270 (m->m_flags & M_EAPOL) == 0) { 271 const int ac = M_WME_GETAC(m); 272 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[ac]; 273 274 ieee80211_txampdu_count_packet(tap); 275 if (IEEE80211_AMPDU_RUNNING(tap)) { 276 /* 277 * Operational, mark frame for aggregation. 278 * 279 * XXX do tx aggregation here 280 */ 281 m->m_flags |= M_AMPDU_MPDU; 282 } else if (!IEEE80211_AMPDU_REQUESTED(tap) && 283 ic->ic_ampdu_enable(ni, tap)) { 284 /* 285 * Not negotiated yet, request service. 286 */ 287 ieee80211_ampdu_request(ni, tap); 288 /* XXX hold frame for reply? */ 289 } 290 } 291#ifdef IEEE80211_SUPPORT_SUPERG 292 else if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF)) { 293 m = ieee80211_ff_check(ni, m); 294 if (m == NULL) { 295 /* NB: any ni ref held on stageq */ 296 continue; 297 } 298 } 299#endif /* IEEE80211_SUPPORT_SUPERG */ 300 if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) { 301 /* 302 * Encapsulate the packet in prep for transmission. 303 */ 304 m = ieee80211_encap(vap, ni, m); 305 if (m == NULL) { 306 /* NB: stat+msg handled in ieee80211_encap */ 307 ieee80211_free_node(ni); 308 continue; 309 } 310 } 311 312 error = parent->if_transmit(parent, m); 313 if (error != 0) { 314 /* NB: IFQ_HANDOFF reclaims mbuf */ 315 ieee80211_free_node(ni); 316 } else { 317 ifp->if_opackets++; 318 } 319 ic->ic_lastdata = ticks; 320 } 321#undef IS_DWDS 322} 323 324/* 325 * 802.11 output routine. This is (currently) used only to 326 * connect bpf write calls to the 802.11 layer for injecting 327 * raw 802.11 frames. 328 */ 329int 330ieee80211_output(struct ifnet *ifp, struct mbuf *m, 331 struct sockaddr *dst, struct route *ro) 332{ 333#define senderr(e) do { error = (e); goto bad;} while (0) 334 struct ieee80211_node *ni = NULL; 335 struct ieee80211vap *vap; 336 struct ieee80211_frame *wh; 337 int error; 338 339 if (ifp->if_drv_flags & IFF_DRV_OACTIVE) { 340 /* 341 * Short-circuit requests if the vap is marked OACTIVE 342 * as this is used when tearing down state to indicate 343 * the vap may be gone. This can also happen because a 344 * packet came down through ieee80211_start before the 345 * vap entered RUN state in which case it's also ok to 346 * just drop the frame. This should not be necessary 347 * but callers of if_output don't check OACTIVE. 348 */ 349 senderr(ENETDOWN); 350 } 351 vap = ifp->if_softc; 352 /* 353 * Hand to the 802.3 code if not tagged as 354 * a raw 802.11 frame. 355 */ 356 if (dst->sa_family != AF_IEEE80211) 357 return vap->iv_output(ifp, m, dst, ro); 358#ifdef MAC 359 error = mac_ifnet_check_transmit(ifp, m); 360 if (error) 361 senderr(error); 362#endif 363 if (ifp->if_flags & IFF_MONITOR) 364 senderr(ENETDOWN); 365 if (!IFNET_IS_UP_RUNNING(ifp)) 366 senderr(ENETDOWN); 367 if (vap->iv_state == IEEE80211_S_CAC) { 368 IEEE80211_DPRINTF(vap, 369 IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 370 "block %s frame in CAC state\n", "raw data"); 371 vap->iv_stats.is_tx_badstate++; 372 senderr(EIO); /* XXX */ 373 } 374 /* XXX bypass bridge, pfil, carp, etc. */ 375 376 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack)) 377 senderr(EIO); /* XXX */ 378 wh = mtod(m, struct ieee80211_frame *); 379 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 380 IEEE80211_FC0_VERSION_0) 381 senderr(EIO); /* XXX */ 382 383 /* locate destination node */ 384 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 385 case IEEE80211_FC1_DIR_NODS: 386 case IEEE80211_FC1_DIR_FROMDS: 387 ni = ieee80211_find_txnode(vap, wh->i_addr1); 388 break; 389 case IEEE80211_FC1_DIR_TODS: 390 case IEEE80211_FC1_DIR_DSTODS: 391 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) 392 senderr(EIO); /* XXX */ 393 ni = ieee80211_find_txnode(vap, wh->i_addr3); 394 break; 395 default: 396 senderr(EIO); /* XXX */ 397 } 398 if (ni == NULL) { 399 /* 400 * Permit packets w/ bpf params through regardless 401 * (see below about sa_len). 402 */ 403 if (dst->sa_len == 0) 404 senderr(EHOSTUNREACH); 405 ni = ieee80211_ref_node(vap->iv_bss); 406 } 407 408 /* 409 * Sanitize mbuf for net80211 flags leaked from above. 410 * 411 * NB: This must be done before ieee80211_classify as 412 * it marks EAPOL in frames with M_EAPOL. 413 */ 414 m->m_flags &= ~M_80211_TX; 415 416 /* calculate priority so drivers can find the tx queue */ 417 /* XXX assumes an 802.3 frame */ 418 if (ieee80211_classify(ni, m)) 419 senderr(EIO); /* XXX */ 420 421 IEEE80211_NODE_STAT(ni, tx_data); 422 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 423 IEEE80211_NODE_STAT(ni, tx_mcast); 424 m->m_flags |= M_MCAST; 425 } else 426 IEEE80211_NODE_STAT(ni, tx_ucast); 427 /* NB: ieee80211_encap does not include 802.11 header */ 428 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, m->m_pkthdr.len); 429 430 /* 431 * NB: DLT_IEEE802_11_RADIO identifies the parameters are 432 * present by setting the sa_len field of the sockaddr (yes, 433 * this is a hack). 434 * NB: we assume sa_data is suitably aligned to cast. 435 */ 436 return vap->iv_ic->ic_raw_xmit(ni, m, 437 (const struct ieee80211_bpf_params *)(dst->sa_len ? 438 dst->sa_data : NULL)); 439bad: 440 if (m != NULL) 441 m_freem(m); 442 if (ni != NULL) 443 ieee80211_free_node(ni); 444 return error; 445#undef senderr 446} 447 448/* 449 * Set the direction field and address fields of an outgoing 450 * frame. Note this should be called early on in constructing 451 * a frame as it sets i_fc[1]; other bits can then be or'd in. 452 */ 453static void 454ieee80211_send_setup( 455 struct ieee80211_node *ni, 456 struct mbuf *m, 457 int type, int tid, 458 const uint8_t sa[IEEE80211_ADDR_LEN], 459 const uint8_t da[IEEE80211_ADDR_LEN], 460 const uint8_t bssid[IEEE80211_ADDR_LEN]) 461{ 462#define WH4(wh) ((struct ieee80211_frame_addr4 *)wh) 463 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); 464 ieee80211_seq seqno; 465 466 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type; 467 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) { 468 struct ieee80211vap *vap = ni->ni_vap; 469 470 switch (vap->iv_opmode) { 471 case IEEE80211_M_STA: 472 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 473 IEEE80211_ADDR_COPY(wh->i_addr1, bssid); 474 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 475 IEEE80211_ADDR_COPY(wh->i_addr3, da); 476 break; 477 case IEEE80211_M_IBSS: 478 case IEEE80211_M_AHDEMO: 479 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 480 IEEE80211_ADDR_COPY(wh->i_addr1, da); 481 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 482 IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 483 break; 484 case IEEE80211_M_HOSTAP: 485 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 486 IEEE80211_ADDR_COPY(wh->i_addr1, da); 487 IEEE80211_ADDR_COPY(wh->i_addr2, bssid); 488 IEEE80211_ADDR_COPY(wh->i_addr3, sa); 489 break; 490 case IEEE80211_M_WDS: 491 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 492 IEEE80211_ADDR_COPY(wh->i_addr1, da); 493 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 494 IEEE80211_ADDR_COPY(wh->i_addr3, da); 495 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa); 496 break; 497 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */ 498 break; 499 } 500 } else { 501 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 502 IEEE80211_ADDR_COPY(wh->i_addr1, da); 503 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 504 IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 505 } 506 *(uint16_t *)&wh->i_dur[0] = 0; 507 508 seqno = ni->ni_txseqs[tid]++; 509 *(uint16_t *)&wh->i_seq[0] = htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 510 M_SEQNO_SET(m, seqno); 511 512 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 513 m->m_flags |= M_MCAST; 514#undef WH4 515} 516 517/* 518 * Send a management frame to the specified node. The node pointer 519 * must have a reference as the pointer will be passed to the driver 520 * and potentially held for a long time. If the frame is successfully 521 * dispatched to the driver, then it is responsible for freeing the 522 * reference (and potentially free'ing up any associated storage); 523 * otherwise deal with reclaiming any reference (on error). 524 */ 525int 526ieee80211_mgmt_output(struct ieee80211_node *ni, struct mbuf *m, int type, 527 struct ieee80211_bpf_params *params) 528{ 529 struct ieee80211vap *vap = ni->ni_vap; 530 struct ieee80211com *ic = ni->ni_ic; 531 struct ieee80211_frame *wh; 532 533 KASSERT(ni != NULL, ("null node")); 534 535 if (vap->iv_state == IEEE80211_S_CAC) { 536 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 537 ni, "block %s frame in CAC state", 538 ieee80211_mgt_subtype_name[ 539 (type & IEEE80211_FC0_SUBTYPE_MASK) >> 540 IEEE80211_FC0_SUBTYPE_SHIFT]); 541 vap->iv_stats.is_tx_badstate++; 542 ieee80211_free_node(ni); 543 m_freem(m); 544 return EIO; /* XXX */ 545 } 546 547 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 548 if (m == NULL) { 549 ieee80211_free_node(ni); 550 return ENOMEM; 551 } 552 553 wh = mtod(m, struct ieee80211_frame *); 554 ieee80211_send_setup(ni, m, 555 IEEE80211_FC0_TYPE_MGT | type, IEEE80211_NONQOS_TID, 556 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 557 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 558 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr1, 559 "encrypting frame (%s)", __func__); 560 wh->i_fc[1] |= IEEE80211_FC1_WEP; 561 } 562 m->m_flags |= M_ENCAP; /* mark encapsulated */ 563 564 KASSERT(type != IEEE80211_FC0_SUBTYPE_PROBE_RESP, ("probe response?")); 565 M_WME_SETAC(m, params->ibp_pri); 566 567#ifdef IEEE80211_DEBUG 568 /* avoid printing too many frames */ 569 if ((ieee80211_msg_debug(vap) && doprint(vap, type)) || 570 ieee80211_msg_dumppkts(vap)) { 571 printf("[%s] send %s on channel %u\n", 572 ether_sprintf(wh->i_addr1), 573 ieee80211_mgt_subtype_name[ 574 (type & IEEE80211_FC0_SUBTYPE_MASK) >> 575 IEEE80211_FC0_SUBTYPE_SHIFT], 576 ieee80211_chan2ieee(ic, ic->ic_curchan)); 577 } 578#endif 579 IEEE80211_NODE_STAT(ni, tx_mgmt); 580 581 return ic->ic_raw_xmit(ni, m, params); 582} 583 584/* 585 * Send a null data frame to the specified node. If the station 586 * is setup for QoS then a QoS Null Data frame is constructed. 587 * If this is a WDS station then a 4-address frame is constructed. 588 * 589 * NB: the caller is assumed to have setup a node reference 590 * for use; this is necessary to deal with a race condition 591 * when probing for inactive stations. Like ieee80211_mgmt_output 592 * we must cleanup any node reference on error; however we 593 * can safely just unref it as we know it will never be the 594 * last reference to the node. 595 */ 596int 597ieee80211_send_nulldata(struct ieee80211_node *ni) 598{ 599 struct ieee80211vap *vap = ni->ni_vap; 600 struct ieee80211com *ic = ni->ni_ic; 601 struct mbuf *m; 602 struct ieee80211_frame *wh; 603 int hdrlen; 604 uint8_t *frm; 605 606 if (vap->iv_state == IEEE80211_S_CAC) { 607 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 608 ni, "block %s frame in CAC state", "null data"); 609 ieee80211_unref_node(&ni); 610 vap->iv_stats.is_tx_badstate++; 611 return EIO; /* XXX */ 612 } 613 614 if (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) 615 hdrlen = sizeof(struct ieee80211_qosframe); 616 else 617 hdrlen = sizeof(struct ieee80211_frame); 618 /* NB: only WDS vap's get 4-address frames */ 619 if (vap->iv_opmode == IEEE80211_M_WDS) 620 hdrlen += IEEE80211_ADDR_LEN; 621 if (ic->ic_flags & IEEE80211_F_DATAPAD) 622 hdrlen = roundup(hdrlen, sizeof(uint32_t)); 623 624 m = ieee80211_getmgtframe(&frm, ic->ic_headroom + hdrlen, 0); 625 if (m == NULL) { 626 /* XXX debug msg */ 627 ieee80211_unref_node(&ni); 628 vap->iv_stats.is_tx_nobuf++; 629 return ENOMEM; 630 } 631 KASSERT(M_LEADINGSPACE(m) >= hdrlen, 632 ("leading space %zd", M_LEADINGSPACE(m))); 633 M_PREPEND(m, hdrlen, M_DONTWAIT); 634 if (m == NULL) { 635 /* NB: cannot happen */ 636 ieee80211_free_node(ni); 637 return ENOMEM; 638 } 639 640 wh = mtod(m, struct ieee80211_frame *); /* NB: a little lie */ 641 if (ni->ni_flags & IEEE80211_NODE_QOS) { 642 const int tid = WME_AC_TO_TID(WME_AC_BE); 643 uint8_t *qos; 644 645 ieee80211_send_setup(ni, m, 646 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS_NULL, 647 tid, vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 648 649 if (vap->iv_opmode == IEEE80211_M_WDS) 650 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 651 else 652 qos = ((struct ieee80211_qosframe *) wh)->i_qos; 653 qos[0] = tid & IEEE80211_QOS_TID; 654 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[WME_AC_BE].wmep_noackPolicy) 655 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK; 656 qos[1] = 0; 657 } else { 658 ieee80211_send_setup(ni, m, 659 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA, 660 IEEE80211_NONQOS_TID, 661 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 662 } 663 if (vap->iv_opmode != IEEE80211_M_WDS) { 664 /* NB: power management bit is never sent by an AP */ 665 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && 666 vap->iv_opmode != IEEE80211_M_HOSTAP) 667 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT; 668 } 669 m->m_len = m->m_pkthdr.len = hdrlen; 670 m->m_flags |= M_ENCAP; /* mark encapsulated */ 671 672 M_WME_SETAC(m, WME_AC_BE); 673 674 IEEE80211_NODE_STAT(ni, tx_data); 675 676 IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, ni, 677 "send %snull data frame on channel %u, pwr mgt %s", 678 ni->ni_flags & IEEE80211_NODE_QOS ? "QoS " : "", 679 ieee80211_chan2ieee(ic, ic->ic_curchan), 680 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis"); 681 682 return ic->ic_raw_xmit(ni, m, NULL); 683} 684 685/* 686 * Assign priority to a frame based on any vlan tag assigned 687 * to the station and/or any Diffserv setting in an IP header. 688 * Finally, if an ACM policy is setup (in station mode) it's 689 * applied. 690 */ 691int 692ieee80211_classify(struct ieee80211_node *ni, struct mbuf *m) 693{ 694 const struct ether_header *eh = mtod(m, struct ether_header *); 695 int v_wme_ac, d_wme_ac, ac; 696 697 /* 698 * Always promote PAE/EAPOL frames to high priority. 699 */ 700 if (eh->ether_type == htons(ETHERTYPE_PAE)) { 701 /* NB: mark so others don't need to check header */ 702 m->m_flags |= M_EAPOL; 703 ac = WME_AC_VO; 704 goto done; 705 } 706 /* 707 * Non-qos traffic goes to BE. 708 */ 709 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) { 710 ac = WME_AC_BE; 711 goto done; 712 } 713 714 /* 715 * If node has a vlan tag then all traffic 716 * to it must have a matching tag. 717 */ 718 v_wme_ac = 0; 719 if (ni->ni_vlan != 0) { 720 if ((m->m_flags & M_VLANTAG) == 0) { 721 IEEE80211_NODE_STAT(ni, tx_novlantag); 722 return 1; 723 } 724 if (EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 725 EVL_VLANOFTAG(ni->ni_vlan)) { 726 IEEE80211_NODE_STAT(ni, tx_vlanmismatch); 727 return 1; 728 } 729 /* map vlan priority to AC */ 730 v_wme_ac = TID_TO_WME_AC(EVL_PRIOFTAG(ni->ni_vlan)); 731 } 732 733#ifdef INET 734 if (eh->ether_type == htons(ETHERTYPE_IP)) { 735 uint8_t tos; 736 /* 737 * IP frame, map the DSCP bits from the TOS field. 738 */ 739 /* XXX m_copydata may be too slow for fast path */ 740 /* NB: ip header may not be in first mbuf */ 741 m_copydata(m, sizeof(struct ether_header) + 742 offsetof(struct ip, ip_tos), sizeof(tos), &tos); 743 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */ 744 d_wme_ac = TID_TO_WME_AC(tos); 745 } else { 746#endif /* INET */ 747 d_wme_ac = WME_AC_BE; 748#ifdef INET 749 } 750#endif 751 /* 752 * Use highest priority AC. 753 */ 754 if (v_wme_ac > d_wme_ac) 755 ac = v_wme_ac; 756 else 757 ac = d_wme_ac; 758 759 /* 760 * Apply ACM policy. 761 */ 762 if (ni->ni_vap->iv_opmode == IEEE80211_M_STA) { 763 static const int acmap[4] = { 764 WME_AC_BK, /* WME_AC_BE */ 765 WME_AC_BK, /* WME_AC_BK */ 766 WME_AC_BE, /* WME_AC_VI */ 767 WME_AC_VI, /* WME_AC_VO */ 768 }; 769 struct ieee80211com *ic = ni->ni_ic; 770 771 while (ac != WME_AC_BK && 772 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm) 773 ac = acmap[ac]; 774 } 775done: 776 M_WME_SETAC(m, ac); 777 return 0; 778} 779 780/* 781 * Insure there is sufficient contiguous space to encapsulate the 782 * 802.11 data frame. If room isn't already there, arrange for it. 783 * Drivers and cipher modules assume we have done the necessary work 784 * and fail rudely if they don't find the space they need. 785 */ 786struct mbuf * 787ieee80211_mbuf_adjust(struct ieee80211vap *vap, int hdrsize, 788 struct ieee80211_key *key, struct mbuf *m) 789{ 790#define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc)) 791 int needed_space = vap->iv_ic->ic_headroom + hdrsize; 792 793 if (key != NULL) { 794 /* XXX belongs in crypto code? */ 795 needed_space += key->wk_cipher->ic_header; 796 /* XXX frags */ 797 /* 798 * When crypto is being done in the host we must insure 799 * the data are writable for the cipher routines; clone 800 * a writable mbuf chain. 