1 /*-
2 * Copyright (c) 2009 Sam Leffler, Errno Consulting
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
28
29 /*
30 * IEEE 802.11 radiotap support.
31 */
32 #include "opt_wlan.h"
33
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/mbuf.h>
37 #include <sys/malloc.h>
38 #include <sys/endian.h>
39 #include <sys/kernel.h>
40
41 #include <sys/socket.h>
42
43 #include <net/bpf.h>
44 #include <net/if.h>
45 #include <net/if_var.h>
46 #include <net/if_media.h>
47 #include <net/ethernet.h>
48
49 #include <netproto/802_11/ieee80211_var.h>
50
51 #if defined(__DragonFly__)
52 #define bpf_mtap2(rawbpf, rh, len, m) \
53 { \
54 bpf_gettoken(); \
55 if (rawbpf) \
56 bpf_ptap(rawbpf, m, rh, len); \
57 bpf_reltoken(); \
58 }
59 #endif
60
61 static int radiotap_offset(struct ieee80211_radiotap_header *, int, int);
62
63 void
ieee80211_radiotap_attach(struct ieee80211com * ic,struct ieee80211_radiotap_header * th,int tlen,uint32_t tx_radiotap,struct ieee80211_radiotap_header * rh,int rlen,uint32_t rx_radiotap)64 ieee80211_radiotap_attach(struct ieee80211com *ic,
65 struct ieee80211_radiotap_header *th, int tlen, uint32_t tx_radiotap,
66 struct ieee80211_radiotap_header *rh, int rlen, uint32_t rx_radiotap)
67 {
68 ieee80211_radiotap_attachv(ic, th, tlen, 0, tx_radiotap,
69 rh, rlen, 0, rx_radiotap);
70 }
71
72 void
ieee80211_radiotap_attachv(struct ieee80211com * ic,struct ieee80211_radiotap_header * th,int tlen,int n_tx_v,uint32_t tx_radiotap,struct ieee80211_radiotap_header * rh,int rlen,int n_rx_v,uint32_t rx_radiotap)73 ieee80211_radiotap_attachv(struct ieee80211com *ic,
74 struct ieee80211_radiotap_header *th,
75 int tlen, int n_tx_v, uint32_t tx_radiotap,
76 struct ieee80211_radiotap_header *rh,
77 int rlen, int n_rx_v, uint32_t rx_radiotap)
78 {
79 #define B(_v) (1<<(_v))
80 int off;
81
82 th->it_len = htole16(roundup2(tlen, sizeof(uint32_t)));
83 th->it_present = htole32(tx_radiotap);
84 ic->ic_th = th;
85 /* calculate offset to channel data */
86 off = -1;
87 if (tx_radiotap & B(IEEE80211_RADIOTAP_CHANNEL))
88 off = radiotap_offset(th, n_tx_v, IEEE80211_RADIOTAP_CHANNEL);
89 else if (tx_radiotap & B(IEEE80211_RADIOTAP_XCHANNEL))
90 off = radiotap_offset(th, n_tx_v, IEEE80211_RADIOTAP_XCHANNEL);
91 if (off == -1) {
92 ic_printf(ic, "%s: no tx channel, radiotap 0x%x\n", __func__,
93 tx_radiotap);
94 /* NB: we handle this case but data will have no chan spec */
95 } else
96 ic->ic_txchan = ((uint8_t *) th) + off;
97
98 rh->it_len = htole16(roundup2(rlen, sizeof(uint32_t)));
99 rh->it_present = htole32(rx_radiotap);
100 ic->ic_rh = rh;
101 /* calculate offset to channel data */
102 off = -1;
103 if (rx_radiotap & B(IEEE80211_RADIOTAP_CHANNEL))
104 off = radiotap_offset(rh, n_rx_v, IEEE80211_RADIOTAP_CHANNEL);
105 else if (rx_radiotap & B(IEEE80211_RADIOTAP_XCHANNEL))
106 off = radiotap_offset(rh, n_rx_v, IEEE80211_RADIOTAP_XCHANNEL);
