1 #ifndef _GPXE_IEEE80211_H
2 #define _GPXE_IEEE80211_H
4 #include <gpxe/if_ether.h> /* for ETH_ALEN */
7 * Constants and data structures defined in IEEE 802.11, subsetted
8 * according to what gPXE knows how to use.
11 FILE_LICENCE(GPL2_OR_LATER
);
13 /* ---------- Maximum lengths of things ---------- */
16 * @defgroup ieee80211_maxlen Maximum lengths in the 802.11 protocol
20 /** Maximum length of frame payload
22 * This does not include cryptographic overhead, which can be up to 20
23 * bytes, but it DOES include the 802.2 LLC/SNAP headers that are used
24 * on data frames (but not management frames).
26 #define IEEE80211_MAX_DATA_LEN 2304
28 /** Length of LLC/SNAP headers on data frames */
29 #define IEEE80211_LLC_HEADER_LEN 8
31 /** Maximum cryptographic overhead before encrypted data */
32 #define IEEE80211_MAX_CRYPTO_HEADER 8
34 /** Maximum cryptographic overhead after encrypted data
36 * This does not count the MIC in TKIP frames, since that is
37 * considered to be part of the MSDU and thus contributes to the size
40 * It @e does count the MIC in CCMP frames, which is considered part
41 * of the MPDU (outside the data field).
43 #define IEEE80211_MAX_CRYPTO_TRAILER 8
45 /** Total maximum cryptographic overhead */
46 #define IEEE80211_MAX_CRYPTO_OVERHEAD 16
48 /** Bytes of network-layer data that can go into a regular data frame */
49 #define IEEE80211_MAX_FRAME_DATA 2296
51 /** Frame header length for frames we might work with
53 * QoS adds a two-byte field on top of this, and APs communicating
54 * with each other in Wireless Distribution System (WDS) mode add an
55 * extra 6-byte MAC address field, but we do not work with such
58 #define IEEE80211_TYP_FRAME_HEADER_LEN 24
60 /** Theoretical maximum frame header length
62 * This includes the QoS and WDS Addr4 fields that we should never
65 #define IEEE80211_MAX_FRAME_HEADER_LEN 32
67 /** Maximum combined frame length
69 * The biggest frame will include 32 frame header bytes, 16 bytes of
70 * crypto overhead, and 2304 data bytes.
72 #define IEEE80211_MAX_FRAME_LEN 2352
74 /** Maximum length of an ESSID */
75 #define IEEE80211_MAX_SSID_LEN 32
80 /* ---------- Frame Control defines ---------- */
83 * @defgroup ieee80211_fc 802.11 Frame Control field bits
87 /** 802.11 Frame Control field, Version bitmask */
88 #define IEEE80211_FC_VERSION 0x0003
90 /** Expected value of Version bits in Frame Control */
91 #define IEEE80211_THIS_VERSION 0x0000
94 /** 802.11 Frame Control field, Frame Type bitmask */
95 #define IEEE80211_FC_TYPE 0x000C
97 /** Type value for management (layer-2) frames */
98 #define IEEE80211_TYPE_MGMT 0x0000
100 /** Type value for control (layer-1, hardware-managed) frames */
101 #define IEEE80211_TYPE_CTRL 0x0004
103 /** Type value for data frames */
104 #define IEEE80211_TYPE_DATA 0x0008
107 /** 802.11 Frame Control field, Frame Subtype bitmask */
108 #define IEEE80211_FC_SUBTYPE 0x00F0
110 /** Subtype value for association-request management frames
112 * Association request frames are sent after authentication from the
113 * client to the Access Point to establish the client as part of the
114 * Access Point's network.
116 #define IEEE80211_STYPE_ASSOC_REQ 0x0000
118 /** Subtype value for association-response management frames
120 * Association response frames are sent by the Access Point to confirm
121 * or deny the association requested in an association request frame.
123 #define IEEE80211_STYPE_ASSOC_RESP 0x0010
125 /** Subtype value for reassociation-request management frames
127 * Reassociation request frames are sent by clients wishing to change
128 * from one Access Point to another while roaming within the same
129 * extended network (same ESSID).
131 #define IEEE80211_STYPE_REASSOC_REQ 0x0020
133 /** Subtype value for reassociation-response management frames
135 * Reassociation response frames are sent by the Access Point to
136 * confirm or deny the swap requested in a reassociation request
139 #define IEEE80211_STYPE_REASSOC_RESP 0x0030
141 /** Subtype value for probe-request management frames
143 * Probe request frames are sent by clients to request that all Access
144 * Points on the sending channel, or all belonging to a particular
145 * ESSID, identify themselves by BSSID, supported transfer rates, RF
146 * configuration, and other capabilities.
148 #define IEEE80211_STYPE_PROBE_REQ 0x0040
150 /** Subtype value for probe-response management frames
152 * Probe response frames are sent by Access Points in response to
153 * probe request frames, providing the requested information.
155 #define IEEE80211_STYPE_PROBE_RESP 0x0050
157 /** Subtype value for beacon management frames
159 * Beacon frames are sent by Access Points at regular intervals,
160 * usually ten per second, on the channel on which they communicate.
161 * They can be used to probe passively for access points on a channel
162 * where local regulatory restrictions prohibit active scanning, or
163 * due to their regularity as a mechanism to determine the fraction of
164 * packets that are being dropped.
166 #define IEEE80211_STYPE_BEACON 0x0080
168 /** Subtype value for disassociation management frames
170 * Disassociation frames are sent by either a client or an Access
171 * Point to unequivocally terminate the association between the two.
