1 /*-
2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_output.c,v 1.69 2008/10/26 01:04:46 sam Exp $");
29
30 #include "opt_inet.h"
31 #include "opt_wlan.h"
32
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/mbuf.h>
36 #include <sys/kernel.h>
37 #include <sys/endian.h>
38
39 #include <sys/socket.h>
40
41 #include <net/bpf.h>
42 #include <net/ethernet.h>
43 #include <net/if.h>
44 #include <net/if_llc.h>
45 #include <net/if_media.h>
46 #include <net/if_vlan_var.h>
47
48 #include <net80211/ieee80211_var.h>
49 #include <net80211/ieee80211_regdomain.h>
50 #include <net80211/ieee80211_wds.h>
51
52 #ifdef INET
53 #include <netinet/in.h>
54 #include <netinet/if_ether.h>
55 #include <netinet/in_systm.h>
56 #include <netinet/ip.h>
57 #endif
58
59 #define ETHER_HEADER_COPY(dst, src) \
60 memcpy(dst, src, sizeof(struct ether_header))
61
62 static struct mbuf *ieee80211_encap_fastframe(struct ieee80211vap *,
63 struct mbuf *m1, const struct ether_header *eh1,
64 struct mbuf *m2, const struct ether_header *eh2);
65 static int ieee80211_fragment(struct ieee80211vap *, struct mbuf *,
66 u_int hdrsize, u_int ciphdrsize, u_int mtu);
67 static void ieee80211_tx_mgt_cb(struct ieee80211_node *, void *, int);
68
69 #ifdef IEEE80211_DEBUG
70 /*
71 * Decide if an outbound management frame should be
72 * printed when debugging is enabled. This filters some
73 * of the less interesting frames that come frequently
74 * (e.g. beacons).
75 */
76 static __inline int
77 doprint(struct ieee80211vap *vap, int subtype)
78 {
79 switch (subtype) {
80 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
81 return (vap->iv_opmode == IEEE80211_M_IBSS);
82 }
83 return 1;
84 }
85 #endif
86
87 /*
88 * Start method for vap's. All packets from the stack come
89 * through here. We handle common processing of the packets
90 * before dispatching them to the underlying device.
91 */
92 void
93 ieee80211_start(struct ifnet *ifp)
94 {
95 #define IS_DWDS(vap) \
96 (vap->iv_opmode == IEEE80211_M_WDS && \
97 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0)
98 struct ieee80211vap *vap = ifp->if_softc;
99 struct ieee80211com *ic = vap->iv_ic;
100 struct ifnet *parent = ic->ic_ifp;
101 struct ieee80211_node *ni;
102 struct mbuf *m;
103 struct ether_header *eh;
104 int error;
105
106 /* NB: parent must be up and running */
107 if (!IFNET_IS_UP_RUNNING(parent)) {
108 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
109 "%s: ignore queue, parent %s not up+running\n",
110 __func__, parent->if_xname);
111 /* XXX stat */
112 return;
113 }
114 if (vap->iv_state == IEEE80211_S_SLEEP) {
115 /*
116 * In power save, wakeup device for transmit.
117 */
118 ieee80211_new_state(vap, IEEE80211_S_RUN, 0);
119 return;
120 }
121 /*
122 * No data frames go out unless we're running.
123 * Note in particular this covers CAC and CSA
124 * states (though maybe we should check muting
125 * for CSA).
126 */
127 if (vap->iv_state != IEEE80211_S_RUN) {
128 IEEE80211_LOCK(ic);
129 /* re-check under the com lock to avoid races */
130 if (vap->iv_state != IEEE80211_S_RUN) {
131 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
132 "%s: ignore queue, in %s state\n",
133 __func__, ieee80211_state_name[vap->iv_state]);
134 vap->iv_stats.is_tx_badstate++;
135 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
136 IEEE80211_UNLOCK(ic);
137 return;
138 }
139 IEEE80211_UNLOCK(ic);
140 }
141 for (;;) {
142 IFQ_DEQUEUE(&ifp->if_snd, m);
143 if (m == NULL)
144 break;
145 /*
146 * Sanitize mbuf flags for net80211 use. We cannot
147 * clear M_PWR_SAV because this may be set for frames
148 * that are re-submitted from the power save queue.
