ieee80211_output.c revision 287197
1192886Sedwin/*- 2192886Sedwin * Copyright (c) 2001 Atsushi Onoe 3153761Swollman * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 42742Swollman * All rights reserved. 586464Swollman * 62742Swollman * Redistribution and use in source and binary forms, with or without 72742Swollman * modification, are permitted provided that the following conditions 82742Swollman * are met: 92742Swollman * 1. Redistributions of source code must retain the above copyright 102742Swollman * notice, this list of conditions and the following disclaimer. 112742Swollman * 2. Redistributions in binary form must reproduce the above copyright 1286222Swollman * notice, this list of conditions and the following disclaimer in the 1386222Swollman * documentation and/or other materials provided with the distribution. 142742Swollman * 15270817Spluknet * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16270817Spluknet * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17270817Spluknet * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18270817Spluknet * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19270817Spluknet * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20270817Spluknet * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21270817Spluknet * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2258787Sru * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2358787Sru * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2458787Sru * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 252742Swollman */ 262742Swollman 279908Swollman#include <sys/cdefs.h> 282742Swollman__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_output.c 287197 2015-08-27 08:56:39Z glebius $"); 29270817Spluknet 30270817Spluknet#include "opt_inet.h" 319908Swollman#include "opt_inet6.h" 32169811Swollman#include "opt_wlan.h" 33169811Swollman 34270817Spluknet#include <sys/param.h> 35270817Spluknet#include <sys/systm.h> 36270817Spluknet#include <sys/mbuf.h> 37270817Spluknet#include <sys/kernel.h> 38270817Spluknet#include <sys/endian.h> 39270817Spluknet 40270817Spluknet#include <sys/socket.h> 41270817Spluknet 42270817Spluknet#include <net/bpf.h> 432742Swollman#include <net/ethernet.h> 44270817Spluknet#include <net/if.h> 45270817Spluknet#include <net/if_var.h> 46169811Swollman#include <net/if_llc.h> 47270817Spluknet#include <net/if_media.h> 48270817Spluknet#include <net/if_vlan_var.h> 49169811Swollman 509908Swollman#include <net80211/ieee80211_var.h> 5120094Swollman#include <net80211/ieee80211_regdomain.h> 52149514Swollman#ifdef IEEE80211_SUPPORT_SUPERG 5320094Swollman#include <net80211/ieee80211_superg.h> 5420094Swollman#endif 5520094Swollman#ifdef IEEE80211_SUPPORT_TDMA 5620094Swollman#include <net80211/ieee80211_tdma.h> 5720094Swollman#endif 5820094Swollman#include <net80211/ieee80211_wds.h> 5920094Swollman#include <net80211/ieee80211_mesh.h> 6020094Swollman 6120094Swollman#if defined(INET) || defined(INET6) 6220094Swollman#include <netinet/in.h> 6320094Swollman#endif 64270817Spluknet 65270817Spluknet#ifdef INET 66270817Spluknet#include <netinet/if_ether.h> 67270817Spluknet#include <netinet/in_systm.h> 68270817Spluknet#include <netinet/ip.h> 69270817Spluknet#endif 702742Swollman#ifdef INET6 71270817Spluknet#include <netinet/ip6.h> 72270817Spluknet#endif 7320094Swollman 74270817Spluknet#include <security/mac/mac_framework.h> 75270817Spluknet 76270817Spluknet#define ETHER_HEADER_COPY(dst, src) \ 772742Swollman memcpy(dst, src, sizeof(struct ether_header)) 789908Swollman 792742Swollman/* unalligned little endian access */ 80270817Spluknet#define LE_WRITE_2(p, v) do { \ 81270817Spluknet ((uint8_t *)(p))[0] = (v) & 0xff; \ 82270817Spluknet ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \ 83270817Spluknet} while (0) 84270817Spluknet#define LE_WRITE_4(p, v) do { \ 85270817Spluknet ((uint8_t *)(p))[0] = (v) & 0xff; \ 86270817Spluknet ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \ 87270817Spluknet ((uint8_t *)(p))[2] = ((v) >> 16) & 0xff; \ 88270817Spluknet ((uint8_t *)(p))[3] = ((v) >> 24) & 0xff; \ 89270817Spluknet} while (0) 90270817Spluknet 91270817Spluknetstatic int ieee80211_fragment(struct ieee80211vap *, struct mbuf *, 92270817Spluknet u_int hdrsize, u_int ciphdrsize, u_int mtu); 93270817Spluknetstatic void ieee80211_tx_mgt_cb(struct ieee80211_node *, void *, int); 94270817Spluknet 952742Swollman#ifdef IEEE80211_DEBUG 962742Swollman/* 97270817Spluknet * Decide if an outbound management frame should be 98270817Spluknet * printed when debugging is enabled. This filters some 99270817Spluknet * of the less interesting frames that come frequently 1002742Swollman * (e.g. beacons). 1019908Swollman */ 102149514Swollmanstatic __inline int 103149514Swollmandoprint(struct ieee80211vap *vap, int subtype) 104273719Sedwin{ 105149514Swollman switch (subtype) { 106149514Swollman case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 1072742Swollman return (vap->iv_opmode == IEEE80211_M_IBSS); 108270817Spluknet } 109270817Spluknet return 1; 110270817Spluknet} 111270817Spluknet#endif 112270817Spluknet 113270817Spluknet/* 114270817Spluknet * Transmit a frame to the given destination on the given VAP. 115270817Spluknet * 116270817Spluknet * It's up to the caller to figure out the details of who this 117270817Spluknet * is going to and resolving the node. 118270817Spluknet * 119270817Spluknet * This routine takes care of queuing it for power save, 120270817Spluknet * A-MPDU state stuff, fast-frames state stuff, encapsulation 121270817Spluknet * if required, then passing it up to the driver layer. 122270817Spluknet * 123270817Spluknet * This routine (for now) consumes the mbuf and frees the node 124270817Spluknet * reference; it ideally will return a TX status which reflects 125270817Spluknet * whether the mbuf was consumed or not, so the caller can 126270817Spluknet * free the mbuf (if appropriate) and the node reference (again, 1272742Swollman * if appropriate.) 1282742Swollman */ 129273719Sedwinint 130270817Spluknetieee80211_vap_pkt_send_dest(struct ieee80211vap *vap, struct mbuf *m, 131270817Spluknet struct ieee80211_node *ni) 132270817Spluknet{ 133149514Swollman struct ieee80211com *ic = vap->iv_ic; 134273719Sedwin struct ifnet *ifp = vap->iv_ifp; 135270817Spluknet int error, len, mcast; 136270817Spluknet 137270817Spluknet if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && 1382742Swollman (m->m_flags & M_PWR_SAV) == 0) { 1399908Swollman /* 1402742Swollman * Station in power save mode; pass the frame 141270817Spluknet * to the 802.11 layer and continue. We'll get 142270817Spluknet * the frame back when the time is right. 143270817Spluknet * XXX lose WDS vap linkage? 144270817Spluknet */ 145270817Spluknet if (ieee80211_pwrsave(ni, m) != 0) 146270817Spluknet if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 147270817Spluknet ieee80211_free_node(ni); 148270817Spluknet 149270817Spluknet /* 150270817Spluknet * We queued it fine, so tell the upper layer 151270817Spluknet * that we consumed it. 152270817Spluknet */ 153270817Spluknet return (0); 154270817Spluknet } 1552742Swollman /* calculate priority so drivers can find the tx queue */ 1562742Swollman if (ieee80211_classify(ni, m)) { 157270817Spluknet IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT, 158270817Spluknet ni->ni_macaddr, NULL, 1592742Swollman "%s", "classification failure"); 1609908Swollman vap->iv_stats.is_tx_classify++; 1612742Swollman if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 162270817Spluknet m_freem(m); 163270817Spluknet ieee80211_free_node(ni); 164270817Spluknet 165270817Spluknet /* XXX better status? */ 166270817Spluknet return (0); 167270817Spluknet } 168270817Spluknet /* 169270817Spluknet * Stash the node pointer. Note that we do this after 170270817Spluknet * any call to ieee80211_dwds_mcast because that code 171270817Spluknet * uses any existing value for rcvif to identify the 172270817Spluknet * interface it (might have been) received on. 173270817Spluknet */ 174270817Spluknet m->m_pkthdr.rcvif = (void *)ni; 175270817Spluknet mcast = (m->m_flags & (M_MCAST | M_BCAST)) ? 1: 0; 176270817Spluknet len = m->m_pkthdr.len; 177270817Spluknet 1782742Swollman BPF_MTAP(ifp, m); /* 802.3 tx */ 1792742Swollman 180270817Spluknet /* 181270817Spluknet * Check if A-MPDU tx aggregation is setup or if we 1822742Swollman * should try to enable it. The sta must be associated 183270817Spluknet * with HT and A-MPDU enabled for use. When the policy 184270817Spluknet * routine decides we should enable A-MPDU we issue an 185270817Spluknet * ADDBA request and wait for a reply. The frame being 186270817Spluknet * encapsulated will go out w/o using A-MPDU, or possibly 187270817Spluknet * it might be collected by the driver and held/retransmit. 1888029Swollman * The default ic_ampdu_enable routine handles staggering 18914343Swollman * ADDBA requests in case the receiver NAK's us or we are 19014343Swollman * otherwise unable to establish a BA stream. 191270817Spluknet */ 192270817Spluknet if ((ni->ni_flags & IEEE80211_NODE_AMPDU_TX) && 193270817Spluknet (vap->iv_flags_ht & IEEE80211_FHT_AMPDU_TX) && 194270817Spluknet (m->m_flags & M_EAPOL) == 0) { 195270817Spluknet int tid = WME_AC_TO_TID(M_WME_GETAC(m)); 196270817Spluknet struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[tid]; 197270817Spluknet 198270817Spluknet ieee80211_txampdu_count_packet(tap); 199270817Spluknet if (IEEE80211_AMPDU_RUNNING(tap)) { 200270817Spluknet /* 201270817Spluknet * Operational, mark frame for aggregation. 202270817Spluknet * 203270817Spluknet * XXX do tx aggregation here 204270817Spluknet */ 2052742Swollman m->m_flags |= M_AMPDU_MPDU; 206270817Spluknet } else if (!IEEE80211_AMPDU_REQUESTED(tap) && 207270817Spluknet ic->ic_ampdu_enable(ni, tap)) { 2088029Swollman /* 20914343Swollman * Not negotiated yet, request service. 2102742Swollman */ 2112742Swollman ieee80211_ampdu_request(ni, tap); 21214343Swollman /* XXX hold frame for reply? */ 213169811Swollman } 2142742Swollman } 21514343Swollman 21614343Swollman#ifdef IEEE80211_SUPPORT_SUPERG 217169811Swollman else if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF)) { 21814343Swollman m = ieee80211_ff_check(ni, m); 21930711Swollman if (m == NULL) { 220249692Sedwin /* NB: any ni ref held on stageq */ 221249692Sedwin return (0); 222249692Sedwin } 223273719Sedwin } 224273719Sedwin#endif /* IEEE80211_SUPPORT_SUPERG */ 225249692Sedwin 226249692Sedwin /* 227249692Sedwin * Grab the TX lock - serialise the TX process from this 228249692Sedwin * point (where TX state is being checked/modified) 229249692Sedwin * through to driver queue. 230249692Sedwin */ 231249692Sedwin IEEE80211_TX_LOCK(ic); 232253009Sedwin 233253009Sedwin if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) { 234253009Sedwin /* 235270817Spluknet * Encapsulate the packet in prep for transmission. 236253009Sedwin */ 237253009Sedwin m = ieee80211_encap(vap, ni, m); 238249692Sedwin if (m == NULL) { 239273719Sedwin /* NB: stat+msg handled in ieee80211_encap */ 240270817Spluknet IEEE80211_TX_UNLOCK(ic); 241273719Sedwin ieee80211_free_node(ni); 242249692Sedwin if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 243270817Spluknet return (ENOBUFS); 244273719Sedwin } 245249692Sedwin } 2462742Swollman error = ieee80211_parent_xmitpkt(ic, m); 24743014Swollman 24843014Swollman /* 24943014Swollman * Unlock at this point - no need to hold it across 25043014Swollman * ieee80211_free_node() (ie, the comlock) 2512742Swollman */ 252267477Sedwin IEEE80211_TX_UNLOCK(ic); 253149514Swollman if (error != 0) { 254149514Swollman /* NB: IFQ_HANDOFF reclaims mbuf */ 2552742Swollman ieee80211_free_node(ni); 256149514Swollman if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 257149514Swollman } 2582742Swollman ic->ic_lastdata = ticks; 259267477Sedwin 2602742Swollman return (0); 261248307Sedwin} 262248307Sedwin 263248307Sedwin 264199336Sedwin 265199336Sedwin/* 266199336Sedwin * Send the given mbuf through the given vap. 267199336Sedwin * 268199336Sedwin * This consumes the mbuf regardless of whether the transmit 269199336Sedwin * was successful or not. 270199336Sedwin * 271199336Sedwin * This does none of the initial checks that ieee80211_start() 272199336Sedwin * does (eg CAC timeout, interface wakeup) - the caller must 273199336Sedwin * do this first. 274199336Sedwin */ 275199336Sedwinstatic int 276204887Sedwinieee80211_start_pkt(struct ieee80211vap *vap, struct mbuf *m) 277204887Sedwin{ 278204887Sedwin#define IS_DWDS(vap) \ 279204887Sedwin (vap->iv_opmode == IEEE80211_M_WDS && \ 280204887Sedwin (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0) 281204887Sedwin struct ieee80211com *ic = vap->iv_ic; 282204887Sedwin struct ifnet *ifp = vap->iv_ifp; 283204887Sedwin struct ieee80211_node *ni; 284204887Sedwin struct ether_header *eh; 285204887Sedwin 286204887Sedwin /* 287204887Sedwin * Cancel any background scan. 288204887Sedwin */ 289214722Sedwin if (ic->ic_flags & IEEE80211_F_SCAN) 290240457Sedwin ieee80211_cancel_anyscan(vap); 291214722Sedwin /* 292240457Sedwin * Find the node for the destination so we can do 293214722Sedwin * things like power save and fast frames aggregation. 294214722Sedwin * 295214722Sedwin * NB: past this point various code assumes the first 296214722Sedwin * mbuf has the 802.3 header present (and contiguous). 297226289Sedwin */ 298240457Sedwin ni = NULL; 299226289Sedwin if (m->m_len < sizeof(struct ether_header) && 300226289Sedwin (m = m_pullup(m, sizeof(struct ether_header))) == NULL) { 301270817Spluknet IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 302226289Sedwin "discard frame, %s\n", "m_pullup failed"); 303240457Sedwin vap->iv_stats.is_tx_nobuf++; /* XXX */ 304240457Sedwin if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 305226289Sedwin return (ENOBUFS); 306226289Sedwin } 307226976Sedwin eh = mtod(m, struct ether_header *); 308226976Sedwin if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 309226976Sedwin if (IS_DWDS(vap)) { 310226976Sedwin /* 311226976Sedwin * Only unicast frames from the above go out 312226976Sedwin * DWDS vaps; multicast frames are handled by 313226976Sedwin * dispatching the frame as it comes through 314226976Sedwin * the AP vap (see below). 315226976Sedwin */ 316226976Sedwin IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_WDS, 317226976Sedwin eh->ether_dhost, "mcast", "%s", "on DWDS"); 318226976Sedwin vap->iv_stats.is_dwds_mcast++; 319240457Sedwin m_freem(m); 320240457Sedwin if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 321240457Sedwin /* XXX better status? */ 322240457Sedwin return (ENOBUFS); 323240457Sedwin } 324257697Sedwin if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 325257697Sedwin /* 326263046Sedwin * Spam DWDS vap's w/ multicast traffic. 327263046Sedwin */ 328257697Sedwin /* XXX only if dwds in use? */ 329263046Sedwin ieee80211_dwds_mcast(vap, m); 330263046Sedwin } 331263046Sedwin } 332263046Sedwin#ifdef IEEE80211_SUPPORT_MESH 333263046Sedwin if (vap->iv_opmode != IEEE80211_M_MBSS) { 334273719Sedwin#endif 335273719Sedwin ni = ieee80211_find_txnode(vap, eh->ether_dhost); 336273719Sedwin if (ni == NULL) { 337240457Sedwin /* NB: ieee80211_find_txnode does stat+msg */ 338290698Sedwin if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 339290698Sedwin m_freem(m); 340290698Sedwin /* XXX better status? */ 341290698Sedwin return (ENOBUFS); 342290698Sedwin } 343290698Sedwin if (ni->ni_associd == 0 && 344290698Sedwin (ni->ni_flags & IEEE80211_NODE_ASSOCID)) { 345290698Sedwin IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT, 346273719Sedwin eh->ether_dhost, NULL, 347290698Sedwin "sta not associated (type 0x%04x)", 348290698Sedwin htons(eh->ether_type)); 349273719Sedwin vap->iv_stats.is_tx_notassoc++; 350273719Sedwin if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 35143543Swollman m_freem(m); 35275267Swollman ieee80211_free_node(ni); 35375267Swollman /* XXX better status? */ 354199336Sedwin return (ENOBUFS); 355204887Sedwin } 356273719Sedwin#ifdef IEEE80211_SUPPORT_MESH 357214722Sedwin } else { 358263046Sedwin if (!IEEE80211_ADDR_EQ(eh->ether_shost, vap->iv_myaddr)) { 359273719Sedwin /* 360273719Sedwin * Proxy station only if configured. 361290698Sedwin */ 3622742Swollman if (!ieee80211_mesh_isproxyena(vap)) { 363273719Sedwin IEEE80211_DISCARD_MAC(vap, 36443543Swollman IEEE80211_MSG_OUTPUT | 3652742Swollman IEEE80211_MSG_MESH, 3662742Swollman eh->ether_dhost, NULL, 3672742Swollman "%s", "proxy not enabled"); 368273719Sedwin vap->iv_stats.is_mesh_notproxy++; 36919878Swollman if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 3702742Swollman m_freem(m); 37119878Swollman /* XXX better status? */ 372273719Sedwin return (ENOBUFS); 37319878Swollman } 37443014Swollman IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 37543014Swollman "forward frame from DS SA(%6D), DA(%6D)\n", 3762742Swollman eh->ether_shost, ":", 3772742Swollman eh->ether_dhost, ":"); 3782742Swollman ieee80211_mesh_proxy_check(vap, eh->ether_shost); 37975267Swollman } 380273719Sedwin ni = ieee80211_mesh_discover(vap, eh->ether_dhost, m); 381273719Sedwin if (ni == NULL) { 38275267Swollman /* 383280414Sedwin * NB: ieee80211_mesh_discover holds/disposes 3842742Swollman * frame (e.g. queueing on path discovery). 