26ebf5f371
- aging ang clear inactivity stations - DTIM field in beacon/probe response. - ignore IFF_PROMISC for hostap mode, since 802.11 has 3 address fields, so that promisc mode is not required for AP function.
3082 lines
81 KiB
C
3082 lines
81 KiB
C
/* $NetBSD: if_ieee80211subr.c,v 1.12 2002/09/03 14:54:00 onoe Exp $ */
|
|
|
|
/*-
|
|
* Copyright (c) 2001 The NetBSD Foundation, Inc.
|
|
* All rights reserved.
|
|
*
|
|
* This code is derived from software contributed to The NetBSD Foundation
|
|
* by Atsushi Onoe.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by the NetBSD
|
|
* Foundation, Inc. and its contributors.
|
|
* 4. Neither the name of The NetBSD Foundation nor the names of its
|
|
* contributors may be used to endorse or promote products derived
|
|
* from this software without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
/*
|
|
* IEEE 802.11 generic handler
|
|
*/
|
|
|
|
#include <sys/cdefs.h>
|
|
__KERNEL_RCSID(0, "$NetBSD: if_ieee80211subr.c,v 1.12 2002/09/03 14:54:00 onoe Exp $");
|
|
|
|
#include "opt_inet.h"
|
|
#include "bpfilter.h"
|
|
|
|
#include <sys/param.h>
|
|
#include <sys/systm.h>
|
|
#include <sys/mbuf.h>
|
|
#include <sys/malloc.h>
|
|
#include <sys/kernel.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/ioctl.h>
|
|
#include <sys/errno.h>
|
|
#include <sys/device.h>
|
|
#include <sys/proc.h>
|
|
|
|
#include <machine/endian.h>
|
|
|
|
#include <crypto/arc4/arc4.h>
|
|
|
|
#include <net/if.h>
|
|
#include <net/if_dl.h>
|
|
#include <net/if_media.h>
|
|
#include <net/if_ether.h>
|
|
#include <net/if_llc.h>
|
|
#include <net/if_ieee80211.h>
|
|
|
|
#include <dev/ic/wi_ieee.h> /* XXX */
|
|
|
|
#if NBPFILTER > 0
|
|
#include <net/bpf.h>
|
|
#endif
|
|
|
|
#ifdef INET
|
|
#include <netinet/in.h>
|
|
#include <netinet/if_inarp.h>
|
|
#endif
|
|
|
|
#ifdef IEEE80211_DEBUG
|
|
int ieee80211_debug = 0;
|
|
#define DPRINTF(X) if (ieee80211_debug) printf X
|
|
#else
|
|
#define DPRINTF(X)
|
|
#endif
|
|
|
|
static int ieee80211_send_prreq(struct ieee80211com *,
|
|
struct ieee80211_bss *, int, int);
|
|
static int ieee80211_send_prresp(struct ieee80211com *,
|
|
struct ieee80211_bss *, int, int);
|
|
static int ieee80211_send_auth(struct ieee80211com *,
|
|
struct ieee80211_bss *, int, int);
|
|
static int ieee80211_send_deauth(struct ieee80211com *,
|
|
struct ieee80211_bss *, int, int);
|
|
static int ieee80211_send_asreq(struct ieee80211com *,
|
|
struct ieee80211_bss *, int, int);
|
|
static int ieee80211_send_asresp(struct ieee80211com *,
|
|
struct ieee80211_bss *, int, int);
|
|
static int ieee80211_send_disassoc(struct ieee80211com *,
|
|
struct ieee80211_bss *, int, int);
|
|
|
|
static void ieee80211_recv_beacon(struct ieee80211com *,
|
|
struct mbuf *, int, u_int32_t);
|
|
static void ieee80211_recv_prreq(struct ieee80211com *,
|
|
struct mbuf *, int, u_int32_t);
|
|
static void ieee80211_recv_auth(struct ieee80211com *,
|
|
struct mbuf *, int, u_int32_t);
|
|
static void ieee80211_recv_asreq(struct ieee80211com *,
|
|
struct mbuf *, int, u_int32_t);
|
|
static void ieee80211_recv_asresp(struct ieee80211com *,
|
|
struct mbuf *, int, u_int32_t);
|
|
static void ieee80211_recv_disassoc(struct ieee80211com *,
|
|
struct mbuf *, int, u_int32_t);
|
|
static void ieee80211_recv_deauth(struct ieee80211com *,
|
|
struct mbuf *, int, u_int32_t);
|
|
|
|
static void ieee80211_crc_init(void);
|
|
static u_int32_t ieee80211_crc_update(u_int32_t, u_int8_t *, int);
|
|
|
|
static const char *ieee80211_mgt_subtype_name[] = {
|
|
"assoc_req", "assoc_resp", "reassoc_req", "reassoc_resp",
|
|
"probe_req", "probe_resp", "reserved#6", "reserved#7",
|
|
"beacon", "atim", "disassoc", "auth",
|
|
"deauth", "reserved#13", "reserved#14", "reserved#15"
|
|
};
|
|
|
|
void
|
|
ieee80211_ifattach(struct ifnet *ifp)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
int i, rate;
|
|
|
|
ether_ifattach(ifp, ic->ic_myaddr);
|
|
#if NBPFILTER > 0
|
|
bpfattach2(ifp, DLT_IEEE802_11,
|
|
sizeof(struct ieee80211_frame_addr4), &ic->ic_rawbpf);
|
|
#endif
|
|
ieee80211_crc_init();
|
|
memcpy(ic->ic_chan_active, ic->ic_chan_avail,
|
|
sizeof(ic->ic_chan_active));
|
|
if (isclr(ic->ic_chan_active, ic->ic_ibss_chan)) {
|
|
for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
|
|
if (isset(ic->ic_chan_active, i)) {
|
|
ic->ic_ibss_chan = i;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
ic->ic_fixed_rate = -1;
|
|
if (ic->ic_lintval == 0)
|
|
ic->ic_lintval = 100; /* default sleep */
|
|
TAILQ_INIT(&ic->ic_scan);
|
|
rate = 0;
|
|
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
|
|
if (ic->ic_sup_rates[i] != 0)
|
|
rate = (ic->ic_sup_rates[i] & IEEE80211_RATE_VAL) / 2;
|
|
}
|
|
if (rate)
|
|
ifp->if_baudrate = IF_Mbps(rate);
|
|
ifp->if_hdrlen = sizeof(struct ieee80211_frame);
|
|
|
|
/* initialize management frame handler */
|
|
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_PROBE_RESP
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_beacon;
|
|
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_BEACON
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_beacon;
|
|
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_PROBE_REQ
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_prreq;
|
|
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_AUTH
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_auth;
|
|
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_ASSOC_REQ
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_asreq;
|
|
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_REASSOC_REQ
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_asreq;
|
|
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_ASSOC_RESP
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_asresp;
|
|
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_REASSOC_RESP
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_asresp;
|
|
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_DEAUTH
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_deauth;
|
|
ic->ic_recv_mgmt[IEEE80211_FC0_SUBTYPE_DISASSOC
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_recv_disassoc;
|
|
|
|
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_PROBE_REQ
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_prreq;
|
|
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_PROBE_RESP
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_prresp;
|
|
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_AUTH
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_auth;
|
|
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_DEAUTH
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_deauth;
|
|
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_ASSOC_REQ
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_asreq;
|
|
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_REASSOC_REQ
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_asreq;
|
|
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_ASSOC_RESP
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_asresp;
|
|
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_REASSOC_RESP
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_asresp;
|
|
ic->ic_send_mgmt[IEEE80211_FC0_SUBTYPE_DISASSOC
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT] = ieee80211_send_disassoc;
|
|
}
|
|
|
|
void
|
|
ieee80211_ifdetach(struct ifnet *ifp)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
int s;
|
|
|
|
s = splnet();
|
|
IF_PURGE(&ic->ic_mgtq);
|
|
if (ic->ic_wep_ctx != NULL) {
|
|
free(ic->ic_wep_ctx, M_DEVBUF);
|
|
ic->ic_wep_ctx = NULL;
|
|
}
|
|
ieee80211_free_scan(ifp);
|
|
ether_ifdetach(ifp);
|
|
}
|
|
|
|
void
|
|
ieee80211_input(struct ifnet *ifp, struct mbuf *m, int rssi, u_int32_t rstamp)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
struct ieee80211_bss *bs;
|
|
struct ieee80211_frame *wh;
|
|
void (*rh)(struct ieee80211com *, struct mbuf *, int, u_int);
|
|
u_int8_t dir, subtype;
|
|
u_int8_t *bssid;
|
|
u_int16_t rxseq;
|
|
|
|
/* trim CRC here for WEP can find its own CRC at the end of packet. */
|
|
if (m->m_flags & M_HASFCS) {
|
|
m_adj(m, -IEEE80211_CRC_LEN);
|
|
m->m_flags &= ~M_HASFCS;
|
|
}
|
|
|
|
wh = mtod(m, struct ieee80211_frame *);
|
|
if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
|
|
IEEE80211_FC0_VERSION_0) {
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: receive packet with wrong version: %x\n",
|
|
ifp->if_xname, wh->i_fc[0]);
|
|
goto err;
|
|
}
|
|
|
|
dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
|
|
|
|
if (ic->ic_state != IEEE80211_S_SCAN) {
|
|
if ((ic->ic_flags & IEEE80211_F_ADHOC) ||
|
|
(ic->ic_flags & IEEE80211_F_HOSTAP)) {
|
|
if (dir == IEEE80211_FC1_DIR_NODS)
|
|
bssid = wh->i_addr3;
|
|
else
|
|
bssid = wh->i_addr1;
|
|
if (memcmp(bssid, ic->ic_bss.bs_bssid,
|
|
IEEE80211_ADDR_LEN) != 0 &&
|
|
memcmp(bssid, ifp->if_broadcastaddr,
|
|
IEEE80211_ADDR_LEN) != 0) {
|
|
/* not interested in */
|
|
DPRINTF(("ieee80211_input: other bss %s\n",
|
|
ether_sprintf(wh->i_addr3)));
|
|
goto out;
|
|
}
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(wh->i_addr2, bs->bs_macaddr,
|
|
IEEE80211_ADDR_LEN) == 0)
|
|
break;
|
|
}
|
|
if (bs == NULL) {
|
|
DPRINTF(("ieee80211_input: unknown src %s\n",
|
|
ether_sprintf(wh->i_addr2)));
|
|
bs = &ic->ic_bss; /* XXX allocate? */
|
|
}
|
|
} else {
|
|
bs = &ic->ic_bss;
|
|
if (memcmp(wh->i_addr2, bs->bs_bssid,
|
|
IEEE80211_ADDR_LEN) != 0) {
|
|
DPRINTF(("ieee80211_input: other bss %s\n",
|
|
ether_sprintf(wh->i_addr2)));
|
|
/* not interested in */
|
|
goto out;
|
|
}
|
|
}
|
|
bs->bs_rssi = rssi;
|
|
bs->bs_rstamp = rstamp;
|
|
rxseq = bs->bs_rxseq;
|
|
bs->bs_rxseq =
|
|
le16toh(*(u_int16_t *)wh->i_seq) >> IEEE80211_SEQ_SEQ_SHIFT;
|
|
/* TODO: fragment */
|
|
if ((wh->i_fc[1] & IEEE80211_FC1_RETRY) &&
|
|
rxseq == bs->bs_rxseq) {
|
|
/* duplicate, silently discarded */
|
|
goto out;
|
|
}
|
|
bs->bs_inact = 0;
|
|
}
|
|
|
|
switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) {
|
|
case IEEE80211_FC0_TYPE_DATA:
|
|
if (ic->ic_flags & IEEE80211_F_ADHOC) {
|
|
if (dir != IEEE80211_FC1_DIR_NODS)
|
|
goto out;
|
|
} else if (ic->ic_flags & IEEE80211_F_HOSTAP) {
|
|
if (dir != IEEE80211_FC1_DIR_TODS)
|
|
goto out;
|
|
} else {
|
|
if (dir != IEEE80211_FC1_DIR_FROMDS)
|
|
goto out;
|
|
if ((ifp->if_flags & IFF_SIMPLEX) &&
|
|
(wh->i_addr1[1] & 0x01) != 0 &&
|
|
memcmp(wh->i_addr3, ic->ic_myaddr,
|
|
IEEE80211_ADDR_LEN) == 0) {
|
|
/*
|
|
* In IEEE802.11 network, multicast packet
|
|
* sent from me is broadcasted from AP.
|
|
* It should be silently discarded for
|
|
* SIMPLEX interface.
