2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
31 #include "opt_inet6.h"
34 #include <sys/param.h>
35 #include <sys/systm.h>
37 #include <sys/kernel.h>
38 #include <sys/endian.h>
40 #include <sys/socket.h>
43 #include <net/ethernet.h>
45 #include <net/if_llc.h>
46 #include <net/if_media.h>
47 #include <net/if_vlan_var.h>
49 #include <net80211/ieee80211_var.h>
50 #include <net80211/ieee80211_regdomain.h>
51 #ifdef IEEE80211_SUPPORT_SUPERG
52 #include <net80211/ieee80211_superg.h>
54 #ifdef IEEE80211_SUPPORT_TDMA
55 #include <net80211/ieee80211_tdma.h>
57 #include <net80211/ieee80211_wds.h>
58 #include <net80211/ieee80211_mesh.h>
60 #if defined(INET) || defined(INET6)
61 #include <netinet/in.h>
65 #include <netinet/if_ether.h>
66 #include <netinet/in_systm.h>
67 #include <netinet/ip.h>
70 #include <netinet/ip6.h>
73 #include <security/mac/mac_framework.h>
75 #define ETHER_HEADER_COPY(dst, src) \
76 memcpy(dst, src, sizeof(struct ether_header))
78 /* unalligned little endian access */
79 #define LE_WRITE_2(p, v) do { \
80 ((uint8_t *)(p))[0] = (v) & 0xff; \
81 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \
83 #define LE_WRITE_4(p, v) do { \
84 ((uint8_t *)(p))[0] = (v) & 0xff; \
85 ((uint8_t *)(p))[1] = ((v) >> 8) & 0xff; \
86 ((uint8_t *)(p))[2] = ((v) >> 16) & 0xff; \
87 ((uint8_t *)(p))[3] = ((v) >> 24) & 0xff; \
90 static int ieee80211_fragment(struct ieee80211vap *, struct mbuf *,
91 u_int hdrsize, u_int ciphdrsize, u_int mtu);
92 static void ieee80211_tx_mgt_cb(struct ieee80211_node *, void *, int);
94 #ifdef IEEE80211_DEBUG
96 * Decide if an outbound management frame should be
97 * printed when debugging is enabled. This filters some
98 * of the less interesting frames that come frequently
102 doprint(struct ieee80211vap *vap, int subtype)
105 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
106 return (vap->iv_opmode == IEEE80211_M_IBSS);
113 * Transmit a frame to the given destination on the given VAP.
115 * It's up to the caller to figure out the details of who this
116 * is going to and resolving the node.
118 * This routine takes care of queuing it for power save,
119 * A-MPDU state stuff, fast-frames state stuff, encapsulation
120 * if required, then passing it up to the driver layer.
122 * This routine (for now) consumes the mbuf and frees the node
123 * reference; it ideally will return a TX status which reflects
124 * whether the mbuf was consumed or not, so the caller can
125 * free the mbuf (if appropriate) and the node reference (again,
129 ieee80211_vap_pkt_send_dest(struct ieee80211vap *vap, struct mbuf *m,
130 struct ieee80211_node *ni)
132 struct ieee80211com *ic = vap->iv_ic;
133 struct ifnet *ifp = vap->iv_ifp;
134 int error, len, mcast;
136 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
137 (m->m_flags & M_PWR_SAV) == 0) {
139 * Station in power save mode; pass the frame
140 * to the 802.11 layer and continue. We'll get
141 * the frame back when the time is right.
142 * XXX lose WDS vap linkage?
144 if (ieee80211_pwrsave(ni, m) != 0)
145 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
146 ieee80211_free_node(ni);
149 * We queued it fine, so tell the upper layer
150 * that we consumed it.
154 /* calculate priority so drivers can find the tx queue */
155 if (ieee80211_classify(ni, m)) {
156 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT,
157 ni->ni_macaddr, NULL,
158 "%s", "classification failure");
159 vap->iv_stats.is_tx_classify++;
162 ieee80211_free_node(ni);
164 /* XXX better status? */
168 * Stash the node pointer. Note that we do this after
169 * any call to ieee80211_dwds_mcast because that code
170 * uses any existing value for rcvif to identify the
171 * interface it (might have been) received on.
173 m->m_pkthdr.rcvif = (void *)ni;
174 mcast = (m->m_flags & (M_MCAST | M_BCAST)) ? 1: 0;
175 len = m->m_pkthdr.len;
177 BPF_MTAP(ifp, m); /* 802.3 tx */
180 * Check if A-MPDU tx aggregation is setup or if we
181 * should try to enable it. The sta must be associated
182 * with HT and A-MPDU enabled for use. When the policy
183 * routine decides we should enable A-MPDU we issue an
184 * ADDBA request and wait for a reply. The frame being
185 * encapsulated will go out w/o using A-MPDU, or possibly
186 * it might be collected by the driver and held/retransmit.
187 * The default ic_ampdu_enable routine handles staggering
188 * ADDBA requests in case the receiver NAK's us or we are
189 * otherwise unable to establish a BA stream.
191 if ((ni->ni_flags & IEEE80211_NODE_AMPDU_TX) &&
192 (vap->iv_flags_ht & IEEE80211_FHT_AMPDU_TX) &&
193 (m->m_flags & M_EAPOL) == 0) {
194 int tid = WME_AC_TO_TID(M_WME_GETAC(m));
195 struct ieee80211_tx_ampdu *tap = &ni->ni_tx_ampdu[tid];
197 ieee80211_txampdu_count_packet(tap);
198 if (IEEE80211_AMPDU_RUNNING(tap)) {
200 * Operational, mark frame for aggregation.
202 * XXX do tx aggregation here
204 m->m_flags |= M_AMPDU_MPDU;
205 } else if (!IEEE80211_AMPDU_REQUESTED(tap) &&
206 ic->ic_ampdu_enable(ni, tap)) {
208 * Not negotiated yet, request service.
210 ieee80211_ampdu_request(ni, tap);
211 /* XXX hold frame for reply? */
215 #ifdef IEEE80211_SUPPORT_SUPERG
216 else if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF)) {
217 m = ieee80211_ff_check(ni, m);
219 /* NB: any ni ref held on stageq */
223 #endif /* IEEE80211_SUPPORT_SUPERG */
226 * Grab the TX lock - serialise the TX process from this
227 * point (where TX state is being checked/modified)
228 * through to driver queue.
230 IEEE80211_TX_LOCK(ic);
232 if (__predict_true((vap->iv_caps & IEEE80211_C_8023ENCAP) == 0)) {
234 * Encapsulate the packet in prep for transmission.
236 m = ieee80211_encap(vap, ni, m);
238 /* NB: stat+msg handled in ieee80211_encap */
239 IEEE80211_TX_UNLOCK(ic);
240 ieee80211_free_node(ni);
241 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
245 error = ieee80211_parent_xmitpkt(ic, m);
248 * Unlock at this point - no need to hold it across
249 * ieee80211_free_node() (ie, the comlock)
251 IEEE80211_TX_UNLOCK(ic);
253 /* NB: IFQ_HANDOFF reclaims mbuf */
254 ieee80211_free_node(ni);
255 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
258 if_inc_counter(ifp, IFCOUNTER_OMCASTS, mcast);
259 if_inc_counter(ifp, IFCOUNTER_OBYTES, len);
261 ic->ic_lastdata = ticks;
269 * Send the given mbuf through the given vap.
271 * This consumes the mbuf regardless of whether the transmit
272 * was successful or not.
274 * This does none of the initial checks that ieee80211_start()
275 * does (eg CAC timeout, interface wakeup) - the caller must
279 ieee80211_start_pkt(struct ieee80211vap *vap, struct mbuf *m)
281 #define IS_DWDS(vap) \
282 (vap->iv_opmode == IEEE80211_M_WDS && \
283 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY) == 0)
284 struct ieee80211com *ic = vap->iv_ic;
285 struct ifnet *ifp = vap->iv_ifp;
286 struct ieee80211_node *ni;
287 struct ether_header *eh;
290 * Cancel any background scan.
292 if (ic->ic_flags & IEEE80211_F_SCAN)
293 ieee80211_cancel_anyscan(vap);
295 * Find the node for the destination so we can do
296 * things like power save and fast frames aggregation.
298 * NB: past this point various code assumes the first
299 * mbuf has the 802.3 header present (and contiguous).
302 if (m->m_len < sizeof(struct ether_header) &&
303 (m = m_pullup(m, sizeof(struct ether_header))) == NULL) {
304 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
305 "discard frame, %s\n", "m_pullup failed");
306 vap->iv_stats.is_tx_nobuf++; /* XXX */
310 eh = mtod(m, struct ether_header *);
311 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
314 * Only unicast frames from the above go out
315 * DWDS vaps; multicast frames are handled by
316 * dispatching the frame as it comes through
317 * the AP vap (see below).
319 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_WDS,
320 eh->ether_dhost, "mcast", "%s", "on DWDS");
321 vap->iv_stats.is_dwds_mcast++;
323 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
324 /* XXX better status? */
327 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
329 * Spam DWDS vap's w/ multicast traffic.
331 /* XXX only if dwds in use? */
332 ieee80211_dwds_mcast(vap, m);
335 #ifdef IEEE80211_SUPPORT_MESH
336 if (vap->iv_opmode != IEEE80211_M_MBSS) {
338 ni = ieee80211_find_txnode(vap, eh->ether_dhost);
340 /* NB: ieee80211_find_txnode does stat+msg */
343 /* XXX better status? */
346 if (ni->ni_associd == 0 &&
347 (ni->ni_flags & IEEE80211_NODE_ASSOCID)) {
348 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_OUTPUT,
349 eh->ether_dhost, NULL,
350 "sta not associated (type 0x%04x)",
351 htons(eh->ether_type));
352 vap->iv_stats.is_tx_notassoc++;
355 ieee80211_free_node(ni);
356 /* XXX better status? */
359 #ifdef IEEE80211_SUPPORT_MESH
361 if (!IEEE80211_ADDR_EQ(eh->ether_shost, vap->iv_myaddr)) {
363 * Proxy station only if configured.
365 if (!ieee80211_mesh_isproxyena(vap)) {
366 IEEE80211_DISCARD_MAC(vap,
367 IEEE80211_MSG_OUTPUT |
369 eh->ether_dhost, NULL,
370 "%s", "proxy not enabled");
371 vap->iv_stats.is_mesh_notproxy++;
374 /* XXX better status? */
377 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
378 "forward frame from DS SA(%6D), DA(%6D)\n",
379 eh->ether_shost, ":",
380 eh->ether_dhost, ":");
381 ieee80211_mesh_proxy_check(vap, eh->ether_shost);
383 ni = ieee80211_mesh_discover(vap, eh->ether_dhost, m);
386 * NB: ieee80211_mesh_discover holds/disposes
387 * frame (e.g. queueing on path discovery).
390 /* XXX better status? */
397 * We've resolved the sender, so attempt to transmit it.
399 if (ieee80211_vap_pkt_send_dest(vap, m, ni) != 0)
406 * Start method for vap's. All packets from the stack come
407 * through here. We handle common processing of the packets
408 * before dispatching them to the underlying device.
410 * if_transmit() requires that the mbuf be consumed by this call
411 * regardless of the return condition.
414 ieee80211_vap_transmit(struct ifnet *ifp, struct mbuf *m)
416 struct ieee80211vap *vap = ifp->if_softc;
417 struct ieee80211com *ic = vap->iv_ic;
418 struct ifnet *parent = ic->ic_ifp;
420 /* NB: parent must be up and running */
421 if (!IFNET_IS_UP_RUNNING(parent)) {
422 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
423 "%s: ignore queue, parent %s not up+running\n",
424 __func__, parent->if_xname);
426 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
429 if (vap->iv_state == IEEE80211_S_SLEEP) {
431 * In power save, wakeup device for transmit.
433 ieee80211_new_state(vap, IEEE80211_S_RUN, 0);
438 * No data frames go out unless we're running.
439 * Note in particular this covers CAC and CSA
440 * states (though maybe we should check muting
443 if (vap->iv_state != IEEE80211_S_RUN) {
445 /* re-check under the com lock to avoid races */
446 if (vap->iv_state != IEEE80211_S_RUN) {
447 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
448 "%s: ignore queue, in %s state\n",
449 __func__, ieee80211_state_name[vap->iv_state]);
450 vap->iv_stats.is_tx_badstate++;
451 IEEE80211_UNLOCK(ic);
452 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
454 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
457 IEEE80211_UNLOCK(ic);
461 * Sanitize mbuf flags for net80211 use. We cannot
462 * clear M_PWR_SAV or M_MORE_DATA because these may
463 * be set for frames that are re-submitted from the
466 * NB: This must be done before ieee80211_classify as
467 * it marks EAPOL in frames with M_EAPOL.
469 m->m_flags &= ~(M_80211_TX - M_PWR_SAV - M_MORE_DATA);
472 * Bump to the packet transmission path.
473 * The mbuf will be consumed here.
475 return (ieee80211_start_pkt(vap, m));
479 ieee80211_vap_qflush(struct ifnet *ifp)
486 * 802.11 raw output routine.
489 ieee80211_raw_output(struct ieee80211vap *vap, struct ieee80211_node *ni,
490 struct mbuf *m, const struct ieee80211_bpf_params *params)
492 struct ieee80211com *ic = vap->iv_ic;
494 return (ic->ic_raw_xmit(ni, m, params));
498 * 802.11 output routine. This is (currently) used only to
499 * connect bpf write calls to the 802.11 layer for injecting
502 #if __FreeBSD_version >= 1000031
504 ieee80211_output(struct ifnet *ifp, struct mbuf *m,
505 const struct sockaddr *dst, struct route *ro)
508 ieee80211_output(struct ifnet *ifp, struct mbuf *m,
509 struct sockaddr *dst, struct route *ro)
512 #define senderr(e) do { error = (e); goto bad;} while (0)
513 struct ieee80211_node *ni = NULL;
514 struct ieee80211vap *vap;
515 struct ieee80211_frame *wh;
516 struct ieee80211com *ic = NULL;
520 if (ifp->if_drv_flags & IFF_DRV_OACTIVE) {
522 * Short-circuit requests if the vap is marked OACTIVE
523 * as this can happen because a packet came down through
524 * ieee80211_start before the vap entered RUN state in
525 * which case it's ok to just drop the frame. This
526 * should not be necessary but callers of if_output don't
534 * Hand to the 802.3 code if not tagged as
535 * a raw 802.11 frame.
