1 /* $OpenBSD: ieee80211_proto.c,v 1.46 2012/01/18 14:35:56 stsp Exp $ */ 2 /* $NetBSD: ieee80211_proto.c,v 1.8 2004/04/30 23:58:20 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2008, 2009 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * IEEE 802.11 protocol support. 35 */ 36 37 #include "bpfilter.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/mbuf.h> 42 #include <sys/kernel.h> 43 #include <sys/socket.h> 44 #include <sys/sockio.h> 45 #include <sys/endian.h> 46 #include <sys/errno.h> 47 #include <sys/proc.h> 48 #include <sys/sysctl.h> 49 50 #include <net/if.h> 51 #include <net/if_dl.h> 52 #include <net/if_media.h> 53 #include <net/if_arp.h> 54 #include <net/if_llc.h> 55 56 #if NBPFILTER > 0 57 #include <net/bpf.h> 58 #endif 59 60 #ifdef INET 61 #include <netinet/in.h> 62 #include <netinet/if_ether.h> 63 #endif 64 65 #include <net80211/ieee80211_var.h> 66 #include <net80211/ieee80211_priv.h> 67 68 #include <dev/rndvar.h> 69 70 const char * const ieee80211_mgt_subtype_name[] = { 71 "assoc_req", "assoc_resp", "reassoc_req", "reassoc_resp", 72 "probe_req", "probe_resp", "reserved#6", "reserved#7", 73 "beacon", "atim", "disassoc", "auth", 74 "deauth", "action", "action_noack", "reserved#15" 75 }; 76 const char * const ieee80211_state_name[IEEE80211_S_MAX] = { 77 "INIT", /* IEEE80211_S_INIT */ 78 "SCAN", /* IEEE80211_S_SCAN */ 79 "AUTH", /* IEEE80211_S_AUTH */ 80 "ASSOC", /* IEEE80211_S_ASSOC */ 81 "RUN" /* IEEE80211_S_RUN */ 82 }; 83 const char * const ieee80211_phymode_name[] = { 84 "auto", /* IEEE80211_MODE_AUTO */ 85 "11a", /* IEEE80211_MODE_11A */ 86 "11b", /* IEEE80211_MODE_11B */ 87 "11g", /* IEEE80211_MODE_11G */ 88 "turbo", /* IEEE80211_MODE_TURBO */ 89 }; 90 91 int ieee80211_newstate(struct ieee80211com *, enum ieee80211_state, int); 92 93 void 94 ieee80211_proto_attach(struct ifnet *ifp) 95 { 96 struct ieee80211com *ic = (void *)ifp; 97 98 ifp->if_hdrlen = sizeof(struct ieee80211_frame); 99 100 #ifdef notdef 101 ic->ic_rtsthreshold = IEEE80211_RTS_DEFAULT; 102 #else 103 ic->ic_rtsthreshold = IEEE80211_RTS_MAX; 104 #endif 105 ic->ic_fragthreshold = 2346; /* XXX not used yet */ 106 ic->ic_fixed_rate = -1; /* no fixed rate */ 107 ic->ic_protmode = IEEE80211_PROT_CTSONLY; 108 109 /* protocol state change handler */ 110 ic->ic_newstate = ieee80211_newstate; 111 112 /* initialize management frame handlers */ 113 ic->ic_recv_mgmt = ieee80211_recv_mgmt; 114 ic->ic_send_mgmt = ieee80211_send_mgmt; 115 } 116 117 void 118 ieee80211_proto_detach(struct ifnet *ifp) 119 { 120 struct ieee80211com *ic = (void *)ifp; 121 122 IF_PURGE(&ic->ic_mgtq); 123 IF_PURGE(&ic->ic_pwrsaveq); 124 } 125 126 void 127 ieee80211_print_essid(const u_int8_t *essid, int len) 128 { 129 int i; 130 const u_int8_t *p; 131 132 if (len > IEEE80211_NWID_LEN) 133 len = IEEE80211_NWID_LEN; 134 /* determine printable or not */ 135 for (i = 0, p = essid; i < len; i++, p++) { 136 if (*p < ' ' || *p > 0x7e) 137 break; 138 } 139 if (i == len) { 140 printf("\""); 141 for (i = 0, p = essid; i < len; i++, p++) 142 printf("%c", *p); 143 printf("\""); 144 } else { 145 printf("0x"); 146 for (i = 0, p = essid; i < len; i++, p++) 147 printf("%02x", *p); 148 } 149 } 150 151 #ifdef IEEE80211_DEBUG 152 void 153 ieee80211_dump_pkt(const u_int8_t *buf, int len, int rate, int rssi) 154 { 155 struct ieee80211_frame *wh; 156 int i; 157 158 wh = (struct ieee80211_frame *)buf; 159 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 160 case IEEE80211_FC1_DIR_NODS: 