ieee80211_node.c revision 302018
1/*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> 28__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_node.c 302018 2016-06-19 07:31:02Z adrian $"); 29 30#include "opt_wlan.h" 31 32#include <sys/param.h> 33#include <sys/systm.h> 34#include <sys/mbuf.h> 35#include <sys/malloc.h> 36#include <sys/kernel.h> 37 38#include <sys/socket.h> 39 40#include <net/if.h> 41#include <net/if_var.h> 42#include <net/if_media.h> 43#include <net/ethernet.h> 44 45#include <net80211/ieee80211_var.h> 46#include <net80211/ieee80211_input.h> 47#ifdef IEEE80211_SUPPORT_SUPERG 48#include <net80211/ieee80211_superg.h> 49#endif 50#ifdef IEEE80211_SUPPORT_TDMA 51#include <net80211/ieee80211_tdma.h> 52#endif 53#include <net80211/ieee80211_wds.h> 54#include <net80211/ieee80211_mesh.h> 55#include <net80211/ieee80211_ratectl.h> 56 57#include <net/bpf.h> 58 59/* 60 * IEEE80211_NODE_HASHSIZE must be a power of 2. 61 */ 62CTASSERT((IEEE80211_NODE_HASHSIZE & (IEEE80211_NODE_HASHSIZE-1)) == 0); 63 64/* 65 * Association id's are managed with a bit vector. 66 */ 67#define IEEE80211_AID_SET(_vap, b) \ 68 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \ 69 (1 << (IEEE80211_AID(b) % 32))) 70#define IEEE80211_AID_CLR(_vap, b) \ 71 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \ 72 ~(1 << (IEEE80211_AID(b) % 32))) 73#define IEEE80211_AID_ISSET(_vap, b) \ 74 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 75 76static int ieee80211_sta_join1(struct ieee80211_node *); 77 78static struct ieee80211_node *node_alloc(struct ieee80211vap *, 79 const uint8_t [IEEE80211_ADDR_LEN]); 80static void node_cleanup(struct ieee80211_node *); 81static void node_free(struct ieee80211_node *); 82static void node_age(struct ieee80211_node *); 83static int8_t node_getrssi(const struct ieee80211_node *); 84static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *); 85static void node_getmimoinfo(const struct ieee80211_node *, 86 struct ieee80211_mimo_info *); 87 88static void _ieee80211_free_node(struct ieee80211_node *); 89 90static void node_reclaim(struct ieee80211_node_table *nt, 91 struct ieee80211_node *ni); 92static void ieee80211_node_table_init(struct ieee80211com *ic, 93 struct ieee80211_node_table *nt, const char *name, 94 int inact, int keymaxix); 95static void ieee80211_node_table_reset(struct ieee80211_node_table *, 96 struct ieee80211vap *); 97static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 98static void ieee80211_erp_timeout(struct ieee80211com *); 99 100MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 101MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie"); 102 103void 104ieee80211_node_attach(struct ieee80211com *ic) 105{ 106 /* XXX really want maxlen enforced per-sta */ 107 ieee80211_ageq_init(&ic->ic_stageq, ic->ic_max_keyix * 8, 108 "802.11 staging q"); 109 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 110 IEEE80211_INACT_INIT, ic->ic_max_keyix); 111 callout_init(&ic->ic_inact, 1); 112 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 113 ieee80211_node_timeout, ic); 114 115 ic->ic_node_alloc = node_alloc; 116 ic->ic_node_free = node_free; 117 ic->ic_node_cleanup = node_cleanup; 118 ic->ic_node_age = node_age; 119 ic->ic_node_drain = node_age; /* NB: same as age */ 120 ic->ic_node_getrssi = node_getrssi; 121 ic->ic_node_getsignal = node_getsignal; 122 ic->ic_node_getmimoinfo = node_getmimoinfo; 123 124 /* 125 * Set flags to be propagated to all vap's; 126 * these define default behaviour/configuration. 127 */ 128 ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */ 129} 130 131void 132ieee80211_node_detach(struct ieee80211com *ic) 133{ 134 135 callout_drain(&ic->ic_inact); 136 ieee80211_node_table_cleanup(&ic->ic_sta); 137 ieee80211_ageq_cleanup(&ic->ic_stageq); 138} 139 140void 141ieee80211_node_vattach(struct ieee80211vap *vap) 142{ 143 /* NB: driver can override */ 144 vap->iv_max_aid = IEEE80211_AID_DEF; 145 146 /* default station inactivity timer setings */ 147 vap->iv_inact_init = IEEE80211_INACT_INIT; 148 vap->iv_inact_auth = IEEE80211_INACT_AUTH; 149 vap->iv_inact_run = IEEE80211_INACT_RUN; 150 vap->iv_inact_probe = IEEE80211_INACT_PROBE; 151 152 IEEE80211_DPRINTF(vap, IEEE80211_MSG_INACT, 153 "%s: init %u auth %u run %u probe %u\n", __func__, 154 vap->iv_inact_init, vap->iv_inact_auth, 155 vap->iv_inact_run, vap->iv_inact_probe); 156} 157 158void 159ieee80211_node_latevattach(struct ieee80211vap *vap) 160{ 161 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 162 /* XXX should we allow max aid to be zero? */ 163 if (vap->iv_max_aid < IEEE80211_AID_MIN) { 164 vap->iv_max_aid = IEEE80211_AID_MIN; 165 if_printf(vap->iv_ifp, 166 "WARNING: max aid too small, changed to %d\n", 167 vap->iv_max_aid); 168 } 169 vap->iv_aid_bitmap = (uint32_t *) IEEE80211_MALLOC( 170 howmany(vap->iv_max_aid, 32) * sizeof(uint32_t), 171 M_80211_NODE, 172 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 173 if (vap->iv_aid_bitmap == NULL) { 174 /* XXX no way to recover */ 175 printf("%s: no memory for AID bitmap, max aid %d!\n", 176 __func__, vap->iv_max_aid); 177 vap->iv_max_aid = 0; 178 } 179 } 180 181 ieee80211_reset_bss(vap); 182 183 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode); 184} 185 186void 187ieee80211_node_vdetach(struct ieee80211vap *vap) 188{ 189 struct ieee80211com *ic = vap->iv_ic; 190 191 ieee80211_node_table_reset(&ic->ic_sta, vap); 192 if (vap->iv_bss != NULL) { 193 ieee80211_free_node(vap->iv_bss); 194 vap->iv_bss = NULL; 195 } 196 if (vap->iv_aid_bitmap != NULL) { 197 IEEE80211_FREE(vap->iv_aid_bitmap, M_80211_NODE); 198 vap->iv_aid_bitmap = NULL; 199 } 200} 201 202/* 203 * Port authorize/unauthorize interfaces for use by an authenticator. 204 */ 205 206void 207ieee80211_node_authorize(struct ieee80211_node *ni) 208{ 209 struct ieee80211vap *vap = ni->ni_vap; 210 211 ni->ni_flags |= IEEE80211_NODE_AUTH; 212 ni->ni_inact_reload = vap->iv_inact_run; 213 ni->ni_inact = ni->ni_inact_reload; 214 215 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 216 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 217} 218 219void 220ieee80211_node_unauthorize(struct ieee80211_node *ni) 221{ 222 struct ieee80211vap *vap = ni->ni_vap; 223 224 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 225 ni->ni_inact_reload = vap->iv_inact_auth; 226 if (ni->ni_inact > ni->ni_inact_reload) 227 ni->ni_inact = ni->ni_inact_reload; 228 229 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 230 "%s: inact_reload %u inact %u", __func__, 231 ni->ni_inact_reload, ni->ni_inact); 232} 233 234/* 235 * Fix tx parameters for a node according to ``association state''. 236 */ 237void 238ieee80211_node_setuptxparms(struct ieee80211_node *ni) 239{ 240 struct ieee80211vap *vap = ni->ni_vap; 241 enum ieee80211_phymode mode; 242 243 if (ni->ni_flags & IEEE80211_NODE_HT) { 244 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) 245 mode = IEEE80211_MODE_11NA; 246 else 247 mode = IEEE80211_MODE_11NG; 248 } else { /* legacy rate handling */ 249 if (IEEE80211_IS_CHAN_ST(ni->ni_chan)) 250 mode = IEEE80211_MODE_STURBO_A; 251 else if (IEEE80211_IS_CHAN_HALF(ni->ni_chan)) 252 mode = IEEE80211_MODE_HALF; 253 else if (IEEE80211_IS_CHAN_QUARTER(ni->ni_chan)) 254 mode = IEEE80211_MODE_QUARTER; 255 /* NB: 108A should be handled as 11a */ 256 else if (IEEE80211_IS_CHAN_A(ni->ni_chan)) 257 mode = IEEE80211_MODE_11A; 258 else if (IEEE80211_IS_CHAN_108G(ni->ni_chan) || 259 (ni->ni_flags & IEEE80211_NODE_ERP)) 260 mode = IEEE80211_MODE_11G; 261 else 262 mode = IEEE80211_MODE_11B; 263 } 264 ni->ni_txparms = &vap->iv_txparms[mode]; 265} 266 267/* 268 * Set/change the channel. The rate set is also updated as 269 * to insure a consistent view by drivers. 270 * XXX should be private but hostap needs it to deal with CSA 271 */ 272void 273ieee80211_node_set_chan(struct ieee80211_node *ni, 274 struct ieee80211_channel *chan) 275{ 276 struct ieee80211com *ic = ni->ni_ic; 277 struct ieee80211vap *vap = ni->ni_vap; 278 enum ieee80211_phymode mode; 279 280 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel")); 281 282 ni->ni_chan = chan; 283 mode = ieee80211_chan2mode(chan); 284 if (IEEE80211_IS_CHAN_HT(chan)) { 285 /* 286 * We must install the legacy rate est in ni_rates and the 287 * HT rate set in ni_htrates. 288 */ 289 ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan); 290 /* 291 * Setup bss tx parameters based on operating mode. We 292 * use legacy rates when operating in a mixed HT+non-HT bss 293 * and non-ERP rates in 11g for mixed ERP+non-ERP bss. 294 */ 295 if (mode == IEEE80211_MODE_11NA && 296 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 297 mode = IEEE80211_MODE_11A; 298 else if (mode == IEEE80211_MODE_11NG && 299 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 300 mode = IEEE80211_MODE_11G; 301 if (mode == IEEE80211_MODE_11G && 302 (vap->iv_flags & IEEE80211_F_PUREG) == 0) 303 mode = IEEE80211_MODE_11B; 304 } 305 ni->ni_txparms = &vap->iv_txparms[mode]; 306 ni->ni_rates = *ieee80211_get_suprates(ic, chan); 307} 308 309static __inline void 310copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 311{ 312 /* propagate useful state */ 313 nbss->ni_authmode = obss->ni_authmode; 314 nbss->ni_txpower = obss->ni_txpower; 315 nbss->ni_vlan = obss->ni_vlan; 316 /* XXX statistics? */ 317 /* XXX legacy WDS bssid? */ 318} 319 320void 321ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan) 322{ 323 struct ieee80211com *ic = vap->iv_ic; 324 struct ieee80211_node *ni; 325 326 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 327 "%s: creating %s on channel %u%c\n", __func__, 328 ieee80211_opmode_name[vap->iv_opmode], 329 ieee80211_chan2ieee(ic, chan), 330 ieee80211_channel_type_char(chan)); 331 332 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 333 if (ni == NULL) { 334 /* XXX recovery? */ 335 return; 336 } 337 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 338 ni->ni_esslen = vap->iv_des_ssid[0].len; 339 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 340 if (vap->iv_bss != NULL) 341 copy_bss(ni, vap->iv_bss); 342 ni->ni_intval = ic->ic_bintval; 343 if (vap->iv_flags & IEEE80211_F_PRIVACY) 344 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 345 if (ic->ic_phytype == IEEE80211_T_FH) { 346 ni->ni_fhdwell = 200; /* XXX */ 347 ni->ni_fhindex = 1; 348 } 349 if (vap->iv_opmode == IEEE80211_M_IBSS) { 350 vap->iv_flags |= IEEE80211_F_SIBSS; 351 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 352 if (vap->iv_flags & IEEE80211_F_DESBSSID) 353 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 354 else { 355 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN); 356 /* clear group bit, add local bit */ 357 ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02; 358 } 359 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 360 if (vap->iv_flags & IEEE80211_F_DESBSSID) 361 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 362 else 363#ifdef IEEE80211_SUPPORT_TDMA 364 if ((vap->iv_caps & IEEE80211_C_TDMA) == 0) 365#endif 366 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN); 367#ifdef IEEE80211_SUPPORT_MESH 368 } else if (vap->iv_opmode == IEEE80211_M_MBSS) { 369 ni->ni_meshidlen = vap->iv_mesh->ms_idlen; 370 memcpy(ni->ni_meshid, vap->iv_mesh->ms_id, ni->ni_meshidlen); 371#endif 372 } 373 /* 374 * Fix the channel and related attributes. 