- Copy stable/10 (r259064) to releng/10.0 as part of the
10.0-RELEASE cycle.
- Update __FreeBSD_version [1]
- Set branch name to -RC1

[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so
start releng/10.0 at '100' so the branch is started with
a value ending in zero.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Add in some backwards compatability hacks to make -HEAD net80211 compile
on -9.

Add m_clrprotoflags() to clear protocol specific mbuf flags at up and
downwards layer crossings.

Consistently use it within IP, IPv6 and ethernet protocols.

Discussed with: trociny, glebius

Substitute '#ifdef ALIGNED_POINTER' with '#ifndef __NO_STRICT_ALIGNMENT',
since the former is defined everywhere. This cuts off some code not
necessary on non strict aligment arches.

Reviewed by: adrian
Sponsored by: Nginx, Inc.

Start accepting IEEE80211_ACTION_MESH_GANN frames;

* Add IEEE80211_ACTION_MESH_GANN Action frame verification in
ieee80211_parse_action;

Approved by: adrian (mentor)

Mechanically substitute flags from historic mbuf allocator with
malloc(9) flags within sys.

Exceptions:

- sys/contrib not touched
- sys/mbuf.h edited manually

Added Self-protected action category (including MPM).

* Added new action category IEEE80211_ACTION_CAT_SELF_PROT which is used by 11s
for Mesh Peering Management;
* Updated Self protected enum Action codes to start from 1 instead of 0
according to the standard spec;
* Removed old and wrong action categories IEEE80211_ACTION_CAT_MESHPEERING;
* Modified ieee80211_mesh.c and ieee80211_action.c to use the new action
category code;
* Added earlier verification code in ieee80211_input;

Approved by: adrian

Fix build w/o 'options IEEE80211_SUPPORT_MESH'.

* Added IEEE80211_ACTION_CAT_MESH in ieee80211.h as specified amendment spec;
* Moved old categories as specified by D4.0 to be action fields of MESH category
as specified in amendment spec;
* Modified functions to use MESH category and its action fields:
+ ieee80211_send_action_register
+ ieee80211_send_action
+ ieee80211_recv_action_register
+ieee80211_recv_action;
* Modified ieee80211_hwmp_init and hwmp_send_action so they uses correct
action fields as specified in amendment spec;
* Modified ieee80211_parse_action so that it verifies MESH frames.
* Change Mesh Link Metric to use one information element as amendment spec.
Draft 4.0 defined two different information elements for request and response.

Submitted by: monthadar@gmail.com

Print out the bogus beacon interval.

Add 802.11h quiet time element support into net80211.

This supports both station and hostap modes:

* Station mode quiet time element support listens to quiet time
IE's and modifies the local quiet time configuration as appropriate;
* Hostap mode both obeys the locally configured quiet time period
and includes it in beacon frames so stations also can obey as needed.

Submitted by: Himali Patel <himali.patel@sibridgetech.com>
Sponsored by: Sibridge Technologies

Add initial support for MIMO statistics to net80211.

This introduces struct ieee80211_rx_stats - which stores the various kinds
of RX statistics which a MIMO and non-MIMO 802.11 device can export.

It also fleshes out the mimo export to userland (node_getmimoinfo()).

It assumes that MIMO radios (for now) export both ctl and ext channels.
Non-11n MIMO radios are possible (and I believe Atheros made at least
one), so if that chipset support is added, extra flags to the
struct ieee80211_rx_stats can be added to extend this support.

Two new input functions have been added - ieee80211_input_mimo() and
ieee80211_input_mimo_all() - which MIMO-aware devices can call with
MIMO specific statistics.

802.11 devices calling the non-MIMO input functions will still function.

Add a new mgmt subtype "ACTION NO ACK" defined in 802.11n-2009, while here
clean up parts of the *_recv_mgmt() functions.
- make sure appropriate counters are bumped and debug messages are printed
- order the unhandled subtypes by value and add a few missing ones
- fix some whitespace nits
- remove duplicate code in adhoc_recv_mgmt()
- remove a useless comment, probably left in while c&p

Constify vap argument of ieee80211_{note,discard}* functions.

MFC after: 1 week

Fix a typo in ifdef mesh support. This would make mesh unworkable if
TDMA support was compiled out.

