ieee80211_output.c revision 297603
1207753Smm/*- 2207753Smm * Copyright (c) 2001 Atsushi Onoe 3207753Smm * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 4207753Smm * All rights reserved. 5207753Smm * 6207753Smm * Redistribution and use in source and binary forms, with or without 7207753Smm * modification, are permitted provided that the following conditions 8207753Smm * are met: 9207753Smm * 1. Redistributions of source code must retain the above copyright 10207753Smm * notice, this list of conditions and the following disclaimer. 11207753Smm * 2. Redistributions in binary form must reproduce the above copyright 12207753Smm * notice, this list of conditions and the following disclaimer in the 13207753Smm * documentation and/or other materials provided with the distribution. 14207753Smm * 15207753Smm * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16207753Smm * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17207753Smm * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18207753Smm * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19207753Smm * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20207753Smm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21207753Smm * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22207753Smm * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23207753Smm * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24207753Smm * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25207753Smm */ 26207753Smm 27207753Smm#include <sys/cdefs.h> 28207753Smm__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_output.c 297603 2016-04-06 01:21:51Z adrian $"); 29207753Smm 30207753Smm#include "opt_inet.h" 31207753Smm#include "opt_inet6.h" 32207753Smm#include "opt_wlan.h" 33207753Smm 34207753Smm#include <sys/param.h> 35207753Smm#include <sys/systm.h> 36207753Smm#include <sys/kernel.h> 37207753Smm#include <sys/malloc.h> 38207753Smm#include <sys/mbuf.h> 39207753Smm#include <sys/endian.h> 40207753Smm 41207753Smm#include <sys/socket.h> 42207753Smm 43207753Smm#include <net/bpf.h> 44207753Smm#include <net/ethernet.h> 45207753Smm#include <net/if.h> 46207753Smm#include <net/if_var.h> 47207753Smm#include <net/if_llc.h> 48207753Smm#include <net/if_media.h> 49207753Smm#include <net/if_vlan_var.h> 50207753Smm 51207753Smm#include <net80211/ieee80211_var.h> 52207753Smm#include <net80211/ieee80211_regdomain.h> 53207753Smm#ifdef IEEE80211_SUPPORT_SUPERG 54207753Smm#include <net80211/ieee80211_superg.h> 55207753Smm#endif 56207753Smm#ifdef IEEE80211_SUPPORT_TDMA 57207753Smm#include <net80211/ieee80211_tdma.h> 58207753Smm#endif 59207753Smm#include <net80211/ieee80211_wds.h> 60207753Smm#include <net80211/ieee80211_mesh.h> 61207753Smm 62207753Smm#if defined(INET) || defined(INET6) 63207753Smm#include <netinet/in.h> 64207753Smm#endif 65207753Smm 66#ifdef INET 67#include <netinet/if_ether.h> 68#include <netinet/in_systm.h> 69#include <netinet/ip.h> 70#endif 71#ifdef INET6 72#include <netinet/ip6.h> 73#endif 74 75#include <security/mac/mac_framework.h> 76 77#define ETHER_HEADER_COPY(dst, src) \ 78 memcpy(dst, src, sizeof(struct ether_header)) 79 80/* unalligned little endian access */ 81#define LE_WRITE_2(p, v) do { \ 82 ((uint8_t *)(p))[0] = (v) & 0xff; \ 83 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \ 84} while (0) 85#define LE_WRITE_4(p, v) do { \ 86 ((uint8_t *)(p))[0] = (v) & 0xff; \ 87 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \ 88 ((uint8_t *)(p))[2] = ((v) >> 16) & 0xff; \ 89 ((uint8_t *)(p))[3] = ((v) >> 24) & 0xff; \ 90} while (0) 91 92static int ieee80211_fragment(struct ieee80211vap *, struct mbuf *, 93 u_int hdrsize, u_int ciphdrsize, u_int mtu); 94static void ieee80211_tx_mgt_cb(struct ieee80211_node *, void *, int); 95 96#ifdef IEEE80211_DEBUG 97/* 98 * Decide if an outbound management frame should be 99 * printed when debugging is enabled. This filters some 100 * of the less interesting frames that come frequently 101 * (e.g. beacons). 102 */ 103static __inline int 104doprint(struct ieee80211vap *vap, int subtype) 105{ 106 switch (subtype) { 107 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 108 return (vap->iv_opmode == IEEE80211_M_IBSS); 109 } 110 return 1; 111} 112#endif 113 114/* 115 * Transmit a frame to the given destination on the given VAP. 116 * 117 * It's up to the caller to figure out the details of who this 118 * is going to and resolving the node. 119 * 120 * This routine takes care of queuing it for power save, 121 * A-MPDU state stuff, fast-frames state stuff, encapsulation 122 * if required, then passing it up to the driver layer. 123 * 124 * This routine (for now) consumes the mbuf and frees the node 125 * reference; it ideally will return a TX status which reflects 126 * whether the mbuf was consumed or not, so the caller can 127 * free the mbuf (if appropriate) and the node reference (again, 128 * if appropriate.) 129 */ 130int 131ieee80211_vap_pkt_send_dest(struct ieee80211vap *vap, struct mbuf *m, 132 struct ieee80211_node *ni) 133{ 134 struct ieee80211com *ic = vap->iv_ic; 135 struct ifnet *ifp = vap->iv_ifp; 136 int len, mcast; 137 138 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && 139 (m->m_flags & M_PWR_SAV) == 0) { 140 /* 141 * Station in power save mode; pass the frame 142 * to the 802.11 layer and continue. We'll get 143 * the frame back when the time is right. 144 * XXX lose WDS vap linkage? 145 */ 146 if (ieee80211_pwrsave(ni, m) != 0) 147 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 148 ieee80211_free_node(ni); 149 150 /* 151 * We queued it fine, so tell the upper layer 152 * that we consumed it. 153 */ 154 return (0); 155 } 156 /* calculate priority so drivers can find the tx queue */ 157 if (ieee80211_classify(ni, m)) { 158 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT, 159 ni->ni_macaddr, NULL, 160 "%s", "classification failure"); 161 vap->iv_stats.is_tx_classify++; 162 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 163 m_freem(m); 164 ieee80211_free_node(ni); 165 166 /* XXX better status? */ 167 return (0); 168 } 169 /* 170 * Stash the node pointer. Note that we do this after 171 * any call to ieee80211_dwds_mcast because that code 172 * uses any existing value for rcvif to identify the 173 * interface it (might have been) received on. 174 */ 175 m->m_pkthdr.rcvif = (void *)ni; 176 mcast = (m->m_flags & (M_MCAST | M_BCAST)) ? 1: 0; 177 len = m->m_pkthdr.len; 178 179 BPF_MTAP(ifp, m); /* 802.3 tx */ 180 181 /* 182 * Check if A-MPDU tx aggregation is setup or if we 183 * should try to enable it. The sta must be associated 184 * with HT and A-MPDU enabled for use. When the policy 185 * routine decides we should enable A-MPDU we issue an 186 * ADDBA request and wait for a reply. The frame being 187 * encapsulated will go out w/o using A-MPDU, or possibly 188 * it might be collected by the driver and held/retransmit. 189 * The default ic_ampdu_enable routine handles staggering 190 * ADDBA requests in case the receiver NAK's us or we are 191 * otherwise unable to establish a BA stream. 192 */ 193 if ((ni->ni_flags & IEEE80211_NODE_AMPDU_TX) && 194 (vap->iv_flags_ht & IEEE80211_FHT_AMPDU_TX)) { 195 if ((m->m_flags & M_EAPOL) == 0) { 196 int tid = WME_AC_TO_TID(M_WME_GETAC(m)); 197 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[tid]; 198 199 ieee80211_txampdu_count_packet(tap); 200 if (IEEE80211_AMPDU_RUNNING(tap)) { 201 /* 202 * Operational, mark frame for aggregation. 203 * 204 * XXX do tx aggregation here 205 */ 206 m->m_flags |= M_AMPDU_MPDU; 207 } else if (!IEEE80211_AMPDU_REQUESTED(tap) && 208 ic->ic_ampdu_enable(ni, tap)) { 209 /* 210 * Not negotiated yet, request service. 211 */ 212 ieee80211_ampdu_request(ni, tap); 213 /* XXX hold frame for reply? */ 214 } 215 } 216 } 217 218#ifdef IEEE80211_SUPPORT_SUPERG 219 /* 220 * Check for AMSDU/FF; queue for aggregation 221 * 222 * Note: we don't bother trying to do fast frames or 223 * A-MSDU encapsulation for 802.3 drivers. Now, we 224 * likely could do it for FF (because it's a magic 225 * atheros tunnel LLC type) but I don't think we're going 226 * to really need to. For A-MSDU we'd have to set the 227 * A-MSDU QoS bit in the wifi header, so we just plain 228 * can't do it. 229 * 230 * Strictly speaking, we could actually /do/ A-MSDU / FF 231 * with A-MPDU together which for certain circumstances 232 * is beneficial (eg A-MSDU of TCK ACKs.) However, 233 * I'll ignore that for now so existing behaviour is maintained. 234 * Later on it would be good to make "amsdu + ampdu" configurable. 235 */ 236 else if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) { 237 if ((! mcast) && ieee80211_amsdu_tx_ok(ni)) { 238 m = ieee80211_amsdu_check(ni, m); 239 if (m == NULL) { 240 /* NB: any ni ref held on stageq */ 241 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG, 242 "%s: amsdu_check queued frame\n", 243 __func__); 244 return (0); 245 } 246 } else if ((! mcast) && IEEE80211_ATH_CAP(vap, ni, 247 IEEE80211_NODE_FF)) { 248 m = ieee80211_ff_check(ni, m); 249 if (m == NULL) { 250 /* NB: any ni ref held on stageq */ 251 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG, 252 "%s: ff_check queued frame\n", 253 __func__); 254 return (0); 255 } 256 } 257 } 258#endif /* IEEE80211_SUPPORT_SUPERG */ 259 260 /* 261 * Grab the TX lock - serialise the TX process from this 262 * point (where TX state is being checked/modified) 263 * through to driver queue. 264 */ 265 IEEE80211_TX_LOCK(ic); 266 267 /* 268 * XXX make the encap and transmit code a separate function 269 * so things like the FF (and later A-MSDU) path can just call 270 * it for flushed frames. 271 */ 272 if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) { 273 /* 274 * Encapsulate the packet in prep for transmission. 275 */ 276 m = ieee80211_encap(vap, ni, m); 277 if (m == NULL) { 278 /* NB: stat+msg handled in ieee80211_encap */ 279 IEEE80211_TX_UNLOCK(ic); 280 ieee80211_free_node(ni); 281 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 282 return (ENOBUFS); 283 } 284 } 285 (void) ieee80211_parent_xmitpkt(ic, m); 286 287 /* 288 * Unlock at this point - no need to hold it across 289 * ieee80211_free_node() (ie, the comlock) 290 */ 291 IEEE80211_TX_UNLOCK(ic); 292 ic->ic_lastdata = ticks; 293 294 return (0); 295} 296 297 298 299/* 300 * Send the given mbuf through the given vap. 301 * 302 * This consumes the mbuf regardless of whether the transmit 303 * was successful or not. 304 * 305 * This does none of the initial checks that ieee80211_start() 306 * does (eg CAC timeout, interface wakeup) - the caller must 307 * do this first. 308 */ 309static int 310ieee80211_start_pkt(struct ieee80211vap *vap, struct mbuf *m) 311{ 312#define IS_DWDS(vap) \ 313 (vap->iv_opmode == IEEE80211_M_WDS && \ 314 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0) 315 struct ieee80211com *ic = vap->iv_ic; 316 struct ifnet *ifp = vap->iv_ifp; 317 struct ieee80211_node *ni; 318 struct ether_header *eh; 319 320 /* 321 * Cancel any background scan. 322 */ 323 if (ic->ic_flags & IEEE80211_F_SCAN) 324 ieee80211_cancel_anyscan(vap); 325 /* 326 * Find the node for the destination so we can do 327 * things like power save and fast frames aggregation. 328 * 329 * NB: past this point various code assumes the first 330 * mbuf has the 802.3 header present (and contiguous). 331 */ 332 ni = NULL; 333 if (m->m_len < sizeof(struct ether_header) && 334 (m = m_pullup(m, sizeof(struct ether_header))) == NULL) { 335 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 336 "discard frame, %s\n", "m_pullup failed"); 337 vap->iv_stats.is_tx_nobuf++; /* XXX */ 338 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 339 return (ENOBUFS); 340 } 341 eh = mtod(m, struct ether_header *); 342 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 343 if (IS_DWDS(vap)) { 344 /* 345 * Only unicast frames from the above go out 346 * DWDS vaps; multicast frames are handled by 347 * dispatching the frame as it comes through 348 * the AP vap (see below). 349 */ 350 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_WDS, 351 eh->ether_dhost, "mcast", "%s", "on DWDS"); 352 vap->iv_stats.is_dwds_mcast++; 353 m_freem(m); 354 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 355 /* XXX better status? */ 356 return (ENOBUFS); 357 } 358 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 359 /* 360 * Spam DWDS vap's w/ multicast traffic. 361 */ 362 /* XXX only if dwds in use? */ 363 ieee80211_dwds_mcast(vap, m); 364 } 365 } 366#ifdef IEEE80211_SUPPORT_MESH 367 if (vap->iv_opmode != IEEE80211_M_MBSS) { 368#endif 369 ni = ieee80211_find_txnode(vap, eh->ether_dhost); 370 if (ni == NULL) { 371 /* NB: ieee80211_find_txnode does stat+msg */ 372 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 373 m_freem(m); 374 /* XXX better status? */ 375 return (ENOBUFS); 376 } 377 if (ni->ni_associd == 0 && 378 (ni->ni_flags & IEEE80211_NODE_ASSOCID)) { 379 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT, 380 eh->ether_dhost, NULL, 381 "sta not associated (type 0x%04x)", 382 htons(eh->ether_type)); 383 vap->iv_stats.is_tx_notassoc++; 384 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 385 m_freem(m); 386 ieee80211_free_node(ni); 387 /* XXX better status? */ 388 return (ENOBUFS); 389 } 390#ifdef IEEE80211_SUPPORT_MESH 391 } else { 392 if (!IEEE80211_ADDR_EQ(eh->ether_shost, vap->iv_myaddr)) { 393 /* 394 * Proxy station only if configured. 395 */ 396 if (!ieee80211_mesh_isproxyena(vap)) { 397 IEEE80211_DISCARD_MAC(vap, 398 IEEE80211_MSG_OUTPUT | 399 IEEE80211_MSG_MESH, 400 eh->ether_dhost, NULL, 401 "%s", "proxy not enabled"); 402 vap->iv_stats.is_mesh_notproxy++; 403 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 404 m_freem(m); 405 /* XXX better status? */ 406 return (ENOBUFS); 407 } 408 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 409 "forward frame from DS SA(%6D), DA(%6D)\n", 410 eh->ether_shost, ":", 411 eh->ether_dhost, ":"); 412 ieee80211_mesh_proxy_check(vap, eh->ether_shost); 413 } 414 ni = ieee80211_mesh_discover(vap, eh->ether_dhost, m); 415 if (ni == NULL) { 416 /* 417 * NB: ieee80211_mesh_discover holds/disposes 418 * frame (e.g. queueing on path discovery). 419 */ 420 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 421 /* XXX better status? */ 422 return (ENOBUFS); 423 } 424 } 425#endif 426 427 /* 428 * We've resolved the sender, so attempt to transmit it. 429 */ 430 431 if (vap->iv_state == IEEE80211_S_SLEEP) { 432 /* 433 * In power save; queue frame and then wakeup device 434 * for transmit. 