2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
32 #include <sys/param.h>
33 #include <sys/systm.h>
35 #include <sys/malloc.h>
36 #include <sys/endian.h>
37 #include <sys/kernel.h>
39 #include <sys/socket.h>
41 #include <net/ethernet.h>
43 #include <net/if_var.h>
44 #include <net/if_llc.h>
45 #include <net/if_media.h>
46 #if defined(__DragonFly__)
47 #include <net/vlan/if_vlan_var.h>
49 #include <net/if_vlan_var.h>
52 #include <netproto/802_11/ieee80211_var.h>
53 #include <netproto/802_11/ieee80211_input.h>
54 #ifdef IEEE80211_SUPPORT_MESH
55 #include <netproto/802_11/ieee80211_mesh.h>
61 #include <netinet/in.h>
62 #include <net/ethernet.h>
66 ieee80211_process_mimo(struct ieee80211_node *ni, struct ieee80211_rx_stats *rx)
70 /* Verify the required MIMO bits are set */
71 if ((rx->r_flags & (IEEE80211_R_C_CHAIN | IEEE80211_R_C_NF | IEEE80211_R_C_RSSI)) !=
72 (IEEE80211_R_C_CHAIN | IEEE80211_R_C_NF | IEEE80211_R_C_RSSI))
75 /* XXX This assumes the MIMO radios have both ctl and ext chains */
76 for (i = 0; i < MIN(rx->c_chain, IEEE80211_MAX_CHAINS); i++) {
77 IEEE80211_RSSI_LPF(ni->ni_mimo_rssi_ctl[i], rx->c_rssi_ctl[i]);
78 IEEE80211_RSSI_LPF(ni->ni_mimo_rssi_ext[i], rx->c_rssi_ext[i]);
81 /* XXX This also assumes the MIMO radios have both ctl and ext chains */
82 for(i = 0; i < MIN(rx->c_chain, IEEE80211_MAX_CHAINS); i++) {
83 ni->ni_mimo_noise_ctl[i] = rx->c_nf_ctl[i];
84 ni->ni_mimo_noise_ext[i] = rx->c_nf_ext[i];
86 ni->ni_mimo_chains = rx->c_chain;
90 ieee80211_input_mimo(struct ieee80211_node *ni, struct mbuf *m,
91 struct ieee80211_rx_stats *rx)
93 struct ieee80211_rx_stats rxs;
96 memcpy(&rxs, rx, sizeof(*rx));
98 /* try to read from mbuf */
99 bzero(&rxs, sizeof(rxs));
100 ieee80211_get_rx_params(m, &rxs);
103 /* XXX should assert IEEE80211_R_NF and IEEE80211_R_RSSI are set */
104 ieee80211_process_mimo(ni, &rxs);
106 //return ieee80211_input(ni, m, rx->rssi, rx->nf);
107 return ni->ni_vap->iv_input(ni, m, &rxs, rxs.rssi, rxs.nf);
111 ieee80211_input_all(struct ieee80211com *ic, struct mbuf *m, int rssi, int nf)
113 struct ieee80211_rx_stats rx;
115 rx.r_flags = IEEE80211_R_NF | IEEE80211_R_RSSI;
118 return ieee80211_input_mimo_all(ic, m, &rx);
122 ieee80211_input_mimo_all(struct ieee80211com *ic, struct mbuf *m,
123 struct ieee80211_rx_stats *rx)
125 struct ieee80211_rx_stats rxs;
126 struct ieee80211vap *vap;
129 m->m_flags |= M_BCAST; /* NB: mark for bpf tap'ing */
132 memcpy(&rxs, rx, sizeof(*rx));
134 /* try to read from mbuf */
135 bzero(&rxs, sizeof(rxs));
136 ieee80211_get_rx_params(m, &rxs);
140 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
141 struct ieee80211_node *ni;
144 /* NB: could check for IFF_UP but this is cheaper */
145 if (vap->iv_state == IEEE80211_S_INIT)
148 * WDS vap's only receive directed traffic from the
149 * station at the ``far end''. That traffic should
150 * be passed through the AP vap the station is associated
151 * to--so don't spam them with mcast frames.