|
|
*/
|
|
goto out;
|
|
}
|
|
}
|
|
if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
|
|
if (ic->ic_flags & IEEE80211_F_WEPON) {
|
|
m = ieee80211_wep_crypt(ifp, m, 0);
|
|
if (m == NULL)
|
|
goto err;
|
|
wh = mtod(m, struct ieee80211_frame *);
|
|
} else
|
|
goto out;
|
|
}
|
|
#if NBPFILTER > 0
|
|
/* copy to listener after decrypt */
|
|
if (ic->ic_rawbpf)
|
|
bpf_mtap(ic->ic_rawbpf, m);
|
|
#endif
|
|
m = ieee80211_decap(ifp, m);
|
|
if (m == NULL)
|
|
goto err;
|
|
#if NBPFILTER > 0
|
|
if (ifp->if_bpf)
|
|
bpf_mtap(ifp->if_bpf, m);
|
|
#endif
|
|
ifp->if_ipackets++;
|
|
(*ifp->if_input)(ifp, m);
|
|
return;
|
|
|
|
case IEEE80211_FC0_TYPE_MGT:
|
|
if (dir != IEEE80211_FC1_DIR_NODS)
|
|
goto err;
|
|
subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
|
|
|
|
/* drop frames without interest */
|
|
if (ic->ic_state == IEEE80211_S_SCAN) {
|
|
if (subtype != IEEE80211_FC0_SUBTYPE_BEACON &&
|
|
subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP)
|
|
goto out;
|
|
} else {
|
|
if (!(ic->ic_flags & IEEE80211_F_ADHOC) &&
|
|
subtype == IEEE80211_FC0_SUBTYPE_BEACON)
|
|
goto out;
|
|
}
|
|
|
|
if (ifp->if_flags & IFF_DEBUG) {
|
|
/* avoid to print too many frames */
|
|
int doprint = 0;
|
|
|
|
switch (subtype) {
|
|
case IEEE80211_FC0_SUBTYPE_BEACON:
|
|
if (ic->ic_state == IEEE80211_S_SCAN)
|
|
doprint = 1;
|
|
break;
|
|
case IEEE80211_FC0_SUBTYPE_PROBE_REQ:
|
|
if (ic->ic_flags & IEEE80211_F_ADHOC)
|
|
doprint = 1;
|
|
break;
|
|
default:
|
|
doprint = 1;
|
|
break;
|
|
}
|
|
#ifdef IEEE80211_DEBUG
|
|
doprint += ieee80211_debug;
|
|
#endif
|
|
if (doprint)
|
|
printf("%s: received %s from %s rssi %d\n",
|
|
ifp->if_xname,
|
|
ieee80211_mgt_subtype_name[subtype
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT],
|
|
ether_sprintf(wh->i_addr2), rssi);
|
|
}
|
|
#if NBPFILTER > 0
|
|
if (ic->ic_rawbpf)
|
|
bpf_mtap(ic->ic_rawbpf, m);
|
|
#endif
|
|
rh = ic->ic_recv_mgmt[subtype >> IEEE80211_FC0_SUBTYPE_SHIFT];
|
|
if (rh != NULL)
|
|
(*rh)(ic, m, rssi, rstamp);
|
|
m_freem(m);
|
|
return;
|
|
|
|
case IEEE80211_FC0_TYPE_CTL:
|
|
default:
|
|
DPRINTF(("ieee80211_input: bad type %x\n", wh->i_fc[0]));
|
|
/* should not come here */
|
|
break;
|
|
}
|
|
err:
|
|
ifp->if_ierrors++;
|
|
out:
|
|
if (m != NULL) {
|
|
#if NBPFILTER > 0
|
|
if (ic->ic_rawbpf)
|
|
bpf_mtap(ic->ic_rawbpf, m);
|
|
#endif
|
|
m_freem(m);
|
|
}
|
|
}
|
|
|
|
int
|
|
ieee80211_mgmt_output(struct ifnet *ifp, struct ieee80211_bss *bs,
|
|
struct mbuf *m, int type)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
struct ieee80211_frame *wh;
|
|
|
|
if (bs == NULL)
|
|
bs = &ic->ic_bss;
|
|
bs->bs_inact = 0;
|
|
M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
|
|
if (m == NULL)
|
|
return ENOMEM;
|
|
wh = mtod(m, struct ieee80211_frame *);
|
|
wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | type;
|
|
wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
|
|
*(u_int16_t *)wh->i_dur = 0;
|
|
*(u_int16_t *)wh->i_seq =
|
|
htole16(bs->bs_txseq << IEEE80211_SEQ_SEQ_SHIFT);
|
|
bs->bs_txseq++;
|
|
memcpy(wh->i_addr1, bs->bs_macaddr, IEEE80211_ADDR_LEN);
|
|
memcpy(wh->i_addr2, ic->ic_myaddr, IEEE80211_ADDR_LEN);
|
|
memcpy(wh->i_addr3, bs->bs_bssid, IEEE80211_ADDR_LEN);
|
|
|
|
if (ifp->if_flags & IFF_DEBUG) {
|
|
/* avoid to print too many frames */
|
|
if ((ic->ic_flags & IEEE80211_F_ADHOC) ||
|
|
(type & IEEE80211_FC0_SUBTYPE_MASK) !=
|
|
IEEE80211_FC0_SUBTYPE_PROBE_RESP)
|
|
printf("%s: sending %s to %s\n", ifp->if_xname,
|
|
ieee80211_mgt_subtype_name[
|
|
(type & IEEE80211_FC0_SUBTYPE_MASK)
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT],
|
|
ether_sprintf(bs->bs_macaddr));
|
|
}
|
|
IF_ENQUEUE(&ic->ic_mgtq, m);
|
|
ifp->if_timer = 1;
|
|
(*ifp->if_start)(ifp);
|
|
return 0;
|
|
}
|
|
|
|
struct mbuf *
|
|
ieee80211_encap(struct ifnet *ifp, struct mbuf *m)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
struct ether_header eh;
|
|
struct ieee80211_frame *wh;
|
|
struct llc *llc;
|
|
struct ieee80211_bss *bs;
|
|
|
|
if (m->m_len < sizeof(struct ether_header)) {
|
|
m = m_pullup(m, sizeof(struct ether_header));
|
|
if (m == NULL)
|
|
return NULL;
|
|
}
|
|
memcpy(&eh, mtod(m, caddr_t), sizeof(struct ether_header));
|
|
|
|
if ((eh.ether_dhost[0] & 0x01) == 0 &&
|
|
((ic->ic_flags & IEEE80211_F_ADHOC) ||
|
|
(ic->ic_flags & IEEE80211_F_HOSTAP))) {
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(bs->bs_macaddr, eh.ether_dhost,
|
|
IEEE80211_ADDR_LEN) == 0)
|
|
break;
|
|
}
|
|
if (bs == NULL ||
|
|
((ic->ic_flags & IEEE80211_F_HOSTAP) &&
|
|
bs->bs_associd == 0)) {
|
|
m_freem(m);
|
|
return NULL;
|
|
}
|
|
} else
|
|
bs = &ic->ic_bss;
|
|
bs->bs_inact = 0;
|
|
|
|
m_adj(m, sizeof(struct ether_header) - sizeof(struct llc));
|
|
llc = mtod(m, struct llc *);
|
|
llc->llc_dsap = llc->llc_ssap = LLC_SNAP_LSAP;
|
|
llc->llc_control = LLC_UI;
|
|
llc->llc_snap.org_code[0] = 0;
|
|
llc->llc_snap.org_code[1] = 0;
|
|
llc->llc_snap.org_code[2] = 0;
|
|
llc->llc_snap.ether_type = eh.ether_type;
|
|
M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT);
|
|
if (m == NULL)
|
|
return NULL;
|
|
wh = mtod(m, struct ieee80211_frame *);
|
|
wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA;
|
|
*(u_int16_t *)wh->i_dur = 0;
|
|
*(u_int16_t *)wh->i_seq =
|
|
htole16(bs->bs_txseq << IEEE80211_SEQ_SEQ_SHIFT);
|
|
bs->bs_txseq++;
|
|
if (ic->ic_flags & IEEE80211_F_ADHOC) {
|
|
wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
|
|
memcpy(wh->i_addr1, eh.ether_dhost, IEEE80211_ADDR_LEN);
|
|
memcpy(wh->i_addr2, eh.ether_shost, IEEE80211_ADDR_LEN);
|
|
memcpy(wh->i_addr3, bs->bs_bssid, IEEE80211_ADDR_LEN);
|
|
} else if (ic->ic_flags & IEEE80211_F_HOSTAP) {
|
|
wh->i_fc[1] = IEEE80211_FC1_DIR_FROMDS;
|
|
memcpy(wh->i_addr1, eh.ether_dhost, IEEE80211_ADDR_LEN);
|
|
memcpy(wh->i_addr2, bs->bs_bssid, IEEE80211_ADDR_LEN);
|
|
memcpy(wh->i_addr3, eh.ether_shost, IEEE80211_ADDR_LEN);
|
|
} else {
|
|
wh->i_fc[1] = IEEE80211_FC1_DIR_TODS;
|
|
memcpy(wh->i_addr1, bs->bs_bssid, IEEE80211_ADDR_LEN);
|
|
memcpy(wh->i_addr2, eh.ether_shost, IEEE80211_ADDR_LEN);
|
|
memcpy(wh->i_addr3, eh.ether_dhost, IEEE80211_ADDR_LEN);
|
|
}
|
|
return m;
|
|
}
|
|
|
|
struct mbuf *
|
|
ieee80211_decap(struct ifnet *ifp, struct mbuf *m)
|
|
{
|
|
struct ether_header *eh;
|
|
struct ieee80211_frame wh;
|
|
struct llc *llc;
|
|
|
|
if (m->m_len < sizeof(wh) + sizeof(*llc)) {
|
|
m = m_pullup(m, sizeof(wh) + sizeof(*llc));
|
|
if (m == NULL)
|
|
return NULL;
|
|
}
|
|
memcpy(&wh, mtod(m, caddr_t), sizeof(wh));
|
|
llc = (struct llc *)(mtod(m, caddr_t) + sizeof(wh));
|
|
if (llc->llc_dsap == LLC_SNAP_LSAP && llc->llc_ssap == LLC_SNAP_LSAP &&
|
|
llc->llc_control == LLC_UI && llc->llc_snap.org_code[0] == 0 &&
|
|
llc->llc_snap.org_code[1] == 0 && llc->llc_snap.org_code[2] == 0) {
|
|
m_adj(m, sizeof(wh) + sizeof(struct llc) - sizeof(*eh));
|
|
llc = NULL;
|
|
} else {
|
|
m_adj(m, sizeof(wh) - sizeof(*eh));
|
|
}
|
|
eh = mtod(m, struct ether_header *);
|
|
switch (wh.i_fc[1] & IEEE80211_FC1_DIR_MASK) {
|
|
case IEEE80211_FC1_DIR_NODS:
|
|
memcpy(eh->ether_dhost, wh.i_addr1, IEEE80211_ADDR_LEN);
|
|
memcpy(eh->ether_shost, wh.i_addr2, IEEE80211_ADDR_LEN);
|
|
break;
|
|
case IEEE80211_FC1_DIR_TODS:
|
|
memcpy(eh->ether_dhost, wh.i_addr3, IEEE80211_ADDR_LEN);
|
|
memcpy(eh->ether_shost, wh.i_addr2, IEEE80211_ADDR_LEN);
|
|
break;
|
|
case IEEE80211_FC1_DIR_FROMDS:
|
|
memcpy(eh->ether_dhost, wh.i_addr1, IEEE80211_ADDR_LEN);
|
|
memcpy(eh->ether_shost, wh.i_addr3, IEEE80211_ADDR_LEN);
|
|
break;
|
|
case IEEE80211_FC1_DIR_DSTODS:
|
|
DPRINTF(("ieee80211_decap: DS to DS\n"));
|
|
m_freem(m);
|
|
return NULL;
|
|
}
|
|
if (!ALIGNED_POINTER(mtod(m, caddr_t) + sizeof(*eh), u_int32_t)) {
|
|
struct mbuf *n, *n0, **np;
|
|
caddr_t newdata;
|
|
int off;
|
|
|
|
n0 = NULL;
|
|
np = &n0;
|
|
off = 0;
|
|
while (m->m_pkthdr.len > off) {
|
|
if (n0 == NULL) {
|
|
MGETHDR(n, M_DONTWAIT, MT_DATA);
|
|
if (n == NULL) {
|
|
m_freem(m);
|
|
return NULL;
|
|
}
|
|
M_COPY_PKTHDR(n, m);
|
|
n->m_len = MHLEN;
|
|
} else {
|
|
MGET(n, M_DONTWAIT, MT_DATA);
|
|
if (n == NULL) {
|
|
m_freem(m);
|
|
m_freem(n0);
|
|
return NULL;
|
|
}
|
|
n->m_len = MLEN;
|
|
}
|
|
if (m->m_pkthdr.len - off >= MINCLSIZE) {
|
|
MCLGET(n, M_DONTWAIT);
|
|
if (n->m_flags & M_EXT)
|
|
n->m_len = n->m_ext.ext_size;
|
|
}
|
|
if (n0 == NULL) {
|
|
newdata =
|
|
(caddr_t)ALIGN(n->m_data + sizeof(*eh)) -
|
|
sizeof(*eh);
|
|
n->m_len -= newdata - n->m_data;
|
|
n->m_data = newdata;
|
|
}
|
|
if (n->m_len > m->m_pkthdr.len - off)
|
|
n->m_len = m->m_pkthdr.len - off;
|
|
m_copydata(m, off, n->m_len, mtod(n, caddr_t));
|
|
off += n->m_len;
|
|
*np = n;
|
|
np = &n->m_next;
|
|
}
|
|
m_freem(m);
|
|
m = n0;
|
|
}
|
|
if (llc != NULL) {
|
|
eh = mtod(m, struct ether_header *);
|
|
eh->ether_type = htons(m->m_pkthdr.len - sizeof(*eh));
|
|
}
|
|
return m;
|
|
}
|
|
|
|
int
|
|
ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
struct ifreq *ifr = (struct ifreq *)data;
|
|
int i, error = 0;
|
|
struct ieee80211_nwid nwid;
|
|
struct ieee80211_nwkey *nwkey;
|
|
struct ieee80211_power *power;
|
|
struct ieee80211_wepkey keys[IEEE80211_WEP_NKID];
|
|
|
|
switch (cmd) {
|
|
case SIOCS80211NWID:
|
|
if ((error = copyin(ifr->ifr_data, &nwid, sizeof(nwid))) != 0)
|
|
break;
|
|
if (nwid.i_len > IEEE80211_NWID_LEN) {
|
|
error = EINVAL;
|
|
break;
|
|
}
|
|
memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN);
|
|
ic->ic_des_esslen = nwid.i_len;
|
|
memcpy(ic->ic_des_essid, nwid.i_nwid, nwid.i_len);
|
|
error = ENETRESET;
|
|
break;
|
|
case SIOCG80211NWID:
|
|
memset(&nwid, 0, sizeof(nwid));
|
|
switch (ic->ic_state) {
|
|
case IEEE80211_S_INIT:
|
|
case IEEE80211_S_SCAN:
|
|
nwid.i_len = ic->ic_des_esslen;
|
|
memcpy(nwid.i_nwid, ic->ic_des_essid, nwid.i_len);
|
|
break;
|
|
default:
|
|
nwid.i_len = ic->ic_bss.bs_esslen;
|
|
memcpy(nwid.i_nwid, ic->ic_bss.bs_essid, nwid.i_len);
|
|
break;
|
|
}
|
|
error = copyout(&nwid, ifr->ifr_data, sizeof(nwid));
|
|
break;
|
|
case SIOCS80211NWKEY:
|
|
nwkey = (struct ieee80211_nwkey *)data;
|
|
if (nwkey->i_wepon == IEEE80211_NWKEY_OPEN) {
|
|
if (ic->ic_flags & IEEE80211_F_WEPON) {
|
|
error = ENETRESET;
|
|
ic->ic_flags &= ~IEEE80211_F_WEPON;
|
|
}
|
|
break;
|
|
}
|
|
if ((ic->ic_flags & IEEE80211_F_HASWEP) == 0) {
|
|
error = EINVAL;
|
|
break;
|
|
}
|
|
/* check and copy keys */
|
|
memset(keys, 0, sizeof(keys));
|
|
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
|
|
keys[i].wk_len = nwkey->i_key[i].i_keylen;
|
|
if ((keys[i].wk_len > 0 &&
|
|
