Cross Reference: /freebsd-11-stable/sys/net80211/ieee80211

Deleted Added

sdiff udiff text old ( 179640 ) new ( 179641 )

full compact

ieee80211_node.c (179640)	ieee80211_node.c (179641)
1/- 2 Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h>	1/- 2 Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_node.c 179640 2008-06-07 17:43:41Z sam $");	28__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_node.c 179641 2008-06-07 17:50:24Z sam $");
29 30#include "opt_wlan.h" 31 32#include <sys/param.h> 33#include <sys/systm.h> 34#include <sys/mbuf.h> 35#include <sys/malloc.h> 36#include <sys/kernel.h> 37 38#include <sys/socket.h> 39 40#include <net/if.h> 41#include <net/if_media.h> 42#include <net/ethernet.h> 43 44#include <net80211/ieee80211_var.h> 45#include <net80211/ieee80211_input.h> 46#include <net80211/ieee80211_wds.h> 47 48#include <net/bpf.h> 49 50/* 51 * Association id's are managed with a bit vector. 52 / 53#define IEEE80211_AID_SET(_vap, b) \ 54 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] \|= \ 55 (1 << (IEEE80211_AID(b) % 32))) 56#define IEEE80211_AID_CLR(_vap, b) \ 57 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \ 58 ~(1 << (IEEE80211_AID(b) % 32))) 59#define IEEE80211_AID_ISSET(_vap, b) \ 60 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 61 62#ifdef IEEE80211_DEBUG_REFCNT 63#define REFCNT_LOC "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line 64#else 65#define REFCNT_LOC "%s %p<%s> refcnt %d\n", __func__ 66#endif 67 68static int ieee80211_sta_join1(struct ieee80211_node ); 69 70static struct ieee80211_node node_alloc(struct ieee80211_node_table ); 71static void node_cleanup(struct ieee80211_node ); 72static void node_free(struct ieee80211_node ); 73static void node_age(struct ieee80211_node ); 74static int8_t node_getrssi(const struct ieee80211_node ); 75static void node_getsignal(const struct ieee80211_node , int8_t , int8_t ); 76static void node_getmimoinfo(const struct ieee80211_node , 77 struct ieee80211_mimo_info ); 78 79static void _ieee80211_free_node(struct ieee80211_node ); 80 81static void ieee80211_node_table_init(struct ieee80211com ic, 82 struct ieee80211_node_table nt, const char name, 83 int inact, int keymaxix); 84static void ieee80211_node_table_reset(struct ieee80211_node_table , 85 struct ieee80211vap ); 86static void ieee80211_node_reclaim(struct ieee80211_node ); 87static void ieee80211_node_table_cleanup(struct ieee80211_node_table nt); 88static void ieee80211_erp_timeout(struct ieee80211com ); 89 90MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 91MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie"); 92 93void 94ieee80211_node_attach(struct ieee80211com ic) 95{ 96 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 97 IEEE80211_INACT_INIT, ic->ic_max_keyix); 98 callout_init(&ic->ic_inact, CALLOUT_MPSAFE); 99 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIThz, 100 ieee80211_node_timeout, ic); 101 102 ic->ic_node_alloc = node_alloc; 103 ic->ic_node_free = node_free; 104 ic->ic_node_cleanup = node_cleanup; 105 ic->ic_node_age = node_age; 106 ic->ic_node_drain = node_age; /* NB: same as age / 107* ic->ic_node_getrssi = node_getrssi; 108 ic->ic_node_getsignal = node_getsignal; 109 ic->ic_node_getmimoinfo = node_getmimoinfo; 110 111 /* 112 * Set flags to be propagated to all vap's; 113 * these define default behaviour/configuration. 114 / 115* ic->ic_flags_ext \|= IEEE80211_FEXT_INACT; /* inactivity processing / 116} 117* 118void 119ieee80211_node_detach(struct ieee80211com ic) 120{ 121* 122 callout_drain(&ic->ic_inact); 123 ieee80211_node_table_cleanup(&ic->ic_sta); 124} 125 126void 127ieee80211_node_vattach(struct ieee80211vap vap) 128{ 129* /* NB: driver can override / 130* vap->iv_max_aid = IEEE80211_AID_DEF; 131 132 /* default station inactivity timer setings / 133* vap->iv_inact_init = IEEE80211_INACT_INIT; 134 vap->iv_inact_auth = IEEE80211_INACT_AUTH; 135 vap->iv_inact_run = IEEE80211_INACT_RUN; 136 vap->iv_inact_probe = IEEE80211_INACT_PROBE; 137} 138 139void 140ieee80211_node_latevattach(struct ieee80211vap vap) 141{ 142* if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 143 /* XXX should we allow max aid to be zero? / 144* if (vap->iv_max_aid < IEEE80211_AID_MIN) { 145 vap->iv_max_aid = IEEE80211_AID_MIN; 146 if_printf(vap->iv_ifp, 147 "WARNING: max aid too small, changed to %d\n", 148 vap->iv_max_aid); 149 } 150 MALLOC(vap->iv_aid_bitmap, uint32_t , 151* howmany(vap->iv_max_aid, 32) * sizeof(uint32_t), 152 M_80211_NODE, M_NOWAIT \| M_ZERO); 153 if (vap->iv_aid_bitmap == NULL) { 154 /* XXX no way to recover / 155* printf("%s: no memory for AID bitmap, max aid %d!\n", 156 __func__, vap->iv_max_aid); 157 vap->iv_max_aid = 0; 158 } 159 } 160 161 ieee80211_reset_bss(vap); 162 163 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode); 164} 165 166void 167ieee80211_node_vdetach(struct ieee80211vap vap) 168{ 169* struct ieee80211com ic = vap->iv_ic; 170* 171 ieee80211_node_table_reset(&ic->ic_sta, vap); 172 if (vap->iv_bss != NULL) { 173 ieee80211_free_node(vap->iv_bss); 174 vap->iv_bss = NULL; 175 } 176 if (vap->iv_aid_bitmap != NULL) { 177 FREE(vap->iv_aid_bitmap, M_80211_NODE); 178 vap->iv_aid_bitmap = NULL; 179 } 180} 181 182/* 183 * Port authorize/unauthorize interfaces for use by an authenticator. 184 / 185* 186void 187ieee80211_node_authorize(struct ieee80211_node ni) 188{ 189* ni->ni_flags \|= IEEE80211_NODE_AUTH; 190 ni->ni_inact_reload = ni->ni_vap->iv_inact_run; 191 ni->ni_inact = ni->ni_inact_reload; 192} 193 194void 195ieee80211_node_unauthorize(struct ieee80211_node ni) 196{ 197* ni->ni_flags &= ~IEEE80211_NODE_AUTH; 198 ni->ni_inact_reload = ni->ni_vap->iv_inact_auth; 199 if (ni->ni_inact > ni->ni_inact_reload) 200 ni->ni_inact = ni->ni_inact_reload; 201} 202 203/* 204 * Set/change the channel. The rate set is also updated as 205 * to insure a consistent view by drivers. 206 * XXX should be private but hostap needs it to deal with CSA 207 / 208void 209ieee80211_node_set_chan(struct ieee80211_node ni, 210 struct ieee80211_channel chan) 211{ 212* struct ieee80211com ic = ni->ni_ic; 213* 214 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel")); 215 216 ni->ni_chan = chan; 217 if (IEEE80211_IS_CHAN_HT(chan)) { 218 /* 219 * XXX Gotta be careful here; the rate set returned by 220 * ieee80211_get_suprates is actually any HT rate 221 * set so blindly copying it will be bad. We must 222 * install the legacy rate est in ni_rates and the 223 * HT rate set in ni_htrates. 224 / 225* ni->ni_htrates = ieee80211_get_suphtrates(ic, chan); 226* } 227 ni->ni_rates = ieee80211_get_suprates(ic, chan); 228} 229* 230static __inline void 231copy_bss(struct ieee80211_node nbss, const struct ieee80211_node obss) 232{ 233 /* propagate useful state / 234* nbss->ni_authmode = obss->ni_authmode; 235 nbss->ni_txpower = obss->ni_txpower; 236 nbss->ni_vlan = obss->ni_vlan; 237 /* XXX statistics? / 238* /* XXX legacy WDS bssid? / 239} 240* 241void 242ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel chan) 243{ 244* struct ieee80211com ic = vap->iv_ic; 245* struct ieee80211_node ni; 246* 247 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 248 "%s: creating ibss on channel %u\n", __func__, 249 ieee80211_chan2ieee(ic, chan)); 250 251 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 252 if (ni == NULL) { 253 /* XXX recovery? / 254* return; 255 } 256 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 257 ni->ni_esslen = vap->iv_des_ssid[0].len; 258 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 259 if (vap->iv_bss != NULL) 260 copy_bss(ni, vap->iv_bss); 261 ni->ni_intval = ic->ic_bintval; 262 if (vap->iv_flags & IEEE80211_F_PRIVACY) 263 ni->ni_capinfo \|= IEEE80211_CAPINFO_PRIVACY; 264 if (ic->ic_phytype == IEEE80211_T_FH) { 265 ni->ni_fhdwell = 200; /* XXX / 266* ni->ni_fhindex = 1; 267 } 268 if (vap->iv_opmode == IEEE80211_M_IBSS) { 269 vap->iv_flags \|= IEEE80211_F_SIBSS; 270 ni->ni_capinfo \|= IEEE80211_CAPINFO_IBSS; /* XXX / 271* if (vap->iv_flags & IEEE80211_F_DESBSSID) 272 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 273 else { 274 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN); 275 /* clear group bit, add local bit / 276* ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) \| 0x02; 277 } 278 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 279 if (vap->iv_flags & IEEE80211_F_DESBSSID) 280 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 281 else 282 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN); 283 } 284 /* 285 * Fix the channel and related attributes. 286 / 287* /* clear DFS CAC state on previous channel / 288* if (ic->ic_bsschan != IEEE80211_CHAN_ANYC && 289 ic->ic_bsschan->ic_freq != chan->ic_freq && 290 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan)) 291 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan); 292 ic->ic_bsschan = chan; 293 ieee80211_node_set_chan(ni, chan); 294 ic->ic_curmode = ieee80211_chan2mode(chan); 295 /* 296 * Do mode-specific setup. 297 / 298* if (IEEE80211_IS_CHAN_FULL(chan)) { 299 if (IEEE80211_IS_CHAN_ANYG(chan)) { 300 /* 301 * Use a mixed 11b/11g basic rate set. 302 / 303* ieee80211_setbasicrates(&ni->ni_rates, 304 IEEE80211_MODE_11G); 305 if (vap->iv_flags & IEEE80211_F_PUREG) { 306 /* 307 * Also mark OFDM rates basic so 11b 308 * stations do not join (WiFi compliance). 309 / 310* ieee80211_addbasicrates(&ni->ni_rates, 311 IEEE80211_MODE_11A); 312 } 313 } else if (IEEE80211_IS_CHAN_B(chan)) { 314 /* 315 * Force pure 11b rate set. 316 / 317* ieee80211_setbasicrates(&ni->ni_rates, 318 IEEE80211_MODE_11B); 319 } 320 } 321 322 (void) ieee80211_sta_join1(ieee80211_ref_node(ni)); 323} 324 325/* 326 * Reset bss state on transition to the INIT state. 327 * Clear any stations from the table (they have been 328 * deauth'd) and reset the bss node (clears key, rate 329 * etc. state). 330 / 331void 332ieee80211_reset_bss(struct ieee80211vap vap) 333{ 334 struct ieee80211com ic = vap->iv_ic; 335* struct ieee80211_node ni, obss; 336 337 ieee80211_node_table_reset(&ic->ic_sta, vap); 338 /* XXX multi-bss: wrong / 339* ieee80211_reset_erp(ic); 340 341 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 342 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 343 obss = vap->iv_bss; 344 vap->iv_bss = ieee80211_ref_node(ni); 345 if (obss != NULL) { 346 copy_bss(ni, obss); 347 ni->ni_intval = ic->ic_bintval; 348 ieee80211_free_node(obss); 349 } else 350 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 351} 352 353static int 354match_ssid(const struct ieee80211_node ni, 355* int nssid, const struct ieee80211_scan_ssid ssids[]) 356{ 357 int i; 358 359 for (i = 0; i < nssid; i++) { 360 if (ni->ni_esslen == ssids[i].len && 361 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0) 362 return 1; 363 } 364 return 0; 365} 366 367/* 368 * Test a node for suitability/compatibility. 369 / 370static int 371check_bss(struct ieee80211vap vap, struct ieee80211_node ni) 372{ 373* struct ieee80211com ic = ni->ni_ic; 374* uint8_t rate; 375 376 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 377 return 0; 378 if (vap->iv_opmode == IEEE80211_M_IBSS) { 379 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 380 return 0; 381 } else { 382 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 383 return 0; 384 } 385 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 386 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 387 return 0; 388 } else { 389 /* XXX does this mean privacy is supported or required? / 390* if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 391 return 0; 392 } 393 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 394 IEEE80211_F_JOIN \| IEEE80211_F_DONEGO \| IEEE80211_F_DOFRATE); 395 if (rate & IEEE80211_RATE_BASIC) 396 return 0; 397 if (vap->iv_des_nssid != 0 && 398 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 399 return 0; 400 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 401 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 402 return 0; 403 return 1; 404} 405 406#ifdef IEEE80211_DEBUG 407/* 408 * Display node suitability/compatibility. 409 / 410static void 411check_bss_debug(struct ieee80211vap vap, struct ieee80211_node ni) 412{ 413* struct ieee80211com ic = ni->ni_ic; 414* uint8_t rate; 415 int fail; 416 417 fail = 0; 418 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 419 fail \|= 0x01; 420 if (vap->iv_opmode == IEEE80211_M_IBSS) { 421 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 422 fail \|= 0x02; 423 } else { 424 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 425 fail \|= 0x02; 426 } 427 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 428 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 429 fail \|= 0x04; 430 } else { 431 /* XXX does this mean privacy is supported or required? / 432* if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 433 fail \|= 0x04; 434 } 435 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 436 IEEE80211_F_JOIN \| IEEE80211_F_DONEGO \| IEEE80211_F_DOFRATE); 437 if (rate & IEEE80211_RATE_BASIC) 438 fail \|= 0x08; 439 if (vap->iv_des_nssid != 0 && 440 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 441 fail \|= 0x10; 442 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 443 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 444 fail \|= 0x20; 445 446 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr)); 447 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' '); 448 printf(" %3d%c", 449 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' '); 450 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 451 fail & 0x08 ? '!' : ' '); 452 printf(" %4s%c", 453 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 454 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 455 "????", 456 fail & 0x02 ? '!' : ' '); 457 printf(" %3s%c ", 458 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no", 459 fail & 0x04 ? '!' : ' '); 460 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 461 printf("%s\n", fail & 0x10 ? "!" : ""); 462} 463#endif /* IEEE80211_DEBUG / 464* 465/* 466 * Handle 802.11 ad hoc network merge. The 467 * convention, set by the Wireless Ethernet Compatibility Alliance 468 * (WECA), is that an 802.11 station will change its BSSID to match 469 * the "oldest" 802.11 ad hoc network, on the same channel, that 470 * has the station's desired SSID. The "oldest" 802.11 network 471 * sends beacons with the greatest TSF timestamp. 472 * 473 * The caller is assumed to validate TSF's before attempting a merge. 474 * 475 * Return !0 if the BSSID changed, 0 otherwise. 476 / 477int 478ieee80211_ibss_merge(struct ieee80211_node ni) 479{ 480 struct ieee80211vap vap = ni->ni_vap; 481#ifdef IEEE80211_DEBUG 482* struct ieee80211com ic = ni->ni_ic; 483#endif 484* 485 if (ni == vap->iv_bss \|\| 486 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) { 487 /* unchanged, nothing to do / 488* return 0; 489 } 490 if (!check_bss(vap, ni)) { 491 /* capabilities mismatch / 492* IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 493 "%s: merge failed, capabilities mismatch\n", __func__); 494#ifdef IEEE80211_DEBUG 495 if (ieee80211_msg_assoc(vap)) 496 check_bss_debug(vap, ni); 497#endif 498 vap->iv_stats.is_ibss_capmismatch++; 499 return 0; 500 } 501 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 502 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 503 ether_sprintf(ni->ni_bssid), 504 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 505 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 506 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 507 ); 508 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 509} 510 511/* 512 * Calculate HT channel promotion flags for all vaps. 513 * This assumes ni_chan have been setup for each vap. 514 / 515static int 516gethtadjustflags(struct ieee80211com ic) 517{ 518 struct ieee80211vap vap; 519* int flags; 520 521 flags = 0; 522 /* XXX locking / 523* TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 524 if (vap->iv_state < IEEE80211_S_RUN) 525 continue; 526 switch (vap->iv_opmode) { 527 case IEEE80211_M_WDS: 528 case IEEE80211_M_STA: 529 case IEEE80211_M_AHDEMO: 530 case IEEE80211_M_HOSTAP: 531 case IEEE80211_M_IBSS: 532 flags \|= ieee80211_htchanflags(vap->iv_bss->ni_chan); 533 break; 534 default: 535 break; 536 } 537 } 538 return flags; 539} 540 541/* 542 * Check if the current channel needs to change based on whether 543 * any vap's are using HT20/HT40. This is used sync the state of 544 * ic_curchan after a channel width change on a running vap. 545 / 546void 547ieee80211_sync_curchan(struct ieee80211com ic) 548{ 549 struct ieee80211_channel c; 550* 551 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic)); 552 if (c != ic->ic_curchan) { 553 ic->ic_curchan = c; 554 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 555 ic->ic_set_channel(ic); 556 } 557} 558 559/* 560 * Change the current channel. The request channel may be 561 * promoted if other vap's are operating with HT20/HT40. 562 / 563void 564ieee80211_setcurchan(struct ieee80211com ic, struct ieee80211_channel c) 565{ 566* if (ic->ic_htcaps & IEEE80211_HTC_HT) { 567 int flags = gethtadjustflags(ic); 568 /* 569 * Check for channel promotion required to support the 570 * set of running vap's. This assumes we are called 571 * after ni_chan is setup for each vap. 572 / 573* /* NB: this assumes IEEE80211_FEXT_USEHT40 > IEEE80211_FEXT_HT / 574* if (flags > ieee80211_htchanflags(c)) 575 c = ieee80211_ht_adjust_channel(ic, c, flags); 576 } 577 ic->ic_bsschan = ic->ic_curchan = c; 578 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 579 ic->ic_set_channel(ic); 580} 581 582/* 583 * Join the specified IBSS/BSS network. The node is assumed to 584 * be passed in with a held reference. 585 / 586static int 587ieee80211_sta_join1(struct ieee80211_node selbs) 588{ 589 struct ieee80211vap vap = selbs->ni_vap; 590* struct ieee80211com ic = selbs->ni_ic; 591* struct ieee80211_node obss; 592* int canreassoc; 593 594 /* 595 * Committed to selbs, setup state. 596 / 597* obss = vap->iv_bss; 598 /* 599 * Check if old+new node have the same address in which 600 * case we can reassociate when operating in sta mode. 601 / 602* canreassoc = (obss != NULL && 603 vap->iv_state == IEEE80211_S_RUN && 604 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr)); 605 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt / 606* if (obss != NULL) { 607 copy_bss(selbs, obss); 608 ieee80211_node_reclaim(obss); 609 obss = NULL; /* NB: guard against later use / 610* } 611 612 /* 613 * Delete unusable rates; we've already checked 614 * that the negotiated rate set is acceptable. 615 / 616* ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates, 617 IEEE80211_F_DODEL \| IEEE80211_F_JOIN); 618 619 ieee80211_setcurchan(ic, selbs->ni_chan); 620 /* 621 * Set the erp state (mostly the slot time) to deal with 622 * the auto-select case; this should be redundant if the 623 * mode is locked. 624 / 625* ieee80211_reset_erp(ic); 626 ieee80211_wme_initparams(vap); 627 628 if (vap->iv_opmode == IEEE80211_M_STA) { 629 if (canreassoc) { 630 /* Reassociate / 631* ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1); 632 } else { 633 /* 634 * Act as if we received a DEAUTH frame in case we 635 * are invoked from the RUN state. This will cause 636 * us to try to re-authenticate if we are operating 637 * as a station. 