ieee80211_node.c revision 195618
1/*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> 28__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_node.c 195618 2009-07-11 15:02:45Z rpaulo $"); 29 30#include "opt_wlan.h" 31 32#include <sys/param.h> 33#include <sys/systm.h> 34#include <sys/mbuf.h> 35#include <sys/malloc.h> 36#include <sys/kernel.h> 37 38#include <sys/socket.h> 39 40#include <net/if.h> 41#include <net/if_media.h> 42#include <net/ethernet.h> 43 44#include <net80211/ieee80211_var.h> 45#include <net80211/ieee80211_input.h> 46#ifdef IEEE80211_SUPPORT_SUPERG 47#include <net80211/ieee80211_superg.h> 48#endif 49#ifdef IEEE80211_SUPPORT_TDMA 50#include <net80211/ieee80211_tdma.h> 51#endif 52#include <net80211/ieee80211_wds.h> 53#include <net80211/ieee80211_mesh.h> 54 55#include <net/bpf.h> 56 57/* 58 * IEEE80211_NODE_HASHSIZE must be a power of 2. 59 */ 60CTASSERT((IEEE80211_NODE_HASHSIZE & (IEEE80211_NODE_HASHSIZE-1)) == 0); 61 62/* 63 * Association id's are managed with a bit vector. 64 */ 65#define IEEE80211_AID_SET(_vap, b) \ 66 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \ 67 (1 << (IEEE80211_AID(b) % 32))) 68#define IEEE80211_AID_CLR(_vap, b) \ 69 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \ 70 ~(1 << (IEEE80211_AID(b) % 32))) 71#define IEEE80211_AID_ISSET(_vap, b) \ 72 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 73 74#ifdef IEEE80211_DEBUG_REFCNT 75#define REFCNT_LOC "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line 76#else 77#define REFCNT_LOC "%s %p<%s> refcnt %d\n", __func__ 78#endif 79 80static int ieee80211_sta_join1(struct ieee80211_node *); 81 82static struct ieee80211_node *node_alloc(struct ieee80211vap *, 83 const uint8_t [IEEE80211_ADDR_LEN]); 84static void node_cleanup(struct ieee80211_node *); 85static void node_free(struct ieee80211_node *); 86static void node_age(struct ieee80211_node *); 87static int8_t node_getrssi(const struct ieee80211_node *); 88static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *); 89static void node_getmimoinfo(const struct ieee80211_node *, 90 struct ieee80211_mimo_info *); 91 92static void _ieee80211_free_node(struct ieee80211_node *); 93 94static void ieee80211_node_table_init(struct ieee80211com *ic, 95 struct ieee80211_node_table *nt, const char *name, 96 int inact, int keymaxix); 97static void ieee80211_node_table_reset(struct ieee80211_node_table *, 98 struct ieee80211vap *); 99static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 100static void ieee80211_erp_timeout(struct ieee80211com *); 101 102MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 103MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie"); 104 105void 106ieee80211_node_attach(struct ieee80211com *ic) 107{ 108 /* XXX really want maxlen enforced per-sta */ 109 ieee80211_ageq_init(&ic->ic_stageq, ic->ic_max_keyix * 8, 110 "802.11 staging q"); 111 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 112 IEEE80211_INACT_INIT, ic->ic_max_keyix); 113 callout_init(&ic->ic_inact, CALLOUT_MPSAFE); 114 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 115 ieee80211_node_timeout, ic); 116 117 ic->ic_node_alloc = node_alloc; 118 ic->ic_node_free = node_free; 119 ic->ic_node_cleanup = node_cleanup; 120 ic->ic_node_age = node_age; 121 ic->ic_node_drain = node_age; /* NB: same as age */ 122 ic->ic_node_getrssi = node_getrssi; 123 ic->ic_node_getsignal = node_getsignal; 124 ic->ic_node_getmimoinfo = node_getmimoinfo; 125 126 /* 127 * Set flags to be propagated to all vap's; 128 * these define default behaviour/configuration. 129 */ 130 ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */ 131} 132 133void 134ieee80211_node_detach(struct ieee80211com *ic) 135{ 136 137 callout_drain(&ic->ic_inact); 138 ieee80211_node_table_cleanup(&ic->ic_sta); 139 ieee80211_ageq_cleanup(&ic->ic_stageq); 140} 141 142void 143ieee80211_node_vattach(struct ieee80211vap *vap) 144{ 145 /* NB: driver can override */ 146 vap->iv_max_aid = IEEE80211_AID_DEF; 147 148 /* default station inactivity timer setings */ 149 vap->iv_inact_init = IEEE80211_INACT_INIT; 150 vap->iv_inact_auth = IEEE80211_INACT_AUTH; 151 vap->iv_inact_run = IEEE80211_INACT_RUN; 152 vap->iv_inact_probe = IEEE80211_INACT_PROBE; 153 154 IEEE80211_DPRINTF(vap, IEEE80211_MSG_INACT, 155 "%s: init %u auth %u run %u probe %u\n", __func__, 156 vap->iv_inact_init, vap->iv_inact_auth, 157 vap->iv_inact_run, vap->iv_inact_probe); 158} 159 160void 161ieee80211_node_latevattach(struct ieee80211vap *vap) 162{ 163 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 164 /* XXX should we allow max aid to be zero? */ 165 if (vap->iv_max_aid < IEEE80211_AID_MIN) { 166 vap->iv_max_aid = IEEE80211_AID_MIN; 167 if_printf(vap->iv_ifp, 168 "WARNING: max aid too small, changed to %d\n", 169 vap->iv_max_aid); 170 } 171 vap->iv_aid_bitmap = (uint32_t *) malloc( 172 howmany(vap->iv_max_aid, 32) * sizeof(uint32_t), 173 M_80211_NODE, M_NOWAIT | M_ZERO); 174 if (vap->iv_aid_bitmap == NULL) { 175 /* XXX no way to recover */ 176 printf("%s: no memory for AID bitmap, max aid %d!\n", 177 __func__, vap->iv_max_aid); 178 vap->iv_max_aid = 0; 179 } 180 } 181 182 ieee80211_reset_bss(vap); 183 184 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode); 185} 186 187void 188ieee80211_node_vdetach(struct ieee80211vap *vap) 189{ 190 struct ieee80211com *ic = vap->iv_ic; 191 192 ieee80211_node_table_reset(&ic->ic_sta, vap); 193 if (vap->iv_bss != NULL) { 194 ieee80211_free_node(vap->iv_bss); 195 vap->iv_bss = NULL; 196 } 197 if (vap->iv_aid_bitmap != NULL) { 198 free(vap->iv_aid_bitmap, M_80211_NODE); 199 vap->iv_aid_bitmap = NULL; 200 } 201} 202 203/* 204 * Port authorize/unauthorize interfaces for use by an authenticator. 205 */ 206 207void 208ieee80211_node_authorize(struct ieee80211_node *ni) 209{ 210 struct ieee80211vap *vap = ni->ni_vap; 211 212 ni->ni_flags |= IEEE80211_NODE_AUTH; 213 ni->ni_inact_reload = vap->iv_inact_run; 214 ni->ni_inact = ni->ni_inact_reload; 215 216 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 217 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 218} 219 220void 221ieee80211_node_unauthorize(struct ieee80211_node *ni) 222{ 223 struct ieee80211vap *vap = ni->ni_vap; 224 225 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 226 ni->ni_inact_reload = vap->iv_inact_auth; 227 if (ni->ni_inact > ni->ni_inact_reload) 228 ni->ni_inact = ni->ni_inact_reload; 229 230 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 231 "%s: inact_reload %u inact %u", __func__, 232 ni->ni_inact_reload, ni->ni_inact); 233} 234 235/* 236 * Fix tx parameters for a node according to ``association state''. 237 */ 238void 239ieee80211_node_setuptxparms(struct ieee80211_node *ni) 240{ 241 struct ieee80211vap *vap = ni->ni_vap; 242 enum ieee80211_phymode mode; 243 244 if (ni->ni_flags & IEEE80211_NODE_HT) { 245 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) 246 mode = IEEE80211_MODE_11NA; 247 else 248 mode = IEEE80211_MODE_11NG; 249 } else { /* legacy rate handling */ 250 if (IEEE80211_IS_CHAN_ST(ni->ni_chan)) 251 mode = IEEE80211_MODE_STURBO_A; 252 else if (IEEE80211_IS_CHAN_HALF(ni->ni_chan)) 253 mode = IEEE80211_MODE_HALF; 254 else if (IEEE80211_IS_CHAN_QUARTER(ni->ni_chan)) 255 mode = IEEE80211_MODE_QUARTER; 256 /* NB: 108A should be handled as 11a */ 257 else if (IEEE80211_IS_CHAN_A(ni->ni_chan)) 258 mode = IEEE80211_MODE_11A; 259 else if (IEEE80211_IS_CHAN_108G(ni->ni_chan) || 260 (ni->ni_flags & IEEE80211_NODE_ERP)) 261 mode = IEEE80211_MODE_11G; 262 else 263 mode = IEEE80211_MODE_11B; 264 } 265 ni->ni_txparms = &vap->iv_txparms[mode]; 266} 267 268/* 269 * Set/change the channel. The rate set is also updated as 270 * to insure a consistent view by drivers. 271 * XXX should be private but hostap needs it to deal with CSA 272 */ 273void 274ieee80211_node_set_chan(struct ieee80211_node *ni, 275 struct ieee80211_channel *chan) 276{ 277 struct ieee80211com *ic = ni->ni_ic; 278 struct ieee80211vap *vap = ni->ni_vap; 279 enum ieee80211_phymode mode; 280 281 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel")); 282 283 ni->ni_chan = chan; 284 mode = ieee80211_chan2mode(chan); 285 if (IEEE80211_IS_CHAN_HT(chan)) { 286 /* 287 * XXX Gotta be careful here; the rate set returned by 288 * ieee80211_get_suprates is actually any HT rate 289 * set so blindly copying it will be bad. We must 290 * install the legacy rate est in ni_rates and the 291 * HT rate set in ni_htrates. 292 */ 293 ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan); 294 /* 295 * Setup bss tx parameters based on operating mode. We 296 * use legacy rates when operating in a mixed HT+non-HT bss 297 * and non-ERP rates in 11g for mixed ERP+non-ERP bss. 298 */ 299 if (mode == IEEE80211_MODE_11NA && 300 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 301 mode = IEEE80211_MODE_11A; 302 else if (mode == IEEE80211_MODE_11NG && 303 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 304 mode = IEEE80211_MODE_11G; 305 if (mode == IEEE80211_MODE_11G && 306 (vap->iv_flags & IEEE80211_F_PUREG) == 0) 307 mode = IEEE80211_MODE_11B; 308 } 309 ni->ni_txparms = &vap->iv_txparms[mode]; 310 ni->ni_rates = *ieee80211_get_suprates(ic, chan); 311} 312 313static __inline void 314copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 315{ 316 /* propagate useful state */ 317 nbss->ni_authmode = obss->ni_authmode; 318 nbss->ni_txpower = obss->ni_txpower; 319 nbss->ni_vlan = obss->ni_vlan; 320 /* XXX statistics? */ 321 /* XXX legacy WDS bssid? */ 322} 323 324void 325ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan) 326{ 327 struct ieee80211com *ic = vap->iv_ic; 328 struct ieee80211_node *ni; 329 330 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 331 "%s: creating %s on channel %u\n", __func__, 332 ieee80211_opmode_name[vap->iv_opmode], 333 ieee80211_chan2ieee(ic, chan)); 334 335 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 336 if (ni == NULL) { 337 /* XXX recovery? */ 338 return; 339 } 340 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 341 ni->ni_esslen = vap->iv_des_ssid[0].len; 342 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 343 if (vap->iv_bss != NULL) 344 copy_bss(ni, vap->iv_bss); 345 ni->ni_intval = ic->ic_bintval; 346 if (vap->iv_flags & IEEE80211_F_PRIVACY) 347 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 348 if (ic->ic_phytype == IEEE80211_T_FH) { 349 ni->ni_fhdwell = 200; /* XXX */ 350 ni->ni_fhindex = 1; 351 } 352 if (vap->iv_opmode == IEEE80211_M_IBSS) { 353 vap->iv_flags |= IEEE80211_F_SIBSS; 354 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 355 if (vap->iv_flags & IEEE80211_F_DESBSSID) 356 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 357 else { 358 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN); 359 /* clear group bit, add local bit */ 360 ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02; 361 } 362 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 363 if (vap->iv_flags & IEEE80211_F_DESBSSID) 364 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 365 else 366#ifdef IEEE80211_SUPPORT_TDMA 367 if ((vap->iv_caps & IEEE80211_C_TDMA) == 0) 368#endif 369 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN); 370#ifdef IEEE80211_SUPPORT_MESH 371 } else if (vap->iv_opmode == IEEE80211_M_MBSS) { 372 ni->ni_meshidlen = vap->iv_mesh->ms_idlen; 373 memcpy(ni->ni_meshid, vap->iv_mesh->ms_id, ni->ni_meshidlen); 374#endif 375 } 376 /* 377 * Fix the channel and related attributes. 