172 * They may be sent by clients upon leaving the network, or by an
173 * Access Point upon reconfiguration, among other reasons; they are
174 * usually more "polite" than deauthentication frames.
176 #define IEEE80211_STYPE_DISASSOC 0x00A0
178 /** Subtype value for authentication management frames
180 * Authentication frames are exchanged between a client and an Access
181 * Point before association may be performed. Confusingly, in the most
182 * common authentication method (Open System) no security tokens are
183 * exchanged at all. Modern 802.11 security handshaking takes place
186 #define IEEE80211_STYPE_AUTH 0x00B0
188 /** Subtype value for deauthentication management frames
190 * Deauthentication frames are sent by either a client or an Access
191 * Point to terminate the authentication (and therefore also the
192 * association) between the two. They are generally more forceful than
193 * disassociation frames, sent for such reasons as a failure to
194 * set up security properly after associating.
196 #define IEEE80211_STYPE_DEAUTH 0x00C0
198 /** Subtype value for action management frames
200 * Action frames are used to implement spectrum management and QoS
201 * features that gPXE currently does not support.
203 #define IEEE80211_STYPE_ACTION 0x00D0
206 /** Subtype value for RTS (request to send) control frames */
207 #define IEEE80211_STYPE_RTS 0x00B0
209 /** Subtype value for CTS (clear to send) control frames */
210 #define IEEE80211_STYPE_CTS 0x00C0
212 /** Subtype value for ACK (acknowledgement) control frames */
213 #define IEEE80211_STYPE_ACK 0x00D0
216 /** Subtype value for ordinary data frames, with no QoS or CF add-ons */
217 #define IEEE80211_STYPE_DATA 0x0000
219 /** Subtype value for data frames containing no data */
220 #define IEEE80211_STYPE_NODATA 0x0040
223 /** 802.11 Frame Control field: To Data System flag
225 * This is set on data frames sent to an Access Point.
227 #define IEEE80211_FC_TODS 0x0100
229 /** 802.11 Frame Control field: From Data System flag
231 * This is set on data frames sent from an Access Point. If both TODS
232 * and FROMDS are set, the frame header is a 4-address format used for
233 * inter-Access Point communication.
235 #define IEEE80211_FC_FROMDS 0x0200
237 /** 802.11 Frame Control field: More Fragments flag */
238 #define IEEE80211_FC_MORE_FRAG 0x0400
240 /** 802.11 Frame Control field: Retransmission flag */
241 #define IEEE80211_FC_RETRY 0x0800
243 /** 802.11 Frame Control field: Power Managed flag
245 * This is set on any frame sent by a low-power station that will go
246 * into a power-saving mode immediately after this frame. Access
247 * Points are not allowed to act as low-power stations.
249 #define IEEE80211_FC_PWR_MGMT 0x1000
251 /** 802.11 Frame Control field: More Data flag
253 * This is set on any frame sent by a station that has more data
254 * queued to be sent than is in the frame.
256 #define IEEE80211_FC_MORE_DATA 0x2000
258 /** 802.11 Frame Control field: Protected flag
260 * This is set on frames in which data is encrypted (by any method).
262 #define IEEE80211_FC_PROTECTED 0x4000
264 /** 802.11 Frame Control field: Ordered flag [?] */
265 #define IEEE80211_FC_ORDER 0x8000
270 /* ---------- Sequence Control defines ---------- */
273 * @defgroup ieee80211_seq 802.11 Sequence Control field handling
277 /** Extract sequence number from 802.11 Sequence Control field */
278 #define IEEE80211_SEQNR( seq ) ( ( seq ) >> 4 )
280 /** Extract fragment number from 802.11 Sequence Control field */
281 #define IEEE80211_FRAG( seq ) ( ( seq ) & 0x000F )
283 /** Make 802.11 Sequence Control field from sequence and fragment numbers */
284 #define IEEE80211_MAKESEQ( seqnr, frag ) \
285 ( ( ( ( seqnr ) & 0xFFF ) << 4 ) | ( ( frag ) & 0xF ) )
290 /* ---------- Frame header formats ---------- */
293 * @defgroup ieee80211_hdr 802.11 frame header formats
297 /** An 802.11 data or management frame without QoS or WDS header fields */
298 struct ieee80211_frame
300 u16 fc
; /**< 802.11 Frame Control field */
301 u16 duration
; /**< Microseconds to reserve link */
302 u8 addr1
[ETH_ALEN
]; /**< Address 1 (immediate receiver) */
303 u8 addr2
[ETH_ALEN
]; /**< Address 2 (immediate sender) */
304 u8 addr3
[ETH_ALEN
]; /**< Address 3 (often "forward to") */
305 u16 seq
; /**< 802.11 Sequence Control field */
306 u8 data
[0]; /**< Beginning of frame data */
307 } __attribute__((packed
));
309 /** The 802.2 LLC/SNAP header sent before actual data in a data frame
311 * This header is not acknowledged in the 802.11 standard at all; it
312 * is treated just like data for MAC-layer purposes, including
313 * fragmentation and encryption. It is actually two headers
314 * concatenated: a three-byte 802.2 LLC header indicating Subnetwork
315 * Accesss Protocol (SNAP) in both source and destination Service
316 * Access Point (SAP) fields, and a five-byte SNAP header indicating a
317 * zero OUI and two-byte Ethernet protocol type field.
319 * Thus, an eight-byte header in which six of the bytes are redundant.
