2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
31 #include "opt_inet6.h"
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/kernel.h>
37 #include <sys/malloc.h>
39 #include <sys/endian.h>
41 #include <sys/socket.h>
44 #include <net/ethernet.h>
46 #include <net/if_var.h>
47 #include <net/if_llc.h>
48 #include <net/if_media.h>
49 #include <net/vlan/if_vlan_var.h>
51 #if defined(__DragonFly__)
52 #include <net/ifq_var.h>
55 #include <netproto/802_11/ieee80211_var.h>
56 #include <netproto/802_11/ieee80211_regdomain.h>
57 #ifdef IEEE80211_SUPPORT_SUPERG
58 #include <netproto/802_11/ieee80211_superg.h>
60 #ifdef IEEE80211_SUPPORT_TDMA
61 #include <netproto/802_11/ieee80211_tdma.h>
63 #include <netproto/802_11/ieee80211_wds.h>
64 #include <netproto/802_11/ieee80211_mesh.h>
66 #if defined(INET) || defined(INET6)
67 #include <netinet/in.h>
71 #include <netinet/if_ether.h>
72 #include <netinet/in_systm.h>
73 #include <netinet/ip.h>
76 #include <netinet/ip6.h>
79 #if defined(__DragonFly__)
81 #include <security/mac/mac_framework.h>
84 #define ETHER_HEADER_COPY(dst, src) \
85 memcpy(dst, src, sizeof(struct ether_header))
87 static int ieee80211_fragment(struct ieee80211vap
*, struct mbuf
*,
88 u_int hdrsize
, u_int ciphdrsize
, u_int mtu
);
89 static void ieee80211_tx_mgt_cb(struct ieee80211_node
*, void *, int);
91 #ifdef IEEE80211_DEBUG
93 * Decide if an outbound management frame should be
94 * printed when debugging is enabled. This filters some
95 * of the less interesting frames that come frequently
99 doprint(struct ieee80211vap
*vap
, int subtype
)
102 case IEEE80211_FC0_SUBTYPE_PROBE_RESP
:
103 return (vap
->iv_opmode
== IEEE80211_M_IBSS
);
110 * Transmit a frame to the given destination on the given VAP.
112 * It's up to the caller to figure out the details of who this
113 * is going to and resolving the node.
115 * This routine takes care of queuing it for power save,
116 * A-MPDU state stuff, fast-frames state stuff, encapsulation
117 * if required, then passing it up to the driver layer.
119 * This routine (for now) consumes the mbuf and frees the node
120 * reference; it ideally will return a TX status which reflects
121 * whether the mbuf was consumed or not, so the caller can
122 * free the mbuf (if appropriate) and the node reference (again,
126 ieee80211_vap_pkt_send_dest(struct ieee80211vap
*vap
, struct mbuf
*m
,
127 struct ieee80211_node
*ni
)
129 struct ieee80211com
*ic
= vap
->iv_ic
;
130 struct ifnet
*ifp
= vap
->iv_ifp
;
133 if ((ni
->ni_flags
& IEEE80211_NODE_PWR_MGT
) &&
134 (m
->m_flags
& M_PWR_SAV
) == 0) {
136 * Station in power save mode; pass the frame
137 * to the 802.11 layer and continue. We'll get
138 * the frame back when the time is right.
139 * XXX lose WDS vap linkage?
141 if (ieee80211_pwrsave(ni
, m
) != 0)
142 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
143 ieee80211_free_node(ni
);
146 * We queued it fine, so tell the upper layer
147 * that we consumed it.
151 /* calculate priority so drivers can find the tx queue */
152 if (ieee80211_classify(ni
, m
)) {
153 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_OUTPUT
,
154 ni
->ni_macaddr
, NULL
,
155 "%s", "classification failure");
156 vap
->iv_stats
.is_tx_classify
++;
157 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
159 ieee80211_free_node(ni
);
161 /* XXX better status? */
165 * Stash the node pointer. Note that we do this after
166 * any call to ieee80211_dwds_mcast because that code
167 * uses any existing value for rcvif to identify the
168 * interface it (might have been) received on.
170 m
->m_pkthdr
.rcvif
= (void *)ni
;
171 mcast
= (m
->m_flags
& (M_MCAST
| M_BCAST
)) ? 1: 0;
172 len
= m
->m_pkthdr
.len
;
174 BPF_MTAP(ifp
, m
); /* 802.3 tx */
177 * Check if A-MPDU tx aggregation is setup or if we
178 * should try to enable it. The sta must be associated
179 * with HT and A-MPDU enabled for use. When the policy
180 * routine decides we should enable A-MPDU we issue an
181 * ADDBA request and wait for a reply. The frame being
182 * encapsulated will go out w/o using A-MPDU, or possibly
183 * it might be collected by the driver and held/retransmit.
184 * The default ic_ampdu_enable routine handles staggering
185 * ADDBA requests in case the receiver NAK's us or we are
186 * otherwise unable to establish a BA stream.
188 if ((ni
->ni_flags
& IEEE80211_NODE_AMPDU_TX
) &&
189 (vap
->iv_flags_ht
& IEEE80211_FHT_AMPDU_TX
)) {
190 if ((m
->m_flags
& M_EAPOL
) == 0) {
191 int tid
= WME_AC_TO_TID(M_WME_GETAC(m
));
192 struct ieee80211_tx_ampdu
*tap
= &ni
->ni_tx_ampdu
[tid
];
194 ieee80211_txampdu_count_packet(tap
);
195 if (IEEE80211_AMPDU_RUNNING(tap
)) {
197 * Operational, mark frame for aggregation.
199 * XXX do tx aggregation here
201 m
->m_flags
|= M_AMPDU_MPDU
;
202 } else if (!IEEE80211_AMPDU_REQUESTED(tap
) &&
203 ic
->ic_ampdu_enable(ni
, tap
)) {
205 * Not negotiated yet, request service.
207 ieee80211_ampdu_request(ni
, tap
);
208 /* XXX hold frame for reply? */
213 #ifdef IEEE80211_SUPPORT_SUPERG
215 * Check for AMSDU/FF; queue for aggregation
217 * Note: we don't bother trying to do fast frames or
218 * A-MSDU encapsulation for 802.3 drivers. Now, we
219 * likely could do it for FF (because it's a magic
220 * atheros tunnel LLC type) but I don't think we're going
221 * to really need to. For A-MSDU we'd have to set the
222 * A-MSDU QoS bit in the wifi header, so we just plain
225 * Strictly speaking, we could actually /do/ A-MSDU / FF
226 * with A-MPDU together which for certain circumstances
227 * is beneficial (eg A-MSDU of TCK ACKs.) However,
228 * I'll ignore that for now so existing behaviour is maintained.
229 * Later on it would be good to make "amsdu + ampdu" configurable.
231 else if (__predict_true((vap
->iv_caps
& IEEE80211_C_8023ENCAP
) == 0)) {
232 if ((! mcast
) && ieee80211_amsdu_tx_ok(ni
)) {
233 m
= ieee80211_amsdu_check(ni
, m
);
235 /* NB: any ni ref held on stageq */
236 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SUPERG
,
237 "%s: amsdu_check queued frame\n",
241 } else if ((! mcast
) && IEEE80211_ATH_CAP(vap
, ni
,
242 IEEE80211_NODE_FF
)) {
243 m
= ieee80211_ff_check(ni
, m
);
245 /* NB: any ni ref held on stageq */
246 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SUPERG
,
247 "%s: ff_check queued frame\n",
253 #endif /* IEEE80211_SUPPORT_SUPERG */
256 * Grab the TX lock - serialise the TX process from this
257 * point (where TX state is being checked/modified)
258 * through to driver queue.
260 IEEE80211_TX_LOCK(ic
);
263 * XXX make the encap and transmit code a separate function
264 * so things like the FF (and later A-MSDU) path can just call
265 * it for flushed frames.
267 if (__predict_true((vap
->iv_caps
& IEEE80211_C_8023ENCAP
) == 0)) {
269 * Encapsulate the packet in prep for transmission.
271 m
= ieee80211_encap(vap
, ni
, m
);
273 /* NB: stat+msg handled in ieee80211_encap */
274 IEEE80211_TX_UNLOCK(ic
);
275 ieee80211_free_node(ni
);
276 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
280 /* HACK - added by DragonFly, mbuf could lose rcvif assignment above */
281 m
->m_pkthdr
.rcvif
= (void *)ni
;
282 (void) ieee80211_parent_xmitpkt(ic
, m
);
285 * Unlock at this point - no need to hold it across
286 * ieee80211_free_node() (ie, the comlock)
288 IEEE80211_TX_UNLOCK(ic
);
289 ic
->ic_lastdata
= ticks
;
297 * Send the given mbuf through the given vap.
299 * This consumes the mbuf regardless of whether the transmit
300 * was successful or not.
302 * This does none of the initial checks that ieee80211_start()
303 * does (eg CAC timeout, interface wakeup) - the caller must
307 ieee80211_start_pkt(struct ieee80211vap
*vap
, struct mbuf
*m
)
309 #define IS_DWDS(vap) \
310 (vap->iv_opmode == IEEE80211_M_WDS && \
311 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0)
312 struct ieee80211com
*ic
= vap
->iv_ic
;
313 struct ifnet
*ifp
= vap
->iv_ifp
;
314 struct ieee80211_node
*ni
;
315 struct ether_header
*eh
;
318 * Cancel any background scan.
320 if (ic
->ic_flags
& IEEE80211_F_SCAN
)
321 ieee80211_cancel_anyscan(vap
);
323 * Find the node for the destination so we can do
324 * things like power save and fast frames aggregation.
326 * NB: past this point various code assumes the first
327 * mbuf has the 802.3 header present (and contiguous).
330 if (m
->m_len
< sizeof(struct ether_header
) &&
331 (m
= m_pullup(m
, sizeof(struct ether_header
))) == NULL
) {
332 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
333 "discard frame, %s\n", "m_pullup failed");
334 vap
->iv_stats
.is_tx_nobuf
++; /* XXX */
335 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
338 eh
= mtod(m
, struct ether_header
*);
339 if (ETHER_IS_MULTICAST(eh
->ether_dhost
)) {
342 * Only unicast frames from the above go out
343 * DWDS vaps; multicast frames are handled by
344 * dispatching the frame as it comes through
345 * the AP vap (see below).
347 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_WDS
,
348 eh
->ether_dhost
, "mcast", "%s", "on DWDS");
349 vap
->iv_stats
.is_dwds_mcast
++;
351 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
352 /* XXX better status? */
355 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
) {
357 * Spam DWDS vap's w/ multicast traffic.
359 /* XXX only if dwds in use? */
360 ieee80211_dwds_mcast(vap
, m
);
363 #ifdef IEEE80211_SUPPORT_MESH
364 if (vap
->iv_opmode
!= IEEE80211_M_MBSS
) {
366 ni
= ieee80211_find_txnode(vap
, eh
->ether_dhost
);
368 /* NB: ieee80211_find_txnode does stat+msg */
369 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
371 /* XXX better status? */
374 if (ni
->ni_associd
== 0 &&
375 (ni
->ni_flags
& IEEE80211_NODE_ASSOCID
)) {
376 IEEE80211_DISCARD_MAC(vap
, IEEE80211_MSG_OUTPUT
,
377 eh
->ether_dhost
, NULL
,
378 "sta not associated (type 0x%04x)",
379 htons(eh
->ether_type
));
380 vap
->iv_stats
.is_tx_notassoc
++;
381 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
383 ieee80211_free_node(ni
);
384 /* XXX better status? */
387 #ifdef IEEE80211_SUPPORT_MESH
389 if (!IEEE80211_ADDR_EQ(eh
->ether_shost
, vap
->iv_myaddr
)) {
391 * Proxy station only if configured.
393 if (!ieee80211_mesh_isproxyena(vap
)) {
394 IEEE80211_DISCARD_MAC(vap
,
395 IEEE80211_MSG_OUTPUT
|
397 eh
->ether_dhost
, NULL
,
398 "%s", "proxy not enabled");
399 vap
->iv_stats
.is_mesh_notproxy
++;
400 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
402 /* XXX better status? */
405 #if defined(__DragonFly__)
406 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
407 "forward frame from DS SA(%s), DA(%s)\n",
408 ether_sprintf(eh
->ether_shost
),
409 ether_sprintf(eh
->ether_dhost
));
411 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
412 "forward frame from DS SA(%6D), DA(%6D)\n",
413 eh
->ether_shost
, ":",
414 eh
->ether_dhost
, ":");
416 ieee80211_mesh_proxy_check(vap
, eh
->ether_shost
);
418 ni
= ieee80211_mesh_discover(vap
, eh
->ether_dhost
, m
);
421 * NB: ieee80211_mesh_discover holds/disposes
422 * frame (e.g. queueing on path discovery).
424 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
425 /* XXX better status? */
432 * We've resolved the sender, so attempt to transmit it.
435 if (vap
->iv_state
== IEEE80211_S_SLEEP
) {
437 * In power save; queue frame and then wakeup device
440 ic
->ic_lastdata
= ticks
;
441 if (ieee80211_pwrsave(ni
, m
) != 0)
442 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
443 ieee80211_free_node(ni
);
444 ieee80211_new_state(vap
, IEEE80211_S_RUN
, 0);
448 if (ieee80211_vap_pkt_send_dest(vap
, m
, ni
) != 0)
455 * Start method for vap's. All packets from the stack come
456 * through here. We handle common processing of the packets
457 * before dispatching them to the underlying device.
459 * if_transmit() requires that the mbuf be consumed by this call
460 * regardless of the return condition.
463 #if defined(__DragonFly__)
466 ieee80211_vap_start(struct ifnet
*ifp
, struct ifaltq_subque
*ifsq
)
468 struct ieee80211vap
*vap
= ifp
->if_softc
;
469 struct ieee80211com
*ic
= vap
->iv_ic
;
470 struct ifnet
*parent
= vap
->iv_ifp
;
471 struct mbuf
*m
= NULL
;
473 /* NB: parent must be up and running */
474 if (!IFNET_IS_UP_RUNNING(parent
)) {
475 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
476 "%s: ignore queue, parent %s not up+running\n",
477 __func__
, parent
->if_xname
);
484 wlan_assert_serialized();
485 ASSERT_ALTQ_SQ_DEFAULT(ifp
, ifsq
);
488 * No data frames go out unless we're running.
489 * Note in particular this covers CAC and CSA
490 * states (though maybe we should check muting
493 if (vap
->iv_state
!= IEEE80211_S_RUN
&&
494 vap
->iv_state
!= IEEE80211_S_SLEEP
) {
496 /* re-check under the com lock to avoid races */
497 if (vap
->iv_state
!= IEEE80211_S_RUN
&&
498 vap
->iv_state
!= IEEE80211_S_SLEEP
) {
499 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
500 "%s: ignore queue, in %s state\n",
501 __func__
, ieee80211_state_name
[vap
->iv_state
]);
502 vap
->iv_stats
.is_tx_badstate
++;
503 IEEE80211_UNLOCK(ic
);
504 ifsq_set_oactive(ifsq
);
506 /* return (EINVAL); */
509 IEEE80211_UNLOCK(ic
);
512 wlan_serialize_exit();
514 m
= ifsq_dequeue(ifsq
);
519 * Sanitize mbuf flags for net80211 use. We cannot
520 * clear M_PWR_SAV or M_MORE_DATA because these may
521 * be set for frames that are re-submitted from the
524 * NB: This must be done before ieee80211_classify as
525 * it marks EAPOL in frames with M_EAPOL.
527 m
->m_flags
&= ~(M_80211_TX
- M_PWR_SAV
- M_MORE_DATA
);
530 * Bump to the packet transmission path.
531 * The mbuf will be consumed here.
533 ieee80211_start_pkt(vap
, m
);
535 wlan_serialize_enter();
541 ieee80211_vap_transmit(struct ifnet
*ifp
, struct mbuf
*m
)
543 struct ieee80211vap
*vap
= ifp
->if_softc
;
544 struct ieee80211com
*ic
= vap
->iv_ic
;
547 * No data frames go out unless we're running.
548 * Note in particular this covers CAC and CSA
549 * states (though maybe we should check muting
552 if (vap
->iv_state
!= IEEE80211_S_RUN
&&
553 vap
->iv_state
!= IEEE80211_S_SLEEP
) {
555 /* re-check under the com lock to avoid races */
556 if (vap
->iv_state
!= IEEE80211_S_RUN
&&
557 vap
->iv_state
!= IEEE80211_S_SLEEP
) {
558 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
559 "%s: ignore queue, in %s state\n",
560 __func__
, ieee80211_state_name
[vap
->iv_state
]);
561 vap
->iv_stats
.is_tx_badstate
++;
562 IEEE80211_UNLOCK(ic
);
563 ifp
->if_drv_flags
|= IFF_DRV_OACTIVE
;
565 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
568 IEEE80211_UNLOCK(ic
);
572 * Sanitize mbuf flags for net80211 use. We cannot
573 * clear M_PWR_SAV or M_MORE_DATA because these may
574 * be set for frames that are re-submitted from the
577 * NB: This must be done before ieee80211_classify as
578 * it marks EAPOL in frames with M_EAPOL.
580 m
->m_flags
&= ~(M_80211_TX
- M_PWR_SAV
- M_MORE_DATA
);
583 * Bump to the packet transmission path.
584 * The mbuf will be consumed here.
586 return (ieee80211_start_pkt(vap
, m
));
590 ieee80211_vap_qflush(struct ifnet
*ifp
)
599 * 802.11 raw output routine.
601 * XXX TODO: this (and other send routines) should correctly
602 * XXX keep the pwr mgmt bit set if it decides to call into the
603 * XXX driver to send a frame whilst the state is SLEEP.
605 * Otherwise the peer may decide that we're awake and flood us
606 * with traffic we are still too asleep to receive!
609 ieee80211_raw_output(struct ieee80211vap
*vap
, struct ieee80211_node
*ni
,
610 struct mbuf
*m
, const struct ieee80211_bpf_params
*params
)
612 struct ieee80211com
*ic
= vap
->iv_ic
;
616 * Set node - the caller has taken a reference, so ensure
617 * that the mbuf has the same node value that
618 * it would if it were going via the normal path.
620 m
->m_pkthdr
.rcvif
= (void *)ni
;
623 * Attempt to add bpf transmit parameters.