378 */ 379 /* clear DFS CAC state on previous channel */ 380 if (ic->ic_bsschan != IEEE80211_CHAN_ANYC && 381 ic->ic_bsschan->ic_freq != chan->ic_freq && 382 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan)) 383 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan); 384 ic->ic_bsschan = chan; 385 ieee80211_node_set_chan(ni, chan); 386 ic->ic_curmode = ieee80211_chan2mode(chan); 387 /* 388 * Do mode-specific setup. 389 */ 390 if (IEEE80211_IS_CHAN_FULL(chan)) { 391 if (IEEE80211_IS_CHAN_ANYG(chan)) { 392 /* 393 * Use a mixed 11b/11g basic rate set. 394 */ 395 ieee80211_setbasicrates(&ni->ni_rates, 396 IEEE80211_MODE_11G); 397 if (vap->iv_flags & IEEE80211_F_PUREG) { 398 /* 399 * Also mark OFDM rates basic so 11b 400 * stations do not join (WiFi compliance). 401 */ 402 ieee80211_addbasicrates(&ni->ni_rates, 403 IEEE80211_MODE_11A); 404 } 405 } else if (IEEE80211_IS_CHAN_B(chan)) { 406 /* 407 * Force pure 11b rate set. 408 */ 409 ieee80211_setbasicrates(&ni->ni_rates, 410 IEEE80211_MODE_11B); 411 } 412 } 413 414 (void) ieee80211_sta_join1(ieee80211_ref_node(ni)); 415} 416 417/* 418 * Reset bss state on transition to the INIT state. 419 * Clear any stations from the table (they have been 420 * deauth'd) and reset the bss node (clears key, rate 421 * etc. state). 422 */ 423void 424ieee80211_reset_bss(struct ieee80211vap *vap) 425{ 426 struct ieee80211com *ic = vap->iv_ic; 427 struct ieee80211_node *ni, *obss; 428 429 ieee80211_node_table_reset(&ic->ic_sta, vap); 430 /* XXX multi-bss: wrong */ 431 ieee80211_reset_erp(ic); 432 433 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 434 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 435 obss = vap->iv_bss; 436 vap->iv_bss = ieee80211_ref_node(ni); 437 if (obss != NULL) { 438 copy_bss(ni, obss); 439 ni->ni_intval = ic->ic_bintval; 440 ieee80211_free_node(obss); 441 } else 442 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 443} 444 445static int 446match_ssid(const struct ieee80211_node *ni, 447 int nssid, const struct ieee80211_scan_ssid ssids[]) 448{ 449 int i; 450 451 for (i = 0; i < nssid; i++) { 452 if (ni->ni_esslen == ssids[i].len && 453 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0) 454 return 1; 455 } 456 return 0; 457} 458 459/* 460 * Test a node for suitability/compatibility. 461 */ 462static int 463check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni) 464{ 465 struct ieee80211com *ic = ni->ni_ic; 466 uint8_t rate; 467 468 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 469 return 0; 470 if (vap->iv_opmode == IEEE80211_M_IBSS) { 471 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 472 return 0; 473 } else { 474 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 475 return 0; 476 } 477 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 478 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 479 return 0; 480 } else { 481 /* XXX does this mean privacy is supported or required? */ 482 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 483 return 0; 484 } 485 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 486 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 487 if (rate & IEEE80211_RATE_BASIC) 488 return 0; 489 if (vap->iv_des_nssid != 0 && 490 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 491 return 0; 492 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 493 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 494 return 0; 495 return 1; 496} 497 498#ifdef IEEE80211_DEBUG 499/* 500 * Display node suitability/compatibility. 501 */ 502static void 503check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni) 504{ 505 struct ieee80211com *ic = ni->ni_ic; 506 uint8_t rate; 507 int fail; 508 509 fail = 0; 510 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 511 fail |= 0x01; 512 if (vap->iv_opmode == IEEE80211_M_IBSS) { 513 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 514 fail |= 0x02; 515 } else { 516 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 517 fail |= 0x02; 518 } 519 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 520 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 521 fail |= 0x04; 522 } else { 523 /* XXX does this mean privacy is supported or required? */ 524 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 525 fail |= 0x04; 526 } 527 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 528 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 529 if (rate & IEEE80211_RATE_BASIC) 530 fail |= 0x08; 531 if (vap->iv_des_nssid != 0 && 532 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 533 fail |= 0x10; 534 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 535 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 536 fail |= 0x20; 537 538 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr)); 539 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' '); 540 printf(" %3d%c", 541 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' '); 542 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 543 fail & 0x08 ? '!' : ' '); 544 printf(" %4s%c", 545 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 546 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 547 "????", 548 fail & 0x02 ? '!' : ' '); 549 printf(" %3s%c ", 550 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no", 551 fail & 0x04 ? '!' : ' '); 552 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 553 printf("%s\n", fail & 0x10 ? "!" : ""); 554} 555#endif /* IEEE80211_DEBUG */ 556 557/* 558 * Handle 802.11 ad hoc network merge. The 559 * convention, set by the Wireless Ethernet Compatibility Alliance 560 * (WECA), is that an 802.11 station will change its BSSID to match 561 * the "oldest" 802.11 ad hoc network, on the same channel, that 562 * has the station's desired SSID. The "oldest" 802.11 network 563 * sends beacons with the greatest TSF timestamp. 564 * 565 * The caller is assumed to validate TSF's before attempting a merge. 566 * 567 * Return !0 if the BSSID changed, 0 otherwise. 568 */ 569int 570ieee80211_ibss_merge(struct ieee80211_node *ni) 571{ 572 struct ieee80211vap *vap = ni->ni_vap; 573#ifdef IEEE80211_DEBUG 574 struct ieee80211com *ic = ni->ni_ic; 575#endif 576 577 if (ni == vap->iv_bss || 578 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) { 579 /* unchanged, nothing to do */ 580 return 0; 581 } 582 if (!check_bss(vap, ni)) { 583 /* capabilities mismatch */ 584 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 585 "%s: merge failed, capabilities mismatch\n", __func__); 586#ifdef IEEE80211_DEBUG 587 if (ieee80211_msg_assoc(vap)) 588 check_bss_debug(vap, ni); 589#endif 590 vap->iv_stats.is_ibss_capmismatch++; 591 return 0; 592 } 593 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 594 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 595 ether_sprintf(ni->ni_bssid), 596 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 597 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 598 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 599 ); 600 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 601} 602 603/* 604 * Calculate HT channel promotion flags for all vaps. 605 * This assumes ni_chan have been setup for each vap. 606 */ 607static int 608gethtadjustflags(struct ieee80211com *ic) 609{ 610 struct ieee80211vap *vap; 611 int flags; 612 613 flags = 0; 614 /* XXX locking */ 615 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 616 if (vap->iv_state < IEEE80211_S_RUN) 617 continue; 618 switch (vap->iv_opmode) { 619 case IEEE80211_M_WDS: 620 case IEEE80211_M_STA: 621 case IEEE80211_M_AHDEMO: 622 case IEEE80211_M_HOSTAP: 623 case IEEE80211_M_IBSS: 624 case IEEE80211_M_MBSS: 625 flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan); 626 break; 627 default: 628 break; 629 } 630 } 631 return flags; 632} 633 634/* 635 * Check if the current channel needs to change based on whether 636 * any vap's are using HT20/HT40. This is used to sync the state 637 * of ic_curchan after a channel width change on a running vap. 638 */ 639void 640ieee80211_sync_curchan(struct ieee80211com *ic) 641{ 642 struct ieee80211_channel *c; 643 644 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic)); 645 if (c != ic->ic_curchan) { 646 ic->ic_curchan = c; 647 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 648 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 649 IEEE80211_UNLOCK(ic); 650 ic->ic_set_channel(ic); 651 ieee80211_radiotap_chan_change(ic); 652 IEEE80211_LOCK(ic); 653 } 654} 655 656/* 657 * Setup the current channel. The request channel may be 658 * promoted if other vap's are operating with HT20/HT40. 659 */ 660void 661ieee80211_setupcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 662{ 663 if (ic->ic_htcaps & IEEE80211_HTC_HT) { 664 int flags = gethtadjustflags(ic); 665 /* 666 * Check for channel promotion required to support the 667 * set of running vap's. This assumes we are called 668 * after ni_chan is setup for each vap. 669 */ 670 /* NB: this assumes IEEE80211_FHT_USEHT40 > IEEE80211_FHT_HT */ 671 if (flags > ieee80211_htchanflags(c)) 672 c = ieee80211_ht_adjust_channel(ic, c, flags); 673 } 674 ic->ic_bsschan = ic->ic_curchan = c; 675 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 676 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 677} 678 679/* 680 * Change the current channel. The channel change is guaranteed to have 681 * happened before the next state change. 