1 | /* $NetBSD: ieee80211_input.c,v 1.85 2016/09/27 20:20:06 christos Exp $ */ |
2 | /*- |
3 | * Copyright (c) 2001 Atsushi Onoe |
4 | * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting |
5 | * All rights reserved. |
6 | * |
7 | * Redistribution and use in source and binary forms, with or without |
8 | * modification, are permitted provided that the following conditions |
9 | * are met: |
10 | * 1. Redistributions of source code must retain the above copyright |
11 | * notice, this list of conditions and the following disclaimer. |
12 | * 2. Redistributions in binary form must reproduce the above copyright |
13 | * notice, this list of conditions and the following disclaimer in the |
14 | * documentation and/or other materials provided with the distribution. |
15 | * 3. The name of the author may not be used to endorse or promote products |
16 | * derived from this software without specific prior written permission. |
17 | * |
18 | * Alternatively, this software may be distributed under the terms of the |
19 | * GNU General Public License ("GPL") version 2 as published by the Free |
20 | * Software Foundation. |
21 | * |
22 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
23 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
24 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
25 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
26 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
27 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
28 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
29 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
30 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
31 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
32 | */ |
33 | |
34 | #include <sys/cdefs.h> |
35 | #ifdef __FreeBSD__ |
36 | __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_input.c,v 1.81 2005/08/10 16:22:29 sam Exp $" ); |
37 | #endif |
38 | #ifdef __NetBSD__ |
39 | __KERNEL_RCSID(0, "$NetBSD: ieee80211_input.c,v 1.85 2016/09/27 20:20:06 christos Exp $" ); |
40 | #endif |
41 | |
42 | #ifdef _KERNEL_OPT |
43 | #include "opt_inet.h" |
44 | #endif |
45 | |
46 | #ifdef __NetBSD__ |
47 | #endif /* __NetBSD__ */ |
48 | |
49 | #include <sys/param.h> |
50 | #include <sys/systm.h> |
51 | #include <sys/mbuf.h> |
52 | #include <sys/malloc.h> |
53 | #include <sys/endian.h> |
54 | #include <sys/kernel.h> |
55 | |
56 | #include <sys/socket.h> |
57 | #include <sys/sockio.h> |
58 | #include <sys/endian.h> |
59 | #include <sys/errno.h> |
60 | #include <sys/proc.h> |
61 | #include <sys/sysctl.h> |
62 | |
63 | #include <net/if.h> |
64 | #include <net/if_media.h> |
65 | #include <net/if_arp.h> |
66 | #include <net/if_ether.h> |
67 | #include <net/if_llc.h> |
68 | |
69 | #include <net80211/ieee80211_var.h> |
70 | |
71 | #include <net/bpf.h> |
72 | |
73 | #ifdef INET |
74 | #include <netinet/in.h> |
75 | #include <net/if_ether.h> |
76 | #endif |
77 | |
78 | const struct timeval ieee80211_merge_print_intvl = {.tv_sec = 1, .tv_usec = 0}; |
79 | |
80 | #ifdef IEEE80211_DEBUG |
81 | |
82 | /* |
83 | * Decide if a received management frame should be |
84 | * printed when debugging is enabled. This filters some |
85 | * of the less interesting frames that come frequently |
86 | * (e.g. beacons). |
87 | */ |
88 | static __inline int |
89 | doprint(struct ieee80211com *ic, int subtype) |
90 | { |
91 | switch (subtype) { |
92 | case IEEE80211_FC0_SUBTYPE_BEACON: |
93 | return (ic->ic_flags & IEEE80211_F_SCAN); |
94 | case IEEE80211_FC0_SUBTYPE_PROBE_REQ: |
95 | return (ic->ic_opmode == IEEE80211_M_IBSS); |
96 | } |
97 | return 1; |
98 | } |
99 | |
100 | /* |
101 | * Emit a debug message about discarding a frame or information |
102 | * element. One format is for extracting the mac address from |
103 | * the frame header; the other is for when a header is not |
104 | * available or otherwise appropriate. |
105 | */ |
106 | #define IEEE80211_DISCARD(_ic, _m, _wh, _type, _fmt, ...) do { \ |
107 | if ((_ic)->ic_debug & (_m)) \ |
108 | ieee80211_discard_frame(_ic, _wh, _type, _fmt, __VA_ARGS__);\ |
109 | } while (0) |
110 | #define IEEE80211_DISCARD_IE(_ic, _m, _wh, _type, _fmt, ...) do { \ |
111 | if ((_ic)->ic_debug & (_m)) \ |
112 | ieee80211_discard_ie(_ic, _wh, _type, _fmt, __VA_ARGS__);\ |
113 | } while (0) |
114 | #define IEEE80211_DISCARD_MAC(_ic, _m, _mac, _type, _fmt, ...) do { \ |
115 | if ((_ic)->ic_debug & (_m)) \ |
116 | ieee80211_discard_mac(_ic, _mac, _type, _fmt, __VA_ARGS__);\ |
117 | } while (0) |
118 | #define IEEE80211_DEBUGVAR(a) a |
119 | |
120 | static const u_int8_t *ieee80211_getbssid(struct ieee80211com *, |
121 | const struct ieee80211_frame *); |
122 | static void ieee80211_discard_frame(struct ieee80211com *, |
123 | const struct ieee80211_frame *, const char *type, const char *fmt, ...); |
124 | static void ieee80211_discard_ie(struct ieee80211com *, |
125 | const struct ieee80211_frame *, const char *type, const char *fmt, ...); |
126 | static void ieee80211_discard_mac(struct ieee80211com *, |
127 | const u_int8_t mac[IEEE80211_ADDR_LEN], const char *type, |
128 | const char *fmt, ...); |
129 | #else |
130 | #define IEEE80211_DISCARD(_ic, _m, _wh, _type, _fmt, ...) |
131 | #define IEEE80211_DISCARD_IE(_ic, _m, _wh, _type, _fmt, ...) |
132 | #define IEEE80211_DISCARD_MAC(_ic, _m, _mac, _type, _fmt, ...) |
133 | #define IEEE80211_DEBUGVAR(a) |
134 | #endif /* IEEE80211_DEBUG */ |
135 | |
136 | static struct mbuf *ieee80211_defrag(struct ieee80211com *, |
137 | struct ieee80211_node *, struct mbuf *, int); |
138 | static struct mbuf *ieee80211_decap(struct ieee80211com *, struct mbuf *, int); |
139 | static void ieee80211_send_error(struct ieee80211com *, struct ieee80211_node *, |
140 | const u_int8_t *mac, int subtype, int arg); |
141 | static void ieee80211_deliver_data(struct ieee80211com *, |
142 | struct ieee80211_node *, struct mbuf *); |
143 | #ifndef IEEE80211_NO_HOSTAP |
144 | static void ieee80211_node_pwrsave(struct ieee80211_node *, int enable); |
145 | static void ieee80211_recv_pspoll(struct ieee80211com *, |
146 | struct ieee80211_node *, struct mbuf *); |
147 | #endif /* !IEEE80211_NO_HOSTAP */ |
148 | static void ieee80211_update_adhoc_node(struct ieee80211com *, |
149 | struct ieee80211_node *, struct ieee80211_frame *, |
150 | struct ieee80211_scanparams *, int, u_int32_t); |
151 | |
152 | /* |
153 | * Process a received frame. The node associated with the sender |
154 | * should be supplied. If nothing was found in the node table then |
155 | * the caller is assumed to supply a reference to ic_bss instead. |
156 | * The RSSI and a timestamp are also supplied. The RSSI data is used |
157 | * during AP scanning to select a AP to associate with; it can have |
158 | * any units so long as values have consistent units and higher values |
159 | * mean ``better signal''. The receive timestamp is currently not used |
160 | * by the 802.11 layer. |
161 | */ |
162 | int |
163 | ieee80211_input(struct ieee80211com *ic, struct mbuf *m, |
164 | struct ieee80211_node *ni, int , u_int32_t rstamp) |
165 | { |
166 | #define SEQ_LEQ(a,b) ((int)((a)-(b)) <= 0) |
167 | #define HAS_SEQ(type) ((type & 0x4) == 0) |
168 | struct ifnet *ifp = ic->ic_ifp; |
169 | struct ieee80211_frame *wh; |
170 | struct ieee80211_key *key; |
171 | struct ether_header *eh; |
172 | int hdrspace; |
173 | u_int8_t dir, type, subtype; |
174 | u_int8_t *bssid; |
175 | u_int16_t rxseq; |
176 | IEEE80211_DEBUGVAR(char ebuf[3 * ETHER_ADDR_LEN]); |
177 | |
178 | IASSERT(ni != NULL, ("null node" )); |
179 | ni->ni_inact = ni->ni_inact_reload; |
180 | |
181 | /* trim CRC here so WEP can find its own CRC at the end of packet. */ |
182 | if (m->m_flags & M_HASFCS) { |
183 | m_adj(m, -IEEE80211_CRC_LEN); |
184 | m->m_flags &= ~M_HASFCS; |
185 | } |
186 | type = -1; /* undefined */ |
187 | /* |
188 | * In monitor mode, send everything directly to bpf. |
189 | * XXX may want to include the CRC |
190 | */ |
191 | if (ic->ic_opmode == IEEE80211_M_MONITOR) |
192 | goto out; |
193 | |
194 | if (m->m_pkthdr.len < sizeof(struct ieee80211_frame_min)) { |
195 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_ANY, |
196 | ni->ni_macaddr, NULL, |
197 | "too short (1): len %u" , m->m_pkthdr.len); |
198 | ic->ic_stats.is_rx_tooshort++; |
199 | goto out; |
200 | } |
201 | /* |
202 | * Bit of a cheat here, we use a pointer for a 3-address |
203 | * frame format but don't reference fields past outside |
204 | * ieee80211_frame_min w/o first validating the data is |
205 | * present. |
206 | */ |
207 | wh = mtod(m, struct ieee80211_frame *); |
208 | |
209 | if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) != |
210 | IEEE80211_FC0_VERSION_0) { |
211 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_ANY, |
212 | ni->ni_macaddr, NULL, "wrong version %x" , wh->i_fc[0]); |
213 | ic->ic_stats.is_rx_badversion++; |
214 | goto err; |
215 | } |
216 | |
217 | dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK; |
218 | type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; |
219 | subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; |
220 | if ((ic->ic_flags & IEEE80211_F_SCAN) == 0) { |
221 | switch (ic->ic_opmode) { |
222 | case IEEE80211_M_STA: |
223 | bssid = wh->i_addr2; |
224 | if (!IEEE80211_ADDR_EQ(bssid, ni->ni_bssid)) { |
225 | /* not interested in */ |
226 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_INPUT, |
227 | bssid, NULL, "node %s, %s" , |
228 | ether_snprintf(ebuf, sizeof(ebuf), |
229 | ni->ni_bssid), "not to bss" ); |
230 | ic->ic_stats.is_rx_wrongbss++; |
231 | goto out; |
232 | } |
233 | |
234 | /* Filter out packets not directed to us in case the |
235 | * device is in promiscous mode |
236 | */ |
237 | if ((! IEEE80211_IS_MULTICAST(wh->i_addr1)) |
238 | && (! IEEE80211_ADDR_EQ(wh->i_addr1, ic->ic_myaddr))) { |
239 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_INPUT, |
240 | bssid, NULL, "not to cur sta: lladdr=%6D, addr1=%6D" , |
241 | ic->ic_myaddr, ":" , wh->i_addr1, ":" ); |
242 | ic->ic_stats.is_rx_wrongbss++; |
243 | goto out; |
244 | } |
245 | break; |
246 | case IEEE80211_M_IBSS: |
247 | case IEEE80211_M_AHDEMO: |
248 | case IEEE80211_M_HOSTAP: |
249 | if (dir != IEEE80211_FC1_DIR_NODS) |
250 | bssid = wh->i_addr1; |
251 | else if (type == IEEE80211_FC0_TYPE_CTL) |
252 | bssid = wh->i_addr1; |
253 | else { |
254 | if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) { |
255 | IEEE80211_DISCARD_MAC(ic, |
256 | IEEE80211_MSG_ANY, ni->ni_macaddr, |
257 | NULL, "too short (2): len %u" , |
258 | m->m_pkthdr.len); |
259 | ic->ic_stats.is_rx_tooshort++; |
260 | goto out; |
261 | } |
262 | bssid = wh->i_addr3; |
263 | } |
264 | if (type != IEEE80211_FC0_TYPE_DATA) |
265 | break; |
266 | /* |
267 | * Data frame, validate the bssid. |
268 | */ |
269 | if (!IEEE80211_ADDR_EQ(bssid, ic->ic_bss->ni_bssid) && |
270 | !IEEE80211_ADDR_EQ(bssid, ifp->if_broadcastaddr)) { |
271 | /* not interested in */ |
272 | IEEE80211_DEBUGVAR( |
273 | char bbuf[3 * ETHER_ADDR_LEN]); |
274 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_INPUT, |
275 | bssid, NULL, "bss %s, broadcast %s, %s" , |
276 | ether_snprintf(ebuf, sizeof(ebuf), |
277 | ic->ic_bss->ni_bssid), |
278 | ether_snprintf(bbuf, sizeof(bbuf), |
279 | ifp->if_broadcastaddr), "not to bss" ); |
280 | ic->ic_stats.is_rx_wrongbss++; |
281 | goto out; |
282 | } |
283 | /* |
284 | * For adhoc mode we cons up a node when it doesn't |
285 | * exist. This should probably done after an ACL check. |
286 | */ |
287 | if (ni == ic->ic_bss && |
288 | ic->ic_opmode != IEEE80211_M_HOSTAP && |
289 | !IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) { |
290 | /* |
291 | * Fake up a node for this newly |
292 | * discovered member of the IBSS. |
293 | */ |
294 | ni = ieee80211_fakeup_adhoc_node(&ic->ic_sta, |
295 | wh->i_addr2); |
296 | if (ni == NULL) { |
297 | /* NB: stat kept for alloc failure */ |
298 | goto err; |
299 | } |
300 | } |
301 | break; |
302 | default: |
303 | goto out; |
304 | } |
305 | ni->ni_rssi = rssi; |
306 | ni->ni_rstamp = rstamp; |
307 | if (HAS_SEQ(type) && (ic->ic_opmode != IEEE80211_M_STA || |
308 | !IEEE80211_IS_MULTICAST(wh->i_addr1))) { |
309 | u_int8_t tid, retry; |
310 | u_int16_t rxno, orxno; |
311 | |
312 | if (ieee80211_has_qos(wh)) { |
313 | tid = ((struct ieee80211_qosframe *)wh)-> |
314 | i_qos[0] & IEEE80211_QOS_TID; |
315 | if (TID_TO_WME_AC(tid) >= WME_AC_VI) |
316 | ic->ic_wme.wme_hipri_traffic++; |
317 | tid++; |
318 | } else |
319 | tid = 0; |
320 | rxseq = le16toh(*(u_int16_t *)wh->i_seq); |
321 | retry = wh->i_fc[1] & IEEE80211_FC1_RETRY; |
322 | rxno = rxseq >> IEEE80211_SEQ_SEQ_SHIFT; |
323 | orxno = ni->ni_rxseqs[tid] >> IEEE80211_SEQ_SEQ_SHIFT; |
324 | if (retry && ( |
325 | (orxno == 4095 && rxno == orxno) || |
326 | (orxno != 4095 && |
327 | SEQ_LEQ(rxseq, ni->ni_rxseqs[tid])) |
328 | )) { |
329 | /* duplicate, discard */ |
330 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_INPUT, |
331 | bssid, "duplicate" , |
332 | "seqno <%u,%u> fragno <%u,%u> tid %u" , |
333 | rxno, |
334 | orxno, |
335 | rxseq & IEEE80211_SEQ_FRAG_MASK, |
336 | ni->ni_rxseqs[tid] & |