435 */ 436 ic->ic_lastdata = ticks; 437 if (ieee80211_pwrsave(ni, m) != 0) 438 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 439 ieee80211_free_node(ni); 440 ieee80211_new_state(vap, IEEE80211_S_RUN, 0); 441 return (0); 442 } 443 444 if (ieee80211_vap_pkt_send_dest(vap, m, ni) != 0) 445 return (ENOBUFS); 446 return (0); 447#undef IS_DWDS 448} 449 450/* 451 * Start method for vap's. All packets from the stack come 452 * through here. We handle common processing of the packets 453 * before dispatching them to the underlying device. 454 * 455 * if_transmit() requires that the mbuf be consumed by this call 456 * regardless of the return condition. 457 */ 458int 459ieee80211_vap_transmit(struct ifnet *ifp, struct mbuf *m) 460{ 461 struct ieee80211vap *vap = ifp->if_softc; 462 struct ieee80211com *ic = vap->iv_ic; 463 464 /* 465 * No data frames go out unless we're running. 466 * Note in particular this covers CAC and CSA 467 * states (though maybe we should check muting 468 * for CSA). 469 */ 470 if (vap->iv_state != IEEE80211_S_RUN && 471 vap->iv_state != IEEE80211_S_SLEEP) { 472 IEEE80211_LOCK(ic); 473 /* re-check under the com lock to avoid races */ 474 if (vap->iv_state != IEEE80211_S_RUN && 475 vap->iv_state != IEEE80211_S_SLEEP) { 476 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 477 "%s: ignore queue, in %s state\n", 478 __func__, ieee80211_state_name[vap->iv_state]); 479 vap->iv_stats.is_tx_badstate++; 480 IEEE80211_UNLOCK(ic); 481 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 482 m_freem(m); 483 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 484 return (ENETDOWN); 485 } 486 IEEE80211_UNLOCK(ic); 487 } 488 489 /* 490 * Sanitize mbuf flags for net80211 use. We cannot 491 * clear M_PWR_SAV or M_MORE_DATA because these may 492 * be set for frames that are re-submitted from the 493 * power save queue. 494 * 495 * NB: This must be done before ieee80211_classify as 496 * it marks EAPOL in frames with M_EAPOL. 497 */ 498 m->m_flags &= ~(M_80211_TX - M_PWR_SAV - M_MORE_DATA); 499 500 /* 501 * Bump to the packet transmission path. 502 * The mbuf will be consumed here. 503 */ 504 return (ieee80211_start_pkt(vap, m)); 505} 506 507void 508ieee80211_vap_qflush(struct ifnet *ifp) 509{ 510 511 /* Empty for now */ 512} 513 514/* 515 * 802.11 raw output routine. 516 * 517 * XXX TODO: this (and other send routines) should correctly 518 * XXX keep the pwr mgmt bit set if it decides to call into the 519 * XXX driver to send a frame whilst the state is SLEEP. 520 * 521 * Otherwise the peer may decide that we're awake and flood us 522 * with traffic we are still too asleep to receive! 523 */ 524int 525ieee80211_raw_output(struct ieee80211vap *vap, struct ieee80211_node *ni, 526 struct mbuf *m, const struct ieee80211_bpf_params *params) 527{ 528 struct ieee80211com *ic = vap->iv_ic; 529 int error; 530 531 /* 532 * Set node - the caller has taken a reference, so ensure 533 * that the mbuf has the same node value that 534 * it would if it were going via the normal path. 535 */ 536 m->m_pkthdr.rcvif = (void *)ni; 537 538 /* 539 * Attempt to add bpf transmit parameters. 540 * 541 * For now it's ok to fail; the raw_xmit api still takes 542 * them as an option. 543 * 544 * Later on when ic_raw_xmit() has params removed, 545 * they'll have to be added - so fail the transmit if 546 * they can't be. 547 */ 548 if (params) 549 (void) ieee80211_add_xmit_params(m, params); 550 551 error = ic->ic_raw_xmit(ni, m, params); 552 if (error) { 553 if_inc_counter(vap->iv_ifp, IFCOUNTER_OERRORS, 1); 554 ieee80211_free_node(ni); 555 } 556 return (error); 557} 558 559/* 560 * 802.11 output routine. This is (currently) used only to 561 * connect bpf write calls to the 802.11 layer for injecting 562 * raw 802.11 frames. 563 */ 564int 565ieee80211_output(struct ifnet *ifp, struct mbuf *m, 566 const struct sockaddr *dst, struct route *ro) 567{ 568#define senderr(e) do { error = (e); goto bad;} while (0) 569 struct ieee80211_node *ni = NULL; 570 struct ieee80211vap *vap; 571 struct ieee80211_frame *wh; 572 struct ieee80211com *ic = NULL; 573 int error; 574 int ret; 575 576 if (ifp->if_drv_flags & IFF_DRV_OACTIVE) { 577 /* 578 * Short-circuit requests if the vap is marked OACTIVE 579 * as this can happen because a packet came down through 580 * ieee80211_start before the vap entered RUN state in 581 * which case it's ok to just drop the frame. This 582 * should not be necessary but callers of if_output don't 583 * check OACTIVE. 584 */ 585 senderr(ENETDOWN); 586 } 587 vap = ifp->if_softc; 588 ic = vap->iv_ic; 589 /* 590 * Hand to the 802.3 code if not tagged as 591 * a raw 802.11 frame. 592 */ 593 if (dst->sa_family != AF_IEEE80211) 594 return vap->iv_output(ifp, m, dst, ro); 595#ifdef MAC 596 error = mac_ifnet_check_transmit(ifp, m); 597 if (error) 598 senderr(error); 599#endif 600 if (ifp->if_flags & IFF_MONITOR) 601 senderr(ENETDOWN); 602 if (!IFNET_IS_UP_RUNNING(ifp)) 603 senderr(ENETDOWN); 604 if (vap->iv_state == IEEE80211_S_CAC) { 605 IEEE80211_DPRINTF(vap, 606 IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 607 "block %s frame in CAC state\n", "raw data"); 608 vap->iv_stats.is_tx_badstate++; 609 senderr(EIO); /* XXX */ 610 } else if (vap->iv_state == IEEE80211_S_SCAN) 611 senderr(EIO); 612 /* XXX bypass bridge, pfil, carp, etc. */ 613 614 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack)) 615 senderr(EIO); /* XXX */ 616 wh = mtod(m, struct ieee80211_frame *); 617 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 618 IEEE80211_FC0_VERSION_0) 619 senderr(EIO); /* XXX */ 620 621 /* locate destination node */ 622 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 623 case IEEE80211_FC1_DIR_NODS: 624 case IEEE80211_FC1_DIR_FROMDS: 625 ni = ieee80211_find_txnode(vap, wh->i_addr1); 626 break; 627 case IEEE80211_FC1_DIR_TODS: 628 case IEEE80211_FC1_DIR_DSTODS: 629 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) 630 senderr(EIO); /* XXX */ 631 ni = ieee80211_find_txnode(vap, wh->i_addr3); 632 break; 633 default: 634 senderr(EIO); /* XXX */ 635 } 636 if (ni == NULL) { 637 /* 638 * Permit packets w/ bpf params through regardless 639 * (see below about sa_len). 640 */ 641 if (dst->sa_len == 0) 642 senderr(EHOSTUNREACH); 643 ni = ieee80211_ref_node(vap->iv_bss); 644 } 645 646 /* 647 * Sanitize mbuf for net80211 flags leaked from above. 648 * 649 * NB: This must be done before ieee80211_classify as 650 * it marks EAPOL in frames with M_EAPOL. 651 */ 652 m->m_flags &= ~M_80211_TX; 653 654 /* calculate priority so drivers can find the tx queue */ 655 /* XXX assumes an 802.3 frame */ 656 if (ieee80211_classify(ni, m)) 657 senderr(EIO); /* XXX */ 658 659 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 660 IEEE80211_NODE_STAT(ni, tx_data); 661 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 662 IEEE80211_NODE_STAT(ni, tx_mcast); 663 m->m_flags |= M_MCAST; 664 } else 665 IEEE80211_NODE_STAT(ni, tx_ucast); 666 /* NB: ieee80211_encap does not include 802.11 header */ 667 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, m->m_pkthdr.len); 668 669 IEEE80211_TX_LOCK(ic); 670 671 /* 672 * NB: DLT_IEEE802_11_RADIO identifies the parameters are 673 * present by setting the sa_len field of the sockaddr (yes, 674 * this is a hack). 675 * NB: we assume sa_data is suitably aligned to cast. 676 */ 677 ret = ieee80211_raw_output(vap, ni, m, 678 (const struct ieee80211_bpf_params *)(dst->sa_len ? 679 dst->sa_data : NULL)); 680 IEEE80211_TX_UNLOCK(ic); 681 return (ret); 682bad: 683 if (m != NULL) 684 m_freem(m); 685 if (ni != NULL) 686 ieee80211_free_node(ni); 687 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 688 return error; 689#undef senderr 690} 691 692/* 693 * Set the direction field and address fields of an outgoing 694 * frame. Note this should be called early on in constructing 695 * a frame as it sets i_fc[1]; other bits can then be or'd in. 696 */ 697void 698ieee80211_send_setup( 699 struct ieee80211_node *ni, 700 struct mbuf *m, 701 int type, int tid, 702 const uint8_t sa[IEEE80211_ADDR_LEN], 703 const uint8_t da[IEEE80211_ADDR_LEN], 704 const uint8_t bssid[IEEE80211_ADDR_LEN]) 705{ 706#define WH4(wh) ((struct ieee80211_frame_addr4 *)wh) 707 struct ieee80211vap *vap = ni->ni_vap; 708 struct ieee80211_tx_ampdu *tap; 709 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); 710 ieee80211_seq seqno; 711 712 IEEE80211_TX_LOCK_ASSERT(ni->ni_ic); 713 714 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type; 715 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) { 716 switch (vap->iv_opmode) { 717 case IEEE80211_M_STA: 718 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 719 IEEE80211_ADDR_COPY(wh->i_addr1, bssid); 720 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 721 IEEE80211_ADDR_COPY(wh->i_addr3, da); 722 break; 723 case IEEE80211_M_IBSS: 724 case IEEE80211_M_AHDEMO: 725 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 726 IEEE80211_ADDR_COPY(wh->i_addr1, da); 727 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 728 IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 729 break; 730 case IEEE80211_M_HOSTAP: 731 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 732 IEEE80211_ADDR_COPY(wh->i_addr1, da); 733 IEEE80211_ADDR_COPY(wh->i_addr2, bssid); 734 IEEE80211_ADDR_COPY(wh->i_addr3, sa); 735 break; 736 case IEEE80211_M_WDS: 737 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 738 IEEE80211_ADDR_COPY(wh->i_addr1, da); 739 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 740 IEEE80211_ADDR_COPY(wh->i_addr3, da); 741 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa); 742 break; 743 case IEEE80211_M_MBSS: 744#ifdef IEEE80211_SUPPORT_MESH 745 if (IEEE80211_IS_MULTICAST(da)) { 746 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 747 /* XXX next hop */ 748 IEEE80211_ADDR_COPY(wh->i_addr1, da); 749 IEEE80211_ADDR_COPY(wh->i_addr2, 750 vap->iv_myaddr); 751 } else { 752 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 753 IEEE80211_ADDR_COPY(wh->i_addr1, da); 754 IEEE80211_ADDR_COPY(wh->i_addr2, 755 vap->iv_myaddr); 756 IEEE80211_ADDR_COPY(wh->i_addr3, da); 757 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa); 758 } 759#endif 760 break; 761 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */ 762 break; 763 } 764 } else { 765 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 766 IEEE80211_ADDR_COPY(wh->i_addr1, da); 767 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 768#ifdef IEEE80211_SUPPORT_MESH 769 if (vap->iv_opmode == IEEE80211_M_MBSS) 770 IEEE80211_ADDR_COPY(wh->i_addr3, sa); 771 else 772#endif 773 IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 774 } 775 *(uint16_t *)&wh->i_dur[0] = 0; 776 777 tap = &ni->ni_tx_ampdu[tid]; 778 if (tid != IEEE80211_NONQOS_TID && IEEE80211_AMPDU_RUNNING(tap)) 779 m->m_flags |= M_AMPDU_MPDU; 780 else { 781 if (IEEE80211_HAS_SEQ(type & IEEE80211_FC0_TYPE_MASK, 782 type & IEEE80211_FC0_SUBTYPE_MASK)) 783 seqno = ni->ni_txseqs[tid]++; 784 else 785 seqno = 0; 786 787 *(uint16_t *)&wh->i_seq[0] = 788 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 789 M_SEQNO_SET(m, seqno); 790 } 791 792 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) 793 m->m_flags |= M_MCAST; 794#undef WH4 795} 796 797/* 798 * Send a management frame to the specified node. The node pointer 799 * must have a reference as the pointer will be passed to the driver 800 * and potentially held for a long time. If the frame is successfully 801 * dispatched to the driver, then it is responsible for freeing the 802 * reference (and potentially free'ing up any associated storage); 803 * otherwise deal with reclaiming any reference (on error). 804 */ 805int 806ieee80211_mgmt_output(struct ieee80211_node *ni, struct mbuf *m, int type, 807 struct ieee80211_bpf_params *params) 808{ 809 struct ieee80211vap *vap = ni->ni_vap; 810 struct ieee80211com *ic = ni->ni_ic; 811 struct ieee80211_frame *wh; 812 int ret; 813 814 KASSERT(ni != NULL, ("null node")); 815 816 if (vap->iv_state == IEEE80211_S_CAC) { 817 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 818 ni, "block %s frame in CAC state", 819 ieee80211_mgt_subtype_name[ 820 (type & IEEE80211_FC0_SUBTYPE_MASK) >> 821 IEEE80211_FC0_SUBTYPE_SHIFT]); 822 vap->iv_stats.is_tx_badstate++; 823 ieee80211_free_node(ni); 824 m_freem(m); 825 return EIO; /* XXX */ 826 } 827 828 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 829 if (m == NULL) { 830 ieee80211_free_node(ni); 831 return ENOMEM; 832 } 833 834 IEEE80211_TX_LOCK(ic); 835 836 wh = mtod(m, struct ieee80211_frame *); 837 ieee80211_send_setup(ni, m, 838 IEEE80211_FC0_TYPE_MGT | type, IEEE80211_NONQOS_TID, 839 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 840 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) { 841 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr1, 842 "encrypting frame (%s)", __func__); 843 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 844 } 845 m->m_flags |= M_ENCAP; /* mark encapsulated */ 846 847 KASSERT(type != IEEE80211_FC0_SUBTYPE_PROBE_RESP, ("probe response?")); 848 M_WME_SETAC(m, params->ibp_pri); 849 850#ifdef IEEE80211_DEBUG 851 /* avoid printing too many frames */ 852 if ((ieee80211_msg_debug(vap) && doprint(vap, type)) || 853 ieee80211_msg_dumppkts(vap)) { 854 printf("[%s] send %s on channel %u\n", 855 ether_sprintf(wh->i_addr1), 856 ieee80211_mgt_subtype_name[ 857 (type & IEEE80211_FC0_SUBTYPE_MASK) >> 858 IEEE80211_FC0_SUBTYPE_SHIFT], 859 ieee80211_chan2ieee(ic, ic->ic_curchan)); 860 } 861#endif 862 IEEE80211_NODE_STAT(ni, tx_mgmt); 863 864 ret = ieee80211_raw_output(vap, ni, m, params); 865 IEEE80211_TX_UNLOCK(ic); 866 return (ret); 867} 868 869static void 870ieee80211_nulldata_transmitted(struct ieee80211_node *ni, void *arg, 871 int status) 872{ 873 struct ieee80211vap *vap = ni->ni_vap; 874 875 wakeup(vap); 876} 877 878/* 879 * Send a null data frame to the specified node. If the station 880 * is setup for QoS then a QoS Null Data frame is constructed. 881 * If this is a WDS station then a 4-address frame is constructed. 