Approved by: re (kib)

More mesh bits, namely:
* bridge support (sam)
* handling of errors (sam)
* deletion of inactive routing entries
* more debug msgs (sam)
* fixed some inconsistencies with the spec.
* decap is now specific to mesh (sam)
* print mesh seq. no. on ifconfig list mesh
* small perf. improvements

Reviewed by: sam
Approved by: re (kib)

Move code that does payload realigment to a new routine, ieee80211_realign,
so it can be reused. While here rewrite the logic to always use a single mbuf.

Reviewed by: rpaulo
Approved by: re (kib)

Implementation of the upcoming Wireless Mesh standard, 802.11s, on the
net80211 wireless stack. This work is based on the March 2009 D3.0 draft
standard. This standard is expected to become final next year.
This includes two main net80211 modules, ieee80211_mesh.c
which deals with peer link management, link metric calculation,
routing table control and mesh configuration and ieee80211_hwmp.c
which deals with the actually routing process on the mesh network.
HWMP is the mandatory routing protocol on by the mesh standard, but
others, such as RA-OLSR, can be implemented.

Authentication and encryption are not implemented.

There are several scripts under tools/tools/net80211/scripts that can be
used to test different mesh network topologies and they also teach you
how to setup a mesh vap (for the impatient: ifconfig wlan0 create
wlandev ... wlanmode mesh).

A new build option is available: IEEE80211_SUPPORT_MESH and it's enabled
by default on GENERIC kernels for i386, amd64, sparc64 and pc98.

Drivers that support mesh networks right now are: ath, ral and mwl.

More information at: http://wiki.freebsd.org/WifiMesh

Please note that this work is experimental. Also, please note that
bridging a mesh vap with another network interface is not yet supported.

Many thanks to the FreeBSD Foundation for sponsoring this project and to
Sam Leffler for his support.
Also, I would like to thank Gateworks Corporation for sending me a
Cambria board which was used during the development of this project.

Reviewed by: sam
Approved by: re (kensmith)
Obtained from: projects/mesh11s

iv_flags_ext is full, make room by moving HT-related flags to a new
iv_flags_ht word

o station mode channel switch support
o IEEE80211_IOC_CHANSWITCH fixups:
- restrict to hostap vaps
- return EOPNOTSUPP instead of EINVAL when applied to !hostap vap
or to a vap w/o 11h enabled
- interpret count of 0 to mean cancel the current CSA

Reviewed by: rpaulo, avatar

Fix monitor mode vaps to work as intended:
o track # bpf taps on monitor mode vaps instead of # monitor mode vaps
o spam monitor mode taps on tx/rx
o fix ieee80211_radiotap_rx_all to dispatch frames only if the vap is up
o while here print radiotap (and superg) state in show com

don't dispatch frames to vap's not running

Overhaul monitor mode handling:
o replace DLT_IEEE802_11 support in net80211 with DLT_IEEE802_11_RADIO
and remove explicit bpf support from wireless drivers; drivers now
use ieee80211_radiotap_attach to setup shared data structures that
hold the radiotap header for each packet tx/rx
o remove rx timestamp from the rx path; it was used only by the tdma support
for debugging and was mostly useless due to it being 32-bits and mostly
unavailable
o track DLT_IEEE80211_RADIO bpf attachments and maintain per-vap and
per-com state when there are active taps
o track the number of monitor mode vaps
o use bpf tap and monitor mode vap state to decide when to collect radiotap
state and dispatch frames; drivers no longer explicitly directly check
bpf state or use bpf calls to tap frames
o handle radiotap state updates on channel change in net80211; drivers
should not do this (unless they bypass net80211 which is almost always
a mistake)
o update various drivers to be more consistent/correct in handling radiotap
o update ral to include TSF in radiotap'd frames
o add promisc mode callback to wi

Reviewed by: cbzimmer, rpaulo, thompsa

split Atheros SuperG support out into it's own file that's included only
with a new IEEE80211_SUPPORT_SUPERG option

Use plural in a comment. No functional change.

TDMA support for long distance point-to-point links using ath devices:
o add net80211 support for a tdma vap that is built on top of the
existing adhoc-demo support
o add tdma scheduling of frame transmission to the ath driver; it's
conceivable other devices might be capable of this too in which case
they can make use of the 802.11 protocol additions etc.
o add minor bits to user tools that need to know: ifconfig to setup and
configure, new statistics in athstats, and new debug mask bits

While the architecture can support >2 slots in a TDMA BSS the current
design is intended (and tested) for only 2 slots.

