ieee80211_output.c revision 160690
1/*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * Alternatively, this software may be distributed under the terms of the 18 * GNU General Public License ("GPL") version 2 as published by the Free 19 * Software Foundation. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h> 34__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_output.c 160690 2006-07-26 03:15:16Z sam $"); 35 36#include "opt_inet.h" 37 38#include <sys/param.h> 39#include <sys/systm.h> 40#include <sys/mbuf.h> 41#include <sys/kernel.h> 42#include <sys/endian.h> 43 44#include <sys/socket.h> 45 46#include <net/bpf.h> 47#include <net/ethernet.h> 48#include <net/if.h> 49#include <net/if_llc.h> 50#include <net/if_media.h> 51#include <net/if_vlan_var.h> 52 53#include <net80211/ieee80211_var.h> 54 55#ifdef INET 56#include <netinet/in.h> 57#include <netinet/if_ether.h> 58#include <netinet/in_systm.h> 59#include <netinet/ip.h> 60#endif 61 62#ifdef IEEE80211_DEBUG 63/* 64 * Decide if an outbound management frame should be 65 * printed when debugging is enabled. This filters some 66 * of the less interesting frames that come frequently 67 * (e.g. beacons). 68 */ 69static __inline int 70doprint(struct ieee80211com *ic, int subtype) 71{ 72 switch (subtype) { 73 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 74 return (ic->ic_opmode == IEEE80211_M_IBSS); 75 } 76 return 1; 77} 78#endif 79 80/* 81 * Set the direction field and address fields of an outgoing 82 * non-QoS frame. Note this should be called early on in 83 * constructing a frame as it sets i_fc[1]; other bits can 84 * then be or'd in. 85 */ 86static void 87ieee80211_send_setup(struct ieee80211com *ic, 88 struct ieee80211_node *ni, 89 struct ieee80211_frame *wh, 90 int type, 91 const u_int8_t sa[IEEE80211_ADDR_LEN], 92 const u_int8_t da[IEEE80211_ADDR_LEN], 93 const u_int8_t bssid[IEEE80211_ADDR_LEN]) 94{ 95#define WH4(wh) ((struct ieee80211_frame_addr4 *)wh) 96 97 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type; 98 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) { 99 switch (ic->ic_opmode) { 100 case IEEE80211_M_STA: 101 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 102 IEEE80211_ADDR_COPY(wh->i_addr1, bssid); 103 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 104 IEEE80211_ADDR_COPY(wh->i_addr3, da); 105 break; 106 case IEEE80211_M_IBSS: 107 case IEEE80211_M_AHDEMO: 108 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 109 IEEE80211_ADDR_COPY(wh->i_addr1, da); 110 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 111 IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 112 break; 113 case IEEE80211_M_HOSTAP: 114 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 115 IEEE80211_ADDR_COPY(wh->i_addr1, da); 116 IEEE80211_ADDR_COPY(wh->i_addr2, bssid); 117 IEEE80211_ADDR_COPY(wh->i_addr3, sa); 118 break; 119 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */ 120 break; 121 } 122 } else { 123 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 124 IEEE80211_ADDR_COPY(wh->i_addr1, da); 125 IEEE80211_ADDR_COPY(wh->i_addr2, sa); 126 IEEE80211_ADDR_COPY(wh->i_addr3, bssid); 127 } 128 *(u_int16_t *)&wh->i_dur[0] = 0; 129 /* NB: use non-QoS tid */ 130 *(u_int16_t *)&wh->i_seq[0] = 131 htole16(ni->ni_txseqs[0] << IEEE80211_SEQ_SEQ_SHIFT); 132 ni->ni_txseqs[0]++; 133#undef WH4 134} 135 136/* 137 * Send a management frame to the specified node. The node pointer 138 * must have a reference as the pointer will be passed to the driver 139 * and potentially held for a long time. If the frame is successfully 140 * dispatched to the driver, then it is responsible for freeing the 141 * reference (and potentially free'ing up any associated storage). 142 */ 143static int 144ieee80211_mgmt_output(struct ieee80211com *ic, struct ieee80211_node *ni, 145 struct mbuf *m, int type, int timer) 146{ 147 struct ifnet *ifp = ic->ic_ifp; 148 struct ieee80211_frame *wh; 149 150 KASSERT(ni != NULL, ("null node")); 151 152 /* 153 * Yech, hack alert! We want to pass the node down to the 154 * driver's start routine. If we don't do so then the start 155 * routine must immediately look it up again and that can 156 * cause a lock order reversal if, for example, this frame 157 * is being sent because the station is being timedout and 158 * the frame being sent is a DEAUTH message. We could stick 159 * this in an m_tag and tack that on to the mbuf. However 160 * that's rather expensive to do for every frame so instead 161 * we stuff it in the rcvif field since outbound frames do 162 * not (presently) use this. 163 */ 164 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 165 if (m == NULL) 166 return ENOMEM; 167 KASSERT(m->m_pkthdr.rcvif == NULL, ("rcvif not null")); 168 m->m_pkthdr.rcvif = (void *)ni; 169 170 wh = mtod(m, struct ieee80211_frame *); 171 ieee80211_send_setup(ic, ni, wh, 172 IEEE80211_FC0_TYPE_MGT | type, 173 ic->ic_myaddr, ni->ni_macaddr, ni->ni_bssid); 174 if ((m->m_flags & M_LINK0) != 0 && ni->ni_challenge != NULL) { 175 m->m_flags &= ~M_LINK0; 176 IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 177 "[%s] encrypting frame (%s)\n", 178 ether_sprintf(wh->i_addr1), __func__); 179 wh->i_fc[1] |= IEEE80211_FC1_WEP; 180 } 181#ifdef IEEE80211_DEBUG 182 /* avoid printing too many frames */ 183 if ((ieee80211_msg_debug(ic) && doprint(ic, type)) || 184 ieee80211_msg_dumppkts(ic)) { 185 printf("[%s] send %s on channel %u\n", 186 ether_sprintf(wh->i_addr1), 187 ieee80211_mgt_subtype_name[ 188 (type & IEEE80211_FC0_SUBTYPE_MASK) >> 189 IEEE80211_FC0_SUBTYPE_SHIFT], 190 ieee80211_chan2ieee(ic, ic->ic_curchan)); 191 } 192#endif 193 IEEE80211_NODE_STAT(ni, tx_mgmt); 194 IF_ENQUEUE(&ic->ic_mgtq, m); 195 if (timer) { 196 /* 197 * Set the mgt frame timeout. 198 */ 199 ic->ic_mgt_timer = timer; 200 ifp->if_timer = 1; 201 } 202 if_start(ifp); 203 return 0; 204} 205 206/* 207 * Raw packet transmit stub for legacy drivers. 208 * Send the packet through the mgt q so we bypass 209 * the normal encapsulation work. 210 */ 211int 212ieee80211_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 213 const struct ieee80211_bpf_params *params) 214{ 215 struct ieee80211com *ic = ni->ni_ic; 216 struct ifnet *ifp = ic->ic_ifp; 217 218 m->m_pkthdr.rcvif = (void *) ni; 219 IF_ENQUEUE(&ic->ic_mgtq, m); 220 if_start(ifp); 221 ifp->if_opackets++; 222 223 return 0; 224} 225 226/* 227 * 802.11 output routine. This is (currently) used only to 228 * connect bpf write calls to the 802.11 layer for injecting 229 * raw 802.11 frames. Note we locate the ieee80211com from 230 * the ifnet using a spare field setup at attach time. This 231 * will go away when the virtual ap support comes in. 232 */ 233int 234ieee80211_output(struct ifnet *ifp, struct mbuf *m, 235 struct sockaddr *dst, struct rtentry *rt0) 236{ 237#define senderr(e) do { error = (e); goto bad;} while (0) 238 struct ieee80211com *ic = ifp->if_spare2; /* XXX */ 239 struct ieee80211_node *ni = NULL; 240 struct ieee80211_frame *wh; 241 int error; 242 243 /* 244 * Hand to the 802.3 code if not tagged as 245 * a raw 802.11 frame. 