ieee80211_input.c revision 1.32
1 1.32 dyoung /* $NetBSD: ieee80211_input.c,v 1.32 2004/07/28 08:12:49 dyoung Exp $ */ 2 1.1 dyoung /*- 3 1.1 dyoung * Copyright (c) 2001 Atsushi Onoe 4 1.1 dyoung * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 5 1.1 dyoung * All rights reserved. 6 1.1 dyoung * 7 1.1 dyoung * Redistribution and use in source and binary forms, with or without 8 1.1 dyoung * modification, are permitted provided that the following conditions 9 1.1 dyoung * are met: 10 1.1 dyoung * 1. Redistributions of source code must retain the above copyright 11 1.1 dyoung * notice, this list of conditions and the following disclaimer. 12 1.1 dyoung * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 dyoung * notice, this list of conditions and the following disclaimer in the 14 1.1 dyoung * documentation and/or other materials provided with the distribution. 15 1.1 dyoung * 3. The name of the author may not be used to endorse or promote products 16 1.1 dyoung * derived from this software without specific prior written permission. 17 1.1 dyoung * 18 1.1 dyoung * Alternatively, this software may be distributed under the terms of the 19 1.1 dyoung * GNU General Public License ("GPL") version 2 as published by the Free 20 1.1 dyoung * Software Foundation. 21 1.1 dyoung * 22 1.1 dyoung * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 1.1 dyoung * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 1.1 dyoung * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 1.1 dyoung * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 1.1 dyoung * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 1.1 dyoung * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 1.1 dyoung * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 1.1 dyoung * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 1.1 dyoung * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 1.1 dyoung * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 1.1 dyoung */ 33 1.1 dyoung 34 1.1 dyoung #include <sys/cdefs.h> 35 1.3 dyoung #ifdef __FreeBSD__ 36 1.22 dyoung __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_input.c,v 1.20 2004/04/02 23:35:24 sam Exp $"); 37 1.3 dyoung #else 38 1.32 dyoung __KERNEL_RCSID(0, "$NetBSD: ieee80211_input.c,v 1.32 2004/07/28 08:12:49 dyoung Exp $"); 39 1.3 dyoung #endif 40 1.1 dyoung 41 1.1 dyoung #include "opt_inet.h" 42 1.1 dyoung 43 1.5 dyoung #ifdef __NetBSD__ 44 1.5 dyoung #include "bpfilter.h" 45 1.5 dyoung #endif /* __NetBSD__ */ 46 1.5 dyoung 47 1.1 dyoung #include <sys/param.h> 48 1.1 dyoung #include <sys/systm.h> 49 1.1 dyoung #include <sys/mbuf.h> 50 1.1 dyoung #include <sys/malloc.h> 51 1.1 dyoung #include <sys/kernel.h> 52 1.1 dyoung #include <sys/socket.h> 53 1.1 dyoung #include <sys/sockio.h> 54 1.1 dyoung #include <sys/endian.h> 55 1.1 dyoung #include <sys/errno.h> 56 1.4 dyoung #ifdef __FreeBSD__ 57 1.1 dyoung #include <sys/bus.h> 58 1.4 dyoung #endif 59 1.1 dyoung #include <sys/proc.h> 60 1.1 dyoung #include <sys/sysctl.h> 61 1.1 dyoung 62 1.2 dyoung #ifdef __FreeBSD__ 63 1.1 dyoung #include <machine/atomic.h> 64 1.2 dyoung #endif 65 1.1 dyoung 66 1.1 dyoung #include <net/if.h> 67 1.1 dyoung #include <net/if_dl.h> 68 1.1 dyoung #include <net/if_media.h> 69 1.1 dyoung #include <net/if_arp.h> 70 1.2 dyoung #ifdef __FreeBSD__ 71 1.1 dyoung #include <net/ethernet.h> 72 1.4 dyoung #else 73 1.4 dyoung #include <net/if_ether.h> 74 1.2 dyoung #endif 75 1.1 dyoung #include <net/if_llc.h> 76 1.1 dyoung 77 1.1 dyoung #include <net80211/ieee80211_var.h> 78 1.4 dyoung #include <net80211/ieee80211_compat.h> 79 1.1 dyoung 80 1.5 dyoung #if NBPFILTER > 0 81 1.1 dyoung #include <net/bpf.h> 82 1.5 dyoung #endif 83 1.1 dyoung 84 1.1 dyoung #ifdef INET 85 1.1 dyoung #include <netinet/in.h> 86 1.4 dyoung #ifdef __FreeBSD__ 87 1.1 dyoung #include <netinet/if_ether.h> 88 1.4 dyoung #else 89 1.4 dyoung #include <net/if_ether.h> 90 1.4 dyoung #endif 91 1.1 dyoung #endif 92 1.1 dyoung 93 1.31 dyoung const struct timeval ieee80211_merge_print_intvl = {.tv_sec = 1, .tv_usec = 0}; 94 1.31 dyoung 95 1.5 dyoung static void ieee80211_recv_pspoll(struct ieee80211com *, 96 1.5 dyoung struct mbuf *, int, u_int32_t); 97 1.5 dyoung 98 1.26 mycroft #ifdef IEEE80211_DEBUG 99 1.26 mycroft /* 100 1.26 mycroft * Decide if a received management frame should be 101 1.26 mycroft * printed when debugging is enabled. This filters some 102 1.26 mycroft * of the less interesting frames that come frequently 103 1.26 mycroft * (e.g. beacons). 104 1.26 mycroft */ 105 1.26 mycroft static __inline int 106 1.26 mycroft doprint(struct ieee80211com *ic, int subtype) 107 1.26 mycroft { 108 1.26 mycroft switch (subtype) { 109 1.26 mycroft case IEEE80211_FC0_SUBTYPE_BEACON: 110 1.26 mycroft return (ic->ic_state == IEEE80211_S_SCAN); 111 1.26 mycroft case IEEE80211_FC0_SUBTYPE_PROBE_REQ: 112 1.26 mycroft return (ic->ic_opmode == IEEE80211_M_IBSS); 113 1.26 mycroft } 114 1.26 mycroft return 1; 115 1.26 mycroft } 116 1.26 mycroft #endif 117 1.26 mycroft 118 1.1 dyoung /* 119 1.1 dyoung * Process a received frame. The node associated with the sender 120 1.1 dyoung * should be supplied. If nothing was found in the node table then 121 1.1 dyoung * the caller is assumed to supply a reference to ic_bss instead. 122 1.1 dyoung * The RSSI and a timestamp are also supplied. The RSSI data is used 123 1.1 dyoung * during AP scanning to select a AP to associate with; it can have 124 1.1 dyoung * any units so long as values have consistent units and higher values 125 1.1 dyoung * mean ``better signal''. The receive timestamp is currently not used 126 1.1 dyoung * by the 802.11 layer. 127 1.1 dyoung */ 128 1.1 dyoung void 129 1.1 dyoung ieee80211_input(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node *ni, 130 1.1 dyoung int rssi, u_int32_t rstamp) 131 1.1 dyoung { 132 1.1 dyoung struct ieee80211com *ic = (void *)ifp; 133 1.1 dyoung struct ieee80211_frame *wh; 134 1.1 dyoung struct ether_header *eh; 135 1.1 dyoung struct mbuf *m1; 136 1.1 dyoung int len; 137 1.16 dyoung u_int8_t dir, type, subtype; 138 1.1 dyoung u_int8_t *bssid; 139 1.1 dyoung u_int16_t rxseq; 140 1.6 dyoung ALTQ_DECL(struct altq_pktattr pktattr;) 141 1.1 dyoung 142 1.17 dyoung IASSERT(ni != NULL, ("null node")); 143 1.1 dyoung 144 1.16 dyoung /* trim CRC here so WEP can find its own CRC at the end of packet. */ 145 1.1 dyoung if (m->m_flags & M_HASFCS) { 146 1.1 dyoung m_adj(m, -IEEE80211_CRC_LEN); 147 1.1 dyoung m->m_flags &= ~M_HASFCS; 148 1.1 dyoung } 149 1.16 dyoung 150 1.16 dyoung /* 151 1.16 dyoung * In monitor mode, send everything directly to bpf. 152 1.18 dyoung * Also do not process frames w/o i_addr2 any further. 153 1.16 dyoung * XXX may want to include the CRC 154 1.16 dyoung */ 155 1.18 dyoung if (ic->ic_opmode == IEEE80211_M_MONITOR || 156 1.18 dyoung m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) 157 1.16 dyoung goto out; 158 1.1 dyoung 159 1.1 dyoung wh = mtod(m, struct ieee80211_frame *); 160 1.1 dyoung if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 161 1.1 dyoung IEEE80211_FC0_VERSION_0) { 162 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 163 1.25 mycroft ("receive packet with wrong version: %x\n", 164 1.25 mycroft wh->i_fc[0])); 165 1.16 dyoung ic->ic_stats.is_rx_badversion++; 166 1.1 dyoung goto err; 167 1.1 dyoung } 168 1.1 dyoung 169 1.1 dyoung dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK; 170 1.16 dyoung type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 171 1.16 dyoung /* 172 1.16 dyoung * NB: We are not yet prepared to handle control frames, 173 1.16 dyoung * but permitting drivers to send them to us allows 174 1.16 dyoung * them to go through bpf tapping at the 802.11 layer. 