Add initial 802.11ac (VHT) support to net80211.

Add VHT capability and operation IE definitions to ieee80211.h.
Introduce channel flags to identify 80MHz and 160MHz capable channels.

Parse VHT IEs in beacons, announce the driver's VHT capabilities in
probe requests and assoc requests, and hop into 11ac mode after
association to the AP if possible.

Enable VHT by default if the driver announces support for it.

ok claudio@

Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

Rename some data frame subtype macros to make the difference between
"data" and "no data" frames more obvious. These renamed macros aren't
actually used anywhere in net80211 yet.
cross-checked with 802.11 specs by myself and Lauri Tirkkonen

Add the definition of IEEE80211_DUR_DS_SHSLOT.

From IEEE Std. 802.11-2016, Table 18-5 "ERP characteristics", p. 2332:

aSlotTime characteristic:
If dont11OperatingClassesRequired is false:
Long = 20 us
Short = 9 us

ok stsp@

Handle unequal numbers of Tx and Rx streams in MiRA.
Problem reported by Colton Lewis on misc@
ok tb@

Fix "comma at end of enumerator list" warnings

Sure stsp@

Add short comments explaining HT protection modes.

Initialize the A-MPDU parameters field in HT capability elements.
ok kettenis@

ADDBA frames have a parameter set which we check against our own capabilities
but we were checking bits in these parameters with the wrong set of bitmasks.
Negotiating A-MPDUs with some APs failed because of this bug.
ok kettenis@

Declare 802.11n mode and channel flags. Tweak 11n related fields in struct
ieee80211com and move them inside #ifndef IEEE80211_NO_HT without breaking
the build in rsu(4) for RAMDISK_CD.
Also declare 11n protection modes and MCS count.
ok deraadt mpi kettenis guenther

Add macros for A-MPDU and MCS data, both found in HT capabilities element.
typo fix + ok sthen@

In ieee80211.h update references to standard sections to 802.11-2012.
Add missing element IDs (and remove some non-standard ones), action field
categories and values, some 11n related stuff, and other small things.
Use the same element ID symbolic names as FreeBSD where applicable as
suggested by millert.
ok mpi millert

add a #define for IEEE80211_ELEMID_CSA, 802.11h-2003 Channel Switch Announcement
ok stsp@

Create a printb() suitable string for IEEE80211_FC1 field. Needed to show
more info in tcpdump. OK giovanni@

Block Ack agreements are unidirectional.
Maintain state for both originator and recipient roles separately.
Do not allocate receive reordering buffer in addba_request().
Test the "initiator" bit in incoming DELBA frames and set it appropriately
in outgoing DELBA frames.
Separate callbacks for Tx/Rx too.

no binary change since all this is #ifdef'ed out.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

Add some inline functions to test the presence of optional 802.11
header fields (Sequence Control, Address 4, QoS Control, +HTC) and
use them where appropriate.

Add ieee80211_get_qos() inline function to extract the QoS control
field of an 802.11 header instead of duplicating the same scary
code everywhere (the location of this field depends on the presence
of an Address 4 field).

Export ieee80211_up_to_ac() so that drivers can select the access
category to use based on the TID subfield of the QoS Control field.

Define more QoS-related bits for the RSN Capabilities field of RSN IE
(will be used later).

add ic_tid_noack bitmap to indicate a per-TID ACK policy (1=no ack,
0=normal ack). all bits are currently set to 0.
use this bitmap to set the ACK policy of the QoS control field of
outgoing QoS frames.

move definitions of channels attributes away from ieee80211.h such
that ieee80211.h contains only definitions that are part of the
802.11 standard and not constants used internally by net80211.
because channels attributes are exported to userland through the
radiotap BPF interface, add the definitions to ieee80211_radiotap.h
too (which must be kept in sync with what is used in net80211).
also, do not export combinations of channel attributes to userland
so that noone get stupid ideas.

add a couple of new definitions (action frames, new subtypes for control
frames, new IEs etc...)

add/process group integrity cipher suite in RSN IEs.
add support for MFP negotiation during association.

add support for EAPOL-Key v3 descriptors (similar to v2 except that the
MIC is computed using AES-128-CMAC instead of HMAC-SHA1).
add a SHA-256 based key derivation function (not used yet).

add definitions for RSN capabilities field (RSN IE).

process IGTK KDEs in EAPOL-Key frames and install integrity group keys
if MFP was negotiated with the peer (not possible yet).