537 if (dst->sa_family != AF_IEEE80211)
538 return vap->iv_output(ifp, m, dst, ro);
540 error = mac_ifnet_check_transmit(ifp, m);
544 if (ifp->if_flags & IFF_MONITOR)
546 if (!IFNET_IS_UP_RUNNING(ifp))
548 if (vap->iv_state == IEEE80211_S_CAC) {
549 IEEE80211_DPRINTF(vap,
550 IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
551 "block %s frame in CAC state\n", "raw data");
552 vap->iv_stats.is_tx_badstate++;
553 senderr(EIO); /* XXX */
554 } else if (vap->iv_state == IEEE80211_S_SCAN)
556 /* XXX bypass bridge, pfil, carp, etc. */
558 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_ack))
559 senderr(EIO); /* XXX */
560 wh = mtod(m, struct ieee80211_frame *);
561 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
562 IEEE80211_FC0_VERSION_0)
563 senderr(EIO); /* XXX */
565 /* locate destination node */
566 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
567 case IEEE80211_FC1_DIR_NODS:
568 case IEEE80211_FC1_DIR_FROMDS:
569 ni = ieee80211_find_txnode(vap, wh->i_addr1);
571 case IEEE80211_FC1_DIR_TODS:
572 case IEEE80211_FC1_DIR_DSTODS:
573 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame))
574 senderr(EIO); /* XXX */
575 ni = ieee80211_find_txnode(vap, wh->i_addr3);
578 senderr(EIO); /* XXX */
582 * Permit packets w/ bpf params through regardless
583 * (see below about sa_len).
585 if (dst->sa_len == 0)
586 senderr(EHOSTUNREACH);
587 ni = ieee80211_ref_node(vap->iv_bss);
591 * Sanitize mbuf for net80211 flags leaked from above.
593 * NB: This must be done before ieee80211_classify as
594 * it marks EAPOL in frames with M_EAPOL.
596 m->m_flags &= ~M_80211_TX;
598 /* calculate priority so drivers can find the tx queue */
599 /* XXX assumes an 802.3 frame */
600 if (ieee80211_classify(ni, m))
601 senderr(EIO); /* XXX */
604 IEEE80211_NODE_STAT(ni, tx_data);
605 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
606 IEEE80211_NODE_STAT(ni, tx_mcast);
607 m->m_flags |= M_MCAST;
609 IEEE80211_NODE_STAT(ni, tx_ucast);
610 /* NB: ieee80211_encap does not include 802.11 header */
611 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, m->m_pkthdr.len);
613 IEEE80211_TX_LOCK(ic);
616 * NB: DLT_IEEE802_11_RADIO identifies the parameters are
617 * present by setting the sa_len field of the sockaddr (yes,
619 * NB: we assume sa_data is suitably aligned to cast.
621 ret = ieee80211_raw_output(vap, ni, m,
622 (const struct ieee80211_bpf_params *)(dst->sa_len ?
623 dst->sa_data : NULL));
624 IEEE80211_TX_UNLOCK(ic);
630 ieee80211_free_node(ni);
637 * Set the direction field and address fields of an outgoing
638 * frame. Note this should be called early on in constructing
639 * a frame as it sets i_fc[1]; other bits can then be or'd in.
642 ieee80211_send_setup(
643 struct ieee80211_node *ni,
646 const uint8_t sa[IEEE80211_ADDR_LEN],
647 const uint8_t da[IEEE80211_ADDR_LEN],
648 const uint8_t bssid[IEEE80211_ADDR_LEN])
650 #define WH4(wh) ((struct ieee80211_frame_addr4 *)wh)
651 struct ieee80211vap *vap = ni->ni_vap;
652 struct ieee80211_tx_ampdu *tap;
653 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *);
656 IEEE80211_TX_LOCK_ASSERT(ni->ni_ic);
658 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | type;
659 if ((type & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_DATA) {
660 switch (vap->iv_opmode) {
661 case IEEE80211_M_STA:
662 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
663 IEEE80211_ADDR_COPY(wh->i_addr1, bssid);
664 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
665 IEEE80211_ADDR_COPY(wh->i_addr3, da);
667 case IEEE80211_M_IBSS:
668 case IEEE80211_M_AHDEMO:
669 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
670 IEEE80211_ADDR_COPY(wh->i_addr1, da);
671 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
672 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
674 case IEEE80211_M_HOSTAP:
675 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
676 IEEE80211_ADDR_COPY(wh->i_addr1, da);
677 IEEE80211_ADDR_COPY(wh->i_addr2, bssid);
678 IEEE80211_ADDR_COPY(wh->i_addr3, sa);
680 case IEEE80211_M_WDS:
681 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
682 IEEE80211_ADDR_COPY(wh->i_addr1, da);
683 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
684 IEEE80211_ADDR_COPY(wh->i_addr3, da);
685 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa);
687 case IEEE80211_M_MBSS:
688 #ifdef IEEE80211_SUPPORT_MESH
689 if (IEEE80211_IS_MULTICAST(da)) {
690 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
692 IEEE80211_ADDR_COPY(wh->i_addr1, da);
693 IEEE80211_ADDR_COPY(wh->i_addr2,
696 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
697 IEEE80211_ADDR_COPY(wh->i_addr1, da);
698 IEEE80211_ADDR_COPY(wh->i_addr2,
700 IEEE80211_ADDR_COPY(wh->i_addr3, da);
701 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, sa);
705 case IEEE80211_M_MONITOR: /* NB: to quiet compiler */
709 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
710 IEEE80211_ADDR_COPY(wh->i_addr1, da);
711 IEEE80211_ADDR_COPY(wh->i_addr2, sa);
712 #ifdef IEEE80211_SUPPORT_MESH
713 if (vap->iv_opmode == IEEE80211_M_MBSS)
714 IEEE80211_ADDR_COPY(wh->i_addr3, sa);
717 IEEE80211_ADDR_COPY(wh->i_addr3, bssid);
719 *(uint16_t *)&wh->i_dur[0] = 0;
721 tap = &ni->ni_tx_ampdu[tid];
722 if (tid != IEEE80211_NONQOS_TID && IEEE80211_AMPDU_RUNNING(tap))
723 m->m_flags |= M_AMPDU_MPDU;
725 seqno = ni->ni_txseqs[tid]++;
726 *(uint16_t *)&wh->i_seq[0] =
727 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
728 M_SEQNO_SET(m, seqno);
731 if (IEEE80211_IS_MULTICAST(wh->i_addr1))
732 m->m_flags |= M_MCAST;
737 * Send a management frame to the specified node. The node pointer
738 * must have a reference as the pointer will be passed to the driver
739 * and potentially held for a long time. If the frame is successfully
740 * dispatched to the driver, then it is responsible for freeing the
741 * reference (and potentially free'ing up any associated storage);
742 * otherwise deal with reclaiming any reference (on error).
745 ieee80211_mgmt_output(struct ieee80211_node *ni, struct mbuf *m, int type,
746 struct ieee80211_bpf_params *params)
748 struct ieee80211vap *vap = ni->ni_vap;
749 struct ieee80211com *ic = ni->ni_ic;
750 struct ieee80211_frame *wh;
753 KASSERT(ni != NULL, ("null node"));
755 if (vap->iv_state == IEEE80211_S_CAC) {
756 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
757 ni, "block %s frame in CAC state",
758 ieee80211_mgt_subtype_name[
759 (type & IEEE80211_FC0_SUBTYPE_MASK) >>
760 IEEE80211_FC0_SUBTYPE_SHIFT]);
761 vap->iv_stats.is_tx_badstate++;
762 ieee80211_free_node(ni);
764 return EIO; /* XXX */
767 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT);
769 ieee80211_free_node(ni);
773 IEEE80211_TX_LOCK(ic);
775 wh = mtod(m, struct ieee80211_frame *);
776 ieee80211_send_setup(ni, m,
777 IEEE80211_FC0_TYPE_MGT | type, IEEE80211_NONQOS_TID,
778 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
779 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) {
780 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr1,
781 "encrypting frame (%s)", __func__);
782 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED;
784 m->m_flags |= M_ENCAP; /* mark encapsulated */
786 KASSERT(type != IEEE80211_FC0_SUBTYPE_PROBE_RESP, ("probe response?"));
787 M_WME_SETAC(m, params->ibp_pri);
789 #ifdef IEEE80211_DEBUG
790 /* avoid printing too many frames */
791 if ((ieee80211_msg_debug(vap) && doprint(vap, type)) ||
792 ieee80211_msg_dumppkts(vap)) {
793 printf("[%s] send %s on channel %u\n",
794 ether_sprintf(wh->i_addr1),
795 ieee80211_mgt_subtype_name[
796 (type & IEEE80211_FC0_SUBTYPE_MASK) >>
797 IEEE80211_FC0_SUBTYPE_SHIFT],
798 ieee80211_chan2ieee(ic, ic->ic_curchan));
801 IEEE80211_NODE_STAT(ni, tx_mgmt);
803 ret = ieee80211_raw_output(vap, ni, m, params);
804 IEEE80211_TX_UNLOCK(ic);
809 * Send a null data frame to the specified node. If the station
810 * is setup for QoS then a QoS Null Data frame is constructed.
811 * If this is a WDS station then a 4-address frame is constructed.
813 * NB: the caller is assumed to have setup a node reference
814 * for use; this is necessary to deal with a race condition
815 * when probing for inactive stations. Like ieee80211_mgmt_output
816 * we must cleanup any node reference on error; however we
817 * can safely just unref it as we know it will never be the
818 * last reference to the node.
821 ieee80211_send_nulldata(struct ieee80211_node *ni)
823 struct ieee80211vap *vap = ni->ni_vap;
824 struct ieee80211com *ic = ni->ni_ic;
826 struct ieee80211_frame *wh;
831 if (vap->iv_state == IEEE80211_S_CAC) {
832 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT | IEEE80211_MSG_DOTH,
833 ni, "block %s frame in CAC state", "null data");
834 ieee80211_unref_node(&ni);
835 vap->iv_stats.is_tx_badstate++;
836 return EIO; /* XXX */
839 if (ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT))
840 hdrlen = sizeof(struct ieee80211_qosframe);
842 hdrlen = sizeof(struct ieee80211_frame);
843 /* NB: only WDS vap's get 4-address frames */
844 if (vap->iv_opmode == IEEE80211_M_WDS)
845 hdrlen += IEEE80211_ADDR_LEN;
846 if (ic->ic_flags & IEEE80211_F_DATAPAD)
847 hdrlen = roundup(hdrlen, sizeof(uint32_t));
849 m = ieee80211_getmgtframe(&frm, ic->ic_headroom + hdrlen, 0);
852 ieee80211_unref_node(&ni);
853 vap->iv_stats.is_tx_nobuf++;
856 KASSERT(M_LEADINGSPACE(m) >= hdrlen,
857 ("leading space %zd", M_LEADINGSPACE(m)));
858 M_PREPEND(m, hdrlen, M_NOWAIT);
860 /* NB: cannot happen */
861 ieee80211_free_node(ni);
865 IEEE80211_TX_LOCK(ic);
867 wh = mtod(m, struct ieee80211_frame *); /* NB: a little lie */
868 if (ni->ni_flags & IEEE80211_NODE_QOS) {
869 const int tid = WME_AC_TO_TID(WME_AC_BE);
872 ieee80211_send_setup(ni, m,
873 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_QOS_NULL,
874 tid, vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
876 if (vap->iv_opmode == IEEE80211_M_WDS)
877 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
879 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
880 qos[0] = tid & IEEE80211_QOS_TID;
881 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[WME_AC_BE].wmep_noackPolicy)
882 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK;
885 ieee80211_send_setup(ni, m,
886 IEEE80211_FC0_TYPE_DATA | IEEE80211_FC0_SUBTYPE_NODATA,
887 IEEE80211_NONQOS_TID,
888 vap->iv_myaddr, ni->ni_macaddr, ni->ni_bssid);
890 if (vap->iv_opmode != IEEE80211_M_WDS) {
891 /* NB: power management bit is never sent by an AP */
892 if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) &&
893 vap->iv_opmode != IEEE80211_M_HOSTAP)
894 wh->i_fc[1] |= IEEE80211_FC1_PWR_MGT;
896 m->m_len = m->m_pkthdr.len = hdrlen;
897 m->m_flags |= M_ENCAP; /* mark encapsulated */
899 M_WME_SETAC(m, WME_AC_BE);
901 IEEE80211_NODE_STAT(ni, tx_data);
903 IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS, ni,
904 "send %snull data frame on channel %u, pwr mgt %s",
905 ni->ni_flags & IEEE80211_NODE_QOS ? "QoS " : "",
906 ieee80211_chan2ieee(ic, ic->ic_curchan),
907 wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "ena" : "dis");
909 ret = ieee80211_raw_output(vap, ni, m, NULL);
910 IEEE80211_TX_UNLOCK(ic);
915 * Assign priority to a frame based on any vlan tag assigned
916 * to the station and/or any Diffserv setting in an IP header.
917 * Finally, if an ACM policy is setup (in station mode) it's
921 ieee80211_classify(struct ieee80211_node *ni, struct mbuf *m)
923 const struct ether_header *eh = mtod(m, struct ether_header *);
924 int v_wme_ac, d_wme_ac, ac;
927 * Always promote PAE/EAPOL frames to high priority.
929 if (eh->ether_type == htons(ETHERTYPE_PAE)) {
930 /* NB: mark so others don't need to check header */
931 m->m_flags |= M_EAPOL;
936 * Non-qos traffic goes to BE.
938 if ((ni->ni_flags & IEEE80211_NODE_QOS) == 0) {
944 * If node has a vlan tag then all traffic
945 * to it must have a matching tag.
948 if (ni->ni_vlan != 0) {
949 if ((m->m_flags & M_VLANTAG) == 0) {
950 IEEE80211_NODE_STAT(ni, tx_novlantag);
953 if (EVL_VLANOFTAG(m->m_pkthdr.ether_vtag) !=
954 EVL_VLANOFTAG(ni->ni_vlan)) {
955 IEEE80211_NODE_STAT(ni, tx_vlanmismatch);
958 /* map vlan priority to AC */
959 v_wme_ac = TID_TO_WME_AC(EVL_PRIOFTAG(ni->ni_vlan));
962 /* XXX m_copydata may be too slow for fast path */
964 if (eh->ether_type == htons(ETHERTYPE_IP)) {
967 * IP frame, map the DSCP bits from the TOS field.
969 /* NB: ip header may not be in first mbuf */
970 m_copydata(m, sizeof(struct ether_header) +
971 offsetof(struct ip, ip_tos), sizeof(tos), &tos);
972 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */
973 d_wme_ac = TID_TO_WME_AC(tos);
977 if (eh->ether_type == htons(ETHERTYPE_IPV6)) {
981 * IPv6 frame, map the DSCP bits from the traffic class field.
983 m_copydata(m, sizeof(struct ether_header) +
984 offsetof(struct ip6_hdr, ip6_flow), sizeof(flow),
986 tos = (uint8_t)(ntohl(flow) >> 20);
987 tos >>= 5; /* NB: ECN + low 3 bits of DSCP */
988 d_wme_ac = TID_TO_WME_AC(tos);
991 d_wme_ac = WME_AC_BE;
999 * Use highest priority AC.
