1 /* $OpenBSD: ieee80211_output.c,v 1.94 2015/03/14 03:38:51 jsg Exp $ */ 2 /* $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2007-2009 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "bpfilter.h" 34 #include "vlan.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/mbuf.h> 39 #include <sys/kernel.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/endian.h> 43 #include <sys/errno.h> 44 #include <sys/sysctl.h> 45 46 #include <net/if.h> 47 #include <net/if_dl.h> 48 #include <net/if_media.h> 49 #include <net/if_llc.h> 50 #include <net/bpf.h> 51 52 #include <netinet/in.h> 53 #include <netinet/if_ether.h> 54 #include <netinet/ip.h> 55 #ifdef INET6 56 #include <netinet/ip6.h> 57 #endif 58 59 #if NVLAN > 0 60 #include <net/if_types.h> 61 #include <net/if_vlan_var.h> 62 #endif 63 64 #include <net80211/ieee80211_var.h> 65 #include <net80211/ieee80211_priv.h> 66 67 int ieee80211_classify(struct ieee80211com *, struct mbuf *); 68 int ieee80211_mgmt_output(struct ifnet *, struct ieee80211_node *, 69 struct mbuf *, int); 70 u_int8_t *ieee80211_add_rsn_body(u_int8_t *, struct ieee80211com *, 71 const struct ieee80211_node *, int); 72 struct mbuf *ieee80211_getmgmt(int, int, u_int); 73 struct mbuf *ieee80211_get_probe_req(struct ieee80211com *, 74 struct ieee80211_node *); 75 #ifndef IEEE80211_STA_ONLY 76 struct mbuf *ieee80211_get_probe_resp(struct ieee80211com *, 77 struct ieee80211_node *); 78 #endif 79 struct mbuf *ieee80211_get_auth(struct ieee80211com *, 80 struct ieee80211_node *, u_int16_t, u_int16_t); 81 struct mbuf *ieee80211_get_deauth(struct ieee80211com *, 82 struct ieee80211_node *, u_int16_t); 83 struct mbuf *ieee80211_get_assoc_req(struct ieee80211com *, 84 struct ieee80211_node *, int); 85 #ifndef IEEE80211_STA_ONLY 86 struct mbuf *ieee80211_get_assoc_resp(struct ieee80211com *, 87 struct ieee80211_node *, u_int16_t); 88 #endif 89 struct mbuf *ieee80211_get_disassoc(struct ieee80211com *, 90 struct ieee80211_node *, u_int16_t); 91 #ifndef IEEE80211_NO_HT 92 struct mbuf *ieee80211_get_addba_req(struct ieee80211com *, 93 struct ieee80211_node *, u_int8_t); 94 struct mbuf *ieee80211_get_addba_resp(struct ieee80211com *, 95 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 96 struct mbuf *ieee80211_get_delba(struct ieee80211com *, 97 struct ieee80211_node *, u_int8_t, u_int8_t, u_int16_t); 98 #endif 99 struct mbuf *ieee80211_get_sa_query(struct ieee80211com *, 100 struct ieee80211_node *, u_int8_t); 101 struct mbuf *ieee80211_get_action(struct ieee80211com *, 102 struct ieee80211_node *, u_int8_t, u_int8_t, int); 103 104 /* 105 * IEEE 802.11 output routine. Normally this will directly call the 106 * Ethernet output routine because 802.11 encapsulation is called 107 * later by the driver. This function can be used to send raw frames 108 * if the mbuf has been tagged with a 802.11 data link type. 109 */ 110 int 111 ieee80211_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 112 struct rtentry *rt) 113 { 114 struct ieee80211_frame *wh; 115 struct m_tag *mtag; 116 int s, len, error = 0; 117 u_short mflags; 118 119 /* Interface has to be up and running */ 120 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) != 121 (IFF_UP | IFF_RUNNING)) { 122 error = ENETDOWN; 123 goto bad; 124 } 125 126 /* Try to get the DLT from a mbuf tag */ 127 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 128 struct ieee80211com *ic = (void *)ifp; 129 u_int dlt = *(u_int *)(mtag + 1); 130 131 /* Fallback to ethernet for non-802.11 linktypes */ 132 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 133 goto fallback; 134 135 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) 136 return (EINVAL); 137 wh = mtod(m, struct ieee80211_frame *); 138 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 139 IEEE80211_FC0_VERSION_0) 140 return (EINVAL); 141 if (!(ic->ic_caps & IEEE80211_C_RAWCTL) && 142 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 143 IEEE80211_FC0_TYPE_CTL) 144 return (EINVAL); 145 146 /* 147 * Queue message on interface without adding any 148 * further headers, and start output if interface not 149 * yet active. 150 */ 151 mflags = m->m_flags; 152 len = m->m_pkthdr.len; 153 s = splnet(); 154 IFQ_ENQUEUE(&ifp->if_snd, m, NULL, error); 155 if (error) { 156 /* mbuf is already freed */ 157 splx(s); 158 printf("%s: failed to queue raw tx frame\n", 159 ifp->if_xname); 160 return (error); 161 } 162 ifp->if_obytes += len; 163 if (mflags & M_MCAST) 164 ifp->if_omcasts++; 165 if ((ifp->if_flags & IFF_OACTIVE) == 0) 166 (*ifp->if_start)(ifp); 167 splx(s); 168 169 return (error); 170 } 171 172 fallback: 173 return (ether_output(ifp, m, dst, rt)); 174 175 bad: 176 if (m) 177 m_freem(m); 178 return (error); 179 } 180 181 /* 182 * Send a management frame to the specified node. The node pointer 183 * must have a reference as the pointer will be passed to the driver 184 * and potentially held for a long time. If the frame is successfully 185 * dispatched to the driver, then it is responsible for freeing the 186 * reference (and potentially free'ing up any associated storage). 187 */ 188 int 189 ieee80211_mgmt_output(struct ifnet *ifp, struct ieee80211_node *ni, 190 struct mbuf *m, int type) 191 { 192 struct ieee80211com *ic = (void *)ifp; 193 struct ieee80211_frame *wh; 194 195 if (ni == NULL) 196 panic("null node"); 197 ni->ni_inact = 0; 198 199 /* 200 * We want to pass the node down to the driver's start 201 * routine. We could stick this in an m_tag and tack that 202 * on to the mbuf. However that's rather expensive to do 203 * for every frame so instead we stuff it in a special pkthdr 204 * field. 205 */ 206 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 207 if (m == NULL) 208 return ENOMEM; 209 m->m_pkthdr.ph_cookie = ni; 210 211 wh = mtod(m, struct ieee80211_frame *); 212 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | type; 213 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 214 *(u_int16_t *)&wh->i_dur[0] = 0; 215 *(u_int16_t *)&wh->i_seq[0] = 216 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 217 ni->ni_txseq++; 218 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 219 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 220 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 221 222 /* check if protection is required for this mgmt frame */ 223 if ((ic->ic_caps & IEEE80211_C_MFP) && 224 (type == IEEE80211_FC0_SUBTYPE_DISASSOC || 225 type == IEEE80211_FC0_SUBTYPE_DEAUTH || 226 type == IEEE80211_FC0_SUBTYPE_ACTION)) { 227 /* 228 * Hack: we should not set the Protected bit in outgoing 229 * group management frames, however it is used as an 230 * indication to the drivers that they must encrypt the 231 * frame. Drivers should clear this bit from group 232 * management frames (software crypto code will do it). 