161 printf("NODS %s", ether_sprintf(wh->i_addr2)); 162 printf("->%s", ether_sprintf(wh->i_addr1)); 163 printf("(%s)", ether_sprintf(wh->i_addr3)); 164 break; 165 case IEEE80211_FC1_DIR_TODS: 166 printf("TODS %s", ether_sprintf(wh->i_addr2)); 167 printf("->%s", ether_sprintf(wh->i_addr3)); 168 printf("(%s)", ether_sprintf(wh->i_addr1)); 169 break; 170 case IEEE80211_FC1_DIR_FROMDS: 171 printf("FRDS %s", ether_sprintf(wh->i_addr3)); 172 printf("->%s", ether_sprintf(wh->i_addr1)); 173 printf("(%s)", ether_sprintf(wh->i_addr2)); 174 break; 175 case IEEE80211_FC1_DIR_DSTODS: 176 printf("DSDS %s", ether_sprintf((u_int8_t *)&wh[1])); 177 printf("->%s", ether_sprintf(wh->i_addr3)); 178 printf("(%s", ether_sprintf(wh->i_addr2)); 179 printf("->%s)", ether_sprintf(wh->i_addr1)); 180 break; 181 } 182 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 183 case IEEE80211_FC0_TYPE_DATA: 184 printf(" data"); 185 break; 186 case IEEE80211_FC0_TYPE_MGT: 187 printf(" %s", ieee80211_mgt_subtype_name[ 188 (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) 189 >> IEEE80211_FC0_SUBTYPE_SHIFT]); 190 break; 191 default: 192 printf(" type#%d", wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK); 193 break; 194 } 195 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 196 printf(" WEP"); 197 if (rate >= 0) 198 printf(" %d%sM", rate / 2, (rate & 1) ? ".5" : ""); 199 if (rssi >= 0) 200 printf(" +%d", rssi); 201 printf("\n"); 202 if (len > 0) { 203 for (i = 0; i < len; i++) { 204 if ((i & 1) == 0) 205 printf(" "); 206 printf("%02x", buf[i]); 207 } 208 printf("\n"); 209 } 210 } 211 #endif 212 213 int 214 ieee80211_fix_rate(struct ieee80211com *ic, struct ieee80211_node *ni, 215 int flags) 216 { 217 #define RV(v) ((v) & IEEE80211_RATE_VAL) 218 int i, j, ignore, error; 219 int okrate, badrate, fixedrate; 220 const struct ieee80211_rateset *srs; 221 struct ieee80211_rateset *nrs; 222 u_int8_t r; 223 224 /* 225 * If the fixed rate check was requested but no fixed rate has been 226 * defined then just remove the check. 227 */ 228 if ((flags & IEEE80211_F_DOFRATE) && ic->ic_fixed_rate == -1) 229 flags &= ~IEEE80211_F_DOFRATE; 230 231 error = 0; 232 okrate = badrate = fixedrate = 0; 233 srs = &ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 234 nrs = &ni->ni_rates; 235 for (i = 0; i < nrs->rs_nrates; ) { 236 ignore = 0; 237 if (flags & IEEE80211_F_DOSORT) { 238 /* 239 * Sort rates. 240 */ 241 for (j = i + 1; j < nrs->rs_nrates; j++) { 242 if (RV(nrs->rs_rates[i]) > 243 RV(nrs->rs_rates[j])) { 244 r = nrs->rs_rates[i]; 245 nrs->rs_rates[i] = nrs->rs_rates[j]; 246 nrs->rs_rates[j] = r; 247 } 248 } 249 } 250 r = nrs->rs_rates[i] & IEEE80211_RATE_VAL; 251 badrate = r; 252 if (flags & IEEE80211_F_DOFRATE) { 253 /* 254 * Check fixed rate is included. 255 */ 256 if (r == RV(srs->rs_rates[ic->ic_fixed_rate])) 257 fixedrate = r; 258 } 259 if (flags & IEEE80211_F_DONEGO) { 260 /* 261 * Check against supported rates. 262 */ 263 for (j = 0; j < srs->rs_nrates; j++) { 264 if (r == RV(srs->rs_rates[j])) { 265 /* 266 * Overwrite with the supported rate 267 * value so any basic rate bit is set. 268 * This insures that response we send 269 * to stations have the necessary basic 270 * rate bit set. 271 */ 272 nrs->rs_rates[i] = srs->rs_rates[j]; 273 break; 274 } 275 } 276 if (j == srs->rs_nrates) { 277 /* 278 * A rate in the node's rate set is not 279 * supported. If this is a basic rate and we 280 * are operating as an AP then this is an error. 