3852742Swollman */ 3862742Swollman if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 387273719Sedwin /* XXX better status? */ 388273719Sedwin return (ENOBUFS); 3892742Swollman } 39019878Swollman } 39119878Swollman#endif 39219878Swollman 3932742Swollman /* 39419878Swollman * We've resolved the sender, so attempt to transmit it. 39519878Swollman */ 39619878Swollman 3972742Swollman if (vap->iv_state == IEEE80211_S_SLEEP) { 39814343Swollman /* 399280414Sedwin * In power save; queue frame and then wakeup device 40014343Swollman * for transmit. 40114343Swollman */ 40214343Swollman ic->ic_lastdata = ticks; 40314343Swollman if (ieee80211_pwrsave(ni, m) != 0) 40419878Swollman if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 40519878Swollman ieee80211_free_node(ni); 40614343Swollman ieee80211_new_state(vap, IEEE80211_S_RUN, 0); 40719878Swollman return (0); 408273719Sedwin } 40919878Swollman 41014343Swollman if (ieee80211_vap_pkt_send_dest(vap, m, ni) != 0) 41114343Swollman return (ENOBUFS); 41214343Swollman return (0); 413210718Sedwin#undef IS_DWDS 414273719Sedwin} 415273719Sedwin 416273719Sedwin/* 41714343Swollman * Start method for vap's. All packets from the stack come 418273719Sedwin * through here. We handle common processing of the packets 41958787Sru * before dispatching them to the underlying device. 42058787Sru * 42114343Swollman * if_transmit() requires that the mbuf be consumed by this call 4222742Swollman * regardless of the return condition. 4232742Swollman */ 424273719Sedwinint 425273719Sedwinieee80211_vap_transmit(struct ifnet *ifp, struct mbuf *m) 4262742Swollman{ 42719878Swollman struct ieee80211vap *vap = ifp->if_softc; 42819878Swollman struct ieee80211com *ic = vap->iv_ic; 4292742Swollman 4302742Swollman /* 4312742Swollman * No data frames go out unless we're running. 43219878Swollman * Note in particular this covers CAC and CSA 43319878Swollman * states (though maybe we should check muting 43443014Swollman * for CSA). 435158421Swollman */ 43643014Swollman if (vap->iv_state != IEEE80211_S_RUN && 4372742Swollman vap->iv_state != IEEE80211_S_SLEEP) { 438270817Spluknet IEEE80211_LOCK(ic); 4392742Swollman /* re-check under the com lock to avoid races */ 4402742Swollman if (vap->iv_state != IEEE80211_S_RUN && 4412742Swollman vap->iv_state != IEEE80211_S_SLEEP) { 4422742Swollman IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 4432742Swollman "%s: ignore queue, in %s state\n", 4442742Swollman __func__, ieee80211_state_name[vap->iv_state]); 4452742Swollman vap->iv_stats.is_tx_badstate++; 4462742Swollman IEEE80211_UNLOCK(ic); 447121098Swollman ifp->if_drv_flags |= IFF_DRV_OACTIVE; 448121098Swollman m_freem(m); 449121098Swollman if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 450121098Swollman return (ENETDOWN); 451121098Swollman } 452121098Swollman IEEE80211_UNLOCK(ic); 453121098Swollman } 454121098Swollman 455267477Sedwin /* 456267477Sedwin * Sanitize mbuf flags for net80211 use. We cannot 457114173Swollman * clear M_PWR_SAV or M_MORE_DATA because these may 458121098Swollman * be set for frames that are re-submitted from the 459114173Swollman * power save queue. 460121098Swollman * 4619908Swollman * NB: This must be done before ieee80211_classify as 462121098Swollman * it marks EAPOL in frames with M_EAPOL. 463114173Swollman */ 464121098Swollman m->m_flags &= ~(M_80211_TX - M_PWR_SAV - M_MORE_DATA); 465114173Swollman 466121098Swollman /* 467169811Swollman * Bump to the packet transmission path. 468169811Swollman * The mbuf will be consumed here. 469169811Swollman */ 470169811Swollman return (ieee80211_start_pkt(vap, m)); 471169811Swollman} 472169811Swollman 473169811Swollmanvoid 474169811Swollmanieee80211_vap_qflush(struct ifnet *ifp) 4752742Swollman{ 476114173Swollman 477121098Swollman /* Empty for now */ 4782742Swollman} 479270817Spluknet 480270817Spluknet/* 481121098Swollman * 802.11 raw output routine. 4822742Swollman * 483257697Sedwin * XXX TODO: this (and other send routines) should correctly 4848029Swollman * XXX keep the pwr mgmt bit set if it decides to call into the 48530711Swollman * XXX driver to send a frame whilst the state is SLEEP. 486270817Spluknet * 48758787Sru * Otherwise the peer may decide that we're awake and flood us 4882742Swollman * with traffic we are still too asleep to receive! 48930711Swollman */ 49058787Sruint 49158787Sruieee80211_raw_output(struct ieee80211vap *vap, struct ieee80211_node *ni, 49258787Sru struct mbuf *m, const struct ieee80211_bpf_params *params) 49330711Swollman{ 49430711Swollman struct ieee80211com *ic = vap->iv_ic; 495267477Sedwin int error; 496267477Sedwin 497267477Sedwin /* 498267477Sedwin * Set node - the caller has taken a reference, so ensure 499267477Sedwin * that the mbuf has the same node value that 500267477Sedwin * it would if it were going via the normal path. 501267477Sedwin */ 502273719Sedwin m->m_pkthdr.rcvif = (void *)ni; 503273719Sedwin 504267477Sedwin /* 505267477Sedwin * Attempt to add bpf transmit parameters. 5062742Swollman * 5072742Swollman * For now it's ok to fail; the raw_xmit api still takes 5082742Swollman * them as an option. 5092742Swollman * 5102742Swollman * Later on when ic_raw_xmit() has params removed, 511273719Sedwin * they'll have to be added - so fail the transmit if 512273719Sedwin * they can't be. 513273719Sedwin */ 51419878Swollman if (params) 5152742Swollman (void) ieee80211_add_xmit_params(m, params); 5162742Swollman 5172742Swollman error = ic->ic_raw_xmit(ni, m, params); 518273719Sedwin if (error) 519273719Sedwin if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 1); 520290698Sedwin return (error); 521290698Sedwin} 522290698Sedwin 523290698Sedwin/* 5242742Swollman * 802.11 output routine. This is (currently) used only to 52558787Sru * connect bpf write calls to the 802.11 layer for injecting 5269908Swollman * raw 802.11 frames. 527273719Sedwin */ 52819878Swollmanint 5299908Swollmanieee80211_output(struct ifnet *ifp, struct mbuf *m, 5302742Swollman const struct sockaddr *dst, struct route *ro) 5312742Swollman{ 5322742Swollman#define senderr(e) do { error = (e); goto bad;} while (0) 533273719Sedwin struct ieee80211_node *ni = NULL; 534273719Sedwin struct ieee80211vap *vap; 535273719Sedwin struct ieee80211_frame *wh; 536273719Sedwin struct ieee80211com *ic = NULL; 537273719Sedwin int error; 538273719Sedwin int ret; 539273719Sedwin 540273719Sedwin if (ifp->if_drv_flags & IFF_DRV_OACTIVE) { 541273719Sedwin /* 542273719Sedwin * Short-circuit requests if the vap is marked OACTIVE 543273719Sedwin * as this can happen because a packet came down through 544273719Sedwin * ieee80211_start before the vap entered RUN state in 545273719Sedwin * which case it's ok to just drop the frame. This 546273719Sedwin * should not be necessary but callers of if_output don't 547273719Sedwin * check OACTIVE. 548273719Sedwin */ 549273719Sedwin senderr(ENETDOWN); 550273719Sedwin } 551273719Sedwin vap = ifp->if_softc; 552273719Sedwin ic = vap->iv_ic; 553273719Sedwin /* 554273719Sedwin * Hand to the 802.3 code if not tagged as 555273719Sedwin * a raw 802.11 frame. 556273719Sedwin */ 557273719Sedwin if (dst->sa_family != AF_IEEE80211) 558273719Sedwin return vap->iv_output(ifp, m, dst, ro); 5592742Swollman#ifdef MAC 5602742Swollman error = mac_ifnet_check_transmit(ifp, m); 5612742Swollman if (error) 562273719Sedwin senderr(error); 563273719Sedwin#endif 56458787Sru if (ifp->if_flags & IFF_MONITOR) 5652742Swollman senderr(ENETDOWN); 56614343Swollman if (!IFNET_IS_UP_RUNNING(ifp)) 56714343Swollman senderr(ENETDOWN); 56814343Swollman if (vap->iv_state == IEEE80211_S_CAC) { 569273719Sedwin IEEE80211_DPRINTF(vap, 570273719Sedwin IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 571273719Sedwin "block %s frame in CAC state\n", "raw data"); 572280414Sedwin vap->iv_stats.is_tx_badstate++; 57314343Swollman senderr(EIO); /* XXX */ 574270817Spluknet } else if (vap->iv_state == IEEE80211_S_SCAN) 575196582Sedwin senderr(EIO); 576204887Sedwin /* XXX bypass bridge, pfil, carp, etc. */ 577204887Sedwin 578204887Sedwin if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack)) 579197000Sedwin senderr(EIO); /* XXX */ 580204887Sedwin wh = mtod(m, struct ieee80211_frame *); 581204887Sedwin if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 582204887Sedwin IEEE80211_FC0_VERSION_0) 583204887Sedwin senderr(EIO); /* XXX */ 584204887Sedwin 585197000Sedwin /* locate destination node */ 586198270Sedwin switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 587204887Sedwin case IEEE80211_FC1_DIR_NODS: 588204887Sedwin case IEEE80211_FC1_DIR_FROMDS: 589204887Sedwin ni = ieee80211_find_txnode(vap, wh->i_addr1); 590198270Sedwin break; 591226289Sedwin case IEEE80211_FC1_DIR_TODS: 592214722Sedwin case IEEE80211_FC1_DIR_DSTODS: 593214722Sedwin if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) 594214722Sedwin senderr(EIO); /* XXX */ 595214722Sedwin ni = ieee80211_find_txnode(vap, wh->i_addr3); 596214722Sedwin break; 597214722Sedwin default: 598214722Sedwin senderr(EIO); /* XXX */ 599226289Sedwin } 600270817Spluknet if (ni == NULL) { 601219687Sedwin /* 602270817Spluknet * Permit packets w/ bpf params through regardless 603270817Spluknet * (see below about sa_len). 604270817Spluknet */ 605270817Spluknet if (dst->sa_len == 0) 606219687Sedwin senderr(EHOSTUNREACH); 607270817Spluknet ni = ieee80211_ref_node(vap->iv_bss); 608226289Sedwin } 609240457Sedwin 610226289Sedwin /* 611226289Sedwin * Sanitize mbuf for net80211 flags leaked from above. 612270817Spluknet * 613270817Spluknet * NB: This must be done before ieee80211_classify as 614270817Spluknet * it marks EAPOL in frames with M_EAPOL. 615270817Spluknet */ 616270817Spluknet m->m_flags &= ~M_80211_TX; 617270817Spluknet 618226289Sedwin /* calculate priority so drivers can find the tx queue */ 619226289Sedwin /* XXX assumes an 802.3 frame */ 620226289Sedwin if (ieee80211_classify(ni, m)) 621226289Sedwin senderr(EIO); /* XXX */ 622226289Sedwin 623226289Sedwin if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 624226289Sedwin IEEE80211_NODE_STAT(ni, tx_data); 625270817Spluknet if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 626270817Spluknet IEEE80211_NODE_STAT(ni, tx_mcast); 627270817Spluknet m->m_flags |= M_MCAST; 628226289Sedwin } else 629226289Sedwin IEEE80211_NODE_STAT(ni, tx_ucast); 630226289Sedwin /* NB: ieee80211_encap does not include 802.11 header */ 631226289Sedwin IEEE80211_NODE_STAT_ADD(ni, tx_bytes, m->m_pkthdr.len); 632233445Sedwin 633270817Spluknet IEEE80211_TX_LOCK(ic); 634241869Sedwin 635270817Spluknet /* 636241869Sedwin * NB: DLT_IEEE802_11_RADIO identifies the parameters are 637241869Sedwin * present by setting the sa_len field of the sockaddr (yes, 638270817Spluknet * this is a hack). 639270817Spluknet * NB: we assume sa_data is suitably aligned to cast. 640270817Spluknet */ 641241869Sedwin ret = ieee80211_raw_output(vap, ni, m, 642241869Sedwin (const struct ieee80211_bpf_params *)(dst->sa_len ? 643270817Spluknet dst->sa_data : NULL)); 644270817Spluknet IEEE80211_TX_UNLOCK(ic); 645270817Spluknet return (ret); 646270817Spluknetbad: 647241869Sedwin if (m != NULL) 648241869Sedwin m_freem(m); 64914343Swollman if (ni != NULL) 65014343Swollman ieee80211_free_node(ni); 651270817Spluknet if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 652270817Spluknet return error; 653241869Sedwin#undef senderr 65414343Swollman} 6552742Swollman 6562742Swollman/* 6572742Swollman * Set the direction field and address fields of an outgoing 658273719Sedwin * frame. Note this should be called early on in constructing 65919878Swollman * a frame as it sets i_fc[1]; other bits can then be or'd in. 6602742Swollman */ 6612742Swollmanvoid 662233445Sedwinieee80211_send_setup( 663233445Sedwin struct ieee80211_node *ni, 664233445Sedwin struct mbuf *m, 665240457Sedwin int type, int tid, 666233445Sedwin const uint8_t sa[IEEE80211_ADDR_LEN], 667240457Sedwin const uint8_t da[IEEE80211_ADDR_LEN], 668240457Sedwin const uint8_t bssid[IEEE80211_ADDR_LEN]) 669240457Sedwin{ 670240457Sedwin#define WH4(wh) ((struct ieee80211_frame_addr4 *)wh) 671240457Sedwin struct ieee80211vap *vap = ni->ni_vap; 672233445Sedwin struct ieee80211_tx_ampdu *tap; 673240457Sedwin struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); 674240457Sedwin ieee80211_seq seqno; 675240457Sedwin 676240457Sedwin IEEE80211_TX_LOCK_ASSERT(ni->ni_ic); 677240457Sedwin 678240457Sedwin wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type; 679233445Sedwin if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) { 6802742Swollman switch (vap->iv_opmode) { 6812742Swollman case IEEE80211_M_STA: 682273719Sedwin wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 683240457Sedwin IEEE80211_ADDR_COPY(wh->i_addr1, bssid); 6842742Swollman IEEE80211_ADDR_COPY(wh->i_addr2, sa); 6852742Swollman IEEE80211_ADDR_COPY(wh->i_addr3, da); 68658787Sru break; 68775267Swollman case IEEE80211_M_IBSS: 68875267Swollman case IEEE80211_M_AHDEMO: 689114173Swollman wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 690114173Swollman IEEE80211_ADDR_COPY(wh->i_addr1, da); 6912742Swollman IEEE80211_ADDR_COPY(wh->i_addr2, sa); 6922742Swollman IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 69358787Sru break; 69458787Sru case IEEE80211_M_HOSTAP: 69558787Sru wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 6962742Swollman IEEE80211_ADDR_COPY(wh->i_addr1, da); 6972742Swollman IEEE80211_ADDR_COPY(wh->i_addr2, bssid); 6982742Swollman IEEE80211_ADDR_COPY(wh->i_addr3, sa); 6992742Swollman break; 70019878Swollman case IEEE80211_M_WDS: 7012742Swollman wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 70243014Swollman IEEE80211_ADDR_COPY(wh->i_addr1, da); 70343014Swollman IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 70443014Swollman IEEE80211_ADDR_COPY(wh->i_addr3, da); 70543014Swollman IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa); 706171948Sedwin break; 707171948Sedwin case IEEE80211_M_MBSS: 708171948Sedwin#ifdef IEEE80211_SUPPORT_MESH 709171948Sedwin if (IEEE80211_IS_MULTICAST(da)) { 710257697Sedwin wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 711171948Sedwin /* XXX next hop */ 712171948Sedwin IEEE80211_ADDR_COPY(wh->i_addr1, da); 713171948Sedwin IEEE80211_ADDR_COPY(wh->i_addr2, 714171948Sedwin vap->iv_myaddr); 71543014Swollman } else { 71643014Swollman wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 717171948Sedwin IEEE80211_ADDR_COPY(wh->i_addr1, da); 718171948Sedwin IEEE80211_ADDR_COPY(wh->i_addr2, 719171948Sedwin vap->iv_myaddr); 72043014Swollman IEEE80211_ADDR_COPY(wh->i_addr3, da); 72143014Swollman IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa); 72243014Swollman } 723257697Sedwin#endif 724263906Sedwin break; 725263906Sedwin case IEEE80211_M_MONITOR: /* NB: to quiet compiler */ 726263906Sedwin break; 727263906Sedwin } 728263906Sedwin } else { 729257697Sedwin wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 730257697Sedwin IEEE80211_ADDR_COPY(wh->i_addr1, da); 731257697Sedwin IEEE80211_ADDR_COPY(wh->i_addr2, sa); 732257697Sedwin#ifdef IEEE80211_SUPPORT_MESH 733257697Sedwin if (vap->iv_opmode == IEEE80211_M_MBSS) 734257697Sedwin IEEE80211_ADDR_COPY(wh->i_addr3, sa); 735263906Sedwin else 736263906Sedwin#endif 737263906Sedwin IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 738263906Sedwin } 739263906Sedwin *(uint16_t *)&wh->i_dur[0] = 0; 740263906Sedwin 741263906Sedwin tap = &ni->ni_tx_ampdu[tid]; 742273719Sedwin if (tid != IEEE80211_NONQOS_TID && IEEE80211_AMPDU_RUNNING(tap)) 743273719Sedwin m->m_flags |= M_AMPDU_MPDU; 744263906Sedwin else { 745263906Sedwin if (IEEE80211_HAS_SEQ(type & IEEE80211_FC0_TYPE_MASK, 746263906Sedwin type & IEEE80211_FC0_SUBTYPE_MASK)) 747263906Sedwin seqno = ni->ni_txseqs[tid]++; 748257697Sedwin else 74943014Swollman seqno = 0; 75043014Swollman 75143014Swollman *(uint16_t *)&wh->i_seq[0] = 75243014Swollman htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 75343014Swollman M_SEQNO_SET(m, seqno); 754280414Sedwin } 75543014Swollman 75643014Swollman if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 75743014Swollman m->m_flags |= M_MCAST; 75843014Swollman#undef WH4 75943014Swollman} 76043014Swollman 76143014Swollman/* 76243014Swollman * Send a management frame to the specified node. The node pointer 76343014Swollman * must have a reference as the pointer will be passed to the driver 76443014Swollman * and potentially held for a long time. If the frame is successfully 7652742Swollman * dispatched to the driver, then it is responsible for freeing the 7662742Swollman * reference (and potentially free'ing up any associated storage); 76719878Swollman * otherwise deal with reclaiming any reference (on error). 