ieee80211_node.c revision 191015
1/*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> 28__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_node.c 191015 2009-04-13 20:45:29Z sam $"); 29 30#include "opt_wlan.h" 31 32#include <sys/param.h> 33#include <sys/systm.h> 34#include <sys/mbuf.h> 35#include <sys/malloc.h> 36#include <sys/kernel.h> 37 38#include <sys/socket.h> 39 40#include <net/if.h> 41#include <net/if_media.h> 42#include <net/ethernet.h> 43 44#include <net80211/ieee80211_var.h> 45#include <net80211/ieee80211_input.h> 46#ifdef IEEE80211_SUPPORT_SUPERG 47#include <net80211/ieee80211_superg.h> 48#endif 49#ifdef IEEE80211_SUPPORT_TDMA 50#include <net80211/ieee80211_tdma.h> 51#endif 52#include <net80211/ieee80211_wds.h> 53 54#include <net/bpf.h> 55 56/* 57 * Association id's are managed with a bit vector. 58 */ 59#define IEEE80211_AID_SET(_vap, b) \ 60 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \ 61 (1 << (IEEE80211_AID(b) % 32))) 62#define IEEE80211_AID_CLR(_vap, b) \ 63 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \ 64 ~(1 << (IEEE80211_AID(b) % 32))) 65#define IEEE80211_AID_ISSET(_vap, b) \ 66 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 67 68#ifdef IEEE80211_DEBUG_REFCNT 69#define REFCNT_LOC "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line 70#else 71#define REFCNT_LOC "%s %p<%s> refcnt %d\n", __func__ 72#endif 73 74static int ieee80211_sta_join1(struct ieee80211_node *); 75 76static struct ieee80211_node *node_alloc(struct ieee80211vap *, 77 const uint8_t [IEEE80211_ADDR_LEN]); 78static void node_cleanup(struct ieee80211_node *); 79static void node_free(struct ieee80211_node *); 80static void node_age(struct ieee80211_node *); 81static int8_t node_getrssi(const struct ieee80211_node *); 82static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *); 83static void node_getmimoinfo(const struct ieee80211_node *, 84 struct ieee80211_mimo_info *); 85 86static void _ieee80211_free_node(struct ieee80211_node *); 87 88static void ieee80211_node_table_init(struct ieee80211com *ic, 89 struct ieee80211_node_table *nt, const char *name, 90 int inact, int keymaxix); 91static void ieee80211_node_table_reset(struct ieee80211_node_table *, 92 struct ieee80211vap *); 93static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 94static void ieee80211_erp_timeout(struct ieee80211com *); 95 96MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 97MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie"); 98 99void 100ieee80211_node_attach(struct ieee80211com *ic) 101{ 102 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 103 IEEE80211_INACT_INIT, ic->ic_max_keyix); 104 callout_init(&ic->ic_inact, CALLOUT_MPSAFE); 105 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 106 ieee80211_node_timeout, ic); 107 108 ic->ic_node_alloc = node_alloc; 109 ic->ic_node_free = node_free; 110 ic->ic_node_cleanup = node_cleanup; 111 ic->ic_node_age = node_age; 112 ic->ic_node_drain = node_age; /* NB: same as age */ 113 ic->ic_node_getrssi = node_getrssi; 114 ic->ic_node_getsignal = node_getsignal; 115 ic->ic_node_getmimoinfo = node_getmimoinfo; 116 117 /* 118 * Set flags to be propagated to all vap's; 119 * these define default behaviour/configuration. 120 */ 121 ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */ 122} 123 124void 125ieee80211_node_detach(struct ieee80211com *ic) 126{ 127 128 callout_drain(&ic->ic_inact); 129 ieee80211_node_table_cleanup(&ic->ic_sta); 130} 131 132void 133ieee80211_node_vattach(struct ieee80211vap *vap) 134{ 135 /* NB: driver can override */ 136 vap->iv_max_aid = IEEE80211_AID_DEF; 137 138 /* default station inactivity timer setings */ 139 vap->iv_inact_init = IEEE80211_INACT_INIT; 140 vap->iv_inact_auth = IEEE80211_INACT_AUTH; 141 vap->iv_inact_run = IEEE80211_INACT_RUN; 142 vap->iv_inact_probe = IEEE80211_INACT_PROBE; 143 144 IEEE80211_DPRINTF(vap, IEEE80211_MSG_INACT, 145 "%s: init %u auth %u run %u probe %u\n", __func__, 146 vap->iv_inact_init, vap->iv_inact_auth, 147 vap->iv_inact_run, vap->iv_inact_probe); 148} 149 150void 151ieee80211_node_latevattach(struct ieee80211vap *vap) 152{ 153 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 154 /* XXX should we allow max aid to be zero? */ 155 if (vap->iv_max_aid < IEEE80211_AID_MIN) { 156 vap->iv_max_aid = IEEE80211_AID_MIN; 157 if_printf(vap->iv_ifp, 158 "WARNING: max aid too small, changed to %d\n", 159 vap->iv_max_aid); 160 } 161 vap->iv_aid_bitmap = (uint32_t *) malloc( 162 howmany(vap->iv_max_aid, 32) * sizeof(uint32_t), 163 M_80211_NODE, M_NOWAIT | M_ZERO); 164 if (vap->iv_aid_bitmap == NULL) { 165 /* XXX no way to recover */ 166 printf("%s: no memory for AID bitmap, max aid %d!\n", 167 __func__, vap->iv_max_aid); 168 vap->iv_max_aid = 0; 169 } 170 } 171 172 ieee80211_reset_bss(vap); 173 174 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode); 175} 176 177void 178ieee80211_node_vdetach(struct ieee80211vap *vap) 179{ 180 struct ieee80211com *ic = vap->iv_ic; 181 182 ieee80211_node_table_reset(&ic->ic_sta, vap); 183 if (vap->iv_bss != NULL) { 184 ieee80211_free_node(vap->iv_bss); 185 vap->iv_bss = NULL; 186 } 187 if (vap->iv_aid_bitmap != NULL) { 188 free(vap->iv_aid_bitmap, M_80211_NODE); 189 vap->iv_aid_bitmap = NULL; 190 } 191} 192 193/* 194 * Port authorize/unauthorize interfaces for use by an authenticator. 195 */ 196 197void 198ieee80211_node_authorize(struct ieee80211_node *ni) 199{ 200 struct ieee80211vap *vap = ni->ni_vap; 201 202 ni->ni_flags |= IEEE80211_NODE_AUTH; 203 ni->ni_inact_reload = vap->iv_inact_run; 204 ni->ni_inact = ni->ni_inact_reload; 205 206 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 207 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 208} 209 210void 211ieee80211_node_unauthorize(struct ieee80211_node *ni) 212{ 213 struct ieee80211vap *vap = ni->ni_vap; 214 215 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 216 ni->ni_inact_reload = vap->iv_inact_auth; 217 if (ni->ni_inact > ni->ni_inact_reload) 218 ni->ni_inact = ni->ni_inact_reload; 219 220 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 221 "%s: inact_reload %u inact %u", __func__, 222 ni->ni_inact_reload, ni->ni_inact); 223} 224 225/* 226 * Fix tx parameters for a node according to ``association state''. 227 */ 228static void 229node_setuptxparms(struct ieee80211_node *ni) 230{ 231 struct ieee80211vap *vap = ni->ni_vap; 232 enum ieee80211_phymode mode; 233 234 if (ni->ni_flags & IEEE80211_NODE_HT) { 235 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) 236 mode = IEEE80211_MODE_11NA; 237 else 238 mode = IEEE80211_MODE_11NG; 239 } else { /* legacy rate handling */ 240 if (IEEE80211_IS_CHAN_ST(ni->ni_chan)) 241 mode = IEEE80211_MODE_STURBO_A; 242 else if (IEEE80211_IS_CHAN_HALF(ni->ni_chan)) 243 mode = IEEE80211_MODE_HALF; 244 else if (IEEE80211_IS_CHAN_QUARTER(ni->ni_chan)) 245 mode = IEEE80211_MODE_QUARTER; 246 /* NB: 108A should be handled as 11a */ 247 else if (IEEE80211_IS_CHAN_A(ni->ni_chan)) 248 mode = IEEE80211_MODE_11A; 249 else if (IEEE80211_IS_CHAN_108G(ni->ni_chan) || 250 (ni->ni_flags & IEEE80211_NODE_ERP)) 251 mode = IEEE80211_MODE_11G; 252 else 253 mode = IEEE80211_MODE_11B; 254 } 255 ni->ni_txparms = &vap->iv_txparms[mode]; 256} 257 258/* 259 * Set/change the channel. The rate set is also updated as 260 * to insure a consistent view by drivers. 261 * XXX should be private but hostap needs it to deal with CSA 262 */ 263void 264ieee80211_node_set_chan(struct ieee80211_node *ni, 265 struct ieee80211_channel *chan) 266{ 267 struct ieee80211com *ic = ni->ni_ic; 268 struct ieee80211vap *vap = ni->ni_vap; 269 enum ieee80211_phymode mode; 270 271 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel")); 272 273 ni->ni_chan = chan; 274 mode = ieee80211_chan2mode(chan); 275 if (IEEE80211_IS_CHAN_HT(chan)) { 276 /* 277 * XXX Gotta be careful here; the rate set returned by 278 * ieee80211_get_suprates is actually any HT rate 279 * set so blindly copying it will be bad. We must 280 * install the legacy rate est in ni_rates and the 281 * HT rate set in ni_htrates. 282 */ 283 ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan); 284 /* 285 * Setup bss tx parameters based on operating mode. We 286 * use legacy rates when operating in a mixed HT+non-HT bss 287 * and non-ERP rates in 11g for mixed ERP+non-ERP bss. 288 */ 289 if (mode == IEEE80211_MODE_11NA && 290 (vap->iv_flags_ext & IEEE80211_FEXT_PUREN) == 0) 291 mode = IEEE80211_MODE_11A; 292 else if (mode == IEEE80211_MODE_11NG && 293 (vap->iv_flags_ext & IEEE80211_FEXT_PUREN) == 0) 294 mode = IEEE80211_MODE_11G; 295 if (mode == IEEE80211_MODE_11G && 296 (vap->iv_flags & IEEE80211_F_PUREG) == 0) 297 mode = IEEE80211_MODE_11B; 298 } 299 ni->ni_txparms = &vap->iv_txparms[mode]; 300 ni->ni_rates = *ieee80211_get_suprates(ic, chan); 301} 302 303static __inline void 304copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 305{ 306 /* propagate useful state */ 307 nbss->ni_authmode = obss->ni_authmode; 308 nbss->ni_txpower = obss->ni_txpower; 309 nbss->ni_vlan = obss->ni_vlan; 310 /* XXX statistics? */ 311 /* XXX legacy WDS bssid? */ 312} 313 314void 315ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan) 316{ 317 struct ieee80211com *ic = vap->iv_ic; 318 struct ieee80211_node *ni; 319 320 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 321 "%s: creating ibss on channel %u\n", __func__, 322 ieee80211_chan2ieee(ic, chan)); 323 324 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 325 if (ni == NULL) { 326 /* XXX recovery? */ 327 return; 328 } 329 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 330 ni->ni_esslen = vap->iv_des_ssid[0].len; 331 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 332 if (vap->iv_bss != NULL) 333 copy_bss(ni, vap->iv_bss); 334 ni->ni_intval = ic->ic_bintval; 335 if (vap->iv_flags & IEEE80211_F_PRIVACY) 336 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 337 if (ic->ic_phytype == IEEE80211_T_FH) { 338 ni->ni_fhdwell = 200; /* XXX */ 339 ni->ni_fhindex = 1; 340 } 341 if (vap->iv_opmode == IEEE80211_M_IBSS) { 342 vap->iv_flags |= IEEE80211_F_SIBSS; 343 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 344 if (vap->iv_flags & IEEE80211_F_DESBSSID) 345 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 346 else { 347 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN); 348 /* clear group bit, add local bit */ 349 ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02; 350 } 351 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 352 if (vap->iv_flags & IEEE80211_F_DESBSSID) 353 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 354 else 355#ifdef IEEE80211_SUPPORT_TDMA 356 if ((vap->iv_caps & IEEE80211_C_TDMA) == 0) 357#endif 358 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN); 359 } 360 /* 361 * Fix the channel and related attributes. 