2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 * $FreeBSD: head/sys/net80211/ieee80211_output.c 198384 2009-10-23 11:13:08Z rpaulo $
30 #include "opt_inet6.h"
33 #include <sys/param.h>
34 #include <sys/systm.h>
36 #include <sys/kernel.h>
37 #include <sys/endian.h>
39 #include <sys/socket.h>
42 #include <net/ethernet.h>
43 #include <net/route.h>
45 #include <net/if_llc.h>
46 #include <net/if_media.h>
47 #include <net/ifq_var.h>
49 #include <netproto/802_11/ieee80211_var.h>
50 #include <netproto/802_11/ieee80211_regdomain.h>
51 #ifdef IEEE80211_SUPPORT_SUPERG
52 #include <netproto/802_11/ieee80211_superg.h>
54 #ifdef IEEE80211_SUPPORT_TDMA
55 #include <netproto/802_11/ieee80211_tdma.h>
57 #include <netproto/802_11/ieee80211_wds.h>
58 #include <netproto/802_11/ieee80211_mesh.h>
61 #include <netinet/in.h>
62 #include <netinet/if_ether.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
67 #include <netinet/ip6.h>
70 #define ETHER_HEADER_COPY(dst, src) \
71 memcpy(dst, src, sizeof(struct ether_header))
73 /* unalligned little endian access */
74 #define LE_WRITE_2(p, v) do { \
75 ((uint8_t *)(p))[0] = (v) & 0xff; \
76 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \
78 #define LE_WRITE_4(p, v) do { \
79 ((uint8_t *)(p))[0] = (v) & 0xff; \
80 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \
81 ((uint8_t *)(p))[2] = ((v) >> 16) & 0xff; \
82 ((uint8_t *)(p))[3] = ((v) >> 24) & 0xff; \
85 static int ieee80211_fragment(struct ieee80211vap
*, struct mbuf
*,
86 u_int hdrsize
, u_int ciphdrsize
, u_int mtu
);
87 static void ieee80211_tx_mgt_cb(struct ieee80211_node
*, void *, int);
89 #ifdef IEEE80211_DEBUG
91 * Decide if an outbound management frame should be
92 * printed when debugging is enabled. This filters some
93 * of the less interesting frames that come frequently
97 doprint(struct ieee80211vap
*vap
, int subtype
)
100 case IEEE80211_FC0_SUBTYPE_PROBE_RESP
:
101 return (vap
->iv_opmode
== IEEE80211_M_IBSS
);
108 * Start method for vap's. All packets from the stack come
109 * through here. We handle common processing of the packets
110 * before dispatching them to the underlying device.
113 ieee80211_start(struct ifnet
*ifp
)
115 #define IS_DWDS(vap) \
116 (vap->iv_opmode == IEEE80211_M_WDS && \
117 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0)
118 struct ieee80211vap
*vap
= ifp
->if_softc
;
119 struct ieee80211com
*ic
= vap
->iv_ic
;
120 struct ifnet
*parent
= ic
->ic_ifp
;
121 struct ieee80211_node
*ni
;
122 struct mbuf
*m
= NULL
;
123 struct ether_header
*eh
;
126 /* NB: parent must be up and running */
127 if (!IFNET_IS_UP_RUNNING(parent
)) {
128 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
129 "%s: ignore queue, parent %s not up+running\n",
130 __func__
, parent
->if_xname
);
132 ifq_purge(&ifp
->if_snd
);
135 if (vap
->iv_state
== IEEE80211_S_SLEEP
) {
137 * In power save, wakeup device for transmit.
139 ieee80211_new_state(vap
, IEEE80211_S_RUN
, 0);
140 ifq_purge(&ifp
->if_snd
);
144 * No data frames go out unless we're running.
145 * Note in particular this covers CAC and CSA
146 * states (though maybe we should check muting
149 if (vap
->iv_state
!= IEEE80211_S_RUN
) {
150 /* re-check under the com lock to avoid races */
151 if (vap
->iv_state
!= IEEE80211_S_RUN
) {
152 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
153 "%s: ignore queue, in %s state\n",
154 __func__
, ieee80211_state_name
[vap
->iv_state
]);
155 vap
->iv_stats
.is_tx_badstate
++;
156 ifp
->if_flags
|= IFF_OACTIVE
;
161 m
= ifq_dequeue(&ifp
->if_snd
, NULL
);
165 * Sanitize mbuf flags for net80211 use. We cannot
166 * clear M_PWR_SAV or M_MORE_DATA because these may
167 * be set for frames that are re-submitted from the
170 * NB: This must be done before ieee80211_classify as
171 * it marks EAPOL in frames with M_EAPOL.
173 m
->m_flags
&= ~(M_80211_TX
- M_PWR_SAV
- M_MORE_DATA
);
175 * Cancel any background scan.
177 if (ic
->ic_flags
& IEEE80211_F_SCAN
)
178 ieee80211_cancel_anyscan(vap
);
180 * Find the node for the destination so we can do
181 * things like power save and fast frames aggregation.
183 * NB: past this point various code assumes the first
184 * mbuf has the 802.3 header present (and contiguous).
187 if (m
->m_len
< sizeof(struct ether_header
) &&
188 (m
= m_pullup(m
, sizeof(struct ether_header
))) == NULL
) {
189 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
190 "discard frame, %s\n", "m_pullup failed");
191 vap
->iv_stats
.is_tx_nobuf
++; /* XXX */
195 eh
= mtod(m
, struct ether_header
*);
196 if (ETHER_IS_MULTICAST(eh
->ether_dhost
)) {
199 * Only unicast frames from the above go out
200 * DWDS vaps; multicast frames are handled by
201 * dispatching the frame as it comes through
202 * the AP vap (see below).
204 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_WDS
,
205 eh
->ether_dhost
, "mcast", "%s", "on DWDS");
206 vap
->iv_stats
.is_dwds_mcast
++;
210 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
) {
212 * Spam DWDS vap's w/ multicast traffic.
214 /* XXX only if dwds in use? */
215 ieee80211_dwds_mcast(vap
, m
);
218 #ifdef IEEE80211_SUPPORT_MESH
219 if (vap
->iv_opmode
!= IEEE80211_M_MBSS
) {
221 ni
= ieee80211_find_txnode(vap
, eh
->ether_dhost
);
223 /* NB: ieee80211_find_txnode does stat+msg */
228 if (ni
->ni_associd
== 0 &&
229 (ni
->ni_flags
& IEEE80211_NODE_ASSOCID
)) {
230 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_OUTPUT
,
231 eh
->ether_dhost
, NULL
,
232 "sta not associated (type 0x%04x)",
233 htons(eh
->ether_type
));
234 vap
->iv_stats
.is_tx_notassoc
++;
237 ieee80211_free_node(ni
);
240 #ifdef IEEE80211_SUPPORT_MESH
242 if (!IEEE80211_ADDR_EQ(eh
->ether_shost
, vap
->iv_myaddr
)) {
244 * Proxy station only if configured.
246 if (!ieee80211_mesh_isproxyena(vap
)) {
247 IEEE80211_DISCARD_MAC(vap
,
248 IEEE80211_MSG_OUTPUT
|
250 eh
->ether_dhost
, NULL
,
251 "%s", "proxy not enabled");
252 vap
->iv_stats
.is_mesh_notproxy
++;
257 ieee80211_mesh_proxy_check(vap
, eh
->ether_shost
);
259 ni
= ieee80211_mesh_discover(vap
, eh
->ether_dhost
, m
);
262 * NB: ieee80211_mesh_discover holds/disposes
263 * frame (e.g. queueing on path discovery).
270 if ((ni
->ni_flags
& IEEE80211_NODE_PWR_MGT
) &&
271 (m
->m_flags
& M_PWR_SAV
) == 0) {
273 * Station in power save mode; pass the frame
274 * to the 802.11 layer and continue. We'll get
275 * the frame back when the time is right.
276 * XXX lose WDS vap linkage?
278 (void) ieee80211_pwrsave(ni
, m
);
279 ieee80211_free_node(ni
);
282 /* calculate priority so drivers can find the tx queue */
283 if (ieee80211_classify(ni
, m
)) {
284 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_OUTPUT
,
285 eh
->ether_dhost
, NULL
,
286 "%s", "classification failure");
287 vap
->iv_stats
.is_tx_classify
++;
290 ieee80211_free_node(ni
);
294 * Stash the node pointer. Note that we do this after
295 * any call to ieee80211_dwds_mcast because that code
296 * uses any existing value for rcvif to identify the
297 * interface it (might have been) received on.
299 m
->m_pkthdr
.rcvif
= (void *)ni
;
301 BPF_MTAP(ifp
, m
); /* 802.3 tx */
304 * Check if A-MPDU tx aggregation is setup or if we
305 * should try to enable it. The sta must be associated
306 * with HT and A-MPDU enabled for use. When the policy
307 * routine decides we should enable A-MPDU we issue an
308 * ADDBA request and wait for a reply. The frame being
309 * encapsulated will go out w/o using A-MPDU, or possibly
310 * it might be collected by the driver and held/retransmit.
311 * The default ic_ampdu_enable routine handles staggering
312 * ADDBA requests in case the receiver NAK's us or we are
313 * otherwise unable to establish a BA stream.
315 if ((ni
->ni_flags
& IEEE80211_NODE_AMPDU_TX
) &&
316 (vap
->iv_flags_ht
& IEEE80211_FHT_AMPDU_TX
) &&
317 (m
->m_flags
& M_EAPOL
) == 0) {
318 const int ac
= M_WME_GETAC(m
);
319 struct ieee80211_tx_ampdu
*tap
= &ni
->ni_tx_ampdu
[ac
];
321 ieee80211_txampdu_count_packet(tap
);
322 if (IEEE80211_AMPDU_RUNNING(tap
)) {
324 * Operational, mark frame for aggregation.
326 * XXX do tx aggregation here
328 m
->m_flags
|= M_AMPDU_MPDU
;
329 } else if (!IEEE80211_AMPDU_REQUESTED(tap
) &&
330 ic
->ic_ampdu_enable(ni
, tap
)) {
332 * Not negotiated yet, request service.
334 ieee80211_ampdu_request(ni
, tap
);
335 /* XXX hold frame for reply? */
338 #ifdef IEEE80211_SUPPORT_SUPERG
339 else if (IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_NODE_FF
)) {
340 m
= ieee80211_ff_check(ni
, m
);
342 /* NB: any ni ref held on stageq */
346 #endif /* IEEE80211_SUPPORT_SUPERG */
347 if (__predict_true((vap
->iv_caps
& IEEE80211_C_8023ENCAP
) == 0)) {
349 * Encapsulate the packet in prep for transmission.
351 m
= ieee80211_encap(vap
, ni
, m
);
353 /* NB: stat+msg handled in ieee80211_encap */
354 ieee80211_free_node(ni
);
359 error
= ieee80211_handoff(parent
, m
);
361 /* NB: IFQ_HANDOFF reclaims mbuf */
362 ieee80211_free_node(ni
);
366 ic
->ic_lastdata
= ticks
;
373 * 802.11 output routine. This is (currently) used only to
374 * connect bpf write calls to the 802.11 layer for injecting
378 ieee80211_output(struct ifnet
*ifp
, struct mbuf
*m
,
379 struct sockaddr
*dst
, struct rtentry
*rt
)
381 #define senderr(e) do { error = (e); goto bad;} while (0)
382 struct ieee80211_node
*ni
= NULL
;
383 struct ieee80211vap
*vap
;
384 struct ieee80211_frame
*wh
;
387 if (ifp
->if_flags
& IFF_OACTIVE
) {
389 * Short-circuit requests if the vap is marked OACTIVE
390 * as this can happen because a packet came down through
391 * ieee80211_start before the vap entered RUN state in
392 * which case it's ok to just drop the frame. This
393 * should not be necessary but callers of if_output don't
400 * Hand to the 802.3 code if not tagged as
401 * a raw 802.11 frame.
403 if (dst
->sa_family
!= AF_IEEE80211
)
404 return vap
->iv_output(ifp
, m
, dst
, rt
);
406 error
= mac_ifnet_check_transmit(ifp
, m
);
410 if (ifp
->if_flags
& IFF_MONITOR
)
412 if (!IFNET_IS_UP_RUNNING(ifp
))
414 if (vap
->iv_state
== IEEE80211_S_CAC
) {
415 IEEE80211_DPRINTF(vap
,
416 IEEE80211_MSG_OUTPUT
| IEEE80211_MSG_DOTH
,
417 "block %s frame in CAC state\n", "raw data");
418 vap
->iv_stats
.is_tx_badstate
++;
419 senderr(EIO
); /* XXX */
421 /* XXX bypass bridge, pfil, carp, etc. */
423 if (m
->m_pkthdr
.len
< sizeof(struct ieee80211_frame_ack
))
424 senderr(EIO
); /* XXX */
425 wh
= mtod(m
, struct ieee80211_frame
*);
426 if ((wh
->i_fc
[0] & IEEE80211_FC0_VERSION_MASK
) !=
427 IEEE80211_FC0_VERSION_0
)
428 senderr(EIO
); /* XXX */
430 /* locate destination node */
431 switch (wh
->i_fc
[1] & IEEE80211_FC1_DIR_MASK
) {
432 case IEEE80211_FC1_DIR_NODS
:
433 case IEEE80211_FC1_DIR_FROMDS
:
434 ni
= ieee80211_find_txnode(vap
, wh
->i_addr1
);
436 case IEEE80211_FC1_DIR_TODS
:
437 case IEEE80211_FC1_DIR_DSTODS
:
438 if (m
->m_pkthdr
.len
< sizeof(struct ieee80211_frame
))
439 senderr(EIO
); /* XXX */
440 ni
= ieee80211_find_txnode(vap
, wh
->i_addr3
);
443 senderr(EIO
); /* XXX */
447 * Permit packets w/ bpf params through regardless
448 * (see below about sa_len).
450 if (dst
->sa_len
== 0)
451 senderr(EHOSTUNREACH
);
452 ni
= ieee80211_ref_node(vap
->iv_bss
);
456 * Sanitize mbuf for net80211 flags leaked from above.
458 * NB: This must be done before ieee80211_classify as
459 * it marks EAPOL in frames with M_EAPOL.
461 m
->m_flags
&= ~M_80211_TX
;
463 /* calculate priority so drivers can find the tx queue */
464 /* XXX assumes an 802.3 frame */
465 if (ieee80211_classify(ni
, m
))
466 senderr(EIO
); /* XXX */
469 IEEE80211_NODE_STAT(ni
, tx_data
);
470 if (IEEE80211_IS_MULTICAST(wh
->i_addr1
)) {
471 IEEE80211_NODE_STAT(ni
, tx_mcast
);
472 m
->m_flags
|= M_MCAST
;
474 IEEE80211_NODE_STAT(ni
, tx_ucast
);
475 /* NB: ieee80211_encap does not include 802.11 header */
476 IEEE80211_NODE_STAT_ADD(ni
, tx_bytes
, m
->m_pkthdr
.len
);
479 * NB: DLT_IEEE802_11_RADIO identifies the parameters are
480 * present by setting the sa_len field of the sockaddr (yes,
482 * NB: we assume sa_data is suitably aligned to cast.
484 return vap
->iv_ic
->ic_raw_xmit(ni
, m
,
485 (const struct ieee80211_bpf_params
*)(dst
->sa_len
?
486 dst
->sa_data
: NULL
));
491 ieee80211_free_node(ni
);
498 * Set the direction field and address fields of an outgoing
499 * frame. Note this should be called early on in constructing
500 * a frame as it sets i_fc[1]; other bits can then be or'd in.
