1/*-
2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
| 1/*-
2 * Copyright (c) 2001 Atsushi Onoe
3 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
|
28__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_node.c 184205 2008-10-23 15:53:51Z des $");
| 28__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_node.c 184210 2008-10-23 19:57:13Z des $");
|
29
30#include "opt_wlan.h"
31
32#include <sys/param.h>
33#include <sys/systm.h>
34#include <sys/mbuf.h>
35#include <sys/malloc.h>
36#include <sys/kernel.h>
37
38#include <sys/socket.h>
39
40#include <net/if.h>
41#include <net/if_media.h>
42#include <net/ethernet.h>
43
44#include <net80211/ieee80211_var.h>
45#include <net80211/ieee80211_input.h>
46#include <net80211/ieee80211_wds.h>
47
48#include <net/bpf.h>
49
50/*
51 * Association id's are managed with a bit vector.
52 */
53#define IEEE80211_AID_SET(_vap, b) \
54 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \
55 (1 << (IEEE80211_AID(b) % 32)))
56#define IEEE80211_AID_CLR(_vap, b) \
57 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \
58 ~(1 << (IEEE80211_AID(b) % 32)))
59#define IEEE80211_AID_ISSET(_vap, b) \
60 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32)))
61
62#ifdef IEEE80211_DEBUG_REFCNT
63#define REFCNT_LOC "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line
64#else
65#define REFCNT_LOC "%s %p<%s> refcnt %d\n", __func__
66#endif
67
68static int ieee80211_sta_join1(struct ieee80211_node *);
69
70static struct ieee80211_node *node_alloc(struct ieee80211vap *,
71 const uint8_t [IEEE80211_ADDR_LEN]);
72static void node_cleanup(struct ieee80211_node *);
73static void node_free(struct ieee80211_node *);
74static void node_age(struct ieee80211_node *);
75static int8_t node_getrssi(const struct ieee80211_node *);
76static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *);
77static void node_getmimoinfo(const struct ieee80211_node *,
78 struct ieee80211_mimo_info *);
79
80static void _ieee80211_free_node(struct ieee80211_node *);
81
82static void ieee80211_node_table_init(struct ieee80211com *ic,
83 struct ieee80211_node_table *nt, const char *name,
84 int inact, int keymaxix);
85static void ieee80211_node_table_reset(struct ieee80211_node_table *,
86 struct ieee80211vap *);
87static void ieee80211_node_reclaim(struct ieee80211_node *);
88static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt);
89static void ieee80211_erp_timeout(struct ieee80211com *);
90
91MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state");
92MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie");
93
94void
95ieee80211_node_attach(struct ieee80211com *ic)
96{
97 ieee80211_node_table_init(ic, &ic->ic_sta, "station",
98 IEEE80211_INACT_INIT, ic->ic_max_keyix);
99 callout_init(&ic->ic_inact, CALLOUT_MPSAFE);
100 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz,
101 ieee80211_node_timeout, ic);
102
103 ic->ic_node_alloc = node_alloc;
104 ic->ic_node_free = node_free;
105 ic->ic_node_cleanup = node_cleanup;
106 ic->ic_node_age = node_age;
107 ic->ic_node_drain = node_age; /* NB: same as age */
108 ic->ic_node_getrssi = node_getrssi;
109 ic->ic_node_getsignal = node_getsignal;
110 ic->ic_node_getmimoinfo = node_getmimoinfo;
111
112 /*
113 * Set flags to be propagated to all vap's;
114 * these define default behaviour/configuration.
115 */
116 ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */
117}
118
119void
120ieee80211_node_detach(struct ieee80211com *ic)
121{
122
123 callout_drain(&ic->ic_inact);
124 ieee80211_node_table_cleanup(&ic->ic_sta);
125}
126
127void
128ieee80211_node_vattach(struct ieee80211vap *vap)
129{
130 /* NB: driver can override */
131 vap->iv_max_aid = IEEE80211_AID_DEF;
132
133 /* default station inactivity timer setings */
134 vap->iv_inact_init = IEEE80211_INACT_INIT;
135 vap->iv_inact_auth = IEEE80211_INACT_AUTH;
136 vap->iv_inact_run = IEEE80211_INACT_RUN;
137 vap->iv_inact_probe = IEEE80211_INACT_PROBE;
138}
139
140void
141ieee80211_node_latevattach(struct ieee80211vap *vap)
142{
143 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
144 /* XXX should we allow max aid to be zero? */
145 if (vap->iv_max_aid < IEEE80211_AID_MIN) {
146 vap->iv_max_aid = IEEE80211_AID_MIN;
147 if_printf(vap->iv_ifp,
148 "WARNING: max aid too small, changed to %d\n",
149 vap->iv_max_aid);
150 }
| 29
30#include "opt_wlan.h"
31
32#include <sys/param.h>
33#include <sys/systm.h>
34#include <sys/mbuf.h>
35#include <sys/malloc.h>
36#include <sys/kernel.h>
37
38#include <sys/socket.h>
39
40#include <net/if.h>
41#include <net/if_media.h>
42#include <net/ethernet.h>
43
44#include <net80211/ieee80211_var.h>
45#include <net80211/ieee80211_input.h>
46#include <net80211/ieee80211_wds.h>
47
48#include <net/bpf.h>
49
50/*
51 * Association id's are managed with a bit vector.
52 */
53#define IEEE80211_AID_SET(_vap, b) \
54 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \
55 (1 << (IEEE80211_AID(b) % 32)))
56#define IEEE80211_AID_CLR(_vap, b) \
57 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \
58 ~(1 << (IEEE80211_AID(b) % 32)))
59#define IEEE80211_AID_ISSET(_vap, b) \
60 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32)))
61
62#ifdef IEEE80211_DEBUG_REFCNT
63#define REFCNT_LOC "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line
64#else
65#define REFCNT_LOC "%s %p<%s> refcnt %d\n", __func__
66#endif
67
68static int ieee80211_sta_join1(struct ieee80211_node *);
69
70static struct ieee80211_node *node_alloc(struct ieee80211vap *,
71 const uint8_t [IEEE80211_ADDR_LEN]);
72static void node_cleanup(struct ieee80211_node *);
73static void node_free(struct ieee80211_node *);
74static void node_age(struct ieee80211_node *);
75static int8_t node_getrssi(const struct ieee80211_node *);
76static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *);
77static void node_getmimoinfo(const struct ieee80211_node *,
78 struct ieee80211_mimo_info *);
79
80static void _ieee80211_free_node(struct ieee80211_node *);
81
82static void ieee80211_node_table_init(struct ieee80211com *ic,
83 struct ieee80211_node_table *nt, const char *name,
84 int inact, int keymaxix);
85static void ieee80211_node_table_reset(struct ieee80211_node_table *,
86 struct ieee80211vap *);
87static void ieee80211_node_reclaim(struct ieee80211_node *);
88static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt);
89static void ieee80211_erp_timeout(struct ieee80211com *);
90
91MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state");
92MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie");
93
94void
95ieee80211_node_attach(struct ieee80211com *ic)
96{
97 ieee80211_node_table_init(ic, &ic->ic_sta, "station",
98 IEEE80211_INACT_INIT, ic->ic_max_keyix);
99 callout_init(&ic->ic_inact, CALLOUT_MPSAFE);
100 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz,
101 ieee80211_node_timeout, ic);
102
103 ic->ic_node_alloc = node_alloc;
104 ic->ic_node_free = node_free;
105 ic->ic_node_cleanup = node_cleanup;
106 ic->ic_node_age = node_age;
107 ic->ic_node_drain = node_age; /* NB: same as age */
108 ic->ic_node_getrssi = node_getrssi;
109 ic->ic_node_getsignal = node_getsignal;
110 ic->ic_node_getmimoinfo = node_getmimoinfo;
111
112 /*
113 * Set flags to be propagated to all vap's;
114 * these define default behaviour/configuration.
115 */
116 ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */
117}
118
119void
120ieee80211_node_detach(struct ieee80211com *ic)
121{
122
123 callout_drain(&ic->ic_inact);
124 ieee80211_node_table_cleanup(&ic->ic_sta);
125}
126
127void
128ieee80211_node_vattach(struct ieee80211vap *vap)
129{
130 /* NB: driver can override */
131 vap->iv_max_aid = IEEE80211_AID_DEF;
132
133 /* default station inactivity timer setings */
134 vap->iv_inact_init = IEEE80211_INACT_INIT;
135 vap->iv_inact_auth = IEEE80211_INACT_AUTH;
136 vap->iv_inact_run = IEEE80211_INACT_RUN;
137 vap->iv_inact_probe = IEEE80211_INACT_PROBE;
138}
139
140void
141ieee80211_node_latevattach(struct ieee80211vap *vap)
142{
143 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
144 /* XXX should we allow max aid to be zero? */
145 if (vap->iv_max_aid < IEEE80211_AID_MIN) {
146 vap->iv_max_aid = IEEE80211_AID_MIN;
147 if_printf(vap->iv_ifp,
148 "WARNING: max aid too small, changed to %d\n",
149 vap->iv_max_aid);
150 }
|
151 vap->iv_aid_bitmap = malloc( howmany(vap->iv_max_aid, 32) * sizeof(uint32_t),
| 151 MALLOC(vap->iv_aid_bitmap, uint32_t *,
152 howmany(vap->iv_max_aid, 32) * sizeof(uint32_t),
|
152 M_80211_NODE, M_NOWAIT | M_ZERO);
153 if (vap->iv_aid_bitmap == NULL) {
154 /* XXX no way to recover */
155 printf("%s: no memory for AID bitmap, max aid %d!\n",
156 __func__, vap->iv_max_aid);
157 vap->iv_max_aid = 0;
158 }
159 }
160
161 ieee80211_reset_bss(vap);
162
163 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode);
164}
165
166void
167ieee80211_node_vdetach(struct ieee80211vap *vap)
168{
169 struct ieee80211com *ic = vap->iv_ic;
170
171 ieee80211_node_table_reset(&ic->ic_sta, vap);
172 if (vap->iv_bss != NULL) {
173 ieee80211_free_node(vap->iv_bss);
174 vap->iv_bss = NULL;
175 }
176 if (vap->iv_aid_bitmap != NULL) {
| 153 M_80211_NODE, M_NOWAIT | M_ZERO);
154 if (vap->iv_aid_bitmap == NULL) {
155 /* XXX no way to recover */
156 printf("%s: no memory for AID bitmap, max aid %d!\n",
157 __func__, vap->iv_max_aid);
158 vap->iv_max_aid = 0;
159 }
160 }
161
162 ieee80211_reset_bss(vap);
163
164 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode);
165}
166
167void
168ieee80211_node_vdetach(struct ieee80211vap *vap)
169{
170 struct ieee80211com *ic = vap->iv_ic;
171
172 ieee80211_node_table_reset(&ic->ic_sta, vap);
173 if (vap->iv_bss != NULL) {
174 ieee80211_free_node(vap->iv_bss);
175 vap->iv_bss = NULL;
176 }
177 if (vap->iv_aid_bitmap != NULL) {
|
177 free(vap->iv_aid_bitmap, M_80211_NODE);
| 178 FREE(vap->iv_aid_bitmap, M_80211_NODE);
|
178 vap->iv_aid_bitmap = NULL;
179 }
180}
181
182/*
183 * Port authorize/unauthorize interfaces for use by an authenticator.
184 */
185
186void
187ieee80211_node_authorize(struct ieee80211_node *ni)
188{
189 ni->ni_flags |= IEEE80211_NODE_AUTH;
190 ni->ni_inact_reload = ni->ni_vap->iv_inact_run;
191 ni->ni_inact = ni->ni_inact_reload;
192}
193
194void
195ieee80211_node_unauthorize(struct ieee80211_node *ni)
196{
197 ni->ni_flags &= ~IEEE80211_NODE_AUTH;
198 ni->ni_inact_reload = ni->ni_vap->iv_inact_auth;
199 if (ni->ni_inact > ni->ni_inact_reload)
200 ni->ni_inact = ni->ni_inact_reload;
201}
202
203/*
204 * Fix tx parameters for a node according to ``association state''.
205 */
206static void
207node_setuptxparms(struct ieee80211_node *ni)
208{
209 struct ieee80211vap *vap = ni->ni_vap;
210
211 if (ni->ni_flags & IEEE80211_NODE_HT) {
212 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
213 ni->ni_txparms = &vap->iv_txparms[IEEE80211_MODE_11NA];
214 else
215 ni->ni_txparms = &vap->iv_txparms[IEEE80211_MODE_11NG];
216 } else { /* legacy rate handling */
217 if (IEEE80211_IS_CHAN_A(ni->ni_chan))
218 ni->ni_txparms = &vap->iv_txparms[IEEE80211_MODE_11A];
219 else if (ni->ni_flags & IEEE80211_NODE_ERP)
220 ni->ni_txparms = &vap->iv_txparms[IEEE80211_MODE_11G];
221 else
222 ni->ni_txparms = &vap->iv_txparms[IEEE80211_MODE_11B];
223 }
224}
225
226/*
227 * Set/change the channel. The rate set is also updated as
228 * to insure a consistent view by drivers.
229 * XXX should be private but hostap needs it to deal with CSA
230 */
231void
232ieee80211_node_set_chan(struct ieee80211_node *ni,
233 struct ieee80211_channel *chan)
234{
235 struct ieee80211com *ic = ni->ni_ic;
236 struct ieee80211vap *vap = ni->ni_vap;
237 enum ieee80211_phymode mode;
238
239 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel"));
240
241 ni->ni_chan = chan;
242 mode = ieee80211_chan2mode(chan);
243 if (IEEE80211_IS_CHAN_HT(chan)) {
244 /*
245 * XXX Gotta be careful here; the rate set returned by
246 * ieee80211_get_suprates is actually any HT rate
247 * set so blindly copying it will be bad. We must
248 * install the legacy rate est in ni_rates and the
249 * HT rate set in ni_htrates.
250 */
251 ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan);
252 /*
253 * Setup bss tx parameters based on operating mode. We
254 * use legacy rates when operating in a mixed HT+non-HT bss
255 * and non-ERP rates in 11g for mixed ERP+non-ERP bss.
256 */
257 if (mode == IEEE80211_MODE_11NA &&
258 (vap->iv_flags_ext & IEEE80211_FEXT_PUREN) == 0)
259 mode = IEEE80211_MODE_11A;
260 else if (mode == IEEE80211_MODE_11NG &&
261 (vap->iv_flags_ext & IEEE80211_FEXT_PUREN) == 0)
262 mode = IEEE80211_MODE_11G;
263 if (mode == IEEE80211_MODE_11G &&
264 (vap->iv_flags & IEEE80211_F_PUREG) == 0)
265 mode = IEEE80211_MODE_11B;
266 }
267 ni->ni_txparms = &vap->iv_txparms[mode];
268 ni->ni_rates = *ieee80211_get_suprates(ic, chan);
269}
270
271static __inline void
272copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss)
273{
274 /* propagate useful state */
275 nbss->ni_authmode = obss->ni_authmode;
276 nbss->ni_txpower = obss->ni_txpower;
277 nbss->ni_vlan = obss->ni_vlan;
278 /* XXX statistics? */
279 /* XXX legacy WDS bssid? */
280}
281
282void
283ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan)
284{
285 struct ieee80211com *ic = vap->iv_ic;
286 struct ieee80211_node *ni;
287
288 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
289 "%s: creating ibss on channel %u\n", __func__,
290 ieee80211_chan2ieee(ic, chan));
291
292 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr);
293 if (ni == NULL) {
294 /* XXX recovery? */
295 return;
296 }
297 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr);
298 ni->ni_esslen = vap->iv_des_ssid[0].len;
299 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen);
300 if (vap->iv_bss != NULL)
301 copy_bss(ni, vap->iv_bss);
302 ni->ni_intval = ic->ic_bintval;
303 if (vap->iv_flags & IEEE80211_F_PRIVACY)
304 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY;
305 if (ic->ic_phytype == IEEE80211_T_FH) {
306 ni->ni_fhdwell = 200; /* XXX */
307 ni->ni_fhindex = 1;
308 }
309 if (vap->iv_opmode == IEEE80211_M_IBSS) {
310 vap->iv_flags |= IEEE80211_F_SIBSS;
311 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */
312 if (vap->iv_flags & IEEE80211_F_DESBSSID)
313 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid);
314 else {
315 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN);
316 /* clear group bit, add local bit */
317 ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02;
318 }
319 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) {
320 if (vap->iv_flags & IEEE80211_F_DESBSSID)
321 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid);
322 else
323 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN);
324 }
325 /*
326 * Fix the channel and related attributes.
327 */
328 /* clear DFS CAC state on previous channel */
329 if (ic->ic_bsschan != IEEE80211_CHAN_ANYC &&
330 ic->ic_bsschan->ic_freq != chan->ic_freq &&
331 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan))
332 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan);
333 ic->ic_bsschan = chan;
334 ieee80211_node_set_chan(ni, chan);
335 ic->ic_curmode = ieee80211_chan2mode(chan);
336 /*
337 * Do mode-specific setup.
338 */
339 if (IEEE80211_IS_CHAN_FULL(chan)) {
340 if (IEEE80211_IS_CHAN_ANYG(chan)) {
341 /*
342 * Use a mixed 11b/11g basic rate set.
343 */
344 ieee80211_setbasicrates(&ni->ni_rates,
345 IEEE80211_MODE_11G);
346 if (vap->iv_flags & IEEE80211_F_PUREG) {
347 /*
348 * Also mark OFDM rates basic so 11b
349 * stations do not join (WiFi compliance).
350 */
351 ieee80211_addbasicrates(&ni->ni_rates,
352 IEEE80211_MODE_11A);
353 }
354 } else if (IEEE80211_IS_CHAN_B(chan)) {
355 /*
356 * Force pure 11b rate set.
357 */
358 ieee80211_setbasicrates(&ni->ni_rates,
359 IEEE80211_MODE_11B);
360 }
361 }
362
363 (void) ieee80211_sta_join1(ieee80211_ref_node(ni));
364}
365
366/*
367 * Reset bss state on transition to the INIT state.
368 * Clear any stations from the table (they have been
369 * deauth'd) and reset the bss node (clears key, rate
370 * etc. state).
371 */
372void
373ieee80211_reset_bss(struct ieee80211vap *vap)
374{
375 struct ieee80211com *ic = vap->iv_ic;
376 struct ieee80211_node *ni, *obss;
377
378 ieee80211_node_table_reset(&ic->ic_sta, vap);
379 /* XXX multi-bss: wrong */
380 ieee80211_reset_erp(ic);
381
382 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr);
383 KASSERT(ni != NULL, ("unable to setup inital BSS node"));
384 obss = vap->iv_bss;
385 vap->iv_bss = ieee80211_ref_node(ni);
386 if (obss != NULL) {
387 copy_bss(ni, obss);
388 ni->ni_intval = ic->ic_bintval;
389 ieee80211_free_node(obss);
390 } else
391 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr);
392}
393
394static int
395match_ssid(const struct ieee80211_node *ni,
396 int nssid, const struct ieee80211_scan_ssid ssids[])
397{
398 int i;
399
400 for (i = 0; i < nssid; i++) {
401 if (ni->ni_esslen == ssids[i].len &&
402 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0)
403 return 1;
404 }
405 return 0;
406}
407
408/*
409 * Test a node for suitability/compatibility.
410 */
411static int
412check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni)
413{
414 struct ieee80211com *ic = ni->ni_ic;
415 uint8_t rate;
416
417 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan)))
418 return 0;
419 if (vap->iv_opmode == IEEE80211_M_IBSS) {
420 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
421 return 0;
422 } else {
423 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0)
424 return 0;
425 }
426 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
427 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
428 return 0;
429 } else {
430 /* XXX does this mean privacy is supported or required? */
431 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)
432 return 0;
433 }
434 rate = ieee80211_fix_rate(ni, &ni->ni_rates,
435 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE);
436 if (rate & IEEE80211_RATE_BASIC)
437 return 0;
438 if (vap->iv_des_nssid != 0 &&
439 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid))
440 return 0;
441 if ((vap->iv_flags & IEEE80211_F_DESBSSID) &&
442 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid))
443 return 0;
444 return 1;
445}
446
447#ifdef IEEE80211_DEBUG
448/*
449 * Display node suitability/compatibility.
450 */
451static void
452check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni)
453{
454 struct ieee80211com *ic = ni->ni_ic;
455 uint8_t rate;
456 int fail;
457
458 fail = 0;
459 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan)))
460 fail |= 0x01;
461 if (vap->iv_opmode == IEEE80211_M_IBSS) {
462 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
463 fail |= 0x02;
464 } else {
465 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0)
466 fail |= 0x02;
467 }
468 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
469 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
470 fail |= 0x04;
471 } else {
472 /* XXX does this mean privacy is supported or required? */
473 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)
474 fail |= 0x04;
475 }
476 rate = ieee80211_fix_rate(ni, &ni->ni_rates,
477 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE);
478 if (rate & IEEE80211_RATE_BASIC)
479 fail |= 0x08;
480 if (vap->iv_des_nssid != 0 &&
481 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid))
482 fail |= 0x10;
483 if ((vap->iv_flags & IEEE80211_F_DESBSSID) &&
484 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid))
485 fail |= 0x20;
486
487 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr));
488 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' ');
489 printf(" %3d%c",
490 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' ');
491 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2,
492 fail & 0x08 ? '!' : ' ');
493 printf(" %4s%c",
494 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" :
495 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" :
496 "????",
497 fail & 0x02 ? '!' : ' ');
498 printf(" %3s%c ",
499 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no",
500 fail & 0x04 ? '!' : ' ');
501 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen);
502 printf("%s\n", fail & 0x10 ? "!" : "");
503}
504#endif /* IEEE80211_DEBUG */
505
506/*
507 * Handle 802.11 ad hoc network merge. The
508 * convention, set by the Wireless Ethernet Compatibility Alliance
509 * (WECA), is that an 802.11 station will change its BSSID to match
510 * the "oldest" 802.11 ad hoc network, on the same channel, that
511 * has the station's desired SSID. The "oldest" 802.11 network
512 * sends beacons with the greatest TSF timestamp.
