ieee80211_input.c revision 1.4
1 1.4 dyoung /* $NetBSD: ieee80211_input.c,v 1.4 2003/09/28 02:35:20 dyoung Exp $ */ 2 1.1 dyoung /*- 3 1.1 dyoung * Copyright (c) 2001 Atsushi Onoe 4 1.1 dyoung * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 5 1.1 dyoung * All rights reserved. 6 1.1 dyoung * 7 1.1 dyoung * Redistribution and use in source and binary forms, with or without 8 1.1 dyoung * modification, are permitted provided that the following conditions 9 1.1 dyoung * are met: 10 1.1 dyoung * 1. Redistributions of source code must retain the above copyright 11 1.1 dyoung * notice, this list of conditions and the following disclaimer. 12 1.1 dyoung * 2. Redistributions in binary form must reproduce the above copyright 13 1.1 dyoung * notice, this list of conditions and the following disclaimer in the 14 1.1 dyoung * documentation and/or other materials provided with the distribution. 15 1.1 dyoung * 3. The name of the author may not be used to endorse or promote products 16 1.1 dyoung * derived from this software without specific prior written permission. 17 1.1 dyoung * 18 1.1 dyoung * Alternatively, this software may be distributed under the terms of the 19 1.1 dyoung * GNU General Public License ("GPL") version 2 as published by the Free 20 1.1 dyoung * Software Foundation. 21 1.1 dyoung * 22 1.1 dyoung * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 1.1 dyoung * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 1.1 dyoung * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 1.1 dyoung * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 1.1 dyoung * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 1.1 dyoung * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 1.1 dyoung * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 1.1 dyoung * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 1.1 dyoung * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 1.1 dyoung * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 1.1 dyoung */ 33 1.1 dyoung 34 1.1 dyoung #include <sys/cdefs.h> 35 1.3 dyoung #ifdef __FreeBSD__ 36 1.1 dyoung __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_input.c,v 1.8 2003/08/19 22:17:03 sam Exp $"); 37 1.3 dyoung #else 38 1.4 dyoung __KERNEL_RCSID(0, "$NetBSD: ieee80211_input.c,v 1.4 2003/09/28 02:35:20 dyoung Exp $"); 39 1.3 dyoung #endif 40 1.1 dyoung 41 1.1 dyoung #include "opt_inet.h" 42 1.1 dyoung 43 1.1 dyoung #include <sys/param.h> 44 1.1 dyoung #include <sys/systm.h> 45 1.1 dyoung #include <sys/mbuf.h> 46 1.1 dyoung #include <sys/malloc.h> 47 1.1 dyoung #include <sys/kernel.h> 48 1.1 dyoung #include <sys/socket.h> 49 1.1 dyoung #include <sys/sockio.h> 50 1.1 dyoung #include <sys/endian.h> 51 1.1 dyoung #include <sys/errno.h> 52 1.4 dyoung #ifdef __FreeBSD__ 53 1.1 dyoung #include <sys/bus.h> 54 1.4 dyoung #endif 55 1.1 dyoung #include <sys/proc.h> 56 1.1 dyoung #include <sys/sysctl.h> 57 1.1 dyoung 58 1.2 dyoung #ifdef __FreeBSD__ 59 1.1 dyoung #include <machine/atomic.h> 60 1.2 dyoung #endif 61 1.1 dyoung 62 1.1 dyoung #include <net/if.h> 63 1.1 dyoung #include <net/if_dl.h> 64 1.1 dyoung #include <net/if_media.h> 65 1.1 dyoung #include <net/if_arp.h> 66 1.2 dyoung #ifdef __FreeBSD__ 67 1.1 dyoung #include <net/ethernet.h> 68 1.4 dyoung #else 69 1.4 dyoung #include <net/if_ether.h> 70 1.2 dyoung #endif 71 1.1 dyoung #include <net/if_llc.h> 72 1.1 dyoung 73 1.1 dyoung #include <net80211/ieee80211_var.h> 74 1.4 dyoung #include <net80211/ieee80211_compat.h> 75 1.1 dyoung 76 1.1 dyoung #include <net/bpf.h> 77 1.1 dyoung 78 1.1 dyoung #ifdef INET 79 1.1 dyoung #include <netinet/in.h> 80 1.4 dyoung #ifdef __FreeBSD__ 81 1.1 dyoung #include <netinet/if_ether.h> 82 1.4 dyoung #else 83 1.4 dyoung #include <net/if_ether.h> 84 1.4 dyoung #endif 85 1.1 dyoung #endif 86 1.1 dyoung 87 1.1 dyoung /* 88 1.1 dyoung * Process a received frame. The node associated with the sender 89 1.1 dyoung * should be supplied. If nothing was found in the node table then 90 1.1 dyoung * the caller is assumed to supply a reference to ic_bss instead. 91 1.1 dyoung * The RSSI and a timestamp are also supplied. The RSSI data is used 92 1.1 dyoung * during AP scanning to select a AP to associate with; it can have 93 1.1 dyoung * any units so long as values have consistent units and higher values 94 1.1 dyoung * mean ``better signal''. The receive timestamp is currently not used 95 1.1 dyoung * by the 802.11 layer. 96 1.1 dyoung */ 97 1.1 dyoung void 98 1.1 dyoung ieee80211_input(struct ifnet *ifp, struct mbuf *m, struct ieee80211_node *ni, 99 1.1 dyoung int rssi, u_int32_t rstamp) 100 1.1 dyoung { 101 1.1 dyoung struct ieee80211com *ic = (void *)ifp; 102 1.1 dyoung struct ieee80211_frame *wh; 103 1.1 dyoung struct ether_header *eh; 104 1.1 dyoung struct mbuf *m1; 105 1.1 dyoung int len; 106 1.1 dyoung u_int8_t dir, subtype; 107 1.1 dyoung u_int8_t *bssid; 108 1.1 dyoung u_int16_t rxseq; 109 1.1 dyoung 110 1.1 dyoung KASSERT(ni != NULL, ("null node")); 111 1.1 dyoung 112 1.1 dyoung /* trim CRC here for WEP can find its own CRC at the end of packet. */ 113 1.1 dyoung if (m->m_flags & M_HASFCS) { 114 1.1 dyoung m_adj(m, -IEEE80211_CRC_LEN); 115 1.1 dyoung m->m_flags &= ~M_HASFCS; 116 1.1 dyoung } 117 1.1 dyoung 118 1.1 dyoung wh = mtod(m, struct ieee80211_frame *); 119 1.1 dyoung if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != 120 1.1 dyoung IEEE80211_FC0_VERSION_0) { 121 1.1 dyoung if (ifp->if_flags & IFF_DEBUG) 122 1.1 dyoung if_printf(ifp, "receive packet with wrong version: %x\n", 123 1.1 dyoung wh->i_fc[0]); 124 1.1 dyoung ieee80211_unref_node(&ni); 125 1.1 dyoung goto err; 126 1.1 dyoung } 127 1.1 dyoung 128 1.1 dyoung dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK; 129 1.1 dyoung 130 1.1 dyoung if (ic->ic_state != IEEE80211_S_SCAN) { 131 1.1 dyoung switch (ic->ic_opmode) { 132 1.1 dyoung case IEEE80211_M_STA: 133 1.1 dyoung if (!IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_bssid)) { 134 1.1 dyoung IEEE80211_DPRINTF2(("%s: discard frame from " 135 1.1 dyoung "bss %s\n", __func__, 136 1.1 dyoung ether_sprintf(wh->i_addr2))); 137 1.1 dyoung /* not interested in */ 138 1.1 dyoung goto out; 139 1.1 dyoung } 140 1.1 dyoung break; 141 1.1 dyoung case IEEE80211_M_IBSS: 142 1.1 dyoung case IEEE80211_M_AHDEMO: 143 1.1 dyoung case IEEE80211_M_HOSTAP: 144 1.1 dyoung if (dir == IEEE80211_FC1_DIR_NODS) 145 1.1 dyoung bssid = wh->i_addr3; 146 1.1 dyoung else 147 1.1 dyoung bssid = wh->i_addr1; 148 1.1 dyoung if (!IEEE80211_ADDR_EQ(bssid, ic->ic_bss->ni_bssid) && 149 1.1 dyoung !IEEE80211_ADDR_EQ(bssid, ifp->if_broadcastaddr)) { 150 1.1 dyoung /* not interested in */ 151 1.1 dyoung IEEE80211_DPRINTF2(("%s: other bss %s\n", 152 1.1 dyoung __func__, ether_sprintf(wh->i_addr3))); 153 1.1 dyoung goto out; 154 1.1 dyoung } 155 1.1 dyoung break; 156 1.1 dyoung case IEEE80211_M_MONITOR: 157 1.1 dyoung /* NB: this should collect everything */ 158 1.1 dyoung goto out; 159 1.1 dyoung default: 160 1.1 dyoung /* XXX catch bad values */ 161 1.1 dyoung break; 162 1.1 dyoung } 163 1.1 dyoung ni->ni_rssi = rssi; 164 1.1 dyoung ni->ni_rstamp = rstamp; 165 1.1 dyoung rxseq = ni->ni_rxseq; 166 1.1 dyoung ni->ni_rxseq = 167 1.1 dyoung le16toh(*(u_int16_t *)wh->i_seq) >> IEEE80211_SEQ_SEQ_SHIFT; 168 1.1 dyoung /* TODO: fragment */ 169 1.1 dyoung if ((wh->i_fc[1] & IEEE80211_FC1_RETRY) && 170 1.1 dyoung rxseq == ni->ni_rxseq) { 171 1.1 dyoung /* duplicate, silently discarded */ 172 1.1 dyoung goto out; 173 1.1 dyoung } 174 1.1 dyoung ni->ni_inact = 0; 175 1.1 dyoung } 176 1.1 dyoung 177 1.1 dyoung switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 178 1.1 dyoung case IEEE80211_FC0_TYPE_DATA: 179 1.1 dyoung switch (ic->ic_opmode) { 180 1.1 dyoung case IEEE80211_M_STA: 181 1.1 dyoung if (dir != IEEE80211_FC1_DIR_FROMDS) 182 1.1 dyoung goto out; 183 1.1 dyoung if ((ifp->if_flags & IFF_SIMPLEX) && 184 1.1 dyoung IEEE80211_IS_MULTICAST(wh->i_addr1) && 185 1.1 dyoung IEEE80211_ADDR_EQ(wh->i_addr3, ic->ic_myaddr)) { 186 1.1 dyoung /* 187 1.1 dyoung * In IEEE802.11 network, multicast packet 188 1.1 dyoung * sent from me is broadcasted from AP. 189 1.1 dyoung * It should be silently discarded for 190 1.1 dyoung * SIMPLEX interface. 191 1.1 dyoung */ 192 1.1 dyoung goto out; 193 1.1 dyoung } 194 1.1 dyoung break; 195 1.1 dyoung case IEEE80211_M_IBSS: 196 1.1 dyoung case IEEE80211_M_AHDEMO: 197 1.1 dyoung if (dir != IEEE80211_FC1_DIR_NODS) 198 1.1 dyoung goto out; 199 1.1 dyoung break; 200 1.1 dyoung case IEEE80211_M_HOSTAP: 201 1.1 dyoung if (dir != IEEE80211_FC1_DIR_TODS) 202 1.1 dyoung goto out; 203 1.1 dyoung /* check if source STA is associated */ 204 1.1 dyoung if (ni == ic->ic_bss) { 205 1.1 dyoung IEEE80211_DPRINTF(("%s: data from unknown src " 206 1.1 dyoung "%s\n", __func__, 207 1.1 dyoung ether_sprintf(wh->i_addr2))); 208 1.1 dyoung /* NB: caller deals with reference */ 209 1.1 dyoung ni = ieee80211_dup_bss(ic, wh->i_addr2); 210 1.1 dyoung if (ni != NULL) { 211 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, 212 1.1 dyoung IEEE80211_FC0_SUBTYPE_DEAUTH, 213 1.1 dyoung IEEE80211_REASON_NOT_AUTHED); 214 1.1 dyoung ieee80211_free_node(ic, ni); 215 1.1 dyoung } 216 1.1 dyoung goto err; 217 1.1 dyoung } 218 1.1 dyoung if (ni->ni_associd == 0) { 219 1.1 dyoung IEEE80211_DPRINTF(("ieee80211_input: " 220 1.1 dyoung "data from unassoc src %s\n", 221 1.1 dyoung ether_sprintf(wh->i_addr2))); 222 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, 223 1.1 dyoung IEEE80211_FC0_SUBTYPE_DISASSOC, 224 1.1 dyoung IEEE80211_REASON_NOT_ASSOCED); 225 1.1 dyoung ieee80211_unref_node(&ni); 226 1.1 dyoung goto err; 227 1.1 dyoung } 228 1.1 dyoung break; 229 1.1 dyoung case IEEE80211_M_MONITOR: 230 1.1 dyoung break; 231 1.1 dyoung } 232 1.1 dyoung if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 233 1.1 dyoung if (ic->ic_flags & IEEE80211_F_WEPON) { 234 1.1 dyoung m = ieee80211_wep_crypt(ifp, m, 0); 235 1.1 dyoung if (m == NULL) 236 1.1 dyoung goto err; 237 1.1 dyoung wh = mtod(m, struct ieee80211_frame *); 238 1.1 dyoung } else 239 1.1 dyoung goto out; 240 1.1 dyoung } 241 1.1 dyoung /* copy to listener after decrypt */ 242 1.1 dyoung if (ic->ic_rawbpf) 243 1.1 dyoung bpf_mtap(ic->ic_rawbpf, m); 244 1.1 dyoung m = ieee80211_decap(ifp, m); 245 1.1 dyoung if (m == NULL) 246 1.1 dyoung goto err; 247 1.1 dyoung ifp->if_ipackets++; 248 1.1 dyoung 249 1.1 dyoung /* perform as a bridge within the AP */ 250 1.1 dyoung m1 = NULL; 251 1.1 dyoung if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 252 1.1 dyoung eh = mtod(m, struct ether_header *); 253 1.1 dyoung if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 254 1.1 dyoung m1 = m_copypacket(m, M_DONTWAIT); 255 1.1 dyoung if (m1 == NULL) 256 1.1 dyoung ifp->if_oerrors++; 257 1.1 dyoung else 258 1.1 dyoung m1->m_flags |= M_MCAST; 259 1.1 dyoung } else { 260 1.1 dyoung ni = ieee80211_find_node(ic, eh->ether_dhost); 261 1.1 dyoung if (ni != NULL) { 262 1.1 dyoung if (ni->ni_associd != 0) { 263 1.1 dyoung m1 = m; 264 1.1 dyoung m = NULL; 265 1.1 dyoung } 266 1.1 dyoung ieee80211_unref_node(&ni); 267 1.1 dyoung } 268 