246 */ 247 if (dst->sa_family != AF_IEEE80211) 248 return ether_output(ifp, m, dst, rt0); 249#ifdef MAC 250 error = mac_check_ifnet_transmit(ifp, m); 251 if (error) 252 senderr(error); 253#endif 254 if (ifp->if_flags & IFF_MONITOR) 255 senderr(ENETDOWN); 256 if ((ifp->if_flags & IFF_UP) == 0) 257 senderr(ENETDOWN); 258 259 /* XXX bypass bridge, pfil, carp, etc. */ 260 261 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack)) 262 senderr(EIO); /* XXX */ 263 wh = mtod(m, struct ieee80211_frame *); 264 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 265 IEEE80211_FC0_VERSION_0) 266 senderr(EIO); /* XXX */ 267 268 /* locate destination node */ 269 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 270 case IEEE80211_FC1_DIR_NODS: 271 case IEEE80211_FC1_DIR_FROMDS: 272 ni = ieee80211_find_txnode(ic, wh->i_addr1); 273 break; 274 case IEEE80211_FC1_DIR_TODS: 275 case IEEE80211_FC1_DIR_DSTODS: 276 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) 277 senderr(EIO); /* XXX */ 278 ni = ieee80211_find_txnode(ic, wh->i_addr3); 279 break; 280 default: 281 senderr(EIO); /* XXX */ 282 } 283 if (ni == NULL) { 284 /* 285 * Permit packets w/ bpf params through regardless 286 * (see below about sa_len). 287 */ 288 if (dst->sa_len == 0) 289 senderr(EHOSTUNREACH); 290 ni = ieee80211_ref_node(ic->ic_bss); 291 } 292 293 /* XXX ctrl frames should go through */ 294 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && 295 (m->m_flags & M_PWR_SAV) == 0) { 296 /* 297 * Station in power save mode; pass the frame 298 * to the 802.11 layer and continue. We'll get 299 * the frame back when the time is right. 300 */ 301 ieee80211_pwrsave(ic, ni, m); 302 error = 0; 303 goto reclaim; 304 } 305 306 /* calculate priority so drivers can find the tx queue */ 307 /* XXX assumes an 802.3 frame */ 308 if (ieee80211_classify(ic, m, ni)) 309 senderr(EIO); /* XXX */ 310 311 BPF_MTAP(ifp, m); 312 /* 313 * NB: DLT_IEEE802_11_RADIO identifies the parameters are 314 * present by setting the sa_len field of the sockaddr (yes, 315 * this is a hack). 316 * NB: we assume sa_data is suitably aligned to cast. 317 */ 318 return ic->ic_raw_xmit(ni, m, (const struct ieee80211_bpf_params *) 319 (dst->sa_len ? dst->sa_data : NULL)); 320bad: 321 if (m != NULL) 322 m_freem(m); 323reclaim: 324 if (ni != NULL) 325 ieee80211_free_node(ni); 326 return error; 327#undef senderr 328} 329 330/* 331 * Send a null data frame to the specified node. 332 * 333 * NB: the caller is assumed to have setup a node reference 334 * for use; this is necessary to deal with a race condition 335 * when probing for inactive stations. 336 */ 337int 338ieee80211_send_nulldata(struct ieee80211_node *ni) 339{ 340 struct ieee80211com *ic = ni->ni_ic; 341 struct ifnet *ifp = ic->ic_ifp; 342 struct mbuf *m; 343 struct ieee80211_frame *wh; 344 345 MGETHDR(m, M_NOWAIT, MT_DATA); 346 if (m == NULL) { 347 /* XXX debug msg */ 348 ic->ic_stats.is_tx_nobuf++; 349 ieee80211_unref_node(&ni); 350 return ENOMEM; 351 } 352 m->m_pkthdr.rcvif = (void *) ni; 353 354 wh = mtod(m, struct ieee80211_frame *); 355 ieee80211_send_setup(ic, ni, wh, 356 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA, 357 ic->ic_myaddr, ni->ni_macaddr, ni->ni_bssid); 358 /* NB: power management bit is never sent by an AP */ 359 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) && 360 ic->ic_opmode != IEEE80211_M_HOSTAP) 361 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT; 362 m->m_len = m->m_pkthdr.len = sizeof(struct ieee80211_frame); 363 364 IEEE80211_NODE_STAT(ni, tx_data); 365 366 IEEE80211_DPRINTF(ic, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, 367 "[%s] send null data frame on channel %u, pwr mgt %s\n", 368 ether_sprintf(ni->ni_macaddr), 369 ieee80211_chan2ieee(ic, ic->ic_curchan), 370 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis"); 371 372 IF_ENQUEUE(&ic->ic_mgtq, m); /* cheat */ 373 if_start(ifp); 374 375 return 0; 376} 377 378/* 379 * Assign priority to a frame based on any vlan tag assigned 380 * to the station and/or any Diffserv setting in an IP header. 381 * Finally, if an ACM policy is setup (in station mode) it's 382 * applied. 383 */ 384int 385ieee80211_classify(struct ieee80211com *ic, struct mbuf *m, struct ieee80211_node *ni) 386{ 387 int v_wme_ac, d_wme_ac, ac; 388#ifdef INET 389 struct ether_header *eh; 390#endif 391 392 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) { 393 ac = WME_AC_BE; 394 goto done; 395 } 396 397 /* 398 * If node has a vlan tag then all traffic 399 * to it must have a matching tag. 400 */ 401 v_wme_ac = 0; 402 if (ni->ni_vlan != 0) { 403 struct m_tag *mtag = VLAN_OUTPUT_TAG(ic->ic_ifp, m); 404 if (mtag == NULL) { 405 IEEE80211_NODE_STAT(ni, tx_novlantag); 406 return 1; 407 } 408 if (EVL_VLANOFTAG(VLAN_TAG_VALUE(mtag)) != 409 EVL_VLANOFTAG(ni->ni_vlan)) { 410 IEEE80211_NODE_STAT(ni, tx_vlanmismatch); 411 return 1; 412 } 413 /* map vlan priority to AC */ 414 switch (EVL_PRIOFTAG(ni->ni_vlan)) { 415 case 1: 416 case 2: 417 v_wme_ac = WME_AC_BK; 418 break; 419 case 0: 420 case 3: 421 v_wme_ac = WME_AC_BE; 422 break; 423 case 4: 424 case 5: 425 v_wme_ac = WME_AC_VI; 426 break; 427 case 6: 428 case 7: 429 v_wme_ac = WME_AC_VO; 430 break; 431 } 432 } 433 434#ifdef INET 435 eh = mtod(m, struct ether_header *); 436 if (eh->ether_type == htons(ETHERTYPE_IP)) { 437 const struct ip *ip = (struct ip *) 438 (mtod(m, u_int8_t *) + sizeof (*eh)); 439 /* 440 * IP frame, map the TOS field. 441 */ 442 switch (ip->ip_tos) { 443 case 0x08: 444 case 0x20: 445 d_wme_ac = WME_AC_BK; /* background */ 446 break; 447 case 0x28: 448 case 0xa0: 449 d_wme_ac = WME_AC_VI; /* video */ 450 break; 451 case 0x30: /* voice */ 452 case 0xe0: 453 case 0x88: /* XXX UPSD */ 454 case 0xb8: 455 d_wme_ac = WME_AC_VO; 456 break; 457 default: 458 d_wme_ac = WME_AC_BE; 459 break; 460 } 461 } else { 462#endif /* INET */ 463 d_wme_ac = WME_AC_BE; 464#ifdef INET 465 } 466#endif 467 /* 468 * Use highest priority AC. 469 */ 470 if (v_wme_ac > d_wme_ac) 471 ac = v_wme_ac; 472 else 473 ac = d_wme_ac; 474 475 /* 476 * Apply ACM policy. 477 */ 478 if (ic->ic_opmode == IEEE80211_M_STA) { 479 static const int acmap[4] = { 480 WME_AC_BK, /* WME_AC_BE */ 481 WME_AC_BK, /* WME_AC_BK */ 482 WME_AC_BE, /* WME_AC_VI */ 483 WME_AC_VI, /* WME_AC_VO */ 484 }; 485 while (ac != WME_AC_BK && 486 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm) 487 ac = acmap[ac]; 488 } 489done: 490 M_WME_SETAC(m, ac); 491 return 0; 492} 493 494/* 495 * Insure there is sufficient contiguous space to encapsulate the 496 * 802.11 data frame. If room isn't already there, arrange for it. 497 * Drivers and cipher modules assume we have done the necessary work 498 * and fail rudely if they don't find the space they need. 499 */ 500static struct mbuf * 501ieee80211_mbuf_adjust(struct ieee80211com *ic, int hdrsize, 502 struct ieee80211_key *key, struct mbuf *m) 503{ 504#define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc)) 505 int needed_space = hdrsize; 506 507 if (key != NULL) { 508 /* XXX belongs in crypto code? */ 509 needed_space += key->wk_cipher->ic_header; 510 /* XXX frags */ 511 /* 512 * When crypto is being done in the host we must insure 513 * the data are writable for the cipher routines; clone 514 * a writable mbuf chain. 