keys[i].wk_len < IEEE80211_WEP_KEYLEN) ||
|
|
keys[i].wk_len > sizeof(keys[i].wk_key)) {
|
|
error = EINVAL;
|
|
break;
|
|
}
|
|
if (keys[i].wk_len <= 0)
|
|
continue;
|
|
if ((error = copyin(nwkey->i_key[i].i_keydat,
|
|
keys[i].wk_key, keys[i].wk_len)) != 0)
|
|
break;
|
|
}
|
|
if (error)
|
|
break;
|
|
i = nwkey->i_defkid - 1;
|
|
if (i < 0 || i >= IEEE80211_WEP_NKID ||
|
|
keys[i].wk_len == 0 ||
|
|
(keys[i].wk_len == -1 && ic->ic_nw_keys[i].wk_len == 0)) {
|
|
error = EINVAL;
|
|
break;
|
|
}
|
|
/* save the key */
|
|
ic->ic_flags |= IEEE80211_F_WEPON;
|
|
ic->ic_wep_txkey = i;
|
|
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
|
|
if (keys[i].wk_len < 0)
|
|
continue;
|
|
ic->ic_nw_keys[i].wk_len = keys[i].wk_len;
|
|
memcpy(ic->ic_nw_keys[i].wk_key, keys[i].wk_key,
|
|
sizeof(keys[i].wk_key));
|
|
}
|
|
error = ENETRESET;
|
|
break;
|
|
case SIOCG80211NWKEY:
|
|
nwkey = (struct ieee80211_nwkey *)data;
|
|
if (ic->ic_flags & IEEE80211_F_WEPON)
|
|
nwkey->i_wepon = IEEE80211_NWKEY_WEP;
|
|
else
|
|
nwkey->i_wepon = IEEE80211_NWKEY_OPEN;
|
|
nwkey->i_defkid = ic->ic_wep_txkey + 1;
|
|
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
|
|
if (nwkey->i_key[i].i_keydat == NULL)
|
|
continue;
|
|
/* do not show any keys to non-root user */
|
|
if ((error = suser(curproc->p_ucred,
|
|
&curproc->p_acflag)) != 0)
|
|
break;
|
|
nwkey->i_key[i].i_keylen = ic->ic_nw_keys[i].wk_len;
|
|
if ((error = copyout(ic->ic_nw_keys[i].wk_key,
|
|
nwkey->i_key[i].i_keydat,
|
|
ic->ic_nw_keys[i].wk_len)) != 0)
|
|
break;
|
|
}
|
|
break;
|
|
case SIOCS80211POWER:
|
|
power = (struct ieee80211_power *)data;
|
|
ic->ic_lintval = power->i_maxsleep;
|
|
if (power->i_enabled != 0) {
|
|
if ((ic->ic_flags & IEEE80211_F_HASPMGT) == 0)
|
|
error = EINVAL;
|
|
else if ((ic->ic_flags & IEEE80211_F_PMGTON) == 0) {
|
|
ic->ic_flags |= IEEE80211_F_PMGTON;
|
|
error = ENETRESET;
|
|
}
|
|
} else {
|
|
if (ic->ic_flags & IEEE80211_F_PMGTON) {
|
|
ic->ic_flags &= ~IEEE80211_F_PMGTON;
|
|
error = ENETRESET;
|
|
}
|
|
}
|
|
break;
|
|
case SIOCG80211POWER:
|
|
power = (struct ieee80211_power *)data;
|
|
power->i_enabled = (ic->ic_flags & IEEE80211_F_PMGTON) ? 1 : 0;
|
|
power->i_maxsleep = ic->ic_lintval;
|
|
break;
|
|
case SIOCGIFGENERIC:
|
|
error = ieee80211_cfgget(ifp, cmd, data);
|
|
break;
|
|
case SIOCSIFGENERIC:
|
|
error = suser(curproc->p_ucred, &curproc->p_acflag);
|
|
if (error)
|
|
break;
|
|
error = ieee80211_cfgset(ifp, cmd, data);
|
|
break;
|
|
default:
|
|
error = ether_ioctl(ifp, cmd, data);
|
|
break;
|
|
}
|
|
return error;
|
|
}
|
|
|
|
void
|
|
ieee80211_print_essid(u_int8_t *essid, int len)
|
|
{
|
|
int i;
|
|
u_int8_t *p;
|
|
|
|
if (len > IEEE80211_NWID_LEN)
|
|
len = IEEE80211_NWID_LEN;
|
|
/* determine printable or not */
|
|
for (i = 0, p = essid; i < len; i++, p++) {
|
|
if (*p < ' ' || *p > 0x7e)
|
|
break;
|
|
}
|
|
if (i == len) {
|
|
printf("\"");
|
|
for (i = 0, p = essid; i < len; i++, p++)
|
|
printf("%c", *p);
|
|
printf("\"");
|
|
} else {
|
|
printf("0x");
|
|
for (i = 0, p = essid; i < len; i++, p++)
|
|
printf("%02x", *p);
|
|
}
|
|
}
|
|
|
|
void
|
|
ieee80211_dump_pkt(u_int8_t *buf, int len, int rate, int rssi)
|
|
{
|
|
struct ieee80211_frame *wh;
|
|
int i;
|
|
|
|
wh = (struct ieee80211_frame *)buf;
|
|
switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
|
|
case IEEE80211_FC1_DIR_NODS:
|
|
printf("NODS %s", ether_sprintf(wh->i_addr2));
|
|
printf("->%s", ether_sprintf(wh->i_addr1));
|
|
printf("(%s)", ether_sprintf(wh->i_addr3));
|
|
break;
|
|
case IEEE80211_FC1_DIR_TODS:
|
|
printf("TODS %s", ether_sprintf(wh->i_addr2));
|
|
printf("->%s", ether_sprintf(wh->i_addr3));
|
|
printf("(%s)", ether_sprintf(wh->i_addr1));
|
|
break;
|
|
case IEEE80211_FC1_DIR_FROMDS:
|
|
printf("FRDS %s", ether_sprintf(wh->i_addr3));
|
|
printf("->%s", ether_sprintf(wh->i_addr1));
|
|
printf("(%s)", ether_sprintf(wh->i_addr2));
|
|
break;
|
|
case IEEE80211_FC1_DIR_DSTODS:
|
|
printf("DSDS %s", ether_sprintf((u_int8_t *)&wh[1]));
|
|
printf("->%s", ether_sprintf(wh->i_addr3));
|
|
printf("(%s", ether_sprintf(wh->i_addr2));
|
|
printf("->%s)", ether_sprintf(wh->i_addr1));
|
|
break;
|
|
}
|
|
switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) {
|
|
case IEEE80211_FC0_TYPE_DATA:
|
|
printf(" data");
|
|
break;
|
|
case IEEE80211_FC0_TYPE_MGT:
|
|
printf(" %s", ieee80211_mgt_subtype_name[
|
|
(wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK)
|
|
>> IEEE80211_FC0_SUBTYPE_SHIFT]);
|
|
break;
|
|
default:
|
|
printf(" type#%d", wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK);
|
|
break;
|
|
}
|
|
if (wh->i_fc[1] & IEEE80211_FC1_WEP)
|
|
printf(" WEP");
|
|
if (rate >= 0)
|
|
printf(" %dM", rate / 2);
|
|
if (rssi >= 0)
|
|
printf(" +%d", rssi);
|
|
printf("\n");
|
|
if (len > 0) {
|
|
for (i = 0; i < len; i++) {
|
|
if ((i & 1) == 0)
|
|
printf(" ");
|
|
printf("%02x", buf[i]);
|
|
}
|
|
printf("\n");
|
|
}
|
|
}
|
|
|
|
void
|
|
ieee80211_watchdog(struct ifnet *ifp)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
struct ieee80211_bss *bs, *nextbs;
|
|
|
|
if (ic->ic_scan_timer) {
|
|
if (--ic->ic_scan_timer == 0) {
|
|
if (ic->ic_state == IEEE80211_S_SCAN)
|
|
ieee80211_end_scan(ifp);
|
|
}
|
|
}
|
|
if (ic->ic_mgt_timer) {
|
|
if (--ic->ic_mgt_timer == 0)
|
|
ieee80211_new_state(ifp, IEEE80211_S_SCAN, -1);
|
|
}
|
|
if (ic->ic_inact_timer) {
|
|
if (--ic->ic_inact_timer == 0) {
|
|
for (bs = TAILQ_FIRST(&ic->ic_scan); bs != NULL; ) {
|
|
if (++bs->bs_inact <= IEEE80211_INACT_MAX) {
|
|
bs = TAILQ_NEXT(bs, bs_list);
|
|
continue;
|
|
}
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: station %s deauthenticate"
|
|
" (reason %d)\n",
|
|
ifp->if_xname,
|
|
ether_sprintf(bs->bs_macaddr),
|
|
IEEE80211_REASON_AUTH_EXPIRE);
|
|
nextbs = TAILQ_NEXT(bs, bs_list);
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_DEAUTH,
|
|
IEEE80211_REASON_AUTH_EXPIRE);
|
|
TAILQ_REMOVE(&ic->ic_scan, bs, bs_list);
|
|
free(bs, M_DEVBUF);
|
|
bs = nextbs;
|
|
}
|
|
if (!TAILQ_EMPTY(&ic->ic_scan))
|
|
ic->ic_inact_timer = IEEE80211_INACT_WAIT;
|
|
}
|
|
}
|
|
if (ic->ic_scan_timer != 0 || ic->ic_mgt_timer != 0 ||
|
|
ic->ic_inact_timer != 0)
|
|
ifp->if_timer = 1;
|
|
}
|
|
|
|
void
|
|
ieee80211_next_scan(struct ifnet *ifp)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
int chan;
|
|
|
|
chan = ic->ic_bss.bs_chan;
|
|
for (;;) {
|
|
chan = (chan + 1) % (IEEE80211_CHAN_MAX + 1);
|
|
if (isset(ic->ic_chan_active, chan))
|
|
break;
|
|
if (chan == ic->ic_bss.bs_chan) {
|
|
DPRINTF(("ieee80211_next_scan: no chan available\n"));
|
|
return;
|
|
}
|
|
}
|
|
DPRINTF(("ieee80211_next_scan: chan %d->%d\n",
|
|
ic->ic_bss.bs_chan, chan));
|
|
ic->ic_bss.bs_chan = chan;
|
|
ieee80211_new_state(ifp, IEEE80211_S_SCAN, -1);
|
|
}
|
|
|
|
void
|
|
ieee80211_end_scan(struct ifnet *ifp)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
struct ieee80211_bss *bs, *nextbs, *selbs;
|
|
void *p;
|
|
u_int8_t rate;
|
|
int i, fail;
|
|
|
|
bs = TAILQ_FIRST(&ic->ic_scan);
|
|
if (bs == NULL) {
|
|
DPRINTF(("ieee80211_end_scan: no scan candidate\n"));
|
|
notfound:
|
|
if ((ic->ic_flags & IEEE80211_F_ADHOC) &&
|
|
(ic->ic_flags & IEEE80211_F_IBSSON) &&
|
|
ic->ic_des_esslen != 0) {
|
|
bs = &ic->ic_bss;
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: creating ibss\n", ifp->if_xname);
|
|
ic->ic_flags |= IEEE80211_F_SIBSS;
|
|
bs->bs_nrate = 0;
|
|
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
|
|
if (ic->ic_sup_rates[i])
|
|
bs->bs_rates[bs->bs_nrate++] =
|
|
ic->ic_sup_rates[i];
|
|
}
|
|
memcpy(bs->bs_macaddr, ic->ic_myaddr,
|
|
IEEE80211_ADDR_LEN);
|
|
memcpy(bs->bs_bssid, ic->ic_myaddr, IEEE80211_ADDR_LEN);
|
|
bs->bs_bssid[0] |= 0x02; /* local bit for IBSS */
|
|
bs->bs_esslen = ic->ic_des_esslen;
|
|
memcpy(bs->bs_essid, ic->ic_des_essid, bs->bs_esslen);
|
|
bs->bs_rssi = 0;
|
|
bs->bs_rstamp = 0;
|
|
memset(bs->bs_tstamp, 0, sizeof(bs->bs_tstamp));
|
|
bs->bs_intval = ic->ic_lintval;
|
|
bs->bs_capinfo = IEEE80211_CAPINFO_IBSS;
|
|
if (ic->ic_flags & IEEE80211_F_WEPON)
|
|
bs->bs_capinfo |= IEEE80211_CAPINFO_PRIVACY;
|
|
bs->bs_chan = ic->ic_ibss_chan;
|
|
if (ic->ic_flags & IEEE80211_F_FH) {
|
|
bs->bs_fhdwell = 200; /* XXX */
|
|
bs->bs_fhindex = 1;
|
|
}
|
|
ieee80211_new_state(ifp, IEEE80211_S_RUN, -1);
|
|
return;
|
|
}
|
|
if (ic->ic_flags & IEEE80211_F_ASCAN) {
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: entering passive scan mode\n",
|
|
ifp->if_xname);
|
|
ic->ic_flags &= ~IEEE80211_F_ASCAN;
|
|
}
|
|
ieee80211_next_scan(ifp);
|
|
return;
|
|
}
|
|
selbs = NULL;
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s:\tmacaddr bssid chan rssi rate flag wep essid\n",
|
|
ifp->if_xname);
|
|
for (; bs != NULL; bs = nextbs) {
|
|
nextbs = TAILQ_NEXT(bs, bs_list);
|
|
if (bs->bs_fails) {
|
|
/*
|
|
* The configuration of the access points may change
|
|
* during my scan. So delete the entry for the AP
|
|
* and retry to associate if there is another beacon.
|
|
*/
|
|
if (bs->bs_fails++ > 2) {
|
|
TAILQ_REMOVE(&ic->ic_scan, bs, bs_list);
|
|
free(bs, M_DEVBUF);
|
|
}
|
|
continue;
|
|
}
|
|
fail = 0;
|
|
if (isclr(ic->ic_chan_active, bs->bs_chan))
|
|
fail |= 0x01;
|
|
if (ic->ic_flags & IEEE80211_F_ADHOC) {
|
|
if ((bs->bs_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
|
|
fail |= 0x02;
|
|
} else {
|
|
if ((bs->bs_capinfo & IEEE80211_CAPINFO_ESS) == 0)
|
|
fail |= 0x02;
|
|
}
|
|
if (ic->ic_flags & IEEE80211_F_WEPON) {
|
|
if ((bs->bs_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
|
|
fail |= 0x04;
|
|
} else {
|
|
if (bs->bs_capinfo & IEEE80211_CAPINFO_PRIVACY)
|
|
fail |= 0x04;
|
|
}
|
|
rate = ieee80211_fix_rate(ic, bs, IEEE80211_F_DONEGO);
|
|
if (rate & IEEE80211_RATE_BASIC)
|
|
fail |= 0x08;
|
|
if (ic->ic_des_esslen != 0 &&
|
|
(bs->bs_esslen != ic->ic_des_esslen ||
|
|
memcmp(bs->bs_essid, ic->ic_des_essid,
|
|
ic->ic_des_esslen != 0)))
|
|
fail |= 0x10;
|
|
if (ifp->if_flags & IFF_DEBUG) {
|
|
printf(" %c %s", fail ? '-' : '+',
|
|
ether_sprintf(bs->bs_macaddr));
|
|
printf(" %s", ether_sprintf(bs->bs_bssid));
|
|
printf(" %3d%c", bs->bs_chan, fail & 0x01 ? '!' : ' ');
|
|
printf(" %+4d", bs->bs_rssi);
|
|
printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2,
|
|
fail & 0x08 ? '!' : ' ');
|
|
printf(" %4s%c",
|
|
(bs->bs_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" :
|
|
(bs->bs_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" :
|
|
"????",
|
|
fail & 0x02 ? '!' : ' ');
|
|
printf(" %3s%c ",
|
|
(bs->bs_capinfo & IEEE80211_CAPINFO_PRIVACY) ?