801 * XXX handle SWMIC specially 802 */ 803 if (key->wk_flags & (IEEE80211_KEY_SWENCRYPT|IEEE80211_KEY_SWENMIC)) { 804 m = m_unshare(m, M_NOWAIT); 805 if (m == NULL) { 806 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 807 "%s: cannot get writable mbuf\n", __func__); 808 vap->iv_stats.is_tx_nobuf++; /* XXX new stat */ 809 return NULL; 810 } 811 } 812 } 813 /* 814 * We know we are called just before stripping an Ethernet 815 * header and prepending an LLC header. This means we know 816 * there will be 817 * sizeof(struct ether_header) - sizeof(struct llc) 818 * bytes recovered to which we need additional space for the 819 * 802.11 header and any crypto header. 820 */ 821 /* XXX check trailing space and copy instead? */ 822 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) { 823 struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type); 824 if (n == NULL) { 825 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 826 "%s: cannot expand storage\n", __func__); 827 vap->iv_stats.is_tx_nobuf++; 828 m_freem(m); 829 return NULL; 830 } 831 KASSERT(needed_space <= MHLEN, 832 ("not enough room, need %u got %zu\n", needed_space, MHLEN)); 833 /* 834 * Setup new mbuf to have leading space to prepend the 835 * 802.11 header and any crypto header bits that are 836 * required (the latter are added when the driver calls 837 * back to ieee80211_crypto_encap to do crypto encapsulation). 838 */ 839 /* NB: must be first 'cuz it clobbers m_data */ 840 m_move_pkthdr(n, m); 841 n->m_len = 0; /* NB: m_gethdr does not set */ 842 n->m_data += needed_space; 843 /* 844 * Pull up Ethernet header to create the expected layout. 845 * We could use m_pullup but that's overkill (i.e. we don't 846 * need the actual data) and it cannot fail so do it inline 847 * for speed. 848 */ 849 /* NB: struct ether_header is known to be contiguous */ 850 n->m_len += sizeof(struct ether_header); 851 m->m_len -= sizeof(struct ether_header); 852 m->m_data += sizeof(struct ether_header); 853 /* 854 * Replace the head of the chain. 855 */ 856 n->m_next = m; 857 m = n; 858 } 859 return m; 860#undef TO_BE_RECLAIMED 861} 862 863/* 864 * Return the transmit key to use in sending a unicast frame. 865 * If a unicast key is set we use that. When no unicast key is set 866 * we fall back to the default transmit key. 867 */ 868static __inline struct ieee80211_key * 869ieee80211_crypto_getucastkey(struct ieee80211vap *vap, 870 struct ieee80211_node *ni) 871{ 872 if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { 873 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE || 874 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey])) 875 return NULL; 876 return &vap->iv_nw_keys[vap->iv_def_txkey]; 877 } else { 878 return &ni->ni_ucastkey; 879 } 880} 881 882/* 883 * Return the transmit key to use in sending a multicast frame. 884 * Multicast traffic always uses the group key which is installed as 885 * the default tx key. 886 */ 887static __inline struct ieee80211_key * 888ieee80211_crypto_getmcastkey(struct ieee80211vap *vap, 889 struct ieee80211_node *ni) 890{ 891 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE || 892 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey])) 893 return NULL; 894 return &vap->iv_nw_keys[vap->iv_def_txkey]; 895} 896 897/* 898 * Encapsulate an outbound data frame. The mbuf chain is updated. 899 * If an error is encountered NULL is returned. The caller is required 900 * to provide a node reference and pullup the ethernet header in the 901 * first mbuf. 902 * 903 * NB: Packet is assumed to be processed by ieee80211_classify which 904 * marked EAPOL frames w/ M_EAPOL. 905 */ 906struct mbuf * 907ieee80211_encap(struct ieee80211vap *vap, struct ieee80211_node *ni, 908 struct mbuf *m) 909{ 910#define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh)) 911 struct ieee80211com *ic = ni->ni_ic; 912 struct ether_header eh; 913 struct ieee80211_frame *wh; 914 struct ieee80211_key *key; 915 struct llc *llc; 916 int hdrsize, hdrspace, datalen, addqos, txfrag, is4addr; 917 ieee80211_seq seqno; 918 919 /* 920 * Copy existing Ethernet header to a safe place. The 921 * rest of the code assumes it's ok to strip it when 922 * reorganizing state for the final encapsulation. 923 */ 924 KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!")); 925 ETHER_HEADER_COPY(&eh, mtod(m, caddr_t)); 926 927 /* 928 * Insure space for additional headers. First identify 929 * transmit key to use in calculating any buffer adjustments 930 * required. This is also used below to do privacy 931 * encapsulation work. Then calculate the 802.11 header 932 * size and any padding required by the driver. 933 * 934 * Note key may be NULL if we fall back to the default 935 * transmit key and that is not set. In that case the 936 * buffer may not be expanded as needed by the cipher 937 * routines, but they will/should discard it. 938 */ 939 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 940 if (vap->iv_opmode == IEEE80211_M_STA || 941 !IEEE80211_IS_MULTICAST(eh.ether_dhost) || 942 (vap->iv_opmode == IEEE80211_M_WDS && 943 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY))) 944 key = ieee80211_crypto_getucastkey(vap, ni); 945 else 946 key = ieee80211_crypto_getmcastkey(vap, ni); 947 if (key == NULL && (m->m_flags & M_EAPOL) == 0) { 948 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, 949 eh.ether_dhost, 950 "no default transmit key (%s) deftxkey %u", 951 __func__, vap->iv_def_txkey); 952 vap->iv_stats.is_tx_nodefkey++; 953 goto bad; 954 } 955 } else 956 key = NULL; 957 /* 958 * XXX Some ap's don't handle QoS-encapsulated EAPOL 959 * frames so suppress use. This may be an issue if other 960 * ap's require all data frames to be QoS-encapsulated 961 * once negotiated in which case we'll need to make this 962 * configurable. 963 */ 964 addqos = (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) && 965 (m->m_flags & M_EAPOL) == 0; 966 if (addqos) 967 hdrsize = sizeof(struct ieee80211_qosframe); 968 else 969 hdrsize = sizeof(struct ieee80211_frame); 970 /* 971 * 4-address frames need to be generated for: 972 * o packets sent through a WDS vap (IEEE80211_M_WDS) 973 * o packets sent through a vap marked for relaying 974 * (e.g. a station operating with dynamic WDS) 975 */ 976 is4addr = vap->iv_opmode == IEEE80211_M_WDS || 977 ((vap->iv_flags_ext & IEEE80211_FEXT_4ADDR) && 978 !IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)); 979 if (is4addr) 980 hdrsize += IEEE80211_ADDR_LEN; 981 /* 982 * Honor driver DATAPAD requirement. 983 */ 984 if (ic->ic_flags & IEEE80211_F_DATAPAD) 985 hdrspace = roundup(hdrsize, sizeof(uint32_t)); 986 else 987 hdrspace = hdrsize; 988 989 if (__predict_true((m->m_flags & M_FF) == 0)) { 990 /* 991 * Normal frame. 992 */ 993 m = ieee80211_mbuf_adjust(vap, hdrspace, key, m); 994 if (m == NULL) { 995 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */ 996 goto bad; 997 } 998 /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */ 999 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc)); 1000 llc = mtod(m, struct llc *); 1001 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 1002 llc->llc_control = LLC_UI; 1003 llc->llc_snap.org_code[0] = 0; 1004 llc->llc_snap.org_code[1] = 0; 1005 llc->llc_snap.org_code[2] = 0; 1006 llc->llc_snap.ether_type = eh.ether_type; 1007 } else { 1008#ifdef IEEE80211_SUPPORT_SUPERG 1009 /* 1010 * Aggregated frame. 1011 */ 1012 m = ieee80211_ff_encap(vap, m, hdrspace, key); 1013 if (m == NULL) 1014#endif 1015 goto bad; 1016 } 1017 datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */ 1018 1019 M_PREPEND(m, hdrspace, M_DONTWAIT); 1020 if (m == NULL) { 1021 vap->iv_stats.is_tx_nobuf++; 1022 goto bad; 1023 } 1024 wh = mtod(m, struct ieee80211_frame *); 1025 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 1026 *(uint16_t *)wh->i_dur = 0; 1027 if (is4addr) { 1028 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 1029 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 1030 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 1031 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 1032 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost); 1033 } else switch (vap->iv_opmode) { 1034 case IEEE80211_M_STA: 1035 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 1036 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 1037 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 1038 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 1039 break; 1040 case IEEE80211_M_IBSS: 1041 case IEEE80211_M_AHDEMO: 1042 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1043 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1044 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 1045 /* 1046 * NB: always use the bssid from iv_bss as the 1047 * neighbor's may be stale after an ibss merge 1048 */ 1049 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_bssid); 1050 break; 1051 case IEEE80211_M_HOSTAP: 1052 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 1053 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1054 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 1055 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 1056 break; 1057 case IEEE80211_M_MONITOR: 1058 case IEEE80211_M_WDS: /* NB: is4addr should always be true */ 1059 goto bad; 1060 } 1061 if (m->m_flags & M_MORE_DATA) 1062 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 1063 if (addqos) { 1064 uint8_t *qos; 1065 int ac, tid; 1066 1067 if (is4addr) { 1068 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 1069 } else 1070 qos = ((struct ieee80211_qosframe *) wh)->i_qos; 1071 ac = M_WME_GETAC(m); 1072 /* map from access class/queue to 11e header priorty value */ 1073 tid = WME_AC_TO_TID(ac); 1074 qos[0] = tid & IEEE80211_QOS_TID; 1075 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy) 1076 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK; 1077 qos[1] = 0; 1078 wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 1079 1080 if ((m->m_flags & M_AMPDU_MPDU) == 0) { 1081 /* 1082 * NB: don't assign a sequence # to potential 1083 * aggregates; we expect this happens at the 1084 * point the frame comes off any aggregation q 1085 * as otherwise we may introduce holes in the 1086 * BA sequence space and/or make window accouting 1087 * more difficult. 1088 * 1089 * XXX may want to control this with a driver 1090 * capability; this may also change when we pull 1091 * aggregation up into net80211 1092 */ 1093 seqno = ni->ni_txseqs[tid]++; 1094 *(uint16_t *)wh->i_seq = 1095 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 1096 M_SEQNO_SET(m, seqno); 1097 } 1098 } else { 1099 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++; 1100 *(uint16_t *)wh->i_seq = 1101 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 1102 M_SEQNO_SET(m, seqno); 1103 } 1104 1105 /* check if xmit fragmentation is required */ 1106 txfrag = (m->m_pkthdr.len > vap->iv_fragthreshold && 1107 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1108 (vap->iv_caps & IEEE80211_C_TXFRAG) && 1109 (m->m_flags & (M_FF | M_AMPDU_MPDU)) == 0); 1110 if (key != NULL) { 1111 /* 1112 * IEEE 802.1X: send EAPOL frames always in the clear. 1113 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set. 1114 */ 1115 if ((m->m_flags & M_EAPOL) == 0 || 1116 ((vap->iv_flags & IEEE80211_F_WPA) && 1117 (vap->iv_opmode == IEEE80211_M_STA ? 1118 !IEEE80211_KEY_UNDEFINED(key) : 1119 !IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)))) { 1120 wh->i_fc[1] |= IEEE80211_FC1_WEP; 1121 if (!ieee80211_crypto_enmic(vap, key, m, txfrag)) { 1122 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, 1123 eh.ether_dhost, 1124 "%s", "enmic failed, discard frame"); 1125 vap->iv_stats.is_crypto_enmicfail++; 1126 goto bad; 1127 } 1128 } 1129 } 1130 if (txfrag && !ieee80211_fragment(vap, m, hdrsize, 1131 key != NULL ? key->wk_cipher->ic_header : 0, vap->iv_fragthreshold)) 1132 goto bad; 1133 1134 m->m_flags |= M_ENCAP; /* mark encapsulated */ 1135 1136 IEEE80211_NODE_STAT(ni, tx_data); 1137 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1138 IEEE80211_NODE_STAT(ni, tx_mcast); 1139 m->m_flags |= M_MCAST; 1140 } else 1141 IEEE80211_NODE_STAT(ni, tx_ucast); 1142 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen); 1143 1144 return m; 1145bad: 1146 if (m != NULL) 1147 m_freem(m); 1148 return NULL; 1149#undef WH4 1150} 1151 1152/* 1153 * Fragment the frame according to the specified mtu. 1154 * The size of the 802.11 header (w/o padding) is provided 1155 * so we don't need to recalculate it. We create a new 1156 * mbuf for each fragment and chain it through m_nextpkt; 1157 * we might be able to optimize this by reusing the original 1158 * packet's mbufs but that is significantly more complicated. 1159 */ 1160static int 1161ieee80211_fragment(struct ieee80211vap *vap, struct mbuf *m0, 1162 u_int hdrsize, u_int ciphdrsize, u_int mtu) 1163{ 1164 struct ieee80211_frame *wh, *whf; 1165 struct mbuf *m, *prev, *next; 1166 u_int totalhdrsize, fragno, fragsize, off, remainder, payload; 1167 1168 KASSERT(m0->m_nextpkt == NULL, ("mbuf already chained?")); 1169 KASSERT(m0->m_pkthdr.len > mtu, 1170 ("pktlen %u mtu %u", m0->m_pkthdr.len, mtu)); 1171 1172 wh = mtod(m0, struct ieee80211_frame *); 1173 /* NB: mark the first frag; it will be propagated below */ 1174 wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG; 1175 totalhdrsize = hdrsize + ciphdrsize; 1176 fragno = 1; 1177 off = mtu - ciphdrsize; 1178 remainder = m0->m_pkthdr.len - off; 1179 prev = m0; 1180 do { 1181 fragsize = totalhdrsize + remainder; 1182 if (fragsize > mtu) 1183 fragsize = mtu; 1184 /* XXX fragsize can be >2048! */ 1185 KASSERT(fragsize < MCLBYTES, 1186 ("fragment size %u too big!", fragsize)); 1187 if (fragsize > MHLEN) 1188 m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 1189 else 1190 m = m_gethdr(M_DONTWAIT, MT_DATA); 1191 if (m == NULL) 1192 goto bad; 1193 /* leave room to prepend any cipher header */ 1194 m_align(m, fragsize - ciphdrsize); 1195 1196 /* 1197 * Form the header in the fragment. Note that since 1198 * we mark the first fragment with the MORE_FRAG bit 1199 * it automatically is propagated to each fragment; we 1200 * need only clear it on the last fragment (done below). 1201 */ 1202 whf = mtod(m, struct ieee80211_frame *); 1203 memcpy(whf, wh, hdrsize); 1204 *(uint16_t *)&whf->i_seq[0] |= htole16( 1205 (fragno & IEEE80211_SEQ_FRAG_MASK) << 1206 IEEE80211_SEQ_FRAG_SHIFT); 1207 fragno++; 1208 1209 payload = fragsize - totalhdrsize; 1210 /* NB: destination is known to be contiguous */ 1211 m_copydata(m0, off, payload, mtod(m, uint8_t *) + hdrsize); 1212 m->m_len = hdrsize + payload; 1213 m->m_pkthdr.len = hdrsize + payload; 1214 m->m_flags |= M_FRAG; 1215 1216 /* chain up the fragment */ 1217 prev->m_nextpkt = m; 1218 prev = m; 1219 1220 /* deduct fragment just formed */ 1221 remainder -= payload; 1222 off += payload; 1223 } while (remainder != 0); 1224 1225 /* set the last fragment */ 1226 m->m_flags |= M_LASTFRAG; 1227 whf->i_fc[1] &= ~IEEE80211_FC1_MORE_FRAG; 1228 1229 /* strip first mbuf now that everything has been copied */ 1230 m_adj(m0, -(m0->m_pkthdr.len - (mtu - ciphdrsize))); 1231 m0->m_flags |= M_FIRSTFRAG | M_FRAG; 1232 1233 vap->iv_stats.is_tx_fragframes++; 1234 vap->iv_stats.is_tx_frags += fragno-1; 1235 1236 return 1; 1237bad: 1238 /* reclaim fragments but leave original frame for caller to free */ 1239 for (m = m0->m_nextpkt; m != NULL; m = next) { 1240 next = m->m_nextpkt; 1241 m->m_nextpkt = NULL; /* XXX paranoid */ 1242 m_freem(m); 1243 } 1244 m0->m_nextpkt = NULL; 1245 return 0; 1246} 1247 1248/* 1249 * Add a supported rates element id to a frame. 