281 * Otherwise we just discard/ignore the rate. 282 * Note that this is important for 11b stations 283 * when they want to associate with an 11g AP. 284 */ 285 #ifndef IEEE80211_STA_ONLY 286 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 287 (nrs->rs_rates[i] & IEEE80211_RATE_BASIC)) 288 error++; 289 #endif 290 ignore++; 291 } 292 } 293 if (flags & IEEE80211_F_DODEL) { 294 /* 295 * Delete unacceptable rates. 296 */ 297 if (ignore) { 298 nrs->rs_nrates--; 299 for (j = i; j < nrs->rs_nrates; j++) 300 nrs->rs_rates[j] = nrs->rs_rates[j + 1]; 301 nrs->rs_rates[j] = 0; 302 continue; 303 } 304 } 305 if (!ignore) 306 okrate = nrs->rs_rates[i]; 307 i++; 308 } 309 if (okrate == 0 || error != 0 || 310 ((flags & IEEE80211_F_DOFRATE) && fixedrate == 0)) 311 return badrate | IEEE80211_RATE_BASIC; 312 else 313 return RV(okrate); 314 #undef RV 315 } 316 317 /* 318 * Reset 11g-related state. 319 */ 320 void 321 ieee80211_reset_erp(struct ieee80211com *ic) 322 { 323 ic->ic_flags &= ~IEEE80211_F_USEPROT; 324 ic->ic_nonerpsta = 0; 325 ic->ic_longslotsta = 0; 326 327 /* 328 * Enable short slot time iff: 329 * - we're operating in 802.11a or 330 * - we're operating in 802.11g and we're not in IBSS mode and 331 * the device supports short slot time 332 */ 333 ieee80211_set_shortslottime(ic, 334 ic->ic_curmode == IEEE80211_MODE_11A 335 #ifndef IEEE80211_STA_ONLY 336 || 337 (ic->ic_curmode == IEEE80211_MODE_11G && 338 ic->ic_opmode == IEEE80211_M_HOSTAP && 339 (ic->ic_caps & IEEE80211_C_SHSLOT)) 340 #endif 341 ); 342 343 if (ic->ic_curmode == IEEE80211_MODE_11A || 344 (ic->ic_caps & IEEE80211_C_SHPREAMBLE)) 345 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 346 else 347 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 348 } 349 350 /* 351 * Set the short slot time state and notify the driver. 352 */ 353 void 354 ieee80211_set_shortslottime(struct ieee80211com *ic, int on) 355 { 356 if (on) 357 ic->ic_flags |= IEEE80211_F_SHSLOT; 358 else 359 ic->ic_flags &= ~IEEE80211_F_SHSLOT; 360 361 /* notify the driver */ 362 if (ic->ic_updateslot != NULL) 363 ic->ic_updateslot(ic); 364 } 365 366 /* 367 * This function is called by the 802.1X PACP machine (via an ioctl) when 368 * the transmit key machine (4-Way Handshake for 802.11) should run. 369 */ 370 int 371 ieee80211_keyrun(struct ieee80211com *ic, u_int8_t *macaddr) 372 { 373 #ifndef IEEE80211_STA_ONLY 374 struct ieee80211_node *ni; 375 struct ieee80211_pmk *pmk; 376 #endif 377 378 /* STA must be associated or AP must be ready */ 379 if (ic->ic_state != IEEE80211_S_RUN || 380 !(ic->ic_flags & IEEE80211_F_RSNON)) 381 return ENETDOWN; 382 383 #ifndef IEEE80211_STA_ONLY 384 if (ic->ic_opmode == IEEE80211_M_STA) 385 #endif 386 return 0; /* supplicant only, do nothing */ 387 388 #ifndef IEEE80211_STA_ONLY 389 /* find the STA with which we must start the key exchange */ 390 if ((ni = ieee80211_find_node(ic, macaddr)) == NULL) { 391 DPRINTF(("no node found for %s\n", ether_sprintf(macaddr))); 392 return EINVAL; 393 } 394 /* check that the STA is in the correct state */ 395 if (ni->ni_state != IEEE80211_STA_ASSOC || 396 ni->ni_rsn_state != RSNA_AUTHENTICATION_2) { 397 DPRINTF(("unexpected in state %d\n", ni->ni_rsn_state)); 398 return EINVAL; 399 } 400 ni->ni_rsn_state = RSNA_INITPMK; 401 402 /* make sure a PMK is available for this STA, otherwise deauth it */ 403 if ((pmk = ieee80211_pmksa_find(ic, ni, NULL)) == NULL) { 404 DPRINTF(("no PMK available for %s\n", ether_sprintf(macaddr))); 405 