76819878Swollman */ 76919878Swollmanint 77020094Swollmanieee80211_mgmt_output(struct ieee80211_node *ni, struct mbuf *m, int type, 77120094Swollman struct ieee80211_bpf_params *params) 77220094Swollman{ 7732742Swollman struct ieee80211vap *vap = ni->ni_vap; 774273719Sedwin struct ieee80211com *ic = ni->ni_ic; 77519878Swollman struct ieee80211_frame *wh; 7762742Swollman int ret; 7772742Swollman 7782742Swollman KASSERT(ni != NULL, ("null node")); 7792742Swollman 78019878Swollman if (vap->iv_state == IEEE80211_S_CAC) { 7812742Swollman IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 7822742Swollman ni, "block %s frame in CAC state", 7832742Swollman ieee80211_mgt_subtype_name[ 7842742Swollman (type & IEEE80211_FC0_SUBTYPE_MASK) >> 7852742Swollman IEEE80211_FC0_SUBTYPE_SHIFT]); 786273719Sedwin vap->iv_stats.is_tx_badstate++; 7872742Swollman ieee80211_free_node(ni); 788273719Sedwin m_freem(m); 789273719Sedwin return EIO; /* XXX */ 7902742Swollman } 791274563Sedwin 792274563Sedwin M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 793274563Sedwin if (m == NULL) { 794158421Swollman ieee80211_free_node(ni); 795158421Swollman return ENOMEM; 796274563Sedwin } 7972742Swollman 79886222Swollman IEEE80211_TX_LOCK(ic); 79920094Swollman 80020094Swollman wh = mtod(m, struct ieee80211_frame *); 80120094Swollman ieee80211_send_setup(ni, m, 802274563Sedwin IEEE80211_FC0_TYPE_MGT | type, IEEE80211_NONQOS_TID, 803274563Sedwin vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 80420094Swollman if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 8052742Swollman IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr1, 8062742Swollman "encrypting frame (%s)", __func__); 8072742Swollman wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 8082742Swollman } 809248307Sedwin m->m_flags |= M_ENCAP; /* mark encapsulated */ 810273719Sedwin 811273719Sedwin KASSERT(type != IEEE80211_FC0_SUBTYPE_PROBE_RESP, ("probe response?")); 812248307Sedwin M_WME_SETAC(m, params->ibp_pri); 8132742Swollman 81458787Sru#ifdef IEEE80211_DEBUG 8152742Swollman /* avoid printing too many frames */ 816270817Spluknet if ((ieee80211_msg_debug(vap) && doprint(vap, type)) || 8172742Swollman ieee80211_msg_dumppkts(vap)) { 8182742Swollman printf("[%s] send %s on channel %u\n", 819270817Spluknet ether_sprintf(wh->i_addr1), 820270817Spluknet ieee80211_mgt_subtype_name[ 821270817Spluknet (type & IEEE80211_FC0_SUBTYPE_MASK) >> 822270817Spluknet IEEE80211_FC0_SUBTYPE_SHIFT], 823270817Spluknet ieee80211_chan2ieee(ic, ic->ic_curchan)); 824270817Spluknet } 825270817Spluknet#endif 826270817Spluknet IEEE80211_NODE_STAT(ni, tx_mgmt); 827270817Spluknet 828273719Sedwin ret = ieee80211_raw_output(vap, ni, m, params); 829270817Spluknet IEEE80211_TX_UNLOCK(ic); 830270817Spluknet return (ret); 831270817Spluknet} 832270817Spluknet 833270817Spluknet/* 834270817Spluknet * Send a null data frame to the specified node. If the station 835270817Spluknet * is setup for QoS then a QoS Null Data frame is constructed. 836270817Spluknet * If this is a WDS station then a 4-address frame is constructed. 837270817Spluknet * 8382742Swollman * NB: the caller is assumed to have setup a node reference 839270817Spluknet * for use; this is necessary to deal with a race condition 840270817Spluknet * when probing for inactive stations. Like ieee80211_mgmt_output 8412742Swollman * we must cleanup any node reference on error; however we 8422742Swollman * can safely just unref it as we know it will never be the 8432742Swollman * last reference to the node. 8442742Swollman */ 8452742Swollmanint 846270817Spluknetieee80211_send_nulldata(struct ieee80211_node *ni) 847270817Spluknet{ 848270817Spluknet struct ieee80211vap *vap = ni->ni_vap; 849270817Spluknet struct ieee80211com *ic = ni->ni_ic; 850270817Spluknet struct mbuf *m; 851270817Spluknet struct ieee80211_frame *wh; 852270817Spluknet int hdrlen; 853270817Spluknet uint8_t *frm; 854270817Spluknet int ret; 855270817Spluknet 856270817Spluknet if (vap->iv_state == IEEE80211_S_CAC) { 857270817Spluknet IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 858270817Spluknet ni, "block %s frame in CAC state", "null data"); 859153670Swollman ieee80211_unref_node(&ni); 860153670Swollman vap->iv_stats.is_tx_badstate++; 861273719Sedwin return EIO; /* XXX */ 862270817Spluknet } 86358787Sru 864153670Swollman if (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) 865153670Swollman hdrlen = sizeof(struct ieee80211_qosframe); 866273719Sedwin else 867270817Spluknet hdrlen = sizeof(struct ieee80211_frame); 868153670Swollman /* NB: only WDS vap's get 4-address frames */ 86919878Swollman if (vap->iv_opmode == IEEE80211_M_WDS) 870270817Spluknet hdrlen += IEEE80211_ADDR_LEN; 871270817Spluknet if (ic->ic_flags & IEEE80211_F_DATAPAD) 872270817Spluknet hdrlen = roundup(hdrlen, sizeof(uint32_t)); 8732742Swollman 8742742Swollman m = ieee80211_getmgtframe(&frm, ic->ic_headroom + hdrlen, 0); 8752742Swollman if (m == NULL) { 8762742Swollman /* XXX debug msg */ 877270817Spluknet ieee80211_unref_node(&ni); 8782742Swollman vap->iv_stats.is_tx_nobuf++; 8792742Swollman return ENOMEM; 880270817Spluknet } 881270817Spluknet KASSERT(M_LEADINGSPACE(m) >= hdrlen, 8822742Swollman ("leading space %zd", M_LEADINGSPACE(m))); 8832742Swollman M_PREPEND(m, hdrlen, M_NOWAIT); 884270817Spluknet if (m == NULL) { 8852742Swollman /* NB: cannot happen */ 8862742Swollman ieee80211_free_node(ni); 887270817Spluknet return ENOMEM; 88886222Swollman } 889270817Spluknet 890270817Spluknet IEEE80211_TX_LOCK(ic); 891270817Spluknet 892270817Spluknet wh = mtod(m, struct ieee80211_frame *); /* NB: a little lie */ 893270817Spluknet if (ni->ni_flags & IEEE80211_NODE_QOS) { 894270817Spluknet const int tid = WME_AC_TO_TID(WME_AC_BE); 895270817Spluknet uint8_t *qos; 896270817Spluknet 897270817Spluknet ieee80211_send_setup(ni, m, 898270817Spluknet IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS_NULL, 899270817Spluknet tid, vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 900270817Spluknet 90186222Swollman if (vap->iv_opmode == IEEE80211_M_WDS) 902270817Spluknet qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 903270817Spluknet else 904270817Spluknet qos = ((struct ieee80211_qosframe *) wh)->i_qos; 905270817Spluknet qos[0] = tid & IEEE80211_QOS_TID; 906270817Spluknet if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[WME_AC_BE].wmep_noackPolicy) 907270817Spluknet qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK; 908270817Spluknet qos[1] = 0; 909270817Spluknet } else { 910270817Spluknet ieee80211_send_setup(ni, m, 911270817Spluknet IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA, 91286222Swollman IEEE80211_NONQOS_TID, 913270817Spluknet vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 914270817Spluknet } 91586222Swollman if (vap->iv_opmode != IEEE80211_M_WDS) { 916270817Spluknet /* NB: power management bit is never sent by an AP */ 917270817Spluknet if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && 918270817Spluknet vap->iv_opmode != IEEE80211_M_HOSTAP) 919270817Spluknet wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT; 92086222Swollman } 921270817Spluknet m->m_len = m->m_pkthdr.len = hdrlen; 922270817Spluknet m->m_flags |= M_ENCAP; /* mark encapsulated */ 92386222Swollman 924270817Spluknet M_WME_SETAC(m, WME_AC_BE); 925270817Spluknet 926270817Spluknet IEEE80211_NODE_STAT(ni, tx_data); 927270817Spluknet 928270817Spluknet IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, ni, 929270817Spluknet "send %snull data frame on channel %u, pwr mgt %s", 930270817Spluknet ni->ni_flags & IEEE80211_NODE_QOS ? "QoS " : "", 93186222Swollman ieee80211_chan2ieee(ic, ic->ic_curchan), 932270817Spluknet wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis"); 933270817Spluknet 934270817Spluknet ret = ieee80211_raw_output(vap, ni, m, NULL); 935270817Spluknet IEEE80211_TX_UNLOCK(ic); 936270817Spluknet return (ret); 937270817Spluknet} 938270817Spluknet 939270817Spluknet/* 940270817Spluknet * Assign priority to a frame based on any vlan tag assigned 941270817Spluknet * to the station and/or any Diffserv setting in an IP header. 942270817Spluknet * Finally, if an ACM policy is setup (in station mode) it's 943270817Spluknet * applied. 944270817Spluknet */ 945270817Spluknetint 94686222Swollmanieee80211_classify(struct ieee80211_node *ni, struct mbuf *m) 947270817Spluknet{ 94886222Swollman const struct ether_header *eh = mtod(m, struct ether_header *); 949270817Spluknet int v_wme_ac, d_wme_ac, ac; 950270817Spluknet 951270817Spluknet /* 952270817Spluknet * Always promote PAE/EAPOL frames to high priority. 95386222Swollman */ 954270817Spluknet if (eh->ether_type == htons(ETHERTYPE_PAE)) { 955270817Spluknet /* NB: mark so others don't need to check header */ 956270817Spluknet m->m_flags |= M_EAPOL; 95786222Swollman ac = WME_AC_VO; 958270817Spluknet goto done; 959270817Spluknet } 960270817Spluknet /* 96186222Swollman * Non-qos traffic goes to BE. 962270817Spluknet */ 963270817Spluknet if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) { 964270817Spluknet ac = WME_AC_BE; 96586222Swollman goto done; 966270817Spluknet } 967270817Spluknet 968270817Spluknet /* 96986222Swollman * If node has a vlan tag then all traffic 970270817Spluknet * to it must have a matching tag. 971270817Spluknet */ 972270817Spluknet v_wme_ac = 0; 973270817Spluknet if (ni->ni_vlan != 0) { 974270817Spluknet if ((m->m_flags & M_VLANTAG) == 0) { 975270817Spluknet IEEE80211_NODE_STAT(ni, tx_novlantag); 97686222Swollman return 1; 977270817Spluknet } 978270817Spluknet if (EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 979270817Spluknet EVL_VLANOFTAG(ni->ni_vlan)) { 980270817Spluknet IEEE80211_NODE_STAT(ni, tx_vlanmismatch); 981270817Spluknet return 1; 982270817Spluknet } 983270817Spluknet /* map vlan priority to AC */ 984270817Spluknet v_wme_ac = TID_TO_WME_AC(EVL_PRIOFTAG(ni->ni_vlan)); 985270817Spluknet } 98686222Swollman 98714343Swollman /* XXX m_copydata may be too slow for fast path */ 988158421Swollman#ifdef INET 989149514Swollman if (eh->ether_type == htons(ETHERTYPE_IP)) { 9909908Swollman uint8_t tos; 9919908Swollman /* 992270817Spluknet * IP frame, map the DSCP bits from the TOS field. 99314343Swollman */ 9942742Swollman /* NB: ip header may not be in first mbuf */ 995149514Swollman m_copydata(m, sizeof(struct ether_header) + 99675267Swollman offsetof(struct ip, ip_tos), sizeof(tos), &tos); 99743014Swollman tos >>= 5; /* NB: ECN + low 3 bits of DSCP */ 99843014Swollman d_wme_ac = TID_TO_WME_AC(tos); 99943014Swollman } else { 100075267Swollman#endif /* INET */ 100143014Swollman#ifdef INET6 100243014Swollman if (eh->ether_type == htons(ETHERTYPE_IPV6)) { 1003273719Sedwin uint32_t flow; 100443014Swollman uint8_t tos; 100543014Swollman /* 1006273719Sedwin * IPv6 frame, map the DSCP bits from the traffic class field. 100743014Swollman */ 100843014Swollman m_copydata(m, sizeof(struct ether_header) + 1009273719Sedwin offsetof(struct ip6_hdr, ip6_flow), sizeof(flow), 101043014Swollman (caddr_t) &flow); 1011149514Swollman tos = (uint8_t)(ntohl(flow) >> 20); 1012149514Swollman tos >>= 5; /* NB: ECN + low 3 bits of DSCP */ 1013149514Swollman d_wme_ac = TID_TO_WME_AC(tos); 1014149514Swollman } else { 1015149514Swollman#endif /* INET6 */ 1016149514Swollman d_wme_ac = WME_AC_BE; 1017149514Swollman#ifdef INET6 1018149514Swollman } 1019149514Swollman#endif 1020149514Swollman#ifdef INET 1021149514Swollman } 1022149514Swollman#endif 1023149514Swollman /* 1024149514Swollman * Use highest priority AC. 1025149514Swollman */ 1026149514Swollman if (v_wme_ac > d_wme_ac) 1027270817Spluknet ac = v_wme_ac; 1028149514Swollman else 10299908Swollman ac = d_wme_ac; 10309908Swollman 103119878Swollman /* 10322742Swollman * Apply ACM policy. 10332742Swollman */ 10342742Swollman if (ni->ni_vap->iv_opmode == IEEE80211_M_STA) { 10352742Swollman static const int acmap[4] = { 10369908Swollman WME_AC_BK, /* WME_AC_BE */ 10372742Swollman WME_AC_BK, /* WME_AC_BK */ 103819878Swollman WME_AC_BE, /* WME_AC_VI */ 10392742Swollman WME_AC_VI, /* WME_AC_VO */ 10402742Swollman }; 10412742Swollman struct ieee80211com *ic = ni->ni_ic; 10429908Swollman 10432742Swollman while (ac != WME_AC_BK && 104419878Swollman ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm) 10452742Swollman ac = acmap[ac]; 10462742Swollman } 10472742Swollmandone: 10482742Swollman M_WME_SETAC(m, ac); 10492742Swollman return 0; 10502742Swollman} 10512742Swollman 10522742Swollman/* 10532742Swollman * Insure there is sufficient contiguous space to encapsulate the 10542742Swollman * 802.11 data frame. If room isn't already there, arrange for it. 10552742Swollman * Drivers and cipher modules assume we have done the necessary work 10562742Swollman * and fail rudely if they don't find the space they need. 10572742Swollman */ 10582742Swollmanstruct mbuf * 105919878Swollmanieee80211_mbuf_adjust(struct ieee80211vap *vap, int hdrsize, 10602742Swollman struct ieee80211_key *key, struct mbuf *m) 10612742Swollman{ 10622742Swollman#define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc)) 106319878Swollman int needed_space = vap->iv_ic->ic_headroom + hdrsize; 10642742Swollman 10652742Swollman if (key != NULL) { 10662742Swollman /* XXX belongs in crypto code? */ 10672742Swollman needed_space += key->wk_cipher->ic_header; 10682742Swollman /* XXX frags */ 10692742Swollman /* 107019878Swollman * When crypto is being done in the host we must insure 10712742Swollman * the data are writable for the cipher routines; clone 10722742Swollman * a writable mbuf chain. 10732742Swollman * XXX handle SWMIC specially 107458787Sru */ 1075273719Sedwin if (key->wk_flags & (IEEE80211_KEY_SWENCRYPT|IEEE80211_KEY_SWENMIC)) { 1076270817Spluknet m = m_unshare(m, M_NOWAIT); 107758787Sru if (m == NULL) { 107858787Sru IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 10799908Swollman "%s: cannot get writable mbuf\n", __func__); 108019878Swollman vap->iv_stats.is_tx_nobuf++; /* XXX new stat */ 10812742Swollman return NULL; 10822742Swollman } 10832742Swollman } 10842742Swollman } 10852742Swollman /* 10862742Swollman * We know we are called just before stripping an Ethernet 10872742Swollman * header and prepending an LLC header. This means we know 10882742Swollman * there will be 10892742Swollman * sizeof(struct ether_header) - sizeof(struct llc) 10902742Swollman * bytes recovered to which we need additional space for the 109119878Swollman * 802.11 header and any crypto header. 10922742Swollman */ 10932742Swollman /* XXX check trailing space and copy instead? */ 10942742Swollman if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) { 109519878Swollman struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type); 10962742Swollman if (n == NULL) { 10972742Swollman IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 10982742Swollman "%s: cannot expand storage\n", __func__); 10992742Swollman vap->iv_stats.is_tx_nobuf++; 110019878Swollman m_freem(m); 11012742Swollman return NULL; 11022742Swollman } 11032742Swollman KASSERT(needed_space <= MHLEN, 11042742Swollman ("not enough room, need %u got %d\n", needed_space, MHLEN)); 110519878Swollman /* 11062742Swollman * Setup new mbuf to have leading space to prepend the 11072742Swollman * 802.11 header and any crypto header bits that are 11082742Swollman * required (the latter are added when the driver calls 11092742Swollman * back to ieee80211_crypto_encap to do crypto encapsulation). 11102742Swollman */ 11112742Swollman /* NB: must be first 'cuz it clobbers m_data */ 11122742Swollman m_move_pkthdr(n, m); 111319878Swollman n->m_len = 0; /* NB: m_gethdr does not set */ 11142742Swollman n->m_data += needed_space; 11152742Swollman /* 1116169811Swollman * Pull up Ethernet header to create the expected layout. 1117270817Spluknet * We could use m_pullup but that's overkill (i.e. we don't 1118169811Swollman * need the actual data) and it cannot fail so do it inline 1119273719Sedwin * for speed. 1120169811Swollman */ 1121105196Swollman /* NB: struct ether_header is known to be contiguous */ 1122114173Swollman n->m_len += sizeof(struct ether_header); 1123169811Swollman m->m_len -= sizeof(struct ether_header); 1124114173Swollman m->m_data += sizeof(struct ether_header); 1125114173Swollman /* 1126114173Swollman * Replace the head of the chain. 1127114173Swollman */ 1128169811Swollman n->m_next = m; 1129105196Swollman m = n; 1130105196Swollman } 1131105196Swollman return m; 1132105196Swollman#undef TO_BE_RECLAIMED 1133273719Sedwin} 1134105196Swollman 1135169811Swollman/* 1136169811Swollman * Return the transmit key to use in sending a unicast frame. 1137169811Swollman * If a unicast key is set we use that. When no unicast key is set 1138169811Swollman * we fall back to the default transmit key. 1139105196Swollman */ 1140169811Swollmanstatic __inline struct ieee80211_key * 1141169811Swollmanieee80211_crypto_getucastkey(struct ieee80211vap *vap, 1142169811Swollman struct ieee80211_node *ni) 1143169811Swollman{ 1144169811Swollman if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { 1145169811Swollman if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE || 1146169811Swollman IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey])) 1147169811Swollman return NULL; 1148169811Swollman return &vap->iv_nw_keys[vap->iv_def_txkey]; 1149169811Swollman } else { 1150169811Swollman return &ni->ni_ucastkey; 1151169811Swollman } 1152169811Swollman} 1153169811Swollman 1154169811Swollman/* 1155169811Swollman * Return the transmit key to use in sending a multicast frame. 