MFC r343699:
net80211: do not setup Tx parameters for unsupported modes.

That should shorten 'ifconfig <wlan> list txparam' output since
unsupported modes will not be shown.

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

sys/net*: minor spelling fixes.

No functional change.

net80211: hide subtype mask & shift in function call.

Hide subtype mask/shift (which is used for index calculation
in ieee80211_mgt_subtype_name[] array) in function call.

Tested with RTL8188CUS, STA mode.

Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D5369

net80211: provide descriptions for reason codes

Add text description for deauth/disassoc/etc reason codes
in addition to 'reason: <number>' string.

Reviewed by: adrian
Obtained from: IEEE Std 802.11-2012, 8.4.1.7 "Reason Code field"
Differential Revision: https://reviews.freebsd.org/D5367

net80211: enable software beacon miss timer in SLEEP state

Tested with WUSB54GC, STA mode (w/ power saving enabled)

Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D5545

net80211: fix scanning after D5145 (PR 197498 related)

- In case, when we are doing <smth> -> INIT (FEXT_REINIT) -> <smth2>
state transition, cancel_scan() may be called in the first transition.
Reenqueue second state transition, so things will be executed in order.
- Discard any AUTH+ state transition request when INIT -> SCAN
transition is not done.
- Allow to track discarded state transitions via 'state' debugging
category.

Tested with:
* RTL8188EU, HOSTAP mode.
* RTL8188CUS, STA mode.
* Intel 3945BG, IBSS and STA modes.

PR: 197498
Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5482

net80211: add few missing subtype names.

- Add definitions for Timing Advertisement and Control Wrapper frames.
- Refresh ieee80211_mgt_subtype_name and ieee80211_ctl_subtype_name
arrays.
- Count Timing Advertisement frames as discarded management frames in all
modes.

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D5331

These files were getting sys/malloc.h and vm/uma.h with header pollution
via sys/mbuf.h

net80211: add ieee80211_restart_all() call.

This call may be used when device cannot continue to operate normally
(e.g., throws firmware error, watchdog timer expires)
and need to be restarted.

Approved by: adrian (mentor)
Differential Revision: https://reviews.freebsd.org/D3998

Defer calling into the driver to update the QOS (WME) configuration.

This gets called from the driver RX path which leads to driver re-entry.

Remove duplicate use of RV(), LE_* and other macros.

Submitted by: Andriy Voskoboinyk <s3erios@gmail.com>
Differential Revision: https://reviews.freebsd.org/D3705

Replay r286410. Change KPI of how device drivers that provide wireless
connectivity interact with the net80211 stack.

Historical background: originally wireless devices created an interface,
just like Ethernet devices do. Name of an interface matched the name of
the driver that created. Later, wlan(4) layer was introduced, and the
wlanX interfaces become the actual interface, leaving original ones as
"a parent interface" of wlanX. Kernelwise, the KPI between net80211 layer
and a driver became a mix of methods that pass a pointer to struct ifnet
as identifier and methods that pass pointer to struct ieee80211com. From
user point of view, the parent interface just hangs on in the ifconfig
list, and user can't do anything useful with it.

Now, the struct ifnet goes away. The struct ieee80211com is the only
KPI between a device driver and net80211. Details:

- The struct ieee80211com is embedded into drivers softc.
- Packets are sent via new ic_transmit method, which is very much like
the previous if_transmit.
- Bringing parent up/down is done via new ic_parent method, which notifies
driver about any changes: number of wlan(4) interfaces, number of them
in promisc or allmulti state.
- Device specific ioctls (if any) are received on new ic_ioctl method.
- Packets/errors accounting are done by the stack. In certain cases, when
driver experiences errors and can not attribute them to any specific
interface, driver updates ic_oerrors or ic_ierrors counters.

Details on interface configuration with new world order:
- A sequence of commands needed to bring up wireless DOESN"T change.
- /etc/rc.conf parameters DON'T change.
- List of devices that can be used to create wlan(4) interfaces is
now provided by net.wlan.devices sysctl.

Most drivers in this change were converted by me, except of wpi(4),
that was done by Andriy Voskoboinyk. Big thanks to Kevin Lo for testing
changes to at least 8 drivers. Thanks to pluknet@, Oliver Hartmann,
Olivier Cochard, gjb@, mmoll@, op@ and lev@, who also participated in
testing.

Reviewed by: adrian
Sponsored by: Netflix
Sponsored by: Nginx, Inc.

Reset the channel to the first available channel if the interface
is configured on a channel that isn't valid in the new operating mode.

This isn't strictly true - it should find the first channel that is
available for the given operating mode.

