1 /*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #include "opt_wlan.h" 31 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/mbuf.h> 35 #include <sys/malloc.h> 36 #include <sys/kernel.h> 37 38 #include <sys/socket.h> 39 40 #include <net/if.h> 41 #include <net/if_var.h> 42 #include <net/if_media.h> 43 #include <net/ethernet.h> 44 45 #include <net80211/ieee80211_var.h> 46 #include <net80211/ieee80211_input.h> 47 #ifdef IEEE80211_SUPPORT_SUPERG 48 #include <net80211/ieee80211_superg.h> 49 #endif 50 #ifdef IEEE80211_SUPPORT_TDMA 51 #include <net80211/ieee80211_tdma.h> 52 #endif 53 #include <net80211/ieee80211_wds.h> 54 #include <net80211/ieee80211_mesh.h> 55 #include <net80211/ieee80211_ratectl.h> 56 57 #include <net/bpf.h> 58 59 /* 60 * IEEE80211_NODE_HASHSIZE must be a power of 2. 61 */ 62 CTASSERT((IEEE80211_NODE_HASHSIZE & (IEEE80211_NODE_HASHSIZE-1)) == 0); 63 64 /* 65 * Association id's are managed with a bit vector. 66 */ 67 #define IEEE80211_AID_SET(_vap, b) \ 68 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \ 69 (1 << (IEEE80211_AID(b) % 32))) 70 #define IEEE80211_AID_CLR(_vap, b) \ 71 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \ 72 ~(1 << (IEEE80211_AID(b) % 32))) 73 #define IEEE80211_AID_ISSET(_vap, b) \ 74 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 75 76 static int ieee80211_sta_join1(struct ieee80211_node *); 77 78 static struct ieee80211_node *node_alloc(struct ieee80211vap *, 79 const uint8_t [IEEE80211_ADDR_LEN]); 80 static void node_cleanup(struct ieee80211_node *); 81 static void node_free(struct ieee80211_node *); 82 static void node_age(struct ieee80211_node *); 83 static int8_t node_getrssi(const struct ieee80211_node *); 84 static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *); 85 static void node_getmimoinfo(const struct ieee80211_node *, 86 struct ieee80211_mimo_info *); 87 88 static void _ieee80211_free_node(struct ieee80211_node *); 89 90 static void node_reclaim(struct ieee80211_node_table *nt, 91 struct ieee80211_node *ni); 92 static void ieee80211_node_table_init(struct ieee80211com *ic, 93 struct ieee80211_node_table *nt, const char *name, 94 int inact, int keymaxix); 95 static void ieee80211_node_table_reset(struct ieee80211_node_table *, 96 struct ieee80211vap *); 97 static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 98 static void ieee80211_erp_timeout(struct ieee80211com *); 99 100 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 101 MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie"); 102 103 void 104 ieee80211_node_attach(struct ieee80211com *ic) 105 { 106 /* XXX really want maxlen enforced per-sta */ 107 ieee80211_ageq_init(&ic->ic_stageq, ic->ic_max_keyix * 8, 108 "802.11 staging q"); 109 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 110 IEEE80211_INACT_INIT, ic->ic_max_keyix); 111 callout_init(&ic->ic_inact, 1); 112 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 113 ieee80211_node_timeout, ic); 114 115 ic->ic_node_alloc = node_alloc; 116 ic->ic_node_free = node_free; 117 ic->ic_node_cleanup = node_cleanup; 118 ic->ic_node_age = node_age; 119 ic->ic_node_drain = node_age; /* NB: same as age */ 120 ic->ic_node_getrssi = node_getrssi; 121 ic->ic_node_getsignal = node_getsignal; 122 ic->ic_node_getmimoinfo = node_getmimoinfo; 123 124 /* 125 * Set flags to be propagated to all vap's; 126 * these define default behaviour/configuration. 127 */ 128 ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */ 129 } 130 131 void 132 ieee80211_node_detach(struct ieee80211com *ic) 133 { 134 135 callout_drain(&ic->ic_inact); 136 ieee80211_node_table_cleanup(&ic->ic_sta); 137 ieee80211_ageq_cleanup(&ic->ic_stageq); 138 } 139 140 void 141 ieee80211_node_vattach(struct ieee80211vap *vap) 142 { 143 /* NB: driver can override */ 144 vap->iv_max_aid = IEEE80211_AID_DEF; 145 146 /* default station inactivity timer setings */ 147 vap->iv_inact_init = IEEE80211_INACT_INIT; 148 vap->iv_inact_auth = IEEE80211_INACT_AUTH; 149 vap->iv_inact_run = IEEE80211_INACT_RUN; 150 vap->iv_inact_probe = IEEE80211_INACT_PROBE; 151 152 IEEE80211_DPRINTF(vap, IEEE80211_MSG_INACT, 153 "%s: init %u auth %u run %u probe %u\n", __func__, 154 vap->iv_inact_init, vap->iv_inact_auth, 155 vap->iv_inact_run, vap->iv_inact_probe); 156 } 157 158 void 159 ieee80211_node_latevattach(struct ieee80211vap *vap) 160 { 161 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 162 /* XXX should we allow max aid to be zero? */ 163 if (vap->iv_max_aid < IEEE80211_AID_MIN) { 164 vap->iv_max_aid = IEEE80211_AID_MIN; 165 if_printf(vap->iv_ifp, 166 "WARNING: max aid too small, changed to %d\n", 167 vap->iv_max_aid); 168 } 169 vap->iv_aid_bitmap = (uint32_t *) IEEE80211_MALLOC( 170 howmany(vap->iv_max_aid, 32) * sizeof(uint32_t), 171 M_80211_NODE, 172 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 173 if (vap->iv_aid_bitmap == NULL) { 174 /* XXX no way to recover */ 175 printf("%s: no memory for AID bitmap, max aid %d!