638 / 639* ieee80211_new_state(vap, IEEE80211_S_AUTH, 640 IEEE80211_FC0_SUBTYPE_DEAUTH); 641 } 642 } else 643 ieee80211_new_state(vap, IEEE80211_S_RUN, -1); 644 return 1; 645} 646 647int 648ieee80211_sta_join(struct ieee80211vap vap, 649* const struct ieee80211_scan_entry se) 650{ 651* struct ieee80211com ic = vap->iv_ic; 652* struct ieee80211_node ni; 653* 654 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr); 655 if (ni == NULL) { 656 /* XXX msg / 657* return 0; 658 } 659 /* 660 * Expand scan state into node's format. 661 * XXX may not need all this stuff 662 / 663* IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid); 664 ni->ni_esslen = se->se_ssid[1]; 665 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen); 666 ni->ni_rstamp = se->se_rstamp; 667 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 668 ni->ni_intval = se->se_intval; 669 ni->ni_capinfo = se->se_capinfo; 670 ni->ni_chan = se->se_chan; 671 ni->ni_timoff = se->se_timoff; 672 ni->ni_fhdwell = se->se_fhdwell; 673 ni->ni_fhindex = se->se_fhindex; 674 ni->ni_erp = se->se_erp; 675 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi); 676 ni->ni_noise = se->se_noise; 677 678 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) { 679 ieee80211_ies_expand(&ni->ni_ies); 680 if (ni->ni_ies.ath_ie != NULL) 681 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 682 if (ni->ni_ies.htcap_ie != NULL) 683 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 684 if (ni->ni_ies.htinfo_ie != NULL) 685 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 686 } 687 688 vap->iv_dtim_period = se->se_dtimperiod; 689 vap->iv_dtim_count = 0; 690 691 /* NB: must be after ni_chan is setup / 692* ieee80211_setup_rates(ni, se->se_rates, se->se_xrates, 693 IEEE80211_F_DOSORT); 694 695 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 696} 697 698/* 699 * Leave the specified IBSS/BSS network. The node is assumed to 700 * be passed in with a held reference. 701 / 702void 703ieee80211_sta_leave(struct ieee80211_node ni) 704{ 705 struct ieee80211com ic = ni->ni_ic; 706* 707 ic->ic_node_cleanup(ni); 708 ieee80211_notify_node_leave(ni); 709} 710 711/* 712 * Send a deauthenticate frame and drop the station. 713 / 714void 715ieee80211_node_deauth(struct ieee80211_node ni, int reason) 716{ 717 /* NB: bump the refcnt to be sure temporay nodes are not reclaimed / 718* ieee80211_ref_node(ni); 719 if (ni->ni_associd != 0) 720 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 721 ieee80211_node_leave(ni); 722 ieee80211_free_node(ni); 723} 724 725static struct ieee80211_node * 726node_alloc(struct ieee80211_node_table nt) 727{ 728* struct ieee80211_node ni; 729* 730 MALLOC(ni, struct ieee80211_node , sizeof(struct ieee80211_node), 731* M_80211_NODE, M_NOWAIT \| M_ZERO); 732 return ni; 733} 734 735/* 736 * Initialize an ie blob with the specified data. If previous 737 * data exists re-use the data block. As a side effect we clear 738 * all references to specific ie's; the caller is required to 739 * recalculate them. 740 / 741int 742ieee80211_ies_init(struct ieee80211_ies ies, const uint8_t data, int len) 743{ 744* /* NB: assumes data+len are the last fields / 745* memset(ies, 0, offsetof(struct ieee80211_ies, data)); 746 if (ies->data != NULL && ies->len != len) { 747 /* data size changed / 748* FREE(ies->data, M_80211_NODE_IE); 749 ies->data = NULL; 750 } 751 if (ies->data == NULL) { 752 MALLOC(ies->data, uint8_t , len, M_80211_NODE_IE, M_NOWAIT); 753* if (ies->data == NULL) { 754 ies->len = 0; 755 /* NB: pointers have already been zero'd above / 756* return 0; 757 } 758 } 759 memcpy(ies->data, data, len); 760 ies->len = len; 761 return 1; 762} 763 764/* 765 * Reclaim storage for an ie blob. 766 / 767void 768ieee80211_ies_cleanup(struct ieee80211_ies ies) 769{ 770 if (ies->data != NULL) 771 FREE(ies->data, M_80211_NODE_IE); 772} 773 774/* 775 * Expand an ie blob data contents and to fillin individual 776 * ie pointers. The data blob is assumed to be well-formed; 777 * we don't do any validity checking of ie lengths. 778 / 779void 780ieee80211_ies_expand(struct ieee80211_ies ies) 781{ 782 uint8_t ie; 783* int ielen; 784 785 ie = ies->data; 786 ielen = ies->len; 787 while (ielen > 0) { 788 switch (ie[0]) { 789 case IEEE80211_ELEMID_VENDOR: 790 if (iswpaoui(ie)) 791 ies->wpa_ie = ie; 792 else if (iswmeoui(ie)) 793 ies->wme_ie = ie; 794 else if (isatherosoui(ie)) 795 ies->ath_ie = ie; 796 break; 797 case IEEE80211_ELEMID_RSN: 798 ies->rsn_ie = ie; 799 break; 800 case IEEE80211_ELEMID_HTCAP: 801 ies->htcap_ie = ie; 802 break; 803 } 804 ielen -= 2 + ie[1]; 805 ie += 2 + ie[1]; 806 } 807} 808 809/* 810 * Reclaim any resources in a node and reset any critical 811 * state. Typically nodes are free'd immediately after, 812 * but in some cases the storage may be reused so we need 813 * to insure consistent state (should probably fix that). 814 / 815static void 816node_cleanup(struct ieee80211_node ni) 817{ 818#define N(a) (sizeof(a)/sizeof(a[0])) 819 struct ieee80211vap vap = ni->ni_vap; 820* int i; 821 822 /* NB: preserve ni_table / 823* if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 824 if (vap->iv_opmode != IEEE80211_M_STA) 825 vap->iv_ps_sta--; 826 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 827 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni, 828 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta); 829 } 830 /* 831 * Cleanup any HT-related state. 832 / 833* if (ni->ni_flags & IEEE80211_NODE_HT) 834 ieee80211_ht_node_cleanup(ni); 835 /* 836 * Clear AREF flag that marks the authorization refcnt bump 837 * has happened. This is probably not needed as the node 838 * should always be removed from the table so not found but 839 * do it just in case. 840 / 841* ni->ni_flags &= ~IEEE80211_NODE_AREF; 842 843 /* 844 * Drain power save queue and, if needed, clear TIM. 845 / 846* if (ieee80211_node_saveq_drain(ni) != 0 && vap->iv_set_tim != NULL) 847 vap->iv_set_tim(ni, 0); 848 849 ni->ni_associd = 0; 850 if (ni->ni_challenge != NULL) { 851 FREE(ni->ni_challenge, M_80211_NODE); 852 ni->ni_challenge = NULL; 853 } 854 /* 855 * Preserve SSID, WPA, and WME ie's so the bss node is 856 * reusable during a re-auth/re-assoc state transition. 857 * If we remove these data they will not be recreated 858 * because they come from a probe-response or beacon frame 859 * which cannot be expected prior to the association-response. 860 * This should not be an issue when operating in other modes 861 * as stations leaving always go through a full state transition 862 * which will rebuild this state. 863 * 864 * XXX does this leave us open to inheriting old state? 865 / 866* for (i = 0; i < N(ni->ni_rxfrag); i++) 867 if (ni->ni_rxfrag[i] != NULL) { 868 m_freem(ni->ni_rxfrag[i]); 869 ni->ni_rxfrag[i] = NULL; 870 } 871 /* 872 * Must be careful here to remove any key map entry w/o a LOR. 873 / 874* ieee80211_node_delucastkey(ni); 875#undef N 876} 877 878static void 879node_free(struct ieee80211_node ni) 880{ 881* struct ieee80211com ic = ni->ni_ic; 882* 883 ic->ic_node_cleanup(ni); 884 ieee80211_ies_cleanup(&ni->ni_ies); 885 IEEE80211_NODE_SAVEQ_DESTROY(ni); 886 IEEE80211_NODE_WDSQ_DESTROY(ni); 887 FREE(ni, M_80211_NODE); 888} 889 890static void 891node_age(struct ieee80211_node ni) 892{ 893* struct ieee80211vap vap = ni->ni_vap; 894#if 0 895* IEEE80211_NODE_LOCK_ASSERT(&ic->ic_sta); 896#endif 897 /* 898 * Age frames on the power save queue. 899 / 900* if (ieee80211_node_saveq_age(ni) != 0 && 901 IEEE80211_NODE_SAVEQ_QLEN(ni) == 0 && 902 vap->iv_set_tim != NULL) 903 vap->iv_set_tim(ni, 0); 904 /* 905 * Age frames on the wds pending queue. 906 / 907* if (IEEE80211_NODE_WDSQ_QLEN(ni) != 0) 908 ieee80211_node_wdsq_age(ni); 909 /* 910 * Age out HT resources (e.g. frames on the 911 * A-MPDU reorder queues). 912 / 913* if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT)) 914 ieee80211_ht_node_age(ni); 915} 916 917static int8_t 918node_getrssi(const struct ieee80211_node ni) 919{ 920* uint32_t avgrssi = ni->ni_avgrssi; 921 int32_t rssi; 922 923 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) 924 return 0; 925 rssi = IEEE80211_RSSI_GET(avgrssi); 926 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 927} 928 929static void 930node_getsignal(const struct ieee80211_node ni, int8_t rssi, int8_t noise) 931{ 932* rssi = node_getrssi(ni); 933* noise = ni->ni_noise; 934} 935* 936static void 937node_getmimoinfo(const struct ieee80211_node ni, 938* struct ieee80211_mimo_info info) 939{ 940* /* XXX zero data? / 941} 942* 943struct ieee80211_node * 944ieee80211_alloc_node(struct ieee80211_node_table nt, 945* struct ieee80211vap vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 946{ 947* struct ieee80211com ic = nt->nt_ic; 948* struct ieee80211_node ni; 949* int hash; 950 951 ni = ic->ic_node_alloc(nt); 952 if (ni == NULL) { 953 vap->iv_stats.is_rx_nodealloc++; 954 return NULL; 955 } 956 957 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 958 "%s %p<%s> in %s table\n", __func__, ni, 959 ether_sprintf(macaddr), nt->nt_name); 960 961 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 962 hash = IEEE80211_NODE_HASH(macaddr); 963 ieee80211_node_initref(ni); /* mark referenced / 964* ni->ni_chan = IEEE80211_CHAN_ANYC; 965 ni->ni_authmode = IEEE80211_AUTH_OPEN; 966 ni->ni_txpower = ic->ic_txpowlimit; /* max power / 967* ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 968 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER; 969 ni->ni_inact_reload = nt->nt_inact_init; 970 ni->ni_inact = ni->ni_inact_reload; 971 ni->ni_ath_defkeyix = 0x7fff; 972 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 973 IEEE80211_NODE_WDSQ_INIT(ni, "unknown"); 974 975 IEEE80211_NODE_LOCK(nt); 976 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 977 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 978 ni->ni_table = nt; 979 ni->ni_vap = vap; 980 ni->ni_ic = ic; 981 IEEE80211_NODE_UNLOCK(nt); 982 983 return ni; 984} 985 986/* 987 * Craft a temporary node suitable for sending a management frame 988 * to the specified station. We craft only as much state as we 989 * need to do the work since the node will be immediately reclaimed 990 * once the send completes. 991 / 992struct ieee80211_node 993ieee80211_tmp_node(struct ieee80211vap vap, 994* const uint8_t macaddr[IEEE80211_ADDR_LEN]) 995{ 996 struct ieee80211com ic = vap->iv_ic; 997* struct ieee80211_node ni; 998* 999 ni = ic->ic_node_alloc(&ic->ic_sta); 1000 if (ni != NULL) { 1001 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1002 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1003 1004 ni->ni_table = NULL; /* NB: pedantic / 1005* ni->ni_ic = ic; /* NB: needed to set channel / 1006* ni->ni_vap = vap; 1007 1008 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1009 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid); 1010 ieee80211_node_initref(ni); /* mark referenced / 1011* /* NB: required by ieee80211_fix_rate / 1012* ieee80211_node_set_chan(ni, vap->iv_bss->ni_chan); 1013 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, 1014 IEEE80211_KEYIX_NONE); 1015 /* XXX optimize away / 1016* IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 1017 IEEE80211_NODE_WDSQ_INIT(ni, "unknown"); 1018 } else { 1019 /* XXX msg / 1020* vap->iv_stats.is_rx_nodealloc++; 1021 } 1022 return ni; 1023} 1024 1025struct ieee80211_node * 1026ieee80211_dup_bss(struct ieee80211vap vap, 1027* const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1028{ 1029 struct ieee80211com ic = vap->iv_ic; 1030* struct ieee80211_node ni; 1031* 1032 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr); 1033 if (ni != NULL) { 1034 /* 1035 * Inherit from iv_bss. 1036 / 1037* ni->ni_authmode = vap->iv_bss->ni_authmode; 1038 ni->ni_vlan = vap->iv_bss->ni_vlan; /* XXX?? / 1039* IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid); 1040 ieee80211_node_set_chan(ni, vap->iv_bss->ni_chan); 1041 } 1042 return ni; 1043} 1044 1045/* 1046 * Create a bss node for a legacy WDS vap. The far end does 1047 * not associate so we just create create a new node and 1048 * simulate an association. The caller is responsible for 1049 * installing the node as the bss node and handling any further 1050 * setup work like authorizing the port. 1051 / 1052struct ieee80211_node 1053ieee80211_node_create_wds(struct ieee80211vap vap, 1054* const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel chan) 1055{ 1056* struct ieee80211com ic = vap->iv_ic; 1057* struct ieee80211_node ni; 1058* 1059 /* XXX check if node already in sta table? / 1060* ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid); 1061 if (ni != NULL) { 1062 ni->ni_wdsvap = vap; 1063 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid); 1064 /* 1065 * Inherit any manually configured settings. 1066 / 1067* ni->ni_authmode = vap->iv_bss->ni_authmode; 1068 ni->ni_vlan = vap->iv_bss->ni_vlan; 1069 ieee80211_node_set_chan(ni, chan); 1070 /* NB: propagate ssid so available to WPA supplicant / 1071* ni->ni_esslen = vap->iv_des_ssid[0].len; 1072 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 1073 /* NB: no associd for peer / 1074* /* 1075 * There are no management frames to use to 1076 * discover neighbor capabilities, so blindly 1077 * propagate the local configuration. 1078 / 1079* if (vap->iv_flags & IEEE80211_F_WME) 1080 ni->ni_flags \|= IEEE80211_NODE_QOS; 1081 if (vap->iv_flags & IEEE80211_F_FF) 1082 ni->ni_flags \|= IEEE80211_NODE_FF; 1083 if ((ic->ic_htcaps & IEEE80211_HTC_HT) && 1084 (vap->iv_flags_ext & IEEE80211_FEXT_HT)) { 1085 /* 1086 * Device is HT-capable and HT is enabled for 1087 * the vap; setup HT operation. On return 1088 * ni_chan will be adjusted to an HT channel. 1089 / 1090* ieee80211_ht_wds_init(ni); 1091 } else { 1092 struct ieee80211_channel c = ni->ni_chan; 1093* /* 1094 * Force a legacy channel to be used. 1095 / 1096* c = ieee80211_find_channel(ic, 1097 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT); 1098 KASSERT(c != NULL, ("no legacy channel, %u/%x", 1099 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags)); 1100 ni->ni_chan = c; 1101 } 1102 } 1103 return ni; 1104} 1105 1106struct ieee80211_node * 1107#ifdef IEEE80211_DEBUG_REFCNT 1108ieee80211_find_node_locked_debug(struct ieee80211_node_table nt, 1109* const uint8_t macaddr[IEEE80211_ADDR_LEN], const char func, int line) 1110#else 1111ieee80211_find_node_locked(struct ieee80211_node_table nt, 1112 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1113#endif 1114{ 1115 struct ieee80211_node ni; 1116* int hash; 1117 1118 IEEE80211_NODE_LOCK_ASSERT(nt); 1119 1120 hash = IEEE80211_NODE_HASH(macaddr); 1121 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1122 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1123 ieee80211_ref_node(ni); /* mark referenced / 1124#ifdef IEEE80211_DEBUG_REFCNT 1125* IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1126 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1127 func, line, 1128 ni, ether_sprintf(ni->ni_macaddr), 1129 ieee80211_node_refcnt(ni)); 1130#endif 1131 return ni; 1132 } 1133 } 1134 return NULL; 1135} 1136 1137struct ieee80211_node * 1138#ifdef IEEE80211_DEBUG_REFCNT 1139ieee80211_find_node_debug(struct ieee80211_node_table nt, 1140* const uint8_t macaddr[IEEE80211_ADDR_LEN], const char func, int line) 1141#else 1142ieee80211_find_node(struct ieee80211_node_table nt, 1143 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1144#endif 1145{ 1146 struct ieee80211_node ni; 1147* 1148 IEEE80211_NODE_LOCK(nt); 1149 ni = ieee80211_find_node_locked(nt, macaddr); 1150 IEEE80211_NODE_UNLOCK(nt); 1151 return ni; 1152} 1153 1154struct ieee80211_node * 1155#ifdef IEEE80211_DEBUG_REFCNT 1156ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table nt, 1157* const struct ieee80211vap vap, 1158* const uint8_t macaddr[IEEE80211_ADDR_LEN], const char func, int line) 1159#else 1160ieee80211_find_vap_node_locked(struct ieee80211_node_table nt, 1161 const struct ieee80211vap vap, 1162* const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1163#endif 1164{ 1165 struct ieee80211_node ni; 1166* int hash; 1167 1168 IEEE80211_NODE_LOCK_ASSERT(nt); 1169 1170 hash = IEEE80211_NODE_HASH(macaddr); 1171 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1172 if (ni->ni_vap == vap && 1173 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1174 ieee80211_ref_node(ni); /* mark referenced / 1175#ifdef IEEE80211_DEBUG_REFCNT 1176* IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1177 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1178 func, line, 1179 ni, ether_sprintf(ni->ni_macaddr), 1180 ieee80211_node_refcnt(ni)); 1181#endif 1182 return ni; 1183 } 1184 } 1185 return NULL; 1186} 1187 1188struct ieee80211_node * 1189#ifdef IEEE80211_DEBUG_REFCNT 1190ieee80211_find_vap_node_debug(struct ieee80211_node_table nt, 1191* const struct ieee80211vap vap, 1192* const uint8_t macaddr[IEEE80211_ADDR_LEN], const char func, int line) 1193#else 1194ieee80211_find_vap_node(struct ieee80211_node_table nt, 1195 const struct ieee80211vap vap, 1196* const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1197#endif 1198{ 1199 struct ieee80211_node ni; 1200* 1201 IEEE80211_NODE_LOCK(nt); 1202 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr); 1203 IEEE80211_NODE_UNLOCK(nt); 1204 return ni; 1205} 1206 1207/* 1208 * Fake up a node; this handles node discovery in adhoc mode. 1209 * Note that for the driver's benefit we we treat this like 1210 * an association so the driver has an opportunity to setup 1211 * it's private state. 1212 / 1213struct ieee80211_node 1214ieee80211_fakeup_adhoc_node(struct ieee80211vap vap, 1215* const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1216{ 1217 struct ieee80211_node ni; 1218* 1219 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1220 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr)); 1221 ni = ieee80211_dup_bss(vap, macaddr); 1222 if (ni != NULL) { 1223 struct ieee80211com ic = vap->iv_ic; 1224* 1225 /* XXX no rate negotiation; just dup / 1226* ni->ni_rates = vap->iv_bss->ni_rates; 1227 if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 1228 /* 1229 * In adhoc demo mode there are no management 1230 * frames to use to discover neighbor capabilities, 1231 * so blindly propagate the local configuration 1232 * so we can do interesting things (e.g. use 1233 * WME to disable ACK's). 1234 / 1235* if (vap->iv_flags & IEEE80211_F_WME) 1236 ni->ni_flags \|= IEEE80211_NODE_QOS; 1237 if (vap->iv_flags & IEEE80211_F_FF) 1238 ni->ni_flags \|= IEEE80211_NODE_FF; 1239 } 1240 if (ic->ic_newassoc != NULL) 1241 ic->ic_newassoc(ni, 1); 1242 /* XXX not right for 802.1x/WPA / 1243* ieee80211_node_authorize(ni); 1244 } 1245 return ni; 1246} 1247 1248void 1249ieee80211_init_neighbor(struct ieee80211_node ni, 1250* const struct ieee80211_frame wh, 1251* const struct ieee80211_scanparams sp) 1252{ 1253* ni->ni_esslen = sp->ssid[1]; 1254 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1255 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1256 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1257 ni->ni_intval = sp->bintval; 1258 ni->ni_capinfo = sp->capinfo; 1259 ni->ni_chan = ni->ni_ic->ic_curchan; 1260 ni->ni_fhdwell = sp->fhdwell; 1261 ni->ni_fhindex = sp->fhindex; 1262 ni->ni_erp = sp->erp; 1263 ni->ni_timoff = sp->timoff; 1264 1265 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) { 1266 ieee80211_ies_expand(&ni->ni_ies); 1267 if (ni->ni_ies.ath_ie != NULL) 1268 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 1269 } 1270 1271 /* NB: must be after ni_chan is setup / 1272* ieee80211_setup_rates(ni, sp->rates, sp->xrates, 1273 IEEE80211_F_DOSORT \| IEEE80211_F_DOFRATE \| 1274 IEEE80211_F_DONEGO \| IEEE80211_F_DODEL); 1275} 1276 1277/* 1278 * Do node discovery in adhoc mode on receipt of a beacon 1279 * or probe response frame. Note that for the driver's 1280 * benefit we we treat this like an association so the 1281 * driver has an opportunity to setup it's private state. 