Sponsored by: Intel

convert MALLOC/FREE to malloc/free

Fix definition of IEEE80211_CHAN_MAX; it was defined as 255 but
really was meant to be 256. Adjust usage accordingly and replace
bogus usage of this value in checking IEEE channel #'s.

NB: this causes an ABI change; ifconfig must be recompiled

ignore IEEE80211_ELEMID_PWRCNSTR when parsing beacon/probe response frames
to avoid counting it as an unknown elemid (we often beacon this so it shows
up as a "false positive")

Revert the removal of the MALLOC and FREE macros from the net80211 code.

Requested by: sam

Retire the MALLOC and FREE macros. They are an abomination unto style(9).

MFC after: 3 months

correct decap of of AppleTalk and IPX frames; don't strip the SNAP
header as they have one natively

Submitted by: Chris Zimmermann

Multi-bss (aka vap) support for 802.11 devices.

Note this includes changes to all drivers and moves some device firmware
loading to use firmware(9) and a separate module (e.g. ral). Also there
no longer are separate wlan_scan* modules; this functionality is now
bundled into the wlan module.

Supported by: Hobnob and Marvell
Reviewed by: many
Obtained from: Atheros (some bits)

- Correctly handle ALTQ in ieee80211_deliver_data()
- Add comment from sam that ALTQ probably does not work well with WME

PR: kern/119548
Approved by: sam (mentor)

sync 11n support with vap code base; many changes based on interop
testing with all major vendors

MFC after: 1 week

Miscellaneous fixups to 802.11 defs:
o update 11n definitions to D2.0 spec
o add IEEE80211_CAPINFO_SPECTRUM_MGMT for DFS support
o add CSA ie definition for DFS support
o purge some unused definitions
o correct 802.11 reason and status codes
o correct reason code returned when a sta tries to associate to an
ap operating with WPA/RSN but without a WPA/RSN ie

Reviewed by: thompsa, avatar
Approved by: re (blanket wireless)

o add M_WEP mbuf flag so drivers can mark frames that are decrypted by the
device and have had the crypto bits stripped from the 802.11 header
o strip mbuf flags in the rx path before passing up the stack

Reviewed by: thompsa, sephe, avatar
Approved by: re (blanket wireless)

Change the channel number in the scan results struct to be a pointer to the
operating channel and use this in the scan cache rather than directly using
ic_curchan. Some firmware cards can only do a full scan and so ic_curchan does
not have the correct value.

Also add IEEE80211_CHAN2IEEE to directly dereference ic_ieee from the channel
to be used in the fast path.

Reviewed by: sam, sephe
Approved by: re (kensmith)

Update 802.11 wireless support:
o major overhaul of the way channels are handled: channels are now
fully enumerated and uniquely identify the operating characteristics;
these changes are visible to user applications which require changes
o make scanning support independent of the state machine to enable
background scanning and roaming
o move scanning support into loadable modules based on the operating
mode to enable different policies and reduce the memory footprint
on systems w/ constrained resources
o add background scanning in station mode (no support for adhoc/ibss
mode yet)
o significantly speedup sta mode scanning with a variety of techniques
o add roaming support when background scanning is supported; for now
we use a simple algorithm to trigger a roam: we threshold the rssi
and tx rate, if either drops too low we try to roam to a new ap
o add tx fragmentation support
o add first cut at 802.11n support: this code works with forthcoming
drivers but is incomplete; it's included now to establish a baseline
for other drivers to be developed and for user applications
o adjust max_linkhdr et. al. to reflect 802.11 requirements; this eliminates
prepending mbufs for traffic generated locally
o add support for Atheros protocol extensions; mainly the fast frames
encapsulation (note this can be used with any card that can tx+rx
large frames correctly)
o add sta support for ap's that beacon both WPA1+2 support
o change all data types from bsd-style to posix-style
o propagate noise floor data from drivers to net80211 and on to user apps
o correct various issues in the sta mode state machine related to handling
authentication and association failures
o enable the addition of sta mode power save support for drivers that need
net80211 support (not in this commit)
o remove old WI compatibility ioctls (wicontrol is officially dead)
o change the data structures returned for get sta info and get scan
results so future additions will not break user apps
o fixed tx rate is now maintained internally as an ieee rate and not an
index into the rate set; this needs to be extended to deal with
multi-mode operation
o add extended channel specifications to radiotap to enable 11n sniffing