503 ieee80211_send_setup(
504 struct ieee80211_node
*ni
,
507 const uint8_t sa
[IEEE80211_ADDR_LEN
],
508 const uint8_t da
[IEEE80211_ADDR_LEN
],
509 const uint8_t bssid
[IEEE80211_ADDR_LEN
])
511 #define WH4(wh) ((struct ieee80211_frame_addr4 *)wh)
512 struct ieee80211vap
*vap
= ni
->ni_vap
;
513 struct ieee80211_frame
*wh
= mtod(m
, struct ieee80211_frame
*);
516 wh
->i_fc
[0] = IEEE80211_FC0_VERSION_0
| type
;
517 if ((type
& IEEE80211_FC0_TYPE_MASK
) == IEEE80211_FC0_TYPE_DATA
) {
518 switch (vap
->iv_opmode
) {
519 case IEEE80211_M_STA
:
520 wh
->i_fc
[1] = IEEE80211_FC1_DIR_TODS
;
521 IEEE80211_ADDR_COPY(wh
->i_addr1
, bssid
);
522 IEEE80211_ADDR_COPY(wh
->i_addr2
, sa
);
523 IEEE80211_ADDR_COPY(wh
->i_addr3
, da
);
525 case IEEE80211_M_IBSS
:
526 case IEEE80211_M_AHDEMO
:
527 wh
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
528 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
529 IEEE80211_ADDR_COPY(wh
->i_addr2
, sa
);
530 IEEE80211_ADDR_COPY(wh
->i_addr3
, bssid
);
532 case IEEE80211_M_HOSTAP
:
533 wh
->i_fc
[1] = IEEE80211_FC1_DIR_FROMDS
;
534 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
535 IEEE80211_ADDR_COPY(wh
->i_addr2
, bssid
);
536 IEEE80211_ADDR_COPY(wh
->i_addr3
, sa
);
538 case IEEE80211_M_WDS
:
539 wh
->i_fc
[1] = IEEE80211_FC1_DIR_DSTODS
;
540 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
541 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
542 IEEE80211_ADDR_COPY(wh
->i_addr3
, da
);
543 IEEE80211_ADDR_COPY(WH4(wh
)->i_addr4
, sa
);
545 case IEEE80211_M_MBSS
:
546 #ifdef IEEE80211_SUPPORT_MESH
547 /* XXX add support for proxied addresses */
548 if (IEEE80211_IS_MULTICAST(da
)) {
549 wh
->i_fc
[1] = IEEE80211_FC1_DIR_FROMDS
;
551 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
552 IEEE80211_ADDR_COPY(wh
->i_addr2
,
555 wh
->i_fc
[1] = IEEE80211_FC1_DIR_DSTODS
;
556 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
557 IEEE80211_ADDR_COPY(wh
->i_addr2
,
559 IEEE80211_ADDR_COPY(wh
->i_addr3
, da
);
560 IEEE80211_ADDR_COPY(WH4(wh
)->i_addr4
, sa
);
564 case IEEE80211_M_MONITOR
: /* NB: to quiet compiler */
568 wh
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
569 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
570 IEEE80211_ADDR_COPY(wh
->i_addr2
, sa
);
571 #ifdef IEEE80211_SUPPORT_MESH
572 if (vap
->iv_opmode
== IEEE80211_M_MBSS
)
573 IEEE80211_ADDR_COPY(wh
->i_addr3
, sa
);
576 IEEE80211_ADDR_COPY(wh
->i_addr3
, bssid
);
578 *(uint16_t *)&wh
->i_dur
[0] = 0;
580 seqno
= ni
->ni_txseqs
[tid
]++;
581 *(uint16_t *)&wh
->i_seq
[0] = htole16(seqno
<< IEEE80211_SEQ_SEQ_SHIFT
);
582 M_SEQNO_SET(m
, seqno
);
584 if (IEEE80211_IS_MULTICAST(wh
->i_addr1
))
585 m
->m_flags
|= M_MCAST
;
590 * Send a management frame to the specified node. The node pointer
591 * must have a reference as the pointer will be passed to the driver
592 * and potentially held for a long time. If the frame is successfully
593 * dispatched to the driver, then it is responsible for freeing the
594 * reference (and potentially free'ing up any associated storage);
595 * otherwise deal with reclaiming any reference (on error).
598 ieee80211_mgmt_output(struct ieee80211_node
*ni
, struct mbuf
*m
, int type
,
599 struct ieee80211_bpf_params
*params
)
601 struct ieee80211vap
*vap
= ni
->ni_vap
;
602 struct ieee80211com
*ic
= ni
->ni_ic
;
603 struct ieee80211_frame
*wh
;
605 KASSERT(ni
!= NULL
, ("null node"));
607 if (vap
->iv_state
== IEEE80211_S_CAC
) {
608 IEEE80211_NOTE(vap
, IEEE80211_MSG_OUTPUT
| IEEE80211_MSG_DOTH
,
609 ni
, "block %s frame in CAC state",
610 ieee80211_mgt_subtype_name
[
611 (type
& IEEE80211_FC0_SUBTYPE_MASK
) >>
612 IEEE80211_FC0_SUBTYPE_SHIFT
]);
613 vap
->iv_stats
.is_tx_badstate
++;
614 ieee80211_free_node(ni
);
616 return EIO
; /* XXX */
619 M_PREPEND(m
, sizeof(struct ieee80211_frame
), MB_DONTWAIT
);
621 ieee80211_free_node(ni
);
625 wh
= mtod(m
, struct ieee80211_frame
*);
626 ieee80211_send_setup(ni
, m
,
627 IEEE80211_FC0_TYPE_MGT
| type
, IEEE80211_NONQOS_TID
,
628 vap
->iv_myaddr
, ni
->ni_macaddr
, ni
->ni_bssid
);
629 if (params
->ibp_flags
& IEEE80211_BPF_CRYPTO
) {
630 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_AUTH
, wh
->i_addr1
,
631 "encrypting frame (%s)", __func__
);
632 wh
->i_fc
[1] |= IEEE80211_FC1_WEP
;
634 m
->m_flags
|= M_ENCAP
; /* mark encapsulated */
636 KASSERT(type
!= IEEE80211_FC0_SUBTYPE_PROBE_RESP
, ("probe response?"));
637 M_WME_SETAC(m
, params
->ibp_pri
);
639 #ifdef IEEE80211_DEBUG
640 /* avoid printing too many frames */
641 if ((ieee80211_msg_debug(vap
) && doprint(vap
, type
)) ||
642 ieee80211_msg_dumppkts(vap
)) {
643 kprintf("[%6D] send %s on channel %u\n",
645 ieee80211_mgt_subtype_name
[
646 (type
& IEEE80211_FC0_SUBTYPE_MASK
) >>
647 IEEE80211_FC0_SUBTYPE_SHIFT
],
648 ieee80211_chan2ieee(ic
, ic
->ic_curchan
));
651 IEEE80211_NODE_STAT(ni
, tx_mgmt
);
653 return ic
->ic_raw_xmit(ni
, m
, params
);
657 * Send a null data frame to the specified node. If the station
658 * is setup for QoS then a QoS Null Data frame is constructed.
659 * If this is a WDS station then a 4-address frame is constructed.
661 * NB: the caller is assumed to have setup a node reference
662 * for use; this is necessary to deal with a race condition
663 * when probing for inactive stations. Like ieee80211_mgmt_output
664 * we must cleanup any node reference on error; however we
665 * can safely just unref it as we know it will never be the
666 * last reference to the node.
669 ieee80211_send_nulldata(struct ieee80211_node
*ni
)
671 struct ieee80211vap
*vap
= ni
->ni_vap
;
672 struct ieee80211com
*ic
= ni
->ni_ic
;
674 struct ieee80211_frame
*wh
;
678 if (vap
->iv_state
== IEEE80211_S_CAC
) {
679 IEEE80211_NOTE(vap
, IEEE80211_MSG_OUTPUT
| IEEE80211_MSG_DOTH
,
680 ni
, "block %s frame in CAC state", "null data");
681 ieee80211_unref_node(&ni
);
682 vap
->iv_stats
.is_tx_badstate
++;
683 return EIO
; /* XXX */
686 if (ni
->ni_flags
& (IEEE80211_NODE_QOS
|IEEE80211_NODE_HT
))
687 hdrlen
= sizeof(struct ieee80211_qosframe
);
689 hdrlen
= sizeof(struct ieee80211_frame
);
690 /* NB: only WDS vap's get 4-address frames */
691 if (vap
->iv_opmode
== IEEE80211_M_WDS
)
692 hdrlen
+= IEEE80211_ADDR_LEN
;
693 if (ic
->ic_flags
& IEEE80211_F_DATAPAD
)
694 hdrlen
= roundup(hdrlen
, sizeof(uint32_t));
696 m
= ieee80211_getmgtframe(&frm
, ic
->ic_headroom
+ hdrlen
, 0);
699 ieee80211_unref_node(&ni
);
700 vap
->iv_stats
.is_tx_nobuf
++;
703 KASSERT(M_LEADINGSPACE(m
) >= hdrlen
,
704 ("leading space %zd", M_LEADINGSPACE(m
)));
705 M_PREPEND(m
, hdrlen
, MB_DONTWAIT
);
707 /* NB: cannot happen */
708 ieee80211_free_node(ni
);
712 wh
= mtod(m
, struct ieee80211_frame
*); /* NB: a little lie */
713 if (ni
->ni_flags
& IEEE80211_NODE_QOS
) {
714 const int tid
= WME_AC_TO_TID(WME_AC_BE
);
717 ieee80211_send_setup(ni
, m
,
718 IEEE80211_FC0_TYPE_DATA
| IEEE80211_FC0_SUBTYPE_QOS_NULL
,
719 tid
, vap
->iv_myaddr
, ni
->ni_macaddr
, ni
->ni_bssid
);
721 if (vap
->iv_opmode
== IEEE80211_M_WDS
)
722 qos
= ((struct ieee80211_qosframe_addr4
*) wh
)->i_qos
;
724 qos
= ((struct ieee80211_qosframe
*) wh
)->i_qos
;
725 qos
[0] = tid
& IEEE80211_QOS_TID
;
726 if (ic
->ic_wme
.wme_wmeChanParams
.cap_wmeParams
[WME_AC_BE
].wmep_noackPolicy
)
727 qos
[0] |= IEEE80211_QOS_ACKPOLICY_NOACK
;
730 ieee80211_send_setup(ni
, m
,
731 IEEE80211_FC0_TYPE_DATA
| IEEE80211_FC0_SUBTYPE_NODATA
,
732 IEEE80211_NONQOS_TID
,
733 vap
->iv_myaddr
, ni
->ni_macaddr
, ni
->ni_bssid
);
735 if (vap
->iv_opmode
!= IEEE80211_M_WDS
) {
736 /* NB: power management bit is never sent by an AP */
737 if ((ni
->ni_flags
& IEEE80211_NODE_PWR_MGT
) &&
738 vap
->iv_opmode
!= IEEE80211_M_HOSTAP
)
739 wh
->i_fc
[1] |= IEEE80211_FC1_PWR_MGT
;
741 m
->m_len
= m
->m_pkthdr
.len
= hdrlen
;
742 m
->m_flags
|= M_ENCAP
; /* mark encapsulated */
744 M_WME_SETAC(m
, WME_AC_BE
);
746 IEEE80211_NODE_STAT(ni
, tx_data
);
748 IEEE80211_NOTE(vap
, IEEE80211_MSG_DEBUG
| IEEE80211_MSG_DUMPPKTS
, ni
,
749 "send %snull data frame on channel %u, pwr mgt %s",
750 ni
->ni_flags
& IEEE80211_NODE_QOS
? "QoS " : "",
751 ieee80211_chan2ieee(ic
, ic
->ic_curchan
),
752 wh
->i_fc
[1] & IEEE80211_FC1_PWR_MGT
? "ena" : "dis");
754 return ic
->ic_raw_xmit(ni
, m
, NULL
);
758 * Assign priority to a frame based on any vlan tag assigned
759 * to the station and/or any Diffserv setting in an IP header.
760 * Finally, if an ACM policy is setup (in station mode) it's
764 ieee80211_classify(struct ieee80211_node
*ni
, struct mbuf
*m
)
766 const struct ether_header
*eh
= mtod(m
, struct ether_header
*);
767 int v_wme_ac
, d_wme_ac
, ac
;
770 * Always promote PAE/EAPOL frames to high priority.
772 if (eh
->ether_type
== htons(ETHERTYPE_PAE
)) {
773 /* NB: mark so others don't need to check header */
774 m
->m_flags
|= M_EAPOL
;
779 * Non-qos traffic goes to BE.
781 if ((ni
->ni_flags
& IEEE80211_NODE_QOS
) == 0) {
787 * If node has a vlan tag then all traffic
788 * to it must have a matching tag.
791 if (ni
->ni_vlan
!= 0) {
792 if ((m
->m_flags
& M_VLANTAG
) == 0) {
793 IEEE80211_NODE_STAT(ni
, tx_novlantag
);
797 if (EVL_VLANOFTAG(m
->m_pkthdr
.ether_vlantag
) !=
798 EVL_VLANOFTAG(ni
->ni_vlan
)) {
799 IEEE80211_NODE_STAT(ni
, tx_vlanmismatch
);
802 /* map vlan priority to AC */
803 v_wme_ac
= TID_TO_WME_AC(EVL_PRIOFTAG(ni
->ni_vlan
));
807 /* XXX m_copydata may be too slow for fast path */
809 if (eh
->ether_type
== htons(ETHERTYPE_IP
)) {
812 * IP frame, map the DSCP bits from the TOS field.
814 /* NB: ip header may not be in first mbuf */
815 m_copydata(m
, sizeof(struct ether_header
) +
816 offsetof(struct ip
, ip_tos
), sizeof(tos
), &tos
);
817 tos
>>= 5; /* NB: ECN + low 3 bits of DSCP */
818 d_wme_ac
= TID_TO_WME_AC(tos
);
822 if (eh
->ether_type
== htons(ETHERTYPE_IPV6
)) {
826 * IPv6 frame, map the DSCP bits from the TOS field.
828 m_copydata(m
, sizeof(struct ether_header
) +
829 offsetof(struct ip6_hdr
, ip6_flow
), sizeof(flow
),
831 tos
= (uint8_t)(ntohl(flow
) >> 20);
832 tos
>>= 5; /* NB: ECN + low 3 bits of DSCP */
833 d_wme_ac
= TID_TO_WME_AC(tos
);
836 d_wme_ac
= WME_AC_BE
;
844 * Use highest priority AC.
846 if (v_wme_ac
> d_wme_ac
)
854 if (ni
->ni_vap
->iv_opmode
== IEEE80211_M_STA
) {
855 static const int acmap
[4] = {
856 WME_AC_BK
, /* WME_AC_BE */
857 WME_AC_BK
, /* WME_AC_BK */
858 WME_AC_BE
, /* WME_AC_VI */
859 WME_AC_VI
, /* WME_AC_VO */
861 struct ieee80211com
*ic
= ni
->ni_ic
;
863 while (ac
!= WME_AC_BK
&&
864 ic
->ic_wme
.wme_wmeBssChanParams
.cap_wmeParams
[ac
].wmep_acm
)
873 * Insure there is sufficient contiguous space to encapsulate the
874 * 802.11 data frame. If room isn't already there, arrange for it.
875 * Drivers and cipher modules assume we have done the necessary work
876 * and fail rudely if they don't find the space they need.
879 ieee80211_mbuf_adjust(struct ieee80211vap
*vap
, int hdrsize
,
880 struct ieee80211_key
*key
, struct mbuf
*m
)
882 #define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc))
883 struct mbuf
*mnew
= NULL
;
884 int needed_space
= vap
->iv_ic
->ic_headroom
+ hdrsize
;
887 /* XXX belongs in crypto code? */
888 needed_space
+= key
->wk_cipher
->ic_header
;
891 * When crypto is being done in the host we must insure
892 * the data are writable for the cipher routines; clone
893 * a writable mbuf chain.