322 struct ieee80211_llc_snap_header
325 u8 dsap
; /**< Destination SAP ID */
326 u8 ssap
; /**< Source SAP ID */
327 u8 ctrl
; /**< Control information */
330 u8 oui
[3]; /**< Organization code, usually 0 */
331 u16 ethertype
; /**< Ethernet Type field */
332 } __attribute__((packed
));
334 /** Value for DSAP field in 802.2 LLC header for 802.11 frames: SNAP */
335 #define IEEE80211_LLC_DSAP 0xAA
337 /** Value for SSAP field in 802.2 LLC header for 802.11 frames: SNAP */
338 #define IEEE80211_LLC_SSAP 0xAA
340 /** Value for control field in 802.2 LLC header for 802.11 frames
342 * "Unnumbered Information".
344 #define IEEE80211_LLC_CTRL 0x03
347 /** 16-byte RTS frame format, with abbreviated header */
350 u16 fc
; /**< 802.11 Frame Control field */
351 u16 duration
; /**< Microseconds to reserve link */
352 u8 addr1
[ETH_ALEN
]; /**< Address 1 (immediate receiver) */
353 u8 addr2
[ETH_ALEN
]; /**< Address 2 (immediate sender) */
354 } __attribute__((packed
));
356 /** Length of 802.11 RTS control frame */
357 #define IEEE80211_RTS_LEN 16
359 /** 10-byte CTS or ACK frame format, with abbreviated header */
360 struct ieee80211_cts_or_ack
362 u16 fc
; /**< 802.11 Frame Control field */
363 u16 duration
; /**< Microseconds to reserve link */
364 u8 addr1
[ETH_ALEN
]; /**< Address 1 (immediate receiver) */
365 } __attribute__((packed
));
367 #define ieee80211_cts ieee80211_cts_or_ack
368 #define ieee80211_ack ieee80211_cts_or_ack
370 /** Length of 802.11 CTS control frame */
371 #define IEEE80211_CTS_LEN 10
373 /** Length of 802.11 ACK control frame */
374 #define IEEE80211_ACK_LEN 10
379 /* ---------- Capability bits, status and reason codes ---------- */
382 * @defgroup ieee80211_capab 802.11 management frame capability field bits
386 /** Set if using an Access Point (managed mode) */
387 #define IEEE80211_CAPAB_MANAGED 0x0001
389 /** Set if operating in IBSS (no-AP, "Ad-Hoc") mode */
390 #define IEEE80211_CAPAB_ADHOC 0x0002
392 /** Set if we support Contention-Free Period operation */
393 #define IEEE80211_CAPAB_CFPOLL 0x0004
395 /** Set if we wish to be polled for Contention-Free operation */
396 #define IEEE80211_CAPAB_CFPR 0x0008
398 /** Set if the network is encrypted (by any method) */
399 #define IEEE80211_CAPAB_PRIVACY 0x0010
401 /** Set if PHY supports short preambles on 802.11b */
402 #define IEEE80211_CAPAB_SHORT_PMBL 0x0020
404 /** Set if PHY supports PBCC modulation */
405 #define IEEE80211_CAPAB_PBCC 0x0040
407 /** Set if we support Channel Agility */
408 #define IEEE80211_CAPAB_CHAN_AGILITY 0x0080
410 /** Set if we support spectrum management (DFS and TPC) on the 5GHz band */
411 #define IEEE80211_CAPAB_SPECTRUM_MGMT 0x0100
413 /** Set if we support Quality of Service enhancements */
414 #define IEEE80211_CAPAB_QOS 0x0200
416 /** Set if PHY supports short slot time on 802.11g */
417 #define IEEE80211_CAPAB_SHORT_SLOT 0x0400
419 /** Set if PHY supports APSD option */
420 #define IEEE80211_CAPAB_APSD 0x0800
422 /** Set if PHY supports DSSS/OFDM modulation (one way of 802.11 b/g mixing) */
423 #define IEEE80211_CAPAB_DSSS_OFDM 0x2000
425 /** Set if we support delayed block ACK */
426 #define IEEE80211_CAPAB_DELAYED_BACK 0x4000
428 /** Set if we support immediate block ACK */
429 #define IEEE80211_CAPAB_IMMED_BACK 0x8000
435 * @defgroup ieee80211_status 802.11 status codes
437 * These are returned to indicate an immediate denial of
438 * authentication or association. In gPXE, the lower 5 bits of the
439 * status code are encoded into the file-unique portion of an error
440 * code, the ERRFILE portion is always @c ERRFILE_net80211, and the
441 * POSIX error code is @c ECONNREFUSED for status 0-31 or @c
442 * EHOSTUNREACH for status 32-63.
444 * For a complete table with non-abbreviated error messages, see IEEE
445 * Std 802.11-2007, Table 7-23, p.94.