1250 */ 1251static uint8_t * 1252ieee80211_add_rates(uint8_t *frm, const struct ieee80211_rateset *rs) 1253{ 1254 int nrates; 1255 1256 *frm++ = IEEE80211_ELEMID_RATES; 1257 nrates = rs->rs_nrates; 1258 if (nrates > IEEE80211_RATE_SIZE) 1259 nrates = IEEE80211_RATE_SIZE; 1260 *frm++ = nrates; 1261 memcpy(frm, rs->rs_rates, nrates); 1262 return frm + nrates; 1263} 1264 1265/* 1266 * Add an extended supported rates element id to a frame. 1267 */ 1268static uint8_t * 1269ieee80211_add_xrates(uint8_t *frm, const struct ieee80211_rateset *rs) 1270{ 1271 /* 1272 * Add an extended supported rates element if operating in 11g mode. 1273 */ 1274 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 1275 int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1276 *frm++ = IEEE80211_ELEMID_XRATES; 1277 *frm++ = nrates; 1278 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1279 frm += nrates; 1280 } 1281 return frm; 1282} 1283 1284/* 1285 * Add an ssid element to a frame. 1286 */ 1287static uint8_t * 1288ieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len) 1289{ 1290 *frm++ = IEEE80211_ELEMID_SSID; 1291 *frm++ = len; 1292 memcpy(frm, ssid, len); 1293 return frm + len; 1294} 1295 1296/* 1297 * Add an erp element to a frame. 1298 */ 1299static uint8_t * 1300ieee80211_add_erp(uint8_t *frm, struct ieee80211com *ic) 1301{ 1302 uint8_t erp; 1303 1304 *frm++ = IEEE80211_ELEMID_ERP; 1305 *frm++ = 1; 1306 erp = 0; 1307 if (ic->ic_nonerpsta != 0) 1308 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 1309 if (ic->ic_flags & IEEE80211_F_USEPROT) 1310 erp |= IEEE80211_ERP_USE_PROTECTION; 1311 if (ic->ic_flags & IEEE80211_F_USEBARKER) 1312 erp |= IEEE80211_ERP_LONG_PREAMBLE; 1313 *frm++ = erp; 1314 return frm; 1315} 1316 1317/* 1318 * Add a CFParams element to a frame. 1319 */ 1320static uint8_t * 1321ieee80211_add_cfparms(uint8_t *frm, struct ieee80211com *ic) 1322{ 1323#define ADDSHORT(frm, v) do { \ 1324 frm[0] = (v) & 0xff; \ 1325 frm[1] = (v) >> 8; \ 1326 frm += 2; \ 1327} while (0) 1328 *frm++ = IEEE80211_ELEMID_CFPARMS; 1329 *frm++ = 6; 1330 *frm++ = 0; /* CFP count */ 1331 *frm++ = 2; /* CFP period */ 1332 ADDSHORT(frm, 0); /* CFP MaxDuration (TU) */ 1333 ADDSHORT(frm, 0); /* CFP CurRemaining (TU) */ 1334 return frm; 1335#undef ADDSHORT 1336} 1337 1338static __inline uint8_t * 1339add_appie(uint8_t *frm, const struct ieee80211_appie *ie) 1340{ 1341 memcpy(frm, ie->ie_data, ie->ie_len); 1342 return frm + ie->ie_len; 1343} 1344 1345static __inline uint8_t * 1346add_ie(uint8_t *frm, const uint8_t *ie) 1347{ 1348 memcpy(frm, ie, 2 + ie[1]); 1349 return frm + 2 + ie[1]; 1350} 1351 1352#define WME_OUI_BYTES 0x00, 0x50, 0xf2 1353/* 1354 * Add a WME information element to a frame. 1355 */ 1356static uint8_t * 1357ieee80211_add_wme_info(uint8_t *frm, struct ieee80211_wme_state *wme) 1358{ 1359 static const struct ieee80211_wme_info info = { 1360 .wme_id = IEEE80211_ELEMID_VENDOR, 1361 .wme_len = sizeof(struct ieee80211_wme_info) - 2, 1362 .wme_oui = { WME_OUI_BYTES }, 1363 .wme_type = WME_OUI_TYPE, 1364 .wme_subtype = WME_INFO_OUI_SUBTYPE, 1365 .wme_version = WME_VERSION, 1366 .wme_info = 0, 1367 }; 1368 memcpy(frm, &info, sizeof(info)); 1369 return frm + sizeof(info); 1370} 1371 1372/* 1373 * Add a WME parameters element to a frame. 1374 */ 1375static uint8_t * 1376ieee80211_add_wme_param(uint8_t *frm, struct ieee80211_wme_state *wme) 1377{ 1378#define SM(_v, _f) (((_v) << _f##_S) & _f) 1379#define ADDSHORT(frm, v) do { \ 1380 frm[0] = (v) & 0xff; \ 1381 frm[1] = (v) >> 8; \ 1382 frm += 2; \ 1383} while (0) 1384 /* NB: this works 'cuz a param has an info at the front */ 1385 static const struct ieee80211_wme_info param = { 1386 .wme_id = IEEE80211_ELEMID_VENDOR, 1387 .wme_len = sizeof(struct ieee80211_wme_param) - 2, 1388 .wme_oui = { WME_OUI_BYTES }, 1389 .wme_type = WME_OUI_TYPE, 1390 .wme_subtype = WME_PARAM_OUI_SUBTYPE, 1391 .wme_version = WME_VERSION, 1392 }; 1393 int i; 1394 1395 memcpy(frm, ¶m, sizeof(param)); 1396 frm += __offsetof(struct ieee80211_wme_info, wme_info); 1397 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */ 1398 *frm++ = 0; /* reserved field */ 1399 for (i = 0; i < WME_NUM_AC; i++) { 1400 const struct wmeParams *ac = 1401 &wme->wme_bssChanParams.cap_wmeParams[i]; 1402 *frm++ = SM(i, WME_PARAM_ACI) 1403 | SM(ac->wmep_acm, WME_PARAM_ACM) 1404 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN) 1405 ; 1406 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX) 1407 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN) 1408 ; 1409 ADDSHORT(frm, ac->wmep_txopLimit); 1410 } 1411 return frm; 1412#undef SM 1413#undef ADDSHORT 1414} 1415#undef WME_OUI_BYTES 1416 1417/* 1418 * Add an 11h Power Constraint element to a frame. 1419 */ 1420static uint8_t * 1421ieee80211_add_powerconstraint(uint8_t *frm, struct ieee80211vap *vap) 1422{ 1423 const struct ieee80211_channel *c = vap->iv_bss->ni_chan; 1424 /* XXX per-vap tx power limit? */ 1425 int8_t limit = vap->iv_ic->ic_txpowlimit / 2; 1426 1427 frm[0] = IEEE80211_ELEMID_PWRCNSTR; 1428 frm[1] = 1; 1429 frm[2] = c->ic_maxregpower > limit ? c->ic_maxregpower - limit : 0; 1430 return frm + 3; 1431} 1432 1433/* 1434 * Add an 11h Power Capability element to a frame. 1435 */ 1436static uint8_t * 1437ieee80211_add_powercapability(uint8_t *frm, const struct ieee80211_channel *c) 1438{ 1439 frm[0] = IEEE80211_ELEMID_PWRCAP; 1440 frm[1] = 2; 1441 frm[2] = c->ic_minpower; 1442 frm[3] = c->ic_maxpower; 1443 return frm + 4; 1444} 1445 1446/* 1447 * Add an 11h Supported Channels element to a frame. 1448 */ 1449static uint8_t * 1450ieee80211_add_supportedchannels(uint8_t *frm, struct ieee80211com *ic) 1451{ 1452 static const int ielen = 26; 1453 1454 frm[0] = IEEE80211_ELEMID_SUPPCHAN; 1455 frm[1] = ielen; 1456 /* XXX not correct */ 1457 memcpy(frm+2, ic->ic_chan_avail, ielen); 1458 return frm + 2 + ielen; 1459} 1460 1461/* 1462 * Add an 11h Channel Switch Announcement element to a frame. 1463 * Note that we use the per-vap CSA count to adjust the global 1464 * counter so we can use this routine to form probe response 1465 * frames and get the current count. 1466 */ 1467static uint8_t * 1468ieee80211_add_csa(uint8_t *frm, struct ieee80211vap *vap) 1469{ 1470 struct ieee80211com *ic = vap->iv_ic; 1471 struct ieee80211_csa_ie *csa = (struct ieee80211_csa_ie *) frm; 1472 1473 csa->csa_ie = IEEE80211_ELEMID_CSA; 1474 csa->csa_len = 3; 1475 csa->csa_mode = 1; /* XXX force quiet on channel */ 1476 csa->csa_newchan = ieee80211_chan2ieee(ic, ic->ic_csa_newchan); 1477 csa->csa_count = ic->ic_csa_count - vap->iv_csa_count; 1478 return frm + sizeof(*csa); 1479} 1480 1481/* 1482 * Add an 11h country information element to a frame. 1483 */ 1484static uint8_t * 1485ieee80211_add_countryie(uint8_t *frm, struct ieee80211com *ic) 1486{ 1487 1488 if (ic->ic_countryie == NULL || 1489 ic->ic_countryie_chan != ic->ic_bsschan) { 1490 /* 1491 * Handle lazy construction of ie. This is done on 1492 * first use and after a channel change that requires 1493 * re-calculation. 1494 */ 1495 if (ic->ic_countryie != NULL) 1496 free(ic->ic_countryie, M_80211_NODE_IE); 1497 ic->ic_countryie = ieee80211_alloc_countryie(ic); 1498 if (ic->ic_countryie == NULL) 1499 return frm; 1500 ic->ic_countryie_chan = ic->ic_bsschan; 1501 } 1502 return add_appie(frm, ic->ic_countryie); 1503} 1504 1505/* 1506 * Send a probe request frame with the specified ssid 1507 * and any optional information element data. 1508 */ 1509int 1510ieee80211_send_probereq(struct ieee80211_node *ni, 1511 const uint8_t sa[IEEE80211_ADDR_LEN], 1512 const uint8_t da[IEEE80211_ADDR_LEN], 1513 const uint8_t bssid[IEEE80211_ADDR_LEN], 1514 const uint8_t *ssid, size_t ssidlen) 1515{ 1516 struct ieee80211vap *vap = ni->ni_vap; 1517 struct ieee80211com *ic = ni->ni_ic; 1518 const struct ieee80211_txparam *tp; 1519 struct ieee80211_bpf_params params; 1520 struct ieee80211_frame *wh; 1521 const struct ieee80211_rateset *rs; 1522 struct mbuf *m; 1523 uint8_t *frm; 1524 1525 if (vap->iv_state == IEEE80211_S_CAC) { 1526 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, ni, 1527 "block %s frame in CAC state", "probe request"); 1528 vap->iv_stats.is_tx_badstate++; 1529 return EIO; /* XXX */ 1530 } 1531 1532 /* 1533 * Hold a reference on the node so it doesn't go away until after 1534 * the xmit is complete all the way in the driver. On error we 1535 * will remove our reference. 1536 */ 1537 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1538 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 1539 __func__, __LINE__, 1540 ni, ether_sprintf(ni->ni_macaddr), 1541 ieee80211_node_refcnt(ni)+1); 1542 ieee80211_ref_node(ni); 1543 1544 /* 1545 * prreq frame format 1546 * [tlv] ssid 1547 * [tlv] supported rates 1548 * [tlv] RSN (optional) 1549 * [tlv] extended supported rates 1550 * [tlv] WPA (optional) 1551 * [tlv] user-specified ie's 1552 */ 1553 m = ieee80211_getmgtframe(&frm, 1554 ic->ic_headroom + sizeof(struct ieee80211_frame), 1555 2 + IEEE80211_NWID_LEN 1556 + 2 + IEEE80211_RATE_SIZE 1557 + sizeof(struct ieee80211_ie_wpa) 1558 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 1559 + sizeof(struct ieee80211_ie_wpa) 1560 + (vap->iv_appie_probereq != NULL ? 1561 vap->iv_appie_probereq->ie_len : 0) 1562 ); 1563 if (m == NULL) { 1564 vap->iv_stats.is_tx_nobuf++; 1565 ieee80211_free_node(ni); 1566 return ENOMEM; 1567 } 1568 1569 frm = ieee80211_add_ssid(frm, ssid, ssidlen); 1570 rs = ieee80211_get_suprates(ic, ic->ic_curchan); 1571 frm = ieee80211_add_rates(frm, rs); 1572 if (vap->iv_flags & IEEE80211_F_WPA2) { 1573 if (vap->iv_rsn_ie != NULL) 1574 frm = add_ie(frm, vap->iv_rsn_ie); 1575 /* XXX else complain? */ 1576 } 1577 frm = ieee80211_add_xrates(frm, rs); 1578 if (vap->iv_flags & IEEE80211_F_WPA1) { 1579 if (vap->iv_wpa_ie != NULL) 1580 frm = add_ie(frm, vap->iv_wpa_ie); 1581 /* XXX else complain? */ 1582 } 1583 if (vap->iv_appie_probereq != NULL) 1584 frm = add_appie(frm, vap->iv_appie_probereq); 1585 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 1586 1587 KASSERT(M_LEADINGSPACE(m) >= sizeof(struct ieee80211_frame), 1588 ("leading space %zd", M_LEADINGSPACE(m))); 1589 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1590 if (m == NULL) { 1591 /* NB: cannot happen */ 1592 ieee80211_free_node(ni); 1593 return ENOMEM; 1594 } 1595 1596 wh = mtod(m, struct ieee80211_frame *); 1597 ieee80211_send_setup(ni, m, 1598 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ, 1599 IEEE80211_NONQOS_TID, sa, da, bssid); 1600 /* XXX power management? */ 1601 m->m_flags |= M_ENCAP; /* mark encapsulated */ 1602 1603 M_WME_SETAC(m, WME_AC_BE); 1604 1605 IEEE80211_NODE_STAT(ni, tx_probereq); 1606 IEEE80211_NODE_STAT(ni, tx_mgmt); 1607 1608 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, 1609 "send probe req on channel %u bssid %s ssid \"%.*s\"\n", 1610 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(bssid), 1611 ssidlen, ssid); 1612 1613 memset(¶ms, 0, sizeof(params)); 1614 params.ibp_pri = M_WME_GETAC(m); 1615 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1616 params.ibp_rate0 = tp->mgmtrate; 1617 if (IEEE80211_IS_MULTICAST(da)) { 1618 params.ibp_flags |= IEEE80211_BPF_NOACK; 1619 params.ibp_try0 = 1; 1620 } else 1621 params.ibp_try0 = tp->maxretry; 1622 params.ibp_power = ni->ni_txpower; 1623 return ic->ic_raw_xmit(ni, m, ¶ms); 1624} 1625 1626/* 1627 * Calculate capability information for mgt frames. 1628 */ 1629static uint16_t 1630getcapinfo(struct ieee80211vap *vap, struct ieee80211_channel *chan) 1631{ 1632 struct ieee80211com *ic = vap->iv_ic; 1633 uint16_t capinfo; 1634 1635 KASSERT(vap->iv_opmode != IEEE80211_M_STA, ("station mode")); 1636 1637 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 1638 capinfo = IEEE80211_CAPINFO_ESS; 1639 else if (vap->iv_opmode == IEEE80211_M_IBSS) 1640 capinfo = IEEE80211_CAPINFO_IBSS; 1641 else 1642 capinfo = 0; 1643 if (vap->iv_flags & IEEE80211_F_PRIVACY) 1644 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1645 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1646 IEEE80211_IS_CHAN_2GHZ(chan)) 1647 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1648 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1649 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1650 if (IEEE80211_IS_CHAN_5GHZ(chan) && (vap->iv_flags & IEEE80211_F_DOTH)) 1651 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT; 1652 return capinfo; 1653} 1654 1655/* 1656 * Send a management frame. The node is for the destination (or ic_bss 1657 * when in station mode). Nodes other than ic_bss have their reference 1658 * count bumped to reflect our use for an indeterminant time. 1659 */ 1660int 1661ieee80211_send_mgmt(struct ieee80211_node *ni, int type, int arg) 1662{ 1663#define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT) 1664#define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0) 1665 struct ieee80211vap *vap = ni->ni_vap; 1666 struct ieee80211com *ic = ni->ni_ic; 1667 struct ieee80211_node *bss = vap->iv_bss; 1668 struct ieee80211_bpf_params params; 1669 struct mbuf *m; 1670 uint8_t *frm; 1671 uint16_t capinfo; 1672 int has_challenge, is_shared_key, ret, status; 1673 1674 KASSERT(ni != NULL, ("null node")); 1675 1676 /* 1677 * Hold a reference on the node so it doesn't go away until after 1678 * the xmit is complete all the way in the driver. On error we 1679 * will remove our reference. 1680 */ 1681 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1682 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 1683 __func__, __LINE__, 1684 ni, ether_sprintf(ni->ni_macaddr), 1685 ieee80211_node_refcnt(ni)+1); 1686 ieee80211_ref_node(ni); 1687 1688 memset(¶ms, 0, sizeof(params)); 1689 switch (type) { 1690 1691 case IEEE80211_FC0_SUBTYPE_AUTH: 1692 status = arg >> 16; 1693 arg &= 0xffff; 1694 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE || 1695 arg == IEEE80211_AUTH_SHARED_RESPONSE) && 1696 ni->ni_challenge != NULL); 1697 1698 /* 1699 * Deduce whether we're doing open authentication or 1700 * shared key authentication. We do the latter if 1701 * we're in the middle of a shared key authentication 1702 * handshake or if we're initiating an authentication 1703 * request and configured to use shared key. 1704 */ 1705 is_shared_key = has_challenge || 1706 arg >= IEEE80211_AUTH_SHARED_RESPONSE || 1707 (arg == IEEE80211_AUTH_SHARED_REQUEST && 1708 bss->ni_authmode == IEEE80211_AUTH_SHARED); 1709 1710 m = ieee80211_getmgtframe(&frm, 1711 ic->ic_headroom + sizeof(struct ieee80211_frame), 1712 3 * sizeof(uint16_t) 1713 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ? 1714 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN : 0) 1715 ); 1716 if (m == NULL) 1717 senderr(ENOMEM, is_tx_nobuf); 1718 1719 ((uint16_t *)frm)[0] = 1720 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED) 1721 : htole16(IEEE80211_AUTH_ALG_OPEN); 1722 ((uint16_t *)frm)[1] = htole16(arg); /* sequence number */ 1723 ((uint16_t *)frm)[2] = htole16(status);/* status */ 1724 1725 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) { 1726 ((uint16_t *)frm)[3] = 1727 htole16((IEEE80211_CHALLENGE_LEN << 8) | 1728 IEEE80211_ELEMID_CHALLENGE); 1729 memcpy(&((uint16_t *)frm)[4], ni->ni_challenge, 1730 IEEE80211_CHALLENGE_LEN); 1731 m->m_pkthdr.len = m->m_len = 1732 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN; 1733 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) { 1734 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni, 1735 "request encrypt frame (%s)", __func__); 1736 /* mark frame for encryption */ 1737 params.ibp_flags |= IEEE80211_BPF_CRYPTO; 1738 } 1739 } else 1740 m->m_pkthdr.len = m->m_len = 3 * sizeof(uint16_t); 1741 1742 /* XXX not right for shared key */ 1743 if (status == IEEE80211_STATUS_SUCCESS) 1744 IEEE80211_NODE_STAT(ni, tx_auth); 1745 else 1746 IEEE80211_NODE_STAT(ni, tx_auth_fail); 1747 1748 if (vap->iv_opmode == IEEE80211_M_STA) 1749 ieee80211_add_callback(m, ieee80211_tx_mgt_cb, 1750 (void *) vap->iv_state); 1751 break; 1752 1753 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1754 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni, 1755 "send station deauthenticate (reason %d)", arg); 1756 m = ieee80211_getmgtframe(&frm, 1757 ic->ic_headroom + sizeof(struct ieee80211_frame), 1758 sizeof(uint16_t)); 1759 if (m == NULL) 1760 senderr(ENOMEM, is_tx_nobuf); 1761 *(uint16_t *)frm = htole16(arg); /* reason */ 1762 m->m_pkthdr.len = m->m_len = sizeof(uint16_t); 1763 1764 IEEE80211_NODE_STAT(ni, tx_deauth); 1765 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg); 1766 1767 ieee80211_node_unauthorize(ni); /* port closed */ 1768 break; 1769 1770 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1771 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 1772 /* 1773 * asreq frame format 1774 * [2] capability information 1775 * [2] listen interval 1776 * [6*] current AP address (reassoc only) 1777 * [tlv] ssid 1778 * [tlv] supported rates 1779 * [tlv] extended supported rates 1780 * [4] power capability (optional) 1781 * [28] supported channels (optional) 1782 * [tlv] HT capabilities 1783 * [tlv] WME (optional) 1784 * [tlv] Vendor OUI HT capabilities (optional) 1785 * [tlv] Atheros capabilities (if negotiated) 1786 * [tlv] AppIE's (optional) 1787 */ 1788 m = ieee80211_getmgtframe(&frm, 1789 ic->ic_headroom + sizeof(struct ieee80211_frame), 1790 sizeof(uint16_t) 1791 + sizeof(uint16_t) 1792 + IEEE80211_ADDR_LEN 1793 + 2 + IEEE80211_NWID_LEN 1794 + 2 + IEEE80211_RATE_SIZE 1795 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 1796 + 4 1797 + 2 + 26 1798 + sizeof(struct ieee80211_wme_info) 1799 + sizeof(struct ieee80211_ie_htcap) 1800 + 4 + sizeof(struct ieee80211_ie_htcap) 1801#ifdef IEEE80211_SUPPORT_SUPERG 1802 + sizeof(struct ieee80211_ath_ie) 1803#endif 1804 + (vap->iv_appie_wpa != NULL ? 