2 * Copyright (c) 2007-2009 Sam Leffler, Errno Consulting
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 * $FreeBSD: head/sys/net80211/ieee80211_adhoc.c 203422 2010-02-03 10:07:43Z rpaulo $
30 * IEEE 802.11 IBSS mode support.
35 #include <sys/param.h>
36 #include <sys/systm.h>
38 #include <sys/malloc.h>
39 #include <sys/kernel.h>
41 #include <sys/socket.h>
42 #include <sys/sockio.h>
43 #include <sys/endian.h>
44 #include <sys/errno.h>
46 #include <sys/sysctl.h>
49 #include <net/if_media.h>
50 #include <net/if_llc.h>
51 #include <net/ethernet.h>
52 #include <net/route.h>
56 #include <netproto/802_11/ieee80211_var.h>
57 #include <netproto/802_11/ieee80211_adhoc.h>
58 #include <netproto/802_11/ieee80211_input.h>
59 #ifdef IEEE80211_SUPPORT_SUPERG
60 #include <netproto/802_11/ieee80211_superg.h>
62 #ifdef IEEE80211_SUPPORT_TDMA
63 #include <netproto/802_11/ieee80211_tdma.h>
66 #define IEEE80211_RATE2MBS(r) (((r) & IEEE80211_RATE_VAL) / 2)
68 static void adhoc_vattach(struct ieee80211vap *);
69 static int adhoc_newstate(struct ieee80211vap *, enum ieee80211_state, int);
70 static int adhoc_input(struct ieee80211_node *, struct mbuf *, int, int);
71 static void adhoc_recv_mgmt(struct ieee80211_node *, struct mbuf *,
72 int subtype, int, int);
73 static void ahdemo_recv_mgmt(struct ieee80211_node *, struct mbuf *,
74 int subtype, int, int);
75 static void adhoc_recv_ctl(struct ieee80211_node *, struct mbuf *, int subtype);
78 ieee80211_adhoc_attach(struct ieee80211com *ic)
80 ic->ic_vattach[IEEE80211_M_IBSS] = adhoc_vattach;
81 ic->ic_vattach[IEEE80211_M_AHDEMO] = adhoc_vattach;
85 ieee80211_adhoc_detach(struct ieee80211com *ic)
90 adhoc_vdetach(struct ieee80211vap *vap)
95 adhoc_vattach(struct ieee80211vap *vap)
97 vap->iv_newstate = adhoc_newstate;
98 vap->iv_input = adhoc_input;
99 if (vap->iv_opmode == IEEE80211_M_IBSS)
100 vap->iv_recv_mgmt = adhoc_recv_mgmt;
102 vap->iv_recv_mgmt = ahdemo_recv_mgmt;
103 vap->iv_recv_ctl = adhoc_recv_ctl;
104 vap->iv_opdetach = adhoc_vdetach;
105 #ifdef IEEE80211_SUPPORT_TDMA
107 * Throw control to tdma support. Note we do this
108 * after setting up our callbacks so it can piggyback
111 if (vap->iv_caps & IEEE80211_C_TDMA)
112 ieee80211_tdma_vattach(vap);
117 sta_leave(void *arg, struct ieee80211_node *ni)
119 struct ieee80211vap *vap = arg;
121 if (ni->ni_vap == vap && ni != vap->iv_bss)
122 ieee80211_node_leave(ni);
126 * IEEE80211_M_IBSS+IEEE80211_M_AHDEMO vap state machine handler.
129 adhoc_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
131 struct ieee80211com *ic = vap->iv_ic;
132 struct ieee80211_node *ni;
133 enum ieee80211_state ostate;
135 ostate = vap->iv_state;
136 IEEE80211_DPRINTF(vap, IEEE80211_MSG_STATE, "%s: %s -> %s (%d)\n",
137 __func__, ieee80211_state_name[ostate],
138 ieee80211_state_name[nstate], arg);
139 vap->iv_state = nstate; /* state transition */
140 if (ostate != IEEE80211_S_SCAN)
141 ieee80211_cancel_scan(vap); /* background scan */
142 ni = vap->iv_bss; /* NB: no reference held */
144 case IEEE80211_S_INIT:
146 case IEEE80211_S_SCAN:
147 ieee80211_cancel_scan(vap);
152 if (ostate != IEEE80211_S_INIT) {
153 /* NB: optimize INIT -> INIT case */
154 ieee80211_reset_bss(vap);
157 case IEEE80211_S_SCAN:
159 case IEEE80211_S_RUN: /* beacon miss */
160 /* purge station table; entries are stale */
161 ieee80211_iterate_nodes(&ic->ic_sta, sta_leave, vap);
163 case IEEE80211_S_INIT:
164 if (vap->iv_des_chan != IEEE80211_CHAN_ANYC &&
165 !IEEE80211_IS_CHAN_RADAR(vap->iv_des_chan)) {
167 * Already have a channel; bypass the
168 * scan and startup immediately.
