ieee80211_node.c revision 147788
1/*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * Alternatively, this software may be distributed under the terms of the 18 * GNU General Public License ("GPL") version 2 as published by the Free 19 * Software Foundation. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h> 34__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_node.c 147788 2005-07-06 01:51:44Z sam $"); 35 36#include <sys/param.h> 37#include <sys/systm.h> 38#include <sys/mbuf.h> 39#include <sys/malloc.h> 40#include <sys/kernel.h> 41 42#include <sys/socket.h> 43 44#include <net/if.h> 45#include <net/if_media.h> 46#include <net/ethernet.h> 47 48#include <net80211/ieee80211_var.h> 49 50#include <net/bpf.h> 51 52/* 53 * Association id's are managed with a bit vector. 54 */ 55#define IEEE80211_AID_SET(b, w) \ 56 ((w)[IEEE80211_AID(b) / 32] |= (1 << (IEEE80211_AID(b) % 32))) 57#define IEEE80211_AID_CLR(b, w) \ 58 ((w)[IEEE80211_AID(b) / 32] &= ~(1 << (IEEE80211_AID(b) % 32))) 59#define IEEE80211_AID_ISSET(b, w) \ 60 ((w)[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 61 62static struct ieee80211_node *node_alloc(struct ieee80211_node_table *); 63static void node_cleanup(struct ieee80211_node *); 64static void node_free(struct ieee80211_node *); 65static u_int8_t node_getrssi(const struct ieee80211_node *); 66 67static void ieee80211_setup_node(struct ieee80211_node_table *, 68 struct ieee80211_node *, const u_int8_t *); 69static void _ieee80211_free_node(struct ieee80211_node *); 70static void ieee80211_free_allnodes(struct ieee80211_node_table *); 71 72static void ieee80211_timeout_scan_candidates(struct ieee80211_node_table *); 73static void ieee80211_timeout_stations(struct ieee80211_node_table *); 74 75static void ieee80211_set_tim(struct ieee80211com *, 76 struct ieee80211_node *, int set); 77 78static void ieee80211_node_table_init(struct ieee80211com *ic, 79 struct ieee80211_node_table *nt, const char *name, int inact, 80 void (*timeout)(struct ieee80211_node_table *)); 81static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 82 83MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 84 85void 86ieee80211_node_attach(struct ieee80211com *ic) 87{ 88 89 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 90 IEEE80211_INACT_INIT, ieee80211_timeout_stations); 91 ieee80211_node_table_init(ic, &ic->ic_scan, "scan", 92 IEEE80211_INACT_SCAN, ieee80211_timeout_scan_candidates); 93 94 ic->ic_node_alloc = node_alloc; 95 ic->ic_node_free = node_free; 96 ic->ic_node_cleanup = node_cleanup; 97 ic->ic_node_getrssi = node_getrssi; 98 99 /* default station inactivity timer setings */ 100 ic->ic_inact_init = IEEE80211_INACT_INIT; 101 ic->ic_inact_auth = IEEE80211_INACT_AUTH; 102 ic->ic_inact_run = IEEE80211_INACT_RUN; 103 ic->ic_inact_probe = IEEE80211_INACT_PROBE; 104 105 /* XXX defer */ 106 if (ic->ic_max_aid == 0) 107 ic->ic_max_aid = IEEE80211_AID_DEF; 108 else if (ic->ic_max_aid > IEEE80211_AID_MAX) 109 ic->ic_max_aid = IEEE80211_AID_MAX; 110 MALLOC(ic->ic_aid_bitmap, u_int32_t *, 111 howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t), 112 M_DEVBUF, M_NOWAIT | M_ZERO); 113 if (ic->ic_aid_bitmap == NULL) { 114 /* XXX no way to recover */ 115 printf("%s: no memory for AID bitmap!\n", __func__); 116 ic->ic_max_aid = 0; 117 } 118 119 /* XXX defer until using hostap/ibss mode */ 120 ic->ic_tim_len = howmany(ic->ic_max_aid, 8) * sizeof(u_int8_t); 121 MALLOC(ic->ic_tim_bitmap, u_int8_t *, ic->ic_tim_len, 122 M_DEVBUF, M_NOWAIT | M_ZERO); 123 if (ic->ic_tim_bitmap == NULL) { 124 /* XXX no way to recover */ 125 printf("%s: no memory for TIM bitmap!\n", __func__); 126 } 127 ic->ic_set_tim = ieee80211_set_tim; /* NB: driver should override */ 128} 129 130void 131ieee80211_node_lateattach(struct ieee80211com *ic) 132{ 133 struct ieee80211_node *ni; 134 struct ieee80211_rsnparms *rsn; 135 136 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 137 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 138 /* 139 * Setup "global settings" in the bss node so that 140 * each new station automatically inherits them. 141 */ 142 rsn = &ni->ni_rsn; 143 /* WEP, TKIP, and AES-CCM are always supported */ 144 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_WEP; 145 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_TKIP; 146 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_CCM; 147 if (ic->ic_caps & IEEE80211_C_AES) 148 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_OCB; 149 if (ic->ic_caps & IEEE80211_C_CKIP) 150 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_CKIP; 151 /* 152 * Default unicast cipher to WEP for 802.1x use. If 153 * WPA is enabled the management code will set these 154 * values to reflect. 155 */ 156 rsn->rsn_ucastcipher = IEEE80211_CIPHER_WEP; 157 rsn->rsn_ucastkeylen = 104 / NBBY; 158 /* 159 * WPA says the multicast cipher is the lowest unicast 160 * cipher supported. But we skip WEP which would 161 * otherwise be used based on this criteria. 162 */ 163 rsn->rsn_mcastcipher = IEEE80211_CIPHER_TKIP; 164 rsn->rsn_mcastkeylen = 128 / NBBY; 165 166 /* 167 * We support both WPA-PSK and 802.1x; the one used 168 * is determined by the authentication mode and the 169 * setting of the PSK state. 170 */ 171 rsn->rsn_keymgmtset = WPA_ASE_8021X_UNSPEC | WPA_ASE_8021X_PSK; 172 rsn->rsn_keymgmt = WPA_ASE_8021X_PSK; 173 174 ic->ic_bss = ieee80211_ref_node(ni); /* hold reference */ 175 ic->ic_auth = ieee80211_authenticator_get(ni->ni_authmode); 176} 177 178void 179ieee80211_node_detach(struct ieee80211com *ic) 180{ 181 182 if (ic->ic_bss != NULL) { 183 ieee80211_free_node(ic->ic_bss); 184 ic->ic_bss = NULL; 185 } 186 ieee80211_node_table_cleanup(&ic->ic_scan); 187 ieee80211_node_table_cleanup(&ic->ic_sta); 188 if (ic->ic_aid_bitmap != NULL) { 189 FREE(ic->ic_aid_bitmap, M_DEVBUF); 190 ic->ic_aid_bitmap = NULL; 191 } 192 if (ic->ic_tim_bitmap != NULL) { 193 FREE(ic->ic_tim_bitmap, M_DEVBUF); 194 ic->ic_tim_bitmap = NULL; 195 } 196} 197 198/* 199 * Port authorize/unauthorize interfaces for use by an authenticator. 200 */ 201 202void 203ieee80211_node_authorize(struct ieee80211com *ic, struct ieee80211_node *ni) 204{ 205 ni->ni_flags |= IEEE80211_NODE_AUTH; 206 ni->ni_inact_reload = ic->ic_inact_run; 207} 208 209void 210ieee80211_node_unauthorize(struct ieee80211com *ic, struct ieee80211_node *ni) 211{ 212 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 213} 214 215/* 216 * Set/change the channel. The rate set is also updated as 217 * to insure a consistent view by drivers. 218 */ 219static __inline void 220ieee80211_set_chan(struct ieee80211com *ic, 221 struct ieee80211_node *ni, struct ieee80211_channel *chan) 222{ 223 ni->ni_chan = chan; 224 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, chan)]; 225} 226 227/* 228 * AP scanning support. 229 */ 230 231#ifdef IEEE80211_DEBUG 232static void 233dump_chanlist(const u_char chans[]) 234{ 235 const char *sep; 236 int i; 237 238 sep = " "; 239 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 240 if (isset(chans, i)) { 241 printf("%s%u", sep, i); 242 sep = ", "; 243 } 244} 245#endif /* IEEE80211_DEBUG */ 246 247/* 248 * Initialize the channel set to scan based on the 249 * of available channels and the current PHY mode. 250 */ 251static void 252ieee80211_reset_scan(struct ieee80211com *ic) 253{ 254 255 /* XXX ic_des_chan should be handled with ic_chan_active */ 256 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC) { 257 memset(ic->ic_chan_scan, 0, sizeof(ic->ic_chan_scan)); 258 setbit(ic->ic_chan_scan, 259 ieee80211_chan2ieee(ic, ic->ic_des_chan)); 260 } else 261 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 262 sizeof(ic->ic_chan_active)); 263 /* NB: hack, setup so next_scan starts with the first channel */ 264 if (ic->ic_bss->ni_chan == IEEE80211_CHAN_ANYC) 265 ieee80211_set_chan(ic, ic->ic_bss, 266 &ic->ic_channels[IEEE80211_CHAN_MAX]); 267#ifdef IEEE80211_DEBUG 268 if (ieee80211_msg_scan(ic)) { 269 printf("%s: scan set:", __func__); 270 dump_chanlist(ic->ic_chan_scan); 271 printf(" start chan %u\n", 272 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan)); 273 } 274#endif /* IEEE80211_DEBUG */ 275} 276 277/* 278 * Begin an active scan. 279 */ 280void 281ieee80211_begin_scan(struct ieee80211com *ic, int reset) 282{ 283 284 ic->ic_scan.nt_scangen++; 285 /* 286 * In all but hostap mode scanning starts off in 287 * an active mode before switching to passive. 