However, I think defaulting to the first channel is fine - it's typically
available for all modes.

If someone would like to correctly implement this feature - try to
find a channel that is valid for the given operating mode and error
out if we can't find one.

This prevents various NICs (eg wpi(4)) from throwing a firmware error.

Tested:

* ath(4), STA/AP mode
* iwn(4), STA/adhoc mode

PR: kern/202502
Submitted by: Andriy Voskoboinyk <s3erios@gmail.com>

Revert the wifi ifnet changes until things are more baked and tested.

* 286410
* 286413
* 286416

The initial commit broke a variety of debug and features that aren't
in the GENERIC kernels but are enabled in other platforms.

Change KPI of how device drivers that provide wireless connectivity interact
with the net80211 stack.

Historical background: originally wireless devices created an interface,
just like Ethernet devices do. Name of an interface matched the name of
the driver that created. Later, wlan(4) layer was introduced, and the
wlanX interfaces become the actual interface, leaving original ones as
"a parent interface" of wlanX. Kernelwise, the KPI between net80211 layer
and a driver became a mix of methods that pass a pointer to struct ifnet
as identifier and methods that pass pointer to struct ieee80211com. From
user point of view, the parent interface just hangs on in the ifconfig
list, and user can't do anything useful with it.

Now, the struct ifnet goes away. The struct ieee80211com is the only
KPI between a device driver and net80211. Details:

- The struct ieee80211com is embedded into drivers softc.
- Packets are sent via new ic_transmit method, which is very much like
the previous if_transmit.
- Bringing parent up/down is done via new ic_parent method, which notifies
driver about any changes: number of wlan(4) interfaces, number of them
in promisc or allmulti state.
- Device specific ioctls (if any) are received on new ic_ioctl method.
- Packets/errors accounting are done by the stack. In certain cases, when
driver experiences errors and can not attribute them to any specific
interface, driver updates ic_oerrors or ic_ierrors counters.

Details on interface configuration with new world order:
- A sequence of commands needed to bring up wireless DOESN"T change.
- /etc/rc.conf parameters DON'T change.
- List of devices that can be used to create wlan(4) interfaces is
now provided by net.wlan.devices sysctl.

Most drivers in this change were converted by me, except of wpi(4),
that was done by Andriy Voskoboinyk. Big thanks to Kevin Lo for testing
changes to at least 8 drivers. Thanks to Olivier Cochard, gjb@, mmoll@,
op@ and lev@, who also participated in testing. Details here:

https://wiki.freebsd.org/projects/ifnet/net80211

Still, drivers: ndis, wtap, mwl, ipw, bwn, wi, upgt, uath were not
tested. Changes to mwl, ipw, bwn, wi, upgt are trivial and chances
of problems are low. The wtap wasn't compilable even before this change.
But the ndis driver is complex, and it is likely to be broken with this
commit. Help with testing and debugging it is appreciated.

Differential Revision: D2655, D2740
Sponsored by: Nginx, Inc.
Sponsored by: Netflix

Change three methods in struct ieee80211com, namely ic_updateslot,
ic_update_mcast and ic_update_promisc, to pass pointer to the ieee80211com,
not to the ifnet.

Sponsored by: Netflix
Sponsored by: Nginx, Inc.

Convert malloc/free back to #define's, as part of OS portability work.

DragonflyBSD uses the FreeBSD wireless stack and drivers. Their malloc()
API is named differently, so they don't have userland/kernel symbol
clashes like we do (think libuinet.)

So, to make it easier for them and to port to other BSDs/other operating
systems, start hiding the malloc specific bits behind defines in
ieee80211_freebsd.h.

DragonflyBSD can now put these portability defines in their local
ieee80211_dragonflybsd.h.

This should be a great big no-op for everyone running wifi.

TODO:

* kill M_WAITOK - some platforms just don't want you to use it
* .. and/or handle it returning NULL rather than waiting forever.
* MALLOC_DEFINE() ?
* Migrate the well-known malloc names (eg M_TEMP) to net80211
namespace defines.

Use name from ieee80211com instead of parent ifnet, in debugging printfs.

Sponsored by: Netflix
Sponsored by: Nginx, Inc.

CALLOUT_MPSAFE has lost its meaning since r141428, i.e., for more than ten
years for head. However, it is continuously misused as the mpsafe argument
for callout_init(9). Deprecate the flag and clean up callout_init() calls
to make them more consistent.

Differential Revision: https://reviews.freebsd.org/D2613
Reviewed by: jhb
MFC after: 2 weeks

Rename definition of IEEE80211_FC1_WEP to IEEE80211_FC1_PROTECTED.