|
|
"wep" : "no",
|
|
fail & 0x04 ? '!' : ' ');
|
|
ieee80211_print_essid(bs->bs_essid, bs->bs_esslen);
|
|
printf("%s\n", fail & 0x10 ? "!" : "");
|
|
}
|
|
if (!fail) {
|
|
if (selbs == NULL || bs->bs_rssi > selbs->bs_rssi)
|
|
selbs = bs;
|
|
}
|
|
}
|
|
if (selbs == NULL)
|
|
goto notfound;
|
|
p = ic->ic_bss.bs_private;
|
|
ic->ic_bss = *selbs;
|
|
ic->ic_bss.bs_private = p;
|
|
if (p != NULL && ic->ic_bss_privlen)
|
|
memcpy(p, selbs->bs_private, ic->ic_bss_privlen);
|
|
if (ic->ic_flags & IEEE80211_F_ADHOC) {
|
|
ieee80211_fix_rate(ic, &ic->ic_bss, IEEE80211_F_DOFRATE |
|
|
IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
|
|
if (ic->ic_bss.bs_nrate == 0) {
|
|
selbs->bs_fails++;
|
|
goto notfound;
|
|
}
|
|
ieee80211_new_state(ifp, IEEE80211_S_RUN, -1);
|
|
} else
|
|
ieee80211_new_state(ifp, IEEE80211_S_AUTH, -1);
|
|
}
|
|
|
|
struct ieee80211_bss *
|
|
ieee80211_alloc_bss(struct ieee80211com *ic, int copy)
|
|
{
|
|
struct ieee80211_bss *bs;
|
|
|
|
bs = malloc(sizeof(struct ieee80211_bss) + ic->ic_bss_privlen,
|
|
M_DEVBUF, M_NOWAIT);
|
|
if (bs == NULL)
|
|
return NULL;
|
|
if (copy)
|
|
memcpy(bs, &ic->ic_bss, sizeof(struct ieee80211_bss));
|
|
else
|
|
memset(bs, 0, sizeof(struct ieee80211_bss));
|
|
if (ic->ic_bss_privlen) {
|
|
bs->bs_private = &bs[1];
|
|
memset(bs->bs_private, 0, ic->ic_bss_privlen);
|
|
}
|
|
TAILQ_INSERT_TAIL(&ic->ic_scan, bs, bs_list);
|
|
if ((ic->ic_flags & IEEE80211_F_HOSTAP) ||
|
|
(ic->ic_flags & IEEE80211_F_ADHOC))
|
|
ic->ic_inact_timer = IEEE80211_INACT_WAIT;
|
|
return bs;
|
|
}
|
|
|
|
void
|
|
ieee80211_free_scan(struct ifnet *ifp)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
struct ieee80211_bss *bs;
|
|
|
|
while ((bs = TAILQ_FIRST(&ic->ic_scan)) != NULL) {
|
|
TAILQ_REMOVE(&ic->ic_scan, bs, bs_list);
|
|
free(bs, M_DEVBUF);
|
|
}
|
|
ic->ic_inact_timer = 0;
|
|
}
|
|
|
|
int
|
|
ieee80211_fix_rate(struct ieee80211com *ic, struct ieee80211_bss *bs, int flags)
|
|
{
|
|
int i, j, ignore, error;
|
|
int okrate, badrate;
|
|
u_int8_t r;
|
|
|
|
error = 0;
|
|
okrate = badrate = 0;
|
|
for (i = 0; i < bs->bs_nrate; ) {
|
|
ignore = 0;
|
|
if (flags & IEEE80211_F_DOSORT) {
|
|
for (j = i + 1; j < bs->bs_nrate; j++) {
|
|
if ((bs->bs_rates[i] & IEEE80211_RATE_VAL) >
|
|
(bs->bs_rates[j] & IEEE80211_RATE_VAL)) {
|
|
r = bs->bs_rates[i];
|
|
bs->bs_rates[i] = bs->bs_rates[j];
|
|
bs->bs_rates[j] = r;
|
|
}
|
|
}
|
|
}
|
|
r = bs->bs_rates[i] & IEEE80211_RATE_VAL;
|
|
badrate = r;
|
|
if (flags & IEEE80211_F_DOFRATE) {
|
|
if (ic->ic_fixed_rate >= 0 &&
|
|
r != (ic->ic_sup_rates[ic->ic_fixed_rate] &
|
|
IEEE80211_RATE_VAL))
|
|
ignore++;
|
|
}
|
|
if (flags & IEEE80211_F_DONEGO) {
|
|
for (j = 0; j < IEEE80211_RATE_SIZE; j++) {
|
|
if (r ==
|
|
(ic->ic_sup_rates[j] & IEEE80211_RATE_VAL))
|
|
break;
|
|
}
|
|
if (j == IEEE80211_RATE_SIZE) {
|
|
if (bs->bs_rates[i] & IEEE80211_RATE_BASIC)
|
|
error++;
|
|
ignore++;
|
|
}
|
|
}
|
|
if (flags & IEEE80211_F_DODEL) {
|
|
if (ignore) {
|
|
bs->bs_nrate--;
|
|
for (j = i; j < bs->bs_nrate; j++)
|
|
bs->bs_rates[j] = bs->bs_rates[j + 1];
|
|
bs->bs_rates[j] = 0;
|
|
continue;
|
|
}
|
|
}
|
|
if (!ignore)
|
|
okrate = bs->bs_rates[i];
|
|
i++;
|
|
}
|
|
if (okrate == 0 || error != 0)
|
|
return badrate | IEEE80211_RATE_BASIC;
|
|
return okrate & IEEE80211_RATE_VAL;
|
|
}
|
|
|
|
static int
|
|
ieee80211_send_prreq(struct ieee80211com *ic, struct ieee80211_bss *bs,
|
|
int type, int dummy)
|
|
{
|
|
int i, ret;
|
|
struct mbuf *m;
|
|
u_int8_t *frm;
|
|
|
|
/*
|
|
* prreq frame format
|
|
* [tlv] ssid
|
|
* [tlv] supported rates
|
|
*/
|
|
MGETHDR(m, M_DONTWAIT, MT_DATA);
|
|
if (m == NULL)
|
|
return ENOMEM;
|
|
m->m_data += sizeof(struct ieee80211_frame);
|
|
frm = mtod(m, u_int8_t *);
|
|
|
|
*frm++ = IEEE80211_ELEMID_SSID;
|
|
*frm++ = ic->ic_des_esslen;
|
|
memcpy(frm, ic->ic_des_essid, ic->ic_des_esslen);
|
|
frm += ic->ic_des_esslen;
|
|
|
|
*frm++ = IEEE80211_ELEMID_RATES;
|
|
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
|
|
if (ic->ic_sup_rates[i] != 0)
|
|
frm[i + 1] = ic->ic_sup_rates[i];
|
|
}
|
|
*frm++ = i;
|
|
frm += i;
|
|
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
|
|
|
|
ret = ieee80211_mgmt_output(&ic->ic_if, bs, m, type);
|
|
ic->ic_mgt_timer = IEEE80211_TRANS_WAIT;
|
|
return ret;
|
|
}
|
|
|
|
static int
|
|
ieee80211_send_prresp(struct ieee80211com *ic, struct ieee80211_bss *bs0,
|
|
int type, int dummy)
|
|
{
|
|
struct mbuf *m;
|
|
u_int8_t *frm;
|
|
struct ieee80211_bss *bs = &ic->ic_bss;
|
|
u_int16_t capinfo;
|
|
|
|
/*
|
|
* probe response frame format
|
|
* [8] time stamp
|
|
* [2] beacon interval
|
|
* [2] cabability information
|
|
* [tlv] ssid
|
|
* [tlv] supported rates
|
|
* [tlv] parameter set (IBSS)
|
|
*/
|
|
MGETHDR(m, M_DONTWAIT, MT_DATA);
|
|
if (m == NULL)
|
|
return ENOMEM;
|
|
m->m_data += sizeof(struct ieee80211_frame);
|
|
frm = mtod(m, u_int8_t *);
|
|
|
|
memset(frm, 0, 8); /* timestamp should be filled later */
|
|
frm += 8;
|
|
*(u_int16_t *)frm = htole16(bs->bs_intval);
|
|
frm += 2;
|
|
if (ic->ic_flags & IEEE80211_F_ADHOC)
|
|
capinfo = IEEE80211_CAPINFO_IBSS;
|
|
else
|
|
capinfo = IEEE80211_CAPINFO_ESS;
|
|
if (ic->ic_flags & IEEE80211_F_WEPON)
|
|
capinfo |= IEEE80211_CAPINFO_PRIVACY;
|
|
*(u_int16_t *)frm = htole16(capinfo);
|
|
frm += 2;
|
|
*frm++ = IEEE80211_ELEMID_SSID;
|
|
*frm++ = bs->bs_esslen;
|
|
memcpy(frm, bs->bs_essid, bs->bs_esslen);
|
|
frm += bs->bs_esslen;
|
|
*frm++ = IEEE80211_ELEMID_RATES;
|
|
*frm++ = bs->bs_nrate;
|
|
memcpy(frm, bs->bs_rates, bs->bs_nrate);
|
|
frm += bs->bs_nrate;
|
|
if (ic->ic_flags & IEEE80211_F_ADHOC) {
|
|
*frm++ = IEEE80211_ELEMID_IBSSPARMS;
|
|
*frm++ = 2;
|
|
*frm++ = 0; *frm++ = 0; /* TODO: ATIM window */
|
|
} else {
|
|
/* TODO: TIM */
|
|
*frm++ = IEEE80211_ELEMID_TIM;
|
|
*frm++ = 4; /* length */
|
|
*frm++ = 0; /* DTIM count */
|
|
*frm++ = 1; /* DTIM period */
|
|
*frm++ = 0; /* bitmap control */
|
|
*frm++ = 0; /* Partial Virtual Bitmap (variable length) */
|
|
}
|
|
/* TODO: check MHLEN limit */
|
|
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
|
|
|
|
return ieee80211_mgmt_output(&ic->ic_if, bs0, m, type);
|
|
}
|
|
|
|
static int
|
|
ieee80211_send_auth(struct ieee80211com *ic, struct ieee80211_bss *bs,
|
|
int type, int seq)
|
|
{
|
|
struct mbuf *m;
|
|
u_int16_t *frm;
|
|
int ret;
|
|
|
|
MGETHDR(m, M_DONTWAIT, MT_DATA);
|
|
if (m == NULL)
|
|
return ENOMEM;
|
|
MH_ALIGN(m, 2 * 3);
|
|
m->m_pkthdr.len = m->m_len = 6;
|
|
frm = mtod(m, u_int16_t *);
|
|
/* TODO: shared key auth */
|
|
frm[0] = htole16(IEEE80211_AUTH_ALG_OPEN);
|
|
frm[1] = htole16(seq);
|
|
frm[2] = 0; /* status */
|
|
ret = ieee80211_mgmt_output(&ic->ic_if, bs, m, type);
|
|
if ((ic->ic_flags & IEEE80211_F_ADHOC) != 0 &&
|
|
(ic->ic_flags & IEEE80211_F_HOSTAP) != 0)
|
|
ic->ic_mgt_timer = IEEE80211_TRANS_WAIT;
|
|
return ret;
|
|
}
|
|
|
|
static int
|
|
ieee80211_send_deauth(struct ieee80211com *ic, struct ieee80211_bss *bs,
|
|
int type, int reason)
|
|
{
|
|
struct ifnet *ifp = &ic->ic_if;
|
|
struct mbuf *m;
|
|
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: station %s deauthenticate (reason %d)\n",
|
|
ifp->if_xname, ether_sprintf(bs->bs_macaddr), reason);
|
|
MGETHDR(m, M_DONTWAIT, MT_DATA);
|
|
if (m == NULL)
|
|
return ENOMEM;
|
|
MH_ALIGN(m, 2);
|
|
m->m_pkthdr.len = m->m_len = 2;
|
|
*mtod(m, u_int16_t *) = htole16(reason);
|
|
return ieee80211_mgmt_output(&ic->ic_if, bs, m, type);
|
|
}
|
|
|
|
static int
|
|
ieee80211_send_asreq(struct ieee80211com *ic, struct ieee80211_bss *bs,
|
|
int type, int dummy)
|
|
{
|
|
struct mbuf *m;
|
|
u_int8_t *frm, *rates;
|
|
u_int16_t capinfo;
|
|
int i, ret;
|
|
|
|
/*
|
|
* asreq frame format
|
|
* [2] capability information
|
|
* [2] listen interval
|
|
* [6*] current AP address (reassoc only)
|
|
* [tlv] ssid
|
|
* [tlv] supported rates
|
|
*/
|
|
MGETHDR(m, M_DONTWAIT, MT_DATA);
|
|
if (m == NULL)
|
|
return ENOMEM;
|
|
m->m_data += sizeof(struct ieee80211_frame);
|
|
frm = mtod(m, u_int8_t *);
|
|
|
|
capinfo = 0;
|
|
if (ic->ic_flags & IEEE80211_F_ADHOC)
|
|
capinfo |= IEEE80211_CAPINFO_IBSS;
|
|
else
|
|
capinfo |= IEEE80211_CAPINFO_ESS;
|
|
if (ic->ic_flags & IEEE80211_F_WEPON)
|
|
capinfo |= IEEE80211_CAPINFO_PRIVACY;
|
|
*(u_int16_t *)frm = htole16(capinfo);
|
|
frm += 2;
|
|
|
|
*(u_int16_t *)frm = htole16(ic->ic_lintval);
|
|
frm += 2;
|
|
|
|
if (type == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
|
|
memcpy(frm, ic->ic_bss.bs_bssid, IEEE80211_ADDR_LEN);
|
|
frm += IEEE80211_ADDR_LEN;
|
|
}
|
|
|
|
*frm++ = IEEE80211_ELEMID_SSID;
|
|
*frm++ = bs->bs_esslen;
|
|
memcpy(frm, bs->bs_essid, bs->bs_esslen);
|
|
frm += bs->bs_esslen;
|
|
|
|
*frm++ = IEEE80211_ELEMID_RATES;
|
|
rates = frm++; /* update later */
|
|
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
|
|
if (bs->bs_rates[i] != 0)
|
|
*frm++ = bs->bs_rates[i];
|
|
}
|
|
*rates = frm - (rates + 1);
|
|
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
|
|
ret = ieee80211_mgmt_output(&ic->ic_if, bs, m, type);
|
|
ic->ic_mgt_timer = IEEE80211_TRANS_WAIT;
|
|
return ret;
|
|
}
|
|
|
|
static int
|
|
ieee80211_send_asresp(struct ieee80211com *ic, struct ieee80211_bss *bs,
|
|
int type, int status)
|
|
{
|
|
struct mbuf *m;
|
|
u_int8_t *frm, *rates, *r;
|
|
u_int16_t capinfo;
|
|
int i;
|
|
|
|
/*
|
|
* asreq frame format
|
|
* [2] capability information
|
|
* [2] status
|
|
* [2] association ID
|
|
* [tlv] supported rates
|
|
*/
|
|
MGETHDR(m, M_DONTWAIT, MT_DATA);
|
|
if (m == NULL)
|
|
return ENOMEM;
|
|
m->m_data += sizeof(struct ieee80211_frame);
|
|
frm = mtod(m, u_int8_t *);
|
|
|
|
capinfo = IEEE80211_CAPINFO_ESS;
|
|
if (ic->ic_flags & IEEE80211_F_WEPON)
|
|
capinfo |= IEEE80211_CAPINFO_PRIVACY;
|
|
*(u_int16_t *)frm = htole16(capinfo);
|
|
frm += 2;
|
|
|
|
*(u_int16_t *)frm = htole16(status);
|
|
frm += 2;
|
|
|
|
if (status == IEEE80211_STATUS_SUCCESS && bs != NULL)
|
|
*(u_int16_t *)frm = htole16(bs->bs_associd);
|
|
else
|
|
*(u_int16_t *)frm = htole16(0);
|
|
frm += 2;
|
|
|
|
*frm++ = IEEE80211_ELEMID_RATES;
|
|
rates = frm++; /* update later */
|
|
if (bs != NULL)
|
|
r = bs->bs_rates;
|
|
else
|
|
r = ic->ic_bss.bs_rates;
|
|
for (i = 0; i < IEEE80211_RATE_SIZE; i++, r++) {
|
|
if (*r != 0)
|
|
*frm++ = *r;
|
|
}
|
|
*rates = frm - (rates + 1);
|
|
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
|
|
return ieee80211_mgmt_output(&ic->ic_if, bs, m, type);
|
|
}
|
|
|
|
static int
|
|
ieee80211_send_disassoc(struct ieee80211com *ic, struct ieee80211_bss *bs,
|
|
int type, int reason)
|
|
{
|
|
struct ifnet *ifp = &ic->ic_if;
|
|
struct mbuf *m;
|
|
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: station %s disassociate (reason %d)\n",
|
|
ifp->if_xname, ether_sprintf(bs->bs_macaddr), reason);
|
|
MGETHDR(m, M_DONTWAIT, MT_DATA);
|
|
if (m == NULL)
|
|
return ENOMEM;
|
|
MH_ALIGN(m, 2);
|
|
m->m_pkthdr.len = m->m_len = 2;
|
|
*mtod(m, u_int16_t *) = htole16(reason);
|
|
return ieee80211_mgmt_output(&ic->ic_if, bs, m,
|
|
IEEE80211_FC0_SUBTYPE_DISASSOC);
|
|
}
|
|
|
|
static void
|
|
ieee80211_recv_beacon(struct ieee80211com *ic, struct mbuf *m0, int rssi,
|
|
u_int32_t rstamp)
|
|
{
|
|
struct ieee80211_frame *wh;
|
|
struct ieee80211_bss *bs;
|
|
u_int8_t *frm, *efrm, *tstamp, *bintval, *capinfo, *ssid, *rates;
|
|
u_int8_t chan, fhindex;
|
|
u_int16_t fhdwell;
|
|
|
|
if ((ic->ic_flags & IEEE80211_F_ADHOC) == 0 &&
|
|
ic->ic_state != IEEE80211_S_SCAN) {
|
|
/* XXX: may be useful for background scan */
|
|
return;
|
|
}
|
|
|
|
wh = mtod(m0, struct ieee80211_frame *);
|
|
frm = (u_int8_t *)&wh[1];
|
|
efrm = mtod(m0, u_int8_t *) + m0->m_len;
|
|
/*
|
|
* beacon frame format
|
|
* [8] time stamp
|
|
* [2] beacon interval
|
|
* [2] cabability information
|
|
* [tlv] ssid
|
|
* [tlv] supported rates
|
|
* [tlv] parameter set (FH/DS)
|
|
*/
|
|
tstamp = frm; frm += 8;
|
|
bintval = frm; frm += 2;
|
|
capinfo = frm; frm += 2;
|
|
ssid = rates = NULL;
|
|
chan = ic->ic_bss.bs_chan;
|
|
fhdwell = 0;
|
|
fhindex = 0;
|
|
while (frm < efrm) {
|
|
switch (*frm) {
|
|
case IEEE80211_ELEMID_SSID:
|
|
ssid = frm;
|
|
break;
|
|
case IEEE80211_ELEMID_RATES:
|
|
rates = frm;
|
|
break;
|
|
case IEEE80211_ELEMID_FHPARMS:
|
|
if (ic->ic_flags & IEEE80211_F_FH) {
|
|
fhdwell = (frm[3] << 8) | frm[2];
|
|
chan = IEEE80211_FH_CHAN(frm[4], frm[5]);
|
|
fhindex = frm[6];
|
|
}
|
|
break;
|
|
case IEEE80211_ELEMID_DSPARMS:
|
|
if (ic->ic_flags & IEEE80211_F_DS)
|
|
chan = frm[2];
|
|
break;
|
|
}
|
|
frm += frm[1] + 2;
|
|
}
|
|
if (ssid == NULL || rates == NULL) {
|
|
DPRINTF(("ieee80211_recv_beacon: ssid=%p, rates=%p, chan=%d\n",
|
|
ssid, rates, chan));
|
|
return;
|
|
}
|
|
if (ssid[1] > IEEE80211_NWID_LEN) {
|
|
DPRINTF(("ieee80211_recv_beacon: bad ssid len %d from %s\n",
|
|
ssid[1], ether_sprintf(wh->i_addr2)));
|
|
return;
|
|
}
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(bs->bs_macaddr, wh->i_addr2,
|
|
IEEE80211_ADDR_LEN) == 0 &&
|
|
memcmp(bs->bs_bssid, wh->i_addr3,
|
|
IEEE80211_ADDR_LEN) == 0)
|
|
break;
|
|
}
|
|
#ifdef IEEE80211_DEBUG
|
|
if (ieee80211_debug &&
|
|
(ieee80211_debug > 1 || bs == NULL ||
|
|
ic->ic_state == IEEE80211_S_SCAN)) {
|
|
printf("ieee80211_recv_prreq: %sbeacon ",
|
|
(bs == NULL ? "new " : ""));
|
|
ieee80211_print_essid(ssid + 2, ssid[1]);
|
|
printf(" from %s\n", ether_sprintf(wh->i_addr2));
|
|
}
|
|
#endif
|
|
if (bs == NULL) {
|
|
if ((bs = ieee80211_alloc_bss(ic, 0)) == NULL)
|
|
return;
|
|
memcpy(bs->bs_macaddr, wh->i_addr2, IEEE80211_ADDR_LEN);
|
|
memcpy(bs->bs_bssid, wh->i_addr3, IEEE80211_ADDR_LEN);
|
|
bs->bs_esslen = ssid[1];
|
|
memset(bs->bs_essid, 0, sizeof(bs->bs_essid));
|
|
memcpy(bs->bs_essid, ssid + 2, ssid[1]);
|
|
} else if (ssid[1] != 0) {
|
|
/*
|
|
* Update ESSID at probe response to adopt hidden AP by
|
|
* Lucent/Cisco, which announces null ESSID in beacon.