1805 vap->iv_appie_wpa->ie_len : 0) 1806 + (vap->iv_appie_assocreq != NULL ? 1807 vap->iv_appie_assocreq->ie_len : 0) 1808 ); 1809 if (m == NULL) 1810 senderr(ENOMEM, is_tx_nobuf); 1811 1812 KASSERT(vap->iv_opmode == IEEE80211_M_STA, 1813 ("wrong mode %u", vap->iv_opmode)); 1814 capinfo = IEEE80211_CAPINFO_ESS; 1815 if (vap->iv_flags & IEEE80211_F_PRIVACY) 1816 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1817 /* 1818 * NB: Some 11a AP's reject the request when 1819 * short premable is set. 1820 */ 1821 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1822 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 1823 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1824 if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan) && 1825 (ic->ic_caps & IEEE80211_C_SHSLOT)) 1826 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1827 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) && 1828 (vap->iv_flags & IEEE80211_F_DOTH)) 1829 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT; 1830 *(uint16_t *)frm = htole16(capinfo); 1831 frm += 2; 1832 1833 KASSERT(bss->ni_intval != 0, ("beacon interval is zero!")); 1834 *(uint16_t *)frm = htole16(howmany(ic->ic_lintval, 1835 bss->ni_intval)); 1836 frm += 2; 1837 1838 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1839 IEEE80211_ADDR_COPY(frm, bss->ni_bssid); 1840 frm += IEEE80211_ADDR_LEN; 1841 } 1842 1843 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1844 frm = ieee80211_add_rates(frm, &ni->ni_rates); 1845 if (vap->iv_flags & IEEE80211_F_WPA2) { 1846 if (vap->iv_rsn_ie != NULL) 1847 frm = add_ie(frm, vap->iv_rsn_ie); 1848 /* XXX else complain? */ 1849 } 1850 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 1851 if (capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) { 1852 frm = ieee80211_add_powercapability(frm, 1853 ic->ic_curchan); 1854 frm = ieee80211_add_supportedchannels(frm, ic); 1855 }
| 270 (m->m_flags & M_EAPOL) == 0) { 271 const int ac = M_WME_GETAC(m); 272 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[ac]; 273 274 ieee80211_txampdu_count_packet(tap); 275 if (IEEE80211_AMPDU_RUNNING(tap)) { 276 /* 277 * Operational, mark frame for aggregation. 278 * 279 * XXX do tx aggregation here 280 */ 281 m->m_flags |= M_AMPDU_MPDU; 282 } else if (!IEEE80211_AMPDU_REQUESTED(tap) && 283 ic->ic_ampdu_enable(ni, tap)) { 284 /* 285 * Not negotiated yet, request service. 286 */ 287 ieee80211_ampdu_request(ni, tap); 288 /* XXX hold frame for reply? */ 289 } 290 } 291#ifdef IEEE80211_SUPPORT_SUPERG 292 else if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF)) { 293 m = ieee80211_ff_check(ni, m); 294 if (m == NULL) { 295 /* NB: any ni ref held on stageq */ 296 continue; 297 } 298 } 299#endif /* IEEE80211_SUPPORT_SUPERG */ 300 if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) { 301 /* 302 * Encapsulate the packet in prep for transmission. 303 */ 304 m = ieee80211_encap(vap, ni, m); 305 if (m == NULL) { 306 /* NB: stat+msg handled in ieee80211_encap */ 307 ieee80211_free_node(ni); 308 continue; 309 } 310 } 311 312 error = parent->if_transmit(parent, m); 313 if (error != 0) { 314 /* NB: IFQ_HANDOFF reclaims mbuf */ 315 ieee80211_free_node(ni); 316 } else { 317 ifp->if_opackets++; 318 } 319 ic->ic_lastdata = ticks; 320 } 321#undef IS_DWDS 322} 323 324/* 325 * 802.11 output routine. This is (currently) used only to 326 * connect bpf write calls to the 802.11 layer for injecting 327 * raw 802.11 frames. 328 */ 329int 330ieee80211_output(struct ifnet *ifp, struct mbuf *m, 331 struct sockaddr *dst, struct route *ro) 332{ 333#define senderr(e) do { error = (e); goto bad;} while (0) 334 struct ieee80211_node *ni = NULL; 335 struct ieee80211vap *vap; 336 struct ieee80211_frame *wh; 337 int error; 338 339 if (ifp->if_drv_flags & IFF_DRV_OACTIVE) { 340 /* 341 * Short-circuit requests if the vap is marked OACTIVE 342 * as this is used when tearing down state to indicate 343 * the vap may be gone. This can also happen because a 344 * packet came down through ieee80211_start before the 345 * vap entered RUN state in which case it's also ok to 346 * just drop the frame. This should not be necessary 347 * but callers of if_output don't check OACTIVE. 348 */ 349 senderr(ENETDOWN); 350 } 351 vap = ifp->if_softc; 352 /* 353 * Hand to the 802.3 code if not tagged as 354 * a raw 802.11 frame. 355 */ 356 if (dst->sa_family != AF_IEEE80211) 357 return vap->iv_output(ifp, m, dst, ro); 358#ifdef MAC 359 error = mac_ifnet_check_transmit(ifp, m); 360 if (error) 361 senderr(error); 362#endif 363 if (ifp->if_flags & IFF_MONITOR) 364 senderr(ENETDOWN); 365 if (!IFNET_IS_UP_RUNNING(ifp)) 366 senderr(ENETDOWN); 367 if (vap->iv_state == IEEE80211_S_CAC) { 368 IEEE80211_DPRINTF(vap, 369 IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 370 "block %s frame in CAC state\n", "raw data"); 371 vap->iv_stats.is_tx_badstate++; 372 senderr(EIO); /* XXX */ 373 } 374 /* XXX bypass bridge, pfil, carp, etc. */ 375 376 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack)) 377 senderr(EIO); /* XXX */ 378 wh = mtod(m, struct ieee80211_frame *); 379 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 380 IEEE80211_FC0_VERSION_0) 381 senderr(EIO); /* XXX */ 382 383 /* locate destination node */ 384 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 385 case IEEE80211_FC1_DIR_NODS: 386 case IEEE80211_FC1_DIR_FROMDS: 387 ni = ieee80211_find_txnode(vap, wh->i_addr1); 388 break; 389 case IEEE80211_FC1_DIR_TODS: 390 case IEEE80211_FC1_DIR_DSTODS: 391 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) 392 senderr(EIO); /* XXX */ 393 ni = ieee80211_find_txnode(vap, wh->i_addr3); 394 break; 395 default: 396 senderr(EIO); /* XXX */ 397 } 398 if (ni == NULL) { 399 /* 400 * Permit packets w/ bpf params through regardless 401 * (see below about sa_len). 402 */ 403 if (dst->sa_len == 0) 404 senderr(EHOSTUNREACH); 405 ni = ieee80211_ref_node(vap->iv_bss); 406 } 407 408 /* 409 * Sanitize mbuf for net80211 flags leaked from above. 410 * 411 * NB: This must be done before ieee80211_classify as 412 * it marks EAPOL in frames with M_EAPOL. 413 */ 414 m->m_flags &= ~M_80211_TX; 415 416 /* calculate priority so drivers can find the tx queue */ 417 /* XXX assumes an 802.3 frame */ 418 if (ieee80211_classify(ni, m)) 419 senderr(EIO); /* XXX */ 420 421 IEEE80211_NODE_STAT(ni, tx_data); 422 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 423 IEEE80211_NODE_STAT(ni, tx_mcast); 424 m->m_flags |= M_MCAST; 425 } else 426 IEEE80211_NODE_STAT(ni, tx_ucast); 427 /* NB: ieee80211_encap does not include 802.11 header */ 428 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, m->m_pkthdr.len); 429 430 /* 431 * NB: DLT_IEEE802_11_RADIO identifies the parameters are 432 * present by setting the sa_len field of the sockaddr (yes, 433 * this is a hack). 434 * NB: we assume sa_data is suitably aligned to cast. 435 */ 436 return vap->iv_ic->ic_raw_xmit(ni, m, 437 (const struct ieee80211_bpf_params *)(dst->sa_len ? 438 dst->sa_data : NULL)); 439bad: 440 if (m != NULL) 441 m_freem(m); 442 if (ni != NULL) 443 ieee80211_free_node(ni); 444 return error; 445#undef senderr 446} 447 448/* 449 * Set the direction field and address fields of an outgoing 450 * frame. Note this should be called early on in constructing 451 * a frame as it sets i_fc[1]; other bits can then be or'd in. 452 */ 453static void 454ieee80211_send_setup( 455 struct ieee80211_node *ni, 456 struct mbuf *m, 457 int type, int tid, 458 const uint8_t sa[IEEE80211_ADDR_LEN], 459 const uint8_t da[IEEE80211_ADDR_LEN], 460 const uint8_t bssid[IEEE80211_ADDR_LEN]) 461{ 462#define WH4(wh) ((struct ieee80211_frame_addr4 *)wh) 463 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); 464 ieee80211_seq seqno; 465 466 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type; 467 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) { 468 struct ieee80211vap *vap = ni->ni_vap; 469 470 switch (vap->iv_opmode) { 471 case IEEE80211_M_STA: 472 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 473 IEEE80211_ADDR_COPY(wh->i_addr1, bssid); 474 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 475 IEEE80211_ADDR_COPY(wh->i_addr3, da); 476 break; 477 case IEEE80211_M_IBSS: 478 case IEEE80211_M_AHDEMO: 479 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 480 IEEE80211_ADDR_COPY(wh->i_addr1, da); 481 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 482 IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 483 break; 484 case IEEE80211_M_HOSTAP: 485 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 486 IEEE80211_ADDR_COPY(wh->i_addr1, da); 487 IEEE80211_ADDR_COPY(wh->i_addr2, bssid); 488 IEEE80211_ADDR_COPY(wh->i_addr3, sa); 489 break; 490 case IEEE80211_M_WDS: 491 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 492 IEEE80211_ADDR_COPY(wh->i_addr1, da); 493 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 494 IEEE80211_ADDR_COPY(wh->i_addr3, da); 495 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa); 496 break; 497 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */ 498 break; 499 } 500 } else { 501 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 502 IEEE80211_ADDR_COPY(wh->i_addr1, da); 503 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 504 IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 505 } 506 *(uint16_t *)&wh->i_dur[0] = 0; 507 508 seqno = ni->ni_txseqs[tid]++; 509 *(uint16_t *)&wh->i_seq[0] = htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 510 M_SEQNO_SET(m, seqno); 511 512 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 513 m->m_flags |= M_MCAST; 514#undef WH4 515} 516 517/* 518 * Send a management frame to the specified node. The node pointer 519 * must have a reference as the pointer will be passed to the driver 520 * and potentially held for a long time. If the frame is successfully 521 * dispatched to the driver, then it is responsible for freeing the 522 * reference (and potentially free'ing up any associated storage); 523 * otherwise deal with reclaiming any reference (on error). 524 */ 525int 526ieee80211_mgmt_output(struct ieee80211_node *ni, struct mbuf *m, int type, 527 struct ieee80211_bpf_params *params) 528{ 529 struct ieee80211vap *vap = ni->ni_vap; 530 struct ieee80211com *ic = ni->ni_ic; 531 struct ieee80211_frame *wh; 532 533 KASSERT(ni != NULL, ("null node")); 534 535 if (vap->iv_state == IEEE80211_S_CAC) { 536 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 537 ni, "block %s frame in CAC state", 538 ieee80211_mgt_subtype_name[ 539 (type & IEEE80211_FC0_SUBTYPE_MASK) >> 540 IEEE80211_FC0_SUBTYPE_SHIFT]); 541 vap->iv_stats.is_tx_badstate++; 542 ieee80211_free_node(ni); 543 m_freem(m); 544 return EIO; /* XXX */ 545 } 546 547 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 548 if (m == NULL) { 549 ieee80211_free_node(ni); 550 return ENOMEM; 551 } 552 553 wh = mtod(m, struct ieee80211_frame *); 554 ieee80211_send_setup(ni, m, 555 IEEE80211_FC0_TYPE_MGT | type, IEEE80211_NONQOS_TID, 556 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 557 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 558 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr1, 559 "encrypting frame (%s)", __func__); 560 wh->i_fc[1] |= IEEE80211_FC1_WEP; 561 } 562 m->m_flags |= M_ENCAP; /* mark encapsulated */ 563 564 KASSERT(type != IEEE80211_FC0_SUBTYPE_PROBE_RESP, ("probe response?")); 565 M_WME_SETAC(m, params->ibp_pri); 566 567#ifdef IEEE80211_DEBUG 568 /* avoid printing too many frames */ 569 if ((ieee80211_msg_debug(vap) && doprint(vap, type)) || 570 ieee80211_msg_dumppkts(vap)) { 571 printf("[%s] send %s on channel %u\n", 572 ether_sprintf(wh->i_addr1), 573 ieee80211_mgt_subtype_name[ 574 (type & IEEE80211_FC0_SUBTYPE_MASK) >> 575 IEEE80211_FC0_SUBTYPE_SHIFT], 576 ieee80211_chan2ieee(ic, ic->ic_curchan)); 577 } 578#endif 579 IEEE80211_NODE_STAT(ni, tx_mgmt); 580 581 return ic->ic_raw_xmit(ni, m, params); 582} 583 584/* 585 * Send a null data frame to the specified node. If the station 586 * is setup for QoS then a QoS Null Data frame is constructed. 587 * If this is a WDS station then a 4-address frame is constructed. 588 * 589 * NB: the caller is assumed to have setup a node reference 590 * for use; this is necessary to deal with a race condition 591 * when probing for inactive stations. Like ieee80211_mgmt_output 592 * we must cleanup any node reference on error; however we 593 * can safely just unref it as we know it will never be the 594 * last reference to the node. 595 */ 596int 597ieee80211_send_nulldata(struct ieee80211_node *ni) 598{ 599 struct ieee80211vap *vap = ni->ni_vap; 600 struct ieee80211com *ic = ni->ni_ic; 601 struct mbuf *m; 602 struct ieee80211_frame *wh; 603 int hdrlen; 604 uint8_t *frm; 605 606 if (vap->iv_state == IEEE80211_S_CAC) { 607 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 608 ni, "block %s frame in CAC state", "null data"); 609 ieee80211_unref_node(&ni); 610 vap->iv_stats.is_tx_badstate++; 611 return EIO; /* XXX */ 612 } 613 614 if (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) 615 hdrlen = sizeof(struct ieee80211_qosframe); 616 else 617 hdrlen = sizeof(struct ieee80211_frame); 618 /* NB: only WDS vap's get 4-address frames */ 619 if (vap->iv_opmode == IEEE80211_M_WDS) 620 hdrlen += IEEE80211_ADDR_LEN; 621 if (ic->ic_flags & IEEE80211_F_DATAPAD) 622 hdrlen = roundup(hdrlen, sizeof(uint32_t)); 623 624 m = ieee80211_getmgtframe(&frm, ic->ic_headroom + hdrlen, 0); 625 if (m == NULL) { 626 /* XXX debug msg */ 627 ieee80211_unref_node(&ni); 628 vap->iv_stats.is_tx_nobuf++; 629 return ENOMEM; 630 } 631 KASSERT(M_LEADINGSPACE(m) >= hdrlen, 632 ("leading space %zd", M_LEADINGSPACE(m))); 633 M_PREPEND(m, hdrlen, M_DONTWAIT); 634 if (m == NULL) { 635 /* NB: cannot happen */ 636 ieee80211_free_node(ni); 637 return ENOMEM; 638 } 639 640 wh = mtod(m, struct ieee80211_frame *); /* NB: a little lie */ 641 if (ni->ni_flags & IEEE80211_NODE_QOS) { 642 const int tid = WME_AC_TO_TID(WME_AC_BE); 643 uint8_t *qos; 644 645 ieee80211_send_setup(ni, m, 646 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS_NULL, 647 tid, vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 648 649 if (vap->iv_opmode == IEEE80211_M_WDS) 650 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 651 else 652 qos = ((struct ieee80211_qosframe *) wh)->i_qos; 653 qos[0] = tid & IEEE80211_QOS_TID; 654 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[WME_AC_BE].wmep_noackPolicy) 655 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK; 656 qos[1] = 0; 657 } else { 658 ieee80211_send_setup(ni, m, 659 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA, 660 IEEE80211_NONQOS_TID, 661 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 662 } 663 if (vap->iv_opmode != IEEE80211_M_WDS) { 664 /* NB: power management bit is never sent by an AP */ 665 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && 666 vap->iv_opmode != IEEE80211_M_HOSTAP) 667 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT; 668 } 669 m->m_len = m->m_pkthdr.len = hdrlen; 670 m->m_flags |= M_ENCAP; /* mark encapsulated */ 671 672 M_WME_SETAC(m, WME_AC_BE); 673 674 IEEE80211_NODE_STAT(ni, tx_data); 675 676 IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, ni, 677 "send %snull data frame on channel %u, pwr mgt %s", 678 ni->ni_flags & IEEE80211_NODE_QOS ? "QoS " : "", 679 ieee80211_chan2ieee(ic, ic->ic_curchan), 680 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis"); 681 682 return ic->ic_raw_xmit(ni, m, NULL); 683} 684 685/* 686 * Assign priority to a frame based on any vlan tag assigned 687 * to the station and/or any Diffserv setting in an IP header. 