The origin of WEP comes from IEEE Std 802.11-1997 where it defines
whether the frame body of MAC frame has been encrypted using WEP
algorithm or not.
IEEE Std. 802.11-2007 changes WEP to Protected Frame, indicates
whether the frame is protected by a cryptographic encapsulation
algorithm.

Reviewed by: adrian, rpaulo

The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare
to this event, adding if_var.h to files that do need it. Also, include
all includes that now are included due to implicit pollution via if_var.h

Sponsored by: Netflix
Sponsored by: Nginx, Inc.

Fix a use-after-free node reference issue when waiting for a return
from a management frame transmission.

This bug is a bit loopy, so here goes.

The underlying cause is pretty easy to understand - the node isn't
referenced before passing into the callout, so if the node is deleted
before the callout fires, it'll dereference free'd memory.

The code path however is slightly more convoluted.

The functions _say_ mgt_tx - ie management transmit - which is partially
true. Yes, that callback is attached to the mbuf for some management
frames. However, it's only for frames relating to scanning and
authentication attempts. It helpfully drives the VAP state back to
"SCAN" if the transmission fails _OR_ (as I subsequently found out!)
if the transmission succeeds but the state machine doesn't make progress
towards being authenticated and active.

Now, the code itself isn't terribly clear about this.

It _looks_ like it's just handling the transmit failure case.

However, when you look at what goes on in the transmit success case, it's
moving the VAP state back to SCAN if it hasn't changed state since
the time the callback was scheduled. Ie, if it's in ASSOC or AUTH still,
it'll go back to SCAN. But if it has transitioned to the RUN state,
the comparison will fail and it'll not transition things back to the
SCAN state.

So, to fix this, I decided to leave everything the way it is and merely
fix the locking and remove the node reference.

The _better_ fix would be to turn this callout into a "assoc/auth request"
timeout callback and make the callout locked, thus eliminating all races.
However, until all the drivers have been fixed so that transmit completions
occur outside of any locking that's going on, it's going to be impossible
to do this without introducing LORs. So, I leave some of the evilness
in there.

Tested:

* AR5212, ath(4), STA mode
* 5100 and 4965 wifi, iwn(4), STA mode

Replace the homegrown implementation of nitems() with calls to nitems()
(param.h).

Operating systems that don't have nitems() can easily define it on their own
net80211 OS-specific header file.

Discussed with: adrian

Convert net80211 over to using if_transmit for the dispatch from the
upper layer(s).

This eliminates the if_snd queue from net80211. Yay!

This unfortunately has a few side effects:

* It breaks ALTQ to net80211 for now - sorry everyone, but fixing
parallelism and eliminating the if_snd queue is more important
than supporting this broken traffic scheduling model. :-)

* There's no VAP and IC flush methods just yet - I think I'll add
some NULL methods for now just as placeholders.

* It reduces throughput a little because now net80211 will drop packets
rather than buffer them if the driver doesn't do its own buffering.
This will be addressed in the future as I implement per-node software
queues.

Tested:

* ath(4) and iwn(4) in STA operation

if_start() is being used here as a way of kick-starting the new queue
processing. For if_transmit() style hardware drivers (which none publicly
exist yet, for wireless) they will need to still implement if_start()
but only to re-start the TX queue.

Update the aggressive mode logic to also enable aggressive mode
parameters in IBSSes.

IBSS was just being plainly ignored here even though aggressive mode
was 'on'.

This still doesn't fix the "why are the WME parameters reset upon
interface down/up" issue.

PR: kern/165969

Create a new task to handle 802.11n channel width changes.

Currently, a channel width change updates the 802.11n HT info data in
net80211 but it doesn't trigger any device changes. So the device
driver may decide that HT40 frames can be transmitted but the last
device channel set only had HT20 set.

Now, a task is scheduled so a hardware reset or change isn't done
during any active ongoing RX. It also means that it's serialised
with the other task operations (eg channel change.)

This isn't the final incantation of this work, see below.

For now, any unmodified drivers will simply receive a channel
change log entry. A subsequent patch to ath(4) will introduce
some basic channel change handling (by resetting the NIC.)
Other NICs may need to update their rate control information.

TODO:

* There's still a small window at the present moment where the
channel width has been updated but the task hasn't been fired.
The final version of this should likely pass in a channel width
field to the driver and let the driver atomically do whatever
it needs to before changing the channel.

PR: kern/166286

Although it's documented that the vap newstate call can drop the
comlock, I'd like to find and analyse these cases to see if they
really are valid.

So, throw in a lock here and wait for the (hopefully!) inevitable
complaints.

