ieee80211_node.c revision 148299
1/*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * Alternatively, this software may be distributed under the terms of the 18 * GNU General Public License ("GPL") version 2 as published by the Free 19 * Software Foundation. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33#include <sys/cdefs.h> 34__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_node.c 148299 2005-07-22 17:29:03Z sam $"); 35 36#include <sys/param.h> 37#include <sys/systm.h> 38#include <sys/mbuf.h> 39#include <sys/malloc.h> 40#include <sys/kernel.h> 41 42#include <sys/socket.h> 43 44#include <net/if.h> 45#include <net/if_media.h> 46#include <net/ethernet.h> 47 48#include <net80211/ieee80211_var.h> 49 50#include <net/bpf.h> 51 52/* 53 * Association id's are managed with a bit vector. 54 */ 55#define IEEE80211_AID_SET(b, w) \ 56 ((w)[IEEE80211_AID(b) / 32] |= (1 << (IEEE80211_AID(b) % 32))) 57#define IEEE80211_AID_CLR(b, w) \ 58 ((w)[IEEE80211_AID(b) / 32] &= ~(1 << (IEEE80211_AID(b) % 32))) 59#define IEEE80211_AID_ISSET(b, w) \ 60 ((w)[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 61 62static struct ieee80211_node *node_alloc(struct ieee80211_node_table *); 63static void node_cleanup(struct ieee80211_node *); 64static void node_free(struct ieee80211_node *); 65static u_int8_t node_getrssi(const struct ieee80211_node *); 66 67static void ieee80211_setup_node(struct ieee80211_node_table *, 68 struct ieee80211_node *, const u_int8_t *); 69static void _ieee80211_free_node(struct ieee80211_node *); 70static void ieee80211_free_allnodes(struct ieee80211_node_table *); 71 72static void ieee80211_timeout_scan_candidates(struct ieee80211_node_table *); 73static void ieee80211_timeout_stations(struct ieee80211_node_table *); 74 75static void ieee80211_set_tim(struct ieee80211com *, 76 struct ieee80211_node *, int set); 77 78static void ieee80211_node_table_init(struct ieee80211com *ic, 79 struct ieee80211_node_table *nt, const char *name, int inact, 80 void (*timeout)(struct ieee80211_node_table *)); 81static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 82 83MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 84 85void 86ieee80211_node_attach(struct ieee80211com *ic) 87{ 88 89 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 90 IEEE80211_INACT_INIT, ieee80211_timeout_stations); 91 ieee80211_node_table_init(ic, &ic->ic_scan, "scan", 92 IEEE80211_INACT_SCAN, ieee80211_timeout_scan_candidates); 93 94 ic->ic_node_alloc = node_alloc; 95 ic->ic_node_free = node_free; 96 ic->ic_node_cleanup = node_cleanup; 97 ic->ic_node_getrssi = node_getrssi; 98 99 /* default station inactivity timer setings */ 100 ic->ic_inact_init = IEEE80211_INACT_INIT; 101 ic->ic_inact_auth = IEEE80211_INACT_AUTH; 102 ic->ic_inact_run = IEEE80211_INACT_RUN; 103 ic->ic_inact_probe = IEEE80211_INACT_PROBE; 104 105 /* XXX defer */ 106 if (ic->ic_max_aid == 0) 107 ic->ic_max_aid = IEEE80211_AID_DEF; 108 else if (ic->ic_max_aid > IEEE80211_AID_MAX) 109 ic->ic_max_aid = IEEE80211_AID_MAX; 110 MALLOC(ic->ic_aid_bitmap, u_int32_t *, 111 howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t), 112 M_DEVBUF, M_NOWAIT | M_ZERO); 113 if (ic->ic_aid_bitmap == NULL) { 114 /* XXX no way to recover */ 115 printf("%s: no memory for AID bitmap!\n", __func__); 116 ic->ic_max_aid = 0; 117 } 118 119 /* XXX defer until using hostap/ibss mode */ 120 ic->ic_tim_len = howmany(ic->ic_max_aid, 8) * sizeof(u_int8_t); 121 MALLOC(ic->ic_tim_bitmap, u_int8_t *, ic->ic_tim_len, 122 M_DEVBUF, M_NOWAIT | M_ZERO); 123 if (ic->ic_tim_bitmap == NULL) { 124 /* XXX no way to recover */ 125 printf("%s: no memory for TIM bitmap!\n", __func__); 126 } 127 ic->ic_set_tim = ieee80211_set_tim; /* NB: driver should override */ 128} 129 130void 131ieee80211_node_lateattach(struct ieee80211com *ic) 132{ 133 struct ieee80211_node *ni; 134 struct ieee80211_rsnparms *rsn; 135 136 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 137 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 138 /* 139 * Setup "global settings" in the bss node so that 140 * each new station automatically inherits them. 141 */ 142 rsn = &ni->ni_rsn; 143 /* WEP, TKIP, and AES-CCM are always supported */ 144 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_WEP; 145 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_TKIP; 146 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_CCM; 147 if (ic->ic_caps & IEEE80211_C_AES) 148 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_OCB; 149 if (ic->ic_caps & IEEE80211_C_CKIP) 150 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_CKIP; 151 /* 152 * Default unicast cipher to WEP for 802.1x use. If 153 * WPA is enabled the management code will set these 154 * values to reflect. 155 */ 156 rsn->rsn_ucastcipher = IEEE80211_CIPHER_WEP; 157 rsn->rsn_ucastkeylen = 104 / NBBY; 158 /* 159 * WPA says the multicast cipher is the lowest unicast 160 * cipher supported. But we skip WEP which would 161 * otherwise be used based on this criteria. 162 */ 163 rsn->rsn_mcastcipher = IEEE80211_CIPHER_TKIP; 164 rsn->rsn_mcastkeylen = 128 / NBBY; 165 166 /* 167 * We support both WPA-PSK and 802.1x; the one used 168 * is determined by the authentication mode and the 169 * setting of the PSK state. 170 */ 171 rsn->rsn_keymgmtset = WPA_ASE_8021X_UNSPEC | WPA_ASE_8021X_PSK; 172 rsn->rsn_keymgmt = WPA_ASE_8021X_PSK; 173 174 ic->ic_bss = ieee80211_ref_node(ni); /* hold reference */ 175 ic->ic_auth = ieee80211_authenticator_get(ni->ni_authmode); 176} 177 178void 179ieee80211_node_detach(struct ieee80211com *ic) 180{ 181 182 if (ic->ic_bss != NULL) { 183 ieee80211_free_node(ic->ic_bss); 184 ic->ic_bss = NULL; 185 } 186 ieee80211_node_table_cleanup(&ic->ic_scan); 187 ieee80211_node_table_cleanup(&ic->ic_sta); 188 if (ic->ic_aid_bitmap != NULL) { 189 FREE(ic->ic_aid_bitmap, M_DEVBUF); 190 ic->ic_aid_bitmap = NULL; 191 } 192 if (ic->ic_tim_bitmap != NULL) { 193 FREE(ic->ic_tim_bitmap, M_DEVBUF); 194 ic->ic_tim_bitmap = NULL; 195 } 196} 197 198/* 199 * Port authorize/unauthorize interfaces for use by an authenticator. 200 */ 201 202void 203ieee80211_node_authorize(struct ieee80211com *ic, struct ieee80211_node *ni) 204{ 205 ni->ni_flags |= IEEE80211_NODE_AUTH; 206 ni->ni_inact_reload = ic->ic_inact_run; 207} 208 209void 210ieee80211_node_unauthorize(struct ieee80211com *ic, struct ieee80211_node *ni) 211{ 212 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 213} 214 215/* 216 * Set/change the channel. The rate set is also updated as 217 * to insure a consistent view by drivers. 218 */ 219static __inline void 220ieee80211_set_chan(struct ieee80211com *ic, 221 struct ieee80211_node *ni, struct ieee80211_channel *chan) 222{ 223 ni->ni_chan = chan; 224 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, chan)]; 225} 226 227/* 228 * AP scanning support. 