1001 if (v_wme_ac > d_wme_ac)
1009 if (ni->ni_vap->iv_opmode == IEEE80211_M_STA) {
1010 static const int acmap[4] = {
1011 WME_AC_BK, /* WME_AC_BE */
1012 WME_AC_BK, /* WME_AC_BK */
1013 WME_AC_BE, /* WME_AC_VI */
1014 WME_AC_VI, /* WME_AC_VO */
1016 struct ieee80211com *ic = ni->ni_ic;
1018 while (ac != WME_AC_BK &&
1019 ic->ic_wme.wme_wmeBssChanParams.cap_wmeParams[ac].wmep_acm)
1028 * Insure there is sufficient contiguous space to encapsulate the
1029 * 802.11 data frame. If room isn't already there, arrange for it.
1030 * Drivers and cipher modules assume we have done the necessary work
1031 * and fail rudely if they don't find the space they need.
1034 ieee80211_mbuf_adjust(struct ieee80211vap *vap, int hdrsize,
1035 struct ieee80211_key *key, struct mbuf *m)
1037 #define TO_BE_RECLAIMED (sizeof(struct ether_header) - sizeof(struct llc))
1038 int needed_space = vap->iv_ic->ic_headroom + hdrsize;
1041 /* XXX belongs in crypto code? */
1042 needed_space += key->wk_cipher->ic_header;
1045 * When crypto is being done in the host we must insure
1046 * the data are writable for the cipher routines; clone
1047 * a writable mbuf chain.
1048 * XXX handle SWMIC specially
1050 if (key->wk_flags & (IEEE80211_KEY_SWENCRYPT|IEEE80211_KEY_SWENMIC)) {
1051 m = m_unshare(m, M_NOWAIT);
1053 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
1054 "%s: cannot get writable mbuf\n", __func__);
1055 vap->iv_stats.is_tx_nobuf++; /* XXX new stat */
1061 * We know we are called just before stripping an Ethernet
1062 * header and prepending an LLC header. This means we know
1064 * sizeof(struct ether_header) - sizeof(struct llc)
1065 * bytes recovered to which we need additional space for the
1066 * 802.11 header and any crypto header.
1068 /* XXX check trailing space and copy instead? */
1069 if (M_LEADINGSPACE(m) < needed_space - TO_BE_RECLAIMED) {
1070 struct mbuf *n = m_gethdr(M_NOWAIT, m->m_type);
1072 IEEE80211_DPRINTF(vap, IEEE80211_MSG_OUTPUT,
1073 "%s: cannot expand storage\n", __func__);
1074 vap->iv_stats.is_tx_nobuf++;
1078 KASSERT(needed_space <= MHLEN,
1079 ("not enough room, need %u got %d\n", needed_space, MHLEN));
1081 * Setup new mbuf to have leading space to prepend the
1082 * 802.11 header and any crypto header bits that are
1083 * required (the latter are added when the driver calls
1084 * back to ieee80211_crypto_encap to do crypto encapsulation).
1086 /* NB: must be first 'cuz it clobbers m_data */
1087 m_move_pkthdr(n, m);
1088 n->m_len = 0; /* NB: m_gethdr does not set */
1089 n->m_data += needed_space;
1091 * Pull up Ethernet header to create the expected layout.
1092 * We could use m_pullup but that's overkill (i.e. we don't
1093 * need the actual data) and it cannot fail so do it inline
1096 /* NB: struct ether_header is known to be contiguous */
1097 n->m_len += sizeof(struct ether_header);
1098 m->m_len -= sizeof(struct ether_header);
1099 m->m_data += sizeof(struct ether_header);
1101 * Replace the head of the chain.
1107 #undef TO_BE_RECLAIMED
1111 * Return the transmit key to use in sending a unicast frame.
1112 * If a unicast key is set we use that. When no unicast key is set
1113 * we fall back to the default transmit key.
1115 static __inline struct ieee80211_key *
1116 ieee80211_crypto_getucastkey(struct ieee80211vap *vap,
1117 struct ieee80211_node *ni)
1119 if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
1120 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE ||
1121 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey]))
1123 return &vap->iv_nw_keys[vap->iv_def_txkey];
1125 return &ni->ni_ucastkey;
1130 * Return the transmit key to use in sending a multicast frame.
1131 * Multicast traffic always uses the group key which is installed as
1132 * the default tx key.
1134 static __inline struct ieee80211_key *
1135 ieee80211_crypto_getmcastkey(struct ieee80211vap *vap,
1136 struct ieee80211_node *ni)
1138 if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE ||
1139 IEEE80211_KEY_UNDEFINED(&vap->iv_nw_keys[vap->iv_def_txkey]))
1141 return &vap->iv_nw_keys[vap->iv_def_txkey];
1145 * Encapsulate an outbound data frame. The mbuf chain is updated.
1146 * If an error is encountered NULL is returned. The caller is required
1147 * to provide a node reference and pullup the ethernet header in the
1150 * NB: Packet is assumed to be processed by ieee80211_classify which
1151 * marked EAPOL frames w/ M_EAPOL.
1154 ieee80211_encap(struct ieee80211vap *vap, struct ieee80211_node *ni,
1157 #define WH4(wh) ((struct ieee80211_frame_addr4 *)(wh))
1158 #define MC01(mc) ((struct ieee80211_meshcntl_ae01 *)mc)
1159 struct ieee80211com *ic = ni->ni_ic;
1160 #ifdef IEEE80211_SUPPORT_MESH
1161 struct ieee80211_mesh_state *ms = vap->iv_mesh;
1162 struct ieee80211_meshcntl_ae10 *mc;
1163 struct ieee80211_mesh_route *rt = NULL;
1166 struct ether_header eh;
1167 struct ieee80211_frame *wh;
1168 struct ieee80211_key *key;
1170 int hdrsize, hdrspace, datalen, addqos, txfrag, is4addr;
1171 ieee80211_seq seqno;
1172 int meshhdrsize, meshae;
1175 IEEE80211_TX_LOCK_ASSERT(ic);
1178 * Copy existing Ethernet header to a safe place. The
1179 * rest of the code assumes it's ok to strip it when
1180 * reorganizing state for the final encapsulation.
1182 KASSERT(m->m_len >= sizeof(eh), ("no ethernet header!"));
1183 ETHER_HEADER_COPY(&eh, mtod(m, caddr_t));
1186 * Insure space for additional headers. First identify
1187 * transmit key to use in calculating any buffer adjustments
1188 * required. This is also used below to do privacy
1189 * encapsulation work. Then calculate the 802.11 header
1190 * size and any padding required by the driver.
1192 * Note key may be NULL if we fall back to the default
1193 * transmit key and that is not set. In that case the
1194 * buffer may not be expanded as needed by the cipher
1195 * routines, but they will/should discard it.
1197 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
1198 if (vap->iv_opmode == IEEE80211_M_STA ||
1199 !IEEE80211_IS_MULTICAST(eh.ether_dhost) ||
1200 (vap->iv_opmode == IEEE80211_M_WDS &&
1201 (vap->iv_flags_ext & IEEE80211_FEXT_WDSLEGACY)))
1202 key = ieee80211_crypto_getucastkey(vap, ni);
1204 key = ieee80211_crypto_getmcastkey(vap, ni);
1205 if (key == NULL && (m->m_flags & M_EAPOL) == 0) {
1206 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO,
1208 "no default transmit key (%s) deftxkey %u",
1209 __func__, vap->iv_def_txkey);
1210 vap->iv_stats.is_tx_nodefkey++;
1216 * XXX Some ap's don't handle QoS-encapsulated EAPOL
1217 * frames so suppress use. This may be an issue if other
1218 * ap's require all data frames to be QoS-encapsulated
1219 * once negotiated in which case we'll need to make this
1221 * NB: mesh data frames are QoS.
1223 addqos = ((ni->ni_flags & (IEEE80211_NODE_QOS|IEEE80211_NODE_HT)) ||
1224 (vap->iv_opmode == IEEE80211_M_MBSS)) &&
1225 (m->m_flags & M_EAPOL) == 0;
1227 hdrsize = sizeof(struct ieee80211_qosframe);
1229 hdrsize = sizeof(struct ieee80211_frame);
1230 #ifdef IEEE80211_SUPPORT_MESH
1231 if (vap->iv_opmode == IEEE80211_M_MBSS) {
1233 * Mesh data frames are encapsulated according to the
1234 * rules of Section 11B.8.5 (p.139 of D3.0 spec).
1235 * o Group Addressed data (aka multicast) originating
1236 * at the local sta are sent w/ 3-address format and
1237 * address extension mode 00
1238 * o Individually Addressed data (aka unicast) originating
1239 * at the local sta are sent w/ 4-address format and
1240 * address extension mode 00
1241 * o Group Addressed data forwarded from a non-mesh sta are
1242 * sent w/ 3-address format and address extension mode 01
1243 * o Individually Address data from another sta are sent
1244 * w/ 4-address format and address extension mode 10
1246 is4addr = 0; /* NB: don't use, disable */
1247 if (!IEEE80211_IS_MULTICAST(eh.ether_dhost)) {
1248 rt = ieee80211_mesh_rt_find(vap, eh.ether_dhost);
1249 KASSERT(rt != NULL, ("route is NULL"));
1250 dir = IEEE80211_FC1_DIR_DSTODS;
1251 hdrsize += IEEE80211_ADDR_LEN;
1252 if (rt->rt_flags & IEEE80211_MESHRT_FLAGS_PROXY) {
1253 if (IEEE80211_ADDR_EQ(rt->rt_mesh_gate,
1255 IEEE80211_NOTE_MAC(vap,
1258 "%s", "trying to send to ourself");
1261 meshae = IEEE80211_MESH_AE_10;
1263 sizeof(struct ieee80211_meshcntl_ae10);
1265 meshae = IEEE80211_MESH_AE_00;
1267 sizeof(struct ieee80211_meshcntl);
1270 dir = IEEE80211_FC1_DIR_FROMDS;
1271 if (!IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr)) {
1273 meshae = IEEE80211_MESH_AE_01;
1275 sizeof(struct ieee80211_meshcntl_ae01);
1278 meshae = IEEE80211_MESH_AE_00;
1279 meshhdrsize = sizeof(struct ieee80211_meshcntl);
1285 * 4-address frames need to be generated for:
1286 * o packets sent through a WDS vap (IEEE80211_M_WDS)
1287 * o packets sent through a vap marked for relaying
1288 * (e.g. a station operating with dynamic WDS)
1290 is4addr = vap->iv_opmode == IEEE80211_M_WDS ||
1291 ((vap->iv_flags_ext & IEEE80211_FEXT_4ADDR) &&
1292 !IEEE80211_ADDR_EQ(eh.ether_shost, vap->iv_myaddr));
1294 hdrsize += IEEE80211_ADDR_LEN;
1295 meshhdrsize = meshae = 0;
1296 #ifdef IEEE80211_SUPPORT_MESH
1300 * Honor driver DATAPAD requirement.
1302 if (ic->ic_flags & IEEE80211_F_DATAPAD)
1303 hdrspace = roundup(hdrsize, sizeof(uint32_t));
1307 if (__predict_true((m->m_flags & M_FF) == 0)) {
1311 m = ieee80211_mbuf_adjust(vap, hdrspace + meshhdrsize, key, m);
1313 /* NB: ieee80211_mbuf_adjust handles msgs+statistics */
1316 /* NB: this could be optimized 'cuz of ieee80211_mbuf_adjust */
1317 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc));
1318 llc = mtod(m, struct llc *);
1319 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP;
1320 llc->llc_control = LLC_UI;
1321 llc->llc_snap.org_code[0] = 0;
1322 llc->llc_snap.org_code[1] = 0;
1323 llc->llc_snap.org_code[2] = 0;
1324 llc->llc_snap.ether_type = eh.ether_type;
1326 #ifdef IEEE80211_SUPPORT_SUPERG
1330 m = ieee80211_ff_encap(vap, m, hdrspace + meshhdrsize, key);
1335 datalen = m->m_pkthdr.len; /* NB: w/o 802.11 header */
1337 M_PREPEND(m, hdrspace + meshhdrsize, M_NOWAIT);
1339 vap->iv_stats.is_tx_nobuf++;
1342 wh = mtod(m, struct ieee80211_frame *);
1343 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA;
1344 *(uint16_t *)wh->i_dur = 0;
1345 qos = NULL; /* NB: quiet compiler */
1347 wh->i_fc[1] = IEEE80211_FC1_DIR_DSTODS;
1348 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr);
1349 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1350 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1351 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, eh.ether_shost);
1352 } else switch (vap->iv_opmode) {
1353 case IEEE80211_M_STA:
1354 wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
1355 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid);
1356 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
1357 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
1359 case IEEE80211_M_IBSS:
1360 case IEEE80211_M_AHDEMO:
1361 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
1362 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1363 IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
1365 * NB: always use the bssid from iv_bss as the
1366 * neighbor's may be stale after an ibss merge
1368 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_bss->ni_bssid);
1370 case IEEE80211_M_HOSTAP:
1371 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
1372 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1373 IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid);
1374 IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost);
1376 #ifdef IEEE80211_SUPPORT_MESH
1377 case IEEE80211_M_MBSS:
1378 /* NB: offset by hdrspace to deal with DATAPAD */
1379 mc = (struct ieee80211_meshcntl_ae10 *)
1380 (mtod(m, uint8_t *) + hdrspace);
1383 case IEEE80211_MESH_AE_00: /* no proxy */
1385 if (dir == IEEE80211_FC1_DIR_DSTODS) { /* ucast */
1386 IEEE80211_ADDR_COPY(wh->i_addr1,
1388 IEEE80211_ADDR_COPY(wh->i_addr2,
1390 IEEE80211_ADDR_COPY(wh->i_addr3,
1392 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4,
1394 qos =((struct ieee80211_qosframe_addr4 *)
1396 } else if (dir == IEEE80211_FC1_DIR_FROMDS) {
1398 IEEE80211_ADDR_COPY(wh->i_addr1,
1400 IEEE80211_ADDR_COPY(wh->i_addr2,
1402 IEEE80211_ADDR_COPY(wh->i_addr3,
1404 qos = ((struct ieee80211_qosframe *)
1408 case IEEE80211_MESH_AE_01: /* mcast, proxy */
1409 wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
1410 IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
1411 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1412 IEEE80211_ADDR_COPY(wh->i_addr3, vap->iv_myaddr);
1414 IEEE80211_ADDR_COPY(MC01(mc)->mc_addr4,
1416 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1418 case IEEE80211_MESH_AE_10: /* ucast, proxy */
1419 KASSERT(rt != NULL, ("route is NULL"));
1420 IEEE80211_ADDR_COPY(wh->i_addr1, rt->rt_nexthop);
1421 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
1422 IEEE80211_ADDR_COPY(wh->i_addr3, rt->rt_mesh_gate);
1423 IEEE80211_ADDR_COPY(WH4(wh)->i_addr4, vap->iv_myaddr);
1424 mc->mc_flags = IEEE80211_MESH_AE_10;
1425 IEEE80211_ADDR_COPY(mc->mc_addr5, eh.ether_dhost);
1426 IEEE80211_ADDR_COPY(mc->mc_addr6, eh.ether_shost);
1427 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1430 KASSERT(0, ("meshae %d", meshae));
1433 mc->mc_ttl = ms->ms_ttl;
1435 LE_WRITE_4(mc->mc_seq, ms->ms_seq);
1438 case IEEE80211_M_WDS: /* NB: is4addr should always be true */
1442 if (m->m_flags & M_MORE_DATA)
1443 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA;
1448 qos = ((struct ieee80211_qosframe_addr4 *) wh)->i_qos;
1449 /* NB: mesh case handled earlier */
1450 } else if (vap->iv_opmode != IEEE80211_M_MBSS)
1451 qos = ((struct ieee80211_qosframe *) wh)->i_qos;
1452 ac = M_WME_GETAC(m);
1453 /* map from access class/queue to 11e header priorty value */
1454 tid = WME_AC_TO_TID(ac);
1455 qos[0] = tid & IEEE80211_QOS_TID;
1456 if (ic->ic_wme.wme_wmeChanParams.cap_wmeParams[ac].wmep_noackPolicy)
1457 qos[0] |= IEEE80211_QOS_ACKPOLICY_NOACK;
1458 #ifdef IEEE80211_SUPPORT_MESH
1459 if (vap->iv_opmode == IEEE80211_M_MBSS)
1460 qos[1] = IEEE80211_QOS_MC;
1464 wh->i_fc[0] |= IEEE80211_FC0_SUBTYPE_QOS;
1466 if ((m->m_flags & M_AMPDU_MPDU) == 0) {
1468 * NB: don't assign a sequence # to potential
1469 * aggregates; we expect this happens at the
1470 * point the frame comes off any aggregation q
1471 * as otherwise we may introduce holes in the
1472 * BA sequence space and/or make window accouting
1475 * XXX may want to control this with a driver
1476 * capability; this may also change when we pull
1477 * aggregation up into net80211
1479 seqno = ni->ni_txseqs[tid]++;
1480 *(uint16_t *)wh->i_seq =
1481 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
1482 M_SEQNO_SET(m, seqno);
1485 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++;
1486 *(uint16_t *)wh->i_seq =
1487 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
1488 M_SEQNO_SET(m, seqno);
1492 /* check if xmit fragmentation is required */
1493 txfrag = (m->m_pkthdr.len > vap->iv_fragthreshold &&
1494 !IEEE80211_IS_MULTICAST(wh->i_addr1) &&
1495 (vap->iv_caps & IEEE80211_C_TXFRAG) &&
1496 (m->m_flags & (M_FF | M_AMPDU_MPDU)) == 0);
1499 * IEEE 802.1X: send EAPOL frames always in the clear.
