Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC r253639:
Add ieee80211_add_{qos,wpa,rsn}() functions since they are needed by an
OpenBSD driver that is being ported to FreeBSD.

MFC r229795:

Correct comment for the IPv6 case to say "traffic class" not "TOS"
as pointed out back in 2009.

Copy head to stable/9 as part of 9.0-RELEASE release cycle.

Approved by: re (implicit)

This patch fixes beacon frame sequence number generation. The code
didn't set a sequence number; it didn't show up earlier because the
hardware most people use for hostap (ie, AR5212 series stuff) sets the
sequence numbers up in hardware. Later hardware (AR5416, etc) which
can do 11n and aggregation require sequence numbers to be generated in
software.

Submitted by: paradyse@gmail.com
Approved by: re (kib)

Data frames sent over the mgmt path might be part of a TX aggr session
too. In that case don't fiddle with the seqno as drivers are supposed
to handle that.

Currently only the powersave feature does sent QoS-null-data frames
before and after a background scan which must be handled correctly. Due
to this being quite rare we don't fiddle around with starting of aggr
sessions.

We need in.h for both INET and INET6, as according to RFC 3493 it
defines struct in6_addr, which is needed by ip6_hdr used in here.

Reviewed by: gnn
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
MFC after: 5 days

When injecting frames a temporary node is faked, during this several
uses of ic_curchan occur. Due to the nature of a scan, switching
channels constantly and all this happening without any kind of locks
held, it might happen that ic_curchan points to nowhere leading to
panics. Fix this by not allowing frame injections while in SCAN state.

Tested by: Paul B. Mahol <onemda at gmail.com>

It is IEEE80211_SUPPORT_XXX not IEEE80211_XXX_SUPPORT.

The draft spec doesn't say beacon frames need to have a wildcard BSSID,
so remove the mesh code necessary for that.

MFC after: 2 days

Implement the missing support for updating the mesh conf number of
neighbors via ieee80211_beacon_notify().

MFC after: 3 days

revert OACTIVE part of r195845; instead fix the comment so it does not refer
to the old hack removed in r193312

Approved by: re (implicit)

o kill old code no longer needed after r193312
o count output packets+errors for frames sent through ieee80211_output

Approved by: re (kensmith)

More mesh bits, namely:
* bridge support (sam)
* handling of errors (sam)
* deletion of inactive routing entries
* more debug msgs (sam)
* fixed some inconsistencies with the spec.
* decap is now specific to mesh (sam)
* print mesh seq. no. on ifconfig list mesh
* small perf. improvements

Reviewed by: sam
Approved by: re (kib)

Implementation of the upcoming Wireless Mesh standard, 802.11s, on the
net80211 wireless stack. This work is based on the March 2009 D3.0 draft
standard. This standard is expected to become final next year.
This includes two main net80211 modules, ieee80211_mesh.c
which deals with peer link management, link metric calculation,
routing table control and mesh configuration and ieee80211_hwmp.c
which deals with the actually routing process on the mesh network.
HWMP is the mandatory routing protocol on by the mesh standard, but
others, such as RA-OLSR, can be implemented.

Authentication and encryption are not implemented.

There are several scripts under tools/tools/net80211/scripts that can be
used to test different mesh network topologies and they also teach you
how to setup a mesh vap (for the impatient: ifconfig wlan0 create
wlandev ... wlanmode mesh).

A new build option is available: IEEE80211_SUPPORT_MESH and it's enabled
by default on GENERIC kernels for i386, amd64, sparc64 and pc98.

Drivers that support mesh networks right now are: ath, ral and mwl.

More information at: http://wiki.freebsd.org/WifiMesh

Please note that this work is experimental. Also, please note that
bridging a mesh vap with another network interface is not yet supported.

Many thanks to the FreeBSD Foundation for sponsoring this project and to
Sam Leffler for his support.
Also, I would like to thank Gateworks Corporation for sending me a
Cambria board which was used during the development of this project.

Reviewed by: sam
Approved by: re (kensmith)
Obtained from: projects/mesh11s

do not strip M_MORE_DATA on packets coming through ieee80211_start;
frames coming out of the ps q may have this set and removing it
causes the 802.11 header to not indicate more frames follow which can
result in the sta going to sleep and missing them

teach ieee80211_classify about ipv6 packets

Reviewed by: bz, rrs

iv_flags_ext is full, make room by moving HT-related flags to a new
iv_flags_ht word

Fix spelling of MAC check for 8.x version of MAC Framework, not noticed due
to a lack of an opt_mac.h include, which I won't add for now as options MAC
will soon move to opt_global.h.

