1 /* $NetBSD: ieee80211_output.c,v 1.45 2006/11/16 01:33:41 christos Exp $ */
2 /*-
3 * Copyright (c) 2001 Atsushi Onoe
4 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * Alternatively, this software may be distributed under the terms of the
19 * GNU General Public License ("GPL") version 2 as published by the Free
20 * Software Foundation.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 #include <sys/cdefs.h>
35 #ifdef __FreeBSD__
36 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_output.c,v 1.34 2005/08/10 16:22:29 sam Exp $");
37 #endif
38 #ifdef __NetBSD__
39 __KERNEL_RCSID(0, "$NetBSD: ieee80211_output.c,v 1.45 2006/11/16 01:33:41 christos Exp $");
40 #endif
41
42 #include "opt_inet.h"
43
44 #ifdef __NetBSD__
45 #include "bpfilter.h"
46 #endif /* __NetBSD__ */
47
48 #include <sys/param.h>
49 #include <sys/systm.h>
50 #include <sys/mbuf.h>
51 #include <sys/kernel.h>
52 #include <sys/endian.h>
53 #include <sys/errno.h>
54 #include <sys/proc.h>
55 #include <sys/sysctl.h>
56
57 #include <net/if.h>
58 #include <net/if_llc.h>
59 #include <net/if_media.h>
60 #include <net/if_arp.h>
61 #include <net/if_ether.h>
62 #include <net/if_llc.h>
63 #include <net/if_vlanvar.h>
64
65 #include <net80211/ieee80211_netbsd.h>
66 #include <net80211/ieee80211_var.h>
67
68 #if NBPFILTER > 0
69 #include <net/bpf.h>
70 #endif
71
72 #ifdef INET
73 #include <netinet/in.h>
74 #include <netinet/in_systm.h>
75 #include <netinet/in_var.h>
76 #include <netinet/ip.h>
77 #include <net/if_ether.h>
78 #endif
79
80 #ifdef IEEE80211_DEBUG
81 /*
82 * Decide if an outbound management frame should be
83 * printed when debugging is enabled. This filters some
84 * of the less interesting frames that come frequently
85 * (e.g. beacons).
86 */
87 static __inline int
88 doprint(struct ieee80211com *ic, int subtype)
89 {
90 switch (subtype) {
91 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
92 return (ic->ic_opmode == IEEE80211_M_IBSS);
93 }
94 return 1;
95 }
96 #endif
97
98 /*
99 * Set the direction field and address fields of an outgoing
100 * non-QoS frame. Note this should be called early on in
101 * constructing a frame as it sets i_fc[1]; other bits can
102 * then be or'd in.
103 */
104 static void
105 ieee80211_send_setup(struct ieee80211com *ic,
106 struct ieee80211_node *ni,
107 struct ieee80211_frame *wh,
108 int type,
109 const u_int8_t sa[IEEE80211_ADDR_LEN],
110 const u_int8_t da[IEEE80211_ADDR_LEN],
111 const u_int8_t bssid[IEEE80211_ADDR_LEN])
112 {
113 #define WH4(wh) ((struct ieee80211_frame_addr4 *)wh)
114
115 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type;
116 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) {
117 switch (ic->ic_opmode) {
118 case IEEE80211_M_STA:
119 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
120 IEEE80211_ADDR_COPY(wh->i_addr1, bssid);
121 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
122 IEEE80211_ADDR_COPY(wh->i_addr3, da);
123 break;
124 case IEEE80211_M_IBSS:
125 case IEEE80211_M_AHDEMO:
126 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
127 IEEE80211_ADDR_COPY(wh->i_addr1, da);
128 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
129 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
130 break;
131 case IEEE80211_M_HOSTAP:
132 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
133 IEEE80211_ADDR_COPY(wh->i_addr1, da);
134 IEEE80211_ADDR_COPY(wh->i_addr2, bssid);
135 IEEE80211_ADDR_COPY(wh->i_addr3, sa);
136 break;
137 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */
138 break;
139 }
140 } else {
141 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
142 IEEE80211_ADDR_COPY(wh->i_addr1, da);
143 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
144 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
145 }
146 *(u_int16_t *)&wh->i_dur[0] = 0;
147 /* NB: use non-QoS tid */
148 *(u_int16_t *)&wh->i_seq[0] =
149 htole16(ni->ni_txseqs[0] << IEEE80211_SEQ_SEQ_SHIFT);
150 ni->ni_txseqs[0]++;
151 #undef WH4
152 }
153
154 /*
155 * Send a management frame to the specified node. The node pointer
156 * must have a reference as the pointer will be passed to the driver
157 * and potentially held for a long time. If the frame is successfully
158 * dispatched to the driver, then it is responsible for freeing the
159 * reference (and potentially free'ing up any associated storage).
160 */
161 static int
162 ieee80211_mgmt_output(struct ieee80211com *ic, struct ieee80211_node *ni,
163 struct mbuf *m, int type, int timer)
164 {
165 struct ifnet *ifp = ic->ic_ifp;
166 struct ieee80211_frame *wh;
167
168 IASSERT(ni != NULL, ("null node"));
169
170 /*
171 * Yech, hack alert! We want to pass the node down to the
172 * driver's start routine. If we don't do so then the start
173 * routine must immediately look it up again and that can
174 * cause a lock order reversal if, for example, this frame
175 * is being sent because the station is being timedout and
176 * the frame being sent is a DEAUTH message. We could stick
177 * this in an m_tag and tack that on to the mbuf. However
178 * that's rather expensive to do for every frame so instead
179 * we stuff it in the rcvif field since outbound frames do
180 * not (presently) use this.
181 */
182 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
183 if (m == NULL)
184 return ENOMEM;
185 #ifdef __FreeBSD__
186 KASSERT(m->m_pkthdr.rcvif == NULL, ("rcvif not null"));
187 #endif
188 m->m_pkthdr.rcvif = (void *)ni;
189
190 wh = mtod(m, struct ieee80211_frame *);
191 ieee80211_send_setup(ic, ni, wh,
192 IEEE80211_FC0_TYPE_MGT | type,
193 ic->ic_myaddr, ni->ni_macaddr, ni->ni_bssid);
194 if ((m->m_flags & M_LINK0) != 0 && ni->ni_challenge != NULL) {
195 m->m_flags &= ~M_LINK0;
196 IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH,
197 "[%s] encrypting frame (%s)\n",
198 ether_sprintf(wh->i_addr1), __func__);
199 wh->i_fc[1] |= IEEE80211_FC1_WEP;
200 }
201 #ifdef IEEE80211_DEBUG
202 /* avoid printing too many frames */
203 if ((ieee80211_msg_debug(ic) && doprint(ic, type)) ||
204 ieee80211_msg_dumppkts(ic)) {
205 printf("[%s] send %s on channel %u\n",
206 ether_sprintf(wh->i_addr1),
207 ieee80211_mgt_subtype_name[
208 (type & IEEE80211_FC0_SUBTYPE_MASK) >>
209 IEEE80211_FC0_SUBTYPE_SHIFT],
210 ieee80211_chan2ieee(ic, ic->ic_curchan));
211 }
212 #endif
213 IEEE80211_NODE_STAT(ni, tx_mgmt);
214 IF_ENQUEUE(&ic->ic_mgtq, m);
215 if (timer) {
216 /*
217 * Set the mgt frame timeout.
218 */
219 ic->ic_mgt_timer = timer;
220 ifp->if_timer = 1;
221 }
222 (*ifp->if_start)(ifp);
223 return 0;
224 }
225
226 /*
227 * Send a null data frame to the specified node.
228 *
229 * NB: the caller is assumed to have setup a node reference
230 * for use; this is necessary to deal with a race condition
231 * when probing for inactive stations.
232 */
233 int
234 ieee80211_send_nulldata(struct ieee80211_node *ni)
235 {
236 struct ieee80211com *ic = ni->ni_ic;
237 struct ifnet *ifp = ic->ic_ifp;
238 struct mbuf *m;
239 struct ieee80211_frame *wh;
240
241 MGETHDR(m, M_NOWAIT, MT_HEADER);
242 if (m == NULL) {
243 /* XXX debug msg */
244 ic->ic_stats.is_tx_nobuf++;
245 ieee80211_unref_node(&ni);
246 return ENOMEM;
247 }
248 m->m_pkthdr.rcvif = (void *) ni;
249
250 wh = mtod(m, struct ieee80211_frame *);
251 ieee80211_send_setup(ic, ni, wh,
252 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA,
253 ic->ic_myaddr, ni->ni_macaddr, ni->ni_bssid);
254 /* NB: power management bit is never sent by an AP */
255 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
256 ic->ic_opmode != IEEE80211_M_HOSTAP)
257 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT;
258 m->m_len = m->m_pkthdr.len = sizeof(struct ieee80211_frame);
259
260 IEEE80211_NODE_STAT(ni, tx_data);
261
262 IEEE80211_DPRINTF(ic, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS,
263 "[%s] send null data frame on channel %u, pwr mgt %s\n",
264 ether_sprintf(ni->ni_macaddr),
265 ieee80211_chan2ieee(ic, ic->ic_curchan),
266 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis");
267
268 IF_ENQUEUE(&ic->ic_mgtq, m); /* cheat */
269 (*ifp->if_start)(ifp);
270
271 return 0;
272 }
273
274 /*
275 * Assign priority to a frame based on any vlan tag assigned
276 * to the station and/or any Diffserv setting in an IP header.
277 * Finally, if an ACM policy is setup (in station mode) it's
278 * applied.