229 */ 230 231#ifdef IEEE80211_DEBUG 232static void 233dump_chanlist(const u_char chans[]) 234{ 235 const char *sep; 236 int i; 237 238 sep = " "; 239 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 240 if (isset(chans, i)) { 241 printf("%s%u", sep, i); 242 sep = ", "; 243 } 244} 245#endif /* IEEE80211_DEBUG */ 246 247/* 248 * Initialize the channel set to scan based on the 249 * of available channels and the current PHY mode. 250 */ 251static void 252ieee80211_reset_scan(struct ieee80211com *ic) 253{ 254 255 /* XXX ic_des_chan should be handled with ic_chan_active */ 256 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC) { 257 memset(ic->ic_chan_scan, 0, sizeof(ic->ic_chan_scan)); 258 setbit(ic->ic_chan_scan, 259 ieee80211_chan2ieee(ic, ic->ic_des_chan)); 260 } else 261 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 262 sizeof(ic->ic_chan_active)); 263 /* NB: hack, setup so next_scan starts with the first channel */ 264 if (ic->ic_bss->ni_chan == IEEE80211_CHAN_ANYC) 265 ieee80211_set_chan(ic, ic->ic_bss, 266 &ic->ic_channels[IEEE80211_CHAN_MAX]); 267#ifdef IEEE80211_DEBUG 268 if (ieee80211_msg_scan(ic)) { 269 printf("%s: scan set:", __func__); 270 dump_chanlist(ic->ic_chan_scan); 271 printf(" start chan %u\n", 272 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan)); 273 } 274#endif /* IEEE80211_DEBUG */ 275} 276 277/* 278 * Begin an active scan. 279 */ 280void 281ieee80211_begin_scan(struct ieee80211com *ic, int reset) 282{ 283 284 ic->ic_scan.nt_scangen++; 285 /* 286 * In all but hostap mode scanning starts off in 287 * an active mode before switching to passive. 288 */ 289 if (ic->ic_opmode != IEEE80211_M_HOSTAP) { 290 ic->ic_flags |= IEEE80211_F_ASCAN; 291 ic->ic_stats.is_scan_active++; 292 } else 293 ic->ic_stats.is_scan_passive++; 294 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 295 "begin %s scan in %s mode, scangen %u\n", 296 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive", 297 ieee80211_phymode_name[ic->ic_curmode], ic->ic_scan.nt_scangen); 298 /* 299 * Clear scan state and flush any previously seen AP's. 300 */ 301 ieee80211_reset_scan(ic); 302 if (reset) 303 ieee80211_free_allnodes(&ic->ic_scan); 304 305 ic->ic_flags |= IEEE80211_F_SCAN; 306 307 /* Scan the next channel. */ 308 ieee80211_next_scan(ic); 309} 310 311/* 312 * Switch to the next channel marked for scanning. 313 */ 314int 315ieee80211_next_scan(struct ieee80211com *ic) 316{ 317 struct ieee80211_channel *chan; 318 319 /* 320 * Insure any previous mgt frame timeouts don't fire. 321 * This assumes the driver does the right thing in 322 * flushing anything queued in the driver and below. 323 */ 324 ic->ic_mgt_timer = 0; 325 326 chan = ic->ic_bss->ni_chan; 327 do { 328 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 329 chan = &ic->ic_channels[0]; 330 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 331 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 332 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 333 "%s: chan %d->%d\n", __func__, 334 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan), 335 ieee80211_chan2ieee(ic, chan)); 336 ieee80211_set_chan(ic, ic->ic_bss, chan); 337#ifdef notyet 338 /* XXX driver state change */ 339 /* 340 * Scan next channel. If doing an active scan 341 * and the channel is not marked passive-only 342 * then send a probe request. Otherwise just 343 * listen for beacons on the channel. 344 */ 345 if ((ic->ic_flags & IEEE80211_F_ASCAN) && 346 (ni->ni_chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0) { 347 IEEE80211_SEND_MGMT(ic, ni, 348 IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0); 349 } 350#else 351 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 352#endif 353 return 1; 354 } 355 } while (chan != ic->ic_bss->ni_chan); 356 ieee80211_end_scan(ic); 357 return 0; 358} 359 360static __inline void 361copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 362{ 363 /* propagate useful state */ 364 nbss->ni_authmode = obss->ni_authmode; 365 nbss->ni_txpower = obss->ni_txpower; 366 nbss->ni_vlan = obss->ni_vlan; 367 nbss->ni_rsn = obss->ni_rsn; 368 /* XXX statistics? */ 369} 370 371void 372ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 373{ 374 struct ieee80211_node_table *nt; 375 struct ieee80211_node *ni; 376 377 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 378 "%s: creating ibss\n", __func__); 379 380 /* 381 * Create the station/neighbor table. Note that for adhoc 382 * mode we make the initial inactivity timer longer since 383 * we create nodes only through discovery and they typically 384 * are long-lived associations. 385 */ 386 nt = &ic->ic_sta; 387 IEEE80211_NODE_LOCK(nt); 388 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 389 nt->nt_name = "station"; 390 nt->nt_inact_init = ic->ic_inact_init; 391 } else { 392 nt->nt_name = "neighbor"; 393 nt->nt_inact_init = ic->ic_inact_run; 394 } 395 IEEE80211_NODE_UNLOCK(nt); 396 397 ni = ieee80211_alloc_node(nt, ic->ic_myaddr); 398 if (ni == NULL) { 399 /* XXX recovery? */ 400 return; 401 } 402 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 403 ni->ni_esslen = ic->ic_des_esslen; 404 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 405 copy_bss(ni, ic->ic_bss); 406 ni->ni_intval = ic->ic_lintval; 407 if (ic->ic_flags & IEEE80211_F_PRIVACY) 408 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 409 if (ic->ic_phytype == IEEE80211_T_FH) { 410 ni->ni_fhdwell = 200; /* XXX */ 411 ni->ni_fhindex = 1; 412 } 413 if (ic->ic_opmode == IEEE80211_M_IBSS) { 414 ic->ic_flags |= IEEE80211_F_SIBSS; 415 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 416 if (ic->ic_flags & IEEE80211_F_DESBSSID) 417 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 418 else 419 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 420 } 421 /* 422 * Fix the channel and related attributes. 423 */ 424 ieee80211_set_chan(ic, ni, chan); 425 ic->ic_curmode = ieee80211_chan2mode(ic, chan); 426 /* 427 * Do mode-specific rate setup. 428 */ 429 if (ic->ic_curmode == IEEE80211_MODE_11G) { 430 /* 431 * Use a mixed 11b/11g rate set. 432 */ 433 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11G); 434 } else if (ic->ic_curmode == IEEE80211_MODE_11B) { 435 /* 436 * Force pure 11b rate set. 437 */ 438 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11B); 439 } 440 441 (void) ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 442} 443 444void 445ieee80211_reset_bss(struct ieee80211com *ic) 446{ 447 struct ieee80211_node *ni, *obss; 448 449 ieee80211_node_table_reset(&ic->ic_scan); 450 ieee80211_node_table_reset(&ic->ic_sta); 451 452 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 453 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 454 obss = ic->ic_bss; 455 ic->ic_bss = ieee80211_ref_node(ni); 456 if (obss != NULL) { 457 copy_bss(ni, obss); 458 ni->ni_intval = ic->ic_lintval; 459 ieee80211_free_node(obss); 460 } 461} 462 463static int 464ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 465{ 466 u_int8_t rate; 467 int fail; 468 469 fail = 0; 470 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 471 fail |= 0x01; 472 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 473 ni->ni_chan != ic->ic_des_chan) 474 fail |= 0x01; 475 if (ic->ic_opmode == IEEE80211_M_IBSS) { 476 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 477 fail |= 0x02; 478 } else { 479 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 480 fail |= 0x02; 481 } 482 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 483 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 484 fail |= 0x04; 485 } else { 486 /* XXX does this mean privacy is supported or required? */ 487 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 488 fail |= 0x04; 489 } 490 rate = ieee80211_fix_rate(ni, IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 491 if (rate & IEEE80211_RATE_BASIC) 492 fail |= 0x08; 493 if (ic->ic_des_esslen != 0 && 494 (ni->ni_esslen != ic->ic_des_esslen || 495 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 496 fail |= 0x10; 497 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 498 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 499 fail |= 0x20; 500#ifdef IEEE80211_DEBUG 501 if (ieee80211_msg_scan(ic)) { 502 printf(" %c %s", fail ? '-' : '+', 503 ether_sprintf(ni->ni_macaddr)); 504 printf(" %s%c", ether_sprintf(ni->ni_bssid), 505 fail & 0x20 ? '!' : ' '); 506 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 