625 * For now it's ok to fail; the raw_xmit api still takes
628 * Later on when ic_raw_xmit() has params removed,
629 * they'll have to be added - so fail the transmit if
633 (void) ieee80211_add_xmit_params(m
, params
);
635 error
= ic
->ic_raw_xmit(ni
, m
, params
);
637 if_inc_counter(vap
->iv_ifp
, IFCOUNTER_OERRORS
, 1);
638 ieee80211_free_node(ni
);
644 * 802.11 output routine. This is (currently) used only to
645 * connect bpf write calls to the 802.11 layer for injecting
648 #if defined(__DragonFly__)
650 ieee80211_output(struct ifnet
*ifp
, struct mbuf
*m
,
651 struct sockaddr
*dst
, struct rtentry
*rt
)
654 ieee80211_output(struct ifnet
*ifp
, struct mbuf
*m
,
655 const struct sockaddr
*dst
, struct route
*ro
)
658 #define senderr(e) do { error = (e); goto bad;} while (0)
659 struct ieee80211_node
*ni
= NULL
;
660 struct ieee80211vap
*vap
;
661 struct ieee80211_frame
*wh
;
662 struct ieee80211com
*ic
= NULL
;
666 #if defined(__DragonFly__)
667 struct ifaltq_subque
*ifsq
;
668 ifsq
= ifq_get_subq_default(&ifp
->if_snd
);
669 if (ifsq_is_oactive(ifsq
)) {
671 if (ifp
->if_drv_flags
& IFF_DRV_OACTIVE
) {
674 * Short-circuit requests if the vap is marked OACTIVE
675 * as this can happen because a packet came down through
676 * ieee80211_start before the vap entered RUN state in
677 * which case it's ok to just drop the frame. This
678 * should not be necessary but callers of if_output don't
686 * Hand to the 802.3 code if not tagged as
687 * a raw 802.11 frame.
689 #if defined(__DragonFly__)
690 if (dst
->sa_family
!= AF_IEEE80211
)
691 return vap
->iv_output(ifp
, m
, dst
, rt
);
693 if (dst
->sa_family
!= AF_IEEE80211
)
694 return vap
->iv_output(ifp
, m
, dst
, ro
);
697 error
= mac_ifnet_check_transmit(ifp
, m
);
701 if (ifp
->if_flags
& IFF_MONITOR
)
703 if (!IFNET_IS_UP_RUNNING(ifp
))
705 if (vap
->iv_state
== IEEE80211_S_CAC
) {
706 IEEE80211_DPRINTF(vap
,
707 IEEE80211_MSG_OUTPUT
| IEEE80211_MSG_DOTH
,
708 "block %s frame in CAC state\n", "raw data");
709 vap
->iv_stats
.is_tx_badstate
++;
710 senderr(EIO
); /* XXX */
711 } else if (vap
->iv_state
== IEEE80211_S_SCAN
)
713 /* XXX bypass bridge, pfil, carp, etc. */
715 if (m
->m_pkthdr
.len
< sizeof(struct ieee80211_frame_ack
))
716 senderr(EIO
); /* XXX */
717 wh
= mtod(m
, struct ieee80211_frame
*);
718 if ((wh
->i_fc
[0] & IEEE80211_FC0_VERSION_MASK
) !=
719 IEEE80211_FC0_VERSION_0
)
720 senderr(EIO
); /* XXX */
722 /* locate destination node */
723 switch (wh
->i_fc
[1] & IEEE80211_FC1_DIR_MASK
) {
724 case IEEE80211_FC1_DIR_NODS
:
725 case IEEE80211_FC1_DIR_FROMDS
:
726 ni
= ieee80211_find_txnode(vap
, wh
->i_addr1
);
728 case IEEE80211_FC1_DIR_TODS
:
729 case IEEE80211_FC1_DIR_DSTODS
:
730 if (m
->m_pkthdr
.len
< sizeof(struct ieee80211_frame
))
731 senderr(EIO
); /* XXX */
732 ni
= ieee80211_find_txnode(vap
, wh
->i_addr3
);
735 senderr(EIO
); /* XXX */
739 * Permit packets w/ bpf params through regardless
740 * (see below about sa_len).
742 if (dst
->sa_len
== 0)
743 senderr(EHOSTUNREACH
);
744 ni
= ieee80211_ref_node(vap
->iv_bss
);
748 * Sanitize mbuf for net80211 flags leaked from above.
750 * NB: This must be done before ieee80211_classify as
751 * it marks EAPOL in frames with M_EAPOL.
753 m
->m_flags
&= ~M_80211_TX
;
755 /* calculate priority so drivers can find the tx queue */
756 /* XXX assumes an 802.3 frame */
757 if (ieee80211_classify(ni
, m
))
758 senderr(EIO
); /* XXX */
760 if_inc_counter(ifp
, IFCOUNTER_OPACKETS
, 1);
761 IEEE80211_NODE_STAT(ni
, tx_data
);
762 if (IEEE80211_IS_MULTICAST(wh
->i_addr1
)) {
763 IEEE80211_NODE_STAT(ni
, tx_mcast
);
764 m
->m_flags
|= M_MCAST
;
766 IEEE80211_NODE_STAT(ni
, tx_ucast
);
767 /* NB: ieee80211_encap does not include 802.11 header */
768 IEEE80211_NODE_STAT_ADD(ni
, tx_bytes
, m
->m_pkthdr
.len
);
770 IEEE80211_TX_LOCK(ic
);
773 * NB: DLT_IEEE802_11_RADIO identifies the parameters are
774 * present by setting the sa_len field of the sockaddr (yes,
776 * NB: we assume sa_data is suitably aligned to cast.
778 ret
= ieee80211_raw_output(vap
, ni
, m
,
779 (const struct ieee80211_bpf_params
*)(dst
->sa_len
?
780 dst
->sa_data
: NULL
));
781 IEEE80211_TX_UNLOCK(ic
);
787 ieee80211_free_node(ni
);
788 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
794 * Set the direction field and address fields of an outgoing
795 * frame. Note this should be called early on in constructing
796 * a frame as it sets i_fc[1]; other bits can then be or'd in.
799 ieee80211_send_setup(
800 struct ieee80211_node
*ni
,
803 const uint8_t sa
[IEEE80211_ADDR_LEN
],
804 const uint8_t da
[IEEE80211_ADDR_LEN
],
805 const uint8_t bssid
[IEEE80211_ADDR_LEN
])
807 #define WH4(wh) ((struct ieee80211_frame_addr4 *)wh)
808 struct ieee80211vap
*vap
= ni
->ni_vap
;
809 struct ieee80211_tx_ampdu
*tap
;
810 struct ieee80211_frame
*wh
= mtod(m
, struct ieee80211_frame
*);
813 IEEE80211_TX_LOCK_ASSERT(ni
->ni_ic
);
815 wh
->i_fc
[0] = IEEE80211_FC0_VERSION_0
| type
;
816 if ((type
& IEEE80211_FC0_TYPE_MASK
) == IEEE80211_FC0_TYPE_DATA
) {
817 switch (vap
->iv_opmode
) {
818 case IEEE80211_M_STA
:
819 wh
->i_fc
[1] = IEEE80211_FC1_DIR_TODS
;
820 IEEE80211_ADDR_COPY(wh
->i_addr1
, bssid
);
821 IEEE80211_ADDR_COPY(wh
->i_addr2
, sa
);
822 IEEE80211_ADDR_COPY(wh
->i_addr3
, da
);
824 case IEEE80211_M_IBSS
:
825 case IEEE80211_M_AHDEMO
:
826 wh
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
827 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
828 IEEE80211_ADDR_COPY(wh
->i_addr2
, sa
);
829 IEEE80211_ADDR_COPY(wh
->i_addr3
, bssid
);
831 case IEEE80211_M_HOSTAP
:
832 wh
->i_fc
[1] = IEEE80211_FC1_DIR_FROMDS
;
833 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
834 IEEE80211_ADDR_COPY(wh
->i_addr2
, bssid
);
835 IEEE80211_ADDR_COPY(wh
->i_addr3
, sa
);
837 case IEEE80211_M_WDS
:
838 wh
->i_fc
[1] = IEEE80211_FC1_DIR_DSTODS
;
839 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
840 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
841 IEEE80211_ADDR_COPY(wh
->i_addr3
, da
);
842 IEEE80211_ADDR_COPY(WH4(wh
)->i_addr4
, sa
);
844 case IEEE80211_M_MBSS
:
845 #ifdef IEEE80211_SUPPORT_MESH
846 if (IEEE80211_IS_MULTICAST(da
)) {
847 wh
->i_fc
[1] = IEEE80211_FC1_DIR_FROMDS
;
849 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
850 IEEE80211_ADDR_COPY(wh
->i_addr2
,
853 wh
->i_fc
[1] = IEEE80211_FC1_DIR_DSTODS
;
854 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
855 IEEE80211_ADDR_COPY(wh
->i_addr2
,
857 IEEE80211_ADDR_COPY(wh
->i_addr3
, da
);
858 IEEE80211_ADDR_COPY(WH4(wh
)->i_addr4
, sa
);
862 case IEEE80211_M_MONITOR
: /* NB: to quiet compiler */
866 wh
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
867 IEEE80211_ADDR_COPY(wh
->i_addr1
, da
);
868 IEEE80211_ADDR_COPY(wh
->i_addr2
, sa
);
869 #ifdef IEEE80211_SUPPORT_MESH
870 if (vap
->iv_opmode
== IEEE80211_M_MBSS
)
871 IEEE80211_ADDR_COPY(wh
->i_addr3
, sa
);
874 IEEE80211_ADDR_COPY(wh
->i_addr3
, bssid
);
876 *(uint16_t *)&wh
->i_dur
[0] = 0;
878 tap
= &ni
->ni_tx_ampdu
[tid
];
879 if (tid
!= IEEE80211_NONQOS_TID
&& IEEE80211_AMPDU_RUNNING(tap
))
880 m
->m_flags
|= M_AMPDU_MPDU
;
882 if (IEEE80211_HAS_SEQ(type
& IEEE80211_FC0_TYPE_MASK
,
883 type
& IEEE80211_FC0_SUBTYPE_MASK
))
884 seqno
= ni
->ni_txseqs
[tid
]++;
888 *(uint16_t *)&wh
->i_seq
[0] =
889 htole16(seqno
<< IEEE80211_SEQ_SEQ_SHIFT
);
890 M_SEQNO_SET(m
, seqno
);
893 if (IEEE80211_IS_MULTICAST(wh
->i_addr1
))
894 m
->m_flags
|= M_MCAST
;
899 * Send a management frame to the specified node. The node pointer
900 * must have a reference as the pointer will be passed to the driver
901 * and potentially held for a long time. If the frame is successfully
902 * dispatched to the driver, then it is responsible forkfreeing the
903 * reference (and potentiallykfree'ing up any associated storage);
904 * otherwise deal with reclaiming any reference (on error).
907 ieee80211_mgmt_output(struct ieee80211_node
*ni
, struct mbuf
*m
, int type
,
908 struct ieee80211_bpf_params
*params
)
910 struct ieee80211vap
*vap
= ni
->ni_vap
;
911 struct ieee80211com
*ic
= ni
->ni_ic
;
912 struct ieee80211_frame
*wh
;
915 KASSERT(ni
!= NULL
, ("null node"));
917 if (vap
->iv_state
== IEEE80211_S_CAC
) {
918 IEEE80211_NOTE(vap
, IEEE80211_MSG_OUTPUT
| IEEE80211_MSG_DOTH
,
919 ni
, "block %s frame in CAC state",
920 ieee80211_mgt_subtype_name(type
));
921 vap
->iv_stats
.is_tx_badstate
++;
922 ieee80211_free_node(ni
);
924 return EIO
; /* XXX */
927 M_PREPEND(m
, sizeof(struct ieee80211_frame
), M_NOWAIT
);
929 ieee80211_free_node(ni
);
933 IEEE80211_TX_LOCK(ic
);
935 wh
= mtod(m
, struct ieee80211_frame
*);
936 ieee80211_send_setup(ni
, m
,
937 IEEE80211_FC0_TYPE_MGT
| type
, IEEE80211_NONQOS_TID
,
938 vap
->iv_myaddr
, ni
->ni_macaddr
, ni
->ni_bssid
);
939 if (params
->ibp_flags
& IEEE80211_BPF_CRYPTO
) {
940 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_AUTH
, wh
->i_addr1
,
941 "encrypting frame (%s)", __func__
);
942 wh
->i_fc
[1] |= IEEE80211_FC1_PROTECTED
;
944 m
->m_flags
|= M_ENCAP
; /* mark encapsulated */
946 KASSERT(type
!= IEEE80211_FC0_SUBTYPE_PROBE_RESP
, ("probe response?"));
947 M_WME_SETAC(m
, params
->ibp_pri
);
949 #ifdef IEEE80211_DEBUG
950 /* avoid printing too many frames */
951 if ((ieee80211_msg_debug(vap
) && doprint(vap
, type
)) ||
952 ieee80211_msg_dumppkts(vap
)) {
953 kprintf("[%s] send %s on channel %u\n",
954 ether_sprintf(wh
->i_addr1
),
955 ieee80211_mgt_subtype_name(type
),
956 ieee80211_chan2ieee(ic
, ic
->ic_curchan
));
959 IEEE80211_NODE_STAT(ni
, tx_mgmt
);
961 ret
= ieee80211_raw_output(vap
, ni
, m
, params
);
962 IEEE80211_TX_UNLOCK(ic
);
967 ieee80211_nulldata_transmitted(struct ieee80211_node
*ni
, void *arg
,
970 struct ieee80211vap
*vap
= ni
->ni_vap
;
976 * Send a null data frame to the specified node. If the station
977 * is setup for QoS then a QoS Null Data frame is constructed.
978 * If this is a WDS station then a 4-address frame is constructed.
980 * NB: the caller is assumed to have setup a node reference
981 * for use; this is necessary to deal with a race condition
982 * when probing for inactive stations. Like ieee80211_mgmt_output
983 * we must cleanup any node reference on error; however we
984 * can safely just unref it as we know it will never be the
985 * last reference to the node.
988 ieee80211_send_nulldata(struct ieee80211_node
*ni
)
990 struct ieee80211vap
*vap
= ni
->ni_vap
;
991 struct ieee80211com
*ic
= ni
->ni_ic
;
993 struct ieee80211_frame
*wh
;
998 if (vap
->iv_state
== IEEE80211_S_CAC
) {
999 IEEE80211_NOTE(vap
, IEEE80211_MSG_OUTPUT
| IEEE80211_MSG_DOTH
,
1000 ni
, "block %s frame in CAC state", "null data");
1001 ieee80211_unref_node(&ni
);
1002 vap
->iv_stats
.is_tx_badstate
++;
1003 return EIO
; /* XXX */
1006 if (ni
->ni_flags
& (IEEE80211_NODE_QOS
|IEEE80211_NODE_HT
))
1007 hdrlen
= sizeof(struct ieee80211_qosframe
);
1009 hdrlen
= sizeof(struct ieee80211_frame
);
1010 /* NB: only WDS vap's get 4-address frames */
1011 if (vap
->iv_opmode
== IEEE80211_M_WDS
)
1012 hdrlen
+= IEEE80211_ADDR_LEN
;
1013 if (ic
->ic_flags
& IEEE80211_F_DATAPAD
)
1014 hdrlen
= roundup(hdrlen
, sizeof(uint32_t));
1016 m
= ieee80211_getmgtframe(&frm
, ic
->ic_headroom
+ hdrlen
, 0);
1019 ieee80211_unref_node(&ni
);
1020 vap
->iv_stats
.is_tx_nobuf
++;
1023 KASSERT(M_LEADINGSPACE(m
) >= hdrlen
,
1024 ("leading space %zd", M_LEADINGSPACE(m
)));
1025 M_PREPEND(m
, hdrlen
, M_NOWAIT
);
1027 /* NB: cannot happen */
1028 ieee80211_free_node(ni
);
1032 IEEE80211_TX_LOCK(ic
);
1034 wh
= mtod(m
, struct ieee80211_frame
*); /* NB: a little lie */
1035 if (ni
->ni_flags
& IEEE80211_NODE_QOS
) {
1036 const int tid
= WME_AC_TO_TID(WME_AC_BE
);
1039 ieee80211_send_setup(ni
, m
,
1040 IEEE80211_FC0_TYPE_DATA
| IEEE80211_FC0_SUBTYPE_QOS_NULL
,
1041 tid
, vap
->iv_myaddr
, ni
->ni_macaddr
, ni
->ni_bssid
);
1043 if (vap
->iv_opmode
== IEEE80211_M_WDS
)
1044 qos
= ((struct ieee80211_qosframe_addr4
*) wh
)->i_qos
;
1046 qos
= ((struct ieee80211_qosframe
*) wh
)->i_qos
;
1047 qos
[0] = tid
& IEEE80211_QOS_TID
;
1048 if (ic
->ic_wme
.wme_wmeChanParams
.cap_wmeParams
[WME_AC_BE
].wmep_noackPolicy
)
1049 qos
[0] |= IEEE80211_QOS_ACKPOLICY_NOACK
;
1052 ieee80211_send_setup(ni
, m
,
1053 IEEE80211_FC0_TYPE_DATA
| IEEE80211_FC0_SUBTYPE_NODATA
,
1054 IEEE80211_NONQOS_TID
,
1055 vap
->iv_myaddr
, ni
->ni_macaddr
, ni
->ni_bssid
);
1057 if (vap
->iv_opmode
!= IEEE80211_M_WDS
) {
1058 /* NB: power management bit is never sent by an AP */
1059 if ((ni
->ni_flags
& IEEE80211_NODE_PWR_MGT
) &&
1060 vap
->iv_opmode
!= IEEE80211_M_HOSTAP
)
1061 wh
->i_fc
[1] |= IEEE80211_FC1_PWR_MGT
;
1063 if ((ic
->ic_flags
& IEEE80211_F_SCAN
) &&
1064 (ni
->ni_flags
& IEEE80211_NODE_PWR_MGT
)) {
1065 ieee80211_add_callback(m
, ieee80211_nulldata_transmitted
,
1068 m
->m_len
= m
->m_pkthdr
.len
= hdrlen
;
1069 m
->m_flags
|= M_ENCAP
; /* mark encapsulated */
1071 M_WME_SETAC(m
, WME_AC_BE
);
1073 IEEE80211_NODE_STAT(ni
, tx_data
);
1075 IEEE80211_NOTE(vap
, IEEE80211_MSG_DEBUG
| IEEE80211_MSG_DUMPPKTS
, ni
,
1076 "send %snull data frame on channel %u, pwr mgt %s",
1077 ni
->ni_flags
& IEEE80211_NODE_QOS
? "QoS " : "",
1078 ieee80211_chan2ieee(ic
, ic
->ic_curchan
),
1079 wh
->i_fc
[1] & IEEE80211_FC1_PWR_MGT
? "ena" : "dis");
1081 ret
= ieee80211_raw_output(vap
, ni
, m
, NULL
);
1082 IEEE80211_TX_UNLOCK(ic
);
1087 * Assign priority to a frame based on any vlan tag assigned
1088 * to the station and/or any Diffserv setting in an IP header.