894 * XXX handle SWMIC specially
896 if (key
->wk_flags
& (IEEE80211_KEY_SWENCRYPT
|IEEE80211_KEY_SWENMIC
)) {
897 mnew
= m_dup(m
, MB_DONTWAIT
);
899 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
900 "%s: cannot get writable mbuf\n", __func__
);
901 vap
->iv_stats
.is_tx_nobuf
++; /* XXX new stat */
909 * We know we are called just before stripping an Ethernet
910 * header and prepending an LLC header. This means we know
912 * sizeof(struct ether_header) - sizeof(struct llc)
913 * bytes recovered to which we need additional space for the
914 * 802.11 header and any crypto header.
916 /* XXX check trailing space and copy instead? */
917 if (M_LEADINGSPACE(m
) < needed_space
- TO_BE_RECLAIMED
) {
918 struct mbuf
*n
= m_gethdr(MB_DONTWAIT
, m
->m_type
);
920 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
921 "%s: cannot expand storage\n", __func__
);
922 vap
->iv_stats
.is_tx_nobuf
++;
926 KASSERT(needed_space
<= MHLEN
,
927 ("not enough room, need %u got %zu\n", needed_space
, MHLEN
));
929 * Setup new mbuf to have leading space to prepend the
930 * 802.11 header and any crypto header bits that are
931 * required (the latter are added when the driver calls
932 * back to ieee80211_crypto_encap to do crypto encapsulation).
934 /* NB: must be first 'cuz it clobbers m_data */
936 n
->m_len
= 0; /* NB: m_gethdr does not set */
937 n
->m_data
+= needed_space
;
939 * Pull up Ethernet header to create the expected layout.
940 * We could use m_pullup but that's overkill (i.e. we don't
941 * need the actual data) and it cannot fail so do it inline
944 /* NB: struct ether_header is known to be contiguous */
945 n
->m_len
+= sizeof(struct ether_header
);
946 m
->m_len
-= sizeof(struct ether_header
);
947 m
->m_data
+= sizeof(struct ether_header
);
949 * Replace the head of the chain.
955 #undef TO_BE_RECLAIMED
959 * Return the transmit key to use in sending a unicast frame.
960 * If a unicast key is set we use that. When no unicast key is set
961 * we fall back to the default transmit key.
963 static __inline
struct ieee80211_key
*
964 ieee80211_crypto_getucastkey(struct ieee80211vap
*vap
,
965 struct ieee80211_node
*ni
)
967 if (IEEE80211_KEY_UNDEFINED(&ni
->ni_ucastkey
)) {
968 if (vap
->iv_def_txkey
== IEEE80211_KEYIX_NONE
||
969 IEEE80211_KEY_UNDEFINED(&vap
->iv_nw_keys
[vap
->iv_def_txkey
]))
971 return &vap
->iv_nw_keys
[vap
->iv_def_txkey
];
973 return &ni
->ni_ucastkey
;
978 * Return the transmit key to use in sending a multicast frame.
979 * Multicast traffic always uses the group key which is installed as
980 * the default tx key.
982 static __inline
struct ieee80211_key
*
983 ieee80211_crypto_getmcastkey(struct ieee80211vap
*vap
,
984 struct ieee80211_node
*ni
)
986 if (vap
->iv_def_txkey
== IEEE80211_KEYIX_NONE
||
987 IEEE80211_KEY_UNDEFINED(&vap
->iv_nw_keys
[vap
->iv_def_txkey
]))
989 return &vap
->iv_nw_keys
[vap
->iv_def_txkey
];
993 * Encapsulate an outbound data frame. The mbuf chain is updated.
994 * If an error is encountered NULL is returned. The caller is required
995 * to provide a node reference and pullup the ethernet header in the
998 * NB: Packet is assumed to be processed by ieee80211_classify which
999 * marked EAPOL frames w/ M_EAPOL.
1002 ieee80211_encap(struct ieee80211vap
*vap
, struct ieee80211_node
*ni
,
1005 #define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh))
1006 struct ieee80211com
*ic
= ni
->ni_ic
;
1007 #ifdef IEEE80211_SUPPORT_MESH
1008 struct ieee80211_mesh_state
*ms
= vap
->iv_mesh
;
1009 struct ieee80211_meshcntl_ae10
*mc
;
1011 struct ether_header eh
;
1012 struct ieee80211_frame
*wh
;
1013 struct ieee80211_key
*key
;
1015 int hdrsize
, hdrspace
, datalen
, addqos
, txfrag
, is4addr
;
1016 ieee80211_seq seqno
;
1017 int meshhdrsize
, meshae
;
1021 * Copy existing Ethernet header to a safe place. The
1022 * rest of the code assumes it's ok to strip it when
1023 * reorganizing state for the final encapsulation.
1025 KASSERT(m
->m_len
>= sizeof(eh
), ("no ethernet header!"));
1026 ETHER_HEADER_COPY(&eh
, mtod(m
, caddr_t
));
1029 * Insure space for additional headers. First identify
1030 * transmit key to use in calculating any buffer adjustments
1031 * required. This is also used below to do privacy
1032 * encapsulation work. Then calculate the 802.11 header
1033 * size and any padding required by the driver.
1035 * Note key may be NULL if we fall back to the default
1036 * transmit key and that is not set. In that case the
1037 * buffer may not be expanded as needed by the cipher
1038 * routines, but they will/should discard it.
1040 if (vap
->iv_flags
& IEEE80211_F_PRIVACY
) {
1041 if (vap
->iv_opmode
== IEEE80211_M_STA
||
1042 !IEEE80211_IS_MULTICAST(eh
.ether_dhost
) ||
1043 (vap
->iv_opmode
== IEEE80211_M_WDS
&&
1044 (vap
->iv_flags_ext
& IEEE80211_FEXT_WDSLEGACY
)))
1045 key
= ieee80211_crypto_getucastkey(vap
, ni
);
1047 key
= ieee80211_crypto_getmcastkey(vap
, ni
);
1048 if (key
== NULL
&& (m
->m_flags
& M_EAPOL
) == 0) {
1049 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_CRYPTO
,
1051 "no default transmit key (%s) deftxkey %u",
1052 __func__
, vap
->iv_def_txkey
);
1053 vap
->iv_stats
.is_tx_nodefkey
++;
1059 * XXX Some ap's don't handle QoS-encapsulated EAPOL
1060 * frames so suppress use. This may be an issue if other
1061 * ap's require all data frames to be QoS-encapsulated
1062 * once negotiated in which case we'll need to make this
1065 addqos
= (ni
->ni_flags
& (IEEE80211_NODE_QOS
|IEEE80211_NODE_HT
)) &&
1066 (m
->m_flags
& M_EAPOL
) == 0;
1068 hdrsize
= sizeof(struct ieee80211_qosframe
);
1070 hdrsize
= sizeof(struct ieee80211_frame
);
1071 #ifdef IEEE80211_SUPPORT_MESH
1072 if (vap
->iv_opmode
== IEEE80211_M_MBSS
) {
1074 * Mesh data frames are encapsulated according to the
1075 * rules of Section 11B.8.5 (p.139 of D3.0 spec).
1076 * o Group Addressed data (aka multicast) originating
1077 * at the local sta are sent w/ 3-address format and
1078 * address extension mode 00
1079 * o Individually Addressed data (aka unicast) originating
1080 * at the local sta are sent w/ 4-address format and
1081 * address extension mode 00
1082 * o Group Addressed data forwarded from a non-mesh sta are
1083 * sent w/ 3-address format and address extension mode 01
1084 * o Individually Address data from another sta are sent
1085 * w/ 4-address format and address extension mode 10
1087 is4addr
= 0; /* NB: don't use, disable */
1088 if (!IEEE80211_IS_MULTICAST(eh
.ether_dhost
))
1089 hdrsize
+= IEEE80211_ADDR_LEN
; /* unicast are 4-addr */
1090 meshhdrsize
= sizeof(struct ieee80211_meshcntl
);
1091 /* XXX defines for AE modes */
1092 if (IEEE80211_ADDR_EQ(eh
.ether_shost
, vap
->iv_myaddr
)) {
1093 if (!IEEE80211_IS_MULTICAST(eh
.ether_dhost
))
1096 meshae
= 4; /* NB: pseudo */
1097 } else if (IEEE80211_IS_MULTICAST(eh
.ether_dhost
)) {
1099 meshhdrsize
+= 1*IEEE80211_ADDR_LEN
;
1102 meshhdrsize
+= 2*IEEE80211_ADDR_LEN
;
1107 * 4-address frames need to be generated for:
1108 * o packets sent through a WDS vap (IEEE80211_M_WDS)
1109 * o packets sent through a vap marked for relaying
1110 * (e.g. a station operating with dynamic WDS)
1112 is4addr
= vap
->iv_opmode
== IEEE80211_M_WDS
||
1113 ((vap
->iv_flags_ext
& IEEE80211_FEXT_4ADDR
) &&
1114 !IEEE80211_ADDR_EQ(eh
.ether_shost
, vap
->iv_myaddr
));
1116 hdrsize
+= IEEE80211_ADDR_LEN
;
1117 meshhdrsize
= meshae
= 0;
1118 #ifdef IEEE80211_SUPPORT_MESH
1122 * Honor driver DATAPAD requirement.
1124 if (ic
->ic_flags
& IEEE80211_F_DATAPAD
)
1125 hdrspace
= roundup(hdrsize
, sizeof(uint32_t));
1129 if (__predict_true((m
->m_flags
& M_FF
) == 0)) {
1133 m
= ieee80211_mbuf_adjust(vap
, hdrspace
+ meshhdrsize
, key
, m
);
1135 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */
1138 /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */
1139 m_adj(m
, sizeof(struct ether_header
) - sizeof(struct llc
));
1140 llc
= mtod(m
, struct llc
*);
1141 llc
->llc_dsap
= llc
->llc_ssap
= LLC_SNAP_LSAP
;
1142 llc
->llc_control
= LLC_UI
;
1143 llc
->llc_snap
.org_code
[0] = 0;
1144 llc
->llc_snap
.org_code
[1] = 0;
1145 llc
->llc_snap
.org_code
[2] = 0;
1146 llc
->llc_snap
.ether_type
= eh
.ether_type
;
1148 #ifdef IEEE80211_SUPPORT_SUPERG
1152 m
= ieee80211_ff_encap(vap
, m
, hdrspace
+ meshhdrsize
, key
);
1157 datalen
= m
->m_pkthdr
.len
; /* NB: w/o 802.11 header */
1159 M_PREPEND(m
, hdrspace
+ meshhdrsize
, MB_DONTWAIT
);
1161 vap
->iv_stats
.is_tx_nobuf
++;
1164 wh
= mtod(m
, struct ieee80211_frame
*);
1165 wh
->i_fc
[0] = IEEE80211_FC0_VERSION_0
| IEEE80211_FC0_TYPE_DATA
;
1166 *(uint16_t *)wh
->i_dur
= 0;
1167 qos
= NULL
; /* NB: quiet compiler */
1169 wh
->i_fc
[1] = IEEE80211_FC1_DIR_DSTODS
;
1170 IEEE80211_ADDR_COPY(wh
->i_addr1
, ni
->ni_macaddr
);
1171 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
1172 IEEE80211_ADDR_COPY(wh
->i_addr3
, eh
.ether_dhost
);
1173 IEEE80211_ADDR_COPY(WH4(wh
)->i_addr4
, eh
.ether_shost
);
1174 } else switch (vap
->iv_opmode
) {
1175 case IEEE80211_M_STA
:
1176 wh
->i_fc
[1] = IEEE80211_FC1_DIR_TODS
;
1177 IEEE80211_ADDR_COPY(wh
->i_addr1
, ni
->ni_bssid
);
1178 IEEE80211_ADDR_COPY(wh
->i_addr2
, eh
.ether_shost
);
1179 IEEE80211_ADDR_COPY(wh
->i_addr3
, eh
.ether_dhost
);
1181 case IEEE80211_M_IBSS
:
1182 case IEEE80211_M_AHDEMO
:
1183 wh
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
1184 IEEE80211_ADDR_COPY(wh
->i_addr1
, eh
.ether_dhost
);
1185 IEEE80211_ADDR_COPY(wh
->i_addr2
, eh
.ether_shost
);
1187 * NB: always use the bssid from iv_bss as the
1188 * neighbor's may be stale after an ibss merge
1190 IEEE80211_ADDR_COPY(wh
->i_addr3
, vap
->iv_bss
->ni_bssid
);
1192 case IEEE80211_M_HOSTAP
:
1193 wh
->i_fc
[1] = IEEE80211_FC1_DIR_FROMDS
;
1194 IEEE80211_ADDR_COPY(wh
->i_addr1
, eh
.ether_dhost
);
1195 IEEE80211_ADDR_COPY(wh
->i_addr2
, ni
->ni_bssid
);
1196 IEEE80211_ADDR_COPY(wh
->i_addr3
, eh
.ether_shost
);
1198 #ifdef IEEE80211_SUPPORT_MESH
1199 case IEEE80211_M_MBSS
:
1200 /* NB: offset by hdrspace to deal with DATAPAD */
1201 mc
= (struct ieee80211_meshcntl_ae10
*)
1202 (mtod(m
, uint8_t *) + hdrspace
);
1204 case 0: /* ucast, no proxy */
1205 wh
->i_fc
[1] = IEEE80211_FC1_DIR_DSTODS
;
1206 IEEE80211_ADDR_COPY(wh
->i_addr1
, ni
->ni_macaddr
);
1207 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
1208 IEEE80211_ADDR_COPY(wh
->i_addr3
, eh
.ether_dhost
);
1209 IEEE80211_ADDR_COPY(WH4(wh
)->i_addr4
, eh
.ether_shost
);
1211 qos
= ((struct ieee80211_qosframe_addr4
*) wh
)->i_qos
;
1213 case 4: /* mcast, no proxy */
1214 wh
->i_fc
[1] = IEEE80211_FC1_DIR_FROMDS
;
1215 IEEE80211_ADDR_COPY(wh
->i_addr1
, eh
.ether_dhost
);
1216 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
1217 IEEE80211_ADDR_COPY(wh
->i_addr3
, eh
.ether_shost
);
1218 mc
->mc_flags
= 0; /* NB: AE is really 0 */
1219 qos
= ((struct ieee80211_qosframe
*) wh
)->i_qos
;
1221 case 1: /* mcast, proxy */
1222 wh
->i_fc
[1] = IEEE80211_FC1_DIR_FROMDS
;
1223 IEEE80211_ADDR_COPY(wh
->i_addr1
, eh
.ether_dhost
);
1224 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
1225 IEEE80211_ADDR_COPY(wh
->i_addr3
, vap
->iv_myaddr
);
1227 IEEE80211_ADDR_COPY(mc
->mc_addr4
, eh
.ether_shost
);
1228 qos
= ((struct ieee80211_qosframe
*) wh
)->i_qos
;
1230 case 2: /* ucast, proxy */
1231 wh
->i_fc
[1] = IEEE80211_FC1_DIR_DSTODS
;
1232 IEEE80211_ADDR_COPY(wh
->i_addr1
, ni
->ni_macaddr
);
1233 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
1234 /* XXX not right, need MeshDA */
1235 IEEE80211_ADDR_COPY(wh
->i_addr3
, eh
.ether_dhost
);
1236 /* XXX assume are MeshSA */
1237 IEEE80211_ADDR_COPY(WH4(wh
)->i_addr4
, vap
->iv_myaddr
);
1239 IEEE80211_ADDR_COPY(mc
->mc_addr4
, eh
.ether_dhost
);
1240 IEEE80211_ADDR_COPY(mc
->mc_addr5
, eh
.ether_shost
);
1241 qos
= ((struct ieee80211_qosframe_addr4
*) wh
)->i_qos
;
1244 KASSERT(0, ("meshae %d", meshae
));
1247 mc
->mc_ttl
= ms
->ms_ttl
;
1249 LE_WRITE_4(mc
->mc_seq
, ms
->ms_seq
);
1252 case IEEE80211_M_WDS
: /* NB: is4addr should always be true */
1256 if (m
->m_flags
& M_MORE_DATA
)
1257 wh
->i_fc
[1] |= IEEE80211_FC1_MORE_DATA
;
1262 qos
= ((struct ieee80211_qosframe_addr4
*) wh
)->i_qos
;
1263 /* NB: mesh case handled earlier */
1264 } else if (vap
->iv_opmode
!= IEEE80211_M_MBSS
)
1265 qos
= ((struct ieee80211_qosframe
*) wh
)->i_qos
;
1266 ac
= M_WME_GETAC(m
);
1267 /* map from access class/queue to 11e header priorty value */
1268 tid
= WME_AC_TO_TID(ac
);
1269 qos
[0] = tid
& IEEE80211_QOS_TID
;
1270 if (ic
->ic_wme
.wme_wmeChanParams
.cap_wmeParams
[ac
].wmep_noackPolicy
)
1271 qos
[0] |= IEEE80211_QOS_ACKPOLICY_NOACK
;
1273 wh
->i_fc
[0] |= IEEE80211_FC0_SUBTYPE_QOS
;
1275 if ((m
->m_flags
& M_AMPDU_MPDU
) == 0) {
1277 * NB: don't assign a sequence # to potential
1278 * aggregates; we expect this happens at the
1279 * point the frame comes off any aggregation q
1280 * as otherwise we may introduce holes in the
1281 * BA sequence space and/or make window accouting
1284 * XXX may want to control this with a driver
1285 * capability; this may also change when we pull
1286 * aggregation up into net80211
1288 seqno
= ni
->ni_txseqs
[tid
]++;
1289 *(uint16_t *)wh
->i_seq
=
1290 htole16(seqno
<< IEEE80211_SEQ_SEQ_SHIFT
);
1291 M_SEQNO_SET(m
, seqno
);
1294 seqno
= ni
->ni_txseqs
[IEEE80211_NONQOS_TID
]++;
1295 *(uint16_t *)wh
->i_seq
=
1296 htole16(seqno
<< IEEE80211_SEQ_SEQ_SHIFT
);
1297 M_SEQNO_SET(m
, seqno
);
1301 /* check if xmit fragmentation is required */
1302 txfrag
= (m
->m_pkthdr
.len
> vap
->iv_fragthreshold
&&
1303 !IEEE80211_IS_MULTICAST(wh
->i_addr1
) &&
1304 (vap
->iv_caps
& IEEE80211_C_TXFRAG
) &&
1305 (m
->m_flags
& (M_FF
| M_AMPDU_MPDU
)) == 0);
1308 * IEEE 802.1X: send EAPOL frames always in the clear.