450 #define IEEE80211_STATUS_SUCCESS 0
451 #define IEEE80211_STATUS_FAILURE 1
452 #define IEEE80211_STATUS_CAPAB_UNSUPP 10
453 #define IEEE80211_STATUS_REASSOC_INVALID 11
454 #define IEEE80211_STATUS_ASSOC_DENIED 12
455 #define IEEE80211_STATUS_AUTH_ALGO_UNSUPP 13
456 #define IEEE80211_STATUS_AUTH_SEQ_INVALID 14
457 #define IEEE80211_STATUS_AUTH_CHALL_INVALID 15
458 #define IEEE80211_STATUS_AUTH_TIMEOUT 16
459 #define IEEE80211_STATUS_ASSOC_NO_ROOM 17
460 #define IEEE80211_STATUS_ASSOC_NEED_RATE 18
461 #define IEEE80211_STATUS_ASSOC_NEED_SHORT_PMBL 19
462 #define IEEE80211_STATUS_ASSOC_NEED_PBCC 20
463 #define IEEE80211_STATUS_ASSOC_NEED_CHAN_AGILITY 21
464 #define IEEE80211_STATUS_ASSOC_NEED_SPECTRUM_MGMT 22
465 #define IEEE80211_STATUS_ASSOC_BAD_POWER 23
466 #define IEEE80211_STATUS_ASSOC_BAD_CHANNELS 24
467 #define IEEE80211_STATUS_ASSOC_NEED_SHORT_SLOT 25
468 #define IEEE80211_STATUS_ASSOC_NEED_DSSS_OFDM 26
469 #define IEEE80211_STATUS_QOS_FAILURE 32
470 #define IEEE80211_STATUS_QOS_NO_ROOM 33
471 #define IEEE80211_STATUS_LINK_IS_HORRIBLE 34
472 #define IEEE80211_STATUS_ASSOC_NEED_QOS 35
473 #define IEEE80211_STATUS_REQUEST_DECLINED 37
474 #define IEEE80211_STATUS_REQUEST_INVALID 38
475 #define IEEE80211_STATUS_TS_NOT_CREATED_AGAIN 39
476 #define IEEE80211_STATUS_INVALID_IE 40
477 #define IEEE80211_STATUS_GROUP_CIPHER_INVALID 41
478 #define IEEE80211_STATUS_PAIR_CIPHER_INVALID 42
479 #define IEEE80211_STATUS_AKMP_INVALID 43
480 #define IEEE80211_STATUS_RSN_VERSION_UNSUPP 44
481 #define IEEE80211_STATUS_RSN_CAPAB_INVALID 45
482 #define IEEE80211_STATUS_CIPHER_REJECTED 46
483 #define IEEE80211_STATUS_TS_NOT_CREATED_WAIT 47
484 #define IEEE80211_STATUS_DIRECT_LINK_FORBIDDEN 48
485 #define IEEE80211_STATUS_DEST_NOT_PRESENT 49
486 #define IEEE80211_STATUS_DEST_NOT_QOS 50
487 #define IEEE80211_STATUS_ASSOC_LISTEN_TOO_HIGH 51
494 * @defgroup ieee80211_reason 802.11 reason codes
496 * These are returned to indicate the reason for a deauthentication or
497 * disassociation sent (usually) after authentication or association
498 * had succeeded. In gPXE, the lower 5 bits of the reason code are
499 * encoded into the file-unique portion of an error code, the ERRFILE
500 * portion is always @c ERRFILE_net80211, and the POSIX error code is
501 * @c ECONNRESET for reason 0-31 or @c ENETRESET for reason 32-63.
503 * For a complete table with non-abbreviated error messages, see IEEE
504 * Std 802.11-2007, Table 7-22, p.92.
509 #define IEEE80211_REASON_NONE 0
510 #define IEEE80211_REASON_UNSPECIFIED 1
511 #define IEEE80211_REASON_AUTH_NO_LONGER_VALID 2
512 #define IEEE80211_REASON_LEAVING 3
513 #define IEEE80211_REASON_INACTIVITY 4
514 #define IEEE80211_REASON_OUT_OF_RESOURCES 5
515 #define IEEE80211_REASON_NEED_AUTH 6
516 #define IEEE80211_REASON_NEED_ASSOC 7
517 #define IEEE80211_REASON_LEAVING_TO_ROAM 8
518 #define IEEE80211_REASON_REASSOC_INVALID 9
519 #define IEEE80211_REASON_BAD_POWER 10
520 #define IEEE80211_REASON_BAD_CHANNELS 11
521 #define IEEE80211_REASON_INVALID_IE 13
522 #define IEEE80211_REASON_MIC_FAILURE 14
523 #define IEEE80211_REASON_4WAY_TIMEOUT 15
524 #define IEEE80211_REASON_GROUPKEY_TIMEOUT 16
525 #define IEEE80211_REASON_4WAY_INVALID 17
526 #define IEEE80211_REASON_GROUP_CIPHER_INVALID 18
527 #define IEEE80211_REASON_PAIR_CIPHER_INVALID 19
528 #define IEEE80211_REASON_AKMP_INVALID 20
529 #define IEEE80211_REASON_RSN_VERSION_INVALID 21
530 #define IEEE80211_REASON_RSN_CAPAB_INVALID 22
531 #define IEEE80211_REASON_8021X_FAILURE 23
532 #define IEEE80211_REASON_CIPHER_REJECTED 24
533 #define IEEE80211_REASON_QOS_UNSPECIFIED 32
534 #define IEEE80211_REASON_QOS_OUT_OF_RESOURCES 33
535 #define IEEE80211_REASON_LINK_IS_HORRIBLE 34
536 #define IEEE80211_REASON_INVALID_TXOP 35
537 #define IEEE80211_REASON_REQUESTED_LEAVING 36
538 #define IEEE80211_REASON_REQUESTED_NO_USE 37
539 #define IEEE80211_REASON_REQUESTED_NEED_SETUP 38
540 #define IEEE80211_REASON_REQUESTED_TIMEOUT 39
541 #define IEEE80211_REASON_CIPHER_UNSUPPORTED 45
545 /* ---------- Information element declarations ---------- */
548 * @defgroup ieee80211_ie 802.11 information elements
550 * Many management frames include a section that amounts to a
551 * concatenation of these information elements, so that the sender can
552 * choose which information to send and the receiver can ignore the
553 * parts it doesn't understand. Each IE contains a two-byte header,
554 * one byte ID and one byte length, followed by IE-specific data. The
555 * length does not include the two-byte header. Information elements
556 * are required to be sorted by ID, but gPXE does not require that in
559 * This group also includes a few inline functions to simplify common
560 * tasks in IE processing.