Fix a panic in the wifi stack when a software beacon miss occurs in the wrong state.

The ieee80211_swbmiss() callout is not called with the ic lock held, so it's
quite possible the scheduler will run the callout during a state change.

This patch:

* changes the swbmiss callout to be locked by the ic lock
* enforces the ic lock being held across the beacon vap functions
by grabbing it inside beacon_miss() and beacon_swmiss().

This ensures that the ic lock is held (and thus the VAP state
stays constant) during beacon miss and software miss processing.
Since the callout is removed whilst the ic lock is held, it also
ensures that the ic lock can't be called during a state change
or exhibit any race conditions seen above.

Both Edgar and Joel report that this patch fixes the crash and
doesn't introduce new issues.

Reported by: Edgar Martinez <emartinez@kbcnetworks.com>
Reported by: Joel Dahl <joel@vnode.se>
Reported by: emaste

Fix brokenness introduced by my last commit.

Approved by: re (implicit)

This sets the BSS channel for each VAP for the given interface.
It's only relevant in STA mode.

The CSA forces a channel switch for the interface, but doesn't update
the VAP channel.

Approved by: re (bz)

Fix a WME corner case found by the FreeBSD 802.11n testing crew.

The symptom: sometimes 11n (and non-11n) throughput is great.
Sometimes it isn't. Much teeth gnashing occured, and much kernel
bisecting happened, until someone figured out it was the order
of which things were rebooted, not the kernel versions.
(Which was great news to me, it meant that I hadn't broken if_ath.)

What we found was that sometimes the WME parameters for the best-effort
queue had a burst window ("txop") in which the station would be allowed
to TX as many packets as it could fit inside that particular burst
window. This improved throughput.

After initially thinking it was a bug - the WME parameters for the
best-effort queue -should- have a txop of 0, Bernard and I discovered
"aggressive mode" in net80211 - where the WME BE queue parameters
are changed if there's not a lot of high priority traffic going on.
The WME parameters announced in the association response and beacon
frames just "change" based on what the current traffic levels are.
So in fact yes, the STA was acutally supposed to be doing this higher
throughput stuff as it's just meant to be configuring things based on
the WME parameters - but it wasn't.

What was eventually happening was this:

* at startup, the wme qosinfo count field would be 0;
* it'd be parsed in ieee80211_parse_wmeparams();
* and it would be bumped (to say 10);
* .. and the WME queue parameters would be correctly parsed and set.

But then, when you restarted the assocation (eg hostap goes away and
comes back with the same qosinfo count field of 10, or if you
destroy the sta VIF and re-create it), the WME qosinfo count field -
which is associated not to the VIF, but to the main interface -
wouldn't be cleared, so the queue default parameters would be used
(which include no burst setting for the BE queue) and would remain
that way until the hostap qosinfo count field changed, or the STA
was actually rebooted.

This fix simply cleares the wme capability field (which has the count
field) to 0, forcing it to be reset by the next received beacon.

Thanks go to Milu for finding it and helping me track down what was
going on, and Bernard Schmidt for working through the net80211 and
WME specific magic.

Add a new mgmt subtype "ACTION NO ACK" defined in 802.11n-2009, while here
clean up parts of the *_recv_mgmt() functions.
- make sure appropriate counters are bumped and debug messages are printed
- order the unhandled subtypes by value and add a few missing ones
- fix some whitespace nits
- remove duplicate code in adhoc_recv_mgmt()
- remove a useless comment, probably left in while c&p

Default to the lowest negotiated rate for mgmt/multicast traffic in 11n mode

The current code transmits management and multicast frames at MCS 0.
What it should do is check whether the negotiated basic set is zero (and
the MCS set is not) before making this decision.

For now, simply default to the lowest negotiated rate, rather than
MCS 0. This fixes the behaviour with at least the DLINK DIR-825, which
ACKs but silently ignores block-ack (BA) response frames.

fixes a broken software beacon miss handler. There is a race to check
vap->iv_bmiss_count == 0 in ieee80211_swbmiss because iv_swbmiss_task is
enqueued by taskqueue.

Reviewed by: rpaulo

Implementation of the upcoming Wireless Mesh standard, 802.11s, on the
net80211 wireless stack. This work is based on the March 2009 D3.0 draft
standard. This standard is expected to become final next year.
This includes two main net80211 modules, ieee80211_mesh.c
which deals with peer link management, link metric calculation,
routing table control and mesh configuration and ieee80211_hwmp.c
which deals with the actually routing process on the mesh network.
HWMP is the mandatory routing protocol on by the mesh standard, but
others, such as RA-OLSR, can be implemented.

