
2417 * callback function. */
2419 combinations(int n
, int set
[], int k
,
2420 void (*callback
)(const int, const int [], void *), void *arg
)
2422 int subset
[k
], pos
[k
], i
;
2423 for (i
= 0; i
< k
; i
++)
2428 while (set
[pos
[i
]] < subset
[i
- 1] && pos
[i
] < n
)
2433 subset
[i
] = set
[pos
[i
]];
2434 set
[pos
[i
]] = set
[n
- 1];
2439 callback(k
, subset
, arg
);
2448 set
[pos
[i
]] = subset
[i
];
2458 find_worse_nodes(struct ieee80211com
*ic
, struct ieee80211_node
*new)
2461 u_int16_t n_common
, n_uncommon
;
2462 u_int16_t cn_total
= ic
->ic_cn_total
;
2466 /* should not happen */
2469 n_common
= n_uncommon
= 0;
2471 CHANNEL_FOREACH(i
, ic
, tmp1
, tmp2
) {
2472 if (isset(new->ni_suppchans_new
, i
)) {
2473 if (ic
->ic_chan_nodes
[i
] == ic
->ic_cn_total
) {
2481 to_gain
= ic
->ic_sc_mincom
- n_common
+ 1;
2482 IEEE80211_NOTE(new->ni_vap
, IEEE80211_MSG_ASSOC
| IEEE80211_MSG_DOTH
,
2483 new, "By accepting STA we would need to gain at least "
2484 "%d common channels.", to_gain
);
2485 IEEE80211_NOTE(new->ni_vap
, IEEE80211_MSG_ASSOC
| IEEE80211_MSG_DOTH
,
2486 new, "%d channels supported by the joining STA are "
2487 "not commonly supported by others.", n_uncommon
);
2489 if (to_gain
> n_uncommon
) {
2490 IEEE80211_NOTE(new->ni_vap
, IEEE80211_MSG_ASSOC
|
2491 IEEE80211_MSG_DOTH
, new, "%s",
2492 "Even disassociating all the nodes will not "
2498 int uncommon
[n_uncommon
];
2500 struct channel_combination_arg arg
= { ic
, new, best
, -1 };
2503 CHANNEL_FOREACH(i
, ic
, tmp1
, tmp2
)
2504 if (isset(new->ni_suppchans_new
, i
) &&
2505 (ic
->ic_chan_nodes
[i
] !=
2507 if (j
== n_uncommon
)
2513 combinations(n_uncommon
, uncommon
, to_gain
,
2514 &channel_combination
, &arg
);
2515 if (arg
.benefit
< 0) {
2516 IEEE80211_NOTE(new->ni_vap
, IEEE80211_MSG_ASSOC
|
2517 IEEE80211_MSG_DOTH
, new, "%s",
2518 "No combination of channels allows a "
2519 "beneficial trade-off.");
2522 IEEE80211_NOTE(new->ni_vap
, IEEE80211_MSG_ASSOC
|
2523 IEEE80211_MSG_DOTH
, new,
2524 "Nodes which don't support channels %swill be "
2526 ints_sprintf(to_gain
, best
));
2528 if (new->ni_needed_chans
!= NULL
)
2529 FREE(new->ni_needed_chans
, M_DEVBUF
);
2530 MALLOC(new->ni_needed_chans
, void*,
2531 to_gain
* sizeof(*new->ni_needed_chans
),
2532 M_DEVBUF
, M_NOWAIT
);
2534 if (new->ni_needed_chans
== NULL
) {
2535 IEEE80211_NOTE(new->ni_vap
, IEEE80211_MSG_DEBUG
|
2536 IEEE80211_MSG_DOTH
, new, "%s",
2537 "needed_chans allocation failed");
2541 /* Store the list of channels to remove nodes which don't
2543 for (i
= 0; i
< to_gain
; i
++)
2544 new->ni_needed_chans
[i
] = best
[i
];
2545 new->ni_n_needed_chans
= to_gain
;
2551 ieee80211_parse_sc_ie(struct ieee80211_node
*ni
, u_int8_t
*frm
,
2552 const struct ieee80211_frame
*wh
)
2554 struct ieee80211_ie_sc
*sc_ie
= (struct ieee80211_ie_sc
*)frm
;
2555 struct ieee80211com
*ic
= ni
->ni_ic
;
2556 #ifdef IEEE80211_DEBUG
2557 struct ieee80211vap
*vap
= ni
->ni_vap
;
2558 int reassoc
= (wh
->i_fc
[0] & IEEE80211_FC0_SUBTYPE_MASK
) ==
2559 IEEE80211_FC0_SUBTYPE_REASSOC_REQ
;
2564 if (sc_ie
== NULL
) {
2565 if (ni
->ni_ic
->ic_sc_algorithm
== IEEE80211_SC_STRICT
) {
2566 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
|
2567 IEEE80211_MSG_DOTH
, wh
->i_addr2
,
2568 "deny %s request, no supported "
2570 reassoc
? "reassoc" : "assoc");
2571 return IEEE80211_STATUS_SUPPCHAN_UNACCEPTABLE
;
2573 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
|
2574 IEEE80211_MSG_DOTH
, wh
->i_addr2
,
2575 "%s request: no supported channels IE",
2576 reassoc
? "reassoc" : "assoc");
2577 return IEEE80211_STATUS_SUCCESS
;
2579 if (sc_ie
->sc_len
% 2 != 0) {
2580 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
|
2581 IEEE80211_MSG_DOTH
, wh
->i_addr2
,
2582 "deny %s request, malformed supported "
2583 "channels IE (len)",
2584 reassoc
? "reassoc" : "assoc");
2585 /* XXX: deauth with IEEE80211_REASON_IE_INVALID? */
2586 return IEEE80211_STATUS_SUPPCHAN_UNACCEPTABLE
;
2588 if (ni
->ni_suppchans_new
== NULL
) {
2589 MALLOC(ni
->ni_suppchans_new
, void*, IEEE80211_CHAN_BYTES
,
2590 M_DEVBUF
, M_NOWAIT
);
2591 if (ni
->ni_suppchans_new
== NULL
) {
2592 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
|
2593 IEEE80211_MSG_DOTH
, wh
->i_addr2
,
2594 "deny %s request, couldn't allocate "
2595 "memory for SC IE!",
2596 reassoc
? "reassoc" : "assoc");
2597 return IEEE80211_STATUS_SUPPCHAN_UNACCEPTABLE
;
2600 memset(ni
->ni_suppchans_new
, 0, IEEE80211_CHAN_BYTES
);
2601 for (i
= 0; i
< (sc_ie
->sc_len
/ 2); i
++) {
2602 u_int8_t chan
= sc_ie
->sc_subband
[i
].sc_first
;
2603 /* XXX: see 802.11d-2001-4-05-03-interp,
2604 * but what about .11j, turbo, etc.? */
2605 u_int8_t step
= (chan
<= 14 ? 1 : 4);
2606 u_int16_t last
= chan
+ step
*
2607 (sc_ie
->sc_subband
[i
].sc_number
- 1);
2609 /* check for subband under- (sc_number == 0) or overflow */
2610 if ((last
< chan
) || ((chan
<= 14) && (last
> 14)) ||
2611 (chan
> 14 && last
> 200)) {
2612 /* XXX: deauth with IEEE80211_REASON_IE_INVALID? */
2613 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
|
2614 IEEE80211_MSG_DOTH
, wh
->i_addr2
,
2615 "deny %s request, malformed supported "
2616 "channels ie (subbands, %d, %d)",
2617 reassoc
? "reassoc" : "assoc",
2619 return IEEE80211_STATUS_SUPPCHAN_UNACCEPTABLE
;
2622 for (; chan
<= last
; chan
+= step
)
2623 setbit(ni
->ni_suppchans_new
, chan
);
2625 /* forbid STAs that claim they don't support the channel they are
2626 * currently operating at */
2627 if (isclr(ni
->ni_suppchans_new
, ic
->ic_bsschan
->ic_ieee
)) {
2628 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
|
2629 IEEE80211_MSG_DOTH
, wh
->i_addr2
,
2630 "deny %s request, sc ie does not contain bss "
2631 "channel(subbands)",
2632 reassoc
? "reassoc" : "assoc");
2633 return IEEE80211_STATUS_SUPPCHAN_UNACCEPTABLE
;
2636 if ((ic
->ic_sc_algorithm
!= IEEE80211_SC_TIGHT
) &&
2637 (ic
->ic_sc_algorithm
!= IEEE80211_SC_STRICT
))
2640 /* count number of channels that will be common to all STAs after the
2643 CHANNEL_FOREACH(i
, ic
, tmp1
, tmp2
)
2644 if (isset(ni
->ni_suppchans_new
, i
) && (
2645 ic
->ic_chan_nodes
[i
] == ic
->ic_cn_total
))
2648 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
| IEEE80211_MSG_DOTH
,
2649 wh
->i_addr2
, "%s request: %d common channels, %d "
2650 "required", reassoc
? "reassoc" : "assoc",
2651 count
, ic
->ic_sc_mincom
);
2652 if (count
< ic
->ic_sc_mincom
) {
2653 /* common channel count decreases below the required minimum */
2654 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
| IEEE80211_MSG_DOTH
,
2655 wh
->i_addr2
, "%s request: not enough common "
2656 "channels available, tight/strict algorithm "
2657 "engaged", reassoc
? "reassoc" : "assoc");
2659 if (!find_worse_nodes(ic
, ni
)) {
2660 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
|
2661 IEEE80211_MSG_DOTH
, wh
->i_addr2
,
2662 "deny %s request, tight/strict "
2663 "criterion not met",
2664 reassoc
? "reassoc" : "assoc");
2665 return IEEE80211_STATUS_SUPPCHAN_UNACCEPTABLE
;
2670 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_DOTH
| IEEE80211_MSG_ASSOC
|
2671 IEEE80211_MSG_ELEMID
, wh
->i_addr2
,
2672 "%s", "supported channels ie parsing successful");
2673 return IEEE80211_STATUS_SUCCESS
;
2677 struct ieee80211_channel
*
2678 ieee80211_doth_findchan(struct ieee80211vap
*vap
, u_int8_t chan
)
2680 struct ieee80211com
*ic
= vap
->iv_ic
;
2681 struct ieee80211_channel
*c
;
2684 /* NB: try first to preserve turbo */
2685 flags
= ic
->ic_bsschan
->ic_flags
& IEEE80211_CHAN_ALL
;
2686 freq
= ieee80211_ieee2mhz(chan
, 0);
2687 c
= ieee80211_find_channel(ic
, freq
, flags
);
2689 c
= ieee80211_find_channel(ic
, freq
, 0);
2694 ieee80211_doth_cancel_cs(struct ieee80211vap
*vap
)
2696 del_timer(&vap
->iv_csa_timer
);
2697 if (vap
->iv_csa_jiffies
)
2698 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DOTH
,
2699 "channel switch canceled (was: ""to %3d "
2700 "(%4d MHz) in %u TBTT, mode %u)\n",
2701 vap
->iv_csa_chan
->ic_ieee
,
2702 vap
->iv_csa_chan
->ic_freq
,
2703 vap
->iv_csa_count
, vap
->iv_csa_mode
);
2704 vap
->iv_csa_jiffies
= 0;
2708 ieee80211_doth_switch_channel(struct ieee80211vap
*vap
)
2710 struct ieee80211com
*ic
= vap
->iv_ic
;
2712 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DOTH
,
2713 "%s: Channel switch to %3d (%4d MHz) NOW!\n",
2715 vap
->iv_csa_chan
->ic_ieee
,
2716 vap
->iv_csa_chan
->ic_freq
);
2718 /* XXX does not belong here? */
2719 /* XXX doesn't stop management frames */
2720 /* XXX who restarts the queue? */
2721 /* NB: for now, error here is non-catastrophic.