682 */ 683void 684ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 685{ 686 ieee80211_setupcurchan(ic, c); 687 ieee80211_runtask(ic, &ic->ic_chan_task); 688} 689 690/* 691 * Join the specified IBSS/BSS network. The node is assumed to 692 * be passed in with a held reference. 693 */ 694static int 695ieee80211_sta_join1(struct ieee80211_node *selbs) 696{ 697 struct ieee80211vap *vap = selbs->ni_vap; 698 struct ieee80211com *ic = selbs->ni_ic; 699 struct ieee80211_node *obss; 700 int canreassoc; 701 702 /* 703 * Committed to selbs, setup state. 704 */ 705 obss = vap->iv_bss; 706 /* 707 * Check if old+new node have the same address in which 708 * case we can reassociate when operating in sta mode. 709 */ 710 canreassoc = (obss != NULL && 711 vap->iv_state == IEEE80211_S_RUN && 712 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr)); 713 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt */ 714 if (obss != NULL) { 715 copy_bss(selbs, obss); 716 ieee80211_node_decref(obss); /* iv_bss reference */ 717 ieee80211_free_node(obss); /* station table reference */ 718 obss = NULL; /* NB: guard against later use */ 719 } 720 721 /* 722 * Delete unusable rates; we've already checked 723 * that the negotiated rate set is acceptable. 724 */ 725 ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates, 726 IEEE80211_F_DODEL | IEEE80211_F_JOIN); 727 728 ieee80211_setcurchan(ic, selbs->ni_chan); 729 /* 730 * Set the erp state (mostly the slot time) to deal with 731 * the auto-select case; this should be redundant if the 732 * mode is locked. 733 */ 734 ieee80211_reset_erp(ic); 735 ieee80211_wme_initparams(vap); 736 737 if (vap->iv_opmode == IEEE80211_M_STA) { 738 if (canreassoc) { 739 /* Reassociate */ 740 ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1); 741 } else { 742 /* 743 * Act as if we received a DEAUTH frame in case we 744 * are invoked from the RUN state. This will cause 745 * us to try to re-authenticate if we are operating 746 * as a station. 747 */ 748 ieee80211_new_state(vap, IEEE80211_S_AUTH, 749 IEEE80211_FC0_SUBTYPE_DEAUTH); 750 } 751 } else 752 ieee80211_new_state(vap, IEEE80211_S_RUN, -1); 753 return 1; 754} 755 756int 757ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan, 758 const struct ieee80211_scan_entry *se) 759{ 760 struct ieee80211com *ic = vap->iv_ic; 761 struct ieee80211_node *ni; 762 763 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr); 764 if (ni == NULL) { 765 /* XXX msg */ 766 return 0; 767 } 768 /* 769 * Expand scan state into node's format. 770 * XXX may not need all this stuff 771 */ 772 IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid); 773 ni->ni_esslen = se->se_ssid[1]; 774 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen); 775 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 776 ni->ni_intval = se->se_intval; 777 ni->ni_capinfo = se->se_capinfo; 778 ni->ni_chan = chan; 779 ni->ni_timoff = se->se_timoff; 780 ni->ni_fhdwell = se->se_fhdwell; 781 ni->ni_fhindex = se->se_fhindex; 782 ni->ni_erp = se->se_erp; 783 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi); 784 ni->ni_noise = se->se_noise; 785 if (vap->iv_opmode == IEEE80211_M_STA) { 786 /* NB: only infrastructure mode requires an associd */ 787 ni->ni_flags |= IEEE80211_NODE_ASSOCID; 788 } 789 790 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) { 791 ieee80211_ies_expand(&ni->ni_ies); 792#ifdef IEEE80211_SUPPORT_SUPERG 793 if (ni->ni_ies.ath_ie != NULL) 794 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 795#endif 796 if (ni->ni_ies.htcap_ie != NULL) 797 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 798 if (ni->ni_ies.htinfo_ie != NULL) 799 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 800#ifdef IEEE80211_SUPPORT_MESH 801 if (ni->ni_ies.meshid_ie != NULL) 802 ieee80211_parse_meshid(ni, ni->ni_ies.meshid_ie); 803#endif 804#ifdef IEEE80211_SUPPORT_TDMA 805 if (ni->ni_ies.tdma_ie != NULL) 806 ieee80211_parse_tdma(ni, ni->ni_ies.tdma_ie); 807#endif 808 } 809 810 vap->iv_dtim_period = se->se_dtimperiod; 811 vap->iv_dtim_count = 0; 812 813 /* NB: must be after ni_chan is setup */ 814 ieee80211_setup_rates(ni, se->se_rates, se->se_xrates, 815 IEEE80211_F_DOSORT); 816 if (ieee80211_iserp_rateset(&ni->ni_rates)) 817 ni->ni_flags |= IEEE80211_NODE_ERP; 818 ieee80211_node_setuptxparms(ni); 819 820 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 821} 822 823/* 824 * Leave the specified IBSS/BSS network. The node is assumed to 825 * be passed in with a held reference. 826 */ 827void 828ieee80211_sta_leave(struct ieee80211_node *ni) 829{ 830 struct ieee80211com *ic = ni->ni_ic; 831 832 ic->ic_node_cleanup(ni); 833 ieee80211_notify_node_leave(ni); 834} 835 836/* 837 * Send a deauthenticate frame and drop the station. 838 */ 839void 840ieee80211_node_deauth(struct ieee80211_node *ni, int reason) 841{ 842 /* NB: bump the refcnt to be sure temporay nodes are not reclaimed */ 843 ieee80211_ref_node(ni); 844 if (ni->ni_associd != 0) 845 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 846 ieee80211_node_leave(ni); 847 ieee80211_free_node(ni); 848} 849 850static struct ieee80211_node * 851node_alloc(struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 852{ 853 struct ieee80211_node *ni; 854 855 ni = (struct ieee80211_node *) malloc(sizeof(struct ieee80211_node), 856 M_80211_NODE, M_NOWAIT | M_ZERO); 857 return ni; 858} 859 860/* 861 * Initialize an ie blob with the specified data. If previous 862 * data exists re-use the data block. As a side effect we clear 863 * all references to specific ie's; the caller is required to 864 * recalculate them. 865 */ 866int 867ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len) 868{ 869 /* NB: assumes data+len are the last fields */ 870 memset(ies, 0, offsetof(struct ieee80211_ies, data)); 871 if (ies->data != NULL && ies->len != len) { 872 /* data size changed */ 873 free(ies->data, M_80211_NODE_IE); 874 ies->data = NULL; 875 } 876 if (ies->data == NULL) { 877 ies->data = (uint8_t *) malloc(len, M_80211_NODE_IE, M_NOWAIT); 878 if (ies->data == NULL) { 879 ies->len = 0; 880 /* NB: pointers have already been zero'd above */ 881 return 0; 882 } 883 } 884 memcpy(ies->data, data, len); 885 ies->len = len; 886 return 1; 887} 888 889/* 890 * Reclaim storage for an ie blob. 891 */ 892void 893ieee80211_ies_cleanup(struct ieee80211_ies *ies) 894{ 895 if (ies->data != NULL) 896 free(ies->data, M_80211_NODE_IE); 897} 898 899/* 900 * Expand an ie blob data contents and to fillin individual 901 * ie pointers. The data blob is assumed to be well-formed; 902 * we don't do any validity checking of ie lengths. 903 */ 904void 905ieee80211_ies_expand(struct ieee80211_ies *ies) 906{ 907 uint8_t *ie; 908 int ielen; 909 910 ie = ies->data; 911 ielen = ies->len; 912 while (ielen > 0) { 913 switch (ie[0]) { 914 case IEEE80211_ELEMID_VENDOR: 915 if (iswpaoui(ie)) 916 ies->wpa_ie = ie; 917 else if (iswmeoui(ie)) 918 ies->wme_ie = ie; 919#ifdef IEEE80211_SUPPORT_SUPERG 920 else if (isatherosoui(ie)) 921 ies->ath_ie = ie; 922#endif 923#ifdef IEEE80211_SUPPORT_TDMA 924 else if (istdmaoui(ie)) 925 ies->tdma_ie = ie; 926#endif 927 break; 928 case IEEE80211_ELEMID_RSN: 929 ies->rsn_ie = ie; 930 break; 931 case IEEE80211_ELEMID_HTCAP: 932 ies->htcap_ie = ie; 933 break; 934#ifdef IEEE80211_SUPPORT_MESH 935 case IEEE80211_ELEMID_MESHID: 936 ies->meshid_ie = ie; 937 break; 938#endif 939 } 940 ielen -= 2 + ie[1]; 941 ie += 2 + ie[1]; 942 } 943} 944 945/* 946 * Reclaim any resources in a node and reset any critical 947 * state. Typically nodes are free'd immediately after, 948 * but in some cases the storage may be reused so we need 949 * to insure consistent state (should probably fix that). 950 */ 951static void 952node_cleanup(struct ieee80211_node *ni) 953{ 954#define N(a) (sizeof(a)/sizeof(a[0])) 955 struct ieee80211vap *vap = ni->ni_vap; 956 struct ieee80211com *ic = ni->ni_ic; 957 int i; 958 959 /* NB: preserve ni_table */ 960 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 961 if (vap->iv_opmode != IEEE80211_M_STA) 962 vap->iv_ps_sta--; 963 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 964 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni, 965 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta); 966 } 967 /* 968 * Cleanup any HT-related state. 969 */ 970 if (ni->ni_flags & IEEE80211_NODE_HT) 971 ieee80211_ht_node_cleanup(ni); 972#ifdef IEEE80211_SUPPORT_SUPERG 973 else if (ni->ni_ath_flags & IEEE80211_NODE_ATH) 974 ieee80211_ff_node_cleanup(ni); 975#endif 976#ifdef IEEE80211_SUPPORT_MESH 977 /* 978 * Cleanup any mesh-related state. 979 */ 980 if (vap->iv_opmode == IEEE80211_M_MBSS) 981 ieee80211_mesh_node_cleanup(ni); 982#endif 983 /* 984 * Clear any staging queue entries. 985 */ 986 ieee80211_ageq_drain_node(&ic->ic_stageq, ni); 987 988 /* 989 * Clear AREF flag that marks the authorization refcnt bump 990 * has happened. This is probably not needed as the node 991 * should always be removed from the table so not found but 992 * do it just in case. 993 * Likewise clear the ASSOCID flag as these flags are intended 994 * to be managed in tandem. 995 */ 996 ni->ni_flags &= ~(IEEE80211_NODE_AREF | IEEE80211_NODE_ASSOCID); 997 998 /* 999 * Drain power save queue and, if needed, clear TIM. 1000 */ 1001 if (ieee80211_node_psq_drain(ni) != 0 && vap->iv_set_tim != NULL) 1002 vap->iv_set_tim(ni, 0); 1003 1004 ni->ni_associd = 0; 1005 if (ni->ni_challenge != NULL) { 1006 free(ni->ni_challenge, M_80211_NODE); 1007 ni->ni_challenge = NULL; 1008 } 1009 /* 1010 * Preserve SSID, WPA, and WME ie's so the bss node is 1011 * reusable during a re-auth/re-assoc state transition. 1012 * If we remove these data they will not be recreated 1013 * because they come from a probe-response or beacon frame 1014 * which cannot be expected prior to the association-response. 1015 * This should not be an issue when operating in other modes 1016 * as stations leaving always go through a full state transition 1017 * which will rebuild this state. 1018 * 1019 * XXX does this leave us open to inheriting old state? 