175 1.16 dyoung */ 176 1.16 dyoung if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) { 177 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 178 1.25 mycroft ("%s: frame too short, len %u\n", 179 1.16 dyoung __func__, m->m_pkthdr.len)); 180 1.16 dyoung ic->ic_stats.is_rx_tooshort++; 181 1.25 mycroft goto out; 182 1.16 dyoung } 183 1.1 dyoung if (ic->ic_state != IEEE80211_S_SCAN) { 184 1.1 dyoung switch (ic->ic_opmode) { 185 1.1 dyoung case IEEE80211_M_STA: 186 1.1 dyoung if (!IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_bssid)) { 187 1.16 dyoung /* not interested in */ 188 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_INPUT, 189 1.25 mycroft ("%s: discard frame from " 190 1.1 dyoung "bss %s\n", __func__, 191 1.1 dyoung ether_sprintf(wh->i_addr2))); 192 1.16 dyoung ic->ic_stats.is_rx_wrongbss++; 193 1.1 dyoung goto out; 194 1.1 dyoung } 195 1.1 dyoung break; 196 1.1 dyoung case IEEE80211_M_IBSS: 197 1.1 dyoung case IEEE80211_M_AHDEMO: 198 1.1 dyoung case IEEE80211_M_HOSTAP: 199 1.1 dyoung if (dir == IEEE80211_FC1_DIR_NODS) 200 1.1 dyoung bssid = wh->i_addr3; 201 1.1 dyoung else 202 1.1 dyoung bssid = wh->i_addr1; 203 1.1 dyoung if (!IEEE80211_ADDR_EQ(bssid, ic->ic_bss->ni_bssid) && 204 1.5 dyoung !IEEE80211_ADDR_EQ(bssid, ifp->if_broadcastaddr) && 205 1.10 dyoung (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 206 1.10 dyoung IEEE80211_FC0_TYPE_DATA) { 207 1.1 dyoung /* not interested in */ 208 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_INPUT, 209 1.25 mycroft ("%s: discard data frame from bss %s\n", 210 1.25 mycroft __func__, ether_sprintf(bssid))); 211 1.16 dyoung ic->ic_stats.is_rx_wrongbss++; 212 1.1 dyoung goto out; 213 1.1 dyoung } 214 1.1 dyoung break; 215 1.1 dyoung case IEEE80211_M_MONITOR: 216 1.1 dyoung goto out; 217 1.1 dyoung default: 218 1.1 dyoung /* XXX catch bad values */ 219 1.1 dyoung break; 220 1.1 dyoung } 221 1.1 dyoung ni->ni_rssi = rssi; 222 1.1 dyoung ni->ni_rstamp = rstamp; 223 1.1 dyoung rxseq = ni->ni_rxseq; 224 1.1 dyoung ni->ni_rxseq = 225 1.1 dyoung le16toh(*(u_int16_t *)wh->i_seq) >> IEEE80211_SEQ_SEQ_SHIFT; 226 1.1 dyoung /* TODO: fragment */ 227 1.1 dyoung if ((wh->i_fc[1] & IEEE80211_FC1_RETRY) && 228 1.1 dyoung rxseq == ni->ni_rxseq) { 229 1.1 dyoung /* duplicate, silently discarded */ 230 1.16 dyoung ic->ic_stats.is_rx_dup++; /* XXX per-station stat */ 231 1.1 dyoung goto out; 232 1.1 dyoung } 233 1.1 dyoung ni->ni_inact = 0; 234 1.1 dyoung } 235 1.1 dyoung 236 1.5 dyoung if (ic->ic_set_tim != NULL && 237 1.5 dyoung (wh->i_fc[1] & IEEE80211_FC1_PWR_MGT) 238 1.5 dyoung && ni->ni_pwrsave == 0) { 239 1.5 dyoung /* turn on power save mode */ 240 1.5 dyoung 241 1.5 dyoung if (ifp->if_flags & IFF_DEBUG) 242 1.5 dyoung printf("%s: power save mode on for %s\n", 243 1.5 dyoung ifp->if_xname, ether_sprintf(wh->i_addr2)); 244 1.5 dyoung 245 1.5 dyoung ni->ni_pwrsave = IEEE80211_PS_SLEEP; 246 1.5 dyoung } 247 1.5 dyoung if (ic->ic_set_tim != NULL && 248 1.5 dyoung (wh->i_fc[1] & IEEE80211_FC1_PWR_MGT) == 0 && 249 1.5 dyoung ni->ni_pwrsave != 0) { 250 1.5 dyoung /* turn off power save mode, dequeue stored packets */ 251 1.5 dyoung 252 1.5 dyoung ni->ni_pwrsave = 0; 253 1.5 dyoung if (ic->ic_set_tim) 254 1.5 dyoung ic->ic_set_tim(ic, ni->ni_associd, 0); 255 1.5 dyoung 256 1.5 dyoung if (ifp->if_flags & IFF_DEBUG) 257 1.5 dyoung printf("%s: power save mode off for %s\n", 258 1.5 dyoung ifp->if_xname, ether_sprintf(wh->i_addr2)); 259 1.5 dyoung 260 1.5 dyoung while (!IF_IS_EMPTY(&ni->ni_savedq)) { 261 1.5 dyoung struct mbuf *m; 262 1.5 dyoung IF_DEQUEUE(&ni->ni_savedq, m); 263 1.5 dyoung IF_ENQUEUE(&ic->ic_pwrsaveq, m); 264 1.5 dyoung (*ifp->if_start)(ifp); 265 1.5 dyoung } 266 1.5 dyoung } 267 1.5 dyoung 268 1.16 dyoung switch (type) { 269 1.1 dyoung case IEEE80211_FC0_TYPE_DATA: 270 1.1 dyoung switch (ic->ic_opmode) { 271 1.1 dyoung case IEEE80211_M_STA: 272 1.16 dyoung if (dir != IEEE80211_FC1_DIR_FROMDS) { 273 1.16 dyoung ic->ic_stats.is_rx_wrongdir++; 274 1.1 dyoung goto out; 275 1.16 dyoung } 276 1.1 dyoung if ((ifp->if_flags & IFF_SIMPLEX) && 277 1.1 dyoung IEEE80211_IS_MULTICAST(wh->i_addr1) && 278 1.1 dyoung IEEE80211_ADDR_EQ(wh->i_addr3, ic->ic_myaddr)) { 279 1.1 dyoung /* 280 1.1 dyoung * In IEEE802.11 network, multicast packet 281 1.1 dyoung * sent from me is broadcasted from AP. 282 1.1 dyoung * It should be silently discarded for 283 1.1 dyoung * SIMPLEX interface. 284 1.1 dyoung */ 285 1.16 dyoung ic->ic_stats.is_rx_mcastecho++; 286 1.1 dyoung goto out; 287 1.1 dyoung } 288 1.1 dyoung break; 289 1.1 dyoung case IEEE80211_M_IBSS: 290 1.1 dyoung case IEEE80211_M_AHDEMO: 291 1.16 dyoung if (dir != IEEE80211_FC1_DIR_NODS) { 292 1.16 dyoung ic->ic_stats.is_rx_wrongdir++; 293 1.1 dyoung goto out; 294 1.16 dyoung } 295 1.1 dyoung break; 296 1.1 dyoung case IEEE80211_M_HOSTAP: 297 1.16 dyoung if (dir != IEEE80211_FC1_DIR_TODS) { 298 1.16 dyoung ic->ic_stats.is_rx_wrongdir++; 299 1.1 dyoung goto out; 300 1.16 dyoung } 301 1.1 dyoung /* check if source STA is associated */ 302 1.1 dyoung if (ni == ic->ic_bss) { 303 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_INPUT, 304 1.25 mycroft ("%s: data from unknown src %s\n", 305 1.25 mycroft __func__, ether_sprintf(wh->i_addr2))); 306 1.1 dyoung /* NB: caller deals with reference */ 307 1.1 dyoung ni = ieee80211_dup_bss(ic, wh->i_addr2); 308 1.1 dyoung if (ni != NULL) { 309 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, 310 1.1 dyoung IEEE80211_FC0_SUBTYPE_DEAUTH, 311 1.1 dyoung IEEE80211_REASON_NOT_AUTHED); 312 1.1 dyoung ieee80211_free_node(ic, ni); 313 1.1 dyoung } 314 1.16 dyoung ic->ic_stats.is_rx_notassoc++; 315 1.1 dyoung goto err; 316 1.1 dyoung } 317 1.1 dyoung if (ni->ni_associd == 0) { 318 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_INPUT, 319 1.25 mycroft ("%s: data from unassoc src %s\n", 320 1.25 mycroft __func__, ether_sprintf(wh->i_addr2))); 321 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, 322 1.1 dyoung IEEE80211_FC0_SUBTYPE_DISASSOC, 323 1.1 dyoung IEEE80211_REASON_NOT_ASSOCED); 324 1.1 dyoung ieee80211_unref_node(&ni); 325 1.16 dyoung ic->ic_stats.is_rx_notassoc++; 326 1.1 dyoung goto err; 327 1.1 dyoung } 328 1.1 dyoung break; 329 1.1 dyoung case IEEE80211_M_MONITOR: 330 1.1 dyoung break; 331 1.1 dyoung } 332 1.1 dyoung if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 333 1.28 mycroft if (ic->ic_flags & IEEE80211_F_PRIVACY) { 334 1.1 dyoung m = ieee80211_wep_crypt(ifp, m, 0); 335 1.16 dyoung if (m == NULL) { 336 1.16 dyoung ic->ic_stats.is_rx_wepfail++; 337 1.1 dyoung goto err; 338 1.16 dyoung } 339 1.1 dyoung wh = mtod(m, struct ieee80211_frame *); 340 1.16 dyoung } else { 341 1.16 dyoung ic->ic_stats.is_rx_nowep++; 342 1.1 dyoung goto out; 343 1.16 dyoung } 344 1.1 dyoung } 345 1.5 dyoung #if NBPFILTER > 0 346 1.1 dyoung /* copy to listener after decrypt */ 347 1.1 dyoung if (ic->ic_rawbpf) 348 1.1 dyoung bpf_mtap(ic->ic_rawbpf, m); 349 1.5 dyoung #endif 350 1.1 dyoung m = ieee80211_decap(ifp, m); 351 1.15 dyoung if (m == NULL) { 352 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_INPUT, 353 1.25 mycroft ("%s: decapsulation error for src %s\n", 354 1.25 mycroft __func__, ether_sprintf(wh->i_addr2))); 355 1.16 dyoung ic->ic_stats.is_rx_decap++; 356 1.1 dyoung goto err; 357 1.15 dyoung } 358 1.1 dyoung ifp->if_ipackets++; 359 1.1 dyoung 360 1.1 dyoung /* perform as a bridge within the AP */ 361 1.1 dyoung m1 = NULL; 362 1.1 dyoung if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 363 1.1 dyoung eh = mtod(m, struct ether_header *); 364 1.1 dyoung if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 365 1.1 dyoung m1 = m_copypacket(m, M_DONTWAIT); 366 1.1 dyoung if (m1 == NULL) 367 1.1 dyoung ifp->if_oerrors++; 368 1.1 dyoung else 369 1.1 dyoung m1->m_flags |= M_MCAST; 370 1.1 dyoung } else { 371 1.1 dyoung ni = ieee80211_find_node(ic, eh->ether_dhost); 372 1.1 dyoung if (ni != NULL) { 373 1.1 dyoung if (ni->ni_associd != 0) { 374 1.1 dyoung m1 = m; 375 1.1 dyoung m = NULL; 376 1.1 dyoung } 377 1.22 dyoung ieee80211_free_node(ic, ni); 378 1.1 dyoung } 379 1.1 dyoung } 380 1.1 dyoung if (m1 != NULL) { 381 1.1 dyoung #ifdef ALTQ 382 1.1 dyoung if (ALTQ_IS_ENABLED(&ifp->if_snd)) 383 1.1 dyoung altq_etherclassify(&ifp->if_snd, m1, 384 1.1 dyoung &pktattr); 385 1.1 dyoung #endif 386 1.1 dyoung len = m1->m_pkthdr.len; 387 1.1 dyoung IF_ENQUEUE(&ifp->if_snd, m1); 388 1.1 dyoung if (m != NULL) 389 1.1 dyoung ifp->if_omcasts++; 390 1.1 dyoung ifp->if_obytes += len; 391 1.1 dyoung } 392 1.1 dyoung } 393 1.5 dyoung if (m != NULL) { 394 1.5 dyoung #if NBPFILTER > 0 395 1.5 dyoung /* 396 1.5 dyoung * If we forward packet into transmitter of the AP, 397 1.5 dyoung * we don't need to duplicate for DLT_EN10MB. 398 1.5 dyoung */ 399 1.5 dyoung if (ifp->if_bpf && m1 == NULL) 400 1.5 dyoung bpf_mtap(ifp->if_bpf, m); 401 1.5 dyoung #endif 402 1.1 dyoung (*ifp->if_input)(ifp, m); 403 1.5 dyoung } 404 1.1 dyoung return; 405 1.1 dyoung 406 1.1 dyoung case IEEE80211_FC0_TYPE_MGT: 407 1.16 dyoung if (dir != IEEE80211_FC1_DIR_NODS) { 408 1.16 dyoung ic->ic_stats.is_rx_wrongdir++; 409 1.1 dyoung goto err; 410 1.16 dyoung } 411 1.16 dyoung if (ic->ic_opmode == IEEE80211_M_AHDEMO) { 412 1.16 dyoung ic->ic_stats.is_rx_ahdemo_mgt++; 413 1.1 dyoung goto out; 414 1.16 dyoung } 415 1.1 dyoung subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 416 1.1 dyoung 417 1.1 dyoung /* drop frames without interest */ 418 1.1 dyoung if (ic->ic_state == IEEE80211_S_SCAN) { 419 1.1 dyoung if (subtype != IEEE80211_FC0_SUBTYPE_BEACON && 420 1.16 dyoung subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP) { 421 1.16 dyoung ic->ic_stats.is_rx_mgtdiscard++; 422 1.1 dyoung goto out; 423 1.16 dyoung } 424 1.1 dyoung } else { 425 1.1 dyoung if (ic->ic_opmode != IEEE80211_M_IBSS && 426 1.16 dyoung subtype == IEEE80211_FC0_SUBTYPE_BEACON) { 427 1.16 dyoung ic->ic_stats.is_rx_mgtdiscard++; 428 1.1 dyoung goto out; 429 1.16 dyoung } 430 1.1 dyoung } 431 1.1 dyoung 432 1.1 dyoung #ifdef IEEE80211_DEBUG 433 1.26 mycroft if ((ieee80211_msg_debug(ic) && doprint(ic, subtype)) || 434 1.26 mycroft ieee80211_msg_dumppkts(ic)) { 435 1.26 mycroft if_printf(ifp, "received %s from %s rssi %d\n", 436 1.26 mycroft ieee80211_mgt_subtype_name[subtype 437 1.26 mycroft >> IEEE80211_FC0_SUBTYPE_SHIFT], 438 1.26 mycroft ether_sprintf(wh->i_addr2), rssi); 439 1.26 mycroft } 440 1.1 dyoung #endif 441 1.5 dyoung #if NBPFILTER > 0 442 1.1 dyoung if (ic->ic_rawbpf) 443 1.1 dyoung bpf_mtap(ic->ic_rawbpf, m); 444 1.5 dyoung #endif 445 1.1 dyoung (*ic->ic_recv_mgmt)(ic, m, ni, subtype, rssi, rstamp); 446 1.1 dyoung m_freem(m); 447 1.1 dyoung return; 448 1.1 dyoung 449 1.1 dyoung case IEEE80211_FC0_TYPE_CTL: 450 1.16 dyoung ic->ic_stats.is_rx_ctl++; 451 1.5 dyoung if (ic->ic_opmode != IEEE80211_M_HOSTAP) 452 1.5 dyoung goto out; 453 1.5 dyoung subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 454 1.5 dyoung if (subtype == IEEE80211_FC0_SUBTYPE_PS_POLL) { 455 1.16 dyoung /* XXX statistic */ 456 1.5 dyoung /* Dump out a single packet from the host */ 457 1.5 dyoung if (ifp->if_flags & IFF_DEBUG) 458 1.5 dyoung printf("%s: got power save probe from %s\n", 459 1.5 dyoung ifp->if_xname, 460 1.5 dyoung ether_sprintf(wh->i_addr2)); 461 1.5 dyoung ieee80211_recv_pspoll(ic, m, rssi, rstamp); 462 1.5 dyoung } 463 1.5 dyoung goto out; 464 1.1 dyoung default: 465 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 466 1.25 mycroft ("%s: bad frame type %x\n", __func__, type)); 467 1.1 dyoung /* should not come here */ 468 1.1 dyoung break; 469 1.1 dyoung } 470 1.1 dyoung err: 471 1.1 dyoung ifp->if_ierrors++; 472 1.1 dyoung out: 473 1.1 dyoung if (m != NULL) { 474 1.5 dyoung #if NBPFILTER > 0 475 1.1 dyoung if (ic->ic_rawbpf) 476 1.1 dyoung bpf_mtap(ic->ic_rawbpf, m); 477 1.5 dyoung #endif 478 1.1 dyoung m_freem(m); 479 1.1 dyoung } 480 1.1 dyoung } 481 1.1 dyoung 482 1.1 dyoung struct mbuf * 483 1.1 dyoung ieee80211_decap(struct ifnet *ifp, struct mbuf *m) 484 1.1 dyoung { 485 1.1 dyoung struct ether_header *eh; 486 1.1 dyoung struct ieee80211_frame wh; 487 1.1 dyoung struct llc *llc; 488 1.1 dyoung 489 1.1 dyoung if (m->m_len < sizeof(wh) + sizeof(*llc)) { 490 1.1 dyoung m = m_pullup(m, sizeof(wh) + sizeof(*llc)); 491 1.1 dyoung if (m == NULL) 492 1.1 dyoung return NULL; 493 1.1 dyoung } 494 1.1 dyoung memcpy(&wh, mtod(m, caddr_t), sizeof(wh)); 495 1.1 dyoung llc = (struct llc *)(mtod(m, caddr_t) + sizeof(wh)); 496 1.1 dyoung if (llc->llc_dsap == LLC_SNAP_LSAP && llc->llc_ssap == LLC_SNAP_LSAP && 497 1.1 dyoung llc->llc_control == LLC_UI && llc->llc_snap.org_code[0] == 0 && 498 1.1 dyoung llc->llc_snap.org_code[1] == 0 && llc->llc_snap.org_code[2] == 0) { 499 1.1 dyoung m_adj(m, sizeof(wh) + sizeof(struct llc) - sizeof(*eh)); 500 1.1 dyoung llc = NULL; 501 1.1 dyoung } else { 502 1.1 dyoung m_adj(m, sizeof(wh) - sizeof(*eh)); 503 1.1 dyoung } 504 1.1 dyoung eh = mtod(m, struct ether_header *); 505 1.1 dyoung switch (wh.i_fc[1] & IEEE80211_FC1_DIR_MASK) { 506 1.1 dyoung case IEEE80211_FC1_DIR_NODS: 507 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr1); 508 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr2); 509 1.1 dyoung break; 510 1.1 dyoung case IEEE80211_FC1_DIR_TODS: 511 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr3); 512 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr2); 513 1.1 dyoung break; 514 1.1 dyoung case IEEE80211_FC1_DIR_FROMDS: 515 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr1); 516 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr3); 517 1.1 dyoung break; 518 1.1 dyoung case IEEE80211_FC1_DIR_DSTODS: 519 1.1 dyoung /* not yet supported */ 520 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 521 1.25 mycroft ("%s: discard DS to DS frame\n", __func__)); 522 1.1 dyoung m_freem(m); 523 1.1 dyoung return NULL; 524 1.1 dyoung } 525 1.1 dyoung #ifdef ALIGNED_POINTER 526 1.1 dyoung if (!ALIGNED_POINTER(mtod(m, caddr_t) + sizeof(*eh), u_int32_t)) { 527 1.1 dyoung struct mbuf *n, *n0, **np; 528 1.1 dyoung caddr_t newdata; 529 1.1 dyoung int off, pktlen; 530 1.1 dyoung 531 1.1 dyoung n0 = NULL; 532 1.1 dyoung np = &n0; 533 1.1 dyoung off = 0; 534 1.1 dyoung pktlen = m->m_pkthdr.len; 535 1.1 dyoung while (pktlen > off) { 536 1.1 dyoung if (n0 == NULL) { 537 1.1 dyoung MGETHDR(n, M_DONTWAIT, MT_DATA); 538 1.1 dyoung if (n == NULL) { 539 1.1 dyoung m_freem(m); 540 1.1 dyoung return NULL; 541 1.1 dyoung } 542 1.4 dyoung #ifdef __FreeBSD__ 543 1.1 dyoung M_MOVE_PKTHDR(n, m); 544 1.4 dyoung #else 545 1.4 dyoung M_COPY_PKTHDR(n, m); 546 1.4 dyoung #endif 547 1.1 dyoung n->m_len = MHLEN; 548 1.1 dyoung } else { 549 1.1 dyoung MGET(n, M_DONTWAIT, MT_DATA); 550 1.1 dyoung if (n == NULL) { 551 1.1 dyoung m_freem(m); 552 1.1 dyoung m_freem(n0); 553 1.1 dyoung return NULL; 554 1.1 dyoung } 555 1.1 dyoung n->m_len = MLEN; 556 1.1 dyoung } 557 1.1 dyoung if (pktlen - off >= MINCLSIZE) { 558 1.1 dyoung MCLGET(n, M_DONTWAIT); 559 1.1 dyoung if (n->m_flags & M_EXT) 560 1.1 dyoung n->m_len = n->m_ext.ext_size; 561 1.1 dyoung } 562 1.1 dyoung if (n0 == NULL) { 563 1.1 dyoung newdata = 564 1.1 dyoung (caddr_t)ALIGN(n->m_data + sizeof(*eh)) - 565 1.1 dyoung sizeof(*eh); 566 1.1 dyoung n->m_len -= newdata - n->m_data; 567 1.1 dyoung n->m_data = newdata; 568 1.1 dyoung } 569 1.1 dyoung if (n->m_len > pktlen - off) 570 1.1 dyoung n->m_len = pktlen - off; 571 1.1 dyoung m_copydata(m, off, n->m_len, mtod(n, caddr_t)); 572 1.1 dyoung off += n->m_len; 573 1.1 dyoung *np = n; 574 1.1 dyoung np = &n->m_next; 575 1.1 dyoung } 576 1.1 dyoung m_freem(m); 577 1.1 dyoung m = n0; 578 1.1 dyoung } 579 1.1 dyoung #endif /* ALIGNED_POINTER */ 580 1.1 dyoung if (llc != NULL) { 581 1.1 dyoung eh = mtod(m, struct ether_header *); 582 1.1 dyoung eh->ether_type = htons(m->m_pkthdr.len - sizeof(*eh)); 583 1.1 dyoung } 584 1.1 dyoung return m; 585 1.1 dyoung } 586 1.1 dyoung 587 1.1 dyoung /* 588 1.1 dyoung * Install received rate set information in the node's state block. 589 1.1 dyoung */ 590 1.1 dyoung static int 591 1.1 dyoung ieee80211_setup_rates(struct ieee80211com *ic, struct ieee80211_node *ni, 592 1.1 dyoung u_int8_t *rates, u_int8_t *xrates, int flags) 593 1.1 dyoung { 594 1.1 dyoung struct ieee80211_rateset *rs = &ni->ni_rates; 595 1.1 dyoung 596 1.1 dyoung memset(rs, 0, sizeof(*rs)); 597 1.1 dyoung rs->rs_nrates = rates[1]; 598 1.1 dyoung memcpy(rs->rs_rates, rates + 2, rs->rs_nrates); 599 1.1 dyoung if (xrates != NULL) { 600 1.1 dyoung u_int8_t nxrates; 601 1.1 dyoung /* 602 1.1 dyoung * Tack on 11g extended supported rate element. 603 1.1 dyoung */ 604 1.1 dyoung nxrates = xrates[1]; 605 1.1 dyoung if (rs->rs_nrates + nxrates > IEEE80211_RATE_MAXSIZE) { 606 1.1 dyoung nxrates = IEEE80211_RATE_MAXSIZE - rs->rs_nrates; 607 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_XRATE, 608 1.25 mycroft ("%s: extended rate set too large;" 609 1.1 dyoung " only using %u of %u rates\n", 610 1.1 dyoung __func__, nxrates, xrates[1])); 611 1.16 dyoung ic->ic_stats.is_rx_rstoobig++; 612 1.1 dyoung } 613 1.1 dyoung memcpy(rs->rs_rates + rs->rs_nrates, xrates+2, nxrates); 614 1.1 dyoung rs->rs_nrates += nxrates; 615 1.1 dyoung } 616 1.1 dyoung return ieee80211_fix_rate(ic, ni, flags); 617 1.1 dyoung } 618 1.1 dyoung 619 1.1 dyoung /* Verify the existence and length of __elem or get out. */ 620 1.1 dyoung #define IEEE80211_VERIFY_ELEMENT(__elem, __maxlen) do { \ 621 1.1 dyoung if ((__elem) == NULL) { \ 622 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ELEMID, \ 623 1.25 mycroft ("%s: no " #__elem "in %s frame\n", \ 624 1.1 dyoung __func__, ieee80211_mgt_subtype_name[subtype >> \ 625 1.1 dyoung IEEE80211_FC0_SUBTYPE_SHIFT])); \ 626 1.16 dyoung ic->ic_stats.is_rx_elem_missing++; \ 627 1.1 dyoung return; \ 628 1.1 dyoung } \ 629 1.1 dyoung if ((__elem)[1] > (__maxlen)) { \ 630 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ELEMID, \ 631 1.25 mycroft ("%s: bad " #__elem " len %d in %s frame from %s\n",\ 632 1.25 mycroft __func__, (__elem)[1], \ 633 1.1 dyoung ieee80211_mgt_subtype_name[subtype >> \ 634 1.1 dyoung IEEE80211_FC0_SUBTYPE_SHIFT], \ 635 1.1 dyoung ether_sprintf(wh->i_addr2))); \ 636 1.16 dyoung ic->ic_stats.is_rx_elem_toobig++; \ 637 1.1 dyoung return; \ 638 1.1 dyoung } \ 639 1.1 dyoung } while (0) 640 1.1 dyoung 641 1.1 dyoung #define IEEE80211_VERIFY_LENGTH(_len, _minlen) do { \ 642 1.1 dyoung if ((_len) < (_minlen)) { \ 643 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ELEMID, \ 644 1.25 mycroft ("%s: %s frame too short from %s\n", \ 645 1.1 dyoung __func__, \ 