search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
usr.sbin/makefs/ffs: Remove m_buf::b_is_hammer2
[dragonfly.git] / sys / netproto / 802_11 / wlan / ieee80211_output.c
blob3c61d82539e096dd471788b27e57ee8563d3d062
1 /*-
2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29
30 #include "opt_inet.h"
31 #include "opt_inet6.h"
32 #include "opt_wlan.h"
33
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/kernel.h>
37 #include <sys/malloc.h>
38 #include <sys/mbuf.h>
39 #include <sys/endian.h>
40
41 #include <sys/socket.h>
42
43 #include <net/bpf.h>
44 #include <net/ethernet.h>
45 #include <net/if.h>
46 #include <net/if_var.h>
47 #include <net/if_llc.h>
48 #include <net/if_media.h>
49 #include <net/vlan/if_vlan_var.h>
50
51 #if defined(__DragonFly__)
52 #include <net/ifq_var.h>
53 #endif
54
55 #include <netproto/802_11/ieee80211_var.h>
56 #include <netproto/802_11/ieee80211_regdomain.h>
57 #ifdef IEEE80211_SUPPORT_SUPERG
58 #include <netproto/802_11/ieee80211_superg.h>
59 #endif
60 #ifdef IEEE80211_SUPPORT_TDMA
61 #include <netproto/802_11/ieee80211_tdma.h>
62 #endif
63 #include <netproto/802_11/ieee80211_wds.h>
64 #include <netproto/802_11/ieee80211_mesh.h>
65
66 #if defined(INET) || defined(INET6)
67 #include <netinet/in.h>
68 #endif
69
70 #ifdef INET
71 #include <netinet/if_ether.h>
72 #include <netinet/in_systm.h>
73 #include <netinet/ip.h>
74 #endif
75 #ifdef INET6
76 #include <netinet/ip6.h>
77 #endif
78
79 #if defined(__DragonFly__)
80 #else
81 #include <security/mac/mac_framework.h>
82 #endif
83
84 #define ETHER_HEADER_COPY(dst, src) \
85 memcpy(dst, src, sizeof(struct ether_header))
86
87 static int ieee80211_fragment(struct ieee80211vap *, struct mbuf *,
88 u_int hdrsize, u_int ciphdrsize, u_int mtu);
89 static void ieee80211_tx_mgt_cb(struct ieee80211_node *, void *, int);
90
91 #ifdef IEEE80211_DEBUG
92 /*
93 * Decide if an outbound management frame should be
94 * printed when debugging is enabled. This filters some
95 * of the less interesting frames that come frequently
96 * (e.g. beacons).
97 */
98 static __inline int
99 doprint(struct ieee80211vap *vap, int subtype)
100 {
101 switch (subtype) {
102 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
103 return (vap->iv_opmode == IEEE80211_M_IBSS);
104 }
105 return 1;
106 }
107 #endif
108
109 /*
110 * Transmit a frame to the given destination on the given VAP.
111 *
112 * It's up to the caller to figure out the details of who this
113 * is going to and resolving the node.
114 *
115 * This routine takes care of queuing it for power save,
116 * A-MPDU state stuff, fast-frames state stuff, encapsulation
117 * if required, then passing it up to the driver layer.
118 *
119 * This routine (for now) consumes the mbuf and frees the node
120 * reference; it ideally will return a TX status which reflects
121 * whether the mbuf was consumed or not, so the caller can
122 * free the mbuf (if appropriate) and the node reference (again,
123 * if appropriate.)
124 */
125 int
126 ieee80211_vap_pkt_send_dest(struct ieee80211vap *vap, struct mbuf *m,
127 struct ieee80211_node *ni)
128 {
129 struct ieee80211com *ic = vap->iv_ic;
130 struct ifnet *ifp = vap->iv_ifp;
131 int len, mcast;
132
133 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
134 (m->m_flags & M_PWR_SAV) == 0) {
135 /*
136 * Station in power save mode; pass the frame
137 * to the 802.11 layer and continue. We'll get
138 * the frame back when the time is right.
139 * XXX lose WDS vap linkage?
140 */
141 if (ieee80211_pwrsave(ni, m) != 0)
142 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
143 ieee80211_free_node(ni);
144
145 /*
146 * We queued it fine, so tell the upper layer
147 * that we consumed it.
148 */
149 return (0);
150 }
151 /* calculate priority so drivers can find the tx queue */
152 if (ieee80211_classify(ni, m)) {
153 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT,
154 ni->ni_macaddr, NULL,
155 "%s", "classification failure");
156 vap->iv_stats.is_tx_classify++;
157 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
158 m_freem(m);
159 ieee80211_free_node(ni);
160
161 /* XXX better status? */
162 return (0);
163 }
164 /*
165 * Stash the node pointer. Note that we do this after
166 * any call to ieee80211_dwds_mcast because that code
167 * uses any existing value for rcvif to identify the
168 * interface it (might have been) received on.
169 */
170 m->m_pkthdr.rcvif = (void *)ni;
171 mcast = (m->m_flags & (M_MCAST | M_BCAST)) ? 1: 0;
172 len = m->m_pkthdr.len;
173
174 BPF_MTAP(ifp, m); /* 802.3 tx */
175
176 /*
177 * Check if A-MPDU tx aggregation is setup or if we
178 * should try to enable it. The sta must be associated
179 * with HT and A-MPDU enabled for use. When the policy
180 * routine decides we should enable A-MPDU we issue an
181 * ADDBA request and wait for a reply. The frame being
182 * encapsulated will go out w/o using A-MPDU, or possibly
183 * it might be collected by the driver and held/retransmit.
184 * The default ic_ampdu_enable routine handles staggering
185 * ADDBA requests in case the receiver NAK's us or we are
186 * otherwise unable to establish a BA stream.
187 */
188 if ((ni->ni_flags & IEEE80211_NODE_AMPDU_TX) &&
189 (vap->iv_flags_ht & IEEE80211_FHT_AMPDU_TX)) {
190 if ((m->m_flags & M_EAPOL) == 0) {
191 int tid = WME_AC_TO_TID(M_WME_GETAC(m));
192 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[tid];
193
194 ieee80211_txampdu_count_packet(tap);
195 if (IEEE80211_AMPDU_RUNNING(tap)) {
196 /*
197 * Operational, mark frame for aggregation.
198 *
199 * XXX do tx aggregation here
200 */
201 m->m_flags |= M_AMPDU_MPDU;
202 } else if (!IEEE80211_AMPDU_REQUESTED(tap) &&
203 ic->ic_ampdu_enable(ni, tap)) {
204 /*
205 * Not negotiated yet, request service.
206 */
207 ieee80211_ampdu_request(ni, tap);
208 /* XXX hold frame for reply? */
209 }
210 }
211 }
212
213 #ifdef IEEE80211_SUPPORT_SUPERG
214 /*
215 * Check for AMSDU/FF; queue for aggregation
216 *
217 * Note: we don't bother trying to do fast frames or
218 * A-MSDU encapsulation for 802.3 drivers. Now, we
219 * likely could do it for FF (because it's a magic
220 * atheros tunnel LLC type) but I don't think we're going
221 * to really need to. For A-MSDU we'd have to set the
222 * A-MSDU QoS bit in the wifi header, so we just plain
223 * can't do it.
224 *
225 * Strictly speaking, we could actually /do/ A-MSDU / FF
226 * with A-MPDU together which for certain circumstances
227 * is beneficial (eg A-MSDU of TCK ACKs.) However,
228 * I'll ignore that for now so existing behaviour is maintained.
229 * Later on it would be good to make "amsdu + ampdu" configurable.
230 */
231 else if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) {
232 if ((! mcast) && ieee80211_amsdu_tx_ok(ni)) {
233 m = ieee80211_amsdu_check(ni, m);
234 if (m == NULL) {
235 /* NB: any ni ref held on stageq */
236 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG,
237 "%s: amsdu_check queued frame\n",
238 __func__);
239 return (0);
240 }
241 } else if ((! mcast) && IEEE80211_ATH_CAP(vap, ni,
242 IEEE80211_NODE_FF)) {
243 m = ieee80211_ff_check(ni, m);
244 if (m == NULL) {
245 /* NB: any ni ref held on stageq */
246 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG,
247 "%s: ff_check queued frame\n",
248 __func__);
249 return (0);
250 }
251 }
252 }
253 #endif /* IEEE80211_SUPPORT_SUPERG */
254
255 /*
256 * Grab the TX lock - serialise the TX process from this
257 * point (where TX state is being checked/modified)
258 * through to driver queue.
259 */
260 IEEE80211_TX_LOCK(ic);
261
262 /*
263 * XXX make the encap and transmit code a separate function
264 * so things like the FF (and later A-MSDU) path can just call
265 * it for flushed frames.
266 */
267 if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) {
268 /*
269 * Encapsulate the packet in prep for transmission.
270 */
271 m = ieee80211_encap(vap, ni, m);
272 if (m == NULL) {
273 /* NB: stat+msg handled in ieee80211_encap */
274 IEEE80211_TX_UNLOCK(ic);
275 ieee80211_free_node(ni);
276 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
277 return (ENOBUFS);
278 }
279 }
280 /* HACK - added by DragonFly, mbuf could lose rcvif assignment above */
281 m->m_pkthdr.rcvif = (void *)ni;
282 (void) ieee80211_parent_xmitpkt(ic, m);
283
284 /*
285 * Unlock at this point - no need to hold it across
286 * ieee80211_free_node() (ie, the comlock)
287 */
288 IEEE80211_TX_UNLOCK(ic);
289 ic->ic_lastdata = ticks;
290
291 return (0);
292 }
293
294
295
296 /*
297 * Send the given mbuf through the given vap.
298 *
299 * This consumes the mbuf regardless of whether the transmit
300 * was successful or not.
301 *
302 * This does none of the initial checks that ieee80211_start()
303 * does (eg CAC timeout, interface wakeup) - the caller must
304 * do this first.
305 */
306 static int
307 ieee80211_start_pkt(struct ieee80211vap *vap, struct mbuf *m)
308 {
309 #define IS_DWDS(vap) \
310 (vap->iv_opmode == IEEE80211_M_WDS && \
311 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0)
312 struct ieee80211com *ic = vap->iv_ic;
313 struct ifnet *ifp = vap->iv_ifp;
314 struct ieee80211_node *ni;
315 struct ether_header *eh;
316
317 /*
318 * Cancel any background scan.
319 */
320 if (ic->ic_flags & IEEE80211_F_SCAN)
321 ieee80211_cancel_anyscan(vap);
322 /*
323 * Find the node for the destination so we can do
324 * things like power save and fast frames aggregation.
325 *
326 * NB: past this point various code assumes the first
327 * mbuf has the 802.3 header present (and contiguous).
328 */
329 ni = NULL;
330 if (m->m_len < sizeof(struct ether_header) &&
331 (m = m_pullup(m, sizeof(struct ether_header))) == NULL) {
332 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
333 "discard frame, %s\n", "m_pullup failed");
334 vap->iv_stats.is_tx_nobuf++; /* XXX */
335 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
336 return (ENOBUFS);
337 }
338 eh = mtod(m, struct ether_header *);
339 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
340 if (IS_DWDS(vap)) {
341 /*
342 * Only unicast frames from the above go out
343 * DWDS vaps; multicast frames are handled by
344 * dispatching the frame as it comes through
345 * the AP vap (see below).
346 */
347 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_WDS,
348 eh->ether_dhost, "mcast", "%s", "on DWDS");
349 vap->iv_stats.is_dwds_mcast++;
350 m_freem(m);
351 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
352 /* XXX better status? */
353 return (ENOBUFS);
354 }
355 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
356 /*
357 * Spam DWDS vap's w/ multicast traffic.
358 */
359 /* XXX only if dwds in use? */
360 ieee80211_dwds_mcast(vap, m);
361 }
362 }
363 #ifdef IEEE80211_SUPPORT_MESH
364 if (vap->iv_opmode != IEEE80211_M_MBSS) {
365 #endif
366 ni = ieee80211_find_txnode(vap, eh->ether_dhost);
367 if (ni == NULL) {
368 /* NB: ieee80211_find_txnode does stat+msg */
369 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
370 m_freem(m);
371 /* XXX better status? */
372 return (ENOBUFS);
373 }
374 if (ni->ni_associd == 0 &&
375 (ni->ni_flags & IEEE80211_NODE_ASSOCID)) {
376 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT,
377 eh->ether_dhost, NULL,
378 "sta not associated (type 0x%04x)",
379 htons(eh->ether_type));
380 vap->iv_stats.is_tx_notassoc++;
381 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
382 m_freem(m);
383 ieee80211_free_node(ni);
384 /* XXX better status? */
385 return (ENOBUFS);
386 }
387 #ifdef IEEE80211_SUPPORT_MESH
388 } else {
389 if (!IEEE80211_ADDR_EQ(eh->ether_shost, vap->iv_myaddr)) {
390 /*
391 * Proxy station only if configured.
392 */
393 if (!ieee80211_mesh_isproxyena(vap)) {
394 IEEE80211_DISCARD_MAC(vap,
395 IEEE80211_MSG_OUTPUT |
396 IEEE80211_MSG_MESH,
397 eh->ether_dhost, NULL,
398 "%s", "proxy not enabled");
399 vap->iv_stats.is_mesh_notproxy++;
400 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
401 m_freem(m);
402 /* XXX better status? */
403 return (ENOBUFS);
404 }
405 #if defined(__DragonFly__)
406 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
407 "forward frame from DS SA(%s), DA(%s)\n",
408 ether_sprintf(eh->ether_shost),
409 ether_sprintf(eh->ether_dhost));
410 #else
411 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
412 "forward frame from DS SA(%6D), DA(%6D)\n",
413 eh->ether_shost, ":",
414 eh->ether_dhost, ":");
415 #endif
416 ieee80211_mesh_proxy_check(vap, eh->ether_shost);
417 }
418 ni = ieee80211_mesh_discover(vap, eh->ether_dhost, m);
419 if (ni == NULL) {
420 /*
421 * NB: ieee80211_mesh_discover holds/disposes
422 * frame (e.g. queueing on path discovery).
423 */
424 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
425 /* XXX better status? */
426 return (ENOBUFS);
427 }
428 }
429 #endif
430
431 /*
432 * We've resolved the sender, so attempt to transmit it.
433 */
434
435 if (vap->iv_state == IEEE80211_S_SLEEP) {
436 /*
437 * In power save; queue frame and then wakeup device
438 * for transmit.
439 */
440 ic->ic_lastdata = ticks;
441 if (ieee80211_pwrsave(ni, m) != 0)
442 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
443 ieee80211_free_node(ni);
444 ieee80211_new_state(vap, IEEE80211_S_RUN, 0);
445 return (0);
446 }
447
448 if (ieee80211_vap_pkt_send_dest(vap, m, ni) != 0)
449 return (ENOBUFS);
450 return (0);
451 #undef IS_DWDS
452 }
453
454 /*
455 * Start method for vap's. All packets from the stack come
456 * through here. We handle common processing of the packets
457 * before dispatching them to the underlying device.
458 *
459 * if_transmit() requires that the mbuf be consumed by this call
460 * regardless of the return condition.
461 */
462
463 #if defined(__DragonFly__)
464
465 void
466 ieee80211_vap_start(struct ifnet *ifp, struct ifaltq_subque *ifsq)
467 {
468 struct ieee80211vap *vap = ifp->if_softc;
469 struct ieee80211com *ic = vap->iv_ic;
470 struct ifnet *parent = vap->iv_ifp;
471 struct mbuf *m = NULL;
472
473 /* NB: parent must be up and running */
474 if (!IFNET_IS_UP_RUNNING(parent)) {
475 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
476 "%s: ignore queue, parent %s not up+running\n",
477 __func__, parent->if_xname);
478 /* XXX stat */
479 /*m_freem(m);*/
480 /*return (EINVAL);*/
481 return;
482 }
483
484 wlan_assert_serialized();
485 ASSERT_ALTQ_SQ_DEFAULT(ifp, ifsq);
486
487 /*
488 * No data frames go out unless we're running.
489 * Note in particular this covers CAC and CSA
490 * states (though maybe we should check muting
491 * for CSA).
492 */
493 if (vap->iv_state != IEEE80211_S_RUN &&
494 vap->iv_state != IEEE80211_S_SLEEP) {
495 IEEE80211_LOCK(ic);
496 /* re-check under the com lock to avoid races */
497 if (vap->iv_state != IEEE80211_S_RUN &&
498 vap->iv_state != IEEE80211_S_SLEEP) {
499 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
500 "%s: ignore queue, in %s state\n",
501 __func__, ieee80211_state_name[vap->iv_state]);
502 vap->iv_stats.is_tx_badstate++;
503 IEEE80211_UNLOCK(ic);
504 ifsq_set_oactive(ifsq);
505 /*m_freem(m);*/
506 /* return (EINVAL); */
507 return;
508 }
509 IEEE80211_UNLOCK(ic);
510 }
511
512 wlan_serialize_exit();
513 for (;;) {
514 m = ifsq_dequeue(ifsq);
515 if (m == NULL)
516 break;
517
518 /*
519 * Sanitize mbuf flags for net80211 use. We cannot
520 * clear M_PWR_SAV or M_MORE_DATA because these may
521 * be set for frames that are re-submitted from the
522 * power save queue.
523 *
524 * NB: This must be done before ieee80211_classify as
525 * it marks EAPOL in frames with M_EAPOL.
526 */
527 m->m_flags &= ~(M_80211_TX - M_PWR_SAV - M_MORE_DATA);
528
529 /*
530 * Bump to the packet transmission path.
531 * The mbuf will be consumed here.
532 */
533 ieee80211_start_pkt(vap, m);
534 }
535 wlan_serialize_enter();
536 }
537
538 #else
539
540 int
541 ieee80211_vap_transmit(struct ifnet *ifp, struct mbuf *m)
542 {
543 struct ieee80211vap *vap = ifp->if_softc;
544 struct ieee80211com *ic = vap->iv_ic;
545
546 /*
547 * No data frames go out unless we're running.