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 406 IEEE80211_REASON_AUTH_LEAVE); 407 ieee80211_node_leave(ic, ni); 408 return EINVAL; 409 } 410 memcpy(ni->ni_pmk, pmk->pmk_key, IEEE80211_PMK_LEN); 411 memcpy(ni->ni_pmkid, pmk->pmk_pmkid, IEEE80211_PMKID_LEN); 412 ni->ni_flags |= IEEE80211_NODE_PMK; 413 414 /* initiate key exchange (4-Way Handshake) with STA */ 415 return ieee80211_send_4way_msg1(ic, ni); 416 #endif /* IEEE80211_STA_ONLY */ 417 } 418 419 #ifndef IEEE80211_STA_ONLY 420 /* 421 * Initiate a group key handshake with a node. 422 */ 423 static void 424 ieee80211_node_gtk_rekey(void *arg, struct ieee80211_node *ni) 425 { 426 struct ieee80211com *ic = arg; 427 428 if (ni->ni_state != IEEE80211_STA_ASSOC || 429 ni->ni_rsn_gstate != RSNA_IDLE) 430 return; 431 432 /* initiate a group key handshake with STA */ 433 ni->ni_flags |= IEEE80211_NODE_REKEY; 434 if (ieee80211_send_group_msg1(ic, ni) != 0) 435 ni->ni_flags &= ~IEEE80211_NODE_REKEY; 436 else 437 ic->ic_rsn_keydonesta++; 438 } 439 440 /* 441 * This function is called in HostAP mode when the group key needs to be 442 * changed. 443 */ 444 void 445 ieee80211_setkeys(struct ieee80211com *ic) 446 { 447 struct ieee80211_key *k; 448 u_int8_t kid; 449 450 /* Swap(GM, GN) */ 451 kid = (ic->ic_def_txkey == 1) ? 2 : 1; 452 k = &ic->ic_nw_keys[kid]; 453 memset(k, 0, sizeof(*k)); 454 k->k_id = kid; 455 k->k_cipher = ic->ic_bss->ni_rsngroupcipher; 456 k->k_flags = IEEE80211_KEY_GROUP | IEEE80211_KEY_TX; 457 k->k_len = ieee80211_cipher_keylen(k->k_cipher); 458 arc4random_buf(k->k_key, k->k_len); 459 460 if (ic->ic_caps & IEEE80211_C_MFP) { 461 /* Swap(GM_igtk, GN_igtk) */ 462 kid = (ic->ic_igtk_kid == 4) ? 5 : 4; 463 k = &ic->ic_nw_keys[kid]; 464 memset(k, 0, sizeof(*k)); 465 k->k_id = kid; 466 k->k_cipher = ic->ic_bss->ni_rsngroupmgmtcipher; 467 k->k_flags = IEEE80211_KEY_IGTK | IEEE80211_KEY_TX; 468 k->k_len = 16; 469 arc4random_buf(k->k_key, k->k_len); 470 } 471 472 ic->ic_rsn_keydonesta = 0; 473 ieee80211_iterate_nodes(ic, ieee80211_node_gtk_rekey, ic); 474 } 475 476 /* 477 * The group key handshake has been completed with all associated stations. 478 */ 479 void 480 ieee80211_setkeysdone(struct ieee80211com *ic) 481 { 482 u_int8_t kid; 483 484 /* install GTK */ 485 kid = (ic->ic_def_txkey == 1) ? 2 : 1; 486 if ((*ic->ic_set_key)(ic, ic->ic_bss, &ic->ic_nw_keys[kid]) == 0) 487 ic->ic_def_txkey = kid; 488 489 if (ic->ic_caps & IEEE80211_C_MFP) { 490 /* install IGTK */ 491 kid = (ic->ic_igtk_kid == 4) ? 5 : 4; 492 if ((*ic->ic_set_key)(ic, ic->ic_bss, 493 &ic->ic_nw_keys[kid]) == 0) 494 ic->ic_igtk_kid = kid; 495 } 496 } 497 498 /* 499 * Group key lifetime has expired, update it. 500 */ 501 void 502 ieee80211_gtk_rekey_timeout(void *arg) 503 { 504 struct ieee80211com *ic = arg; 505 int s; 506 507 s = splnet(); 508 ieee80211_setkeys(ic); 509 splx(s); 510 511 /* re-schedule a GTK rekeying after 3600s */ 512 timeout_add_sec(&ic->ic_rsn_timeout, 3600); 513 } 514 515 void 516 ieee80211_sa_query_timeout(void *arg) 517 { 518 struct ieee80211_node *ni = arg; 519 struct ieee80211com *ic = ni->ni_ic; 520 int s; 521 522 s = splnet(); 523 if (++ni->ni_sa_query_count >= 3) { 524 ni->ni_flags &= ~IEEE80211_NODE_SA_QUERY; 525 ni->ni_flags |= IEEE80211_NODE_SA_QUERY_FAILED; 526 } else /* retry SA Query Request */ 527 ieee80211_sa_query_request(ic, ni); 528 splx(s); 529 } 530 531 /* 532 * Request that a SA Query Request frame be sent to a specified peer STA 533 * to which the STA is associated. 