646 1.1 dyoung ieee80211_mgt_subtype_name[subtype >> \ 647 1.1 dyoung IEEE80211_FC0_SUBTYPE_SHIFT], \ 648 1.1 dyoung ether_sprintf(wh->i_addr2))); \ 649 1.16 dyoung ic->ic_stats.is_rx_elem_toosmall++; \ 650 1.1 dyoung return; \ 651 1.1 dyoung } \ 652 1.1 dyoung } while (0) 653 1.1 dyoung 654 1.27 mycroft #ifdef IEEE80211_DEBUG 655 1.27 mycroft static void 656 1.27 mycroft ieee80211_ssid_mismatch(struct ieee80211com *ic, const char *tag, 657 1.27 mycroft u_int8_t mac[IEEE80211_ADDR_LEN], u_int8_t *ssid) 658 1.27 mycroft { 659 1.27 mycroft printf("[%s] %s req ssid mismatch: ", ether_sprintf(mac), tag); 660 1.27 mycroft ieee80211_print_essid(ssid + 2, ssid[1]); 661 1.27 mycroft printf("\n"); 662 1.27 mycroft } 663 1.27 mycroft 664 1.27 mycroft #define IEEE80211_VERIFY_SSID(_ni, _ssid, _packet_type) do { \ 665 1.27 mycroft if ((_ssid)[1] != 0 && \ 666 1.27 mycroft ((_ssid)[1] != (_ni)->ni_esslen || \ 667 1.27 mycroft memcmp((_ssid) + 2, (_ni)->ni_essid, (_ssid)[1]) != 0)) { \ 668 1.27 mycroft if (ieee80211_msg_input(ic)) \ 669 1.27 mycroft ieee80211_ssid_mismatch(ic, _packet_type, \ 670 1.27 mycroft wh->i_addr2, _ssid); \ 671 1.27 mycroft ic->ic_stats.is_rx_ssidmismatch++; \ 672 1.27 mycroft return; \ 673 1.27 mycroft } \ 674 1.27 mycroft } while (0) 675 1.27 mycroft #else /* !IEEE80211_DEBUG */ 676 1.27 mycroft #define IEEE80211_VERIFY_SSID(_ni, _ssid, _packet_type) do { \ 677 1.27 mycroft if ((_ssid)[1] != 0 && \ 678 1.27 mycroft ((_ssid)[1] != (_ni)->ni_esslen || \ 679 1.27 mycroft memcmp((_ssid) + 2, (_ni)->ni_essid, (_ssid)[1]) != 0)) { \ 680 1.27 mycroft ic->ic_stats.is_rx_ssidmismatch++; \ 681 1.27 mycroft return; \ 682 1.27 mycroft } \ 683 1.27 mycroft } while (0) 684 1.27 mycroft #endif /* !IEEE80211_DEBUG */ 685 1.27 mycroft 686 1.7 dyoung static void 687 1.7 dyoung ieee80211_auth_open(struct ieee80211com *ic, struct ieee80211_frame *wh, 688 1.7 dyoung struct ieee80211_node *ni, int rssi, u_int32_t rstamp, u_int16_t seq, 689 1.7 dyoung u_int16_t status) 690 1.7 dyoung { 691 1.7 dyoung int allocbs; 692 1.7 dyoung switch (ic->ic_opmode) { 693 1.7 dyoung case IEEE80211_M_IBSS: 694 1.12 mycroft if (ic->ic_state != IEEE80211_S_RUN || 695 1.16 dyoung seq != IEEE80211_AUTH_OPEN_REQUEST) { 696 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 697 1.25 mycroft ("%s: discard auth from %s; state %u, seq %u\n", 698 1.25 mycroft __func__, ether_sprintf(wh->i_addr2), 699 1.23 dyoung ic->ic_state, seq)); 700 1.16 dyoung ic->ic_stats.is_rx_bad_auth++; 701 1.7 dyoung return; 702 1.16 dyoung } 703 1.7 dyoung ieee80211_new_state(ic, IEEE80211_S_AUTH, 704 1.7 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 705 1.7 dyoung break; 706 1.7 dyoung 707 1.7 dyoung case IEEE80211_M_AHDEMO: 708 1.7 dyoung /* should not come here */ 709 1.7 dyoung break; 710 1.7 dyoung 711 1.7 dyoung case IEEE80211_M_HOSTAP: 712 1.11 mycroft if (ic->ic_state != IEEE80211_S_RUN || 713 1.16 dyoung seq != IEEE80211_AUTH_OPEN_REQUEST) { 714 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 715 1.25 mycroft ("%s: discard auth from %s; state %u, seq %u\n", 716 1.25 mycroft __func__, ether_sprintf(wh->i_addr2), 717 1.23 dyoung ic->ic_state, seq)); 718 1.16 dyoung ic->ic_stats.is_rx_bad_auth++; 719 1.7 dyoung return; 720 1.16 dyoung } 721 1.7 dyoung if (ni == ic->ic_bss) { 722 1.7 dyoung ni = ieee80211_alloc_node(ic, wh->i_addr2); 723 1.16 dyoung if (ni == NULL) { 724 1.16 dyoung ic->ic_stats.is_rx_nodealloc++; 725 1.7 dyoung return; 726 1.16 dyoung } 727 1.7 dyoung IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 728 1.7 dyoung ni->ni_rssi = rssi; 729 1.7 dyoung ni->ni_rstamp = rstamp; 730 1.7 dyoung ni->ni_chan = ic->ic_bss->ni_chan; 731 1.7 dyoung allocbs = 1; 732 1.7 dyoung } else 733 1.7 dyoung allocbs = 0; 734 1.7 dyoung IEEE80211_SEND_MGMT(ic, ni, 735 1.7 dyoung IEEE80211_FC0_SUBTYPE_AUTH, seq + 1); 736 1.26 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, 737 1.26 mycroft ("station %s %s authenticated (open)\n", 738 1.26 mycroft ether_sprintf(ni->ni_macaddr), 739 1.26 mycroft (allocbs ? "newly" : "already"))); 740 1.7 dyoung break; 741 1.26 mycroft 742 1.7 dyoung case IEEE80211_M_STA: 743 1.7 dyoung if (ic->ic_state != IEEE80211_S_AUTH || 744 1.16 dyoung seq != IEEE80211_AUTH_OPEN_RESPONSE) { 745 1.16 dyoung ic->ic_stats.is_rx_bad_auth++; 746 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 747 1.25 mycroft ("%s: discard auth from %s; state %u, seq %u\n", 748 1.25 mycroft __func__, ether_sprintf(wh->i_addr2), 749 1.23 dyoung ic->ic_state, seq)); 750 1.7 dyoung return; 751 1.16 dyoung } 752 1.7 dyoung if (status != 0) { 753 1.26 mycroft IEEE80211_DPRINTF(ic, 754 1.26 mycroft IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, 755 1.26 mycroft ("open authentication failed (reason %d) for %s\n", 756 1.7 dyoung status, 757 1.26 mycroft ether_sprintf(wh->i_addr3))); 758 1.7 dyoung if (ni != ic->ic_bss) 759 1.7 dyoung ni->ni_fails++; 760 1.16 dyoung ic->ic_stats.is_rx_auth_fail++; 761 1.7 dyoung return; 762 1.7 dyoung } 763 1.7 dyoung ieee80211_new_state(ic, IEEE80211_S_ASSOC, 764 1.7 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 765 1.7 dyoung break; 766 1.7 dyoung case IEEE80211_M_MONITOR: 767 1.7 dyoung break; 768 1.7 dyoung } 769 1.7 dyoung } 770 1.7 dyoung 771 1.7 dyoung /* TBD send appropriate responses on error? */ 772 1.7 dyoung static void 773 1.7 dyoung ieee80211_auth_shared(struct ieee80211com *ic, struct ieee80211_frame *wh, 774 1.7 dyoung u_int8_t *frm, u_int8_t *efrm, struct ieee80211_node *ni, int rssi, 775 1.7 dyoung u_int32_t rstamp, u_int16_t seq, u_int16_t status) 776 1.7 dyoung { 777 1.7 dyoung u_int8_t *challenge = NULL; 778 1.14 mycroft int allocbs, i; 779 1.7 dyoung 780 1.28 mycroft if ((ic->ic_flags & IEEE80211_F_PRIVACY) == 0) { 781 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 782 1.25 mycroft ("%s: WEP is off\n", __func__)); 783 1.7 dyoung return; 784 1.7 dyoung } 785 1.7 dyoung 786 1.7 dyoung if (frm + 1 < efrm) { 787 1.20 dyoung if (frm[1] + 2 > efrm - frm) { 788 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 789 1.25 mycroft ("%s: elt %d %d bytes too long\n", __func__, 790 1.25 mycroft frm[0], (frm[1] + 2) - (int)(efrm - frm))); 791 1.16 dyoung ic->ic_stats.is_rx_bad_auth++; 792 1.7 dyoung return; 793 1.7 dyoung } 794 1.7 dyoung if (*frm == IEEE80211_ELEMID_CHALLENGE) 795 1.7 dyoung challenge = frm; 796 1.7 dyoung frm += frm[1] + 2; 797 1.7 dyoung } 798 1.7 dyoung switch (seq) { 799 1.7 dyoung case IEEE80211_AUTH_SHARED_CHALLENGE: 800 1.7 dyoung case IEEE80211_AUTH_SHARED_RESPONSE: 801 1.7 dyoung if (challenge == NULL) { 802 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 803 1.25 mycroft ("%s: no challenge sent\n", __func__)); 804 1.16 dyoung ic->ic_stats.is_rx_bad_auth++; 805 1.7 dyoung return; 806 1.7 dyoung } 807 1.7 dyoung if (challenge[1] != IEEE80211_CHALLENGE_LEN) { 808 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 809 1.25 mycroft ("%s: bad challenge len %d\n", 810 1.25 mycroft __func__, challenge[1])); 811 1.16 dyoung ic->ic_stats.is_rx_bad_auth++; 812 1.7 dyoung return; 813 1.7 dyoung } 814 1.7 dyoung default: 815 1.7 dyoung break; 816 1.7 dyoung } 817 1.7 dyoung switch (ic->ic_opmode) { 818 1.7 dyoung case IEEE80211_M_MONITOR: 819 1.7 dyoung case IEEE80211_M_AHDEMO: 820 1.7 dyoung case IEEE80211_M_IBSS: 821 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 822 1.25 mycroft ("%s: unexpected operating mode\n", __func__)); 823 1.7 dyoung return; 824 1.7 dyoung case IEEE80211_M_HOSTAP: 825 1.7 dyoung if (ic->ic_state != IEEE80211_S_RUN) { 826 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 827 1.25 mycroft ("%s: not running\n", __func__)); 828 1.7 dyoung return; 829 1.7 dyoung } 830 1.7 dyoung switch (seq) { 831 1.7 dyoung case IEEE80211_AUTH_SHARED_REQUEST: 832 1.7 dyoung if (ni == ic->ic_bss) { 833 1.7 dyoung ni = ieee80211_alloc_node(ic, wh->i_addr2); 834 1.16 dyoung if (ni == NULL) { 835 1.16 dyoung ic->ic_stats.is_rx_nodealloc++; 836 1.7 dyoung return; 837 1.16 dyoung } 838 1.7 dyoung IEEE80211_ADDR_COPY(ni->ni_bssid, 839 1.7 dyoung ic->ic_bss->ni_bssid); 840 1.7 dyoung ni->ni_rssi = rssi; 841 1.7 dyoung ni->ni_rstamp = rstamp; 842 1.7 dyoung ni->ni_chan = ic->ic_bss->ni_chan; 843 1.7 dyoung allocbs = 1; 844 1.7 dyoung } else 845 1.7 dyoung allocbs = 0; 846 1.7 dyoung if (ni->ni_challenge == NULL) 847 1.7 dyoung ni->ni_challenge = (u_int32_t*)malloc( 848 1.7 dyoung IEEE80211_CHALLENGE_LEN, M_DEVBUF, 849 1.7 dyoung M_NOWAIT); 850 1.7 dyoung if (ni->ni_challenge == NULL) { 851 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 852 1.25 mycroft ("%s: challenge alloc failed\n", 853 1.25 mycroft __func__)); 854 1.16 dyoung /* XXX statistic */ 855 1.7 dyoung return; 856 1.7 dyoung } 857 1.7 dyoung for (i = IEEE80211_CHALLENGE_LEN / sizeof(u_int32_t); 858 1.7 dyoung --i >= 0; ) 859 1.7 dyoung ni->ni_challenge[i] = arc4random(); 860 1.25 mycroft IEEE80211_DPRINTF(ic, 861 1.25 mycroft IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, 862 1.25 mycroft ("shared key %sauth request from station %s\n", 863 1.25 mycroft (allocbs ? "" : "re"), 864 1.25 mycroft ether_sprintf(ni->ni_macaddr))); 865 1.7 dyoung break; 866 1.7 dyoung case IEEE80211_AUTH_SHARED_RESPONSE: 867 1.7 dyoung if (ni == ic->ic_bss) { 868 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 869 1.25 mycroft ("%s: unknown STA\n", __func__)); 870 1.7 dyoung return; 871 1.7 dyoung } 872 1.7 dyoung if (ni->ni_challenge == NULL) { 873 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 874 1.25 mycroft ("%s: no challenge recorded\n", 875 1.25 mycroft __func__)); 876 1.16 dyoung ic->ic_stats.is_rx_bad_auth++; 877 1.7 dyoung return; 878 1.7 dyoung } 879 1.7 dyoung if (memcmp(ni->ni_challenge, &challenge[2], 880 1.25 mycroft challenge[1]) != 0) { 881 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 882 1.25 mycroft ("%s: challenge mismatch\n", __func__)); 883 1.16 dyoung ic->ic_stats.is_rx_auth_fail++; 884 1.7 dyoung return; 885 1.7 dyoung } 886 1.25 mycroft IEEE80211_DPRINTF(ic, 887 1.25 mycroft IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, 888 1.25 mycroft ("station %s authenticated (shared key)\n", 889 1.25 mycroft ether_sprintf(ni->ni_macaddr))); 890 1.7 dyoung break; 891 1.7 dyoung default: 892 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 893 1.25 mycroft ("%s: bad shared key auth seq %d from %s\n", 894 1.25 mycroft __func__, seq, ether_sprintf(wh->i_addr2))); 895 1.16 dyoung ic->ic_stats.is_rx_bad_auth++; 896 1.7 dyoung return; 897 1.7 dyoung } 898 1.7 dyoung IEEE80211_SEND_MGMT(ic, ni, 899 1.7 dyoung IEEE80211_FC0_SUBTYPE_AUTH, seq + 1); 900 1.7 dyoung break; 901 1.7 dyoung 902 1.7 dyoung case IEEE80211_M_STA: 903 1.7 dyoung if (ic->ic_state != IEEE80211_S_AUTH) 904 1.7 dyoung return; 905 1.7 dyoung switch (seq) { 906 1.7 dyoung case IEEE80211_AUTH_SHARED_PASS: 907 1.7 dyoung if (ni->ni_challenge != NULL) { 908 1.7 dyoung FREE(ni->ni_challenge, M_DEVBUF); 909 1.7 dyoung ni->ni_challenge = NULL; 910 1.7 dyoung } 911 1.7 dyoung if (status != 0) { 912 1.25 mycroft IEEE80211_DPRINTF(ic, 913 1.25 mycroft IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, 914 1.25 mycroft ("%s: auth failed (reason %d) for %s\n", 915 1.7 dyoung __func__, status, 916 1.25 mycroft ether_sprintf(wh->i_addr3))); 917 1.7 dyoung if (ni != ic->ic_bss) 918 1.7 dyoung ni->ni_fails++; 919 1.16 dyoung ic->ic_stats.is_rx_auth_fail++; 920 1.7 dyoung return; 921 1.7 dyoung } 922 1.7 dyoung ieee80211_new_state(ic, IEEE80211_S_ASSOC, 923 1.7 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 924 1.7 dyoung break; 925 1.7 dyoung case IEEE80211_AUTH_SHARED_CHALLENGE: 926 1.7 dyoung if (ni->ni_challenge == NULL) 927 1.7 dyoung ni->ni_challenge = (u_int32_t*)malloc( 928 1.7 dyoung challenge[1], M_DEVBUF, M_NOWAIT); 929 1.7 dyoung if (ni->ni_challenge == NULL) { 930 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 931 1.25 mycroft ("%s: challenge alloc failed\n", __func__)); 932 1.16 dyoung /* XXX statistic */ 933 1.7 dyoung return; 934 1.7 dyoung } 935 1.7 dyoung memcpy(ni->ni_challenge, &challenge[2], challenge[1]); 936 1.20 dyoung IEEE80211_SEND_MGMT(ic, ni, 937 1.20 dyoung IEEE80211_FC0_SUBTYPE_AUTH, seq + 1); 938 1.7 dyoung break; 939 1.7 dyoung default: 940 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 941 1.25 mycroft ("%s: bad seq %d from %s\n", __func__, seq, 942 1.25 mycroft ether_sprintf(wh->i_addr2))); 943 1.16 dyoung ic->ic_stats.is_rx_bad_auth++; 944 1.7 dyoung return; 945 1.7 dyoung } 946 1.7 dyoung break; 947 1.7 dyoung } 948 1.7 dyoung } 949 1.7 dyoung 950 1.1 dyoung void 951 1.1 dyoung ieee80211_recv_mgmt(struct ieee80211com *ic, struct mbuf *m0, 952 1.1 dyoung struct ieee80211_node *ni, 953 1.1 dyoung int subtype, int rssi, u_int32_t rstamp) 954 1.1 dyoung { 955 1.26 mycroft #define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 956 1.26 mycroft #define ISREASSOC(_st) ((_st) == IEEE80211_FC0_SUBTYPE_REASSOC_RESP) 957 1.1 dyoung struct ieee80211_frame *wh; 958 1.1 dyoung u_int8_t *frm, *efrm; 959 1.1 dyoung u_int8_t *ssid, *rates, *xrates; 960 1.29 mycroft int reassoc, resp, allocbs; 961 1.1 dyoung 962 1.1 dyoung wh = mtod(m0, struct ieee80211_frame *); 963 1.1 dyoung frm = (u_int8_t *)&wh[1]; 964 1.1 dyoung efrm = mtod(m0, u_int8_t *) + m0->m_len; 965 1.1 dyoung switch (subtype) { 966 1.1 dyoung case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 967 1.1 dyoung case IEEE80211_FC0_SUBTYPE_BEACON: { 968 1.1 dyoung u_int8_t *tstamp, *bintval, *capinfo, *country; 969 1.1 dyoung u_int8_t chan, bchan, fhindex, erp; 970 1.1 dyoung u_int16_t fhdwell; 971 1.1 dyoung 972 1.1 dyoung if (ic->ic_opmode != IEEE80211_M_IBSS && 973 1.1 dyoung ic->ic_state != IEEE80211_S_SCAN) { 974 1.1 dyoung /* XXX: may be useful for background scan */ 975 1.1 dyoung return; 976 1.1 dyoung } 977 1.1 dyoung 978 1.1 dyoung /* 979 1.1 dyoung * beacon/probe response frame format 980 1.1 dyoung * [8] time stamp 981 1.1 dyoung * [2] beacon interval 982 1.1 dyoung * [2] capability information 983 1.1 dyoung * [tlv] ssid 984 1.1 dyoung * [tlv] supported rates 985 1.1 dyoung * [tlv] country information 986 1.1 dyoung * [tlv] parameter set (FH/DS) 987 1.1 dyoung * [tlv] erp information 988 1.1 dyoung * [tlv] extended supported rates 989 1.1 dyoung */ 990 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, 12); 991 1.1 dyoung tstamp = frm; frm += 8; 992 1.1 dyoung bintval = frm; frm += 2; 993 1.1 dyoung capinfo = frm; frm += 2; 994 1.1 dyoung ssid = rates = xrates = country = NULL; 995 1.1 dyoung bchan = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 996 1.1 dyoung chan = bchan; 997 1.1 dyoung fhdwell = 0; 998 1.1 dyoung fhindex = 0; 999 1.1 dyoung erp = 0; 1000 1.1 dyoung while (frm < efrm) { 1001 1.1 dyoung switch (*frm) { 1002 1.1 dyoung case IEEE80211_ELEMID_SSID: 1003 1.1 dyoung ssid = frm; 1004 1.1 dyoung break; 1005 1.1 dyoung case IEEE80211_ELEMID_RATES: 1006 1.1 dyoung rates = frm; 1007 1.1 dyoung break; 1008 1.1 dyoung case IEEE80211_ELEMID_COUNTRY: 1009 1.1 dyoung country = frm; 1010 1.1 dyoung break; 1011 1.1 dyoung case IEEE80211_ELEMID_FHPARMS: 1012 1.1 dyoung if (ic->ic_phytype == IEEE80211_T_FH) { 1013 1.1 dyoung fhdwell = (frm[3] << 8) | frm[2]; 1014 1.1 dyoung chan = IEEE80211_FH_CHAN(frm[4], frm[5]); 1015 1.1 dyoung fhindex = frm[6]; 1016 1.1 dyoung } 1017 1.1 dyoung break; 1018 1.1 dyoung case IEEE80211_ELEMID_DSPARMS: 1019 1.1 dyoung /* 1020 1.1 dyoung * XXX hack this since depending on phytype 1021 1.1 dyoung * is problematic for multi-mode devices. 1022 1.1 dyoung */ 1023 1.1 dyoung if (ic->ic_phytype != IEEE80211_T_FH) 1024 1.1 dyoung chan = frm[2]; 1025 1.1 dyoung break; 1026 1.1 dyoung case IEEE80211_ELEMID_TIM: 1027 1.1 dyoung break; 1028 1.22 dyoung case IEEE80211_ELEMID_IBSSPARMS: 1029 1.22 dyoung break; 1030 1.1 dyoung case IEEE80211_ELEMID_XRATES: 1031 1.1 dyoung xrates = frm; 1032 1.1 dyoung break; 1033 1.1 dyoung case IEEE80211_ELEMID_ERP: 1034 1.1 dyoung if (frm[1] != 1) { 1035 1.25 mycroft IEEE80211_DPRINTF(ic, 1036 1.25 mycroft IEEE80211_MSG_ELEMID, 1037 1.25 mycroft ("%s: invalid ERP element; " 1038 1.25 mycroft "length %u, expecting 1\n", 1039 1.25 mycroft __func__, frm[1])); 1040 1.16 dyoung ic->ic_stats.is_rx_elem_toobig++; 1041 1.1 dyoung break; 1042 1.1 dyoung } 1043 1.1 dyoung erp = frm[2]; 1044 1.1 dyoung break; 1045 1.1 dyoung default: 1046 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ELEMID, 1047 1.25 mycroft ("%s: element id %u/len %u ignored\n", 1048 1.25 mycroft __func__, *frm, frm[1])); 1049 1.16 dyoung ic->ic_stats.is_rx_elem_unknown++; 1050 1.1 dyoung break; 1051 1.1 dyoung } 1052 1.1 dyoung frm += frm[1] + 2; 1053 1.1 dyoung } 1054 1.1 dyoung IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); 1055 1.1 dyoung IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN); 1056 1.1 dyoung if ( 1057 1.1 dyoung #if IEEE80211_CHAN_MAX < 255 1058 1.1 dyoung chan > IEEE80211_CHAN_MAX || 1059 1.1 dyoung #endif 1060 1.1 dyoung isclr(ic->ic_chan_active, chan)) { 1061 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ELEMID, 1062 1.25 mycroft ("%s: ignore %s with invalid channel %u\n", 1063 1.25 mycroft __func__, 1064 1.26 mycroft ISPROBE(subtype) ? "probe response" : "beacon", 1065 1.1 dyoung chan)); 1066 1.16 dyoung ic->ic_stats.is_rx_badchan++; 1067 1.1 dyoung return; 1068 1.1 dyoung } 1069 1.19 onoe if (chan != bchan && ic->ic_phytype != IEEE80211_T_FH) { 1070 1.1 dyoung /* 1071 1.1 dyoung * Frame was received on a channel different from the 1072 1.19 onoe * one indicated in the DS params element id; 1073 1.1 dyoung * silently discard it. 1074 1.1 dyoung * 1075 1.1 dyoung * NB: this can happen due to signal leakage. 