513 *
514 * The caller is assumed to validate TSF's before attempting a merge.
515 *
516 * Return !0 if the BSSID changed, 0 otherwise.
517 */
518int
519ieee80211_ibss_merge(struct ieee80211_node *ni)
520{
521 struct ieee80211vap *vap = ni->ni_vap;
522#ifdef IEEE80211_DEBUG
523 struct ieee80211com *ic = ni->ni_ic;
524#endif
525
526 if (ni == vap->iv_bss ||
527 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) {
528 /* unchanged, nothing to do */
529 return 0;
530 }
531 if (!check_bss(vap, ni)) {
532 /* capabilities mismatch */
533 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
534 "%s: merge failed, capabilities mismatch\n", __func__);
535#ifdef IEEE80211_DEBUG
536 if (ieee80211_msg_assoc(vap))
537 check_bss_debug(vap, ni);
538#endif
539 vap->iv_stats.is_ibss_capmismatch++;
540 return 0;
541 }
542 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
543 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__,
544 ether_sprintf(ni->ni_bssid),
545 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long",
546 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long",
547 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : ""
548 );
549 return ieee80211_sta_join1(ieee80211_ref_node(ni));
550}
551
552/*
553 * Calculate HT channel promotion flags for all vaps.
554 * This assumes ni_chan have been setup for each vap.
555 */
556static int
557gethtadjustflags(struct ieee80211com *ic)
558{
559 struct ieee80211vap *vap;
560 int flags;
561
562 flags = 0;
563 /* XXX locking */
564 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
565 if (vap->iv_state < IEEE80211_S_RUN)
566 continue;
567 switch (vap->iv_opmode) {
568 case IEEE80211_M_WDS:
569 case IEEE80211_M_STA:
570 case IEEE80211_M_AHDEMO:
571 case IEEE80211_M_HOSTAP:
572 case IEEE80211_M_IBSS:
573 flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan);
574 break;
575 default:
576 break;
577 }
578 }
579 return flags;
580}
581
582/*
583 * Check if the current channel needs to change based on whether
584 * any vap's are using HT20/HT40. This is used sync the state of
585 * ic_curchan after a channel width change on a running vap.
586 */
587void
588ieee80211_sync_curchan(struct ieee80211com *ic)
589{
590 struct ieee80211_channel *c;
591
592 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic));
593 if (c != ic->ic_curchan) {
594 ic->ic_curchan = c;
595 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan);
596 ic->ic_set_channel(ic);
597 }
598}
599
600/*
601 * Change the current channel. The request channel may be
602 * promoted if other vap's are operating with HT20/HT40.
603 */
604void
605ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c)
606{
607 if (ic->ic_htcaps & IEEE80211_HTC_HT) {
608 int flags = gethtadjustflags(ic);
609 /*
610 * Check for channel promotion required to support the
611 * set of running vap's. This assumes we are called
612 * after ni_chan is setup for each vap.
613 */
614 /* NB: this assumes IEEE80211_FEXT_USEHT40 > IEEE80211_FEXT_HT */
615 if (flags > ieee80211_htchanflags(c))
616 c = ieee80211_ht_adjust_channel(ic, c, flags);
617 }
618 ic->ic_bsschan = ic->ic_curchan = c;
619 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan);
620 ic->ic_set_channel(ic);
621}
622
623/*
624 * Join the specified IBSS/BSS network. The node is assumed to
625 * be passed in with a held reference.
626 */
627static int
628ieee80211_sta_join1(struct ieee80211_node *selbs)
629{
630 struct ieee80211vap *vap = selbs->ni_vap;
631 struct ieee80211com *ic = selbs->ni_ic;
632 struct ieee80211_node *obss;
633 int canreassoc;
634
635 /*
636 * Committed to selbs, setup state.
637 */
638 obss = vap->iv_bss;
639 /*
640 * Check if old+new node have the same address in which
641 * case we can reassociate when operating in sta mode.
642 */
643 canreassoc = (obss != NULL &&
644 vap->iv_state == IEEE80211_S_RUN &&
645 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr));
646 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt */
647 if (obss != NULL) {
648 copy_bss(selbs, obss);
649 ieee80211_node_reclaim(obss);
650 obss = NULL; /* NB: guard against later use */
651 }
652
653 /*
654 * Delete unusable rates; we've already checked
655 * that the negotiated rate set is acceptable.
656 */
657 ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates,
658 IEEE80211_F_DODEL | IEEE80211_F_JOIN);
659
660 ieee80211_setcurchan(ic, selbs->ni_chan);
661 /*
662 * Set the erp state (mostly the slot time) to deal with
663 * the auto-select case; this should be redundant if the
664 * mode is locked.
665 */
666 ieee80211_reset_erp(ic);
667 ieee80211_wme_initparams(vap);
668
669 if (vap->iv_opmode == IEEE80211_M_STA) {
670 if (canreassoc) {
671 /* Reassociate */
672 ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1);
673 } else {
674 /*
675 * Act as if we received a DEAUTH frame in case we
676 * are invoked from the RUN state. This will cause
677 * us to try to re-authenticate if we are operating
678 * as a station.
679 */
680 ieee80211_new_state(vap, IEEE80211_S_AUTH,
681 IEEE80211_FC0_SUBTYPE_DEAUTH);
682 }
683 } else
684 ieee80211_new_state(vap, IEEE80211_S_RUN, -1);
685 return 1;
686}
687
688int
689ieee80211_sta_join(struct ieee80211vap *vap,
690 const struct ieee80211_scan_entry *se)
691{
692 struct ieee80211com *ic = vap->iv_ic;
693 struct ieee80211_node *ni;
694
695 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr);
696 if (ni == NULL) {
697 /* XXX msg */
698 return 0;
699 }
700 /*
701 * Expand scan state into node's format.
702 * XXX may not need all this stuff
703 */
704 IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid);
705 ni->ni_esslen = se->se_ssid[1];
706 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen);
707 ni->ni_rstamp = se->se_rstamp;
708 ni->ni_tstamp.tsf = se->se_tstamp.tsf;
709 ni->ni_intval = se->se_intval;
710 ni->ni_capinfo = se->se_capinfo;
711 ni->ni_chan = se->se_chan;
712 ni->ni_timoff = se->se_timoff;
713 ni->ni_fhdwell = se->se_fhdwell;
714 ni->ni_fhindex = se->se_fhindex;
715 ni->ni_erp = se->se_erp;
716 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi);
717 ni->ni_noise = se->se_noise;
718
719 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) {
720 ieee80211_ies_expand(&ni->ni_ies);
721 if (ni->ni_ies.ath_ie != NULL)
722 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie);
723 if (ni->ni_ies.htcap_ie != NULL)
724 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie);
725 if (ni->ni_ies.htinfo_ie != NULL)
726 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie);
727 }
728
729 vap->iv_dtim_period = se->se_dtimperiod;
730 vap->iv_dtim_count = 0;
731
732 /* NB: must be after ni_chan is setup */
733 ieee80211_setup_rates(ni, se->se_rates, se->se_xrates,
734 IEEE80211_F_DOSORT);
735
736 return ieee80211_sta_join1(ieee80211_ref_node(ni));
737}
738
739/*
740 * Leave the specified IBSS/BSS network. The node is assumed to
741 * be passed in with a held reference.
742 */
743void
744ieee80211_sta_leave(struct ieee80211_node *ni)
745{
746 struct ieee80211com *ic = ni->ni_ic;
747
748 ic->ic_node_cleanup(ni);
749 ieee80211_notify_node_leave(ni);
750}
751
752/*
753 * Send a deauthenticate frame and drop the station.
754 */
755void
756ieee80211_node_deauth(struct ieee80211_node *ni, int reason)
757{
758 /* NB: bump the refcnt to be sure temporay nodes are not reclaimed */
759 ieee80211_ref_node(ni);
760 if (ni->ni_associd != 0)
761 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason);
762 ieee80211_node_leave(ni);
763 ieee80211_free_node(ni);
764}
765
766static struct ieee80211_node *
767node_alloc(struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN])
768{
769 struct ieee80211_node *ni;
770
| 179 vap->iv_aid_bitmap = NULL;
180 }
181}
182
183/*
184 * Port authorize/unauthorize interfaces for use by an authenticator.
185 */
186
187void
188ieee80211_node_authorize(struct ieee80211_node *ni)
189{
190 ni->ni_flags |= IEEE80211_NODE_AUTH;
191 ni->ni_inact_reload = ni->ni_vap->iv_inact_run;
192 ni->ni_inact = ni->ni_inact_reload;
193}
194
195void
196ieee80211_node_unauthorize(struct ieee80211_node *ni)
197{
198 ni->ni_flags &= ~IEEE80211_NODE_AUTH;
199 ni->ni_inact_reload = ni->ni_vap->iv_inact_auth;
200 if (ni->ni_inact > ni->ni_inact_reload)
201 ni->ni_inact = ni->ni_inact_reload;
202}
203
204/*
205 * Fix tx parameters for a node according to ``association state''.
206 */
207static void
208node_setuptxparms(struct ieee80211_node *ni)
209{
210 struct ieee80211vap *vap = ni->ni_vap;
211
212 if (ni->ni_flags & IEEE80211_NODE_HT) {
213 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
214 ni->ni_txparms = &vap->iv_txparms[IEEE80211_MODE_11NA];
215 else
216 ni->ni_txparms = &vap->iv_txparms[IEEE80211_MODE_11NG];
217 } else { /* legacy rate handling */
218 if (IEEE80211_IS_CHAN_A(ni->ni_chan))
219 ni->ni_txparms = &vap->iv_txparms[IEEE80211_MODE_11A];
220 else if (ni->ni_flags & IEEE80211_NODE_ERP)
221 ni->ni_txparms = &vap->iv_txparms[IEEE80211_MODE_11G];
222 else
223 ni->ni_txparms = &vap->iv_txparms[IEEE80211_MODE_11B];
224 }
225}
226
227/*
228 * Set/change the channel. The rate set is also updated as
229 * to insure a consistent view by drivers.
230 * XXX should be private but hostap needs it to deal with CSA
231 */
232void
233ieee80211_node_set_chan(struct ieee80211_node *ni,
234 struct ieee80211_channel *chan)
235{
236 struct ieee80211com *ic = ni->ni_ic;
237 struct ieee80211vap *vap = ni->ni_vap;
238 enum ieee80211_phymode mode;
239
240 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel"));
241
242 ni->ni_chan = chan;
243 mode = ieee80211_chan2mode(chan);
244 if (IEEE80211_IS_CHAN_HT(chan)) {
245 /*
246 * XXX Gotta be careful here; the rate set returned by
247 * ieee80211_get_suprates is actually any HT rate
248 * set so blindly copying it will be bad. We must
249 * install the legacy rate est in ni_rates and the
250 * HT rate set in ni_htrates.
251 */
252 ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan);
253 /*
254 * Setup bss tx parameters based on operating mode. We
255 * use legacy rates when operating in a mixed HT+non-HT bss
256 * and non-ERP rates in 11g for mixed ERP+non-ERP bss.
257 */
258 if (mode == IEEE80211_MODE_11NA &&
259 (vap->iv_flags_ext & IEEE80211_FEXT_PUREN) == 0)
260 mode = IEEE80211_MODE_11A;
261 else if (mode == IEEE80211_MODE_11NG &&
262 (vap->iv_flags_ext & IEEE80211_FEXT_PUREN) == 0)
263 mode = IEEE80211_MODE_11G;
264 if (mode == IEEE80211_MODE_11G &&
265 (vap->iv_flags & IEEE80211_F_PUREG) == 0)
266 mode = IEEE80211_MODE_11B;
267 }
268 ni->ni_txparms = &vap->iv_txparms[mode];
269 ni->ni_rates = *ieee80211_get_suprates(ic, chan);
270}
271
272static __inline void
273copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss)
274{
275 /* propagate useful state */
276 nbss->ni_authmode = obss->ni_authmode;
277 nbss->ni_txpower = obss->ni_txpower;
278 nbss->ni_vlan = obss->ni_vlan;
279 /* XXX statistics? */
280 /* XXX legacy WDS bssid? */
281}
282
283void
284ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan)
285{
286 struct ieee80211com *ic = vap->iv_ic;
287 struct ieee80211_node *ni;
288
289 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
290 "%s: creating ibss on channel %u\n", __func__,
291 ieee80211_chan2ieee(ic, chan));
292
293 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr);
294 if (ni == NULL) {
295 /* XXX recovery? */
296 return;
297 }
298 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr);
299 ni->ni_esslen = vap->iv_des_ssid[0].len;
300 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen);
301 if (vap->iv_bss != NULL)
302 copy_bss(ni, vap->iv_bss);
303 ni->ni_intval = ic->ic_bintval;
304 if (vap->iv_flags & IEEE80211_F_PRIVACY)
305 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY;
306 if (ic->ic_phytype == IEEE80211_T_FH) {
307 ni->ni_fhdwell = 200; /* XXX */
308 ni->ni_fhindex = 1;
309 }
310 if (vap->iv_opmode == IEEE80211_M_IBSS) {
311 vap->iv_flags |= IEEE80211_F_SIBSS;
312 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */
313 if (vap->iv_flags & IEEE80211_F_DESBSSID)
314 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid);
315 else {
316 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN);
317 /* clear group bit, add local bit */
318 ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02;
319 }
320 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) {
321 if (vap->iv_flags & IEEE80211_F_DESBSSID)
322 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid);
323 else
324 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN);
325 }
326 /*
327 * Fix the channel and related attributes.
328 */
329 /* clear DFS CAC state on previous channel */
330 if (ic->ic_bsschan != IEEE80211_CHAN_ANYC &&
331 ic->ic_bsschan->ic_freq != chan->ic_freq &&
332 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan))
333 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan);
334 ic->ic_bsschan = chan;
335 ieee80211_node_set_chan(ni, chan);
336 ic->ic_curmode = ieee80211_chan2mode(chan);
337 /*
338 * Do mode-specific setup.
339 */
340 if (IEEE80211_IS_CHAN_FULL(chan)) {
341 if (IEEE80211_IS_CHAN_ANYG(chan)) {
342 /*
343 * Use a mixed 11b/11g basic rate set.
344 */
345 ieee80211_setbasicrates(&ni->ni_rates,
346 IEEE80211_MODE_11G);
347 if (vap->iv_flags & IEEE80211_F_PUREG) {
348 /*
349 * Also mark OFDM rates basic so 11b
350 * stations do not join (WiFi compliance).
351 */
352 ieee80211_addbasicrates(&ni->ni_rates,
353 IEEE80211_MODE_11A);
354 }
355 } else if (IEEE80211_IS_CHAN_B(chan)) {
356 /*
357 * Force pure 11b rate set.
358 */
359 ieee80211_setbasicrates(&ni->ni_rates,
360 IEEE80211_MODE_11B);
361 }
362 }
363
364 (void) ieee80211_sta_join1(ieee80211_ref_node(ni));
365}
366
367/*
368 * Reset bss state on transition to the INIT state.
369 * Clear any stations from the table (they have been
370 * deauth'd) and reset the bss node (clears key, rate
371 * etc. state).
372 */
373void
374ieee80211_reset_bss(struct ieee80211vap *vap)
375{
376 struct ieee80211com *ic = vap->iv_ic;
377 struct ieee80211_node *ni, *obss;
378
379 ieee80211_node_table_reset(&ic->ic_sta, vap);
380 /* XXX multi-bss: wrong */
381 ieee80211_reset_erp(ic);
382
383 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr);
384 KASSERT(ni != NULL, ("unable to setup inital BSS node"));
385 obss = vap->iv_bss;
386 vap->iv_bss = ieee80211_ref_node(ni);
387 if (obss != NULL) {
388 copy_bss(ni, obss);
389 ni->ni_intval = ic->ic_bintval;
390 ieee80211_free_node(obss);
391 } else
392 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr);
393}
394
395static int
396match_ssid(const struct ieee80211_node *ni,
397 int nssid, const struct ieee80211_scan_ssid ssids[])
398{
399 int i;
400
401 for (i = 0; i < nssid; i++) {
402 if (ni->ni_esslen == ssids[i].len &&
403 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0)
404 return 1;
405 }
406 return 0;
407}
408
409/*
410 * Test a node for suitability/compatibility.
411 */
412static int
413check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni)
414{
415 struct ieee80211com *ic = ni->ni_ic;
416 uint8_t rate;
417
418 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan)))
419 return 0;
420 if (vap->iv_opmode == IEEE80211_M_IBSS) {
421 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
422 return 0;
423 } else {
424 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0)
425 return 0;
426 }
427 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
428 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
429 return 0;
430 } else {
431 /* XXX does this mean privacy is supported or required? */
432 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)
433 return 0;
434 }
435 rate = ieee80211_fix_rate(ni, &ni->ni_rates,
436 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE);
437 if (rate & IEEE80211_RATE_BASIC)
438 return 0;
439 if (vap->iv_des_nssid != 0 &&
440 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid))
441 return 0;
442 if ((vap->iv_flags & IEEE80211_F_DESBSSID) &&
443 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid))
444 return 0;
445 return 1;
446}
447
448#ifdef IEEE80211_DEBUG
449/*
450 * Display node suitability/compatibility.
451 */
452static void
453check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni)
454{
455 struct ieee80211com *ic = ni->ni_ic;
456 uint8_t rate;
457 int fail;
458
459 fail = 0;
460 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan)))
461 fail |= 0x01;
462 if (vap->iv_opmode == IEEE80211_M_IBSS) {
463 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
464 fail |= 0x02;
465 } else {
466 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0)
467 fail |= 0x02;
468 }
469 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
470 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
471 fail |= 0x04;
472 } else {
473 /* XXX does this mean privacy is supported or required? */
474 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)
475 fail |= 0x04;
476 }
477 rate = ieee80211_fix_rate(ni, &ni->ni_rates,
478 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE);
479 if (rate & IEEE80211_RATE_BASIC)
480 fail |= 0x08;
481 if (vap->iv_des_nssid != 0 &&
482 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid))
483 fail |= 0x10;
484 if ((vap->iv_flags & IEEE80211_F_DESBSSID) &&
485 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid))
486 fail |= 0x20;
487
488 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr));
489 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' ');
490 printf(" %3d%c",
491 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' ');
492 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2,
493 fail & 0x08 ? '!' : ' ');
494 printf(" %4s%c",
495 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" :
496 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" :
497 "????",
498 fail & 0x02 ? '!' : ' ');
499 printf(" %3s%c ",
500 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no",
501 fail & 0x04 ? '!' : ' ');
502 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen);
503 printf("%s\n", fail & 0x10 ? "!" : "");
504}
505#endif /* IEEE80211_DEBUG */
506
507/*
508 * Handle 802.11 ad hoc network merge. The
509 * convention, set by the Wireless Ethernet Compatibility Alliance
510 * (WECA), is that an 802.11 station will change its BSSID to match
511 * the "oldest" 802.11 ad hoc network, on the same channel, that
512 * has the station's desired SSID. The "oldest" 802.11 network
513 * sends beacons with the greatest TSF timestamp.
514 *
515 * The caller is assumed to validate TSF's before attempting a merge.
516 *
517 * Return !0 if the BSSID changed, 0 otherwise.
518 */
519int
520ieee80211_ibss_merge(struct ieee80211_node *ni)
521{
522 struct ieee80211vap *vap = ni->ni_vap;
523#ifdef IEEE80211_DEBUG
524 struct ieee80211com *ic = ni->ni_ic;
525#endif
526
527 if (ni == vap->iv_bss ||
528 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) {
529 /* unchanged, nothing to do */
530 return 0;
531 }
532 if (!check_bss(vap, ni)) {
533 /* capabilities mismatch */
534 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
535 "%s: merge failed, capabilities mismatch\n", __func__);
536#ifdef IEEE80211_DEBUG
537 if (ieee80211_msg_assoc(vap))
538 check_bss_debug(vap, ni);
539#endif
540 vap->iv_stats.is_ibss_capmismatch++;
541 return 0;
542 }
543 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
544 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__,
545 ether_sprintf(ni->ni_bssid),
546 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long",
547 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long",
548 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : ""
549 );
550 return ieee80211_sta_join1(ieee80211_ref_node(ni));
551}
552
553/*
554 * Calculate HT channel promotion flags for all vaps.
555 * This assumes ni_chan have been setup for each vap.
556 */
557static int
558gethtadjustflags(struct ieee80211com *ic)
559{
560 struct ieee80211vap *vap;
561 int flags;
562
563 flags = 0;
564 /* XXX locking */
565 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
566 if (vap->iv_state < IEEE80211_S_RUN)
567 continue;
568 switch (vap->iv_opmode) {
569 case IEEE80211_M_WDS:
570 case IEEE80211_M_STA:
571 case IEEE80211_M_AHDEMO:
572 case IEEE80211_M_HOSTAP:
573 case IEEE80211_M_IBSS:
574 flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan);
575 break;
576 default:
577 break;
578 }
579 }
580 return flags;
581}
582
583/*
584 * Check if the current channel needs to change based on whether
585 * any vap's are using HT20/HT40. This is used sync the state of
586 * ic_curchan after a channel width change on a running vap.
587 */
588void
589ieee80211_sync_curchan(struct ieee80211com *ic)
590{
591 struct ieee80211_channel *c;
592
593 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic));
594 if (c != ic->ic_curchan) {
595 ic->ic_curchan = c;
596 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan);
597 ic->ic_set_channel(ic);
598 }
599}
600
601/*
602 * Change the current channel. The request channel may be
603 * promoted if other vap's are operating with HT20/HT40.
604 */
605void
606ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c)
607{
608 if (ic->ic_htcaps & IEEE80211_HTC_HT) {
609 int flags = gethtadjustflags(ic);
610 /*
611 * Check for channel promotion required to support the
612 * set of running vap's. This assumes we are called
613 * after ni_chan is setup for each vap.