233 * XXX could use an mbuf flag.. 234 */ 235 if (IEEE80211_IS_MULTICAST(wh->i_addr1) || 236 (ni->ni_flags & IEEE80211_NODE_TXMGMTPROT)) 237 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 238 } 239 240 if (ifp->if_flags & IFF_DEBUG) { 241 /* avoid to print too many frames */ 242 if ( 243 #ifndef IEEE80211_STA_ONLY 244 ic->ic_opmode == IEEE80211_M_IBSS || 245 #endif 246 #ifdef IEEE80211_DEBUG 247 ieee80211_debug > 1 || 248 #endif 249 (type & IEEE80211_FC0_SUBTYPE_MASK) != 250 IEEE80211_FC0_SUBTYPE_PROBE_RESP) 251 printf("%s: sending %s to %s on channel %u mode %s\n", 252 ifp->if_xname, 253 ieee80211_mgt_subtype_name[ 254 (type & IEEE80211_FC0_SUBTYPE_MASK) 255 >> IEEE80211_FC0_SUBTYPE_SHIFT], 256 ether_sprintf(ni->ni_macaddr), 257 ieee80211_chan2ieee(ic, ni->ni_chan), 258 ieee80211_phymode_name[ 259 ieee80211_chan2mode(ic, ni->ni_chan)]); 260 } 261 262 #ifndef IEEE80211_STA_ONLY 263 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 264 ieee80211_pwrsave(ic, m, ni) != 0) 265 return 0; 266 #endif 267 IF_ENQUEUE(&ic->ic_mgtq, m); 268 ifp->if_timer = 1; 269 (*ifp->if_start)(ifp); 270 return 0; 271 } 272 273 /*- 274 * EDCA tables are computed using the following formulas: 275 * 276 * 1) EDCATable (non-AP QSTA) 277 * 278 * AC CWmin CWmax AIFSN TXOP limit(ms) 279 * ------------------------------------------------------------- 280 * AC_BK aCWmin aCWmax 7 0 281 * AC_BE aCWmin aCWmax 3 0 282 * AC_VI (aCWmin+1)/2-1 aCWmin 2 agn=3.008 b=6.016 others=0 283 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 2 agn=1.504 b=3.264 others=0 284 * 285 * 2) QAPEDCATable (QAP) 286 * 287 * AC CWmin CWmax AIFSN TXOP limit(ms) 288 * ------------------------------------------------------------- 289 * AC_BK aCWmin aCWmax 7 0 290 * AC_BE aCWmin 4*(aCWmin+1)-1 3 0 291 * AC_VI (aCWmin+1)/2-1 aCWmin 1 agn=3.008 b=6.016 others=0 292 * AC_VO (aCWmin+1)/4-1 (aCWmin+1)/2-1 1 agn=1.504 b=3.264 others=0 293 * 294 * and the following aCWmin/aCWmax values: 295 * 296 * PHY aCWmin aCWmax 297 * --------------------------- 298 * 11A 15 1023 299 * 11B 31 1023 300 * 11G 15* 1023 (*) aCWmin(1) 301 * Turbo A/G 7 1023 (Atheros proprietary mode) 302 */ 303 #if 0 304 static const struct ieee80211_edca_ac_params 305 ieee80211_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 306 [IEEE80211_MODE_11B] = { 307 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 308 [EDCA_AC_BE] = { 5, 10, 3, 0 }, 309 [EDCA_AC_VI] = { 4, 5, 2, 188 }, 310 [EDCA_AC_VO] = { 3, 4, 2, 102 } 311 }, 312 [IEEE80211_MODE_11A] = { 313 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 314 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 315 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 316 [EDCA_AC_VO] = { 2, 3, 2, 47 } 317 }, 318 [IEEE80211_MODE_11G] = { 319 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 320 [EDCA_AC_BE] = { 4, 10, 3, 0 }, 321 [EDCA_AC_VI] = { 3, 4, 2, 94 }, 322 [EDCA_AC_VO] = { 2, 3, 2, 47 } 323 }, 324 [IEEE80211_MODE_TURBO] = { 325 [EDCA_AC_BK] = { 3, 10, 7, 0 }, 326 [EDCA_AC_BE] = { 3, 10, 2, 0 }, 327 [EDCA_AC_VI] = { 2, 3, 2, 94 }, 328 [EDCA_AC_VO] = { 2, 2, 1, 47 } 329 } 330 }; 331 #endif 332 333 #ifndef IEEE80211_STA_ONLY 334 static const struct ieee80211_edca_ac_params 335 ieee80211_qap_edca_table[IEEE80211_MODE_MAX][EDCA_NUM_AC] = { 336 [IEEE80211_MODE_11B] = { 337 [EDCA_AC_BK] = { 5, 10, 7, 0 }, 338 [EDCA_AC_BE] = { 5, 7, 3, 0 }, 339 [EDCA_AC_VI] = { 4, 5, 1, 188 }, 340 [EDCA_AC_VO] = { 3, 4, 1, 102 } 341 }, 342 [IEEE80211_MODE_11A] = { 343 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 344 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 345 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 346 [EDCA_AC_VO] = { 2, 3, 1, 47 } 347 }, 348 [IEEE80211_MODE_11G] = { 349 [EDCA_AC_BK] = { 4, 10, 7, 0 }, 350 [EDCA_AC_BE] = { 4, 6, 3, 0 }, 351 [EDCA_AC_VI] = { 3, 4, 1, 94 }, 352 [EDCA_AC_VO] = { 2, 3, 1, 47 } 353 }, 354 [IEEE80211_MODE_TURBO] = { 355 [EDCA_AC_BK] = { 3, 10, 7, 0 }, 356 [EDCA_AC_BE] = { 3, 5, 2, 0 }, 357 [EDCA_AC_VI] = { 2, 3, 1, 94 }, 358 [EDCA_AC_VO] = { 2, 2, 1, 47 } 359 } 360 }; 361 #endif /* IEEE80211_STA_ONLY */ 362 363 /* 364 * Return the EDCA Access Category to be used for transmitting a frame with 365 * user-priority `up'. 366 */ 367 enum ieee80211_edca_ac 368 ieee80211_up_to_ac(struct ieee80211com *ic, int up) 369 { 370 /* see Table 9-1 */ 371 static const enum ieee80211_edca_ac up_to_ac[] = { 372 EDCA_AC_BE, /* BE */ 373 EDCA_AC_BK, /* BK */ 374 EDCA_AC_BK, /* -- */ 375 EDCA_AC_BE, /* EE */ 376 EDCA_AC_VI, /* CL */ 377 EDCA_AC_VI, /* VI */ 378 EDCA_AC_VO, /* VO */ 379 EDCA_AC_VO /* NC */ 380 }; 381 enum ieee80211_edca_ac ac; 382 383 ac = (up <= 7) ? up_to_ac[up] : EDCA_AC_BE; 384 385 #ifndef IEEE80211_STA_ONLY 386 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 387 return ac; 388 #endif 389 /* 390 * We do not support the admission control procedure defined in 391 * IEEE Std 802.11-2007 section 9.9.3.1.2. The spec says that 392 * non-AP QSTAs that don't support this procedure shall use EDCA 393 * parameters of a lower priority AC that does not require 394 * admission control. 395 */ 396 while (ac != EDCA_AC_BK && ic->ic_edca_ac[ac].ac_acm) { 397 switch (ac) { 398 case EDCA_AC_BK: 399 /* can't get there */ 400 break; 401 case EDCA_AC_BE: 402 /* BE shouldn't require admission control */ 403 ac = EDCA_AC_BK; 404 break; 405 case EDCA_AC_VI: 406 ac = EDCA_AC_BE; 407 break; 408 case EDCA_AC_VO: 409 ac = EDCA_AC_VI; 410 break; 411 } 412 } 413 return ac; 414 } 415 416 /* 417 * Get mbuf's user-priority: if mbuf is not VLAN tagged, select user-priority 418 * based on the DSCP (Differentiated Services Codepoint) field. 419 */ 420 int 421 ieee80211_classify(struct ieee80211com *ic, struct mbuf *m) 422 { 423 struct ether_header *eh; 424 u_int8_t ds_field; 425 #if NVLAN > 0 426 if (m->m_flags & M_VLANTAG) /* use VLAN 802.1D user-priority */ 427 return EVL_PRIOFTAG(m->m_pkthdr.ether_vtag); 428 #endif 429 eh = mtod(m, struct ether_header *); 430 if (eh->ether_type == htons(ETHERTYPE_IP)) { 431 struct ip *ip = (struct ip *)&eh[1]; 432 if (ip->ip_v != 4) 433 return 0; 434 ds_field = ip->ip_tos; 435 } 436 #ifdef INET6 437 else if (eh->ether_type == htons(ETHERTYPE_IPV6)) { 438 struct ip6_hdr *ip6 = (struct ip6_hdr *)&eh[1]; 439 u_int32_t flowlabel; 440 441 flowlabel = ntohl(ip6->ip6_flow); 442 if ((flowlabel >> 28) != 6) 443 return 0; 444 ds_field = (flowlabel >> 20) & 0xff; 445 } 446 #endif /* INET6 */ 447 else /* neither IPv4 nor IPv6 */ 448 return 0; 449 450 /* 451 * Map Differentiated Services Codepoint field (see RFC2474). 452 * Preserves backward compatibility with IP Precedence field. 453 */ 454 switch (ds_field & 0xfc) { 455 case IPTOS_PREC_PRIORITY: 456 return 2; 457 case IPTOS_PREC_IMMEDIATE: 458 return 1; 459 case IPTOS_PREC_FLASH: 460 return 3; 461 case IPTOS_PREC_FLASHOVERRIDE: 462 return 4; 463 case IPTOS_PREC_CRITIC_ECP: 464 return 5; 465 case IPTOS_PREC_INTERNETCONTROL: 466 return 6; 467 case IPTOS_PREC_NETCONTROL: 468 return 7; 469 } 470 return 0; /* default to Best-Effort */ 471 } 472 473 /* 474 * Encapsulate an outbound data frame. The mbuf chain is updated and 475 * a reference to the destination node is returned. If an error is 476 * encountered NULL is returned and the node reference will also be NULL. 477 * 478 * NB: The caller is responsible for free'ing a returned node reference. 