153 if (vap->iv_opmode == IEEE80211_M_WDS)
155 if (TAILQ_NEXT(vap, iv_next) != NULL) {
157 * Packet contents are changed by ieee80211_decap
158 * so do a deep copy of the packet.
160 mcopy = m_dup(m, M_NOWAIT);
169 ni = ieee80211_ref_node(vap->iv_bss);
170 type = ieee80211_input_mimo(ni, mcopy, &rxs);
171 ieee80211_free_node(ni);
173 if (m != NULL) /* no vaps, reclaim mbuf */
179 * This function reassembles fragments.
181 * XXX should handle 3 concurrent reassemblies per-spec.
184 ieee80211_defrag(struct ieee80211_node *ni, struct mbuf *m, int hdrspace)
186 struct ieee80211vap *vap = ni->ni_vap;
187 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *);
188 struct ieee80211_frame *lwh;
191 uint8_t more_frag = wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG;
194 KASSERT(!IEEE80211_IS_MULTICAST(wh->i_addr1), ("multicast fragm?"));
196 rxseq = le16toh(*(uint16_t *)wh->i_seq);
197 fragno = rxseq & IEEE80211_SEQ_FRAG_MASK;
199 /* Quick way out, if there's nothing to defragment */
200 if (!more_frag && fragno == 0 && ni->ni_rxfrag[0] == NULL)
204 * Remove frag to insure it doesn't get reaped by timer.
206 if (ni->ni_table == NULL) {
208 * Should never happen. If the node is orphaned (not in
209 * the table) then input packets should not reach here.
210 * Otherwise, a concurrent request that yanks the table
211 * should be blocked by other interlocking and/or by first
212 * shutting the driver down. Regardless, be defensive
215 /* XXX need msg+stat */
219 IEEE80211_NODE_LOCK(ni->ni_table);
220 mfrag = ni->ni_rxfrag[0];
221 ni->ni_rxfrag[0] = NULL;
222 IEEE80211_NODE_UNLOCK(ni->ni_table);
225 * Validate new fragment is in order and
226 * related to the previous ones.
231 lwh = mtod(mfrag, struct ieee80211_frame *);
232 last_rxseq = le16toh(*(uint16_t *)lwh->i_seq);
233 /* NB: check seq # and frag together */
234 if (rxseq != last_rxseq+1 ||
235 !IEEE80211_ADDR_EQ(wh->i_addr1, lwh->i_addr1) ||
236 !IEEE80211_ADDR_EQ(wh->i_addr2, lwh->i_addr2)) {
238 * Unrelated fragment or no space for it,
239 * clear current fragments.
247 if (fragno != 0) { /* !first fragment, discard */
248 vap->iv_stats.is_rx_defrag++;
249 IEEE80211_NODE_STAT(ni, rx_defrag);
254 } else { /* concatenate */
255 m_adj(m, hdrspace); /* strip header */
256 #if defined(__DragonFly__)
258 /* NB: m_cat doesn't update the packet header */
259 mfrag->m_pkthdr.len += m->m_pkthdr.len;
263 /* track last seqnum and fragno */
264 lwh = mtod(mfrag, struct ieee80211_frame *);
265 *(uint16_t *) lwh->i_seq = *(uint16_t *) wh->i_seq;
267 if (more_frag) { /* more to come, save */
268 ni->ni_rxfragstamp = ticks;
269 ni->ni_rxfrag[0] = mfrag;
276 ieee80211_deliver_data(struct ieee80211vap *vap,
277 struct ieee80211_node *ni, struct mbuf *m)
279 struct ether_header *eh = mtod(m, struct ether_header *);
280 struct ifnet *ifp = vap->iv_ifp;
282 /* clear driver/net80211 flags before passing up */
283 m->m_flags &= ~(M_MCAST | M_BCAST);
284 #if defined(__DragonFly__)
289 /* NB: see hostap_deliver_data, this path doesn't handle hostap */
290 KASSERT(vap->iv_opmode != IEEE80211_M_HOSTAP, ("gack, hostap"));
294 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
295 IEEE80211_NODE_STAT(ni, rx_data);
296 IEEE80211_NODE_STAT_ADD(ni, rx_bytes, m->m_pkthdr.len);
297 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
298 m->m_flags |= M_MCAST; /* XXX M_BCAST? */
299 IEEE80211_NODE_STAT(ni, rx_mcast);
301 IEEE80211_NODE_STAT(ni, rx_ucast);