1.1 dyoung } 269 1.1 dyoung if (m1 != NULL) { 270 1.1 dyoung #ifdef ALTQ 271 1.1 dyoung if (ALTQ_IS_ENABLED(&ifp->if_snd)) 272 1.1 dyoung altq_etherclassify(&ifp->if_snd, m1, 273 1.1 dyoung &pktattr); 274 1.1 dyoung #endif 275 1.1 dyoung len = m1->m_pkthdr.len; 276 1.1 dyoung IF_ENQUEUE(&ifp->if_snd, m1); 277 1.1 dyoung if (m != NULL) 278 1.1 dyoung ifp->if_omcasts++; 279 1.1 dyoung ifp->if_obytes += len; 280 1.1 dyoung } 281 1.1 dyoung } 282 1.1 dyoung if (m != NULL) 283 1.1 dyoung (*ifp->if_input)(ifp, m); 284 1.1 dyoung return; 285 1.1 dyoung 286 1.1 dyoung case IEEE80211_FC0_TYPE_MGT: 287 1.1 dyoung if (dir != IEEE80211_FC1_DIR_NODS) 288 1.1 dyoung goto err; 289 1.1 dyoung if (ic->ic_opmode == IEEE80211_M_AHDEMO) 290 1.1 dyoung goto out; 291 1.1 dyoung subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 292 1.1 dyoung 293 1.1 dyoung /* drop frames without interest */ 294 1.1 dyoung if (ic->ic_state == IEEE80211_S_SCAN) { 295 1.1 dyoung if (subtype != IEEE80211_FC0_SUBTYPE_BEACON && 296 1.1 dyoung subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP) 297 1.1 dyoung goto out; 298 1.1 dyoung } else { 299 1.1 dyoung if (ic->ic_opmode != IEEE80211_M_IBSS && 300 1.1 dyoung subtype == IEEE80211_FC0_SUBTYPE_BEACON) 301 1.1 dyoung goto out; 302 1.1 dyoung } 303 1.1 dyoung 304 1.1 dyoung if (ifp->if_flags & IFF_DEBUG) { 305 1.1 dyoung /* avoid to print too many frames */ 306 1.1 dyoung int doprint = 0; 307 1.1 dyoung 308 1.1 dyoung switch (subtype) { 309 1.1 dyoung case IEEE80211_FC0_SUBTYPE_BEACON: 310 1.1 dyoung if (ic->ic_state == IEEE80211_S_SCAN) 311 1.1 dyoung doprint = 1; 312 1.1 dyoung break; 313 1.1 dyoung case IEEE80211_FC0_SUBTYPE_PROBE_REQ: 314 1.1 dyoung if (ic->ic_opmode == IEEE80211_M_IBSS) 315 1.1 dyoung doprint = 1; 316 1.1 dyoung break; 317 1.1 dyoung default: 318 1.1 dyoung doprint = 1; 319 1.1 dyoung break; 320 1.1 dyoung } 321 1.1 dyoung #ifdef IEEE80211_DEBUG 322 1.1 dyoung doprint += ieee80211_debug; 323 1.1 dyoung #endif 324 1.1 dyoung if (doprint) 325 1.1 dyoung if_printf(ifp, "received %s from %s rssi %d\n", 326 1.1 dyoung ieee80211_mgt_subtype_name[subtype 327 1.1 dyoung >> IEEE80211_FC0_SUBTYPE_SHIFT], 328 1.1 dyoung ether_sprintf(wh->i_addr2), rssi); 329 1.1 dyoung } 330 1.1 dyoung if (ic->ic_rawbpf) 331 1.1 dyoung bpf_mtap(ic->ic_rawbpf, m); 332 1.1 dyoung (*ic->ic_recv_mgmt)(ic, m, ni, subtype, rssi, rstamp); 333 1.1 dyoung m_freem(m); 334 1.1 dyoung return; 335 1.1 dyoung 336 1.1 dyoung case IEEE80211_FC0_TYPE_CTL: 337 1.1 dyoung default: 338 1.1 dyoung IEEE80211_DPRINTF(("%s: bad type %x\n", __func__, wh->i_fc[0])); 339 1.1 dyoung /* should not come here */ 340 1.1 dyoung break; 341 1.1 dyoung } 342 1.1 dyoung err: 343 1.1 dyoung ifp->if_ierrors++; 344 1.1 dyoung out: 345 1.1 dyoung if (m != NULL) { 346 1.1 dyoung if (ic->ic_rawbpf) 347 1.1 dyoung bpf_mtap(ic->ic_rawbpf, m); 348 1.1 dyoung m_freem(m); 349 1.1 dyoung } 350 1.1 dyoung } 351 1.1 dyoung 352 1.1 dyoung struct mbuf * 353 1.1 dyoung ieee80211_decap(struct ifnet *ifp, struct mbuf *m) 354 1.1 dyoung { 355 1.1 dyoung struct ether_header *eh; 356 1.1 dyoung struct ieee80211_frame wh; 357 1.1 dyoung struct llc *llc; 358 1.1 dyoung 359 1.1 dyoung if (m->m_len < sizeof(wh) + sizeof(*llc)) { 360 1.1 dyoung m = m_pullup(m, sizeof(wh) + sizeof(*llc)); 361 1.1 dyoung if (m == NULL) 362 1.1 dyoung return NULL; 363 1.1 dyoung } 364 1.1 dyoung memcpy(&wh, mtod(m, caddr_t), sizeof(wh)); 365 1.1 dyoung llc = (struct llc *)(mtod(m, caddr_t) + sizeof(wh)); 366 1.1 dyoung if (llc->llc_dsap == LLC_SNAP_LSAP && llc->llc_ssap == LLC_SNAP_LSAP && 367 1.1 dyoung llc->llc_control == LLC_UI && llc->llc_snap.org_code[0] == 0 && 368 1.1 dyoung llc->llc_snap.org_code[1] == 0 && llc->llc_snap.org_code[2] == 0) { 369 1.1 dyoung m_adj(m, sizeof(wh) + sizeof(struct llc) - sizeof(*eh)); 370 1.1 dyoung llc = NULL; 371 1.1 dyoung } else { 372 1.1 dyoung m_adj(m, sizeof(wh) - sizeof(*eh)); 373 1.1 dyoung } 374 1.1 dyoung eh = mtod(m, struct ether_header *); 375 1.1 dyoung switch (wh.i_fc[1] & IEEE80211_FC1_DIR_MASK) { 376 1.1 dyoung case IEEE80211_FC1_DIR_NODS: 377 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr1); 378 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr2); 379 1.1 dyoung break; 380 1.1 dyoung case IEEE80211_FC1_DIR_TODS: 381 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr3); 382 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr2); 383 1.1 dyoung break; 384 1.1 dyoung case IEEE80211_FC1_DIR_FROMDS: 385 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr1); 386 1.1 dyoung IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr3); 387 1.1 dyoung break; 388 1.1 dyoung case IEEE80211_FC1_DIR_DSTODS: 389 1.1 dyoung /* not yet supported */ 390 1.1 dyoung IEEE80211_DPRINTF(("%s: DS to DS\n", __func__)); 391 1.1 dyoung m_freem(m); 392 1.1 dyoung return NULL; 393 1.1 dyoung } 394 1.1 dyoung #ifdef ALIGNED_POINTER 395 1.1 dyoung if (!ALIGNED_POINTER(mtod(m, caddr_t) + sizeof(*eh), u_int32_t)) { 396 1.1 dyoung struct mbuf *n, *n0, **np; 397 1.1 dyoung caddr_t newdata; 398 1.1 dyoung int off, pktlen; 399 1.1 dyoung 400 1.1 dyoung n0 = NULL; 401 1.1 dyoung np = &n0; 402 1.1 dyoung off = 0; 403 1.1 dyoung pktlen = m->m_pkthdr.len; 404 1.1 dyoung while (pktlen > off) { 405 1.1 dyoung if (n0 == NULL) { 406 1.1 dyoung MGETHDR(n, M_DONTWAIT, MT_DATA); 407 1.1 dyoung if (n == NULL) { 408 1.1 dyoung m_freem(m); 409 1.1 dyoung return NULL; 410 1.1 dyoung } 411 1.4 dyoung #ifdef __FreeBSD__ 412 1.1 dyoung M_MOVE_PKTHDR(n, m); 413 1.4 dyoung #else 414 1.4 dyoung