149 *
150 * NB: This must be done before ieee80211_classify as
151 * it marks EAPOL in frames with M_EAPOL.
152 */
153 m->m_flags &= ~(M_80211_TX - M_PWR_SAV);
154 /*
155 * Cancel any background scan.
156 */
157 if (ic->ic_flags & IEEE80211_F_SCAN)
158 ieee80211_cancel_anyscan(vap);
159 /*
160 * Find the node for the destination so we can do
161 * things like power save and fast frames aggregation.
162 *
163 * NB: past this point various code assumes the first
164 * mbuf has the 802.3 header present (and contiguous).
165 */
166 ni = NULL;
167 if (m->m_len < sizeof(struct ether_header) &&
168 (m = m_pullup(m, sizeof(struct ether_header))) == NULL) {
169 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
170 "discard frame, %s\n", "m_pullup failed");
171 vap->iv_stats.is_tx_nobuf++; /* XXX */
172 ifp->if_oerrors++;
173 continue;
174 }
175 eh = mtod(m, struct ether_header *);
176 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
177 if (IS_DWDS(vap)) {
178 /*
179 * Only unicast frames from the above go out
180 * DWDS vaps; multicast frames are handled by
181 * dispatching the frame as it comes through
182 * the AP vap (see below).
183 */
184 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_WDS,
185 eh->ether_dhost, "mcast", "%s", "on DWDS");
186 vap->iv_stats.is_dwds_mcast++;
187 m_freem(m);
188 continue;
189 }
190 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
191 /*
192 * Spam DWDS vap's w/ multicast traffic.
193 */
194 /* XXX only if dwds in use? */
195 ieee80211_dwds_mcast(vap, m);
196 }
197 }
198 ni = ieee80211_find_txnode(vap, eh->ether_dhost);
199 if (ni == NULL) {
200 /* NB: ieee80211_find_txnode does stat+msg */
201 ifp->if_oerrors++;
202 m_freem(m);
203 continue;
204 }
205 /* XXX AUTH'd */
206 /* XXX mark vap to identify if associd is required */
207 if (ni->ni_associd == 0 &&
208 (vap->iv_opmode == IEEE80211_M_STA ||
209 vap->iv_opmode == IEEE80211_M_HOSTAP || IS_DWDS(vap))) {
210 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT,
211 eh->ether_dhost, NULL,
212 "sta not associated (type 0x%04x)",
213 htons(eh->ether_type));
214 vap->iv_stats.is_tx_notassoc++;
215 ifp->if_oerrors++;
216 m_freem(m);
217 ieee80211_free_node(ni);
218 continue;
219 }
220 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
221 (m->m_flags & M_PWR_SAV) == 0) {
222 /*
223 * Station in power save mode; pass the frame
224 * to the 802.11 layer and continue. We'll get
225 * the frame back when the time is right.
226 * XXX lose WDS vap linkage?
227 */
228 (void) ieee80211_pwrsave(ni, m);
229 ieee80211_free_node(ni);
230 continue;
231 }
232 /* calculate priority so drivers can find the tx queue */
233 if (ieee80211_classify(ni, m)) {
234 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT,
235 eh->ether_dhost, NULL,
236 "%s", "classification failure");
237 vap->iv_stats.is_tx_classify++;
238 ifp->if_oerrors++;
239 m_freem(m);
240 ieee80211_free_node(ni);
241 continue;
242 }
243
244 BPF_MTAP(ifp, m); /* 802.11 tx path */
245
246 /*
247 * XXX When ni is associated with a WDS link then
248 * the vap will be the WDS vap but ni_vap will point
249 * to the ap vap the station associated to. Once
250 * we handoff the packet to the driver the callback
251 * to ieee80211_encap won't be able to tell if the
252 * packet should be encapsulated for WDS or not (e.g.