688 * Finally, if an ACM policy is setup (in station mode) it's 689 * applied. 690 */ 691int 692ieee80211_classify(struct ieee80211_node *ni, struct mbuf *m) 693{ 694 const struct ether_header *eh = mtod(m, struct ether_header *); 695 int v_wme_ac, d_wme_ac, ac; 696 697 /* 698 * Always promote PAE/EAPOL frames to high priority. 699 */ 700 if (eh->ether_type == htons(ETHERTYPE_PAE)) { 701 /* NB: mark so others don't need to check header */ 702 m->m_flags |= M_EAPOL; 703 ac = WME_AC_VO; 704 goto done; 705 } 706 /* 707 * Non-qos traffic goes to BE. 708 */ 709 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) { 710 ac = WME_AC_BE; 711 goto done; 712 } 713 714 /* 715 * If node has a vlan tag then all traffic 716 * to it must have a matching tag. 717 */ 718 v_wme_ac = 0; 719 if (ni->ni_vlan != 0) { 720 if ((m->m_flags & M_VLANTAG) == 0) { 721 IEEE80211_NODE_STAT(ni, tx_novlantag); 722 return 1; 723 } 724 if (EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 725 EVL_VLANOFTAG(ni->ni_vlan)) { 726 IEEE80211_NODE_STAT(ni, tx_vlanmismatch); 727 return 1; 728 } 729 /* map vlan priority to AC */ 730 v_wme_ac = TID_TO_WME_AC(EVL_PRIOFTAG(ni->ni_vlan)); 731 } 732 733#ifdef INET 734 if (eh->ether_type == htons(ETHERTYPE_IP)) { 735 uint8_t tos; 736 /* 737 * IP frame, map the DSCP bits from the TOS field. 738 */ 739 /* XXX m_copydata may be too slow for fast path */ 740 /* NB: ip header may not be in first mbuf */ 741 m_copydata(m, sizeof(struct ether_header) + 742 offsetof(struct ip, ip_tos), sizeof(tos), &tos); 743 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */ 744 d_wme_ac = TID_TO_WME_AC(tos); 745 } else { 746#endif /* INET */ 747 d_wme_ac = WME_AC_BE; 748#ifdef INET 749 } 750#endif 751 /* 752 * Use highest priority AC. 753 */ 754 if (v_wme_ac > d_wme_ac) 755 ac = v_wme_ac; 756 else 757 ac = d_wme_ac; 758 759 /* 760 * Apply ACM policy. 761 */ 762 if (ni->ni_vap->iv_opmode == IEEE80211_M_STA) { 763 static const int acmap[4] = { 764 WME_AC_BK, /* WME_AC_BE */ 765 WME_AC_BK, /* WME_AC_BK */ 766 WME_AC_BE, /* WME_AC_VI */ 767 WME_AC_VI, /* WME_AC_VO */ 768 }; 769 struct ieee80211com *ic = ni->ni_ic; 770 771 while (ac != WME_AC_BK && 772 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm) 773 ac = acmap[ac]; 774 } 775done: 776 M_WME_SETAC(m, ac); 777 return 0; 778} 779 780/* 781 * Insure there is sufficient contiguous space to encapsulate the 782 * 802.11 data frame. If room isn't already there, arrange for it. 783 * Drivers and cipher modules assume we have done the necessary work 784 * and fail rudely if they don't find the space they need. 785 */ 786struct mbuf * 787ieee80211_mbuf_adjust(struct ieee80211vap *vap, int hdrsize, 788 struct ieee80211_key *key, struct mbuf *m) 789{ 790#define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc)) 791 int needed_space = vap->iv_ic->ic_headroom + hdrsize; 792 793 if (key != NULL) { 794 /* XXX belongs in crypto code? */ 795 needed_space += key->wk_cipher->ic_header; 796 /* XXX frags */ 797 /* 798 * When crypto is being done in the host we must insure 799 * the data are writable for the cipher routines; clone 800 * a writable mbuf chain. 801 * XXX handle SWMIC specially 802 */ 803 if (key->wk_flags & (IEEE80211_KEY_SWENCRYPT|IEEE80211_KEY_SWENMIC)) { 804 m = m_unshare(m, M_NOWAIT); 805 if (m == NULL) { 806 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 807 "%s: cannot get writable mbuf\n", __func__); 808 vap->iv_stats.is_tx_nobuf++; /* XXX new stat */ 809 return NULL; 810 } 811 } 812 } 813 /* 814 * We know we are called just before stripping an Ethernet 815 * header and prepending an LLC header. This means we know 816 * there will be 817 * sizeof(struct ether_header) - sizeof(struct llc) 818 * bytes recovered to which we need additional space for the 819 * 802.11 header and any crypto header. 820 */ 821 /* XXX check trailing space and copy instead? */ 822 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) { 823 struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type); 824 if (n == NULL) { 825 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 826 "%s: cannot expand storage\n", __func__); 827 vap->iv_stats.is_tx_nobuf++; 828 m_freem(m); 829 return NULL; 830 } 831 KASSERT(needed_space <= MHLEN, 832 ("not enough room, need %u got %zu\n", needed_space, MHLEN)); 833 /* 834 * Setup new mbuf to have leading space to prepend the 835 * 802.11 header and any crypto header bits that are 836 * required (the latter are added when the driver calls 837 * back to ieee80211_crypto_encap to do crypto encapsulation). 838 */ 839 /* NB: must be first 'cuz it clobbers m_data */ 840 m_move_pkthdr(n, m); 841 n->m_len = 0; /* NB: m_gethdr does not set */ 842 n->m_data += needed_space; 843 /* 844 * Pull up Ethernet header to create the expected layout. 845 * We could use m_pullup but that's overkill (i.e. we don't 846 * need the actual data) and it cannot fail so do it inline 847 * for speed. 848 */ 849 /* NB: struct ether_header is known to be contiguous */ 850 n->m_len += sizeof(struct ether_header); 851 m->m_len -= sizeof(struct ether_header); 852 m->m_data += sizeof(struct ether_header); 853 /* 854 * Replace the head of the chain. 855 */ 856 n->m_next = m; 857 m = n; 858 } 859 return m; 860#undef TO_BE_RECLAIMED 861} 862 863/* 864 * Return the transmit key to use in sending a unicast frame. 865 * If a unicast key is set we use that. When no unicast key is set 866 * we fall back to the default transmit key. 867 */ 868static __inline struct ieee80211_key * 869ieee80211_crypto_getucastkey(struct ieee80211vap *vap, 870 struct ieee80211_node *ni) 871{ 872 if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { 873 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE || 874 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey])) 875 return NULL; 876 return &vap->iv_nw_keys[vap->iv_def_txkey]; 877 } else { 878 return &ni->ni_ucastkey; 879 } 880} 881 882/* 883 * Return the transmit key to use in sending a multicast frame. 884 * Multicast traffic always uses the group key which is installed as 885 * the default tx key. 886 */ 887static __inline struct ieee80211_key * 888ieee80211_crypto_getmcastkey(struct ieee80211vap *vap, 889 struct ieee80211_node *ni) 890{ 891 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE || 892 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey])) 893 return NULL; 894 return &vap->iv_nw_keys[vap->iv_def_txkey]; 895} 896 897/* 898 * Encapsulate an outbound data frame. The mbuf chain is updated. 899 * If an error is encountered NULL is returned. The caller is required 900 * to provide a node reference and pullup the ethernet header in the 901 * first mbuf. 902 * 903 * NB: Packet is assumed to be processed by ieee80211_classify which 904 * marked EAPOL frames w/ M_EAPOL. 905 */ 906struct mbuf * 907ieee80211_encap(struct ieee80211vap *vap, struct ieee80211_node *ni, 908 struct mbuf *m) 909{ 910#define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh)) 911 struct ieee80211com *ic = ni->ni_ic; 912 struct ether_header eh; 913 struct ieee80211_frame *wh; 914 struct ieee80211_key *key; 915 struct llc *llc; 916 int hdrsize, hdrspace, datalen, addqos, txfrag, is4addr; 917 ieee80211_seq seqno; 918 919 /* 920 * Copy existing Ethernet header to a safe place. The 921 * rest of the code assumes it's ok to strip it when 922 * reorganizing state for the final encapsulation. 923 */ 924 KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!")); 925 ETHER_HEADER_COPY(&eh, mtod(m, caddr_t)); 926 927 /* 928 * Insure space for additional headers. First identify 929 * transmit key to use in calculating any buffer adjustments 930 * required. This is also used below to do privacy 931 * encapsulation work. Then calculate the 802.11 header 932 * size and any padding required by the driver. 933 * 934 * Note key may be NULL if we fall back to the default 935 * transmit key and that is not set. In that case the 936 * buffer may not be expanded as needed by the cipher 937 * routines, but they will/should discard it. 938 */ 939 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 940 if (vap->iv_opmode == IEEE80211_M_STA || 941 !IEEE80211_IS_MULTICAST(eh.ether_dhost) || 942 (vap->iv_opmode == IEEE80211_M_WDS && 943 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY))) 944 key = ieee80211_crypto_getucastkey(vap, ni); 945 else 946 key = ieee80211_crypto_getmcastkey(vap, ni); 947 if (key == NULL && (m->m_flags & M_EAPOL) == 0) { 948 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, 949 eh.ether_dhost, 950 "no default transmit key (%s) deftxkey %u", 951 __func__, vap->iv_def_txkey); 952 vap->iv_stats.is_tx_nodefkey++; 953 goto bad; 954 } 955 } else 956 key = NULL; 957 /* 958 * XXX Some ap's don't handle QoS-encapsulated EAPOL 959 * frames so suppress use. This may be an issue if other 960 * ap's require all data frames to be QoS-encapsulated 961 * once negotiated in which case we'll need to make this 962 * configurable. 963 */ 964 addqos = (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) && 965 (m->m_flags & M_EAPOL) == 0; 966 if (addqos) 967 hdrsize = sizeof(struct ieee80211_qosframe); 968 else 969 hdrsize = sizeof(struct ieee80211_frame); 970 /* 971 * 4-address frames need to be generated for: 972 * o packets sent through a WDS vap (IEEE80211_M_WDS) 973 * o packets sent through a vap marked for relaying 974 * (e.g. a station operating with dynamic WDS) 975 */ 976 is4addr = vap->iv_opmode == IEEE80211_M_WDS || 977 ((vap->iv_flags_ext & IEEE80211_FEXT_4ADDR) && 978 !IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)); 979 if (is4addr) 980 hdrsize += IEEE80211_ADDR_LEN; 981 /* 982 * Honor driver DATAPAD requirement. 983 */ 984 if (ic->ic_flags & IEEE80211_F_DATAPAD) 985 hdrspace = roundup(hdrsize, sizeof(uint32_t)); 986 else 987 hdrspace = hdrsize; 988 989 if (__predict_true((m->m_flags & M_FF) == 0)) { 990 /* 991 * Normal frame. 992 */ 993 m = ieee80211_mbuf_adjust(vap, hdrspace, key, m); 994 if (m == NULL) { 995 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */ 996 goto bad; 997 } 998 /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */ 999 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc)); 1000 llc = mtod(m, struct llc *); 1001 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 1002 llc->llc_control = LLC_UI; 1003 llc->llc_snap.org_code[0] = 0; 1004 llc->llc_snap.org_code[1] = 0; 1005 llc->llc_snap.org_code[2] = 0; 1006 llc->llc_snap.ether_type = eh.ether_type; 1007 } else { 1008#ifdef IEEE80211_SUPPORT_SUPERG 1009 /* 1010 * Aggregated frame. 1011 */ 1012 m = ieee80211_ff_encap(vap, m, hdrspace, key); 1013 if (m == NULL) 1014#endif 1015 goto bad; 1016 } 1017 datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */ 1018 1019 M_PREPEND(m, hdrspace, M_DONTWAIT); 1020 if (m == NULL) { 1021 vap->iv_stats.is_tx_nobuf++; 1022 goto bad; 1023 } 1024 wh = mtod(m, struct ieee80211_frame *); 1025 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 1026 *(uint16_t *)wh->i_dur = 0; 1027 if (is4addr) { 1028 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 1029 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 1030 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 1031 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 1032 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost); 1033 } else switch (vap->iv_opmode) { 1034 case IEEE80211_M_STA: 1035 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 1036 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 1037 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 1038 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 1039 break; 1040 case IEEE80211_M_IBSS: 1041 case IEEE80211_M_AHDEMO: 1042 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1043 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1044 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 1045 /* 1046 * NB: always use the bssid from iv_bss as the 1047 * neighbor's may be stale after an ibss merge 1048 */ 1049 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_bssid); 1050 break; 1051 case IEEE80211_M_HOSTAP: 1052 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 1053 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1054 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 1055 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 1056 break; 1057 case IEEE80211_M_MONITOR: 1058 case IEEE80211_M_WDS: /* NB: is4addr should always be true */ 1059 goto bad; 1060 } 1061 if (m->m_flags & M_MORE_DATA) 1062 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 1063 if (addqos) { 1064 uint8_t *qos; 1065 int ac, tid; 1066 1067 if (is4addr) { 1068 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 1069 } else 1070 qos = ((struct ieee80211_qosframe *) wh)->i_qos; 1071 ac = M_WME_GETAC(m); 1072 /* map from access class/queue to 11e header priorty value */ 1073 tid = WME_AC_TO_TID(ac); 1074 qos[0] = tid & IEEE80211_QOS_TID; 1075 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy) 1076 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK; 1077 qos[1] = 0; 1078 wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 1079 1080 if ((m->m_flags & M_AMPDU_MPDU) == 0) { 1081 /* 1082 * NB: don't assign a sequence # to potential 1083 * aggregates; we expect this happens at the 1084 * point the frame comes off any aggregation q 1085 * as otherwise we may introduce holes in the 1086 * BA sequence space and/or make window accouting 1087 * more difficult. 1088 * 1089 * XXX may want to control this with a driver 1090 * capability; this may also change when we pull 1091 * aggregation up into net80211 1092 */ 1093 seqno = ni->ni_txseqs[tid]++; 1094 *(uint16_t *)wh->i_seq = 1095 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 1096 M_SEQNO_SET(m, seqno); 1097 } 1098 } else { 1099 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++; 1100 *(uint16_t *)wh->i_seq = 1101 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 1102 M_SEQNO_SET(m, seqno); 1103 } 1104 1105 /* check if xmit fragmentation is required */ 1106 txfrag = (m->m_pkthdr.len > vap->iv_fragthreshold && 1107 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1108 (vap->iv_caps & IEEE80211_C_TXFRAG) && 1109 (m->m_flags & (M_FF | M_AMPDU_MPDU)) == 0); 1110 if (key != NULL) { 1111 /* 1112 * IEEE 802.1X: send EAPOL frames always in the clear. 1113 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set. 1114 */ 1115 if ((m->m_flags & M_EAPOL) == 0 || 1116 ((vap->iv_flags & IEEE80211_F_WPA) && 1117 (vap->iv_opmode == IEEE80211_M_STA ? 1118 !IEEE80211_KEY_UNDEFINED(key) : 1119 !IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)))) { 1120 wh->i_fc[1] |= IEEE80211_FC1_WEP; 1121 if (!ieee80211_crypto_enmic(vap, key, m, txfrag)) { 1122 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, 1123 eh.ether_dhost, 1124 "%s", "enmic failed, discard frame"); 1125 vap->iv_stats.is_crypto_enmicfail++; 1126 goto bad; 1127 } 1128 } 1129 } 1130 if (txfrag && !ieee80211_fragment(vap, m, hdrsize, 1131 key != NULL ? key->wk_cipher->ic_header : 0, vap->iv_fragthreshold)) 1132 goto bad; 1133 1134 m->m_flags |= M_ENCAP; /* mark encapsulated */ 1135 1136 IEEE80211_NODE_STAT(ni, tx_data); 1137 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1138 IEEE80211_NODE_STAT(ni, tx_mcast); 1139 m->m_flags |= M_MCAST; 1140 } else 1141 IEEE80211_NODE_STAT(ni, tx_ucast); 1142 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen); 1143 1144 return m; 1145bad: 1146 if (m != NULL) 1147 m_freem(m); 1148 return NULL; 1149#undef WH4 1150} 1151 1152/* 1153 * Fragment the frame according to the specified mtu. 1154 * The size of the 802.11 header (w/o padding) is provided 1155 * so we don't need to recalculate it. We create a new 1156 * mbuf for each fragment and chain it through m_nextpkt; 1157 * we might be able to optimize this by reusing the original 1158 * packet's mbufs but that is significantly more complicated. 