M_COPY_PKTHDR(n, m); 415 1.4 dyoung #endif 416 1.1 dyoung n->m_len = MHLEN; 417 1.1 dyoung } else { 418 1.1 dyoung MGET(n, M_DONTWAIT, MT_DATA); 419 1.1 dyoung if (n == NULL) { 420 1.1 dyoung m_freem(m); 421 1.1 dyoung m_freem(n0); 422 1.1 dyoung return NULL; 423 1.1 dyoung } 424 1.1 dyoung n->m_len = MLEN; 425 1.1 dyoung } 426 1.1 dyoung if (pktlen - off >= MINCLSIZE) { 427 1.1 dyoung MCLGET(n, M_DONTWAIT); 428 1.1 dyoung if (n->m_flags & M_EXT) 429 1.1 dyoung n->m_len = n->m_ext.ext_size; 430 1.1 dyoung } 431 1.1 dyoung if (n0 == NULL) { 432 1.1 dyoung newdata = 433 1.1 dyoung (caddr_t)ALIGN(n->m_data + sizeof(*eh)) - 434 1.1 dyoung sizeof(*eh); 435 1.1 dyoung n->m_len -= newdata - n->m_data; 436 1.1 dyoung n->m_data = newdata; 437 1.1 dyoung } 438 1.1 dyoung if (n->m_len > pktlen - off) 439 1.1 dyoung n->m_len = pktlen - off; 440 1.1 dyoung m_copydata(m, off, n->m_len, mtod(n, caddr_t)); 441 1.1 dyoung off += n->m_len; 442 1.1 dyoung *np = n; 443 1.1 dyoung np = &n->m_next; 444 1.1 dyoung } 445 1.1 dyoung m_freem(m); 446 1.1 dyoung m = n0; 447 1.1 dyoung } 448 1.1 dyoung #endif /* ALIGNED_POINTER */ 449 1.1 dyoung if (llc != NULL) { 450 1.1 dyoung eh = mtod(m, struct ether_header *); 451 1.1 dyoung eh->ether_type = htons(m->m_pkthdr.len - sizeof(*eh)); 452 1.1 dyoung } 453 1.1 dyoung return m; 454 1.1 dyoung } 455 1.1 dyoung 456 1.1 dyoung /* 457 1.1 dyoung * Install received rate set information in the node's state block. 458 1.1 dyoung */ 459 1.1 dyoung static int 460 1.1 dyoung ieee80211_setup_rates(struct ieee80211com *ic, struct ieee80211_node *ni, 461 1.1 dyoung u_int8_t *rates, u_int8_t *xrates, int flags) 462 1.1 dyoung { 463 1.1 dyoung struct ieee80211_rateset *rs = &ni->ni_rates; 464 1.1 dyoung 465 1.1 dyoung memset(rs, 0, sizeof(*rs)); 466 1.1 dyoung rs->rs_nrates = rates[1]; 467 1.1 dyoung memcpy(rs->rs_rates, rates + 2, rs->rs_nrates); 468 1.1 dyoung if (xrates != NULL) { 469 1.1 dyoung u_int8_t nxrates; 470 1.1 dyoung /* 471 1.1 dyoung * Tack on 11g extended supported rate element. 472 1.1 dyoung */ 473 1.1 dyoung nxrates = xrates[1]; 474 1.1 dyoung if (rs->rs_nrates + nxrates > IEEE80211_RATE_MAXSIZE) { 475 1.1 dyoung nxrates = IEEE80211_RATE_MAXSIZE - rs->rs_nrates; 476 1.1 dyoung IEEE80211_DPRINTF(("%s: extended rate set too large;" 477 1.1 dyoung " only using %u of %u rates\n", 478 1.1 dyoung __func__, nxrates, xrates[1])); 479 1.1 dyoung } 480 1.1 dyoung memcpy(rs->rs_rates + rs->rs_nrates, xrates+2, nxrates); 481 1.1 dyoung rs->rs_nrates += nxrates; 482 1.1 dyoung } 483 1.1 dyoung return ieee80211_fix_rate(ic, ni, flags); 484 1.1 dyoung } 485 1.1 dyoung 486 1.1 dyoung /* XXX statistics */ 487 1.1 dyoung /* Verify the existence and length of __elem or get out. */ 488 1.1 dyoung #define IEEE80211_VERIFY_ELEMENT(__elem, __maxlen) do { \ 489 1.1 dyoung if ((__elem) == NULL) { \ 490 1.1 dyoung IEEE80211_DPRINTF(("%s: no " #__elem "in %s frame\n", \ 491 1.1 dyoung __func__, ieee80211_mgt_subtype_name[subtype >> \ 492 1.1 dyoung IEEE80211_FC0_SUBTYPE_SHIFT])); \ 493 1.1 dyoung return; \ 494 1.1 dyoung } \ 495 1.1 dyoung if ((__elem)[1] > (__maxlen)) { \ 496 1.1 dyoung IEEE80211_DPRINTF(("%s: bad " #__elem " len %d in %s " \ 497 1.1 dyoung "frame from %s\n", __func__, (__elem)[1], \ 498 1.1 dyoung ieee80211_mgt_subtype_name[subtype >> \ 499 1.1 dyoung IEEE80211_FC0_SUBTYPE_SHIFT], \ 500 1.1 dyoung ether_sprintf(wh->i_addr2))); \ 501 1.1 dyoung return; \ 502 1.1 dyoung } \ 503 1.1 dyoung } while (0) 504 1.1 dyoung 505 1.1 dyoung #define IEEE80211_VERIFY_LENGTH(_len, _minlen) do { \ 506 1.1 dyoung if ((_len) < (_minlen)) { \ 507 1.1 dyoung IEEE80211_DPRINTF(("%s: %s frame too short from %s\n", \ 508 1.1 dyoung __func__, \ 509 1.1 dyoung ieee80211_mgt_subtype_name[subtype >> \ 510 1.1 dyoung IEEE80211_FC0_SUBTYPE_SHIFT], \ 511 1.1 dyoung ether_sprintf(wh->i_addr2))); \ 512 1.1 dyoung return; \ 513 1.1 dyoung } \ 514 1.1 dyoung } while (0) 515 1.1 dyoung 516 1.1 dyoung void 517 1.1 dyoung ieee80211_recv_mgmt(struct ieee80211com *ic, struct mbuf *m0, 518 1.1 dyoung struct ieee80211_node *ni, 519 1.1 dyoung int subtype, int rssi, u_int32_t rstamp) 520 1.1 dyoung { 521 1.1 dyoung #define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 522 1.1 dyoung struct ifnet *ifp = &ic->ic_if; 523 1.1 dyoung struct ieee80211_frame *wh; 524 1.1 dyoung u_int8_t *frm, *efrm; 525 1.1 dyoung u_int8_t *ssid, *rates, *xrates; 526 1.1 dyoung int reassoc, resp, newassoc, allocbs; 527 1.1 dyoung 528 1.1 dyoung wh = mtod(m0, struct ieee80211_frame *); 529 1.1 dyoung frm = (u_int8_t *)&wh[1]; 530 1.1 dyoung efrm = mtod(m0, u_int8_t *) + m0->m_len; 531 1.1 dyoung switch (subtype) { 532 1.1 dyoung case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 533 1.1 dyoung case IEEE80211_FC0_SUBTYPE_BEACON: { 534 1.1 dyoung u_int8_t *tstamp, *bintval, *capinfo, *country; 535 1.1 dyoung u_int8_t chan, bchan, fhindex, erp; 536 1.1 dyoung u_int16_t fhdwell; 537 1.1 dyoung 538 1.1 dyoung if (ic->ic_opmode != IEEE80211_M_IBSS && 539 1.1 dyoung ic->ic_state != IEEE80211_S_SCAN) { 540 1.1 dyoung /* XXX: may be useful for background scan */ 541 1.1 dyoung return; 542 1.1 dyoung } 543 1.1 dyoung 544 1.1 dyoung /* 545 1.1 dyoung * beacon/probe response frame format 546 1.1 dyoung * [8] time stamp 547 1.1 dyoung * [2] beacon interval 548 1.1 dyoung * [2] capability information 549 1.1 dyoung * [tlv] ssid 550 1.1 dyoung * [tlv] supported rates 551 1.1 dyoung * [tlv] country information 552 1.1 dyoung * [tlv] parameter set (FH/DS) 553 1.1 dyoung * [tlv] erp information 554 1.1 dyoung * [tlv] extended supported rates 555 1.1 dyoung */ 556 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, 12); 557 1.1 dyoung tstamp = frm; frm += 8; 558 1.1 dyoung bintval = frm; frm += 2; 559 1.1 dyoung capinfo = frm; frm += 2; 560 1.1 dyoung ssid = rates = xrates = country = NULL; 561 1.1 dyoung bchan = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 562 1.1 dyoung chan = bchan; 563 1.1 dyoung fhdwell = 0; 564 1.1 dyoung fhindex = 0; 565 1.1 dyoung erp = 0; 566 1.1 dyoung while (frm < efrm) { 567 1.1 dyoung switch (*frm) { 568 1.1 dyoung case IEEE80211_ELEMID_SSID: 569 1.1 dyoung ssid = frm; 570 1.1 dyoung break; 571 1.1 dyoung case IEEE80211_ELEMID_RATES: 572 1.1 dyoung rates = frm; 573 1.1 dyoung break; 574 1.1 dyoung case IEEE80211_ELEMID_COUNTRY: 575 1.1 dyoung country = frm; 576 1.1 dyoung break; 577 1.1 dyoung case IEEE80211_ELEMID_FHPARMS: 578 1.1 dyoung if (ic->ic_phytype == IEEE80211_T_FH) { 579 1.1 dyoung fhdwell = (frm[3] << 8) | frm[2]; 580 1.1 dyoung chan = IEEE80211_FH_CHAN(frm[4], frm[5]); 581 1.1 dyoung fhindex = frm[6]; 582 1.1 dyoung } 583 1.1 dyoung break; 584 1.1 dyoung case IEEE80211_ELEMID_DSPARMS: 585 1.1 dyoung /* 586 1.1 dyoung * XXX hack this since depending on phytype 587 1.1 dyoung * is problematic for multi-mode devices. 588 1.1 dyoung */ 589 1.1 dyoung if (ic->ic_phytype != IEEE80211_T_FH) 590 1.1 dyoung chan = frm[2]; 591 1.1 dyoung break; 592 1.1 dyoung case IEEE80211_ELEMID_TIM: 593 1.1 dyoung break; 594 1.1 dyoung case IEEE80211_ELEMID_XRATES: 595 1.1 dyoung xrates = frm; 596 1.1 dyoung break; 597 1.1 dyoung case IEEE80211_ELEMID_ERP: 598 1.1 dyoung if (frm[1] != 1) { 599 1.1 dyoung IEEE80211_DPRINTF(("%s: invalid ERP " 600 1.1 dyoung "element; length %u, expecting " 601 1.1 dyoung "1\n", __func__, frm[1])); 602 1.1 dyoung break; 603 1.1 dyoung } 604 1.1 dyoung erp = frm[2]; 605 1.1 dyoung break; 606 1.1 dyoung default: 607 1.1 dyoung IEEE80211_DPRINTF(("%s: element id %u/len %u " 608 1.1 dyoung "ignored\n", __func__, *frm, frm[1])); 609 1.1 dyoung break; 610 1.1 dyoung } 611 1.1 dyoung frm += frm[1] + 2; 612 1.1 dyoung } 613 1.1 dyoung IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); 614 1.1 dyoung IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN); 615 1.1 dyoung if ( 616 1.1 dyoung #if IEEE80211_CHAN_MAX < 255 617 1.1 dyoung chan > IEEE80211_CHAN_MAX || 618 1.1 dyoung #endif 619 1.1 dyoung isclr(ic->ic_chan_active, chan)) { 620 1.1 dyoung IEEE80211_DPRINTF(("%s: ignore %s with invalid channel " 621 1.1 dyoung "%u\n", __func__, 622 1.1 dyoung ISPROBE(subtype) ? "probe response" : "beacon", 623 1.1 dyoung chan)); 624 1.1 dyoung return; 625 1.1 dyoung } 626 1.1 dyoung if (chan != bchan) { 627 1.1 dyoung /* 628 1.1 dyoung * Frame was received on a channel different from the 629 1.1 dyoung * one indicated in the DS/FH params element id; 630 1.1 dyoung * silently discard it. 631 1.1 dyoung * 632 1.1 dyoung * NB: this can happen due to signal leakage. 633 1.1 dyoung */ 634 1.1 dyoung IEEE80211_DPRINTF(("%s: ignore %s on channel %u marked " 635 1.1 dyoung "for channel %u\n", __func__, 636 1.1 dyoung ISPROBE(subtype) ? "probe response" : "beacon", 637 1.1 dyoung bchan, chan)); 638 1.1 dyoung /* XXX statistic */ 639 1.1 dyoung return; 640 1.1 dyoung } 641 1.1 dyoung 642 1.1 dyoung /* 643 1.1 dyoung * Use mac and channel for lookup so we collect all 644 1.1 dyoung * potential AP's when scanning. Otherwise we may 645 1.1 dyoung * see the same AP on multiple channels and will only 646 1.1 dyoung * record the last one. We could filter APs here based 647 1.1 dyoung * on rssi, etc. but leave that to the end of the scan 648 1.1 dyoung * so we can keep the selection criteria in one spot. 649 1.1 dyoung * This may result in a bloat of the scanned AP list but 650 1.1 dyoung * it shouldn't be too much. 651 1.1 dyoung */ 652 1.1 dyoung ni = ieee80211_lookup_node(ic, wh->i_addr2, 653 1.1 dyoung &ic->ic_channels[chan]); 654 1.1 dyoung #ifdef IEEE80211_DEBUG 655 1.1 dyoung if (ieee80211_debug && 656 1.1 dyoung (ni == NULL || ic->ic_state == IEEE80211_S_SCAN)) { 657 1.1 dyoung printf("%s: %s%s on chan %u (bss chan %u) ", 658 1.1 dyoung __func__, (ni == NULL ? "new " : ""), 659 1.1 dyoung ISPROBE(subtype) ? "probe response" : "beacon", 660 1.1 dyoung chan, bchan); 661 1.1 dyoung ieee80211_print_essid(ssid + 2, ssid[1]); 662 1.1 dyoung printf(" from %s\n", ether_sprintf(wh->i_addr2)); 663 1.1 dyoung printf("%s: caps 0x%x bintval %u erp 0x%x\n", 664 1.1 dyoung __func__, le16toh(*(u_int16_t *)capinfo), 665 1.1 dyoung le16toh(*(u_int16_t *)bintval), erp); 666 1.4 dyoung if (country) { 667 1.4 dyoung int i; 668 1.4 dyoung printf("%s: country info", __func__); 669 1.4 dyoung for (i = 0; i < country[1]; i++) 670 1.4 dyoung printf(" %02x", country[i+2]); 671 1.4 dyoung printf("\n"); 672 1.4 dyoung } 673 1.1 dyoung } 674 1.1 dyoung #endif 675 1.1 dyoung if (ni == NULL) { 676 1.1 dyoung ni = ieee80211_alloc_node(ic, wh->i_addr2); 677 1.1 dyoung if (ni == NULL) 678 1.1 dyoung return; 679 1.1 dyoung ni->ni_esslen = ssid[1]; 680 1.1 dyoung memset(ni->ni_essid, 0, sizeof(ni->ni_essid)); 681 1.1 dyoung memcpy(ni->ni_essid, ssid + 2, ssid[1]); 682 1.2 dyoung } else if (ssid[1] != 0) { 683 1.1 dyoung /* 684 1.1 dyoung * Update ESSID at probe response to adopt hidden AP by 685 1.1 dyoung * Lucent/Cisco, which announces null ESSID in beacon. 