548 * Note in particular this covers CAC and CSA
549 * states (though maybe we should check muting
550 * for CSA).
551 */
552 if (vap->iv_state != IEEE80211_S_RUN &&
553 vap->iv_state != IEEE80211_S_SLEEP) {
554 IEEE80211_LOCK(ic);
555 /* re-check under the com lock to avoid races */
556 if (vap->iv_state != IEEE80211_S_RUN &&
557 vap->iv_state != IEEE80211_S_SLEEP) {
558 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
559 "%s: ignore queue, in %s state\n",
560 __func__, ieee80211_state_name[vap->iv_state]);
561 vap->iv_stats.is_tx_badstate++;
562 IEEE80211_UNLOCK(ic);
563 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
564 m_freem(m);
565 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
566 return (ENETDOWN);
567 }
568 IEEE80211_UNLOCK(ic);
569 }
570
571 /*
572 * Sanitize mbuf flags for net80211 use. We cannot
573 * clear M_PWR_SAV or M_MORE_DATA because these may
574 * be set for frames that are re-submitted from the
575 * power save queue.
576 *
577 * NB: This must be done before ieee80211_classify as
578 * it marks EAPOL in frames with M_EAPOL.
579 */
580 m->m_flags &= ~(M_80211_TX - M_PWR_SAV - M_MORE_DATA);
581
582 /*
583 * Bump to the packet transmission path.
584 * The mbuf will be consumed here.
585 */
586 return (ieee80211_start_pkt(vap, m));
587 }
588
589 void
590 ieee80211_vap_qflush(struct ifnet *ifp)
591 {
592
593 /* Empty for now */
594 }
595
596 #endif
597
598 /*
599 * 802.11 raw output routine.
600 *
601 * XXX TODO: this (and other send routines) should correctly
602 * XXX keep the pwr mgmt bit set if it decides to call into the
603 * XXX driver to send a frame whilst the state is SLEEP.
604 *
605 * Otherwise the peer may decide that we're awake and flood us
606 * with traffic we are still too asleep to receive!
607 */
608 int
609 ieee80211_raw_output(struct ieee80211vap *vap, struct ieee80211_node *ni,
610 struct mbuf *m, const struct ieee80211_bpf_params *params)
611 {
612 struct ieee80211com *ic = vap->iv_ic;
613 int error;
614
615 /*
616 * Set node - the caller has taken a reference, so ensure
617 * that the mbuf has the same node value that
618 * it would if it were going via the normal path.
619 */
620 m->m_pkthdr.rcvif = (void *)ni;
621
622 /*
623 * Attempt to add bpf transmit parameters.
624 *
625 * For now it's ok to fail; the raw_xmit api still takes
626 * them as an option.
627 *
628 * Later on when ic_raw_xmit() has params removed,
629 * they'll have to be added - so fail the transmit if
630 * they can't be.
631 */
632 if (params)
633 (void) ieee80211_add_xmit_params(m, params);
634
635 error = ic->ic_raw_xmit(ni, m, params);
636 if (error) {
637 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 1);
638 ieee80211_free_node(ni);
639 }
640 return (error);
641 }
642
643 /*
644 * 802.11 output routine. This is (currently) used only to
645 * connect bpf write calls to the 802.11 layer for injecting
646 * raw 802.11 frames.
647 */
648 #if defined(__DragonFly__)
649 int
650 ieee80211_output(struct ifnet *ifp, struct mbuf *m,
651 struct sockaddr *dst, struct rtentry *rt)
652 #else
653 int
654 ieee80211_output(struct ifnet *ifp, struct mbuf *m,
655 const struct sockaddr *dst, struct route *ro)
656 #endif
657 {
658 #define senderr(e) do { error = (e); goto bad;} while (0)
659 struct ieee80211_node *ni = NULL;
660 struct ieee80211vap *vap;
661 struct ieee80211_frame *wh;
662 struct ieee80211com *ic = NULL;
663 int error;
664 int ret;
665
666 #if defined(__DragonFly__)
667 struct ifaltq_subque *ifsq;
668 ifsq = ifq_get_subq_default(&ifp->if_snd);
669 if (ifsq_is_oactive(ifsq)) {
670 #else
671 if (ifp->if_drv_flags & IFF_DRV_OACTIVE) {
672 #endif
673 /*
674 * Short-circuit requests if the vap is marked OACTIVE
675 * as this can happen because a packet came down through
676 * ieee80211_start before the vap entered RUN state in
677 * which case it's ok to just drop the frame. This
678 * should not be necessary but callers of if_output don't
679 * check OACTIVE.
680 */
681 senderr(ENETDOWN);
682 }
683 vap = ifp->if_softc;
684 ic = vap->iv_ic;
685 /*
686 * Hand to the 802.3 code if not tagged as
687 * a raw 802.11 frame.
688 */
689 #if defined(__DragonFly__)
690 if (dst->sa_family != AF_IEEE80211)
691 return vap->iv_output(ifp, m, dst, rt);
692 #else
693 if (dst->sa_family != AF_IEEE80211)
694 return vap->iv_output(ifp, m, dst, ro);
695 #endif
696 #ifdef MAC
697 error = mac_ifnet_check_transmit(ifp, m);
698 if (error)
699 senderr(error);
700 #endif
701 if (ifp->if_flags & IFF_MONITOR)
702 senderr(ENETDOWN);
703 if (!IFNET_IS_UP_RUNNING(ifp))
704 senderr(ENETDOWN);
705 if (vap->iv_state == IEEE80211_S_CAC) {
706 IEEE80211_DPRINTF(vap,
707 IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
708 "block %s frame in CAC state\n", "raw data");
709 vap->iv_stats.is_tx_badstate++;
710 senderr(EIO); /* XXX */
711 } else if (vap->iv_state == IEEE80211_S_SCAN)
712 senderr(EIO);
713 /* XXX bypass bridge, pfil, carp, etc. */
714
715 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack))
716 senderr(EIO); /* XXX */
717 wh = mtod(m, struct ieee80211_frame *);
718 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
719 IEEE80211_FC0_VERSION_0)
720 senderr(EIO); /* XXX */
721
722 /* locate destination node */
723 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
724 case IEEE80211_FC1_DIR_NODS:
725 case IEEE80211_FC1_DIR_FROMDS:
726 ni = ieee80211_find_txnode(vap, wh->i_addr1);
727 break;
728 case IEEE80211_FC1_DIR_TODS:
729 case IEEE80211_FC1_DIR_DSTODS:
730 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame))
731 senderr(EIO); /* XXX */
732 ni = ieee80211_find_txnode(vap, wh->i_addr3);
733 break;
734 default:
735 senderr(EIO); /* XXX */
736 }
737 if (ni == NULL) {
738 /*
739 * Permit packets w/ bpf params through regardless
740 * (see below about sa_len).
741 */
742 if (dst->sa_len == 0)
743 senderr(EHOSTUNREACH);
744 ni = ieee80211_ref_node(vap->iv_bss);
745 }
746
747 /*
748 * Sanitize mbuf for net80211 flags leaked from above.
749 *
750 * NB: This must be done before ieee80211_classify as
751 * it marks EAPOL in frames with M_EAPOL.
752 */
753 m->m_flags &= ~M_80211_TX;
754
755 /* calculate priority so drivers can find the tx queue */
756 /* XXX assumes an 802.3 frame */
757 if (ieee80211_classify(ni, m))
758 senderr(EIO); /* XXX */
759
760 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
761 IEEE80211_NODE_STAT(ni, tx_data);
762 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
763 IEEE80211_NODE_STAT(ni, tx_mcast);
764 m->m_flags |= M_MCAST;
765 } else
766 IEEE80211_NODE_STAT(ni, tx_ucast);
767 /* NB: ieee80211_encap does not include 802.11 header */
768 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, m->m_pkthdr.len);
769
770 IEEE80211_TX_LOCK(ic);
771
772 /*
773 * NB: DLT_IEEE802_11_RADIO identifies the parameters are
774 * present by setting the sa_len field of the sockaddr (yes,
775 * this is a hack).
776 * NB: we assume sa_data is suitably aligned to cast.
777 */
778 ret = ieee80211_raw_output(vap, ni, m,
779 (const struct ieee80211_bpf_params *)(dst->sa_len ?
780 dst->sa_data : NULL));
781 IEEE80211_TX_UNLOCK(ic);
782 return (ret);
783 bad:
784 if (m != NULL)
785 m_freem(m);
786 if (ni != NULL)
787 ieee80211_free_node(ni);
788 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
789 return error;
790 #undef senderr
791 }
792
793 /*
794 * Set the direction field and address fields of an outgoing
795 * frame. Note this should be called early on in constructing
796 * a frame as it sets i_fc[1]; other bits can then be or'd in.
797 */
798 void
799 ieee80211_send_setup(
800 struct ieee80211_node *ni,
801 struct mbuf *m,
802 int type, int tid,
803 const uint8_t sa[IEEE80211_ADDR_LEN],
804 const uint8_t da[IEEE80211_ADDR_LEN],
805 const uint8_t bssid[IEEE80211_ADDR_LEN])
806 {
807 #define WH4(wh) ((struct ieee80211_frame_addr4 *)wh)
808 struct ieee80211vap *vap = ni->ni_vap;
809 struct ieee80211_tx_ampdu *tap;
810 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *);
811 ieee80211_seq seqno;
812
813 IEEE80211_TX_LOCK_ASSERT(ni->ni_ic);
814
815 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type;
816 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) {
817 switch (vap->iv_opmode) {
818 case IEEE80211_M_STA:
819 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
820 IEEE80211_ADDR_COPY(wh->i_addr1, bssid);
821 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
822 IEEE80211_ADDR_COPY(wh->i_addr3, da);
823 break;
824 case IEEE80211_M_IBSS:
825 case IEEE80211_M_AHDEMO:
826 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
827 IEEE80211_ADDR_COPY(wh->i_addr1, da);
828 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
829 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
830 break;
831 case IEEE80211_M_HOSTAP:
832 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
833 IEEE80211_ADDR_COPY(wh->i_addr1, da);
834 IEEE80211_ADDR_COPY(wh->i_addr2, bssid);
835 IEEE80211_ADDR_COPY(wh->i_addr3, sa);
836 break;
837 case IEEE80211_M_WDS:
838 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
839 IEEE80211_ADDR_COPY(wh->i_addr1, da);
840 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
841 IEEE80211_ADDR_COPY(wh->i_addr3, da);
842 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa);
843 break;
844 case IEEE80211_M_MBSS:
845 #ifdef IEEE80211_SUPPORT_MESH
846 if (IEEE80211_IS_MULTICAST(da)) {
847 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
848 /* XXX next hop */
849 IEEE80211_ADDR_COPY(wh->i_addr1, da);
850 IEEE80211_ADDR_COPY(wh->i_addr2,
851 vap->iv_myaddr);
852 } else {
853 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
854 IEEE80211_ADDR_COPY(wh->i_addr1, da);
855 IEEE80211_ADDR_COPY(wh->i_addr2,
856 vap->iv_myaddr);
857 IEEE80211_ADDR_COPY(wh->i_addr3, da);
858 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa);
859 }
860 #endif
861 break;
862 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */
863 break;
864 }
865 } else {
866 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
867 IEEE80211_ADDR_COPY(wh->i_addr1, da);
868 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
869 #ifdef IEEE80211_SUPPORT_MESH
870 if (vap->iv_opmode == IEEE80211_M_MBSS)
871 IEEE80211_ADDR_COPY(wh->i_addr3, sa);
872 else
873 #endif
874 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
875 }
876 *(uint16_t *)&wh->i_dur[0] = 0;
877
878 tap = &ni->ni_tx_ampdu[tid];
879 if (tid != IEEE80211_NONQOS_TID && IEEE80211_AMPDU_RUNNING(tap))
880 m->m_flags |= M_AMPDU_MPDU;
881 else {
882 if (IEEE80211_HAS_SEQ(type & IEEE80211_FC0_TYPE_MASK,
883 type & IEEE80211_FC0_SUBTYPE_MASK))
884 seqno = ni->ni_txseqs[tid]++;
885 else
886 seqno = 0;
887
888 *(uint16_t *)&wh->i_seq[0] =
889 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
890 M_SEQNO_SET(m, seqno);
891 }
892
893 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
894 m->m_flags |= M_MCAST;
895 #undef WH4
896 }
897
898 /*
899 * Send a management frame to the specified node. The node pointer
900 * must have a reference as the pointer will be passed to the driver
901 * and potentially held for a long time. If the frame is successfully
902 * dispatched to the driver, then it is responsible forkfreeing the
903 * reference (and potentiallykfree'ing up any associated storage);
904 * otherwise deal with reclaiming any reference (on error).
905 */
906 int
907 ieee80211_mgmt_output(struct ieee80211_node *ni, struct mbuf *m, int type,
908 struct ieee80211_bpf_params *params)
909 {
910 struct ieee80211vap *vap = ni->ni_vap;
911 struct ieee80211com *ic = ni->ni_ic;
912 struct ieee80211_frame *wh;
913 int ret;
914
915 KASSERT(ni != NULL, ("null node"));
916
917 if (vap->iv_state == IEEE80211_S_CAC) {
918 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
919 ni, "block %s frame in CAC state",
920 ieee80211_mgt_subtype_name(type));
921 vap->iv_stats.is_tx_badstate++;
922 ieee80211_free_node(ni);
923 m_freem(m);
924 return EIO; /* XXX */
925 }
926
927 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT);
928 if (m == NULL) {
929 ieee80211_free_node(ni);
930 return ENOMEM;
931 }
932
933 IEEE80211_TX_LOCK(ic);
934
935 wh = mtod(m, struct ieee80211_frame *);
936 ieee80211_send_setup(ni, m,
937 IEEE80211_FC0_TYPE_MGT | type, IEEE80211_NONQOS_TID,
938 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
939 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) {
940 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr1,
941 "encrypting frame (%s)", __func__);
942 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED;
943 }
944 m->m_flags |= M_ENCAP; /* mark encapsulated */
945
946 KASSERT(type != IEEE80211_FC0_SUBTYPE_PROBE_RESP, ("probe response?"));
947 M_WME_SETAC(m, params->ibp_pri);
948
949 #ifdef IEEE80211_DEBUG
950 /* avoid printing too many frames */
951 if ((ieee80211_msg_debug(vap) && doprint(vap, type)) ||
952 ieee80211_msg_dumppkts(vap)) {
953 kprintf("[%s] send %s on channel %u\n",
954 ether_sprintf(wh->i_addr1),
955 ieee80211_mgt_subtype_name(type),
956 ieee80211_chan2ieee(ic, ic->ic_curchan));
957 }
958 #endif
959 IEEE80211_NODE_STAT(ni, tx_mgmt);
960
961 ret = ieee80211_raw_output(vap, ni, m, params);
962 IEEE80211_TX_UNLOCK(ic);
963 return (ret);
964 }
965
966 static void
967 ieee80211_nulldata_transmitted(struct ieee80211_node *ni, void *arg,
968 int status)
969 {
970 struct ieee80211vap *vap = ni->ni_vap;
971
972 wakeup(vap);
973 }
974
975 /*
976 * Send a null data frame to the specified node. If the station
977 * is setup for QoS then a QoS Null Data frame is constructed.
978 * If this is a WDS station then a 4-address frame is constructed.
979 *
980 * NB: the caller is assumed to have setup a node reference
981 * for use; this is necessary to deal with a race condition
982 * when probing for inactive stations. Like ieee80211_mgmt_output
983 * we must cleanup any node reference on error; however we
984 * can safely just unref it as we know it will never be the
985 * last reference to the node.
986 */
987 int
988 ieee80211_send_nulldata(struct ieee80211_node *ni)
989 {
990 struct ieee80211vap *vap = ni->ni_vap;
991 struct ieee80211com *ic = ni->ni_ic;
992 struct mbuf *m;
993 struct ieee80211_frame *wh;
994 int hdrlen;
995 uint8_t *frm;
996 int ret;
997
998 if (vap->iv_state == IEEE80211_S_CAC) {
999 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
1000 ni, "block %s frame in CAC state", "null data");
1001 ieee80211_unref_node(&ni);
1002 vap->iv_stats.is_tx_badstate++;
1003 return EIO; /* XXX */
1004 }
1005
1006 if (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT))
1007 hdrlen = sizeof(struct ieee80211_qosframe);
1008 else
1009 hdrlen = sizeof(struct ieee80211_frame);
1010 /* NB: only WDS vap's get 4-address frames */
1011 if (vap->iv_opmode == IEEE80211_M_WDS)
1012 hdrlen += IEEE80211_ADDR_LEN;
1013 if (ic->ic_flags & IEEE80211_F_DATAPAD)
1014 hdrlen = roundup(hdrlen, sizeof(uint32_t));
1015
1016 m = ieee80211_getmgtframe(&frm, ic->ic_headroom + hdrlen, 0);
1017 if (m == NULL) {
1018 /* XXX debug msg */
1019 ieee80211_unref_node(&ni);
1020 vap->iv_stats.is_tx_nobuf++;
1021 return ENOMEM;
1022 }
1023 KASSERT(M_LEADINGSPACE(m) >= hdrlen,
1024 ("leading space %zd", M_LEADINGSPACE(m)));
1025 M_PREPEND(m, hdrlen, M_NOWAIT);
1026 if (m == NULL) {
1027 /* NB: cannot happen */
1028 ieee80211_free_node(ni);
1029 return ENOMEM;
1030 }
1031
1032 IEEE80211_TX_LOCK(ic);
1033
1034 wh = mtod(m, struct ieee80211_frame *); /* NB: a little lie */
1035 if (ni->ni_flags & IEEE80211_NODE_QOS) {
1036 const int tid = WME_AC_TO_TID(WME_AC_BE);
1037 uint8_t *qos;
1038
1039 ieee80211_send_setup(ni, m,
1040 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS_NULL,
1041 tid, vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
1042
1043 if (vap->iv_opmode == IEEE80211_M_WDS)
1044 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1045 else
1046 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1047 qos[0] = tid & IEEE80211_QOS_TID;
1048 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[WME_AC_BE].wmep_noackPolicy)
1049 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK;
1050 qos[1] = 0;
1051 } else {
1052 ieee80211_send_setup(ni, m,
1053 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA,
1054 IEEE80211_NONQOS_TID,
1055 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
1056 }
1057 if (vap->iv_opmode != IEEE80211_M_WDS) {
1058 /* NB: power management bit is never sent by an AP */
1059 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
1060 vap->iv_opmode != IEEE80211_M_HOSTAP)
1061 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT;
1062 }
1063 if ((ic->ic_flags & IEEE80211_F_SCAN) &&
1064 (ni->ni_flags & IEEE80211_NODE_PWR_MGT)) {
1065 ieee80211_add_callback(m, ieee80211_nulldata_transmitted,
1066 NULL);
1067 }
1068 m->m_len = m->m_pkthdr.len = hdrlen;
1069 m->m_flags |= M_ENCAP; /* mark encapsulated */
1070
1071 M_WME_SETAC(m, WME_AC_BE);
1072
1073 IEEE80211_NODE_STAT(ni, tx_data);
1074
1075 IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, ni,
1076 "send %snull data frame on channel %u, pwr mgt %s",
1077 ni->ni_flags & IEEE80211_NODE_QOS ? "QoS " : "",
1078 ieee80211_chan2ieee(ic, ic->ic_curchan),
1079 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis");
1080
1081 ret = ieee80211_raw_output(vap, ni, m, NULL);
1082 IEEE80211_TX_UNLOCK(ic);
1083 return (ret);
1084 }
1085
1086 /*
1087 * Assign priority to a frame based on any vlan tag assigned
1088 * to the station and/or any Diffserv setting in an IP header.