882 * 883 * NB: the caller is assumed to have setup a node reference 884 * for use; this is necessary to deal with a race condition 885 * when probing for inactive stations. Like ieee80211_mgmt_output 886 * we must cleanup any node reference on error; however we 887 * can safely just unref it as we know it will never be the 888 * last reference to the node. 889 */ 890int 891ieee80211_send_nulldata(struct ieee80211_node *ni) 892{ 893 struct ieee80211vap *vap = ni->ni_vap; 894 struct ieee80211com *ic = ni->ni_ic; 895 struct mbuf *m; 896 struct ieee80211_frame *wh; 897 int hdrlen; 898 uint8_t *frm; 899 int ret; 900 901 if (vap->iv_state == IEEE80211_S_CAC) { 902 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH, 903 ni, "block %s frame in CAC state", "null data"); 904 ieee80211_unref_node(&ni); 905 vap->iv_stats.is_tx_badstate++; 906 return EIO; /* XXX */ 907 } 908 909 if (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) 910 hdrlen = sizeof(struct ieee80211_qosframe); 911 else 912 hdrlen = sizeof(struct ieee80211_frame); 913 /* NB: only WDS vap's get 4-address frames */ 914 if (vap->iv_opmode == IEEE80211_M_WDS) 915 hdrlen += IEEE80211_ADDR_LEN; 916 if (ic->ic_flags & IEEE80211_F_DATAPAD) 917 hdrlen = roundup(hdrlen, sizeof(uint32_t)); 918 919 m = ieee80211_getmgtframe(&frm, ic->ic_headroom + hdrlen, 0); 920 if (m == NULL) { 921 /* XXX debug msg */ 922 ieee80211_unref_node(&ni); 923 vap->iv_stats.is_tx_nobuf++; 924 return ENOMEM; 925 } 926 KASSERT(M_LEADINGSPACE(m) >= hdrlen, 927 ("leading space %zd", M_LEADINGSPACE(m))); 928 M_PREPEND(m, hdrlen, M_NOWAIT); 929 if (m == NULL) { 930 /* NB: cannot happen */ 931 ieee80211_free_node(ni); 932 return ENOMEM; 933 } 934 935 IEEE80211_TX_LOCK(ic); 936 937 wh = mtod(m, struct ieee80211_frame *); /* NB: a little lie */ 938 if (ni->ni_flags & IEEE80211_NODE_QOS) { 939 const int tid = WME_AC_TO_TID(WME_AC_BE); 940 uint8_t *qos; 941 942 ieee80211_send_setup(ni, m, 943 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS_NULL, 944 tid, vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 945 946 if (vap->iv_opmode == IEEE80211_M_WDS) 947 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 948 else 949 qos = ((struct ieee80211_qosframe *) wh)->i_qos; 950 qos[0] = tid & IEEE80211_QOS_TID; 951 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[WME_AC_BE].wmep_noackPolicy) 952 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK; 953 qos[1] = 0; 954 } else { 955 ieee80211_send_setup(ni, m, 956 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA, 957 IEEE80211_NONQOS_TID, 958 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid); 959 } 960 if (vap->iv_opmode != IEEE80211_M_WDS) { 961 /* NB: power management bit is never sent by an AP */ 962 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && 963 vap->iv_opmode != IEEE80211_M_HOSTAP) 964 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT; 965 } 966 if ((ic->ic_flags & IEEE80211_F_SCAN) && 967 (ni->ni_flags & IEEE80211_NODE_PWR_MGT)) { 968 ieee80211_add_callback(m, ieee80211_nulldata_transmitted, 969 NULL); 970 } 971 m->m_len = m->m_pkthdr.len = hdrlen; 972 m->m_flags |= M_ENCAP; /* mark encapsulated */ 973 974 M_WME_SETAC(m, WME_AC_BE); 975 976 IEEE80211_NODE_STAT(ni, tx_data); 977 978 IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, ni, 979 "send %snull data frame on channel %u, pwr mgt %s", 980 ni->ni_flags & IEEE80211_NODE_QOS ? "QoS " : "", 981 ieee80211_chan2ieee(ic, ic->ic_curchan), 982 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis"); 983 984 ret = ieee80211_raw_output(vap, ni, m, NULL); 985 IEEE80211_TX_UNLOCK(ic); 986 return (ret); 987} 988 989/* 990 * Assign priority to a frame based on any vlan tag assigned 991 * to the station and/or any Diffserv setting in an IP header. 992 * Finally, if an ACM policy is setup (in station mode) it's 993 * applied. 994 */ 995int 996ieee80211_classify(struct ieee80211_node *ni, struct mbuf *m) 997{ 998 const struct ether_header *eh = mtod(m, struct ether_header *); 999 int v_wme_ac, d_wme_ac, ac; 1000 1001 /* 1002 * Always promote PAE/EAPOL frames to high priority. 1003 */ 1004 if (eh->ether_type == htons(ETHERTYPE_PAE)) { 1005 /* NB: mark so others don't need to check header */ 1006 m->m_flags |= M_EAPOL; 1007 ac = WME_AC_VO; 1008 goto done; 1009 } 1010 /* 1011 * Non-qos traffic goes to BE. 1012 */ 1013 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) { 1014 ac = WME_AC_BE; 1015 goto done; 1016 } 1017 1018 /* 1019 * If node has a vlan tag then all traffic 1020 * to it must have a matching tag. 1021 */ 1022 v_wme_ac = 0; 1023 if (ni->ni_vlan != 0) { 1024 if ((m->m_flags & M_VLANTAG) == 0) { 1025 IEEE80211_NODE_STAT(ni, tx_novlantag); 1026 return 1; 1027 } 1028 if (EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) != 1029 EVL_VLANOFTAG(ni->ni_vlan)) { 1030 IEEE80211_NODE_STAT(ni, tx_vlanmismatch); 1031 return 1; 1032 } 1033 /* map vlan priority to AC */ 1034 v_wme_ac = TID_TO_WME_AC(EVL_PRIOFTAG(ni->ni_vlan)); 1035 } 1036 1037 /* XXX m_copydata may be too slow for fast path */ 1038#ifdef INET 1039 if (eh->ether_type == htons(ETHERTYPE_IP)) { 1040 uint8_t tos; 1041 /* 1042 * IP frame, map the DSCP bits from the TOS field. 1043 */ 1044 /* NB: ip header may not be in first mbuf */ 1045 m_copydata(m, sizeof(struct ether_header) + 1046 offsetof(struct ip, ip_tos), sizeof(tos), &tos); 1047 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */ 1048 d_wme_ac = TID_TO_WME_AC(tos); 1049 } else { 1050#endif /* INET */ 1051#ifdef INET6 1052 if (eh->ether_type == htons(ETHERTYPE_IPV6)) { 1053 uint32_t flow; 1054 uint8_t tos; 1055 /* 1056 * IPv6 frame, map the DSCP bits from the traffic class field. 1057 */ 1058 m_copydata(m, sizeof(struct ether_header) + 1059 offsetof(struct ip6_hdr, ip6_flow), sizeof(flow), 1060 (caddr_t) &flow); 1061 tos = (uint8_t)(ntohl(flow) >> 20); 1062 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */ 1063 d_wme_ac = TID_TO_WME_AC(tos); 1064 } else { 1065#endif /* INET6 */ 1066 d_wme_ac = WME_AC_BE; 1067#ifdef INET6 1068 } 1069#endif 1070#ifdef INET 1071 } 1072#endif 1073 /* 1074 * Use highest priority AC. 1075 */ 1076 if (v_wme_ac > d_wme_ac) 1077 ac = v_wme_ac; 1078 else 1079 ac = d_wme_ac; 1080 1081 /* 1082 * Apply ACM policy. 1083 */ 1084 if (ni->ni_vap->iv_opmode == IEEE80211_M_STA) { 1085 static const int acmap[4] = { 1086 WME_AC_BK, /* WME_AC_BE */ 1087 WME_AC_BK, /* WME_AC_BK */ 1088 WME_AC_BE, /* WME_AC_VI */ 1089 WME_AC_VI, /* WME_AC_VO */ 1090 }; 1091 struct ieee80211com *ic = ni->ni_ic; 1092 1093 while (ac != WME_AC_BK && 1094 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm) 1095 ac = acmap[ac]; 1096 } 1097done: 1098 M_WME_SETAC(m, ac); 1099 return 0; 1100} 1101 1102/* 1103 * Insure there is sufficient contiguous space to encapsulate the 1104 * 802.11 data frame. If room isn't already there, arrange for it. 1105 * Drivers and cipher modules assume we have done the necessary work 1106 * and fail rudely if they don't find the space they need. 1107 */ 1108struct mbuf * 1109ieee80211_mbuf_adjust(struct ieee80211vap *vap, int hdrsize, 1110 struct ieee80211_key *key, struct mbuf *m) 1111{ 1112#define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc)) 1113 int needed_space = vap->iv_ic->ic_headroom + hdrsize; 1114 1115 if (key != NULL) { 1116 /* XXX belongs in crypto code? */ 1117 needed_space += key->wk_cipher->ic_header; 1118 /* XXX frags */ 1119 /* 1120 * When crypto is being done in the host we must insure 1121 * the data are writable for the cipher routines; clone 1122 * a writable mbuf chain. 1123 * XXX handle SWMIC specially 1124 */ 1125 if (key->wk_flags & (IEEE80211_KEY_SWENCRYPT|IEEE80211_KEY_SWENMIC)) { 1126 m = m_unshare(m, M_NOWAIT); 1127 if (m == NULL) { 1128 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 1129 "%s: cannot get writable mbuf\n", __func__); 1130 vap->iv_stats.is_tx_nobuf++; /* XXX new stat */ 1131 return NULL; 1132 } 1133 } 1134 } 1135 /* 1136 * We know we are called just before stripping an Ethernet 1137 * header and prepending an LLC header. This means we know 1138 * there will be 1139 * sizeof(struct ether_header) - sizeof(struct llc) 1140 * bytes recovered to which we need additional space for the 1141 * 802.11 header and any crypto header. 1142 */ 1143 /* XXX check trailing space and copy instead? */ 1144 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) { 1145 struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type); 1146 if (n == NULL) { 1147 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT, 1148 "%s: cannot expand storage\n", __func__); 1149 vap->iv_stats.is_tx_nobuf++; 1150 m_freem(m); 1151 return NULL; 1152 } 1153 KASSERT(needed_space <= MHLEN, 1154 ("not enough room, need %u got %d\n", needed_space, MHLEN)); 1155 /* 1156 * Setup new mbuf to have leading space to prepend the 1157 * 802.11 header and any crypto header bits that are 1158 * required (the latter are added when the driver calls 1159 * back to ieee80211_crypto_encap to do crypto encapsulation). 1160 */ 1161 /* NB: must be first 'cuz it clobbers m_data */ 1162 m_move_pkthdr(n, m); 1163 n->m_len = 0; /* NB: m_gethdr does not set */ 1164 n->m_data += needed_space; 1165 /* 1166 * Pull up Ethernet header to create the expected layout. 1167 * We could use m_pullup but that's overkill (i.e. we don't 1168 * need the actual data) and it cannot fail so do it inline 1169 * for speed. 1170 */ 1171 /* NB: struct ether_header is known to be contiguous */ 1172 n->m_len += sizeof(struct ether_header); 1173 m->m_len -= sizeof(struct ether_header); 1174 m->m_data += sizeof(struct ether_header); 1175 /* 1176 * Replace the head of the chain. 1177 */ 1178 n->m_next = m; 1179 m = n; 1180 } 1181 return m; 1182#undef TO_BE_RECLAIMED 1183} 1184 1185/* 1186 * Return the transmit key to use in sending a unicast frame. 1187 * If a unicast key is set we use that. When no unicast key is set 1188 * we fall back to the default transmit key. 1189 */ 1190static __inline struct ieee80211_key * 1191ieee80211_crypto_getucastkey(struct ieee80211vap *vap, 1192 struct ieee80211_node *ni) 1193{ 1194 if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { 1195 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE || 1196 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey])) 1197 return NULL; 1198 return &vap->iv_nw_keys[vap->iv_def_txkey]; 1199 } else { 1200 return &ni->ni_ucastkey; 1201 } 1202} 1203 1204/* 1205 * Return the transmit key to use in sending a multicast frame. 1206 * Multicast traffic always uses the group key which is installed as 1207 * the default tx key. 1208 */ 1209static __inline struct ieee80211_key * 1210ieee80211_crypto_getmcastkey(struct ieee80211vap *vap, 1211 struct ieee80211_node *ni) 1212{ 1213 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE || 1214 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey])) 1215 return NULL; 1216 return &vap->iv_nw_keys[vap->iv_def_txkey]; 1217} 1218 1219/* 1220 * Encapsulate an outbound data frame. The mbuf chain is updated. 1221 * If an error is encountered NULL is returned. The caller is required 1222 * to provide a node reference and pullup the ethernet header in the 1223 * first mbuf. 1224 * 1225 * NB: Packet is assumed to be processed by ieee80211_classify which 1226 * marked EAPOL frames w/ M_EAPOL. 1227 */ 1228struct mbuf * 1229ieee80211_encap(struct ieee80211vap *vap, struct ieee80211_node *ni, 1230 struct mbuf *m) 1231{ 1232#define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh)) 1233#define MC01(mc) ((struct ieee80211_meshcntl_ae01 *)mc) 1234 struct ieee80211com *ic = ni->ni_ic; 1235#ifdef IEEE80211_SUPPORT_MESH 1236 struct ieee80211_mesh_state *ms = vap->iv_mesh; 1237 struct ieee80211_meshcntl_ae10 *mc; 1238 struct ieee80211_mesh_route *rt = NULL; 1239 int dir = -1; 1240#endif 1241 struct ether_header eh; 1242 struct ieee80211_frame *wh; 1243 struct ieee80211_key *key; 1244 struct llc *llc; 1245 int hdrsize, hdrspace, datalen, addqos, txfrag, is4addr; 1246 ieee80211_seq seqno; 1247 int meshhdrsize, meshae; 1248 uint8_t *qos; 1249 int is_amsdu = 0; 1250 1251 IEEE80211_TX_LOCK_ASSERT(ic); 1252 1253 /* 1254 * Copy existing Ethernet header to a safe place. The 1255 * rest of the code assumes it's ok to strip it when 1256 * reorganizing state for the final encapsulation. 1257 */ 1258 KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!")); 1259 ETHER_HEADER_COPY(&eh, mtod(m, caddr_t)); 1260 1261 /* 1262 * Insure space for additional headers. First identify 1263 * transmit key to use in calculating any buffer adjustments 1264 * required. This is also used below to do privacy 1265 * encapsulation work. Then calculate the 802.11 header 1266 * size and any padding required by the driver. 1267 * 1268 * Note key may be NULL if we fall back to the default 1269 * transmit key and that is not set. In that case the 1270 * buffer may not be expanded as needed by the cipher 1271 * routines, but they will/should discard it. 1272 */ 1273 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 1274 if (vap->iv_opmode == IEEE80211_M_STA || 1275 !IEEE80211_IS_MULTICAST(eh.ether_dhost) || 1276 (vap->iv_opmode == IEEE80211_M_WDS && 1277 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY))) 1278 key = ieee80211_crypto_getucastkey(vap, ni); 1279 else 1280 key = ieee80211_crypto_getmcastkey(vap, ni); 1281 if (key == NULL && (m->m_flags & M_EAPOL) == 0) { 1282 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, 1283 eh.ether_dhost, 1284 "no default transmit key (%s) deftxkey %u", 1285 __func__, vap->iv_def_txkey); 1286 vap->iv_stats.is_tx_nodefkey++; 1287 goto bad; 1288 } 1289 } else 1290 key = NULL; 1291 /* 1292 * XXX Some ap's don't handle QoS-encapsulated EAPOL 1293 * frames so suppress use. This may be an issue if other 1294 * ap's require all data frames to be QoS-encapsulated 1295 * once negotiated in which case we'll need to make this 1296 * configurable. 1297 * NB: mesh data frames are QoS. 1298 */ 1299 addqos = ((ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) || 1300 (vap->iv_opmode == IEEE80211_M_MBSS)) && 1301 (m->m_flags & M_EAPOL) == 0; 1302 if (addqos) 1303 hdrsize = sizeof(struct ieee80211_qosframe); 1304 else 1305 hdrsize = sizeof(struct ieee80211_frame); 1306#ifdef IEEE80211_SUPPORT_MESH 1307 if (vap->iv_opmode == IEEE80211_M_MBSS) { 1308 /* 1309 * Mesh data frames are encapsulated according to the 1310 * rules of Section 11B.8.5 (p.139 of D3.0 spec). 1311 * o Group Addressed data (aka multicast) originating 1312 * at the local sta are sent w/ 3-address format and 1313 * address extension mode 00 1314 * o Individually Addressed data (aka unicast) originating 1315 * at the local sta are sent w/ 4-address format and 1316 * address extension mode 00 1317 * o Group Addressed data forwarded from a non-mesh sta are 1318 * sent w/ 3-address format and address extension mode 01 1319 * o Individually Address data from another sta are sent 1320 * w/ 4-address format and address extension mode 10 1321 */ 1322 is4addr = 0; /* NB: don't use, disable */ 1323 if (!IEEE80211_IS_MULTICAST(eh.ether_dhost)) { 1324 rt = ieee80211_mesh_rt_find(vap, eh.ether_dhost); 1325 KASSERT(rt != NULL, ("route is NULL")); 1326 dir = IEEE80211_FC1_DIR_DSTODS; 1327 hdrsize += IEEE80211_ADDR_LEN; 1328 if (rt->rt_flags & IEEE80211_MESHRT_FLAGS_PROXY) { 1329 if (IEEE80211_ADDR_EQ(rt->rt_mesh_gate, 1330 vap->iv_myaddr)) { 1331 IEEE80211_NOTE_MAC(vap, 1332 IEEE80211_MSG_MESH, 1333 eh.ether_dhost, 1334 "%s", "trying to send to ourself"); 1335 goto bad; 1336 } 1337 meshae = IEEE80211_MESH_AE_10; 1338 meshhdrsize = 1339 sizeof(struct ieee80211_meshcntl_ae10); 1340 } else { 1341 meshae = IEEE80211_MESH_AE_00; 1342 meshhdrsize = 1343 sizeof(struct ieee80211_meshcntl); 1344 } 1345 } else { 1346 dir = IEEE80211_FC1_DIR_FROMDS; 1347 if (!IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)) { 1348 /* proxy group */ 1349 meshae = IEEE80211_MESH_AE_01; 1350 meshhdrsize = 1351 sizeof(struct ieee80211_meshcntl_ae01); 1352 } else { 1353 /* group */ 1354 meshae = IEEE80211_MESH_AE_00; 1355 meshhdrsize = sizeof(struct ieee80211_meshcntl); 1356 } 1357 } 1358 } else { 1359#endif 1360 /* 1361 * 4-address frames need to be generated for: 1362 * o packets sent through a WDS vap (IEEE80211_M_WDS) 1363 * o packets sent through a vap marked for relaying 1364 * (e.g. a station operating with dynamic WDS) 1365 */ 1366 is4addr = vap->iv_opmode == IEEE80211_M_WDS || 1367 ((vap->iv_flags_ext & IEEE80211_FEXT_4ADDR) && 1368 !IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)); 1369 if (is4addr) 1370 hdrsize += IEEE80211_ADDR_LEN; 1371 meshhdrsize = meshae = 0; 1372#ifdef IEEE80211_SUPPORT_MESH 1373 } 1374#endif 1375 /* 1376 * Honor driver DATAPAD requirement. 