362 */ 363 /* clear DFS CAC state on previous channel */ 364 if (ic->ic_bsschan != IEEE80211_CHAN_ANYC && 365 ic->ic_bsschan->ic_freq != chan->ic_freq && 366 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan)) 367 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan); 368 ic->ic_bsschan = chan; 369 ieee80211_node_set_chan(ni, chan); 370 ic->ic_curmode = ieee80211_chan2mode(chan); 371 /* 372 * Do mode-specific setup. 373 */ 374 if (IEEE80211_IS_CHAN_FULL(chan)) { 375 if (IEEE80211_IS_CHAN_ANYG(chan)) { 376 /* 377 * Use a mixed 11b/11g basic rate set. 378 */ 379 ieee80211_setbasicrates(&ni->ni_rates, 380 IEEE80211_MODE_11G); 381 if (vap->iv_flags & IEEE80211_F_PUREG) { 382 /* 383 * Also mark OFDM rates basic so 11b 384 * stations do not join (WiFi compliance). 385 */ 386 ieee80211_addbasicrates(&ni->ni_rates, 387 IEEE80211_MODE_11A); 388 } 389 } else if (IEEE80211_IS_CHAN_B(chan)) { 390 /* 391 * Force pure 11b rate set. 392 */ 393 ieee80211_setbasicrates(&ni->ni_rates, 394 IEEE80211_MODE_11B); 395 } 396 } 397 398 (void) ieee80211_sta_join1(ieee80211_ref_node(ni)); 399} 400 401/* 402 * Reset bss state on transition to the INIT state. 403 * Clear any stations from the table (they have been 404 * deauth'd) and reset the bss node (clears key, rate 405 * etc. state). 406 */ 407void 408ieee80211_reset_bss(struct ieee80211vap *vap) 409{ 410 struct ieee80211com *ic = vap->iv_ic; 411 struct ieee80211_node *ni, *obss; 412 413 ieee80211_node_table_reset(&ic->ic_sta, vap); 414 /* XXX multi-bss: wrong */ 415 ieee80211_reset_erp(ic); 416 417 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 418 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 419 obss = vap->iv_bss; 420 vap->iv_bss = ieee80211_ref_node(ni); 421 if (obss != NULL) { 422 copy_bss(ni, obss); 423 ni->ni_intval = ic->ic_bintval; 424 ieee80211_free_node(obss); 425 } else 426 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 427} 428 429static int 430match_ssid(const struct ieee80211_node *ni, 431 int nssid, const struct ieee80211_scan_ssid ssids[]) 432{ 433 int i; 434 435 for (i = 0; i < nssid; i++) { 436 if (ni->ni_esslen == ssids[i].len && 437 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0) 438 return 1; 439 } 440 return 0; 441} 442 443/* 444 * Test a node for suitability/compatibility. 445 */ 446static int 447check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni) 448{ 449 struct ieee80211com *ic = ni->ni_ic; 450 uint8_t rate; 451 452 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 453 return 0; 454 if (vap->iv_opmode == IEEE80211_M_IBSS) { 455 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 456 return 0; 457 } else { 458 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 459 return 0; 460 } 461 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 462 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 463 return 0; 464 } else { 465 /* XXX does this mean privacy is supported or required? */ 466 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 467 return 0; 468 } 469 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 470 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 471 if (rate & IEEE80211_RATE_BASIC) 472 return 0; 473 if (vap->iv_des_nssid != 0 && 474 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 475 return 0; 476 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 477 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 478 return 0; 479 return 1; 480} 481 482#ifdef IEEE80211_DEBUG 483/* 484 * Display node suitability/compatibility. 485 */ 486static void 487check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni) 488{ 489 struct ieee80211com *ic = ni->ni_ic; 490 uint8_t rate; 491 int fail; 492 493 fail = 0; 494 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 495 fail |= 0x01; 496 if (vap->iv_opmode == IEEE80211_M_IBSS) { 497 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 498 fail |= 0x02; 499 } else { 500 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 501 fail |= 0x02; 502 } 503 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 504 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 505 fail |= 0x04; 506 } else { 507 /* XXX does this mean privacy is supported or required? */ 508 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 509 fail |= 0x04; 510 } 511 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 512 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 513 if (rate & IEEE80211_RATE_BASIC) 514 fail |= 0x08; 515 if (vap->iv_des_nssid != 0 && 516 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 517 fail |= 0x10; 518 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 519 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 520 fail |= 0x20; 521 522 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr)); 523 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' '); 524 printf(" %3d%c", 525 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' '); 526 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 527 fail & 0x08 ? '!' : ' '); 528 printf(" %4s%c", 529 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 530 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 531 "????", 532 fail & 0x02 ? '!' : ' '); 533 printf(" %3s%c ", 534 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no", 535 fail & 0x04 ? '!' : ' '); 536 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 537 printf("%s\n", fail & 0x10 ? "!" : ""); 538} 539#endif /* IEEE80211_DEBUG */ 540 541/* 542 * Handle 802.11 ad hoc network merge. The 543 * convention, set by the Wireless Ethernet Compatibility Alliance 544 * (WECA), is that an 802.11 station will change its BSSID to match 545 * the "oldest" 802.11 ad hoc network, on the same channel, that 546 * has the station's desired SSID. The "oldest" 802.11 network 547 * sends beacons with the greatest TSF timestamp. 548 * 549 * The caller is assumed to validate TSF's before attempting a merge. 550 * 551 * Return !0 if the BSSID changed, 0 otherwise. 552 */ 553int 554ieee80211_ibss_merge(struct ieee80211_node *ni) 555{ 556 struct ieee80211vap *vap = ni->ni_vap; 557#ifdef IEEE80211_DEBUG 558 struct ieee80211com *ic = ni->ni_ic; 559#endif 560 561 if (ni == vap->iv_bss || 562 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) { 563 /* unchanged, nothing to do */ 564 return 0; 565 } 566 if (!check_bss(vap, ni)) { 567 /* capabilities mismatch */ 568 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 569 "%s: merge failed, capabilities mismatch\n", __func__); 570#ifdef IEEE80211_DEBUG 571 if (ieee80211_msg_assoc(vap)) 572 check_bss_debug(vap, ni); 573#endif 574 vap->iv_stats.is_ibss_capmismatch++; 575 return 0; 576 } 577 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 578 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 579 ether_sprintf(ni->ni_bssid), 580 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 581 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 582 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 583 ); 584 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 585} 586 587/* 588 * Calculate HT channel promotion flags for all vaps. 589 * This assumes ni_chan have been setup for each vap. 590 */ 591static int 592gethtadjustflags(struct ieee80211com *ic) 593{ 594 struct ieee80211vap *vap; 595 int flags; 596 597 flags = 0; 598 /* XXX locking */ 599 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 600 if (vap->iv_state < IEEE80211_S_RUN) 601 continue; 602 switch (vap->iv_opmode) { 603 case IEEE80211_M_WDS: 604 case IEEE80211_M_STA: 605 case IEEE80211_M_AHDEMO: 606 case IEEE80211_M_HOSTAP: 607 case IEEE80211_M_IBSS: 608 flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan); 609 break; 610 default: 611 break; 612 } 613 } 614 return flags; 615} 616 617/* 618 * Check if the current channel needs to change based on whether 619 * any vap's are using HT20/HT40. This is used to sync the state 620 * of ic_curchan after a channel width change on a running vap. 621 */ 622void 623ieee80211_sync_curchan(struct ieee80211com *ic) 624{ 625 struct ieee80211_channel *c; 626 627 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic)); 628 if (c != ic->ic_curchan) { 629 ic->ic_curchan = c; 630 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 631 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 632 ic->ic_set_channel(ic); 633 } 634} 635 636/* 637 * Change the current channel. The request channel may be 638 * promoted if other vap's are operating with HT20/HT40. 639 */ 640void 641ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 642{ 643 if (ic->ic_htcaps & IEEE80211_HTC_HT) { 644 int flags = gethtadjustflags(ic); 645 /* 646 * Check for channel promotion required to support the 647 * set of running vap's. This assumes we are called 648 * after ni_chan is setup for each vap. 649 */ 650 /* NB: this assumes IEEE80211_FEXT_USEHT40 > IEEE80211_FEXT_HT */ 651 if (flags > ieee80211_htchanflags(c)) 652 c = ieee80211_ht_adjust_channel(ic, c, flags); 653 } 654 ic->ic_bsschan = ic->ic_curchan = c; 655 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 656 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 657 ic->ic_set_channel(ic); 658} 659 660/* 661 * Join the specified IBSS/BSS network. The node is assumed to 662 * be passed in with a held reference. 663 */ 664static int 665ieee80211_sta_join1(struct ieee80211_node *selbs) 666{ 667 struct ieee80211vap *vap = selbs->ni_vap; 668 struct ieee80211com *ic = selbs->ni_ic; 669 struct ieee80211_node *obss; 670 int canreassoc; 671 672 /* 673 * Committed to selbs, setup state. 