614 */
615 /* NB: this assumes IEEE80211_FEXT_USEHT40 > IEEE80211_FEXT_HT */
616 if (flags > ieee80211_htchanflags(c))
617 c = ieee80211_ht_adjust_channel(ic, c, flags);
618 }
619 ic->ic_bsschan = ic->ic_curchan = c;
620 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan);
621 ic->ic_set_channel(ic);
622}
623
624/*
625 * Join the specified IBSS/BSS network. The node is assumed to
626 * be passed in with a held reference.
627 */
628static int
629ieee80211_sta_join1(struct ieee80211_node *selbs)
630{
631 struct ieee80211vap *vap = selbs->ni_vap;
632 struct ieee80211com *ic = selbs->ni_ic;
633 struct ieee80211_node *obss;
634 int canreassoc;
635
636 /*
637 * Committed to selbs, setup state.
638 */
639 obss = vap->iv_bss;
640 /*
641 * Check if old+new node have the same address in which
642 * case we can reassociate when operating in sta mode.
643 */
644 canreassoc = (obss != NULL &&
645 vap->iv_state == IEEE80211_S_RUN &&
646 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr));
647 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt */
648 if (obss != NULL) {
649 copy_bss(selbs, obss);
650 ieee80211_node_reclaim(obss);
651 obss = NULL; /* NB: guard against later use */
652 }
653
654 /*
655 * Delete unusable rates; we've already checked
656 * that the negotiated rate set is acceptable.
657 */
658 ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates,
659 IEEE80211_F_DODEL | IEEE80211_F_JOIN);
660
661 ieee80211_setcurchan(ic, selbs->ni_chan);
662 /*
663 * Set the erp state (mostly the slot time) to deal with
664 * the auto-select case; this should be redundant if the
665 * mode is locked.
666 */
667 ieee80211_reset_erp(ic);
668 ieee80211_wme_initparams(vap);
669
670 if (vap->iv_opmode == IEEE80211_M_STA) {
671 if (canreassoc) {
672 /* Reassociate */
673 ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1);
674 } else {
675 /*
676 * Act as if we received a DEAUTH frame in case we
677 * are invoked from the RUN state. This will cause
678 * us to try to re-authenticate if we are operating
679 * as a station.
680 */
681 ieee80211_new_state(vap, IEEE80211_S_AUTH,
682 IEEE80211_FC0_SUBTYPE_DEAUTH);
683 }
684 } else
685 ieee80211_new_state(vap, IEEE80211_S_RUN, -1);
686 return 1;
687}
688
689int
690ieee80211_sta_join(struct ieee80211vap *vap,
691 const struct ieee80211_scan_entry *se)
692{
693 struct ieee80211com *ic = vap->iv_ic;
694 struct ieee80211_node *ni;
695
696 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr);
697 if (ni == NULL) {
698 /* XXX msg */
699 return 0;
700 }
701 /*
702 * Expand scan state into node's format.
703 * XXX may not need all this stuff
704 */
705 IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid);
706 ni->ni_esslen = se->se_ssid[1];
707 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen);
708 ni->ni_rstamp = se->se_rstamp;
709 ni->ni_tstamp.tsf = se->se_tstamp.tsf;
710 ni->ni_intval = se->se_intval;
711 ni->ni_capinfo = se->se_capinfo;
712 ni->ni_chan = se->se_chan;
713 ni->ni_timoff = se->se_timoff;
714 ni->ni_fhdwell = se->se_fhdwell;
715 ni->ni_fhindex = se->se_fhindex;
716 ni->ni_erp = se->se_erp;
717 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi);
718 ni->ni_noise = se->se_noise;
719
720 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) {
721 ieee80211_ies_expand(&ni->ni_ies);
722 if (ni->ni_ies.ath_ie != NULL)
723 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie);
724 if (ni->ni_ies.htcap_ie != NULL)
725 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie);
726 if (ni->ni_ies.htinfo_ie != NULL)
727 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie);
728 }
729
730 vap->iv_dtim_period = se->se_dtimperiod;
731 vap->iv_dtim_count = 0;
732
733 /* NB: must be after ni_chan is setup */
734 ieee80211_setup_rates(ni, se->se_rates, se->se_xrates,
735 IEEE80211_F_DOSORT);
736
737 return ieee80211_sta_join1(ieee80211_ref_node(ni));
738}
739
740/*
741 * Leave the specified IBSS/BSS network. The node is assumed to
742 * be passed in with a held reference.
743 */
744void
745ieee80211_sta_leave(struct ieee80211_node *ni)
746{
747 struct ieee80211com *ic = ni->ni_ic;
748
749 ic->ic_node_cleanup(ni);
750 ieee80211_notify_node_leave(ni);
751}
752
753/*
754 * Send a deauthenticate frame and drop the station.
755 */
756void
757ieee80211_node_deauth(struct ieee80211_node *ni, int reason)
758{
759 /* NB: bump the refcnt to be sure temporay nodes are not reclaimed */
760 ieee80211_ref_node(ni);
761 if (ni->ni_associd != 0)
762 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason);
763 ieee80211_node_leave(ni);
764 ieee80211_free_node(ni);
765}
766
767static struct ieee80211_node *
768node_alloc(struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN])
769{
770 struct ieee80211_node *ni;
771
|
771 ni = malloc(sizeof(struct ieee80211_node),
| 772 MALLOC(ni, struct ieee80211_node *, sizeof(struct ieee80211_node),
|
772 M_80211_NODE, M_NOWAIT | M_ZERO);
773 return ni;
774}
775
776/*
777 * Initialize an ie blob with the specified data. If previous
778 * data exists re-use the data block. As a side effect we clear
779 * all references to specific ie's; the caller is required to
780 * recalculate them.
781 */
782int
783ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len)
784{
785 /* NB: assumes data+len are the last fields */
786 memset(ies, 0, offsetof(struct ieee80211_ies, data));
787 if (ies->data != NULL && ies->len != len) {
788 /* data size changed */
| 773 M_80211_NODE, M_NOWAIT | M_ZERO);
774 return ni;
775}
776
777/*
778 * Initialize an ie blob with the specified data. If previous
779 * data exists re-use the data block. As a side effect we clear
780 * all references to specific ie's; the caller is required to
781 * recalculate them.
782 */
783int
784ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len)
785{
786 /* NB: assumes data+len are the last fields */
787 memset(ies, 0, offsetof(struct ieee80211_ies, data));
788 if (ies->data != NULL && ies->len != len) {
789 /* data size changed */
|
789 free(ies->data, M_80211_NODE_IE);
| 790 FREE(ies->data, M_80211_NODE_IE);
|
790 ies->data = NULL;
791 }
792 if (ies->data == NULL) {
| 791 ies->data = NULL;
792 }
793 if (ies->data == NULL) {
|
793 ies->data = malloc(len, M_80211_NODE_IE, M_NOWAIT);
| 794 MALLOC(ies->data, uint8_t *, len, M_80211_NODE_IE, M_NOWAIT);
|
794 if (ies->data == NULL) {
795 ies->len = 0;
796 /* NB: pointers have already been zero'd above */
797 return 0;
798 }
799 }
800 memcpy(ies->data, data, len);
801 ies->len = len;
802 return 1;
803}
804
805/*
806 * Reclaim storage for an ie blob.
807 */
808void
809ieee80211_ies_cleanup(struct ieee80211_ies *ies)
810{
811 if (ies->data != NULL)
| 795 if (ies->data == NULL) {
796 ies->len = 0;
797 /* NB: pointers have already been zero'd above */
798 return 0;
799 }
800 }
801 memcpy(ies->data, data, len);
802 ies->len = len;
803 return 1;
804}
805
806/*
807 * Reclaim storage for an ie blob.
808 */
809void
810ieee80211_ies_cleanup(struct ieee80211_ies *ies)
811{
812 if (ies->data != NULL)
|
812 free(ies->data, M_80211_NODE_IE);
| 813 FREE(ies->data, M_80211_NODE_IE);
|
813}
814
815/*
816 * Expand an ie blob data contents and to fillin individual
817 * ie pointers. The data blob is assumed to be well-formed;
818 * we don't do any validity checking of ie lengths.
819 */
820void
821ieee80211_ies_expand(struct ieee80211_ies *ies)
822{
823 uint8_t *ie;
824 int ielen;
825
826 ie = ies->data;
827 ielen = ies->len;
828 while (ielen > 0) {
829 switch (ie[0]) {
830 case IEEE80211_ELEMID_VENDOR:
831 if (iswpaoui(ie))
832 ies->wpa_ie = ie;
833 else if (iswmeoui(ie))
834 ies->wme_ie = ie;
835 else if (isatherosoui(ie))
836 ies->ath_ie = ie;
837 break;
838 case IEEE80211_ELEMID_RSN:
839 ies->rsn_ie = ie;
840 break;
841 case IEEE80211_ELEMID_HTCAP:
842 ies->htcap_ie = ie;
843 break;
844 }
845 ielen -= 2 + ie[1];
846 ie += 2 + ie[1];
847 }
848}
849
850/*
851 * Reclaim any resources in a node and reset any critical
852 * state. Typically nodes are free'd immediately after,
853 * but in some cases the storage may be reused so we need
854 * to insure consistent state (should probably fix that).
855 */
856static void
857node_cleanup(struct ieee80211_node *ni)
858{
859#define N(a) (sizeof(a)/sizeof(a[0]))
860 struct ieee80211vap *vap = ni->ni_vap;
861 int i;
862
863 /* NB: preserve ni_table */
864 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) {
865 if (vap->iv_opmode != IEEE80211_M_STA)
866 vap->iv_ps_sta--;
867 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT;
868 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni,
869 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta);
870 }
871 /*
872 * Cleanup any HT-related state.
873 */
874 if (ni->ni_flags & IEEE80211_NODE_HT)
875 ieee80211_ht_node_cleanup(ni);
876 /*
877 * Clear AREF flag that marks the authorization refcnt bump
878 * has happened. This is probably not needed as the node
879 * should always be removed from the table so not found but
880 * do it just in case.
881 */
882 ni->ni_flags &= ~IEEE80211_NODE_AREF;
883
884 /*
885 * Drain power save queue and, if needed, clear TIM.
886 */
887 if (ieee80211_node_saveq_drain(ni) != 0 && vap->iv_set_tim != NULL)
888 vap->iv_set_tim(ni, 0);
889
890 ni->ni_associd = 0;
891 if (ni->ni_challenge != NULL) {
| 814}
815
816/*
817 * Expand an ie blob data contents and to fillin individual
818 * ie pointers. The data blob is assumed to be well-formed;
819 * we don't do any validity checking of ie lengths.
820 */
821void
822ieee80211_ies_expand(struct ieee80211_ies *ies)
823{
824 uint8_t *ie;
825 int ielen;
826
827 ie = ies->data;
828 ielen = ies->len;
829 while (ielen > 0) {
830 switch (ie[0]) {
831 case IEEE80211_ELEMID_VENDOR:
832 if (iswpaoui(ie))
833 ies->wpa_ie = ie;
834 else if (iswmeoui(ie))
835 ies->wme_ie = ie;
836 else if (isatherosoui(ie))
837 ies->ath_ie = ie;
838 break;
839 case IEEE80211_ELEMID_RSN:
840 ies->rsn_ie = ie;
841 break;
842 case IEEE80211_ELEMID_HTCAP:
843 ies->htcap_ie = ie;
844 break;
845 }
846 ielen -= 2 + ie[1];
847 ie += 2 + ie[1];
848 }
849}
850
851/*
852 * Reclaim any resources in a node and reset any critical
853 * state. Typically nodes are free'd immediately after,
854 * but in some cases the storage may be reused so we need
855 * to insure consistent state (should probably fix that).
856 */
857static void
858node_cleanup(struct ieee80211_node *ni)
859{
860#define N(a) (sizeof(a)/sizeof(a[0]))
861 struct ieee80211vap *vap = ni->ni_vap;
862 int i;
863
864 /* NB: preserve ni_table */
865 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) {
866 if (vap->iv_opmode != IEEE80211_M_STA)
867 vap->iv_ps_sta--;
868 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT;
869 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni,
870 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta);
871 }
872 /*
873 * Cleanup any HT-related state.
874 */
875 if (ni->ni_flags & IEEE80211_NODE_HT)
876 ieee80211_ht_node_cleanup(ni);
877 /*
878 * Clear AREF flag that marks the authorization refcnt bump
879 * has happened. This is probably not needed as the node
880 * should always be removed from the table so not found but
881 * do it just in case.
882 */
883 ni->ni_flags &= ~IEEE80211_NODE_AREF;
884
885 /*
886 * Drain power save queue and, if needed, clear TIM.
887 */
888 if (ieee80211_node_saveq_drain(ni) != 0 && vap->iv_set_tim != NULL)
889 vap->iv_set_tim(ni, 0);
890
891 ni->ni_associd = 0;
892 if (ni->ni_challenge != NULL) {
|
892 free(ni->ni_challenge, M_80211_NODE);
| 893 FREE(ni->ni_challenge, M_80211_NODE);
|
893 ni->ni_challenge = NULL;
894 }
895 /*
896 * Preserve SSID, WPA, and WME ie's so the bss node is
897 * reusable during a re-auth/re-assoc state transition.
898 * If we remove these data they will not be recreated
899 * because they come from a probe-response or beacon frame
900 * which cannot be expected prior to the association-response.
901 * This should not be an issue when operating in other modes
902 * as stations leaving always go through a full state transition
903 * which will rebuild this state.
904 *
905 * XXX does this leave us open to inheriting old state?
906 */
907 for (i = 0; i < N(ni->ni_rxfrag); i++)
908 if (ni->ni_rxfrag[i] != NULL) {
909 m_freem(ni->ni_rxfrag[i]);
910 ni->ni_rxfrag[i] = NULL;
911 }
912 /*
913 * Must be careful here to remove any key map entry w/o a LOR.
914 */
915 ieee80211_node_delucastkey(ni);
916#undef N
917}
918
919static void
920node_free(struct ieee80211_node *ni)
921{
922 struct ieee80211com *ic = ni->ni_ic;
923
924 ic->ic_node_cleanup(ni);
925 ieee80211_ies_cleanup(&ni->ni_ies);
926 IEEE80211_NODE_SAVEQ_DESTROY(ni);
927 IEEE80211_NODE_WDSQ_DESTROY(ni);
| 894 ni->ni_challenge = NULL;
895 }
896 /*
897 * Preserve SSID, WPA, and WME ie's so the bss node is
898 * reusable during a re-auth/re-assoc state transition.
899 * If we remove these data they will not be recreated
900 * because they come from a probe-response or beacon frame
901 * which cannot be expected prior to the association-response.
902 * This should not be an issue when operating in other modes
903 * as stations leaving always go through a full state transition
904 * which will rebuild this state.
905 *
906 * XXX does this leave us open to inheriting old state?
907 */
908 for (i = 0; i < N(ni->ni_rxfrag); i++)
909 if (ni->ni_rxfrag[i] != NULL) {
910 m_freem(ni->ni_rxfrag[i]);
911 ni->ni_rxfrag[i] = NULL;
912 }
913 /*
914 * Must be careful here to remove any key map entry w/o a LOR.
915 */
916 ieee80211_node_delucastkey(ni);
917#undef N
918}
919
920static void
921node_free(struct ieee80211_node *ni)
922{
923 struct ieee80211com *ic = ni->ni_ic;
924
925 ic->ic_node_cleanup(ni);
926 ieee80211_ies_cleanup(&ni->ni_ies);
927 IEEE80211_NODE_SAVEQ_DESTROY(ni);
928 IEEE80211_NODE_WDSQ_DESTROY(ni);
|
928 free(ni, M_80211_NODE);
| 929 FREE(ni, M_80211_NODE);
|
929}
930
931static void
932node_age(struct ieee80211_node *ni)
933{
934 struct ieee80211vap *vap = ni->ni_vap;
935#if 0
936 IEEE80211_NODE_LOCK_ASSERT(&ic->ic_sta);
937#endif
938 /*
939 * Age frames on the power save queue.
940 */
941 if (ieee80211_node_saveq_age(ni) != 0 &&
942 IEEE80211_NODE_SAVEQ_QLEN(ni) == 0 &&
943 vap->iv_set_tim != NULL)
944 vap->iv_set_tim(ni, 0);
945 /*
946 * Age frames on the wds pending queue.
947 */
948 if (IEEE80211_NODE_WDSQ_QLEN(ni) != 0)
949 ieee80211_node_wdsq_age(ni);
950 /*
951 * Age out HT resources (e.g. frames on the
952 * A-MPDU reorder queues).
953 */
954 if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT))
955 ieee80211_ht_node_age(ni);
956}
957
958static int8_t
959node_getrssi(const struct ieee80211_node *ni)
960{
961 uint32_t avgrssi = ni->ni_avgrssi;
962 int32_t rssi;
963
964 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER)
965 return 0;
966 rssi = IEEE80211_RSSI_GET(avgrssi);
967 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi;
968}
969
970static void
971node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise)
972{
973 *rssi = node_getrssi(ni);
974 *noise = ni->ni_noise;
975}
976
977static void
978node_getmimoinfo(const struct ieee80211_node *ni,
979 struct ieee80211_mimo_info *info)
980{
981 /* XXX zero data? */
982}
983
984struct ieee80211_node *
985ieee80211_alloc_node(struct ieee80211_node_table *nt,
986 struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN])
987{
988 struct ieee80211com *ic = nt->nt_ic;
989 struct ieee80211_node *ni;
990 int hash;
991
992 ni = ic->ic_node_alloc(vap, macaddr);
993 if (ni == NULL) {
994 vap->iv_stats.is_rx_nodealloc++;
995 return NULL;
996 }
997
998 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
999 "%s %p<%s> in %s table\n", __func__, ni,
1000 ether_sprintf(macaddr), nt->nt_name);
1001
1002 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
1003 hash = IEEE80211_NODE_HASH(macaddr);
1004 ieee80211_node_initref(ni); /* mark referenced */
1005 ni->ni_chan = IEEE80211_CHAN_ANYC;
1006 ni->ni_authmode = IEEE80211_AUTH_OPEN;
1007 ni->ni_txpower = ic->ic_txpowlimit; /* max power */
1008 ni->ni_txparms = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
1009 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE);
1010 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER;
1011 ni->ni_inact_reload = nt->nt_inact_init;
1012 ni->ni_inact = ni->ni_inact_reload;
1013 ni->ni_ath_defkeyix = 0x7fff;
1014 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown");
1015 IEEE80211_NODE_WDSQ_INIT(ni, "unknown");
1016
1017 IEEE80211_NODE_LOCK(nt);
1018 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list);
1019 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash);
1020 ni->ni_table = nt;
1021 ni->ni_vap = vap;
1022 ni->ni_ic = ic;
1023 IEEE80211_NODE_UNLOCK(nt);
1024
1025 return ni;
1026}
1027
1028/*
1029 * Craft a temporary node suitable for sending a management frame
1030 * to the specified station. We craft only as much state as we
1031 * need to do the work since the node will be immediately reclaimed
1032 * once the send completes.
1033 */
1034struct ieee80211_node *
1035ieee80211_tmp_node(struct ieee80211vap *vap,
1036 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1037{
1038 struct ieee80211com *ic = vap->iv_ic;
1039 struct ieee80211_node *ni;
1040
1041 ni = ic->ic_node_alloc(vap, macaddr);
1042 if (ni != NULL) {
1043 struct ieee80211_node *bss = vap->iv_bss;
1044
1045 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1046 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr));
1047
1048 ni->ni_table = NULL; /* NB: pedantic */
1049 ni->ni_ic = ic; /* NB: needed to set channel */
1050 ni->ni_vap = vap;
1051
1052 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
1053 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid);
1054 ieee80211_node_initref(ni); /* mark referenced */
1055 /* NB: required by ieee80211_fix_rate */
1056 ieee80211_node_set_chan(ni, bss->ni_chan);
1057 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey,
1058 IEEE80211_KEYIX_NONE);
1059 ni->ni_txpower = bss->ni_txpower;
1060 /* XXX optimize away */
1061 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown");
1062 IEEE80211_NODE_WDSQ_INIT(ni, "unknown");
1063 } else {
1064 /* XXX msg */
1065 vap->iv_stats.is_rx_nodealloc++;
1066 }
1067 return ni;
1068}
1069
1070struct ieee80211_node *
1071ieee80211_dup_bss(struct ieee80211vap *vap,
1072 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1073{
1074 struct ieee80211com *ic = vap->iv_ic;
1075 struct ieee80211_node *ni;
1076
1077 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr);
1078 if (ni != NULL) {
1079 struct ieee80211_node *bss = vap->iv_bss;
1080 /*
1081 * Inherit from iv_bss.
1082 */
1083 copy_bss(ni, bss);
1084 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid);
1085 ieee80211_node_set_chan(ni, bss->ni_chan);
1086 }
1087 return ni;
1088}
1089
1090/*
1091 * Create a bss node for a legacy WDS vap. The far end does
1092 * not associate so we just create create a new node and
1093 * simulate an association. The caller is responsible for
1094 * installing the node as the bss node and handling any further
1095 * setup work like authorizing the port.
1096 */
1097struct ieee80211_node *
1098ieee80211_node_create_wds(struct ieee80211vap *vap,
1099 const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan)
1100{
1101 struct ieee80211com *ic = vap->iv_ic;
1102 struct ieee80211_node *ni;
1103
1104 /* XXX check if node already in sta table? */
1105 ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid);
1106 if (ni != NULL) {
1107 ni->ni_wdsvap = vap;
1108 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid);
1109 /*
1110 * Inherit any manually configured settings.
1111 */
1112 copy_bss(ni, vap->iv_bss);
1113 ieee80211_node_set_chan(ni, chan);
1114 /* NB: propagate ssid so available to WPA supplicant */
1115 ni->ni_esslen = vap->iv_des_ssid[0].len;
1116 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen);
1117 /* NB: no associd for peer */
1118 /*
1119 * There are no management frames to use to
1120 * discover neighbor capabilities, so blindly
1121 * propagate the local configuration.