1159 */ 1160static int 1161ieee80211_fragment(struct ieee80211vap *vap, struct mbuf *m0, 1162 u_int hdrsize, u_int ciphdrsize, u_int mtu) 1163{ 1164 struct ieee80211_frame *wh, *whf; 1165 struct mbuf *m, *prev, *next; 1166 u_int totalhdrsize, fragno, fragsize, off, remainder, payload; 1167 1168 KASSERT(m0->m_nextpkt == NULL, ("mbuf already chained?")); 1169 KASSERT(m0->m_pkthdr.len > mtu, 1170 ("pktlen %u mtu %u", m0->m_pkthdr.len, mtu)); 1171 1172 wh = mtod(m0, struct ieee80211_frame *); 1173 /* NB: mark the first frag; it will be propagated below */ 1174 wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG; 1175 totalhdrsize = hdrsize + ciphdrsize; 1176 fragno = 1; 1177 off = mtu - ciphdrsize; 1178 remainder = m0->m_pkthdr.len - off; 1179 prev = m0; 1180 do { 1181 fragsize = totalhdrsize + remainder; 1182 if (fragsize > mtu) 1183 fragsize = mtu; 1184 /* XXX fragsize can be >2048! */ 1185 KASSERT(fragsize < MCLBYTES, 1186 ("fragment size %u too big!", fragsize)); 1187 if (fragsize > MHLEN) 1188 m = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR); 1189 else 1190 m = m_gethdr(M_DONTWAIT, MT_DATA); 1191 if (m == NULL) 1192 goto bad; 1193 /* leave room to prepend any cipher header */ 1194 m_align(m, fragsize - ciphdrsize); 1195 1196 /* 1197 * Form the header in the fragment. Note that since 1198 * we mark the first fragment with the MORE_FRAG bit 1199 * it automatically is propagated to each fragment; we 1200 * need only clear it on the last fragment (done below). 1201 */ 1202 whf = mtod(m, struct ieee80211_frame *); 1203 memcpy(whf, wh, hdrsize); 1204 *(uint16_t *)&whf->i_seq[0] |= htole16( 1205 (fragno & IEEE80211_SEQ_FRAG_MASK) << 1206 IEEE80211_SEQ_FRAG_SHIFT); 1207 fragno++; 1208 1209 payload = fragsize - totalhdrsize; 1210 /* NB: destination is known to be contiguous */ 1211 m_copydata(m0, off, payload, mtod(m, uint8_t *) + hdrsize); 1212 m->m_len = hdrsize + payload; 1213 m->m_pkthdr.len = hdrsize + payload; 1214 m->m_flags |= M_FRAG; 1215 1216 /* chain up the fragment */ 1217 prev->m_nextpkt = m; 1218 prev = m; 1219 1220 /* deduct fragment just formed */ 1221 remainder -= payload; 1222 off += payload; 1223 } while (remainder != 0); 1224 1225 /* set the last fragment */ 1226 m->m_flags |= M_LASTFRAG; 1227 whf->i_fc[1] &= ~IEEE80211_FC1_MORE_FRAG; 1228 1229 /* strip first mbuf now that everything has been copied */ 1230 m_adj(m0, -(m0->m_pkthdr.len - (mtu - ciphdrsize))); 1231 m0->m_flags |= M_FIRSTFRAG | M_FRAG; 1232 1233 vap->iv_stats.is_tx_fragframes++; 1234 vap->iv_stats.is_tx_frags += fragno-1; 1235 1236 return 1; 1237bad: 1238 /* reclaim fragments but leave original frame for caller to free */ 1239 for (m = m0->m_nextpkt; m != NULL; m = next) { 1240 next = m->m_nextpkt; 1241 m->m_nextpkt = NULL; /* XXX paranoid */ 1242 m_freem(m); 1243 } 1244 m0->m_nextpkt = NULL; 1245 return 0; 1246} 1247 1248/* 1249 * Add a supported rates element id to a frame. 1250 */ 1251static uint8_t * 1252ieee80211_add_rates(uint8_t *frm, const struct ieee80211_rateset *rs) 1253{ 1254 int nrates; 1255 1256 *frm++ = IEEE80211_ELEMID_RATES; 1257 nrates = rs->rs_nrates; 1258 if (nrates > IEEE80211_RATE_SIZE) 1259 nrates = IEEE80211_RATE_SIZE; 1260 *frm++ = nrates; 1261 memcpy(frm, rs->rs_rates, nrates); 1262 return frm + nrates; 1263} 1264 1265/* 1266 * Add an extended supported rates element id to a frame. 1267 */ 1268static uint8_t * 1269ieee80211_add_xrates(uint8_t *frm, const struct ieee80211_rateset *rs) 1270{ 1271 /* 1272 * Add an extended supported rates element if operating in 11g mode. 1273 */ 1274 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 1275 int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1276 *frm++ = IEEE80211_ELEMID_XRATES; 1277 *frm++ = nrates; 1278 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1279 frm += nrates; 1280 } 1281 return frm; 1282} 1283 1284/* 1285 * Add an ssid element to a frame. 1286 */ 1287static uint8_t * 1288ieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len) 1289{ 1290 *frm++ = IEEE80211_ELEMID_SSID; 1291 *frm++ = len; 1292 memcpy(frm, ssid, len); 1293 return frm + len; 1294} 1295 1296/* 1297 * Add an erp element to a frame. 1298 */ 1299static uint8_t * 1300ieee80211_add_erp(uint8_t *frm, struct ieee80211com *ic) 1301{ 1302 uint8_t erp; 1303 1304 *frm++ = IEEE80211_ELEMID_ERP; 1305 *frm++ = 1; 1306 erp = 0; 1307 if (ic->ic_nonerpsta != 0) 1308 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 1309 if (ic->ic_flags & IEEE80211_F_USEPROT) 1310 erp |= IEEE80211_ERP_USE_PROTECTION; 1311 if (ic->ic_flags & IEEE80211_F_USEBARKER) 1312 erp |= IEEE80211_ERP_LONG_PREAMBLE; 1313 *frm++ = erp; 1314 return frm; 1315} 1316 1317/* 1318 * Add a CFParams element to a frame. 1319 */ 1320static uint8_t * 1321ieee80211_add_cfparms(uint8_t *frm, struct ieee80211com *ic) 1322{ 1323#define ADDSHORT(frm, v) do { \ 1324 frm[0] = (v) & 0xff; \ 1325 frm[1] = (v) >> 8; \ 1326 frm += 2; \ 1327} while (0) 1328 *frm++ = IEEE80211_ELEMID_CFPARMS; 1329 *frm++ = 6; 1330 *frm++ = 0; /* CFP count */ 1331 *frm++ = 2; /* CFP period */ 1332 ADDSHORT(frm, 0); /* CFP MaxDuration (TU) */ 1333 ADDSHORT(frm, 0); /* CFP CurRemaining (TU) */ 1334 return frm; 1335#undef ADDSHORT 1336} 1337 1338static __inline uint8_t * 1339add_appie(uint8_t *frm, const struct ieee80211_appie *ie) 1340{ 1341 memcpy(frm, ie->ie_data, ie->ie_len); 1342 return frm + ie->ie_len; 1343} 1344 1345static __inline uint8_t * 1346add_ie(uint8_t *frm, const uint8_t *ie) 1347{ 1348 memcpy(frm, ie, 2 + ie[1]); 1349 return frm + 2 + ie[1]; 1350} 1351 1352#define WME_OUI_BYTES 0x00, 0x50, 0xf2 1353/* 1354 * Add a WME information element to a frame. 1355 */ 1356static uint8_t * 1357ieee80211_add_wme_info(uint8_t *frm, struct ieee80211_wme_state *wme) 1358{ 1359 static const struct ieee80211_wme_info info = { 1360 .wme_id = IEEE80211_ELEMID_VENDOR, 1361 .wme_len = sizeof(struct ieee80211_wme_info) - 2, 1362 .wme_oui = { WME_OUI_BYTES }, 1363 .wme_type = WME_OUI_TYPE, 1364 .wme_subtype = WME_INFO_OUI_SUBTYPE, 1365 .wme_version = WME_VERSION, 1366 .wme_info = 0, 1367 }; 1368 memcpy(frm, &info, sizeof(info)); 1369 return frm + sizeof(info); 1370} 1371 1372/* 1373 * Add a WME parameters element to a frame. 1374 */ 1375static uint8_t * 1376ieee80211_add_wme_param(uint8_t *frm, struct ieee80211_wme_state *wme) 1377{ 1378#define SM(_v, _f) (((_v) << _f##_S) & _f) 1379#define ADDSHORT(frm, v) do { \ 1380 frm[0] = (v) & 0xff; \ 1381 frm[1] = (v) >> 8; \ 1382 frm += 2; \ 1383} while (0) 1384 /* NB: this works 'cuz a param has an info at the front */ 1385 static const struct ieee80211_wme_info param = { 1386 .wme_id = IEEE80211_ELEMID_VENDOR, 1387 .wme_len = sizeof(struct ieee80211_wme_param) - 2, 1388 .wme_oui = { WME_OUI_BYTES }, 1389 .wme_type = WME_OUI_TYPE, 1390 .wme_subtype = WME_PARAM_OUI_SUBTYPE, 1391 .wme_version = WME_VERSION, 1392 }; 1393 int i; 1394 1395 memcpy(frm, ¶m, sizeof(param)); 1396 frm += __offsetof(struct ieee80211_wme_info, wme_info); 1397 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */ 1398 *frm++ = 0; /* reserved field */ 1399 for (i = 0; i < WME_NUM_AC; i++) { 1400 const struct wmeParams *ac = 1401 &wme->wme_bssChanParams.cap_wmeParams[i]; 1402 *frm++ = SM(i, WME_PARAM_ACI) 1403 | SM(ac->wmep_acm, WME_PARAM_ACM) 1404 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN) 1405 ; 1406 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX) 1407 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN) 1408 ; 1409 ADDSHORT(frm, ac->wmep_txopLimit); 1410 } 1411 return frm; 1412#undef SM 1413#undef ADDSHORT 1414} 1415#undef WME_OUI_BYTES 1416 1417/* 1418 * Add an 11h Power Constraint element to a frame. 1419 */ 1420static uint8_t * 1421ieee80211_add_powerconstraint(uint8_t *frm, struct ieee80211vap *vap) 1422{ 1423 const struct ieee80211_channel *c = vap->iv_bss->ni_chan; 1424 /* XXX per-vap tx power limit? */ 1425 int8_t limit = vap->iv_ic->ic_txpowlimit / 2; 1426 1427 frm[0] = IEEE80211_ELEMID_PWRCNSTR; 1428 frm[1] = 1; 1429 frm[2] = c->ic_maxregpower > limit ? c->ic_maxregpower - limit : 0; 1430 return frm + 3; 1431} 1432 1433/* 1434 * Add an 11h Power Capability element to a frame. 1435 */ 1436static uint8_t * 1437ieee80211_add_powercapability(uint8_t *frm, const struct ieee80211_channel *c) 1438{ 1439 frm[0] = IEEE80211_ELEMID_PWRCAP; 1440 frm[1] = 2; 1441 frm[2] = c->ic_minpower; 1442 frm[3] = c->ic_maxpower; 1443 return frm + 4; 1444} 1445 1446/* 1447 * Add an 11h Supported Channels element to a frame. 1448 */ 1449static uint8_t * 1450ieee80211_add_supportedchannels(uint8_t *frm, struct ieee80211com *ic) 1451{ 1452 static const int ielen = 26; 1453 1454 frm[0] = IEEE80211_ELEMID_SUPPCHAN; 1455 frm[1] = ielen; 1456 /* XXX not correct */ 1457 memcpy(frm+2, ic->ic_chan_avail, ielen); 1458 return frm + 2 + ielen; 1459} 1460 1461/* 1462 * Add an 11h Channel Switch Announcement element to a frame. 1463 * Note that we use the per-vap CSA count to adjust the global 1464 * counter so we can use this routine to form probe response 1465 * frames and get the current count. 1466 */ 1467static uint8_t * 1468ieee80211_add_csa(uint8_t *frm, struct ieee80211vap *vap) 1469{ 1470 struct ieee80211com *ic = vap->iv_ic; 1471 struct ieee80211_csa_ie *csa = (struct ieee80211_csa_ie *) frm; 1472 1473 csa->csa_ie = IEEE80211_ELEMID_CSA; 1474 csa->csa_len = 3; 1475 csa->csa_mode = 1; /* XXX force quiet on channel */ 1476 csa->csa_newchan = ieee80211_chan2ieee(ic, ic->ic_csa_newchan); 1477 csa->csa_count = ic->ic_csa_count - vap->iv_csa_count; 1478 return frm + sizeof(*csa); 1479} 1480 1481/* 1482 * Add an 11h country information element to a frame. 1483 */ 1484static uint8_t * 1485ieee80211_add_countryie(uint8_t *frm, struct ieee80211com *ic) 1486{ 1487 1488 if (ic->ic_countryie == NULL || 1489 ic->ic_countryie_chan != ic->ic_bsschan) { 1490 /* 1491 * Handle lazy construction of ie. This is done on 1492 * first use and after a channel change that requires 1493 * re-calculation. 1494 */ 1495 if (ic->ic_countryie != NULL) 1496 free(ic->ic_countryie, M_80211_NODE_IE); 1497 ic->ic_countryie = ieee80211_alloc_countryie(ic); 1498 if (ic->ic_countryie == NULL) 1499 return frm; 1500 ic->ic_countryie_chan = ic->ic_bsschan; 1501 } 1502 return add_appie(frm, ic->ic_countryie); 1503} 1504 1505/* 1506 * Send a probe request frame with the specified ssid 1507 * and any optional information element data. 1508 */ 1509int 1510ieee80211_send_probereq(struct ieee80211_node *ni, 1511 const uint8_t sa[IEEE80211_ADDR_LEN], 1512 const uint8_t da[IEEE80211_ADDR_LEN], 1513 const uint8_t bssid[IEEE80211_ADDR_LEN], 1514 const uint8_t *ssid, size_t ssidlen) 1515{ 1516 struct ieee80211vap *vap = ni->ni_vap; 1517 struct ieee80211com *ic = ni->ni_ic; 1518 const struct ieee80211_txparam *tp; 1519 struct ieee80211_bpf_params params; 1520 struct ieee80211_frame *wh; 1521 const struct ieee80211_rateset *rs; 1522 struct mbuf *m; 1523 uint8_t *frm; 1524 1525 if (vap->iv_state == IEEE80211_S_CAC) { 1526 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, ni, 1527 "block %s frame in CAC state", "probe request"); 1528 vap->iv_stats.is_tx_badstate++; 1529 return EIO; /* XXX */ 1530 } 1531 1532 /* 1533 * Hold a reference on the node so it doesn't go away until after 1534 * the xmit is complete all the way in the driver. On error we 1535 * will remove our reference. 1536 */ 1537 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1538 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 1539 __func__, __LINE__, 1540 ni, ether_sprintf(ni->ni_macaddr), 1541 ieee80211_node_refcnt(ni)+1); 1542 ieee80211_ref_node(ni); 1543 1544 /* 1545 * prreq frame format 1546 * [tlv] ssid 1547 * [tlv] supported rates 1548 * [tlv] RSN (optional) 1549 * [tlv] extended supported rates 1550 * [tlv] WPA (optional) 1551 * [tlv] user-specified ie's 1552 */ 1553 m = ieee80211_getmgtframe(&frm, 1554 ic->ic_headroom + sizeof(struct ieee80211_frame), 1555 2 + IEEE80211_NWID_LEN 1556 + 2 + IEEE80211_RATE_SIZE 1557 + sizeof(struct ieee80211_ie_wpa) 1558 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 1559 + sizeof(struct ieee80211_ie_wpa) 1560 + (vap->iv_appie_probereq != NULL ? 1561 vap->iv_appie_probereq->ie_len : 0) 1562 ); 1563 if (m == NULL) { 1564 vap->iv_stats.is_tx_nobuf++; 1565 ieee80211_free_node(ni); 1566 return ENOMEM; 1567 } 1568 1569 frm = ieee80211_add_ssid(frm, ssid, ssidlen); 1570 rs = ieee80211_get_suprates(ic, ic->ic_curchan); 1571 frm = ieee80211_add_rates(frm, rs); 1572 if (vap->iv_flags & IEEE80211_F_WPA2) { 1573 if (vap->iv_rsn_ie != NULL) 1574 frm = add_ie(frm, vap->iv_rsn_ie); 1575 /* XXX else complain? */ 1576 } 1577 frm = ieee80211_add_xrates(frm, rs); 1578 if (vap->iv_flags & IEEE80211_F_WPA1) { 1579 if (vap->iv_wpa_ie != NULL) 1580 frm = add_ie(frm, vap->iv_wpa_ie); 1581 /* XXX else complain? */ 1582 } 1583 if (vap->iv_appie_probereq != NULL) 1584 frm = add_appie(frm, vap->iv_appie_probereq); 1585 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 1586 1587 KASSERT(M_LEADINGSPACE(m) >= sizeof(struct ieee80211_frame), 1588 ("leading space %zd", M_LEADINGSPACE(m))); 1589 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1590 if (m == NULL) { 1591 /* NB: cannot happen */ 1592 ieee80211_free_node(ni); 1593 return ENOMEM; 1594 } 1595 1596 wh = mtod(m, struct ieee80211_frame *); 1597 ieee80211_send_setup(ni, m, 1598 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ, 1599 IEEE80211_NONQOS_TID, sa, da, bssid); 1600 /* XXX power management? */ 1601 m->m_flags |= M_ENCAP; /* mark encapsulated */ 1602 1603 M_WME_SETAC(m, WME_AC_BE); 1604 1605 IEEE80211_NODE_STAT(ni, tx_probereq); 1606 IEEE80211_NODE_STAT(ni, tx_mgmt); 1607 1608 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, 1609 "send probe req on channel %u bssid %s ssid \"%.*s\"\n", 1610 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(bssid), 1611 ssidlen, ssid); 1612 1613 memset(¶ms, 0, sizeof(params)); 1614 params.ibp_pri = M_WME_GETAC(m); 1615 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1616 params.ibp_rate0 = tp->mgmtrate; 1617 if (IEEE80211_IS_MULTICAST(da)) { 1618 params.ibp_flags |= IEEE80211_BPF_NOACK; 1619 params.ibp_try0 = 1; 1620 } else 1621 params.ibp_try0 = tp->maxretry; 1622 params.ibp_power = ni->ni_txpower; 1623 return ic->ic_raw_xmit(ni, m, ¶ms); 1624} 1625 1626/* 1627 * Calculate capability information for mgt frames. 1628 */ 1629static uint16_t 1630getcapinfo(struct ieee80211vap *vap, struct ieee80211_channel *chan) 1631{ 1632 struct ieee80211com *ic = vap->iv_ic; 1633 uint16_t capinfo; 1634 1635 KASSERT(vap->iv_opmode != IEEE80211_M_STA, ("station mode")); 1636 1637 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 1638 capinfo = IEEE80211_CAPINFO_ESS; 1639 else if (vap->iv_opmode == IEEE80211_M_IBSS) 1640 capinfo = IEEE80211_CAPINFO_IBSS; 1641 else 1642 capinfo = 0; 1643 if (vap->iv_flags & IEEE80211_F_PRIVACY) 1644 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1645 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1646 IEEE80211_IS_CHAN_2GHZ(chan)) 1647 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1648 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1649 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1650 if (IEEE80211_IS_CHAN_5GHZ(chan) && (vap->iv_flags & IEEE80211_F_DOTH)) 1651 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT; 1652 return capinfo; 1653} 1654 1655/* 1656 * Send a management frame. The node is for the destination (or ic_bss 1657 * when in station mode). Nodes other than ic_bss have their reference 1658 * count bumped to reflect our use for an indeterminant time. 1659 */ 1660int 1661ieee80211_send_mgmt(struct ieee80211_node *ni, int type, int arg) 1662{ 1663#define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT) 1664#define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0) 1665 struct ieee80211vap *vap = ni->ni_vap; 1666 struct ieee80211com *ic = ni->ni_ic; 1667 struct ieee80211_node *bss = vap->iv_bss; 1668 struct ieee80211_bpf_params params; 1669 struct mbuf *m; 1670 uint8_t *frm; 1671 uint16_t capinfo; 1672 int has_challenge, is_shared_key, ret, status; 1673 1674 KASSERT(ni != NULL, ("null node")); 1675 1676 /* 1677 * Hold a reference on the node so it doesn't go away until after 1678 * the xmit is complete all the way in the driver. On error we 1679 * will remove our reference. 