\n", 176 __func__, vap->iv_max_aid); 177 vap->iv_max_aid = 0; 178 } 179 } 180 181 ieee80211_reset_bss(vap); 182 183 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode); 184 } 185 186 void 187 ieee80211_node_vdetach(struct ieee80211vap *vap) 188 { 189 struct ieee80211com *ic = vap->iv_ic; 190 191 ieee80211_node_table_reset(&ic->ic_sta, vap); 192 if (vap->iv_bss != NULL) { 193 ieee80211_free_node(vap->iv_bss); 194 vap->iv_bss = NULL; 195 } 196 if (vap->iv_aid_bitmap != NULL) { 197 IEEE80211_FREE(vap->iv_aid_bitmap, M_80211_NODE); 198 vap->iv_aid_bitmap = NULL; 199 } 200 } 201 202 /* 203 * Port authorize/unauthorize interfaces for use by an authenticator. 204 */ 205 206 void 207 ieee80211_node_authorize(struct ieee80211_node *ni) 208 { 209 struct ieee80211vap *vap = ni->ni_vap; 210 211 ni->ni_flags |= IEEE80211_NODE_AUTH; 212 ni->ni_inact_reload = vap->iv_inact_run; 213 ni->ni_inact = ni->ni_inact_reload; 214 215 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 216 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 217 } 218 219 void 220 ieee80211_node_unauthorize(struct ieee80211_node *ni) 221 { 222 struct ieee80211vap *vap = ni->ni_vap; 223 224 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 225 ni->ni_inact_reload = vap->iv_inact_auth; 226 if (ni->ni_inact > ni->ni_inact_reload) 227 ni->ni_inact = ni->ni_inact_reload; 228 229 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 230 "%s: inact_reload %u inact %u", __func__, 231 ni->ni_inact_reload, ni->ni_inact); 232 } 233 234 /* 235 * Fix tx parameters for a node according to ``association state''. 236 */ 237 void 238 ieee80211_node_setuptxparms(struct ieee80211_node *ni) 239 { 240 struct ieee80211vap *vap = ni->ni_vap; 241 enum ieee80211_phymode mode; 242 243 if (ni->ni_flags & IEEE80211_NODE_HT) { 244 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) 245 mode = IEEE80211_MODE_11NA; 246 else 247 mode = IEEE80211_MODE_11NG; 248 } else { /* legacy rate handling */ 249 if (IEEE80211_IS_CHAN_ST(ni->ni_chan)) 250 mode = IEEE80211_MODE_STURBO_A; 251 else if (IEEE80211_IS_CHAN_HALF(ni->ni_chan)) 252 mode = IEEE80211_MODE_HALF; 253 else if (IEEE80211_IS_CHAN_QUARTER(ni->ni_chan)) 254 mode = IEEE80211_MODE_QUARTER; 255 /* NB: 108A should be handled as 11a */ 256 else if (IEEE80211_IS_CHAN_A(ni->ni_chan)) 257 mode = IEEE80211_MODE_11A; 258 else if (IEEE80211_IS_CHAN_108G(ni->ni_chan) || 259 (ni->ni_flags & IEEE80211_NODE_ERP)) 260 mode = IEEE80211_MODE_11G; 261 else 262 mode = IEEE80211_MODE_11B; 263 } 264 ni->ni_txparms = &vap->iv_txparms[mode]; 265 } 266 267 /* 268 * Set/change the channel. The rate set is also updated as 269 * to insure a consistent view by drivers. 270 * XXX should be private but hostap needs it to deal with CSA 271 */ 272 void 273 ieee80211_node_set_chan(struct ieee80211_node *ni, 274 struct ieee80211_channel *chan) 275 { 276 struct ieee80211com *ic = ni->ni_ic; 277 struct ieee80211vap *vap = ni->ni_vap; 278 enum ieee80211_phymode mode; 279 280 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel")); 281 282 ni->ni_chan = chan; 283 mode = ieee80211_chan2mode(chan); 284 if (IEEE80211_IS_CHAN_HT(chan)) { 285 /* 286 * We must install the legacy rate est in ni_rates and the 287 * HT rate set in ni_htrates. 