NetBSD/sys/net/if_ieee80211subr.c

3318 lines
86 KiB
C

/* $NetBSD: if_ieee80211subr.c,v 1.21 2002/10/15 08:51:50 onoe Exp $ */
/*-
* Copyright (c) 2001 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Atsushi Onoe.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the NetBSD
* Foundation, Inc. and its contributors.
* 4. Neither the name of The NetBSD Foundation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/*
* IEEE 802.11 generic handler
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: if_ieee80211subr.c,v 1.21 2002/10/15 08:51:50 onoe Exp $");
#include "opt_inet.h"
#include "bpfilter.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/mbuf.h>
#include <sys/malloc.h>
#include <sys/kernel.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/errno.h>
#include <sys/device.h>
#include <sys/proc.h>
#include <machine/endian.h>
#include <crypto/arc4/arc4.h>
#include <net/if.h>
#include <net/if_dl.h>
#include <net/if_media.h>
#include <net/if_ether.h>
#include <net/if_llc.h>
#include <net/if_ieee80211.h>
#include <dev/ic/wi_ieee.h> /* XXX */
#if NBPFILTER > 0
#include <net/bpf.h>
#endif
#ifdef INET
#include <netinet/in.h>
#include <netinet/if_inarp.h>
#endif
#ifdef IEEE80211_DEBUG
int ieee80211_debug = 0;
#define DPRINTF(X) if (ieee80211_debug) printf X
#define DPRINTF2(X) if (ieee80211_debug>1) printf X
#else
#define DPRINTF(X)
#define DPRINTF2(X)
#endif
static int ieee80211_send_prreq(struct ieee80211com *,
struct ieee80211_node *, int, int);
static int ieee80211_send_prresp(struct ieee80211com *,
struct ieee80211_node *, int, int);
static int ieee80211_send_auth(struct ieee80211com *,
struct ieee80211_node *, int, int);
static int ieee80211_send_deauth(struct ieee80211com *,
struct ieee80211_node *, int, int);
static int ieee80211_send_asreq(struct ieee80211com *,
struct ieee80211_node *, int, int);
static int ieee80211_send_asresp(struct ieee80211com *,
struct ieee80211_node *, int, int);
static int ieee80211_send_disassoc(struct ieee80211com *,
struct ieee80211_node *, int, int);
static void ieee80211_recv_beacon(struct ieee80211com *,
struct mbuf *, int, u_int32_t);
static void ieee80211_recv_prreq(struct ieee80211com *,
struct mbuf *, int, u_int32_t);
static void ieee80211_recv_auth(struct ieee80211com *,
struct mbuf *, int, u_int32_t);
static void ieee80211_recv_asreq(struct ieee80211com *,
struct mbuf *, int, u_int32_t);
static void ieee80211_recv_asresp(struct ieee80211com *,
struct mbuf *, int, u_int32_t);
static void ieee80211_recv_disassoc(struct ieee80211com *,
struct mbuf *, int, u_int32_t);
static void ieee80211_recv_deauth(struct ieee80211com *,
struct mbuf *, int, u_int32_t);
static void ieee80211_crc_init(void);
static u_int32_t ieee80211_crc_update(u_int32_t, u_int8_t *, int);
static const char *ieee80211_mgt_subtype_name[] = {
"assoc_req", "assoc_resp", "reassoc_req", "reassoc_resp",
"probe_req", "probe_resp", "reserved#6", "reserved#7",
"beacon", "atim", "disassoc", "auth",
"deauth", "reserved#13", "reserved#14", "reserved#15"
};
void
ieee80211_ifattach(struct ifnet *ifp)
{
struct ieee80211com *ic = (void *)ifp;
int i, rate;
ether_ifattach(ifp, ic->ic_myaddr);
#if NBPFILTER > 0
bpfattach2(ifp, DLT_IEEE802_11,
sizeof(struct ieee80211_frame_addr4), &ic->ic_rawbpf);
#endif
ieee80211_crc_init();
ic->ic_iv = arc4random();
memcpy(ic->ic_chan_active, ic->ic_chan_avail,
sizeof(ic->ic_chan_active));
if (isclr(ic->ic_chan_active, ic->ic_ibss_chan)) {
for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
if (isset(ic->ic_chan_active, i)) {
ic->ic_ibss_chan = i;
break;
}
}
}
ic->ic_des_chan = IEEE80211_CHAN_ANY;
ic->ic_fixed_rate = -1;
if (ic->ic_lintval == 0)
ic->ic_lintval = 100; /* default sleep */
TAILQ_INIT(&ic->ic_node);
rate = 0;
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
if (ic->ic_sup_rates[i] != 0)
rate = (ic->ic_sup_rates[i] & IEEE80211_RATE_VAL) / 2;
}
if (rate)
ifp->if_baudrate = IF_Mbps(rate);
ifp->if_hdrlen = sizeof(struct ieee80211_frame);
/* initialize management frame handler */
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_PROBE_RESP
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_beacon;
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_BEACON
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_beacon;
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_PROBE_REQ
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_prreq;
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_AUTH
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_auth;
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_ASSOC_REQ
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_asreq;
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_REASSOC_REQ
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_asreq;
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_ASSOC_RESP
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_asresp;
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_REASSOC_RESP
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_asresp;
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_DEAUTH
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_deauth;
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_DISASSOC
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_disassoc;
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_PROBE_REQ
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_prreq;
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_PROBE_RESP
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_prresp;
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_AUTH
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_auth;
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_DEAUTH
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_deauth;
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_ASSOC_REQ
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_asreq;
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_REASSOC_REQ
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_asreq;
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_ASSOC_RESP
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_asresp;
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_REASSOC_RESP
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_asresp;
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_DISASSOC
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_disassoc;
}
void
ieee80211_ifdetach(struct ifnet *ifp)
{
struct ieee80211com *ic = (void *)ifp;
int s;
s = splnet();
IF_PURGE(&ic->ic_mgtq);
if (ic->ic_wep_ctx != NULL) {
free(ic->ic_wep_ctx, M_DEVBUF);
ic->ic_wep_ctx = NULL;
}
ieee80211_free_allnodes(ic);
ether_ifdetach(ifp);
splx(s);
}
void
ieee80211_input(struct ifnet *ifp, struct mbuf *m, int rssi, u_int32_t rstamp)
{
struct ieee80211com *ic = (void *)ifp;
struct ieee80211_node *ni;
struct ieee80211_frame *wh;
struct ether_header *eh;
void (*rh)(struct ieee80211com *, struct mbuf *, int, u_int);
struct mbuf *m1;
int error, len;
u_int8_t dir, subtype;
u_int8_t *bssid;
u_int16_t rxseq;
ALTQ_DECL(struct altq_pktattr pktattr;)
/* trim CRC here for WEP can find its own CRC at the end of packet. */
if (m->m_flags & M_HASFCS) {
m_adj(m, -IEEE80211_CRC_LEN);
m->m_flags &= ~M_HASFCS;
}
wh = mtod(m, struct ieee80211_frame *);
if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
IEEE80211_FC0_VERSION_0) {
if (ifp->if_flags & IFF_DEBUG)
printf("%s: receive packet with wrong version: %x\n",
ifp->if_xname, wh->i_fc[0]);
goto err;
}
dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
if (ic->ic_state != IEEE80211_S_SCAN) {
switch (ic->ic_opmode) {
case IEEE80211_M_STA:
ni = &ic->ic_bss;
if (!IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_bssid)) {
DPRINTF2(("ieee80211_input: other bss %s\n",
ether_sprintf(wh->i_addr2)));
/* not interested in */
goto out;
}
break;
case IEEE80211_M_IBSS:
case IEEE80211_M_AHDEMO:
case IEEE80211_M_HOSTAP:
if (dir == IEEE80211_FC1_DIR_NODS)
bssid = wh->i_addr3;
else
bssid = wh->i_addr1;
if (!IEEE80211_ADDR_EQ(bssid, ic->ic_bss.ni_bssid) &&
!IEEE80211_ADDR_EQ(bssid, ifp->if_broadcastaddr)) {
/* not interested in */
DPRINTF2(("ieee80211_input: other bss %s\n",
ether_sprintf(wh->i_addr3)));
goto out;
}
ni = ieee80211_find_node(ic, wh->i_addr2);
if (ni == NULL) {
DPRINTF2(("ieee80211_input: unknown src %s\n",
ether_sprintf(wh->i_addr2)));
ni = &ic->ic_bss; /* XXX allocate? */
}
break;
}
ni->ni_rssi = rssi;
ni->ni_rstamp = rstamp;
rxseq = ni->ni_rxseq;
ni->ni_rxseq =
le16toh(*(u_int16_t *)wh->i_seq) >> IEEE80211_SEQ_SEQ_SHIFT;
/* TODO: fragment */
if ((wh->i_fc[1] & IEEE80211_FC1_RETRY) &&
rxseq == ni->ni_rxseq) {
/* duplicate, silently discarded */
goto out;
}
ni->ni_inact = 0;
}
switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) {
case IEEE80211_FC0_TYPE_DATA:
switch (ic->ic_opmode) {
case IEEE80211_M_STA:
if (dir != IEEE80211_FC1_DIR_FROMDS)
goto out;
if ((ifp->if_flags & IFF_SIMPLEX) &&
IEEE80211_IS_MULTICAST(wh->i_addr1) &&
IEEE80211_ADDR_EQ(wh->i_addr3, ic->ic_myaddr)) {
/*
* In IEEE802.11 network, multicast packet
* sent from me is broadcasted from AP.
* It should be silently discarded for
* SIMPLEX interface.
*/
goto out;
}
break;
case IEEE80211_M_IBSS:
case IEEE80211_M_AHDEMO:
if (dir != IEEE80211_FC1_DIR_NODS)
goto out;
break;
case IEEE80211_M_HOSTAP:
if (dir != IEEE80211_FC1_DIR_TODS)
goto out;
/* check if source STA is associated */
ni = ieee80211_find_node(ic, wh->i_addr2);
if (ni == NULL) {
DPRINTF(("ieee80211_input: "
"data from unknown src %s\n",
ether_sprintf(wh->i_addr2)));
if ((ni = ieee80211_alloc_node(ic, wh->i_addr2,
1)) != NULL) {
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_NOT_AUTHED);
ieee80211_free_node(ic, ni);
}
goto err;
}
if (ni->ni_associd == 0) {
DPRINTF(("ieee80211_input: "
"data from unassoc src %s\n",
ether_sprintf(wh->i_addr2)));
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DISASSOC,
IEEE80211_REASON_NOT_ASSOCED);
goto err;
}
break;
}
if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
if (ic->ic_flags & IEEE80211_F_WEPON) {
m = ieee80211_wep_crypt(ifp, m, 0);
if (m == NULL)
goto err;
wh = mtod(m, struct ieee80211_frame *);
} else
goto out;
}
#if NBPFILTER > 0
/* copy to listener after decrypt */
if (ic->ic_rawbpf)
bpf_mtap(ic->ic_rawbpf, m);
#endif
m = ieee80211_decap(ifp, m);
if (m == NULL)
goto err;
ifp->if_ipackets++;
/* perform as a bridge within the AP */
m1 = NULL;
if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
eh = mtod(m, struct ether_header *);
if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
m1 = m_copym(m, 0, M_COPYALL, M_DONTWAIT);
if (m1 == NULL)
ifp->if_oerrors++;
else
m1->m_flags |= M_MCAST;
} else {
ni = ieee80211_find_node(ic, eh->ether_dhost);
if (ni != NULL && ni->ni_associd != 0) {
m1 = m;
m = NULL;
}
}
if (m1 != NULL) {
#ifdef ALTQ
if (ALTQ_IS_ENABLED(&ifp->if_snd))
altq_etherclassify(&ifp->if_snd, m1,
&pktattr);
#endif
len = m1->m_pkthdr.len;
IFQ_ENQUEUE(&ifp->if_snd, m1, &pktattr, error);
if (error)
ifp->if_oerrors++;
else {
if (m != NULL)
ifp->if_omcasts++;
ifp->if_obytes += len;
}
}
}
if (m != NULL) {
#if NBPFILTER > 0
/*
* If we forward packet into transmitter of the AP,
* we don't need to duplicate for DLT_EN10MB.