1089 * Finally, if an ACM policy is setup (in station mode) it's
1090 * applied.
1091 */
1092 int
1093 ieee80211_classify(struct ieee80211_node *ni, struct mbuf *m)
1094 {
1095 const struct ether_header *eh = mtod(m, struct ether_header *);
1096 int v_wme_ac, d_wme_ac, ac;
1097
1098 /*
1099 * Always promote PAE/EAPOL frames to high priority.
1100 */
1101 if (eh->ether_type == htons(ETHERTYPE_PAE)) {
1102 /* NB: mark so others don't need to check header */
1103 m->m_flags |= M_EAPOL;
1104 ac = WME_AC_VO;
1105 goto done;
1106 }
1107 /*
1108 * Non-qos traffic goes to BE.
1109 */
1110 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) {
1111 ac = WME_AC_BE;
1112 goto done;
1113 }
1114
1115 /*
1116 * If node has a vlan tag then all traffic
1117 * to it must have a matching tag.
1118 */
1119 v_wme_ac = 0;
1120 if (ni->ni_vlan != 0) {
1121 if ((m->m_flags & M_VLANTAG) == 0) {
1122 IEEE80211_NODE_STAT(ni, tx_novlantag);
1123 return 1;
1124 }
1125 #if defined(__DragonFly__)
1126 if (EVL_VLANOFTAG(m->m_pkthdr.ether_vlantag) !=
1127 EVL_VLANOFTAG(ni->ni_vlan)) {
1128 IEEE80211_NODE_STAT(ni, tx_vlanmismatch);
1129 return 1;
1130 }
1131 #else
1132 if (EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) !=
1133 EVL_VLANOFTAG(ni->ni_vlan)) {
1134 IEEE80211_NODE_STAT(ni, tx_vlanmismatch);
1135 return 1;
1136 }
1137 #endif
1138 /* map vlan priority to AC */
1139 v_wme_ac = TID_TO_WME_AC(EVL_PRIOFTAG(ni->ni_vlan));
1140 }
1141
1142 /* XXX m_copydata may be too slow for fast path */
1143 #ifdef INET
1144 if (eh->ether_type == htons(ETHERTYPE_IP)) {
1145 uint8_t tos;
1146 /*
1147 * IP frame, map the DSCP bits from the TOS field.
1148 */
1149 /* NB: ip header may not be in first mbuf */
1150 m_copydata(m, sizeof(struct ether_header) +
1151 offsetof(struct ip, ip_tos), sizeof(tos), &tos);
1152 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */
1153 d_wme_ac = TID_TO_WME_AC(tos);
1154 } else {
1155 #endif /* INET */
1156 #ifdef INET6
1157 if (eh->ether_type == htons(ETHERTYPE_IPV6)) {
1158 uint32_t flow;
1159 uint8_t tos;
1160 /*
1161 * IPv6 frame, map the DSCP bits from the traffic class field.
1162 */
1163 m_copydata(m, sizeof(struct ether_header) +
1164 offsetof(struct ip6_hdr, ip6_flow), sizeof(flow),
1165 (caddr_t) &flow);
1166 tos = (uint8_t)(ntohl(flow) >> 20);
1167 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */
1168 d_wme_ac = TID_TO_WME_AC(tos);
1169 } else {
1170 #endif /* INET6 */
1171 d_wme_ac = WME_AC_BE;
1172 #ifdef INET6
1173 }
1174 #endif
1175 #ifdef INET
1176 }
1177 #endif
1178 /*
1179 * Use highest priority AC.
1180 */
1181 if (v_wme_ac > d_wme_ac)
1182 ac = v_wme_ac;
1183 else
1184 ac = d_wme_ac;
1185
1186 /*
1187 * Apply ACM policy.
1188 */
1189 if (ni->ni_vap->iv_opmode == IEEE80211_M_STA) {
1190 static const int acmap[4] = {
1191 WME_AC_BK, /* WME_AC_BE */
1192 WME_AC_BK, /* WME_AC_BK */
1193 WME_AC_BE, /* WME_AC_VI */
1194 WME_AC_VI, /* WME_AC_VO */
1195 };
1196 struct ieee80211com *ic = ni->ni_ic;
1197
1198 while (ac != WME_AC_BK &&
1199 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm)
1200 ac = acmap[ac];
1201 }
1202 done:
1203 M_WME_SETAC(m, ac);
1204 return 0;
1205 }
1206
1207 /*
1208 * Insure there is sufficient contiguous space to encapsulate the
1209 * 802.11 data frame. If room isn't already there, arrange for it.
1210 * Drivers and cipher modules assume we have done the necessary work
1211 * and fail rudely if they don't find the space they need.
1212 */
1213 struct mbuf *
1214 ieee80211_mbuf_adjust(struct ieee80211vap *vap, int hdrsize,
1215 struct ieee80211_key *key, struct mbuf *m)
1216 {
1217 #define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc))
1218 int needed_space = vap->iv_ic->ic_headroom + hdrsize;
1219
1220 if (key != NULL) {
1221 /* XXX belongs in crypto code? */
1222 needed_space += key->wk_cipher->ic_header;
1223 /* XXX frags */
1224 /*
1225 * When crypto is being done in the host we must insure
1226 * the data are writable for the cipher routines; clone
1227 * a writable mbuf chain.
1228 * XXX handle SWMIC specially
1229 */
1230 if (key->wk_flags & (IEEE80211_KEY_SWENCRYPT|IEEE80211_KEY_SWENMIC)) {
1231 m = m_unshare(m, M_NOWAIT);
1232 if (m == NULL) {
1233 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
1234 "%s: cannot get writable mbuf\n", __func__);
1235 vap->iv_stats.is_tx_nobuf++; /* XXX new stat */
1236 return NULL;
1237 }
1238 }
1239 }
1240 /*
1241 * We know we are called just before stripping an Ethernet
1242 * header and prepending an LLC header. This means we know
1243 * there will be
1244 * sizeof(struct ether_header) - sizeof(struct llc)
1245 * bytes recovered to which we need additional space for the
1246 * 802.11 header and any crypto header.
1247 */
1248 /* XXX check trailing space and copy instead? */
1249 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) {
1250 struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type);
1251 if (n == NULL) {
1252 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
1253 "%s: cannot expand storage\n", __func__);
1254 vap->iv_stats.is_tx_nobuf++;
1255 m_freem(m);
1256 return NULL;
1257 }
1258 #if defined(__DragonFly__)
1259 KASSERT(needed_space <= MHLEN,
1260 ("not enough room, need %u got %zd\n", needed_space, MHLEN));
1261 #else
1262 KASSERT(needed_space <= MHLEN,
1263 ("not enough room, need %u got %d\n", needed_space, MHLEN));
1264 #endif
1265 /*
1266 * Setup new mbuf to have leading space to prepend the
1267 * 802.11 header and any crypto header bits that are
1268 * required (the latter are added when the driver calls
1269 * back to ieee80211_crypto_encap to do crypto encapsulation).
1270 */
1271 /* NB: must be first 'cuz it clobbers m_data */
1272 m_move_pkthdr(n, m);
1273 n->m_len = 0; /* NB: m_gethdr does not set */
1274 n->m_data += needed_space;
1275 /*
1276 * Pull up Ethernet header to create the expected layout.
1277 * We could use m_pullup but that's overkill (i.e. we don't
1278 * need the actual data) and it cannot fail so do it inline
1279 * for speed.
1280 */
1281 /* NB: struct ether_header is known to be contiguous */
1282 n->m_len += sizeof(struct ether_header);
1283 m->m_len -= sizeof(struct ether_header);
1284 m->m_data += sizeof(struct ether_header);
1285 /*
1286 * Replace the head of the chain.
1287 */
1288 n->m_next = m;
1289 m = n;
1290 }
1291 return m;
1292 #undef TO_BE_RECLAIMED
1293 }
1294
1295 /*
1296 * Return the transmit key to use in sending a unicast frame.
1297 * If a unicast key is set we use that. When no unicast key is set
1298 * we fall back to the default transmit key.
1299 */
1300 static __inline struct ieee80211_key *
1301 ieee80211_crypto_getucastkey(struct ieee80211vap *vap,
1302 struct ieee80211_node *ni)
1303 {
1304 if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
1305 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE ||
1306 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey]))
1307 return NULL;
1308 return &vap->iv_nw_keys[vap->iv_def_txkey];
1309 } else {
1310 return &ni->ni_ucastkey;
1311 }
1312 }
1313
1314 /*
1315 * Return the transmit key to use in sending a multicast frame.
1316 * Multicast traffic always uses the group key which is installed as
1317 * the default tx key.
1318 */
1319 static __inline struct ieee80211_key *
1320 ieee80211_crypto_getmcastkey(struct ieee80211vap *vap,
1321 struct ieee80211_node *ni)
1322 {
1323 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE ||
1324 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey]))
1325 return NULL;
1326 return &vap->iv_nw_keys[vap->iv_def_txkey];
1327 }
1328
1329 /*
1330 * Encapsulate an outbound data frame. The mbuf chain is updated.
1331 * If an error is encountered NULL is returned. The caller is required
1332 * to provide a node reference and pullup the ethernet header in the
1333 * first mbuf.
1334 *
1335 * NB: Packet is assumed to be processed by ieee80211_classify which
1336 * marked EAPOL frames w/ M_EAPOL.
1337 */
1338 struct mbuf *
1339 ieee80211_encap(struct ieee80211vap *vap, struct ieee80211_node *ni,
1340 struct mbuf *m)
1341 {
1342 #define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh))
1343 #define MC01(mc) ((struct ieee80211_meshcntl_ae01 *)mc)
1344 struct ieee80211com *ic = ni->ni_ic;
1345 #ifdef IEEE80211_SUPPORT_MESH
1346 struct ieee80211_mesh_state *ms = vap->iv_mesh;
1347 struct ieee80211_meshcntl_ae10 *mc;
1348 struct ieee80211_mesh_route *rt = NULL;
1349 int dir = -1;
1350 #endif
1351 struct ether_header eh;
1352 struct ieee80211_frame *wh;
1353 struct ieee80211_key *key;
1354 struct llc *llc;
1355 int hdrsize, hdrspace, datalen, addqos, txfrag, is4addr;
1356 ieee80211_seq seqno;
1357 int meshhdrsize, meshae;
1358 uint8_t *qos;
1359 int is_amsdu = 0;
1360
1361 IEEE80211_TX_LOCK_ASSERT(ic);
1362
1363 /*
1364 * Copy existing Ethernet header to a safe place. The
1365 * rest of the code assumes it's ok to strip it when
1366 * reorganizing state for the final encapsulation.
1367 */
1368 KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!"));
1369 ETHER_HEADER_COPY(&eh, mtod(m, caddr_t));
1370
1371 /*
1372 * Insure space for additional headers. First identify
1373 * transmit key to use in calculating any buffer adjustments
1374 * required. This is also used below to do privacy
1375 * encapsulation work. Then calculate the 802.11 header
1376 * size and any padding required by the driver.
1377 *
1378 * Note key may be NULL if we fall back to the default
1379 * transmit key and that is not set. In that case the
1380 * buffer may not be expanded as needed by the cipher
1381 * routines, but they will/should discard it.
1382 */
1383 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
1384 if (vap->iv_opmode == IEEE80211_M_STA ||
1385 !IEEE80211_IS_MULTICAST(eh.ether_dhost) ||
1386 (vap->iv_opmode == IEEE80211_M_WDS &&
1387 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY)))
1388 key = ieee80211_crypto_getucastkey(vap, ni);
1389 else
1390 key = ieee80211_crypto_getmcastkey(vap, ni);
1391 if (key == NULL && (m->m_flags & M_EAPOL) == 0) {
1392 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO,
1393 eh.ether_dhost,
1394 "no default transmit key (%s) deftxkey %u",
1395 __func__, vap->iv_def_txkey);
1396 vap->iv_stats.is_tx_nodefkey++;
1397 goto bad;
1398 }
1399 } else
1400 key = NULL;
1401 /*
1402 * XXX Some ap's don't handle QoS-encapsulated EAPOL
1403 * frames so suppress use. This may be an issue if other
1404 * ap's require all data frames to be QoS-encapsulated
1405 * once negotiated in which case we'll need to make this
1406 * configurable.
1407 * NB: mesh data frames are QoS.
1408 */
1409 addqos = ((ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) ||
1410 (vap->iv_opmode == IEEE80211_M_MBSS)) &&
1411 (m->m_flags & M_EAPOL) == 0;
1412 if (addqos)
1413 hdrsize = sizeof(struct ieee80211_qosframe);
1414 else
1415 hdrsize = sizeof(struct ieee80211_frame);
1416 #ifdef IEEE80211_SUPPORT_MESH
1417 if (vap->iv_opmode == IEEE80211_M_MBSS) {
1418 /*
1419 * Mesh data frames are encapsulated according to the
1420 * rules of Section 11B.8.5 (p.139 of D3.0 spec).
1421 * o Group Addressed data (aka multicast) originating
1422 * at the local sta are sent w/ 3-address format and
1423 * address extension mode 00
1424 * o Individually Addressed data (aka unicast) originating
1425 * at the local sta are sent w/ 4-address format and
1426 * address extension mode 00
1427 * o Group Addressed data forwarded from a non-mesh sta are
1428 * sent w/ 3-address format and address extension mode 01
1429 * o Individually Address data from another sta are sent
1430 * w/ 4-address format and address extension mode 10
1431 */
1432 is4addr = 0; /* NB: don't use, disable */
1433 if (!IEEE80211_IS_MULTICAST(eh.ether_dhost)) {
1434 rt = ieee80211_mesh_rt_find(vap, eh.ether_dhost);
1435 KASSERT(rt != NULL, ("route is NULL"));
1436 dir = IEEE80211_FC1_DIR_DSTODS;
1437 hdrsize += IEEE80211_ADDR_LEN;
1438 if (rt->rt_flags & IEEE80211_MESHRT_FLAGS_PROXY) {
1439 if (IEEE80211_ADDR_EQ(rt->rt_mesh_gate,
1440 vap->iv_myaddr)) {
1441 IEEE80211_NOTE_MAC(vap,
1442 IEEE80211_MSG_MESH,
1443 eh.ether_dhost,
1444 "%s", "trying to send to ourself");
1445 goto bad;
1446 }
1447 meshae = IEEE80211_MESH_AE_10;
1448 meshhdrsize =
1449 sizeof(struct ieee80211_meshcntl_ae10);
1450 } else {
1451 meshae = IEEE80211_MESH_AE_00;
1452 meshhdrsize =
1453 sizeof(struct ieee80211_meshcntl);
1454 }
1455 } else {
1456 dir = IEEE80211_FC1_DIR_FROMDS;
1457 if (!IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)) {
1458 /* proxy group */
1459 meshae = IEEE80211_MESH_AE_01;
1460 meshhdrsize =
1461 sizeof(struct ieee80211_meshcntl_ae01);
1462 } else {
1463 /* group */
1464 meshae = IEEE80211_MESH_AE_00;
1465 meshhdrsize = sizeof(struct ieee80211_meshcntl);
1466 }
1467 }
1468 } else {
1469 #endif
1470 /*
1471 * 4-address frames need to be generated for:
1472 * o packets sent through a WDS vap (IEEE80211_M_WDS)
1473 * o packets sent through a vap marked for relaying
1474 * (e.g. a station operating with dynamic WDS)
1475 */
1476 is4addr = vap->iv_opmode == IEEE80211_M_WDS ||
1477 ((vap->iv_flags_ext & IEEE80211_FEXT_4ADDR) &&
1478 !IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr));
1479 if (is4addr)
1480 hdrsize += IEEE80211_ADDR_LEN;
1481 meshhdrsize = meshae = 0;
1482 #ifdef IEEE80211_SUPPORT_MESH
1483 }
1484 #endif
1485 /*
1486 * Honor driver DATAPAD requirement.
1487 */
1488 if (ic->ic_flags & IEEE80211_F_DATAPAD)
1489 hdrspace = roundup(hdrsize, sizeof(uint32_t));
1490 else
1491 hdrspace = hdrsize;
1492
1493 if (__predict_true((m->m_flags & M_FF) == 0)) {
1494 /*
1495 * Normal frame.