565 /** Generic 802.11 information element header */
566 struct ieee80211_ie_header
{
567 u8 id
; /**< Information element ID */
568 u8 len
; /**< Information element length */
569 } __attribute__ ((packed
));
572 /** 802.11 SSID information element */
573 struct ieee80211_ie_ssid
{
574 u8 id
; /**< SSID ID: 0 */
575 u8 len
; /**< SSID length */
576 char ssid
[0]; /**< SSID data, not NUL-terminated */
577 } __attribute__ ((packed
));
579 /** Information element ID for SSID information element */
580 #define IEEE80211_IE_SSID 0
583 /** 802.11 rates information element
585 * The first 8 rates go in an IE of type RATES (1), and any more rates
586 * go in one of type EXT_RATES (50). Each rate is a byte with the low
587 * 7 bits equal to the rate in units of 500 kbps, and the high bit set
588 * if and only if the rate is "basic" (must be supported by all
589 * connected stations).
591 struct ieee80211_ie_rates
{
592 u8 id
; /**< Rates ID: 1 or 50 */
593 u8 len
; /**< Number of rates */
594 u8 rates
[0]; /**< Rates data, one rate per byte */
595 } __attribute__ ((packed
));
597 /** Information element ID for rates information element */
598 #define IEEE80211_IE_RATES 1
600 /** Information element ID for extended rates information element */
601 #define IEEE80211_IE_EXT_RATES 50
604 /** 802.11 Direct Spectrum parameter information element
606 * This just contains the channel number. It has the fancy name
607 * because IEEE 802.11 also defines a frequency-hopping PHY that
608 * changes channels at regular intervals following a predetermined
609 * pattern; in practice nobody uses the FH PHY.
611 struct ieee80211_ie_ds_param
{
612 u8 id
; /**< DS parameter ID: 3 */
613 u8 len
; /**< DS parameter length: 1 */
614 u8 current_channel
; /**< Current channel number, 1-14 */
615 } __attribute__ ((packed
));
617 /** Information element ID for Direct Spectrum parameter information element */
618 #define IEEE80211_IE_DS_PARAM 3
621 /** 802.11 Country information element regulatory extension triplet */
622 struct ieee80211_ie_country_ext_triplet
{
623 u8 reg_ext_id
; /**< Regulatory extension ID */
624 u8 reg_class_id
; /**< Regulatory class ID */
625 u8 coverage_class
; /**< Coverage class */
626 } __attribute__ ((packed
));
628 /** 802.11 Country information element regulatory band triplet */
629 struct ieee80211_ie_country_band_triplet
{
630 u8 first_channel
; /**< Channel number for first channel in band */
631 u8 nr_channels
; /**< Number of contiguous channels in band */
632 u8 max_txpower
; /**< Maximum TX power in dBm */
633 } __attribute__ ((packed
));
635 /** 802.11 Country information element regulatory triplet
637 * It is a band triplet if the first byte is 200 or less, and a
638 * regulatory extension triplet otherwise.
640 union ieee80211_ie_country_triplet
{
641 /** Differentiator between band and ext triplets */
644 /** Information about a band of channels */
645 struct ieee80211_ie_country_band_triplet band
;
647 /** Regulatory extension information */
648 struct ieee80211_ie_country_ext_triplet ext
;
651 /** 802.11 Country information element
653 * This contains some data about RF regulations.
655 struct ieee80211_ie_country
{
656 u8 id
; /**< Country information ID: 7 */
657 u8 len
; /**< Country information length: varies */
658 char name
[2]; /**< ISO Alpha2 country code */
659 char in_out
; /**< 'I' for indoor, 'O' for outdoor */
661 /** List of regulatory triplets */
662 union ieee80211_ie_country_triplet triplet
[0];
663 } __attribute__ ((packed
));
665 /** Information element ID for Country information element */
666 #define IEEE80211_IE_COUNTRY 7
669 /** 802.11 Request information element
671 * This contains a list of information element types we would like to
672 * be included in probe response frames.
674 struct ieee80211_ie_request
{
675 u8 id
; /**< Request ID: 10 */
676 u8 len
; /**< Number of IEs requested */
677 u8 request
[0]; /**< List of IEs requested */
678 } __attribute__ ((packed
));
680 /** Information element ID for Request information element */
681 #define IEEE80211_IE_REQUEST 10
684 /** 802.11 Challenge Text information element
686 * This is used in authentication frames under Shared Key
689 struct ieee80211_ie_challenge_text
{
690 u8 id
; /**< Challenge Text ID: 16 */
691 u8 len
; /**< Challenge Text length: usually 128 */
692 u8 challenge_text
[0]; /**< Challenge Text data */
693 } __attribute__ ((packed
));
695 /** Information element ID for Challenge Text information element */
696 #define IEEE80211_IE_CHALLENGE_TEXT 16
699 /** 802.11 Power Constraint information element
701 * This is used to specify an additional power limitation on top of
702 * the Country requirements.