375 */ 376 /* clear DFS CAC state on previous channel */ 377 if (ic->ic_bsschan != IEEE80211_CHAN_ANYC && 378 ic->ic_bsschan->ic_freq != chan->ic_freq && 379 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan)) 380 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan); 381 ic->ic_bsschan = chan; 382 ieee80211_node_set_chan(ni, chan); 383 ic->ic_curmode = ieee80211_chan2mode(chan); 384 /* 385 * Do mode-specific setup. 386 */ 387 if (IEEE80211_IS_CHAN_FULL(chan)) { 388 if (IEEE80211_IS_CHAN_ANYG(chan)) { 389 /* 390 * Use a mixed 11b/11g basic rate set. 391 */ 392 ieee80211_setbasicrates(&ni->ni_rates, 393 IEEE80211_MODE_11G); 394 if (vap->iv_flags & IEEE80211_F_PUREG) { 395 /* 396 * Also mark OFDM rates basic so 11b 397 * stations do not join (WiFi compliance). 398 */ 399 ieee80211_addbasicrates(&ni->ni_rates, 400 IEEE80211_MODE_11A); 401 } 402 } else if (IEEE80211_IS_CHAN_B(chan)) { 403 /* 404 * Force pure 11b rate set. 405 */ 406 ieee80211_setbasicrates(&ni->ni_rates, 407 IEEE80211_MODE_11B); 408 } 409 } 410 411 (void) ieee80211_sta_join1(ieee80211_ref_node(ni)); 412} 413 414/* 415 * Reset bss state on transition to the INIT state. 416 * Clear any stations from the table (they have been 417 * deauth'd) and reset the bss node (clears key, rate 418 * etc. state). 419 */ 420void 421ieee80211_reset_bss(struct ieee80211vap *vap) 422{ 423 struct ieee80211com *ic = vap->iv_ic; 424 struct ieee80211_node *ni, *obss; 425 426 ieee80211_node_table_reset(&ic->ic_sta, vap); 427 /* XXX multi-bss: wrong */ 428 ieee80211_reset_erp(ic); 429 430 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 431 KASSERT(ni != NULL, ("unable to setup initial BSS node")); 432 obss = vap->iv_bss; 433 vap->iv_bss = ieee80211_ref_node(ni); 434 if (obss != NULL) { 435 copy_bss(ni, obss); 436 ni->ni_intval = ic->ic_bintval; 437 ieee80211_free_node(obss); 438 } else 439 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 440} 441 442static int 443match_ssid(const struct ieee80211_node *ni, 444 int nssid, const struct ieee80211_scan_ssid ssids[]) 445{ 446 int i; 447 448 for (i = 0; i < nssid; i++) { 449 if (ni->ni_esslen == ssids[i].len && 450 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0) 451 return 1; 452 } 453 return 0; 454} 455 456/* 457 * Test a node for suitability/compatibility. 458 */ 459static int 460check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni) 461{ 462 struct ieee80211com *ic = ni->ni_ic; 463 uint8_t rate; 464 465 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 466 return 0; 467 if (vap->iv_opmode == IEEE80211_M_IBSS) { 468 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 469 return 0; 470 } else { 471 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 472 return 0; 473 } 474 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 475 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 476 return 0; 477 } else { 478 /* XXX does this mean privacy is supported or required? */ 479 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 480 return 0; 481 } 482 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 483 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 484 if (rate & IEEE80211_RATE_BASIC) 485 return 0; 486 if (vap->iv_des_nssid != 0 && 487 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 488 return 0; 489 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 490 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 491 return 0; 492 return 1; 493} 494 495#ifdef IEEE80211_DEBUG 496/* 497 * Display node suitability/compatibility. 498 */ 499static void 500check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni) 501{ 502 struct ieee80211com *ic = ni->ni_ic; 503 uint8_t rate; 504 int fail; 505 506 fail = 0; 507 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 508 fail |= 0x01; 509 if (vap->iv_opmode == IEEE80211_M_IBSS) { 510 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 511 fail |= 0x02; 512 } else { 513 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 514 fail |= 0x02; 515 } 516 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 517 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 518 fail |= 0x04; 519 } else { 520 /* XXX does this mean privacy is supported or required? */ 521 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 522 fail |= 0x04; 523 } 524 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 525 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 526 if (rate & IEEE80211_RATE_BASIC) 527 fail |= 0x08; 528 if (vap->iv_des_nssid != 0 && 529 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 530 fail |= 0x10; 531 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 532 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 533 fail |= 0x20; 534 535 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr)); 536 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' '); 537 printf(" %3d%c", 538 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' '); 539 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 540 fail & 0x08 ? '!' : ' '); 541 printf(" %4s%c", 542 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 543 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 544 "????", 545 fail & 0x02 ? '!' : ' '); 546 printf(" %3s%c ", 547 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no", 548 fail & 0x04 ? '!' : ' '); 549 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 550 printf("%s\n", fail & 0x10 ? "!" : ""); 551} 552#endif /* IEEE80211_DEBUG */ 553 554 555int 556ieee80211_ibss_merge_check(struct ieee80211_node *ni) 557{ 558 struct ieee80211vap *vap = ni->ni_vap; 559 560 if (ni == vap->iv_bss || 561 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) { 562 /* unchanged, nothing to do */ 563 return 0; 564 } 565 566 if (!check_bss(vap, ni)) { 567 /* capabilities mismatch */ 568 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 569 "%s: merge failed, capabilities mismatch\n", __func__); 570#ifdef IEEE80211_DEBUG 571 if (ieee80211_msg_assoc(vap)) 572 check_bss_debug(vap, ni); 573#endif 574 vap->iv_stats.is_ibss_capmismatch++; 575 return 0; 576 } 577 578 return 1; 579} 580 581/* 582 * Handle 802.11 ad hoc network merge. The 583 * convention, set by the Wireless Ethernet Compatibility Alliance 584 * (WECA), is that an 802.11 station will change its BSSID to match 585 * the "oldest" 802.11 ad hoc network, on the same channel, that 586 * has the station's desired SSID. The "oldest" 802.11 network 587 * sends beacons with the greatest TSF timestamp. 588 * 589 * The caller is assumed to validate TSF's before attempting a merge. 590 * 591 * Return !0 if the BSSID changed, 0 otherwise. 592 */ 593int 594ieee80211_ibss_merge(struct ieee80211_node *ni) 595{ 596#ifdef IEEE80211_DEBUG 597 struct ieee80211vap *vap = ni->ni_vap; 598 struct ieee80211com *ic = ni->ni_ic; 599#endif 600 601 if (! ieee80211_ibss_merge_check(ni)) 602 return 0; 603 604 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 605 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 606 ether_sprintf(ni->ni_bssid), 607 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 608 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 609 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 610 ); 611 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 612} 613 614/* 615 * Calculate HT channel promotion flags for all vaps. 616 * This assumes ni_chan have been setup for each vap. 617 */ 618static int 619gethtadjustflags(struct ieee80211com *ic) 620{ 621 struct ieee80211vap *vap; 622 int flags; 623 624 flags = 0; 625 /* XXX locking */ 626 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 627 if (vap->iv_state < IEEE80211_S_RUN) 628 continue; 629 switch (vap->iv_opmode) { 630 case IEEE80211_M_WDS: 631 case IEEE80211_M_STA: 632 case IEEE80211_M_AHDEMO: 633 case IEEE80211_M_HOSTAP: 634 case IEEE80211_M_IBSS: 635 case IEEE80211_M_MBSS: 636 flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan); 637 break; 638 default: 639 break; 640 } 641 } 642 return flags; 643} 644 645/* 646 * Check if the current channel needs to change based on whether 647 * any vap's are using HT20/HT40. This is used to sync the state 648 * of ic_curchan after a channel width change on a running vap. 649 */ 650void 651ieee80211_sync_curchan(struct ieee80211com *ic) 652{ 653 struct ieee80211_channel *c; 654 655 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic)); 656 if (c != ic->ic_curchan) { 657 ic->ic_curchan = c; 658 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 659 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 660 IEEE80211_UNLOCK(ic); 661 ic->ic_set_channel(ic); 662 ieee80211_radiotap_chan_change(ic); 663 IEEE80211_LOCK(ic); 664 } 665} 666 667/* 668 * Setup the current channel. The request channel may be 669 * promoted if other vap's are operating with HT20/HT40. 670 */ 671void 672ieee80211_setupcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 673{ 674 if (ic->ic_htcaps & IEEE80211_HTC_HT) { 675 int flags = gethtadjustflags(ic); 676 /* 677 * Check for channel promotion required to support the 678 * set of running vap's. This assumes we are called 679 * after ni_chan is setup for each vap. 680 */ 681 /* NB: this assumes IEEE80211_FHT_USEHT40 > IEEE80211_FHT_HT */ 682 if (flags > ieee80211_htchanflags(c)) 683 c = ieee80211_ht_adjust_channel(ic, c, flags); 684 } 685 ic->ic_bsschan = ic->ic_curchan = c; 686 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 687 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 688} 689 690/* 691 * Change the current channel. The channel change is guaranteed to have 692 * happened before the next state change. 693 */ 694void 695ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 696{ 697 ieee80211_setupcurchan(ic, c); 698 ieee80211_runtask(ic, &ic->ic_chan_task); 699} 700 701void 702ieee80211_update_chw(struct ieee80211com *ic) 703{ 704 705 ieee80211_setupcurchan(ic, ic->ic_curchan); 706 ieee80211_runtask(ic, &ic->ic_chw_task); 707} 708 709/* 710 * Join the specified IBSS/BSS network. The node is assumed to 711 * be passed in with a held reference. 712 */ 713static int 714ieee80211_sta_join1(struct ieee80211_node *selbs) 715{ 716 struct ieee80211vap *vap = selbs->ni_vap; 717 struct ieee80211com *ic = selbs->ni_ic; 718 struct ieee80211_node *obss; 719 int canreassoc; 720 721 /* 722 * Committed to selbs, setup state. 