|
|
*/
|
|
if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
|
|
IEEE80211_FC0_SUBTYPE_PROBE_RESP) {
|
|
bs->bs_esslen = ssid[1];
|
|
memset(bs->bs_essid, 0, sizeof(bs->bs_essid));
|
|
memcpy(bs->bs_essid, ssid + 2, ssid[1]);
|
|
}
|
|
}
|
|
memset(bs->bs_rates, 0, IEEE80211_RATE_SIZE);
|
|
bs->bs_nrate = rates[1];
|
|
memcpy(bs->bs_rates, rates + 2, bs->bs_nrate);
|
|
ieee80211_fix_rate(ic, bs, IEEE80211_F_DOSORT);
|
|
bs->bs_rssi = rssi;
|
|
bs->bs_rstamp = rstamp;
|
|
memcpy(bs->bs_tstamp, tstamp, sizeof(bs->bs_tstamp));
|
|
bs->bs_intval = le16toh(*(u_int16_t *)bintval);
|
|
bs->bs_capinfo = le16toh(*(u_int16_t *)capinfo);
|
|
bs->bs_chan = chan;
|
|
bs->bs_fhdwell = fhdwell;
|
|
bs->bs_fhindex = fhindex;
|
|
if (ic->ic_state == IEEE80211_S_SCAN && ic->ic_scan_timer == 0)
|
|
ieee80211_end_scan(&ic->ic_if);
|
|
}
|
|
|
|
static void
|
|
ieee80211_recv_prreq(struct ieee80211com *ic, struct mbuf *m0, int rssi,
|
|
u_int32_t rstamp)
|
|
{
|
|
struct ieee80211_frame *wh;
|
|
struct ieee80211_bss *bs;
|
|
u_int8_t *frm, *efrm, *ssid, *rates;
|
|
u_int8_t rate;
|
|
int allocbs;
|
|
|
|
if ((ic->ic_flags & IEEE80211_F_ADHOC) == 0 &&
|
|
(ic->ic_flags & IEEE80211_F_HOSTAP) == 0)
|
|
return;
|
|
if (ic->ic_state != IEEE80211_S_RUN)
|
|
return;
|
|
|
|
wh = mtod(m0, struct ieee80211_frame *);
|
|
frm = (u_int8_t *)&wh[1];
|
|
efrm = mtod(m0, u_int8_t *) + m0->m_len;
|
|
/*
|
|
* prreq frame format
|
|
* [tlv] ssid
|
|
* [tlv] supported rates
|
|
*/
|
|
ssid = rates = NULL;
|
|
while (frm < efrm) {
|
|
switch (*frm) {
|
|
case IEEE80211_ELEMID_SSID:
|
|
ssid = frm;
|
|
break;
|
|
case IEEE80211_ELEMID_RATES:
|
|
rates = frm;
|
|
break;
|
|
}
|
|
frm += frm[1] + 2;
|
|
}
|
|
if (ssid == NULL || rates == NULL) {
|
|
DPRINTF(("ieee80211_recv_prreq: ssid=%p, rates=%p\n",
|
|
ssid, rates));
|
|
return;
|
|
}
|
|
if (ssid[1] != 0 &&
|
|
(ssid[1] != ic->ic_bss.bs_esslen ||
|
|
memcmp(ssid + 2, ic->ic_bss.bs_essid, ic->ic_bss.bs_esslen) != 0)) {
|
|
#ifdef IEEE80211_DEBUG
|
|
if (ieee80211_debug) {
|
|
printf("ieee80211_recv_prreq: ssid unmatch ");
|
|
ieee80211_print_essid(ssid + 2, ssid[1]);
|
|
printf(" from %s\n", ether_sprintf(wh->i_addr2));
|
|
}
|
|
#endif
|
|
return;
|
|
}
|
|
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(bs->bs_macaddr, wh->i_addr2,
|
|
IEEE80211_ADDR_LEN) == 0)
|
|
break;
|
|
}
|
|
if (bs == NULL) {
|
|
if ((bs = ieee80211_alloc_bss(ic, 1)) == NULL)
|
|
return;
|
|
DPRINTF(("ieee80211_recv_prreq: new req from %s\n",
|
|
ether_sprintf(wh->i_addr2)));
|
|
memcpy(bs->bs_macaddr, wh->i_addr2, IEEE80211_ADDR_LEN);
|
|
allocbs = 1;
|
|
} else
|
|
allocbs = 0;
|
|
memset(bs->bs_rates, 0, IEEE80211_RATE_SIZE);
|
|
bs->bs_nrate = rates[1];
|
|
memcpy(bs->bs_rates, rates + 2, bs->bs_nrate);
|
|
bs->bs_rssi = rssi;
|
|
bs->bs_rstamp = rstamp;
|
|
rate = ieee80211_fix_rate(ic, bs, IEEE80211_F_DOSORT |
|
|
IEEE80211_F_DOFRATE | IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
|
|
if (rate & IEEE80211_RATE_BASIC) {
|
|
DPRINTF(("ieee80211_recv_prreq: rate negotiation failed: %s\n",
|
|
ether_sprintf(wh->i_addr2)));
|
|
} else {
|
|
IEEE80211_SEND_MGMT(ic, bs, IEEE80211_FC0_SUBTYPE_PROBE_RESP,
|
|
0);
|
|
}
|
|
if (allocbs && (ic->ic_flags & IEEE80211_F_HOSTAP)) {
|
|
TAILQ_REMOVE(&ic->ic_scan, bs, bs_list);
|
|
free(bs, M_DEVBUF);
|
|
if (TAILQ_EMPTY(&ic->ic_scan))
|
|
ic->ic_inact_timer = 0;
|
|
}
|
|
}
|
|
|
|
static void
|
|
ieee80211_recv_auth(struct ieee80211com *ic, struct mbuf *m0, int rssi,
|
|
u_int32_t rstamp)
|
|
{
|
|
struct ifnet *ifp = &ic->ic_if;
|
|
struct ieee80211_frame *wh;
|
|
struct ieee80211_bss *bs;
|
|
u_int8_t *frm, *efrm;
|
|
u_int16_t algo, seq, status;
|
|
int allocbs;
|
|
|
|
wh = mtod(m0, struct ieee80211_frame *);
|
|
frm = (u_int8_t *)&wh[1];
|
|
efrm = mtod(m0, u_int8_t *) + m0->m_len;
|
|
/*
|
|
* auth frame format
|
|
* [2] algorithm
|
|
* [2] sequence
|
|
* [2] status
|
|
* [tlv*] challenge
|
|
*/
|
|
if (frm + 6 > efrm) {
|
|
DPRINTF(("ieee80211_recv_auth: too short from %s\n",
|
|
ether_sprintf(wh->i_addr2)));
|
|
return;
|
|
}
|
|
algo = le16toh(*(u_int16_t *)frm);
|
|
seq = le16toh(*(u_int16_t *)(frm + 2));
|
|
status = le16toh(*(u_int16_t *)(frm + 4));
|
|
if (algo != IEEE80211_AUTH_ALG_OPEN) {
|
|
/* TODO: shared key auth */
|
|
DPRINTF(("ieee80211_recv_auth: unsupported auth %d from %s\n",
|
|
algo, ether_sprintf(wh->i_addr2)));
|
|
return;
|
|
}
|
|
if (ic->ic_flags & IEEE80211_F_ADHOC) {
|
|
if (ic->ic_state != IEEE80211_S_RUN || seq != 1)
|
|
return;
|
|
ieee80211_new_state(&ic->ic_if, IEEE80211_S_AUTH,
|
|
wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
|
|
return;
|
|
}
|
|
if (ic->ic_flags & IEEE80211_F_HOSTAP) {
|
|
if (ic->ic_state != IEEE80211_S_RUN || seq != 1)
|
|
return;
|
|
allocbs = 0;
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(bs->bs_macaddr, wh->i_addr2,
|
|
IEEE80211_ADDR_LEN) == 0)
|
|
break;
|
|
}
|
|
if (bs == NULL) {
|
|
if ((bs = ieee80211_alloc_bss(ic, 0)) == NULL)
|
|
return;
|
|
memcpy(bs->bs_macaddr, wh->i_addr2, IEEE80211_ADDR_LEN);
|
|
memcpy(bs->bs_bssid, ic->ic_bss.bs_bssid,
|
|
IEEE80211_ADDR_LEN);
|
|
allocbs = 1;
|
|
}
|
|
IEEE80211_SEND_MGMT(ic, bs, IEEE80211_FC0_SUBTYPE_AUTH, 2);
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: station %s %s authenticated\n",
|
|
ifp->if_xname,
|
|
(allocbs ? "newly" : "already"),
|
|
ether_sprintf(bs->bs_macaddr));
|
|
return;
|
|
}
|
|
if (ic->ic_state != IEEE80211_S_AUTH || seq != 2)
|
|
return;
|
|
if (status != 0) {
|
|
printf("%s: authentication failed (reason %d) for %s\n",
|
|
ic->ic_if.if_xname, status, ether_sprintf(wh->i_addr3));
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(bs->bs_macaddr, wh->i_addr2,
|
|
IEEE80211_ADDR_LEN) == 0) {
|
|
bs->bs_fails++;
|
|
break;
|
|
}
|
|
}
|
|
return;
|
|
}
|
|
ieee80211_new_state(&ic->ic_if, IEEE80211_S_ASSOC,
|
|
wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
|
|
}
|
|
|
|
static void
|
|
ieee80211_recv_asreq(struct ieee80211com *ic, struct mbuf *m0, int rssi,
|
|
u_int32_t rstamp)
|
|
{
|
|
struct ifnet *ifp = &ic->ic_if;
|
|
struct ieee80211_frame *wh;
|
|
struct ieee80211_bss *bs = &ic->ic_bss;
|
|
u_int8_t *frm, *efrm, *ssid, *rates;
|
|
u_int16_t capinfo, bintval;
|
|
int reassoc, resp, newassoc;
|
|
|
|
if ((ic->ic_flags & IEEE80211_F_HOSTAP) == 0 ||
|
|
(ic->ic_state != IEEE80211_S_RUN))
|
|
return;
|
|
|
|
wh = mtod(m0, struct ieee80211_frame *);
|
|
frm = (u_int8_t *)&wh[1];
|
|
efrm = mtod(m0, u_int8_t *) + m0->m_len;
|
|
if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
|
|
IEEE80211_FC0_SUBTYPE_REASSOC_REQ) {
|
|
reassoc = 1;
|
|
resp = IEEE80211_FC0_SUBTYPE_REASSOC_RESP;
|
|
} else {
|
|
reassoc = 0;
|
|
resp = IEEE80211_FC0_SUBTYPE_ASSOC_RESP;
|
|
}
|
|
/*
|
|
* asreq frame format
|
|
* [2] capability information
|
|
* [2] listen interval
|
|
* [6*] current AP address (reassoc only)
|
|
* [tlv] ssid
|
|
* [tlv] supported rates
|
|
*/
|
|
if (frm + (reassoc ? 10 : 4) > efrm) {
|
|
DPRINTF(("ieee80211_recv_asreq: too short from %s\n",
|
|
ether_sprintf(wh->i_addr2)));
|
|
return;
|
|
}
|
|
|
|
if (memcmp(wh->i_addr3, ic->ic_bss.bs_bssid, IEEE80211_ADDR_LEN) != 0) {
|
|
DPRINTF(("ieee80211_recv_asreq: ignore other bss from %s\n",
|
|
ether_sprintf(wh->i_addr2)));
|
|
return;
|
|
}
|
|
capinfo = le16toh(*(u_int16_t *)frm); frm += 2;
|
|
bintval = le16toh(*(u_int16_t *)frm); frm += 2;
|
|
if (reassoc)
|
|
frm += 6; /* ignore current AP info */
|
|
ssid = rates = NULL;
|
|
while (frm < efrm) {
|
|
switch (*frm) {
|
|
case IEEE80211_ELEMID_SSID:
|
|
ssid = frm;
|
|
break;
|
|
case IEEE80211_ELEMID_RATES:
|
|
rates = frm;
|
|
break;
|
|
}
|
|
frm += frm[1] + 2;
|
|
}
|
|
if (ssid == NULL || rates == NULL) {
|
|
DPRINTF(("ieee80211_recv_asreq: ssid=%p, rates=%p\n",
|
|
ssid, rates));
|
|
return;
|
|
}
|
|
if (ssid[1] > IEEE80211_NWID_LEN) {
|
|
DPRINTF(("ieee80211_recv_asreq: bad ssid len %d from %s\n",
|
|
ssid[1], ether_sprintf(wh->i_addr2)));
|
|
return;
|
|
}
|
|
if (ssid[1] != ic->ic_bss.bs_esslen ||
|
|
memcmp(ssid + 2, ic->ic_bss.bs_essid, ssid[1]) != 0) {
|
|
#ifdef IEEE80211_DEBUG
|
|
if (ieee80211_debug) {
|
|
printf("ieee80211_recv_asreq: ssid unmatch ");
|
|
ieee80211_print_essid(ssid + 2, ssid[1]);
|
|
printf(" from %s\n", ether_sprintf(wh->i_addr2));
|
|
}
|
|
#endif
|
|
return;
|
|
}
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(bs->bs_macaddr, wh->i_addr2,
|
|
IEEE80211_ADDR_LEN) == 0)
|
|
break;
|
|
}
|
|
if (bs == NULL)
|
|
return;
|
|
if ((capinfo & IEEE80211_CAPINFO_ESS) == 0 ||
|
|
(capinfo & IEEE80211_CAPINFO_PRIVACY) !=
|
|
((ic->ic_flags & IEEE80211_F_WEPON) ?