288 */ 289 ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan); 290 /* 291 * Setup bss tx parameters based on operating mode. We 292 * use legacy rates when operating in a mixed HT+non-HT bss 293 * and non-ERP rates in 11g for mixed ERP+non-ERP bss. 294 */ 295 if (mode == IEEE80211_MODE_11NA && 296 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 297 mode = IEEE80211_MODE_11A; 298 else if (mode == IEEE80211_MODE_11NG && 299 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 300 mode = IEEE80211_MODE_11G; 301 if (mode == IEEE80211_MODE_11G && 302 (vap->iv_flags & IEEE80211_F_PUREG) == 0) 303 mode = IEEE80211_MODE_11B; 304 } 305 ni->ni_txparms = &vap->iv_txparms[mode]; 306 ni->ni_rates = *ieee80211_get_suprates(ic, chan); 307 } 308 309 static __inline void 310 copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 311 { 312 /* propagate useful state */ 313 nbss->ni_authmode = obss->ni_authmode; 314 nbss->ni_txpower = obss->ni_txpower; 315 nbss->ni_vlan = obss->ni_vlan; 316 /* XXX statistics? */ 317 /* XXX legacy WDS bssid? */ 318 } 319 320 void 321 ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan) 322 { 323 struct ieee80211com *ic = vap->iv_ic; 324 struct ieee80211_node *ni; 325 326 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 327 "%s: creating %s on channel %u%c\n", __func__, 328 ieee80211_opmode_name[vap->iv_opmode], 329 ieee80211_chan2ieee(ic, chan), 330 ieee80211_channel_type_char(chan)); 331 332 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 333 if (ni == NULL) { 334 /* XXX recovery? */ 335 return; 336 } 337 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 338 ni->ni_esslen = vap->iv_des_ssid[0].len; 339 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 340 if (vap->iv_bss != NULL) 341 copy_bss(ni, vap->iv_bss); 342 ni->ni_intval = ic->ic_bintval; 343 if (vap->iv_flags & IEEE80211_F_PRIVACY) 344 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 345 if (ic->ic_phytype == IEEE80211_T_FH) { 346 ni->ni_fhdwell = 200; /* XXX */ 347 ni->ni_fhindex = 1; 348 } 349 if (vap->iv_opmode == IEEE80211_M_IBSS) { 350 vap->iv_flags |= IEEE80211_F_SIBSS; 351 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 352 if (vap->iv_flags & IEEE80211_F_DESBSSID) 353 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 354 else { 355 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN); 356 /* clear group bit, add local bit */ 357 ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02; 358 } 359 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 360 if (vap->iv_flags & IEEE80211_F_DESBSSID) 361 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 362 else 363 #ifdef IEEE80211_SUPPORT_TDMA 364 if ((vap->iv_caps & IEEE80211_C_TDMA) == 0) 365 #endif 366 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN); 367 #ifdef IEEE80211_SUPPORT_MESH 368 } else if (vap->iv_opmode == IEEE80211_M_MBSS) { 369 ni->ni_meshidlen = vap->iv_mesh->ms_idlen; 370 memcpy(ni->ni_meshid, vap->iv_mesh->ms_id, ni->ni_meshidlen); 371 #endif 372 } 373 /* 374 * Fix the channel and related attributes. 375 */ 376 /* clear DFS CAC state on previous channel */ 377 if (ic->ic_bsschan != IEEE80211_CHAN_ANYC && 378 ic->ic_bsschan->ic_freq != chan->ic_freq && 379 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan)) 380 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan); 381 ic->ic_bsschan = chan; 382 ieee80211_node_set_chan(ni, chan); 383 ic->ic_curmode = ieee80211_chan2mode(chan); 384 /* 385 * Do mode-specific setup. 386 */ 387 if (IEEE80211_IS_CHAN_FULL(chan)) { 388 if (IEEE80211_IS_CHAN_ANYG(chan)) { 389 /* 390 * Use a mixed 11b/11g basic rate set. 391 */ 392 ieee80211_setbasicrates(&ni->ni_rates, 393 IEEE80211_MODE_11G); 394 if (vap->iv_flags & IEEE80211_F_PUREG) { 395 /* 396 * Also mark OFDM rates basic so 11b 397 * stations do not join (WiFi compliance). 398 */ 399 ieee80211_addbasicrates(&ni->ni_rates, 400 IEEE80211_MODE_11A); 401 } 402 } else if (IEEE80211_IS_CHAN_B(chan)) { 403 /* 404 * Force pure 11b rate set. 405 */ 406 ieee80211_setbasicrates(&ni->ni_rates, 407 IEEE80211_MODE_11B); 408 } 409 } 410 411 (void) ieee80211_sta_join1(ieee80211_ref_node(ni)); 412 } 413 414 /* 415 * Reset bss state on transition to the INIT state. 416 * Clear any stations from the table (they have been 417 * deauth'd) and reset the bss node (clears key, rate 418 * etc. state). 419 */ 420 void 421 ieee80211_reset_bss(struct ieee80211vap *vap) 422 { 423 struct ieee80211com *ic = vap->iv_ic; 424 struct ieee80211_node *ni, *obss; 425 426 ieee80211_node_table_reset(&ic->ic_sta, vap); 427 /* XXX multi-bss: wrong */ 428 ieee80211_reset_erp(ic); 429 430 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 431 KASSERT(ni != NULL, ("unable to setup initial BSS node")); 432 obss = vap->iv_bss; 433 vap->iv_bss = ieee80211_ref_node(ni); 434 if (obss != NULL) { 435 copy_bss(ni, obss); 436 ni->ni_intval = ic->ic_bintval; 437 ieee80211_free_node(obss); 438 } else 439 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 440 } 441 442 static int 443 match_ssid(const struct ieee80211_node *ni, 444 int nssid, const struct ieee80211_scan_ssid ssids[]) 445 { 446 int i; 447 448 for (i = 0; i < nssid; i++) { 449 if (ni->ni_esslen == ssids[i].len && 450 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0) 451 return 1; 452 } 453 return 0; 454 } 455 456 /* 457 * Test a node for suitability/compatibility. 