Authentication and encryption are not implemented.

There are several scripts under tools/tools/net80211/scripts that can be
used to test different mesh network topologies and they also teach you
how to setup a mesh vap (for the impatient: ifconfig wlan0 create
wlandev ... wlanmode mesh).

A new build option is available: IEEE80211_SUPPORT_MESH and it's enabled
by default on GENERIC kernels for i386, amd64, sparc64 and pc98.

Drivers that support mesh networks right now are: ath, ral and mwl.

More information at: http://wiki.freebsd.org/WifiMesh

Please note that this work is experimental. Also, please note that
bridging a mesh vap with another network interface is not yet supported.

Many thanks to the FreeBSD Foundation for sponsoring this project and to
Sam Leffler for his support.
Also, I would like to thank Gateworks Corporation for sending me a
Cambria board which was used during the development of this project.

Reviewed by: sam
Approved by: re (kensmith)
Obtained from: projects/mesh11s

o station mode channel switch support
o IEEE80211_IOC_CHANSWITCH fixups:
- restrict to hostap vaps
- return EOPNOTSUPP instead of EINVAL when applied to !hostap vap
or to a vap w/o 11h enabled
- interpret count of 0 to mean cancel the current CSA

Reviewed by: rpaulo, avatar

remove another vestige of the null if_softc on detach hack

Overhaul monitor mode handling:
o replace DLT_IEEE802_11 support in net80211 with DLT_IEEE802_11_RADIO
and remove explicit bpf support from wireless drivers; drivers now
use ieee80211_radiotap_attach to setup shared data structures that
hold the radiotap header for each packet tx/rx
o remove rx timestamp from the rx path; it was used only by the tdma support
for debugging and was mostly useless due to it being 32-bits and mostly
unavailable
o track DLT_IEEE80211_RADIO bpf attachments and maintain per-vap and
per-com state when there are active taps
o track the number of monitor mode vaps
o use bpf tap and monitor mode vap state to decide when to collect radiotap
state and dispatch frames; drivers no longer explicitly directly check
bpf state or use bpf calls to tap frames
o handle radiotap state updates on channel change in net80211; drivers
should not do this (unless they bypass net80211 which is almost always
a mistake)
o update various drivers to be more consistent/correct in handling radiotap
o update ral to include TSF in radiotap'd frames
o add promisc mode callback to wi

Reviewed by: cbzimmer, rpaulo, thompsa

Cancel the scan when going to INIT state. Should do this for other states here
too as once the protocol newstate handler runs the scan has always ended.

Relax the condition for printing the lost state transition message. The new
state will be set before the EXT_STATEWAIT flag is cleared and its ok to
transition again at that point.

Create a taskqueue for each wireless interface which provides a serialised
sleepable context for net80211 driver callbacks. This removes the need for USB
and firmware based drivers to roll their own code to defer the chip programming
for state changes, scan requests, channel changes and mcast/promisc updates.
When a driver callback completes the hardware state is now guaranteed to have
been updated and is in sync with net80211 layer.

This nukes around 1300 lines of code from the wireless device drivers making
them more readable and less race prone.

The net80211 layer has been updated as follows
- all state/channel changes are serialised on the taskqueue.
- ieee80211_new_state() always queues and can now be called from any context
- scanning runs from a single taskq function and executes to completion. driver
callbacks are synchronous so the channel, phy mode and rx filters are
guaranteed to be set in hardware before probe request frames are
transmitted.

Help and contributions from Sam Leffler.

Reviewed by: sam

split Atheros SuperG support out into it's own file that's included only
with a new IEEE80211_SUPPORT_SUPERG option

o reset aggressive mode flag; it was being left set after marking an
interface down
o only allow the first vap to initialize shared wme parameters

misc cleanup of wme parameter setting

Add modes for 1/2 and 1/4-width channels so we have separate roaming
and xmit parameters. This makes it possible to use tdma on fractional
channels.
o add IEEE80211_MODE_HALF and IEEE80211_MODE_QUARTER; note these are
band-agnostic (may need revisiting)
o setup all default rates in ic_sup_rates instead of doing it only
for active modes; we need these to calculate the default tx parameters
which are not recalculated after a regulatory update (can't just
recalculate after installing a new channel list because we might
clobber user settings)
o remove special case code in ieee80211_get_suprates; this is now
a candidate for an inline or removal
o add various entries for new modes (roaming+tx params, wme, rate
mapping, scan set setup, country ie construction, tdma, basic rates)

Note these modes are intentionally not visible through if_media.

use c99 initializers

o consolidate loops to eliminate assumptions about ordering of modes
o replace 0x80 by IEEE80211_RATE_MCS

Add a ieee80211_waitfor_parent() function that will wait for all deferred
parent interface tasks to complete. This had been added to the ioctl path but
it is also need elsewhere like detach so its safe to teardown.