288 */ 289 if (ic->ic_opmode != IEEE80211_M_HOSTAP) { 290 ic->ic_flags |= IEEE80211_F_ASCAN; 291 ic->ic_stats.is_scan_active++; 292 } else 293 ic->ic_stats.is_scan_passive++; 294 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 295 "begin %s scan in %s mode, scangen %u\n", 296 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive", 297 ieee80211_phymode_name[ic->ic_curmode], ic->ic_scan.nt_scangen); 298 /* 299 * Clear scan state and flush any previously seen AP's. 300 */ 301 ieee80211_reset_scan(ic); 302 if (reset) 303 ieee80211_free_allnodes(&ic->ic_scan); 304 305 ic->ic_flags |= IEEE80211_F_SCAN; 306 307 /* Scan the next channel. */ 308 ieee80211_next_scan(ic); 309} 310 311/* 312 * Switch to the next channel marked for scanning. 313 */ 314int 315ieee80211_next_scan(struct ieee80211com *ic) 316{ 317 struct ieee80211_channel *chan; 318 319 /* 320 * Insure any previous mgt frame timeouts don't fire. 321 * This assumes the driver does the right thing in 322 * flushing anything queued in the driver and below. 323 */ 324 ic->ic_mgt_timer = 0; 325 326 chan = ic->ic_bss->ni_chan; 327 do { 328 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 329 chan = &ic->ic_channels[0]; 330 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 331 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 332 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 333 "%s: chan %d->%d\n", __func__, 334 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan), 335 ieee80211_chan2ieee(ic, chan)); 336 ieee80211_set_chan(ic, ic->ic_bss, chan); 337#ifdef notyet 338 /* XXX driver state change */ 339 /* 340 * Scan next channel. If doing an active scan 341 * and the channel is not marked passive-only 342 * then send a probe request. Otherwise just 343 * listen for beacons on the channel. 344 */ 345 if ((ic->ic_flags & IEEE80211_F_ASCAN) && 346 (ni->ni_chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0) { 347 IEEE80211_SEND_MGMT(ic, ni, 348 IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0); 349 } 350#else 351 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 352#endif 353 return 1; 354 } 355 } while (chan != ic->ic_bss->ni_chan); 356 ieee80211_end_scan(ic); 357 return 0; 358} 359 360static __inline void 361copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 362{ 363 /* propagate useful state */ 364 nbss->ni_authmode = obss->ni_authmode; 365 nbss->ni_txpower = obss->ni_txpower; 366 nbss->ni_vlan = obss->ni_vlan; 367 nbss->ni_rsn = obss->ni_rsn; 368 /* XXX statistics? */ 369} 370 371void 372ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 373{ 374 struct ieee80211_node_table *nt; 375 struct ieee80211_node *ni; 376 377 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 378 "%s: creating ibss\n", __func__); 379 380 /* 381 * Create the station/neighbor table. Note that for adhoc 382 * mode we make the initial inactivity timer longer since 383 * we create nodes only through discovery and they typically 384 * are long-lived associations. 385 */ 386 nt = &ic->ic_sta; 387 IEEE80211_NODE_LOCK(nt); 388 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 389 nt->nt_name = "station"; 390 nt->nt_inact_init = ic->ic_inact_init; 391 } else { 392 nt->nt_name = "neighbor"; 393 nt->nt_inact_init = ic->ic_inact_run; 394 } 395 IEEE80211_NODE_UNLOCK(nt); 396 397 ni = ieee80211_alloc_node(nt, ic->ic_myaddr); 398 if (ni == NULL) { 399 /* XXX recovery? */ 400 return; 401 } 402 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 403 ni->ni_esslen = ic->ic_des_esslen; 404 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 405 copy_bss(ni, ic->ic_bss); 406 ni->ni_intval = ic->ic_lintval; 407 if (ic->ic_flags & IEEE80211_F_PRIVACY) 408 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 409 if (ic->ic_phytype == IEEE80211_T_FH) { 410 ni->ni_fhdwell = 200; /* XXX */ 411 ni->ni_fhindex = 1; 412 } 413 if (ic->ic_opmode == IEEE80211_M_IBSS) { 414 ic->ic_flags |= IEEE80211_F_SIBSS; 415 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 416 if (ic->ic_flags & IEEE80211_F_DESBSSID) 417 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 418 else 419 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 420 } 421 /* 422 * Fix the channel and related attributes. 423 */ 424 ieee80211_set_chan(ic, ni, chan); 425 ic->ic_curmode = ieee80211_chan2mode(ic, chan); 426 /* 427 * Do mode-specific rate setup. 428 */ 429 if (ic->ic_curmode == IEEE80211_MODE_11G) { 430 /* 431 * Use a mixed 11b/11g rate set. 432 */ 433 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11G); 434 } else if (ic->ic_curmode == IEEE80211_MODE_11B) { 435 /* 436 * Force pure 11b rate set. 437 */ 438 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11B); 439 } 440 441 (void) ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 442} 443 444void 445ieee80211_reset_bss(struct ieee80211com *ic) 446{ 447 struct ieee80211_node *ni, *obss; 448 449 ieee80211_node_table_reset(&ic->ic_scan); 450 ieee80211_node_table_reset(&ic->ic_sta); 451 452 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 453 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 454 obss = ic->ic_bss; 455 ic->ic_bss = ieee80211_ref_node(ni); 456 if (obss != NULL) { 457 copy_bss(ni, obss); 458 ni->ni_intval = ic->ic_lintval; 459 ieee80211_free_node(obss); 460 } 461} 462 463static int 464ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 465{ 466 u_int8_t rate; 467 int fail; 468 469 fail = 0; 470 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 471 fail |= 0x01; 472 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 473 ni->ni_chan != ic->ic_des_chan) 474 fail |= 0x01; 475 if (ic->ic_opmode == IEEE80211_M_IBSS) { 476 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 477 fail |= 0x02; 478 } else { 479 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 480 fail |= 0x02; 481 } 482 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 483 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 484 fail |= 0x04; 485 } else { 486 /* XXX does this mean privacy is supported or required? */ 487 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 488 fail |= 0x04; 489 } 490 rate = ieee80211_fix_rate(ic, ni, 491 IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 492 if (rate & IEEE80211_RATE_BASIC) 493 fail |= 0x08; 494 if (ic->ic_des_esslen != 0 && 495 (ni->ni_esslen != ic->ic_des_esslen || 496 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 497 fail |= 0x10; 498 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 499 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 500 fail |= 0x20; 501#ifdef IEEE80211_DEBUG 502 if (ieee80211_msg_scan(ic)) { 503 printf(" %c %s", fail ? '-' : '+', 504 ether_sprintf(ni->ni_macaddr)); 505 printf(" %s%c", ether_sprintf(ni->ni_bssid), 506 fail & 0x20 ? '!' : ' '); 507 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 508 