507 fail & 0x01 ? '!' : ' '); 508 printf(" %+4d", ni->ni_rssi); 509 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 510 fail & 0x08 ? '!' : ' '); 511 printf(" %4s%c", 512 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 513 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 514 "????", 515 fail & 0x02 ? '!' : ' '); 516 printf(" %3s%c ", 517 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 518 "wep" : "no", 519 fail & 0x04 ? '!' : ' '); 520 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 521 printf("%s\n", fail & 0x10 ? "!" : ""); 522 } 523#endif 524 return fail; 525} 526 527static __inline u_int8_t 528maxrate(const struct ieee80211_node *ni) 529{ 530 const struct ieee80211_rateset *rs = &ni->ni_rates; 531 /* NB: assumes rate set is sorted (happens on frame receive) */ 532 return rs->rs_rates[rs->rs_nrates-1] & IEEE80211_RATE_VAL; 533} 534 535/* 536 * Compare the capabilities of two nodes and decide which is 537 * more desirable (return >0 if a is considered better). Note 538 * that we assume compatibility/usability has already been checked 539 * so we don't need to (e.g. validate whether privacy is supported). 540 * Used to select the best scan candidate for association in a BSS. 541 */ 542static int 543ieee80211_node_compare(struct ieee80211com *ic, 544 const struct ieee80211_node *a, 545 const struct ieee80211_node *b) 546{ 547 u_int8_t maxa, maxb; 548 u_int8_t rssia, rssib; 549 550 /* privacy support preferred */ 551 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) && 552 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 553 return 1; 554 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0 && 555 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)) 556 return -1; 557 558 rssia = ic->ic_node_getrssi(a); 559 rssib = ic->ic_node_getrssi(b); 560 if (abs(rssib - rssia) < 5) { 561 /* best/max rate preferred if signal level close enough XXX */ 562 maxa = maxrate(a); 563 maxb = maxrate(b); 564 if (maxa != maxb) 565 return maxa - maxb; 566 /* XXX use freq for channel preference */ 567 /* for now just prefer 5Ghz band to all other bands */ 568 if (IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 569 !IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 570 return 1; 571 if (!IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 572 IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 573 return -1; 574 } 575 /* all things being equal, use signal level */ 576 return rssia - rssib; 577} 578 579/* 580 * Mark an ongoing scan stopped. 581 */ 582void 583ieee80211_cancel_scan(struct ieee80211com *ic) 584{ 585 586 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "%s: end %s scan\n", 587 __func__, 588 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive"); 589 590 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 591} 592 593/* 594 * Complete a scan of potential channels. 595 */ 596void 597ieee80211_end_scan(struct ieee80211com *ic) 598{ 599 struct ieee80211_node_table *nt = &ic->ic_scan; 600 struct ieee80211_node *ni, *selbs; 601 602 ieee80211_cancel_scan(ic); 603 ieee80211_notify_scan_done(ic); 604 605 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 606 u_int8_t maxrssi[IEEE80211_CHAN_MAX]; /* XXX off stack? */ 607 int i, bestchan; 608 u_int8_t rssi; 609 610 /* 611 * The passive scan to look for existing AP's completed, 612 * select a channel to camp on. Identify the channels 613 * that already have one or more AP's and try to locate 614 * an unoccupied one. If that fails, pick a channel that 615 * looks to be quietest. 616 */ 617 memset(maxrssi, 0, sizeof(maxrssi)); 618 IEEE80211_NODE_LOCK(nt); 619 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 620 rssi = ic->ic_node_getrssi(ni); 621 i = ieee80211_chan2ieee(ic, ni->ni_chan); 622 if (rssi > maxrssi[i]) 623 maxrssi[i] = rssi; 624 } 625 IEEE80211_NODE_UNLOCK(nt); 626 /* XXX select channel more intelligently */ 627 bestchan = -1; 628 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 629 if (isset(ic->ic_chan_active, i)) { 630 /* 631 * If the channel is unoccupied the max rssi 632 * should be zero; just take it. Otherwise 633 * track the channel with the lowest rssi and 634 * use that when all channels appear occupied. 635 */ 636 if (maxrssi[i] == 0) { 637 bestchan = i; 638 break; 639 } 640 if (bestchan == -1 || 641 maxrssi[i] < maxrssi[bestchan]) 642 bestchan = i; 643 } 644 if (bestchan != -1) { 645 ieee80211_create_ibss(ic, &ic->ic_channels[bestchan]); 646 return; 647 } 648 /* no suitable channel, should not happen */ 649 } 650 651 /* 652 * When manually sequencing the state machine; scan just once 653 * regardless of whether we have a candidate or not. The 654 * controlling application is expected to setup state and 655 * initiate an association. 656 */ 657 if (ic->ic_roaming == IEEE80211_ROAMING_MANUAL) 658 return; 659 /* 660 * Automatic sequencing; look for a candidate and 661 * if found join the network. 662 */ 663 /* NB: unlocked read should be ok */ 664 if (TAILQ_FIRST(&nt->nt_node) == NULL) { 665 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 666 "%s: no scan candidate\n", __func__); 667 notfound: 668 if (ic->ic_opmode == IEEE80211_M_IBSS && 669 (ic->ic_flags & IEEE80211_F_IBSSON) && 670 ic->ic_des_esslen != 0) { 671 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 672 return; 673 } 674 /* 675 * Reset the list of channels to scan and start again. 676 */ 677 ieee80211_reset_scan(ic); 678 ic->ic_flags |= IEEE80211_F_SCAN; 679 ieee80211_next_scan(ic); 680 return; 681 } 682 selbs = NULL; 683 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "\t%s\n", 684 "macaddr bssid chan rssi rate flag wep essid"); 685 IEEE80211_NODE_LOCK(nt); 686 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 687 if (ni->ni_fails) { 688 /* 689 * The configuration of the access points may change 690 * during my scan. So delete the entry for the AP 691 * and retry to associate if there is another beacon. 692 */ 693 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 694 "%s: skip scan candidate %s, fails %u\n", 695 __func__, ether_sprintf(ni->ni_macaddr), 696 ni->ni_fails); 697 ni->ni_fails++; 698#if 0 699 if (ni->ni_fails++ > 2) 700 ieee80211_free_node(ni); 701#endif 702 continue; 703 } 704 if (ieee80211_match_bss(ic, ni) == 0) { 705 if (selbs == NULL) 706 selbs = ni; 707 else if (ieee80211_node_compare(ic, ni, selbs) > 0) 708 selbs = ni; 709 } 710 } 711 if (selbs != NULL) /* NB: grab ref while dropping lock */ 712 (void) ieee80211_ref_node(selbs); 713 IEEE80211_NODE_UNLOCK(nt); 714 if (selbs == NULL) 715 goto notfound; 716 if (!ieee80211_sta_join(ic, selbs)) { 717 ieee80211_free_node(selbs); 718 goto notfound; 719 } 720} 721 722/* 723 * Handle 802.11 ad hoc network merge. The 724 * convention, set by the Wireless Ethernet Compatibility Alliance 725 * (WECA), is that an 802.11 station will change its BSSID to match 726 * the "oldest" 802.11 ad hoc network, on the same channel, that 727 * has the station's desired SSID. The "oldest" 802.11 network 728 * sends beacons with the greatest TSF timestamp. 729 * 730 * The caller is assumed to validate TSF's before attempting a merge. 731 * 732 * Return !0 if the BSSID changed, 0 otherwise. 