479 * The convention is ic_bss is not reference counted; the caller must 480 * maintain that. 481 */ 482 struct mbuf * 483 ieee80211_encap(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node **pni) 484 { 485 struct ieee80211com *ic = (void *)ifp; 486 struct ether_header eh; 487 struct ieee80211_frame *wh; 488 struct ieee80211_node *ni = NULL; 489 struct llc *llc; 490 struct m_tag *mtag; 491 u_int8_t *addr; 492 u_int dlt, hdrlen; 493 int addqos, tid; 494 495 /* Handle raw frames if mbuf is tagged as 802.11 */ 496 if ((mtag = m_tag_find(m, PACKET_TAG_DLT, NULL)) != NULL) { 497 dlt = *(u_int *)(mtag + 1); 498 499 if (!(dlt == DLT_IEEE802_11 || dlt == DLT_IEEE802_11_RADIO)) 500 goto fallback; 501 502 wh = mtod(m, struct ieee80211_frame *); 503 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 504 case IEEE80211_FC1_DIR_NODS: 505 case IEEE80211_FC1_DIR_FROMDS: 506 addr = wh->i_addr1; 507 break; 508 case IEEE80211_FC1_DIR_DSTODS: 509 case IEEE80211_FC1_DIR_TODS: 510 addr = wh->i_addr3; 511 break; 512 default: 513 goto bad; 514 } 515 516 ni = ieee80211_find_txnode(ic, addr); 517 if (ni == NULL) 518 ni = ieee80211_ref_node(ic->ic_bss); 519 if (ni == NULL) { 520 printf("%s: no node for dst %s, " 521 "discard raw tx frame\n", ifp->if_xname, 522 ether_sprintf(addr)); 523 ic->ic_stats.is_tx_nonode++; 524 goto bad; 525 } 526 ni->ni_inact = 0; 527 528 *pni = ni; 529 return (m); 530 } 531 532 fallback: 533 if (m->m_len < sizeof(struct ether_header)) { 534 m = m_pullup(m, sizeof(struct ether_header)); 535 if (m == NULL) { 536 ic->ic_stats.is_tx_nombuf++; 537 goto bad; 538 } 539 } 540 memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header)); 541 542 ni = ieee80211_find_txnode(ic, eh.ether_dhost); 543 if (ni == NULL) { 544 DPRINTF(("no node for dst %s, discard frame\n", 545 ether_sprintf(eh.ether_dhost))); 546 ic->ic_stats.is_tx_nonode++; 547 goto bad; 548 } 549 550 if ((ic->ic_flags & IEEE80211_F_RSNON) && 551 !ni->ni_port_valid && 552 eh.ether_type != htons(ETHERTYPE_PAE)) { 553 DPRINTF(("port not valid: %s\n", 554 ether_sprintf(eh.ether_dhost))); 555 ic->ic_stats.is_tx_noauth++; 556 goto bad; 557 } 558 559 if ((ic->ic_flags & IEEE80211_F_COUNTERM) && 560 ni->ni_rsncipher == IEEE80211_CIPHER_TKIP) 561 /* XXX TKIP countermeasures! */; 562 563 ni->ni_inact = 0; 564 565 if ((ic->ic_flags & IEEE80211_F_QOS) && 566 (ni->ni_flags & IEEE80211_NODE_QOS) && 567 /* do not QoS-encapsulate EAPOL frames */ 568 eh.ether_type != htons(ETHERTYPE_PAE)) { 569 tid = ieee80211_classify(ic, m); 570 hdrlen = sizeof(struct ieee80211_qosframe); 571 addqos = 1; 572 } else { 573 hdrlen = sizeof(struct ieee80211_frame); 574 addqos = 0; 575 } 576 m_adj(m, sizeof(struct ether_header) - LLC_SNAPFRAMELEN); 577 llc = mtod(m, struct llc *); 578 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP; 579 llc->llc_control = LLC_UI; 580 llc->llc_snap.org_code[0] = 0; 581 llc->llc_snap.org_code[1] = 0; 582 llc->llc_snap.org_code[2] = 0; 583 llc->llc_snap.ether_type = eh.ether_type; 584 M_PREPEND(m, hdrlen, M_DONTWAIT); 585 if (m == NULL) { 586 ic->ic_stats.is_tx_nombuf++; 587 goto bad; 588 } 589 wh = mtod(m, struct ieee80211_frame *); 590 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA; 591 *(u_int16_t *)&wh->i_dur[0] = 0; 592 if (addqos) { 593 struct ieee80211_qosframe *qwh = 594 (struct ieee80211_qosframe *)wh; 595 u_int16_t qos = tid; 596 597 if (ic->ic_tid_noack & (1 << tid)) 598 qos |= IEEE80211_QOS_ACK_POLICY_NOACK; 599 #ifndef IEEE80211_NO_HT 600 else if (ni->ni_tx_ba[tid].ba_state == IEEE80211_BA_AGREED) 601 qos |= IEEE80211_QOS_ACK_POLICY_BA; 602 #endif 603 qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS; 604 *(u_int16_t *)qwh->i_qos = htole16(qos); 605 *(u_int16_t *)qwh->i_seq = 606 htole16(ni->ni_qos_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT); 607 ni->ni_qos_txseqs[tid]++; 608 } else { 609 *(u_int16_t *)&wh->i_seq[0] = 610 htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT); 611 ni->ni_txseq++; 612 } 613 switch (ic->ic_opmode) { 614 case IEEE80211_M_STA: 615 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS; 616 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid); 617 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 618 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost); 619 break; 620 #ifndef IEEE80211_STA_ONLY 621 case IEEE80211_M_IBSS: 622 case IEEE80211_M_AHDEMO: 623 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 624 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 625 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost); 626 IEEE80211_ADDR_COPY(wh->i_addr3, ic->ic_bss->ni_bssid); 627 break; 628 case IEEE80211_M_HOSTAP: 629 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS; 630 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost); 631 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid); 632 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost); 633 break; 634 #endif 635 default: 636 /* should not get there */ 637 goto bad; 638 } 639 640 if ((ic->ic_flags & IEEE80211_F_WEPON) || 641 ((ic->ic_flags & IEEE80211_F_RSNON) && 642 (ni->ni_flags & IEEE80211_NODE_TXPROT))) 643 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED; 644 645 #ifndef IEEE80211_STA_ONLY 646 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 647 ieee80211_pwrsave(ic, m, ni) != 0) { 648 *pni = NULL; 649 return NULL; 650 } 651 #endif 652 *pni = ni; 653 return m; 654 bad: 655 if (m != NULL) 656 m_freem(m); 657 if (ni != NULL) 658 ieee80211_release_node(ic, ni); 659 *pni = NULL; 660 return NULL; 661 } 662 663 /* 664 * Add a Capability Information field to a frame (see 7.3.1.4). 665 */ 666 u_int8_t * 667 ieee80211_add_capinfo(u_int8_t *frm, struct ieee80211com *ic, 668 const struct ieee80211_node *ni) 669 { 670 u_int16_t capinfo; 671 672 #ifndef IEEE80211_STA_ONLY 673 if (ic->ic_opmode == IEEE80211_M_IBSS) 674 capinfo = IEEE80211_CAPINFO_IBSS; 675 else if (ic->ic_opmode == IEEE80211_M_HOSTAP) 676 capinfo = IEEE80211_CAPINFO_ESS; 677 else 678 #endif 679 capinfo = 0; 680 #ifndef IEEE80211_STA_ONLY 681 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 682 (ic->ic_flags & (IEEE80211_F_WEPON | IEEE80211_F_RSNON))) 683 capinfo |= IEEE80211_CAPINFO_PRIVACY; 684 #endif 685 /* NB: some 11a AP's reject the request when short preamble is set */ 686 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 687 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 688 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 689 if (ic->ic_flags & IEEE80211_F_SHSLOT) 690 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 691 LE_WRITE_2(frm, capinfo); 692 return frm + 2; 693 } 694 695 /* 696 * Add an SSID element to a frame (see 7.3.2.1). 697 */ 698 u_int8_t * 699 ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len) 700 { 701 *frm++ = IEEE80211_ELEMID_SSID; 702 *frm++ = len; 703 memcpy(frm, ssid, len); 704 return frm + len; 705 } 706 707 /* 708 * Add a supported rates element to a frame (see 7.3.2.2). 709 */ 710 u_int8_t * 711 ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs) 712 { 713 int nrates; 714 715 *frm++ = IEEE80211_ELEMID_RATES; 716 nrates = min(rs->rs_nrates, IEEE80211_RATE_SIZE); 717 *frm++ = nrates; 718 memcpy(frm, rs->rs_rates, nrates); 719 return frm + nrates; 720 } 721 722 #ifndef IEEE80211_STA_ONLY 723 /* 724 * Add a DS Parameter Set element to a frame (see 7.3.2.4). 