170 ieee80211_create_ibss(vap, vap->iv_des_chan);
174 * Initiate a scan. We can come here as a result
175 * of an IEEE80211_IOC_SCAN_REQ too in which case
176 * the vap will be marked with IEEE80211_FEXT_SCANREQ
177 * and the scan request parameters will be present
178 * in iv_scanreq. Otherwise we do the default.
180 if (vap->iv_flags_ext & IEEE80211_FEXT_SCANREQ) {
181 ieee80211_check_scan(vap,
182 vap->iv_scanreq_flags,
183 vap->iv_scanreq_duration,
184 vap->iv_scanreq_mindwell,
185 vap->iv_scanreq_maxdwell,
186 vap->iv_scanreq_nssid, vap->iv_scanreq_ssid);
187 vap->iv_flags_ext &= ~IEEE80211_FEXT_SCANREQ;
189 ieee80211_check_scan_current(vap);
191 case IEEE80211_S_SCAN:
193 * This can happen because of a change in state
194 * that requires a reset. Trigger a new scan
195 * unless we're in manual roaming mode in which
196 * case an application must issue an explicit request.
198 if (vap->iv_roaming == IEEE80211_ROAMING_AUTO)
199 ieee80211_check_scan_current(vap);
205 case IEEE80211_S_RUN:
206 if (vap->iv_flags & IEEE80211_F_WPA) {
207 /* XXX validate prerequisites */
210 case IEEE80211_S_SCAN:
211 #ifdef IEEE80211_DEBUG
212 if (ieee80211_msg_debug(vap)) {
214 "synchronized with %6D ssid ",
216 ieee80211_print_essid(vap->iv_bss->ni_essid,
219 kprintf(" channel %d start %uMb\n",
220 ieee80211_chan2ieee(ic, ic->ic_curchan),
221 IEEE80211_RATE2MBS(ni->ni_txrate));
229 * When 802.1x is not in use mark the port authorized
230 * at this point so traffic can flow.
232 if (ni->ni_authmode != IEEE80211_AUTH_8021X)
233 ieee80211_node_authorize(ni);
235 * Fake association when joining an existing bss.
237 if (!IEEE80211_ADDR_EQ(ni->ni_macaddr, vap->iv_myaddr) &&
238 ic->ic_newassoc != NULL)
239 ic->ic_newassoc(ni, ostate != IEEE80211_S_RUN);
241 case IEEE80211_S_SLEEP:
242 ieee80211_sta_pwrsave(vap, 0);
246 IEEE80211_DPRINTF(vap, IEEE80211_MSG_STATE,
247 "%s: unexpected state transition %s -> %s\n", __func__,
248 ieee80211_state_name[ostate], ieee80211_state_name[nstate]);
255 * Decide if a received management frame should be
256 * printed when debugging is enabled. This filters some
257 * of the less interesting frames that come frequently
261 doprint(struct ieee80211vap *vap, int subtype)
264 case IEEE80211_FC0_SUBTYPE_BEACON:
265 return (vap->iv_ic->ic_flags & IEEE80211_F_SCAN);
266 case IEEE80211_FC0_SUBTYPE_PROBE_REQ:
273 * Process a received frame. The node associated with the sender
274 * should be supplied. If nothing was found in the node table then
275 * the caller is assumed to supply a reference to iv_bss instead.
276 * The RSSI and a timestamp are also supplied. The RSSI data is used
277 * during AP scanning to select a AP to associate with; it can have
278 * any units so long as values have consistent units and higher values
279 * mean ``better signal''. The receive timestamp is currently not used
280 * by the 802.11 layer.