674 */ 675 obss = vap->iv_bss; 676 /* 677 * Check if old+new node have the same address in which 678 * case we can reassociate when operating in sta mode. 679 */ 680 canreassoc = (obss != NULL && 681 vap->iv_state == IEEE80211_S_RUN && 682 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr)); 683 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt */ 684 if (obss != NULL) { 685 copy_bss(selbs, obss); 686 ieee80211_node_decref(obss); /* iv_bss reference */ 687 ieee80211_free_node(obss); /* station table reference */ 688 obss = NULL; /* NB: guard against later use */ 689 } 690 691 /* 692 * Delete unusable rates; we've already checked 693 * that the negotiated rate set is acceptable. 694 */ 695 ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates, 696 IEEE80211_F_DODEL | IEEE80211_F_JOIN); 697 698 ieee80211_setcurchan(ic, selbs->ni_chan); 699 /* 700 * Set the erp state (mostly the slot time) to deal with 701 * the auto-select case; this should be redundant if the 702 * mode is locked. 703 */ 704 ieee80211_reset_erp(ic); 705 ieee80211_wme_initparams(vap); 706 707 if (vap->iv_opmode == IEEE80211_M_STA) { 708 if (canreassoc) { 709 /* Reassociate */ 710 ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1); 711 } else { 712 /* 713 * Act as if we received a DEAUTH frame in case we 714 * are invoked from the RUN state. This will cause 715 * us to try to re-authenticate if we are operating 716 * as a station. 717 */ 718 ieee80211_new_state(vap, IEEE80211_S_AUTH, 719 IEEE80211_FC0_SUBTYPE_DEAUTH); 720 } 721 } else 722 ieee80211_new_state(vap, IEEE80211_S_RUN, -1); 723 return 1; 724} 725 726int 727ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan, 728 const struct ieee80211_scan_entry *se) 729{ 730 struct ieee80211com *ic = vap->iv_ic; 731 struct ieee80211_node *ni; 732 733 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr); 734 if (ni == NULL) { 735 /* XXX msg */ 736 return 0; 737 } 738 /* 739 * Expand scan state into node's format. 740 * XXX may not need all this stuff 741 */ 742 IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid); 743 ni->ni_esslen = se->se_ssid[1]; 744 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen); 745 ni->ni_rstamp = se->se_rstamp; 746 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 747 ni->ni_intval = se->se_intval; 748 ni->ni_capinfo = se->se_capinfo; 749 ni->ni_chan = chan; 750 ni->ni_timoff = se->se_timoff; 751 ni->ni_fhdwell = se->se_fhdwell; 752 ni->ni_fhindex = se->se_fhindex; 753 ni->ni_erp = se->se_erp; 754 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi); 755 ni->ni_noise = se->se_noise; 756 if (vap->iv_opmode == IEEE80211_M_STA) { 757 /* NB: only infrastructure mode requires an associd */ 758 ni->ni_flags |= IEEE80211_NODE_ASSOCID; 759 } 760 761 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) { 762 ieee80211_ies_expand(&ni->ni_ies); 763#ifdef IEEE80211_SUPPORT_SUPERG 764 if (ni->ni_ies.ath_ie != NULL) 765 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 766#endif 767 if (ni->ni_ies.htcap_ie != NULL) 768 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 769 if (ni->ni_ies.htinfo_ie != NULL) 770 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 771#ifdef IEEE80211_SUPPORT_TDMA 772 if (ni->ni_ies.tdma_ie != NULL) 773 ieee80211_parse_tdma(ni, ni->ni_ies.tdma_ie); 774#endif 775 } 776 777 vap->iv_dtim_period = se->se_dtimperiod; 778 vap->iv_dtim_count = 0; 779 780 /* NB: must be after ni_chan is setup */ 781 ieee80211_setup_rates(ni, se->se_rates, se->se_xrates, 782 IEEE80211_F_DOSORT); 783 if (ieee80211_iserp_rateset(&ni->ni_rates)) 784 ni->ni_flags |= IEEE80211_NODE_ERP; 785 node_setuptxparms(ni); 786 787 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 788} 789 790/* 791 * Leave the specified IBSS/BSS network. The node is assumed to 792 * be passed in with a held reference. 793 */ 794void 795ieee80211_sta_leave(struct ieee80211_node *ni) 796{ 797 struct ieee80211com *ic = ni->ni_ic; 798 799 ic->ic_node_cleanup(ni); 800 ieee80211_notify_node_leave(ni); 801} 802 803/* 804 * Send a deauthenticate frame and drop the station. 805 */ 806void 807ieee80211_node_deauth(struct ieee80211_node *ni, int reason) 808{ 809 /* NB: bump the refcnt to be sure temporay nodes are not reclaimed */ 810 ieee80211_ref_node(ni); 811 if (ni->ni_associd != 0) 812 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 813 ieee80211_node_leave(ni); 814 ieee80211_free_node(ni); 815} 816 817static struct ieee80211_node * 818node_alloc(struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 819{ 820 struct ieee80211_node *ni; 821 822 ni = (struct ieee80211_node *) malloc(sizeof(struct ieee80211_node), 823 M_80211_NODE, M_NOWAIT | M_ZERO); 824 return ni; 825} 826 827/* 828 * Initialize an ie blob with the specified data. If previous 829 * data exists re-use the data block. As a side effect we clear 830 * all references to specific ie's; the caller is required to 831 * recalculate them. 832 */ 833int 834ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len) 835{ 836 /* NB: assumes data+len are the last fields */ 837 memset(ies, 0, offsetof(struct ieee80211_ies, data)); 838 if (ies->data != NULL && ies->len != len) { 839 /* data size changed */ 840 free(ies->data, M_80211_NODE_IE); 841 ies->data = NULL; 842 } 843 if (ies->data == NULL) { 844 ies->data = (uint8_t *) malloc(len, M_80211_NODE_IE, M_NOWAIT); 845 if (ies->data == NULL) { 846 ies->len = 0; 847 /* NB: pointers have already been zero'd above */ 848 return 0; 849 } 850 } 851 memcpy(ies->data, data, len); 852 ies->len = len; 853 return 1; 854} 855 856/* 857 * Reclaim storage for an ie blob. 858 */ 859void 860ieee80211_ies_cleanup(struct ieee80211_ies *ies) 861{ 862 if (ies->data != NULL) 863 free(ies->data, M_80211_NODE_IE); 864} 865 866/* 867 * Expand an ie blob data contents and to fillin individual 868 * ie pointers. The data blob is assumed to be well-formed; 869 * we don't do any validity checking of ie lengths. 870 */ 871void 872ieee80211_ies_expand(struct ieee80211_ies *ies) 873{ 874 uint8_t *ie; 875 int ielen; 876 877 ie = ies->data; 878 ielen = ies->len; 879 while (ielen > 0) { 880 switch (ie[0]) { 881 case IEEE80211_ELEMID_VENDOR: 882 if (iswpaoui(ie)) 883 ies->wpa_ie = ie; 884 else if (iswmeoui(ie)) 885 ies->wme_ie = ie; 886#ifdef IEEE80211_SUPPORT_SUPERG 887 else if (isatherosoui(ie)) 888 ies->ath_ie = ie; 889#endif 890#ifdef IEEE80211_SUPPORT_TDMA 891 else if (istdmaoui(ie)) 892 ies->tdma_ie = ie; 893#endif 894 break; 895 case IEEE80211_ELEMID_RSN: 896 ies->rsn_ie = ie; 897 break; 898 case IEEE80211_ELEMID_HTCAP: 899 ies->htcap_ie = ie; 900 break; 901 } 902 ielen -= 2 + ie[1]; 903 ie += 2 + ie[1]; 904 } 905} 906 907/* 908 * Reclaim any resources in a node and reset any critical 909 * state. Typically nodes are free'd immediately after, 910 * but in some cases the storage may be reused so we need 911 * to insure consistent state (should probably fix that). 912 */ 913static void 914node_cleanup(struct ieee80211_node *ni) 915{ 916#define N(a) (sizeof(a)/sizeof(a[0])) 917 struct ieee80211vap *vap = ni->ni_vap; 918 int i; 919 920 /* NB: preserve ni_table */ 921 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 922 if (vap->iv_opmode != IEEE80211_M_STA) 923 vap->iv_ps_sta--; 924 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 925 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni, 926 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta); 927 } 928 /* 929 * Cleanup any HT-related state. 930 */ 931 if (ni->ni_flags & IEEE80211_NODE_HT) 932 ieee80211_ht_node_cleanup(ni); 933#ifdef IEEE80211_SUPPORT_SUPERG 934 else if (ni->ni_ath_flags & IEEE80211_NODE_ATH) 935 ieee80211_ff_node_cleanup(ni); 936#endif 937 /* 938 * Clear AREF flag that marks the authorization refcnt bump 939 * has happened. This is probably not needed as the node 940 * should always be removed from the table so not found but 941 * do it just in case. 942 * Likewise clear the ASSOCID flag as these flags are intended 943 * to be managed in tandem. 944 */ 945 ni->ni_flags &= ~(IEEE80211_NODE_AREF | IEEE80211_NODE_ASSOCID); 946 947 /* 948 * Drain power save queue and, if needed, clear TIM. 949 */ 950 if (ieee80211_node_psq_drain(ni) != 0 && vap->iv_set_tim != NULL) 951 vap->iv_set_tim(ni, 0); 952 953 ni->ni_associd = 0; 954 if (ni->ni_challenge != NULL) { 955 free(ni->ni_challenge, M_80211_NODE); 956 ni->ni_challenge = NULL; 957 } 958 /* 959 * Preserve SSID, WPA, and WME ie's so the bss node is 960 * reusable during a re-auth/re-assoc state transition. 961 * If we remove these data they will not be recreated 962 * because they come from a probe-response or beacon frame 963 * which cannot be expected prior to the association-response. 964 * This should not be an issue when operating in other modes 965 * as stations leaving always go through a full state transition 966 * which will rebuild this state. 967 * 968 * XXX does this leave us open to inheriting old state? 969 */ 970 for (i = 0; i < N(ni->ni_rxfrag); i++) 971 if (ni->ni_rxfrag[i] != NULL) { 972 m_freem(ni->ni_rxfrag[i]); 973 ni->ni_rxfrag[i] = NULL; 974 } 975 /* 976 * Must be careful here to remove any key map entry w/o a LOR. 977 */ 978 ieee80211_node_delucastkey(ni); 979#undef N 980} 981 982static void 983node_free(struct ieee80211_node *ni) 984{ 985 struct ieee80211com *ic = ni->ni_ic; 986 987 ic->ic_node_cleanup(ni); 988 ieee80211_ies_cleanup(&ni->ni_ies); 989 ieee80211_psq_cleanup(&ni->ni_psq); 990 IEEE80211_NODE_WDSQ_DESTROY(ni); 991 free(ni, M_80211_NODE); 992} 993 994static void 995node_age(struct ieee80211_node *ni) 996{ 997 struct ieee80211vap *vap = ni->ni_vap; 998 999 IEEE80211_NODE_LOCK_ASSERT(&vap->iv_ic->ic_sta); 1000 1001 /* 1002 * Age frames on the power save queue. 1003 */ 1004 if (ieee80211_node_psq_age(ni) != 0 && 1005 ni->ni_psq.psq_len == 0 && vap->iv_set_tim != NULL) 1006 vap->iv_set_tim(ni, 0); 1007 /* 1008 * Age frames on the wds pending queue. 1009 */ 1010 if (IEEE80211_NODE_WDSQ_QLEN(ni) != 0) 1011 ieee80211_node_wdsq_age(ni); 1012 /* 1013 * Age out HT resources (e.g. frames on the 1014 * A-MPDU reorder queues). 