2722 * in the future we may need to ensure we
2723 * stop xmit on this channel.
2725 netif_stop_queue(ic
->ic_dev
);
2728 vap
->iv_csa_jiffies
= 0; /* suppress "cancel" msg */
2729 ieee80211_doth_cancel_cs(vap
);
2731 ic
->ic_curchan
= ic
->ic_bsschan
= vap
->iv_csa_chan
;
2732 ic
->ic_set_channel(ic
);
2736 ieee80211_doth_switch_channel_tmr(unsigned long arg
)
2738 struct ieee80211vap
*vap
= (struct ieee80211vap
*)arg
;
2739 ieee80211_doth_switch_channel(vap
);
2743 ieee80211_parse_csaie(struct ieee80211_node
*ni
, u_int8_t
*frm
,
2744 const struct ieee80211_frame
*wh
)
2746 struct ieee80211vap
*vap
= ni
->ni_vap
;
2747 struct ieee80211com
*ic
= vap
->iv_ic
;
2748 struct ieee80211_channel
*c
;
2749 struct ieee80211_ie_csa
*csa_ie
= (struct ieee80211_ie_csa
*)frm
;
2752 /* we had CS underway but now we got Beacon without CSA IE */
2755 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DOTH
,
2756 "%s: channel switch is scheduled, but we got "
2757 "Beacon without CSA IE!\n", __func__
);
2759 ieee80211_doth_cancel_cs(vap
);
2763 if (csa_ie
->csa_len
!= 3) {
2764 IEEE80211_DISCARD_IE(vap
,
2765 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_DOTH
,
2766 wh
, "channel switch", "invalid length %u",
2771 if (isclr(ic
->ic_chan_avail
, csa_ie
->csa_chan
)) {
2772 IEEE80211_DISCARD_IE(vap
,
2773 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_DOTH
,
2774 wh
, "channel switch", "invalid channel %u",
2779 if ((c
= ieee80211_doth_findchan(vap
, csa_ie
->csa_chan
)) == NULL
) {
2780 /* XXX something wrong */
2781 IEEE80211_DISCARD_IE(vap
,
2782 IEEE80211_MSG_ELEMID
| IEEE80211_MSG_DOTH
,
2783 wh
, "channel switch",
2784 "channel %u lookup failed", csa_ie
->csa_chan
);
2788 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DOTH
,
2789 "%s: channel switch to %u in %u tbtt (mode %u) announced\n",
2790 __func__
, csa_ie
->csa_chan
, csa_ie
->csa_count
,
2793 if (vap
->iv_csa_jiffies
) {
2794 /* CSA was received recently */
2795 if (c
!= vap
->iv_csa_chan
) {
2797 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DOTH
,
2798 "%s: channel switch channel "
2799 "changed from %3d (%4d MHz) to %u!\n",
2801 vap
->iv_csa_chan
->ic_ieee
,
2802 vap
->iv_csa_chan
->ic_freq
,
2805 if (vap
->iv_csa_count
> IEEE80211_CSA_PROTECTION_PERIOD
)
2806 ieee80211_doth_cancel_cs(vap
);
2810 if (csa_ie
->csa_mode
!= vap
->iv_csa_mode
) {
2811 /* Can be abused, but with no (to little) impact. */
2813 /* CS mode change has no influence on our actions since
2814 * we don't respect cs modes at all (yet). Complain and
2816 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DOTH
,
2817 "%s: channel switch mode changed from "
2818 "%u to %u!\n", __func__
,
2819 vap
->iv_csa_mode
, csa_ie
->csa_mode
);
2822 if (csa_ie
->csa_count
>= vap
->iv_csa_count
) {
2823 /* XXX abuse? what for? */
2824 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DOTH
,
2825 "%s: channel switch count didn't "
2826 "decrease (%u -> %u)!\n", __func__
,
2827 vap
->iv_csa_count
, csa_ie
->csa_count
);
2832 u_int32_t elapsed
= IEEE80211_JIFFIES_TO_TU(
2833 jiffies
- vap
->iv_csa_jiffies
);
2834 u_int32_t cnt_diff
= vap
->iv_csa_count
-
2836 u_int32_t expected
= ni
->ni_intval
* cnt_diff
;
2837 int32_t delta
= elapsed
- expected
;
2840 if (delta
> IEEE80211_CSA_SANITY_THRESHOLD
) {
2841 /* XXX abuse? for now, it's safer to cancel CS
2842 * than to follow it blindly */
2843 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DOTH
,
2844 "%s: %u.%02u bintvals elapsed, "
2845 "but count dropped by %u (delta"
2846 " = %u TUs)\n", __func__
,
2847 elapsed
/ ni
->ni_intval
,
2848 elapsed
* 100 / ni
->ni_intval
2849 % 100, cnt_diff
, delta
);
2851 ieee80211_doth_cancel_cs(vap
);
2856 vap
->iv_csa_count
= csa_ie
->csa_count
;
2857 mod_timer(&vap
->iv_csa_timer
, jiffies
+
2858 IEEE80211_TU_TO_JIFFIES(vap
->iv_csa_count
2859 * ni
->ni_intval
+ 10));
2861 /* CSA wasn't received recently, so this is the first one in
2865 /* Needed for DFS / FCC ... */
2867 if (csa_ie
->csa_count
< IEEE80211_CSA_PROTECTION_PERIOD
) {
2868 IEEE80211_DISCARD_IE(vap
,
2869 IEEE80211_MSG_ELEMID
|
2871 wh
, "channel switch",
2872 "initial announcement: channel switch"
2873 " would occur too soon (in %u tbtt)",
2879 vap
->iv_csa_mode
= csa_ie
->csa_mode
;
2880 vap
->iv_csa_count
= csa_ie
->csa_count
;
2881 vap
->iv_csa_chan
= c
;
2883 vap
->iv_csa_timer
.function
= ieee80211_doth_switch_channel_tmr
;
2884 vap
->iv_csa_timer
.data
= (unsigned long)vap
;
2885 mod_timer(&vap
->iv_csa_timer
, jiffies
+ IEEE80211_TU_TO_JIFFIES(
2886 vap
->iv_csa_count
* ni
->ni_intval
+ 10));
2889 vap
->iv_csa_jiffies
= jiffies
;
2891 if (vap
->iv_csa_count
<= 1)
2892 ieee80211_doth_switch_channel(vap
);
2897 /* XXX. Not the right place for such a definition */
2898 struct l2_update_frame
{
2899 u8 da
[ETH_ALEN
]; /* broadcast */
2900 u8 sa
[ETH_ALEN
]; /* STA addr */
2902 u8 dsap
; /* null DSAP address */
2903 u8 ssap
; /* null SSAP address, CR=Response */
2906 } __attribute__ ((packed
));
2910 ieee80211_deliver_l2_rnr(struct ieee80211_node
*ni
)
2912 struct ieee80211vap
*vap
= ni
->ni_vap
;
2913 struct net_device
*dev
= vap
->iv_dev
;
2914 struct sk_buff
*skb
;
2915 struct l2_update_frame
*l2uf
;
2917 skb
= ieee80211_dev_alloc_skb(sizeof(*l2uf
));
2921 skb_put(skb
, sizeof(*l2uf
));
2922 l2uf
= (struct l2_update_frame
*)(skb
->data
);
2923 /* dst: Broadcast address */
2924 memcpy(l2uf
->da
, dev
->broadcast
, ETH_ALEN
);
2925 /* src: associated STA */
2926 memcpy(l2uf
->sa
, ni
->ni_macaddr
, ETH_ALEN
);
2927 l2uf
->len
= htons(6);
2930 l2uf
->control
= 0xf5;
2931 l2uf
->xid_info
[0] = 0x81;
2932 l2uf
->xid_info
[1] = 0x80;
2933 l2uf
->xid_info
[2] = 0x00;
2936 /* eth_trans_type modifies skb state (skb_pull(ETH_HLEN)), so use
2937 * constants instead. We know the packet type anyway. */
2938 skb
->pkt_type
= PACKET_BROADCAST
;
2939 skb
->protocol
= htons(ETH_P_802_2
);
2940 skb_reset_mac_header(skb
);
2942 ieee80211_deliver_data(ni
, skb
);
2947 ieee80211_deliver_l2_xid(struct ieee80211_node
*ni
)
2949 struct ieee80211vap
*vap
= ni
->ni_vap
;
2950 struct net_device
*dev
= vap
->iv_dev
;
2951 struct sk_buff
*skb
;
2952 struct l2_update_frame
*l2uf
;
2954 skb
= ieee80211_dev_alloc_skb(sizeof(*l2uf
));
2958 /* Leak check / cleanup destructor */
2959 skb_put(skb
, sizeof(*l2uf
));
2960 l2uf
= (struct l2_update_frame
*)(skb
->data
);
2961 /* dst: Broadcast address */
2962 memcpy(l2uf
->da
, dev
->broadcast
, ETH_ALEN
);
2963 /* src: associated STA */
2964 memcpy(l2uf
->sa
, ni
->ni_macaddr
, ETH_ALEN
);
2965 l2uf
->len
= htons(6);
2966 l2uf
->dsap
= 0x00; /* NULL DSAP address */
2967 l2uf
->ssap
= 0x01;/* NULL SSAP address, CR Bit: Response */
2968 l2uf
->control
= 0xaf; /* XID response lsb.1111F101.