733 */ 734int 735ieee80211_ibss_merge(struct ieee80211com *ic, struct ieee80211_node *ni) 736{ 737 738 if (ni == ic->ic_bss || 739 IEEE80211_ADDR_EQ(ni->ni_bssid, ic->ic_bss->ni_bssid)) { 740 /* unchanged, nothing to do */ 741 return 0; 742 } 743 if (ieee80211_match_bss(ic, ni) != 0) { /* capabilities mismatch */ 744 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 745 "%s: merge failed, capabilities mismatch\n", __func__); 746 ic->ic_stats.is_ibss_capmismatch++; 747 return 0; 748 } 749 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 750 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 751 ether_sprintf(ni->ni_bssid), 752 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 753 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 754 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 755 ); 756 return ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 757} 758 759/* 760 * Join the specified IBSS/BSS network. The node is assumed to 761 * be passed in with a held reference. 762 */ 763int 764ieee80211_sta_join(struct ieee80211com *ic, struct ieee80211_node *selbs) 765{ 766 struct ieee80211_node *obss; 767 768 if (ic->ic_opmode == IEEE80211_M_IBSS) { 769 struct ieee80211_node_table *nt; 770 /* 771 * Delete unusable rates; we've already checked 772 * that the negotiated rate set is acceptable. 773 */ 774 ieee80211_fix_rate(selbs, IEEE80211_F_DODEL); 775 /* 776 * Fillin the neighbor table; it will already 777 * exist if we are simply switching mastership. 778 * XXX ic_sta always setup so this is unnecessary? 779 */ 780 nt = &ic->ic_sta; 781 IEEE80211_NODE_LOCK(nt); 782 nt->nt_name = "neighbor"; 783 nt->nt_inact_init = ic->ic_inact_run; 784 IEEE80211_NODE_UNLOCK(nt); 785 } 786 787 /* 788 * Committed to selbs, setup state. 789 */ 790 obss = ic->ic_bss; 791 ic->ic_bss = selbs; /* NB: caller assumed to bump refcnt */ 792 if (obss != NULL) 793 ieee80211_free_node(obss); 794 /* 795 * Set the erp state (mostly the slot time) to deal with 796 * the auto-select case; this should be redundant if the 797 * mode is locked. 798 */ 799 ic->ic_curmode = ieee80211_chan2mode(ic, selbs->ni_chan); 800 ieee80211_reset_erp(ic); 801 ieee80211_wme_initparams(ic); 802 803 if (ic->ic_opmode == IEEE80211_M_STA) 804 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 805 else 806 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 807 return 1; 808} 809 810/* 811 * Leave the specified IBSS/BSS network. The node is assumed to 812 * be passed in with a held reference. 813 */ 814void 815ieee80211_sta_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 816{ 817 ic->ic_node_cleanup(ni); 818 ieee80211_notify_node_leave(ic, ni); 819} 820 821static struct ieee80211_node * 822node_alloc(struct ieee80211_node_table *nt) 823{ 824 struct ieee80211_node *ni; 825 826 MALLOC(ni, struct ieee80211_node *, sizeof(struct ieee80211_node), 827 M_80211_NODE, M_NOWAIT | M_ZERO); 828 return ni; 829} 830 831/* 832 * Reclaim any resources in a node and reset any critical 833 * state. Typically nodes are free'd immediately after, 834 * but in some cases the storage may be reused so we need 835 * to insure consistent state (should probably fix that). 836 */ 837static void 838node_cleanup(struct ieee80211_node *ni) 839{ 840#define N(a) (sizeof(a)/sizeof(a[0])) 841 struct ieee80211com *ic = ni->ni_ic; 842 int i, qlen; 843 844 /* NB: preserve ni_table */ 845 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 846 ic->ic_ps_sta--; 847 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 848 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, 849 "[%s] power save mode off, %u sta's in ps mode\n", 850 ether_sprintf(ni->ni_macaddr), ic->ic_ps_sta); 851 } 852 /* 853 * Clear AREF flag that marks the authorization refcnt bump 854 * has happened. This is probably not needed as the node 855 * should always be removed from the table so not found but 856 * do it just in case. 857 */ 858 ni->ni_flags &= ~IEEE80211_NODE_AREF; 859 860 /* 861 * Drain power save queue and, if needed, clear TIM. 862 */ 863 IEEE80211_NODE_SAVEQ_DRAIN(ni, qlen); 864 if (qlen != 0 && ic->ic_set_tim != NULL) 865 ic->ic_set_tim(ic, ni, 0); 866 867 ni->ni_associd = 0; 868 if (ni->ni_challenge != NULL) { 869 FREE(ni->ni_challenge, M_DEVBUF); 870 ni->ni_challenge = NULL; 871 } 872 /* 873 * Preserve SSID, WPA, and WME ie's so the bss node is 874 * reusable during a re-auth/re-assoc state transition. 875 * If we remove these data they will not be recreated 876 * because they come from a probe-response or beacon frame 877 * which cannot be expected prior to the association-response. 878 * This should not be an issue when operating in other modes 879 * as stations leaving always go through a full state transition 880 * which will rebuild this state. 881 * 882 * XXX does this leave us open to inheriting old state? 883 */ 884 for (i = 0; i < N(ni->ni_rxfrag); i++) 885 if (ni->ni_rxfrag[i] != NULL) { 886 m_freem(ni->ni_rxfrag[i]); 887 ni->ni_rxfrag[i] = NULL; 888 } 889 ieee80211_crypto_delkey(ic, &ni->ni_ucastkey); 890#undef N 891} 892 893static void 894node_free(struct ieee80211_node *ni) 895{ 896 struct ieee80211com *ic = ni->ni_ic; 897 898 ic->ic_node_cleanup(ni); 899 if (ni->ni_wpa_ie != NULL) 900 FREE(ni->ni_wpa_ie, M_DEVBUF); 901 if (ni->ni_wme_ie != NULL) 902 FREE(ni->ni_wme_ie, M_DEVBUF); 903 IEEE80211_NODE_SAVEQ_DESTROY(ni); 904 FREE(ni, M_80211_NODE); 905} 906 907static u_int8_t 908node_getrssi(const struct ieee80211_node *ni) 909{ 910 return ni->ni_rssi; 911} 912 913static void 914ieee80211_setup_node(struct ieee80211_node_table *nt, 915 struct ieee80211_node *ni, const u_int8_t *macaddr) 916{ 917 struct ieee80211com *ic = nt->nt_ic; 918 int hash; 919 920 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 921 "%s %p<%s> in %s table\n", __func__, ni, 922 ether_sprintf(macaddr), nt->nt_name); 923 924 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 925 hash = IEEE80211_NODE_HASH(macaddr); 926 ieee80211_node_initref(ni); /* mark referenced */ 927 ni->ni_chan = IEEE80211_CHAN_ANYC; 928 ni->ni_authmode = IEEE80211_AUTH_OPEN; 929 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 930 ieee80211_crypto_resetkey(ic, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 931 ni->ni_inact_reload = nt->nt_inact_init; 932 ni->ni_inact = ni->ni_inact_reload; 933 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 934 935 IEEE80211_NODE_LOCK(nt); 936 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 937 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 938 ni->ni_table = nt; 939 ni->ni_ic = ic; 940 IEEE80211_NODE_UNLOCK(nt); 941} 942 943struct ieee80211_node * 944ieee80211_alloc_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 945{ 946 struct ieee80211com *ic = nt->nt_ic; 947 struct ieee80211_node *ni; 948 949 ni = ic->ic_node_alloc(nt); 950 if (ni != NULL) 951 ieee80211_setup_node(nt, ni, macaddr); 952 else 953 ic->ic_stats.is_rx_nodealloc++; 954 return ni; 955} 956 957struct ieee80211_node * 958ieee80211_dup_bss(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 959{ 960 struct ieee80211com *ic = nt->nt_ic; 961 struct ieee80211_node *ni; 962 963 ni = ic->ic_node_alloc(nt); 964 if (ni != NULL) { 965 ieee80211_setup_node(nt, ni, macaddr); 966 /* 967 * Inherit from ic_bss. 968 */ 969 ni->ni_authmode = ic->ic_bss->ni_authmode; 970 ni->ni_txpower = ic->ic_bss->ni_txpower; 971 ni->ni_vlan = ic->ic_bss->ni_vlan; /* XXX?? */ 972 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 973 ieee80211_set_chan(ic, ni, ic->ic_bss->ni_chan); 974 ni->ni_rsn = ic->ic_bss->ni_rsn; 975 } else 976 ic->ic_stats.is_rx_nodealloc++; 977 return ni; 978} 979 980static struct ieee80211_node * 981#ifdef IEEE80211_DEBUG_REFCNT 982_ieee80211_find_node_debug(struct ieee80211_node_table *nt, 983 const u_int8_t *macaddr, const char *func, int line) 984#else 985_ieee80211_find_node(struct ieee80211_node_table *nt, 986 const u_int8_t *macaddr) 987#endif 988{ 989 struct ieee80211_node *ni; 990 int hash; 991 992 IEEE80211_NODE_LOCK_ASSERT(nt); 993 994 hash = IEEE80211_NODE_HASH(macaddr); 995 