1156105196Swollman * Multicast traffic always uses the group key which is installed as 1157169811Swollman * the default tx key. 1158169811Swollman */ 1159169811Swollmanstatic __inline struct ieee80211_key * 1160169811Swollmanieee80211_crypto_getmcastkey(struct ieee80211vap *vap, 1161169811Swollman struct ieee80211_node *ni) 1162171948Sedwin{ 11632742Swollman if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE || 1164171948Sedwin IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey])) 1165171948Sedwin return NULL; 1166171948Sedwin return &vap->iv_nw_keys[vap->iv_def_txkey]; 1167171948Sedwin} 11682742Swollman 11692742Swollman/* 11709908Swollman * Encapsulate an outbound data frame. The mbuf chain is updated. 11712742Swollman * If an error is encountered NULL is returned. The caller is required 117219878Swollman * to provide a node reference and pullup the ethernet header in the 11732742Swollman * first mbuf. 11742742Swollman * 11752742Swollman * NB: Packet is assumed to be processed by ieee80211_classify which 11762742Swollman * marked EAPOL frames w/ M_EAPOL. 117719878Swollman */ 11782742Swollmanstruct mbuf * 11792742Swollmanieee80211_encap(struct ieee80211vap *vap, struct ieee80211_node *ni, 11802742Swollman struct mbuf *m) 11812742Swollman{ 11822742Swollman#define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh)) 11832742Swollman#define MC01(mc) ((struct ieee80211_meshcntl_ae01 *)mc) 11842742Swollman struct ieee80211com *ic = ni->ni_ic; 1185158421Swollman#ifdef IEEE80211_SUPPORT_MESH 11862742Swollman struct ieee80211_mesh_state *ms = vap->iv_mesh; 11872742Swollman struct ieee80211_meshcntl_ae10 *mc; 118819878Swollman struct ieee80211_mesh_route *rt = NULL; 11892742Swollman int dir = -1; 11902742Swollman#endif 11912742Swollman struct ether_header eh; 11922742Swollman struct ieee80211_frame *wh; 119319878Swollman struct ieee80211_key *key; 11942742Swollman struct llc *llc; 11952742Swollman int hdrsize, hdrspace, datalen, addqos, txfrag, is4addr; 11962742Swollman ieee80211_seq seqno; 11972742Swollman int meshhdrsize, meshae; 11982742Swollman uint8_t *qos; 119919878Swollman 12002742Swollman IEEE80211_TX_LOCK_ASSERT(ic); 12012742Swollman 12022742Swollman /* 12032742Swollman * Copy existing Ethernet header to a safe place. The 120419878Swollman * rest of the code assumes it's ok to strip it when 12052742Swollman * reorganizing state for the final encapsulation. 12062742Swollman */ 12072742Swollman KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!")); 12082742Swollman ETHER_HEADER_COPY(&eh, mtod(m, caddr_t)); 1209149514Swollman 12109908Swollman /* 12119908Swollman * Insure space for additional headers. First identify 12129908Swollman * transmit key to use in calculating any buffer adjustments 12132742Swollman * required. This is also used below to do privacy 1214171948Sedwin * encapsulation work. Then calculate the 802.11 header 1215171948Sedwin * size and any padding required by the driver. 1216171948Sedwin * 12179908Swollman * Note key may be NULL if we fall back to the default 12189908Swollman * transmit key and that is not set. In that case the 121958787Sru * buffer may not be expanded as needed by the cipher 122058787Sru * routines, but they will/should discard it. 12212742Swollman */ 12222742Swollman if (vap->iv_flags & IEEE80211_F_PRIVACY) { 12232742Swollman if (vap->iv_opmode == IEEE80211_M_STA || 122419878Swollman !IEEE80211_IS_MULTICAST(eh.ether_dhost) || 12252742Swollman (vap->iv_opmode == IEEE80211_M_WDS && 12262742Swollman (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY))) 12272742Swollman key = ieee80211_crypto_getucastkey(vap, ni); 12282742Swollman else 122958787Sru key = ieee80211_crypto_getmcastkey(vap, ni); 123058787Sru if (key == NULL && (m->m_flags & M_EAPOL) == 0) { 123158787Sru IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, 123258787Sru eh.ether_dhost, 123358787Sru "no default transmit key (%s) deftxkey %u", 123458787Sru __func__, vap->iv_def_txkey); 123558787Sru vap->iv_stats.is_tx_nodefkey++; 123664499Swollman goto bad; 123764499Swollman } 123864499Swollman } else 1239171948Sedwin key = NULL; 1240171948Sedwin /* 1241171948Sedwin * XXX Some ap's don't handle QoS-encapsulated EAPOL 12429908Swollman * frames so suppress use. This may be an issue if other 12432742Swollman * ap's require all data frames to be QoS-encapsulated 124458787Sru * once negotiated in which case we'll need to make this 124558787Sru * configurable. 12462742Swollman * NB: mesh data frames are QoS. 12472742Swollman */ 12482742Swollman addqos = ((ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) || 124986222Swollman (vap->iv_opmode == IEEE80211_M_MBSS)) && 125086222Swollman (m->m_flags & M_EAPOL) == 0; 125186222Swollman if (addqos) 125286222Swollman hdrsize = sizeof(struct ieee80211_qosframe); 125386222Swollman else 125486222Swollman hdrsize = sizeof(struct ieee80211_frame); 125586222Swollman#ifdef IEEE80211_SUPPORT_MESH 125686222Swollman if (vap->iv_opmode == IEEE80211_M_MBSS) { 125786222Swollman /* 125886222Swollman * Mesh data frames are encapsulated according to the 125986222Swollman * rules of Section 11B.8.5 (p.139 of D3.0 spec). 126086222Swollman * o Group Addressed data (aka multicast) originating 126186222Swollman * at the local sta are sent w/ 3-address format and 126286222Swollman * address extension mode 00 126386222Swollman * o Individually Addressed data (aka unicast) originating 126486222Swollman * at the local sta are sent w/ 4-address format and 126586222Swollman * address extension mode 00 126686222Swollman * o Group Addressed data forwarded from a non-mesh sta are 126786222Swollman * sent w/ 3-address format and address extension mode 01 126886222Swollman * o Individually Address data from another sta are sent 126986222Swollman * w/ 4-address format and address extension mode 10 127086222Swollman */ 1271171948Sedwin is4addr = 0; /* NB: don't use, disable */ 1272171948Sedwin if (!IEEE80211_IS_MULTICAST(eh.ether_dhost)) { 1273171948Sedwin rt = ieee80211_mesh_rt_find(vap, eh.ether_dhost); 12749908Swollman KASSERT(rt != NULL, ("route is NULL")); 12752742Swollman dir = IEEE80211_FC1_DIR_DSTODS; 12762742Swollman hdrsize += IEEE80211_ADDR_LEN; 12772742Swollman if (rt->rt_flags & IEEE80211_MESHRT_FLAGS_PROXY) { 1278149514Swollman if (IEEE80211_ADDR_EQ(rt->rt_mesh_gate, 12792742Swollman vap->iv_myaddr)) { 12802742Swollman IEEE80211_NOTE_MAC(vap, 1281270817Spluknet IEEE80211_MSG_MESH, 12822742Swollman eh.ether_dhost, 12832742Swollman "%s", "trying to send to ourself"); 12842742Swollman goto bad; 12852742Swollman } 12862742Swollman meshae = IEEE80211_MESH_AE_10; 1287149514Swollman meshhdrsize = 128858787Sru sizeof(struct ieee80211_meshcntl_ae10); 1289273719Sedwin } else { 1290273719Sedwin meshae = IEEE80211_MESH_AE_00; 1291273719Sedwin meshhdrsize = 12922742Swollman sizeof(struct ieee80211_meshcntl); 129358787Sru } 129458787Sru } else { 129558787Sru dir = IEEE80211_FC1_DIR_FROMDS; 1296273719Sedwin if (!IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)) { 129758787Sru /* proxy group */ 129858787Sru meshae = IEEE80211_MESH_AE_01; 129958787Sru meshhdrsize = 130058787Sru sizeof(struct ieee80211_meshcntl_ae01); 1301273719Sedwin } else { 1302270817Spluknet /* group */ 130358787Sru meshae = IEEE80211_MESH_AE_00; 130458787Sru meshhdrsize = sizeof(struct ieee80211_meshcntl); 1305270817Spluknet } 1306273719Sedwin } 130758787Sru } else { 130858787Sru#endif 1309270817Spluknet /* 1310273719Sedwin * 4-address frames need to be generated for: 131158787Sru * o packets sent through a WDS vap (IEEE80211_M_WDS) 131258787Sru * o packets sent through a vap marked for relaying 131358787Sru * (e.g. a station operating with dynamic WDS) 1314273719Sedwin */ 1315270817Spluknet is4addr = vap->iv_opmode == IEEE80211_M_WDS || 1316270817Spluknet ((vap->iv_flags_ext & IEEE80211_FEXT_4ADDR) && 131758787Sru !IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)); 131858787Sru if (is4addr) 131975267Swollman hdrsize += IEEE80211_ADDR_LEN; 1320270817Spluknet meshhdrsize = meshae = 0; 132158787Sru#ifdef IEEE80211_SUPPORT_MESH 132258787Sru } 1323270817Spluknet#endif 1324273719Sedwin /* 13252742Swollman * Honor driver DATAPAD requirement. 132643543Swollman */ 132743543Swollman if (ic->ic_flags & IEEE80211_F_DATAPAD) 132858787Sru hdrspace = roundup(hdrsize, sizeof(uint32_t)); 132943543Swollman else 133067578Swollman hdrspace = hdrsize; 133175267Swollman 133275267Swollman if (__predict_true((m->m_flags & M_FF) == 0)) { 133367578Swollman /* 1334171948Sedwin * Normal frame. 1335171948Sedwin */ 1336171948Sedwin m = ieee80211_mbuf_adjust(vap, hdrspace + meshhdrsize, key, m); 13379908Swollman if (m == NULL) { 13382742Swollman /* NB: ieee80211_mbuf_adjust handles msgs+statistics */ 133967578Swollman goto bad; 1340270817Spluknet } 13412742Swollman /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */ 134219878Swollman m_adj(m, sizeof(struct ether_header) - sizeof(struct llc)); 13432742Swollman llc = mtod(m, struct llc *); 13442742Swollman llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 13452742Swollman llc->llc_control = LLC_UI; 134643014Swollman llc->llc_snap.org_code[0] = 0; 13472742Swollman llc->llc_snap.org_code[1] = 0; 13482742Swollman llc->llc_snap.org_code[2] = 0; 13492742Swollman llc->llc_snap.ether_type = eh.ether_type; 13502742Swollman } else { 13512742Swollman#ifdef IEEE80211_SUPPORT_SUPERG 13522742Swollman /* 13532742Swollman * Aggregated frame. 13542742Swollman */ 13552742Swollman m = ieee80211_ff_encap(vap, m, hdrspace + meshhdrsize, key); 13562742Swollman if (m == NULL) 13572742Swollman#endif 13589908Swollman goto bad; 13592742Swollman } 136019878Swollman datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */ 1361153670Swollman 13622742Swollman M_PREPEND(m, hdrspace + meshhdrsize, M_NOWAIT); 13632742Swollman if (m == NULL) { 13642742Swollman vap->iv_stats.is_tx_nobuf++; 13652742Swollman goto bad; 136658787Sru } 136758787Sru wh = mtod(m, struct ieee80211_frame *); 136858787Sru wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 136958787Sru *(uint16_t *)wh->i_dur = 0; 137058787Sru qos = NULL; /* NB: quiet compiler */ 137158787Sru if (is4addr) { 1372226289Sedwin wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 137358787Sru IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 137458787Sru IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 137558787Sru IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 137614343Swollman IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost); 137775267Swollman } else switch (vap->iv_opmode) { 137875267Swollman case IEEE80211_M_STA: 137975267Swollman wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 138075267Swollman IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 138175267Swollman IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 138275267Swollman IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 138358787Sru break; 1384158421Swollman case IEEE80211_M_IBSS: 1385158421Swollman case IEEE80211_M_AHDEMO: 1386158421Swollman wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 138767578Swollman IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1388171948Sedwin IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 1389171948Sedwin /* 1390171948Sedwin * NB: always use the bssid from iv_bss as the 1391192886Sedwin * neighbor's may be stale after an ibss merge 1392240457Sedwin */ 1393240457Sedwin IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_bssid); 1394192886Sedwin break; 1395240457Sedwin case IEEE80211_M_HOSTAP: 1396192886Sedwin wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 1397192886Sedwin IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1398240457Sedwin IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 1399192886Sedwin IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 1400240457Sedwin break; 1401192886Sedwin#ifdef IEEE80211_SUPPORT_MESH 1402240457Sedwin case IEEE80211_M_MBSS: 1403240457Sedwin /* NB: offset by hdrspace to deal with DATAPAD */ 1404192886Sedwin mc = (struct ieee80211_meshcntl_ae10 *) 1405240457Sedwin (mtod(m, uint8_t *) + hdrspace); 1406192886Sedwin wh->i_fc[1] = dir; 1407192886Sedwin switch (meshae) { 14082742Swollman case IEEE80211_MESH_AE_00: /* no proxy */ 14092742Swollman mc->mc_flags = 0; 141058787Sru if (dir == IEEE80211_FC1_DIR_DSTODS) { /* ucast */ 14112742Swollman IEEE80211_ADDR_COPY(wh->i_addr1, 141219878Swollman ni->ni_macaddr); 14132742Swollman IEEE80211_ADDR_COPY(wh->i_addr2, 14142742Swollman vap->iv_myaddr); 14152742Swollman IEEE80211_ADDR_COPY(wh->i_addr3, 1416270817Spluknet eh.ether_dhost); 14172742Swollman IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, 141819878Swollman eh.ether_shost); 14192742Swollman qos =((struct ieee80211_qosframe_addr4 *) 14202742Swollman wh)->i_qos; 1421153670Swollman } else if (dir == IEEE80211_FC1_DIR_FROMDS) { 14222742Swollman /* mcast */ 14232742Swollman IEEE80211_ADDR_COPY(wh->i_addr1, 14242742Swollman eh.ether_dhost); 14252742Swollman IEEE80211_ADDR_COPY(wh->i_addr2, 14262742Swollman vap->iv_myaddr); 14272742Swollman IEEE80211_ADDR_COPY(wh->i_addr3, 14282742Swollman eh.ether_shost); 14292742Swollman qos = ((struct ieee80211_qosframe *) 14302742Swollman wh)->i_qos; 14312742Swollman } 143219878Swollman break; 14332742Swollman case IEEE80211_MESH_AE_01: /* mcast, proxy */ 14342742Swollman wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 14352742Swollman IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 143614343Swollman IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 1437158421Swollman IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_myaddr); 1438149514Swollman mc->mc_flags = 1; 143914343Swollman IEEE80211_ADDR_COPY(MC01(mc)->mc_addr4, 144014343Swollman eh.ether_shost); 144114343Swollman qos = ((struct ieee80211_qosframe *) wh)->i_qos; 144214343Swollman break; 1443158421Swollman case IEEE80211_MESH_AE_10: /* ucast, proxy */ 1444121098Swollman KASSERT(rt != NULL, ("route is NULL")); 1445121098Swollman IEEE80211_ADDR_COPY(wh->i_addr1, rt->rt_nexthop); 1446158421Swollman IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 1447121098Swollman IEEE80211_ADDR_COPY(wh->i_addr3, rt->rt_mesh_gate); 1448121098Swollman IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, vap->iv_myaddr); 1449121098Swollman mc->mc_flags = IEEE80211_MESH_AE_10; 1450121098Swollman IEEE80211_ADDR_COPY(mc->mc_addr5, eh.ether_dhost); 145114343Swollman IEEE80211_ADDR_COPY(mc->mc_addr6, eh.ether_shost); 1452169811Swollman qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 1453169811Swollman break; 1454169811Swollman default: 1455169811Swollman KASSERT(0, ("meshae %d", meshae)); 1456169811Swollman break; 1457169811Swollman } 1458270817Spluknet mc->mc_ttl = ms->ms_ttl; 1459270817Spluknet ms->ms_seq++; 1460273719Sedwin LE_WRITE_4(mc->mc_seq, ms->ms_seq); 1461273719Sedwin break; 1462270817Spluknet#endif 1463270817Spluknet case IEEE80211_M_WDS: /* NB: is4addr should always be true */ 1464270817Spluknet default: 1465270817Spluknet goto bad; 1466270817Spluknet } 1467270817Spluknet if (m->m_flags & M_MORE_DATA) 1468270817Spluknet wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 1469270817Spluknet if (addqos) { 1470270817Spluknet int ac, tid; 14712742Swollman 14722742Swollman if (is4addr) { 147358787Sru qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 14742742Swollman /* NB: mesh case handled earlier */ 14752742Swollman } else if (vap->iv_opmode != IEEE80211_M_MBSS) 147658787Sru qos = ((struct ieee80211_qosframe *) wh)->i_qos; 147758787Sru ac = M_WME_GETAC(m); 147858787Sru /* map from access class/queue to 11e header priorty value */ 14792742Swollman tid = WME_AC_TO_TID(ac); 148043543Swollman qos[0] = tid & IEEE80211_QOS_TID; 148143543Swollman if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy) 148275267Swollman qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK; 148343543Swollman#ifdef IEEE80211_SUPPORT_MESH 148443543Swollman if (vap->iv_opmode == IEEE80211_M_MBSS) 148558787Sru qos[1] = IEEE80211_QOS_MC; 148658787Sru else 148758787Sru#endif 1488253009Sedwin qos[1] = 0; 1489253009Sedwin wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 1490270817Spluknet 1491253009Sedwin if ((m->m_flags & M_AMPDU_MPDU) == 0) { 1492253009Sedwin /* 1493253009Sedwin * NB: don't assign a sequence # to potential 149443543Swollman * aggregates; we expect this happens at the 149575267Swollman * point the frame comes off any aggregation q 149675267Swollman * as otherwise we may introduce holes in the 149758787Sru * BA sequence space and/or make window accouting 149814343Swollman * more difficult. 