Welcome BIP: the Broadcast/Multicast Integrity Protocol defined
in Draft IEEE P802.11w.
It provides data integrity and replay protection for broadcast/
multicast robust management frames (not used yet) using AES-128
in CMAC mode.

fix values for QoS control field.

remove unused structures and duplicated definitions.
remove clause 3 of license while I'm here (from FreeBSD).

add ieee80211_priv.h file: contains definitions private to net80211.
this must not be included by drivers.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

typo in a macro (fortunately unused): 0c00 -> 0x00

all WPA implementations i have tested use EAPOL-Key frames version 1,
so use that too and remove a check in ieee80211_recv_eapol().
WPA1 stores the group key id into bits 4-5 of the EAPOL-Key frame info
field and uses bit 6 to indicate if the key is Rx/Tx or Rx only.
remove a check in ieee80211_eapol_key_decrypt() because WPA1 encrypts
the payload of message 1 of the group-key handshake without setting the
encrypted bit in the info field.

WPA1 uses its own (non-standard) EAPOL-Key descriptor type.
Remove a double definition.
Add definitions for Key Data Encapsulations.

cleanup definition of struct ieee80211_eapol_key.
prepend 802.1X header.
use byte-arrays to prevent access to unaligned fields.

some HT frames may have an additional HT Control field.
remove two comments that were misplaced while I'm here (addr4 is always
located after the i_seq field, not at the end of the header).

add the pseudo-random function (PRF) and various key derivation
functions defined in 802.11i.

add subtype "Action" for management frames.

Backout part of 1.20 because IEEE80211_AUTH_ALGORITHM() and friends are used
by hostapd and tcpdump. Now tcpdump and hostapd should build again.

Readd IEEE80211_REASON_RSN_REQUIRED and IEEE80211_REASON_RSN_INCONSISTENT
userland is using these defines -- unbreaks build. Found by jasper@
discussed with reyk@.

remove more unused stuff.

add new ieee80211_eapol_key structure (used by the various 802.11i
key handshakes).

fix REASON codes.

add IEEE80211_FC1_PROTECTED flag.
keep IEEE80211_FC1_WEP for compatibility with pre-RSNA networks.

remove a lot of unused #define
fix a CAPINFO name

cleanup CAPINFO values.

cleanup the list of Organizationally Unique Identifiers (OUI).

s/IEEE80211_ELEMID_EDCA_PARAMS/IEEE80211_ELEMID_EDCAPARMS/ for consistency.

keep track of the Tx/Rx sequence numbers for each TID in the
ieee80211_node structure.
add a flag to indicate whether a STA is a QSTA or not.

- remove two unused structures
- add three new information elements identifiers:
IEEE80211_ELEMID_QBSS_LOAD : QBSS Load
IEEE80211_ELEMID_EDCA_PARAMS: EDCA Parameter Set
IEEE80211_ELEMID_QOS_CAP : QoS Capability

remove unused structure.

adds 802.11e EDCA tables for QAPs and non-AP QSTAs.
not used yet.

ok jsg@ deraadt@

move ieee80211_compute_duration() and ieee80211_compute_duration1()
functions into the two drivers that use them (atw and rtw.)
this code is not generic enough to be used by other drivers and
there is no chance that it will ever be used in newer driver since
it supports 802.11b only.
plus, it hurts my eyes each time i look into ieee80211_output.c.

"fine with me as long as the logic doesn't change in the functions" jsg@

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

typo.

mostly knf

ok jsg@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

replace __attribute__((__packed__)) with __packed.

Sync with recent NetBSD ieee80211_compute_duration() changes.

in real C, there is not , after the last enum entry; ok reyk

From dyoung@NetBSD:

ieee80211.h r 1.9

#define the difference in microseconds between a fast and a slow
preamble and PLCP header.

ieee80211_output.c r 1.19

Fix a bug in ieee80211_compute_duration: the 802.11 Duration field
in an 802.11 unicast data packet is equal to the duration of the
SIFS and Acknowledgement. That is, the amount of time reserved
*after* the packet has finished transmitting.

Change the arguments to ieee80211_compute_duration: pass the entire
packet length, not just the payload length. Add a 'debug' argument
to ieee80211_compute_duration and its helper subroutine,
ieee80211_compute_duration1.

If debug != 0, ieee80211_compute_duration printfs its arguments
and several local variables.

In rtw(4), load the 802.11 Duration field with the result from
ieee80211_compute_duration.

From dyoung@NetBSD:

Define for more bits in the Service field of the 802.11 PLCP Header.

For use by the subroutine ieee80211_compute_duration, add struct
ieee80211_duration, and #define a number of microsecond constants
used for the transmit timing of 802.11 packets.

