search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove empty DragonFly CVS IDs.
[dragonfly.git] / sys / netproto / 802_11 / wlan / ieee80211_output.c
blob948d14a5cb957650fbdfe0c97af983bfae83084c
1 /*-
2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 *
26 * $FreeBSD: head/sys/net80211/ieee80211_output.c 198384 2009-10-23 11:13:08Z rpaulo $
27 */
28
29 #include "opt_inet.h"
30 #include "opt_inet6.h"
31 #include "opt_wlan.h"
32
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/mbuf.h>
36 #include <sys/kernel.h>
37 #include <sys/endian.h>
38
39 #include <sys/socket.h>
40
41 #include <net/bpf.h>
42 #include <net/ethernet.h>
43 #include <net/route.h>
44 #include <net/if.h>
45 #include <net/if_llc.h>
46 #include <net/if_media.h>
47 #include <net/ifq_var.h>
48
49 #include <netproto/802_11/ieee80211_var.h>
50 #include <netproto/802_11/ieee80211_regdomain.h>
51 #ifdef IEEE80211_SUPPORT_SUPERG
52 #include <netproto/802_11/ieee80211_superg.h>
53 #endif
54 #ifdef IEEE80211_SUPPORT_TDMA
55 #include <netproto/802_11/ieee80211_tdma.h>
56 #endif
57 #include <netproto/802_11/ieee80211_wds.h>
58 #include <netproto/802_11/ieee80211_mesh.h>
59
60 #ifdef INET
61 #include <netinet/in.h>
62 #include <netinet/if_ether.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
65 #endif
66 #ifdef INET6
67 #include <netinet/ip6.h>
68 #endif
69
70 #define ETHER_HEADER_COPY(dst, src) \
71 memcpy(dst, src, sizeof(struct ether_header))
72
73 /* unalligned little endian access */
74 #define LE_WRITE_2(p, v) do { \
75 ((uint8_t *)(p))[0] = (v) & 0xff; \
76 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \
77 } while (0)
78 #define LE_WRITE_4(p, v) do { \
79 ((uint8_t *)(p))[0] = (v) & 0xff; \
80 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \
81 ((uint8_t *)(p))[2] = ((v) >> 16) & 0xff; \
82 ((uint8_t *)(p))[3] = ((v) >> 24) & 0xff; \
83 } while (0)
84
85 static int ieee80211_fragment(struct ieee80211vap *, struct mbuf *,
86 u_int hdrsize, u_int ciphdrsize, u_int mtu);
87 static void ieee80211_tx_mgt_cb(struct ieee80211_node *, void *, int);
88
89 #ifdef IEEE80211_DEBUG
90 /*
91 * Decide if an outbound management frame should be
92 * printed when debugging is enabled. This filters some
93 * of the less interesting frames that come frequently
94 * (e.g. beacons).
95 */
96 static __inline int
97 doprint(struct ieee80211vap *vap, int subtype)
98 {
99 switch (subtype) {
100 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
101 return (vap->iv_opmode == IEEE80211_M_IBSS);
102 }
103 return 1;
104 }
105 #endif
106
107 /*
108 * Start method for vap's. All packets from the stack come
109 * through here. We handle common processing of the packets
110 * before dispatching them to the underlying device.
111 */
112 void
113 ieee80211_start(struct ifnet *ifp)
114 {
115 #define IS_DWDS(vap) \
116 (vap->iv_opmode == IEEE80211_M_WDS && \
117 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0)
118 struct ieee80211vap *vap = ifp->if_softc;
119 struct ieee80211com *ic = vap->iv_ic;
120 struct ifnet *parent = ic->ic_ifp;
121 struct ieee80211_node *ni;
122 struct mbuf *m = NULL;
123 struct ether_header *eh;
124 int error;
125
126 /* NB: parent must be up and running */
127 if (!IFNET_IS_UP_RUNNING(parent)) {
128 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
129 "%s: ignore queue, parent %s not up+running\n",
130 __func__, parent->if_xname);
131 /* XXX stat */
132 ifq_purge(&ifp->if_snd);
133 return;
134 }
135 if (vap->iv_state == IEEE80211_S_SLEEP) {
136 /*
137 * In power save, wakeup device for transmit.
138 */
139 ieee80211_new_state(vap, IEEE80211_S_RUN, 0);
140 ifq_purge(&ifp->if_snd);
141 return;
142 }
143 /*
144 * No data frames go out unless we're running.
145 * Note in particular this covers CAC and CSA
146 * states (though maybe we should check muting
147 * for CSA).
148 */
149 if (vap->iv_state != IEEE80211_S_RUN) {
150 /* re-check under the com lock to avoid races */
151 if (vap->iv_state != IEEE80211_S_RUN) {
152 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
153 "%s: ignore queue, in %s state\n",
154 __func__, ieee80211_state_name[vap->iv_state]);
155 vap->iv_stats.is_tx_badstate++;
156 ifp->if_flags |= IFF_OACTIVE;
157 return;
158 }
159 }
160 for (;;) {
161 m = ifq_dequeue(&ifp->if_snd, NULL);
162 if (m == NULL)
163 break;
164 /*
165 * Sanitize mbuf flags for net80211 use. We cannot
166 * clear M_PWR_SAV or M_MORE_DATA because these may
167 * be set for frames that are re-submitted from the
168 * power save queue.
169 *
170 * NB: This must be done before ieee80211_classify as
171 * it marks EAPOL in frames with M_EAPOL.
172 */
173 m->m_flags &= ~(M_80211_TX - M_PWR_SAV - M_MORE_DATA);
174 /*
175 * Cancel any background scan.
176 */
177 if (ic->ic_flags & IEEE80211_F_SCAN)
178 ieee80211_cancel_anyscan(vap);
179 /*
180 * Find the node for the destination so we can do
181 * things like power save and fast frames aggregation.
182 *
183 * NB: past this point various code assumes the first
184 * mbuf has the 802.3 header present (and contiguous).
185 */
186 ni = NULL;
187 if (m->m_len < sizeof(struct ether_header) &&
188 (m = m_pullup(m, sizeof(struct ether_header))) == NULL) {
189 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
190 "discard frame, %s\n", "m_pullup failed");
191 vap->iv_stats.is_tx_nobuf++; /* XXX */
192 ifp->if_oerrors++;
193 continue;
194 }
195 eh = mtod(m, struct ether_header *);
196 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
197 if (IS_DWDS(vap)) {
198 /*
199 * Only unicast frames from the above go out
200 * DWDS vaps; multicast frames are handled by
201 * dispatching the frame as it comes through
202 * the AP vap (see below).
203 */
204 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_WDS,
205 eh->ether_dhost, "mcast", "%s", "on DWDS");
206 vap->iv_stats.is_dwds_mcast++;
207 m_freem(m);
208 continue;
209 }
210 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
211 /*
212 * Spam DWDS vap's w/ multicast traffic.
213 */
214 /* XXX only if dwds in use? */
215 ieee80211_dwds_mcast(vap, m);
216 }
217 }
218 #ifdef IEEE80211_SUPPORT_MESH
219 if (vap->iv_opmode != IEEE80211_M_MBSS) {
220 #endif
221 ni = ieee80211_find_txnode(vap, eh->ether_dhost);
222 if (ni == NULL) {
223 /* NB: ieee80211_find_txnode does stat+msg */
224 ifp->if_oerrors++;
225 m_freem(m);
226 continue;
227 }
228 if (ni->ni_associd == 0 &&
229 (ni->ni_flags & IEEE80211_NODE_ASSOCID)) {
230 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT,
231 eh->ether_dhost, NULL,
232 "sta not associated (type 0x%04x)",
233 htons(eh->ether_type));
234 vap->iv_stats.is_tx_notassoc++;
235 ifp->if_oerrors++;
236 m_freem(m);
237 ieee80211_free_node(ni);
238 continue;
239 }
240 #ifdef IEEE80211_SUPPORT_MESH
241 } else {
242 if (!IEEE80211_ADDR_EQ(eh->ether_shost, vap->iv_myaddr)) {
243 /*
244 * Proxy station only if configured.
245 */
246 if (!ieee80211_mesh_isproxyena(vap)) {
247 IEEE80211_DISCARD_MAC(vap,
248 IEEE80211_MSG_OUTPUT |
249 IEEE80211_MSG_MESH,
250 eh->ether_dhost, NULL,
251 "%s", "proxy not enabled");
252 vap->iv_stats.is_mesh_notproxy++;
253 ifp->if_oerrors++;
254 m_freem(m);
255 continue;
256 }
257 ieee80211_mesh_proxy_check(vap, eh->ether_shost);
258 }
259 ni = ieee80211_mesh_discover(vap, eh->ether_dhost, m);
260 if (ni == NULL) {
261 /*
262 * NB: ieee80211_mesh_discover holds/disposes
263 * frame (e.g. queueing on path discovery).
264 */
265 ifp->if_oerrors++;
266 continue;
267 }
268 }
269 #endif
270 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
271 (m->m_flags & M_PWR_SAV) == 0) {
272 /*
273 * Station in power save mode; pass the frame
274 * to the 802.11 layer and continue. We'll get
275 * the frame back when the time is right.
276 * XXX lose WDS vap linkage?
277 */
278 (void) ieee80211_pwrsave(ni, m);
279 ieee80211_free_node(ni);
280 continue;
281 }
282 /* calculate priority so drivers can find the tx queue */
283 if (ieee80211_classify(ni, m)) {
284 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT,
285 eh->ether_dhost, NULL,
286 "%s", "classification failure");
287 vap->iv_stats.is_tx_classify++;
288 ifp->if_oerrors++;
289 m_freem(m);
290 ieee80211_free_node(ni);
291 continue;
292 }
293 /*
294 * Stash the node pointer. Note that we do this after
295 * any call to ieee80211_dwds_mcast because that code
296 * uses any existing value for rcvif to identify the
297 * interface it (might have been) received on.
298 */
299 m->m_pkthdr.rcvif = (void *)ni;
300
301 BPF_MTAP(ifp, m); /* 802.3 tx */
302
303 /*
304 * Check if A-MPDU tx aggregation is setup or if we
305 * should try to enable it. The sta must be associated
306 * with HT and A-MPDU enabled for use. When the policy
307 * routine decides we should enable A-MPDU we issue an
308 * ADDBA request and wait for a reply. The frame being
309 * encapsulated will go out w/o using A-MPDU, or possibly
310 * it might be collected by the driver and held/retransmit.
311 * The default ic_ampdu_enable routine handles staggering
312 * ADDBA requests in case the receiver NAK's us or we are
313 * otherwise unable to establish a BA stream.
314 */
315 if ((ni->ni_flags & IEEE80211_NODE_AMPDU_TX) &&
316 (vap->iv_flags_ht & IEEE80211_FHT_AMPDU_TX) &&
317 (m->m_flags & M_EAPOL) == 0) {
318 const int ac = M_WME_GETAC(m);
319 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[ac];
320
321 ieee80211_txampdu_count_packet(tap);
322 if (IEEE80211_AMPDU_RUNNING(tap)) {
323 /*
324 * Operational, mark frame for aggregation.
325 *
326 * XXX do tx aggregation here
327 */
328 m->m_flags |= M_AMPDU_MPDU;
329 } else if (!IEEE80211_AMPDU_REQUESTED(tap) &&
330 ic->ic_ampdu_enable(ni, tap)) {
331 /*
332 * Not negotiated yet, request service.
333 */
334 ieee80211_ampdu_request(ni, tap);
335 /* XXX hold frame for reply? */
336 }
337 }
338 #ifdef IEEE80211_SUPPORT_SUPERG
339 else if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF)) {
340 m = ieee80211_ff_check(ni, m);
341 if (m == NULL) {
342 /* NB: any ni ref held on stageq */
343 continue;
344 }
345 }
346 #endif /* IEEE80211_SUPPORT_SUPERG */
347 if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) {
348 /*
349 * Encapsulate the packet in prep for transmission.
350 */
351 m = ieee80211_encap(vap, ni, m);
352 if (m == NULL) {
353 /* NB: stat+msg handled in ieee80211_encap */
354 ieee80211_free_node(ni);
355 continue;
356 }
357 }
358
359 error = ieee80211_handoff(parent, m);
360 if (error != 0) {
361 /* NB: IFQ_HANDOFF reclaims mbuf */
362 ieee80211_free_node(ni);
363 } else {
364 ifp->if_opackets++;
365 }
366 ic->ic_lastdata = ticks;
367 }
368 #undef IS_DWDS
369 }
370
371
372 /*
373 * 802.11 output routine. This is (currently) used only to
374 * connect bpf write calls to the 802.11 layer for injecting
375 * raw 802.11 frames.
376 */
377 int
378 ieee80211_output(struct ifnet *ifp, struct mbuf *m,
379 struct sockaddr *dst, struct rtentry *rt)
380 {
381 #define senderr(e) do { error = (e); goto bad;} while (0)
382 struct ieee80211_node *ni = NULL;
383 struct ieee80211vap *vap;
384 struct ieee80211_frame *wh;
385 int error;
386
387 if (ifp->if_flags & IFF_OACTIVE) {
388 /*
389 * Short-circuit requests if the vap is marked OACTIVE
390 * as this can happen because a packet came down through
391 * ieee80211_start before the vap entered RUN state in
392 * which case it's ok to just drop the frame. This
393 * should not be necessary but callers of if_output don't
394 * check OACTIVE.
395 */
396 senderr(ENETDOWN);
397 }
398 vap = ifp->if_softc;
399 /*
400 * Hand to the 802.3 code if not tagged as
401 * a raw 802.11 frame.
402 */
403 if (dst->sa_family != AF_IEEE80211)
404 return vap->iv_output(ifp, m, dst, rt);
405 #ifdef MAC
406 error = mac_ifnet_check_transmit(ifp, m);
407 if (error)
408 senderr(error);
409 #endif
410 if (ifp->if_flags & IFF_MONITOR)
411 senderr(ENETDOWN);
412 if (!IFNET_IS_UP_RUNNING(ifp))
413 senderr(ENETDOWN);
414 if (vap->iv_state == IEEE80211_S_CAC) {
415 IEEE80211_DPRINTF(vap,
416 IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
417 "block %s frame in CAC state\n", "raw data");
418 vap->iv_stats.is_tx_badstate++;
419 senderr(EIO); /* XXX */
420 }
421 /* XXX bypass bridge, pfil, carp, etc. */
422
423 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack))
424 senderr(EIO); /* XXX */
425 wh = mtod(m, struct ieee80211_frame *);
426 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
427 IEEE80211_FC0_VERSION_0)
428 senderr(EIO); /* XXX */
429
430 /* locate destination node */
431 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
432 case IEEE80211_FC1_DIR_NODS:
433 case IEEE80211_FC1_DIR_FROMDS:
434 ni = ieee80211_find_txnode(vap, wh->i_addr1);
435 break;
436 case IEEE80211_FC1_DIR_TODS:
437 case IEEE80211_FC1_DIR_DSTODS:
438 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame))
439 senderr(EIO); /* XXX */
440 ni = ieee80211_find_txnode(vap, wh->i_addr3);
441 break;
442 default:
443 senderr(EIO); /* XXX */
444 }
445 if (ni == NULL) {
446 /*
447 * Permit packets w/ bpf params through regardless
448 * (see below about sa_len).