1015 */ 1016 if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT)) 1017 ieee80211_ht_node_age(ni); 1018} 1019 1020static int8_t 1021node_getrssi(const struct ieee80211_node *ni) 1022{ 1023 uint32_t avgrssi = ni->ni_avgrssi; 1024 int32_t rssi; 1025 1026 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) 1027 return 0; 1028 rssi = IEEE80211_RSSI_GET(avgrssi); 1029 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 1030} 1031 1032static void 1033node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise) 1034{ 1035 *rssi = node_getrssi(ni); 1036 *noise = ni->ni_noise; 1037} 1038 1039static void 1040node_getmimoinfo(const struct ieee80211_node *ni, 1041 struct ieee80211_mimo_info *info) 1042{ 1043 /* XXX zero data? */ 1044} 1045 1046struct ieee80211_node * 1047ieee80211_alloc_node(struct ieee80211_node_table *nt, 1048 struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1049{ 1050 struct ieee80211com *ic = nt->nt_ic; 1051 struct ieee80211_node *ni; 1052 int hash; 1053 1054 ni = ic->ic_node_alloc(vap, macaddr); 1055 if (ni == NULL) { 1056 vap->iv_stats.is_rx_nodealloc++; 1057 return NULL; 1058 } 1059 1060 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1061 "%s %p<%s> in %s table\n", __func__, ni, 1062 ether_sprintf(macaddr), nt->nt_name); 1063 1064 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1065 hash = IEEE80211_NODE_HASH(macaddr); 1066 ieee80211_node_initref(ni); /* mark referenced */ 1067 ni->ni_chan = IEEE80211_CHAN_ANYC; 1068 ni->ni_authmode = IEEE80211_AUTH_OPEN; 1069 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 1070 ni->ni_txparms = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1071 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 1072 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER; 1073 ni->ni_inact_reload = nt->nt_inact_init; 1074 ni->ni_inact = ni->ni_inact_reload; 1075 ni->ni_ath_defkeyix = 0x7fff; 1076 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1077 IEEE80211_NODE_WDSQ_INIT(ni, "unknown"); 1078 1079 IEEE80211_NODE_LOCK(nt); 1080 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 1081 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 1082 ni->ni_table = nt; 1083 ni->ni_vap = vap; 1084 ni->ni_ic = ic; 1085 IEEE80211_NODE_UNLOCK(nt); 1086 1087 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 1088 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 1089 1090 return ni; 1091} 1092 1093/* 1094 * Craft a temporary node suitable for sending a management frame 1095 * to the specified station. We craft only as much state as we 1096 * need to do the work since the node will be immediately reclaimed 1097 * once the send completes. 1098 */ 1099struct ieee80211_node * 1100ieee80211_tmp_node(struct ieee80211vap *vap, 1101 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1102{ 1103 struct ieee80211com *ic = vap->iv_ic; 1104 struct ieee80211_node *ni; 1105 1106 ni = ic->ic_node_alloc(vap, macaddr); 1107 if (ni != NULL) { 1108 struct ieee80211_node *bss = vap->iv_bss; 1109 1110 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1111 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1112 1113 ni->ni_table = NULL; /* NB: pedantic */ 1114 ni->ni_ic = ic; /* NB: needed to set channel */ 1115 ni->ni_vap = vap; 1116 1117 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1118 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1119 ieee80211_node_initref(ni); /* mark referenced */ 1120 /* NB: required by ieee80211_fix_rate */ 1121 ieee80211_node_set_chan(ni, bss->ni_chan); 1122 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, 1123 IEEE80211_KEYIX_NONE); 1124 ni->ni_txpower = bss->ni_txpower; 1125 /* XXX optimize away */ 1126 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1127 IEEE80211_NODE_WDSQ_INIT(ni, "unknown"); 1128 } else { 1129 /* XXX msg */ 1130 vap->iv_stats.is_rx_nodealloc++; 1131 } 1132 return ni; 1133} 1134 1135struct ieee80211_node * 1136ieee80211_dup_bss(struct ieee80211vap *vap, 1137 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1138{ 1139 struct ieee80211com *ic = vap->iv_ic; 1140 struct ieee80211_node *ni; 1141 1142 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr); 1143 if (ni != NULL) { 1144 struct ieee80211_node *bss = vap->iv_bss; 1145 /* 1146 * Inherit from iv_bss. 1147 */ 1148 copy_bss(ni, bss); 1149 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1150 ieee80211_node_set_chan(ni, bss->ni_chan); 1151 } 1152 return ni; 1153} 1154 1155/* 1156 * Create a bss node for a legacy WDS vap. The far end does 1157 * not associate so we just create create a new node and 1158 * simulate an association. The caller is responsible for 1159 * installing the node as the bss node and handling any further 1160 * setup work like authorizing the port. 1161 */ 1162struct ieee80211_node * 1163ieee80211_node_create_wds(struct ieee80211vap *vap, 1164 const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan) 1165{ 1166 struct ieee80211com *ic = vap->iv_ic; 1167 struct ieee80211_node *ni; 1168 1169 /* XXX check if node already in sta table? */ 1170 ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid); 1171 if (ni != NULL) { 1172 ni->ni_wdsvap = vap; 1173 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid); 1174 /* 1175 * Inherit any manually configured settings. 1176 */ 1177 copy_bss(ni, vap->iv_bss); 1178 ieee80211_node_set_chan(ni, chan); 1179 /* NB: propagate ssid so available to WPA supplicant */ 1180 ni->ni_esslen = vap->iv_des_ssid[0].len; 1181 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 1182 /* NB: no associd for peer */ 1183 /* 1184 * There are no management frames to use to 1185 * discover neighbor capabilities, so blindly 1186 * propagate the local configuration. 1187 */ 1188 if (vap->iv_flags & IEEE80211_F_WME) 1189 ni->ni_flags |= IEEE80211_NODE_QOS; 1190#ifdef IEEE80211_SUPPORT_SUPERG 1191 if (vap->iv_flags & IEEE80211_F_FF) 1192 ni->ni_flags |= IEEE80211_NODE_FF; 1193#endif 1194 if ((ic->ic_htcaps & IEEE80211_HTC_HT) && 1195 (vap->iv_flags_ext & IEEE80211_FEXT_HT)) { 1196 /* 1197 * Device is HT-capable and HT is enabled for 1198 * the vap; setup HT operation. On return 1199 * ni_chan will be adjusted to an HT channel. 1200 */ 1201 ieee80211_ht_wds_init(ni); 1202 } else { 1203 struct ieee80211_channel *c = ni->ni_chan; 1204 /* 1205 * Force a legacy channel to be used. 1206 */ 1207 c = ieee80211_find_channel(ic, 1208 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT); 1209 KASSERT(c != NULL, ("no legacy channel, %u/%x", 1210 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags)); 1211 ni->ni_chan = c; 1212 } 1213 } 1214 return ni; 1215} 1216 1217struct ieee80211_node * 1218#ifdef IEEE80211_DEBUG_REFCNT 1219ieee80211_find_node_locked_debug(struct ieee80211_node_table *nt, 1220 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1221#else 1222ieee80211_find_node_locked(struct ieee80211_node_table *nt, 1223 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1224#endif 1225{ 1226 struct ieee80211_node *ni; 1227 int hash; 1228 1229 IEEE80211_NODE_LOCK_ASSERT(nt); 1230 1231 hash = IEEE80211_NODE_HASH(macaddr); 1232 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1233 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1234 ieee80211_ref_node(ni); /* mark referenced */ 1235#ifdef IEEE80211_DEBUG_REFCNT 1236 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1237 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1238 func, line, 1239 ni, ether_sprintf(ni->ni_macaddr), 1240 ieee80211_node_refcnt(ni)); 1241#endif 1242 return ni; 1243 } 1244 } 1245 return NULL; 1246} 1247 1248struct ieee80211_node * 1249#ifdef IEEE80211_DEBUG_REFCNT 1250ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1251 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1252#else 1253ieee80211_find_node(struct ieee80211_node_table *nt, 1254 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1255#endif 1256{ 1257 struct ieee80211_node *ni; 1258 1259 IEEE80211_NODE_LOCK(nt); 1260 ni = ieee80211_find_node_locked(nt, macaddr); 1261 IEEE80211_NODE_UNLOCK(nt); 1262 return ni; 1263} 1264 1265struct ieee80211_node * 1266#ifdef IEEE80211_DEBUG_REFCNT 1267ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table *nt, 1268 const struct ieee80211vap *vap, 1269 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1270#else 1271ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt, 1272 const struct ieee80211vap *vap, 1273 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1274#endif 1275{ 1276 struct ieee80211_node *ni; 1277 int hash; 1278 1279 IEEE80211_NODE_LOCK_ASSERT(nt); 1280 1281 hash = IEEE80211_NODE_HASH(macaddr); 1282 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1283 if (ni->ni_vap == vap && 1284 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1285 ieee80211_ref_node(ni); /* mark referenced */ 1286#ifdef IEEE80211_DEBUG_REFCNT 1287 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1288 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1289 func, line, 1290 ni, ether_sprintf(ni->ni_macaddr), 1291 ieee80211_node_refcnt(ni)); 1292#endif 1293 return ni; 1294 } 1295 } 1296 return NULL; 1297} 1298 1299struct ieee80211_node * 1300#ifdef IEEE80211_DEBUG_REFCNT 1301ieee80211_find_vap_node_debug(struct ieee80211_node_table *nt, 1302 const struct ieee80211vap *vap, 1303 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1304#else 1305ieee80211_find_vap_node(struct ieee80211_node_table *nt, 1306 const struct ieee80211vap *vap, 1307 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1308#endif 1309{ 1310 struct ieee80211_node *ni; 1311 1312 IEEE80211_NODE_LOCK(nt); 1313 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr); 1314 IEEE80211_NODE_UNLOCK(nt); 1315 return ni; 1316} 1317 1318/* 1319 * Fake up a node; this handles node discovery in adhoc mode. 1320 * Note that for the driver's benefit we we treat this like 1321 * an association so the driver has an opportunity to setup 1322 * it's private state. 