1680 */ 1681 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1682 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 1683 __func__, __LINE__, 1684 ni, ether_sprintf(ni->ni_macaddr), 1685 ieee80211_node_refcnt(ni)+1); 1686 ieee80211_ref_node(ni); 1687 1688 memset(¶ms, 0, sizeof(params)); 1689 switch (type) { 1690 1691 case IEEE80211_FC0_SUBTYPE_AUTH: 1692 status = arg >> 16; 1693 arg &= 0xffff; 1694 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE || 1695 arg == IEEE80211_AUTH_SHARED_RESPONSE) && 1696 ni->ni_challenge != NULL); 1697 1698 /* 1699 * Deduce whether we're doing open authentication or 1700 * shared key authentication. We do the latter if 1701 * we're in the middle of a shared key authentication 1702 * handshake or if we're initiating an authentication 1703 * request and configured to use shared key. 1704 */ 1705 is_shared_key = has_challenge || 1706 arg >= IEEE80211_AUTH_SHARED_RESPONSE || 1707 (arg == IEEE80211_AUTH_SHARED_REQUEST && 1708 bss->ni_authmode == IEEE80211_AUTH_SHARED); 1709 1710 m = ieee80211_getmgtframe(&frm, 1711 ic->ic_headroom + sizeof(struct ieee80211_frame), 1712 3 * sizeof(uint16_t) 1713 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ? 1714 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN : 0) 1715 ); 1716 if (m == NULL) 1717 senderr(ENOMEM, is_tx_nobuf); 1718 1719 ((uint16_t *)frm)[0] = 1720 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED) 1721 : htole16(IEEE80211_AUTH_ALG_OPEN); 1722 ((uint16_t *)frm)[1] = htole16(arg); /* sequence number */ 1723 ((uint16_t *)frm)[2] = htole16(status);/* status */ 1724 1725 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) { 1726 ((uint16_t *)frm)[3] = 1727 htole16((IEEE80211_CHALLENGE_LEN << 8) | 1728 IEEE80211_ELEMID_CHALLENGE); 1729 memcpy(&((uint16_t *)frm)[4], ni->ni_challenge, 1730 IEEE80211_CHALLENGE_LEN); 1731 m->m_pkthdr.len = m->m_len = 1732 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN; 1733 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) { 1734 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni, 1735 "request encrypt frame (%s)", __func__); 1736 /* mark frame for encryption */ 1737 params.ibp_flags |= IEEE80211_BPF_CRYPTO; 1738 } 1739 } else 1740 m->m_pkthdr.len = m->m_len = 3 * sizeof(uint16_t); 1741 1742 /* XXX not right for shared key */ 1743 if (status == IEEE80211_STATUS_SUCCESS) 1744 IEEE80211_NODE_STAT(ni, tx_auth); 1745 else 1746 IEEE80211_NODE_STAT(ni, tx_auth_fail); 1747 1748 if (vap->iv_opmode == IEEE80211_M_STA) 1749 ieee80211_add_callback(m, ieee80211_tx_mgt_cb, 1750 (void *) vap->iv_state); 1751 break; 1752 1753 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1754 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni, 1755 "send station deauthenticate (reason %d)", arg); 1756 m = ieee80211_getmgtframe(&frm, 1757 ic->ic_headroom + sizeof(struct ieee80211_frame), 1758 sizeof(uint16_t)); 1759 if (m == NULL) 1760 senderr(ENOMEM, is_tx_nobuf); 1761 *(uint16_t *)frm = htole16(arg); /* reason */ 1762 m->m_pkthdr.len = m->m_len = sizeof(uint16_t); 1763 1764 IEEE80211_NODE_STAT(ni, tx_deauth); 1765 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg); 1766 1767 ieee80211_node_unauthorize(ni); /* port closed */ 1768 break; 1769 1770 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1771 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 1772 /* 1773 * asreq frame format 1774 * [2] capability information 1775 * [2] listen interval 1776 * [6*] current AP address (reassoc only) 1777 * [tlv] ssid 1778 * [tlv] supported rates 1779 * [tlv] extended supported rates 1780 * [4] power capability (optional) 1781 * [28] supported channels (optional) 1782 * [tlv] HT capabilities 1783 * [tlv] WME (optional) 1784 * [tlv] Vendor OUI HT capabilities (optional) 1785 * [tlv] Atheros capabilities (if negotiated) 1786 * [tlv] AppIE's (optional) 1787 */ 1788 m = ieee80211_getmgtframe(&frm, 1789 ic->ic_headroom + sizeof(struct ieee80211_frame), 1790 sizeof(uint16_t) 1791 + sizeof(uint16_t) 1792 + IEEE80211_ADDR_LEN 1793 + 2 + IEEE80211_NWID_LEN 1794 + 2 + IEEE80211_RATE_SIZE 1795 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 1796 + 4 1797 + 2 + 26 1798 + sizeof(struct ieee80211_wme_info) 1799 + sizeof(struct ieee80211_ie_htcap) 1800 + 4 + sizeof(struct ieee80211_ie_htcap) 1801#ifdef IEEE80211_SUPPORT_SUPERG 1802 + sizeof(struct ieee80211_ath_ie) 1803#endif 1804 + (vap->iv_appie_wpa != NULL ? 1805 vap->iv_appie_wpa->ie_len : 0) 1806 + (vap->iv_appie_assocreq != NULL ? 1807 vap->iv_appie_assocreq->ie_len : 0) 1808 ); 1809 if (m == NULL) 1810 senderr(ENOMEM, is_tx_nobuf); 1811 1812 KASSERT(vap->iv_opmode == IEEE80211_M_STA, 1813 ("wrong mode %u", vap->iv_opmode)); 1814 capinfo = IEEE80211_CAPINFO_ESS; 1815 if (vap->iv_flags & IEEE80211_F_PRIVACY) 1816 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1817 /* 1818 * NB: Some 11a AP's reject the request when 1819 * short premable is set. 1820 */ 1821 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1822 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 1823 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1824 if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan) && 1825 (ic->ic_caps & IEEE80211_C_SHSLOT)) 1826 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1827 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) && 1828 (vap->iv_flags & IEEE80211_F_DOTH)) 1829 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT; 1830 *(uint16_t *)frm = htole16(capinfo); 1831 frm += 2; 1832 1833 KASSERT(bss->ni_intval != 0, ("beacon interval is zero!")); 1834 *(uint16_t *)frm = htole16(howmany(ic->ic_lintval, 1835 bss->ni_intval)); 1836 frm += 2; 1837 1838 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1839 IEEE80211_ADDR_COPY(frm, bss->ni_bssid); 1840 frm += IEEE80211_ADDR_LEN; 1841 } 1842 1843 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1844 frm = ieee80211_add_rates(frm, &ni->ni_rates); 1845 if (vap->iv_flags & IEEE80211_F_WPA2) { 1846 if (vap->iv_rsn_ie != NULL) 1847 frm = add_ie(frm, vap->iv_rsn_ie); 1848 /* XXX else complain? */ 1849 } 1850 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 1851 if (capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) { 1852 frm = ieee80211_add_powercapability(frm, 1853 ic->ic_curchan); 1854 frm = ieee80211_add_supportedchannels(frm, ic); 1855 }
|
2431 frm = ieee80211_add_htcap_vendor(frm, ni); 2432 frm = ieee80211_add_htinfo_vendor(frm, ni); 2433 } 2434#ifdef IEEE80211_SUPPORT_SUPERG 2435 if (vap->iv_flags & IEEE80211_F_ATHEROS) { 2436 bo->bo_ath = frm; 2437 frm = ieee80211_add_athcaps(frm, ni); 2438 } 2439#endif 2440#ifdef IEEE80211_SUPPORT_TDMA 2441 if (vap->iv_caps & IEEE80211_C_TDMA) { 2442 bo->bo_tdma = frm; 2443 frm = ieee80211_add_tdma(frm, vap); 2444 } 2445#endif 2446 if (vap->iv_appie_beacon != NULL) { 2447 bo->bo_appie = frm; 2448 bo->bo_appie_len = vap->iv_appie_beacon->ie_len; 2449 frm = add_appie(frm, vap->iv_appie_beacon); 2450 } 2451 bo->bo_tim_trailer_len = frm - bo->bo_tim_trailer; 2452 bo->bo_csa_trailer_len = frm - bo->bo_csa; 2453 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2454} 2455 2456/* 2457 * Allocate a beacon frame and fillin the appropriate bits. 2458 */ 2459struct mbuf * 2460ieee80211_beacon_alloc(struct ieee80211_node *ni, 2461 struct ieee80211_beacon_offsets *bo) 2462{ 2463 struct ieee80211vap *vap = ni->ni_vap; 2464 struct ieee80211com *ic = ni->ni_ic; 2465 struct ifnet *ifp = vap->iv_ifp; 2466 struct ieee80211_frame *wh; 2467 struct mbuf *m; 2468 int pktlen; 2469 uint8_t *frm; 2470 2471 /* 2472 * beacon frame format 2473 * [8] time stamp 2474 * [2] beacon interval 2475 * [2] cabability information 2476 * [tlv] ssid 2477 * [tlv] supported rates 2478 * [3] parameter set (DS) 2479 * [8] CF parameter set (optional) 2480 * [tlv] parameter set (IBSS/TIM) 2481 * [tlv] country (optional) 2482 * [3] power control (optional) 2483 * [5] channel switch announcement (CSA) (optional) 2484 * [tlv] extended rate phy (ERP) 2485 * [tlv] extended supported rates 2486 * [tlv] RSN parameters 2487 * [tlv] HT capabilities 2488 * [tlv] HT information 2489 * [tlv] Vendor OUI HT capabilities (optional) 2490 * [tlv] Vendor OUI HT information (optional) 2491 * XXX Vendor-specific OIDs (e.g. Atheros) 2492 * [tlv] WPA parameters 2493 * [tlv] WME parameters 2494 * [tlv] TDMA parameters (optional) 2495 * [tlv] application data (optional) 2496 * NB: we allocate the max space required for the TIM bitmap. 2497 * XXX how big is this? 2498 */ 2499 pktlen = 8 /* time stamp */ 2500 + sizeof(uint16_t) /* beacon interval */ 2501 + sizeof(uint16_t) /* capabilities */ 2502 + 2 + ni->ni_esslen /* ssid */ 2503 + 2 + IEEE80211_RATE_SIZE /* supported rates */ 2504 + 2 + 1 /* DS parameters */ 2505 + 2 + 6 /* CF parameters */ 2506 + 2 + 4 + vap->iv_tim_len /* DTIM/IBSSPARMS */ 2507 + IEEE80211_COUNTRY_MAX_SIZE /* country */ 2508 + 2 + 1 /* power control */ 2509 + sizeof(struct ieee80211_csa_ie) /* CSA */ 2510 + 2 + 1 /* ERP */ 2511 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2512 + (vap->iv_caps & IEEE80211_C_WPA ? /* WPA 1+2 */ 2513 2*sizeof(struct ieee80211_ie_wpa) : 0) 2514 /* XXX conditional? */ 2515 + 4+2*sizeof(struct ieee80211_ie_htcap)/* HT caps */ 2516 + 4+2*sizeof(struct ieee80211_ie_htinfo)/* HT info */ 2517 + (vap->iv_caps & IEEE80211_C_WME ? /* WME */ 2518 sizeof(struct ieee80211_wme_param) : 0) 2519#ifdef IEEE80211_SUPPORT_SUPERG 2520 + sizeof(struct ieee80211_ath_ie) /* ATH */ 2521#endif 2522#ifdef IEEE80211_SUPPORT_TDMA 2523 + (vap->iv_caps & IEEE80211_C_TDMA ? /* TDMA */ 2524 sizeof(struct ieee80211_tdma_param) : 0) 2525#endif 2526 + IEEE80211_MAX_APPIE 2527 ; 2528 m = ieee80211_getmgtframe(&frm, 2529 ic->ic_headroom + sizeof(struct ieee80211_frame), pktlen); 2530 if (m == NULL) { 2531 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY, 2532 "%s: cannot get buf; size %u\n", __func__, pktlen); 2533 vap->iv_stats.is_tx_nobuf++; 2534 return NULL; 2535 } 2536 ieee80211_beacon_construct(m, frm, bo, ni); 2537 2538 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 2539 KASSERT(m != NULL, ("no space for 802.11 header?")); 2540 wh = mtod(m, struct ieee80211_frame *); 2541 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2542 IEEE80211_FC0_SUBTYPE_BEACON; 2543 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2544 *(uint16_t *)wh->i_dur = 0; 2545 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 2546 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 2547 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 2548 *(uint16_t *)wh->i_seq = 0; 2549 2550 return m; 2551} 2552 2553/* 2554 * Update the dynamic parts of a beacon frame based on the current state. 2555 */ 2556int 2557ieee80211_beacon_update(struct ieee80211_node *ni, 2558 struct ieee80211_beacon_offsets *bo, struct mbuf *m, int mcast) 2559{ 2560 struct ieee80211vap *vap = ni->ni_vap; 2561 struct ieee80211com *ic = ni->ni_ic; 2562 int len_changed = 0; 2563 uint16_t capinfo; 2564 2565 IEEE80211_LOCK(ic); 2566 /* 2567 * Handle 11h channel change when we've reached the count. 2568 * We must recalculate the beacon frame contents to account 2569 * for the new channel. Note we do this only for the first 2570 * vap that reaches this point; subsequent vaps just update 2571 * their beacon state to reflect the recalculated channel. 2572 */ 2573 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA) && 2574 vap->iv_csa_count == ic->ic_csa_count) { 2575 vap->iv_csa_count = 0; 2576 /* 2577 * Effect channel change before reconstructing the beacon 2578 * frame contents as many places reference ni_chan. 2579 */ 2580 if (ic->ic_csa_newchan != NULL) 2581 ieee80211_csa_completeswitch(ic); 2582 /* 2583 * NB: ieee80211_beacon_construct clears all pending 2584 * updates in bo_flags so we don't need to explicitly 2585 * clear IEEE80211_BEACON_CSA. 2586 */ 2587 ieee80211_beacon_construct(m, 2588 mtod(m, uint8_t*) + sizeof(struct ieee80211_frame), bo, ni); 2589 2590 /* XXX do WME aggressive mode processing? */ 2591 IEEE80211_UNLOCK(ic); 2592 return 1; /* just assume length changed */ 2593 } 2594 2595 /* XXX faster to recalculate entirely or just changes? */ 2596 capinfo = getcapinfo(vap, ni->ni_chan); 2597 *bo->bo_caps = htole16(capinfo); 2598 2599 if (vap->iv_flags & IEEE80211_F_WME) { 2600 struct ieee80211_wme_state *wme = &ic->ic_wme; 2601 2602 /* 2603 * Check for agressive mode change. When there is 2604 * significant high priority traffic in the BSS 2605 * throttle back BE traffic by using conservative 2606 * parameters. Otherwise BE uses agressive params 2607 * to optimize performance of legacy/non-QoS traffic. 2608 */ 2609 if (wme->wme_flags & WME_F_AGGRMODE) { 2610 if (wme->wme_hipri_traffic > 2611 wme->wme_hipri_switch_thresh) { 2612 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME, 2613 "%s: traffic %u, disable aggressive mode\n", 2614 __func__, wme->wme_hipri_traffic); 2615 wme->wme_flags &= ~WME_F_AGGRMODE; 2616 ieee80211_wme_updateparams_locked(vap); 2617 wme->wme_hipri_traffic = 2618 wme->wme_hipri_switch_hysteresis; 2619 } else 2620 wme->wme_hipri_traffic = 0; 2621 } else { 2622 if (wme->wme_hipri_traffic <= 2623 wme->wme_hipri_switch_thresh) { 2624 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME, 2625 "%s: traffic %u, enable aggressive mode\n", 2626 __func__, wme->wme_hipri_traffic); 2627 wme->wme_flags |= WME_F_AGGRMODE; 2628 ieee80211_wme_updateparams_locked(vap); 2629 wme->wme_hipri_traffic = 0; 2630 } else 2631 wme->wme_hipri_traffic = 2632 wme->wme_hipri_switch_hysteresis; 2633 } 2634 if (isset(bo->bo_flags, IEEE80211_BEACON_WME)) { 2635 (void) ieee80211_add_wme_param(bo->bo_wme, wme); 2636 clrbit(bo->bo_flags, IEEE80211_BEACON_WME); 2637 } 2638 } 2639 2640 if (isset(bo->bo_flags, IEEE80211_BEACON_HTINFO)) { 2641 ieee80211_ht_update_beacon(vap, bo); 2642 clrbit(bo->bo_flags, IEEE80211_BEACON_HTINFO); 2643 } 2644#ifdef IEEE80211_SUPPORT_TDMA 2645 if (vap->iv_caps & IEEE80211_C_TDMA) { 2646 /* 2647 * NB: the beacon is potentially updated every TBTT. 2648 */ 2649 ieee80211_tdma_update_beacon(vap, bo); 2650 } 2651#endif 2652 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { /* NB: no IBSS support*/ 2653 struct ieee80211_tim_ie *tie = 2654 (struct ieee80211_tim_ie *) bo->bo_tim; 2655 if (isset(bo->bo_flags, IEEE80211_BEACON_TIM)) { 2656 u_int timlen, timoff, i; 2657 /* 2658 * ATIM/DTIM needs updating. If it fits in the 2659 * current space allocated then just copy in the 2660 * new bits. Otherwise we need to move any trailing 2661 * data to make room. Note that we know there is 2662 * contiguous space because ieee80211_beacon_allocate 2663 * insures there is space in the mbuf to write a 2664 * maximal-size virtual bitmap (based on iv_max_aid). 2665 */ 2666 /* 2667 * Calculate the bitmap size and offset, copy any 2668 * trailer out of the way, and then copy in the 2669 * new bitmap and update the information element. 