337 | IEEE80211_SEQ_FRAG_MASK, |
338 | tid); |
339 | ic->ic_stats.is_rx_dup++; |
340 | IEEE80211_NODE_STAT(ni, rx_dup); |
341 | goto out; |
342 | } |
343 | ni->ni_rxseqs[tid] = rxseq; |
344 | } |
345 | } |
346 | |
347 | switch (type) { |
348 | case IEEE80211_FC0_TYPE_DATA: |
349 | hdrspace = ieee80211_hdrspace(ic, wh); |
350 | if (m->m_len < hdrspace && |
351 | (m = m_pullup(m, hdrspace)) == NULL) { |
352 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_ANY, |
353 | ni->ni_macaddr, NULL, |
354 | "data too short: expecting %u" , hdrspace); |
355 | ic->ic_stats.is_rx_tooshort++; |
356 | goto out; /* XXX */ |
357 | } |
358 | switch (ic->ic_opmode) { |
359 | case IEEE80211_M_STA: |
360 | if (dir != IEEE80211_FC1_DIR_FROMDS) { |
361 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
362 | wh, "data" , "%s" , "unknown dir 0x%x" , dir); |
363 | ic->ic_stats.is_rx_wrongdir++; |
364 | goto out; |
365 | } |
366 | if ((ifp->if_flags & IFF_SIMPLEX) && |
367 | IEEE80211_IS_MULTICAST(wh->i_addr1) && |
368 | IEEE80211_ADDR_EQ(wh->i_addr3, ic->ic_myaddr)) { |
369 | /* |
370 | * In IEEE802.11 network, multicast packet |
371 | * sent from me is broadcasted from AP. |
372 | * It should be silently discarded for |
373 | * SIMPLEX interface. |
374 | */ |
375 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
376 | wh, NULL, "%s" , "multicast echo" ); |
377 | ic->ic_stats.is_rx_mcastecho++; |
378 | goto out; |
379 | } |
380 | break; |
381 | case IEEE80211_M_IBSS: |
382 | case IEEE80211_M_AHDEMO: |
383 | if (dir != IEEE80211_FC1_DIR_NODS) { |
384 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
385 | wh, "data" , "%s" , "unknown dir 0x%x" , dir); |
386 | ic->ic_stats.is_rx_wrongdir++; |
387 | goto out; |
388 | } |
389 | /* XXX no power-save support */ |
390 | break; |
391 | case IEEE80211_M_HOSTAP: |
392 | #ifndef IEEE80211_NO_HOSTAP |
393 | if (dir != IEEE80211_FC1_DIR_TODS) { |
394 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
395 | wh, "data" , "%s" , "unknown dir 0x%x" , dir); |
396 | ic->ic_stats.is_rx_wrongdir++; |
397 | goto out; |
398 | } |
399 | /* check if source STA is associated */ |
400 | if (ni == ic->ic_bss) { |
401 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
402 | wh, "data" , "%s" , "unknown src" ); |
403 | ieee80211_send_error(ic, ni, wh->i_addr2, |
404 | IEEE80211_FC0_SUBTYPE_DEAUTH, |
405 | IEEE80211_REASON_NOT_AUTHED); |
406 | ic->ic_stats.is_rx_notassoc++; |
407 | goto err; |
408 | } |
409 | if (ni->ni_associd == 0) { |
410 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
411 | wh, "data" , "%s" , "unassoc src" ); |
412 | IEEE80211_SEND_MGMT(ic, ni, |
413 | IEEE80211_FC0_SUBTYPE_DISASSOC, |
414 | IEEE80211_REASON_NOT_ASSOCED); |
415 | ic->ic_stats.is_rx_notassoc++; |
416 | goto err; |
417 | } |
418 | |
419 | /* |
420 | * Check for power save state change. |
421 | */ |
422 | if (((wh->i_fc[1] & IEEE80211_FC1_PWR_MGT) ^ |
423 | (ni->ni_flags & IEEE80211_NODE_PWR_MGT))) |
424 | ieee80211_node_pwrsave(ni, |
425 | wh->i_fc[1] & IEEE80211_FC1_PWR_MGT); |
426 | #endif /* !IEEE80211_NO_HOSTAP */ |
427 | break; |
428 | default: |
429 | /* XXX here to keep compiler happy */ |
430 | goto out; |
431 | } |
432 | |
433 | /* |
434 | * Handle privacy requirements. Note that we |
435 | * must not be preempted from here until after |
436 | * we (potentially) call ieee80211_crypto_demic; |
437 | * otherwise we may violate assumptions in the |
438 | * crypto cipher modules used to do delayed update |
439 | * of replay sequence numbers. |
440 | */ |
441 | if (wh->i_fc[1] & IEEE80211_FC1_WEP) { |
442 | if ((ic->ic_flags & IEEE80211_F_PRIVACY) == 0) { |
443 | /* |
444 | * Discard encrypted frames when privacy is off. |
445 | */ |
446 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
447 | wh, "WEP" , "%s" , "PRIVACY off" ); |
448 | ic->ic_stats.is_rx_noprivacy++; |
449 | IEEE80211_NODE_STAT(ni, rx_noprivacy); |
450 | goto out; |
451 | } |
452 | key = ieee80211_crypto_decap(ic, ni, m, hdrspace); |
453 | if (key == NULL) { |
454 | /* NB: stats+msgs handled in crypto_decap */ |
455 | IEEE80211_NODE_STAT(ni, rx_wepfail); |
456 | goto out; |
457 | } |
458 | wh = mtod(m, struct ieee80211_frame *); |
459 | wh->i_fc[1] &= ~IEEE80211_FC1_WEP; |
460 | } else { |
461 | key = NULL; |
462 | } |
463 | |
464 | /* |
465 | * Next up, any fragmentation. |
466 | */ |
467 | if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) { |
468 | m = ieee80211_defrag(ic, ni, m, hdrspace); |
469 | if (m == NULL) { |
470 | /* Fragment dropped or frame not complete yet */ |
471 | goto out; |
472 | } |
473 | } |
474 | wh = NULL; /* no longer valid, catch any uses */ |
475 | |
476 | /* |
477 | * Next strip any MSDU crypto bits. |
478 | */ |
479 | if (key != NULL && !ieee80211_crypto_demic(ic, key, m, 0)) { |
480 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_INPUT, |
481 | ni->ni_macaddr, "data" , "%s" , "demic error" ); |
482 | IEEE80211_NODE_STAT(ni, rx_demicfail); |
483 | goto out; |
484 | } |
485 | |
486 | /* copy to listener after decrypt */ |
487 | bpf_mtap3(ic->ic_rawbpf, m); |
488 | |
489 | /* |
490 | * Finally, strip the 802.11 header. |
491 | */ |
492 | m = ieee80211_decap(ic, m, hdrspace); |
493 | if (m == NULL) { |
494 | /* don't count Null data frames as errors */ |
495 | if (subtype == IEEE80211_FC0_SUBTYPE_NODATA) |
496 | goto out; |
497 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_INPUT, |
498 | ni->ni_macaddr, "data" , "%s" , "decap error" ); |
499 | ic->ic_stats.is_rx_decap++; |
500 | IEEE80211_NODE_STAT(ni, rx_decap); |
501 | goto err; |
502 | } |
503 | eh = mtod(m, struct ether_header *); |
504 | if (!ieee80211_node_is_authorized(ni)) { |
505 | /* |
506 | * Deny any non-PAE frames received prior to |
507 | * authorization. For open/shared-key |
508 | * authentication the port is mark authorized |
509 | * after authentication completes. For 802.1x |
510 | * the port is not marked authorized by the |
511 | * authenticator until the handshake has completed. |
512 | */ |
513 | if (eh->ether_type != htons(ETHERTYPE_PAE)) { |
514 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_INPUT, |
515 | eh->ether_shost, "data" , |
516 | "unauthorized port: ether type 0x%x len %u" , |
517 | eh->ether_type, m->m_pkthdr.len); |
518 | ic->ic_stats.is_rx_unauth++; |
519 | IEEE80211_NODE_STAT(ni, rx_unauth); |
520 | goto err; |
521 | } |
522 | } else { |
523 | /* |
524 | * When denying unencrypted frames, discard |
525 | * any non-PAE frames received without encryption. |
526 | */ |
527 | if ((ic->ic_flags & IEEE80211_F_DROPUNENC) && |
528 | key == NULL && |
529 | eh->ether_type != htons(ETHERTYPE_PAE)) { |
530 | /* |
531 | * Drop unencrypted frames. |
532 | */ |
533 | ic->ic_stats.is_rx_unencrypted++; |
534 | IEEE80211_NODE_STAT(ni, rx_unencrypted); |
535 | goto out; |
536 | } |
537 | } |
538 | ifp->if_ipackets++; |
539 | IEEE80211_NODE_STAT(ni, rx_data); |
540 | IEEE80211_NODE_STAT_ADD(ni, rx_bytes, m->m_pkthdr.len); |
541 | |
542 | ieee80211_deliver_data(ic, ni, m); |
543 | return IEEE80211_FC0_TYPE_DATA; |
544 | |
545 | case IEEE80211_FC0_TYPE_MGT: |
546 | IEEE80211_NODE_STAT(ni, rx_mgmt); |
547 | if (dir != IEEE80211_FC1_DIR_NODS) { |
548 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
549 | wh, "data" , "%s" , "unknown dir 0x%x" , dir); |
550 | ic->ic_stats.is_rx_wrongdir++; |
551 | goto err; |
552 | } |
553 | if (m->m_pkthdr.len < sizeof(struct ieee80211_frame)) { |
554 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_ANY, |
555 | ni->ni_macaddr, "mgt" , "too short: len %u" , |
556 | m->m_pkthdr.len); |
557 | ic->ic_stats.is_rx_tooshort++; |
558 | goto out; |
559 | } |
560 | #ifdef IEEE80211_DEBUG |
561 | if ((ieee80211_msg_debug(ic) && doprint(ic, subtype)) || |
562 | ieee80211_msg_dumppkts(ic)) { |
563 | if_printf(ic->ic_ifp, "received %s from %s rssi %d\n" , |
564 | ieee80211_mgt_subtype_name[subtype >> |
565 | IEEE80211_FC0_SUBTYPE_SHIFT], |
566 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2), |
567 | rssi); |
568 | } |
569 | #endif |
570 | if (wh->i_fc[1] & IEEE80211_FC1_WEP) { |
571 | if (subtype != IEEE80211_FC0_SUBTYPE_AUTH) { |
572 | /* |
573 | * Only shared key auth frames with a challenge |
574 | * should be encrypted, discard all others. |
575 | */ |
576 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
577 | wh, ieee80211_mgt_subtype_name[subtype >> |
578 | IEEE80211_FC0_SUBTYPE_SHIFT], |
579 | "%s" , "WEP set but not permitted" ); |
580 | ic->ic_stats.is_rx_mgtdiscard++; /* XXX */ |
581 | goto out; |
582 | } |
583 | if ((ic->ic_flags & IEEE80211_F_PRIVACY) == 0) { |
584 | /* |
585 | * Discard encrypted frames when privacy is off. |
586 | */ |
587 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
588 | wh, "mgt" , "%s" , "WEP set but PRIVACY off" ); |
589 | ic->ic_stats.is_rx_noprivacy++; |
590 | goto out; |
591 | } |
592 | hdrspace = ieee80211_hdrspace(ic, wh); |
593 | key = ieee80211_crypto_decap(ic, ni, m, hdrspace); |
594 | if (key == NULL) { |
595 | /* NB: stats+msgs handled in crypto_decap */ |
596 | goto out; |
597 | } |
598 | wh = mtod(m, struct ieee80211_frame *); |
599 | wh->i_fc[1] &= ~IEEE80211_FC1_WEP; |
600 | } |
601 | bpf_mtap3(ic->ic_rawbpf, m); |
602 | (*ic->ic_recv_mgmt)(ic, m, ni, subtype, rssi, rstamp); |
603 | m_freem(m); |
604 | return type; |
605 | |
606 | case IEEE80211_FC0_TYPE_CTL: |
607 | IEEE80211_NODE_STAT(ni, rx_ctrl); |
608 | ic->ic_stats.is_rx_ctl++; |
609 | #ifndef IEEE80211_NO_HOSTAP |
610 | if (ic->ic_opmode == IEEE80211_M_HOSTAP) { |
611 | switch (subtype) { |
612 | case IEEE80211_FC0_SUBTYPE_PS_POLL: |
613 | ieee80211_recv_pspoll(ic, ni, m); |
614 | break; |
615 | } |
616 | } |
617 | #endif /* !IEEE80211_NO_HOSTAP */ |
618 | goto out; |
619 | default: |
620 | IEEE80211_DISCARD(ic, IEEE80211_MSG_ANY, |
621 | wh, NULL, "bad frame type 0x%x" , type); |
622 | /* should not come here */ |
623 | break; |
624 | } |
625 | err: |
626 | ifp->if_ierrors++; |
627 | out: |
628 | if (m != NULL) { |
629 | bpf_mtap3(ic->ic_rawbpf, m); |
630 | m_freem(m); |
631 | } |
632 | return type; |
633 | #undef SEQ_LEQ |
634 | } |
635 | |
636 | /* |
637 | * This function reassemble fragments. |
638 | */ |
639 | static struct mbuf * |
640 | ieee80211_defrag(struct ieee80211com *ic, struct ieee80211_node *ni, |
641 | struct mbuf *m, int hdrspace) |
642 | { |
643 | struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); |
644 | struct ieee80211_frame *lwh; |
645 | u_int16_t rxseq; |
646 | u_int8_t fragno; |
647 | u_int8_t more_frag = wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG; |
648 | struct mbuf *mfrag; |
649 | |
650 | IASSERT(!IEEE80211_IS_MULTICAST(wh->i_addr1), ("multicast fragm?" )); |
651 | |
652 | rxseq = le16toh(*(u_int16_t *)wh->i_seq); |
653 | fragno = rxseq & IEEE80211_SEQ_FRAG_MASK; |
654 | |
655 | /* Quick way out, if there's nothing to defragment */ |
656 | if (!more_frag && fragno == 0 && ni->ni_rxfrag[0] == NULL) |
657 | return m; |
658 | |
659 | /* |
660 | * Remove frag to insure it doesn't get reaped by timer. |
661 | */ |
662 | if (ni->ni_table == NULL) { |
663 | /* |
664 | * Should never happen. If the node is orphaned (not in |
665 | * the table) then input packets should not reach here. |
666 | * Otherwise, a concurrent request that yanks the table |
667 | * should be blocked by other interlocking and/or by first |
668 | * shutting the driver down. Regardless, be defensive |
669 | * here and just bail |
670 | */ |
671 | /* XXX need msg+stat */ |
672 | m_freem(m); |
673 | return NULL; |
674 | } |
675 | IEEE80211_NODE_LOCK(ni->ni_table); |
676 | mfrag = ni->ni_rxfrag[0]; |
677 | ni->ni_rxfrag[0] = NULL; |
678 | IEEE80211_NODE_UNLOCK(ni->ni_table); |
679 | |
680 | /* |
681 | * Validate new fragment is in order and |
682 | * related to the previous ones. |
683 | */ |
684 | if (mfrag != NULL) { |
685 | u_int16_t last_rxseq; |
686 | |
687 | lwh = mtod(mfrag, struct ieee80211_frame *); |
688 | last_rxseq = le16toh(*(u_int16_t *)lwh->i_seq); |
689 | /* NB: check seq # and frag together */ |
690 | if (rxseq != last_rxseq+1 || |
691 | !IEEE80211_ADDR_EQ(wh->i_addr1, lwh->i_addr1) || |
692 | !IEEE80211_ADDR_EQ(wh->i_addr2, lwh->i_addr2)) { |
693 | /* |
694 | * Unrelated fragment or no space for it, |
695 | * clear current fragments. |
696 | */ |
697 | m_freem(mfrag); |
698 | mfrag = NULL; |
699 | } |
700 | } |
701 | |
702 | if (mfrag == NULL) { |
703 | if (fragno != 0) { /* !first fragment, discard */ |
704 | IEEE80211_NODE_STAT(ni, rx_defrag); |
705 | m_freem(m); |
706 | return NULL; |
707 | } |
708 | mfrag = m; |
709 | } else { /* concatenate */ |
710 | m_adj(m, hdrspace); /* strip header */ |
711 | m_cat(mfrag, m); |
712 | /* NB: m_cat doesn't update the packet header */ |
713 | mfrag->m_pkthdr.len += m->m_pkthdr.len; |
714 | /* track last seqnum and fragno */ |
715 | lwh = mtod(mfrag, struct ieee80211_frame *); |
716 | *(u_int16_t *) lwh->i_seq = *(u_int16_t *) wh->i_seq; |
717 | } |
718 | if (more_frag) { /* more to come, save */ |
719 | ni->ni_rxfragstamp = ticks; |
720 | ni->ni_rxfrag[0] = mfrag; |
721 | mfrag = NULL; |
722 | } |
723 | return mfrag; |
724 | } |
725 | |
726 | static void |