302 m->m_pkthdr.rcvif = ifp;
304 if (ni->ni_vlan != 0) {
305 /* attach vlan tag */
306 #if defined(__DragonFly__)
307 m->m_pkthdr.ether_vlantag = ni->ni_vlan;
309 m->m_pkthdr.ether_vtag = ni->ni_vlan;
311 m->m_flags |= M_VLANTAG;
313 #if defined(__DragonFly__)
314 ifp->if_input(ifp, m, NULL, -1);
316 ifp->if_input(ifp, m);
321 ieee80211_decap(struct ieee80211vap *vap, struct mbuf *m, int hdrlen)
323 struct ieee80211_qosframe_addr4 wh;
324 struct ether_header *eh;
327 KASSERT(hdrlen <= sizeof(wh),
328 ("hdrlen %d > max %zd", hdrlen, sizeof(wh)));
330 if (m->m_len < hdrlen + sizeof(*llc) &&
331 (m = m_pullup(m, hdrlen + sizeof(*llc))) == NULL) {
332 vap->iv_stats.is_rx_tooshort++;
336 memcpy(&wh, mtod(m, caddr_t), hdrlen);
337 llc = (struct llc *)(mtod(m, caddr_t) + hdrlen);
338 if (llc->llc_dsap == LLC_SNAP_LSAP && llc->llc_ssap == LLC_SNAP_LSAP &&
339 llc->llc_control == LLC_UI && llc->llc_snap.org_code[0] == 0 &&
340 llc->llc_snap.org_code[1] == 0 && llc->llc_snap.org_code[2] == 0 &&
341 /* NB: preserve AppleTalk frames that have a native SNAP hdr */
342 !(llc->llc_snap.ether_type == htons(ETHERTYPE_AARP) ||
343 llc->llc_snap.ether_type == htons(ETHERTYPE_IPX))) {
344 m_adj(m, hdrlen + sizeof(struct llc) - sizeof(*eh));
347 m_adj(m, hdrlen - sizeof(*eh));
349 eh = mtod(m, struct ether_header *);
350 switch (wh.i_fc[1] & IEEE80211_FC1_DIR_MASK) {
351 case IEEE80211_FC1_DIR_NODS:
352 IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr1);
353 IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr2);
355 case IEEE80211_FC1_DIR_TODS:
356 IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr3);
357 IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr2);
359 case IEEE80211_FC1_DIR_FROMDS:
360 IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr1);
361 IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr3);
363 case IEEE80211_FC1_DIR_DSTODS:
364 IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr3);
365 IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr4);
368 #ifndef __NO_STRICT_ALIGNMENT
369 if (!ALIGNED_POINTER(mtod(m, caddr_t) + sizeof(*eh), uint32_t)) {
370 m = ieee80211_realign(vap, m, sizeof(*eh));
374 #endif /* !__NO_STRICT_ALIGNMENT */
376 eh = mtod(m, struct ether_header *);
377 eh->ether_type = htons(m->m_pkthdr.len - sizeof(*eh));
383 * Decap a frame encapsulated in a fast-frame/A-MSDU.
386 ieee80211_decap1(struct mbuf *m, int *framelen)
388 #define FF_LLC_SIZE (sizeof(struct ether_header) + sizeof(struct llc))
389 struct ether_header *eh;
393 * The frame has an 802.3 header followed by an 802.2
394 * LLC header. The encapsulated frame length is in the
395 * first header type field; save that and overwrite it
396 * with the true type field found in the second. Then
397 * copy the 802.3 header up to where it belongs and
398 * adjust the mbuf contents to remove the void.
400 if (m->m_len < FF_LLC_SIZE && (m = m_pullup(m, FF_LLC_SIZE)) == NULL)
402 eh = mtod(m, struct ether_header *); /* 802.3 header is first */
403 llc = (struct llc *)&eh[1]; /* 802.2 header follows */
404 *framelen = ntohs(eh->ether_type) /* encap'd frame size */
405 + sizeof(struct ether_header) - sizeof(struct llc);
406 eh->ether_type = llc->llc_un.type_snap.ether_type;
407 ovbcopy(eh, mtod(m, uint8_t *) + sizeof(struct llc),
408 sizeof(struct ether_header));
409 m_adj(m, sizeof(struct llc));
415 * Install received rate set information in the node's state block.