283 adhoc_input(struct ieee80211_node *ni, struct mbuf *m, int rssi, int nf)
285 #define SEQ_LEQ(a,b) ((int)((a)-(b)) <= 0)
286 #define HAS_SEQ(type) ((type & 0x4) == 0)
287 struct ieee80211vap *vap = ni->ni_vap;
288 struct ieee80211com *ic = ni->ni_ic;
289 struct ifnet *ifp = vap->iv_ifp;
290 struct ieee80211_frame *wh;
291 struct ieee80211_key *key;
292 struct ether_header *eh;
293 int hdrspace, need_tap = 1; /* mbuf need to be tapped. */
294 uint8_t dir, type, subtype, qos;
298 if (m->m_flags & M_AMPDU_MPDU) {
300 * Fastpath for A-MPDU reorder q resubmission. Frames
301 * w/ M_AMPDU_MPDU marked have already passed through
302 * here but were received out of order and been held on
303 * the reorder queue. When resubmitted they are marked
304 * with the M_AMPDU_MPDU flag and we can bypass most of
305 * the normal processing.
307 wh = mtod(m, struct ieee80211_frame *);
308 type = IEEE80211_FC0_TYPE_DATA;
309 dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
310 subtype = IEEE80211_FC0_SUBTYPE_QOS;
311 hdrspace = ieee80211_hdrspace(ic, wh); /* XXX optimize? */
315 KASSERT(ni != NULL, ("null node"));
316 ni->ni_inact = ni->ni_inact_reload;
318 type = -1; /* undefined */
320 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) {
321 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
322 ni->ni_macaddr, NULL,
323 "too short (1): len %u", m->m_pkthdr.len);
324 vap->iv_stats.is_rx_tooshort++;
328 * Bit of a cheat here, we use a pointer for a 3-address
329 * frame format but don't reference fields past outside
330 * ieee80211_frame_min w/o first validating the data is
333 wh = mtod(m, struct ieee80211_frame *);
335 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
336 IEEE80211_FC0_VERSION_0) {
337 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
338 ni->ni_macaddr, NULL, "wrong version, fc %02x:%02x",
339 wh->i_fc[0], wh->i_fc[1]);
340 vap->iv_stats.is_rx_badversion++;
344 dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
345 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
346 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
347 if ((ic->ic_flags & IEEE80211_F_SCAN) == 0) {
348 if (dir != IEEE80211_FC1_DIR_NODS)
350 else if (type == IEEE80211_FC0_TYPE_CTL)
353 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) {
354 IEEE80211_DISCARD_MAC(vap,
355 IEEE80211_MSG_ANY, ni->ni_macaddr,
356 NULL, "too short (2): len %u",
358 vap->iv_stats.is_rx_tooshort++;
364 * Validate the bssid.
366 if (!IEEE80211_ADDR_EQ(bssid, vap->iv_bss->ni_bssid) &&
367 !IEEE80211_ADDR_EQ(bssid, ifp->if_broadcastaddr)) {
368 /* not interested in */
369 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
370 bssid, NULL, "%s", "not to bss");
371 vap->iv_stats.is_rx_wrongbss++;
375 * Data frame, cons up a node when it doesn't
376 * exist. This should probably done after an ACL check.
378 if (type == IEEE80211_FC0_TYPE_DATA &&
380 !IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) {
382 * Beware of frames that come in too early; we
383 * can receive broadcast frames and creating sta
384 * entries will blow up because there is no bss
387 if (vap->iv_state != IEEE80211_S_RUN) {
388 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
389 wh, "data", "not in RUN state (%s)",
390 ieee80211_state_name[vap->iv_state]);
391 vap->iv_stats.is_rx_badstate++;
395 * Fake up a node for this newly
396 * discovered member of the IBSS.