fail & 0x01 ? '!' : ' '); 509 printf(" %+4d", ni->ni_rssi); 510 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 511 fail & 0x08 ? '!' : ' '); 512 printf(" %4s%c", 513 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 514 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 515 "????", 516 fail & 0x02 ? '!' : ' '); 517 printf(" %3s%c ", 518 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 519 "wep" : "no", 520 fail & 0x04 ? '!' : ' '); 521 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 522 printf("%s\n", fail & 0x10 ? "!" : ""); 523 } 524#endif 525 return fail; 526} 527 528static __inline u_int8_t 529maxrate(const struct ieee80211_node *ni) 530{ 531 const struct ieee80211_rateset *rs = &ni->ni_rates; 532 /* NB: assumes rate set is sorted (happens on frame receive) */ 533 return rs->rs_rates[rs->rs_nrates-1] & IEEE80211_RATE_VAL; 534} 535 536/* 537 * Compare the capabilities of two nodes and decide which is 538 * more desirable (return >0 if a is considered better). Note 539 * that we assume compatibility/usability has already been checked 540 * so we don't need to (e.g. validate whether privacy is supported). 541 * Used to select the best scan candidate for association in a BSS. 542 */ 543static int 544ieee80211_node_compare(struct ieee80211com *ic, 545 const struct ieee80211_node *a, 546 const struct ieee80211_node *b) 547{ 548 u_int8_t maxa, maxb; 549 u_int8_t rssia, rssib; 550 551 /* privacy support preferred */ 552 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) && 553 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 554 return 1; 555 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0 && 556 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)) 557 return -1; 558 559 rssia = ic->ic_node_getrssi(a); 560 rssib = ic->ic_node_getrssi(b); 561 if (abs(rssib - rssia) < 5) { 562 /* best/max rate preferred if signal level close enough XXX */ 563 maxa = maxrate(a); 564 maxb = maxrate(b); 565 if (maxa != maxb) 566 return maxa - maxb; 567 /* XXX use freq for channel preference */ 568 /* for now just prefer 5Ghz band to all other bands */ 569 if (IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 570 !IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 571 return 1; 572 if (!IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 573 IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 574 return -1; 575 } 576 /* all things being equal, use signal level */ 577 return rssia - rssib; 578} 579 580/* 581 * Mark an ongoing scan stopped. 582 */ 583void 584ieee80211_cancel_scan(struct ieee80211com *ic) 585{ 586 587 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "%s: end %s scan\n", 588 __func__, 589 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive"); 590 591 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 592} 593 594/* 595 * Complete a scan of potential channels. 596 */ 597void 598ieee80211_end_scan(struct ieee80211com *ic) 599{ 600 struct ieee80211_node_table *nt = &ic->ic_scan; 601 struct ieee80211_node *ni, *selbs; 602 603 ieee80211_cancel_scan(ic); 604 ieee80211_notify_scan_done(ic); 605 606 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 607 u_int8_t maxrssi[IEEE80211_CHAN_MAX]; /* XXX off stack? */ 608 int i, bestchan; 609 u_int8_t rssi; 610 611 /* 612 * The passive scan to look for existing AP's completed, 613 * select a channel to camp on. Identify the channels 614 * that already have one or more AP's and try to locate 615 * an unoccupied one. If that fails, pick a channel that 616 * looks to be quietest. 617 */ 618 memset(maxrssi, 0, sizeof(maxrssi)); 619 IEEE80211_NODE_LOCK(nt); 620 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 621 rssi = ic->ic_node_getrssi(ni); 622 i = ieee80211_chan2ieee(ic, ni->ni_chan); 623 if (rssi > maxrssi[i]) 624 maxrssi[i] = rssi; 625 } 626 IEEE80211_NODE_UNLOCK(nt); 627 /* XXX select channel more intelligently */ 628 bestchan = -1; 629 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 630 if (isset(ic->ic_chan_active, i)) { 631 /* 632 * If the channel is unoccupied the max rssi 633 * should be zero; just take it. Otherwise 634 * track the channel with the lowest rssi and 635 * use that when all channels appear occupied. 636 */ 637 if (maxrssi[i] == 0) { 638 bestchan = i; 639 break; 640 } 641 if (bestchan == -1 || 642 maxrssi[i] < maxrssi[bestchan]) 643 bestchan = i; 644 } 645 if (bestchan != -1) { 646 ieee80211_create_ibss(ic, &ic->ic_channels[bestchan]); 647 return; 648 } 649 /* no suitable channel, should not happen */ 650 } 651 652 /* 653 * When manually sequencing the state machine; scan just once 654 * regardless of whether we have a candidate or not. The 655 * controlling application is expected to setup state and 656 * initiate an association. 657 */ 658 if (ic->ic_roaming == IEEE80211_ROAMING_MANUAL) 659 return; 660 /* 661 * Automatic sequencing; look for a candidate and 662 * if found join the network. 663 */ 664 /* NB: unlocked read should be ok */ 665 if (TAILQ_FIRST(&nt->nt_node) == NULL) { 666 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 667 "%s: no scan candidate\n", __func__); 668 notfound: 669 if (ic->ic_opmode == IEEE80211_M_IBSS && 670 (ic->ic_flags & IEEE80211_F_IBSSON) && 671 ic->ic_des_esslen != 0) { 672 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 673 return; 674 } 675 /* 676 * Reset the list of channels to scan and start again. 677 */ 678 ieee80211_reset_scan(ic); 679 ic->ic_flags |= IEEE80211_F_SCAN; 680 ieee80211_next_scan(ic); 681 return; 682 } 683 selbs = NULL; 684 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "\t%s\n", 685 "macaddr bssid chan rssi rate flag wep essid"); 686 IEEE80211_NODE_LOCK(nt); 687 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 688 if (ni->ni_fails) { 689 /* 690 * The configuration of the access points may change 691 * during my scan. So delete the entry for the AP 692 * and retry to associate if there is another beacon. 693 */ 694 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 695 "%s: skip scan candidate %s, fails %u\n", 696 __func__, ether_sprintf(ni->ni_macaddr), 697 ni->ni_fails); 698 ni->ni_fails++; 699#if 0 700 if (ni->ni_fails++ > 2) 701 ieee80211_free_node(ni); 702#endif 703 continue; 704 } 705 if (ieee80211_match_bss(ic, ni) == 0) { 706 if (selbs == NULL) 707 selbs = ni; 708 else if (ieee80211_node_compare(ic, ni, selbs) > 0) 709 selbs = ni; 710 } 711 } 712 if (selbs != NULL) /* NB: grab ref while dropping lock */ 713 (void) ieee80211_ref_node(selbs); 714 IEEE80211_NODE_UNLOCK(nt); 715 if (selbs == NULL) 716 goto notfound; 717 if (!ieee80211_sta_join(ic, selbs)) { 718 ieee80211_free_node(selbs); 719 goto notfound; 720 } 721} 722 723/* 724 * Handle 802.11 ad hoc network merge. The 725 * convention, set by the Wireless Ethernet Compatibility Alliance 726 * (WECA), is that an 802.11 station will change its BSSID to match 727 * the "oldest" 802.11 ad hoc network, on the same channel, that 728 * has the station's desired SSID. The "oldest" 802.11 network 729 * sends beacons with the greatest TSF timestamp. 730 * 731 * The caller is assumed to validate TSF's before attempting a merge. 732 * 733 * Return !0 if the BSSID changed, 0 otherwise. 