1089 * Finally, if an ACM policy is setup (in station mode) it's
1093 ieee80211_classify(struct ieee80211_node
*ni
, struct mbuf
*m
)
1095 const struct ether_header
*eh
= mtod(m
, struct ether_header
*);
1096 int v_wme_ac
, d_wme_ac
, ac
;
1099 * Always promote PAE/EAPOL frames to high priority.
1101 if (eh
->ether_type
== htons(ETHERTYPE_PAE
)) {
1102 /* NB: mark so others don't need to check header */
1103 m
->m_flags
|= M_EAPOL
;
1108 * Non-qos traffic goes to BE.
1110 if ((ni
->ni_flags
& IEEE80211_NODE_QOS
) == 0) {
1116 * If node has a vlan tag then all traffic
1117 * to it must have a matching tag.
1120 if (ni
->ni_vlan
!= 0) {
1121 if ((m
->m_flags
& M_VLANTAG
) == 0) {
1122 IEEE80211_NODE_STAT(ni
, tx_novlantag
);
1125 #if defined(__DragonFly__)
1126 if (EVL_VLANOFTAG(m
->m_pkthdr
.ether_vlantag
) !=
1127 EVL_VLANOFTAG(ni
->ni_vlan
)) {
1128 IEEE80211_NODE_STAT(ni
, tx_vlanmismatch
);
1132 if (EVL_VLANOFTAG(m
->m_pkthdr
.ether_vtag
) !=
1133 EVL_VLANOFTAG(ni
->ni_vlan
)) {
1134 IEEE80211_NODE_STAT(ni
, tx_vlanmismatch
);
1138 /* map vlan priority to AC */
1139 v_wme_ac
= TID_TO_WME_AC(EVL_PRIOFTAG(ni
->ni_vlan
));
1142 /* XXX m_copydata may be too slow for fast path */
1144 if (eh
->ether_type
== htons(ETHERTYPE_IP
)) {
1147 * IP frame, map the DSCP bits from the TOS field.
1149 /* NB: ip header may not be in first mbuf */
1150 m_copydata(m
, sizeof(struct ether_header
) +
1151 offsetof(struct ip
, ip_tos
), sizeof(tos
), &tos
);
1152 tos
>>= 5; /* NB: ECN + low 3 bits of DSCP */
1153 d_wme_ac
= TID_TO_WME_AC(tos
);
1157 if (eh
->ether_type
== htons(ETHERTYPE_IPV6
)) {
1161 * IPv6 frame, map the DSCP bits from the traffic class field.
1163 m_copydata(m
, sizeof(struct ether_header
) +
1164 offsetof(struct ip6_hdr
, ip6_flow
), sizeof(flow
),
1166 tos
= (uint8_t)(ntohl(flow
) >> 20);
1167 tos
>>= 5; /* NB: ECN + low 3 bits of DSCP */
1168 d_wme_ac
= TID_TO_WME_AC(tos
);
1171 d_wme_ac
= WME_AC_BE
;
1179 * Use highest priority AC.
1181 if (v_wme_ac
> d_wme_ac
)
1189 if (ni
->ni_vap
->iv_opmode
== IEEE80211_M_STA
) {
1190 static const int acmap
[4] = {
1191 WME_AC_BK
, /* WME_AC_BE */
1192 WME_AC_BK
, /* WME_AC_BK */
1193 WME_AC_BE
, /* WME_AC_VI */
1194 WME_AC_VI
, /* WME_AC_VO */
1196 struct ieee80211com
*ic
= ni
->ni_ic
;
1198 while (ac
!= WME_AC_BK
&&
1199 ic
->ic_wme
.wme_wmeBssChanParams
.cap_wmeParams
[ac
].wmep_acm
)
1208 * Insure there is sufficient contiguous space to encapsulate the
1209 * 802.11 data frame. If room isn't already there, arrange for it.
1210 * Drivers and cipher modules assume we have done the necessary work
1211 * and fail rudely if they don't find the space they need.
1214 ieee80211_mbuf_adjust(struct ieee80211vap
*vap
, int hdrsize
,
1215 struct ieee80211_key
*key
, struct mbuf
*m
)
1217 #define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc))
1218 int needed_space
= vap
->iv_ic
->ic_headroom
+ hdrsize
;
1221 /* XXX belongs in crypto code? */
1222 needed_space
+= key
->wk_cipher
->ic_header
;
1225 * When crypto is being done in the host we must insure
1226 * the data are writable for the cipher routines; clone
1227 * a writable mbuf chain.
1228 * XXX handle SWMIC specially
1230 if (key
->wk_flags
& (IEEE80211_KEY_SWENCRYPT
|IEEE80211_KEY_SWENMIC
)) {
1231 m
= m_unshare(m
, M_NOWAIT
);
1233 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
1234 "%s: cannot get writable mbuf\n", __func__
);
1235 vap
->iv_stats
.is_tx_nobuf
++; /* XXX new stat */
1241 * We know we are called just before stripping an Ethernet
1242 * header and prepending an LLC header. This means we know
1244 * sizeof(struct ether_header) - sizeof(struct llc)
1245 * bytes recovered to which we need additional space for the
1246 * 802.11 header and any crypto header.
1248 /* XXX check trailing space and copy instead? */
1249 if (M_LEADINGSPACE(m
) < needed_space
- TO_BE_RECLAIMED
) {
1250 struct mbuf
*n
= m_gethdr(M_NOWAIT
, m
->m_type
);
1252 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_OUTPUT
,
1253 "%s: cannot expand storage\n", __func__
);
1254 vap
->iv_stats
.is_tx_nobuf
++;
1258 #if defined(__DragonFly__)
1259 KASSERT(needed_space
<= MHLEN
,
1260 ("not enough room, need %u got %zd\n", needed_space
, MHLEN
));
1262 KASSERT(needed_space
<= MHLEN
,
1263 ("not enough room, need %u got %d\n", needed_space
, MHLEN
));
1266 * Setup new mbuf to have leading space to prepend the
1267 * 802.11 header and any crypto header bits that are
1268 * required (the latter are added when the driver calls
1269 * back to ieee80211_crypto_encap to do crypto encapsulation).
1271 /* NB: must be first 'cuz it clobbers m_data */
1272 m_move_pkthdr(n
, m
);
1273 n
->m_len
= 0; /* NB: m_gethdr does not set */
1274 n
->m_data
+= needed_space
;
1276 * Pull up Ethernet header to create the expected layout.
1277 * We could use m_pullup but that's overkill (i.e. we don't
1278 * need the actual data) and it cannot fail so do it inline
1281 /* NB: struct ether_header is known to be contiguous */
1282 n
->m_len
+= sizeof(struct ether_header
);
1283 m
->m_len
-= sizeof(struct ether_header
);
1284 m
->m_data
+= sizeof(struct ether_header
);
1286 * Replace the head of the chain.
1292 #undef TO_BE_RECLAIMED
1296 * Return the transmit key to use in sending a unicast frame.
1297 * If a unicast key is set we use that. When no unicast key is set
1298 * we fall back to the default transmit key.
1300 static __inline
struct ieee80211_key
*
1301 ieee80211_crypto_getucastkey(struct ieee80211vap
*vap
,
1302 struct ieee80211_node
*ni
)
1304 if (IEEE80211_KEY_UNDEFINED(&ni
->ni_ucastkey
)) {
1305 if (vap
->iv_def_txkey
== IEEE80211_KEYIX_NONE
||
1306 IEEE80211_KEY_UNDEFINED(&vap
->iv_nw_keys
[vap
->iv_def_txkey
]))
1308 return &vap
->iv_nw_keys
[vap
->iv_def_txkey
];
1310 return &ni
->ni_ucastkey
;
1315 * Return the transmit key to use in sending a multicast frame.
1316 * Multicast traffic always uses the group key which is installed as
1317 * the default tx key.
1319 static __inline
struct ieee80211_key
*
1320 ieee80211_crypto_getmcastkey(struct ieee80211vap
*vap
,
1321 struct ieee80211_node
*ni
)
1323 if (vap
->iv_def_txkey
== IEEE80211_KEYIX_NONE
||
1324 IEEE80211_KEY_UNDEFINED(&vap
->iv_nw_keys
[vap
->iv_def_txkey
]))
1326 return &vap
->iv_nw_keys
[vap
->iv_def_txkey
];
1330 * Encapsulate an outbound data frame. The mbuf chain is updated.
1331 * If an error is encountered NULL is returned. The caller is required
1332 * to provide a node reference and pullup the ethernet header in the
1335 * NB: Packet is assumed to be processed by ieee80211_classify which
1336 * marked EAPOL frames w/ M_EAPOL.
1339 ieee80211_encap(struct ieee80211vap
*vap
, struct ieee80211_node
*ni
,
1342 #define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh))
1343 #define MC01(mc) ((struct ieee80211_meshcntl_ae01 *)mc)
1344 struct ieee80211com
*ic
= ni
->ni_ic
;
1345 #ifdef IEEE80211_SUPPORT_MESH
1346 struct ieee80211_mesh_state
*ms
= vap
->iv_mesh
;
1347 struct ieee80211_meshcntl_ae10
*mc
;
1348 struct ieee80211_mesh_route
*rt
= NULL
;
1351 struct ether_header eh
;
1352 struct ieee80211_frame
*wh
;
1353 struct ieee80211_key
*key
;
1355 int hdrsize
, hdrspace
, datalen
, addqos
, txfrag
, is4addr
;
1356 ieee80211_seq seqno
;
1357 int meshhdrsize
, meshae
;
1361 IEEE80211_TX_LOCK_ASSERT(ic
);
1364 * Copy existing Ethernet header to a safe place. The
1365 * rest of the code assumes it's ok to strip it when
1366 * reorganizing state for the final encapsulation.
1368 KASSERT(m
->m_len
>= sizeof(eh
), ("no ethernet header!"));
1369 ETHER_HEADER_COPY(&eh
, mtod(m
, caddr_t
));
1372 * Insure space for additional headers. First identify
1373 * transmit key to use in calculating any buffer adjustments
1374 * required. This is also used below to do privacy
1375 * encapsulation work. Then calculate the 802.11 header
1376 * size and any padding required by the driver.
1378 * Note key may be NULL if we fall back to the default
1379 * transmit key and that is not set. In that case the
1380 * buffer may not be expanded as needed by the cipher
1381 * routines, but they will/should discard it.
1383 if (vap
->iv_flags
& IEEE80211_F_PRIVACY
) {
1384 if (vap
->iv_opmode
== IEEE80211_M_STA
||
1385 !IEEE80211_IS_MULTICAST(eh
.ether_dhost
) ||
1386 (vap
->iv_opmode
== IEEE80211_M_WDS
&&
1387 (vap
->iv_flags_ext
& IEEE80211_FEXT_WDSLEGACY
)))
1388 key
= ieee80211_crypto_getucastkey(vap
, ni
);
1390 key
= ieee80211_crypto_getmcastkey(vap
, ni
);
1391 if (key
== NULL
&& (m
->m_flags
& M_EAPOL
) == 0) {
1392 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_CRYPTO
,
1394 "no default transmit key (%s) deftxkey %u",
1395 __func__
, vap
->iv_def_txkey
);
1396 vap
->iv_stats
.is_tx_nodefkey
++;
1402 * XXX Some ap's don't handle QoS-encapsulated EAPOL
1403 * frames so suppress use. This may be an issue if other
1404 * ap's require all data frames to be QoS-encapsulated
1405 * once negotiated in which case we'll need to make this
1407 * NB: mesh data frames are QoS.
1409 addqos
= ((ni
->ni_flags
& (IEEE80211_NODE_QOS
|IEEE80211_NODE_HT
)) ||
1410 (vap
->iv_opmode
== IEEE80211_M_MBSS
)) &&
1411 (m
->m_flags
& M_EAPOL
) == 0;
1413 hdrsize
= sizeof(struct ieee80211_qosframe
);
1415 hdrsize
= sizeof(struct ieee80211_frame
);
1416 #ifdef IEEE80211_SUPPORT_MESH
1417 if (vap
->iv_opmode
== IEEE80211_M_MBSS
) {
1419 * Mesh data frames are encapsulated according to the
1420 * rules of Section 11B.8.5 (p.139 of D3.0 spec).
1421 * o Group Addressed data (aka multicast) originating
1422 * at the local sta are sent w/ 3-address format and
1423 * address extension mode 00
1424 * o Individually Addressed data (aka unicast) originating
1425 * at the local sta are sent w/ 4-address format and
1426 * address extension mode 00
1427 * o Group Addressed data forwarded from a non-mesh sta are
1428 * sent w/ 3-address format and address extension mode 01
1429 * o Individually Address data from another sta are sent
1430 * w/ 4-address format and address extension mode 10
1432 is4addr
= 0; /* NB: don't use, disable */
1433 if (!IEEE80211_IS_MULTICAST(eh
.ether_dhost
)) {
1434 rt
= ieee80211_mesh_rt_find(vap
, eh
.ether_dhost
);
1435 KASSERT(rt
!= NULL
, ("route is NULL"));
1436 dir
= IEEE80211_FC1_DIR_DSTODS
;
1437 hdrsize
+= IEEE80211_ADDR_LEN
;
1438 if (rt
->rt_flags
& IEEE80211_MESHRT_FLAGS_PROXY
) {
1439 if (IEEE80211_ADDR_EQ(rt
->rt_mesh_gate
,
1441 IEEE80211_NOTE_MAC(vap
,
1444 "%s", "trying to send to ourself");
1447 meshae
= IEEE80211_MESH_AE_10
;
1449 sizeof(struct ieee80211_meshcntl_ae10
);
1451 meshae
= IEEE80211_MESH_AE_00
;
1453 sizeof(struct ieee80211_meshcntl
);
1456 dir
= IEEE80211_FC1_DIR_FROMDS
;
1457 if (!IEEE80211_ADDR_EQ(eh
.ether_shost
, vap
->iv_myaddr
)) {
1459 meshae
= IEEE80211_MESH_AE_01
;
1461 sizeof(struct ieee80211_meshcntl_ae01
);
1464 meshae
= IEEE80211_MESH_AE_00
;
1465 meshhdrsize
= sizeof(struct ieee80211_meshcntl
);
1471 * 4-address frames need to be generated for:
1472 * o packets sent through a WDS vap (IEEE80211_M_WDS)
1473 * o packets sent through a vap marked for relaying
1474 * (e.g. a station operating with dynamic WDS)
1476 is4addr
= vap
->iv_opmode
== IEEE80211_M_WDS
||
1477 ((vap
->iv_flags_ext
& IEEE80211_FEXT_4ADDR
) &&
1478 !IEEE80211_ADDR_EQ(eh
.ether_shost
, vap
->iv_myaddr
));
1480 hdrsize
+= IEEE80211_ADDR_LEN
;
1481 meshhdrsize
= meshae
= 0;
1482 #ifdef IEEE80211_SUPPORT_MESH
1486 * Honor driver DATAPAD requirement.
1488 if (ic
->ic_flags
& IEEE80211_F_DATAPAD
)
1489 hdrspace
= roundup(hdrsize
, sizeof(uint32_t));
1493 if (__predict_true((m
->m_flags
& M_FF
) == 0)) {
1497 m
= ieee80211_mbuf_adjust(vap
, hdrspace
+ meshhdrsize
, key
, m
);
1499 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */
1502 /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */
1503 m_adj(m
, sizeof(struct ether_header
) - sizeof(struct llc
));
1504 llc
= mtod(m
, struct llc
*);
1505 llc
->llc_dsap
= llc
->llc_ssap
= LLC_SNAP_LSAP
;
1506 llc
->llc_control
= LLC_UI
;
1507 llc
->llc_snap
.org_code
[0] = 0;
1508 llc
->llc_snap
.org_code
[1] = 0;
1509 llc
->llc_snap
.org_code
[2] = 0;
1510 llc
->llc_snap
.ether_type
= eh
.ether_type
;
1512 #ifdef IEEE80211_SUPPORT_SUPERG
1514 * Aggregated frame. Check if it's for AMSDU or FF.
1516 * XXX TODO: IEEE80211_NODE_AMSDU* isn't implemented
1517 * anywhere for some reason. But, since 11n requires
1518 * AMSDU RX, we can just assume "11n" == "AMSDU".