149917200Swollman * 150017200Swollman * XXX may want to control this with a driver 150117200Swollman * capability; this may also change when we pull 150217200Swollman * aggregation up into net80211 1503270817Spluknet */ 150417200Swollman seqno = ni->ni_txseqs[tid]++; 150517200Swollman *(uint16_t *)wh->i_seq = 150658787Sru htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 15072742Swollman M_SEQNO_SET(m, seqno); 15082742Swollman } 15092742Swollman } else { 15102742Swollman seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++; 151119878Swollman *(uint16_t *)wh->i_seq = 15122742Swollman htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 15132742Swollman M_SEQNO_SET(m, seqno); 15142742Swollman } 151558787Sru 151614343Swollman 15172742Swollman /* check if xmit fragmentation is required */ 1518270817Spluknet txfrag = (m->m_pkthdr.len > vap->iv_fragthreshold && 1519270817Spluknet !IEEE80211_IS_MULTICAST(wh->i_addr1) && 15202742Swollman (vap->iv_caps & IEEE80211_C_TXFRAG) && 152175267Swollman (m->m_flags & (M_FF | M_AMPDU_MPDU)) == 0); 152275267Swollman if (key != NULL) { 152314343Swollman /* 152475267Swollman * IEEE 802.1X: send EAPOL frames always in the clear. 152575267Swollman * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set. 152675267Swollman */ 152775267Swollman if ((m->m_flags & M_EAPOL) == 0 || 152858787Sru ((vap->iv_flags & IEEE80211_F_WPA) && 152975267Swollman (vap->iv_opmode == IEEE80211_M_STA ? 153017200Swollman !IEEE80211_KEY_UNDEFINED(key) : 153117200Swollman !IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)))) { 1532149514Swollman wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 1533270817Spluknet if (!ieee80211_crypto_enmic(vap, key, m, txfrag)) { 1534270817Spluknet IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, 153517200Swollman eh.ether_dhost, 1536158421Swollman "%s", "enmic failed, discard frame"); 1537158421Swollman vap->iv_stats.is_crypto_enmicfail++; 153817200Swollman goto bad; 153958787Sru } 154058787Sru } 1541270817Spluknet } 1542273719Sedwin if (txfrag && !ieee80211_fragment(vap, m, hdrsize, 154358787Sru key != NULL ? key->wk_cipher->ic_header : 0, vap->iv_fragthreshold)) 154458787Sru goto bad; 154558787Sru 154658787Sru m->m_flags |= M_ENCAP; /* mark encapsulated */ 1547121098Swollman 1548121098Swollman IEEE80211_NODE_STAT(ni, tx_data); 1549121098Swollman if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1550121098Swollman IEEE80211_NODE_STAT(ni, tx_mcast); 1551121098Swollman m->m_flags |= M_MCAST; 1552121098Swollman } else 1553121098Swollman IEEE80211_NODE_STAT(ni, tx_ucast); 1554121098Swollman IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen); 1555121098Swollman 1556121098Swollman return m; 1557121098Swollmanbad: 1558121098Swollman if (m != NULL) 1559121098Swollman m_freem(m); 1560121098Swollman return NULL; 1561121098Swollman#undef WH4 1562121098Swollman#undef MC01 1563290698Sedwin} 1564121098Swollman 1565290698Sedwin/* 1566290698Sedwin * Fragment the frame according to the specified mtu. 1567290698Sedwin * The size of the 802.11 header (w/o padding) is provided 1568290698Sedwin * so we don't need to recalculate it. We create a new 1569290698Sedwin * mbuf for each fragment and chain it through m_nextpkt; 1570290698Sedwin * we might be able to optimize this by reusing the original 1571290698Sedwin * packet's mbufs but that is significantly more complicated. 1572290698Sedwin */ 1573290698Sedwinstatic int 1574290698Sedwinieee80211_fragment(struct ieee80211vap *vap, struct mbuf *m0, 1575290698Sedwin u_int hdrsize, u_int ciphdrsize, u_int mtu) 1576290698Sedwin{ 1577290698Sedwin struct ieee80211com *ic = vap->iv_ic; 157858787Sru struct ieee80211_frame *wh, *whf; 157958787Sru struct mbuf *m, *prev, *next; 158058787Sru u_int totalhdrsize, fragno, fragsize, off, remainder, payload; 158158787Sru u_int hdrspace; 158258787Sru 158358787Sru KASSERT(m0->m_nextpkt == NULL, ("mbuf already chained?")); 158458787Sru KASSERT(m0->m_pkthdr.len > mtu, 158558787Sru ("pktlen %u mtu %u", m0->m_pkthdr.len, mtu)); 158658787Sru 158758787Sru /* 158858787Sru * Honor driver DATAPAD requirement. 158958787Sru */ 159058787Sru if (ic->ic_flags & IEEE80211_F_DATAPAD) 159158787Sru hdrspace = roundup(hdrsize, sizeof(uint32_t)); 159258787Sru else 159358787Sru hdrspace = hdrsize; 159458787Sru 159558787Sru wh = mtod(m0, struct ieee80211_frame *); 159658787Sru /* NB: mark the first frag; it will be propagated below */ 159758787Sru wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG; 159858787Sru totalhdrsize = hdrspace + ciphdrsize; 159958787Sru fragno = 1; 160058787Sru off = mtu - ciphdrsize; 160158787Sru remainder = m0->m_pkthdr.len - off; 1602270817Spluknet prev = m0; 160314343Swollman do { 160458787Sru fragsize = totalhdrsize + remainder; 160558787Sru if (fragsize > mtu) 1606270817Spluknet fragsize = mtu; 1607270817Spluknet /* XXX fragsize can be >2048! */ 1608270817Spluknet KASSERT(fragsize < MCLBYTES, 160917200Swollman ("fragment size %u too big!", fragsize)); 1610270817Spluknet if (fragsize > MHLEN) 1611270817Spluknet m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 1612270817Spluknet else 1613270817Spluknet m = m_gethdr(M_NOWAIT, MT_DATA); 1614270817Spluknet if (m == NULL) 1615270817Spluknet goto bad; 1616270817Spluknet /* leave room to prepend any cipher header */ 1617270817Spluknet m_align(m, fragsize - ciphdrsize); 161858787Sru 161917200Swollman /* 162017200Swollman * Form the header in the fragment. Note that since 162117200Swollman * we mark the first fragment with the MORE_FRAG bit 1622270817Spluknet * it automatically is propagated to each fragment; we 1623270817Spluknet * need only clear it on the last fragment (done below). 162417200Swollman * NB: frag 1+ dont have Mesh Control field present. 162558787Sru */ 162658787Sru whf = mtod(m, struct ieee80211_frame *); 1627273719Sedwin memcpy(whf, wh, hdrsize); 1628273719Sedwin#ifdef IEEE80211_SUPPORT_MESH 1629273719Sedwin if (vap->iv_opmode == IEEE80211_M_MBSS) { 163058787Sru if (IEEE80211_IS_DSTODS(wh)) 163158787Sru ((struct ieee80211_qosframe_addr4 *) 163258787Sru whf)->i_qos[1] &= ~IEEE80211_QOS_MC; 163358787Sru else 163458787Sru ((struct ieee80211_qosframe *) 163558787Sru whf)->i_qos[1] &= ~IEEE80211_QOS_MC; 163658787Sru } 1637270817Spluknet#endif 1638270817Spluknet *(uint16_t *)&whf->i_seq[0] |= htole16( 163958787Sru (fragno & IEEE80211_SEQ_FRAG_MASK) << 164058787Sru IEEE80211_SEQ_FRAG_SHIFT); 164158787Sru fragno++; 164258787Sru 164358787Sru payload = fragsize - totalhdrsize; 164458787Sru /* NB: destination is known to be contiguous */ 164558787Sru 164658787Sru m_copydata(m0, off, payload, mtod(m, uint8_t *) + hdrspace); 164758787Sru m->m_len = hdrspace + payload; 164858787Sru m->m_pkthdr.len = hdrspace + payload; 164958787Sru m->m_flags |= M_FRAG; 1650158421Swollman 1651158421Swollman /* chain up the fragment */ 165258787Sru prev->m_nextpkt = m; 165358787Sru prev = m; 1654253009Sedwin 165558787Sru /* deduct fragment just formed */ 165658787Sru remainder -= payload; 165758787Sru off += payload; 165858787Sru } while (remainder != 0); 165958787Sru 1660149514Swollman /* set the last fragment */ 166158787Sru m->m_flags |= M_LASTFRAG; 166275267Swollman whf->i_fc[1] &= ~IEEE80211_FC1_MORE_FRAG; 1663149514Swollman 166458787Sru /* strip first mbuf now that everything has been copied */ 166575267Swollman m_adj(m0, -(m0->m_pkthdr.len - (mtu - ciphdrsize))); 166658787Sru m0->m_flags |= M_FIRSTFRAG | M_FRAG; 166758787Sru 166858787Sru vap->iv_stats.is_tx_fragframes++; 166958787Sru vap->iv_stats.is_tx_frags += fragno-1; 167058787Sru 1671149514Swollman return 1; 1672270817Spluknetbad: 167375267Swollman /* reclaim fragments but leave original frame for caller to free */ 167475267Swollman for (m = m0->m_nextpkt; m != NULL; m = next) { 167575267Swollman next = m->m_nextpkt; 167675267Swollman m->m_nextpkt = NULL; /* XXX paranoid */ 167758787Sru m_freem(m); 167858787Sru } 167958787Sru m0->m_nextpkt = NULL; 168058787Sru return 0; 168158787Sru} 168258787Sru 168358787Sru/* 168475267Swollman * Add a supported rates element id to a frame. 168575267Swollman */ 168675267Swollmanuint8_t * 168775267Swollmanieee80211_add_rates(uint8_t *frm, const struct ieee80211_rateset *rs) 168875267Swollman{ 168975267Swollman int nrates; 1690270817Spluknet 169158787Sru *frm++ = IEEE80211_ELEMID_RATES; 169275267Swollman nrates = rs->rs_nrates; 169375267Swollman if (nrates > IEEE80211_RATE_SIZE) 169475267Swollman nrates = IEEE80211_RATE_SIZE; 169593799Swollman *frm++ = nrates; 169693799Swollman memcpy(frm, rs->rs_rates, nrates); 169793799Swollman return frm + nrates; 169893799Swollman} 169993799Swollman 170086222Swollman/* 1701114173Swollman * Add an extended supported rates element id to a frame. 1702114173Swollman */ 170386222Swollmanuint8_t * 1704121098Swollmanieee80211_add_xrates(uint8_t *frm, const struct ieee80211_rateset *rs) 1705121098Swollman{ 1706121098Swollman /* 1707121098Swollman * Add an extended supported rates element if operating in 11g mode. 1708121098Swollman */ 1709121098Swollman if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 1710270817Spluknet int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1711121098Swollman *frm++ = IEEE80211_ELEMID_XRATES; 1712121098Swollman *frm++ = nrates; 1713121098Swollman memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1714121098Swollman frm += nrates; 1715121098Swollman } 1716121098Swollman return frm; 1717121098Swollman} 1718121098Swollman 1719121098Swollman/* 1720121098Swollman * Add an ssid element to a frame. 1721121098Swollman */ 172258787Sruuint8_t * 172358787Sruieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len) 172458787Sru{ 172558787Sru *frm++ = IEEE80211_ELEMID_SSID; 172658787Sru *frm++ = len; 172775267Swollman memcpy(frm, ssid, len); 172858787Sru return frm + len; 172958787Sru} 173058787Sru 173158787Sru/* 173258787Sru * Add an erp element to a frame. 173358787Sru */ 173458787Srustatic uint8_t * 173558787Sruieee80211_add_erp(uint8_t *frm, struct ieee80211com *ic) 173658787Sru{ 173758787Sru uint8_t erp; 173858787Sru 1739153670Swollman *frm++ = IEEE80211_ELEMID_ERP; 174058787Sru *frm++ = 1; 174158787Sru erp = 0; 174258787Sru if (ic->ic_nonerpsta != 0) 174358787Sru erp |= IEEE80211_ERP_NON_ERP_PRESENT; 1744149514Swollman if (ic->ic_flags & IEEE80211_F_USEPROT) 1745153670Swollman erp |= IEEE80211_ERP_USE_PROTECTION; 1746153670Swollman if (ic->ic_flags & IEEE80211_F_USEBARKER) 1747153670Swollman erp |= IEEE80211_ERP_LONG_PREAMBLE; 1748153670Swollman *frm++ = erp; 1749153670Swollman return frm; 1750153670Swollman} 1751153670Swollman 1752153670Swollman/* 1753153670Swollman * Add a CFParams element to a frame. 1754153670Swollman */ 1755270817Spluknetstatic uint8_t * 1756153670Swollmanieee80211_add_cfparms(uint8_t *frm, struct ieee80211com *ic) 1757153670Swollman{ 1758153670Swollman#define ADDSHORT(frm, v) do { \ 1759149514Swollman LE_WRITE_2(frm, v); \ 1760149514Swollman frm += 2; \ 1761149514Swollman} while (0) 1762149514Swollman *frm++ = IEEE80211_ELEMID_CFPARMS; 1763273719Sedwin *frm++ = 6; 1764149514Swollman *frm++ = 0; /* CFP count */ 1765149514Swollman *frm++ = 2; /* CFP period */ 1766 ADDSHORT(frm, 0); /* CFP MaxDuration (TU) */ 1767 ADDSHORT(frm, 0); /* CFP CurRemaining (TU) */ 1768 return frm; 1769#undef ADDSHORT 1770} 1771 1772static __inline uint8_t * 1773add_appie(uint8_t *frm, const struct ieee80211_appie *ie) 1774{ 1775 memcpy(frm, ie->ie_data, ie->ie_len); 1776 return frm + ie->ie_len; 1777} 1778 1779static __inline uint8_t * 1780add_ie(uint8_t *frm, const uint8_t *ie) 1781{ 1782 memcpy(frm, ie, 2 + ie[1]); 1783 return frm + 2 + ie[1]; 1784} 1785 1786#define WME_OUI_BYTES 0x00, 0x50, 0xf2 1787/* 1788 * Add a WME information element to a frame. 1789 */ 1790static uint8_t * 1791ieee80211_add_wme_info(uint8_t *frm, struct ieee80211_wme_state *wme) 1792{ 1793 static const struct ieee80211_wme_info info = { 1794 .wme_id = IEEE80211_ELEMID_VENDOR, 1795 .wme_len = sizeof(struct ieee80211_wme_info) - 2, 1796 .wme_oui = { WME_OUI_BYTES }, 1797 .wme_type = WME_OUI_TYPE, 1798 .wme_subtype = WME_INFO_OUI_SUBTYPE, 1799 .wme_version = WME_VERSION, 1800 .wme_info = 0, 1801 }; 1802 memcpy(frm, &info, sizeof(info)); 1803 return frm + sizeof(info); 1804} 1805 1806/* 1807 * Add a WME parameters element to a frame. 1808 */ 1809static uint8_t * 1810ieee80211_add_wme_param(uint8_t *frm, struct ieee80211_wme_state *wme) 1811{ 1812#define SM(_v, _f) (((_v) << _f##_S) & _f) 1813#define ADDSHORT(frm, v) do { \ 1814 LE_WRITE_2(frm, v); \ 1815 frm += 2; \ 1816} while (0) 1817 /* NB: this works 'cuz a param has an info at the front */ 1818 static const struct ieee80211_wme_info param = { 1819 .wme_id = IEEE80211_ELEMID_VENDOR, 1820 .wme_len = sizeof(struct ieee80211_wme_param) - 2, 1821 .wme_oui = { WME_OUI_BYTES }, 1822 .wme_type = WME_OUI_TYPE, 1823 .wme_subtype = WME_PARAM_OUI_SUBTYPE, 1824 .wme_version = WME_VERSION, 1825 }; 1826 int i; 1827 1828 memcpy(frm, ¶m, sizeof(param)); 1829 frm += __offsetof(struct ieee80211_wme_info, wme_info); 1830 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */ 1831 *frm++ = 0; /* reserved field */ 1832 for (i = 0; i < WME_NUM_AC; i++) { 1833 const struct wmeParams *ac = 1834 &wme->wme_bssChanParams.cap_wmeParams[i]; 1835 *frm++ = SM(i, WME_PARAM_ACI) 1836 | SM(ac->wmep_acm, WME_PARAM_ACM) 1837 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN) 1838 ; 1839 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX) 1840 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN) 1841 ; 1842 ADDSHORT(frm, ac->wmep_txopLimit); 1843 } 1844 return frm; 1845#undef SM 1846#undef ADDSHORT 1847} 1848#undef WME_OUI_BYTES 1849 1850/* 1851 * Add an 11h Power Constraint element to a frame. 1852 */ 1853static uint8_t * 1854ieee80211_add_powerconstraint(uint8_t *frm, struct ieee80211vap *vap) 1855{ 1856 const struct ieee80211_channel *c = vap->iv_bss->ni_chan; 1857 /* XXX per-vap tx power limit? */ 1858 int8_t limit = vap->iv_ic->ic_txpowlimit / 2; 1859 1860 frm[0] = IEEE80211_ELEMID_PWRCNSTR; 1861 frm[1] = 1; 1862 frm[2] = c->ic_maxregpower > limit ? c->ic_maxregpower - limit : 0; 1863 return frm + 3; 1864} 1865 1866/* 1867 * Add an 11h Power Capability element to a frame. 1868 */ 1869static uint8_t * 1870ieee80211_add_powercapability(uint8_t *frm, const struct ieee80211_channel *c) 1871{ 1872 frm[0] = IEEE80211_ELEMID_PWRCAP; 1873 frm[1] = 2; 1874 frm[2] = c->ic_minpower; 1875 frm[3] = c->ic_maxpower; 1876 return frm + 4; 1877} 1878 1879/* 1880 * Add an 11h Supported Channels element to a frame. 1881 */ 1882static uint8_t * 1883ieee80211_add_supportedchannels(uint8_t *frm, struct ieee80211com *ic) 1884{ 1885 static const int ielen = 26; 1886 1887 frm[0] = IEEE80211_ELEMID_SUPPCHAN; 1888 frm[1] = ielen; 1889 /* XXX not correct */ 1890 memcpy(frm+2, ic->ic_chan_avail, ielen); 1891 return frm + 2 + ielen; 1892} 1893 1894/* 1895 * Add an 11h Quiet time element to a frame. 1896 */ 1897static uint8_t * 1898ieee80211_add_quiet(uint8_t *frm, struct ieee80211vap *vap) 1899{ 1900 struct ieee80211_quiet_ie *quiet = (struct ieee80211_quiet_ie *) frm; 1901 1902 quiet->quiet_ie = IEEE80211_ELEMID_QUIET; 1903 quiet->len = 6; 1904 if (vap->iv_quiet_count_value == 1) 1905 vap->iv_quiet_count_value = vap->iv_quiet_count; 1906 else if (vap->iv_quiet_count_value > 1) 1907 vap->iv_quiet_count_value--; 1908 1909 if (vap->iv_quiet_count_value == 0) { 1910 /* value 0 is reserved as per 802.11h standerd */ 1911 vap->iv_quiet_count_value = 1; 1912 } 1913 1914 quiet->tbttcount = vap->iv_quiet_count_value; 1915 quiet->period = vap->iv_quiet_period; 1916 quiet->duration = htole16(vap->iv_quiet_duration); 1917 quiet->offset = htole16(vap->iv_quiet_offset); 1918 return frm + sizeof(*quiet); 1919} 1920 1921/* 1922 * Add an 11h Channel Switch Announcement element to a frame. 1923 * Note that we use the per-vap CSA count to adjust the global 1924 * counter so we can use this routine to form probe response 1925 * frames and get the current count. 1926 */ 1927static uint8_t * 1928ieee80211_add_csa(uint8_t *frm, struct ieee80211vap *vap) 1929{ 1930 struct ieee80211com *ic = vap->iv_ic; 1931 struct ieee80211_csa_ie *csa = (struct ieee80211_csa_ie *) frm; 1932 1933 csa->csa_ie = IEEE80211_ELEMID_CSA; 1934 csa->csa_len = 3; 1935 csa->csa_mode = 1; /* XXX force quiet on channel */ 1936 csa->csa_newchan = ieee80211_chan2ieee(ic, ic->ic_csa_newchan); 1937 csa->csa_count = ic->ic_csa_count - vap->iv_csa_count; 1938 return frm + sizeof(*csa); 1939} 1940 1941/* 1942 * Add an 11h country information element to a frame. 1943 */ 1944static uint8_t * 1945ieee80211_add_countryie(uint8_t *frm, struct ieee80211com *ic) 1946{ 1947 1948 if (ic->ic_countryie == NULL || 1949 ic->ic_countryie_chan != ic->ic_bsschan) { 1950 /* 1951 * Handle lazy construction of ie. This is done on 1952 * first use and after a channel change that requires 1953 * re-calculation. 