686 1.1 dyoung */ 687 1.1 dyoung ni->ni_esslen = ssid[1]; 688 1.1 dyoung memset(ni->ni_essid, 0, sizeof(ni->ni_essid)); 689 1.1 dyoung memcpy(ni->ni_essid, ssid + 2, ssid[1]); 690 1.1 dyoung } 691 1.1 dyoung IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 692 1.1 dyoung ni->ni_rssi = rssi; 693 1.1 dyoung ni->ni_rstamp = rstamp; 694 1.1 dyoung memcpy(ni->ni_tstamp, tstamp, sizeof(ni->ni_tstamp)); 695 1.1 dyoung ni->ni_intval = le16toh(*(u_int16_t *)bintval); 696 1.1 dyoung ni->ni_capinfo = le16toh(*(u_int16_t *)capinfo); 697 1.1 dyoung /* XXX validate channel # */ 698 1.1 dyoung ni->ni_chan = &ic->ic_channels[chan]; 699 1.1 dyoung ni->ni_fhdwell = fhdwell; 700 1.1 dyoung ni->ni_fhindex = fhindex; 701 1.1 dyoung ni->ni_erp = erp; 702 1.1 dyoung /* NB: must be after ni_chan is setup */ 703 1.1 dyoung ieee80211_setup_rates(ic, ni, rates, xrates, IEEE80211_F_DOSORT); 704 1.1 dyoung ieee80211_unref_node(&ni); 705 1.1 dyoung break; 706 1.1 dyoung } 707 1.1 dyoung 708 1.1 dyoung case IEEE80211_FC0_SUBTYPE_PROBE_REQ: { 709 1.1 dyoung u_int8_t rate; 710 1.1 dyoung 711 1.1 dyoung if (ic->ic_opmode == IEEE80211_M_STA) 712 1.1 dyoung return; 713 1.1 dyoung if (ic->ic_state != IEEE80211_S_RUN) 714 1.1 dyoung return; 715 1.1 dyoung 716 1.1 dyoung /* 717 1.1 dyoung * prreq frame format 718 1.1 dyoung * [tlv] ssid 719 1.1 dyoung * [tlv] supported rates 720 1.1 dyoung * [tlv] extended supported rates 721 1.1 dyoung */ 722 1.1 dyoung ssid = rates = xrates = NULL; 723 1.1 dyoung while (frm < efrm) { 724 1.1 dyoung switch (*frm) { 725 1.1 dyoung case IEEE80211_ELEMID_SSID: 726 1.1 dyoung ssid = frm; 727 1.1 dyoung break; 728 1.1 dyoung case IEEE80211_ELEMID_RATES: 729 1.1 dyoung rates = frm; 730 1.1 dyoung break; 731 1.1 dyoung case IEEE80211_ELEMID_XRATES: 732 1.1 dyoung xrates = frm; 733 1.1 dyoung break; 734 1.1 dyoung } 735 1.1 dyoung frm += frm[1] + 2; 736 1.1 dyoung } 737 1.1 dyoung IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); 738 1.1 dyoung IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN); 739 1.1 dyoung if (ssid[1] != 0 && 740 1.1 dyoung (ssid[1] != ic->ic_bss->ni_esslen || 741 1.1 dyoung memcmp(ssid + 2, ic->ic_bss->ni_essid, ic->ic_bss->ni_esslen) != 0)) { 742 1.1 dyoung #ifdef IEEE80211_DEBUG 743 1.1 dyoung if (ieee80211_debug) { 744 1.1 dyoung printf("%s: ssid unmatch ", __func__); 745 1.1 dyoung ieee80211_print_essid(ssid + 2, ssid[1]); 746 1.1 dyoung printf(" from %s\n", ether_sprintf(wh->i_addr2)); 747 1.1 dyoung } 748 1.1 dyoung #endif 749 1.1 dyoung return; 750 1.1 dyoung } 751 1.1 dyoung 752 1.1 dyoung if (ni == ic->ic_bss) { 753 1.1 dyoung ni = ieee80211_dup_bss(ic, wh->i_addr2); 754 1.1 dyoung if (ni == NULL) 755 1.1 dyoung return; 756 1.1 dyoung IEEE80211_DPRINTF(("%s: new req from %s\n", 757 1.1 dyoung __func__, ether_sprintf(wh->i_addr2))); 758 1.1 dyoung allocbs = 1; 759 1.1 dyoung } else 760 1.1 dyoung allocbs = 0; 761 1.1 dyoung ni->ni_rssi = rssi; 762 1.1 dyoung ni->ni_rstamp = rstamp; 763 1.1 dyoung rate = ieee80211_setup_rates(ic, ni, rates, xrates, 764 1.1 dyoung IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE 765 1.1 dyoung | IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 766 1.1 dyoung if (rate & IEEE80211_RATE_BASIC) { 767 1.1 dyoung IEEE80211_DPRINTF(("%s: rate negotiation failed: %s\n", 768 1.1 dyoung __func__,ether_sprintf(wh->i_addr2))); 769 1.1 dyoung } else { 770 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, 771 1.1 dyoung IEEE80211_FC0_SUBTYPE_PROBE_RESP, 0); 772 1.1 dyoung } 773 1.1 dyoung if (allocbs) { 774 1.1 dyoung /* XXX just use free? */ 775 1.1 dyoung if (ic->ic_opmode == IEEE80211_M_HOSTAP) 776 1.1 dyoung ieee80211_free_node(ic, ni); 777 1.1 dyoung else 778 1.1 dyoung ieee80211_unref_node(&ni); 779 1.1 dyoung } 780 1.1 dyoung break; 781 1.1 dyoung } 782 1.1 dyoung 783 1.1 dyoung case IEEE80211_FC0_SUBTYPE_AUTH: { 784 1.1 dyoung u_int16_t algo, seq, status; 785 1.1 dyoung /* 786 1.1 dyoung * auth frame format 787 1.1 dyoung * [2] algorithm 788 1.1 dyoung * [2] sequence 789 1.1 dyoung * [2] status 790 1.1 dyoung * [tlv*] challenge 791 1.1 dyoung */ 792 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, 6); 793 1.1 dyoung algo = le16toh(*(u_int16_t *)frm); 794 1.1 dyoung seq = le16toh(*(u_int16_t *)(frm + 2)); 795 1.1 dyoung status = le16toh(*(u_int16_t *)(frm + 4)); 796 1.1 dyoung if (algo != IEEE80211_AUTH_ALG_OPEN) { 797 1.1 dyoung /* TODO: shared key auth */ 798 1.1 dyoung IEEE80211_DPRINTF(("%s: unsupported auth %d from %s\n", 799 1.1 dyoung __func__, algo, ether_sprintf(wh->i_addr2))); 800 1.1 dyoung return; 801 1.1 dyoung } 802 1.1 dyoung switch (ic->ic_opmode) { 803 1.1 dyoung case IEEE80211_M_IBSS: 804 1.1 dyoung if (ic->ic_state != IEEE80211_S_RUN || seq != 1) 805 1.1 dyoung return; 806 1.1 dyoung ieee80211_new_state(ic, IEEE80211_S_AUTH, 807 1.1 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 808 1.1 dyoung break; 809 1.1 dyoung 810 1.1 dyoung case IEEE80211_M_AHDEMO: 811 1.1 dyoung /* should not come here */ 812 1.1 dyoung break; 813 1.1 dyoung 814 1.1 dyoung case IEEE80211_M_HOSTAP: 815 1.1 dyoung if (ic->ic_state != IEEE80211_S_RUN || seq != 1) 816 1.1 dyoung return; 817 1.1 dyoung if (ni == ic->ic_bss) { 818 1.1 dyoung ni = ieee80211_alloc_node(ic, wh->i_addr2); 819 1.1 dyoung if (ni == NULL) 820 1.1 dyoung return; 821 1.1 dyoung IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 822 1.1 dyoung ni->ni_rssi = rssi; 823 1.1 dyoung ni->ni_rstamp = rstamp; 824 1.1 dyoung ni->ni_chan = ic->ic_bss->ni_chan; 825 1.1 dyoung allocbs = 1; 826 1.1 dyoung } else 827 1.1 dyoung allocbs = 0; 828 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, 829 1.1 dyoung IEEE80211_FC0_SUBTYPE_AUTH, 2); 830 1.1 dyoung if (ifp->if_flags & IFF_DEBUG) 831 1.1 