727 | ieee80211_deliver_data(struct ieee80211com *ic, |
728 | struct ieee80211_node *ni, struct mbuf *m) |
729 | { |
730 | struct ether_header *eh = mtod(m, struct ether_header *); |
731 | struct ifnet *ifp = ic->ic_ifp; |
732 | int error; |
733 | |
734 | /* perform as a bridge within the AP */ |
735 | if (ic->ic_opmode == IEEE80211_M_HOSTAP && |
736 | (ic->ic_flags & IEEE80211_F_NOBRIDGE) == 0) { |
737 | struct mbuf *m1 = NULL; |
738 | |
739 | if (ETHER_IS_MULTICAST(eh->ether_dhost)) { |
740 | m1 = m_copypacket(m, M_DONTWAIT); |
741 | if (m1 == NULL) |
742 | ifp->if_oerrors++; |
743 | else |
744 | m1->m_flags |= M_MCAST; |
745 | } else { |
746 | /* |
747 | * Check if the destination is known; if so |
748 | * and the port is authorized dispatch directly. |
749 | */ |
750 | struct ieee80211_node *sta = |
751 | ieee80211_find_node(&ic->ic_sta, eh->ether_dhost); |
752 | if (sta != NULL) { |
753 | if (ieee80211_node_is_authorized(sta)) { |
754 | /* |
755 | * Beware of sending to ourself; this |
756 | * needs to happen via the normal |
757 | * input path. |
758 | */ |
759 | if (sta != ic->ic_bss) { |
760 | m1 = m; |
761 | m = NULL; |
762 | } |
763 | } else { |
764 | ic->ic_stats.is_rx_unauth++; |
765 | IEEE80211_NODE_STAT(sta, rx_unauth); |
766 | } |
767 | ieee80211_free_node(sta); |
768 | } |
769 | } |
770 | if (m1 != NULL) { |
771 | int len; |
772 | #ifdef ALTQ |
773 | if (ALTQ_IS_ENABLED(&ifp->if_snd)) { |
774 | altq_etherclassify(&ifp->if_snd, m1); |
775 | } |
776 | #endif |
777 | len = m1->m_pkthdr.len; |
778 | IFQ_ENQUEUE(&ifp->if_snd, m1, error); |
779 | if (error) { |
780 | ifp->if_omcasts++; |
781 | m = NULL; |
782 | } |
783 | ifp->if_obytes += len; |
784 | } |
785 | } |
786 | if (m != NULL) { |
787 | /* |
788 | * XXX If we forward packet into transmitter of the AP, |
789 | * we don't need to duplicate for DLT_EN10MB. |
790 | */ |
791 | bpf_mtap(ifp, m); |
792 | |
793 | if (ni->ni_vlan != 0) { |
794 | /* attach vlan tag */ |
795 | /* XXX goto err? */ |
796 | VLAN_INPUT_TAG(ifp, m, ni->ni_vlan, goto out); |
797 | } |
798 | |
799 | /* |
800 | * XXX once ieee80211_input (or rxintr itself) runs in softint |
801 | * we have to change here too to use if_input. |
802 | */ |
803 | KASSERT(ifp->if_percpuq); |
804 | if_percpuq_enqueue(ifp->if_percpuq, m); |
805 | } |
806 | return; |
807 | out: |
808 | if (m != NULL) { |
809 | bpf_mtap3(ic->ic_rawbpf, m); |
810 | m_freem(m); |
811 | } |
812 | } |
813 | |
814 | static struct mbuf * |
815 | ieee80211_decap(struct ieee80211com *ic, struct mbuf *m, int hdrlen) |
816 | { |
817 | struct ieee80211_qosframe_addr4 wh; /* Max size address frames */ |
818 | struct ether_header *eh; |
819 | struct llc *llc; |
820 | |
821 | if (m->m_len < hdrlen + sizeof(*llc) && |
822 | (m = m_pullup(m, hdrlen + sizeof(*llc))) == NULL) { |
823 | /* XXX stat, msg */ |
824 | return NULL; |
825 | } |
826 | memcpy(&wh, mtod(m, void *), hdrlen); |
827 | llc = (struct llc *)(mtod(m, char *) + hdrlen); |
828 | if (llc->llc_dsap == LLC_SNAP_LSAP && llc->llc_ssap == LLC_SNAP_LSAP && |
829 | llc->llc_control == LLC_UI && llc->llc_snap.org_code[0] == 0 && |
830 | llc->llc_snap.org_code[1] == 0 && llc->llc_snap.org_code[2] == 0) { |
831 | m_adj(m, hdrlen + sizeof(struct llc) - sizeof(*eh)); |
832 | llc = NULL; |
833 | } else { |
834 | m_adj(m, hdrlen - sizeof(*eh)); |
835 | } |
836 | eh = mtod(m, struct ether_header *); |
837 | switch (wh.i_fc[1] & IEEE80211_FC1_DIR_MASK) { |
838 | case IEEE80211_FC1_DIR_NODS: |
839 | IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr1); |
840 | IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr2); |
841 | break; |
842 | case IEEE80211_FC1_DIR_TODS: |
843 | IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr3); |
844 | IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr2); |
845 | break; |
846 | case IEEE80211_FC1_DIR_FROMDS: |
847 | IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr1); |
848 | IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr3); |
849 | break; |
850 | case IEEE80211_FC1_DIR_DSTODS: |
851 | IEEE80211_ADDR_COPY(eh->ether_dhost, wh.i_addr3); |
852 | IEEE80211_ADDR_COPY(eh->ether_shost, wh.i_addr4); |
853 | break; |
854 | } |
855 | #ifdef ALIGNED_POINTER |
856 | if (!ALIGNED_POINTER(mtod(m, char *) + sizeof(*eh), u_int32_t)) { |
857 | struct mbuf *n, *n0, **np; |
858 | char *newdata; |
859 | int off, pktlen; |
860 | |
861 | n0 = NULL; |
862 | np = &n0; |
863 | off = 0; |
864 | pktlen = m->m_pkthdr.len; |
865 | while (pktlen > off) { |
866 | if (n0 == NULL) { |
867 | MGETHDR(n, M_DONTWAIT, MT_DATA); |
868 | if (n == NULL) { |
869 | m_freem(m); |
870 | return NULL; |
871 | } |
872 | M_MOVE_PKTHDR(n, m); |
873 | n->m_len = MHLEN; |
874 | } else { |
875 | MGET(n, M_DONTWAIT, MT_DATA); |
876 | if (n == NULL) { |
877 | m_freem(m); |
878 | m_freem(n0); |
879 | return NULL; |
880 | } |
881 | n->m_len = MLEN; |
882 | } |
883 | if (pktlen - off >= MINCLSIZE) { |
884 | MCLGET(n, M_DONTWAIT); |
885 | if (n->m_flags & M_EXT) |
886 | n->m_len = n->m_ext.ext_size; |
887 | } |
888 | if (n0 == NULL) { |
889 | newdata = |
890 | (char *)ALIGN(n->m_data + sizeof(*eh)) - |
891 | sizeof(*eh); |
892 | n->m_len -= newdata - n->m_data; |
893 | n->m_data = newdata; |
894 | } |
895 | if (n->m_len > pktlen - off) |
896 | n->m_len = pktlen - off; |
897 | m_copydata(m, off, n->m_len, mtod(n, void *)); |
898 | off += n->m_len; |
899 | *np = n; |
900 | np = &n->m_next; |
901 | } |
902 | m_freem(m); |
903 | m = n0; |
904 | } |
905 | #endif /* ALIGNED_POINTER */ |
906 | if (llc != NULL) { |
907 | eh = mtod(m, struct ether_header *); |
908 | eh->ether_type = htons(m->m_pkthdr.len - sizeof(*eh)); |
909 | } |
910 | return m; |
911 | } |
912 | |
913 | /* |
914 | * Install received rate set information in the node's state block. |
915 | */ |
916 | int |
917 | ieee80211_setup_rates(struct ieee80211_node *ni, |
918 | const u_int8_t *rates, const u_int8_t *xrates, int flags) |
919 | { |
920 | struct ieee80211com *ic = ni->ni_ic; |
921 | struct ieee80211_rateset *rs = &ni->ni_rates; |
922 | |
923 | memset(rs, 0, sizeof(*rs)); |
924 | rs->rs_nrates = rates[1]; |
925 | memcpy(rs->rs_rates, rates + 2, rs->rs_nrates); |
926 | if (xrates != NULL) { |
927 | u_int8_t nxrates; |
928 | /* |
929 | * Tack on 11g extended supported rate element. |
930 | */ |
931 | nxrates = xrates[1]; |
932 | if (rs->rs_nrates + nxrates > IEEE80211_RATE_MAXSIZE) { |
933 | IEEE80211_DEBUGVAR(char ebuf[3 * ETHER_ADDR_LEN]); |
934 | nxrates = IEEE80211_RATE_MAXSIZE - rs->rs_nrates; |
935 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_XRATE, |
936 | "[%s] extended rate set too large;" |
937 | " only using %u of %u rates\n" , |
938 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr), |
939 | nxrates, xrates[1]); |
940 | ic->ic_stats.is_rx_rstoobig++; |
941 | } |
942 | memcpy(rs->rs_rates + rs->rs_nrates, xrates+2, nxrates); |
943 | rs->rs_nrates += nxrates; |
944 | } |
945 | return ieee80211_fix_rate(ni, flags); |
946 | } |
947 | |
948 | static void |
949 | ieee80211_auth_open(struct ieee80211com *ic, struct ieee80211_frame *wh, |
950 | struct ieee80211_node *ni, int , u_int32_t rstamp, |
951 | u_int16_t seq, u_int16_t status) |
952 | { |
953 | IEEE80211_DEBUGVAR(char ebuf[3 * ETHER_ADDR_LEN]); |
954 | |
955 | if (ni->ni_authmode == IEEE80211_AUTH_SHARED) { |
956 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
957 | ni->ni_macaddr, "open auth" , |
958 | "bad sta auth mode %u" , ni->ni_authmode); |
959 | ic->ic_stats.is_rx_bad_auth++; /* XXX */ |
960 | if (ic->ic_opmode == IEEE80211_M_HOSTAP) { |
961 | /* XXX hack to workaround calling convention */ |
962 | ieee80211_send_error(ic, ni, wh->i_addr2, |
963 | IEEE80211_FC0_SUBTYPE_AUTH, |
964 | (seq + 1) | (IEEE80211_STATUS_ALG<<16)); |
965 | } |
966 | return; |
967 | } |
968 | switch (ic->ic_opmode) { |
969 | case IEEE80211_M_IBSS: |
970 | case IEEE80211_M_AHDEMO: |
971 | case IEEE80211_M_MONITOR: |
972 | /* should not come here */ |
973 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
974 | ni->ni_macaddr, "open auth" , |
975 | "bad operating mode %u" , ic->ic_opmode); |
976 | break; |
977 | |
978 | case IEEE80211_M_HOSTAP: |
979 | #ifndef IEEE80211_NO_HOSTAP |
980 | if (ic->ic_state != IEEE80211_S_RUN || |
981 | seq != IEEE80211_AUTH_OPEN_REQUEST) { |
982 | ic->ic_stats.is_rx_bad_auth++; |
983 | return; |
984 | } |
985 | /* always accept open authentication requests */ |
986 | if (ni == ic->ic_bss) { |
987 | ni = ieee80211_dup_bss(&ic->ic_sta, wh->i_addr2); |
988 | if (ni == NULL) |
989 | return; |
990 | } else if ((ni->ni_flags & IEEE80211_NODE_AREF) == 0) |
991 | (void) ieee80211_ref_node(ni); |
992 | /* |
993 | * Mark the node as referenced to reflect that its |
994 | * reference count has been bumped to insure it remains |
995 | * after the transaction completes. |
996 | */ |
997 | ni->ni_flags |= IEEE80211_NODE_AREF; |
998 | |
999 | IEEE80211_SEND_MGMT(ic, ni, |
1000 | IEEE80211_FC0_SUBTYPE_AUTH, seq + 1); |
1001 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, |
1002 | "[%s] station authenticated (open)\n" , |
1003 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr)); |
1004 | /* |
1005 | * When 802.1x is not in use mark the port |
1006 | * authorized at this point so traffic can flow. |
1007 | */ |
1008 | if (ni->ni_authmode != IEEE80211_AUTH_8021X) |
1009 | ieee80211_node_authorize(ni); |
1010 | #endif /* !IEEE80211_NO_HOSTAP */ |
1011 | break; |
1012 | |
1013 | case IEEE80211_M_STA: |
1014 | if (ic->ic_state != IEEE80211_S_AUTH || |
1015 | seq != IEEE80211_AUTH_OPEN_RESPONSE) { |
1016 | ic->ic_stats.is_rx_bad_auth++; |
1017 | return; |
1018 | } |
1019 | if (status != 0) { |
1020 | |
1021 | IEEE80211_DPRINTF(ic, |
1022 | IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, |
1023 | "[%s] open auth failed (reason %d)\n" , |
1024 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr), |
1025 | status); |
1026 | /* XXX can this happen? */ |
1027 | if (ni != ic->ic_bss) |
1028 | ni->ni_fails++; |
1029 | ic->ic_stats.is_rx_auth_fail++; |
1030 | ieee80211_new_state(ic, IEEE80211_S_SCAN, 0); |
1031 | } else |
1032 | ieee80211_new_state(ic, IEEE80211_S_ASSOC, |
1033 | wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); |
1034 | break; |
1035 | } |
1036 | } |
1037 | |
1038 | /* |
1039 | * Send a management frame error response to the specified |
1040 | * station. If ni is associated with the station then use |
1041 | * it; otherwise allocate a temporary node suitable for |
1042 | * transmitting the frame and then free the reference so |
1043 | * it will go away as soon as the frame has been transmitted. |
1044 | */ |
1045 | static void |
1046 | ieee80211_send_error(struct ieee80211com *ic, struct ieee80211_node *ni, |
1047 | const u_int8_t *mac, int subtype, int arg) |
1048 | { |
1049 | int istmp; |
1050 | |
1051 | if (ni == ic->ic_bss) { |
1052 | ni = ieee80211_tmp_node(ic, mac); |
1053 | if (ni == NULL) { |
1054 | /* XXX msg */ |
1055 | return; |
1056 | } |
1057 | istmp = 1; |
1058 | } else |
1059 | istmp = 0; |
1060 | IEEE80211_SEND_MGMT(ic, ni, subtype, arg); |
1061 | if (istmp) |
1062 | ieee80211_free_node(ni); |
1063 | } |
1064 | |
1065 | static int |
1066 | alloc_challenge(struct ieee80211com *ic, struct ieee80211_node *ni) |
1067 | { |
1068 | if (ni->ni_challenge == NULL) |
1069 | ni->ni_challenge = malloc(IEEE80211_CHALLENGE_LEN, |
1070 | M_DEVBUF, M_NOWAIT); |
1071 | if (ni->ni_challenge == NULL) { |
1072 | IEEE80211_DEBUGVAR(char ebuf[3 * ETHER_ADDR_LEN]); |
1073 | |
1074 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, |
1075 | "[%s] shared key challenge alloc failed\n" , |
1076 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr)); |
1077 | /* XXX statistic */ |
1078 | } |
1079 | return (ni->ni_challenge != NULL); |
1080 | } |
1081 | |
1082 | /* XXX TODO: add statistics */ |
1083 | static void |
1084 | ieee80211_auth_shared(struct ieee80211com *ic, struct ieee80211_frame *wh, |
1085 | u_int8_t *frm, u_int8_t *efrm, struct ieee80211_node *ni, int , |
1086 | u_int32_t rstamp, u_int16_t seq, u_int16_t status) |
1087 | { |
1088 | u_int8_t *challenge; |
1089 | int estatus; |
1090 | IEEE80211_DEBUGVAR(char ebuf[3 * ETHER_ADDR_LEN]); |
1091 | |
1092 | /* |
1093 | * NB: this can happen as we allow pre-shared key |
1094 | * authentication to be enabled w/o wep being turned |
1095 | * on so that configuration of these can be done |
1096 | * in any order. It may be better to enforce the |
1097 | * ordering in which case this check would just be |
1098 | * for sanity/consistency. |
1099 | */ |
1100 | if ((ic->ic_flags & IEEE80211_F_PRIVACY) == 0) { |
1101 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1102 | ni->ni_macaddr, "shared key auth" , |
1103 | "%s" , " PRIVACY is disabled" ); |
1104 | estatus = IEEE80211_STATUS_ALG; |
1105 | goto bad; |
1106 | } |
1107 | /* |
1108 | * Pre-shared key authentication is evil; accept |
1109 | * it only if explicitly configured (it is supported |
1110 | * mainly for compatibility with clients like OS X). |
1111 | */ |
1112 | if (ni->ni_authmode != IEEE80211_AUTH_AUTO && |
1113 | ni->ni_authmode != IEEE80211_AUTH_SHARED) { |