253 * multicast frames will not be handled correctly).
254 * We hack this by marking the mbuf so ieee80211_encap
255 * can do the right thing.
256 */
257 if (vap->iv_opmode == IEEE80211_M_WDS)
258 m->m_flags |= M_WDS;
259 else
260 m->m_flags &= ~M_WDS;
261
262 /*
263 * Stash the node pointer and hand the frame off to
264 * the underlying device. Note that we do this after
265 * any call to ieee80211_dwds_mcast because that code
266 * uses any existing value for rcvif.
267 */
268 m->m_pkthdr.rcvif = (void *)ni;
269
270 /* XXX defer if_start calls? */
271 IFQ_HANDOFF(parent, m, error);
272 if (error != 0) {
273 /* NB: IFQ_HANDOFF reclaims mbuf */
274 ieee80211_free_node(ni);
275 } else {
276 ifp->if_opackets++;
277 }
278 ic->ic_lastdata = ticks;
279 }
280 #undef IS_DWDS
281 }
282
283 /*
284 * 802.11 output routine. This is (currently) used only to
285 * connect bpf write calls to the 802.11 layer for injecting
286 * raw 802.11 frames. Note we locate the ieee80211com from
287 * the ifnet using a spare field setup at attach time. This
288 * will go away when the virtual ap support comes in.
289 */
290 int
291 ieee80211_output(struct ifnet *ifp, struct mbuf *m,
292 struct sockaddr *dst, struct rtentry *rt0)
293 {
294 #define senderr(e) do { error = (e); goto bad;} while (0)
295 struct ieee80211_node *ni = NULL;
296 struct ieee80211vap *vap;
297 struct ieee80211_frame *wh;
298 int error;
299
300 if (ifp->if_drv_flags & IFF_DRV_OACTIVE) {
301 /*
302 * Short-circuit requests if the vap is marked OACTIVE
303 * as this is used when tearing down state to indicate
304 * the vap may be gone. This can also happen because a
305 * packet came down through ieee80211_start before the
306 * vap entered RUN state in which case it's also ok to
307 * just drop the frame. This should not be necessary
308 * but callers of if_output don't check OACTIVE.
309 */
310 senderr(ENETDOWN);
311 }
312 vap = ifp->if_softc;
313 /*
314 * Hand to the 802.3 code if not tagged as
315 * a raw 802.11 frame.
316 */
317 if (dst->sa_family != AF_IEEE80211)
318 return vap->iv_output(ifp, m, dst, rt0);
319 #ifdef MAC
320 error = mac_check_ifnet_transmit(ifp, m);
321 if (error)
322 senderr(error);
323 #endif
324 if (ifp->if_flags & IFF_MONITOR)
325 senderr(ENETDOWN);
326 if (!IFNET_IS_UP_RUNNING(ifp))
327 senderr(ENETDOWN);
328 if (vap->iv_state == IEEE80211_S_CAC) {
329 IEEE80211_DPRINTF(vap,
330 IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
331 "block %s frame in CAC state\n", "raw data");
332 vap->iv_stats.is_tx_badstate++;
333 senderr(EIO); /* XXX */
334 }
335 /* XXX bypass bridge, pfil, carp, etc. */
336
337 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack))
338 senderr(EIO); /* XXX */
339 wh = mtod(m, struct ieee80211_frame *);
340 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
341 IEEE80211_FC0_VERSION_0)
342 senderr(EIO); /* XXX */
343
344 /* locate destination node */
345 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
346 case IEEE80211_FC1_DIR_NODS:
347 case IEEE80211_FC1_DIR_FROMDS:
348 ni = ieee80211_find_txnode(vap, wh->i_addr1);
349 break;
350 case IEEE80211_FC1_DIR_TODS:
351 case IEEE80211_FC1_DIR_DSTODS:
352 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame))
353 senderr(EIO); /* XXX */
354 ni = ieee80211_find_txnode(vap, wh->i_addr3);
355 break;
356 default:
357 senderr(EIO); /* XXX */
358 }
359 if (ni == NULL) {
360 /*
361 * Permit packets w/ bpf params through regardless
362 * (see below about sa_len).