1122 */
1123 if (vap->iv_flags & IEEE80211_F_WME)
1124 ni->ni_flags |= IEEE80211_NODE_QOS;
1125 if (vap->iv_flags & IEEE80211_F_FF)
1126 ni->ni_flags |= IEEE80211_NODE_FF;
1127 if ((ic->ic_htcaps & IEEE80211_HTC_HT) &&
1128 (vap->iv_flags_ext & IEEE80211_FEXT_HT)) {
1129 /*
1130 * Device is HT-capable and HT is enabled for
1131 * the vap; setup HT operation. On return
1132 * ni_chan will be adjusted to an HT channel.
1133 */
1134 ieee80211_ht_wds_init(ni);
1135 } else {
1136 struct ieee80211_channel *c = ni->ni_chan;
1137 /*
1138 * Force a legacy channel to be used.
1139 */
1140 c = ieee80211_find_channel(ic,
1141 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT);
1142 KASSERT(c != NULL, ("no legacy channel, %u/%x",
1143 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags));
1144 ni->ni_chan = c;
1145 }
1146 }
1147 return ni;
1148}
1149
1150struct ieee80211_node *
1151#ifdef IEEE80211_DEBUG_REFCNT
1152ieee80211_find_node_locked_debug(struct ieee80211_node_table *nt,
1153 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1154#else
1155ieee80211_find_node_locked(struct ieee80211_node_table *nt,
1156 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1157#endif
1158{
1159 struct ieee80211_node *ni;
1160 int hash;
1161
1162 IEEE80211_NODE_LOCK_ASSERT(nt);
1163
1164 hash = IEEE80211_NODE_HASH(macaddr);
1165 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) {
1166 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) {
1167 ieee80211_ref_node(ni); /* mark referenced */
1168#ifdef IEEE80211_DEBUG_REFCNT
1169 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1170 "%s (%s:%u) %p<%s> refcnt %d\n", __func__,
1171 func, line,
1172 ni, ether_sprintf(ni->ni_macaddr),
1173 ieee80211_node_refcnt(ni));
1174#endif
1175 return ni;
1176 }
1177 }
1178 return NULL;
1179}
1180
1181struct ieee80211_node *
1182#ifdef IEEE80211_DEBUG_REFCNT
1183ieee80211_find_node_debug(struct ieee80211_node_table *nt,
1184 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1185#else
1186ieee80211_find_node(struct ieee80211_node_table *nt,
1187 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1188#endif
1189{
1190 struct ieee80211_node *ni;
1191
1192 IEEE80211_NODE_LOCK(nt);
1193 ni = ieee80211_find_node_locked(nt, macaddr);
1194 IEEE80211_NODE_UNLOCK(nt);
1195 return ni;
1196}
1197
1198struct ieee80211_node *
1199#ifdef IEEE80211_DEBUG_REFCNT
1200ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table *nt,
1201 const struct ieee80211vap *vap,
1202 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1203#else
1204ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt,
1205 const struct ieee80211vap *vap,
1206 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1207#endif
1208{
1209 struct ieee80211_node *ni;
1210 int hash;
1211
1212 IEEE80211_NODE_LOCK_ASSERT(nt);
1213
1214 hash = IEEE80211_NODE_HASH(macaddr);
1215 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) {
1216 if (ni->ni_vap == vap &&
1217 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) {
1218 ieee80211_ref_node(ni); /* mark referenced */
1219#ifdef IEEE80211_DEBUG_REFCNT
1220 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1221 "%s (%s:%u) %p<%s> refcnt %d\n", __func__,
1222 func, line,
1223 ni, ether_sprintf(ni->ni_macaddr),
1224 ieee80211_node_refcnt(ni));
1225#endif
1226 return ni;
1227 }
1228 }
1229 return NULL;
1230}
1231
1232struct ieee80211_node *
1233#ifdef IEEE80211_DEBUG_REFCNT
1234ieee80211_find_vap_node_debug(struct ieee80211_node_table *nt,
1235 const struct ieee80211vap *vap,
1236 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1237#else
1238ieee80211_find_vap_node(struct ieee80211_node_table *nt,
1239 const struct ieee80211vap *vap,
1240 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1241#endif
1242{
1243 struct ieee80211_node *ni;
1244
1245 IEEE80211_NODE_LOCK(nt);
1246 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr);
1247 IEEE80211_NODE_UNLOCK(nt);
1248 return ni;
1249}
1250
1251/*
1252 * Fake up a node; this handles node discovery in adhoc mode.
1253 * Note that for the driver's benefit we we treat this like
1254 * an association so the driver has an opportunity to setup
1255 * it's private state.
1256 */
1257struct ieee80211_node *
1258ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap,
1259 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1260{
1261 struct ieee80211_node *ni;
1262
1263 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1264 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr));
1265 ni = ieee80211_dup_bss(vap, macaddr);
1266 if (ni != NULL) {
1267 struct ieee80211com *ic = vap->iv_ic;
1268
1269 /* XXX no rate negotiation; just dup */
1270 ni->ni_rates = vap->iv_bss->ni_rates;
1271 if (vap->iv_opmode == IEEE80211_M_AHDEMO) {
1272 /*
1273 * In adhoc demo mode there are no management
1274 * frames to use to discover neighbor capabilities,
1275 * so blindly propagate the local configuration
1276 * so we can do interesting things (e.g. use
1277 * WME to disable ACK's).
1278 */
1279 if (vap->iv_flags & IEEE80211_F_WME)
1280 ni->ni_flags |= IEEE80211_NODE_QOS;
1281 if (vap->iv_flags & IEEE80211_F_FF)
1282 ni->ni_flags |= IEEE80211_NODE_FF;
1283 }
1284 node_setuptxparms(ni);
1285 if (ic->ic_newassoc != NULL)
1286 ic->ic_newassoc(ni, 1);
1287 /* XXX not right for 802.1x/WPA */
1288 ieee80211_node_authorize(ni);
1289 }
1290 return ni;
1291}
1292
1293void
1294ieee80211_init_neighbor(struct ieee80211_node *ni,
1295 const struct ieee80211_frame *wh,
1296 const struct ieee80211_scanparams *sp)
1297{
1298 ni->ni_esslen = sp->ssid[1];
1299 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]);
1300 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3);
1301 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp));
1302 ni->ni_intval = sp->bintval;
1303 ni->ni_capinfo = sp->capinfo;
1304 ni->ni_chan = ni->ni_ic->ic_curchan;
1305 ni->ni_fhdwell = sp->fhdwell;
1306 ni->ni_fhindex = sp->fhindex;
1307 ni->ni_erp = sp->erp;
1308 ni->ni_timoff = sp->timoff;
1309
1310 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) {
1311 ieee80211_ies_expand(&ni->ni_ies);
1312 if (ni->ni_ies.ath_ie != NULL)
1313 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie);
1314 }
1315
1316 /* NB: must be after ni_chan is setup */
1317 ieee80211_setup_rates(ni, sp->rates, sp->xrates,
1318 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE |
1319 IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
1320}
1321
1322/*
1323 * Do node discovery in adhoc mode on receipt of a beacon
1324 * or probe response frame. Note that for the driver's
1325 * benefit we we treat this like an association so the
1326 * driver has an opportunity to setup it's private state.
1327 */
1328struct ieee80211_node *
1329ieee80211_add_neighbor(struct ieee80211vap *vap,
1330 const struct ieee80211_frame *wh,
1331 const struct ieee80211_scanparams *sp)
1332{
1333 struct ieee80211_node *ni;
1334
1335 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1336 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2));
1337 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */
1338 if (ni != NULL) {
1339 struct ieee80211com *ic = vap->iv_ic;
1340
1341 ieee80211_init_neighbor(ni, wh, sp);
1342 node_setuptxparms(ni);
1343 if (ic->ic_newassoc != NULL)
1344 ic->ic_newassoc(ni, 1);
1345 /* XXX not right for 802.1x/WPA */
1346 ieee80211_node_authorize(ni);
1347 }
1348 return ni;
1349}
1350
1351#define IS_CTL(wh) \
1352 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL)
1353#define IS_PSPOLL(wh) \
1354 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL)
1355#define IS_BAR(wh) \
1356 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_BAR)
1357#define IS_PROBEREQ(wh) \
1358 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) \
1359 == (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ))
1360#define IS_BCAST_PROBEREQ(wh) \
1361 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \
1362 ((const struct ieee80211_frame *)(wh))->i_addr3))
1363
1364static __inline struct ieee80211_node *
1365_find_rxnode(struct ieee80211_node_table *nt,
1366 const struct ieee80211_frame_min *wh)
1367{
1368 /* XXX 4-address frames? */
1369 if (IS_CTL(wh) && !IS_PSPOLL(wh) && !IS_BAR(wh) /*&& !IS_RTS(ah)*/)
1370 return ieee80211_find_node_locked(nt, wh->i_addr1);
1371 if (IS_BCAST_PROBEREQ(wh))
1372 return NULL; /* spam bcast probe req to all vap's */
1373 return ieee80211_find_node_locked(nt, wh->i_addr2);
1374}
1375
1376/*
1377 * Locate the node for sender, track state, and then pass the
1378 * (referenced) node up to the 802.11 layer for its use. Note
1379 * we can return NULL if the sender is not in the table.
1380 */
1381struct ieee80211_node *
1382#ifdef IEEE80211_DEBUG_REFCNT
1383ieee80211_find_rxnode_debug(struct ieee80211com *ic,
1384 const struct ieee80211_frame_min *wh, const char *func, int line)
1385#else
1386ieee80211_find_rxnode(struct ieee80211com *ic,
1387 const struct ieee80211_frame_min *wh)
1388#endif
1389{
1390 struct ieee80211_node_table *nt;
1391 struct ieee80211_node *ni;
1392
1393 nt = &ic->ic_sta;
1394 IEEE80211_NODE_LOCK(nt);
1395 ni = _find_rxnode(nt, wh);
1396 IEEE80211_NODE_UNLOCK(nt);
1397
1398 return ni;
1399}
1400
1401/*
1402 * Like ieee80211_find_rxnode but use the supplied h/w
1403 * key index as a hint to locate the node in the key
1404 * mapping table. If an entry is present at the key
1405 * index we return it; otherwise do a normal lookup and
1406 * update the mapping table if the station has a unicast
1407 * key assigned to it.
1408 */
1409struct ieee80211_node *
1410#ifdef IEEE80211_DEBUG_REFCNT
1411ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic,
1412 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix,
1413 const char *func, int line)
1414#else
1415ieee80211_find_rxnode_withkey(struct ieee80211com *ic,
1416 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix)
1417#endif
1418{
1419 struct ieee80211_node_table *nt;
1420 struct ieee80211_node *ni;
1421
1422 nt = &ic->ic_sta;
1423 IEEE80211_NODE_LOCK(nt);
1424 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax)
1425 ni = nt->nt_keyixmap[keyix];
1426 else
1427 ni = NULL;
1428 if (ni == NULL) {
1429 ni = _find_rxnode(nt, wh);
1430 if (ni != NULL && nt->nt_keyixmap != NULL) {
1431 /*
1432 * If the station has a unicast key cache slot
1433 * assigned update the key->node mapping table.
1434 */
1435 keyix = ni->ni_ucastkey.wk_rxkeyix;
1436 /* XXX can keyixmap[keyix] != NULL? */
1437 if (keyix < nt->nt_keyixmax &&
1438 nt->nt_keyixmap[keyix] == NULL) {
1439 IEEE80211_DPRINTF(ni->ni_vap,
1440 IEEE80211_MSG_NODE,
1441 "%s: add key map entry %p<%s> refcnt %d\n",
1442 __func__, ni, ether_sprintf(ni->ni_macaddr),
1443 ieee80211_node_refcnt(ni)+1);
1444 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni);
1445 }
1446 }
1447 } else {
1448 if (IS_BCAST_PROBEREQ(wh))
1449 ni = NULL; /* spam bcast probe req to all vap's */
1450 else
1451 ieee80211_ref_node(ni);
1452 }
1453 IEEE80211_NODE_UNLOCK(nt);
1454
1455 return ni;
1456}
1457#undef IS_BCAST_PROBEREQ
1458#undef IS_PROBEREQ
1459#undef IS_BAR
1460#undef IS_PSPOLL
1461#undef IS_CTL
1462
1463/*
1464 * Return a reference to the appropriate node for sending
1465 * a data frame. This handles node discovery in adhoc networks.
1466 */
1467struct ieee80211_node *
1468#ifdef IEEE80211_DEBUG_REFCNT
1469ieee80211_find_txnode_debug(struct ieee80211vap *vap,
1470 const uint8_t macaddr[IEEE80211_ADDR_LEN],
1471 const char *func, int line)
1472#else
1473ieee80211_find_txnode(struct ieee80211vap *vap,
1474 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1475#endif
1476{
1477 struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta;
1478 struct ieee80211_node *ni;
1479
1480 /*
1481 * The destination address should be in the node table
1482 * unless this is a multicast/broadcast frame. We can
1483 * also optimize station mode operation, all frames go
1484 * to the bss node.
1485 */
1486 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */
1487 IEEE80211_NODE_LOCK(nt);
1488 if (vap->iv_opmode == IEEE80211_M_STA ||
1489 vap->iv_opmode == IEEE80211_M_WDS ||
1490 IEEE80211_IS_MULTICAST(macaddr))
1491 ni = ieee80211_ref_node(vap->iv_bss);
1492 else {
1493 ni = ieee80211_find_node_locked(nt, macaddr);
1494 if (vap->iv_opmode == IEEE80211_M_HOSTAP &&
1495 (ni != NULL && ni->ni_associd == 0)) {
1496 /*
1497 * Station is not associated; don't permit the
1498 * data frame to be sent by returning NULL. This
1499 * is kinda a kludge but the least intrusive way
1500 * to add this check into all drivers.
1501 */
1502 ieee80211_unref_node(&ni); /* NB: null's ni */
1503 }
1504 }
1505 IEEE80211_NODE_UNLOCK(nt);
1506
1507 if (ni == NULL) {
1508 if (vap->iv_opmode == IEEE80211_M_IBSS ||
1509 vap->iv_opmode == IEEE80211_M_AHDEMO) {
1510 /*
1511 * In adhoc mode cons up a node for the destination.
1512 * Note that we need an additional reference for the
1513 * caller to be consistent with
1514 * ieee80211_find_node_locked.
1515 */
1516 ni = ieee80211_fakeup_adhoc_node(vap, macaddr);
1517 if (ni != NULL)
1518 (void) ieee80211_ref_node(ni);
1519 } else {
1520 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr,
1521 "no node, discard frame (%s)", __func__);
1522 vap->iv_stats.is_tx_nonode++;
1523 }
1524 }
1525 return ni;
1526}
1527
1528static void
1529_ieee80211_free_node(struct ieee80211_node *ni)
1530{
1531 struct ieee80211_node_table *nt = ni->ni_table;
1532
1533 /*
1534 * NB: careful about referencing the vap as it may be
1535 * gone if the last reference was held by a driver.
1536 * We know the com will always be present so it's safe
1537 * to use ni_ic below to reclaim resources.
1538 */
1539#if 0
1540 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1541 "%s %p<%s> in %s table\n", __func__, ni,
1542 ether_sprintf(ni->ni_macaddr),
1543 nt != NULL ? nt->nt_name : "<gone>");
1544#endif
1545 if (ni->ni_associd != 0) {
1546 struct ieee80211vap *vap = ni->ni_vap;
1547 if (vap->iv_aid_bitmap != NULL)
1548 IEEE80211_AID_CLR(vap, ni->ni_associd);
1549 }
1550 if (nt != NULL) {
1551 TAILQ_REMOVE(&nt->nt_node, ni, ni_list);
1552 LIST_REMOVE(ni, ni_hash);
1553 }
1554 ni->ni_ic->ic_node_free(ni);
1555}
1556
1557void
1558#ifdef IEEE80211_DEBUG_REFCNT
1559ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line)
1560#else
1561ieee80211_free_node(struct ieee80211_node *ni)
1562#endif
1563{
1564 struct ieee80211_node_table *nt = ni->ni_table;
1565
1566#ifdef IEEE80211_DEBUG_REFCNT
1567 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1568 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni,
1569 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1);
1570#endif
1571 if (nt != NULL) {
1572 IEEE80211_NODE_LOCK(nt);
1573 if (ieee80211_node_dectestref(ni)) {
1574 /*
1575 * Last reference, reclaim state.
1576 */
1577 _ieee80211_free_node(ni);
1578 } else if (ieee80211_node_refcnt(ni) == 1 &&
1579 nt->nt_keyixmap != NULL) {
1580 ieee80211_keyix keyix;
1581 /*
1582 * Check for a last reference in the key mapping table.
1583 */
1584 keyix = ni->ni_ucastkey.wk_rxkeyix;
1585 if (keyix < nt->nt_keyixmax &&
1586 nt->nt_keyixmap[keyix] == ni) {
1587 IEEE80211_DPRINTF(ni->ni_vap,
1588 IEEE80211_MSG_NODE,
1589 "%s: %p<%s> clear key map entry", __func__,
1590 ni, ether_sprintf(ni->ni_macaddr));
1591 nt->nt_keyixmap[keyix] = NULL;
1592 ieee80211_node_decref(ni); /* XXX needed? */
1593 _ieee80211_free_node(ni);
1594 }
1595 }
1596 IEEE80211_NODE_UNLOCK(nt);
1597 } else {
1598 if (ieee80211_node_dectestref(ni))
1599 _ieee80211_free_node(ni);
1600 }
1601}
1602
1603/*
1604 * Reclaim a unicast key and clear any key cache state.
1605 */
1606int
1607ieee80211_node_delucastkey(struct ieee80211_node *ni)
1608{
1609 struct ieee80211com *ic = ni->ni_ic;
1610 struct ieee80211_node_table *nt = &ic->ic_sta;
1611 struct ieee80211_node *nikey;
1612 ieee80211_keyix keyix;
1613 int isowned, status;
1614
1615 /*
1616 * NB: We must beware of LOR here; deleting the key
1617 * can cause the crypto layer to block traffic updates
1618 * which can generate a LOR against the node table lock;
1619 * grab it here and stash the key index for our use below.
1620 *
1621 * Must also beware of recursion on the node table lock.
1622 * When called from node_cleanup we may already have
1623 * the node table lock held. Unfortunately there's no
1624 * way to separate out this path so we must do this
1625 * conditionally.
1626 */
1627 isowned = IEEE80211_NODE_IS_LOCKED(nt);
1628 if (!isowned)
1629 IEEE80211_NODE_LOCK(nt);
1630 nikey = NULL;
1631 status = 1; /* NB: success */
1632 if (!IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
1633 keyix = ni->ni_ucastkey.wk_rxkeyix;
1634 status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey);
1635 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) {
1636 nikey = nt->nt_keyixmap[keyix];
1637 nt->nt_keyixmap[keyix] = NULL;;
1638 }
1639 }
1640 if (!isowned)
1641 IEEE80211_NODE_UNLOCK(nt);
1642
1643 if (nikey != NULL) {
1644 KASSERT(nikey == ni,
1645 ("key map out of sync, ni %p nikey %p", ni, nikey));
1646 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1647 "%s: delete key map entry %p<%s> refcnt %d\n",
1648 __func__, ni, ether_sprintf(ni->ni_macaddr),
1649 ieee80211_node_refcnt(ni)-1);
1650 ieee80211_free_node(ni);
1651 }
1652 return status;
1653}
1654
1655/*
1656 * Reclaim a node. If this is the last reference count then
1657 * do the normal free work. Otherwise remove it from the node
1658 * table and mark it gone by clearing the back-reference.
1659 */
1660static void
1661node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni)
1662{
1663 ieee80211_keyix keyix;
1664
1665 IEEE80211_NODE_LOCK_ASSERT(nt);
1666
1667 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1668 "%s: remove %p<%s> from %s table, refcnt %d\n",
1669 __func__, ni, ether_sprintf(ni->ni_macaddr),
1670 nt->nt_name, ieee80211_node_refcnt(ni)-1);
1671 /*
1672 * Clear any entry in the unicast key mapping table.
1673 * We need to do it here so rx lookups don't find it
1674 * in the mapping table even if it's not in the hash
1675 * table. We cannot depend on the mapping table entry
1676 * being cleared because the node may not be free'd.
1677 */
1678 keyix = ni->ni_ucastkey.wk_rxkeyix;
1679 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax &&
1680 nt->nt_keyixmap[keyix] == ni) {
1681 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1682 "%s: %p<%s> clear key map entry\n",
1683 __func__, ni, ether_sprintf(ni->ni_macaddr));
1684 nt->nt_keyixmap[keyix] = NULL;
1685 ieee80211_node_decref(ni); /* NB: don't need free */
1686 }
1687 if (!ieee80211_node_dectestref(ni)) {
1688 /*
1689 * Other references are present, just remove the
1690 * node from the table so it cannot be found. When
1691 * the references are dropped storage will be
1692 * reclaimed.
1693 */
1694 TAILQ_REMOVE(&nt->nt_node, ni, ni_list);
1695 LIST_REMOVE(ni, ni_hash);
1696 ni->ni_table = NULL; /* clear reference */
1697 } else
1698 _ieee80211_free_node(ni);
1699}
1700
1701/*
1702 * Reclaim a (bss) node. Decrement the refcnt and reclaim
1703 * the node if the only other reference to it is in the sta
1704 * table. This is effectively ieee80211_free_node followed
1705 * by node_reclaim when the refcnt is 1 (after the free).
1706 */
1707static void
1708ieee80211_node_reclaim(struct ieee80211_node *ni)
1709{
1710 struct ieee80211_node_table *nt = ni->ni_table;
1711
1712 KASSERT(nt != NULL, ("reclaim node not in table"));
1713
1714#ifdef IEEE80211_DEBUG_REFCNT
1715 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1716 "%s %p<%s> refcnt %d\n", __func__, ni,
1717 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1);
1718#endif
1719 IEEE80211_NODE_LOCK(nt);
1720 if (ieee80211_node_dectestref(ni)) {
1721 /*
1722 * Last reference, reclaim state.
1723 */
1724 _ieee80211_free_node(ni);
1725 nt = NULL;
1726 } else if (ieee80211_node_refcnt(ni) == 1 &&
1727 nt->nt_keyixmap != NULL) {
1728 ieee80211_keyix keyix;
1729 /*
1730 * Check for a last reference in the key mapping table.