1114 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1115 | ni->ni_macaddr, "shared key auth" , |
1116 | "bad sta auth mode %u" , ni->ni_authmode); |
1117 | ic->ic_stats.is_rx_bad_auth++; /* XXX maybe a unique error? */ |
1118 | estatus = IEEE80211_STATUS_ALG; |
1119 | goto bad; |
1120 | } |
1121 | |
1122 | challenge = NULL; |
1123 | if (frm + 1 < efrm) { |
1124 | if ((frm[1] + 2) > (efrm - frm)) { |
1125 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1126 | ni->ni_macaddr, "shared key auth" , |
1127 | "ie %d/%d too long" , |
1128 | frm[0], (frm[1] + 2) - (efrm - frm)); |
1129 | ic->ic_stats.is_rx_bad_auth++; |
1130 | estatus = IEEE80211_STATUS_CHALLENGE; |
1131 | goto bad; |
1132 | } |
1133 | if (*frm == IEEE80211_ELEMID_CHALLENGE) |
1134 | challenge = frm; |
1135 | frm += frm[1] + 2; |
1136 | } |
1137 | switch (seq) { |
1138 | case IEEE80211_AUTH_SHARED_CHALLENGE: |
1139 | case IEEE80211_AUTH_SHARED_RESPONSE: |
1140 | if (challenge == NULL) { |
1141 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1142 | ni->ni_macaddr, "shared key auth" , |
1143 | "%s" , "no challenge" ); |
1144 | ic->ic_stats.is_rx_bad_auth++; |
1145 | estatus = IEEE80211_STATUS_CHALLENGE; |
1146 | goto bad; |
1147 | } |
1148 | if (challenge[1] != IEEE80211_CHALLENGE_LEN) { |
1149 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1150 | ni->ni_macaddr, "shared key auth" , |
1151 | "bad challenge len %d" , challenge[1]); |
1152 | ic->ic_stats.is_rx_bad_auth++; |
1153 | estatus = IEEE80211_STATUS_CHALLENGE; |
1154 | goto bad; |
1155 | } |
1156 | default: |
1157 | break; |
1158 | } |
1159 | switch (ic->ic_opmode) { |
1160 | case IEEE80211_M_MONITOR: |
1161 | case IEEE80211_M_AHDEMO: |
1162 | case IEEE80211_M_IBSS: |
1163 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1164 | ni->ni_macaddr, "shared key auth" , |
1165 | "bad operating mode %u" , ic->ic_opmode); |
1166 | return; |
1167 | case IEEE80211_M_HOSTAP: |
1168 | #ifndef IEEE80211_NO_HOSTAP |
1169 | { |
1170 | int allocbs; |
1171 | if (ic->ic_state != IEEE80211_S_RUN) { |
1172 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1173 | ni->ni_macaddr, "shared key auth" , |
1174 | "bad state %u" , ic->ic_state); |
1175 | estatus = IEEE80211_STATUS_ALG; /* XXX */ |
1176 | goto bad; |
1177 | } |
1178 | switch (seq) { |
1179 | case IEEE80211_AUTH_SHARED_REQUEST: |
1180 | if (ni == ic->ic_bss) { |
1181 | ni = ieee80211_dup_bss(&ic->ic_sta, wh->i_addr2); |
1182 | if (ni == NULL) { |
1183 | /* NB: no way to return an error */ |
1184 | return; |
1185 | } |
1186 | allocbs = 1; |
1187 | } else { |
1188 | if ((ni->ni_flags & IEEE80211_NODE_AREF) == 0) |
1189 | (void) ieee80211_ref_node(ni); |
1190 | allocbs = 0; |
1191 | } |
1192 | __USE(allocbs); |
1193 | /* |
1194 | * Mark the node as referenced to reflect that its |
1195 | * reference count has been bumped to insure it remains |
1196 | * after the transaction completes. |
1197 | */ |
1198 | ni->ni_flags |= IEEE80211_NODE_AREF; |
1199 | ni->ni_rssi = rssi; |
1200 | ni->ni_rstamp = rstamp; |
1201 | if (!alloc_challenge(ic, ni)) { |
1202 | /* NB: don't return error so they rexmit */ |
1203 | return; |
1204 | } |
1205 | get_random_bytes(ni->ni_challenge, |
1206 | IEEE80211_CHALLENGE_LEN); |
1207 | IEEE80211_DPRINTF(ic, |
1208 | IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, |
1209 | "[%s] shared key %sauth request\n" , |
1210 | ether_snprintf(ebuf, sizeof(ebuf), |
1211 | ni->ni_macaddr), |
1212 | allocbs ? "" : "re" ); |
1213 | break; |
1214 | case IEEE80211_AUTH_SHARED_RESPONSE: |
1215 | if (ni == ic->ic_bss) { |
1216 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1217 | ni->ni_macaddr, "shared key response" , |
1218 | "%s" , "unknown station" ); |
1219 | /* NB: don't send a response */ |
1220 | return; |
1221 | } |
1222 | if (ni->ni_challenge == NULL) { |
1223 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1224 | ni->ni_macaddr, "shared key response" , |
1225 | "%s" , "no challenge recorded" ); |
1226 | ic->ic_stats.is_rx_bad_auth++; |
1227 | estatus = IEEE80211_STATUS_CHALLENGE; |
1228 | goto bad; |
1229 | } |
1230 | if (memcmp(ni->ni_challenge, &challenge[2], |
1231 | challenge[1]) != 0) { |
1232 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1233 | ni->ni_macaddr, "shared key response" , |
1234 | "%s" , "challenge mismatch" ); |
1235 | ic->ic_stats.is_rx_auth_fail++; |
1236 | estatus = IEEE80211_STATUS_CHALLENGE; |
1237 | goto bad; |
1238 | } |
1239 | IEEE80211_DPRINTF(ic, |
1240 | IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, |
1241 | "[%s] station authenticated (shared key)\n" , |
1242 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr)); |
1243 | ieee80211_node_authorize(ni); |
1244 | break; |
1245 | default: |
1246 | IEEE80211_DISCARD_MAC(ic, IEEE80211_MSG_AUTH, |
1247 | ni->ni_macaddr, "shared key auth" , |
1248 | "bad seq %d" , seq); |
1249 | ic->ic_stats.is_rx_bad_auth++; |
1250 | estatus = IEEE80211_STATUS_SEQUENCE; |
1251 | goto bad; |
1252 | } |
1253 | IEEE80211_SEND_MGMT(ic, ni, |
1254 | IEEE80211_FC0_SUBTYPE_AUTH, seq + 1); |
1255 | } |
1256 | #endif /* !IEEE80211_NO_HOSTAP */ |
1257 | break; |
1258 | |
1259 | case IEEE80211_M_STA: |
1260 | if (ic->ic_state != IEEE80211_S_AUTH) |
1261 | return; |
1262 | switch (seq) { |
1263 | case IEEE80211_AUTH_SHARED_PASS: |
1264 | if (ni->ni_challenge != NULL) { |
1265 | free(ni->ni_challenge, M_DEVBUF); |
1266 | ni->ni_challenge = NULL; |
1267 | } |
1268 | if (status != 0) { |
1269 | IEEE80211_DPRINTF(ic, |
1270 | IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, |
1271 | "[%s] shared key auth failed (reason %d)\n" , |
1272 | ether_snprintf(ebuf, sizeof(ebuf), |
1273 | ieee80211_getbssid(ic, wh)), |
1274 | status); |
1275 | /* XXX can this happen? */ |
1276 | if (ni != ic->ic_bss) |
1277 | ni->ni_fails++; |
1278 | ic->ic_stats.is_rx_auth_fail++; |
1279 | return; |
1280 | } |
1281 | ieee80211_new_state(ic, IEEE80211_S_ASSOC, |
1282 | wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); |
1283 | break; |
1284 | case IEEE80211_AUTH_SHARED_CHALLENGE: |
1285 | if (!alloc_challenge(ic, ni)) |
1286 | return; |
1287 | /* XXX could optimize by passing recvd challenge */ |
1288 | memcpy(ni->ni_challenge, &challenge[2], challenge[1]); |
1289 | IEEE80211_SEND_MGMT(ic, ni, |
1290 | IEEE80211_FC0_SUBTYPE_AUTH, seq + 1); |
1291 | break; |
1292 | default: |
1293 | IEEE80211_DISCARD(ic, IEEE80211_MSG_AUTH, |
1294 | wh, "shared key auth" , "bad seq %d" , seq); |
1295 | ic->ic_stats.is_rx_bad_auth++; |
1296 | return; |
1297 | } |
1298 | break; |
1299 | } |
1300 | return; |
1301 | bad: |
1302 | #ifndef IEEE80211_NO_HOSTAP |
1303 | /* |
1304 | * Send an error response; but only when operating as an AP. |
1305 | */ |
1306 | if (ic->ic_opmode == IEEE80211_M_HOSTAP) { |
1307 | /* XXX hack to workaround calling convention */ |
1308 | ieee80211_send_error(ic, ni, wh->i_addr2, |
1309 | IEEE80211_FC0_SUBTYPE_AUTH, |
1310 | (seq + 1) | (estatus<<16)); |
1311 | } else if (ic->ic_opmode == IEEE80211_M_STA) { |
1312 | /* |
1313 | * Kick the state machine. This short-circuits |
1314 | * using the mgt frame timeout to trigger the |
1315 | * state transition. |
1316 | */ |
1317 | if (ic->ic_state == IEEE80211_S_AUTH) |
1318 | ieee80211_new_state(ic, IEEE80211_S_SCAN, 0); |
1319 | } |
1320 | #else |
1321 | ; |
1322 | #endif /* !IEEE80211_NO_HOSTAP */ |
1323 | } |
1324 | |
1325 | /* Verify the existence and length of __elem or get out. */ |
1326 | #define IEEE80211_VERIFY_ELEMENT(__elem, __maxlen) do { \ |
1327 | if ((__elem) == NULL) { \ |
1328 | IEEE80211_DISCARD(ic, IEEE80211_MSG_ELEMID, \ |
1329 | wh, ieee80211_mgt_subtype_name[subtype >> \ |
1330 | IEEE80211_FC0_SUBTYPE_SHIFT], \ |
1331 | "%s", "no " #__elem ); \ |
1332 | ic->ic_stats.is_rx_elem_missing++; \ |
1333 | return; \ |
1334 | } \ |
1335 | if ((__elem)[1] > (__maxlen)) { \ |
1336 | IEEE80211_DISCARD(ic, IEEE80211_MSG_ELEMID, \ |
1337 | wh, ieee80211_mgt_subtype_name[subtype >> \ |
1338 | IEEE80211_FC0_SUBTYPE_SHIFT], \ |
1339 | "bad " #__elem " len %d", (__elem)[1]); \ |
1340 | ic->ic_stats.is_rx_elem_toobig++; \ |
1341 | return; \ |
1342 | } \ |
1343 | } while (0) |
1344 | |
1345 | #define IEEE80211_VERIFY_LENGTH(_len, _minlen) do { \ |
1346 | if ((_len) < (_minlen)) { \ |
1347 | IEEE80211_DISCARD(ic, IEEE80211_MSG_ELEMID, \ |
1348 | wh, ieee80211_mgt_subtype_name[subtype >> \ |
1349 | IEEE80211_FC0_SUBTYPE_SHIFT], \ |
1350 | "%s", "ie too short"); \ |
1351 | ic->ic_stats.is_rx_elem_toosmall++; \ |
1352 | return; \ |
1353 | } \ |
1354 | } while (0) |
1355 | |
1356 | #ifdef IEEE80211_DEBUG |
1357 | static void |
1358 | ieee80211_ssid_mismatch(struct ieee80211com *ic, const char *tag, |
1359 | u_int8_t mac[IEEE80211_ADDR_LEN], u_int8_t *ssid) |
1360 | { |
1361 | char ebuf[3 * ETHER_ADDR_LEN]; |
1362 | |
1363 | printf("[%s] discard %s frame, ssid mismatch: " , |
1364 | ether_snprintf(ebuf, sizeof(ebuf), mac), tag); |
1365 | ieee80211_print_essid(ssid + 2, ssid[1]); |
1366 | printf("\n" ); |
1367 | } |
1368 | |
1369 | #define IEEE80211_VERIFY_SSID(_ni, _ssid) do { \ |
1370 | if ((_ssid)[1] != 0 && \ |
1371 | ((_ssid)[1] != (_ni)->ni_esslen || \ |
1372 | memcmp((_ssid) + 2, (_ni)->ni_essid, (_ssid)[1]) != 0)) { \ |
1373 | if (ieee80211_msg_input(ic)) \ |
1374 | ieee80211_ssid_mismatch(ic, \ |
1375 | ieee80211_mgt_subtype_name[subtype >> \ |
1376 | IEEE80211_FC0_SUBTYPE_SHIFT], \ |
1377 | wh->i_addr2, _ssid); \ |
1378 | ic->ic_stats.is_rx_ssidmismatch++; \ |
1379 | return; \ |
1380 | } \ |
1381 | } while (0) |
1382 | #else /* !IEEE80211_DEBUG */ |
1383 | #define IEEE80211_VERIFY_SSID(_ni, _ssid) do { \ |
1384 | if ((_ssid)[1] != 0 && \ |
1385 | ((_ssid)[1] != (_ni)->ni_esslen || \ |
1386 | memcmp((_ssid) + 2, (_ni)->ni_essid, (_ssid)[1]) != 0)) { \ |
1387 | ic->ic_stats.is_rx_ssidmismatch++; \ |
1388 | return; \ |
1389 | } \ |
1390 | } while (0) |
1391 | #endif /* !IEEE80211_DEBUG */ |
1392 | |
1393 | /* unaligned little endian access */ |
1394 | #define LE_READ_2(p) \ |
1395 | ((u_int16_t) \ |
1396 | ((((const u_int8_t *)(p))[0] ) | \ |
1397 | (((const u_int8_t *)(p))[1] << 8))) |
1398 | #define LE_READ_4(p) \ |
1399 | ((u_int32_t) \ |
1400 | ((((const u_int8_t *)(p))[0] ) | \ |
1401 | (((const u_int8_t *)(p))[1] << 8) | \ |
1402 | (((const u_int8_t *)(p))[2] << 16) | \ |
1403 | (((const u_int8_t *)(p))[3] << 24))) |
1404 | |
1405 | static __inline int |
1406 | iswpaoui(const u_int8_t *frm) |
1407 | { |
1408 | return frm[1] > 3 && LE_READ_4(frm+2) == ((WPA_OUI_TYPE<<24)|WPA_OUI); |
1409 | } |
1410 | |
1411 | static __inline int |
1412 | iswmeoui(const u_int8_t *frm) |
1413 | { |
1414 | return frm[1] > 3 && LE_READ_4(frm+2) == ((WME_OUI_TYPE<<24)|WME_OUI); |
1415 | } |
1416 | |
1417 | static __inline int |
1418 | iswmeparam(const u_int8_t *frm) |
1419 | { |
1420 | return frm[1] > 5 && LE_READ_4(frm+2) == ((WME_OUI_TYPE<<24)|WME_OUI) && |
1421 | frm[6] == WME_PARAM_OUI_SUBTYPE; |
1422 | } |
1423 | |
1424 | static __inline int |
1425 | iswmeinfo(const u_int8_t *frm) |
1426 | { |
1427 | return frm[1] > 5 && LE_READ_4(frm+2) == ((WME_OUI_TYPE<<24)|WME_OUI) && |
1428 | frm[6] == WME_INFO_OUI_SUBTYPE; |
1429 | } |
1430 | |
1431 | /* |
1432 | * Convert a WPA cipher selector OUI to an internal |
1433 | * cipher algorithm. Where appropriate we also |
1434 | * record any key length. |
1435 | */ |
1436 | static int |
1437 | wpa_cipher(u_int8_t *sel, u_int8_t *keylen) |
1438 | { |
1439 | #define WPA_SEL(x) (((x)<<24)|WPA_OUI) |
1440 | u_int32_t w = LE_READ_4(sel); |
1441 | |
1442 | switch (w) { |
1443 | case WPA_SEL(WPA_CSE_NULL): |
1444 | return IEEE80211_CIPHER_NONE; |
1445 | case WPA_SEL(WPA_CSE_WEP40): |
1446 | if (keylen) |
1447 | *keylen = 40 / NBBY; |
1448 | return IEEE80211_CIPHER_WEP; |
1449 | case WPA_SEL(WPA_CSE_WEP104): |
1450 | if (keylen) |
1451 | *keylen = 104 / NBBY; |
1452 | return IEEE80211_CIPHER_WEP; |
1453 | case WPA_SEL(WPA_CSE_TKIP): |
1454 | return IEEE80211_CIPHER_TKIP; |
1455 | case WPA_SEL(WPA_CSE_CCMP): |
1456 | return IEEE80211_CIPHER_AES_CCM; |
1457 | } |
1458 | return 32; /* NB: so 1<< is discarded */ |
1459 | #undef WPA_SEL |
1460 | } |
1461 | |
1462 | /* |
1463 | * Convert a WPA key management/authentication algorithm |
1464 | * to an internal code. |
1465 | */ |
1466 | static int |
1467 | wpa_keymgmt(u_int8_t *sel) |
1468 | { |
1469 | #define WPA_SEL(x) (((x)<<24)|WPA_OUI) |
1470 | u_int32_t w = LE_READ_4(sel); |
1471 | |
1472 | switch (w) { |
1473 | case WPA_SEL(WPA_ASE_8021X_UNSPEC): |
1474 | return WPA_ASE_8021X_UNSPEC; |
1475 | case WPA_SEL(WPA_ASE_8021X_PSK): |
1476 | return WPA_ASE_8021X_PSK; |
1477 | case WPA_SEL(WPA_ASE_NONE): |
1478 | return WPA_ASE_NONE; |
1479 | } |
1480 | return 0; /* NB: so is discarded */ |
1481 | #undef WPA_SEL |
1482 | } |
1483 | |
1484 | /* |
1485 | * Parse a WPA information element to collect parameters |
1486 | * and validate the parameters against what has been |
1487 | * configured for the system. |
1488 | */ |
1489 | static int |
1490 | ieee80211_parse_wpa(struct ieee80211com *ic, u_int8_t *frm, |
1491 | struct ieee80211_rsnparms *rsn, const struct ieee80211_frame *wh) |
1492 | { |
1493 | u_int8_t len = frm[1]; |