449 */
450 if (dst->sa_len == 0)
451 senderr(EHOSTUNREACH);
452 ni = ieee80211_ref_node(vap->iv_bss);
453 }
454
455 /*
456 * Sanitize mbuf for net80211 flags leaked from above.
457 *
458 * NB: This must be done before ieee80211_classify as
459 * it marks EAPOL in frames with M_EAPOL.
460 */
461 m->m_flags &= ~M_80211_TX;
462
463 /* calculate priority so drivers can find the tx queue */
464 /* XXX assumes an 802.3 frame */
465 if (ieee80211_classify(ni, m))
466 senderr(EIO); /* XXX */
467
468 ifp->if_opackets++;
469 IEEE80211_NODE_STAT(ni, tx_data);
470 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
471 IEEE80211_NODE_STAT(ni, tx_mcast);
472 m->m_flags |= M_MCAST;
473 } else
474 IEEE80211_NODE_STAT(ni, tx_ucast);
475 /* NB: ieee80211_encap does not include 802.11 header */
476 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, m->m_pkthdr.len);
477
478 /*
479 * NB: DLT_IEEE802_11_RADIO identifies the parameters are
480 * present by setting the sa_len field of the sockaddr (yes,
481 * this is a hack).
482 * NB: we assume sa_data is suitably aligned to cast.
483 */
484 return vap->iv_ic->ic_raw_xmit(ni, m,
485 (const struct ieee80211_bpf_params *)(dst->sa_len ?
486 dst->sa_data : NULL));
487 bad:
488 if (m != NULL)
489 m_freem(m);
490 if (ni != NULL)
491 ieee80211_free_node(ni);
492 ifp->if_oerrors++;
493 return error;
494 #undef senderr
495 }
496
497 /*
498 * Set the direction field and address fields of an outgoing
499 * frame. Note this should be called early on in constructing
500 * a frame as it sets i_fc[1]; other bits can then be or'd in.
501 */
502 void
503 ieee80211_send_setup(
504 struct ieee80211_node *ni,
505 struct mbuf *m,
506 int type, int tid,
507 const uint8_t sa[IEEE80211_ADDR_LEN],
508 const uint8_t da[IEEE80211_ADDR_LEN],
509 const uint8_t bssid[IEEE80211_ADDR_LEN])
510 {
511 #define WH4(wh) ((struct ieee80211_frame_addr4 *)wh)
512 struct ieee80211vap *vap = ni->ni_vap;
513 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *);
514 ieee80211_seq seqno;
515
516 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type;
517 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) {
518 switch (vap->iv_opmode) {
519 case IEEE80211_M_STA:
520 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
521 IEEE80211_ADDR_COPY(wh->i_addr1, bssid);
522 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
523 IEEE80211_ADDR_COPY(wh->i_addr3, da);
524 break;
525 case IEEE80211_M_IBSS:
526 case IEEE80211_M_AHDEMO:
527 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
528 IEEE80211_ADDR_COPY(wh->i_addr1, da);
529 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
530 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
531 break;
532 case IEEE80211_M_HOSTAP:
533 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
534 IEEE80211_ADDR_COPY(wh->i_addr1, da);
535 IEEE80211_ADDR_COPY(wh->i_addr2, bssid);
536 IEEE80211_ADDR_COPY(wh->i_addr3, sa);
537 break;
538 case IEEE80211_M_WDS:
539 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
540 IEEE80211_ADDR_COPY(wh->i_addr1, da);
541 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
542 IEEE80211_ADDR_COPY(wh->i_addr3, da);
543 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa);
544 break;
545 case IEEE80211_M_MBSS:
546 #ifdef IEEE80211_SUPPORT_MESH
547 /* XXX add support for proxied addresses */
548 if (IEEE80211_IS_MULTICAST(da)) {
549 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
550 /* XXX next hop */
551 IEEE80211_ADDR_COPY(wh->i_addr1, da);
552 IEEE80211_ADDR_COPY(wh->i_addr2,
553 vap->iv_myaddr);
554 } else {
555 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
556 IEEE80211_ADDR_COPY(wh->i_addr1, da);
557 IEEE80211_ADDR_COPY(wh->i_addr2,
558 vap->iv_myaddr);
559 IEEE80211_ADDR_COPY(wh->i_addr3, da);
560 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa);
561 }
562 #endif
563 break;
564 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */
565 break;
566 }
567 } else {
568 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
569 IEEE80211_ADDR_COPY(wh->i_addr1, da);
570 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
571 #ifdef IEEE80211_SUPPORT_MESH
572 if (vap->iv_opmode == IEEE80211_M_MBSS)
573 IEEE80211_ADDR_COPY(wh->i_addr3, sa);
574 else
575 #endif
576 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
577 }
578 *(uint16_t *)&wh->i_dur[0] = 0;
579
580 seqno = ni->ni_txseqs[tid]++;
581 *(uint16_t *)&wh->i_seq[0] = htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
582 M_SEQNO_SET(m, seqno);
583
584 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
585 m->m_flags |= M_MCAST;
586 #undef WH4
587 }
588
589 /*
590 * Send a management frame to the specified node. The node pointer
591 * must have a reference as the pointer will be passed to the driver
592 * and potentially held for a long time. If the frame is successfully
593 * dispatched to the driver, then it is responsible for freeing the
594 * reference (and potentially free'ing up any associated storage);
595 * otherwise deal with reclaiming any reference (on error).
596 */
597 int
598 ieee80211_mgmt_output(struct ieee80211_node *ni, struct mbuf *m, int type,
599 struct ieee80211_bpf_params *params)
600 {
601 struct ieee80211vap *vap = ni->ni_vap;
602 struct ieee80211com *ic = ni->ni_ic;
603 struct ieee80211_frame *wh;
604
605 KASSERT(ni != NULL, ("null node"));
606
607 if (vap->iv_state == IEEE80211_S_CAC) {
608 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
609 ni, "block %s frame in CAC state",
610 ieee80211_mgt_subtype_name[
611 (type & IEEE80211_FC0_SUBTYPE_MASK) >>
612 IEEE80211_FC0_SUBTYPE_SHIFT]);
613 vap->iv_stats.is_tx_badstate++;
614 ieee80211_free_node(ni);
615 m_freem(m);
616 return EIO; /* XXX */
617 }
618
619 M_PREPEND(m, sizeof(struct ieee80211_frame), MB_DONTWAIT);
620 if (m == NULL) {
621 ieee80211_free_node(ni);
622 return ENOMEM;
623 }
624
625 wh = mtod(m, struct ieee80211_frame *);
626 ieee80211_send_setup(ni, m,
627 IEEE80211_FC0_TYPE_MGT | type, IEEE80211_NONQOS_TID,
628 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
629 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) {
630 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr1,
631 "encrypting frame (%s)", __func__);
632 wh->i_fc[1] |= IEEE80211_FC1_WEP;
633 }
634 m->m_flags |= M_ENCAP; /* mark encapsulated */
635
636 KASSERT(type != IEEE80211_FC0_SUBTYPE_PROBE_RESP, ("probe response?"));
637 M_WME_SETAC(m, params->ibp_pri);
638
639 #ifdef IEEE80211_DEBUG
640 /* avoid printing too many frames */
641 if ((ieee80211_msg_debug(vap) && doprint(vap, type)) ||
642 ieee80211_msg_dumppkts(vap)) {
643 kprintf("[%6D] send %s on channel %u\n",
644 wh->i_addr1, ":",
645 ieee80211_mgt_subtype_name[
646 (type & IEEE80211_FC0_SUBTYPE_MASK) >>
647 IEEE80211_FC0_SUBTYPE_SHIFT],
648 ieee80211_chan2ieee(ic, ic->ic_curchan));
649 }
650 #endif
651 IEEE80211_NODE_STAT(ni, tx_mgmt);
652
653 return ic->ic_raw_xmit(ni, m, params);
654 }
655
656 /*
657 * Send a null data frame to the specified node. If the station
658 * is setup for QoS then a QoS Null Data frame is constructed.
659 * If this is a WDS station then a 4-address frame is constructed.
660 *
661 * NB: the caller is assumed to have setup a node reference
662 * for use; this is necessary to deal with a race condition
663 * when probing for inactive stations. Like ieee80211_mgmt_output
664 * we must cleanup any node reference on error; however we
665 * can safely just unref it as we know it will never be the
666 * last reference to the node.
667 */
668 int
669 ieee80211_send_nulldata(struct ieee80211_node *ni)
670 {
671 struct ieee80211vap *vap = ni->ni_vap;
672 struct ieee80211com *ic = ni->ni_ic;
673 struct mbuf *m;
674 struct ieee80211_frame *wh;
675 int hdrlen;
676 uint8_t *frm;
677
678 if (vap->iv_state == IEEE80211_S_CAC) {
679 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
680 ni, "block %s frame in CAC state", "null data");
681 ieee80211_unref_node(&ni);
682 vap->iv_stats.is_tx_badstate++;
683 return EIO; /* XXX */
684 }
685
686 if (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT))
687 hdrlen = sizeof(struct ieee80211_qosframe);
688 else
689 hdrlen = sizeof(struct ieee80211_frame);
690 /* NB: only WDS vap's get 4-address frames */
691 if (vap->iv_opmode == IEEE80211_M_WDS)
692 hdrlen += IEEE80211_ADDR_LEN;
693 if (ic->ic_flags & IEEE80211_F_DATAPAD)
694 hdrlen = roundup(hdrlen, sizeof(uint32_t));
695
696 m = ieee80211_getmgtframe(&frm, ic->ic_headroom + hdrlen, 0);
697 if (m == NULL) {
698 /* XXX debug msg */
699 ieee80211_unref_node(&ni);
700 vap->iv_stats.is_tx_nobuf++;
701 return ENOMEM;
702 }
703 KASSERT(M_LEADINGSPACE(m) >= hdrlen,
704 ("leading space %zd", M_LEADINGSPACE(m)));
705 M_PREPEND(m, hdrlen, MB_DONTWAIT);
706 if (m == NULL) {
707 /* NB: cannot happen */
708 ieee80211_free_node(ni);
709 return ENOMEM;
710 }
711
712 wh = mtod(m, struct ieee80211_frame *); /* NB: a little lie */
713 if (ni->ni_flags & IEEE80211_NODE_QOS) {
714 const int tid = WME_AC_TO_TID(WME_AC_BE);
715 uint8_t *qos;
716
717 ieee80211_send_setup(ni, m,
718 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS_NULL,
719 tid, vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
720
721 if (vap->iv_opmode == IEEE80211_M_WDS)
722 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
723 else
724 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
725 qos[0] = tid & IEEE80211_QOS_TID;
726 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[WME_AC_BE].wmep_noackPolicy)
727 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK;
728 qos[1] = 0;
729 } else {
730 ieee80211_send_setup(ni, m,
731 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA,
732 IEEE80211_NONQOS_TID,
733 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
734 }
735 if (vap->iv_opmode != IEEE80211_M_WDS) {
736 /* NB: power management bit is never sent by an AP */
737 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
738 vap->iv_opmode != IEEE80211_M_HOSTAP)
739 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT;
740 }
741 m->m_len = m->m_pkthdr.len = hdrlen;
742 m->m_flags |= M_ENCAP; /* mark encapsulated */
743
744 M_WME_SETAC(m, WME_AC_BE);
745
746 IEEE80211_NODE_STAT(ni, tx_data);
747
748 IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, ni,
749 "send %snull data frame on channel %u, pwr mgt %s",
750 ni->ni_flags & IEEE80211_NODE_QOS ? "QoS " : "",
751 ieee80211_chan2ieee(ic, ic->ic_curchan),
752 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis");
753
754 return ic->ic_raw_xmit(ni, m, NULL);
755 }
756
757 /*
758 * Assign priority to a frame based on any vlan tag assigned
759 * to the station and/or any Diffserv setting in an IP header.
760 * Finally, if an ACM policy is setup (in station mode) it's
761 * applied.
762 */
763 int
764 ieee80211_classify(struct ieee80211_node *ni, struct mbuf *m)
765 {
766 const struct ether_header *eh = mtod(m, struct ether_header *);
767 int v_wme_ac, d_wme_ac, ac;
768
769 /*
770 * Always promote PAE/EAPOL frames to high priority.
771 */
772 if (eh->ether_type == htons(ETHERTYPE_PAE)) {
773 /* NB: mark so others don't need to check header */
774 m->m_flags |= M_EAPOL;
775 ac = WME_AC_VO;
776 goto done;
777 }
778 /*
779 * Non-qos traffic goes to BE.
780 */
781 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) {
782 ac = WME_AC_BE;
783 goto done;
784 }
785
786 /*
787 * If node has a vlan tag then all traffic
788 * to it must have a matching tag.
789 */
790 v_wme_ac = 0;
791 if (ni->ni_vlan != 0) {
792 if ((m->m_flags & M_VLANTAG) == 0) {
793 IEEE80211_NODE_STAT(ni, tx_novlantag);
794 return 1;
795 }
796 #ifdef __FreeBSD__
797 if (EVL_VLANOFTAG(m->m_pkthdr.ether_vlantag) !=
798 EVL_VLANOFTAG(ni->ni_vlan)) {
799 IEEE80211_NODE_STAT(ni, tx_vlanmismatch);
800 return 1;
801 }
802 /* map vlan priority to AC */
803 v_wme_ac = TID_TO_WME_AC(EVL_PRIOFTAG(ni->ni_vlan));
804 #endif
805 }
806
807 /* XXX m_copydata may be too slow for fast path */
808 #ifdef INET
809 if (eh->ether_type == htons(ETHERTYPE_IP)) {
810 uint8_t tos;
811 /*
812 * IP frame, map the DSCP bits from the TOS field.
813 */
814 /* NB: ip header may not be in first mbuf */
815 m_copydata(m, sizeof(struct ether_header) +
816 offsetof(struct ip, ip_tos), sizeof(tos), &tos);
817 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */
818 d_wme_ac = TID_TO_WME_AC(tos);
819 } else {
820 #endif /* INET */
821 #ifdef INET6
822 if (eh->ether_type == htons(ETHERTYPE_IPV6)) {
823 uint32_t flow;
824 uint8_t tos;
825 /*
826 * IPv6 frame, map the DSCP bits from the TOS field.
827 */
828 m_copydata(m, sizeof(struct ether_header) +
829 offsetof(struct ip6_hdr, ip6_flow), sizeof(flow),
830 (caddr_t) &flow);
831 tos = (uint8_t)(ntohl(flow) >> 20);
832 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */
833 d_wme_ac = TID_TO_WME_AC(tos);
834 } else {
835 #endif /* INET6 */
836 d_wme_ac = WME_AC_BE;
837 #ifdef INET6
838 }
839 #endif
840 #ifdef INET
841 }
842 #endif
843 /*
844 * Use highest priority AC.
845 */
846 if (v_wme_ac > d_wme_ac)
847 ac = v_wme_ac;
848 else
849 ac = d_wme_ac;
850
851 /*
852 * Apply ACM policy.