1731 */
1732 keyix = ni->ni_ucastkey.wk_rxkeyix;
1733 if (keyix < nt->nt_keyixmax &&
1734 nt->nt_keyixmap[keyix] == ni) {
1735 IEEE80211_DPRINTF(ni->ni_vap,
1736 IEEE80211_MSG_NODE,
1737 "%s: %p<%s> clear key map entry", __func__,
1738 ni, ether_sprintf(ni->ni_macaddr));
1739 nt->nt_keyixmap[keyix] = NULL;
1740 ieee80211_node_decref(ni); /* XXX needed? */
1741 _ieee80211_free_node(ni);
1742 nt = NULL;
1743 }
1744 }
1745 if (nt != NULL && ieee80211_node_refcnt(ni) == 1) {
1746 /*
1747 * Last reference is in the sta table; complete
1748 * the reclaim. This handles bss nodes being
1749 * recycled: the node has two references, one for
1750 * iv_bss and one for the table. After dropping
1751 * the iv_bss ref above we need to reclaim the sta
1752 * table reference.
1753 */
1754 ieee80211_node_decref(ni); /* NB: be pendantic */
1755 _ieee80211_free_node(ni);
1756 }
1757 IEEE80211_NODE_UNLOCK(nt);
1758}
1759
1760/*
1761 * Node table support.
1762 */
1763
1764static void
1765ieee80211_node_table_init(struct ieee80211com *ic,
1766 struct ieee80211_node_table *nt,
1767 const char *name, int inact, int keyixmax)
1768{
1769 struct ifnet *ifp = ic->ic_ifp;
1770
1771 nt->nt_ic = ic;
1772 IEEE80211_NODE_LOCK_INIT(nt, ifp->if_xname);
1773 IEEE80211_NODE_ITERATE_LOCK_INIT(nt, ifp->if_xname);
1774 TAILQ_INIT(&nt->nt_node);
1775 nt->nt_name = name;
1776 nt->nt_scangen = 1;
1777 nt->nt_inact_init = inact;
1778 nt->nt_keyixmax = keyixmax;
1779 if (nt->nt_keyixmax > 0) {
| 930}
931
932static void
933node_age(struct ieee80211_node *ni)
934{
935 struct ieee80211vap *vap = ni->ni_vap;
936#if 0
937 IEEE80211_NODE_LOCK_ASSERT(&ic->ic_sta);
938#endif
939 /*
940 * Age frames on the power save queue.
941 */
942 if (ieee80211_node_saveq_age(ni) != 0 &&
943 IEEE80211_NODE_SAVEQ_QLEN(ni) == 0 &&
944 vap->iv_set_tim != NULL)
945 vap->iv_set_tim(ni, 0);
946 /*
947 * Age frames on the wds pending queue.
948 */
949 if (IEEE80211_NODE_WDSQ_QLEN(ni) != 0)
950 ieee80211_node_wdsq_age(ni);
951 /*
952 * Age out HT resources (e.g. frames on the
953 * A-MPDU reorder queues).
954 */
955 if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT))
956 ieee80211_ht_node_age(ni);
957}
958
959static int8_t
960node_getrssi(const struct ieee80211_node *ni)
961{
962 uint32_t avgrssi = ni->ni_avgrssi;
963 int32_t rssi;
964
965 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER)
966 return 0;
967 rssi = IEEE80211_RSSI_GET(avgrssi);
968 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi;
969}
970
971static void
972node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise)
973{
974 *rssi = node_getrssi(ni);
975 *noise = ni->ni_noise;
976}
977
978static void
979node_getmimoinfo(const struct ieee80211_node *ni,
980 struct ieee80211_mimo_info *info)
981{
982 /* XXX zero data? */
983}
984
985struct ieee80211_node *
986ieee80211_alloc_node(struct ieee80211_node_table *nt,
987 struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN])
988{
989 struct ieee80211com *ic = nt->nt_ic;
990 struct ieee80211_node *ni;
991 int hash;
992
993 ni = ic->ic_node_alloc(vap, macaddr);
994 if (ni == NULL) {
995 vap->iv_stats.is_rx_nodealloc++;
996 return NULL;
997 }
998
999 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1000 "%s %p<%s> in %s table\n", __func__, ni,
1001 ether_sprintf(macaddr), nt->nt_name);
1002
1003 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
1004 hash = IEEE80211_NODE_HASH(macaddr);
1005 ieee80211_node_initref(ni); /* mark referenced */
1006 ni->ni_chan = IEEE80211_CHAN_ANYC;
1007 ni->ni_authmode = IEEE80211_AUTH_OPEN;
1008 ni->ni_txpower = ic->ic_txpowlimit; /* max power */
1009 ni->ni_txparms = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
1010 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE);
1011 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER;
1012 ni->ni_inact_reload = nt->nt_inact_init;
1013 ni->ni_inact = ni->ni_inact_reload;
1014 ni->ni_ath_defkeyix = 0x7fff;
1015 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown");
1016 IEEE80211_NODE_WDSQ_INIT(ni, "unknown");
1017
1018 IEEE80211_NODE_LOCK(nt);
1019 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list);
1020 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash);
1021 ni->ni_table = nt;
1022 ni->ni_vap = vap;
1023 ni->ni_ic = ic;
1024 IEEE80211_NODE_UNLOCK(nt);
1025
1026 return ni;
1027}
1028
1029/*
1030 * Craft a temporary node suitable for sending a management frame
1031 * to the specified station. We craft only as much state as we
1032 * need to do the work since the node will be immediately reclaimed
1033 * once the send completes.
1034 */
1035struct ieee80211_node *
1036ieee80211_tmp_node(struct ieee80211vap *vap,
1037 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1038{
1039 struct ieee80211com *ic = vap->iv_ic;
1040 struct ieee80211_node *ni;
1041
1042 ni = ic->ic_node_alloc(vap, macaddr);
1043 if (ni != NULL) {
1044 struct ieee80211_node *bss = vap->iv_bss;
1045
1046 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1047 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr));
1048
1049 ni->ni_table = NULL; /* NB: pedantic */
1050 ni->ni_ic = ic; /* NB: needed to set channel */
1051 ni->ni_vap = vap;
1052
1053 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
1054 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid);
1055 ieee80211_node_initref(ni); /* mark referenced */
1056 /* NB: required by ieee80211_fix_rate */
1057 ieee80211_node_set_chan(ni, bss->ni_chan);
1058 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey,
1059 IEEE80211_KEYIX_NONE);
1060 ni->ni_txpower = bss->ni_txpower;
1061 /* XXX optimize away */
1062 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown");
1063 IEEE80211_NODE_WDSQ_INIT(ni, "unknown");
1064 } else {
1065 /* XXX msg */
1066 vap->iv_stats.is_rx_nodealloc++;
1067 }
1068 return ni;
1069}
1070
1071struct ieee80211_node *
1072ieee80211_dup_bss(struct ieee80211vap *vap,
1073 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1074{
1075 struct ieee80211com *ic = vap->iv_ic;
1076 struct ieee80211_node *ni;
1077
1078 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr);
1079 if (ni != NULL) {
1080 struct ieee80211_node *bss = vap->iv_bss;
1081 /*
1082 * Inherit from iv_bss.
1083 */
1084 copy_bss(ni, bss);
1085 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid);
1086 ieee80211_node_set_chan(ni, bss->ni_chan);
1087 }
1088 return ni;
1089}
1090
1091/*
1092 * Create a bss node for a legacy WDS vap. The far end does
1093 * not associate so we just create create a new node and
1094 * simulate an association. The caller is responsible for
1095 * installing the node as the bss node and handling any further
1096 * setup work like authorizing the port.
1097 */
1098struct ieee80211_node *
1099ieee80211_node_create_wds(struct ieee80211vap *vap,
1100 const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan)
1101{
1102 struct ieee80211com *ic = vap->iv_ic;
1103 struct ieee80211_node *ni;
1104
1105 /* XXX check if node already in sta table? */
1106 ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid);
1107 if (ni != NULL) {
1108 ni->ni_wdsvap = vap;
1109 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid);
1110 /*
1111 * Inherit any manually configured settings.
1112 */
1113 copy_bss(ni, vap->iv_bss);
1114 ieee80211_node_set_chan(ni, chan);
1115 /* NB: propagate ssid so available to WPA supplicant */
1116 ni->ni_esslen = vap->iv_des_ssid[0].len;
1117 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen);
1118 /* NB: no associd for peer */
1119 /*
1120 * There are no management frames to use to
1121 * discover neighbor capabilities, so blindly
1122 * propagate the local configuration.
1123 */
1124 if (vap->iv_flags & IEEE80211_F_WME)
1125 ni->ni_flags |= IEEE80211_NODE_QOS;
1126 if (vap->iv_flags & IEEE80211_F_FF)
1127 ni->ni_flags |= IEEE80211_NODE_FF;
1128 if ((ic->ic_htcaps & IEEE80211_HTC_HT) &&
1129 (vap->iv_flags_ext & IEEE80211_FEXT_HT)) {
1130 /*
1131 * Device is HT-capable and HT is enabled for
1132 * the vap; setup HT operation. On return
1133 * ni_chan will be adjusted to an HT channel.
1134 */
1135 ieee80211_ht_wds_init(ni);
1136 } else {
1137 struct ieee80211_channel *c = ni->ni_chan;
1138 /*
1139 * Force a legacy channel to be used.
1140 */
1141 c = ieee80211_find_channel(ic,
1142 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT);
1143 KASSERT(c != NULL, ("no legacy channel, %u/%x",
1144 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags));
1145 ni->ni_chan = c;
1146 }
1147 }
1148 return ni;
1149}
1150
1151struct ieee80211_node *
1152#ifdef IEEE80211_DEBUG_REFCNT
1153ieee80211_find_node_locked_debug(struct ieee80211_node_table *nt,
1154 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1155#else
1156ieee80211_find_node_locked(struct ieee80211_node_table *nt,
1157 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1158#endif
1159{
1160 struct ieee80211_node *ni;
1161 int hash;
1162
1163 IEEE80211_NODE_LOCK_ASSERT(nt);
1164
1165 hash = IEEE80211_NODE_HASH(macaddr);
1166 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) {
1167 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) {
1168 ieee80211_ref_node(ni); /* mark referenced */
1169#ifdef IEEE80211_DEBUG_REFCNT
1170 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1171 "%s (%s:%u) %p<%s> refcnt %d\n", __func__,
1172 func, line,
1173 ni, ether_sprintf(ni->ni_macaddr),
1174 ieee80211_node_refcnt(ni));
1175#endif
1176 return ni;
1177 }
1178 }
1179 return NULL;
1180}
1181
1182struct ieee80211_node *
1183#ifdef IEEE80211_DEBUG_REFCNT
1184ieee80211_find_node_debug(struct ieee80211_node_table *nt,
1185 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1186#else
1187ieee80211_find_node(struct ieee80211_node_table *nt,
1188 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1189#endif
1190{
1191 struct ieee80211_node *ni;
1192
1193 IEEE80211_NODE_LOCK(nt);
1194 ni = ieee80211_find_node_locked(nt, macaddr);
1195 IEEE80211_NODE_UNLOCK(nt);
1196 return ni;
1197}
1198
1199struct ieee80211_node *
1200#ifdef IEEE80211_DEBUG_REFCNT
1201ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table *nt,
1202 const struct ieee80211vap *vap,
1203 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1204#else
1205ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt,
1206 const struct ieee80211vap *vap,
1207 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1208#endif
1209{
1210 struct ieee80211_node *ni;
1211 int hash;
1212
1213 IEEE80211_NODE_LOCK_ASSERT(nt);
1214
1215 hash = IEEE80211_NODE_HASH(macaddr);
1216 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) {
1217 if (ni->ni_vap == vap &&
1218 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) {
1219 ieee80211_ref_node(ni); /* mark referenced */
1220#ifdef IEEE80211_DEBUG_REFCNT
1221 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1222 "%s (%s:%u) %p<%s> refcnt %d\n", __func__,
1223 func, line,
1224 ni, ether_sprintf(ni->ni_macaddr),
1225 ieee80211_node_refcnt(ni));
1226#endif
1227 return ni;
1228 }
1229 }
1230 return NULL;
1231}
1232
1233struct ieee80211_node *
1234#ifdef IEEE80211_DEBUG_REFCNT
1235ieee80211_find_vap_node_debug(struct ieee80211_node_table *nt,
1236 const struct ieee80211vap *vap,
1237 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1238#else
1239ieee80211_find_vap_node(struct ieee80211_node_table *nt,
1240 const struct ieee80211vap *vap,
1241 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1242#endif
1243{
1244 struct ieee80211_node *ni;
1245
1246 IEEE80211_NODE_LOCK(nt);
1247 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr);
1248 IEEE80211_NODE_UNLOCK(nt);
1249 return ni;
1250}
1251
1252/*
1253 * Fake up a node; this handles node discovery in adhoc mode.
1254 * Note that for the driver's benefit we we treat this like
1255 * an association so the driver has an opportunity to setup
1256 * it's private state.
1257 */
1258struct ieee80211_node *
1259ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap,
1260 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1261{
1262 struct ieee80211_node *ni;
1263
1264 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1265 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr));
1266 ni = ieee80211_dup_bss(vap, macaddr);
1267 if (ni != NULL) {
1268 struct ieee80211com *ic = vap->iv_ic;
1269
1270 /* XXX no rate negotiation; just dup */
1271 ni->ni_rates = vap->iv_bss->ni_rates;
1272 if (vap->iv_opmode == IEEE80211_M_AHDEMO) {
1273 /*
1274 * In adhoc demo mode there are no management
1275 * frames to use to discover neighbor capabilities,
1276 * so blindly propagate the local configuration
1277 * so we can do interesting things (e.g. use
1278 * WME to disable ACK's).
1279 */
1280 if (vap->iv_flags & IEEE80211_F_WME)
1281 ni->ni_flags |= IEEE80211_NODE_QOS;
1282 if (vap->iv_flags & IEEE80211_F_FF)
1283 ni->ni_flags |= IEEE80211_NODE_FF;
1284 }
1285 node_setuptxparms(ni);
1286 if (ic->ic_newassoc != NULL)
1287 ic->ic_newassoc(ni, 1);
1288 /* XXX not right for 802.1x/WPA */
1289 ieee80211_node_authorize(ni);
1290 }
1291 return ni;
1292}
1293
1294void
1295ieee80211_init_neighbor(struct ieee80211_node *ni,
1296 const struct ieee80211_frame *wh,
1297 const struct ieee80211_scanparams *sp)
1298{
1299 ni->ni_esslen = sp->ssid[1];
1300 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]);
1301 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3);
1302 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp));
1303 ni->ni_intval = sp->bintval;
1304 ni->ni_capinfo = sp->capinfo;
1305 ni->ni_chan = ni->ni_ic->ic_curchan;
1306 ni->ni_fhdwell = sp->fhdwell;
1307 ni->ni_fhindex = sp->fhindex;
1308 ni->ni_erp = sp->erp;
1309 ni->ni_timoff = sp->timoff;
1310
1311 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) {
1312 ieee80211_ies_expand(&ni->ni_ies);
1313 if (ni->ni_ies.ath_ie != NULL)
1314 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie);
1315 }
1316
1317 /* NB: must be after ni_chan is setup */
1318 ieee80211_setup_rates(ni, sp->rates, sp->xrates,
1319 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE |
1320 IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
1321}
1322
1323/*
1324 * Do node discovery in adhoc mode on receipt of a beacon
1325 * or probe response frame. Note that for the driver's
1326 * benefit we we treat this like an association so the
1327 * driver has an opportunity to setup it's private state.
1328 */
1329struct ieee80211_node *
1330ieee80211_add_neighbor(struct ieee80211vap *vap,
1331 const struct ieee80211_frame *wh,
1332 const struct ieee80211_scanparams *sp)
1333{
1334 struct ieee80211_node *ni;
1335
1336 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1337 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2));
1338 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */
1339 if (ni != NULL) {
1340 struct ieee80211com *ic = vap->iv_ic;
1341
1342 ieee80211_init_neighbor(ni, wh, sp);
1343 node_setuptxparms(ni);
1344 if (ic->ic_newassoc != NULL)
1345 ic->ic_newassoc(ni, 1);
1346 /* XXX not right for 802.1x/WPA */
1347 ieee80211_node_authorize(ni);
1348 }
1349 return ni;
1350}
1351
1352#define IS_CTL(wh) \
1353 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL)
1354#define IS_PSPOLL(wh) \
1355 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL)
1356#define IS_BAR(wh) \
1357 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_BAR)
1358#define IS_PROBEREQ(wh) \
1359 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) \
1360 == (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ))
1361#define IS_BCAST_PROBEREQ(wh) \
1362 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \
1363 ((const struct ieee80211_frame *)(wh))->i_addr3))
1364
1365static __inline struct ieee80211_node *
1366_find_rxnode(struct ieee80211_node_table *nt,
1367 const struct ieee80211_frame_min *wh)
1368{
1369 /* XXX 4-address frames? */
1370 if (IS_CTL(wh) && !IS_PSPOLL(wh) && !IS_BAR(wh) /*&& !IS_RTS(ah)*/)
1371 return ieee80211_find_node_locked(nt, wh->i_addr1);
1372 if (IS_BCAST_PROBEREQ(wh))
1373 return NULL; /* spam bcast probe req to all vap's */
1374 return ieee80211_find_node_locked(nt, wh->i_addr2);
1375}
1376
1377/*
1378 * Locate the node for sender, track state, and then pass the
1379 * (referenced) node up to the 802.11 layer for its use. Note
1380 * we can return NULL if the sender is not in the table.
1381 */
1382struct ieee80211_node *
1383#ifdef IEEE80211_DEBUG_REFCNT
1384ieee80211_find_rxnode_debug(struct ieee80211com *ic,
1385 const struct ieee80211_frame_min *wh, const char *func, int line)
1386#else
1387ieee80211_find_rxnode(struct ieee80211com *ic,
1388 const struct ieee80211_frame_min *wh)
1389#endif
1390{
1391 struct ieee80211_node_table *nt;
1392 struct ieee80211_node *ni;
1393
1394 nt = &ic->ic_sta;
1395 IEEE80211_NODE_LOCK(nt);
1396 ni = _find_rxnode(nt, wh);
1397 IEEE80211_NODE_UNLOCK(nt);
1398
1399 return ni;
1400}
1401
1402/*
1403 * Like ieee80211_find_rxnode but use the supplied h/w
1404 * key index as a hint to locate the node in the key
1405 * mapping table. If an entry is present at the key
1406 * index we return it; otherwise do a normal lookup and
1407 * update the mapping table if the station has a unicast
1408 * key assigned to it.
1409 */
1410struct ieee80211_node *
1411#ifdef IEEE80211_DEBUG_REFCNT
1412ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic,
1413 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix,
1414 const char *func, int line)
1415#else
1416ieee80211_find_rxnode_withkey(struct ieee80211com *ic,
1417 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix)
1418#endif
1419{
1420 struct ieee80211_node_table *nt;
1421 struct ieee80211_node *ni;
1422
1423 nt = &ic->ic_sta;
1424 IEEE80211_NODE_LOCK(nt);
1425 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax)
1426 ni = nt->nt_keyixmap[keyix];
1427 else
1428 ni = NULL;
1429 if (ni == NULL) {
1430 ni = _find_rxnode(nt, wh);
1431 if (ni != NULL && nt->nt_keyixmap != NULL) {
1432 /*
1433 * If the station has a unicast key cache slot
1434 * assigned update the key->node mapping table.
1435 */
1436 keyix = ni->ni_ucastkey.wk_rxkeyix;
1437 /* XXX can keyixmap[keyix] != NULL? */
1438 if (keyix < nt->nt_keyixmax &&
1439 nt->nt_keyixmap[keyix] == NULL) {
1440 IEEE80211_DPRINTF(ni->ni_vap,
1441 IEEE80211_MSG_NODE,
1442 "%s: add key map entry %p<%s> refcnt %d\n",
1443 __func__, ni, ether_sprintf(ni->ni_macaddr),
1444 ieee80211_node_refcnt(ni)+1);
1445 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni);
1446 }
1447 }
1448 } else {
1449 if (IS_BCAST_PROBEREQ(wh))
1450 ni = NULL; /* spam bcast probe req to all vap's */
1451 else
1452 ieee80211_ref_node(ni);
1453 }
1454 IEEE80211_NODE_UNLOCK(nt);
1455
1456 return ni;
1457}
1458#undef IS_BCAST_PROBEREQ
1459#undef IS_PROBEREQ
1460#undef IS_BAR
1461#undef IS_PSPOLL
1462#undef IS_CTL
1463
1464/*
1465 * Return a reference to the appropriate node for sending
1466 * a data frame. This handles node discovery in adhoc networks.
1467 */
1468struct ieee80211_node *
1469#ifdef IEEE80211_DEBUG_REFCNT
1470ieee80211_find_txnode_debug(struct ieee80211vap *vap,
1471 const uint8_t macaddr[IEEE80211_ADDR_LEN],
1472 const char *func, int line)
1473#else
1474ieee80211_find_txnode(struct ieee80211vap *vap,
1475 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1476#endif
1477{
1478 struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta;
1479 struct ieee80211_node *ni;
1480
1481 /*
1482 * The destination address should be in the node table
1483 * unless this is a multicast/broadcast frame. We can
1484 * also optimize station mode operation, all frames go
1485 * to the bss node.
1486 */
1487 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */
1488 IEEE80211_NODE_LOCK(nt);
1489 if (vap->iv_opmode == IEEE80211_M_STA ||
1490 vap->iv_opmode == IEEE80211_M_WDS ||
1491 IEEE80211_IS_MULTICAST(macaddr))
1492 ni = ieee80211_ref_node(vap->iv_bss);
1493 else {
1494 ni = ieee80211_find_node_locked(nt, macaddr);
1495 if (vap->iv_opmode == IEEE80211_M_HOSTAP &&
1496 (ni != NULL && ni->ni_associd == 0)) {
1497 /*
1498 * Station is not associated; don't permit the
1499 * data frame to be sent by returning NULL. This
1500 * is kinda a kludge but the least intrusive way
1501 * to add this check into all drivers.