398 ni = ieee80211_fakeup_adhoc_node(vap, wh->i_addr2);
400 /* NB: stat kept for alloc failure */
404 IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi);
407 uint8_t tid = ieee80211_gettid(wh);
408 if (IEEE80211_QOS_HAS_SEQ(wh) &&
409 TID_TO_WME_AC(tid) >= WME_AC_VI)
410 ic->ic_wme.wme_hipri_traffic++;
411 rxseq = le16toh(*(uint16_t *)wh->i_seq);
412 if ((ni->ni_flags & IEEE80211_NODE_HT) == 0 &&
413 (wh->i_fc[1] & IEEE80211_FC1_RETRY) &&
414 SEQ_LEQ(rxseq, ni->ni_rxseqs[tid])) {
415 /* duplicate, discard */
416 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
418 "seqno <%u,%u> fragno <%u,%u> tid %u",
419 rxseq >> IEEE80211_SEQ_SEQ_SHIFT,
420 ni->ni_rxseqs[tid] >>
421 IEEE80211_SEQ_SEQ_SHIFT,
422 rxseq & IEEE80211_SEQ_FRAG_MASK,
424 IEEE80211_SEQ_FRAG_MASK,
426 vap->iv_stats.is_rx_dup++;
427 IEEE80211_NODE_STAT(ni, rx_dup);
430 ni->ni_rxseqs[tid] = rxseq;
435 case IEEE80211_FC0_TYPE_DATA:
436 hdrspace = ieee80211_hdrspace(ic, wh);
437 if (m->m_len < hdrspace &&
438 (m = m_pullup(m, hdrspace)) == NULL) {
439 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
440 ni->ni_macaddr, NULL,
441 "data too short: expecting %u", hdrspace);
442 vap->iv_stats.is_rx_tooshort++;
445 if (dir != IEEE80211_FC1_DIR_NODS) {
446 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
447 wh, "data", "incorrect dir 0x%x", dir);
448 vap->iv_stats.is_rx_wrongdir++;
451 /* XXX no power-save support */
454 * Handle A-MPDU re-ordering. If the frame is to be
455 * processed directly then ieee80211_ampdu_reorder
456 * will return 0; otherwise it has consumed the mbuf
457 * and we should do nothing more with it.
459 if ((m->m_flags & M_AMPDU) &&
460 ieee80211_ampdu_reorder(ni, m) != 0) {
467 * Handle privacy requirements. Note that we
468 * must not be preempted from here until after
469 * we (potentially) call ieee80211_crypto_demic;
470 * otherwise we may violate assumptions in the
471 * crypto cipher modules used to do delayed update
472 * of replay sequence numbers.
474 if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
475 if ((vap->iv_flags & IEEE80211_F_PRIVACY) == 0) {
477 * Discard encrypted frames when privacy is off.
479 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
480 wh, "WEP", "%s", "PRIVACY off");
481 vap->iv_stats.is_rx_noprivacy++;
482 IEEE80211_NODE_STAT(ni, rx_noprivacy);
485 key = ieee80211_crypto_decap(ni, m, hdrspace);
487 /* NB: stats+msgs handled in crypto_decap */
488 IEEE80211_NODE_STAT(ni, rx_wepfail);
491 wh = mtod(m, struct ieee80211_frame *);
492 wh->i_fc[1] &= ~IEEE80211_FC1_WEP;
494 /* XXX M_WEP and IEEE80211_F_PRIVACY */
499 * Save QoS bits for use below--before we strip the header.
501 if (subtype == IEEE80211_FC0_SUBTYPE_QOS) {
502 qos = (dir == IEEE80211_FC1_DIR_DSTODS) ?
503 ((struct ieee80211_qosframe_addr4 *)wh)->i_qos[0] :
504 ((struct ieee80211_qosframe *)wh)->i_qos[0];
509 * Next up, any fragmentation.
511 if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
512 m = ieee80211_defrag(ni, m, hdrspace);
514 /* Fragment dropped or frame not complete yet */
518 wh = NULL; /* no longer valid, catch any uses */
521 * Next strip any MSDU crypto bits.
523 if (key != NULL && !ieee80211_crypto_demic(vap, key, m, 0)) {
524 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
525 ni->ni_macaddr, "data", "%s", "demic error");
526 vap->iv_stats.is_rx_demicfail++;
527 IEEE80211_NODE_STAT(ni, rx_demicfail);
531 /* copy to listener after decrypt */
532 if (ieee80211_radiotap_active_vap(vap))
533 ieee80211_radiotap_rx(vap, m);
537 * Finally, strip the 802.11 header.