704 struct ieee80211_ie_power_constraint
{
705 u8 id
; /**< Power Constraint ID: 52 */
706 u8 len
; /**< Power Constraint length: 1 */
707 u8 power_constraint
; /**< Decrease in allowed TX power, dBm */
708 } __attribute__ ((packed
));
710 /** Information element ID for Power Constraint information element */
711 #define IEEE80211_IE_POWER_CONSTRAINT 52
714 /** 802.11 Power Capability information element
716 * This is used in association request frames to indicate the extremes
717 * of our TX power abilities. It is required only if we indicate
718 * support for spectrum management.
720 struct ieee80211_ie_power_capab
{
721 u8 id
; /**< Power Capability ID: 33 */
722 u8 len
; /**< Power Capability length: 2 */
723 u8 min_txpower
; /**< Minimum possible TX power, dBm */
724 u8 max_txpower
; /**< Maximum possible TX power, dBm */
725 } __attribute__ ((packed
));
727 /** Information element ID for Power Capability information element */
728 #define IEEE80211_IE_POWER_CAPAB 33
731 /** 802.11 Channels information element channel band tuple */
732 struct ieee80211_ie_channels_channel_band
{
733 u8 first_channel
; /**< Channel number of first channel in band */
734 u8 nr_channels
; /**< Number of channels in band */
735 } __attribute__ ((packed
));
737 /** 802.11 Channels information element
739 * This is used in association frames to indicate the channels we can
740 * use. It is required only if we indicate support for spectrum
743 struct ieee80211_ie_channels
{
744 u8 id
; /**< Channels ID: 36 */
745 u8 len
; /**< Channels length: 2 */
747 /** List of (start, length) channel bands we can use */
748 struct ieee80211_ie_channels_channel_band channels
[0];
749 } __attribute__ ((packed
));
751 /** Information element ID for Channels information element */
752 #define IEEE80211_IE_CHANNELS 36
755 /** 802.11 ERP Information information element
757 * This is used to communicate some PHY-level flags.
759 struct ieee80211_ie_erp_info
{
760 u8 id
; /**< ERP Information ID: 42 */
761 u8 len
; /**< ERP Information length: 1 */
762 u8 erp_info
; /**< ERP flags */
763 } __attribute__ ((packed
));
765 /** Information element ID for ERP Information information element */
766 #define IEEE80211_IE_ERP_INFO 42
768 /** ERP information element: Flag set if 802.11b stations are present */
769 #define IEEE80211_ERP_NONERP_PRESENT 0x01
771 /** ERP information element: Flag set if CTS protection must be used */
772 #define IEEE80211_ERP_USE_PROTECTION 0x02
774 /** ERP information element: Flag set if long preambles must be used */
775 #define IEEE80211_ERP_BARKER_LONG 0x04
778 /** 802.11 Robust Security Network ("WPA") information element
780 * Showing once again a striking clarity of design, the IEEE folks put
781 * dynamically-sized data in the middle of this structure. As such,
782 * the below structure definition is only a guideline; the
783 * @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER, and
784 * @c IEEE80211_RSN_AUTHTYPE macros should be used to access any
787 * Also inspired was IEEE's choice of 16-bit fields to count the
788 * number of 4-byte elements in a structure with a maximum length of
791 * Many fields reference a cipher or authentication-type ID; this is a
792 * three-byte OUI followed by one byte identifying the cipher with
793 * respect to that OUI. For all standard ciphers the OUI is 00:0F:AC.
795 * The authentication types referenced in this structure have nothing
796 * to do with 802.11 authentication frames or the @c algorithm field
799 struct ieee80211_ie_rsn
{
800 /** Information element ID */
803 /** Information element length */
806 /** RSN information element version */
809 /** Cipher ID for the cipher used in multicast/broadcast frames */
812 /** Number of unicast ciphers supported */
815 /** List of cipher IDs for supported unicast frame ciphers */
816 u8 pairwise_cipher
[4];
818 /** Number of authentication types supported */
821 /** List of authentication type IDs for supported types */
824 /** Security capabilities field. */
827 /** Number of PMKIDs included (present only in association frames) */
830 /** List of PMKIDs included, each a 16-byte SHA1 hash */
832 } __attribute__((packed
));
834 /** Information element ID for Robust Security Network information element */
835 #define IEEE80211_IE_RSN 48
837 /** OUI for standard ciphers in RSN information element */
838 #define IEEE80211_RSN_OUI "\x00\x0F\xAC"
840 /** Extract RSN IE version field */
841 #define IEEE80211_RSN_FIELD_version( rsnp ) ( (rsnp)->version )
843 /** Extract RSN IE group_cipher field */
844 #define IEEE80211_RSN_FIELD_group_cipher( rsnp ) ( (rsnp)->group_cipher )
846 /** Extract RSN IE pairwise_count field */
847 #define IEEE80211_RSN_FIELD_pairwise_count( rsnp ) ( (rsnp)->pairwise_count )
849 /** Extract RSN IE akm_count field */
850 #define IEEE80211_RSN_FIELD_akm_count( rsnp ) \
851 ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
852 4*( ( rsnp )->pairwise_count - 1 ) ) )->akm_count )
854 /** Extract RSN IE rsn_capab field */
855 #define IEEE80211_RSN_FIELD_rsn_capab( rsnp ) \
856 ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
857 4*( ( rsnp )->pairwise_count - 1 ) + \
858 4*( ( rsnp )->akm_count - 1 ) ) )->rsn_capab )
860 /** Extract RSN IE pmkid_count field */
861 #define IEEE80211_RSN_FIELD_pmkid_count( rsnp ) \
862 ( ( ( struct ieee80211_ie_rsn * ) ( ( void * ) ( rsnp ) + \
863 4*( ( rsnp )->pairwise_count - 1 ) + \
864 4*( ( rsnp )->akm_count - 1 ) ) )->pmkid_count )
866 /** Extract field from RSN information element
868 * @v rsnp Pointer to RSN information element
869 * @v field Name of field to extract
870 * @ret val Lvalue of the requested field
872 * You must fill the fields of the structure in order for this to work
875 #define IEEE80211_RSN_FIELD( rsnp, field ) \
876 IEEE80211_RSN_FIELD_ ## field ( rsnp )
878 /** Get pointer to pairwise cipher from RSN information element
880 * @v rsnp Pointer to RSN information element
881 * @v cipher Index of pairwise cipher to extract
882 * @ret ptr Pointer to requested cipher
884 #define IEEE80211_RSN_CIPHER( rsnp, cipher ) \
885 ( ( rsnp )->pairwise_cipher + 4 * ( cipher ) )
887 /** Get pointer to authentication type from RSN information element
889 * @v rsnp Pointer to RSN information element
890 * @v akm Index of authentication type to extract
891 * @ret ptr Pointer to requested authentication type
893 * The @c pairwise_count field must be correct.