Drivers:
o ath: add support for bg scanning, tx fragmentation, fast frames,
dynamic turbo (lightly tested), 11n (sniffing only and needs
new hal)
o awi: compile tested only
o ndis: lightly tested
o ipw: lightly tested
o iwi: add support for bg scanning (well tested but may have some
rough edges)
o ral, ural, rum: add suppoort for bg scanning, calibrate rssi data
o wi: lightly tested

This work is based on contributions by Atheros, kmacy, sephe, thompsa,
mlaier, kevlo, and others. Much of the scanning work was supported by
Atheros. The 11n work was supported by Marvell.

copyright updates:
o update to include 2007
o switch back to a 2-clause bsd-only license

Reviewed by: onoe

change ieee80211_fix_rate to take a rate set instead of using
ni_rates; this lets us re-use the code to check 11n HT rates

MFC after: 2 weeks

expose IEEE80211_DISCARD, IEEE80211_DISCARD_IE, and IEEE80211_DISCARD_MAC
so they can be used within net80211 but outside ieee80211_input.c

MFC after: 2 weeks

improve debug msg for ie's that are too short

MFC after: 2 weeks

keep tx/rx seq #'s for non-QoS traffic separate from QoS; stations
aren't supposed mix traffic but if they did frames might be mis-handled

Obtained from: Atheros
MFC after: 2 weeks

split check for rate set mismatch on assoc req away from check
for pure 11g mode so we can give meaningful diagnostic msgs

MFC after: 2 weeks

disallow re-associate with a slot time mismatch

Obtained from: Atheros
MFC after: 2 weeks

move __inline before type to appease gcc 4.x

Obtained from: netbsd

discard deauth+disassoc frames that are not destined for us; these
can be received when the interface is in promisc mode

Reviewed by: sephe
Obtained from: netbsd

When dispatching frames saved on the power save queue to a
station exiting power save mode prepend them to the driver's
send q instead of appending them. This insures the packets
are not misordered wrt any packets already q'd for the station.

This corrects a problem noticed when using a VoIP phone talking
to an ath card in ap mode; the misordered packets caused noise.

Submitted by: "J.R. Oldroyd" <jr@opal.com>
MFC after: 2 weeks

clear/reclaim challenge text when switching auth mode and operating as an ap

Obtained from: Atheros

Correct several issues with rate set negotiation:
o add IEEE80211_F_JOIN flag to ieee80211_fix_rate to indicate a station
is joining a BSS; this is used to control whether or not we over-write
the basic rate bit in the calculated rate set
o fix ieee80211_fix_rate to honor IEEE80211_F_DODEL when IEEE80211_F_DONEGO
is not specified (e.g. when joining an ibss network)
o on sta join always delete unusable rates from the negotiated rate set,
this was being done only ibss networks but is also needed for 11g bss
with mixed stations
o on sta join delete unusable rates from the bss node's rate set, not the
scan table entry's rate set
o when calculating a rate set for new neighbors in an ibss caculate a
negotiated rate set so drivers are not presented with rates they should
not use

Submitted by: Sepherosa Ziehau (w/ modifications)
Obtained from: DragonFly
MFC after: 1 month

back out use of LLC_SNAPFRAMELEN now that sizeof(struct llc) isn't
padded on arm

sizeof(struct llc) includes padding on arm; use LLC_SNAPFRAMELEN for now

Submitted by: jhay
MFC after: 2 weeks

Move ethernet VLAN tags from mtags to its own mbuf packet header field
m_pkthdr.ether_vlan. The presence of the M_VLANTAG flag on the mbuf
signifies the presence and validity of its content.

Drivers that support hardware VLAN tag stripping fill in the received
VLAN tag (containing both vlan and priority information) into the
ether_vtag mbuf packet header field:

m->m_pkthdr.ether_vtag = vlan_id; /* ntohs()? */
m->m_flags |= M_VLANTAG;

to mark the packet m with the specified VLAN tag.

On output the driver should check the mbuf for the M_VLANTAG flag to
see if a VLAN tag is present and valid:

if (m->m_flags & M_VLANTAG) {
... = m->m_pkthdr.ether_vtag; /* htons()? */
... pass tag to hardware ...
}

VLAN tags are stored in host byte order. Byte swapping may be necessary.

(Note: This driver conversion was mechanic and did not add or remove any
byte swapping in the drivers.)

Remove zone_mtag_vlan UMA zone and MTAG_VLAN definition. No more tag
memory allocation have to be done.