Add the subroutine ieee80211_compute_duration, which computes for
any packet the appropriate 802.11 Duration field, the PLCP Length
field, as well as the Duration and Length fields for an RTS frame.

atw(4), rtw(4), future drivers, and possibly ath(4) will share
ieee80211_compute_duration.

ok millert@

CAPINFO_BITS from the current net/if_ieee80211.h header; fixes
CHNL_AGILITY printing too. deraadt ok.

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

Rename some data frame subtype macros to make the difference between
"data" and "no data" frames more obvious. These renamed macros aren't
actually used anywhere in net80211 yet.
cross-checked with 802.11 specs by myself and Lauri Tirkkonen

Add the definition of IEEE80211_DUR_DS_SHSLOT.

From IEEE Std. 802.11-2016, Table 18-5 "ERP characteristics", p. 2332:

aSlotTime characteristic:
If dont11OperatingClassesRequired is false:
Long = 20 us
Short = 9 us

ok stsp@

Handle unequal numbers of Tx and Rx streams in MiRA.
Problem reported by Colton Lewis on misc@
ok tb@

Fix "comma at end of enumerator list" warnings

Sure stsp@

Add short comments explaining HT protection modes.

Initialize the A-MPDU parameters field in HT capability elements.
ok kettenis@

ADDBA frames have a parameter set which we check against our own capabilities
but we were checking bits in these parameters with the wrong set of bitmasks.
Negotiating A-MPDUs with some APs failed because of this bug.
ok kettenis@

Declare 802.11n mode and channel flags. Tweak 11n related fields in struct
ieee80211com and move them inside #ifndef IEEE80211_NO_HT without breaking
the build in rsu(4) for RAMDISK_CD.
Also declare 11n protection modes and MCS count.
ok deraadt mpi kettenis guenther

Add macros for A-MPDU and MCS data, both found in HT capabilities element.
typo fix + ok sthen@

In ieee80211.h update references to standard sections to 802.11-2012.
Add missing element IDs (and remove some non-standard ones), action field
categories and values, some 11n related stuff, and other small things.
Use the same element ID symbolic names as FreeBSD where applicable as
suggested by millert.
ok mpi millert

add a #define for IEEE80211_ELEMID_CSA, 802.11h-2003 Channel Switch Announcement
ok stsp@

Create a printb() suitable string for IEEE80211_FC1 field. Needed to show
more info in tcpdump. OK giovanni@

Block Ack agreements are unidirectional.
Maintain state for both originator and recipient roles separately.
Do not allocate receive reordering buffer in addba_request().
Test the "initiator" bit in incoming DELBA frames and set it appropriately
in outgoing DELBA frames.
Separate callbacks for Tx/Rx too.

no binary change since all this is #ifdef'ed out.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

Add some inline functions to test the presence of optional 802.11
header fields (Sequence Control, Address 4, QoS Control, +HTC) and
use them where appropriate.

Add ieee80211_get_qos() inline function to extract the QoS control
field of an 802.11 header instead of duplicating the same scary
code everywhere (the location of this field depends on the presence
of an Address 4 field).

Export ieee80211_up_to_ac() so that drivers can select the access
category to use based on the TID subfield of the QoS Control field.

Define more QoS-related bits for the RSN Capabilities field of RSN IE
(will be used later).

add ic_tid_noack bitmap to indicate a per-TID ACK policy (1=no ack,
0=normal ack). all bits are currently set to 0.
use this bitmap to set the ACK policy of the QoS control field of
outgoing QoS frames.

move definitions of channels attributes away from ieee80211.h such
that ieee80211.h contains only definitions that are part of the
802.11 standard and not constants used internally by net80211.
because channels attributes are exported to userland through the
radiotap BPF interface, add the definitions to ieee80211_radiotap.h
too (which must be kept in sync with what is used in net80211).
also, do not export combinations of channel attributes to userland
so that noone get stupid ideas.

add a couple of new definitions (action frames, new subtypes for control
frames, new IEs etc...)

add/process group integrity cipher suite in RSN IEs.
add support for MFP negotiation during association.

add support for EAPOL-Key v3 descriptors (similar to v2 except that the
MIC is computed using AES-128-CMAC instead of HMAC-SHA1).
add a SHA-256 based key derivation function (not used yet).

add definitions for RSN capabilities field (RSN IE).

process IGTK KDEs in EAPOL-Key frames and install integrity group keys
if MFP was negotiated with the peer (not possible yet).