1323 */ 1324struct ieee80211_node * 1325ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap, 1326 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1327{ 1328 struct ieee80211_node *ni; 1329 1330 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1331 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr)); 1332 ni = ieee80211_dup_bss(vap, macaddr); 1333 if (ni != NULL) { 1334 struct ieee80211com *ic = vap->iv_ic; 1335 1336 /* XXX no rate negotiation; just dup */ 1337 ni->ni_rates = vap->iv_bss->ni_rates; 1338 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1339 ni->ni_flags |= IEEE80211_NODE_ERP; 1340 if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 1341 /* 1342 * In adhoc demo mode there are no management 1343 * frames to use to discover neighbor capabilities, 1344 * so blindly propagate the local configuration 1345 * so we can do interesting things (e.g. use 1346 * WME to disable ACK's). 1347 */ 1348 if (vap->iv_flags & IEEE80211_F_WME) 1349 ni->ni_flags |= IEEE80211_NODE_QOS; 1350#ifdef IEEE80211_SUPPORT_SUPERG 1351 if (vap->iv_flags & IEEE80211_F_FF) 1352 ni->ni_flags |= IEEE80211_NODE_FF; 1353#endif 1354 } 1355 node_setuptxparms(ni); 1356 if (ic->ic_newassoc != NULL) 1357 ic->ic_newassoc(ni, 1); 1358 /* XXX not right for 802.1x/WPA */ 1359 ieee80211_node_authorize(ni); 1360 } 1361 return ni; 1362} 1363 1364void 1365ieee80211_init_neighbor(struct ieee80211_node *ni, 1366 const struct ieee80211_frame *wh, 1367 const struct ieee80211_scanparams *sp) 1368{ 1369 ni->ni_esslen = sp->ssid[1]; 1370 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1371 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1372 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1373 ni->ni_intval = sp->bintval; 1374 ni->ni_capinfo = sp->capinfo; 1375 ni->ni_chan = ni->ni_ic->ic_curchan; 1376 ni->ni_fhdwell = sp->fhdwell; 1377 ni->ni_fhindex = sp->fhindex; 1378 ni->ni_erp = sp->erp; 1379 ni->ni_timoff = sp->timoff; 1380 1381 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) { 1382 ieee80211_ies_expand(&ni->ni_ies); 1383 if (ni->ni_ies.wme_ie != NULL) 1384 ni->ni_flags |= IEEE80211_NODE_QOS; 1385 else 1386 ni->ni_flags &= ~IEEE80211_NODE_QOS; 1387#ifdef IEEE80211_SUPPORT_SUPERG 1388 if (ni->ni_ies.ath_ie != NULL) 1389 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 1390#endif 1391 } 1392 1393 /* NB: must be after ni_chan is setup */ 1394 ieee80211_setup_rates(ni, sp->rates, sp->xrates, 1395 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1396 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1397} 1398 1399/* 1400 * Do node discovery in adhoc mode on receipt of a beacon 1401 * or probe response frame. Note that for the driver's 1402 * benefit we we treat this like an association so the 1403 * driver has an opportunity to setup it's private state. 1404 */ 1405struct ieee80211_node * 1406ieee80211_add_neighbor(struct ieee80211vap *vap, 1407 const struct ieee80211_frame *wh, 1408 const struct ieee80211_scanparams *sp) 1409{ 1410 struct ieee80211_node *ni; 1411 1412 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1413 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2)); 1414 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */ 1415 if (ni != NULL) { 1416 struct ieee80211com *ic = vap->iv_ic; 1417 1418 ieee80211_init_neighbor(ni, wh, sp); 1419 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1420 ni->ni_flags |= IEEE80211_NODE_ERP; 1421 node_setuptxparms(ni); 1422 if (ic->ic_newassoc != NULL) 1423 ic->ic_newassoc(ni, 1); 1424 /* XXX not right for 802.1x/WPA */ 1425 ieee80211_node_authorize(ni); 1426 } 1427 return ni; 1428} 1429 1430#define IS_CTL(wh) \ 1431 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1432#define IS_PSPOLL(wh) \ 1433 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1434#define IS_BAR(wh) \ 1435 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_BAR) 1436#define IS_PROBEREQ(wh) \ 1437 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) \ 1438 == (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 1439#define IS_BCAST_PROBEREQ(wh) \ 1440 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \ 1441 ((const struct ieee80211_frame *)(wh))->i_addr3)) 1442 1443static __inline struct ieee80211_node * 1444_find_rxnode(struct ieee80211_node_table *nt, 1445 const struct ieee80211_frame_min *wh) 1446{ 1447 /* XXX 4-address frames? */ 1448 if (IS_CTL(wh) && !IS_PSPOLL(wh) && !IS_BAR(wh) /*&& !IS_RTS(ah)*/) 1449 return ieee80211_find_node_locked(nt, wh->i_addr1); 1450 if (IS_BCAST_PROBEREQ(wh)) 1451 return NULL; /* spam bcast probe req to all vap's */ 1452 return ieee80211_find_node_locked(nt, wh->i_addr2); 1453} 1454 1455/* 1456 * Locate the node for sender, track state, and then pass the 1457 * (referenced) node up to the 802.11 layer for its use. Note 1458 * we can return NULL if the sender is not in the table. 1459 */ 1460struct ieee80211_node * 1461#ifdef IEEE80211_DEBUG_REFCNT 1462ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1463 const struct ieee80211_frame_min *wh, const char *func, int line) 1464#else 1465ieee80211_find_rxnode(struct ieee80211com *ic, 1466 const struct ieee80211_frame_min *wh) 1467#endif 1468{ 1469 struct ieee80211_node_table *nt; 1470 struct ieee80211_node *ni; 1471 1472 nt = &ic->ic_sta; 1473 IEEE80211_NODE_LOCK(nt); 1474 ni = _find_rxnode(nt, wh); 1475 IEEE80211_NODE_UNLOCK(nt); 1476 1477 return ni; 1478} 1479 1480/* 1481 * Like ieee80211_find_rxnode but use the supplied h/w 1482 * key index as a hint to locate the node in the key 1483 * mapping table. If an entry is present at the key 1484 * index we return it; otherwise do a normal lookup and 1485 * update the mapping table if the station has a unicast 1486 * key assigned to it. 1487 */ 1488struct ieee80211_node * 1489#ifdef IEEE80211_DEBUG_REFCNT 1490ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic, 1491 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix, 1492 const char *func, int line) 1493#else 1494ieee80211_find_rxnode_withkey(struct ieee80211com *ic, 1495 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix) 1496#endif 1497{ 1498 struct ieee80211_node_table *nt; 1499 struct ieee80211_node *ni; 1500 1501 nt = &ic->ic_sta; 1502 IEEE80211_NODE_LOCK(nt); 1503 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) 1504 ni = nt->nt_keyixmap[keyix]; 1505 else 1506 ni = NULL; 1507 if (ni == NULL) { 1508 ni = _find_rxnode(nt, wh); 1509 if (ni != NULL && nt->nt_keyixmap != NULL) { 1510 /* 1511 * If the station has a unicast key cache slot 1512 * assigned update the key->node mapping table. 1513 */ 1514 keyix = ni->ni_ucastkey.wk_rxkeyix; 1515 /* XXX can keyixmap[keyix] != NULL? */ 1516 if (keyix < nt->nt_keyixmax && 1517 nt->nt_keyixmap[keyix] == NULL) { 1518 IEEE80211_DPRINTF(ni->ni_vap, 1519 IEEE80211_MSG_NODE, 1520 "%s: add key map entry %p<%s> refcnt %d\n", 1521 __func__, ni, ether_sprintf(ni->ni_macaddr), 1522 ieee80211_node_refcnt(ni)+1); 1523 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1524 } 1525 } 1526 } else { 1527 if (IS_BCAST_PROBEREQ(wh)) 1528 ni = NULL; /* spam bcast probe req to all vap's */ 1529 else 1530 ieee80211_ref_node(ni); 1531 } 1532 IEEE80211_NODE_UNLOCK(nt); 1533 1534 return ni; 1535} 1536#undef IS_BCAST_PROBEREQ 1537#undef IS_PROBEREQ 1538#undef IS_BAR 1539#undef IS_PSPOLL 1540#undef IS_CTL 1541 1542/* 1543 * Return a reference to the appropriate node for sending 1544 * a data frame. This handles node discovery in adhoc networks. 1545 */ 1546struct ieee80211_node * 1547#ifdef IEEE80211_DEBUG_REFCNT 1548ieee80211_find_txnode_debug(struct ieee80211vap *vap, 1549 const uint8_t macaddr[IEEE80211_ADDR_LEN], 1550 const char *func, int line) 1551#else 1552ieee80211_find_txnode(struct ieee80211vap *vap, 1553 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1554#endif 1555{ 1556 struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta; 1557 struct ieee80211_node *ni; 1558 1559 /* 1560 * The destination address should be in the node table 1561 * unless this is a multicast/broadcast frame. We can 1562 * also optimize station mode operation, all frames go 1563 * to the bss node. 1564 */ 1565 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1566 IEEE80211_NODE_LOCK(nt); 1567 if (vap->iv_opmode == IEEE80211_M_STA || 1568 vap->iv_opmode == IEEE80211_M_WDS || 1569 IEEE80211_IS_MULTICAST(macaddr)) 1570 ni = ieee80211_ref_node(vap->iv_bss); 1571 else 1572 ni = ieee80211_find_node_locked(nt, macaddr); 1573 IEEE80211_NODE_UNLOCK(nt); 1574 1575 if (ni == NULL) { 1576 if (vap->iv_opmode == IEEE80211_M_IBSS || 1577 vap->iv_opmode == IEEE80211_M_AHDEMO) { 1578 /* 1579 * In adhoc mode cons up a node for the destination. 1580 * Note that we need an additional reference for the 1581 * caller to be consistent with 1582 * ieee80211_find_node_locked. 1583 */ 1584 ni = ieee80211_fakeup_adhoc_node(vap, macaddr); 1585 if (ni != NULL) 1586 (void) ieee80211_ref_node(ni); 1587 } else { 1588 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr, 1589 "no node, discard frame (%s)", __func__); 1590 vap->iv_stats.is_tx_nonode++; 1591 } 1592 } 1593 return ni; 1594} 1595 1596static void 1597_ieee80211_free_node(struct ieee80211_node *ni) 1598{ 1599 struct ieee80211_node_table *nt = ni->ni_table; 1600 1601 /* 1602 * NB: careful about referencing the vap as it may be 1603 * gone if the last reference was held by a driver. 1604 * We know the com will always be present so it's safe 1605 * to use ni_ic below to reclaim resources. 1606 */ 1607#if 0 1608 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1609 "%s %p<%s> in %s table\n", __func__, ni, 1610 ether_sprintf(ni->ni_macaddr), 1611 nt != NULL ? nt->nt_name : "<gone>"); 1612#endif 1613 if (ni->ni_associd != 0) { 1614 struct ieee80211vap *vap = ni->ni_vap; 1615 if (vap->iv_aid_bitmap != NULL) 1616 IEEE80211_AID_CLR(vap, ni->ni_associd); 1617 } 1618 if (nt != NULL) { 1619 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1620 LIST_REMOVE(ni, ni_hash); 1621 } 1622 ni->ni_ic->ic_node_free(ni); 1623} 1624 1625void 1626#ifdef IEEE80211_DEBUG_REFCNT 1627ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1628#else 1629ieee80211_free_node(struct ieee80211_node *ni) 1630#endif 1631{ 1632 struct ieee80211_node_table *nt = ni->ni_table; 1633 1634#ifdef IEEE80211_DEBUG_REFCNT 1635 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1636 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1637 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1638#endif 1639 if (nt != NULL) { 1640 IEEE80211_NODE_LOCK(nt); 1641 if (ieee80211_node_dectestref(ni)) { 1642 /* 1643 * Last reference, reclaim state. 