279 */
280 int
281 ieee80211_classify(struct ieee80211com *ic, struct mbuf *m, struct ieee80211_node *ni)
282 {
283 int v_wme_ac, d_wme_ac, ac;
284 #ifdef INET
285 struct ether_header *eh;
286 #endif
287
288 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) {
289 ac = WME_AC_BE;
290 goto done;
291 }
292
293 /*
294 * If node has a vlan tag then all traffic
295 * to it must have a matching tag.
296 */
297 v_wme_ac = 0;
298 if (ni->ni_vlan != 0) {
299 /* XXX used to check ec_nvlans. */
300 struct m_tag *mtag = m_tag_find(m, PACKET_TAG_VLAN, NULL);
301 if (mtag == NULL) {
302 IEEE80211_NODE_STAT(ni, tx_novlantag);
303 return 1;
304 }
305 if (EVL_VLANOFTAG(VLAN_TAG_VALUE(mtag)) !=
306 EVL_VLANOFTAG(ni->ni_vlan)) {
307 IEEE80211_NODE_STAT(ni, tx_vlanmismatch);
308 return 1;
309 }
310 /* map vlan priority to AC */
311 switch (EVL_PRIOFTAG(ni->ni_vlan)) {
312 case 1:
313 case 2:
314 v_wme_ac = WME_AC_BK;
315 break;
316 case 0:
317 case 3:
318 v_wme_ac = WME_AC_BE;
319 break;
320 case 4:
321 case 5:
322 v_wme_ac = WME_AC_VI;
323 break;
324 case 6:
325 case 7:
326 v_wme_ac = WME_AC_VO;
327 break;
328 }
329 }
330
331 #ifdef INET
332 eh = mtod(m, struct ether_header *);
333 if (eh->ether_type == htons(ETHERTYPE_IP)) {
334 const struct ip *ip = (struct ip *)
335 (mtod(m, u_int8_t *) + sizeof (*eh));
336 /*
337 * IP frame, map the TOS field.
338 */
339 switch (ip->ip_tos) {
340 case 0x08:
341 case 0x20:
342 d_wme_ac = WME_AC_BK; /* background */
343 break;
344 case 0x28:
345 case 0xa0:
346 d_wme_ac = WME_AC_VI; /* video */
347 break;
348 case 0x30: /* voice */
349 case 0xe0:
350 case 0x88: /* XXX UPSD */
351 case 0xb8:
352 d_wme_ac = WME_AC_VO;
353 break;
354 default:
355 d_wme_ac = WME_AC_BE;
356 break;
357 }
358 } else {
359 #endif /* INET */
360 d_wme_ac = WME_AC_BE;
361 #ifdef INET
362 }
363 #endif
364 /*
365 * Use highest priority AC.
366 */
367 if (v_wme_ac > d_wme_ac)
368 ac = v_wme_ac;
369 else
370 ac = d_wme_ac;
371
372 /*
373 * Apply ACM policy.
374 */
375 if (ic->ic_opmode == IEEE80211_M_STA) {
376 static const int acmap[4] = {
377 WME_AC_BK, /* WME_AC_BE */
378 WME_AC_BK, /* WME_AC_BK */
379 WME_AC_BE, /* WME_AC_VI */
380 WME_AC_VI, /* WME_AC_VO */
381 };
382 while (ac != WME_AC_BK &&
383 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm)
384 ac = acmap[ac];
385 }
386 done:
387 M_WME_SETAC(m, ac);
388 return 0;
389 }
390
391 /*
392 * Insure there is sufficient contiguous space to encapsulate the
393 * 802.11 data frame. If room isn't already there, arrange for it.
394 * Drivers and cipher modules assume we have done the necessary work
395 * and fail rudely if they don't find the space they need.
396 */
397 static struct mbuf *
398 ieee80211_mbuf_adjust(struct ieee80211com *ic, int hdrsize,
399 struct ieee80211_key *key, struct mbuf *m)
400 {
401 #define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc))
402 int needed_space = hdrsize;
403 int wlen = 0;
404
405 if (key != NULL) {
406 /* XXX belongs in crypto code? */
407 needed_space += key->wk_cipher->ic_header;
408 /* XXX frags */
409 }
410 /*
411 * We know we are called just before stripping an Ethernet
412 * header and prepending an LLC header. This means we know
413 * there will be
414 * sizeof(struct ether_header) - sizeof(struct llc)
415 * bytes recovered to which we need additional space for the
416 * 802.11 header and any crypto header.
417 */
418 /* XXX check trailing space and copy instead? */
419 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) {
420 struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type);
421 if (n == NULL) {
422 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT,
423 "%s: cannot expand storage\n", __func__);
424 ic->ic_stats.is_tx_nobuf++;
425 m_freem(m);
426 return NULL;
427 }
428 IASSERT(needed_space <= MHLEN,
429 ("not enough room, need %u got %zu\n", needed_space, MHLEN));
430 /*
431 * Setup new mbuf to have leading space to prepend the
432 * 802.11 header and any crypto header bits that are
433 * required (the latter are added when the driver calls
434 * back to ieee80211_crypto_encap to do crypto encapsulation).
435 */
436 /* NB: must be first 'cuz it clobbers m_data */
437 M_MOVE_PKTHDR(n, m);
438 n->m_len = 0; /* NB: m_gethdr does not set */
439 n->m_data += needed_space;
440 /*
441 * Pull up Ethernet header to create the expected layout.
442 * We could use m_pullup but that's overkill (i.e. we don't
443 * need the actual data) and it cannot fail so do it inline
444 * for speed.
445 */
446 /* NB: struct ether_header is known to be contiguous */
447 n->m_len += sizeof(struct ether_header);
448 m->m_len -= sizeof(struct ether_header);
449 m->m_data += sizeof(struct ether_header);
450 /*
451 * Replace the head of the chain.
452 */
453 n->m_next = m;
454 m = n;
455 } else {
456 /* We will overwrite the ethernet header in the
457 * 802.11 encapsulation stage. Make sure that it
458 * is writable.
459 */
460 wlen = sizeof(struct ether_header);
461 }
462
463 /*
464 * If we're going to s/w encrypt the mbuf chain make sure it is
465 * writable.
466 */
467 if (key != NULL && (key->wk_flags & IEEE80211_KEY_SWCRYPT) != 0)
468 wlen = M_COPYALL;
469
470 if (wlen != 0 && m_makewritable(&m, 0, wlen, M_DONTWAIT) != 0) {
471 m_freem(m);
472 return NULL;
473 }
474 return m;
475 #undef TO_BE_RECLAIMED
476 }
477
478 /*
479 * Return the transmit key to use in sending a unicast frame.
480 * If a unicast key is set we use that. When no unicast key is set
481 * we fall back to the default transmit key.
482 */
483 static __inline struct ieee80211_key *
484 ieee80211_crypto_getucastkey(struct ieee80211com *ic, struct ieee80211_node *ni)
485 {
486 if (IEEE80211_KEY_UNDEFINED(ni->ni_ucastkey)) {
487 if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE ||
488 IEEE80211_KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey]))
489 return NULL;
490 return &ic->ic_nw_keys[ic->ic_def_txkey];
491 } else {
492 return &ni->ni_ucastkey;
493 }
494 }
495
496 /*
497 * Return the transmit key to use in sending a multicast frame.
498 * Multicast traffic always uses the group key which is installed as
499 * the default tx key.
500 */
501 static __inline struct ieee80211_key *
502 ieee80211_crypto_getmcastkey(struct ieee80211com *ic,
503 struct ieee80211_node *ni)
504 {
505 if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE ||
506 IEEE80211_KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey]))
507 return NULL;
508 return &ic->ic_nw_keys[ic->ic_def_txkey];
509 }
510
511 /*
512 * Encapsulate an outbound data frame. The mbuf chain is updated.
513 * If an error is encountered NULL is returned. The caller is required
514 * to provide a node reference and pullup the ethernet header in the
515 * first mbuf.
516 */
517 struct mbuf *
518 ieee80211_encap(struct ieee80211com *ic, struct mbuf *m,
519 struct ieee80211_node *ni)
520 {
521 struct ether_header eh;
522 struct ieee80211_frame *wh;
523 struct ieee80211_key *key;
524 struct llc *llc;
525 int hdrsize, datalen, addqos;
526
527 IASSERT(m->m_len >= sizeof(eh), ("no ethernet header!"));
528 memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header));
529
530 /*
531 * Insure space for additional headers. First identify
532 * transmit key to use in calculating any buffer adjustments
533 * required. This is also used below to do privacy
534 * encapsulation work. Then calculate the 802.11 header
535 * size and any padding required by the driver.
536 *
537 * Note key may be NULL if we fall back to the default
538 * transmit key and that is not set. In that case the
539 * buffer may not be expanded as needed by the cipher
540 * routines, but they will/should discard it.
541 */
542 if (ic->ic_flags & IEEE80211_F_PRIVACY) {
543 if (ic->ic_opmode == IEEE80211_M_STA ||
544 !IEEE80211_IS_MULTICAST(eh.ether_dhost))
545 key = ieee80211_crypto_getucastkey(ic, ni);
546 else
547 key = ieee80211_crypto_getmcastkey(ic, ni);
548 if (key == NULL && eh.ether_type != htons(ETHERTYPE_PAE)) {
549 IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
550 "[%s] no default transmit key (%s) deftxkey %u\n",
551 ether_sprintf(eh.ether_dhost), __func__,
552 ic->ic_def_txkey);
553 ic->ic_stats.is_tx_nodefkey++;
554 }
555 } else
556 key = NULL;
557 /* XXX 4-address format */
558 /*
559 * XXX Some ap's don't handle QoS-encapsulated EAPOL
560 * frames so suppress use. This may be an issue if other
561 * ap's require all data frames to be QoS-encapsulated
562 * once negotiated in which case we'll need to make this
563 * configurable.