723 */ 724 obss = vap->iv_bss; 725 /* 726 * Check if old+new node have the same address in which 727 * case we can reassociate when operating in sta mode. 728 */ 729 canreassoc = (obss != NULL && 730 vap->iv_state == IEEE80211_S_RUN && 731 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr)); 732 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt */ 733 if (obss != NULL) { 734 struct ieee80211_node_table *nt = obss->ni_table; 735 736 copy_bss(selbs, obss); 737 ieee80211_node_decref(obss); /* iv_bss reference */ 738 739 IEEE80211_NODE_LOCK(nt); 740 node_reclaim(nt, obss); /* station table reference */ 741 IEEE80211_NODE_UNLOCK(nt); 742 743 obss = NULL; /* NB: guard against later use */ 744 } 745 746 /* 747 * Delete unusable rates; we've already checked 748 * that the negotiated rate set is acceptable. 749 */ 750 ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates, 751 IEEE80211_F_DODEL | IEEE80211_F_JOIN); 752 753 ieee80211_setcurchan(ic, selbs->ni_chan); 754 /* 755 * Set the erp state (mostly the slot time) to deal with 756 * the auto-select case; this should be redundant if the 757 * mode is locked. 758 */ 759 ieee80211_reset_erp(ic); 760 ieee80211_wme_initparams(vap); 761 762 if (vap->iv_opmode == IEEE80211_M_STA) { 763 if (canreassoc) { 764 /* Reassociate */ 765 ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1); 766 } else { 767 /* 768 * Act as if we received a DEAUTH frame in case we 769 * are invoked from the RUN state. This will cause 770 * us to try to re-authenticate if we are operating 771 * as a station. 772 */ 773 ieee80211_new_state(vap, IEEE80211_S_AUTH, 774 IEEE80211_FC0_SUBTYPE_DEAUTH); 775 } 776 } else 777 ieee80211_new_state(vap, IEEE80211_S_RUN, -1); 778 return 1; 779} 780 781int 782ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan, 783 const struct ieee80211_scan_entry *se) 784{ 785 struct ieee80211com *ic = vap->iv_ic; 786 struct ieee80211_node *ni; 787 788 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr); 789 if (ni == NULL) { 790 /* XXX msg */ 791 return 0; 792 } 793 794 /* 795 * Expand scan state into node's format. 796 * XXX may not need all this stuff 797 */ 798 IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid); 799 ni->ni_esslen = se->se_ssid[1]; 800 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen); 801 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 802 ni->ni_intval = se->se_intval; 803 ni->ni_capinfo = se->se_capinfo; 804 ni->ni_chan = chan; 805 ni->ni_timoff = se->se_timoff; 806 ni->ni_fhdwell = se->se_fhdwell; 807 ni->ni_fhindex = se->se_fhindex; 808 ni->ni_erp = se->se_erp; 809 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi); 810 ni->ni_noise = se->se_noise; 811 if (vap->iv_opmode == IEEE80211_M_STA) { 812 /* NB: only infrastructure mode requires an associd */ 813 ni->ni_flags |= IEEE80211_NODE_ASSOCID; 814 } 815 816 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) { 817 ieee80211_ies_expand(&ni->ni_ies); 818#ifdef IEEE80211_SUPPORT_SUPERG 819 if (ni->ni_ies.ath_ie != NULL) 820 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 821#endif 822 if (ni->ni_ies.htcap_ie != NULL) 823 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 824 if (ni->ni_ies.htinfo_ie != NULL) 825 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 826#ifdef IEEE80211_SUPPORT_MESH 827 if (ni->ni_ies.meshid_ie != NULL) 828 ieee80211_parse_meshid(ni, ni->ni_ies.meshid_ie); 829#endif 830#ifdef IEEE80211_SUPPORT_TDMA 831 if (ni->ni_ies.tdma_ie != NULL) 832 ieee80211_parse_tdma(ni, ni->ni_ies.tdma_ie); 833#endif 834 } 835 836 vap->iv_dtim_period = se->se_dtimperiod; 837 vap->iv_dtim_count = 0; 838 839 /* NB: must be after ni_chan is setup */ 840 ieee80211_setup_rates(ni, se->se_rates, se->se_xrates, 841 IEEE80211_F_DOSORT); 842 if (ieee80211_iserp_rateset(&ni->ni_rates)) 843 ni->ni_flags |= IEEE80211_NODE_ERP; 844 845 /* 846 * Setup HT state for this node if it's available, otherwise 847 * non-STA modes won't pick this state up. 848 * 849 * For IBSS and related modes that don't go through an 850 * association request/response, the only appropriate place 851 * to setup the HT state is here. 852 */ 853 if (ni->ni_ies.htinfo_ie != NULL && 854 ni->ni_ies.htcap_ie != NULL && 855 vap->iv_flags_ht & IEEE80211_FHT_HT) { 856 ieee80211_ht_node_init(ni); 857 ieee80211_ht_updateparams(ni, 858 ni->ni_ies.htcap_ie, 859 ni->ni_ies.htinfo_ie); 860 ieee80211_setup_htrates(ni, ni->ni_ies.htcap_ie, 861 IEEE80211_F_JOIN | IEEE80211_F_DOBRS); 862 ieee80211_setup_basic_htrates(ni, ni->ni_ies.htinfo_ie); 863 } 864 /* XXX else check for ath FF? */ 865 /* XXX QoS? Difficult given that WME config is specific to a master */ 866 867 ieee80211_node_setuptxparms(ni); 868 ieee80211_ratectl_node_init(ni); 869 870 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 871} 872 873/* 874 * Leave the specified IBSS/BSS network. The node is assumed to 875 * be passed in with a held reference. 876 */ 877void 878ieee80211_sta_leave(struct ieee80211_node *ni) 879{ 880 struct ieee80211com *ic = ni->ni_ic; 881 882 ic->ic_node_cleanup(ni); 883 ieee80211_notify_node_leave(ni); 884} 885 886/* 887 * Send a deauthenticate frame and drop the station. 888 */ 889void 890ieee80211_node_deauth(struct ieee80211_node *ni, int reason) 891{ 892 /* NB: bump the refcnt to be sure temporary nodes are not reclaimed */ 893 ieee80211_ref_node(ni); 894 if (ni->ni_associd != 0) 895 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 896 ieee80211_node_leave(ni); 897 ieee80211_free_node(ni); 898} 899 900static struct ieee80211_node * 901node_alloc(struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 902{ 903 struct ieee80211_node *ni; 904 905 ni = (struct ieee80211_node *) IEEE80211_MALLOC(sizeof(struct ieee80211_node), 906 M_80211_NODE, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 907 return ni; 908} 909 910/* 911 * Initialize an ie blob with the specified data. If previous 912 * data exists re-use the data block. As a side effect we clear 913 * all references to specific ie's; the caller is required to 914 * recalculate them. 915 */ 916int 917ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len) 918{ 919 /* NB: assumes data+len are the last fields */ 920 memset(ies, 0, offsetof(struct ieee80211_ies, data)); 921 if (ies->data != NULL && ies->len != len) { 922 /* data size changed */ 923 IEEE80211_FREE(ies->data, M_80211_NODE_IE); 924 ies->data = NULL; 925 } 926 if (ies->data == NULL) { 927 ies->data = (uint8_t *) IEEE80211_MALLOC(len, M_80211_NODE_IE, 928 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 929 if (ies->data == NULL) { 930 ies->len = 0; 931 /* NB: pointers have already been zero'd above */ 932 return 0; 933 } 934 } 935 memcpy(ies->data, data, len); 936 ies->len = len; 937 return 1; 938} 939 940/* 941 * Reclaim storage for an ie blob. 942 */ 943void 944ieee80211_ies_cleanup(struct ieee80211_ies *ies) 945{ 946 if (ies->data != NULL) 947 IEEE80211_FREE(ies->data, M_80211_NODE_IE); 948} 949 950/* 951 * Expand an ie blob data contents and to fillin individual 952 * ie pointers. The data blob is assumed to be well-formed; 953 * we don't do any validity checking of ie lengths. 954 */ 955void 956ieee80211_ies_expand(struct ieee80211_ies *ies) 957{ 958 uint8_t *ie; 959 int ielen; 960 961 ie = ies->data; 962 ielen = ies->len; 963 while (ielen > 0) { 964 switch (ie[0]) { 965 case IEEE80211_ELEMID_VENDOR: 966 if (iswpaoui(ie)) 967 ies->wpa_ie = ie; 968 else if (iswmeoui(ie)) 969 ies->wme_ie = ie; 970#ifdef IEEE80211_SUPPORT_SUPERG 971 else if (isatherosoui(ie)) 972 ies->ath_ie = ie; 973#endif 974#ifdef IEEE80211_SUPPORT_TDMA 975 else if (istdmaoui(ie)) 976 ies->tdma_ie = ie; 977#endif 978 break; 979 case IEEE80211_ELEMID_RSN: 980 ies->rsn_ie = ie; 981 break; 982 case IEEE80211_ELEMID_HTCAP: 983 ies->htcap_ie = ie; 984 break; 985 case IEEE80211_ELEMID_HTINFO: 986 ies->htinfo_ie = ie; 987 break; 988#ifdef IEEE80211_SUPPORT_MESH 989 case IEEE80211_ELEMID_MESHID: 990 ies->meshid_ie = ie; 991 break; 992#endif 993 } 994 ielen -= 2 + ie[1]; 995 ie += 2 + ie[1]; 996 } 997} 998 999/* 1000 * Reclaim any resources in a node and reset any critical 1001 * state. Typically nodes are free'd immediately after, 1002 * but in some cases the storage may be reused so we need 1003 * to insure consistent state (should probably fix that). 1004 */ 1005static void 1006node_cleanup(struct ieee80211_node *ni) 1007{ 1008 struct ieee80211vap *vap = ni->ni_vap; 1009 struct ieee80211com *ic = ni->ni_ic; 1010 int i; 1011 1012 /* NB: preserve ni_table */ 1013 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 1014 if (vap->iv_opmode != IEEE80211_M_STA) 1015 vap->iv_ps_sta--; 1016 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 1017 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni, 1018 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta); 1019 } 1020 /* 1021 * Cleanup any HT-related state. 1022 */ 1023 if (ni->ni_flags & IEEE80211_NODE_HT) 1024 ieee80211_ht_node_cleanup(ni); 1025#ifdef IEEE80211_SUPPORT_SUPERG 1026 /* Always do FF node cleanup; for A-MSDU */ 1027 ieee80211_ff_node_cleanup(ni); 1028#endif 1029#ifdef IEEE80211_SUPPORT_MESH 1030 /* 1031 * Cleanup any mesh-related state. 1032 */ 1033 if (vap->iv_opmode == IEEE80211_M_MBSS) 1034 ieee80211_mesh_node_cleanup(ni); 1035#endif 1036 /* 1037 * Clear any staging queue entries. 1038 */ 1039 ieee80211_ageq_drain_node(&ic->ic_stageq, ni); 1040 1041 /* 1042 * Clear AREF flag that marks the authorization refcnt bump 1043 * has happened. This is probably not needed as the node 1044 * should always be removed from the table so not found but 1045 * do it just in case. 1046 * Likewise clear the ASSOCID flag as these flags are intended 1047 * to be managed in tandem. 1048 */ 1049 ni->ni_flags &= ~(IEEE80211_NODE_AREF | IEEE80211_NODE_ASSOCID); 1050 1051 /* 1052 * Drain power save queue and, if needed, clear TIM. 1053 */ 1054 if (ieee80211_node_psq_drain(ni) != 0 && vap->iv_set_tim != NULL) 1055 vap->iv_set_tim(ni, 0); 1056 1057 ni->ni_associd = 0; 1058 if (ni->ni_challenge != NULL) { 1059 IEEE80211_FREE(ni->ni_challenge, M_80211_NODE); 1060 ni->ni_challenge = NULL; 1061 } 1062 /* 1063 * Preserve SSID, WPA, and WME ie's so the bss node is 1064 * reusable during a re-auth/re-assoc state transition. 1065 * If we remove these data they will not be recreated 1066 * because they come from a probe-response or beacon frame 1067 * which cannot be expected prior to the association-response. 1068 * This should not be an issue when operating in other modes 1069 * as stations leaving always go through a full state transition 1070 * which will rebuild this state. 1071 * 1072 * XXX does this leave us open to inheriting old state? 1073 */ 1074 for (i = 0; i < nitems(ni->ni_rxfrag); i++) 1075 if (ni->ni_rxfrag[i] != NULL) { 1076 m_freem(ni->ni_rxfrag[i]); 1077 ni->ni_rxfrag[i] = NULL; 1078 } 1079 /* 1080 * Must be careful here to remove any key map entry w/o a LOR. 1081 */ 1082 ieee80211_node_delucastkey(ni); 1083} 1084 1085static void 1086node_free(struct ieee80211_node *ni) 1087{ 1088 struct ieee80211com *ic = ni->ni_ic; 1089 1090 ieee80211_ratectl_node_deinit(ni); 1091 ic->ic_node_cleanup(ni); 1092 ieee80211_ies_cleanup(&ni->ni_ies); 1093 ieee80211_psq_cleanup(&ni->ni_psq); 1094 IEEE80211_FREE(ni, M_80211_NODE); 1095} 1096 1097static void 1098node_age(struct ieee80211_node *ni) 1099{ 1100 struct ieee80211vap *vap = ni->ni_vap; 1101 1102 /* 1103 * Age frames on the power save queue. 