853 */
854 if (ni->ni_vap->iv_opmode == IEEE80211_M_STA) {
855 static const int acmap[4] = {
856 WME_AC_BK, /* WME_AC_BE */
857 WME_AC_BK, /* WME_AC_BK */
858 WME_AC_BE, /* WME_AC_VI */
859 WME_AC_VI, /* WME_AC_VO */
860 };
861 struct ieee80211com *ic = ni->ni_ic;
862
863 while (ac != WME_AC_BK &&
864 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm)
865 ac = acmap[ac];
866 }
867 done:
868 M_WME_SETAC(m, ac);
869 return 0;
870 }
871
872 /*
873 * Insure there is sufficient contiguous space to encapsulate the
874 * 802.11 data frame. If room isn't already there, arrange for it.
875 * Drivers and cipher modules assume we have done the necessary work
876 * and fail rudely if they don't find the space they need.
877 */
878 struct mbuf *
879 ieee80211_mbuf_adjust(struct ieee80211vap *vap, int hdrsize,
880 struct ieee80211_key *key, struct mbuf *m)
881 {
882 #define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc))
883 struct mbuf *mnew = NULL;
884 int needed_space = vap->iv_ic->ic_headroom + hdrsize;
885
886 if (key != NULL) {
887 /* XXX belongs in crypto code? */
888 needed_space += key->wk_cipher->ic_header;
889 /* XXX frags */
890 /*
891 * When crypto is being done in the host we must insure
892 * the data are writable for the cipher routines; clone
893 * a writable mbuf chain.
894 * XXX handle SWMIC specially
895 */
896 if (key->wk_flags & (IEEE80211_KEY_SWENCRYPT|IEEE80211_KEY_SWENMIC)) {
897 mnew = m_dup(m, MB_DONTWAIT);
898 if (m == NULL) {
899 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
900 "%s: cannot get writable mbuf\n", __func__);
901 vap->iv_stats.is_tx_nobuf++; /* XXX new stat */
902 return NULL;
903 }
904 m_freem(m);
905 m = mnew;
906 }
907 }
908 /*
909 * We know we are called just before stripping an Ethernet
910 * header and prepending an LLC header. This means we know
911 * there will be
912 * sizeof(struct ether_header) - sizeof(struct llc)
913 * bytes recovered to which we need additional space for the
914 * 802.11 header and any crypto header.
915 */
916 /* XXX check trailing space and copy instead? */
917 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) {
918 struct mbuf *n = m_gethdr(MB_DONTWAIT, m->m_type);
919 if (n == NULL) {
920 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
921 "%s: cannot expand storage\n", __func__);
922 vap->iv_stats.is_tx_nobuf++;
923 m_freem(m);
924 return NULL;
925 }
926 KASSERT(needed_space <= MHLEN,
927 ("not enough room, need %u got %zu\n", needed_space, MHLEN));
928 /*
929 * Setup new mbuf to have leading space to prepend the
930 * 802.11 header and any crypto header bits that are
931 * required (the latter are added when the driver calls
932 * back to ieee80211_crypto_encap to do crypto encapsulation).
933 */
934 /* NB: must be first 'cuz it clobbers m_data */
935 m_move_pkthdr(n, m);
936 n->m_len = 0; /* NB: m_gethdr does not set */
937 n->m_data += needed_space;
938 /*
939 * Pull up Ethernet header to create the expected layout.
940 * We could use m_pullup but that's overkill (i.e. we don't
941 * need the actual data) and it cannot fail so do it inline
942 * for speed.
943 */
944 /* NB: struct ether_header is known to be contiguous */
945 n->m_len += sizeof(struct ether_header);
946 m->m_len -= sizeof(struct ether_header);
947 m->m_data += sizeof(struct ether_header);
948 /*
949 * Replace the head of the chain.
950 */
951 n->m_next = m;
952 m = n;
953 }
954 return m;
955 #undef TO_BE_RECLAIMED
956 }
957
958 /*
959 * Return the transmit key to use in sending a unicast frame.
960 * If a unicast key is set we use that. When no unicast key is set
961 * we fall back to the default transmit key.
962 */
963 static __inline struct ieee80211_key *
964 ieee80211_crypto_getucastkey(struct ieee80211vap *vap,
965 struct ieee80211_node *ni)
966 {
967 if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
968 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE ||
969 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey]))
970 return NULL;
971 return &vap->iv_nw_keys[vap->iv_def_txkey];
972 } else {
973 return &ni->ni_ucastkey;
974 }
975 }
976
977 /*
978 * Return the transmit key to use in sending a multicast frame.
979 * Multicast traffic always uses the group key which is installed as
980 * the default tx key.
981 */
982 static __inline struct ieee80211_key *
983 ieee80211_crypto_getmcastkey(struct ieee80211vap *vap,
984 struct ieee80211_node *ni)
985 {
986 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE ||
987 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey]))
988 return NULL;
989 return &vap->iv_nw_keys[vap->iv_def_txkey];
990 }
991
992 /*
993 * Encapsulate an outbound data frame. The mbuf chain is updated.
994 * If an error is encountered NULL is returned. The caller is required
995 * to provide a node reference and pullup the ethernet header in the
996 * first mbuf.
997 *
998 * NB: Packet is assumed to be processed by ieee80211_classify which
999 * marked EAPOL frames w/ M_EAPOL.
1000 */
1001 struct mbuf *
1002 ieee80211_encap(struct ieee80211vap *vap, struct ieee80211_node *ni,
1003 struct mbuf *m)
1004 {
1005 #define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh))
1006 struct ieee80211com *ic = ni->ni_ic;
1007 #ifdef IEEE80211_SUPPORT_MESH
1008 struct ieee80211_mesh_state *ms = vap->iv_mesh;
1009 struct ieee80211_meshcntl_ae10 *mc;
1010 #endif
1011 struct ether_header eh;
1012 struct ieee80211_frame *wh;
1013 struct ieee80211_key *key;
1014 struct llc *llc;
1015 int hdrsize, hdrspace, datalen, addqos, txfrag, is4addr;
1016 ieee80211_seq seqno;
1017 int meshhdrsize, meshae;
1018 uint8_t *qos;
1019
1020 /*
1021 * Copy existing Ethernet header to a safe place. The
1022 * rest of the code assumes it's ok to strip it when
1023 * reorganizing state for the final encapsulation.
1024 */
1025 KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!"));
1026 ETHER_HEADER_COPY(&eh, mtod(m, caddr_t));
1027
1028 /*
1029 * Insure space for additional headers. First identify
1030 * transmit key to use in calculating any buffer adjustments
1031 * required. This is also used below to do privacy
1032 * encapsulation work. Then calculate the 802.11 header
1033 * size and any padding required by the driver.
1034 *
1035 * Note key may be NULL if we fall back to the default
1036 * transmit key and that is not set. In that case the
1037 * buffer may not be expanded as needed by the cipher
1038 * routines, but they will/should discard it.
1039 */
1040 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
1041 if (vap->iv_opmode == IEEE80211_M_STA ||
1042 !IEEE80211_IS_MULTICAST(eh.ether_dhost) ||
1043 (vap->iv_opmode == IEEE80211_M_WDS &&
1044 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY)))
1045 key = ieee80211_crypto_getucastkey(vap, ni);
1046 else
1047 key = ieee80211_crypto_getmcastkey(vap, ni);
1048 if (key == NULL && (m->m_flags & M_EAPOL) == 0) {
1049 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO,
1050 eh.ether_dhost,
1051 "no default transmit key (%s) deftxkey %u",
1052 __func__, vap->iv_def_txkey);
1053 vap->iv_stats.is_tx_nodefkey++;
1054 goto bad;
1055 }
1056 } else
1057 key = NULL;
1058 /*
1059 * XXX Some ap's don't handle QoS-encapsulated EAPOL
1060 * frames so suppress use. This may be an issue if other
1061 * ap's require all data frames to be QoS-encapsulated
1062 * once negotiated in which case we'll need to make this
1063 * configurable.
1064 */
1065 addqos = (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) &&
1066 (m->m_flags & M_EAPOL) == 0;
1067 if (addqos)
1068 hdrsize = sizeof(struct ieee80211_qosframe);
1069 else
1070 hdrsize = sizeof(struct ieee80211_frame);
1071 #ifdef IEEE80211_SUPPORT_MESH
1072 if (vap->iv_opmode == IEEE80211_M_MBSS) {
1073 /*
1074 * Mesh data frames are encapsulated according to the
1075 * rules of Section 11B.8.5 (p.139 of D3.0 spec).
1076 * o Group Addressed data (aka multicast) originating
1077 * at the local sta are sent w/ 3-address format and
1078 * address extension mode 00
1079 * o Individually Addressed data (aka unicast) originating
1080 * at the local sta are sent w/ 4-address format and
1081 * address extension mode 00
1082 * o Group Addressed data forwarded from a non-mesh sta are
1083 * sent w/ 3-address format and address extension mode 01
1084 * o Individually Address data from another sta are sent
1085 * w/ 4-address format and address extension mode 10
1086 */
1087 is4addr = 0; /* NB: don't use, disable */
1088 if (!IEEE80211_IS_MULTICAST(eh.ether_dhost))
1089 hdrsize += IEEE80211_ADDR_LEN; /* unicast are 4-addr */
1090 meshhdrsize = sizeof(struct ieee80211_meshcntl);
1091 /* XXX defines for AE modes */
1092 if (IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)) {
1093 if (!IEEE80211_IS_MULTICAST(eh.ether_dhost))
1094 meshae = 0;
1095 else
1096 meshae = 4; /* NB: pseudo */
1097 } else if (IEEE80211_IS_MULTICAST(eh.ether_dhost)) {
1098 meshae = 1;
1099 meshhdrsize += 1*IEEE80211_ADDR_LEN;
1100 } else {
1101 meshae = 2;
1102 meshhdrsize += 2*IEEE80211_ADDR_LEN;
1103 }
1104 } else {
1105 #endif
1106 /*
1107 * 4-address frames need to be generated for:
1108 * o packets sent through a WDS vap (IEEE80211_M_WDS)
1109 * o packets sent through a vap marked for relaying
1110 * (e.g. a station operating with dynamic WDS)
1111 */
1112 is4addr = vap->iv_opmode == IEEE80211_M_WDS ||
1113 ((vap->iv_flags_ext & IEEE80211_FEXT_4ADDR) &&
1114 !IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr));
1115 if (is4addr)
1116 hdrsize += IEEE80211_ADDR_LEN;
1117 meshhdrsize = meshae = 0;
1118 #ifdef IEEE80211_SUPPORT_MESH
1119 }
1120 #endif
1121 /*
1122 * Honor driver DATAPAD requirement.
1123 */
1124 if (ic->ic_flags & IEEE80211_F_DATAPAD)
1125 hdrspace = roundup(hdrsize, sizeof(uint32_t));
1126 else
1127 hdrspace = hdrsize;
1128
1129 if (__predict_true((m->m_flags & M_FF) == 0)) {
1130 /*
1131 * Normal frame.
1132 */
1133 m = ieee80211_mbuf_adjust(vap, hdrspace + meshhdrsize, key, m);
1134 if (m == NULL) {
1135 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */
1136 goto bad;
1137 }
1138 /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */
1139 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc));
1140 llc = mtod(m, struct llc *);
1141 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP;
1142 llc->llc_control = LLC_UI;
1143 llc->llc_snap.org_code[0] = 0;
1144 llc->llc_snap.org_code[1] = 0;
1145 llc->llc_snap.org_code[2] = 0;
1146 llc->llc_snap.ether_type = eh.ether_type;
1147 } else {
1148 #ifdef IEEE80211_SUPPORT_SUPERG
1149 /*
1150 * Aggregated frame.
1151 */
1152 m = ieee80211_ff_encap(vap, m, hdrspace + meshhdrsize, key);
1153 if (m == NULL)
1154 #endif
1155 goto bad;
1156 }
1157 datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */
1158
1159 M_PREPEND(m, hdrspace + meshhdrsize, MB_DONTWAIT);
1160 if (m == NULL) {
1161 vap->iv_stats.is_tx_nobuf++;
1162 goto bad;
1163 }
1164 wh = mtod(m, struct ieee80211_frame *);
1165 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA;
1166 *(uint16_t *)wh->i_dur = 0;
1167 qos = NULL; /* NB: quiet compiler */
1168 if (is4addr) {
1169 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
1170 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr);
1171 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1172 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1173 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost);
1174 } else switch (vap->iv_opmode) {
1175 case IEEE80211_M_STA:
1176 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
1177 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid);
1178 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
1179 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1180 break;
1181 case IEEE80211_M_IBSS:
1182 case IEEE80211_M_AHDEMO:
1183 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1184 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1185 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
1186 /*
1187 * NB: always use the bssid from iv_bss as the
1188 * neighbor's may be stale after an ibss merge
1189 */
1190 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_bssid);
1191 break;
1192 case IEEE80211_M_HOSTAP:
1193 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
1194 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1195 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid);
1196 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost);
1197 break;
1198 #ifdef IEEE80211_SUPPORT_MESH
1199 case IEEE80211_M_MBSS:
1200 /* NB: offset by hdrspace to deal with DATAPAD */
1201 mc = (struct ieee80211_meshcntl_ae10 *)
1202 (mtod(m, uint8_t *) + hdrspace);
1203 switch (meshae) {
1204 case 0: /* ucast, no proxy */
1205 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
1206 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr);
1207 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1208 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1209 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost);
1210 mc->mc_flags = 0;
1211 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1212 break;
1213 case 4: /* mcast, no proxy */
1214 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
1215 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1216 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1217 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost);
1218 mc->mc_flags = 0; /* NB: AE is really 0 */
1219 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1220 break;
1221 case 1: /* mcast, proxy */
1222 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
1223 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1224 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1225 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_myaddr);
1226 mc->mc_flags = 1;
1227 IEEE80211_ADDR_COPY(mc->mc_addr4, eh.ether_shost);
1228 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1229 break;
1230 case 2: /* ucast, proxy */
1231 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
1232 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr);
1233 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1234 /* XXX not right, need MeshDA */
1235 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1236 /* XXX assume are MeshSA */
1237 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, vap->iv_myaddr);
1238 mc->mc_flags = 2;
1239 IEEE80211_ADDR_COPY(mc->mc_addr4, eh.ether_dhost);
1240 IEEE80211_ADDR_COPY(mc->mc_addr5, eh.ether_shost);
1241 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1242 break;
1243 default:
1244 KASSERT(0, ("meshae %d", meshae));
1245 break;
1246 }
1247 mc->mc_ttl = ms->ms_ttl;
1248 ms->ms_seq++;
1249 LE_WRITE_4(mc->mc_seq, ms->ms_seq);
1250 break;
1251 #endif
1252 case IEEE80211_M_WDS: /* NB: is4addr should always be true */
1253 default:
1254 goto bad;
1255 }
1256 if (m->m_flags & M_MORE_DATA)
1257 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA;
1258 if (addqos) {
1259 int ac, tid;
1260
1261 if (is4addr) {
1262 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1263 /* NB: mesh case handled earlier */
1264 } else if (vap->iv_opmode != IEEE80211_M_MBSS)
1265 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1266 ac = M_WME_GETAC(m);
1267 /* map from access class/queue to 11e header priorty value */
1268 tid = WME_AC_TO_TID(ac);
1269 qos[0] = tid & IEEE80211_QOS_TID;
1270 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy)
1271 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK;
1272 qos[1] = 0;
1273 wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS;
1274
1275 if ((m->m_flags & M_AMPDU_MPDU) == 0) {
1276 /*
1277 * NB: don't assign a sequence # to potential
1278 * aggregates; we expect this happens at the
1279 * point the frame comes off any aggregation q
1280 * as otherwise we may introduce holes in the
1281 * BA sequence space and/or make window accouting
1282 * more difficult.