Reviewed by: thompsa, yar
Sponsored by: TCP/IP Optimization Fundraise 2005

minor fixups:
o add some missing stats to the global stat structure
o move accounting work for data frame rx into ieee80211_deliver_data
o add per-sta stats for rx ucast/mcast frames
o set rcvif in ieee80211_deliver_data so callers don't need to

MFC after: 2 weeks

correct ie length check; need to include fixed part of ie

MFC after: 2 weeks

tighten invariant on loops used to parse ie's; this ensures we never
touch data outside the packet (previously we might touch 1 byte); it
also has the happy side effect of working around broken orinoco/agere
firmware that sends malformed association response frames

Help by: Vladimir Egorin

Fix the following bpf(4) race condition which can result in a panic:

(1) bpf peer attaches to interface netif0
(2) Packet is received by netif0
(3) ifp->if_bpf pointer is checked and handed off to bpf
(4) bpf peer detaches from netif0 resulting in ifp->if_bpf being
initialized to NULL.
(5) ifp->if_bpf is dereferenced by bpf machinery
(6) Kaboom

This race condition likely explains the various different kernel panics
reported around sending SIGINT to tcpdump or dhclient processes. But really
this race can result in kernel panics anywhere you have frequent bpf attach
and detach operations with high packet per second load.

Summary of changes:

- Remove the bpf interface's "driverp" member
- When we attach bpf interfaces, we now set the ifp->if_bpf member to the
bpf interface structure. Once this is done, ifp->if_bpf should never be
NULL. [1]
- Introduce bpf_peers_present function, an inline operation which will do
a lockless read bpf peer list associated with the interface. It should
be noted that the bpf code will pickup the bpf_interface lock before adding
or removing bpf peers. This should serialize the access to the bpf descriptor
list, removing the race.
- Expose the bpf_if structure in bpf.h so that the bpf_peers_present function
can use it. This also removes the struct bpf_if; hack that was there.
- Adjust all consumers of the raw if_bpf structure to use bpf_peers_present

Now what happens is:

(1) Packet is received by netif0
(2) Check to see if bpf descriptor list is empty
(3) Pickup the bpf interface lock
(4) Hand packet off to process

From the attach/detach side:

(1) Pickup the bpf interface lock
(2) Add/remove from bpf descriptor list

Now that we are storing the bpf interface structure with the ifnet, there is
is no need to walk the bpf interface list to locate the correct bpf interface.
We now simply look up the interface, and initialize the pointer. This has a
nice side effect of changing a bpf interface attach operation from O(N) (where
N is the number of bpf interfaces), to O(1).

[1] From now on, we can no longer check ifp->if_bpf to tell us whether or
not we have any bpf peers that might be interested in receiving packets.

In collaboration with: sam@
MFC after: 1 month

use m_dup instead of m_copypacket when doing internal bridging
in case packets are modified (e.g. encrypted)

MFC after: 1 week

deliver an l2uf frame on sta join to prime the bridge

Obtained from: madwifi
MFC after: 1 week

when scanning channels marked passive defer probe request until
802.11 traffic is seen; fixes problems with ap's hiding their ssid

Obtained from: atheros
MFC after: 1 week

s/w beacon miss facility; need to add knobs to fiddle with the settings

MFC after: 2 weeks

bounds check each ie's length when parsing

Obtained from: madwifi
MFC after: 1 week

- Fix VLAN_INPUT_TAG() macro, so that it doesn't touch mtag in
case if memory allocation failed.
- Remove fourth argument from VLAN_INPUT_TAG(), that was used
incorrectly in almost all drivers. Indicate failure with
mbuf value of NULL.

In collaboration with: yongari, ru, sam

Add ieee80211_beacon_miss for processing sta mode beacon miss events
in the 802.11 layer: we send a directed probe request frame to the
current ap bmiss_max times (w/o answer) before scanning for a new ap.

MFC after: 2 weeks

Adhoc mode fixups:
o plug memory leak in adhoc mode: on rx the sender may be the
current master so simply checking against ic_bss is not enough
to identify if the packet comes from an unknown sender; must
also check the mac address
o split neighbor node creation into two routines and fillin state
of nodes faked up on xmit when a beacon or probe response frame
is later received; this ensures important state like the rate set
and advertised capabilities are correct

Obtained from: netbsd
MFC after: 1 week

fix dynamic changes in short slottime for 11g sta mode: set the
slot time based on the rcvd capabilities, not the existing ones