1104 */ 1105 if (ieee80211_node_psq_age(ni) != 0 && 1106 ni->ni_psq.psq_len == 0 && vap->iv_set_tim != NULL) 1107 vap->iv_set_tim(ni, 0); 1108 /* 1109 * Age out HT resources (e.g. frames on the 1110 * A-MPDU reorder queues). 1111 */ 1112 if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT)) 1113 ieee80211_ht_node_age(ni); 1114} 1115 1116static int8_t 1117node_getrssi(const struct ieee80211_node *ni) 1118{ 1119 uint32_t avgrssi = ni->ni_avgrssi; 1120 int32_t rssi; 1121 1122 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) 1123 return 0; 1124 rssi = IEEE80211_RSSI_GET(avgrssi); 1125 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 1126} 1127 1128static void 1129node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise) 1130{ 1131 *rssi = node_getrssi(ni); 1132 *noise = ni->ni_noise; 1133} 1134 1135static void 1136node_getmimoinfo(const struct ieee80211_node *ni, 1137 struct ieee80211_mimo_info *info) 1138{ 1139 int i; 1140 uint32_t avgrssi; 1141 int32_t rssi; 1142 1143 bzero(info, sizeof(*info)); 1144 1145 for (i = 0; i < ni->ni_mimo_chains; i++) { 1146 avgrssi = ni->ni_mimo_rssi_ctl[i]; 1147 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) { 1148 info->rssi[i] = 0; 1149 } else { 1150 rssi = IEEE80211_RSSI_GET(avgrssi); 1151 info->rssi[i] = rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 1152 } 1153 info->noise[i] = ni->ni_mimo_noise_ctl[i]; 1154 } 1155 1156 /* XXX ext radios? */ 1157 1158 /* XXX EVM? */ 1159} 1160 1161struct ieee80211_node * 1162ieee80211_alloc_node(struct ieee80211_node_table *nt, 1163 struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1164{ 1165 struct ieee80211com *ic = nt->nt_ic; 1166 struct ieee80211_node *ni; 1167 int hash; 1168 1169 ni = ic->ic_node_alloc(vap, macaddr); 1170 if (ni == NULL) { 1171 vap->iv_stats.is_rx_nodealloc++; 1172 return NULL; 1173 } 1174 1175 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1176 "%s %p<%s> in %s table\n", __func__, ni, 1177 ether_sprintf(macaddr), nt->nt_name); 1178 1179 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1180 hash = IEEE80211_NODE_HASH(ic, macaddr); 1181 ieee80211_node_initref(ni); /* mark referenced */ 1182 ni->ni_chan = IEEE80211_CHAN_ANYC; 1183 ni->ni_authmode = IEEE80211_AUTH_OPEN; 1184 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 1185 ni->ni_txparms = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1186 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 1187 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER; 1188 ni->ni_inact_reload = nt->nt_inact_init; 1189 ni->ni_inact = ni->ni_inact_reload; 1190 ni->ni_ath_defkeyix = 0x7fff; 1191 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1192#ifdef IEEE80211_SUPPORT_MESH 1193 if (vap->iv_opmode == IEEE80211_M_MBSS) 1194 ieee80211_mesh_node_init(vap, ni); 1195#endif 1196 IEEE80211_NODE_LOCK(nt); 1197 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 1198 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 1199 ni->ni_table = nt; 1200 ni->ni_vap = vap; 1201 ni->ni_ic = ic; 1202 IEEE80211_NODE_UNLOCK(nt); 1203 1204 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 1205 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 1206 1207 ieee80211_ratectl_node_init(ni); 1208 1209 return ni; 1210} 1211 1212/* 1213 * Craft a temporary node suitable for sending a management frame 1214 * to the specified station. We craft only as much state as we 1215 * need to do the work since the node will be immediately reclaimed 1216 * once the send completes. 1217 */ 1218struct ieee80211_node * 1219ieee80211_tmp_node(struct ieee80211vap *vap, 1220 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1221{ 1222 struct ieee80211com *ic = vap->iv_ic; 1223 struct ieee80211_node *ni; 1224 1225 ni = ic->ic_node_alloc(vap, macaddr); 1226 if (ni != NULL) { 1227 struct ieee80211_node *bss = vap->iv_bss; 1228 1229 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1230 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1231 1232 ni->ni_table = NULL; /* NB: pedantic */ 1233 ni->ni_ic = ic; /* NB: needed to set channel */ 1234 ni->ni_vap = vap; 1235 1236 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1237 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1238 ieee80211_node_initref(ni); /* mark referenced */ 1239 /* NB: required by ieee80211_fix_rate */ 1240 ieee80211_node_set_chan(ni, bss->ni_chan); 1241 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, 1242 IEEE80211_KEYIX_NONE); 1243 ni->ni_txpower = bss->ni_txpower; 1244 /* XXX optimize away */ 1245 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1246 1247 ieee80211_ratectl_node_init(ni); 1248 } else { 1249 /* XXX msg */ 1250 vap->iv_stats.is_rx_nodealloc++; 1251 } 1252 return ni; 1253} 1254 1255struct ieee80211_node * 1256ieee80211_dup_bss(struct ieee80211vap *vap, 1257 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1258{ 1259 struct ieee80211com *ic = vap->iv_ic; 1260 struct ieee80211_node *ni; 1261 1262 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr); 1263 if (ni != NULL) { 1264 struct ieee80211_node *bss = vap->iv_bss; 1265 /* 1266 * Inherit from iv_bss. 1267 */ 1268 copy_bss(ni, bss); 1269 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1270 ieee80211_node_set_chan(ni, bss->ni_chan); 1271 } 1272 return ni; 1273} 1274 1275/* 1276 * Create a bss node for a legacy WDS vap. The far end does 1277 * not associate so we just create create a new node and 1278 * simulate an association. The caller is responsible for 1279 * installing the node as the bss node and handling any further 1280 * setup work like authorizing the port. 1281 */ 1282struct ieee80211_node * 1283ieee80211_node_create_wds(struct ieee80211vap *vap, 1284 const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan) 1285{ 1286 struct ieee80211com *ic = vap->iv_ic; 1287 struct ieee80211_node *ni; 1288 1289 /* XXX check if node already in sta table? */ 1290 ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid); 1291 if (ni != NULL) { 1292 ni->ni_wdsvap = vap; 1293 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid); 1294 /* 1295 * Inherit any manually configured settings. 1296 */ 1297 copy_bss(ni, vap->iv_bss); 1298 ieee80211_node_set_chan(ni, chan); 1299 /* NB: propagate ssid so available to WPA supplicant */ 1300 ni->ni_esslen = vap->iv_des_ssid[0].len; 1301 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 1302 /* NB: no associd for peer */ 1303 /* 1304 * There are no management frames to use to 1305 * discover neighbor capabilities, so blindly 1306 * propagate the local configuration. 1307 */ 1308 if (vap->iv_flags & IEEE80211_F_WME) 1309 ni->ni_flags |= IEEE80211_NODE_QOS; 1310#ifdef IEEE80211_SUPPORT_SUPERG 1311 if (vap->iv_flags & IEEE80211_F_FF) 1312 ni->ni_flags |= IEEE80211_NODE_FF; 1313#endif 1314 if ((ic->ic_htcaps & IEEE80211_HTC_HT) && 1315 (vap->iv_flags_ht & IEEE80211_FHT_HT)) { 1316 /* 1317 * Device is HT-capable and HT is enabled for 1318 * the vap; setup HT operation. On return 1319 * ni_chan will be adjusted to an HT channel. 1320 */ 1321 ieee80211_ht_wds_init(ni); 1322 } else { 1323 struct ieee80211_channel *c = ni->ni_chan; 1324 /* 1325 * Force a legacy channel to be used. 1326 */ 1327 c = ieee80211_find_channel(ic, 1328 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT); 1329 KASSERT(c != NULL, ("no legacy channel, %u/%x", 1330 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags)); 1331 ni->ni_chan = c; 1332 } 1333 } 1334 return ni; 1335} 1336 1337struct ieee80211_node * 1338#ifdef IEEE80211_DEBUG_REFCNT 1339ieee80211_find_node_locked_debug(struct ieee80211_node_table *nt, 1340 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1341#else 1342ieee80211_find_node_locked(struct ieee80211_node_table *nt, 1343 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1344#endif 1345{ 1346 struct ieee80211_node *ni; 1347 int hash; 1348 1349 IEEE80211_NODE_LOCK_ASSERT(nt); 1350 1351 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr); 1352 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1353 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1354 ieee80211_ref_node(ni); /* mark referenced */ 1355#ifdef IEEE80211_DEBUG_REFCNT 1356 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1357 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1358 func, line, 1359 ni, ether_sprintf(ni->ni_macaddr), 1360 ieee80211_node_refcnt(ni)); 1361#endif 1362 return ni; 1363 } 1364 } 1365 return NULL; 1366} 1367 1368struct ieee80211_node * 1369#ifdef IEEE80211_DEBUG_REFCNT 1370ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1371 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1372#else 1373ieee80211_find_node(struct ieee80211_node_table *nt, 1374 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1375#endif 1376{ 1377 struct ieee80211_node *ni; 1378 1379 IEEE80211_NODE_LOCK(nt); 1380 ni = ieee80211_find_node_locked(nt, macaddr); 1381 IEEE80211_NODE_UNLOCK(nt); 1382 return ni; 1383} 1384 1385struct ieee80211_node * 1386#ifdef IEEE80211_DEBUG_REFCNT 1387ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table *nt, 1388 const struct ieee80211vap *vap, 1389 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1390#else 1391ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt, 1392 const struct ieee80211vap *vap, 1393 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1394#endif 1395{ 1396 struct ieee80211_node *ni; 1397 int hash; 1398 1399 IEEE80211_NODE_LOCK_ASSERT(nt); 1400 1401 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr); 1402 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1403 if (ni->ni_vap == vap && 1404 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1405 ieee80211_ref_node(ni); /* mark referenced */ 1406#ifdef IEEE80211_DEBUG_REFCNT 1407 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1408 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1409 func, line, 1410 ni, ether_sprintf(ni->ni_macaddr), 1411 ieee80211_node_refcnt(ni)); 1412#endif 1413 return ni; 1414 } 1415 } 1416 return NULL; 1417} 1418 1419struct ieee80211_node * 1420#ifdef IEEE80211_DEBUG_REFCNT 1421ieee80211_find_vap_node_debug(struct ieee80211_node_table *nt, 1422 const struct ieee80211vap *vap, 1423 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1424#else 1425ieee80211_find_vap_node(struct ieee80211_node_table *nt, 1426 const struct ieee80211vap *vap, 1427 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1428#endif 1429{ 1430 struct ieee80211_node *ni; 1431 1432 IEEE80211_NODE_LOCK(nt); 1433 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr); 1434 IEEE80211_NODE_UNLOCK(nt); 1435 return ni; 1436} 1437 1438/* 1439 * Fake up a node; this handles node discovery in adhoc mode. 1440 * Note that for the driver's benefit we we treat this like 1441 * an association so the driver has an opportunity to setup 1442 * it's private state. 