539 m = ieee80211_decap(vap, m, hdrspace);
541 /* XXX mask bit to check for both */
542 /* don't count Null data frames as errors */
543 if (subtype == IEEE80211_FC0_SUBTYPE_NODATA ||
544 subtype == IEEE80211_FC0_SUBTYPE_QOS_NULL)
546 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
547 ni->ni_macaddr, "data", "%s", "decap error");
548 vap->iv_stats.is_rx_decap++;
549 IEEE80211_NODE_STAT(ni, rx_decap);
552 eh = mtod(m, struct ether_header *);
553 if (!ieee80211_node_is_authorized(ni)) {
555 * Deny any non-PAE frames received prior to
556 * authorization. For open/shared-key
557 * authentication the port is mark authorized
558 * after authentication completes. For 802.1x
559 * the port is not marked authorized by the
560 * authenticator until the handshake has completed.
562 if (eh->ether_type != htons(ETHERTYPE_PAE)) {
563 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT,
564 eh->ether_shost, "data",
565 "unauthorized port: ether type 0x%x len %u",
566 eh->ether_type, m->m_pkthdr.len);
567 vap->iv_stats.is_rx_unauth++;
568 IEEE80211_NODE_STAT(ni, rx_unauth);
573 * When denying unencrypted frames, discard
574 * any non-PAE frames received without encryption.
576 if ((vap->iv_flags & IEEE80211_F_DROPUNENC) &&
577 (key == NULL && (m->m_flags & M_WEP) == 0) &&
578 eh->ether_type != htons(ETHERTYPE_PAE)) {
580 * Drop unencrypted frames.
582 vap->iv_stats.is_rx_unencrypted++;
583 IEEE80211_NODE_STAT(ni, rx_unencrypted);
587 /* XXX require HT? */
588 if (qos & IEEE80211_QOS_AMSDU) {
589 m = ieee80211_decap_amsdu(ni, m);
591 return IEEE80211_FC0_TYPE_DATA;
593 #ifdef IEEE80211_SUPPORT_SUPERG
594 m = ieee80211_decap_fastframe(vap, ni, m);
596 return IEEE80211_FC0_TYPE_DATA;
599 if (dir == IEEE80211_FC1_DIR_DSTODS && ni->ni_wdsvap != NULL)
600 ieee80211_deliver_data(ni->ni_wdsvap, ni, m);
602 ieee80211_deliver_data(vap, ni, m);
603 return IEEE80211_FC0_TYPE_DATA;
605 case IEEE80211_FC0_TYPE_MGT:
606 vap->iv_stats.is_rx_mgmt++;
607 IEEE80211_NODE_STAT(ni, rx_mgmt);
608 if (dir != IEEE80211_FC1_DIR_NODS) {
609 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
610 wh, "data", "incorrect dir 0x%x", dir);
611 vap->iv_stats.is_rx_wrongdir++;
614 if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) {
615 IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_ANY,
616 ni->ni_macaddr, "mgt", "too short: len %u",
618 vap->iv_stats.is_rx_tooshort++;
621 #ifdef IEEE80211_DEBUG
622 if ((ieee80211_msg_debug(vap) && doprint(vap, subtype)) ||
623 ieee80211_msg_dumppkts(vap)) {
624 if_printf(ifp, "received %s from %6D rssi %d\n",
625 ieee80211_mgt_subtype_name[subtype >>
626 IEEE80211_FC0_SUBTYPE_SHIFT],
627 wh->i_addr2, ":", rssi);
630 if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