1282 / 1283struct ieee80211_node 1284ieee80211_add_neighbor(struct ieee80211vap vap, 1285* const struct ieee80211_frame wh, 1286* const struct ieee80211_scanparams sp) 1287{ 1288* struct ieee80211_node ni; 1289* 1290 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1291 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2)); 1292 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? / 1293* if (ni != NULL) { 1294 struct ieee80211com ic = vap->iv_ic; 1295* 1296 ieee80211_init_neighbor(ni, wh, sp); 1297 if (ic->ic_newassoc != NULL) 1298 ic->ic_newassoc(ni, 1); 1299 /* XXX not right for 802.1x/WPA / 1300* ieee80211_node_authorize(ni); 1301 } 1302 return ni; 1303} 1304 1305#define IS_CTL(wh) \ 1306 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1307#define IS_PSPOLL(wh) \ 1308 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1309#define IS_BAR(wh) \ 1310 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_BAR) 1311#define IS_PROBEREQ(wh) \ 1312 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK\|IEEE80211_FC0_SUBTYPE_MASK)) \ 1313 == (IEEE80211_FC0_TYPE_MGT \| IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 1314#define IS_BCAST_PROBEREQ(wh) \ 1315 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \ 1316 ((const struct ieee80211_frame )(wh))->i_addr3)) 1317* 1318static __inline struct ieee80211_node * 1319_find_rxnode(struct ieee80211_node_table nt, 1320* const struct ieee80211_frame_min wh) 1321{ 1322* /* XXX 4-address frames? / 1323* if (IS_CTL(wh) && !IS_PSPOLL(wh) && !IS_BAR(wh) /&& !IS_RTS(ah)/) 1324 return ieee80211_find_node_locked(nt, wh->i_addr1); 1325 if (IS_BCAST_PROBEREQ(wh)) 1326 return NULL; /* spam bcast probe req to all vap's / 1327* return ieee80211_find_node_locked(nt, wh->i_addr2); 1328} 1329 1330/* 1331 * Locate the node for sender, track state, and then pass the 1332 * (referenced) node up to the 802.11 layer for its use. Note 1333 * we can return NULL if the sender is not in the table. 1334 / 1335struct ieee80211_node 1336#ifdef IEEE80211_DEBUG_REFCNT 1337ieee80211_find_rxnode_debug(struct ieee80211com ic, 1338* const struct ieee80211_frame_min wh, const char func, int line) 1339#else 1340ieee80211_find_rxnode(struct ieee80211com ic, 1341* const struct ieee80211_frame_min wh) 1342#endif 1343{ 1344* struct ieee80211_node_table nt; 1345* struct ieee80211_node ni; 1346* 1347 nt = &ic->ic_sta; 1348 IEEE80211_NODE_LOCK(nt); 1349 ni = _find_rxnode(nt, wh); 1350 IEEE80211_NODE_UNLOCK(nt); 1351 1352 return ni; 1353} 1354 1355/* 1356 * Like ieee80211_find_rxnode but use the supplied h/w 1357 * key index as a hint to locate the node in the key 1358 * mapping table. If an entry is present at the key 1359 * index we return it; otherwise do a normal lookup and 1360 * update the mapping table if the station has a unicast 1361 * key assigned to it. 1362 / 1363struct ieee80211_node 1364#ifdef IEEE80211_DEBUG_REFCNT 1365ieee80211_find_rxnode_withkey_debug(struct ieee80211com ic, 1366* const struct ieee80211_frame_min wh, ieee80211_keyix keyix, 1367* const char func, int line) 1368#else 1369ieee80211_find_rxnode_withkey(struct ieee80211com ic, 1370 const struct ieee80211_frame_min wh, ieee80211_keyix keyix) 1371#endif 1372{ 1373* struct ieee80211_node_table nt; 1374* struct ieee80211_node ni; 1375* 1376 nt = &ic->ic_sta; 1377 IEEE80211_NODE_LOCK(nt); 1378 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) 1379 ni = nt->nt_keyixmap[keyix]; 1380 else 1381 ni = NULL; 1382 if (ni == NULL) { 1383 ni = _find_rxnode(nt, wh); 1384 if (ni != NULL && nt->nt_keyixmap != NULL) { 1385 /* 1386 * If the station has a unicast key cache slot 1387 * assigned update the key->node mapping table. 1388 / 1389* keyix = ni->ni_ucastkey.wk_rxkeyix; 1390 /* XXX can keyixmap[keyix] != NULL? / 1391* if (keyix < nt->nt_keyixmax && 1392 nt->nt_keyixmap[keyix] == NULL) { 1393 IEEE80211_DPRINTF(ni->ni_vap, 1394 IEEE80211_MSG_NODE, 1395 "%s: add key map entry %p<%s> refcnt %d\n", 1396 __func__, ni, ether_sprintf(ni->ni_macaddr), 1397 ieee80211_node_refcnt(ni)+1); 1398 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1399 } 1400 } 1401 } else { 1402 if (IS_BCAST_PROBEREQ(wh)) 1403 ni = NULL; /* spam bcast probe req to all vap's / 1404* else 1405 ieee80211_ref_node(ni); 1406 } 1407 IEEE80211_NODE_UNLOCK(nt); 1408 1409 return ni; 1410} 1411#undef IS_BCAST_PROBEREQ 1412#undef IS_PROBEREQ 1413#undef IS_BAR 1414#undef IS_PSPOLL 1415#undef IS_CTL 1416 1417/* 1418 * Return a reference to the appropriate node for sending 1419 * a data frame. This handles node discovery in adhoc networks. 1420 / 1421struct ieee80211_node 1422#ifdef IEEE80211_DEBUG_REFCNT 1423ieee80211_find_txnode_debug(struct ieee80211vap vap, 1424* const uint8_t macaddr[IEEE80211_ADDR_LEN], 1425 const char func, int line) 1426#else 1427ieee80211_find_txnode(struct ieee80211vap vap, 1428 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1429#endif 1430{ 1431 struct ieee80211_node_table nt = &vap->iv_ic->ic_sta; 1432* struct ieee80211_node ni; 1433* 1434 /* 1435 * The destination address should be in the node table 1436 * unless this is a multicast/broadcast frame. We can 1437 * also optimize station mode operation, all frames go 1438 * to the bss node. 1439 / 1440* /* XXX can't hold lock across dup_bss 'cuz of recursive locking / 1441* IEEE80211_NODE_LOCK(nt); 1442 if (vap->iv_opmode == IEEE80211_M_STA \|\| 1443 vap->iv_opmode == IEEE80211_M_WDS \|\| 1444 IEEE80211_IS_MULTICAST(macaddr)) 1445 ni = ieee80211_ref_node(vap->iv_bss); 1446 else { 1447 ni = ieee80211_find_node_locked(nt, macaddr); 1448 if (vap->iv_opmode == IEEE80211_M_HOSTAP && 1449 (ni != NULL && ni->ni_associd == 0)) { 1450 /* 1451 * Station is not associated; don't permit the 1452 * data frame to be sent by returning NULL. This 1453 * is kinda a kludge but the least intrusive way 1454 * to add this check into all drivers. 1455 / 1456* ieee80211_unref_node(&ni); /* NB: null's ni / 1457* } 1458 } 1459 IEEE80211_NODE_UNLOCK(nt); 1460 1461 if (ni == NULL) { 1462 if (vap->iv_opmode == IEEE80211_M_IBSS \|\| 1463 vap->iv_opmode == IEEE80211_M_AHDEMO) { 1464 /* 1465 * In adhoc mode cons up a node for the destination. 1466 * Note that we need an additional reference for the 1467 * caller to be consistent with 1468 * ieee80211_find_node_locked. 1469 / 1470* ni = ieee80211_fakeup_adhoc_node(vap, macaddr); 1471 if (ni != NULL) 1472 (void) ieee80211_ref_node(ni); 1473 } else { 1474 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr, 1475 "no node, discard frame (%s)", __func__); 1476 vap->iv_stats.is_tx_nonode++; 1477 } 1478 } 1479 return ni; 1480} 1481 1482static void 1483_ieee80211_free_node(struct ieee80211_node ni) 1484*{	29 30#include "opt_wlan.h" 31 32#include <sys/param.h> 33#include <sys/systm.h> 34#include <sys/mbuf.h> 35#include <sys/malloc.h> 36#include <sys/kernel.h> 37 38#include <sys/socket.h> 39 40#include <net/if.h> 41#include <net/if_media.h> 42#include <net/ethernet.h> 43 44#include <net80211/ieee80211_var.h> 45#include <net80211/ieee80211_input.h> 46#include <net80211/ieee80211_wds.h> 47 48#include <net/bpf.h> 49 50/* 51 * Association id's are managed with a bit vector. 52 / 53#define IEEE80211_AID_SET(_vap, b) \ 54 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] \|= \ 55 (1 << (IEEE80211_AID(b) % 32))) 56#define IEEE80211_AID_CLR(_vap, b) \ 57 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \ 58 ~(1 << (IEEE80211_AID(b) % 32))) 59#define IEEE80211_AID_ISSET(_vap, b) \ 60 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 61 62#ifdef IEEE80211_DEBUG_REFCNT 63#define REFCNT_LOC "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line 64#else 65#define REFCNT_LOC "%s %p<%s> refcnt %d\n", __func__ 66#endif 67 68static int ieee80211_sta_join1(struct ieee80211_node ); 69 70static struct ieee80211_node node_alloc(struct ieee80211_node_table ); 71static void node_cleanup(struct ieee80211_node ); 72static void node_free(struct ieee80211_node ); 73static void node_age(struct ieee80211_node ); 74static int8_t node_getrssi(const struct ieee80211_node ); 75static void node_getsignal(const struct ieee80211_node , int8_t , int8_t ); 76static void node_getmimoinfo(const struct ieee80211_node , 77 struct ieee80211_mimo_info ); 78 79static void _ieee80211_free_node(struct ieee80211_node ); 80 81static void ieee80211_node_table_init(struct ieee80211com ic, 82 struct ieee80211_node_table nt, const char name, 83 int inact, int keymaxix); 84static void ieee80211_node_table_reset(struct ieee80211_node_table , 85 struct ieee80211vap ); 86static void ieee80211_node_reclaim(struct ieee80211_node ); 87static void ieee80211_node_table_cleanup(struct ieee80211_node_table nt); 88static void ieee80211_erp_timeout(struct ieee80211com ); 89 90MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 91MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie"); 92 93void 94ieee80211_node_attach(struct ieee80211com ic) 95{ 96 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 97 IEEE80211_INACT_INIT, ic->ic_max_keyix); 98 callout_init(&ic->ic_inact, CALLOUT_MPSAFE); 99 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIThz, 100 ieee80211_node_timeout, ic); 101 102 ic->ic_node_alloc = node_alloc; 103 ic->ic_node_free = node_free; 104 ic->ic_node_cleanup = node_cleanup; 105 ic->ic_node_age = node_age; 106 ic->ic_node_drain = node_age; /* NB: same as age / 107* ic->ic_node_getrssi = node_getrssi; 108 ic->ic_node_getsignal = node_getsignal; 109 ic->ic_node_getmimoinfo = node_getmimoinfo; 110 111 /* 112 * Set flags to be propagated to all vap's; 113 * these define default behaviour/configuration. 114 / 115* ic->ic_flags_ext \|= IEEE80211_FEXT_INACT; /* inactivity processing / 116} 117* 118void 119ieee80211_node_detach(struct ieee80211com ic) 120{ 121* 122 callout_drain(&ic->ic_inact); 123 ieee80211_node_table_cleanup(&ic->ic_sta); 124} 125 126void 127ieee80211_node_vattach(struct ieee80211vap vap) 128{ 129* /* NB: driver can override / 130* vap->iv_max_aid = IEEE80211_AID_DEF; 131 132 /* default station inactivity timer setings / 133* vap->iv_inact_init = IEEE80211_INACT_INIT; 134 vap->iv_inact_auth = IEEE80211_INACT_AUTH; 135 vap->iv_inact_run = IEEE80211_INACT_RUN; 136 vap->iv_inact_probe = IEEE80211_INACT_PROBE; 137} 138 139void 140ieee80211_node_latevattach(struct ieee80211vap vap) 141{ 142* if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 143 /* XXX should we allow max aid to be zero? / 144* if (vap->iv_max_aid < IEEE80211_AID_MIN) { 145 vap->iv_max_aid = IEEE80211_AID_MIN; 146 if_printf(vap->iv_ifp, 147 "WARNING: max aid too small, changed to %d\n", 148 vap->iv_max_aid); 149 } 150 MALLOC(vap->iv_aid_bitmap, uint32_t , 151* howmany(vap->iv_max_aid, 32) * sizeof(uint32_t), 152 M_80211_NODE, M_NOWAIT \| M_ZERO); 153 if (vap->iv_aid_bitmap == NULL) { 154 /* XXX no way to recover / 155* printf("%s: no memory for AID bitmap, max aid %d!\n", 156 __func__, vap->iv_max_aid); 157 vap->iv_max_aid = 0; 158 } 159 } 160 161 ieee80211_reset_bss(vap); 162 163 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode); 164} 165 166void 167ieee80211_node_vdetach(struct ieee80211vap vap) 168{ 169* struct ieee80211com ic = vap->iv_ic; 170* 171 ieee80211_node_table_reset(&ic->ic_sta, vap); 172 if (vap->iv_bss != NULL) { 173 ieee80211_free_node(vap->iv_bss); 174 vap->iv_bss = NULL; 175 } 176 if (vap->iv_aid_bitmap != NULL) { 177 FREE(vap->iv_aid_bitmap, M_80211_NODE); 178 vap->iv_aid_bitmap = NULL; 179 } 180} 181 182/* 183 * Port authorize/unauthorize interfaces for use by an authenticator. 184 / 185* 186void 187ieee80211_node_authorize(struct ieee80211_node ni) 188{ 189* ni->ni_flags \|= IEEE80211_NODE_AUTH; 190 ni->ni_inact_reload = ni->ni_vap->iv_inact_run; 191 ni->ni_inact = ni->ni_inact_reload; 192} 193 194void 195ieee80211_node_unauthorize(struct ieee80211_node ni) 196{ 197* ni->ni_flags &= ~IEEE80211_NODE_AUTH; 198 ni->ni_inact_reload = ni->ni_vap->iv_inact_auth; 199 if (ni->ni_inact > ni->ni_inact_reload) 200 ni->ni_inact = ni->ni_inact_reload; 201} 202 203/* 204 * Set/change the channel. The rate set is also updated as 205 * to insure a consistent view by drivers. 206 * XXX should be private but hostap needs it to deal with CSA 207 / 208void 209ieee80211_node_set_chan(struct ieee80211_node ni, 210 struct ieee80211_channel chan) 211{ 212* struct ieee80211com ic = ni->ni_ic; 213* 214 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel")); 215 216 ni->ni_chan = chan; 217 if (IEEE80211_IS_CHAN_HT(chan)) { 218 /* 219 * XXX Gotta be careful here; the rate set returned by 220 * ieee80211_get_suprates is actually any HT rate 221 * set so blindly copying it will be bad. We must 222 * install the legacy rate est in ni_rates and the 223 * HT rate set in ni_htrates. 224 / 225* ni->ni_htrates = ieee80211_get_suphtrates(ic, chan); 226* } 227 ni->ni_rates = ieee80211_get_suprates(ic, chan); 228} 229* 230static __inline void 231copy_bss(struct ieee80211_node nbss, const struct ieee80211_node obss) 232{ 233 /* propagate useful state / 234* nbss->ni_authmode = obss->ni_authmode; 235 nbss->ni_txpower = obss->ni_txpower; 236 nbss->ni_vlan = obss->ni_vlan; 237 /* XXX statistics? / 238* /* XXX legacy WDS bssid? / 239} 240* 241void 242ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel chan) 243{ 244* struct ieee80211com ic = vap->iv_ic; 245* struct ieee80211_node ni; 246* 247 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 248 "%s: creating ibss on channel %u\n", __func__, 249 ieee80211_chan2ieee(ic, chan)); 250 251 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 252 if (ni == NULL) { 253 /* XXX recovery? / 254* return; 255 } 256 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 257 ni->ni_esslen = vap->iv_des_ssid[0].len; 258 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 259 if (vap->iv_bss != NULL) 260 copy_bss(ni, vap->iv_bss); 261 ni->ni_intval = ic->ic_bintval; 262 if (vap->iv_flags & IEEE80211_F_PRIVACY) 263 ni->ni_capinfo \|= IEEE80211_CAPINFO_PRIVACY; 264 if (ic->ic_phytype == IEEE80211_T_FH) { 265 ni->ni_fhdwell = 200; /* XXX / 266* ni->ni_fhindex = 1; 267 } 268 if (vap->iv_opmode == IEEE80211_M_IBSS) { 269 vap->iv_flags \|= IEEE80211_F_SIBSS; 270 ni->ni_capinfo \|= IEEE80211_CAPINFO_IBSS; /* XXX / 271* if (vap->iv_flags & IEEE80211_F_DESBSSID) 272 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 273 else { 274 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN); 275 /* clear group bit, add local bit / 276* ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) \| 0x02; 277 } 278 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 279 if (vap->iv_flags & IEEE80211_F_DESBSSID) 280 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 281 else 282 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN); 283 } 284 /* 285 * Fix the channel and related attributes. 286 / 287* /* clear DFS CAC state on previous channel / 288* if (ic->ic_bsschan != IEEE80211_CHAN_ANYC && 289 ic->ic_bsschan->ic_freq != chan->ic_freq && 290 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan)) 291 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan); 292 ic->ic_bsschan = chan; 293 ieee80211_node_set_chan(ni, chan); 294 ic->ic_curmode = ieee80211_chan2mode(chan); 295 /* 296 * Do mode-specific setup. 297 / 298* if (IEEE80211_IS_CHAN_FULL(chan)) { 299 if (IEEE80211_IS_CHAN_ANYG(chan)) { 300 /* 301 * Use a mixed 11b/11g basic rate set. 302 / 303* ieee80211_setbasicrates(&ni->ni_rates, 304 IEEE80211_MODE_11G); 305 if (vap->iv_flags & IEEE80211_F_PUREG) { 306 /* 307 * Also mark OFDM rates basic so 11b 308 * stations do not join (WiFi compliance). 309 / 310* ieee80211_addbasicrates(&ni->ni_rates, 311 IEEE80211_MODE_11A); 312 } 313 } else if (IEEE80211_IS_CHAN_B(chan)) { 314 /* 315 * Force pure 11b rate set. 316 / 317* ieee80211_setbasicrates(&ni->ni_rates, 318 IEEE80211_MODE_11B); 319 } 320 } 321 322 (void) ieee80211_sta_join1(ieee80211_ref_node(ni)); 323} 324 325/* 326 * Reset bss state on transition to the INIT state. 327 * Clear any stations from the table (they have been 328 * deauth'd) and reset the bss node (clears key, rate 329 * etc. state). 330 / 331void 332ieee80211_reset_bss(struct ieee80211vap vap) 333{ 334 struct ieee80211com ic = vap->iv_ic; 335* struct ieee80211_node ni, obss; 336 337 ieee80211_node_table_reset(&ic->ic_sta, vap); 338 /* XXX multi-bss: wrong / 339* ieee80211_reset_erp(ic); 340 341 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 342 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 343 obss = vap->iv_bss; 344 vap->iv_bss = ieee80211_ref_node(ni); 345 if (obss != NULL) { 346 copy_bss(ni, obss); 347 ni->ni_intval = ic->ic_bintval; 348 ieee80211_free_node(obss); 349 } else 350 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 351} 352 353static int 354match_ssid(const struct ieee80211_node ni, 355* int nssid, const struct ieee80211_scan_ssid ssids[]) 356{ 357 int i; 358 359 for (i = 0; i < nssid; i++) { 360 if (ni->ni_esslen == ssids[i].len && 361 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0) 362 return 1; 363 } 364 return 0; 365} 366 367/* 368 * Test a node for suitability/compatibility. 369 / 370static int 371check_bss(struct ieee80211vap vap, struct ieee80211_node ni) 372{ 373* struct ieee80211com ic = ni->ni_ic; 374* uint8_t rate; 375 376 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 377 return 0; 378 if (vap->iv_opmode == IEEE80211_M_IBSS) { 379 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 380 return 0; 381 } else { 382 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 383 return 0; 384 } 385 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 386 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 387 return 0; 388 } else { 389 /* XXX does this mean privacy is supported or required? / 390* if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 391 return 0; 392 } 393 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 394 IEEE80211_F_JOIN \| IEEE80211_F_DONEGO \| IEEE80211_F_DOFRATE); 395 if (rate & IEEE80211_RATE_BASIC) 396 return 0; 397 if (vap->iv_des_nssid != 0 && 398 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 399 return 0; 400 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 401 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 402 return 0; 403 return 1; 404} 405 406#ifdef IEEE80211_DEBUG 407/* 408 * Display node suitability/compatibility. 409 / 410static void 411check_bss_debug(struct ieee80211vap vap, struct ieee80211_node ni) 412{ 413* struct ieee80211com ic = ni->ni_ic; 414* uint8_t rate; 415 int fail; 416 417 fail = 0; 418 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 419 fail \|= 0x01; 420 if (vap->iv_opmode == IEEE80211_M_IBSS) { 421 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 422 fail \|= 0x02; 423 } else { 424 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 425 fail \|= 0x02; 426 } 427 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 428 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 429 fail \|= 0x04; 430 } else { 431 /* XXX does this mean privacy is supported or required? / 432* if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 433 fail \|= 0x04; 434 } 435 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 436 IEEE80211_F_JOIN \| IEEE80211_F_DONEGO \| IEEE80211_F_DOFRATE); 437 if (rate & IEEE80211_RATE_BASIC) 438 fail \|= 0x08; 439 if (vap->iv_des_nssid != 0 && 440 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 441 fail \|= 0x10; 442 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 443 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 444 fail \|= 0x20; 445 446 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr)); 447 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' '); 448 printf(" %3d%c", 449 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' '); 450 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 451 fail & 0x08 ? '!' : ' '); 452 printf(" %4s%c", 453 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 454 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 455 "????", 456 fail & 0x02 ? '!' : ' '); 457 printf(" %3s%c ", 458 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no", 459 fail & 0x04 ? '!' : ' '); 460 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 461 printf("%s\n", fail & 0x10 ? "!" : ""); 462} 463#endif /* IEEE80211_DEBUG / 464* 465/* 466 * Handle 802.11 ad hoc network merge. The 467 * convention, set by the Wireless Ethernet Compatibility Alliance 468 * (WECA), is that an 802.11 station will change its BSSID to match 469 * the "oldest" 802.11 ad hoc network, on the same channel, that 470 * has the station's desired SSID. The "oldest" 802.11 network 471 * sends beacons with the greatest TSF timestamp. 