1283 *
1284 * XXX may want to control this with a driver
1285 * capability; this may also change when we pull
1286 * aggregation up into net80211
1287 */
1288 seqno = ni->ni_txseqs[tid]++;
1289 *(uint16_t *)wh->i_seq =
1290 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
1291 M_SEQNO_SET(m, seqno);
1292 }
1293 } else {
1294 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++;
1295 *(uint16_t *)wh->i_seq =
1296 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
1297 M_SEQNO_SET(m, seqno);
1298 }
1299
1300
1301 /* check if xmit fragmentation is required */
1302 txfrag = (m->m_pkthdr.len > vap->iv_fragthreshold &&
1303 !IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1304 (vap->iv_caps & IEEE80211_C_TXFRAG) &&
1305 (m->m_flags & (M_FF | M_AMPDU_MPDU)) == 0);
1306 if (key != NULL) {
1307 /*
1308 * IEEE 802.1X: send EAPOL frames always in the clear.
1309 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.
1310 */
1311 if ((m->m_flags & M_EAPOL) == 0 ||
1312 ((vap->iv_flags & IEEE80211_F_WPA) &&
1313 (vap->iv_opmode == IEEE80211_M_STA ?
1314 !IEEE80211_KEY_UNDEFINED(key) :
1315 !IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)))) {
1316 wh->i_fc[1] |= IEEE80211_FC1_WEP;
1317 if (!ieee80211_crypto_enmic(vap, key, m, txfrag)) {
1318 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT,
1319 eh.ether_dhost,
1320 "%s", "enmic failed, discard frame");
1321 vap->iv_stats.is_crypto_enmicfail++;
1322 goto bad;
1323 }
1324 }
1325 }
1326 if (txfrag && !ieee80211_fragment(vap, m, hdrsize,
1327 key != NULL ? key->wk_cipher->ic_header : 0, vap->iv_fragthreshold))
1328 goto bad;
1329
1330 m->m_flags |= M_ENCAP; /* mark encapsulated */
1331
1332 IEEE80211_NODE_STAT(ni, tx_data);
1333 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1334 IEEE80211_NODE_STAT(ni, tx_mcast);
1335 m->m_flags |= M_MCAST;
1336 } else
1337 IEEE80211_NODE_STAT(ni, tx_ucast);
1338 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen);
1339
1340 return m;
1341 bad:
1342 if (m != NULL)
1343 m_freem(m);
1344 return NULL;
1345 #undef WH4
1346 }
1347
1348 /*
1349 * Fragment the frame according to the specified mtu.
1350 * The size of the 802.11 header (w/o padding) is provided
1351 * so we don't need to recalculate it. We create a new
1352 * mbuf for each fragment and chain it through m_nextpkt;
1353 * we might be able to optimize this by reusing the original
1354 * packet's mbufs but that is significantly more complicated.
1355 */
1356 static int
1357 ieee80211_fragment(struct ieee80211vap *vap, struct mbuf *m0,
1358 u_int hdrsize, u_int ciphdrsize, u_int mtu)
1359 {
1360 struct ieee80211_frame *wh, *whf;
1361 struct mbuf *m, *prev, *next;
1362 u_int totalhdrsize, fragno, fragsize, off, remainder, payload;
1363
1364 KASSERT(m0->m_nextpkt == NULL, ("mbuf already chained?"));
1365 KASSERT(m0->m_pkthdr.len > mtu,
1366 ("pktlen %u mtu %u", m0->m_pkthdr.len, mtu));
1367
1368 wh = mtod(m0, struct ieee80211_frame *);
1369 /* NB: mark the first frag; it will be propagated below */
1370 wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG;
1371 totalhdrsize = hdrsize + ciphdrsize;
1372 fragno = 1;
1373 off = mtu - ciphdrsize;
1374 remainder = m0->m_pkthdr.len - off;
1375 prev = m0;
1376 do {
1377 fragsize = totalhdrsize + remainder;
1378 if (fragsize > mtu)
1379 fragsize = mtu;
1380 /* XXX fragsize can be >2048! */
1381 KASSERT(fragsize < MCLBYTES,
1382 ("fragment size %u too big!", fragsize));
1383 if (fragsize > MHLEN)
1384 m = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR);
1385 else
1386 m = m_gethdr(MB_DONTWAIT, MT_DATA);
1387 if (m == NULL)
1388 goto bad;
1389 /* leave room to prepend any cipher header */
1390 m_align(m, fragsize - ciphdrsize);
1391
1392 /*
1393 * Form the header in the fragment. Note that since
1394 * we mark the first fragment with the MORE_FRAG bit
1395 * it automatically is propagated to each fragment; we
1396 * need only clear it on the last fragment (done below).
1397 */
1398 whf = mtod(m, struct ieee80211_frame *);
1399 memcpy(whf, wh, hdrsize);
1400 *(uint16_t *)&whf->i_seq[0] |= htole16(
1401 (fragno & IEEE80211_SEQ_FRAG_MASK) <<
1402 IEEE80211_SEQ_FRAG_SHIFT);
1403 fragno++;
1404
1405 payload = fragsize - totalhdrsize;
1406 /* NB: destination is known to be contiguous */
1407 m_copydata(m0, off, payload, mtod(m, uint8_t *) + hdrsize);
1408 m->m_len = hdrsize + payload;
1409 m->m_pkthdr.len = hdrsize + payload;
1410 m->m_flags |= M_FRAG;
1411 m->m_pkthdr.rcvif = m0->m_pkthdr.rcvif;
1412
1413 /* chain up the fragment */
1414 prev->m_nextpkt = m;
1415 prev = m;
1416
1417 /* deduct fragment just formed */
1418 remainder -= payload;
1419 off += payload;
1420 } while (remainder != 0);
1421
1422 /* set the last fragment */
1423 m->m_flags |= M_LASTFRAG;
1424 whf->i_fc[1] &= ~IEEE80211_FC1_MORE_FRAG;
1425
1426 /* strip first mbuf now that everything has been copied */
1427 m_adj(m0, -(m0->m_pkthdr.len - (mtu - ciphdrsize)));
1428 m0->m_flags |= M_FIRSTFRAG | M_FRAG;
1429
1430 vap->iv_stats.is_tx_fragframes++;
1431 vap->iv_stats.is_tx_frags += fragno-1;
1432
1433 return 1;
1434 bad:
1435 /* reclaim fragments but leave original frame for caller to free */
1436 for (m = m0->m_nextpkt; m != NULL; m = next) {
1437 next = m->m_nextpkt;
1438 m->m_nextpkt = NULL; /* XXX paranoid */
1439 m_freem(m);
1440 }
1441 m0->m_nextpkt = NULL;
1442 return 0;
1443 }
1444
1445 /*
1446 * Add a supported rates element id to a frame.
1447 */
1448 uint8_t *
1449 ieee80211_add_rates(uint8_t *frm, const struct ieee80211_rateset *rs)
1450 {
1451 int nrates;
1452
1453 *frm++ = IEEE80211_ELEMID_RATES;
1454 nrates = rs->rs_nrates;
1455 if (nrates > IEEE80211_RATE_SIZE)
1456 nrates = IEEE80211_RATE_SIZE;
1457 *frm++ = nrates;
1458 memcpy(frm, rs->rs_rates, nrates);
1459 return frm + nrates;
1460 }
1461
1462 /*
1463 * Add an extended supported rates element id to a frame.
1464 */
1465 uint8_t *
1466 ieee80211_add_xrates(uint8_t *frm, const struct ieee80211_rateset *rs)
1467 {
1468 /*
1469 * Add an extended supported rates element if operating in 11g mode.
1470 */
1471 if (rs->rs_nrates > IEEE80211_RATE_SIZE) {
1472 int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE;
1473 *frm++ = IEEE80211_ELEMID_XRATES;
1474 *frm++ = nrates;
1475 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates);
1476 frm += nrates;
1477 }
1478 return frm;
1479 }
1480
1481 /*
1482 * Add an ssid element to a frame.
1483 */
1484 static uint8_t *
1485 ieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len)
1486 {
1487 *frm++ = IEEE80211_ELEMID_SSID;
1488 *frm++ = len;
1489 memcpy(frm, ssid, len);
1490 return frm + len;
1491 }
1492
1493 /*
1494 * Add an erp element to a frame.
1495 */
1496 static uint8_t *
1497 ieee80211_add_erp(uint8_t *frm, struct ieee80211com *ic)
1498 {
1499 uint8_t erp;
1500
1501 *frm++ = IEEE80211_ELEMID_ERP;
1502 *frm++ = 1;
1503 erp = 0;
1504 if (ic->ic_nonerpsta != 0)
1505 erp |= IEEE80211_ERP_NON_ERP_PRESENT;
1506 if (ic->ic_flags & IEEE80211_F_USEPROT)
1507 erp |= IEEE80211_ERP_USE_PROTECTION;
1508 if (ic->ic_flags & IEEE80211_F_USEBARKER)
1509 erp |= IEEE80211_ERP_LONG_PREAMBLE;
1510 *frm++ = erp;
1511 return frm;
1512 }
1513
1514 /*
1515 * Add a CFParams element to a frame.
1516 */
1517 static uint8_t *
1518 ieee80211_add_cfparms(uint8_t *frm, struct ieee80211com *ic)
1519 {
1520 #define ADDSHORT(frm, v) do { \
1521 LE_WRITE_2(frm, v); \
1522 frm += 2; \
1523 } while (0)
1524 *frm++ = IEEE80211_ELEMID_CFPARMS;
1525 *frm++ = 6;
1526 *frm++ = 0; /* CFP count */
1527 *frm++ = 2; /* CFP period */
1528 ADDSHORT(frm, 0); /* CFP MaxDuration (TU) */
1529 ADDSHORT(frm, 0); /* CFP CurRemaining (TU) */
1530 return frm;
1531 #undef ADDSHORT
1532 }
1533
1534 static __inline uint8_t *
1535 add_appie(uint8_t *frm, const struct ieee80211_appie *ie)
1536 {
1537 memcpy(frm, ie->ie_data, ie->ie_len);
1538 return frm + ie->ie_len;
1539 }
1540
1541 static __inline uint8_t *
1542 add_ie(uint8_t *frm, const uint8_t *ie)
1543 {
1544 memcpy(frm, ie, 2 + ie[1]);
1545 return frm + 2 + ie[1];
1546 }
1547
1548 #define WME_OUI_BYTES 0x00, 0x50, 0xf2
1549 /*
1550 * Add a WME information element to a frame.
1551 */
1552 static uint8_t *
1553 ieee80211_add_wme_info(uint8_t *frm, struct ieee80211_wme_state *wme)
1554 {
1555 static const struct ieee80211_wme_info info = {
1556 .wme_id = IEEE80211_ELEMID_VENDOR,
1557 .wme_len = sizeof(struct ieee80211_wme_info) - 2,
1558 .wme_oui = { WME_OUI_BYTES },
1559 .wme_type = WME_OUI_TYPE,
1560 .wme_subtype = WME_INFO_OUI_SUBTYPE,
1561 .wme_version = WME_VERSION,
1562 .wme_info = 0,
1563 };
1564 memcpy(frm, &info, sizeof(info));
1565 return frm + sizeof(info);
1566 }
1567
1568 /*
1569 * Add a WME parameters element to a frame.
1570 */
1571 static uint8_t *
1572 ieee80211_add_wme_param(uint8_t *frm, struct ieee80211_wme_state *wme)
1573 {
1574 #define SM(_v, _f) (((_v) << _f##_S) & _f)
1575 #define ADDSHORT(frm, v) do { \
1576 LE_WRITE_2(frm, v); \
1577 frm += 2; \
1578 } while (0)
1579 /* NB: this works 'cuz a param has an info at the front */
1580 static const struct ieee80211_wme_info param = {
1581 .wme_id = IEEE80211_ELEMID_VENDOR,
1582 .wme_len = sizeof(struct ieee80211_wme_param) - 2,
1583 .wme_oui = { WME_OUI_BYTES },
1584 .wme_type = WME_OUI_TYPE,
1585 .wme_subtype = WME_PARAM_OUI_SUBTYPE,
1586 .wme_version = WME_VERSION,
1587 };
1588 int i;
1589
1590 memcpy(frm, &param, sizeof(param));
1591 frm += __offsetof(struct ieee80211_wme_info, wme_info);
1592 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */
1593 *frm++ = 0; /* reserved field */
1594 for (i = 0; i < WME_NUM_AC; i++) {
1595 const struct wmeParams *ac =
1596 &wme->wme_bssChanParams.cap_wmeParams[i];
1597 *frm++ = SM(i, WME_PARAM_ACI)
1598 | SM(ac->wmep_acm, WME_PARAM_ACM)
1599 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN)
1600 ;
1601 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX)
1602 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN)
1603 ;
1604 ADDSHORT(frm, ac->wmep_txopLimit);
1605 }
1606 return frm;
1607 #undef SM
1608 #undef ADDSHORT
1609 }
1610 #undef WME_OUI_BYTES
1611
1612 /*
1613 * Add an 11h Power Constraint element to a frame.
1614 */
1615 static uint8_t *
1616 ieee80211_add_powerconstraint(uint8_t *frm, struct ieee80211vap *vap)
1617 {
1618 const struct ieee80211_channel *c = vap->iv_bss->ni_chan;
1619 /* XXX per-vap tx power limit? */
1620 int8_t limit = vap->iv_ic->ic_txpowlimit / 2;
1621
1622 frm[0] = IEEE80211_ELEMID_PWRCNSTR;
1623 frm[1] = 1;
1624 frm[2] = c->ic_maxregpower > limit ? c->ic_maxregpower - limit : 0;
1625 return frm + 3;
1626 }
1627
1628 /*
1629 * Add an 11h Power Capability element to a frame.
1630 */
1631 static uint8_t *
1632 ieee80211_add_powercapability(uint8_t *frm, const struct ieee80211_channel *c)
1633 {
1634 frm[0] = IEEE80211_ELEMID_PWRCAP;
1635 frm[1] = 2;
1636 frm[2] = c->ic_minpower;
1637 frm[3] = c->ic_maxpower;
1638 return frm + 4;
1639 }
1640
1641 /*
1642 * Add an 11h Supported Channels element to a frame.
1643 */
1644 static uint8_t *
1645 ieee80211_add_supportedchannels(uint8_t *frm, struct ieee80211com *ic)
1646 {
1647 static const int ielen = 26;
1648
1649 frm[0] = IEEE80211_ELEMID_SUPPCHAN;
1650 frm[1] = ielen;
1651 /* XXX not correct */
1652 memcpy(frm+2, ic->ic_chan_avail, ielen);
1653 return frm + 2 + ielen;
1654 }
1655
1656 /*
1657 * Add an 11h Channel Switch Announcement element to a frame.