564 */
565 addqos = (ni->ni_flags & IEEE80211_NODE_QOS) &&
566 eh.ether_type != htons(ETHERTYPE_PAE);
567 if (addqos)
568 hdrsize = sizeof(struct ieee80211_qosframe);
569 else
570 hdrsize = sizeof(struct ieee80211_frame);
571 if (ic->ic_flags & IEEE80211_F_DATAPAD)
572 hdrsize = roundup(hdrsize, sizeof(u_int32_t));
573 m = ieee80211_mbuf_adjust(ic, hdrsize, key, m);
574 if (m == NULL) {
575 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */
576 goto bad;
577 }
578
579 /* NB: this could be optimized because of ieee80211_mbuf_adjust */
580 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc));
581 llc = mtod(m, struct llc *);
582 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP;
583 llc->llc_control = LLC_UI;
584 llc->llc_snap.org_code[0] = 0;
585 llc->llc_snap.org_code[1] = 0;
586 llc->llc_snap.org_code[2] = 0;
587 llc->llc_snap.ether_type = eh.ether_type;
588 datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */
589
590 M_PREPEND(m, hdrsize, M_DONTWAIT);
591 if (m == NULL) {
592 ic->ic_stats.is_tx_nobuf++;
593 goto bad;
594 }
595 wh = mtod(m, struct ieee80211_frame *);
596 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA;
597 *(u_int16_t *)wh->i_dur = 0;
598 switch (ic->ic_opmode) {
599 case IEEE80211_M_STA:
600 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
601 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid);
602 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
603 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
604 break;
605 case IEEE80211_M_IBSS:
606 case IEEE80211_M_AHDEMO:
607 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
608 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
609 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
610 /*
611 * NB: always use the bssid from ic_bss as the
612 * neighbor's may be stale after an ibss merge
613 */
614 IEEE80211_ADDR_COPY(wh->i_addr3, ic->ic_bss->ni_bssid);
615 break;
616 case IEEE80211_M_HOSTAP:
617 #ifndef IEEE80211_NO_HOSTAP
618 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
619 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
620 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid);
621 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost);
622 #endif /* !IEEE80211_NO_HOSTAP */
623 break;
624 case IEEE80211_M_MONITOR:
625 goto bad;
626 }
627 if (m->m_flags & M_MORE_DATA)
628 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA;
629 if (addqos) {
630 struct ieee80211_qosframe *qwh =
631 (struct ieee80211_qosframe *) wh;
632 int ac, tid;
633
634 ac = M_WME_GETAC(m);
635 /* map from access class/queue to 11e header priorty value */
636 tid = WME_AC_TO_TID(ac);
637 qwh->i_qos[0] = tid & IEEE80211_QOS_TID;
638 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy)
639 qwh->i_qos[0] |= 1 << IEEE80211_QOS_ACKPOLICY_S;
640 qwh->i_qos[1] = 0;
641 qwh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS;
642
643 *(u_int16_t *)wh->i_seq =
644 htole16(ni->ni_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT);
645 ni->ni_txseqs[tid]++;
646 } else {
647 *(u_int16_t *)wh->i_seq =
648 htole16(ni->ni_txseqs[0] << IEEE80211_SEQ_SEQ_SHIFT);
649 ni->ni_txseqs[0]++;
650 }
651 if (key != NULL) {
652 /*
653 * IEEE 802.1X: send EAPOL frames always in the clear.
654 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.
655 */
656 if (eh.ether_type != htons(ETHERTYPE_PAE) ||
657 ((ic->ic_flags & IEEE80211_F_WPA) &&
658 (ic->ic_opmode == IEEE80211_M_STA ?
659 !IEEE80211_KEY_UNDEFINED(*key) :
660 !IEEE80211_KEY_UNDEFINED(ni->ni_ucastkey)))) {
661 wh->i_fc[1] |= IEEE80211_FC1_WEP;
662 /* XXX do fragmentation */
663 if (!ieee80211_crypto_enmic(ic, key, m, 0)) {
664 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT,
665 "[%s] enmic failed, discard frame\n",
666 ether_sprintf(eh.ether_dhost));
667 ic->ic_stats.is_crypto_enmicfail++;
668 goto bad;
669 }
670 }
671 }
672
673 IEEE80211_NODE_STAT(ni, tx_data);
674 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen);
675
676 return m;
677 bad:
678 if (m != NULL)
679 m_freem(m);
680 return NULL;
681 }
682
683 /*
684 * Arguments in:
685 *
686 * paylen: payload length (no FCS, no WEP header)
687 *
688 * hdrlen: header length
689 *
690 * rate: MSDU speed, units 500kb/s
691 *
692 * flags: IEEE80211_F_SHPREAMBLE (use short preamble),
693 * IEEE80211_F_SHSLOT (use short slot length)
694 *
695 * Arguments out:
696 *
697 * d: 802.11 Duration field for RTS,
698 * 802.11 Duration field for data frame,
699 * PLCP Length for data frame,
700 * residual octets at end of data slot
701 */
702 static int
703 ieee80211_compute_duration1(int len, int use_ack, uint32_t icflags, int rate,
704 struct ieee80211_duration *d)
705 {
706 int pre, ctsrate;
707 int ack, bitlen, data_dur, remainder;
708
709 /* RTS reserves medium for SIFS | CTS | SIFS | (DATA) | SIFS | ACK
710 * DATA reserves medium for SIFS | ACK
711 *
712 * XXXMYC: no ACK on multicast/broadcast or control packets
713 */
714
715 bitlen = len * 8;
716
717 pre = IEEE80211_DUR_DS_SIFS;
718 if ((icflags & IEEE80211_F_SHPREAMBLE) != 0)
719 pre += IEEE80211_DUR_DS_SHORT_PREAMBLE + IEEE80211_DUR_DS_FAST_PLCPHDR;
720 else
721 pre += IEEE80211_DUR_DS_LONG_PREAMBLE + IEEE80211_DUR_DS_SLOW_PLCPHDR;
722
723 d->d_residue = 0;
724 data_dur = (bitlen * 2) / rate;
725 remainder = (bitlen * 2) % rate;
726 if (remainder != 0) {
727 d->d_residue = (rate - remainder) / 16;
728 data_dur++;
729 }
730
731 switch (rate) {
732 case 2: /* 1 Mb/s */
733 case 4: /* 2 Mb/s */
734 /* 1 - 2 Mb/s WLAN: send ACK/CTS at 1 Mb/s */
735 ctsrate = 2;
736 break;
737 case 11: /* 5.5 Mb/s */
738 case 22: /* 11 Mb/s */
739 case 44: /* 22 Mb/s */
740 /* 5.5 - 11 Mb/s WLAN: send ACK/CTS at 2 Mb/s */
741 ctsrate = 4;
742 break;
743 default:
744 /* TBD */
745 return -1;
746 }
747
748 d->d_plcp_len = data_dur;
749
750 ack = (use_ack) ? pre + (IEEE80211_DUR_DS_SLOW_ACK * 2) / ctsrate : 0;
751
752 d->d_rts_dur =
753 pre + (IEEE80211_DUR_DS_SLOW_CTS * 2) / ctsrate +
754 pre + data_dur +
755 ack;
756
757 d->d_data_dur = ack;
758
759 return 0;
760 }
761
762 /*
763 * Arguments in:
764 *
765 * wh: 802.11 header
766 *
767 * paylen: payload length (no FCS, no WEP header)
768 *
769 * rate: MSDU speed, units 500kb/s
770 *
771 * fraglen: fragment length, set to maximum (or higher) for no
772 * fragmentation
773 *
774 * flags: IEEE80211_F_PRIVACY (hardware adds WEP),
775 * IEEE80211_F_SHPREAMBLE (use short preamble),
776 * IEEE80211_F_SHSLOT (use short slot length)
777 *
778 * Arguments out:
779 *
780 * d0: 802.11 Duration fields (RTS/Data), PLCP Length, Service fields
781 * of first/only fragment
782 *
783 * dn: 802.11 Duration fields (RTS/Data), PLCP Length, Service fields
784 * of last fragment
785 *
786 * ieee80211_compute_duration assumes crypto-encapsulation, if any,
787 * has already taken place.