1500 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.
1502 if ((m->m_flags & M_EAPOL) == 0 ||
1503 ((vap->iv_flags & IEEE80211_F_WPA) &&
1504 (vap->iv_opmode == IEEE80211_M_STA ?
1505 !IEEE80211_KEY_UNDEFINED(key) :
1506 !IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)))) {
1507 wh->i_fc[1] |= IEEE80211_FC1_PROTECTED;
1508 if (!ieee80211_crypto_enmic(vap, key, m, txfrag)) {
1509 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT,
1511 "%s", "enmic failed, discard frame");
1512 vap->iv_stats.is_crypto_enmicfail++;
1517 if (txfrag && !ieee80211_fragment(vap, m, hdrsize,
1518 key != NULL ? key->wk_cipher->ic_header : 0, vap->iv_fragthreshold))
1521 m->m_flags |= M_ENCAP; /* mark encapsulated */
1523 IEEE80211_NODE_STAT(ni, tx_data);
1524 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1525 IEEE80211_NODE_STAT(ni, tx_mcast);
1526 m->m_flags |= M_MCAST;
1528 IEEE80211_NODE_STAT(ni, tx_ucast);
1529 IEEE80211_NODE_STAT_ADD(ni, tx_bytes, datalen);
1541 * Fragment the frame according to the specified mtu.
1542 * The size of the 802.11 header (w/o padding) is provided
1543 * so we don't need to recalculate it. We create a new
1544 * mbuf for each fragment and chain it through m_nextpkt;
1545 * we might be able to optimize this by reusing the original
1546 * packet's mbufs but that is significantly more complicated.
1549 ieee80211_fragment(struct ieee80211vap *vap, struct mbuf *m0,
1550 u_int hdrsize, u_int ciphdrsize, u_int mtu)
1552 struct ieee80211com *ic = vap->iv_ic;
1553 struct ieee80211_frame *wh, *whf;
1554 struct mbuf *m, *prev, *next;
1555 u_int totalhdrsize, fragno, fragsize, off, remainder, payload;
1558 KASSERT(m0->m_nextpkt == NULL, ("mbuf already chained?"));
1559 KASSERT(m0->m_pkthdr.len > mtu,
1560 ("pktlen %u mtu %u", m0->m_pkthdr.len, mtu));
1563 * Honor driver DATAPAD requirement.
1565 if (ic->ic_flags & IEEE80211_F_DATAPAD)
1566 hdrspace = roundup(hdrsize, sizeof(uint32_t));
1570 wh = mtod(m0, struct ieee80211_frame *);
1571 /* NB: mark the first frag; it will be propagated below */
1572 wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG;
1573 totalhdrsize = hdrspace + ciphdrsize;
1575 off = mtu - ciphdrsize;
1576 remainder = m0->m_pkthdr.len - off;
1579 fragsize = totalhdrsize + remainder;
1582 /* XXX fragsize can be >2048! */
1583 KASSERT(fragsize < MCLBYTES,
1584 ("fragment size %u too big!", fragsize));
1585 if (fragsize > MHLEN)
1586 m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
1588 m = m_gethdr(M_NOWAIT, MT_DATA);
1591 /* leave room to prepend any cipher header */
1592 m_align(m, fragsize - ciphdrsize);
1595 * Form the header in the fragment. Note that since
1596 * we mark the first fragment with the MORE_FRAG bit
1597 * it automatically is propagated to each fragment; we
1598 * need only clear it on the last fragment (done below).
1599 * NB: frag 1+ dont have Mesh Control field present.
1601 whf = mtod(m, struct ieee80211_frame *);
1602 memcpy(whf, wh, hdrsize);
1603 #ifdef IEEE80211_SUPPORT_MESH
1604 if (vap->iv_opmode == IEEE80211_M_MBSS) {
1605 if (IEEE80211_IS_DSTODS(wh))
1606 ((struct ieee80211_qosframe_addr4 *)
1607 whf)->i_qos[1] &= ~IEEE80211_QOS_MC;
1609 ((struct ieee80211_qosframe *)
1610 whf)->i_qos[1] &= ~IEEE80211_QOS_MC;
1613 *(uint16_t *)&whf->i_seq[0] |= htole16(
1614 (fragno & IEEE80211_SEQ_FRAG_MASK) <<
1615 IEEE80211_SEQ_FRAG_SHIFT);
1618 payload = fragsize - totalhdrsize;
1619 /* NB: destination is known to be contiguous */
1621 m_copydata(m0, off, payload, mtod(m, uint8_t *) + hdrspace);
1622 m->m_len = hdrspace + payload;
1623 m->m_pkthdr.len = hdrspace + payload;
1624 m->m_flags |= M_FRAG;
1626 /* chain up the fragment */
1627 prev->m_nextpkt = m;
1630 /* deduct fragment just formed */
1631 remainder -= payload;
1633 } while (remainder != 0);
1635 /* set the last fragment */
1636 m->m_flags |= M_LASTFRAG;
1637 whf->i_fc[1] &= ~IEEE80211_FC1_MORE_FRAG;
1639 /* strip first mbuf now that everything has been copied */
1640 m_adj(m0, -(m0->m_pkthdr.len - (mtu - ciphdrsize)));
1641 m0->m_flags |= M_FIRSTFRAG | M_FRAG;
1643 vap->iv_stats.is_tx_fragframes++;
1644 vap->iv_stats.is_tx_frags += fragno-1;
1648 /* reclaim fragments but leave original frame for caller to free */
1649 for (m = m0->m_nextpkt; m != NULL; m = next) {
1650 next = m->m_nextpkt;
1651 m->m_nextpkt = NULL; /* XXX paranoid */
1654 m0->m_nextpkt = NULL;
1659 * Add a supported rates element id to a frame.
1662 ieee80211_add_rates(uint8_t *frm, const struct ieee80211_rateset *rs)
1666 *frm++ = IEEE80211_ELEMID_RATES;
1667 nrates = rs->rs_nrates;
1668 if (nrates > IEEE80211_RATE_SIZE)
1669 nrates = IEEE80211_RATE_SIZE;
1671 memcpy(frm, rs->rs_rates, nrates);
1672 return frm + nrates;
1676 * Add an extended supported rates element id to a frame.
1679 ieee80211_add_xrates(uint8_t *frm, const struct ieee80211_rateset *rs)
1682 * Add an extended supported rates element if operating in 11g mode.
1684 if (rs->rs_nrates > IEEE80211_RATE_SIZE) {
1685 int nrates = rs->rs_nrates - IEEE80211_RATE_SIZE;
1686 *frm++ = IEEE80211_ELEMID_XRATES;
1688 memcpy(frm, rs->rs_rates + IEEE80211_RATE_SIZE, nrates);
1695 * Add an ssid element to a frame.
1698 ieee80211_add_ssid(uint8_t *frm, const uint8_t *ssid, u_int len)
1700 *frm++ = IEEE80211_ELEMID_SSID;
1702 memcpy(frm, ssid, len);
1707 * Add an erp element to a frame.
1710 ieee80211_add_erp(uint8_t *frm, struct ieee80211com *ic)
1714 *frm++ = IEEE80211_ELEMID_ERP;
1717 if (ic->ic_nonerpsta != 0)
1718 erp |= IEEE80211_ERP_NON_ERP_PRESENT;
1719 if (ic->ic_flags & IEEE80211_F_USEPROT)
1720 erp |= IEEE80211_ERP_USE_PROTECTION;
1721 if (ic->ic_flags & IEEE80211_F_USEBARKER)
1722 erp |= IEEE80211_ERP_LONG_PREAMBLE;
1728 * Add a CFParams element to a frame.
1731 ieee80211_add_cfparms(uint8_t *frm, struct ieee80211com *ic)
1733 #define ADDSHORT(frm, v) do { \
1734 LE_WRITE_2(frm, v); \
1737 *frm++ = IEEE80211_ELEMID_CFPARMS;
1739 *frm++ = 0; /* CFP count */
1740 *frm++ = 2; /* CFP period */
1741 ADDSHORT(frm, 0); /* CFP MaxDuration (TU) */
1742 ADDSHORT(frm, 0); /* CFP CurRemaining (TU) */
1747 static __inline uint8_t *
1748 add_appie(uint8_t *frm, const struct ieee80211_appie *ie)
1750 memcpy(frm, ie->ie_data, ie->ie_len);
1751 return frm + ie->ie_len;
1754 static __inline uint8_t *
1755 add_ie(uint8_t *frm, const uint8_t *ie)
1757 memcpy(frm, ie, 2 + ie[1]);
1758 return frm + 2 + ie[1];
1761 #define WME_OUI_BYTES 0x00, 0x50, 0xf2
1763 * Add a WME information element to a frame.
1766 ieee80211_add_wme_info(uint8_t *frm, struct ieee80211_wme_state *wme)
1768 static const struct ieee80211_wme_info info = {
1769 .wme_id = IEEE80211_ELEMID_VENDOR,
1770 .wme_len = sizeof(struct ieee80211_wme_info) - 2,
1771 .wme_oui = { WME_OUI_BYTES },
1772 .wme_type = WME_OUI_TYPE,
1773 .wme_subtype = WME_INFO_OUI_SUBTYPE,
1774 .wme_version = WME_VERSION,
1777 memcpy(frm, &info, sizeof(info));
1778 return frm + sizeof(info);
1782 * Add a WME parameters element to a frame.
1785 ieee80211_add_wme_param(uint8_t *frm, struct ieee80211_wme_state *wme)
1787 #define SM(_v, _f) (((_v) << _f##_S) & _f)
1788 #define ADDSHORT(frm, v) do { \
1789 LE_WRITE_2(frm, v); \
1792 /* NB: this works 'cuz a param has an info at the front */
1793 static const struct ieee80211_wme_info param = {
1794 .wme_id = IEEE80211_ELEMID_VENDOR,
1795 .wme_len = sizeof(struct ieee80211_wme_param) - 2,
1796 .wme_oui = { WME_OUI_BYTES },
1797 .wme_type = WME_OUI_TYPE,
1798 .wme_subtype = WME_PARAM_OUI_SUBTYPE,
1799 .wme_version = WME_VERSION,
1803 memcpy(frm, ¶m, sizeof(param));
1804 frm += __offsetof(struct ieee80211_wme_info, wme_info);
1805 *frm++ = wme->wme_bssChanParams.cap_info; /* AC info */
1806 *frm++ = 0; /* reserved field */
1807 for (i = 0; i < WME_NUM_AC; i++) {
1808 const struct wmeParams *ac =
1809 &wme->wme_bssChanParams.cap_wmeParams[i];
1810 *frm++ = SM(i, WME_PARAM_ACI)
1811 | SM(ac->wmep_acm, WME_PARAM_ACM)
1812 | SM(ac->wmep_aifsn, WME_PARAM_AIFSN)
1814 *frm++ = SM(ac->wmep_logcwmax, WME_PARAM_LOGCWMAX)
1815 | SM(ac->wmep_logcwmin, WME_PARAM_LOGCWMIN)
1817 ADDSHORT(frm, ac->wmep_txopLimit);
1823 #undef WME_OUI_BYTES
1826 * Add an 11h Power Constraint element to a frame.
1829 ieee80211_add_powerconstraint(uint8_t *frm, struct ieee80211vap *vap)
1831 const struct ieee80211_channel *c = vap->iv_bss->ni_chan;
1832 /* XXX per-vap tx power limit? */
1833 int8_t limit = vap->iv_ic->ic_txpowlimit / 2;
1835 frm[0] = IEEE80211_ELEMID_PWRCNSTR;
1837 frm[2] = c->ic_maxregpower > limit ? c->ic_maxregpower - limit : 0;
1842 * Add an 11h Power Capability element to a frame.
1845 ieee80211_add_powercapability(uint8_t *frm, const struct ieee80211_channel *c)
1847 frm[0] = IEEE80211_ELEMID_PWRCAP;
1849 frm[2] = c->ic_minpower;
1850 frm[3] = c->ic_maxpower;
1855 * Add an 11h Supported Channels element to a frame.
1858 ieee80211_add_supportedchannels(uint8_t *frm, struct ieee80211com *ic)
1860 static const int ielen = 26;
1862 frm[0] = IEEE80211_ELEMID_SUPPCHAN;
1864 /* XXX not correct */
1865 memcpy(frm+2, ic->ic_chan_avail, ielen);
1866 return frm + 2 + ielen;
1870 * Add an 11h Quiet time element to a frame.