2670 * Note that the tim bitmap must contain at least 2671 * one byte and any offset must be even. 2672 */ 2673 if (vap->iv_ps_pending != 0) { 2674 timoff = 128; /* impossibly large */ 2675 for (i = 0; i < vap->iv_tim_len; i++) 2676 if (vap->iv_tim_bitmap[i]) { 2677 timoff = i &~ 1; 2678 break; 2679 } 2680 KASSERT(timoff != 128, ("tim bitmap empty!")); 2681 for (i = vap->iv_tim_len-1; i >= timoff; i--) 2682 if (vap->iv_tim_bitmap[i]) 2683 break; 2684 timlen = 1 + (i - timoff); 2685 } else { 2686 timoff = 0; 2687 timlen = 1; 2688 } 2689 if (timlen != bo->bo_tim_len) { 2690 /* copy up/down trailer */ 2691 int adjust = tie->tim_bitmap+timlen 2692 - bo->bo_tim_trailer; 2693 ovbcopy(bo->bo_tim_trailer, 2694 bo->bo_tim_trailer+adjust, 2695 bo->bo_tim_trailer_len); 2696 bo->bo_tim_trailer += adjust; 2697 bo->bo_erp += adjust; 2698 bo->bo_htinfo += adjust; 2699#ifdef IEEE80211_SUPERG_SUPPORT 2700 bo->bo_ath += adjust; 2701#endif 2702#ifdef IEEE80211_TDMA_SUPPORT 2703 bo->bo_tdma += adjust; 2704#endif 2705 bo->bo_appie += adjust; 2706 bo->bo_wme += adjust; 2707 bo->bo_csa += adjust; 2708 bo->bo_tim_len = timlen; 2709 2710 /* update information element */ 2711 tie->tim_len = 3 + timlen; 2712 tie->tim_bitctl = timoff; 2713 len_changed = 1; 2714 } 2715 memcpy(tie->tim_bitmap, vap->iv_tim_bitmap + timoff, 2716 bo->bo_tim_len); 2717 2718 clrbit(bo->bo_flags, IEEE80211_BEACON_TIM); 2719 2720 IEEE80211_DPRINTF(vap, IEEE80211_MSG_POWER, 2721 "%s: TIM updated, pending %u, off %u, len %u\n", 2722 __func__, vap->iv_ps_pending, timoff, timlen); 2723 } 2724 /* count down DTIM period */ 2725 if (tie->tim_count == 0) 2726 tie->tim_count = tie->tim_period - 1; 2727 else 2728 tie->tim_count--; 2729 /* update state for buffered multicast frames on DTIM */ 2730 if (mcast && tie->tim_count == 0) 2731 tie->tim_bitctl |= 1; 2732 else 2733 tie->tim_bitctl &= ~1; 2734 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA)) { 2735 struct ieee80211_csa_ie *csa = 2736 (struct ieee80211_csa_ie *) bo->bo_csa; 2737 2738 /* 2739 * Insert or update CSA ie. If we're just starting 2740 * to count down to the channel switch then we need 2741 * to insert the CSA ie. Otherwise we just need to 2742 * drop the count. The actual change happens above 2743 * when the vap's count reaches the target count. 2744 */ 2745 if (vap->iv_csa_count == 0) { 2746 memmove(&csa[1], csa, bo->bo_csa_trailer_len); 2747 bo->bo_erp += sizeof(*csa); 2748 bo->bo_htinfo += sizeof(*csa); 2749 bo->bo_wme += sizeof(*csa); 2750#ifdef IEEE80211_SUPERG_SUPPORT 2751 bo->bo_ath += sizeof(*csa); 2752#endif 2753#ifdef IEEE80211_TDMA_SUPPORT 2754 bo->bo_tdma += sizeof(*csa); 2755#endif 2756 bo->bo_appie += sizeof(*csa); 2757 bo->bo_csa_trailer_len += sizeof(*csa); 2758 bo->bo_tim_trailer_len += sizeof(*csa); 2759 m->m_len += sizeof(*csa); 2760 m->m_pkthdr.len += sizeof(*csa); 2761 2762 ieee80211_add_csa(bo->bo_csa, vap); 2763 } else 2764 csa->csa_count--; 2765 vap->iv_csa_count++; 2766 /* NB: don't clear IEEE80211_BEACON_CSA */ 2767 } 2768 if (isset(bo->bo_flags, IEEE80211_BEACON_ERP)) { 2769 /* 2770 * ERP element needs updating. 2771 */ 2772 (void) ieee80211_add_erp(bo->bo_erp, ic); 2773 clrbit(bo->bo_flags, IEEE80211_BEACON_ERP); 2774 } 2775#ifdef IEEE80211_SUPPORT_SUPERG 2776 if (isset(bo->bo_flags, IEEE80211_BEACON_ATH)) { 2777 ieee80211_add_athcaps(bo->bo_ath, ni); 2778 clrbit(bo->bo_flags, IEEE80211_BEACON_ATH); 2779 } 2780#endif 2781 } 2782 if (isset(bo->bo_flags, IEEE80211_BEACON_APPIE)) { 2783 const struct ieee80211_appie *aie = vap->iv_appie_beacon; 2784 int aielen; 2785 uint8_t *frm; 2786 2787 aielen = 0; 2788 if (aie != NULL) 2789 aielen += aie->ie_len; 2790 if (aielen != bo->bo_appie_len) { 2791 /* copy up/down trailer */ 2792 int adjust = aielen - bo->bo_appie_len; 2793 ovbcopy(bo->bo_tim_trailer, bo->bo_tim_trailer+adjust, 2794 bo->bo_tim_trailer_len); 2795 bo->bo_tim_trailer += adjust; 2796 bo->bo_appie += adjust; 2797 bo->bo_appie_len = aielen; 2798 2799 len_changed = 1; 2800 } 2801 frm = bo->bo_appie; 2802 if (aie != NULL) 2803 frm = add_appie(frm, aie); 2804 clrbit(bo->bo_flags, IEEE80211_BEACON_APPIE); 2805 } 2806 IEEE80211_UNLOCK(ic); 2807 2808 return len_changed; 2809}
| 2431 frm = ieee80211_add_htcap_vendor(frm, ni); 2432 frm = ieee80211_add_htinfo_vendor(frm, ni); 2433 } 2434#ifdef IEEE80211_SUPPORT_SUPERG 2435 if (vap->iv_flags & IEEE80211_F_ATHEROS) { 2436 bo->bo_ath = frm; 2437 frm = ieee80211_add_athcaps(frm, ni); 2438 } 2439#endif 2440#ifdef IEEE80211_SUPPORT_TDMA 2441 if (vap->iv_caps & IEEE80211_C_TDMA) { 2442 bo->bo_tdma = frm; 2443 frm = ieee80211_add_tdma(frm, vap); 2444 } 2445#endif 2446 if (vap->iv_appie_beacon != NULL) { 2447 bo->bo_appie = frm; 2448 bo->bo_appie_len = vap->iv_appie_beacon->ie_len; 2449 frm = add_appie(frm, vap->iv_appie_beacon); 2450 } 2451 bo->bo_tim_trailer_len = frm - bo->bo_tim_trailer; 2452 bo->bo_csa_trailer_len = frm - bo->bo_csa; 2453 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2454} 2455 2456/* 2457 * Allocate a beacon frame and fillin the appropriate bits. 2458 */ 2459struct mbuf * 2460ieee80211_beacon_alloc(struct ieee80211_node *ni, 2461 struct ieee80211_beacon_offsets *bo) 2462{ 2463 struct ieee80211vap *vap = ni->ni_vap; 2464 struct ieee80211com *ic = ni->ni_ic; 2465 struct ifnet *ifp = vap->iv_ifp; 2466 struct ieee80211_frame *wh; 2467 struct mbuf *m; 2468 int pktlen; 2469 uint8_t *frm; 2470 2471 /* 2472 * beacon frame format 2473 * [8] time stamp 2474 * [2] beacon interval 2475 * [2] cabability information 2476 * [tlv] ssid 2477 * [tlv] supported rates 2478 * [3] parameter set (DS) 2479 * [8] CF parameter set (optional) 2480 * [tlv] parameter set (IBSS/TIM) 2481 * [tlv] country (optional) 2482 * [3] power control (optional) 2483 * [5] channel switch announcement (CSA) (optional) 2484 * [tlv] extended rate phy (ERP) 2485 * [tlv] extended supported rates 2486 * [tlv] RSN parameters 2487 * [tlv] HT capabilities 2488 * [tlv] HT information 2489 * [tlv] Vendor OUI HT capabilities (optional) 2490 * [tlv] Vendor OUI HT information (optional) 2491 * XXX Vendor-specific OIDs (e.g. Atheros) 2492 * [tlv] WPA parameters 2493 * [tlv] WME parameters 2494 * [tlv] TDMA parameters (optional) 2495 * [tlv] application data (optional) 2496 * NB: we allocate the max space required for the TIM bitmap. 2497 * XXX how big is this? 2498 */ 2499 pktlen = 8 /* time stamp */ 2500 + sizeof(uint16_t) /* beacon interval */ 2501 + sizeof(uint16_t) /* capabilities */ 2502 + 2 + ni->ni_esslen /* ssid */ 2503 + 2 + IEEE80211_RATE_SIZE /* supported rates */ 2504 + 2 + 1 /* DS parameters */ 2505 + 2 + 6 /* CF parameters */ 2506 + 2 + 4 + vap->iv_tim_len /* DTIM/IBSSPARMS */ 2507 + IEEE80211_COUNTRY_MAX_SIZE /* country */ 2508 + 2 + 1 /* power control */ 2509 + sizeof(struct ieee80211_csa_ie) /* CSA */ 2510 + 2 + 1 /* ERP */ 2511 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2512 + (vap->iv_caps & IEEE80211_C_WPA ? /* WPA 1+2 */ 2513 2*sizeof(struct ieee80211_ie_wpa) : 0) 2514 /* XXX conditional? */ 2515 + 4+2*sizeof(struct ieee80211_ie_htcap)/* HT caps */ 2516 + 4+2*sizeof(struct ieee80211_ie_htinfo)/* HT info */ 2517 + (vap->iv_caps & IEEE80211_C_WME ? /* WME */ 2518 sizeof(struct ieee80211_wme_param) : 0) 2519#ifdef IEEE80211_SUPPORT_SUPERG 2520 + sizeof(struct ieee80211_ath_ie) /* ATH */ 2521#endif 2522#ifdef IEEE80211_SUPPORT_TDMA 2523 + (vap->iv_caps & IEEE80211_C_TDMA ? /* TDMA */ 2524 sizeof(struct ieee80211_tdma_param) : 0) 2525#endif 2526 + IEEE80211_MAX_APPIE 2527 ; 2528 m = ieee80211_getmgtframe(&frm, 2529 ic->ic_headroom + sizeof(struct ieee80211_frame), pktlen); 2530 if (m == NULL) { 2531 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY, 2532 "%s: cannot get buf; size %u\n", __func__, pktlen); 2533 vap->iv_stats.is_tx_nobuf++; 2534 return NULL; 2535 } 2536 ieee80211_beacon_construct(m, frm, bo, ni); 2537 2538 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 2539 KASSERT(m != NULL, ("no space for 802.11 header?")); 2540 wh = mtod(m, struct ieee80211_frame *); 2541 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2542 IEEE80211_FC0_SUBTYPE_BEACON; 2543 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2544 *(uint16_t *)wh->i_dur = 0; 2545 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 2546 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 2547 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 2548 *(uint16_t *)wh->i_seq = 0; 2549 2550 return m; 2551} 2552 2553/* 2554 * Update the dynamic parts of a beacon frame based on the current state. 2555 */ 2556int 2557ieee80211_beacon_update(struct ieee80211_node *ni, 2558 struct ieee80211_beacon_offsets *bo, struct mbuf *m, int mcast) 2559{ 2560 struct ieee80211vap *vap = ni->ni_vap; 2561 struct ieee80211com *ic = ni->ni_ic; 2562 int len_changed = 0; 2563 uint16_t capinfo; 2564 2565 IEEE80211_LOCK(ic); 2566 /* 2567 * Handle 11h channel change when we've reached the count. 2568 * We must recalculate the beacon frame contents to account 2569 * for the new channel. Note we do this only for the first 2570 * vap that reaches this point; subsequent vaps just update 2571 * their beacon state to reflect the recalculated channel. 2572 */ 2573 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA) && 2574 vap->iv_csa_count == ic->ic_csa_count) { 2575 vap->iv_csa_count = 0; 2576 /* 2577 * Effect channel change before reconstructing the beacon 2578 * frame contents as many places reference ni_chan. 2579 */ 2580 if (ic->ic_csa_newchan != NULL) 2581 ieee80211_csa_completeswitch(ic); 2582 /* 2583 * NB: ieee80211_beacon_construct clears all pending 2584 * updates in bo_flags so we don't need to explicitly 2585 * clear IEEE80211_BEACON_CSA. 2586 */ 2587 ieee80211_beacon_construct(m, 2588 mtod(m, uint8_t*) + sizeof(struct ieee80211_frame), bo, ni); 2589 2590 /* XXX do WME aggressive mode processing? */ 2591 IEEE80211_UNLOCK(ic); 2592 return 1; /* just assume length changed */ 2593 } 2594 2595 /* XXX faster to recalculate entirely or just changes? */ 2596 capinfo = getcapinfo(vap, ni->ni_chan); 2597 *bo->bo_caps = htole16(capinfo); 2598 2599 if (vap->iv_flags & IEEE80211_F_WME) { 2600 struct ieee80211_wme_state *wme = &ic->ic_wme; 2601 2602 /* 2603 * Check for agressive mode change. When there is 2604 * significant high priority traffic in the BSS 2605 * throttle back BE traffic by using conservative 2606 * parameters. Otherwise BE uses agressive params 2607 * to optimize performance of legacy/non-QoS traffic. 2608 */ 2609 if (wme->wme_flags & WME_F_AGGRMODE) { 2610 if (wme->wme_hipri_traffic > 2611 wme->wme_hipri_switch_thresh) { 2612 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME, 2613 "%s: traffic %u, disable aggressive mode\n", 2614 __func__, wme->wme_hipri_traffic); 2615 wme->wme_flags &= ~WME_F_AGGRMODE; 2616 ieee80211_wme_updateparams_locked(vap); 2617 wme->wme_hipri_traffic = 2618 wme->wme_hipri_switch_hysteresis; 2619 } else 2620 wme->wme_hipri_traffic = 0; 2621 } else { 2622 if (wme->wme_hipri_traffic <= 2623 wme->wme_hipri_switch_thresh) { 2624 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME, 2625 "%s: traffic %u, enable aggressive mode\n", 2626 __func__, wme->wme_hipri_traffic); 2627 wme->wme_flags |= WME_F_AGGRMODE; 2628 ieee80211_wme_updateparams_locked(vap); 2629 wme->wme_hipri_traffic = 0; 2630 } else 2631 wme->wme_hipri_traffic = 2632 wme->wme_hipri_switch_hysteresis; 2633 } 2634 if (isset(bo->bo_flags, IEEE80211_BEACON_WME)) { 2635 (void) ieee80211_add_wme_param(bo->bo_wme, wme); 2636 clrbit(bo->bo_flags, IEEE80211_BEACON_WME); 2637 } 2638 } 2639 2640 if (isset(bo->bo_flags, IEEE80211_BEACON_HTINFO)) { 2641 ieee80211_ht_update_beacon(vap, bo); 2642 clrbit(bo->bo_flags, IEEE80211_BEACON_HTINFO); 2643 } 2644#ifdef IEEE80211_SUPPORT_TDMA 2645 if (vap->iv_caps & IEEE80211_C_TDMA) { 2646 /* 2647 * NB: the beacon is potentially updated every TBTT. 2648 */ 2649 ieee80211_tdma_update_beacon(vap, bo); 2650 } 2651#endif 2652 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { /* NB: no IBSS support*/ 2653 struct ieee80211_tim_ie *tie = 2654 (struct ieee80211_tim_ie *) bo->bo_tim; 2655 if (isset(bo->bo_flags, IEEE80211_BEACON_TIM)) { 2656 u_int timlen, timoff, i; 2657 /* 2658 * ATIM/DTIM needs updating. If it fits in the 2659 * current space allocated then just copy in the 2660 * new bits. Otherwise we need to move any trailing 2661 * data to make room. Note that we know there is 2662 * contiguous space because ieee80211_beacon_allocate 2663 * insures there is space in the mbuf to write a 2664 * maximal-size virtual bitmap (based on iv_max_aid). 2665 */ 2666 /* 2667 * Calculate the bitmap size and offset, copy any 2668 * trailer out of the way, and then copy in the 2669 * new bitmap and update the information element. 2670 * Note that the tim bitmap must contain at least 2671 * one byte and any offset must be even. 2672 */ 2673 if (vap->iv_ps_pending != 0) { 2674 timoff = 128; /* impossibly large */ 2675 for (i = 0; i < vap->iv_tim_len; i++) 2676 if (vap->iv_tim_bitmap[i]) { 2677 timoff = i &~ 1; 2678 break; 2679 } 2680 KASSERT(timoff != 128, ("tim bitmap empty!")); 2681 for (i = vap->iv_tim_len-1; i >= timoff; i--) 2682 if (vap->iv_tim_bitmap[i]) 2683 break; 2684 timlen = 1 + (i - timoff); 2685 } else { 2686 timoff = 0; 2687 timlen = 1; 2688 } 2689 if (timlen != bo->bo_tim_len) { 2690 /* copy up/down trailer */ 2691 int adjust = tie->tim_bitmap+timlen 2692 - bo->bo_tim_trailer; 2693 ovbcopy(bo->bo_tim_trailer, 2694 bo->bo_tim_trailer+adjust, 2695 bo->bo_tim_trailer_len); 2696 bo->bo_tim_trailer += adjust; 2697 bo->bo_erp += adjust; 2698 bo->bo_htinfo += adjust; 2699#ifdef IEEE80211_SUPERG_SUPPORT 2700 bo->bo_ath += adjust; 2701#endif 2702#ifdef IEEE80211_TDMA_SUPPORT 2703 bo->bo_tdma += adjust; 2704#endif 2705 bo->bo_appie += adjust; 2706 bo->bo_wme += adjust; 2707 bo->bo_csa += adjust; 2708 bo->bo_tim_len = timlen; 2709 2710 /* update information element */ 2711 tie->tim_len = 3 + timlen; 2712 tie->tim_bitctl = timoff; 2713 len_changed = 1; 2714 } 2715 memcpy(tie->tim_bitmap, vap->iv_tim_bitmap + timoff, 2716 bo->bo_tim_len); 2717 2718 clrbit(bo->bo_flags, IEEE80211_BEACON_TIM); 2719 2720 IEEE80211_DPRINTF(vap, IEEE80211_MSG_POWER, 2721 "%s: TIM updated, pending %u, off %u, len %u\n", 2722 __func__, vap->iv_ps_pending, timoff, timlen); 2723 } 2724 /* count down DTIM period */ 2725 if (tie->tim_count == 0) 2726 tie->tim_count = tie->tim_period - 1; 2727 else 2728 tie->tim_count--; 2729 /* update state for buffered multicast frames on DTIM */ 2730 if (mcast && tie->tim_count == 0) 2731 tie->tim_bitctl |= 1; 2732 else 2733 tie->tim_bitctl &= ~1; 2734 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA)) { 2735 struct ieee80211_csa_ie *csa = 2736 (struct ieee80211_csa_ie *) bo->bo_csa; 2737 2738 /* 2739 * Insert or update CSA ie. If we're just starting 2740 * to count down to the channel switch then we need 2741 * to insert the CSA ie. Otherwise we just need to 2742 * drop the count. The actual change happens above 2743 * when the vap's count reaches the target count. 2744 */ 2745 if (vap->iv_csa_count == 0) { 2746 memmove(&csa[1], csa, bo->bo_csa_trailer_len); 2747 bo->bo_erp += sizeof(*csa); 2748 bo->bo_htinfo += sizeof(*csa); 2749 bo->bo_wme += sizeof(*csa); 2750#ifdef IEEE80211_SUPERG_SUPPORT 2751 bo->bo_ath += sizeof(*csa); 2752#endif 2753#ifdef IEEE80211_TDMA_SUPPORT 2754 bo->bo_tdma += sizeof(*csa); 2755#endif 2756 bo->bo_appie += sizeof(*csa); 2757 bo->bo_csa_trailer_len += sizeof(*csa); 2758 bo->bo_tim_trailer_len += sizeof(*csa); 2759 m->m_len += sizeof(*csa); 2760 m->m_pkthdr.len += sizeof(*csa); 2761 2762 ieee80211_add_csa(bo->bo_csa, vap); 2763 } else 2764 csa->csa_count--; 2765 vap->iv_csa_count++; 2766 /* NB: don't clear IEEE80211_BEACON_CSA */ 2767 } 2768 if (isset(bo->bo_flags, IEEE80211_BEACON_ERP)) { 2769 /* 2770 * ERP element needs updating. 2771 */ 2772 (void) ieee80211_add_erp(bo->bo_erp, ic); 2773 clrbit(bo->bo_flags, IEEE80211_BEACON_ERP); 2774 } 2775#ifdef IEEE80211_SUPPORT_SUPERG 2776 if (isset(bo->bo_flags, IEEE80211_BEACON_ATH)) { 2777 ieee80211_add_athcaps(bo->bo_ath, ni); 2778 clrbit(bo->bo_flags, IEEE80211_BEACON_ATH); 2779 } 2780#endif 2781 } 2782 if (isset(bo->bo_flags, IEEE80211_BEACON_APPIE)) { 2783 const struct ieee80211_appie *aie = vap->iv_appie_beacon; 2784 int aielen; 2785 uint8_t *frm; 2786 2787 aielen = 0; 2788 if (aie != NULL) 2789 aielen += aie->ie_len; 2790 if (aielen != bo->bo_appie_len) { 2791 /* copy up/down trailer */ 2792 int adjust = aielen - bo->bo_appie_len; 2793 ovbcopy(bo->bo_tim_trailer, bo->bo_tim_trailer+adjust, 2794 bo->bo_tim_trailer_len); 2795 bo->bo_tim_trailer += adjust; 2796 bo->bo_appie += adjust; 2797 bo->bo_appie_len = aielen; 2798 2799 len_changed = 1; 2800 } 2801 frm = bo->bo_appie; 2802 if (aie != NULL) 2803 frm = add_appie(frm, aie); 2804 clrbit(bo->bo_flags, IEEE80211_BEACON_APPIE); 2805 } 2806 IEEE80211_UNLOCK(ic); 2807 2808 return len_changed; 2809}
|