515 * XXX handle SWMIC specially 516 */ 517 if (key->wk_flags & (IEEE80211_KEY_SWCRYPT|IEEE80211_KEY_SWMIC)) { 518 m = m_unshare(m, M_NOWAIT); 519 if (m == NULL) { 520 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, 521 "%s: cannot get writable mbuf\n", __func__); 522 ic->ic_stats.is_tx_nobuf++; /* XXX new stat */ 523 return NULL; 524 } 525 } 526 } 527 /* 528 * We know we are called just before stripping an Ethernet 529 * header and prepending an LLC header. This means we know 530 * there will be 531 * sizeof(struct ether_header) - sizeof(struct llc) 532 * bytes recovered to which we need additional space for the 533 * 802.11 header and any crypto header. 534 */ 535 /* XXX check trailing space and copy instead? */ 536 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) { 537 struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type); 538 if (n == NULL) { 539 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, 540 "%s: cannot expand storage\n", __func__); 541 ic->ic_stats.is_tx_nobuf++; 542 m_freem(m); 543 return NULL; 544 } 545 KASSERT(needed_space <= MHLEN, 546 ("not enough room, need %u got %zu\n", needed_space, MHLEN)); 547 /* 548 * Setup new mbuf to have leading space to prepend the 549 * 802.11 header and any crypto header bits that are 550 * required (the latter are added when the driver calls 551 * back to ieee80211_crypto_encap to do crypto encapsulation). 552 */ 553 /* NB: must be first 'cuz it clobbers m_data */ 554 m_move_pkthdr(n, m); 555 n->m_len = 0; /* NB: m_gethdr does not set */ 556 n->m_data += needed_space; 557 /* 558 * Pull up Ethernet header to create the expected layout. 559 * We could use m_pullup but that's overkill (i.e. we don't 560 * need the actual data) and it cannot fail so do it inline 561 * for speed. 562 */ 563 /* NB: struct ether_header is known to be contiguous */ 564 n->m_len += sizeof(struct ether_header); 565 m->m_len -= sizeof(struct ether_header); 566 m->m_data += sizeof(struct ether_header); 567 /* 568 * Replace the head of the chain. 569 */ 570 n->m_next = m; 571 m = n; 572 } 573 return m; 574#undef TO_BE_RECLAIMED 575} 576 577#define KEY_UNDEFINED(k) ((k).wk_cipher == &ieee80211_cipher_none) 578/* 579 * Return the transmit key to use in sending a unicast frame. 580 * If a unicast key is set we use that. When no unicast key is set 581 * we fall back to the default transmit key. 582 */ 583static __inline struct ieee80211_key * 584ieee80211_crypto_getucastkey(struct ieee80211com *ic, struct ieee80211_node *ni) 585{ 586 if (KEY_UNDEFINED(ni->ni_ucastkey)) { 587 if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE || 588 KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) 589 return NULL; 590 return &ic->ic_nw_keys[ic->ic_def_txkey]; 591 } else { 592 return &ni->ni_ucastkey; 593 } 594} 595 596/* 597 * Return the transmit key to use in sending a multicast frame. 598 * Multicast traffic always uses the group key which is installed as 599 * the default tx key. 600 */ 601static __inline struct ieee80211_key * 602ieee80211_crypto_getmcastkey(struct ieee80211com *ic, struct ieee80211_node *ni) 603{ 604 if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE || 605 KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) 606 return NULL; 607 return &ic->ic_nw_keys[ic->ic_def_txkey]; 608} 609 610/* 611 * Encapsulate an outbound data frame. The mbuf chain is updated. 612 * If an error is encountered NULL is returned. The caller is required 613 * to provide a node reference and pullup the ethernet header in the 614 * first mbuf. 615 */ 616struct mbuf * 617ieee80211_encap(struct ieee80211com *ic, struct mbuf *m, 618 struct ieee80211_node *ni) 619{ 620 struct ether_header eh; 621 struct ieee80211_frame *wh; 622 struct ieee80211_key *key; 623 struct llc *llc; 624 int hdrsize, datalen, addqos; 625 626 KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!")); 627 memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header)); 628 629 /* 630 * Insure space for additional headers. First identify 631 * transmit key to use in calculating any buffer adjustments 632 * required. This is also used below to do privacy 633 * encapsulation work. Then calculate the 802.11 header 634 * size and any padding required by the driver. 635 * 636 * Note key may be NULL if we fall back to the default 637 * transmit key and that is not set. In that case the 638 * buffer may not be expanded as needed by the cipher 639 * routines, but they will/should discard it. 640 */ 641 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 642 if (ic->ic_opmode == IEEE80211_M_STA || 643 !IEEE80211_IS_MULTICAST(eh.ether_dhost)) 644 key = ieee80211_crypto_getucastkey(ic, ni); 645 else 646 key = ieee80211_crypto_getmcastkey(ic, ni); 647 if (key == NULL && eh.ether_type != htons(ETHERTYPE_PAE)) { 648 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, 649 "[%s] no default transmit key (%s) deftxkey %u\n", 650 ether_sprintf(eh.ether_dhost), __func__, 651 ic->ic_def_txkey); 652 ic->ic_stats.is_tx_nodefkey++; 653 } 654 } else 655 key = NULL; 656 /* XXX 4-address format */ 657 /* 658 * XXX Some ap's don't handle QoS-encapsulated EAPOL 659 * frames so suppress use. This may be an issue if other 660 * ap's require all data frames to be QoS-encapsulated 661 * once negotiated in which case we'll need to make this 662 * configurable. 663 */ 664 addqos = (ni->ni_flags & IEEE80211_NODE_QOS) && 665 eh.ether_type != htons(ETHERTYPE_PAE); 666 if (addqos) 667 hdrsize = sizeof(struct ieee80211_qosframe); 668 else 669 hdrsize = sizeof(struct ieee80211_frame); 670 if (ic->ic_flags & IEEE80211_F_DATAPAD) 671 hdrsize = roundup(hdrsize, sizeof(u_int32_t)); 672 m = ieee80211_mbuf_adjust(ic, hdrsize, key, m); 673 if (m == NULL) { 674 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */ 675 goto bad; 676 } 677 678 /* NB: this could be optimized because of ieee80211_mbuf_adjust */ 679 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc)); 680 llc = mtod(m, struct llc *); 681 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 682 llc->llc_control = LLC_UI; 683 llc->llc_snap.org_code[0] = 0; 684 llc->llc_snap.org_code[1] = 0; 685 llc->llc_snap.org_code[2] = 0; 686 llc->llc_snap.ether_type = eh.ether_type; 687 datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */ 688 689 M_PREPEND(m, hdrsize, M_DONTWAIT); 690 if (m == NULL) { 691 ic->ic_stats.is_tx_nobuf++; 692 goto bad; 693 } 694 wh = mtod(m, struct ieee80211_frame *); 695 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 696 *(u_int16_t *)wh->i_dur = 0; 697 switch (ic->ic_opmode) { 698 case IEEE80211_M_STA: 699 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 700 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 701 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 702 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 703 break; 704 case IEEE80211_M_IBSS: 705 case IEEE80211_M_AHDEMO: 706 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 707 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 708 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 709 /* 710 * NB: always use the bssid from ic_bss as the 711 * neighbor's may be stale after an ibss merge 712 */ 713 IEEE80211_ADDR_COPY(wh->i_addr3, ic->ic_bss->ni_bssid); 714 break; 715 case IEEE80211_M_HOSTAP: 716 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 717 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 718 