725 */ 726 u_int8_t * 727 ieee80211_add_ds_params(u_int8_t *frm, struct ieee80211com *ic, 728 const struct ieee80211_node *ni) 729 { 730 *frm++ = IEEE80211_ELEMID_DSPARMS; 731 *frm++ = 1; 732 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan); 733 return frm; 734 } 735 736 /* 737 * Add a TIM element to a frame (see 7.3.2.6 and Annex L). 738 */ 739 u_int8_t * 740 ieee80211_add_tim(u_int8_t *frm, struct ieee80211com *ic) 741 { 742 u_int i, offset = 0, len; 743 744 /* find first non-zero octet in the virtual bit map */ 745 for (i = 0; i < ic->ic_tim_len && ic->ic_tim_bitmap[i] == 0; i++); 746 747 /* clear the lsb as it is reserved for the broadcast indication bit */ 748 if (i < ic->ic_tim_len) 749 offset = i & ~1; 750 751 /* find last non-zero octet in the virtual bit map */ 752 for (i = ic->ic_tim_len - 1; i > 0 && ic->ic_tim_bitmap[i] == 0; i--); 753 754 len = i - offset + 1; 755 756 *frm++ = IEEE80211_ELEMID_TIM; 757 *frm++ = len + 3; /* length */ 758 *frm++ = ic->ic_dtim_count; /* DTIM count */ 759 *frm++ = ic->ic_dtim_period; /* DTIM period */ 760 761 /* Bitmap Control */ 762 *frm = offset; 763 /* set broadcast/multicast indication bit if necessary */ 764 if (ic->ic_dtim_count == 0 && ic->ic_tim_mcast_pending) 765 *frm |= 0x01; 766 frm++; 767 768 /* Partial Virtual Bitmap */ 769 memcpy(frm, &ic->ic_tim_bitmap[offset], len); 770 return frm + len; 771 } 772 773 /* 774 * Add an IBSS Parameter Set element to a frame (see 7.3.2.7). 775 */ 776 u_int8_t * 777 ieee80211_add_ibss_params(u_int8_t *frm, const struct ieee80211_node *ni) 778 { 779 *frm++ = IEEE80211_ELEMID_IBSSPARMS; 780 *frm++ = 2; 781 LE_WRITE_2(frm, 0); /* TODO: ATIM window */ 782 return frm + 2; 783 } 784 785 /* 786 * Add an EDCA Parameter Set element to a frame (see 7.3.2.29). 787 */ 788 u_int8_t * 789 ieee80211_add_edca_params(u_int8_t *frm, struct ieee80211com *ic) 790 { 791 const struct ieee80211_edca_ac_params *edca; 792 int aci; 793 794 *frm++ = IEEE80211_ELEMID_EDCAPARMS; 795 *frm++ = 18; /* length */ 796 *frm++ = 0; /* QoS Info */ 797 *frm++ = 0; /* reserved */ 798 799 /* setup AC Parameter Records */ 800 edca = ieee80211_qap_edca_table[ic->ic_curmode]; 801 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 802 const struct ieee80211_edca_ac_params *ac = &edca[aci]; 803 804 *frm++ = (aci << 5) | ((ac->ac_acm & 0x1) << 4) | 805 (ac->ac_aifsn & 0xf); 806 *frm++ = (ac->ac_ecwmax << 4) | 807 (ac->ac_ecwmin & 0xf); 808 LE_WRITE_2(frm, ac->ac_txoplimit); frm += 2; 809 } 810 return frm; 811 } 812 813 /* 814 * Add an ERP element to a frame (see 7.3.2.13). 815 */ 816 u_int8_t * 817 ieee80211_add_erp(u_int8_t *frm, struct ieee80211com *ic) 818 { 819 u_int8_t erp; 820 821 *frm++ = IEEE80211_ELEMID_ERP; 822 *frm++ = 1; 823 erp = 0; 824 /* 825 * The NonERP_Present bit shall be set to 1 when a NonERP STA 826 * is associated with the BSS. 827 */ 828 if (ic->ic_nonerpsta != 0) 829 erp |= IEEE80211_ERP_NON_ERP_PRESENT; 830 /* 831 * If one or more NonERP STAs are associated in the BSS, the 832 * Use_Protection bit shall be set to 1 in transmitted ERP 833 * Information Elements. 834 */ 835 if (ic->ic_flags & IEEE80211_F_USEPROT) 836 erp |= IEEE80211_ERP_USE_PROTECTION; 837 /* 838 * The Barker_Preamble_Mode bit shall be set to 1 by the ERP 839 * Information Element sender if one or more associated NonERP 840 * STAs are not short preamble capable. 841 */ 842 if (!(ic->ic_flags & IEEE80211_F_SHPREAMBLE)) 843 erp |= IEEE80211_ERP_BARKER_MODE; 844 *frm++ = erp; 845 return frm; 846 } 847 #endif /* IEEE80211_STA_ONLY */ 848 849 /* 850 * Add a QoS Capability element to a frame (see 7.3.2.35). 851 */ 852 u_int8_t * 853 ieee80211_add_qos_capability(u_int8_t *frm, struct ieee80211com *ic) 854 { 855 *frm++ = IEEE80211_ELEMID_QOS_CAP; 856 *frm++ = 1; 857 *frm++ = 0; /* QoS Info */ 858 return frm; 859 } 860 861 /* 862 * Add an RSN element to a frame (see 7.3.2.25). 863 */ 864 u_int8_t * 865 ieee80211_add_rsn_body(u_int8_t *frm, struct ieee80211com *ic, 866 const struct ieee80211_node *ni, int wpa) 867 { 868 const u_int8_t *oui = wpa ? MICROSOFT_OUI : IEEE80211_OUI; 869 u_int8_t *pcount; 870 u_int16_t count; 871 872 /* write Version field */ 873 LE_WRITE_2(frm, 1); frm += 2; 874 875 /* write Group Data Cipher Suite field (see Table 20da) */ 876 memcpy(frm, oui, 3); frm += 3; 877 switch (ni->ni_rsngroupcipher) { 878 case IEEE80211_CIPHER_WEP40: 879 *frm++ = 1; 880 break; 881 case IEEE80211_CIPHER_TKIP: 882 *frm++ = 2; 883 break; 884 case IEEE80211_CIPHER_CCMP: 885 *frm++ = 4; 886 break; 887 case IEEE80211_CIPHER_WEP104: 888 *frm++ = 5; 889 break; 890 default: 891 /* can't get there */ 892 panic("invalid group data cipher!"); 893 } 894 895 pcount = frm; frm += 2; 896 count = 0; 897 /* write Pairwise Cipher Suite List */ 898 if (ni->ni_rsnciphers & IEEE80211_CIPHER_USEGROUP) { 899 memcpy(frm, oui, 3); frm += 3; 900 *frm++ = 0; 901 count++; 902 } 903 if (ni->ni_rsnciphers & IEEE80211_CIPHER_TKIP) { 904 memcpy(frm, oui, 3); frm += 3; 905 *frm++ = 2; 906 count++; 907 } 908 if (ni->ni_rsnciphers & IEEE80211_CIPHER_CCMP) { 909 memcpy(frm, oui, 3); frm += 3; 910 *frm++ = 4; 911 count++; 912 } 913 /* write Pairwise Cipher Suite Count field */ 914 LE_WRITE_2(pcount, count); 915 916 pcount = frm; frm += 2; 917 count = 0; 918 /* write AKM Suite List (see Table 20dc) */ 919 if (ni->ni_rsnakms & IEEE80211_AKM_8021X) { 920 memcpy(frm, oui, 3); frm += 3; 921 *frm++ = 1; 922 count++; 923 } 924 if (ni->ni_rsnakms & IEEE80211_AKM_PSK) { 925 memcpy(frm, oui, 3); frm += 3; 926 *frm++ = 2; 927 count++; 928 } 929 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_8021X)) { 930 memcpy(frm, oui, 3); frm += 3; 931 *frm++ = 5; 932 count++; 933 } 934 if (!wpa && (ni->ni_rsnakms & IEEE80211_AKM_SHA256_PSK)) { 935 memcpy(frm, oui, 3); frm += 3; 936 *frm++ = 6; 937 count++; 938 } 939 /* write AKM Suite List Count field */ 940 LE_WRITE_2(pcount, count); 941 942 if (wpa) 943 return frm; 944 945 /* write RSN Capabilities field */ 946 LE_WRITE_2(frm, ni->ni_rsncaps); frm += 2; 947 948 if (ni->ni_flags & IEEE80211_NODE_PMKID) { 949 /* write PMKID Count field */ 950 LE_WRITE_2(frm, 1); frm += 2; 951 /* write PMKID List (only 1) */ 952 memcpy(frm, ni->ni_pmkid, IEEE80211_PMKID_LEN); 953 frm += IEEE80211_PMKID_LEN; 954 } else { 955 /* no PMKID (PMKID Count=0) */ 956 LE_WRITE_2(frm, 0); frm += 2; 957 } 958 959 if (!(ic->ic_caps & IEEE80211_C_MFP)) 960 return frm; 961 962 /* write Group Integrity Cipher Suite field */ 963 memcpy(frm, oui, 3); frm += 3; 964 switch (ic->ic_rsngroupmgmtcipher) { 965 case IEEE80211_CIPHER_BIP: 966 *frm++ = 6; 967 break; 968 default: 969 /* can't get there */ 970 panic("invalid integrity group cipher!"); 971 } 972 return frm; 973 } 974 975 u_int8_t * 976 ieee80211_add_rsn(u_int8_t *frm, struct ieee80211com *ic, 977 const struct ieee80211_node *ni) 978 { 979 u_int8_t *plen; 980 981 *frm++ = IEEE80211_ELEMID_RSN; 982 plen = frm++; /* length filled in later */ 983 frm = ieee80211_add_rsn_body(frm, ic, ni, 0); 984 985 /* write length field */ 986 *plen = frm - plen - 1; 987 return frm; 988 } 989 990 /* 991 * Add a vendor-specific WPA element to a frame. 