1377 */ 1378 if (ic->ic_flags & IEEE80211_F_DATAPAD) 1379 hdrspace = roundup(hdrsize, sizeof(uint32_t)); 1380 else 1381 hdrspace = hdrsize; 1382 1383 if (__predict_true((m->m_flags & M_FF) == 0)) { 1384 /* 1385 * Normal frame. 1386 */ 1387 m = ieee80211_mbuf_adjust(vap, hdrspace + meshhdrsize, key, m); 1388 if (m == NULL) { 1389 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */ 1390 goto bad; 1391 } 1392 /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */ 1393 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc)); 1394 llc = mtod(m, struct llc *); 1395 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 1396 llc->llc_control = LLC_UI; 1397 llc->llc_snap.org_code[0] = 0; 1398 llc->llc_snap.org_code[1] = 0; 1399 llc->llc_snap.org_code[2] = 0; 1400 llc->llc_snap.ether_type = eh.ether_type; 1401 } else { 1402#ifdef IEEE80211_SUPPORT_SUPERG 1403 /* 1404 * Aggregated frame. Check if it's for AMSDU or FF. 1405 * 1406 * XXX TODO: IEEE80211_NODE_AMSDU* isn't implemented 1407 * anywhere for some reason. But, since 11n requires 1408 * AMSDU RX, we can just assume "11n" == "AMSDU". 1409 */ 1410 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG, "%s: called; M_FF\n", __func__); 1411 if (ieee80211_amsdu_tx_ok(ni)) { 1412 m = ieee80211_amsdu_encap(vap, m, hdrspace + meshhdrsize, key); 1413 is_amsdu = 1; 1414 } else { 1415 m = ieee80211_ff_encap(vap, m, hdrspace + meshhdrsize, key); 1416 } 1417 if (m == NULL) 1418#endif 1419 goto bad; 1420 } 1421 datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */ 1422 1423 M_PREPEND(m, hdrspace + meshhdrsize, M_NOWAIT); 1424 if (m == NULL) { 1425 vap->iv_stats.is_tx_nobuf++; 1426 goto bad; 1427 } 1428 wh = mtod(m, struct ieee80211_frame *); 1429 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 1430 *(uint16_t *)wh->i_dur = 0; 1431 qos = NULL; /* NB: quiet compiler */ 1432 if (is4addr) { 1433 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS; 1434 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 1435 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 1436 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 1437 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost); 1438 } else switch (vap->iv_opmode) { 1439 case IEEE80211_M_STA: 1440 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 1441 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 1442 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 1443 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 1444 break; 1445 case IEEE80211_M_IBSS: 1446 case IEEE80211_M_AHDEMO: 1447 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1448 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1449 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 1450 /* 1451 * NB: always use the bssid from iv_bss as the 1452 * neighbor's may be stale after an ibss merge 1453 */ 1454 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_bssid); 1455 break; 1456 case IEEE80211_M_HOSTAP: 1457 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 1458 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1459 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 1460 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 1461 break; 1462#ifdef IEEE80211_SUPPORT_MESH 1463 case IEEE80211_M_MBSS: 1464 /* NB: offset by hdrspace to deal with DATAPAD */ 1465 mc = (struct ieee80211_meshcntl_ae10 *) 1466 (mtod(m, uint8_t *) + hdrspace); 1467 wh->i_fc[1] = dir; 1468 switch (meshae) { 1469 case IEEE80211_MESH_AE_00: /* no proxy */ 1470 mc->mc_flags = 0; 1471 if (dir == IEEE80211_FC1_DIR_DSTODS) { /* ucast */ 1472 IEEE80211_ADDR_COPY(wh->i_addr1, 1473 ni->ni_macaddr); 1474 IEEE80211_ADDR_COPY(wh->i_addr2, 1475 vap->iv_myaddr); 1476 IEEE80211_ADDR_COPY(wh->i_addr3, 1477 eh.ether_dhost); 1478 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, 1479 eh.ether_shost); 1480 qos =((struct ieee80211_qosframe_addr4 *) 1481 wh)->i_qos; 1482 } else if (dir == IEEE80211_FC1_DIR_FROMDS) { 1483 /* mcast */ 1484 IEEE80211_ADDR_COPY(wh->i_addr1, 1485 eh.ether_dhost); 1486 IEEE80211_ADDR_COPY(wh->i_addr2, 1487 vap->iv_myaddr); 1488 IEEE80211_ADDR_COPY(wh->i_addr3, 1489 eh.ether_shost); 1490 qos = ((struct ieee80211_qosframe *) 1491 wh)->i_qos; 1492 } 1493 break; 1494 case IEEE80211_MESH_AE_01: /* mcast, proxy */ 1495 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 1496 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 1497 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 1498 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_myaddr); 1499 mc->mc_flags = 1; 1500 IEEE80211_ADDR_COPY(MC01(mc)->mc_addr4, 1501 eh.ether_shost); 1502 qos = ((struct ieee80211_qosframe *) wh)->i_qos; 1503 break; 1504 case IEEE80211_MESH_AE_10: /* ucast, proxy */ 1505 KASSERT(rt != NULL, ("route is NULL")); 1506 IEEE80211_ADDR_COPY(wh->i_addr1, rt->rt_nexthop); 1507 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 1508 IEEE80211_ADDR_COPY(wh->i_addr3, rt->rt_mesh_gate); 1509 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, vap->iv_myaddr); 1510 mc->mc_flags = IEEE80211_MESH_AE_10; 1511 IEEE80211_ADDR_COPY(mc->mc_addr5, eh.ether_dhost); 1512 IEEE80211_ADDR_COPY(mc->mc_addr6, eh.ether_shost); 1513 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 1514 break; 1515 default: 1516 KASSERT(0, ("meshae %d", meshae)); 1517 break; 1518 } 1519 mc->mc_ttl = ms->ms_ttl; 1520 ms->ms_seq++; 1521 LE_WRITE_4(mc->mc_seq, ms->ms_seq); 1522 break; 1523#endif 1524 case IEEE80211_M_WDS: /* NB: is4addr should always be true */ 1525 default: 1526 goto bad; 1527 } 1528 if (m->m_flags & M_MORE_DATA) 1529 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 1530 if (addqos) { 1531 int ac, tid; 1532 1533 if (is4addr) { 1534 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos; 1535 /* NB: mesh case handled earlier */ 1536 } else if (vap->iv_opmode != IEEE80211_M_MBSS) 1537 qos = ((struct ieee80211_qosframe *) wh)->i_qos; 1538 ac = M_WME_GETAC(m); 1539 /* map from access class/queue to 11e header priorty value */ 1540 tid = WME_AC_TO_TID(ac); 1541 qos[0] = tid & IEEE80211_QOS_TID; 1542 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy) 1543 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK; 1544#ifdef IEEE80211_SUPPORT_MESH 1545 if (vap->iv_opmode == IEEE80211_M_MBSS) 1546 qos[1] = IEEE80211_QOS_MC; 1547 else 1548#endif 1549 qos[1] = 0; 1550 wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 1551 1552 /* 1553 * If this is an A-MSDU then ensure we set the 1554 * relevant field. 1555 */ 1556 if (is_amsdu) 1557 qos[0] |= IEEE80211_QOS_AMSDU; 1558 1559 if ((m->m_flags & M_AMPDU_MPDU) == 0) { 1560 /* 1561 * NB: don't assign a sequence # to potential 1562 * aggregates; we expect this happens at the 1563 * point the frame comes off any aggregation q 1564 * as otherwise we may introduce holes in the 1565 * BA sequence space and/or make window accouting 1566 * more difficult. 1567 * 1568 * XXX may want to control this with a driver 1569 * capability; this may also change when we pull 1570 * aggregation up into net80211 1571 */ 1572 seqno = ni->ni_txseqs[tid]++; 1573 *(uint16_t *)wh->i_seq = 1574 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 1575 M_SEQNO_SET(m, seqno); 1576 } 1577 } else { 1578 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++; 1579 *(uint16_t *)wh->i_seq = 1580 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 1581 M_SEQNO_SET(m, seqno); 1582 1583 /* 1584 * XXX TODO: we shouldn't allow EAPOL, etc that would 1585 * be forced to be non-QoS traffic to be A-MSDU encapsulated. 1586 */ 1587 if (is_amsdu) 1588 printf("%s: XXX ERROR: is_amsdu set; not QoS!\n", 1589 __func__); 1590 } 1591 1592 1593 /* check if xmit fragmentation is required */ 1594 txfrag = (m->m_pkthdr.len > vap->iv_fragthreshold && 1595 !IEEE80211_IS_MULTICAST(wh->i_addr1) && 1596 (vap->iv_caps & IEEE80211_C_TXFRAG) && 1597 (m->m_flags & (M_FF | M_AMPDU_MPDU)) == 0); 1598 if (key != NULL) { 1599 /* 1600 * IEEE 802.1X: send EAPOL frames always in the clear. 1601 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set. 1602 */ 1603 if ((m->m_flags & M_EAPOL) == 0 || 1604 ((vap->iv_flags & IEEE80211_F_WPA) && 1605 (vap->iv_opmode == IEEE80211_M_STA ? 1606 !IEEE80211_KEY_UNDEFINED(key) : 1607 !IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)))) { 1608 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 1609 if (!ieee80211_crypto_enmic(vap, key, m, txfrag)) { 1610 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, 1611 eh.ether_dhost, 1612 "%s", "enmic failed, discard frame"); 1613 vap->iv_stats.is_crypto_enmicfail++; 1614 goto bad; 1615 } 1616 } 1617 } 1618 if (txfrag && !ieee80211_fragment(vap, m, hdrsize, 1619 key != NULL ? key->wk_cipher->ic_header : 0, vap->iv_fragthreshold)) 1620 goto bad; 1621 1622 m->m_flags |= M_ENCAP; /* mark encapsulated */ 1623 1624 IEEE80211_NODE_STAT(ni, tx_data); 1625 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1626 IEEE80211_NODE_STAT(ni, tx_mcast); 1627 m->m_flags |= M_MCAST; 1628 } else 1629 IEEE80211_NODE_STAT(ni, tx_ucast); 1630 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen); 1631 1632 return m; 1633bad: 1634 if (m != NULL) 1635 m_freem(m); 1636 return NULL; 1637#undef WH4 1638#undef MC01 1639} 1640 1641void 1642ieee80211_free_mbuf(struct mbuf *m) 1643{ 1644 struct mbuf *next; 1645 1646 if (m == NULL) 1647 return; 1648 1649 do { 1650 next = m->m_nextpkt; 1651 m->m_nextpkt = NULL; 1652 m_freem(m); 1653 } while ((m = next) != NULL); 1654} 1655 1656/* 1657 * Fragment the frame according to the specified mtu. 1658 * The size of the 802.11 header (w/o padding) is provided 1659 * so we don't need to recalculate it. We create a new 1660 * mbuf for each fragment and chain it through m_nextpkt; 1661 * we might be able to optimize this by reusing the original 1662 * packet's mbufs but that is significantly more complicated. 1663 */ 1664static int 1665ieee80211_fragment(struct ieee80211vap *vap, struct mbuf *m0, 1666 u_int hdrsize, u_int ciphdrsize, u_int mtu) 1667{ 1668 struct ieee80211com *ic = vap->iv_ic; 1669 struct ieee80211_frame *wh, *whf; 1670 struct mbuf *m, *prev; 1671 u_int totalhdrsize, fragno, fragsize, off, remainder, payload; 1672 u_int hdrspace; 1673 1674 KASSERT(m0->m_nextpkt == NULL, ("mbuf already chained?")); 1675 KASSERT(m0->m_pkthdr.len > mtu, 1676 ("pktlen %u mtu %u", m0->m_pkthdr.len, mtu)); 1677 1678 /* 1679 * Honor driver DATAPAD requirement. 1680 */ 1681 if (ic->ic_flags & IEEE80211_F_DATAPAD) 1682 hdrspace = roundup(hdrsize, sizeof(uint32_t)); 1683 else 1684 hdrspace = hdrsize; 1685 1686 wh = mtod(m0, struct ieee80211_frame *); 1687 /* NB: mark the first frag; it will be propagated below */ 1688 wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG; 1689 totalhdrsize = hdrspace + ciphdrsize; 1690 fragno = 1; 1691 off = mtu - ciphdrsize; 1692 remainder = m0->m_pkthdr.len - off; 1693 prev = m0; 1694 do { 1695 fragsize = totalhdrsize + remainder; 1696 if (fragsize > mtu) 1697 fragsize = mtu; 1698 /* XXX fragsize can be >2048! */ 1699 KASSERT(fragsize < MCLBYTES, 1700 ("fragment size %u too big!", fragsize)); 1701 if (fragsize > MHLEN) 1702 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 1703 else 1704 m = m_gethdr(M_NOWAIT, MT_DATA); 1705 if (m == NULL) 1706 goto bad; 1707 /* leave room to prepend any cipher header */ 1708 m_align(m, fragsize - ciphdrsize); 1709 1710 /* 1711 * Form the header in the fragment. Note that since 1712 * we mark the first fragment with the MORE_FRAG bit 1713 * it automatically is propagated to each fragment; we 1714 * need only clear it on the last fragment (done below). 1715 * NB: frag 1+ dont have Mesh Control field present. 1716 */ 1717 whf = mtod(m, struct ieee80211_frame *); 1718 memcpy(whf, wh, hdrsize); 1719#ifdef IEEE80211_SUPPORT_MESH 1720 if (vap->iv_opmode == IEEE80211_M_MBSS) { 1721 if (IEEE80211_IS_DSTODS(wh)) 1722 ((struct ieee80211_qosframe_addr4 *) 1723 whf)->i_qos[1] &= ~IEEE80211_QOS_MC; 1724 else 1725 ((struct ieee80211_qosframe *) 1726 whf)->i_qos[1] &= ~IEEE80211_QOS_MC; 1727 } 1728#endif 1729 *(uint16_t *)&whf->i_seq[0] |= htole16( 1730 (fragno & IEEE80211_SEQ_FRAG_MASK) << 1731 IEEE80211_SEQ_FRAG_SHIFT); 1732 fragno++; 1733 1734 payload = fragsize - totalhdrsize; 1735 /* NB: destination is known to be contiguous */ 1736 1737 m_copydata(m0, off, payload, mtod(m, uint8_t *) + hdrspace); 1738 m->m_len = hdrspace + payload; 1739 m->m_pkthdr.len = hdrspace + payload; 1740 m->m_flags |= M_FRAG; 1741 1742 /* chain up the fragment */ 1743 prev->m_nextpkt = m; 1744 prev = m; 1745 1746 /* deduct fragment just formed */ 1747 remainder -= payload; 1748 off += payload; 1749 } while (remainder != 0); 1750 1751 /* set the last fragment */ 1752 m->m_flags |= M_LASTFRAG; 1753 whf->i_fc[1] &= ~IEEE80211_FC1_MORE_FRAG; 1754 1755 /* strip first mbuf now that everything has been copied */ 1756 m_adj(m0, -(m0->m_pkthdr.len - (mtu - ciphdrsize))); 1757 m0->m_flags |= M_FIRSTFRAG | M_FRAG; 1758 1759 vap->iv_stats.is_tx_fragframes++; 1760 vap->iv_stats.is_tx_frags += fragno-1; 1761 1762 return 1; 1763bad: 1764 /* reclaim fragments but leave original frame for caller to free */ 1765 ieee80211_free_mbuf(m0->m_nextpkt); 1766 m0->m_nextpkt = NULL; 1767 return 0; 1768} 1769 1770/* 1771 * Add a supported rates element id to a frame. 1772 */ 1773uint8_t * 1774ieee80211_add_rates(uint8_t *frm, const struct ieee80211_rateset *rs) 1775{ 1776 int nrates; 1777 1778 *frm++ = IEEE80211_ELEMID_RATES; 1779 nrates = rs->rs_nrates; 1780 if (nrates > IEEE80211_RATE_SIZE) 1781 nrates = IEEE80211_RATE_SIZE; 1782 *frm++ = nrates; 1783 memcpy(frm, rs->rs_rates, nrates); 1784 return frm + nrates; 1785} 1786 1787/* 1788 * Add an extended supported rates element id to a frame. 