107 if (off == -1) {
108 ic_printf(ic, "%s: no rx channel, radiotap 0x%x\n", __func__,
109 rx_radiotap);
110 /* NB: we handle this case but data will have no chan spec */
111 } else
112 ic->ic_rxchan = ((uint8_t *) rh) + off;
113 #undef B
114 }
115
116 void
ieee80211_radiotap_detach(struct ieee80211com * ic)117 ieee80211_radiotap_detach(struct ieee80211com *ic)
118 {
119 }
120
121 void
ieee80211_radiotap_vattach(struct ieee80211vap * vap)122 ieee80211_radiotap_vattach(struct ieee80211vap *vap)
123 {
124 struct ieee80211com *ic = vap->iv_ic;
125 struct ieee80211_radiotap_header *th = ic->ic_th;
126
127 if (th != NULL && ic->ic_rh != NULL) {
128 #if defined(__DragonFly__)
129 bpfattach_dlt(vap->iv_ifp, DLT_IEEE802_11_RADIO,
130 sizeof(struct ieee80211_frame) +
131 le16toh(th->it_len),
132 &vap->iv_rawbpf);
133 #else
134 /* radiotap DLT for raw 802.11 frames */
135 bpfattach2(vap->iv_ifp, DLT_IEEE802_11_RADIO,
136 sizeof(struct ieee80211_frame) + le16toh(th->it_len),
137 &vap->iv_rawbpf);
138 #endif
139 }
140 }
141
142 void
ieee80211_radiotap_vdetach(struct ieee80211vap * vap)143 ieee80211_radiotap_vdetach(struct ieee80211vap *vap)
144 {
145 /* NB: bpfattach is called by ether_ifdetach and claims all taps */
146 }
147
148 static void
set_channel(void * p,const struct ieee80211_channel * c)149 set_channel(void *p, const struct ieee80211_channel *c)
150 {
151 struct {
152 uint16_t freq;
153 uint16_t flags;
154 } *rc = p;
155
156 rc->freq = htole16(c->ic_freq);
157 rc->flags = htole16(c->ic_flags);
158 }
159
160 static void
set_xchannel(void * p,const struct ieee80211_channel * c)161 set_xchannel(void *p, const struct ieee80211_channel *c)
162 {
163 struct {
164 uint32_t flags;
165 uint16_t freq;
166 uint8_t ieee;
167 uint8_t maxpow;
168 } *rc = p;
169
170 rc->flags = htole32(c->ic_flags);
171 rc->freq = htole16(c->ic_freq);
172 rc->ieee = c->ic_ieee;
173 rc->maxpow = c->ic_maxregpower;
174 }
175
176 /*
177 * Update radiotap state on channel change.
178 */
179 void
ieee80211_radiotap_chan_change(struct ieee80211com * ic)180 ieee80211_radiotap_chan_change(struct ieee80211com *ic)
181 {
182 if (ic->ic_rxchan != NULL) {
183 struct ieee80211_radiotap_header *rh = ic->ic_rh;
184
185 if (rh->it_present & htole32(1<<IEEE80211_RADIOTAP_XCHANNEL))
186 set_xchannel(ic->ic_rxchan, ic->ic_curchan);
187 else if (rh->it_present & htole32(1<<IEEE80211_RADIOTAP_CHANNEL))
188 set_channel(ic->ic_rxchan, ic->ic_curchan);
189 }
190 if (ic->ic_txchan != NULL) {
191 struct ieee80211_radiotap_header *th = ic->ic_th;
192
193 if (th->it_present & htole32(1<<IEEE80211_RADIOTAP_XCHANNEL))
194 set_xchannel(ic->ic_txchan, ic->ic_curchan);
195 else if (th->it_present & htole32(1<<IEEE80211_RADIOTAP_CHANNEL))
196 set_channel(ic->ic_txchan, ic->ic_curchan);
197 }
198 }
199
200 /*
201 * Distribute radiotap data (+packet) to all monitor mode
202 * vaps with an active tap other than vap0.