472 * 473 * The caller is assumed to validate TSF's before attempting a merge. 474 * 475 * Return !0 if the BSSID changed, 0 otherwise. 476 / 477int 478ieee80211_ibss_merge(struct ieee80211_node ni) 479{ 480 struct ieee80211vap vap = ni->ni_vap; 481#ifdef IEEE80211_DEBUG 482* struct ieee80211com ic = ni->ni_ic; 483#endif 484* 485 if (ni == vap->iv_bss \|\| 486 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) { 487 /* unchanged, nothing to do / 488* return 0; 489 } 490 if (!check_bss(vap, ni)) { 491 /* capabilities mismatch / 492* IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 493 "%s: merge failed, capabilities mismatch\n", __func__); 494#ifdef IEEE80211_DEBUG 495 if (ieee80211_msg_assoc(vap)) 496 check_bss_debug(vap, ni); 497#endif 498 vap->iv_stats.is_ibss_capmismatch++; 499 return 0; 500 } 501 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 502 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 503 ether_sprintf(ni->ni_bssid), 504 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 505 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 506 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 507 ); 508 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 509} 510 511/* 512 * Calculate HT channel promotion flags for all vaps. 513 * This assumes ni_chan have been setup for each vap. 514 / 515static int 516gethtadjustflags(struct ieee80211com ic) 517{ 518 struct ieee80211vap vap; 519* int flags; 520 521 flags = 0; 522 /* XXX locking / 523* TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 524 if (vap->iv_state < IEEE80211_S_RUN) 525 continue; 526 switch (vap->iv_opmode) { 527 case IEEE80211_M_WDS: 528 case IEEE80211_M_STA: 529 case IEEE80211_M_AHDEMO: 530 case IEEE80211_M_HOSTAP: 531 case IEEE80211_M_IBSS: 532 flags \|= ieee80211_htchanflags(vap->iv_bss->ni_chan); 533 break; 534 default: 535 break; 536 } 537 } 538 return flags; 539} 540 541/* 542 * Check if the current channel needs to change based on whether 543 * any vap's are using HT20/HT40. This is used sync the state of 544 * ic_curchan after a channel width change on a running vap. 545 / 546void 547ieee80211_sync_curchan(struct ieee80211com ic) 548{ 549 struct ieee80211_channel c; 550* 551 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic)); 552 if (c != ic->ic_curchan) { 553 ic->ic_curchan = c; 554 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 555 ic->ic_set_channel(ic); 556 } 557} 558 559/* 560 * Change the current channel. The request channel may be 561 * promoted if other vap's are operating with HT20/HT40. 562 / 563void 564ieee80211_setcurchan(struct ieee80211com ic, struct ieee80211_channel c) 565{ 566* if (ic->ic_htcaps & IEEE80211_HTC_HT) { 567 int flags = gethtadjustflags(ic); 568 /* 569 * Check for channel promotion required to support the 570 * set of running vap's. This assumes we are called 571 * after ni_chan is setup for each vap. 572 / 573* /* NB: this assumes IEEE80211_FEXT_USEHT40 > IEEE80211_FEXT_HT / 574* if (flags > ieee80211_htchanflags(c)) 575 c = ieee80211_ht_adjust_channel(ic, c, flags); 576 } 577 ic->ic_bsschan = ic->ic_curchan = c; 578 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 579 ic->ic_set_channel(ic); 580} 581 582/* 583 * Join the specified IBSS/BSS network. The node is assumed to 584 * be passed in with a held reference. 585 / 586static int 587ieee80211_sta_join1(struct ieee80211_node selbs) 588{ 589 struct ieee80211vap vap = selbs->ni_vap; 590* struct ieee80211com ic = selbs->ni_ic; 591* struct ieee80211_node obss; 592* int canreassoc; 593 594 /* 595 * Committed to selbs, setup state. 596 / 597* obss = vap->iv_bss; 598 /* 599 * Check if old+new node have the same address in which 600 * case we can reassociate when operating in sta mode. 601 / 602* canreassoc = (obss != NULL && 603 vap->iv_state == IEEE80211_S_RUN && 604 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr)); 605 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt / 606* if (obss != NULL) { 607 copy_bss(selbs, obss); 608 ieee80211_node_reclaim(obss); 609 obss = NULL; /* NB: guard against later use / 610* } 611 612 /* 613 * Delete unusable rates; we've already checked 614 * that the negotiated rate set is acceptable. 615 / 616* ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates, 617 IEEE80211_F_DODEL \| IEEE80211_F_JOIN); 618 619 ieee80211_setcurchan(ic, selbs->ni_chan); 620 /* 621 * Set the erp state (mostly the slot time) to deal with 622 * the auto-select case; this should be redundant if the 623 * mode is locked. 624 / 625* ieee80211_reset_erp(ic); 626 ieee80211_wme_initparams(vap); 627 628 if (vap->iv_opmode == IEEE80211_M_STA) { 629 if (canreassoc) { 630 /* Reassociate / 631* ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1); 632 } else { 633 /* 634 * Act as if we received a DEAUTH frame in case we 635 * are invoked from the RUN state. This will cause 636 * us to try to re-authenticate if we are operating 637 * as a station. 638 / 639* ieee80211_new_state(vap, IEEE80211_S_AUTH, 640 IEEE80211_FC0_SUBTYPE_DEAUTH); 641 } 642 } else 643 ieee80211_new_state(vap, IEEE80211_S_RUN, -1); 644 return 1; 645} 646 647int 648ieee80211_sta_join(struct ieee80211vap vap, 649* const struct ieee80211_scan_entry se) 650{ 651* struct ieee80211com ic = vap->iv_ic; 652* struct ieee80211_node ni; 653* 654 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr); 655 if (ni == NULL) { 656 /* XXX msg / 657* return 0; 658 } 659 /* 660 * Expand scan state into node's format. 661 * XXX may not need all this stuff 662 / 663* IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid); 664 ni->ni_esslen = se->se_ssid[1]; 665 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen); 666 ni->ni_rstamp = se->se_rstamp; 667 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 668 ni->ni_intval = se->se_intval; 669 ni->ni_capinfo = se->se_capinfo; 670 ni->ni_chan = se->se_chan; 671 ni->ni_timoff = se->se_timoff; 672 ni->ni_fhdwell = se->se_fhdwell; 673 ni->ni_fhindex = se->se_fhindex; 674 ni->ni_erp = se->se_erp; 675 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi); 676 ni->ni_noise = se->se_noise; 677 678 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) { 679 ieee80211_ies_expand(&ni->ni_ies); 680 if (ni->ni_ies.ath_ie != NULL) 681 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 682 if (ni->ni_ies.htcap_ie != NULL) 683 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 684 if (ni->ni_ies.htinfo_ie != NULL) 685 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 686 } 687 688 vap->iv_dtim_period = se->se_dtimperiod; 689 vap->iv_dtim_count = 0; 690 691 /* NB: must be after ni_chan is setup / 692* ieee80211_setup_rates(ni, se->se_rates, se->se_xrates, 693 IEEE80211_F_DOSORT); 694 695 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 696} 697 698/* 699 * Leave the specified IBSS/BSS network. The node is assumed to 700 * be passed in with a held reference. 701 / 702void 703ieee80211_sta_leave(struct ieee80211_node ni) 704{ 705 struct ieee80211com ic = ni->ni_ic; 706* 707 ic->ic_node_cleanup(ni); 708 ieee80211_notify_node_leave(ni); 709} 710 711/* 712 * Send a deauthenticate frame and drop the station. 713 / 714void 715ieee80211_node_deauth(struct ieee80211_node ni, int reason) 716{ 717 /* NB: bump the refcnt to be sure temporay nodes are not reclaimed / 718* ieee80211_ref_node(ni); 719 if (ni->ni_associd != 0) 720 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 721 ieee80211_node_leave(ni); 722 ieee80211_free_node(ni); 723} 724 725static struct ieee80211_node * 726node_alloc(struct ieee80211_node_table nt) 727{ 728* struct ieee80211_node ni; 729* 730 MALLOC(ni, struct ieee80211_node , sizeof(struct ieee80211_node), 731* M_80211_NODE, M_NOWAIT \| M_ZERO); 732 return ni; 733} 734 735/* 736 * Initialize an ie blob with the specified data. If previous 737 * data exists re-use the data block. As a side effect we clear 738 * all references to specific ie's; the caller is required to 739 * recalculate them. 740 / 741int 742ieee80211_ies_init(struct ieee80211_ies ies, const uint8_t data, int len) 743{ 744* /* NB: assumes data+len are the last fields / 745* memset(ies, 0, offsetof(struct ieee80211_ies, data)); 746 if (ies->data != NULL && ies->len != len) { 747 /* data size changed / 748* FREE(ies->data, M_80211_NODE_IE); 749 ies->data = NULL; 750 } 751 if (ies->data == NULL) { 752 MALLOC(ies->data, uint8_t , len, M_80211_NODE_IE, M_NOWAIT); 753* if (ies->data == NULL) { 754 ies->len = 0; 755 /* NB: pointers have already been zero'd above / 756* return 0; 757 } 758 } 759 memcpy(ies->data, data, len); 760 ies->len = len; 761 return 1; 762} 763 764/* 765 * Reclaim storage for an ie blob. 766 / 767void 768ieee80211_ies_cleanup(struct ieee80211_ies ies) 769{ 770 if (ies->data != NULL) 771 FREE(ies->data, M_80211_NODE_IE); 772} 773 774/* 775 * Expand an ie blob data contents and to fillin individual 776 * ie pointers. The data blob is assumed to be well-formed; 777 * we don't do any validity checking of ie lengths. 778 / 779void 780ieee80211_ies_expand(struct ieee80211_ies ies) 781{ 782 uint8_t ie; 783* int ielen; 784 785 ie = ies->data; 786 ielen = ies->len; 787 while (ielen > 0) { 788 switch (ie[0]) { 789 case IEEE80211_ELEMID_VENDOR: 790 if (iswpaoui(ie)) 791 ies->wpa_ie = ie; 792 else if (iswmeoui(ie)) 793 ies->wme_ie = ie; 794 else if (isatherosoui(ie)) 795 ies->ath_ie = ie; 796 break; 797 case IEEE80211_ELEMID_RSN: 798 ies->rsn_ie = ie; 799 break; 800 case IEEE80211_ELEMID_HTCAP: 801 ies->htcap_ie = ie; 802 break; 803 } 804 ielen -= 2 + ie[1]; 805 ie += 2 + ie[1]; 806 } 807} 808 809/* 810 * Reclaim any resources in a node and reset any critical 811 * state. Typically nodes are free'd immediately after, 812 * but in some cases the storage may be reused so we need 813 * to insure consistent state (should probably fix that). 814 / 815static void 816node_cleanup(struct ieee80211_node ni) 817{ 818#define N(a) (sizeof(a)/sizeof(a[0])) 819 struct ieee80211vap vap = ni->ni_vap; 820* int i; 821 822 /* NB: preserve ni_table / 823* if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 824 if (vap->iv_opmode != IEEE80211_M_STA) 825 vap->iv_ps_sta--; 826 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 827 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni, 828 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta); 829 } 830 /* 831 * Cleanup any HT-related state. 832 / 833* if (ni->ni_flags & IEEE80211_NODE_HT) 834 ieee80211_ht_node_cleanup(ni); 835 /* 836 * Clear AREF flag that marks the authorization refcnt bump 837 * has happened. This is probably not needed as the node 838 * should always be removed from the table so not found but 839 * do it just in case. 840 / 841* ni->ni_flags &= ~IEEE80211_NODE_AREF; 842 843 /* 844 * Drain power save queue and, if needed, clear TIM. 845 / 846* if (ieee80211_node_saveq_drain(ni) != 0 && vap->iv_set_tim != NULL) 847 vap->iv_set_tim(ni, 0); 848 849 ni->ni_associd = 0; 850 if (ni->ni_challenge != NULL) { 851 FREE(ni->ni_challenge, M_80211_NODE); 852 ni->ni_challenge = NULL; 853 } 854 /* 855 * Preserve SSID, WPA, and WME ie's so the bss node is 856 * reusable during a re-auth/re-assoc state transition. 857 * If we remove these data they will not be recreated 858 * because they come from a probe-response or beacon frame 859 * which cannot be expected prior to the association-response. 860 * This should not be an issue when operating in other modes 861 * as stations leaving always go through a full state transition 862 * which will rebuild this state. 863 * 864 * XXX does this leave us open to inheriting old state? 865 / 866* for (i = 0; i < N(ni->ni_rxfrag); i++) 867 if (ni->ni_rxfrag[i] != NULL) { 868 m_freem(ni->ni_rxfrag[i]); 869 ni->ni_rxfrag[i] = NULL; 870 } 871 /* 872 * Must be careful here to remove any key map entry w/o a LOR. 873 / 874* ieee80211_node_delucastkey(ni); 875#undef N 876} 877 878static void 879node_free(struct ieee80211_node ni) 880{ 881* struct ieee80211com ic = ni->ni_ic; 882* 883 ic->ic_node_cleanup(ni); 884 ieee80211_ies_cleanup(&ni->ni_ies); 885 IEEE80211_NODE_SAVEQ_DESTROY(ni); 886 IEEE80211_NODE_WDSQ_DESTROY(ni); 887 FREE(ni, M_80211_NODE); 888} 889 890static void 891node_age(struct ieee80211_node ni) 892{ 893* struct ieee80211vap vap = ni->ni_vap; 894#if 0 895* IEEE80211_NODE_LOCK_ASSERT(&ic->ic_sta); 896#endif 897 /* 898 * Age frames on the power save queue. 899 / 900* if (ieee80211_node_saveq_age(ni) != 0 && 901 IEEE80211_NODE_SAVEQ_QLEN(ni) == 0 && 902 vap->iv_set_tim != NULL) 903 vap->iv_set_tim(ni, 0); 904 /* 905 * Age frames on the wds pending queue. 906 / 907* if (IEEE80211_NODE_WDSQ_QLEN(ni) != 0) 908 ieee80211_node_wdsq_age(ni); 909 /* 910 * Age out HT resources (e.g. frames on the 911 * A-MPDU reorder queues). 912 / 913* if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT)) 914 ieee80211_ht_node_age(ni); 915} 916 917static int8_t 918node_getrssi(const struct ieee80211_node ni) 919{ 920* uint32_t avgrssi = ni->ni_avgrssi; 921 int32_t rssi; 922 923 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) 924 return 0; 925 rssi = IEEE80211_RSSI_GET(avgrssi); 926 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 927} 928 929static void 930node_getsignal(const struct ieee80211_node ni, int8_t rssi, int8_t noise) 931{ 932* rssi = node_getrssi(ni); 933* noise = ni->ni_noise; 934} 935* 936static void 937node_getmimoinfo(const struct ieee80211_node ni, 938* struct ieee80211_mimo_info info) 939{ 940* /* XXX zero data? / 941} 942* 943struct ieee80211_node * 944ieee80211_alloc_node(struct ieee80211_node_table nt, 945* struct ieee80211vap vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 946{ 947* struct ieee80211com ic = nt->nt_ic; 948* struct ieee80211_node ni; 949* int hash; 950 951 ni = ic->ic_node_alloc(nt); 952 if (ni == NULL) { 953 vap->iv_stats.is_rx_nodealloc++; 954 return NULL; 955 } 956 957 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 958 "%s %p<%s> in %s table\n", __func__, ni, 959 ether_sprintf(macaddr), nt->nt_name); 960 961 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 962 hash = IEEE80211_NODE_HASH(macaddr); 963 ieee80211_node_initref(ni); /* mark referenced / 964* ni->ni_chan = IEEE80211_CHAN_ANYC; 965 ni->ni_authmode = IEEE80211_AUTH_OPEN; 966 ni->ni_txpower = ic->ic_txpowlimit; /* max power / 967* ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 968 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER; 969 ni->ni_inact_reload = nt->nt_inact_init; 970 ni->ni_inact = ni->ni_inact_reload; 971 ni->ni_ath_defkeyix = 0x7fff; 972 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 973 IEEE80211_NODE_WDSQ_INIT(ni, "unknown"); 974 975 IEEE80211_NODE_LOCK(nt); 976 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 977 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 978 ni->ni_table = nt; 979 ni->ni_vap = vap; 980 ni->ni_ic = ic; 981 IEEE80211_NODE_UNLOCK(nt); 982 983 return ni; 984} 985 986/* 987 * Craft a temporary node suitable for sending a management frame 988 * to the specified station. We craft only as much state as we 989 * need to do the work since the node will be immediately reclaimed 990 * once the send completes. 991 / 992struct ieee80211_node 993ieee80211_tmp_node(struct ieee80211vap vap, 994* const uint8_t macaddr[IEEE80211_ADDR_LEN]) 995{ 996 struct ieee80211com ic = vap->iv_ic; 997* struct ieee80211_node ni; 998* 999 ni = ic->ic_node_alloc(&ic->ic_sta); 1000 if (ni != NULL) { 1001 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1002 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1003 1004 ni->ni_table = NULL; /* NB: pedantic / 1005* ni->ni_ic = ic; /* NB: needed to set channel / 1006* ni->ni_vap = vap; 1007 1008 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1009 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid); 1010 ieee80211_node_initref(ni); /* mark referenced / 1011* /* NB: required by ieee80211_fix_rate / 1012* ieee80211_node_set_chan(ni, vap->iv_bss->ni_chan); 1013 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, 1014 IEEE80211_KEYIX_NONE); 1015 /* XXX optimize away / 1016* IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 1017 IEEE80211_NODE_WDSQ_INIT(ni, "unknown"); 1018 } else { 1019 /* XXX msg / 1020* vap->iv_stats.is_rx_nodealloc++; 1021 } 1022 return ni; 1023} 1024 1025struct ieee80211_node * 1026ieee80211_dup_bss(struct ieee80211vap vap, 1027* const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1028{ 1029 struct ieee80211com ic = vap->iv_ic; 1030* struct ieee80211_node ni; 1031* 1032 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr); 1033 if (ni != NULL) { 1034 /* 1035 * Inherit from iv_bss. 1036 / 1037* ni->ni_authmode = vap->iv_bss->ni_authmode; 1038 ni->ni_vlan = vap->iv_bss->ni_vlan; /* XXX?? / 1039* IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid); 1040 ieee80211_node_set_chan(ni, vap->iv_bss->ni_chan); 1041 } 1042 return ni; 1043} 1044 1045/* 1046 * Create a bss node for a legacy WDS vap. The far end does 1047 * not associate so we just create create a new node and 1048 * simulate an association. The caller is responsible for 1049 * installing the node as the bss node and handling any further 1050 * setup work like authorizing the port. 1051 / 1052struct ieee80211_node 1053ieee80211_node_create_wds(struct ieee80211vap vap, 1054* const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel chan) 1055{ 1056* struct ieee80211com ic = vap->iv_ic; 1057* struct ieee80211_node ni; 1058* 1059 /* XXX check if node already in sta table? / 1060* ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid); 1061 if (ni != NULL) { 1062 ni->ni_wdsvap = vap; 1063 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid); 1064 /* 1065 * Inherit any manually configured settings. 1066 / 1067* ni->ni_authmode = vap->iv_bss->ni_authmode; 1068 ni->ni_vlan = vap->iv_bss->ni_vlan; 1069 ieee80211_node_set_chan(ni, chan); 1070 /* NB: propagate ssid so available to WPA supplicant / 1071* ni->ni_esslen = vap->iv_des_ssid[0].len; 1072 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 1073 /* NB: no associd for peer / 1074* /* 1075 * There are no management frames to use to 1076 * discover neighbor capabilities, so blindly 1077 * propagate the local configuration. 1078 / 1079* if (vap->iv_flags & IEEE80211_F_WME) 1080 ni->ni_flags \|= IEEE80211_NODE_QOS; 1081 if (vap->iv_flags & IEEE80211_F_FF) 1082 ni->ni_flags \|= IEEE80211_NODE_FF; 1083 if ((ic->ic_htcaps & IEEE80211_HTC_HT) && 1084 (vap->iv_flags_ext & IEEE80211_FEXT_HT)) { 1085 /* 1086 * Device is HT-capable and HT is enabled for 1087 * the vap; setup HT operation. On return 1088 * ni_chan will be adjusted to an HT channel. 