dyoung if_printf(ifp, "station %s %s authenticated\n", 832 1.1 dyoung (allocbs ? "newly" : "already"), 833 1.1 dyoung ether_sprintf(ni->ni_macaddr)); 834 1.1 dyoung break; 835 1.1 dyoung 836 1.1 dyoung case IEEE80211_M_STA: 837 1.1 dyoung if (ic->ic_state != IEEE80211_S_AUTH || seq != 2) 838 1.1 dyoung return; 839 1.1 dyoung if (status != 0) { 840 1.1 dyoung if_printf(&ic->ic_if, 841 1.1 dyoung "authentication failed (reason %d) for %s\n", 842 1.1 dyoung status, 843 1.1 dyoung ether_sprintf(wh->i_addr3)); 844 1.1 dyoung if (ni != ic->ic_bss) 845 1.1 dyoung ni->ni_fails++; 846 1.1 dyoung return; 847 1.1 dyoung } 848 1.1 dyoung ieee80211_new_state(ic, IEEE80211_S_ASSOC, 849 1.1 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 850 1.1 dyoung break; 851 1.1 dyoung case IEEE80211_M_MONITOR: 852 1.1 dyoung break; 853 1.1 dyoung } 854 1.1 dyoung break; 855 1.1 dyoung } 856 1.1 dyoung 857 1.1 dyoung case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: 858 1.1 dyoung case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: { 859 1.1 dyoung u_int16_t capinfo, bintval; 860 1.1 dyoung 861 1.1 dyoung if (ic->ic_opmode != IEEE80211_M_HOSTAP || 862 1.1 dyoung (ic->ic_state != IEEE80211_S_RUN)) 863 1.1 dyoung return; 864 1.1 dyoung 865 1.1 dyoung if (subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { 866 1.1 dyoung reassoc = 1; 867 1.1 dyoung resp = IEEE80211_FC0_SUBTYPE_REASSOC_RESP; 868 1.1 dyoung } else { 869 1.1 dyoung reassoc = 0; 870 1.1 dyoung resp = IEEE80211_FC0_SUBTYPE_ASSOC_RESP; 871 1.1 dyoung } 872 1.1 dyoung /* 873 1.1 dyoung * asreq frame format 874 1.1 dyoung * [2] capability information 875 1.1 dyoung * [2] listen interval 876 1.1 dyoung * [6*] current AP address (reassoc only) 877 1.1 dyoung * [tlv] ssid 878 1.1 dyoung * [tlv] supported rates 879 1.1 dyoung * [tlv] extended supported rates 880 1.1 dyoung */ 881 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, (reassoc ? 10 : 4)); 882 1.1 dyoung if (!IEEE80211_ADDR_EQ(wh->i_addr3, ic->ic_bss->ni_bssid)) { 883 1.1 dyoung IEEE80211_DPRINTF(("%s: ignore other bss from %s\n", 884 1.1 dyoung __func__, ether_sprintf(wh->i_addr2))); 885 1.1 dyoung return; 886 1.1 dyoung } 887 1.1 dyoung capinfo = le16toh(*(u_int16_t *)frm); frm += 2; 888 1.1 dyoung bintval = le16toh(*(u_int16_t *)frm); frm += 2; 889 1.1 dyoung if (reassoc) 890 1.1 dyoung frm += 6; /* ignore current AP info */ 891 1.1 dyoung ssid = rates = xrates = NULL; 892 1.1 dyoung while (frm < efrm) { 893 1.1 dyoung switch (*frm) { 894 1.1 dyoung case IEEE80211_ELEMID_SSID: 895 1.1 dyoung ssid = frm; 896 1.1 dyoung break; 897 1.1 dyoung case IEEE80211_ELEMID_RATES: 898 1.1 dyoung rates = frm; 899 1.1 dyoung break; 900 1.1 dyoung case IEEE80211_ELEMID_XRATES: 901 1.1 dyoung xrates = frm; 902 1.1 dyoung break; 903 1.1 dyoung } 904 1.1 dyoung frm += frm[1] + 2; 905 1.1 dyoung } 906 1.1 dyoung IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); 907 1.1 dyoung IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN); 908 1.1 dyoung if (ssid[1] != ic->ic_bss->ni_esslen || 909 1.1 dyoung memcmp(ssid + 2, ic->ic_bss->ni_essid, ssid[1]) != 0) { 910 1.1 dyoung #ifdef IEEE80211_DEBUG 911 1.1 dyoung if (ieee80211_debug) { 912 1.1 dyoung printf("%s: ssid unmatch ", __func__); 913 1.1 dyoung ieee80211_print_essid(ssid + 2, ssid[1]); 914 1.1 dyoung printf(" from %s\n", ether_sprintf(wh->i_addr2)); 915 1.1 dyoung } 916 1.1 dyoung #endif 917 1.1 dyoung return; 918 1.1 dyoung } 919 1.1 dyoung if (ni == ic->ic_bss) { 920 1.1 dyoung IEEE80211_DPRINTF(("%s: not authenticated for %s\n", 921 1.1 dyoung __func__, ether_sprintf(wh->i_addr2))); 922 1.1 dyoung ni = ieee80211_dup_bss(ic, wh->i_addr2); 923 1.1 dyoung if (ni != NULL) { 924 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, 925 1.1 dyoung IEEE80211_FC0_SUBTYPE_DEAUTH, 926 1.1 dyoung IEEE80211_REASON_ASSOC_NOT_AUTHED); 927 1.1 dyoung ieee80211_free_node(ic, ni); 928 1.1 dyoung } 929 1.1 dyoung return; 930 1.1 dyoung } 931 1.1 dyoung /* XXX per-node cipher suite */ 932 1.1 dyoung /* XXX some stations use the privacy bit for handling APs 933 1.1 dyoung that suport both encrypted and unencrypted traffic */ 934 1.1 dyoung if ((capinfo & IEEE80211_CAPINFO_ESS) == 0 || 935 1.1 dyoung (capinfo & IEEE80211_CAPINFO_PRIVACY) != 936 1.1 dyoung ((ic->ic_flags & IEEE80211_F_WEPON) ? 937 1.1 dyoung IEEE80211_CAPINFO_PRIVACY : 0)) { 938 1.1 dyoung IEEE80211_DPRINTF(("%s: capability mismatch %x for %s\n", 939 1.1 dyoung __func__, capinfo, ether_sprintf(wh->i_addr2))); 940 1.1 dyoung ni->ni_associd = 0; 941 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, resp, 942 1.1 dyoung IEEE80211_STATUS_CAPINFO); 943 1.1 dyoung return; 944 1.1 dyoung } 945 1.1 dyoung ieee80211_setup_rates(ic, ni, rates, xrates, 946 1.1 dyoung IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 947 1.1 dyoung IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 948 1.1 dyoung if (ni->ni_rates.rs_nrates == 0) { 949 1.1 dyoung IEEE80211_DPRINTF(("%s: rate unmatch for %s\n", 950 1.1 dyoung __func__, ether_sprintf(wh->i_addr2))); 951 1.1 dyoung ni->ni_associd = 0; 952 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, resp, 953 1.1 dyoung IEEE80211_STATUS_BASIC_RATE); 954 1.1 dyoung return; 955 1.1 dyoung } 956 1.1 dyoung ni->ni_rssi = rssi; 957 1.1 dyoung ni->ni_rstamp = rstamp; 958 1.1 dyoung ni->ni_intval = bintval; 959 1.1 dyoung ni->ni_capinfo = capinfo; 960 1.1 dyoung ni->ni_chan = ic->ic_bss->ni_chan; 961 1.1 dyoung ni->ni_fhdwell = ic->ic_bss->ni_fhdwell; 962 1.1 dyoung ni->ni_fhindex = ic->ic_bss->ni_fhindex; 