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 996 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 997 ieee80211_ref_node(ni); /* mark referenced */ 998#ifdef IEEE80211_DEBUG_REFCNT 999 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1000 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1001 func, line, 1002 ni, ether_sprintf(ni->ni_macaddr), 1003 ieee80211_node_refcnt(ni)); 1004#endif 1005 return ni; 1006 } 1007 } 1008 return NULL; 1009} 1010#ifdef IEEE80211_DEBUG_REFCNT 1011#define _ieee80211_find_node(nt, mac) \ 1012 _ieee80211_find_node_debug(nt, mac, func, line) 1013#endif 1014 1015struct ieee80211_node * 1016#ifdef IEEE80211_DEBUG_REFCNT 1017ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1018 const u_int8_t *macaddr, const char *func, int line) 1019#else 1020ieee80211_find_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 1021#endif 1022{ 1023 struct ieee80211_node *ni; 1024 1025 IEEE80211_NODE_LOCK(nt); 1026 ni = _ieee80211_find_node(nt, macaddr); 1027 IEEE80211_NODE_UNLOCK(nt); 1028 return ni; 1029} 1030 1031/* 1032 * Fake up a node; this handles node discovery in adhoc mode. 1033 * Note that for the driver's benefit we we treat this like 1034 * an association so the driver has an opportunity to setup 1035 * it's private state. 1036 */ 1037struct ieee80211_node * 1038ieee80211_fakeup_adhoc_node(struct ieee80211_node_table *nt, 1039 const u_int8_t macaddr[IEEE80211_ADDR_LEN]) 1040{ 1041 struct ieee80211com *ic = nt->nt_ic; 1042 struct ieee80211_node *ni; 1043 1044 ni = ieee80211_dup_bss(nt, macaddr); 1045 if (ni != NULL) { 1046 /* XXX no rate negotiation; just dup */ 1047 ni->ni_rates = ic->ic_bss->ni_rates; 1048 if (ic->ic_newassoc != NULL) 1049 ic->ic_newassoc(ic, ni, 1); 1050 /* XXX not right for 802.1x/WPA */ 1051 ieee80211_node_authorize(ic, ni); 1052 } 1053 return ni; 1054} 1055 1056/* 1057 * Locate the node for sender, track state, and then pass the 1058 * (referenced) node up to the 802.11 layer for its use. We 1059 * are required to pass some node so we fall back to ic_bss 1060 * when this frame is from an unknown sender. The 802.11 layer 1061 * knows this means the sender wasn't in the node table and 1062 * acts accordingly. 1063 */ 1064struct ieee80211_node * 1065#ifdef IEEE80211_DEBUG_REFCNT 1066ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1067 const struct ieee80211_frame_min *wh, const char *func, int line) 1068#else 1069ieee80211_find_rxnode(struct ieee80211com *ic, 1070 const struct ieee80211_frame_min *wh) 1071#endif 1072{ 1073#define IS_CTL(wh) \ 1074 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1075#define IS_PSPOLL(wh) \ 1076 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1077 struct ieee80211_node_table *nt; 1078 struct ieee80211_node *ni; 1079 1080 /* XXX may want scanned nodes in the neighbor table for adhoc */ 1081 if (ic->ic_opmode == IEEE80211_M_STA || 1082 ic->ic_opmode == IEEE80211_M_MONITOR || 1083 (ic->ic_flags & IEEE80211_F_SCAN)) 1084 nt = &ic->ic_scan; 1085 else 1086 nt = &ic->ic_sta; 1087 /* XXX check ic_bss first in station mode */ 1088 /* XXX 4-address frames? */ 1089 IEEE80211_NODE_LOCK(nt); 1090 if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/) 1091 ni = _ieee80211_find_node(nt, wh->i_addr1); 1092 else 1093 ni = _ieee80211_find_node(nt, wh->i_addr2); 1094 IEEE80211_NODE_UNLOCK(nt); 1095 1096 return (ni != NULL ? ni : ieee80211_ref_node(ic->ic_bss)); 1097#undef IS_PSPOLL 1098#undef IS_CTL 1099} 1100 1101/* 1102 * Return a reference to the appropriate node for sending 1103 * a data frame. This handles node discovery in adhoc networks. 1104 */ 1105struct ieee80211_node * 1106#ifdef IEEE80211_DEBUG_REFCNT 1107ieee80211_find_txnode_debug(struct ieee80211com *ic, const u_int8_t *macaddr, 1108 const char *func, int line) 1109#else 1110ieee80211_find_txnode(struct ieee80211com *ic, const u_int8_t *macaddr) 1111#endif 1112{ 1113 struct ieee80211_node_table *nt = &ic->ic_sta; 1114 struct ieee80211_node *ni; 1115 1116 /* 1117 * The destination address should be in the node table 1118 * unless we are operating in station mode or this is a 1119 * multicast/broadcast frame. 1120 */ 1121 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 1122 return ieee80211_ref_node(ic->ic_bss); 1123 1124 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1125 IEEE80211_NODE_LOCK(nt); 1126 ni = _ieee80211_find_node(nt, macaddr); 1127 IEEE80211_NODE_UNLOCK(nt); 1128 1129 if (ni == NULL) { 1130 if (ic->ic_opmode == IEEE80211_M_IBSS || 1131 ic->ic_opmode == IEEE80211_M_AHDEMO) { 1132 /* 1133 * In adhoc mode cons up a node for the destination. 1134 * Note that we need an additional reference for the 1135 * caller to be consistent with _ieee80211_find_node. 1136 */ 1137 ni = ieee80211_fakeup_adhoc_node(nt, macaddr); 1138 if (ni != NULL) 1139 (void) ieee80211_ref_node(ni); 1140 } else { 1141 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, 1142 "[%s] no node, discard frame (%s)\n", 1143 ether_sprintf(macaddr), __func__); 1144 ic->ic_stats.is_tx_nonode++; 1145 } 1146 } 1147 return ni; 1148} 1149 1150/* 1151 * Like find but search based on the channel too. 1152 */ 1153struct ieee80211_node * 1154#ifdef IEEE80211_DEBUG_REFCNT 1155ieee80211_find_node_with_channel_debug(struct ieee80211_node_table *nt, 1156 const u_int8_t *macaddr, struct ieee80211_channel *chan, 1157 const char *func, int line) 1158#else 1159ieee80211_find_node_with_channel(struct ieee80211_node_table *nt, 1160 const u_int8_t *macaddr, struct ieee80211_channel *chan) 1161#endif 1162{ 1163 struct ieee80211_node *ni; 1164 int hash; 1165 1166 hash = IEEE80211_NODE_HASH(macaddr); 1167 IEEE80211_NODE_LOCK(nt); 1168 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1169 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1170 ni->ni_chan == chan) { 1171 ieee80211_ref_node(ni); /* mark referenced */ 1172 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1173#ifdef IEEE80211_DEBUG_REFCNT 1174 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1175 func, line, 1176#else 1177 "%s %p<%s> refcnt %d\n", __func__, 1178#endif 1179 ni, ether_sprintf(ni->ni_macaddr), 1180 ieee80211_node_refcnt(ni)); 1181 break; 1182 } 1183 } 1184 IEEE80211_NODE_UNLOCK(nt); 1185 return ni; 1186} 1187 1188/* 1189 * Like find but search based on the ssid too. 1190 */ 1191struct ieee80211_node * 1192#ifdef IEEE80211_DEBUG_REFCNT 1193ieee80211_find_node_with_ssid_debug(struct ieee80211_node_table *nt, 1194 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid, 1195 const char *func, int line) 1196#else 1197ieee80211_find_node_with_ssid(struct ieee80211_node_table *nt, 1198 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid) 1199#endif 1200{ 1201#define MATCH_SSID(ni, ssid, ssidlen) \ 1202 (ni->ni_esslen == ssidlen && memcmp(ni->ni_essid, ssid, ssidlen) == 0) 1203 static const u_int8_t zeromac[IEEE80211_ADDR_LEN]; 1204 struct ieee80211com *ic = nt->nt_ic; 1205 struct ieee80211_node *ni; 1206 int hash; 1207 1208 IEEE80211_NODE_LOCK(nt); 1209 /* 1210 * A mac address that is all zero means match only the ssid; 1211 * otherwise we must match both. 1212 */ 1213 if (IEEE80211_ADDR_EQ(macaddr, zeromac)) { 1214 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1215 if (MATCH_SSID(ni, ssid, ssidlen)) 1216 break; 1217 } 1218 } else { 1219 hash = IEEE80211_NODE_HASH(macaddr); 1220 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1221 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1222 MATCH_SSID(ni, ssid, ssidlen)) 1223 break; 1224 } 1225 } 1226 if (ni != NULL) { 1227 ieee80211_ref_node(ni); /* mark referenced */ 1228 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1229#ifdef