1502 */
1503 ieee80211_unref_node(&ni); /* NB: null's ni */
1504 }
1505 }
1506 IEEE80211_NODE_UNLOCK(nt);
1507
1508 if (ni == NULL) {
1509 if (vap->iv_opmode == IEEE80211_M_IBSS ||
1510 vap->iv_opmode == IEEE80211_M_AHDEMO) {
1511 /*
1512 * In adhoc mode cons up a node for the destination.
1513 * Note that we need an additional reference for the
1514 * caller to be consistent with
1515 * ieee80211_find_node_locked.
1516 */
1517 ni = ieee80211_fakeup_adhoc_node(vap, macaddr);
1518 if (ni != NULL)
1519 (void) ieee80211_ref_node(ni);
1520 } else {
1521 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr,
1522 "no node, discard frame (%s)", __func__);
1523 vap->iv_stats.is_tx_nonode++;
1524 }
1525 }
1526 return ni;
1527}
1528
1529static void
1530_ieee80211_free_node(struct ieee80211_node *ni)
1531{
1532 struct ieee80211_node_table *nt = ni->ni_table;
1533
1534 /*
1535 * NB: careful about referencing the vap as it may be
1536 * gone if the last reference was held by a driver.
1537 * We know the com will always be present so it's safe
1538 * to use ni_ic below to reclaim resources.
1539 */
1540#if 0
1541 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1542 "%s %p<%s> in %s table\n", __func__, ni,
1543 ether_sprintf(ni->ni_macaddr),
1544 nt != NULL ? nt->nt_name : "<gone>");
1545#endif
1546 if (ni->ni_associd != 0) {
1547 struct ieee80211vap *vap = ni->ni_vap;
1548 if (vap->iv_aid_bitmap != NULL)
1549 IEEE80211_AID_CLR(vap, ni->ni_associd);
1550 }
1551 if (nt != NULL) {
1552 TAILQ_REMOVE(&nt->nt_node, ni, ni_list);
1553 LIST_REMOVE(ni, ni_hash);
1554 }
1555 ni->ni_ic->ic_node_free(ni);
1556}
1557
1558void
1559#ifdef IEEE80211_DEBUG_REFCNT
1560ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line)
1561#else
1562ieee80211_free_node(struct ieee80211_node *ni)
1563#endif
1564{
1565 struct ieee80211_node_table *nt = ni->ni_table;
1566
1567#ifdef IEEE80211_DEBUG_REFCNT
1568 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1569 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni,
1570 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1);
1571#endif
1572 if (nt != NULL) {
1573 IEEE80211_NODE_LOCK(nt);
1574 if (ieee80211_node_dectestref(ni)) {
1575 /*
1576 * Last reference, reclaim state.
1577 */
1578 _ieee80211_free_node(ni);
1579 } else if (ieee80211_node_refcnt(ni) == 1 &&
1580 nt->nt_keyixmap != NULL) {
1581 ieee80211_keyix keyix;
1582 /*
1583 * Check for a last reference in the key mapping table.
1584 */
1585 keyix = ni->ni_ucastkey.wk_rxkeyix;
1586 if (keyix < nt->nt_keyixmax &&
1587 nt->nt_keyixmap[keyix] == ni) {
1588 IEEE80211_DPRINTF(ni->ni_vap,
1589 IEEE80211_MSG_NODE,
1590 "%s: %p<%s> clear key map entry", __func__,
1591 ni, ether_sprintf(ni->ni_macaddr));
1592 nt->nt_keyixmap[keyix] = NULL;
1593 ieee80211_node_decref(ni); /* XXX needed? */
1594 _ieee80211_free_node(ni);
1595 }
1596 }
1597 IEEE80211_NODE_UNLOCK(nt);
1598 } else {
1599 if (ieee80211_node_dectestref(ni))
1600 _ieee80211_free_node(ni);
1601 }
1602}
1603
1604/*
1605 * Reclaim a unicast key and clear any key cache state.
1606 */
1607int
1608ieee80211_node_delucastkey(struct ieee80211_node *ni)
1609{
1610 struct ieee80211com *ic = ni->ni_ic;
1611 struct ieee80211_node_table *nt = &ic->ic_sta;
1612 struct ieee80211_node *nikey;
1613 ieee80211_keyix keyix;
1614 int isowned, status;
1615
1616 /*
1617 * NB: We must beware of LOR here; deleting the key
1618 * can cause the crypto layer to block traffic updates
1619 * which can generate a LOR against the node table lock;
1620 * grab it here and stash the key index for our use below.
1621 *
1622 * Must also beware of recursion on the node table lock.
1623 * When called from node_cleanup we may already have
1624 * the node table lock held. Unfortunately there's no
1625 * way to separate out this path so we must do this
1626 * conditionally.
1627 */
1628 isowned = IEEE80211_NODE_IS_LOCKED(nt);
1629 if (!isowned)
1630 IEEE80211_NODE_LOCK(nt);
1631 nikey = NULL;
1632 status = 1; /* NB: success */
1633 if (!IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
1634 keyix = ni->ni_ucastkey.wk_rxkeyix;
1635 status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey);
1636 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) {
1637 nikey = nt->nt_keyixmap[keyix];
1638 nt->nt_keyixmap[keyix] = NULL;;
1639 }
1640 }
1641 if (!isowned)
1642 IEEE80211_NODE_UNLOCK(nt);
1643
1644 if (nikey != NULL) {
1645 KASSERT(nikey == ni,
1646 ("key map out of sync, ni %p nikey %p", ni, nikey));
1647 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1648 "%s: delete key map entry %p<%s> refcnt %d\n",
1649 __func__, ni, ether_sprintf(ni->ni_macaddr),
1650 ieee80211_node_refcnt(ni)-1);
1651 ieee80211_free_node(ni);
1652 }
1653 return status;
1654}
1655
1656/*
1657 * Reclaim a node. If this is the last reference count then
1658 * do the normal free work. Otherwise remove it from the node
1659 * table and mark it gone by clearing the back-reference.
1660 */
1661static void
1662node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni)
1663{
1664 ieee80211_keyix keyix;
1665
1666 IEEE80211_NODE_LOCK_ASSERT(nt);
1667
1668 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1669 "%s: remove %p<%s> from %s table, refcnt %d\n",
1670 __func__, ni, ether_sprintf(ni->ni_macaddr),
1671 nt->nt_name, ieee80211_node_refcnt(ni)-1);
1672 /*
1673 * Clear any entry in the unicast key mapping table.
1674 * We need to do it here so rx lookups don't find it
1675 * in the mapping table even if it's not in the hash
1676 * table. We cannot depend on the mapping table entry
1677 * being cleared because the node may not be free'd.
1678 */
1679 keyix = ni->ni_ucastkey.wk_rxkeyix;
1680 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax &&
1681 nt->nt_keyixmap[keyix] == ni) {
1682 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1683 "%s: %p<%s> clear key map entry\n",
1684 __func__, ni, ether_sprintf(ni->ni_macaddr));
1685 nt->nt_keyixmap[keyix] = NULL;
1686 ieee80211_node_decref(ni); /* NB: don't need free */
1687 }
1688 if (!ieee80211_node_dectestref(ni)) {
1689 /*
1690 * Other references are present, just remove the
1691 * node from the table so it cannot be found. When
1692 * the references are dropped storage will be
1693 * reclaimed.
1694 */
1695 TAILQ_REMOVE(&nt->nt_node, ni, ni_list);
1696 LIST_REMOVE(ni, ni_hash);
1697 ni->ni_table = NULL; /* clear reference */
1698 } else
1699 _ieee80211_free_node(ni);
1700}
1701
1702/*
1703 * Reclaim a (bss) node. Decrement the refcnt and reclaim
1704 * the node if the only other reference to it is in the sta
1705 * table. This is effectively ieee80211_free_node followed
1706 * by node_reclaim when the refcnt is 1 (after the free).
1707 */
1708static void
1709ieee80211_node_reclaim(struct ieee80211_node *ni)
1710{
1711 struct ieee80211_node_table *nt = ni->ni_table;
1712
1713 KASSERT(nt != NULL, ("reclaim node not in table"));
1714
1715#ifdef IEEE80211_DEBUG_REFCNT
1716 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1717 "%s %p<%s> refcnt %d\n", __func__, ni,
1718 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1);
1719#endif
1720 IEEE80211_NODE_LOCK(nt);
1721 if (ieee80211_node_dectestref(ni)) {
1722 /*
1723 * Last reference, reclaim state.
1724 */
1725 _ieee80211_free_node(ni);
1726 nt = NULL;
1727 } else if (ieee80211_node_refcnt(ni) == 1 &&
1728 nt->nt_keyixmap != NULL) {
1729 ieee80211_keyix keyix;
1730 /*
1731 * Check for a last reference in the key mapping table.
1732 */
1733 keyix = ni->ni_ucastkey.wk_rxkeyix;
1734 if (keyix < nt->nt_keyixmax &&
1735 nt->nt_keyixmap[keyix] == ni) {
1736 IEEE80211_DPRINTF(ni->ni_vap,
1737 IEEE80211_MSG_NODE,
1738 "%s: %p<%s> clear key map entry", __func__,
1739 ni, ether_sprintf(ni->ni_macaddr));
1740 nt->nt_keyixmap[keyix] = NULL;
1741 ieee80211_node_decref(ni); /* XXX needed? */
1742 _ieee80211_free_node(ni);
1743 nt = NULL;
1744 }
1745 }
1746 if (nt != NULL && ieee80211_node_refcnt(ni) == 1) {
1747 /*
1748 * Last reference is in the sta table; complete
1749 * the reclaim. This handles bss nodes being
1750 * recycled: the node has two references, one for
1751 * iv_bss and one for the table. After dropping
1752 * the iv_bss ref above we need to reclaim the sta
1753 * table reference.
1754 */
1755 ieee80211_node_decref(ni); /* NB: be pendantic */
1756 _ieee80211_free_node(ni);
1757 }
1758 IEEE80211_NODE_UNLOCK(nt);
1759}
1760
1761/*
1762 * Node table support.
1763 */
1764
1765static void
1766ieee80211_node_table_init(struct ieee80211com *ic,
1767 struct ieee80211_node_table *nt,
1768 const char *name, int inact, int keyixmax)
1769{
1770 struct ifnet *ifp = ic->ic_ifp;
1771
1772 nt->nt_ic = ic;
1773 IEEE80211_NODE_LOCK_INIT(nt, ifp->if_xname);
1774 IEEE80211_NODE_ITERATE_LOCK_INIT(nt, ifp->if_xname);
1775 TAILQ_INIT(&nt->nt_node);
1776 nt->nt_name = name;
1777 nt->nt_scangen = 1;
1778 nt->nt_inact_init = inact;
1779 nt->nt_keyixmax = keyixmax;
1780 if (nt->nt_keyixmax > 0) {
|
1780 nt->nt_keyixmap = malloc( keyixmax * sizeof(struct ieee80211_node *),
| 1781 MALLOC(nt->nt_keyixmap, struct ieee80211_node **,
1782 keyixmax * sizeof(struct ieee80211_node *),
|
1781 M_80211_NODE, M_NOWAIT | M_ZERO);
1782 if (nt->nt_keyixmap == NULL)
1783 if_printf(ic->ic_ifp,
1784 "Cannot allocate key index map with %u entries\n",
1785 keyixmax);
1786 } else
1787 nt->nt_keyixmap = NULL;
1788}
1789
1790static void
1791ieee80211_node_table_reset(struct ieee80211_node_table *nt,
1792 struct ieee80211vap *match)
1793{
1794 struct ieee80211_node *ni, *next;
1795
1796 IEEE80211_NODE_LOCK(nt);
1797 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) {
1798 if (match != NULL && ni->ni_vap != match)
1799 continue;
1800 /* XXX can this happen? if so need's work */
1801 if (ni->ni_associd != 0) {
1802 struct ieee80211vap *vap = ni->ni_vap;
1803
1804 if (vap->iv_auth->ia_node_leave != NULL)
1805 vap->iv_auth->ia_node_leave(ni);
1806 if (vap->iv_aid_bitmap != NULL)
1807 IEEE80211_AID_CLR(vap, ni->ni_associd);
1808 }
1809 ni->ni_wdsvap = NULL; /* clear reference */
1810 node_reclaim(nt, ni);
1811 }
1812 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) {
1813 /*
1814 * Make a separate pass to clear references to this vap
1815 * held by DWDS entries. They will not be matched above
1816 * because ni_vap will point to the ap vap but we still
1817 * need to clear ni_wdsvap when the WDS vap is destroyed
1818 * and/or reset.
1819 */
1820 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next)
1821 if (ni->ni_wdsvap == match)
1822 ni->ni_wdsvap = NULL;
1823 }
1824 IEEE80211_NODE_UNLOCK(nt);
1825}
1826
1827static void
1828ieee80211_node_table_cleanup(struct ieee80211_node_table *nt)
1829{
1830 ieee80211_node_table_reset(nt, NULL);
1831 if (nt->nt_keyixmap != NULL) {
1832#ifdef DIAGNOSTIC
1833 /* XXX verify all entries are NULL */
1834 int i;
1835 for (i = 0; i < nt->nt_keyixmax; i++)
1836 if (nt->nt_keyixmap[i] != NULL)
1837 printf("%s: %s[%u] still active\n", __func__,
1838 nt->nt_name, i);
1839#endif
| 1783 M_80211_NODE, M_NOWAIT | M_ZERO);
1784 if (nt->nt_keyixmap == NULL)
1785 if_printf(ic->ic_ifp,
1786 "Cannot allocate key index map with %u entries\n",
1787 keyixmax);
1788 } else
1789 nt->nt_keyixmap = NULL;
1790}
1791
1792static void
1793ieee80211_node_table_reset(struct ieee80211_node_table *nt,
1794 struct ieee80211vap *match)
1795{
1796 struct ieee80211_node *ni, *next;
1797
1798 IEEE80211_NODE_LOCK(nt);
1799 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) {
1800 if (match != NULL && ni->ni_vap != match)
1801 continue;
1802 /* XXX can this happen? if so need's work */
1803 if (ni->ni_associd != 0) {
1804 struct ieee80211vap *vap = ni->ni_vap;
1805
1806 if (vap->iv_auth->ia_node_leave != NULL)
1807 vap->iv_auth->ia_node_leave(ni);
1808 if (vap->iv_aid_bitmap != NULL)
1809 IEEE80211_AID_CLR(vap, ni->ni_associd);
1810 }
1811 ni->ni_wdsvap = NULL; /* clear reference */
1812 node_reclaim(nt, ni);
1813 }
1814 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) {
1815 /*
1816 * Make a separate pass to clear references to this vap
1817 * held by DWDS entries. They will not be matched above
1818 * because ni_vap will point to the ap vap but we still
1819 * need to clear ni_wdsvap when the WDS vap is destroyed
1820 * and/or reset.
1821 */
1822 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next)
1823 if (ni->ni_wdsvap == match)
1824 ni->ni_wdsvap = NULL;
1825 }
1826 IEEE80211_NODE_UNLOCK(nt);
1827}
1828
1829static void
1830ieee80211_node_table_cleanup(struct ieee80211_node_table *nt)
1831{
1832 ieee80211_node_table_reset(nt, NULL);
1833 if (nt->nt_keyixmap != NULL) {
1834#ifdef DIAGNOSTIC
1835 /* XXX verify all entries are NULL */
1836 int i;
1837 for (i = 0; i < nt->nt_keyixmax; i++)
1838 if (nt->nt_keyixmap[i] != NULL)
1839 printf("%s: %s[%u] still active\n", __func__,
1840 nt->nt_name, i);
1841#endif
|
1840 free(nt->nt_keyixmap, M_80211_NODE);
| 1842 FREE(nt->nt_keyixmap, M_80211_NODE);
|
1841 nt->nt_keyixmap = NULL;
1842 }
1843 IEEE80211_NODE_ITERATE_LOCK_DESTROY(nt);
1844 IEEE80211_NODE_LOCK_DESTROY(nt);
1845}
1846
1847/*
1848 * Timeout inactive stations and do related housekeeping.
1849 * Note that we cannot hold the node lock while sending a
1850 * frame as this would lead to a LOR. Instead we use a
1851 * generation number to mark nodes that we've scanned and
1852 * drop the lock and restart a scan if we have to time out
1853 * a node. Since we are single-threaded by virtue of
1854 * controlling the inactivity timer we can be sure this will
1855 * process each node only once.
1856 */
1857static void
1858ieee80211_timeout_stations(struct ieee80211com *ic)
1859{
1860 struct ieee80211_node_table *nt = &ic->ic_sta;
1861 struct ieee80211vap *vap;
1862 struct ieee80211_node *ni;
1863 int gen = 0;
1864
1865 IEEE80211_NODE_ITERATE_LOCK(nt);
1866 gen = ++nt->nt_scangen;
1867restart:
1868 IEEE80211_NODE_LOCK(nt);
1869 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
1870 if (ni->ni_scangen == gen) /* previously handled */
1871 continue;
1872 ni->ni_scangen = gen;
1873 /*
1874 * Ignore entries for which have yet to receive an
1875 * authentication frame. These are transient and
1876 * will be reclaimed when the last reference to them
1877 * goes away (when frame xmits complete).
1878 */
1879 vap = ni->ni_vap;
1880 /*
1881 * Only process stations when in RUN state. This
1882 * insures, for example, that we don't timeout an
1883 * inactive station during CAC. Note that CSA state
1884 * is actually handled in ieee80211_node_timeout as
1885 * it applies to more than timeout processing.
1886 */
1887 if (vap->iv_state != IEEE80211_S_RUN)
1888 continue;
1889 /* XXX can vap be NULL? */
1890 if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
1891 vap->iv_opmode == IEEE80211_M_STA) &&
1892 (ni->ni_flags & IEEE80211_NODE_AREF) == 0)
1893 continue;
1894 /*
1895 * Free fragment if not needed anymore
1896 * (last fragment older than 1s).
1897 * XXX doesn't belong here, move to node_age
1898 */
1899 if (ni->ni_rxfrag[0] != NULL &&
1900 ticks > ni->ni_rxfragstamp + hz) {
1901 m_freem(ni->ni_rxfrag[0]);
1902 ni->ni_rxfrag[0] = NULL;
1903 }
1904 if (ni->ni_inact > 0)
1905 ni->ni_inact--;
1906 /*
1907 * Special case ourself; we may be idle for extended periods
1908 * of time and regardless reclaiming our state is wrong.
1909 * XXX run ic_node_age
1910 */
1911 if (ni == vap->iv_bss)
1912 continue;
1913 if (ni->ni_associd != 0 ||
1914 (vap->iv_opmode == IEEE80211_M_IBSS ||
1915 vap->iv_opmode == IEEE80211_M_AHDEMO)) {
1916 /*
1917 * Age/drain resources held by the station.
1918 */
1919 ic->ic_node_age(ni);
1920 /*
1921 * Probe the station before time it out. We
1922 * send a null data frame which may not be
1923 * universally supported by drivers (need it
1924 * for ps-poll support so it should be...).
1925 *
1926 * XXX don't probe the station unless we've
1927 * received a frame from them (and have
1928 * some idea of the rates they are capable
1929 * of); this will get fixed more properly
1930 * soon with better handling of the rate set.
1931 */
1932 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) &&
1933 (0 < ni->ni_inact &&
1934 ni->ni_inact <= vap->iv_inact_probe) &&
1935 ni->ni_rates.rs_nrates != 0) {
1936 IEEE80211_NOTE(vap,
1937 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE,
1938 ni, "%s",
1939 "probe station due to inactivity");
1940 /*
1941 * Grab a reference before unlocking the table
1942 * so the node cannot be reclaimed before we
1943 * send the frame. ieee80211_send_nulldata
1944 * understands we've done this and reclaims the
1945 * ref for us as needed.
1946 */
1947 ieee80211_ref_node(ni);
1948 IEEE80211_NODE_UNLOCK(nt);
1949 ieee80211_send_nulldata(ni);
1950 /* XXX stat? */
1951 goto restart;
1952 }
1953 }
1954 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) &&
1955 ni->ni_inact <= 0) {
1956 IEEE80211_NOTE(vap,
1957 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni,
1958 "station timed out due to inactivity "
1959 "(refcnt %u)", ieee80211_node_refcnt(ni));
1960 /*
1961 * Send a deauthenticate frame and drop the station.
1962 * This is somewhat complicated due to reference counts
1963 * and locking. At this point a station will typically
1964 * have a reference count of 1. ieee80211_node_leave
1965 * will do a "free" of the node which will drop the
1966 * reference count. But in the meantime a reference
1967 * wil be held by the deauth frame. The actual reclaim
1968 * of the node will happen either after the tx is
1969 * completed or by ieee80211_node_leave.
1970 *
1971 * Separately we must drop the node lock before sending
1972 * in case the driver takes a lock, as this can result
1973 * in a LOR between the node lock and the driver lock.
1974 */
1975 ieee80211_ref_node(ni);
1976 IEEE80211_NODE_UNLOCK(nt);
1977 if (ni->ni_associd != 0) {
1978 IEEE80211_SEND_MGMT(ni,
1979 IEEE80211_FC0_SUBTYPE_DEAUTH,
1980 IEEE80211_REASON_AUTH_EXPIRE);
1981 }
1982 ieee80211_node_leave(ni);
1983 ieee80211_free_node(ni);
1984 vap->iv_stats.is_node_timeout++;
1985 goto restart;
1986 }
1987 }
1988 IEEE80211_NODE_UNLOCK(nt);
1989
1990 IEEE80211_NODE_ITERATE_UNLOCK(nt);
1991}
1992
1993/*
1994 * Aggressively reclaim resources. This should be used
1995 * only in a critical situation to reclaim mbuf resources.