Spotted by: pjd

o station mode channel switch support
o IEEE80211_IOC_CHANSWITCH fixups:
- restrict to hostap vaps
- return EOPNOTSUPP instead of EINVAL when applied to !hostap vap
or to a vap w/o 11h enabled
- interpret count of 0 to mean cancel the current CSA

Reviewed by: rpaulo, avatar

Overhaul monitor mode handling:
o replace DLT_IEEE802_11 support in net80211 with DLT_IEEE802_11_RADIO
and remove explicit bpf support from wireless drivers; drivers now
use ieee80211_radiotap_attach to setup shared data structures that
hold the radiotap header for each packet tx/rx
o remove rx timestamp from the rx path; it was used only by the tdma support
for debugging and was mostly useless due to it being 32-bits and mostly
unavailable
o track DLT_IEEE80211_RADIO bpf attachments and maintain per-vap and
per-com state when there are active taps
o track the number of monitor mode vaps
o use bpf tap and monitor mode vap state to decide when to collect radiotap
state and dispatch frames; drivers no longer explicitly directly check
bpf state or use bpf calls to tap frames
o handle radiotap state updates on channel change in net80211; drivers
should not do this (unless they bypass net80211 which is almost always
a mistake)
o update various drivers to be more consistent/correct in handling radiotap
o update ral to include TSF in radiotap'd frames
o add promisc mode callback to wi

Reviewed by: cbzimmer, rpaulo, thompsa

Store the tx seq# of an 802.11 frame in the mbuf pkthdr; this will be
used for s/w retransmit schemes that want to access this information
w/o the overhead of decoding the raw frame. Note this also allows
drivers to record this information w/o writing the frame when the seq#
is obtained through an out-of-band mechanism (e.g. when a h/w assigned
seq# is reported in a descriptor on tx done notification).

Reviewed by: sephe, avatar

add IEEE80211_FEXT_4ADDR to indicate ieee80211_encap should do 4-address
encapsulation when relaying frames; this reduces the cost of the test and
enables use for situations other than "sta vap + dwds"

hoist ampdu tx aggregation setup from ieee80211_encap to ieee80211_start
where it was meant all along (the code was in encap because ampdu was
implemented pre vaps)

stash the node pointer in the mbuf before doing ff aggregration so this
is done in only one place

don't fragment ampdu aggregates

uniformly mark mbufs that pass through the tx path with M_MCAST; drivers
can now use this flag instead of inspecting the contents

add missing part of r191537 that should have read: hoist DLT_IEEE802_11
bpf tap from ieee80211_encap up to ieee80211_start

fix comment

add missing DLT_IEEE802_11 bpf tap in ieee80211_start

fixup ieee80211_output handling:
o correct bpf handling, send 'em to the right tap
o do accouting
o mark mbufs holding multicast frames

Change if_output to take a struct route as its fourth argument in order
to allow passing a cached struct llentry * down to L2

Reviewed by: rwatson

o add a capability for drivers that require 802.3 encapsulation of
frames passed down through the transmit path
o mark ndis requiring 802.3 encap'd frames

Reviewed by: "Paul B. Mahol" <onemda@gmail.com>, thompsa

fix whitespace

o update dwds mcast handling after hoisting ieee80211_encap: frames need
to be encapsulated before dispatching to the driver
o eliminate M_WDS now that we call ieee80211_encap directly and can supply
the wds vap to indicate a 4-address frame should be created

Hoist 802.11 encapsulation up into net80211:
o call ieee80211_encap in ieee80211_start so frames passed down to drivers
are already encapsulated
o remove ieee80211_encap calls in drivers
o fixup wi so it recreates the 802.3 head it requires from the 802.11
header contents
o move fast-frame aggregation from ath to net80211 (conditional on
IEEE80211_SUPPORT_SUPERG):
- aggregation is now done in ieee80211_start; it is enabled when the
packets/sec exceeds ieee80211_ffppsmin (net.wlan.ffppsmin) and frames
are held on a staging queue according to ieee80211_ffagemax
(net.wlan.ffagemax) to wait for a frame to combine with
- drivers must call back to age/flush the staging queue (ath does this
on tx done, at swba, and on rx according to the state of the tx queues
and/or the contents of the staging queue)
- remove fast-frame-related data structures from ath
- add ieee80211_ff_node_init and ieee80211_ff_node_cleanup to handle
per-node fast-frames state (we reuse 11n tx ampdu state)
o change ieee80211_encap calling convention to include an explicit vap
so frames coming through a WDS vap are recognized w/o setting M_WDS

With these changes any device able to tx/rx 3Kbyte+ frames can use fast-frames.