1954 */ 1955 if (ic->ic_countryie != NULL) 1956 IEEE80211_FREE(ic->ic_countryie, M_80211_NODE_IE); 1957 ic->ic_countryie = ieee80211_alloc_countryie(ic); 1958 if (ic->ic_countryie == NULL) 1959 return frm; 1960 ic->ic_countryie_chan = ic->ic_bsschan; 1961 } 1962 return add_appie(frm, ic->ic_countryie); 1963} 1964 1965uint8_t * 1966ieee80211_add_wpa(uint8_t *frm, const struct ieee80211vap *vap) 1967{ 1968 if (vap->iv_flags & IEEE80211_F_WPA1 && vap->iv_wpa_ie != NULL) 1969 return (add_ie(frm, vap->iv_wpa_ie)); 1970 else { 1971 /* XXX else complain? */ 1972 return (frm); 1973 } 1974} 1975 1976uint8_t * 1977ieee80211_add_rsn(uint8_t *frm, const struct ieee80211vap *vap) 1978{ 1979 if (vap->iv_flags & IEEE80211_F_WPA2 && vap->iv_rsn_ie != NULL) 1980 return (add_ie(frm, vap->iv_rsn_ie)); 1981 else { 1982 /* XXX else complain? */ 1983 return (frm); 1984 } 1985} 1986 1987uint8_t * 1988ieee80211_add_qos(uint8_t *frm, const struct ieee80211_node *ni) 1989{ 1990 if (ni->ni_flags & IEEE80211_NODE_QOS) { 1991 *frm++ = IEEE80211_ELEMID_QOS; 1992 *frm++ = 1; 1993 *frm++ = 0; 1994 } 1995 1996 return (frm); 1997} 1998 1999/* 2000 * Send a probe request frame with the specified ssid 2001 * and any optional information element data. 2002 */ 2003int 2004ieee80211_send_probereq(struct ieee80211_node *ni, 2005 const uint8_t sa[IEEE80211_ADDR_LEN], 2006 const uint8_t da[IEEE80211_ADDR_LEN], 2007 const uint8_t bssid[IEEE80211_ADDR_LEN], 2008 const uint8_t *ssid, size_t ssidlen) 2009{ 2010 struct ieee80211vap *vap = ni->ni_vap; 2011 struct ieee80211com *ic = ni->ni_ic; 2012 const struct ieee80211_txparam *tp; 2013 struct ieee80211_bpf_params params; 2014 struct ieee80211_frame *wh; 2015 const struct ieee80211_rateset *rs; 2016 struct mbuf *m; 2017 uint8_t *frm; 2018 int ret; 2019 2020 if (vap->iv_state == IEEE80211_S_CAC) { 2021 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, ni, 2022 "block %s frame in CAC state", "probe request"); 2023 vap->iv_stats.is_tx_badstate++; 2024 return EIO; /* XXX */ 2025 } 2026 2027 /* 2028 * Hold a reference on the node so it doesn't go away until after 2029 * the xmit is complete all the way in the driver. On error we 2030 * will remove our reference. 2031 */ 2032 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 2033 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 2034 __func__, __LINE__, 2035 ni, ether_sprintf(ni->ni_macaddr), 2036 ieee80211_node_refcnt(ni)+1); 2037 ieee80211_ref_node(ni); 2038 2039 /* 2040 * prreq frame format 2041 * [tlv] ssid 2042 * [tlv] supported rates 2043 * [tlv] RSN (optional) 2044 * [tlv] extended supported rates 2045 * [tlv] WPA (optional) 2046 * [tlv] user-specified ie's 2047 */ 2048 m = ieee80211_getmgtframe(&frm, 2049 ic->ic_headroom + sizeof(struct ieee80211_frame), 2050 2 + IEEE80211_NWID_LEN 2051 + 2 + IEEE80211_RATE_SIZE 2052 + sizeof(struct ieee80211_ie_wpa) 2053 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2054 + sizeof(struct ieee80211_ie_wpa) 2055 + (vap->iv_appie_probereq != NULL ? 2056 vap->iv_appie_probereq->ie_len : 0) 2057 ); 2058 if (m == NULL) { 2059 vap->iv_stats.is_tx_nobuf++; 2060 ieee80211_free_node(ni); 2061 return ENOMEM; 2062 } 2063 2064 frm = ieee80211_add_ssid(frm, ssid, ssidlen); 2065 rs = ieee80211_get_suprates(ic, ic->ic_curchan); 2066 frm = ieee80211_add_rates(frm, rs); 2067 frm = ieee80211_add_rsn(frm, vap); 2068 frm = ieee80211_add_xrates(frm, rs); 2069 frm = ieee80211_add_wpa(frm, vap); 2070 if (vap->iv_appie_probereq != NULL) 2071 frm = add_appie(frm, vap->iv_appie_probereq); 2072 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2073 2074 KASSERT(M_LEADINGSPACE(m) >= sizeof(struct ieee80211_frame), 2075 ("leading space %zd", M_LEADINGSPACE(m))); 2076 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 2077 if (m == NULL) { 2078 /* NB: cannot happen */ 2079 ieee80211_free_node(ni); 2080 return ENOMEM; 2081 } 2082 2083 IEEE80211_TX_LOCK(ic); 2084 wh = mtod(m, struct ieee80211_frame *); 2085 ieee80211_send_setup(ni, m, 2086 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ, 2087 IEEE80211_NONQOS_TID, sa, da, bssid); 2088 /* XXX power management? */ 2089 m->m_flags |= M_ENCAP; /* mark encapsulated */ 2090 2091 M_WME_SETAC(m, WME_AC_BE); 2092 2093 IEEE80211_NODE_STAT(ni, tx_probereq); 2094 IEEE80211_NODE_STAT(ni, tx_mgmt); 2095 2096 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, 2097 "send probe req on channel %u bssid %s ssid \"%.*s\"\n", 2098 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(bssid), 2099 ssidlen, ssid); 2100 2101 memset(¶ms, 0, sizeof(params)); 2102 params.ibp_pri = M_WME_GETAC(m); 2103 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2104 params.ibp_rate0 = tp->mgmtrate; 2105 if (IEEE80211_IS_MULTICAST(da)) { 2106 params.ibp_flags |= IEEE80211_BPF_NOACK; 2107 params.ibp_try0 = 1; 2108 } else 2109 params.ibp_try0 = tp->maxretry; 2110 params.ibp_power = ni->ni_txpower; 2111 ret = ieee80211_raw_output(vap, ni, m, ¶ms); 2112 IEEE80211_TX_UNLOCK(ic); 2113 return (ret); 2114} 2115 2116/* 2117 * Calculate capability information for mgt frames. 2118 */ 2119uint16_t 2120ieee80211_getcapinfo(struct ieee80211vap *vap, struct ieee80211_channel *chan) 2121{ 2122 struct ieee80211com *ic = vap->iv_ic; 2123 uint16_t capinfo; 2124 2125 KASSERT(vap->iv_opmode != IEEE80211_M_STA, ("station mode")); 2126 2127 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2128 capinfo = IEEE80211_CAPINFO_ESS; 2129 else if (vap->iv_opmode == IEEE80211_M_IBSS) 2130 capinfo = IEEE80211_CAPINFO_IBSS; 2131 else 2132 capinfo = 0; 2133 if (vap->iv_flags & IEEE80211_F_PRIVACY) 2134 capinfo |= IEEE80211_CAPINFO_PRIVACY; 2135 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 2136 IEEE80211_IS_CHAN_2GHZ(chan)) 2137 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 2138 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2139 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 2140 if (IEEE80211_IS_CHAN_5GHZ(chan) && (vap->iv_flags & IEEE80211_F_DOTH)) 2141 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT; 2142 return capinfo; 2143} 2144 2145/* 2146 * Send a management frame. The node is for the destination (or ic_bss 2147 * when in station mode). Nodes other than ic_bss have their reference 2148 * count bumped to reflect our use for an indeterminant time. 2149 */ 2150int 2151ieee80211_send_mgmt(struct ieee80211_node *ni, int type, int arg) 2152{ 2153#define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT) 2154#define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0) 2155 struct ieee80211vap *vap = ni->ni_vap; 2156 struct ieee80211com *ic = ni->ni_ic; 2157 struct ieee80211_node *bss = vap->iv_bss; 2158 struct ieee80211_bpf_params params; 2159 struct mbuf *m; 2160 uint8_t *frm; 2161 uint16_t capinfo; 2162 int has_challenge, is_shared_key, ret, status; 2163 2164 KASSERT(ni != NULL, ("null node")); 2165 2166 /* 2167 * Hold a reference on the node so it doesn't go away until after 2168 * the xmit is complete all the way in the driver. On error we 2169 * will remove our reference. 2170 */ 2171 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 2172 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 2173 __func__, __LINE__, 2174 ni, ether_sprintf(ni->ni_macaddr), 2175 ieee80211_node_refcnt(ni)+1); 2176 ieee80211_ref_node(ni); 2177 2178 memset(¶ms, 0, sizeof(params)); 2179 switch (type) { 2180 2181 case IEEE80211_FC0_SUBTYPE_AUTH: 2182 status = arg >> 16; 2183 arg &= 0xffff; 2184 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE || 2185 arg == IEEE80211_AUTH_SHARED_RESPONSE) && 2186 ni->ni_challenge != NULL); 2187 2188 /* 2189 * Deduce whether we're doing open authentication or 2190 * shared key authentication. We do the latter if 2191 * we're in the middle of a shared key authentication 2192 * handshake or if we're initiating an authentication 2193 * request and configured to use shared key. 2194 */ 2195 is_shared_key = has_challenge || 2196 arg >= IEEE80211_AUTH_SHARED_RESPONSE || 2197 (arg == IEEE80211_AUTH_SHARED_REQUEST && 2198 bss->ni_authmode == IEEE80211_AUTH_SHARED); 2199 2200 m = ieee80211_getmgtframe(&frm, 2201 ic->ic_headroom + sizeof(struct ieee80211_frame), 2202 3 * sizeof(uint16_t) 2203 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ? 2204 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN : 0) 2205 ); 2206 if (m == NULL) 2207 senderr(ENOMEM, is_tx_nobuf); 2208 2209 ((uint16_t *)frm)[0] = 2210 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED) 2211 : htole16(IEEE80211_AUTH_ALG_OPEN); 2212 ((uint16_t *)frm)[1] = htole16(arg); /* sequence number */ 2213 ((uint16_t *)frm)[2] = htole16(status);/* status */ 2214 2215 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) { 2216 ((uint16_t *)frm)[3] = 2217 htole16((IEEE80211_CHALLENGE_LEN << 8) | 2218 IEEE80211_ELEMID_CHALLENGE); 2219 memcpy(&((uint16_t *)frm)[4], ni->ni_challenge, 2220 IEEE80211_CHALLENGE_LEN); 2221 m->m_pkthdr.len = m->m_len = 2222 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN; 2223 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) { 2224 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni, 2225 "request encrypt frame (%s)", __func__); 2226 /* mark frame for encryption */ 2227 params.ibp_flags |= IEEE80211_BPF_CRYPTO; 2228 } 2229 } else 2230 m->m_pkthdr.len = m->m_len = 3 * sizeof(uint16_t); 2231 2232 /* XXX not right for shared key */ 2233 if (status == IEEE80211_STATUS_SUCCESS) 2234 IEEE80211_NODE_STAT(ni, tx_auth); 2235 else 2236 IEEE80211_NODE_STAT(ni, tx_auth_fail); 2237 2238 if (vap->iv_opmode == IEEE80211_M_STA) 2239 ieee80211_add_callback(m, ieee80211_tx_mgt_cb, 2240 (void *) vap->iv_state); 2241 break; 2242 2243 case IEEE80211_FC0_SUBTYPE_DEAUTH: 2244 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni, 2245 "send station deauthenticate (reason %d)", arg); 2246 m = ieee80211_getmgtframe(&frm, 2247 ic->ic_headroom + sizeof(struct ieee80211_frame), 2248 sizeof(uint16_t)); 2249 if (m == NULL) 2250 senderr(ENOMEM, is_tx_nobuf); 2251 *(uint16_t *)frm = htole16(arg); /* reason */ 2252 m->m_pkthdr.len = m->m_len = sizeof(uint16_t); 2253 2254 IEEE80211_NODE_STAT(ni, tx_deauth); 2255 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg); 2256 2257 ieee80211_node_unauthorize(ni); /* port closed */ 2258 break; 2259 2260 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 2261 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 2262 /* 2263 * asreq frame format 2264 * [2] capability information 2265 * [2] listen interval 2266 * [6*] current AP address (reassoc only) 2267 * [tlv] ssid 2268 * [tlv] supported rates 2269 * [tlv] extended supported rates 2270 * [4] power capability (optional) 2271 * [28] supported channels (optional) 2272 * [tlv] HT capabilities 2273 * [tlv] WME (optional) 2274 * [tlv] Vendor OUI HT capabilities (optional) 2275 * [tlv] Atheros capabilities (if negotiated) 2276 * [tlv] AppIE's (optional) 2277 */ 2278 m = ieee80211_getmgtframe(&frm, 2279 ic->ic_headroom + sizeof(struct ieee80211_frame), 2280 sizeof(uint16_t) 2281 + sizeof(uint16_t) 2282 + IEEE80211_ADDR_LEN 2283 + 2 + IEEE80211_NWID_LEN 2284 + 2 + IEEE80211_RATE_SIZE 2285 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2286 + 4 2287 + 2 + 26 2288 + sizeof(struct ieee80211_wme_info) 2289 + sizeof(struct ieee80211_ie_htcap) 2290 + 4 + sizeof(struct ieee80211_ie_htcap) 2291#ifdef IEEE80211_SUPPORT_SUPERG 2292 + sizeof(struct ieee80211_ath_ie) 2293#endif 2294 + (vap->iv_appie_wpa != NULL ? 2295 vap->iv_appie_wpa->ie_len : 0) 2296 + (vap->iv_appie_assocreq != NULL ? 2297 vap->iv_appie_assocreq->ie_len : 0) 2298 ); 2299 if (m == NULL) 2300 senderr(ENOMEM, is_tx_nobuf); 2301 2302 KASSERT(vap->iv_opmode == IEEE80211_M_STA, 2303 ("wrong mode %u", vap->iv_opmode)); 2304 capinfo = IEEE80211_CAPINFO_ESS; 2305 if (vap->iv_flags & IEEE80211_F_PRIVACY) 2306 capinfo |= IEEE80211_CAPINFO_PRIVACY; 2307 /* 2308 * NB: Some 11a AP's reject the request when 2309 * short premable is set. 2310 */ 2311 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 2312 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 2313 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 2314 if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan) && 2315 (ic->ic_caps & IEEE80211_C_SHSLOT)) 2316 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 2317 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) && 2318 (vap->iv_flags & IEEE80211_F_DOTH)) 2319 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT; 2320 *(uint16_t *)frm = htole16(capinfo); 2321 frm += 2; 2322 2323 KASSERT(bss->ni_intval != 0, ("beacon interval is zero!")); 2324 *(uint16_t *)frm = htole16(howmany(ic->ic_lintval, 2325 bss->ni_intval)); 2326 frm += 2; 2327 2328 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 2329 IEEE80211_ADDR_COPY(frm, bss->ni_bssid); 2330 frm += IEEE80211_ADDR_LEN; 2331 } 2332 2333 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 2334 frm = ieee80211_add_rates(frm, &ni->ni_rates); 2335 frm = ieee80211_add_rsn(frm, vap); 2336 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 2337 if (capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) { 2338 frm = ieee80211_add_powercapability(frm, 2339 ic->ic_curchan); 2340 frm = ieee80211_add_supportedchannels(frm, ic); 2341 } 2342 2343 /* 2344 * Check the channel - we may be using an 11n NIC with an 2345 * 11n capable station, but we're configured to be an 11b 2346 * channel. 2347 */ 2348 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) && 2349 IEEE80211_IS_CHAN_HT(ni->ni_chan) && 2350 ni->ni_ies.htcap_ie != NULL && 2351 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_HTCAP) { 2352 frm = ieee80211_add_htcap(frm, ni); 2353 } 2354 frm = ieee80211_add_wpa(frm, vap); 2355 if ((ic->ic_flags & IEEE80211_F_WME) && 2356 ni->ni_ies.wme_ie != NULL) 2357 frm = ieee80211_add_wme_info(frm, &ic->ic_wme); 2358 2359 /* 2360 * Same deal - only send HT info if we're on an 11n 2361 * capable channel. 2362 */ 2363 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) && 2364 IEEE80211_IS_CHAN_HT(ni->ni_chan) && 2365 ni->ni_ies.htcap_ie != NULL && 2366 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_VENDOR) { 2367 frm = ieee80211_add_htcap_vendor(frm, ni); 2368 } 2369#ifdef IEEE80211_SUPPORT_SUPERG 2370 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS)) { 2371 frm = ieee80211_add_ath(frm, 2372 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS), 2373 ((vap->iv_flags & IEEE80211_F_WPA) == 0 && 2374 ni->ni_authmode != IEEE80211_AUTH_8021X) ? 2375 vap->iv_def_txkey : IEEE80211_KEYIX_NONE); 2376 } 2377#endif /* IEEE80211_SUPPORT_SUPERG */ 2378 if (vap->iv_appie_assocreq != NULL) 2379 frm = add_appie(frm, vap->iv_appie_assocreq); 2380 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2381 2382 ieee80211_add_callback(m, ieee80211_tx_mgt_cb, 2383 (void *) vap->iv_state); 2384 break; 2385 2386 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 2387 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 2388 /* 2389 * asresp frame format 2390 * [2] capability information 2391 * [2] status 2392 * [2] association ID 2393 * [tlv] supported rates 2394 * [tlv] extended supported rates 2395 * [tlv] HT capabilities (standard, if STA enabled) 2396 * [tlv] HT information (standard, if STA enabled) 2397 * [tlv] WME (if configured and STA enabled) 2398 * [tlv] HT capabilities (vendor OUI, if STA enabled) 2399 * [tlv] HT information (vendor OUI, if STA enabled) 2400 * [tlv] Atheros capabilities (if STA enabled) 2401 * [tlv] AppIE's (optional) 2402 */ 2403 m = ieee80211_getmgtframe(&frm, 2404 ic->ic_headroom + sizeof(struct ieee80211_frame), 2405 sizeof(uint16_t) 2406 + sizeof(uint16_t) 2407 + sizeof(uint16_t) 2408 + 2 + IEEE80211_RATE_SIZE 2409 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2410 + sizeof(struct ieee80211_ie_htcap) + 4 2411 + sizeof(struct ieee80211_ie_htinfo) + 4 2412 + sizeof(struct ieee80211_wme_param) 2413#ifdef IEEE80211_SUPPORT_SUPERG 2414 + sizeof(struct ieee80211_ath_ie) 2415#endif 2416 + (vap->iv_appie_assocresp != NULL ? 2417 vap->iv_appie_assocresp->ie_len : 0) 2418 ); 2419 if (m == NULL) 2420 senderr(ENOMEM, is_tx_nobuf); 2421 2422 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan); 2423 *(uint16_t *)frm = htole16(capinfo); 2424 frm += 2; 2425 2426 *(uint16_t *)frm = htole16(arg); /* status */ 2427 frm += 2; 2428 2429 if (arg == IEEE80211_STATUS_SUCCESS) { 2430 *(uint16_t *)frm = htole16(ni->ni_associd); 2431 IEEE80211_NODE_STAT(ni, tx_assoc); 2432 } else 2433 IEEE80211_NODE_STAT(ni, tx_assoc_fail); 2434 frm += 2; 2435 2436 frm = ieee80211_add_rates(frm, &ni->ni_rates); 2437 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 2438 /* NB: respond according to what we received */ 2439 if ((ni->ni_flags & HTFLAGS) == IEEE80211_NODE_HT) { 2440 frm = ieee80211_add_htcap(frm, ni); 2441 frm = ieee80211_add_htinfo(frm, ni); 2442 } 2443 if ((vap->iv_flags & IEEE80211_F_WME) && 2444 ni->ni_ies.wme_ie != NULL) 2445 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 2446 if ((ni->ni_flags & HTFLAGS) == HTFLAGS) { 2447 frm = ieee80211_add_htcap_vendor(frm, ni); 2448 frm = ieee80211_add_htinfo_vendor(frm, ni); 2449 } 2450#ifdef IEEE80211_SUPPORT_SUPERG 2451 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS)) 2452 frm = ieee80211_add_ath(frm, 2453 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS), 2454 ((vap->iv_flags & IEEE80211_F_WPA) == 0 && 2455 ni->ni_authmode != IEEE80211_AUTH_8021X) ? 