1443 */ 1444struct ieee80211_node * 1445ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap, 1446 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1447{ 1448 struct ieee80211_node *ni; 1449 1450 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE | IEEE80211_MSG_ASSOC, 1451 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr)); 1452 ni = ieee80211_dup_bss(vap, macaddr); 1453 if (ni != NULL) { 1454 struct ieee80211com *ic = vap->iv_ic; 1455 1456 /* XXX no rate negotiation; just dup */ 1457 ni->ni_rates = vap->iv_bss->ni_rates; 1458 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1459 ni->ni_flags |= IEEE80211_NODE_ERP; 1460 if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 1461 /* 1462 * In adhoc demo mode there are no management 1463 * frames to use to discover neighbor capabilities, 1464 * so blindly propagate the local configuration 1465 * so we can do interesting things (e.g. use 1466 * WME to disable ACK's). 1467 */ 1468 if (vap->iv_flags & IEEE80211_F_WME) 1469 ni->ni_flags |= IEEE80211_NODE_QOS; 1470#ifdef IEEE80211_SUPPORT_SUPERG 1471 if (vap->iv_flags & IEEE80211_F_FF) 1472 ni->ni_flags |= IEEE80211_NODE_FF; 1473#endif 1474 } 1475 ieee80211_node_setuptxparms(ni); 1476 ieee80211_ratectl_node_init(ni); 1477 if (ic->ic_newassoc != NULL) 1478 ic->ic_newassoc(ni, 1); 1479 /* XXX not right for 802.1x/WPA */ 1480 ieee80211_node_authorize(ni); 1481 } 1482 return ni; 1483} 1484 1485void 1486ieee80211_init_neighbor(struct ieee80211_node *ni, 1487 const struct ieee80211_frame *wh, 1488 const struct ieee80211_scanparams *sp) 1489{ 1490 int do_ht_setup = 0; 1491 1492 ni->ni_esslen = sp->ssid[1]; 1493 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1494 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1495 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1496 ni->ni_intval = sp->bintval; 1497 ni->ni_capinfo = sp->capinfo; 1498 ni->ni_chan = ni->ni_ic->ic_curchan; 1499 ni->ni_fhdwell = sp->fhdwell; 1500 ni->ni_fhindex = sp->fhindex; 1501 ni->ni_erp = sp->erp; 1502 ni->ni_timoff = sp->timoff; 1503#ifdef IEEE80211_SUPPORT_MESH 1504 if (ni->ni_vap->iv_opmode == IEEE80211_M_MBSS) 1505 ieee80211_mesh_init_neighbor(ni, wh, sp); 1506#endif 1507 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) { 1508 ieee80211_ies_expand(&ni->ni_ies); 1509 if (ni->ni_ies.wme_ie != NULL) 1510 ni->ni_flags |= IEEE80211_NODE_QOS; 1511 else 1512 ni->ni_flags &= ~IEEE80211_NODE_QOS; 1513#ifdef IEEE80211_SUPPORT_SUPERG 1514 if (ni->ni_ies.ath_ie != NULL) 1515 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 1516#endif 1517 if (ni->ni_ies.htcap_ie != NULL) 1518 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 1519 if (ni->ni_ies.htinfo_ie != NULL) 1520 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 1521 1522 if ((ni->ni_ies.htcap_ie != NULL) && 1523 (ni->ni_ies.htinfo_ie != NULL) && 1524 (ni->ni_vap->iv_flags_ht & IEEE80211_FHT_HT)) { 1525 do_ht_setup = 1; 1526 } 1527 } 1528 1529 /* NB: must be after ni_chan is setup */ 1530 ieee80211_setup_rates(ni, sp->rates, sp->xrates, 1531 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1532 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1533 1534 /* 1535 * If the neighbor is HT compatible, flip that on. 1536 */ 1537 if (do_ht_setup) { 1538 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 1539 "%s: doing HT setup\n", __func__); 1540 ieee80211_ht_node_init(ni); 1541 ieee80211_ht_updateparams(ni, 1542 ni->ni_ies.htcap_ie, 1543 ni->ni_ies.htinfo_ie); 1544 ieee80211_setup_htrates(ni, 1545 ni->ni_ies.htcap_ie, 1546 IEEE80211_F_JOIN | IEEE80211_F_DOBRS); 1547 ieee80211_setup_basic_htrates(ni, 1548 ni->ni_ies.htinfo_ie); 1549 ieee80211_node_setuptxparms(ni); 1550 ieee80211_ratectl_node_init(ni); 1551 } 1552} 1553 1554/* 1555 * Do node discovery in adhoc mode on receipt of a beacon 1556 * or probe response frame. Note that for the driver's 1557 * benefit we we treat this like an association so the 1558 * driver has an opportunity to setup it's private state. 1559 */ 1560struct ieee80211_node * 1561ieee80211_add_neighbor(struct ieee80211vap *vap, 1562 const struct ieee80211_frame *wh, 1563 const struct ieee80211_scanparams *sp) 1564{ 1565 struct ieee80211_node *ni; 1566 1567 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 1568 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2)); 1569 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */ 1570 if (ni != NULL) { 1571 struct ieee80211com *ic = vap->iv_ic; 1572 1573 ieee80211_init_neighbor(ni, wh, sp); 1574 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1575 ni->ni_flags |= IEEE80211_NODE_ERP; 1576 ieee80211_node_setuptxparms(ni); 1577 ieee80211_ratectl_node_init(ni); 1578 if (ic->ic_newassoc != NULL) 1579 ic->ic_newassoc(ni, 1); 1580 /* XXX not right for 802.1x/WPA */ 1581 ieee80211_node_authorize(ni); 1582 } 1583 return ni; 1584} 1585 1586#define IS_PROBEREQ(wh) \ 1587 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) \ 1588 == (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 1589#define IS_BCAST_PROBEREQ(wh) \ 1590 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \ 1591 ((const struct ieee80211_frame *)(wh))->i_addr3)) 1592 1593static __inline struct ieee80211_node * 1594_find_rxnode(struct ieee80211_node_table *nt, 1595 const struct ieee80211_frame_min *wh) 1596{ 1597 if (IS_BCAST_PROBEREQ(wh)) 1598 return NULL; /* spam bcast probe req to all vap's */ 1599 return ieee80211_find_node_locked(nt, wh->i_addr2); 1600} 1601 1602/* 1603 * Locate the node for sender, track state, and then pass the 1604 * (referenced) node up to the 802.11 layer for its use. Note 1605 * we can return NULL if the sender is not in the table. 1606 */ 1607struct ieee80211_node * 1608#ifdef IEEE80211_DEBUG_REFCNT 1609ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1610 const struct ieee80211_frame_min *wh, const char *func, int line) 1611#else 1612ieee80211_find_rxnode(struct ieee80211com *ic, 1613 const struct ieee80211_frame_min *wh) 1614#endif 1615{ 1616 struct ieee80211_node_table *nt; 1617 struct ieee80211_node *ni; 1618 1619 nt = &ic->ic_sta; 1620 IEEE80211_NODE_LOCK(nt); 1621 ni = _find_rxnode(nt, wh); 1622 IEEE80211_NODE_UNLOCK(nt); 1623 1624 return ni; 1625} 1626 1627/* 1628 * Like ieee80211_find_rxnode but use the supplied h/w 1629 * key index as a hint to locate the node in the key 1630 * mapping table. If an entry is present at the key 1631 * index we return it; otherwise do a normal lookup and 1632 * update the mapping table if the station has a unicast 1633 * key assigned to it. 1634 */ 1635struct ieee80211_node * 1636#ifdef IEEE80211_DEBUG_REFCNT 1637ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic, 1638 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix, 1639 const char *func, int line) 1640#else 1641ieee80211_find_rxnode_withkey(struct ieee80211com *ic, 1642 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix) 1643#endif 1644{ 1645 struct ieee80211_node_table *nt; 1646 struct ieee80211_node *ni; 1647 1648 nt = &ic->ic_sta; 1649 IEEE80211_NODE_LOCK(nt); 1650 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) 1651 ni = nt->nt_keyixmap[keyix]; 1652 else 1653 ni = NULL; 1654 if (ni == NULL) { 1655 ni = _find_rxnode(nt, wh); 1656 if (ni != NULL && nt->nt_keyixmap != NULL) { 1657 /* 1658 * If the station has a unicast key cache slot 1659 * assigned update the key->node mapping table. 1660 */ 1661 keyix = ni->ni_ucastkey.wk_rxkeyix; 1662 /* XXX can keyixmap[keyix] != NULL? */ 1663 if (keyix < nt->nt_keyixmax && 1664 nt->nt_keyixmap[keyix] == NULL) { 1665 IEEE80211_DPRINTF(ni->ni_vap, 1666 IEEE80211_MSG_NODE, 1667 "%s: add key map entry %p<%s> refcnt %d\n", 1668 __func__, ni, ether_sprintf(ni->ni_macaddr), 1669 ieee80211_node_refcnt(ni)+1); 1670 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1671 } 1672 } 1673 } else { 1674 if (IS_BCAST_PROBEREQ(wh)) 1675 ni = NULL; /* spam bcast probe req to all vap's */ 1676 else 1677 ieee80211_ref_node(ni); 1678 } 1679 IEEE80211_NODE_UNLOCK(nt); 1680 1681 return ni; 1682} 1683#undef IS_BCAST_PROBEREQ 1684#undef IS_PROBEREQ 1685 1686/* 1687 * Return a reference to the appropriate node for sending 1688 * a data frame. This handles node discovery in adhoc networks. 1689 */ 1690struct ieee80211_node * 1691#ifdef IEEE80211_DEBUG_REFCNT 1692ieee80211_find_txnode_debug(struct ieee80211vap *vap, 1693 const uint8_t macaddr[IEEE80211_ADDR_LEN], 1694 const char *func, int line) 1695#else 1696ieee80211_find_txnode(struct ieee80211vap *vap, 1697 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1698#endif 1699{ 1700 struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta; 1701 struct ieee80211_node *ni; 1702 1703 /* 1704 * The destination address should be in the node table 1705 * unless this is a multicast/broadcast frame. We can 1706 * also optimize station mode operation, all frames go 1707 * to the bss node. 1708 */ 1709 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1710 IEEE80211_NODE_LOCK(nt); 1711 if (vap->iv_opmode == IEEE80211_M_STA || 1712 vap->iv_opmode == IEEE80211_M_WDS || 1713 IEEE80211_IS_MULTICAST(macaddr)) 1714 ni = ieee80211_ref_node(vap->iv_bss); 1715 else 1716 ni = ieee80211_find_node_locked(nt, macaddr); 1717 IEEE80211_NODE_UNLOCK(nt); 1718 1719 if (ni == NULL) { 1720 if (vap->iv_opmode == IEEE80211_M_IBSS || 1721 vap->iv_opmode == IEEE80211_M_AHDEMO) { 1722 /* 1723 * In adhoc mode cons up a node for the destination. 1724 * Note that we need an additional reference for the 1725 * caller to be consistent with 1726 * ieee80211_find_node_locked. 1727 */ 1728 ni = ieee80211_fakeup_adhoc_node(vap, macaddr); 1729 if (ni != NULL) 1730 (void) ieee80211_ref_node(ni); 1731 } else { 1732 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr, 1733 "no node, discard frame (%s)", __func__); 1734 vap->iv_stats.is_tx_nonode++; 1735 } 1736 } 1737 return ni; 1738} 1739 1740static void 1741_ieee80211_free_node(struct ieee80211_node *ni) 1742{ 1743 struct ieee80211_node_table *nt = ni->ni_table; 1744 1745 /* 1746 * NB: careful about referencing the vap as it may be 1747 * gone if the last reference was held by a driver. 1748 * We know the com will always be present so it's safe 1749 * to use ni_ic below to reclaim resources. 1750 */ 1751#if 0 1752 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1753 "%s %p<%s> in %s table\n", __func__, ni, 1754 ether_sprintf(ni->ni_macaddr), 1755 nt != NULL ? nt->nt_name : "<gone>"); 1756#endif 1757 if (ni->ni_associd != 0) { 1758 struct ieee80211vap *vap = ni->ni_vap; 1759 if (vap->iv_aid_bitmap != NULL) 1760 IEEE80211_AID_CLR(vap, ni->ni_associd); 1761 } 1762 if (nt != NULL) { 1763 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1764 LIST_REMOVE(ni, ni_hash); 1765 } 1766 ni->ni_ic->ic_node_free(ni); 1767} 1768 1769/* 1770 * Clear any entry in the unicast key mapping table. 