Reviewed by: thompsa, rpaulo, avatar, imp, sephe

Fix enough bits so that fast frames work again:
o include ath ie in beacon frames
o fix probe response check for including ath ie
o add ieee80211_add_athcap shorthand for ap-side ie additions

need to adjust htinfo offset when csa is inserted

adjust tdma ie offset when beacon frame contents changes

split Atheros SuperG support out into it's own file that's included only
with a new IEEE80211_SUPPORT_SUPERG option

Remove leftover comment because we now use a flag to check for associd.

Discussed with: sam

mark M_LASTFRAG at the last fragment.

Reviewed by: sam
MFC after: 3 weeks

TDMA support for long distance point-to-point links using ath devices:
o add net80211 support for a tdma vap that is built on top of the
existing adhoc-demo support
o add tdma scheduling of frame transmission to the ath driver; it's
conceivable other devices might be capable of this too in which case
they can make use of the 802.11 protocol additions etc.
o add minor bits to user tools that need to know: ifconfig to setup and
configure, new statistics in athstats, and new debug mask bits

While the architecture can support >2 slots in a TDMA BSS the current
design is intended (and tested) for only 2 slots.

Sponsored by: Intel

follow prevailing style

Replace adhoc checks in ieee80211_start with a per-node flag that
indicates if an association id is required before outbound traffic
is permitted. This cleans up the previous change that broke mcast
traffic "to the stack" in ap mode as a side effect.

Reviewed by: sephe, thompsa, weongyo

convert calls to IFQ_HANDOFF to if_transmit

New ap-side power save implementation; the main change is to allow drivers
to queue frames previously encapsulated on a separate high priority list
that is dispatched before the unencapsulated frames (to preserve order).

introduce M_ENCAP flag to mark packets encapsulated w/ an 802.11 header

fix comment that belonged w/ previous commit

change ieee80211_send_probereq to supply raw xmit parameters so it can
control how frames are handled by the driver

change ieee80211_send_nulldata to send a QoS Null Data frame to a
QoS-enabled station; this makes inactivity handling follow the spec
as previously it would probe inactive stations w/ a Null Data (no QoS)
data frame

o change ieee80211_mgmt_output to take a raw xmit parameters block so
the net80211 layer has complete control over the handling of mgt frames
(in particular, the ac, tx rate, and retry count); this also allows us
to purge the M_LINK0 flag that was attached to mbufs to mark them as
needing encryption for shared key auth
o change ieee80211_send_setup to take a tid parameter so it can be used
to setup QoS frames

fix old merge botch that causes gaps in the tx seq# space for QoS frames

fix associd check for adhoc mode

Reviewed by: jhay

Cleanup AMPDU handling:

For receive:
o explicitly tag rx frames w/ M_AMPDU instead of passing frames through
the reorder processing according to the node having HT and the frame
being QoS data
o relax ieee80211_ampdu_reorder asserts to allow any frame to be passed
in, unsuitable frames are returned to the caller for normal processing;
this permits drivers that cannot inspect the PLCP to mark all data
frames as potential ampdu candidates with only a small penalty
o add M_AMPDU_MPDU to identify frames resubmitted from the reorder q

For transmit:
o tag aggregation candidates with M_AMPDU_MPDU
o fix the QoS ack policy set in ampdu subframes; we only support immediate
BA streams which should be marked for "normal ack" to get implicit block
ack behaviour; interestingly certain vendor parts BA'd frames with the
11e BA ack policy set
o do not assign a sequence # to aggregation candidates; this must be done
when frames are submitted for transmit (NB: this can/will be handled
better when aggregation is pulled up to net80211)

reorder RSN/WPA2 ie in beacon and probe response frames to comply
with IEEE802.11-2007 spec

Submitted by: Chris Zimmermann

Split s/w crypt/mic attributes to allow future hackery; this change
should be a noop.

Multi-bss (aka vap) support for 802.11 devices.