2969 * F=0 (no poll command; unsolicited frame) */
2970 l2uf
->xid_info
[0] = 0x81; /* XID format identifier */
2971 l2uf
->xid_info
[1] = 1; /* LLC types/classes: Type 1 LLC */
2972 l2uf
->xid_info
[2] = 1 << 1; /* XID sender's receive window size (RW)
2973 * FIX: what is correct RW with 802.11? */
2975 /* eth_trans_type modifies skb state (skb_pull(ETH_HLEN)), so use
2976 * constants instead. We know the packet type anyway. */
2977 skb
->pkt_type
= PACKET_BROADCAST
;
2978 skb
->protocol
= htons(ETH_P_802_2
);
2979 skb_reset_mac_header(skb
);
2981 ieee80211_deliver_data(ni
, skb
);
2986 contbgscan(struct ieee80211vap
*vap
)
2988 struct ieee80211com
*ic
= vap
->iv_ic
;
2990 return ((ic
->ic_flags_ext
& IEEE80211_FEXT_BGSCAN
) &&
2991 time_after(jiffies
, ic
->ic_lastdata
+ vap
->iv_bgscanidle
));
2995 startbgscan(struct ieee80211vap
*vap
)
2997 struct ieee80211com
*ic
= vap
->iv_ic
;
2999 return ((vap
->iv_flags
& IEEE80211_F_BGSCAN
) &&
3000 !IEEE80211_IS_CHAN_DTURBO(ic
->ic_curchan
) &&
3001 time_after(jiffies
, ic
->ic_lastscan
+ vap
->iv_bgscanintvl
) &&
3002 time_after(jiffies
, ic
->ic_lastdata
+ vap
->iv_bgscanidle
));
3010 ieee80211_recv_mgmt(struct ieee80211vap
*vap
,
3011 struct ieee80211_node
*ni_or_null
, struct sk_buff
*skb
,
3012 int subtype
, int rssi
, u_int64_t rtsf
)
3014 #define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
3015 #define ISREASSOC(_st) ((_st) == IEEE80211_FC0_SUBTYPE_REASSOC_RESP)
3016 struct ieee80211_node
* ni
= ni_or_null
;
3017 struct ieee80211com
*ic
= vap
->iv_ic
;
3018 struct ieee80211_frame
*wh
;
3019 u_int8_t
*frm
, *efrm
;
3020 u_int8_t
*ssid
, *rates
, *xrates
, *suppchan
, *wpa
, *rsn
, *wme
, *ath
;
3022 int reassoc
, resp
, allocbs
= 0;
3025 if (ni_or_null
== NULL
)
3028 wh
= (struct ieee80211_frame
*)skb
->data
;
3029 frm
= (u_int8_t
*)&wh
[1];
3030 efrm
= skb
->data
+ skb
->len
;
3032 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_ASSOC
,
3033 "%s: vap:%p[" MAC_FMT
"] ni:%p[" MAC_FMT
"]\n",
3034 __func__
, vap
, MAC_ADDR(vap
->iv_bssid
),
3035 ni_or_null
, MAC_ADDR(wh
->i_addr2
));
3037 /* forward management frame to application */
3038 if (vap
->iv_opmode
!= IEEE80211_M_MONITOR
)
3039 forward_mgmt_to_app(vap
, subtype
, skb
, wh
);
3042 case IEEE80211_FC0_SUBTYPE_PROBE_RESP
:
3043 case IEEE80211_FC0_SUBTYPE_BEACON
: {
3044 struct ieee80211_scanparams scan
;
3047 * We process beacon/probe response frames:
3048 * o when scanning, or
3049 * o station mode when associated (to collect state
3050 * updates such as 802.11g slot time), or
3051 * o adhoc mode (to discover neighbors)
3052 * Frames otherwise received are discarded.
3054 if (!((ic
->ic_flags
& IEEE80211_F_SCAN
) ||
3055 (vap
->iv_opmode
== IEEE80211_M_STA
&& ni
->ni_associd
) ||
3056 vap
->iv_opmode
== IEEE80211_M_IBSS
)) {
3057 vap
->iv_stats
.is_rx_mgtdiscard
++;
3061 * beacon/probe response frame format
3063 * [2] beacon interval
3064 * [2] capability information
3066 * [tlv] supported rates
3067 * [tlv] country information
3068 * [tlv] parameter set (FH/DS)
3069 * [tlv] erp information
3070 * [tlv] extended supported rates
3073 * [tlv] Atheros Advanced Capabilities
3075 IEEE80211_VERIFY_LENGTH(efrm
- frm
, 12);
3076 memset(&scan
, 0, sizeof(scan
));
3079 scan
.bintval
= le16toh(*(__le16
*)frm
);
3081 scan
.capinfo
= le16toh(*(__le16
*)frm
);
3083 scan
.bchan
= ieee80211_chan2ieee(ic
, ic
->ic_curchan
);
3084 scan
.chan
= scan
.bchan
;
3086 while (frm
< efrm
) {
3087 /* Agere element in beacon */
3088 if ((*frm
== IEEE80211_ELEMID_AGERE1
) ||
3089 (*frm
== IEEE80211_ELEMID_AGERE2
)) {
3094 IEEE80211_VERIFY_LENGTH(efrm
- frm
, frm
[1]);
3096 case IEEE80211_ELEMID_SSID
:
3099 case IEEE80211_ELEMID_RATES
:
3102 case IEEE80211_ELEMID_COUNTRY
:
3105 case IEEE80211_ELEMID_FHPARMS
:
3106 if (ic
->ic_phytype
== IEEE80211_T_FH
) {
3107 scan
.fhdwell
= LE_READ_2(&frm
[2]);
3108 scan
.chan
= IEEE80211_FH_CHAN(frm
[4],
3110 scan
.fhindex
= frm
[6];
3113 case IEEE80211_ELEMID_DSPARMS
:
3115 * XXX hack this since depending on phytype
3116 * is problematic for multi-mode devices.
3118 if (ic
->ic_phytype
!= IEEE80211_T_FH
)
3121 case IEEE80211_ELEMID_TIM
:
3124 scan
.timoff
= frm
- skb
->data
;
3126 case IEEE80211_ELEMID_IBSSPARMS
:
3128 case IEEE80211_ELEMID_XRATES
:
3131 case IEEE80211_ELEMID_ERP
:
3133 IEEE80211_DISCARD_IE(vap
,
3134 IEEE80211_MSG_ELEMID
, wh
, "ERP",
3135 "bad len %u", frm
[1]);
3136 vap
->iv_stats
.is_rx_elem_toobig
++;
3141 case IEEE80211_ELEMID_RSN
:
3144 case IEEE80211_ELEMID_VENDOR
:
3147 else if (iswmeparam(frm
) || iswmeinfo(frm
))
3149 else if (isatherosoui(frm
))
3152 case IEEE80211_ELEMID_CHANSWITCHANN
:
3153 if (ic
->ic_flags
& IEEE80211_F_DOTH
)
3157 IEEE80211_DISCARD_IE(vap
, IEEE80211_MSG_ELEMID
,
3159 "id %u, len %u", *frm
, frm
[1]);
3160 vap
->iv_stats
.is_rx_elem_unknown
++;
3166 return 0; /* reached past the end */
3167 IEEE80211_VERIFY_ELEMENT(scan
.rates
, IEEE80211_RATE_MAXSIZE
);
3168 IEEE80211_VERIFY_ELEMENT(scan
.ssid
, IEEE80211_NWID_LEN
);
3169 #if IEEE80211_CHAN_MAX < 255
3170 if (scan
.chan
> IEEE80211_CHAN_MAX
) {
3171 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ELEMID
,
3172 wh
, ieee80211_mgt_subtype_name
[subtype
>>
3173 IEEE80211_FC0_SUBTYPE_SHIFT
],
3174 "invalid channel %u", scan
.chan
);
3175 vap
->iv_stats
.is_rx_badchan
++;
3179 if (scan
.chan
!= scan
.bchan
&&
3180 ic
->ic_phytype
!= IEEE80211_T_FH
) {
3182 * Frame was received on a channel different from the
3183 * one indicated in the DS params element id;
3184 * silently discard it.
3186 * NB: this can happen due to signal leakage.
3187 * But we should take it for FH PHY because
3188 * the RSSI value should be correct even for
3189 * different hop pattern in FH.