458 */ 459 static int 460 check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni) 461 { 462 struct ieee80211com *ic = ni->ni_ic; 463 uint8_t rate; 464 465 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 466 return 0; 467 if (vap->iv_opmode == IEEE80211_M_IBSS) { 468 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 469 return 0; 470 } else { 471 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 472 return 0; 473 } 474 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 475 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 476 return 0; 477 } else { 478 /* XXX does this mean privacy is supported or required? */ 479 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 480 return 0; 481 } 482 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 483 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 484 if (rate & IEEE80211_RATE_BASIC) 485 return 0; 486 if (vap->iv_des_nssid != 0 && 487 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 488 return 0; 489 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 490 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 491 return 0; 492 return 1; 493 } 494 495 #ifdef IEEE80211_DEBUG 496 /* 497 * Display node suitability/compatibility. 498 */ 499 static void 500 check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni) 501 { 502 struct ieee80211com *ic = ni->ni_ic; 503 uint8_t rate; 504 int fail; 505 506 fail = 0; 507 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 508 fail |= 0x01; 509 if (vap->iv_opmode == IEEE80211_M_IBSS) { 510 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 511 fail |= 0x02; 512 } else { 513 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 514 fail |= 0x02; 515 } 516 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 517 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 518 fail |= 0x04; 519 } else { 520 /* XXX does this mean privacy is supported or required? */ 521 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 522 fail |= 0x04; 523 } 524 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 525 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 526 if (rate & IEEE80211_RATE_BASIC) 527 fail |= 0x08; 528 if (vap->iv_des_nssid != 0 && 529 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 530 fail |= 0x10; 531 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 532 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 533 fail |= 0x20; 534 535 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr)); 536 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' '); 537 printf(" %3d%c", 538 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' '); 539 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 540 fail & 0x08 ? '!' : ' '); 541 printf(" %4s%c", 542 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 543 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 544 "????", 545 fail & 0x02 ? '!' : ' '); 546 printf(" %3s%c ", 547 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no", 548 fail & 0x04 ? '!' : ' '); 549 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 550 printf("%s\n", fail & 0x10 ? "!" : ""); 551 } 552 #endif /* IEEE80211_DEBUG */ 553 554 555 int 556 ieee80211_ibss_merge_check(struct ieee80211_node *ni) 557 { 558 struct ieee80211vap *vap = ni->ni_vap; 559 560 if (ni == vap->iv_bss || 561 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) { 562 /* unchanged, nothing to do */ 563 return 0; 564 } 565 566 if (!check_bss(vap, ni)) { 567 /* capabilities mismatch */ 568 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 569 "%s: merge failed, capabilities mismatch\n", __func__); 570 #ifdef IEEE80211_DEBUG 571 if (ieee80211_msg_assoc(vap)) 572 check_bss_debug(vap, ni); 573 #endif 574 vap->iv_stats.is_ibss_capmismatch++; 575 return 0; 576 } 577 578 return 1; 579 } 580 581 /* 582 * Check if the given node should populate the node table. 