534 */ 535 void 536 ieee80211_sa_query_request(struct ieee80211com *ic, struct ieee80211_node *ni) 537 { 538 /* MLME-SAQuery.request */ 539 540 if (!(ni->ni_flags & IEEE80211_NODE_SA_QUERY)) { 541 ni->ni_flags |= IEEE80211_NODE_SA_QUERY; 542 ni->ni_flags &= ~IEEE80211_NODE_SA_QUERY_FAILED; 543 ni->ni_sa_query_count = 0; 544 } 545 /* generate new Transaction Identifier */ 546 ni->ni_sa_query_trid++; 547 548 /* send SA Query Request */ 549 IEEE80211_SEND_ACTION(ic, ni, IEEE80211_CATEG_SA_QUERY, 550 IEEE80211_ACTION_SA_QUERY_REQ, 0); 551 timeout_add_msec(&ni->ni_sa_query_to, 10); 552 } 553 #endif /* IEEE80211_STA_ONLY */ 554 555 #ifndef IEEE80211_NO_HT 556 void 557 ieee80211_tx_ba_timeout(void *arg) 558 { 559 struct ieee80211_tx_ba *ba = arg; 560 struct ieee80211_node *ni = ba->ba_ni; 561 struct ieee80211com *ic = ni->ni_ic; 562 u_int8_t tid; 563 int s; 564 565 s = splnet(); 566 if (ba->ba_state == IEEE80211_BA_REQUESTED) { 567 /* MLME-ADDBA.confirm(TIMEOUT) */ 568 ba->ba_state = IEEE80211_BA_INIT; 569 570 } else if (ba->ba_state == IEEE80211_BA_AGREED) { 571 /* Block Ack inactivity timeout */ 572 tid = ((caddr_t)ba - (caddr_t)ni->ni_tx_ba) / sizeof(*ba); 573 ieee80211_delba_request(ic, ni, IEEE80211_REASON_TIMEOUT, 574 1, tid); 575 } 576 splx(s); 577 } 578 579 void 580 ieee80211_rx_ba_timeout(void *arg) 581 { 582 struct ieee80211_rx_ba *ba = arg; 583 struct ieee80211_node *ni = ba->ba_ni; 584 struct ieee80211com *ic = ni->ni_ic; 585 u_int8_t tid; 586 int s; 587 588 s = splnet(); 589 590 /* Block Ack inactivity timeout */ 591 tid = ((caddr_t)ba - (caddr_t)ni->ni_rx_ba) / sizeof(*ba); 592 ieee80211_delba_request(ic, ni, IEEE80211_REASON_TIMEOUT, 0, tid); 593 594 splx(s); 595 } 596 597 /* 598 * Request initiation of Block Ack with the specified peer. 599 */ 600 int 601 ieee80211_addba_request(struct ieee80211com *ic, struct ieee80211_node *ni, 602 u_int16_t ssn, u_int8_t tid) 603 { 604 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 605 606 /* MLME-ADDBA.request */ 607 608 /* setup Block Ack */ 609 ba->ba_state = IEEE80211_BA_REQUESTED; 610 ba->ba_token = ic->ic_dialog_token++; 611 ba->ba_timeout_val = IEEE80211_BA_MAX_TIMEOUT; 612 timeout_set(&ba->ba_to, ieee80211_tx_ba_timeout, ba); 613 ba->ba_winsize = IEEE80211_BA_MAX_WINSZ; 614 ba->ba_winstart = ssn; 615 ba->ba_winend = (ba->ba_winstart + ba->ba_winsize - 1) & 0xfff; 616 617 timeout_add_sec(&ba->ba_to, 1); /* dot11ADDBAResponseTimeout */ 618 IEEE80211_SEND_ACTION(ic, ni, IEEE80211_CATEG_BA, 619 IEEE80211_ACTION_ADDBA_REQ, tid); 620 return 0; 621 } 622 623 /* 624 * Request the deletion of Block Ack with a peer. 625 */ 626 void 627 ieee80211_delba_request(struct ieee80211com *ic, struct ieee80211_node *ni, 628 u_int16_t reason, u_int8_t dir, u_int8_t tid) 629 { 630 /* MLME-DELBA.request */ 631 632 /* transmit a DELBA frame */ 633 IEEE80211_SEND_ACTION(ic, ni, IEEE80211_CATEG_BA, 634 IEEE80211_ACTION_DELBA, reason << 16 | dir << 8 | tid); 635 if (dir) { 636 /* MLME-DELBA.confirm(Originator) */ 637 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 638 639 if (ic->ic_ampdu_tx_stop != NULL) 640 ic->ic_ampdu_tx_stop(ic, ni, tid); 641 642 ba->ba_state = IEEE80211_BA_INIT; 643 /* stop Block Ack inactivity timer */ 644 timeout_del(&ba->ba_to); 645 } else { 646 /* MLME-DELBA.confirm(Recipient) */ 647 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 648 int i; 649 650 if (ic->ic_ampdu_rx_stop != NULL) 651 ic->ic_ampdu_rx_stop(ic, ni, tid); 652 653 ba->ba_state = IEEE80211_BA_INIT; 654 /* stop Block Ack inactivity timer */ 655 timeout_del(&ba->ba_to); 656 657 if (ba->ba_buf != NULL) { 658 /* free all MSDUs stored in reordering buffer */ 659 for (i = 0; i < IEEE80211_BA_MAX_WINSZ; i++) 660 if (ba->ba_buf[i].m != NULL) 661 m_freem(ba->ba_buf[i].m); 662 /* free reordering buffer */ 663 free(ba->ba_buf, M_DEVBUF); 664 ba->ba_buf = NULL; 665 } 666 } 667 } 668 #endif /* !IEEE80211_NO_HT */ 669 670 void 671 ieee80211_auth_open(struct ieee80211com *ic, const struct ieee80211_frame *wh, 672 struct ieee80211_node *ni, struct ieee80211_rxinfo *rxi, u_int16_t seq, 673 u_int16_t status) 674 { 675 struct ifnet *ifp = &ic->ic_if; 676 switch (ic->ic_opmode) { 677 #ifndef IEEE80211_STA_ONLY 678 case IEEE80211_M_IBSS: 679 if (ic->ic_state != IEEE80211_S_RUN || 680 seq != IEEE80211_AUTH_OPEN_REQUEST) { 681 DPRINTF(("discard auth from %s; state %u, seq %u\n", 682 ether_sprintf((u_int8_t *)wh->i_addr2), 683 ic->ic_state, seq)); 684 ic->ic_stats.is_rx_bad_auth++; 685 return; 686 } 687 ieee80211_new_state(ic, IEEE80211_S_AUTH, 688 wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 689 break; 690 691 case IEEE80211_M_AHDEMO: 692 /* should not come here */ 693 break; 694 695 case IEEE80211_M_HOSTAP: 696 if (ic->ic_state != IEEE80211_S_RUN || 697 seq != IEEE80211_AUTH_OPEN_REQUEST) { 698 DPRINTF(("discard auth from %s; state %u, seq %u\n", 699 ether_sprintf((u_int8_t *)wh->i_addr2), 700 ic->ic_state, seq)); 701 ic->ic_stats.is_rx_bad_auth++; 702 return; 703 } 704 if (ni == ic->ic_bss) { 705 ni = ieee80211_find_node(ic, wh->i_addr2); 706 if (ni == NULL) 707 ni = ieee80211_alloc_node(ic, wh->i_addr2); 708 if (ni == NULL) { 709 return; 710 } 711 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 712 ni->ni_rssi = rxi->rxi_rssi; 713 ni->ni_rstamp = rxi->rxi_tstamp; 714 ni->ni_chan = ic->ic_bss->ni_chan; 715 } 716 IEEE80211_SEND_MGMT(ic, ni, 717 IEEE80211_FC0_SUBTYPE_AUTH, seq + 1); 718 if (ifp->if_flags & IFF_DEBUG) 719 printf("%s: station %s %s authenticated (open)\n", 720 ifp->if_xname, 721 ether_sprintf((u_int8_t *)ni->ni_macaddr), 722 ni->ni_state != IEEE80211_STA_CACHE ? 723 "newly" : "already"); 724 ieee80211_node_newstate(ni, IEEE80211_STA_AUTH); 725 break; 726 #endif /* IEEE80211_STA_ONLY */ 727 728 case IEEE80211_M_STA: 729 if (ic->ic_state != IEEE80211_S_AUTH || 730 seq != IEEE80211_AUTH_OPEN_RESPONSE) { 731 ic->ic_stats.is_rx_bad_auth++; 732 DPRINTF(("discard auth from %s; state %u, seq %u\n", 733 ether_sprintf((u_int8_t *)wh->i_addr2), 734 ic->ic_state, seq)); 735 return; 736 } 737 if (ic->ic_flags & IEEE80211_F_RSNON) { 738 /* XXX not here! */ 739 ic->ic_bss->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 740 ic->ic_bss->ni_port_valid = 0; 741 ic->ic_bss->ni_replaycnt_ok = 0; 742 (*ic->ic_delete_key)(ic, ic->ic_bss, 743 &ic->ic_bss->ni_pairwise_key); 744 } 745 if (status != 0) { 746 if (ifp->if_flags & IFF_DEBUG) 747 printf("%s: open authentication failed " 748 "(reason %d) for %s\n", ifp->if_xname, 749 status, 750 ether_sprintf((u_int8_t *)wh->i_addr3)); 751 if (ni != ic->ic_bss) 752 ni->ni_fails++; 753 ic->ic_stats.is_rx_auth_fail++; 754 return; 755 } 756 ieee80211_new_state(ic, IEEE80211_S_ASSOC, 757 wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 758 break; 759 default: 760 break; 761 } 762 } 763 764 int 765 ieee80211_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, 766 int mgt) 767 { 768 struct ifnet *ifp = &ic->ic_if; 769 struct ieee80211_node *ni; 770 enum