Note this includes changes to all drivers and moves some device firmware
loading to use firmware(9) and a separate module (e.g. ral). Also there
no longer are separate wlan_scan* modules; this functionality is now
bundled into the wlan module.

Supported by: Hobnob and Marvell
Reviewed by: many
Obtained from: Atheros (some bits)

Add padding for anticipated functionality
- vimage
- TOE
- multiq
- host rtentry caching

Rename spare used by 80211 to if_llsoftc

Reviewed by: rwatson, gnn
MFC after: 1 day

correct WMM packet classification:
o use TID_TO_WME_AC on vlan tag priority
o ignore ECN bits in DSCP when mapping IP TOS and use TID_TO_WME_AC

MFC after: 3 days

sync 11n support with vap code base; many changes based on interop
testing with all major vendors

MFC after: 1 week

honor IEEE80211_C_TXFRAG; drivers should never get fragmented packets
unless they indicate they're able to handle them

Approved by: re (blanket wireless)

tag mgmt and null data frames w/ a WME priority so drivers can assume
only data frames require classification

Approved by: re (blanket wireless)

Update beacon handling to sync w/ vap code base:
o add driver callback to handle notification of beacon changes;
this is required for devices that manage beacon frames themselves
(devices must override the default handler which does nothing)
o move beacon update-related flags from ieee80211com to the beacon
offsets storage (or handle however a driver wants)
o expand beacon offsets structure with members needed for 11h/dfs
and appie's
o change calling convention for ieee80211_beacon_alloc and
ieee80211_beacon_update
o add overlapping bss support for 11g; requires driver to pass
beacon frames from overlapping bss up to net80211 which is not
presently done by any driver
o move HT beacon contents update to a routine in the HT code area

Reviewed by: avatar, thompsa, sephe
Approved by: re (blanket wireless)

drop frames marked for encryption when no key is available

Reviewed by: avatar
Approved by: re (kensmith)
Obtained from: madwifi

Update 802.11 wireless support:
o major overhaul of the way channels are handled: channels are now
fully enumerated and uniquely identify the operating characteristics;
these changes are visible to user applications which require changes
o make scanning support independent of the state machine to enable
background scanning and roaming
o move scanning support into loadable modules based on the operating
mode to enable different policies and reduce the memory footprint
on systems w/ constrained resources
o add background scanning in station mode (no support for adhoc/ibss
mode yet)
o significantly speedup sta mode scanning with a variety of techniques
o add roaming support when background scanning is supported; for now
we use a simple algorithm to trigger a roam: we threshold the rssi
and tx rate, if either drops too low we try to roam to a new ap
o add tx fragmentation support
o add first cut at 802.11n support: this code works with forthcoming
drivers but is incomplete; it's included now to establish a baseline
for other drivers to be developed and for user applications
o adjust max_linkhdr et. al. to reflect 802.11 requirements; this eliminates
prepending mbufs for traffic generated locally
o add support for Atheros protocol extensions; mainly the fast frames
encapsulation (note this can be used with any card that can tx+rx
large frames correctly)
o add sta support for ap's that beacon both WPA1+2 support
o change all data types from bsd-style to posix-style
o propagate noise floor data from drivers to net80211 and on to user apps
o correct various issues in the sta mode state machine related to handling
authentication and association failures
o enable the addition of sta mode power save support for drivers that need
net80211 support (not in this commit)
o remove old WI compatibility ioctls (wicontrol is officially dead)
o change the data structures returned for get sta info and get scan
results so future additions will not break user apps
o fixed tx rate is now maintained internally as an ieee rate and not an
index into the rate set; this needs to be extended to deal with
multi-mode operation
o add extended channel specifications to radiotap to enable 11n sniffing

Drivers:
o ath: add support for bg scanning, tx fragmentation, fast frames,
dynamic turbo (lightly tested), 11n (sniffing only and needs
new hal)
o awi: compile tested only
o ndis: lightly tested
o ipw: lightly tested
o iwi: add support for bg scanning (well tested but may have some
rough edges)
o ral, ural, rum: add suppoort for bg scanning, calibrate rssi data
o wi: lightly tested

This work is based on contributions by Atheros, kmacy, sephe, thompsa,
mlaier, kevlo, and others. Much of the scanning work was supported by
Atheros. The 11n work was supported by Marvell.

copyright updates:
o update to include 2007
o switch back to a 2-clause bsd-only license