Reported by: Hans Petter Selasky
Submitted by: sam

convert MALLOC/FREE to malloc/free

Revert the removal of the MALLOC and FREE macros from the net80211 code.

Requested by: sam

Retire the MALLOC and FREE macros. They are an abomination unto style(9).

MFC after: 3 months

Add ieee80211_suspend_all and ieee80211_resume_all for
brute force suspend/resume handling of vaps.

ignore sw beacon miss while scanning, just reset the beacon count and timer

Reviewed by: thompsa

Multi-bss (aka vap) support for 802.11 devices.

Note this includes changes to all drivers and moves some device firmware
loading to use firmware(9) and a separate module (e.g. ral). Also there
no longer are separate wlan_scan* modules; this functionality is now
bundled into the wlan module.

Supported by: Hobnob and Marvell
Reviewed by: many
Obtained from: Atheros (some bits)

update default wme parameters to latest WiFi test plans

Reviewed by: Allan Lim
MFC after: 3 days

sync 11n support with vap code base; many changes based on interop
testing with all major vendors

MFC after: 1 week

don't try to re-associate after a parameter change, too many ap's
don't do this right; instead go to the scan cache so we pass through
auth state (if the cache is warm we can do this w/o an actual scan)

MFC after: 1 week

mgmt subtype 13 is action

Approved by: re (blanket wireless)
MFC after: 2 weeks

Update beacon handling to sync w/ vap code base:
o add driver callback to handle notification of beacon changes;
this is required for devices that manage beacon frames themselves
(devices must override the default handler which does nothing)
o move beacon update-related flags from ieee80211com to the beacon
offsets storage (or handle however a driver wants)
o expand beacon offsets structure with members needed for 11h/dfs
and appie's
o change calling convention for ieee80211_beacon_alloc and
ieee80211_beacon_update
o add overlapping bss support for 11g; requires driver to pass
beacon frames from overlapping bss up to net80211 which is not
presently done by any driver
o move HT beacon contents update to a routine in the HT code area

Reviewed by: avatar, thompsa, sephe
Approved by: re (blanket wireless)

o add 802.11 state machine states for DFS and client-side power save
o fixup drivers to ignore new states

Reviewed by: avatar (?)
Approved by: re (blanket wireless)

Correct state machine handling of AUTH -> AUTH transitions that pass
through wpa_supplcant. If a sta is deauth'd (e.g. due to inactivity)
with roaming mode set to manual then a subsequent MLME assoc request
will be incorrectly handled and the station will never reauthenticate.
To fix this interpret a reason code of zero as sufficient to send an
auth request frame.

Update 802.11 wireless support:
o major overhaul of the way channels are handled: channels are now
fully enumerated and uniquely identify the operating characteristics;
these changes are visible to user applications which require changes
o make scanning support independent of the state machine to enable
background scanning and roaming
o move scanning support into loadable modules based on the operating
mode to enable different policies and reduce the memory footprint
on systems w/ constrained resources
o add background scanning in station mode (no support for adhoc/ibss
mode yet)
o significantly speedup sta mode scanning with a variety of techniques
o add roaming support when background scanning is supported; for now
we use a simple algorithm to trigger a roam: we threshold the rssi
and tx rate, if either drops too low we try to roam to a new ap
o add tx fragmentation support
o add first cut at 802.11n support: this code works with forthcoming
drivers but is incomplete; it's included now to establish a baseline
for other drivers to be developed and for user applications
o adjust max_linkhdr et. al. to reflect 802.11 requirements; this eliminates
prepending mbufs for traffic generated locally
o add support for Atheros protocol extensions; mainly the fast frames
encapsulation (note this can be used with any card that can tx+rx
large frames correctly)
o add sta support for ap's that beacon both WPA1+2 support
o change all data types from bsd-style to posix-style
o propagate noise floor data from drivers to net80211 and on to user apps
o correct various issues in the sta mode state machine related to handling
authentication and association failures
o enable the addition of sta mode power save support for drivers that need
net80211 support (not in this commit)
o remove old WI compatibility ioctls (wicontrol is officially dead)
o change the data structures returned for get sta info and get scan
results so future additions will not break user apps
o fixed tx rate is now maintained internally as an ieee rate and not an
index into the rate set; this needs to be extended to deal with
multi-mode operation
o add extended channel specifications to radiotap to enable 11n sniffing