1089 / 1090* ieee80211_ht_wds_init(ni); 1091 } else { 1092 struct ieee80211_channel c = ni->ni_chan; 1093* /* 1094 * Force a legacy channel to be used. 1095 / 1096* c = ieee80211_find_channel(ic, 1097 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT); 1098 KASSERT(c != NULL, ("no legacy channel, %u/%x", 1099 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags)); 1100 ni->ni_chan = c; 1101 } 1102 } 1103 return ni; 1104} 1105 1106struct ieee80211_node * 1107#ifdef IEEE80211_DEBUG_REFCNT 1108ieee80211_find_node_locked_debug(struct ieee80211_node_table nt, 1109* const uint8_t macaddr[IEEE80211_ADDR_LEN], const char func, int line) 1110#else 1111ieee80211_find_node_locked(struct ieee80211_node_table nt, 1112 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1113#endif 1114{ 1115 struct ieee80211_node ni; 1116* int hash; 1117 1118 IEEE80211_NODE_LOCK_ASSERT(nt); 1119 1120 hash = IEEE80211_NODE_HASH(macaddr); 1121 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1122 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1123 ieee80211_ref_node(ni); /* mark referenced / 1124#ifdef IEEE80211_DEBUG_REFCNT 1125* IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1126 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1127 func, line, 1128 ni, ether_sprintf(ni->ni_macaddr), 1129 ieee80211_node_refcnt(ni)); 1130#endif 1131 return ni; 1132 } 1133 } 1134 return NULL; 1135} 1136 1137struct ieee80211_node * 1138#ifdef IEEE80211_DEBUG_REFCNT 1139ieee80211_find_node_debug(struct ieee80211_node_table nt, 1140* const uint8_t macaddr[IEEE80211_ADDR_LEN], const char func, int line) 1141#else 1142ieee80211_find_node(struct ieee80211_node_table nt, 1143 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1144#endif 1145{ 1146 struct ieee80211_node ni; 1147* 1148 IEEE80211_NODE_LOCK(nt); 1149 ni = ieee80211_find_node_locked(nt, macaddr); 1150 IEEE80211_NODE_UNLOCK(nt); 1151 return ni; 1152} 1153 1154struct ieee80211_node * 1155#ifdef IEEE80211_DEBUG_REFCNT 1156ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table nt, 1157* const struct ieee80211vap vap, 1158* const uint8_t macaddr[IEEE80211_ADDR_LEN], const char func, int line) 1159#else 1160ieee80211_find_vap_node_locked(struct ieee80211_node_table nt, 1161 const struct ieee80211vap vap, 1162* const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1163#endif 1164{ 1165 struct ieee80211_node ni; 1166* int hash; 1167 1168 IEEE80211_NODE_LOCK_ASSERT(nt); 1169 1170 hash = IEEE80211_NODE_HASH(macaddr); 1171 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1172 if (ni->ni_vap == vap && 1173 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1174 ieee80211_ref_node(ni); /* mark referenced / 1175#ifdef IEEE80211_DEBUG_REFCNT 1176* IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1177 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1178 func, line, 1179 ni, ether_sprintf(ni->ni_macaddr), 1180 ieee80211_node_refcnt(ni)); 1181#endif 1182 return ni; 1183 } 1184 } 1185 return NULL; 1186} 1187 1188struct ieee80211_node * 1189#ifdef IEEE80211_DEBUG_REFCNT 1190ieee80211_find_vap_node_debug(struct ieee80211_node_table nt, 1191* const struct ieee80211vap vap, 1192* const uint8_t macaddr[IEEE80211_ADDR_LEN], const char func, int line) 1193#else 1194ieee80211_find_vap_node(struct ieee80211_node_table nt, 1195 const struct ieee80211vap vap, 1196* const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1197#endif 1198{ 1199 struct ieee80211_node ni; 1200* 1201 IEEE80211_NODE_LOCK(nt); 1202 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr); 1203 IEEE80211_NODE_UNLOCK(nt); 1204 return ni; 1205} 1206 1207/* 1208 * Fake up a node; this handles node discovery in adhoc mode. 1209 * Note that for the driver's benefit we we treat this like 1210 * an association so the driver has an opportunity to setup 1211 * it's private state. 1212 / 1213struct ieee80211_node 1214ieee80211_fakeup_adhoc_node(struct ieee80211vap vap, 1215* const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1216{ 1217 struct ieee80211_node ni; 1218* 1219 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1220 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr)); 1221 ni = ieee80211_dup_bss(vap, macaddr); 1222 if (ni != NULL) { 1223 struct ieee80211com ic = vap->iv_ic; 1224* 1225 /* XXX no rate negotiation; just dup / 1226* ni->ni_rates = vap->iv_bss->ni_rates; 1227 if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 1228 /* 1229 * In adhoc demo mode there are no management 1230 * frames to use to discover neighbor capabilities, 1231 * so blindly propagate the local configuration 1232 * so we can do interesting things (e.g. use 1233 * WME to disable ACK's). 1234 / 1235* if (vap->iv_flags & IEEE80211_F_WME) 1236 ni->ni_flags \|= IEEE80211_NODE_QOS; 1237 if (vap->iv_flags & IEEE80211_F_FF) 1238 ni->ni_flags \|= IEEE80211_NODE_FF; 1239 } 1240 if (ic->ic_newassoc != NULL) 1241 ic->ic_newassoc(ni, 1); 1242 /* XXX not right for 802.1x/WPA / 1243* ieee80211_node_authorize(ni); 1244 } 1245 return ni; 1246} 1247 1248void 1249ieee80211_init_neighbor(struct ieee80211_node ni, 1250* const struct ieee80211_frame wh, 1251* const struct ieee80211_scanparams sp) 1252{ 1253* ni->ni_esslen = sp->ssid[1]; 1254 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1255 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1256 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1257 ni->ni_intval = sp->bintval; 1258 ni->ni_capinfo = sp->capinfo; 1259 ni->ni_chan = ni->ni_ic->ic_curchan; 1260 ni->ni_fhdwell = sp->fhdwell; 1261 ni->ni_fhindex = sp->fhindex; 1262 ni->ni_erp = sp->erp; 1263 ni->ni_timoff = sp->timoff; 1264 1265 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) { 1266 ieee80211_ies_expand(&ni->ni_ies); 1267 if (ni->ni_ies.ath_ie != NULL) 1268 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 1269 } 1270 1271 /* NB: must be after ni_chan is setup / 1272* ieee80211_setup_rates(ni, sp->rates, sp->xrates, 1273 IEEE80211_F_DOSORT \| IEEE80211_F_DOFRATE \| 1274 IEEE80211_F_DONEGO \| IEEE80211_F_DODEL); 1275} 1276 1277/* 1278 * Do node discovery in adhoc mode on receipt of a beacon 1279 * or probe response frame. Note that for the driver's 1280 * benefit we we treat this like an association so the 1281 * driver has an opportunity to setup it's private state. 1282 / 1283struct ieee80211_node 1284ieee80211_add_neighbor(struct ieee80211vap vap, 1285* const struct ieee80211_frame wh, 1286* const struct ieee80211_scanparams sp) 1287{ 1288* struct ieee80211_node ni; 1289* 1290 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1291 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2)); 1292 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? / 1293* if (ni != NULL) { 1294 struct ieee80211com ic = vap->iv_ic; 1295* 1296 ieee80211_init_neighbor(ni, wh, sp); 1297 if (ic->ic_newassoc != NULL) 1298 ic->ic_newassoc(ni, 1); 1299 /* XXX not right for 802.1x/WPA / 1300* ieee80211_node_authorize(ni); 1301 } 1302 return ni; 1303} 1304 1305#define IS_CTL(wh) \ 1306 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1307#define IS_PSPOLL(wh) \ 1308 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1309#define IS_BAR(wh) \ 1310 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_BAR) 1311#define IS_PROBEREQ(wh) \ 1312 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK\|IEEE80211_FC0_SUBTYPE_MASK)) \ 1313 == (IEEE80211_FC0_TYPE_MGT \| IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 1314#define IS_BCAST_PROBEREQ(wh) \ 1315 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \ 1316 ((const struct ieee80211_frame )(wh))->i_addr3)) 1317* 1318static __inline struct ieee80211_node * 1319_find_rxnode(struct ieee80211_node_table nt, 1320* const struct ieee80211_frame_min wh) 1321{ 1322* /* XXX 4-address frames? / 1323* if (IS_CTL(wh) && !IS_PSPOLL(wh) && !IS_BAR(wh) /&& !IS_RTS(ah)/) 1324 return ieee80211_find_node_locked(nt, wh->i_addr1); 1325 if (IS_BCAST_PROBEREQ(wh)) 1326 return NULL; /* spam bcast probe req to all vap's / 1327* return ieee80211_find_node_locked(nt, wh->i_addr2); 1328} 1329 1330/* 1331 * Locate the node for sender, track state, and then pass the 1332 * (referenced) node up to the 802.11 layer for its use. Note 1333 * we can return NULL if the sender is not in the table. 1334 / 1335struct ieee80211_node 1336#ifdef IEEE80211_DEBUG_REFCNT 1337ieee80211_find_rxnode_debug(struct ieee80211com ic, 1338* const struct ieee80211_frame_min wh, const char func, int line) 1339#else 1340ieee80211_find_rxnode(struct ieee80211com ic, 1341* const struct ieee80211_frame_min wh) 1342#endif 1343{ 1344* struct ieee80211_node_table nt; 1345* struct ieee80211_node ni; 1346* 1347 nt = &ic->ic_sta; 1348 IEEE80211_NODE_LOCK(nt); 1349 ni = _find_rxnode(nt, wh); 1350 IEEE80211_NODE_UNLOCK(nt); 1351 1352 return ni; 1353} 1354 1355/* 1356 * Like ieee80211_find_rxnode but use the supplied h/w 1357 * key index as a hint to locate the node in the key 1358 * mapping table. If an entry is present at the key 1359 * index we return it; otherwise do a normal lookup and 1360 * update the mapping table if the station has a unicast 1361 * key assigned to it. 1362 / 1363struct ieee80211_node 1364#ifdef IEEE80211_DEBUG_REFCNT 1365ieee80211_find_rxnode_withkey_debug(struct ieee80211com ic, 1366* const struct ieee80211_frame_min wh, ieee80211_keyix keyix, 1367* const char func, int line) 1368#else 1369ieee80211_find_rxnode_withkey(struct ieee80211com ic, 1370 const struct ieee80211_frame_min wh, ieee80211_keyix keyix) 1371#endif 1372{ 1373* struct ieee80211_node_table nt; 1374* struct ieee80211_node ni; 1375* 1376 nt = &ic->ic_sta; 1377 IEEE80211_NODE_LOCK(nt); 1378 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) 1379 ni = nt->nt_keyixmap[keyix]; 1380 else 1381 ni = NULL; 1382 if (ni == NULL) { 1383 ni = _find_rxnode(nt, wh); 1384 if (ni != NULL && nt->nt_keyixmap != NULL) { 1385 /* 1386 * If the station has a unicast key cache slot 1387 * assigned update the key->node mapping table. 1388 / 1389* keyix = ni->ni_ucastkey.wk_rxkeyix; 1390 /* XXX can keyixmap[keyix] != NULL? / 1391* if (keyix < nt->nt_keyixmax && 1392 nt->nt_keyixmap[keyix] == NULL) { 1393 IEEE80211_DPRINTF(ni->ni_vap, 1394 IEEE80211_MSG_NODE, 1395 "%s: add key map entry %p<%s> refcnt %d\n", 1396 __func__, ni, ether_sprintf(ni->ni_macaddr), 1397 ieee80211_node_refcnt(ni)+1); 1398 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1399 } 1400 } 1401 } else { 1402 if (IS_BCAST_PROBEREQ(wh)) 1403 ni = NULL; /* spam bcast probe req to all vap's / 1404* else 1405 ieee80211_ref_node(ni); 1406 } 1407 IEEE80211_NODE_UNLOCK(nt); 1408 1409 return ni; 1410} 1411#undef IS_BCAST_PROBEREQ 1412#undef IS_PROBEREQ 1413#undef IS_BAR 1414#undef IS_PSPOLL 1415#undef IS_CTL 1416 1417/* 1418 * Return a reference to the appropriate node for sending 1419 * a data frame. This handles node discovery in adhoc networks. 1420 / 1421struct ieee80211_node 1422#ifdef IEEE80211_DEBUG_REFCNT 1423ieee80211_find_txnode_debug(struct ieee80211vap vap, 1424* const uint8_t macaddr[IEEE80211_ADDR_LEN], 1425 const char func, int line) 1426#else 1427ieee80211_find_txnode(struct ieee80211vap vap, 1428 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1429#endif 1430{ 1431 struct ieee80211_node_table nt = &vap->iv_ic->ic_sta; 1432* struct ieee80211_node ni; 1433* 1434 /* 1435 * The destination address should be in the node table 1436 * unless this is a multicast/broadcast frame. We can 1437 * also optimize station mode operation, all frames go 1438 * to the bss node. 1439 / 1440* /* XXX can't hold lock across dup_bss 'cuz of recursive locking / 1441* IEEE80211_NODE_LOCK(nt); 1442 if (vap->iv_opmode == IEEE80211_M_STA \|\| 1443 vap->iv_opmode == IEEE80211_M_WDS \|\| 1444 IEEE80211_IS_MULTICAST(macaddr)) 1445 ni = ieee80211_ref_node(vap->iv_bss); 1446 else { 1447 ni = ieee80211_find_node_locked(nt, macaddr); 1448 if (vap->iv_opmode == IEEE80211_M_HOSTAP && 1449 (ni != NULL && ni->ni_associd == 0)) { 1450 /* 1451 * Station is not associated; don't permit the 1452 * data frame to be sent by returning NULL. This 1453 * is kinda a kludge but the least intrusive way 1454 * to add this check into all drivers. 1455 / 1456* ieee80211_unref_node(&ni); /* NB: null's ni / 1457* } 1458 } 1459 IEEE80211_NODE_UNLOCK(nt); 1460 1461 if (ni == NULL) { 1462 if (vap->iv_opmode == IEEE80211_M_IBSS \|\| 1463 vap->iv_opmode == IEEE80211_M_AHDEMO) { 1464 /* 1465 * In adhoc mode cons up a node for the destination. 1466 * Note that we need an additional reference for the 1467 * caller to be consistent with 1468 * ieee80211_find_node_locked. 1469 / 1470* ni = ieee80211_fakeup_adhoc_node(vap, macaddr); 1471 if (ni != NULL) 1472 (void) ieee80211_ref_node(ni); 1473 } else { 1474 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr, 1475 "no node, discard frame (%s)", __func__); 1476 vap->iv_stats.is_tx_nonode++; 1477 } 1478 } 1479 return ni; 1480} 1481 1482static void 1483_ieee80211_free_node(struct ieee80211_node ni) 1484*{
1485 struct ieee80211vap *vap = ni->ni_vap;
1486 struct ieee80211_node_table nt = ni->ni_table; 1487*	1485 struct ieee80211_node_table nt = ni->ni_table; 1486*
	1487 /* 1488 * NB: careful about referencing the vap as it may be 1489 * gone if the last reference was held by a driver. 1490 * We know the com will always be present so it's safe 1491 * to use ni_ic below to reclaim resources. 1492 / 1493*#if 0
1488 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1489 "%s %p<%s> in %s table\n", __func__, ni, 1490 ether_sprintf(ni->ni_macaddr), 1491 nt != NULL ? nt->nt_name : "<gone>");	1494 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1495 "%s %p<%s> in %s table\n", __func__, ni, 1496 ether_sprintf(ni->ni_macaddr), 1497 nt != NULL ? nt->nt_name : "<gone>");
1492 1493 if (vap->iv_aid_bitmap != NULL) 1494 IEEE80211_AID_CLR(vap, ni->ni_associd);	1498#endif 1499 if (ni->ni_associd != 0) { 1500 struct ieee80211vap vap = ni->ni_vap; 1501* if (vap->iv_aid_bitmap != NULL) 1502 IEEE80211_AID_CLR(vap, ni->ni_associd); 1503 }
1495 if (nt != NULL) { 1496 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1497 LIST_REMOVE(ni, ni_hash); 1498 }	1504 if (nt != NULL) { 1505 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1506 LIST_REMOVE(ni, ni_hash); 1507 }
1499 vap->iv_ic->ic_node_free(ni);	1508 ni->ni_ic->ic_node_free(ni);
1500} 1501 1502void 1503#ifdef IEEE80211_DEBUG_REFCNT 1504ieee80211_free_node_debug(struct ieee80211_node ni, const char func, int line) 1505#else 1506ieee80211_free_node(struct ieee80211_node ni) 1507#endif 1508{ 1509* struct ieee80211_node_table nt = ni->ni_table; 1510* 1511#ifdef IEEE80211_DEBUG_REFCNT 1512 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1513 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1514 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1515#endif 1516 if (nt != NULL) { 1517 IEEE80211_NODE_LOCK(nt); 1518 if (ieee80211_node_dectestref(ni)) { 1519 /* 1520 * Last reference, reclaim state. 1521 / 1522* _ieee80211_free_node(ni); 1523 } else if (ieee80211_node_refcnt(ni) == 1 && 1524 nt->nt_keyixmap != NULL) { 1525 ieee80211_keyix keyix; 1526 /* 1527 * Check for a last reference in the key mapping table. 1528 / 1529* keyix = ni->ni_ucastkey.wk_rxkeyix; 1530 if (keyix < nt->nt_keyixmax && 1531 nt->nt_keyixmap[keyix] == ni) { 1532 IEEE80211_DPRINTF(ni->ni_vap, 1533 IEEE80211_MSG_NODE, 1534 "%s: %p<%s> clear key map entry", __func__, 1535 ni, ether_sprintf(ni->ni_macaddr)); 1536 nt->nt_keyixmap[keyix] = NULL; 1537 ieee80211_node_decref(ni); /* XXX needed? / 1538* _ieee80211_free_node(ni); 1539 } 1540 } 1541 IEEE80211_NODE_UNLOCK(nt); 1542 } else { 1543 if (ieee80211_node_dectestref(ni)) 1544 _ieee80211_free_node(ni); 1545 } 1546} 1547 1548/* 1549 * Reclaim a unicast key and clear any key cache state. 1550 / 1551int 1552ieee80211_node_delucastkey(struct ieee80211_node ni) 1553{	1509} 1510 1511void 1512#ifdef IEEE80211_DEBUG_REFCNT 1513ieee80211_free_node_debug(struct ieee80211_node ni, const char func, int line) 1514#else 1515ieee80211_free_node(struct ieee80211_node ni) 1516#endif 1517{ 1518* struct ieee80211_node_table nt = ni->ni_table; 1519* 1520#ifdef IEEE80211_DEBUG_REFCNT 1521 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1522 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1523 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1524#endif 1525 if (nt != NULL) { 1526 IEEE80211_NODE_LOCK(nt); 1527 if (ieee80211_node_dectestref(ni)) { 1528 /* 1529 * Last reference, reclaim state. 1530 / 1531* _ieee80211_free_node(ni); 1532 } else if (ieee80211_node_refcnt(ni) == 1 && 1533 nt->nt_keyixmap != NULL) { 1534 ieee80211_keyix keyix; 1535 /* 1536 * Check for a last reference in the key mapping table. 1537 / 1538* keyix = ni->ni_ucastkey.wk_rxkeyix; 1539 if (keyix < nt->nt_keyixmax && 1540 nt->nt_keyixmap[keyix] == ni) { 1541 IEEE80211_DPRINTF(ni->ni_vap, 1542 IEEE80211_MSG_NODE, 1543 "%s: %p<%s> clear key map entry", __func__, 1544 ni, ether_sprintf(ni->ni_macaddr)); 1545 nt->nt_keyixmap[keyix] = NULL; 1546 ieee80211_node_decref(ni); /* XXX needed? / 1547* _ieee80211_free_node(ni); 1548 } 1549 } 1550 IEEE80211_NODE_UNLOCK(nt); 1551 } else { 1552 if (ieee80211_node_dectestref(ni)) 1553 _ieee80211_free_node(ni); 1554 } 1555} 1556 1557/* 1558 * Reclaim a unicast key and clear any key cache state. 1559 / 1560int 1561ieee80211_node_delucastkey(struct ieee80211_node ni) 1562{
1554 struct ieee80211vap vap = ni->ni_vap; 1555* /* XXX is ni_table safe? / 1556* struct ieee80211_node_table *nt = &ni->ni_ic->ic_sta;	1563 struct ieee80211com ic = ni->ni_ic; 1564* struct ieee80211_node_table *nt = &ic->ic_sta;
1557 struct ieee80211_node nikey; 1558* ieee80211_keyix keyix; 1559 int isowned, status; 1560 1561 /* 1562 * NB: We must beware of LOR here; deleting the key 1563 * can cause the crypto layer to block traffic updates 1564 * which can generate a LOR against the node table lock; 1565 * grab it here and stash the key index for our use below. 1566 * 1567 * Must also beware of recursion on the node table lock. 1568 * When called from node_cleanup we may already have 1569 * the node table lock held. Unfortunately there's no 1570 * way to separate out this path so we must do this 1571 * conditionally. 1572 / 1573* isowned = IEEE80211_NODE_IS_LOCKED(nt); 1574 if (!isowned) 1575 IEEE80211_NODE_LOCK(nt);	1565 struct ieee80211_node nikey; 1566* ieee80211_keyix keyix; 1567 int isowned, status; 1568 1569 /* 1570 * NB: We must beware of LOR here; deleting the key 1571 * can cause the crypto layer to block traffic updates 1572 * which can generate a LOR against the node table lock; 1573 * grab it here and stash the key index for our use below. 1574 * 1575 * Must also beware of recursion on the node table lock. 1576 * When called from node_cleanup we may already have 1577 * the node table lock held. Unfortunately there's no 1578 * way to separate out this path so we must do this 1579 * conditionally. 1580 / 1581* isowned = IEEE80211_NODE_IS_LOCKED(nt); 1582 if (!isowned) 1583 IEEE80211_NODE_LOCK(nt);
1576 keyix = ni->ni_ucastkey.wk_rxkeyix; 1577 status = ieee80211_crypto_delkey(vap, &ni->ni_ucastkey); 1578 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1579 nikey = nt->nt_keyixmap[keyix]; 1580 nt->nt_keyixmap[keyix] = NULL;; 1581 } else 1582 nikey = NULL;	1584 nikey = NULL; 1585 status = 1; /* NB: success / 1586* if (!IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { 1587 keyix = ni->ni_ucastkey.wk_rxkeyix; 1588 status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey); 1589 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1590 nikey = nt->nt_keyixmap[keyix]; 1591 nt->nt_keyixmap[keyix] = NULL;; 1592 } 1593 }