1520 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SUPERG
, "%s: called; M_FF\n", __func__
);
1521 if (ieee80211_amsdu_tx_ok(ni
)) {
1522 m
= ieee80211_amsdu_encap(vap
, m
, hdrspace
+ meshhdrsize
, key
);
1525 m
= ieee80211_ff_encap(vap
, m
, hdrspace
+ meshhdrsize
, key
);
1531 datalen
= m
->m_pkthdr
.len
; /* NB: w/o 802.11 header */
1533 M_PREPEND(m
, hdrspace
+ meshhdrsize
, M_NOWAIT
);
1535 vap
->iv_stats
.is_tx_nobuf
++;
1538 wh
= mtod(m
, struct ieee80211_frame
*);
1539 wh
->i_fc
[0] = IEEE80211_FC0_VERSION_0
| IEEE80211_FC0_TYPE_DATA
;
1540 *(uint16_t *)wh
->i_dur
= 0;
1541 qos
= NULL
; /* NB: quiet compiler */
1543 wh
->i_fc
[1] = IEEE80211_FC1_DIR_DSTODS
;
1544 IEEE80211_ADDR_COPY(wh
->i_addr1
, ni
->ni_macaddr
);
1545 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
1546 IEEE80211_ADDR_COPY(wh
->i_addr3
, eh
.ether_dhost
);
1547 IEEE80211_ADDR_COPY(WH4(wh
)->i_addr4
, eh
.ether_shost
);
1548 } else switch (vap
->iv_opmode
) {
1549 case IEEE80211_M_STA
:
1550 wh
->i_fc
[1] = IEEE80211_FC1_DIR_TODS
;
1551 IEEE80211_ADDR_COPY(wh
->i_addr1
, ni
->ni_bssid
);
1552 IEEE80211_ADDR_COPY(wh
->i_addr2
, eh
.ether_shost
);
1553 IEEE80211_ADDR_COPY(wh
->i_addr3
, eh
.ether_dhost
);
1555 case IEEE80211_M_IBSS
:
1556 case IEEE80211_M_AHDEMO
:
1557 wh
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
1558 IEEE80211_ADDR_COPY(wh
->i_addr1
, eh
.ether_dhost
);
1559 IEEE80211_ADDR_COPY(wh
->i_addr2
, eh
.ether_shost
);
1561 * NB: always use the bssid from iv_bss as the
1562 * neighbor's may be stale after an ibss merge
1564 IEEE80211_ADDR_COPY(wh
->i_addr3
, vap
->iv_bss
->ni_bssid
);
1566 case IEEE80211_M_HOSTAP
:
1567 wh
->i_fc
[1] = IEEE80211_FC1_DIR_FROMDS
;
1568 IEEE80211_ADDR_COPY(wh
->i_addr1
, eh
.ether_dhost
);
1569 IEEE80211_ADDR_COPY(wh
->i_addr2
, ni
->ni_bssid
);
1570 IEEE80211_ADDR_COPY(wh
->i_addr3
, eh
.ether_shost
);
1572 #ifdef IEEE80211_SUPPORT_MESH
1573 case IEEE80211_M_MBSS
:
1574 /* NB: offset by hdrspace to deal with DATAPAD */
1575 mc
= (struct ieee80211_meshcntl_ae10
*)
1576 (mtod(m
, uint8_t *) + hdrspace
);
1579 case IEEE80211_MESH_AE_00
: /* no proxy */
1581 if (dir
== IEEE80211_FC1_DIR_DSTODS
) { /* ucast */
1582 IEEE80211_ADDR_COPY(wh
->i_addr1
,
1584 IEEE80211_ADDR_COPY(wh
->i_addr2
,
1586 IEEE80211_ADDR_COPY(wh
->i_addr3
,
1588 IEEE80211_ADDR_COPY(WH4(wh
)->i_addr4
,
1590 qos
=((struct ieee80211_qosframe_addr4
*)
1592 } else if (dir
== IEEE80211_FC1_DIR_FROMDS
) {
1594 IEEE80211_ADDR_COPY(wh
->i_addr1
,
1596 IEEE80211_ADDR_COPY(wh
->i_addr2
,
1598 IEEE80211_ADDR_COPY(wh
->i_addr3
,
1600 qos
= ((struct ieee80211_qosframe
*)
1604 case IEEE80211_MESH_AE_01
: /* mcast, proxy */
1605 wh
->i_fc
[1] = IEEE80211_FC1_DIR_FROMDS
;
1606 IEEE80211_ADDR_COPY(wh
->i_addr1
, eh
.ether_dhost
);
1607 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
1608 IEEE80211_ADDR_COPY(wh
->i_addr3
, vap
->iv_myaddr
);
1610 IEEE80211_ADDR_COPY(MC01(mc
)->mc_addr4
,
1612 qos
= ((struct ieee80211_qosframe
*) wh
)->i_qos
;
1614 case IEEE80211_MESH_AE_10
: /* ucast, proxy */
1615 KASSERT(rt
!= NULL
, ("route is NULL"));
1616 IEEE80211_ADDR_COPY(wh
->i_addr1
, rt
->rt_nexthop
);
1617 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
1618 IEEE80211_ADDR_COPY(wh
->i_addr3
, rt
->rt_mesh_gate
);
1619 IEEE80211_ADDR_COPY(WH4(wh
)->i_addr4
, vap
->iv_myaddr
);
1620 mc
->mc_flags
= IEEE80211_MESH_AE_10
;
1621 IEEE80211_ADDR_COPY(mc
->mc_addr5
, eh
.ether_dhost
);
1622 IEEE80211_ADDR_COPY(mc
->mc_addr6
, eh
.ether_shost
);
1623 qos
= ((struct ieee80211_qosframe_addr4
*) wh
)->i_qos
;
1626 KASSERT(0, ("meshae %d", meshae
));
1629 mc
->mc_ttl
= ms
->ms_ttl
;
1631 le32enc(mc
->mc_seq
, ms
->ms_seq
);
1634 case IEEE80211_M_WDS
: /* NB: is4addr should always be true */
1638 if (m
->m_flags
& M_MORE_DATA
)
1639 wh
->i_fc
[1] |= IEEE80211_FC1_MORE_DATA
;
1644 qos
= ((struct ieee80211_qosframe_addr4
*) wh
)->i_qos
;
1645 /* NB: mesh case handled earlier */
1646 } else if (vap
->iv_opmode
!= IEEE80211_M_MBSS
)
1647 qos
= ((struct ieee80211_qosframe
*) wh
)->i_qos
;
1648 ac
= M_WME_GETAC(m
);
1649 /* map from access class/queue to 11e header priorty value */
1650 tid
= WME_AC_TO_TID(ac
);
1651 qos
[0] = tid
& IEEE80211_QOS_TID
;
1652 if (ic
->ic_wme
.wme_wmeChanParams
.cap_wmeParams
[ac
].wmep_noackPolicy
)
1653 qos
[0] |= IEEE80211_QOS_ACKPOLICY_NOACK
;
1654 #ifdef IEEE80211_SUPPORT_MESH
1655 if (vap
->iv_opmode
== IEEE80211_M_MBSS
)
1656 qos
[1] = IEEE80211_QOS_MC
;
1660 wh
->i_fc
[0] |= IEEE80211_FC0_SUBTYPE_QOS
;
1663 * If this is an A-MSDU then ensure we set the
1667 qos
[0] |= IEEE80211_QOS_AMSDU
;
1669 if ((m
->m_flags
& M_AMPDU_MPDU
) == 0) {
1671 * NB: don't assign a sequence # to potential
1672 * aggregates; we expect this happens at the
1673 * point the frame comes off any aggregation q
1674 * as otherwise we may introduce holes in the
1675 * BA sequence space and/or make window accouting
1678 * XXX may want to control this with a driver
1679 * capability; this may also change when we pull
1680 * aggregation up into net80211
1682 seqno
= ni
->ni_txseqs
[tid
]++;
1683 *(uint16_t *)wh
->i_seq
=
1684 htole16(seqno
<< IEEE80211_SEQ_SEQ_SHIFT
);
1685 M_SEQNO_SET(m
, seqno
);
1688 seqno
= ni
->ni_txseqs
[IEEE80211_NONQOS_TID
]++;
1689 *(uint16_t *)wh
->i_seq
=
1690 htole16(seqno
<< IEEE80211_SEQ_SEQ_SHIFT
);
1691 M_SEQNO_SET(m
, seqno
);
1694 * XXX TODO: we shouldn't allow EAPOL, etc that would
1695 * be forced to be non-QoS traffic to be A-MSDU encapsulated.
1698 kprintf("%s: XXX ERROR: is_amsdu set; not QoS!\n",
1703 /* check if xmit fragmentation is required */
1704 txfrag
= (m
->m_pkthdr
.len
> vap
->iv_fragthreshold
&&
1705 !IEEE80211_IS_MULTICAST(wh
->i_addr1
) &&
1706 (vap
->iv_caps
& IEEE80211_C_TXFRAG
) &&
1707 (m
->m_flags
& (M_FF
| M_AMPDU_MPDU
)) == 0);
1710 * IEEE 802.1X: send EAPOL frames always in the clear.
1711 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.
1713 if ((m
->m_flags
& M_EAPOL
) == 0 ||
1714 ((vap
->iv_flags
& IEEE80211_F_WPA
) &&
1715 (vap
->iv_opmode
== IEEE80211_M_STA
?
1716 !IEEE80211_KEY_UNDEFINED(key
) :
1717 !IEEE80211_KEY_UNDEFINED(&ni
->ni_ucastkey
)))) {
1718 wh
->i_fc
[1] |= IEEE80211_FC1_PROTECTED
;
1719 if (!ieee80211_crypto_enmic(vap
, key
, m
, txfrag
)) {
1720 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_OUTPUT
,
1722 "%s", "enmic failed, discard frame");
1723 vap
->iv_stats
.is_crypto_enmicfail
++;
1728 if (txfrag
&& !ieee80211_fragment(vap
, m
, hdrsize
,
1729 key
!= NULL
? key
->wk_cipher
->ic_header
: 0, vap
->iv_fragthreshold
))
1732 m
->m_flags
|= M_ENCAP
; /* mark encapsulated */
1734 IEEE80211_NODE_STAT(ni
, tx_data
);
1735 if (IEEE80211_IS_MULTICAST(wh
->i_addr1
)) {
1736 IEEE80211_NODE_STAT(ni
, tx_mcast
);
1737 m
->m_flags
|= M_MCAST
;
1739 IEEE80211_NODE_STAT(ni
, tx_ucast
);
1740 IEEE80211_NODE_STAT_ADD(ni
, tx_bytes
, datalen
);
1752 ieee80211_free_mbuf(struct mbuf
*m
)
1760 next
= m
->m_nextpkt
;
1761 m
->m_nextpkt
= NULL
;
1763 } while ((m
= next
) != NULL
);
1767 * Fragment the frame according to the specified mtu.
1768 * The size of the 802.11 header (w/o padding) is provided
1769 * so we don't need to recalculate it. We create a new
1770 * mbuf for each fragment and chain it through m_nextpkt;
1771 * we might be able to optimize this by reusing the original
1772 * packet's mbufs but that is significantly more complicated.
1775 ieee80211_fragment(struct ieee80211vap
*vap
, struct mbuf
*m0
,
1776 u_int hdrsize
, u_int ciphdrsize
, u_int mtu
)
1778 struct ieee80211com
*ic
= vap
->iv_ic
;
1779 struct ieee80211_frame
*wh
, *whf
;
1780 struct mbuf
*m
, *prev
;
1781 u_int totalhdrsize
, fragno
, fragsize
, off
, remainder
, payload
;
1784 KASSERT(m0
->m_nextpkt
== NULL
, ("mbuf already chained?"));
1785 KASSERT(m0
->m_pkthdr
.len
> mtu
,
1786 ("pktlen %u mtu %u", m0
->m_pkthdr
.len
, mtu
));
1789 * Honor driver DATAPAD requirement.
1791 if (ic
->ic_flags
& IEEE80211_F_DATAPAD
)
1792 hdrspace
= roundup(hdrsize
, sizeof(uint32_t));
1796 wh
= mtod(m0
, struct ieee80211_frame
*);
1797 /* NB: mark the first frag; it will be propagated below */
1798 wh
->i_fc
[1] |= IEEE80211_FC1_MORE_FRAG
;
1799 totalhdrsize
= hdrspace
+ ciphdrsize
;
1801 off
= mtu
- ciphdrsize
;
1802 remainder
= m0
->m_pkthdr
.len
- off
;
1805 fragsize
= totalhdrsize
+ remainder
;
1808 /* XXX fragsize can be >2048! */
1809 KASSERT(fragsize
< MCLBYTES
,
1810 ("fragment size %u too big!", fragsize
));
1811 if (fragsize
> MHLEN
)
1812 m
= m_getcl(M_NOWAIT
, MT_DATA
, M_PKTHDR
);
1814 m
= m_gethdr(M_NOWAIT
, MT_DATA
);
1817 /* leave room to prepend any cipher header */
1818 m_align(m
, fragsize
- ciphdrsize
);
1821 * Form the header in the fragment. Note that since
1822 * we mark the first fragment with the MORE_FRAG bit
1823 * it automatically is propagated to each fragment; we
1824 * need only clear it on the last fragment (done below).
1825 * NB: frag 1+ dont have Mesh Control field present.
1827 whf
= mtod(m
, struct ieee80211_frame
*);
1828 memcpy(whf
, wh
, hdrsize
);
1829 #ifdef IEEE80211_SUPPORT_MESH
1830 if (vap
->iv_opmode
== IEEE80211_M_MBSS
) {
1831 if (IEEE80211_IS_DSTODS(wh
))
1832 ((struct ieee80211_qosframe_addr4
*)
1833 whf
)->i_qos
[1] &= ~IEEE80211_QOS_MC
;
1835 ((struct ieee80211_qosframe
*)
1836 whf
)->i_qos
[1] &= ~IEEE80211_QOS_MC
;
1839 *(uint16_t *)&whf
->i_seq
[0] |= htole16(
1840 (fragno
& IEEE80211_SEQ_FRAG_MASK
) <<
1841 IEEE80211_SEQ_FRAG_SHIFT
);
1844 payload
= fragsize
- totalhdrsize
;
1845 /* NB: destination is known to be contiguous */
1847 m_copydata(m0
, off
, payload
, mtod(m
, uint8_t *) + hdrspace
);
1848 m
->m_len
= hdrspace
+ payload
;
1849 m
->m_pkthdr
.len
= hdrspace
+ payload
;
1850 m
->m_flags
|= M_FRAG
;
1852 /* chain up the fragment */
1853 prev
->m_nextpkt
= m
;
1856 /* deduct fragment just formed */
1857 remainder
-= payload
;
1859 } while (remainder
!= 0);
1861 /* set the last fragment */
1862 m
->m_flags
|= M_LASTFRAG
;
1863 whf
->i_fc
[1] &= ~IEEE80211_FC1_MORE_FRAG
;
1865 /* strip first mbuf now that everything has been copied */
1866 m_adj(m0
, -(m0
->m_pkthdr
.len
- (mtu
- ciphdrsize
)));
1867 m0
->m_flags
|= M_FIRSTFRAG
| M_FRAG
;
1869 vap
->iv_stats
.is_tx_fragframes
++;
1870 vap
->iv_stats
.is_tx_frags
+= fragno
-1;
1874 /* reclaim fragments but leave original frame for caller to free */
1875 ieee80211_free_mbuf(m0
->m_nextpkt
);
1876 m0
->m_nextpkt
= NULL
;
1881 * Add a supported rates element id to a frame.
1884 ieee80211_add_rates(uint8_t *frm
, const struct ieee80211_rateset
*rs
)
1888 *frm
++ = IEEE80211_ELEMID_RATES
;
1889 nrates
= rs
->rs_nrates
;
1890 if (nrates
> IEEE80211_RATE_SIZE
)
1891 nrates
= IEEE80211_RATE_SIZE
;
1893 memcpy(frm
, rs
->rs_rates
, nrates
);
1894 return frm
+ nrates
;
1898 * Add an extended supported rates element id to a frame.
1901 ieee80211_add_xrates(uint8_t *frm
, const struct ieee80211_rateset
*rs
)
1904 * Add an extended supported rates element if operating in 11g mode.
1906 if (rs
->rs_nrates
> IEEE80211_RATE_SIZE
) {
1907 int nrates
= rs
->rs_nrates
- IEEE80211_RATE_SIZE
;
1908 *frm
++ = IEEE80211_ELEMID_XRATES
;
1910 memcpy(frm
, rs
->rs_rates
+ IEEE80211_RATE_SIZE
, nrates
);
1917 * Add an ssid element to a frame.
1920 ieee80211_add_ssid(uint8_t *frm
, const uint8_t *ssid
, u_int len
)
1922 *frm
++ = IEEE80211_ELEMID_SSID
;
1924 memcpy(frm
, ssid
, len
);
1929 * Add an erp element to a frame.
1932 ieee80211_add_erp(uint8_t *frm
, struct ieee80211com
*ic
)
1936 *frm
++ = IEEE80211_ELEMID_ERP
;
1939 if (ic
->ic_nonerpsta
!= 0)
1940 erp
|= IEEE80211_ERP_NON_ERP_PRESENT
;
1941 if (ic
->ic_flags
& IEEE80211_F_USEPROT
)
1942 erp
|= IEEE80211_ERP_USE_PROTECTION
;
1943 if (ic
->ic_flags
& IEEE80211_F_USEBARKER
)
1944 erp
|= IEEE80211_ERP_LONG_PREAMBLE
;
1950 * Add a CFParams element to a frame.
1953 ieee80211_add_cfparms(uint8_t *frm
, struct ieee80211com
*ic
)
1955 #define ADDSHORT(frm, v) do { \
1959 *frm
++ = IEEE80211_ELEMID_CFPARMS
;
1961 *frm
++ = 0; /* CFP count */
1962 *frm
++ = 2; /* CFP period */
1963 ADDSHORT(frm
, 0); /* CFP MaxDuration (TU) */
1964 ADDSHORT(frm
, 0); /* CFP CurRemaining (TU) */
1969 static __inline
uint8_t *
1970 add_appie(uint8_t *frm
, const struct ieee80211_appie
*ie
)
1972 memcpy(frm
, ie
->ie_data
, ie
->ie_len
);
1973 return frm
+ ie
->ie_len
;
1976 static __inline
uint8_t *
1977 add_ie(uint8_t *frm
, const uint8_t *ie
)
1979 memcpy(frm
, ie
, 2 + ie
[1]);
1980 return frm
+ 2 + ie
[1];
1983 #define WME_OUI_BYTES 0x00, 0x50, 0xf2
1985 * Add a WME information element to a frame.
1988 ieee80211_add_wme_info(uint8_t *frm
, struct ieee80211_wme_state
*wme
)
1990 static const struct ieee80211_wme_info info
= {
1991 .wme_id
= IEEE80211_ELEMID_VENDOR
,
1992 .wme_len
= sizeof(struct ieee80211_wme_info
) - 2,
1993 .wme_oui
= { WME_OUI_BYTES
},
1994 .wme_type
= WME_OUI_TYPE
,
1995 .wme_subtype
= WME_INFO_OUI_SUBTYPE
,
1996 .wme_version
= WME_VERSION
,
1999 memcpy(frm
, &info
, sizeof(info
));
2000 return frm
+ sizeof(info
);
2004 * Add a WME parameters element to a frame.