|
|
IEEE80211_CAPINFO_PRIVACY : 0)) {
|
|
bs->bs_associd = 0;
|
|
IEEE80211_SEND_MGMT(ic, bs, resp, IEEE80211_STATUS_CAPINFO);
|
|
return;
|
|
}
|
|
memset(bs->bs_rates, 0, IEEE80211_RATE_SIZE);
|
|
bs->bs_nrate = rates[1];
|
|
memcpy(bs->bs_rates, rates + 2, bs->bs_nrate);
|
|
ieee80211_fix_rate(ic, bs, IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE |
|
|
IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
|
|
if (bs->bs_nrate == 0) {
|
|
bs->bs_associd = 0;
|
|
IEEE80211_SEND_MGMT(ic, bs, resp, IEEE80211_STATUS_BASIC_RATE);
|
|
return;
|
|
}
|
|
bs->bs_rssi = rssi;
|
|
bs->bs_rstamp = rstamp;
|
|
bs->bs_intval = bintval;
|
|
bs->bs_capinfo = capinfo;
|
|
bs->bs_chan = ic->ic_bss.bs_chan;
|
|
bs->bs_fhdwell = ic->ic_bss.bs_fhdwell;
|
|
bs->bs_fhindex = ic->ic_bss.bs_fhindex;
|
|
if (bs->bs_associd == 0) {
|
|
bs->bs_associd = 0xc000 | ic->ic_bss.bs_associd++;
|
|
newassoc = 1;
|
|
} else
|
|
newassoc = 0;
|
|
IEEE80211_SEND_MGMT(ic, bs, resp, IEEE80211_STATUS_SUCCESS);
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: station %s %s associated\n",
|
|
ifp->if_xname, (newassoc ? "newly" : "already"),
|
|
ether_sprintf(bs->bs_macaddr));
|
|
}
|
|
|
|
static void
|
|
ieee80211_recv_asresp(struct ieee80211com *ic, struct mbuf *m0, int rssi,
|
|
u_int32_t rstamp)
|
|
{
|
|
struct ifnet *ifp = &ic->ic_if;
|
|
struct ieee80211_frame *wh;
|
|
struct ieee80211_bss *bs = &ic->ic_bss;
|
|
u_int8_t *frm, *efrm, *rates;
|
|
int status;
|
|
|
|
if ((ic->ic_flags & IEEE80211_F_HOSTAP) ||
|
|
(ic->ic_flags & IEEE80211_F_ADHOC) ||
|
|
ic->ic_state != IEEE80211_S_ASSOC)
|
|
return;
|
|
|
|
wh = mtod(m0, struct ieee80211_frame *);
|
|
frm = (u_int8_t *)&wh[1];
|
|
efrm = mtod(m0, u_int8_t *) + m0->m_len;
|
|
/*
|
|
* asresp frame format
|
|
* [2] capability information
|
|
* [2] status
|
|
* [2] association ID
|
|
* [tlv] supported rates
|
|
*/
|
|
if (frm + 6 > efrm) {
|
|
DPRINTF(("ieee80211_recv_asresp: too short from %s\n",
|
|
ether_sprintf(wh->i_addr2)));
|
|
return;
|
|
}
|
|
|
|
bs->bs_capinfo = le16toh(*(u_int16_t *)frm);
|
|
frm += 2;
|
|
|
|
status = le16toh(*(u_int16_t *)frm);
|
|
frm += 2;
|
|
if (status != 0) {
|
|
printf("%s: association failed (reason %d) for %s\n",
|
|
ifp->if_xname, status, ether_sprintf(wh->i_addr3));
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(bs->bs_macaddr, wh->i_addr2,
|
|
IEEE80211_ADDR_LEN) == 0) {
|
|
bs->bs_fails++;
|
|
break;
|
|
}
|
|
}
|
|
return;
|
|
}
|
|
bs->bs_associd = le16toh(*(u_int16_t *)frm);
|
|
frm += 2;
|
|
rates = frm;
|
|
|
|
memset(bs->bs_rates, 0, IEEE80211_RATE_SIZE);
|
|
bs->bs_nrate = rates[1];
|
|
memcpy(bs->bs_rates, rates + 2, bs->bs_nrate);
|
|
ieee80211_fix_rate(ic, bs, IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE |
|
|
IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
|
|
if (bs->bs_nrate == 0)
|
|
return;
|
|
ieee80211_new_state(ifp, IEEE80211_S_RUN,
|
|
wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
|
|
}
|
|
|
|
static void
|
|
ieee80211_recv_disassoc(struct ieee80211com *ic, struct mbuf *m0, int rssi,
|
|
u_int32_t rstamp)
|
|
{
|
|
struct ifnet *ifp = &ic->ic_if;
|
|
struct ieee80211_frame *wh;
|
|
struct ieee80211_bss *bs;
|
|
u_int8_t *frm, *efrm;
|
|
u_int16_t reason;
|
|
|
|
wh = mtod(m0, struct ieee80211_frame *);
|
|
frm = (u_int8_t *)&wh[1];
|
|
efrm = mtod(m0, u_int8_t *) + m0->m_len;
|
|
/*
|
|
* disassoc frame format
|
|
* [2] reason
|
|
*/
|
|
if (frm + 2 > efrm) {
|
|
DPRINTF(("ieee80211_recv_disassoc: too short from %s\n",
|
|
ether_sprintf(wh->i_addr2)));
|
|
return;
|
|
}
|
|
reason = le16toh(*(u_int16_t *)frm);
|
|
if (ic->ic_flags & IEEE80211_F_HOSTAP) {
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(wh->i_addr2, bs->bs_macaddr,
|
|
IEEE80211_ADDR_LEN) == 0) {
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: station %s disassociated"
|
|
" by peer (reason %d)\n",
|
|
ifp->if_xname,
|
|
ether_sprintf(bs->bs_macaddr),
|
|
reason);
|
|
bs->bs_associd = 0;
|
|
break;
|
|
}
|
|
}
|
|
} else if ((ic->ic_flags & IEEE80211_F_ADHOC) == 0)
|
|
ieee80211_new_state(&ic->ic_if, IEEE80211_S_ASSOC,
|
|
wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
|
|
}
|
|
|
|
static void
|
|
ieee80211_recv_deauth(struct ieee80211com *ic, struct mbuf *m0, int rssi,
|
|
u_int32_t rstamp)
|
|
{
|
|
struct ifnet *ifp = &ic->ic_if;
|
|
struct ieee80211_frame *wh;
|
|
struct ieee80211_bss *bs;
|
|
u_int8_t *frm, *efrm;
|
|
u_int16_t reason;
|
|
|
|
wh = mtod(m0, struct ieee80211_frame *);
|
|
frm = (u_int8_t *)&wh[1];
|
|
efrm = mtod(m0, u_int8_t *) + m0->m_len;
|
|
/*
|
|
* dauth frame format
|
|
* [2] reason
|
|
*/
|
|
if (frm + 2 > efrm) {
|
|
DPRINTF(("ieee80211_recv_deauth: too short from %s\n",
|
|
ether_sprintf(wh->i_addr2)));
|
|
return;
|
|
}
|
|
reason = le16toh(*(u_int16_t *)frm);
|
|
if (ic->ic_flags & IEEE80211_F_HOSTAP) {
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(wh->i_addr2, bs->bs_macaddr,
|
|
IEEE80211_ADDR_LEN) == 0) {
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: station %s deauthenticated"
|
|
" by peer (reason %d)\n",
|
|
ifp->if_xname,
|
|
ether_sprintf(bs->bs_macaddr),
|
|
reason);
|
|
TAILQ_REMOVE(&ic->ic_scan, bs, bs_list);
|
|
free(bs, M_DEVBUF);
|
|
if (TAILQ_EMPTY(&ic->ic_scan))
|
|
ic->ic_inact_timer = 0;
|
|
break;
|
|
}
|
|
}
|
|
} else if ((ic->ic_flags & IEEE80211_F_ADHOC) == 0)
|
|
ieee80211_new_state(&ic->ic_if, IEEE80211_S_AUTH,
|
|
wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
|
|
}
|
|
|
|
int
|
|
ieee80211_new_state(struct ifnet *ifp, enum ieee80211_state nstate, int mgt)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
struct ieee80211_bss *bs = &ic->ic_bss;
|
|
int i, error, ostate;
|
|
#ifdef IEEE80211_DEBUG
|
|
static const char *stname[] =
|
|
{ "INIT", "SCAN", "AUTH", "ASSOC", "RUN" };
|
|
#endif
|
|
|
|
ostate = ic->ic_state;
|
|
DPRINTF(("ieee80211_new_state: %s -> %s\n",
|
|
stname[ostate], stname[nstate]));
|
|
if (ic->ic_newstate) {
|
|
error = (*ic->ic_newstate)(ic->ic_softc, nstate);
|
|
if (error == EINPROGRESS)
|
|
return 0;
|
|
if (error != 0)
|
|
return error;
|
|
}
|
|
|
|
/* state transition */
|
|
ic->ic_state = nstate;
|
|
switch (nstate) {
|
|
case IEEE80211_S_INIT:
|
|
switch (ostate) {
|
|
case IEEE80211_S_INIT:
|
|
break;
|
|
case IEEE80211_S_RUN:
|
|
if (ic->ic_flags & IEEE80211_F_HOSTAP) {
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (bs->bs_associd == 0)
|
|
continue;
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_DISASSOC,
|
|
IEEE80211_REASON_ASSOC_LEAVE);
|
|
}
|
|
} else if ((ic->ic_flags & IEEE80211_F_ADHOC) == 0)
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_DISASSOC,
|
|
IEEE80211_REASON_ASSOC_LEAVE);
|
|
/* FALLTHRU */
|
|
case IEEE80211_S_ASSOC:
|
|
if (ic->ic_flags & IEEE80211_F_HOSTAP) {
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_DEAUTH,
|
|
IEEE80211_REASON_AUTH_LEAVE);
|
|
}
|
|
} else if ((ic->ic_flags & IEEE80211_F_ADHOC) == 0)
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_DEAUTH,
|
|
IEEE80211_REASON_AUTH_LEAVE);
|
|
/* FALLTHRU */
|
|
case IEEE80211_S_AUTH:
|
|
case IEEE80211_S_SCAN:
|
|
ic->ic_scan_timer = 0;
|
|
ic->ic_mgt_timer = 0;
|
|
IF_PURGE(&ic->ic_mgtq);
|
|
if (ic->ic_wep_ctx != NULL) {
|
|
free(ic->ic_wep_ctx, M_DEVBUF);
|
|
ic->ic_wep_ctx = NULL;
|
|
}
|
|
ieee80211_free_scan(ifp);
|
|
break;
|
|
}
|
|
break;
|
|
case IEEE80211_S_SCAN:
|
|
ic->ic_flags &= ~IEEE80211_F_SIBSS;
|
|
bs = &ic->ic_bss;
|
|
/* initialize bss for probe request */
|
|
memcpy(bs->bs_macaddr, ifp->if_broadcastaddr,
|
|
IEEE80211_ADDR_LEN);
|
|
memcpy(bs->bs_bssid, ifp->if_broadcastaddr, IEEE80211_ADDR_LEN);
|
|
bs->bs_nrate = 0;
|
|
memset(bs->bs_rates, 0, IEEE80211_RATE_SIZE);
|
|
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
|
|
if (ic->ic_sup_rates[i] != 0)
|
|
bs->bs_rates[bs->bs_nrate++] =
|
|
ic->ic_sup_rates[i];
|
|
}
|
|
bs->bs_associd = 0;
|
|
bs->bs_rstamp = 0;
|
|
switch (ostate) {
|
|
case IEEE80211_S_INIT:
|
|
ic->ic_flags |= IEEE80211_F_ASCAN;
|
|
ic->ic_scan_timer = IEEE80211_ASCAN_WAIT;
|
|
/* use lowest rate */
|
|
bs->bs_txrate = 0;
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0);
|
|
break;
|
|
case IEEE80211_S_SCAN:
|
|
/* scan next */
|
|
if (ic->ic_flags & IEEE80211_F_ASCAN) {
|
|
if (ic->ic_scan_timer == 0)
|
|
ic->ic_scan_timer =
|
|
IEEE80211_ASCAN_WAIT;
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0);
|
|
} else {
|
|
if (ic->ic_scan_timer == 0)
|
|
ic->ic_scan_timer =
|
|
IEEE80211_PSCAN_WAIT;
|
|
ifp->if_timer = 1;
|
|
}
|
|
break;
|
|
case IEEE80211_S_RUN:
|
|
/* beacon miss */
|
|
if (ifp->if_flags & IFF_DEBUG)
|
|
printf("%s: no recent beacons from %s;"
|
|
" rescanning\n",
|
|
ifp->if_xname,
|
|
ether_sprintf(ic->ic_bss.bs_bssid));
|
|
ieee80211_free_scan(ifp);
|
|
/* FALLTHRU */
|
|
case IEEE80211_S_AUTH:
|
|
case IEEE80211_S_ASSOC:
|
|
/* timeout restart scan */
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (memcmp(ic->ic_bss.bs_macaddr,
|
|
bs->bs_macaddr, IEEE80211_ADDR_LEN) == 0) {
|
|
bs->bs_fails++;
|
|
break;
|
|
}
|
|
}
|
|
ic->ic_flags |= IEEE80211_F_ASCAN;
|
|
ic->ic_scan_timer = IEEE80211_ASCAN_WAIT;
|
|
IEEE80211_SEND_MGMT(ic, &ic->ic_bss,
|
|
IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0);
|
|
break;
|
|
}
|
|
break;
|
|
case IEEE80211_S_AUTH:
|
|
switch (ostate) {
|
|
case IEEE80211_S_INIT:
|
|
DPRINTF(("ieee80211_new_state: invalid transition\n"));
|
|
break;
|
|
case IEEE80211_S_SCAN:
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_AUTH, 1);
|
|
break;
|
|
case IEEE80211_S_AUTH:
|
|
case IEEE80211_S_ASSOC:
|
|
switch (mgt) {
|
|
case IEEE80211_FC0_SUBTYPE_AUTH:
|
|
/* ??? */
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_AUTH, 2);
|
|
break;
|
|
case IEEE80211_FC0_SUBTYPE_DEAUTH:
|
|
/* ignore and retry scan on timeout */
|
|
break;
|
|
}
|
|
break;
|
|
case IEEE80211_S_RUN:
|
|
switch (mgt) {
|
|
case IEEE80211_FC0_SUBTYPE_AUTH:
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_AUTH, 2);
|
|
ic->ic_state = ostate; /* stay RUN */
|
|
break;
|
|
case IEEE80211_FC0_SUBTYPE_DEAUTH:
|
|
/* try to reauth */
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_AUTH, 1);
|
|
break;
|
|
}
|
|
break;
|
|
}
|
|
break;
|
|
case IEEE80211_S_ASSOC:
|
|
switch (ostate) {
|
|
case IEEE80211_S_INIT:
|
|
case IEEE80211_S_SCAN:
|
|
case IEEE80211_S_ASSOC:
|
|
DPRINTF(("ieee80211_new_state: invalid transition\n"));
|
|
break;
|
|
case IEEE80211_S_AUTH:
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_ASSOC_REQ, 0);
|
|
break;
|
|
case IEEE80211_S_RUN:
|
|
IEEE80211_SEND_MGMT(ic, bs,
|
|
IEEE80211_FC0_SUBTYPE_ASSOC_REQ, 1);
|
|
break;
|
|
}
|
|
break;
|
|
case IEEE80211_S_RUN:
|
|
switch (ostate) {
|
|
case IEEE80211_S_INIT:
|
|
case IEEE80211_S_AUTH:
|
|
case IEEE80211_S_RUN:
|
|
DPRINTF(("ieee80211_new_state: invalid transition\n"));
|
|
break;
|
|
case IEEE80211_S_SCAN: /* adhoc mode */
|
|
case IEEE80211_S_ASSOC: /* infra mode */
|
|
if (ifp->if_flags & IFF_DEBUG) {
|
|
printf("%s: ", ifp->if_xname);
|
|
if ((ic->ic_flags & IEEE80211_F_ADHOC) ||
|
|
(ic->ic_flags & IEEE80211_F_HOSTAP))
|
|
printf("synchronized ");
|
|
else
|
|
printf("associated ");
|
|
printf("with %s ssid ",
|
|
ether_sprintf(ic->ic_bss.bs_bssid));
|
|
ieee80211_print_essid(ic->ic_bss.bs_essid,
|
|
ic->ic_bss.bs_esslen);
|
|
printf(" channel %d\n", ic->ic_bss.bs_chan);
|
|
}
|
|
/* start with highest negotiated rate */
|
|
ic->ic_bss.bs_txrate = ic->ic_bss.bs_nrate - 1;
|
|
ic->ic_mgt_timer = 0;
|
|
(*ifp->if_start)(ifp);
|
|
break;
|
|
}
|
|
break;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
struct mbuf *
|
|
ieee80211_wep_crypt(struct ifnet *ifp, struct mbuf *m0, int txflag)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
struct mbuf *m, *n, *n0;
|
|
struct ieee80211_frame *wh;
|
|
int left, len, moff, noff, kid;
|
|
u_int32_t iv, crc;
|
|
u_int8_t *ivp;
|
|
void *ctx;
|
|
u_int8_t keybuf[IEEE80211_WEP_IVLEN + IEEE80211_KEYBUF_SIZE];
|
|
u_int8_t crcbuf[IEEE80211_WEP_CRCLEN];
|
|
|
|
n0 = NULL;
|
|
if ((ctx = ic->ic_wep_ctx) == NULL) {
|
|
ctx = malloc(arc4_ctxlen(), M_DEVBUF, M_NOWAIT);
|
|
if (ctx == NULL)
|
|
goto fail;
|
|
ic->ic_wep_ctx = ctx;
|
|
}
|
|
m = m0;
|
|
left = m->m_pkthdr.len;
|
|
MGET(n, M_DONTWAIT, m->m_type);
|
|
n0 = n;
|
|
if (n == NULL)
|
|
goto fail;
|
|
M_COPY_PKTHDR(n, m);
|
|
len = IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN + IEEE80211_WEP_CRCLEN;
|
|
if (txflag) {
|
|
n->m_pkthdr.len += len;
|
|
} else {
|
|
n->m_pkthdr.len -= len;
|
|
left -= len;
|
|
}
|
|
n->m_len = MHLEN;
|
|
if (n->m_pkthdr.len >= MINCLSIZE) {
|
|
MCLGET(n, M_DONTWAIT);
|
|
if (n->m_flags & M_EXT)
|
|
n->m_len = n->m_ext.ext_size;
|
|
}
|
|
len = sizeof(struct ieee80211_frame);
|
|
memcpy(mtod(n, caddr_t), mtod(m, caddr_t), len);
|
|
wh = mtod(n, struct ieee80211_frame *);
|
|
left -= len;
|
|
moff = len;
|
|
noff = len;
|
|
if (txflag) {
|
|
kid = ic->ic_wep_txkey;
|
|
wh->i_fc[1] |= IEEE80211_FC1_WEP;
|
|
/*
|
|
* XXX
|
|
* IV must not duplicate during the lifetime of the key.