1996 */
1997void
1998ieee80211_drain(struct ieee80211com *ic)
1999{
2000 struct ieee80211_node_table *nt = &ic->ic_sta;
2001 struct ieee80211vap *vap;
2002 struct ieee80211_node *ni;
2003
2004 IEEE80211_NODE_LOCK(nt);
2005 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
2006 /*
2007 * Ignore entries for which have yet to receive an
2008 * authentication frame. These are transient and
2009 * will be reclaimed when the last reference to them
2010 * goes away (when frame xmits complete).
2011 */
2012 vap = ni->ni_vap;
2013 /*
2014 * Only process stations when in RUN state. This
2015 * insures, for example, that we don't timeout an
2016 * inactive station during CAC. Note that CSA state
2017 * is actually handled in ieee80211_node_timeout as
2018 * it applies to more than timeout processing.
2019 */
2020 if (vap->iv_state != IEEE80211_S_RUN)
2021 continue;
2022 /* XXX can vap be NULL? */
2023 if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
2024 vap->iv_opmode == IEEE80211_M_STA) &&
2025 (ni->ni_flags & IEEE80211_NODE_AREF) == 0)
2026 continue;
2027 /*
2028 * Free fragments.
2029 * XXX doesn't belong here, move to node_drain
2030 */
2031 if (ni->ni_rxfrag[0] != NULL) {
2032 m_freem(ni->ni_rxfrag[0]);
2033 ni->ni_rxfrag[0] = NULL;
2034 }
2035 /*
2036 * Drain resources held by the station.
2037 */
2038 ic->ic_node_drain(ni);
2039 }
2040 IEEE80211_NODE_UNLOCK(nt);
2041}
2042
2043/*
2044 * Per-ieee80211com inactivity timer callback.
2045 */
2046void
2047ieee80211_node_timeout(void *arg)
2048{
2049 struct ieee80211com *ic = arg;
2050
2051 /*
2052 * Defer timeout processing if a channel switch is pending.
2053 * We typically need to be mute so not doing things that
2054 * might generate frames is good to handle in one place.
2055 * Supressing the station timeout processing may extend the
2056 * lifetime of inactive stations (by not decrementing their
2057 * idle counters) but this should be ok unless the CSA is
2058 * active for an unusually long time.
2059 */
2060 if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) {
2061 ieee80211_scan_timeout(ic);
2062 ieee80211_timeout_stations(ic);
2063
2064 IEEE80211_LOCK(ic);
2065 ieee80211_erp_timeout(ic);
2066 ieee80211_ht_timeout(ic);
2067 IEEE80211_UNLOCK(ic);
2068 }
2069 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz,
2070 ieee80211_node_timeout, ic);
2071}
2072
2073void
2074ieee80211_iterate_nodes(struct ieee80211_node_table *nt,
2075 ieee80211_iter_func *f, void *arg)
2076{
2077 struct ieee80211_node *ni;
2078 u_int gen;
2079
2080 IEEE80211_NODE_ITERATE_LOCK(nt);
2081 gen = ++nt->nt_scangen;
2082restart:
2083 IEEE80211_NODE_LOCK(nt);
2084 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
2085 if (ni->ni_scangen != gen) {
2086 ni->ni_scangen = gen;
2087 (void) ieee80211_ref_node(ni);
2088 IEEE80211_NODE_UNLOCK(nt);
2089 (*f)(arg, ni);
2090 ieee80211_free_node(ni);
2091 goto restart;
2092 }
2093 }
2094 IEEE80211_NODE_UNLOCK(nt);
2095
2096 IEEE80211_NODE_ITERATE_UNLOCK(nt);
2097}
2098
2099void
2100ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni)
2101{
2102 printf("0x%p: mac %s refcnt %d\n", ni,
2103 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni));
2104 printf("\tscangen %u authmode %u flags 0x%x\n",
2105 ni->ni_scangen, ni->ni_authmode, ni->ni_flags);
2106 printf("\tassocid 0x%x txpower %u vlan %u\n",
2107 ni->ni_associd, ni->ni_txpower, ni->ni_vlan);
2108 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n",
2109 ni->ni_txseqs[IEEE80211_NONQOS_TID],
2110 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT,
2111 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK,
2112 ni->ni_rxfragstamp);
2113 printf("\trstamp %u rssi %d noise %d intval %u capinfo 0x%x\n",
2114 ni->ni_rstamp, node_getrssi(ni), ni->ni_noise,
2115 ni->ni_intval, ni->ni_capinfo);
2116 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n",
2117 ether_sprintf(ni->ni_bssid),
2118 ni->ni_esslen, ni->ni_essid,
2119 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags);
2120 printf("\tinact %u txrate %u\n",
2121 ni->ni_inact, ni->ni_txrate);
2122 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n",
2123 ni->ni_htcap, ni->ni_htparam,
2124 ni->ni_htctlchan, ni->ni_ht2ndchan);
2125 printf("\thtopmode %x htstbc %x chw %u\n",
2126 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw);
2127}
2128
2129void
2130ieee80211_dump_nodes(struct ieee80211_node_table *nt)
2131{
2132 ieee80211_iterate_nodes(nt,
2133 (ieee80211_iter_func *) ieee80211_dump_node, nt);
2134}
2135
2136static void
2137ieee80211_notify_erp_locked(struct ieee80211com *ic)
2138{
2139 struct ieee80211vap *vap;
2140
2141 IEEE80211_LOCK_ASSERT(ic);
2142
2143 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
2144 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2145 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP);
2146}
2147
2148void
2149ieee80211_notify_erp(struct ieee80211com *ic)
2150{
2151 IEEE80211_LOCK(ic);
2152 ieee80211_notify_erp_locked(ic);
2153 IEEE80211_UNLOCK(ic);
2154}
2155
2156/*
2157 * Handle a station joining an 11g network.
2158 */
2159static void
2160ieee80211_node_join_11g(struct ieee80211_node *ni)
2161{
2162 struct ieee80211com *ic = ni->ni_ic;
2163
2164 IEEE80211_LOCK_ASSERT(ic);
2165
2166 /*
2167 * Station isn't capable of short slot time. Bump
2168 * the count of long slot time stations and disable
2169 * use of short slot time. Note that the actual switch
2170 * over to long slot time use may not occur until the
2171 * next beacon transmission (per sec. 7.3.1.4 of 11g).
2172 */
2173 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) {
2174 ic->ic_longslotsta++;
2175 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2176 "station needs long slot time, count %d",
2177 ic->ic_longslotsta);
2178 /* XXX vap's w/ conflicting needs won't work */
2179 if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) {
2180 /*
2181 * Don't force slot time when switched to turbo
2182 * mode as non-ERP stations won't be present; this
2183 * need only be done when on the normal G channel.
2184 */
2185 ieee80211_set_shortslottime(ic, 0);
2186 }
2187 }
2188 /*
2189 * If the new station is not an ERP station
2190 * then bump the counter and enable protection
2191 * if configured.
2192 */
2193 if (!ieee80211_iserp_rateset(&ni->ni_rates)) {
2194 ic->ic_nonerpsta++;
2195 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2196 "station is !ERP, %d non-ERP stations associated",
2197 ic->ic_nonerpsta);
2198 /*
2199 * If station does not support short preamble
2200 * then we must enable use of Barker preamble.
2201 */
2202 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) {
2203 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2204 "%s", "station needs long preamble");
2205 ic->ic_flags |= IEEE80211_F_USEBARKER;
2206 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE;
2207 }
2208 /*
2209 * If protection is configured and this is the first
2210 * indication we should use protection, enable it.
2211 */
2212 if (ic->ic_protmode != IEEE80211_PROT_NONE &&
2213 ic->ic_nonerpsta == 1 &&
2214 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) {
2215 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC,
2216 "%s: enable use of protection\n", __func__);
2217 ic->ic_flags |= IEEE80211_F_USEPROT;
2218 ieee80211_notify_erp_locked(ic);
2219 }
2220 } else
2221 ni->ni_flags |= IEEE80211_NODE_ERP;
2222}
2223
2224void
2225ieee80211_node_join(struct ieee80211_node *ni, int resp)
2226{
2227 struct ieee80211com *ic = ni->ni_ic;
2228 struct ieee80211vap *vap = ni->ni_vap;
2229 int newassoc;
2230
2231 if (ni->ni_associd == 0) {
2232 uint16_t aid;
2233
2234 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap"));
2235 /*
2236 * It would be good to search the bitmap
2237 * more efficiently, but this will do for now.
2238 */
2239 for (aid = 1; aid < vap->iv_max_aid; aid++) {
2240 if (!IEEE80211_AID_ISSET(vap, aid))
2241 break;
2242 }
2243 if (aid >= vap->iv_max_aid) {
2244 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY);
2245 ieee80211_node_leave(ni);
2246 return;
2247 }
2248 ni->ni_associd = aid | 0xc000;
2249 ni->ni_jointime = time_uptime;
2250 IEEE80211_LOCK(ic);
2251 IEEE80211_AID_SET(vap, ni->ni_associd);
2252 vap->iv_sta_assoc++;
2253 ic->ic_sta_assoc++;
2254
2255 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan))
2256 ieee80211_ht_node_join(ni);
2257 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) &&
2258 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan))
2259 ieee80211_node_join_11g(ni);
2260 IEEE80211_UNLOCK(ic);
2261
2262 newassoc = 1;
2263 } else
2264 newassoc = 0;
2265
2266 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni,
2267 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s%s%s",
2268 IEEE80211_NODE_AID(ni),
2269 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long",
2270 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long",
2271 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "",
2272 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "",
2273 ni->ni_flags & IEEE80211_NODE_HT ?
2274 (ni->ni_chw == 40 ? ", HT40" : ", HT20") : "",
2275 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "",
2276 ni->ni_flags & IEEE80211_NODE_MIMO_RTS ? " (+SMPS-DYN)" :
2277 ni->ni_flags & IEEE80211_NODE_MIMO_PS ? " (+SMPS)" : "",
2278 ni->ni_flags & IEEE80211_NODE_RIFS ? " (+RIFS)" : "",
2279 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ?
2280 ", fast-frames" : "",
2281 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ?
2282 ", turbo" : ""
2283 );
2284
2285 node_setuptxparms(ni);
2286 /* give driver a chance to setup state like ni_txrate */
2287 if (ic->ic_newassoc != NULL)
2288 ic->ic_newassoc(ni, newassoc);
2289 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS);
2290 /* tell the authenticator about new station */
2291 if (vap->iv_auth->ia_node_join != NULL)
2292 vap->iv_auth->ia_node_join(ni);
2293 ieee80211_notify_node_join(ni,
2294 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
2295}
2296
2297static void
2298disable_protection(struct ieee80211com *ic)
2299{
2300 KASSERT(ic->ic_nonerpsta == 0 &&
2301 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0,
2302 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta,
2303 ic->ic_flags_ext));
2304
2305 ic->ic_flags &= ~IEEE80211_F_USEPROT;
2306 /* XXX verify mode? */
2307 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) {
2308 ic->ic_flags |= IEEE80211_F_SHPREAMBLE;
2309 ic->ic_flags &= ~IEEE80211_F_USEBARKER;
2310 }
2311 ieee80211_notify_erp_locked(ic);
2312}
2313
2314/*
2315 * Handle a station leaving an 11g network.
2316 */
2317static void
2318ieee80211_node_leave_11g(struct ieee80211_node *ni)
2319{
2320 struct ieee80211com *ic = ni->ni_ic;
2321
2322 IEEE80211_LOCK_ASSERT(ic);
2323
2324 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan),
2325 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq,
2326 ic->ic_bsschan->ic_flags));
2327
2328 /*
2329 * If a long slot station do the slot time bookkeeping.
2330 */
2331 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) {
2332 KASSERT(ic->ic_longslotsta > 0,
2333 ("bogus long slot station count %d", ic->ic_longslotsta));
2334 ic->ic_longslotsta--;
2335 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2336 "long slot time station leaves, count now %d",
2337 ic->ic_longslotsta);
2338 if (ic->ic_longslotsta == 0) {
2339 /*
2340 * Re-enable use of short slot time if supported
2341 * and not operating in IBSS mode (per spec).
2342 */
2343 if ((ic->ic_caps & IEEE80211_C_SHSLOT) &&
2344 ic->ic_opmode != IEEE80211_M_IBSS) {
2345 IEEE80211_DPRINTF(ni->ni_vap,
2346 IEEE80211_MSG_ASSOC,
2347 "%s: re-enable use of short slot time\n",
2348 __func__);
2349 ieee80211_set_shortslottime(ic, 1);
2350 }
2351 }
2352 }
2353 /*
2354 * If a non-ERP station do the protection-related bookkeeping.
2355 */
2356 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) {
2357 KASSERT(ic->ic_nonerpsta > 0,
2358 ("bogus non-ERP station count %d", ic->ic_nonerpsta));
2359 ic->ic_nonerpsta--;
2360 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2361 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta,
2362 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ?
2363 " (non-ERP sta present)" : "");
2364 if (ic->ic_nonerpsta == 0 &&
2365 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) {
2366 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC,
2367 "%s: disable use of protection\n", __func__);
2368 disable_protection(ic);
2369 }
2370 }
2371}
2372
2373/*
2374 * Time out presence of an overlapping bss with non-ERP
2375 * stations. When operating in hostap mode we listen for
2376 * beacons from other stations and if we identify a non-ERP
2377 * station is present we enable protection. To identify
2378 * when all non-ERP stations are gone we time out this
2379 * condition.
2380 */
2381static void
2382ieee80211_erp_timeout(struct ieee80211com *ic)
2383{
2384
2385 IEEE80211_LOCK_ASSERT(ic);
2386
2387 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) &&
2388 time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) {
2389#if 0
2390 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni,
2391 "%s", "age out non-ERP sta present on channel");
2392#endif
2393 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR;
2394 if (ic->ic_nonerpsta == 0)
2395 disable_protection(ic);
2396 }
2397}
2398
2399/*
2400 * Handle bookkeeping for station deauthentication/disassociation
2401 * when operating as an ap.
2402 */
2403void
2404ieee80211_node_leave(struct ieee80211_node *ni)
2405{
2406 struct ieee80211com *ic = ni->ni_ic;
2407 struct ieee80211vap *vap = ni->ni_vap;
2408 struct ieee80211_node_table *nt = ni->ni_table;
2409
2410 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni,
2411 "station with aid %d leaves", IEEE80211_NODE_AID(ni));
2412
2413 KASSERT(vap->iv_opmode != IEEE80211_M_STA,
2414 ("unexpected operating mode %u", vap->iv_opmode));
2415 /*
2416 * If node wasn't previously associated all
2417 * we need to do is reclaim the reference.
2418 */
2419 /* XXX ibss mode bypasses 11g and notification */
2420 if (ni->ni_associd == 0)
2421 goto done;
2422 /*
2423 * Tell the authenticator the station is leaving.
2424 * Note that we must do this before yanking the
2425 * association id as the authenticator uses the
2426 * associd to locate it's state block.
2427 */
2428 if (vap->iv_auth->ia_node_leave != NULL)
2429 vap->iv_auth->ia_node_leave(ni);
2430
2431 IEEE80211_LOCK(ic);
2432 IEEE80211_AID_CLR(vap, ni->ni_associd);
2433 ni->ni_associd = 0;
2434 vap->iv_sta_assoc--;
2435 ic->ic_sta_assoc--;
2436
2437 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan))
2438 ieee80211_ht_node_leave(ni);
2439 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) &&
2440 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan))
2441 ieee80211_node_leave_11g(ni);
2442 IEEE80211_UNLOCK(ic);
2443 /*
2444 * Cleanup station state. In particular clear various
2445 * state that might otherwise be reused if the node
2446 * is reused before the reference count goes to zero
2447 * (and memory is reclaimed).
2448 */
2449 ieee80211_sta_leave(ni);
2450done:
2451 /*
2452 * Remove the node from any table it's recorded in and
2453 * drop the caller's reference. Removal from the table
2454 * is important to insure the node is not reprocessed
2455 * for inactivity.
2456 */
2457 if (nt != NULL) {
2458 IEEE80211_NODE_LOCK(nt);
2459 node_reclaim(nt, ni);
2460 IEEE80211_NODE_UNLOCK(nt);
2461 } else
2462 ieee80211_free_node(ni);
2463}
2464
2465struct rssiinfo {
2466 struct ieee80211vap *vap;
2467 int rssi_samples;
2468 uint32_t rssi_total;
2469};
2470
2471static void
2472get_hostap_rssi(void *arg, struct ieee80211_node *ni)
2473{
2474 struct rssiinfo *info = arg;
2475 struct ieee80211vap *vap = ni->ni_vap;
2476 int8_t rssi;
2477
2478 if (info->vap != vap)
2479 return;
2480 /* only associated stations */
2481 if (ni->ni_associd == 0)
2482 return;
2483 rssi = vap->iv_ic->ic_node_getrssi(ni);
2484 if (rssi != 0) {
2485 info->rssi_samples++;
2486 info->rssi_total += rssi;
2487 }
2488}
2489
2490static void
2491get_adhoc_rssi(void *arg, struct ieee80211_node *ni)
2492{
2493 struct rssiinfo *info = arg;
2494 struct ieee80211vap *vap = ni->ni_vap;
2495 int8_t rssi;
2496
2497 if (info->vap != vap)
2498 return;
2499 /* only neighbors */
2500 /* XXX check bssid */
2501 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
2502 return;
2503 rssi = vap->iv_ic->ic_node_getrssi(ni);
2504 if (rssi != 0) {
2505 info->rssi_samples++;
2506 info->rssi_total += rssi;
2507 }
2508}
2509
2510int8_t
2511ieee80211_getrssi(struct ieee80211vap *vap)
2512{
2513#define NZ(x) ((x) == 0 ? 1 : (x))
2514 struct ieee80211com *ic = vap->iv_ic;
2515 struct rssiinfo info;
2516
2517 info.rssi_total = 0;
2518 info.rssi_samples = 0;
2519 info.vap = vap;
2520 switch (vap->iv_opmode) {
2521 case IEEE80211_M_IBSS: /* average of all ibss neighbors */
2522 case IEEE80211_M_AHDEMO: /* average of all neighbors */
2523 ieee80211_iterate_nodes(&ic->ic_sta, get_adhoc_rssi, &info);
2524 break;
2525 case IEEE80211_M_HOSTAP: /* average of all associated stations */
2526 ieee80211_iterate_nodes(&ic->ic_sta, get_hostap_rssi, &info);
2527 break;
2528 case IEEE80211_M_MONITOR: /* XXX */
2529 case IEEE80211_M_STA: /* use stats from associated ap */
2530 default:
2531 if (vap->iv_bss != NULL)
2532 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss);
2533 info.rssi_samples = 1;
2534 break;
2535 }
2536 return info.rssi_total / NZ(info.rssi_samples);
2537#undef NZ
2538}
2539
2540void
2541ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise)
2542{
2543
2544 if (vap->iv_bss == NULL) /* NB: shouldn't happen */
2545 return;
2546 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise);
2547 /* for non-station mode return avg'd rssi accounting */
2548 if (vap->iv_opmode != IEEE80211_M_STA)
2549 *rssi = ieee80211_getrssi(vap);
2550}
| 1843 nt->nt_keyixmap = NULL;
1844 }
1845 IEEE80211_NODE_ITERATE_LOCK_DESTROY(nt);
1846 IEEE80211_NODE_LOCK_DESTROY(nt);
1847}
1848
1849/*
1850 * Timeout inactive stations and do related housekeeping.
1851 * Note that we cannot hold the node lock while sending a
1852 * frame as this would lead to a LOR. Instead we use a
1853 * generation number to mark nodes that we've scanned and
1854 * drop the lock and restart a scan if we have to time out
1855 * a node. Since we are single-threaded by virtue of
1856 * controlling the inactivity timer we can be sure this will
1857 * process each node only once.
1858 */
1859static void
1860ieee80211_timeout_stations(struct ieee80211com *ic)
1861{
1862 struct ieee80211_node_table *nt = &ic->ic_sta;
1863 struct ieee80211vap *vap;
1864 struct ieee80211_node *ni;
1865 int gen = 0;
1866
1867 IEEE80211_NODE_ITERATE_LOCK(nt);
1868 gen = ++nt->nt_scangen;
1869restart:
1870 IEEE80211_NODE_LOCK(nt);
1871 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
1872 if (ni->ni_scangen == gen) /* previously handled */
1873 continue;
1874 ni->ni_scangen = gen;
1875 /*
1876 * Ignore entries for which have yet to receive an
1877 * authentication frame. These are transient and
1878 * will be reclaimed when the last reference to them
1879 * goes away (when frame xmits complete).
1880 */
1881 vap = ni->ni_vap;
1882 /*
1883 * Only process stations when in RUN state. This
1884 * insures, for example, that we don't timeout an
1885 * inactive station during CAC. Note that CSA state
1886 * is actually handled in ieee80211_node_timeout as
1887 * it applies to more than timeout processing.
1888 */
1889 if (vap->iv_state != IEEE80211_S_RUN)
1890 continue;
1891 /* XXX can vap be NULL? */
1892 if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
1893 vap->iv_opmode == IEEE80211_M_STA) &&
1894 (ni->ni_flags & IEEE80211_NODE_AREF) == 0)
1895 continue;
1896 /*
1897 * Free fragment if not needed anymore
1898 * (last fragment older than 1s).
1899 * XXX doesn't belong here, move to node_age
1900 */
1901 if (ni->ni_rxfrag[0] != NULL &&
1902 ticks > ni->ni_rxfragstamp + hz) {
1903 m_freem(ni->ni_rxfrag[0]);
1904 ni->ni_rxfrag[0] = NULL;
1905 }
1906 if (ni->ni_inact > 0)
1907 ni->ni_inact--;
1908 /*
1909 * Special case ourself; we may be idle for extended periods
1910 * of time and regardless reclaiming our state is wrong.
1911 * XXX run ic_node_age
1912 */
1913 if (ni == vap->iv_bss)
1914 continue;
1915 if (ni->ni_associd != 0 ||
1916 (vap->iv_opmode == IEEE80211_M_IBSS ||
1917 vap->iv_opmode == IEEE80211_M_AHDEMO)) {
1918 /*
1919 * Age/drain resources held by the station.