992 * This is required for compatibility with Wi-Fi Alliance WPA. 993 */ 994 u_int8_t * 995 ieee80211_add_wpa(u_int8_t *frm, struct ieee80211com *ic, 996 const struct ieee80211_node *ni) 997 { 998 u_int8_t *plen; 999 1000 *frm++ = IEEE80211_ELEMID_VENDOR; 1001 plen = frm++; /* length filled in later */ 1002 memcpy(frm, MICROSOFT_OUI, 3); frm += 3; 1003 *frm++ = 1; /* WPA */ 1004 frm = ieee80211_add_rsn_body(frm, ic, ni, 1); 1005 1006 /* write length field */ 1007 *plen = frm - plen - 1; 1008 return frm; 1009 } 1010 1011 /* 1012 * Add an extended supported rates element to a frame (see 7.3.2.14). 1013 */ 1014 u_int8_t * 1015 ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs) 1016 { 1017 int nrates; 1018 1019 KASSERT(rs->rs_nrates > IEEE80211_RATE_SIZE); 1020 1021 *frm++ = IEEE80211_ELEMID_XRATES; 1022 nrates = rs->rs_nrates - IEEE80211_RATE_SIZE; 1023 *frm++ = nrates; 1024 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates); 1025 return frm + nrates; 1026 } 1027 1028 #ifndef IEEE80211_NO_HT 1029 /* 1030 * Add an HT Capabilities element to a frame (see 7.3.2.57). 1031 */ 1032 u_int8_t * 1033 ieee80211_add_htcaps(u_int8_t *frm, struct ieee80211com *ic) 1034 { 1035 *frm++ = IEEE80211_ELEMID_HTCAPS; 1036 *frm++ = 26; 1037 LE_WRITE_2(frm, ic->ic_htcaps); frm += 2; 1038 *frm++ = 0; 1039 memcpy(frm, ic->ic_sup_mcs, 16); frm += 16; 1040 LE_WRITE_2(frm, ic->ic_htxcaps); frm += 2; 1041 LE_WRITE_4(frm, ic->ic_txbfcaps); frm += 4; 1042 *frm++ = ic->ic_aselcaps; 1043 return frm; 1044 } 1045 1046 #ifndef IEEE80211_STA_ONLY 1047 /* 1048 * Add an HT Operation element to a frame (see 7.3.2.58). 1049 */ 1050 u_int8_t * 1051 ieee80211_add_htop(u_int8_t *frm, struct ieee80211com *ic) 1052 { 1053 *frm++ = IEEE80211_ELEMID_HTOP; 1054 *frm++ = 22; 1055 *frm++ = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1056 LE_WRITE_2(frm, 0); frm += 2; 1057 LE_WRITE_2(frm, 0); frm += 2; 1058 memset(frm, 0, 16); frm += 16; 1059 return frm; 1060 } 1061 #endif /* !IEEE80211_STA_ONLY */ 1062 #endif /* !IEEE80211_NO_HT */ 1063 1064 #ifndef IEEE80211_STA_ONLY 1065 /* 1066 * Add a Timeout Interval element to a frame (see 7.3.2.49). 1067 */ 1068 u_int8_t * 1069 ieee80211_add_tie(u_int8_t *frm, u_int8_t type, u_int32_t value) 1070 { 1071 *frm++ = IEEE80211_ELEMID_TIE; 1072 *frm++ = 5; /* length */ 1073 *frm++ = type; /* Timeout Interval type */ 1074 LE_WRITE_4(frm, value); 1075 return frm + 4; 1076 } 1077 #endif 1078 1079 struct mbuf * 1080 ieee80211_getmgmt(int flags, int type, u_int pktlen) 1081 { 1082 struct mbuf *m; 1083 1084 /* reserve space for 802.11 header */ 1085 pktlen += sizeof(struct ieee80211_frame); 1086 1087 if (pktlen > MCLBYTES) 1088 panic("management frame too large: %u", pktlen); 1089 MGETHDR(m, flags, type); 1090 if (m == NULL) 1091 return NULL; 1092 if (pktlen > MHLEN) { 1093 MCLGET(m, flags); 1094 if (!(m->m_flags & M_EXT)) 1095 return m_free(m); 1096 } 1097 m->m_data += sizeof(struct ieee80211_frame); 1098 return m; 1099 } 1100 1101 /*- 1102 * Probe request frame format: 1103 * [tlv] SSID 1104 * [tlv] Supported rates 1105 * [tlv] Extended Supported Rates (802.11g) 1106 * [tlv] HT Capabilities (802.11n) 1107 */ 1108 struct mbuf * 1109 ieee80211_get_probe_req(struct ieee80211com *ic, struct ieee80211_node *ni) 1110 { 1111 const struct ieee80211_rateset *rs = 1112 &ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 1113 struct mbuf *m; 1114 u_int8_t *frm; 1115 1116 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1117 2 + ic->ic_des_esslen + 1118 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1119 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1120 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1121 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 : 0)); 1122 if (m == NULL) 1123 return NULL; 1124 1125 frm = mtod(m, u_int8_t *); 1126 frm = ieee80211_add_ssid(frm, ic->ic_des_essid, ic->ic_des_esslen); 1127 frm = ieee80211_add_rates(frm, rs); 1128 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1129 frm = ieee80211_add_xrates(frm, rs); 1130 #ifndef IEEE80211_NO_HT 1131 if (ni->ni_flags & IEEE80211_NODE_HT) 1132 frm = ieee80211_add_htcaps(frm, ic); 1133 #endif 1134 1135 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1136 1137 return m; 1138 } 1139 1140 #ifndef IEEE80211_STA_ONLY 1141 /*- 1142 * Probe response frame format: 1143 * [8] Timestamp 1144 * [2] Beacon interval 1145 * [2] Capability 1146 * [tlv] Service Set Identifier (SSID) 1147 * [tlv] Supported rates 1148 * [tlv] DS Parameter Set (802.11g) 1149 * [tlv] ERP Information (802.11g) 1150 * [tlv] Extended Supported Rates (802.11g) 1151 * [tlv] RSN (802.11i) 1152 * [tlv] EDCA Parameter Set (802.11e) 1153 * [tlv] HT Capabilities (802.11n) 1154 * [tlv] HT Operation (802.11n) 1155 */ 1156 struct mbuf * 1157 ieee80211_get_probe_resp(struct ieee80211com *ic, struct ieee80211_node *ni) 1158 { 1159 const struct ieee80211_rateset *rs = &ic->ic_bss->ni_rates; 1160 struct mbuf *m; 1161 u_int8_t *frm; 1162 1163 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1164 8 + 2 + 2 + 1165 2 + ni->ni_esslen + 1166 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1167 2 + 1 + 1168 ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 + 2 : 0) + 1169 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1170 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1171 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1172 (((ic->ic_flags & IEEE80211_F_RSNON) && 1173 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1174 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1175 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1176 (((ic->ic_flags & IEEE80211_F_RSNON) && 1177 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1178 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1179 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1180 if (m == NULL) 1181 return NULL; 1182 1183 frm = mtod(m, u_int8_t *); 1184 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1185 LE_WRITE_2(frm, ic->ic_bss->ni_intval); frm += 2; 1186 frm = ieee80211_add_capinfo(frm, ic, ni); 1187 frm = ieee80211_add_ssid(frm, ic->ic_bss->ni_essid, 1188 ic->ic_bss->ni_esslen); 1189 frm = ieee80211_add_rates(frm, rs); 1190 frm = ieee80211_add_ds_params(frm, ic, ni); 1191 if (ic->ic_opmode == IEEE80211_M_IBSS) 1192 frm = ieee80211_add_ibss_params(frm, ni); 1193 if (ic->ic_curmode == IEEE80211_MODE_11G) 1194 frm = ieee80211_add_erp(frm, ic); 1195 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1196 frm = ieee80211_add_xrates(frm, rs); 1197 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1198 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1199 frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); 1200 if (ic->ic_flags & IEEE80211_F_QOS) 1201 frm = ieee80211_add_edca_params(frm, ic); 1202 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1203 (ic->ic_bss->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1204 frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); 1205 #ifndef IEEE80211_NO_HT 1206 if (ic->ic_flags & IEEE80211_F_HTON) { 1207 frm = ieee80211_add_htcaps(frm, ic); 1208 frm = ieee80211_add_htop(frm, ic); 1209 } 1210 #endif 1211 1212 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1213 1214 return m; 1215 } 1216 #endif /* IEEE80211_STA_ONLY */ 