583 * 584 * We need to be in "see all beacons for all ssids" mode in order 585 * to do IBSS merges, however this means we will populate nodes for 586 * /all/ IBSS SSIDs, versus just the one we care about. 587 * 588 * So this check ensures the node can actually belong to our IBSS 589 * configuration. For now it simply checks the SSID. 590 */ 591 int 592 ieee80211_ibss_node_check_new(struct ieee80211_node *ni, 593 const struct ieee80211_scanparams *scan) 594 { 595 struct ieee80211vap *vap = ni->ni_vap; 596 int i; 597 598 /* 599 * If we have no SSID and no scan SSID, return OK. 600 */ 601 if (vap->iv_des_nssid == 0 && scan->ssid == NULL) 602 goto ok; 603 604 /* 605 * If we have one of (SSID, scan SSID) then return error. 606 */ 607 if (!! (vap->iv_des_nssid == 0) != !! (scan->ssid == NULL)) 608 goto mismatch; 609 610 /* 611 * Double-check - we need scan SSID. 612 */ 613 if (scan->ssid == NULL) 614 goto mismatch; 615 616 /* 617 * Check if the scan SSID matches the SSID list for the VAP. 618 */ 619 for (i = 0; i < vap->iv_des_nssid; i++) { 620 621 /* Sanity length check */ 622 if (vap->iv_des_ssid[i].len != scan->ssid[1]) 623 continue; 624 625 /* Note: SSID in the scan entry is the IE format */ 626 if (memcmp(vap->iv_des_ssid[i].ssid, scan->ssid + 2, 627 vap->iv_des_ssid[i].len) == 0) 628 goto ok; 629 } 630 631 mismatch: 632 return (0); 633 ok: 634 return (1); 635 } 636 637 /* 638 * Handle 802.11 ad hoc network merge. The 639 * convention, set by the Wireless Ethernet Compatibility Alliance 640 * (WECA), is that an 802.11 station will change its BSSID to match 641 * the "oldest" 802.11 ad hoc network, on the same channel, that 642 * has the station's desired SSID. The "oldest" 802.11 network 643 * sends beacons with the greatest TSF timestamp. 644 * 645 * The caller is assumed to validate TSF's before attempting a merge. 646 * 647 * Return !0 if the BSSID changed, 0 otherwise. 648 */ 649 int 650 ieee80211_ibss_merge(struct ieee80211_node *ni) 651 { 652 #ifdef IEEE80211_DEBUG 653 struct ieee80211vap *vap = ni->ni_vap; 654 struct ieee80211com *ic = ni->ni_ic; 655 #endif 656 657 if (! ieee80211_ibss_merge_check(ni)) 658 return 0; 659 660 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 661 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 662 ether_sprintf(ni->ni_bssid), 663 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 664 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 665 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 666 ); 667 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 668 } 669 670 /* 671 * Calculate HT channel promotion flags for all vaps. 672 * This assumes ni_chan have been setup for each vap. 673 */ 674 static int 675 gethtadjustflags(struct ieee80211com *ic) 676 { 677 struct ieee80211vap *vap; 678 int flags; 679 680 flags = 0; 681 /* XXX locking */ 682 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 683 if (vap->iv_state < IEEE80211_S_RUN) 684 continue; 685 switch (vap->iv_opmode) { 686 case IEEE80211_M_WDS: 687 case IEEE80211_M_STA: 688 case IEEE80211_M_AHDEMO: 689 case IEEE80211_M_HOSTAP: 690 case IEEE80211_M_IBSS: 691 case IEEE80211_M_MBSS: 692 flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan); 693 break; 694 default: 695 break; 696 } 697 } 698 return flags; 699 } 700 701 /* 702 * Check if the current channel needs to change based on whether 703 * any vap's are using HT20/HT40. This is used to sync the state 704 * of ic_curchan after a channel width change on a running vap. 705 */ 706 void 707 ieee80211_sync_curchan(struct ieee80211com *ic) 708 { 709 struct ieee80211_channel *c; 710 711 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic)); 712 if (c != ic->ic_curchan) { 713 ic->ic_curchan = c; 714 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 715 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 716 IEEE80211_UNLOCK(ic); 717 ic->ic_set_channel(ic); 718 ieee80211_radiotap_chan_change(ic); 719 IEEE80211_LOCK(ic); 720 } 721 } 722 723 /* 724 * Setup the current channel. The request channel may be 725 * promoted if other vap's are operating with HT20/HT40. 