895 #define IEEE80211_RSN_AUTHTYPE( rsnp, akm ) \
896 ( ( rsnp )->akm_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + 4 * ( akm ) )
898 /** Get pointer to PMKID from RSN information element
900 * @v rsnp Pointer to RSN information element
901 * @v idx Index of PMKID to extract
902 * @ret ptr Pointer to requested PMKID
904 * The @c pairwise_count and @c akm_count fields must be correct.
906 #define IEEE80211_RSN_PMKID( rsnp, idx ) \
907 ( ( rsnp )->pmkid_list + 4 * ( ( rsnp )->pairwise_count - 1 ) + \
908 4 * ( ( rsnp )->akm_count - 1 ) + 16 * ( idx ) )
910 /** Verify size of RSN information element
912 * @v rsnp Pointer to RSN information element
913 * @ret ok TRUE if count fields are consistent with length field
915 * It is important to drop any RSN IE that does not pass this function
916 * before using the @c IEEE80211_RSN_FIELD, @c IEEE80211_RSN_CIPHER,
917 * and @c IEEE80211_RSN_AUTHTYPE macros, to avoid potential security
918 * compromise due to a malformed RSN IE.
920 * This function does not consider the possibility of some PMKIDs
921 * included in the RSN IE, because PMKIDs are only included in RSN IEs
922 * sent in association request frames, and we should never receive an
923 * association request frame. An RSN IE that includes PMKIDs will
924 * always fail this check.
926 static inline int ieee80211_rsn_check ( struct ieee80211_ie_rsn
*rsnp
) {
927 if ( rsnp
->len
< 12 + 4 * rsnp
->pairwise_count
)
929 return ( rsnp
->len
== 12 + 4 * ( rsnp
->pairwise_count
+
930 IEEE80211_RSN_FIELD ( rsnp
, akm_count
) ) );
933 /** Calculate necessary size of RSN information element
935 * @v npair Number of pairwise ciphers supported
936 * @v nauth Number of authentication types supported
937 * @v npmkid Number of PMKIDs to include
938 * @ret size Necessary size of RSN IE, including header bytes
940 static inline size_t ieee80211_rsn_size ( int npair
, int nauth
, int npmkid
) {
941 return 16 + 4 * ( npair
+ nauth
) + 16 * npmkid
;
944 /** 802.11 RSN IE: expected version number */
945 #define IEEE80211_RSN_VERSION 1
947 /** 802.11 RSN IE: fourth byte of cipher type for 40-bit WEP */
948 #define IEEE80211_RSN_CTYPE_WEP40 1
950 /** 802.11 RSN IE: fourth byte of cipher type for 104-bit WEP */
951 #define IEEE80211_RSN_CTYPE_WEP104 5
953 /** 802.11 RSN IE: fourth byte of cipher type for TKIP ("WPA") */
954 #define IEEE80211_RSN_CTYPE_TKIP 2
956 /** 802.11 RSN IE: fourth byte of cipher type for CCMP ("WPA2") */
957 #define IEEE80211_RSN_CTYPE_CCMP 4
959 /** 802.11 RSN IE: fourth byte of cipher type for "use group"
961 * This can only appear as a pairwise cipher, and means unicast frames
962 * should be encrypted in the same way as broadcast/multicast frames.
964 #define IEEE80211_RSN_CTYPE_USEGROUP 0
966 /** 802.11 RSN IE: fourth byte of auth method type for using an 802.1X server */
967 #define IEEE80211_RSN_ATYPE_8021X 1
969 /** 802.11 RSN IE: fourth byte of auth method type for using a pre-shared key */
970 #define IEEE80211_RSN_ATYPE_PSK 2
972 /** 802.11 RSN IE capabilities: AP supports pre-authentication */
973 #define IEEE80211_RSN_CAPAB_PREAUTH 0x001
975 /** 802.11 RSN IE capabilities: Node has conflict between TKIP and WEP
977 * This is a legacy issue; APs always set it to 0, and gPXE sets it to
980 #define IEEE80211_RSN_CAPAB_NO_PAIRWISE 0x002
982 /** 802.11 RSN IE capabilities: Number of PTKSA replay counters
984 * A value of 0 means one replay counter, 1 means two, 2 means four,
985 * and 3 means sixteen.