1496 */
1497 m = ieee80211_mbuf_adjust(vap, hdrspace + meshhdrsize, key, m);
1498 if (m == NULL) {
1499 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */
1500 goto bad;
1501 }
1502 /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */
1503 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc));
1504 llc = mtod(m, struct llc *);
1505 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP;
1506 llc->llc_control = LLC_UI;
1507 llc->llc_snap.org_code[0] = 0;
1508 llc->llc_snap.org_code[1] = 0;
1509 llc->llc_snap.org_code[2] = 0;
1510 llc->llc_snap.ether_type = eh.ether_type;
1511 } else {
1512 #ifdef IEEE80211_SUPPORT_SUPERG
1513 /*
1514 * Aggregated frame. Check if it's for AMSDU or FF.
1515 *
1516 * XXX TODO: IEEE80211_NODE_AMSDU* isn't implemented
1517 * anywhere for some reason. But, since 11n requires
1518 * AMSDU RX, we can just assume "11n" == "AMSDU".
1519 */
1520 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG, "%s: called; M_FF\n", __func__);
1521 if (ieee80211_amsdu_tx_ok(ni)) {
1522 m = ieee80211_amsdu_encap(vap, m, hdrspace + meshhdrsize, key);
1523 is_amsdu = 1;
1524 } else {
1525 m = ieee80211_ff_encap(vap, m, hdrspace + meshhdrsize, key);
1526 }
1527 if (m == NULL)
1528 #endif
1529 goto bad;
1530 }
1531 datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */
1532
1533 M_PREPEND(m, hdrspace + meshhdrsize, M_NOWAIT);
1534 if (m == NULL) {
1535 vap->iv_stats.is_tx_nobuf++;
1536 goto bad;
1537 }
1538 wh = mtod(m, struct ieee80211_frame *);
1539 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA;
1540 *(uint16_t *)wh->i_dur = 0;
1541 qos = NULL; /* NB: quiet compiler */
1542 if (is4addr) {
1543 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
1544 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr);
1545 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1546 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1547 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost);
1548 } else switch (vap->iv_opmode) {
1549 case IEEE80211_M_STA:
1550 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
1551 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid);
1552 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
1553 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1554 break;
1555 case IEEE80211_M_IBSS:
1556 case IEEE80211_M_AHDEMO:
1557 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1558 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1559 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
1560 /*
1561 * NB: always use the bssid from iv_bss as the
1562 * neighbor's may be stale after an ibss merge
1563 */
1564 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_bssid);
1565 break;
1566 case IEEE80211_M_HOSTAP:
1567 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
1568 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1569 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid);
1570 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost);
1571 break;
1572 #ifdef IEEE80211_SUPPORT_MESH
1573 case IEEE80211_M_MBSS:
1574 /* NB: offset by hdrspace to deal with DATAPAD */
1575 mc = (struct ieee80211_meshcntl_ae10 *)
1576 (mtod(m, uint8_t *) + hdrspace);
1577 wh->i_fc[1] = dir;
1578 switch (meshae) {
1579 case IEEE80211_MESH_AE_00: /* no proxy */
1580 mc->mc_flags = 0;
1581 if (dir == IEEE80211_FC1_DIR_DSTODS) { /* ucast */
1582 IEEE80211_ADDR_COPY(wh->i_addr1,
1583 ni->ni_macaddr);
1584 IEEE80211_ADDR_COPY(wh->i_addr2,
1585 vap->iv_myaddr);
1586 IEEE80211_ADDR_COPY(wh->i_addr3,
1587 eh.ether_dhost);
1588 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4,
1589 eh.ether_shost);
1590 qos =((struct ieee80211_qosframe_addr4 *)
1591 wh)->i_qos;
1592 } else if (dir == IEEE80211_FC1_DIR_FROMDS) {
1593 /* mcast */
1594 IEEE80211_ADDR_COPY(wh->i_addr1,
1595 eh.ether_dhost);
1596 IEEE80211_ADDR_COPY(wh->i_addr2,
1597 vap->iv_myaddr);
1598 IEEE80211_ADDR_COPY(wh->i_addr3,
1599 eh.ether_shost);
1600 qos = ((struct ieee80211_qosframe *)
1601 wh)->i_qos;
1602 }
1603 break;
1604 case IEEE80211_MESH_AE_01: /* mcast, proxy */
1605 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
1606 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1607 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1608 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_myaddr);
1609 mc->mc_flags = 1;
1610 IEEE80211_ADDR_COPY(MC01(mc)->mc_addr4,
1611 eh.ether_shost);
1612 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1613 break;
1614 case IEEE80211_MESH_AE_10: /* ucast, proxy */
1615 KASSERT(rt != NULL, ("route is NULL"));
1616 IEEE80211_ADDR_COPY(wh->i_addr1, rt->rt_nexthop);
1617 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1618 IEEE80211_ADDR_COPY(wh->i_addr3, rt->rt_mesh_gate);
1619 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, vap->iv_myaddr);
1620 mc->mc_flags = IEEE80211_MESH_AE_10;
1621 IEEE80211_ADDR_COPY(mc->mc_addr5, eh.ether_dhost);
1622 IEEE80211_ADDR_COPY(mc->mc_addr6, eh.ether_shost);
1623 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1624 break;
1625 default:
1626 KASSERT(0, ("meshae %d", meshae));
1627 break;
1628 }
1629 mc->mc_ttl = ms->ms_ttl;
1630 ms->ms_seq++;
1631 le32enc(mc->mc_seq, ms->ms_seq);
1632 break;
1633 #endif
1634 case IEEE80211_M_WDS: /* NB: is4addr should always be true */
1635 default:
1636 goto bad;
1637 }
1638 if (m->m_flags & M_MORE_DATA)
1639 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA;
1640 if (addqos) {
1641 int ac, tid;
1642
1643 if (is4addr) {
1644 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1645 /* NB: mesh case handled earlier */
1646 } else if (vap->iv_opmode != IEEE80211_M_MBSS)
1647 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1648 ac = M_WME_GETAC(m);
1649 /* map from access class/queue to 11e header priorty value */
1650 tid = WME_AC_TO_TID(ac);
1651 qos[0] = tid & IEEE80211_QOS_TID;
1652 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy)
1653 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK;
1654 #ifdef IEEE80211_SUPPORT_MESH
1655 if (vap->iv_opmode == IEEE80211_M_MBSS)
1656 qos[1] = IEEE80211_QOS_MC;
1657 else
1658 #endif
1659 qos[1] = 0;
1660 wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS;
1661
1662 /*
1663 * If this is an A-MSDU then ensure we set the
1664 * relevant field.
1665 */
1666 if (is_amsdu)
1667 qos[0] |= IEEE80211_QOS_AMSDU;
1668
1669 if ((m->m_flags & M_AMPDU_MPDU) == 0) {
1670 /*
1671 * NB: don't assign a sequence # to potential
1672 * aggregates; we expect this happens at the
1673 * point the frame comes off any aggregation q
1674 * as otherwise we may introduce holes in the
1675 * BA sequence space and/or make window accouting
1676 * more difficult.
1677 *
1678 * XXX may want to control this with a driver
1679 * capability; this may also change when we pull
1680 * aggregation up into net80211
1681 */
1682 seqno = ni->ni_txseqs[tid]++;
1683 *(uint16_t *)wh->i_seq =
1684 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
1685 M_SEQNO_SET(m, seqno);
1686 }
1687 } else {
1688 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++;
1689 *(uint16_t *)wh->i_seq =
1690 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
1691 M_SEQNO_SET(m, seqno);
1692
1693 /*
1694 * XXX TODO: we shouldn't allow EAPOL, etc that would
1695 * be forced to be non-QoS traffic to be A-MSDU encapsulated.
1696 */
1697 if (is_amsdu)
1698 kprintf("%s: XXX ERROR: is_amsdu set; not QoS!\n",
1699 __func__);
1700 }
1701
1702
1703 /* check if xmit fragmentation is required */
1704 txfrag = (m->m_pkthdr.len > vap->iv_fragthreshold &&
1705 !IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1706 (vap->iv_caps & IEEE80211_C_TXFRAG) &&
1707 (m->m_flags & (M_FF | M_AMPDU_MPDU)) == 0);
1708 if (key != NULL) {
1709 /*
1710 * IEEE 802.1X: send EAPOL frames always in the clear.
1711 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.
1712 */
1713 if ((m->m_flags & M_EAPOL) == 0 ||
1714 ((vap->iv_flags & IEEE80211_F_WPA) &&
1715 (vap->iv_opmode == IEEE80211_M_STA ?
1716 !IEEE80211_KEY_UNDEFINED(key) :
1717 !IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)))) {
1718 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED;
1719 if (!ieee80211_crypto_enmic(vap, key, m, txfrag)) {
1720 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT,
1721 eh.ether_dhost,
1722 "%s", "enmic failed, discard frame");
1723 vap->iv_stats.is_crypto_enmicfail++;
1724 goto bad;
1725 }
1726 }
1727 }
1728 if (txfrag && !ieee80211_fragment(vap, m, hdrsize,
1729 key != NULL ? key->wk_cipher->ic_header : 0, vap->iv_fragthreshold))
1730 goto bad;
1731
1732 m->m_flags |= M_ENCAP; /* mark encapsulated */
1733
1734 IEEE80211_NODE_STAT(ni, tx_data);
1735 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1736 IEEE80211_NODE_STAT(ni, tx_mcast);
1737 m->m_flags |= M_MCAST;
1738 } else
1739 IEEE80211_NODE_STAT(ni, tx_ucast);
1740 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen);
1741
1742 return m;
1743 bad:
1744 if (m != NULL)
1745 m_freem(m);
1746 return NULL;
1747 #undef WH4
1748 #undef MC01
1749 }
1750
1751 void
1752 ieee80211_free_mbuf(struct mbuf *m)
1753 {
1754 struct mbuf *next;
1755
1756 if (m == NULL)
1757 return;
1758
1759 do {
1760 next = m->m_nextpkt;
1761 m->m_nextpkt = NULL;
1762 m_freem(m);
1763 } while ((m = next) != NULL);
1764 }
1765
1766 /*
1767 * Fragment the frame according to the specified mtu.
1768 * The size of the 802.11 header (w/o padding) is provided
1769 * so we don't need to recalculate it. We create a new
1770 * mbuf for each fragment and chain it through m_nextpkt;
1771 * we might be able to optimize this by reusing the original
1772 * packet's mbufs but that is significantly more complicated.
1773 */
1774 static int
1775 ieee80211_fragment(struct ieee80211vap *vap, struct mbuf *m0,
1776 u_int hdrsize, u_int ciphdrsize, u_int mtu)
1777 {
1778 struct ieee80211com *ic = vap->iv_ic;
1779 struct ieee80211_frame *wh, *whf;
1780 struct mbuf *m, *prev;
1781 u_int totalhdrsize, fragno, fragsize, off, remainder, payload;
1782 u_int hdrspace;
1783
1784 KASSERT(m0->m_nextpkt == NULL, ("mbuf already chained?"));
1785 KASSERT(m0->m_pkthdr.len > mtu,
1786 ("pktlen %u mtu %u", m0->m_pkthdr.len, mtu));
1787
1788 /*
1789 * Honor driver DATAPAD requirement.
1790 */
1791 if (ic->ic_flags & IEEE80211_F_DATAPAD)
1792 hdrspace = roundup(hdrsize, sizeof(uint32_t));
1793 else
1794 hdrspace = hdrsize;
1795
1796 wh = mtod(m0, struct ieee80211_frame *);
1797 /* NB: mark the first frag; it will be propagated below */
1798 wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG;
1799 totalhdrsize = hdrspace + ciphdrsize;
1800 fragno = 1;
1801 off = mtu - ciphdrsize;
1802 remainder = m0->m_pkthdr.len - off;
1803 prev = m0;
1804 do {
1805 fragsize = totalhdrsize + remainder;
1806 if (fragsize > mtu)
1807 fragsize = mtu;
1808 /* XXX fragsize can be >2048! */
1809 KASSERT(fragsize < MCLBYTES,
1810 ("fragment size %u too big!", fragsize));
1811 if (fragsize > MHLEN)
1812 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
1813 else
1814 m = m_gethdr(M_NOWAIT, MT_DATA);
1815 if (m == NULL)
1816 goto bad;
1817 /* leave room to prepend any cipher header */
1818 m_align(m, fragsize - ciphdrsize);
1819
1820 /*
1821 * Form the header in the fragment. Note that since
1822 * we mark the first fragment with the MORE_FRAG bit
1823 * it automatically is propagated to each fragment; we
1824 * need only clear it on the last fragment (done below).
1825 * NB: frag 1+ dont have Mesh Control field present.
1826 */
1827 whf = mtod(m, struct ieee80211_frame *);
1828 memcpy(whf, wh, hdrsize);
1829 #ifdef IEEE80211_SUPPORT_MESH
1830 if (vap->iv_opmode == IEEE80211_M_MBSS) {
1831 if (IEEE80211_IS_DSTODS(wh))
1832 ((struct ieee80211_qosframe_addr4 *)
1833 whf)->i_qos[1] &= ~IEEE80211_QOS_MC;
1834 else
1835 ((struct ieee80211_qosframe *)
1836 whf)->i_qos[1] &= ~IEEE80211_QOS_MC;
1837 }
1838 #endif
1839 *(uint16_t *)&whf->i_seq[0] |= htole16(
1840 (fragno & IEEE80211_SEQ_FRAG_MASK) <<
1841 IEEE80211_SEQ_FRAG_SHIFT);
1842 fragno++;
1843
1844 payload = fragsize - totalhdrsize;
1845 /* NB: destination is known to be contiguous */
1846
1847 m_copydata(m0, off, payload, mtod(m, uint8_t *) + hdrspace);
1848 m->m_len = hdrspace + payload;
1849 m->m_pkthdr.len = hdrspace + payload;
1850 m->m_flags |= M_FRAG;
1851
1852 /* chain up the fragment */
1853 prev->m_nextpkt = m;
1854 prev = m;
1855
1856 /* deduct fragment just formed */
1857 remainder -= payload;
1858 off += payload;
1859 } while (remainder != 0);
1860
1861 /* set the last fragment */
1862 m->m_flags |= M_LASTFRAG;
1863 whf->i_fc[1] &= ~IEEE80211_FC1_MORE_FRAG;
1864
1865 /* strip first mbuf now that everything has been copied */
1866 m_adj(m0, -(m0->m_pkthdr.len - (mtu - ciphdrsize)));
1867 m0->m_flags |= M_FIRSTFRAG | M_FRAG;
1868
1869 vap->iv_stats.is_tx_fragframes++;
1870 vap->iv_stats.is_tx_frags += fragno-1;
1871
1872 return 1;
1873 bad:
1874 /* reclaim fragments but leave original frame for caller to free */
1875 ieee80211_free_mbuf(m0->m_nextpkt);
1876 m0->m_nextpkt = NULL;
1877 return 0;
1878 }
1879
1880 /*
1881 * Add a supported rates element id to a frame.
1882 */
1883 uint8_t *
1884 ieee80211_add_rates(uint8_t *frm, const struct ieee80211_rateset *rs)
1885 {
1886 int nrates;
1887
1888 *frm++ = IEEE80211_ELEMID_RATES;
1889 nrates = rs->rs_nrates;
1890 if (nrates > IEEE80211_RATE_SIZE)
1891 nrates = IEEE80211_RATE_SIZE;
1892 *frm++ = nrates;
1893 memcpy(frm, rs->rs_rates, nrates);
1894 return frm + nrates;
1895 }
1896
1897 /*
1898 * Add an extended supported rates element id to a frame.
1899 */
1900 uint8_t *
1901 ieee80211_add_xrates(uint8_t *frm, const struct ieee80211_rateset *rs)
1902 {
1903 /*
1904 * Add an extended supported rates element if operating in 11g mode.
1905 */
1906 if (rs->rs_nrates > IEEE80211_RATE_SIZE) {
1907 int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE;
1908 *frm++ = IEEE80211_ELEMID_XRATES;
1909 *frm++ = nrates;
1910 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates);
1911 frm += nrates;
1912 }
1913 return frm;
1914 }
1915
1916 /*
1917 * Add an ssid element to a frame.
1918 */
1919 uint8_t *
1920 ieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len)
1921 {
1922 *frm++ = IEEE80211_ELEMID_SSID;
1923 *frm++ = len;
1924 memcpy(frm, ssid, len);
1925 return frm + len;
1926 }
1927
1928 /*
1929 * Add an erp element to a frame.
1930 */
1931 static uint8_t *
1932 ieee80211_add_erp(uint8_t *frm, struct ieee80211com *ic)
1933 {
1934 uint8_t erp;
1935
1936 *frm++ = IEEE80211_ELEMID_ERP;
1937 *frm++ = 1;
1938 erp = 0;
1939 if (ic->ic_nonerpsta != 0)
1940 erp |= IEEE80211_ERP_NON_ERP_PRESENT;
1941 if (ic->ic_flags & IEEE80211_F_USEPROT)
1942 erp |= IEEE80211_ERP_USE_PROTECTION;
1943 if (ic->ic_flags & IEEE80211_F_USEBARKER)
1944 erp |= IEEE80211_ERP_LONG_PREAMBLE;
1945 *frm++ = erp;
1946 return frm;
1947 }
1948
1949 /*
1950 * Add a CFParams element to a frame.
1951 */
1952 static uint8_t *
1953 ieee80211_add_cfparms(uint8_t *frm, struct ieee80211com *ic)
1954 {
1955 #define ADDSHORT(frm, v) do { \
1956 le16enc(frm, v); \
1957 frm += 2; \
1958 } while (0)
1959 *frm++ = IEEE80211_ELEMID_CFPARMS;
1960 *frm++ = 6;
1961 *frm++ = 0; /* CFP count */
1962 *frm++ = 2; /* CFP period */
1963 ADDSHORT(frm, 0); /* CFP MaxDuration (TU) */
1964 ADDSHORT(frm, 0); /* CFP CurRemaining (TU) */
1965 return frm;
1966 #undef ADDSHORT
1967 }
1968
1969 static __inline uint8_t *
1970 add_appie(uint8_t *frm, const struct ieee80211_appie *ie)
1971 {
1972 memcpy(frm, ie->ie_data, ie->ie_len);
1973 return frm + ie->ie_len;
1974 }
1975
1976 static __inline uint8_t *
1977 add_ie(uint8_t *frm, const uint8_t *ie)
1978 {
1979 memcpy(frm, ie, 2 + ie[1]);
1980 return frm + 2 + ie[1];
1981 }
1982
1983 #define WME_OUI_BYTES 0x00, 0x50, 0xf2
1984 /*
1985 * Add a WME information element to a frame.