Obtained from: atheros
MFC after: 1 week

Clarify/fix handling of the current channel:
o add ic_curchan and use it uniformly for specifying the current
channel instead of overloading ic->ic_bss->ni_chan (or in some
drivers ic_ibss_chan)
o add ieee80211_scanparams structure to encapsulate scanning-related
state captured for rx frames
o move rx beacon+probe response frame handling into separate routines
o change beacon+probe response handling to treat the scan table
more like a scan cache--look for an existing entry before adding
a new one; this combined with ic_curchan use corrects handling of
stations that were previously found at a different channel
o move adhoc neighbor discovery by beacon+probe response frames to
a new ieee80211_add_neighbor routine

Reviewed by: avatar
Tested by: avatar, Michal Mertl
MFC after: 2 weeks

Cleanup beacon/listen interval handling:
o separate configured beacon interval from listen interval; this
avoids potential use of one value for the other (e.g. setting
powersavesleep to 0 clobbers the beacon interval used in hostap
or ibss mode)
o bounds check the beacon interval received in probe response and
beacon frames and drop frames with bogus settings; not clear
if we should instead clamp the value as any alteration would
result in mismatched sta+ap configuration and probably be more
confusing (don't want to log to the console but perhaps ok with
rate limiting)
o while here up max beacon interval to reflect WiFi standard

Noticed by: Martin <nakal@nurfuerspam.de>
MFC after: 1 week

fix debug msg typo

MFC after: 3 days

Fix handling of frames sent prior to a station being authorized
when operating in ap mode. Previously we allocated a node from the
station table, sent the frame (using the node), then released the
reference that "held the frame in the table". But while the frame
was in flight the node might be reclaimed which could lead to
problems. The solution is to add an ieee80211_tmp_node routine
that crafts a node that does exist in a table and so isn't ever
reclaimed; it exists only so long as the associated frame is in flight.

MFC after: 5 days

close a race between reclaiming a node when a station is inactive
and sending the null data frame used to probe inactive stations

MFC after: 5 days

when bridging internally bypass the bss node as traffic to it
must follow the normal input path

Submitted by: Michal Mertl
MFC after: 5 days

simplify tim callback api

MFC after: 3 days

simplify ieee80211_node_authorize and ieee80211_node_unauthorize api's

MFC after: 3 days

simplifiy ieee80211_send_nulldata api

MFC after: 3 days

simplify rate set api's by removing ic parameter (implicit in node reference)

MFC after: 3 days

reject association requests with a wpa/rsn ie when wpa/rsn is not
configured on the ap; previously we either ignored the ie or (possibly)
failed an assertion

Obtained from: Atheros
MFC after: 3 days

missed one in last commit; add device name to discard msgs

include device name in discard msgs

add diag msgs for frames discarded because the direction field is wrong

split data frame delivery out to a new function ieee80211_deliver_data

Diff reduction against p4:
o add ic_flags_ext for eventual extention of ic_flags
o define/reserve flag+capabilities bits for superg,
bg scan, and roaming support
o refactor debug msg macros

MFC after: 3 days

send a response when an auth request is denied due to an acl;
might be better to silently ignore the frame but this way we
give stations a chance of figuring out what's wrong

remove excess whitespace

use IF_HANDOFF when bridging frames internally so if_start gets
called; fixes communication between associated sta's

MFC after: 3 days

nuke assert that duplicates real check

Reviewed by: avatar
Approved by: re (scottl)

correct check for high priority wme traffic

Noticed by: Ralf Assmann
Reviewed by: apatti
Approved by: re (scottl)

fix another instance of the MORE_DATA bit handling for frames on the
power save queue (missed in previous commit)

Submitted by: Bruno Randolf
Approved by: re (scottl)

add "pureg" mode for ap operation: reject association requests from
11b-only stations when operating in 11g

Reviewed by: avatar
Approved by: re (scottl)

Fix handling of data frames queued for a station in power save mode:
don't mark the MORE_DATA bit when taking it off the ps queue, there's
no 802.11 header then; we must wait to do this at encap time so
mark the mbuf instead.

Reviewed by: avatar
Approved by: re (scottl)
Obtained from: Atheros

Fix race condition in handling node reference counts for authenticating
stations in ap mode. Track when a node's first auth frame is
received and use this to decide whether or not to bump the refcnt.
This insures we only ever bump the refcnt once.

Reviewed by: avatar
Approved by: re (scottl)

Only update the scan entry state based on newly received frames.
This fixes duplicative BSS entries(memory leaks as well) listed in
"ifconfig dev list scan" when a station fails to associate with an AP.