734 */ 735int 736ieee80211_ibss_merge(struct ieee80211com *ic, struct ieee80211_node *ni) 737{ 738 739 if (ni == ic->ic_bss || 740 IEEE80211_ADDR_EQ(ni->ni_bssid, ic->ic_bss->ni_bssid)) { 741 /* unchanged, nothing to do */ 742 return 0; 743 } 744 if (ieee80211_match_bss(ic, ni) != 0) { /* capabilities mismatch */ 745 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 746 "%s: merge failed, capabilities mismatch\n", __func__); 747 ic->ic_stats.is_ibss_capmismatch++; 748 return 0; 749 } 750 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 751 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 752 ether_sprintf(ni->ni_bssid), 753 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 754 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 755 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 756 ); 757 return ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 758} 759 760/* 761 * Join the specified IBSS/BSS network. The node is assumed to 762 * be passed in with a held reference. 763 */ 764int 765ieee80211_sta_join(struct ieee80211com *ic, struct ieee80211_node *selbs) 766{ 767 struct ieee80211_node *obss; 768 769 if (ic->ic_opmode == IEEE80211_M_IBSS) { 770 struct ieee80211_node_table *nt; 771 /* 772 * Delete unusable rates; we've already checked 773 * that the negotiated rate set is acceptable. 774 */ 775 ieee80211_fix_rate(ic, selbs, IEEE80211_F_DODEL); 776 /* 777 * Fillin the neighbor table; it will already 778 * exist if we are simply switching mastership. 779 * XXX ic_sta always setup so this is unnecessary? 780 */ 781 nt = &ic->ic_sta; 782 IEEE80211_NODE_LOCK(nt); 783 nt->nt_name = "neighbor"; 784 nt->nt_inact_init = ic->ic_inact_run; 785 IEEE80211_NODE_UNLOCK(nt); 786 } 787 788 /* 789 * Committed to selbs, setup state. 790 */ 791 obss = ic->ic_bss; 792 ic->ic_bss = selbs; /* NB: caller assumed to bump refcnt */ 793 if (obss != NULL) 794 ieee80211_free_node(obss); 795 /* 796 * Set the erp state (mostly the slot time) to deal with 797 * the auto-select case; this should be redundant if the 798 * mode is locked. 799 */ 800 ic->ic_curmode = ieee80211_chan2mode(ic, selbs->ni_chan); 801 ieee80211_reset_erp(ic); 802 ieee80211_wme_initparams(ic); 803 804 if (ic->ic_opmode == IEEE80211_M_STA) 805 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 806 else 807 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 808 return 1; 809} 810 811/* 812 * Leave the specified IBSS/BSS network. The node is assumed to 813 * be passed in with a held reference. 814 */ 815void 816ieee80211_sta_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 817{ 818 ic->ic_node_cleanup(ni); 819 ieee80211_notify_node_leave(ic, ni); 820} 821 822static struct ieee80211_node * 823node_alloc(struct ieee80211_node_table *nt) 824{ 825 struct ieee80211_node *ni; 826 827 MALLOC(ni, struct ieee80211_node *, sizeof(struct ieee80211_node), 828 M_80211_NODE, M_NOWAIT | M_ZERO); 829 return ni; 830} 831 832/* 833 * Reclaim any resources in a node and reset any critical 834 * state. Typically nodes are free'd immediately after, 835 * but in some cases the storage may be reused so we need 836 * to insure consistent state (should probably fix that). 837 */ 838static void 839node_cleanup(struct ieee80211_node *ni) 840{ 841#define N(a) (sizeof(a)/sizeof(a[0])) 842 struct ieee80211com *ic = ni->ni_ic; 843 int i, qlen; 844 845 /* NB: preserve ni_table */ 846 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 847 ic->ic_ps_sta--; 848 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 849 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, 850 "[%s] power save mode off, %u sta's in ps mode\n", 851 ether_sprintf(ni->ni_macaddr), ic->ic_ps_sta); 852 } 853 /* 854 * Clear AREF flag that marks the authorization refcnt bump 855 * has happened. This is probably not needed as the node 856 * should always be removed from the table so not found but 857 * do it just in case. 858 */ 859 ni->ni_flags &= ~IEEE80211_NODE_AREF; 860 861 /* 862 * Drain power save queue and, if needed, clear TIM. 863 */ 864 IEEE80211_NODE_SAVEQ_DRAIN(ni, qlen); 865 if (qlen != 0 && ic->ic_set_tim != NULL) 866 ic->ic_set_tim(ic, ni, 0); 867 868 ni->ni_associd = 0; 869 if (ni->ni_challenge != NULL) { 870 FREE(ni->ni_challenge, M_DEVBUF); 871 ni->ni_challenge = NULL; 872 } 873 /* 874 * Preserve SSID, WPA, and WME ie's so the bss node is 875 * reusable during a re-auth/re-assoc state transition. 876 * If we remove these data they will not be recreated 877 * because they come from a probe-response or beacon frame 878 * which cannot be expected prior to the association-response. 879 * This should not be an issue when operating in other modes 880 * as stations leaving always go through a full state transition 881 * which will rebuild this state. 882 * 883 * XXX does this leave us open to inheriting old state? 884 */ 885 for (i = 0; i < N(ni->ni_rxfrag); i++) 886 if (ni->ni_rxfrag[i] != NULL) { 887 m_freem(ni->ni_rxfrag[i]); 888 ni->ni_rxfrag[i] = NULL; 889 } 890 ieee80211_crypto_delkey(ic, &ni->ni_ucastkey); 891#undef N 892} 893 894static void 895node_free(struct ieee80211_node *ni) 896{ 897 struct ieee80211com *ic = ni->ni_ic; 898 899 ic->ic_node_cleanup(ni); 900 if (ni->ni_wpa_ie != NULL) 901 FREE(ni->ni_wpa_ie, M_DEVBUF); 902 if (ni->ni_wme_ie != NULL) 903 FREE(ni->ni_wme_ie, M_DEVBUF); 904 IEEE80211_NODE_SAVEQ_DESTROY(ni); 905 FREE(ni, M_80211_NODE); 906} 907 908static u_int8_t 909node_getrssi(const struct ieee80211_node *ni) 910{ 911 return ni->ni_rssi; 912} 913 914static void 915ieee80211_setup_node(struct ieee80211_node_table *nt, 916 struct ieee80211_node *ni, const u_int8_t *macaddr) 917{ 918 struct ieee80211com *ic = nt->nt_ic; 919 int hash; 920 921 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 922 "%s %p<%s> in %s table\n", __func__, ni, 923 ether_sprintf(macaddr), nt->nt_name); 924 925 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 926 hash = IEEE80211_NODE_HASH(macaddr); 927 ieee80211_node_initref(ni); /* mark referenced */ 928 ni->ni_chan = IEEE80211_CHAN_ANYC; 929 ni->ni_authmode = IEEE80211_AUTH_OPEN; 930 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 931 ieee80211_crypto_resetkey(ic, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 932 ni->ni_inact_reload = nt->nt_inact_init; 933 ni->ni_inact = ni->ni_inact_reload; 934 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 935 936 IEEE80211_NODE_LOCK(nt); 937 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 938 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 939 ni->ni_table = nt; 940 ni->ni_ic = ic; 941 IEEE80211_NODE_UNLOCK(nt); 942} 943 944struct ieee80211_node * 945ieee80211_alloc_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 946{ 947 struct ieee80211com *ic = nt->nt_ic; 948 struct ieee80211_node *ni; 949 950 ni = ic->ic_node_alloc(nt); 951 if (ni != NULL) 952 ieee80211_setup_node(nt, ni, macaddr); 953 else 954 ic->ic_stats.is_rx_nodealloc++; 955 return ni; 956} 957 958struct ieee80211_node * 959ieee80211_dup_bss(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 960{ 961 struct ieee80211com *ic = nt->nt_ic; 962 struct ieee80211_node *ni; 963 964 ni = ic->ic_node_alloc(nt); 965 if (ni != NULL) { 966 ieee80211_setup_node(nt, ni, macaddr); 967 /* 968 * Inherit from ic_bss. 969 */ 970 ni->ni_authmode = ic->ic_bss->ni_authmode; 971 ni->ni_txpower = ic->ic_bss->ni_txpower; 972 ni->ni_vlan = ic->ic_bss->ni_vlan; /* XXX?? */ 973 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 974 ieee80211_set_chan(ic, ni, ic->ic_bss->ni_chan); 975 ni->ni_rsn = ic->ic_bss->ni_rsn; 976 } else 977 ic->ic_stats.is_rx_nodealloc++; 978 return ni; 979} 980 981static struct ieee80211_node * 982#ifdef IEEE80211_DEBUG_REFCNT 983_ieee80211_find_node_debug(struct ieee80211_node_table *nt, 984 const u_int8_t *macaddr, const char *func, int line) 985#else 986_ieee80211_find_node(struct ieee80211_node_table *nt, 987 const u_int8_t *macaddr) 988#endif 989{ 990 struct ieee80211_node *ni; 991 int hash; 992 993 IEEE80211_NODE_LOCK_ASSERT(nt); 994 995 hash = IEEE80211_NODE_HASH(macaddr); 996 