203 */
204 static void
spam_vaps(struct ieee80211vap * vap0,struct mbuf * m,struct ieee80211_radiotap_header * rh,int len)205 spam_vaps(struct ieee80211vap *vap0, struct mbuf *m,
206 struct ieee80211_radiotap_header *rh, int len)
207 {
208 struct ieee80211com *ic = vap0->iv_ic;
209 struct ieee80211vap *vap;
210
211 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
212 if (vap != vap0 &&
213 vap->iv_opmode == IEEE80211_M_MONITOR &&
214 (vap->iv_flags_ext & IEEE80211_FEXT_BPF) &&
215 vap->iv_state != IEEE80211_S_INIT)
216 bpf_mtap2(vap->iv_rawbpf, rh, len, m);
217 }
218 }
219
220 /*
221 * Dispatch radiotap data for transmitted packet.
222 */
223 void
ieee80211_radiotap_tx(struct ieee80211vap * vap0,struct mbuf * m)224 ieee80211_radiotap_tx(struct ieee80211vap *vap0, struct mbuf *m)
225 {
226 struct ieee80211com *ic = vap0->iv_ic;
227 struct ieee80211_radiotap_header *th = ic->ic_th;
228 int len;
229
230 KASSERT(th != NULL, ("no tx radiotap header"));
231 len = le16toh(th->it_len);
232
233 if (vap0->iv_flags_ext & IEEE80211_FEXT_BPF)
234 bpf_mtap2(vap0->iv_rawbpf, th, len, m);
235 /*
236 * Spam monitor mode vaps.
237 */
238 if (ic->ic_montaps != 0)
239 spam_vaps(vap0, m, th, len);
240 }
241
242 /*
243 * Dispatch radiotap data for received packet.
244 */
245 void
ieee80211_radiotap_rx(struct ieee80211vap * vap0,struct mbuf * m)246 ieee80211_radiotap_rx(struct ieee80211vap *vap0, struct mbuf *m)
247 {
248 struct ieee80211com *ic = vap0->iv_ic;
249 struct ieee80211_radiotap_header *rh = ic->ic_rh;
250 int len;
251
252 KASSERT(rh != NULL, ("no rx radiotap header"));
253 len = le16toh(rh->it_len);
254
255 if (vap0->iv_flags_ext & IEEE80211_FEXT_BPF)
256 bpf_mtap2(vap0->iv_rawbpf, rh, len, m);
257 /*
258 * Spam monitor mode vaps with unicast frames. Multicast
259 * frames are handled by passing through ieee80211_input_all
260 * which distributes copies to the monitor mode vaps.
261 */
262 if (ic->ic_montaps != 0 && (m->m_flags & M_BCAST) == 0)
263 spam_vaps(vap0, m, rh, len);
264 }
265
266 /*
267 * Dispatch radiotap data for a packet received outside the normal
268 * rx processing path; this is used, for example, to handle frames
269 * received with errors that would otherwise be dropped.
270 */
271 void
ieee80211_radiotap_rx_all(struct ieee80211com * ic,struct mbuf * m)272 ieee80211_radiotap_rx_all(struct ieee80211com *ic, struct mbuf *m)
273 {
274 struct ieee80211_radiotap_header *rh = ic->ic_rh;
275 int len = le16toh(rh->it_len);
276 struct ieee80211vap *vap;
277
278 /* XXX locking? */
279 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
280 if (ieee80211_radiotap_active_vap(vap) &&
281 vap->iv_state != IEEE80211_S_INIT)
282 bpf_mtap2(vap->iv_rawbpf, rh, len, m);
283 }
284 }
285
286 /*
287 * Return the offset of the specified item in the radiotap
288 * header description. If the item is not present or is not
289 * known -1 is returned.