3191 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ELEMID
,
3192 wh
, ieee80211_mgt_subtype_name
[subtype
>>
3193 IEEE80211_FC0_SUBTYPE_SHIFT
],
3194 "for off-channel %u", scan
.chan
);
3195 vap
->iv_stats
.is_rx_chanmismatch
++;
3199 /* IEEE802.11 does not specify the allowed range for
3200 * beacon interval. We discard any beacons with a
3201 * beacon interval outside of an arbitrary range in
3202 * order to protect against attack.
3204 if (!IEEE80211_BINTVAL_VALID(scan
.bintval
)) {
3205 IEEE80211_DISCARD(vap
, IEEE80211_MSG_SCAN
,
3206 wh
, "beacon", "invalid beacon interval (%u)",
3212 * Count frame now that we know it's to be processed.
3214 if (subtype
== IEEE80211_FC0_SUBTYPE_BEACON
)
3215 IEEE80211_NODE_STAT(ni
, rx_beacons
);
3217 IEEE80211_NODE_STAT(ni
, rx_proberesp
);
3220 * When operating in station mode, check for state updates.
3221 * Be careful to ignore beacons received while doing a
3222 * background scan. We consider only 11g/WMM stuff right now.
3224 if (vap
->iv_opmode
== IEEE80211_M_STA
&&
3225 ni
->ni_associd
!= 0 &&
3226 IEEE80211_ADDR_EQ(wh
->i_addr2
, vap
->iv_bssid
)) {
3227 /* record tsf of last beacon */
3228 memcpy(ni
->ni_tstamp
.data
, scan
.tstamp
,
3229 sizeof(ni
->ni_tstamp
));
3230 if (ni
->ni_intval
!= scan
.bintval
) {
3231 IEEE80211_NOTE(vap
, IEEE80211_MSG_ASSOC
, ni
,
3232 "beacon interval divergence: "
3234 ni
->ni_intval
, scan
.bintval
);
3235 if (!ni
->ni_intval_end
) {
3236 int msecs
= 0; /* silence compiler */
3237 ni
->ni_intval_cnt
= 0;
3238 ni
->ni_intval_old
= ni
->ni_intval
;
3239 msecs
= (ni
->ni_intval_old
* 1024 * 10) /
3241 ni
->ni_intval_end
= jiffies
+
3242 msecs_to_jiffies(msecs
);
3243 IEEE80211_NOTE(vap
, IEEE80211_MSG_ASSOC
,
3244 ni
, "scheduling beacon "
3245 "interval measurement "
3249 if (scan
.bintval
> ni
->ni_intval
) {
3250 ni
->ni_intval
= scan
.bintval
;
3251 vap
->iv_flags_ext
|=
3252 IEEE80211_FEXT_APPIE_UPDATE
;
3254 /* XXX: statistic */
3256 if (ni
->ni_intval_end
) {
3257 if (scan
.bintval
== ni
->ni_intval_old
)
3258 ni
->ni_intval_cnt
++;
3259 if (!time_before(jiffies
, ni
->ni_intval_end
)) {
3260 IEEE80211_NOTE(vap
, IEEE80211_MSG_ASSOC
,
3261 ni
, "beacon interval "
3262 "measurement finished, "
3263 "old value repeated: "
3266 ni
->ni_intval_end
= 0;
3267 if (ni
->ni_intval_cnt
== 0) {
3269 IEEE80211_MSG_ASSOC
, ni
,
3270 "reprogramming bmiss "
3271 "timer from %u to %u",
3274 ni
->ni_intval
= scan
.bintval
;
3275 vap
->iv_flags_ext
|=
3276 IEEE80211_FEXT_APPIE_UPDATE
;
3279 IEEE80211_MSG_ASSOC
, ni
,
3280 "ignoring the divergence "
3281 "(maybe someone tried to "
3282 "spoof the AP?)", 0);
3287 if (ni
->ni_erp
!= scan
.erp
) {
3288 IEEE80211_NOTE(vap
, IEEE80211_MSG_ASSOC
, ni
,
3289 "erp change: was 0x%x, now 0x%x",
3290 ni
->ni_erp
, scan
.erp
);
3291 if (scan
.erp
& IEEE80211_ERP_USE_PROTECTION
)
3292 ic
->ic_flags
|= IEEE80211_F_USEPROT
;
3294 ic
->ic_flags
&= ~IEEE80211_F_USEPROT
;
3295 ni
->ni_erp
= scan
.erp
;
3298 if ((ni
->ni_capinfo
^ scan
.capinfo
) &
3299 IEEE80211_CAPINFO_SHORT_SLOTTIME
) {
3300 IEEE80211_NOTE(vap
, IEEE80211_MSG_ASSOC
, ni
,
3301 "capabilities change: was 0x%x, now 0x%x",
3302 ni
->ni_capinfo
, scan
.capinfo
);
3304 * NB: we assume short preamble doesn't
3305 * change dynamically
3307 ieee80211_set_shortslottime(ic
,
3308 IEEE80211_IS_CHAN_A(ic
->ic_bsschan
) ||
3310 IEEE80211_CAPINFO_SHORT_SLOTTIME
));
3311 ni
->ni_capinfo
= scan
.capinfo
;
3314 if (scan
.wme
!= NULL
&&
3315 (ni
->ni_flags
& IEEE80211_NODE_QOS
)) {
3317 if ((_retval
= ieee80211_parse_wmeparams(
3319 wh
, &qosinfo
)) >= 0) {
3320 if (qosinfo
& WME_CAPINFO_UAPSD_EN
)
3322 IEEE80211_NODE_UAPSD
;
3324 ieee80211_wme_updateparams(vap
);
3327 ni
->ni_flags
&= ~IEEE80211_NODE_UAPSD
;
3328 if (scan
.ath
!= NULL
)
3329 ieee80211_parse_athParams(ni
, scan
.ath
);
3330 if (scan
.csa
!= NULL
|| vap
->iv_csa_jiffies
)
3331 ieee80211_parse_csaie(ni
, scan
.csa
, wh
);
3332 if (scan
.tim
!= NULL
) {
3334 * Check the TIM. For now we drop out of
3335 * power save mode for any reason.
3337 struct ieee80211_tim_ie
*tim
=
3338 (struct ieee80211_tim_ie
*)scan
.tim
;
3339 int aid
= IEEE80211_AID(ni
->ni_associd
);
3340 int ix
= aid
/ NBBY
;
3341 int min
= tim
->tim_bitctl
&~ 1;
3342 int max
= tim
->tim_len
+ min
- 4;
3343 if ((tim
->tim_bitctl
&1) ||
3344 (min
<= ix
&& ix
<= max
&&
3345 isset(tim
->tim_bitmap
- min
, aid
)))
3346 ieee80211_sta_pwrsave(vap
, 0);
3347 vap
->iv_dtim_count
= tim
->tim_count
;
3350 /* WDS/Repeater: re-schedule software beacon timer for
3352 if ((vap
->iv_state
== IEEE80211_S_RUN
) &&
3353 (vap
->iv_flags_ext
& IEEE80211_FEXT_SWBMISS
)) {
3354 mod_timer(&vap
->iv_swbmiss
,
3355 jiffies
+ vap
->iv_swbmiss_period
);
3358 /* If scanning, pass the info to the scan module.
3359 * Otherwise, check if it's the right time to do
3360 * a background scan. Background scanning must
3361 * be enabled and we must not be operating in the
3362 * turbo phase of dynamic turbo mode. Then,
3363 * it's been a while since the last background
3364 * scan and if no data frames have come through
3365 * recently, kick off a scan. Note that this
3366 * is the mechanism by which a background scan
3367 * is started _and_ continued each time we
3368 * return on-channel to receive a beacon from
3370 if (ic
->ic_flags
& IEEE80211_F_SCAN
)
3371 ieee80211_add_scan(vap
, &scan
, wh
,
3372 subtype
, rssi
, rtsf
);
3373 else if (contbgscan(vap
) || startbgscan(vap
))
3374 ieee80211_bg_scan(vap
);
3378 * If scanning, just pass information to the scan module.
3380 if (ic
->ic_flags
& IEEE80211_F_SCAN
) {
3381 ieee80211_add_scan(vap
, &scan
, wh
, subtype
, rssi
, rtsf
);
3384 if ((vap
->iv_opmode
== IEEE80211_M_IBSS
) &&
3385 (scan
.capinfo
& IEEE80211_CAPINFO_IBSS
)) {
3386 if (ni_or_null
== NULL
) {
3387 /* Create a new entry in the neighbor table. */
3388 ni
= ieee80211_add_neighbor(vap
, wh
, &scan
);
3393 * Copy data from beacon to neighbor table.
3394 * Some of this information might change after
3395 * ieee80211_add_neighbor(), so we just copy
3396 * everything over to be safe.