1020 */ 1021 for (i = 0; i < N(ni->ni_rxfrag); i++) 1022 if (ni->ni_rxfrag[i] != NULL) { 1023 m_freem(ni->ni_rxfrag[i]); 1024 ni->ni_rxfrag[i] = NULL; 1025 } 1026 /* 1027 * Must be careful here to remove any key map entry w/o a LOR. 1028 */ 1029 ieee80211_node_delucastkey(ni); 1030#undef N 1031} 1032 1033static void 1034node_free(struct ieee80211_node *ni) 1035{ 1036 struct ieee80211com *ic = ni->ni_ic; 1037 1038 ic->ic_node_cleanup(ni); 1039 ieee80211_ies_cleanup(&ni->ni_ies); 1040 ieee80211_psq_cleanup(&ni->ni_psq); 1041 free(ni, M_80211_NODE); 1042} 1043 1044static void 1045node_age(struct ieee80211_node *ni) 1046{ 1047 struct ieee80211vap *vap = ni->ni_vap; 1048 1049 IEEE80211_NODE_LOCK_ASSERT(&vap->iv_ic->ic_sta); 1050 1051 /* 1052 * Age frames on the power save queue. 1053 */ 1054 if (ieee80211_node_psq_age(ni) != 0 && 1055 ni->ni_psq.psq_len == 0 && vap->iv_set_tim != NULL) 1056 vap->iv_set_tim(ni, 0); 1057 /* 1058 * Age out HT resources (e.g. frames on the 1059 * A-MPDU reorder queues). 1060 */ 1061 if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT)) 1062 ieee80211_ht_node_age(ni); 1063} 1064 1065static int8_t 1066node_getrssi(const struct ieee80211_node *ni) 1067{ 1068 uint32_t avgrssi = ni->ni_avgrssi; 1069 int32_t rssi; 1070 1071 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) 1072 return 0; 1073 rssi = IEEE80211_RSSI_GET(avgrssi); 1074 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 1075} 1076 1077static void 1078node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise) 1079{ 1080 *rssi = node_getrssi(ni); 1081 *noise = ni->ni_noise; 1082} 1083 1084static void 1085node_getmimoinfo(const struct ieee80211_node *ni, 1086 struct ieee80211_mimo_info *info) 1087{ 1088 /* XXX zero data? */ 1089} 1090 1091struct ieee80211_node * 1092ieee80211_alloc_node(struct ieee80211_node_table *nt, 1093 struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1094{ 1095 struct ieee80211com *ic = nt->nt_ic; 1096 struct ieee80211_node *ni; 1097 int hash; 1098 1099 ni = ic->ic_node_alloc(vap, macaddr); 1100 if (ni == NULL) { 1101 vap->iv_stats.is_rx_nodealloc++; 1102 return NULL; 1103 } 1104 1105 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1106 "%s %p<%s> in %s table\n", __func__, ni, 1107 ether_sprintf(macaddr), nt->nt_name); 1108 1109 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1110 hash = IEEE80211_NODE_HASH(ic, macaddr); 1111 ieee80211_node_initref(ni); /* mark referenced */ 1112 ni->ni_chan = IEEE80211_CHAN_ANYC; 1113 ni->ni_authmode = IEEE80211_AUTH_OPEN; 1114 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 1115 ni->ni_txparms = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1116 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 1117 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER; 1118 ni->ni_inact_reload = nt->nt_inact_init; 1119 ni->ni_inact = ni->ni_inact_reload; 1120 ni->ni_ath_defkeyix = 0x7fff; 1121 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1122#ifdef IEEE80211_SUPPORT_MESH 1123 if (vap->iv_opmode == IEEE80211_M_MBSS) 1124 ieee80211_mesh_node_init(vap, ni); 1125#endif 1126 IEEE80211_NODE_LOCK(nt); 1127 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 1128 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 1129 ni->ni_table = nt; 1130 ni->ni_vap = vap; 1131 ni->ni_ic = ic; 1132 IEEE80211_NODE_UNLOCK(nt); 1133 1134 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 1135 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 1136 1137 return ni; 1138} 1139 1140/* 1141 * Craft a temporary node suitable for sending a management frame 1142 * to the specified station. We craft only as much state as we 1143 * need to do the work since the node will be immediately reclaimed 1144 * once the send completes. 1145 */ 1146struct ieee80211_node * 1147ieee80211_tmp_node(struct ieee80211vap *vap, 1148 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1149{ 1150 struct ieee80211com *ic = vap->iv_ic; 1151 struct ieee80211_node *ni; 1152 1153 ni = ic->ic_node_alloc(vap, macaddr); 1154 if (ni != NULL) { 1155 struct ieee80211_node *bss = vap->iv_bss; 1156 1157 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1158 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1159 1160 ni->ni_table = NULL; /* NB: pedantic */ 1161 ni->ni_ic = ic; /* NB: needed to set channel */ 1162 ni->ni_vap = vap; 1163 1164 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1165 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1166 ieee80211_node_initref(ni); /* mark referenced */ 1167 /* NB: required by ieee80211_fix_rate */ 1168 ieee80211_node_set_chan(ni, bss->ni_chan); 1169 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, 1170 IEEE80211_KEYIX_NONE); 1171 ni->ni_txpower = bss->ni_txpower; 1172 /* XXX optimize away */ 1173 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1174 } else { 1175 /* XXX msg */ 1176 vap->iv_stats.is_rx_nodealloc++; 1177 } 1178 return ni; 1179} 1180 1181struct ieee80211_node * 1182ieee80211_dup_bss(struct ieee80211vap *vap, 1183 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1184{ 1185 struct ieee80211com *ic = vap->iv_ic; 1186 struct ieee80211_node *ni; 1187 1188 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr); 1189 if (ni != NULL) { 1190 struct ieee80211_node *bss = vap->iv_bss; 1191 /* 1192 * Inherit from iv_bss. 1193 */ 1194 copy_bss(ni, bss); 1195 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1196 ieee80211_node_set_chan(ni, bss->ni_chan); 1197 } 1198 return ni; 1199} 1200 1201/* 1202 * Create a bss node for a legacy WDS vap. The far end does 1203 * not associate so we just create create a new node and 1204 * simulate an association. The caller is responsible for 1205 * installing the node as the bss node and handling any further 1206 * setup work like authorizing the port. 1207 */ 1208struct ieee80211_node * 1209ieee80211_node_create_wds(struct ieee80211vap *vap, 1210 const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan) 1211{ 1212 struct ieee80211com *ic = vap->iv_ic; 1213 struct ieee80211_node *ni; 1214 1215 /* XXX check if node already in sta table? */ 1216 ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid); 1217 if (ni != NULL) { 1218 ni->ni_wdsvap = vap; 1219 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid); 1220 /* 1221 * Inherit any manually configured settings. 1222 */ 1223 copy_bss(ni, vap->iv_bss); 1224 ieee80211_node_set_chan(ni, chan); 1225 /* NB: propagate ssid so available to WPA supplicant */ 1226 ni->ni_esslen = vap->iv_des_ssid[0].len; 1227 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 1228 /* NB: no associd for peer */ 1229 /* 1230 * There are no management frames to use to 1231 * discover neighbor capabilities, so blindly 1232 * propagate the local configuration. 1233 */ 1234 if (vap->iv_flags & IEEE80211_F_WME) 1235 ni->ni_flags |= IEEE80211_NODE_QOS; 1236#ifdef IEEE80211_SUPPORT_SUPERG 1237 if (vap->iv_flags & IEEE80211_F_FF) 1238 ni->ni_flags |= IEEE80211_NODE_FF; 1239#endif 1240 if ((ic->ic_htcaps & IEEE80211_HTC_HT) && 1241 (vap->iv_flags_ht & IEEE80211_FHT_HT)) { 1242 /* 1243 * Device is HT-capable and HT is enabled for 1244 * the vap; setup HT operation. On return 1245 * ni_chan will be adjusted to an HT channel. 1246 */ 1247 ieee80211_ht_wds_init(ni); 1248 } else { 1249 struct ieee80211_channel *c = ni->ni_chan; 1250 /* 1251 * Force a legacy channel to be used. 1252 */ 1253 c = ieee80211_find_channel(ic, 1254 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT); 1255 KASSERT(c != NULL, ("no legacy channel, %u/%x", 1256 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags)); 1257 ni->ni_chan = c; 1258 } 1259 } 1260 return ni; 1261} 1262 1263struct ieee80211_node * 1264#ifdef IEEE80211_DEBUG_REFCNT 1265ieee80211_find_node_locked_debug(struct ieee80211_node_table *nt, 1266 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1267#else 1268ieee80211_find_node_locked(struct ieee80211_node_table *nt, 1269 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1270#endif 1271{ 1272 struct ieee80211_node *ni; 1273 int hash; 1274 1275 IEEE80211_NODE_LOCK_ASSERT(nt); 1276 1277 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr); 1278 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1279 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1280 ieee80211_ref_node(ni); /* mark referenced */ 1281#ifdef IEEE80211_DEBUG_REFCNT 1282 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1283 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1284 func, line, 1285 ni, ether_sprintf(ni->ni_macaddr), 1286 ieee80211_node_refcnt(ni)); 1287#endif 1288 return ni; 1289 } 1290 } 1291 return NULL; 1292} 1293 1294struct ieee80211_node * 1295#ifdef IEEE80211_DEBUG_REFCNT 1296ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1297 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1298#else 1299ieee80211_find_node(struct ieee80211_node_table *nt, 1300 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1301#endif 1302{ 1303 struct ieee80211_node *ni; 1304 1305 IEEE80211_NODE_LOCK(nt); 1306 ni = ieee80211_find_node_locked(nt, macaddr); 1307 IEEE80211_NODE_UNLOCK(nt); 1308 return ni; 1309} 1310 1311struct ieee80211_node * 1312#ifdef IEEE80211_DEBUG_REFCNT 1313ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table *nt, 1314 const struct ieee80211vap *vap, 1315 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1316#else 1317ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt, 1318 const struct ieee80211vap *vap, 1319 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1320#endif 1321{ 1322 struct ieee80211_node *ni; 1323 int hash; 1324 1325 IEEE80211_NODE_LOCK_ASSERT(nt); 1326 1327 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr); 1328 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1329 if (ni->ni_vap == vap && 1330 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1331 ieee80211_ref_node(ni); /* mark referenced */ 1332#ifdef IEEE80211_DEBUG_REFCNT 1333 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1334 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1335 func, line, 1336 ni, ether_sprintf(ni->ni_macaddr), 1337 ieee80211_node_refcnt(ni)); 1338#endif 1339 return ni; 1340 } 1341 } 1342 return NULL; 1343} 1344 1345struct ieee80211_node * 1346#ifdef IEEE80211_DEBUG_REFCNT 1347ieee80211_find_vap_node_debug(struct ieee80211_node_table *nt, 1348 const struct ieee80211vap *vap, 1349 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1350#else 1351ieee80211_find_vap_node(struct ieee80211_node_table *nt, 1352 const struct ieee80211vap *vap, 1353 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1354#endif 1355{ 1356 struct ieee80211_node *ni; 1357 1358 IEEE80211_NODE_LOCK(nt); 1359 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr); 1360 IEEE80211_NODE_UNLOCK(nt); 1361 return ni; 1362} 1363 1364/* 1365 * Fake up a node; this handles node discovery in adhoc mode. 1366 * Note that for the driver's benefit we we treat this like 1367 * an association so the driver has an opportunity to setup 1368 * it's private state. 