1986 */
1987 uint8_t *
1988 ieee80211_add_wme_info(uint8_t *frm, struct ieee80211_wme_state *wme)
1989 {
1990 static const struct ieee80211_wme_info info = {
1991 .wme_id = IEEE80211_ELEMID_VENDOR,
1992 .wme_len = sizeof(struct ieee80211_wme_info) - 2,
1993 .wme_oui = { WME_OUI_BYTES },
1994 .wme_type = WME_OUI_TYPE,
1995 .wme_subtype = WME_INFO_OUI_SUBTYPE,
1996 .wme_version = WME_VERSION,
1997 .wme_info = 0,
1998 };
1999 memcpy(frm, &info, sizeof(info));
2000 return frm + sizeof(info);
2001 }
2002
2003 /*
2004 * Add a WME parameters element to a frame.
2005 */
2006 static uint8_t *
2007 ieee80211_add_wme_param(uint8_t *frm, struct ieee80211_wme_state *wme)
2008 {
2009 #define SM(_v, _f) (((_v) << _f##_S) & _f)
2010 #define ADDSHORT(frm, v) do { \
2011 le16enc(frm, v); \
2012 frm += 2; \
2013 } while (0)
2014 /* NB: this works 'cuz a param has an info at the front */
2015 static const struct ieee80211_wme_info param = {
2016 .wme_id = IEEE80211_ELEMID_VENDOR,
2017 .wme_len = sizeof(struct ieee80211_wme_param) - 2,
2018 .wme_oui = { WME_OUI_BYTES },
2019 .wme_type = WME_OUI_TYPE,
2020 .wme_subtype = WME_PARAM_OUI_SUBTYPE,
2021 .wme_version = WME_VERSION,
2022 };
2023 int i;
2024
2025 memcpy(frm, &param, sizeof(param));
2026 frm += __offsetof(struct ieee80211_wme_info, wme_info);
2027 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */
2028 *frm++ = 0; /* reserved field */
2029 for (i = 0; i < WME_NUM_AC; i++) {
2030 const struct wmeParams *ac =
2031 &wme->wme_bssChanParams.cap_wmeParams[i];
2032 *frm++ = SM(i, WME_PARAM_ACI)
2033 | SM(ac->wmep_acm, WME_PARAM_ACM)
2034 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN)
2035 ;
2036 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX)
2037 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN)
2038 ;
2039 ADDSHORT(frm, ac->wmep_txopLimit);
2040 }
2041 return frm;
2042 #undef SM
2043 #undef ADDSHORT
2044 }
2045 #undef WME_OUI_BYTES
2046
2047 /*
2048 * Add an 11h Power Constraint element to a frame.
2049 */
2050 static uint8_t *
2051 ieee80211_add_powerconstraint(uint8_t *frm, struct ieee80211vap *vap)
2052 {
2053 const struct ieee80211_channel *c = vap->iv_bss->ni_chan;
2054 /* XXX per-vap tx power limit? */
2055 int8_t limit = vap->iv_ic->ic_txpowlimit / 2;
2056
2057 frm[0] = IEEE80211_ELEMID_PWRCNSTR;
2058 frm[1] = 1;
2059 frm[2] = c->ic_maxregpower > limit ? c->ic_maxregpower - limit : 0;
2060 return frm + 3;
2061 }
2062
2063 /*
2064 * Add an 11h Power Capability element to a frame.
2065 */
2066 static uint8_t *
2067 ieee80211_add_powercapability(uint8_t *frm, const struct ieee80211_channel *c)
2068 {
2069 frm[0] = IEEE80211_ELEMID_PWRCAP;
2070 frm[1] = 2;
2071 frm[2] = c->ic_minpower;
2072 frm[3] = c->ic_maxpower;
2073 return frm + 4;
2074 }
2075
2076 /*
2077 * Add an 11h Supported Channels element to a frame.
2078 */
2079 static uint8_t *
2080 ieee80211_add_supportedchannels(uint8_t *frm, struct ieee80211com *ic)
2081 {
2082 static const int ielen = 26;
2083
2084 frm[0] = IEEE80211_ELEMID_SUPPCHAN;
2085 frm[1] = ielen;
2086 /* XXX not correct */
2087 memcpy(frm+2, ic->ic_chan_avail, ielen);
2088 return frm + 2 + ielen;
2089 }
2090
2091 /*
2092 * Add an 11h Quiet time element to a frame.
2093 */
2094 static uint8_t *
2095 ieee80211_add_quiet(uint8_t *frm, struct ieee80211vap *vap)
2096 {
2097 struct ieee80211_quiet_ie *quiet = (struct ieee80211_quiet_ie *) frm;
2098
2099 quiet->quiet_ie = IEEE80211_ELEMID_QUIET;
2100 quiet->len = 6;
2101 if (vap->iv_quiet_count_value == 1)
2102 vap->iv_quiet_count_value = vap->iv_quiet_count;
2103 else if (vap->iv_quiet_count_value > 1)
2104 vap->iv_quiet_count_value--;
2105
2106 if (vap->iv_quiet_count_value == 0) {
2107 /* value 0 is reserved as per 802.11h standerd */
2108 vap->iv_quiet_count_value = 1;
2109 }
2110
2111 quiet->tbttcount = vap->iv_quiet_count_value;
2112 quiet->period = vap->iv_quiet_period;
2113 quiet->duration = htole16(vap->iv_quiet_duration);
2114 quiet->offset = htole16(vap->iv_quiet_offset);
2115 return frm + sizeof(*quiet);
2116 }
2117
2118 /*
2119 * Add an 11h Channel Switch Announcement element to a frame.
2120 * Note that we use the per-vap CSA count to adjust the global
2121 * counter so we can use this routine to form probe response
2122 * frames and get the current count.
2123 */
2124 static uint8_t *
2125 ieee80211_add_csa(uint8_t *frm, struct ieee80211vap *vap)
2126 {
2127 struct ieee80211com *ic = vap->iv_ic;
2128 struct ieee80211_csa_ie *csa = (struct ieee80211_csa_ie *) frm;
2129
2130 csa->csa_ie = IEEE80211_ELEMID_CSA;
2131 csa->csa_len = 3;
2132 csa->csa_mode = 1; /* XXX force quiet on channel */
2133 csa->csa_newchan = ieee80211_chan2ieee(ic, ic->ic_csa_newchan);
2134 csa->csa_count = ic->ic_csa_count - vap->iv_csa_count;
2135 return frm + sizeof(*csa);
2136 }
2137
2138 /*
2139 * Add an 11h country information element to a frame.
2140 */
2141 static uint8_t *
2142 ieee80211_add_countryie(uint8_t *frm, struct ieee80211com *ic)
2143 {
2144
2145 if (ic->ic_countryie == NULL ||
2146 ic->ic_countryie_chan != ic->ic_bsschan) {
2147 /*
2148 * Handle lazy construction of ie. This is done on
2149 * first use and after a channel change that requires
2150 * re-calculation.
2151 */
2152 if (ic->ic_countryie != NULL)
2153 IEEE80211_FREE(ic->ic_countryie, M_80211_NODE_IE);
2154 ic->ic_countryie = ieee80211_alloc_countryie(ic);
2155 if (ic->ic_countryie == NULL)
2156 return frm;
2157 ic->ic_countryie_chan = ic->ic_bsschan;
2158 }
2159 return add_appie(frm, ic->ic_countryie);
2160 }
2161
2162 uint8_t *
2163 ieee80211_add_wpa(uint8_t *frm, const struct ieee80211vap *vap)
2164 {
2165 if (vap->iv_flags & IEEE80211_F_WPA1 && vap->iv_wpa_ie != NULL)
2166 return (add_ie(frm, vap->iv_wpa_ie));
2167 else {
2168 /* XXX else complain? */
2169 return (frm);
2170 }
2171 }
2172
2173 uint8_t *
2174 ieee80211_add_rsn(uint8_t *frm, const struct ieee80211vap *vap)
2175 {
2176 if (vap->iv_flags & IEEE80211_F_WPA2 && vap->iv_rsn_ie != NULL)
2177 return (add_ie(frm, vap->iv_rsn_ie));
2178 else {
2179 /* XXX else complain? */
2180 return (frm);
2181 }
2182 }
2183
2184 uint8_t *
2185 ieee80211_add_qos(uint8_t *frm, const struct ieee80211_node *ni)
2186 {
2187 if (ni->ni_flags & IEEE80211_NODE_QOS) {
2188 *frm++ = IEEE80211_ELEMID_QOS;
2189 *frm++ = 1;
2190 *frm++ = 0;
2191 }
2192
2193 return (frm);
2194 }
2195
2196 /*
2197 * Send a probe request frame with the specified ssid
2198 * and any optional information element data.
2199 */
2200 int
2201 ieee80211_send_probereq(struct ieee80211_node *ni,
2202 const uint8_t sa[IEEE80211_ADDR_LEN],
2203 const uint8_t da[IEEE80211_ADDR_LEN],
2204 const uint8_t bssid[IEEE80211_ADDR_LEN],
2205 const uint8_t *ssid, size_t ssidlen)
2206 {
2207 struct ieee80211vap *vap = ni->ni_vap;
2208 struct ieee80211com *ic = ni->ni_ic;
2209 const struct ieee80211_txparam *tp;
2210 struct ieee80211_bpf_params params;
2211 struct ieee80211_frame *wh;
2212 const struct ieee80211_rateset *rs;
2213 struct mbuf *m;
2214 uint8_t *frm;
2215 int ret;
2216
2217 if (vap->iv_state == IEEE80211_S_CAC) {
2218 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, ni,
2219 "block %s frame in CAC state", "probe request");
2220 vap->iv_stats.is_tx_badstate++;
2221 return EIO; /* XXX */
2222 }
2223
2224 /*
2225 * Hold a reference on the node so it doesn't go away until after
2226 * the xmit is complete all the way in the driver. On error we
2227 * will remove our reference.
2228 */
2229 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
2230 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
2231 __func__, __LINE__,
2232 ni, ether_sprintf(ni->ni_macaddr),
2233 ieee80211_node_refcnt(ni)+1);
2234 ieee80211_ref_node(ni);
2235
2236 /*
2237 * prreq frame format
2238 * [tlv] ssid
2239 * [tlv] supported rates
2240 * [tlv] RSN (optional)
2241 * [tlv] extended supported rates
2242 * [tlv] WPA (optional)
2243 * [tlv] user-specified ie's
2244 */
2245 m = ieee80211_getmgtframe(&frm,
2246 ic->ic_headroom + sizeof(struct ieee80211_frame),
2247 2 + IEEE80211_NWID_LEN
2248 + 2 + IEEE80211_RATE_SIZE
2249 + sizeof(struct ieee80211_ie_wpa)
2250 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2251 + sizeof(struct ieee80211_ie_wpa)
2252 + (vap->iv_appie_probereq != NULL ?
2253 vap->iv_appie_probereq->ie_len : 0)
2254 );
2255 if (m == NULL) {
2256 vap->iv_stats.is_tx_nobuf++;
2257 ieee80211_free_node(ni);
2258 return ENOMEM;
2259 }
2260
2261 frm = ieee80211_add_ssid(frm, ssid, ssidlen);
2262 rs = ieee80211_get_suprates(ic, ic->ic_curchan);
2263 frm = ieee80211_add_rates(frm, rs);
2264 frm = ieee80211_add_rsn(frm, vap);
2265 frm = ieee80211_add_xrates(frm, rs);
2266 frm = ieee80211_add_wpa(frm, vap);
2267 if (vap->iv_appie_probereq != NULL)
2268 frm = add_appie(frm, vap->iv_appie_probereq);
2269 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2270
2271 KASSERT(M_LEADINGSPACE(m) >= sizeof(struct ieee80211_frame),
2272 ("leading space %zd", M_LEADINGSPACE(m)));
2273 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT);
2274 if (m == NULL) {
2275 /* NB: cannot happen */
2276 ieee80211_free_node(ni);
2277 return ENOMEM;
2278 }
2279
2280 IEEE80211_TX_LOCK(ic);
2281 wh = mtod(m, struct ieee80211_frame *);
2282 ieee80211_send_setup(ni, m,
2283 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ,
2284 IEEE80211_NONQOS_TID, sa, da, bssid);
2285 /* XXX power management? */
2286 m->m_flags |= M_ENCAP; /* mark encapsulated */
2287
2288 M_WME_SETAC(m, WME_AC_BE);
2289
2290 IEEE80211_NODE_STAT(ni, tx_probereq);
2291 IEEE80211_NODE_STAT(ni, tx_mgmt);
2292
2293 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS,
2294 "send probe req on channel %u bssid %s ssid \"%.*s\"\n",
2295 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(bssid),
2296 (int)ssidlen, ssid);
2297
2298 memset(&params, 0, sizeof(params));
2299 params.ibp_pri = M_WME_GETAC(m);
2300 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2301 params.ibp_rate0 = tp->mgmtrate;
2302 if (IEEE80211_IS_MULTICAST(da)) {
2303 params.ibp_flags |= IEEE80211_BPF_NOACK;
2304 params.ibp_try0 = 1;
2305 } else
2306 params.ibp_try0 = tp->maxretry;
2307 params.ibp_power = ni->ni_txpower;
2308 ret = ieee80211_raw_output(vap, ni, m, &params);
2309 IEEE80211_TX_UNLOCK(ic);
2310 return (ret);
2311 }
2312
2313 /*
2314 * Calculate capability information for mgt frames.
2315 */
2316 uint16_t
2317 ieee80211_getcapinfo(struct ieee80211vap *vap, struct ieee80211_channel *chan)
2318 {
2319 struct ieee80211com *ic = vap->iv_ic;
2320 uint16_t capinfo;
2321
2322 KASSERT(vap->iv_opmode != IEEE80211_M_STA, ("station mode"));
2323
2324 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2325 capinfo = IEEE80211_CAPINFO_ESS;
2326 else if (vap->iv_opmode == IEEE80211_M_IBSS)
2327 capinfo = IEEE80211_CAPINFO_IBSS;
2328 else
2329 capinfo = 0;
2330 if (vap->iv_flags & IEEE80211_F_PRIVACY)
2331 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2332 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2333 IEEE80211_IS_CHAN_2GHZ(chan))
2334 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2335 if (ic->ic_flags & IEEE80211_F_SHSLOT)
2336 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2337 if (IEEE80211_IS_CHAN_5GHZ(chan) && (vap->iv_flags & IEEE80211_F_DOTH))
2338 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT;
2339 return capinfo;
2340 }
2341
2342 /*
2343 * Send a management frame. The node is for the destination (or ic_bss
2344 * when in station mode). Nodes other than ic_bss have their reference
2345 * count bumped to reflect our use for an indeterminant time.
2346 */
2347 int
2348 ieee80211_send_mgmt(struct ieee80211_node *ni, int type, int arg)
2349 {
2350 #define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT)
2351 #define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0)
2352 struct ieee80211vap *vap = ni->ni_vap;
2353 struct ieee80211com *ic = ni->ni_ic;
2354 struct ieee80211_node *bss = vap->iv_bss;
2355 struct ieee80211_bpf_params params;
2356 struct mbuf *m;
2357 uint8_t *frm;
2358 uint16_t capinfo;
2359 int has_challenge, is_shared_key, ret, status;
2360
2361 KASSERT(ni != NULL, ("null node"));
2362
2363 /*
2364 * Hold a reference on the node so it doesn't go away until after
2365 * the xmit is complete all the way in the driver. On error we
2366 * will remove our reference.
2367 */
2368 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
2369 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
2370 __func__, __LINE__,
2371 ni, ether_sprintf(ni->ni_macaddr),
2372 ieee80211_node_refcnt(ni)+1);
2373 ieee80211_ref_node(ni);
2374
2375 memset(&params, 0, sizeof(params));
2376 switch (type) {
2377
2378 case IEEE80211_FC0_SUBTYPE_AUTH:
2379 status = arg >> 16;
2380 arg &= 0xffff;
2381 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE ||
2382 arg == IEEE80211_AUTH_SHARED_RESPONSE) &&
2383 ni->ni_challenge != NULL);
2384
2385 /*
2386 * Deduce whether we're doing open authentication or
2387 * shared key authentication. We do the latter if
2388 * we're in the middle of a shared key authentication
2389 * handshake or if we're initiating an authentication
2390 * request and configured to use shared key.
2391 */
2392 is_shared_key = has_challenge ||
2393 arg >= IEEE80211_AUTH_SHARED_RESPONSE ||
2394 (arg == IEEE80211_AUTH_SHARED_REQUEST &&
2395 bss->ni_authmode == IEEE80211_AUTH_SHARED);
2396
2397 m = ieee80211_getmgtframe(&frm,
2398 ic->ic_headroom + sizeof(struct ieee80211_frame),
2399 3 * sizeof(uint16_t)
2400 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ?