1644 */ 1645 _ieee80211_free_node(ni); 1646 } else if (ieee80211_node_refcnt(ni) == 1 && 1647 nt->nt_keyixmap != NULL) { 1648 ieee80211_keyix keyix; 1649 /* 1650 * Check for a last reference in the key mapping table. 1651 */ 1652 keyix = ni->ni_ucastkey.wk_rxkeyix; 1653 if (keyix < nt->nt_keyixmax && 1654 nt->nt_keyixmap[keyix] == ni) { 1655 IEEE80211_DPRINTF(ni->ni_vap, 1656 IEEE80211_MSG_NODE, 1657 "%s: %p<%s> clear key map entry", __func__, 1658 ni, ether_sprintf(ni->ni_macaddr)); 1659 nt->nt_keyixmap[keyix] = NULL; 1660 ieee80211_node_decref(ni); /* XXX needed? */ 1661 _ieee80211_free_node(ni); 1662 } 1663 } 1664 IEEE80211_NODE_UNLOCK(nt); 1665 } else { 1666 if (ieee80211_node_dectestref(ni)) 1667 _ieee80211_free_node(ni); 1668 } 1669} 1670 1671/* 1672 * Reclaim a unicast key and clear any key cache state. 1673 */ 1674int 1675ieee80211_node_delucastkey(struct ieee80211_node *ni) 1676{ 1677 struct ieee80211com *ic = ni->ni_ic; 1678 struct ieee80211_node_table *nt = &ic->ic_sta; 1679 struct ieee80211_node *nikey; 1680 ieee80211_keyix keyix; 1681 int isowned, status; 1682 1683 /* 1684 * NB: We must beware of LOR here; deleting the key 1685 * can cause the crypto layer to block traffic updates 1686 * which can generate a LOR against the node table lock; 1687 * grab it here and stash the key index for our use below. 1688 * 1689 * Must also beware of recursion on the node table lock. 1690 * When called from node_cleanup we may already have 1691 * the node table lock held. Unfortunately there's no 1692 * way to separate out this path so we must do this 1693 * conditionally. 1694 */ 1695 isowned = IEEE80211_NODE_IS_LOCKED(nt); 1696 if (!isowned) 1697 IEEE80211_NODE_LOCK(nt); 1698 nikey = NULL; 1699 status = 1; /* NB: success */ 1700 if (ni->ni_ucastkey.wk_keyix != IEEE80211_KEYIX_NONE) { 1701 keyix = ni->ni_ucastkey.wk_rxkeyix; 1702 status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey); 1703 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1704 nikey = nt->nt_keyixmap[keyix]; 1705 nt->nt_keyixmap[keyix] = NULL;; 1706 } 1707 } 1708 if (!isowned) 1709 IEEE80211_NODE_UNLOCK(nt); 1710 1711 if (nikey != NULL) { 1712 KASSERT(nikey == ni, 1713 ("key map out of sync, ni %p nikey %p", ni, nikey)); 1714 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1715 "%s: delete key map entry %p<%s> refcnt %d\n", 1716 __func__, ni, ether_sprintf(ni->ni_macaddr), 1717 ieee80211_node_refcnt(ni)-1); 1718 ieee80211_free_node(ni); 1719 } 1720 return status; 1721} 1722 1723/* 1724 * Reclaim a node. If this is the last reference count then 1725 * do the normal free work. Otherwise remove it from the node 1726 * table and mark it gone by clearing the back-reference. 1727 */ 1728static void 1729node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1730{ 1731 ieee80211_keyix keyix; 1732 1733 IEEE80211_NODE_LOCK_ASSERT(nt); 1734 1735 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1736 "%s: remove %p<%s> from %s table, refcnt %d\n", 1737 __func__, ni, ether_sprintf(ni->ni_macaddr), 1738 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1739 /* 1740 * Clear any entry in the unicast key mapping table. 1741 * We need to do it here so rx lookups don't find it 1742 * in the mapping table even if it's not in the hash 1743 * table. We cannot depend on the mapping table entry 1744 * being cleared because the node may not be free'd. 1745 */ 1746 keyix = ni->ni_ucastkey.wk_rxkeyix; 1747 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 1748 nt->nt_keyixmap[keyix] == ni) { 1749 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1750 "%s: %p<%s> clear key map entry %u\n", 1751 __func__, ni, ether_sprintf(ni->ni_macaddr), keyix); 1752 nt->nt_keyixmap[keyix] = NULL; 1753 ieee80211_node_decref(ni); /* NB: don't need free */ 1754 } 1755 if (!ieee80211_node_dectestref(ni)) { 1756 /* 1757 * Other references are present, just remove the 1758 * node from the table so it cannot be found. When 1759 * the references are dropped storage will be 1760 * reclaimed. 1761 */ 1762 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1763 LIST_REMOVE(ni, ni_hash); 1764 ni->ni_table = NULL; /* clear reference */ 1765 } else 1766 _ieee80211_free_node(ni); 1767} 1768 1769/* 1770 * Node table support. 1771 */ 1772 1773static void 1774ieee80211_node_table_init(struct ieee80211com *ic, 1775 struct ieee80211_node_table *nt, 1776 const char *name, int inact, int keyixmax) 1777{ 1778 struct ifnet *ifp = ic->ic_ifp; 1779 1780 nt->nt_ic = ic; 1781 IEEE80211_NODE_LOCK_INIT(nt, ifp->if_xname); 1782 IEEE80211_NODE_ITERATE_LOCK_INIT(nt, ifp->if_xname); 1783 TAILQ_INIT(&nt->nt_node); 1784 nt->nt_name = name; 1785 nt->nt_scangen = 1; 1786 nt->nt_inact_init = inact; 1787 nt->nt_keyixmax = keyixmax; 1788 if (nt->nt_keyixmax > 0) { 1789 nt->nt_keyixmap = (struct ieee80211_node **) malloc( 1790 keyixmax * sizeof(struct ieee80211_node *), 1791 M_80211_NODE, M_NOWAIT | M_ZERO); 1792 if (nt->nt_keyixmap == NULL) 1793 if_printf(ic->ic_ifp, 1794 "Cannot allocate key index map with %u entries\n", 1795 keyixmax); 1796 } else 1797 nt->nt_keyixmap = NULL; 1798} 1799 1800static void 1801ieee80211_node_table_reset(struct ieee80211_node_table *nt, 1802 struct ieee80211vap *match) 1803{ 1804 struct ieee80211_node *ni, *next; 1805 1806 IEEE80211_NODE_LOCK(nt); 1807 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { 1808 if (match != NULL && ni->ni_vap != match) 1809 continue; 1810 /* XXX can this happen? if so need's work */ 1811 if (ni->ni_associd != 0) { 1812 struct ieee80211vap *vap = ni->ni_vap; 1813 1814 if (vap->iv_auth->ia_node_leave != NULL) 1815 vap->iv_auth->ia_node_leave(ni); 1816 if (vap->iv_aid_bitmap != NULL) 1817 IEEE80211_AID_CLR(vap, ni->ni_associd); 1818 } 1819 ni->ni_wdsvap = NULL; /* clear reference */ 1820 node_reclaim(nt, ni); 1821 } 1822 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) { 1823 /* 1824 * Make a separate pass to clear references to this vap 1825 * held by DWDS entries. They will not be matched above 1826 * because ni_vap will point to the ap vap but we still 1827 * need to clear ni_wdsvap when the WDS vap is destroyed 1828 * and/or reset. 1829 */ 1830 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) 1831 if (ni->ni_wdsvap == match) 1832 ni->ni_wdsvap = NULL; 1833 } 1834 IEEE80211_NODE_UNLOCK(nt); 1835} 1836 1837static void 1838ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 1839{ 1840 ieee80211_node_table_reset(nt, NULL); 1841 if (nt->nt_keyixmap != NULL) { 1842#ifdef DIAGNOSTIC 1843 /* XXX verify all entries are NULL */ 1844 int i; 1845 for (i = 0; i < nt->nt_keyixmax; i++) 1846 if (nt->nt_keyixmap[i] != NULL) 1847 printf("%s: %s[%u] still active\n", __func__, 1848 nt->nt_name, i); 1849#endif 1850 free(nt->nt_keyixmap, M_80211_NODE); 1851 nt->nt_keyixmap = NULL; 1852 } 1853 IEEE80211_NODE_ITERATE_LOCK_DESTROY(nt); 1854 IEEE80211_NODE_LOCK_DESTROY(nt); 1855} 1856 1857/* 1858 * Timeout inactive stations and do related housekeeping. 1859 * Note that we cannot hold the node lock while sending a 1860 * frame as this would lead to a LOR. Instead we use a 1861 * generation number to mark nodes that we've scanned and 1862 * drop the lock and restart a scan if we have to time out 1863 * a node. Since we are single-threaded by virtue of 1864 * controlling the inactivity timer we can be sure this will 1865 * process each node only once. 1866 */ 1867static void 1868ieee80211_timeout_stations(struct ieee80211com *ic) 1869{ 1870 struct ieee80211_node_table *nt = &ic->ic_sta; 1871 struct ieee80211vap *vap; 1872 struct ieee80211_node *ni; 1873 int gen = 0; 1874 1875 IEEE80211_NODE_ITERATE_LOCK(nt); 1876 gen = ++nt->nt_scangen; 1877restart: 1878 IEEE80211_NODE_LOCK(nt); 1879 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1880 if (ni->ni_scangen == gen) /* previously handled */ 1881 continue; 1882 ni->ni_scangen = gen; 1883 /* 1884 * Ignore entries for which have yet to receive an 1885 * authentication frame. These are transient and 1886 * will be reclaimed when the last reference to them 1887 * goes away (when frame xmits complete). 1888 */ 1889 vap = ni->ni_vap; 1890 /* 1891 * Only process stations when in RUN state. This 1892 * insures, for example, that we don't timeout an 1893 * inactive station during CAC. Note that CSA state 1894 * is actually handled in ieee80211_node_timeout as 1895 * it applies to more than timeout processing. 1896 */ 1897 if (vap->iv_state != IEEE80211_S_RUN) 1898 continue; 1899 /* XXX can vap be NULL? */ 1900 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 1901 vap->iv_opmode == IEEE80211_M_STA) && 1902 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1903 continue; 1904 /* 1905 * Free fragment if not needed anymore 1906 * (last fragment older than 1s). 1907 * XXX doesn't belong here, move to node_age 1908 */ 1909 if (ni->ni_rxfrag[0] != NULL && 1910 ticks > ni->ni_rxfragstamp + hz) { 1911 m_freem(ni->ni_rxfrag[0]); 1912 ni->ni_rxfrag[0] = NULL; 1913 } 1914 if (ni->ni_inact > 0) { 1915 ni->ni_inact--; 1916 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 1917 "%s: inact %u inact_reload %u nrates %u", 1918 __func__, ni->ni_inact, ni->ni_inact_reload, 1919 ni->ni_rates.rs_nrates); 1920 } 1921 /* 1922 * Special case ourself; we may be idle for extended periods 1923 * of time and regardless reclaiming our state is wrong. 1924 * XXX run ic_node_age 1925 */ 1926 if (ni == vap->iv_bss) 1927 continue; 1928 if (ni->ni_associd != 0 || 1929 (vap->iv_opmode == IEEE80211_M_IBSS || 1930 vap->iv_opmode == IEEE80211_M_AHDEMO)) { 1931 /* 1932 * Age/drain resources held by the station. 1933 */ 1934 ic->ic_node_age(ni); 1935 /* 1936 * Probe the station before time it out. We 1937 * send a null data frame which may not be 1938 * universally supported by drivers (need it 1939 * for ps-poll support so it should be...). 