2007 ieee80211_add_wme_param(uint8_t *frm
, struct ieee80211_wme_state
*wme
)
2009 #define SM(_v, _f) (((_v) << _f##_S) & _f)
2010 #define ADDSHORT(frm, v) do { \
2014 /* NB: this works 'cuz a param has an info at the front */
2015 static const struct ieee80211_wme_info param
= {
2016 .wme_id
= IEEE80211_ELEMID_VENDOR
,
2017 .wme_len
= sizeof(struct ieee80211_wme_param
) - 2,
2018 .wme_oui
= { WME_OUI_BYTES
},
2019 .wme_type
= WME_OUI_TYPE
,
2020 .wme_subtype
= WME_PARAM_OUI_SUBTYPE
,
2021 .wme_version
= WME_VERSION
,
2025 memcpy(frm
, ¶m
, sizeof(param
));
2026 frm
+= __offsetof(struct ieee80211_wme_info
, wme_info
);
2027 *frm
++ = wme
->wme_bssChanParams
.cap_info
; /* AC info */
2028 *frm
++ = 0; /* reserved field */
2029 for (i
= 0; i
< WME_NUM_AC
; i
++) {
2030 const struct wmeParams
*ac
=
2031 &wme
->wme_bssChanParams
.cap_wmeParams
[i
];
2032 *frm
++ = SM(i
, WME_PARAM_ACI
)
2033 | SM(ac
->wmep_acm
, WME_PARAM_ACM
)
2034 | SM(ac
->wmep_aifsn
, WME_PARAM_AIFSN
)
2036 *frm
++ = SM(ac
->wmep_logcwmax
, WME_PARAM_LOGCWMAX
)
2037 | SM(ac
->wmep_logcwmin
, WME_PARAM_LOGCWMIN
)
2039 ADDSHORT(frm
, ac
->wmep_txopLimit
);
2045 #undef WME_OUI_BYTES
2048 * Add an 11h Power Constraint element to a frame.
2051 ieee80211_add_powerconstraint(uint8_t *frm
, struct ieee80211vap
*vap
)
2053 const struct ieee80211_channel
*c
= vap
->iv_bss
->ni_chan
;
2054 /* XXX per-vap tx power limit? */
2055 int8_t limit
= vap
->iv_ic
->ic_txpowlimit
/ 2;
2057 frm
[0] = IEEE80211_ELEMID_PWRCNSTR
;
2059 frm
[2] = c
->ic_maxregpower
> limit
? c
->ic_maxregpower
- limit
: 0;
2064 * Add an 11h Power Capability element to a frame.
2067 ieee80211_add_powercapability(uint8_t *frm
, const struct ieee80211_channel
*c
)
2069 frm
[0] = IEEE80211_ELEMID_PWRCAP
;
2071 frm
[2] = c
->ic_minpower
;
2072 frm
[3] = c
->ic_maxpower
;
2077 * Add an 11h Supported Channels element to a frame.
2080 ieee80211_add_supportedchannels(uint8_t *frm
, struct ieee80211com
*ic
)
2082 static const int ielen
= 26;
2084 frm
[0] = IEEE80211_ELEMID_SUPPCHAN
;
2086 /* XXX not correct */
2087 memcpy(frm
+2, ic
->ic_chan_avail
, ielen
);
2088 return frm
+ 2 + ielen
;
2092 * Add an 11h Quiet time element to a frame.
2095 ieee80211_add_quiet(uint8_t *frm
, struct ieee80211vap
*vap
)
2097 struct ieee80211_quiet_ie
*quiet
= (struct ieee80211_quiet_ie
*) frm
;
2099 quiet
->quiet_ie
= IEEE80211_ELEMID_QUIET
;
2101 if (vap
->iv_quiet_count_value
== 1)
2102 vap
->iv_quiet_count_value
= vap
->iv_quiet_count
;
2103 else if (vap
->iv_quiet_count_value
> 1)
2104 vap
->iv_quiet_count_value
--;
2106 if (vap
->iv_quiet_count_value
== 0) {
2107 /* value 0 is reserved as per 802.11h standerd */
2108 vap
->iv_quiet_count_value
= 1;
2111 quiet
->tbttcount
= vap
->iv_quiet_count_value
;
2112 quiet
->period
= vap
->iv_quiet_period
;
2113 quiet
->duration
= htole16(vap
->iv_quiet_duration
);
2114 quiet
->offset
= htole16(vap
->iv_quiet_offset
);
2115 return frm
+ sizeof(*quiet
);
2119 * Add an 11h Channel Switch Announcement element to a frame.
2120 * Note that we use the per-vap CSA count to adjust the global
2121 * counter so we can use this routine to form probe response
2122 * frames and get the current count.
2125 ieee80211_add_csa(uint8_t *frm
, struct ieee80211vap
*vap
)
2127 struct ieee80211com
*ic
= vap
->iv_ic
;
2128 struct ieee80211_csa_ie
*csa
= (struct ieee80211_csa_ie
*) frm
;
2130 csa
->csa_ie
= IEEE80211_ELEMID_CSA
;
2132 csa
->csa_mode
= 1; /* XXX force quiet on channel */
2133 csa
->csa_newchan
= ieee80211_chan2ieee(ic
, ic
->ic_csa_newchan
);
2134 csa
->csa_count
= ic
->ic_csa_count
- vap
->iv_csa_count
;
2135 return frm
+ sizeof(*csa
);
2139 * Add an 11h country information element to a frame.
2142 ieee80211_add_countryie(uint8_t *frm
, struct ieee80211com
*ic
)
2145 if (ic
->ic_countryie
== NULL
||
2146 ic
->ic_countryie_chan
!= ic
->ic_bsschan
) {
2148 * Handle lazy construction of ie. This is done on
2149 * first use and after a channel change that requires
2152 if (ic
->ic_countryie
!= NULL
)
2153 IEEE80211_FREE(ic
->ic_countryie
, M_80211_NODE_IE
);
2154 ic
->ic_countryie
= ieee80211_alloc_countryie(ic
);
2155 if (ic
->ic_countryie
== NULL
)
2157 ic
->ic_countryie_chan
= ic
->ic_bsschan
;
2159 return add_appie(frm
, ic
->ic_countryie
);
2163 ieee80211_add_wpa(uint8_t *frm
, const struct ieee80211vap
*vap
)
2165 if (vap
->iv_flags
& IEEE80211_F_WPA1
&& vap
->iv_wpa_ie
!= NULL
)
2166 return (add_ie(frm
, vap
->iv_wpa_ie
));
2168 /* XXX else complain? */
2174 ieee80211_add_rsn(uint8_t *frm
, const struct ieee80211vap
*vap
)
2176 if (vap
->iv_flags
& IEEE80211_F_WPA2
&& vap
->iv_rsn_ie
!= NULL
)
2177 return (add_ie(frm
, vap
->iv_rsn_ie
));
2179 /* XXX else complain? */
2185 ieee80211_add_qos(uint8_t *frm
, const struct ieee80211_node
*ni
)
2187 if (ni
->ni_flags
& IEEE80211_NODE_QOS
) {
2188 *frm
++ = IEEE80211_ELEMID_QOS
;
2197 * Send a probe request frame with the specified ssid
2198 * and any optional information element data.
2201 ieee80211_send_probereq(struct ieee80211_node
*ni
,
2202 const uint8_t sa
[IEEE80211_ADDR_LEN
],
2203 const uint8_t da
[IEEE80211_ADDR_LEN
],
2204 const uint8_t bssid
[IEEE80211_ADDR_LEN
],
2205 const uint8_t *ssid
, size_t ssidlen
)
2207 struct ieee80211vap
*vap
= ni
->ni_vap
;
2208 struct ieee80211com
*ic
= ni
->ni_ic
;
2209 const struct ieee80211_txparam
*tp
;
2210 struct ieee80211_bpf_params params
;
2211 struct ieee80211_frame
*wh
;
2212 const struct ieee80211_rateset
*rs
;
2217 if (vap
->iv_state
== IEEE80211_S_CAC
) {
2218 IEEE80211_NOTE(vap
, IEEE80211_MSG_OUTPUT
, ni
,
2219 "block %s frame in CAC state", "probe request");
2220 vap
->iv_stats
.is_tx_badstate
++;
2221 return EIO
; /* XXX */
2225 * Hold a reference on the node so it doesn't go away until after
2226 * the xmit is complete all the way in the driver. On error we
2227 * will remove our reference.
2229 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_NODE
,
2230 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
2232 ni
, ether_sprintf(ni
->ni_macaddr
),
2233 ieee80211_node_refcnt(ni
)+1);
2234 ieee80211_ref_node(ni
);
2237 * prreq frame format
2239 * [tlv] supported rates
2240 * [tlv] RSN (optional)
2241 * [tlv] extended supported rates
2242 * [tlv] WPA (optional)
2243 * [tlv] user-specified ie's
2245 m
= ieee80211_getmgtframe(&frm
,
2246 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
2247 2 + IEEE80211_NWID_LEN
2248 + 2 + IEEE80211_RATE_SIZE
2249 + sizeof(struct ieee80211_ie_wpa
)
2250 + 2 + (IEEE80211_RATE_MAXSIZE
- IEEE80211_RATE_SIZE
)
2251 + sizeof(struct ieee80211_ie_wpa
)
2252 + (vap
->iv_appie_probereq
!= NULL
?
2253 vap
->iv_appie_probereq
->ie_len
: 0)
2256 vap
->iv_stats
.is_tx_nobuf
++;
2257 ieee80211_free_node(ni
);
2261 frm
= ieee80211_add_ssid(frm
, ssid
, ssidlen
);
2262 rs
= ieee80211_get_suprates(ic
, ic
->ic_curchan
);
2263 frm
= ieee80211_add_rates(frm
, rs
);
2264 frm
= ieee80211_add_rsn(frm
, vap
);
2265 frm
= ieee80211_add_xrates(frm
, rs
);
2266 frm
= ieee80211_add_wpa(frm
, vap
);
2267 if (vap
->iv_appie_probereq
!= NULL
)
2268 frm
= add_appie(frm
, vap
->iv_appie_probereq
);
2269 m
->m_pkthdr
.len
= m
->m_len
= frm
- mtod(m
, uint8_t *);
2271 KASSERT(M_LEADINGSPACE(m
) >= sizeof(struct ieee80211_frame
),
2272 ("leading space %zd", M_LEADINGSPACE(m
)));
2273 M_PREPEND(m
, sizeof(struct ieee80211_frame
), M_NOWAIT
);
2275 /* NB: cannot happen */
2276 ieee80211_free_node(ni
);
2280 IEEE80211_TX_LOCK(ic
);
2281 wh
= mtod(m
, struct ieee80211_frame
*);
2282 ieee80211_send_setup(ni
, m
,
2283 IEEE80211_FC0_TYPE_MGT
| IEEE80211_FC0_SUBTYPE_PROBE_REQ
,
2284 IEEE80211_NONQOS_TID
, sa
, da
, bssid
);
2285 /* XXX power management? */
2286 m
->m_flags
|= M_ENCAP
; /* mark encapsulated */
2288 M_WME_SETAC(m
, WME_AC_BE
);
2290 IEEE80211_NODE_STAT(ni
, tx_probereq
);
2291 IEEE80211_NODE_STAT(ni
, tx_mgmt
);
2293 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DEBUG
| IEEE80211_MSG_DUMPPKTS
,
2294 "send probe req on channel %u bssid %s ssid \"%.*s\"\n",
2295 ieee80211_chan2ieee(ic
, ic
->ic_curchan
), ether_sprintf(bssid
),
2296 (int)ssidlen
, ssid
);
2298 memset(¶ms
, 0, sizeof(params
));
2299 params
.ibp_pri
= M_WME_GETAC(m
);
2300 tp
= &vap
->iv_txparms
[ieee80211_chan2mode(ic
->ic_curchan
)];
2301 params
.ibp_rate0
= tp
->mgmtrate
;
2302 if (IEEE80211_IS_MULTICAST(da
)) {
2303 params
.ibp_flags
|= IEEE80211_BPF_NOACK
;
2304 params
.ibp_try0
= 1;
2306 params
.ibp_try0
= tp
->maxretry
;
2307 params
.ibp_power
= ni
->ni_txpower
;
2308 ret
= ieee80211_raw_output(vap
, ni
, m
, ¶ms
);
2309 IEEE80211_TX_UNLOCK(ic
);
2314 * Calculate capability information for mgt frames.
2317 ieee80211_getcapinfo(struct ieee80211vap
*vap
, struct ieee80211_channel
*chan
)
2319 struct ieee80211com
*ic
= vap
->iv_ic
;
2322 KASSERT(vap
->iv_opmode
!= IEEE80211_M_STA
, ("station mode"));
2324 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
)
2325 capinfo
= IEEE80211_CAPINFO_ESS
;
2326 else if (vap
->iv_opmode
== IEEE80211_M_IBSS
)
2327 capinfo
= IEEE80211_CAPINFO_IBSS
;
2330 if (vap
->iv_flags
& IEEE80211_F_PRIVACY
)
2331 capinfo
|= IEEE80211_CAPINFO_PRIVACY
;
2332 if ((ic
->ic_flags
& IEEE80211_F_SHPREAMBLE
) &&
2333 IEEE80211_IS_CHAN_2GHZ(chan
))
2334 capinfo
|= IEEE80211_CAPINFO_SHORT_PREAMBLE
;
2335 if (ic
->ic_flags
& IEEE80211_F_SHSLOT
)
2336 capinfo
|= IEEE80211_CAPINFO_SHORT_SLOTTIME
;
2337 if (IEEE80211_IS_CHAN_5GHZ(chan
) && (vap
->iv_flags
& IEEE80211_F_DOTH
))
2338 capinfo
|= IEEE80211_CAPINFO_SPECTRUM_MGMT
;
2343 * Send a management frame. The node is for the destination (or ic_bss
2344 * when in station mode). Nodes other than ic_bss have their reference
2345 * count bumped to reflect our use for an indeterminant time.
2348 ieee80211_send_mgmt(struct ieee80211_node
*ni
, int type
, int arg
)
2350 #define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT)
2351 #define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0)
2352 struct ieee80211vap
*vap
= ni
->ni_vap
;
2353 struct ieee80211com
*ic
= ni
->ni_ic
;
2354 struct ieee80211_node
*bss
= vap
->iv_bss
;
2355 struct ieee80211_bpf_params params
;
2359 int has_challenge
, is_shared_key
, ret
, status
;
2361 KASSERT(ni
!= NULL
, ("null node"));
2364 * Hold a reference on the node so it doesn't go away until after
2365 * the xmit is complete all the way in the driver. On error we
2366 * will remove our reference.
2368 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_NODE
,
2369 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
2371 ni
, ether_sprintf(ni
->ni_macaddr
),
2372 ieee80211_node_refcnt(ni
)+1);
2373 ieee80211_ref_node(ni
);
2375 memset(¶ms
, 0, sizeof(params
));
2378 case IEEE80211_FC0_SUBTYPE_AUTH
:
2381 has_challenge
= ((arg
== IEEE80211_AUTH_SHARED_CHALLENGE
||
2382 arg
== IEEE80211_AUTH_SHARED_RESPONSE
) &&
2383 ni
->ni_challenge
!= NULL
);
2386 * Deduce whether we're doing open authentication or
2387 * shared key authentication. We do the latter if
2388 * we're in the middle of a shared key authentication
2389 * handshake or if we're initiating an authentication
2390 * request and configured to use shared key.
2392 is_shared_key
= has_challenge
||
2393 arg
>= IEEE80211_AUTH_SHARED_RESPONSE
||
2394 (arg
== IEEE80211_AUTH_SHARED_REQUEST
&&
2395 bss
->ni_authmode
== IEEE80211_AUTH_SHARED
);
2397 m
= ieee80211_getmgtframe(&frm
,
2398 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
2399 3 * sizeof(uint16_t)
2400 + (has_challenge
&& status
== IEEE80211_STATUS_SUCCESS
?
2401 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN
: 0)
2404 senderr(ENOMEM
, is_tx_nobuf
);
2406 ((uint16_t *)frm
)[0] =
2407 (is_shared_key
) ? htole16(IEEE80211_AUTH_ALG_SHARED
)
2408 : htole16(IEEE80211_AUTH_ALG_OPEN
);
2409 ((uint16_t *)frm
)[1] = htole16(arg
); /* sequence number */
2410 ((uint16_t *)frm
)[2] = htole16(status
);/* status */
2412 if (has_challenge
&& status
== IEEE80211_STATUS_SUCCESS
) {
2413 ((uint16_t *)frm
)[3] =
2414 htole16((IEEE80211_CHALLENGE_LEN
<< 8) |
2415 IEEE80211_ELEMID_CHALLENGE
);
2416 memcpy(&((uint16_t *)frm
)[4], ni
->ni_challenge
,
2417 IEEE80211_CHALLENGE_LEN
);
2418 m
->m_pkthdr
.len
= m
->m_len
=
2419 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN
;
2420 if (arg
== IEEE80211_AUTH_SHARED_RESPONSE
) {
2421 IEEE80211_NOTE(vap
, IEEE80211_MSG_AUTH
, ni
,
2422 "request encrypt frame (%s)", __func__
);
2423 /* mark frame for encryption */
2424 params
.ibp_flags
|= IEEE80211_BPF_CRYPTO
;
2427 m
->m_pkthdr
.len
= m
->m_len
= 3 * sizeof(uint16_t);
2429 /* XXX not right for shared key */
2430 if (status
== IEEE80211_STATUS_SUCCESS
)
2431 IEEE80211_NODE_STAT(ni
, tx_auth
);
2433 IEEE80211_NODE_STAT(ni
, tx_auth_fail
);
2435 if (vap
->iv_opmode
== IEEE80211_M_STA
)
2436 ieee80211_add_callback(m
, ieee80211_tx_mgt_cb
,
2437 (void *) vap
->iv_state
);
2440 case IEEE80211_FC0_SUBTYPE_DEAUTH
:
2441 IEEE80211_NOTE(vap
, IEEE80211_MSG_AUTH
, ni
,
2442 "send station deauthenticate (reason: %d (%s))", arg
,
2443 ieee80211_reason_to_string(arg
));
2444 m
= ieee80211_getmgtframe(&frm
,
2445 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
2448 senderr(ENOMEM
, is_tx_nobuf
);
2449 *(uint16_t *)frm
= htole16(arg
); /* reason */
2450 m
->m_pkthdr
.len
= m
->m_len
= sizeof(uint16_t);
2452 IEEE80211_NODE_STAT(ni
, tx_deauth
);
2453 IEEE80211_NODE_STAT_SET(ni
, tx_deauth_code
, arg
);
2455 ieee80211_node_unauthorize(ni
); /* port closed */
2458 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ
:
2459 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ
:
2461 * asreq frame format
2462 * [2] capability information
2463 * [2] listen interval
2464 * [6*] current AP address (reassoc only)
2466 * [tlv] supported rates
2467 * [tlv] extended supported rates
2468 * [4] power capability (optional)
2469 * [28] supported channels (optional)
2470 * [tlv] HT capabilities
2471 * [tlv] WME (optional)
2472 * [tlv] Vendor OUI HT capabilities (optional)
2473 * [tlv] Atheros capabilities (if negotiated)
2474 * [tlv] AppIE's (optional)
2476 m
= ieee80211_getmgtframe(&frm
,
2477 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
2480 + IEEE80211_ADDR_LEN
2481 + 2 + IEEE80211_NWID_LEN
2482 + 2 + IEEE80211_RATE_SIZE
2483 + 2 + (IEEE80211_RATE_MAXSIZE
- IEEE80211_RATE_SIZE
)
2486 + sizeof(struct ieee80211_wme_info
)
2487 + sizeof(struct ieee80211_ie_htcap
)
2488 + 4 + sizeof(struct ieee80211_ie_htcap
)
2489 #ifdef IEEE80211_SUPPORT_SUPERG
2490 + sizeof(struct ieee80211_ath_ie
)
2492 + (vap
->iv_appie_wpa
!= NULL
?