1494 | u_int32_t w; |
1495 | int n; |
1496 | |
1497 | /* |
1498 | * Check the length once for fixed parts: OUI, type, |
1499 | * version, mcast cipher, and 2 selector counts. |
1500 | * Other, variable-length data, must be checked separately. |
1501 | */ |
1502 | if ((ic->ic_flags & IEEE80211_F_WPA1) == 0) { |
1503 | IEEE80211_DISCARD_IE(ic, |
1504 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1505 | wh, "WPA" , "not WPA, flags 0x%x" , ic->ic_flags); |
1506 | return IEEE80211_REASON_IE_INVALID; |
1507 | } |
1508 | if (len < 14) { |
1509 | IEEE80211_DISCARD_IE(ic, |
1510 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1511 | wh, "WPA" , "too short, len %u" , len); |
1512 | return IEEE80211_REASON_IE_INVALID; |
1513 | } |
1514 | frm += 6, len -= 4; /* NB: len is payload only */ |
1515 | /* NB: iswapoui already validated the OUI and type */ |
1516 | w = LE_READ_2(frm); |
1517 | if (w != WPA_VERSION) { |
1518 | IEEE80211_DISCARD_IE(ic, |
1519 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1520 | wh, "WPA" , "bad version %u" , w); |
1521 | return IEEE80211_REASON_IE_INVALID; |
1522 | } |
1523 | frm += 2, len -= 2; |
1524 | |
1525 | /* multicast/group cipher */ |
1526 | w = wpa_cipher(frm, &rsn->rsn_mcastkeylen); |
1527 | if (w != rsn->rsn_mcastcipher) { |
1528 | IEEE80211_DISCARD_IE(ic, |
1529 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1530 | wh, "WPA" , "mcast cipher mismatch; got %u, expected %u" , |
1531 | w, rsn->rsn_mcastcipher); |
1532 | return IEEE80211_REASON_IE_INVALID; |
1533 | } |
1534 | frm += 4, len -= 4; |
1535 | |
1536 | /* unicast ciphers */ |
1537 | n = LE_READ_2(frm); |
1538 | frm += 2, len -= 2; |
1539 | if (len < n*4+2) { |
1540 | IEEE80211_DISCARD_IE(ic, |
1541 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1542 | wh, "WPA" , "ucast cipher data too short; len %u, n %u" , |
1543 | len, n); |
1544 | return IEEE80211_REASON_IE_INVALID; |
1545 | } |
1546 | w = 0; |
1547 | for (; n > 0; n--) { |
1548 | w |= 1<<wpa_cipher(frm, &rsn->rsn_ucastkeylen); |
1549 | frm += 4, len -= 4; |
1550 | } |
1551 | w &= rsn->rsn_ucastcipherset; |
1552 | if (w == 0) { |
1553 | IEEE80211_DISCARD_IE(ic, |
1554 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1555 | wh, "WPA" , "%s" , "ucast cipher set empty" ); |
1556 | return IEEE80211_REASON_IE_INVALID; |
1557 | } |
1558 | if (w & (1<<IEEE80211_CIPHER_TKIP)) |
1559 | rsn->rsn_ucastcipher = IEEE80211_CIPHER_TKIP; |
1560 | else |
1561 | rsn->rsn_ucastcipher = IEEE80211_CIPHER_AES_CCM; |
1562 | |
1563 | /* key management algorithms */ |
1564 | n = LE_READ_2(frm); |
1565 | frm += 2, len -= 2; |
1566 | if (len < n*4) { |
1567 | IEEE80211_DISCARD_IE(ic, |
1568 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1569 | wh, "WPA" , "key mgmt alg data too short; len %u, n %u" , |
1570 | len, n); |
1571 | return IEEE80211_REASON_IE_INVALID; |
1572 | } |
1573 | w = 0; |
1574 | for (; n > 0; n--) { |
1575 | w |= wpa_keymgmt(frm); |
1576 | frm += 4, len -= 4; |
1577 | } |
1578 | w &= rsn->rsn_keymgmtset; |
1579 | if (w == 0) { |
1580 | IEEE80211_DISCARD_IE(ic, |
1581 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1582 | wh, "WPA" , "%s" , "no acceptable key mgmt alg" ); |
1583 | return IEEE80211_REASON_IE_INVALID; |
1584 | } |
1585 | if (w & WPA_ASE_8021X_UNSPEC) |
1586 | rsn->rsn_keymgmt = WPA_ASE_8021X_UNSPEC; |
1587 | else |
1588 | rsn->rsn_keymgmt = WPA_ASE_8021X_PSK; |
1589 | |
1590 | if (len > 2) /* optional capabilities */ |
1591 | rsn->rsn_caps = LE_READ_2(frm); |
1592 | |
1593 | return 0; |
1594 | } |
1595 | |
1596 | /* |
1597 | * Convert an RSN cipher selector OUI to an internal |
1598 | * cipher algorithm. Where appropriate we also |
1599 | * record any key length. |
1600 | */ |
1601 | static int |
1602 | rsn_cipher(u_int8_t *sel, u_int8_t *keylen) |
1603 | { |
1604 | #define RSN_SEL(x) (((x)<<24)|RSN_OUI) |
1605 | u_int32_t w = LE_READ_4(sel); |
1606 | |
1607 | switch (w) { |
1608 | case RSN_SEL(RSN_CSE_NULL): |
1609 | return IEEE80211_CIPHER_NONE; |
1610 | case RSN_SEL(RSN_CSE_WEP40): |
1611 | if (keylen) |
1612 | *keylen = 40 / NBBY; |
1613 | return IEEE80211_CIPHER_WEP; |
1614 | case RSN_SEL(RSN_CSE_WEP104): |
1615 | if (keylen) |
1616 | *keylen = 104 / NBBY; |
1617 | return IEEE80211_CIPHER_WEP; |
1618 | case RSN_SEL(RSN_CSE_TKIP): |
1619 | return IEEE80211_CIPHER_TKIP; |
1620 | case RSN_SEL(RSN_CSE_CCMP): |
1621 | return IEEE80211_CIPHER_AES_CCM; |
1622 | case RSN_SEL(RSN_CSE_WRAP): |
1623 | return IEEE80211_CIPHER_AES_OCB; |
1624 | } |
1625 | return 32; /* NB: so 1<< is discarded */ |
1626 | #undef WPA_SEL |
1627 | } |
1628 | |
1629 | /* |
1630 | * Convert an RSN key management/authentication algorithm |
1631 | * to an internal code. |
1632 | */ |
1633 | static int |
1634 | rsn_keymgmt(u_int8_t *sel) |
1635 | { |
1636 | #define RSN_SEL(x) (((x)<<24)|RSN_OUI) |
1637 | u_int32_t w = LE_READ_4(sel); |
1638 | |
1639 | switch (w) { |
1640 | case RSN_SEL(RSN_ASE_8021X_UNSPEC): |
1641 | return RSN_ASE_8021X_UNSPEC; |
1642 | case RSN_SEL(RSN_ASE_8021X_PSK): |
1643 | return RSN_ASE_8021X_PSK; |
1644 | case RSN_SEL(RSN_ASE_NONE): |
1645 | return RSN_ASE_NONE; |
1646 | } |
1647 | return 0; /* NB: so is discarded */ |
1648 | #undef RSN_SEL |
1649 | } |
1650 | |
1651 | /* |
1652 | * Parse a WPA/RSN information element to collect parameters |
1653 | * and validate the parameters against what has been |
1654 | * configured for the system. |
1655 | */ |
1656 | static int |
1657 | ieee80211_parse_rsn(struct ieee80211com *ic, u_int8_t *frm, |
1658 | struct ieee80211_rsnparms *rsn, const struct ieee80211_frame *wh) |
1659 | { |
1660 | u_int8_t len = frm[1]; |
1661 | u_int32_t w; |
1662 | int n; |
1663 | |
1664 | /* |
1665 | * Check the length once for fixed parts: |
1666 | * version, mcast cipher, and 2 selector counts. |
1667 | * Other, variable-length data, must be checked separately. |
1668 | */ |
1669 | if ((ic->ic_flags & IEEE80211_F_WPA2) == 0) { |
1670 | IEEE80211_DISCARD_IE(ic, |
1671 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1672 | wh, "WPA" , "not RSN, flags 0x%x" , ic->ic_flags); |
1673 | return IEEE80211_REASON_IE_INVALID; |
1674 | } |
1675 | if (len < 10) { |
1676 | IEEE80211_DISCARD_IE(ic, |
1677 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1678 | wh, "RSN" , "too short, len %u" , len); |
1679 | return IEEE80211_REASON_IE_INVALID; |
1680 | } |
1681 | frm += 2; |
1682 | w = LE_READ_2(frm); |
1683 | if (w != RSN_VERSION) { |
1684 | IEEE80211_DISCARD_IE(ic, |
1685 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1686 | wh, "RSN" , "bad version %u" , w); |
1687 | return IEEE80211_REASON_IE_INVALID; |
1688 | } |
1689 | frm += 2, len -= 2; |
1690 | |
1691 | /* multicast/group cipher */ |
1692 | w = rsn_cipher(frm, &rsn->rsn_mcastkeylen); |
1693 | if (w != rsn->rsn_mcastcipher) { |
1694 | IEEE80211_DISCARD_IE(ic, |
1695 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1696 | wh, "RSN" , "mcast cipher mismatch; got %u, expected %u" , |
1697 | w, rsn->rsn_mcastcipher); |
1698 | return IEEE80211_REASON_IE_INVALID; |
1699 | } |
1700 | frm += 4, len -= 4; |
1701 | |
1702 | /* unicast ciphers */ |
1703 | n = LE_READ_2(frm); |
1704 | frm += 2, len -= 2; |
1705 | if (len < n*4+2) { |
1706 | IEEE80211_DISCARD_IE(ic, |
1707 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1708 | wh, "RSN" , "ucast cipher data too short; len %u, n %u" , |
1709 | len, n); |
1710 | return IEEE80211_REASON_IE_INVALID; |
1711 | } |
1712 | w = 0; |
1713 | for (; n > 0; n--) { |
1714 | w |= 1<<rsn_cipher(frm, &rsn->rsn_ucastkeylen); |
1715 | frm += 4, len -= 4; |
1716 | } |
1717 | w &= rsn->rsn_ucastcipherset; |
1718 | if (w == 0) { |
1719 | IEEE80211_DISCARD_IE(ic, |
1720 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1721 | wh, "RSN" , "%s" , "ucast cipher set empty" ); |
1722 | return IEEE80211_REASON_IE_INVALID; |
1723 | } |
1724 | if (w & (1<<IEEE80211_CIPHER_TKIP)) |
1725 | rsn->rsn_ucastcipher = IEEE80211_CIPHER_TKIP; |
1726 | else |
1727 | rsn->rsn_ucastcipher = IEEE80211_CIPHER_AES_CCM; |
1728 | |
1729 | /* key management algorithms */ |
1730 | n = LE_READ_2(frm); |
1731 | frm += 2, len -= 2; |
1732 | if (len < n*4) { |
1733 | IEEE80211_DISCARD_IE(ic, |
1734 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1735 | wh, "RSN" , "key mgmt alg data too short; len %u, n %u" , |
1736 | len, n); |
1737 | return IEEE80211_REASON_IE_INVALID; |
1738 | } |
1739 | w = 0; |
1740 | for (; n > 0; n--) { |
1741 | w |= rsn_keymgmt(frm); |
1742 | frm += 4, len -= 4; |
1743 | } |
1744 | w &= rsn->rsn_keymgmtset; |
1745 | if (w == 0) { |
1746 | IEEE80211_DISCARD_IE(ic, |
1747 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WPA, |
1748 | wh, "RSN" , "%s" , "no acceptable key mgmt alg" ); |
1749 | return IEEE80211_REASON_IE_INVALID; |
1750 | } |
1751 | if (w & RSN_ASE_8021X_UNSPEC) |
1752 | rsn->rsn_keymgmt = RSN_ASE_8021X_UNSPEC; |
1753 | else |
1754 | rsn->rsn_keymgmt = RSN_ASE_8021X_PSK; |
1755 | |
1756 | /* optional RSN capabilities */ |
1757 | if (len > 2) |
1758 | rsn->rsn_caps = LE_READ_2(frm); |
1759 | /* XXXPMKID */ |
1760 | |
1761 | return 0; |
1762 | } |
1763 | |
1764 | static int |
1765 | ieee80211_parse_wmeparams(struct ieee80211com *ic, u_int8_t *frm, |
1766 | const struct ieee80211_frame *wh) |
1767 | { |
1768 | #define MS(_v, _f) (((_v) & _f) >> _f##_S) |
1769 | struct ieee80211_wme_state *wme = &ic->ic_wme; |
1770 | u_int len = frm[1], qosinfo; |
1771 | int i; |
1772 | |
1773 | if (len < sizeof(struct ieee80211_wme_param)-2) { |
1774 | IEEE80211_DISCARD_IE(ic, |
1775 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_WME, |
1776 | wh, "WME" , "too short, len %u" , len); |
1777 | return -1; |
1778 | } |
1779 | qosinfo = frm[offsetof(struct ieee80211_wme_param, param_qosInfo)]; |
1780 | qosinfo &= WME_QOSINFO_COUNT; |
1781 | /* XXX do proper check for wraparound */ |
1782 | if (qosinfo == wme->wme_wmeChanParams.cap_info) |
1783 | return 0; |
1784 | frm += offsetof(struct ieee80211_wme_param, params_acParams); |
1785 | for (i = 0; i < WME_NUM_AC; i++) { |
1786 | struct wmeParams *wmep = |
1787 | &wme->wme_wmeChanParams.cap_wmeParams[i]; |
1788 | /* NB: ACI not used */ |
1789 | wmep->wmep_acm = MS(frm[0], WME_PARAM_ACM); |
1790 | wmep->wmep_aifsn = MS(frm[0], WME_PARAM_AIFSN); |
1791 | wmep->wmep_logcwmin = MS(frm[1], WME_PARAM_LOGCWMIN); |
1792 | wmep->wmep_logcwmax = MS(frm[1], WME_PARAM_LOGCWMAX); |
1793 | wmep->wmep_txopLimit = LE_READ_2(frm+2); |
1794 | frm += 4; |
1795 | } |
1796 | wme->wme_wmeChanParams.cap_info = qosinfo; |
1797 | return 1; |
1798 | #undef MS |
1799 | } |
1800 | |
1801 | void |
1802 | ieee80211_saveie(u_int8_t **iep, const u_int8_t *ie) |
1803 | { |
1804 | u_int ielen = ie[1]+2; |
1805 | /* |
1806 | * Record information element for later use. |
1807 | */ |
1808 | if (*iep == NULL || (*iep)[1] != ie[1]) { |
1809 | if (*iep != NULL) |
1810 | free(*iep, M_DEVBUF); |
1811 | *iep = malloc(ielen, M_DEVBUF, M_NOWAIT); |
1812 | } |
1813 | if (*iep != NULL) |
1814 | memcpy(*iep, ie, ielen); |
1815 | /* XXX note failure */ |
1816 | } |
1817 | |
1818 | static void |
1819 | ieee80211_update_adhoc_node(struct ieee80211com *ic, struct ieee80211_node *ni, |
1820 | struct ieee80211_frame *wh, struct ieee80211_scanparams *scan, int , |
1821 | u_int32_t rstamp) |
1822 | { |
1823 | if (!IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) { |
1824 | /* |
1825 | * Create a new entry in the neighbor table. |
1826 | * Records the TSF. |
1827 | */ |
1828 | if ((ni = ieee80211_add_neighbor(ic, wh, scan)) == NULL) |
1829 | return; |
1830 | } else if (ni->ni_capinfo == 0) { |
1831 | /* |
1832 | * Initialize a node that was "faked up." Records |
1833 | * the TSF. |
1834 | * |
1835 | * No need to check for a change of BSSID: ni could |
1836 | * not have been the IBSS (ic_bss) |
1837 | */ |
1838 | ieee80211_init_neighbor(ic, ni, wh, scan, 0); |
1839 | } else { |
1840 | /* Record TSF for potential resync. */ |
1841 | memcpy(ni->ni_tstamp.data, scan->tstamp, sizeof(ni->ni_tstamp)); |
1842 | } |
1843 | |
1844 | ni->ni_rssi = rssi; |
1845 | ni->ni_rstamp = rstamp; |
1846 | |
1847 | /* Mark a neighbor's change of BSSID. */ |
1848 | if (IEEE80211_ADDR_EQ(wh->i_addr3, ni->ni_bssid)) |
1849 | return; |
1850 | |
1851 | IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); |
1852 | |
1853 | if (ni != ic->ic_bss) |
1854 | return; |
1855 | else if (ic->ic_flags & IEEE80211_F_DESBSSID) { |
1856 | /* |
1857 | * Now, ni does not represent a network we |
1858 | * want to belong to, so start a scan. |
1859 | */ |
1860 | ieee80211_new_state(ic, IEEE80211_S_SCAN, 0); |
1861 | return; |
1862 | } else { |
1863 | /* |
1864 | * A RUN->RUN transition lets the driver |
1865 | * reprogram its BSSID filter. |
1866 | * |
1867 | * No need to SCAN, we already belong to |
1868 | * an IBSS that meets our criteria: channel, |
1869 | * SSID, etc. It could be harmful to scan, |
1870 | * too: if a scan does not detect nodes |
1871 | * belonging to my current IBSS, then we |
1872 | * will create a new IBSS at the end of |
1873 | * the scan, needlessly splitting the |
1874 | * network. |
1875 | */ |
1876 | ieee80211_new_state(ic, IEEE80211_S_RUN, 0); |