363 */
364 if (dst->sa_len == 0)
365 senderr(EHOSTUNREACH);
366 ni = ieee80211_ref_node(vap->iv_bss);
367 }
368
369 /*
370 * Sanitize mbuf for net80211 flags leaked from above.
371 *
372 * NB: This must be done before ieee80211_classify as
373 * it marks EAPOL in frames with M_EAPOL.
374 */
375 m->m_flags &= ~M_80211_TX;
376
377 /* calculate priority so drivers can find the tx queue */
378 /* XXX assumes an 802.3 frame */
379 if (ieee80211_classify(ni, m))
380 senderr(EIO); /* XXX */
381
382 BPF_MTAP(ifp, m);
383
384 /*
385 * NB: DLT_IEEE802_11_RADIO identifies the parameters are
386 * present by setting the sa_len field of the sockaddr (yes,
387 * this is a hack).
388 * NB: we assume sa_data is suitably aligned to cast.
389 */
390 return vap->iv_ic->ic_raw_xmit(ni, m,
391 (const struct ieee80211_bpf_params *)(dst->sa_len ?
392 dst->sa_data : NULL));
393 bad:
394 if (m != NULL)
395 m_freem(m);
396 if (ni != NULL)
397 ieee80211_free_node(ni);
398 return error;
399 #undef senderr
400 }
401
402 /*
403 * Set the direction field and address fields of an outgoing
404 * frame. Note this should be called early on in constructing
405 * a frame as it sets i_fc[1]; other bits can then be or'd in.
406 */
407 static void
408 ieee80211_send_setup(
409 struct ieee80211_node *ni,
410 struct ieee80211_frame *wh,
411 int type, int tid,
412 const uint8_t sa[IEEE80211_ADDR_LEN],
413 const uint8_t da[IEEE80211_ADDR_LEN],
414 const uint8_t bssid[IEEE80211_ADDR_LEN])
415 {
416 #define WH4(wh) ((struct ieee80211_frame_addr4 *)wh)
417
418 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type;
419 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) {
420 struct ieee80211vap *vap = ni->ni_vap;
421
422 switch (vap->iv_opmode) {
423 case IEEE80211_M_STA:
424 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
425 IEEE80211_ADDR_COPY(wh->i_addr1, bssid);
426 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
427 IEEE80211_ADDR_COPY(wh->i_addr3, da);
428 break;
429 case IEEE80211_M_IBSS:
430 case IEEE80211_M_AHDEMO:
431 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
432 IEEE80211_ADDR_COPY(wh->i_addr1, da);
433 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
434 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
435 break;
436 case IEEE80211_M_HOSTAP:
437 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
438 IEEE80211_ADDR_COPY(wh->i_addr1, da);
439 IEEE80211_ADDR_COPY(wh->i_addr2, bssid);
440 IEEE80211_ADDR_COPY(wh->i_addr3, sa);
441 break;
442 case IEEE80211_M_WDS:
443 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
444 IEEE80211_ADDR_COPY(wh->i_addr1, da);
445 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
446 IEEE80211_ADDR_COPY(wh->i_addr3, da);
447 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa);
448 break;
449 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */
450 break;
451 }
452 } else {
453 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
454 IEEE80211_ADDR_COPY(wh->i_addr1, da);
455 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
456 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
457 }
458 *(uint16_t *)&wh->i_dur[0] = 0;
459 *(uint16_t *)&wh->i_seq[0] =
460 htole16(ni->ni_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT);
461 ni->ni_txseqs[tid]++;
462 #undef WH4
463 }
464
465 /*
466 * Send a management frame to the specified node. The node pointer
467 * must have a reference as the pointer will be passed to the driver
468 * and potentially held for a long time. If the frame is successfully
469 * dispatched to the driver, then it is responsible for freeing the
470 * reference (and potentially free'ing up any associated storage);
471 * otherwise deal with reclaiming any reference (on error).