1789 */ 1790uint8_t * 1791ieee80211_add_xrates(uint8_t *frm, const struct ieee80211_rateset *rs) 1792{ 1793 /* 1794 * Add an extended supported rates element if operating in 11g mode. 1795 */ 1796 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 1797 int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1798 *frm++ = IEEE80211_ELEMID_XRATES; 1799 *frm++ = nrates; 1800 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1801 frm += nrates; 1802 } 1803 return frm; 1804} 1805 1806/* 1807 * Add an ssid element to a frame. 1808 */ 1809uint8_t * 1810ieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len) 1811{ 1812 *frm++ = IEEE80211_ELEMID_SSID; 1813 *frm++ = len; 1814 memcpy(frm, ssid, len); 1815 return frm + len; 1816} 1817 1818/* 1819 * Add an erp element to a frame. 1820 */ 1821static uint8_t * 1822ieee80211_add_erp(uint8_t *frm, struct ieee80211com *ic) 1823{ 1824 uint8_t erp; 1825 1826 *frm++ = IEEE80211_ELEMID_ERP; 1827 *frm++ = 1; 1828 erp = 0; 1829 if (ic->ic_nonerpsta != 0) 1830 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 1831 if (ic->ic_flags & IEEE80211_F_USEPROT) 1832 erp |= IEEE80211_ERP_USE_PROTECTION; 1833 if (ic->ic_flags & IEEE80211_F_USEBARKER) 1834 erp |= IEEE80211_ERP_LONG_PREAMBLE; 1835 *frm++ = erp; 1836 return frm; 1837} 1838 1839/* 1840 * Add a CFParams element to a frame. 1841 */ 1842static uint8_t * 1843ieee80211_add_cfparms(uint8_t *frm, struct ieee80211com *ic) 1844{ 1845#define ADDSHORT(frm, v) do { \ 1846 LE_WRITE_2(frm, v); \ 1847 frm += 2; \ 1848} while (0) 1849 *frm++ = IEEE80211_ELEMID_CFPARMS; 1850 *frm++ = 6; 1851 *frm++ = 0; /* CFP count */ 1852 *frm++ = 2; /* CFP period */ 1853 ADDSHORT(frm, 0); /* CFP MaxDuration (TU) */ 1854 ADDSHORT(frm, 0); /* CFP CurRemaining (TU) */ 1855 return frm; 1856#undef ADDSHORT 1857} 1858 1859static __inline uint8_t * 1860add_appie(uint8_t *frm, const struct ieee80211_appie *ie) 1861{ 1862 memcpy(frm, ie->ie_data, ie->ie_len); 1863 return frm + ie->ie_len; 1864} 1865 1866static __inline uint8_t * 1867add_ie(uint8_t *frm, const uint8_t *ie) 1868{ 1869 memcpy(frm, ie, 2 + ie[1]); 1870 return frm + 2 + ie[1]; 1871} 1872 1873#define WME_OUI_BYTES 0x00, 0x50, 0xf2 1874/* 1875 * Add a WME information element to a frame. 1876 */ 1877uint8_t * 1878ieee80211_add_wme_info(uint8_t *frm, struct ieee80211_wme_state *wme) 1879{ 1880 static const struct ieee80211_wme_info info = { 1881 .wme_id = IEEE80211_ELEMID_VENDOR, 1882 .wme_len = sizeof(struct ieee80211_wme_info) - 2, 1883 .wme_oui = { WME_OUI_BYTES }, 1884 .wme_type = WME_OUI_TYPE, 1885 .wme_subtype = WME_INFO_OUI_SUBTYPE, 1886 .wme_version = WME_VERSION, 1887 .wme_info = 0, 1888 }; 1889 memcpy(frm, &info, sizeof(info)); 1890 return frm + sizeof(info); 1891} 1892 1893/* 1894 * Add a WME parameters element to a frame. 1895 */ 1896static uint8_t * 1897ieee80211_add_wme_param(uint8_t *frm, struct ieee80211_wme_state *wme) 1898{ 1899#define SM(_v, _f) (((_v) << _f##_S) & _f) 1900#define ADDSHORT(frm, v) do { \ 1901 LE_WRITE_2(frm, v); \ 1902 frm += 2; \ 1903} while (0) 1904 /* NB: this works 'cuz a param has an info at the front */ 1905 static const struct ieee80211_wme_info param = { 1906 .wme_id = IEEE80211_ELEMID_VENDOR, 1907 .wme_len = sizeof(struct ieee80211_wme_param) - 2, 1908 .wme_oui = { WME_OUI_BYTES }, 1909 .wme_type = WME_OUI_TYPE, 1910 .wme_subtype = WME_PARAM_OUI_SUBTYPE, 1911 .wme_version = WME_VERSION, 1912 }; 1913 int i; 1914 1915 memcpy(frm, ¶m, sizeof(param)); 1916 frm += __offsetof(struct ieee80211_wme_info, wme_info); 1917 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */ 1918 *frm++ = 0; /* reserved field */ 1919 for (i = 0; i < WME_NUM_AC; i++) { 1920 const struct wmeParams *ac = 1921 &wme->wme_bssChanParams.cap_wmeParams[i]; 1922 *frm++ = SM(i, WME_PARAM_ACI) 1923 | SM(ac->wmep_acm, WME_PARAM_ACM) 1924 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN) 1925 ; 1926 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX) 1927 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN) 1928 ; 1929 ADDSHORT(frm, ac->wmep_txopLimit); 1930 } 1931 return frm; 1932#undef SM 1933#undef ADDSHORT 1934} 1935#undef WME_OUI_BYTES 1936 1937/* 1938 * Add an 11h Power Constraint element to a frame. 1939 */ 1940static uint8_t * 1941ieee80211_add_powerconstraint(uint8_t *frm, struct ieee80211vap *vap) 1942{ 1943 const struct ieee80211_channel *c = vap->iv_bss->ni_chan; 1944 /* XXX per-vap tx power limit? */ 1945 int8_t limit = vap->iv_ic->ic_txpowlimit / 2; 1946 1947 frm[0] = IEEE80211_ELEMID_PWRCNSTR; 1948 frm[1] = 1; 1949 frm[2] = c->ic_maxregpower > limit ? c->ic_maxregpower - limit : 0; 1950 return frm + 3; 1951} 1952 1953/* 1954 * Add an 11h Power Capability element to a frame. 1955 */ 1956static uint8_t * 1957ieee80211_add_powercapability(uint8_t *frm, const struct ieee80211_channel *c) 1958{ 1959 frm[0] = IEEE80211_ELEMID_PWRCAP; 1960 frm[1] = 2; 1961 frm[2] = c->ic_minpower; 1962 frm[3] = c->ic_maxpower; 1963 return frm + 4; 1964} 1965 1966/* 1967 * Add an 11h Supported Channels element to a frame. 1968 */ 1969static uint8_t * 1970ieee80211_add_supportedchannels(uint8_t *frm, struct ieee80211com *ic) 1971{ 1972 static const int ielen = 26; 1973 1974 frm[0] = IEEE80211_ELEMID_SUPPCHAN; 1975 frm[1] = ielen; 1976 /* XXX not correct */ 1977 memcpy(frm+2, ic->ic_chan_avail, ielen); 1978 return frm + 2 + ielen; 1979} 1980 1981/* 1982 * Add an 11h Quiet time element to a frame. 1983 */ 1984static uint8_t * 1985ieee80211_add_quiet(uint8_t *frm, struct ieee80211vap *vap) 1986{ 1987 struct ieee80211_quiet_ie *quiet = (struct ieee80211_quiet_ie *) frm; 1988 1989 quiet->quiet_ie = IEEE80211_ELEMID_QUIET; 1990 quiet->len = 6; 1991 if (vap->iv_quiet_count_value == 1) 1992 vap->iv_quiet_count_value = vap->iv_quiet_count; 1993 else if (vap->iv_quiet_count_value > 1) 1994 vap->iv_quiet_count_value--; 1995 1996 if (vap->iv_quiet_count_value == 0) { 1997 /* value 0 is reserved as per 802.11h standerd */ 1998 vap->iv_quiet_count_value = 1; 1999 } 2000 2001 quiet->tbttcount = vap->iv_quiet_count_value; 2002 quiet->period = vap->iv_quiet_period; 2003 quiet->duration = htole16(vap->iv_quiet_duration); 2004 quiet->offset = htole16(vap->iv_quiet_offset); 2005 return frm + sizeof(*quiet); 2006} 2007 2008/* 2009 * Add an 11h Channel Switch Announcement element to a frame. 2010 * Note that we use the per-vap CSA count to adjust the global 2011 * counter so we can use this routine to form probe response 2012 * frames and get the current count. 2013 */ 2014static uint8_t * 2015ieee80211_add_csa(uint8_t *frm, struct ieee80211vap *vap) 2016{ 2017 struct ieee80211com *ic = vap->iv_ic; 2018 struct ieee80211_csa_ie *csa = (struct ieee80211_csa_ie *) frm; 2019 2020 csa->csa_ie = IEEE80211_ELEMID_CSA; 2021 csa->csa_len = 3; 2022 csa->csa_mode = 1; /* XXX force quiet on channel */ 2023 csa->csa_newchan = ieee80211_chan2ieee(ic, ic->ic_csa_newchan); 2024 csa->csa_count = ic->ic_csa_count - vap->iv_csa_count; 2025 return frm + sizeof(*csa); 2026} 2027 2028/* 2029 * Add an 11h country information element to a frame. 2030 */ 2031static uint8_t * 2032ieee80211_add_countryie(uint8_t *frm, struct ieee80211com *ic) 2033{ 2034 2035 if (ic->ic_countryie == NULL || 2036 ic->ic_countryie_chan != ic->ic_bsschan) { 2037 /* 2038 * Handle lazy construction of ie. This is done on 2039 * first use and after a channel change that requires 2040 * re-calculation. 2041 */ 2042 if (ic->ic_countryie != NULL) 2043 IEEE80211_FREE(ic->ic_countryie, M_80211_NODE_IE); 2044 ic->ic_countryie = ieee80211_alloc_countryie(ic); 2045 if (ic->ic_countryie == NULL) 2046 return frm; 2047 ic->ic_countryie_chan = ic->ic_bsschan; 2048 } 2049 return add_appie(frm, ic->ic_countryie); 2050} 2051 2052uint8_t * 2053ieee80211_add_wpa(uint8_t *frm, const struct ieee80211vap *vap) 2054{ 2055 if (vap->iv_flags & IEEE80211_F_WPA1 && vap->iv_wpa_ie != NULL) 2056 return (add_ie(frm, vap->iv_wpa_ie)); 2057 else { 2058 /* XXX else complain? */ 2059 return (frm); 2060 } 2061} 2062 2063uint8_t * 2064ieee80211_add_rsn(uint8_t *frm, const struct ieee80211vap *vap) 2065{ 2066 if (vap->iv_flags & IEEE80211_F_WPA2 && vap->iv_rsn_ie != NULL) 2067 return (add_ie(frm, vap->iv_rsn_ie)); 2068 else { 2069 /* XXX else complain? */ 2070 return (frm); 2071 } 2072} 2073 2074uint8_t * 2075ieee80211_add_qos(uint8_t *frm, const struct ieee80211_node *ni) 2076{ 2077 if (ni->ni_flags & IEEE80211_NODE_QOS) { 2078 *frm++ = IEEE80211_ELEMID_QOS; 2079 *frm++ = 1; 2080 *frm++ = 0; 2081 } 2082 2083 return (frm); 2084} 2085 2086/* 2087 * Send a probe request frame with the specified ssid 2088 * and any optional information element data. 2089 */ 2090int 2091ieee80211_send_probereq(struct ieee80211_node *ni, 2092 const uint8_t sa[IEEE80211_ADDR_LEN], 2093 const uint8_t da[IEEE80211_ADDR_LEN], 2094 const uint8_t bssid[IEEE80211_ADDR_LEN], 2095 const uint8_t *ssid, size_t ssidlen) 2096{ 2097 struct ieee80211vap *vap = ni->ni_vap; 2098 struct ieee80211com *ic = ni->ni_ic; 2099 const struct ieee80211_txparam *tp; 2100 struct ieee80211_bpf_params params; 2101 struct ieee80211_frame *wh; 2102 const struct ieee80211_rateset *rs; 2103 struct mbuf *m; 2104 uint8_t *frm; 2105 int ret; 2106 2107 if (vap->iv_state == IEEE80211_S_CAC) { 2108 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, ni, 2109 "block %s frame in CAC state", "probe request"); 2110 vap->iv_stats.is_tx_badstate++; 2111 return EIO; /* XXX */ 2112 } 2113 2114 /* 2115 * Hold a reference on the node so it doesn't go away until after 2116 * the xmit is complete all the way in the driver. On error we 2117 * will remove our reference. 2118 */ 2119 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 2120 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 2121 __func__, __LINE__, 2122 ni, ether_sprintf(ni->ni_macaddr), 2123 ieee80211_node_refcnt(ni)+1); 2124 ieee80211_ref_node(ni); 2125 2126 /* 2127 * prreq frame format 2128 * [tlv] ssid 2129 * [tlv] supported rates 2130 * [tlv] RSN (optional) 2131 * [tlv] extended supported rates 2132 * [tlv] WPA (optional) 2133 * [tlv] user-specified ie's 2134 */ 2135 m = ieee80211_getmgtframe(&frm, 2136 ic->ic_headroom + sizeof(struct ieee80211_frame), 2137 2 + IEEE80211_NWID_LEN 2138 + 2 + IEEE80211_RATE_SIZE 2139 + sizeof(struct ieee80211_ie_wpa) 2140 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2141 + sizeof(struct ieee80211_ie_wpa) 2142 + (vap->iv_appie_probereq != NULL ? 2143 vap->iv_appie_probereq->ie_len : 0) 2144 ); 2145 if (m == NULL) { 2146 vap->iv_stats.is_tx_nobuf++; 2147 ieee80211_free_node(ni); 2148 return ENOMEM; 2149 } 2150 2151 frm = ieee80211_add_ssid(frm, ssid, ssidlen); 2152 rs = ieee80211_get_suprates(ic, ic->ic_curchan); 2153 frm = ieee80211_add_rates(frm, rs); 2154 frm = ieee80211_add_rsn(frm, vap); 2155 frm = ieee80211_add_xrates(frm, rs); 2156 frm = ieee80211_add_wpa(frm, vap); 2157 if (vap->iv_appie_probereq != NULL) 2158 frm = add_appie(frm, vap->iv_appie_probereq); 2159 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2160 2161 KASSERT(M_LEADINGSPACE(m) >= sizeof(struct ieee80211_frame), 2162 ("leading space %zd", M_LEADINGSPACE(m))); 2163 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 2164 if (m == NULL) { 2165 /* NB: cannot happen */ 2166 ieee80211_free_node(ni); 2167 return ENOMEM; 2168 } 2169 2170 IEEE80211_TX_LOCK(ic); 2171 wh = mtod(m, struct ieee80211_frame *); 2172 ieee80211_send_setup(ni, m, 2173 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ, 2174 IEEE80211_NONQOS_TID, sa, da, bssid); 2175 /* XXX power management? */ 2176 m->m_flags |= M_ENCAP; /* mark encapsulated */ 2177 2178 M_WME_SETAC(m, WME_AC_BE); 2179 2180 IEEE80211_NODE_STAT(ni, tx_probereq); 2181 IEEE80211_NODE_STAT(ni, tx_mgmt); 2182 2183 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, 2184 "send probe req on channel %u bssid %s ssid \"%.*s\"\n", 2185 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(bssid), 2186 ssidlen, ssid); 2187 2188 memset(¶ms, 0, sizeof(params)); 2189 params.ibp_pri = M_WME_GETAC(m); 2190 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 2191 params.ibp_rate0 = tp->mgmtrate; 2192 if (IEEE80211_IS_MULTICAST(da)) { 2193 params.ibp_flags |= IEEE80211_BPF_NOACK; 2194 params.ibp_try0 = 1; 2195 } else 2196 params.ibp_try0 = tp->maxretry; 2197 params.ibp_power = ni->ni_txpower; 2198 ret = ieee80211_raw_output(vap, ni, m, ¶ms); 2199 IEEE80211_TX_UNLOCK(ic); 2200 return (ret); 2201} 2202 2203/* 2204 * Calculate capability information for mgt frames. 2205 */ 2206uint16_t 2207ieee80211_getcapinfo(struct ieee80211vap *vap, struct ieee80211_channel *chan) 2208{ 2209 struct ieee80211com *ic = vap->iv_ic; 2210 uint16_t capinfo; 2211 2212 KASSERT(vap->iv_opmode != IEEE80211_M_STA, ("station mode")); 2213 2214 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2215 capinfo = IEEE80211_CAPINFO_ESS; 2216 else if (vap->iv_opmode == IEEE80211_M_IBSS) 2217 capinfo = IEEE80211_CAPINFO_IBSS; 2218 else 2219 capinfo = 0; 2220 if (vap->iv_flags & IEEE80211_F_PRIVACY) 2221 capinfo |= IEEE80211_CAPINFO_PRIVACY; 2222 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 2223 IEEE80211_IS_CHAN_2GHZ(chan)) 2224 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 2225 if (ic->ic_flags & IEEE80211_F_SHSLOT) 2226 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 2227 if (IEEE80211_IS_CHAN_5GHZ(chan) && (vap->iv_flags & IEEE80211_F_DOTH)) 2228 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT; 2229 return capinfo; 2230} 2231 2232/* 2233 * Send a management frame. The node is for the destination (or ic_bss 2234 * when in station mode). Nodes other than ic_bss have their reference 2235 * count bumped to reflect our use for an indeterminant time. 2236 */ 2237int 2238ieee80211_send_mgmt(struct ieee80211_node *ni, int type, int arg) 2239{ 2240#define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT) 2241#define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0) 2242 struct ieee80211vap *vap = ni->ni_vap; 2243 struct ieee80211com *ic = ni->ni_ic; 2244 struct ieee80211_node *bss = vap->iv_bss; 2245 struct ieee80211_bpf_params params; 2246 struct mbuf *m; 2247 uint8_t *frm; 2248 uint16_t capinfo; 2249 int has_challenge, is_shared_key, ret, status; 2250 2251 KASSERT(ni != NULL, ("null node")); 2252 2253 /* 2254 * Hold a reference on the node so it doesn't go away until after 2255 * the xmit is complete all the way in the driver. On error we 2256 * will remove our reference. 