ieee80211_state ostate; 771 u_int rate; 772 #ifndef IEEE80211_STA_ONLY 773 int s; 774 #endif 775 776 ostate = ic->ic_state; 777 DPRINTF(("%s -> %s\n", ieee80211_state_name[ostate], 778 ieee80211_state_name[nstate])); 779 ic->ic_state = nstate; /* state transition */ 780 ni = ic->ic_bss; /* NB: no reference held */ 781 if (ostate == IEEE80211_S_RUN) 782 ieee80211_set_link_state(ic, LINK_STATE_DOWN); 783 switch (nstate) { 784 case IEEE80211_S_INIT: 785 /* 786 * If mgt = -1, driver is already partway down, so do 787 * not send management frames. 788 */ 789 switch (ostate) { 790 case IEEE80211_S_INIT: 791 break; 792 case IEEE80211_S_RUN: 793 if (mgt == -1) 794 goto justcleanup; 795 switch (ic->ic_opmode) { 796 case IEEE80211_M_STA: 797 IEEE80211_SEND_MGMT(ic, ni, 798 IEEE80211_FC0_SUBTYPE_DISASSOC, 799 IEEE80211_REASON_ASSOC_LEAVE); 800 break; 801 #ifndef IEEE80211_STA_ONLY 802 case IEEE80211_M_HOSTAP: 803 s = splnet(); 804 RB_FOREACH(ni, ieee80211_tree, &ic->ic_tree) { 805 if (ni->ni_associd == 0) 806 continue; 807 IEEE80211_SEND_MGMT(ic, ni, 808 IEEE80211_FC0_SUBTYPE_DISASSOC, 809 IEEE80211_REASON_ASSOC_LEAVE); 810 } 811 splx(s); 812 break; 813 #endif 814 default: 815 break; 816 } 817 /* FALLTHROUGH */ 818 case IEEE80211_S_ASSOC: 819 if (mgt == -1) 820 goto justcleanup; 821 switch (ic->ic_opmode) { 822 case IEEE80211_M_STA: 823 IEEE80211_SEND_MGMT(ic, ni, 824 IEEE80211_FC0_SUBTYPE_DEAUTH, 825 IEEE80211_REASON_AUTH_LEAVE); 826 break; 827 #ifndef IEEE80211_STA_ONLY 828 case IEEE80211_M_HOSTAP: 829 s = splnet(); 830 RB_FOREACH(ni, ieee80211_tree, &ic->ic_tree) { 831 IEEE80211_SEND_MGMT(ic, ni, 832 IEEE80211_FC0_SUBTYPE_DEAUTH, 833 IEEE80211_REASON_AUTH_LEAVE); 834 } 835 splx(s); 836 break; 837 #endif 838 default: 839 break; 840 } 841 /* FALLTHROUGH */ 842 case IEEE80211_S_AUTH: 843 case IEEE80211_S_SCAN: 844 justcleanup: 845 #ifndef IEEE80211_STA_ONLY 846 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 847 timeout_del(&ic->ic_rsn_timeout); 848 #endif 849 ic->ic_mgt_timer = 0; 850 IF_PURGE(&ic->ic_mgtq); 851 IF_PURGE(&ic->ic_pwrsaveq); 852 ieee80211_free_allnodes(ic); 853 break; 854 } 855 break; 856 case IEEE80211_S_SCAN: 857 ic->ic_flags &= ~IEEE80211_F_SIBSS; 858 /* initialize bss for probe request */ 859 IEEE80211_ADDR_COPY(ni->ni_macaddr, etherbroadcastaddr); 860 IEEE80211_ADDR_COPY(ni->ni_bssid, etherbroadcastaddr); 861 ni->ni_rates = ic->ic_sup_rates[ 862 ieee80211_chan2mode(ic, ni->ni_chan)]; 863 ni->ni_associd = 0; 864 ni->ni_rstamp = 0; 865 switch (ostate) { 866 case IEEE80211_S_INIT: 867 #ifndef IEEE80211_STA_ONLY 868 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 869 ic->ic_des_chan != IEEE80211_CHAN_ANYC) { 870 /* 871 * AP operation and we already have a channel; 872 * bypass the scan and startup immediately. 873 */ 874 ieee80211_create_ibss(ic, ic->ic_des_chan); 875 } else 876 #endif 877 ieee80211_begin_scan(ifp); 878 break; 879 case IEEE80211_S_SCAN: 880 /* scan next */ 881 if (ic->ic_flags & IEEE80211_F_ASCAN) { 882 IEEE80211_SEND_MGMT(ic, ni, 883 IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0); 884 } 885 break; 886 case IEEE80211_S_RUN: 887 /* beacon miss */ 888 if (ifp->if_flags & IFF_DEBUG) { 889 /* XXX bssid clobbered above */ 890 printf("%s: no recent beacons from %s;" 891 " rescanning\n", ifp->if_xname, 892 ether_sprintf(ic->ic_bss->ni_bssid)); 893 } 894 ieee80211_free_allnodes(ic); 895 /* FALLTHROUGH */ 896 case IEEE80211_S_AUTH: 897 case IEEE80211_S_ASSOC: 898 /* timeout restart scan */ 899 ni = ieee80211_find_node(ic, ic->ic_bss->ni_macaddr); 900 if (ni != NULL) 901 ni->ni_fails++; 902 ieee80211_begin_scan(ifp); 903 break; 904 } 905 break; 906 case IEEE80211_S_AUTH: 907 switch (ostate) { 908 case IEEE80211_S_INIT: 909 DPRINTF(("invalid transition\n")); 910 break; 911 case IEEE80211_S_SCAN: 912 IEEE80211_SEND_MGMT(ic, ni, 913 IEEE80211_FC0_SUBTYPE_AUTH, 1); 914 break; 915 case IEEE80211_S_AUTH: 916 case IEEE80211_S_ASSOC: 917 switch (mgt) { 918 case IEEE80211_FC0_SUBTYPE_AUTH: 919 /* ??? */ 920 IEEE80211_SEND_MGMT(ic, ni, 921 IEEE80211_FC0_SUBTYPE_AUTH, 2); 922 break; 923 case IEEE80211_FC0_SUBTYPE_DEAUTH: 924 /* ignore and retry scan on timeout */ 925 break; 926 } 927 break; 928 case IEEE80211_S_RUN: 929 switch (mgt) { 930 case IEEE80211_FC0_SUBTYPE_AUTH: 931 IEEE80211_SEND_MGMT(ic, ni, 932 IEEE80211_FC0_SUBTYPE_AUTH, 2); 933 ic->ic_state = ostate; /* stay RUN */ 934 break; 935 case IEEE80211_FC0_SUBTYPE_DEAUTH: 936 /* try to reauth */ 937 IEEE80211_SEND_MGMT(ic, ni, 938 IEEE80211_FC0_SUBTYPE_AUTH, 1); 939 break; 940 } 941 break; 942 } 943 break; 944 case IEEE80211_S_ASSOC: 945 switch (ostate) { 946 case IEEE80211_S_INIT: 947 case IEEE80211_S_SCAN: 948 case IEEE80211_S_ASSOC: 949 DPRINTF(("invalid transition\n")); 950 break; 951 case IEEE80211_S_AUTH: 952 IEEE80211_SEND_MGMT(ic, ni, 953 IEEE80211_FC0_SUBTYPE_ASSOC_REQ, 0); 954 break; 955 case IEEE80211_S_RUN: 956 IEEE80211_SEND_MGMT(ic, ni, 957 IEEE80211_FC0_SUBTYPE_ASSOC_REQ, 1); 958 break; 959 } 960 break; 961 case IEEE80211_S_RUN: 962 switch (ostate) { 963 case IEEE80211_S_INIT: 964 case IEEE80211_S_AUTH: 965 case IEEE80211_S_RUN: 966 DPRINTF(("invalid transition\n")); 967 break; 968 case IEEE80211_S_SCAN: /* adhoc/hostap mode */ 969 case IEEE80211_S_ASSOC: /* infra mode */ 970 if (ni->ni_txrate >= ni->ni_rates.rs_nrates) 971 panic("%s: bogus xmit rate %u setup", 972 __func__, ni->ni_txrate); 973 if (ifp->if_flags & IFF_DEBUG) { 974 printf("%s: %s with %s ssid ", 975 ifp->if_xname, 976 ic->ic_opmode == IEEE80211_M_STA ? 977 "associated" : "synchronized", 978 ether_sprintf(ni->ni_bssid)); 979 ieee80211_print_essid(ic->ic_bss->ni_essid, 980 ni->ni_esslen); 981 rate = ni->ni_rates.rs_rates[ni->ni_txrate] & 982 IEEE80211_RATE_VAL; 983 printf(" channel %d start %u%sMb", 984 ieee80211_chan2ieee(ic, ni->ni_chan), 985 rate / 2, (rate & 1) ? ".5" : ""); 986 printf(" %s preamble %s slot time%s\n", 987 (ic->ic_flags & IEEE80211_F_SHPREAMBLE) ? 988 "short" : "long", 989 (ic->ic_flags & IEEE80211_F_SHSLOT) ? 990 "short" : "long", 991 (ic->ic_flags & IEEE80211_F_USEPROT) ? 992 " protection enabled" : ""); 993 } 994 if (!(ic->ic_flags & IEEE80211_F_RSNON)) { 995 /* 996 * NB: When RSN is enabled, we defer setting 997 * the link up until the port is valid. 998 */ 999 ieee80211_set_link_state(ic, LINK_STATE_UP); 1000 } 1001 ic->ic_mgt_timer = 0; 1002 (*ifp->if_start)(ifp); 1003 break; 1004 } 1005 break; 1006 } 1007 return 0; 1008 } 1009 1010 void 1011 ieee80211_set_link_state(struct ieee80211com *ic, int nstate) 1012 { 1013 struct ifnet *ifp = &ic->ic_if; 1014 1015 switch (ic->ic_opmode) { 1016 #ifndef IEEE80211_STA_ONLY 1017 case IEEE80211_M_IBSS: 1018 case IEEE80211_M_HOSTAP: 1019 nstate = LINK_STATE_UNKNOWN; 1020 break; 1021 #endif 1022 case IEEE80211_M_MONITOR: 1023 nstate = LINK_STATE_DOWN; 1024 break; 1025 default: 1026 break; 1027 } 1028 if (nstate != ifp->if_link_state) { 1029 ifp->if_link_state = nstate; 1030 if_link_state_change(ifp); 1031 } 1032 } 1033