3398 ni
->ni_esslen
= scan
.ssid
[1];
3399 memcpy(ni
->ni_essid
, scan
.ssid
+ 2, scan
.ssid
[1]);
3400 IEEE80211_ADDR_COPY(ni
->ni_bssid
, wh
->i_addr3
);
3401 memcpy(ni
->ni_tstamp
.data
, scan
.tstamp
,
3402 sizeof(ni
->ni_tstamp
));
3404 IEEE80211_BINTVAL_SANITISE(scan
.bintval
);
3405 ni
->ni_capinfo
= scan
.capinfo
;
3406 ni
->ni_chan
= ic
->ic_curchan
;
3407 ni
->ni_fhdwell
= scan
.fhdwell
;
3408 ni
->ni_fhindex
= scan
.fhindex
;
3409 ni
->ni_erp
= scan
.erp
;
3410 ni
->ni_timoff
= scan
.timoff
;
3411 if (scan
.wme
!= NULL
)
3412 ieee80211_saveie(&ni
->ni_wme_ie
, scan
.wme
);
3413 if (scan
.wpa
!= NULL
)
3414 ieee80211_saveie(&ni
->ni_wpa_ie
, scan
.wpa
);
3415 if (scan
.rsn
!= NULL
)
3416 ieee80211_saveie(&ni
->ni_rsn_ie
, scan
.rsn
);
3417 if (scan
.ath
!= NULL
)
3418 ieee80211_saveath(ni
, scan
.ath
);
3420 /* NB: must be after ni_chan is setup */
3421 ieee80211_setup_rates(ni
, scan
.rates
,
3422 scan
.xrates
, IEEE80211_F_DOSORT
);
3427 ni
->ni_last_rx
= jiffies
;
3433 case IEEE80211_FC0_SUBTYPE_PROBE_REQ
:
3434 if (vap
->iv_opmode
== IEEE80211_M_STA
||
3435 vap
->iv_opmode
== IEEE80211_M_AHDEMO
||
3436 vap
->iv_state
!= IEEE80211_S_RUN
) {
3437 vap
->iv_stats
.is_rx_mgtdiscard
++;
3440 if (IEEE80211_IS_MULTICAST(wh
->i_addr2
)) {
3441 /* frame must be directed */
3442 vap
->iv_stats
.is_rx_mgtdiscard
++; /* XXX: stat */
3447 * XR vap does not process probe requests.
3449 #ifdef ATH_SUPERG_XR
3450 if (vap
->iv_flags
& IEEE80211_F_XR
)
3454 * prreq frame format
3456 * [tlv] supported rates
3457 * [tlv] extended supported rates
3458 * [tlv] Atheros Advanced Capabilities
3460 ssid
= rates
= xrates
= ath
= NULL
;
3461 while (frm
< efrm
) {
3462 IEEE80211_VERIFY_LENGTH(efrm
- frm
, frm
[1]);
3464 case IEEE80211_ELEMID_SSID
:
3467 case IEEE80211_ELEMID_RATES
:
3470 case IEEE80211_ELEMID_XRATES
:
3473 case IEEE80211_ELEMID_VENDOR
:
3474 if (isatherosoui(frm
))
3476 /* XXX Atheros OUI support */
3482 return 0; /* reached past the end */
3483 IEEE80211_VERIFY_ELEMENT(rates
, IEEE80211_RATE_MAXSIZE
);
3484 IEEE80211_VERIFY_ELEMENT(ssid
, IEEE80211_NWID_LEN
);
3485 IEEE80211_VERIFY_SSID(vap
->iv_bss
, ssid
);
3486 if ((vap
->iv_flags
& IEEE80211_F_HIDESSID
) && ssid
[1] == 0) {
3487 IEEE80211_DISCARD(vap
, IEEE80211_MSG_INPUT
,
3488 wh
, ieee80211_mgt_subtype_name
[subtype
>>
3489 IEEE80211_FC0_SUBTYPE_SHIFT
],
3490 "%s", "no ssid with ssid suppression enabled");
3491 vap
->iv_stats
.is_rx_ssidmismatch
++; /*XXX*/
3494 if (ni
== vap
->iv_bss
) {
3495 if (vap
->iv_opmode
== IEEE80211_M_IBSS
) {
3497 * XXX Cannot tell if the sender is operating
3498 * in ibss mode. But we need a new node to
3499 * send the response so blindly add them to the
3502 ni
= ieee80211_fakeup_adhoc_node(vap
,
3505 ni
= ieee80211_dup_bss(vap
, wh
->i_addr2
, 1);
3512 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_INPUT
, wh
->i_addr2
,
3513 "%s", "recv probe req");
3516 ni
->ni_last_rx
= jiffies
;
3517 rate
= ieee80211_setup_rates(ni
, rates
, xrates
,
3518 IEEE80211_F_DOSORT
| IEEE80211_F_DOFRATE
|
3519 IEEE80211_F_DONEGO
| IEEE80211_F_DODEL
);
3520 if (rate
& IEEE80211_RATE_BASIC
) {
3521 IEEE80211_DISCARD(vap
, IEEE80211_MSG_XRATE
,
3522 wh
, ieee80211_mgt_subtype_name
[subtype
>>
3523 IEEE80211_FC0_SUBTYPE_SHIFT
],
3524 "%s", "recv'd rate set invalid");
3526 IEEE80211_SEND_MGMT(ni
,
3527 IEEE80211_FC0_SUBTYPE_PROBE_RESP
, 0);
3531 * Temporary node created just to send a
3532 * response, reclaim immediately
3534 ieee80211_unref_node(&ni
);
3535 } else if (ath
!= NULL
)
3536 ieee80211_saveath(ni
, ath
);
3539 case IEEE80211_FC0_SUBTYPE_AUTH
: {
3540 u_int16_t algo
, seq
, status
;
3548 IEEE80211_VERIFY_LENGTH(efrm
- frm
, 6);
3549 algo
= le16toh(*(__le16
*)frm
);
3550 seq
= le16toh(*(__le16
*)(frm
+ 2));
3551 status
= le16toh(*(__le16
*)(frm
+ 4));
3552 #ifdef ATH_SUPERG_XR
3553 if (!IEEE80211_ADDR_EQ(wh
->i_addr3
, vap
->iv_bssid
)) {
3555 * node roaming between XR and normal vaps.
3556 * this can only happen in AP mode. disaccociate from
3557 * previous vap first.
3559 if (vap
->iv_xrvap
) {
3560 if (ni
== vap
->iv_bss
)
3561 ni
= vap
->iv_xrvap
->iv_bss
;
3563 ieee80211_node_leave(ni
);
3564 /* This would be a stupid place to add
3565 * a node to the table; XR stuff needs
3567 ieee80211_node_reset(ni
, vap
->iv_xrvap
);
3569 vap
= vap
->iv_xrvap
;
3571 IEEE80211_DISCARD(vap
, IEEE80211_MSG_AUTH
,
3572 wh
, "auth", "%s", "not to pier xr bssid");
3577 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_AUTH
, wh
->i_addr2
,
3578 "recv auth frame with algorithm %d seq %d", algo
, seq
);
3579 /* Consult the ACL policy module if setup. */
3580 if (vap
->iv_acl
!= NULL
&&
3581 !vap
->iv_acl
->iac_check(vap
, wh
->i_addr2
)) {
3582 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ACL
,
3583 wh
, "auth", "%s", "disallowed by ACL");
3584 vap
->iv_stats
.is_rx_acl
++;
3587 if (vap
->iv_flags
& IEEE80211_F_COUNTERM
) {
3588 IEEE80211_DISCARD(vap
,
3589 IEEE80211_MSG_AUTH
| IEEE80211_MSG_CRYPTO
,
3590 wh
, "auth", "%s", "TKIP countermeasures enabled");
3591 vap
->iv_stats
.is_rx_auth_countermeasures
++;
3592 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
) {
3593 ieee80211_send_error(ni
, wh
->i_addr2
,
3594 IEEE80211_FC0_SUBTYPE_AUTH
,
3595 IEEE80211_REASON_MIC_FAILURE
);
3599 if (algo
== IEEE80211_AUTH_ALG_SHARED
)
3600 ieee80211_auth_shared(ni
, wh
, frm
+ 6, efrm
, rssi
,
3602 else if (algo
== IEEE80211_AUTH_ALG_OPEN
)
3603 ieee80211_auth_open(ni
, wh
, rssi
, rtsf
, seq
, status
);
3605 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ANY
,
3606 wh
, "auth", "unsupported alg %d", algo
);
3607 vap
->iv_stats
.is_rx_auth_unsupported
++;
3608 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
) {
3610 ieee80211_send_error(ni
, wh
->i_addr2
,
3611 IEEE80211_FC0_SUBTYPE_AUTH
,
3613 (IEEE80211_STATUS_ALG
<< 16));
3620 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ
:
3621 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ
: {
3622 u_int16_t capinfo
, bintval
;
3623 struct ieee80211_rsnparms rsn_parm
;
3626 if (vap
->iv_opmode
!= IEEE80211_M_HOSTAP
||
3627 vap
->iv_state
!= IEEE80211_S_RUN
) {
3628 vap
->iv_stats
.is_rx_mgtdiscard
++;
3632 if (subtype
== IEEE80211_FC0_SUBTYPE_REASSOC_REQ
) {
3634 resp
= IEEE80211_FC0_SUBTYPE_REASSOC_RESP
;
3637 resp
= IEEE80211_FC0_SUBTYPE_ASSOC_RESP
;
3641 * asreq frame format
3642 * [2] capability information
3643 * [2] listen interval
3644 * [6*] current AP address (reassoc only)
3646 * [tlv] supported rates
3647 * [tlv] extended supported rates
3648 * [tlv] supported channels
3651 * [tlv] Atheros Advanced Capabilities
3653 IEEE80211_VERIFY_LENGTH(efrm
- frm
, (reassoc
? 10 : 4));
3654 if (!IEEE80211_ADDR_EQ(wh
->i_addr3
, vap
->iv_bssid
)) {
3655 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ANY
,