2493 vap
->iv_appie_wpa
->ie_len
: 0)
2494 + (vap
->iv_appie_assocreq
!= NULL
?
2495 vap
->iv_appie_assocreq
->ie_len
: 0)
2498 senderr(ENOMEM
, is_tx_nobuf
);
2500 KASSERT(vap
->iv_opmode
== IEEE80211_M_STA
,
2501 ("wrong mode %u", vap
->iv_opmode
));
2502 capinfo
= IEEE80211_CAPINFO_ESS
;
2503 if (vap
->iv_flags
& IEEE80211_F_PRIVACY
)
2504 capinfo
|= IEEE80211_CAPINFO_PRIVACY
;
2506 * NB: Some 11a AP's reject the request when
2507 * short premable is set.
2509 if ((ic
->ic_flags
& IEEE80211_F_SHPREAMBLE
) &&
2510 IEEE80211_IS_CHAN_2GHZ(ic
->ic_curchan
))
2511 capinfo
|= IEEE80211_CAPINFO_SHORT_PREAMBLE
;
2512 if (IEEE80211_IS_CHAN_ANYG(ic
->ic_curchan
) &&
2513 (ic
->ic_caps
& IEEE80211_C_SHSLOT
))
2514 capinfo
|= IEEE80211_CAPINFO_SHORT_SLOTTIME
;
2515 if ((ni
->ni_capinfo
& IEEE80211_CAPINFO_SPECTRUM_MGMT
) &&
2516 (vap
->iv_flags
& IEEE80211_F_DOTH
))
2517 capinfo
|= IEEE80211_CAPINFO_SPECTRUM_MGMT
;
2518 *(uint16_t *)frm
= htole16(capinfo
);
2521 KASSERT(bss
->ni_intval
!= 0, ("beacon interval is zero!"));
2522 *(uint16_t *)frm
= htole16(howmany(ic
->ic_lintval
,
2526 if (type
== IEEE80211_FC0_SUBTYPE_REASSOC_REQ
) {
2527 IEEE80211_ADDR_COPY(frm
, bss
->ni_bssid
);
2528 frm
+= IEEE80211_ADDR_LEN
;
2531 frm
= ieee80211_add_ssid(frm
, ni
->ni_essid
, ni
->ni_esslen
);
2532 frm
= ieee80211_add_rates(frm
, &ni
->ni_rates
);
2533 frm
= ieee80211_add_rsn(frm
, vap
);
2534 frm
= ieee80211_add_xrates(frm
, &ni
->ni_rates
);
2535 if (capinfo
& IEEE80211_CAPINFO_SPECTRUM_MGMT
) {
2536 frm
= ieee80211_add_powercapability(frm
,
2538 frm
= ieee80211_add_supportedchannels(frm
, ic
);
2542 * Check the channel - we may be using an 11n NIC with an
2543 * 11n capable station, but we're configured to be an 11b
2546 if ((vap
->iv_flags_ht
& IEEE80211_FHT_HT
) &&
2547 IEEE80211_IS_CHAN_HT(ni
->ni_chan
) &&
2548 ni
->ni_ies
.htcap_ie
!= NULL
&&
2549 ni
->ni_ies
.htcap_ie
[0] == IEEE80211_ELEMID_HTCAP
) {
2550 frm
= ieee80211_add_htcap(frm
, ni
);
2552 frm
= ieee80211_add_wpa(frm
, vap
);
2553 if ((ic
->ic_flags
& IEEE80211_F_WME
) &&
2554 ni
->ni_ies
.wme_ie
!= NULL
)
2555 frm
= ieee80211_add_wme_info(frm
, &ic
->ic_wme
);
2558 * Same deal - only send HT info if we're on an 11n
2561 if ((vap
->iv_flags_ht
& IEEE80211_FHT_HT
) &&
2562 IEEE80211_IS_CHAN_HT(ni
->ni_chan
) &&
2563 ni
->ni_ies
.htcap_ie
!= NULL
&&
2564 ni
->ni_ies
.htcap_ie
[0] == IEEE80211_ELEMID_VENDOR
) {
2565 frm
= ieee80211_add_htcap_vendor(frm
, ni
);
2567 #ifdef IEEE80211_SUPPORT_SUPERG
2568 if (IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_F_ATHEROS
)) {
2569 frm
= ieee80211_add_ath(frm
,
2570 IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_F_ATHEROS
),
2571 ((vap
->iv_flags
& IEEE80211_F_WPA
) == 0 &&
2572 ni
->ni_authmode
!= IEEE80211_AUTH_8021X
) ?
2573 vap
->iv_def_txkey
: IEEE80211_KEYIX_NONE
);
2575 #endif /* IEEE80211_SUPPORT_SUPERG */
2576 if (vap
->iv_appie_assocreq
!= NULL
)
2577 frm
= add_appie(frm
, vap
->iv_appie_assocreq
);
2578 m
->m_pkthdr
.len
= m
->m_len
= frm
- mtod(m
, uint8_t *);
2580 ieee80211_add_callback(m
, ieee80211_tx_mgt_cb
,
2581 (void *) vap
->iv_state
);
2584 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP
:
2585 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP
:
2587 * asresp frame format
2588 * [2] capability information
2590 * [2] association ID
2591 * [tlv] supported rates
2592 * [tlv] extended supported rates
2593 * [tlv] HT capabilities (standard, if STA enabled)
2594 * [tlv] HT information (standard, if STA enabled)
2595 * [tlv] WME (if configured and STA enabled)
2596 * [tlv] HT capabilities (vendor OUI, if STA enabled)
2597 * [tlv] HT information (vendor OUI, if STA enabled)
2598 * [tlv] Atheros capabilities (if STA enabled)
2599 * [tlv] AppIE's (optional)
2601 m
= ieee80211_getmgtframe(&frm
,
2602 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
2606 + 2 + IEEE80211_RATE_SIZE
2607 + 2 + (IEEE80211_RATE_MAXSIZE
- IEEE80211_RATE_SIZE
)
2608 + sizeof(struct ieee80211_ie_htcap
) + 4
2609 + sizeof(struct ieee80211_ie_htinfo
) + 4
2610 + sizeof(struct ieee80211_wme_param
)
2611 #ifdef IEEE80211_SUPPORT_SUPERG
2612 + sizeof(struct ieee80211_ath_ie
)
2614 + (vap
->iv_appie_assocresp
!= NULL
?
2615 vap
->iv_appie_assocresp
->ie_len
: 0)
2618 senderr(ENOMEM
, is_tx_nobuf
);
2620 capinfo
= ieee80211_getcapinfo(vap
, bss
->ni_chan
);
2621 *(uint16_t *)frm
= htole16(capinfo
);
2624 *(uint16_t *)frm
= htole16(arg
); /* status */
2627 if (arg
== IEEE80211_STATUS_SUCCESS
) {
2628 *(uint16_t *)frm
= htole16(ni
->ni_associd
);
2629 IEEE80211_NODE_STAT(ni
, tx_assoc
);
2631 IEEE80211_NODE_STAT(ni
, tx_assoc_fail
);
2634 frm
= ieee80211_add_rates(frm
, &ni
->ni_rates
);
2635 frm
= ieee80211_add_xrates(frm
, &ni
->ni_rates
);
2636 /* NB: respond according to what we received */
2637 if ((ni
->ni_flags
& HTFLAGS
) == IEEE80211_NODE_HT
) {
2638 frm
= ieee80211_add_htcap(frm
, ni
);
2639 frm
= ieee80211_add_htinfo(frm
, ni
);
2641 if ((vap
->iv_flags
& IEEE80211_F_WME
) &&
2642 ni
->ni_ies
.wme_ie
!= NULL
)
2643 frm
= ieee80211_add_wme_param(frm
, &ic
->ic_wme
);
2644 if ((ni
->ni_flags
& HTFLAGS
) == HTFLAGS
) {
2645 frm
= ieee80211_add_htcap_vendor(frm
, ni
);
2646 frm
= ieee80211_add_htinfo_vendor(frm
, ni
);
2648 #ifdef IEEE80211_SUPPORT_SUPERG
2649 if (IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_F_ATHEROS
))
2650 frm
= ieee80211_add_ath(frm
,
2651 IEEE80211_ATH_CAP(vap
, ni
, IEEE80211_F_ATHEROS
),
2652 ((vap
->iv_flags
& IEEE80211_F_WPA
) == 0 &&
2653 ni
->ni_authmode
!= IEEE80211_AUTH_8021X
) ?
2654 vap
->iv_def_txkey
: IEEE80211_KEYIX_NONE
);
2655 #endif /* IEEE80211_SUPPORT_SUPERG */
2656 if (vap
->iv_appie_assocresp
!= NULL
)
2657 frm
= add_appie(frm
, vap
->iv_appie_assocresp
);
2658 m
->m_pkthdr
.len
= m
->m_len
= frm
- mtod(m
, uint8_t *);
2661 case IEEE80211_FC0_SUBTYPE_DISASSOC
:
2662 IEEE80211_NOTE(vap
, IEEE80211_MSG_ASSOC
, ni
,
2663 "send station disassociate (reason: %d (%s))", arg
,
2664 ieee80211_reason_to_string(arg
));
2665 m
= ieee80211_getmgtframe(&frm
,
2666 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
2669 senderr(ENOMEM
, is_tx_nobuf
);
2670 *(uint16_t *)frm
= htole16(arg
); /* reason */
2671 m
->m_pkthdr
.len
= m
->m_len
= sizeof(uint16_t);
2673 IEEE80211_NODE_STAT(ni
, tx_disassoc
);
2674 IEEE80211_NODE_STAT_SET(ni
, tx_disassoc_code
, arg
);
2678 IEEE80211_NOTE(vap
, IEEE80211_MSG_ANY
, ni
,
2679 "invalid mgmt frame type %u", type
);
2680 senderr(EINVAL
, is_tx_unknownmgt
);
2684 /* NB: force non-ProbeResp frames to the highest queue */
2685 params
.ibp_pri
= WME_AC_VO
;
2686 params
.ibp_rate0
= bss
->ni_txparms
->mgmtrate
;
2687 /* NB: we know all frames are unicast */
2688 params
.ibp_try0
= bss
->ni_txparms
->maxretry
;
2689 params
.ibp_power
= bss
->ni_txpower
;
2690 return ieee80211_mgmt_output(ni
, m
, type
, ¶ms
);
2692 ieee80211_free_node(ni
);
2699 * Return an mbuf with a probe response frame in it.
2700 * Space is left to prepend and 802.11 header at the
2701 * front but it's left to the caller to fill in.
2704 ieee80211_alloc_proberesp(struct ieee80211_node
*bss
, int legacy
)
2706 struct ieee80211vap
*vap
= bss
->ni_vap
;
2707 struct ieee80211com
*ic
= bss
->ni_ic
;
2708 const struct ieee80211_rateset
*rs
;
2714 * probe response frame format
2716 * [2] beacon interval
2717 * [2] cabability information
2719 * [tlv] supported rates
2720 * [tlv] parameter set (FH/DS)
2721 * [tlv] parameter set (IBSS)
2722 * [tlv] country (optional)
2723 * [3] power control (optional)
2724 * [5] channel switch announcement (CSA) (optional)
2725 * [tlv] extended rate phy (ERP)
2726 * [tlv] extended supported rates
2727 * [tlv] RSN (optional)
2728 * [tlv] HT capabilities
2729 * [tlv] HT information
2730 * [tlv] WPA (optional)
2731 * [tlv] WME (optional)
2732 * [tlv] Vendor OUI HT capabilities (optional)
2733 * [tlv] Vendor OUI HT information (optional)
2734 * [tlv] Atheros capabilities
2735 * [tlv] AppIE's (optional)
2736 * [tlv] Mesh ID (MBSS)
2737 * [tlv] Mesh Conf (MBSS)
2739 m
= ieee80211_getmgtframe(&frm
,
2740 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
),
2744 + 2 + IEEE80211_NWID_LEN
2745 + 2 + IEEE80211_RATE_SIZE
2747 + IEEE80211_COUNTRY_MAX_SIZE
2749 + sizeof(struct ieee80211_csa_ie
)
2750 + sizeof(struct ieee80211_quiet_ie
)
2752 + 2 + (IEEE80211_RATE_MAXSIZE
- IEEE80211_RATE_SIZE
)
2753 + sizeof(struct ieee80211_ie_wpa
)
2754 + sizeof(struct ieee80211_ie_htcap
)
2755 + sizeof(struct ieee80211_ie_htinfo
)
2756 + sizeof(struct ieee80211_ie_wpa
)
2757 + sizeof(struct ieee80211_wme_param
)
2758 + 4 + sizeof(struct ieee80211_ie_htcap
)
2759 + 4 + sizeof(struct ieee80211_ie_htinfo
)
2760 #ifdef IEEE80211_SUPPORT_SUPERG
2761 + sizeof(struct ieee80211_ath_ie
)
2763 #ifdef IEEE80211_SUPPORT_MESH
2764 + 2 + IEEE80211_MESHID_LEN
2765 + sizeof(struct ieee80211_meshconf_ie
)
2767 + (vap
->iv_appie_proberesp
!= NULL
?
2768 vap
->iv_appie_proberesp
->ie_len
: 0)
2771 vap
->iv_stats
.is_tx_nobuf
++;
2775 memset(frm
, 0, 8); /* timestamp should be filled later */
2777 *(uint16_t *)frm
= htole16(bss
->ni_intval
);
2779 capinfo
= ieee80211_getcapinfo(vap
, bss
->ni_chan
);
2780 *(uint16_t *)frm
= htole16(capinfo
);
2783 frm
= ieee80211_add_ssid(frm
, bss
->ni_essid
, bss
->ni_esslen
);
2784 rs
= ieee80211_get_suprates(ic
, bss
->ni_chan
);
2785 frm
= ieee80211_add_rates(frm
, rs
);
2787 if (IEEE80211_IS_CHAN_FHSS(bss
->ni_chan
)) {
2788 *frm
++ = IEEE80211_ELEMID_FHPARMS
;
2790 *frm
++ = bss
->ni_fhdwell
& 0x00ff;
2791 *frm
++ = (bss
->ni_fhdwell
>> 8) & 0x00ff;
2792 *frm
++ = IEEE80211_FH_CHANSET(
2793 ieee80211_chan2ieee(ic
, bss
->ni_chan
));
2794 *frm
++ = IEEE80211_FH_CHANPAT(
2795 ieee80211_chan2ieee(ic
, bss
->ni_chan
));
2796 *frm
++ = bss
->ni_fhindex
;
2798 *frm
++ = IEEE80211_ELEMID_DSPARMS
;
2800 *frm
++ = ieee80211_chan2ieee(ic
, bss
->ni_chan
);
2803 if (vap
->iv_opmode
== IEEE80211_M_IBSS
) {
2804 *frm
++ = IEEE80211_ELEMID_IBSSPARMS
;
2806 *frm
++ = 0; *frm
++ = 0; /* TODO: ATIM window */
2808 if ((vap
->iv_flags
& IEEE80211_F_DOTH
) ||
2809 (vap
->iv_flags_ext
& IEEE80211_FEXT_DOTD
))
2810 frm
= ieee80211_add_countryie(frm
, ic
);
2811 if (vap
->iv_flags
& IEEE80211_F_DOTH
) {
2812 if (IEEE80211_IS_CHAN_5GHZ(bss
->ni_chan
))
2813 frm
= ieee80211_add_powerconstraint(frm
, vap
);
2814 if (ic
->ic_flags
& IEEE80211_F_CSAPENDING
)
2815 frm
= ieee80211_add_csa(frm
, vap
);
2817 if (vap
->iv_flags
& IEEE80211_F_DOTH
) {
2818 if (IEEE80211_IS_CHAN_DFS(ic
->ic_bsschan
) &&
2819 (vap
->iv_flags_ext
& IEEE80211_FEXT_DFS
)) {
2821 frm
= ieee80211_add_quiet(frm
, vap
);
2824 if (IEEE80211_IS_CHAN_ANYG(bss
->ni_chan
))
2825 frm
= ieee80211_add_erp(frm
, ic
);
2826 frm
= ieee80211_add_xrates(frm
, rs
);
2827 frm
= ieee80211_add_rsn(frm
, vap
);
2829 * NB: legacy 11b clients do not get certain ie's.
2830 * The caller identifies such clients by passing
2831 * a token in legacy to us. Could expand this to be
2832 * any legacy client for stuff like HT ie's.