472 */
473 int
474 ieee80211_mgmt_output(struct ieee80211_node *ni, struct mbuf *m, int type,
475 struct ieee80211_bpf_params *params)
476 {
477 struct ieee80211vap *vap = ni->ni_vap;
478 struct ieee80211com *ic = ni->ni_ic;
479 struct ieee80211_frame *wh;
480
481 KASSERT(ni != NULL, ("null node"));
482
483 if (vap->iv_state == IEEE80211_S_CAC) {
484 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
485 ni, "block %s frame in CAC state",
486 ieee80211_mgt_subtype_name[
487 (type & IEEE80211_FC0_SUBTYPE_MASK) >>
488 IEEE80211_FC0_SUBTYPE_SHIFT]);
489 vap->iv_stats.is_tx_badstate++;
490 ieee80211_free_node(ni);
491 m_freem(m);
492 return EIO; /* XXX */
493 }
494
495 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
496 if (m == NULL) {
497 ieee80211_free_node(ni);
498 return ENOMEM;
499 }
500
501 wh = mtod(m, struct ieee80211_frame *);
502 ieee80211_send_setup(ni, wh,
503 IEEE80211_FC0_TYPE_MGT | type, IEEE80211_NONQOS_TID,
504 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
505 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) {
506 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr1,
507 "encrypting frame (%s)", __func__);
508 wh->i_fc[1] |= IEEE80211_FC1_WEP;
509 }
510 m->m_flags |= M_ENCAP; /* mark encapsulated */
511
512 KASSERT(type != IEEE80211_FC0_SUBTYPE_PROBE_RESP, ("probe response?"));
513 M_WME_SETAC(m, params->ibp_pri);
514
515 #ifdef IEEE80211_DEBUG
516 /* avoid printing too many frames */
517 if ((ieee80211_msg_debug(vap) && doprint(vap, type)) ||
518 ieee80211_msg_dumppkts(vap)) {
519 printf("[%s] send %s on channel %u\n",
520 ether_sprintf(wh->i_addr1),
521 ieee80211_mgt_subtype_name[
522 (type & IEEE80211_FC0_SUBTYPE_MASK) >>
523 IEEE80211_FC0_SUBTYPE_SHIFT],
524 ieee80211_chan2ieee(ic, ic->ic_curchan));
525 }
526 #endif
527 IEEE80211_NODE_STAT(ni, tx_mgmt);
528
529 return ic->ic_raw_xmit(ni, m, params);
530 }
531
532 /*
533 * Send a null data frame to the specified node. If the station
534 * is setup for QoS then a QoS Null Data frame is constructed.
535 * If this is a WDS station then a 4-address frame is constructed.
536 *
537 * NB: the caller is assumed to have setup a node reference
538 * for use; this is necessary to deal with a race condition
539 * when probing for inactive stations. Like ieee80211_mgmt_output
540 * we must cleanup any node reference on error; however we
541 * can safely just unref it as we know it will never be the
542 * last reference to the node.