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 997 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 998 ieee80211_ref_node(ni); /* mark referenced */ 999#ifdef IEEE80211_DEBUG_REFCNT 1000 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1001 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1002 func, line, 1003 ni, ether_sprintf(ni->ni_macaddr), 1004 ieee80211_node_refcnt(ni)); 1005#endif 1006 return ni; 1007 } 1008 } 1009 return NULL; 1010} 1011#ifdef IEEE80211_DEBUG_REFCNT 1012#define _ieee80211_find_node(nt, mac) \ 1013 _ieee80211_find_node_debug(nt, mac, func, line) 1014#endif 1015 1016struct ieee80211_node * 1017#ifdef IEEE80211_DEBUG_REFCNT 1018ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1019 const u_int8_t *macaddr, const char *func, int line) 1020#else 1021ieee80211_find_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 1022#endif 1023{ 1024 struct ieee80211_node *ni; 1025 1026 IEEE80211_NODE_LOCK(nt); 1027 ni = _ieee80211_find_node(nt, macaddr); 1028 IEEE80211_NODE_UNLOCK(nt); 1029 return ni; 1030} 1031 1032/* 1033 * Fake up a node; this handles node discovery in adhoc mode. 1034 * Note that for the driver's benefit we we treat this like 1035 * an association so the driver has an opportunity to setup 1036 * it's private state. 1037 */ 1038struct ieee80211_node * 1039ieee80211_fakeup_adhoc_node(struct ieee80211_node_table *nt, 1040 const u_int8_t macaddr[IEEE80211_ADDR_LEN]) 1041{ 1042 struct ieee80211com *ic = nt->nt_ic; 1043 struct ieee80211_node *ni; 1044 1045 ni = ieee80211_dup_bss(nt, macaddr); 1046 if (ni != NULL) { 1047 /* XXX no rate negotiation; just dup */ 1048 ni->ni_rates = ic->ic_bss->ni_rates; 1049 if (ic->ic_newassoc != NULL) 1050 ic->ic_newassoc(ic, ni, 1); 1051 /* XXX not right for 802.1x/WPA */ 1052 ieee80211_node_authorize(ic, ni); 1053 } 1054 return ni; 1055} 1056 1057/* 1058 * Locate the node for sender, track state, and then pass the 1059 * (referenced) node up to the 802.11 layer for its use. We 1060 * are required to pass some node so we fall back to ic_bss 1061 * when this frame is from an unknown sender. The 802.11 layer 1062 * knows this means the sender wasn't in the node table and 1063 * acts accordingly. 1064 */ 1065struct ieee80211_node * 1066#ifdef IEEE80211_DEBUG_REFCNT 1067ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1068 const struct ieee80211_frame_min *wh, const char *func, int line) 1069#else 1070ieee80211_find_rxnode(struct ieee80211com *ic, 1071 const struct ieee80211_frame_min *wh) 1072#endif 1073{ 1074#define IS_CTL(wh) \ 1075 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1076#define IS_PSPOLL(wh) \ 1077 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1078 struct ieee80211_node_table *nt; 1079 struct ieee80211_node *ni; 1080 1081 /* XXX may want scanned nodes in the neighbor table for adhoc */ 1082 if (ic->ic_opmode == IEEE80211_M_STA || 1083 ic->ic_opmode == IEEE80211_M_MONITOR || 1084 (ic->ic_flags & IEEE80211_F_SCAN)) 1085 nt = &ic->ic_scan; 1086 else 1087 nt = &ic->ic_sta; 1088 /* XXX check ic_bss first in station mode */ 1089 /* XXX 4-address frames? */ 1090 IEEE80211_NODE_LOCK(nt); 1091 if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/) 1092 ni = _ieee80211_find_node(nt, wh->i_addr1); 1093 else 1094 ni = _ieee80211_find_node(nt, wh->i_addr2); 1095 IEEE80211_NODE_UNLOCK(nt); 1096 1097 return (ni != NULL ? ni : ieee80211_ref_node(ic->ic_bss)); 1098#undef IS_PSPOLL 1099#undef IS_CTL 1100} 1101 1102/* 1103 * Return a reference to the appropriate node for sending 1104 * a data frame. This handles node discovery in adhoc networks. 1105 */ 1106struct ieee80211_node * 1107#ifdef IEEE80211_DEBUG_REFCNT 1108ieee80211_find_txnode_debug(struct ieee80211com *ic, const u_int8_t *macaddr, 1109 const char *func, int line) 1110#else 1111ieee80211_find_txnode(struct ieee80211com *ic, const u_int8_t *macaddr) 1112#endif 1113{ 1114 struct ieee80211_node_table *nt = &ic->ic_sta; 1115 struct ieee80211_node *ni; 1116 1117 /* 1118 * The destination address should be in the node table 1119 * unless we are operating in station mode or this is a 1120 * multicast/broadcast frame. 1121 */ 1122 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 1123 return ieee80211_ref_node(ic->ic_bss); 1124 1125 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1126 IEEE80211_NODE_LOCK(nt); 1127 ni = _ieee80211_find_node(nt, macaddr); 1128 IEEE80211_NODE_UNLOCK(nt); 1129 1130 if (ni == NULL) { 1131 if (ic->ic_opmode == IEEE80211_M_IBSS || 1132 ic->ic_opmode == IEEE80211_M_AHDEMO) { 1133 /* 1134 * In adhoc mode cons up a node for the destination. 1135 * Note that we need an additional reference for the 1136 * caller to be consistent with _ieee80211_find_node. 1137 */ 1138 ni = ieee80211_fakeup_adhoc_node(nt, macaddr); 1139 if (ni != NULL) 1140 (void) ieee80211_ref_node(ni); 1141 } else { 1142 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, 1143 "[%s] no node, discard frame (%s)\n", 1144 ether_sprintf(macaddr), __func__); 1145 ic->ic_stats.is_tx_nonode++; 1146 } 1147 } 1148 return ni; 1149} 1150 1151/* 1152 * Like find but search based on the channel too. 1153 */ 1154struct ieee80211_node * 1155#ifdef IEEE80211_DEBUG_REFCNT 1156ieee80211_find_node_with_channel_debug(struct ieee80211_node_table *nt, 1157 const u_int8_t *macaddr, struct ieee80211_channel *chan, 1158 const char *func, int line) 1159#else 1160ieee80211_find_node_with_channel(struct ieee80211_node_table *nt, 1161 const u_int8_t *macaddr, struct ieee80211_channel *chan) 1162#endif 1163{ 1164 struct ieee80211_node *ni; 1165 int hash; 1166 1167 hash = IEEE80211_NODE_HASH(macaddr); 1168 IEEE80211_NODE_LOCK(nt); 1169 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1170 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1171 ni->ni_chan == chan) { 1172 ieee80211_ref_node(ni); /* mark referenced */ 1173 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1174#ifdef IEEE80211_DEBUG_REFCNT 1175 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1176 func, line, 1177#else 1178 "%s %p<%s> refcnt %d\n", __func__, 1179#endif 1180 ni, ether_sprintf(ni->ni_macaddr), 1181 ieee80211_node_refcnt(ni)); 1182 break; 1183 } 1184 } 1185 IEEE80211_NODE_UNLOCK(nt); 1186 return ni; 1187} 1188 1189/* 1190 * Like find but search based on the ssid too. 1191 */ 1192struct ieee80211_node * 1193#ifdef IEEE80211_DEBUG_REFCNT 1194ieee80211_find_node_with_ssid_debug(struct ieee80211_node_table *nt, 1195 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid, 1196 const char *func, int line) 1197#else 1198ieee80211_find_node_with_ssid(struct ieee80211_node_table *nt, 1199 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid) 1200#endif 1201{ 1202#define MATCH_SSID(ni, ssid, ssidlen) \ 1203 (ni->ni_esslen == ssidlen && memcmp(ni->ni_essid, ssid, ssidlen) == 0) 1204 static const u_int8_t zeromac[IEEE80211_ADDR_LEN]; 1205 struct ieee80211com *ic = nt->nt_ic; 1206 struct ieee80211_node *ni; 1207 int hash; 1208 1209 IEEE80211_NODE_LOCK(nt); 1210 /* 1211 * A mac address that is all zero means match only the ssid; 1212 * otherwise we must match both. 1213 */ 1214 if (IEEE80211_ADDR_EQ(macaddr, zeromac)) { 1215 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1216 if (MATCH_SSID(ni, ssid, ssidlen)) 1217 break; 1218 } 1219 } else { 1220 hash = IEEE80211_NODE_HASH(macaddr); 1221 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1222 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1223 MATCH_SSID(ni, ssid, ssidlen)) 1224 break; 1225 } 1226 } 1227 if (ni != NULL) { 1228 ieee80211_ref_node(ni); /* mark referenced */ 1229 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1230#ifdef