2834 if (IEEE80211_IS_CHAN_HT(bss
->ni_chan
) &&
2835 legacy
!= IEEE80211_SEND_LEGACY_11B
) {
2836 frm
= ieee80211_add_htcap(frm
, bss
);
2837 frm
= ieee80211_add_htinfo(frm
, bss
);
2839 frm
= ieee80211_add_wpa(frm
, vap
);
2840 if (vap
->iv_flags
& IEEE80211_F_WME
)
2841 frm
= ieee80211_add_wme_param(frm
, &ic
->ic_wme
);
2842 if (IEEE80211_IS_CHAN_HT(bss
->ni_chan
) &&
2843 (vap
->iv_flags_ht
& IEEE80211_FHT_HTCOMPAT
) &&
2844 legacy
!= IEEE80211_SEND_LEGACY_11B
) {
2845 frm
= ieee80211_add_htcap_vendor(frm
, bss
);
2846 frm
= ieee80211_add_htinfo_vendor(frm
, bss
);
2848 #ifdef IEEE80211_SUPPORT_SUPERG
2849 if ((vap
->iv_flags
& IEEE80211_F_ATHEROS
) &&
2850 legacy
!= IEEE80211_SEND_LEGACY_11B
)
2851 frm
= ieee80211_add_athcaps(frm
, bss
);
2853 if (vap
->iv_appie_proberesp
!= NULL
)
2854 frm
= add_appie(frm
, vap
->iv_appie_proberesp
);
2855 #ifdef IEEE80211_SUPPORT_MESH
2856 if (vap
->iv_opmode
== IEEE80211_M_MBSS
) {
2857 frm
= ieee80211_add_meshid(frm
, vap
);
2858 frm
= ieee80211_add_meshconf(frm
, vap
);
2861 m
->m_pkthdr
.len
= m
->m_len
= frm
- mtod(m
, uint8_t *);
2867 * Send a probe response frame to the specified mac address.
2868 * This does not go through the normal mgt frame api so we
2869 * can specify the destination address and re-use the bss node
2870 * for the sta reference.
2873 ieee80211_send_proberesp(struct ieee80211vap
*vap
,
2874 const uint8_t da
[IEEE80211_ADDR_LEN
], int legacy
)
2876 struct ieee80211_node
*bss
= vap
->iv_bss
;
2877 struct ieee80211com
*ic
= vap
->iv_ic
;
2878 struct ieee80211_frame
*wh
;
2882 if (vap
->iv_state
== IEEE80211_S_CAC
) {
2883 IEEE80211_NOTE(vap
, IEEE80211_MSG_OUTPUT
, bss
,
2884 "block %s frame in CAC state", "probe response");
2885 vap
->iv_stats
.is_tx_badstate
++;
2886 return EIO
; /* XXX */
2890 * Hold a reference on the node so it doesn't go away until after
2891 * the xmit is complete all the way in the driver. On error we
2892 * will remove our reference.
2894 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_NODE
,
2895 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
2896 __func__
, __LINE__
, bss
, ether_sprintf(bss
->ni_macaddr
),
2897 ieee80211_node_refcnt(bss
)+1);
2898 ieee80211_ref_node(bss
);
2900 m
= ieee80211_alloc_proberesp(bss
, legacy
);
2902 ieee80211_free_node(bss
);
2906 M_PREPEND(m
, sizeof(struct ieee80211_frame
), M_NOWAIT
);
2907 KASSERT(m
!= NULL
, ("no room for header"));
2909 IEEE80211_TX_LOCK(ic
);
2910 wh
= mtod(m
, struct ieee80211_frame
*);
2911 ieee80211_send_setup(bss
, m
,
2912 IEEE80211_FC0_TYPE_MGT
| IEEE80211_FC0_SUBTYPE_PROBE_RESP
,
2913 IEEE80211_NONQOS_TID
, vap
->iv_myaddr
, da
, bss
->ni_bssid
);
2914 /* XXX power management? */
2915 m
->m_flags
|= M_ENCAP
; /* mark encapsulated */
2917 M_WME_SETAC(m
, WME_AC_BE
);
2919 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_DEBUG
| IEEE80211_MSG_DUMPPKTS
,
2920 "send probe resp on channel %u to %s%s\n",
2921 ieee80211_chan2ieee(ic
, ic
->ic_curchan
), ether_sprintf(da
),
2922 legacy
? " <legacy>" : "");
2923 IEEE80211_NODE_STAT(bss
, tx_mgmt
);
2925 ret
= ieee80211_raw_output(vap
, bss
, m
, NULL
);
2926 IEEE80211_TX_UNLOCK(ic
);
2931 * Allocate and build a RTS (Request To Send) control frame.
2934 ieee80211_alloc_rts(struct ieee80211com
*ic
,
2935 const uint8_t ra
[IEEE80211_ADDR_LEN
],
2936 const uint8_t ta
[IEEE80211_ADDR_LEN
],
2939 struct ieee80211_frame_rts
*rts
;
2942 /* XXX honor ic_headroom */
2943 m
= m_gethdr(M_NOWAIT
, MT_DATA
);
2945 rts
= mtod(m
, struct ieee80211_frame_rts
*);
2946 rts
->i_fc
[0] = IEEE80211_FC0_VERSION_0
|
2947 IEEE80211_FC0_TYPE_CTL
| IEEE80211_FC0_SUBTYPE_RTS
;
2948 rts
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
2949 *(u_int16_t
*)rts
->i_dur
= htole16(dur
);
2950 IEEE80211_ADDR_COPY(rts
->i_ra
, ra
);
2951 IEEE80211_ADDR_COPY(rts
->i_ta
, ta
);
2953 m
->m_pkthdr
.len
= m
->m_len
= sizeof(struct ieee80211_frame_rts
);
2959 * Allocate and build a CTS (Clear To Send) control frame.
2962 ieee80211_alloc_cts(struct ieee80211com
*ic
,
2963 const uint8_t ra
[IEEE80211_ADDR_LEN
], uint16_t dur
)
2965 struct ieee80211_frame_cts
*cts
;
2968 /* XXX honor ic_headroom */
2969 m
= m_gethdr(M_NOWAIT
, MT_DATA
);
2971 cts
= mtod(m
, struct ieee80211_frame_cts
*);
2972 cts
->i_fc
[0] = IEEE80211_FC0_VERSION_0
|
2973 IEEE80211_FC0_TYPE_CTL
| IEEE80211_FC0_SUBTYPE_CTS
;
2974 cts
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
2975 *(u_int16_t
*)cts
->i_dur
= htole16(dur
);
2976 IEEE80211_ADDR_COPY(cts
->i_ra
, ra
);
2978 m
->m_pkthdr
.len
= m
->m_len
= sizeof(struct ieee80211_frame_cts
);
2984 ieee80211_tx_mgt_timeout(void *arg
)
2986 struct ieee80211vap
*vap
= arg
;
2988 IEEE80211_LOCK(vap
->iv_ic
);
2989 if (vap
->iv_state
!= IEEE80211_S_INIT
&&
2990 (vap
->iv_ic
->ic_flags
& IEEE80211_F_SCAN
) == 0) {
2992 * NB: it's safe to specify a timeout as the reason here;
2993 * it'll only be used in the right state.
2995 ieee80211_new_state_locked(vap
, IEEE80211_S_SCAN
,
2996 IEEE80211_SCAN_FAIL_TIMEOUT
);
2998 IEEE80211_UNLOCK(vap
->iv_ic
);
3002 * This is the callback set on net80211-sourced transmitted
3003 * authentication request frames.
3005 * This does a couple of things:
3007 * + If the frame transmitted was a success, it schedules a future
3008 * event which will transition the interface to scan.
3009 * If a state transition _then_ occurs before that event occurs,
3010 * said state transition will cancel this callout.
3012 * + If the frame transmit was a failure, it immediately schedules
3013 * the transition back to scan.
3016 ieee80211_tx_mgt_cb(struct ieee80211_node
*ni
, void *arg
, int status
)
3018 struct ieee80211vap
*vap
= ni
->ni_vap
;
3019 enum ieee80211_state ostate
= (enum ieee80211_state
) arg
;
3022 * Frame transmit completed; arrange timer callback. If
3023 * transmit was successfully we wait for response. Otherwise
3024 * we arrange an immediate callback instead of doing the
3025 * callback directly since we don't know what state the driver
3026 * is in (e.g. what locks it is holding). This work should
3027 * not be too time-critical and not happen too often so the
3028 * added overhead is acceptable.
3030 * XXX what happens if !acked but response shows up before callback?
3032 if (vap
->iv_state
== ostate
) {
3033 callout_reset(&vap
->iv_mgtsend
,
3034 status
== 0 ? IEEE80211_TRANS_WAIT
*hz
: 0,
3035 ieee80211_tx_mgt_timeout
, vap
);
3040 ieee80211_beacon_construct(struct mbuf
*m
, uint8_t *frm
,
3041 struct ieee80211_node
*ni
)
3043 struct ieee80211vap
*vap
= ni
->ni_vap
;
3044 struct ieee80211_beacon_offsets
*bo
= &vap
->iv_bcn_off
;
3045 struct ieee80211com
*ic
= ni
->ni_ic
;
3046 struct ieee80211_rateset
*rs
= &ni
->ni_rates
;
3050 * beacon frame format
3052 * [2] beacon interval
3053 * [2] cabability information
3055 * [tlv] supported rates
3056 * [3] parameter set (DS)
3057 * [8] CF parameter set (optional)
3058 * [tlv] parameter set (IBSS/TIM)
3059 * [tlv] country (optional)
3060 * [3] power control (optional)
3061 * [5] channel switch announcement (CSA) (optional)
3062 * [tlv] extended rate phy (ERP)
3063 * [tlv] extended supported rates
3064 * [tlv] RSN parameters
3065 * [tlv] HT capabilities
3066 * [tlv] HT information
3067 * XXX Vendor-specific OIDs (e.g. Atheros)
3068 * [tlv] WPA parameters
3069 * [tlv] WME parameters
3070 * [tlv] Vendor OUI HT capabilities (optional)
3071 * [tlv] Vendor OUI HT information (optional)
3072 * [tlv] Atheros capabilities (optional)
3073 * [tlv] TDMA parameters (optional)
3074 * [tlv] Mesh ID (MBSS)
3075 * [tlv] Mesh Conf (MBSS)
3076 * [tlv] application data (optional)
3079 memset(bo
, 0, sizeof(*bo
));
3081 memset(frm
, 0, 8); /* XXX timestamp is set by hardware/driver */
3083 *(uint16_t *)frm
= htole16(ni
->ni_intval
);
3085 capinfo
= ieee80211_getcapinfo(vap
, ni
->ni_chan
);
3086 bo
->bo_caps
= (uint16_t *)frm
;
3087 *(uint16_t *)frm
= htole16(capinfo
);
3089 *frm
++ = IEEE80211_ELEMID_SSID
;
3090 if ((vap
->iv_flags
& IEEE80211_F_HIDESSID
) == 0) {
3091 *frm
++ = ni
->ni_esslen
;
3092 memcpy(frm
, ni
->ni_essid
, ni
->ni_esslen
);
3093 frm
+= ni
->ni_esslen
;
3096 frm
= ieee80211_add_rates(frm
, rs
);
3097 if (!IEEE80211_IS_CHAN_FHSS(ni
->ni_chan
)) {
3098 *frm
++ = IEEE80211_ELEMID_DSPARMS
;
3100 *frm
++ = ieee80211_chan2ieee(ic
, ni
->ni_chan
);
3102 if (ic
->ic_flags
& IEEE80211_F_PCF
) {
3104 frm
= ieee80211_add_cfparms(frm
, ic
);
3107 if (vap
->iv_opmode
== IEEE80211_M_IBSS
) {
3108 *frm
++ = IEEE80211_ELEMID_IBSSPARMS
;
3110 *frm
++ = 0; *frm
++ = 0; /* TODO: ATIM window */
3112 } else if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
||
3113 vap
->iv_opmode
== IEEE80211_M_MBSS
) {
3114 /* TIM IE is the same for Mesh and Hostap */
3115 struct ieee80211_tim_ie
*tie
= (struct ieee80211_tim_ie
*) frm
;
3117 tie
->tim_ie
= IEEE80211_ELEMID_TIM
;
3118 tie
->tim_len
= 4; /* length */
3119 tie
->tim_count
= 0; /* DTIM count */
3120 tie
->tim_period
= vap
->iv_dtim_period
; /* DTIM period */
3121 tie
->tim_bitctl
= 0; /* bitmap control */
3122 tie
->tim_bitmap
[0] = 0; /* Partial Virtual Bitmap */
3123 frm
+= sizeof(struct ieee80211_tim_ie
);
3126 bo
->bo_tim_trailer
= frm
;
3127 if ((vap
->iv_flags
& IEEE80211_F_DOTH
) ||
3128 (vap
->iv_flags_ext
& IEEE80211_FEXT_DOTD
))
3129 frm
= ieee80211_add_countryie(frm
, ic
);
3130 if (vap
->iv_flags
& IEEE80211_F_DOTH
) {
3131 if (IEEE80211_IS_CHAN_5GHZ(ni
->ni_chan
))
3132 frm
= ieee80211_add_powerconstraint(frm
, vap
);
3134 if (ic
->ic_flags
& IEEE80211_F_CSAPENDING
)
3135 frm
= ieee80211_add_csa(frm
, vap
);
3139 if (vap
->iv_flags
& IEEE80211_F_DOTH
) {
3141 if (IEEE80211_IS_CHAN_DFS(ic
->ic_bsschan
) &&
3142 (vap
->iv_flags_ext
& IEEE80211_FEXT_DFS
)) {
3144 frm
= ieee80211_add_quiet(frm
,vap
);
3149 if (IEEE80211_IS_CHAN_ANYG(ni
->ni_chan
)) {
3151 frm
= ieee80211_add_erp(frm
, ic
);
3153 frm
= ieee80211_add_xrates(frm
, rs
);
3154 frm
= ieee80211_add_rsn(frm
, vap
);
3155 if (IEEE80211_IS_CHAN_HT(ni
->ni_chan
)) {
3156 frm
= ieee80211_add_htcap(frm
, ni
);
3157 bo
->bo_htinfo
= frm
;
3158 frm
= ieee80211_add_htinfo(frm
, ni
);
3160 frm
= ieee80211_add_wpa(frm
, vap
);
3161 if (vap
->iv_flags
& IEEE80211_F_WME
) {
3163 frm
= ieee80211_add_wme_param(frm
, &ic
->ic_wme
);
3165 if (IEEE80211_IS_CHAN_HT(ni
->ni_chan
) &&
3166 (vap
->iv_flags_ht
& IEEE80211_FHT_HTCOMPAT
)) {
3167 frm
= ieee80211_add_htcap_vendor(frm
, ni
);
3168 frm
= ieee80211_add_htinfo_vendor(frm
, ni
);
3170 #ifdef IEEE80211_SUPPORT_SUPERG
3171 if (vap
->iv_flags
& IEEE80211_F_ATHEROS
) {
3173 frm
= ieee80211_add_athcaps(frm
, ni
);
3176 #ifdef IEEE80211_SUPPORT_TDMA
3177 if (vap
->iv_caps
& IEEE80211_C_TDMA
) {
3179 frm
= ieee80211_add_tdma(frm
, vap
);
3182 if (vap
->iv_appie_beacon
!= NULL
) {
3184 bo
->bo_appie_len
= vap
->iv_appie_beacon
->ie_len
;
3185 frm
= add_appie(frm
, vap
->iv_appie_beacon
);
3187 #ifdef IEEE80211_SUPPORT_MESH
3188 if (vap
->iv_opmode
== IEEE80211_M_MBSS
) {
3189 frm
= ieee80211_add_meshid(frm
, vap
);
3190 bo
->bo_meshconf
= frm
;
3191 frm
= ieee80211_add_meshconf(frm
, vap
);
3194 bo
->bo_tim_trailer_len
= frm
- bo
->bo_tim_trailer
;
3195 bo
->bo_csa_trailer_len
= frm
- bo
->bo_csa
;
3196 m
->m_pkthdr
.len
= m
->m_len
= frm
- mtod(m
, uint8_t *);
3200 * Allocate a beacon frame and fillin the appropriate bits.
3203 ieee80211_beacon_alloc(struct ieee80211_node
*ni
)
3205 struct ieee80211vap
*vap
= ni
->ni_vap
;
3206 struct ieee80211com
*ic
= ni
->ni_ic
;
3207 struct ifnet
*ifp
= vap
->iv_ifp
;
3208 struct ieee80211_frame
*wh
;
3214 * beacon frame format
3216 * [2] beacon interval
3217 * [2] cabability information
3219 * [tlv] supported rates
3220 * [3] parameter set (DS)
3221 * [8] CF parameter set (optional)
3222 * [tlv] parameter set (IBSS/TIM)
3223 * [tlv] country (optional)
3224 * [3] power control (optional)
3225 * [5] channel switch announcement (CSA) (optional)
3226 * [tlv] extended rate phy (ERP)
3227 * [tlv] extended supported rates
3228 * [tlv] RSN parameters
3229 * [tlv] HT capabilities
3230 * [tlv] HT information
3231 * [tlv] Vendor OUI HT capabilities (optional)
3232 * [tlv] Vendor OUI HT information (optional)
3233 * XXX Vendor-specific OIDs (e.g. Atheros)
3234 * [tlv] WPA parameters
3235 * [tlv] WME parameters
3236 * [tlv] TDMA parameters (optional)
3237 * [tlv] Mesh ID (MBSS)
3238 * [tlv] Mesh Conf (MBSS)
3239 * [tlv] application data (optional)
3240 * NB: we allocate the max space required for the TIM bitmap.
3241 * XXX how big is this?