1583 if (!isowned) 1584 IEEE80211_NODE_UNLOCK(nt); 1585 1586 if (nikey != NULL) { 1587 KASSERT(nikey == ni, 1588 ("key map out of sync, ni %p nikey %p", ni, nikey));	1594 if (!isowned) 1595 IEEE80211_NODE_UNLOCK(nt); 1596 1597 if (nikey != NULL) { 1598 KASSERT(nikey == ni, 1599 ("key map out of sync, ni %p nikey %p", ni, nikey));
1589 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,	1600 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1590 "%s: delete key map entry %p<%s> refcnt %d\n", 1591 __func__, ni, ether_sprintf(ni->ni_macaddr), 1592 ieee80211_node_refcnt(ni)-1); 1593 ieee80211_free_node(ni); 1594 } 1595 return status; 1596} 1597 1598/* 1599 * Reclaim a node. If this is the last reference count then 1600 * do the normal free work. Otherwise remove it from the node 1601 * table and mark it gone by clearing the back-reference. 1602 / 1603static void 1604node_reclaim(struct ieee80211_node_table nt, struct ieee80211_node ni) 1605{ 1606* ieee80211_keyix keyix; 1607 1608 IEEE80211_NODE_LOCK_ASSERT(nt); 1609 1610 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1611 "%s: remove %p<%s> from %s table, refcnt %d\n", 1612 __func__, ni, ether_sprintf(ni->ni_macaddr), 1613 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1614 /* 1615 * Clear any entry in the unicast key mapping table. 1616 * We need to do it here so rx lookups don't find it 1617 * in the mapping table even if it's not in the hash 1618 * table. We cannot depend on the mapping table entry 1619 * being cleared because the node may not be free'd. 1620 / 1621* keyix = ni->ni_ucastkey.wk_rxkeyix; 1622 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 1623 nt->nt_keyixmap[keyix] == ni) { 1624 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1625 "%s: %p<%s> clear key map entry\n", 1626 __func__, ni, ether_sprintf(ni->ni_macaddr)); 1627 nt->nt_keyixmap[keyix] = NULL; 1628 ieee80211_node_decref(ni); /* NB: don't need free / 1629* } 1630 if (!ieee80211_node_dectestref(ni)) { 1631 /* 1632 * Other references are present, just remove the 1633 * node from the table so it cannot be found. When 1634 * the references are dropped storage will be 1635 * reclaimed. 1636 / 1637* TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1638 LIST_REMOVE(ni, ni_hash); 1639 ni->ni_table = NULL; /* clear reference / 1640* } else 1641 _ieee80211_free_node(ni); 1642} 1643 1644/* 1645 * Reclaim a (bss) node. Decrement the refcnt and reclaim 1646 * the node if the only other reference to it is in the sta 1647 * table. This is effectively ieee80211_free_node followed 1648 * by node_reclaim when the refcnt is 1 (after the free). 1649 / 1650static void 1651ieee80211_node_reclaim(struct ieee80211_node ni) 1652{ 1653 struct ieee80211_node_table nt = ni->ni_table; 1654* 1655 KASSERT(nt != NULL, ("reclaim node not in table")); 1656 1657#ifdef IEEE80211_DEBUG_REFCNT 1658 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1659 "%s %p<%s> refcnt %d\n", __func__, ni, 1660 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1661#endif 1662 IEEE80211_NODE_LOCK(nt); 1663 if (ieee80211_node_dectestref(ni)) { 1664 /* 1665 * Last reference, reclaim state. 1666 / 1667* _ieee80211_free_node(ni); 1668 nt = NULL; 1669 } else if (ieee80211_node_refcnt(ni) == 1 && 1670 nt->nt_keyixmap != NULL) { 1671 ieee80211_keyix keyix; 1672 /* 1673 * Check for a last reference in the key mapping table. 1674 / 1675* keyix = ni->ni_ucastkey.wk_rxkeyix; 1676 if (keyix < nt->nt_keyixmax && 1677 nt->nt_keyixmap[keyix] == ni) { 1678 IEEE80211_DPRINTF(ni->ni_vap, 1679 IEEE80211_MSG_NODE, 1680 "%s: %p<%s> clear key map entry", __func__, 1681 ni, ether_sprintf(ni->ni_macaddr)); 1682 nt->nt_keyixmap[keyix] = NULL; 1683 ieee80211_node_decref(ni); /* XXX needed? / 1684* _ieee80211_free_node(ni); 1685 nt = NULL; 1686 } 1687 } 1688 if (nt != NULL && ieee80211_node_refcnt(ni) == 1) { 1689 /* 1690 * Last reference is in the sta table; complete 1691 * the reclaim. This handles bss nodes being 1692 * recycled: the node has two references, one for 1693 * iv_bss and one for the table. After dropping 1694 * the iv_bss ref above we need to reclaim the sta 1695 * table reference. 1696 / 1697* ieee80211_node_decref(ni); /* NB: be pendantic / 1698* _ieee80211_free_node(ni); 1699 } 1700 IEEE80211_NODE_UNLOCK(nt); 1701} 1702 1703/* 1704 * Node table support. 1705 / 1706* 1707static void 1708ieee80211_node_table_init(struct ieee80211com ic, 1709* struct ieee80211_node_table nt, 1710* const char name, int inact, int keyixmax) 1711{ 1712* struct ifnet ifp = ic->ic_ifp; 1713* 1714 nt->nt_ic = ic; 1715 IEEE80211_NODE_LOCK_INIT(nt, ifp->if_xname); 1716 IEEE80211_NODE_ITERATE_LOCK_INIT(nt, ifp->if_xname); 1717 TAILQ_INIT(&nt->nt_node); 1718 nt->nt_name = name; 1719 nt->nt_scangen = 1; 1720 nt->nt_inact_init = inact; 1721 nt->nt_keyixmax = keyixmax; 1722 if (nt->nt_keyixmax > 0) { 1723 MALLOC(nt->nt_keyixmap, struct ieee80211_node *, 1724* keyixmax * sizeof(struct ieee80211_node ), 1725* M_80211_NODE, M_NOWAIT \| M_ZERO); 1726 if (nt->nt_keyixmap == NULL) 1727 if_printf(ic->ic_ifp, 1728 "Cannot allocate key index map with %u entries\n", 1729 keyixmax); 1730 } else 1731 nt->nt_keyixmap = NULL; 1732} 1733 1734static void 1735ieee80211_node_table_reset(struct ieee80211_node_table nt, 1736* struct ieee80211vap match) 1737{ 1738* struct ieee80211_node ni, next; 1739 1740 IEEE80211_NODE_LOCK(nt); 1741 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { 1742 if (match != NULL && ni->ni_vap != match) 1743 continue; 1744 /* XXX can this happen? if so need's work / 1745* if (ni->ni_associd != 0) { 1746 struct ieee80211vap vap = ni->ni_vap; 1747* 1748 if (vap->iv_auth->ia_node_leave != NULL) 1749 vap->iv_auth->ia_node_leave(ni); 1750 if (vap->iv_aid_bitmap != NULL) 1751 IEEE80211_AID_CLR(vap, ni->ni_associd); 1752 } 1753 ni->ni_wdsvap = NULL; /* clear reference / 1754* node_reclaim(nt, ni); 1755 } 1756 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) { 1757 /* 1758 * Make a separate pass to clear references to this vap 1759 * held by DWDS entries. They will not be matched above 1760 * because ni_vap will point to the ap vap but we still 1761 * need to clear ni_wdsvap when the WDS vap is destroyed 1762 * and/or reset. 1763 / 1764* TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) 1765 if (ni->ni_wdsvap == match) 1766 ni->ni_wdsvap = NULL; 1767 } 1768 IEEE80211_NODE_UNLOCK(nt); 1769} 1770 1771static void 1772ieee80211_node_table_cleanup(struct ieee80211_node_table nt) 1773{ 1774* ieee80211_node_table_reset(nt, NULL); 1775 if (nt->nt_keyixmap != NULL) { 1776#ifdef DIAGNOSTIC 1777 /* XXX verify all entries are NULL / 1778* int i; 1779 for (i = 0; i < nt->nt_keyixmax; i++) 1780 if (nt->nt_keyixmap[i] != NULL) 1781 printf("%s: %s[%u] still active\n", __func__, 1782 nt->nt_name, i); 1783#endif 1784 FREE(nt->nt_keyixmap, M_80211_NODE); 1785 nt->nt_keyixmap = NULL; 1786 } 1787 IEEE80211_NODE_ITERATE_LOCK_DESTROY(nt); 1788 IEEE80211_NODE_LOCK_DESTROY(nt); 1789} 1790 1791/* 1792 * Timeout inactive stations and do related housekeeping. 1793 * Note that we cannot hold the node lock while sending a 1794 * frame as this would lead to a LOR. Instead we use a 1795 * generation number to mark nodes that we've scanned and 1796 * drop the lock and restart a scan if we have to time out 1797 * a node. Since we are single-threaded by virtue of 1798 * controlling the inactivity timer we can be sure this will 1799 * process each node only once. 1800 / 1801static void 1802ieee80211_timeout_stations(struct ieee80211com ic) 1803{ 1804 struct ieee80211_node_table nt = &ic->ic_sta; 1805* struct ieee80211vap vap; 1806* struct ieee80211_node ni; 1807* int gen = 0; 1808 1809 IEEE80211_NODE_ITERATE_LOCK(nt); 1810 gen = ++nt->nt_scangen; 1811restart: 1812 IEEE80211_NODE_LOCK(nt); 1813 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1814 if (ni->ni_scangen == gen) /* previously handled / 1815* continue; 1816 ni->ni_scangen = gen; 1817 /* 1818 * Ignore entries for which have yet to receive an 1819 * authentication frame. These are transient and 1820 * will be reclaimed when the last reference to them 1821 * goes away (when frame xmits complete). 1822 / 1823* vap = ni->ni_vap; 1824 /* 1825 * Only process stations when in RUN state. This 1826 * insures, for example, that we don't timeout an 1827 * inactive station during CAC. Note that CSA state 1828 * is actually handled in ieee80211_node_timeout as 1829 * it applies to more than timeout processing. 1830 / 1831* if (vap->iv_state != IEEE80211_S_RUN) 1832 continue; 1833 /* XXX can vap be NULL? / 1834* if ((vap->iv_opmode == IEEE80211_M_HOSTAP \|\| 1835 vap->iv_opmode == IEEE80211_M_STA) && 1836 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1837 continue; 1838 /* 1839 * Free fragment if not needed anymore 1840 * (last fragment older than 1s). 1841 * XXX doesn't belong here, move to node_age 1842 / 1843* if (ni->ni_rxfrag[0] != NULL && 1844 ticks > ni->ni_rxfragstamp + hz) { 1845 m_freem(ni->ni_rxfrag[0]); 1846 ni->ni_rxfrag[0] = NULL; 1847 } 1848 if (ni->ni_inact > 0) 1849 ni->ni_inact--; 1850 /* 1851 * Special case ourself; we may be idle for extended periods 1852 * of time and regardless reclaiming our state is wrong. 1853 * XXX run ic_node_age 1854 / 1855* if (ni == vap->iv_bss) 1856 continue; 1857 if (ni->ni_associd != 0 \|\| 1858 (vap->iv_opmode == IEEE80211_M_IBSS \|\| 1859 vap->iv_opmode == IEEE80211_M_AHDEMO)) { 1860 /* 1861 * Age/drain resources held by the station. 1862 / 1863* ic->ic_node_age(ni); 1864 /* 1865 * Probe the station before time it out. We 1866 * send a null data frame which may not be 1867 * universally supported by drivers (need it 1868 * for ps-poll support so it should be...). 1869 * 1870 * XXX don't probe the station unless we've 1871 * received a frame from them (and have 1872 * some idea of the rates they are capable 1873 * of); this will get fixed more properly 1874 * soon with better handling of the rate set. 1875 / 1876* if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 1877 (0 < ni->ni_inact && 1878 ni->ni_inact <= vap->iv_inact_probe) && 1879 ni->ni_rates.rs_nrates != 0) { 1880 IEEE80211_NOTE(vap, 1881 IEEE80211_MSG_INACT \| IEEE80211_MSG_NODE, 1882 ni, "%s", 1883 "probe station due to inactivity"); 1884 /* 1885 * Grab a reference before unlocking the table 1886 * so the node cannot be reclaimed before we 1887 * send the frame. ieee80211_send_nulldata 1888 * understands we've done this and reclaims the 1889 * ref for us as needed. 1890 / 1891* ieee80211_ref_node(ni); 1892 IEEE80211_NODE_UNLOCK(nt); 1893 ieee80211_send_nulldata(ni); 1894 /* XXX stat? / 1895* goto restart; 1896 } 1897 } 1898 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 1899 ni->ni_inact <= 0) { 1900 IEEE80211_NOTE(vap, 1901 IEEE80211_MSG_INACT \| IEEE80211_MSG_NODE, ni, 1902 "station timed out due to inactivity " 1903 "(refcnt %u)", ieee80211_node_refcnt(ni)); 1904 /* 1905 * Send a deauthenticate frame and drop the station. 1906 * This is somewhat complicated due to reference counts 1907 * and locking. At this point a station will typically 1908 * have a reference count of 1. ieee80211_node_leave 1909 * will do a "free" of the node which will drop the 1910 * reference count. But in the meantime a reference 1911 * wil be held by the deauth frame. The actual reclaim 1912 * of the node will happen either after the tx is 1913 * completed or by ieee80211_node_leave. 1914 * 1915 * Separately we must drop the node lock before sending 1916 * in case the driver takes a lock, as this can result 1917 * in a LOR between the node lock and the driver lock. 1918 / 1919* ieee80211_ref_node(ni); 1920 IEEE80211_NODE_UNLOCK(nt); 1921 if (ni->ni_associd != 0) { 1922 IEEE80211_SEND_MGMT(ni, 1923 IEEE80211_FC0_SUBTYPE_DEAUTH, 1924 IEEE80211_REASON_AUTH_EXPIRE); 1925 } 1926 ieee80211_node_leave(ni); 1927 ieee80211_free_node(ni); 1928 vap->iv_stats.is_node_timeout++; 1929 goto restart; 1930 } 1931 } 1932 IEEE80211_NODE_UNLOCK(nt); 1933 1934 IEEE80211_NODE_ITERATE_UNLOCK(nt); 1935} 1936 1937/* 1938 * Aggressively reclaim resources. This should be used 1939 * only in a critical situation to reclaim mbuf resources. 1940 / 1941void 1942ieee80211_drain(struct ieee80211com ic) 1943{ 1944 struct ieee80211_node_table nt = &ic->ic_sta; 1945* struct ieee80211vap vap; 1946* struct ieee80211_node ni; 1947* 1948 IEEE80211_NODE_LOCK(nt); 1949 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1950 /* 1951 * Ignore entries for which have yet to receive an 1952 * authentication frame. These are transient and 1953 * will be reclaimed when the last reference to them 1954 * goes away (when frame xmits complete). 1955 / 1956* vap = ni->ni_vap; 1957 /* 1958 * Only process stations when in RUN state. This 1959 * insures, for example, that we don't timeout an 1960 * inactive station during CAC. Note that CSA state 1961 * is actually handled in ieee80211_node_timeout as 1962 * it applies to more than timeout processing. 1963 / 1964* if (vap->iv_state != IEEE80211_S_RUN) 1965 continue; 1966 /* XXX can vap be NULL? / 1967* if ((vap->iv_opmode == IEEE80211_M_HOSTAP \|\| 1968 vap->iv_opmode == IEEE80211_M_STA) && 1969 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1970 continue; 1971 /* 1972 * Free fragments. 1973 * XXX doesn't belong here, move to node_drain 1974 / 1975* if (ni->ni_rxfrag[0] != NULL) { 1976 m_freem(ni->ni_rxfrag[0]); 1977 ni->ni_rxfrag[0] = NULL; 1978 } 1979 /* 1980 * Drain resources held by the station. 1981 / 1982* ic->ic_node_drain(ni); 1983 } 1984 IEEE80211_NODE_UNLOCK(nt); 1985} 1986 1987/* 1988 * Per-ieee80211com inactivity timer callback. 1989 / 1990void 1991ieee80211_node_timeout(void arg) 1992{ 1993 struct ieee80211com ic = arg; 1994* 1995 /* 1996 * Defer timeout processing if a channel switch is pending. 1997 * We typically need to be mute so not doing things that 1998 * might generate frames is good to handle in one place. 1999 * Supressing the station timeout processing may extend the 2000 * lifetime of inactive stations (by not decrementing their 2001 * idle counters) but this should be ok unless the CSA is 2002 * active for an unusually long time. 2003 / 2004* if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) { 2005 ieee80211_scan_timeout(ic); 2006 ieee80211_timeout_stations(ic); 2007 2008 IEEE80211_LOCK(ic); 2009 ieee80211_erp_timeout(ic); 2010 ieee80211_ht_timeout(ic); 2011 IEEE80211_UNLOCK(ic); 2012 } 2013 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIThz, 2014* ieee80211_node_timeout, ic); 2015} 2016 2017void 2018ieee80211_iterate_nodes(struct ieee80211_node_table nt, 2019* ieee80211_iter_func f, void arg) 2020{ 2021 struct ieee80211_node ni; 2022* u_int gen; 2023 2024 IEEE80211_NODE_ITERATE_LOCK(nt); 2025 gen = ++nt->nt_scangen; 2026restart: 2027 IEEE80211_NODE_LOCK(nt); 2028 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2029 if (ni->ni_scangen != gen) { 2030 ni->ni_scangen = gen; 2031 (void) ieee80211_ref_node(ni); 2032 IEEE80211_NODE_UNLOCK(nt); 2033 (f)(arg, ni); 2034* ieee80211_free_node(ni); 2035 goto restart; 2036 } 2037 } 2038 IEEE80211_NODE_UNLOCK(nt); 2039 2040 IEEE80211_NODE_ITERATE_UNLOCK(nt); 2041} 2042 2043void 2044ieee80211_dump_node(struct ieee80211_node_table nt, struct ieee80211_node ni) 2045{ 2046 printf("0x%p: mac %s refcnt %d\n", ni, 2047 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2048 printf("\tscangen %u authmode %u flags 0x%x\n", 2049 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 2050 printf("\tassocid 0x%x txpower %u vlan %u\n", 2051 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2052 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2053 ni->ni_txseqs[IEEE80211_NONQOS_TID], 2054 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT, 2055 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK, 2056 ni->ni_rxfragstamp); 2057 printf("\trstamp %u rssi %d noise %d intval %u capinfo 0x%x\n", 2058 ni->ni_rstamp, node_getrssi(ni), ni->ni_noise, 2059 ni->ni_intval, ni->ni_capinfo); 2060 printf("\tbssid %s essid \"%.s\" channel %u:0x%x\n", 2061* ether_sprintf(ni->ni_bssid), 2062 ni->ni_esslen, ni->ni_essid, 2063 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2064 printf("\tinact %u txrate %u\n", 2065 ni->ni_inact, ni->ni_txrate); 2066 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n", 2067 ni->ni_htcap, ni->ni_htparam, 2068 ni->ni_htctlchan, ni->ni_ht2ndchan); 2069 printf("\thtopmode %x htstbc %x chw %u\n", 2070 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw); 2071} 2072 2073void 2074ieee80211_dump_nodes(struct ieee80211_node_table nt) 2075{ 2076* ieee80211_iterate_nodes(nt, 2077 (ieee80211_iter_func ) ieee80211_dump_node, nt); 2078} 2079* 2080void 2081ieee80211_notify_erp(struct ieee80211com ic) 2082{ 2083* struct ieee80211vap vap; 2084* 2085 IEEE80211_LOCK_ASSERT(ic); 2086 2087 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) 2088 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2089 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP); 2090} 2091 2092/* 2093 * Handle a station joining an 11g network. 2094 / 2095static void 2096ieee80211_node_join_11g(struct ieee80211_node ni) 2097{ 2098 struct ieee80211com ic = ni->ni_ic; 2099* 2100 IEEE80211_LOCK_ASSERT(ic); 2101 2102 /* 2103 * Station isn't capable of short slot time. Bump 2104 * the count of long slot time stations and disable 2105 * use of short slot time. Note that the actual switch 2106 * over to long slot time use may not occur until the 2107 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2108 / 2109* if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2110 ic->ic_longslotsta++; 2111 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2112 "station needs long slot time, count %d", 2113 ic->ic_longslotsta); 2114 /* XXX vap's w/ conflicting needs won't work / 2115* if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) { 2116 /* 2117 * Don't force slot time when switched to turbo 2118 * mode as non-ERP stations won't be present; this 2119 * need only be done when on the normal G channel. 2120 / 2121* ieee80211_set_shortslottime(ic, 0); 2122 } 2123 } 2124 /* 2125 * If the new station is not an ERP station 2126 * then bump the counter and enable protection 2127 * if configured. 2128 / 2129* if (!ieee80211_iserp_rateset(&ni->ni_rates)) { 2130 ic->ic_nonerpsta++; 2131 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2132 "station is !ERP, %d non-ERP stations associated", 2133 ic->ic_nonerpsta); 2134 /* 2135 * If station does not support short preamble 2136 * then we must enable use of Barker preamble. 