788 */
789 int
790 ieee80211_compute_duration(const struct ieee80211_frame_min *wh,
791 const struct ieee80211_key *wk, int len,
792 uint32_t icflags, int fraglen, int rate, struct ieee80211_duration *d0,
793 struct ieee80211_duration *dn, int *npktp, int debug)
794 {
795 int ack, rc;
796 int cryptolen, /* crypto overhead: header+trailer */
797 firstlen, /* first fragment's payload + overhead length */
798 hdrlen, /* header length w/o driver padding */
799 lastlen, /* last fragment's payload length w/ overhead */
800 lastlen0, /* last fragment's payload length w/o overhead */
801 npkt, /* number of fragments */
802 overlen, /* non-802.11 header overhead per fragment */
803 paylen; /* payload length w/o overhead */
804
805 hdrlen = ieee80211_anyhdrsize((const void *)wh);
806
807 /* Account for padding required by the driver. */
808 if (icflags & IEEE80211_F_DATAPAD)
809 paylen = len - roundup(hdrlen, sizeof(u_int32_t));
810 else
811 paylen = len - hdrlen;
812
813 overlen = IEEE80211_CRC_LEN;
814
815 if (wk != NULL) {
816 cryptolen = wk->wk_cipher->ic_header +
817 wk->wk_cipher->ic_trailer;
818 paylen -= cryptolen;
819 overlen += cryptolen;
820 }
821
822 npkt = paylen / fraglen;
823 lastlen0 = paylen % fraglen;
824
825 if (npkt == 0) /* no fragments */
826 lastlen = paylen + overlen;
827 else if (lastlen0 != 0) { /* a short "tail" fragment */
828 lastlen = lastlen0 + overlen;
829 npkt++;
830 } else /* full-length "tail" fragment */
831 lastlen = fraglen + overlen;
832
833 if (npktp != NULL)
834 *npktp = npkt;
835
836 if (npkt > 1)
837 firstlen = fraglen + overlen;
838 else
839 firstlen = paylen + overlen;
840
841 if (debug) {
842 printf("%s: npkt %d firstlen %d lastlen0 %d lastlen %d "
843 "fraglen %d overlen %d len %d rate %d icflags %08x\n",
844 __func__, npkt, firstlen, lastlen0, lastlen, fraglen,
845 overlen, len, rate, icflags);
846 }
847
848 ack = !IEEE80211_IS_MULTICAST(wh->i_addr1) &&
849 (wh->i_fc[1] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_CTL;
850
851 rc = ieee80211_compute_duration1(firstlen + hdrlen,
852 ack, icflags, rate, d0);
853 if (rc == -1)
854 return rc;
855
856 if (npkt <= 1) {
857 *dn = *d0;
858 return 0;
859 }
860 return ieee80211_compute_duration1(lastlen + hdrlen, ack, icflags, rate,
861 dn);
862 }
863
864 /*
865 * Add a supported rates element id to a frame.
866 */
867 static u_int8_t *
868 ieee80211_add_rates(u_int8_t *frm, const struct ieee80211_rateset *rs)
869 {
870 int nrates;
871
872 *frm++ = IEEE80211_ELEMID_RATES;
873 nrates = rs->rs_nrates;
874 if (nrates > IEEE80211_RATE_SIZE)
875 nrates = IEEE80211_RATE_SIZE;
876 *frm++ = nrates;
877 memcpy(frm, rs->rs_rates, nrates);
878 return frm + nrates;
879 }
880
881 /*
882 * Add an extended supported rates element id to a frame.
883 */
884 static u_int8_t *
885 ieee80211_add_xrates(u_int8_t *frm, const struct ieee80211_rateset *rs)
886 {
887 /*
888 * Add an extended supported rates element if operating in 11g mode.
889 */
890 if (rs->rs_nrates > IEEE80211_RATE_SIZE) {
891 int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE;
892 *frm++ = IEEE80211_ELEMID_XRATES;
893 *frm++ = nrates;
894 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates);
895 frm += nrates;
896 }
897 return frm;
898 }
899
900 /*
901 * Add an ssid elemet to a frame.
902 */
903 static u_int8_t *
904 ieee80211_add_ssid(u_int8_t *frm, const u_int8_t *ssid, u_int len)
905 {
906 *frm++ = IEEE80211_ELEMID_SSID;
907 *frm++ = len;
908 memcpy(frm, ssid, len);
909 return frm + len;
910 }
911
912 /*
913 * Add an erp element to a frame.
914 */
915 static u_int8_t *
916 ieee80211_add_erp(u_int8_t *frm, struct ieee80211com *ic)
917 {
918 u_int8_t erp;
919
920 *frm++ = IEEE80211_ELEMID_ERP;
921 *frm++ = 1;
922 erp = 0;
923 if (ic->ic_nonerpsta != 0)
924 erp |= IEEE80211_ERP_NON_ERP_PRESENT;
925 if (ic->ic_flags & IEEE80211_F_USEPROT)
926 erp |= IEEE80211_ERP_USE_PROTECTION;
927 if (ic->ic_flags & IEEE80211_F_USEBARKER)
928 erp |= IEEE80211_ERP_LONG_PREAMBLE;
929 *frm++ = erp;
930 return frm;
931 }
932
933 static u_int8_t *
934 ieee80211_setup_wpa_ie(struct ieee80211com *ic, u_int8_t *ie)
935 {
936 #define WPA_OUI_BYTES 0x00, 0x50, 0xf2
937 #define ADDSHORT(frm, v) do { \
938 frm[0] = (v) & 0xff; \
939 frm[1] = (v) >> 8; \
940 frm += 2; \
941 } while (0)
942 #define ADDSELECTOR(frm, sel) do { \
943 memcpy(frm, sel, 4); \
944 frm += 4; \
945 } while (0)
946 static const u_int8_t oui[4] = { WPA_OUI_BYTES, WPA_OUI_TYPE };
947 static const u_int8_t cipher_suite[][4] = {
948 { WPA_OUI_BYTES, WPA_CSE_WEP40 }, /* NB: 40-bit */
949 { WPA_OUI_BYTES, WPA_CSE_TKIP },
950 { 0x00, 0x00, 0x00, 0x00 }, /* XXX WRAP */
951 { WPA_OUI_BYTES, WPA_CSE_CCMP },
952 { 0x00, 0x00, 0x00, 0x00 }, /* XXX CKIP */
953 { WPA_OUI_BYTES, WPA_CSE_NULL },
954 };
955 static const u_int8_t wep104_suite[4] =
956 { WPA_OUI_BYTES, WPA_CSE_WEP104 };
957 static const u_int8_t key_mgt_unspec[4] =
958 { WPA_OUI_BYTES, WPA_ASE_8021X_UNSPEC };
959 static const u_int8_t key_mgt_psk[4] =
960 { WPA_OUI_BYTES, WPA_ASE_8021X_PSK };
961 const struct ieee80211_rsnparms *rsn = &ic->ic_bss->ni_rsn;
962 u_int8_t *frm = ie;
963 u_int8_t *selcnt;
964
965 *frm++ = IEEE80211_ELEMID_VENDOR;
966 *frm++ = 0; /* length filled in below */
967 memcpy(frm, oui, sizeof(oui)); /* WPA OUI */
968 frm += sizeof(oui);
969 ADDSHORT(frm, WPA_VERSION);
970
971 /* XXX filter out CKIP */
972
973 /* multicast cipher */
974 if (rsn->rsn_mcastcipher == IEEE80211_CIPHER_WEP &&
975 rsn->rsn_mcastkeylen >= 13)
976 ADDSELECTOR(frm, wep104_suite);
977 else
978 ADDSELECTOR(frm, cipher_suite[rsn->rsn_mcastcipher]);
979
980 /* unicast cipher list */
981 selcnt = frm;
982 ADDSHORT(frm, 0); /* selector count */
983 if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_AES_CCM)) {
984 selcnt[0]++;
985 ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_AES_CCM]);
986 }
987 if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_TKIP)) {
988 selcnt[0]++;
989 ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_TKIP]);
990 }
991
992 /* authenticator selector list */
993 selcnt = frm;
994 ADDSHORT(frm, 0); /* selector count */
995 if (rsn->rsn_keymgmtset & WPA_ASE_8021X_UNSPEC) {
996 selcnt[0]++;
997 ADDSELECTOR(frm, key_mgt_unspec);
998 }
999 if (rsn->rsn_keymgmtset & WPA_ASE_8021X_PSK) {
1000 selcnt[0]++;
1001 ADDSELECTOR(frm, key_mgt_psk);
1002 }
1003
1004 /* optional capabilities */
1005 if (rsn->rsn_caps != 0 && rsn->rsn_caps != RSN_CAP_PREAUTH)
1006 ADDSHORT(frm, rsn->rsn_caps);
1007
1008 /* calculate element length */
1009 ie[1] = frm - ie - 2;
1010 IASSERT(ie[1]+2 <= sizeof(struct ieee80211_ie_wpa),
1011 ("WPA IE too big, %u > %zu",
1012 ie[1]+2, sizeof(struct ieee80211_ie_wpa)));
1013 return frm;
1014 #undef ADDSHORT
1015 #undef ADDSELECTOR
1016 #undef WPA_OUI_BYTES
1017 }
1018
1019 static u_int8_t *
1020 ieee80211_setup_rsn_ie(struct ieee80211com *ic, u_int8_t *ie)
1021 {
1022 #define RSN_OUI_BYTES 0x00, 0x0f, 0xac
1023 #define ADDSHORT(frm, v) do { \
1024 frm[0] = (v) & 0xff; \
1025 frm[1] = (v) >> 8; \
1026 frm += 2; \
1027 } while (0)
1028 #define ADDSELECTOR(frm, sel) do { \
1029 memcpy(frm, sel, 4); \
1030 frm += 4; \
1031 } while (0)
1032 static const u_int8_t cipher_suite[][4] = {
1033 { RSN_OUI_BYTES, RSN_CSE_WEP40 }, /* NB: 40-bit */
1034 { RSN_OUI_BYTES, RSN_CSE_TKIP },
1035 { RSN_OUI_BYTES, RSN_CSE_WRAP },
1036 { RSN_OUI_BYTES, RSN_CSE_CCMP },
1037 { 0x00, 0x00, 0x00, 0x00 }, /* XXX CKIP */
1038 { RSN_OUI_BYTES, RSN_CSE_NULL },
1039 };
1040 static const u_int8_t wep104_suite[4] =
1041 { RSN_OUI_BYTES, RSN_CSE_WEP104 };
1042 static const u_int8_t key_mgt_unspec[4] =
1043 { RSN_OUI_BYTES, RSN_ASE_8021X_UNSPEC };
1044 static const u_int8_t key_mgt_psk[4] =
1045 { RSN_OUI_BYTES, RSN_ASE_8021X_PSK };
1046 const struct ieee80211_rsnparms *rsn = &ic->ic_bss->ni_rsn;
1047 u_int8_t *frm = ie;
1048 u_int8_t *selcnt;
1049
1050 *frm++ = IEEE80211_ELEMID_RSN;
1051 *frm++ = 0; /* length filled in below */
1052 ADDSHORT(frm, RSN_VERSION);
1053
1054 /* XXX filter out CKIP */
1055
1056 /* multicast cipher */
1057 if (rsn->rsn_mcastcipher == IEEE80211_CIPHER_WEP &&
1058 rsn->rsn_mcastkeylen >= 13)
1059 ADDSELECTOR(frm, wep104_suite);
1060 else
1061 ADDSELECTOR(frm, cipher_suite[rsn->rsn_mcastcipher]);
1062
1063 /* unicast cipher list */
1064 selcnt = frm;
1065 ADDSHORT(frm, 0); /* selector count */
1066 if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_AES_CCM)) {
1067 selcnt[0]++;
1068 ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_AES_CCM]);
1069 }
1070 if (rsn->rsn_ucastcipherset & (1<<IEEE80211_CIPHER_TKIP)) {
1071 selcnt[0]++;
1072 ADDSELECTOR(frm, cipher_suite[IEEE80211_CIPHER_TKIP]);
1073 }
1074
1075 /* authenticator selector list */
1076 selcnt = frm;
1077 ADDSHORT(frm, 0); /* selector count */
1078 if (rsn->rsn_keymgmtset & WPA_ASE_8021X_UNSPEC) {
1079 selcnt[0]++;
1080 ADDSELECTOR(frm, key_mgt_unspec);
1081 }
1082 if (rsn->rsn_keymgmtset & WPA_ASE_8021X_PSK) {
1083 selcnt[0]++;
1084 ADDSELECTOR(frm, key_mgt_psk);
1085 }
1086
1087 /* optional capabilities */
1088 ADDSHORT(frm, rsn->rsn_caps);
1089 /* XXX PMKID */
1090
1091 /* calculate element length */
1092 ie[1] = frm - ie - 2;
1093 IASSERT(ie[1]+2 <= sizeof(struct ieee80211_ie_wpa),
1094 ("RSN IE too big, %u > %zu",
1095 ie[1]+2, sizeof(struct ieee80211_ie_wpa)));
1096 return frm;
1097 #undef ADDSELECTOR
1098 #undef ADDSHORT
1099 #undef RSN_OUI_BYTES
1100 }
1101
1102 /*
1103 * Add a WPA/RSN element to a frame.