1658 * Note that we use the per-vap CSA count to adjust the global
1659 * counter so we can use this routine to form probe response
1660 * frames and get the current count.
1661 */
1662 static uint8_t *
1663 ieee80211_add_csa(uint8_t *frm, struct ieee80211vap *vap)
1664 {
1665 struct ieee80211com *ic = vap->iv_ic;
1666 struct ieee80211_csa_ie *csa = (struct ieee80211_csa_ie *) frm;
1667
1668 csa->csa_ie = IEEE80211_ELEMID_CSA;
1669 csa->csa_len = 3;
1670 csa->csa_mode = 1; /* XXX force quiet on channel */
1671 csa->csa_newchan = ieee80211_chan2ieee(ic, ic->ic_csa_newchan);
1672 csa->csa_count = ic->ic_csa_count - vap->iv_csa_count;
1673 return frm + sizeof(*csa);
1674 }
1675
1676 /*
1677 * Add an 11h country information element to a frame.
1678 */
1679 static uint8_t *
1680 ieee80211_add_countryie(uint8_t *frm, struct ieee80211com *ic)
1681 {
1682
1683 if (ic->ic_countryie == NULL ||
1684 ic->ic_countryie_chan != ic->ic_bsschan) {
1685 /*
1686 * Handle lazy construction of ie. This is done on
1687 * first use and after a channel change that requires
1688 * re-calculation.
1689 */
1690 if (ic->ic_countryie != NULL)
1691 kfree(ic->ic_countryie, M_80211_NODE_IE);
1692 ic->ic_countryie = ieee80211_alloc_countryie(ic);
1693 if (ic->ic_countryie == NULL)
1694 return frm;
1695 ic->ic_countryie_chan = ic->ic_bsschan;
1696 }
1697 return add_appie(frm, ic->ic_countryie);
1698 }
1699
1700 /*
1701 * Send a probe request frame with the specified ssid
1702 * and any optional information element data.
1703 */
1704 int
1705 ieee80211_send_probereq(struct ieee80211_node *ni,
1706 const uint8_t sa[IEEE80211_ADDR_LEN],
1707 const uint8_t da[IEEE80211_ADDR_LEN],
1708 const uint8_t bssid[IEEE80211_ADDR_LEN],
1709 const uint8_t *ssid, size_t ssidlen)
1710 {
1711 struct ieee80211vap *vap = ni->ni_vap;
1712 struct ieee80211com *ic = ni->ni_ic;
1713 const struct ieee80211_txparam *tp;
1714 struct ieee80211_bpf_params params;
1715 struct ieee80211_frame *wh;
1716 const struct ieee80211_rateset *rs;
1717 struct mbuf *m;
1718 uint8_t *frm;
1719
1720 if (vap->iv_state == IEEE80211_S_CAC) {
1721 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, ni,
1722 "block %s frame in CAC state", "probe request");
1723 vap->iv_stats.is_tx_badstate++;
1724 return EIO; /* XXX */
1725 }
1726
1727 /*
1728 * Hold a reference on the node so it doesn't go away until after
1729 * the xmit is complete all the way in the driver. On error we
1730 * will remove our reference.
1731 */
1732 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1733 "ieee80211_ref_node (%s:%u) %p<%6D> refcnt %d\n",
1734 __func__, __LINE__,
1735 ni, ni->ni_macaddr, ":",
1736 ieee80211_node_refcnt(ni)+1);
1737 ieee80211_ref_node(ni);
1738
1739 /*
1740 * prreq frame format
1741 * [tlv] ssid
1742 * [tlv] supported rates
1743 * [tlv] RSN (optional)
1744 * [tlv] extended supported rates
1745 * [tlv] WPA (optional)
1746 * [tlv] user-specified ie's
1747 */
1748 m = ieee80211_getmgtframe(&frm,
1749 ic->ic_headroom + sizeof(struct ieee80211_frame),
1750 2 + IEEE80211_NWID_LEN
1751 + 2 + IEEE80211_RATE_SIZE
1752 + sizeof(struct ieee80211_ie_wpa)
1753 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
1754 + sizeof(struct ieee80211_ie_wpa)
1755 + (vap->iv_appie_probereq != NULL ?
1756 vap->iv_appie_probereq->ie_len : 0)
1757 );
1758 if (m == NULL) {
1759 vap->iv_stats.is_tx_nobuf++;
1760 ieee80211_free_node(ni);
1761 return ENOMEM;
1762 }
1763
1764 frm = ieee80211_add_ssid(frm, ssid, ssidlen);
1765 rs = ieee80211_get_suprates(ic, ic->ic_curchan);
1766 frm = ieee80211_add_rates(frm, rs);
1767 if (vap->iv_flags & IEEE80211_F_WPA2) {
1768 if (vap->iv_rsn_ie != NULL)
1769 frm = add_ie(frm, vap->iv_rsn_ie);
1770 /* XXX else complain? */
1771 }
1772 frm = ieee80211_add_xrates(frm, rs);
1773 if (vap->iv_flags & IEEE80211_F_WPA1) {
1774 if (vap->iv_wpa_ie != NULL)
1775 frm = add_ie(frm, vap->iv_wpa_ie);
1776 /* XXX else complain? */
1777 }
1778 if (vap->iv_appie_probereq != NULL)
1779 frm = add_appie(frm, vap->iv_appie_probereq);
1780 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
1781
1782 KASSERT(M_LEADINGSPACE(m) >= sizeof(struct ieee80211_frame),
1783 ("leading space %zd", M_LEADINGSPACE(m)));
1784 M_PREPEND(m, sizeof(struct ieee80211_frame), MB_DONTWAIT);
1785 if (m == NULL) {
1786 /* NB: cannot happen */
1787 ieee80211_free_node(ni);
1788 return ENOMEM;
1789 }
1790
1791 wh = mtod(m, struct ieee80211_frame *);
1792 ieee80211_send_setup(ni, m,
1793 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ,
1794 IEEE80211_NONQOS_TID, sa, da, bssid);
1795 /* XXX power management? */
1796 m->m_flags |= M_ENCAP; /* mark encapsulated */
1797
1798 M_WME_SETAC(m, WME_AC_BE);
1799
1800 IEEE80211_NODE_STAT(ni, tx_probereq);
1801 IEEE80211_NODE_STAT(ni, tx_mgmt);
1802
1803 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS,
1804 "send probe req on channel %u bssid %6D ssid \"%.*s\"\n",
1805 ieee80211_chan2ieee(ic, ic->ic_curchan), bssid, ":",
1806 (int)ssidlen, ssid);
1807
1808 memset(&params, 0, sizeof(params));
1809 params.ibp_pri = M_WME_GETAC(m);
1810 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
1811 params.ibp_rate0 = tp->mgmtrate;
1812 if (IEEE80211_IS_MULTICAST(da)) {
1813 params.ibp_flags |= IEEE80211_BPF_NOACK;
1814 params.ibp_try0 = 1;
1815 } else
1816 params.ibp_try0 = tp->maxretry;
1817 params.ibp_power = ni->ni_txpower;
1818 return ic->ic_raw_xmit(ni, m, &params);
1819 }
1820
1821 /*
1822 * Calculate capability information for mgt frames.
1823 */
1824 uint16_t
1825 ieee80211_getcapinfo(struct ieee80211vap *vap, struct ieee80211_channel *chan)
1826 {
1827 struct ieee80211com *ic = vap->iv_ic;
1828 uint16_t capinfo;
1829
1830 KASSERT(vap->iv_opmode != IEEE80211_M_STA, ("station mode"));
1831
1832 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
1833 capinfo = IEEE80211_CAPINFO_ESS;
1834 else if (vap->iv_opmode == IEEE80211_M_IBSS)
1835 capinfo = IEEE80211_CAPINFO_IBSS;
1836 else
1837 capinfo = 0;
1838 if (vap->iv_flags & IEEE80211_F_PRIVACY)
1839 capinfo |= IEEE80211_CAPINFO_PRIVACY;
1840 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
1841 IEEE80211_IS_CHAN_2GHZ(chan))
1842 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
1843 if (ic->ic_flags & IEEE80211_F_SHSLOT)
1844 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
1845 if (IEEE80211_IS_CHAN_5GHZ(chan) && (vap->iv_flags & IEEE80211_F_DOTH))
1846 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT;
1847 return capinfo;
1848 }
1849
1850 /*
1851 * Send a management frame. The node is for the destination (or ic_bss
1852 * when in station mode). Nodes other than ic_bss have their reference
1853 * count bumped to reflect our use for an indeterminant time.
1854 */
1855 int
1856 ieee80211_send_mgmt(struct ieee80211_node *ni, int type, int arg)
1857 {
1858 #define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT)
1859 #define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0)
1860 struct ieee80211vap *vap = ni->ni_vap;
1861 struct ieee80211com *ic = ni->ni_ic;
1862 struct ieee80211_node *bss = vap->iv_bss;
1863 struct ieee80211_bpf_params params;
1864 struct mbuf *m;
1865 uint8_t *frm;
1866 uint16_t capinfo;
1867 int has_challenge, is_shared_key, ret, status;
1868
1869 KASSERT(ni != NULL, ("null node"));
1870
1871 /*
1872 * Hold a reference on the node so it doesn't go away until after
1873 * the xmit is complete all the way in the driver. On error we
1874 * will remove our reference.
1875 */
1876 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1877 "ieee80211_ref_node (%s:%u) %p<%6D> refcnt %d\n",
1878 __func__, __LINE__,
1879 ni, ni->ni_macaddr, ":",
1880 ieee80211_node_refcnt(ni)+1);
1881 ieee80211_ref_node(ni);
1882
1883 memset(&params, 0, sizeof(params));
1884 switch (type) {
1885
1886 case IEEE80211_FC0_SUBTYPE_AUTH:
1887 status = arg >> 16;
1888 arg &= 0xffff;
1889 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE ||
1890 arg == IEEE80211_AUTH_SHARED_RESPONSE) &&
1891 ni->ni_challenge != NULL);
1892
1893 /*
1894 * Deduce whether we're doing open authentication or
1895 * shared key authentication. We do the latter if
1896 * we're in the middle of a shared key authentication
1897 * handshake or if we're initiating an authentication
1898 * request and configured to use shared key.
1899 */
1900 is_shared_key = has_challenge ||
1901 arg >= IEEE80211_AUTH_SHARED_RESPONSE ||
1902 (arg == IEEE80211_AUTH_SHARED_REQUEST &&
1903 bss->ni_authmode == IEEE80211_AUTH_SHARED);
1904
1905 m = ieee80211_getmgtframe(&frm,
1906 ic->ic_headroom + sizeof(struct ieee80211_frame),
1907 3 * sizeof(uint16_t)
1908 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ?
1909 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN : 0)
1910 );
1911 if (m == NULL)
1912 senderr(ENOMEM, is_tx_nobuf);
1913
1914 ((uint16_t *)frm)[0] =
1915 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED)
1916 : htole16(IEEE80211_AUTH_ALG_OPEN);
1917 ((uint16_t *)frm)[1] = htole16(arg); /* sequence number */
1918 ((uint16_t *)frm)[2] = htole16(status);/* status */
1919
1920 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) {
1921 ((uint16_t *)frm)[3] =
1922 htole16((IEEE80211_CHALLENGE_LEN << 8) |
1923 IEEE80211_ELEMID_CHALLENGE);
1924 memcpy(&((uint16_t *)frm)[4], ni->ni_challenge,
1925 IEEE80211_CHALLENGE_LEN);
1926 m->m_pkthdr.len = m->m_len =
1927 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN;
1928 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) {
1929 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni,
1930 "request encrypt frame (%s)", __func__);
1931 /* mark frame for encryption */
1932 params.ibp_flags |= IEEE80211_BPF_CRYPTO;
1933 }
1934 } else
1935 m->m_pkthdr.len = m->m_len = 3 * sizeof(uint16_t);
1936
1937 /* XXX not right for shared key */
1938 if (status == IEEE80211_STATUS_SUCCESS)
1939 IEEE80211_NODE_STAT(ni, tx_auth);
1940 else
1941 IEEE80211_NODE_STAT(ni, tx_auth_fail);
1942
1943 if (vap->iv_opmode == IEEE80211_M_STA)
1944 ieee80211_add_callback(m, ieee80211_tx_mgt_cb,
1945 (void *) vap->iv_state);
1946 break;
1947
1948 case IEEE80211_FC0_SUBTYPE_DEAUTH:
1949 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni,
1950 "send station deauthenticate (reason %d)", arg);
1951 m = ieee80211_getmgtframe(&frm,
1952 ic->ic_headroom + sizeof(struct ieee80211_frame),
1953 sizeof(uint16_t));
1954 if (m == NULL)
1955 senderr(ENOMEM, is_tx_nobuf);
1956 *(uint16_t *)frm = htole16(arg); /* reason */
1957 m->m_pkthdr.len = m->m_len = sizeof(uint16_t);
1958
1959 IEEE80211_NODE_STAT(ni, tx_deauth);
1960 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg);
1961
1962 ieee80211_node_unauthorize(ni); /* port closed */
1963 break;
1964
1965 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
1966 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
1967 /*
1968 * asreq frame format
1969 * [2] capability information
1970 * [2] listen interval
1971 * [6*] current AP address (reassoc only)
1972 * [tlv] ssid
1973 * [tlv] supported rates
1974 * [tlv] extended supported rates
1975 * [4] power capability (optional)
1976 * [28] supported channels (optional)
1977 * [tlv] HT capabilities
1978 * [tlv] WME (optional)
1979 * [tlv] Vendor OUI HT capabilities (optional)
1980 * [tlv] Atheros capabilities (if negotiated)
1981 * [tlv] AppIE's (optional)
1982 */
1983 m = ieee80211_getmgtframe(&frm,
1984 ic->ic_headroom + sizeof(struct ieee80211_frame),
1985 sizeof(uint16_t)
1986 + sizeof(uint16_t)
1987 + IEEE80211_ADDR_LEN
1988 + 2 + IEEE80211_NWID_LEN
1989 + 2 + IEEE80211_RATE_SIZE
1990 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
1991 + 4
1992 + 2 + 26
1993 + sizeof(struct ieee80211_wme_info)
1994 + sizeof(struct ieee80211_ie_htcap)
1995 + 4 + sizeof(struct ieee80211_ie_htcap)
1996 #ifdef IEEE80211_SUPPORT_SUPERG
1997 + sizeof(struct ieee80211_ath_ie)
1998 #endif
1999 + (vap->iv_appie_wpa != NULL ?
2000 vap->iv_appie_wpa->ie_len : 0)
2001 + (vap->iv_appie_assocreq != NULL ?
2002 vap->iv_appie_assocreq->ie_len : 0)
2003 );
2004 if (m == NULL)
2005 senderr(ENOMEM, is_tx_nobuf);
2006
2007 KASSERT(vap->iv_opmode == IEEE80211_M_STA,
2008 ("wrong mode %u", vap->iv_opmode));
2009 capinfo = IEEE80211_CAPINFO_ESS;
2010 if (vap->iv_flags & IEEE80211_F_PRIVACY)
2011 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2012 /*
2013 * NB: Some 11a AP's reject the request when
2014 * short premable is set.