3656 wh
, ieee80211_mgt_subtype_name
[subtype
>>
3657 IEEE80211_FC0_SUBTYPE_SHIFT
],
3658 "%s", "wrong bssid");
3659 vap
->iv_stats
.is_rx_assoc_bss
++;
3662 capinfo
= le16toh(*(__le16
*)frm
);
3664 bintval
= le16toh(*(__le16
*)frm
);
3667 frm
+= 6; /* ignore current AP info */
3668 ssid
= rates
= xrates
= suppchan
= wpa
= rsn
= wme
= ath
= NULL
;
3669 while (frm
< efrm
) {
3670 IEEE80211_VERIFY_LENGTH(efrm
- frm
, frm
[1]);
3672 case IEEE80211_ELEMID_SSID
:
3675 case IEEE80211_ELEMID_RATES
:
3678 case IEEE80211_ELEMID_XRATES
:
3681 /* XXX verify only one of RSN and WPA IEs? */
3682 case IEEE80211_ELEMID_RSN
:
3683 if (vap
->iv_flags
& IEEE80211_F_WPA2
)
3686 IEEE80211_DPRINTF(vap
,
3687 IEEE80211_MSG_ASSOC
|
3689 "[" MAC_FMT
"] ignoring RSN IE "
3690 "in association request\n",
3691 MAC_ADDR(wh
->i_addr2
));
3693 case IEEE80211_ELEMID_VENDOR
:
3694 /* NB: Provide all IEs for wpa_supplicant, so
3695 * it can handle downgrade attacks, etc. */
3696 if (iswpaoui(frm
) && !wpa
) {
3697 if (vap
->iv_flags
& IEEE80211_F_WPA1
)
3700 IEEE80211_DPRINTF(vap
,
3701 IEEE80211_MSG_ASSOC
|
3704 "ignoring WPA IE in "
3705 "association request\n",
3706 MAC_ADDR(wh
->i_addr2
));
3707 } else if (iswmeinfo(frm
))
3709 else if (isatherosoui(frm
))
3716 return 0; /* reached past the end */
3718 IEEE80211_VERIFY_ELEMENT(rates
, IEEE80211_RATE_MAXSIZE
);
3719 IEEE80211_VERIFY_ELEMENT(ssid
, IEEE80211_NWID_LEN
);
3720 IEEE80211_VERIFY_SSID(vap
->iv_bss
, ssid
);
3722 if (ni
== vap
->iv_bss
) {
3723 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ANY
, wh
->i_addr2
,
3724 "deny %s request, sta not authenticated",
3725 reassoc
? "reassoc" : "assoc");
3726 ieee80211_send_error(ni
, wh
->i_addr2
,
3727 IEEE80211_FC0_SUBTYPE_DEAUTH
,
3728 IEEE80211_REASON_ASSOC_NOT_AUTHED
);
3729 vap
->iv_stats
.is_rx_assoc_notauth
++;
3733 if (ni
->ni_needed_chans
!= NULL
) {
3734 FREE(ni
->ni_needed_chans
, M_DEVBUF
);
3735 ni
->ni_needed_chans
= NULL
;
3738 if (ic
->ic_flags
& IEEE80211_F_DOTH
) {
3740 status
= ieee80211_parse_sc_ie(ni
, suppchan
, wh
);
3741 if (status
!= IEEE80211_STATUS_SUCCESS
) {
3742 /* ieee80211_parse_sc_ie already printed dbg msg */
3743 IEEE80211_SEND_MGMT(ni
, resp
, status
);
3744 ieee80211_node_leave(ni
); /* XXX */
3745 vap
->iv_stats
.is_rx_assoc_badscie
++; /* XXX */
3750 /* Assert right associstion security credentials */
3751 /* XXX Divy. Incomplete */
3752 if (wpa
== NULL
&& (ic
->ic_flags
& IEEE80211_F_WPA
)) {
3753 IEEE80211_DPRINTF(vap
,
3754 IEEE80211_MSG_ASSOC
| IEEE80211_MSG_WPA
,
3755 "[" MAC_FMT
"] no WPA/RSN IE in association request\n",
3756 MAC_ADDR(wh
->i_addr2
));
3757 IEEE80211_SEND_MGMT(ni
,
3758 IEEE80211_FC0_SUBTYPE_DEAUTH
,
3759 IEEE80211_REASON_RSN_REQUIRED
);
3760 ieee80211_node_leave(ni
);
3761 /* XXX distinguish WPA/RSN? */
3762 vap
->iv_stats
.is_rx_assoc_badwpaie
++;
3767 /* Initialise values to node defaults, which are then
3768 * overwritten by values in the IE. These are
3769 * installed once association is complete. */
3770 rsn_parm
= ni
->ni_rsn
;
3771 if (rsn
[0] != IEEE80211_ELEMID_RSN
)
3772 reason
= ieee80211_parse_wpa(vap
, rsn
, &rsn_parm
, wh
);
3774 reason
= ieee80211_parse_rsn(vap
, rsn
, &rsn_parm
, wh
);
3776 IEEE80211_SEND_MGMT(ni
,
3777 IEEE80211_FC0_SUBTYPE_DEAUTH
, reason
);
3778 ieee80211_node_leave(ni
);
3779 /* XXX distinguish WPA/RSN? */
3780 vap
->iv_stats
.is_rx_assoc_badwpaie
++;
3783 IEEE80211_NOTE_MAC(vap
,
3784 IEEE80211_MSG_ASSOC
| IEEE80211_MSG_WPA
,
3786 "%s ie: mc %u/%u uc %u/%u key %u caps 0x%x",
3787 rsn
[0] != IEEE80211_ELEMID_RSN
? "WPA" : "RSN",
3788 rsn_parm
.rsn_mcastcipher
, rsn_parm
.rsn_mcastkeylen
,
3789 rsn_parm
.rsn_ucastcipher
, rsn_parm
.rsn_ucastkeylen
,
3790 rsn_parm
.rsn_keymgmt
, rsn_parm
.rsn_caps
);
3792 /* discard challenge after association */
3793 if (ni
->ni_challenge
!= NULL
) {
3794 FREE(ni
->ni_challenge
, M_DEVBUF
);
3795 ni
->ni_challenge
= NULL
;
3797 /* 802.11 spec. says to ignore station's privacy bit */
3798 if ((capinfo
& IEEE80211_CAPINFO_ESS
) == 0) {
3799 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ANY
, wh
->i_addr2
,
3800 "deny %s request, capability mismatch 0x%x",
3801 reassoc
? "reassoc" : "assoc", capinfo
);
3802 IEEE80211_SEND_MGMT(ni
, resp
, IEEE80211_STATUS_CAPINFO
);
3803 ieee80211_node_leave(ni
);
3804 vap
->iv_stats
.is_rx_assoc_capmismatch
++;
3807 rate
= ieee80211_setup_rates(ni
, rates
, xrates
,
3808 IEEE80211_F_DOSORT
| IEEE80211_F_DOFRATE
|
3809 IEEE80211_F_DONEGO
| IEEE80211_F_DODEL
);
3811 * If constrained to 11g-only stations reject an
3812 * 11b-only station. We cheat a bit here by looking
3813 * at the max negotiated xmit rate and assuming anyone
3814 * with a best rate <24Mb/s is an 11b station.
3816 if ((rate
& IEEE80211_RATE_BASIC
) ||
3817 ((vap
->iv_flags
& IEEE80211_F_PUREG
) && rate
< 48)) {
3818 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ANY
, wh
->i_addr2
,
3819 "deny %s request, rate set mismatch",
3820 reassoc
? "reassoc" : "assoc");
3821 IEEE80211_SEND_MGMT(ni
, resp
,
3822 IEEE80211_STATUS_BASIC_RATE
);
3823 ieee80211_node_leave(ni
);
3824 vap
->iv_stats
.is_rx_assoc_norate
++;
3828 if (ni
->ni_associd
!= 0 &&
3829 IEEE80211_IS_CHAN_ANYG(ic
->ic_bsschan
)) {
3830 if ((ni
->ni_capinfo
& IEEE80211_CAPINFO_SHORT_SLOTTIME
)
3831 != (capinfo
& IEEE80211_CAPINFO_SHORT_SLOTTIME
)) {
3832 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ANY
,
3834 "deny %s request, short slot time "
3835 "capability mismatch 0x%x",
3836 reassoc
? "reassoc" : "assoc", capinfo
);
3837 IEEE80211_SEND_MGMT(ni
, resp
,
3838 IEEE80211_STATUS_CAPINFO
);
3839 ieee80211_node_leave(ni
);
3840 vap
->iv_stats
.is_rx_assoc_capmismatch
++;
3847 ni
->ni_last_rx
= jiffies
;
3848 ni
->ni_intval
= IEEE80211_BINTVAL_SANITISE(bintval
);
3849 ni
->ni_capinfo
= capinfo
;
3850 ni
->ni_chan
= ic
->ic_curchan
;
3851 ni
->ni_fhdwell
= vap
->iv_bss
->ni_fhdwell
;
3852 ni
->ni_fhindex
= vap
->iv_bss
->ni_fhindex
;
3855 ieee80211_saveie(&ni
->ni_wpa_ie
, wpa
);
3857 ni
->ni_rsn
= rsn_parm
;
3858 ieee80211_saveie(&ni
->ni_rsn_ie
, rsn
);
3859 /* WME - including QoS flag */
3860 ieee80211_saveie(&ni
->ni_wme_ie
, wme
);
3861 ni
->ni_flags
&= ~IEEE80211_NODE_QOS
;
3862 if ((wme
!= NULL
) && (ieee80211_parse_wmeie(wme
, wh
, ni
) > 0))
3863 ni
->ni_flags
|= IEEE80211_NODE_QOS
;
3865 ieee80211_saveath(ni
, ath
);
3867 /* Send Receiver Not Ready (RNR) followed by XID for newly
3868 * associated stations. */
3869 ieee80211_deliver_l2_rnr(ni
);
3870 ieee80211_deliver_l2_xid(ni
);
3871 ieee80211_node_join(ni
, resp
);
3872 #ifdef ATH_SUPERG_XR
3873 if (ni
->ni_prev_vap
&&
3874 ni
->ni_vap
!= ni
->ni_prev_vap
&&
3875 ni
->ni_vap
->iv_ath_cap
& IEEE80211_ATHC_XR
) {
3877 * node moved between XR and normal vap.
3878 * move the data between XR and normal vap.