3243 pktlen
= 8 /* time stamp */
3244 + sizeof(uint16_t) /* beacon interval */
3245 + sizeof(uint16_t) /* capabilities */
3246 + 2 + ni
->ni_esslen
/* ssid */
3247 + 2 + IEEE80211_RATE_SIZE
/* supported rates */
3248 + 2 + 1 /* DS parameters */
3249 + 2 + 6 /* CF parameters */
3250 + 2 + 4 + vap
->iv_tim_len
/* DTIM/IBSSPARMS */
3251 + IEEE80211_COUNTRY_MAX_SIZE
/* country */
3252 + 2 + 1 /* power control */
3253 + sizeof(struct ieee80211_csa_ie
) /* CSA */
3254 + sizeof(struct ieee80211_quiet_ie
) /* Quiet */
3256 + 2 + (IEEE80211_RATE_MAXSIZE
- IEEE80211_RATE_SIZE
)
3257 + (vap
->iv_caps
& IEEE80211_C_WPA
? /* WPA 1+2 */
3258 2*sizeof(struct ieee80211_ie_wpa
) : 0)
3259 /* XXX conditional? */
3260 + 4+2*sizeof(struct ieee80211_ie_htcap
)/* HT caps */
3261 + 4+2*sizeof(struct ieee80211_ie_htinfo
)/* HT info */
3262 + (vap
->iv_caps
& IEEE80211_C_WME
? /* WME */
3263 sizeof(struct ieee80211_wme_param
) : 0)
3264 #ifdef IEEE80211_SUPPORT_SUPERG
3265 + sizeof(struct ieee80211_ath_ie
) /* ATH */
3267 #ifdef IEEE80211_SUPPORT_TDMA
3268 + (vap
->iv_caps
& IEEE80211_C_TDMA
? /* TDMA */
3269 sizeof(struct ieee80211_tdma_param
) : 0)
3271 #ifdef IEEE80211_SUPPORT_MESH
3272 + 2 + ni
->ni_meshidlen
3273 + sizeof(struct ieee80211_meshconf_ie
)
3275 + IEEE80211_MAX_APPIE
3277 m
= ieee80211_getmgtframe(&frm
,
3278 ic
->ic_headroom
+ sizeof(struct ieee80211_frame
), pktlen
);
3280 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_ANY
,
3281 "%s: cannot get buf; size %u\n", __func__
, pktlen
);
3282 vap
->iv_stats
.is_tx_nobuf
++;
3285 ieee80211_beacon_construct(m
, frm
, ni
);
3287 M_PREPEND(m
, sizeof(struct ieee80211_frame
), M_NOWAIT
);
3288 KASSERT(m
!= NULL
, ("no space for 802.11 header?"));
3289 wh
= mtod(m
, struct ieee80211_frame
*);
3290 wh
->i_fc
[0] = IEEE80211_FC0_VERSION_0
| IEEE80211_FC0_TYPE_MGT
|
3291 IEEE80211_FC0_SUBTYPE_BEACON
;
3292 wh
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
3293 *(uint16_t *)wh
->i_dur
= 0;
3294 IEEE80211_ADDR_COPY(wh
->i_addr1
, ifp
->if_broadcastaddr
);
3295 IEEE80211_ADDR_COPY(wh
->i_addr2
, vap
->iv_myaddr
);
3296 IEEE80211_ADDR_COPY(wh
->i_addr3
, ni
->ni_bssid
);
3297 *(uint16_t *)wh
->i_seq
= 0;
3303 * Update the dynamic parts of a beacon frame based on the current state.
3306 ieee80211_beacon_update(struct ieee80211_node
*ni
, struct mbuf
*m
, int mcast
)
3308 struct ieee80211vap
*vap
= ni
->ni_vap
;
3309 struct ieee80211_beacon_offsets
*bo
= &vap
->iv_bcn_off
;
3310 struct ieee80211com
*ic
= ni
->ni_ic
;
3311 int len_changed
= 0;
3313 struct ieee80211_frame
*wh
;
3314 ieee80211_seq seqno
;
3318 * Handle 11h channel change when we've reached the count.
3319 * We must recalculate the beacon frame contents to account
3320 * for the new channel. Note we do this only for the first
3321 * vap that reaches this point; subsequent vaps just update
3322 * their beacon state to reflect the recalculated channel.
3324 if (isset(bo
->bo_flags
, IEEE80211_BEACON_CSA
) &&
3325 vap
->iv_csa_count
== ic
->ic_csa_count
) {
3326 vap
->iv_csa_count
= 0;
3328 * Effect channel change before reconstructing the beacon
3329 * frame contents as many places reference ni_chan.
3331 if (ic
->ic_csa_newchan
!= NULL
)
3332 ieee80211_csa_completeswitch(ic
);
3334 * NB: ieee80211_beacon_construct clears all pending
3335 * updates in bo_flags so we don't need to explicitly
3336 * clear IEEE80211_BEACON_CSA.
3338 ieee80211_beacon_construct(m
,
3339 mtod(m
, uint8_t*) + sizeof(struct ieee80211_frame
), ni
);
3341 /* XXX do WME aggressive mode processing? */
3342 IEEE80211_UNLOCK(ic
);
3343 return 1; /* just assume length changed */
3346 wh
= mtod(m
, struct ieee80211_frame
*);
3347 seqno
= ni
->ni_txseqs
[IEEE80211_NONQOS_TID
]++;
3348 *(uint16_t *)&wh
->i_seq
[0] =
3349 htole16(seqno
<< IEEE80211_SEQ_SEQ_SHIFT
);
3350 M_SEQNO_SET(m
, seqno
);
3352 /* XXX faster to recalculate entirely or just changes? */
3353 capinfo
= ieee80211_getcapinfo(vap
, ni
->ni_chan
);
3354 *bo
->bo_caps
= htole16(capinfo
);
3356 if (vap
->iv_flags
& IEEE80211_F_WME
) {
3357 struct ieee80211_wme_state
*wme
= &ic
->ic_wme
;
3360 * Check for aggressive mode change. When there is
3361 * significant high priority traffic in the BSS
3362 * throttle back BE traffic by using conservative
3363 * parameters. Otherwise BE uses aggressive params
3364 * to optimize performance of legacy/non-QoS traffic.
3366 if (wme
->wme_flags
& WME_F_AGGRMODE
) {
3367 if (wme
->wme_hipri_traffic
>
3368 wme
->wme_hipri_switch_thresh
) {
3369 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_WME
,
3370 "%s: traffic %u, disable aggressive mode\n",
3371 __func__
, wme
->wme_hipri_traffic
);
3372 wme
->wme_flags
&= ~WME_F_AGGRMODE
;
3373 ieee80211_wme_updateparams_locked(vap
);
3374 wme
->wme_hipri_traffic
=
3375 wme
->wme_hipri_switch_hysteresis
;
3377 wme
->wme_hipri_traffic
= 0;
3379 if (wme
->wme_hipri_traffic
<=
3380 wme
->wme_hipri_switch_thresh
) {
3381 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_WME
,
3382 "%s: traffic %u, enable aggressive mode\n",
3383 __func__
, wme
->wme_hipri_traffic
);
3384 wme
->wme_flags
|= WME_F_AGGRMODE
;
3385 ieee80211_wme_updateparams_locked(vap
);
3386 wme
->wme_hipri_traffic
= 0;
3388 wme
->wme_hipri_traffic
=
3389 wme
->wme_hipri_switch_hysteresis
;
3391 if (isset(bo
->bo_flags
, IEEE80211_BEACON_WME
)) {
3392 (void) ieee80211_add_wme_param(bo
->bo_wme
, wme
);
3393 clrbit(bo
->bo_flags
, IEEE80211_BEACON_WME
);
3397 if (isset(bo
->bo_flags
, IEEE80211_BEACON_HTINFO
)) {
3398 ieee80211_ht_update_beacon(vap
, bo
);
3399 clrbit(bo
->bo_flags
, IEEE80211_BEACON_HTINFO
);
3401 #ifdef IEEE80211_SUPPORT_TDMA
3402 if (vap
->iv_caps
& IEEE80211_C_TDMA
) {
3404 * NB: the beacon is potentially updated every TBTT.
3406 ieee80211_tdma_update_beacon(vap
, bo
);
3409 #ifdef IEEE80211_SUPPORT_MESH
3410 if (vap
->iv_opmode
== IEEE80211_M_MBSS
)
3411 ieee80211_mesh_update_beacon(vap
, bo
);
3414 if (vap
->iv_opmode
== IEEE80211_M_HOSTAP
||
3415 vap
->iv_opmode
== IEEE80211_M_MBSS
) { /* NB: no IBSS support*/
3416 struct ieee80211_tim_ie
*tie
=
3417 (struct ieee80211_tim_ie
*) bo
->bo_tim
;
3418 if (isset(bo
->bo_flags
, IEEE80211_BEACON_TIM
)) {
3419 u_int timlen
, timoff
, i
;
3421 * ATIM/DTIM needs updating. If it fits in the
3422 * current space allocated then just copy in the
3423 * new bits. Otherwise we need to move any trailing
3424 * data to make room. Note that we know there is
3425 * contiguous space because ieee80211_beacon_allocate
3426 * insures there is space in the mbuf to write a
3427 * maximal-size virtual bitmap (based on iv_max_aid).
3430 * Calculate the bitmap size and offset, copy any
3431 * trailer out of the way, and then copy in the
3432 * new bitmap and update the information element.
3433 * Note that the tim bitmap must contain at least
3434 * one byte and any offset must be even.
3436 if (vap
->iv_ps_pending
!= 0) {
3437 timoff
= 128; /* impossibly large */
3438 for (i
= 0; i
< vap
->iv_tim_len
; i
++)
3439 if (vap
->iv_tim_bitmap
[i
]) {
3443 KASSERT(timoff
!= 128, ("tim bitmap empty!"));
3444 for (i
= vap
->iv_tim_len
-1; i
>= timoff
; i
--)
3445 if (vap
->iv_tim_bitmap
[i
])
3447 timlen
= 1 + (i
- timoff
);
3452 if (timlen
!= bo
->bo_tim_len
) {
3453 /* copy up/down trailer */
3454 int adjust
= tie
->tim_bitmap
+timlen
3455 - bo
->bo_tim_trailer
;
3456 bcopy(bo
->bo_tim_trailer
,
3457 bo
->bo_tim_trailer
+adjust
,
3458 bo
->bo_tim_trailer_len
);
3459 bo
->bo_tim_trailer
+= adjust
;
3460 bo
->bo_erp
+= adjust
;
3461 bo
->bo_htinfo
+= adjust
;
3462 #ifdef IEEE80211_SUPPORT_SUPERG
3463 bo
->bo_ath
+= adjust
;
3465 #ifdef IEEE80211_SUPPORT_TDMA
3466 bo
->bo_tdma
+= adjust
;
3468 #ifdef IEEE80211_SUPPORT_MESH
3469 bo
->bo_meshconf
+= adjust
;
3471 bo
->bo_appie
+= adjust
;
3472 bo
->bo_wme
+= adjust
;
3473 bo
->bo_csa
+= adjust
;
3474 bo
->bo_quiet
+= adjust
;
3475 bo
->bo_tim_len
= timlen
;
3477 /* update information element */
3478 tie
->tim_len
= 3 + timlen
;
3479 tie
->tim_bitctl
= timoff
;
3482 memcpy(tie
->tim_bitmap
, vap
->iv_tim_bitmap
+ timoff
,
3485 clrbit(bo
->bo_flags
, IEEE80211_BEACON_TIM
);
3487 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_POWER
,
3488 "%s: TIM updated, pending %u, off %u, len %u\n",
3489 __func__
, vap
->iv_ps_pending
, timoff
, timlen
);
3491 /* count down DTIM period */
3492 if (tie
->tim_count
== 0)
3493 tie
->tim_count
= tie
->tim_period
- 1;
3496 /* update state for buffered multicast frames on DTIM */
3497 if (mcast
&& tie
->tim_count
== 0)
3498 tie
->tim_bitctl
|= 1;
3500 tie
->tim_bitctl
&= ~1;
3501 if (isset(bo
->bo_flags
, IEEE80211_BEACON_CSA
)) {
3502 struct ieee80211_csa_ie
*csa
=
3503 (struct ieee80211_csa_ie
*) bo
->bo_csa
;
3506 * Insert or update CSA ie. If we're just starting
3507 * to count down to the channel switch then we need
3508 * to insert the CSA ie. Otherwise we just need to
3509 * drop the count. The actual change happens above
3510 * when the vap's count reaches the target count.
3512 if (vap
->iv_csa_count
== 0) {
3513 memmove(&csa
[1], csa
, bo
->bo_csa_trailer_len
);
3514 bo
->bo_erp
+= sizeof(*csa
);
3515 bo
->bo_htinfo
+= sizeof(*csa
);
3516 bo
->bo_wme
+= sizeof(*csa
);
3517 #ifdef IEEE80211_SUPPORT_SUPERG
3518 bo
->bo_ath
+= sizeof(*csa
);
3520 #ifdef IEEE80211_SUPPORT_TDMA
3521 bo
->bo_tdma
+= sizeof(*csa
);
3523 #ifdef IEEE80211_SUPPORT_MESH
3524 bo
->bo_meshconf
+= sizeof(*csa
);
3526 bo
->bo_appie
+= sizeof(*csa
);
3527 bo
->bo_csa_trailer_len
+= sizeof(*csa
);
3528 bo
->bo_quiet
+= sizeof(*csa
);
3529 bo
->bo_tim_trailer_len
+= sizeof(*csa
);
3530 m
->m_len
+= sizeof(*csa
);
3531 m
->m_pkthdr
.len
+= sizeof(*csa
);
3533 ieee80211_add_csa(bo
->bo_csa
, vap
);
3536 vap
->iv_csa_count
++;
3537 /* NB: don't clear IEEE80211_BEACON_CSA */
3539 if (IEEE80211_IS_CHAN_DFS(ic
->ic_bsschan
) &&
3540 (vap
->iv_flags_ext
& IEEE80211_FEXT_DFS
) ){
3542 ieee80211_add_quiet(bo
->bo_quiet
, vap
);
3544 if (isset(bo
->bo_flags
, IEEE80211_BEACON_ERP
)) {
3546 * ERP element needs updating.
3548 (void) ieee80211_add_erp(bo
->bo_erp
, ic
);
3549 clrbit(bo
->bo_flags
, IEEE80211_BEACON_ERP
);
3551 #ifdef IEEE80211_SUPPORT_SUPERG
3552 if (isset(bo
->bo_flags
, IEEE80211_BEACON_ATH
)) {
3553 ieee80211_add_athcaps(bo
->bo_ath
, ni
);
3554 clrbit(bo
->bo_flags
, IEEE80211_BEACON_ATH
);
3558 if (isset(bo
->bo_flags
, IEEE80211_BEACON_APPIE
)) {
3559 const struct ieee80211_appie
*aie
= vap
->iv_appie_beacon
;
3565 aielen
+= aie
->ie_len
;
3566 if (aielen
!= bo
->bo_appie_len
) {
3567 /* copy up/down trailer */
3568 int adjust
= aielen
- bo
->bo_appie_len
;
3569 bcopy(bo
->bo_tim_trailer
, bo
->bo_tim_trailer
+adjust
,
3570 bo
->bo_tim_trailer_len
);
3571 bo
->bo_tim_trailer
+= adjust
;
3572 bo
->bo_appie
+= adjust
;
3573 bo
->bo_appie_len
= aielen
;
3579 frm
= add_appie(frm
, aie
);
3580 clrbit(bo
->bo_flags
, IEEE80211_BEACON_APPIE
);
3582 IEEE80211_UNLOCK(ic
);
3588 * Do Ethernet-LLC encapsulation for each payload in a fast frame
3589 * tunnel encapsulation. The frame is assumed to have an Ethernet
3590 * header at the front that must be stripped before prepending the
3591 * LLC followed by the Ethernet header passed in (with an Ethernet
3592 * type that specifies the payload size).
3595 ieee80211_ff_encap1(struct ieee80211vap
*vap
, struct mbuf
*m
,
3596 const struct ether_header
*eh
)
3601 /* XXX optimize by combining m_adj+M_PREPEND */
3602 m_adj(m
, sizeof(struct ether_header
) - sizeof(struct llc
));
3603 llc
= mtod(m
, struct llc
*);
3604 llc
->llc_dsap
= llc
->llc_ssap
= LLC_SNAP_LSAP
;
3605 llc
->llc_control
= LLC_UI
;
3606 llc
->llc_snap
.org_code
[0] = 0;
3607 llc
->llc_snap
.org_code
[1] = 0;
3608 llc
->llc_snap
.org_code
[2] = 0;
3609 llc
->llc_snap
.ether_type
= eh
->ether_type
;
3610 payload
= m
->m_pkthdr
.len
; /* NB: w/o Ethernet header */
3612 M_PREPEND(m
, sizeof(struct ether_header
), M_NOWAIT
);
3613 if (m
== NULL
) { /* XXX cannot happen */
3614 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SUPERG
,
3615 "%s: no space for ether_header\n", __func__
);
3616 vap
->iv_stats
.is_tx_nobuf
++;
3619 ETHER_HEADER_COPY(mtod(m
, void *), eh
);
3620 mtod(m
, struct ether_header
*)->ether_type
= htons(payload
);
3625 * Complete an mbuf transmission.
3627 * For now, this simply processes a completed frame after the
3628 * driver has completed it's transmission and/or retransmission.
3629 * It assumes the frame is an 802.11 encapsulated frame.
3631 * Later on it will grow to become the exit path for a given frame
3632 * from the driver and, depending upon how it's been encapsulated
3633 * and already transmitted, it may end up doing A-MPDU retransmission,
3634 * power save requeuing, etc.
3636 * In order for the above to work, the driver entry point to this
3637 * must not hold any driver locks. Thus, the driver needs to delay
3638 * any actual mbuf completion until it can release said locks.
3640 * This frees the mbuf and if the mbuf has a node reference,
3641 * the node reference will be freed.
3644 ieee80211_tx_complete(struct ieee80211_node
*ni
, struct mbuf
*m
, int status
)
3648 struct ifnet
*ifp
= ni
->ni_vap
->iv_ifp
;
3651 if_inc_counter(ifp
, IFCOUNTER_OPACKETS
, 1);
3652 #if defined(__DragonFly__)
3654 * On DragonFly, IFCOUNTER_OBYTES and
3655 * IFCOUNTER_OMCASTS increments are currently done
3656 * by ifq_dispatch() already.
3659 if_inc_counter(ifp
, IFCOUNTER_OBYTES
, m
->m_pkthdr
.len
);
3660 if (m
->m_flags
& M_MCAST
)
3661 if_inc_counter(ifp
, IFCOUNTER_OMCASTS
, 1);
3664 if_inc_counter(ifp
, IFCOUNTER_OERRORS
, 1);
3665 if (m
->m_flags
& M_TXCB
)
3666 ieee80211_process_callback(ni
, m
, status
);
3667 ieee80211_free_node(ni
);