1309 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.
1311 if ((m
->m_flags
& M_EAPOL
) == 0 ||
1312 ((vap
->iv_flags
& IEEE80211_F_WPA
) &&
1313 (vap
->iv_opmode
== IEEE80211_M_STA
?
1314 !IEEE80211_KEY_UNDEFINED(key
) :
1315 !IEEE80211_KEY_UNDEFINED(&ni
->ni_ucastkey
)))) {
1316 wh
->i_fc
[1] |= IEEE80211_FC1_WEP
;
1317 if (!ieee80211_crypto_enmic(vap
, key
, m
, txfrag
)) {
1318 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_OUTPUT
,
1320 "%s", "enmic failed, discard frame");
1321 vap
->iv_stats
.is_crypto_enmicfail
++;
1326 if (txfrag
&& !ieee80211_fragment(vap
, m
, hdrsize
,
1327 key
!= NULL
? key
->wk_cipher
->ic_header
: 0, vap
->iv_fragthreshold
))
1330 m
->m_flags
|= M_ENCAP
; /* mark encapsulated */
1332 IEEE80211_NODE_STAT(ni
, tx_data
);
1333 if (IEEE80211_IS_MULTICAST(wh
->i_addr1
)) {
1334 IEEE80211_NODE_STAT(ni
, tx_mcast
);
1335 m
->m_flags
|= M_MCAST
;
1337 IEEE80211_NODE_STAT(ni
, tx_ucast
);
1338 IEEE80211_NODE_STAT_ADD(ni
, tx_bytes
, datalen
);
1349 * Fragment the frame according to the specified mtu.
1350 * The size of the 802.11 header (w/o padding) is provided
1351 * so we don't need to recalculate it. We create a new
1352 * mbuf for each fragment and chain it through m_nextpkt;
1353 * we might be able to optimize this by reusing the original
1354 * packet's mbufs but that is significantly more complicated.
1357 ieee80211_fragment(struct ieee80211vap
*vap
, struct mbuf
*m0
,
1358 u_int hdrsize
, u_int ciphdrsize
, u_int mtu
)
1360 struct ieee80211_frame
*wh
, *whf
;
1361 struct mbuf
*m
, *prev
, *next
;
1362 u_int totalhdrsize
, fragno
, fragsize
, off
, remainder
, payload
;
1364 KASSERT(m0
->m_nextpkt
== NULL
, ("mbuf already chained?"));
1365 KASSERT(m0
->m_pkthdr
.len
> mtu
,
1366 ("pktlen %u mtu %u", m0
->m_pkthdr
.len
, mtu
));
1368 wh
= mtod(m0
, struct ieee80211_frame
*);
1369 /* NB: mark the first frag; it will be propagated below */
1370 wh
->i_fc
[1] |= IEEE80211_FC1_MORE_FRAG
;
1371 totalhdrsize
= hdrsize
+ ciphdrsize
;
1373 off
= mtu
- ciphdrsize
;
1374 remainder
= m0
->m_pkthdr
.len
- off
;
1377 fragsize
= totalhdrsize
+ remainder
;
1380 /* XXX fragsize can be >2048! */
1381 KASSERT(fragsize
< MCLBYTES
,
1382 ("fragment size %u too big!", fragsize
));
1383 if (fragsize
> MHLEN
)
1384 m
= m_getcl(MB_DONTWAIT
, MT_DATA
, M_PKTHDR
);
1386 m
= m_gethdr(MB_DONTWAIT
, MT_DATA
);
1389 /* leave room to prepend any cipher header */
1390 m_align(m
, fragsize
- ciphdrsize
);
1393 * Form the header in the fragment. Note that since
1394 * we mark the first fragment with the MORE_FRAG bit
1395 * it automatically is propagated to each fragment; we
1396 * need only clear it on the last fragment (done below).
1398 whf
= mtod(m
, struct ieee80211_frame
*);
1399 memcpy(whf
, wh
, hdrsize
);
1400 *(uint16_t *)&whf
->i_seq
[0] |= htole16(
1401 (fragno
& IEEE80211_SEQ_FRAG_MASK
) <<
1402 IEEE80211_SEQ_FRAG_SHIFT
);
1405 payload
= fragsize
- totalhdrsize
;
1406 /* NB: destination is known to be contiguous */
1407 m_copydata(m0
, off
, payload
, mtod(m
, uint8_t *) + hdrsize
);
1408 m
->m_len
= hdrsize
+ payload
;
1409 m
->m_pkthdr
.len
= hdrsize
+ payload
;
1410 m
->m_flags
|= M_FRAG
;
1411 m
->m_pkthdr
.rcvif
= m0
->m_pkthdr
.rcvif
;
1413 /* chain up the fragment */
1414 prev
->m_nextpkt
= m
;
1417 /* deduct fragment just formed */
1418 remainder
-= payload
;
1420 } while (remainder
!= 0);
1422 /* set the last fragment */
1423 m
->m_flags
|= M_LASTFRAG
;
1424 whf
->i_fc
[1] &= ~IEEE80211_FC1_MORE_FRAG
;
1426 /* strip first mbuf now that everything has been copied */
1427 m_adj(m0
, -(m0
->m_pkthdr
.len
- (mtu
- ciphdrsize
)));
1428 m0
->m_flags
|= M_FIRSTFRAG
| M_FRAG
;
1430 vap
->iv_stats
.is_tx_fragframes
++;
1431 vap
->iv_stats
.is_tx_frags
+= fragno
-1;
1435 /* reclaim fragments but leave original frame for caller to free */
1436 for (m
= m0
->m_nextpkt
; m
!= NULL
; m
= next
) {
1437 next
= m
->m_nextpkt
;
1438 m
->m_nextpkt
= NULL
; /* XXX paranoid */
1441 m0
->m_nextpkt
= NULL
;
1446 * Add a supported rates element id to a frame.
1449 ieee80211_add_rates(uint8_t *frm
, const struct ieee80211_rateset
*rs
)
1453 *frm
++ = IEEE80211_ELEMID_RATES
;
1454 nrates
= rs
->rs_nrates
;
1455 if (nrates
> IEEE80211_RATE_SIZE
)
1456 nrates
= IEEE80211_RATE_SIZE
;
1458 memcpy(frm
, rs
->rs_rates
, nrates
);
1459 return frm
+ nrates
;
1463 * Add an extended supported rates element id to a frame.
1466 ieee80211_add_xrates(uint8_t *frm
, const struct ieee80211_rateset
*rs
)
1469 * Add an extended supported rates element if operating in 11g mode.
1471 if (rs
->rs_nrates
> IEEE80211_RATE_SIZE
) {
1472 int nrates
= rs
->rs_nrates
- IEEE80211_RATE_SIZE
;
1473 *frm
++ = IEEE80211_ELEMID_XRATES
;
1475 memcpy(frm
, rs
->rs_rates
+ IEEE80211_RATE_SIZE
, nrates
);
1482 * Add an ssid element to a frame.
1485 ieee80211_add_ssid(uint8_t *frm
, const uint8_t *ssid
, u_int len
)
1487 *frm
++ = IEEE80211_ELEMID_SSID
;
1489 memcpy(frm
, ssid
, len
);
1494 * Add an erp element to a frame.
1497 ieee80211_add_erp(uint8_t *frm
, struct ieee80211com
*ic
)
1501 *frm
++ = IEEE80211_ELEMID_ERP
;
1504 if (ic
->ic_nonerpsta
!= 0)
1505 erp
|= IEEE80211_ERP_NON_ERP_PRESENT
;
1506 if (ic
->ic_flags
& IEEE80211_F_USEPROT
)
1507 erp
|= IEEE80211_ERP_USE_PROTECTION
;
1508 if (ic
->ic_flags
& IEEE80211_F_USEBARKER
)
1509 erp
|= IEEE80211_ERP_LONG_PREAMBLE
;
1515 * Add a CFParams element to a frame.
1518 ieee80211_add_cfparms(uint8_t *frm
, struct ieee80211com
*ic
)
1520 #define ADDSHORT(frm, v) do { \
1521 LE_WRITE_2(frm, v); \
1524 *frm
++ = IEEE80211_ELEMID_CFPARMS
;
1526 *frm
++ = 0; /* CFP count */
1527 *frm
++ = 2; /* CFP period */
1528 ADDSHORT(frm
, 0); /* CFP MaxDuration (TU) */
1529 ADDSHORT(frm
, 0); /* CFP CurRemaining (TU) */
1534 static __inline
uint8_t *
1535 add_appie(uint8_t *frm
, const struct ieee80211_appie
*ie
)
1537 memcpy(frm
, ie
->ie_data
, ie
->ie_len
);
1538 return frm
+ ie
->ie_len
;
1541 static __inline
uint8_t *
1542 add_ie(uint8_t *frm
, const uint8_t *ie
)
1544 memcpy(frm
, ie
, 2 + ie
[1]);
1545 return frm
+ 2 + ie
[1];
1548 #define WME_OUI_BYTES 0x00, 0x50, 0xf2
1550 * Add a WME information element to a frame.
1553 ieee80211_add_wme_info(uint8_t *frm
, struct ieee80211_wme_state
*wme
)
1555 static const struct ieee80211_wme_info info
= {
1556 .wme_id
= IEEE80211_ELEMID_VENDOR
,
1557 .wme_len
= sizeof(struct ieee80211_wme_info
) - 2,
1558 .wme_oui
= { WME_OUI_BYTES
},
1559 .wme_type
= WME_OUI_TYPE
,
1560 .wme_subtype
= WME_INFO_OUI_SUBTYPE
,
1561 .wme_version
= WME_VERSION
,
1564 memcpy(frm
, &info
, sizeof(info
));
1565 return frm
+ sizeof(info
);
1569 * Add a WME parameters element to a frame.
1572 ieee80211_add_wme_param(uint8_t *frm
, struct ieee80211_wme_state
*wme
)
1574 #define SM(_v, _f) (((_v) << _f##_S) & _f)
1575 #define ADDSHORT(frm, v) do { \
1576 LE_WRITE_2(frm, v); \
1579 /* NB: this works 'cuz a param has an info at the front */
1580 static const struct ieee80211_wme_info param
= {
1581 .wme_id
= IEEE80211_ELEMID_VENDOR
,
1582 .wme_len
= sizeof(struct ieee80211_wme_param
) - 2,
1583 .wme_oui
= { WME_OUI_BYTES
},
1584 .wme_type
= WME_OUI_TYPE
,
1585 .wme_subtype
= WME_PARAM_OUI_SUBTYPE
,
1586 .wme_version
= WME_VERSION
,
1590 memcpy(frm
, ¶m
, sizeof(param
));
1591 frm
+= __offsetof(struct ieee80211_wme_info
, wme_info
);
1592 *frm
++ = wme
->wme_bssChanParams
.cap_info
; /* AC info */
1593 *frm
++ = 0; /* reserved field */
1594 for (i
= 0; i
< WME_NUM_AC
; i
++) {
1595 const struct wmeParams
*ac
=
1596 &wme
->wme_bssChanParams
.cap_wmeParams
[i
];
1597 *frm
++ = SM(i
, WME_PARAM_ACI
)
1598 | SM(ac
->wmep_acm
, WME_PARAM_ACM
)
1599 | SM(ac
->wmep_aifsn
, WME_PARAM_AIFSN
)
1601 *frm
++ = SM(ac
->wmep_logcwmax
, WME_PARAM_LOGCWMAX
)
1602 | SM(ac
->wmep_logcwmin
, WME_PARAM_LOGCWMIN
)
1604 ADDSHORT(frm
, ac
->wmep_txopLimit
);
1610 #undef WME_OUI_BYTES
1613 * Add an 11h Power Constraint element to a frame.
1616 ieee80211_add_powerconstraint(uint8_t *frm
, struct ieee80211vap
*vap
)
1618 const struct ieee80211_channel
*c
= vap
->iv_bss
->ni_chan
;
1619 /* XXX per-vap tx power limit? */
1620 int8_t limit
= vap
->iv_ic
->ic_txpowlimit
/ 2;
1622 frm
[0] = IEEE80211_ELEMID_PWRCNSTR
;
1624 frm
[2] = c
->ic_maxregpower
> limit
? c
->ic_maxregpower
- limit
: 0;
1629 * Add an 11h Power Capability element to a frame.
1632 ieee80211_add_powercapability(uint8_t *frm
, const struct ieee80211_channel
*c
)
1634 frm
[0] = IEEE80211_ELEMID_PWRCAP
;
1636 frm
[2] = c
->ic_minpower
;
1637 frm
[3] = c
->ic_maxpower
;
1642 * Add an 11h Supported Channels element to a frame.
1645 ieee80211_add_supportedchannels(uint8_t *frm
, struct ieee80211com
*ic
)
1647 static const int ielen
= 26;
1649 frm
[0] = IEEE80211_ELEMID_SUPPCHAN
;
1651 /* XXX not correct */
1652 memcpy(frm
+2, ic
->ic_chan_avail
, ielen
);
1653 return frm
+ 2 + ielen
;
1657 * Add an 11h Channel Switch Announcement element to a frame.