1771 */ 1772static int 1773node_clear_keyixmap(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1774{ 1775 ieee80211_keyix keyix; 1776 1777 keyix = ni->ni_ucastkey.wk_rxkeyix; 1778 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 1779 nt->nt_keyixmap[keyix] == ni) { 1780 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1781 "%s: %p<%s> clear key map entry %u\n", 1782 __func__, ni, ether_sprintf(ni->ni_macaddr), keyix); 1783 nt->nt_keyixmap[keyix] = NULL; 1784 ieee80211_node_decref(ni); 1785 return 1; 1786 } 1787 1788 return 0; 1789} 1790 1791void 1792#ifdef IEEE80211_DEBUG_REFCNT 1793ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1794#else 1795ieee80211_free_node(struct ieee80211_node *ni) 1796#endif 1797{ 1798 struct ieee80211_node_table *nt = ni->ni_table; 1799 1800#ifdef IEEE80211_DEBUG_REFCNT 1801 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1802 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1803 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1804#endif 1805 if (nt != NULL) { 1806 IEEE80211_NODE_LOCK(nt); 1807 if (ieee80211_node_dectestref(ni)) { 1808 /* 1809 * Last reference, reclaim state. 1810 */ 1811 _ieee80211_free_node(ni); 1812 } else if (ieee80211_node_refcnt(ni) == 1) 1813 if (node_clear_keyixmap(nt, ni)) 1814 _ieee80211_free_node(ni); 1815 IEEE80211_NODE_UNLOCK(nt); 1816 } else { 1817 if (ieee80211_node_dectestref(ni)) 1818 _ieee80211_free_node(ni); 1819 } 1820} 1821 1822/* 1823 * Reclaim a unicast key and clear any key cache state. 1824 */ 1825int 1826ieee80211_node_delucastkey(struct ieee80211_node *ni) 1827{ 1828 struct ieee80211com *ic = ni->ni_ic; 1829 struct ieee80211_node_table *nt = &ic->ic_sta; 1830 struct ieee80211_node *nikey; 1831 ieee80211_keyix keyix; 1832 int isowned, status; 1833 1834 /* 1835 * NB: We must beware of LOR here; deleting the key 1836 * can cause the crypto layer to block traffic updates 1837 * which can generate a LOR against the node table lock; 1838 * grab it here and stash the key index for our use below. 1839 * 1840 * Must also beware of recursion on the node table lock. 1841 * When called from node_cleanup we may already have 1842 * the node table lock held. Unfortunately there's no 1843 * way to separate out this path so we must do this 1844 * conditionally. 1845 */ 1846 isowned = IEEE80211_NODE_IS_LOCKED(nt); 1847 if (!isowned) 1848 IEEE80211_NODE_LOCK(nt); 1849 nikey = NULL; 1850 status = 1; /* NB: success */ 1851 if (ni->ni_ucastkey.wk_keyix != IEEE80211_KEYIX_NONE) { 1852 keyix = ni->ni_ucastkey.wk_rxkeyix; 1853 status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey); 1854 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1855 nikey = nt->nt_keyixmap[keyix]; 1856 nt->nt_keyixmap[keyix] = NULL; 1857 } 1858 } 1859 if (!isowned) 1860 IEEE80211_NODE_UNLOCK(nt); 1861 1862 if (nikey != NULL) { 1863 KASSERT(nikey == ni, 1864 ("key map out of sync, ni %p nikey %p", ni, nikey)); 1865 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1866 "%s: delete key map entry %p<%s> refcnt %d\n", 1867 __func__, ni, ether_sprintf(ni->ni_macaddr), 1868 ieee80211_node_refcnt(ni)-1); 1869 ieee80211_free_node(ni); 1870 } 1871 return status; 1872} 1873 1874/* 1875 * Reclaim a node. If this is the last reference count then 1876 * do the normal free work. Otherwise remove it from the node 1877 * table and mark it gone by clearing the back-reference. 1878 */ 1879static void 1880node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1881{ 1882 1883 IEEE80211_NODE_LOCK_ASSERT(nt); 1884 1885 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1886 "%s: remove %p<%s> from %s table, refcnt %d\n", 1887 __func__, ni, ether_sprintf(ni->ni_macaddr), 1888 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1889 /* 1890 * Clear any entry in the unicast key mapping table. 1891 * We need to do it here so rx lookups don't find it 1892 * in the mapping table even if it's not in the hash 1893 * table. We cannot depend on the mapping table entry 1894 * being cleared because the node may not be free'd. 1895 */ 1896 (void)node_clear_keyixmap(nt, ni); 1897 if (!ieee80211_node_dectestref(ni)) { 1898 /* 1899 * Other references are present, just remove the 1900 * node from the table so it cannot be found. When 1901 * the references are dropped storage will be 1902 * reclaimed. 1903 */ 1904 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1905 LIST_REMOVE(ni, ni_hash); 1906 ni->ni_table = NULL; /* clear reference */ 1907 } else 1908 _ieee80211_free_node(ni); 1909} 1910 1911/* 1912 * Node table support. 1913 */ 1914 1915static void 1916ieee80211_node_table_init(struct ieee80211com *ic, 1917 struct ieee80211_node_table *nt, 1918 const char *name, int inact, int keyixmax) 1919{ 1920 1921 nt->nt_ic = ic; 1922 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_name); 1923 TAILQ_INIT(&nt->nt_node); 1924 nt->nt_name = name; 1925 nt->nt_inact_init = inact; 1926 nt->nt_keyixmax = keyixmax; 1927 if (nt->nt_keyixmax > 0) { 1928 nt->nt_keyixmap = (struct ieee80211_node **) IEEE80211_MALLOC( 1929 keyixmax * sizeof(struct ieee80211_node *), 1930 M_80211_NODE, 1931 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 1932 if (nt->nt_keyixmap == NULL) 1933 ic_printf(ic, 1934 "Cannot allocate key index map with %u entries\n", 1935 keyixmax); 1936 } else 1937 nt->nt_keyixmap = NULL; 1938} 1939 1940static void 1941ieee80211_node_table_reset(struct ieee80211_node_table *nt, 1942 struct ieee80211vap *match) 1943{ 1944 struct ieee80211_node *ni, *next; 1945 1946 IEEE80211_NODE_LOCK(nt); 1947 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { 1948 if (match != NULL && ni->ni_vap != match) 1949 continue; 1950 /* XXX can this happen? if so need's work */ 1951 if (ni->ni_associd != 0) { 1952 struct ieee80211vap *vap = ni->ni_vap; 1953 1954 if (vap->iv_auth->ia_node_leave != NULL) 1955 vap->iv_auth->ia_node_leave(ni); 1956 if (vap->iv_aid_bitmap != NULL) 1957 IEEE80211_AID_CLR(vap, ni->ni_associd); 1958 } 1959 ni->ni_wdsvap = NULL; /* clear reference */ 1960 node_reclaim(nt, ni); 1961 } 1962 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) { 1963 /* 1964 * Make a separate pass to clear references to this vap 1965 * held by DWDS entries. They will not be matched above 1966 * because ni_vap will point to the ap vap but we still 1967 * need to clear ni_wdsvap when the WDS vap is destroyed 1968 * and/or reset. 1969 */ 1970 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) 1971 if (ni->ni_wdsvap == match) 1972 ni->ni_wdsvap = NULL; 1973 } 1974 IEEE80211_NODE_UNLOCK(nt); 1975} 1976 1977static void 1978ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 1979{ 1980 ieee80211_node_table_reset(nt, NULL); 1981 if (nt->nt_keyixmap != NULL) { 1982#ifdef DIAGNOSTIC 1983 /* XXX verify all entries are NULL */ 1984 int i; 1985 for (i = 0; i < nt->nt_keyixmax; i++) 1986 if (nt->nt_keyixmap[i] != NULL) 1987 printf("%s: %s[%u] still active\n", __func__, 1988 nt->nt_name, i); 1989#endif 1990 IEEE80211_FREE(nt->nt_keyixmap, M_80211_NODE); 1991 nt->nt_keyixmap = NULL; 1992 } 1993 IEEE80211_NODE_LOCK_DESTROY(nt); 1994} 1995 1996static void 1997timeout_stations(void *arg __unused, struct ieee80211_node *ni) 1998{ 1999 struct ieee80211com *ic = ni->ni_ic; 2000 struct ieee80211vap *vap = ni->ni_vap; 2001 2002 /* 2003 * Only process stations when in RUN state. This 2004 * insures, for example, that we don't timeout an 2005 * inactive station during CAC. Note that CSA state 2006 * is actually handled in ieee80211_node_timeout as 2007 * it applies to more than timeout processing. 2008 */ 2009 if (vap->iv_state != IEEE80211_S_RUN) 2010 return; 2011 /* 2012 * Ignore entries for which have yet to receive an 2013 * authentication frame. These are transient and 2014 * will be reclaimed when the last reference to them 2015 * goes away (when frame xmits complete). 2016 */ 2017 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 2018 vap->iv_opmode == IEEE80211_M_STA) && 2019 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 2020 return; 2021 /* 2022 * Free fragment if not needed anymore 2023 * (last fragment older than 1s). 2024 * XXX doesn't belong here, move to node_age 2025 */ 2026 if (ni->ni_rxfrag[0] != NULL && 2027 ticks > ni->ni_rxfragstamp + hz) { 2028 m_freem(ni->ni_rxfrag[0]); 2029 ni->ni_rxfrag[0] = NULL; 2030 } 2031 if (ni->ni_inact > 0) { 2032 ni->ni_inact--; 2033 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 2034 "%s: inact %u inact_reload %u nrates %u", 2035 __func__, ni->ni_inact, ni->ni_inact_reload, 2036 ni->ni_rates.rs_nrates); 2037 } 2038 /* 2039 * Special case ourself; we may be idle for extended periods 2040 * of time and regardless reclaiming our state is wrong. 2041 * XXX run ic_node_age 2042 */ 2043 /* XXX before inact decrement? */ 2044 if (ni == vap->iv_bss) 2045 return; 2046 if (ni->ni_associd != 0 || 2047 (vap->iv_opmode == IEEE80211_M_IBSS || 2048 vap->iv_opmode == IEEE80211_M_AHDEMO)) { 2049 /* 2050 * Age/drain resources held by the station. 2051 */ 2052 ic->ic_node_age(ni); 2053 /* 2054 * Probe the station before time it out. We 2055 * send a null data frame which may not be 2056 * universally supported by drivers (need it 2057 * for ps-poll support so it should be...). 2058 * 2059 * XXX don't probe the station unless we've 2060 * received a frame from them (and have 2061 * some idea of the rates they are capable 2062 * of); this will get fixed more properly 2063 * soon with better handling of the rate set. 2064 */ 2065 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 2066 (0 < ni->ni_inact && 2067 ni->ni_inact <= vap->iv_inact_probe) && 2068 ni->ni_rates.rs_nrates != 0) { 2069 IEEE80211_NOTE(vap, 2070 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, 2071 ni, "%s", 2072 "probe station due to inactivity"); 2073 /* 2074 * Grab a reference so the node cannot 2075 * be reclaimed before we send the frame. 2076 * ieee80211_send_nulldata understands 2077 * we've done this and reclaims the 2078 * ref for us as needed. 2079 */ 2080 /* XXX fix this (not required anymore). */ 2081 ieee80211_ref_node(ni); 2082 /* XXX useless */ 2083 ieee80211_send_nulldata(ni); 2084 /* XXX stat? */ 2085 return; 2086 } 2087 } 2088 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 2089 ni->ni_inact <= 0) { 2090 IEEE80211_NOTE(vap, 2091 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni, 2092 "station timed out due to inactivity " 2093 "(refcnt %u)", ieee80211_node_refcnt(ni)); 2094 /* 2095 * Send a deauthenticate frame and drop the station. 2096 * This is somewhat complicated due to reference counts 2097 * and locking. At this point a station will typically 2098 * have a reference count of 2. ieee80211_node_leave 2099 * will do a "free" of the node which will drop the 2100 * reference count. But in the meantime a reference 2101 * wil be held by the deauth frame. The actual reclaim 2102 * of the node will happen either after the tx is 2103 * completed or by ieee80211_node_leave. 