Reviewed by: sam
Approved by: re (scottl)

revert 1.53; it breaks ibss merge

Noticed by: Bruno Randolf
Approved by: re (dwhite)

don't look at the wme ie in a beacon unless we negotiated use

validate the bssid for non-data frames too when operating in
adhoc/ahdemo/hostap modes

o fix wpa w/ wme: don't strip the QoS header on recv as tkip requires
it; instead pass the space occupied by the header down into the
crypto modules (except in the demic case which needs it only when
doing int in s/w)
o while here fix defrag to strip the header from 2nd and later frames
o teach decap code how to handle 4-address frames

mark stations authorized during recv processing instead of doing it
as a side effect of sending an auth success frame; sending mgmt
frames should not have side effects

accept diassoc frame in ASSOC state

pull some debug msgs up so they're seen more often

kick the state machine when we receive failure notice from an ap (when
operating in sta mode); this speeds up the state machine, previously
we were acting on a timeout

discard open auth requests in adhoc mode

reject open auth requests when shared key auth is configured

Obtained from: Atheros

add ieee80211_send_error to encapsulate an idiom

o always check if ic_set_tim is !NULL before using it
o add missing call to clear tim after flushing ps q

mark state for protection only when operating in 11g

don't reject station based on the PRIVACY bit in the capabilities;
the 802.11 spec says not to

Obtained from: Atheros

correct checks for rate set compatibility

record tstamp from beacons received in station mode when associated;
this is needed by drivers that want to resync their timers based on
the tsf of the last recv'd beacon frame

o collect dtim period+count from beacons in station mode so drivers
can better program beacon timers
o leave placeholder in com structure for future ap/adhoc mode tim support

Reviewed by: avatar

add force flag to enmic/demic crypto api for use in xmit fragmentation
and h/w mic verification

Reviewed by: avatar

change ieee80211_input to return the frame type or -1

when WPA is enabled discard association requests w/o a WPA ie

Submitted by: Divy Le Ray

eliminate use after free in debug code

Noticed by: Coverity Prevent analysis tool

kill dead code

Noticed by: Coverity Prevent analysis tool

mark timestamp for pending fragments

Noticed by: Jeffrey D. Chung

statically allocate the station/neighbor node table; the deferred
allocation scheme introduced a race condition during device state
transitions

when ssid suppression is enabled don't respond to probe requests
unless our ssid is specified

correct logic that caused beacon frames received in ibss mode to be
discarded when not scanning

move beacon/probe response counting down to after we've decided whether or
not we're going to process the frame; this makes the counters reflect frames
actually processes instead of received (discarded frames were already counted)

bump copyright for 2005

fixup inactivity timers:
o ic_inact_auth is a bad name, it's the inactivity threshold
for being associated but not authorized; use it that way
o reset ni_inact when switching inactivity thresholds to
minimize the race against the timer (don't want to lock
for this stuff)
o change the inactivity probe threshold from a one-shot to
cover a range: when below this threshold but not expired
send a probe each inactivity interval; should probably
guard against the interval being turned way down as this
could cause us to spam the net with probes

don't return prematurely from processing a beacon or probe response frame
when associated; this corrects a problem where doing a scan while associated
caused the associated ap to sometimes not be included in the scan set

change ieee80211_parse_wmeparams to return a unique value when the ie
is invalid so we can distinguish this from needing a parameter update;
fixes dynamic update of wme parameters

remove stray \n from debug msg

clear wep bit in 802.11 header after crypto decap so packet
capture doesn't see it

Update 802.11 support; too much new functionality to fully describe
here but it includes completed 802.11g, WPA, 802.11i, 802.1x, WME/WMM,
AP-side power-save, crypto plugin framework, authenticator plugin framework,
and access control plugin frameowrk.

Link ALTQ to the build and break with ABI for struct ifnet. Please recompile
your (network) modules as well as any userland that might make sense of
sizeof(struct ifnet).
This does not change the queueing yet. These changes will follow in a
seperate commit. Same with the driver changes, which need case by case
evaluation.