2456 vap->iv_def_txkey : IEEE80211_KEYIX_NONE); 2457#endif /* IEEE80211_SUPPORT_SUPERG */ 2458 if (vap->iv_appie_assocresp != NULL) 2459 frm = add_appie(frm, vap->iv_appie_assocresp); 2460 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2461 break; 2462 2463 case IEEE80211_FC0_SUBTYPE_DISASSOC: 2464 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2465 "send station disassociate (reason %d)", arg); 2466 m = ieee80211_getmgtframe(&frm, 2467 ic->ic_headroom + sizeof(struct ieee80211_frame), 2468 sizeof(uint16_t)); 2469 if (m == NULL) 2470 senderr(ENOMEM, is_tx_nobuf); 2471 *(uint16_t *)frm = htole16(arg); /* reason */ 2472 m->m_pkthdr.len = m->m_len = sizeof(uint16_t); 2473 2474 IEEE80211_NODE_STAT(ni, tx_disassoc); 2475 IEEE80211_NODE_STAT_SET(ni, tx_disassoc_code, arg); 2476 break; 2477 2478 default: 2479 IEEE80211_NOTE(vap, IEEE80211_MSG_ANY, ni, 2480 "invalid mgmt frame type %u", type); 2481 senderr(EINVAL, is_tx_unknownmgt); 2482 /* NOTREACHED */ 2483 } 2484 2485 /* NB: force non-ProbeResp frames to the highest queue */ 2486 params.ibp_pri = WME_AC_VO; 2487 params.ibp_rate0 = bss->ni_txparms->mgmtrate; 2488 /* NB: we know all frames are unicast */ 2489 params.ibp_try0 = bss->ni_txparms->maxretry; 2490 params.ibp_power = bss->ni_txpower; 2491 return ieee80211_mgmt_output(ni, m, type, ¶ms); 2492bad: 2493 ieee80211_free_node(ni); 2494 return ret; 2495#undef senderr 2496#undef HTFLAGS 2497} 2498 2499/* 2500 * Return an mbuf with a probe response frame in it. 2501 * Space is left to prepend and 802.11 header at the 2502 * front but it's left to the caller to fill in. 2503 */ 2504struct mbuf * 2505ieee80211_alloc_proberesp(struct ieee80211_node *bss, int legacy) 2506{ 2507 struct ieee80211vap *vap = bss->ni_vap; 2508 struct ieee80211com *ic = bss->ni_ic; 2509 const struct ieee80211_rateset *rs; 2510 struct mbuf *m; 2511 uint16_t capinfo; 2512 uint8_t *frm; 2513 2514 /* 2515 * probe response frame format 2516 * [8] time stamp 2517 * [2] beacon interval 2518 * [2] cabability information 2519 * [tlv] ssid 2520 * [tlv] supported rates 2521 * [tlv] parameter set (FH/DS) 2522 * [tlv] parameter set (IBSS) 2523 * [tlv] country (optional) 2524 * [3] power control (optional) 2525 * [5] channel switch announcement (CSA) (optional) 2526 * [tlv] extended rate phy (ERP) 2527 * [tlv] extended supported rates 2528 * [tlv] RSN (optional) 2529 * [tlv] HT capabilities 2530 * [tlv] HT information 2531 * [tlv] WPA (optional) 2532 * [tlv] WME (optional) 2533 * [tlv] Vendor OUI HT capabilities (optional) 2534 * [tlv] Vendor OUI HT information (optional) 2535 * [tlv] Atheros capabilities 2536 * [tlv] AppIE's (optional) 2537 * [tlv] Mesh ID (MBSS) 2538 * [tlv] Mesh Conf (MBSS) 2539 */ 2540 m = ieee80211_getmgtframe(&frm, 2541 ic->ic_headroom + sizeof(struct ieee80211_frame), 2542 8 2543 + sizeof(uint16_t) 2544 + sizeof(uint16_t) 2545 + 2 + IEEE80211_NWID_LEN 2546 + 2 + IEEE80211_RATE_SIZE 2547 + 7 /* max(7,3) */ 2548 + IEEE80211_COUNTRY_MAX_SIZE 2549 + 3 2550 + sizeof(struct ieee80211_csa_ie) 2551 + sizeof(struct ieee80211_quiet_ie) 2552 + 3 2553 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2554 + sizeof(struct ieee80211_ie_wpa) 2555 + sizeof(struct ieee80211_ie_htcap) 2556 + sizeof(struct ieee80211_ie_htinfo) 2557 + sizeof(struct ieee80211_ie_wpa) 2558 + sizeof(struct ieee80211_wme_param) 2559 + 4 + sizeof(struct ieee80211_ie_htcap) 2560 + 4 + sizeof(struct ieee80211_ie_htinfo) 2561#ifdef IEEE80211_SUPPORT_SUPERG 2562 + sizeof(struct ieee80211_ath_ie) 2563#endif 2564#ifdef IEEE80211_SUPPORT_MESH 2565 + 2 + IEEE80211_MESHID_LEN 2566 + sizeof(struct ieee80211_meshconf_ie) 2567#endif 2568 + (vap->iv_appie_proberesp != NULL ? 2569 vap->iv_appie_proberesp->ie_len : 0) 2570 ); 2571 if (m == NULL) { 2572 vap->iv_stats.is_tx_nobuf++; 2573 return NULL; 2574 } 2575 2576 memset(frm, 0, 8); /* timestamp should be filled later */ 2577 frm += 8; 2578 *(uint16_t *)frm = htole16(bss->ni_intval); 2579 frm += 2; 2580 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan); 2581 *(uint16_t *)frm = htole16(capinfo); 2582 frm += 2; 2583 2584 frm = ieee80211_add_ssid(frm, bss->ni_essid, bss->ni_esslen); 2585 rs = ieee80211_get_suprates(ic, bss->ni_chan); 2586 frm = ieee80211_add_rates(frm, rs); 2587 2588 if (IEEE80211_IS_CHAN_FHSS(bss->ni_chan)) { 2589 *frm++ = IEEE80211_ELEMID_FHPARMS; 2590 *frm++ = 5; 2591 *frm++ = bss->ni_fhdwell & 0x00ff; 2592 *frm++ = (bss->ni_fhdwell >> 8) & 0x00ff; 2593 *frm++ = IEEE80211_FH_CHANSET( 2594 ieee80211_chan2ieee(ic, bss->ni_chan)); 2595 *frm++ = IEEE80211_FH_CHANPAT( 2596 ieee80211_chan2ieee(ic, bss->ni_chan)); 2597 *frm++ = bss->ni_fhindex; 2598 } else { 2599 *frm++ = IEEE80211_ELEMID_DSPARMS; 2600 *frm++ = 1; 2601 *frm++ = ieee80211_chan2ieee(ic, bss->ni_chan); 2602 } 2603 2604 if (vap->iv_opmode == IEEE80211_M_IBSS) { 2605 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 2606 *frm++ = 2; 2607 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */ 2608 } 2609 if ((vap->iv_flags & IEEE80211_F_DOTH) || 2610 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD)) 2611 frm = ieee80211_add_countryie(frm, ic); 2612 if (vap->iv_flags & IEEE80211_F_DOTH) { 2613 if (IEEE80211_IS_CHAN_5GHZ(bss->ni_chan)) 2614 frm = ieee80211_add_powerconstraint(frm, vap); 2615 if (ic->ic_flags & IEEE80211_F_CSAPENDING) 2616 frm = ieee80211_add_csa(frm, vap); 2617 } 2618 if (vap->iv_flags & IEEE80211_F_DOTH) { 2619 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) && 2620 (vap->iv_flags_ext & IEEE80211_FEXT_DFS)) { 2621 if (vap->iv_quiet) 2622 frm = ieee80211_add_quiet(frm, vap); 2623 } 2624 } 2625 if (IEEE80211_IS_CHAN_ANYG(bss->ni_chan)) 2626 frm = ieee80211_add_erp(frm, ic); 2627 frm = ieee80211_add_xrates(frm, rs); 2628 frm = ieee80211_add_rsn(frm, vap); 2629 /* 2630 * NB: legacy 11b clients do not get certain ie's. 2631 * The caller identifies such clients by passing 2632 * a token in legacy to us. Could expand this to be 2633 * any legacy client for stuff like HT ie's. 2634 */ 2635 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) && 2636 legacy != IEEE80211_SEND_LEGACY_11B) { 2637 frm = ieee80211_add_htcap(frm, bss); 2638 frm = ieee80211_add_htinfo(frm, bss); 2639 } 2640 frm = ieee80211_add_wpa(frm, vap); 2641 if (vap->iv_flags & IEEE80211_F_WME) 2642 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 2643 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) && 2644 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT) && 2645 legacy != IEEE80211_SEND_LEGACY_11B) { 2646 frm = ieee80211_add_htcap_vendor(frm, bss); 2647 frm = ieee80211_add_htinfo_vendor(frm, bss); 2648 } 2649#ifdef IEEE80211_SUPPORT_SUPERG 2650 if ((vap->iv_flags & IEEE80211_F_ATHEROS) && 2651 legacy != IEEE80211_SEND_LEGACY_11B) 2652 frm = ieee80211_add_athcaps(frm, bss); 2653#endif 2654 if (vap->iv_appie_proberesp != NULL) 2655 frm = add_appie(frm, vap->iv_appie_proberesp); 2656#ifdef IEEE80211_SUPPORT_MESH 2657 if (vap->iv_opmode == IEEE80211_M_MBSS) { 2658 frm = ieee80211_add_meshid(frm, vap); 2659 frm = ieee80211_add_meshconf(frm, vap); 2660 } 2661#endif 2662 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2663 2664 return m; 2665} 2666 2667/* 2668 * Send a probe response frame to the specified mac address. 2669 * This does not go through the normal mgt frame api so we 2670 * can specify the destination address and re-use the bss node 2671 * for the sta reference. 2672 */ 2673int 2674ieee80211_send_proberesp(struct ieee80211vap *vap, 2675 const uint8_t da[IEEE80211_ADDR_LEN], int legacy) 2676{ 2677 struct ieee80211_node *bss = vap->iv_bss; 2678 struct ieee80211com *ic = vap->iv_ic; 2679 struct ieee80211_frame *wh; 2680 struct mbuf *m; 2681 int ret; 2682 2683 if (vap->iv_state == IEEE80211_S_CAC) { 2684 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, bss, 2685 "block %s frame in CAC state", "probe response"); 2686 vap->iv_stats.is_tx_badstate++; 2687 return EIO; /* XXX */ 2688 } 2689 2690 /* 2691 * Hold a reference on the node so it doesn't go away until after 2692 * the xmit is complete all the way in the driver. On error we 2693 * will remove our reference. 2694 */ 2695 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 2696 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 2697 __func__, __LINE__, bss, ether_sprintf(bss->ni_macaddr), 2698 ieee80211_node_refcnt(bss)+1); 2699 ieee80211_ref_node(bss); 2700 2701 m = ieee80211_alloc_proberesp(bss, legacy); 2702 if (m == NULL) { 2703 ieee80211_free_node(bss); 2704 return ENOMEM; 2705 } 2706 2707 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 2708 KASSERT(m != NULL, ("no room for header")); 2709 2710 IEEE80211_TX_LOCK(ic); 2711 wh = mtod(m, struct ieee80211_frame *); 2712 ieee80211_send_setup(bss, m, 2713 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP, 2714 IEEE80211_NONQOS_TID, vap->iv_myaddr, da, bss->ni_bssid); 2715 /* XXX power management? */ 2716 m->m_flags |= M_ENCAP; /* mark encapsulated */ 2717 2718 M_WME_SETAC(m, WME_AC_BE); 2719 2720 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, 2721 "send probe resp on channel %u to %s%s\n", 2722 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(da), 2723 legacy ? " <legacy>" : ""); 2724 IEEE80211_NODE_STAT(bss, tx_mgmt); 2725 2726 ret = ieee80211_raw_output(vap, bss, m, NULL); 2727 IEEE80211_TX_UNLOCK(ic); 2728 return (ret); 2729} 2730 2731/* 2732 * Allocate and build a RTS (Request To Send) control frame. 2733 */ 2734struct mbuf * 2735ieee80211_alloc_rts(struct ieee80211com *ic, 2736 const uint8_t ra[IEEE80211_ADDR_LEN], 2737 const uint8_t ta[IEEE80211_ADDR_LEN], 2738 uint16_t dur) 2739{ 2740 struct ieee80211_frame_rts *rts; 2741 struct mbuf *m; 2742 2743 /* XXX honor ic_headroom */ 2744 m = m_gethdr(M_NOWAIT, MT_DATA); 2745 if (m != NULL) { 2746 rts = mtod(m, struct ieee80211_frame_rts *); 2747 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | 2748 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_RTS; 2749 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2750 *(u_int16_t *)rts->i_dur = htole16(dur); 2751 IEEE80211_ADDR_COPY(rts->i_ra, ra); 2752 IEEE80211_ADDR_COPY(rts->i_ta, ta); 2753 2754 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); 2755 } 2756 return m; 2757} 2758 2759/* 2760 * Allocate and build a CTS (Clear To Send) control frame. 2761 */ 2762struct mbuf * 2763ieee80211_alloc_cts(struct ieee80211com *ic, 2764 const uint8_t ra[IEEE80211_ADDR_LEN], uint16_t dur) 2765{ 2766 struct ieee80211_frame_cts *cts; 2767 struct mbuf *m; 2768 2769 /* XXX honor ic_headroom */ 2770 m = m_gethdr(M_NOWAIT, MT_DATA); 2771 if (m != NULL) { 2772 cts = mtod(m, struct ieee80211_frame_cts *); 2773 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | 2774 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_CTS; 2775 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2776 *(u_int16_t *)cts->i_dur = htole16(dur); 2777 IEEE80211_ADDR_COPY(cts->i_ra, ra); 2778 2779 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); 2780 } 2781 return m; 2782} 2783 2784static void 2785ieee80211_tx_mgt_timeout(void *arg) 2786{ 2787 struct ieee80211vap *vap = arg; 2788 2789 IEEE80211_LOCK(vap->iv_ic); 2790 if (vap->iv_state != IEEE80211_S_INIT && 2791 (vap->iv_ic->ic_flags & IEEE80211_F_SCAN) == 0) { 2792 /* 2793 * NB: it's safe to specify a timeout as the reason here; 2794 * it'll only be used in the right state. 2795 */ 2796 ieee80211_new_state_locked(vap, IEEE80211_S_SCAN, 2797 IEEE80211_SCAN_FAIL_TIMEOUT); 2798 } 2799 IEEE80211_UNLOCK(vap->iv_ic); 2800} 2801 2802/* 2803 * This is the callback set on net80211-sourced transmitted 2804 * authentication request frames. 2805 * 2806 * This does a couple of things: 2807 * 2808 * + If the frame transmitted was a success, it schedules a future 2809 * event which will transition the interface to scan. 2810 * If a state transition _then_ occurs before that event occurs, 2811 * said state transition will cancel this callout. 2812 * 2813 * + If the frame transmit was a failure, it immediately schedules 2814 * the transition back to scan. 2815 */ 2816static void 2817ieee80211_tx_mgt_cb(struct ieee80211_node *ni, void *arg, int status) 2818{ 2819 struct ieee80211vap *vap = ni->ni_vap; 2820 enum ieee80211_state ostate = (enum ieee80211_state) arg; 2821 2822 /* 2823 * Frame transmit completed; arrange timer callback. If 2824 * transmit was successfuly we wait for response. Otherwise 2825 * we arrange an immediate callback instead of doing the 2826 * callback directly since we don't know what state the driver 2827 * is in (e.g. what locks it is holding). This work should 2828 * not be too time-critical and not happen too often so the 2829 * added overhead is acceptable. 2830 * 2831 * XXX what happens if !acked but response shows up before callback? 2832 */ 2833 if (vap->iv_state == ostate) { 2834 callout_reset(&vap->iv_mgtsend, 2835 status == 0 ? IEEE80211_TRANS_WAIT*hz : 0, 2836 ieee80211_tx_mgt_timeout, vap); 2837 } 2838} 2839 2840static void 2841ieee80211_beacon_construct(struct mbuf *m, uint8_t *frm, 2842 struct ieee80211_beacon_offsets *bo, struct ieee80211_node *ni) 2843{ 2844 struct ieee80211vap *vap = ni->ni_vap; 2845 struct ieee80211com *ic = ni->ni_ic; 2846 struct ieee80211_rateset *rs = &ni->ni_rates; 2847 uint16_t capinfo; 2848 2849 /* 2850 * beacon frame format 2851 * [8] time stamp 2852 * [2] beacon interval 2853 * [2] cabability information 2854 * [tlv] ssid 2855 * [tlv] supported rates 2856 * [3] parameter set (DS) 2857 * [8] CF parameter set (optional) 2858 * [tlv] parameter set (IBSS/TIM) 2859 * [tlv] country (optional) 2860 * [3] power control (optional) 2861 * [5] channel switch announcement (CSA) (optional) 2862 * [tlv] extended rate phy (ERP) 2863 * [tlv] extended supported rates 2864 * [tlv] RSN parameters 2865 * [tlv] HT capabilities 2866 * [tlv] HT information 2867 * XXX Vendor-specific OIDs (e.g. Atheros) 2868 * [tlv] WPA parameters 2869 * [tlv] WME parameters 2870 * [tlv] Vendor OUI HT capabilities (optional) 2871 * [tlv] Vendor OUI HT information (optional) 2872 * [tlv] Atheros capabilities (optional) 2873 * [tlv] TDMA parameters (optional) 2874 * [tlv] Mesh ID (MBSS) 2875 * [tlv] Mesh Conf (MBSS) 2876 * [tlv] application data (optional) 2877 */ 2878 2879 memset(bo, 0, sizeof(*bo)); 2880 2881 memset(frm, 0, 8); /* XXX timestamp is set by hardware/driver */ 2882 frm += 8; 2883 *(uint16_t *)frm = htole16(ni->ni_intval); 2884 frm += 2; 2885 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan); 2886 bo->bo_caps = (uint16_t *)frm; 2887 *(uint16_t *)frm = htole16(capinfo); 2888 frm += 2; 2889 *frm++ = IEEE80211_ELEMID_SSID; 2890 if ((vap->iv_flags & IEEE80211_F_HIDESSID) == 0) { 2891 *frm++ = ni->ni_esslen; 2892 memcpy(frm, ni->ni_essid, ni->ni_esslen); 2893 frm += ni->ni_esslen; 2894 } else 2895 *frm++ = 0; 2896 frm = ieee80211_add_rates(frm, rs); 2897 if (!IEEE80211_IS_CHAN_FHSS(ni->ni_chan)) { 2898 *frm++ = IEEE80211_ELEMID_DSPARMS; 2899 *frm++ = 1; 2900 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 2901 } 2902 if (ic->ic_flags & IEEE80211_F_PCF) { 2903 bo->bo_cfp = frm; 2904 frm = ieee80211_add_cfparms(frm, ic); 2905 } 2906 bo->bo_tim = frm; 2907 if (vap->iv_opmode == IEEE80211_M_IBSS) { 2908 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 2909 *frm++ = 2; 2910 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */ 2911 bo->bo_tim_len = 0; 2912 } else if (vap->iv_opmode == IEEE80211_M_HOSTAP || 2913 vap->iv_opmode == IEEE80211_M_MBSS) { 2914 /* TIM IE is the same for Mesh and Hostap */ 2915 struct ieee80211_tim_ie *tie = (struct ieee80211_tim_ie *) frm; 2916 2917 tie->tim_ie = IEEE80211_ELEMID_TIM; 2918 tie->tim_len = 4; /* length */ 2919 tie->tim_count = 0; /* DTIM count */ 2920 tie->tim_period = vap->iv_dtim_period; /* DTIM period */ 2921 tie->tim_bitctl = 0; /* bitmap control */ 2922 tie->tim_bitmap[0] = 0; /* Partial Virtual Bitmap */ 2923 frm += sizeof(struct ieee80211_tim_ie); 2924 bo->bo_tim_len = 1; 2925 } 2926 bo->bo_tim_trailer = frm; 2927 if ((vap->iv_flags & IEEE80211_F_DOTH) || 2928 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD)) 2929 frm = ieee80211_add_countryie(frm, ic); 2930 if (vap->iv_flags & IEEE80211_F_DOTH) { 2931 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) 2932 frm = ieee80211_add_powerconstraint(frm, vap); 2933 bo->bo_csa = frm; 2934 if (ic->ic_flags & IEEE80211_F_CSAPENDING) 2935 frm = ieee80211_add_csa(frm, vap); 2936 } else 2937 bo->bo_csa = frm; 2938 2939 if (vap->iv_flags & IEEE80211_F_DOTH) { 2940 bo->bo_quiet = frm; 2941 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) && 2942 (vap->iv_flags_ext & IEEE80211_FEXT_DFS)) { 2943 if (vap->iv_quiet) 2944 frm = ieee80211_add_quiet(frm,vap); 2945 } 2946 } else 2947 bo->bo_quiet = frm; 2948 2949 if (IEEE80211_IS_CHAN_ANYG(ni->ni_chan)) { 2950 bo->bo_erp = frm; 2951 frm = ieee80211_add_erp(frm, ic); 2952 } 2953 frm = ieee80211_add_xrates(frm, rs); 2954 frm = ieee80211_add_rsn(frm, vap); 2955 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) { 2956 frm = ieee80211_add_htcap(frm, ni); 2957 bo->bo_htinfo = frm; 2958 frm = ieee80211_add_htinfo(frm, ni); 2959 } 2960 frm = ieee80211_add_wpa(frm, vap); 2961 if (vap->iv_flags & IEEE80211_F_WME) { 2962 bo->bo_wme = frm; 2963 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 2964 } 2965 if (IEEE80211_IS_CHAN_HT(ni->ni_chan) && 2966 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT)) { 2967 frm = ieee80211_add_htcap_vendor(frm, ni); 2968 frm = ieee80211_add_htinfo_vendor(frm, ni); 2969 } 2970#ifdef IEEE80211_SUPPORT_SUPERG 2971 if (vap->iv_flags & IEEE80211_F_ATHEROS) { 2972 bo->bo_ath = frm; 2973 frm = ieee80211_add_athcaps(frm, ni); 2974 } 2975#endif 2976#ifdef IEEE80211_SUPPORT_TDMA 2977 if (vap->iv_caps & IEEE80211_C_TDMA) { 2978 bo->bo_tdma = frm; 2979 frm = ieee80211_add_tdma(frm, vap); 2980 } 2981#endif 2982 if (vap->iv_appie_beacon != NULL) { 2983 bo->bo_appie = frm; 2984 bo->bo_appie_len = vap->iv_appie_beacon->ie_len; 2985 frm = add_appie(frm, vap->iv_appie_beacon); 2986 } 2987#ifdef IEEE80211_SUPPORT_MESH 2988 if (vap->iv_opmode == IEEE80211_M_MBSS) { 2989 frm = ieee80211_add_meshid(frm, vap); 2990 bo->bo_meshconf = frm; 2991 frm = ieee80211_add_meshconf(frm, vap); 2992 } 2993#endif 2994 bo->bo_tim_trailer_len = frm - bo->bo_tim_trailer; 2995 bo->bo_csa_trailer_len = frm - bo->bo_csa; 2996 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2997} 2998 2999/* 3000 * Allocate a beacon frame and fillin the appropriate bits. 3001 */ 3002struct mbuf * 3003ieee80211_beacon_alloc(struct ieee80211_node *ni, 3004 struct ieee80211_beacon_offsets *bo) 3005{ 3006 struct ieee80211vap *vap = ni->ni_vap; 3007 struct ieee80211com *ic = ni->ni_ic; 3008 struct ifnet *ifp = vap->iv_ifp; 3009 struct ieee80211_frame *wh; 3010 struct mbuf *m; 3011 int pktlen; 3012 uint8_t *frm; 3013 3014 /* 3015 * beacon frame format 3016 * [8] time stamp 3017 * [2] beacon interval 3018 * [2] cabability information 3019 * [tlv] ssid 3020 * [tlv] supported rates 3021 * [3] parameter set (DS) 3022 * [8] CF parameter set (optional) 3023 * [tlv] parameter set (IBSS/TIM) 3024 * [tlv] country (optional) 3025 * [3] power control (optional) 3026 * [5] channel switch announcement (CSA) (optional) 3027 * [tlv] extended rate phy (ERP) 3028 * [tlv] extended supported rates 3029 * [tlv] RSN parameters 3030 * [tlv] HT capabilities 3031 * [tlv] HT information 3032 * [tlv] Vendor OUI HT capabilities (optional) 3033 * [tlv] Vendor OUI HT information (optional) 3034 * XXX Vendor-specific OIDs (e.g. Atheros) 3035 * [tlv] WPA parameters 3036 * [tlv] WME parameters 3037 * [tlv] TDMA parameters (optional) 3038 * [tlv] Mesh ID (MBSS) 3039 * [tlv] Mesh Conf (MBSS) 3040 * [tlv] application data (optional) 3041 * NB: we allocate the max space required for the TIM bitmap. 