Reviewed by: onoe

keep tx/rx seq #'s for non-QoS traffic separate from QoS; stations
aren't supposed mix traffic but if they did frames might be mis-handled

Obtained from: Atheros
MFC after: 2 weeks

add IEEE80211_KEY_UNDEFINED and use it instead of local defs

Obtained from: netbsd

First cut at half/quarter-rate 11a channel support (e.g. for use
in the Public Safety Band):
o add channel flags to identify half/quarter-rate operation
o add rate sets (need to check spec on 4Mb/s in 1/4 rate)
o add if_media definitions for new rates
o split net80211 channel setup out into ieee80211_chan_init
o fixup ieee80211_mhz2ieee and ieee80211_ieee2mhz to understand half/quarter
rate channels: note we temporarily use a nonstandard/hack numbering that
avoids overlap with 2.4G channels because we don't (yet) have enough
state to identify and/or map overlapping channel sets
o fixup ieee80211_ifmedia_init so it can be called post attach and will
recalculate the channel list and associated state; this enables changing
channel-related state like the regulatory domain after attach (will be
needed for 802.11d support too)
o add ieee80211_get_suprates to return a reference to the supported rate
set for a given channel
o add 3, 4.5, and 27 MB/s tx rates to rate <-> media conversion routines
o const-poison channel arg to ieee80211_chan2mode

back out use of LLC_SNAPFRAMELEN now that sizeof(struct llc) isn't
padded on arm

sizeof(struct llc) includes padding on arm; use LLC_SNAPFRAMELEN for now

Submitted by: jhay
MFC after: 2 weeks

Move ethernet VLAN tags from mtags to its own mbuf packet header field
m_pkthdr.ether_vlan. The presence of the M_VLANTAG flag on the mbuf
signifies the presence and validity of its content.

Drivers that support hardware VLAN tag stripping fill in the received
VLAN tag (containing both vlan and priority information) into the
ether_vtag mbuf packet header field:

m->m_pkthdr.ether_vtag = vlan_id; /* ntohs()? */
m->m_flags |= M_VLANTAG;

to mark the packet m with the specified VLAN tag.

On output the driver should check the mbuf for the M_VLANTAG flag to
see if a VLAN tag is present and valid:

if (m->m_flags & M_VLANTAG) {
... = m->m_pkthdr.ether_vtag; /* htons()? */
... pass tag to hardware ...
}

VLAN tags are stored in host byte order. Byte swapping may be necessary.

(Note: This driver conversion was mechanic and did not add or remove any
byte swapping in the drivers.)

Remove zone_mtag_vlan UMA zone and MTAG_VLAN definition. No more tag
memory allocation have to be done.

Reviewed by: thompsa, yar
Sponsored by: TCP/IP Optimization Fundraise 2005

add per-sta ucast/mcast stats

MFC after: 1 week

add support for 802.11 packet injection via bpf

Together with: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
Reviewed by: arch@
MFC after: 1 month

when doing s/w crypto make sure work is done w/ a writable mbuf chain;
this corrects problems with drivers that rely on the host to do
crypto (iwi, ipw, ral, ural, wi (hostap), awi)

Hard work by: luigi, mlaier
Reviewed by: luigi, mlaier
MFC after: 1 week

consolidate calculation of capabilities ie

Reviewed by: avatar
MFC after: 2 weeks

set the mgt frame tx timer before dispatching the frame to the
driver; this closes a race where a response could be processed
before the timer was started and cause a RUN->SCAN state change
when operating in station mode

Reviewed by: avatar, dyoung
MFC after: 1 week

update erp information element in the beacon frame to reflect
changes in the bss

Reviewed by: avatar
Obtained from: atheros
MFC after: 2 weeks

correct handling of dtim for periods > 1

Obtained from: madwifi

Retire MT_HEADER mbuf type and change its users to use MT_DATA.

Having an additional MT_HEADER mbuf type is superfluous and redundant
as nothing depends on it. It only adds a layer of confusion. The
distinction between header mbuf's and data mbuf's is solely done
through the m->m_flags M_PKTHDR flag.

Non-native code is not changed in this commit. For compatibility
MT_HEADER is mapped to MT_DATA.