__FreeBSD_version bump will follow.

Tested-by: (i386)LINT

Change handling of probe response frames. Previously we always dropped the
refcnt on the node but left it in the node table. This allows the node table
to hold the results of scanned ap's but for ibss scans left nodes w/o any
driver-private state setup and/or a bad refcnt (when the nodes were timed
out they were prematurely discarded). Now we treat nodes identified for ap
scanning as before but force nodes discovered when scanning for ibss neighbors
to have complete/proper state and hold the refcnt on the node. Any other
nodes created because of these frames are discarded directly (need to optimize
this case to eliminate various work that's immediately discarded).

always free node reference when processing a probe request frame; was
conditionally doing an unref if operating in adhoc mode which turns
out to be wrong

track node allocation failure stats in ieee80211_alloc_node instead
of each caller

Obtained from: madwifi

when processing beacon/probe response frames capture "is probe" in a
variable to improve code legibility since we're going to use it more
in forthcoming mods

Obtained from: madwifi

add a case of IEEE80211_ELEMID_IBSSPARMS so the statistic on unknown
elements is more meaningful (will add more with WPA merge)

Obtained from: madwifi

when doing internal bridging free the node instead of just dropping the
reference for consistency (explicit refcounting is discouraged)

Obtained from: madwifi

when receiving a frame w/ a bad version number don't unref the node; the
driver is responsible for that

Obtained from: madwifi

Add support for FH phy, which will be used by awi driver.
Also some if_media constants to indicate operational mode are changed
to bitmasks to reduce diffs from NetBSD.

fix station mode breakage (repeat after me: "test every change, no
matter how small...")

add statistics for all failures and/or abnormal events; still need
to add per-node statistics

fixup debug msgs

Change input handling to not expect drivers to filter short frames.
In particular, let drivers send up control frames so we can dispatch
them to bpf in monitor mode.

This is the first (small) step to adding more functionality such as
power save mode.

MFp4 changes to fix locking issues and correct reference
count handling of station entries in hostap mode:

Input path:

o driver is now expected to find the node associated with the
sender of a received frame; use ic_bss if none is located
o driver passes the (referenced) node into ieee80211_input for
use within the wlan module and is responsible for cleaning up
on return
o the antenna state is no longer passed up with each frame; this
is now considered driver-private state and drivers are responsible
for keeping it in the driver-private part of a node

Output path:

Revamp output path for management frames to eliminate redundant
locking that causes problems and to correct reference counting
bogosity that occurs when stations are timed out due to inactivity
(in AP mode). On output the refcnt'd node is stashed in the pkthdr's
recvif field (yech) and retrieved by the driver. This eliminates
an unref/ref scenario and related node table unlock/lock due to the
driver looking up the node. This is particularly important when
stations are timed out as this causes a lock order reversal that
can result in a deadlock. As a byproduct we also reduce the overhead
for sending management frames (minimal). Additional fallout from
this is a change to ieee80211_encap to return a refcn't node for
tieing to the outbound frame. Node refcnts are not reclaimed until
after a frame is completely processed (e.g. in the tx interrupt
handler). This is especially important for timed out stations as
this deref will be the final one causing the node entry to be
reclaimed.

Additional semi-related changes:
o replace m_copym use with m_copypacket (optimization)
o add assert to verify ic_bss is never free'd during normal operation
o add comments explaining calling conventions by drivers for frames
going in each direction
o remove extraneous code that "cannot be executed" (e.g. because
pointers may never be null)

Use IEEE80211_RATE_MAXSIZE instead of IEEE80211_RATE_SIZE to validate the
rate set element id from an AP. This allows stations to associate with
AP's that violate the 802.11 spec by sending >8 rates. This corrects a
recent regression; older code did likewise.

add monitor mode

o change ieee80211_new_state handling to use a proper method that drivers
override in their sub-class; this eliminates the hack of interpreting the
EINPROGRESS return value to mean "don't do any of the normal work"
o correct active scanning so the first channel is only scanned once and so
per-channel passive mode is properly honored
o expose 802.11 FSM state names so every driver doesn't keep a private copy
o eliminate node parameter to ieee80211_begin_scan; it was not being used

revise copyright notices per discussion with Atsushi Onoe <onoe@sm.sony.co.jp>

add comment

fix tcpdump -y IEEE802_11; NBPFILTER was a holdover from netbsd compatibility

new 802.11 layer:

o code reorg (relative to old netbsd-derived code) for future growth
o drivers now specify available channels and rates and 802.11 layer handles
almost all ifmedia actions
o multi-mode support for 11a/b/g devices
o 11g protocol additions (incomplete)
o new element id additions (for other than 11g)
o node/station table redone for proper locking and to eliminate driver
incestuousness
o split device flags and capabilities to reduce confusion and provide room
for expansion
o incomplete power management infrastructure (need to revisit)
o incomplete hooks for software retry
o more...