2015 */
2016 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2017 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan))
2018 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2019 if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan) &&
2020 (ic->ic_caps & IEEE80211_C_SHSLOT))
2021 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2022 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) &&
2023 (vap->iv_flags & IEEE80211_F_DOTH))
2024 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT;
2025 *(uint16_t *)frm = htole16(capinfo);
2026 frm += 2;
2027
2028 KASSERT(bss->ni_intval != 0, ("beacon interval is zero!"));
2029 *(uint16_t *)frm = htole16(howmany(ic->ic_lintval,
2030 bss->ni_intval));
2031 frm += 2;
2032
2033 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
2034 IEEE80211_ADDR_COPY(frm, bss->ni_bssid);
2035 frm += IEEE80211_ADDR_LEN;
2036 }
2037
2038 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen);
2039 frm = ieee80211_add_rates(frm, &ni->ni_rates);
2040 if (vap->iv_flags & IEEE80211_F_WPA2) {
2041 if (vap->iv_rsn_ie != NULL)
2042 frm = add_ie(frm, vap->iv_rsn_ie);
2043 /* XXX else complain? */
2044 }
2045 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
2046 if (capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) {
2047 frm = ieee80211_add_powercapability(frm,
2048 ic->ic_curchan);
2049 frm = ieee80211_add_supportedchannels(frm, ic);
2050 }
2051 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) &&
2052 ni->ni_ies.htcap_ie != NULL &&
2053 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_HTCAP)
2054 frm = ieee80211_add_htcap(frm, ni);
2055 if (vap->iv_flags & IEEE80211_F_WPA1) {
2056 if (vap->iv_wpa_ie != NULL)
2057 frm = add_ie(frm, vap->iv_wpa_ie);
2058 /* XXX else complain */
2059 }
2060 if ((ic->ic_flags & IEEE80211_F_WME) &&
2061 ni->ni_ies.wme_ie != NULL)
2062 frm = ieee80211_add_wme_info(frm, &ic->ic_wme);
2063 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) &&
2064 ni->ni_ies.htcap_ie != NULL &&
2065 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_VENDOR)
2066 frm = ieee80211_add_htcap_vendor(frm, ni);
2067 #ifdef IEEE80211_SUPPORT_SUPERG
2068 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS)) {
2069 frm = ieee80211_add_ath(frm,
2070 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS),
2071 ((vap->iv_flags & IEEE80211_F_WPA) == 0 &&
2072 ni->ni_authmode != IEEE80211_AUTH_8021X) ?
2073 vap->iv_def_txkey : IEEE80211_KEYIX_NONE);
2074 }
2075 #endif /* IEEE80211_SUPPORT_SUPERG */
2076 if (vap->iv_appie_assocreq != NULL)
2077 frm = add_appie(frm, vap->iv_appie_assocreq);
2078 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2079
2080 ieee80211_add_callback(m, ieee80211_tx_mgt_cb,
2081 (void *) vap->iv_state);
2082 break;
2083
2084 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
2085 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
2086 /*
2087 * asresp frame format
2088 * [2] capability information
2089 * [2] status
2090 * [2] association ID
2091 * [tlv] supported rates
2092 * [tlv] extended supported rates
2093 * [tlv] HT capabilities (standard, if STA enabled)
2094 * [tlv] HT information (standard, if STA enabled)
2095 * [tlv] WME (if configured and STA enabled)
2096 * [tlv] HT capabilities (vendor OUI, if STA enabled)
2097 * [tlv] HT information (vendor OUI, if STA enabled)
2098 * [tlv] Atheros capabilities (if STA enabled)
2099 * [tlv] AppIE's (optional)
2100 */
2101 m = ieee80211_getmgtframe(&frm,
2102 ic->ic_headroom + sizeof(struct ieee80211_frame),
2103 sizeof(uint16_t)
2104 + sizeof(uint16_t)
2105 + sizeof(uint16_t)
2106 + 2 + IEEE80211_RATE_SIZE
2107 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2108 + sizeof(struct ieee80211_ie_htcap) + 4
2109 + sizeof(struct ieee80211_ie_htinfo) + 4
2110 + sizeof(struct ieee80211_wme_param)
2111 #ifdef IEEE80211_SUPPORT_SUPERG
2112 + sizeof(struct ieee80211_ath_ie)
2113 #endif
2114 + (vap->iv_appie_assocresp != NULL ?
2115 vap->iv_appie_assocresp->ie_len : 0)
2116 );
2117 if (m == NULL)
2118 senderr(ENOMEM, is_tx_nobuf);
2119
2120 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan);
2121 *(uint16_t *)frm = htole16(capinfo);
2122 frm += 2;
2123
2124 *(uint16_t *)frm = htole16(arg); /* status */
2125 frm += 2;
2126
2127 if (arg == IEEE80211_STATUS_SUCCESS) {
2128 *(uint16_t *)frm = htole16(ni->ni_associd);
2129 IEEE80211_NODE_STAT(ni, tx_assoc);
2130 } else
2131 IEEE80211_NODE_STAT(ni, tx_assoc_fail);
2132 frm += 2;
2133
2134 frm = ieee80211_add_rates(frm, &ni->ni_rates);
2135 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
2136 /* NB: respond according to what we received */
2137 if ((ni->ni_flags & HTFLAGS) == IEEE80211_NODE_HT) {
2138 frm = ieee80211_add_htcap(frm, ni);
2139 frm = ieee80211_add_htinfo(frm, ni);
2140 }
2141 if ((vap->iv_flags & IEEE80211_F_WME) &&
2142 ni->ni_ies.wme_ie != NULL)
2143 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2144 if ((ni->ni_flags & HTFLAGS) == HTFLAGS) {
2145 frm = ieee80211_add_htcap_vendor(frm, ni);
2146 frm = ieee80211_add_htinfo_vendor(frm, ni);
2147 }
2148 #ifdef IEEE80211_SUPPORT_SUPERG
2149 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS))
2150 frm = ieee80211_add_ath(frm,
2151 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS),
2152 ((vap->iv_flags & IEEE80211_F_WPA) == 0 &&
2153 ni->ni_authmode != IEEE80211_AUTH_8021X) ?
2154 vap->iv_def_txkey : IEEE80211_KEYIX_NONE);
2155 #endif /* IEEE80211_SUPPORT_SUPERG */
2156 if (vap->iv_appie_assocresp != NULL)
2157 frm = add_appie(frm, vap->iv_appie_assocresp);
2158 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2159 break;
2160
2161 case IEEE80211_FC0_SUBTYPE_DISASSOC:
2162 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni,
2163 "send station disassociate (reason %d)", arg);
2164 m = ieee80211_getmgtframe(&frm,
2165 ic->ic_headroom + sizeof(struct ieee80211_frame),
2166 sizeof(uint16_t));
2167 if (m == NULL)
2168 senderr(ENOMEM, is_tx_nobuf);
2169 *(uint16_t *)frm = htole16(arg); /* reason */
2170 m->m_pkthdr.len = m->m_len = sizeof(uint16_t);
2171
2172 IEEE80211_NODE_STAT(ni, tx_disassoc);
2173 IEEE80211_NODE_STAT_SET(ni, tx_disassoc_code, arg);
2174 break;
2175
2176 default:
2177 IEEE80211_NOTE(vap, IEEE80211_MSG_ANY, ni,
2178 "invalid mgmt frame type %u", type);
2179 senderr(EINVAL, is_tx_unknownmgt);
2180 /* NOTREACHED */
2181 }
2182
2183 /* NB: force non-ProbeResp frames to the highest queue */
2184 params.ibp_pri = WME_AC_VO;
2185 params.ibp_rate0 = bss->ni_txparms->mgmtrate;
2186 /* NB: we know all frames are unicast */
2187 params.ibp_try0 = bss->ni_txparms->maxretry;
2188 params.ibp_power = bss->ni_txpower;
2189 return ieee80211_mgmt_output(ni, m, type, &params);
2190 bad:
2191 ieee80211_free_node(ni);
2192 return ret;
2193 #undef senderr
2194 #undef HTFLAGS
2195 }
2196
2197 /*
2198 * Return an mbuf with a probe response frame in it.
2199 * Space is left to prepend and 802.11 header at the
2200 * front but it's left to the caller to fill in.
2201 */
2202 struct mbuf *
2203 ieee80211_alloc_proberesp(struct ieee80211_node *bss, int legacy)
2204 {
2205 struct ieee80211vap *vap = bss->ni_vap;
2206 struct ieee80211com *ic = bss->ni_ic;
2207 const struct ieee80211_rateset *rs;
2208 struct mbuf *m;
2209 uint16_t capinfo;
2210 uint8_t *frm;
2211
2212 /*
2213 * probe response frame format
2214 * [8] time stamp
2215 * [2] beacon interval
2216 * [2] cabability information
2217 * [tlv] ssid
2218 * [tlv] supported rates
2219 * [tlv] parameter set (FH/DS)
2220 * [tlv] parameter set (IBSS)
2221 * [tlv] country (optional)
2222 * [3] power control (optional)
2223 * [5] channel switch announcement (CSA) (optional)
2224 * [tlv] extended rate phy (ERP)
2225 * [tlv] extended supported rates
2226 * [tlv] RSN (optional)
2227 * [tlv] HT capabilities
2228 * [tlv] HT information
2229 * [tlv] WPA (optional)
2230 * [tlv] WME (optional)
2231 * [tlv] Vendor OUI HT capabilities (optional)
2232 * [tlv] Vendor OUI HT information (optional)
2233 * [tlv] Atheros capabilities
2234 * [tlv] AppIE's (optional)
2235 * [tlv] Mesh ID (MBSS)
2236 * [tlv] Mesh Conf (MBSS)
2237 */
2238 m = ieee80211_getmgtframe(&frm,
2239 ic->ic_headroom + sizeof(struct ieee80211_frame),
2240 8
2241 + sizeof(uint16_t)
2242 + sizeof(uint16_t)
2243 + 2 + IEEE80211_NWID_LEN
2244 + 2 + IEEE80211_RATE_SIZE
2245 + 7 /* max(7,3) */
2246 + IEEE80211_COUNTRY_MAX_SIZE
2247 + 3
2248 + sizeof(struct ieee80211_csa_ie)
2249 + 3
2250 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2251 + sizeof(struct ieee80211_ie_wpa)
2252 + sizeof(struct ieee80211_ie_htcap)
2253 + sizeof(struct ieee80211_ie_htinfo)
2254 + sizeof(struct ieee80211_ie_wpa)
2255 + sizeof(struct ieee80211_wme_param)
2256 + 4 + sizeof(struct ieee80211_ie_htcap)
2257 + 4 + sizeof(struct ieee80211_ie_htinfo)
2258 #ifdef IEEE80211_SUPPORT_SUPERG
2259 + sizeof(struct ieee80211_ath_ie)
2260 #endif
2261 #ifdef IEEE80211_SUPPORT_MESH
2262 + 2 + IEEE80211_MESHID_LEN
2263 + sizeof(struct ieee80211_meshconf_ie)
2264 #endif
2265 + (vap->iv_appie_proberesp != NULL ?
2266 vap->iv_appie_proberesp->ie_len : 0)
2267 );
2268 if (m == NULL) {
2269 vap->iv_stats.is_tx_nobuf++;
2270 return NULL;
2271 }
2272
2273 memset(frm, 0, 8); /* timestamp should be filled later */
2274 frm += 8;
2275 *(uint16_t *)frm = htole16(bss->ni_intval);
2276 frm += 2;
2277 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan);
2278 *(uint16_t *)frm = htole16(capinfo);
2279 frm += 2;
2280
2281 frm = ieee80211_add_ssid(frm, bss->ni_essid, bss->ni_esslen);
2282 rs = ieee80211_get_suprates(ic, bss->ni_chan);
2283 frm = ieee80211_add_rates(frm, rs);
2284
2285 if (IEEE80211_IS_CHAN_FHSS(bss->ni_chan)) {
2286 *frm++ = IEEE80211_ELEMID_FHPARMS;
2287 *frm++ = 5;
2288 *frm++ = bss->ni_fhdwell & 0x00ff;
2289 *frm++ = (bss->ni_fhdwell >> 8) & 0x00ff;
2290 *frm++ = IEEE80211_FH_CHANSET(
2291 ieee80211_chan2ieee(ic, bss->ni_chan));
2292 *frm++ = IEEE80211_FH_CHANPAT(
2293 ieee80211_chan2ieee(ic, bss->ni_chan));
2294 *frm++ = bss->ni_fhindex;
2295 } else {
2296 *frm++ = IEEE80211_ELEMID_DSPARMS;
2297 *frm++ = 1;
2298 *frm++ = ieee80211_chan2ieee(ic, bss->ni_chan);
2299 }
2300
2301 if (vap->iv_opmode == IEEE80211_M_IBSS) {
2302 *frm++ = IEEE80211_ELEMID_IBSSPARMS;
2303 *frm++ = 2;
2304 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
2305 }
2306 if ((vap->iv_flags & IEEE80211_F_DOTH) ||
2307 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD))
2308 frm = ieee80211_add_countryie(frm, ic);
2309 if (vap->iv_flags & IEEE80211_F_DOTH) {
2310 if (IEEE80211_IS_CHAN_5GHZ(bss->ni_chan))
2311 frm = ieee80211_add_powerconstraint(frm, vap);
2312 if (ic->ic_flags & IEEE80211_F_CSAPENDING)
2313 frm = ieee80211_add_csa(frm, vap);
2314 }
2315 if (IEEE80211_IS_CHAN_ANYG(bss->ni_chan))
2316 frm = ieee80211_add_erp(frm, ic);
2317 frm = ieee80211_add_xrates(frm, rs);
2318 if (vap->iv_flags & IEEE80211_F_WPA2) {
2319 if (vap->iv_rsn_ie != NULL)
2320 frm = add_ie(frm, vap->iv_rsn_ie);
2321 /* XXX else complain? */
2322 }
2323 /*
2324 * NB: legacy 11b clients do not get certain ie's.
2325 * The caller identifies such clients by passing
2326 * a token in legacy to us. Could expand this to be
2327 * any legacy client for stuff like HT ie's.
2328 */
2329 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) &&
2330 legacy != IEEE80211_SEND_LEGACY_11B) {
2331 frm = ieee80211_add_htcap(frm, bss);
2332 frm = ieee80211_add_htinfo(frm, bss);
2333 }
2334 if (vap->iv_flags & IEEE80211_F_WPA1) {
2335 if (vap->iv_wpa_ie != NULL)
2336 frm = add_ie(frm, vap->iv_wpa_ie);
2337 /* XXX else complain? */
2338 }
2339 if (vap->iv_flags & IEEE80211_F_WME)
2340 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2341 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) &&
2342 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT) &&
2343 legacy != IEEE80211_SEND_LEGACY_11B) {
2344 frm = ieee80211_add_htcap_vendor(frm, bss);
2345 frm = ieee80211_add_htinfo_vendor(frm, bss);
2346 }
2347 #ifdef IEEE80211_SUPPORT_SUPERG
2348 if ((vap->iv_flags & IEEE80211_F_ATHEROS) &&
2349 legacy != IEEE80211_SEND_LEGACY_11B)
2350 frm = ieee80211_add_athcaps(frm, bss);
2351 #endif
2352 if (vap->iv_appie_proberesp != NULL)
2353 frm = add_appie(frm, vap->iv_appie_proberesp);
2354 #ifdef IEEE80211_SUPPORT_MESH
2355 if (vap->iv_opmode == IEEE80211_M_MBSS) {
2356 frm = ieee80211_add_meshid(frm, vap);
2357 frm = ieee80211_add_meshconf(frm, vap);
2358 }
2359 #endif
2360 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2361
2362 return m;
2363 }
2364
2365 /*
2366 * Send a probe response frame to the specified mac address.