2137 / 2138* if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2139 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2140 "%s", "station needs long preamble"); 2141 ic->ic_flags \|= IEEE80211_F_USEBARKER; 2142 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2143 } 2144 /* 2145 * If protection is configured and this is the first 2146 * indication we should use protection, enable it. 2147 / 2148* if (ic->ic_protmode != IEEE80211_PROT_NONE && 2149 ic->ic_nonerpsta == 1 && 2150 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2151 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2152 "%s: enable use of protection\n", __func__); 2153 ic->ic_flags \|= IEEE80211_F_USEPROT; 2154 ieee80211_notify_erp(ic); 2155 } 2156 } else 2157 ni->ni_flags \|= IEEE80211_NODE_ERP; 2158} 2159 2160void 2161ieee80211_node_join(struct ieee80211_node ni, int resp) 2162{ 2163* struct ieee80211com ic = ni->ni_ic; 2164* struct ieee80211vap vap = ni->ni_vap; 2165* int newassoc; 2166 2167 if (ni->ni_associd == 0) { 2168 uint16_t aid; 2169 2170 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap")); 2171 /* 2172 * It would be good to search the bitmap 2173 * more efficiently, but this will do for now. 2174 / 2175* for (aid = 1; aid < vap->iv_max_aid; aid++) { 2176 if (!IEEE80211_AID_ISSET(vap, aid)) 2177 break; 2178 } 2179 if (aid >= vap->iv_max_aid) { 2180 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY); 2181 ieee80211_node_leave(ni); 2182 return; 2183 } 2184 ni->ni_associd = aid \| 0xc000; 2185 ni->ni_jointime = time_uptime; 2186 IEEE80211_LOCK(ic); 2187 IEEE80211_AID_SET(vap, ni->ni_associd); 2188 vap->iv_sta_assoc++; 2189 ic->ic_sta_assoc++; 2190 2191 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2192 ieee80211_ht_node_join(ni); 2193 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2194 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2195 ieee80211_node_join_11g(ni); 2196 IEEE80211_UNLOCK(ic); 2197 2198 newassoc = 1; 2199 } else 2200 newassoc = 0; 2201 2202 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC \| IEEE80211_MSG_DEBUG, ni, 2203 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s", 2204 IEEE80211_NODE_AID(ni), 2205 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2206 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2207 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2208 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "", 2209 ni->ni_flags & IEEE80211_NODE_HT ? 2210 (ni->ni_chw == 20 ? ", HT20" : ", HT40") : "", 2211 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "", 2212 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ? 2213 ", fast-frames" : "", 2214 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ? 2215 ", turbo" : "" 2216 ); 2217 2218 /* give driver a chance to setup state like ni_txrate / 2219* if (ic->ic_newassoc != NULL) 2220 ic->ic_newassoc(ni, newassoc); 2221 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS); 2222 /* tell the authenticator about new station / 2223* if (vap->iv_auth->ia_node_join != NULL) 2224 vap->iv_auth->ia_node_join(ni); 2225 ieee80211_notify_node_join(ni, 2226 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 2227} 2228 2229static void 2230disable_protection(struct ieee80211com ic) 2231{ 2232* KASSERT(ic->ic_nonerpsta == 0 && 2233 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0, 2234 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta, 2235 ic->ic_flags_ext)); 2236 2237 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2238 /* XXX verify mode? / 2239* if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2240 ic->ic_flags \|= IEEE80211_F_SHPREAMBLE; 2241 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2242 } 2243 ieee80211_notify_erp(ic); 2244} 2245 2246/* 2247 * Handle a station leaving an 11g network. 2248 / 2249static void 2250ieee80211_node_leave_11g(struct ieee80211_node ni) 2251{ 2252 struct ieee80211com ic = ni->ni_ic; 2253* 2254 IEEE80211_LOCK_ASSERT(ic); 2255 2256 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan), 2257 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq, 2258 ic->ic_bsschan->ic_flags)); 2259 2260 /* 2261 * If a long slot station do the slot time bookkeeping. 2262 / 2263* if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2264 KASSERT(ic->ic_longslotsta > 0, 2265 ("bogus long slot station count %d", ic->ic_longslotsta)); 2266 ic->ic_longslotsta--; 2267 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2268 "long slot time station leaves, count now %d", 2269 ic->ic_longslotsta); 2270 if (ic->ic_longslotsta == 0) { 2271 /* 2272 * Re-enable use of short slot time if supported 2273 * and not operating in IBSS mode (per spec). 2274 / 2275* if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2276 ic->ic_opmode != IEEE80211_M_IBSS) { 2277 IEEE80211_DPRINTF(ni->ni_vap, 2278 IEEE80211_MSG_ASSOC, 2279 "%s: re-enable use of short slot time\n", 2280 __func__); 2281 ieee80211_set_shortslottime(ic, 1); 2282 } 2283 } 2284 } 2285 /* 2286 * If a non-ERP station do the protection-related bookkeeping. 2287 / 2288* if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2289 KASSERT(ic->ic_nonerpsta > 0, 2290 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2291 ic->ic_nonerpsta--; 2292 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2293 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta, 2294 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ? 2295 " (non-ERP sta present)" : ""); 2296 if (ic->ic_nonerpsta == 0 && 2297 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2298 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2299 "%s: disable use of protection\n", __func__); 2300 disable_protection(ic); 2301 } 2302 } 2303} 2304 2305/* 2306 * Time out presence of an overlapping bss with non-ERP 2307 * stations. When operating in hostap mode we listen for 2308 * beacons from other stations and if we identify a non-ERP 2309 * station is present we enable protection. To identify 2310 * when all non-ERP stations are gone we time out this 2311 * condition. 2312 / 2313static void 2314ieee80211_erp_timeout(struct ieee80211com ic) 2315{ 2316 2317 IEEE80211_LOCK_ASSERT(ic); 2318 2319 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) && 2320 time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) { 2321#if 0 2322 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2323 "%s", "age out non-ERP sta present on channel"); 2324#endif 2325 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR; 2326 if (ic->ic_nonerpsta == 0) 2327 disable_protection(ic); 2328 } 2329} 2330 2331/* 2332 * Handle bookkeeping for station deauthentication/disassociation 2333 * when operating as an ap. 2334 / 2335void 2336ieee80211_node_leave(struct ieee80211_node ni) 2337{ 2338 struct ieee80211com ic = ni->ni_ic; 2339* struct ieee80211vap vap = ni->ni_vap; 2340* struct ieee80211_node_table nt = ni->ni_table; 2341* 2342 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC \| IEEE80211_MSG_DEBUG, ni, 2343 "station with aid %d leaves", IEEE80211_NODE_AID(ni)); 2344 2345 KASSERT(vap->iv_opmode != IEEE80211_M_STA, 2346 ("unexpected operating mode %u", vap->iv_opmode)); 2347 /* 2348 * If node wasn't previously associated all 2349 * we need to do is reclaim the reference. 2350 / 2351* /* XXX ibss mode bypasses 11g and notification / 2352* if (ni->ni_associd == 0) 2353 goto done; 2354 /* 2355 * Tell the authenticator the station is leaving. 2356 * Note that we must do this before yanking the 2357 * association id as the authenticator uses the 2358 * associd to locate it's state block. 2359 / 2360* if (vap->iv_auth->ia_node_leave != NULL) 2361 vap->iv_auth->ia_node_leave(ni); 2362 2363 IEEE80211_LOCK(ic); 2364 IEEE80211_AID_CLR(vap, ni->ni_associd); 2365 ni->ni_associd = 0; 2366 vap->iv_sta_assoc--; 2367 ic->ic_sta_assoc--; 2368 2369 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2370 ieee80211_ht_node_leave(ni); 2371 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2372 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2373 ieee80211_node_leave_11g(ni); 2374 IEEE80211_UNLOCK(ic); 2375 /* 2376 * Cleanup station state. In particular clear various 2377 * state that might otherwise be reused if the node 2378 * is reused before the reference count goes to zero 2379 * (and memory is reclaimed). 2380 / 2381* ieee80211_sta_leave(ni); 2382done: 2383 /* 2384 * Remove the node from any table it's recorded in and 2385 * drop the caller's reference. Removal from the table 2386 * is important to insure the node is not reprocessed 2387 * for inactivity. 2388 / 2389* if (nt != NULL) { 2390 IEEE80211_NODE_LOCK(nt); 2391 node_reclaim(nt, ni); 2392 IEEE80211_NODE_UNLOCK(nt); 2393 } else 2394 ieee80211_free_node(ni); 2395} 2396 2397struct rssiinfo { 2398 struct ieee80211vap vap; 2399* int rssi_samples; 2400 uint32_t rssi_total; 2401}; 2402 2403static void 2404get_hostap_rssi(void arg, struct ieee80211_node ni) 2405{ 2406 struct rssiinfo info = arg; 2407* struct ieee80211vap vap = ni->ni_vap; 2408* int8_t rssi; 2409 2410 if (info->vap != vap) 2411 return; 2412 /* only associated stations / 2413* if (ni->ni_associd == 0) 2414 return; 2415 rssi = vap->iv_ic->ic_node_getrssi(ni); 2416 if (rssi != 0) { 2417 info->rssi_samples++; 2418 info->rssi_total += rssi; 2419 } 2420} 2421 2422static void 2423get_adhoc_rssi(void arg, struct ieee80211_node ni) 2424{ 2425 struct rssiinfo info = arg; 2426* struct ieee80211vap vap = ni->ni_vap; 2427* int8_t rssi; 2428 2429 if (info->vap != vap) 2430 return; 2431 /* only neighbors / 2432* /* XXX check bssid / 2433* if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 2434 return; 2435 rssi = vap->iv_ic->ic_node_getrssi(ni); 2436 if (rssi != 0) { 2437 info->rssi_samples++; 2438 info->rssi_total += rssi; 2439 } 2440} 2441 2442int8_t 2443ieee80211_getrssi(struct ieee80211vap vap) 2444{ 2445#define NZ(x) ((x) == 0 ? 1 : (x)) 2446* struct ieee80211com ic = vap->iv_ic; 2447* struct rssiinfo info; 2448 2449 info.rssi_total = 0; 2450 info.rssi_samples = 0; 2451 info.vap = vap; 2452 switch (vap->iv_opmode) { 2453 case IEEE80211_M_IBSS: /* average of all ibss neighbors / 2454* case IEEE80211_M_AHDEMO: /* average of all neighbors / 2455* ieee80211_iterate_nodes(&ic->ic_sta, get_adhoc_rssi, &info); 2456 break; 2457 case IEEE80211_M_HOSTAP: /* average of all associated stations / 2458* ieee80211_iterate_nodes(&ic->ic_sta, get_hostap_rssi, &info); 2459 break; 2460 case IEEE80211_M_MONITOR: /* XXX / 2461* case IEEE80211_M_STA: /* use stats from associated ap / 2462* default: 2463 if (vap->iv_bss != NULL) 2464 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss); 2465 info.rssi_samples = 1; 2466 break; 2467 } 2468 return info.rssi_total / NZ(info.rssi_samples); 2469#undef NZ 2470} 2471 2472void 2473ieee80211_getsignal(struct ieee80211vap vap, int8_t rssi, int8_t noise) 2474{ 2475* 2476 if (vap->iv_bss == NULL) /* NB: shouldn't happen / 2477* return; 2478 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise); 2479 /* for non-station mode return avg'd rssi accounting / 2480* if (vap->iv_opmode != IEEE80211_M_STA) 2481 rssi = ieee80211_getrssi(vap); 2482*}	1601 "%s: delete key map entry %p<%s> refcnt %d\n", 1602 __func__, ni, ether_sprintf(ni->ni_macaddr), 1603 ieee80211_node_refcnt(ni)-1); 1604 ieee80211_free_node(ni); 1605 } 1606 return status; 1607} 1608 1609/* 1610 * Reclaim a node. If this is the last reference count then 1611 * do the normal free work. Otherwise remove it from the node 1612 * table and mark it gone by clearing the back-reference. 1613 / 1614static void 1615node_reclaim(struct ieee80211_node_table nt, struct ieee80211_node ni) 1616{ 1617* ieee80211_keyix keyix; 1618 1619 IEEE80211_NODE_LOCK_ASSERT(nt); 1620 1621 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1622 "%s: remove %p<%s> from %s table, refcnt %d\n", 1623 __func__, ni, ether_sprintf(ni->ni_macaddr), 1624 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1625 /* 1626 * Clear any entry in the unicast key mapping table. 1627 * We need to do it here so rx lookups don't find it 1628 * in the mapping table even if it's not in the hash 1629 * table. We cannot depend on the mapping table entry 1630 * being cleared because the node may not be free'd. 1631 / 1632* keyix = ni->ni_ucastkey.wk_rxkeyix; 1633 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 1634 nt->nt_keyixmap[keyix] == ni) { 1635 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1636 "%s: %p<%s> clear key map entry\n", 1637 __func__, ni, ether_sprintf(ni->ni_macaddr)); 1638 nt->nt_keyixmap[keyix] = NULL; 1639 ieee80211_node_decref(ni); /* NB: don't need free / 1640* } 1641 if (!ieee80211_node_dectestref(ni)) { 1642 /* 1643 * Other references are present, just remove the 1644 * node from the table so it cannot be found. When 1645 * the references are dropped storage will be 1646 * reclaimed. 1647 / 1648* TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1649 LIST_REMOVE(ni, ni_hash); 1650 ni->ni_table = NULL; /* clear reference / 1651* } else 1652 _ieee80211_free_node(ni); 1653} 1654 1655/* 1656 * Reclaim a (bss) node. Decrement the refcnt and reclaim 1657 * the node if the only other reference to it is in the sta 1658 * table. This is effectively ieee80211_free_node followed 1659 * by node_reclaim when the refcnt is 1 (after the free). 1660 / 1661static void 1662ieee80211_node_reclaim(struct ieee80211_node ni) 1663{ 1664 struct ieee80211_node_table nt = ni->ni_table; 1665* 1666 KASSERT(nt != NULL, ("reclaim node not in table")); 1667 1668#ifdef IEEE80211_DEBUG_REFCNT 1669 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1670 "%s %p<%s> refcnt %d\n", __func__, ni, 1671 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1672#endif 1673 IEEE80211_NODE_LOCK(nt); 1674 if (ieee80211_node_dectestref(ni)) { 1675 /* 1676 * Last reference, reclaim state. 1677 / 1678* _ieee80211_free_node(ni); 1679 nt = NULL; 1680 } else if (ieee80211_node_refcnt(ni) == 1 && 1681 nt->nt_keyixmap != NULL) { 1682 ieee80211_keyix keyix; 1683 /* 1684 * Check for a last reference in the key mapping table. 1685 / 1686* keyix = ni->ni_ucastkey.wk_rxkeyix; 1687 if (keyix < nt->nt_keyixmax && 1688 nt->nt_keyixmap[keyix] == ni) { 1689 IEEE80211_DPRINTF(ni->ni_vap, 1690 IEEE80211_MSG_NODE, 1691 "%s: %p<%s> clear key map entry", __func__, 1692 ni, ether_sprintf(ni->ni_macaddr)); 1693 nt->nt_keyixmap[keyix] = NULL; 1694 ieee80211_node_decref(ni); /* XXX needed? / 1695* _ieee80211_free_node(ni); 1696 nt = NULL; 1697 } 1698 } 1699 if (nt != NULL && ieee80211_node_refcnt(ni) == 1) { 1700 /* 1701 * Last reference is in the sta table; complete 1702 * the reclaim. This handles bss nodes being 1703 * recycled: the node has two references, one for 1704 * iv_bss and one for the table. After dropping 1705 * the iv_bss ref above we need to reclaim the sta 1706 * table reference. 1707 / 1708* ieee80211_node_decref(ni); /* NB: be pendantic / 1709* _ieee80211_free_node(ni); 1710 } 1711 IEEE80211_NODE_UNLOCK(nt); 1712} 1713 1714/* 1715 * Node table support. 1716 / 1717* 1718static void 1719ieee80211_node_table_init(struct ieee80211com ic, 1720* struct ieee80211_node_table nt, 1721* const char name, int inact, int keyixmax) 1722{ 1723* struct ifnet ifp = ic->ic_ifp; 1724* 1725 nt->nt_ic = ic; 1726 IEEE80211_NODE_LOCK_INIT(nt, ifp->if_xname); 1727 IEEE80211_NODE_ITERATE_LOCK_INIT(nt, ifp->if_xname); 1728 TAILQ_INIT(&nt->nt_node); 1729 nt->nt_name = name; 1730 nt->nt_scangen = 1; 1731 nt->nt_inact_init = inact; 1732 nt->nt_keyixmax = keyixmax; 1733 if (nt->nt_keyixmax > 0) { 1734 MALLOC(nt->nt_keyixmap, struct ieee80211_node *, 1735* keyixmax * sizeof(struct ieee80211_node ), 1736* M_80211_NODE, M_NOWAIT \| M_ZERO); 1737 if (nt->nt_keyixmap == NULL) 1738 if_printf(ic->ic_ifp, 1739 "Cannot allocate key index map with %u entries\n", 1740 keyixmax); 1741 } else 1742 nt->nt_keyixmap = NULL; 1743} 1744 1745static void 1746ieee80211_node_table_reset(struct ieee80211_node_table nt, 1747* struct ieee80211vap match) 1748{ 1749* struct ieee80211_node ni, next; 1750 1751 IEEE80211_NODE_LOCK(nt); 1752 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { 1753 if (match != NULL && ni->ni_vap != match) 1754 continue; 1755 /* XXX can this happen? if so need's work / 1756* if (ni->ni_associd != 0) { 1757 struct ieee80211vap vap = ni->ni_vap; 1758* 1759 if (vap->iv_auth->ia_node_leave != NULL) 1760 vap->iv_auth->ia_node_leave(ni); 1761 if (vap->iv_aid_bitmap != NULL) 1762 IEEE80211_AID_CLR(vap, ni->ni_associd); 1763 } 1764 ni->ni_wdsvap = NULL; /* clear reference / 1765* node_reclaim(nt, ni); 1766 } 1767 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) { 1768 /* 1769 * Make a separate pass to clear references to this vap 1770 * held by DWDS entries. They will not be matched above 1771 * because ni_vap will point to the ap vap but we still 1772 * need to clear ni_wdsvap when the WDS vap is destroyed 1773 * and/or reset. 1774 / 1775* TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) 1776 if (ni->ni_wdsvap == match) 1777 ni->ni_wdsvap = NULL; 1778 } 1779 IEEE80211_NODE_UNLOCK(nt); 1780} 1781 1782static void 1783ieee80211_node_table_cleanup(struct ieee80211_node_table nt) 1784{ 1785* ieee80211_node_table_reset(nt, NULL); 1786 if (nt->nt_keyixmap != NULL) { 1787#ifdef DIAGNOSTIC 1788 /* XXX verify all entries are NULL / 1789* int i; 1790 for (i = 0; i < nt->nt_keyixmax; i++) 1791 if (nt->nt_keyixmap[i] != NULL) 1792 printf("%s: %s[%u] still active\n", __func__, 1793 nt->nt_name, i); 1794#endif 1795 FREE(nt->nt_keyixmap, M_80211_NODE); 1796 nt->nt_keyixmap = NULL; 1797 } 1798 IEEE80211_NODE_ITERATE_LOCK_DESTROY(nt); 1799 IEEE80211_NODE_LOCK_DESTROY(nt); 1800} 1801 1802/* 1803 * Timeout inactive stations and do related housekeeping. 1804 * Note that we cannot hold the node lock while sending a 1805 * frame as this would lead to a LOR. Instead we use a 1806 * generation number to mark nodes that we've scanned and 1807 * drop the lock and restart a scan if we have to time out 1808 * a node. Since we are single-threaded by virtue of 1809 * controlling the inactivity timer we can be sure this will 1810 * process each node only once. 1811 / 1812static void 1813ieee80211_timeout_stations(struct ieee80211com ic) 1814{ 1815 struct ieee80211_node_table nt = &ic->ic_sta; 1816* struct ieee80211vap vap; 1817* struct ieee80211_node ni; 1818* int gen = 0; 1819 1820 IEEE80211_NODE_ITERATE_LOCK(nt); 1821 gen = ++nt->nt_scangen; 1822restart: 1823 IEEE80211_NODE_LOCK(nt); 1824 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1825 if (ni->ni_scangen == gen) /* previously handled / 1826* continue; 1827 ni->ni_scangen = gen; 1828 /* 1829 * Ignore entries for which have yet to receive an 1830 * authentication frame. These are transient and 1831 * will be reclaimed when the last reference to them 1832 * goes away (when frame xmits complete). 1833 / 1834* vap = ni->ni_vap; 1835 /* 1836 * Only process stations when in RUN state. This 1837 * insures, for example, that we don't timeout an 1838 * inactive station during CAC. Note that CSA state 1839 * is actually handled in ieee80211_node_timeout as 1840 * it applies to more than timeout processing. 1841 / 1842* if (vap->iv_state != IEEE80211_S_RUN) 1843 continue; 1844 /* XXX can vap be NULL? / 1845* if ((vap->iv_opmode == IEEE80211_M_HOSTAP \|\| 1846 vap->iv_opmode == IEEE80211_M_STA) && 1847 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1848 continue; 1849 /* 1850 * Free fragment if not needed anymore 1851 * (last fragment older than 1s). 1852 * XXX doesn't belong here, move to node_age 1853 / 1854* if (ni->ni_rxfrag[0] != NULL && 1855 ticks > ni->ni_rxfragstamp + hz) { 1856 m_freem(ni->ni_rxfrag[0]); 1857 ni->ni_rxfrag[0] = NULL; 1858 } 1859 if (ni->ni_inact > 0) 1860 ni->ni_inact--; 1861 /* 1862 * Special case ourself; we may be idle for extended periods 1863 * of time and regardless reclaiming our state is wrong. 1864 * XXX run ic_node_age 1865 / 1866* if (ni == vap->iv_bss) 1867 continue; 1868 if (ni->ni_associd != 0 \|\| 1869 (vap->iv_opmode == IEEE80211_M_IBSS \|\| 1870 vap->iv_opmode == IEEE80211_M_AHDEMO)) { 1871 /* 1872 * Age/drain resources held by the station. 1873 / 1874* ic->ic_node_age(ni); 1875 /* 1876 * Probe the station before time it out. We 1877 * send a null data frame which may not be 1878 * universally supported by drivers (need it 1879 * for ps-poll support so it should be...). 