1877 | } |
1878 | } |
1879 | |
1880 | void |
1881 | ieee80211_recv_mgmt(struct ieee80211com *ic, struct mbuf *m0, |
1882 | struct ieee80211_node *ni, |
1883 | int subtype, int , u_int32_t rstamp) |
1884 | { |
1885 | #define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP) |
1886 | #define ISREASSOC(_st) ((_st) == IEEE80211_FC0_SUBTYPE_REASSOC_RESP) |
1887 | struct ieee80211_frame *wh; |
1888 | u_int8_t *frm, *efrm; |
1889 | u_int8_t *ssid, *rates, *xrates, *wpa, *wme; |
1890 | int reassoc, resp, allocbs; |
1891 | u_int8_t rate; |
1892 | IEEE80211_DEBUGVAR(char ebuf[3 * ETHER_ADDR_LEN]); |
1893 | |
1894 | wh = mtod(m0, struct ieee80211_frame *); |
1895 | frm = (u_int8_t *)&wh[1]; |
1896 | efrm = mtod(m0, u_int8_t *) + m0->m_len; |
1897 | switch (subtype) { |
1898 | case IEEE80211_FC0_SUBTYPE_PROBE_RESP: |
1899 | case IEEE80211_FC0_SUBTYPE_BEACON: { |
1900 | struct ieee80211_scanparams scan; |
1901 | |
1902 | /* |
1903 | * We process beacon/probe response frames: |
1904 | * o when scanning, or |
1905 | * o station mode when associated (to collect state |
1906 | * updates such as 802.11g slot time), or |
1907 | * o adhoc mode (to discover neighbors) |
1908 | * Frames otherwise received are discarded. |
1909 | */ |
1910 | if (!((ic->ic_flags & IEEE80211_F_SCAN) || |
1911 | (ic->ic_opmode == IEEE80211_M_STA && ni->ni_associd) || |
1912 | ic->ic_opmode == IEEE80211_M_IBSS)) { |
1913 | ic->ic_stats.is_rx_mgtdiscard++; |
1914 | return; |
1915 | } |
1916 | /* |
1917 | * beacon/probe response frame format |
1918 | * [8] time stamp |
1919 | * [2] beacon interval |
1920 | * [2] capability information |
1921 | * [tlv] ssid |
1922 | * [tlv] supported rates |
1923 | * [tlv] country information |
1924 | * [tlv] parameter set (FH/DS) |
1925 | * [tlv] erp information |
1926 | * [tlv] extended supported rates |
1927 | * [tlv] WME |
1928 | * [tlv] WPA or RSN |
1929 | */ |
1930 | IEEE80211_VERIFY_LENGTH(efrm - frm, 12); |
1931 | memset(&scan, 0, sizeof(scan)); |
1932 | scan.tstamp = frm; frm += 8; |
1933 | scan.bintval = le16toh(*(u_int16_t *)frm); frm += 2; |
1934 | scan.capinfo = le16toh(*(u_int16_t *)frm); frm += 2; |
1935 | scan.bchan = ieee80211_chan2ieee(ic, ic->ic_curchan); |
1936 | scan.chan = scan.bchan; |
1937 | |
1938 | while (frm < efrm) { |
1939 | switch (*frm) { |
1940 | case IEEE80211_ELEMID_SSID: |
1941 | scan.ssid = frm; |
1942 | break; |
1943 | case IEEE80211_ELEMID_RATES: |
1944 | scan.rates = frm; |
1945 | break; |
1946 | case IEEE80211_ELEMID_COUNTRY: |
1947 | scan.country = frm; |
1948 | break; |
1949 | case IEEE80211_ELEMID_FHPARMS: |
1950 | if (ic->ic_phytype == IEEE80211_T_FH) { |
1951 | scan.fhdwell = LE_READ_2(&frm[2]); |
1952 | scan.chan = IEEE80211_FH_CHAN(frm[4], frm[5]); |
1953 | scan.fhindex = frm[6]; |
1954 | } |
1955 | break; |
1956 | case IEEE80211_ELEMID_DSPARMS: |
1957 | /* |
1958 | * XXX hack this since depending on phytype |
1959 | * is problematic for multi-mode devices. |
1960 | */ |
1961 | if (ic->ic_phytype != IEEE80211_T_FH) |
1962 | scan.chan = frm[2]; |
1963 | break; |
1964 | case IEEE80211_ELEMID_TIM: |
1965 | /* XXX ATIM? */ |
1966 | scan.tim = frm; |
1967 | scan.timoff = frm - mtod(m0, u_int8_t *); |
1968 | break; |
1969 | case IEEE80211_ELEMID_IBSSPARMS: |
1970 | break; |
1971 | case IEEE80211_ELEMID_XRATES: |
1972 | scan.xrates = frm; |
1973 | break; |
1974 | case IEEE80211_ELEMID_ERP: |
1975 | if (frm[1] != 1) { |
1976 | IEEE80211_DISCARD_IE(ic, |
1977 | IEEE80211_MSG_ELEMID, wh, "ERP" , |
1978 | "bad len %u" , frm[1]); |
1979 | ic->ic_stats.is_rx_elem_toobig++; |
1980 | break; |
1981 | } |
1982 | scan.erp = frm[2]; |
1983 | break; |
1984 | case IEEE80211_ELEMID_RSN: |
1985 | scan.wpa = frm; |
1986 | break; |
1987 | case IEEE80211_ELEMID_VENDOR: |
1988 | if (iswpaoui(frm)) |
1989 | scan.wpa = frm; |
1990 | else if (iswmeparam(frm) || iswmeinfo(frm)) |
1991 | scan.wme = frm; |
1992 | /* XXX Atheros OUI support */ |
1993 | break; |
1994 | default: |
1995 | IEEE80211_DISCARD_IE(ic, IEEE80211_MSG_ELEMID, |
1996 | wh, "unhandled" , |
1997 | "id %u, len %u" , *frm, frm[1]); |
1998 | ic->ic_stats.is_rx_elem_unknown++; |
1999 | break; |
2000 | } |
2001 | frm += frm[1] + 2; |
2002 | } |
2003 | IEEE80211_VERIFY_ELEMENT(scan.rates, IEEE80211_RATE_MAXSIZE); |
2004 | IEEE80211_VERIFY_ELEMENT(scan.ssid, IEEE80211_NWID_LEN); |
2005 | if ( |
2006 | #if IEEE80211_CHAN_MAX < 255 |
2007 | scan.chan > IEEE80211_CHAN_MAX || |
2008 | #endif |
2009 | isclr(ic->ic_chan_active, scan.chan)) { |
2010 | IEEE80211_DISCARD(ic, |
2011 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_INPUT, |
2012 | wh, ieee80211_mgt_subtype_name[subtype >> |
2013 | IEEE80211_FC0_SUBTYPE_SHIFT], |
2014 | "invalid channel %u" , scan.chan); |
2015 | ic->ic_stats.is_rx_badchan++; |
2016 | return; |
2017 | } |
2018 | if (scan.chan != scan.bchan && |
2019 | ic->ic_phytype != IEEE80211_T_FH) { |
2020 | /* |
2021 | * Frame was received on a channel different from the |
2022 | * one indicated in the DS params element id; |
2023 | * silently discard it. |
2024 | * |
2025 | * NB: this can happen due to signal leakage. |
2026 | * But we should take it for FH phy because |
2027 | * the rssi value should be correct even for |
2028 | * different hop pattern in FH. |
2029 | */ |
2030 | IEEE80211_DISCARD(ic, |
2031 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_INPUT, |
2032 | wh, ieee80211_mgt_subtype_name[subtype >> |
2033 | IEEE80211_FC0_SUBTYPE_SHIFT], |
2034 | "for off-channel %u" , scan.chan); |
2035 | ic->ic_stats.is_rx_chanmismatch++; |
2036 | return; |
2037 | } |
2038 | if (!(IEEE80211_BINTVAL_MIN <= scan.bintval && |
2039 | scan.bintval <= IEEE80211_BINTVAL_MAX)) { |
2040 | IEEE80211_DISCARD(ic, |
2041 | IEEE80211_MSG_ELEMID | IEEE80211_MSG_INPUT, |
2042 | wh, ieee80211_mgt_subtype_name[subtype >> |
2043 | IEEE80211_FC0_SUBTYPE_SHIFT], |
2044 | "bogus beacon interval" , scan.bintval); |
2045 | ic->ic_stats.is_rx_badbintval++; |
2046 | return; |
2047 | } |
2048 | |
2049 | if (ni != ic->ic_bss) { |
2050 | ni = ieee80211_refine_node_for_beacon(ic, ni, |
2051 | &ic->ic_channels[scan.chan], scan.ssid); |
2052 | } |
2053 | /* |
2054 | * Count frame now that we know it's to be processed. |
2055 | */ |
2056 | if (subtype == IEEE80211_FC0_SUBTYPE_BEACON) { |
2057 | ic->ic_stats.is_rx_beacon++; /* XXX remove */ |
2058 | IEEE80211_NODE_STAT(ni, rx_beacons); |
2059 | } else |
2060 | IEEE80211_NODE_STAT(ni, rx_proberesp); |
2061 | |
2062 | /* |
2063 | * When operating in station mode, check for state updates. |
2064 | * Be careful to ignore beacons received while doing a |
2065 | * background scan. We consider only 11g/WMM stuff right now. |
2066 | */ |
2067 | if (ic->ic_opmode == IEEE80211_M_STA && |
2068 | ni->ni_associd != 0 && |
2069 | ((ic->ic_flags & IEEE80211_F_SCAN) == 0 || |
2070 | IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_bssid))) { |
2071 | /* record tsf of last beacon */ |
2072 | memcpy(ni->ni_tstamp.data, scan.tstamp, |
2073 | sizeof(ni->ni_tstamp)); |
2074 | if (ni->ni_erp != scan.erp) { |
2075 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, |
2076 | "[%s] erp change: was 0x%x, now 0x%x\n" , |
2077 | ether_snprintf(ebuf, sizeof(ebuf), |
2078 | wh->i_addr2), ni->ni_erp, scan.erp); |
2079 | if (ic->ic_curmode == IEEE80211_MODE_11G && |
2080 | (ni->ni_erp & IEEE80211_ERP_USE_PROTECTION)) |
2081 | ic->ic_flags |= IEEE80211_F_USEPROT; |
2082 | else |
2083 | ic->ic_flags &= ~IEEE80211_F_USEPROT; |
2084 | ni->ni_erp = scan.erp; |
2085 | /* XXX statistic */ |
2086 | } |
2087 | if ((ni->ni_capinfo ^ scan.capinfo) & IEEE80211_CAPINFO_SHORT_SLOTTIME) { |
2088 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, |
2089 | "[%s] capabilities change: before 0x%x," |
2090 | " now 0x%x\n" , |
2091 | ether_snprintf(ebuf, sizeof(ebuf), |
2092 | wh->i_addr2), |
2093 | ni->ni_capinfo, scan.capinfo); |
2094 | /* |
2095 | * NB: we assume short preamble doesn't |
2096 | * change dynamically |
2097 | */ |
2098 | ieee80211_set_shortslottime(ic, |
2099 | ic->ic_curmode == IEEE80211_MODE_11A || |
2100 | (ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)); |
2101 | ni->ni_capinfo = scan.capinfo; |
2102 | /* XXX statistic */ |
2103 | } |
2104 | if (scan.wme != NULL && |
2105 | (ni->ni_flags & IEEE80211_NODE_QOS) && |
2106 | ieee80211_parse_wmeparams(ic, scan.wme, wh) > 0) |
2107 | ieee80211_wme_updateparams(ic); |
2108 | if (scan.tim != NULL) { |
2109 | struct ieee80211_tim_ie *ie = |
2110 | (struct ieee80211_tim_ie *) scan.tim; |
2111 | |
2112 | ni->ni_dtim_count = ie->tim_count; |
2113 | ni->ni_dtim_period = ie->tim_period; |
2114 | } |
2115 | if (ic->ic_flags & IEEE80211_F_SCAN) |
2116 | ieee80211_add_scan(ic, &scan, wh, |
2117 | subtype, rssi, rstamp); |
2118 | ic->ic_bmiss_count = 0; |
2119 | return; |
2120 | } |
2121 | /* |
2122 | * If scanning, just pass information to the scan module. |
2123 | */ |
2124 | if (ic->ic_flags & IEEE80211_F_SCAN) { |
2125 | if (ic->ic_flags_ext & IEEE80211_FEXT_PROBECHAN) { |
2126 | /* |
2127 | * Actively scanning a channel marked passive; |
2128 | * send a probe request now that we know there |
2129 | * is 802.11 traffic present. |
2130 | * |
2131 | * XXX check if the beacon we recv'd gives |
2132 | * us what we need and suppress the probe req |
2133 | */ |
2134 | ieee80211_probe_curchan(ic, 1); |
2135 | ic->ic_flags_ext &= ~IEEE80211_FEXT_PROBECHAN; |
2136 | } |
2137 | ieee80211_add_scan(ic, &scan, wh, |
2138 | subtype, rssi, rstamp); |
2139 | return; |
2140 | } |
2141 | if (scan.capinfo & IEEE80211_CAPINFO_IBSS) |
2142 | ieee80211_update_adhoc_node(ic, ni, wh, &scan, rssi, |
2143 | rstamp); |
2144 | break; |
2145 | } |
2146 | |
2147 | case IEEE80211_FC0_SUBTYPE_PROBE_REQ: |
2148 | if (ic->ic_opmode == IEEE80211_M_STA || |
2149 | ic->ic_state != IEEE80211_S_RUN) { |
2150 | ic->ic_stats.is_rx_mgtdiscard++; |
2151 | return; |
2152 | } |
2153 | if (IEEE80211_IS_MULTICAST(wh->i_addr2)) { |
2154 | /* frame must be directed */ |
2155 | ic->ic_stats.is_rx_mgtdiscard++; /* XXX stat */ |
2156 | return; |
2157 | } |
2158 | |
2159 | /* |
2160 | * prreq frame format |
2161 | * [tlv] ssid |
2162 | * [tlv] supported rates |
2163 | * [tlv] extended supported rates |
2164 | */ |
2165 | ssid = rates = xrates = NULL; |
2166 | while (frm < efrm) { |
2167 | switch (*frm) { |
2168 | case IEEE80211_ELEMID_SSID: |
2169 | ssid = frm; |
2170 | break; |
2171 | case IEEE80211_ELEMID_RATES: |
2172 | rates = frm; |
2173 | break; |
2174 | case IEEE80211_ELEMID_XRATES: |
2175 | xrates = frm; |
2176 | break; |
2177 | } |
2178 | frm += frm[1] + 2; |
2179 | } |
2180 | IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); |
2181 | IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN); |
2182 | IEEE80211_VERIFY_SSID(ic->ic_bss, ssid); |
2183 | if ((ic->ic_flags & IEEE80211_F_HIDESSID) && ssid[1] == 0) { |
2184 | IEEE80211_DISCARD(ic, IEEE80211_MSG_INPUT, |
2185 | wh, ieee80211_mgt_subtype_name[subtype >> |
2186 | IEEE80211_FC0_SUBTYPE_SHIFT], |
2187 | "%s" , "no ssid with ssid suppression enabled" ); |
2188 | ic->ic_stats.is_rx_ssidmismatch++; /*XXX*/ |
2189 | return; |
2190 | } |
2191 | |
2192 | if (ni == ic->ic_bss) { |
2193 | if (ic->ic_opmode != IEEE80211_M_IBSS) |
2194 | ni = ieee80211_tmp_node(ic, wh->i_addr2); |
2195 | else if (IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) |
2196 | ; |
2197 | else { |
2198 | /* |
2199 | * XXX Cannot tell if the sender is operating |
2200 | * in ibss mode. But we need a new node to |
2201 | * send the response so blindly add them to the |
2202 | * neighbor table. |
2203 | */ |
2204 | ni = ieee80211_fakeup_adhoc_node(&ic->ic_sta, |
2205 | wh->i_addr2); |
2206 | } |
2207 | if (ni == NULL) |
2208 | return; |
2209 | allocbs = 1; |
2210 | } else |
2211 | allocbs = 0; |
2212 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, |
2213 | "[%s] recv probe req\n" , ether_snprintf( |
2214 | ebuf, sizeof(ebuf), wh->i_addr2)); |
2215 | ni->ni_rssi = rssi; |
2216 | ni->ni_rstamp = rstamp; |
2217 | rate = ieee80211_setup_rates(ni, rates, xrates, |
2218 | IEEE80211_R_DOSORT | IEEE80211_R_DOFRATE |
2219 | | IEEE80211_R_DONEGO | IEEE80211_R_DODEL); |
2220 | if (rate & IEEE80211_RATE_BASIC) { |
2221 | IEEE80211_DISCARD(ic, IEEE80211_MSG_XRATE, |
2222 | wh, ieee80211_mgt_subtype_name[subtype >> |
2223 | IEEE80211_FC0_SUBTYPE_SHIFT], |
2224 | "%s" , "recv'd rate set invalid" ); |
2225 | } else { |
2226 | IEEE80211_SEND_MGMT(ic, ni, |
2227 | IEEE80211_FC0_SUBTYPE_PROBE_RESP, 0); |
2228 | } |
2229 | if (allocbs && ic->ic_opmode != IEEE80211_M_IBSS) { |
2230 | /* reclaim immediately */ |
2231 | ieee80211_free_node(ni); |
2232 | } |
2233 | break; |
2234 | |
2235 | case IEEE80211_FC0_SUBTYPE_AUTH: { |
2236 | u_int16_t algo, seq, status; |
2237 | /* |
2238 | * auth frame format |
2239 | * [2] algorithm |
2240 | * [2] sequence |
2241 | * [2] status |
2242 | * [tlv*] challenge |
2243 | */ |
2244 | IEEE80211_VERIFY_LENGTH(efrm - frm, 6); |
2245 | algo = le16toh(*(u_int16_t *)frm); |
2246 | seq = le16toh(*(u_int16_t *)(frm + 2)); |
2247 | status = le16toh(*(u_int16_t *)(frm + 4)); |
2248 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, |