726 */ 727 void 728 ieee80211_setupcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 729 { 730 if (ic->ic_htcaps & IEEE80211_HTC_HT) { 731 int flags = gethtadjustflags(ic); 732 /* 733 * Check for channel promotion required to support the 734 * set of running vap's. This assumes we are called 735 * after ni_chan is setup for each vap. 736 */ 737 /* NB: this assumes IEEE80211_FHT_USEHT40 > IEEE80211_FHT_HT */ 738 if (flags > ieee80211_htchanflags(c)) 739 c = ieee80211_ht_adjust_channel(ic, c, flags); 740 } 741 ic->ic_bsschan = ic->ic_curchan = c; 742 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 743 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 744 } 745 746 /* 747 * Change the current channel. The channel change is guaranteed to have 748 * happened before the next state change. 749 */ 750 void 751 ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 752 { 753 ieee80211_setupcurchan(ic, c); 754 ieee80211_runtask(ic, &ic->ic_chan_task); 755 } 756 757 void 758 ieee80211_update_chw(struct ieee80211com *ic) 759 { 760 761 ieee80211_setupcurchan(ic, ic->ic_curchan); 762 ieee80211_runtask(ic, &ic->ic_chw_task); 763 } 764 765 /* 766 * Join the specified IBSS/BSS network. The node is assumed to 767 * be passed in with a held reference. 768 */ 769 static int 770 ieee80211_sta_join1(struct ieee80211_node *selbs) 771 { 772 struct ieee80211vap *vap = selbs->ni_vap; 773 struct ieee80211com *ic = selbs->ni_ic; 774 struct ieee80211_node *obss; 775 int canreassoc; 776 777 /* 778 * Committed to selbs, setup state. 779 */ 780 obss = vap->iv_bss; 781 /* 782 * Check if old+new node have the same address in which 783 * case we can reassociate when operating in sta mode. 784 */ 785 canreassoc = (obss != NULL && 786 vap->iv_state == IEEE80211_S_RUN && 787 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr)); 788 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt */ 789 if (obss != NULL) { 790 struct ieee80211_node_table *nt = obss->ni_table; 791 792 copy_bss(selbs, obss); 793 ieee80211_node_decref(obss); /* iv_bss reference */ 794 795 IEEE80211_NODE_LOCK(nt); 796 node_reclaim(nt, obss); /* station table reference */ 797 IEEE80211_NODE_UNLOCK(nt); 798 799 obss = NULL; /* NB: guard against later use */ 800 } 801 802 /* 803 * Delete unusable rates; we've already checked 804 * that the negotiated rate set is acceptable. 805 */ 806 ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates, 807 IEEE80211_F_DODEL | IEEE80211_F_JOIN); 808 809 ieee80211_setcurchan(ic, selbs->ni_chan); 810 /* 811 * Set the erp state (mostly the slot time) to deal with 812 * the auto-select case; this should be redundant if the 813 * mode is locked. 814 */ 815 ieee80211_reset_erp(ic); 816 ieee80211_wme_initparams(vap); 817 818 if (vap->iv_opmode == IEEE80211_M_STA) { 819 if (canreassoc) { 820 /* Reassociate */ 821 ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1); 822 } else { 823 /* 824 * Act as if we received a DEAUTH frame in case we 825 * are invoked from the RUN state. This will cause 826 * us to try to re-authenticate if we are operating 827 * as a station. 828 */ 829 ieee80211_new_state(vap, IEEE80211_S_AUTH, 830 IEEE80211_FC0_SUBTYPE_DEAUTH); 831 } 832 } else 833 ieee80211_new_state(vap, IEEE80211_S_RUN, -1); 834 return 1; 835 } 836 837 int 838 ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan, 839 const struct ieee80211_scan_entry *se) 840 { 841 struct ieee80211com *ic = vap->iv_ic; 842 struct ieee80211_node *ni; 843 844 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr); 845 if (ni == NULL) { 846 /* XXX msg */ 847 return 0; 848 } 849 850 /* 851 * Expand scan state into node's format. 852 * XXX may not need all this stuff 853 */ 854 IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid); 855 ni->ni_esslen = se->se_ssid[1]; 856 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen); 857 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 858 ni->ni_intval = se->se_intval; 859 ni->ni_capinfo = se->se_capinfo; 860 ni->ni_chan = chan; 861 ni->ni_timoff = se->se_timoff; 862 ni->ni_fhdwell = se->se_fhdwell; 863 ni->ni_fhindex = se->se_fhindex; 864 ni->ni_erp = se->se_erp; 865 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi); 866 ni->ni_noise = se->se_noise; 867 if (vap->iv_opmode == IEEE80211_M_STA) { 868 /* NB: only infrastructure mode requires an associd */ 869 ni->ni_flags |= IEEE80211_NODE_ASSOCID; 870 } 871 872 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) { 873 ieee80211_ies_expand(&ni->ni_ies); 874 #ifdef IEEE80211_SUPPORT_SUPERG 875 if (ni->ni_ies.ath_ie != NULL) 876 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 877 #endif 878 if (ni->ni_ies.htcap_ie != NULL) 879 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 880 if (ni->ni_ies.htinfo_ie != NULL) 