*/
if (ifp->if_bpf && m1 == NULL)
bpf_mtap(ifp->if_bpf, m);
#endif
(*ifp->if_input)(ifp, m);
}
return;
case IEEE80211_FC0_TYPE_MGT:
if (dir != IEEE80211_FC1_DIR_NODS)
goto err;
if (ic->ic_opmode == IEEE80211_M_AHDEMO)
goto out;
subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
/* drop frames without interest */
if (ic->ic_state == IEEE80211_S_SCAN) {
if (subtype != IEEE80211_FC0_SUBTYPE_BEACON &&
subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP)
goto out;
} else {
if (ic->ic_opmode != IEEE80211_M_IBSS &&
subtype == IEEE80211_FC0_SUBTYPE_BEACON)
goto out;
}
if (ifp->if_flags & IFF_DEBUG) {
/* avoid to print too many frames */
int doprint = 0;
switch (subtype) {
case IEEE80211_FC0_SUBTYPE_BEACON:
if (ic->ic_state == IEEE80211_S_SCAN)
doprint = 1;
break;
case IEEE80211_FC0_SUBTYPE_PROBE_REQ:
if (ic->ic_opmode == IEEE80211_M_IBSS)
doprint = 1;
break;
default:
doprint = 1;
break;
}
#ifdef IEEE80211_DEBUG
doprint += ieee80211_debug;
#endif
if (doprint)
printf("%s: received %s from %s rssi %d\n",
ifp->if_xname,
ieee80211_mgt_subtype_name[subtype
>> IEEE80211_FC0_SUBTYPE_SHIFT],
ether_sprintf(wh->i_addr2), rssi);
}
#if NBPFILTER > 0
if (ic->ic_rawbpf)
bpf_mtap(ic->ic_rawbpf, m);
#endif
rh = ic->ic_recv_mgmt[subtype >> IEEE80211_FC0_SUBTYPE_SHIFT];
if (rh != NULL)
(*rh)(ic, m, rssi, rstamp);
m_freem(m);
return;
case IEEE80211_FC0_TYPE_CTL:
default:
DPRINTF(("ieee80211_input: bad type %x\n", wh->i_fc[0]));
/* should not come here */
break;
}
err:
ifp->if_ierrors++;
out:
if (m != NULL) {
#if NBPFILTER > 0
if (ic->ic_rawbpf)
bpf_mtap(ic->ic_rawbpf, m);
#endif
m_freem(m);
}
}
int
ieee80211_mgmt_output(struct ifnet *ifp, struct ieee80211_node *ni,
struct mbuf *m, int type)
{
struct ieee80211com *ic = (void *)ifp;
struct ieee80211_frame *wh;
if (ni == NULL)
ni = &ic->ic_bss;
ni->ni_inact = 0;
M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
if (m == NULL)
return ENOMEM;
wh = mtod(m, struct ieee80211_frame *);
wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | type;
wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
*(u_int16_t *)wh->i_dur = 0;
*(u_int16_t *)wh->i_seq =
htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT);
ni->ni_txseq++;
IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr);
IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr);
IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid);
if (ifp->if_flags & IFF_DEBUG) {
/* avoid to print too many frames */
if (ic->ic_opmode == IEEE80211_M_IBSS ||
#ifdef IEEE80211_DEBUG
ieee80211_debug > 1 ||
#endif
(type & IEEE80211_FC0_SUBTYPE_MASK) !=
IEEE80211_FC0_SUBTYPE_PROBE_RESP)
printf("%s: sending %s to %s\n", ifp->if_xname,
ieee80211_mgt_subtype_name[
(type & IEEE80211_FC0_SUBTYPE_MASK)
>> IEEE80211_FC0_SUBTYPE_SHIFT],
ether_sprintf(ni->ni_macaddr));
}
IF_ENQUEUE(&ic->ic_mgtq, m);
ifp->if_timer = 1;
(*ifp->if_start)(ifp);
return 0;
}
struct mbuf *
ieee80211_encap(struct ifnet *ifp, struct mbuf *m)
{
struct ieee80211com *ic = (void *)ifp;
struct ether_header eh;
struct ieee80211_frame *wh;
struct llc *llc;
struct ieee80211_node *ni;
if (m->m_len < sizeof(struct ether_header)) {
m = m_pullup(m, sizeof(struct ether_header));
if (m == NULL)
return NULL;
}
memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header));
if (!IEEE80211_IS_MULTICAST(eh.ether_dhost) &&
(ic->ic_opmode == IEEE80211_M_IBSS ||
ic->ic_opmode == IEEE80211_M_HOSTAP)) {
ni = ieee80211_find_node(ic, eh.ether_dhost);
if (ni == NULL)
ni = &ic->ic_bss; /*XXX*/
} else
ni = &ic->ic_bss;
ni->ni_inact = 0;
m_adj(m, sizeof(struct ether_header) - sizeof(struct llc));
llc = mtod(m, struct llc *);
llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP;
llc->llc_control = LLC_UI;
llc->llc_snap.org_code[0] = 0;
llc->llc_snap.org_code[1] = 0;
llc->llc_snap.org_code[2] = 0;
llc->llc_snap.ether_type = eh.ether_type;
M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
if (m == NULL)
return NULL;
wh = mtod(m, struct ieee80211_frame *);
wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA;
*(u_int16_t *)wh->i_dur = 0;
*(u_int16_t *)wh->i_seq =
htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT);
ni->ni_txseq++;
switch (ic->ic_opmode) {
case IEEE80211_M_STA:
wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_bssid);
IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_dhost);
break;
case IEEE80211_M_IBSS:
case IEEE80211_M_AHDEMO:
wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
IEEE80211_ADDR_COPY(wh->i_addr2, eh.ether_shost);
IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid);
break;
case IEEE80211_M_HOSTAP:
wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
IEEE80211_ADDR_COPY(wh->i_addr1, eh.ether_dhost);
IEEE80211_ADDR_COPY(wh->i_addr2, ni->ni_bssid);
IEEE80211_ADDR_COPY(wh->i_addr3, eh.ether_shost);
break;
}
return m;
}
struct mbuf *
ieee80211_decap(struct ifnet *ifp, struct mbuf *m)
{
struct ether_header *eh;
struct ieee80211_frame wh;
struct llc *llc;
if (m->m_len < sizeof(wh) + sizeof(*llc)) {
m = m_pullup(m, sizeof(wh) + sizeof(*llc));
if (m == NULL)
return NULL;
}
memcpy(&wh, mtod(m, caddr_t), sizeof(wh));
llc = (struct llc *)(mtod(m, caddr_t) + sizeof(wh));
if (llc->llc_dsap == LLC_SNAP_LSAP && llc->llc_ssap == LLC_SNAP_LSAP &&
llc->llc_control == LLC_UI && llc->llc_snap.org_code[0] == 0 &&
llc->llc_snap.org_code[1] == 0 && llc->llc_snap.org_code[2] == 0) {
m_adj(m, sizeof(wh) + sizeof(struct llc) - sizeof(*eh));
llc = NULL;
} else {
m_adj(m, sizeof(wh) - sizeof(*eh));
}
eh = mtod(m, struct ether_header *);
switch (wh.i_fc[1] & IEEE80211_FC1_DIR_MASK) {
case IEEE80211_FC1_DIR_NODS:
IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr1);
IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr2);
break;
case IEEE80211_FC1_DIR_TODS:
IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr3);
IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr2);
break;
case IEEE80211_FC1_DIR_FROMDS:
IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr1);
IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr3);
break;
case IEEE80211_FC1_DIR_DSTODS:
/* not yet supported */
DPRINTF(("ieee80211_decap: DS to DS\n"));
m_freem(m);
return NULL;
}
if (!ALIGNED_POINTER(mtod(m, caddr_t) + sizeof(*eh), u_int32_t)) {
struct mbuf *n, *n0, **np;
caddr_t newdata;
int off;
n0 = NULL;
np = &n0;
off = 0;
while (m->m_pkthdr.len > off) {
if (n0 == NULL) {
MGETHDR(n, M_DONTWAIT, MT_DATA);
if (n == NULL) {
m_freem(m);
return NULL;
}
M_COPY_PKTHDR(n, m);
n->m_len = MHLEN;
} else {
MGET(n, M_DONTWAIT, MT_DATA);
if (n == NULL) {
m_freem(m);
m_freem(n0);
return NULL;
}
n->m_len = MLEN;
}
if (m->m_pkthdr.len - off >= MINCLSIZE) {
MCLGET(n, M_DONTWAIT);
if (n->m_flags & M_EXT)
n->m_len = n->m_ext.ext_size;
}
if (n0 == NULL) {
newdata =
(caddr_t)ALIGN(n->m_data + sizeof(*eh)) -
sizeof(*eh);
n->m_len -= newdata - n->m_data;
n->m_data = newdata;
}
if (n->m_len > m->m_pkthdr.len - off)
n->m_len = m->m_pkthdr.len - off;
m_copydata(m, off, n->m_len, mtod(n, caddr_t));
off += n->m_len;
*np = n;
np = &n->m_next;
}
m_freem(m);
m = n0;
}
if (llc != NULL) {
eh = mtod(m, struct ether_header *);
eh->ether_type = htons(m->m_pkthdr.len - sizeof(*eh));
}
return m;
}
int
ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
{
struct ieee80211com *ic = (void *)ifp;
struct ifreq *ifr = (struct ifreq *)data;
int i, error = 0;
struct ieee80211_nwid nwid;
struct ieee80211_nwkey *nwkey;
struct ieee80211_power *power;
struct ieee80211_bssid *bssid;
struct ieee80211_channel *chan;
struct ieee80211_wepkey keys[IEEE80211_WEP_NKID];
static const u_int8_t empty_macaddr[IEEE80211_ADDR_LEN] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
switch (cmd) {
case SIOCS80211NWID:
if ((error = copyin(ifr->ifr_data, &nwid, sizeof(nwid))) != 0)
break;
if (nwid.i_len > IEEE80211_NWID_LEN) {
error = EINVAL;
break;
}
memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN);
ic->ic_des_esslen = nwid.i_len;
memcpy(ic->ic_des_essid, nwid.i_nwid, nwid.i_len);
error = ENETRESET;
break;
case SIOCG80211NWID:
memset(&nwid, 0, sizeof(nwid));
switch (ic->ic_state) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
nwid.i_len = ic->ic_des_esslen;
memcpy(nwid.i_nwid, ic->ic_des_essid, nwid.i_len);
break;
default:
nwid.i_len = ic->ic_bss.ni_esslen;
memcpy(nwid.i_nwid, ic->ic_bss.ni_essid, nwid.i_len);
break;
}
error = copyout(&nwid, ifr->ifr_data, sizeof(nwid));
break;
case SIOCS80211NWKEY:
nwkey = (struct ieee80211_nwkey *)data;
if ((ic->ic_flags & IEEE80211_F_HASWEP) == 0 &&
nwkey->i_wepon != IEEE80211_NWKEY_OPEN) {
error = EINVAL;
break;
}
/* check and copy keys */
memset(keys, 0, sizeof(keys));
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
keys[i].wk_len = nwkey->i_key[i].i_keylen;
if ((keys[i].wk_len > 0 &&
keys[i].wk_len < IEEE80211_WEP_KEYLEN) ||
keys[i].wk_len > sizeof(keys[i].wk_key)) {
error = EINVAL;
break;
}
if (keys[i].wk_len <= 0)
continue;
if ((error = copyin(nwkey->i_key[i].i_keydat,
keys[i].wk_key, keys[i].wk_len)) != 0)
break;
}
if (error)
break;
i = nwkey->i_defkid - 1;
if (i < 0 || i >= IEEE80211_WEP_NKID ||
keys[i].wk_len == 0 ||
(keys[i].wk_len == -1 && ic->ic_nw_keys[i].wk_len == 0)) {
if (nwkey->i_wepon != IEEE80211_NWKEY_OPEN) {
error = EINVAL;
break;
}
} else
ic->ic_wep_txkey = i;
/* save the key */
if (nwkey->i_wepon == IEEE80211_NWKEY_OPEN)
ic->ic_flags &= ~IEEE80211_F_WEPON;
else
ic->ic_flags |= IEEE80211_F_WEPON;
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
if (keys[i].wk_len < 0)
continue;
ic->ic_nw_keys[i].wk_len = keys[i].wk_len;
memcpy(ic->ic_nw_keys[i].wk_key, keys[i].wk_key,
sizeof(keys[i].wk_key));
}
error = ENETRESET;
break;
case SIOCG80211NWKEY:
nwkey = (struct ieee80211_nwkey *)data;
if (ic->ic_flags & IEEE80211_F_WEPON)
nwkey->i_wepon = IEEE80211_NWKEY_WEP;
else
nwkey->i_wepon = IEEE80211_NWKEY_OPEN;
nwkey->i_defkid = ic->ic_wep_txkey + 1;
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
if (nwkey->i_key[i].i_keydat == NULL)
continue;
/* do not show any keys to non-root user */
if ((error = suser(curproc->p_ucred,
&curproc->p_acflag)) != 0)
break;
nwkey->i_key[i].i_keylen = ic->ic_nw_keys[i].wk_len;