1369 */ 1370struct ieee80211_node * 1371ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap, 1372 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1373{ 1374 struct ieee80211_node *ni; 1375 1376 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1377 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr)); 1378 ni = ieee80211_dup_bss(vap, macaddr); 1379 if (ni != NULL) { 1380 struct ieee80211com *ic = vap->iv_ic; 1381 1382 /* XXX no rate negotiation; just dup */ 1383 ni->ni_rates = vap->iv_bss->ni_rates; 1384 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1385 ni->ni_flags |= IEEE80211_NODE_ERP; 1386 if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 1387 /* 1388 * In adhoc demo mode there are no management 1389 * frames to use to discover neighbor capabilities, 1390 * so blindly propagate the local configuration 1391 * so we can do interesting things (e.g. use 1392 * WME to disable ACK's). 1393 */ 1394 if (vap->iv_flags & IEEE80211_F_WME) 1395 ni->ni_flags |= IEEE80211_NODE_QOS; 1396#ifdef IEEE80211_SUPPORT_SUPERG 1397 if (vap->iv_flags & IEEE80211_F_FF) 1398 ni->ni_flags |= IEEE80211_NODE_FF; 1399#endif 1400 } 1401 ieee80211_node_setuptxparms(ni); 1402 if (ic->ic_newassoc != NULL) 1403 ic->ic_newassoc(ni, 1); 1404 /* XXX not right for 802.1x/WPA */ 1405 ieee80211_node_authorize(ni); 1406 } 1407 return ni; 1408} 1409 1410void 1411ieee80211_init_neighbor(struct ieee80211_node *ni, 1412 const struct ieee80211_frame *wh, 1413 const struct ieee80211_scanparams *sp) 1414{ 1415 ni->ni_esslen = sp->ssid[1]; 1416 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1417 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1418 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1419 ni->ni_intval = sp->bintval; 1420 ni->ni_capinfo = sp->capinfo; 1421 ni->ni_chan = ni->ni_ic->ic_curchan; 1422 ni->ni_fhdwell = sp->fhdwell; 1423 ni->ni_fhindex = sp->fhindex; 1424 ni->ni_erp = sp->erp; 1425 ni->ni_timoff = sp->timoff; 1426#ifdef IEEE80211_SUPPORT_MESH 1427 if (ni->ni_vap->iv_opmode == IEEE80211_M_MBSS) 1428 ieee80211_mesh_init_neighbor(ni, wh, sp); 1429#endif 1430 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) { 1431 ieee80211_ies_expand(&ni->ni_ies); 1432 if (ni->ni_ies.wme_ie != NULL) 1433 ni->ni_flags |= IEEE80211_NODE_QOS; 1434 else 1435 ni->ni_flags &= ~IEEE80211_NODE_QOS; 1436#ifdef IEEE80211_SUPPORT_SUPERG 1437 if (ni->ni_ies.ath_ie != NULL) 1438 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 1439#endif 1440 } 1441 1442 /* NB: must be after ni_chan is setup */ 1443 ieee80211_setup_rates(ni, sp->rates, sp->xrates, 1444 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1445 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1446} 1447 1448/* 1449 * Do node discovery in adhoc mode on receipt of a beacon 1450 * or probe response frame. Note that for the driver's 1451 * benefit we we treat this like an association so the 1452 * driver has an opportunity to setup it's private state. 1453 */ 1454struct ieee80211_node * 1455ieee80211_add_neighbor(struct ieee80211vap *vap, 1456 const struct ieee80211_frame *wh, 1457 const struct ieee80211_scanparams *sp) 1458{ 1459 struct ieee80211_node *ni; 1460 1461 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1462 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2)); 1463 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */ 1464 if (ni != NULL) { 1465 struct ieee80211com *ic = vap->iv_ic; 1466 1467 ieee80211_init_neighbor(ni, wh, sp); 1468 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1469 ni->ni_flags |= IEEE80211_NODE_ERP; 1470 ieee80211_node_setuptxparms(ni); 1471 if (ic->ic_newassoc != NULL) 1472 ic->ic_newassoc(ni, 1); 1473 /* XXX not right for 802.1x/WPA */ 1474 ieee80211_node_authorize(ni); 1475 } 1476 return ni; 1477} 1478 1479#define IS_PROBEREQ(wh) \ 1480 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) \ 1481 == (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 1482#define IS_BCAST_PROBEREQ(wh) \ 1483 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \ 1484 ((const struct ieee80211_frame *)(wh))->i_addr3)) 1485 1486static __inline struct ieee80211_node * 1487_find_rxnode(struct ieee80211_node_table *nt, 1488 const struct ieee80211_frame_min *wh) 1489{ 1490 if (IS_BCAST_PROBEREQ(wh)) 1491 return NULL; /* spam bcast probe req to all vap's */ 1492 return ieee80211_find_node_locked(nt, wh->i_addr2); 1493} 1494 1495/* 1496 * Locate the node for sender, track state, and then pass the 1497 * (referenced) node up to the 802.11 layer for its use. Note 1498 * we can return NULL if the sender is not in the table. 1499 */ 1500struct ieee80211_node * 1501#ifdef IEEE80211_DEBUG_REFCNT 1502ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1503 const struct ieee80211_frame_min *wh, const char *func, int line) 1504#else 1505ieee80211_find_rxnode(struct ieee80211com *ic, 1506 const struct ieee80211_frame_min *wh) 1507#endif 1508{ 1509 struct ieee80211_node_table *nt; 1510 struct ieee80211_node *ni; 1511 1512 nt = &ic->ic_sta; 1513 IEEE80211_NODE_LOCK(nt); 1514 ni = _find_rxnode(nt, wh); 1515 IEEE80211_NODE_UNLOCK(nt); 1516 1517 return ni; 1518} 1519 1520/* 1521 * Like ieee80211_find_rxnode but use the supplied h/w 1522 * key index as a hint to locate the node in the key 1523 * mapping table. If an entry is present at the key 1524 * index we return it; otherwise do a normal lookup and 1525 * update the mapping table if the station has a unicast 1526 * key assigned to it. 1527 */ 1528struct ieee80211_node * 1529#ifdef IEEE80211_DEBUG_REFCNT 1530ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic, 1531 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix, 1532 const char *func, int line) 1533#else 1534ieee80211_find_rxnode_withkey(struct ieee80211com *ic, 1535 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix) 1536#endif 1537{ 1538 struct ieee80211_node_table *nt; 1539 struct ieee80211_node *ni; 1540 1541 nt = &ic->ic_sta; 1542 IEEE80211_NODE_LOCK(nt); 1543 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) 1544 ni = nt->nt_keyixmap[keyix]; 1545 else 1546 ni = NULL; 1547 if (ni == NULL) { 1548 ni = _find_rxnode(nt, wh); 1549 if (ni != NULL && nt->nt_keyixmap != NULL) { 1550 /* 1551 * If the station has a unicast key cache slot 1552 * assigned update the key->node mapping table. 1553 */ 1554 keyix = ni->ni_ucastkey.wk_rxkeyix; 1555 /* XXX can keyixmap[keyix] != NULL? */ 1556 if (keyix < nt->nt_keyixmax && 1557 nt->nt_keyixmap[keyix] == NULL) { 1558 IEEE80211_DPRINTF(ni->ni_vap, 1559 IEEE80211_MSG_NODE, 1560 "%s: add key map entry %p<%s> refcnt %d\n", 1561 __func__, ni, ether_sprintf(ni->ni_macaddr), 1562 ieee80211_node_refcnt(ni)+1); 1563 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1564 } 1565 } 1566 } else { 1567 if (IS_BCAST_PROBEREQ(wh)) 1568 ni = NULL; /* spam bcast probe req to all vap's */ 1569 else 1570 ieee80211_ref_node(ni); 1571 } 1572 IEEE80211_NODE_UNLOCK(nt); 1573 1574 return ni; 1575} 1576#undef IS_BCAST_PROBEREQ 1577#undef IS_PROBEREQ 1578 1579/* 1580 * Return a reference to the appropriate node for sending 1581 * a data frame. This handles node discovery in adhoc networks. 1582 */ 1583struct ieee80211_node * 1584#ifdef IEEE80211_DEBUG_REFCNT 1585ieee80211_find_txnode_debug(struct ieee80211vap *vap, 1586 const uint8_t macaddr[IEEE80211_ADDR_LEN], 1587 const char *func, int line) 1588#else 1589ieee80211_find_txnode(struct ieee80211vap *vap, 1590 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1591#endif 1592{ 1593 struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta; 1594 struct ieee80211_node *ni; 1595 1596 /* 1597 * The destination address should be in the node table 1598 * unless this is a multicast/broadcast frame. We can 1599 * also optimize station mode operation, all frames go 1600 * to the bss node. 1601 */ 1602 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1603 IEEE80211_NODE_LOCK(nt); 1604 if (vap->iv_opmode == IEEE80211_M_STA || 1605 vap->iv_opmode == IEEE80211_M_WDS || 1606 IEEE80211_IS_MULTICAST(macaddr)) 1607 ni = ieee80211_ref_node(vap->iv_bss); 1608 else 1609 ni = ieee80211_find_node_locked(nt, macaddr); 1610 IEEE80211_NODE_UNLOCK(nt); 1611 1612 if (ni == NULL) { 1613 if (vap->iv_opmode == IEEE80211_M_IBSS || 1614 vap->iv_opmode == IEEE80211_M_AHDEMO) { 1615 /* 1616 * In adhoc mode cons up a node for the destination. 1617 * Note that we need an additional reference for the 1618 * caller to be consistent with 1619 * ieee80211_find_node_locked. 1620 */ 1621 ni = ieee80211_fakeup_adhoc_node(vap, macaddr); 1622 if (ni != NULL) 1623 (void) ieee80211_ref_node(ni); 1624 } else { 1625 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr, 1626 "no node, discard frame (%s)", __func__); 1627 vap->iv_stats.is_tx_nonode++; 1628 } 1629 } 1630 return ni; 1631} 1632 1633static void 1634_ieee80211_free_node(struct ieee80211_node *ni) 1635{ 1636 struct ieee80211_node_table *nt = ni->ni_table; 1637 1638 /* 1639 * NB: careful about referencing the vap as it may be 1640 * gone if the last reference was held by a driver. 1641 * We know the com will always be present so it's safe 1642 * to use ni_ic below to reclaim resources. 1643 */ 1644#if 0 1645 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1646 "%s %p<%s> in %s table\n", __func__, ni, 1647 ether_sprintf(ni->ni_macaddr), 1648 nt != NULL ? nt->nt_name : "<gone>"); 1649#endif 1650 if (ni->ni_associd != 0) { 1651 struct ieee80211vap *vap = ni->ni_vap; 1652 if (vap->iv_aid_bitmap != NULL) 1653 IEEE80211_AID_CLR(vap, ni->ni_associd); 1654 } 1655 if (nt != NULL) { 1656 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1657 LIST_REMOVE(ni, ni_hash); 1658 } 1659 ni->ni_ic->ic_node_free(ni); 1660} 1661 1662void 1663#ifdef IEEE80211_DEBUG_REFCNT 1664ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1665#else 1666ieee80211_free_node(struct ieee80211_node *ni) 1667#endif 1668{ 1669 struct ieee80211_node_table *nt = ni->ni_table; 1670 1671#ifdef IEEE80211_DEBUG_REFCNT 1672 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1673 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1674 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1675#endif 1676 if (nt != NULL) { 1677 IEEE80211_NODE_LOCK(nt); 1678 if (ieee80211_node_dectestref(ni)) { 1679 /* 1680 * Last reference, reclaim state. 