2257 */ 2258 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 2259 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 2260 __func__, __LINE__, 2261 ni, ether_sprintf(ni->ni_macaddr), 2262 ieee80211_node_refcnt(ni)+1); 2263 ieee80211_ref_node(ni); 2264 2265 memset(¶ms, 0, sizeof(params)); 2266 switch (type) { 2267 2268 case IEEE80211_FC0_SUBTYPE_AUTH: 2269 status = arg >> 16; 2270 arg &= 0xffff; 2271 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE || 2272 arg == IEEE80211_AUTH_SHARED_RESPONSE) && 2273 ni->ni_challenge != NULL); 2274 2275 /* 2276 * Deduce whether we're doing open authentication or 2277 * shared key authentication. We do the latter if 2278 * we're in the middle of a shared key authentication 2279 * handshake or if we're initiating an authentication 2280 * request and configured to use shared key. 2281 */ 2282 is_shared_key = has_challenge || 2283 arg >= IEEE80211_AUTH_SHARED_RESPONSE || 2284 (arg == IEEE80211_AUTH_SHARED_REQUEST && 2285 bss->ni_authmode == IEEE80211_AUTH_SHARED); 2286 2287 m = ieee80211_getmgtframe(&frm, 2288 ic->ic_headroom + sizeof(struct ieee80211_frame), 2289 3 * sizeof(uint16_t) 2290 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ? 2291 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN : 0) 2292 ); 2293 if (m == NULL) 2294 senderr(ENOMEM, is_tx_nobuf); 2295 2296 ((uint16_t *)frm)[0] = 2297 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED) 2298 : htole16(IEEE80211_AUTH_ALG_OPEN); 2299 ((uint16_t *)frm)[1] = htole16(arg); /* sequence number */ 2300 ((uint16_t *)frm)[2] = htole16(status);/* status */ 2301 2302 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) { 2303 ((uint16_t *)frm)[3] = 2304 htole16((IEEE80211_CHALLENGE_LEN << 8) | 2305 IEEE80211_ELEMID_CHALLENGE); 2306 memcpy(&((uint16_t *)frm)[4], ni->ni_challenge, 2307 IEEE80211_CHALLENGE_LEN); 2308 m->m_pkthdr.len = m->m_len = 2309 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN; 2310 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) { 2311 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni, 2312 "request encrypt frame (%s)", __func__); 2313 /* mark frame for encryption */ 2314 params.ibp_flags |= IEEE80211_BPF_CRYPTO; 2315 } 2316 } else 2317 m->m_pkthdr.len = m->m_len = 3 * sizeof(uint16_t); 2318 2319 /* XXX not right for shared key */ 2320 if (status == IEEE80211_STATUS_SUCCESS) 2321 IEEE80211_NODE_STAT(ni, tx_auth); 2322 else 2323 IEEE80211_NODE_STAT(ni, tx_auth_fail); 2324 2325 if (vap->iv_opmode == IEEE80211_M_STA) 2326 ieee80211_add_callback(m, ieee80211_tx_mgt_cb, 2327 (void *) vap->iv_state); 2328 break; 2329 2330 case IEEE80211_FC0_SUBTYPE_DEAUTH: 2331 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni, 2332 "send station deauthenticate (reason %d)", arg); 2333 m = ieee80211_getmgtframe(&frm, 2334 ic->ic_headroom + sizeof(struct ieee80211_frame), 2335 sizeof(uint16_t)); 2336 if (m == NULL) 2337 senderr(ENOMEM, is_tx_nobuf); 2338 *(uint16_t *)frm = htole16(arg); /* reason */ 2339 m->m_pkthdr.len = m->m_len = sizeof(uint16_t); 2340 2341 IEEE80211_NODE_STAT(ni, tx_deauth); 2342 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg); 2343 2344 ieee80211_node_unauthorize(ni); /* port closed */ 2345 break; 2346 2347 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 2348 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 2349 /* 2350 * asreq frame format 2351 * [2] capability information 2352 * [2] listen interval 2353 * [6*] current AP address (reassoc only) 2354 * [tlv] ssid 2355 * [tlv] supported rates 2356 * [tlv] extended supported rates 2357 * [4] power capability (optional) 2358 * [28] supported channels (optional) 2359 * [tlv] HT capabilities 2360 * [tlv] WME (optional) 2361 * [tlv] Vendor OUI HT capabilities (optional) 2362 * [tlv] Atheros capabilities (if negotiated) 2363 * [tlv] AppIE's (optional) 2364 */ 2365 m = ieee80211_getmgtframe(&frm, 2366 ic->ic_headroom + sizeof(struct ieee80211_frame), 2367 sizeof(uint16_t) 2368 + sizeof(uint16_t) 2369 + IEEE80211_ADDR_LEN 2370 + 2 + IEEE80211_NWID_LEN 2371 + 2 + IEEE80211_RATE_SIZE 2372 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2373 + 4 2374 + 2 + 26 2375 + sizeof(struct ieee80211_wme_info) 2376 + sizeof(struct ieee80211_ie_htcap) 2377 + 4 + sizeof(struct ieee80211_ie_htcap) 2378#ifdef IEEE80211_SUPPORT_SUPERG 2379 + sizeof(struct ieee80211_ath_ie) 2380#endif 2381 + (vap->iv_appie_wpa != NULL ? 2382 vap->iv_appie_wpa->ie_len : 0) 2383 + (vap->iv_appie_assocreq != NULL ? 2384 vap->iv_appie_assocreq->ie_len : 0) 2385 ); 2386 if (m == NULL) 2387 senderr(ENOMEM, is_tx_nobuf); 2388 2389 KASSERT(vap->iv_opmode == IEEE80211_M_STA, 2390 ("wrong mode %u", vap->iv_opmode)); 2391 capinfo = IEEE80211_CAPINFO_ESS; 2392 if (vap->iv_flags & IEEE80211_F_PRIVACY) 2393 capinfo |= IEEE80211_CAPINFO_PRIVACY; 2394 /* 2395 * NB: Some 11a AP's reject the request when 2396 * short premable is set. 2397 */ 2398 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 2399 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 2400 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 2401 if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan) && 2402 (ic->ic_caps & IEEE80211_C_SHSLOT)) 2403 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 2404 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) && 2405 (vap->iv_flags & IEEE80211_F_DOTH)) 2406 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT; 2407 *(uint16_t *)frm = htole16(capinfo); 2408 frm += 2; 2409 2410 KASSERT(bss->ni_intval != 0, ("beacon interval is zero!")); 2411 *(uint16_t *)frm = htole16(howmany(ic->ic_lintval, 2412 bss->ni_intval)); 2413 frm += 2; 2414 2415 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 2416 IEEE80211_ADDR_COPY(frm, bss->ni_bssid); 2417 frm += IEEE80211_ADDR_LEN; 2418 } 2419 2420 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 2421 frm = ieee80211_add_rates(frm, &ni->ni_rates); 2422 frm = ieee80211_add_rsn(frm, vap); 2423 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 2424 if (capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) { 2425 frm = ieee80211_add_powercapability(frm, 2426 ic->ic_curchan); 2427 frm = ieee80211_add_supportedchannels(frm, ic); 2428 } 2429 2430 /* 2431 * Check the channel - we may be using an 11n NIC with an 2432 * 11n capable station, but we're configured to be an 11b 2433 * channel. 2434 */ 2435 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) && 2436 IEEE80211_IS_CHAN_HT(ni->ni_chan) && 2437 ni->ni_ies.htcap_ie != NULL && 2438 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_HTCAP) { 2439 frm = ieee80211_add_htcap(frm, ni); 2440 } 2441 frm = ieee80211_add_wpa(frm, vap); 2442 if ((ic->ic_flags & IEEE80211_F_WME) && 2443 ni->ni_ies.wme_ie != NULL) 2444 frm = ieee80211_add_wme_info(frm, &ic->ic_wme); 2445 2446 /* 2447 * Same deal - only send HT info if we're on an 11n 2448 * capable channel. 2449 */ 2450 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) && 2451 IEEE80211_IS_CHAN_HT(ni->ni_chan) && 2452 ni->ni_ies.htcap_ie != NULL && 2453 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_VENDOR) { 2454 frm = ieee80211_add_htcap_vendor(frm, ni); 2455 } 2456#ifdef IEEE80211_SUPPORT_SUPERG 2457 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS)) { 2458 frm = ieee80211_add_ath(frm, 2459 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS), 2460 ((vap->iv_flags & IEEE80211_F_WPA) == 0 && 2461 ni->ni_authmode != IEEE80211_AUTH_8021X) ? 2462 vap->iv_def_txkey : IEEE80211_KEYIX_NONE); 2463 } 2464#endif /* IEEE80211_SUPPORT_SUPERG */ 2465 if (vap->iv_appie_assocreq != NULL) 2466 frm = add_appie(frm, vap->iv_appie_assocreq); 2467 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2468 2469 ieee80211_add_callback(m, ieee80211_tx_mgt_cb, 2470 (void *) vap->iv_state); 2471 break; 2472 2473 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 2474 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 2475 /* 2476 * asresp frame format 2477 * [2] capability information 2478 * [2] status 2479 * [2] association ID 2480 * [tlv] supported rates 2481 * [tlv] extended supported rates 2482 * [tlv] HT capabilities (standard, if STA enabled) 2483 * [tlv] HT information (standard, if STA enabled) 2484 * [tlv] WME (if configured and STA enabled) 2485 * [tlv] HT capabilities (vendor OUI, if STA enabled) 2486 * [tlv] HT information (vendor OUI, if STA enabled) 2487 * [tlv] Atheros capabilities (if STA enabled) 2488 * [tlv] AppIE's (optional) 2489 */ 2490 m = ieee80211_getmgtframe(&frm, 2491 ic->ic_headroom + sizeof(struct ieee80211_frame), 2492 sizeof(uint16_t) 2493 + sizeof(uint16_t) 2494 + sizeof(uint16_t) 2495 + 2 + IEEE80211_RATE_SIZE 2496 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2497 + sizeof(struct ieee80211_ie_htcap) + 4 2498 + sizeof(struct ieee80211_ie_htinfo) + 4 2499 + sizeof(struct ieee80211_wme_param) 2500#ifdef IEEE80211_SUPPORT_SUPERG 2501 + sizeof(struct ieee80211_ath_ie) 2502#endif 2503 + (vap->iv_appie_assocresp != NULL ? 2504 vap->iv_appie_assocresp->ie_len : 0) 2505 ); 2506 if (m == NULL) 2507 senderr(ENOMEM, is_tx_nobuf); 2508 2509 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan); 2510 *(uint16_t *)frm = htole16(capinfo); 2511 frm += 2; 2512 2513 *(uint16_t *)frm = htole16(arg); /* status */ 2514 frm += 2; 2515 2516 if (arg == IEEE80211_STATUS_SUCCESS) { 2517 *(uint16_t *)frm = htole16(ni->ni_associd); 2518 IEEE80211_NODE_STAT(ni, tx_assoc); 2519 } else 2520 IEEE80211_NODE_STAT(ni, tx_assoc_fail); 2521 frm += 2; 2522 2523 frm = ieee80211_add_rates(frm, &ni->ni_rates); 2524 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 2525 /* NB: respond according to what we received */ 2526 if ((ni->ni_flags & HTFLAGS) == IEEE80211_NODE_HT) { 2527 frm = ieee80211_add_htcap(frm, ni); 2528 frm = ieee80211_add_htinfo(frm, ni); 2529 } 2530 if ((vap->iv_flags & IEEE80211_F_WME) && 2531 ni->ni_ies.wme_ie != NULL) 2532 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 2533 if ((ni->ni_flags & HTFLAGS) == HTFLAGS) { 2534 frm = ieee80211_add_htcap_vendor(frm, ni); 2535 frm = ieee80211_add_htinfo_vendor(frm, ni); 2536 } 2537#ifdef IEEE80211_SUPPORT_SUPERG 2538 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS)) 2539 frm = ieee80211_add_ath(frm, 2540 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS), 2541 ((vap->iv_flags & IEEE80211_F_WPA) == 0 && 2542 ni->ni_authmode != IEEE80211_AUTH_8021X) ? 2543 vap->iv_def_txkey : IEEE80211_KEYIX_NONE); 2544#endif /* IEEE80211_SUPPORT_SUPERG */ 2545 if (vap->iv_appie_assocresp != NULL) 2546 frm = add_appie(frm, vap->iv_appie_assocresp); 2547 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2548 break; 2549 2550 case IEEE80211_FC0_SUBTYPE_DISASSOC: 2551 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2552 "send station disassociate (reason %d)", arg); 2553 m = ieee80211_getmgtframe(&frm, 2554 ic->ic_headroom + sizeof(struct ieee80211_frame), 2555 sizeof(uint16_t)); 2556 if (m == NULL) 2557 senderr(ENOMEM, is_tx_nobuf); 2558 *(uint16_t *)frm = htole16(arg); /* reason */ 2559 m->m_pkthdr.len = m->m_len = sizeof(uint16_t); 2560 2561 IEEE80211_NODE_STAT(ni, tx_disassoc); 2562 IEEE80211_NODE_STAT_SET(ni, tx_disassoc_code, arg); 2563 break; 2564 2565 default: 2566 IEEE80211_NOTE(vap, IEEE80211_MSG_ANY, ni, 2567 "invalid mgmt frame type %u", type); 2568 senderr(EINVAL, is_tx_unknownmgt); 2569 /* NOTREACHED */ 2570 } 2571 2572 /* NB: force non-ProbeResp frames to the highest queue */ 2573 params.ibp_pri = WME_AC_VO; 2574 params.ibp_rate0 = bss->ni_txparms->mgmtrate; 2575 /* NB: we know all frames are unicast */ 2576 params.ibp_try0 = bss->ni_txparms->maxretry; 2577 params.ibp_power = bss->ni_txpower; 2578 return ieee80211_mgmt_output(ni, m, type, ¶ms); 2579bad: 2580 ieee80211_free_node(ni); 2581 return ret; 2582#undef senderr 2583#undef HTFLAGS 2584} 2585 2586/* 2587 * Return an mbuf with a probe response frame in it. 2588 * Space is left to prepend and 802.11 header at the 2589 * front but it's left to the caller to fill in. 2590 */ 2591struct mbuf * 2592ieee80211_alloc_proberesp(struct ieee80211_node *bss, int legacy) 2593{ 2594 struct ieee80211vap *vap = bss->ni_vap; 2595 struct ieee80211com *ic = bss->ni_ic; 2596 const struct ieee80211_rateset *rs; 2597 struct mbuf *m; 2598 uint16_t capinfo; 2599 uint8_t *frm; 2600 2601 /* 2602 * probe response frame format 2603 * [8] time stamp 2604 * [2] beacon interval 2605 * [2] cabability information 2606 * [tlv] ssid 2607 * [tlv] supported rates 2608 * [tlv] parameter set (FH/DS) 2609 * [tlv] parameter set (IBSS) 2610 * [tlv] country (optional) 2611 * [3] power control (optional) 2612 * [5] channel switch announcement (CSA) (optional) 2613 * [tlv] extended rate phy (ERP) 2614 * [tlv] extended supported rates 2615 * [tlv] RSN (optional) 2616 * [tlv] HT capabilities 2617 * [tlv] HT information 2618 * [tlv] WPA (optional) 2619 * [tlv] WME (optional) 2620 * [tlv] Vendor OUI HT capabilities (optional) 2621 * [tlv] Vendor OUI HT information (optional) 2622 * [tlv] Atheros capabilities 2623 * [tlv] AppIE's (optional) 2624 * [tlv] Mesh ID (MBSS) 2625 * [tlv] Mesh Conf (MBSS) 2626 */ 2627 m = ieee80211_getmgtframe(&frm, 2628 ic->ic_headroom + sizeof(struct ieee80211_frame), 2629 8 2630 + sizeof(uint16_t) 2631 + sizeof(uint16_t) 2632 + 2 + IEEE80211_NWID_LEN 2633 + 2 + IEEE80211_RATE_SIZE 2634 + 7 /* max(7,3) */ 2635 + IEEE80211_COUNTRY_MAX_SIZE 2636 + 3 2637 + sizeof(struct ieee80211_csa_ie) 2638 + sizeof(struct ieee80211_quiet_ie) 2639 + 3 2640 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 2641 + sizeof(struct ieee80211_ie_wpa) 2642 + sizeof(struct ieee80211_ie_htcap) 2643 + sizeof(struct ieee80211_ie_htinfo) 2644 + sizeof(struct ieee80211_ie_wpa) 2645 + sizeof(struct ieee80211_wme_param) 2646 + 4 + sizeof(struct ieee80211_ie_htcap) 2647 + 4 + sizeof(struct ieee80211_ie_htinfo) 2648#ifdef IEEE80211_SUPPORT_SUPERG 2649 + sizeof(struct ieee80211_ath_ie) 2650#endif 2651#ifdef IEEE80211_SUPPORT_MESH 2652 + 2 + IEEE80211_MESHID_LEN 2653 + sizeof(struct ieee80211_meshconf_ie) 2654#endif 2655 + (vap->iv_appie_proberesp != NULL ? 