987 #define IEEE80211_RSN_CAPAB_PTKSA_REPLAY 0x00C
989 /** 802.11 RSN IE capabilities: Number of GTKSA replay counters
991 * A value of 0 means one replay counter, 1 means two, 2 means four,
992 * and 3 means sixteen.
994 #define IEEE80211_RSN_CAPAB_GTKSA_REPLAY 0x030
996 /** 802.11 RSN IE capabilities: PeerKey Handshaking is suported */
997 #define IEEE80211_RSN_CAPAB_PEERKEY 0x200
1001 /** Any 802.11 information element
1003 * This is formatted for ease of use, so IEs with complex structures
1004 * get referenced in full, while those with only one byte of data or a
1005 * simple array are pulled in to avoid a layer of indirection like
1006 * ie->channels.channels[0].
1010 /** Generic and simple information element info */
1012 u8 id
; /**< Information element ID */
1013 u8 len
; /**< Information element data length */
1015 char ssid
[0]; /**< SSID text */
1016 u8 rates
[0]; /**< Rates data */
1017 u8 request
[0]; /**< Request list */
1018 u8 challenge_text
[0]; /**< Challenge text data */
1019 u8 power_constraint
; /**< Power constraint, dBm */
1020 u8 erp_info
; /**< ERP information flags */
1021 /** List of channels */
1022 struct ieee80211_ie_channels_channel_band channels
[0];
1026 /** DS parameter set */
1027 struct ieee80211_ie_ds_param ds_param
;
1029 /** Country information */
1030 struct ieee80211_ie_country country
;
1032 /** Power capability */
1033 struct ieee80211_ie_power_capab power_capab
;
1035 /** Security information */
1036 struct ieee80211_ie_rsn rsn
;
1039 /** Advance to next 802.11 information element
1041 * @v ie Current information element pointer
1042 * @v end Pointer to first byte not in information element space
1043 * @ret next Pointer to next information element, or NULL if no more
1045 * When processing received IEs, @a end should be set to the I/O
1046 * buffer tail pointer; when marshalling IEs for sending, @a end
1049 static inline union ieee80211_ie
* ieee80211_next_ie ( union ieee80211_ie
*ie
,
1052 void *next_ie_byte
= ( void * ) ie
+ ie
->len
+ 2;
1053 union ieee80211_ie
*next_ie
= next_ie_byte
;
1058 if ( next_ie_byte
< end
&& next_ie_byte
+ next_ie
->len
<= end
)
1067 /* ---------- Management frame data formats ---------- */
1070 * @defgroup ieee80211_mgmt_data Management frame data payloads
1074 /** Beacon or probe response frame data */
1075 struct ieee80211_beacon_or_probe_resp
1077 /** 802.11 TSFT value at frame send */
1080 /** Interval at which beacons are sent, in units of 1024 us */
1081 u16 beacon_interval
;
1083 /** Capability flags */
1086 /** List of information elements */
1087 union ieee80211_ie info_element
[0];
1088 } __attribute__((packed
));
1090 #define ieee80211_beacon ieee80211_beacon_or_probe_resp
1091 #define ieee80211_probe_resp ieee80211_beacon_or_probe_resp
1093 /** Disassociation or deauthentication frame data */
1094 struct ieee80211_disassoc_or_deauth
1098 } __attribute__((packed
));
1100 #define ieee80211_disassoc ieee80211_disassoc_or_deauth
1101 #define ieee80211_deauth ieee80211_disassoc_or_deauth
1103 /** Association request frame data */
1104 struct ieee80211_assoc_req
1106 /** Capability flags */
1109 /** Interval at which we wake up, in units of the beacon interval */
1110 u16 listen_interval
;
1112 /** List of information elements */
1113 union ieee80211_ie info_element
[0];
1114 } __attribute__((packed
));
1116 /** Association or reassociation response frame data */
1117 struct ieee80211_assoc_or_reassoc_resp
1119 /** Capability flags */
1125 /** Association ID */
1128 /** List of information elements */
1129 union ieee80211_ie info_element
[0];
1130 } __attribute__((packed
));
1132 #define ieee80211_assoc_resp ieee80211_assoc_or_reassoc_resp
1133 #define ieee80211_reassoc_resp ieee80211_assoc_or_reassoc_resp
1135 /** Reassociation request frame data */
1136 struct ieee80211_reassoc_req
1138 /** Capability flags */
1141 /** Interval at which we wake up, in units of the beacon interval */
1142 u16 listen_interval
;
1144 /** MAC address of current Access Point */
1145 u8 current_addr
[ETH_ALEN
];
1147 /** List of information elements */
1148 union ieee80211_ie info_element
[0];
1149 } __attribute__((packed
));
1151 /** Probe request frame data */
1152 struct ieee80211_probe_req
1154 /** List of information elements */
1155 union ieee80211_ie info_element
[0];
1156 } __attribute__((packed
));
1158 /** Authentication frame data */
1159 struct ieee80211_auth
1161 /** Authentication algorithm (Open System or Shared Key) */
1164 /** Sequence number of this frame; first from client to AP is 1 */
1170 /** List of information elements */
1171 union ieee80211_ie info_element
[0];
1172 } __attribute__((packed
));
1174 /** Open System authentication algorithm */
1175 #define IEEE80211_AUTH_OPEN_SYSTEM 0
1177 /** Shared Key authentication algorithm */
1178 #define IEEE80211_AUTH_SHARED_KEY 1
projects / grub2.git / blob