Welcome BIP: the Broadcast/Multicast Integrity Protocol defined
in Draft IEEE P802.11w.
It provides data integrity and replay protection for broadcast/
multicast robust management frames (not used yet) using AES-128
in CMAC mode.

fix values for QoS control field.

remove unused structures and duplicated definitions.
remove clause 3 of license while I'm here (from FreeBSD).

add ieee80211_priv.h file: contains definitions private to net80211.
this must not be included by drivers.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

typo in a macro (fortunately unused): 0c00 -> 0x00

all WPA implementations i have tested use EAPOL-Key frames version 1,
so use that too and remove a check in ieee80211_recv_eapol().
WPA1 stores the group key id into bits 4-5 of the EAPOL-Key frame info
field and uses bit 6 to indicate if the key is Rx/Tx or Rx only.
remove a check in ieee80211_eapol_key_decrypt() because WPA1 encrypts
the payload of message 1 of the group-key handshake without setting the
encrypted bit in the info field.

WPA1 uses its own (non-standard) EAPOL-Key descriptor type.
Remove a double definition.
Add definitions for Key Data Encapsulations.

cleanup definition of struct ieee80211_eapol_key.
prepend 802.1X header.
use byte-arrays to prevent access to unaligned fields.

some HT frames may have an additional HT Control field.
remove two comments that were misplaced while I'm here (addr4 is always
located after the i_seq field, not at the end of the header).

add the pseudo-random function (PRF) and various key derivation
functions defined in 802.11i.

add subtype "Action" for management frames.

Backout part of 1.20 because IEEE80211_AUTH_ALGORITHM() and friends are used
by hostapd and tcpdump. Now tcpdump and hostapd should build again.

Readd IEEE80211_REASON_RSN_REQUIRED and IEEE80211_REASON_RSN_INCONSISTENT
userland is using these defines -- unbreaks build. Found by jasper@
discussed with reyk@.

remove more unused stuff.

add new ieee80211_eapol_key structure (used by the various 802.11i
key handshakes).

fix REASON codes.

add IEEE80211_FC1_PROTECTED flag.
keep IEEE80211_FC1_WEP for compatibility with pre-RSNA networks.

remove a lot of unused #define
fix a CAPINFO name

cleanup CAPINFO values.

cleanup the list of Organizationally Unique Identifiers (OUI).

s/IEEE80211_ELEMID_EDCA_PARAMS/IEEE80211_ELEMID_EDCAPARMS/ for consistency.

keep track of the Tx/Rx sequence numbers for each TID in the
ieee80211_node structure.
add a flag to indicate whether a STA is a QSTA or not.

- remove two unused structures
- add three new information elements identifiers:
IEEE80211_ELEMID_QBSS_LOAD : QBSS Load
IEEE80211_ELEMID_EDCA_PARAMS: EDCA Parameter Set
IEEE80211_ELEMID_QOS_CAP : QoS Capability

remove unused structure.

adds 802.11e EDCA tables for QAPs and non-AP QSTAs.
not used yet.

ok jsg@ deraadt@

move ieee80211_compute_duration() and ieee80211_compute_duration1()
functions into the two drivers that use them (atw and rtw.)
this code is not generic enough to be used by other drivers and
there is no chance that it will ever be used in newer driver since
it supports 802.11b only.
plus, it hurts my eyes each time i look into ieee80211_output.c.

"fine with me as long as the logic doesn't change in the functions" jsg@

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

typo.

mostly knf

ok jsg@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

replace __attribute__((__packed__)) with __packed.

Sync with recent NetBSD ieee80211_compute_duration() changes.

in real C, there is not , after the last enum entry; ok reyk

From dyoung@NetBSD:

ieee80211.h r 1.9

#define the difference in microseconds between a fast and a slow
preamble and PLCP header.

ieee80211_output.c r 1.19

Fix a bug in ieee80211_compute_duration: the 802.11 Duration field
in an 802.11 unicast data packet is equal to the duration of the
SIFS and Acknowledgement. That is, the amount of time reserved
*after* the packet has finished transmitting.

Change the arguments to ieee80211_compute_duration: pass the entire
packet length, not just the payload length. Add a 'debug' argument
to ieee80211_compute_duration and its helper subroutine,
ieee80211_compute_duration1.

If debug != 0, ieee80211_compute_duration printfs its arguments
and several local variables.

In rtw(4), load the 802.11 Duration field with the result from
ieee80211_compute_duration.

From dyoung@NetBSD:

Define for more bits in the Service field of the 802.11 PLCP Header.

For use by the subroutine ieee80211_compute_duration, add struct
ieee80211_duration, and #define a number of microsecond constants
used for the transmit timing of 802.11 packets.