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 719 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 720 break; 721 case IEEE80211_M_MONITOR: 722 goto bad; 723 } 724 if (m->m_flags & M_MORE_DATA) 725 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 726 if (addqos) { 727 struct ieee80211_qosframe *qwh = 728 (struct ieee80211_qosframe *) wh; 729 int ac, tid; 730 731 ac = M_WME_GETAC(m); 732 /* map from access class/queue to 11e header priorty value */ 733 tid = WME_AC_TO_TID(ac); 734 qwh->i_qos[0] = tid & IEEE80211_QOS_TID; 735 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy) 736 qwh->i_qos[0] |= 1 << IEEE80211_QOS_ACKPOLICY_S; 737 qwh->i_qos[1] = 0; 738 qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 739 740 *(u_int16_t *)wh->i_seq = 741 htole16(ni->ni_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT); 742 ni->ni_txseqs[tid]++; 743 } else { 744 *(u_int16_t *)wh->i_seq = 745 htole16(ni->ni_txseqs[0] << IEEE80211_SEQ_SEQ_SHIFT); 746 ni->ni_txseqs[0]++; 747 } 748 if (key != NULL) { 749 /* 750 * IEEE 802.1X: send EAPOL frames always in the clear. 751 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set. 752 */ 753 if (eh.ether_type != htons(ETHERTYPE_PAE) || 754 ((ic->ic_flags & IEEE80211_F_WPA) && 755 (ic->ic_opmode == IEEE80211_M_STA ? 756 !KEY_UNDEFINED(*key) : !KEY_UNDEFINED(ni->ni_ucastkey)))) { 757 wh->i_fc[1] |= IEEE80211_FC1_WEP; 758 /* XXX do fragmentation */ 759 if (!ieee80211_crypto_enmic(ic, key, m, 0)) { 760 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, 761 "[%s] enmic failed, discard frame\n", 762 ether_sprintf(eh.ether_dhost)); 763 ic->ic_stats.is_crypto_enmicfail++; 764 goto bad; 765 } 766 } 767 } 768 769 IEEE80211_NODE_STAT(ni, tx_data); 770 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen); 771 772 return m; 773bad: 774 if (m != NULL) 775 m_freem(m); 776 return NULL; 777} 778 779/* 780 * Add a supported rates element id to a frame. 781 */ 782static u_int8_t * 783ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs) 784{ 785 int nrates; 786 787 *frm++ = IEEE80211_ELEMID_RATES; 788 nrates = rs->rs_nrates; 789 if (nrates > IEEE80211_RATE_SIZE) 790 nrates = IEEE80211_RATE_SIZE; 791 *frm++ = nrates; 792 memcpy(frm, rs->rs_rates, nrates); 793 return frm + nrates; 794} 795 796/* 797 * Add an extended supported rates element id to a frame. 798 */ 799static u_int8_t * 800ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs) 801{ 802 /* 803 * Add an extended supported rates element if operating in 11g mode. 804 */ 805 if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 806 int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 807 *frm++ = IEEE80211_ELEMID_XRATES; 808 *frm++ = nrates; 809 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 810 frm += nrates; 811 } 812 return frm; 813} 814 815/* 816 * Add an ssid elemet to a frame. 817 */ 818static u_int8_t * 819ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len) 820{ 821 *frm++ = IEEE80211_ELEMID_SSID; 822 *frm++ = len; 823 memcpy(frm, ssid, len); 824 return frm + len; 825} 826 827/* 828 * Add an erp element to a frame. 829 */ 830static u_int8_t * 831ieee80211_add_erp(u_int8_t *frm, struct ieee80211com *ic) 832{ 833 u_int8_t erp; 834 835 *frm++ = IEEE80211_ELEMID_ERP; 836 *frm++ = 1; 837 erp = 0; 838 if (ic->ic_nonerpsta != 0) 839 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 840 if (ic->ic_flags & IEEE80211_F_USEPROT) 841 erp |= IEEE80211_ERP_USE_PROTECTION; 842 if (ic->ic_flags & IEEE80211_F_USEBARKER) 843 erp |= IEEE80211_ERP_LONG_PREAMBLE; 844 *frm++ = erp; 845 return frm; 846} 847 848static u_int8_t * 849ieee80211_setup_wpa_ie(struct ieee80211com *ic, u_int8_t *ie) 850{ 851#define WPA_OUI_BYTES 0x00, 0x50, 0xf2 852#define ADDSHORT(frm, v) do { \ 853 frm[0] = (v) & 0xff; \ 854 frm[1] = (v) >> 8; \ 855 frm += 2; \ 856} while (0) 857#define ADDSELECTOR(frm, sel) do { \ 858 memcpy(frm, sel, 4); \ 859 frm += 4; \ 860} while (0) 861 static const u_int8_t oui[4] = { WPA_OUI_BYTES, WPA_OUI_TYPE }; 862 static const u_int8_t cipher_suite[][4] = { 863 { WPA_OUI_BYTES, WPA_CSE_WEP40 }, /* NB: 40-bit */ 864 { WPA_OUI_BYTES, WPA_CSE_TKIP }, 865 { 0x00, 0x00, 0x00, 0x00 }, /* XXX WRAP */ 866 { WPA_OUI_BYTES, WPA_CSE_CCMP }, 867 { 0x00, 0x00, 0x00, 0x00 }, /* XXX CKIP */ 868 { WPA_OUI_BYTES, WPA_CSE_NULL }, 869 }; 870 static const u_int8_t wep104_suite[4] = 871 { WPA_OUI_BYTES, WPA_CSE_WEP104 }; 872 static const u_int8_t key_mgt_unspec[4] = 873 { WPA_OUI_BYTES, WPA_ASE_8021X_UNSPEC }; 874 static const u_int8_t key_mgt_psk[4] = 875 { WPA_OUI_BYTES, WPA_ASE_8021X_PSK }; 876 const struct ieee80211_rsnparms *rsn = &ic->ic_bss->ni_rsn; 877 u_int8_t *frm = ie; 878 u_int8_t *selcnt; 879 880 *frm++ = IEEE80211_ELEMID_VENDOR; 881 *frm++ = 0; /* length filled in below */ 882 memcpy(frm, oui, sizeof(oui)); /* WPA OUI */ 883 frm += sizeof(oui); 884 ADDSHORT(frm, WPA_VERSION); 885 886 /* XXX filter out CKIP */ 887 888 /* multicast cipher */ 889 if (rsn->rsn_mcastcipher == IEEE80211_CIPHER_WEP && 890 rsn->rsn_mcastkeylen >= 13) 891 ADDSELECTOR(frm, wep104_suite); 892 else 893 ADDSELECTOR(frm, cipher_suite[rsn->rsn_mcastcipher]); 894 895 /* unicast cipher list */ 896 selcnt = frm; 897 ADDSHORT(frm, 0); /* selector count */ 898 if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_AES_CCM)) { 899 selcnt[0]++; 900 ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_AES_CCM]); 901 } 902 if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_TKIP)) { 903 selcnt[0]++; 904 ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_TKIP]); 905 } 906 907 /* authenticator selector list */ 908 selcnt = frm; 909 ADDSHORT(frm, 0); /* selector count */ 910 if (rsn->rsn_keymgmtset & WPA_ASE_8021X_UNSPEC) { 911 selcnt[0]++; 912 ADDSELECTOR(frm, key_mgt_unspec); 913 } 914 if (rsn->rsn_keymgmtset & WPA_ASE_8021X_PSK) { 915 selcnt[0]++; 916 ADDSELECTOR(frm, key_mgt_psk); 917 } 918 919 /* optional capabilities */ 920 if (rsn->rsn_caps != 0 && rsn->rsn_caps != RSN_CAP_PREAUTH) 921 ADDSHORT(frm, rsn->rsn_caps); 922 923 /* calculate element length */ 924 ie[1] = frm - ie - 2; 925 KASSERT(ie[1]+2 <= sizeof(struct ieee80211_ie_wpa), 926 ("WPA IE too big, %u > %zu", 927 ie[1]+2, sizeof(struct ieee80211_ie_wpa))); 928 return frm; 929#undef ADDSHORT 930#undef ADDSELECTOR 931#undef WPA_OUI_BYTES 932} 933 934static u_int8_t * 935ieee80211_setup_rsn_ie(struct ieee80211com *ic, u_int8_t *ie) 936{ 937#define RSN_OUI_BYTES 0x00, 0x0f, 0xac 938#define ADDSHORT(frm, v) do { \ 939 frm[0] = (v) & 0xff; \ 940 frm[1] = (v) >> 8; \ 941 frm += 2; \ 942} while (0) 943#define ADDSELECTOR(frm, sel) do { \ 944 memcpy(frm, sel, 4); \ 945 frm += 4; \ 946} while (0) 947 static const u_int8_t cipher_suite[][4] = { 948 { RSN_OUI_BYTES, RSN_CSE_WEP40 }, /* NB: 40-bit */ 949 { RSN_OUI_BYTES, RSN_CSE_TKIP }, 950 { RSN_OUI_BYTES, RSN_CSE_WRAP }, 951 { RSN_OUI_BYTES, RSN_CSE_CCMP }, 952 { 0x00, 0x00, 0x00, 0x00 }, /* XXX CKIP */ 953 { RSN_OUI_BYTES, RSN_CSE_NULL }, 954 }; 955 static const u_int8_t wep104_suite[4] = 956 { RSN_OUI_BYTES, RSN_CSE_WEP104 }; 957 static const u_int8_t key_mgt_unspec[4] = 958 { RSN_OUI_BYTES, RSN_ASE_8021X_UNSPEC }; 959 static const u_int8_t key_mgt_psk[4] = 960 { RSN_OUI_BYTES, RSN_ASE_8021X_PSK }; 961 const struct ieee80211_rsnparms *rsn = &ic->ic_bss->ni_rsn; 962 u_int8_t *frm = ie; 963 u_int8_t *selcnt; 964 965 *frm++ = IEEE80211_ELEMID_RSN; 966 *frm++ = 0; /* length filled in below */ 967 ADDSHORT(frm, RSN_VERSION); 968 969 /* XXX filter out CKIP */ 970 971 /* multicast cipher */ 972 if (rsn->rsn_mcastcipher == IEEE80211_CIPHER_WEP && 973 rsn->rsn_mcastkeylen >= 13) 974 ADDSELECTOR(frm, wep104_suite); 975 else 976 ADDSELECTOR(frm, cipher_suite[rsn->rsn_mcastcipher]); 977 978 /* unicast cipher list */ 979 selcnt = frm; 980 ADDSHORT(frm, 0); /* selector count */ 981 if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_AES_CCM)) { 982 selcnt[0]++; 983 ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_AES_CCM]); 984 } 985 if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_TKIP)) { 986 selcnt[0]++; 987 ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_TKIP]); 988 } 989 990 /* authenticator selector list */ 991 selcnt = frm; 992 ADDSHORT(frm, 0); /* selector count */ 993 if (rsn->rsn_keymgmtset & WPA_ASE_8021X_UNSPEC) { 994 selcnt[0]++; 995 ADDSELECTOR(frm, key_mgt_unspec); 996 } 997 if (rsn->rsn_keymgmtset & WPA_ASE_8021X_PSK) { 998 selcnt[0]++; 999 ADDSELECTOR(frm, key_mgt_psk); 1000 } 1001 1002 /* optional capabilities */ 1003 ADDSHORT(frm, rsn->rsn_caps); 1004 /* XXX PMKID */ 1005 1006 /* calculate element length */ 1007 ie[1] = frm - ie - 2; 1008 KASSERT(ie[1]+2 <= sizeof(struct ieee80211_ie_wpa), 1009 ("RSN IE too big, %u > %zu", 1010 ie[1]+2, sizeof(struct ieee80211_ie_wpa))); 1011 return frm; 1012#undef ADDSELECTOR 1013#undef ADDSHORT 1014#undef RSN_OUI_BYTES 1015} 1016 1017/* 1018 * Add a WPA/RSN element to a frame. 1019 */ 1020static u_int8_t * 1021ieee80211_add_wpa(u_int8_t *frm, struct ieee80211com *ic) 1022{ 1023 1024 KASSERT(ic->ic_flags & IEEE80211_F_WPA, ("no WPA/RSN!")); 1025 if (ic->ic_flags & IEEE80211_F_WPA2) 1026 frm = ieee80211_setup_rsn_ie(ic, frm); 1027 if (ic->ic_flags & IEEE80211_F_WPA1) 1028 frm = ieee80211_setup_wpa_ie(ic, frm); 1029 return frm; 1030} 1031 1032#define WME_OUI_BYTES 0x00, 0x50, 0xf2 1033/* 1034 * Add a WME information element to a frame. 1035 */ 1036static u_int8_t * 1037ieee80211_add_wme_info(u_int8_t *frm, struct ieee80211_wme_state *wme) 1038{ 1039 static const struct ieee80211_wme_info info = { 1040 .wme_id = IEEE80211_ELEMID_VENDOR, 1041 .wme_len = sizeof(struct ieee80211_wme_info) - 2, 1042 .wme_oui = { WME_OUI_BYTES }, 1043 .wme_type = WME_OUI_TYPE, 1044 .wme_subtype = WME_INFO_OUI_SUBTYPE, 1045 .wme_version = WME_VERSION, 1046 .wme_info = 0, 1047 }; 1048 memcpy(frm, &info, sizeof(info)); 1049 return frm + sizeof(info); 1050} 1051 1052/* 1053 * Add a WME parameters element to a frame. 1054 */ 1055static u_int8_t * 1056ieee80211_add_wme_param(u_int8_t *frm, struct ieee80211_wme_state *wme) 1057{ 1058#define SM(_v, _f) (((_v) << _f##_S) & _f) 1059#define ADDSHORT(frm, v) do { \ 1060 frm[0] = (v) & 0xff; \ 1061 frm[1] = (v) >> 8; \ 1062 frm += 2; \ 1063} while (0) 1064 /* NB: this works 'cuz a param has an info at the front */ 1065 static const struct ieee80211_wme_info param = { 1066 .wme_id = IEEE80211_ELEMID_VENDOR, 1067 .wme_len = sizeof(struct ieee80211_wme_param) - 2, 1068 .wme_oui = { WME_OUI_BYTES }, 1069 .wme_type = WME_OUI_TYPE, 1070 .wme_subtype = WME_PARAM_OUI_SUBTYPE, 1071 .wme_version = WME_VERSION, 1072 }; 1073 int i; 1074 1075 memcpy(frm, ¶m, sizeof(param)); 1076 frm += __offsetof(struct ieee80211_wme_info, wme_info); 1077 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */ 1078 *frm++ = 0; /* reserved field */ 1079 for (i = 0; i < WME_NUM_AC; i++) { 1080 const struct wmeParams *ac = 1081 &wme->wme_bssChanParams.cap_wmeParams[i]; 1082 *frm++ = SM(i, WME_PARAM_ACI) 1083 | SM(ac->wmep_acm, WME_PARAM_ACM) 1084 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN) 1085 ; 1086 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX) 1087 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN) 1088 ; 1089 ADDSHORT(frm, ac->wmep_txopLimit); 1090 } 1091 return frm; 1092#undef SM 1093#undef ADDSHORT 1094} 1095#undef WME_OUI_BYTES 1096 1097/* 1098 * Send a probe request frame with the specified ssid 1099 * and any optional information element data. 1100 */ 1101int 1102ieee80211_send_probereq(struct ieee80211_node *ni, 1103 const u_int8_t sa[IEEE80211_ADDR_LEN], 1104 const u_int8_t da[IEEE80211_ADDR_LEN], 1105 const u_int8_t bssid[IEEE80211_ADDR_LEN], 1106 const u_int8_t *ssid, size_t ssidlen, 1107 const void *optie, size_t optielen) 1108{ 1109 struct ieee80211com *ic = ni->ni_ic; 1110 enum ieee80211_phymode mode; 1111 struct ieee80211_frame *wh; 1112 struct mbuf *m; 1113 u_int8_t *frm; 1114 1115 /* 1116 * Hold a reference on the node so it doesn't go away until after 1117 * the xmit is complete all the way in the driver. On error we 1118 * will remove our reference. 1119 */ 1120 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1121 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 1122 __func__, __LINE__, 1123 ni, ether_sprintf(ni->ni_macaddr), 1124 ieee80211_node_refcnt(ni)+1); 1125 ieee80211_ref_node(ni); 1126 1127 /* 1128 * prreq frame format 1129 * [tlv] ssid 1130 * [tlv] supported rates 1131 * [tlv] extended supported rates 1132 * [tlv] user-specified ie's 1133 */ 1134 m = ieee80211_getmgtframe(&frm, 1135 2 + IEEE80211_NWID_LEN 1136 + 2 + IEEE80211_RATE_SIZE 1137 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 1138 + (optie != NULL ? optielen : 0) 1139 ); 1140 if (m == NULL) { 1141 ic->ic_stats.is_tx_nobuf++; 1142 ieee80211_free_node(ni); 1143 return ENOMEM; 1144 } 1145 1146 frm = ieee80211_add_ssid(frm, ssid, ssidlen); 1147 mode = ieee80211_chan2mode(ic, ic->ic_curchan); 1148 frm = ieee80211_add_rates(frm, &ic->ic_sup_rates[mode]); 1149 frm = ieee80211_add_xrates(frm, &ic->ic_sup_rates[mode]); 1150 1151 if (optie != NULL) { 1152 memcpy(frm, optie, optielen); 1153 frm += optielen; 1154 } 1155 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1156 1157 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1158 if (m == NULL) 1159 return ENOMEM; 1160 KASSERT(m->m_pkthdr.rcvif == NULL, ("rcvif not null")); 1161 m->m_pkthdr.rcvif = (void *)ni; 1162 1163 wh = mtod(m, struct ieee80211_frame *); 1164 ieee80211_send_setup(ic, ni, wh, 1165 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ, 1166 sa, da, bssid); 1167 /* XXX power management? */ 1168 1169 IEEE80211_NODE_STAT(ni, tx_probereq); 1170 IEEE80211_NODE_STAT(ni, tx_mgmt); 1171 1172 IEEE80211_DPRINTF(ic, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, 1173 "[%s] send probe req on channel %u\n", 1174 ether_sprintf(wh->i_addr1), 1175 ieee80211_chan2ieee(ic, ic->ic_curchan)); 1176 1177 IF_ENQUEUE(&ic->ic_mgtq, m); 1178 if_start(ic->ic_ifp); 1179 return 0; 1180} 1181 1182/* 1183 * Calculate capability information for mgt frames. 