418 ieee80211_setup_rates(struct ieee80211_node *ni,
419 const uint8_t *rates, const uint8_t *xrates, int flags)
421 struct ieee80211vap *vap = ni->ni_vap;
422 struct ieee80211_rateset *rs = &ni->ni_rates;
424 memset(rs, 0, sizeof(*rs));
425 rs->rs_nrates = rates[1];
426 memcpy(rs->rs_rates, rates + 2, rs->rs_nrates);
427 if (xrates != NULL) {
430 * Tack on 11g extended supported rate element.
433 if (rs->rs_nrates + nxrates > IEEE80211_RATE_MAXSIZE) {
434 nxrates = IEEE80211_RATE_MAXSIZE - rs->rs_nrates;
435 IEEE80211_NOTE(vap, IEEE80211_MSG_XRATE, ni,
436 "extended rate set too large; only using "
437 "%u of %u rates", nxrates, xrates[1]);
438 vap->iv_stats.is_rx_rstoobig++;
440 memcpy(rs->rs_rates + rs->rs_nrates, xrates+2, nxrates);
441 rs->rs_nrates += nxrates;
443 return ieee80211_fix_rate(ni, rs, flags);
447 * Send a management frame error response to the specified
448 * station. If ni is associated with the station then use
449 * it; otherwise allocate a temporary node suitable for
450 * transmitting the frame and then free the reference so
451 * it will go away as soon as the frame has been transmitted.
454 ieee80211_send_error(struct ieee80211_node *ni,
455 const uint8_t mac[IEEE80211_ADDR_LEN], int subtype, int arg)
457 struct ieee80211vap *vap = ni->ni_vap;
460 if (ni == vap->iv_bss) {
461 if (vap->iv_state != IEEE80211_S_RUN) {
463 * XXX hack until we get rid of this routine.
464 * We can be called prior to the vap reaching
465 * run state under certain conditions in which
466 * case iv_bss->ni_chan will not be setup.
467 * Check for this explicitly and and just ignore
472 ni = ieee80211_tmp_node(vap, mac);
480 IEEE80211_SEND_MGMT(ni, subtype, arg);
482 ieee80211_free_node(ni);
486 ieee80211_alloc_challenge(struct ieee80211_node *ni)
488 if (ni->ni_challenge == NULL)
489 #if defined(__DragonFly__)
490 ni->ni_challenge = (uint32_t *) kmalloc(IEEE80211_CHALLENGE_LEN,
491 M_80211_NODE, M_INTWAIT);
493 ni->ni_challenge = (uint32_t *)
494 IEEE80211_MALLOC(IEEE80211_CHALLENGE_LEN,
495 M_80211_NODE, IEEE80211_M_NOWAIT);
497 if (ni->ni_challenge == NULL) {
498 IEEE80211_NOTE(ni->ni_vap,
499 IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, ni,
500 "%s", "shared key challenge alloc failed");
503 return (ni->ni_challenge != NULL);
507 * Parse a Beacon or ProbeResponse frame and return the
508 * useful information in an ieee80211_scanparams structure.
509 * Status is set to 0 if no problems were found; otherwise
510 * a bitmask of IEEE80211_BPARSE_* items is returned that
511 * describes the problems detected.