631 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
632 wh, NULL, "%s", "WEP set but not permitted");
633 vap->iv_stats.is_rx_mgtdiscard++; /* XXX */
636 vap->iv_recv_mgmt(ni, m, subtype, rssi, nf);
639 case IEEE80211_FC0_TYPE_CTL:
640 vap->iv_stats.is_rx_ctl++;
641 IEEE80211_NODE_STAT(ni, rx_ctrl);
642 vap->iv_recv_ctl(ni, m, subtype);
646 IEEE80211_DISCARD(vap, IEEE80211_MSG_ANY,
647 wh, "bad", "frame type 0x%x", type);
648 /* should not come here */
655 if (need_tap && ieee80211_radiotap_active_vap(vap))
656 ieee80211_radiotap_rx(vap, m);
664 is11bclient(const uint8_t *rates, const uint8_t *xrates)
666 static const uint32_t brates = (1<<2*1)|(1<<2*2)|(1<<11)|(1<<2*11);
669 /* NB: the 11b clients we care about will not have xrates */
670 if (xrates != NULL || rates == NULL)
672 for (i = 0; i < rates[1]; i++) {
673 int r = rates[2+i] & IEEE80211_RATE_VAL;
674 if (r > 2*11 || ((1<<r) & brates) == 0)
681 adhoc_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m0,
682 int subtype, int rssi, int nf)
684 struct ieee80211vap *vap = ni->ni_vap;
685 struct ieee80211com *ic = ni->ni_ic;
686 struct ieee80211_frame *wh;
687 uint8_t *frm, *efrm, *sfrm;
688 uint8_t *ssid, *rates, *xrates;
690 wh = mtod(m0, struct ieee80211_frame *);
691 frm = (uint8_t *)&wh[1];
692 efrm = mtod(m0, uint8_t *) + m0->m_len;
694 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
695 case IEEE80211_FC0_SUBTYPE_BEACON: {
696 struct ieee80211_scanparams scan;
698 * We process beacon/probe response
699 * frames to discover neighbors.
701 if (ieee80211_parse_beacon(ni, m0, &scan) != 0)
704 * Count frame now that we know it's to be processed.
706 if (subtype == IEEE80211_FC0_SUBTYPE_BEACON) {
707 vap->iv_stats.is_rx_beacon++; /* XXX remove */
708 IEEE80211_NODE_STAT(ni, rx_beacons);
710 IEEE80211_NODE_STAT(ni, rx_proberesp);
712 * If scanning, just pass information to the scan module.
714 if (ic->ic_flags & IEEE80211_F_SCAN) {
715 if (ic->ic_flags_ext & IEEE80211_FEXT_PROBECHAN) {
717 * Actively scanning a channel marked passive;
718 * send a probe request now that we know there
719 * is 802.11 traffic present.
721 * XXX check if the beacon we recv'd gives
722 * us what we need and suppress the probe req
724 ieee80211_probe_curchan(vap, 1);
725 ic->ic_flags_ext &= ~IEEE80211_FEXT_PROBECHAN;
727 ieee80211_add_scan(vap, &scan, wh, subtype, rssi, nf);
730 if (scan.capinfo & IEEE80211_CAPINFO_IBSS) {
731 if (!IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) {
733 * Create a new entry in the neighbor table.
735 ni = ieee80211_add_neighbor(vap, wh, &scan);
736 } else if (ni->ni_capinfo == 0) {
738 * Update faked node created on transmit.
739 * Note this also updates the tsf.
741 ieee80211_init_neighbor(ni, wh, &scan);
744 * Record tsf for potential resync.