2656 vap->iv_appie_proberesp->ie_len : 0) 2657 ); 2658 if (m == NULL) { 2659 vap->iv_stats.is_tx_nobuf++; 2660 return NULL; 2661 } 2662 2663 memset(frm, 0, 8); /* timestamp should be filled later */ 2664 frm += 8; 2665 *(uint16_t *)frm = htole16(bss->ni_intval); 2666 frm += 2; 2667 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan); 2668 *(uint16_t *)frm = htole16(capinfo); 2669 frm += 2; 2670 2671 frm = ieee80211_add_ssid(frm, bss->ni_essid, bss->ni_esslen); 2672 rs = ieee80211_get_suprates(ic, bss->ni_chan); 2673 frm = ieee80211_add_rates(frm, rs); 2674 2675 if (IEEE80211_IS_CHAN_FHSS(bss->ni_chan)) { 2676 *frm++ = IEEE80211_ELEMID_FHPARMS; 2677 *frm++ = 5; 2678 *frm++ = bss->ni_fhdwell & 0x00ff; 2679 *frm++ = (bss->ni_fhdwell >> 8) & 0x00ff; 2680 *frm++ = IEEE80211_FH_CHANSET( 2681 ieee80211_chan2ieee(ic, bss->ni_chan)); 2682 *frm++ = IEEE80211_FH_CHANPAT( 2683 ieee80211_chan2ieee(ic, bss->ni_chan)); 2684 *frm++ = bss->ni_fhindex; 2685 } else { 2686 *frm++ = IEEE80211_ELEMID_DSPARMS; 2687 *frm++ = 1; 2688 *frm++ = ieee80211_chan2ieee(ic, bss->ni_chan); 2689 } 2690 2691 if (vap->iv_opmode == IEEE80211_M_IBSS) { 2692 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 2693 *frm++ = 2; 2694 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */ 2695 } 2696 if ((vap->iv_flags & IEEE80211_F_DOTH) || 2697 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD)) 2698 frm = ieee80211_add_countryie(frm, ic); 2699 if (vap->iv_flags & IEEE80211_F_DOTH) { 2700 if (IEEE80211_IS_CHAN_5GHZ(bss->ni_chan)) 2701 frm = ieee80211_add_powerconstraint(frm, vap); 2702 if (ic->ic_flags & IEEE80211_F_CSAPENDING) 2703 frm = ieee80211_add_csa(frm, vap); 2704 } 2705 if (vap->iv_flags & IEEE80211_F_DOTH) { 2706 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) && 2707 (vap->iv_flags_ext & IEEE80211_FEXT_DFS)) { 2708 if (vap->iv_quiet) 2709 frm = ieee80211_add_quiet(frm, vap); 2710 } 2711 } 2712 if (IEEE80211_IS_CHAN_ANYG(bss->ni_chan)) 2713 frm = ieee80211_add_erp(frm, ic); 2714 frm = ieee80211_add_xrates(frm, rs); 2715 frm = ieee80211_add_rsn(frm, vap); 2716 /* 2717 * NB: legacy 11b clients do not get certain ie's. 2718 * The caller identifies such clients by passing 2719 * a token in legacy to us. Could expand this to be 2720 * any legacy client for stuff like HT ie's. 2721 */ 2722 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) && 2723 legacy != IEEE80211_SEND_LEGACY_11B) { 2724 frm = ieee80211_add_htcap(frm, bss); 2725 frm = ieee80211_add_htinfo(frm, bss); 2726 } 2727 frm = ieee80211_add_wpa(frm, vap); 2728 if (vap->iv_flags & IEEE80211_F_WME) 2729 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 2730 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) && 2731 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT) && 2732 legacy != IEEE80211_SEND_LEGACY_11B) { 2733 frm = ieee80211_add_htcap_vendor(frm, bss); 2734 frm = ieee80211_add_htinfo_vendor(frm, bss); 2735 } 2736#ifdef IEEE80211_SUPPORT_SUPERG 2737 if ((vap->iv_flags & IEEE80211_F_ATHEROS) && 2738 legacy != IEEE80211_SEND_LEGACY_11B) 2739 frm = ieee80211_add_athcaps(frm, bss); 2740#endif 2741 if (vap->iv_appie_proberesp != NULL) 2742 frm = add_appie(frm, vap->iv_appie_proberesp); 2743#ifdef IEEE80211_SUPPORT_MESH 2744 if (vap->iv_opmode == IEEE80211_M_MBSS) { 2745 frm = ieee80211_add_meshid(frm, vap); 2746 frm = ieee80211_add_meshconf(frm, vap); 2747 } 2748#endif 2749 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 2750 2751 return m; 2752} 2753 2754/* 2755 * Send a probe response frame to the specified mac address. 2756 * This does not go through the normal mgt frame api so we 2757 * can specify the destination address and re-use the bss node 2758 * for the sta reference. 2759 */ 2760int 2761ieee80211_send_proberesp(struct ieee80211vap *vap, 2762 const uint8_t da[IEEE80211_ADDR_LEN], int legacy) 2763{ 2764 struct ieee80211_node *bss = vap->iv_bss; 2765 struct ieee80211com *ic = vap->iv_ic; 2766 struct ieee80211_frame *wh; 2767 struct mbuf *m; 2768 int ret; 2769 2770 if (vap->iv_state == IEEE80211_S_CAC) { 2771 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, bss, 2772 "block %s frame in CAC state", "probe response"); 2773 vap->iv_stats.is_tx_badstate++; 2774 return EIO; /* XXX */ 2775 } 2776 2777 /* 2778 * Hold a reference on the node so it doesn't go away until after 2779 * the xmit is complete all the way in the driver. On error we 2780 * will remove our reference. 2781 */ 2782 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 2783 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 2784 __func__, __LINE__, bss, ether_sprintf(bss->ni_macaddr), 2785 ieee80211_node_refcnt(bss)+1); 2786 ieee80211_ref_node(bss); 2787 2788 m = ieee80211_alloc_proberesp(bss, legacy); 2789 if (m == NULL) { 2790 ieee80211_free_node(bss); 2791 return ENOMEM; 2792 } 2793 2794 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 2795 KASSERT(m != NULL, ("no room for header")); 2796 2797 IEEE80211_TX_LOCK(ic); 2798 wh = mtod(m, struct ieee80211_frame *); 2799 ieee80211_send_setup(bss, m, 2800 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP, 2801 IEEE80211_NONQOS_TID, vap->iv_myaddr, da, bss->ni_bssid); 2802 /* XXX power management? */ 2803 m->m_flags |= M_ENCAP; /* mark encapsulated */ 2804 2805 M_WME_SETAC(m, WME_AC_BE); 2806 2807 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, 2808 "send probe resp on channel %u to %s%s\n", 2809 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(da), 2810 legacy ? " <legacy>" : ""); 2811 IEEE80211_NODE_STAT(bss, tx_mgmt); 2812 2813 ret = ieee80211_raw_output(vap, bss, m, NULL); 2814 IEEE80211_TX_UNLOCK(ic); 2815 return (ret); 2816} 2817 2818/* 2819 * Allocate and build a RTS (Request To Send) control frame. 2820 */ 2821struct mbuf * 2822ieee80211_alloc_rts(struct ieee80211com *ic, 2823 const uint8_t ra[IEEE80211_ADDR_LEN], 2824 const uint8_t ta[IEEE80211_ADDR_LEN], 2825 uint16_t dur) 2826{ 2827 struct ieee80211_frame_rts *rts; 2828 struct mbuf *m; 2829 2830 /* XXX honor ic_headroom */ 2831 m = m_gethdr(M_NOWAIT, MT_DATA); 2832 if (m != NULL) { 2833 rts = mtod(m, struct ieee80211_frame_rts *); 2834 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | 2835 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_RTS; 2836 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2837 *(u_int16_t *)rts->i_dur = htole16(dur); 2838 IEEE80211_ADDR_COPY(rts->i_ra, ra); 2839 IEEE80211_ADDR_COPY(rts->i_ta, ta); 2840 2841 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); 2842 } 2843 return m; 2844} 2845 2846/* 2847 * Allocate and build a CTS (Clear To Send) control frame. 2848 */ 2849struct mbuf * 2850ieee80211_alloc_cts(struct ieee80211com *ic, 2851 const uint8_t ra[IEEE80211_ADDR_LEN], uint16_t dur) 2852{ 2853 struct ieee80211_frame_cts *cts; 2854 struct mbuf *m; 2855 2856 /* XXX honor ic_headroom */ 2857 m = m_gethdr(M_NOWAIT, MT_DATA); 2858 if (m != NULL) { 2859 cts = mtod(m, struct ieee80211_frame_cts *); 2860 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | 2861 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_CTS; 2862 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2863 *(u_int16_t *)cts->i_dur = htole16(dur); 2864 IEEE80211_ADDR_COPY(cts->i_ra, ra); 2865 2866 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); 2867 } 2868 return m; 2869} 2870 2871static void 2872ieee80211_tx_mgt_timeout(void *arg) 2873{ 2874 struct ieee80211vap *vap = arg; 2875 2876 IEEE80211_LOCK(vap->iv_ic); 2877 if (vap->iv_state != IEEE80211_S_INIT && 2878 (vap->iv_ic->ic_flags & IEEE80211_F_SCAN) == 0) { 2879 /* 2880 * NB: it's safe to specify a timeout as the reason here; 2881 * it'll only be used in the right state. 2882 */ 2883 ieee80211_new_state_locked(vap, IEEE80211_S_SCAN, 2884 IEEE80211_SCAN_FAIL_TIMEOUT); 2885 } 2886 IEEE80211_UNLOCK(vap->iv_ic); 2887} 2888 2889/* 2890 * This is the callback set on net80211-sourced transmitted 2891 * authentication request frames. 2892 * 2893 * This does a couple of things: 2894 * 2895 * + If the frame transmitted was a success, it schedules a future 2896 * event which will transition the interface to scan. 2897 * If a state transition _then_ occurs before that event occurs, 2898 * said state transition will cancel this callout. 2899 * 2900 * + If the frame transmit was a failure, it immediately schedules 2901 * the transition back to scan. 2902 */ 2903static void 2904ieee80211_tx_mgt_cb(struct ieee80211_node *ni, void *arg, int status) 2905{ 2906 struct ieee80211vap *vap = ni->ni_vap; 2907 enum ieee80211_state ostate = (enum ieee80211_state) arg; 2908 2909 /* 2910 * Frame transmit completed; arrange timer callback. If 2911 * transmit was successfuly we wait for response. Otherwise 2912 * we arrange an immediate callback instead of doing the 2913 * callback directly since we don't know what state the driver 2914 * is in (e.g. what locks it is holding). This work should 2915 * not be too time-critical and not happen too often so the 2916 * added overhead is acceptable. 2917 * 2918 * XXX what happens if !acked but response shows up before callback? 2919 */ 2920 if (vap->iv_state == ostate) { 2921 callout_reset(&vap->iv_mgtsend, 2922 status == 0 ? IEEE80211_TRANS_WAIT*hz : 0, 2923 ieee80211_tx_mgt_timeout, vap); 2924 } 2925} 2926 2927static void 2928ieee80211_beacon_construct(struct mbuf *m, uint8_t *frm, 2929 struct ieee80211_node *ni) 2930{ 2931 struct ieee80211vap *vap = ni->ni_vap; 2932 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 2933 struct ieee80211com *ic = ni->ni_ic; 2934 struct ieee80211_rateset *rs = &ni->ni_rates; 2935 uint16_t capinfo; 2936 2937 /* 2938 * beacon frame format 2939 * [8] time stamp 2940 * [2] beacon interval 2941 * [2] cabability information 2942 * [tlv] ssid 2943 * [tlv] supported rates 2944 * [3] parameter set (DS) 2945 * [8] CF parameter set (optional) 2946 * [tlv] parameter set (IBSS/TIM) 2947 * [tlv] country (optional) 2948 * [3] power control (optional) 2949 * [5] channel switch announcement (CSA) (optional) 2950 * [tlv] extended rate phy (ERP) 2951 * [tlv] extended supported rates 2952 * [tlv] RSN parameters 2953 * [tlv] HT capabilities 2954 * [tlv] HT information 2955 * XXX Vendor-specific OIDs (e.g. Atheros) 2956 * [tlv] WPA parameters 2957 * [tlv] WME parameters 2958 * [tlv] Vendor OUI HT capabilities (optional) 2959 * [tlv] Vendor OUI HT information (optional) 2960 * [tlv] Atheros capabilities (optional) 2961 * [tlv] TDMA parameters (optional) 2962 * [tlv] Mesh ID (MBSS) 2963 * [tlv] Mesh Conf (MBSS) 2964 * [tlv] application data (optional) 2965 */ 2966 2967 memset(bo, 0, sizeof(*bo)); 2968 2969 memset(frm, 0, 8); /* XXX timestamp is set by hardware/driver */ 2970 frm += 8; 2971 *(uint16_t *)frm = htole16(ni->ni_intval); 2972 frm += 2; 2973 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan); 2974 bo->bo_caps = (uint16_t *)frm; 2975 *(uint16_t *)frm = htole16(capinfo); 2976 frm += 2; 2977 *frm++ = IEEE80211_ELEMID_SSID; 2978 if ((vap->iv_flags & IEEE80211_F_HIDESSID) == 0) { 2979 *frm++ = ni->ni_esslen; 2980 memcpy(frm, ni->ni_essid, ni->ni_esslen); 2981 frm += ni->ni_esslen; 2982 } else 2983 *frm++ = 0; 2984 frm = ieee80211_add_rates(frm, rs); 2985 if (!IEEE80211_IS_CHAN_FHSS(ni->ni_chan)) { 2986 *frm++ = IEEE80211_ELEMID_DSPARMS; 2987 *frm++ = 1; 2988 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 2989 } 2990 if (ic->ic_flags & IEEE80211_F_PCF) { 2991 bo->bo_cfp = frm; 2992 frm = ieee80211_add_cfparms(frm, ic); 2993 } 2994 bo->bo_tim = frm; 2995 if (vap->iv_opmode == IEEE80211_M_IBSS) { 2996 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 2997 *frm++ = 2; 2998 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */ 2999 bo->bo_tim_len = 0; 3000 } else if (vap->iv_opmode == IEEE80211_M_HOSTAP || 3001 vap->iv_opmode == IEEE80211_M_MBSS) { 3002 /* TIM IE is the same for Mesh and Hostap */ 3003 struct ieee80211_tim_ie *tie = (struct ieee80211_tim_ie *) frm; 3004 3005 tie->tim_ie = IEEE80211_ELEMID_TIM; 3006 tie->tim_len = 4; /* length */ 3007 tie->tim_count = 0; /* DTIM count */ 3008 tie->tim_period = vap->iv_dtim_period; /* DTIM period */ 3009 tie->tim_bitctl = 0; /* bitmap control */ 3010 tie->tim_bitmap[0] = 0; /* Partial Virtual Bitmap */ 3011 frm += sizeof(struct ieee80211_tim_ie); 3012 bo->bo_tim_len = 1; 3013 } 3014 bo->bo_tim_trailer = frm; 3015 if ((vap->iv_flags & IEEE80211_F_DOTH) || 3016 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD)) 3017 frm = ieee80211_add_countryie(frm, ic); 3018 if (vap->iv_flags & IEEE80211_F_DOTH) { 3019 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) 3020 frm = ieee80211_add_powerconstraint(frm, vap); 3021 bo->bo_csa = frm; 3022 if (ic->ic_flags & IEEE80211_F_CSAPENDING) 3023 frm = ieee80211_add_csa(frm, vap); 3024 } else 3025 bo->bo_csa = frm; 3026 3027 if (vap->iv_flags & IEEE80211_F_DOTH) { 3028 bo->bo_quiet = frm; 3029 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) && 3030 (vap->iv_flags_ext & IEEE80211_FEXT_DFS)) { 3031 if (vap->iv_quiet) 3032 frm = ieee80211_add_quiet(frm,vap); 3033 } 3034 } else 3035 bo->bo_quiet = frm; 3036 3037 if (IEEE80211_IS_CHAN_ANYG(ni->ni_chan)) { 3038 bo->bo_erp = frm; 3039 frm = ieee80211_add_erp(frm, ic); 3040 } 3041 frm = ieee80211_add_xrates(frm, rs); 3042 frm = ieee80211_add_rsn(frm, vap); 3043 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) { 3044 frm = ieee80211_add_htcap(frm, ni); 3045 bo->bo_htinfo = frm; 3046 frm = ieee80211_add_htinfo(frm, ni); 3047 } 3048 frm = ieee80211_add_wpa(frm, vap); 3049 if (vap->iv_flags & IEEE80211_F_WME) { 3050 bo->bo_wme = frm; 3051 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 3052 } 3053 if (IEEE80211_IS_CHAN_HT(ni->ni_chan) && 3054 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT)) { 3055 frm = ieee80211_add_htcap_vendor(frm, ni); 3056 frm = ieee80211_add_htinfo_vendor(frm, ni); 3057 } 3058#ifdef IEEE80211_SUPPORT_SUPERG 3059 if (vap->iv_flags & IEEE80211_F_ATHEROS) { 3060 bo->bo_ath = frm; 3061 frm = ieee80211_add_athcaps(frm, ni); 3062 } 3063#endif 3064#ifdef IEEE80211_SUPPORT_TDMA 3065 if (vap->iv_caps & IEEE80211_C_TDMA) { 3066 bo->bo_tdma = frm; 3067 frm = ieee80211_add_tdma(frm, vap); 3068 } 3069#endif 3070 if (vap->iv_appie_beacon != NULL) { 3071 bo->bo_appie = frm; 3072 bo->bo_appie_len = vap->iv_appie_beacon->ie_len; 3073 frm = add_appie(frm, vap->iv_appie_beacon); 3074 } 3075#ifdef IEEE80211_SUPPORT_MESH 3076 if (vap->iv_opmode == IEEE80211_M_MBSS) { 3077 frm = ieee80211_add_meshid(frm, vap); 3078 bo->bo_meshconf = frm; 3079 frm = ieee80211_add_meshconf(frm, vap); 3080 } 3081#endif 3082 bo->bo_tim_trailer_len = frm - bo->bo_tim_trailer; 3083 bo->bo_csa_trailer_len = frm - bo->bo_csa; 3084 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *); 3085} 3086 3087/* 3088 * Allocate a beacon frame and fillin the appropriate bits. 3089 */ 3090struct mbuf * 3091ieee80211_beacon_alloc(struct ieee80211_node *ni) 3092{ 3093 struct ieee80211vap *vap = ni->ni_vap; 3094 struct ieee80211com *ic = ni->ni_ic; 3095 struct ifnet *ifp = vap->iv_ifp; 3096 struct ieee80211_frame *wh; 3097 struct mbuf *m; 3098 int pktlen; 3099 uint8_t *frm; 3100 3101 /* 3102 * beacon frame format 3103 * [8] time stamp 3104 * [2] beacon interval 3105 * [2] cabability information 3106 * [tlv] ssid 3107 * [tlv] supported rates 3108 * [3] parameter set (DS) 3109 * [8] CF parameter set (optional) 3110 * [tlv] parameter set (IBSS/TIM) 3111 * [tlv] country (optional) 3112 * [3] power control (optional) 3113 * [5] channel switch announcement (CSA) (optional) 3114 * [tlv] extended rate phy (ERP) 3115 * [tlv] extended supported rates 3116 * [tlv] RSN parameters 3117 * [tlv] HT capabilities 3118 * [tlv] HT information 3119 * [tlv] Vendor OUI HT capabilities (optional) 3120 * [tlv] Vendor OUI HT information (optional) 3121 * XXX Vendor-specific OIDs (e.g. Atheros) 3122 * [tlv] WPA parameters 3123 * [tlv] WME parameters 3124 * [tlv] TDMA parameters (optional) 3125 * [tlv] Mesh ID (MBSS) 3126 * [tlv] Mesh Conf (MBSS) 3127 * [tlv] application data (optional) 3128 * NB: we allocate the max space required for the TIM bitmap. 