1076 1.19 onoe * But we should take it for FH phy because 1077 1.19 onoe * the rssi value should be correct even for 1078 1.19 onoe * different hop pattern in FH. 1079 1.1 dyoung */ 1080 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ELEMID, 1081 1.25 mycroft ("%s: ignore %s on channel %u marked " 1082 1.1 dyoung "for channel %u\n", __func__, 1083 1.26 mycroft ISPROBE(subtype) ? "probe response" : "beacon", 1084 1.1 dyoung bchan, chan)); 1085 1.16 dyoung ic->ic_stats.is_rx_chanmismatch++; 1086 1.1 dyoung return; 1087 1.1 dyoung } 1088 1.1 dyoung 1089 1.1 dyoung /* 1090 1.1 dyoung * Use mac and channel for lookup so we collect all 1091 1.1 dyoung * potential AP's when scanning. Otherwise we may 1092 1.1 dyoung * see the same AP on multiple channels and will only 1093 1.1 dyoung * record the last one. We could filter APs here based 1094 1.1 dyoung * on rssi, etc. but leave that to the end of the scan 1095 1.1 dyoung * so we can keep the selection criteria in one spot. 1096 1.1 dyoung * This may result in a bloat of the scanned AP list but 1097 1.1 dyoung * it shouldn't be too much. 1098 1.1 dyoung */ 1099 1.30 mycroft ni = ieee80211_find_node_with_channel(ic, wh->i_addr2, 1100 1.1 dyoung &ic->ic_channels[chan]); 1101 1.1 dyoung #ifdef IEEE80211_DEBUG 1102 1.1 dyoung if (ieee80211_debug && 1103 1.1 dyoung (ni == NULL || ic->ic_state == IEEE80211_S_SCAN)) { 1104 1.1 dyoung printf("%s: %s%s on chan %u (bss chan %u) ", 1105 1.1 dyoung __func__, (ni == NULL ? "new " : ""), 1106 1.26 mycroft ISPROBE(subtype) ? "probe response" : "beacon", 1107 1.1 dyoung chan, bchan); 1108 1.1 dyoung ieee80211_print_essid(ssid + 2, ssid[1]); 1109 1.1 dyoung printf(" from %s\n", ether_sprintf(wh->i_addr2)); 1110 1.1 dyoung printf("%s: caps 0x%x bintval %u erp 0x%x\n", 1111 1.1 dyoung __func__, le16toh(*(u_int16_t *)capinfo), 1112 1.1 dyoung le16toh(*(u_int16_t *)bintval), erp); 1113 1.4 dyoung if (country) { 1114 1.4 dyoung int i; 1115 1.4 dyoung printf("%s: country info", __func__); 1116 1.4 dyoung for (i = 0; i < country[1]; i++) 1117 1.4 dyoung printf(" %02x", country[i+2]); 1118 1.4 dyoung printf("\n"); 1119 1.4 dyoung } 1120 1.1 dyoung } 1121 1.1 dyoung #endif 1122 1.1 dyoung if (ni == NULL) { 1123 1.1 dyoung ni = ieee80211_alloc_node(ic, wh->i_addr2); 1124 1.22 dyoung if (ni == NULL) 1125 1.1 dyoung return; 1126 1.1 dyoung ni->ni_esslen = ssid[1]; 1127 1.1 dyoung memset(ni->ni_essid, 0, sizeof(ni->ni_essid)); 1128 1.1 dyoung memcpy(ni->ni_essid, ssid + 2, ssid[1]); 1129 1.22 dyoung allocbs = 1; 1130 1.26 mycroft } else if (ssid[1] != 0 && 1131 1.26 mycroft (ISPROBE(subtype) || ni->ni_esslen == 0)) { 1132 1.1 dyoung /* 1133 1.1 dyoung * Update ESSID at probe response to adopt hidden AP by 1134 1.1 dyoung * Lucent/Cisco, which announces null ESSID in beacon. 1135 1.1 dyoung */ 1136 1.1 dyoung ni->ni_esslen = ssid[1]; 1137 1.1 dyoung memset(ni->ni_essid, 0, sizeof(ni->ni_essid)); 1138 1.1 dyoung memcpy(ni->ni_essid, ssid + 2, ssid[1]); 1139 1.22 dyoung allocbs = 0; 1140 1.22 dyoung } else 1141 1.22 dyoung allocbs = 0; 1142 1.1 dyoung IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1143 1.1 dyoung ni->ni_rssi = rssi; 1144 1.1 dyoung ni->ni_rstamp = rstamp; 1145 1.1 dyoung memcpy(ni->ni_tstamp, tstamp, sizeof(ni->ni_tstamp)); 1146 1.1 dyoung ni->ni_intval = le16toh(*(u_int16_t *)bintval); 1147 1.1 dyoung ni->ni_capinfo = le16toh(*(u_int16_t *)capinfo); 1148 1.1 dyoung /* XXX validate channel # */ 1149 1.1 dyoung ni->ni_chan = &ic->ic_channels[chan]; 1150 1.1 dyoung ni->ni_fhdwell = fhdwell; 1151 1.1 dyoung ni->ni_fhindex = fhindex; 1152 1.1 dyoung ni->ni_erp = erp; 1153 1.1 dyoung /* NB: must be after ni_chan is setup */ 1154 1.1 dyoung ieee80211_setup_rates(ic, ni, rates, xrates, IEEE80211_F_DOSORT); 1155 1.22 dyoung /* 1156 1.22 dyoung * When scanning we record results (nodes) with a zero 1157 1.22 dyoung * refcnt. Otherwise we want to hold the reference for 1158 1.22 dyoung * ibss neighbors so the nodes don't get released prematurely. 1159 1.22 dyoung * Anything else can be discarded (XXX and should be handled 1160 1.22 dyoung * above so we don't do so much work). 1161 1.22 dyoung */ 1162 1.22 dyoung if (ic->ic_state == IEEE80211_S_SCAN) 1163 1.22 dyoung ieee80211_unref_node(&ni); /* NB: do not free */ 1164 1.22 dyoung else if (ic->ic_opmode == IEEE80211_M_IBSS && 1165 1.26 mycroft allocbs && ISPROBE(subtype)) { 1166 1.22 dyoung /* 1167 1.22 dyoung * Fake an association so the driver can setup it's 1168 1.22 dyoung * private state. The rate set has been setup above; 1169 1.22 dyoung * there is no handshake as in ap/station operation. 1170 1.22 dyoung */ 1171 1.22 dyoung if (ic->ic_newassoc) 1172 1.22 dyoung (*ic->ic_newassoc)(ic, ni, 1); 1173 1.22 dyoung /* NB: hold reference */ 1174 1.22 dyoung } else { 1175 1.22 dyoung /* XXX optimize to avoid work done above */ 1176 1.22 dyoung ieee80211_free_node(ic, ni); 1177 1.22 dyoung } 1178 1.1 dyoung break; 1179 1.1 dyoung } 1180 1.1 dyoung 1181 1.1 dyoung case IEEE80211_FC0_SUBTYPE_PROBE_REQ: { 1182 1.1 dyoung u_int8_t rate; 1183 1.1 dyoung 1184 1.1 dyoung if (ic->ic_opmode == IEEE80211_M_STA) 1185 1.1 dyoung return; 1186 1.1 dyoung if (ic->ic_state != IEEE80211_S_RUN) 1187 1.1 dyoung return; 1188 1.1 dyoung 1189 1.1 dyoung /* 1190 1.1 dyoung * prreq frame format 1191 1.1 dyoung * [tlv] ssid 1192 1.1 dyoung * [tlv] supported rates 1193 1.1 dyoung * [tlv] extended supported rates 1194 1.1 dyoung */ 1195 1.1 dyoung ssid = rates = xrates = NULL; 1196 1.1 dyoung while (frm < efrm) { 1197 1.1 dyoung switch (*frm) { 1198 1.1 dyoung case IEEE80211_ELEMID_SSID: 1199 1.1 dyoung ssid = frm; 1200 1.1 dyoung break; 1201 1.1 dyoung case IEEE80211_ELEMID_RATES: 1202 1.1 dyoung rates = frm; 1203 1.1 dyoung break; 1204 1.1 dyoung case IEEE80211_ELEMID_XRATES: 1205 1.1 dyoung xrates = frm; 1206 1.1 dyoung break; 1207 1.1 dyoung } 1208 1.1 dyoung frm += frm[1] + 2; 1209 1.1 dyoung } 1210 1.1 dyoung IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); 1211 1.1 dyoung IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN); 1212 1.27 mycroft IEEE80211_VERIFY_SSID(ic->ic_bss, ssid, "probe"); 1213 1.1 dyoung 1214 1.1 dyoung if (ni == ic->ic_bss) { 1215 1.1 dyoung ni = ieee80211_dup_bss(ic, wh->i_addr2); 1216 1.22 dyoung if (ni == NULL) 1217 1.1 dyoung return; 1218 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1219 1.25 mycroft ("%s: new probe req from %s\n", 1220 1.1 dyoung __func__, ether_sprintf(wh->i_addr2))); 1221 1.1 dyoung allocbs = 1; 1222 1.1 dyoung } else 1223 1.1 dyoung allocbs = 0; 1224 1.1 dyoung ni->ni_rssi = rssi; 1225 1.1 dyoung ni->ni_rstamp = rstamp; 1226 1.1 dyoung rate = ieee80211_setup_rates(ic, ni, rates, xrates, 1227 1.1 dyoung IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE 1228 1.1 dyoung | IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1229 1.1 dyoung if (rate & IEEE80211_RATE_BASIC) { 1230 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_XRATE, 1231 1.25 mycroft ("%s: rate negotiation failed: %s\n", 1232 1.1 dyoung __func__,ether_sprintf(wh->i_addr2))); 1233 1.1 dyoung } else { 1234 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, 1235 1.1 dyoung IEEE80211_FC0_SUBTYPE_PROBE_RESP, 0); 1236 1.1 dyoung } 1237 1.22 dyoung if (allocbs) 1238 1.22 dyoung ieee80211_free_node(ic, ni); 1239 1.1 dyoung break; 1240 1.1 dyoung } 1241 1.1 dyoung 1242 1.1 dyoung case IEEE80211_FC0_SUBTYPE_AUTH: { 1243 1.1 dyoung u_int16_t algo, seq, status; 1244 1.1 dyoung /* 1245 1.1 dyoung * auth frame format 1246 1.1 dyoung * [2] algorithm 1247 1.1 dyoung * [2] sequence 1248 1.1 dyoung * [2] status 1249 1.1 dyoung * [tlv*] challenge 1250 1.1 dyoung */ 1251 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, 6); 1252 1.1 dyoung algo = le16toh(*(u_int16_t *)frm); 1253 1.1 dyoung seq = le16toh(*(u_int16_t *)(frm + 2)); 1254 1.1 dyoung status = le16toh(*(u_int16_t *)(frm + 4)); 1255 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 1256 1.25 mycroft ("%s: algorithm %d seq %d from %s\n", 1257 1.25 mycroft __func__, algo, seq, ether_sprintf(wh->i_addr2))); 1258 1.7 dyoung 1259 1.7 dyoung if (algo == IEEE80211_AUTH_ALG_SHARED) 1260 1.7 dyoung ieee80211_auth_shared(ic, wh, frm + 6, efrm, ni, rssi, 1261 1.7 dyoung rstamp, seq, status); 1262 1.7 dyoung else if (algo == IEEE80211_AUTH_ALG_OPEN) 1263 1.7 dyoung ieee80211_auth_open(ic, wh, ni, rssi, rstamp, seq, 1264 1.7 dyoung status); 1265 1.7 dyoung else { 1266 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 1267 1.25 mycroft ("%s: unsupported auth algorithm %d from %s\n", 1268 1.1 dyoung __func__, algo, ether_sprintf(wh->i_addr2))); 1269 1.16 dyoung ic->ic_stats.is_rx_auth_unsupported++; 1270 1.1 dyoung return; 1271 1.22 dyoung } 1272 1.1 dyoung break; 1273 1.1 dyoung } 1274 1.1 dyoung 1275 1.1 dyoung case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 1276 1.1 dyoung case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: { 1277 1.1 dyoung u_int16_t capinfo, bintval; 1278 1.1 dyoung 1279 1.1 dyoung if (ic->ic_opmode != IEEE80211_M_HOSTAP || 1280 1.1 dyoung (ic->ic_state != IEEE80211_S_RUN)) 1281 1.1 dyoung return; 1282 1.1 dyoung 1283 1.1 dyoung if (subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 1284 1.1 dyoung reassoc = 1; 1285 1.1 dyoung resp = IEEE80211_FC0_SUBTYPE_REASSOC_RESP; 1286 1.1 dyoung } else { 1287 1.1 dyoung reassoc = 0; 1288 1.1 dyoung resp = IEEE80211_FC0_SUBTYPE_ASSOC_RESP; 1289 1.1 dyoung } 1290 1.1 dyoung /* 1291 1.1 dyoung * asreq frame format 1292 1.1 dyoung * [2] capability information 1293 1.1 dyoung * [2] listen interval 1294 1.1 dyoung * [6*] current AP address (reassoc only) 1295 1.1 dyoung * [tlv] ssid 1296 1.1 dyoung * [tlv] supported rates 1297 1.1 dyoung * [tlv] extended supported rates 1298 1.1 dyoung */ 1299 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, (reassoc ? 