1184 */ 1185static u_int16_t 1186getcapinfo(struct ieee80211com *ic, struct ieee80211_channel *chan) 1187{ 1188 u_int16_t capinfo; 1189 1190 KASSERT(ic->ic_opmode != IEEE80211_M_STA, ("station mode")); 1191 1192 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 1193 capinfo = IEEE80211_CAPINFO_ESS; 1194 else if (ic->ic_opmode == IEEE80211_M_IBSS) 1195 capinfo = IEEE80211_CAPINFO_IBSS; 1196 else 1197 capinfo = 0; 1198 if (ic->ic_flags & IEEE80211_F_PRIVACY) 1199 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1200 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1201 IEEE80211_IS_CHAN_2GHZ(chan)) 1202 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1203 if (ic->ic_flags & IEEE80211_F_SHSLOT) 1204 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1205 return capinfo; 1206} 1207 1208/* 1209 * Send a management frame. The node is for the destination (or ic_bss 1210 * when in station mode). Nodes other than ic_bss have their reference 1211 * count bumped to reflect our use for an indeterminant time. 1212 */ 1213int 1214ieee80211_send_mgmt(struct ieee80211com *ic, struct ieee80211_node *ni, 1215 int type, int arg) 1216{ 1217#define senderr(_x, _v) do { ic->ic_stats._v++; ret = _x; goto bad; } while (0) 1218 struct mbuf *m; 1219 u_int8_t *frm; 1220 u_int16_t capinfo; 1221 int has_challenge, is_shared_key, ret, timer, status; 1222 1223 KASSERT(ni != NULL, ("null node")); 1224 1225 /* 1226 * Hold a reference on the node so it doesn't go away until after 1227 * the xmit is complete all the way in the driver. On error we 1228 * will remove our reference. 1229 */ 1230 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1231 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n", 1232 __func__, __LINE__, 1233 ni, ether_sprintf(ni->ni_macaddr), 1234 ieee80211_node_refcnt(ni)+1); 1235 ieee80211_ref_node(ni); 1236 1237 timer = 0; 1238 switch (type) { 1239 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 1240 /* 1241 * probe response frame format 1242 * [8] time stamp 1243 * [2] beacon interval 1244 * [2] cabability information 1245 * [tlv] ssid 1246 * [tlv] supported rates 1247 * [tlv] parameter set (FH/DS) 1248 * [tlv] parameter set (IBSS) 1249 * [tlv] extended rate phy (ERP) 1250 * [tlv] extended supported rates 1251 * [tlv] WPA 1252 * [tlv] WME (optional) 1253 */ 1254 m = ieee80211_getmgtframe(&frm, 1255 8 1256 + sizeof(u_int16_t) 1257 + sizeof(u_int16_t) 1258 + 2 + IEEE80211_NWID_LEN 1259 + 2 + IEEE80211_RATE_SIZE 1260 + 7 /* max(7,3) */ 1261 + 6 1262 + 3 1263 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 1264 /* XXX !WPA1+WPA2 fits w/o a cluster */ 1265 + (ic->ic_flags & IEEE80211_F_WPA ? 1266 2*sizeof(struct ieee80211_ie_wpa) : 0) 1267 + sizeof(struct ieee80211_wme_param) 1268 ); 1269 if (m == NULL) 1270 senderr(ENOMEM, is_tx_nobuf); 1271 1272 memset(frm, 0, 8); /* timestamp should be filled later */ 1273 frm += 8; 1274 *(u_int16_t *)frm = htole16(ic->ic_bss->ni_intval); 1275 frm += 2; 1276 capinfo = getcapinfo(ic, ic->ic_curchan); 1277 *(u_int16_t *)frm = htole16(capinfo); 1278 frm += 2; 1279 1280 frm = ieee80211_add_ssid(frm, ic->ic_bss->ni_essid, 1281 ic->ic_bss->ni_esslen); 1282 frm = ieee80211_add_rates(frm, &ni->ni_rates); 1283 1284 if (ic->ic_phytype == IEEE80211_T_FH) { 1285 *frm++ = IEEE80211_ELEMID_FHPARMS; 1286 *frm++ = 5; 1287 *frm++ = ni->ni_fhdwell & 0x00ff; 1288 *frm++ = (ni->ni_fhdwell >> 8) & 0x00ff; 1289 *frm++ = IEEE80211_FH_CHANSET( 1290 ieee80211_chan2ieee(ic, ic->ic_curchan)); 1291 *frm++ = IEEE80211_FH_CHANPAT( 1292 ieee80211_chan2ieee(ic, ic->ic_curchan)); 1293 *frm++ = ni->ni_fhindex; 1294 } else { 1295 *frm++ = IEEE80211_ELEMID_DSPARMS; 1296 *frm++ = 1; 1297 *frm++ = ieee80211_chan2ieee(ic, ic->ic_curchan); 1298 } 1299 1300 if (ic->ic_opmode == IEEE80211_M_IBSS) { 1301 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 1302 *frm++ = 2; 1303 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */ 1304 } 1305 if (ic->ic_flags & IEEE80211_F_WPA) 1306 frm = ieee80211_add_wpa(frm, ic); 1307 if (ic->ic_curmode == IEEE80211_MODE_11G) 1308 frm = ieee80211_add_erp(frm, ic); 1309 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 1310 if (ic->ic_flags & IEEE80211_F_WME) 1311 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 1312 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1313 break; 1314 1315 case IEEE80211_FC0_SUBTYPE_AUTH: 1316 status = arg >> 16; 1317 arg &= 0xffff; 1318 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE || 1319 arg == IEEE80211_AUTH_SHARED_RESPONSE) && 1320 ni->ni_challenge != NULL); 1321 1322 /* 1323 * Deduce whether we're doing open authentication or 1324 * shared key authentication. We do the latter if 1325 * we're in the middle of a shared key authentication 1326 * handshake or if we're initiating an authentication 1327 * request and configured to use shared key. 1328 */ 1329 is_shared_key = has_challenge || 1330 arg >= IEEE80211_AUTH_SHARED_RESPONSE || 1331 (arg == IEEE80211_AUTH_SHARED_REQUEST && 1332 ic->ic_bss->ni_authmode == IEEE80211_AUTH_SHARED); 1333 1334 m = ieee80211_getmgtframe(&frm, 1335 3 * sizeof(u_int16_t) 1336 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ? 1337 sizeof(u_int16_t)+IEEE80211_CHALLENGE_LEN : 0) 1338 ); 1339 if (m == NULL) 1340 senderr(ENOMEM, is_tx_nobuf); 1341 1342 ((u_int16_t *)frm)[0] = 1343 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED) 1344 : htole16(IEEE80211_AUTH_ALG_OPEN); 1345 ((u_int16_t *)frm)[1] = htole16(arg); /* sequence number */ 1346 ((u_int16_t *)frm)[2] = htole16(status);/* status */ 1347 1348 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) { 1349 ((u_int16_t *)frm)[3] = 1350 htole16((IEEE80211_CHALLENGE_LEN << 8) | 1351 IEEE80211_ELEMID_CHALLENGE); 1352 memcpy(&((u_int16_t *)frm)[4], ni->ni_challenge, 1353 IEEE80211_CHALLENGE_LEN); 1354 m->m_pkthdr.len = m->m_len = 1355 4 * sizeof(u_int16_t) + IEEE80211_CHALLENGE_LEN; 1356 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) { 1357 IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 1358 "[%s] request encrypt frame (%s)\n", 1359 ether_sprintf(ni->ni_macaddr), __func__); 1360 m->m_flags |= M_LINK0; /* WEP-encrypt, please */ 1361 } 1362 } else 1363 m->m_pkthdr.len = m->m_len = 3 * sizeof(u_int16_t); 1364 1365 /* XXX not right for shared key */ 1366 if (status == IEEE80211_STATUS_SUCCESS) 1367 IEEE80211_NODE_STAT(ni, tx_auth); 1368 else 1369 IEEE80211_NODE_STAT(ni, tx_auth_fail); 1370 1371 if (ic->ic_opmode == IEEE80211_M_STA) 1372 timer = IEEE80211_TRANS_WAIT; 1373 break; 1374 1375 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1376 IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 1377 "[%s] send station deauthenticate (reason %d)\n", 1378 ether_sprintf(ni->ni_macaddr), arg); 1379 m = ieee80211_getmgtframe(&frm, sizeof(u_int16_t)); 1380 if (m == NULL) 1381 senderr(ENOMEM, is_tx_nobuf); 1382 *(u_int16_t *)frm = htole16(arg); /* reason */ 1383 m->m_pkthdr.len = m->m_len = sizeof(u_int16_t); 1384 1385 IEEE80211_NODE_STAT(ni, tx_deauth); 1386 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg); 1387 1388 ieee80211_node_unauthorize(ni); /* port closed */ 1389 break; 1390 1391 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1392 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 1393 /* 1394 * asreq frame format 1395 * [2] capability information 1396 * [2] listen interval 1397 * [6*] current AP address (reassoc only) 1398 * [tlv] ssid 1399 * [tlv] supported rates 1400 * [tlv] extended supported rates 1401 * [tlv] WME 1402 * [tlv] user-specified ie's 1403 */ 1404 m = ieee80211_getmgtframe(&frm, 1405 sizeof(u_int16_t) 1406 + sizeof(u_int16_t) 1407 + IEEE80211_ADDR_LEN 1408 + 2 + IEEE80211_NWID_LEN 1409 + 2 + IEEE80211_RATE_SIZE 1410 