Add the subroutine ieee80211_compute_duration, which computes for
any packet the appropriate 802.11 Duration field, the PLCP Length
field, as well as the Duration and Length fields for an RTS frame.

atw(4), rtw(4), future drivers, and possibly ath(4) will share
ieee80211_compute_duration.

ok millert@

CAPINFO_BITS from the current net/if_ieee80211.h header; fixes
CHNL_AGILITY printing too. deraadt ok.

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

Rename some data frame subtype macros to make the difference between
"data" and "no data" frames more obvious. These renamed macros aren't
actually used anywhere in net80211 yet.
cross-checked with 802.11 specs by myself and Lauri Tirkkonen

Add the definition of IEEE80211_DUR_DS_SHSLOT.

From IEEE Std. 802.11-2016, Table 18-5 "ERP characteristics", p. 2332:

aSlotTime characteristic:
If dont11OperatingClassesRequired is false:
Long = 20 us
Short = 9 us

ok stsp@

Handle unequal numbers of Tx and Rx streams in MiRA.
Problem reported by Colton Lewis on misc@
ok tb@

Fix "comma at end of enumerator list" warnings

Sure stsp@

Add short comments explaining HT protection modes.

Initialize the A-MPDU parameters field in HT capability elements.
ok kettenis@

ADDBA frames have a parameter set which we check against our own capabilities
but we were checking bits in these parameters with the wrong set of bitmasks.
Negotiating A-MPDUs with some APs failed because of this bug.
ok kettenis@

Declare 802.11n mode and channel flags. Tweak 11n related fields in struct
ieee80211com and move them inside #ifndef IEEE80211_NO_HT without breaking
the build in rsu(4) for RAMDISK_CD.
Also declare 11n protection modes and MCS count.
ok deraadt mpi kettenis guenther

Add macros for A-MPDU and MCS data, both found in HT capabilities element.
typo fix + ok sthen@

In ieee80211.h update references to standard sections to 802.11-2012.
Add missing element IDs (and remove some non-standard ones), action field
categories and values, some 11n related stuff, and other small things.
Use the same element ID symbolic names as FreeBSD where applicable as
suggested by millert.
ok mpi millert

add a #define for IEEE80211_ELEMID_CSA, 802.11h-2003 Channel Switch Announcement
ok stsp@

Create a printb() suitable string for IEEE80211_FC1 field. Needed to show
more info in tcpdump. OK giovanni@

Block Ack agreements are unidirectional.
Maintain state for both originator and recipient roles separately.
Do not allocate receive reordering buffer in addba_request().
Test the "initiator" bit in incoming DELBA frames and set it appropriately
in outgoing DELBA frames.
Separate callbacks for Tx/Rx too.

no binary change since all this is #ifdef'ed out.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

Add some inline functions to test the presence of optional 802.11
header fields (Sequence Control, Address 4, QoS Control, +HTC) and
use them where appropriate.

Add ieee80211_get_qos() inline function to extract the QoS control
field of an 802.11 header instead of duplicating the same scary
code everywhere (the location of this field depends on the presence
of an Address 4 field).

Export ieee80211_up_to_ac() so that drivers can select the access
category to use based on the TID subfield of the QoS Control field.

Define more QoS-related bits for the RSN Capabilities field of RSN IE
(will be used later).

add ic_tid_noack bitmap to indicate a per-TID ACK policy (1=no ack,
0=normal ack). all bits are currently set to 0.
use this bitmap to set the ACK policy of the QoS control field of
outgoing QoS frames.

move definitions of channels attributes away from ieee80211.h such
that ieee80211.h contains only definitions that are part of the
802.11 standard and not constants used internally by net80211.
because channels attributes are exported to userland through the
radiotap BPF interface, add the definitions to ieee80211_radiotap.h
too (which must be kept in sync with what is used in net80211).
also, do not export combinations of channel attributes to userland
so that noone get stupid ideas.

add a couple of new definitions (action frames, new subtypes for control
frames, new IEs etc...)

add/process group integrity cipher suite in RSN IEs.
add support for MFP negotiation during association.

add support for EAPOL-Key v3 descriptors (similar to v2 except that the
MIC is computed using AES-128-CMAC instead of HMAC-SHA1).
add a SHA-256 based key derivation function (not used yet).

add definitions for RSN capabilities field (RSN IE).

process IGTK KDEs in EAPOL-Key frames and install integrity group keys
if MFP was negotiated with the peer (not possible yet).