2401 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN : 0)
2402 );
2403 if (m == NULL)
2404 senderr(ENOMEM, is_tx_nobuf);
2405
2406 ((uint16_t *)frm)[0] =
2407 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED)
2408 : htole16(IEEE80211_AUTH_ALG_OPEN);
2409 ((uint16_t *)frm)[1] = htole16(arg); /* sequence number */
2410 ((uint16_t *)frm)[2] = htole16(status);/* status */
2411
2412 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) {
2413 ((uint16_t *)frm)[3] =
2414 htole16((IEEE80211_CHALLENGE_LEN << 8) |
2415 IEEE80211_ELEMID_CHALLENGE);
2416 memcpy(&((uint16_t *)frm)[4], ni->ni_challenge,
2417 IEEE80211_CHALLENGE_LEN);
2418 m->m_pkthdr.len = m->m_len =
2419 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN;
2420 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) {
2421 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni,
2422 "request encrypt frame (%s)", __func__);
2423 /* mark frame for encryption */
2424 params.ibp_flags |= IEEE80211_BPF_CRYPTO;
2425 }
2426 } else
2427 m->m_pkthdr.len = m->m_len = 3 * sizeof(uint16_t);
2428
2429 /* XXX not right for shared key */
2430 if (status == IEEE80211_STATUS_SUCCESS)
2431 IEEE80211_NODE_STAT(ni, tx_auth);
2432 else
2433 IEEE80211_NODE_STAT(ni, tx_auth_fail);
2434
2435 if (vap->iv_opmode == IEEE80211_M_STA)
2436 ieee80211_add_callback(m, ieee80211_tx_mgt_cb,
2437 (void *) vap->iv_state);
2438 break;
2439
2440 case IEEE80211_FC0_SUBTYPE_DEAUTH:
2441 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni,
2442 "send station deauthenticate (reason: %d (%s))", arg,
2443 ieee80211_reason_to_string(arg));
2444 m = ieee80211_getmgtframe(&frm,
2445 ic->ic_headroom + sizeof(struct ieee80211_frame),
2446 sizeof(uint16_t));
2447 if (m == NULL)
2448 senderr(ENOMEM, is_tx_nobuf);
2449 *(uint16_t *)frm = htole16(arg); /* reason */
2450 m->m_pkthdr.len = m->m_len = sizeof(uint16_t);
2451
2452 IEEE80211_NODE_STAT(ni, tx_deauth);
2453 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg);
2454
2455 ieee80211_node_unauthorize(ni); /* port closed */
2456 break;
2457
2458 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
2459 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
2460 /*
2461 * asreq frame format
2462 * [2] capability information
2463 * [2] listen interval
2464 * [6*] current AP address (reassoc only)
2465 * [tlv] ssid
2466 * [tlv] supported rates
2467 * [tlv] extended supported rates
2468 * [4] power capability (optional)
2469 * [28] supported channels (optional)
2470 * [tlv] HT capabilities
2471 * [tlv] WME (optional)
2472 * [tlv] Vendor OUI HT capabilities (optional)
2473 * [tlv] Atheros capabilities (if negotiated)
2474 * [tlv] AppIE's (optional)
2475 */
2476 m = ieee80211_getmgtframe(&frm,
2477 ic->ic_headroom + sizeof(struct ieee80211_frame),
2478 sizeof(uint16_t)
2479 + sizeof(uint16_t)
2480 + IEEE80211_ADDR_LEN
2481 + 2 + IEEE80211_NWID_LEN
2482 + 2 + IEEE80211_RATE_SIZE
2483 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2484 + 4
2485 + 2 + 26
2486 + sizeof(struct ieee80211_wme_info)
2487 + sizeof(struct ieee80211_ie_htcap)
2488 + 4 + sizeof(struct ieee80211_ie_htcap)
2489 #ifdef IEEE80211_SUPPORT_SUPERG
2490 + sizeof(struct ieee80211_ath_ie)
2491 #endif
2492 + (vap->iv_appie_wpa != NULL ?
2493 vap->iv_appie_wpa->ie_len : 0)
2494 + (vap->iv_appie_assocreq != NULL ?
2495 vap->iv_appie_assocreq->ie_len : 0)
2496 );
2497 if (m == NULL)
2498 senderr(ENOMEM, is_tx_nobuf);
2499
2500 KASSERT(vap->iv_opmode == IEEE80211_M_STA,
2501 ("wrong mode %u", vap->iv_opmode));
2502 capinfo = IEEE80211_CAPINFO_ESS;
2503 if (vap->iv_flags & IEEE80211_F_PRIVACY)
2504 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2505 /*
2506 * NB: Some 11a AP's reject the request when
2507 * short premable is set.
2508 */
2509 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2510 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan))
2511 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2512 if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan) &&
2513 (ic->ic_caps & IEEE80211_C_SHSLOT))
2514 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2515 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) &&
2516 (vap->iv_flags & IEEE80211_F_DOTH))
2517 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT;
2518 *(uint16_t *)frm = htole16(capinfo);
2519 frm += 2;
2520
2521 KASSERT(bss->ni_intval != 0, ("beacon interval is zero!"));
2522 *(uint16_t *)frm = htole16(howmany(ic->ic_lintval,
2523 bss->ni_intval));
2524 frm += 2;
2525
2526 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
2527 IEEE80211_ADDR_COPY(frm, bss->ni_bssid);
2528 frm += IEEE80211_ADDR_LEN;
2529 }
2530
2531 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen);
2532 frm = ieee80211_add_rates(frm, &ni->ni_rates);
2533 frm = ieee80211_add_rsn(frm, vap);
2534 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
2535 if (capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) {
2536 frm = ieee80211_add_powercapability(frm,
2537 ic->ic_curchan);
2538 frm = ieee80211_add_supportedchannels(frm, ic);
2539 }
2540
2541 /*
2542 * Check the channel - we may be using an 11n NIC with an
2543 * 11n capable station, but we're configured to be an 11b
2544 * channel.
2545 */
2546 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) &&
2547 IEEE80211_IS_CHAN_HT(ni->ni_chan) &&
2548 ni->ni_ies.htcap_ie != NULL &&
2549 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_HTCAP) {
2550 frm = ieee80211_add_htcap(frm, ni);
2551 }
2552 frm = ieee80211_add_wpa(frm, vap);
2553 if ((ic->ic_flags & IEEE80211_F_WME) &&
2554 ni->ni_ies.wme_ie != NULL)
2555 frm = ieee80211_add_wme_info(frm, &ic->ic_wme);
2556
2557 /*
2558 * Same deal - only send HT info if we're on an 11n
2559 * capable channel.
2560 */
2561 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) &&
2562 IEEE80211_IS_CHAN_HT(ni->ni_chan) &&
2563 ni->ni_ies.htcap_ie != NULL &&
2564 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_VENDOR) {
2565 frm = ieee80211_add_htcap_vendor(frm, ni);
2566 }
2567 #ifdef IEEE80211_SUPPORT_SUPERG
2568 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS)) {
2569 frm = ieee80211_add_ath(frm,
2570 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS),
2571 ((vap->iv_flags & IEEE80211_F_WPA) == 0 &&
2572 ni->ni_authmode != IEEE80211_AUTH_8021X) ?
2573 vap->iv_def_txkey : IEEE80211_KEYIX_NONE);
2574 }
2575 #endif /* IEEE80211_SUPPORT_SUPERG */
2576 if (vap->iv_appie_assocreq != NULL)
2577 frm = add_appie(frm, vap->iv_appie_assocreq);
2578 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2579
2580 ieee80211_add_callback(m, ieee80211_tx_mgt_cb,
2581 (void *) vap->iv_state);
2582 break;
2583
2584 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
2585 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
2586 /*
2587 * asresp frame format
2588 * [2] capability information
2589 * [2] status
2590 * [2] association ID
2591 * [tlv] supported rates
2592 * [tlv] extended supported rates
2593 * [tlv] HT capabilities (standard, if STA enabled)
2594 * [tlv] HT information (standard, if STA enabled)
2595 * [tlv] WME (if configured and STA enabled)
2596 * [tlv] HT capabilities (vendor OUI, if STA enabled)
2597 * [tlv] HT information (vendor OUI, if STA enabled)
2598 * [tlv] Atheros capabilities (if STA enabled)
2599 * [tlv] AppIE's (optional)
2600 */
2601 m = ieee80211_getmgtframe(&frm,
2602 ic->ic_headroom + sizeof(struct ieee80211_frame),
2603 sizeof(uint16_t)
2604 + sizeof(uint16_t)
2605 + sizeof(uint16_t)
2606 + 2 + IEEE80211_RATE_SIZE
2607 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2608 + sizeof(struct ieee80211_ie_htcap) + 4
2609 + sizeof(struct ieee80211_ie_htinfo) + 4
2610 + sizeof(struct ieee80211_wme_param)
2611 #ifdef IEEE80211_SUPPORT_SUPERG
2612 + sizeof(struct ieee80211_ath_ie)
2613 #endif
2614 + (vap->iv_appie_assocresp != NULL ?
2615 vap->iv_appie_assocresp->ie_len : 0)
2616 );
2617 if (m == NULL)
2618 senderr(ENOMEM, is_tx_nobuf);
2619
2620 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan);
2621 *(uint16_t *)frm = htole16(capinfo);
2622 frm += 2;
2623
2624 *(uint16_t *)frm = htole16(arg); /* status */
2625 frm += 2;
2626
2627 if (arg == IEEE80211_STATUS_SUCCESS) {
2628 *(uint16_t *)frm = htole16(ni->ni_associd);
2629 IEEE80211_NODE_STAT(ni, tx_assoc);
2630 } else
2631 IEEE80211_NODE_STAT(ni, tx_assoc_fail);
2632 frm += 2;
2633
2634 frm = ieee80211_add_rates(frm, &ni->ni_rates);
2635 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
2636 /* NB: respond according to what we received */
2637 if ((ni->ni_flags & HTFLAGS) == IEEE80211_NODE_HT) {
2638 frm = ieee80211_add_htcap(frm, ni);
2639 frm = ieee80211_add_htinfo(frm, ni);
2640 }
2641 if ((vap->iv_flags & IEEE80211_F_WME) &&
2642 ni->ni_ies.wme_ie != NULL)
2643 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2644 if ((ni->ni_flags & HTFLAGS) == HTFLAGS) {
2645 frm = ieee80211_add_htcap_vendor(frm, ni);
2646 frm = ieee80211_add_htinfo_vendor(frm, ni);
2647 }
2648 #ifdef IEEE80211_SUPPORT_SUPERG
2649 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS))
2650 frm = ieee80211_add_ath(frm,
2651 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS),
2652 ((vap->iv_flags & IEEE80211_F_WPA) == 0 &&
2653 ni->ni_authmode != IEEE80211_AUTH_8021X) ?
2654 vap->iv_def_txkey : IEEE80211_KEYIX_NONE);
2655 #endif /* IEEE80211_SUPPORT_SUPERG */
2656 if (vap->iv_appie_assocresp != NULL)
2657 frm = add_appie(frm, vap->iv_appie_assocresp);
2658 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2659 break;
2660
2661 case IEEE80211_FC0_SUBTYPE_DISASSOC:
2662 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni,
2663 "send station disassociate (reason: %d (%s))", arg,
2664 ieee80211_reason_to_string(arg));
2665 m = ieee80211_getmgtframe(&frm,
2666 ic->ic_headroom + sizeof(struct ieee80211_frame),
2667 sizeof(uint16_t));
2668 if (m == NULL)
2669 senderr(ENOMEM, is_tx_nobuf);
2670 *(uint16_t *)frm = htole16(arg); /* reason */
2671 m->m_pkthdr.len = m->m_len = sizeof(uint16_t);
2672
2673 IEEE80211_NODE_STAT(ni, tx_disassoc);
2674 IEEE80211_NODE_STAT_SET(ni, tx_disassoc_code, arg);
2675 break;
2676
2677 default:
2678 IEEE80211_NOTE(vap, IEEE80211_MSG_ANY, ni,
2679 "invalid mgmt frame type %u", type);
2680 senderr(EINVAL, is_tx_unknownmgt);
2681 /* NOTREACHED */
2682 }
2683
2684 /* NB: force non-ProbeResp frames to the highest queue */
2685 params.ibp_pri = WME_AC_VO;
2686 params.ibp_rate0 = bss->ni_txparms->mgmtrate;
2687 /* NB: we know all frames are unicast */
2688 params.ibp_try0 = bss->ni_txparms->maxretry;
2689 params.ibp_power = bss->ni_txpower;
2690 return ieee80211_mgmt_output(ni, m, type, &params);
2691 bad:
2692 ieee80211_free_node(ni);
2693 return ret;
2694 #undef senderr
2695 #undef HTFLAGS
2696 }
2697
2698 /*
2699 * Return an mbuf with a probe response frame in it.
2700 * Space is left to prepend and 802.11 header at the
2701 * front but it's left to the caller to fill in.
2702 */
2703 struct mbuf *
2704 ieee80211_alloc_proberesp(struct ieee80211_node *bss, int legacy)
2705 {
2706 struct ieee80211vap *vap = bss->ni_vap;
2707 struct ieee80211com *ic = bss->ni_ic;
2708 const struct ieee80211_rateset *rs;
2709 struct mbuf *m;
2710 uint16_t capinfo;
2711 uint8_t *frm;
2712
2713 /*
2714 * probe response frame format
2715 * [8] time stamp
2716 * [2] beacon interval
2717 * [2] cabability information
2718 * [tlv] ssid
2719 * [tlv] supported rates
2720 * [tlv] parameter set (FH/DS)
2721 * [tlv] parameter set (IBSS)
2722 * [tlv] country (optional)
2723 * [3] power control (optional)
2724 * [5] channel switch announcement (CSA) (optional)
2725 * [tlv] extended rate phy (ERP)
2726 * [tlv] extended supported rates
2727 * [tlv] RSN (optional)
2728 * [tlv] HT capabilities
2729 * [tlv] HT information
2730 * [tlv] WPA (optional)
2731 * [tlv] WME (optional)
2732 * [tlv] Vendor OUI HT capabilities (optional)
2733 * [tlv] Vendor OUI HT information (optional)
2734 * [tlv] Atheros capabilities
2735 * [tlv] AppIE's (optional)
2736 * [tlv] Mesh ID (MBSS)
2737 * [tlv] Mesh Conf (MBSS)
2738 */
2739 m = ieee80211_getmgtframe(&frm,
2740 ic->ic_headroom + sizeof(struct ieee80211_frame),
2741 8
2742 + sizeof(uint16_t)
2743 + sizeof(uint16_t)
2744 + 2 + IEEE80211_NWID_LEN
2745 + 2 + IEEE80211_RATE_SIZE
2746 + 7 /* max(7,3) */
2747 + IEEE80211_COUNTRY_MAX_SIZE
2748 + 3
2749 + sizeof(struct ieee80211_csa_ie)
2750 + sizeof(struct ieee80211_quiet_ie)
2751 + 3
2752 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2753 + sizeof(struct ieee80211_ie_wpa)
2754 + sizeof(struct ieee80211_ie_htcap)
2755 + sizeof(struct ieee80211_ie_htinfo)
2756 + sizeof(struct ieee80211_ie_wpa)
2757 + sizeof(struct ieee80211_wme_param)
2758 + 4 + sizeof(struct ieee80211_ie_htcap)
2759 + 4 + sizeof(struct ieee80211_ie_htinfo)
2760 #ifdef IEEE80211_SUPPORT_SUPERG
2761 + sizeof(struct ieee80211_ath_ie)
2762 #endif
2763 #ifdef IEEE80211_SUPPORT_MESH
2764 + 2 + IEEE80211_MESHID_LEN
2765 + sizeof(struct ieee80211_meshconf_ie)
2766 #endif
2767 + (vap->iv_appie_proberesp != NULL ?
2768 vap->iv_appie_proberesp->ie_len : 0)
2769 );
2770 if (m == NULL) {
2771 vap->iv_stats.is_tx_nobuf++;
2772 return NULL;
2773 }
2774
2775 memset(frm, 0, 8); /* timestamp should be filled later */
2776 frm += 8;
2777 *(uint16_t *)frm = htole16(bss->ni_intval);
2778 frm += 2;
2779 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan);
2780 *(uint16_t *)frm = htole16(capinfo);
2781 frm += 2;
2782
2783 frm = ieee80211_add_ssid(frm, bss->ni_essid, bss->ni_esslen);
2784 rs = ieee80211_get_suprates(ic, bss->ni_chan);
2785 frm = ieee80211_add_rates(frm, rs);
2786
2787 if (IEEE80211_IS_CHAN_FHSS(bss->ni_chan)) {
2788 *frm++ = IEEE80211_ELEMID_FHPARMS;
2789 *frm++ = 5;
2790 *frm++ = bss->ni_fhdwell & 0x00ff;
2791 *frm++ = (bss->ni_fhdwell >> 8) & 0x00ff;
2792 *frm++ = IEEE80211_FH_CHANSET(
2793 ieee80211_chan2ieee(ic, bss->ni_chan));
2794 *frm++ = IEEE80211_FH_CHANPAT(
2795 ieee80211_chan2ieee(ic, bss->ni_chan));
2796 *frm++ = bss->ni_fhindex;
2797 } else {
2798 *frm++ = IEEE80211_ELEMID_DSPARMS;
2799 *frm++ = 1;
2800 *frm++ = ieee80211_chan2ieee(ic, bss->ni_chan);
2801 }
2802
2803 if (vap->iv_opmode == IEEE80211_M_IBSS) {
2804 *frm++ = IEEE80211_ELEMID_IBSSPARMS;
2805 *frm++ = 2;
2806 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
2807 }
2808 if ((vap->iv_flags & IEEE80211_F_DOTH) ||
2809 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD))
2810 frm = ieee80211_add_countryie(frm, ic);
2811 if (vap->iv_flags & IEEE80211_F_DOTH) {
2812 if (IEEE80211_IS_CHAN_5GHZ(bss->ni_chan))
2813 frm = ieee80211_add_powerconstraint(frm, vap);
2814 if (ic->ic_flags & IEEE80211_F_CSAPENDING)
2815 frm = ieee80211_add_csa(frm, vap);
2816 }
2817 if (vap->iv_flags & IEEE80211_F_DOTH) {
2818 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) &&
2819 (vap->iv_flags_ext & IEEE80211_FEXT_DFS)) {
2820 if (vap->iv_quiet)
2821 frm = ieee80211_add_quiet(frm, vap);
2822 }
2823 }
2824 if (IEEE80211_IS_CHAN_ANYG(bss->ni_chan))
2825 frm = ieee80211_add_erp(frm, ic);
2826 frm = ieee80211_add_xrates(frm, rs);
2827 frm = ieee80211_add_rsn(frm, vap);
2828 /*
2829 * NB: legacy 11b clients do not get certain ie's.