1681 */ 1682 _ieee80211_free_node(ni); 1683 } else if (ieee80211_node_refcnt(ni) == 1 && 1684 nt->nt_keyixmap != NULL) { 1685 ieee80211_keyix keyix; 1686 /* 1687 * Check for a last reference in the key mapping table. 1688 */ 1689 keyix = ni->ni_ucastkey.wk_rxkeyix; 1690 if (keyix < nt->nt_keyixmax && 1691 nt->nt_keyixmap[keyix] == ni) { 1692 IEEE80211_DPRINTF(ni->ni_vap, 1693 IEEE80211_MSG_NODE, 1694 "%s: %p<%s> clear key map entry", __func__, 1695 ni, ether_sprintf(ni->ni_macaddr)); 1696 nt->nt_keyixmap[keyix] = NULL; 1697 ieee80211_node_decref(ni); /* XXX needed? */ 1698 _ieee80211_free_node(ni); 1699 } 1700 } 1701 IEEE80211_NODE_UNLOCK(nt); 1702 } else { 1703 if (ieee80211_node_dectestref(ni)) 1704 _ieee80211_free_node(ni); 1705 } 1706} 1707 1708/* 1709 * Reclaim a unicast key and clear any key cache state. 1710 */ 1711int 1712ieee80211_node_delucastkey(struct ieee80211_node *ni) 1713{ 1714 struct ieee80211com *ic = ni->ni_ic; 1715 struct ieee80211_node_table *nt = &ic->ic_sta; 1716 struct ieee80211_node *nikey; 1717 ieee80211_keyix keyix; 1718 int isowned, status; 1719 1720 /* 1721 * NB: We must beware of LOR here; deleting the key 1722 * can cause the crypto layer to block traffic updates 1723 * which can generate a LOR against the node table lock; 1724 * grab it here and stash the key index for our use below. 1725 * 1726 * Must also beware of recursion on the node table lock. 1727 * When called from node_cleanup we may already have 1728 * the node table lock held. Unfortunately there's no 1729 * way to separate out this path so we must do this 1730 * conditionally. 1731 */ 1732 isowned = IEEE80211_NODE_IS_LOCKED(nt); 1733 if (!isowned) 1734 IEEE80211_NODE_LOCK(nt); 1735 nikey = NULL; 1736 status = 1; /* NB: success */ 1737 if (ni->ni_ucastkey.wk_keyix != IEEE80211_KEYIX_NONE) { 1738 keyix = ni->ni_ucastkey.wk_rxkeyix; 1739 status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey); 1740 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1741 nikey = nt->nt_keyixmap[keyix]; 1742 nt->nt_keyixmap[keyix] = NULL;; 1743 } 1744 } 1745 if (!isowned) 1746 IEEE80211_NODE_UNLOCK(nt); 1747 1748 if (nikey != NULL) { 1749 KASSERT(nikey == ni, 1750 ("key map out of sync, ni %p nikey %p", ni, nikey)); 1751 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1752 "%s: delete key map entry %p<%s> refcnt %d\n", 1753 __func__, ni, ether_sprintf(ni->ni_macaddr), 1754 ieee80211_node_refcnt(ni)-1); 1755 ieee80211_free_node(ni); 1756 } 1757 return status; 1758} 1759 1760/* 1761 * Reclaim a node. If this is the last reference count then 1762 * do the normal free work. Otherwise remove it from the node 1763 * table and mark it gone by clearing the back-reference. 1764 */ 1765static void 1766node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1767{ 1768 ieee80211_keyix keyix; 1769 1770 IEEE80211_NODE_LOCK_ASSERT(nt); 1771 1772 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1773 "%s: remove %p<%s> from %s table, refcnt %d\n", 1774 __func__, ni, ether_sprintf(ni->ni_macaddr), 1775 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1776 /* 1777 * Clear any entry in the unicast key mapping table. 1778 * We need to do it here so rx lookups don't find it 1779 * in the mapping table even if it's not in the hash 1780 * table. We cannot depend on the mapping table entry 1781 * being cleared because the node may not be free'd. 1782 */ 1783 keyix = ni->ni_ucastkey.wk_rxkeyix; 1784 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 1785 nt->nt_keyixmap[keyix] == ni) { 1786 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1787 "%s: %p<%s> clear key map entry %u\n", 1788 __func__, ni, ether_sprintf(ni->ni_macaddr), keyix); 1789 nt->nt_keyixmap[keyix] = NULL; 1790 ieee80211_node_decref(ni); /* NB: don't need free */ 1791 } 1792 if (!ieee80211_node_dectestref(ni)) { 1793 /* 1794 * Other references are present, just remove the 1795 * node from the table so it cannot be found. When 1796 * the references are dropped storage will be 1797 * reclaimed. 1798 */ 1799 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1800 LIST_REMOVE(ni, ni_hash); 1801 ni->ni_table = NULL; /* clear reference */ 1802 } else 1803 _ieee80211_free_node(ni); 1804} 1805 1806/* 1807 * Node table support. 1808 */ 1809 1810static void 1811ieee80211_node_table_init(struct ieee80211com *ic, 1812 struct ieee80211_node_table *nt, 1813 const char *name, int inact, int keyixmax) 1814{ 1815 struct ifnet *ifp = ic->ic_ifp; 1816 1817 nt->nt_ic = ic; 1818 IEEE80211_NODE_LOCK_INIT(nt, ifp->if_xname); 1819 IEEE80211_NODE_ITERATE_LOCK_INIT(nt, ifp->if_xname); 1820 TAILQ_INIT(&nt->nt_node); 1821 nt->nt_name = name; 1822 nt->nt_scangen = 1; 1823 nt->nt_inact_init = inact; 1824 nt->nt_keyixmax = keyixmax; 1825 if (nt->nt_keyixmax > 0) { 1826 nt->nt_keyixmap = (struct ieee80211_node **) malloc( 1827 keyixmax * sizeof(struct ieee80211_node *), 1828 M_80211_NODE, M_NOWAIT | M_ZERO); 1829 if (nt->nt_keyixmap == NULL) 1830 if_printf(ic->ic_ifp, 1831 "Cannot allocate key index map with %u entries\n", 1832 keyixmax); 1833 } else 1834 nt->nt_keyixmap = NULL; 1835} 1836 1837static void 1838ieee80211_node_table_reset(struct ieee80211_node_table *nt, 1839 struct ieee80211vap *match) 1840{ 1841 struct ieee80211_node *ni, *next; 1842 1843 IEEE80211_NODE_LOCK(nt); 1844 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { 1845 if (match != NULL && ni->ni_vap != match) 1846 continue; 1847 /* XXX can this happen? if so need's work */ 1848 if (ni->ni_associd != 0) { 1849 struct ieee80211vap *vap = ni->ni_vap; 1850 1851 if (vap->iv_auth->ia_node_leave != NULL) 1852 vap->iv_auth->ia_node_leave(ni); 1853 if (vap->iv_aid_bitmap != NULL) 1854 IEEE80211_AID_CLR(vap, ni->ni_associd); 1855 } 1856 ni->ni_wdsvap = NULL; /* clear reference */ 1857 node_reclaim(nt, ni); 1858 } 1859 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) { 1860 /* 1861 * Make a separate pass to clear references to this vap 1862 * held by DWDS entries. They will not be matched above 1863 * because ni_vap will point to the ap vap but we still 1864 * need to clear ni_wdsvap when the WDS vap is destroyed 1865 * and/or reset. 1866 */ 1867 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) 1868 if (ni->ni_wdsvap == match) 1869 ni->ni_wdsvap = NULL; 1870 } 1871 IEEE80211_NODE_UNLOCK(nt); 1872} 1873 1874static void 1875ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 1876{ 1877 ieee80211_node_table_reset(nt, NULL); 1878 if (nt->nt_keyixmap != NULL) { 1879#ifdef DIAGNOSTIC 1880 /* XXX verify all entries are NULL */ 1881 int i; 1882 for (i = 0; i < nt->nt_keyixmax; i++) 1883 if (nt->nt_keyixmap[i] != NULL) 1884 printf("%s: %s[%u] still active\n", __func__, 1885 nt->nt_name, i); 1886#endif 1887 free(nt->nt_keyixmap, M_80211_NODE); 1888 nt->nt_keyixmap = NULL; 1889 } 1890 IEEE80211_NODE_ITERATE_LOCK_DESTROY(nt); 1891 IEEE80211_NODE_LOCK_DESTROY(nt); 1892} 1893 1894/* 1895 * Timeout inactive stations and do related housekeeping. 1896 * Note that we cannot hold the node lock while sending a 1897 * frame as this would lead to a LOR. Instead we use a 1898 * generation number to mark nodes that we've scanned and 1899 * drop the lock and restart a scan if we have to time out 1900 * a node. Since we are single-threaded by virtue of 1901 * controlling the inactivity timer we can be sure this will 1902 * process each node only once. 1903 */ 1904static void 1905ieee80211_timeout_stations(struct ieee80211com *ic) 1906{ 1907 struct ieee80211_node_table *nt = &ic->ic_sta; 1908 struct ieee80211vap *vap; 1909 struct ieee80211_node *ni; 1910 int gen = 0; 1911 1912 IEEE80211_NODE_ITERATE_LOCK(nt); 1913 gen = ++nt->nt_scangen; 1914restart: 1915 IEEE80211_NODE_LOCK(nt); 1916 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1917 if (ni->ni_scangen == gen) /* previously handled */ 1918 continue; 1919 ni->ni_scangen = gen; 1920 /* 1921 * Ignore entries for which have yet to receive an 1922 * authentication frame. These are transient and 1923 * will be reclaimed when the last reference to them 1924 * goes away (when frame xmits complete). 1925 */ 1926 vap = ni->ni_vap; 1927 /* 1928 * Only process stations when in RUN state. This 1929 * insures, for example, that we don't timeout an 1930 * inactive station during CAC. Note that CSA state 1931 * is actually handled in ieee80211_node_timeout as 1932 * it applies to more than timeout processing. 1933 */ 1934 if (vap->iv_state != IEEE80211_S_RUN) 1935 continue; 1936 /* XXX can vap be NULL? */ 1937 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 1938 vap->iv_opmode == IEEE80211_M_STA) && 1939 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1940 continue; 1941 /* 1942 * Free fragment if not needed anymore 1943 * (last fragment older than 1s). 1944 * XXX doesn't belong here, move to node_age 1945 */ 1946 if (ni->ni_rxfrag[0] != NULL && 1947 ticks > ni->ni_rxfragstamp + hz) { 1948 m_freem(ni->ni_rxfrag[0]); 1949 ni->ni_rxfrag[0] = NULL; 1950 } 1951 if (ni->ni_inact > 0) { 1952 ni->ni_inact--; 1953 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 1954 "%s: inact %u inact_reload %u nrates %u", 1955 __func__, ni->ni_inact, ni->ni_inact_reload, 1956 ni->ni_rates.rs_nrates); 1957 } 1958 /* 1959 * Special case ourself; we may be idle for extended periods 1960 * of time and regardless reclaiming our state is wrong. 1961 * XXX run ic_node_age 1962 */ 1963 if (ni == vap->iv_bss) 1964 continue; 1965 if (ni->ni_associd != 0 || 1966 (vap->iv_opmode == IEEE80211_M_IBSS || 1967 vap->iv_opmode == IEEE80211_M_AHDEMO)) { 1968 /* 1969 * Age/drain resources held by the station. 1970 */ 1971 ic->ic_node_age(ni); 1972 /* 1973 * Probe the station before time it out. We 1974 * send a null data frame which may not be 1975 * universally supported by drivers (need it 1976 * for ps-poll support so it should be...). 