1104 */
1105 static u_int8_t *
1106 ieee80211_add_wpa(u_int8_t *frm, struct ieee80211com *ic)
1107 {
1108
1109 IASSERT(ic->ic_flags & IEEE80211_F_WPA, ("no WPA/RSN!"));
1110 if (ic->ic_flags & IEEE80211_F_WPA2)
1111 frm = ieee80211_setup_rsn_ie(ic, frm);
1112 if (ic->ic_flags & IEEE80211_F_WPA1)
1113 frm = ieee80211_setup_wpa_ie(ic, frm);
1114 return frm;
1115 }
1116
1117 #define WME_OUI_BYTES 0x00, 0x50, 0xf2
1118 /*
1119 * Add a WME information element to a frame.
1120 */
1121 static u_int8_t *
1122 ieee80211_add_wme_info(u_int8_t *frm, struct ieee80211_wme_state *wme)
1123 {
1124 static const struct ieee80211_wme_info info = {
1125 .wme_id = IEEE80211_ELEMID_VENDOR,
1126 .wme_len = sizeof(struct ieee80211_wme_info) - 2,
1127 .wme_oui = { WME_OUI_BYTES },
1128 .wme_type = WME_OUI_TYPE,
1129 .wme_subtype = WME_INFO_OUI_SUBTYPE,
1130 .wme_version = WME_VERSION,
1131 .wme_info = 0,
1132 };
1133 memcpy(frm, &info, sizeof(info));
1134 return frm + sizeof(info);
1135 }
1136
1137 /*
1138 * Add a WME parameters element to a frame.
1139 */
1140 static u_int8_t *
1141 ieee80211_add_wme_param(u_int8_t *frm, struct ieee80211_wme_state *wme)
1142 {
1143 #define SM(_v, _f) (((_v) << _f##_S) & _f)
1144 #define ADDSHORT(frm, v) do { \
1145 frm[0] = (v) & 0xff; \
1146 frm[1] = (v) >> 8; \
1147 frm += 2; \
1148 } while (0)
1149 /* NB: this works 'cuz a param has an info at the front */
1150 static const struct ieee80211_wme_info param = {
1151 .wme_id = IEEE80211_ELEMID_VENDOR,
1152 .wme_len = sizeof(struct ieee80211_wme_param) - 2,
1153 .wme_oui = { WME_OUI_BYTES },
1154 .wme_type = WME_OUI_TYPE,
1155 .wme_subtype = WME_PARAM_OUI_SUBTYPE,
1156 .wme_version = WME_VERSION,
1157 };
1158 int i;
1159
1160 memcpy(frm, ¶m, sizeof(param));
1161 frm += __offsetof(struct ieee80211_wme_info, wme_info);
1162 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */
1163 *frm++ = 0; /* reserved field */
1164 for (i = 0; i < WME_NUM_AC; i++) {
1165 const struct wmeParams *ac =
1166 &wme->wme_bssChanParams.cap_wmeParams[i];
1167 *frm++ = SM(i, WME_PARAM_ACI)
1168 | SM(ac->wmep_acm, WME_PARAM_ACM)
1169 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN)
1170 ;
1171 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX)
1172 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN)
1173 ;
1174 ADDSHORT(frm, ac->wmep_txopLimit);
1175 }
1176 return frm;
1177 #undef SM
1178 #undef ADDSHORT
1179 }
1180 #undef WME_OUI_BYTES
1181
1182 /*
1183 * Send a probe request frame with the specified ssid
1184 * and any optional information element data.
1185 */
1186 int
1187 ieee80211_send_probereq(struct ieee80211_node *ni,
1188 const u_int8_t sa[IEEE80211_ADDR_LEN],
1189 const u_int8_t da[IEEE80211_ADDR_LEN],
1190 const u_int8_t bssid[IEEE80211_ADDR_LEN],
1191 const u_int8_t *ssid, size_t ssidlen,
1192 const void *optie, size_t optielen)
1193 {
1194 struct ieee80211com *ic = ni->ni_ic;
1195 enum ieee80211_phymode mode;
1196 struct ieee80211_frame *wh;
1197 struct mbuf *m;
1198 u_int8_t *frm;
1199
1200 /*
1201 * Hold a reference on the node so it doesn't go away until after
1202 * the xmit is complete all the way in the driver. On error we
1203 * will remove our reference.
1204 */
1205 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE,
1206 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
1207 __func__, __LINE__,
1208 ni, ether_sprintf(ni->ni_macaddr),
1209 ieee80211_node_refcnt(ni)+1);
1210 ieee80211_ref_node(ni);
1211
1212 /*
1213 * prreq frame format
1214 * [tlv] ssid
1215 * [tlv] supported rates
1216 * [tlv] extended supported rates
1217 * [tlv] user-specified ie's
1218 */
1219 m = ieee80211_getmgtframe(&frm,
1220 2 + IEEE80211_NWID_LEN
1221 + 2 + IEEE80211_RATE_SIZE
1222 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
1223 + (optie != NULL ? optielen : 0)
1224 );
1225 if (m == NULL) {
1226 ic->ic_stats.is_tx_nobuf++;
1227 ieee80211_free_node(ni);
1228 return ENOMEM;
1229 }
1230
1231 frm = ieee80211_add_ssid(frm, ssid, ssidlen);
1232 mode = ieee80211_chan2mode(ic, ic->ic_curchan);
1233 frm = ieee80211_add_rates(frm, &ic->ic_sup_rates[mode]);
1234 frm = ieee80211_add_xrates(frm, &ic->ic_sup_rates[mode]);
1235
1236 if (optie != NULL) {
1237 memcpy(frm, optie, optielen);
1238 frm += optielen;
1239 }
1240 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
1241
1242 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
1243 if (m == NULL)
1244 return ENOMEM;
1245 IASSERT(m->m_pkthdr.rcvif == NULL, ("rcvif not null"));
1246 m->m_pkthdr.rcvif = (void *)ni;
1247
1248 wh = mtod(m, struct ieee80211_frame *);
1249 ieee80211_send_setup(ic, ni, wh,
1250 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ,
1251 sa, da, bssid);
1252 /* XXX power management? */
1253
1254 IEEE80211_NODE_STAT(ni, tx_probereq);
1255 IEEE80211_NODE_STAT(ni, tx_mgmt);
1256
1257 IEEE80211_DPRINTF(ic, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS,
1258 "[%s] send probe req on channel %u\n",
1259 ether_sprintf(wh->i_addr1),
1260 ieee80211_chan2ieee(ic, ic->ic_curchan));
1261
1262 IF_ENQUEUE(&ic->ic_mgtq, m);
1263 (*ic->ic_ifp->if_start)(ic->ic_ifp);
1264 return 0;
1265 }
1266
1267 /*
1268 * Send a management frame. The node is for the destination (or ic_bss
1269 * when in station mode). Nodes other than ic_bss have their reference
1270 * count bumped to reflect our use for an indeterminant time.