1658 * Note that we use the per-vap CSA count to adjust the global
1659 * counter so we can use this routine to form probe response
1660 * frames and get the current count.
1663 ieee80211_add_csa(uint8_t *frm
, struct ieee80211vap
*vap
)
1665 struct ieee80211com
*ic
= vap
->iv_ic
;
1666 struct ieee80211_csa_ie
*csa
= (struct ieee80211_csa_ie
*) frm
;
1668 csa
->csa_ie
= IEEE80211_ELEMID_CSA
;
1670 csa
->csa_mode
= 1; /* XXX force quiet on channel */
1671 csa
->csa_newchan
= ieee80211_chan2ieee(ic
, ic
->ic_csa_newchan
);
1672 csa
->csa_count
= ic
->ic_csa_count
- vap
->iv_csa_count
;
1673 return frm
+ sizeof(*csa
);
1677 * Add an 11h country information element to a frame.
1680 ieee80211_add_countryie(uint8_t *frm
, struct ieee80211com
*ic
)
1683 if (ic
->ic_countryie
== NULL
||
1684 ic
->ic_countryie_chan
!= ic
->ic_bsschan
) {
1686 * Handle lazy construction of ie. This is done on
1687 * first use and after a channel change that requires
1690 if (ic
->ic_countryie
!= NULL
)
1691 kfree(ic
->ic_countryie
, M_80211_NODE_IE
);
1692 ic
->ic_countryie
= ieee80211_alloc_countryie(ic
);
1693 if (ic
->ic_countryie
== NULL
)
1695 ic
->ic_countryie_chan
= ic
->ic_bsschan
;
1697 return add_appie(frm
, ic
->ic_countryie
);
1701 * Send a probe request frame with the specified ssid
1702 * and any optional information element data.
1705 ieee80211_send_probereq(struct ieee80211_node
*ni
,
1706 const uint8_t sa
[IEEE80211_ADDR_LEN
],
1707 const uint8_t da
[IEEE80211_ADDR_LEN
],
1708 const uint8_t bssid
[IEEE80211_ADDR_LEN
],
1709 const uint8_t *ssid
, size_t ssidlen
)
1711 struct ieee80211vap
*vap
= ni
->ni_vap
;
1712 struct ieee80211com
*ic
= ni
->ni_ic
;
1713 const struct ieee80211_txparam
*tp
;
1714 struct ieee80211_bpf_params params
;
1715 struct ieee80211_frame
*wh
;
1716 const struct ieee80211_rateset
*rs
;
1720 if (vap
->iv_state
== IEEE80211_S_CAC
) {
1721 IEEE80211_NOTE(vap
, IEEE80211_MSG_OUTPUT
, ni
,
1722 "block %s frame in CAC state", "probe request");
1723 vap
->iv_stats
.is_tx_badstate
++;
1724 return EIO
; /* XXX */
1728 * Hold a reference on the node so it doesn't go away until after
1729 * the xmit is complete all the way in the driver. On error we
1730 * will remove our reference.
1732 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_NODE
,
1733 "ieee80211_ref_node (%s:%u) %p<%6D> refcnt %d\n",
1735 ni
, ni
->ni_macaddr
, ":",
1736 ieee80211_node_refcnt(ni
)+1);
1737 ieee80211_ref_node(ni
);
1740 * prreq frame format
1742 * [tlv] supported rates
1743 * [tlv] RSN (optional)
1744 * [tlv] extended supported rates
1745 * [tlv] WPA (optional)
1746 * [tlv] user-specified ie's
1748 m
= ieee80211_getmgtframe(&frm
,
1749 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
1750 2 + IEEE80211_NWID_LEN
1751 + 2 + IEEE80211_RATE_SIZE
1752 + sizeof(struct ieee80211_ie_wpa
)
1753 + 2 + (IEEE80211_RATE_MAXSIZE
- IEEE80211_RATE_SIZE
)
1754 + sizeof(struct ieee80211_ie_wpa
)
1755 + (vap
->iv_appie_probereq
!= NULL
?
1756 vap
->iv_appie_probereq
->ie_len
: 0)
1759 vap
->iv_stats
.is_tx_nobuf
++;
1760 ieee80211_free_node(ni
);
1764 frm
= ieee80211_add_ssid(frm
, ssid
, ssidlen
);
1765 rs
= ieee80211_get_suprates(ic
, ic
->ic_curchan
);
1766 frm
= ieee80211_add_rates(frm
, rs
);
1767 if (vap
->iv_flags
& IEEE80211_F_WPA2
) {
1768 if (vap
->iv_rsn_ie
!= NULL
)
1769 frm
= add_ie(frm
, vap
->iv_rsn_ie
);
1770 /* XXX else complain? */
1772 frm
= ieee80211_add_xrates(frm
, rs
);
1773 if (vap
->iv_flags
& IEEE80211_F_WPA1
) {
1774 if (vap
->iv_wpa_ie
!= NULL
)
1775 frm
= add_ie(frm
, vap
->iv_wpa_ie
);
1776 /* XXX else complain? */
1778 if (vap
->iv_appie_probereq
!= NULL
)
1779 frm
= add_appie(frm
, vap
->iv_appie_probereq
);
1780 m
->m_pkthdr
.len
= m
->m_len
= frm
- mtod(m
, uint8_t *);
1782 KASSERT(M_LEADINGSPACE(m
) >= sizeof(struct ieee80211_frame
),
1783 ("leading space %zd", M_LEADINGSPACE(m
)));
1784 M_PREPEND(m
, sizeof(struct ieee80211_frame
), MB_DONTWAIT
);
1786 /* NB: cannot happen */
1787 ieee80211_free_node(ni
);
1791 wh
= mtod(m
, struct ieee80211_frame
*);
1792 ieee80211_send_setup(ni
, m
,
1793 IEEE80211_FC0_TYPE_MGT
| IEEE80211_FC0_SUBTYPE_PROBE_REQ
,
1794 IEEE80211_NONQOS_TID
, sa
, da
, bssid
);
1795 /* XXX power management? */
1796 m
->m_flags
|= M_ENCAP
; /* mark encapsulated */
1798 M_WME_SETAC(m
, WME_AC_BE
);
1800 IEEE80211_NODE_STAT(ni
, tx_probereq
);
1801 IEEE80211_NODE_STAT(ni
, tx_mgmt
);
1803 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DEBUG
| IEEE80211_MSG_DUMPPKTS
,
1804 "send probe req on channel %u bssid %6D ssid \"%.*s\"\n",
1805 ieee80211_chan2ieee(ic
, ic
->ic_curchan
), bssid
, ":",
1806 (int)ssidlen
, ssid
);
1808 memset(¶ms
, 0, sizeof(params
));
1809 params
.ibp_pri
= M_WME_GETAC(m
);
1810 tp
= &vap
->iv_txparms
[ieee80211_chan2mode(ic
->ic_curchan
)];
1811 params
.ibp_rate0
= tp
->mgmtrate
;
1812 if (IEEE80211_IS_MULTICAST(da
)) {
1813 params
.ibp_flags
|= IEEE80211_BPF_NOACK
;
1814 params
.ibp_try0
= 1;
1816 params
.ibp_try0
= tp
->maxretry
;
1817 params
.ibp_power
= ni
->ni_txpower
;
1818 return ic
->ic_raw_xmit(ni
, m
, ¶ms
);
1822 * Calculate capability information for mgt frames.
1825 ieee80211_getcapinfo(struct ieee80211vap
*vap
, struct ieee80211_channel
*chan
)
1827 struct ieee80211com
*ic
= vap
->iv_ic
;
1830 KASSERT(vap
->iv_opmode
!= IEEE80211_M_STA
, ("station mode"));
1832 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
)
1833 capinfo
= IEEE80211_CAPINFO_ESS
;
1834 else if (vap
->iv_opmode
== IEEE80211_M_IBSS
)
1835 capinfo
= IEEE80211_CAPINFO_IBSS
;
1838 if (vap
->iv_flags
& IEEE80211_F_PRIVACY
)
1839 capinfo
|= IEEE80211_CAPINFO_PRIVACY
;
1840 if ((ic
->ic_flags
& IEEE80211_F_SHPREAMBLE
) &&
1841 IEEE80211_IS_CHAN_2GHZ(chan
))
1842 capinfo
|= IEEE80211_CAPINFO_SHORT_PREAMBLE
;
1843 if (ic
->ic_flags
& IEEE80211_F_SHSLOT
)
1844 capinfo
|= IEEE80211_CAPINFO_SHORT_SLOTTIME
;
1845 if (IEEE80211_IS_CHAN_5GHZ(chan
) && (vap
->iv_flags
& IEEE80211_F_DOTH
))
1846 capinfo
|= IEEE80211_CAPINFO_SPECTRUM_MGMT
;
1851 * Send a management frame. The node is for the destination (or ic_bss
1852 * when in station mode). Nodes other than ic_bss have their reference
1853 * count bumped to reflect our use for an indeterminant time.
1856 ieee80211_send_mgmt(struct ieee80211_node
*ni
, int type
, int arg
)
1858 #define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT)
1859 #define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0)
1860 struct ieee80211vap
*vap
= ni
->ni_vap
;
1861 struct ieee80211com
*ic
= ni
->ni_ic
;
1862 struct ieee80211_node
*bss
= vap
->iv_bss
;
1863 struct ieee80211_bpf_params params
;
1867 int has_challenge
, is_shared_key
, ret
, status
;
1869 KASSERT(ni
!= NULL
, ("null node"));
1872 * Hold a reference on the node so it doesn't go away until after
1873 * the xmit is complete all the way in the driver. On error we
1874 * will remove our reference.
1876 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_NODE
,
1877 "ieee80211_ref_node (%s:%u) %p<%6D> refcnt %d\n",
1879 ni
, ni
->ni_macaddr
, ":",
1880 ieee80211_node_refcnt(ni
)+1);
1881 ieee80211_ref_node(ni
);
1883 memset(¶ms
, 0, sizeof(params
));
1886 case IEEE80211_FC0_SUBTYPE_AUTH
:
1889 has_challenge
= ((arg
== IEEE80211_AUTH_SHARED_CHALLENGE
||
1890 arg
== IEEE80211_AUTH_SHARED_RESPONSE
) &&
1891 ni
->ni_challenge
!= NULL
);
1894 * Deduce whether we're doing open authentication or
1895 * shared key authentication. We do the latter if
1896 * we're in the middle of a shared key authentication
1897 * handshake or if we're initiating an authentication
1898 * request and configured to use shared key.
1900 is_shared_key
= has_challenge
||
1901 arg
>= IEEE80211_AUTH_SHARED_RESPONSE
||
1902 (arg
== IEEE80211_AUTH_SHARED_REQUEST
&&
1903 bss
->ni_authmode
== IEEE80211_AUTH_SHARED
);
1905 m
= ieee80211_getmgtframe(&frm
,
1906 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
1907 3 * sizeof(uint16_t)
1908 + (has_challenge
&& status
== IEEE80211_STATUS_SUCCESS
?
1909 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN
: 0)
1912 senderr(ENOMEM
, is_tx_nobuf
);
1914 ((uint16_t *)frm
)[0] =
1915 (is_shared_key
) ? htole16(IEEE80211_AUTH_ALG_SHARED
)
1916 : htole16(IEEE80211_AUTH_ALG_OPEN
);
1917 ((uint16_t *)frm
)[1] = htole16(arg
); /* sequence number */
1918 ((uint16_t *)frm
)[2] = htole16(status
);/* status */
1920 if (has_challenge
&& status
== IEEE80211_STATUS_SUCCESS
) {
1921 ((uint16_t *)frm
)[3] =
1922 htole16((IEEE80211_CHALLENGE_LEN
<< 8) |
1923 IEEE80211_ELEMID_CHALLENGE
);
1924 memcpy(&((uint16_t *)frm
)[4], ni
->ni_challenge
,
1925 IEEE80211_CHALLENGE_LEN
);
1926 m
->m_pkthdr
.len
= m
->m_len
=
1927 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN
;
1928 if (arg
== IEEE80211_AUTH_SHARED_RESPONSE
) {
1929 IEEE80211_NOTE(vap
, IEEE80211_MSG_AUTH
, ni
,
1930 "request encrypt frame (%s)", __func__
);
1931 /* mark frame for encryption */
1932 params
.ibp_flags
|= IEEE80211_BPF_CRYPTO
;
1935 m
->m_pkthdr
.len
= m
->m_len
= 3 * sizeof(uint16_t);
1937 /* XXX not right for shared key */
1938 if (status
== IEEE80211_STATUS_SUCCESS
)
1939 IEEE80211_NODE_STAT(ni
, tx_auth
);
1941 IEEE80211_NODE_STAT(ni
, tx_auth_fail
);
1943 if (vap
->iv_opmode
== IEEE80211_M_STA
)
1944 ieee80211_add_callback(m
, ieee80211_tx_mgt_cb
,
1945 (void *) vap
->iv_state
);
1948 case IEEE80211_FC0_SUBTYPE_DEAUTH
:
1949 IEEE80211_NOTE(vap
, IEEE80211_MSG_AUTH
, ni
,
1950 "send station deauthenticate (reason %d)", arg
);
1951 m
= ieee80211_getmgtframe(&frm
,
1952 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
1955 senderr(ENOMEM
, is_tx_nobuf
);
1956 *(uint16_t *)frm
= htole16(arg
); /* reason */
1957 m
->m_pkthdr
.len
= m
->m_len
= sizeof(uint16_t);
1959 IEEE80211_NODE_STAT(ni
, tx_deauth
);
1960 IEEE80211_NODE_STAT_SET(ni
, tx_deauth_code
, arg
);
1962 ieee80211_node_unauthorize(ni
); /* port closed */
1965 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ
:
1966 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ
:
1968 * asreq frame format
1969 * [2] capability information
1970 * [2] listen interval
1971 * [6*] current AP address (reassoc only)
1973 * [tlv] supported rates
1974 * [tlv] extended supported rates
1975 * [4] power capability (optional)
1976 * [28] supported channels (optional)
1977 * [tlv] HT capabilities
1978 * [tlv] WME (optional)
1979 * [tlv] Vendor OUI HT capabilities (optional)
1980 * [tlv] Atheros capabilities (if negotiated)
1981 * [tlv] AppIE's (optional)
1983 m
= ieee80211_getmgtframe(&frm
,
1984 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
1987 + IEEE80211_ADDR_LEN
1988 + 2 + IEEE80211_NWID_LEN
1989 + 2 + IEEE80211_RATE_SIZE
1990 + 2 + (IEEE80211_RATE_MAXSIZE
- IEEE80211_RATE_SIZE
)
1993 + sizeof(struct ieee80211_wme_info
)
1994 + sizeof(struct ieee80211_ie_htcap
)
1995 + 4 + sizeof(struct ieee80211_ie_htcap
)
1996 #ifdef IEEE80211_SUPPORT_SUPERG
1997 + sizeof(struct ieee80211_ath_ie
)
1999 + (vap
->iv_appie_wpa
!= NULL
?
2000 vap
->iv_appie_wpa
->ie_len
: 0)
2001 + (vap
->iv_appie_assocreq
!= NULL
?
2002 vap
->iv_appie_assocreq
->ie_len
: 0)
2005 senderr(ENOMEM
, is_tx_nobuf
);
2007 KASSERT(vap
->iv_opmode
== IEEE80211_M_STA
,
2008 ("wrong mode %u", vap
->iv_opmode
));
2009 capinfo
= IEEE80211_CAPINFO_ESS
;
2010 if (vap
->iv_flags
& IEEE80211_F_PRIVACY
)
2011 capinfo
|= IEEE80211_CAPINFO_PRIVACY
;
2013 * NB: Some 11a AP's reject the request when
2014 * short premable is set.