514 ieee80211_parse_beacon(struct ieee80211_node *ni, struct mbuf *m,
515 struct ieee80211_channel *rxchan, struct ieee80211_scanparams *scan)
517 struct ieee80211vap *vap = ni->ni_vap;
518 struct ieee80211com *ic = ni->ni_ic;
519 struct ieee80211_frame *wh;
522 wh = mtod(m, struct ieee80211_frame *);
523 frm = (uint8_t *)&wh[1];
524 efrm = mtod(m, uint8_t *) + m->m_len;
527 * beacon/probe response frame format
529 * [2] beacon interval
530 * [2] capability information
532 * [tlv] supported rates
533 * [tlv] country information
534 * [tlv] channel switch announcement (CSA)
535 * [tlv] parameter set (FH/DS)
536 * [tlv] erp information
537 * [tlv] extended supported rates
540 * [tlv] HT capabilities
541 * [tlv] HT information
542 * [tlv] Atheros capabilities
544 * [tlv] Mesh Configuration
546 IEEE80211_VERIFY_LENGTH(efrm - frm, 12,
547 return (scan->status = IEEE80211_BPARSE_BADIELEN));
548 memset(scan, 0, sizeof(*scan));
549 scan->tstamp = frm; frm += 8;
550 scan->bintval = le16toh(*(uint16_t *)frm); frm += 2;
551 scan->capinfo = le16toh(*(uint16_t *)frm); frm += 2;
552 scan->bchan = ieee80211_chan2ieee(ic, rxchan);
553 scan->chan = scan->bchan;
555 scan->ies_len = efrm - frm;
557 while (efrm - frm > 1) {
558 IEEE80211_VERIFY_LENGTH(efrm - frm, frm[1] + 2,
559 return (scan->status = IEEE80211_BPARSE_BADIELEN));
561 case IEEE80211_ELEMID_SSID:
564 case IEEE80211_ELEMID_RATES:
567 case IEEE80211_ELEMID_COUNTRY:
570 case IEEE80211_ELEMID_CSA:
573 case IEEE80211_ELEMID_QUIET:
576 case IEEE80211_ELEMID_FHPARMS:
577 if (ic->ic_phytype == IEEE80211_T_FH) {
578 scan->fhdwell = le16dec(&frm[2]);
579 scan->chan = IEEE80211_FH_CHAN(frm[4], frm[5]);
580 scan->fhindex = frm[6];
583 case IEEE80211_ELEMID_DSPARMS:
585 * XXX hack this since depending on phytype
586 * is problematic for multi-mode devices.
588 if (ic->ic_phytype != IEEE80211_T_FH)
591 case IEEE80211_ELEMID_TIM:
594 scan->timoff = frm - mtod(m, uint8_t *);
596 case IEEE80211_ELEMID_IBSSPARMS:
597 case IEEE80211_ELEMID_CFPARMS:
598 case IEEE80211_ELEMID_PWRCNSTR:
599 case IEEE80211_ELEMID_BSSLOAD:
600 case IEEE80211_ELEMID_APCHANREP:
601 /* NB: avoid debugging complaints */
603 case IEEE80211_ELEMID_XRATES:
606 case IEEE80211_ELEMID_ERP:
608 IEEE80211_DISCARD_IE(vap,
609 IEEE80211_MSG_ELEMID, wh, "ERP",
610 "bad len %u", frm[1]);
611 vap->iv_stats.is_rx_elem_toobig++;
614 scan->erp = frm[2] | 0x100;
616 case IEEE80211_ELEMID_HTCAP:
619 case IEEE80211_ELEMID_RSN:
622 case IEEE80211_ELEMID_HTINFO:
625 #ifdef IEEE80211_SUPPORT_MESH
626 case IEEE80211_ELEMID_MESHID:
629 case IEEE80211_ELEMID_MESHCONF:
630 scan->meshconf = frm;
633 /* Extended capabilities; nothing handles it for now */
634 case IEEE80211_ELEMID_EXTCAP:
636 case IEEE80211_ELEMID_VENDOR:
639 else if (iswmeparam(frm) || iswmeinfo(frm))
641 #ifdef IEEE80211_SUPPORT_SUPERG
642 else if (isatherosoui(frm))
645 #ifdef IEEE80211_SUPPORT_TDMA
646 else if (istdmaoui(frm))
649 else if (vap->iv_flags_ht & IEEE80211_FHT_HTCOMPAT) {
651 * Accept pre-draft HT ie's if the
652 * standard ones have not been seen.