IEEE80211_DEBUG_REFCNT 1231 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1232 func, line, 1233#else 1234 "%s %p<%s> refcnt %d\n", __func__, 1235#endif 1236 ni, ether_sprintf(ni->ni_macaddr), 1237 ieee80211_node_refcnt(ni)); 1238 } 1239 IEEE80211_NODE_UNLOCK(nt); 1240 return ni; 1241#undef MATCH_SSID 1242} 1243 1244static void 1245_ieee80211_free_node(struct ieee80211_node *ni) 1246{ 1247 struct ieee80211com *ic = ni->ni_ic; 1248 struct ieee80211_node_table *nt = ni->ni_table; 1249 1250 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1251 "%s %p<%s> in %s table\n", __func__, ni, 1252 ether_sprintf(ni->ni_macaddr), 1253 nt != NULL ? nt->nt_name : "<gone>"); 1254 1255 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1256 if (nt != NULL) { 1257 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1258 LIST_REMOVE(ni, ni_hash); 1259 } 1260 ic->ic_node_free(ni); 1261} 1262 1263void 1264#ifdef IEEE80211_DEBUG_REFCNT 1265ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1266#else 1267ieee80211_free_node(struct ieee80211_node *ni) 1268#endif 1269{ 1270 struct ieee80211_node_table *nt = ni->ni_table; 1271 1272#ifdef IEEE80211_DEBUG_REFCNT 1273 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1274 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1275 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1276#endif 1277 if (ieee80211_node_dectestref(ni)) { 1278 /* 1279 * Beware; if the node is marked gone then it's already 1280 * been removed from the table and we cannot assume the 1281 * table still exists. Regardless, there's no need to lock 1282 * the table. 1283 */ 1284 if (ni->ni_table != NULL) { 1285 IEEE80211_NODE_LOCK(nt); 1286 _ieee80211_free_node(ni); 1287 IEEE80211_NODE_UNLOCK(nt); 1288 } else 1289 _ieee80211_free_node(ni); 1290 } 1291} 1292 1293/* 1294 * Reclaim a node. If this is the last reference count then 1295 * do the normal free work. Otherwise remove it from the node 1296 * table and mark it gone by clearing the back-reference. 1297 */ 1298static void 1299node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1300{ 1301 1302 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1303 "%s: remove %p<%s> from %s table, refcnt %d\n", 1304 __func__, ni, ether_sprintf(ni->ni_macaddr), 1305 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1306 if (!ieee80211_node_dectestref(ni)) { 1307 /* 1308 * Other references are present, just remove the 1309 * node from the table so it cannot be found. When 1310 * the references are dropped storage will be 1311 * reclaimed. 1312 */ 1313 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1314 LIST_REMOVE(ni, ni_hash); 1315 ni->ni_table = NULL; /* clear reference */ 1316 } else 1317 _ieee80211_free_node(ni); 1318} 1319 1320static void 1321ieee80211_free_allnodes_locked(struct ieee80211_node_table *nt) 1322{ 1323 struct ieee80211com *ic = nt->nt_ic; 1324 struct ieee80211_node *ni; 1325 1326 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1327 "%s: free all nodes in %s table\n", __func__, nt->nt_name); 1328 1329 while ((ni = TAILQ_FIRST(&nt->nt_node)) != NULL) { 1330 if (ni->ni_associd != 0) { 1331 if (ic->ic_auth->ia_node_leave != NULL) 1332 ic->ic_auth->ia_node_leave(ic, ni); 1333 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1334 } 1335 node_reclaim(nt, ni); 1336 } 1337 ieee80211_reset_erp(ic); 1338} 1339 1340static void 1341ieee80211_free_allnodes(struct ieee80211_node_table *nt) 1342{ 1343 1344 IEEE80211_NODE_LOCK(nt); 1345 ieee80211_free_allnodes_locked(nt); 1346 IEEE80211_NODE_UNLOCK(nt); 1347} 1348 1349/* 1350 * Timeout entries in the scan cache. 1351 */ 1352static void 1353ieee80211_timeout_scan_candidates(struct ieee80211_node_table *nt) 1354{ 1355 struct ieee80211com *ic = nt->nt_ic; 1356 struct ieee80211_node *ni, *tni; 1357 1358 IEEE80211_NODE_LOCK(nt); 1359 ni = ic->ic_bss; 1360 /* XXX belongs elsewhere */ 1361 if (ni->ni_rxfrag[0] != NULL && ticks > ni->ni_rxfragstamp + hz) { 1362 m_freem(ni->ni_rxfrag[0]); 1363 ni->ni_rxfrag[0] = NULL; 1364 } 1365 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, tni) { 1366 if (ni->ni_inact && --ni->ni_inact == 0) { 1367 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1368 "[%s] scan candidate purged from cache " 1369 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1370 ieee80211_node_refcnt(ni)); 1371 node_reclaim(nt, ni); 1372 } 1373 } 1374 IEEE80211_NODE_UNLOCK(nt); 1375 1376 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1377} 1378 1379/* 1380 * Timeout inactive stations and do related housekeeping. 1381 * Note that we cannot hold the node lock while sending a 1382 * frame as this would lead to a LOR. Instead we use a 1383 * generation number to mark nodes that we've scanned and 1384 * drop the lock and restart a scan if we have to time out 1385 * a node. Since we are single-threaded by virtue of 1386 * controlling the inactivity timer we can be sure this will 1387 * process each node only once. 1388 */ 1389static void 1390ieee80211_timeout_stations(struct ieee80211_node_table *nt) 1391{ 1392 struct ieee80211com *ic = nt->nt_ic; 1393 struct ieee80211_node *ni; 1394 u_int gen; 1395 1396 IEEE80211_SCAN_LOCK(nt); 1397 gen = nt->nt_scangen++; 1398 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1399 "%s: %s scangen %u\n", __func__, nt->nt_name, gen); 1400restart: 1401 IEEE80211_NODE_LOCK(nt); 1402 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1403 if (ni->ni_scangen == gen) /* previously handled */ 1404 continue; 1405 ni->ni_scangen = gen; 1406 /* 1407 * Ignore entries for which have yet to receive an 1408 * authentication frame. These are transient and 1409 * will be reclaimed when the last reference to them 1410 * goes away (when frame xmits complete). 1411 */ 1412 if ((ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1413 continue; 1414 /* 1415 * Free fragment if not needed anymore 1416 * (last fragment older than 1s). 1417 * XXX doesn't belong here 1418 */ 1419 if (ni->ni_rxfrag[0] != NULL && 1420 ticks > ni->ni_rxfragstamp + hz) { 1421 m_freem(ni->ni_rxfrag[0]); 1422 ni->ni_rxfrag[0] = NULL; 1423 } 1424 /* 1425 * Special case ourself; we may be idle for extended periods 1426 * of time and regardless reclaiming our state is wrong. 1427 */ 1428 if (ni == ic->ic_bss) 1429 continue; 1430 ni->ni_inact--; 1431 if (ni->ni_associd != 0) { 1432 /* 1433 * Age frames on the power save queue. The 1434 * aging interval is 4 times the listen 1435 * interval specified by the station. This 1436 * number is factored into the age calculations 1437 * when the frame is placed on the queue. We 1438 * store ages as time differences we can check 1439 * and/or adjust only the head of the list. 1440 */ 1441 if (IEEE80211_NODE_SAVEQ_QLEN(ni) != 0) { 1442 struct mbuf *m; 1443 int discard = 0; 1444 1445 IEEE80211_NODE_SAVEQ_LOCK(ni); 1446 while (IF_POLL(&ni->ni_savedq, m) != NULL && 1447 M_AGE_GET(m) < IEEE80211_INACT_WAIT) { 1448IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, "[%s] discard frame, age %u\n", ether_sprintf(ni->ni_macaddr), M_AGE_GET(m));/*XXX*/ 1449 _IEEE80211_NODE_SAVEQ_DEQUEUE_HEAD(ni, m); 1450 m_freem(m); 1451 discard++; 1452 } 1453 if (m != NULL) 1454 M_AGE_SUB(m, IEEE80211_INACT_WAIT); 1455 IEEE80211_NODE_SAVEQ_UNLOCK(ni); 1456 1457 if (discard != 0) { 1458 IEEE80211_DPRINTF(ic, 1459 IEEE80211_MSG_POWER, 1460 "[%s] discard %u frames for age\n", 1461 ether_sprintf(ni->ni_macaddr), 1462 discard); 1463 IEEE80211_NODE_STAT_ADD(ni, 1464 ps_discard, discard); 1465 if (IEEE80211_NODE_SAVEQ_QLEN(ni) == 0) 1466 ic->ic_set_tim(ic, ni, 0); 1467 } 1468 } 1469 /* 1470 * Probe the station before time it out. We 1471 * send a null data frame which may not be 1472 * universally supported by drivers (need it 1473 * for ps-poll support so it should be...). 