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 1411 + sizeof(struct ieee80211_wme_info) 1412 + (ic->ic_opt_ie != NULL ? ic->ic_opt_ie_len : 0) 1413 ); 1414 if (m == NULL) 1415 senderr(ENOMEM, is_tx_nobuf); 1416 1417 KASSERT(ic->ic_opmode == IEEE80211_M_STA, 1418 ("wrong mode %u", ic->ic_opmode)); 1419 capinfo = IEEE80211_CAPINFO_ESS; 1420 if (ic->ic_flags & IEEE80211_F_PRIVACY) 1421 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1422 /* 1423 * NB: Some 11a AP's reject the request when 1424 * short premable is set. 1425 */ 1426 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1427 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan)) 1428 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1429 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) && 1430 (ic->ic_caps & IEEE80211_C_SHSLOT)) 1431 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1432 *(u_int16_t *)frm = htole16(capinfo); 1433 frm += 2; 1434 1435 *(u_int16_t *)frm = htole16(ic->ic_lintval); 1436 frm += 2; 1437 1438 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1439 IEEE80211_ADDR_COPY(frm, ic->ic_bss->ni_bssid); 1440 frm += IEEE80211_ADDR_LEN; 1441 } 1442 1443 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1444 frm = ieee80211_add_rates(frm, &ni->ni_rates); 1445 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 1446 if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL) 1447 frm = ieee80211_add_wme_info(frm, &ic->ic_wme); 1448 if (ic->ic_opt_ie != NULL) { 1449 memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len); 1450 frm += ic->ic_opt_ie_len; 1451 } 1452 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1453 1454 timer = IEEE80211_TRANS_WAIT; 1455 break; 1456 1457 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 1458 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 1459 /* 1460 * asreq frame format 1461 * [2] capability information 1462 * [2] status 1463 * [2] association ID 1464 * [tlv] supported rates 1465 * [tlv] extended supported rates 1466 * [tlv] WME (if enabled and STA enabled) 1467 */ 1468 m = ieee80211_getmgtframe(&frm, 1469 sizeof(u_int16_t) 1470 + sizeof(u_int16_t) 1471 + sizeof(u_int16_t) 1472 + 2 + IEEE80211_RATE_SIZE 1473 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 1474 + sizeof(struct ieee80211_wme_param) 1475 ); 1476 if (m == NULL) 1477 senderr(ENOMEM, is_tx_nobuf); 1478 1479 capinfo = getcapinfo(ic, ic->ic_curchan); 1480 *(u_int16_t *)frm = htole16(capinfo); 1481 frm += 2; 1482 1483 *(u_int16_t *)frm = htole16(arg); /* status */ 1484 frm += 2; 1485 1486 if (arg == IEEE80211_STATUS_SUCCESS) { 1487 *(u_int16_t *)frm = htole16(ni->ni_associd); 1488 IEEE80211_NODE_STAT(ni, tx_assoc); 1489 } else 1490 IEEE80211_NODE_STAT(ni, tx_assoc_fail); 1491 frm += 2; 1492 1493 frm = ieee80211_add_rates(frm, &ni->ni_rates); 1494 frm = ieee80211_add_xrates(frm, &ni->ni_rates); 1495 if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL) 1496 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 1497 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1498 break; 1499 1500 case IEEE80211_FC0_SUBTYPE_DISASSOC: 1501 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1502 "[%s] send station disassociate (reason %d)\n", 1503 ether_sprintf(ni->ni_macaddr), arg); 1504 m = ieee80211_getmgtframe(&frm, sizeof(u_int16_t)); 1505 if (m == NULL) 1506 senderr(ENOMEM, is_tx_nobuf); 1507 *(u_int16_t *)frm = htole16(arg); /* reason */ 1508 m->m_pkthdr.len = m->m_len = sizeof(u_int16_t); 1509 1510 IEEE80211_NODE_STAT(ni, tx_disassoc); 1511 IEEE80211_NODE_STAT_SET(ni, tx_disassoc_code, arg); 1512 break; 1513 1514 default: 1515 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 1516 "[%s] invalid mgmt frame type %u\n", 1517 ether_sprintf(ni->ni_macaddr), type); 1518 senderr(EINVAL, is_tx_unknownmgt); 1519 /* NOTREACHED */ 1520 } 1521 ret = ieee80211_mgmt_output(ic, ni, m, type, timer); 1522 if (ret != 0) { 1523bad: 1524 ieee80211_free_node(ni); 1525 } 1526 return ret; 1527#undef senderr 1528} 1529 1530/* 1531 * Allocate a beacon frame and fillin the appropriate bits. 1532 */ 1533struct mbuf * 1534ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni, 1535 struct ieee80211_beacon_offsets *bo) 1536{ 1537 struct ifnet *ifp = ic->ic_ifp; 1538 struct ieee80211_frame *wh; 1539 struct mbuf *m; 1540 int pktlen; 1541 u_int8_t *frm, *efrm; 1542 u_int16_t capinfo; 1543 struct ieee80211_rateset *rs; 1544 1545 /* 1546 * beacon frame format 1547 * [8] time stamp 1548 * [2] beacon interval 1549 * [2] cabability information 1550 * [tlv] ssid 1551 * [tlv] supported rates 1552 * [3] parameter set (DS) 1553 * [tlv] parameter set (IBSS/TIM) 1554 * [tlv] extended rate phy (ERP) 1555 * [tlv] extended supported rates 1556 * [tlv] WME parameters 1557 * [tlv] WPA/RSN parameters 1558 * XXX Vendor-specific OIDs (e.g. Atheros) 1559 * NB: we allocate the max space required for the TIM bitmap. 1560 */ 1561 rs = &ni->ni_rates; 1562 pktlen = 8 /* time stamp */ 1563 + sizeof(u_int16_t) /* beacon interval */ 1564 + sizeof(u_int16_t) /* capabilities */ 1565 + 2 + ni->ni_esslen /* ssid */ 1566 + 2 + IEEE80211_RATE_SIZE /* supported rates */ 1567 + 2 + 1 /* DS parameters */ 1568 + 2 + 4 + ic->ic_tim_len /* DTIM/IBSSPARMS */ 1569 + 2 + 1 /* ERP */ 1570 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE) 1571 + (ic->ic_caps & IEEE80211_C_WME ? /* WME */ 1572 sizeof(struct ieee80211_wme_param) : 0) 1573 + (ic->ic_caps & IEEE80211_C_WPA ? /* WPA 1+2 */ 1574 2*sizeof(struct ieee80211_ie_wpa) : 0) 1575 ; 1576 m = ieee80211_getmgtframe(&frm, pktlen); 1577 if (m == NULL) { 1578 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 1579 "%s: cannot get buf; size %u\n", __func__, pktlen); 1580 ic->ic_stats.is_tx_nobuf++; 1581 return NULL; 1582 } 1583 1584 memset(frm, 0, 8); /* XXX timestamp is set by hardware/driver */ 1585 frm += 8; 1586 *(u_int16_t *)frm = htole16(ni->ni_intval); 1587 frm += 2; 1588 capinfo = getcapinfo(ic, ni->ni_chan); 1589 bo->bo_caps = (u_int16_t *)frm; 1590 *(u_int16_t *)frm = htole16(capinfo); 1591 frm += 2; 1592 *frm++ = IEEE80211_ELEMID_SSID; 1593 if ((ic->ic_flags & IEEE80211_F_HIDESSID) == 0) { 1594 *frm++ = ni->ni_esslen; 1595 memcpy(frm, ni->ni_essid, ni->ni_esslen); 1596 frm += ni->ni_esslen; 1597 } else 1598 *frm++ = 0; 1599 frm = ieee80211_add_rates(frm, rs); 1600 if (ic->ic_curmode != IEEE80211_MODE_FH) { 1601 *frm++ = IEEE80211_ELEMID_DSPARMS; 1602 *frm++ = 1; 1603 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 1604 } 1605 bo->bo_tim = frm; 1606 if (ic->ic_opmode == IEEE80211_M_IBSS) { 1607 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 1608 *frm++ = 2; 1609 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */ 1610 bo->bo_tim_len = 0; 1611 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 1612 struct ieee80211_tim_ie *tie = (struct ieee80211_tim_ie *) frm; 1613 1614 tie->tim_ie = IEEE80211_ELEMID_TIM; 1615 tie->tim_len = 4; /* length */ 1616 tie->tim_count = 0; /* DTIM count */ 1617 tie->tim_period = ic->ic_dtim_period; /* DTIM period */ 1618 tie->tim_bitctl = 0; /* bitmap control */ 1619 tie->tim_bitmap[0] = 0; /* Partial Virtual Bitmap */ 1620 frm += sizeof(struct ieee80211_tim_ie); 1621 bo->bo_tim_len = 1; 1622 } 1623 bo->bo_trailer = frm; 1624 if (ic->ic_flags & IEEE80211_F_WME) { 