Sponsored by: TCP/IP Optimization Fundraise 2005

Clarify/fix handling of the current channel:
o add ic_curchan and use it uniformly for specifying the current
channel instead of overloading ic->ic_bss->ni_chan (or in some
drivers ic_ibss_chan)
o add ieee80211_scanparams structure to encapsulate scanning-related
state captured for rx frames
o move rx beacon+probe response frame handling into separate routines
o change beacon+probe response handling to treat the scan table
more like a scan cache--look for an existing entry before adding
a new one; this combined with ic_curchan use corrects handling of
stations that were previously found at a different channel
o move adhoc neighbor discovery by beacon+probe response frames to
a new ieee80211_add_neighbor routine

Reviewed by: avatar
Tested by: avatar, Michal Mertl
MFC after: 2 weeks

Cleanup beacon/listen interval handling:
o separate configured beacon interval from listen interval; this
avoids potential use of one value for the other (e.g. setting
powersavesleep to 0 clobbers the beacon interval used in hostap
or ibss mode)
o bounds check the beacon interval received in probe response and
beacon frames and drop frames with bogus settings; not clear
if we should instead clamp the value as any alteration would
result in mismatched sta+ap configuration and probably be more
confusing (don't want to log to the console but perhaps ok with
rate limiting)
o while here up max beacon interval to reflect WiFi standard

Noticed by: Martin <nakal@nurfuerspam.de>
MFC after: 1 week

close a race between reclaiming a node when a station is inactive
and sending the null data frame used to probe inactive stations

MFC after: 5 days

split xmit of probe request frame out into a separate routine that
takes explicit parameters; this will be needed when scanning is
decoupled from the state machine to do bg scanning

MFC after: 3 days

split 802.11 frame xmit setup code into ieee80211_send_setup

MFC after: 3 days

simplify tim callback api

MFC after: 3 days

simplify ieee80211_node_authorize and ieee80211_node_unauthorize api's

MFC after: 3 days

simplifiy ieee80211_send_nulldata api

MFC after: 3 days

Fix handling of data frames queued for a station in power save mode:
don't mark the MORE_DATA bit when taking it off the ps queue, there's
no 802.11 header then; we must wait to do this at encap time so
mark the mbuf instead.

Reviewed by: avatar
Approved by: re (scottl)
Obtained from: Atheros

mark stations authorized during recv processing instead of doing it
as a side effect of sending an auth success frame; sending mgmt
frames should not have side effects

WPA/802.11i interoperability fixes:
o only include capabilities word in the WPA ie when non-zero and
not preauth
o always include the capabilities in the RSN ie

Obtained from: Atheros

add force flag to enmic/demic crypto api for use in xmit fragmentation
and h/w mic verification

Reviewed by: avatar

don't include wme ie in probe request frames; it was meant for probe response
frames--move it there

Noticed by: Ghislain Mary
Submitted by: Michael Wong

correct comparison for null ptr

Noticed by: Coverity Prevent analysis tool

rev 1.19 fixed wpa supplicant but broke wpa authenticator; when operating
as an authenticator need to always check for the unicast key in the node
(as was the case before)

Submitted by: Divy Le Ray

correct check for unicast key being setup; wpa_supplicant in particular
uses only the global key state so looking in the per-node key slot is wrong

Submitted by: Tai-hwa Liang

update node reference count debug msgs to include the node address
since the mac address may not be sufficient to uniquely identify a node

clear IEEE80211_F_WMEUPDATE when building the initial beacon frame so we
don't do an update on the first beacon

handle potential stale values of bssid in neighbor nodes that
can occur after an ibss merge

Submitted by: David Young

bump copyright for 2005

Relearn how WPA keying is supposed to work and fix WPA+WME while
we're at it:
o WPA/802.11i has a unicast key and a group key; in station mode
everything is sent with the unicast key--we were consulting the
destination mac address and incorrectly using the group key
o (perpetuate fallback use of the default tx key to maintain
compatibility with the way wpa_supplicant works)
o correct EAPOL encryption logic to check unicast key instead
of assuming other state implies this
o move QoS encapsulation up to before enmic work so TKIP has the
information required to calculate the pseudo-header
o do not do QoS-encapsulation of EAPOL frames as some ap's do the
wrong thing with such frames (may need to revisit this if ap's
start dropping non-QoS frames from stations assoc'd with QoS)
o move ieee80211_mbuf_adjust closer to its caller

fixup printf arguments for 64-bit machines

Update 802.11 support; too much new functionality to fully describe
here but it includes completed 802.11g, WPA, 802.11i, 802.1x, WME/WMM,
AP-side power-save, crypto plugin framework, authenticator plugin framework,
and access control plugin frameowrk.