881 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 882 #ifdef IEEE80211_SUPPORT_MESH 883 if (ni->ni_ies.meshid_ie != NULL) 884 ieee80211_parse_meshid(ni, ni->ni_ies.meshid_ie); 885 #endif 886 #ifdef IEEE80211_SUPPORT_TDMA 887 if (ni->ni_ies.tdma_ie != NULL) 888 ieee80211_parse_tdma(ni, ni->ni_ies.tdma_ie); 889 #endif 890 } 891 892 vap->iv_dtim_period = se->se_dtimperiod; 893 vap->iv_dtim_count = 0; 894 895 /* NB: must be after ni_chan is setup */ 896 ieee80211_setup_rates(ni, se->se_rates, se->se_xrates, 897 IEEE80211_F_DOSORT); 898 if (ieee80211_iserp_rateset(&ni->ni_rates)) 899 ni->ni_flags |= IEEE80211_NODE_ERP; 900 901 /* 902 * Setup HT state for this node if it's available, otherwise 903 * non-STA modes won't pick this state up. 904 * 905 * For IBSS and related modes that don't go through an 906 * association request/response, the only appropriate place 907 * to setup the HT state is here. 908 */ 909 if (ni->ni_ies.htinfo_ie != NULL && 910 ni->ni_ies.htcap_ie != NULL && 911 vap->iv_flags_ht & IEEE80211_FHT_HT) { 912 ieee80211_ht_node_init(ni); 913 ieee80211_ht_updateparams(ni, 914 ni->ni_ies.htcap_ie, 915 ni->ni_ies.htinfo_ie); 916 ieee80211_setup_htrates(ni, ni->ni_ies.htcap_ie, 917 IEEE80211_F_JOIN | IEEE80211_F_DOBRS); 918 ieee80211_setup_basic_htrates(ni, ni->ni_ies.htinfo_ie); 919 } 920 /* XXX else check for ath FF? */ 921 /* XXX QoS? Difficult given that WME config is specific to a master */ 922 923 ieee80211_node_setuptxparms(ni); 924 ieee80211_ratectl_node_init(ni); 925 926 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 927 } 928 929 /* 930 * Leave the specified IBSS/BSS network. The node is assumed to 931 * be passed in with a held reference. 932 */ 933 void 934 ieee80211_sta_leave(struct ieee80211_node *ni) 935 { 936 struct ieee80211com *ic = ni->ni_ic; 937 938 ic->ic_node_cleanup(ni); 939 ieee80211_notify_node_leave(ni); 940 } 941 942 /* 943 * Send a deauthenticate frame and drop the station. 944 */ 945 void 946 ieee80211_node_deauth(struct ieee80211_node *ni, int reason) 947 { 948 /* NB: bump the refcnt to be sure temporary nodes are not reclaimed */ 949 ieee80211_ref_node(ni); 950 if (ni->ni_associd != 0) 951 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 952 ieee80211_node_leave(ni); 953 ieee80211_free_node(ni); 954 } 955 956 static struct ieee80211_node * 957 node_alloc(struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 958 { 959 struct ieee80211_node *ni; 960 961 ni = (struct ieee80211_node *) IEEE80211_MALLOC(sizeof(struct ieee80211_node), 962 M_80211_NODE, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 963 return ni; 964 } 965 966 /* 967 * Initialize an ie blob with the specified data. If previous 968 * data exists re-use the data block. As a side effect we clear 969 * all references to specific ie's; the caller is required to 970 * recalculate them. 971 */ 972 int 973 ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len) 974 { 975 /* NB: assumes data+len are the last fields */ 976 memset(ies, 0, offsetof(struct ieee80211_ies, data)); 977 if (ies->data != NULL && ies->len != len) { 978 /* data size changed */ 979 IEEE80211_FREE(ies->data, M_80211_NODE_IE); 980 ies->data = NULL; 981 } 982 if (ies->data == NULL) { 983 ies->data = (uint8_t *) IEEE80211_MALLOC(len, M_80211_NODE_IE, 984 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 985 if (ies->data == NULL) { 986 ies->len = 0; 987 /* NB: pointers have already been zero'd above */ 988 return 0; 989 } 990 } 991 memcpy(ies->data, data, len); 992 ies->len = len; 993 return 1; 994 } 995 996 /* 997 * Reclaim storage for an ie blob. 998 */ 999 void 1000 ieee80211_ies_cleanup(struct ieee80211_ies *ies) 1001 { 1002 if (ies->data != NULL) 1003 IEEE80211_FREE(ies->data, M_80211_NODE_IE); 1004 } 1005 1006 /* 1007 * Expand an ie blob data contents and to fillin individual 1008 * ie pointers. The data blob is assumed to be well-formed; 1009 * we don't do any validity checking of ie lengths. 