2016 if ((ic
->ic_flags
& IEEE80211_F_SHPREAMBLE
) &&
2017 IEEE80211_IS_CHAN_2GHZ(ic
->ic_curchan
))
2018 capinfo
|= IEEE80211_CAPINFO_SHORT_PREAMBLE
;
2019 if (IEEE80211_IS_CHAN_ANYG(ic
->ic_curchan
) &&
2020 (ic
->ic_caps
& IEEE80211_C_SHSLOT
))
2021 capinfo
|= IEEE80211_CAPINFO_SHORT_SLOTTIME
;
2022 if ((ni
->ni_capinfo
& IEEE80211_CAPINFO_SPECTRUM_MGMT
) &&
2023 (vap
->iv_flags
& IEEE80211_F_DOTH
))
2024 capinfo
|= IEEE80211_CAPINFO_SPECTRUM_MGMT
;
2025 *(uint16_t *)frm
= htole16(capinfo
);
2028 KASSERT(bss
->ni_intval
!= 0, ("beacon interval is zero!"));
2029 *(uint16_t *)frm
= htole16(howmany(ic
->ic_lintval
,
2033 if (type
== IEEE80211_FC0_SUBTYPE_REASSOC_REQ
) {
2034 IEEE80211_ADDR_COPY(frm
, bss
->ni_bssid
);
2035 frm
+= IEEE80211_ADDR_LEN
;
2038 frm
= ieee80211_add_ssid(frm
, ni
->ni_essid
, ni
->ni_esslen
);
2039 frm
= ieee80211_add_rates(frm
, &ni
->ni_rates
);
2040 if (vap
->iv_flags
& IEEE80211_F_WPA2
) {
2041 if (vap
->iv_rsn_ie
!= NULL
)
2042 frm
= add_ie(frm
, vap
->iv_rsn_ie
);
2043 /* XXX else complain? */
2045 frm
= ieee80211_add_xrates(frm
, &ni
->ni_rates
);
2046 if (capinfo
& IEEE80211_CAPINFO_SPECTRUM_MGMT
) {
2047 frm
= ieee80211_add_powercapability(frm
,
2049 frm
= ieee80211_add_supportedchannels(frm
, ic
);
2051 if ((vap
->iv_flags_ht
& IEEE80211_FHT_HT
) &&
2052 ni
->ni_ies
.htcap_ie
!= NULL
&&
2053 ni
->ni_ies
.htcap_ie
[0] == IEEE80211_ELEMID_HTCAP
)
2054 frm
= ieee80211_add_htcap(frm
, ni
);
2055 if (vap
->iv_flags
& IEEE80211_F_WPA1
) {
2056 if (vap
->iv_wpa_ie
!= NULL
)
2057 frm
= add_ie(frm
, vap
->iv_wpa_ie
);
2058 /* XXX else complain */
2060 if ((ic
->ic_flags
& IEEE80211_F_WME
) &&
2061 ni
->ni_ies
.wme_ie
!= NULL
)
2062 frm
= ieee80211_add_wme_info(frm
, &ic
->ic_wme
);
2063 if ((vap
->iv_flags_ht
& IEEE80211_FHT_HT
) &&
2064 ni
->ni_ies
.htcap_ie
!= NULL
&&
2065 ni
->ni_ies
.htcap_ie
[0] == IEEE80211_ELEMID_VENDOR
)
2066 frm
= ieee80211_add_htcap_vendor(frm
, ni
);
2067 #ifdef IEEE80211_SUPPORT_SUPERG
2068 if (IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_F_ATHEROS
)) {
2069 frm
= ieee80211_add_ath(frm
,
2070 IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_F_ATHEROS
),
2071 ((vap
->iv_flags
& IEEE80211_F_WPA
) == 0 &&
2072 ni
->ni_authmode
!= IEEE80211_AUTH_8021X
) ?
2073 vap
->iv_def_txkey
: IEEE80211_KEYIX_NONE
);
2075 #endif /* IEEE80211_SUPPORT_SUPERG */
2076 if (vap
->iv_appie_assocreq
!= NULL
)
2077 frm
= add_appie(frm
, vap
->iv_appie_assocreq
);
2078 m
->m_pkthdr
.len
= m
->m_len
= frm
- mtod(m
, uint8_t *);
2080 ieee80211_add_callback(m
, ieee80211_tx_mgt_cb
,
2081 (void *) vap
->iv_state
);
2084 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP
:
2085 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP
:
2087 * asresp frame format
2088 * [2] capability information
2090 * [2] association ID
2091 * [tlv] supported rates
2092 * [tlv] extended supported rates
2093 * [tlv] HT capabilities (standard, if STA enabled)
2094 * [tlv] HT information (standard, if STA enabled)
2095 * [tlv] WME (if configured and STA enabled)
2096 * [tlv] HT capabilities (vendor OUI, if STA enabled)
2097 * [tlv] HT information (vendor OUI, if STA enabled)
2098 * [tlv] Atheros capabilities (if STA enabled)
2099 * [tlv] AppIE's (optional)
2101 m
= ieee80211_getmgtframe(&frm
,
2102 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
2106 + 2 + IEEE80211_RATE_SIZE
2107 + 2 + (IEEE80211_RATE_MAXSIZE
- IEEE80211_RATE_SIZE
)
2108 + sizeof(struct ieee80211_ie_htcap
) + 4
2109 + sizeof(struct ieee80211_ie_htinfo
) + 4
2110 + sizeof(struct ieee80211_wme_param
)
2111 #ifdef IEEE80211_SUPPORT_SUPERG
2112 + sizeof(struct ieee80211_ath_ie
)
2114 + (vap
->iv_appie_assocresp
!= NULL
?
2115 vap
->iv_appie_assocresp
->ie_len
: 0)
2118 senderr(ENOMEM
, is_tx_nobuf
);
2120 capinfo
= ieee80211_getcapinfo(vap
, bss
->ni_chan
);
2121 *(uint16_t *)frm
= htole16(capinfo
);
2124 *(uint16_t *)frm
= htole16(arg
); /* status */
2127 if (arg
== IEEE80211_STATUS_SUCCESS
) {
2128 *(uint16_t *)frm
= htole16(ni
->ni_associd
);
2129 IEEE80211_NODE_STAT(ni
, tx_assoc
);
2131 IEEE80211_NODE_STAT(ni
, tx_assoc_fail
);
2134 frm
= ieee80211_add_rates(frm
, &ni
->ni_rates
);
2135 frm
= ieee80211_add_xrates(frm
, &ni
->ni_rates
);
2136 /* NB: respond according to what we received */
2137 if ((ni
->ni_flags
& HTFLAGS
) == IEEE80211_NODE_HT
) {
2138 frm
= ieee80211_add_htcap(frm
, ni
);
2139 frm
= ieee80211_add_htinfo(frm
, ni
);
2141 if ((vap
->iv_flags
& IEEE80211_F_WME
) &&
2142 ni
->ni_ies
.wme_ie
!= NULL
)
2143 frm
= ieee80211_add_wme_param(frm
, &ic
->ic_wme
);
2144 if ((ni
->ni_flags
& HTFLAGS
) == HTFLAGS
) {
2145 frm
= ieee80211_add_htcap_vendor(frm
, ni
);
2146 frm
= ieee80211_add_htinfo_vendor(frm
, ni
);
2148 #ifdef IEEE80211_SUPPORT_SUPERG
2149 if (IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_F_ATHEROS
))
2150 frm
= ieee80211_add_ath(frm
,
2151 IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_F_ATHEROS
),
2152 ((vap
->iv_flags
& IEEE80211_F_WPA
) == 0 &&
2153 ni
->ni_authmode
!= IEEE80211_AUTH_8021X
) ?
2154 vap
->iv_def_txkey
: IEEE80211_KEYIX_NONE
);
2155 #endif /* IEEE80211_SUPPORT_SUPERG */
2156 if (vap
->iv_appie_assocresp
!= NULL
)
2157 frm
= add_appie(frm
, vap
->iv_appie_assocresp
);
2158 m
->m_pkthdr
.len
= m
->m_len
= frm
- mtod(m
, uint8_t *);
2161 case IEEE80211_FC0_SUBTYPE_DISASSOC
:
2162 IEEE80211_NOTE(vap
, IEEE80211_MSG_ASSOC
, ni
,
2163 "send station disassociate (reason %d)", arg
);
2164 m
= ieee80211_getmgtframe(&frm
,
2165 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
2168 senderr(ENOMEM
, is_tx_nobuf
);
2169 *(uint16_t *)frm
= htole16(arg
); /* reason */
2170 m
->m_pkthdr
.len
= m
->m_len
= sizeof(uint16_t);
2172 IEEE80211_NODE_STAT(ni
, tx_disassoc
);
2173 IEEE80211_NODE_STAT_SET(ni
, tx_disassoc_code
, arg
);
2177 IEEE80211_NOTE(vap
, IEEE80211_MSG_ANY
, ni
,
2178 "invalid mgmt frame type %u", type
);
2179 senderr(EINVAL
, is_tx_unknownmgt
);
2183 /* NB: force non-ProbeResp frames to the highest queue */
2184 params
.ibp_pri
= WME_AC_VO
;
2185 params
.ibp_rate0
= bss
->ni_txparms
->mgmtrate
;
2186 /* NB: we know all frames are unicast */
2187 params
.ibp_try0
= bss
->ni_txparms
->maxretry
;
2188 params
.ibp_power
= bss
->ni_txpower
;
2189 return ieee80211_mgmt_output(ni
, m
, type
, ¶ms
);
2191 ieee80211_free_node(ni
);
2198 * Return an mbuf with a probe response frame in it.
2199 * Space is left to prepend and 802.11 header at the
2200 * front but it's left to the caller to fill in.
2203 ieee80211_alloc_proberesp(struct ieee80211_node
*bss
, int legacy
)
2205 struct ieee80211vap
*vap
= bss
->ni_vap
;
2206 struct ieee80211com
*ic
= bss
->ni_ic
;
2207 const struct ieee80211_rateset
*rs
;
2213 * probe response frame format
2215 * [2] beacon interval
2216 * [2] cabability information
2218 * [tlv] supported rates
2219 * [tlv] parameter set (FH/DS)
2220 * [tlv] parameter set (IBSS)
2221 * [tlv] country (optional)
2222 * [3] power control (optional)
2223 * [5] channel switch announcement (CSA) (optional)
2224 * [tlv] extended rate phy (ERP)
2225 * [tlv] extended supported rates
2226 * [tlv] RSN (optional)
2227 * [tlv] HT capabilities
2228 * [tlv] HT information
2229 * [tlv] WPA (optional)
2230 * [tlv] WME (optional)
2231 * [tlv] Vendor OUI HT capabilities (optional)
2232 * [tlv] Vendor OUI HT information (optional)
2233 * [tlv] Atheros capabilities
2234 * [tlv] AppIE's (optional)
2235 * [tlv] Mesh ID (MBSS)
2236 * [tlv] Mesh Conf (MBSS)
2238 m
= ieee80211_getmgtframe(&frm
,
2239 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
2243 + 2 + IEEE80211_NWID_LEN
2244 + 2 + IEEE80211_RATE_SIZE
2246 + IEEE80211_COUNTRY_MAX_SIZE
2248 + sizeof(struct ieee80211_csa_ie
)
2250 + 2 + (IEEE80211_RATE_MAXSIZE
- IEEE80211_RATE_SIZE
)
2251 + sizeof(struct ieee80211_ie_wpa
)
2252 + sizeof(struct ieee80211_ie_htcap
)
2253 + sizeof(struct ieee80211_ie_htinfo
)
2254 + sizeof(struct ieee80211_ie_wpa
)
2255 + sizeof(struct ieee80211_wme_param
)
2256 + 4 + sizeof(struct ieee80211_ie_htcap
)
2257 + 4 + sizeof(struct ieee80211_ie_htinfo
)
2258 #ifdef IEEE80211_SUPPORT_SUPERG
2259 + sizeof(struct ieee80211_ath_ie
)
2261 #ifdef IEEE80211_SUPPORT_MESH
2262 + 2 + IEEE80211_MESHID_LEN
2263 + sizeof(struct ieee80211_meshconf_ie
)
2265 + (vap
->iv_appie_proberesp
!= NULL
?
2266 vap
->iv_appie_proberesp
->ie_len
: 0)
2269 vap
->iv_stats
.is_tx_nobuf
++;
2273 memset(frm
, 0, 8); /* timestamp should be filled later */
2275 *(uint16_t *)frm
= htole16(bss
->ni_intval
);
2277 capinfo
= ieee80211_getcapinfo(vap
, bss
->ni_chan
);
2278 *(uint16_t *)frm
= htole16(capinfo
);
2281 frm
= ieee80211_add_ssid(frm
, bss
->ni_essid
, bss
->ni_esslen
);
2282 rs
= ieee80211_get_suprates(ic
, bss
->ni_chan
);
2283 frm
= ieee80211_add_rates(frm
, rs
);
2285 if (IEEE80211_IS_CHAN_FHSS(bss
->ni_chan
)) {
2286 *frm
++ = IEEE80211_ELEMID_FHPARMS
;
2288 *frm
++ = bss
->ni_fhdwell
& 0x00ff;
2289 *frm
++ = (bss
->ni_fhdwell
>> 8) & 0x00ff;
2290 *frm
++ = IEEE80211_FH_CHANSET(
2291 ieee80211_chan2ieee(ic
, bss
->ni_chan
));
2292 *frm
++ = IEEE80211_FH_CHANPAT(
2293 ieee80211_chan2ieee(ic
, bss
->ni_chan
));
2294 *frm
++ = bss
->ni_fhindex
;
2296 *frm
++ = IEEE80211_ELEMID_DSPARMS
;
2298 *frm
++ = ieee80211_chan2ieee(ic
, bss
->ni_chan
);
2301 if (vap
->iv_opmode
== IEEE80211_M_IBSS
) {
2302 *frm
++ = IEEE80211_ELEMID_IBSSPARMS
;
2304 *frm
++ = 0; *frm
++ = 0; /* TODO: ATIM window */
2306 if ((vap
->iv_flags
& IEEE80211_F_DOTH
) ||
2307 (vap
->iv_flags_ext
& IEEE80211_FEXT_DOTD
))
2308 frm
= ieee80211_add_countryie(frm
, ic
);
2309 if (vap
->iv_flags
& IEEE80211_F_DOTH
) {
2310 if (IEEE80211_IS_CHAN_5GHZ(bss
->ni_chan
))
2311 frm
= ieee80211_add_powerconstraint(frm
, vap
);
2312 if (ic
->ic_flags
& IEEE80211_F_CSAPENDING
)
2313 frm
= ieee80211_add_csa(frm
, vap
);
2315 if (IEEE80211_IS_CHAN_ANYG(bss
->ni_chan
))
2316 frm
= ieee80211_add_erp(frm
, ic
);
2317 frm
= ieee80211_add_xrates(frm
, rs
);
2318 if (vap
->iv_flags
& IEEE80211_F_WPA2
) {
2319 if (vap
->iv_rsn_ie
!= NULL
)
2320 frm
= add_ie(frm
, vap
->iv_rsn_ie
);
2321 /* XXX else complain? */
2324 * NB: legacy 11b clients do not get certain ie's.
2325 * The caller identifies such clients by passing
2326 * a token in legacy to us. Could expand this to be
2327 * any legacy client for stuff like HT ie's.