1625 bo->bo_wme = frm; 1626 frm = ieee80211_add_wme_param(frm, &ic->ic_wme); 1627 ic->ic_flags &= ~IEEE80211_F_WMEUPDATE; 1628 } 1629 if (ic->ic_flags & IEEE80211_F_WPA) 1630 frm = ieee80211_add_wpa(frm, ic); 1631 if (ic->ic_curmode == IEEE80211_MODE_11G) { 1632 bo->bo_erp = frm; 1633 frm = ieee80211_add_erp(frm, ic); 1634 } 1635 efrm = ieee80211_add_xrates(frm, rs); 1636 bo->bo_trailer_len = efrm - bo->bo_trailer; 1637 m->m_pkthdr.len = m->m_len = efrm - mtod(m, u_int8_t *); 1638 1639 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1640 KASSERT(m != NULL, ("no space for 802.11 header?")); 1641 wh = mtod(m, struct ieee80211_frame *); 1642 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 1643 IEEE80211_FC0_SUBTYPE_BEACON; 1644 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1645 *(u_int16_t *)wh->i_dur = 0; 1646 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr); 1647 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 1648 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 1649 *(u_int16_t *)wh->i_seq = 0; 1650 1651 return m; 1652} 1653 1654/* 1655 * Update the dynamic parts of a beacon frame based on the current state. 1656 */ 1657int 1658ieee80211_beacon_update(struct ieee80211com *ic, struct ieee80211_node *ni, 1659 struct ieee80211_beacon_offsets *bo, struct mbuf *m, int mcast) 1660{ 1661 int len_changed = 0; 1662 u_int16_t capinfo; 1663 1664 IEEE80211_BEACON_LOCK(ic); 1665 /* XXX faster to recalculate entirely or just changes? */ 1666 capinfo = getcapinfo(ic, ni->ni_chan); 1667 *bo->bo_caps = htole16(capinfo); 1668 1669 if (ic->ic_flags & IEEE80211_F_WME) { 1670 struct ieee80211_wme_state *wme = &ic->ic_wme; 1671 1672 /* 1673 * Check for agressive mode change. When there is 1674 * significant high priority traffic in the BSS 1675 * throttle back BE traffic by using conservative 1676 * parameters. Otherwise BE uses agressive params 1677 * to optimize performance of legacy/non-QoS traffic. 1678 */ 1679 if (wme->wme_flags & WME_F_AGGRMODE) { 1680 if (wme->wme_hipri_traffic > 1681 wme->wme_hipri_switch_thresh) { 1682 IEEE80211_DPRINTF(ic, IEEE80211_MSG_WME, 1683 "%s: traffic %u, disable aggressive mode\n", 1684 __func__, wme->wme_hipri_traffic); 1685 wme->wme_flags &= ~WME_F_AGGRMODE; 1686 ieee80211_wme_updateparams_locked(ic); 1687 wme->wme_hipri_traffic = 1688 wme->wme_hipri_switch_hysteresis; 1689 } else 1690 wme->wme_hipri_traffic = 0; 1691 } else { 1692 if (wme->wme_hipri_traffic <= 1693 wme->wme_hipri_switch_thresh) { 1694 IEEE80211_DPRINTF(ic, IEEE80211_MSG_WME, 1695 "%s: traffic %u, enable aggressive mode\n", 1696 __func__, wme->wme_hipri_traffic); 1697 wme->wme_flags |= WME_F_AGGRMODE; 1698 ieee80211_wme_updateparams_locked(ic); 1699 wme->wme_hipri_traffic = 0; 1700 } else 1701 wme->wme_hipri_traffic = 1702 wme->wme_hipri_switch_hysteresis; 1703 } 1704 if (ic->ic_flags & IEEE80211_F_WMEUPDATE) { 1705 (void) ieee80211_add_wme_param(bo->bo_wme, wme); 1706 ic->ic_flags &= ~IEEE80211_F_WMEUPDATE; 1707 } 1708 } 1709 1710 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { /* NB: no IBSS support*/ 1711 struct ieee80211_tim_ie *tie = 1712 (struct ieee80211_tim_ie *) bo->bo_tim; 1713 if (ic->ic_flags & IEEE80211_F_TIMUPDATE) { 1714 u_int timlen, timoff, i; 1715 /* 1716 * ATIM/DTIM needs updating. If it fits in the 1717 * current space allocated then just copy in the 1718 * new bits. Otherwise we need to move any trailing 1719 * data to make room. Note that we know there is 1720 * contiguous space because ieee80211_beacon_allocate 1721 * insures there is space in the mbuf to write a 1722 * maximal-size virtual bitmap (based on ic_max_aid). 1723 */ 1724 /* 1725 * Calculate the bitmap size and offset, copy any 1726 * trailer out of the way, and then copy in the 1727 * new bitmap and update the information element. 1728 * Note that the tim bitmap must contain at least 1729 * one byte and any offset must be even. 1730 */ 1731 if (ic->ic_ps_pending != 0) { 1732 timoff = 128; /* impossibly large */ 1733 for (i = 0; i < ic->ic_tim_len; i++) 1734 if (ic->ic_tim_bitmap[i]) { 1735 timoff = i &~ 1; 1736 break; 1737 } 1738 KASSERT(timoff != 128, ("tim bitmap empty!")); 1739 for (i = ic->ic_tim_len-1; i >= timoff; i--) 1740 if (ic->ic_tim_bitmap[i]) 1741 break; 1742 timlen = 1 + (i - timoff); 1743 } else { 1744 timoff = 0; 1745 timlen = 1; 1746 } 1747 if (timlen != bo->bo_tim_len) { 1748 /* copy up/down trailer */ 1749 int adjust = tie->tim_bitmap+timlen 1750 - bo->bo_trailer; 1751 ovbcopy(bo->bo_trailer, bo->bo_trailer+adjust, 1752 bo->bo_trailer_len); 1753 bo->bo_trailer += adjust; 1754 bo->bo_wme += adjust; 1755 bo->bo_erp += adjust; 1756 bo->bo_tim_len = timlen; 1757 1758 /* update information element */ 1759 tie->tim_len = 3 + timlen; 1760 tie->tim_bitctl = timoff; 1761 len_changed = 1; 1762 } 1763 memcpy(tie->tim_bitmap, ic->ic_tim_bitmap + timoff, 1764 bo->bo_tim_len); 1765 1766 ic->ic_flags &= ~IEEE80211_F_TIMUPDATE; 1767 1768 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, 1769 "%s: TIM updated, pending %u, off %u, len %u\n", 1770 __func__, ic->ic_ps_pending, timoff, timlen); 1771 } 1772 /* count down DTIM period */ 1773 if (tie->tim_count == 0) 1774 tie->tim_count = tie->tim_period - 1; 1775 else 1776 tie->tim_count--; 1777 /* update state for buffered multicast frames on DTIM */ 1778 if (mcast && tie->tim_count == 0) 1779 tie->tim_bitctl |= 1; 1780 else 1781 tie->tim_bitctl &= ~1; 1782 if (ic->ic_flags_ext & IEEE80211_FEXT_ERPUPDATE) { 1783 /* 1784 * ERP element needs updating. 1785 */ 1786 (void) ieee80211_add_erp(bo->bo_erp, ic); 1787 ic->ic_flags_ext &= ~IEEE80211_FEXT_ERPUPDATE; 1788 } 1789 } 1790 IEEE80211_BEACON_UNLOCK(ic); 1791 1792 return len_changed; 1793} 1794 1795/* 1796 * Save an outbound packet for a node in power-save sleep state. 1797 * The new packet is placed on the node's saved queue, and the TIM 1798 * is changed, if necessary. 1799 */ 1800void 1801ieee80211_pwrsave(struct ieee80211com *ic, struct ieee80211_node *ni, 1802 struct mbuf *m) 1803{ 1804 int qlen, age; 1805 1806 IEEE80211_NODE_SAVEQ_LOCK(ni); 1807 if (_IF_QFULL(&ni->ni_savedq)) { 1808 _IF_DROP(&ni->ni_savedq); 1809 IEEE80211_NODE_SAVEQ_UNLOCK(ni); 1810 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 1811 "[%s] pwr save q overflow, drops %d (size %d)\n", 1812 ether_sprintf(ni->ni_macaddr), 1813 ni->ni_savedq.ifq_drops, IEEE80211_PS_MAX_QUEUE); 1814#ifdef IEEE80211_DEBUG 1815 if (ieee80211_msg_dumppkts(ic)) 1816 ieee80211_dump_pkt(mtod(m, caddr_t), m->m_len, -1, -1); 1817#endif 1818 m_freem(m); 1819 return; 1820 } 1821 /* 1822 * Tag the frame with it's expiry time and insert 1823 * it in the queue. The aging interval is 4 times 1824 * the listen interval specified by the station. 1825 * Frames that sit around too long are reclaimed 1826 * using this information. 1827 */ 1828 /* XXX handle overflow? */ 1829 age = ((ni->ni_intval * ic->ic_bintval) << 2) / 1024; /* TU -> secs */ 1830 _IEEE80211_NODE_SAVEQ_ENQUEUE(ni, m, qlen, age); 1831 IEEE80211_NODE_SAVEQ_UNLOCK(ni); 1832 1833 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, 1834 "[%s] save frame with age %d, %u now queued\n", 1835 ether_sprintf(ni->ni_macaddr), age, qlen); 1836 1837 if (qlen == 1) 1838 ic->ic_set_tim(ni, 1); 1839} 1840