IEEE80211_DEBUG_REFCNT 1230 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1231 func, line, 1232#else 1233 "%s %p<%s> refcnt %d\n", __func__, 1234#endif 1235 ni, ether_sprintf(ni->ni_macaddr), 1236 ieee80211_node_refcnt(ni)); 1237 } 1238 IEEE80211_NODE_UNLOCK(nt); 1239 return ni; 1240#undef MATCH_SSID 1241} 1242 1243static void 1244_ieee80211_free_node(struct ieee80211_node *ni) 1245{ 1246 struct ieee80211com *ic = ni->ni_ic; 1247 struct ieee80211_node_table *nt = ni->ni_table; 1248 1249 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1250 "%s %p<%s> in %s table\n", __func__, ni, 1251 ether_sprintf(ni->ni_macaddr), 1252 nt != NULL ? nt->nt_name : "<gone>"); 1253 1254 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1255 if (nt != NULL) { 1256 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1257 LIST_REMOVE(ni, ni_hash); 1258 } 1259 ic->ic_node_free(ni); 1260} 1261 1262void 1263#ifdef IEEE80211_DEBUG_REFCNT 1264ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1265#else 1266ieee80211_free_node(struct ieee80211_node *ni) 1267#endif 1268{ 1269 struct ieee80211_node_table *nt = ni->ni_table; 1270 1271#ifdef IEEE80211_DEBUG_REFCNT 1272 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1273 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1274 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1275#endif 1276 if (ieee80211_node_dectestref(ni)) { 1277 /* 1278 * Beware; if the node is marked gone then it's already 1279 * been removed from the table and we cannot assume the 1280 * table still exists. Regardless, there's no need to lock 1281 * the table. 1282 */ 1283 if (ni->ni_table != NULL) { 1284 IEEE80211_NODE_LOCK(nt); 1285 _ieee80211_free_node(ni); 1286 IEEE80211_NODE_UNLOCK(nt); 1287 } else 1288 _ieee80211_free_node(ni); 1289 } 1290} 1291 1292/* 1293 * Reclaim a node. If this is the last reference count then 1294 * do the normal free work. Otherwise remove it from the node 1295 * table and mark it gone by clearing the back-reference. 1296 */ 1297static void 1298node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1299{ 1300 1301 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1302 "%s: remove %p<%s> from %s table, refcnt %d\n", 1303 __func__, ni, ether_sprintf(ni->ni_macaddr), 1304 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1305 if (!ieee80211_node_dectestref(ni)) { 1306 /* 1307 * Other references are present, just remove the 1308 * node from the table so it cannot be found. When 1309 * the references are dropped storage will be 1310 * reclaimed. 1311 */ 1312 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1313 LIST_REMOVE(ni, ni_hash); 1314 ni->ni_table = NULL; /* clear reference */ 1315 } else 1316 _ieee80211_free_node(ni); 1317} 1318 1319static void 1320ieee80211_free_allnodes_locked(struct ieee80211_node_table *nt) 1321{ 1322 struct ieee80211com *ic = nt->nt_ic; 1323 struct ieee80211_node *ni; 1324 1325 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1326 "%s: free all nodes in %s table\n", __func__, nt->nt_name); 1327 1328 while ((ni = TAILQ_FIRST(&nt->nt_node)) != NULL) { 1329 if (ni->ni_associd != 0) { 1330 if (ic->ic_auth->ia_node_leave != NULL) 1331 ic->ic_auth->ia_node_leave(ic, ni); 1332 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1333 } 1334 node_reclaim(nt, ni); 1335 } 1336 ieee80211_reset_erp(ic); 1337} 1338 1339static void 1340ieee80211_free_allnodes(struct ieee80211_node_table *nt) 1341{ 1342 1343 IEEE80211_NODE_LOCK(nt); 1344 ieee80211_free_allnodes_locked(nt); 1345 IEEE80211_NODE_UNLOCK(nt); 1346} 1347 1348/* 1349 * Timeout entries in the scan cache. 1350 */ 1351static void 1352ieee80211_timeout_scan_candidates(struct ieee80211_node_table *nt) 1353{ 1354 struct ieee80211com *ic = nt->nt_ic; 1355 struct ieee80211_node *ni, *tni; 1356 1357 IEEE80211_NODE_LOCK(nt); 1358 ni = ic->ic_bss; 1359 /* XXX belongs elsewhere */ 1360 if (ni->ni_rxfrag[0] != NULL && ticks > ni->ni_rxfragstamp + hz) { 1361 m_freem(ni->ni_rxfrag[0]); 1362 ni->ni_rxfrag[0] = NULL; 1363 } 1364 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, tni) { 1365 if (ni->ni_inact && --ni->ni_inact == 0) { 1366 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1367 "[%s] scan candidate purged from cache " 1368 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1369 ieee80211_node_refcnt(ni)); 1370 node_reclaim(nt, ni); 1371 } 1372 } 1373 IEEE80211_NODE_UNLOCK(nt); 1374 1375 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1376} 1377 1378/* 1379 * Timeout inactive stations and do related housekeeping. 1380 * Note that we cannot hold the node lock while sending a 1381 * frame as this would lead to a LOR. Instead we use a 1382 * generation number to mark nodes that we've scanned and 1383 * drop the lock and restart a scan if we have to time out 1384 * a node. Since we are single-threaded by virtue of 1385 * controlling the inactivity timer we can be sure this will 1386 * process each node only once. 1387 */ 1388static void 1389ieee80211_timeout_stations(struct ieee80211_node_table *nt) 1390{ 1391 struct ieee80211com *ic = nt->nt_ic; 1392 struct ieee80211_node *ni; 1393 u_int gen; 1394 1395 IEEE80211_SCAN_LOCK(nt); 1396 gen = nt->nt_scangen++; 1397 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1398 "%s: %s scangen %u\n", __func__, nt->nt_name, gen); 1399restart: 1400 IEEE80211_NODE_LOCK(nt); 1401 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1402 if (ni->ni_scangen == gen) /* previously handled */ 1403 continue; 1404 ni->ni_scangen = gen; 1405 /* 1406 * Ignore entries for which have yet to receive an 1407 * authentication frame. These are transient and 1408 * will be reclaimed when the last reference to them 1409 * goes away (when frame xmits complete). 1410 */ 1411 if ((ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1412 continue; 1413 /* 1414 * Free fragment if not needed anymore 1415 * (last fragment older than 1s). 1416 * XXX doesn't belong here 1417 */ 1418 if (ni->ni_rxfrag[0] != NULL && 1419 ticks > ni->ni_rxfragstamp + hz) { 1420 m_freem(ni->ni_rxfrag[0]); 1421 ni->ni_rxfrag[0] = NULL; 1422 } 1423 /* 1424 * Special case ourself; we may be idle for extended periods 1425 * of time and regardless reclaiming our state is wrong. 1426 */ 1427 if (ni == ic->ic_bss) 1428 continue; 1429 ni->ni_inact--; 1430 if (ni->ni_associd != 0) { 1431 /* 1432 * Age frames on the power save queue. The 1433 * aging interval is 4 times the listen 1434 * interval specified by the station. This 1435 * number is factored into the age calculations 1436 * when the frame is placed on the queue. We 1437 * store ages as time differences we can check 1438 * and/or adjust only the head of the list. 1439 */ 1440 if (IEEE80211_NODE_SAVEQ_QLEN(ni) != 0) { 1441 struct mbuf *m; 1442 int discard = 0; 1443 1444 IEEE80211_NODE_SAVEQ_LOCK(ni); 1445 while (IF_POLL(&ni->ni_savedq, m) != NULL && 1446 M_AGE_GET(m) < IEEE80211_INACT_WAIT) { 1447IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, "[%s] discard frame, age %u\n", ether_sprintf(ni->ni_macaddr), M_AGE_GET(m));/*XXX*/ 1448 _IEEE80211_NODE_SAVEQ_DEQUEUE_HEAD(ni, m); 1449 m_freem(m); 1450 discard++; 1451 } 1452 if (m != NULL) 1453 M_AGE_SUB(m, IEEE80211_INACT_WAIT); 1454 IEEE80211_NODE_SAVEQ_UNLOCK(ni); 1455 1456 if (discard != 0) { 1457 IEEE80211_DPRINTF(ic, 1458 IEEE80211_MSG_POWER, 1459 "[%s] discard %u frames for age\n", 1460 ether_sprintf(ni->ni_macaddr), 1461 discard); 1462 IEEE80211_NODE_STAT_ADD(ni, 1463 ps_discard, discard); 1464 if (IEEE80211_NODE_SAVEQ_QLEN(ni) == 0) 1465 ic->ic_set_tim(ic, ni, 0); 1466 } 1467 } 1468 /* 1469 * Probe the station before time it out. We 1470 * send a null data frame which may not be 1471 * universally supported by drivers (need it 1472 * for ps-poll support so it should be...). 