543 */
544 int
545 ieee80211_send_nulldata(struct ieee80211_node *ni)
546 {
547 struct ieee80211vap *vap = ni->ni_vap;
548 struct ieee80211com *ic = ni->ni_ic;
549 struct mbuf *m;
550 struct ieee80211_frame *wh;
551 int hdrlen;
552 uint8_t *frm;
553
554 if (vap->iv_state == IEEE80211_S_CAC) {
555 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
556 ni, "block %s frame in CAC state", "null data");
557 ieee80211_unref_node(&ni);
558 vap->iv_stats.is_tx_badstate++;
559 return EIO; /* XXX */
560 }
561
562 if (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT))
563 hdrlen = sizeof(struct ieee80211_qosframe);
564 else
565 hdrlen = sizeof(struct ieee80211_frame);
566 /* NB: only WDS vap's get 4-address frames */
567 if (vap->iv_opmode == IEEE80211_M_WDS)
568 hdrlen += IEEE80211_ADDR_LEN;
569 if (ic->ic_flags & IEEE80211_F_DATAPAD)
570 hdrlen = roundup(hdrlen, sizeof(uint32_t));
571
572 m = ieee80211_getmgtframe(&frm, ic->ic_headroom + hdrlen, 0);
573 if (m == NULL) {
574 /* XXX debug msg */
575 ieee80211_unref_node(&ni);
576 vap->iv_stats.is_tx_nobuf++;
577 return ENOMEM;
578 }
579 KASSERT(M_LEADINGSPACE(m) >= hdrlen,
580 ("leading space %zd", M_LEADINGSPACE(m)));
581 M_PREPEND(m, hdrlen, M_DONTWAIT);
582 if (m == NULL) {
583 /* NB: cannot happen */
584 ieee80211_free_node(ni);
585 return ENOMEM;
586 }
587
588 wh = mtod(m, struct ieee80211_frame *); /* NB: a little lie */
589 if (ni->ni_flags & IEEE80211_NODE_QOS) {
590 const int tid = WME_AC_TO_TID(WME_AC_BE);
591 uint8_t *qos;
592
593 ieee80211_send_setup(ni, wh,
594 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS_NULL,
595 tid, vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
596
597 if (vap->iv_opmode == IEEE80211_M_WDS)
598 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
599 else
600 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
601 qos[0] = tid & IEEE80211_QOS_TID;
602 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[WME_AC_BE].wmep_noackPolicy)
603 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK;
604 qos[1] = 0;
605 } else {
606 ieee80211_send_setup(ni, wh,
607 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA,
608 IEEE80211_NONQOS_TID,
609 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
610 }
611 if (vap->iv_opmode != IEEE80211_M_WDS) {
612 /* NB: power management bit is never sent by an AP */
613 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
614 vap->iv_opmode != IEEE80211_M_HOSTAP)
615 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT;
616 }
617 m->m_len = m->m_pkthdr.len = hdrlen;
618 m->m_flags |= M_ENCAP; /* mark encapsulated */
619
620 M_WME_SETAC(m, WME_AC_BE);
621
622 IEEE80211_NODE_STAT(ni, tx_data);
623
624 IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, ni,
625 "send %snull data frame on channel %u, pwr mgt %s",
626 ni->ni_flags & IEEE80211_NODE_QOS ? "QoS " : "",
627 ieee80211_chan2ieee(ic, ic->ic_curchan),
628 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis");
629
630 return ic->ic_raw_xmit(ni, m, NULL);
631 }
632
633 /*
634 * Assign priority to a frame based on any vlan tag assigned
635 * to the station and/or any Diffserv setting in an IP header.
636 * Finally, if an ACM policy is setup (in station mode) it's
637 * applied.
638 */
639 int
640 ieee80211_classify(struct ieee80211_node *ni, struct mbuf *m)
641 {
642 const struct ether_header *eh = mtod(m, struct ether_header *);
643 int v_wme_ac, d_wme_ac, ac;
644
645 /*
646 * Always promote PAE/EAPOL frames to high priority.
647 */
648 if (eh->ether_type == htons(ETHERTYPE_PAE)) {
649 /* NB: mark so others don't need to check header */
650 m->m_flags |= M_EAPOL;
651 ac = WME_AC_VO;
652 goto done;
653 }
654 /*
655 * Non-qos traffic goes to BE.
656 */
657 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) {
658 ac = WME_AC_BE;
659 goto done;
660 }
661
662 /*
663 * If node has a vlan tag then all traffic
664 * to it must have a matching tag.