2249 | "[%s] recv auth frame with algorithm %d seq %d\n" , |
2250 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2), algo, seq); |
2251 | /* |
2252 | * Consult the ACL policy module if setup. |
2253 | */ |
2254 | if (ic->ic_acl != NULL && |
2255 | !ic->ic_acl->iac_check(ic, wh->i_addr2)) { |
2256 | IEEE80211_DISCARD(ic, IEEE80211_MSG_ACL, |
2257 | wh, "auth" , "%s" , "disallowed by ACL" ); |
2258 | ic->ic_stats.is_rx_acl++; |
2259 | if (ic->ic_opmode == IEEE80211_M_HOSTAP) { |
2260 | IEEE80211_SEND_MGMT(ic, ni, |
2261 | IEEE80211_FC0_SUBTYPE_AUTH, |
2262 | (seq+1) | (IEEE80211_STATUS_UNSPECIFIED<<16)); |
2263 | } |
2264 | return; |
2265 | } |
2266 | if (ic->ic_flags & IEEE80211_F_COUNTERM) { |
2267 | IEEE80211_DISCARD(ic, |
2268 | IEEE80211_MSG_AUTH | IEEE80211_MSG_CRYPTO, |
2269 | wh, "auth" , "%s" , "TKIP countermeasures enabled" ); |
2270 | ic->ic_stats.is_rx_auth_countermeasures++; |
2271 | #ifndef IEEE80211_NO_HOSTAP |
2272 | if (ic->ic_opmode == IEEE80211_M_HOSTAP) { |
2273 | IEEE80211_SEND_MGMT(ic, ni, |
2274 | IEEE80211_FC0_SUBTYPE_AUTH, |
2275 | IEEE80211_REASON_MIC_FAILURE); |
2276 | } |
2277 | #endif /* !IEEE80211_NO_HOSTAP */ |
2278 | return; |
2279 | } |
2280 | if (algo == IEEE80211_AUTH_ALG_SHARED) |
2281 | ieee80211_auth_shared(ic, wh, frm + 6, efrm, ni, rssi, |
2282 | rstamp, seq, status); |
2283 | else if (algo == IEEE80211_AUTH_ALG_OPEN) |
2284 | ieee80211_auth_open(ic, wh, ni, rssi, rstamp, seq, |
2285 | status); |
2286 | else { |
2287 | IEEE80211_DISCARD(ic, IEEE80211_MSG_ANY, |
2288 | wh, "auth" , "unsupported alg %d" , algo); |
2289 | ic->ic_stats.is_rx_auth_unsupported++; |
2290 | #ifndef IEEE80211_NO_HOSTAP |
2291 | if (ic->ic_opmode == IEEE80211_M_HOSTAP) { |
2292 | /* XXX not right */ |
2293 | IEEE80211_SEND_MGMT(ic, ni, |
2294 | IEEE80211_FC0_SUBTYPE_AUTH, |
2295 | (seq+1) | (IEEE80211_STATUS_ALG<<16)); |
2296 | } |
2297 | #endif /* !IEEE80211_NO_HOSTAP */ |
2298 | return; |
2299 | } |
2300 | break; |
2301 | } |
2302 | |
2303 | case IEEE80211_FC0_SUBTYPE_ASSOC_REQ: |
2304 | case IEEE80211_FC0_SUBTYPE_REASSOC_REQ: { |
2305 | u_int16_t capinfo, lintval; |
2306 | struct ieee80211_rsnparms rsn; |
2307 | u_int8_t reason; |
2308 | |
2309 | if (ic->ic_opmode != IEEE80211_M_HOSTAP || |
2310 | ic->ic_state != IEEE80211_S_RUN) { |
2311 | ic->ic_stats.is_rx_mgtdiscard++; |
2312 | return; |
2313 | } |
2314 | |
2315 | if (subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ) { |
2316 | reassoc = 1; |
2317 | resp = IEEE80211_FC0_SUBTYPE_REASSOC_RESP; |
2318 | } else { |
2319 | reassoc = 0; |
2320 | resp = IEEE80211_FC0_SUBTYPE_ASSOC_RESP; |
2321 | } |
2322 | /* |
2323 | * asreq frame format |
2324 | * [2] capability information |
2325 | * [2] listen interval |
2326 | * [6*] current AP address (reassoc only) |
2327 | * [tlv] ssid |
2328 | * [tlv] supported rates |
2329 | * [tlv] extended supported rates |
2330 | * [tlv] WPA or RSN |
2331 | */ |
2332 | IEEE80211_VERIFY_LENGTH(efrm - frm, (reassoc ? 10 : 4)); |
2333 | if (!IEEE80211_ADDR_EQ(wh->i_addr3, ic->ic_bss->ni_bssid)) { |
2334 | IEEE80211_DISCARD(ic, IEEE80211_MSG_ANY, |
2335 | wh, ieee80211_mgt_subtype_name[subtype >> |
2336 | IEEE80211_FC0_SUBTYPE_SHIFT], |
2337 | "%s" , "wrong bssid" ); |
2338 | ic->ic_stats.is_rx_assoc_bss++; |
2339 | return; |
2340 | } |
2341 | capinfo = le16toh(*(u_int16_t *)frm); frm += 2; |
2342 | lintval = le16toh(*(u_int16_t *)frm); frm += 2; |
2343 | if (reassoc) |
2344 | frm += 6; /* ignore current AP info */ |
2345 | ssid = rates = xrates = wpa = wme = NULL; |
2346 | while (frm < efrm) { |
2347 | switch (*frm) { |
2348 | case IEEE80211_ELEMID_SSID: |
2349 | ssid = frm; |
2350 | break; |
2351 | case IEEE80211_ELEMID_RATES: |
2352 | rates = frm; |
2353 | break; |
2354 | case IEEE80211_ELEMID_XRATES: |
2355 | xrates = frm; |
2356 | break; |
2357 | /* XXX verify only one of RSN and WPA ie's? */ |
2358 | case IEEE80211_ELEMID_RSN: |
2359 | wpa = frm; |
2360 | break; |
2361 | case IEEE80211_ELEMID_VENDOR: |
2362 | if (iswpaoui(frm)) |
2363 | wpa = frm; |
2364 | else if (iswmeinfo(frm)) |
2365 | wme = frm; |
2366 | /* XXX Atheros OUI support */ |
2367 | break; |
2368 | } |
2369 | frm += frm[1] + 2; |
2370 | } |
2371 | IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); |
2372 | IEEE80211_VERIFY_ELEMENT(ssid, IEEE80211_NWID_LEN); |
2373 | IEEE80211_VERIFY_SSID(ic->ic_bss, ssid); |
2374 | |
2375 | if (ni == ic->ic_bss) { |
2376 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, |
2377 | "[%s] deny %s request, sta not authenticated\n" , |
2378 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2), |
2379 | reassoc ? "reassoc" : "assoc" ); |
2380 | ieee80211_send_error(ic, ni, wh->i_addr2, |
2381 | IEEE80211_FC0_SUBTYPE_DEAUTH, |
2382 | IEEE80211_REASON_ASSOC_NOT_AUTHED); |
2383 | ic->ic_stats.is_rx_assoc_notauth++; |
2384 | return; |
2385 | } |
2386 | /* assert right associstion security credentials */ |
2387 | if (wpa == NULL && (ic->ic_flags & IEEE80211_F_WPA)) { |
2388 | IEEE80211_DPRINTF(ic, |
2389 | IEEE80211_MSG_ASSOC | IEEE80211_MSG_WPA, |
2390 | "[%s] no WPA/RSN IE in association request\n" , |
2391 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2)); |
2392 | IEEE80211_SEND_MGMT(ic, ni, |
2393 | IEEE80211_FC0_SUBTYPE_DEAUTH, |
2394 | IEEE80211_REASON_RSN_REQUIRED); |
2395 | ieee80211_node_leave(ic, ni); |
2396 | /* XXX distinguish WPA/RSN? */ |
2397 | ic->ic_stats.is_rx_assoc_badwpaie++; |
2398 | return; |
2399 | } |
2400 | if (wpa != NULL) { |
2401 | /* |
2402 | * Parse WPA information element. Note that |
2403 | * we initialize the param block from the node |
2404 | * state so that information in the IE overrides |
2405 | * our defaults. The resulting parameters are |
2406 | * installed below after the association is assured. |
2407 | */ |
2408 | rsn = ni->ni_rsn; |
2409 | if (wpa[0] != IEEE80211_ELEMID_RSN) |
2410 | reason = ieee80211_parse_wpa(ic, wpa, &rsn, wh); |
2411 | else |
2412 | reason = ieee80211_parse_rsn(ic, wpa, &rsn, wh); |
2413 | if (reason != 0) { |
2414 | IEEE80211_SEND_MGMT(ic, ni, |
2415 | IEEE80211_FC0_SUBTYPE_DEAUTH, reason); |
2416 | ieee80211_node_leave(ic, ni); |
2417 | /* XXX distinguish WPA/RSN? */ |
2418 | ic->ic_stats.is_rx_assoc_badwpaie++; |
2419 | return; |
2420 | } |
2421 | IEEE80211_DPRINTF(ic, |
2422 | IEEE80211_MSG_ASSOC | IEEE80211_MSG_WPA, |
2423 | "[%s] %s ie: mc %u/%u uc %u/%u key %u caps 0x%x\n" , |
2424 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2), |
2425 | wpa[0] != IEEE80211_ELEMID_RSN ? "WPA" : "RSN" , |
2426 | rsn.rsn_mcastcipher, rsn.rsn_mcastkeylen, |
2427 | rsn.rsn_ucastcipher, rsn.rsn_ucastkeylen, |
2428 | rsn.rsn_keymgmt, rsn.rsn_caps); |
2429 | } |
2430 | /* discard challenge after association */ |
2431 | if (ni->ni_challenge != NULL) { |
2432 | free(ni->ni_challenge, M_DEVBUF); |
2433 | ni->ni_challenge = NULL; |
2434 | } |
2435 | /* NB: 802.11 spec says to ignore station's privacy bit */ |
2436 | if ((capinfo & IEEE80211_CAPINFO_ESS) == 0) { |
2437 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, |
2438 | "[%s] deny %s request, capability mismatch 0x%x\n" , |
2439 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2), |
2440 | reassoc ? "reassoc" : "assoc" , capinfo); |
2441 | IEEE80211_SEND_MGMT(ic, ni, resp, |
2442 | IEEE80211_STATUS_CAPINFO); |
2443 | ieee80211_node_leave(ic, ni); |
2444 | ic->ic_stats.is_rx_assoc_capmismatch++; |
2445 | return; |
2446 | } |
2447 | rate = ieee80211_setup_rates(ni, rates, xrates, |
2448 | IEEE80211_R_DOSORT | IEEE80211_R_DOFRATE | |
2449 | IEEE80211_R_DONEGO | IEEE80211_R_DODEL); |
2450 | /* |
2451 | * If constrained to 11g-only stations reject an |
2452 | * 11b-only station. We cheat a bit here by looking |
2453 | * at the max negotiated xmit rate and assuming anyone |
2454 | * with a best rate <24Mb/s is an 11b station. |
2455 | */ |
2456 | if ((rate & IEEE80211_RATE_BASIC) || |
2457 | ((ic->ic_flags & IEEE80211_F_PUREG) && rate < 48)) { |
2458 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ANY, |
2459 | "[%s] deny %s request, rate set mismatch\n" , |
2460 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2), |
2461 | reassoc ? "reassoc" : "assoc" ); |
2462 | IEEE80211_SEND_MGMT(ic, ni, resp, |
2463 | IEEE80211_STATUS_BASIC_RATE); |
2464 | ieee80211_node_leave(ic, ni); |
2465 | ic->ic_stats.is_rx_assoc_norate++; |
2466 | return; |
2467 | } |
2468 | ni->ni_rssi = rssi; |
2469 | ni->ni_rstamp = rstamp; |
2470 | ni->ni_intval = lintval; |
2471 | ni->ni_capinfo = capinfo; |
2472 | ni->ni_chan = ic->ic_bss->ni_chan; |
2473 | ni->ni_fhdwell = ic->ic_bss->ni_fhdwell; |
2474 | ni->ni_fhindex = ic->ic_bss->ni_fhindex; |
2475 | if (wpa != NULL) { |
2476 | /* |
2477 | * Record WPA/RSN parameters for station, mark |
2478 | * node as using WPA and record information element |
2479 | * for applications that require it. |
2480 | */ |
2481 | ni->ni_rsn = rsn; |
2482 | ieee80211_saveie(&ni->ni_wpa_ie, wpa); |
2483 | } else if (ni->ni_wpa_ie != NULL) { |
2484 | /* |
2485 | * Flush any state from a previous association. |
2486 | */ |
2487 | free(ni->ni_wpa_ie, M_DEVBUF); |
2488 | ni->ni_wpa_ie = NULL; |
2489 | } |
2490 | if (wme != NULL) { |
2491 | /* |
2492 | * Record WME parameters for station, mark node |
2493 | * as capable of QoS and record information |
2494 | * element for applications that require it. |
2495 | */ |
2496 | ieee80211_saveie(&ni->ni_wme_ie, wme); |
2497 | ni->ni_flags |= IEEE80211_NODE_QOS; |
2498 | } else if (ni->ni_wme_ie != NULL) { |
2499 | /* |
2500 | * Flush any state from a previous association. |
2501 | */ |
2502 | free(ni->ni_wme_ie, M_DEVBUF); |
2503 | ni->ni_wme_ie = NULL; |
2504 | ni->ni_flags &= ~IEEE80211_NODE_QOS; |
2505 | } |
2506 | ieee80211_node_join(ic, ni, resp); |
2507 | break; |
2508 | } |
2509 | |
2510 | case IEEE80211_FC0_SUBTYPE_ASSOC_RESP: |
2511 | case IEEE80211_FC0_SUBTYPE_REASSOC_RESP: { |
2512 | u_int16_t capinfo, associd; |
2513 | u_int16_t status; |
2514 | |
2515 | if (ic->ic_opmode != IEEE80211_M_STA || |
2516 | ic->ic_state != IEEE80211_S_ASSOC) { |
2517 | ic->ic_stats.is_rx_mgtdiscard++; |
2518 | return; |
2519 | } |
2520 | |
2521 | /* |
2522 | * asresp frame format |
2523 | * [2] capability information |
2524 | * [2] status |
2525 | * [2] association ID |
2526 | * [tlv] supported rates |
2527 | * [tlv] extended supported rates |
2528 | * [tlv] WME |
2529 | */ |
2530 | IEEE80211_VERIFY_LENGTH(efrm - frm, 6); |
2531 | ni = ic->ic_bss; |
2532 | capinfo = le16toh(*(u_int16_t *)frm); |
2533 | frm += 2; |
2534 | status = le16toh(*(u_int16_t *)frm); |
2535 | frm += 2; |
2536 | if (status != 0) { |
2537 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, |
2538 | "[%s] %sassoc failed (reason %d)\n" , |
2539 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2), |
2540 | ISREASSOC(subtype) ? "re" : "" , status); |
2541 | if (ni != ic->ic_bss) /* XXX never true? */ |
2542 | ni->ni_fails++; |
2543 | ic->ic_stats.is_rx_auth_fail++; /* XXX */ |
2544 | return; |
2545 | } |
2546 | associd = le16toh(*(u_int16_t *)frm); |
2547 | frm += 2; |
2548 | |
2549 | rates = xrates = wpa = wme = NULL; |
2550 | while (frm < efrm) { |
2551 | switch (*frm) { |
2552 | case IEEE80211_ELEMID_RATES: |
2553 | rates = frm; |
2554 | break; |
2555 | case IEEE80211_ELEMID_XRATES: |
2556 | xrates = frm; |
2557 | break; |
2558 | case IEEE80211_ELEMID_VENDOR: |
2559 | if (iswmeoui(frm)) |
2560 | wme = frm; |
2561 | /* XXX Atheros OUI support */ |
2562 | break; |
2563 | } |
2564 | frm += frm[1] + 2; |
2565 | } |
2566 | |
2567 | IEEE80211_VERIFY_ELEMENT(rates, IEEE80211_RATE_MAXSIZE); |
2568 | rate = ieee80211_setup_rates(ni, rates, xrates, |
2569 | IEEE80211_R_DOSORT | IEEE80211_R_DOFRATE | |
2570 | IEEE80211_R_DONEGO | IEEE80211_R_DODEL); |
2571 | if (rate & IEEE80211_RATE_BASIC) { |
2572 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, |
2573 | "[%s] %sassoc failed (rate set mismatch)\n" , |
2574 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2), |
2575 | ISREASSOC(subtype) ? "re" : "" ); |
2576 | if (ni != ic->ic_bss) /* XXX never true? */ |
2577 | ni->ni_fails++; |
2578 | ic->ic_stats.is_rx_assoc_norate++; |
2579 | ieee80211_new_state(ic, IEEE80211_S_SCAN, 0); |
2580 | return; |
2581 | } |
2582 | |
2583 | ni->ni_capinfo = capinfo; |
2584 | ni->ni_associd = associd; |
2585 | if (wme != NULL && |
2586 | ieee80211_parse_wmeparams(ic, wme, wh) >= 0) { |
2587 | ni->ni_flags |= IEEE80211_NODE_QOS; |
2588 | ieee80211_wme_updateparams(ic); |
2589 | } else |
2590 | ni->ni_flags &= ~IEEE80211_NODE_QOS; |
2591 | /* |
2592 | * Configure state now that we are associated. |
2593 | * |
2594 | * XXX may need different/additional driver callbacks? |
2595 | */ |
2596 | if (ic->ic_curmode == IEEE80211_MODE_11A || |
2597 | (ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE)) { |
2598 | ic->ic_flags |= IEEE80211_F_SHPREAMBLE; |
2599 | ic->ic_flags &= ~IEEE80211_F_USEBARKER; |
2600 | } else { |
2601 | ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; |
2602 | ic->ic_flags |= IEEE80211_F_USEBARKER; |
2603 | } |
2604 | ieee80211_set_shortslottime(ic, |
2605 | ic->ic_curmode == IEEE80211_MODE_11A || |
2606 | (ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)); |