Welcome BIP: the Broadcast/Multicast Integrity Protocol defined
in Draft IEEE P802.11w.
It provides data integrity and replay protection for broadcast/
multicast robust management frames (not used yet) using AES-128
in CMAC mode.

fix values for QoS control field.

remove unused structures and duplicated definitions.
remove clause 3 of license while I'm here (from FreeBSD).

add ieee80211_priv.h file: contains definitions private to net80211.
this must not be included by drivers.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

typo in a macro (fortunately unused): 0c00 -> 0x00

all WPA implementations i have tested use EAPOL-Key frames version 1,
so use that too and remove a check in ieee80211_recv_eapol().
WPA1 stores the group key id into bits 4-5 of the EAPOL-Key frame info
field and uses bit 6 to indicate if the key is Rx/Tx or Rx only.
remove a check in ieee80211_eapol_key_decrypt() because WPA1 encrypts
the payload of message 1 of the group-key handshake without setting the
encrypted bit in the info field.

WPA1 uses its own (non-standard) EAPOL-Key descriptor type.
Remove a double definition.
Add definitions for Key Data Encapsulations.

cleanup definition of struct ieee80211_eapol_key.
prepend 802.1X header.
use byte-arrays to prevent access to unaligned fields.

some HT frames may have an additional HT Control field.
remove two comments that were misplaced while I'm here (addr4 is always
located after the i_seq field, not at the end of the header).

add the pseudo-random function (PRF) and various key derivation
functions defined in 802.11i.

add subtype "Action" for management frames.

Backout part of 1.20 because IEEE80211_AUTH_ALGORITHM() and friends are used
by hostapd and tcpdump. Now tcpdump and hostapd should build again.

Readd IEEE80211_REASON_RSN_REQUIRED and IEEE80211_REASON_RSN_INCONSISTENT
userland is using these defines -- unbreaks build. Found by jasper@
discussed with reyk@.

remove more unused stuff.

add new ieee80211_eapol_key structure (used by the various 802.11i
key handshakes).

fix REASON codes.

add IEEE80211_FC1_PROTECTED flag.
keep IEEE80211_FC1_WEP for compatibility with pre-RSNA networks.

remove a lot of unused #define
fix a CAPINFO name

cleanup CAPINFO values.

cleanup the list of Organizationally Unique Identifiers (OUI).

s/IEEE80211_ELEMID_EDCA_PARAMS/IEEE80211_ELEMID_EDCAPARMS/ for consistency.

keep track of the Tx/Rx sequence numbers for each TID in the
ieee80211_node structure.
add a flag to indicate whether a STA is a QSTA or not.

- remove two unused structures
- add three new information elements identifiers:
IEEE80211_ELEMID_QBSS_LOAD : QBSS Load
IEEE80211_ELEMID_EDCA_PARAMS: EDCA Parameter Set
IEEE80211_ELEMID_QOS_CAP : QoS Capability

remove unused structure.

adds 802.11e EDCA tables for QAPs and non-AP QSTAs.
not used yet.

ok jsg@ deraadt@

move ieee80211_compute_duration() and ieee80211_compute_duration1()
functions into the two drivers that use them (atw and rtw.)
this code is not generic enough to be used by other drivers and
there is no chance that it will ever be used in newer driver since
it supports 802.11b only.
plus, it hurts my eyes each time i look into ieee80211_output.c.

"fine with me as long as the logic doesn't change in the functions" jsg@

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

typo.

mostly knf

ok jsg@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

replace __attribute__((__packed__)) with __packed.

Sync with recent NetBSD ieee80211_compute_duration() changes.

in real C, there is not , after the last enum entry; ok reyk

From dyoung@NetBSD:

ieee80211.h r 1.9

#define the difference in microseconds between a fast and a slow
preamble and PLCP header.

ieee80211_output.c r 1.19

Fix a bug in ieee80211_compute_duration: the 802.11 Duration field
in an 802.11 unicast data packet is equal to the duration of the
SIFS and Acknowledgement. That is, the amount of time reserved
*after* the packet has finished transmitting.

Change the arguments to ieee80211_compute_duration: pass the entire
packet length, not just the payload length. Add a 'debug' argument
to ieee80211_compute_duration and its helper subroutine,
ieee80211_compute_duration1.

If debug != 0, ieee80211_compute_duration printfs its arguments
and several local variables.

In rtw(4), load the 802.11 Duration field with the result from
ieee80211_compute_duration.

From dyoung@NetBSD:

Define for more bits in the Service field of the 802.11 PLCP Header.

For use by the subroutine ieee80211_compute_duration, add struct
ieee80211_duration, and #define a number of microsecond constants
used for the transmit timing of 802.11 packets.