10 : 4)); 1300 1.1 dyoung if (!IEEE80211_ADDR_EQ(wh->i_addr3, ic->ic_bss->ni_bssid)) { 1301 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 1302 1.25 mycroft ("%s: ignore assoc request with bss %s not " 1303 1.25 mycroft "our own\n", 1304 1.1 dyoung __func__, ether_sprintf(wh->i_addr2))); 1305 1.16 dyoung ic->ic_stats.is_rx_assoc_bss++; 1306 1.1 dyoung return; 1307 1.1 dyoung } 1308 1.1 dyoung capinfo = le16toh(*(u_int16_t *)frm); frm += 2; 1309 1.1 dyoung bintval = le16toh(*(u_int16_t *)frm); frm += 2; 1310 1.1 dyoung if (reassoc) 1311 1.1 dyoung frm += 6; /* ignore current AP info */ 1312 1.1 dyoung ssid = rates = xrates = NULL; 1313 1.1 dyoung while (frm < efrm) { 1314 1.1 dyoung switch (*frm) { 1315 1.1 dyoung case IEEE80211_ELEMID_SSID: 1316 1.1 dyoung ssid = frm; 1317 1.1 dyoung break; 1318 1.1 dyoung case IEEE80211_ELEMID_RATES: 1319 1.1 dyoung rates = frm; 1320 1.1 dyoung break; 1321 1.1 dyoung case IEEE80211_ELEMID_XRATES: 1322 1.1 dyoung xrates = frm; 1323 1.1 dyoung break; 1324 1.1 dyoung } 1325 1.1 dyoung frm += frm[1] + 2; 1326 1.1 dyoung } 1327 1.1 dyoung IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); 1328 1.1 dyoung IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN); 1329 1.27 mycroft IEEE80211_VERIFY_SSID(ic->ic_bss, ssid, 1330 1.27 mycroft reassoc ? "reassoc" : "assoc"); 1331 1.27 mycroft 1332 1.1 dyoung if (ni == ic->ic_bss) { 1333 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 1334 1.27 mycroft ("%s: deny %sassoc from %s, not authenticated\n", 1335 1.27 mycroft __func__, reassoc ? "re" : "", 1336 1.27 mycroft ether_sprintf(wh->i_addr2))); 1337 1.1 dyoung ni = ieee80211_dup_bss(ic, wh->i_addr2); 1338 1.1 dyoung if (ni != NULL) { 1339 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, 1340 1.1 dyoung IEEE80211_FC0_SUBTYPE_DEAUTH, 1341 1.1 dyoung IEEE80211_REASON_ASSOC_NOT_AUTHED); 1342 1.1 dyoung ieee80211_free_node(ic, ni); 1343 1.1 dyoung } 1344 1.16 dyoung ic->ic_stats.is_rx_assoc_notauth++; 1345 1.1 dyoung return; 1346 1.7 dyoung } 1347 1.7 dyoung /* discard challenge after association */ 1348 1.7 dyoung if (ni->ni_challenge != NULL) { 1349 1.7 dyoung FREE(ni->ni_challenge, M_DEVBUF); 1350 1.7 dyoung ni->ni_challenge = NULL; 1351 1.1 dyoung } 1352 1.1 dyoung /* XXX per-node cipher suite */ 1353 1.1 dyoung /* XXX some stations use the privacy bit for handling APs 1354 1.1 dyoung that suport both encrypted and unencrypted traffic */ 1355 1.1 dyoung if ((capinfo & IEEE80211_CAPINFO_ESS) == 0 || 1356 1.1 dyoung (capinfo & IEEE80211_CAPINFO_PRIVACY) != 1357 1.28 mycroft ((ic->ic_flags & IEEE80211_F_PRIVACY) ? 1358 1.1 dyoung IEEE80211_CAPINFO_PRIVACY : 0)) { 1359 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 1360 1.25 mycroft ("%s: capability mismatch %x for %s\n", 1361 1.1 dyoung __func__, capinfo, ether_sprintf(wh->i_addr2))); 1362 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, resp, 1363 1.1 dyoung IEEE80211_STATUS_CAPINFO); 1364 1.29 mycroft ieee80211_node_leave(ic, ni); 1365 1.16 dyoung ic->ic_stats.is_rx_assoc_capmismatch++; 1366 1.1 dyoung return; 1367 1.1 dyoung } 1368 1.1 dyoung ieee80211_setup_rates(ic, ni, rates, xrates, 1369 1.1 dyoung IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1370 1.1 dyoung IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1371 1.1 dyoung if (ni->ni_rates.rs_nrates == 0) { 1372 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 1373 1.25 mycroft ("%s: rate mismatch for %s\n", 1374 1.1 dyoung __func__, ether_sprintf(wh->i_addr2))); 1375 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, resp, 1376 1.1 dyoung IEEE80211_STATUS_BASIC_RATE); 1377 1.29 mycroft ieee80211_node_leave(ic, ni); 1378 1.16 dyoung ic->ic_stats.is_rx_assoc_norate++; 1379 1.1 dyoung return; 1380 1.1 dyoung } 1381 1.1 dyoung ni->ni_rssi = rssi; 1382 1.1 dyoung ni->ni_rstamp = rstamp; 1383 1.1 dyoung ni->ni_intval = bintval; 1384 1.1 dyoung ni->ni_capinfo = capinfo; 1385 1.1 dyoung ni->ni_chan = ic->ic_bss->ni_chan; 1386 1.1 dyoung ni->ni_fhdwell = ic->ic_bss->ni_fhdwell; 1387 1.1 dyoung ni->ni_fhindex = ic->ic_bss->ni_fhindex; 1388 1.29 mycroft ieee80211_node_join(ic, ni, resp); 1389 1.1 dyoung break; 1390 1.1 dyoung } 1391 1.1 dyoung 1392 1.1 dyoung case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 1393 1.1 dyoung case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: { 1394 1.1 dyoung u_int16_t status; 1395 1.1 dyoung 1396 1.1 dyoung if (ic->ic_opmode != IEEE80211_M_STA || 1397 1.26 mycroft ic->ic_state != IEEE80211_S_ASSOC) { 1398 1.26 mycroft ic->ic_stats.is_rx_mgtdiscard++; 1399 1.1 dyoung return; 1400 1.26 mycroft } 1401 1.1 dyoung 1402 1.1 dyoung /* 1403 1.1 dyoung * asresp frame format 1404 1.1 dyoung * [2] capability information 1405 1.1 dyoung * [2] status 1406 1.1 dyoung * [2] association ID 1407 1.1 dyoung * [tlv] supported rates 1408 1.1 dyoung * [tlv] extended supported rates 1409 1.1 dyoung */ 1410 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, 6); 1411 1.1 dyoung ni = ic->ic_bss; 1412 1.1 dyoung ni->ni_capinfo = le16toh(*(u_int16_t *)frm); 1413 1.1 dyoung frm += 2; 1414 1.1 dyoung 1415 1.1 dyoung status = le16toh(*(u_int16_t *)frm); 1416 1.1 dyoung frm += 2; 1417 1.1 dyoung if (status != 0) { 1418 1.26 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1419 1.26 mycroft ("%sassociation failed (reason %d) for %s\n", 1420 1.26 mycroft ISREASSOC(subtype) ? "re" : "", 1421 1.26 mycroft status, ether_sprintf(wh->i_addr3))); 1422 1.1 dyoung if (ni != ic->ic_bss) 1423 1.1 dyoung ni->ni_fails++; 1424 1.16 dyoung ic->ic_stats.is_rx_auth_fail++; 1425 1.1 dyoung return; 1426 1.1 dyoung } 1427 1.1 dyoung ni->ni_associd = le16toh(*(u_int16_t *)frm); 1428 1.1 dyoung frm += 2; 1429 1.1 dyoung 1430 1.1 dyoung rates = xrates = NULL; 1431 1.1 dyoung while (frm < efrm) { 1432 1.1 dyoung switch (*frm) { 1433 1.1 dyoung case IEEE80211_ELEMID_RATES: 1434 1.1 dyoung rates = frm; 1435 1.1 dyoung break; 1436 1.1 dyoung case IEEE80211_ELEMID_XRATES: 1437 1.1 dyoung xrates = frm; 1438 1.1 dyoung break; 1439 1.1 dyoung } 1440 1.1 dyoung frm += frm[1] + 2; 1441 1.1 dyoung } 1442 1.1 dyoung 1443 1.1 dyoung IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); 1444 1.1 dyoung ieee80211_setup_rates(ic, ni, rates, xrates, 1445 1.1 dyoung IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1446 1.1 dyoung IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1447 1.1 dyoung if (ni->ni_rates.rs_nrates != 0) 1448 1.1 dyoung ieee80211_new_state(ic, IEEE80211_S_RUN, 1449 1.1 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 1450 1.1 dyoung break; 1451 1.1 dyoung } 1452 1.1 dyoung 1453 1.1 dyoung case IEEE80211_FC0_SUBTYPE_DEAUTH: { 1454 1.1 dyoung u_int16_t reason; 1455 1.1 dyoung /* 1456 1.1 dyoung * deauth frame format 1457 1.1 dyoung * [2] reason 1458 1.1 dyoung */ 1459 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, 2); 1460 1.1 dyoung reason = le16toh(*(u_int16_t *)frm); 1461 1.16 dyoung ic->ic_stats.is_rx_deauth++; 1462 1.1 dyoung switch (ic->ic_opmode) { 1463 1.1 dyoung case IEEE80211_M_STA: 1464 1.1 dyoung ieee80211_new_state(ic, IEEE80211_S_AUTH, 1465 1.1 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 1466 1.1 dyoung break; 1467 1.1 dyoung case IEEE80211_M_HOSTAP: 1468 1.1 dyoung if (ni != ic->ic_bss) { 1469 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, 1470 1.25 mycroft ("station %s deauthenticated by " 1471 1.25 mycroft "peer (reason %d)\n", 1472 1.25 mycroft ether_sprintf(ni->ni_macaddr), reason)); 1473 1.29 mycroft ieee80211_node_leave(ic, ni); 1474 1.1 dyoung } 1475 1.1 dyoung break; 1476 1.1 dyoung default: 1477 