2607 | /* |
2608 | * Honor ERP protection. |
2609 | * |
2610 | * NB: ni_erp should zero for non-11g operation. |
2611 | * XXX check ic_curmode anyway? |
2612 | */ |
2613 | if (ic->ic_curmode == IEEE80211_MODE_11G && |
2614 | (ni->ni_erp & IEEE80211_ERP_USE_PROTECTION)) |
2615 | ic->ic_flags |= IEEE80211_F_USEPROT; |
2616 | else |
2617 | ic->ic_flags &= ~IEEE80211_F_USEPROT; |
2618 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, |
2619 | "[%s] %sassoc success: %s preamble, %s slot time%s%s\n" , |
2620 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2), |
2621 | ISREASSOC(subtype) ? "re" : "" , |
2622 | ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long" , |
2623 | ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long" , |
2624 | ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" , |
2625 | ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "" |
2626 | ); |
2627 | ieee80211_new_state(ic, IEEE80211_S_RUN, subtype); |
2628 | break; |
2629 | } |
2630 | |
2631 | case IEEE80211_FC0_SUBTYPE_DEAUTH: { |
2632 | u_int16_t reason; |
2633 | |
2634 | if (ic->ic_state == IEEE80211_S_SCAN) { |
2635 | ic->ic_stats.is_rx_mgtdiscard++; |
2636 | return; |
2637 | } |
2638 | /* |
2639 | * deauth frame format |
2640 | * [2] reason |
2641 | */ |
2642 | IEEE80211_VERIFY_LENGTH(efrm - frm, 2); |
2643 | reason = le16toh(*(u_int16_t *)frm); |
2644 | __USE(reason); |
2645 | ic->ic_stats.is_rx_deauth++; |
2646 | IEEE80211_NODE_STAT(ni, rx_deauth); |
2647 | |
2648 | if (!IEEE80211_ADDR_EQ(wh->i_addr1, ic->ic_myaddr)) { |
2649 | /* Not intended for this station. */ |
2650 | ic->ic_stats.is_rx_mgtdiscard++; |
2651 | break; |
2652 | } |
2653 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_AUTH, |
2654 | "[%s] recv deauthenticate (reason %d)\n" , |
2655 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr), reason); |
2656 | switch (ic->ic_opmode) { |
2657 | case IEEE80211_M_STA: |
2658 | ieee80211_new_state(ic, IEEE80211_S_AUTH, |
2659 | wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); |
2660 | break; |
2661 | case IEEE80211_M_HOSTAP: |
2662 | #ifndef IEEE80211_NO_HOSTAP |
2663 | if (ni != ic->ic_bss) |
2664 | ieee80211_node_leave(ic, ni); |
2665 | #endif /* !IEEE80211_NO_HOSTAP */ |
2666 | break; |
2667 | default: |
2668 | ic->ic_stats.is_rx_mgtdiscard++; |
2669 | break; |
2670 | } |
2671 | break; |
2672 | } |
2673 | |
2674 | case IEEE80211_FC0_SUBTYPE_DISASSOC: { |
2675 | u_int16_t reason; |
2676 | |
2677 | if (ic->ic_state != IEEE80211_S_RUN && |
2678 | ic->ic_state != IEEE80211_S_ASSOC && |
2679 | ic->ic_state != IEEE80211_S_AUTH) { |
2680 | ic->ic_stats.is_rx_mgtdiscard++; |
2681 | return; |
2682 | } |
2683 | /* |
2684 | * disassoc frame format |
2685 | * [2] reason |
2686 | */ |
2687 | IEEE80211_VERIFY_LENGTH(efrm - frm, 2); |
2688 | reason = le16toh(*(u_int16_t *)frm); |
2689 | __USE(reason); |
2690 | ic->ic_stats.is_rx_disassoc++; |
2691 | IEEE80211_NODE_STAT(ni, rx_disassoc); |
2692 | |
2693 | if (!IEEE80211_ADDR_EQ(wh->i_addr1, ic->ic_myaddr)) { |
2694 | /* Not intended for this station. */ |
2695 | ic->ic_stats.is_rx_mgtdiscard++; |
2696 | break; |
2697 | } |
2698 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, |
2699 | "[%s] recv disassociate (reason %d)\n" , |
2700 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr), reason); |
2701 | switch (ic->ic_opmode) { |
2702 | case IEEE80211_M_STA: |
2703 | ieee80211_new_state(ic, IEEE80211_S_ASSOC, |
2704 | wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); |
2705 | break; |
2706 | case IEEE80211_M_HOSTAP: |
2707 | #ifndef IEEE80211_NO_HOSTAP |
2708 | if (ni != ic->ic_bss) |
2709 | ieee80211_node_leave(ic, ni); |
2710 | #endif /* !IEEE80211_NO_HOSTAP */ |
2711 | break; |
2712 | default: |
2713 | ic->ic_stats.is_rx_mgtdiscard++; |
2714 | break; |
2715 | } |
2716 | break; |
2717 | } |
2718 | default: |
2719 | IEEE80211_DISCARD(ic, IEEE80211_MSG_ANY, |
2720 | wh, "mgt" , "subtype 0x%x not handled" , subtype); |
2721 | ic->ic_stats.is_rx_badsubtype++; |
2722 | break; |
2723 | } |
2724 | #undef ISREASSOC |
2725 | #undef ISPROBE |
2726 | } |
2727 | #undef IEEE80211_VERIFY_LENGTH |
2728 | #undef IEEE80211_VERIFY_ELEMENT |
2729 | |
2730 | #ifndef IEEE80211_NO_HOSTAP |
2731 | /* |
2732 | * Handle station power-save state change. |
2733 | */ |
2734 | static void |
2735 | ieee80211_node_pwrsave(struct ieee80211_node *ni, int enable) |
2736 | { |
2737 | struct ieee80211com *ic = ni->ni_ic; |
2738 | struct mbuf *m; |
2739 | IEEE80211_DEBUGVAR(char ebuf[3 * ETHER_ADDR_LEN]); |
2740 | |
2741 | if (enable) { |
2742 | if ((ni->ni_flags & IEEE80211_NODE_PWR_MGT) == 0) |
2743 | ic->ic_ps_sta++; |
2744 | ni->ni_flags |= IEEE80211_NODE_PWR_MGT; |
2745 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, |
2746 | "[%s] power save mode on, %u sta's in ps mode\n" , |
2747 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr), |
2748 | ic->ic_ps_sta); |
2749 | return; |
2750 | } |
2751 | |
2752 | if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) |
2753 | ic->ic_ps_sta--; |
2754 | ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; |
2755 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, |
2756 | "[%s] power save mode off, %u sta's in ps mode\n" , |
2757 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr), ic->ic_ps_sta); |
2758 | /* XXX if no stations in ps mode, flush mc frames */ |
2759 | |
2760 | /* |
2761 | * Flush queued unicast frames. |
2762 | */ |
2763 | if (IEEE80211_NODE_SAVEQ_QLEN(ni) == 0) { |
2764 | if (ic->ic_set_tim != NULL) |
2765 | ic->ic_set_tim(ni, 0); /* just in case */ |
2766 | return; |
2767 | } |
2768 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, |
2769 | "[%s] flush ps queue, %u packets queued\n" , |
2770 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr), |
2771 | IEEE80211_NODE_SAVEQ_QLEN(ni)); |
2772 | for (;;) { |
2773 | int qlen; |
2774 | |
2775 | IEEE80211_NODE_SAVEQ_DEQUEUE(ni, m, qlen); |
2776 | if (m == NULL) |
2777 | break; |
2778 | /* |
2779 | * If this is the last packet, turn off the TIM bit. |
2780 | * If there are more packets, set the more packets bit |
2781 | * in the mbuf so ieee80211_encap will mark the 802.11 |
2782 | * head to indicate more data frames will follow. |
2783 | */ |
2784 | if (qlen != 0) |
2785 | m->m_flags |= M_MORE_DATA; |
2786 | /* XXX need different driver interface */ |
2787 | /* XXX bypasses q max */ |
2788 | IF_ENQUEUE(&ic->ic_ifp->if_snd, m); |
2789 | } |
2790 | if (ic->ic_set_tim != NULL) |
2791 | ic->ic_set_tim(ni, 0); |
2792 | } |
2793 | |
2794 | /* |
2795 | * Process a received ps-poll frame. |
2796 | */ |
2797 | static void |
2798 | ieee80211_recv_pspoll(struct ieee80211com *ic, |
2799 | struct ieee80211_node *ni, struct mbuf *m0) |
2800 | { |
2801 | struct ieee80211_frame_min *wh; |
2802 | struct mbuf *m; |
2803 | u_int16_t aid; |
2804 | int qlen; |
2805 | IEEE80211_DEBUGVAR(char ebuf[3 * ETHER_ADDR_LEN]); |
2806 | |
2807 | wh = mtod(m0, struct ieee80211_frame_min *); |
2808 | if (ni->ni_associd == 0) { |
2809 | IEEE80211_DISCARD(ic, IEEE80211_MSG_POWER | IEEE80211_MSG_DEBUG, |
2810 | (struct ieee80211_frame *) wh, "ps-poll" , |
2811 | "%s" , "unassociated station" ); |
2812 | ic->ic_stats.is_ps_unassoc++; |
2813 | IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, |
2814 | IEEE80211_REASON_NOT_ASSOCED); |
2815 | return; |
2816 | } |
2817 | |
2818 | aid = le16toh(*(u_int16_t *)wh->i_dur); |
2819 | if (aid != ni->ni_associd) { |
2820 | IEEE80211_DISCARD(ic, IEEE80211_MSG_POWER | IEEE80211_MSG_DEBUG, |
2821 | (struct ieee80211_frame *) wh, "ps-poll" , |
2822 | "aid mismatch: sta aid 0x%x poll aid 0x%x" , |
2823 | ni->ni_associd, aid); |
2824 | ic->ic_stats.is_ps_badaid++; |
2825 | IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, |
2826 | IEEE80211_REASON_NOT_ASSOCED); |
2827 | return; |
2828 | } |
2829 | |
2830 | /* Okay, take the first queued packet and put it out... */ |
2831 | IEEE80211_NODE_SAVEQ_DEQUEUE(ni, m, qlen); |
2832 | if (m == NULL) { |
2833 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, |
2834 | "[%s] recv ps-poll, but queue empty\n" , |
2835 | ether_snprintf(ebuf, sizeof(ebuf), wh->i_addr2)); |
2836 | ieee80211_send_nulldata(ieee80211_ref_node(ni)); |
2837 | ic->ic_stats.is_ps_qempty++; /* XXX node stat */ |
2838 | if (ic->ic_set_tim != NULL) |
2839 | ic->ic_set_tim(ni, 0); /* just in case */ |
2840 | return; |
2841 | } |
2842 | /* |
2843 | * If there are more packets, set the more packets bit |
2844 | * in the packet dispatched to the station; otherwise |
2845 | * turn off the TIM bit. |
2846 | */ |
2847 | if (qlen != 0) { |
2848 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, |
2849 | "[%s] recv ps-poll, send packet, %u still queued\n" , |
2850 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr), qlen); |
2851 | m->m_flags |= M_MORE_DATA; |
2852 | } else { |
2853 | IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, |
2854 | "[%s] recv ps-poll, send packet, queue empty\n" , |
2855 | ether_snprintf(ebuf, sizeof(ebuf), ni->ni_macaddr)); |
2856 | if (ic->ic_set_tim != NULL) |
2857 | ic->ic_set_tim(ni, 0); |
2858 | } |
2859 | m->m_flags |= M_PWR_SAV; /* bypass PS handling */ |
2860 | IF_ENQUEUE(&ic->ic_ifp->if_snd, m); |
2861 | } |
2862 | #endif /* !IEEE80211_NO_HOSTAP */ |
2863 | |
2864 | #ifdef IEEE80211_DEBUG |
2865 | /* |
2866 | * Debugging support. |
2867 | */ |
2868 | |
2869 | /* |
2870 | * Return the bssid of a frame. |
2871 | */ |
2872 | static const u_int8_t * |
2873 | ieee80211_getbssid(struct ieee80211com *ic, const struct ieee80211_frame *wh) |
2874 | { |
2875 | if (ic->ic_opmode == IEEE80211_M_STA) |
2876 | return wh->i_addr2; |
2877 | if ((wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) != IEEE80211_FC1_DIR_NODS) |
2878 | return wh->i_addr1; |
2879 | if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) |
2880 | return wh->i_addr1; |
2881 | return wh->i_addr3; |
2882 | } |
2883 | |
2884 | void |
2885 | ieee80211_note(struct ieee80211com *ic, const char *fmt, ...) |
2886 | { |
2887 | char buf[128]; /* XXX */ |
2888 | va_list ap; |
2889 | |
2890 | va_start(ap, fmt); |
2891 | vsnprintf(buf, sizeof(buf), fmt, ap); |
2892 | va_end(ap); |
2893 | |
2894 | if_printf(ic->ic_ifp, "%s" , buf); /* NB: no \n */ |
2895 | } |
2896 | |
2897 | void |
2898 | ieee80211_note_frame(struct ieee80211com *ic, |
2899 | const struct ieee80211_frame *wh, |
2900 | const char *fmt, ...) |
2901 | { |
2902 | char buf[128]; /* XXX */ |
2903 | va_list ap; |
2904 | char ebuf[3 * ETHER_ADDR_LEN]; |
2905 | |
2906 | va_start(ap, fmt); |
2907 | vsnprintf(buf, sizeof(buf), fmt, ap); |
2908 | va_end(ap); |
2909 | if_printf(ic->ic_ifp, "[%s] %s\n" , |
2910 | ether_snprintf(ebuf, sizeof(ebuf), |
2911 | ieee80211_getbssid(ic, wh)), buf); |
2912 | } |
2913 | |
2914 | void |
2915 | ieee80211_note_mac(struct ieee80211com *ic, |
2916 | const u_int8_t mac[IEEE80211_ADDR_LEN], |
2917 | const char *fmt, ...) |
2918 | { |
2919 | char buf[128]; /* XXX */ |
2920 | va_list ap; |
2921 | char ebuf[3 * ETHER_ADDR_LEN]; |
2922 | |
2923 | va_start(ap, fmt); |
2924 | vsnprintf(buf, sizeof(buf), fmt, ap); |
2925 | va_end(ap); |
2926 | if_printf(ic->ic_ifp, "[%s] %s\n" , ether_snprintf(ebuf, sizeof(ebuf), |
2927 | mac), buf); |
2928 | } |
2929 | |
2930 | static void |
2931 | ieee80211_discard_frame(struct ieee80211com *ic, |
2932 | const struct ieee80211_frame *wh, |
2933 | const char *type, const char *fmt, ...) |
2934 | { |
2935 | va_list ap; |
2936 | char ebuf[3 * ETHER_ADDR_LEN]; |
2937 | |
2938 | printf("[%s:%s] discard " , ic->ic_ifp->if_xname, |
2939 | ether_snprintf(ebuf, sizeof(ebuf), ieee80211_getbssid(ic, wh))); |
2940 | if (type != NULL) |
2941 | printf("%s frame, " , type); |
2942 | else |
2943 | printf("frame, " ); |
2944 | va_start(ap, fmt); |
2945 | vprintf(fmt, ap); |
2946 | va_end(ap); |
2947 | printf("\n" ); |
2948 | } |
2949 | |
2950 | static void |
2951 | ieee80211_discard_ie(struct ieee80211com *ic, |
2952 | const struct ieee80211_frame *wh, |
2953 | const char *type, const char *fmt, ...) |
2954 | { |
2955 | va_list ap; |
2956 | char ebuf[3 * ETHER_ADDR_LEN]; |
2957 | |
2958 | printf("[%s:%s] discard " , ic->ic_ifp->if_xname, |
2959 | ether_snprintf(ebuf, sizeof(ebuf), ieee80211_getbssid(ic, wh))); |
2960 | if (type != NULL) |
2961 | printf("%s information element, " , type); |
2962 | else |
2963 | printf("information element, " ); |
2964 | va_start(ap, fmt); |
2965 | vprintf(fmt, ap); |
2966 | va_end(ap); |
2967 | printf("\n" ); |
2968 | } |
2969 | |
2970 | static void |
2971 | ieee80211_discard_mac(struct ieee80211com *ic, |
2972 | const u_int8_t mac[IEEE80211_ADDR_LEN], |
2973 | const char *type, const char *fmt, ...) |
2974 | { |
2975 | va_list ap; |
2976 | char ebuf[3 * ETHER_ADDR_LEN]; |
2977 | |
2978 | printf("[%s:%s] discard " , ic->ic_ifp->if_xname, |
2979 | ether_snprintf(ebuf, sizeof(ebuf), mac)); |
2980 | if (type != NULL) |
2981 | printf("%s frame, " , type); |
2982 | else |
2983 | printf("frame, " ); |
2984 | va_start(ap, fmt); |
2985 | vprintf(fmt, ap); |
2986 | va_end(ap); |
2987 | printf("\n" ); |
2988 | } |
2989 | #endif /* IEEE80211_DEBUG */ |
2990 | |