2367 * This does not go through the normal mgt frame api so we
2368 * can specify the destination address and re-use the bss node
2369 * for the sta reference.
2370 */
2371 int
2372 ieee80211_send_proberesp(struct ieee80211vap *vap,
2373 const uint8_t da[IEEE80211_ADDR_LEN], int legacy)
2374 {
2375 struct ieee80211_node *bss = vap->iv_bss;
2376 struct ieee80211com *ic = vap->iv_ic;
2377 struct ieee80211_frame *wh;
2378 struct mbuf *m;
2379
2380 if (vap->iv_state == IEEE80211_S_CAC) {
2381 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, bss,
2382 "block %s frame in CAC state", "probe response");
2383 vap->iv_stats.is_tx_badstate++;
2384 return EIO; /* XXX */
2385 }
2386
2387 /*
2388 * Hold a reference on the node so it doesn't go away until after
2389 * the xmit is complete all the way in the driver. On error we
2390 * will remove our reference.
2391 */
2392 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
2393 "ieee80211_ref_node (%s:%u) %p<%6D> refcnt %d\n",
2394 __func__, __LINE__, bss, bss->ni_macaddr, ":",
2395 ieee80211_node_refcnt(bss)+1);
2396 ieee80211_ref_node(bss);
2397
2398 m = ieee80211_alloc_proberesp(bss, legacy);
2399 if (m == NULL) {
2400 ieee80211_free_node(bss);
2401 return ENOMEM;
2402 }
2403
2404 M_PREPEND(m, sizeof(struct ieee80211_frame), MB_DONTWAIT);
2405 KASSERT(m != NULL, ("no room for header"));
2406
2407 wh = mtod(m, struct ieee80211_frame *);
2408 ieee80211_send_setup(bss, m,
2409 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP,
2410 IEEE80211_NONQOS_TID, vap->iv_myaddr, da, bss->ni_bssid);
2411 /* XXX power management? */
2412 m->m_flags |= M_ENCAP; /* mark encapsulated */
2413
2414 M_WME_SETAC(m, WME_AC_BE);
2415
2416 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS,
2417 "send probe resp on channel %u to %6D%s\n",
2418 ieee80211_chan2ieee(ic, ic->ic_curchan), da, ":",
2419 legacy ? " <legacy>" : "");
2420 IEEE80211_NODE_STAT(bss, tx_mgmt);
2421
2422 return ic->ic_raw_xmit(bss, m, NULL);
2423 }
2424
2425 /*
2426 * Allocate and build a RTS (Request To Send) control frame.
2427 */
2428 struct mbuf *
2429 ieee80211_alloc_rts(struct ieee80211com *ic,
2430 const uint8_t ra[IEEE80211_ADDR_LEN],
2431 const uint8_t ta[IEEE80211_ADDR_LEN],
2432 uint16_t dur)
2433 {
2434 struct ieee80211_frame_rts *rts;
2435 struct mbuf *m;
2436
2437 /* XXX honor ic_headroom */
2438 m = m_gethdr(MB_DONTWAIT, MT_DATA);
2439 if (m != NULL) {
2440 rts = mtod(m, struct ieee80211_frame_rts *);
2441 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 |
2442 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_RTS;
2443 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2444 *(u_int16_t *)rts->i_dur = htole16(dur);
2445 IEEE80211_ADDR_COPY(rts->i_ra, ra);
2446 IEEE80211_ADDR_COPY(rts->i_ta, ta);
2447
2448 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts);
2449 }
2450 return m;
2451 }
2452
2453 /*
2454 * Allocate and build a CTS (Clear To Send) control frame.
2455 */
2456 struct mbuf *
2457 ieee80211_alloc_cts(struct ieee80211com *ic,
2458 const uint8_t ra[IEEE80211_ADDR_LEN], uint16_t dur)
2459 {
2460 struct ieee80211_frame_cts *cts;
2461 struct mbuf *m;
2462
2463 /* XXX honor ic_headroom */
2464 m = m_gethdr(MB_DONTWAIT, MT_DATA);
2465 if (m != NULL) {
2466 cts = mtod(m, struct ieee80211_frame_cts *);
2467 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 |
2468 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_CTS;
2469 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2470 *(u_int16_t *)cts->i_dur = htole16(dur);
2471 IEEE80211_ADDR_COPY(cts->i_ra, ra);
2472
2473 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts);
2474 }
2475 return m;
2476 }
2477
2478 static void
2479 ieee80211_tx_mgt_timeout_callout(void *arg)
2480 {
2481 struct ieee80211_node *ni = arg;
2482 struct ieee80211vap *vap;
2483
2484 wlan_serialize_enter();
2485 vap = ni->ni_vap;
2486 if (vap->iv_state != IEEE80211_S_INIT &&
2487 (vap->iv_ic->ic_flags & IEEE80211_F_SCAN) == 0) {
2488 /*
2489 * NB: it's safe to specify a timeout as the reason here;
2490 * it'll only be used in the right state.
2491 */
2492 ieee80211_new_state(vap, IEEE80211_S_SCAN,
2493 IEEE80211_SCAN_FAIL_TIMEOUT);
2494 }
2495 wlan_serialize_exit();
2496 }
2497
2498 static void
2499 ieee80211_tx_mgt_cb(struct ieee80211_node *ni, void *arg, int status)
2500 {
2501 struct ieee80211vap *vap = ni->ni_vap;
2502 enum ieee80211_state ostate = (enum ieee80211_state) arg;
2503
2504 /*
2505 * Frame transmit completed; arrange timer callback. If
2506 * transmit was successfuly we wait for response. Otherwise
2507 * we arrange an immediate callback instead of doing the
2508 * callback directly since we don't know what state the driver
2509 * is in (e.g. what locks it is holding). This work should
2510 * not be too time-critical and not happen too often so the
2511 * added overhead is acceptable.
2512 *
2513 * XXX what happens if !acked but response shows up before callback?
2514 */
2515 if (vap->iv_state == ostate)
2516 callout_reset(&vap->iv_mgtsend,
2517 status == 0 ? IEEE80211_TRANS_WAIT*hz : 0,
2518 ieee80211_tx_mgt_timeout_callout, ni);
2519 }
2520
2521 static void
2522 ieee80211_beacon_construct(struct mbuf *m, uint8_t *frm,
2523 struct ieee80211_beacon_offsets *bo, struct ieee80211_node *ni)
2524 {
2525 struct ieee80211vap *vap = ni->ni_vap;
2526 struct ieee80211com *ic = ni->ni_ic;
2527 struct ieee80211_rateset *rs = &ni->ni_rates;
2528 uint16_t capinfo;
2529
2530 /*
2531 * beacon frame format
2532 * [8] time stamp
2533 * [2] beacon interval
2534 * [2] cabability information
2535 * [tlv] ssid
2536 * [tlv] supported rates
2537 * [3] parameter set (DS)
2538 * [8] CF parameter set (optional)
2539 * [tlv] parameter set (IBSS/TIM)
2540 * [tlv] country (optional)
2541 * [3] power control (optional)
2542 * [5] channel switch announcement (CSA) (optional)
2543 * [tlv] extended rate phy (ERP)
2544 * [tlv] extended supported rates
2545 * [tlv] RSN parameters
2546 * [tlv] HT capabilities
2547 * [tlv] HT information
2548 * XXX Vendor-specific OIDs (e.g. Atheros)
2549 * [tlv] WPA parameters
2550 * [tlv] WME parameters
2551 * [tlv] Vendor OUI HT capabilities (optional)
2552 * [tlv] Vendor OUI HT information (optional)
2553 * [tlv] Atheros capabilities (optional)
2554 * [tlv] TDMA parameters (optional)
2555 * [tlv] Mesh ID (MBSS)
2556 * [tlv] Mesh Conf (MBSS)
2557 * [tlv] application data (optional)
2558 */
2559
2560 memset(bo, 0, sizeof(*bo));
2561
2562 memset(frm, 0, 8); /* XXX timestamp is set by hardware/driver */
2563 frm += 8;
2564 *(uint16_t *)frm = htole16(ni->ni_intval);
2565 frm += 2;
2566 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan);
2567 bo->bo_caps = (uint16_t *)frm;
2568 *(uint16_t *)frm = htole16(capinfo);
2569 frm += 2;
2570 *frm++ = IEEE80211_ELEMID_SSID;
2571 if ((vap->iv_flags & IEEE80211_F_HIDESSID) == 0) {
2572 *frm++ = ni->ni_esslen;
2573 memcpy(frm, ni->ni_essid, ni->ni_esslen);
2574 frm += ni->ni_esslen;
2575 } else
2576 *frm++ = 0;
2577 frm = ieee80211_add_rates(frm, rs);
2578 if (!IEEE80211_IS_CHAN_FHSS(ni->ni_chan)) {
2579 *frm++ = IEEE80211_ELEMID_DSPARMS;
2580 *frm++ = 1;
2581 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan);
2582 }
2583 if (ic->ic_flags & IEEE80211_F_PCF) {
2584 bo->bo_cfp = frm;
2585 frm = ieee80211_add_cfparms(frm, ic);
2586 }
2587 bo->bo_tim = frm;
2588 if (vap->iv_opmode == IEEE80211_M_IBSS) {
2589 *frm++ = IEEE80211_ELEMID_IBSSPARMS;
2590 *frm++ = 2;
2591 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
2592 bo->bo_tim_len = 0;
2593 } else if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
2594 vap->iv_opmode == IEEE80211_M_MBSS) {
2595 /* TIM IE is the same for Mesh and Hostap */
2596 struct ieee80211_tim_ie *tie = (struct ieee80211_tim_ie *) frm;
2597
2598 tie->tim_ie = IEEE80211_ELEMID_TIM;
2599 tie->tim_len = 4; /* length */
2600 tie->tim_count = 0; /* DTIM count */
2601 tie->tim_period = vap->iv_dtim_period; /* DTIM period */
2602 tie->tim_bitctl = 0; /* bitmap control */
2603 tie->tim_bitmap[0] = 0; /* Partial Virtual Bitmap */
2604 frm += sizeof(struct ieee80211_tim_ie);
2605 bo->bo_tim_len = 1;
2606 }
2607 bo->bo_tim_trailer = frm;
2608 if ((vap->iv_flags & IEEE80211_F_DOTH) ||
2609 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD))
2610 frm = ieee80211_add_countryie(frm, ic);
2611 if (vap->iv_flags & IEEE80211_F_DOTH) {
2612 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
2613 frm = ieee80211_add_powerconstraint(frm, vap);
2614 bo->bo_csa = frm;
2615 if (ic->ic_flags & IEEE80211_F_CSAPENDING)
2616 frm = ieee80211_add_csa(frm, vap);
2617 } else
2618 bo->bo_csa = frm;
2619 if (IEEE80211_IS_CHAN_ANYG(ni->ni_chan)) {
2620 bo->bo_erp = frm;
2621 frm = ieee80211_add_erp(frm, ic);
2622 }
2623 frm = ieee80211_add_xrates(frm, rs);
2624 if (vap->iv_flags & IEEE80211_F_WPA2) {
2625 if (vap->iv_rsn_ie != NULL)
2626 frm = add_ie(frm, vap->iv_rsn_ie);
2627 /* XXX else complain */
2628 }
2629 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
2630 frm = ieee80211_add_htcap(frm, ni);
2631 bo->bo_htinfo = frm;
2632 frm = ieee80211_add_htinfo(frm, ni);
2633 }
2634 if (vap->iv_flags & IEEE80211_F_WPA1) {
2635 if (vap->iv_wpa_ie != NULL)
2636 frm = add_ie(frm, vap->iv_wpa_ie);
2637 /* XXX else complain */
2638 }
2639 if (vap->iv_flags & IEEE80211_F_WME) {
2640 bo->bo_wme = frm;
2641 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2642 }
2643 if (IEEE80211_IS_CHAN_HT(ni->ni_chan) &&
2644 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT)) {
2645 frm = ieee80211_add_htcap_vendor(frm, ni);
2646 frm = ieee80211_add_htinfo_vendor(frm, ni);
2647 }
2648 #ifdef IEEE80211_SUPPORT_SUPERG
2649 if (vap->iv_flags & IEEE80211_F_ATHEROS) {
2650 bo->bo_ath = frm;
2651 frm = ieee80211_add_athcaps(frm, ni);
2652 }
2653 #endif
2654 #ifdef IEEE80211_SUPPORT_TDMA
2655 if (vap->iv_caps & IEEE80211_C_TDMA) {
2656 bo->bo_tdma = frm;
2657 frm = ieee80211_add_tdma(frm, vap);
2658 }
2659 #endif
2660 if (vap->iv_appie_beacon != NULL) {
2661 bo->bo_appie = frm;
2662 bo->bo_appie_len = vap->iv_appie_beacon->ie_len;
2663 frm = add_appie(frm, vap->iv_appie_beacon);
2664 }
2665 #ifdef IEEE80211_SUPPORT_MESH
2666 if (vap->iv_opmode == IEEE80211_M_MBSS) {
2667 frm = ieee80211_add_meshid(frm, vap);
2668 bo->bo_meshconf = frm;
2669 frm = ieee80211_add_meshconf(frm, vap);
2670 }
2671 #endif
2672 bo->bo_tim_trailer_len = frm - bo->bo_tim_trailer;
2673 bo->bo_csa_trailer_len = frm - bo->bo_csa;
2674 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2675 }
2676
2677 /*
2678 * Allocate a beacon frame and fillin the appropriate bits.
2679 */
2680 struct mbuf *
2681 ieee80211_beacon_alloc(struct ieee80211_node *ni,
2682 struct ieee80211_beacon_offsets *bo)
2683 {
2684 struct ieee80211vap *vap = ni->ni_vap;
2685 struct ieee80211com *ic = ni->ni_ic;
2686 struct ifnet *ifp = vap->iv_ifp;
2687 struct ieee80211_frame *wh;
2688 struct mbuf *m;
2689 int pktlen;
2690 uint8_t *frm;
2691
2692 /*
2693 * beacon frame format
2694 * [8] time stamp
2695 * [2] beacon interval
2696 * [2] cabability information
2697 * [tlv] ssid
2698 * [tlv] supported rates
2699 * [3] parameter set (DS)
2700 * [8] CF parameter set (optional)
2701 * [tlv] parameter set (IBSS/TIM)
2702 * [tlv] country (optional)
2703 * [3] power control (optional)
2704 * [5] channel switch announcement (CSA) (optional)
2705 * [tlv] extended rate phy (ERP)
2706 * [tlv] extended supported rates
2707 * [tlv] RSN parameters
2708 * [tlv] HT capabilities
2709 * [tlv] HT information
2710 * [tlv] Vendor OUI HT capabilities (optional)
2711 * [tlv] Vendor OUI HT information (optional)
2712 * XXX Vendor-specific OIDs (e.g. Atheros)
2713 * [tlv] WPA parameters
2714 * [tlv] WME parameters
2715 * [tlv] TDMA parameters (optional)
2716 * [tlv] Mesh ID (MBSS)
2717 * [tlv] Mesh Conf (MBSS)
2718 * [tlv] application data (optional)
2719 * NB: we allocate the max space required for the TIM bitmap.