3042 * XXX how big is this? 3043 */ 3044 pktlen = 8 /* time stamp */ 3045 + sizeof(uint16_t) /* beacon interval */ 3046 + sizeof(uint16_t) /* capabilities */ 3047 + 2 + ni->ni_esslen /* ssid */ 3048 + 2 + IEEE80211_RATE_SIZE /* supported rates */ 3049 + 2 + 1 /* DS parameters */ 3050 + 2 + 6 /* CF parameters */ 3051 + 2 + 4 + vap->iv_tim_len /* DTIM/IBSSPARMS */ 3052 + IEEE80211_COUNTRY_MAX_SIZE /* country */ 3053 + 2 + 1 /* power control */ 3054 + sizeof(struct ieee80211_csa_ie) /* CSA */ 3055 + sizeof(struct ieee80211_quiet_ie) /* Quiet */ 3056 + 2 + 1 /* ERP */ 3057 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 3058 + (vap->iv_caps & IEEE80211_C_WPA ? /* WPA 1+2 */ 3059 2*sizeof(struct ieee80211_ie_wpa) : 0) 3060 /* XXX conditional? */ 3061 + 4+2*sizeof(struct ieee80211_ie_htcap)/* HT caps */ 3062 + 4+2*sizeof(struct ieee80211_ie_htinfo)/* HT info */ 3063 + (vap->iv_caps & IEEE80211_C_WME ? /* WME */ 3064 sizeof(struct ieee80211_wme_param) : 0) 3065#ifdef IEEE80211_SUPPORT_SUPERG 3066 + sizeof(struct ieee80211_ath_ie) /* ATH */ 3067#endif 3068#ifdef IEEE80211_SUPPORT_TDMA 3069 + (vap->iv_caps & IEEE80211_C_TDMA ? /* TDMA */ 3070 sizeof(struct ieee80211_tdma_param) : 0) 3071#endif 3072#ifdef IEEE80211_SUPPORT_MESH 3073 + 2 + ni->ni_meshidlen 3074 + sizeof(struct ieee80211_meshconf_ie) 3075#endif 3076 + IEEE80211_MAX_APPIE 3077 ; 3078 m = ieee80211_getmgtframe(&frm, 3079 ic->ic_headroom + sizeof(struct ieee80211_frame), pktlen); 3080 if (m == NULL) { 3081 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY, 3082 "%s: cannot get buf; size %u\n", __func__, pktlen); 3083 vap->iv_stats.is_tx_nobuf++; 3084 return NULL; 3085 } 3086 ieee80211_beacon_construct(m, frm, bo, ni); 3087 3088 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 3089 KASSERT(m != NULL, ("no space for 802.11 header?")); 3090 wh = mtod(m, struct ieee80211_frame *); 3091 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3092 IEEE80211_FC0_SUBTYPE_BEACON; 3093 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3094 *(uint16_t *)wh->i_dur = 0; 3095 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 3096 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 3097 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 3098 *(uint16_t *)wh->i_seq = 0; 3099 3100 return m; 3101} 3102 3103/* 3104 * Update the dynamic parts of a beacon frame based on the current state. 3105 */ 3106int 3107ieee80211_beacon_update(struct ieee80211_node *ni, 3108 struct ieee80211_beacon_offsets *bo, struct mbuf *m, int mcast) 3109{ 3110 struct ieee80211vap *vap = ni->ni_vap; 3111 struct ieee80211com *ic = ni->ni_ic; 3112 int len_changed = 0; 3113 uint16_t capinfo; 3114 struct ieee80211_frame *wh; 3115 ieee80211_seq seqno; 3116 3117 IEEE80211_LOCK(ic); 3118 /* 3119 * Handle 11h channel change when we've reached the count. 3120 * We must recalculate the beacon frame contents to account 3121 * for the new channel. Note we do this only for the first 3122 * vap that reaches this point; subsequent vaps just update 3123 * their beacon state to reflect the recalculated channel. 3124 */ 3125 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA) && 3126 vap->iv_csa_count == ic->ic_csa_count) { 3127 vap->iv_csa_count = 0; 3128 /* 3129 * Effect channel change before reconstructing the beacon 3130 * frame contents as many places reference ni_chan. 3131 */ 3132 if (ic->ic_csa_newchan != NULL) 3133 ieee80211_csa_completeswitch(ic); 3134 /* 3135 * NB: ieee80211_beacon_construct clears all pending 3136 * updates in bo_flags so we don't need to explicitly 3137 * clear IEEE80211_BEACON_CSA. 3138 */ 3139 ieee80211_beacon_construct(m, 3140 mtod(m, uint8_t*) + sizeof(struct ieee80211_frame), bo, ni); 3141 3142 /* XXX do WME aggressive mode processing? */ 3143 IEEE80211_UNLOCK(ic); 3144 return 1; /* just assume length changed */ 3145 } 3146 3147 wh = mtod(m, struct ieee80211_frame *); 3148 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++; 3149 *(uint16_t *)&wh->i_seq[0] = 3150 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 3151 M_SEQNO_SET(m, seqno); 3152 3153 /* XXX faster to recalculate entirely or just changes? */ 3154 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan); 3155 *bo->bo_caps = htole16(capinfo); 3156 3157 if (vap->iv_flags & IEEE80211_F_WME) { 3158 struct ieee80211_wme_state *wme = &ic->ic_wme; 3159 3160 /* 3161 * Check for agressive mode change. When there is 3162 * significant high priority traffic in the BSS 3163 * throttle back BE traffic by using conservative 3164 * parameters. Otherwise BE uses agressive params 3165 * to optimize performance of legacy/non-QoS traffic. 3166 */ 3167 if (wme->wme_flags & WME_F_AGGRMODE) { 3168 if (wme->wme_hipri_traffic > 3169 wme->wme_hipri_switch_thresh) { 3170 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME, 3171 "%s: traffic %u, disable aggressive mode\n", 3172 __func__, wme->wme_hipri_traffic); 3173 wme->wme_flags &= ~WME_F_AGGRMODE; 3174 ieee80211_wme_updateparams_locked(vap); 3175 wme->wme_hipri_traffic = 3176 wme->wme_hipri_switch_hysteresis; 3177 } else 3178 wme->wme_hipri_traffic = 0; 3179 } else { 3180 if (wme->wme_hipri_traffic <= 3181 wme->wme_hipri_switch_thresh) { 3182 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME, 3183 "%s: traffic %u, enable aggressive mode\n", 3184 __func__, wme->wme_hipri_traffic); 3185 wme->wme_flags |= WME_F_AGGRMODE; 3186 ieee80211_wme_updateparams_locked(vap); 3187 wme->wme_hipri_traffic = 0; 3188 } else 3189 wme->wme_hipri_traffic = 3190 wme->wme_hipri_switch_hysteresis; 3191 } 3192 if (isset(bo->bo_flags, IEEE80211_BEACON_WME)) { 3193 (void) ieee80211_add_wme_param(bo->bo_wme, wme); 3194 clrbit(bo->bo_flags, IEEE80211_BEACON_WME); 3195 } 3196 } 3197 3198 if (isset(bo->bo_flags, IEEE80211_BEACON_HTINFO)) { 3199 ieee80211_ht_update_beacon(vap, bo); 3200 clrbit(bo->bo_flags, IEEE80211_BEACON_HTINFO); 3201 } 3202#ifdef IEEE80211_SUPPORT_TDMA 3203 if (vap->iv_caps & IEEE80211_C_TDMA) { 3204 /* 3205 * NB: the beacon is potentially updated every TBTT. 3206 */ 3207 ieee80211_tdma_update_beacon(vap, bo); 3208 } 3209#endif 3210#ifdef IEEE80211_SUPPORT_MESH 3211 if (vap->iv_opmode == IEEE80211_M_MBSS) 3212 ieee80211_mesh_update_beacon(vap, bo); 3213#endif 3214 3215 if (vap->iv_opmode == IEEE80211_M_HOSTAP || 3216 vap->iv_opmode == IEEE80211_M_MBSS) { /* NB: no IBSS support*/ 3217 struct ieee80211_tim_ie *tie = 3218 (struct ieee80211_tim_ie *) bo->bo_tim; 3219 if (isset(bo->bo_flags, IEEE80211_BEACON_TIM)) { 3220 u_int timlen, timoff, i; 3221 /* 3222 * ATIM/DTIM needs updating. If it fits in the 3223 * current space allocated then just copy in the 3224 * new bits. Otherwise we need to move any trailing 3225 * data to make room. Note that we know there is 3226 * contiguous space because ieee80211_beacon_allocate 3227 * insures there is space in the mbuf to write a 3228 * maximal-size virtual bitmap (based on iv_max_aid). 3229 */ 3230 /* 3231 * Calculate the bitmap size and offset, copy any 3232 * trailer out of the way, and then copy in the 3233 * new bitmap and update the information element. 3234 * Note that the tim bitmap must contain at least 3235 * one byte and any offset must be even. 3236 */ 3237 if (vap->iv_ps_pending != 0) { 3238 timoff = 128; /* impossibly large */ 3239 for (i = 0; i < vap->iv_tim_len; i++) 3240 if (vap->iv_tim_bitmap[i]) { 3241 timoff = i &~ 1; 3242 break; 3243 } 3244 KASSERT(timoff != 128, ("tim bitmap empty!")); 3245 for (i = vap->iv_tim_len-1; i >= timoff; i--) 3246 if (vap->iv_tim_bitmap[i]) 3247 break; 3248 timlen = 1 + (i - timoff); 3249 } else { 3250 timoff = 0; 3251 timlen = 1; 3252 } 3253 if (timlen != bo->bo_tim_len) { 3254 /* copy up/down trailer */ 3255 int adjust = tie->tim_bitmap+timlen 3256 - bo->bo_tim_trailer; 3257 ovbcopy(bo->bo_tim_trailer, 3258 bo->bo_tim_trailer+adjust, 3259 bo->bo_tim_trailer_len); 3260 bo->bo_tim_trailer += adjust; 3261 bo->bo_erp += adjust; 3262 bo->bo_htinfo += adjust; 3263#ifdef IEEE80211_SUPPORT_SUPERG 3264 bo->bo_ath += adjust; 3265#endif 3266#ifdef IEEE80211_SUPPORT_TDMA 3267 bo->bo_tdma += adjust; 3268#endif 3269#ifdef IEEE80211_SUPPORT_MESH 3270 bo->bo_meshconf += adjust; 3271#endif 3272 bo->bo_appie += adjust; 3273 bo->bo_wme += adjust; 3274 bo->bo_csa += adjust; 3275 bo->bo_quiet += adjust; 3276 bo->bo_tim_len = timlen; 3277 3278 /* update information element */ 3279 tie->tim_len = 3 + timlen; 3280 tie->tim_bitctl = timoff; 3281 len_changed = 1; 3282 } 3283 memcpy(tie->tim_bitmap, vap->iv_tim_bitmap + timoff, 3284 bo->bo_tim_len); 3285 3286 clrbit(bo->bo_flags, IEEE80211_BEACON_TIM); 3287 3288 IEEE80211_DPRINTF(vap, IEEE80211_MSG_POWER, 3289 "%s: TIM updated, pending %u, off %u, len %u\n", 3290 __func__, vap->iv_ps_pending, timoff, timlen); 3291 } 3292 /* count down DTIM period */ 3293 if (tie->tim_count == 0) 3294 tie->tim_count = tie->tim_period - 1; 3295 else 3296 tie->tim_count--; 3297 /* update state for buffered multicast frames on DTIM */ 3298 if (mcast && tie->tim_count == 0) 3299 tie->tim_bitctl |= 1; 3300 else 3301 tie->tim_bitctl &= ~1; 3302 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA)) { 3303 struct ieee80211_csa_ie *csa = 3304 (struct ieee80211_csa_ie *) bo->bo_csa; 3305 3306 /* 3307 * Insert or update CSA ie. If we're just starting 3308 * to count down to the channel switch then we need 3309 * to insert the CSA ie. Otherwise we just need to 3310 * drop the count. The actual change happens above 3311 * when the vap's count reaches the target count. 3312 */ 3313 if (vap->iv_csa_count == 0) { 3314 memmove(&csa[1], csa, bo->bo_csa_trailer_len); 3315 bo->bo_erp += sizeof(*csa); 3316 bo->bo_htinfo += sizeof(*csa); 3317 bo->bo_wme += sizeof(*csa); 3318#ifdef IEEE80211_SUPPORT_SUPERG 3319 bo->bo_ath += sizeof(*csa); 3320#endif 3321#ifdef IEEE80211_SUPPORT_TDMA 3322 bo->bo_tdma += sizeof(*csa); 3323#endif 3324#ifdef IEEE80211_SUPPORT_MESH 3325 bo->bo_meshconf += sizeof(*csa); 3326#endif 3327 bo->bo_appie += sizeof(*csa); 3328 bo->bo_csa_trailer_len += sizeof(*csa); 3329 bo->bo_quiet += sizeof(*csa); 3330 bo->bo_tim_trailer_len += sizeof(*csa); 3331 m->m_len += sizeof(*csa); 3332 m->m_pkthdr.len += sizeof(*csa); 3333 3334 ieee80211_add_csa(bo->bo_csa, vap); 3335 } else 3336 csa->csa_count--; 3337 vap->iv_csa_count++; 3338 /* NB: don't clear IEEE80211_BEACON_CSA */ 3339 } 3340 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) && 3341 (vap->iv_flags_ext & IEEE80211_FEXT_DFS) ){ 3342 if (vap->iv_quiet) 3343 ieee80211_add_quiet(bo->bo_quiet, vap); 3344 } 3345 if (isset(bo->bo_flags, IEEE80211_BEACON_ERP)) { 3346 /* 3347 * ERP element needs updating. 3348 */ 3349 (void) ieee80211_add_erp(bo->bo_erp, ic); 3350 clrbit(bo->bo_flags, IEEE80211_BEACON_ERP); 3351 } 3352#ifdef IEEE80211_SUPPORT_SUPERG 3353 if (isset(bo->bo_flags, IEEE80211_BEACON_ATH)) { 3354 ieee80211_add_athcaps(bo->bo_ath, ni); 3355 clrbit(bo->bo_flags, IEEE80211_BEACON_ATH); 3356 } 3357#endif 3358 } 3359 if (isset(bo->bo_flags, IEEE80211_BEACON_APPIE)) { 3360 const struct ieee80211_appie *aie = vap->iv_appie_beacon; 3361 int aielen; 3362 uint8_t *frm; 3363 3364 aielen = 0; 3365 if (aie != NULL) 3366 aielen += aie->ie_len; 3367 if (aielen != bo->bo_appie_len) { 3368 /* copy up/down trailer */ 3369 int adjust = aielen - bo->bo_appie_len; 3370 ovbcopy(bo->bo_tim_trailer, bo->bo_tim_trailer+adjust, 3371 bo->bo_tim_trailer_len); 3372 bo->bo_tim_trailer += adjust; 3373 bo->bo_appie += adjust; 3374 bo->bo_appie_len = aielen; 3375 3376 len_changed = 1; 3377 } 3378 frm = bo->bo_appie; 3379 if (aie != NULL) 3380 frm = add_appie(frm, aie); 3381 clrbit(bo->bo_flags, IEEE80211_BEACON_APPIE); 3382 } 3383 IEEE80211_UNLOCK(ic); 3384 3385 return len_changed; 3386} 3387 3388/* 3389 * Do Ethernet-LLC encapsulation for each payload in a fast frame 3390 * tunnel encapsulation. The frame is assumed to have an Ethernet 3391 * header at the front that must be stripped before prepending the 3392 * LLC followed by the Ethernet header passed in (with an Ethernet 3393 * type that specifies the payload size). 3394 */ 3395struct mbuf * 3396ieee80211_ff_encap1(struct ieee80211vap *vap, struct mbuf *m, 3397 const struct ether_header *eh) 3398{ 3399 struct llc *llc; 3400 uint16_t payload; 3401 3402 /* XXX optimize by combining m_adj+M_PREPEND */ 3403 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc)); 3404 llc = mtod(m, struct llc *); 3405 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 3406 llc->llc_control = LLC_UI; 3407 llc->llc_snap.org_code[0] = 0; 3408 llc->llc_snap.org_code[1] = 0; 3409 llc->llc_snap.org_code[2] = 0; 3410 llc->llc_snap.ether_type = eh->ether_type; 3411 payload = m->m_pkthdr.len; /* NB: w/o Ethernet header */ 3412 3413 M_PREPEND(m, sizeof(struct ether_header), M_NOWAIT); 3414 if (m == NULL) { /* XXX cannot happen */ 3415 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG, 3416 "%s: no space for ether_header\n", __func__); 3417 vap->iv_stats.is_tx_nobuf++; 3418 return NULL; 3419 } 3420 ETHER_HEADER_COPY(mtod(m, void *), eh); 3421 mtod(m, struct ether_header *)->ether_type = htons(payload); 3422 return m; 3423} 3424 3425/* 3426 * Complete an mbuf transmission. 3427 * 3428 * For now, this simply processes a completed frame after the 3429 * driver has completed it's transmission and/or retransmission. 3430 * It assumes the frame is an 802.11 encapsulated frame. 3431 * 3432 * Later on it will grow to become the exit path for a given frame 3433 * from the driver and, depending upon how it's been encapsulated 3434 * and already transmitted, it may end up doing A-MPDU retransmission, 3435 * power save requeuing, etc. 3436 * 3437 * In order for the above to work, the driver entry point to this 3438 * must not hold any driver locks. Thus, the driver needs to delay 3439 * any actual mbuf completion until it can release said locks. 3440 * 3441 * This frees the mbuf and if the mbuf has a node reference, 3442 * the node reference will be freed. 3443 */ 3444void 3445ieee80211_tx_complete(struct ieee80211_node *ni, struct mbuf *m, int status) 3446{ 3447 3448 if (ni != NULL) { 3449 struct ifnet *ifp = ni->ni_vap->iv_ifp; 3450 3451 if (status == 0) { 3452 if_inc_counter(ifp, IFCOUNTER_OBYTES, m->m_pkthdr.len); 3453 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 3454 if (m->m_flags & M_MCAST) 3455 if_inc_counter(ifp, IFCOUNTER_OMCASTS, 1); 3456 } else 3457 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 3458 if (m->m_flags & M_TXCB) 3459 ieee80211_process_callback(ni, m, status); 3460 ieee80211_free_node(ni); 3461 } 3462 m_freem(m); 3463} 3464