1271 */
1272 int
1273 ieee80211_send_mgmt(struct ieee80211com *ic, struct ieee80211_node *ni,
1274 int type, int arg)
1275 {
1276 #define senderr(_x, _v) do { ic->ic_stats._v++; ret = _x; goto bad; } while (0)
1277 struct mbuf *m;
1278 u_int8_t *frm;
1279 u_int16_t capinfo;
1280 int has_challenge, is_shared_key, ret, timer, status;
1281
1282 IASSERT(ni != NULL, ("null node"));
1283
1284 /*
1285 * Hold a reference on the node so it doesn't go away until after
1286 * the xmit is complete all the way in the driver. On error we
1287 * will remove our reference.
1288 */
1289 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE,
1290 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
1291 __func__, __LINE__,
1292 ni, ether_sprintf(ni->ni_macaddr),
1293 ieee80211_node_refcnt(ni)+1);
1294 ieee80211_ref_node(ni);
1295
1296 timer = 0;
1297 switch (type) {
1298 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
1299 /*
1300 * probe response frame format
1301 * [8] time stamp
1302 * [2] beacon interval
1303 * [2] cabability information
1304 * [tlv] ssid
1305 * [tlv] supported rates
1306 * [tlv] parameter set (FH/DS)
1307 * [tlv] parameter set (IBSS)
1308 * [tlv] extended rate phy (ERP)
1309 * [tlv] extended supported rates
1310 * [tlv] WPA
1311 * [tlv] WME (optional)
1312 */
1313 m = ieee80211_getmgtframe(&frm,
1314 8
1315 + sizeof(u_int16_t)
1316 + sizeof(u_int16_t)
1317 + 2 + IEEE80211_NWID_LEN
1318 + 2 + IEEE80211_RATE_SIZE
1319 + 7 /* max(7,3) */
1320 + 6
1321 + 3
1322 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
1323 /* XXX !WPA1+WPA2 fits w/o a cluster */
1324 + (ic->ic_flags & IEEE80211_F_WPA ?
1325 2*sizeof(struct ieee80211_ie_wpa) : 0)
1326 + sizeof(struct ieee80211_wme_param)
1327 );
1328 if (m == NULL)
1329 senderr(ENOMEM, is_tx_nobuf);
1330
1331 memset(frm, 0, 8); /* timestamp should be filled later */
1332 frm += 8;
1333 *(u_int16_t *)frm = htole16(ic->ic_bss->ni_intval);
1334 frm += 2;
1335 if (ic->ic_opmode == IEEE80211_M_IBSS)
1336 capinfo = IEEE80211_CAPINFO_IBSS;
1337 else
1338 capinfo = IEEE80211_CAPINFO_ESS;
1339 if (ic->ic_flags & IEEE80211_F_PRIVACY)
1340 capinfo |= IEEE80211_CAPINFO_PRIVACY;
1341 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
1342 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan))
1343 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
1344 if (ic->ic_flags & IEEE80211_F_SHSLOT)
1345 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
1346 *(u_int16_t *)frm = htole16(capinfo);
1347 frm += 2;
1348
1349 frm = ieee80211_add_ssid(frm, ic->ic_bss->ni_essid,
1350 ic->ic_bss->ni_esslen);
1351 frm = ieee80211_add_rates(frm, &ni->ni_rates);
1352
1353 if (ic->ic_phytype == IEEE80211_T_FH) {
1354 *frm++ = IEEE80211_ELEMID_FHPARMS;
1355 *frm++ = 5;
1356 *frm++ = ni->ni_fhdwell & 0x00ff;
1357 *frm++ = (ni->ni_fhdwell >> 8) & 0x00ff;
1358 *frm++ = IEEE80211_FH_CHANSET(
1359 ieee80211_chan2ieee(ic, ic->ic_curchan));
1360 *frm++ = IEEE80211_FH_CHANPAT(
1361 ieee80211_chan2ieee(ic, ic->ic_curchan));
1362 *frm++ = ni->ni_fhindex;
1363 } else {
1364 *frm++ = IEEE80211_ELEMID_DSPARMS;
1365 *frm++ = 1;
1366 *frm++ = ieee80211_chan2ieee(ic, ic->ic_curchan);
1367 }
1368
1369 if (ic->ic_opmode == IEEE80211_M_IBSS) {
1370 *frm++ = IEEE80211_ELEMID_IBSSPARMS;
1371 *frm++ = 2;
1372 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
1373 }
1374 if (ic->ic_flags & IEEE80211_F_WPA)
1375 frm = ieee80211_add_wpa(frm, ic);
1376 if (ic->ic_curmode == IEEE80211_MODE_11G)
1377 frm = ieee80211_add_erp(frm, ic);
1378 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
1379 if (ic->ic_flags & IEEE80211_F_WME)
1380 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
1381 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
1382 break;
1383
1384 case IEEE80211_FC0_SUBTYPE_AUTH:
1385 status = arg >> 16;
1386 arg &= 0xffff;
1387 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE ||
1388 arg == IEEE80211_AUTH_SHARED_RESPONSE) &&
1389 ni->ni_challenge != NULL);
1390
1391 /*
1392 * Deduce whether we're doing open authentication or
1393 * shared key authentication. We do the latter if
1394 * we're in the middle of a shared key authentication
1395 * handshake or if we're initiating an authentication
1396 * request and configured to use shared key.
1397 */
1398 is_shared_key = has_challenge ||
1399 arg >= IEEE80211_AUTH_SHARED_RESPONSE ||
1400 (arg == IEEE80211_AUTH_SHARED_REQUEST &&
1401 ic->ic_bss->ni_authmode == IEEE80211_AUTH_SHARED);
1402
1403 m = ieee80211_getmgtframe(&frm,
1404 3 * sizeof(u_int16_t)
1405 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ?
1406 sizeof(u_int16_t)+IEEE80211_CHALLENGE_LEN : 0)
1407 );
1408 if (m == NULL)
1409 senderr(ENOMEM, is_tx_nobuf);
1410
1411 ((u_int16_t *)frm)[0] =
1412 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED)
1413 : htole16(IEEE80211_AUTH_ALG_OPEN);
1414 ((u_int16_t *)frm)[1] = htole16(arg); /* sequence number */
1415 ((u_int16_t *)frm)[2] = htole16(status);/* status */
1416
1417 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) {
1418 ((u_int16_t *)frm)[3] =
1419 htole16((IEEE80211_CHALLENGE_LEN << 8) |
1420 IEEE80211_ELEMID_CHALLENGE);
1421 memcpy(&((u_int16_t *)frm)[4], ni->ni_challenge,
1422 IEEE80211_CHALLENGE_LEN);
1423 m->m_pkthdr.len = m->m_len =
1424 4 * sizeof(u_int16_t) + IEEE80211_CHALLENGE_LEN;
1425 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) {
1426 IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH,
1427 "[%s] request encrypt frame (%s)\n",
1428 ether_sprintf(ni->ni_macaddr), __func__);
1429 m->m_flags |= M_LINK0; /* WEP-encrypt, please */
1430 }
1431 } else
1432 m->m_pkthdr.len = m->m_len = 3 * sizeof(u_int16_t);
1433
1434 /* XXX not right for shared key */
1435 if (status == IEEE80211_STATUS_SUCCESS)
1436 IEEE80211_NODE_STAT(ni, tx_auth);
1437 else
1438 IEEE80211_NODE_STAT(ni, tx_auth_fail);
1439
1440 if (ic->ic_opmode == IEEE80211_M_STA)
1441 timer = IEEE80211_TRANS_WAIT;
1442 break;
1443
1444 case IEEE80211_FC0_SUBTYPE_DEAUTH:
1445 IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH,
1446 "[%s] send station deauthenticate (reason %d)\n",
1447 ether_sprintf(ni->ni_macaddr), arg);
1448 m = ieee80211_getmgtframe(&frm, sizeof(u_int16_t));
1449 if (m == NULL)
1450 senderr(ENOMEM, is_tx_nobuf);
1451 *(u_int16_t *)frm = htole16(arg); /* reason */
1452 m->m_pkthdr.len = m->m_len = sizeof(u_int16_t);
1453
1454 IEEE80211_NODE_STAT(ni, tx_deauth);
1455 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg);
1456
1457 ieee80211_node_unauthorize(ni); /* port closed */
1458 break;
1459
1460 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
1461 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
1462 /*
1463 * asreq frame format
1464 * [2] capability information
1465 * [2] listen interval
1466 * [6*] current AP address (reassoc only)
1467 * [tlv] ssid
1468 * [tlv] supported rates
1469 * [tlv] extended supported rates
1470 * [tlv] WME
1471 * [tlv] user-specified ie's
1472 */
1473 m = ieee80211_getmgtframe(&frm,
1474 sizeof(u_int16_t)
1475 + sizeof(u_int16_t)
1476 + IEEE80211_ADDR_LEN
1477 + 2 + IEEE80211_NWID_LEN
1478 + 2 + IEEE80211_RATE_SIZE
1479 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
1480 + sizeof(struct ieee80211_wme_info)
1481 + (ic->ic_opt_ie != NULL ? ic->ic_opt_ie_len : 0)
1482 );
1483 if (m == NULL)
1484 senderr(ENOMEM, is_tx_nobuf);
1485
1486 capinfo = 0;
1487 if (ic->ic_opmode == IEEE80211_M_IBSS)
1488 capinfo |= IEEE80211_CAPINFO_IBSS;
1489 else /* IEEE80211_M_STA */
1490 capinfo |= IEEE80211_CAPINFO_ESS;
1491 if (ic->ic_flags & IEEE80211_F_PRIVACY)
1492 capinfo |= IEEE80211_CAPINFO_PRIVACY;
1493 /*
1494 * NB: Some 11a AP's reject the request when
1495 * short premable is set.