Drivers:
o ath: add support for bg scanning, tx fragmentation, fast frames,
dynamic turbo (lightly tested), 11n (sniffing only and needs
new hal)
o awi: compile tested only
o ndis: lightly tested
o ipw: lightly tested
o iwi: add support for bg scanning (well tested but may have some
rough edges)
o ral, ural, rum: add suppoort for bg scanning, calibrate rssi data
o wi: lightly tested

This work is based on contributions by Atheros, kmacy, sephe, thompsa,
mlaier, kevlo, and others. Much of the scanning work was supported by
Atheros. The 11n work was supported by Marvell.

copyright updates:
o update to include 2007
o switch back to a 2-clause bsd-only license

Reviewed by: onoe

change ieee80211_fix_rate to take a rate set instead of using
ni_rates; this lets us re-use the code to check 11n HT rates

MFC after: 2 weeks

add ieee80211_opmode_name array for mapping the opmode to a string
for printing diagnostic msgs

MFC after: 2 weeks

Fix potential node refcnt leak. If mbufs are q'd on ic_mgtq when
the state machine clocks to INIT, node references are not reclaimed.
Add a new routine ieee80211_drain_ifq that does this and use it
instead of IF_DRAIN.

Submitted by: Sepherosa Ziehau
Obtained from: DragonFly
MFC after: 1 month

Correct several issues with rate set negotiation:
o add IEEE80211_F_JOIN flag to ieee80211_fix_rate to indicate a station
is joining a BSS; this is used to control whether or not we over-write
the basic rate bit in the calculated rate set
o fix ieee80211_fix_rate to honor IEEE80211_F_DODEL when IEEE80211_F_DONEGO
is not specified (e.g. when joining an ibss network)
o on sta join always delete unusable rates from the negotiated rate set,
this was being done only ibss networks but is also needed for 11g bss
with mixed stations
o on sta join delete unusable rates from the bss node's rate set, not the
scan table entry's rate set
o when calculating a rate set for new neighbors in an ibss caculate a
negotiated rate set so drivers are not presented with rates they should
not use

Submitted by: Sepherosa Ziehau (w/ modifications)
Obtained from: DragonFly
MFC after: 1 month

First cut at half/quarter-rate 11a channel support (e.g. for use
in the Public Safety Band):
o add channel flags to identify half/quarter-rate operation
o add rate sets (need to check spec on 4Mb/s in 1/4 rate)
o add if_media definitions for new rates
o split net80211 channel setup out into ieee80211_chan_init
o fixup ieee80211_mhz2ieee and ieee80211_ieee2mhz to understand half/quarter
rate channels: note we temporarily use a nonstandard/hack numbering that
avoids overlap with 2.4G channels because we don't (yet) have enough
state to identify and/or map overlapping channel sets
o fixup ieee80211_ifmedia_init so it can be called post attach and will
recalculate the channel list and associated state; this enables changing
channel-related state like the regulatory domain after attach (will be
needed for 802.11d support too)
o add ieee80211_get_suprates to return a reference to the supported rate
set for a given channel
o add 3, 4.5, and 27 MB/s tx rates to rate <-> media conversion routines
o const-poison channel arg to ieee80211_chan2mode

add support for 802.11 packet injection via bpf

Together with: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Reviewed by: arch@
MFC after: 1 month

fix switching between agressive and non-agressive wmm modes

Obtained from: atheros
MFC after: 3 days

when scanning channels marked passive defer probe request until
802.11 traffic is seen; fixes problems with ap's hiding their ssid

Obtained from: atheros
MFC after: 1 week

s/w beacon miss facility; need to add knobs to fiddle with the settings

MFC after: 2 weeks

enable "aggressive mode" only when operating in ap or station mode; in
particular this fixes use of wme in adhoc demo mode, it wasn't possible
to set the txop limit because the aggressive mode logic would override

Reviewed by: apatti
MFC after: 2 weeks

make packet bursting configurable (default to on if device is capable)

Add ieee80211_beacon_miss for processing sta mode beacon miss events
in the 802.11 layer: we send a directed probe request frame to the
current ap bmiss_max times (w/o answer) before scanning for a new ap.