if ((error = copyout(ic->ic_nw_keys[i].wk_key,
nwkey->i_key[i].i_keydat,
ic->ic_nw_keys[i].wk_len)) != 0)
break;
}
break;
case SIOCS80211POWER:
power = (struct ieee80211_power *)data;
ic->ic_lintval = power->i_maxsleep;
if (power->i_enabled != 0) {
if ((ic->ic_flags & IEEE80211_F_HASPMGT) == 0)
error = EINVAL;
else if ((ic->ic_flags & IEEE80211_F_PMGTON) == 0) {
ic->ic_flags |= IEEE80211_F_PMGTON;
error = ENETRESET;
}
} else {
if (ic->ic_flags & IEEE80211_F_PMGTON) {
ic->ic_flags &= ~IEEE80211_F_PMGTON;
error = ENETRESET;
}
}
break;
case SIOCG80211POWER:
power = (struct ieee80211_power *)data;
power->i_enabled = (ic->ic_flags & IEEE80211_F_PMGTON) ? 1 : 0;
power->i_maxsleep = ic->ic_lintval;
break;
case SIOCS80211BSSID:
bssid = (struct ieee80211_bssid *)data;
if (IEEE80211_ADDR_EQ(bssid->i_bssid, empty_macaddr))
ic->ic_flags &= ~IEEE80211_F_DESBSSID;
else {
ic->ic_flags |= IEEE80211_F_DESBSSID;
IEEE80211_ADDR_COPY(ic->ic_des_bssid, bssid->i_bssid);
}
if (ic->ic_opmode == IEEE80211_M_HOSTAP)
break;
switch (ic->ic_state) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
error = ENETRESET;
break;
default:
if ((ic->ic_flags & IEEE80211_F_DESBSSID) &&
!IEEE80211_ADDR_EQ(ic->ic_des_bssid,
ic->ic_bss.ni_bssid))
error = ENETRESET;
break;
}
break;
case SIOCG80211BSSID:
bssid = (struct ieee80211_bssid *)data;
switch (ic->ic_state) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
if (ic->ic_opmode == IEEE80211_M_HOSTAP)
IEEE80211_ADDR_COPY(bssid->i_bssid,
ic->ic_myaddr);
else if (ic->ic_flags & IEEE80211_F_DESBSSID)
IEEE80211_ADDR_COPY(bssid->i_bssid,
ic->ic_des_bssid);
else
memset(bssid->i_bssid, 0, IEEE80211_ADDR_LEN);
break;
default:
IEEE80211_ADDR_COPY(bssid->i_bssid,
ic->ic_bss.ni_bssid);
break;
}
break;
case SIOCS80211CHANNEL:
chan = (struct ieee80211_channel *)data;
if (chan->i_channel == IEEE80211_CHAN_ANY)
ic->ic_des_chan = IEEE80211_CHAN_ANY;
else if (chan->i_channel > IEEE80211_CHAN_MAX ||
isclr(ic->ic_chan_active, chan->i_channel)) {
error = EINVAL;
break;
} else
ic->ic_ibss_chan = ic->ic_des_chan = chan->i_channel;
switch (ic->ic_state) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
error = ENETRESET;
break;
default:
if (ic->ic_opmode == IEEE80211_M_STA) {
if (ic->ic_des_chan != IEEE80211_CHAN_ANY &&
ic->ic_bss.ni_chan != ic->ic_des_chan)
error = ENETRESET;
} else {
if (ic->ic_bss.ni_chan != ic->ic_ibss_chan)
error = ENETRESET;
}
break;
}
break;
case SIOCG80211CHANNEL:
chan = (struct ieee80211_channel *)data;
switch (ic->ic_state) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
if (ic->ic_opmode == IEEE80211_M_STA)
chan->i_channel = ic->ic_des_chan;
else
chan->i_channel = ic->ic_ibss_chan;
break;
default:
chan->i_channel = ic->ic_bss.ni_chan;
break;
}
break;
case SIOCGIFGENERIC:
error = ieee80211_cfgget(ifp, cmd, data);
break;
case SIOCSIFGENERIC:
error = suser(curproc->p_ucred, &curproc->p_acflag);
if (error)
break;
error = ieee80211_cfgset(ifp, cmd, data);
break;
default:
error = ether_ioctl(ifp, cmd, data);
break;
}
return error;
}
void
ieee80211_print_essid(u_int8_t *essid, int len)
{
int i;
u_int8_t *p;
if (len > IEEE80211_NWID_LEN)
len = IEEE80211_NWID_LEN;
/* determine printable or not */
for (i = 0, p = essid; i < len; i++, p++) {
if (*p < ' ' || *p > 0x7e)
break;
}
if (i == len) {
printf("\"");
for (i = 0, p = essid; i < len; i++, p++)
printf("%c", *p);
printf("\"");
} else {
printf("0x");
for (i = 0, p = essid; i < len; i++, p++)
printf("%02x", *p);
}
}
void
ieee80211_dump_pkt(u_int8_t *buf, int len, int rate, int rssi)
{
struct ieee80211_frame *wh;
int i;
wh = (struct ieee80211_frame *)buf;
switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
case IEEE80211_FC1_DIR_NODS:
printf("NODS %s", ether_sprintf(wh->i_addr2));
printf("->%s", ether_sprintf(wh->i_addr1));
printf("(%s)", ether_sprintf(wh->i_addr3));
break;
case IEEE80211_FC1_DIR_TODS:
printf("TODS %s", ether_sprintf(wh->i_addr2));
printf("->%s", ether_sprintf(wh->i_addr3));
printf("(%s)", ether_sprintf(wh->i_addr1));
break;
case IEEE80211_FC1_DIR_FROMDS:
printf("FRDS %s", ether_sprintf(wh->i_addr3));
printf("->%s", ether_sprintf(wh->i_addr1));
printf("(%s)", ether_sprintf(wh->i_addr2));
break;
case IEEE80211_FC1_DIR_DSTODS:
printf("DSDS %s", ether_sprintf((u_int8_t *)&wh[1]));
printf("->%s", ether_sprintf(wh->i_addr3));
printf("(%s", ether_sprintf(wh->i_addr2));
printf("->%s)", ether_sprintf(wh->i_addr1));
break;
}
switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) {
case IEEE80211_FC0_TYPE_DATA:
printf(" data");
break;
case IEEE80211_FC0_TYPE_MGT:
printf(" %s", ieee80211_mgt_subtype_name[
(wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK)
>> IEEE80211_FC0_SUBTYPE_SHIFT]);
break;
default:
printf(" type#%d", wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK);
break;
}
if (wh->i_fc[1] & IEEE80211_FC1_WEP)
printf(" WEP");
if (rate >= 0)
printf(" %dM", rate / 2);
if (rssi >= 0)
printf(" +%d", rssi);
printf("\n");
if (len > 0) {
for (i = 0; i < len; i++) {
if ((i & 1) == 0)
printf(" ");
printf("%02x", buf[i]);
}
printf("\n");
}
}
void
ieee80211_watchdog(struct ifnet *ifp)
{
struct ieee80211com *ic = (void *)ifp;
struct ieee80211_node *ni, *nextbs;
if (ic->ic_scan_timer) {
if (--ic->ic_scan_timer == 0) {
if (ic->ic_state == IEEE80211_S_SCAN)
ieee80211_end_scan(ifp);
}
}
if (ic->ic_mgt_timer) {
if (--ic->ic_mgt_timer == 0)
ieee80211_new_state(ifp, IEEE80211_S_SCAN, -1);
}
if (ic->ic_inact_timer) {
if (--ic->ic_inact_timer == 0) {
for (ni = TAILQ_FIRST(&ic->ic_node); ni != NULL; ) {
if (++ni->ni_inact <= IEEE80211_INACT_MAX) {
ni = TAILQ_NEXT(ni, ni_list);
continue;
}
if (ifp->if_flags & IFF_DEBUG)
printf("%s: station %s deauthenticate"
" (reason %d)\n",
ifp->if_xname,
ether_sprintf(ni->ni_macaddr),
IEEE80211_REASON_AUTH_EXPIRE);
nextbs = TAILQ_NEXT(ni, ni_list);
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_AUTH_EXPIRE);
ieee80211_free_node(ic, ni);
ni = nextbs;
}
if (!TAILQ_EMPTY(&ic->ic_node))
ic->ic_inact_timer = IEEE80211_INACT_WAIT;
}
}
if (ic->ic_scan_timer != 0 || ic->ic_mgt_timer != 0 ||
ic->ic_inact_timer != 0)
ifp->if_timer = 1;
}
void
ieee80211_next_scan(struct ifnet *ifp)
{
struct ieee80211com *ic = (void *)ifp;
int chan;
chan = ic->ic_bss.ni_chan;
for (;;) {
chan = (chan + 1) % (IEEE80211_CHAN_MAX + 1);
if (isset(ic->ic_chan_active, chan))
break;
if (chan == ic->ic_bss.ni_chan) {
DPRINTF(("ieee80211_next_scan: no chan available\n"));
return;
}
}
DPRINTF(("ieee80211_next_scan: chan %d->%d\n",
ic->ic_bss.ni_chan, chan));
ic->ic_bss.ni_chan = chan;
ieee80211_new_state(ifp, IEEE80211_S_SCAN, -1);
}
void
ieee80211_end_scan(struct ifnet *ifp)
{
struct ieee80211com *ic = (void *)ifp;
struct ieee80211_node *ni, *nextbs, *selbs;
void *p;
u_int8_t rate;
int i, fail;
ni = TAILQ_FIRST(&ic->ic_node);
if (ni == NULL) {
DPRINTF(("ieee80211_end_scan: no scan candidate\n"));
notfound:
if (ic->ic_opmode == IEEE80211_M_IBSS &&
(ic->ic_flags & IEEE80211_F_IBSSON) &&
ic->ic_des_esslen != 0) {
ni = &ic->ic_bss;
if (ifp->if_flags & IFF_DEBUG)
printf("%s: creating ibss\n", ifp->if_xname);
ic->ic_flags |= IEEE80211_F_SIBSS;
ni->ni_nrate = 0;
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
if (ic->ic_sup_rates[i])
ni->ni_rates[ni->ni_nrate++] =
ic->ic_sup_rates[i];
}
IEEE80211_ADDR_COPY(ni->ni_macaddr, ic->ic_myaddr);
IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr);
ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */
ni->ni_esslen = ic->ic_des_esslen;
memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen);
ni->ni_rssi = 0;
ni->ni_rstamp = 0;
memset(ni->ni_tstamp, 0, sizeof(ni->ni_tstamp));
ni->ni_intval = ic->ic_lintval;
ni->ni_capinfo = IEEE80211_CAPINFO_IBSS;
if (ic->ic_flags & IEEE80211_F_WEPON)
ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY;
ni->ni_chan = ic->ic_ibss_chan;
if (ic->ic_phytype == IEEE80211_T_FH) {
ni->ni_fhdwell = 200; /* XXX */
ni->ni_fhindex = 1;
}
ieee80211_new_state(ifp, IEEE80211_S_RUN, -1);
return;
}
if (ic->ic_flags & IEEE80211_F_ASCAN) {
if (ifp->if_flags & IFF_DEBUG)
printf("%s: entering passive scan mode\n",
ifp->if_xname);
ic->ic_flags &= ~IEEE80211_F_ASCAN;
}
ieee80211_next_scan(ifp);
return;
}
selbs = NULL;
if (ifp->if_flags & IFF_DEBUG)
printf("%s:\tmacaddr bssid chan rssi rate flag wep essid\n",
ifp->if_xname);
for (; ni != NULL; ni = nextbs) {
nextbs = TAILQ_NEXT(ni, ni_list);
if (ni->ni_fails) {
/*
* The configuration of the access points may change
* during my scan. So delete the entry for the AP
* and retry to associate if there is another beacon.
*/
if (ni->ni_fails++ > 2)
ieee80211_free_node(ic, ni);
continue;
}
fail = 0;
if (isclr(ic->ic_chan_active, ni->ni_chan))
fail |= 0x01;
if (ic->ic_des_chan != IEEE80211_CHAN_ANY &&
ni->ni_chan != ic->ic_des_chan)
fail |= 0x01;
if (ic->ic_opmode == IEEE80211_M_IBSS) {
if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
fail |= 0x02;
} else {
if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0)
fail |= 0x02;
}
if (ic->ic_flags & IEEE80211_F_WEPON) {
if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
fail |= 0x04;
} else {
if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)
fail |= 0x04;
}
rate = ieee80211_fix_rate(ic, ni, IEEE80211_F_DONEGO);
if (rate & IEEE80211_RATE_BASIC)
fail |= 0x08;
if (ic->ic_des_esslen != 0 &&
(ni->ni_esslen != ic->ic_des_esslen ||
memcmp(ni->ni_essid, ic->ic_des_essid,
ic->ic_des_esslen != 0)))
fail |= 0x10;
if ((ic->ic_flags & IEEE80211_F_DESBSSID) &&
!IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid))
fail |= 0x20;
if (ifp->if_flags & IFF_DEBUG) {
printf(" %c %s", fail ? '-' : '+',
ether_sprintf(ni->ni_macaddr));
printf(" %s%c", ether_sprintf(ni->ni_bssid),
fail & 0x20 ? '!' : ' ');
printf(" %3d%c", ni->ni_chan, fail & 0x01 ? '!' : ' ');
printf(" %+4d", ni->ni_rssi);
printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2,
fail & 0x08 ? '!' : ' ');
printf(" %4s%c",
(ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" :
(ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" :
"????",
fail & 0x02 ? '!' : ' ');
printf(" %3s%c ",
(ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ?