1474 */ 1475 if (0 < ni->ni_inact && 1476 ni->ni_inact <= ic->ic_inact_probe) { 1477 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1478 "[%s] probe station due to inactivity\n", 1479 ether_sprintf(ni->ni_macaddr)); 1480 IEEE80211_NODE_UNLOCK(nt); 1481 ieee80211_send_nulldata(ic, ni); 1482 /* XXX stat? */ 1483 goto restart; 1484 } 1485 } 1486 if (ni->ni_inact <= 0) { 1487 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1488 "[%s] station timed out due to inactivity " 1489 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1490 ieee80211_node_refcnt(ni)); 1491 /* 1492 * Send a deauthenticate frame and drop the station. 1493 * This is somewhat complicated due to reference counts 1494 * and locking. At this point a station will typically 1495 * have a reference count of 1. ieee80211_node_leave 1496 * will do a "free" of the node which will drop the 1497 * reference count. But in the meantime a reference 1498 * wil be held by the deauth frame. The actual reclaim 1499 * of the node will happen either after the tx is 1500 * completed or by ieee80211_node_leave. 1501 * 1502 * Separately we must drop the node lock before sending 1503 * in case the driver takes a lock, as this will result 1504 * in LOR between the node lock and the driver lock. 1505 */ 1506 IEEE80211_NODE_UNLOCK(nt); 1507 if (ni->ni_associd != 0) { 1508 IEEE80211_SEND_MGMT(ic, ni, 1509 IEEE80211_FC0_SUBTYPE_DEAUTH, 1510 IEEE80211_REASON_AUTH_EXPIRE); 1511 } 1512 ieee80211_node_leave(ic, ni); 1513 ic->ic_stats.is_node_timeout++; 1514 goto restart; 1515 } 1516 } 1517 IEEE80211_NODE_UNLOCK(nt); 1518 1519 IEEE80211_SCAN_UNLOCK(nt); 1520 1521 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1522} 1523 1524void 1525ieee80211_iterate_nodes(struct ieee80211_node_table *nt, ieee80211_iter_func *f, void *arg) 1526{ 1527 struct ieee80211_node *ni; 1528 u_int gen; 1529 1530 IEEE80211_SCAN_LOCK(nt); 1531 gen = nt->nt_scangen++; 1532restart: 1533 IEEE80211_NODE_LOCK(nt); 1534 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1535 if (ni->ni_scangen != gen) { 1536 ni->ni_scangen = gen; 1537 (void) ieee80211_ref_node(ni); 1538 IEEE80211_NODE_UNLOCK(nt); 1539 (*f)(arg, ni); 1540 ieee80211_free_node(ni); 1541 goto restart; 1542 } 1543 } 1544 IEEE80211_NODE_UNLOCK(nt); 1545 1546 IEEE80211_SCAN_UNLOCK(nt); 1547} 1548 1549void 1550ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1551{ 1552 printf("0x%p: mac %s refcnt %d\n", ni, 1553 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 1554 printf("\tscangen %u authmode %u flags 0x%x\n", 1555 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 1556 printf("\tassocid 0x%x txpower %u vlan %u\n", 1557 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 1558 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 1559 ni->ni_txseqs[0], 1560 ni->ni_rxseqs[0] >> IEEE80211_SEQ_SEQ_SHIFT, 1561 ni->ni_rxseqs[0] & IEEE80211_SEQ_FRAG_MASK, 1562 ni->ni_rxfragstamp); 1563 printf("\trstamp %u rssi %u intval %u capinfo 0x%x\n", 1564 ni->ni_rstamp, ni->ni_rssi, ni->ni_intval, ni->ni_capinfo); 1565 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 1566 ether_sprintf(ni->ni_bssid), 1567 ni->ni_esslen, ni->ni_essid, 1568 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 1569 printf("\tfails %u inact %u txrate %u\n", 1570 ni->ni_fails, ni->ni_inact, ni->ni_txrate); 1571} 1572 1573void 1574ieee80211_dump_nodes(struct ieee80211_node_table *nt) 1575{ 1576 ieee80211_iterate_nodes(nt, 1577 (ieee80211_iter_func *) ieee80211_dump_node, nt); 1578} 1579 1580/* 1581 * Handle a station joining an 11g network. 1582 */ 1583static void 1584ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1585{ 1586 1587 /* 1588 * Station isn't capable of short slot time. Bump 1589 * the count of long slot time stations and disable 1590 * use of short slot time. Note that the actual switch 1591 * over to long slot time use may not occur until the 1592 * next beacon transmission (per sec. 7.3.1.4 of 11g). 1593 */ 1594 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 1595 ic->ic_longslotsta++; 1596 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1597 "[%s] station needs long slot time, count %d\n", 1598 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 1599 /* XXX vap's w/ conflicting needs won't work */ 1600 ieee80211_set_shortslottime(ic, 0); 1601 } 1602 /* 1603 * If the new station is not an ERP station 1604 * then bump the counter and enable protection 1605 * if configured. 1606 */ 1607 if (!ieee80211_iserp_rateset(ic, &ni->ni_rates)) { 1608 ic->ic_nonerpsta++; 1609 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1610 "[%s] station is !ERP, %d non-ERP stations associated\n", 1611 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 1612 /* 1613 * If protection is configured, enable it. 1614 */ 1615 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 1616 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1617 "%s: enable use of protection\n", __func__); 1618 ic->ic_flags |= IEEE80211_F_USEPROT; 1619 } 1620 /* 1621 * If station does not support short preamble 1622 * then we must enable use of Barker preamble. 1623 */ 1624 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 1625 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1626 "[%s] station needs long preamble\n", 1627 ether_sprintf(ni->ni_macaddr)); 1628 ic->ic_flags |= IEEE80211_F_USEBARKER; 1629 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 1630 } 1631 } else 1632 ni->ni_flags |= IEEE80211_NODE_ERP; 1633} 1634 1635void 1636ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, int resp) 1637{ 1638 int newassoc; 1639 1640 if (ni->ni_associd == 0) { 1641 u_int16_t aid; 1642 1643 /* 1644 * It would be good to search the bitmap 1645 * more efficiently, but this will do for now. 1646 */ 1647 for (aid = 1; aid < ic->ic_max_aid; aid++) { 1648 if (!IEEE80211_AID_ISSET(aid, 1649 ic->ic_aid_bitmap)) 1650 break; 1651 } 1652 if (aid >= ic->ic_max_aid) { 1653 IEEE80211_SEND_MGMT(ic, ni, resp, 1654 IEEE80211_REASON_ASSOC_TOOMANY); 1655 ieee80211_node_leave(ic, ni); 1656 return; 1657 } 1658 ni->ni_associd = aid | 0xc000; 1659 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 1660 ic->ic_sta_assoc++; 1661 newassoc = 1; 1662 if (ic->ic_curmode == IEEE80211_MODE_11G || 1663 ic->ic_curmode == IEEE80211_MODE_TURBO_G) 1664 ieee80211_node_join_11g(ic, ni); 1665 } else 1666 newassoc = 0; 1667 1668 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 1669 "[%s] station %sassociated at aid %d: %s preamble, %s slot time%s%s\n", 1670 ether_sprintf(ni->ni_macaddr), newassoc ? "" : "re", 1671 IEEE80211_NODE_AID(ni), 1672 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 1673 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 1674 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 1675 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "" 1676 ); 1677 1678 /* give driver a chance to setup state like ni_txrate */ 1679 if (ic->ic_newassoc != NULL) 1680 ic->ic_newassoc(ic, ni, newassoc); 1681 ni->ni_inact_reload = ic->ic_inact_auth; 1682 ni->ni_inact = ni->ni_inact_reload; 1683 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 1684 /* tell the authenticator about new station */ 1685 if (ic->ic_auth->ia_node_join != NULL) 1686 ic->ic_auth->ia_node_join(ic, ni); 1687 ieee80211_notify_node_join(ic, ni, newassoc); 1688} 1689 1690/* 1691 * Handle a station leaving an 11g network. 