1977 * 1978 * XXX don't probe the station unless we've 1979 * received a frame from them (and have 1980 * some idea of the rates they are capable 1981 * of); this will get fixed more properly 1982 * soon with better handling of the rate set. 1983 */ 1984 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 1985 (0 < ni->ni_inact && 1986 ni->ni_inact <= vap->iv_inact_probe) && 1987 ni->ni_rates.rs_nrates != 0) { 1988 IEEE80211_NOTE(vap, 1989 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, 1990 ni, "%s", 1991 "probe station due to inactivity"); 1992 /* 1993 * Grab a reference before unlocking the table 1994 * so the node cannot be reclaimed before we 1995 * send the frame. ieee80211_send_nulldata 1996 * understands we've done this and reclaims the 1997 * ref for us as needed. 1998 */ 1999 ieee80211_ref_node(ni); 2000 IEEE80211_NODE_UNLOCK(nt); 2001 ieee80211_send_nulldata(ni); 2002 /* XXX stat? */ 2003 goto restart; 2004 } 2005 } 2006 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 2007 ni->ni_inact <= 0) { 2008 IEEE80211_NOTE(vap, 2009 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni, 2010 "station timed out due to inactivity " 2011 "(refcnt %u)", ieee80211_node_refcnt(ni)); 2012 /* 2013 * Send a deauthenticate frame and drop the station. 2014 * This is somewhat complicated due to reference counts 2015 * and locking. At this point a station will typically 2016 * have a reference count of 1. ieee80211_node_leave 2017 * will do a "free" of the node which will drop the 2018 * reference count. But in the meantime a reference 2019 * wil be held by the deauth frame. The actual reclaim 2020 * of the node will happen either after the tx is 2021 * completed or by ieee80211_node_leave. 2022 * 2023 * Separately we must drop the node lock before sending 2024 * in case the driver takes a lock, as this can result 2025 * in a LOR between the node lock and the driver lock. 2026 */ 2027 ieee80211_ref_node(ni); 2028 IEEE80211_NODE_UNLOCK(nt); 2029 if (ni->ni_associd != 0) { 2030 IEEE80211_SEND_MGMT(ni, 2031 IEEE80211_FC0_SUBTYPE_DEAUTH, 2032 IEEE80211_REASON_AUTH_EXPIRE); 2033 } 2034 ieee80211_node_leave(ni); 2035 ieee80211_free_node(ni); 2036 vap->iv_stats.is_node_timeout++; 2037 goto restart; 2038 } 2039 } 2040 IEEE80211_NODE_UNLOCK(nt); 2041 2042 IEEE80211_NODE_ITERATE_UNLOCK(nt); 2043} 2044 2045/* 2046 * Aggressively reclaim resources. This should be used 2047 * only in a critical situation to reclaim mbuf resources. 2048 */ 2049void 2050ieee80211_drain(struct ieee80211com *ic) 2051{ 2052 struct ieee80211_node_table *nt = &ic->ic_sta; 2053 struct ieee80211vap *vap; 2054 struct ieee80211_node *ni; 2055 2056 IEEE80211_NODE_LOCK(nt); 2057 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2058 /* 2059 * Ignore entries for which have yet to receive an 2060 * authentication frame. These are transient and 2061 * will be reclaimed when the last reference to them 2062 * goes away (when frame xmits complete). 2063 */ 2064 vap = ni->ni_vap; 2065 /* 2066 * Only process stations when in RUN state. This 2067 * insures, for example, that we don't timeout an 2068 * inactive station during CAC. Note that CSA state 2069 * is actually handled in ieee80211_node_timeout as 2070 * it applies to more than timeout processing. 2071 */ 2072 if (vap->iv_state != IEEE80211_S_RUN) 2073 continue; 2074 /* XXX can vap be NULL? */ 2075 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 2076 vap->iv_opmode == IEEE80211_M_STA) && 2077 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 2078 continue; 2079 /* 2080 * Free fragments. 2081 * XXX doesn't belong here, move to node_drain 2082 */ 2083 if (ni->ni_rxfrag[0] != NULL) { 2084 m_freem(ni->ni_rxfrag[0]); 2085 ni->ni_rxfrag[0] = NULL; 2086 } 2087 /* 2088 * Drain resources held by the station. 2089 */ 2090 ic->ic_node_drain(ni); 2091 } 2092 IEEE80211_NODE_UNLOCK(nt); 2093} 2094 2095/* 2096 * Per-ieee80211com inactivity timer callback. 2097 */ 2098void 2099ieee80211_node_timeout(void *arg) 2100{ 2101 struct ieee80211com *ic = arg; 2102 2103 /* 2104 * Defer timeout processing if a channel switch is pending. 2105 * We typically need to be mute so not doing things that 2106 * might generate frames is good to handle in one place. 2107 * Supressing the station timeout processing may extend the 2108 * lifetime of inactive stations (by not decrementing their 2109 * idle counters) but this should be ok unless the CSA is 2110 * active for an unusually long time. 2111 */ 2112 if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) { 2113 ieee80211_scan_timeout(ic); 2114 ieee80211_timeout_stations(ic); 2115 ieee80211_ageq_age(&ic->ic_stageq, IEEE80211_INACT_WAIT); 2116 2117 IEEE80211_LOCK(ic); 2118 ieee80211_erp_timeout(ic); 2119 ieee80211_ht_timeout(ic); 2120 IEEE80211_UNLOCK(ic); 2121 } 2122 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 2123 ieee80211_node_timeout, ic); 2124} 2125 2126void 2127ieee80211_iterate_nodes(struct ieee80211_node_table *nt, 2128 ieee80211_iter_func *f, void *arg) 2129{ 2130 struct ieee80211_node *ni; 2131 u_int gen; 2132 2133 IEEE80211_NODE_ITERATE_LOCK(nt); 2134 gen = ++nt->nt_scangen; 2135restart: 2136 IEEE80211_NODE_LOCK(nt); 2137 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2138 if (ni->ni_scangen != gen) { 2139 ni->ni_scangen = gen; 2140 (void) ieee80211_ref_node(ni); 2141 IEEE80211_NODE_UNLOCK(nt); 2142 (*f)(arg, ni); 2143 ieee80211_free_node(ni); 2144 goto restart; 2145 } 2146 } 2147 IEEE80211_NODE_UNLOCK(nt); 2148 2149 IEEE80211_NODE_ITERATE_UNLOCK(nt); 2150} 2151 2152void 2153ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 2154{ 2155 printf("0x%p: mac %s refcnt %d\n", ni, 2156 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2157 printf("\tscangen %u authmode %u flags 0x%x\n", 2158 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 2159 printf("\tassocid 0x%x txpower %u vlan %u\n", 2160 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2161 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2162 ni->ni_txseqs[IEEE80211_NONQOS_TID], 2163 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT, 2164 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK, 2165 ni->ni_rxfragstamp); 2166 printf("\trssi %d noise %d intval %u capinfo 0x%x\n", 2167 node_getrssi(ni), ni->ni_noise, 2168 ni->ni_intval, ni->ni_capinfo); 2169 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 2170 ether_sprintf(ni->ni_bssid), 2171 ni->ni_esslen, ni->ni_essid, 2172 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2173 printf("\tinact %u inact_reload %u txrate %u\n", 2174 ni->ni_inact, ni->ni_inact_reload, ni->ni_txrate); 2175 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n", 2176 ni->ni_htcap, ni->ni_htparam, 2177 ni->ni_htctlchan, ni->ni_ht2ndchan); 2178 printf("\thtopmode %x htstbc %x chw %u\n", 2179 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw); 2180} 2181 2182void 2183ieee80211_dump_nodes(struct ieee80211_node_table *nt) 2184{ 2185 ieee80211_iterate_nodes(nt, 2186 (ieee80211_iter_func *) ieee80211_dump_node, nt); 2187} 2188 2189static void 2190ieee80211_notify_erp_locked(struct ieee80211com *ic) 2191{ 2192 struct ieee80211vap *vap; 2193 2194 IEEE80211_LOCK_ASSERT(ic); 2195 2196 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) 2197 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2198 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP); 2199} 2200 2201void 2202ieee80211_notify_erp(struct ieee80211com *ic) 2203{ 2204 IEEE80211_LOCK(ic); 2205 ieee80211_notify_erp_locked(ic); 2206 IEEE80211_UNLOCK(ic); 2207} 2208 2209/* 2210 * Handle a station joining an 11g network. 2211 */ 2212static void 2213ieee80211_node_join_11g(struct ieee80211_node *ni) 2214{ 2215 struct ieee80211com *ic = ni->ni_ic; 2216 2217 IEEE80211_LOCK_ASSERT(ic); 2218 2219 /* 2220 * Station isn't capable of short slot time. Bump 2221 * the count of long slot time stations and disable 2222 * use of short slot time. Note that the actual switch 2223 * over to long slot time use may not occur until the 2224 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2225 */ 2226 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2227 ic->ic_longslotsta++; 2228 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2229 "station needs long slot time, count %d", 2230 ic->ic_longslotsta); 2231 /* XXX vap's w/ conflicting needs won't work */ 2232 if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) { 2233 /* 2234 * Don't force slot time when switched to turbo 2235 * mode as non-ERP stations won't be present; this 2236 * need only be done when on the normal G channel. 2237 */ 2238 ieee80211_set_shortslottime(ic, 0); 2239 } 2240 } 2241 /* 2242 * If the new station is not an ERP station 2243 * then bump the counter and enable protection 2244 * if configured. 2245 */ 2246 if (!ieee80211_iserp_rateset(&ni->ni_rates)) { 2247 ic->ic_nonerpsta++; 2248 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2249 "station is !ERP, %d non-ERP stations associated", 2250 ic->ic_nonerpsta); 2251 /* 2252 * If station does not support short preamble 2253 * then we must enable use of Barker preamble. 2254 */ 2255 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2256 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2257 "%s", "station needs long preamble"); 2258 ic->ic_flags |= IEEE80211_F_USEBARKER; 2259 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2260 } 2261 /* 2262 * If protection is configured and this is the first 2263 * indication we should use protection, enable it. 2264 */ 2265 if (ic->ic_protmode != IEEE80211_PROT_NONE && 2266 ic->ic_nonerpsta == 1 && 2267 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2268 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2269 "%s: enable use of protection\n", __func__); 2270 ic->ic_flags |= IEEE80211_F_USEPROT; 2271 ieee80211_notify_erp_locked(ic); 2272 } 2273 } else 2274 ni->ni_flags |= IEEE80211_NODE_ERP; 2275} 2276 2277void 2278ieee80211_node_join(struct ieee80211_node *ni, int resp) 2279{ 2280 struct ieee80211com *ic = ni->ni_ic; 2281 struct ieee80211vap *vap = ni->ni_vap; 2282 int newassoc; 2283 2284 if (ni->ni_associd == 0) { 2285 uint16_t aid; 2286 2287 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap")); 2288 /* 2289 * It would be good to search the bitmap 2290 * more efficiently, but this will do for now. 2291 */ 2292 for (aid = 1; aid < vap->iv_max_aid; aid++) { 2293 if (!IEEE80211_AID_ISSET(vap, aid)) 2294 break; 2295 } 2296 if (aid >= vap->iv_max_aid) { 2297 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY); 2298 ieee80211_node_leave(ni); 2299 return; 2300 } 2301 ni->ni_associd = aid | 0xc000; 2302 ni->ni_jointime = time_uptime; 2303 IEEE80211_LOCK(ic); 2304 IEEE80211_AID_SET(vap, ni->ni_associd); 2305 vap->iv_sta_assoc++; 2306 ic->ic_sta_assoc++; 2307 2308 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2309 ieee80211_ht_node_join(ni); 2310 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2311 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2312 ieee80211_node_join_11g(ni); 2313 IEEE80211_UNLOCK(ic); 2314 2315 newassoc = 1; 2316 } else 2317 newassoc = 0; 2318 2319 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2320 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s%s%s", 2321 IEEE80211_NODE_AID(ni), 2322 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2323 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2324 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2325 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "", 2326 ni->ni_flags & IEEE80211_NODE_HT ? 