665 */
666 v_wme_ac = 0;
667 if (ni->ni_vlan != 0) {
668 if ((m->m_flags & M_VLANTAG) == 0) {
669 IEEE80211_NODE_STAT(ni, tx_novlantag);
670 return 1;
671 }
672 if (EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) !=
673 EVL_VLANOFTAG(ni->ni_vlan)) {
674 IEEE80211_NODE_STAT(ni, tx_vlanmismatch);
675 return 1;
676 }
677 /* map vlan priority to AC */
678 v_wme_ac = TID_TO_WME_AC(EVL_PRIOFTAG(ni->ni_vlan));
679 }
680
681 #ifdef INET
682 if (eh->ether_type == htons(ETHERTYPE_IP)) {
683 uint8_t tos;
684 /*
685 * IP frame, map the DSCP bits from the TOS field.
686 */
687 /* XXX m_copydata may be too slow for fast path */
688 /* NB: ip header may not be in first mbuf */
689 m_copydata(m, sizeof(struct ether_header) +
690 offsetof(struct ip, ip_tos), sizeof(tos), &tos);
691 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */
692 d_wme_ac = TID_TO_WME_AC(tos);
693 } else {
694 #endif /* INET */
695 d_wme_ac = WME_AC_BE;
696 #ifdef INET
697 }
698 #endif
699 /*
700 * Use highest priority AC.
701 */
702 if (v_wme_ac > d_wme_ac)
703 ac = v_wme_ac;
704 else
705 ac = d_wme_ac;
706
707 /*
708 * Apply ACM policy.
709 */
710 if (ni->ni_vap->iv_opmode == IEEE80211_M_STA) {
711 static const int acmap[4] = {
712 WME_AC_BK, /* WME_AC_BE */
713 WME_AC_BK, /* WME_AC_BK */
714 WME_AC_BE, /* WME_AC_VI */
715 WME_AC_VI, /* WME_AC_VO */
716 };
717 struct ieee80211com *ic = ni->ni_ic;
718
719 while (ac != WME_AC_BK &&
720 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm)
721 ac = acmap[ac];
722 }
723 done:
724 M_WME_SETAC(m, ac);
725 return 0;
726 }
727
728 /*
729 * Insure there is sufficient contiguous space to encapsulate the
730 * 802.11 data frame. If room isn't already there, arrange for it.
731 * Drivers and cipher modules assume we have done the necessary work
732 * and fail rudely if they don't find the space they need.
733 */
734 static struct mbuf *
735 ieee80211_mbuf_adjust(struct ieee80211vap *vap, int hdrsize,
736 struct ieee80211_key *key, struct mbuf *m)
737 {
738 #define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc))
739 int needed_space = vap->iv_ic->ic_headroom + hdrsize;
740
741 if (key != NULL) {
742 /* XXX belongs in crypto code? */
743 needed_space += key->wk_cipher->ic_header;
744 /* XXX frags */
745 /*
746 * When crypto is being done in the host we must insure
747 * the data are writable for the cipher routines; clone
748 * a writable mbuf chain.
749 * XXX handle SWMIC specially
750 */
751 if (key->wk_flags & (IEEE80211_KEY_SWENCRYPT|IEEE80211_KEY_SWENMIC)) {
752 m = m_unshare(m, M_NOWAIT);
753 if (m == NULL) {
754 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
755 "%s: cannot get writable mbuf\n", __func__);
756 vap->iv_stats.is_tx_nobuf++; /* XXX new stat */
757 return NULL;
758 }
759 }
760 }
761 /*
762 * We know we are called just before stripping an Ethernet
763 * header and prepending an LLC header. This means we know
764 * there will be
765 * sizeof(struct ether_header) - sizeof(struct llc)
766 * bytes recovered to which we need additional space for the
767 * 802.11 header and any crypto header.