1692 */ 1693static void 1694ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1695{ 1696 1697 KASSERT(ic->ic_curmode == IEEE80211_MODE_11G || 1698 ic->ic_curmode == IEEE80211_MODE_TURBO_G, 1699 ("not in 11g, curmode %x", ic->ic_curmode)); 1700 1701 /* 1702 * If a long slot station do the slot time bookkeeping. 1703 */ 1704 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 1705 KASSERT(ic->ic_longslotsta > 0, 1706 ("bogus long slot station count %d", ic->ic_longslotsta)); 1707 ic->ic_longslotsta--; 1708 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1709 "[%s] long slot time station leaves, count now %d\n", 1710 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 1711 if (ic->ic_longslotsta == 0) { 1712 /* 1713 * Re-enable use of short slot time if supported 1714 * and not operating in IBSS mode (per spec). 1715 */ 1716 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 1717 ic->ic_opmode != IEEE80211_M_IBSS) { 1718 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1719 "%s: re-enable use of short slot time\n", 1720 __func__); 1721 ieee80211_set_shortslottime(ic, 1); 1722 } 1723 } 1724 } 1725 /* 1726 * If a non-ERP station do the protection-related bookkeeping. 1727 */ 1728 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 1729 KASSERT(ic->ic_nonerpsta > 0, 1730 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 1731 ic->ic_nonerpsta--; 1732 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1733 "[%s] non-ERP station leaves, count now %d\n", 1734 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 1735 if (ic->ic_nonerpsta == 0) { 1736 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1737 "%s: disable use of protection\n", __func__); 1738 ic->ic_flags &= ~IEEE80211_F_USEPROT; 1739 /* XXX verify mode? */ 1740 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 1741 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1742 "%s: re-enable use of short preamble\n", 1743 __func__); 1744 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 1745 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 1746 } 1747 } 1748 } 1749} 1750 1751/* 1752 * Handle bookkeeping for station deauthentication/disassociation 1753 * when operating as an ap. 1754 */ 1755void 1756ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 1757{ 1758 struct ieee80211_node_table *nt = ni->ni_table; 1759 1760 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 1761 "[%s] station with aid %d leaves\n", 1762 ether_sprintf(ni->ni_macaddr), IEEE80211_NODE_AID(ni)); 1763 1764 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 1765 ic->ic_opmode == IEEE80211_M_IBSS || 1766 ic->ic_opmode == IEEE80211_M_AHDEMO, 1767 ("unexpected operating mode %u", ic->ic_opmode)); 1768 /* 1769 * If node wasn't previously associated all 1770 * we need to do is reclaim the reference. 1771 */ 1772 /* XXX ibss mode bypasses 11g and notification */ 1773 if (ni->ni_associd == 0) 1774 goto done; 1775 /* 1776 * Tell the authenticator the station is leaving. 1777 * Note that we must do this before yanking the 1778 * association id as the authenticator uses the 1779 * associd to locate it's state block. 1780 */ 1781 if (ic->ic_auth->ia_node_leave != NULL) 1782 ic->ic_auth->ia_node_leave(ic, ni); 1783 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1784 ni->ni_associd = 0; 1785 ic->ic_sta_assoc--; 1786 1787 if (ic->ic_curmode == IEEE80211_MODE_11G || 1788 ic->ic_curmode == IEEE80211_MODE_TURBO_G) 1789 ieee80211_node_leave_11g(ic, ni); 1790 /* 1791 * Cleanup station state. In particular clear various 1792 * state that might otherwise be reused if the node 1793 * is reused before the reference count goes to zero 1794 * (and memory is reclaimed). 1795 */ 1796 ieee80211_sta_leave(ic, ni); 1797done: 1798 /* 1799 * Remove the node from any table it's recorded in and 1800 * drop the caller's reference. Removal from the table 1801 * is important to insure the node is not reprocessed 1802 * for inactivity. 1803 */ 1804 if (nt != NULL) { 1805 IEEE80211_NODE_LOCK(nt); 1806 node_reclaim(nt, ni); 1807 IEEE80211_NODE_UNLOCK(nt); 1808 } else 1809 ieee80211_free_node(ni); 1810} 1811 1812u_int8_t 1813ieee80211_getrssi(struct ieee80211com *ic) 1814{ 1815#define NZ(x) ((x) == 0 ? 1 : (x)) 1816 struct ieee80211_node_table *nt = &ic->ic_sta; 1817 u_int32_t rssi_samples, rssi_total; 1818 struct ieee80211_node *ni; 1819 1820 rssi_total = 0; 1821 rssi_samples = 0; 1822 switch (ic->ic_opmode) { 1823 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 1824 /* XXX locking */ 1825 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 1826 if (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) { 1827 rssi_samples++; 1828 rssi_total += ic->ic_node_getrssi(ni); 1829 } 1830 break; 1831 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 1832 /* XXX locking */ 1833 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1834 rssi_samples++; 1835 rssi_total += ic->ic_node_getrssi(ni); 1836 } 1837 break; 1838 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 1839 /* XXX locking */ 1840 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 1841 if (IEEE80211_AID(ni->ni_associd) != 0) { 1842 rssi_samples++; 1843 rssi_total += ic->ic_node_getrssi(ni); 1844 } 1845 break; 1846 case IEEE80211_M_MONITOR: /* XXX */ 1847 case IEEE80211_M_STA: /* use stats from associated ap */ 1848 default: 1849 if (ic->ic_bss != NULL) 1850 rssi_total = ic->ic_node_getrssi(ic->ic_bss); 1851 rssi_samples = 1; 1852 break; 1853 } 1854 return rssi_total / NZ(rssi_samples); 1855#undef NZ 1856} 1857 1858/* 1859 * Indicate whether there are frames queued for a station in power-save mode. 1860 */ 1861static void 1862ieee80211_set_tim(struct ieee80211com *ic, struct ieee80211_node *ni, int set) 1863{ 1864 u_int16_t aid; 1865 1866 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 1867 ic->ic_opmode == IEEE80211_M_IBSS, 1868 ("operating mode %u", ic->ic_opmode)); 1869 1870 aid = IEEE80211_AID(ni->ni_associd); 1871 KASSERT(aid < ic->ic_max_aid, 1872 ("bogus aid %u, max %u", aid, ic->ic_max_aid)); 1873 1874 IEEE80211_BEACON_LOCK(ic); 1875 if (set != (isset(ic->ic_tim_bitmap, aid) != 0)) { 1876 if (set) { 1877 setbit(ic->ic_tim_bitmap, aid); 1878 ic->ic_ps_pending++; 1879 } else { 1880 clrbit(ic->ic_tim_bitmap, aid); 1881 ic->ic_ps_pending--; 1882 } 1883 ic->ic_flags |= IEEE80211_F_TIMUPDATE; 1884 } 1885 IEEE80211_BEACON_UNLOCK(ic); 1886} 1887 1888/* 1889 * Node table support. 1890 */ 1891 1892static void 1893ieee80211_node_table_init(struct ieee80211com *ic, 1894 struct ieee80211_node_table *nt, 1895 const char *name, int inact, 1896 void (*timeout)(struct ieee80211_node_table *)) 1897{ 1898 1899 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1900 "%s %s table, inact %u\n", __func__, name, inact); 1901 1902 nt->nt_ic = ic; 1903 /* XXX need unit */ 1904 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_ifp->if_xname); 1905 IEEE80211_SCAN_LOCK_INIT(nt, ic->ic_ifp->if_xname); 1906 TAILQ_INIT(&nt->nt_node); 1907 nt->nt_name = name; 1908 nt->nt_scangen = 1; 1909 nt->nt_inact_init = inact; 1910 nt->nt_timeout = timeout; 1911} 1912 1913void 1914ieee80211_node_table_reset(struct ieee80211_node_table *nt) 1915{ 1916 1917 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1918 "%s %s table\n", __func__, nt->nt_name); 1919 1920 IEEE80211_NODE_LOCK(nt); 1921 nt->nt_inact_timer = 0; 1922 ieee80211_free_allnodes_locked(nt); 1923 IEEE80211_NODE_UNLOCK(nt); 1924} 1925 1926static void 1927ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 1928{ 1929 1930 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1931 "%s %s table\n", __func__, nt->nt_name); 1932 1933 ieee80211_free_allnodes_locked(nt); 1934 IEEE80211_SCAN_LOCK_DESTROY(nt); 1935 IEEE80211_NODE_LOCK_DESTROY(nt); 1936} 1937