2830 * The caller identifies such clients by passing
2831 * a token in legacy to us. Could expand this to be
2832 * any legacy client for stuff like HT ie's.
2833 */
2834 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) &&
2835 legacy != IEEE80211_SEND_LEGACY_11B) {
2836 frm = ieee80211_add_htcap(frm, bss);
2837 frm = ieee80211_add_htinfo(frm, bss);
2838 }
2839 frm = ieee80211_add_wpa(frm, vap);
2840 if (vap->iv_flags & IEEE80211_F_WME)
2841 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2842 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) &&
2843 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT) &&
2844 legacy != IEEE80211_SEND_LEGACY_11B) {
2845 frm = ieee80211_add_htcap_vendor(frm, bss);
2846 frm = ieee80211_add_htinfo_vendor(frm, bss);
2847 }
2848 #ifdef IEEE80211_SUPPORT_SUPERG
2849 if ((vap->iv_flags & IEEE80211_F_ATHEROS) &&
2850 legacy != IEEE80211_SEND_LEGACY_11B)
2851 frm = ieee80211_add_athcaps(frm, bss);
2852 #endif
2853 if (vap->iv_appie_proberesp != NULL)
2854 frm = add_appie(frm, vap->iv_appie_proberesp);
2855 #ifdef IEEE80211_SUPPORT_MESH
2856 if (vap->iv_opmode == IEEE80211_M_MBSS) {
2857 frm = ieee80211_add_meshid(frm, vap);
2858 frm = ieee80211_add_meshconf(frm, vap);
2859 }
2860 #endif
2861 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2862
2863 return m;
2864 }
2865
2866 /*
2867 * Send a probe response frame to the specified mac address.
2868 * This does not go through the normal mgt frame api so we
2869 * can specify the destination address and re-use the bss node
2870 * for the sta reference.
2871 */
2872 int
2873 ieee80211_send_proberesp(struct ieee80211vap *vap,
2874 const uint8_t da[IEEE80211_ADDR_LEN], int legacy)
2875 {
2876 struct ieee80211_node *bss = vap->iv_bss;
2877 struct ieee80211com *ic = vap->iv_ic;
2878 struct ieee80211_frame *wh;
2879 struct mbuf *m;
2880 int ret;
2881
2882 if (vap->iv_state == IEEE80211_S_CAC) {
2883 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, bss,
2884 "block %s frame in CAC state", "probe response");
2885 vap->iv_stats.is_tx_badstate++;
2886 return EIO; /* XXX */
2887 }
2888
2889 /*
2890 * Hold a reference on the node so it doesn't go away until after
2891 * the xmit is complete all the way in the driver. On error we
2892 * will remove our reference.
2893 */
2894 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
2895 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
2896 __func__, __LINE__, bss, ether_sprintf(bss->ni_macaddr),
2897 ieee80211_node_refcnt(bss)+1);
2898 ieee80211_ref_node(bss);
2899
2900 m = ieee80211_alloc_proberesp(bss, legacy);
2901 if (m == NULL) {
2902 ieee80211_free_node(bss);
2903 return ENOMEM;
2904 }
2905
2906 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT);
2907 KASSERT(m != NULL, ("no room for header"));
2908
2909 IEEE80211_TX_LOCK(ic);
2910 wh = mtod(m, struct ieee80211_frame *);
2911 ieee80211_send_setup(bss, m,
2912 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP,
2913 IEEE80211_NONQOS_TID, vap->iv_myaddr, da, bss->ni_bssid);
2914 /* XXX power management? */
2915 m->m_flags |= M_ENCAP; /* mark encapsulated */
2916
2917 M_WME_SETAC(m, WME_AC_BE);
2918
2919 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS,
2920 "send probe resp on channel %u to %s%s\n",
2921 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(da),
2922 legacy ? " <legacy>" : "");
2923 IEEE80211_NODE_STAT(bss, tx_mgmt);
2924
2925 ret = ieee80211_raw_output(vap, bss, m, NULL);
2926 IEEE80211_TX_UNLOCK(ic);
2927 return (ret);
2928 }
2929
2930 /*
2931 * Allocate and build a RTS (Request To Send) control frame.
2932 */
2933 struct mbuf *
2934 ieee80211_alloc_rts(struct ieee80211com *ic,
2935 const uint8_t ra[IEEE80211_ADDR_LEN],
2936 const uint8_t ta[IEEE80211_ADDR_LEN],
2937 uint16_t dur)
2938 {
2939 struct ieee80211_frame_rts *rts;
2940 struct mbuf *m;
2941
2942 /* XXX honor ic_headroom */
2943 m = m_gethdr(M_NOWAIT, MT_DATA);
2944 if (m != NULL) {
2945 rts = mtod(m, struct ieee80211_frame_rts *);
2946 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 |
2947 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_RTS;
2948 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2949 *(u_int16_t *)rts->i_dur = htole16(dur);
2950 IEEE80211_ADDR_COPY(rts->i_ra, ra);
2951 IEEE80211_ADDR_COPY(rts->i_ta, ta);
2952
2953 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts);
2954 }
2955 return m;
2956 }
2957
2958 /*
2959 * Allocate and build a CTS (Clear To Send) control frame.
2960 */
2961 struct mbuf *
2962 ieee80211_alloc_cts(struct ieee80211com *ic,
2963 const uint8_t ra[IEEE80211_ADDR_LEN], uint16_t dur)
2964 {
2965 struct ieee80211_frame_cts *cts;
2966 struct mbuf *m;
2967
2968 /* XXX honor ic_headroom */
2969 m = m_gethdr(M_NOWAIT, MT_DATA);
2970 if (m != NULL) {
2971 cts = mtod(m, struct ieee80211_frame_cts *);
2972 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 |
2973 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_CTS;
2974 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2975 *(u_int16_t *)cts->i_dur = htole16(dur);
2976 IEEE80211_ADDR_COPY(cts->i_ra, ra);
2977
2978 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts);
2979 }
2980 return m;
2981 }
2982
2983 static void
2984 ieee80211_tx_mgt_timeout(void *arg)
2985 {
2986 struct ieee80211vap *vap = arg;
2987
2988 IEEE80211_LOCK(vap->iv_ic);
2989 if (vap->iv_state != IEEE80211_S_INIT &&
2990 (vap->iv_ic->ic_flags & IEEE80211_F_SCAN) == 0) {
2991 /*
2992 * NB: it's safe to specify a timeout as the reason here;
2993 * it'll only be used in the right state.
2994 */
2995 ieee80211_new_state_locked(vap, IEEE80211_S_SCAN,
2996 IEEE80211_SCAN_FAIL_TIMEOUT);
2997 }
2998 IEEE80211_UNLOCK(vap->iv_ic);
2999 }
3000
3001 /*
3002 * This is the callback set on net80211-sourced transmitted
3003 * authentication request frames.
3004 *
3005 * This does a couple of things:
3006 *
3007 * + If the frame transmitted was a success, it schedules a future
3008 * event which will transition the interface to scan.
3009 * If a state transition _then_ occurs before that event occurs,
3010 * said state transition will cancel this callout.
3011 *
3012 * + If the frame transmit was a failure, it immediately schedules
3013 * the transition back to scan.
3014 */
3015 static void
3016 ieee80211_tx_mgt_cb(struct ieee80211_node *ni, void *arg, int status)
3017 {
3018 struct ieee80211vap *vap = ni->ni_vap;
3019 enum ieee80211_state ostate = (enum ieee80211_state) arg;
3020
3021 /*
3022 * Frame transmit completed; arrange timer callback. If
3023 * transmit was successfully we wait for response. Otherwise
3024 * we arrange an immediate callback instead of doing the
3025 * callback directly since we don't know what state the driver
3026 * is in (e.g. what locks it is holding). This work should
3027 * not be too time-critical and not happen too often so the
3028 * added overhead is acceptable.
3029 *
3030 * XXX what happens if !acked but response shows up before callback?
3031 */
3032 if (vap->iv_state == ostate) {
3033 callout_reset(&vap->iv_mgtsend,
3034 status == 0 ? IEEE80211_TRANS_WAIT*hz : 0,
3035 ieee80211_tx_mgt_timeout, vap);
3036 }
3037 }
3038
3039 static void
3040 ieee80211_beacon_construct(struct mbuf *m, uint8_t *frm,
3041 struct ieee80211_node *ni)
3042 {
3043 struct ieee80211vap *vap = ni->ni_vap;
3044 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
3045 struct ieee80211com *ic = ni->ni_ic;
3046 struct ieee80211_rateset *rs = &ni->ni_rates;
3047 uint16_t capinfo;
3048
3049 /*
3050 * beacon frame format
3051 * [8] time stamp
3052 * [2] beacon interval
3053 * [2] cabability information
3054 * [tlv] ssid
3055 * [tlv] supported rates
3056 * [3] parameter set (DS)
3057 * [8] CF parameter set (optional)
3058 * [tlv] parameter set (IBSS/TIM)
3059 * [tlv] country (optional)
3060 * [3] power control (optional)
3061 * [5] channel switch announcement (CSA) (optional)
3062 * [tlv] extended rate phy (ERP)
3063 * [tlv] extended supported rates
3064 * [tlv] RSN parameters
3065 * [tlv] HT capabilities
3066 * [tlv] HT information
3067 * XXX Vendor-specific OIDs (e.g. Atheros)
3068 * [tlv] WPA parameters
3069 * [tlv] WME parameters
3070 * [tlv] Vendor OUI HT capabilities (optional)
3071 * [tlv] Vendor OUI HT information (optional)
3072 * [tlv] Atheros capabilities (optional)
3073 * [tlv] TDMA parameters (optional)
3074 * [tlv] Mesh ID (MBSS)
3075 * [tlv] Mesh Conf (MBSS)
3076 * [tlv] application data (optional)
3077 */
3078
3079 memset(bo, 0, sizeof(*bo));
3080
3081 memset(frm, 0, 8); /* XXX timestamp is set by hardware/driver */
3082 frm += 8;
3083 *(uint16_t *)frm = htole16(ni->ni_intval);
3084 frm += 2;
3085 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan);
3086 bo->bo_caps = (uint16_t *)frm;
3087 *(uint16_t *)frm = htole16(capinfo);
3088 frm += 2;
3089 *frm++ = IEEE80211_ELEMID_SSID;
3090 if ((vap->iv_flags & IEEE80211_F_HIDESSID) == 0) {
3091 *frm++ = ni->ni_esslen;
3092 memcpy(frm, ni->ni_essid, ni->ni_esslen);
3093 frm += ni->ni_esslen;
3094 } else
3095 *frm++ = 0;
3096 frm = ieee80211_add_rates(frm, rs);
3097 if (!IEEE80211_IS_CHAN_FHSS(ni->ni_chan)) {
3098 *frm++ = IEEE80211_ELEMID_DSPARMS;
3099 *frm++ = 1;
3100 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan);
3101 }
3102 if (ic->ic_flags & IEEE80211_F_PCF) {
3103 bo->bo_cfp = frm;
3104 frm = ieee80211_add_cfparms(frm, ic);
3105 }
3106 bo->bo_tim = frm;
3107 if (vap->iv_opmode == IEEE80211_M_IBSS) {
3108 *frm++ = IEEE80211_ELEMID_IBSSPARMS;
3109 *frm++ = 2;
3110 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
3111 bo->bo_tim_len = 0;
3112 } else if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
3113 vap->iv_opmode == IEEE80211_M_MBSS) {
3114 /* TIM IE is the same for Mesh and Hostap */
3115 struct ieee80211_tim_ie *tie = (struct ieee80211_tim_ie *) frm;
3116
3117 tie->tim_ie = IEEE80211_ELEMID_TIM;
3118 tie->tim_len = 4; /* length */
3119 tie->tim_count = 0; /* DTIM count */
3120 tie->tim_period = vap->iv_dtim_period; /* DTIM period */
3121 tie->tim_bitctl = 0; /* bitmap control */
3122 tie->tim_bitmap[0] = 0; /* Partial Virtual Bitmap */
3123 frm += sizeof(struct ieee80211_tim_ie);
3124 bo->bo_tim_len = 1;
3125 }
3126 bo->bo_tim_trailer = frm;
3127 if ((vap->iv_flags & IEEE80211_F_DOTH) ||
3128 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD))
3129 frm = ieee80211_add_countryie(frm, ic);
3130 if (vap->iv_flags & IEEE80211_F_DOTH) {
3131 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
3132 frm = ieee80211_add_powerconstraint(frm, vap);
3133 bo->bo_csa = frm;
3134 if (ic->ic_flags & IEEE80211_F_CSAPENDING)
3135 frm = ieee80211_add_csa(frm, vap);
3136 } else
3137 bo->bo_csa = frm;
3138
3139 if (vap->iv_flags & IEEE80211_F_DOTH) {
3140 bo->bo_quiet = frm;
3141 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) &&
3142 (vap->iv_flags_ext & IEEE80211_FEXT_DFS)) {
3143 if (vap->iv_quiet)
3144 frm = ieee80211_add_quiet(frm,vap);
3145 }
3146 } else
3147 bo->bo_quiet = frm;
3148
3149 if (IEEE80211_IS_CHAN_ANYG(ni->ni_chan)) {
3150 bo->bo_erp = frm;
3151 frm = ieee80211_add_erp(frm, ic);
3152 }
3153 frm = ieee80211_add_xrates(frm, rs);
3154 frm = ieee80211_add_rsn(frm, vap);
3155 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
3156 frm = ieee80211_add_htcap(frm, ni);
3157 bo->bo_htinfo = frm;
3158 frm = ieee80211_add_htinfo(frm, ni);
3159 }
3160 frm = ieee80211_add_wpa(frm, vap);
3161 if (vap->iv_flags & IEEE80211_F_WME) {
3162 bo->bo_wme = frm;
3163 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
3164 }
3165 if (IEEE80211_IS_CHAN_HT(ni->ni_chan) &&
3166 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT)) {
3167 frm = ieee80211_add_htcap_vendor(frm, ni);
3168 frm = ieee80211_add_htinfo_vendor(frm, ni);
3169 }
3170 #ifdef IEEE80211_SUPPORT_SUPERG
3171 if (vap->iv_flags & IEEE80211_F_ATHEROS) {
3172 bo->bo_ath = frm;
3173 frm = ieee80211_add_athcaps(frm, ni);
3174 }
3175 #endif
3176 #ifdef IEEE80211_SUPPORT_TDMA
3177 if (vap->iv_caps & IEEE80211_C_TDMA) {
3178 bo->bo_tdma = frm;
3179 frm = ieee80211_add_tdma(frm, vap);
3180 }
3181 #endif
3182 if (vap->iv_appie_beacon != NULL) {
3183 bo->bo_appie = frm;
3184 bo->bo_appie_len = vap->iv_appie_beacon->ie_len;
3185 frm = add_appie(frm, vap->iv_appie_beacon);
3186 }
3187 #ifdef IEEE80211_SUPPORT_MESH
3188 if (vap->iv_opmode == IEEE80211_M_MBSS) {
3189 frm = ieee80211_add_meshid(frm, vap);
3190 bo->bo_meshconf = frm;
3191 frm = ieee80211_add_meshconf(frm, vap);
3192 }
3193 #endif
3194 bo->bo_tim_trailer_len = frm - bo->bo_tim_trailer;
3195 bo->bo_csa_trailer_len = frm - bo->bo_csa;
3196 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
3197 }
3198
3199 /*
3200 * Allocate a beacon frame and fillin the appropriate bits.
3201 */
3202 struct mbuf *
3203 ieee80211_beacon_alloc(struct ieee80211_node *ni)
3204 {
3205 struct ieee80211vap *vap = ni->ni_vap;
3206 struct ieee80211com *ic = ni->ni_ic;
3207 struct ifnet *ifp = vap->iv_ifp;
3208 struct ieee80211_frame *wh;
3209 struct mbuf *m;
3210 int pktlen;
3211 uint8_t *frm;
3212
3213 /*
3214 * beacon frame format
3215 * [8] time stamp
3216 * [2] beacon interval
3217 * [2] cabability information
3218 * [tlv] ssid
3219 * [tlv] supported rates
3220 * [3] parameter set (DS)
3221 * [8] CF parameter set (optional)
3222 * [tlv] parameter set (IBSS/TIM)
3223 * [tlv] country (optional)
3224 * [3] power control (optional)
3225 * [5] channel switch announcement (CSA) (optional)
3226 * [tlv] extended rate phy (ERP)
3227 * [tlv] extended supported rates
3228 * [tlv] RSN parameters
3229 * [tlv] HT capabilities
3230 * [tlv] HT information
3231 * [tlv] Vendor OUI HT capabilities (optional)
3232 * [tlv] Vendor OUI HT information (optional)
3233 * XXX Vendor-specific OIDs (e.g. Atheros)
3234 * [tlv] WPA parameters
3235 * [tlv] WME parameters
3236 * [tlv] TDMA parameters (optional)
3237 * [tlv] Mesh ID (MBSS)
3238 * [tlv] Mesh Conf (MBSS)
3239 * [tlv] application data (optional)
3240 * NB: we allocate the max space required for the TIM bitmap.
3241 * XXX how big is this?