768 */
769 /* XXX check trailing space and copy instead? */
770 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) {
771 struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type);
772 if (n == NULL) {
773 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
774 "%s: cannot expand storage\n", __func__);
775 vap->iv_stats.is_tx_nobuf++;
776 m_freem(m);
777 return NULL;
778 }
779 KASSERT(needed_space <= MHLEN,
780 ("not enough room, need %u got %zu\n", needed_space, MHLEN));
781 /*
782 * Setup new mbuf to have leading space to prepend the
783 * 802.11 header and any crypto header bits that are
784 * required (the latter are added when the driver calls
785 * back to ieee80211_crypto_encap to do crypto encapsulation).
786 */
787 /* NB: must be first 'cuz it clobbers m_data */
788 m_move_pkthdr(n, m);
789 n->m_len = 0; /* NB: m_gethdr does not set */
790 n->m_data += needed_space;
791 /*
792 * Pull up Ethernet header to create the expected layout.
793 * We could use m_pullup but that's overkill (i.e. we don't
794 * need the actual data) and it cannot fail so do it inline
795 * for speed.
796 */
797 /* NB: struct ether_header is known to be contiguous */
798 n->m_len += sizeof(struct ether_header);
799 m->m_len -= sizeof(struct ether_header);
800 m->m_data += sizeof(struct ether_header);
801 /*
802 * Replace the head of the chain.
803 */
804 n->m_next = m;
805 m = n;
806 }
807 return m;
808 #undef TO_BE_RECLAIMED
809 }
810
811 /*
812 * Return the transmit key to use in sending a unicast frame.
813 * If a unicast key is set we use that. When no unicast key is set
814 * we fall back to the default transmit key.
815 */
816 static __inline struct ieee80211_key *
817 ieee80211_crypto_getucastkey(struct ieee80211vap *vap,
818 struct ieee80211_node *ni)
819 {
820 if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
821 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE ||
822 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey]))
823 return NULL;
824 return &vap->iv_nw_keys[vap->iv_def_txkey];
825 } else {
826 return &ni->ni_ucastkey;
827 }
828 }
829
830 /*
831 * Return the transmit key to use in sending a multicast frame.
832 * Multicast traffic always uses the group key which is installed as
833 * the default tx key.
834 */
835 static __inline struct ieee80211_key *
836 ieee80211_crypto_getmcastkey(struct ieee80211vap *vap,
837 struct ieee80211_node *ni)
838 {
839 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE ||
840 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey]))
841 return NULL;
842 return &vap->iv_nw_keys[vap->iv_def_txkey];
843 }
844
845 /*
846 * Encapsulate an outbound data frame. The mbuf chain is updated.
847 * If an error is encountered NULL is returned. The caller is required
848 * to provide a node reference and pullup the ethernet header in the
849 * first mbuf.
850 *
851 * NB: Packet is assumed to be processed by ieee80211_classify which
852 * marked EAPOL frames w/ M_EAPOL.
853 */
854 struct mbuf *
855 ieee80211_encap(struct ieee80211_node *ni, struct mbuf *m)
856 {
857 #define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh))
858 struct ieee80211vap *vap = ni->ni_vap;
859 struct ieee80211com *ic = ni->ni_ic;
860 struct ether_header eh;
861 struct ieee80211_frame *wh;
862 struct ieee80211_key *key;
863 struct llc *llc;
864 int hdrsize, hdrspace, datalen, addqos, txfrag, isff, is4addr;
865
866 /*
867 * Copy existing Ethernet header to a safe place. The
868 * rest of the code assumes it's ok to strip it when
869 * reorganizing state for the final encapsulation.
870 */
871 KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!"));
872 ETHER_HEADER_COPY(&eh, mtod(m, caddr_t));
873
874 /*
875 * Insure space for additional headers. First identify
876 * transmit key to use in calculating any buffer adjustments
877 * required. This is also used below to do privacy
878 * encapsulation work. Then calculate the 802.11 header
879 * size and any padding required by the driver.
880 *
881 * Note key may be NULL if we fall back to the default
882 * transmit key and that is not set. In that case the
883 * buffer may not be expande |