1920 */
1921 ic->ic_node_age(ni);
1922 /*
1923 * Probe the station before time it out. We
1924 * send a null data frame which may not be
1925 * universally supported by drivers (need it
1926 * for ps-poll support so it should be...).
1927 *
1928 * XXX don't probe the station unless we've
1929 * received a frame from them (and have
1930 * some idea of the rates they are capable
1931 * of); this will get fixed more properly
1932 * soon with better handling of the rate set.
1933 */
1934 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) &&
1935 (0 < ni->ni_inact &&
1936 ni->ni_inact <= vap->iv_inact_probe) &&
1937 ni->ni_rates.rs_nrates != 0) {
1938 IEEE80211_NOTE(vap,
1939 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE,
1940 ni, "%s",
1941 "probe station due to inactivity");
1942 /*
1943 * Grab a reference before unlocking the table
1944 * so the node cannot be reclaimed before we
1945 * send the frame. ieee80211_send_nulldata
1946 * understands we've done this and reclaims the
1947 * ref for us as needed.
1948 */
1949 ieee80211_ref_node(ni);
1950 IEEE80211_NODE_UNLOCK(nt);
1951 ieee80211_send_nulldata(ni);
1952 /* XXX stat? */
1953 goto restart;
1954 }
1955 }
1956 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) &&
1957 ni->ni_inact <= 0) {
1958 IEEE80211_NOTE(vap,
1959 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni,
1960 "station timed out due to inactivity "
1961 "(refcnt %u)", ieee80211_node_refcnt(ni));
1962 /*
1963 * Send a deauthenticate frame and drop the station.
1964 * This is somewhat complicated due to reference counts
1965 * and locking. At this point a station will typically
1966 * have a reference count of 1. ieee80211_node_leave
1967 * will do a "free" of the node which will drop the
1968 * reference count. But in the meantime a reference
1969 * wil be held by the deauth frame. The actual reclaim
1970 * of the node will happen either after the tx is
1971 * completed or by ieee80211_node_leave.
1972 *
1973 * Separately we must drop the node lock before sending
1974 * in case the driver takes a lock, as this can result
1975 * in a LOR between the node lock and the driver lock.
1976 */
1977 ieee80211_ref_node(ni);
1978 IEEE80211_NODE_UNLOCK(nt);
1979 if (ni->ni_associd != 0) {
1980 IEEE80211_SEND_MGMT(ni,
1981 IEEE80211_FC0_SUBTYPE_DEAUTH,
1982 IEEE80211_REASON_AUTH_EXPIRE);
1983 }
1984 ieee80211_node_leave(ni);
1985 ieee80211_free_node(ni);
1986 vap->iv_stats.is_node_timeout++;
1987 goto restart;
1988 }
1989 }
1990 IEEE80211_NODE_UNLOCK(nt);
1991
1992 IEEE80211_NODE_ITERATE_UNLOCK(nt);
1993}
1994
1995/*
1996 * Aggressively reclaim resources. This should be used
1997 * only in a critical situation to reclaim mbuf resources.
1998 */
1999void
2000ieee80211_drain(struct ieee80211com *ic)
2001{
2002 struct ieee80211_node_table *nt = &ic->ic_sta;
2003 struct ieee80211vap *vap;
2004 struct ieee80211_node *ni;
2005
2006 IEEE80211_NODE_LOCK(nt);
2007 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
2008 /*
2009 * Ignore entries for which have yet to receive an
2010 * authentication frame. These are transient and
2011 * will be reclaimed when the last reference to them
2012 * goes away (when frame xmits complete).
2013 */
2014 vap = ni->ni_vap;
2015 /*
2016 * Only process stations when in RUN state. This
2017 * insures, for example, that we don't timeout an
2018 * inactive station during CAC. Note that CSA state
2019 * is actually handled in ieee80211_node_timeout as
2020 * it applies to more than timeout processing.
2021 */
2022 if (vap->iv_state != IEEE80211_S_RUN)
2023 continue;
2024 /* XXX can vap be NULL? */
2025 if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
2026 vap->iv_opmode == IEEE80211_M_STA) &&
2027 (ni->ni_flags & IEEE80211_NODE_AREF) == 0)
2028 continue;
2029 /*
2030 * Free fragments.
2031 * XXX doesn't belong here, move to node_drain
2032 */
2033 if (ni->ni_rxfrag[0] != NULL) {
2034 m_freem(ni->ni_rxfrag[0]);
2035 ni->ni_rxfrag[0] = NULL;
2036 }
2037 /*
2038 * Drain resources held by the station.
2039 */
2040 ic->ic_node_drain(ni);
2041 }
2042 IEEE80211_NODE_UNLOCK(nt);
2043}
2044
2045/*
2046 * Per-ieee80211com inactivity timer callback.
2047 */
2048void
2049ieee80211_node_timeout(void *arg)
2050{
2051 struct ieee80211com *ic = arg;
2052
2053 /*
2054 * Defer timeout processing if a channel switch is pending.
2055 * We typically need to be mute so not doing things that
2056 * might generate frames is good to handle in one place.
2057 * Supressing the station timeout processing may extend the
2058 * lifetime of inactive stations (by not decrementing their
2059 * idle counters) but this should be ok unless the CSA is
2060 * active for an unusually long time.
2061 */
2062 if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) {
2063 ieee80211_scan_timeout(ic);
2064 ieee80211_timeout_stations(ic);
2065
2066 IEEE80211_LOCK(ic);
2067 ieee80211_erp_timeout(ic);
2068 ieee80211_ht_timeout(ic);
2069 IEEE80211_UNLOCK(ic);
2070 }
2071 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz,
2072 ieee80211_node_timeout, ic);
2073}
2074
2075void
2076ieee80211_iterate_nodes(struct ieee80211_node_table *nt,
2077 ieee80211_iter_func *f, void *arg)
2078{
2079 struct ieee80211_node *ni;
2080 u_int gen;
2081
2082 IEEE80211_NODE_ITERATE_LOCK(nt);
2083 gen = ++nt->nt_scangen;
2084restart:
2085 IEEE80211_NODE_LOCK(nt);
2086 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
2087 if (ni->ni_scangen != gen) {
2088 ni->ni_scangen = gen;
2089 (void) ieee80211_ref_node(ni);
2090 IEEE80211_NODE_UNLOCK(nt);
2091 (*f)(arg, ni);
2092 ieee80211_free_node(ni);
2093 goto restart;
2094 }
2095 }
2096 IEEE80211_NODE_UNLOCK(nt);
2097
2098 IEEE80211_NODE_ITERATE_UNLOCK(nt);
2099}
2100
2101void
2102ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni)
2103{
2104 printf("0x%p: mac %s refcnt %d\n", ni,
2105 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni));
2106 printf("\tscangen %u authmode %u flags 0x%x\n",
2107 ni->ni_scangen, ni->ni_authmode, ni->ni_flags);
2108 printf("\tassocid 0x%x txpower %u vlan %u\n",
2109 ni->ni_associd, ni->ni_txpower, ni->ni_vlan);
2110 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n",
2111 ni->ni_txseqs[IEEE80211_NONQOS_TID],
2112 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT,
2113 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK,
2114 ni->ni_rxfragstamp);
2115 printf("\trstamp %u rssi %d noise %d intval %u capinfo 0x%x\n",
2116 ni->ni_rstamp, node_getrssi(ni), ni->ni_noise,
2117 ni->ni_intval, ni->ni_capinfo);
2118 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n",
2119 ether_sprintf(ni->ni_bssid),
2120 ni->ni_esslen, ni->ni_essid,
2121 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags);
2122 printf("\tinact %u txrate %u\n",
2123 ni->ni_inact, ni->ni_txrate);
2124 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n",
2125 ni->ni_htcap, ni->ni_htparam,
2126 ni->ni_htctlchan, ni->ni_ht2ndchan);
2127 printf("\thtopmode %x htstbc %x chw %u\n",
2128 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw);
2129}
2130
2131void
2132ieee80211_dump_nodes(struct ieee80211_node_table *nt)
2133{
2134 ieee80211_iterate_nodes(nt,
2135 (ieee80211_iter_func *) ieee80211_dump_node, nt);
2136}
2137
2138static void
2139ieee80211_notify_erp_locked(struct ieee80211com *ic)
2140{
2141 struct ieee80211vap *vap;
2142
2143 IEEE80211_LOCK_ASSERT(ic);
2144
2145 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
2146 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2147 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP);
2148}
2149
2150void
2151ieee80211_notify_erp(struct ieee80211com *ic)
2152{
2153 IEEE80211_LOCK(ic);
2154 ieee80211_notify_erp_locked(ic);
2155 IEEE80211_UNLOCK(ic);
2156}
2157
2158/*
2159 * Handle a station joining an 11g network.
2160 */
2161static void
2162ieee80211_node_join_11g(struct ieee80211_node *ni)
2163{
2164 struct ieee80211com *ic = ni->ni_ic;
2165
2166 IEEE80211_LOCK_ASSERT(ic);
2167
2168 /*
2169 * Station isn't capable of short slot time. Bump
2170 * the count of long slot time stations and disable
2171 * use of short slot time. Note that the actual switch
2172 * over to long slot time use may not occur until the
2173 * next beacon transmission (per sec. 7.3.1.4 of 11g).
2174 */
2175 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) {
2176 ic->ic_longslotsta++;
2177 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2178 "station needs long slot time, count %d",
2179 ic->ic_longslotsta);
2180 /* XXX vap's w/ conflicting needs won't work */
2181 if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) {
2182 /*
2183 * Don't force slot time when switched to turbo
2184 * mode as non-ERP stations won't be present; this
2185 * need only be done when on the normal G channel.
2186 */
2187 ieee80211_set_shortslottime(ic, 0);
2188 }
2189 }
2190 /*
2191 * If the new station is not an ERP station
2192 * then bump the counter and enable protection
2193 * if configured.
2194 */
2195 if (!ieee80211_iserp_rateset(&ni->ni_rates)) {
2196 ic->ic_nonerpsta++;
2197 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2198 "station is !ERP, %d non-ERP stations associated",
2199 ic->ic_nonerpsta);
2200 /*
2201 * If station does not support short preamble
2202 * then we must enable use of Barker preamble.
2203 */
2204 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) {
2205 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2206 "%s", "station needs long preamble");
2207 ic->ic_flags |= IEEE80211_F_USEBARKER;
2208 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE;
2209 }
2210 /*
2211 * If protection is configured and this is the first
2212 * indication we should use protection, enable it.
2213 */
2214 if (ic->ic_protmode != IEEE80211_PROT_NONE &&
2215 ic->ic_nonerpsta == 1 &&
2216 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) {
2217 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC,
2218 "%s: enable use of protection\n", __func__);
2219 ic->ic_flags |= IEEE80211_F_USEPROT;
2220 ieee80211_notify_erp_locked(ic);
2221 }
2222 } else
2223 ni->ni_flags |= IEEE80211_NODE_ERP;
2224}
2225
2226void
2227ieee80211_node_join(struct ieee80211_node *ni, int resp)
2228{
2229 struct ieee80211com *ic = ni->ni_ic;
2230 struct ieee80211vap *vap = ni->ni_vap;
2231 int newassoc;
2232
2233 if (ni->ni_associd == 0) {
2234 uint16_t aid;
2235
2236 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap"));
2237 /*
2238 * It would be good to search the bitmap
2239 * more efficiently, but this will do for now.
2240 */
2241 for (aid = 1; aid < vap->iv_max_aid; aid++) {
2242 if (!IEEE80211_AID_ISSET(vap, aid))
2243 break;
2244 }
2245 if (aid >= vap->iv_max_aid) {
2246 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY);
2247 ieee80211_node_leave(ni);
2248 return;
2249 }
2250 ni->ni_associd = aid | 0xc000;
2251 ni->ni_jointime = time_uptime;
2252 IEEE80211_LOCK(ic);
2253 IEEE80211_AID_SET(vap, ni->ni_associd);
2254 vap->iv_sta_assoc++;
2255 ic->ic_sta_assoc++;
2256
2257 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan))
2258 ieee80211_ht_node_join(ni);
2259 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) &&
2260 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan))
2261 ieee80211_node_join_11g(ni);
2262 IEEE80211_UNLOCK(ic);
2263
2264 newassoc = 1;
2265 } else
2266 newassoc = 0;
2267
2268 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni,
2269 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s%s%s",
2270 IEEE80211_NODE_AID(ni),
2271 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long",
2272 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long",
2273 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "",
2274 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "",
2275 ni->ni_flags & IEEE80211_NODE_HT ?
2276 (ni->ni_chw == 40 ? ", HT40" : ", HT20") : "",
2277 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "",
2278 ni->ni_flags & IEEE80211_NODE_MIMO_RTS ? " (+SMPS-DYN)" :
2279 ni->ni_flags & IEEE80211_NODE_MIMO_PS ? " (+SMPS)" : "",
2280 ni->ni_flags & IEEE80211_NODE_RIFS ? " (+RIFS)" : "",
2281 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ?
2282 ", fast-frames" : "",
2283 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ?
2284 ", turbo" : ""
2285 );
2286
2287 node_setuptxparms(ni);
2288 /* give driver a chance to setup state like ni_txrate */
2289 if (ic->ic_newassoc != NULL)
2290 ic->ic_newassoc(ni, newassoc);
2291 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS);
2292 /* tell the authenticator about new station */
2293 if (vap->iv_auth->ia_node_join != NULL)
2294 vap->iv_auth->ia_node_join(ni);
2295 ieee80211_notify_node_join(ni,
2296 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
2297}
2298
2299static void
2300disable_protection(struct ieee80211com *ic)
2301{
2302 KASSERT(ic->ic_nonerpsta == 0 &&
2303 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0,
2304 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta,
2305 ic->ic_flags_ext));
2306
2307 ic->ic_flags &= ~IEEE80211_F_USEPROT;
2308 /* XXX verify mode? */
2309 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) {
2310 ic->ic_flags |= IEEE80211_F_SHPREAMBLE;
2311 ic->ic_flags &= ~IEEE80211_F_USEBARKER;
2312 }
2313 ieee80211_notify_erp_locked(ic);
2314}
2315
2316/*
2317 * Handle a station leaving an 11g network.
2318 */
2319static void
2320ieee80211_node_leave_11g(struct ieee80211_node *ni)
2321{
2322 struct ieee80211com *ic = ni->ni_ic;
2323
2324 IEEE80211_LOCK_ASSERT(ic);
2325
2326 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan),
2327 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq,
2328 ic->ic_bsschan->ic_flags));
2329
2330 /*
2331 * If a long slot station do the slot time bookkeeping.
2332 */
2333 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) {
2334 KASSERT(ic->ic_longslotsta > 0,
2335 ("bogus long slot station count %d", ic->ic_longslotsta));
2336 ic->ic_longslotsta--;
2337 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2338 "long slot time station leaves, count now %d",
2339 ic->ic_longslotsta);
2340 if (ic->ic_longslotsta == 0) {
2341 /*
2342 * Re-enable use of short slot time if supported
2343 * and not operating in IBSS mode (per spec).
2344 */
2345 if ((ic->ic_caps & IEEE80211_C_SHSLOT) &&
2346 ic->ic_opmode != IEEE80211_M_IBSS) {
2347 IEEE80211_DPRINTF(ni->ni_vap,
2348 IEEE80211_MSG_ASSOC,
2349 "%s: re-enable use of short slot time\n",
2350 __func__);
2351 ieee80211_set_shortslottime(ic, 1);
2352 }
2353 }
2354 }
2355 /*
2356 * If a non-ERP station do the protection-related bookkeeping.
2357 */
2358 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) {
2359 KASSERT(ic->ic_nonerpsta > 0,
2360 ("bogus non-ERP station count %d", ic->ic_nonerpsta));
2361 ic->ic_nonerpsta--;
2362 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2363 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta,
2364 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ?
2365 " (non-ERP sta present)" : "");
2366 if (ic->ic_nonerpsta == 0 &&
2367 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) {
2368 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC,
2369 "%s: disable use of protection\n", __func__);
2370 disable_protection(ic);
2371 }
2372 }
2373}
2374
2375/*
2376 * Time out presence of an overlapping bss with non-ERP
2377 * stations. When operating in hostap mode we listen for
2378 * beacons from other stations and if we identify a non-ERP
2379 * station is present we enable protection. To identify
2380 * when all non-ERP stations are gone we time out this
2381 * condition.
2382 */
2383static void
2384ieee80211_erp_timeout(struct ieee80211com *ic)
2385{
2386
2387 IEEE80211_LOCK_ASSERT(ic);
2388
2389 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) &&
2390 time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) {
2391#if 0
2392 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni,
2393 "%s", "age out non-ERP sta present on channel");
2394#endif
2395 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR;
2396 if (ic->ic_nonerpsta == 0)
2397 disable_protection(ic);
2398 }
2399}
2400
2401/*
2402 * Handle bookkeeping for station deauthentication/disassociation
2403 * when operating as an ap.
2404 */
2405void
2406ieee80211_node_leave(struct ieee80211_node *ni)
2407{
2408 struct ieee80211com *ic = ni->ni_ic;
2409 struct ieee80211vap *vap = ni->ni_vap;
2410 struct ieee80211_node_table *nt = ni->ni_table;
2411
2412 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni,
2413 "station with aid %d leaves", IEEE80211_NODE_AID(ni));
2414
2415 KASSERT(vap->iv_opmode != IEEE80211_M_STA,
2416 ("unexpected operating mode %u", vap->iv_opmode));
2417 /*
2418 * If node wasn't previously associated all
2419 * we need to do is reclaim the reference.
2420 */
2421 /* XXX ibss mode bypasses 11g and notification */
2422 if (ni->ni_associd == 0)
2423 goto done;
2424 /*
2425 * Tell the authenticator the station is leaving.
2426 * Note that we must do this before yanking the
2427 * association id as the authenticator uses the
2428 * associd to locate it's state block.
2429 */
2430 if (vap->iv_auth->ia_node_leave != NULL)
2431 vap->iv_auth->ia_node_leave(ni);
2432
2433 IEEE80211_LOCK(ic);
2434 IEEE80211_AID_CLR(vap, ni->ni_associd);
2435 ni->ni_associd = 0;
2436 vap->iv_sta_assoc--;
2437 ic->ic_sta_assoc--;
2438
2439 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan))
2440 ieee80211_ht_node_leave(ni);
2441 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) &&
2442 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan))
2443 ieee80211_node_leave_11g(ni);
2444 IEEE80211_UNLOCK(ic);
2445 /*
2446 * Cleanup station state. In particular clear various
2447 * state that might otherwise be reused if the node
2448 * is reused before the reference count goes to zero
2449 * (and memory is reclaimed).
2450 */
2451 ieee80211_sta_leave(ni);
2452done:
2453 /*
2454 * Remove the node from any table it's recorded in and
2455 * drop the caller's reference. Removal from the table
2456 * is important to insure the node is not reprocessed
2457 * for inactivity.
2458 */
2459 if (nt != NULL) {
2460 IEEE80211_NODE_LOCK(nt);
2461 node_reclaim(nt, ni);
2462 IEEE80211_NODE_UNLOCK(nt);
2463 } else
2464 ieee80211_free_node(ni);
2465}
2466
2467struct rssiinfo {
2468 struct ieee80211vap *vap;
2469 int rssi_samples;
2470 uint32_t rssi_total;
2471};
2472
2473static void
2474get_hostap_rssi(void *arg, struct ieee80211_node *ni)
2475{
2476 struct rssiinfo *info = arg;
2477 struct ieee80211vap *vap = ni->ni_vap;
2478 int8_t rssi;
2479
2480 if (info->vap != vap)
2481 return;
2482 /* only associated stations */
2483 if (ni->ni_associd == 0)
2484 return;
2485 rssi = vap->iv_ic->ic_node_getrssi(ni);
2486 if (rssi != 0) {
2487 info->rssi_samples++;
2488 info->rssi_total += rssi;
2489 }
2490}
2491
2492static void
2493get_adhoc_rssi(void *arg, struct ieee80211_node *ni)
2494{
2495 struct rssiinfo *info = arg;
2496 struct ieee80211vap *vap = ni->ni_vap;
2497 int8_t rssi;
2498
2499 if (info->vap != vap)
2500 return;
2501 /* only neighbors */
2502 /* XXX check bssid */
2503 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
2504 return;
2505 rssi = vap->iv_ic->ic_node_getrssi(ni);
2506 if (rssi != 0) {
2507 info->rssi_samples++;
2508 info->rssi_total += rssi;
2509 }
2510}
2511
2512int8_t
2513ieee80211_getrssi(struct ieee80211vap *vap)
2514{
2515#define NZ(x) ((x) == 0 ? 1 : (x))
2516 struct ieee80211com *ic = vap->iv_ic;
2517 struct rssiinfo info;
2518
2519 info.rssi_total = 0;
2520 info.rssi_samples = 0;
2521 info.vap = vap;
2522 switch (vap->iv_opmode) {
2523 case IEEE80211_M_IBSS: /* average of all ibss neighbors */
2524 case IEEE80211_M_AHDEMO: /* average of all neighbors */
2525 ieee80211_iterate_nodes(&ic->ic_sta, get_adhoc_rssi, &info);
2526 break;
2527 case IEEE80211_M_HOSTAP: /* average of all associated stations */
2528 ieee80211_iterate_nodes(&ic->ic_sta, get_hostap_rssi, &info);
2529 break;
2530 case IEEE80211_M_MONITOR: /* XXX */
2531 case IEEE80211_M_STA: /* use stats from associated ap */
2532 default:
2533 if (vap->iv_bss != NULL)
2534 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss);
2535 info.rssi_samples = 1;
2536 break;
2537 }
2538 return info.rssi_total / NZ(info.rssi_samples);
2539#undef NZ
2540}
2541
2542void
2543ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise)
2544{
2545
2546 if (vap->iv_bss == NULL) /* NB: shouldn't happen */
2547 return;
2548 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise);
2549 /* for non-station mode return avg'd rssi accounting */
2550 if (vap->iv_opmode != IEEE80211_M_STA)
2551 *rssi = ieee80211_getrssi(vap);
2552}
|