1873 ieee80211_add_quiet(uint8_t *frm, struct ieee80211vap *vap)
1875 struct ieee80211_quiet_ie *quiet = (struct ieee80211_quiet_ie *) frm;
1877 quiet->quiet_ie = IEEE80211_ELEMID_QUIET;
1879 if (vap->iv_quiet_count_value == 1)
1880 vap->iv_quiet_count_value = vap->iv_quiet_count;
1881 else if (vap->iv_quiet_count_value > 1)
1882 vap->iv_quiet_count_value--;
1884 if (vap->iv_quiet_count_value == 0) {
1885 /* value 0 is reserved as per 802.11h standerd */
1886 vap->iv_quiet_count_value = 1;
1889 quiet->tbttcount = vap->iv_quiet_count_value;
1890 quiet->period = vap->iv_quiet_period;
1891 quiet->duration = htole16(vap->iv_quiet_duration);
1892 quiet->offset = htole16(vap->iv_quiet_offset);
1893 return frm + sizeof(*quiet);
1897 * Add an 11h Channel Switch Announcement element to a frame.
1898 * Note that we use the per-vap CSA count to adjust the global
1899 * counter so we can use this routine to form probe response
1900 * frames and get the current count.
1903 ieee80211_add_csa(uint8_t *frm, struct ieee80211vap *vap)
1905 struct ieee80211com *ic = vap->iv_ic;
1906 struct ieee80211_csa_ie *csa = (struct ieee80211_csa_ie *) frm;
1908 csa->csa_ie = IEEE80211_ELEMID_CSA;
1910 csa->csa_mode = 1; /* XXX force quiet on channel */
1911 csa->csa_newchan = ieee80211_chan2ieee(ic, ic->ic_csa_newchan);
1912 csa->csa_count = ic->ic_csa_count - vap->iv_csa_count;
1913 return frm + sizeof(*csa);
1917 * Add an 11h country information element to a frame.
1920 ieee80211_add_countryie(uint8_t *frm, struct ieee80211com *ic)
1923 if (ic->ic_countryie == NULL ||
1924 ic->ic_countryie_chan != ic->ic_bsschan) {
1926 * Handle lazy construction of ie. This is done on
1927 * first use and after a channel change that requires
1930 if (ic->ic_countryie != NULL)
1931 free(ic->ic_countryie, M_80211_NODE_IE);
1932 ic->ic_countryie = ieee80211_alloc_countryie(ic);
1933 if (ic->ic_countryie == NULL)
1935 ic->ic_countryie_chan = ic->ic_bsschan;
1937 return add_appie(frm, ic->ic_countryie);
1941 ieee80211_add_wpa(uint8_t *frm, const struct ieee80211vap *vap)
1943 if (vap->iv_flags & IEEE80211_F_WPA1 && vap->iv_wpa_ie != NULL)
1944 return (add_ie(frm, vap->iv_wpa_ie));
1946 /* XXX else complain? */
1952 ieee80211_add_rsn(uint8_t *frm, const struct ieee80211vap *vap)
1954 if (vap->iv_flags & IEEE80211_F_WPA2 && vap->iv_rsn_ie != NULL)
1955 return (add_ie(frm, vap->iv_rsn_ie));
1957 /* XXX else complain? */
1963 ieee80211_add_qos(uint8_t *frm, const struct ieee80211_node *ni)
1965 if (ni->ni_flags & IEEE80211_NODE_QOS) {
1966 *frm++ = IEEE80211_ELEMID_QOS;
1975 * Send a probe request frame with the specified ssid
1976 * and any optional information element data.
1979 ieee80211_send_probereq(struct ieee80211_node *ni,
1980 const uint8_t sa[IEEE80211_ADDR_LEN],
1981 const uint8_t da[IEEE80211_ADDR_LEN],
1982 const uint8_t bssid[IEEE80211_ADDR_LEN],
1983 const uint8_t *ssid, size_t ssidlen)
1985 struct ieee80211vap *vap = ni->ni_vap;
1986 struct ieee80211com *ic = ni->ni_ic;
1987 const struct ieee80211_txparam *tp;
1988 struct ieee80211_bpf_params params;
1989 struct ieee80211_frame *wh;
1990 const struct ieee80211_rateset *rs;
1995 if (vap->iv_state == IEEE80211_S_CAC) {
1996 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, ni,
1997 "block %s frame in CAC state", "probe request");
1998 vap->iv_stats.is_tx_badstate++;
1999 return EIO; /* XXX */
2003 * Hold a reference on the node so it doesn't go away until after
2004 * the xmit is complete all the way in the driver. On error we
2005 * will remove our reference.
2007 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
2008 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
2010 ni, ether_sprintf(ni->ni_macaddr),
2011 ieee80211_node_refcnt(ni)+1);
2012 ieee80211_ref_node(ni);
2015 * prreq frame format
2017 * [tlv] supported rates
2018 * [tlv] RSN (optional)
2019 * [tlv] extended supported rates
2020 * [tlv] WPA (optional)
2021 * [tlv] user-specified ie's
2023 m = ieee80211_getmgtframe(&frm,
2024 ic->ic_headroom + sizeof(struct ieee80211_frame),
2025 2 + IEEE80211_NWID_LEN
2026 + 2 + IEEE80211_RATE_SIZE
2027 + sizeof(struct ieee80211_ie_wpa)
2028 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2029 + sizeof(struct ieee80211_ie_wpa)
2030 + (vap->iv_appie_probereq != NULL ?
2031 vap->iv_appie_probereq->ie_len : 0)
2034 vap->iv_stats.is_tx_nobuf++;
2035 ieee80211_free_node(ni);
2039 frm = ieee80211_add_ssid(frm, ssid, ssidlen);
2040 rs = ieee80211_get_suprates(ic, ic->ic_curchan);
2041 frm = ieee80211_add_rates(frm, rs);
2042 frm = ieee80211_add_rsn(frm, vap);
2043 frm = ieee80211_add_xrates(frm, rs);
2044 frm = ieee80211_add_wpa(frm, vap);
2045 if (vap->iv_appie_probereq != NULL)
2046 frm = add_appie(frm, vap->iv_appie_probereq);
2047 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2049 KASSERT(M_LEADINGSPACE(m) >= sizeof(struct ieee80211_frame),
2050 ("leading space %zd", M_LEADINGSPACE(m)));
2051 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT);
2053 /* NB: cannot happen */
2054 ieee80211_free_node(ni);
2058 IEEE80211_TX_LOCK(ic);
2059 wh = mtod(m, struct ieee80211_frame *);
2060 ieee80211_send_setup(ni, m,
2061 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ,
2062 IEEE80211_NONQOS_TID, sa, da, bssid);
2063 /* XXX power management? */
2064 m->m_flags |= M_ENCAP; /* mark encapsulated */
2066 M_WME_SETAC(m, WME_AC_BE);
2068 IEEE80211_NODE_STAT(ni, tx_probereq);
2069 IEEE80211_NODE_STAT(ni, tx_mgmt);
2071 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS,
2072 "send probe req on channel %u bssid %s ssid \"%.*s\"\n",
2073 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(bssid),
2076 memset(¶ms, 0, sizeof(params));
2077 params.ibp_pri = M_WME_GETAC(m);
2078 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
2079 params.ibp_rate0 = tp->mgmtrate;
2080 if (IEEE80211_IS_MULTICAST(da)) {
2081 params.ibp_flags |= IEEE80211_BPF_NOACK;
2082 params.ibp_try0 = 1;
2084 params.ibp_try0 = tp->maxretry;
2085 params.ibp_power = ni->ni_txpower;
2086 ret = ieee80211_raw_output(vap, ni, m, ¶ms);
2087 IEEE80211_TX_UNLOCK(ic);
2092 * Calculate capability information for mgt frames.
2095 ieee80211_getcapinfo(struct ieee80211vap *vap, struct ieee80211_channel *chan)
2097 struct ieee80211com *ic = vap->iv_ic;
2100 KASSERT(vap->iv_opmode != IEEE80211_M_STA, ("station mode"));
2102 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2103 capinfo = IEEE80211_CAPINFO_ESS;
2104 else if (vap->iv_opmode == IEEE80211_M_IBSS)
2105 capinfo = IEEE80211_CAPINFO_IBSS;
2108 if (vap->iv_flags & IEEE80211_F_PRIVACY)
2109 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2110 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2111 IEEE80211_IS_CHAN_2GHZ(chan))
2112 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2113 if (ic->ic_flags & IEEE80211_F_SHSLOT)
2114 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2115 if (IEEE80211_IS_CHAN_5GHZ(chan) && (vap->iv_flags & IEEE80211_F_DOTH))
2116 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT;
2121 * Send a management frame. The node is for the destination (or ic_bss
2122 * when in station mode). Nodes other than ic_bss have their reference
2123 * count bumped to reflect our use for an indeterminant time.
2126 ieee80211_send_mgmt(struct ieee80211_node *ni, int type, int arg)
2128 #define HTFLAGS (IEEE80211_NODE_HT | IEEE80211_NODE_HTCOMPAT)
2129 #define senderr(_x, _v) do { vap->iv_stats._v++; ret = _x; goto bad; } while (0)
2130 struct ieee80211vap *vap = ni->ni_vap;
2131 struct ieee80211com *ic = ni->ni_ic;
2132 struct ieee80211_node *bss = vap->iv_bss;
2133 struct ieee80211_bpf_params params;
2137 int has_challenge, is_shared_key, ret, status;
2139 KASSERT(ni != NULL, ("null node"));
2142 * Hold a reference on the node so it doesn't go away until after
2143 * the xmit is complete all the way in the driver. On error we
2144 * will remove our reference.
2146 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
2147 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
2149 ni, ether_sprintf(ni->ni_macaddr),
2150 ieee80211_node_refcnt(ni)+1);
2151 ieee80211_ref_node(ni);
2153 memset(¶ms, 0, sizeof(params));
2156 case IEEE80211_FC0_SUBTYPE_AUTH:
2159 has_challenge = ((arg == IEEE80211_AUTH_SHARED_CHALLENGE ||
2160 arg == IEEE80211_AUTH_SHARED_RESPONSE) &&
2161 ni->ni_challenge != NULL);
2164 * Deduce whether we're doing open authentication or
2165 * shared key authentication. We do the latter if
2166 * we're in the middle of a shared key authentication
2167 * handshake or if we're initiating an authentication
2168 * request and configured to use shared key.
2170 is_shared_key = has_challenge ||
2171 arg >= IEEE80211_AUTH_SHARED_RESPONSE ||
2172 (arg == IEEE80211_AUTH_SHARED_REQUEST &&
2173 bss->ni_authmode == IEEE80211_AUTH_SHARED);
2175 m = ieee80211_getmgtframe(&frm,
2176 ic->ic_headroom + sizeof(struct ieee80211_frame),
2177 3 * sizeof(uint16_t)
2178 + (has_challenge && status == IEEE80211_STATUS_SUCCESS ?
2179 sizeof(uint16_t)+IEEE80211_CHALLENGE_LEN : 0)
2182 senderr(ENOMEM, is_tx_nobuf);
2184 ((uint16_t *)frm)[0] =
2185 (is_shared_key) ? htole16(IEEE80211_AUTH_ALG_SHARED)
2186 : htole16(IEEE80211_AUTH_ALG_OPEN);
2187 ((uint16_t *)frm)[1] = htole16(arg); /* sequence number */
2188 ((uint16_t *)frm)[2] = htole16(status);/* status */
2190 if (has_challenge && status == IEEE80211_STATUS_SUCCESS) {
2191 ((uint16_t *)frm)[3] =
2192 htole16((IEEE80211_CHALLENGE_LEN << 8) |
2193 IEEE80211_ELEMID_CHALLENGE);
2194 memcpy(&((uint16_t *)frm)[4], ni->ni_challenge,
2195 IEEE80211_CHALLENGE_LEN);
2196 m->m_pkthdr.len = m->m_len =
2197 4 * sizeof(uint16_t) + IEEE80211_CHALLENGE_LEN;
2198 if (arg == IEEE80211_AUTH_SHARED_RESPONSE) {
2199 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni,
2200 "request encrypt frame (%s)", __func__);
2201 /* mark frame for encryption */
2202 params.ibp_flags |= IEEE80211_BPF_CRYPTO;
2205 m->m_pkthdr.len = m->m_len = 3 * sizeof(uint16_t);
2207 /* XXX not right for shared key */
2208 if (status == IEEE80211_STATUS_SUCCESS)
2209 IEEE80211_NODE_STAT(ni, tx_auth);
2211 IEEE80211_NODE_STAT(ni, tx_auth_fail);
2213 if (vap->iv_opmode == IEEE80211_M_STA)
2214 ieee80211_add_callback(m, ieee80211_tx_mgt_cb,
2215 (void *) vap->iv_state);
2218 case IEEE80211_FC0_SUBTYPE_DEAUTH:
2219 IEEE80211_NOTE(vap, IEEE80211_MSG_AUTH, ni,
2220 "send station deauthenticate (reason %d)", arg);
2221 m = ieee80211_getmgtframe(&frm,
2222 ic->ic_headroom + sizeof(struct ieee80211_frame),
2225 senderr(ENOMEM, is_tx_nobuf);
2226 *(uint16_t *)frm = htole16(arg); /* reason */
2227 m->m_pkthdr.len = m->m_len = sizeof(uint16_t);
2229 IEEE80211_NODE_STAT(ni, tx_deauth);
2230 IEEE80211_NODE_STAT_SET(ni, tx_deauth_code, arg);
2232 ieee80211_node_unauthorize(ni); /* port closed */
2235 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
2236 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
2238 * asreq frame format
2239 * [2] capability information
2240 * [2] listen interval
2241 * [6*] current AP address (reassoc only)
2243 * [tlv] supported rates
2244 * [tlv] extended supported rates
2245 * [4] power capability (optional)
2246 * [28] supported channels (optional)
2247 * [tlv] HT capabilities
2248 * [tlv] WME (optional)
2249 * [tlv] Vendor OUI HT capabilities (optional)
2250 * [tlv] Atheros capabilities (if negotiated)
2251 * [tlv] AppIE's (optional)
2253 m = ieee80211_getmgtframe(&frm,
2254 ic->ic_headroom + sizeof(struct ieee80211_frame),
2257 + IEEE80211_ADDR_LEN
2258 + 2 + IEEE80211_NWID_LEN
2259 + 2 + IEEE80211_RATE_SIZE
2260 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2263 + sizeof(struct ieee80211_wme_info)
2264 + sizeof(struct ieee80211_ie_htcap)
2265 + 4 + sizeof(struct ieee80211_ie_htcap)
2266 #ifdef IEEE80211_SUPPORT_SUPERG
2267 + sizeof(struct ieee80211_ath_ie)
2269 + (vap->iv_appie_wpa != NULL ?
2270 vap->iv_appie_wpa->ie_len : 0)
2271 + (vap->iv_appie_assocreq != NULL ?