1880 * 1881 * XXX don't probe the station unless we've 1882 * received a frame from them (and have 1883 * some idea of the rates they are capable 1884 * of); this will get fixed more properly 1885 * soon with better handling of the rate set. 1886 / 1887* if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 1888 (0 < ni->ni_inact && 1889 ni->ni_inact <= vap->iv_inact_probe) && 1890 ni->ni_rates.rs_nrates != 0) { 1891 IEEE80211_NOTE(vap, 1892 IEEE80211_MSG_INACT \| IEEE80211_MSG_NODE, 1893 ni, "%s", 1894 "probe station due to inactivity"); 1895 /* 1896 * Grab a reference before unlocking the table 1897 * so the node cannot be reclaimed before we 1898 * send the frame. ieee80211_send_nulldata 1899 * understands we've done this and reclaims the 1900 * ref for us as needed. 1901 / 1902* ieee80211_ref_node(ni); 1903 IEEE80211_NODE_UNLOCK(nt); 1904 ieee80211_send_nulldata(ni); 1905 /* XXX stat? / 1906* goto restart; 1907 } 1908 } 1909 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 1910 ni->ni_inact <= 0) { 1911 IEEE80211_NOTE(vap, 1912 IEEE80211_MSG_INACT \| IEEE80211_MSG_NODE, ni, 1913 "station timed out due to inactivity " 1914 "(refcnt %u)", ieee80211_node_refcnt(ni)); 1915 /* 1916 * Send a deauthenticate frame and drop the station. 1917 * This is somewhat complicated due to reference counts 1918 * and locking. At this point a station will typically 1919 * have a reference count of 1. ieee80211_node_leave 1920 * will do a "free" of the node which will drop the 1921 * reference count. But in the meantime a reference 1922 * wil be held by the deauth frame. The actual reclaim 1923 * of the node will happen either after the tx is 1924 * completed or by ieee80211_node_leave. 1925 * 1926 * Separately we must drop the node lock before sending 1927 * in case the driver takes a lock, as this can result 1928 * in a LOR between the node lock and the driver lock. 1929 / 1930* ieee80211_ref_node(ni); 1931 IEEE80211_NODE_UNLOCK(nt); 1932 if (ni->ni_associd != 0) { 1933 IEEE80211_SEND_MGMT(ni, 1934 IEEE80211_FC0_SUBTYPE_DEAUTH, 1935 IEEE80211_REASON_AUTH_EXPIRE); 1936 } 1937 ieee80211_node_leave(ni); 1938 ieee80211_free_node(ni); 1939 vap->iv_stats.is_node_timeout++; 1940 goto restart; 1941 } 1942 } 1943 IEEE80211_NODE_UNLOCK(nt); 1944 1945 IEEE80211_NODE_ITERATE_UNLOCK(nt); 1946} 1947 1948/* 1949 * Aggressively reclaim resources. This should be used 1950 * only in a critical situation to reclaim mbuf resources. 1951 / 1952void 1953ieee80211_drain(struct ieee80211com ic) 1954{ 1955 struct ieee80211_node_table nt = &ic->ic_sta; 1956* struct ieee80211vap vap; 1957* struct ieee80211_node ni; 1958* 1959 IEEE80211_NODE_LOCK(nt); 1960 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1961 /* 1962 * Ignore entries for which have yet to receive an 1963 * authentication frame. These are transient and 1964 * will be reclaimed when the last reference to them 1965 * goes away (when frame xmits complete). 1966 / 1967* vap = ni->ni_vap; 1968 /* 1969 * Only process stations when in RUN state. This 1970 * insures, for example, that we don't timeout an 1971 * inactive station during CAC. Note that CSA state 1972 * is actually handled in ieee80211_node_timeout as 1973 * it applies to more than timeout processing. 1974 / 1975* if (vap->iv_state != IEEE80211_S_RUN) 1976 continue; 1977 /* XXX can vap be NULL? / 1978* if ((vap->iv_opmode == IEEE80211_M_HOSTAP \|\| 1979 vap->iv_opmode == IEEE80211_M_STA) && 1980 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1981 continue; 1982 /* 1983 * Free fragments. 1984 * XXX doesn't belong here, move to node_drain 1985 / 1986* if (ni->ni_rxfrag[0] != NULL) { 1987 m_freem(ni->ni_rxfrag[0]); 1988 ni->ni_rxfrag[0] = NULL; 1989 } 1990 /* 1991 * Drain resources held by the station. 1992 / 1993* ic->ic_node_drain(ni); 1994 } 1995 IEEE80211_NODE_UNLOCK(nt); 1996} 1997 1998/* 1999 * Per-ieee80211com inactivity timer callback. 2000 / 2001void 2002ieee80211_node_timeout(void arg) 2003{ 2004 struct ieee80211com ic = arg; 2005* 2006 /* 2007 * Defer timeout processing if a channel switch is pending. 2008 * We typically need to be mute so not doing things that 2009 * might generate frames is good to handle in one place. 2010 * Supressing the station timeout processing may extend the 2011 * lifetime of inactive stations (by not decrementing their 2012 * idle counters) but this should be ok unless the CSA is 2013 * active for an unusually long time. 2014 / 2015* if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) { 2016 ieee80211_scan_timeout(ic); 2017 ieee80211_timeout_stations(ic); 2018 2019 IEEE80211_LOCK(ic); 2020 ieee80211_erp_timeout(ic); 2021 ieee80211_ht_timeout(ic); 2022 IEEE80211_UNLOCK(ic); 2023 } 2024 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIThz, 2025* ieee80211_node_timeout, ic); 2026} 2027 2028void 2029ieee80211_iterate_nodes(struct ieee80211_node_table nt, 2030* ieee80211_iter_func f, void arg) 2031{ 2032 struct ieee80211_node ni; 2033* u_int gen; 2034 2035 IEEE80211_NODE_ITERATE_LOCK(nt); 2036 gen = ++nt->nt_scangen; 2037restart: 2038 IEEE80211_NODE_LOCK(nt); 2039 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2040 if (ni->ni_scangen != gen) { 2041 ni->ni_scangen = gen; 2042 (void) ieee80211_ref_node(ni); 2043 IEEE80211_NODE_UNLOCK(nt); 2044 (f)(arg, ni); 2045* ieee80211_free_node(ni); 2046 goto restart; 2047 } 2048 } 2049 IEEE80211_NODE_UNLOCK(nt); 2050 2051 IEEE80211_NODE_ITERATE_UNLOCK(nt); 2052} 2053 2054void 2055ieee80211_dump_node(struct ieee80211_node_table nt, struct ieee80211_node ni) 2056{ 2057 printf("0x%p: mac %s refcnt %d\n", ni, 2058 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2059 printf("\tscangen %u authmode %u flags 0x%x\n", 2060 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 2061 printf("\tassocid 0x%x txpower %u vlan %u\n", 2062 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2063 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2064 ni->ni_txseqs[IEEE80211_NONQOS_TID], 2065 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT, 2066 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK, 2067 ni->ni_rxfragstamp); 2068 printf("\trstamp %u rssi %d noise %d intval %u capinfo 0x%x\n", 2069 ni->ni_rstamp, node_getrssi(ni), ni->ni_noise, 2070 ni->ni_intval, ni->ni_capinfo); 2071 printf("\tbssid %s essid \"%.s\" channel %u:0x%x\n", 2072* ether_sprintf(ni->ni_bssid), 2073 ni->ni_esslen, ni->ni_essid, 2074 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2075 printf("\tinact %u txrate %u\n", 2076 ni->ni_inact, ni->ni_txrate); 2077 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n", 2078 ni->ni_htcap, ni->ni_htparam, 2079 ni->ni_htctlchan, ni->ni_ht2ndchan); 2080 printf("\thtopmode %x htstbc %x chw %u\n", 2081 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw); 2082} 2083 2084void 2085ieee80211_dump_nodes(struct ieee80211_node_table nt) 2086{ 2087* ieee80211_iterate_nodes(nt, 2088 (ieee80211_iter_func ) ieee80211_dump_node, nt); 2089} 2090* 2091void 2092ieee80211_notify_erp(struct ieee80211com ic) 2093{ 2094* struct ieee80211vap vap; 2095* 2096 IEEE80211_LOCK_ASSERT(ic); 2097 2098 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) 2099 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2100 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP); 2101} 2102 2103/* 2104 * Handle a station joining an 11g network. 2105 / 2106static void 2107ieee80211_node_join_11g(struct ieee80211_node ni) 2108{ 2109 struct ieee80211com ic = ni->ni_ic; 2110* 2111 IEEE80211_LOCK_ASSERT(ic); 2112 2113 /* 2114 * Station isn't capable of short slot time. Bump 2115 * the count of long slot time stations and disable 2116 * use of short slot time. Note that the actual switch 2117 * over to long slot time use may not occur until the 2118 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2119 / 2120* if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2121 ic->ic_longslotsta++; 2122 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2123 "station needs long slot time, count %d", 2124 ic->ic_longslotsta); 2125 /* XXX vap's w/ conflicting needs won't work / 2126* if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) { 2127 /* 2128 * Don't force slot time when switched to turbo 2129 * mode as non-ERP stations won't be present; this 2130 * need only be done when on the normal G channel. 2131 / 2132* ieee80211_set_shortslottime(ic, 0); 2133 } 2134 } 2135 /* 2136 * If the new station is not an ERP station 2137 * then bump the counter and enable protection 2138 * if configured. 2139 / 2140* if (!ieee80211_iserp_rateset(&ni->ni_rates)) { 2141 ic->ic_nonerpsta++; 2142 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2143 "station is !ERP, %d non-ERP stations associated", 2144 ic->ic_nonerpsta); 2145 /* 2146 * If station does not support short preamble 2147 * then we must enable use of Barker preamble. 2148 / 2149* if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2150 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2151 "%s", "station needs long preamble"); 2152 ic->ic_flags \|= IEEE80211_F_USEBARKER; 2153 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2154 } 2155 /* 2156 * If protection is configured and this is the first 2157 * indication we should use protection, enable it. 2158 / 2159* if (ic->ic_protmode != IEEE80211_PROT_NONE && 2160 ic->ic_nonerpsta == 1 && 2161 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2162 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2163 "%s: enable use of protection\n", __func__); 2164 ic->ic_flags \|= IEEE80211_F_USEPROT; 2165 ieee80211_notify_erp(ic); 2166 } 2167 } else 2168 ni->ni_flags \|= IEEE80211_NODE_ERP; 2169} 2170 2171void 2172ieee80211_node_join(struct ieee80211_node ni, int resp) 2173{ 2174* struct ieee80211com ic = ni->ni_ic; 2175* struct ieee80211vap vap = ni->ni_vap; 2176* int newassoc; 2177 2178 if (ni->ni_associd == 0) { 2179 uint16_t aid; 2180 2181 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap")); 2182 /* 2183 * It would be good to search the bitmap 2184 * more efficiently, but this will do for now. 2185 / 2186* for (aid = 1; aid < vap->iv_max_aid; aid++) { 2187 if (!IEEE80211_AID_ISSET(vap, aid)) 2188 break; 2189 } 2190 if (aid >= vap->iv_max_aid) { 2191 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY); 2192 ieee80211_node_leave(ni); 2193 return; 2194 } 2195 ni->ni_associd = aid \| 0xc000; 2196 ni->ni_jointime = time_uptime; 2197 IEEE80211_LOCK(ic); 2198 IEEE80211_AID_SET(vap, ni->ni_associd); 2199 vap->iv_sta_assoc++; 2200 ic->ic_sta_assoc++; 2201 2202 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2203 ieee80211_ht_node_join(ni); 2204 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2205 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2206 ieee80211_node_join_11g(ni); 2207 IEEE80211_UNLOCK(ic); 2208 2209 newassoc = 1; 2210 } else 2211 newassoc = 0; 2212 2213 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC \| IEEE80211_MSG_DEBUG, ni, 2214 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s", 2215 IEEE80211_NODE_AID(ni), 2216 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2217 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2218 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2219 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "", 2220 ni->ni_flags & IEEE80211_NODE_HT ? 2221 (ni->ni_chw == 20 ? ", HT20" : ", HT40") : "", 2222 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "", 2223 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ? 2224 ", fast-frames" : "", 2225 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ? 2226 ", turbo" : "" 2227 ); 2228 2229 /* give driver a chance to setup state like ni_txrate / 2230* if (ic->ic_newassoc != NULL) 2231 ic->ic_newassoc(ni, newassoc); 2232 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS); 2233 /* tell the authenticator about new station / 2234* if (vap->iv_auth->ia_node_join != NULL) 2235 vap->iv_auth->ia_node_join(ni); 2236 ieee80211_notify_node_join(ni, 2237 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 2238} 2239 2240static void 2241disable_protection(struct ieee80211com ic) 2242{ 2243* KASSERT(ic->ic_nonerpsta == 0 && 2244 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0, 2245 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta, 2246 ic->ic_flags_ext)); 2247 2248 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2249 /* XXX verify mode? / 2250* if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2251 ic->ic_flags \|= IEEE80211_F_SHPREAMBLE; 2252 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2253 } 2254 ieee80211_notify_erp(ic); 2255} 2256 2257/* 2258 * Handle a station leaving an 11g network. 2259 / 2260static void 2261ieee80211_node_leave_11g(struct ieee80211_node ni) 2262{ 2263 struct ieee80211com ic = ni->ni_ic; 2264* 2265 IEEE80211_LOCK_ASSERT(ic); 2266 2267 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan), 2268 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq, 2269 ic->ic_bsschan->ic_flags)); 2270 2271 /* 2272 * If a long slot station do the slot time bookkeeping. 2273 / 2274* if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2275 KASSERT(ic->ic_longslotsta > 0, 2276 ("bogus long slot station count %d", ic->ic_longslotsta)); 2277 ic->ic_longslotsta--; 2278 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2279 "long slot time station leaves, count now %d", 2280 ic->ic_longslotsta); 2281 if (ic->ic_longslotsta == 0) { 2282 /* 2283 * Re-enable use of short slot time if supported 2284 * and not operating in IBSS mode (per spec). 2285 / 2286* if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2287 ic->ic_opmode != IEEE80211_M_IBSS) { 2288 IEEE80211_DPRINTF(ni->ni_vap, 2289 IEEE80211_MSG_ASSOC, 2290 "%s: re-enable use of short slot time\n", 2291 __func__); 2292 ieee80211_set_shortslottime(ic, 1); 2293 } 2294 } 2295 } 2296 /* 2297 * If a non-ERP station do the protection-related bookkeeping. 2298 / 2299* if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2300 KASSERT(ic->ic_nonerpsta > 0, 2301 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2302 ic->ic_nonerpsta--; 2303 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2304 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta, 2305 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ? 2306 " (non-ERP sta present)" : ""); 2307 if (ic->ic_nonerpsta == 0 && 2308 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2309 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2310 "%s: disable use of protection\n", __func__); 2311 disable_protection(ic); 2312 } 2313 } 2314} 2315 2316/* 2317 * Time out presence of an overlapping bss with non-ERP 2318 * stations. When operating in hostap mode we listen for 2319 * beacons from other stations and if we identify a non-ERP 2320 * station is present we enable protection. To identify 2321 * when all non-ERP stations are gone we time out this 2322 * condition. 2323 / 2324static void 2325ieee80211_erp_timeout(struct ieee80211com ic) 2326{ 2327 2328 IEEE80211_LOCK_ASSERT(ic); 2329 2330 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) && 2331 time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) { 2332#if 0 2333 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2334 "%s", "age out non-ERP sta present on channel"); 2335#endif 2336 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR; 2337 if (ic->ic_nonerpsta == 0) 2338 disable_protection(ic); 2339 } 2340} 2341 2342/* 2343 * Handle bookkeeping for station deauthentication/disassociation 2344 * when operating as an ap. 2345 / 2346void 2347ieee80211_node_leave(struct ieee80211_node ni) 2348{ 2349 struct ieee80211com ic = ni->ni_ic; 2350* struct ieee80211vap vap = ni->ni_vap; 2351* struct ieee80211_node_table nt = ni->ni_table; 2352* 2353 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC \| IEEE80211_MSG_DEBUG, ni, 2354 "station with aid %d leaves", IEEE80211_NODE_AID(ni)); 2355 2356 KASSERT(vap->iv_opmode != IEEE80211_M_STA, 2357 ("unexpected operating mode %u", vap->iv_opmode)); 2358 /* 2359 * If node wasn't previously associated all 2360 * we need to do is reclaim the reference. 2361 / 2362* /* XXX ibss mode bypasses 11g and notification / 2363* if (ni->ni_associd == 0) 2364 goto done; 2365 /* 2366 * Tell the authenticator the station is leaving. 2367 * Note that we must do this before yanking the 2368 * association id as the authenticator uses the 2369 * associd to locate it's state block. 2370 / 2371* if (vap->iv_auth->ia_node_leave != NULL) 2372 vap->iv_auth->ia_node_leave(ni); 2373 2374 IEEE80211_LOCK(ic); 2375 IEEE80211_AID_CLR(vap, ni->ni_associd); 2376 ni->ni_associd = 0; 2377 vap->iv_sta_assoc--; 2378 ic->ic_sta_assoc--; 2379 2380 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2381 ieee80211_ht_node_leave(ni); 2382 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2383 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2384 ieee80211_node_leave_11g(ni); 2385 IEEE80211_UNLOCK(ic); 2386 /* 2387 * Cleanup station state. In particular clear various 2388 * state that might otherwise be reused if the node 2389 * is reused before the reference count goes to zero 2390 * (and memory is reclaimed). 2391 / 2392* ieee80211_sta_leave(ni); 2393done: 2394 /* 2395 * Remove the node from any table it's recorded in and 2396 * drop the caller's reference. Removal from the table 2397 * is important to insure the node is not reprocessed 2398 * for inactivity. 2399 / 2400* if (nt != NULL) { 2401 IEEE80211_NODE_LOCK(nt); 2402 node_reclaim(nt, ni); 2403 IEEE80211_NODE_UNLOCK(nt); 2404 } else 2405 ieee80211_free_node(ni); 2406} 2407 2408struct rssiinfo { 2409 struct ieee80211vap vap; 2410* int rssi_samples; 2411 uint32_t rssi_total; 2412}; 2413 2414static void 2415get_hostap_rssi(void arg, struct ieee80211_node ni) 2416{ 2417 struct rssiinfo info = arg; 2418* struct ieee80211vap vap = ni->ni_vap; 2419* int8_t rssi; 2420 2421 if (info->vap != vap) 2422 return; 2423 /* only associated stations / 2424* if (ni->ni_associd == 0) 2425 return; 2426 rssi = vap->iv_ic->ic_node_getrssi(ni); 2427 if (rssi != 0) { 2428 info->rssi_samples++; 2429 info->rssi_total += rssi; 2430 } 2431} 2432 2433static void 2434get_adhoc_rssi(void arg, struct ieee80211_node ni) 2435{ 2436 struct rssiinfo info = arg; 2437* struct ieee80211vap vap = ni->ni_vap; 2438* int8_t rssi; 2439 2440 if (info->vap != vap) 2441 return; 2442 /* only neighbors / 2443* /* XXX check bssid / 2444* if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 2445 return; 2446 rssi = vap->iv_ic->ic_node_getrssi(ni); 2447 if (rssi != 0) { 2448 info->rssi_samples++; 2449 info->rssi_total += rssi; 2450 } 2451} 2452 2453int8_t 2454ieee80211_getrssi(struct ieee80211vap vap) 2455{ 2456#define NZ(x) ((x) == 0 ? 1 : (x)) 2457* struct ieee80211com ic = vap->iv_ic; 2458* struct rssiinfo info; 2459 2460 info.rssi_total = 0; 2461 info.rssi_samples = 0; 2462 info.vap = vap; 2463 switch (vap->iv_opmode) { 2464 case IEEE80211_M_IBSS: /* average of all ibss neighbors / 2465* case IEEE80211_M_AHDEMO: /* average of all neighbors / 2466* ieee80211_iterate_nodes(&ic->ic_sta, get_adhoc_rssi, &info); 2467 break; 2468 case IEEE80211_M_HOSTAP: /* average of all associated stations / 2469* ieee80211_iterate_nodes(&ic->ic_sta, get_hostap_rssi, &info); 2470 break; 2471 case IEEE80211_M_MONITOR: /* XXX / 2472* case IEEE80211_M_STA: /* use stats from associated ap / 2473* default: 2474 if (vap->iv_bss != NULL) 2475 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss); 2476 info.rssi_samples = 1; 2477 break; 2478 } 2479 return info.rssi_total / NZ(info.rssi_samples); 2480#undef NZ 2481} 2482 2483void 2484ieee80211_getsignal(struct ieee80211vap vap, int8_t rssi, int8_t noise) 2485{ 2486* 2487 if (vap->iv_bss == NULL) /* NB: shouldn't happen / 2488* return; 2489 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise); 2490 /* for non-station mode return avg'd rssi accounting / 2491* if (vap->iv_opmode != IEEE80211_M_STA) 2492 rssi = ieee80211_getrssi(vap); 2493*}