2327 (ni->ni_chw == 40 ? ", HT40" : ", HT20") : "", 2328 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "", 2329 ni->ni_flags & IEEE80211_NODE_MIMO_RTS ? " (+SMPS-DYN)" : 2330 ni->ni_flags & IEEE80211_NODE_MIMO_PS ? " (+SMPS)" : "", 2331 ni->ni_flags & IEEE80211_NODE_RIFS ? " (+RIFS)" : "", 2332 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ? 2333 ", fast-frames" : "", 2334 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ? 2335 ", turbo" : "" 2336 ); 2337 2338 ieee80211_node_setuptxparms(ni); 2339 /* give driver a chance to setup state like ni_txrate */ 2340 if (ic->ic_newassoc != NULL) 2341 ic->ic_newassoc(ni, newassoc); 2342 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS); 2343 /* tell the authenticator about new station */ 2344 if (vap->iv_auth->ia_node_join != NULL) 2345 vap->iv_auth->ia_node_join(ni); 2346 ieee80211_notify_node_join(ni, 2347 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 2348} 2349 2350static void 2351disable_protection(struct ieee80211com *ic) 2352{ 2353 KASSERT(ic->ic_nonerpsta == 0 && 2354 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0, 2355 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta, 2356 ic->ic_flags_ext)); 2357 2358 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2359 /* XXX verify mode? */ 2360 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2361 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 2362 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2363 } 2364 ieee80211_notify_erp_locked(ic); 2365} 2366 2367/* 2368 * Handle a station leaving an 11g network. 2369 */ 2370static void 2371ieee80211_node_leave_11g(struct ieee80211_node *ni) 2372{ 2373 struct ieee80211com *ic = ni->ni_ic; 2374 2375 IEEE80211_LOCK_ASSERT(ic); 2376 2377 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan), 2378 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq, 2379 ic->ic_bsschan->ic_flags)); 2380 2381 /* 2382 * If a long slot station do the slot time bookkeeping. 2383 */ 2384 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2385 KASSERT(ic->ic_longslotsta > 0, 2386 ("bogus long slot station count %d", ic->ic_longslotsta)); 2387 ic->ic_longslotsta--; 2388 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2389 "long slot time station leaves, count now %d", 2390 ic->ic_longslotsta); 2391 if (ic->ic_longslotsta == 0) { 2392 /* 2393 * Re-enable use of short slot time if supported 2394 * and not operating in IBSS mode (per spec). 2395 */ 2396 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2397 ic->ic_opmode != IEEE80211_M_IBSS) { 2398 IEEE80211_DPRINTF(ni->ni_vap, 2399 IEEE80211_MSG_ASSOC, 2400 "%s: re-enable use of short slot time\n", 2401 __func__); 2402 ieee80211_set_shortslottime(ic, 1); 2403 } 2404 } 2405 } 2406 /* 2407 * If a non-ERP station do the protection-related bookkeeping. 2408 */ 2409 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2410 KASSERT(ic->ic_nonerpsta > 0, 2411 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2412 ic->ic_nonerpsta--; 2413 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2414 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta, 2415 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ? 2416 " (non-ERP sta present)" : ""); 2417 if (ic->ic_nonerpsta == 0 && 2418 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2419 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2420 "%s: disable use of protection\n", __func__); 2421 disable_protection(ic); 2422 } 2423 } 2424} 2425 2426/* 2427 * Time out presence of an overlapping bss with non-ERP 2428 * stations. When operating in hostap mode we listen for 2429 * beacons from other stations and if we identify a non-ERP 2430 * station is present we enable protection. To identify 2431 * when all non-ERP stations are gone we time out this 2432 * condition. 2433 */ 2434static void 2435ieee80211_erp_timeout(struct ieee80211com *ic) 2436{ 2437 2438 IEEE80211_LOCK_ASSERT(ic); 2439 2440 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) && 2441 time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) { 2442#if 0 2443 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2444 "%s", "age out non-ERP sta present on channel"); 2445#endif 2446 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR; 2447 if (ic->ic_nonerpsta == 0) 2448 disable_protection(ic); 2449 } 2450} 2451 2452/* 2453 * Handle bookkeeping for station deauthentication/disassociation 2454 * when operating as an ap. 2455 */ 2456void 2457ieee80211_node_leave(struct ieee80211_node *ni) 2458{ 2459 struct ieee80211com *ic = ni->ni_ic; 2460 struct ieee80211vap *vap = ni->ni_vap; 2461 struct ieee80211_node_table *nt = ni->ni_table; 2462 2463 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2464 "station with aid %d leaves", IEEE80211_NODE_AID(ni)); 2465 2466 KASSERT(vap->iv_opmode != IEEE80211_M_STA, 2467 ("unexpected operating mode %u", vap->iv_opmode)); 2468 /* 2469 * If node wasn't previously associated all 2470 * we need to do is reclaim the reference. 2471 */ 2472 /* XXX ibss mode bypasses 11g and notification */ 2473 if (ni->ni_associd == 0) 2474 goto done; 2475 /* 2476 * Tell the authenticator the station is leaving. 2477 * Note that we must do this before yanking the 2478 * association id as the authenticator uses the 2479 * associd to locate it's state block. 2480 */ 2481 if (vap->iv_auth->ia_node_leave != NULL) 2482 vap->iv_auth->ia_node_leave(ni); 2483 2484 IEEE80211_LOCK(ic); 2485 IEEE80211_AID_CLR(vap, ni->ni_associd); 2486 ni->ni_associd = 0; 2487 vap->iv_sta_assoc--; 2488 ic->ic_sta_assoc--; 2489 2490 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2491 ieee80211_ht_node_leave(ni); 2492 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2493 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2494 ieee80211_node_leave_11g(ni); 2495 IEEE80211_UNLOCK(ic); 2496 /* 2497 * Cleanup station state. In particular clear various 2498 * state that might otherwise be reused if the node 2499 * is reused before the reference count goes to zero 2500 * (and memory is reclaimed). 2501 */ 2502 ieee80211_sta_leave(ni); 2503done: 2504 /* 2505 * Remove the node from any table it's recorded in and 2506 * drop the caller's reference. Removal from the table 2507 * is important to insure the node is not reprocessed 2508 * for inactivity. 2509 */ 2510 if (nt != NULL) { 2511 IEEE80211_NODE_LOCK(nt); 2512 node_reclaim(nt, ni); 2513 IEEE80211_NODE_UNLOCK(nt); 2514 } else 2515 ieee80211_free_node(ni); 2516} 2517 2518struct rssiinfo { 2519 struct ieee80211vap *vap; 2520 int rssi_samples; 2521 uint32_t rssi_total; 2522}; 2523 2524static void 2525get_hostap_rssi(void *arg, struct ieee80211_node *ni) 2526{ 2527 struct rssiinfo *info = arg; 2528 struct ieee80211vap *vap = ni->ni_vap; 2529 int8_t rssi; 2530 2531 if (info->vap != vap) 2532 return; 2533 /* only associated stations */ 2534 if (ni->ni_associd == 0) 2535 return; 2536 rssi = vap->iv_ic->ic_node_getrssi(ni); 2537 if (rssi != 0) { 2538 info->rssi_samples++; 2539 info->rssi_total += rssi; 2540 } 2541} 2542 2543static void 2544get_adhoc_rssi(void *arg, struct ieee80211_node *ni) 2545{ 2546 struct rssiinfo *info = arg; 2547 struct ieee80211vap *vap = ni->ni_vap; 2548 int8_t rssi; 2549 2550 if (info->vap != vap) 2551 return; 2552 /* only neighbors */ 2553 /* XXX check bssid */ 2554 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 2555 return; 2556 rssi = vap->iv_ic->ic_node_getrssi(ni); 2557 if (rssi != 0) { 2558 info->rssi_samples++; 2559 info->rssi_total += rssi; 2560 } 2561} 2562 2563#ifdef IEEE80211_SUPPORT_MESH 2564static void 2565get_mesh_rssi(void *arg, struct ieee80211_node *ni) 2566{ 2567 struct rssiinfo *info = arg; 2568 struct ieee80211vap *vap = ni->ni_vap; 2569 int8_t rssi; 2570 2571 if (info->vap != vap) 2572 return; 2573 /* only neighbors that peered successfully */ 2574 if (ni->ni_mlstate != IEEE80211_NODE_MESH_ESTABLISHED) 2575 return; 2576 rssi = vap->iv_ic->ic_node_getrssi(ni); 2577 if (rssi != 0) { 2578 info->rssi_samples++; 2579 info->rssi_total += rssi; 2580 } 2581} 2582#endif /* IEEE80211_SUPPORT_MESH */ 2583 2584int8_t 2585ieee80211_getrssi(struct ieee80211vap *vap) 2586{ 2587#define NZ(x) ((x) == 0 ? 1 : (x)) 2588 struct ieee80211com *ic = vap->iv_ic; 2589 struct rssiinfo info; 2590 2591 info.rssi_total = 0; 2592 info.rssi_samples = 0; 2593 info.vap = vap; 2594 switch (vap->iv_opmode) { 2595 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 2596 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 2597 ieee80211_iterate_nodes(&ic->ic_sta, get_adhoc_rssi, &info); 2598 break; 2599 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 2600 ieee80211_iterate_nodes(&ic->ic_sta, get_hostap_rssi, &info); 2601 break; 2602#ifdef IEEE80211_SUPPORT_MESH 2603 case IEEE80211_M_MBSS: /* average of all mesh neighbors */ 2604 ieee80211_iterate_nodes(&ic->ic_sta, get_mesh_rssi, &info); 2605 break; 2606#endif 2607 case IEEE80211_M_MONITOR: /* XXX */ 2608 case IEEE80211_M_STA: /* use stats from associated ap */ 2609 default: 2610 if (vap->iv_bss != NULL) 2611 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss); 2612 info.rssi_samples = 1; 2613 break; 2614 } 2615 return info.rssi_total / NZ(info.rssi_samples); 2616#undef NZ 2617} 2618 2619void 2620ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise) 2621{ 2622 2623 if (vap->iv_bss == NULL) /* NB: shouldn't happen */ 2624 return; 2625 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise); 2626 /* for non-station mode return avg'd rssi accounting */ 2627 if (vap->iv_opmode != IEEE80211_M_STA) 2628 *rssi = ieee80211_getrssi(vap); 2629} 2630