1.1 dyoung break; 1478 1.1 dyoung } 1479 1.1 dyoung break; 1480 1.1 dyoung } 1481 1.1 dyoung 1482 1.1 dyoung case IEEE80211_FC0_SUBTYPE_DISASSOC: { 1483 1.1 dyoung u_int16_t reason; 1484 1.1 dyoung /* 1485 1.1 dyoung * disassoc frame format 1486 1.1 dyoung * [2] reason 1487 1.1 dyoung */ 1488 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, 2); 1489 1.1 dyoung reason = le16toh(*(u_int16_t *)frm); 1490 1.16 dyoung ic->ic_stats.is_rx_disassoc++; 1491 1.1 dyoung switch (ic->ic_opmode) { 1492 1.1 dyoung case IEEE80211_M_STA: 1493 1.1 dyoung ieee80211_new_state(ic, IEEE80211_S_ASSOC, 1494 1.1 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 1495 1.1 dyoung break; 1496 1.1 dyoung case IEEE80211_M_HOSTAP: 1497 1.1 dyoung if (ni != ic->ic_bss) { 1498 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1499 1.25 mycroft ("station %s disassociated by " 1500 1.25 mycroft "peer (reason %d)\n", 1501 1.25 mycroft ether_sprintf(ni->ni_macaddr), reason)); 1502 1.29 mycroft ieee80211_node_leave(ic, ni); 1503 1.1 dyoung } 1504 1.1 dyoung break; 1505 1.1 dyoung default: 1506 1.1 dyoung break; 1507 1.1 dyoung } 1508 1.1 dyoung break; 1509 1.1 dyoung } 1510 1.1 dyoung default: 1511 1.25 mycroft IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, 1512 1.25 mycroft ("%s: mgmt frame with subtype 0x%x not handled\n", 1513 1.25 mycroft __func__, subtype)); 1514 1.16 dyoung ic->ic_stats.is_rx_badsubtype++; 1515 1.1 dyoung break; 1516 1.1 dyoung } 1517 1.5 dyoung } 1518 1.5 dyoung 1519 1.5 dyoung static void 1520 1.5 dyoung ieee80211_recv_pspoll(struct ieee80211com *ic, struct mbuf *m0, int rssi, 1521 1.5 dyoung u_int32_t rstamp) 1522 1.5 dyoung { 1523 1.5 dyoung struct ifnet *ifp = &ic->ic_if; 1524 1.5 dyoung struct ieee80211_frame *wh; 1525 1.5 dyoung struct ieee80211_node *ni; 1526 1.5 dyoung struct mbuf *m; 1527 1.5 dyoung u_int16_t aid; 1528 1.5 dyoung 1529 1.5 dyoung if (ic->ic_set_tim == NULL) /* No powersaving functionality */ 1530 1.5 dyoung return; 1531 1.5 dyoung 1532 1.5 dyoung wh = mtod(m0, struct ieee80211_frame *); 1533 1.5 dyoung 1534 1.5 dyoung if ((ni = ieee80211_find_node(ic, wh->i_addr2)) == NULL) { 1535 1.5 dyoung if (ifp->if_flags & IFF_DEBUG) 1536 1.5 dyoung printf("%s: station %s sent bogus power save poll\n", 1537 1.5 dyoung ifp->if_xname, ether_sprintf(wh->i_addr2)); 1538 1.5 dyoung return; 1539 1.5 dyoung } 1540 1.5 dyoung 1541 1.5 dyoung memcpy(&aid, wh->i_dur, sizeof(wh->i_dur)); 1542 1.5 dyoung if ((aid & 0xc000) != 0xc000) { 1543 1.5 dyoung if (ifp->if_flags & IFF_DEBUG) 1544 1.5 dyoung printf("%s: station %s sent bogus aid %x\n", 1545 1.5 dyoung ifp->if_xname, ether_sprintf(wh->i_addr2), aid); 1546 1.5 dyoung return; 1547 1.5 dyoung } 1548 1.5 dyoung 1549 1.5 dyoung if (aid != ni->ni_associd) { 1550 1.5 dyoung if (ifp->if_flags & IFF_DEBUG) 1551 1.5 dyoung printf("%s: station %s aid %x doesn't match pspoll " 1552 1.5 dyoung "aid %x\n", 1553 1.5 dyoung ifp->if_xname, ether_sprintf(wh->i_addr2), 1554 1.5 dyoung ni->ni_associd, aid); 1555 1.5 dyoung return; 1556 1.5 dyoung } 1557 1.5 dyoung 1558 1.5 dyoung /* Okay, take the first queued packet and put it out... */ 1559 1.5 dyoung 1560 1.5 dyoung IF_DEQUEUE(&ni->ni_savedq, m); 1561 1.5 dyoung if (m == NULL) { 1562 1.5 dyoung if (ifp->if_flags & IFF_DEBUG) 1563 1.5 dyoung printf("%s: station %s sent pspoll, " 1564 1.5 dyoung "but no packets are saved\n", 1565 1.5 dyoung ifp->if_xname, ether_sprintf(wh->i_addr2)); 1566 1.5 dyoung return; 1567 1.5 dyoung } 1568 1.5 dyoung wh = mtod(m, struct ieee80211_frame *); 1569 1.5 dyoung 1570 1.5 dyoung /* 1571 1.5 dyoung * If this is the last packet, turn off the TIM fields. 1572 1.5 dyoung * If there are more packets, set the more packets bit. 1573 1.5 dyoung */ 1574 1.5 dyoung 1575 1.5 dyoung if (IF_IS_EMPTY(&ni->ni_savedq)) { 1576 1.5 dyoung if (ic->ic_set_tim) 1577 1.5 dyoung ic->ic_set_tim(ic, ni->ni_associd, 0); 1578 1.5 dyoung } else { 1579 1.5 dyoung wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 1580 1.5 dyoung } 1581 1.5 dyoung 1582 1.5 dyoung if (ifp->if_flags & IFF_DEBUG) 1583 1.5 dyoung printf("%s: enqueued power saving packet for station %s\n", 1584 1.5 dyoung ifp->if_xname, ether_sprintf(ni->ni_macaddr)); 1585 1.5 dyoung 1586 1.5 dyoung IF_ENQUEUE(&ic->ic_pwrsaveq, m); 1587 1.5 dyoung (*ifp->if_start)(ifp); 1588 1.1 dyoung } 1589 1.31 dyoung 1590 1.31 dyoung static int 1591 1.31 dyoung do_slow_print(struct ieee80211com *ic, int *did_print) 1592 1.31 dyoung { 1593 1.31 dyoung if ((ic->ic_if.if_flags & IFF_LINK0) == 0) 1594 1.31 dyoung return 0; 1595 1.31 dyoung if (!*did_print && (ic->ic_if.if_flags & IFF_DEBUG) == 0 && 1596 1.31 dyoung !ratecheck(&ic->ic_last_merge_print, &ieee80211_merge_print_intvl)) 1597 1.31 dyoung return 0; 1598 1.31 dyoung 1599 1.31 dyoung *did_print = 1; 1600 1.31 dyoung return 1; 1601 1.31 dyoung } 1602 1.31 dyoung 1603 1.31 dyoung /* ieee80211_ibss_merge helps merge 802.11 ad hoc networks. The 1604 1.31 dyoung * convention, set by the Wireless Ethernet Compatibility Alliance 1605 1.31 dyoung * (WECA), is that an 802.11 station will change its BSSID to match 1606 1.31 dyoung * the "oldest" 802.11 ad hoc network, on the same channel, that 1607 1.31 dyoung * has the station's desired SSID. The "oldest" 802.11 network 1608 1.31 dyoung * sends beacons with the greatest TSF timestamp. 1609 1.31 dyoung * 1610 1.32 dyoung * Return ENETRESET if the BSSID changed, 0 otherwise. 1611 1.32 dyoung * 1612 1.31 dyoung * XXX Perhaps we should compensate for the time that elapses 1613 1.31 dyoung * between the MAC receiving the beacon and the host processing it 1614 1.31 dyoung * in ieee80211_ibss_merge. 1615 1.31 dyoung */ 1616 1.32 dyoung int 1617 1.32 dyoung ieee80211_ibss_merge(struct ieee80211com *ic, struct ieee80211_node *ni, 1618 1.32 dyoung uint64_t local_tsft) 1619 1.31 dyoung { 1620 1.32 dyoung uint64_t beacon_tsft; 1621 1.31 dyoung int did_print = 0, sign; 1622 1.31 dyoung union { 1623 1.32 dyoung uint64_t word; 1624 1.31 dyoung uint8_t tstamp[8]; 1625 1.31 dyoung } u; 1626 1.31 dyoung 1627 1.32 dyoung /* ensure alignment */ 1628 1.31 dyoung (void)memcpy(&u, &ni->ni_tstamp[0], sizeof(u)); 1629 1.32 dyoung beacon_tsft = le64toh(u.word); 1630 1.31 dyoung 1631 1.31 dyoung /* we are faster, let the other guy catch up */ 1632 1.32 dyoung if (beacon_tsft < local_tsft) 1633 1.31 dyoung sign = -1; 1634 1.31 dyoung else 1635 1.31 dyoung sign = 1; 1636 1.31 dyoung 1637 1.31 dyoung if (memcmp(ni->ni_bssid, ic->ic_bss->ni_bssid, 1638 1.31 dyoung IEEE80211_ADDR_LEN) == 0) { 1639 1.31 dyoung if (!do_slow_print(ic, &did_print)) 1640 1.32 dyoung return 0; 1641 1.31 dyoung printf("%s: tsft offset %s%" PRIu64 "\n", ic->ic_if.if_xname, 1642 1.31 dyoung (sign < 0) ? "-" : "", 1643 1.31 dyoung (sign < 0) 1644 1.32 dyoung ? (local_tsft - beacon_tsft) 1645 1.32 dyoung : (beacon_tsft - local_tsft)); 1646 1.32 dyoung return 0; 1647 1.31 dyoung } 1648 1.31 dyoung 1649 1.31 dyoung if (sign < 0) 1650 1.32 dyoung return 0; 1651 1.31 dyoung 1652 1.31 dyoung if (ieee80211_match_bss(ic, ni) != 0) 1653 1.32 dyoung return 0; 1654 1.31 dyoung 1655 1.31 dyoung if (do_slow_print(ic, &did_print)) { 1656 1.31 dyoung printf("%s: atw_recv_beacon: bssid mismatch %s\n", 1657 1.31 dyoung ic->ic_if.if_xname, ether_sprintf(ni->ni_bssid)); 1658 1.31 dyoung printf("%s: my tsft %" PRIu64 " beacon tsft %" PRIu64 "\n", 1659 1.32 dyoung ic->ic_if.if_xname, local_tsft, beacon_tsft); 1660 1.31 dyoung printf("%s: sync TSF with %s\n", 1661 1.32 dyoung ic->ic_if.if_xname, ether_sprintf(ni->ni_macaddr)); 1662 1.31 dyoung } 1663 1.31 dyoung 1664 1.31 dyoung ic->ic_flags &= ~IEEE80211_F_SIBSS; 1665 1.31 dyoung 1666 1.31 dyoung /* negotiate rates with new IBSS */ 1667 1.31 dyoung ieee80211_fix_rate(ic, ni, IEEE80211_F_DOFRATE | 1668 1.31 dyoung IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1669 1.31 dyoung if (ni->ni_rates.rs_nrates == 0) { 1670 1.31 dyoung if (do_slow_print(ic, &did_print)) { 1671 1.31 dyoung printf("%s: rates mismatch, BSSID %s\n", 1672 1.31 dyoung ic->ic_if.if_xname, ether_sprintf(ni->ni_bssid)); 1673 1.31 dyoung } 1674 1.32 dyoung return 0; 1675 1.31 dyoung } 1676 1.31 dyoung 1677 1.31 dyoung if (do_slow_print(ic, &did_print)) { 1678 1.31 dyoung printf("%s: sync BSSID %s -> ", 1679 1.31 dyoung ic->ic_if.if_xname, ether_sprintf(ic->ic_bss->ni_bssid)); 1680 1.31 dyoung printf("%s ", ether_sprintf(ni->ni_bssid)); 1681 1.32 dyoung printf("(from %s)\n", ether_sprintf(ni->ni_macaddr)); 1682 1.31 dyoung } 1683 1.31 dyoung 1684 1.31 dyoung (*ic->ic_node_copy)(ic, ic->ic_bss, ni); 1685 1.31 dyoung 1686 1.32 dyoung return ENETRESET; 1687 1.31 dyoung } 1688 1.1 dyoung #undef IEEE80211_VERIFY_LENGTH 1689 1.1 dyoung #undef IEEE80211_VERIFY_ELEMENT 1690
Indexes created Sun Sep 21 20:09:37 GMT 2025