1217 1218 /*- 1219 * Authentication frame format: 1220 * [2] Authentication algorithm number 1221 * [2] Authentication transaction sequence number 1222 * [2] Status code 1223 */ 1224 struct mbuf * 1225 ieee80211_get_auth(struct ieee80211com *ic, struct ieee80211_node *ni, 1226 u_int16_t status, u_int16_t seq) 1227 { 1228 struct mbuf *m; 1229 u_int8_t *frm; 1230 1231 MGETHDR(m, M_DONTWAIT, MT_DATA); 1232 if (m == NULL) 1233 return NULL; 1234 MH_ALIGN(m, 2 * 3); 1235 m->m_pkthdr.len = m->m_len = 2 * 3; 1236 1237 frm = mtod(m, u_int8_t *); 1238 LE_WRITE_2(frm, IEEE80211_AUTH_ALG_OPEN); frm += 2; 1239 LE_WRITE_2(frm, seq); frm += 2; 1240 LE_WRITE_2(frm, status); 1241 1242 return m; 1243 } 1244 1245 /*- 1246 * Deauthentication frame format: 1247 * [2] Reason code 1248 */ 1249 struct mbuf * 1250 ieee80211_get_deauth(struct ieee80211com *ic, struct ieee80211_node *ni, 1251 u_int16_t reason) 1252 { 1253 struct mbuf *m; 1254 1255 MGETHDR(m, M_DONTWAIT, MT_DATA); 1256 if (m == NULL) 1257 return NULL; 1258 MH_ALIGN(m, 2); 1259 1260 m->m_pkthdr.len = m->m_len = 2; 1261 *mtod(m, u_int16_t *) = htole16(reason); 1262 1263 return m; 1264 } 1265 1266 /*- 1267 * (Re)Association request frame format: 1268 * [2] Capability information 1269 * [2] Listen interval 1270 * [6*] Current AP address (Reassociation only) 1271 * [tlv] SSID 1272 * [tlv] Supported rates 1273 * [tlv] Extended Supported Rates (802.11g) 1274 * [tlv] RSN (802.11i) 1275 * [tlv] QoS Capability (802.11e) 1276 * [tlv] HT Capabilities (802.11n) 1277 */ 1278 struct mbuf * 1279 ieee80211_get_assoc_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1280 int type) 1281 { 1282 const struct ieee80211_rateset *rs = &ni->ni_rates; 1283 struct mbuf *m; 1284 u_int8_t *frm; 1285 u_int16_t capinfo; 1286 1287 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1288 2 + 2 + 1289 ((type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) ? 1290 IEEE80211_ADDR_LEN : 0) + 1291 2 + ni->ni_esslen + 1292 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1293 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1294 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1295 (((ic->ic_flags & IEEE80211_F_RSNON) && 1296 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1297 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1298 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 1 : 0) + 1299 (((ic->ic_flags & IEEE80211_F_RSNON) && 1300 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1301 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1302 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 : 0)); 1303 if (m == NULL) 1304 return NULL; 1305 1306 frm = mtod(m, u_int8_t *); 1307 capinfo = IEEE80211_CAPINFO_ESS; 1308 if (ic->ic_flags & IEEE80211_F_WEPON) 1309 capinfo |= IEEE80211_CAPINFO_PRIVACY; 1310 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1311 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) 1312 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE; 1313 if (ic->ic_caps & IEEE80211_C_SHSLOT) 1314 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME; 1315 LE_WRITE_2(frm, capinfo); frm += 2; 1316 LE_WRITE_2(frm, ic->ic_lintval); frm += 2; 1317 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1318 IEEE80211_ADDR_COPY(frm, ic->ic_bss->ni_bssid); 1319 frm += IEEE80211_ADDR_LEN; 1320 } 1321 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1322 frm = ieee80211_add_rates(frm, rs); 1323 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1324 frm = ieee80211_add_xrates(frm, rs); 1325 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1326 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1327 frm = ieee80211_add_rsn(frm, ic, ni); 1328 if (ni->ni_flags & IEEE80211_NODE_QOS) 1329 frm = ieee80211_add_qos_capability(frm, ic); 1330 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1331 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1332 frm = ieee80211_add_wpa(frm, ic, ni); 1333 #ifndef IEEE80211_NO_HT 1334 if (ni->ni_flags & IEEE80211_NODE_HT) 1335 frm = ieee80211_add_htcaps(frm, ic); 1336 #endif 1337 1338 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1339 1340 return m; 1341 } 1342 1343 #ifndef IEEE80211_STA_ONLY 1344 /*- 1345 * (Re)Association response frame format: 1346 * [2] Capability information 1347 * [2] Status code 1348 * [2] Association ID (AID) 1349 * [tlv] Supported rates 1350 * [tlv] Extended Supported Rates (802.11g) 1351 * [tlv] EDCA Parameter Set (802.11e) 1352 * [tlv] Timeout Interval (802.11w) 1353 * [tlv] HT Capabilities (802.11n) 1354 * [tlv] HT Operation (802.11n) 1355 */ 1356 struct mbuf * 1357 ieee80211_get_assoc_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1358 u_int16_t status) 1359 { 1360 const struct ieee80211_rateset *rs = &ni->ni_rates; 1361 struct mbuf *m; 1362 u_int8_t *frm; 1363 1364 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1365 2 + 2 + 2 + 1366 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1367 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1368 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1369 ((ni->ni_flags & IEEE80211_NODE_QOS) ? 2 + 18 : 0) + 1370 ((status == IEEE80211_STATUS_TRY_AGAIN_LATER) ? 2 + 7 : 0) + 1371 ((ni->ni_flags & IEEE80211_NODE_HT) ? 28 + 24 : 0)); 1372 if (m == NULL) 1373 return NULL; 1374 1375 frm = mtod(m, u_int8_t *); 1376 frm = ieee80211_add_capinfo(frm, ic, ni); 1377 LE_WRITE_2(frm, status); frm += 2; 1378 if (status == IEEE80211_STATUS_SUCCESS) 1379 LE_WRITE_2(frm, ni->ni_associd); 1380 else 1381 LE_WRITE_2(frm, 0); 1382 frm += 2; 1383 frm = ieee80211_add_rates(frm, rs); 1384 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1385 frm = ieee80211_add_xrates(frm, rs); 1386 if (ni->ni_flags & IEEE80211_NODE_QOS) 1387 frm = ieee80211_add_edca_params(frm, ic); 1388 if ((ni->ni_flags & IEEE80211_NODE_MFP) && 1389 status == IEEE80211_STATUS_TRY_AGAIN_LATER) { 1390 /* Association Comeback Time */ 1391 frm = ieee80211_add_tie(frm, 3, 1000 /* XXX */); 1392 } 1393 #ifndef IEEE80211_NO_HT 1394 if (ni->ni_flags & IEEE80211_NODE_HT) { 1395 frm = ieee80211_add_htcaps(frm, ic); 1396 frm = ieee80211_add_htop(frm, ic); 1397 } 1398 #endif 1399 1400 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1401 1402 return m; 1403 } 1404 #endif /* IEEE80211_STA_ONLY */ 1405 1406 /*- 1407 * Disassociation frame format: 1408 * [2] Reason code 1409 */ 1410 struct mbuf * 1411 ieee80211_get_disassoc(struct ieee80211com *ic, struct ieee80211_node *ni, 1412 u_int16_t reason) 1413 { 1414 struct mbuf *m; 1415 1416 MGETHDR(m, M_DONTWAIT, MT_DATA); 1417 if (m == NULL) 1418 return NULL; 1419 MH_ALIGN(m, 2); 1420 1421 m->m_pkthdr.len = m->m_len = 2; 1422 *mtod(m, u_int16_t *) = htole16(reason); 1423 1424 return m; 1425 } 1426 1427 #ifndef IEEE80211_NO_HT 1428 /*- 1429 * ADDBA Request frame format: 1430 * [1] Category 1431 * [1] Action 1432 * [1] Dialog Token 1433 * [2] Block Ack Parameter Set 1434 * [2] Block Ack Timeout Value 1435 * [2] Block Ack Starting Sequence Control 1436 */ 1437 struct mbuf * 1438 ieee80211_get_addba_req(struct ieee80211com *ic, struct ieee80211_node *ni, 1439 u_int8_t tid) 1440 { 1441 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1442 struct mbuf *m; 1443 