2272 vap->iv_appie_assocreq->ie_len : 0)
2275 senderr(ENOMEM, is_tx_nobuf);
2277 KASSERT(vap->iv_opmode == IEEE80211_M_STA,
2278 ("wrong mode %u", vap->iv_opmode));
2279 capinfo = IEEE80211_CAPINFO_ESS;
2280 if (vap->iv_flags & IEEE80211_F_PRIVACY)
2281 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2283 * NB: Some 11a AP's reject the request when
2284 * short premable is set.
2286 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2287 IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan))
2288 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2289 if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan) &&
2290 (ic->ic_caps & IEEE80211_C_SHSLOT))
2291 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2292 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) &&
2293 (vap->iv_flags & IEEE80211_F_DOTH))
2294 capinfo |= IEEE80211_CAPINFO_SPECTRUM_MGMT;
2295 *(uint16_t *)frm = htole16(capinfo);
2298 KASSERT(bss->ni_intval != 0, ("beacon interval is zero!"));
2299 *(uint16_t *)frm = htole16(howmany(ic->ic_lintval,
2303 if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
2304 IEEE80211_ADDR_COPY(frm, bss->ni_bssid);
2305 frm += IEEE80211_ADDR_LEN;
2308 frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen);
2309 frm = ieee80211_add_rates(frm, &ni->ni_rates);
2310 frm = ieee80211_add_rsn(frm, vap);
2311 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
2312 if (capinfo & IEEE80211_CAPINFO_SPECTRUM_MGMT) {
2313 frm = ieee80211_add_powercapability(frm,
2315 frm = ieee80211_add_supportedchannels(frm, ic);
2317 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) &&
2318 ni->ni_ies.htcap_ie != NULL &&
2319 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_HTCAP)
2320 frm = ieee80211_add_htcap(frm, ni);
2321 frm = ieee80211_add_wpa(frm, vap);
2322 if ((ic->ic_flags & IEEE80211_F_WME) &&
2323 ni->ni_ies.wme_ie != NULL)
2324 frm = ieee80211_add_wme_info(frm, &ic->ic_wme);
2325 if ((vap->iv_flags_ht & IEEE80211_FHT_HT) &&
2326 ni->ni_ies.htcap_ie != NULL &&
2327 ni->ni_ies.htcap_ie[0] == IEEE80211_ELEMID_VENDOR)
2328 frm = ieee80211_add_htcap_vendor(frm, ni);
2329 #ifdef IEEE80211_SUPPORT_SUPERG
2330 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS)) {
2331 frm = ieee80211_add_ath(frm,
2332 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS),
2333 ((vap->iv_flags & IEEE80211_F_WPA) == 0 &&
2334 ni->ni_authmode != IEEE80211_AUTH_8021X) ?
2335 vap->iv_def_txkey : IEEE80211_KEYIX_NONE);
2337 #endif /* IEEE80211_SUPPORT_SUPERG */
2338 if (vap->iv_appie_assocreq != NULL)
2339 frm = add_appie(frm, vap->iv_appie_assocreq);
2340 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2342 ieee80211_add_callback(m, ieee80211_tx_mgt_cb,
2343 (void *) vap->iv_state);
2346 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
2347 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
2349 * asresp frame format
2350 * [2] capability information
2352 * [2] association ID
2353 * [tlv] supported rates
2354 * [tlv] extended supported rates
2355 * [tlv] HT capabilities (standard, if STA enabled)
2356 * [tlv] HT information (standard, if STA enabled)
2357 * [tlv] WME (if configured and STA enabled)
2358 * [tlv] HT capabilities (vendor OUI, if STA enabled)
2359 * [tlv] HT information (vendor OUI, if STA enabled)
2360 * [tlv] Atheros capabilities (if STA enabled)
2361 * [tlv] AppIE's (optional)
2363 m = ieee80211_getmgtframe(&frm,
2364 ic->ic_headroom + sizeof(struct ieee80211_frame),
2368 + 2 + IEEE80211_RATE_SIZE
2369 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2370 + sizeof(struct ieee80211_ie_htcap) + 4
2371 + sizeof(struct ieee80211_ie_htinfo) + 4
2372 + sizeof(struct ieee80211_wme_param)
2373 #ifdef IEEE80211_SUPPORT_SUPERG
2374 + sizeof(struct ieee80211_ath_ie)
2376 + (vap->iv_appie_assocresp != NULL ?
2377 vap->iv_appie_assocresp->ie_len : 0)
2380 senderr(ENOMEM, is_tx_nobuf);
2382 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan);
2383 *(uint16_t *)frm = htole16(capinfo);
2386 *(uint16_t *)frm = htole16(arg); /* status */
2389 if (arg == IEEE80211_STATUS_SUCCESS) {
2390 *(uint16_t *)frm = htole16(ni->ni_associd);
2391 IEEE80211_NODE_STAT(ni, tx_assoc);
2393 IEEE80211_NODE_STAT(ni, tx_assoc_fail);
2396 frm = ieee80211_add_rates(frm, &ni->ni_rates);
2397 frm = ieee80211_add_xrates(frm, &ni->ni_rates);
2398 /* NB: respond according to what we received */
2399 if ((ni->ni_flags & HTFLAGS) == IEEE80211_NODE_HT) {
2400 frm = ieee80211_add_htcap(frm, ni);
2401 frm = ieee80211_add_htinfo(frm, ni);
2403 if ((vap->iv_flags & IEEE80211_F_WME) &&
2404 ni->ni_ies.wme_ie != NULL)
2405 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2406 if ((ni->ni_flags & HTFLAGS) == HTFLAGS) {
2407 frm = ieee80211_add_htcap_vendor(frm, ni);
2408 frm = ieee80211_add_htinfo_vendor(frm, ni);
2410 #ifdef IEEE80211_SUPPORT_SUPERG
2411 if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS))
2412 frm = ieee80211_add_ath(frm,
2413 IEEE80211_ATH_CAP(vap, ni, IEEE80211_F_ATHEROS),
2414 ((vap->iv_flags & IEEE80211_F_WPA) == 0 &&
2415 ni->ni_authmode != IEEE80211_AUTH_8021X) ?
2416 vap->iv_def_txkey : IEEE80211_KEYIX_NONE);
2417 #endif /* IEEE80211_SUPPORT_SUPERG */
2418 if (vap->iv_appie_assocresp != NULL)
2419 frm = add_appie(frm, vap->iv_appie_assocresp);
2420 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2423 case IEEE80211_FC0_SUBTYPE_DISASSOC:
2424 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni,
2425 "send station disassociate (reason %d)", arg);
2426 m = ieee80211_getmgtframe(&frm,
2427 ic->ic_headroom + sizeof(struct ieee80211_frame),
2430 senderr(ENOMEM, is_tx_nobuf);
2431 *(uint16_t *)frm = htole16(arg); /* reason */
2432 m->m_pkthdr.len = m->m_len = sizeof(uint16_t);
2434 IEEE80211_NODE_STAT(ni, tx_disassoc);
2435 IEEE80211_NODE_STAT_SET(ni, tx_disassoc_code, arg);
2439 IEEE80211_NOTE(vap, IEEE80211_MSG_ANY, ni,
2440 "invalid mgmt frame type %u", type);
2441 senderr(EINVAL, is_tx_unknownmgt);
2445 /* NB: force non-ProbeResp frames to the highest queue */
2446 params.ibp_pri = WME_AC_VO;
2447 params.ibp_rate0 = bss->ni_txparms->mgmtrate;
2448 /* NB: we know all frames are unicast */
2449 params.ibp_try0 = bss->ni_txparms->maxretry;
2450 params.ibp_power = bss->ni_txpower;
2451 return ieee80211_mgmt_output(ni, m, type, ¶ms);
2453 ieee80211_free_node(ni);
2460 * Return an mbuf with a probe response frame in it.
2461 * Space is left to prepend and 802.11 header at the
2462 * front but it's left to the caller to fill in.
2465 ieee80211_alloc_proberesp(struct ieee80211_node *bss, int legacy)
2467 struct ieee80211vap *vap = bss->ni_vap;
2468 struct ieee80211com *ic = bss->ni_ic;
2469 const struct ieee80211_rateset *rs;
2475 * probe response frame format
2477 * [2] beacon interval
2478 * [2] cabability information
2480 * [tlv] supported rates
2481 * [tlv] parameter set (FH/DS)
2482 * [tlv] parameter set (IBSS)
2483 * [tlv] country (optional)
2484 * [3] power control (optional)
2485 * [5] channel switch announcement (CSA) (optional)
2486 * [tlv] extended rate phy (ERP)
2487 * [tlv] extended supported rates
2488 * [tlv] RSN (optional)
2489 * [tlv] HT capabilities
2490 * [tlv] HT information
2491 * [tlv] WPA (optional)
2492 * [tlv] WME (optional)
2493 * [tlv] Vendor OUI HT capabilities (optional)
2494 * [tlv] Vendor OUI HT information (optional)
2495 * [tlv] Atheros capabilities
2496 * [tlv] AppIE's (optional)
2497 * [tlv] Mesh ID (MBSS)
2498 * [tlv] Mesh Conf (MBSS)
2500 m = ieee80211_getmgtframe(&frm,
2501 ic->ic_headroom + sizeof(struct ieee80211_frame),
2505 + 2 + IEEE80211_NWID_LEN
2506 + 2 + IEEE80211_RATE_SIZE
2508 + IEEE80211_COUNTRY_MAX_SIZE
2510 + sizeof(struct ieee80211_csa_ie)
2511 + sizeof(struct ieee80211_quiet_ie)
2513 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
2514 + sizeof(struct ieee80211_ie_wpa)
2515 + sizeof(struct ieee80211_ie_htcap)
2516 + sizeof(struct ieee80211_ie_htinfo)
2517 + sizeof(struct ieee80211_ie_wpa)
2518 + sizeof(struct ieee80211_wme_param)
2519 + 4 + sizeof(struct ieee80211_ie_htcap)
2520 + 4 + sizeof(struct ieee80211_ie_htinfo)
2521 #ifdef IEEE80211_SUPPORT_SUPERG
2522 + sizeof(struct ieee80211_ath_ie)
2524 #ifdef IEEE80211_SUPPORT_MESH
2525 + 2 + IEEE80211_MESHID_LEN
2526 + sizeof(struct ieee80211_meshconf_ie)
2528 + (vap->iv_appie_proberesp != NULL ?
2529 vap->iv_appie_proberesp->ie_len : 0)
2532 vap->iv_stats.is_tx_nobuf++;
2536 memset(frm, 0, 8); /* timestamp should be filled later */
2538 *(uint16_t *)frm = htole16(bss->ni_intval);
2540 capinfo = ieee80211_getcapinfo(vap, bss->ni_chan);
2541 *(uint16_t *)frm = htole16(capinfo);
2544 frm = ieee80211_add_ssid(frm, bss->ni_essid, bss->ni_esslen);
2545 rs = ieee80211_get_suprates(ic, bss->ni_chan);
2546 frm = ieee80211_add_rates(frm, rs);
2548 if (IEEE80211_IS_CHAN_FHSS(bss->ni_chan)) {
2549 *frm++ = IEEE80211_ELEMID_FHPARMS;
2551 *frm++ = bss->ni_fhdwell & 0x00ff;
2552 *frm++ = (bss->ni_fhdwell >> 8) & 0x00ff;
2553 *frm++ = IEEE80211_FH_CHANSET(
2554 ieee80211_chan2ieee(ic, bss->ni_chan));
2555 *frm++ = IEEE80211_FH_CHANPAT(
2556 ieee80211_chan2ieee(ic, bss->ni_chan));
2557 *frm++ = bss->ni_fhindex;
2559 *frm++ = IEEE80211_ELEMID_DSPARMS;
2561 *frm++ = ieee80211_chan2ieee(ic, bss->ni_chan);
2564 if (vap->iv_opmode == IEEE80211_M_IBSS) {
2565 *frm++ = IEEE80211_ELEMID_IBSSPARMS;
2567 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
2569 if ((vap->iv_flags & IEEE80211_F_DOTH) ||
2570 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD))
2571 frm = ieee80211_add_countryie(frm, ic);
2572 if (vap->iv_flags & IEEE80211_F_DOTH) {
2573 if (IEEE80211_IS_CHAN_5GHZ(bss->ni_chan))
2574 frm = ieee80211_add_powerconstraint(frm, vap);
2575 if (ic->ic_flags & IEEE80211_F_CSAPENDING)
2576 frm = ieee80211_add_csa(frm, vap);
2578 if (vap->iv_flags & IEEE80211_F_DOTH) {
2579 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) &&
2580 (vap->iv_flags_ext & IEEE80211_FEXT_DFS)) {
2582 frm = ieee80211_add_quiet(frm, vap);
2585 if (IEEE80211_IS_CHAN_ANYG(bss->ni_chan))
2586 frm = ieee80211_add_erp(frm, ic);
2587 frm = ieee80211_add_xrates(frm, rs);
2588 frm = ieee80211_add_rsn(frm, vap);
2590 * NB: legacy 11b clients do not get certain ie's.
2591 * The caller identifies such clients by passing
2592 * a token in legacy to us. Could expand this to be
2593 * any legacy client for stuff like HT ie's.
2595 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) &&
2596 legacy != IEEE80211_SEND_LEGACY_11B) {
2597 frm = ieee80211_add_htcap(frm, bss);
2598 frm = ieee80211_add_htinfo(frm, bss);
2600 frm = ieee80211_add_wpa(frm, vap);
2601 if (vap->iv_flags & IEEE80211_F_WME)
2602 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2603 if (IEEE80211_IS_CHAN_HT(bss->ni_chan) &&
2604 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT) &&
2605 legacy != IEEE80211_SEND_LEGACY_11B) {
2606 frm = ieee80211_add_htcap_vendor(frm, bss);
2607 frm = ieee80211_add_htinfo_vendor(frm, bss);
2609 #ifdef IEEE80211_SUPPORT_SUPERG
2610 if ((vap->iv_flags & IEEE80211_F_ATHEROS) &&
2611 legacy != IEEE80211_SEND_LEGACY_11B)
2612 frm = ieee80211_add_athcaps(frm, bss);
2614 if (vap->iv_appie_proberesp != NULL)
2615 frm = add_appie(frm, vap->iv_appie_proberesp);
2616 #ifdef IEEE80211_SUPPORT_MESH
2617 if (vap->iv_opmode == IEEE80211_M_MBSS) {
2618 frm = ieee80211_add_meshid(frm, vap);
2619 frm = ieee80211_add_meshconf(frm, vap);
2622 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2628 * Send a probe response frame to the specified mac address.
2629 * This does not go through the normal mgt frame api so we
2630 * can specify the destination address and re-use the bss node
2631 * for the sta reference.