"wep" : "no",
fail & 0x04 ? '!' : ' ');
ieee80211_print_essid(ni->ni_essid, ni->ni_esslen);
printf("%s\n", fail & 0x10 ? "!" : "");
}
if (!fail) {
if (selbs == NULL || ni->ni_rssi > selbs->ni_rssi)
selbs = ni;
}
}
if (selbs == NULL)
goto notfound;
p = ic->ic_bss.ni_private;
ic->ic_bss = *selbs;
ic->ic_bss.ni_private = p;
if (p != NULL && ic->ic_node_privlen)
memcpy(p, selbs->ni_private, ic->ic_node_privlen);
if (ic->ic_opmode == IEEE80211_M_IBSS) {
ieee80211_fix_rate(ic, &ic->ic_bss, IEEE80211_F_DOFRATE |
IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
if (ic->ic_bss.ni_nrate == 0) {
selbs->ni_fails++;
goto notfound;
}
ieee80211_new_state(ifp, IEEE80211_S_RUN, -1);
} else
ieee80211_new_state(ifp, IEEE80211_S_AUTH, -1);
}
struct ieee80211_node *
ieee80211_alloc_node(struct ieee80211com *ic, u_int8_t *macaddr, int copy)
{
struct ieee80211_node *ni;
int hash;
int s;
ni = malloc(sizeof(struct ieee80211_node) + ic->ic_node_privlen,
M_DEVBUF, M_NOWAIT);
if (ni == NULL)
return NULL;
if (copy)
memcpy(ni, &ic->ic_bss, sizeof(struct ieee80211_node));
else
memset(ni, 0, sizeof(struct ieee80211_node));
IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
if (ic->ic_node_privlen) {
ni->ni_private = &ni[1];
memset(ni->ni_private, 0, ic->ic_node_privlen);
} else
ni->ni_private = NULL;
hash = IEEE80211_NODE_HASH(macaddr);
s = splnet();
TAILQ_INSERT_TAIL(&ic->ic_node, ni, ni_list);
LIST_INSERT_HEAD(&ic->ic_hash[hash], ni, ni_hash);
splx(s);
ic->ic_inact_timer = IEEE80211_INACT_WAIT;
return ni;
}
struct ieee80211_node *
ieee80211_find_node(struct ieee80211com *ic, u_int8_t *macaddr)
{
struct ieee80211_node *ni;
int hash;
int s;
hash = IEEE80211_NODE_HASH(macaddr);
s = splnet();
LIST_FOREACH(ni, &ic->ic_hash[hash], ni_hash) {
if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr))
break;
}
splx(s);
return ni;
}
void
ieee80211_free_node(struct ieee80211com *ic, struct ieee80211_node *ni)
{
int s;
s = splnet();
if (ic->ic_node_free != NULL)
(*ic->ic_node_free)(ic, ni);
TAILQ_REMOVE(&ic->ic_node, ni, ni_list);
LIST_REMOVE(ni, ni_hash);
splx(s);
free(ni, M_DEVBUF);
if (TAILQ_EMPTY(&ic->ic_node))
ic->ic_inact_timer = 0;
}
void
ieee80211_free_allnodes(struct ieee80211com *ic)
{
struct ieee80211_node *ni;
while ((ni = TAILQ_FIRST(&ic->ic_node)) != NULL)
ieee80211_free_node(ic, ni);
}
int
ieee80211_fix_rate(struct ieee80211com *ic, struct ieee80211_node *ni, int flags)
{
int i, j, ignore, error;
int okrate, badrate;
u_int8_t r;
error = 0;
okrate = badrate = 0;
for (i = 0; i < ni->ni_nrate; ) {
ignore = 0;
if (flags & IEEE80211_F_DOSORT) {
for (j = i + 1; j < ni->ni_nrate; j++) {
if ((ni->ni_rates[i] & IEEE80211_RATE_VAL) >
(ni->ni_rates[j] & IEEE80211_RATE_VAL)) {
r = ni->ni_rates[i];
ni->ni_rates[i] = ni->ni_rates[j];
ni->ni_rates[j] = r;
}
}
}
r = ni->ni_rates[i] & IEEE80211_RATE_VAL;
badrate = r;
if (flags & IEEE80211_F_DOFRATE) {
if (ic->ic_fixed_rate >= 0 &&
r != (ic->ic_sup_rates[ic->ic_fixed_rate] &
IEEE80211_RATE_VAL))
ignore++;
}
if (flags & IEEE80211_F_DONEGO) {
for (j = 0; j < IEEE80211_RATE_SIZE; j++) {
if (r ==
(ic->ic_sup_rates[j] & IEEE80211_RATE_VAL))
break;
}
if (j == IEEE80211_RATE_SIZE) {
if (ni->ni_rates[i] & IEEE80211_RATE_BASIC)
error++;
ignore++;
}
}
if (flags & IEEE80211_F_DODEL) {
if (ignore) {
ni->ni_nrate--;
for (j = i; j < ni->ni_nrate; j++)
ni->ni_rates[j] = ni->ni_rates[j + 1];
ni->ni_rates[j] = 0;
continue;
}
}
if (!ignore)
okrate = ni->ni_rates[i];
i++;
}
if (okrate == 0 || error != 0)
return badrate | IEEE80211_RATE_BASIC;
return okrate & IEEE80211_RATE_VAL;
}
static int
ieee80211_send_prreq(struct ieee80211com *ic, struct ieee80211_node *ni,
int type, int dummy)
{
int i, ret;
struct mbuf *m;
u_int8_t *frm;
/*
* prreq frame format
* [tlv] ssid
* [tlv] supported rates
*/
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (m == NULL)
return ENOMEM;
m->m_data += sizeof(struct ieee80211_frame);
frm = mtod(m, u_int8_t *);
*frm++ = IEEE80211_ELEMID_SSID;
*frm++ = ic->ic_des_esslen;
memcpy(frm, ic->ic_des_essid, ic->ic_des_esslen);
frm += ic->ic_des_esslen;
*frm++ = IEEE80211_ELEMID_RATES;
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
if (ic->ic_sup_rates[i] != 0)
frm[i + 1] = ic->ic_sup_rates[i];
}
*frm++ = i;
frm += i;
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
ret = ieee80211_mgmt_output(&ic->ic_if, ni, m, type);
ic->ic_mgt_timer = IEEE80211_TRANS_WAIT;
return ret;
}
static int
ieee80211_send_prresp(struct ieee80211com *ic, struct ieee80211_node *bs0,
int type, int dummy)
{
struct mbuf *m;
u_int8_t *frm;
struct ieee80211_node *ni = &ic->ic_bss;
u_int16_t capinfo;
/*
* probe response frame format
* [8] time stamp
* [2] beacon interval
* [2] cabability information
* [tlv] ssid
* [tlv] supported rates
* [tlv] parameter set (IBSS)
*/
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (m == NULL)
return ENOMEM;
m->m_data += sizeof(struct ieee80211_frame);
frm = mtod(m, u_int8_t *);
memset(frm, 0, 8); /* timestamp should be filled later */
frm += 8;
*(u_int16_t *)frm = htole16(ni->ni_intval);
frm += 2;
if (ic->ic_opmode == IEEE80211_M_IBSS)
capinfo = IEEE80211_CAPINFO_IBSS;
else
capinfo = IEEE80211_CAPINFO_ESS;
if (ic->ic_flags & IEEE80211_F_WEPON)
capinfo |= IEEE80211_CAPINFO_PRIVACY;
*(u_int16_t *)frm = htole16(capinfo);
frm += 2;
*frm++ = IEEE80211_ELEMID_SSID;
*frm++ = ni->ni_esslen;
memcpy(frm, ni->ni_essid, ni->ni_esslen);
frm += ni->ni_esslen;
*frm++ = IEEE80211_ELEMID_RATES;
*frm++ = ni->ni_nrate;
memcpy(frm, ni->ni_rates, ni->ni_nrate);
frm += ni->ni_nrate;
if (ic->ic_opmode == IEEE80211_M_IBSS) {
*frm++ = IEEE80211_ELEMID_IBSSPARMS;
*frm++ = 2;
*frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
} else { /* IEEE80211_M_HOSTAP */
/* TODO: TIM */
*frm++ = IEEE80211_ELEMID_TIM;
*frm++ = 4; /* length */
*frm++ = 0; /* DTIM count */
*frm++ = 1; /* DTIM period */
*frm++ = 0; /* bitmap control */
*frm++ = 0; /* Partial Virtual Bitmap (variable length) */
}
/* TODO: check MHLEN limit */
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
return ieee80211_mgmt_output(&ic->ic_if, bs0, m, type);
}
static int
ieee80211_send_auth(struct ieee80211com *ic, struct ieee80211_node *ni,
int type, int seq)
{
struct mbuf *m;
u_int16_t *frm;
int ret;
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (m == NULL)
return ENOMEM;
MH_ALIGN(m, 2 * 3);
m->m_pkthdr.len = m->m_len = 6;
frm = mtod(m, u_int16_t *);
/* TODO: shared key auth */
frm[0] = htole16(IEEE80211_AUTH_ALG_OPEN);
frm[1] = htole16(seq);
frm[2] = 0; /* status */
ret = ieee80211_mgmt_output(&ic->ic_if, ni, m, type);
if (ic->ic_opmode == IEEE80211_M_STA)
ic->ic_mgt_timer = IEEE80211_TRANS_WAIT;
return ret;
}
static int
ieee80211_send_deauth(struct ieee80211com *ic, struct ieee80211_node *ni,
int type, int reason)
{
struct ifnet *ifp = &ic->ic_if;
struct mbuf *m;
if (ifp->if_flags & IFF_DEBUG)
printf("%s: station %s deauthenticate (reason %d)\n",
ifp->if_xname, ether_sprintf(ni->ni_macaddr), reason);
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (m == NULL)
return ENOMEM;
MH_ALIGN(m, 2);
m->m_pkthdr.len = m->m_len = 2;
*mtod(m, u_int16_t *) = htole16(reason);
return ieee80211_mgmt_output(&ic->ic_if, ni, m, type);
}
static int
ieee80211_send_asreq(struct ieee80211com *ic, struct ieee80211_node *ni,
int type, int dummy)
{
struct mbuf *m;
u_int8_t *frm, *rates;
u_int16_t capinfo;
int i, ret;
/*
* asreq frame format
* [2] capability information
* [2] listen interval
* [6*] current AP address (reassoc only)
* [tlv] ssid
* [tlv] supported rates
*/
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (m == NULL)
return ENOMEM;
m->m_data += sizeof(struct ieee80211_frame);
frm = mtod(m, u_int8_t *);
capinfo = 0;
if (ic->ic_opmode == IEEE80211_M_IBSS)
capinfo |= IEEE80211_CAPINFO_IBSS;
else /* IEEE80211_M_STA */
capinfo |= IEEE80211_CAPINFO_ESS;
if (ic->ic_flags & IEEE80211_F_WEPON)
capinfo |= IEEE80211_CAPINFO_PRIVACY;
*(u_int16_t *)frm = htole16(capinfo);
frm += 2;
*(u_int16_t *)frm = htole16(ic->ic_lintval);
frm += 2;
if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
IEEE80211_ADDR_COPY(frm, ic->ic_bss.ni_bssid);
frm += IEEE80211_ADDR_LEN;
}
*frm++ = IEEE80211_ELEMID_SSID;
*frm++ = ni->ni_esslen;
memcpy(frm, ni->ni_essid, ni->ni_esslen);
frm += ni->ni_esslen;
*frm++ = IEEE80211_ELEMID_RATES;
rates = frm++; /* update later */
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
if (ni->ni_rates[i] != 0)
*frm++ = ni->ni_rates[i];
}
*rates = frm - (rates + 1);
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
ret = ieee80211_mgmt_output(&ic->ic_if, ni, m, type);
ic->ic_mgt_timer = IEEE80211_TRANS_WAIT;
return ret;
}
static int
ieee80211_send_asresp(struct ieee80211com *ic, struct ieee80211_node *ni,
int type, int status)
{
struct mbuf *m;
u_int8_t *frm, *rates, *r;
u_int16_t capinfo;
int i;
/*
* asreq frame format
* [2] capability information
* [2] status
* [2] association ID
* [tlv] supported rates
*/
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (m == NULL)
return ENOMEM;
m->m_data += sizeof(struct ieee80211_frame);
frm = mtod(m, u_int8_t *);
capinfo = IEEE80211_CAPINFO_ESS;
if (ic->ic_flags & IEEE80211_F_WEPON)
capinfo |= IEEE80211_CAPINFO_PRIVACY;
*(u_int16_t *)frm = htole16(capinfo);
frm += 2;
*(u_int16_t *)frm = htole16(status);
frm += 2;
if (status == IEEE80211_STATUS_SUCCESS && ni != NULL)
*(u_int16_t *)frm = htole16(ni->ni_associd);
else
*(u_int16_t *)frm = htole16(0);
frm += 2;
*frm++ = IEEE80211_ELEMID_RATES;
rates = frm++; /* update later */
if (ni != NULL)
r = ni->ni_rates;
else
r = ic->ic_bss.ni_rates;
for (i = 0; i < IEEE80211_RATE_SIZE; i++, r++) {
if (*r != 0)
*frm++ = *r;
}
*rates = frm - (rates + 1);
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
return ieee80211_mgmt_output(&ic->ic_if, ni, m, type);
}
static int
ieee80211_send_disassoc(struct ieee80211com *ic, struct ieee80211_node *ni,
int type, int reason)
{
struct ifnet *ifp = &ic->ic_if;
struct mbuf *m;
if (ifp->if_flags & IFF_DEBUG)
printf("%s: station %s disassociate (reason %d)\n",
ifp->if_xname, ether_sprintf(ni->ni_macaddr), reason);
MGETHDR(m, M_DONTWAIT, MT_DATA);
if (m == NULL)
return ENOMEM;
MH_ALIGN(m, 2);
m->m_pkthdr.len = m->m_len = 2;
*mtod(m, u_int16_t *) = htole16(reason);
return ieee80211_mgmt_output(&ic->ic_if, ni, m,
IEEE80211_FC0_SUBTYPE_DISASSOC);
}
static void
ieee80211_recv_beacon(struct ieee80211com *ic, struct mbuf *m0, int rssi,
u_int32_t rstamp)
{
struct ieee80211_frame *wh;
struct ieee80211_node *ni;
u_int8_t *frm, *efrm, *tstamp, *bintval, *capinfo, *ssid, *rates;
u_int8_t chan, fhindex;
u_int16_t fhdwell;
if (ic->ic_opmode != IEEE80211_M_IBSS &&
ic->ic_state != IEEE80211_S_SCAN) {
/* XXX: may be useful for background scan */
return;
}
wh = mtod(m0, struct ieee80211_frame *);
frm = (u_int8_t *)&wh[1];
efrm = mtod(m0, u_int8_t *) + m0->m_len;
/*
* beacon frame format
* [8] time stamp
* [2] beacon interval
* [2] cabability information
* [tlv] ssid
* [tlv] supported rates
* [tlv] parameter set (FH/DS)
*/
tstamp = frm; frm += 8;
bintval = frm; frm += 2;
capinfo = frm; frm += 2;
ssid = rates = NULL;
chan = ic->ic_bss.ni_chan;
fhdwell = 0;
fhindex = 0;
while (frm < efrm) {
switch (*frm) {
case IEEE80211_ELEMID_SSID:
ssid = frm;
break;
case IEEE80211_ELEMID_RATES:
rates = frm;
break;
case IEEE80211_ELEMID_FHPARMS:
if (ic->ic_phytype == IEEE80211_T_FH) {
fhdwell = (frm[3] << 8) | frm[2];
chan = IEEE80211_FH_CHAN(frm[4], frm[5]);
fhindex = frm[6];
}
break;
case IEEE80211_ELEMID_DSPARMS:
if (ic->ic_phytype == IEEE80211_T_DS)
chan = frm[2];
break;
}
frm += frm[1] + 2;
}
if (ssid == NULL || rates == NULL) {
DPRINTF(("ieee80211_recv_beacon: ssid=%p, rates=%p, chan=%d\n",
ssid, rates, chan));
return;
}
if (ssid[1] > IEEE80211_NWID_LEN) {
DPRINTF(("ieee80211_recv_beacon: bad ssid len %d from %s\n",
ssid[1], ether_sprintf(wh->i_addr2)));
return;
}
ni = ieee80211_find_node(ic, wh->i_addr2);
#ifdef IEEE80211_DEBUG
if (ieee80211_debug &&
(ieee80211_debug > 1 || ni == NULL ||
ic->ic_state == IEEE80211_S_SCAN)) {
printf("ieee80211_recv_prreq: %sbeacon ",
(ni == NULL ? "new " : ""));
ieee80211_print_essid(ssid + 2, ssid[1]);
printf(" from %s\n", ether_sprintf(wh->i_addr2));
}
#endif
if (ni == NULL) {
if ((ni = ieee80211_alloc_node(ic, wh->i_addr2, 0)) == NULL)
return;
ni->ni_esslen = ssid[1];
memset(ni->ni_essid, 0, sizeof(ni->ni_essid));
memcpy(ni->ni_essid, ssid + 2, ssid[1]);
} else {
if (ssid[1] != 0) {
/*
* Update ESSID at probe response to adopt hidden AP by
* Lucent/Cisco, which announces null ESSID in beacon.