1473 */ 1474 if (0 < ni->ni_inact && 1475 ni->ni_inact <= ic->ic_inact_probe) { 1476 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1477 "[%s] probe station due to inactivity\n", 1478 ether_sprintf(ni->ni_macaddr)); 1479 IEEE80211_NODE_UNLOCK(nt); 1480 ieee80211_send_nulldata(ic, ni); 1481 /* XXX stat? */ 1482 goto restart; 1483 } 1484 } 1485 if (ni->ni_inact <= 0) { 1486 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1487 "[%s] station timed out due to inactivity " 1488 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1489 ieee80211_node_refcnt(ni)); 1490 /* 1491 * Send a deauthenticate frame and drop the station. 1492 * This is somewhat complicated due to reference counts 1493 * and locking. At this point a station will typically 1494 * have a reference count of 1. ieee80211_node_leave 1495 * will do a "free" of the node which will drop the 1496 * reference count. But in the meantime a reference 1497 * wil be held by the deauth frame. The actual reclaim 1498 * of the node will happen either after the tx is 1499 * completed or by ieee80211_node_leave. 1500 * 1501 * Separately we must drop the node lock before sending 1502 * in case the driver takes a lock, as this will result 1503 * in LOR between the node lock and the driver lock. 1504 */ 1505 IEEE80211_NODE_UNLOCK(nt); 1506 if (ni->ni_associd != 0) { 1507 IEEE80211_SEND_MGMT(ic, ni, 1508 IEEE80211_FC0_SUBTYPE_DEAUTH, 1509 IEEE80211_REASON_AUTH_EXPIRE); 1510 } 1511 ieee80211_node_leave(ic, ni); 1512 ic->ic_stats.is_node_timeout++; 1513 goto restart; 1514 } 1515 } 1516 IEEE80211_NODE_UNLOCK(nt); 1517 1518 IEEE80211_SCAN_UNLOCK(nt); 1519 1520 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1521} 1522 1523void 1524ieee80211_iterate_nodes(struct ieee80211_node_table *nt, ieee80211_iter_func *f, void *arg) 1525{ 1526 struct ieee80211_node *ni; 1527 u_int gen; 1528 1529 IEEE80211_SCAN_LOCK(nt); 1530 gen = nt->nt_scangen++; 1531restart: 1532 IEEE80211_NODE_LOCK(nt); 1533 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1534 if (ni->ni_scangen != gen) { 1535 ni->ni_scangen = gen; 1536 (void) ieee80211_ref_node(ni); 1537 IEEE80211_NODE_UNLOCK(nt); 1538 (*f)(arg, ni); 1539 ieee80211_free_node(ni); 1540 goto restart; 1541 } 1542 } 1543 IEEE80211_NODE_UNLOCK(nt); 1544 1545 IEEE80211_SCAN_UNLOCK(nt); 1546} 1547 1548void 1549ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1550{ 1551 printf("0x%p: mac %s refcnt %d\n", ni, 1552 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 1553 printf("\tscangen %u authmode %u flags 0x%x\n", 1554 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 1555 printf("\tassocid 0x%x txpower %u vlan %u\n", 1556 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 1557 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 1558 ni->ni_txseqs[0], 1559 ni->ni_rxseqs[0] >> IEEE80211_SEQ_SEQ_SHIFT, 1560 ni->ni_rxseqs[0] & IEEE80211_SEQ_FRAG_MASK, 1561 ni->ni_rxfragstamp); 1562 printf("\trstamp %u rssi %u intval %u capinfo 0x%x\n", 1563 ni->ni_rstamp, ni->ni_rssi, ni->ni_intval, ni->ni_capinfo); 1564 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 1565 ether_sprintf(ni->ni_bssid), 1566 ni->ni_esslen, ni->ni_essid, 1567 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 1568 printf("\tfails %u inact %u txrate %u\n", 1569 ni->ni_fails, ni->ni_inact, ni->ni_txrate); 1570} 1571 1572void 1573ieee80211_dump_nodes(struct ieee80211_node_table *nt) 1574{ 1575 ieee80211_iterate_nodes(nt, 1576 (ieee80211_iter_func *) ieee80211_dump_node, nt); 1577} 1578 1579/* 1580 * Handle a station joining an 11g network. 1581 */ 1582static void 1583ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1584{ 1585 1586 /* 1587 * Station isn't capable of short slot time. Bump 1588 * the count of long slot time stations and disable 1589 * use of short slot time. Note that the actual switch 1590 * over to long slot time use may not occur until the 1591 * next beacon transmission (per sec. 7.3.1.4 of 11g). 1592 */ 1593 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 1594 ic->ic_longslotsta++; 1595 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1596 "[%s] station needs long slot time, count %d\n", 1597 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 1598 /* XXX vap's w/ conflicting needs won't work */ 1599 ieee80211_set_shortslottime(ic, 0); 1600 } 1601 /* 1602 * If the new station is not an ERP station 1603 * then bump the counter and enable protection 1604 * if configured. 1605 */ 1606 if (!ieee80211_iserp_rateset(ic, &ni->ni_rates)) { 1607 ic->ic_nonerpsta++; 1608 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1609 "[%s] station is !ERP, %d non-ERP stations associated\n", 1610 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 1611 /* 1612 * If protection is configured, enable it. 1613 */ 1614 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 1615 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1616 "%s: enable use of protection\n", __func__); 1617 ic->ic_flags |= IEEE80211_F_USEPROT; 1618 } 1619 /* 1620 * If station does not support short preamble 1621 * then we must enable use of Barker preamble. 1622 */ 1623 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 1624 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1625 "[%s] station needs long preamble\n", 1626 ether_sprintf(ni->ni_macaddr)); 1627 ic->ic_flags |= IEEE80211_F_USEBARKER; 1628 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 1629 } 1630 } else 1631 ni->ni_flags |= IEEE80211_NODE_ERP; 1632} 1633 1634void 1635ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, int resp) 1636{ 1637 int newassoc; 1638 1639 if (ni->ni_associd == 0) { 1640 u_int16_t aid; 1641 1642 /* 1643 * It would be good to search the bitmap 1644 * more efficiently, but this will do for now. 1645 */ 1646 for (aid = 1; aid < ic->ic_max_aid; aid++) { 1647 if (!IEEE80211_AID_ISSET(aid, 1648 ic->ic_aid_bitmap)) 1649 break; 1650 } 1651 if (aid >= ic->ic_max_aid) { 1652 IEEE80211_SEND_MGMT(ic, ni, resp, 1653 IEEE80211_REASON_ASSOC_TOOMANY); 1654 ieee80211_node_leave(ic, ni); 1655 return; 1656 } 1657 ni->ni_associd = aid | 0xc000; 1658 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 1659 ic->ic_sta_assoc++; 1660 newassoc = 1; 1661 if (ic->ic_curmode == IEEE80211_MODE_11G || 1662 ic->ic_curmode == IEEE80211_MODE_TURBO_G) 1663 ieee80211_node_join_11g(ic, ni); 1664 } else 1665 newassoc = 0; 1666 1667 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 1668 "[%s] station %sassociated at aid %d: %s preamble, %s slot time%s%s\n", 1669 ether_sprintf(ni->ni_macaddr), newassoc ? "" : "re", 1670 IEEE80211_NODE_AID(ni), 1671 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 1672 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 1673 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 1674 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "" 1675 ); 1676 1677 /* give driver a chance to setup state like ni_txrate */ 1678 if (ic->ic_newassoc != NULL) 1679 ic->ic_newassoc(ic, ni, newassoc); 1680 ni->ni_inact_reload = ic->ic_inact_auth; 1681 ni->ni_inact = ni->ni_inact_reload; 1682 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 1683 /* tell the authenticator about new station */ 1684 if (ic->ic_auth->ia_node_join != NULL) 1685 ic->ic_auth->ia_node_join(ic, ni); 1686 ieee80211_notify_node_join(ic, ni, newassoc); 1687} 1688 1689/* 1690 * Handle a station leaving an 11g network. 