Add the subroutine ieee80211_compute_duration, which computes for
any packet the appropriate 802.11 Duration field, the PLCP Length
field, as well as the Duration and Length fields for an RTS frame.

atw(4), rtw(4), future drivers, and possibly ath(4) will share
ieee80211_compute_duration.

ok millert@

CAPINFO_BITS from the current net/if_ieee80211.h header; fixes
CHNL_AGILITY printing too. deraadt ok.

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

Add the definition of IEEE80211_DUR_DS_SHSLOT.

From IEEE Std. 802.11-2016, Table 18-5 "ERP characteristics", p. 2332:

aSlotTime characteristic:
If dont11OperatingClassesRequired is false:
Long = 20 us
Short = 9 us

ok stsp@

Handle unequal numbers of Tx and Rx streams in MiRA.
Problem reported by Colton Lewis on misc@
ok tb@

Fix "comma at end of enumerator list" warnings

Sure stsp@

Add short comments explaining HT protection modes.

Initialize the A-MPDU parameters field in HT capability elements.
ok kettenis@

ADDBA frames have a parameter set which we check against our own capabilities
but we were checking bits in these parameters with the wrong set of bitmasks.
Negotiating A-MPDUs with some APs failed because of this bug.
ok kettenis@

Declare 802.11n mode and channel flags. Tweak 11n related fields in struct
ieee80211com and move them inside #ifndef IEEE80211_NO_HT without breaking
the build in rsu(4) for RAMDISK_CD.
Also declare 11n protection modes and MCS count.
ok deraadt mpi kettenis guenther

Add macros for A-MPDU and MCS data, both found in HT capabilities element.
typo fix + ok sthen@

In ieee80211.h update references to standard sections to 802.11-2012.
Add missing element IDs (and remove some non-standard ones), action field
categories and values, some 11n related stuff, and other small things.
Use the same element ID symbolic names as FreeBSD where applicable as
suggested by millert.
ok mpi millert

add a #define for IEEE80211_ELEMID_CSA, 802.11h-2003 Channel Switch Announcement
ok stsp@

Create a printb() suitable string for IEEE80211_FC1 field. Needed to show
more info in tcpdump. OK giovanni@

Block Ack agreements are unidirectional.
Maintain state for both originator and recipient roles separately.
Do not allocate receive reordering buffer in addba_request().
Test the "initiator" bit in incoming DELBA frames and set it appropriately
in outgoing DELBA frames.
Separate callbacks for Tx/Rx too.

no binary change since all this is #ifdef'ed out.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

Add some inline functions to test the presence of optional 802.11
header fields (Sequence Control, Address 4, QoS Control, +HTC) and
use them where appropriate.

Add ieee80211_get_qos() inline function to extract the QoS control
field of an 802.11 header instead of duplicating the same scary
code everywhere (the location of this field depends on the presence
of an Address 4 field).

Export ieee80211_up_to_ac() so that drivers can select the access
category to use based on the TID subfield of the QoS Control field.

Define more QoS-related bits for the RSN Capabilities field of RSN IE
(will be used later).

add ic_tid_noack bitmap to indicate a per-TID ACK policy (1=no ack,
0=normal ack). all bits are currently set to 0.
use this bitmap to set the ACK policy of the QoS control field of
outgoing QoS frames.

move definitions of channels attributes away from ieee80211.h such
that ieee80211.h contains only definitions that are part of the
802.11 standard and not constants used internally by net80211.
because channels attributes are exported to userland through the
radiotap BPF interface, add the definitions to ieee80211_radiotap.h
too (which must be kept in sync with what is used in net80211).
also, do not export combinations of channel attributes to userland
so that noone get stupid ideas.

add a couple of new definitions (action frames, new subtypes for control
frames, new IEs etc...)

add/process group integrity cipher suite in RSN IEs.
add support for MFP negotiation during association.

add support for EAPOL-Key v3 descriptors (similar to v2 except that the
MIC is computed using AES-128-CMAC instead of HMAC-SHA1).
add a SHA-256 based key derivation function (not used yet).

add definitions for RSN capabilities field (RSN IE).

process IGTK KDEs in EAPOL-Key frames and install integrity group keys
if MFP was negotiated with the peer (not possible yet).

Welcome BIP: the Broadcast/Multicast Integrity Protocol defined
in Draft IEEE P802.11w.
It provides data integrity and replay protection for broadcast/
multicast robust management frames (not used yet) using AES-128
in CMAC mode.

fix values for QoS control field.

remove unused structures and duplicated definitions.
remove clause 3 of license while I'm here (from FreeBSD).

add ieee80211_priv.h file: contains definitions private to net80211.
this must not be included by drivers.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

typo in a macro (fortunately unused): 0c00 -> 0x00

all WPA implementations i have tested use EAPOL-Key frames version 1,
so use that too and remove a check in ieee80211_recv_eapol().
WPA1 stores the group key id into bits 4-5 of the EAPOL-Key frame info
field and uses bit 6 to indicate if the key is Rx/Tx or Rx only.
remove a check in ieee80211_eapol_key_decrypt() because WPA1 encrypts
the payload of message 1 of the group-key handshake without setting the
encrypted bit in the info field.