3129 * XXX how big is this? 3130 */ 3131 pktlen = 8 /* time stamp */ 3132 + sizeof(uint16_t) /* beacon interval */ 3133 + sizeof(uint16_t) /* capabilities */ 3134 + 2 + ni->ni_esslen /* ssid */ 3135 + 2 + IEEE80211_RATE_SIZE /* supported rates */ 3136 + 2 + 1 /* DS parameters */ 3137 + 2 + 6 /* CF parameters */ 3138 + 2 + 4 + vap->iv_tim_len /* DTIM/IBSSPARMS */ 3139 + IEEE80211_COUNTRY_MAX_SIZE /* country */ 3140 + 2 + 1 /* power control */ 3141 + sizeof(struct ieee80211_csa_ie) /* CSA */ 3142 + sizeof(struct ieee80211_quiet_ie) /* Quiet */ 3143 + 2 + 1 /* ERP */ 3144 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 3145 + (vap->iv_caps & IEEE80211_C_WPA ? /* WPA 1+2 */ 3146 2*sizeof(struct ieee80211_ie_wpa) : 0) 3147 /* XXX conditional? */ 3148 + 4+2*sizeof(struct ieee80211_ie_htcap)/* HT caps */ 3149 + 4+2*sizeof(struct ieee80211_ie_htinfo)/* HT info */ 3150 + (vap->iv_caps & IEEE80211_C_WME ? /* WME */ 3151 sizeof(struct ieee80211_wme_param) : 0) 3152#ifdef IEEE80211_SUPPORT_SUPERG 3153 + sizeof(struct ieee80211_ath_ie) /* ATH */ 3154#endif 3155#ifdef IEEE80211_SUPPORT_TDMA 3156 + (vap->iv_caps & IEEE80211_C_TDMA ? /* TDMA */ 3157 sizeof(struct ieee80211_tdma_param) : 0) 3158#endif 3159#ifdef IEEE80211_SUPPORT_MESH 3160 + 2 + ni->ni_meshidlen 3161 + sizeof(struct ieee80211_meshconf_ie) 3162#endif 3163 + IEEE80211_MAX_APPIE 3164 ; 3165 m = ieee80211_getmgtframe(&frm, 3166 ic->ic_headroom + sizeof(struct ieee80211_frame), pktlen); 3167 if (m == NULL) { 3168 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY, 3169 "%s: cannot get buf; size %u\n", __func__, pktlen); 3170 vap->iv_stats.is_tx_nobuf++; 3171 return NULL; 3172 } 3173 ieee80211_beacon_construct(m, frm, ni); 3174 3175 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT); 3176 KASSERT(m != NULL, ("no space for 802.11 header?")); 3177 wh = mtod(m, struct ieee80211_frame *); 3178 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 3179 IEEE80211_FC0_SUBTYPE_BEACON; 3180 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 3181 *(uint16_t *)wh->i_dur = 0; 3182 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 3183 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr); 3184 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 3185 *(uint16_t *)wh->i_seq = 0; 3186 3187 return m; 3188} 3189 3190/* 3191 * Update the dynamic parts of a beacon frame based on the current state. 3192 */ 3193int 3194ieee80211_beacon_update(struct ieee80211_node *ni, struct mbuf *m, int mcast) 3195{ 3196 struct ieee80211vap *vap = ni->ni_vap; 3197 struct ieee80211_beacon_offsets *bo = &vap->iv_bcn_off; 3198 struct ieee80211com *ic = ni->ni_ic; 3199 int len_changed = 0; 3200 uint16_t capinfo; 3201 struct ieee80211_frame *wh; 3202 ieee80211_seq seqno; 3203 3204 IEEE80211_LOCK(ic); 3205 /* 3206 * Handle 11h channel change when we've reached the count. 3207 * We must recalculate the beacon frame contents to account 3208 * for the new channel. Note we do this only for the first 3209 * vap that reaches this point; subsequent vaps just update 3210 * their beacon state to reflect the recalculated channel. 3211 */ 3212 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA) && 3213 vap->iv_csa_count == ic->ic_csa_count) { 3214 vap->iv_csa_count = 0; 3215 /* 3216 * Effect channel change before reconstructing the beacon 3217 * frame contents as many places reference ni_chan. 3218 */ 3219 if (ic->ic_csa_newchan != NULL) 3220 ieee80211_csa_completeswitch(ic); 3221 /* 3222 * NB: ieee80211_beacon_construct clears all pending 3223 * updates in bo_flags so we don't need to explicitly 3224 * clear IEEE80211_BEACON_CSA. 3225 */ 3226 ieee80211_beacon_construct(m, 3227 mtod(m, uint8_t*) + sizeof(struct ieee80211_frame), ni); 3228 3229 /* XXX do WME aggressive mode processing? */ 3230 IEEE80211_UNLOCK(ic); 3231 return 1; /* just assume length changed */ 3232 } 3233 3234 wh = mtod(m, struct ieee80211_frame *); 3235 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++; 3236 *(uint16_t *)&wh->i_seq[0] = 3237 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 3238 M_SEQNO_SET(m, seqno); 3239 3240 /* XXX faster to recalculate entirely or just changes? */ 3241 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan); 3242 *bo->bo_caps = htole16(capinfo); 3243 3244 if (vap->iv_flags & IEEE80211_F_WME) { 3245 struct ieee80211_wme_state *wme = &ic->ic_wme; 3246 3247 /* 3248 * Check for agressive mode change. When there is 3249 * significant high priority traffic in the BSS 3250 * throttle back BE traffic by using conservative 3251 * parameters. Otherwise BE uses agressive params 3252 * to optimize performance of legacy/non-QoS traffic. 3253 */ 3254 if (wme->wme_flags & WME_F_AGGRMODE) { 3255 if (wme->wme_hipri_traffic > 3256 wme->wme_hipri_switch_thresh) { 3257 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME, 3258 "%s: traffic %u, disable aggressive mode\n", 3259 __func__, wme->wme_hipri_traffic); 3260 wme->wme_flags &= ~WME_F_AGGRMODE; 3261 ieee80211_wme_updateparams_locked(vap); 3262 wme->wme_hipri_traffic = 3263 wme->wme_hipri_switch_hysteresis; 3264 } else 3265 wme->wme_hipri_traffic = 0; 3266 } else { 3267 if (wme->wme_hipri_traffic <= 3268 wme->wme_hipri_switch_thresh) { 3269 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME, 3270 "%s: traffic %u, enable aggressive mode\n", 3271 __func__, wme->wme_hipri_traffic); 3272 wme->wme_flags |= WME_F_AGGRMODE; 3273 ieee80211_wme_updateparams_locked(vap); 3274 wme->wme_hipri_traffic = 0; 3275 } else 3276 wme->wme_hipri_traffic = 3277 wme->wme_hipri_switch_hysteresis; 3278 } 3279 if (isset(bo->bo_flags, IEEE80211_BEACON_WME)) { 3280 (void) ieee80211_add_wme_param(bo->bo_wme, wme); 3281 clrbit(bo->bo_flags, IEEE80211_BEACON_WME); 3282 } 3283 } 3284 3285 if (isset(bo->bo_flags, IEEE80211_BEACON_HTINFO)) { 3286 ieee80211_ht_update_beacon(vap, bo); 3287 clrbit(bo->bo_flags, IEEE80211_BEACON_HTINFO); 3288 } 3289#ifdef IEEE80211_SUPPORT_TDMA 3290 if (vap->iv_caps & IEEE80211_C_TDMA) { 3291 /* 3292 * NB: the beacon is potentially updated every TBTT. 3293 */ 3294 ieee80211_tdma_update_beacon(vap, bo); 3295 } 3296#endif 3297#ifdef IEEE80211_SUPPORT_MESH 3298 if (vap->iv_opmode == IEEE80211_M_MBSS) 3299 ieee80211_mesh_update_beacon(vap, bo); 3300#endif 3301 3302 if (vap->iv_opmode == IEEE80211_M_HOSTAP || 3303 vap->iv_opmode == IEEE80211_M_MBSS) { /* NB: no IBSS support*/ 3304 struct ieee80211_tim_ie *tie = 3305 (struct ieee80211_tim_ie *) bo->bo_tim; 3306 if (isset(bo->bo_flags, IEEE80211_BEACON_TIM)) { 3307 u_int timlen, timoff, i; 3308 /* 3309 * ATIM/DTIM needs updating. If it fits in the 3310 * current space allocated then just copy in the 3311 * new bits. Otherwise we need to move any trailing 3312 * data to make room. Note that we know there is 3313 * contiguous space because ieee80211_beacon_allocate 3314 * insures there is space in the mbuf to write a 3315 * maximal-size virtual bitmap (based on iv_max_aid). 3316 */ 3317 /* 3318 * Calculate the bitmap size and offset, copy any 3319 * trailer out of the way, and then copy in the 3320 * new bitmap and update the information element. 3321 * Note that the tim bitmap must contain at least 3322 * one byte and any offset must be even. 3323 */ 3324 if (vap->iv_ps_pending != 0) { 3325 timoff = 128; /* impossibly large */ 3326 for (i = 0; i < vap->iv_tim_len; i++) 3327 if (vap->iv_tim_bitmap[i]) { 3328 timoff = i &~ 1; 3329 break; 3330 } 3331 KASSERT(timoff != 128, ("tim bitmap empty!")); 3332 for (i = vap->iv_tim_len-1; i >= timoff; i--) 3333 if (vap->iv_tim_bitmap[i]) 3334 break; 3335 timlen = 1 + (i - timoff); 3336 } else { 3337 timoff = 0; 3338 timlen = 1; 3339 } 3340 if (timlen != bo->bo_tim_len) { 3341 /* copy up/down trailer */ 3342 int adjust = tie->tim_bitmap+timlen 3343 - bo->bo_tim_trailer; 3344 ovbcopy(bo->bo_tim_trailer, 3345 bo->bo_tim_trailer+adjust, 3346 bo->bo_tim_trailer_len); 3347 bo->bo_tim_trailer += adjust; 3348 bo->bo_erp += adjust; 3349 bo->bo_htinfo += adjust; 3350#ifdef IEEE80211_SUPPORT_SUPERG 3351 bo->bo_ath += adjust; 3352#endif 3353#ifdef IEEE80211_SUPPORT_TDMA 3354 bo->bo_tdma += adjust; 3355#endif 3356#ifdef IEEE80211_SUPPORT_MESH 3357 bo->bo_meshconf += adjust; 3358#endif 3359 bo->bo_appie += adjust; 3360 bo->bo_wme += adjust; 3361 bo->bo_csa += adjust; 3362 bo->bo_quiet += adjust; 3363 bo->bo_tim_len = timlen; 3364 3365 /* update information element */ 3366 tie->tim_len = 3 + timlen; 3367 tie->tim_bitctl = timoff; 3368 len_changed = 1; 3369 } 3370 memcpy(tie->tim_bitmap, vap->iv_tim_bitmap + timoff, 3371 bo->bo_tim_len); 3372 3373 clrbit(bo->bo_flags, IEEE80211_BEACON_TIM); 3374 3375 IEEE80211_DPRINTF(vap, IEEE80211_MSG_POWER, 3376 "%s: TIM updated, pending %u, off %u, len %u\n", 3377 __func__, vap->iv_ps_pending, timoff, timlen); 3378 } 3379 /* count down DTIM period */ 3380 if (tie->tim_count == 0) 3381 tie->tim_count = tie->tim_period - 1; 3382 else 3383 tie->tim_count--; 3384 /* update state for buffered multicast frames on DTIM */ 3385 if (mcast && tie->tim_count == 0) 3386 tie->tim_bitctl |= 1; 3387 else 3388 tie->tim_bitctl &= ~1; 3389 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA)) { 3390 struct ieee80211_csa_ie *csa = 3391 (struct ieee80211_csa_ie *) bo->bo_csa; 3392 3393 /* 3394 * Insert or update CSA ie. If we're just starting 3395 * to count down to the channel switch then we need 3396 * to insert the CSA ie. Otherwise we just need to 3397 * drop the count. The actual change happens above 3398 * when the vap's count reaches the target count. 3399 */ 3400 if (vap->iv_csa_count == 0) { 3401 memmove(&csa[1], csa, bo->bo_csa_trailer_len); 3402 bo->bo_erp += sizeof(*csa); 3403 bo->bo_htinfo += sizeof(*csa); 3404 bo->bo_wme += sizeof(*csa); 3405#ifdef IEEE80211_SUPPORT_SUPERG 3406 bo->bo_ath += sizeof(*csa); 3407#endif 3408#ifdef IEEE80211_SUPPORT_TDMA 3409 bo->bo_tdma += sizeof(*csa); 3410#endif 3411#ifdef IEEE80211_SUPPORT_MESH 3412 bo->bo_meshconf += sizeof(*csa); 3413#endif 3414 bo->bo_appie += sizeof(*csa); 3415 bo->bo_csa_trailer_len += sizeof(*csa); 3416 bo->bo_quiet += sizeof(*csa); 3417 bo->bo_tim_trailer_len += sizeof(*csa); 3418 m->m_len += sizeof(*csa); 3419 m->m_pkthdr.len += sizeof(*csa); 3420 3421 ieee80211_add_csa(bo->bo_csa, vap); 3422 } else 3423 csa->csa_count--; 3424 vap->iv_csa_count++; 3425 /* NB: don't clear IEEE80211_BEACON_CSA */ 3426 } 3427 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) && 3428 (vap->iv_flags_ext & IEEE80211_FEXT_DFS) ){ 3429 if (vap->iv_quiet) 3430 ieee80211_add_quiet(bo->bo_quiet, vap); 3431 } 3432 if (isset(bo->bo_flags, IEEE80211_BEACON_ERP)) { 3433 /* 3434 * ERP element needs updating. 3435 */ 3436 (void) ieee80211_add_erp(bo->bo_erp, ic); 3437 clrbit(bo->bo_flags, IEEE80211_BEACON_ERP); 3438 } 3439#ifdef IEEE80211_SUPPORT_SUPERG 3440 if (isset(bo->bo_flags, IEEE80211_BEACON_ATH)) { 3441 ieee80211_add_athcaps(bo->bo_ath, ni); 3442 clrbit(bo->bo_flags, IEEE80211_BEACON_ATH); 3443 } 3444#endif 3445 } 3446 if (isset(bo->bo_flags, IEEE80211_BEACON_APPIE)) { 3447 const struct ieee80211_appie *aie = vap->iv_appie_beacon; 3448 int aielen; 3449 uint8_t *frm; 3450 3451 aielen = 0; 3452 if (aie != NULL) 3453 aielen += aie->ie_len; 3454 if (aielen != bo->bo_appie_len) { 3455 /* copy up/down trailer */ 3456 int adjust = aielen - bo->bo_appie_len; 3457 ovbcopy(bo->bo_tim_trailer, bo->bo_tim_trailer+adjust, 3458 bo->bo_tim_trailer_len); 3459 bo->bo_tim_trailer += adjust; 3460 bo->bo_appie += adjust; 3461 bo->bo_appie_len = aielen; 3462 3463 len_changed = 1; 3464 } 3465 frm = bo->bo_appie; 3466 if (aie != NULL) 3467 frm = add_appie(frm, aie); 3468 clrbit(bo->bo_flags, IEEE80211_BEACON_APPIE); 3469 } 3470 IEEE80211_UNLOCK(ic); 3471 3472 return len_changed; 3473} 3474 3475/* 3476 * Do Ethernet-LLC encapsulation for each payload in a fast frame 3477 * tunnel encapsulation. The frame is assumed to have an Ethernet 3478 * header at the front that must be stripped before prepending the 3479 * LLC followed by the Ethernet header passed in (with an Ethernet 3480 * type that specifies the payload size). 3481 */ 3482struct mbuf * 3483ieee80211_ff_encap1(struct ieee80211vap *vap, struct mbuf *m, 3484 const struct ether_header *eh) 3485{ 3486 struct llc *llc; 3487 uint16_t payload; 3488 3489 /* XXX optimize by combining m_adj+M_PREPEND */ 3490 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc)); 3491 llc = mtod(m, struct llc *); 3492 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 3493 llc->llc_control = LLC_UI; 3494 llc->llc_snap.org_code[0] = 0; 3495 llc->llc_snap.org_code[1] = 0; 3496 llc->llc_snap.org_code[2] = 0; 3497 llc->llc_snap.ether_type = eh->ether_type; 3498 payload = m->m_pkthdr.len; /* NB: w/o Ethernet header */ 3499 3500 M_PREPEND(m, sizeof(struct ether_header), M_NOWAIT); 3501 if (m == NULL) { /* XXX cannot happen */ 3502 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG, 3503 "%s: no space for ether_header\n", __func__); 3504 vap->iv_stats.is_tx_nobuf++; 3505 return NULL; 3506 } 3507 ETHER_HEADER_COPY(mtod(m, void *), eh); 3508 mtod(m, struct ether_header *)->ether_type = htons(payload); 3509 return m; 3510} 3511 3512/* 3513 * Complete an mbuf transmission. 3514 * 3515 * For now, this simply processes a completed frame after the 3516 * driver has completed it's transmission and/or retransmission. 3517 * It assumes the frame is an 802.11 encapsulated frame. 3518 * 3519 * Later on it will grow to become the exit path for a given frame 3520 * from the driver and, depending upon how it's been encapsulated 3521 * and already transmitted, it may end up doing A-MPDU retransmission, 3522 * power save requeuing, etc. 3523 * 3524 * In order for the above to work, the driver entry point to this 3525 * must not hold any driver locks. Thus, the driver needs to delay 3526 * any actual mbuf completion until it can release said locks. 3527 * 3528 * This frees the mbuf and if the mbuf has a node reference, 3529 * the node reference will be freed. 3530 */ 3531void 3532ieee80211_tx_complete(struct ieee80211_node *ni, struct mbuf *m, int status) 3533{ 3534 3535 if (ni != NULL) { 3536 struct ifnet *ifp = ni->ni_vap->iv_ifp; 3537 3538 if (status == 0) { 3539 if_inc_counter(ifp, IFCOUNTER_OBYTES, m->m_pkthdr.len); 3540 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 3541 if (m->m_flags & M_MCAST) 3542 if_inc_counter(ifp, IFCOUNTER_OMCASTS, 1); 3543 } else 3544 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 3545 if (m->m_flags & M_TXCB) 3546 ieee80211_process_callback(ni, m, status); 3547 ieee80211_free_node(ni); 3548 } 3549 m_freem(m); 3550} 3551