MFC after: 2 weeks

add fixed rate for sending multicast frames

Obtained from: atheros
MFC after: 1 week

Clarify/fix handling of the current channel:
o add ic_curchan and use it uniformly for specifying the current
channel instead of overloading ic->ic_bss->ni_chan (or in some
drivers ic_ibss_chan)
o add ieee80211_scanparams structure to encapsulate scanning-related
state captured for rx frames
o move rx beacon+probe response frame handling into separate routines
o change beacon+probe response handling to treat the scan table
more like a scan cache--look for an existing entry before adding
a new one; this combined with ic_curchan use corrects handling of
stations that were previously found at a different channel
o move adhoc neighbor discovery by beacon+probe response frames to
a new ieee80211_add_neighbor routine

Reviewed by: avatar
Tested by: avatar, Michal Mertl
MFC after: 2 weeks

split xmit of probe request frame out into a separate routine that
takes explicit parameters; this will be needed when scanning is
decoupled from the state machine to do bg scanning

MFC after: 3 days

simplify ieee80211_node_authorize and ieee80211_node_unauthorize api's

MFC after: 3 days

simplify rate set api's by removing ic parameter (implicit in node reference)

MFC after: 3 days

o add IEEE80211_FRAG_DEFAULT
o move default settings for RTS and frag thresholds to ieee80211_var.h

diff reduction against p4: define IEEE80211_FIXED_RATE_NONE and use
it instead of -1

when operating in ap mode, explicitly drop associated/authenticated
stations when transitioning to INIT state (e.g. as a result of
changing state at the 802.11 level)

Approved by: re (scottl)

Don't clock the state machine in various cases when roaming is set
to manual; this helps keep wpa_supplicant in sync.

noop change so RUN->RUN transition isn't considered invalid
(it happens on ibss merge)

statically allocate the station/neighbor node table; the deferred
allocation scheme introduced a race condition during device state
transitions

when scanning is interrupted reset state so table entries go in the station
table and not the scan table

Noticed by: Tai-hwa Liang

bump copyright for 2005

do not clear the global key cache when reaching the INIT state

Update 802.11 support; too much new functionality to fully describe
here but it includes completed 802.11g, WPA, 802.11i, 802.1x, WME/WMM,
AP-side power-save, crypto plugin framework, authenticator plugin framework,
and access control plugin frameowrk.

Add a new network interface flag, IFF_NEEDSGIANT, which will allow
device drivers to declare that the ifp->if_start() method implemented
by the driver requires Giant in order to operate correctly.

Add a 'struct task' to 'struct ifnet' that can be used to execute a
deferred ifp->if_start() in the event that if_start needs to be called
in a Giant-free environment. To do this, introduce if_start(), a
wrapper function for ifp->if_start(). If the interface can run MPSAFE,
it directly dispatches into the interface start routine. If it can't
run MPSAFE, we're running with debug.mpsafenet != 0, and Giant isn't
currently held, the task is queued to execute in a swi holding Giant
via if_start_deferred().

Modify if_handoff() to use if_start() instead of direct dispatch.
Modify 802.11 to use if_start() instead of direct dispatch.

This is intended to provide increased compatibility for non-MPSAFE
network device drivers in the presence of Giant-free operation via
asynchronous dispatch. However, this commit does not mark any network
interfaces as IFF_NEEDSGIANT.

insure basic rate bit is set in derived rate set; this
works around a protocol/firmware problem with some versions found
in hermes/prism cards

o add support for controlling the power of transmitted frames
o add support for controlling the 11g protection mechanism used
to protect OFDM frames in a mixed 11b/g network

Reviewed by: imp

Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By: re (in principle)
Reviewed By: njl, imp
Tested On: i386, amd64, sparc64
Obtained From: NetBSD (if_xname)

parameterize locking to improve portability and possible
change to different locking strategies

Correct rate set negotiation when operating as a station: if the
AP has basic rates that we do not support then ignore them instead
of marking the rate set in error.

This fixes an 11b station associating with an 11g/b AP.

o change ieee80211_new_state handling to use a proper method that drivers
override in their sub-class; this eliminates the hack of interpreting the
EINPROGRESS return value to mean "don't do any of the normal work"
o correct active scanning so the first channel is only scanned once and so
per-channel passive mode is properly honored
o expose 802.11 FSM state names so every driver doesn't keep a private copy
o eliminate node parameter to ieee80211_begin_scan; it was not being used

revise copyright notices per discussion with Atsushi Onoe <onoe@sm.sony.co.jp>

new 802.11 layer:

o code reorg (relative to old netbsd-derived code) for future growth
o drivers now specify available channels and rates and 802.11 layer handles
almost all ifmedia actions
o multi-mode support for 11a/b/g devices
o 11g protocol additions (incomplete)
o new element id additions (for other than 11g)
o node/station table redone for proper locking and to eliminate driver
incestuousness
o split device flags and capabilities to reduce confusion and provide room
for expansion
o incomplete power management infrastructure (need to revisit)
o incomplete hooks for software retry
o more...