WPA1 uses its own (non-standard) EAPOL-Key descriptor type.
Remove a double definition.
Add definitions for Key Data Encapsulations.

cleanup definition of struct ieee80211_eapol_key.
prepend 802.1X header.
use byte-arrays to prevent access to unaligned fields.

some HT frames may have an additional HT Control field.
remove two comments that were misplaced while I'm here (addr4 is always
located after the i_seq field, not at the end of the header).

add the pseudo-random function (PRF) and various key derivation
functions defined in 802.11i.

add subtype "Action" for management frames.

Backout part of 1.20 because IEEE80211_AUTH_ALGORITHM() and friends are used
by hostapd and tcpdump. Now tcpdump and hostapd should build again.

Readd IEEE80211_REASON_RSN_REQUIRED and IEEE80211_REASON_RSN_INCONSISTENT
userland is using these defines -- unbreaks build. Found by jasper@
discussed with reyk@.

remove more unused stuff.

add new ieee80211_eapol_key structure (used by the various 802.11i
key handshakes).

fix REASON codes.

add IEEE80211_FC1_PROTECTED flag.
keep IEEE80211_FC1_WEP for compatibility with pre-RSNA networks.

remove a lot of unused #define
fix a CAPINFO name

cleanup CAPINFO values.

cleanup the list of Organizationally Unique Identifiers (OUI).

s/IEEE80211_ELEMID_EDCA_PARAMS/IEEE80211_ELEMID_EDCAPARMS/ for consistency.

keep track of the Tx/Rx sequence numbers for each TID in the
ieee80211_node structure.
add a flag to indicate whether a STA is a QSTA or not.

- remove two unused structures
- add three new information elements identifiers:
IEEE80211_ELEMID_QBSS_LOAD : QBSS Load
IEEE80211_ELEMID_EDCA_PARAMS: EDCA Parameter Set
IEEE80211_ELEMID_QOS_CAP : QoS Capability

remove unused structure.

adds 802.11e EDCA tables for QAPs and non-AP QSTAs.
not used yet.

ok jsg@ deraadt@

move ieee80211_compute_duration() and ieee80211_compute_duration1()
functions into the two drivers that use them (atw and rtw.)
this code is not generic enough to be used by other drivers and
there is no chance that it will ever be used in newer driver since
it supports 802.11b only.
plus, it hurts my eyes each time i look into ieee80211_output.c.

"fine with me as long as the logic doesn't change in the functions" jsg@

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

typo.

mostly knf

ok jsg@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

replace __attribute__((__packed__)) with __packed.

Sync with recent NetBSD ieee80211_compute_duration() changes.

in real C, there is not , after the last enum entry; ok reyk

From dyoung@NetBSD:

ieee80211.h r 1.9

#define the difference in microseconds between a fast and a slow
preamble and PLCP header.

ieee80211_output.c r 1.19

Fix a bug in ieee80211_compute_duration: the 802.11 Duration field
in an 802.11 unicast data packet is equal to the duration of the
SIFS and Acknowledgement. That is, the amount of time reserved
*after* the packet has finished transmitting.

Change the arguments to ieee80211_compute_duration: pass the entire
packet length, not just the payload length. Add a 'debug' argument
to ieee80211_compute_duration and its helper subroutine,
ieee80211_compute_duration1.

If debug != 0, ieee80211_compute_duration printfs its arguments
and several local variables.

In rtw(4), load the 802.11 Duration field with the result from
ieee80211_compute_duration.

From dyoung@NetBSD:

Define for more bits in the Service field of the 802.11 PLCP Header.

For use by the subroutine ieee80211_compute_duration, add struct
ieee80211_duration, and #define a number of microsecond constants
used for the transmit timing of 802.11 packets.

Add the subroutine ieee80211_compute_duration, which computes for
any packet the appropriate 802.11 Duration field, the PLCP Length
field, as well as the Duration and Length fields for an RTS frame.

atw(4), rtw(4), future drivers, and possibly ath(4) will share
ieee80211_compute_duration.

ok millert@

CAPINFO_BITS from the current net/if_ieee80211.h header; fixes
CHNL_AGILITY printing too. deraadt ok.

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.