1496 */
1497 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
1498 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan))
1499 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
1500 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) &&
1501 (ic->ic_caps & IEEE80211_C_SHSLOT))
1502 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
1503 *(u_int16_t *)frm = htole16(capinfo);
1504 frm += 2;
1505
1506 *(u_int16_t *)frm = htole16(ic->ic_lintval);
1507 frm += 2;
1508
1509 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
1510 IEEE80211_ADDR_COPY(frm, ic->ic_bss->ni_bssid);
1511 frm += IEEE80211_ADDR_LEN;
1512 }
1513
1514 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen);
1515 frm = ieee80211_add_rates(frm, &ni->ni_rates);
1516 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
1517 if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL)
1518 frm = ieee80211_add_wme_info(frm, &ic->ic_wme);
1519 if (ic->ic_opt_ie != NULL) {
1520 memcpy(frm, ic->ic_opt_ie, ic->ic_opt_ie_len);
1521 frm += ic->ic_opt_ie_len;
1522 }
1523 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
1524
1525 timer = IEEE80211_TRANS_WAIT;
1526 break;
1527
1528 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
1529 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
1530 /*
1531 * asreq frame format
1532 * [2] capability information
1533 * [2] status
1534 * [2] association ID
1535 * [tlv] supported rates
1536 * [tlv] extended supported rates
1537 * [tlv] WME (if enabled and STA enabled)
1538 */
1539 m = ieee80211_getmgtframe(&frm,
1540 sizeof(u_int16_t)
1541 + sizeof(u_int16_t)
1542 + sizeof(u_int16_t)
1543 + 2 + IEEE80211_RATE_SIZE
1544 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
1545 + sizeof(struct ieee80211_wme_param)
1546 );
1547 if (m == NULL)
1548 senderr(ENOMEM, is_tx_nobuf);
1549
1550 capinfo = IEEE80211_CAPINFO_ESS;
1551 if (ic->ic_flags & IEEE80211_F_PRIVACY)
1552 capinfo |= IEEE80211_CAPINFO_PRIVACY;
1553 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
1554 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan))
1555 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
1556 if (ic->ic_flags & IEEE80211_F_SHSLOT)
1557 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
1558 *(u_int16_t *)frm = htole16(capinfo);
1559 frm += 2;
1560
1561 *(u_int16_t *)frm = htole16(arg); /* status */
1562 frm += 2;
1563
1564 if (arg == IEEE80211_STATUS_SUCCESS) {
1565 *(u_int16_t *)frm = htole16(ni->ni_associd);
1566 IEEE80211_NODE_STAT(ni, tx_assoc);
1567 } else
1568 IEEE80211_NODE_STAT(ni, tx_assoc_fail);
1569 frm += 2;
1570
1571 frm = ieee80211_add_rates(frm, &ni->ni_rates);
1572 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
1573 if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL)
1574 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
1575 m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
1576 break;
1577
1578 case IEEE80211_FC0_SUBTYPE_DISASSOC:
1579 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC,
1580 "[%s] send station disassociate (reason %d)\n",
1581 ether_sprintf(ni->ni_macaddr), arg);
1582 m = ieee80211_getmgtframe(&frm, sizeof(u_int16_t));
1583 if (m == NULL)
1584 senderr(ENOMEM, is_tx_nobuf);
1585 *(u_int16_t *)frm = htole16(arg); /* reason */
1586 m->m_pkthdr.len = m->m_len = sizeof(u_int16_t);
1587
1588 IEEE80211_NODE_STAT(ni, tx_disassoc);
1589 IEEE80211_NODE_STAT_SET(ni, tx_disassoc_code, arg);
1590 break;
1591
1592 default:
1593 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY,
1594 "[%s] invalid mgmt frame type %u\n",
1595 ether_sprintf(ni->ni_macaddr), type);
1596 senderr(EINVAL, is_tx_unknownmgt);
1597 /* NOTREACHED */
1598 }
1599 ret = ieee80211_mgmt_output(ic, ni, m, type, timer);
1600 if (ret != 0) {
1601 bad:
1602 ieee80211_free_node(ni);
1603 }
1604 return ret;
1605 #undef senderr
1606 }
1607
1608 /*
1609 * Allocate a beacon frame and fillin the appropriate bits.
1610 */
1611 struct mbuf *
1612 ieee80211_beacon_alloc(struct ieee80211com *ic, struct ieee80211_node *ni,
1613 struct ieee80211_beacon_offsets *bo)
1614 {
1615 struct ifnet *ifp = ic->ic_ifp;
1616 struct ieee80211_frame *wh;
1617 struct mbuf *m;
1618 int pktlen;
1619 u_int8_t *frm, *efrm;
1620 u_int16_t capinfo;
1621 struct ieee80211_rateset *rs;
1622
1623 /*
1624 * beacon frame format
1625 * [8] time stamp
1626 * [2] beacon interval
1627 * [2] cabability information
1628 * [tlv] ssid
1629 * [tlv] supported rates
1630 * [3] parameter set (DS)
1631 * [tlv] parameter set (IBSS/TIM)
1632 * [tlv] extended rate phy (ERP)
1633 * [tlv] extended supported rates
1634 * [tlv] WME parameters
1635 * [tlv] WPA/RSN parameters
1636 * XXX Vendor-specific OIDs (e.g. Atheros)
1637 * NB: we allocate the max space required for the TIM bitmap.
1638 */
1639 rs = &ni->ni_rates;
1640 pktlen = 8 /* time stamp */
1641 + sizeof(u_int16_t) /* beacon interval */
1642 + sizeof(u_int16_t) /* capabilities */
1643 + 2 + ni->ni_esslen /* ssid */
1644 + 2 + IEEE80211_RATE_SIZE /* supported rates */
1645 + 2 + 1 /* DS parameters */
1646 + 2 + 4 + ic->ic_tim_len /* DTIM/IBSSPARMS */
1647 + 2 + 1 /* ERP */
1648 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
1649 + (ic->ic_caps & IEEE80211_C_WME ? /* WME */
1650 sizeof(struct ieee80211_wme_param) : 0)
1651 + (ic->ic_caps & IEEE80211_C_WPA ? /* WPA 1+2 */
1652 2*sizeof(struct ieee80211_ie_wpa) : 0)
1653 ;
1654 m = ieee80211_getmgtframe(&frm, pktlen);
1655 if (m == NULL) {
1656 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY,
1657 "%s: cannot get buf; size %u\n", __func__, pktlen);
1658 ic->ic_stats.is_tx_nobuf++;
1659 return NULL;
1660 }
1661
1662 memset(frm, 0, 8); /* XXX timestamp is set by hardware/driver */
1663 frm += 8;
1664 *(u_int16_t *)frm = htole16(ni->ni_intval);
1665 frm += 2;
1666 if (ic->ic_opmode == IEEE80211_M_IBSS)
1667 capinfo = IEEE80211_CAPINFO_IBSS;
1668 else
1669 capinfo = IEEE80211_CAPINFO_ESS;
1670 if (ic->ic_flags & IEEE80211_F_PRIVACY)
1671 capinfo |= IEEE80211_CAPINFO_PRIVACY;
1672 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
1673 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
1674 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
1675 if (ic->ic_flags & IEEE80211_F_SHSLOT)
1676 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
1677 bo->bo_caps = (u_int16_t *)frm;
1678 *(u_int16_t *)frm = htole16(capinfo);
1679 frm += 2;
1680 *frm++ = IEEE80211_ELEMID_SSID;
1681 if ((ic->ic_flags & IEEE80211_F_HIDESSID) == 0) {
1682 *frm++ = ni->ni_esslen;
1683 memcpy(frm, ni->ni_essid, ni->ni_esslen);
1684 frm += ni->ni_esslen;
1685 } else
1686 *frm++ = 0;
1687 frm = ieee80211_add_rates(frm, rs);
1688 if (ic->ic_curmode != IEEE80211_MODE_FH) {
1689 *frm++ = IEEE80211_ELEMID_DSPARMS;
1690 *frm++ = 1;
1691 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan);
1692 }
1693 bo->bo_tim = frm;
1694 if (ic->ic_opmode == IEEE80211_M_IBSS) {
1695 *frm++ = IEEE80211_ELEMID_IBSSPARMS;
1696 *frm++ = 2;
1697 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
1698 bo->bo_tim_len = 0;
1699 } else {
1700 struct ieee80211_tim_ie *tie = (struct ieee80211_tim_ie *) frm;
1701
1702 tie->tim_ie = IEEE80211_ELEMID_TIM;
1703 tie->tim_len = 4; /* length */
1704 tie->tim_count = 0; /* DTIM count */
1705 tie->tim_period = ic->ic_dtim_period; /* DTIM period */
1706 tie->tim_bitctl = 0; /* bitmap control */
1707 tie->tim_bitmap[0] = 0; /* Partial Virtual Bitmap */
1708 frm += sizeof(struct ieee80211_tim_ie);
1709 bo->bo_tim_len = 1;
1710 }
1711 bo->bo_trailer = frm;
1712 if (ic->ic_flags & IEEE80211_F_WME) {
1713 bo->bo_wme = frm;
1714 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
1715 ic->ic_flags &= ~IEEE80211_F_WMEUPDATE;
1716 }
1717 if (ic->ic_flags & IEEE80211_F_WPA)
1718 frm = ieee80211_add_wpa(frm, ic);
1719 if (ic->ic_curmode == IEEE80211_MODE_11G)
1720 frm = ieee80211_add_erp(frm, ic);
1721 efrm = ieee80211_add_xrates(frm, rs);
1722 bo->bo_trailer_len = efrm - bo->bo_trailer;
1723 m->m_pkthdr.len = m->m_len = efrm - mtod(m, u_int8_t *);
1724
1725 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
1726 IASSERT(m != NULL, ("no space for 802.11 header?"));
1727 wh = mtod(m, struct ieee80211_frame *);
1728 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
1729 IEEE80211_FC0_SUBTYPE_BEACON;
1730 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1731 *(u_int16_t *)wh->i_dur = 0;
1732 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
1733 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr);
1734 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid);
1735 *(u_int16_t *)wh->i_seq = 0;
1736
1737 return m;
1738 }
1739
1740 /*
1741 * Update the dynamic parts of a beacon frame based on the current state.