1940 * 1941 * XXX don't probe the station unless we've 1942 * received a frame from them (and have 1943 * some idea of the rates they are capable 1944 * of); this will get fixed more properly 1945 * soon with better handling of the rate set. 1946 */ 1947 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 1948 (0 < ni->ni_inact && 1949 ni->ni_inact <= vap->iv_inact_probe) && 1950 ni->ni_rates.rs_nrates != 0) { 1951 IEEE80211_NOTE(vap, 1952 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, 1953 ni, "%s", 1954 "probe station due to inactivity"); 1955 /* 1956 * Grab a reference before unlocking the table 1957 * so the node cannot be reclaimed before we 1958 * send the frame. ieee80211_send_nulldata 1959 * understands we've done this and reclaims the 1960 * ref for us as needed. 1961 */ 1962 ieee80211_ref_node(ni); 1963 IEEE80211_NODE_UNLOCK(nt); 1964 ieee80211_send_nulldata(ni); 1965 /* XXX stat? */ 1966 goto restart; 1967 } 1968 } 1969 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 1970 ni->ni_inact <= 0) { 1971 IEEE80211_NOTE(vap, 1972 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni, 1973 "station timed out due to inactivity " 1974 "(refcnt %u)", ieee80211_node_refcnt(ni)); 1975 /* 1976 * Send a deauthenticate frame and drop the station. 1977 * This is somewhat complicated due to reference counts 1978 * and locking. At this point a station will typically 1979 * have a reference count of 1. ieee80211_node_leave 1980 * will do a "free" of the node which will drop the 1981 * reference count. But in the meantime a reference 1982 * wil be held by the deauth frame. The actual reclaim 1983 * of the node will happen either after the tx is 1984 * completed or by ieee80211_node_leave. 1985 * 1986 * Separately we must drop the node lock before sending 1987 * in case the driver takes a lock, as this can result 1988 * in a LOR between the node lock and the driver lock. 1989 */ 1990 ieee80211_ref_node(ni); 1991 IEEE80211_NODE_UNLOCK(nt); 1992 if (ni->ni_associd != 0) { 1993 IEEE80211_SEND_MGMT(ni, 1994 IEEE80211_FC0_SUBTYPE_DEAUTH, 1995 IEEE80211_REASON_AUTH_EXPIRE); 1996 } 1997 ieee80211_node_leave(ni); 1998 ieee80211_free_node(ni); 1999 vap->iv_stats.is_node_timeout++; 2000 goto restart; 2001 } 2002 } 2003 IEEE80211_NODE_UNLOCK(nt); 2004 2005 IEEE80211_NODE_ITERATE_UNLOCK(nt); 2006} 2007 2008/* 2009 * Aggressively reclaim resources. This should be used 2010 * only in a critical situation to reclaim mbuf resources. 2011 */ 2012void 2013ieee80211_drain(struct ieee80211com *ic) 2014{ 2015 struct ieee80211_node_table *nt = &ic->ic_sta; 2016 struct ieee80211vap *vap; 2017 struct ieee80211_node *ni; 2018 2019 IEEE80211_NODE_LOCK(nt); 2020 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2021 /* 2022 * Ignore entries for which have yet to receive an 2023 * authentication frame. These are transient and 2024 * will be reclaimed when the last reference to them 2025 * goes away (when frame xmits complete). 2026 */ 2027 vap = ni->ni_vap; 2028 /* 2029 * Only process stations when in RUN state. This 2030 * insures, for example, that we don't timeout an 2031 * inactive station during CAC. Note that CSA state 2032 * is actually handled in ieee80211_node_timeout as 2033 * it applies to more than timeout processing. 2034 */ 2035 if (vap->iv_state != IEEE80211_S_RUN) 2036 continue; 2037 /* XXX can vap be NULL? */ 2038 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 2039 vap->iv_opmode == IEEE80211_M_STA) && 2040 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 2041 continue; 2042 /* 2043 * Free fragments. 2044 * XXX doesn't belong here, move to node_drain 2045 */ 2046 if (ni->ni_rxfrag[0] != NULL) { 2047 m_freem(ni->ni_rxfrag[0]); 2048 ni->ni_rxfrag[0] = NULL; 2049 } 2050 /* 2051 * Drain resources held by the station. 2052 */ 2053 ic->ic_node_drain(ni); 2054 } 2055 IEEE80211_NODE_UNLOCK(nt); 2056} 2057 2058/* 2059 * Per-ieee80211com inactivity timer callback. 2060 */ 2061void 2062ieee80211_node_timeout(void *arg) 2063{ 2064 struct ieee80211com *ic = arg; 2065 2066 /* 2067 * Defer timeout processing if a channel switch is pending. 2068 * We typically need to be mute so not doing things that 2069 * might generate frames is good to handle in one place. 2070 * Supressing the station timeout processing may extend the 2071 * lifetime of inactive stations (by not decrementing their 2072 * idle counters) but this should be ok unless the CSA is 2073 * active for an unusually long time. 2074 */ 2075 if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) { 2076 ieee80211_scan_timeout(ic); 2077 ieee80211_timeout_stations(ic); 2078 2079 IEEE80211_LOCK(ic); 2080 ieee80211_erp_timeout(ic); 2081 ieee80211_ht_timeout(ic); 2082 IEEE80211_UNLOCK(ic); 2083 } 2084 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 2085 ieee80211_node_timeout, ic); 2086} 2087 2088void 2089ieee80211_iterate_nodes(struct ieee80211_node_table *nt, 2090 ieee80211_iter_func *f, void *arg) 2091{ 2092 struct ieee80211_node *ni; 2093 u_int gen; 2094 2095 IEEE80211_NODE_ITERATE_LOCK(nt); 2096 gen = ++nt->nt_scangen; 2097restart: 2098 IEEE80211_NODE_LOCK(nt); 2099 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2100 if (ni->ni_scangen != gen) { 2101 ni->ni_scangen = gen; 2102 (void) ieee80211_ref_node(ni); 2103 IEEE80211_NODE_UNLOCK(nt); 2104 (*f)(arg, ni); 2105 ieee80211_free_node(ni); 2106 goto restart; 2107 } 2108 } 2109 IEEE80211_NODE_UNLOCK(nt); 2110 2111 IEEE80211_NODE_ITERATE_UNLOCK(nt); 2112} 2113 2114void 2115ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 2116{ 2117 printf("0x%p: mac %s refcnt %d\n", ni, 2118 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2119 printf("\tscangen %u authmode %u flags 0x%x\n", 2120 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 2121 printf("\tassocid 0x%x txpower %u vlan %u\n", 2122 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2123 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2124 ni->ni_txseqs[IEEE80211_NONQOS_TID], 2125 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT, 2126 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK, 2127 ni->ni_rxfragstamp); 2128 printf("\trstamp %u rssi %d noise %d intval %u capinfo 0x%x\n", 2129 ni->ni_rstamp, node_getrssi(ni), ni->ni_noise, 2130 ni->ni_intval, ni->ni_capinfo); 2131 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 2132 ether_sprintf(ni->ni_bssid), 2133 ni->ni_esslen, ni->ni_essid, 2134 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2135 printf("\tinact %u inact_reload %u txrate %u\n", 2136 ni->ni_inact, ni->ni_inact_reload, ni->ni_txrate); 2137 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n", 2138 ni->ni_htcap, ni->ni_htparam, 2139 ni->ni_htctlchan, ni->ni_ht2ndchan); 2140 printf("\thtopmode %x htstbc %x chw %u\n", 2141 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw); 2142} 2143 2144void 2145ieee80211_dump_nodes(struct ieee80211_node_table *nt) 2146{ 2147 ieee80211_iterate_nodes(nt, 2148 (ieee80211_iter_func *) ieee80211_dump_node, nt); 2149} 2150 2151static void 2152ieee80211_notify_erp_locked(struct ieee80211com *ic) 2153{ 2154 struct ieee80211vap *vap; 2155 2156 IEEE80211_LOCK_ASSERT(ic); 2157 2158 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) 2159 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2160 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP); 2161} 2162 2163void 2164ieee80211_notify_erp(struct ieee80211com *ic) 2165{ 2166 IEEE80211_LOCK(ic); 2167 ieee80211_notify_erp_locked(ic); 2168 IEEE80211_UNLOCK(ic); 2169} 2170 2171/* 2172 * Handle a station joining an 11g network. 2173 */ 2174static void 2175ieee80211_node_join_11g(struct ieee80211_node *ni) 2176{ 2177 struct ieee80211com *ic = ni->ni_ic; 2178 2179 IEEE80211_LOCK_ASSERT(ic); 2180 2181 /* 2182 * Station isn't capable of short slot time. Bump 2183 * the count of long slot time stations and disable 2184 * use of short slot time. Note that the actual switch 2185 * over to long slot time use may not occur until the 2186 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2187 */ 2188 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2189 ic->ic_longslotsta++; 2190 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2191 "station needs long slot time, count %d", 2192 ic->ic_longslotsta); 2193 /* XXX vap's w/ conflicting needs won't work */ 2194 if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) { 2195 /* 2196 * Don't force slot time when switched to turbo 2197 * mode as non-ERP stations won't be present; this 2198 * need only be done when on the normal G channel. 2199 */ 2200 ieee80211_set_shortslottime(ic, 0); 2201 } 2202 } 2203 /* 2204 * If the new station is not an ERP station 2205 * then bump the counter and enable protection 2206 * if configured. 2207 */ 2208 if (!ieee80211_iserp_rateset(&ni->ni_rates)) { 2209 ic->ic_nonerpsta++; 2210 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2211 "station is !ERP, %d non-ERP stations associated", 2212 ic->ic_nonerpsta); 2213 /* 2214 * If station does not support short preamble 2215 * then we must enable use of Barker preamble. 