2720 * XXX how big is this?
2721 */
2722 pktlen = 8 /* time stamp */
2723 + sizeof(uint16_t) /* beacon interval */
2724 + sizeof(uint16_t) /* capabilities */
2725 + 2 + ni->ni_esslen /* ssid */
2726 + 2 + IEEE80211_RATE_SIZE /* supported rates */
2727 + 2 + 1 /* DS parameters */
2728 + 2 + 6 /* CF parameters */
2729 + 2 + 4 + vap->iv_tim_len /* DTIM/IBSSPARMS */
2730 + IEEE80211_COUNTRY_MAX_SIZE /* country */
2731 + 2 + 1 /* power control */
2732 + sizeof(struct ieee80211_csa_ie) /* CSA */
2733 + 2 + 1 /* ERP */
2734 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2735 + (vap->iv_caps & IEEE80211_C_WPA ? /* WPA 1+2 */
2736 2*sizeof(struct ieee80211_ie_wpa) : 0)
2737 /* XXX conditional? */
2738 + 4+2*sizeof(struct ieee80211_ie_htcap)/* HT caps */
2739 + 4+2*sizeof(struct ieee80211_ie_htinfo)/* HT info */
2740 + (vap->iv_caps & IEEE80211_C_WME ? /* WME */
2741 sizeof(struct ieee80211_wme_param) : 0)
2742 #ifdef IEEE80211_SUPPORT_SUPERG
2743 + sizeof(struct ieee80211_ath_ie) /* ATH */
2744 #endif
2745 #ifdef IEEE80211_SUPPORT_TDMA
2746 + (vap->iv_caps & IEEE80211_C_TDMA ? /* TDMA */
2747 sizeof(struct ieee80211_tdma_param) : 0)
2748 #endif
2749 #ifdef IEEE80211_SUPPORT_MESH
2750 + 2 + ni->ni_meshidlen
2751 + sizeof(struct ieee80211_meshconf_ie)
2752 #endif
2753 + IEEE80211_MAX_APPIE
2754 ;
2755 m = ieee80211_getmgtframe(&frm,
2756 ic->ic_headroom + sizeof(struct ieee80211_frame), pktlen);
2757 if (m == NULL) {
2758 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY,
2759 "%s: cannot get buf; size %u\n", __func__, pktlen);
2760 vap->iv_stats.is_tx_nobuf++;
2761 return NULL;
2762 }
2763 ieee80211_beacon_construct(m, frm, bo, ni);
2764
2765 M_PREPEND(m, sizeof(struct ieee80211_frame), MB_DONTWAIT);
2766 KASSERT(m != NULL, ("no space for 802.11 header?"));
2767 wh = mtod(m, struct ieee80211_frame *);
2768 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
2769 IEEE80211_FC0_SUBTYPE_BEACON;
2770 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2771 *(uint16_t *)wh->i_dur = 0;
2772 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
2773 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
2774 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid);
2775 *(uint16_t *)wh->i_seq = 0;
2776
2777 return m;
2778 }
2779
2780 /*
2781 * Update the dynamic parts of a beacon frame based on the current state.
2782 */
2783 int
2784 ieee80211_beacon_update(struct ieee80211_node *ni,
2785 struct ieee80211_beacon_offsets *bo, struct mbuf *m, int mcast)
2786 {
2787 struct ieee80211vap *vap = ni->ni_vap;
2788 struct ieee80211com *ic = ni->ni_ic;
2789 int len_changed = 0;
2790 uint16_t capinfo;
2791
2792 /*
2793 * Handle 11h channel change when we've reached the count.
2794 * We must recalculate the beacon frame contents to account
2795 * for the new channel. Note we do this only for the first
2796 * vap that reaches this point; subsequent vaps just update
2797 * their beacon state to reflect the recalculated channel.
2798 */
2799 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA) &&
2800 vap->iv_csa_count == ic->ic_csa_count) {
2801 vap->iv_csa_count = 0;
2802 /*
2803 * Effect channel change before reconstructing the beacon
2804 * frame contents as many places reference ni_chan.
2805 */
2806 if (ic->ic_csa_newchan != NULL)
2807 ieee80211_csa_completeswitch(ic);
2808 /*
2809 * NB: ieee80211_beacon_construct clears all pending
2810 * updates in bo_flags so we don't need to explicitly
2811 * clear IEEE80211_BEACON_CSA.
2812 */
2813 ieee80211_beacon_construct(m,
2814 mtod(m, uint8_t*) + sizeof(struct ieee80211_frame), bo, ni);
2815
2816 /* XXX do WME aggressive mode processing? */
2817 return 1; /* just assume length changed */
2818 }
2819
2820 /* XXX faster to recalculate entirely or just changes? */
2821 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan);
2822 *bo->bo_caps = htole16(capinfo);
2823
2824 if (vap->iv_flags & IEEE80211_F_WME) {
2825 struct ieee80211_wme_state *wme = &ic->ic_wme;
2826
2827 /*
2828 * Check for agressive mode change. When there is
2829 * significant high priority traffic in the BSS
2830 * throttle back BE traffic by using conservative
2831 * parameters. Otherwise BE uses agressive params
2832 * to optimize performance of legacy/non-QoS traffic.
2833 */
2834 if (wme->wme_flags & WME_F_AGGRMODE) {
2835 if (wme->wme_hipri_traffic >
2836 wme->wme_hipri_switch_thresh) {
2837 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME,
2838 "%s: traffic %u, disable aggressive mode\n",
2839 __func__, wme->wme_hipri_traffic);
2840 wme->wme_flags &= ~WME_F_AGGRMODE;
2841 ieee80211_wme_updateparams_locked(vap);
2842 wme->wme_hipri_traffic =
2843 wme->wme_hipri_switch_hysteresis;
2844 } else
2845 wme->wme_hipri_traffic = 0;
2846 } else {
2847 if (wme->wme_hipri_traffic <=
2848 wme->wme_hipri_switch_thresh) {
2849 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME,
2850 "%s: traffic %u, enable aggressive mode\n",
2851 __func__, wme->wme_hipri_traffic);
2852 wme->wme_flags |= WME_F_AGGRMODE;
2853 ieee80211_wme_updateparams_locked(vap);
2854 wme->wme_hipri_traffic = 0;
2855 } else
2856 wme->wme_hipri_traffic =
2857 wme->wme_hipri_switch_hysteresis;
2858 }
2859 if (isset(bo->bo_flags, IEEE80211_BEACON_WME)) {
2860 (void) ieee80211_add_wme_param(bo->bo_wme, wme);
2861 clrbit(bo->bo_flags, IEEE80211_BEACON_WME);
2862 }
2863 }
2864
2865 if (isset(bo->bo_flags, IEEE80211_BEACON_HTINFO)) {
2866 ieee80211_ht_update_beacon(vap, bo);
2867 clrbit(bo->bo_flags, IEEE80211_BEACON_HTINFO);
2868 }
2869 #ifdef IEEE80211_SUPPORT_TDMA
2870 if (vap->iv_caps & IEEE80211_C_TDMA) {
2871 /*
2872 * NB: the beacon is potentially updated every TBTT.
2873 */
2874 ieee80211_tdma_update_beacon(vap, bo);
2875 }
2876 #endif
2877 #ifdef IEEE80211_SUPPORT_MESH
2878 if (vap->iv_opmode == IEEE80211_M_MBSS)
2879 ieee80211_mesh_update_beacon(vap, bo);
2880 #endif
2881
2882 if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
2883 vap->iv_opmode == IEEE80211_M_MBSS) { /* NB: no IBSS support*/
2884 struct ieee80211_tim_ie *tie =
2885 (struct ieee80211_tim_ie *) bo->bo_tim;
2886 if (isset(bo->bo_flags, IEEE80211_BEACON_TIM)) {
2887 u_int timlen, timoff, i;
2888 /*
2889 * ATIM/DTIM needs updating. If it fits in the
2890 * current space allocated then just copy in the
2891 * new bits. Otherwise we need to move any trailing
2892 * data to make room. Note that we know there is
2893 * contiguous space because ieee80211_beacon_allocate
2894 * insures there is space in the mbuf to write a
2895 * maximal-size virtual bitmap (based on iv_max_aid).
2896 */
2897 /*
2898 * Calculate the bitmap size and offset, copy any
2899 * trailer out of the way, and then copy in the
2900 * new bitmap and update the information element.
2901 * Note that the tim bitmap must contain at least
2902 * one byte and any offset must be even.
2903 */
2904 if (vap->iv_ps_pending != 0) {
2905 timoff = 128; /* impossibly large */
2906 for (i = 0; i < vap->iv_tim_len; i++)
2907 if (vap->iv_tim_bitmap[i]) {
2908 timoff = i &~ 1;
2909 break;
2910 }
2911 KASSERT(timoff != 128, ("tim bitmap empty!"));
2912 for (i = vap->iv_tim_len-1; i >= timoff; i--)
2913 if (vap->iv_tim_bitmap[i])
2914 break;
2915 timlen = 1 + (i - timoff);
2916 } else {
2917 timoff = 0;
2918 timlen = 1;
2919 }
2920 if (timlen != bo->bo_tim_len) {
2921 /* copy up/down trailer */
2922 int adjust = tie->tim_bitmap+timlen
2923 - bo->bo_tim_trailer;
2924 ovbcopy(bo->bo_tim_trailer,
2925 bo->bo_tim_trailer+adjust,
2926 bo->bo_tim_trailer_len);
2927 bo->bo_tim_trailer += adjust;
2928 bo->bo_erp += adjust;
2929 bo->bo_htinfo += adjust;
2930 #ifdef IEEE80211_SUPERG_SUPPORT
2931 bo->bo_ath += adjust;
2932 #endif
2933 #ifdef IEEE80211_TDMA_SUPPORT
2934 bo->bo_tdma += adjust;
2935 #endif
2936 #ifdef IEEE80211_MESH_SUPPORT
2937 bo->bo_meshconf += adjust;
2938 #endif
2939 bo->bo_appie += adjust;
2940 bo->bo_wme += adjust;
2941 bo->bo_csa += adjust;
2942 bo->bo_tim_len = timlen;
2943
2944 /* update information element */
2945 tie->tim_len = 3 + timlen;
2946 tie->tim_bitctl = timoff;
2947 len_changed = 1;
2948 }
2949 memcpy(tie->tim_bitmap, vap->iv_tim_bitmap + timoff,
2950 bo->bo_tim_len);
2951
2952 clrbit(bo->bo_flags, IEEE80211_BEACON_TIM);
2953
2954 IEEE80211_DPRINTF(vap, IEEE80211_MSG_POWER,
2955 "%s: TIM updated, pending %u, off %u, len %u\n",
2956 __func__, vap->iv_ps_pending, timoff, timlen);
2957 }
2958 /* count down DTIM period */
2959 if (tie->tim_count == 0)
2960 tie->tim_count = tie->tim_period - 1;
2961 else
2962 tie->tim_count--;
2963 /* update state for buffered multicast frames on DTIM */
2964 if (mcast && tie->tim_count == 0)
2965 tie->tim_bitctl |= 1;
2966 else
2967 tie->tim_bitctl &= ~1;
2968 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA)) {
2969 struct ieee80211_csa_ie *csa =
2970 (struct ieee80211_csa_ie *) bo->bo_csa;
2971
2972 /*
2973 * Insert or update CSA ie. If we're just starting
2974 * to count down to the channel switch then we need
2975 * to insert the CSA ie. Otherwise we just need to
2976 * drop the count. The actual change happens above
2977 * when the vap's count reaches the target count.
2978 */
2979 if (vap->iv_csa_count == 0) {
2980 memmove(&csa[1], csa, bo->bo_csa_trailer_len);
2981 bo->bo_erp += sizeof(*csa);
2982 bo->bo_htinfo += sizeof(*csa);
2983 bo->bo_wme += sizeof(*csa);
2984 #ifdef IEEE80211_SUPERG_SUPPORT
2985 bo->bo_ath += sizeof(*csa);
2986 #endif
2987 #ifdef IEEE80211_TDMA_SUPPORT
2988 bo->bo_tdma += sizeof(*csa);
2989 #endif
2990 #ifdef IEEE80211_MESH_SUPPORT
2991 bo->bo_meshconf += sizeof(*csa);
2992 #endif
2993 bo->bo_appie += sizeof(*csa);
2994 bo->bo_csa_trailer_len += sizeof(*csa);
2995 bo->bo_tim_trailer_len += sizeof(*csa);
2996 m->m_len += sizeof(*csa);
2997 m->m_pkthdr.len += sizeof(*csa);
2998
2999 ieee80211_add_csa(bo->bo_csa, vap);
3000 } else
3001 csa->csa_count--;
3002 vap->iv_csa_count++;
3003 /* NB: don't clear IEEE80211_BEACON_CSA */
3004 }
3005 if (isset(bo->bo_flags, IEEE80211_BEACON_ERP)) {
3006 /*
3007 * ERP element needs updating.
3008 */
3009 (void) ieee80211_add_erp(bo->bo_erp, ic);
3010 clrbit(bo->bo_flags, IEEE80211_BEACON_ERP);
3011 }
3012 #ifdef IEEE80211_SUPPORT_SUPERG
3013 if (isset(bo->bo_flags, IEEE80211_BEACON_ATH)) {
3014 ieee80211_add_athcaps(bo->bo_ath, ni);
3015 clrbit(bo->bo_flags, IEEE80211_BEACON_ATH);
3016 }
3017 #endif
3018 }
3019 if (isset(bo->bo_flags, IEEE80211_BEACON_APPIE)) {
3020 const struct ieee80211_appie *aie = vap->iv_appie_beacon;
3021 int aielen;
3022 uint8_t *frm;
3023
3024 aielen = 0;
3025 if (aie != NULL)
3026 aielen += aie->ie_len;
3027 if (aielen != bo->bo_appie_len) {
3028 /* copy up/down trailer */
3029 int adjust = aielen - bo->bo_appie_len;
3030 ovbcopy(bo->bo_tim_trailer, bo->bo_tim_trailer+adjust,
3031 bo->bo_tim_trailer_len);
3032 bo->bo_tim_trailer += adjust;
3033 bo->bo_appie += adjust;
3034 bo->bo_appie_len = aielen;
3035
3036 len_changed = 1;
3037 }
3038 frm = bo->bo_appie;
3039 if (aie != NULL)
3040 frm = add_appie(frm, aie);
3041 clrbit(bo->bo_flags, IEEE80211_BEACON_APPIE);
3042 }
3043
3044 return len_changed;
3045 }
DragonFly BSD