|
|
* But no mechanism to renew keys is defined in IEEE 802.11
|
|
* WEP. And IV may be duplicated between other stations
|
|
* because of the session key itself is shared.
|
|
* So we use pseudo random IV here, though it is not the
|
|
* best way.
|
|
*/
|
|
iv = random();
|
|
ivp = mtod(n, u_int8_t *) + noff;
|
|
memcpy(ivp, (caddr_t)&iv, IEEE80211_WEP_IVLEN);
|
|
ivp[IEEE80211_WEP_IVLEN] = kid << 6; /* pad and keyid */
|
|
noff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN;
|
|
} else {
|
|
wh->i_fc[1] &= ~IEEE80211_FC1_WEP;
|
|
ivp = mtod(m, u_int8_t *) + moff;
|
|
kid = ivp[IEEE80211_WEP_IVLEN] >> 6;
|
|
moff += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN;
|
|
}
|
|
memcpy(keybuf, ivp, IEEE80211_WEP_IVLEN);
|
|
memcpy(keybuf + IEEE80211_WEP_IVLEN, ic->ic_nw_keys[kid].wk_key,
|
|
ic->ic_nw_keys[kid].wk_len);
|
|
arc4_setkey(ctx, keybuf,
|
|
IEEE80211_WEP_IVLEN + ic->ic_nw_keys[kid].wk_len);
|
|
|
|
/* encrypt with calculating CRC */
|
|
crc = ~0;
|
|
while (left > 0) {
|
|
len = m->m_len - moff;
|
|
if (len == 0) {
|
|
m = m->m_next;
|
|
moff = 0;
|
|
continue;
|
|
}
|
|
if (len > n->m_len - noff) {
|
|
len = n->m_len - noff;
|
|
if (len == 0) {
|
|
MGET(n->m_next, M_DONTWAIT, n->m_type);
|
|
if (n->m_next == NULL)
|
|
goto fail;
|
|
n = n->m_next;
|
|
n->m_len = MLEN;
|
|
if (left >= MINCLSIZE) {
|
|
MCLGET(n, M_DONTWAIT);
|
|
if (n->m_flags & M_EXT)
|
|
n->m_len = n->m_ext.ext_size;
|
|
}
|
|
noff = 0;
|
|
continue;
|
|
}
|
|
}
|
|
if (len > left)
|
|
len = left;
|
|
arc4_encrypt(ctx, mtod(n, caddr_t) + noff,
|
|
mtod(m, caddr_t) + moff, len);
|
|
if (txflag)
|
|
crc = ieee80211_crc_update(crc,
|
|
mtod(m, u_int8_t *) + moff, len);
|
|
else
|
|
crc = ieee80211_crc_update(crc,
|
|
mtod(n, u_int8_t *) + noff, len);
|
|
left -= len;
|
|
moff += len;
|
|
noff += len;
|
|
}
|
|
crc = ~crc;
|
|
if (txflag) {
|
|
*(u_int32_t *)crcbuf = htole32(crc);
|
|
if (n->m_len >= noff + sizeof(crcbuf))
|
|
n->m_len = noff + sizeof(crcbuf);
|
|
else {
|
|
n->m_len = noff;
|
|
MGET(n->m_next, M_DONTWAIT, n->m_type);
|
|
if (n->m_next == NULL)
|
|
goto fail;
|
|
n = n->m_next;
|
|
n->m_len = sizeof(crcbuf);
|
|
noff = 0;
|
|
}
|
|
arc4_encrypt(ctx, mtod(n, caddr_t) + noff, crcbuf,
|
|
sizeof(crcbuf));
|
|
} else {
|
|
n->m_len = noff;
|
|
for (noff = 0; noff < sizeof(crcbuf); noff += len) {
|
|
len = sizeof(crcbuf) - noff;
|
|
if (len > m->m_len - moff)
|
|
len = m->m_len - moff;
|
|
if (len > 0)
|
|
arc4_encrypt(ctx, crcbuf + noff,
|
|
mtod(m, caddr_t) + moff, len);
|
|
m = m->m_next;
|
|
moff = 0;
|
|
}
|
|
if (crc != le32toh(*(u_int32_t *)crcbuf)) {
|
|
#ifdef IEEE80211_DEBUG
|
|
if (ieee80211_debug) {
|
|
printf("%s: decrypt CRC error\n",
|
|
ifp->if_xname);
|
|
if (ieee80211_debug > 1)
|
|
ieee80211_dump_pkt(n0->m_data,
|
|
n0->m_len, -1, -1);
|
|
}
|
|
#endif
|
|
goto fail;
|
|
}
|
|
}
|
|
m_freem(m0);
|
|
return n0;
|
|
|
|
fail:
|
|
m_freem(m0);
|
|
m_freem(n0);
|
|
return NULL;
|
|
}
|
|
|
|
/*
|
|
* CRC 32 -- routine from RFC 2083
|
|
*/
|
|
|
|
/* Table of CRCs of all 8-bit messages */
|
|
static u_int32_t ieee80211_crc_table[256];
|
|
|
|
/* Make the table for a fast CRC. */
|
|
static void
|
|
ieee80211_crc_init(void)
|
|
{
|
|
u_int32_t c;
|
|
int n, k;
|
|
|
|
for (n = 0; n < 256; n++) {
|
|
c = (u_int32_t)n;
|
|
for (k = 0; k < 8; k++) {
|
|
if (c & 1)
|
|
c = 0xedb88320UL ^ (c >> 1);
|
|
else
|
|
c = c >> 1;
|
|
}
|
|
ieee80211_crc_table[n] = c;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Update a running CRC with the bytes buf[0..len-1]--the CRC
|
|
* should be initialized to all 1's, and the transmitted value
|
|
* is the 1's complement of the final running CRC
|
|
*/
|
|
|
|
static u_int32_t
|
|
ieee80211_crc_update(u_int32_t crc, u_int8_t *buf, int len)
|
|
{
|
|
u_int8_t *endbuf;
|
|
|
|
for (endbuf = buf + len; buf < endbuf; buf++)
|
|
crc = ieee80211_crc_table[(crc ^ *buf) & 0xff] ^ (crc >> 8);
|
|
return crc;
|
|
}
|
|
|
|
/*
|
|
* convert IEEE80211 rate value to ifmedia subtype.
|
|
* ieee80211 rate is in unit of 0.5Mbps.
|
|
* phytype is IEEE80211_F_FH or IEEE80211_F_DS.
|
|
*/
|
|
|
|
int
|
|
ieee80211_rate2media(int rate, int phytype)
|
|
{
|
|
int mword;
|
|
|
|
mword = 0;
|
|
switch (phytype) {
|
|
case IEEE80211_F_FH:
|
|
switch (rate & IEEE80211_RATE_VAL) {
|
|
case 2:
|
|
mword = IFM_IEEE80211_FH1;
|
|
break;
|
|
case 4:
|
|
mword = IFM_IEEE80211_FH2;
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case IEEE80211_F_DS:
|
|
switch (rate & IEEE80211_RATE_VAL) {
|
|
case 2:
|
|
mword = IFM_IEEE80211_DS1;
|
|
break;
|
|
case 4:
|
|
mword = IFM_IEEE80211_DS2;
|
|
break;
|
|
case 11:
|
|
mword = IFM_IEEE80211_DS5;
|
|
break;
|
|
case 22:
|
|
mword = IFM_IEEE80211_DS11;
|
|
break;
|
|
}
|
|
}
|
|
return mword;
|
|
}
|
|
|
|
int
|
|
ieee80211_media2rate(int mword, int phytype)
|
|
{
|
|
int rate;
|
|
|
|
rate = 0;
|
|
switch (phytype) {
|
|
case IEEE80211_F_FH:
|
|
switch (IFM_SUBTYPE(mword)) {
|
|
case IFM_IEEE80211_FH1:
|
|
rate = 2;
|
|
break;
|
|
case IFM_IEEE80211_FH2:
|
|
rate = 4;
|
|
break;
|
|
}
|
|
break;
|
|
|
|
case IEEE80211_F_DS:
|
|
switch (IFM_SUBTYPE(mword)) {
|
|
case IFM_IEEE80211_DS1:
|
|
rate = 2;
|
|
break;
|
|
case IFM_IEEE80211_DS2:
|
|
rate = 4;
|
|
break;
|
|
case IFM_IEEE80211_DS5:
|
|
rate = 11;
|
|
break;
|
|
case IFM_IEEE80211_DS11:
|
|
rate = 22;
|
|
break;
|
|
}
|
|
}
|
|
return rate;
|
|
}
|
|
|
|
/*
|
|
* XXX
|
|
* Wireless LAN specific configuration interface, which is compatible
|
|
* with wiconfig(8).
|
|
*/
|
|
|
|
int
|
|
ieee80211_cfgget(struct ifnet *ifp, u_long cmd, caddr_t data)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
int i, j, error;
|
|
struct ifreq *ifr = (struct ifreq *)data;
|
|
struct wi_req wreq;
|
|
struct wi_ltv_keys *keys;
|
|
struct wi_apinfo *ap;
|
|
struct ieee80211_bss *bs;
|
|
#ifdef WICACHE
|
|
struct wi_sigcache wsc;
|
|
#endif /* WICACHE */
|
|
|
|
error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
|
|
if (error)
|
|
return error;
|
|
wreq.wi_len = 0;
|
|
switch (wreq.wi_type) {
|
|
case WI_RID_SERIALNO:
|
|
/* nothing appropriate */
|
|
break;
|
|
case WI_RID_NODENAME:
|
|
strcpy((char *)&wreq.wi_val[1], hostname);
|
|
wreq.wi_val[0] = htole16(strlen(hostname));
|
|
wreq.wi_len = (1 + strlen(hostname) + 1) / 2;
|
|
break;
|
|
case WI_RID_CURRENT_SSID:
|
|
if (ic->ic_state != IEEE80211_S_RUN) {
|
|
wreq.wi_val[0] = 0;
|
|
wreq.wi_len = 1;
|
|
break;
|
|
}
|
|
wreq.wi_val[0] = htole16(ic->ic_bss.bs_esslen);
|
|
memcpy(&wreq.wi_val[1], ic->ic_bss.bs_essid,
|
|
ic->ic_bss.bs_esslen);
|
|
wreq.wi_len = (1 + ic->ic_bss.bs_esslen + 1) / 2;
|
|
break;
|
|
case WI_RID_OWN_SSID:
|
|
case WI_RID_DESIRED_SSID:
|
|
wreq.wi_val[0] = htole16(ic->ic_des_esslen);
|
|
memcpy(&wreq.wi_val[1], ic->ic_des_essid, ic->ic_des_esslen);
|
|
wreq.wi_len = (1 + ic->ic_des_esslen + 1) / 2;
|
|
break;
|
|
case WI_RID_CURRENT_BSSID:
|
|
if (ic->ic_state == IEEE80211_S_RUN)
|
|
memcpy(wreq.wi_val, ic->ic_bss.bs_bssid,
|
|
IEEE80211_ADDR_LEN);
|
|
else
|
|
memset(wreq.wi_val, 0, IEEE80211_ADDR_LEN);
|
|
wreq.wi_len = IEEE80211_ADDR_LEN / 2;
|
|
break;
|
|
case WI_RID_CHANNEL_LIST:
|
|
memset(wreq.wi_val, 0, sizeof(wreq.wi_val));
|
|
/*
|
|
* Since channel 0 is not available for DS, channel 1
|
|
* is assigned to LSB on WaveLAN.