654 if (ishtcapoui(frm)) {
655 if (scan->htcap == NULL)
657 } else if (ishtinfooui(frm)) {
658 if (scan->htinfo == NULL)
664 IEEE80211_DISCARD_IE(vap, IEEE80211_MSG_ELEMID,
666 "id %u, len %u", *frm, frm[1]);
667 vap->iv_stats.is_rx_elem_unknown++;
672 IEEE80211_VERIFY_ELEMENT(scan->rates, IEEE80211_RATE_MAXSIZE,
673 scan->status |= IEEE80211_BPARSE_RATES_INVALID);
674 if (scan->rates != NULL && scan->xrates != NULL) {
676 * NB: don't process XRATES if RATES is missing. This
677 * avoids a potential null ptr deref and should be ok
678 * as the return code will already note RATES is missing
679 * (so callers shouldn't otherwise process the frame).
681 IEEE80211_VERIFY_ELEMENT(scan->xrates,
682 IEEE80211_RATE_MAXSIZE - scan->rates[1],
683 scan->status |= IEEE80211_BPARSE_XRATES_INVALID);
685 IEEE80211_VERIFY_ELEMENT(scan->ssid, IEEE80211_NWID_LEN,
686 scan->status |= IEEE80211_BPARSE_SSID_INVALID);
687 if (scan->chan != scan->bchan && ic->ic_phytype != IEEE80211_T_FH) {
689 * Frame was received on a channel different from the
690 * one indicated in the DS params element id;
691 * silently discard it.
693 * NB: this can happen due to signal leakage.
694 * But we should take it for FH phy because
695 * the rssi value should be correct even for
696 * different hop pattern in FH.
698 IEEE80211_DISCARD(vap,
699 IEEE80211_MSG_ELEMID | IEEE80211_MSG_INPUT,
700 wh, NULL, "for off-channel %u (bchan=%u)",
701 scan->chan, scan->bchan);
702 vap->iv_stats.is_rx_chanmismatch++;
703 scan->status |= IEEE80211_BPARSE_OFFCHAN;
705 if (!(IEEE80211_BINTVAL_MIN <= scan->bintval &&
706 scan->bintval <= IEEE80211_BINTVAL_MAX)) {
707 IEEE80211_DISCARD(vap,
708 IEEE80211_MSG_ELEMID | IEEE80211_MSG_INPUT,
709 wh, NULL, "bogus beacon interval (%d TU)",
710 (int) scan->bintval);
711 vap->iv_stats.is_rx_badbintval++;
712 scan->status |= IEEE80211_BPARSE_BINTVAL_INVALID;
714 if (scan->country != NULL) {
716 * Validate we have at least enough data to extract
717 * the country code. Not sure if we should return an
718 * error instead of discarding the IE; consider this
719 * being lenient as we don't depend on the data for
722 IEEE80211_VERIFY_LENGTH(scan->country[1], 3 * sizeof(uint8_t),
723 scan->country = NULL);
725 if (scan->csa != NULL) {
727 * Validate Channel Switch Announcement; this must
728 * be the correct length or we toss the frame.
730 IEEE80211_VERIFY_LENGTH(scan->csa[1], 3 * sizeof(uint8_t),
731 scan->status |= IEEE80211_BPARSE_CSA_INVALID);
734 * Process HT ie's. This is complicated by our
735 * accepting both the standard ie's and the pre-draft
736 * vendor OUI ie's that some vendors still use/require.
738 if (scan->htcap != NULL) {
739 IEEE80211_VERIFY_LENGTH(scan->htcap[1],
740 scan->htcap[0] == IEEE80211_ELEMID_VENDOR ?
741 4 + sizeof(struct ieee80211_ie_htcap)-2 :
742 sizeof(struct ieee80211_ie_htcap)-2,
745 if (scan->htinfo != NULL) {
746 IEEE80211_VERIFY_LENGTH(scan->htinfo[1],
747 scan->htinfo[0] == IEEE80211_ELEMID_VENDOR ?
748 4 + sizeof(struct ieee80211_ie_htinfo)-2 :
749 sizeof(struct ieee80211_ie_htinfo)-2,
750 scan->htinfo = NULL);
756 * Parse an Action frame. Return 0 on success, non-zero on failure.