u_int8_t *frm; 1444 u_int16_t params; 1445 1446 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1447 if (m == NULL) 1448 return m; 1449 1450 frm = mtod(m, u_int8_t *); 1451 *frm++ = IEEE80211_CATEG_BA; 1452 *frm++ = IEEE80211_ACTION_ADDBA_REQ; 1453 *frm++ = ba->ba_token; 1454 params = ba->ba_winsize << 6 | tid << 2 | IEEE80211_BA_ACK_POLICY; 1455 LE_WRITE_2(frm, params); frm += 2; 1456 LE_WRITE_2(frm, ba->ba_timeout_val); frm += 2; 1457 LE_WRITE_2(frm, ba->ba_winstart); frm += 2; 1458 1459 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1460 1461 return m; 1462 } 1463 1464 /*- 1465 * ADDBA Response frame format: 1466 * [1] Category 1467 * [1] Action 1468 * [1] Dialog Token 1469 * [2] Status Code 1470 * [2] Block Ack Parameter Set 1471 * [2] Block Ack Timeout Value 1472 */ 1473 struct mbuf * 1474 ieee80211_get_addba_resp(struct ieee80211com *ic, struct ieee80211_node *ni, 1475 u_int8_t tid, u_int8_t token, u_int16_t status) 1476 { 1477 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 1478 struct mbuf *m; 1479 u_int8_t *frm; 1480 u_int16_t params; 1481 1482 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 9); 1483 if (m == NULL) 1484 return m; 1485 1486 frm = mtod(m, u_int8_t *); 1487 *frm++ = IEEE80211_CATEG_BA; 1488 *frm++ = IEEE80211_ACTION_ADDBA_RESP; 1489 *frm++ = token; 1490 LE_WRITE_2(frm, status); frm += 2; 1491 params = tid << 2 | IEEE80211_BA_ACK_POLICY; 1492 if (status == 0) 1493 params |= ba->ba_winsize << 6; 1494 LE_WRITE_2(frm, params); frm += 2; 1495 if (status == 0) 1496 LE_WRITE_2(frm, ba->ba_timeout_val); 1497 else 1498 LE_WRITE_2(frm, 0); 1499 frm += 2; 1500 1501 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1502 1503 return m; 1504 } 1505 1506 /*- 1507 * DELBA frame format: 1508 * [1] Category 1509 * [1] Action 1510 * [2] DELBA Parameter Set 1511 * [2] Reason Code 1512 */ 1513 struct mbuf * 1514 ieee80211_get_delba(struct ieee80211com *ic, struct ieee80211_node *ni, 1515 u_int8_t tid, u_int8_t dir, u_int16_t reason) 1516 { 1517 struct mbuf *m; 1518 u_int8_t *frm; 1519 u_int16_t params; 1520 1521 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 6); 1522 if (m == NULL) 1523 return m; 1524 1525 frm = mtod(m, u_int8_t *); 1526 *frm++ = IEEE80211_CATEG_BA; 1527 *frm++ = IEEE80211_ACTION_DELBA; 1528 params = tid << 12; 1529 if (dir) 1530 params |= IEEE80211_DELBA_INITIATOR; 1531 LE_WRITE_2(frm, params); frm += 2; 1532 LE_WRITE_2(frm, reason); frm += 2; 1533 1534 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1535 1536 return m; 1537 } 1538 #endif /* !IEEE80211_NO_HT */ 1539 1540 /*- 1541 * SA Query Request/Reponse frame format: 1542 * [1] Category 1543 * [1] Action 1544 * [16] Transaction Identifier 1545 */ 1546 struct mbuf * 1547 ieee80211_get_sa_query(struct ieee80211com *ic, struct ieee80211_node *ni, 1548 u_int8_t action) 1549 { 1550 struct mbuf *m; 1551 u_int8_t *frm; 1552 1553 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 4); 1554 if (m == NULL) 1555 return NULL; 1556 1557 frm = mtod(m, u_int8_t *); 1558 *frm++ = IEEE80211_CATEG_SA_QUERY; 1559 *frm++ = action; /* ACTION_SA_QUERY_REQ/RESP */ 1560 LE_WRITE_2(frm, ni->ni_sa_query_trid); frm += 2; 1561 1562 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1563 1564 return m; 1565 } 1566 1567 struct mbuf * 1568 ieee80211_get_action(struct ieee80211com *ic, struct ieee80211_node *ni, 1569 u_int8_t categ, u_int8_t action, int arg) 1570 { 1571 struct mbuf *m = NULL; 1572 1573 switch (categ) { 1574 #ifndef IEEE80211_NO_HT 1575 case IEEE80211_CATEG_BA: 1576 switch (action) { 1577 case IEEE80211_ACTION_ADDBA_REQ: 1578 m = ieee80211_get_addba_req(ic, ni, arg & 0xffff); 1579 break; 1580 case IEEE80211_ACTION_ADDBA_RESP: 1581 m = ieee80211_get_addba_resp(ic, ni, arg & 0xff, 1582 arg >> 8, arg >> 16); 1583 break; 1584 case IEEE80211_ACTION_DELBA: 1585 m = ieee80211_get_delba(ic, ni, arg & 0xff, arg >> 8, 1586 arg >> 16); 1587 break; 1588 } 1589 break; 1590 #endif 1591 case IEEE80211_CATEG_SA_QUERY: 1592 switch (action) { 1593 #ifndef IEEE80211_STA_ONLY 1594 case IEEE80211_ACTION_SA_QUERY_REQ: 1595 #endif 1596 case IEEE80211_ACTION_SA_QUERY_RESP: 1597 m = ieee80211_get_sa_query(ic, ni, action); 1598 break; 1599 } 1600 break; 1601 } 1602 return m; 1603 } 1604 1605 /* 1606 * Send a management frame. The node is for the destination (or ic_bss 1607 * when in station mode). Nodes other than ic_bss have their reference 1608 * count bumped to reflect our use for an indeterminant time. 1609 */ 1610 int 1611 ieee80211_send_mgmt(struct ieee80211com *ic, struct ieee80211_node *ni, 1612 int type, int arg1, int arg2) 1613 { 1614 #define senderr(_x, _v) do { ic->ic_stats._v++; ret = _x; goto bad; } while (0) 1615 struct ifnet *ifp = &ic->ic_if; 1616 struct mbuf *m; 1617 int ret, timer; 1618 1619 if (ni == NULL) 1620 panic("null node"); 1621 1622 /* 1623 * Hold a reference on the node so it doesn't go away until after 1624 * the xmit is complete all the way in the driver. On error we 1625 * will remove our reference. 1626 */ 1627 ieee80211_ref_node(ni); 1628 timer = 0; 1629 switch (type) { 1630 case IEEE80211_FC0_SUBTYPE_PROBE_REQ: 1631 if ((m = ieee80211_get_probe_req(ic, ni)) == NULL) 1632 senderr(ENOMEM, is_tx_nombuf); 1633 1634 timer = IEEE80211_TRANS_WAIT; 1635 break; 1636 #ifndef IEEE80211_STA_ONLY 1637 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 1638 if ((m = ieee80211_get_probe_resp(ic, ni)) == NULL) 1639 senderr(ENOMEM, is_tx_nombuf); 1640 break; 1641 #endif 1642 case IEEE80211_FC0_SUBTYPE_AUTH: 1643 m = ieee80211_get_auth(ic, ni, arg1 >> 16, arg1 & 0xffff); 1644 if (m == NULL) 1645 senderr(ENOMEM, is_tx_nombuf); 1646 1647 if (ic->ic_opmode == IEEE80211_M_STA) 1648 timer = IEEE80211_TRANS_WAIT; 1649 break; 1650 1651 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1652 if ((m = ieee80211_get_deauth(ic, ni, arg1)) == NULL) 1653 senderr(ENOMEM, is_tx_nombuf); 1654 1655 if (ifp->if_flags & IFF_DEBUG) { 1656 printf("%s: station %s deauthenticate (reason %d)\n", 1657 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1658 arg1); 1659 } 1660 break; 1661 1662 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1663 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: 1664 if ((m = ieee80211_get_assoc_req(ic, ni, type)) == NULL) 1665 senderr(ENOMEM, is_tx_nombuf); 1666 1667 timer = IEEE80211_TRANS_WAIT; 1668 break; 1669 #ifndef IEEE80211_STA_ONLY 1670 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 1671 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: 1672 if ((m = ieee80211_get_assoc_resp(ic, ni, arg1)) == NULL) 1673 senderr(ENOMEM, is_tx_nombuf); 1674 break; 1675 #endif 1676 case IEEE80211_FC0_SUBTYPE_DISASSOC: 1677 if ((m = ieee80211_get_disassoc(ic, ni, arg1)) == NULL) 1678 senderr(ENOMEM, is_tx_nombuf); 1679 1680 if (ifp->if_flags & IFF_DEBUG) { 1681 printf("%s: station %s disassociate (reason %d)\n", 1682 ifp->if_xname, ether_sprintf(ni->ni_macaddr), 1683 arg1); 1684 } 1685 break; 1686 1687 case IEEE80211_FC0_SUBTYPE_ACTION: 1688 m = ieee80211_get_action(ic, ni, arg1 >> 16, arg1 & 0xffff, 1689 arg2); 1690 if (m == NULL) 1691 senderr(ENOMEM, is_tx_nombuf); 1692 break; 1693 1694 default: 1695 DPRINTF(("invalid mgmt frame type %u\n", type)); 1696 senderr(EINVAL, is_tx_unknownmgt); 1697 /* NOTREACHED */ 1698 } 1699 1700 ret = ieee80211_mgmt_output(ifp, ni, m, type); 1701 if (ret == 0) { 1702 if (timer) 1703 ic->ic_mgt_timer = timer; 1704 } else { 1705 bad: 1706 ieee80211_release_node(ic, ni); 1707 } 1708 return ret; 1709 #undef senderr 1710 } 1711 1712 /* 1713 * Build a RTS (Request To Send) control frame (see 7.2.1.1). 