*/
if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
IEEE80211_FC0_SUBTYPE_PROBE_RESP) {
ni->ni_esslen = ssid[1];
memset(ni->ni_essid, 0, sizeof(ni->ni_essid));
memcpy(ni->ni_essid, ssid + 2, ssid[1]);
}
}
}
IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3);
memset(ni->ni_rates, 0, IEEE80211_RATE_SIZE);
ni->ni_nrate = rates[1];
memcpy(ni->ni_rates, rates + 2, ni->ni_nrate);
ieee80211_fix_rate(ic, ni, IEEE80211_F_DOSORT);
ni->ni_rssi = rssi;
ni->ni_rstamp = rstamp;
memcpy(ni->ni_tstamp, tstamp, sizeof(ni->ni_tstamp));
ni->ni_intval = le16toh(*(u_int16_t *)bintval);
ni->ni_capinfo = le16toh(*(u_int16_t *)capinfo);
ni->ni_chan = chan;
ni->ni_fhdwell = fhdwell;
ni->ni_fhindex = fhindex;
if (ic->ic_state == IEEE80211_S_SCAN && ic->ic_scan_timer == 0)
ieee80211_end_scan(&ic->ic_if);
}
static void
ieee80211_recv_prreq(struct ieee80211com *ic, struct mbuf *m0, int rssi,
u_int32_t rstamp)
{
struct ieee80211_frame *wh;
struct ieee80211_node *ni;
u_int8_t *frm, *efrm, *ssid, *rates;
u_int8_t rate;
int allocbs;
if (ic->ic_opmode == IEEE80211_M_STA)
return;
if (ic->ic_state != IEEE80211_S_RUN)
return;
wh = mtod(m0, struct ieee80211_frame *);
frm = (u_int8_t *)&wh[1];
efrm = mtod(m0, u_int8_t *) + m0->m_len;
/*
* prreq frame format
* [tlv] ssid
* [tlv] supported rates
*/
ssid = rates = NULL;
while (frm < efrm) {
switch (*frm) {
case IEEE80211_ELEMID_SSID:
ssid = frm;
break;
case IEEE80211_ELEMID_RATES:
rates = frm;
break;
}
frm += frm[1] + 2;
}
if (ssid == NULL || rates == NULL) {
DPRINTF(("ieee80211_recv_prreq: ssid=%p, rates=%p\n",
ssid, rates));
return;
}
if (ssid[1] != 0 &&
(ssid[1] != ic->ic_bss.ni_esslen ||
memcmp(ssid + 2, ic->ic_bss.ni_essid, ic->ic_bss.ni_esslen) != 0)) {
#ifdef IEEE80211_DEBUG
if (ieee80211_debug) {
printf("ieee80211_recv_prreq: ssid unmatch ");
ieee80211_print_essid(ssid + 2, ssid[1]);
printf(" from %s\n", ether_sprintf(wh->i_addr2));
}
#endif
return;
}
ni = ieee80211_find_node(ic, wh->i_addr2);
if (ni == NULL) {
if ((ni = ieee80211_alloc_node(ic, wh->i_addr2, 1)) == NULL)
return;
DPRINTF(("ieee80211_recv_prreq: new req from %s\n",
ether_sprintf(wh->i_addr2)));
allocbs = 1;
} else
allocbs = 0;
memset(ni->ni_rates, 0, IEEE80211_RATE_SIZE);
ni->ni_nrate = rates[1];
memcpy(ni->ni_rates, rates + 2, ni->ni_nrate);
ni->ni_rssi = rssi;
ni->ni_rstamp = rstamp;
rate = ieee80211_fix_rate(ic, ni, IEEE80211_F_DOSORT |
IEEE80211_F_DOFRATE | IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
if (rate & IEEE80211_RATE_BASIC) {
DPRINTF(("ieee80211_recv_prreq: rate negotiation failed: %s\n",
ether_sprintf(wh->i_addr2)));
} else {
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_PROBE_RESP,
0);
}
if (allocbs && (ic->ic_opmode == IEEE80211_M_HOSTAP))
ieee80211_free_node(ic, ni);
}
static void
ieee80211_recv_auth(struct ieee80211com *ic, struct mbuf *m0, int rssi,
u_int32_t rstamp)
{
struct ifnet *ifp = &ic->ic_if;
struct ieee80211_frame *wh;
struct ieee80211_node *ni;
u_int8_t *frm, *efrm;
u_int16_t algo, seq, status;
int allocbs;
wh = mtod(m0, struct ieee80211_frame *);
frm = (u_int8_t *)&wh[1];
efrm = mtod(m0, u_int8_t *) + m0->m_len;
/*
* auth frame format
* [2] algorithm
* [2] sequence
* [2] status
* [tlv*] challenge
*/
if (frm + 6 > efrm) {
DPRINTF(("ieee80211_recv_auth: too short from %s\n",
ether_sprintf(wh->i_addr2)));
return;
}
algo = le16toh(*(u_int16_t *)frm);
seq = le16toh(*(u_int16_t *)(frm + 2));
status = le16toh(*(u_int16_t *)(frm + 4));
if (algo != IEEE80211_AUTH_ALG_OPEN) {
/* TODO: shared key auth */
DPRINTF(("ieee80211_recv_auth: unsupported auth %d from %s\n",
algo, ether_sprintf(wh->i_addr2)));
return;
}
switch (ic->ic_opmode) {
case IEEE80211_M_IBSS:
if (ic->ic_state != IEEE80211_S_RUN || seq != 1)
return;
ieee80211_new_state(&ic->ic_if, IEEE80211_S_AUTH,
wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
break;
case IEEE80211_M_AHDEMO:
/* should not come here */
break;
case IEEE80211_M_HOSTAP:
if (ic->ic_state != IEEE80211_S_RUN || seq != 1)
return;
allocbs = 0;
ni = ieee80211_find_node(ic, wh->i_addr2);
if (ni == NULL) {
ni = ieee80211_alloc_node(ic, wh->i_addr2, 0);
if (ni == NULL)
return;
IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss.ni_bssid);
allocbs = 1;
}
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_AUTH, 2);
if (ifp->if_flags & IFF_DEBUG)
printf("%s: station %s %s authenticated\n",
ifp->if_xname,
(allocbs ? "newly" : "already"),
ether_sprintf(ni->ni_macaddr));
break;
case IEEE80211_M_STA:
if (ic->ic_state != IEEE80211_S_AUTH || seq != 2)
return;
if (status != 0) {
printf("%s: authentication failed (reason %d) for %s\n",
ic->ic_if.if_xname, status,
ether_sprintf(wh->i_addr3));
ni = ieee80211_find_node(ic, wh->i_addr2);
if (ni != NULL)
ni->ni_fails++;
return;
}
ieee80211_new_state(&ic->ic_if, IEEE80211_S_ASSOC,
wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
break;
}
}
static void
ieee80211_recv_asreq(struct ieee80211com *ic, struct mbuf *m0, int rssi,
u_int32_t rstamp)
{
struct ifnet *ifp = &ic->ic_if;
struct ieee80211_frame *wh;
struct ieee80211_node *ni = &ic->ic_bss;
u_int8_t *frm, *efrm, *ssid, *rates;
u_int16_t capinfo, bintval;
int reassoc, resp, newassoc;
if (ic->ic_opmode != IEEE80211_M_HOSTAP ||
(ic->ic_state != IEEE80211_S_RUN))
return;
wh = mtod(m0, struct ieee80211_frame *);
frm = (u_int8_t *)&wh[1];
efrm = mtod(m0, u_int8_t *) + m0->m_len;
if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
reassoc = 1;
resp = IEEE80211_FC0_SUBTYPE_REASSOC_RESP;
} else {
reassoc = 0;
resp = IEEE80211_FC0_SUBTYPE_ASSOC_RESP;
}
/*
* asreq frame format
* [2] capability information
* [2] listen interval
* [6*] current AP address (reassoc only)
* [tlv] ssid
* [tlv] supported rates
*/
if (frm + (reassoc ? 10 : 4) > efrm) {
DPRINTF(("ieee80211_recv_asreq: too short from %s\n",
ether_sprintf(wh->i_addr2)));
return;
}
if (!IEEE80211_ADDR_EQ(wh->i_addr3, ic->ic_bss.ni_bssid)) {
DPRINTF(("ieee80211_recv_asreq: ignore other bss from %s\n",
ether_sprintf(wh->i_addr2)));
return;
}
capinfo = le16toh(*(u_int16_t *)frm); frm += 2;
bintval = le16toh(*(u_int16_t *)frm); frm += 2;
if (reassoc)
frm += 6; /* ignore current AP info */
ssid = rates = NULL;
while (frm < efrm) {
switch (*frm) {
case IEEE80211_ELEMID_SSID:
ssid = frm;
break;
case IEEE80211_ELEMID_RATES:
rates = frm;
break;
}
frm += frm[1] + 2;
}
if (ssid == NULL || rates == NULL) {
DPRINTF(("ieee80211_recv_asreq: ssid=%p, rates=%p\n",
ssid, rates));
return;
}
if (ssid[1] > IEEE80211_NWID_LEN) {
DPRINTF(("ieee80211_recv_asreq: bad ssid len %d from %s\n",
ssid[1], ether_sprintf(wh->i_addr2)));
return;
}
if (ssid[1] != ic->ic_bss.ni_esslen ||
memcmp(ssid + 2, ic->ic_bss.ni_essid, ssid[1]) != 0) {
#ifdef IEEE80211_DEBUG
if (ieee80211_debug) {
printf("ieee80211_recv_asreq: ssid unmatch ");
ieee80211_print_essid(ssid + 2, ssid[1]);
printf(" from %s\n", ether_sprintf(wh->i_addr2));
}
#endif
return;
}
ni = ieee80211_find_node(ic, wh->i_addr2);
if (ni == NULL) {
DPRINTF(("ieee80211_recv_asreq: not authenticated for %s\n",
ether_sprintf(wh->i_addr2)));
if ((ni = ieee80211_alloc_node(ic, wh->i_addr2, 1)) == NULL)
return;
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_ASSOC_NOT_AUTHED);
ieee80211_free_node(ic, ni);
return;
}
if ((capinfo & IEEE80211_CAPINFO_ESS) == 0 ||
(capinfo & IEEE80211_CAPINFO_PRIVACY) !=
((ic->ic_flags & IEEE80211_F_WEPON) ?