759 ieee80211_parse_action(struct ieee80211_node *ni, struct mbuf *m)
761 struct ieee80211vap *vap = ni->ni_vap;
762 const struct ieee80211_action *ia;
763 struct ieee80211_frame *wh;
767 * action frame format:
772 wh = mtod(m, struct ieee80211_frame *);
773 frm = (u_int8_t *)&wh[1];
774 efrm = mtod(m, u_int8_t *) + m->m_len;
775 IEEE80211_VERIFY_LENGTH(efrm - frm,
776 sizeof(struct ieee80211_action), return EINVAL);
777 ia = (const struct ieee80211_action *) frm;
779 vap->iv_stats.is_rx_action++;
780 IEEE80211_NODE_STAT(ni, rx_action);
782 /* verify frame payloads but defer processing */
783 switch (ia->ia_category) {
784 case IEEE80211_ACTION_CAT_BA:
785 switch (ia->ia_action) {
786 case IEEE80211_ACTION_BA_ADDBA_REQUEST:
787 IEEE80211_VERIFY_LENGTH(efrm - frm,
788 sizeof(struct ieee80211_action_ba_addbarequest),
791 case IEEE80211_ACTION_BA_ADDBA_RESPONSE:
792 IEEE80211_VERIFY_LENGTH(efrm - frm,
793 sizeof(struct ieee80211_action_ba_addbaresponse),
796 case IEEE80211_ACTION_BA_DELBA:
797 IEEE80211_VERIFY_LENGTH(efrm - frm,
798 sizeof(struct ieee80211_action_ba_delba),
803 case IEEE80211_ACTION_CAT_HT:
804 switch (ia->ia_action) {
805 case IEEE80211_ACTION_HT_TXCHWIDTH:
806 IEEE80211_VERIFY_LENGTH(efrm - frm,
807 sizeof(struct ieee80211_action_ht_txchwidth),
810 case IEEE80211_ACTION_HT_MIMOPWRSAVE:
811 IEEE80211_VERIFY_LENGTH(efrm - frm,
812 sizeof(struct ieee80211_action_ht_mimopowersave),
817 #ifdef IEEE80211_SUPPORT_MESH
818 case IEEE80211_ACTION_CAT_MESH:
819 switch (ia->ia_action) {
820 case IEEE80211_ACTION_MESH_LMETRIC:
822 * XXX: verification is true only if we are using
823 * Airtime link metric (default)
825 IEEE80211_VERIFY_LENGTH(efrm - frm,
826 sizeof(struct ieee80211_meshlmetric_ie),
829 case IEEE80211_ACTION_MESH_HWMP:
830 /* verify something */
832 case IEEE80211_ACTION_MESH_GANN:
833 IEEE80211_VERIFY_LENGTH(efrm - frm,
834 sizeof(struct ieee80211_meshgann_ie),
837 case IEEE80211_ACTION_MESH_CC:
838 case IEEE80211_ACTION_MESH_MCCA_SREQ:
839 case IEEE80211_ACTION_MESH_MCCA_SREP:
840 case IEEE80211_ACTION_MESH_MCCA_AREQ:
841 case IEEE80211_ACTION_MESH_MCCA_ADVER:
842 case IEEE80211_ACTION_MESH_MCCA_TRDOWN:
843 case IEEE80211_ACTION_MESH_TBTT_REQ:
844 case IEEE80211_ACTION_MESH_TBTT_RES:
845 /* reject these early on, not implemented */
846 IEEE80211_DISCARD(vap,
847 IEEE80211_MSG_ELEMID | IEEE80211_MSG_INPUT,
848 wh, NULL, "not implemented yet, act=0x%02X",
853 case IEEE80211_ACTION_CAT_SELF_PROT:
854 /* If TA or RA group address discard silently */
855 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
856 IEEE80211_IS_MULTICAST(wh->i_addr2))
859 * XXX: Should we verify complete length now or it is
860 * to varying in sizes?
862 switch (ia->ia_action) {
863 case IEEE80211_ACTION_MESHPEERING_CONFIRM:
864 case IEEE80211_ACTION_MESHPEERING_CLOSE:
865 /* is not a peering candidate (yet) */
866 if (ni == vap->iv_bss)
876 #ifdef IEEE80211_DEBUG
881 ieee80211_ssid_mismatch(struct ieee80211vap *vap, const char *tag,
882 uint8_t mac[IEEE80211_ADDR_LEN], uint8_t *ssid)
884 kprintf("[%s] discard %s frame, ssid mismatch: ",
885 ether_sprintf(mac), tag);
886 ieee80211_print_essid(ssid + 2, ssid[1]);
891 * Return the bssid of a frame.