|
|
*/
|
|
if (ic->ic_flags & IEEE80211_F_DS)
|
|
i = 1;
|
|
else
|
|
i = 0;
|
|
for (j = 0; i <= IEEE80211_CHAN_MAX; i++, j++) {
|
|
if (isset(ic->ic_chan_active, i)) {
|
|
setbit((u_int8_t *)wreq.wi_val, j);
|
|
wreq.wi_len = j / 16 + 1;
|
|
}
|
|
}
|
|
break;
|
|
case WI_RID_OWN_CHNL:
|
|
wreq.wi_val[0] = htole16(ic->ic_ibss_chan);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_CURRENT_CHAN:
|
|
wreq.wi_val[0] = htole16(ic->ic_bss.bs_chan);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_COMMS_QUALITY:
|
|
wreq.wi_val[0] = 0; /* quality */
|
|
wreq.wi_val[1] = htole16(ic->ic_bss.bs_rssi); /* signal */
|
|
wreq.wi_val[2] = 0; /* noise */
|
|
wreq.wi_len = 3;
|
|
break;
|
|
case WI_RID_PROMISC:
|
|
wreq.wi_val[0] = htole16((ifp->if_flags & IFF_PROMISC) ? 1 : 0);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_PORTTYPE:
|
|
wreq.wi_val[0] =
|
|
htole16((ic->ic_flags & IEEE80211_F_ADHOC) ? 4 : 1);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_MAC_NODE:
|
|
memcpy(wreq.wi_val, ic->ic_myaddr, IEEE80211_ADDR_LEN);
|
|
wreq.wi_len = IEEE80211_ADDR_LEN / 2;
|
|
break;
|
|
case WI_RID_TX_RATE:
|
|
if (ic->ic_fixed_rate == -1)
|
|
wreq.wi_val[0] = 0; /* auto */
|
|
else
|
|
wreq.wi_val[0] = htole16(
|
|
(ic->ic_sup_rates[ic->ic_fixed_rate] &
|
|
IEEE80211_RATE_VAL) / 2);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_CUR_TX_RATE:
|
|
wreq.wi_val[0] = htole16(
|
|
(ic->ic_bss.bs_rates[ic->ic_bss.bs_txrate] &
|
|
IEEE80211_RATE_VAL) / 2);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_RTS_THRESH:
|
|
wreq.wi_val[0] = htole16(IEEE80211_MAX_LEN); /* TODO: RTS */
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_CREATE_IBSS:
|
|
wreq.wi_val[0] =
|
|
htole16((ic->ic_flags & IEEE80211_F_IBSSON) ? 1 : 0);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_MICROWAVE_OVEN:
|
|
wreq.wi_val[0] = 0; /* no ... not supported */
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_ROAMING_MODE:
|
|
wreq.wi_val[0] = htole16(1); /* enabled ... not supported */
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_SYSTEM_SCALE:
|
|
wreq.wi_val[0] = htole16(1); /* low density ... not supp */
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_PM_ENABLED:
|
|
wreq.wi_val[0] =
|
|
htole16((ic->ic_flags & IEEE80211_F_PMGTON) ? 1 : 0);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_MAX_SLEEP:
|
|
wreq.wi_val[0] = htole16(ic->ic_lintval);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_OWN_BEACON_INT:
|
|
wreq.wi_val[0] = htole16(ic->ic_bss.bs_intval);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_WEP_AVAIL:
|
|
wreq.wi_val[0] =
|
|
htole16((ic->ic_flags & IEEE80211_F_HASWEP) ? 1 : 0);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_CNFAUTHMODE:
|
|
wreq.wi_val[0] = htole16(1); /* TODO: open system only */
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_ENCRYPTION:
|
|
wreq.wi_val[0] =
|
|
htole16((ic->ic_flags & IEEE80211_F_WEPON) ? 1 : 0);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_TX_CRYPT_KEY:
|
|
wreq.wi_val[0] = htole16(ic->ic_wep_txkey);
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_DEFLT_CRYPT_KEYS:
|
|
keys = (struct wi_ltv_keys *)&wreq;
|
|
/* do not show keys to non-root user */
|
|
error = suser(curproc->p_ucred, &curproc->p_acflag);
|
|
if (error) {
|
|
memset(keys, 0, sizeof(*keys));
|
|
error = 0;
|
|
break;
|
|
}
|
|
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
|
|
keys->wi_keys[i].wi_keylen =
|
|
htole16(ic->ic_nw_keys[i].wk_len);
|
|
memcpy(keys->wi_keys[i].wi_keydat,
|
|
ic->ic_nw_keys[i].wk_key, ic->ic_nw_keys[i].wk_len);
|
|
}
|
|
wreq.wi_len = sizeof(*keys) / 2;
|
|
break;
|
|
case WI_RID_MAX_DATALEN:
|
|
wreq.wi_val[0] = htole16(IEEE80211_MAX_LEN); /* TODO: frag */
|
|
wreq.wi_len = 1;
|
|
break;
|
|
case WI_RID_IFACE_STATS:
|
|
/* XXX: should be implemented in lower drivers */
|
|
break;
|
|
case WI_RID_READ_APS:
|
|
for (i = 0; i < IEEE80211_PSCAN_WAIT; i++) {
|
|
tsleep((caddr_t)ic, PWAIT | PCATCH, "i80211", hz);
|
|
if (ic->ic_state != IEEE80211_S_SCAN ||
|
|
(ic->ic_flags & IEEE80211_F_SCANAP) == 0 ||
|
|
(ic->ic_flags & IEEE80211_F_ASCAN) == 0)
|
|
break;
|
|
}
|
|
ic->ic_flags &= ~IEEE80211_F_SCANAP;
|
|
i = 0;
|
|
ap = (void *)((char *)wreq.wi_val + sizeof(i));
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if ((caddr_t)(ap + 1) > (caddr_t)(&wreq + 1))
|
|
break;
|
|
memset(ap, 0, sizeof(*ap));
|
|
memcpy(ap->bssid, bs->bs_bssid, IEEE80211_ADDR_LEN);
|
|
ap->channel = bs->bs_chan;
|
|
ap->signal = bs->bs_rssi;
|
|
ap->namelen = bs->bs_esslen;
|
|
if (bs->bs_esslen)
|
|
memcpy(ap->name, bs->bs_essid, bs->bs_esslen);
|
|
ap->capinfo = bs->bs_capinfo;
|
|
ap->interval = bs->bs_intval;
|
|
for (j = 0; j < bs->bs_nrate; j++) {
|
|
if (bs->bs_rates[j] & IEEE80211_RATE_BASIC) {
|
|
ap->rate = (bs->bs_rates[j] &
|
|
IEEE80211_RATE_VAL) * 5; /* XXX */
|
|
}
|
|
}
|
|
i++;
|
|
ap++;
|
|
}
|
|
memcpy(wreq.wi_val, &i, sizeof(i));
|
|
wreq.wi_len = (sizeof(int) + sizeof(*ap) * i) / 2;
|
|
break;
|
|
#ifdef WICACHE
|
|
case WI_RID_READ_CACHE:
|
|
i = 0;
|
|
TAILQ_FOREACH(bs, &ic->ic_scan, bs_list) {
|
|
if (i == MAXCACHE)
|
|
break;
|
|
memcpy(wsc.macsrc, bs->bs_macaddr, IEEE80211_ADDR_LEN);
|
|
memset(&wsc.ipsrc, 0, sizeof(wsc.ipsrc));
|
|
wsc.signal = bs->rssi;
|
|
wsc.noise = 0;
|
|
wsc.quality = 0;
|
|
memcpy((caddr_t)wreq.wi_val + sizeof(wsc) * i,
|
|
&wsc, sizeof(wsc));
|
|
i++;
|
|
}
|
|
wreq.wi_len = sizeof(wsc) * i / 2;
|
|
break;
|
|
#endif /* WICACHE */
|
|
case WI_RID_SCAN_APS:
|
|
error = EINVAL;
|
|
break;
|
|
default:
|
|
error = EINVAL;
|
|
break;
|
|
}
|
|
if (error == 0) {
|
|
wreq.wi_len++;
|
|
error = copyout(&wreq, ifr->ifr_data, sizeof(wreq));
|
|
}
|
|
return error;
|
|
}
|
|
|
|
int
|
|
ieee80211_cfgset(struct ifnet *ifp, u_long cmd, caddr_t data)
|
|
{
|
|
struct ieee80211com *ic = (void *)ifp;
|
|
int i, j, len, error;
|
|
struct ifreq *ifr = (struct ifreq *)data;
|
|
struct wi_ltv_keys *keys;
|
|
struct wi_req wreq;
|
|
u_char chanlist[roundup(IEEE80211_CHAN_MAX, NBBY)];
|
|
|
|
error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
|
|
if (error)
|
|
return error;
|
|
if (wreq.wi_len-- < 1)
|
|
return EINVAL;
|
|
switch (wreq.wi_type) {
|
|
case WI_RID_SERIALNO:
|
|
case WI_RID_NODENAME:
|
|
return EPERM;
|
|
case WI_RID_CURRENT_SSID:
|
|
return EPERM;
|
|
case WI_RID_OWN_SSID:
|
|
case WI_RID_DESIRED_SSID:
|
|
len = le16toh(wreq.wi_val[0]);
|
|
if (wreq.wi_len < (1 + len + 1) / 2)
|
|
return EINVAL;
|
|
if (len > IEEE80211_NWID_LEN)
|
|
return EINVAL;
|
|
ic->ic_des_esslen = len;
|
|
memset(ic->ic_des_essid, 0, sizeof(ic->ic_des_essid));
|
|
memcpy(ic->ic_des_essid, &wreq.wi_val[1], len);
|
|
error = ENETRESET;
|
|
break;
|
|
case WI_RID_CURRENT_BSSID:
|
|
return EPERM;
|
|
case WI_RID_OWN_CHNL:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
i = le16toh(wreq.wi_val[0]);
|
|
if (isclr(ic->ic_chan_active, i))
|
|
return EINVAL;
|
|
ic->ic_ibss_chan = i;
|
|
if (ic->ic_flags & IEEE80211_F_SIBSS)
|
|
error = ENETRESET;
|
|
break;
|
|
case WI_RID_CURRENT_CHAN:
|
|
return EPERM;
|
|
case WI_RID_COMMS_QUALITY:
|
|
return EPERM;
|
|
case WI_RID_PROMISC:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
if (ifp->if_flags & IFF_PROMISC) {
|
|
if (wreq.wi_val[0] == 0) {
|
|
ifp->if_flags &= ~IFF_PROMISC;
|
|
error = ENETRESET;
|
|
}
|
|
} else {
|
|
if (wreq.wi_val[0] != 0) {
|
|
ifp->if_flags |= IFF_PROMISC;
|
|
error = ENETRESET;
|
|
}
|
|
}
|
|
break;
|
|
case WI_RID_PORTTYPE:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
switch (le16toh(wreq.wi_val[0])) {
|
|
case 1:
|
|
if (ic->ic_flags & IEEE80211_F_ADHOC) {
|
|
ic->ic_flags &= ~IEEE80211_F_ADHOC;
|
|
error = ENETRESET;
|
|
}
|
|
break;
|
|
case 2:
|
|
if ((ic->ic_flags & IEEE80211_F_ADHOC) == 0) {
|
|
ic->ic_flags |= IEEE80211_F_ADHOC;
|
|
error = ENETRESET;
|
|
}
|
|
break;
|
|
default:
|
|
return EINVAL;
|
|
}
|
|
break;
|
|
case WI_RID_MAC_NODE:
|
|
/* XXX: should be implemented? */
|
|
return EPERM;
|
|
case WI_RID_TX_RATE:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
if (wreq.wi_val[0] == 0) {
|
|
/* auto */
|
|
ic->ic_fixed_rate = -1;
|
|
break;
|
|
}
|
|
for (i = 0; i < IEEE80211_RATE_SIZE; i++) {
|
|
if (le16toh(wreq.wi_val[0]) ==
|
|
(ic->ic_sup_rates[i] & IEEE80211_RATE_VAL) / 2)
|
|
break;
|
|
}
|
|
if (i == IEEE80211_RATE_SIZE)
|
|
return EINVAL;
|
|
ic->ic_fixed_rate = i;
|
|
error = ENETRESET;
|
|
break;
|
|
case WI_RID_CUR_TX_RATE:
|
|
return EPERM;
|
|
break;
|
|
case WI_RID_RTS_THRESH:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
if (le16toh(wreq.wi_val[0]) != IEEE80211_MAX_LEN)
|
|
return EINVAL; /* TODO: RTS */
|
|
break;
|
|
case WI_RID_CREATE_IBSS:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
if (wreq.wi_val[0] != 0) {
|
|
if ((ic->ic_flags & IEEE80211_F_HASIBSS) == 0)
|
|
return EINVAL;
|
|
if ((ic->ic_flags & IEEE80211_F_IBSSON) == 0) {
|
|
ic->ic_flags |= IEEE80211_F_IBSSON;
|
|
if ((ic->ic_flags & IEEE80211_F_ADHOC) &&
|
|
ic->ic_state == IEEE80211_S_SCAN)
|
|
error = ENETRESET;
|
|
}
|
|
} else {
|
|
if (ic->ic_flags & IEEE80211_F_IBSSON) {
|
|
ic->ic_flags &= ~IEEE80211_F_IBSSON;
|
|
if (ic->ic_flags & IEEE80211_F_SIBSS) {
|
|
ic->ic_flags &= ~IEEE80211_F_SIBSS;
|
|
error = ENETRESET;
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
case WI_RID_MICROWAVE_OVEN:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
if (wreq.wi_val[0] != 0)
|
|
return EINVAL; /* not supported */
|
|
break;
|
|
case WI_RID_ROAMING_MODE:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
if (le16toh(wreq.wi_val[0]) != 1)
|
|
return EINVAL; /* not supported */
|
|
break;
|
|
case WI_RID_SYSTEM_SCALE:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
if (le16toh(wreq.wi_val[0]) != 1)
|
|
return EINVAL; /* not supported */
|
|
break;
|
|
case WI_RID_PM_ENABLED:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
if (wreq.wi_val[0] != 0) {
|
|
if ((ic->ic_flags & IEEE80211_F_HASPMGT) == 0)
|
|
return EINVAL;
|
|
if ((ic->ic_flags & IEEE80211_F_PMGTON) == 0) {
|
|
ic->ic_flags |= IEEE80211_F_PMGTON;
|
|
error = ENETRESET;
|
|
}
|
|
} else {
|
|
if (ic->ic_flags & IEEE80211_F_PMGTON) {
|
|
ic->ic_flags &= ~IEEE80211_F_PMGTON;
|
|
error = ENETRESET;
|
|
}
|
|
}
|
|
break;
|
|
case WI_RID_MAX_SLEEP:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
ic->ic_lintval = le16toh(wreq.wi_val[0]);
|
|
if (ic->ic_flags & IEEE80211_F_PMGTON)
|
|
error = ENETRESET;
|
|
break;
|
|
case WI_RID_OWN_BEACON_INT:
|
|
return EPERM;
|
|
case WI_RID_WEP_AVAIL:
|
|
return EPERM;
|
|
case WI_RID_CNFAUTHMODE:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
if (le16toh(wreq.wi_val[0]) != 1)
|
|
return EINVAL; /* TODO: shared key auth */
|
|
break;
|
|
case WI_RID_ENCRYPTION:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
if (wreq.wi_val[0] != 0) {
|
|
if ((ic->ic_flags & IEEE80211_F_HASWEP) == 0)
|
|
return EINVAL;
|
|
if ((ic->ic_flags & IEEE80211_F_WEPON) == 0) {
|
|
ic->ic_flags |= IEEE80211_F_WEPON;
|
|
error = ENETRESET;
|
|
}
|
|
} else {
|
|
if (ic->ic_flags & IEEE80211_F_WEPON) {
|
|
ic->ic_flags &= ~IEEE80211_F_WEPON;
|
|
error = ENETRESET;
|
|
}
|
|
}
|
|
break;
|
|
case WI_RID_TX_CRYPT_KEY:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
i = le16toh(wreq.wi_val[0]);
|
|
if (i >= IEEE80211_WEP_NKID)
|
|
return EINVAL;
|
|
ic->ic_wep_txkey = i;
|
|
break;
|
|
case WI_RID_DEFLT_CRYPT_KEYS:
|
|
if (wreq.wi_len != sizeof(struct wi_ltv_keys) / 2)
|
|
return EINVAL;
|
|
keys = (struct wi_ltv_keys *)&wreq;
|
|
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
|
|
len = le16toh(keys->wi_keys[i].wi_keylen);
|
|
if (len != 0 && len < IEEE80211_WEP_KEYLEN)
|
|
return EINVAL;
|
|
if (len > sizeof(ic->ic_nw_keys[i].wk_key))
|
|
return EINVAL;
|
|
}
|
|
memset(ic->ic_nw_keys, 0, sizeof(ic->ic_nw_keys));
|
|
for (i = 0; i < IEEE80211_WEP_NKID; i++) {
|
|
len = le16toh(keys->wi_keys[i].wi_keylen);
|
|
ic->ic_nw_keys[i].wk_len = len;
|
|
memcpy(ic->ic_nw_keys[i].wk_key,
|
|
keys->wi_keys[i].wi_keydat, len);
|
|
}
|
|
error = ENETRESET;
|
|
break;
|
|
case WI_RID_MAX_DATALEN:
|
|
if (wreq.wi_len != 1)
|
|
return EINVAL;
|
|
len = le16toh(wreq.wi_val[0]);
|
|
if (len < 350 /* ? */ || len > IEEE80211_MAX_LEN)
|
|
return EINVAL;
|
|
if (len != IEEE80211_MAX_LEN)
|
|
return EINVAL; /* TODO: fragment */
|
|
break;
|
|
case WI_RID_IFACE_STATS:
|
|
error = EPERM;
|
|
break;
|
|
case WI_RID_SCAN_APS:
|
|
wreq.wi_len -= 2; /* XXX: tx rate? */
|
|
/* FALLTHRU */
|
|
case WI_RID_CHANNEL_LIST:
|
|
memset(chanlist, 0, sizeof(chanlist));
|
|
/*
|
|
* Since channel 0 is not available for DS, channel 1
|
|
* is assigned to LSB on WaveLAN.
|
|
*/
|
|
if (ic->ic_flags & IEEE80211_F_DS)
|
|
i = 1;
|
|
else
|
|
i = 0;
|
|
for (j = 0; i <= IEEE80211_CHAN_MAX; i++, j++) {
|
|
if (j / 16 >= wreq.wi_len)
|
|
break;
|
|
if (isclr((u_int8_t *)wreq.wi_val, j))
|
|
continue;
|
|
if (isclr(ic->ic_chan_avail, i)) {
|
|
if (wreq.wi_type == WI_RID_CHANNEL_LIST)
|
|
error = EPERM;
|
|
else
|
|
continue;
|
|
}
|
|
setbit(chanlist, i);
|
|
}
|
|
if (error == EPERM && ic->ic_chancheck != NULL)
|
|
error = (*ic->ic_chancheck)(ic->ic_softc, chanlist);
|
|
if (error)
|
|
return error;
|
|
memcpy(ic->ic_chan_active, chanlist,
|
|
sizeof(ic->ic_chan_active));
|
|
if (isclr(chanlist, ic->ic_ibss_chan)) {
|
|
for (i = 0; i <= IEEE80211_CHAN_MAX; i++)
|
|
if (isset(chanlist, i)) {
|
|
ic->ic_ibss_chan = i;
|
|
break;
|
|
}
|
|
}
|
|
if (isclr(chanlist, ic->ic_bss.bs_chan))
|
|
ic->ic_bss.bs_chan = ic->ic_ibss_chan;
|
|
if (wreq.wi_type == WI_RID_CHANNEL_LIST)
|
|
error = ENETRESET;
|
|
else {
|
|
ic->ic_flags |= IEEE80211_F_SCANAP;
|
|
error = ieee80211_new_state(ifp, IEEE80211_S_SCAN, -1);
|
|
}
|
|
break;
|
|
default:
|
|
error = EINVAL;
|
|
break;
|
|
}
|
|
return error;
|
|
}
|