IEEE80211_CAPINFO_PRIVACY : 0)) {
DPRINTF(("ieee80211_recv_asreq: capability unmatch %x for %s\n",
capinfo, ether_sprintf(wh->i_addr2)));
ni->ni_associd = 0;
IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_CAPINFO);
return;
}
memset(ni->ni_rates, 0, IEEE80211_RATE_SIZE);
ni->ni_nrate = rates[1];
memcpy(ni->ni_rates, rates + 2, ni->ni_nrate);
ieee80211_fix_rate(ic, ni, IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE |
IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
if (ni->ni_nrate == 0) {
DPRINTF(("ieee80211_recv_asreq: rate unmatch for %s\n",
ether_sprintf(wh->i_addr2)));
ni->ni_associd = 0;
IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_BASIC_RATE);
return;
}
ni->ni_rssi = rssi;
ni->ni_rstamp = rstamp;
ni->ni_intval = bintval;
ni->ni_capinfo = capinfo;
ni->ni_chan = ic->ic_bss.ni_chan;
ni->ni_fhdwell = ic->ic_bss.ni_fhdwell;
ni->ni_fhindex = ic->ic_bss.ni_fhindex;
if (ni->ni_associd == 0) {
ni->ni_associd = 0xc000 | ic->ic_bss.ni_associd++;
newassoc = 1;
} else
newassoc = 0;
IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS);
if (ifp->if_flags & IFF_DEBUG)
printf("%s: station %s %s associated\n",
ifp->if_xname, (newassoc ? "newly" : "already"),
ether_sprintf(ni->ni_macaddr));
}
static void
ieee80211_recv_asresp(struct ieee80211com *ic, struct mbuf *m0, int rssi,
u_int32_t rstamp)
{
struct ifnet *ifp = &ic->ic_if;
struct ieee80211_frame *wh;
struct ieee80211_node *ni = &ic->ic_bss;
u_int8_t *frm, *efrm, *rates;
int status;
if (ic->ic_opmode != IEEE80211_M_STA ||
ic->ic_state != IEEE80211_S_ASSOC)
return;
wh = mtod(m0, struct ieee80211_frame *);
frm = (u_int8_t *)&wh[1];
efrm = mtod(m0, u_int8_t *) + m0->m_len;
/*
* asresp frame format
* [2] capability information
* [2] status
* [2] association ID
* [tlv] supported rates
*/
if (frm + 6 > efrm) {
DPRINTF(("ieee80211_recv_asresp: too short from %s\n",
ether_sprintf(wh->i_addr2)));
return;
}
ni->ni_capinfo = le16toh(*(u_int16_t *)frm);
frm += 2;
status = le16toh(*(u_int16_t *)frm);
frm += 2;
if (status != 0) {
printf("%s: association failed (reason %d) for %s\n",
ifp->if_xname, status, ether_sprintf(wh->i_addr3));
ni = ieee80211_find_node(ic, wh->i_addr2);
if (ni != NULL)
ni->ni_fails++;
return;
}
ni->ni_associd = le16toh(*(u_int16_t *)frm);
frm += 2;
rates = frm;
memset(ni->ni_rates, 0, IEEE80211_RATE_SIZE);
ni->ni_nrate = rates[1];
memcpy(ni->ni_rates, rates + 2, ni->ni_nrate);
ieee80211_fix_rate(ic, ni, IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE |
IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
if (ni->ni_nrate == 0)
return;
ieee80211_new_state(ifp, IEEE80211_S_RUN,
wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
}
static void
ieee80211_recv_disassoc(struct ieee80211com *ic, struct mbuf *m0, int rssi,
u_int32_t rstamp)
{
struct ifnet *ifp = &ic->ic_if;
struct ieee80211_frame *wh;
struct ieee80211_node *ni;
u_int8_t *frm, *efrm;
u_int16_t reason;
wh = mtod(m0, struct ieee80211_frame *);
frm = (u_int8_t *)&wh[1];
efrm = mtod(m0, u_int8_t *) + m0->m_len;
/*
* disassoc frame format
* [2] reason
*/
if (frm + 2 > efrm) {
DPRINTF(("ieee80211_recv_disassoc: too short from %s\n",
ether_sprintf(wh->i_addr2)));
return;
}
reason = le16toh(*(u_int16_t *)frm);
switch (ic->ic_opmode) {
case IEEE80211_M_STA:
ieee80211_new_state(&ic->ic_if, IEEE80211_S_ASSOC,
wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
break;
case IEEE80211_M_HOSTAP:
if ((ni = ieee80211_find_node(ic, wh->i_addr2)) != NULL) {
if (ifp->if_flags & IFF_DEBUG)
printf("%s: station %s disassociated"
" by peer (reason %d)\n", ifp->if_xname,
ether_sprintf(ni->ni_macaddr), reason);
ni->ni_associd = 0;
}
break;
default:
break;
}
}
static void
ieee80211_recv_deauth(struct ieee80211com *ic, struct mbuf *m0, int rssi,
u_int32_t rstamp)
{
struct ifnet *ifp = &ic->ic_if;
struct ieee80211_frame *wh;
struct ieee80211_node *ni;
u_int8_t *frm, *efrm;
u_int16_t reason;
wh = mtod(m0, struct ieee80211_frame *);
frm = (u_int8_t *)&wh[1];
efrm = mtod(m0, u_int8_t *) + m0->m_len;
/*
* dauth frame format
* [2] reason
*/
if (frm + 2 > efrm) {
DPRINTF(("ieee80211_recv_deauth: too short from %s\n",
ether_sprintf(wh->i_addr2)));
return;
}
reason = le16toh(*(u_int16_t *)frm);
switch (ic->ic_opmode) {
case IEEE80211_M_STA:
ieee80211_new_state(&ic->ic_if, IEEE80211_S_AUTH,
wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
break;
case IEEE80211_M_HOSTAP:
if ((ni = ieee80211_find_node(ic, wh->i_addr2)) != NULL) {
if (ifp->if_flags & IFF_DEBUG)
printf("%s: station %s deauthenticated"
" by peer (reason %d)\n", ifp->if_xname,
ether_sprintf(ni->ni_macaddr), reason);
ieee80211_free_node(ic, ni);
}
break;
default:
break;
}
}
int
ieee80211_new_state(struct ifnet *ifp, enum ieee80211_state nstate, int mgt)
{
struct ieee80211com *ic = (void *)ifp;
struct ieee80211_node *ni = &ic->ic_bss;
int i, error, ostate;
#ifdef IEEE80211_DEBUG
static const char *stname[] =
{ "INIT", "SCAN", "AUTH", "ASSOC", "RUN" };
#endif
ostate = ic->ic_state;
DPRINTF(("ieee80211_new_state: %s -> %s\n",
stname[ostate], stname[nstate]));
if (ic->ic_newstate) {
error = (*ic->ic_newstate)(ic->ic_softc, nstate);
if (error == EINPROGRESS)
return 0;
if (error != 0)
return error;
}
/* state transition */
ic->ic_state = nstate;
switch (nstate) {
case IEEE80211_S_INIT:
switch (ostate) {
case IEEE80211_S_INIT:
break;
case IEEE80211_S_RUN:
switch (ic->ic_opmode) {
case IEEE80211_M_STA:
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DISASSOC,
IEEE80211_REASON_ASSOC_LEAVE);
break;
case IEEE80211_M_HOSTAP:
TAILQ_FOREACH(ni, &ic->ic_node, ni_list) {
if (ni->ni_associd == 0)
continue;
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DISASSOC,
IEEE80211_REASON_ASSOC_LEAVE);
}
break;
default:
break;
}
/* FALLTHRU */
case IEEE80211_S_ASSOC:
switch (ic->ic_opmode) {
case IEEE80211_M_STA:
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_AUTH_LEAVE);
break;
case IEEE80211_M_HOSTAP:
TAILQ_FOREACH(ni, &ic->ic_node, ni_list) {
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_AUTH_LEAVE);
}
break;
default:
break;
}
/* FALLTHRU */
case IEEE80211_S_AUTH:
case IEEE80211_S_SCAN:
ic->ic_scan_timer = 0;
ic->ic_mgt_timer = 0;
IF_PURGE(&ic->ic_mgtq);
if (ic->ic_wep_ctx != NULL) {
free(ic->ic_wep_ctx, M_DEVBUF);
ic->ic_wep_ctx = NULL;
}
ieee80211_free_allnodes(ic);
break;
}
break;
case IEEE80211_S_SCAN:
ic->ic_flags &= ~IEEE80211_F_SIBSS;
ni = &ic->ic_bss;
/* initialize bss for probe request */
IEEE80211_ADDR_COPY(ni->ni_macaddr, ifp->if_broadcastaddr);
IEEE80211_ADDR_COPY(ni->ni_bssid, ifp->if_broadcastaddr);
ni->ni_nrate = 0;
memset(ni->ni_rates, 0, IEEE80211_RATE_SIZE);
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
if (ic->ic_sup_rates[i] != 0)
ni->ni_rates[ni->ni_nrate++] =
ic->ic_sup_rates[i];
}
ni->ni_associd = 0;
ni->ni_rstamp = 0;
switch (ostate) {
case IEEE80211_S_INIT:
ic->ic_flags |= IEEE80211_F_ASCAN;
ic->ic_scan_timer = IEEE80211_ASCAN_WAIT;
/* use lowest rate */
ni->ni_txrate = 0;
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0);
break;
case IEEE80211_S_SCAN:
/* scan next */
if (ic->ic_flags & IEEE80211_F_ASCAN) {
if (ic->ic_scan_timer == 0)
ic->ic_scan_timer =
IEEE80211_ASCAN_WAIT;
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0);
} else {
if (ic->ic_scan_timer == 0)
ic->ic_scan_timer =
IEEE80211_PSCAN_WAIT;
ifp->if_timer = 1;
}
break;
case IEEE80211_S_RUN:
/* beacon miss */
if (ifp->if_flags & IFF_DEBUG)
printf("%s: no recent beacons from %s;"
" rescanning\n",
ifp->if_xname,
ether_sprintf(ic->ic_bss.ni_bssid));
ieee80211_free_allnodes(ic);
/* FALLTHRU */
case IEEE80211_S_AUTH:
case IEEE80211_S_ASSOC:
/* timeout restart scan */
ni = ieee80211_find_node(ic, ic->ic_bss.ni_macaddr);
if (ni != NULL)
ni->ni_fails++;
ic->ic_flags |= IEEE80211_F_ASCAN;
ic->ic_scan_timer = IEEE80211_ASCAN_WAIT;
IEEE80211_SEND_MGMT(ic, &ic->ic_bss,
IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0);
break;
}
break;
case IEEE80211_S_AUTH:
switch (ostate) {
case IEEE80211_S_INIT:
DPRINTF(("ieee80211_new_state: invalid transition\n"));
break;
case IEEE80211_S_SCAN:
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_AUTH, 1);
break;
case IEEE80211_S_AUTH:
case IEEE80211_S_ASSOC:
switch (mgt) {
case IEEE80211_FC0_SUBTYPE_AUTH:
/* ??? */
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_AUTH, 2);
break;
case IEEE80211_FC0_SUBTYPE_DEAUTH:
/* ignore and retry scan on timeout */
break;
}
break;
case IEEE80211_S_RUN:
switch (mgt) {
case IEEE80211_FC0_SUBTYPE_AUTH:
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_AUTH, 2);
ic->ic_state = ostate; /* stay RUN */
break;
case IEEE80211_FC0_SUBTYPE_DEAUTH:
/* try to reauth */
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_AUTH, 1);
break;
}
break;
}
break;
case IEEE80211_S_ASSOC:
switch (ostate) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
case IEEE80211_S_ASSOC:
DPRINTF(("ieee80211_new_state: invalid transition\n"));
break;
case IEEE80211_S_AUTH:
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_ASSOC_REQ, 0);
break;
case IEEE80211_S_RUN:
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_ASSOC_REQ, 1);
break;
}
break;
case IEEE80211_S_RUN:
switch (ostate) {
case IEEE80211_S_INIT:
case IEEE80211_S_AUTH:
case IEEE80211_S_RUN:
DPRINTF(("ieee80211_new_state: invalid transition\n"));
break;
case IEEE80211_S_SCAN: /* adhoc mode */
case IEEE80211_S_ASSOC: /* infra mode */
if (ifp->if_flags & IFF_DEBUG) {
printf("%s: ", ifp->if_xname);
if (ic->ic_opmode == IEEE80211_M_STA)
printf("associated ");
else
printf("synchronized ");
printf("with %s ssid ",
ether_sprintf(ic->ic_bss.ni_bssid));
ieee80211_print_essid(ic->ic_bss.ni_essid,
ic->ic_bss.ni_esslen);
printf(" channel %d\n", ic->ic_bss.ni_chan);
}
/* start with highest negotiated rate */
ic->ic_bss.ni_txrate = ic->ic_bss.ni_nrate - 1;