1714 */ 1715 struct mbuf * 1716 ieee80211_get_rts(struct ieee80211com *ic, const struct ieee80211_frame *wh, 1717 u_int16_t dur) 1718 { 1719 struct ieee80211_frame_rts *rts; 1720 struct mbuf *m; 1721 1722 MGETHDR(m, M_DONTWAIT, MT_DATA); 1723 if (m == NULL) 1724 return NULL; 1725 1726 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts); 1727 1728 rts = mtod(m, struct ieee80211_frame_rts *); 1729 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1730 IEEE80211_FC0_SUBTYPE_RTS; 1731 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1732 *(u_int16_t *)rts->i_dur = htole16(dur); 1733 IEEE80211_ADDR_COPY(rts->i_ra, wh->i_addr1); 1734 IEEE80211_ADDR_COPY(rts->i_ta, wh->i_addr2); 1735 1736 return m; 1737 } 1738 1739 /* 1740 * Build a CTS-to-self (Clear To Send) control frame (see 7.2.1.2). 1741 */ 1742 struct mbuf * 1743 ieee80211_get_cts_to_self(struct ieee80211com *ic, u_int16_t dur) 1744 { 1745 struct ieee80211_frame_cts *cts; 1746 struct mbuf *m; 1747 1748 MGETHDR(m, M_DONTWAIT, MT_DATA); 1749 if (m == NULL) 1750 return NULL; 1751 1752 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts); 1753 1754 cts = mtod(m, struct ieee80211_frame_cts *); 1755 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL | 1756 IEEE80211_FC0_SUBTYPE_CTS; 1757 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1758 *(u_int16_t *)cts->i_dur = htole16(dur); 1759 IEEE80211_ADDR_COPY(cts->i_ra, ic->ic_myaddr); 1760 1761 return m; 1762 } 1763 1764 #ifndef IEEE80211_STA_ONLY 1765 /*- 1766 * Beacon frame format: 1767 * [8] Timestamp 1768 * [2] Beacon interval 1769 * [2] Capability 1770 * [tlv] Service Set Identifier (SSID) 1771 * [tlv] Supported rates 1772 * [tlv] DS Parameter Set (802.11g) 1773 * [tlv] IBSS Parameter Set 1774 * [tlv] Traffic Indication Map (TIM) 1775 * [tlv] ERP Information (802.11g) 1776 * [tlv] Extended Supported Rates (802.11g) 1777 * [tlv] RSN (802.11i) 1778 * [tlv] EDCA Parameter Set (802.11e) 1779 * [tlv] HT Capabilities (802.11n) 1780 * [tlv] HT Operation (802.11n) 1781 */ 1782 struct mbuf * 1783 ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni) 1784 { 1785 const struct ieee80211_rateset *rs = &ni->ni_rates; 1786 struct ieee80211_frame *wh; 1787 struct mbuf *m; 1788 u_int8_t *frm; 1789 1790 m = ieee80211_getmgmt(M_DONTWAIT, MT_DATA, 1791 8 + 2 + 2 + 1792 2 + ((ic->ic_flags & IEEE80211_F_HIDENWID) ? 0 : ni->ni_esslen) + 1793 2 + min(rs->rs_nrates, IEEE80211_RATE_SIZE) + 1794 2 + 1 + 1795 2 + ((ic->ic_opmode == IEEE80211_M_IBSS) ? 2 : 254) + 1796 ((ic->ic_curmode == IEEE80211_MODE_11G) ? 2 + 1 : 0) + 1797 ((rs->rs_nrates > IEEE80211_RATE_SIZE) ? 1798 2 + rs->rs_nrates - IEEE80211_RATE_SIZE : 0) + 1799 (((ic->ic_flags & IEEE80211_F_RSNON) && 1800 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) ? 1801 2 + IEEE80211_RSNIE_MAXLEN : 0) + 1802 ((ic->ic_flags & IEEE80211_F_QOS) ? 2 + 18 : 0) + 1803 (((ic->ic_flags & IEEE80211_F_RSNON) && 1804 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) ? 1805 2 + IEEE80211_WPAIE_MAXLEN : 0) + 1806 ((ic->ic_flags & IEEE80211_F_HTON) ? 28 + 24 : 0)); 1807 if (m == NULL) 1808 return NULL; 1809 1810 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 1811 if (m == NULL) 1812 return NULL; 1813 wh = mtod(m, struct ieee80211_frame *); 1814 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 1815 IEEE80211_FC0_SUBTYPE_BEACON; 1816 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 1817 *(u_int16_t *)wh->i_dur = 0; 1818 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 1819 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 1820 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 1821 *(u_int16_t *)wh->i_seq = 0; 1822 1823 frm = (u_int8_t *)&wh[1]; 1824 memset(frm, 0, 8); frm += 8; /* timestamp is set by hardware */ 1825 LE_WRITE_2(frm, ni->ni_intval); frm += 2; 1826 frm = ieee80211_add_capinfo(frm, ic, ni); 1827 if (ic->ic_flags & IEEE80211_F_HIDENWID) 1828 frm = ieee80211_add_ssid(frm, NULL, 0); 1829 else 1830 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen); 1831 frm = ieee80211_add_rates(frm, rs); 1832 frm = ieee80211_add_ds_params(frm, ic, ni); 1833 if (ic->ic_opmode == IEEE80211_M_IBSS) 1834 frm = ieee80211_add_ibss_params(frm, ni); 1835 else 1836 frm = ieee80211_add_tim(frm, ic); 1837 if (ic->ic_curmode == IEEE80211_MODE_11G) 1838 frm = ieee80211_add_erp(frm, ic); 1839 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 1840 frm = ieee80211_add_xrates(frm, rs); 1841 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1842 (ni->ni_rsnprotos & IEEE80211_PROTO_RSN)) 1843 frm = ieee80211_add_rsn(frm, ic, ni); 1844 if (ic->ic_flags & IEEE80211_F_QOS) 1845 frm = ieee80211_add_edca_params(frm, ic); 1846 if ((ic->ic_flags & IEEE80211_F_RSNON) && 1847 (ni->ni_rsnprotos & IEEE80211_PROTO_WPA)) 1848 frm = ieee80211_add_wpa(frm, ic, ni); 1849 #ifndef IEEE80211_NO_HT 1850 if (ic->ic_flags & IEEE80211_F_HTON) { 1851 frm = ieee80211_add_htcaps(frm, ic); 1852 frm = ieee80211_add_htop(frm, ic); 1853 } 1854 #endif 1855 1856 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *); 1857 m->m_pkthdr.ph_cookie = ni; 1858 1859 return m; 1860 } 1861 1862 /* 1863 * Check if an outgoing MSDU or management frame should be buffered into 1864 * the AP for power management. Return 1 if the frame was buffered into 1865 * the AP, or 0 if the frame shall be transmitted immediately. 1866 */ 1867 int 1868 ieee80211_pwrsave(struct ieee80211com *ic, struct mbuf *m, 1869 struct ieee80211_node *ni) 1870 { 1871 const struct ieee80211_frame *wh; 1872 1873 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP); 1874 if (!(ic->ic_caps & IEEE80211_C_APPMGT)) 1875 return 0; 1876 1877 wh = mtod(m, struct ieee80211_frame *); 1878 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1879 /* 1880 * Buffer group addressed MSDUs with the Order bit clear 1881 * if any associated STAs are in PS mode. 1882 */ 1883 if ((wh->i_fc[1] & IEEE80211_FC1_ORDER) || 1884 ic->ic_pssta == 0) 1885 return 0; 1886 ic->ic_tim_mcast_pending = 1; 1887 } else { 1888 /* 1889 * Buffer MSDUs, A-MSDUs or management frames destined for 1890 * PS STAs. 1891 */ 1892 if (ni->ni_pwrsave == IEEE80211_PS_AWAKE || 1893 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1894 IEEE80211_FC0_TYPE_CTL) 1895 return 0; 1896 if (IF_IS_EMPTY(&ni->ni_savedq)) 1897 (*ic->ic_set_tim)(ic, ni->ni_associd, 1); 1898 } 1899 /* NB: ni == ic->ic_bss for broadcast/multicast */ 1900 if (IF_QFULL(&ni->ni_savedq)) { 1901 /* XXX should we drop the oldest instead? */ 1902 IF_DROP(&ni->ni_savedq); 1903 m_freem(m); 1904 } else { 1905 IF_ENQUEUE(&ni->ni_savedq, m); 1906 /* 1907 * Similar to ieee80211_mgmt_output, store the node in a 1908 * special pkthdr field. 1909 */ 1910 m->m_pkthdr.ph_cookie = ni; 1911 } 1912 return 1; 1913 } 1914 #endif /* IEEE80211_STA_ONLY */ 1915