Add a new network interface flag, IFF_NEEDSGIANT, which will allow
device drivers to declare that the ifp->if_start() method implemented
by the driver requires Giant in order to operate correctly.

Add a 'struct task' to 'struct ifnet' that can be used to execute a
deferred ifp->if_start() in the event that if_start needs to be called
in a Giant-free environment. To do this, introduce if_start(), a
wrapper function for ifp->if_start(). If the interface can run MPSAFE,
it directly dispatches into the interface start routine. If it can't
run MPSAFE, we're running with debug.mpsafenet != 0, and Giant isn't
currently held, the task is queued to execute in a swi holding Giant
via if_start_deferred().

Modify if_handoff() to use if_start() instead of direct dispatch.
Modify 802.11 to use if_start() instead of direct dispatch.

This is intended to provide increased compatibility for non-MPSAFE
network device drivers in the presence of Giant-free operation via
asynchronous dispatch. However, this commit does not mark any network
interfaces as IFF_NEEDSGIANT.

fix adhoc/ibss operation for drivers that require host support (e.g. ath):

o remove IEEE80211_C_RCVMGT capability
o on transmit craft new nodes as needed using new ieee80211_find_txnode routine
o add ieee80211_find_txnode routine to lookup a node by mac address and
if not present create one when operating in ibss/ahdemo mode; new nodes
are dup'd from bss and the driver is told to treat the node as if a new
association has been created so driver-private state (e.g. rate control
handling) is setup

Obtained from: netbsd (basic idea)

add statistics for all failures and/or abnormal events; still need
to add per-node statistics

include FH/DS parameters element in probe response frames

o add capability to indicate if device receives all management frames
o use recv mgmt capability to decide if outbound frames should be
discarded if no node table entry is present

Honor the short preamble capability/state flag when calculating the
capabilities for outbound management frames. But beware of sending
this when operating on 5GHz channels; some 11a AP's reject association
requests if this bit is set in the capabilities listed.

Obtained from: MADWIFI (with modifications)

o correct logic that checks frame size to decide if a cluaster is needed
o add an assertion to check the max possible packet size

Noticed by: David Young <dyoung@pobox.com>

MFp4 changes to fix locking issues and correct reference
count handling of station entries in hostap mode:

Input path:

o driver is now expected to find the node associated with the
sender of a received frame; use ic_bss if none is located
o driver passes the (referenced) node into ieee80211_input for
use within the wlan module and is responsible for cleaning up
on return
o the antenna state is no longer passed up with each frame; this
is now considered driver-private state and drivers are responsible
for keeping it in the driver-private part of a node

Output path:

Revamp output path for management frames to eliminate redundant
locking that causes problems and to correct reference counting
bogosity that occurs when stations are timed out due to inactivity
(in AP mode). On output the refcnt'd node is stashed in the pkthdr's
recvif field (yech) and retrieved by the driver. This eliminates
an unref/ref scenario and related node table unlock/lock due to the
driver looking up the node. This is particularly important when
stations are timed out as this causes a lock order reversal that
can result in a deadlock. As a byproduct we also reduce the overhead
for sending management frames (minimal). Additional fallout from
this is a change to ieee80211_encap to return a refcn't node for
tieing to the outbound frame. Node refcnts are not reclaimed until
after a frame is completely processed (e.g. in the tx interrupt
handler). This is especially important for timed out stations as
this deref will be the final one causing the node entry to be
reclaimed.

Additional semi-related changes:
o replace m_copym use with m_copypacket (optimization)
o add assert to verify ic_bss is never free'd during normal operation
o add comments explaining calling conventions by drivers for frames
going in each direction
o remove extraneous code that "cannot be executed" (e.g. because
pointers may never be null)

add monitor mode

revise copyright notices per discussion with Atsushi Onoe <onoe@sm.sony.co.jp>

new 802.11 layer:

o code reorg (relative to old netbsd-derived code) for future growth
o drivers now specify available channels and rates and 802.11 layer handles
almost all ifmedia actions
o multi-mode support for 11a/b/g devices
o 11g protocol additions (incomplete)
o new element id additions (for other than 11g)
o node/station table redone for proper locking and to eliminate driver
incestuousness
o split device flags and capabilities to reduce confusion and provide room
for expansion
o incomplete power management infrastructure (need to revisit)
o incomplete hooks for software retry
o more...