ic->ic_mgt_timer = 0;
(*ifp->if_start)(ifp);
break;
}
break;
}
return 0;
}
struct mbuf *
ieee80211_wep_crypt(struct ifnet *ifp, struct mbuf *m0, int txflag)
{
struct ieee80211com *ic = (void *)ifp;
struct mbuf *m, *n, *n0;
struct ieee80211_frame *wh;
int i, left, len, moff, noff, kid;
u_int32_t iv, crc;
u_int8_t *ivp;
void *ctx;
u_int8_t keybuf[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE];
u_int8_t crcbuf[IEEE80211_WEP_CRCLEN];
n0 = NULL;
if ((ctx = ic->ic_wep_ctx) == NULL) {
ctx = malloc(arc4_ctxlen(), M_DEVBUF, M_NOWAIT);
if (ctx == NULL)
goto fail;
ic->ic_wep_ctx = ctx;
}
m = m0;
left = m->m_pkthdr.len;
MGET(n, M_DONTWAIT, m->m_type);
n0 = n;
if (n == NULL)
goto fail;
M_COPY_PKTHDR(n, m);
len = IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_CRCLEN;
if (txflag) {
n->m_pkthdr.len += len;
} else {
n->m_pkthdr.len -= len;
left -= len;
}
n->m_len = MHLEN;
if (n->m_pkthdr.len >= MINCLSIZE) {
MCLGET(n, M_DONTWAIT);
if (n->m_flags & M_EXT)
n->m_len = n->m_ext.ext_size;
}
len = sizeof(struct ieee80211_frame);
memcpy(mtod(n, caddr_t), mtod(m, caddr_t), len);
wh = mtod(n, struct ieee80211_frame *);
left -= len;
moff = len;
noff = len;
if (txflag) {
kid = ic->ic_wep_txkey;
wh->i_fc[1] |= IEEE80211_FC1_WEP;
iv = ic->ic_iv;
/*
* Skip 'bad' IVs from Fluhrer/Mantin/Shamir:
* (B, 255, N) with 3 <= B < 8
*/
if (iv >= 0x03ff00 &&
(iv & 0xf8ff00) == 0x00ff00)
iv += 0x000100;
ic->ic_iv = iv + 1;
/* put iv in little endian to prepare 802.11i */
ivp = mtod(n, u_int8_t *) + noff;
for (i = 0; i < IEEE80211_WEP_IVLEN; i++) {
ivp[i] = iv & 0xff;
iv >>= 8;
}
ivp[IEEE80211_WEP_IVLEN] = kid << 6; /* pad and keyid */
noff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN;
} else {
wh->i_fc[1] &= ~IEEE80211_FC1_WEP;
ivp = mtod(m, u_int8_t *) + moff;
kid = ivp[IEEE80211_WEP_IVLEN] >> 6;
moff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN;
}
memcpy(keybuf, ivp, IEEE80211_WEP_IVLEN);
memcpy(keybuf + IEEE80211_WEP_IVLEN, ic->ic_nw_keys[kid].wk_key,
ic->ic_nw_keys[kid].wk_len);
arc4_setkey(ctx, keybuf,
IEEE80211_WEP_IVLEN + ic->ic_nw_keys[kid].wk_len);
/* encrypt with calculating CRC */
crc = ~0;
while (left > 0) {
len = m->m_len - moff;
if (len == 0) {
m = m->m_next;
moff = 0;
continue;
}
if (len > n->m_len - noff) {
len = n->m_len - noff;
if (len == 0) {
MGET(n->m_next, M_DONTWAIT, n->m_type);
if (n->m_next == NULL)
goto fail;
n = n->m_next;
n->m_len = MLEN;
if (left >= MINCLSIZE) {
MCLGET(n, M_DONTWAIT);
if (n->m_flags & M_EXT)
n->m_len = n->m_ext.ext_size;
}
noff = 0;
continue;
}
}
if (len > left)
len = left;
arc4_encrypt(ctx, mtod(n, caddr_t) + noff,
mtod(m, caddr_t) + moff, len);
if (txflag)
crc = ieee80211_crc_update(crc,
mtod(m, u_int8_t *) + moff, len);
else
crc = ieee80211_crc_update(crc,
mtod(n, u_int8_t *) + noff, len);
left -= len;
moff += len;
noff += len;
}
crc = ~crc;
if (txflag) {
*(u_int32_t *)crcbuf = htole32(crc);
if (n->m_len >= noff + sizeof(crcbuf))
n->m_len = noff + sizeof(crcbuf);
else {
n->m_len = noff;
MGET(n->m_next, M_DONTWAIT, n->m_type);
if (n->m_next == NULL)
goto fail;
n = n->m_next;
n->m_len = sizeof(crcbuf);
noff = 0;
}
arc4_encrypt(ctx, mtod(n, caddr_t) + noff, crcbuf,
sizeof(crcbuf));
} else {
n->m_len = noff;
for (noff = 0; noff < sizeof(crcbuf); noff += len) {
len = sizeof(crcbuf) - noff;
if (len > m->m_len - moff)
len = m->m_len - moff;
if (len > 0)
arc4_encrypt(ctx, crcbuf + noff,
mtod(m, caddr_t) + moff, len);
m = m->m_next;
moff = 0;
}
if (crc != le32toh(*(u_int32_t *)crcbuf)) {
#ifdef IEEE80211_DEBUG
if (ieee80211_debug) {
printf("%s: decrypt CRC error\n",
ifp->if_xname);
if (ieee80211_debug > 1)
ieee80211_dump_pkt(n0->m_data,
n0->m_len, -1, -1);
}
#endif
goto fail;
}
}
m_freem(m0);
return n0;
fail:
m_freem(m0);
m_freem(n0);
return NULL;
}
/*
* CRC 32 -- routine from RFC 2083
*/
/* Table of CRCs of all 8-bit messages */
static u_int32_t ieee80211_crc_table[256];
/* Make the table for a fast CRC. */
static void
ieee80211_crc_init(void)
{
u_int32_t c;
int n, k;
for (n = 0; n < 256; n++) {
c = (u_int32_t)n;
for (k = 0; k < 8; k++) {
if (c & 1)
c = 0xedb88320UL ^ (c >> 1);
else
c = c >> 1;
}
ieee80211_crc_table[n] = c;
}
}
/*
* Update a running CRC with the bytes buf[0..len-1]--the CRC
* should be initialized to all 1's, and the transmitted value
* is the 1's complement of the final running CRC
*/
static u_int32_t
ieee80211_crc_update(u_int32_t crc, u_int8_t *buf, int len)
{
u_int8_t *endbuf;
for (endbuf = buf + len; buf < endbuf; buf++)
crc = ieee80211_crc_table[(crc ^ *buf) & 0xff] ^ (crc >> 8);
return crc;
}
/*
* convert IEEE80211 rate value to ifmedia subtype.
* ieee80211 rate is in unit of 0.5Mbps.
*/
int
ieee80211_rate2media(int rate, enum ieee80211_phytype phytype)
{
int mword;
mword = 0;
switch (phytype) {
case IEEE80211_T_FH:
switch (rate & IEEE80211_RATE_VAL) {
case 0:
mword = IFM_AUTO;
break;
case 2:
mword = IFM_IEEE80211_FH1;
break;
case 4:
mword = IFM_IEEE80211_FH2;
break;
default:
mword = IFM_NONE;
break;
}
break;
case IEEE80211_T_DS:
switch (rate & IEEE80211_RATE_VAL) {
case 0:
mword = IFM_AUTO;
break;
case 2:
mword = IFM_IEEE80211_DS1;
break;
case 4:
mword = IFM_IEEE80211_DS2;
break;
case 11:
mword = IFM_IEEE80211_DS5;
break;
case 22:
mword = IFM_IEEE80211_DS11;
break;
default:
mword = IFM_NONE;
break;
}
break;
default:
mword = IFM_MANUAL;
break;
}
return mword;
}
int
ieee80211_media2rate(int mword, enum ieee80211_phytype phytype)
{
int rate;
rate = 0;
switch (phytype) {
case IEEE80211_T_FH:
switch (IFM_SUBTYPE(mword)) {
case IFM_IEEE80211_FH1:
rate = 2;
break;
case IFM_IEEE80211_FH2:
rate = 4;
break;
}
break;
case IEEE80211_T_DS:
switch (IFM_SUBTYPE(mword)) {
case IFM_IEEE80211_DS1:
rate = 2;
break;
case IFM_IEEE80211_DS2:
rate = 4;
break;
case IFM_IEEE80211_DS5:
rate = 11;
break;
case IFM_IEEE80211_DS11:
rate = 22;
break;
}
break;
default:
break;
}
return rate;
}
/*
* XXX
* Wireless LAN specific configuration interface, which is compatible
* with wiconfig(8).
*/
int
ieee80211_cfgget(struct ifnet *ifp, u_long cmd, caddr_t data)
{
struct ieee80211com *ic = (void *)ifp;
int i, j, error;
struct ifreq *ifr = (struct ifreq *)data;
struct wi_req wreq;
struct wi_ltv_keys *keys;
struct wi_apinfo *ap;
struct ieee80211_node *ni;
#ifdef WICACHE
struct wi_sigcache wsc;
#endif /* WICACHE */
error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
if (error)
return error;
wreq.wi_len = 0;
switch (wreq.wi_type) {
case WI_RID_SERIALNO:
/* nothing appropriate */
break;
case WI_RID_NODENAME:
strcpy((char *)&wreq.wi_val[1], hostname);
wreq.wi_val[0] = htole16(strlen(hostname));
wreq.wi_len = (1 + strlen(hostname) + 1) / 2;
break;
case WI_RID_CURRENT_SSID:
if (ic->ic_state != IEEE80211_S_RUN) {
wreq.wi_val[0] = 0;
wreq.wi_len = 1;
break;
}
wreq.wi_val[0] = htole16(ic->ic_bss.ni_esslen);
memcpy(&wreq.wi_val[1], ic->ic_bss.ni_essid,
ic->ic_bss.ni_esslen);
wreq.wi_len = (1 + ic->ic_bss.ni_esslen + 1) / 2;
break;
case WI_RID_OWN_SSID:
case WI_RID_DESIRED_SSID:
wreq.wi_val[0] = htole16(ic->ic_des_esslen);
memcpy(&wreq.wi_val[1], ic->ic_des_essid, ic->ic_des_esslen);
wreq.wi_len = (1 + ic->ic_des_esslen + 1) / 2;
break;
case WI_RID_CURRENT_BSSID:
if (ic->ic_state == IEEE80211_S_RUN)
IEEE80211_ADDR_COPY(wreq.wi_val, ic->ic_bss.ni_bssid);
else
memset(wreq.wi_val, 0, IEEE80211_ADDR_LEN);
wreq.wi_len = IEEE80211_ADDR_LEN / 2;
break;
case WI_RID_CHANNEL_LIST:
memset(wreq.wi_val, 0, sizeof(wreq.wi_val));
/*
* Since channel 0 is not available for DS, channel 1
* is assigned to LSB on WaveLAN.
*/
if (ic->ic_phytype == IEEE80211_T_DS)
i = 1;
else
i = 0;
for (j = 0; i <= IEEE80211_CHAN_MAX; i++, j++) {
if (isset(ic->ic_chan_active, i)) {
setbit((u_int8_t *)wreq.wi_val, j);
wreq.wi_len = j / 16 + 1;
}
}
break;
case WI_RID_OWN_CHNL:
wreq.wi_val[0] = htole16(ic->ic_ibss_chan);
wreq.wi_len = 1;
break;
case WI_RID_CURRENT_CHAN:
wreq.wi_val[0] = htole16(ic->ic_bss.ni_chan);
wreq.wi_len = 1;
break;
case WI_RID_COMMS_QUALITY:
wreq.wi_val[0] = 0; /* quality */
wreq.wi_val[1] = htole16(ic->ic_bss.ni_rssi); /* signal */
wreq.wi_val[2] = 0; /* noise */
wreq.wi_len = 3;
break;
case WI_RID_PROMISC:
wreq.wi_val[0] = htole16((ifp->if_flags & IFF_PROMISC) ? 1 : 0);
wreq.wi_len = 1;
break;
case WI_RID_PORTTYPE:
wreq.wi_val[0] = htole16(ic->ic_opmode);
wreq.wi_len = 1;
break;
case WI_RID_MAC_NODE:
IEEE80211_ADDR_COPY(wreq.wi_val, ic->ic_myaddr);
wreq.wi_len = IEEE80211_ADDR_LEN / 2;
break;
case WI_RID_TX_RATE:
if (ic->ic_fixed_rate == -1)
wreq.wi_val[0] = 0; /* auto */
else
wreq.wi_val[0] = htole16(
(ic->ic_sup_rates[ic->ic_fixed_rate] &
IEEE80211_RATE_VAL) / 2);
wreq.wi_len = 1;
break;
case WI_RID_CUR_TX_RATE:
wreq.wi_val[0] = htole16(
(ic->ic_bss.ni_rates[ic->ic_bss.ni_txrate] &
IEEE80211_RATE_VAL) / 2);
wreq.wi_len = 1;
break;
case WI_RID_RTS_THRESH:
wreq.wi_val[0] = htole16(IEEE80211_MAX_LEN); /* TODO: RTS */
wreq.wi_len = 1;
break;
case WI_RID_CREATE_IBSS:
wreq.wi_val[0] =
htole16((ic->ic_flags & IEEE80211_F_IBSSON) ? 1 : 0);
wreq.wi_len = 1;
break;
case WI_RID_MICROWAVE_OVEN:
wreq.wi_val[0] = 0; /* no ... not supported */
wreq.wi_len = 1;
break;
case WI_RID_ROAMING_MODE:
wreq.wi_val[0] = htole16(1); /* enabled ... not supported */
wreq.wi_len = 1;
break;
case WI_RID_SYSTEM_SCALE:
wreq.wi_val[0] = htole16(1); /* low density ... not supp */
wreq.wi_len = 1;
break;
case WI_RID_PM_ENABLED:
wreq.wi_val[0] =
htole16((ic->ic_flags & IEEE80211_F_PMGTON) ? 1 : 0);
wreq.wi_len = 1;
break;
case WI_RID_MAX_SLEEP:
wreq.wi_val[0] = htole16(ic->ic_lintval);
wreq.wi_len = 1;
break;
case WI_RID_CUR_BEACON_INT:
wreq.wi_val[0] = htole16(ic->ic_bss.ni_intval);
wreq.wi_len = 1;
break;
case WI_RID_WEP_AVAIL:
wreq.wi_val[0] =
htole16((ic->ic_flags & IEEE80211_F_HASWEP) ? 1 : 0);
wreq.wi_len = 1;
break;
case WI_RID_CNFAUTHMODE:
wreq.wi_val[0] = htole16(1); /* TODO: open system only */