2104 */ 2105 if (ni->ni_associd != 0) { 2106 IEEE80211_SEND_MGMT(ni, 2107 IEEE80211_FC0_SUBTYPE_DEAUTH, 2108 IEEE80211_REASON_AUTH_EXPIRE); 2109 } 2110 ieee80211_node_leave(ni); 2111 vap->iv_stats.is_node_timeout++; 2112 } 2113} 2114 2115/* 2116 * Timeout inactive stations and do related housekeeping. 2117 */ 2118static void 2119ieee80211_timeout_stations(struct ieee80211com *ic) 2120{ 2121 struct ieee80211_node_table *nt = &ic->ic_sta; 2122 2123 ieee80211_iterate_nodes(nt, timeout_stations, NULL); 2124} 2125 2126/* 2127 * Aggressively reclaim resources. This should be used 2128 * only in a critical situation to reclaim mbuf resources. 2129 */ 2130void 2131ieee80211_drain(struct ieee80211com *ic) 2132{ 2133 struct ieee80211_node_table *nt = &ic->ic_sta; 2134 struct ieee80211vap *vap; 2135 struct ieee80211_node *ni; 2136 2137 IEEE80211_NODE_LOCK(nt); 2138 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2139 /* 2140 * Ignore entries for which have yet to receive an 2141 * authentication frame. These are transient and 2142 * will be reclaimed when the last reference to them 2143 * goes away (when frame xmits complete). 2144 */ 2145 vap = ni->ni_vap; 2146 /* 2147 * Only process stations when in RUN state. This 2148 * insures, for example, that we don't timeout an 2149 * inactive station during CAC. Note that CSA state 2150 * is actually handled in ieee80211_node_timeout as 2151 * it applies to more than timeout processing. 2152 */ 2153 if (vap->iv_state != IEEE80211_S_RUN) 2154 continue; 2155 /* XXX can vap be NULL? */ 2156 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 2157 vap->iv_opmode == IEEE80211_M_STA) && 2158 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 2159 continue; 2160 /* 2161 * Free fragments. 2162 * XXX doesn't belong here, move to node_drain 2163 */ 2164 if (ni->ni_rxfrag[0] != NULL) { 2165 m_freem(ni->ni_rxfrag[0]); 2166 ni->ni_rxfrag[0] = NULL; 2167 } 2168 /* 2169 * Drain resources held by the station. 2170 */ 2171 ic->ic_node_drain(ni); 2172 } 2173 IEEE80211_NODE_UNLOCK(nt); 2174} 2175 2176/* 2177 * Per-ieee80211com inactivity timer callback. 2178 */ 2179void 2180ieee80211_node_timeout(void *arg) 2181{ 2182 struct ieee80211com *ic = arg; 2183 2184 /* 2185 * Defer timeout processing if a channel switch is pending. 2186 * We typically need to be mute so not doing things that 2187 * might generate frames is good to handle in one place. 2188 * Suppressing the station timeout processing may extend the 2189 * lifetime of inactive stations (by not decrementing their 2190 * idle counters) but this should be ok unless the CSA is 2191 * active for an unusually long time. 2192 */ 2193 if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) { 2194 ieee80211_scan_timeout(ic); 2195 ieee80211_timeout_stations(ic); 2196 ieee80211_ageq_age(&ic->ic_stageq, IEEE80211_INACT_WAIT); 2197 2198 IEEE80211_LOCK(ic); 2199 ieee80211_erp_timeout(ic); 2200 ieee80211_ht_timeout(ic); 2201 IEEE80211_UNLOCK(ic); 2202 } 2203 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 2204 ieee80211_node_timeout, ic); 2205} 2206 2207/* 2208 * Iterate over the node table and return an array of ref'ed nodes. 2209 * 2210 * This is separated out from calling the actual node function so that 2211 * no LORs will occur. 2212 * 2213 * If there are too many nodes (ie, the number of nodes doesn't fit 2214 * within 'max_aid' entries) then the node references will be freed 2215 * and an error will be returned. 2216 * 2217 * The responsibility of allocating and freeing "ni_arr" is up to 2218 * the caller. 2219 */ 2220int 2221ieee80211_iterate_nt(struct ieee80211_node_table *nt, 2222 struct ieee80211_node **ni_arr, uint16_t max_aid) 2223{ 2224 int i, j, ret; 2225 struct ieee80211_node *ni; 2226 2227 IEEE80211_NODE_LOCK(nt); 2228 2229 i = ret = 0; 2230 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2231 if (i >= max_aid) { 2232 ret = E2BIG; 2233 ic_printf(nt->nt_ic, "Node array overflow: max=%u", 2234 max_aid); 2235 break; 2236 } 2237 ni_arr[i] = ieee80211_ref_node(ni); 2238 i++; 2239 } 2240 2241 /* 2242 * It's safe to unlock here. 2243 * 2244 * If we're successful, the list is returned. 2245 * If we're unsuccessful, the list is ignored 2246 * and we remove our references. 2247 * 2248 * This avoids any potential LOR with 2249 * ieee80211_free_node(). 2250 */ 2251 IEEE80211_NODE_UNLOCK(nt); 2252 2253 /* 2254 * If ret is non-zero, we hit some kind of error. 2255 * Rather than walking some nodes, we'll walk none 2256 * of them. 2257 */ 2258 if (ret) { 2259 for (j = 0; j < i; j++) { 2260 /* ieee80211_free_node() locks by itself */ 2261 ieee80211_free_node(ni_arr[j]); 2262 } 2263 } 2264 2265 return (ret); 2266} 2267 2268/* 2269 * Just a wrapper, so we don't have to change every ieee80211_iterate_nodes() 2270 * reference in the source. 2271 * 2272 * Note that this fetches 'max_aid' from the first VAP, rather than finding 2273 * the largest max_aid from all VAPs. 2274 */ 2275void 2276ieee80211_iterate_nodes(struct ieee80211_node_table *nt, 2277 ieee80211_iter_func *f, void *arg) 2278{ 2279 struct ieee80211_node **ni_arr; 2280 size_t size; 2281 int i; 2282 uint16_t max_aid; 2283 struct ieee80211vap *vap; 2284 2285 /* Overdoing it default */ 2286 max_aid = IEEE80211_AID_MAX; 2287 2288 /* Handle the case of there being no vaps just yet */ 2289 vap = TAILQ_FIRST(&nt->nt_ic->ic_vaps); 2290 if (vap != NULL) 2291 max_aid = vap->iv_max_aid; 2292 2293 size = max_aid * sizeof(struct ieee80211_node *); 2294 ni_arr = (struct ieee80211_node **) IEEE80211_MALLOC(size, M_80211_NODE, 2295 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 2296 if (ni_arr == NULL) 2297 return; 2298 2299 /* 2300 * If this fails, the node table won't have any 2301 * valid entries - ieee80211_iterate_nt() frees 2302 * the references to them. So don't try walking 2303 * the table; just skip to the end and free the 2304 * temporary memory. 2305 */ 2306 if (ieee80211_iterate_nt(nt, ni_arr, max_aid) != 0) 2307 goto done; 2308 2309 for (i = 0; i < max_aid; i++) { 2310 if (ni_arr[i] == NULL) /* end of the list */ 2311 break; 2312 (*f)(arg, ni_arr[i]); 2313 /* ieee80211_free_node() locks by itself */ 2314 ieee80211_free_node(ni_arr[i]); 2315 } 2316 2317done: 2318 IEEE80211_FREE(ni_arr, M_80211_NODE); 2319} 2320 2321void 2322ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 2323{ 2324 printf("0x%p: mac %s refcnt %d\n", ni, 2325 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2326 printf("\tauthmode %u flags 0x%x\n", 2327 ni->ni_authmode, ni->ni_flags); 2328 printf("\tassocid 0x%x txpower %u vlan %u\n", 2329 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2330 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2331 ni->ni_txseqs[IEEE80211_NONQOS_TID], 2332 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT, 2333 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK, 2334 ni->ni_rxfragstamp); 2335 printf("\trssi %d noise %d intval %u capinfo 0x%x\n", 2336 node_getrssi(ni), ni->ni_noise, 2337 ni->ni_intval, ni->ni_capinfo); 2338 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 2339 ether_sprintf(ni->ni_bssid), 2340 ni->ni_esslen, ni->ni_essid, 2341 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2342 printf("\tinact %u inact_reload %u txrate %u\n", 2343 ni->ni_inact, ni->ni_inact_reload, ni->ni_txrate); 2344 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n", 2345 ni->ni_htcap, ni->ni_htparam, 2346 ni->ni_htctlchan, ni->ni_ht2ndchan); 2347 printf("\thtopmode %x htstbc %x chw %u\n", 2348 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw); 2349} 2350 2351void 2352ieee80211_dump_nodes(struct ieee80211_node_table *nt) 2353{ 2354 ieee80211_iterate_nodes(nt, 2355 (ieee80211_iter_func *) ieee80211_dump_node, nt); 2356} 2357 2358static void 2359ieee80211_notify_erp_locked(struct ieee80211com *ic) 2360{ 2361 struct ieee80211vap *vap; 2362 2363 IEEE80211_LOCK_ASSERT(ic); 2364 2365 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) 2366 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2367 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP); 2368} 2369 2370void 2371ieee80211_notify_erp(struct ieee80211com *ic) 2372{ 2373 IEEE80211_LOCK(ic); 2374 ieee80211_notify_erp_locked(ic); 2375 IEEE80211_UNLOCK(ic); 2376} 2377 2378/* 2379 * Handle a station joining an 11g network. 2380 */ 2381static void 2382ieee80211_node_join_11g(struct ieee80211_node *ni) 2383{ 2384 struct ieee80211com *ic = ni->ni_ic; 2385 2386 IEEE80211_LOCK_ASSERT(ic); 2387 2388 /* 2389 * Station isn't capable of short slot time. Bump 2390 * the count of long slot time stations and disable 2391 * use of short slot time. Note that the actual switch 2392 * over to long slot time use may not occur until the 2393 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2394 */ 2395 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2396 ic->ic_longslotsta++; 2397 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2398 "station needs long slot time, count %d", 2399 ic->ic_longslotsta); 2400 /* XXX vap's w/ conflicting needs won't work */ 2401 if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) { 2402 /* 2403 * Don't force slot time when switched to turbo 2404 * mode as non-ERP stations won't be present; this 2405 * need only be done when on the normal G channel. 2406 */ 2407 ieee80211_set_shortslottime(ic, 0); 2408 } 2409 } 2410 /* 2411 * If the new station is not an ERP station 2412 * then bump the counter and enable protection 2413 * if configured. 2414 */ 2415 if (!ieee80211_iserp_rateset(&ni->ni_rates)) { 2416 ic->ic_nonerpsta++; 2417 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2418 "station is !ERP, %d non-ERP stations associated", 2419 ic->ic_nonerpsta); 2420 /* 2421 * If station does not support short preamble 2422 * then we must enable use of Barker preamble. 