2329 if (IEEE80211_IS_CHAN_HT(bss
->ni_chan
) &&
2330 legacy
!= IEEE80211_SEND_LEGACY_11B
) {
2331 frm
= ieee80211_add_htcap(frm
, bss
);
2332 frm
= ieee80211_add_htinfo(frm
, bss
);
2334 if (vap
->iv_flags
& IEEE80211_F_WPA1
) {
2335 if (vap
->iv_wpa_ie
!= NULL
)
2336 frm
= add_ie(frm
, vap
->iv_wpa_ie
);
2337 /* XXX else complain? */
2339 if (vap
->iv_flags
& IEEE80211_F_WME
)
2340 frm
= ieee80211_add_wme_param(frm
, &ic
->ic_wme
);
2341 if (IEEE80211_IS_CHAN_HT(bss
->ni_chan
) &&
2342 (vap
->iv_flags_ht
& IEEE80211_FHT_HTCOMPAT
) &&
2343 legacy
!= IEEE80211_SEND_LEGACY_11B
) {
2344 frm
= ieee80211_add_htcap_vendor(frm
, bss
);
2345 frm
= ieee80211_add_htinfo_vendor(frm
, bss
);
2347 #ifdef IEEE80211_SUPPORT_SUPERG
2348 if ((vap
->iv_flags
& IEEE80211_F_ATHEROS
) &&
2349 legacy
!= IEEE80211_SEND_LEGACY_11B
)
2350 frm
= ieee80211_add_athcaps(frm
, bss
);
2352 if (vap
->iv_appie_proberesp
!= NULL
)
2353 frm
= add_appie(frm
, vap
->iv_appie_proberesp
);
2354 #ifdef IEEE80211_SUPPORT_MESH
2355 if (vap
->iv_opmode
== IEEE80211_M_MBSS
) {
2356 frm
= ieee80211_add_meshid(frm
, vap
);
2357 frm
= ieee80211_add_meshconf(frm
, vap
);
2360 m
->m_pkthdr
.len
= m
->m_len
= frm
- mtod(m
, uint8_t *);
2366 * Send a probe response frame to the specified mac address.
2367 * This does not go through the normal mgt frame api so we
2368 * can specify the destination address and re-use the bss node
2369 * for the sta reference.
2372 ieee80211_send_proberesp(struct ieee80211vap
*vap
,
2373 const uint8_t da
[IEEE80211_ADDR_LEN
], int legacy
)
2375 struct ieee80211_node
*bss
= vap
->iv_bss
;
2376 struct ieee80211com
*ic
= vap
->iv_ic
;
2377 struct ieee80211_frame
*wh
;
2380 if (vap
->iv_state
== IEEE80211_S_CAC
) {
2381 IEEE80211_NOTE(vap
, IEEE80211_MSG_OUTPUT
, bss
,
2382 "block %s frame in CAC state", "probe response");
2383 vap
->iv_stats
.is_tx_badstate
++;
2384 return EIO
; /* XXX */
2388 * Hold a reference on the node so it doesn't go away until after
2389 * the xmit is complete all the way in the driver. On error we
2390 * will remove our reference.
2392 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_NODE
,
2393 "ieee80211_ref_node (%s:%u) %p<%6D> refcnt %d\n",
2394 __func__
, __LINE__
, bss
, bss
->ni_macaddr
, ":",
2395 ieee80211_node_refcnt(bss
)+1);
2396 ieee80211_ref_node(bss
);
2398 m
= ieee80211_alloc_proberesp(bss
, legacy
);
2400 ieee80211_free_node(bss
);
2404 M_PREPEND(m
, sizeof(struct ieee80211_frame
), MB_DONTWAIT
);
2405 KASSERT(m
!= NULL
, ("no room for header"));
2407 wh
= mtod(m
, struct ieee80211_frame
*);
2408 ieee80211_send_setup(bss
, m
,
2409 IEEE80211_FC0_TYPE_MGT
| IEEE80211_FC0_SUBTYPE_PROBE_RESP
,
2410 IEEE80211_NONQOS_TID
, vap
->iv_myaddr
, da
, bss
->ni_bssid
);
2411 /* XXX power management? */
2412 m
->m_flags
|= M_ENCAP
; /* mark encapsulated */
2414 M_WME_SETAC(m
, WME_AC_BE
);
2416 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DEBUG
| IEEE80211_MSG_DUMPPKTS
,
2417 "send probe resp on channel %u to %6D%s\n",
2418 ieee80211_chan2ieee(ic
, ic
->ic_curchan
), da
, ":",
2419 legacy
? " <legacy>" : "");
2420 IEEE80211_NODE_STAT(bss
, tx_mgmt
);
2422 return ic
->ic_raw_xmit(bss
, m
, NULL
);
2426 * Allocate and build a RTS (Request To Send) control frame.
2429 ieee80211_alloc_rts(struct ieee80211com
*ic
,
2430 const uint8_t ra
[IEEE80211_ADDR_LEN
],
2431 const uint8_t ta
[IEEE80211_ADDR_LEN
],
2434 struct ieee80211_frame_rts
*rts
;
2437 /* XXX honor ic_headroom */
2438 m
= m_gethdr(MB_DONTWAIT
, MT_DATA
);
2440 rts
= mtod(m
, struct ieee80211_frame_rts
*);
2441 rts
->i_fc
[0] = IEEE80211_FC0_VERSION_0
|
2442 IEEE80211_FC0_TYPE_CTL
| IEEE80211_FC0_SUBTYPE_RTS
;
2443 rts
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
2444 *(u_int16_t
*)rts
->i_dur
= htole16(dur
);
2445 IEEE80211_ADDR_COPY(rts
->i_ra
, ra
);
2446 IEEE80211_ADDR_COPY(rts
->i_ta
, ta
);
2448 m
->m_pkthdr
.len
= m
->m_len
= sizeof(struct ieee80211_frame_rts
);
2454 * Allocate and build a CTS (Clear To Send) control frame.
2457 ieee80211_alloc_cts(struct ieee80211com
*ic
,
2458 const uint8_t ra
[IEEE80211_ADDR_LEN
], uint16_t dur
)
2460 struct ieee80211_frame_cts
*cts
;
2463 /* XXX honor ic_headroom */
2464 m
= m_gethdr(MB_DONTWAIT
, MT_DATA
);
2466 cts
= mtod(m
, struct ieee80211_frame_cts
*);
2467 cts
->i_fc
[0] = IEEE80211_FC0_VERSION_0
|
2468 IEEE80211_FC0_TYPE_CTL
| IEEE80211_FC0_SUBTYPE_CTS
;
2469 cts
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
2470 *(u_int16_t
*)cts
->i_dur
= htole16(dur
);
2471 IEEE80211_ADDR_COPY(cts
->i_ra
, ra
);
2473 m
->m_pkthdr
.len
= m
->m_len
= sizeof(struct ieee80211_frame_cts
);
2479 ieee80211_tx_mgt_timeout_callout(void *arg
)
2481 struct ieee80211_node
*ni
= arg
;
2482 struct ieee80211vap
*vap
;
2484 wlan_serialize_enter();
2486 if (vap
->iv_state
!= IEEE80211_S_INIT
&&
2487 (vap
->iv_ic
->ic_flags
& IEEE80211_F_SCAN
) == 0) {
2489 * NB: it's safe to specify a timeout as the reason here;
2490 * it'll only be used in the right state.
2492 ieee80211_new_state(vap
, IEEE80211_S_SCAN
,
2493 IEEE80211_SCAN_FAIL_TIMEOUT
);
2495 wlan_serialize_exit();
2499 ieee80211_tx_mgt_cb(struct ieee80211_node
*ni
, void *arg
, int status
)
2501 struct ieee80211vap
*vap
= ni
->ni_vap
;
2502 enum ieee80211_state ostate
= (enum ieee80211_state
) arg
;
2505 * Frame transmit completed; arrange timer callback. If
2506 * transmit was successfuly we wait for response. Otherwise
2507 * we arrange an immediate callback instead of doing the
2508 * callback directly since we don't know what state the driver
2509 * is in (e.g. what locks it is holding). This work should
2510 * not be too time-critical and not happen too often so the
2511 * added overhead is acceptable.
2513 * XXX what happens if !acked but response shows up before callback?
2515 if (vap
->iv_state
== ostate
)
2516 callout_reset(&vap
->iv_mgtsend
,
2517 status
== 0 ? IEEE80211_TRANS_WAIT
*hz
: 0,
2518 ieee80211_tx_mgt_timeout_callout
, ni
);
2522 ieee80211_beacon_construct(struct mbuf
*m
, uint8_t *frm
,
2523 struct ieee80211_beacon_offsets
*bo
, struct ieee80211_node
*ni
)
2525 struct ieee80211vap
*vap
= ni
->ni_vap
;
2526 struct ieee80211com
*ic
= ni
->ni_ic
;
2527 struct ieee80211_rateset
*rs
= &ni
->ni_rates
;
2531 * beacon frame format
2533 * [2] beacon interval
2534 * [2] cabability information
2536 * [tlv] supported rates
2537 * [3] parameter set (DS)
2538 * [8] CF parameter set (optional)
2539 * [tlv] parameter set (IBSS/TIM)
2540 * [tlv] country (optional)
2541 * [3] power control (optional)
2542 * [5] channel switch announcement (CSA) (optional)
2543 * [tlv] extended rate phy (ERP)
2544 * [tlv] extended supported rates
2545 * [tlv] RSN parameters
2546 * [tlv] HT capabilities
2547 * [tlv] HT information
2548 * XXX Vendor-specific OIDs (e.g. Atheros)
2549 * [tlv] WPA parameters
2550 * [tlv] WME parameters
2551 * [tlv] Vendor OUI HT capabilities (optional)
2552 * [tlv] Vendor OUI HT information (optional)
2553 * [tlv] Atheros capabilities (optional)
2554 * [tlv] TDMA parameters (optional)
2555 * [tlv] Mesh ID (MBSS)
2556 * [tlv] Mesh Conf (MBSS)
2557 * [tlv] application data (optional)
2560 memset(bo
, 0, sizeof(*bo
));
2562 memset(frm
, 0, 8); /* XXX timestamp is set by hardware/driver */
2564 *(uint16_t *)frm
= htole16(ni
->ni_intval
);
2566 capinfo
= ieee80211_getcapinfo(vap
, ni
->ni_chan
);
2567 bo
->bo_caps
= (uint16_t *)frm
;
2568 *(uint16_t *)frm
= htole16(capinfo
);
2570 *frm
++ = IEEE80211_ELEMID_SSID
;
2571 if ((vap
->iv_flags
& IEEE80211_F_HIDESSID
) == 0) {
2572 *frm
++ = ni
->ni_esslen
;
2573 memcpy(frm
, ni
->ni_essid
, ni
->ni_esslen
);
2574 frm
+= ni
->ni_esslen
;
2577 frm
= ieee80211_add_rates(frm
, rs
);
2578 if (!IEEE80211_IS_CHAN_FHSS(ni
->ni_chan
)) {
2579 *frm
++ = IEEE80211_ELEMID_DSPARMS
;
2581 *frm
++ = ieee80211_chan2ieee(ic
, ni
->ni_chan
);
2583 if (ic
->ic_flags
& IEEE80211_F_PCF
) {
2585 frm
= ieee80211_add_cfparms(frm
, ic
);
2588 if (vap
->iv_opmode
== IEEE80211_M_IBSS
) {
2589 *frm
++ = IEEE80211_ELEMID_IBSSPARMS
;
2591 *frm
++ = 0; *frm
++ = 0; /* TODO: ATIM window */
2593 } else if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
||
2594 vap
->iv_opmode
== IEEE80211_M_MBSS
) {
2595 /* TIM IE is the same for Mesh and Hostap */
2596 struct ieee80211_tim_ie
*tie
= (struct ieee80211_tim_ie
*) frm
;
2598 tie
->tim_ie
= IEEE80211_ELEMID_TIM
;
2599 tie
->tim_len
= 4; /* length */
2600 tie
->tim_count
= 0; /* DTIM count */
2601 tie
->tim_period
= vap
->iv_dtim_period
; /* DTIM period */
2602 tie
->tim_bitctl
= 0; /* bitmap control */
2603 tie
->tim_bitmap
[0] = 0; /* Partial Virtual Bitmap */
2604 frm
+= sizeof(struct ieee80211_tim_ie
);
2607 bo
->bo_tim_trailer
= frm
;
2608 if ((vap
->iv_flags
& IEEE80211_F_DOTH
) ||
2609 (vap
->iv_flags_ext
& IEEE80211_FEXT_DOTD
))
2610 frm
= ieee80211_add_countryie(frm
, ic
);
2611 if (vap
->iv_flags
& IEEE80211_F_DOTH
) {
2612 if (IEEE80211_IS_CHAN_5GHZ(ni
->ni_chan
))
2613 frm
= ieee80211_add_powerconstraint(frm
, vap
);
2615 if (ic
->ic_flags
& IEEE80211_F_CSAPENDING
)
2616 frm
= ieee80211_add_csa(frm
, vap
);
2619 if (IEEE80211_IS_CHAN_ANYG(ni
->ni_chan
)) {
2621 frm
= ieee80211_add_erp(frm
, ic
);
2623 frm
= ieee80211_add_xrates(frm
, rs
);
2624 if (vap
->iv_flags
& IEEE80211_F_WPA2
) {
2625 if (vap
->iv_rsn_ie
!= NULL
)
2626 frm
= add_ie(frm
, vap
->iv_rsn_ie
);
2627 /* XXX else complain */
2629 if (IEEE80211_IS_CHAN_HT(ni
->ni_chan
)) {
2630 frm
= ieee80211_add_htcap(frm
, ni
);
2631 bo
->bo_htinfo
= frm
;
2632 frm
= ieee80211_add_htinfo(frm
, ni
);
2634 if (vap
->iv_flags
& IEEE80211_F_WPA1
) {
2635 if (vap
->iv_wpa_ie
!= NULL
)
2636 frm
= add_ie(frm
, vap
->iv_wpa_ie
);
2637 /* XXX else complain */
2639 if (vap
->iv_flags
& IEEE80211_F_WME
) {
2641 frm
= ieee80211_add_wme_param(frm
, &ic
->ic_wme
);
2643 if (IEEE80211_IS_CHAN_HT(ni
->ni_chan
) &&
2644 (vap
->iv_flags_ht
& IEEE80211_FHT_HTCOMPAT
)) {
2645 frm
= ieee80211_add_htcap_vendor(frm
, ni
);
2646 frm
= ieee80211_add_htinfo_vendor(frm
, ni
);
2648 #ifdef IEEE80211_SUPPORT_SUPERG
2649 if (vap
->iv_flags
& IEEE80211_F_ATHEROS
) {
2651 frm
= ieee80211_add_athcaps(frm
, ni
);
2654 #ifdef IEEE80211_SUPPORT_TDMA
2655 if (vap
->iv_caps
& IEEE80211_C_TDMA
) {
2657 frm
= ieee80211_add_tdma(frm
, vap
);
2660 if (vap
->iv_appie_beacon
!= NULL
) {
2662 bo
->bo_appie_len
= vap
->iv_appie_beacon
->ie_len
;
2663 frm
= add_appie(frm
, vap
->iv_appie_beacon
);
2665 #ifdef IEEE80211_SUPPORT_MESH
2666 if (vap
->iv_opmode
== IEEE80211_M_MBSS
) {
2667 frm
= ieee80211_add_meshid(frm
, vap
);
2668 bo
->bo_meshconf
= frm
;
2669 frm
= ieee80211_add_meshconf(frm
, vap
);
2672 bo
->bo_tim_trailer_len
= frm
- bo
->bo_tim_trailer
;
2673 bo
->bo_csa_trailer_len
= frm
- bo
->bo_csa
;
2674 m
->m_pkthdr
.len
= m
->m_len
= frm
- mtod(m
, uint8_t *);
2678 * Allocate a beacon frame and fillin the appropriate bits.