3880 ic
->ic_node_move_data(ni
);
3881 ni
->ni_prev_vap
= ni
->ni_vap
;
3887 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP
:
3888 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP
: {
3889 u_int16_t capinfo
, associd
;
3892 if (vap
->iv_opmode
!= IEEE80211_M_STA
||
3893 vap
->iv_state
!= IEEE80211_S_ASSOC
) {
3894 vap
->iv_stats
.is_rx_mgtdiscard
++;
3899 * asresp frame format
3900 * [2] capability information
3902 * [2] association ID
3903 * [tlv] supported rates
3904 * [tlv] extended supported rates
3907 IEEE80211_VERIFY_LENGTH(efrm
- frm
, 6);
3909 capinfo
= le16toh(*(__le16
*)frm
);
3911 status
= le16toh(*(__le16
*)frm
);
3914 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
,
3916 "%sassoc failed (reason %d)",
3917 ISREASSOC(subtype
) ? "re" : "", status
);
3918 vap
->iv_stats
.is_rx_auth_fail
++; /* XXX */
3919 ieee80211_new_state(vap
, IEEE80211_S_SCAN
,
3920 IEEE80211_SCAN_FAIL_STATUS
);
3923 associd
= le16toh(*(__le16
*)frm
);
3926 rates
= xrates
= wme
= NULL
;
3927 while (frm
< efrm
) {
3929 * Do not discard frames containing proprietary Agere
3930 * elements 128 and 129, as the reported element length
3931 * is often wrong. Skip rest of the frame, since we can
3932 * not rely on the given element length making it impossible
3933 * to know where the next element starts.
3935 if ((*frm
== IEEE80211_ELEMID_AGERE1
) ||
3936 (*frm
== IEEE80211_ELEMID_AGERE2
)) {
3941 IEEE80211_VERIFY_LENGTH(efrm
- frm
, frm
[1]);
3943 case IEEE80211_ELEMID_RATES
:
3946 case IEEE80211_ELEMID_XRATES
:
3949 case IEEE80211_ELEMID_VENDOR
:
3957 return 0; /* reached past the end */
3958 IEEE80211_VERIFY_ELEMENT(rates
, IEEE80211_RATE_MAXSIZE
);
3959 rate
= ieee80211_setup_rates(ni
, rates
, xrates
,
3960 IEEE80211_F_DOSORT
| IEEE80211_F_DOFRATE
|
3961 IEEE80211_F_DONEGO
| IEEE80211_F_DODEL
);
3962 if (rate
& IEEE80211_RATE_BASIC
) {
3963 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
,
3965 "%sassoc failed (rate set mismatch)",
3966 ISREASSOC(subtype
) ? "re" : "");
3967 vap
->iv_stats
.is_rx_assoc_norate
++;
3968 ieee80211_new_state(vap
, IEEE80211_S_SCAN
,
3969 IEEE80211_SCAN_FAIL_STATUS
);
3973 ni
->ni_capinfo
= capinfo
;
3974 ni
->ni_associd
= associd
;
3976 ieee80211_parse_wmeparams(vap
, wme
, wh
, &qosinfo
) >= 0) {
3977 ni
->ni_flags
|= IEEE80211_NODE_QOS
;
3978 ieee80211_wme_updateparams(vap
);
3980 ni
->ni_flags
&= ~IEEE80211_NODE_QOS
;
3982 * Configure state now that we are associated.
3984 * XXX may need different/additional driver callbacks?
3986 if (IEEE80211_IS_CHAN_A(ic
->ic_curchan
) ||
3987 ((ni
->ni_capinfo
& IEEE80211_CAPINFO_SHORT_PREAMBLE
) &&
3988 (ic
->ic_caps
& IEEE80211_C_SHPREAMBLE
))) {
3989 ic
->ic_flags
|= IEEE80211_F_SHPREAMBLE
;
3990 ic
->ic_flags
&= ~IEEE80211_F_USEBARKER
;
3992 ic
->ic_flags
&= ~IEEE80211_F_SHPREAMBLE
;
3993 ic
->ic_flags
|= IEEE80211_F_USEBARKER
;
3995 ieee80211_set_shortslottime(ic
,
3996 IEEE80211_IS_CHAN_A(ic
->ic_curchan
) ||
3997 (ni
->ni_capinfo
& IEEE80211_CAPINFO_SHORT_SLOTTIME
));
3999 * Honor ERP protection.
4001 * NB: ni_erp should zero for non-11g operation
4002 * but we check the channel characteristics
4005 if (IEEE80211_IS_CHAN_ANYG(ic
->ic_curchan
) &&
4006 (ni
->ni_erp
& IEEE80211_ERP_USE_PROTECTION
))
4007 ic
->ic_flags
|= IEEE80211_F_USEPROT
;
4009 ic
->ic_flags
&= ~IEEE80211_F_USEPROT
;
4010 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_ASSOC
, wh
->i_addr2
,
4011 "%sassoc success: %s preamble, %s slot time%s%s%s%s%s%s%s",
4012 ISREASSOC(subtype
) ? "re" : "",
4013 (ic
->ic_flags
&IEEE80211_F_SHPREAMBLE
) &&
4014 (ni
->ni_capinfo
& IEEE80211_CAPINFO_SHORT_PREAMBLE
) ? "short" : "long",
4015 ic
->ic_flags
&IEEE80211_F_SHSLOT
? "short" : "long",
4016 ic
->ic_flags
&IEEE80211_F_USEPROT
? ", protection" : "",
4017 ni
->ni_flags
& IEEE80211_NODE_QOS
? ", QoS" : "",
4018 IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_NODE_TURBOP
) ?
4020 IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_NODE_COMP
) ?
4021 ", compression" : "",
4022 IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_NODE_FF
) ?
4023 ", fast-frames" : "",
4024 IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_NODE_XR
) ?
4026 IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_NODE_AR
) ?
4029 ieee80211_new_state(vap
, IEEE80211_S_RUN
, subtype
);
4033 case IEEE80211_FC0_SUBTYPE_DEAUTH
: {
4036 if (vap
->iv_state
== IEEE80211_S_SCAN
) {
4037 vap
->iv_stats
.is_rx_mgtdiscard
++;
4041 * deauth frame format
4044 IEEE80211_VERIFY_LENGTH(efrm
- frm
, 2);
4045 reason
= le16toh(*(__le16
*)frm
);
4046 vap
->iv_stats
.is_rx_deauth
++;
4047 IEEE80211_NODE_STAT(ni
, rx_deauth
);
4049 IEEE80211_NOTE(vap
, IEEE80211_MSG_AUTH
, ni
,
4050 "recv deauthenticate (reason %d)", reason
);
4051 switch (vap
->iv_opmode
) {
4052 case IEEE80211_M_STA
:
4053 ieee80211_new_state(vap
, IEEE80211_S_AUTH
,
4054 wh
->i_fc
[0] & IEEE80211_FC0_SUBTYPE_MASK
);
4056 case IEEE80211_M_HOSTAP
:
4057 if (ni
!= vap
->iv_bss
)
4058 ieee80211_node_leave(ni
);
4061 vap
->iv_stats
.is_rx_mgtdiscard
++;
4067 case IEEE80211_FC0_SUBTYPE_DISASSOC
: {
4070 if (vap
->iv_state
!= IEEE80211_S_RUN
&&
4071 vap
->iv_state
!= IEEE80211_S_ASSOC
&&
4072 vap
->iv_state
!= IEEE80211_S_AUTH
) {
4073 vap
->iv_stats
.is_rx_mgtdiscard
++;
4077 * disassoc frame format
4080 IEEE80211_VERIFY_LENGTH(efrm
- frm
, 2);
4081 reason
= le16toh(*(__le16
*)frm
);
4082 vap
->iv_stats
.is_rx_disassoc
++;
4083 IEEE80211_NODE_STAT(ni
, rx_disassoc
);
4085 IEEE80211_NOTE(vap
, IEEE80211_MSG_ASSOC
, ni
,
4086 "recv disassociate (reason %d)", reason
);
4087 switch (vap
->iv_opmode
) {
4088 case IEEE80211_M_STA
:
4089 ieee80211_new_state(vap
, IEEE80211_S_ASSOC
, 0);
4091 case IEEE80211_M_HOSTAP
:
4092 if (ni
!= vap
->iv_bss
)
4093 ieee80211_node_leave(ni
);
4096 vap
->iv_stats
.is_rx_mgtdiscard
++;
4102 IEEE80211_DISCARD(vap
, IEEE80211_MSG_ANY
,
4103 wh
, "mgt", "subtype 0x%x not handled", subtype
);
4104 vap
->iv_stats
.is_rx_badsubtype
++;
4111 #undef IEEE80211_VERIFY_LENGTH
4112 #undef IEEE80211_VERIFY_ELEMENT
4115 * Process a received ps-poll frame.