963 1.1 dyoung if (ni->ni_associd == 0) { 964 1.1 dyoung /* XXX handle rollover at 2007 */ 965 1.1 dyoung /* XXX guarantee uniqueness */ 966 1.1 dyoung ni->ni_associd = 0xc000 | ic->ic_bss->ni_associd++; 967 1.1 dyoung newassoc = 1; 968 1.1 dyoung } else 969 1.1 dyoung newassoc = 0; 970 1.1 dyoung /* XXX for 11g must turn off short slot time if long 971 1.1 dyoung slot time sta associates */ 972 1.1 dyoung IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 973 1.1 dyoung if (ifp->if_flags & IFF_DEBUG) 974 1.1 dyoung if_printf(ifp, "station %s %s associated\n", 975 1.1 dyoung (newassoc ? "newly" : "already"), 976 1.1 dyoung ether_sprintf(ni->ni_macaddr)); 977 1.1 dyoung /* give driver a chance to setup state like ni_txrate */ 978 1.1 dyoung if (ic->ic_newassoc) 979 1.1 dyoung (*ic->ic_newassoc)(ic, ni, newassoc); 980 1.1 dyoung break; 981 1.1 dyoung } 982 1.1 dyoung 983 1.1 dyoung case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: 984 1.1 dyoung case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: { 985 1.1 dyoung u_int16_t status; 986 1.1 dyoung 987 1.1 dyoung if (ic->ic_opmode != IEEE80211_M_STA || 988 1.1 dyoung ic->ic_state != IEEE80211_S_ASSOC) 989 1.1 dyoung return; 990 1.1 dyoung 991 1.1 dyoung /* 992 1.1 dyoung * asresp frame format 993 1.1 dyoung * [2] capability information 994 1.1 dyoung * [2] status 995 1.1 dyoung * [2] association ID 996 1.1 dyoung * [tlv] supported rates 997 1.1 dyoung * [tlv] extended supported rates 998 1.1 dyoung */ 999 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, 6); 1000 1.1 dyoung ni = ic->ic_bss; 1001 1.1 dyoung ni->ni_capinfo = le16toh(*(u_int16_t *)frm); 1002 1.1 dyoung frm += 2; 1003 1.1 dyoung 1004 1.1 dyoung status = le16toh(*(u_int16_t *)frm); 1005 1.1 dyoung frm += 2; 1006 1.1 dyoung if (status != 0) { 1007 1.1 dyoung if_printf(ifp, "association failed (reason %d) for %s\n", 1008 1.1 dyoung status, ether_sprintf(wh->i_addr3)); 1009 1.1 dyoung if (ni != ic->ic_bss) 1010 1.1 dyoung ni->ni_fails++; 1011 1.1 dyoung return; 1012 1.1 dyoung } 1013 1.1 dyoung ni->ni_associd = le16toh(*(u_int16_t *)frm); 1014 1.1 dyoung frm += 2; 1015 1.1 dyoung 1016 1.1 dyoung rates = xrates = NULL; 1017 1.1 dyoung while (frm < efrm) { 1018 1.1 dyoung switch (*frm) { 1019 1.1 dyoung case IEEE80211_ELEMID_RATES: 1020 1.1 dyoung rates = frm; 1021 1.1 dyoung break; 1022 1.1 dyoung case IEEE80211_ELEMID_XRATES: 1023 1.1 dyoung xrates = frm; 1024 1.1 dyoung break; 1025 1.1 dyoung } 1026 1.1 dyoung frm += frm[1] + 2; 1027 1.1 dyoung } 1028 1.1 dyoung 1029 1.1 dyoung IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); 1030 1.1 dyoung ieee80211_setup_rates(ic, ni, rates, xrates, 1031 1.1 dyoung IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1032 1.1 dyoung IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1033 1.1 dyoung if (ni->ni_rates.rs_nrates != 0) 1034 1.1 dyoung ieee80211_new_state(ic, IEEE80211_S_RUN, 1035 1.1 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 1036 1.1 dyoung break; 1037 1.1 dyoung } 1038 1.1 dyoung 1039 1.1 dyoung case IEEE80211_FC0_SUBTYPE_DEAUTH: { 1040 1.1 dyoung u_int16_t reason; 1041 1.1 dyoung /* 1042 1.1 dyoung * deauth frame format 1043 1.1 dyoung * [2] reason 1044 1.1 dyoung */ 1045 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, 2); 1046 1.1 dyoung reason = le16toh(*(u_int16_t *)frm); 1047 1.1 dyoung switch (ic->ic_opmode) { 1048 1.1 dyoung case IEEE80211_M_STA: 1049 1.1 dyoung ieee80211_new_state(ic, IEEE80211_S_AUTH, 1050 1.1 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 1051 1.1 dyoung break; 1052 1.1 dyoung case IEEE80211_M_HOSTAP: 1053 1.1 dyoung if (ni != ic->ic_bss) { 1054 1.1 dyoung if (ifp->if_flags & IFF_DEBUG) 1055 1.1 dyoung if_printf(ifp, "station %s deauthenticated" 1056 1.1 dyoung " by peer (reason %d)\n", 1057 1.1 dyoung ether_sprintf(ni->ni_macaddr), reason); 1058 1.1 dyoung /* node will be free'd on return */ 1059 1.1 dyoung ieee80211_unref_node(&ni); 1060 1.1 dyoung } 1061 1.1 dyoung break; 1062 1.1 dyoung default: 1063 1.1 dyoung break; 1064 1.1 dyoung } 1065 1.1 dyoung break; 1066 1.1 dyoung } 1067 1.1 dyoung 1068 1.1 dyoung case IEEE80211_FC0_SUBTYPE_DISASSOC: { 1069 1.1 dyoung u_int16_t reason; 1070 1.1 dyoung /* 1071 1.1 dyoung * disassoc frame format 1072 1.1 dyoung * [2] reason 1073 1.1 dyoung */ 1074 1.1 dyoung IEEE80211_VERIFY_LENGTH(efrm - frm, 2); 1075 1.1 dyoung reason = le16toh(*(u_int16_t *)frm); 1076 1.1 dyoung switch (ic->ic_opmode) { 1077 1.1 dyoung case IEEE80211_M_STA: 1078 1.1 dyoung ieee80211_new_state(ic, IEEE80211_S_ASSOC, 1079 1.1 dyoung wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 1080 1.1 dyoung break; 1081 1.1 dyoung case IEEE80211_M_HOSTAP: 1082 1.1 dyoung if (ni != ic->ic_bss) { 1083 1.1 dyoung if (ifp->if_flags & IFF_DEBUG) 1084 1.1 dyoung if_printf(ifp, "station %s disassociated" 1085 1.1 dyoung " by peer (reason %d)\n", 1086 1.1 dyoung ether_sprintf(ni->ni_macaddr), reason); 1087 1.1 dyoung ni->ni_associd = 0; 1088 1.1 dyoung /* XXX node reclaimed how? */ 1089 1.1 dyoung } 1090 1.1 dyoung break; 1091 1.1 dyoung default: 1092 1.1 dyoung break; 1093 1.1 dyoung } 1094 1.1 dyoung break; 1095 1.1 dyoung } 1096 1.1 dyoung default: 1097 1.1 dyoung IEEE80211_DPRINTF(("%s: mgmt frame with subtype 0x%x not " 1098 1.1 dyoung "handled\n", __func__, subtype)); 1099 1.1 dyoung break; 1100 1.1 dyoung } 1101 1.1 dyoung #undef ISPROBE 1102 1.1 dyoung } 1103 1.1 dyoung #undef IEEE80211_VERIFY_LENGTH 1104 1.1 dyoung #undef IEEE80211_VERIFY_ELEMENT 1105
Indexes created Sun Sep 21 20:09:37 GMT 2025