746 memcpy(ni->ni_tstamp.data, scan.tstamp,
747 sizeof(ni->ni_tstamp));
750 IEEE80211_RSSI_LPF(ni->ni_avgrssi, rssi);
757 case IEEE80211_FC0_SUBTYPE_PROBE_REQ:
758 if (vap->iv_state != IEEE80211_S_RUN) {
759 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
760 wh, NULL, "wrong state %s",
761 ieee80211_state_name[vap->iv_state]);
762 vap->iv_stats.is_rx_mgtdiscard++;
765 if (IEEE80211_IS_MULTICAST(wh->i_addr2)) {
766 /* frame must be directed */
767 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
768 wh, NULL, "%s", "not unicast");
769 vap->iv_stats.is_rx_mgtdiscard++; /* XXX stat */
776 * [tlv] supported rates
777 * [tlv] extended supported rates
779 ssid = rates = xrates = NULL;
781 while (efrm - frm > 1) {
782 IEEE80211_VERIFY_LENGTH(efrm - frm, frm[1] + 2, return);
784 case IEEE80211_ELEMID_SSID:
787 case IEEE80211_ELEMID_RATES:
790 case IEEE80211_ELEMID_XRATES:
796 IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE, return);
798 IEEE80211_VERIFY_ELEMENT(xrates,
799 IEEE80211_RATE_MAXSIZE - rates[1], return);
800 IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN, return);
801 IEEE80211_VERIFY_SSID(vap->iv_bss, ssid, return);
802 if ((vap->iv_flags & IEEE80211_F_HIDESSID) && ssid[1] == 0) {
803 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
805 "%s", "no ssid with ssid suppression enabled");
806 vap->iv_stats.is_rx_ssidmismatch++; /*XXX*/
810 /* XXX find a better class or define it's own */
811 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_INPUT, wh->i_addr2,
812 "%s", "recv probe req");
814 * Some legacy 11b clients cannot hack a complete
815 * probe response frame. When the request includes
816 * only a bare-bones rate set, communicate this to
819 ieee80211_send_proberesp(vap, wh->i_addr2,
820 is11bclient(rates, xrates) ? IEEE80211_SEND_LEGACY_11B : 0);
823 case IEEE80211_FC0_SUBTYPE_ACTION: {
824 const struct ieee80211_action *ia;
826 if (vap->iv_state != IEEE80211_S_RUN) {
827 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
828 wh, NULL, "wrong state %s",
829 ieee80211_state_name[vap->iv_state]);
830 vap->iv_stats.is_rx_mgtdiscard++;
834 * action frame format:
839 IEEE80211_VERIFY_LENGTH(efrm - frm,
840 sizeof(struct ieee80211_action), return);
841 ia = (const struct ieee80211_action *) frm;
843 vap->iv_stats.is_rx_action++;
844 IEEE80211_NODE_STAT(ni, rx_action);
846 /* verify frame payloads but defer processing */
847 /* XXX maybe push this to method */
848 switch (ia->ia_category) {
849 case IEEE80211_ACTION_CAT_BA:
850 switch (ia->ia_action) {
851 case IEEE80211_ACTION_BA_ADDBA_REQUEST:
852 IEEE80211_VERIFY_LENGTH(efrm - frm,
853 sizeof(struct ieee80211_action_ba_addbarequest),
856 case IEEE80211_ACTION_BA_ADDBA_RESPONSE:
857 IEEE80211_VERIFY_LENGTH(efrm - frm,
858 sizeof(struct ieee80211_action_ba_addbaresponse),
861 case IEEE80211_ACTION_BA_DELBA:
862 IEEE80211_VERIFY_LENGTH(efrm - frm,
863 sizeof(struct ieee80211_action_ba_delba),
868 case IEEE80211_ACTION_CAT_HT:
869 switch (ia->ia_action) {
870 case IEEE80211_ACTION_HT_TXCHWIDTH:
871 IEEE80211_VERIFY_LENGTH(efrm - frm,
872 sizeof(struct ieee80211_action_ht_txchwidth),
878 ic->ic_recv_action(ni, wh, frm, efrm);
882 case IEEE80211_FC0_SUBTYPE_AUTH:
883 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
884 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
885 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
886 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
887 case IEEE80211_FC0_SUBTYPE_DEAUTH:
888 case IEEE80211_FC0_SUBTYPE_DISASSOC:
889 IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
890 wh, NULL, "%s", "not handled");
891 vap->iv_stats.is_rx_mgtdiscard++;
895 IEEE80211_DISCARD(vap, IEEE80211_MSG_ANY,
896 wh, "mgt", "subtype 0x%x not handled", subtype);
897 vap->iv_stats.is_rx_badsubtype++;
901 #undef IEEE80211_VERIFY_LENGTH
902 #undef IEEE80211_VERIFY_ELEMENT
905 ahdemo_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m0,
906 int subtype, int rssi, int nf)
908 struct ieee80211vap *vap = ni->ni_vap;
909 struct ieee80211com *ic = ni->ni_ic;
912 * Process management frames when scanning; useful for doing
915 if (ic->ic_flags & IEEE80211_F_SCAN)
916 adhoc_recv_mgmt(ni, m0, subtype, rssi, nf);
918 vap->iv_stats.is_rx_mgtdiscard++;
922 adhoc_recv_ctl(struct ieee80211_node *ni, struct mbuf *m0, int subtype)
tuxillo's projects / dragonfly.git / blob