1742 */
1743 int
1744 ieee80211_beacon_update(struct ieee80211com *ic, struct ieee80211_node *ni,
1745 struct ieee80211_beacon_offsets *bo, struct mbuf *m, int mcast)
1746 {
1747 int len_changed = 0;
1748 u_int16_t capinfo;
1749
1750 IEEE80211_BEACON_LOCK(ic);
1751 /* XXX faster to recalculate entirely or just changes? */
1752 if (ic->ic_opmode == IEEE80211_M_IBSS)
1753 capinfo = IEEE80211_CAPINFO_IBSS;
1754 else
1755 capinfo = IEEE80211_CAPINFO_ESS;
1756 if (ic->ic_flags & IEEE80211_F_PRIVACY)
1757 capinfo |= IEEE80211_CAPINFO_PRIVACY;
1758 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
1759 IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
1760 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
1761 if (ic->ic_flags & IEEE80211_F_SHSLOT)
1762 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
1763 *bo->bo_caps = htole16(capinfo);
1764
1765 if (ic->ic_flags & IEEE80211_F_WME) {
1766 struct ieee80211_wme_state *wme = &ic->ic_wme;
1767
1768 /*
1769 * Check for agressive mode change. When there is
1770 * significant high priority traffic in the BSS
1771 * throttle back BE traffic by using conservative
1772 * parameters. Otherwise BE uses agressive params
1773 * to optimize performance of legacy/non-QoS traffic.
1774 */
1775 if (wme->wme_flags & WME_F_AGGRMODE) {
1776 if (wme->wme_hipri_traffic >
1777 wme->wme_hipri_switch_thresh) {
1778 IEEE80211_DPRINTF(ic, IEEE80211_MSG_WME,
1779 "%s: traffic %u, disable aggressive mode\n",
1780 __func__, wme->wme_hipri_traffic);
1781 wme->wme_flags &= ~WME_F_AGGRMODE;
1782 ieee80211_wme_updateparams_locked(ic);
1783 wme->wme_hipri_traffic =
1784 wme->wme_hipri_switch_hysteresis;
1785 } else
1786 wme->wme_hipri_traffic = 0;
1787 } else {
1788 if (wme->wme_hipri_traffic <=
1789 wme->wme_hipri_switch_thresh) {
1790 IEEE80211_DPRINTF(ic, IEEE80211_MSG_WME,
1791 "%s: traffic %u, enable aggressive mode\n",
1792 __func__, wme->wme_hipri_traffic);
1793 wme->wme_flags |= WME_F_AGGRMODE;
1794 ieee80211_wme_updateparams_locked(ic);
1795 wme->wme_hipri_traffic = 0;
1796 } else
1797 wme->wme_hipri_traffic =
1798 wme->wme_hipri_switch_hysteresis;
1799 }
1800 if (ic->ic_flags & IEEE80211_F_WMEUPDATE) {
1801 (void) ieee80211_add_wme_param(bo->bo_wme, wme);
1802 ic->ic_flags &= ~IEEE80211_F_WMEUPDATE;
1803 }
1804 }
1805
1806 #ifndef IEEE80211_NO_HOSTAP
1807 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { /* NB: no IBSS support*/
1808 struct ieee80211_tim_ie *tie =
1809 (struct ieee80211_tim_ie *) bo->bo_tim;
1810 if (ic->ic_flags & IEEE80211_F_TIMUPDATE) {
1811 u_int timlen, timoff, i;
1812 /*
1813 * ATIM/DTIM needs updating. If it fits in the
1814 * current space allocated then just copy in the
1815 * new bits. Otherwise we need to move any trailing
1816 * data to make room. Note that we know there is
1817 * contiguous space because ieee80211_beacon_allocate
1818 * insures there is space in the mbuf to write a
1819 * maximal-size virtual bitmap (based on ic_max_aid).
1820 */
1821 /*
1822 * Calculate the bitmap size and offset, copy any
1823 * trailer out of the way, and then copy in the
1824 * new bitmap and update the information element.
1825 * Note that the tim bitmap must contain at least
1826 * one byte and any offset must be even.
1827 */
1828 if (ic->ic_ps_pending != 0) {
1829 timoff = 128; /* impossibly large */
1830 for (i = 0; i < ic->ic_tim_len; i++)
1831 if (ic->ic_tim_bitmap[i]) {
1832 timoff = i &~ 1;
1833 break;
1834 }
1835 IASSERT(timoff != 128, ("tim bitmap empty!"));
1836 for (i = ic->ic_tim_len-1; i >= timoff; i--)
1837 if (ic->ic_tim_bitmap[i])
1838 break;
1839 timlen = 1 + (i - timoff);
1840 } else {
1841 timoff = 0;
1842 timlen = 1;
1843 }
1844 if (timlen != bo->bo_tim_len) {
1845 /* copy up/down trailer */
1846 ovbcopy(bo->bo_trailer, tie->tim_bitmap+timlen,
1847 bo->bo_trailer_len);
1848 bo->bo_trailer = tie->tim_bitmap+timlen;
1849 bo->bo_wme = bo->bo_trailer;
1850 bo->bo_tim_len = timlen;
1851
1852 /* update information element */
1853 tie->tim_len = 3 + timlen;
1854 tie->tim_bitctl = timoff;
1855 len_changed = 1;
1856 }
1857 memcpy(tie->tim_bitmap, ic->ic_tim_bitmap + timoff,
1858 bo->bo_tim_len);
1859
1860 ic->ic_flags &= ~IEEE80211_F_TIMUPDATE;
1861
1862 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER,
1863 "%s: TIM updated, pending %u, off %u, len %u\n",
1864 __func__, ic->ic_ps_pending, timoff, timlen);
1865 }
1866 /* count down DTIM period */
1867 if (tie->tim_count == 0)
1868 tie->tim_count = tie->tim_period - 1;
1869 else
1870 tie->tim_count--;
1871 /* update state for buffered multicast frames on DTIM */
1872 if (mcast && (tie->tim_count == 1 || tie->tim_period == 1))
1873 tie->tim_bitctl |= 1;
1874 else
1875 tie->tim_bitctl &= ~1;
1876 }
1877 #endif /* !IEEE80211_NO_HOSTAP */
1878 IEEE80211_BEACON_UNLOCK(ic);
1879
1880 return len_changed;
1881 }
1882
1883 /*
1884 * Save an outbound packet for a node in power-save sleep state.
1885 * The new packet is placed on the node's saved queue, and the TIM
1886 * is changed, if necessary.
1887 */
1888 void
1889 ieee80211_pwrsave(struct ieee80211com *ic, struct ieee80211_node *ni,
1890 struct mbuf *m)
1891 {
1892 int qlen, age;
1893
1894 IEEE80211_NODE_SAVEQ_LOCK(ni);
1895 if (IF_QFULL(&ni->ni_savedq)) {
1896 IF_DROP(&ni->ni_savedq);
1897 IEEE80211_NODE_SAVEQ_UNLOCK(ni);
1898 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY,
1899 "[%s] pwr save q overflow, drops %d (size %d)\n",
1900 ether_sprintf(ni->ni_macaddr),
1901 ni->ni_savedq.ifq_drops, IEEE80211_PS_MAX_QUEUE);
1902 #ifdef IEEE80211_DEBUG
1903 if (ieee80211_msg_dumppkts(ic))
1904 ieee80211_dump_pkt(mtod(m, caddr_t), m->m_len, -1, -1);
1905 #endif
1906 m_freem(m);
1907 return;
1908 }
1909 /*
1910 * Tag the frame with it's expiry time and insert
1911 * it in the queue. The aging interval is 4 times
1912 * the listen interval specified by the station.
1913 * Frames that sit around too long are reclaimed
1914 * using this information.
1915 */
1916 /* XXX handle overflow? */
1917 age = ((ni->ni_intval * ic->ic_bintval) << 2) / 1024; /* TU -> secs */
1918 _IEEE80211_NODE_SAVEQ_ENQUEUE(ni, m, qlen, age);
1919 IEEE80211_NODE_SAVEQ_UNLOCK(ni);
1920
1921 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER,
1922 "[%s] save frame with age %d, %u now queued\n",
1923 ether_sprintf(ni->ni_macaddr), age, qlen);
1924
1925 if (qlen == 1)
1926 ic->ic_set_tim(ni, 1);
1927 }
Cache object: 944b8f9d24e0394b645372b07d8b9605
|