2216 */ 2217 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2218 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2219 "%s", "station needs long preamble"); 2220 ic->ic_flags |= IEEE80211_F_USEBARKER; 2221 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2222 } 2223 /* 2224 * If protection is configured and this is the first 2225 * indication we should use protection, enable it. 2226 */ 2227 if (ic->ic_protmode != IEEE80211_PROT_NONE && 2228 ic->ic_nonerpsta == 1 && 2229 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2230 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2231 "%s: enable use of protection\n", __func__); 2232 ic->ic_flags |= IEEE80211_F_USEPROT; 2233 ieee80211_notify_erp_locked(ic); 2234 } 2235 } else 2236 ni->ni_flags |= IEEE80211_NODE_ERP; 2237} 2238 2239void 2240ieee80211_node_join(struct ieee80211_node *ni, int resp) 2241{ 2242 struct ieee80211com *ic = ni->ni_ic; 2243 struct ieee80211vap *vap = ni->ni_vap; 2244 int newassoc; 2245 2246 if (ni->ni_associd == 0) { 2247 uint16_t aid; 2248 2249 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap")); 2250 /* 2251 * It would be good to search the bitmap 2252 * more efficiently, but this will do for now. 2253 */ 2254 for (aid = 1; aid < vap->iv_max_aid; aid++) { 2255 if (!IEEE80211_AID_ISSET(vap, aid)) 2256 break; 2257 } 2258 if (aid >= vap->iv_max_aid) { 2259 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY); 2260 ieee80211_node_leave(ni); 2261 return; 2262 } 2263 ni->ni_associd = aid | 0xc000; 2264 ni->ni_jointime = time_uptime; 2265 IEEE80211_LOCK(ic); 2266 IEEE80211_AID_SET(vap, ni->ni_associd); 2267 vap->iv_sta_assoc++; 2268 ic->ic_sta_assoc++; 2269 2270 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2271 ieee80211_ht_node_join(ni); 2272 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2273 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2274 ieee80211_node_join_11g(ni); 2275 IEEE80211_UNLOCK(ic); 2276 2277 newassoc = 1; 2278 } else 2279 newassoc = 0; 2280 2281 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2282 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s%s%s", 2283 IEEE80211_NODE_AID(ni), 2284 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2285 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2286 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2287 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "", 2288 ni->ni_flags & IEEE80211_NODE_HT ? 2289 (ni->ni_chw == 40 ? ", HT40" : ", HT20") : "", 2290 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "", 2291 ni->ni_flags & IEEE80211_NODE_MIMO_RTS ? " (+SMPS-DYN)" : 2292 ni->ni_flags & IEEE80211_NODE_MIMO_PS ? " (+SMPS)" : "", 2293 ni->ni_flags & IEEE80211_NODE_RIFS ? " (+RIFS)" : "", 2294 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ? 2295 ", fast-frames" : "", 2296 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ? 2297 ", turbo" : "" 2298 ); 2299 2300 node_setuptxparms(ni); 2301 /* give driver a chance to setup state like ni_txrate */ 2302 if (ic->ic_newassoc != NULL) 2303 ic->ic_newassoc(ni, newassoc); 2304 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS); 2305 /* tell the authenticator about new station */ 2306 if (vap->iv_auth->ia_node_join != NULL) 2307 vap->iv_auth->ia_node_join(ni); 2308 ieee80211_notify_node_join(ni, 2309 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 2310} 2311 2312static void 2313disable_protection(struct ieee80211com *ic) 2314{ 2315 KASSERT(ic->ic_nonerpsta == 0 && 2316 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0, 2317 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta, 2318 ic->ic_flags_ext)); 2319 2320 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2321 /* XXX verify mode? */ 2322 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2323 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 2324 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2325 } 2326 ieee80211_notify_erp_locked(ic); 2327} 2328 2329/* 2330 * Handle a station leaving an 11g network. 2331 */ 2332static void 2333ieee80211_node_leave_11g(struct ieee80211_node *ni) 2334{ 2335 struct ieee80211com *ic = ni->ni_ic; 2336 2337 IEEE80211_LOCK_ASSERT(ic); 2338 2339 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan), 2340 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq, 2341 ic->ic_bsschan->ic_flags)); 2342 2343 /* 2344 * If a long slot station do the slot time bookkeeping. 2345 */ 2346 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2347 KASSERT(ic->ic_longslotsta > 0, 2348 ("bogus long slot station count %d", ic->ic_longslotsta)); 2349 ic->ic_longslotsta--; 2350 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2351 "long slot time station leaves, count now %d", 2352 ic->ic_longslotsta); 2353 if (ic->ic_longslotsta == 0) { 2354 /* 2355 * Re-enable use of short slot time if supported 2356 * and not operating in IBSS mode (per spec). 2357 */ 2358 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2359 ic->ic_opmode != IEEE80211_M_IBSS) { 2360 IEEE80211_DPRINTF(ni->ni_vap, 2361 IEEE80211_MSG_ASSOC, 2362 "%s: re-enable use of short slot time\n", 2363 __func__); 2364 ieee80211_set_shortslottime(ic, 1); 2365 } 2366 } 2367 } 2368 /* 2369 * If a non-ERP station do the protection-related bookkeeping. 2370 */ 2371 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2372 KASSERT(ic->ic_nonerpsta > 0, 2373 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2374 ic->ic_nonerpsta--; 2375 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2376 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta, 2377 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ? 2378 " (non-ERP sta present)" : ""); 2379 if (ic->ic_nonerpsta == 0 && 2380 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2381 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2382 "%s: disable use of protection\n", __func__); 2383 disable_protection(ic); 2384 } 2385 } 2386} 2387 2388/* 2389 * Time out presence of an overlapping bss with non-ERP 2390 * stations. When operating in hostap mode we listen for 2391 * beacons from other stations and if we identify a non-ERP 2392 * station is present we enable protection. To identify 2393 * when all non-ERP stations are gone we time out this 2394 * condition. 2395 */ 2396static void 2397ieee80211_erp_timeout(struct ieee80211com *ic) 2398{ 2399 2400 IEEE80211_LOCK_ASSERT(ic); 2401 2402 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) && 2403 time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) { 2404#if 0 2405 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2406 "%s", "age out non-ERP sta present on channel"); 2407#endif 2408 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR; 2409 if (ic->ic_nonerpsta == 0) 2410 disable_protection(ic); 2411 } 2412} 2413 2414/* 2415 * Handle bookkeeping for station deauthentication/disassociation 2416 * when operating as an ap. 2417 */ 2418void 2419ieee80211_node_leave(struct ieee80211_node *ni) 2420{ 2421 struct ieee80211com *ic = ni->ni_ic; 2422 struct ieee80211vap *vap = ni->ni_vap; 2423 struct ieee80211_node_table *nt = ni->ni_table; 2424 2425 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2426 "station with aid %d leaves", IEEE80211_NODE_AID(ni)); 2427 2428 KASSERT(vap->iv_opmode != IEEE80211_M_STA, 2429 ("unexpected operating mode %u", vap->iv_opmode)); 2430 /* 2431 * If node wasn't previously associated all 2432 * we need to do is reclaim the reference. 2433 */ 2434 /* XXX ibss mode bypasses 11g and notification */ 2435 if (ni->ni_associd == 0) 2436 goto done; 2437 /* 2438 * Tell the authenticator the station is leaving. 2439 * Note that we must do this before yanking the 2440 * association id as the authenticator uses the 2441 * associd to locate it's state block. 2442 */ 2443 if (vap->iv_auth->ia_node_leave != NULL) 2444 vap->iv_auth->ia_node_leave(ni); 2445 2446 IEEE80211_LOCK(ic); 2447 IEEE80211_AID_CLR(vap, ni->ni_associd); 2448 ni->ni_associd = 0; 2449 vap->iv_sta_assoc--; 2450 ic->ic_sta_assoc--; 2451 2452 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2453 ieee80211_ht_node_leave(ni); 2454 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2455 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2456 ieee80211_node_leave_11g(ni); 2457 IEEE80211_UNLOCK(ic); 2458 /* 2459 * Cleanup station state. In particular clear various 2460 * state that might otherwise be reused if the node 2461 * is reused before the reference count goes to zero 2462 * (and memory is reclaimed). 2463 */ 2464 ieee80211_sta_leave(ni); 2465done: 2466 /* 2467 * Remove the node from any table it's recorded in and 2468 * drop the caller's reference. Removal from the table 2469 * is important to insure the node is not reprocessed 2470 * for inactivity. 2471 */ 2472 if (nt != NULL) { 2473 IEEE80211_NODE_LOCK(nt); 2474 node_reclaim(nt, ni); 2475 IEEE80211_NODE_UNLOCK(nt); 2476 } else 2477 ieee80211_free_node(ni); 2478} 2479 2480struct rssiinfo { 2481 struct ieee80211vap *vap; 2482 int rssi_samples; 2483 uint32_t rssi_total; 2484}; 2485 2486static void 2487get_hostap_rssi(void *arg, struct ieee80211_node *ni) 2488{ 2489 struct rssiinfo *info = arg; 2490 struct ieee80211vap *vap = ni->ni_vap; 2491 int8_t rssi; 2492 2493 if (info->vap != vap) 2494 return; 2495 /* only associated stations */ 2496 if (ni->ni_associd == 0) 2497 return; 2498 rssi = vap->iv_ic->ic_node_getrssi(ni); 2499 if (rssi != 0) { 2500 info->rssi_samples++; 2501 info->rssi_total += rssi; 2502 } 2503} 2504 2505static void 2506get_adhoc_rssi(void *arg, struct ieee80211_node *ni) 2507{ 2508 struct rssiinfo *info = arg; 2509 struct ieee80211vap *vap = ni->ni_vap; 2510 int8_t rssi; 2511 2512 if (info->vap != vap) 2513 return; 2514 /* only neighbors */ 2515 /* XXX check bssid */ 2516 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 2517 return; 2518 rssi = vap->iv_ic->ic_node_getrssi(ni); 2519 if (rssi != 0) { 2520 info->rssi_samples++; 2521 info->rssi_total += rssi; 2522 } 2523} 2524 2525int8_t 2526ieee80211_getrssi(struct ieee80211vap *vap) 2527{ 2528#define NZ(x) ((x) == 0 ? 1 : (x)) 2529 struct ieee80211com *ic = vap->iv_ic; 2530 struct rssiinfo info; 2531 2532 info.rssi_total = 0; 2533 info.rssi_samples = 0; 2534 info.vap = vap; 2535 switch (vap->iv_opmode) { 2536 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 2537 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 2538 ieee80211_iterate_nodes(&ic->ic_sta, get_adhoc_rssi, &info); 2539 break; 2540 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 2541 ieee80211_iterate_nodes(&ic->ic_sta, get_hostap_rssi, &info); 2542 break; 2543 case IEEE80211_M_MONITOR: /* XXX */ 2544 case IEEE80211_M_STA: /* use stats from associated ap */ 2545 default: 2546 if (vap->iv_bss != NULL) 2547 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss); 2548 info.rssi_samples = 1; 2549 break; 2550 } 2551 return info.rssi_total / NZ(info.rssi_samples); 2552#undef NZ 2553} 2554 2555void 2556ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise) 2557{ 2558 2559 if (vap->iv_bss == NULL) /* NB: shouldn't happen */ 2560 return; 2561 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise); 2562 /* for non-station mode return avg'd rssi accounting */ 2563 if (vap->iv_opmode != IEEE80211_M_STA) 2564 *rssi = ieee80211_getrssi(vap); 2565} 2566