893 static const uint8_t *
894 ieee80211_getbssid(const struct ieee80211vap *vap,
895 const struct ieee80211_frame *wh)
897 if (vap->iv_opmode == IEEE80211_M_STA)
899 if ((wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) != IEEE80211_FC1_DIR_NODS)
901 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL)
906 #include <machine/stdarg.h>
909 ieee80211_note(const struct ieee80211vap *vap, const char *fmt, ...)
911 char buf[128]; /* XXX */
912 #if defined(__DragonFly__)
915 osdep_va_start(ap, fmt);
916 kvsnprintf(buf, sizeof(buf), fmt, ap);
922 vsnprintf(buf, sizeof(buf), fmt, ap);
926 if_printf(vap->iv_ifp, "%s", buf); /* NB: no \n */
930 ieee80211_note_frame(const struct ieee80211vap *vap,
931 const struct ieee80211_frame *wh,
932 const char *fmt, ...)
934 char buf[128]; /* XXX */
935 #if defined(__DragonFly__)
938 osdep_va_start(ap, fmt);
939 kvsnprintf(buf, sizeof(buf), fmt, ap);
945 vsnprintf(buf, sizeof(buf), fmt, ap);
948 if_printf(vap->iv_ifp, "[%s] %s\n",
949 ether_sprintf(ieee80211_getbssid(vap, wh)), buf);
953 ieee80211_note_mac(const struct ieee80211vap *vap,
954 const uint8_t mac[IEEE80211_ADDR_LEN],
955 const char *fmt, ...)
957 char buf[128]; /* XXX */
958 #if defined(__DragonFly__)
961 osdep_va_start(ap, fmt);
962 kvsnprintf(buf, sizeof(buf), fmt, ap);
968 vsnprintf(buf, sizeof(buf), fmt, ap);
971 if_printf(vap->iv_ifp, "[%s] %s\n", ether_sprintf(mac), buf);
975 ieee80211_discard_frame(const struct ieee80211vap *vap,
976 const struct ieee80211_frame *wh,
977 const char *type, const char *fmt, ...)
979 #if defined(__DragonFly__)
982 if_printf(vap->iv_ifp, "[%s] discard ",
983 ether_sprintf(ieee80211_getbssid(vap, wh)));
984 kprintf("%s frame, ", type != NULL ? type :
985 ieee80211_mgt_subtype_name(wh->i_fc[0]));
986 osdep_va_start(ap, fmt);
992 if_printf(vap->iv_ifp, "[%s] discard ",
993 ether_sprintf(ieee80211_getbssid(vap, wh)));
994 printf("%s frame, ", type != NULL ? type :
995 ieee80211_mgt_subtype_name(wh->i_fc[0]));
1004 ieee80211_discard_ie(const struct ieee80211vap *vap,
1005 const struct ieee80211_frame *wh,
1006 const char *type, const char *fmt, ...)
1010 #if defined(__DragonFly__)
1011 if_printf(vap->iv_ifp, "[%s] discard ",
1012 ether_sprintf(ieee80211_getbssid(vap, wh)));
1014 kprintf("%s information element, ", type);
1016 kprintf("information element, ");
1017 osdep_va_start(ap, fmt);
1022 if_printf(vap->iv_ifp, "[%s] discard ",
1023 ether_sprintf(ieee80211_getbssid(vap, wh)));
1025 printf("%s information element, ", type);
1027 printf("information element, ");
1036 ieee80211_discard_mac(const struct ieee80211vap *vap,
1037 const uint8_t mac[IEEE80211_ADDR_LEN],
1038 const char *type, const char *fmt, ...)
1040 #if defined(__DragonFly__)
1043 if_printf(vap->iv_ifp, "[%s] discard ", ether_sprintf(mac));
1045 kprintf("%s frame, ", type);
1048 osdep_va_start(ap, fmt);
1054 if_printf(vap->iv_ifp, "[%s] discard ", ether_sprintf(mac));
1056 printf("%s frame, ", type);
1065 #endif /* IEEE80211_DEBUG */
projects / dragonfly.git / blob