2634 ieee80211_send_proberesp(struct ieee80211vap *vap,
2635 const uint8_t da[IEEE80211_ADDR_LEN], int legacy)
2637 struct ieee80211_node *bss = vap->iv_bss;
2638 struct ieee80211com *ic = vap->iv_ic;
2639 struct ieee80211_frame *wh;
2643 if (vap->iv_state == IEEE80211_S_CAC) {
2644 IEEE80211_NOTE(vap, IEEE80211_MSG_OUTPUT, bss,
2645 "block %s frame in CAC state", "probe response");
2646 vap->iv_stats.is_tx_badstate++;
2647 return EIO; /* XXX */
2651 * Hold a reference on the node so it doesn't go away until after
2652 * the xmit is complete all the way in the driver. On error we
2653 * will remove our reference.
2655 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
2656 "ieee80211_ref_node (%s:%u) %p<%s> refcnt %d\n",
2657 __func__, __LINE__, bss, ether_sprintf(bss->ni_macaddr),
2658 ieee80211_node_refcnt(bss)+1);
2659 ieee80211_ref_node(bss);
2661 m = ieee80211_alloc_proberesp(bss, legacy);
2663 ieee80211_free_node(bss);
2667 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT);
2668 KASSERT(m != NULL, ("no room for header"));
2670 IEEE80211_TX_LOCK(ic);
2671 wh = mtod(m, struct ieee80211_frame *);
2672 ieee80211_send_setup(bss, m,
2673 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP,
2674 IEEE80211_NONQOS_TID, vap->iv_myaddr, da, bss->ni_bssid);
2675 /* XXX power management? */
2676 m->m_flags |= M_ENCAP; /* mark encapsulated */
2678 M_WME_SETAC(m, WME_AC_BE);
2680 IEEE80211_DPRINTF(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_DUMPPKTS,
2681 "send probe resp on channel %u to %s%s\n",
2682 ieee80211_chan2ieee(ic, ic->ic_curchan), ether_sprintf(da),
2683 legacy ? " <legacy>" : "");
2684 IEEE80211_NODE_STAT(bss, tx_mgmt);
2686 ret = ieee80211_raw_output(vap, bss, m, NULL);
2687 IEEE80211_TX_UNLOCK(ic);
2692 * Allocate and build a RTS (Request To Send) control frame.
2695 ieee80211_alloc_rts(struct ieee80211com *ic,
2696 const uint8_t ra[IEEE80211_ADDR_LEN],
2697 const uint8_t ta[IEEE80211_ADDR_LEN],
2700 struct ieee80211_frame_rts *rts;
2703 /* XXX honor ic_headroom */
2704 m = m_gethdr(M_NOWAIT, MT_DATA);
2706 rts = mtod(m, struct ieee80211_frame_rts *);
2707 rts->i_fc[0] = IEEE80211_FC0_VERSION_0 |
2708 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_RTS;
2709 rts->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2710 *(u_int16_t *)rts->i_dur = htole16(dur);
2711 IEEE80211_ADDR_COPY(rts->i_ra, ra);
2712 IEEE80211_ADDR_COPY(rts->i_ta, ta);
2714 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_rts);
2720 * Allocate and build a CTS (Clear To Send) control frame.
2723 ieee80211_alloc_cts(struct ieee80211com *ic,
2724 const uint8_t ra[IEEE80211_ADDR_LEN], uint16_t dur)
2726 struct ieee80211_frame_cts *cts;
2729 /* XXX honor ic_headroom */
2730 m = m_gethdr(M_NOWAIT, MT_DATA);
2732 cts = mtod(m, struct ieee80211_frame_cts *);
2733 cts->i_fc[0] = IEEE80211_FC0_VERSION_0 |
2734 IEEE80211_FC0_TYPE_CTL | IEEE80211_FC0_SUBTYPE_CTS;
2735 cts->i_fc[1] = IEEE80211_FC1_DIR_NODS;
2736 *(u_int16_t *)cts->i_dur = htole16(dur);
2737 IEEE80211_ADDR_COPY(cts->i_ra, ra);
2739 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame_cts);
2745 ieee80211_tx_mgt_timeout(void *arg)
2747 struct ieee80211vap *vap = arg;
2749 IEEE80211_LOCK(vap->iv_ic);
2750 if (vap->iv_state != IEEE80211_S_INIT &&
2751 (vap->iv_ic->ic_flags & IEEE80211_F_SCAN) == 0) {
2753 * NB: it's safe to specify a timeout as the reason here;
2754 * it'll only be used in the right state.
2756 ieee80211_new_state_locked(vap, IEEE80211_S_SCAN,
2757 IEEE80211_SCAN_FAIL_TIMEOUT);
2759 IEEE80211_UNLOCK(vap->iv_ic);
2763 * This is the callback set on net80211-sourced transmitted
2764 * authentication request frames.
2766 * This does a couple of things:
2768 * + If the frame transmitted was a success, it schedules a future
2769 * event which will transition the interface to scan.
2770 * If a state transition _then_ occurs before that event occurs,
2771 * said state transition will cancel this callout.
2773 * + If the frame transmit was a failure, it immediately schedules
2774 * the transition back to scan.
2777 ieee80211_tx_mgt_cb(struct ieee80211_node *ni, void *arg, int status)
2779 struct ieee80211vap *vap = ni->ni_vap;
2780 enum ieee80211_state ostate = (enum ieee80211_state) arg;
2783 * Frame transmit completed; arrange timer callback. If
2784 * transmit was successfuly we wait for response. Otherwise
2785 * we arrange an immediate callback instead of doing the
2786 * callback directly since we don't know what state the driver
2787 * is in (e.g. what locks it is holding). This work should
2788 * not be too time-critical and not happen too often so the
2789 * added overhead is acceptable.
2791 * XXX what happens if !acked but response shows up before callback?
2793 if (vap->iv_state == ostate) {
2794 callout_reset(&vap->iv_mgtsend,
2795 status == 0 ? IEEE80211_TRANS_WAIT*hz : 0,
2796 ieee80211_tx_mgt_timeout, vap);
2801 ieee80211_beacon_construct(struct mbuf *m, uint8_t *frm,
2802 struct ieee80211_beacon_offsets *bo, struct ieee80211_node *ni)
2804 struct ieee80211vap *vap = ni->ni_vap;
2805 struct ieee80211com *ic = ni->ni_ic;
2806 struct ieee80211_rateset *rs = &ni->ni_rates;
2810 * beacon frame format
2812 * [2] beacon interval
2813 * [2] cabability information
2815 * [tlv] supported rates
2816 * [3] parameter set (DS)
2817 * [8] CF parameter set (optional)
2818 * [tlv] parameter set (IBSS/TIM)
2819 * [tlv] country (optional)
2820 * [3] power control (optional)
2821 * [5] channel switch announcement (CSA) (optional)
2822 * [tlv] extended rate phy (ERP)
2823 * [tlv] extended supported rates
2824 * [tlv] RSN parameters
2825 * [tlv] HT capabilities
2826 * [tlv] HT information
2827 * XXX Vendor-specific OIDs (e.g. Atheros)
2828 * [tlv] WPA parameters
2829 * [tlv] WME parameters
2830 * [tlv] Vendor OUI HT capabilities (optional)
2831 * [tlv] Vendor OUI HT information (optional)
2832 * [tlv] Atheros capabilities (optional)
2833 * [tlv] TDMA parameters (optional)
2834 * [tlv] Mesh ID (MBSS)
2835 * [tlv] Mesh Conf (MBSS)
2836 * [tlv] application data (optional)
2839 memset(bo, 0, sizeof(*bo));
2841 memset(frm, 0, 8); /* XXX timestamp is set by hardware/driver */
2843 *(uint16_t *)frm = htole16(ni->ni_intval);
2845 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan);
2846 bo->bo_caps = (uint16_t *)frm;
2847 *(uint16_t *)frm = htole16(capinfo);
2849 *frm++ = IEEE80211_ELEMID_SSID;
2850 if ((vap->iv_flags & IEEE80211_F_HIDESSID) == 0) {
2851 *frm++ = ni->ni_esslen;
2852 memcpy(frm, ni->ni_essid, ni->ni_esslen);
2853 frm += ni->ni_esslen;
2856 frm = ieee80211_add_rates(frm, rs);
2857 if (!IEEE80211_IS_CHAN_FHSS(ni->ni_chan)) {
2858 *frm++ = IEEE80211_ELEMID_DSPARMS;
2860 *frm++ = ieee80211_chan2ieee(ic, ni->ni_chan);
2862 if (ic->ic_flags & IEEE80211_F_PCF) {
2864 frm = ieee80211_add_cfparms(frm, ic);
2867 if (vap->iv_opmode == IEEE80211_M_IBSS) {
2868 *frm++ = IEEE80211_ELEMID_IBSSPARMS;
2870 *frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
2872 } else if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
2873 vap->iv_opmode == IEEE80211_M_MBSS) {
2874 /* TIM IE is the same for Mesh and Hostap */
2875 struct ieee80211_tim_ie *tie = (struct ieee80211_tim_ie *) frm;
2877 tie->tim_ie = IEEE80211_ELEMID_TIM;
2878 tie->tim_len = 4; /* length */
2879 tie->tim_count = 0; /* DTIM count */
2880 tie->tim_period = vap->iv_dtim_period; /* DTIM period */
2881 tie->tim_bitctl = 0; /* bitmap control */
2882 tie->tim_bitmap[0] = 0; /* Partial Virtual Bitmap */
2883 frm += sizeof(struct ieee80211_tim_ie);
2886 bo->bo_tim_trailer = frm;
2887 if ((vap->iv_flags & IEEE80211_F_DOTH) ||
2888 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD))
2889 frm = ieee80211_add_countryie(frm, ic);
2890 if (vap->iv_flags & IEEE80211_F_DOTH) {
2891 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
2892 frm = ieee80211_add_powerconstraint(frm, vap);
2894 if (ic->ic_flags & IEEE80211_F_CSAPENDING)
2895 frm = ieee80211_add_csa(frm, vap);
2899 if (vap->iv_flags & IEEE80211_F_DOTH) {
2901 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) &&
2902 (vap->iv_flags_ext & IEEE80211_FEXT_DFS)) {
2904 frm = ieee80211_add_quiet(frm,vap);
2909 if (IEEE80211_IS_CHAN_ANYG(ni->ni_chan)) {
2911 frm = ieee80211_add_erp(frm, ic);
2913 frm = ieee80211_add_xrates(frm, rs);
2914 frm = ieee80211_add_rsn(frm, vap);
2915 if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
2916 frm = ieee80211_add_htcap(frm, ni);
2917 bo->bo_htinfo = frm;
2918 frm = ieee80211_add_htinfo(frm, ni);
2920 frm = ieee80211_add_wpa(frm, vap);
2921 if (vap->iv_flags & IEEE80211_F_WME) {
2923 frm = ieee80211_add_wme_param(frm, &ic->ic_wme);
2925 if (IEEE80211_IS_CHAN_HT(ni->ni_chan) &&
2926 (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT)) {
2927 frm = ieee80211_add_htcap_vendor(frm, ni);
2928 frm = ieee80211_add_htinfo_vendor(frm, ni);
2930 #ifdef IEEE80211_SUPPORT_SUPERG
2931 if (vap->iv_flags & IEEE80211_F_ATHEROS) {
2933 frm = ieee80211_add_athcaps(frm, ni);
2936 #ifdef IEEE80211_SUPPORT_TDMA
2937 if (vap->iv_caps & IEEE80211_C_TDMA) {
2939 frm = ieee80211_add_tdma(frm, vap);
2942 if (vap->iv_appie_beacon != NULL) {
2944 bo->bo_appie_len = vap->iv_appie_beacon->ie_len;
2945 frm = add_appie(frm, vap->iv_appie_beacon);
2947 #ifdef IEEE80211_SUPPORT_MESH
2948 if (vap->iv_opmode == IEEE80211_M_MBSS) {
2949 frm = ieee80211_add_meshid(frm, vap);
2950 bo->bo_meshconf = frm;
2951 frm = ieee80211_add_meshconf(frm, vap);
2954 bo->bo_tim_trailer_len = frm - bo->bo_tim_trailer;
2955 bo->bo_csa_trailer_len = frm - bo->bo_csa;
2956 m->m_pkthdr.len = m->m_len = frm - mtod(m, uint8_t *);
2960 * Allocate a beacon frame and fillin the appropriate bits.
2963 ieee80211_beacon_alloc(struct ieee80211_node *ni,
2964 struct ieee80211_beacon_offsets *bo)
2966 struct ieee80211vap *vap = ni->ni_vap;
2967 struct ieee80211com *ic = ni->ni_ic;
2968 struct ifnet *ifp = vap->iv_ifp;
2969 struct ieee80211_frame *wh;
2975 * beacon frame format
2977 * [2] beacon interval
2978 * [2] cabability information
2980 * [tlv] supported rates
2981 * [3] parameter set (DS)
2982 * [8] CF parameter set (optional)
2983 * [tlv] parameter set (IBSS/TIM)
2984 * [tlv] country (optional)
2985 * [3] power control (optional)
2986 * [5] channel switch announcement (CSA) (optional)
2987 * [tlv] extended rate phy (ERP)
2988 * [tlv] extended supported rates
2989 * [tlv] RSN parameters
2990 * [tlv] HT capabilities
2991 * [tlv] HT information
2992 * [tlv] Vendor OUI HT capabilities (optional)
2993 * [tlv] Vendor OUI HT information (optional)
2994 * XXX Vendor-specific OIDs (e.g. Atheros)
2995 * [tlv] WPA parameters
2996 * [tlv] WME parameters
2997 * [tlv] TDMA parameters (optional)
2998 * [tlv] Mesh ID (MBSS)
2999 * [tlv] Mesh Conf (MBSS)
3000 * [tlv] application data (optional)
3001 * NB: we allocate the max space required for the TIM bitmap.
3002 * XXX how big is this?