3242 */
3243 pktlen = 8 /* time stamp */
3244 + sizeof(uint16_t) /* beacon interval */
3245 + sizeof(uint16_t) /* capabilities */
3246 + 2 + ni->ni_esslen /* ssid */
3247 + 2 + IEEE80211_RATE_SIZE /* supported rates */
3248 + 2 + 1 /* DS parameters */
3249 + 2 + 6 /* CF parameters */
3250 + 2 + 4 + vap->iv_tim_len /* DTIM/IBSSPARMS */
3251 + IEEE80211_COUNTRY_MAX_SIZE /* country */
3252 + 2 + 1 /* power control */
3253 + sizeof(struct ieee80211_csa_ie) /* CSA */
3254 + sizeof(struct ieee80211_quiet_ie) /* Quiet */
3255 + 2 + 1 /* ERP */
3256 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
3257 + (vap->iv_caps & IEEE80211_C_WPA ? /* WPA 1+2 */
3258 2*sizeof(struct ieee80211_ie_wpa) : 0)
3259 /* XXX conditional? */
3260 + 4+2*sizeof(struct ieee80211_ie_htcap)/* HT caps */
3261 + 4+2*sizeof(struct ieee80211_ie_htinfo)/* HT info */
3262 + (vap->iv_caps & IEEE80211_C_WME ? /* WME */
3263 sizeof(struct ieee80211_wme_param) : 0)
3264 #ifdef IEEE80211_SUPPORT_SUPERG
3265 + sizeof(struct ieee80211_ath_ie) /* ATH */
3266 #endif
3267 #ifdef IEEE80211_SUPPORT_TDMA
3268 + (vap->iv_caps & IEEE80211_C_TDMA ? /* TDMA */
3269 sizeof(struct ieee80211_tdma_param) : 0)
3270 #endif
3271 #ifdef IEEE80211_SUPPORT_MESH
3272 + 2 + ni->ni_meshidlen
3273 + sizeof(struct ieee80211_meshconf_ie)
3274 #endif
3275 + IEEE80211_MAX_APPIE
3276 ;
3277 m = ieee80211_getmgtframe(&frm,
3278 ic->ic_headroom + sizeof(struct ieee80211_frame), pktlen);
3279 if (m == NULL) {
3280 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY,
3281 "%s: cannot get buf; size %u\n", __func__, pktlen);
3282 vap->iv_stats.is_tx_nobuf++;
3283 return NULL;
3284 }
3285 ieee80211_beacon_construct(m, frm, ni);
3286
3287 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT);
3288 KASSERT(m != NULL, ("no space for 802.11 header?"));
3289 wh = mtod(m, struct ieee80211_frame *);
3290 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
3291 IEEE80211_FC0_SUBTYPE_BEACON;
3292 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
3293 *(uint16_t *)wh->i_dur = 0;
3294 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
3295 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
3296 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid);
3297 *(uint16_t *)wh->i_seq = 0;
3298
3299 return m;
3300 }
3301
3302 /*
3303 * Update the dynamic parts of a beacon frame based on the current state.
3304 */
3305 int
3306 ieee80211_beacon_update(struct ieee80211_node *ni, struct mbuf *m, int mcast)
3307 {
3308 struct ieee80211vap *vap = ni->ni_vap;
3309 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off;
3310 struct ieee80211com *ic = ni->ni_ic;
3311 int len_changed = 0;
3312 uint16_t capinfo;
3313 struct ieee80211_frame *wh;
3314 ieee80211_seq seqno;
3315
3316 IEEE80211_LOCK(ic);
3317 /*
3318 * Handle 11h channel change when we've reached the count.
3319 * We must recalculate the beacon frame contents to account
3320 * for the new channel. Note we do this only for the first
3321 * vap that reaches this point; subsequent vaps just update
3322 * their beacon state to reflect the recalculated channel.
3323 */
3324 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA) &&
3325 vap->iv_csa_count == ic->ic_csa_count) {
3326 vap->iv_csa_count = 0;
3327 /*
3328 * Effect channel change before reconstructing the beacon
3329 * frame contents as many places reference ni_chan.
3330 */
3331 if (ic->ic_csa_newchan != NULL)
3332 ieee80211_csa_completeswitch(ic);
3333 /*
3334 * NB: ieee80211_beacon_construct clears all pending
3335 * updates in bo_flags so we don't need to explicitly
3336 * clear IEEE80211_BEACON_CSA.
3337 */
3338 ieee80211_beacon_construct(m,
3339 mtod(m, uint8_t*) + sizeof(struct ieee80211_frame), ni);
3340
3341 /* XXX do WME aggressive mode processing? */
3342 IEEE80211_UNLOCK(ic);
3343 return 1; /* just assume length changed */
3344 }
3345
3346 wh = mtod(m, struct ieee80211_frame *);
3347 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++;
3348 *(uint16_t *)&wh->i_seq[0] =
3349 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
3350 M_SEQNO_SET(m, seqno);
3351
3352 /* XXX faster to recalculate entirely or just changes? */
3353 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan);
3354 *bo->bo_caps = htole16(capinfo);
3355
3356 if (vap->iv_flags & IEEE80211_F_WME) {
3357 struct ieee80211_wme_state *wme = &ic->ic_wme;
3358
3359 /*
3360 * Check for aggressive mode change. When there is
3361 * significant high priority traffic in the BSS
3362 * throttle back BE traffic by using conservative
3363 * parameters. Otherwise BE uses aggressive params
3364 * to optimize performance of legacy/non-QoS traffic.
3365 */
3366 if (wme->wme_flags & WME_F_AGGRMODE) {
3367 if (wme->wme_hipri_traffic >
3368 wme->wme_hipri_switch_thresh) {
3369 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME,
3370 "%s: traffic %u, disable aggressive mode\n",
3371 __func__, wme->wme_hipri_traffic);
3372 wme->wme_flags &= ~WME_F_AGGRMODE;
3373 ieee80211_wme_updateparams_locked(vap);
3374 wme->wme_hipri_traffic =
3375 wme->wme_hipri_switch_hysteresis;
3376 } else
3377 wme->wme_hipri_traffic = 0;
3378 } else {
3379 if (wme->wme_hipri_traffic <=
3380 wme->wme_hipri_switch_thresh) {
3381 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME,
3382 "%s: traffic %u, enable aggressive mode\n",
3383 __func__, wme->wme_hipri_traffic);
3384 wme->wme_flags |= WME_F_AGGRMODE;
3385 ieee80211_wme_updateparams_locked(vap);
3386 wme->wme_hipri_traffic = 0;
3387 } else
3388 wme->wme_hipri_traffic =
3389 wme->wme_hipri_switch_hysteresis;
3390 }
3391 if (isset(bo->bo_flags, IEEE80211_BEACON_WME)) {
3392 (void) ieee80211_add_wme_param(bo->bo_wme, wme);
3393 clrbit(bo->bo_flags, IEEE80211_BEACON_WME);
3394 }
3395 }
3396
3397 if (isset(bo->bo_flags, IEEE80211_BEACON_HTINFO)) {
3398 ieee80211_ht_update_beacon(vap, bo);
3399 clrbit(bo->bo_flags, IEEE80211_BEACON_HTINFO);
3400 }
3401 #ifdef IEEE80211_SUPPORT_TDMA
3402 if (vap->iv_caps & IEEE80211_C_TDMA) {
3403 /*
3404 * NB: the beacon is potentially updated every TBTT.
3405 */
3406 ieee80211_tdma_update_beacon(vap, bo);
3407 }
3408 #endif
3409 #ifdef IEEE80211_SUPPORT_MESH
3410 if (vap->iv_opmode == IEEE80211_M_MBSS)
3411 ieee80211_mesh_update_beacon(vap, bo);
3412 #endif
3413
3414 if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
3415 vap->iv_opmode == IEEE80211_M_MBSS) { /* NB: no IBSS support*/
3416 struct ieee80211_tim_ie *tie =
3417 (struct ieee80211_tim_ie *) bo->bo_tim;
3418 if (isset(bo->bo_flags, IEEE80211_BEACON_TIM)) {
3419 u_int timlen, timoff, i;
3420 /*
3421 * ATIM/DTIM needs updating. If it fits in the
3422 * current space allocated then just copy in the
3423 * new bits. Otherwise we need to move any trailing
3424 * data to make room. Note that we know there is
3425 * contiguous space because ieee80211_beacon_allocate
3426 * insures there is space in the mbuf to write a
3427 * maximal-size virtual bitmap (based on iv_max_aid).
3428 */
3429 /*
3430 * Calculate the bitmap size and offset, copy any
3431 * trailer out of the way, and then copy in the
3432 * new bitmap and update the information element.
3433 * Note that the tim bitmap must contain at least
3434 * one byte and any offset must be even.
3435 */
3436 if (vap->iv_ps_pending != 0) {
3437 timoff = 128; /* impossibly large */
3438 for (i = 0; i < vap->iv_tim_len; i++)
3439 if (vap->iv_tim_bitmap[i]) {
3440 timoff = i &~ 1;
3441 break;
3442 }
3443 KASSERT(timoff != 128, ("tim bitmap empty!"));
3444 for (i = vap->iv_tim_len-1; i >= timoff; i--)
3445 if (vap->iv_tim_bitmap[i])
3446 break;
3447 timlen = 1 + (i - timoff);
3448 } else {
3449 timoff = 0;
3450 timlen = 1;
3451 }
3452 if (timlen != bo->bo_tim_len) {
3453 /* copy up/down trailer */
3454 int adjust = tie->tim_bitmap+timlen
3455 - bo->bo_tim_trailer;
3456 bcopy(bo->bo_tim_trailer,
3457 bo->bo_tim_trailer+adjust,
3458 bo->bo_tim_trailer_len);
3459 bo->bo_tim_trailer += adjust;
3460 bo->bo_erp += adjust;
3461 bo->bo_htinfo += adjust;
3462 #ifdef IEEE80211_SUPPORT_SUPERG
3463 bo->bo_ath += adjust;
3464 #endif
3465 #ifdef IEEE80211_SUPPORT_TDMA
3466 bo->bo_tdma += adjust;
3467 #endif
3468 #ifdef IEEE80211_SUPPORT_MESH
3469 bo->bo_meshconf += adjust;
3470 #endif
3471 bo->bo_appie += adjust;
3472 bo->bo_wme += adjust;
3473 bo->bo_csa += adjust;
3474 bo->bo_quiet += adjust;
3475 bo->bo_tim_len = timlen;
3476
3477 /* update information element */
3478 tie->tim_len = 3 + timlen;
3479 tie->tim_bitctl = timoff;
3480 len_changed = 1;
3481 }
3482 memcpy(tie->tim_bitmap, vap->iv_tim_bitmap + timoff,
3483 bo->bo_tim_len);
3484
3485 clrbit(bo->bo_flags, IEEE80211_BEACON_TIM);
3486
3487 IEEE80211_DPRINTF(vap, IEEE80211_MSG_POWER,
3488 "%s: TIM updated, pending %u, off %u, len %u\n",
3489 __func__, vap->iv_ps_pending, timoff, timlen);
3490 }
3491 /* count down DTIM period */
3492 if (tie->tim_count == 0)
3493 tie->tim_count = tie->tim_period - 1;
3494 else
3495 tie->tim_count--;
3496 /* update state for buffered multicast frames on DTIM */
3497 if (mcast && tie->tim_count == 0)
3498 tie->tim_bitctl |= 1;
3499 else
3500 tie->tim_bitctl &= ~1;
3501 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA)) {
3502 struct ieee80211_csa_ie *csa =
3503 (struct ieee80211_csa_ie *) bo->bo_csa;
3504
3505 /*
3506 * Insert or update CSA ie. If we're just starting
3507 * to count down to the channel switch then we need
3508 * to insert the CSA ie. Otherwise we just need to
3509 * drop the count. The actual change happens above
3510 * when the vap's count reaches the target count.
3511 */
3512 if (vap->iv_csa_count == 0) {
3513 memmove(&csa[1], csa, bo->bo_csa_trailer_len);
3514 bo->bo_erp += sizeof(*csa);
3515 bo->bo_htinfo += sizeof(*csa);
3516 bo->bo_wme += sizeof(*csa);
3517 #ifdef IEEE80211_SUPPORT_SUPERG
3518 bo->bo_ath += sizeof(*csa);
3519 #endif
3520 #ifdef IEEE80211_SUPPORT_TDMA
3521 bo->bo_tdma += sizeof(*csa);
3522 #endif
3523 #ifdef IEEE80211_SUPPORT_MESH
3524 bo->bo_meshconf += sizeof(*csa);
3525 #endif
3526 bo->bo_appie += sizeof(*csa);
3527 bo->bo_csa_trailer_len += sizeof(*csa);
3528 bo->bo_quiet += sizeof(*csa);
3529 bo->bo_tim_trailer_len += sizeof(*csa);
3530 m->m_len += sizeof(*csa);
3531 m->m_pkthdr.len += sizeof(*csa);
3532
3533 ieee80211_add_csa(bo->bo_csa, vap);
3534 } else
3535 csa->csa_count--;
3536 vap->iv_csa_count++;
3537 /* NB: don't clear IEEE80211_BEACON_CSA */
3538 }
3539 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) &&
3540 (vap->iv_flags_ext & IEEE80211_FEXT_DFS) ){
3541 if (vap->iv_quiet)
3542 ieee80211_add_quiet(bo->bo_quiet, vap);
3543 }
3544 if (isset(bo->bo_flags, IEEE80211_BEACON_ERP)) {
3545 /*
3546 * ERP element needs updating.
3547 */
3548 (void) ieee80211_add_erp(bo->bo_erp, ic);
3549 clrbit(bo->bo_flags, IEEE80211_BEACON_ERP);
3550 }
3551 #ifdef IEEE80211_SUPPORT_SUPERG
3552 if (isset(bo->bo_flags, IEEE80211_BEACON_ATH)) {
3553 ieee80211_add_athcaps(bo->bo_ath, ni);
3554 clrbit(bo->bo_flags, IEEE80211_BEACON_ATH);
3555 }
3556 #endif
3557 }
3558 if (isset(bo->bo_flags, IEEE80211_BEACON_APPIE)) {
3559 const struct ieee80211_appie *aie = vap->iv_appie_beacon;
3560 int aielen;
3561 uint8_t *frm;
3562
3563 aielen = 0;
3564 if (aie != NULL)
3565 aielen += aie->ie_len;
3566 if (aielen != bo->bo_appie_len) {
3567 /* copy up/down trailer */
3568 int adjust = aielen - bo->bo_appie_len;
3569 bcopy(bo->bo_tim_trailer, bo->bo_tim_trailer+adjust,
3570 bo->bo_tim_trailer_len);
3571 bo->bo_tim_trailer += adjust;
3572 bo->bo_appie += adjust;
3573 bo->bo_appie_len = aielen;
3574
3575 len_changed = 1;
3576 }
3577 frm = bo->bo_appie;
3578 if (aie != NULL)
3579 frm = add_appie(frm, aie);
3580 clrbit(bo->bo_flags, IEEE80211_BEACON_APPIE);
3581 }
3582 IEEE80211_UNLOCK(ic);
3583
3584 return len_changed;
3585 }
3586
3587 /*
3588 * Do Ethernet-LLC encapsulation for each payload in a fast frame
3589 * tunnel encapsulation. The frame is assumed to have an Ethernet
3590 * header at the front that must be stripped before prepending the
3591 * LLC followed by the Ethernet header passed in (with an Ethernet
3592 * type that specifies the payload size).
3593 */
3594 struct mbuf *
3595 ieee80211_ff_encap1(struct ieee80211vap *vap, struct mbuf *m,
3596 const struct ether_header *eh)
3597 {
3598 struct llc *llc;
3599 uint16_t payload;
3600
3601 /* XXX optimize by combining m_adj+M_PREPEND */
3602 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc));
3603 llc = mtod(m, struct llc *);
3604 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP;
3605 llc->llc_control = LLC_UI;
3606 llc->llc_snap.org_code[0] = 0;
3607 llc->llc_snap.org_code[1] = 0;
3608 llc->llc_snap.org_code[2] = 0;
3609 llc->llc_snap.ether_type = eh->ether_type;
3610 payload = m->m_pkthdr.len; /* NB: w/o Ethernet header */
3611
3612 M_PREPEND(m, sizeof(struct ether_header), M_NOWAIT);
3613 if (m == NULL) { /* XXX cannot happen */
3614 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG,
3615 "%s: no space for ether_header\n", __func__);
3616 vap->iv_stats.is_tx_nobuf++;
3617 return NULL;
3618 }
3619 ETHER_HEADER_COPY(mtod(m, void *), eh);
3620 mtod(m, struct ether_header *)->ether_type = htons(payload);
3621 return m;
3622 }
3623
3624 /*
3625 * Complete an mbuf transmission.
3626 *
3627 * For now, this simply processes a completed frame after the
3628 * driver has completed it's transmission and/or retransmission.
3629 * It assumes the frame is an 802.11 encapsulated frame.
3630 *
3631 * Later on it will grow to become the exit path for a given frame
3632 * from the driver and, depending upon how it's been encapsulated
3633 * and already transmitted, it may end up doing A-MPDU retransmission,
3634 * power save requeuing, etc.
3635 *
3636 * In order for the above to work, the driver entry point to this
3637 * must not hold any driver locks. Thus, the driver needs to delay
3638 * any actual mbuf completion until it can release said locks.
3639 *
3640 * This frees the mbuf and if the mbuf has a node reference,
3641 * the node reference will be freed.
3642 */
3643 void
3644 ieee80211_tx_complete(struct ieee80211_node *ni, struct mbuf *m, int status)
3645 {
3646
3647 if (ni != NULL) {
3648 struct ifnet *ifp = ni->ni_vap->iv_ifp;
3649
3650 if (status == 0) {
3651 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
3652 #if defined(__DragonFly__)
3653 /*
3654 * On DragonFly, IFCOUNTER_OBYTES and
3655 * IFCOUNTER_OMCASTS increments are currently done
3656 * by ifq_dispatch() already.
3657 */
3658 #else
3659 if_inc_counter(ifp, IFCOUNTER_OBYTES, m->m_pkthdr.len);
3660 if (m->m_flags & M_MCAST)
3661 if_inc_counter(ifp, IFCOUNTER_OMCASTS, 1);
3662 #endif
3663 } else
3664 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3665 if (m->m_flags & M_TXCB)
3666 ieee80211_process_callback(ni, m, status);
3667 ieee80211_free_node(ni);
3668 }
3669 m_freem(m);
3670 }
DragonFly BSD