wreq.wi_len = 1;
break;
case WI_RID_ENCRYPTION:
wreq.wi_val[0] =
htole16((ic->ic_flags & IEEE80211_F_WEPON) ? 1 : 0);
wreq.wi_len = 1;
break;
case WI_RID_TX_CRYPT_KEY:
wreq.wi_val[0] = htole16(ic->ic_wep_txkey);
wreq.wi_len = 1;
break;
case WI_RID_DEFLT_CRYPT_KEYS:
keys = (struct wi_ltv_keys *)&wreq;
/* do not show keys to non-root user */
error = suser(curproc->p_ucred, &curproc->p_acflag);
if (error) {
memset(keys, 0, sizeof(*keys));
error = 0;
break;
}
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
keys->wi_keys[i].wi_keylen =
htole16(ic->ic_nw_keys[i].wk_len);
memcpy(keys->wi_keys[i].wi_keydat,
ic->ic_nw_keys[i].wk_key, ic->ic_nw_keys[i].wk_len);
}
wreq.wi_len = sizeof(*keys) / 2;
break;
case WI_RID_MAX_DATALEN:
wreq.wi_val[0] = htole16(IEEE80211_MAX_LEN); /* TODO: frag */
wreq.wi_len = 1;
break;
case WI_RID_IFACE_STATS:
/* XXX: should be implemented in lower drivers */
break;
case WI_RID_READ_APS:
if (ic->ic_opmode != IEEE80211_M_HOSTAP) {
for (i = 0; i < IEEE80211_PSCAN_WAIT; i++) {
tsleep((caddr_t)ic, PWAIT | PCATCH, "i80211",
hz);
if (ic->ic_state != IEEE80211_S_SCAN ||
(ic->ic_flags & IEEE80211_F_SCANAP) == 0 ||
(ic->ic_flags & IEEE80211_F_ASCAN) == 0)
break;
}
ic->ic_flags &= ~IEEE80211_F_SCANAP;
}
i = 0;
ap = (void *)((char *)wreq.wi_val + sizeof(i));
TAILQ_FOREACH(ni, &ic->ic_node, ni_list) {
if ((caddr_t)(ap + 1) > (caddr_t)(&wreq + 1))
break;
memset(ap, 0, sizeof(*ap));
if (ic->ic_opmode == IEEE80211_M_HOSTAP)
IEEE80211_ADDR_COPY(ap->bssid, ni->ni_macaddr);
else
IEEE80211_ADDR_COPY(ap->bssid, ni->ni_bssid);
ap->channel = ni->ni_chan;
ap->signal = ni->ni_rssi;
ap->namelen = ni->ni_esslen;
if (ni->ni_esslen)
memcpy(ap->name, ni->ni_essid, ni->ni_esslen);
ap->capinfo = ni->ni_capinfo;
ap->interval = ni->ni_intval;
for (j = 0; j < ni->ni_nrate; j++) {
if (ni->ni_rates[j] & IEEE80211_RATE_BASIC) {
ap->rate = (ni->ni_rates[j] &
IEEE80211_RATE_VAL) * 5; /* XXX */
}
}
i++;
ap++;
}
memcpy(wreq.wi_val, &i, sizeof(i));
wreq.wi_len = (sizeof(int) + sizeof(*ap) * i) / 2;
break;
#ifdef WICACHE
case WI_RID_READ_CACHE:
i = 0;
TAILQ_FOREACH(ni, &ic->ic_node, ni_list) {
if (i == MAXCACHE)
break;
IEEE80211_ADDR_COPY(wsc.macsrc, ni->ni_macaddr);
memset(&wsc.ipsrc, 0, sizeof(wsc.ipsrc));
wsc.signal = ni->rssi;
wsc.noise = 0;
wsc.quality = 0;
memcpy((caddr_t)wreq.wi_val + sizeof(wsc) * i,
&wsc, sizeof(wsc));
i++;
}
wreq.wi_len = sizeof(wsc) * i / 2;
break;
#endif /* WICACHE */
case WI_RID_SCAN_APS:
error = EINVAL;
break;
default:
error = EINVAL;
break;
}
if (error == 0) {
wreq.wi_len++;
error = copyout(&wreq, ifr->ifr_data, sizeof(wreq));
}
return error;
}
int
ieee80211_cfgset(struct ifnet *ifp, u_long cmd, caddr_t data)
{
struct ieee80211com *ic = (void *)ifp;
int i, j, len, error;
struct ifreq *ifr = (struct ifreq *)data;
struct wi_ltv_keys *keys;
struct wi_req wreq;
u_char chanlist[roundup(IEEE80211_CHAN_MAX, NBBY)];
error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
if (error)
return error;
if (wreq.wi_len-- < 1)
return EINVAL;
switch (wreq.wi_type) {
case WI_RID_SERIALNO:
case WI_RID_NODENAME:
return EPERM;
case WI_RID_CURRENT_SSID:
return EPERM;
case WI_RID_OWN_SSID:
case WI_RID_DESIRED_SSID:
len = le16toh(wreq.wi_val[0]);
if (wreq.wi_len < (1 + len + 1) / 2)
return EINVAL;
if (len > IEEE80211_NWID_LEN)
return EINVAL;
ic->ic_des_esslen = len;
memset(ic->ic_des_essid, 0, sizeof(ic->ic_des_essid));
memcpy(ic->ic_des_essid, &wreq.wi_val[1], len);
error = ENETRESET;
break;
case WI_RID_CURRENT_BSSID:
return EPERM;
case WI_RID_OWN_CHNL:
if (wreq.wi_len != 1)
return EINVAL;
i = le16toh(wreq.wi_val[0]);
if (i < 0 ||
i > IEEE80211_CHAN_MAX ||
isclr(ic->ic_chan_active, i))
return EINVAL;
ic->ic_ibss_chan = i;
if (ic->ic_flags & IEEE80211_F_SIBSS)
error = ENETRESET;
break;
case WI_RID_CURRENT_CHAN:
return EPERM;
case WI_RID_COMMS_QUALITY:
return EPERM;
case WI_RID_PROMISC:
if (wreq.wi_len != 1)
return EINVAL;
if (ifp->if_flags & IFF_PROMISC) {
if (wreq.wi_val[0] == 0) {
ifp->if_flags &= ~IFF_PROMISC;
error = ENETRESET;
}
} else {
if (wreq.wi_val[0] != 0) {
ifp->if_flags |= IFF_PROMISC;
error = ENETRESET;
}
}
break;
case WI_RID_PORTTYPE:
if (wreq.wi_len != 1)
return EINVAL;
switch (le16toh(wreq.wi_val[0])) {
case IEEE80211_M_STA:
break;
case IEEE80211_M_IBSS:
if (!(ic->ic_flags & IEEE80211_F_HASIBSS))
return EINVAL;
break;
case IEEE80211_M_AHDEMO:
if (ic->ic_phytype != IEEE80211_T_DS ||
!(ic->ic_flags & IEEE80211_F_HASAHDEMO))
return EINVAL;
break;
case IEEE80211_M_HOSTAP:
if (!(ic->ic_flags & IEEE80211_F_HASHOSTAP))
return EINVAL;
break;
default:
return EINVAL;
}
if (le16toh(wreq.wi_val[0]) != ic->ic_opmode) {
ic->ic_opmode = le16toh(wreq.wi_val[0]);
error = ENETRESET;
}
break;
case WI_RID_MAC_NODE:
if (wreq.wi_len != IEEE80211_ADDR_LEN / 2)
return EINVAL;
IEEE80211_ADDR_COPY(LLADDR(ifp->if_sadl), wreq.wi_val);
/* if_init will copy lladdr into ic_myaddr */
error = ENETRESET;
break;
case WI_RID_TX_RATE:
if (wreq.wi_len != 1)
return EINVAL;
if (wreq.wi_val[0] == 0) {
/* auto */
ic->ic_fixed_rate = -1;
break;
}
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
if (le16toh(wreq.wi_val[0]) ==
(ic->ic_sup_rates[i] & IEEE80211_RATE_VAL) / 2)
break;
}
if (i == IEEE80211_RATE_SIZE)
return EINVAL;
ic->ic_fixed_rate = i;
error = ENETRESET;
break;
case WI_RID_CUR_TX_RATE:
return EPERM;
break;
case WI_RID_RTS_THRESH:
if (wreq.wi_len != 1)
return EINVAL;
if (le16toh(wreq.wi_val[0]) != IEEE80211_MAX_LEN)
return EINVAL; /* TODO: RTS */
break;
case WI_RID_CREATE_IBSS:
if (wreq.wi_len != 1)
return EINVAL;
if (wreq.wi_val[0] != 0) {
if ((ic->ic_flags & IEEE80211_F_HASIBSS) == 0)
return EINVAL;
if ((ic->ic_flags & IEEE80211_F_IBSSON) == 0) {
ic->ic_flags |= IEEE80211_F_IBSSON;
if (ic->ic_opmode == IEEE80211_M_IBSS &&
ic->ic_state == IEEE80211_S_SCAN)
error = ENETRESET;
}
} else {
if (ic->ic_flags & IEEE80211_F_IBSSON) {
ic->ic_flags &= ~IEEE80211_F_IBSSON;
if (ic->ic_flags & IEEE80211_F_SIBSS) {
ic->ic_flags &= ~IEEE80211_F_SIBSS;
error = ENETRESET;
}
}
}
break;
case WI_RID_MICROWAVE_OVEN:
if (wreq.wi_len != 1)
return EINVAL;
if (wreq.wi_val[0] != 0)
return EINVAL; /* not supported */
break;
case WI_RID_ROAMING_MODE:
if (wreq.wi_len != 1)
return EINVAL;
if (le16toh(wreq.wi_val[0]) != 1)
return EINVAL; /* not supported */
break;
case WI_RID_SYSTEM_SCALE:
if (wreq.wi_len != 1)
return EINVAL;
if (le16toh(wreq.wi_val[0]) != 1)
return EINVAL; /* not supported */
break;
case WI_RID_PM_ENABLED:
if (wreq.wi_len != 1)
return EINVAL;
if (wreq.wi_val[0] != 0) {
if ((ic->ic_flags & IEEE80211_F_HASPMGT) == 0)
return EINVAL;
if ((ic->ic_flags & IEEE80211_F_PMGTON) == 0) {
ic->ic_flags |= IEEE80211_F_PMGTON;
error = ENETRESET;
}
} else {
if (ic->ic_flags & IEEE80211_F_PMGTON) {
ic->ic_flags &= ~IEEE80211_F_PMGTON;
error = ENETRESET;
}
}
break;
case WI_RID_MAX_SLEEP:
if (wreq.wi_len != 1)
return EINVAL;
ic->ic_lintval = le16toh(wreq.wi_val[0]);
if (ic->ic_flags & IEEE80211_F_PMGTON)
error = ENETRESET;
break;
case WI_RID_CUR_BEACON_INT:
return EPERM;
case WI_RID_WEP_AVAIL:
return EPERM;
case WI_RID_CNFAUTHMODE:
if (wreq.wi_len != 1)
return EINVAL;
if (le16toh(wreq.wi_val[0]) != 1)
return EINVAL; /* TODO: shared key auth */
break;
case WI_RID_ENCRYPTION:
if (wreq.wi_len != 1)
return EINVAL;
if (wreq.wi_val[0] != 0) {
if ((ic->ic_flags & IEEE80211_F_HASWEP) == 0)
return EINVAL;
if ((ic->ic_flags & IEEE80211_F_WEPON) == 0) {
ic->ic_flags |= IEEE80211_F_WEPON;
error = ENETRESET;
}
} else {
if (ic->ic_flags & IEEE80211_F_WEPON) {
ic->ic_flags &= ~IEEE80211_F_WEPON;
error = ENETRESET;
}
}
break;
case WI_RID_TX_CRYPT_KEY:
if (wreq.wi_len != 1)
return EINVAL;
i = le16toh(wreq.wi_val[0]);
if (i >= IEEE80211_WEP_NKID)
return EINVAL;
ic->ic_wep_txkey = i;
break;
case WI_RID_DEFLT_CRYPT_KEYS:
if (wreq.wi_len != sizeof(struct wi_ltv_keys) / 2)
return EINVAL;
keys = (struct wi_ltv_keys *)&wreq;
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
len = le16toh(keys->wi_keys[i].wi_keylen);
if (len != 0 && len < IEEE80211_WEP_KEYLEN)
return EINVAL;
if (len > sizeof(ic->ic_nw_keys[i].wk_key))
return EINVAL;
}
memset(ic->ic_nw_keys, 0, sizeof(ic->ic_nw_keys));
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
len = le16toh(keys->wi_keys[i].wi_keylen);
ic->ic_nw_keys[i].wk_len = len;
memcpy(ic->ic_nw_keys[i].wk_key,
keys->wi_keys[i].wi_keydat, len);
}
error = ENETRESET;
break;
case WI_RID_MAX_DATALEN:
if (wreq.wi_len != 1)
return EINVAL;
len = le16toh(wreq.wi_val[0]);
if (len < 350 /* ? */ || len > IEEE80211_MAX_LEN)
return EINVAL;
if (len != IEEE80211_MAX_LEN)
return EINVAL; /* TODO: fragment */
break;
case WI_RID_IFACE_STATS:
error = EPERM;
break;
case WI_RID_SCAN_APS:
wreq.wi_len -= 2; /* XXX: tx rate? */
/* FALLTHRU */
case WI_RID_CHANNEL_LIST:
memset(chanlist, 0, sizeof(chanlist));
/*
* Since channel 0 is not available for DS, channel 1
* is assigned to LSB on WaveLAN.
*/
if (ic->ic_phytype == IEEE80211_T_DS)
i = 1;
else
i = 0;
for (j = 0; i <= IEEE80211_CHAN_MAX; i++, j++) {
if (j / 16 >= wreq.wi_len)
break;
if (isclr((u_int8_t *)wreq.wi_val, j))
continue;
if (isclr(ic->ic_chan_avail, i)) {
if (wreq.wi_type == WI_RID_CHANNEL_LIST)
error = EPERM;
else
continue;
}
setbit(chanlist, i);
}
if (error == EPERM && ic->ic_chancheck != NULL)
error = (*ic->ic_chancheck)(ic->ic_softc, chanlist);
if (error)
return error;
memcpy(ic->ic_chan_active, chanlist,
sizeof(ic->ic_chan_active));
if (isclr(chanlist, ic->ic_ibss_chan)) {
for (i = 0; i <= IEEE80211_CHAN_MAX; i++)
if (isset(chanlist, i)) {
ic->ic_ibss_chan = i;
break;
}
}
if (isclr(chanlist, ic->ic_bss.ni_chan))
ic->ic_bss.ni_chan = ic->ic_ibss_chan;
if (wreq.wi_type == WI_RID_CHANNEL_LIST)
error = ENETRESET;
else {
ic->ic_flags |= IEEE80211_F_SCANAP;
error = ieee80211_new_state(ifp, IEEE80211_S_SCAN, -1);
}
break;
default:
error = EINVAL;
break;
}
return error;
}