3004 pktlen = 8 /* time stamp */
3005 + sizeof(uint16_t) /* beacon interval */
3006 + sizeof(uint16_t) /* capabilities */
3007 + 2 + ni->ni_esslen /* ssid */
3008 + 2 + IEEE80211_RATE_SIZE /* supported rates */
3009 + 2 + 1 /* DS parameters */
3010 + 2 + 6 /* CF parameters */
3011 + 2 + 4 + vap->iv_tim_len /* DTIM/IBSSPARMS */
3012 + IEEE80211_COUNTRY_MAX_SIZE /* country */
3013 + 2 + 1 /* power control */
3014 + sizeof(struct ieee80211_csa_ie) /* CSA */
3015 + sizeof(struct ieee80211_quiet_ie) /* Quiet */
3017 + 2 + (IEEE80211_RATE_MAXSIZE - IEEE80211_RATE_SIZE)
3018 + (vap->iv_caps & IEEE80211_C_WPA ? /* WPA 1+2 */
3019 2*sizeof(struct ieee80211_ie_wpa) : 0)
3020 /* XXX conditional? */
3021 + 4+2*sizeof(struct ieee80211_ie_htcap)/* HT caps */
3022 + 4+2*sizeof(struct ieee80211_ie_htinfo)/* HT info */
3023 + (vap->iv_caps & IEEE80211_C_WME ? /* WME */
3024 sizeof(struct ieee80211_wme_param) : 0)
3025 #ifdef IEEE80211_SUPPORT_SUPERG
3026 + sizeof(struct ieee80211_ath_ie) /* ATH */
3028 #ifdef IEEE80211_SUPPORT_TDMA
3029 + (vap->iv_caps & IEEE80211_C_TDMA ? /* TDMA */
3030 sizeof(struct ieee80211_tdma_param) : 0)
3032 #ifdef IEEE80211_SUPPORT_MESH
3033 + 2 + ni->ni_meshidlen
3034 + sizeof(struct ieee80211_meshconf_ie)
3036 + IEEE80211_MAX_APPIE
3038 m = ieee80211_getmgtframe(&frm,
3039 ic->ic_headroom + sizeof(struct ieee80211_frame), pktlen);
3041 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ANY,
3042 "%s: cannot get buf; size %u\n", __func__, pktlen);
3043 vap->iv_stats.is_tx_nobuf++;
3046 ieee80211_beacon_construct(m, frm, bo, ni);
3048 M_PREPEND(m, sizeof(struct ieee80211_frame), M_NOWAIT);
3049 KASSERT(m != NULL, ("no space for 802.11 header?"));
3050 wh = mtod(m, struct ieee80211_frame *);
3051 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
3052 IEEE80211_FC0_SUBTYPE_BEACON;
3053 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
3054 *(uint16_t *)wh->i_dur = 0;
3055 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
3056 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
3057 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid);
3058 *(uint16_t *)wh->i_seq = 0;
3064 * Update the dynamic parts of a beacon frame based on the current state.
3067 ieee80211_beacon_update(struct ieee80211_node *ni,
3068 struct ieee80211_beacon_offsets *bo, struct mbuf *m, int mcast)
3070 struct ieee80211vap *vap = ni->ni_vap;
3071 struct ieee80211com *ic = ni->ni_ic;
3072 int len_changed = 0;
3074 struct ieee80211_frame *wh;
3075 ieee80211_seq seqno;
3079 * Handle 11h channel change when we've reached the count.
3080 * We must recalculate the beacon frame contents to account
3081 * for the new channel. Note we do this only for the first
3082 * vap that reaches this point; subsequent vaps just update
3083 * their beacon state to reflect the recalculated channel.
3085 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA) &&
3086 vap->iv_csa_count == ic->ic_csa_count) {
3087 vap->iv_csa_count = 0;
3089 * Effect channel change before reconstructing the beacon
3090 * frame contents as many places reference ni_chan.
3092 if (ic->ic_csa_newchan != NULL)
3093 ieee80211_csa_completeswitch(ic);
3095 * NB: ieee80211_beacon_construct clears all pending
3096 * updates in bo_flags so we don't need to explicitly
3097 * clear IEEE80211_BEACON_CSA.
3099 ieee80211_beacon_construct(m,
3100 mtod(m, uint8_t*) + sizeof(struct ieee80211_frame), bo, ni);
3102 /* XXX do WME aggressive mode processing? */
3103 IEEE80211_UNLOCK(ic);
3104 return 1; /* just assume length changed */
3107 wh = mtod(m, struct ieee80211_frame *);
3108 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]++;
3109 *(uint16_t *)&wh->i_seq[0] =
3110 htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT);
3111 M_SEQNO_SET(m, seqno);
3113 /* XXX faster to recalculate entirely or just changes? */
3114 capinfo = ieee80211_getcapinfo(vap, ni->ni_chan);
3115 *bo->bo_caps = htole16(capinfo);
3117 if (vap->iv_flags & IEEE80211_F_WME) {
3118 struct ieee80211_wme_state *wme = &ic->ic_wme;
3121 * Check for agressive mode change. When there is
3122 * significant high priority traffic in the BSS
3123 * throttle back BE traffic by using conservative
3124 * parameters. Otherwise BE uses agressive params
3125 * to optimize performance of legacy/non-QoS traffic.
3127 if (wme->wme_flags & WME_F_AGGRMODE) {
3128 if (wme->wme_hipri_traffic >
3129 wme->wme_hipri_switch_thresh) {
3130 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME,
3131 "%s: traffic %u, disable aggressive mode\n",
3132 __func__, wme->wme_hipri_traffic);
3133 wme->wme_flags &= ~WME_F_AGGRMODE;
3134 ieee80211_wme_updateparams_locked(vap);
3135 wme->wme_hipri_traffic =
3136 wme->wme_hipri_switch_hysteresis;
3138 wme->wme_hipri_traffic = 0;
3140 if (wme->wme_hipri_traffic <=
3141 wme->wme_hipri_switch_thresh) {
3142 IEEE80211_DPRINTF(vap, IEEE80211_MSG_WME,
3143 "%s: traffic %u, enable aggressive mode\n",
3144 __func__, wme->wme_hipri_traffic);
3145 wme->wme_flags |= WME_F_AGGRMODE;
3146 ieee80211_wme_updateparams_locked(vap);
3147 wme->wme_hipri_traffic = 0;
3149 wme->wme_hipri_traffic =
3150 wme->wme_hipri_switch_hysteresis;
3152 if (isset(bo->bo_flags, IEEE80211_BEACON_WME)) {
3153 (void) ieee80211_add_wme_param(bo->bo_wme, wme);
3154 clrbit(bo->bo_flags, IEEE80211_BEACON_WME);
3158 if (isset(bo->bo_flags, IEEE80211_BEACON_HTINFO)) {
3159 ieee80211_ht_update_beacon(vap, bo);
3160 clrbit(bo->bo_flags, IEEE80211_BEACON_HTINFO);
3162 #ifdef IEEE80211_SUPPORT_TDMA
3163 if (vap->iv_caps & IEEE80211_C_TDMA) {
3165 * NB: the beacon is potentially updated every TBTT.
3167 ieee80211_tdma_update_beacon(vap, bo);
3170 #ifdef IEEE80211_SUPPORT_MESH
3171 if (vap->iv_opmode == IEEE80211_M_MBSS)
3172 ieee80211_mesh_update_beacon(vap, bo);
3175 if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
3176 vap->iv_opmode == IEEE80211_M_MBSS) { /* NB: no IBSS support*/
3177 struct ieee80211_tim_ie *tie =
3178 (struct ieee80211_tim_ie *) bo->bo_tim;
3179 if (isset(bo->bo_flags, IEEE80211_BEACON_TIM)) {
3180 u_int timlen, timoff, i;
3182 * ATIM/DTIM needs updating. If it fits in the
3183 * current space allocated then just copy in the
3184 * new bits. Otherwise we need to move any trailing
3185 * data to make room. Note that we know there is
3186 * contiguous space because ieee80211_beacon_allocate
3187 * insures there is space in the mbuf to write a
3188 * maximal-size virtual bitmap (based on iv_max_aid).
3191 * Calculate the bitmap size and offset, copy any
3192 * trailer out of the way, and then copy in the
3193 * new bitmap and update the information element.
3194 * Note that the tim bitmap must contain at least
3195 * one byte and any offset must be even.
3197 if (vap->iv_ps_pending != 0) {
3198 timoff = 128; /* impossibly large */
3199 for (i = 0; i < vap->iv_tim_len; i++)
3200 if (vap->iv_tim_bitmap[i]) {
3204 KASSERT(timoff != 128, ("tim bitmap empty!"));
3205 for (i = vap->iv_tim_len-1; i >= timoff; i--)
3206 if (vap->iv_tim_bitmap[i])
3208 timlen = 1 + (i - timoff);
3213 if (timlen != bo->bo_tim_len) {
3214 /* copy up/down trailer */
3215 int adjust = tie->tim_bitmap+timlen
3216 - bo->bo_tim_trailer;
3217 ovbcopy(bo->bo_tim_trailer,
3218 bo->bo_tim_trailer+adjust,
3219 bo->bo_tim_trailer_len);
3220 bo->bo_tim_trailer += adjust;
3221 bo->bo_erp += adjust;
3222 bo->bo_htinfo += adjust;
3223 #ifdef IEEE80211_SUPPORT_SUPERG
3224 bo->bo_ath += adjust;
3226 #ifdef IEEE80211_SUPPORT_TDMA
3227 bo->bo_tdma += adjust;
3229 #ifdef IEEE80211_SUPPORT_MESH
3230 bo->bo_meshconf += adjust;
3232 bo->bo_appie += adjust;
3233 bo->bo_wme += adjust;
3234 bo->bo_csa += adjust;
3235 bo->bo_quiet += adjust;
3236 bo->bo_tim_len = timlen;
3238 /* update information element */
3239 tie->tim_len = 3 + timlen;
3240 tie->tim_bitctl = timoff;
3243 memcpy(tie->tim_bitmap, vap->iv_tim_bitmap + timoff,
3246 clrbit(bo->bo_flags, IEEE80211_BEACON_TIM);
3248 IEEE80211_DPRINTF(vap, IEEE80211_MSG_POWER,
3249 "%s: TIM updated, pending %u, off %u, len %u\n",
3250 __func__, vap->iv_ps_pending, timoff, timlen);
3252 /* count down DTIM period */
3253 if (tie->tim_count == 0)
3254 tie->tim_count = tie->tim_period - 1;
3257 /* update state for buffered multicast frames on DTIM */
3258 if (mcast && tie->tim_count == 0)
3259 tie->tim_bitctl |= 1;
3261 tie->tim_bitctl &= ~1;
3262 if (isset(bo->bo_flags, IEEE80211_BEACON_CSA)) {
3263 struct ieee80211_csa_ie *csa =
3264 (struct ieee80211_csa_ie *) bo->bo_csa;
3267 * Insert or update CSA ie. If we're just starting
3268 * to count down to the channel switch then we need
3269 * to insert the CSA ie. Otherwise we just need to
3270 * drop the count. The actual change happens above
3271 * when the vap's count reaches the target count.
3273 if (vap->iv_csa_count == 0) {
3274 memmove(&csa[1], csa, bo->bo_csa_trailer_len);
3275 bo->bo_erp += sizeof(*csa);
3276 bo->bo_htinfo += sizeof(*csa);
3277 bo->bo_wme += sizeof(*csa);
3278 #ifdef IEEE80211_SUPPORT_SUPERG
3279 bo->bo_ath += sizeof(*csa);
3281 #ifdef IEEE80211_SUPPORT_TDMA
3282 bo->bo_tdma += sizeof(*csa);
3284 #ifdef IEEE80211_SUPPORT_MESH
3285 bo->bo_meshconf += sizeof(*csa);
3287 bo->bo_appie += sizeof(*csa);
3288 bo->bo_csa_trailer_len += sizeof(*csa);
3289 bo->bo_quiet += sizeof(*csa);
3290 bo->bo_tim_trailer_len += sizeof(*csa);
3291 m->m_len += sizeof(*csa);
3292 m->m_pkthdr.len += sizeof(*csa);
3294 ieee80211_add_csa(bo->bo_csa, vap);
3297 vap->iv_csa_count++;
3298 /* NB: don't clear IEEE80211_BEACON_CSA */
3300 if (IEEE80211_IS_CHAN_DFS(ic->ic_bsschan) &&
3301 (vap->iv_flags_ext & IEEE80211_FEXT_DFS) ){
3303 ieee80211_add_quiet(bo->bo_quiet, vap);
3305 if (isset(bo->bo_flags, IEEE80211_BEACON_ERP)) {
3307 * ERP element needs updating.
3309 (void) ieee80211_add_erp(bo->bo_erp, ic);
3310 clrbit(bo->bo_flags, IEEE80211_BEACON_ERP);
3312 #ifdef IEEE80211_SUPPORT_SUPERG
3313 if (isset(bo->bo_flags, IEEE80211_BEACON_ATH)) {
3314 ieee80211_add_athcaps(bo->bo_ath, ni);
3315 clrbit(bo->bo_flags, IEEE80211_BEACON_ATH);
3319 if (isset(bo->bo_flags, IEEE80211_BEACON_APPIE)) {
3320 const struct ieee80211_appie *aie = vap->iv_appie_beacon;
3326 aielen += aie->ie_len;
3327 if (aielen != bo->bo_appie_len) {
3328 /* copy up/down trailer */
3329 int adjust = aielen - bo->bo_appie_len;
3330 ovbcopy(bo->bo_tim_trailer, bo->bo_tim_trailer+adjust,
3331 bo->bo_tim_trailer_len);
3332 bo->bo_tim_trailer += adjust;
3333 bo->bo_appie += adjust;
3334 bo->bo_appie_len = aielen;
3340 frm = add_appie(frm, aie);
3341 clrbit(bo->bo_flags, IEEE80211_BEACON_APPIE);
3343 IEEE80211_UNLOCK(ic);
3349 * Do Ethernet-LLC encapsulation for each payload in a fast frame
3350 * tunnel encapsulation. The frame is assumed to have an Ethernet
3351 * header at the front that must be stripped before prepending the
3352 * LLC followed by the Ethernet header passed in (with an Ethernet
3353 * type that specifies the payload size).
3356 ieee80211_ff_encap1(struct ieee80211vap *vap, struct mbuf *m,
3357 const struct ether_header *eh)
3362 /* XXX optimize by combining m_adj+M_PREPEND */
3363 m_adj(m, sizeof(struct ether_header) - sizeof(struct llc));
3364 llc = mtod(m, struct llc *);
3365 llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP;
3366 llc->llc_control = LLC_UI;
3367 llc->llc_snap.org_code[0] = 0;
3368 llc->llc_snap.org_code[1] = 0;
3369 llc->llc_snap.org_code[2] = 0;
3370 llc->llc_snap.ether_type = eh->ether_type;
3371 payload = m->m_pkthdr.len; /* NB: w/o Ethernet header */
3373 M_PREPEND(m, sizeof(struct ether_header), M_NOWAIT);
3374 if (m == NULL) { /* XXX cannot happen */
3375 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SUPERG,
3376 "%s: no space for ether_header\n", __func__);
3377 vap->iv_stats.is_tx_nobuf++;
3380 ETHER_HEADER_COPY(mtod(m, void *), eh);
3381 mtod(m, struct ether_header *)->ether_type = htons(payload);
3386 * Complete an mbuf transmission.
3388 * For now, this simply processes a completed frame after the
3389 * driver has completed it's transmission and/or retransmission.
3390 * It assumes the frame is an 802.11 encapsulated frame.
3392 * Later on it will grow to become the exit path for a given frame
3393 * from the driver and, depending upon how it's been encapsulated
3394 * and already transmitted, it may end up doing A-MPDU retransmission,
3395 * power save requeuing, etc.
3397 * In order for the above to work, the driver entry point to this
3398 * must not hold any driver locks. Thus, the driver needs to delay
3399 * any actual mbuf completion until it can release said locks.
3401 * This frees the mbuf and if the mbuf has a node reference,
3402 * the node reference will be freed.
3405 ieee80211_tx_complete(struct ieee80211_node *ni, struct mbuf *m, int status)
3409 if (m->m_flags & M_TXCB)
3410 ieee80211_process_callback(ni, m, status);
3411 ieee80211_free_node(ni);
projects / FreeBSD / releng / 10.2.git / blob