2423 */ 2424 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2425 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2426 "%s", "station needs long preamble"); 2427 ic->ic_flags |= IEEE80211_F_USEBARKER; 2428 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2429 } 2430 /* 2431 * If protection is configured and this is the first 2432 * indication we should use protection, enable it. 2433 */ 2434 if (ic->ic_protmode != IEEE80211_PROT_NONE && 2435 ic->ic_nonerpsta == 1 && 2436 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2437 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2438 "%s: enable use of protection\n", __func__); 2439 ic->ic_flags |= IEEE80211_F_USEPROT; 2440 ieee80211_notify_erp_locked(ic); 2441 } 2442 } else 2443 ni->ni_flags |= IEEE80211_NODE_ERP; 2444} 2445 2446void 2447ieee80211_node_join(struct ieee80211_node *ni, int resp) 2448{ 2449 struct ieee80211com *ic = ni->ni_ic; 2450 struct ieee80211vap *vap = ni->ni_vap; 2451 int newassoc; 2452 2453 if (ni->ni_associd == 0) { 2454 uint16_t aid; 2455 2456 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap")); 2457 /* 2458 * It would be good to search the bitmap 2459 * more efficiently, but this will do for now. 2460 */ 2461 for (aid = 1; aid < vap->iv_max_aid; aid++) { 2462 if (!IEEE80211_AID_ISSET(vap, aid)) 2463 break; 2464 } 2465 if (aid >= vap->iv_max_aid) { 2466 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY); 2467 ieee80211_node_leave(ni); 2468 return; 2469 } 2470 ni->ni_associd = aid | 0xc000; 2471 ni->ni_jointime = time_uptime; 2472 IEEE80211_LOCK(ic); 2473 IEEE80211_AID_SET(vap, ni->ni_associd); 2474 vap->iv_sta_assoc++; 2475 ic->ic_sta_assoc++; 2476 2477 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2478 ieee80211_ht_node_join(ni); 2479 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2480 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2481 ieee80211_node_join_11g(ni); 2482 IEEE80211_UNLOCK(ic); 2483 2484 newassoc = 1; 2485 } else 2486 newassoc = 0; 2487 2488 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2489 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s%s%s", 2490 IEEE80211_NODE_AID(ni), 2491 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2492 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2493 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2494 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "", 2495 ni->ni_flags & IEEE80211_NODE_HT ? 2496 (ni->ni_chw == 40 ? ", HT40" : ", HT20") : "", 2497 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "", 2498 ni->ni_flags & IEEE80211_NODE_MIMO_RTS ? " (+SMPS-DYN)" : 2499 ni->ni_flags & IEEE80211_NODE_MIMO_PS ? " (+SMPS)" : "", 2500 ni->ni_flags & IEEE80211_NODE_RIFS ? " (+RIFS)" : "", 2501 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ? 2502 ", fast-frames" : "", 2503 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ? 2504 ", turbo" : "" 2505 ); 2506 2507 ieee80211_node_setuptxparms(ni); 2508 ieee80211_ratectl_node_init(ni); 2509 /* give driver a chance to setup state like ni_txrate */ 2510 if (ic->ic_newassoc != NULL) 2511 ic->ic_newassoc(ni, newassoc); 2512 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS); 2513 /* tell the authenticator about new station */ 2514 if (vap->iv_auth->ia_node_join != NULL) 2515 vap->iv_auth->ia_node_join(ni); 2516 ieee80211_notify_node_join(ni, 2517 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 2518} 2519 2520static void 2521disable_protection(struct ieee80211com *ic) 2522{ 2523 KASSERT(ic->ic_nonerpsta == 0 && 2524 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0, 2525 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta, 2526 ic->ic_flags_ext)); 2527 2528 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2529 /* XXX verify mode? */ 2530 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2531 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 2532 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2533 } 2534 ieee80211_notify_erp_locked(ic); 2535} 2536 2537/* 2538 * Handle a station leaving an 11g network. 2539 */ 2540static void 2541ieee80211_node_leave_11g(struct ieee80211_node *ni) 2542{ 2543 struct ieee80211com *ic = ni->ni_ic; 2544 2545 IEEE80211_LOCK_ASSERT(ic); 2546 2547 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan), 2548 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq, 2549 ic->ic_bsschan->ic_flags)); 2550 2551 /* 2552 * If a long slot station do the slot time bookkeeping. 2553 */ 2554 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2555 KASSERT(ic->ic_longslotsta > 0, 2556 ("bogus long slot station count %d", ic->ic_longslotsta)); 2557 ic->ic_longslotsta--; 2558 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2559 "long slot time station leaves, count now %d", 2560 ic->ic_longslotsta); 2561 if (ic->ic_longslotsta == 0) { 2562 /* 2563 * Re-enable use of short slot time if supported 2564 * and not operating in IBSS mode (per spec). 2565 */ 2566 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2567 ic->ic_opmode != IEEE80211_M_IBSS) { 2568 IEEE80211_DPRINTF(ni->ni_vap, 2569 IEEE80211_MSG_ASSOC, 2570 "%s: re-enable use of short slot time\n", 2571 __func__); 2572 ieee80211_set_shortslottime(ic, 1); 2573 } 2574 } 2575 } 2576 /* 2577 * If a non-ERP station do the protection-related bookkeeping. 2578 */ 2579 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2580 KASSERT(ic->ic_nonerpsta > 0, 2581 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2582 ic->ic_nonerpsta--; 2583 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2584 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta, 2585 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ? 2586 " (non-ERP sta present)" : ""); 2587 if (ic->ic_nonerpsta == 0 && 2588 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2589 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2590 "%s: disable use of protection\n", __func__); 2591 disable_protection(ic); 2592 } 2593 } 2594} 2595 2596/* 2597 * Time out presence of an overlapping bss with non-ERP 2598 * stations. When operating in hostap mode we listen for 2599 * beacons from other stations and if we identify a non-ERP 2600 * station is present we enable protection. To identify 2601 * when all non-ERP stations are gone we time out this 2602 * condition. 2603 */ 2604static void 2605ieee80211_erp_timeout(struct ieee80211com *ic) 2606{ 2607 2608 IEEE80211_LOCK_ASSERT(ic); 2609 2610 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) && 2611 ieee80211_time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) { 2612#if 0 2613 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2614 "%s", "age out non-ERP sta present on channel"); 2615#endif 2616 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR; 2617 if (ic->ic_nonerpsta == 0) 2618 disable_protection(ic); 2619 } 2620} 2621 2622/* 2623 * Handle bookkeeping for station deauthentication/disassociation 2624 * when operating as an ap. 2625 */ 2626void 2627ieee80211_node_leave(struct ieee80211_node *ni) 2628{ 2629 struct ieee80211com *ic = ni->ni_ic; 2630 struct ieee80211vap *vap = ni->ni_vap; 2631 struct ieee80211_node_table *nt = ni->ni_table; 2632 2633 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2634 "station with aid %d leaves", IEEE80211_NODE_AID(ni)); 2635 2636 KASSERT(vap->iv_opmode != IEEE80211_M_STA, 2637 ("unexpected operating mode %u", vap->iv_opmode)); 2638 /* 2639 * If node wasn't previously associated all 2640 * we need to do is reclaim the reference. 2641 */ 2642 /* XXX ibss mode bypasses 11g and notification */ 2643 if (ni->ni_associd == 0) 2644 goto done; 2645 /* 2646 * Tell the authenticator the station is leaving. 2647 * Note that we must do this before yanking the 2648 * association id as the authenticator uses the 2649 * associd to locate it's state block. 2650 */ 2651 if (vap->iv_auth->ia_node_leave != NULL) 2652 vap->iv_auth->ia_node_leave(ni); 2653 2654 IEEE80211_LOCK(ic); 2655 IEEE80211_AID_CLR(vap, ni->ni_associd); 2656 vap->iv_sta_assoc--; 2657 ic->ic_sta_assoc--; 2658 2659 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2660 ieee80211_ht_node_leave(ni); 2661 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2662 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2663 ieee80211_node_leave_11g(ni); 2664 IEEE80211_UNLOCK(ic); 2665 /* 2666 * Cleanup station state. In particular clear various 2667 * state that might otherwise be reused if the node 2668 * is reused before the reference count goes to zero 2669 * (and memory is reclaimed). 2670 */ 2671 ieee80211_sta_leave(ni); 2672done: 2673 /* 2674 * Remove the node from any table it's recorded in and 2675 * drop the caller's reference. Removal from the table 2676 * is important to insure the node is not reprocessed 2677 * for inactivity. 2678 */ 2679 if (nt != NULL) { 2680 IEEE80211_NODE_LOCK(nt); 2681 node_reclaim(nt, ni); 2682 IEEE80211_NODE_UNLOCK(nt); 2683 } else 2684 ieee80211_free_node(ni); 2685} 2686 2687struct rssiinfo { 2688 struct ieee80211vap *vap; 2689 int rssi_samples; 2690 uint32_t rssi_total; 2691}; 2692 2693static void 2694get_hostap_rssi(void *arg, struct ieee80211_node *ni) 2695{ 2696 struct rssiinfo *info = arg; 2697 struct ieee80211vap *vap = ni->ni_vap; 2698 int8_t rssi; 2699 2700 if (info->vap != vap) 2701 return; 2702 /* only associated stations */ 2703 if (ni->ni_associd == 0) 2704 return; 2705 rssi = vap->iv_ic->ic_node_getrssi(ni); 2706 if (rssi != 0) { 2707 info->rssi_samples++; 2708 info->rssi_total += rssi; 2709 } 2710} 2711 2712static void 2713get_adhoc_rssi(void *arg, struct ieee80211_node *ni) 2714{ 2715 struct rssiinfo *info = arg; 2716 struct ieee80211vap *vap = ni->ni_vap; 2717 int8_t rssi; 2718 2719 if (info->vap != vap) 2720 return; 2721 /* only neighbors */ 2722 /* XXX check bssid */ 2723 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 2724 return; 2725 rssi = vap->iv_ic->ic_node_getrssi(ni); 2726 if (rssi != 0) { 2727 info->rssi_samples++; 2728 info->rssi_total += rssi; 2729 } 2730} 2731 2732#ifdef IEEE80211_SUPPORT_MESH 2733static void 2734get_mesh_rssi(void *arg, struct ieee80211_node *ni) 2735{ 2736 struct rssiinfo *info = arg; 2737 struct ieee80211vap *vap = ni->ni_vap; 2738 int8_t rssi; 2739 2740 if (info->vap != vap) 2741 return; 2742 /* only neighbors that peered successfully */ 2743 if (ni->ni_mlstate != IEEE80211_NODE_MESH_ESTABLISHED) 2744 return; 2745 rssi = vap->iv_ic->ic_node_getrssi(ni); 2746 if (rssi != 0) { 2747 info->rssi_samples++; 2748 info->rssi_total += rssi; 2749 } 2750} 2751#endif /* IEEE80211_SUPPORT_MESH */ 2752 2753int8_t 2754ieee80211_getrssi(struct ieee80211vap *vap) 2755{ 2756#define NZ(x) ((x) == 0 ? 1 : (x)) 2757 struct ieee80211com *ic = vap->iv_ic; 2758 struct rssiinfo info; 2759 2760 info.rssi_total = 0; 2761 info.rssi_samples = 0; 2762 info.vap = vap; 2763 switch (vap->iv_opmode) { 2764 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 2765 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 2766 ieee80211_iterate_nodes(&ic->ic_sta, get_adhoc_rssi, &info); 2767 break; 2768 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 2769 ieee80211_iterate_nodes(&ic->ic_sta, get_hostap_rssi, &info); 2770 break; 2771#ifdef IEEE80211_SUPPORT_MESH 2772 case IEEE80211_M_MBSS: /* average of all mesh neighbors */ 2773 ieee80211_iterate_nodes(&ic->ic_sta, get_mesh_rssi, &info); 2774 break; 2775#endif 2776 case IEEE80211_M_MONITOR: /* XXX */ 2777 case IEEE80211_M_STA: /* use stats from associated ap */ 2778 default: 2779 if (vap->iv_bss != NULL) 2780 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss); 2781 info.rssi_samples = 1; 2782 break; 2783 } 2784 return info.rssi_total / NZ(info.rssi_samples); 2785#undef NZ 2786} 2787 2788void 2789ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise) 2790{ 2791 2792 if (vap->iv_bss == NULL) /* NB: shouldn't happen */ 2793 return; 2794 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise); 2795 /* for non-station mode return avg'd rssi accounting */ 2796 if (vap->iv_opmode != IEEE80211_M_STA) 2797 *rssi = ieee80211_getrssi(vap); 2798} 2799