290 */
291 static int
radiotap_offset(struct ieee80211_radiotap_header * rh,int n_vendor_attributes,int item)292 radiotap_offset(struct ieee80211_radiotap_header *rh,
293 int n_vendor_attributes, int item)
294 {
295 static const struct {
296 size_t align, width;
297 } items[] = {
298 [IEEE80211_RADIOTAP_TSFT] = {
299 .align = sizeof(uint64_t),
300 .width = sizeof(uint64_t),
301 },
302 [IEEE80211_RADIOTAP_FLAGS] = {
303 .align = sizeof(uint8_t),
304 .width = sizeof(uint8_t),
305 },
306 [IEEE80211_RADIOTAP_RATE] = {
307 .align = sizeof(uint8_t),
308 .width = sizeof(uint8_t),
309 },
310 [IEEE80211_RADIOTAP_CHANNEL] = {
311 .align = sizeof(uint16_t),
312 .width = 2*sizeof(uint16_t),
313 },
314 [IEEE80211_RADIOTAP_FHSS] = {
315 .align = sizeof(uint16_t),
316 .width = sizeof(uint16_t),
317 },
318 [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = {
319 .align = sizeof(uint8_t),
320 .width = sizeof(uint8_t),
321 },
322 [IEEE80211_RADIOTAP_DBM_ANTNOISE] = {
323 .align = sizeof(uint8_t),
324 .width = sizeof(uint8_t),
325 },
326 [IEEE80211_RADIOTAP_LOCK_QUALITY] = {
327 .align = sizeof(uint16_t),
328 .width = sizeof(uint16_t),
329 },
330 [IEEE80211_RADIOTAP_TX_ATTENUATION] = {
331 .align = sizeof(uint16_t),
332 .width = sizeof(uint16_t),
333 },
334 [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = {
335 .align = sizeof(uint16_t),
336 .width = sizeof(uint16_t),
337 },
338 [IEEE80211_RADIOTAP_DBM_TX_POWER] = {
339 .align = sizeof(uint8_t),
340 .width = sizeof(uint8_t),
341 },
342 [IEEE80211_RADIOTAP_ANTENNA] = {
343 .align = sizeof(uint8_t),
344 .width = sizeof(uint8_t),
345 },
346 [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = {
347 .align = sizeof(uint8_t),
348 .width = sizeof(uint8_t),
349 },
350 [IEEE80211_RADIOTAP_DB_ANTNOISE] = {
351 .align = sizeof(uint8_t),
352 .width = sizeof(uint8_t),
353 },
354 [IEEE80211_RADIOTAP_XCHANNEL] = {
355 .align = sizeof(uint32_t),
356 .width = 2*sizeof(uint32_t),
357 },
358 [IEEE80211_RADIOTAP_MCS] = {
359 .align = sizeof(uint8_t),
360 .width = 3*sizeof(uint8_t),
361 },
362 };
363 uint32_t present = le32toh(rh->it_present);
364 int off, i;
365
366 off = sizeof(struct ieee80211_radiotap_header);
367 off += n_vendor_attributes * (sizeof(uint32_t));
368
369 for (i = 0; i < IEEE80211_RADIOTAP_EXT; i++) {
370 if ((present & (1<<i)) == 0)
371 continue;
372 if (items[i].align == 0) {
373 /* NB: unidentified element, don't guess */
374 kprintf("%s: unknown item %d\n", __func__, i);
375 return -1;
376 }
377 off = roundup2(off, items[i].align);
378 if (i == item) {
379 if (off + items[i].width > le16toh(rh->it_len)) {
380 /* NB: item does not fit in header data */
381 kprintf("%s: item %d not in header data, "
382 "off %d width %zu len %d\n", __func__, i,
383 off, items[i].width, le16toh(rh->it_len));
384 return -1;
385 }
386 return off;
387 }
388 off += items[i].width;
389 }
390 return -1;
391 }
392