4118 ieee80211_recv_pspoll(struct ieee80211_node
*ni
, struct sk_buff
*skb0
)
4120 struct ieee80211vap
*vap
= ni
->ni_vap
;
4121 struct ieee80211_frame_min
*wh
;
4122 struct sk_buff
*skb
;
4126 wh
= (struct ieee80211_frame_min
*)skb0
->data
;
4127 if (ni
->ni_associd
== 0) {
4128 IEEE80211_DISCARD(vap
,
4129 IEEE80211_MSG_POWER
| IEEE80211_MSG_DEBUG
,
4130 (struct ieee80211_frame
*)wh
, "ps-poll",
4131 "%s", "unassociated station");
4132 vap
->iv_stats
.is_ps_unassoc
++;
4133 IEEE80211_SEND_MGMT(ni
, IEEE80211_FC0_SUBTYPE_DEAUTH
,
4134 IEEE80211_REASON_NOT_ASSOCED
);
4138 aid
= le16toh(wh
->i_dur
);
4139 if (aid
!= ni
->ni_associd
) {
4140 IEEE80211_DISCARD(vap
,
4141 IEEE80211_MSG_POWER
| IEEE80211_MSG_DEBUG
,
4142 (struct ieee80211_frame
*)wh
, "ps-poll",
4143 "aid mismatch: sta aid 0x%x poll aid 0x%x",
4144 ni
->ni_associd
, aid
);
4145 vap
->iv_stats
.is_ps_badaid
++;
4146 IEEE80211_SEND_MGMT(ni
, IEEE80211_FC0_SUBTYPE_DEAUTH
,
4147 IEEE80211_REASON_NOT_ASSOCED
);
4151 /* Okay, take the first queued packet and put it out... */
4152 IEEE80211_NODE_SAVEQ_LOCK_IRQ(ni
);
4153 IEEE80211_NODE_SAVEQ_DEQUEUE(ni
, skb
, qlen
);
4154 IEEE80211_NODE_SAVEQ_UNLOCK_IRQ(ni
);
4156 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_POWER
, wh
->i_addr2
,
4157 "%s", "recv ps-poll, but queue empty");
4158 ieee80211_send_nulldata(ieee80211_ref_node(ni
));
4159 vap
->iv_stats
.is_ps_qempty
++; /* XXX node stat */
4160 if (vap
->iv_set_tim
!= NULL
)
4161 vap
->iv_set_tim(ni
, 0); /* just in case */
4165 * If there are more packets, set the more packets bit
4166 * in the packet dispatched to the station; otherwise
4167 * turn off the TIM bit.
4170 IEEE80211_NOTE(vap
, IEEE80211_MSG_POWER
, ni
,
4171 "recv ps-poll, send packet, %u still queued", qlen
);
4173 * NB: More-data bit will be set during encap.
4176 IEEE80211_NOTE(vap
, IEEE80211_MSG_POWER
, ni
,
4177 "%s", "recv ps-poll, send packet, queue empty");
4178 if (vap
->iv_set_tim
!= NULL
)
4179 vap
->iv_set_tim(ni
, 0);
4181 M_PWR_SAV_SET(skb
); /* ensure MORE_DATA bit is set correctly */
4183 ieee80211_parent_queue_xmit(skb
); /* Submit to parent device, including updating stats */
4186 #ifdef ATH_SUPERG_FF
4188 athff_decap(struct sk_buff
*skb
)
4190 struct ether_header eh_src
, *eh_dst
;
4193 if (skb
->len
< (sizeof(struct ether_header
) + LLC_SNAPFRAMELEN
))
4196 memcpy(&eh_src
, skb
->data
, sizeof(struct ether_header
));
4197 llc
= (struct llc
*)skb_pull(skb
, sizeof(struct ether_header
));
4198 eh_src
.ether_type
= llc
->llc_un
.type_snap
.ether_type
;
4199 skb_pull(skb
, LLC_SNAPFRAMELEN
);
4201 eh_dst
= (struct ether_header
*)skb_push(skb
, sizeof(struct ether_header
));
4202 memcpy(eh_dst
, &eh_src
, sizeof(struct ether_header
));
4208 #ifdef USE_HEADERLEN_RESV
4210 * The kernel version of this function alters the skb in a manner
4211 * inconsistent with dev->hard_header_len header reservation. This
4212 * is a rewrite of the portion of eth_type_trans() that we need.
4215 ath_eth_type_trans(struct sk_buff
*skb
, struct net_device
*dev
)
4219 skb_reset_mac_header(skb
);
4220 skb_pull(skb
, ETH_HLEN
);
4221 eth
= (struct ethhdr
*)skb_mac_header(skb
);
4223 if (*eth
->h_dest
& 1)
4224 if (memcmp(eth
->h_dest
, dev
->broadcast
, ETH_ALEN
) == 0)
4225 skb
->pkt_type
= PACKET_BROADCAST
;
4227 skb
->pkt_type
= PACKET_MULTICAST
;
4229 if (memcmp(eth
->h_dest
, dev
->dev_addr
, ETH_ALEN
))
4230 skb
->pkt_type
= PACKET_OTHERHOST
;
4232 return eth
->h_proto
;
4236 /* Re-process a frame w/ HW detected MIC failure, as it may be a false
4237 * negative. The frame will be dropped in any case. */
4239 ieee80211_check_mic(struct ieee80211_node
*ni
, struct sk_buff
*skb
)
4241 struct ieee80211vap
*vap
= ni
->ni_vap
;
4242 struct ieee80211_frame
*wh
;
4243 struct ieee80211_key
*key
;
4246 if (skb
->len
< sizeof(struct ieee80211_frame_min
)) {
4247 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_ANY
,
4248 ni
->ni_macaddr
, NULL
,
4249 "too short (1): len %u", skb
->len
);
4250 vap
->iv_stats
.is_rx_tooshort
++;
4254 wh
= (struct ieee80211_frame
*)skb
->data
;
4255 hdrlen
= ieee80211_hdrsize(wh
);
4257 key
= ieee80211_crypto_decap(ni
, skb
, hdrlen
);
4259 /* NB: stats+msgs handled in crypto_decap */
4260 IEEE80211_NODE_STAT(ni
, rx_wepfail
);
4261 } else if (!ieee80211_crypto_demic(vap
, key
, skb
, hdrlen
, 1)) {
4262 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_INPUT
,
4263 ni
->ni_macaddr
, "data", "%s", "demic error");
4264 IEEE80211_NODE_STAT(ni
, rx_demicfail
);
4266 IEEE80211_NODE_STAT(ni
, rx_hwdemicerr
);
4270 EXPORT_SYMBOL(ieee80211_check_mic
);
4272 #ifdef IEEE80211_DEBUG
4274 * Debugging support.
4278 * Return the bssid of a frame.
4280 static const u_int8_t
*
4281 ieee80211_getbssid(struct ieee80211vap
*vap
, const struct ieee80211_frame
*wh
)
4283 if (vap
->iv_opmode
== IEEE80211_M_STA
)
4285 if ((wh
->i_fc
[1] & IEEE80211_FC1_DIR_MASK
) != IEEE80211_FC1_DIR_NODS
)
4287 if ((wh
->i_fc
[0] & IEEE80211_FC0_SUBTYPE_MASK
) == IEEE80211_FC0_SUBTYPE_PS_POLL
)
4293 ieee80211_note(struct ieee80211vap
*vap
, const char *fmt
, ...)
4299 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
4302 printk(KERN_DEBUG
"%s/%s[" MAC_FMT
"]: %s",
4303 vap
->iv_ic
->ic_dev
->name
, vap
->iv_dev
->name
,
4304 MAC_ADDR(vap
->iv_myaddr
),
4305 buf
); /* NB: no \n */
4307 EXPORT_SYMBOL(ieee80211_note
);
4310 ieee80211_note_frame(struct ieee80211vap
*vap
, const struct ieee80211_frame
*wh
,
4311 const char *fmt
, ...)
4317 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
4319 printk(KERN_DEBUG
"%s/%s[" MAC_FMT
"]: " MAC_FMT
" %s\n",
4320 vap
->iv_ic
->ic_dev
->name
, vap
->iv_dev
->name
,
4321 MAC_ADDR(vap
->iv_myaddr
),
4322 MAC_ADDR(ieee80211_getbssid(vap
, wh
)), buf
);
4324 EXPORT_SYMBOL(ieee80211_note_frame
);
4327 ieee80211_note_mac(struct ieee80211vap
*vap
, const u_int8_t mac
[IEEE80211_ADDR_LEN
],
4328 const char *fmt
, ...)
4334 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
4336 printk(KERN_DEBUG
"%s/%s[" MAC_FMT
"]: " MAC_FMT
" %s\n",
4337 vap
->iv_ic
->ic_dev
->name
, vap
->iv_dev
->name
,
4338 MAC_ADDR(vap
->iv_myaddr
),
4339 MAC_ADDR(mac
), buf
);
4341 EXPORT_SYMBOL(ieee80211_note_mac
);
4344 ieee80211_discard_frame(struct ieee80211vap
*vap
, const struct ieee80211_frame
*wh
,
4345 const char *type
, const char *fmt
, ...)
4351 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
4353 printk(KERN_DEBUG
"%s/%s[" MAC_FMT
"]: " MAC_FMT
" discard %s%sframe, %s\n",
4354 vap
->iv_ic
->ic_dev
->name
, vap
->iv_dev
->name
,
4355 MAC_ADDR(vap
->iv_myaddr
),
4356 MAC_ADDR(wh
->i_addr2
),
4357 (type
!= NULL
) ? type
: "",
4358 (type
!= NULL
) ? " " : "",
4363 ieee80211_discard_ie(struct ieee80211vap
*vap
, const struct ieee80211_frame
*wh
,
4364 const char *type
, const char *fmt
, ...)
4370 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
4372 printk(KERN_DEBUG
"%s/%s[" MAC_FMT
"]: "
4373 MAC_FMT
" discard %s%sinformation element, %s\n",
4374 vap
->iv_ic
->ic_dev
->name
, vap
->iv_dev
->name
,
4375 MAC_ADDR(vap
->iv_myaddr
),
4376 MAC_ADDR(ieee80211_getbssid(vap
, wh
)),
4377 (type
!= NULL
) ? type
: "",
4378 (type
!= NULL
) ? " " : "",
4383 ieee80211_discard_mac(struct ieee80211vap
*vap
, const u_int8_t mac
[IEEE80211_ADDR_LEN
],
4384 const char *type
, const char *fmt
, ...)
4390 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
4392 printk(KERN_DEBUG
"%s/%s[" MAC_FMT
"]: " MAC_FMT
" discard %s%sframe, %s\n",
4393 vap
->iv_ic
->ic_dev
->name
,
4395 MAC_ADDR(vap
->iv_myaddr
),
4397 (type
!= NULL
) ? type
: "",
4398 (type
!= NULL
) ? " " : "",
4401 #endif /* IEEE80211_DEBUG */