2681 ieee80211_beacon_alloc(struct ieee80211_node
*ni
,
2682 struct ieee80211_beacon_offsets
*bo
)
2684 struct ieee80211vap
*vap
= ni
->ni_vap
;
2685 struct ieee80211com
*ic
= ni
->ni_ic
;
2686 struct ifnet
*ifp
= vap
->iv_ifp
;
2687 struct ieee80211_frame
*wh
;
2693 * beacon frame format
2695 * [2] beacon interval
2696 * [2] cabability information
2698 * [tlv] supported rates
2699 * [3] parameter set (DS)
2700 * [8] CF parameter set (optional)
2701 * [tlv] parameter set (IBSS/TIM)
2702 * [tlv] country (optional)
2703 * [3] power control (optional)
2704 * [5] channel switch announcement (CSA) (optional)
2705 * [tlv] extended rate phy (ERP)
2706 * [tlv] extended supported rates
2707 * [tlv] RSN parameters
2708 * [tlv] HT capabilities
2709 * [tlv] HT information
2710 * [tlv] Vendor OUI HT capabilities (optional)
2711 * [tlv] Vendor OUI HT information (optional)
2712 * XXX Vendor-specific OIDs (e.g. Atheros)
2713 * [tlv] WPA parameters
2714 * [tlv] WME parameters
2715 * [tlv] TDMA parameters (optional)
2716 * [tlv] Mesh ID (MBSS)
2717 * [tlv] Mesh Conf (MBSS)
2718 * [tlv] application data (optional)
2719 * NB: we allocate the max space required for the TIM bitmap.
2720 * XXX how big is this?
2722 pktlen
= 8 /* time stamp */
2723 + sizeof(uint16_t) /* beacon interval */
2724 + sizeof(uint16_t) /* capabilities */
2725 + 2 + ni
->ni_esslen
/* ssid */
2726 + 2 + IEEE80211_RATE_SIZE
/* supported rates */
2727 + 2 + 1 /* DS parameters */
2728 + 2 + 6 /* CF parameters */
2729 + 2 + 4 + vap
->iv_tim_len
/* DTIM/IBSSPARMS */
2730 + IEEE80211_COUNTRY_MAX_SIZE
/* country */
2731 + 2 + 1 /* power control */
2732 + sizeof(struct ieee80211_csa_ie
) /* CSA */
2734 + 2 + (IEEE80211_RATE_MAXSIZE
- IEEE80211_RATE_SIZE
)
2735 + (vap
->iv_caps
& IEEE80211_C_WPA
? /* WPA 1+2 */
2736 2*sizeof(struct ieee80211_ie_wpa
) : 0)
2737 /* XXX conditional? */
2738 + 4+2*sizeof(struct ieee80211_ie_htcap
)/* HT caps */
2739 + 4+2*sizeof(struct ieee80211_ie_htinfo
)/* HT info */
2740 + (vap
->iv_caps
& IEEE80211_C_WME
? /* WME */
2741 sizeof(struct ieee80211_wme_param
) : 0)
2742 #ifdef IEEE80211_SUPPORT_SUPERG
2743 + sizeof(struct ieee80211_ath_ie
) /* ATH */
2745 #ifdef IEEE80211_SUPPORT_TDMA
2746 + (vap
->iv_caps
& IEEE80211_C_TDMA
? /* TDMA */
2747 sizeof(struct ieee80211_tdma_param
) : 0)
2749 #ifdef IEEE80211_SUPPORT_MESH
2750 + 2 + ni
->ni_meshidlen
2751 + sizeof(struct ieee80211_meshconf_ie
)
2753 + IEEE80211_MAX_APPIE
2755 m
= ieee80211_getmgtframe(&frm
,
2756 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
), pktlen
);
2758 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_ANY
,
2759 "%s: cannot get buf; size %u\n", __func__
, pktlen
);
2760 vap
->iv_stats
.is_tx_nobuf
++;
2763 ieee80211_beacon_construct(m
, frm
, bo
, ni
);
2765 M_PREPEND(m
, sizeof(struct ieee80211_frame
), MB_DONTWAIT
);
2766 KASSERT(m
!= NULL
, ("no space for 802.11 header?"));
2767 wh
= mtod(m
, struct ieee80211_frame
*);
2768 wh
->i_fc
[0] = IEEE80211_FC0_VERSION_0
| IEEE80211_FC0_TYPE_MGT
|
2769 IEEE80211_FC0_SUBTYPE_BEACON
;
2770 wh
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
2771 *(uint16_t *)wh
->i_dur
= 0;
2772 IEEE80211_ADDR_COPY(wh
->i_addr1
, ifp
->if_broadcastaddr
);
2773 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
2774 IEEE80211_ADDR_COPY(wh
->i_addr3
, ni
->ni_bssid
);
2775 *(uint16_t *)wh
->i_seq
= 0;
2781 * Update the dynamic parts of a beacon frame based on the current state.
2784 ieee80211_beacon_update(struct ieee80211_node
*ni
,
2785 struct ieee80211_beacon_offsets
*bo
, struct mbuf
*m
, int mcast
)
2787 struct ieee80211vap
*vap
= ni
->ni_vap
;
2788 struct ieee80211com
*ic
= ni
->ni_ic
;
2789 int len_changed
= 0;
2793 * Handle 11h channel change when we've reached the count.
2794 * We must recalculate the beacon frame contents to account
2795 * for the new channel. Note we do this only for the first
2796 * vap that reaches this point; subsequent vaps just update
2797 * their beacon state to reflect the recalculated channel.
2799 if (isset(bo
->bo_flags
, IEEE80211_BEACON_CSA
) &&
2800 vap
->iv_csa_count
== ic
->ic_csa_count
) {
2801 vap
->iv_csa_count
= 0;
2803 * Effect channel change before reconstructing the beacon
2804 * frame contents as many places reference ni_chan.
2806 if (ic
->ic_csa_newchan
!= NULL
)
2807 ieee80211_csa_completeswitch(ic
);
2809 * NB: ieee80211_beacon_construct clears all pending
2810 * updates in bo_flags so we don't need to explicitly
2811 * clear IEEE80211_BEACON_CSA.
2813 ieee80211_beacon_construct(m
,
2814 mtod(m
, uint8_t*) + sizeof(struct ieee80211_frame
), bo
, ni
);
2816 /* XXX do WME aggressive mode processing? */
2817 return 1; /* just assume length changed */
2820 /* XXX faster to recalculate entirely or just changes? */
2821 capinfo
= ieee80211_getcapinfo(vap
, ni
->ni_chan
);
2822 *bo
->bo_caps
= htole16(capinfo
);
2824 if (vap
->iv_flags
& IEEE80211_F_WME
) {
2825 struct ieee80211_wme_state
*wme
= &ic
->ic_wme
;
2828 * Check for agressive mode change. When there is
2829 * significant high priority traffic in the BSS
2830 * throttle back BE traffic by using conservative
2831 * parameters. Otherwise BE uses agressive params
2832 * to optimize performance of legacy/non-QoS traffic.
2834 if (wme
->wme_flags
& WME_F_AGGRMODE
) {
2835 if (wme
->wme_hipri_traffic
>
2836 wme
->wme_hipri_switch_thresh
) {
2837 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_WME
,
2838 "%s: traffic %u, disable aggressive mode\n",
2839 __func__
, wme
->wme_hipri_traffic
);
2840 wme
->wme_flags
&= ~WME_F_AGGRMODE
;
2841 ieee80211_wme_updateparams_locked(vap
);
2842 wme
->wme_hipri_traffic
=
2843 wme
->wme_hipri_switch_hysteresis
;
2845 wme
->wme_hipri_traffic
= 0;
2847 if (wme
->wme_hipri_traffic
<=
2848 wme
->wme_hipri_switch_thresh
) {
2849 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_WME
,
2850 "%s: traffic %u, enable aggressive mode\n",
2851 __func__
, wme
->wme_hipri_traffic
);
2852 wme
->wme_flags
|= WME_F_AGGRMODE
;
2853 ieee80211_wme_updateparams_locked(vap
);
2854 wme
->wme_hipri_traffic
= 0;
2856 wme
->wme_hipri_traffic
=
2857 wme
->wme_hipri_switch_hysteresis
;
2859 if (isset(bo
->bo_flags
, IEEE80211_BEACON_WME
)) {
2860 (void) ieee80211_add_wme_param(bo
->bo_wme
, wme
);
2861 clrbit(bo
->bo_flags
, IEEE80211_BEACON_WME
);
2865 if (isset(bo
->bo_flags
, IEEE80211_BEACON_HTINFO
)) {
2866 ieee80211_ht_update_beacon(vap
, bo
);
2867 clrbit(bo
->bo_flags
, IEEE80211_BEACON_HTINFO
);
2869 #ifdef IEEE80211_SUPPORT_TDMA
2870 if (vap
->iv_caps
& IEEE80211_C_TDMA
) {
2872 * NB: the beacon is potentially updated every TBTT.
2874 ieee80211_tdma_update_beacon(vap
, bo
);
2877 #ifdef IEEE80211_SUPPORT_MESH
2878 if (vap
->iv_opmode
== IEEE80211_M_MBSS
)
2879 ieee80211_mesh_update_beacon(vap
, bo
);
2882 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
||
2883 vap
->iv_opmode
== IEEE80211_M_MBSS
) { /* NB: no IBSS support*/
2884 struct ieee80211_tim_ie
*tie
=
2885 (struct ieee80211_tim_ie
*) bo
->bo_tim
;
2886 if (isset(bo
->bo_flags
, IEEE80211_BEACON_TIM
)) {
2887 u_int timlen
, timoff
, i
;
2889 * ATIM/DTIM needs updating. If it fits in the
2890 * current space allocated then just copy in the
2891 * new bits. Otherwise we need to move any trailing
2892 * data to make room. Note that we know there is
2893 * contiguous space because ieee80211_beacon_allocate
2894 * insures there is space in the mbuf to write a
2895 * maximal-size virtual bitmap (based on iv_max_aid).
2898 * Calculate the bitmap size and offset, copy any
2899 * trailer out of the way, and then copy in the
2900 * new bitmap and update the information element.
2901 * Note that the tim bitmap must contain at least
2902 * one byte and any offset must be even.
2904 if (vap
->iv_ps_pending
!= 0) {
2905 timoff
= 128; /* impossibly large */
2906 for (i
= 0; i
< vap
->iv_tim_len
; i
++)
2907 if (vap
->iv_tim_bitmap
[i
]) {
2911 KASSERT(timoff
!= 128, ("tim bitmap empty!"));
2912 for (i
= vap
->iv_tim_len
-1; i
>= timoff
; i
--)
2913 if (vap
->iv_tim_bitmap
[i
])
2915 timlen
= 1 + (i
- timoff
);
2920 if (timlen
!= bo
->bo_tim_len
) {
2921 /* copy up/down trailer */
2922 int adjust
= tie
->tim_bitmap
+timlen
2923 - bo
->bo_tim_trailer
;
2924 ovbcopy(bo
->bo_tim_trailer
,
2925 bo
->bo_tim_trailer
+adjust
,
2926 bo
->bo_tim_trailer_len
);
2927 bo
->bo_tim_trailer
+= adjust
;
2928 bo
->bo_erp
+= adjust
;
2929 bo
->bo_htinfo
+= adjust
;
2930 #ifdef IEEE80211_SUPERG_SUPPORT
2931 bo
->bo_ath
+= adjust
;
2933 #ifdef IEEE80211_TDMA_SUPPORT
2934 bo
->bo_tdma
+= adjust
;
2936 #ifdef IEEE80211_MESH_SUPPORT
2937 bo
->bo_meshconf
+= adjust
;
2939 bo
->bo_appie
+= adjust
;
2940 bo
->bo_wme
+= adjust
;
2941 bo
->bo_csa
+= adjust
;
2942 bo
->bo_tim_len
= timlen
;
2944 /* update information element */
2945 tie
->tim_len
= 3 + timlen
;
2946 tie
->tim_bitctl
= timoff
;
2949 memcpy(tie
->tim_bitmap
, vap
->iv_tim_bitmap
+ timoff
,
2952 clrbit(bo
->bo_flags
, IEEE80211_BEACON_TIM
);
2954 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_POWER
,
2955 "%s: TIM updated, pending %u, off %u, len %u\n",
2956 __func__
, vap
->iv_ps_pending
, timoff
, timlen
);
2958 /* count down DTIM period */
2959 if (tie
->tim_count
== 0)
2960 tie
->tim_count
= tie
->tim_period
- 1;
2963 /* update state for buffered multicast frames on DTIM */
2964 if (mcast
&& tie
->tim_count
== 0)
2965 tie
->tim_bitctl
|= 1;
2967 tie
->tim_bitctl
&= ~1;
2968 if (isset(bo
->bo_flags
, IEEE80211_BEACON_CSA
)) {
2969 struct ieee80211_csa_ie
*csa
=
2970 (struct ieee80211_csa_ie
*) bo
->bo_csa
;
2973 * Insert or update CSA ie. If we're just starting
2974 * to count down to the channel switch then we need
2975 * to insert the CSA ie. Otherwise we just need to
2976 * drop the count. The actual change happens above
2977 * when the vap's count reaches the target count.
2979 if (vap
->iv_csa_count
== 0) {
2980 memmove(&csa
[1], csa
, bo
->bo_csa_trailer_len
);
2981 bo
->bo_erp
+= sizeof(*csa
);
2982 bo
->bo_htinfo
+= sizeof(*csa
);
2983 bo
->bo_wme
+= sizeof(*csa
);
2984 #ifdef IEEE80211_SUPERG_SUPPORT
2985 bo
->bo_ath
+= sizeof(*csa
);
2987 #ifdef IEEE80211_TDMA_SUPPORT
2988 bo
->bo_tdma
+= sizeof(*csa
);
2990 #ifdef IEEE80211_MESH_SUPPORT
2991 bo
->bo_meshconf
+= sizeof(*csa
);
2993 bo
->bo_appie
+= sizeof(*csa
);
2994 bo
->bo_csa_trailer_len
+= sizeof(*csa
);
2995 bo
->bo_tim_trailer_len
+= sizeof(*csa
);
2996 m
->m_len
+= sizeof(*csa
);
2997 m
->m_pkthdr
.len
+= sizeof(*csa
);
2999 ieee80211_add_csa(bo
->bo_csa
, vap
);
3002 vap
->iv_csa_count
++;
3003 /* NB: don't clear IEEE80211_BEACON_CSA */
3005 if (isset(bo
->bo_flags
, IEEE80211_BEACON_ERP
)) {
3007 * ERP element needs updating.
3009 (void) ieee80211_add_erp(bo
->bo_erp
, ic
);
3010 clrbit(bo
->bo_flags
, IEEE80211_BEACON_ERP
);
3012 #ifdef IEEE80211_SUPPORT_SUPERG
3013 if (isset(bo
->bo_flags
, IEEE80211_BEACON_ATH
)) {
3014 ieee80211_add_athcaps(bo
->bo_ath
, ni
);
3015 clrbit(bo
->bo_flags
, IEEE80211_BEACON_ATH
);
3019 if (isset(bo
->bo_flags
, IEEE80211_BEACON_APPIE
)) {
3020 const struct ieee80211_appie
*aie
= vap
->iv_appie_beacon
;
3026 aielen
+= aie
->ie_len
;
3027 if (aielen
!= bo
->bo_appie_len
) {
3028 /* copy up/down trailer */
3029 int adjust
= aielen
- bo
->bo_appie_len
;
3030 ovbcopy(bo
->bo_tim_trailer
, bo
->bo_tim_trailer
+adjust
,
3031 bo
->bo_tim_trailer_len
);
3032 bo
->bo_tim_trailer
+= adjust
;
3033 bo
->bo_appie
+= adjust
;
3034 bo
->bo_appie_len
= aielen
;
3040 frm
= add_appie(frm
, aie
);
3041 clrbit(bo
->bo_flags
, IEEE80211_BEACON_APPIE
);