1691 */ 1692static void 1693ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1694{ 1695 1696 KASSERT(ic->ic_curmode == IEEE80211_MODE_11G || 1697 ic->ic_curmode == IEEE80211_MODE_TURBO_G, 1698 ("not in 11g, curmode %x", ic->ic_curmode)); 1699 1700 /* 1701 * If a long slot station do the slot time bookkeeping. 1702 */ 1703 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 1704 KASSERT(ic->ic_longslotsta > 0, 1705 ("bogus long slot station count %d", ic->ic_longslotsta)); 1706 ic->ic_longslotsta--; 1707 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1708 "[%s] long slot time station leaves, count now %d\n", 1709 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 1710 if (ic->ic_longslotsta == 0) { 1711 /* 1712 * Re-enable use of short slot time if supported 1713 * and not operating in IBSS mode (per spec). 1714 */ 1715 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 1716 ic->ic_opmode != IEEE80211_M_IBSS) { 1717 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1718 "%s: re-enable use of short slot time\n", 1719 __func__); 1720 ieee80211_set_shortslottime(ic, 1); 1721 } 1722 } 1723 } 1724 /* 1725 * If a non-ERP station do the protection-related bookkeeping. 1726 */ 1727 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 1728 KASSERT(ic->ic_nonerpsta > 0, 1729 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 1730 ic->ic_nonerpsta--; 1731 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1732 "[%s] non-ERP station leaves, count now %d\n", 1733 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 1734 if (ic->ic_nonerpsta == 0) { 1735 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1736 "%s: disable use of protection\n", __func__); 1737 ic->ic_flags &= ~IEEE80211_F_USEPROT; 1738 /* XXX verify mode? */ 1739 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 1740 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1741 "%s: re-enable use of short preamble\n", 1742 __func__); 1743 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 1744 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 1745 } 1746 } 1747 } 1748} 1749 1750/* 1751 * Handle bookkeeping for station deauthentication/disassociation 1752 * when operating as an ap. 1753 */ 1754void 1755ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 1756{ 1757 struct ieee80211_node_table *nt = ni->ni_table; 1758 1759 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 1760 "[%s] station with aid %d leaves\n", 1761 ether_sprintf(ni->ni_macaddr), IEEE80211_NODE_AID(ni)); 1762 1763 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 1764 ic->ic_opmode == IEEE80211_M_IBSS || 1765 ic->ic_opmode == IEEE80211_M_AHDEMO, 1766 ("unexpected operating mode %u", ic->ic_opmode)); 1767 /* 1768 * If node wasn't previously associated all 1769 * we need to do is reclaim the reference. 1770 */ 1771 /* XXX ibss mode bypasses 11g and notification */ 1772 if (ni->ni_associd == 0) 1773 goto done; 1774 /* 1775 * Tell the authenticator the station is leaving. 1776 * Note that we must do this before yanking the 1777 * association id as the authenticator uses the 1778 * associd to locate it's state block. 1779 */ 1780 if (ic->ic_auth->ia_node_leave != NULL) 1781 ic->ic_auth->ia_node_leave(ic, ni); 1782 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1783 ni->ni_associd = 0; 1784 ic->ic_sta_assoc--; 1785 1786 if (ic->ic_curmode == IEEE80211_MODE_11G || 1787 ic->ic_curmode == IEEE80211_MODE_TURBO_G) 1788 ieee80211_node_leave_11g(ic, ni); 1789 /* 1790 * Cleanup station state. In particular clear various 1791 * state that might otherwise be reused if the node 1792 * is reused before the reference count goes to zero 1793 * (and memory is reclaimed). 1794 */ 1795 ieee80211_sta_leave(ic, ni); 1796done: 1797 /* 1798 * Remove the node from any table it's recorded in and 1799 * drop the caller's reference. Removal from the table 1800 * is important to insure the node is not reprocessed 1801 * for inactivity. 1802 */ 1803 if (nt != NULL) { 1804 IEEE80211_NODE_LOCK(nt); 1805 node_reclaim(nt, ni); 1806 IEEE80211_NODE_UNLOCK(nt); 1807 } else 1808 ieee80211_free_node(ni); 1809} 1810 1811u_int8_t 1812ieee80211_getrssi(struct ieee80211com *ic) 1813{ 1814#define NZ(x) ((x) == 0 ? 1 : (x)) 1815 struct ieee80211_node_table *nt = &ic->ic_sta; 1816 u_int32_t rssi_samples, rssi_total; 1817 struct ieee80211_node *ni; 1818 1819 rssi_total = 0; 1820 rssi_samples = 0; 1821 switch (ic->ic_opmode) { 1822 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 1823 /* XXX locking */ 1824 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 1825 if (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) { 1826 rssi_samples++; 1827 rssi_total += ic->ic_node_getrssi(ni); 1828 } 1829 break; 1830 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 1831 /* XXX locking */ 1832 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1833 rssi_samples++; 1834 rssi_total += ic->ic_node_getrssi(ni); 1835 } 1836 break; 1837 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 1838 /* XXX locking */ 1839 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 1840 if (IEEE80211_AID(ni->ni_associd) != 0) { 1841 rssi_samples++; 1842 rssi_total += ic->ic_node_getrssi(ni); 1843 } 1844 break; 1845 case IEEE80211_M_MONITOR: /* XXX */ 1846 case IEEE80211_M_STA: /* use stats from associated ap */ 1847 default: 1848 if (ic->ic_bss != NULL) 1849 rssi_total = ic->ic_node_getrssi(ic->ic_bss); 1850 rssi_samples = 1; 1851 break; 1852 } 1853 return rssi_total / NZ(rssi_samples); 1854#undef NZ 1855} 1856 1857/* 1858 * Indicate whether there are frames queued for a station in power-save mode. 1859 */ 1860static void 1861ieee80211_set_tim(struct ieee80211com *ic, struct ieee80211_node *ni, int set) 1862{ 1863 u_int16_t aid; 1864 1865 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 1866 ic->ic_opmode == IEEE80211_M_IBSS, 1867 ("operating mode %u", ic->ic_opmode)); 1868 1869 aid = IEEE80211_AID(ni->ni_associd); 1870 KASSERT(aid < ic->ic_max_aid, 1871 ("bogus aid %u, max %u", aid, ic->ic_max_aid)); 1872 1873 IEEE80211_BEACON_LOCK(ic); 1874 if (set != (isset(ic->ic_tim_bitmap, aid) != 0)) { 1875 if (set) { 1876 setbit(ic->ic_tim_bitmap, aid); 1877 ic->ic_ps_pending++; 1878 } else { 1879 clrbit(ic->ic_tim_bitmap, aid); 1880 ic->ic_ps_pending--; 1881 } 1882 ic->ic_flags |= IEEE80211_F_TIMUPDATE; 1883 } 1884 IEEE80211_BEACON_UNLOCK(ic); 1885} 1886 1887/* 1888 * Node table support. 1889 */ 1890 1891static void 1892ieee80211_node_table_init(struct ieee80211com *ic, 1893 struct ieee80211_node_table *nt, 1894 const char *name, int inact, 1895 void (*timeout)(struct ieee80211_node_table *)) 1896{ 1897 1898 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1899 "%s %s table, inact %u\n", __func__, name, inact); 1900 1901 nt->nt_ic = ic; 1902 /* XXX need unit */ 1903 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_ifp->if_xname); 1904 IEEE80211_SCAN_LOCK_INIT(nt, ic->ic_ifp->if_xname); 1905 TAILQ_INIT(&nt->nt_node); 1906 nt->nt_name = name; 1907 nt->nt_scangen = 1; 1908 nt->nt_inact_init = inact; 1909 nt->nt_timeout = timeout; 1910} 1911 1912void 1913ieee80211_node_table_reset(struct ieee80211_node_table *nt) 1914{ 1915 1916 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1917 "%s %s table\n", __func__, nt->nt_name); 1918 1919 IEEE80211_NODE_LOCK(nt); 1920 nt->nt_inact_timer = 0; 1921 ieee80211_free_allnodes_locked(nt); 1922 IEEE80211_NODE_UNLOCK(nt); 1923} 1924 1925static void 1926ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 1927{ 1928 1929 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1930 "%s %s table\n", __func__, nt->nt_name); 1931 1932 ieee80211_free_allnodes_locked(nt); 1933 IEEE80211_SCAN_LOCK_DESTROY(nt); 1934 IEEE80211_NODE_LOCK_DESTROY(nt); 1935} 1936