1010 */ 1011 void 1012 ieee80211_ies_expand(struct ieee80211_ies *ies) 1013 { 1014 uint8_t *ie; 1015 int ielen; 1016 1017 ie = ies->data; 1018 ielen = ies->len; 1019 while (ielen > 0) { 1020 switch (ie[0]) { 1021 case IEEE80211_ELEMID_VENDOR: 1022 if (iswpaoui(ie)) 1023 ies->wpa_ie = ie; 1024 else if (iswmeoui(ie)) 1025 ies->wme_ie = ie; 1026 #ifdef IEEE80211_SUPPORT_SUPERG 1027 else if (isatherosoui(ie)) 1028 ies->ath_ie = ie; 1029 #endif 1030 #ifdef IEEE80211_SUPPORT_TDMA 1031 else if (istdmaoui(ie)) 1032 ies->tdma_ie = ie; 1033 #endif 1034 break; 1035 case IEEE80211_ELEMID_RSN: 1036 ies->rsn_ie = ie; 1037 break; 1038 case IEEE80211_ELEMID_HTCAP: 1039 ies->htcap_ie = ie; 1040 break; 1041 case IEEE80211_ELEMID_HTINFO: 1042 ies->htinfo_ie = ie; 1043 break; 1044 #ifdef IEEE80211_SUPPORT_MESH 1045 case IEEE80211_ELEMID_MESHID: 1046 ies->meshid_ie = ie; 1047 break; 1048 #endif 1049 } 1050 ielen -= 2 + ie[1]; 1051 ie += 2 + ie[1]; 1052 } 1053 } 1054 1055 /* 1056 * Reclaim any resources in a node and reset any critical 1057 * state. Typically nodes are free'd immediately after, 1058 * but in some cases the storage may be reused so we need 1059 * to insure consistent state (should probably fix that). 1060 */ 1061 static void 1062 node_cleanup(struct ieee80211_node *ni) 1063 { 1064 struct ieee80211vap *vap = ni->ni_vap; 1065 struct ieee80211com *ic = ni->ni_ic; 1066 int i; 1067 1068 /* NB: preserve ni_table */ 1069 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 1070 if (vap->iv_opmode != IEEE80211_M_STA) 1071 vap->iv_ps_sta--; 1072 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 1073 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni, 1074 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta); 1075 } 1076 /* 1077 * Cleanup any HT-related state. 1078 */ 1079 if (ni->ni_flags & IEEE80211_NODE_HT) 1080 ieee80211_ht_node_cleanup(ni); 1081 #ifdef IEEE80211_SUPPORT_SUPERG 1082 /* Always do FF node cleanup; for A-MSDU */ 1083 ieee80211_ff_node_cleanup(ni); 1084 #endif 1085 #ifdef IEEE80211_SUPPORT_MESH 1086 /* 1087 * Cleanup any mesh-related state. 1088 */ 1089 if (vap->iv_opmode == IEEE80211_M_MBSS) 1090 ieee80211_mesh_node_cleanup(ni); 1091 #endif 1092 /* 1093 * Clear any staging queue entries. 1094 */ 1095 ieee80211_ageq_drain_node(&ic->ic_stageq, ni); 1096 1097 /* 1098 * Clear AREF flag that marks the authorization refcnt bump 1099 * has happened. This is probably not needed as the node 1100 * should always be removed from the table so not found but 1101 * do it just in case. 1102 * Likewise clear the ASSOCID flag as these flags are intended 1103 * to be managed in tandem. 1104 */ 1105 ni->ni_flags &= ~(IEEE80211_NODE_AREF | IEEE80211_NODE_ASSOCID); 1106 1107 /* 1108 * Drain power save queue and, if needed, clear TIM. 1109 */ 1110 if (ieee80211_node_psq_drain(ni) != 0 && vap->iv_set_tim != NULL) 1111 vap->iv_set_tim(ni, 0); 1112 1113 ni->ni_associd = 0; 1114 if (ni->ni_challenge != NULL) { 1115 IEEE80211_FREE(ni->ni_challenge, M_80211_NODE); 1116 ni->ni_challenge = NULL; 1117 } 1118 /* 1119 * Preserve SSID, WPA, and WME ie's so the bss node is 1120 * reusable during a re-auth/re-assoc state transition. 1121 * If we remove these data they will not be recreated 1122 * because they come from a probe-response or beacon frame 1123 * which cannot be expected prior to the association-response. 1124 * This should not be an issue when operating in other modes 1125 * as stations leaving always go through a full state transition 1126 * which will rebuild this state. 1127 * 1128 * XXX does this leave us open to inheriting old state? 1129 */ 1130 for (i = 0; i < nitems(ni->ni_rxfrag); i++) 1131 if (ni->ni_rxfrag[i] != NULL) { 1132 m_freem(ni->ni_rxfrag[i]); 1133 ni->ni_rxfrag[i] = NULL; 1134 } 1135 /* 1136 * Must be careful here to remove any key map entry w/o a LOR. 1137 */ 1138 ieee80211_node_delucastkey(ni); 1139 } 1140 1141 static void 1142 node_free(struct ieee80211_node *ni) 1143 { 1144 struct ieee80211com *ic = ni->ni_ic; 1145 1146 ieee80211_ratectl_node_deinit(ni); 1147 ic->ic_node_cleanup(ni); 1148 ieee80211_ies_cleanup(&ni->ni_ies); 1149 ieee80211_psq_cleanup(&ni->ni_psq); 1150 IEEE80211_FREE(ni, M_80211_NODE); 1151 } 1152 1153 static void 1154 node_age(struct ieee80211_node *ni) 1155 { 1156 struct ieee80211vap *vap = ni->ni_vap; 1157 1158 /* 1159 * Age frames on the power save queue. 1160 */ 1161 if (ieee80211_node_psq_age(ni) != 0 && 1162 ni->ni_psq.psq_len == 0 && vap->iv_set_tim != NULL) 1163 vap->iv_set_tim(ni, 0); 1164 /* 1165 * Age out HT resources (e.g. frames on the 1166 * A-MPDU reorder queues). 1167 */ 1168 if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT)) 1169 ieee80211_ht_node_age(ni); 1170 } 1171 1172 static int8_t 1173 node_getrssi(const struct ieee80211_node *ni) 1174 { 1175 uint32_t avgrssi = ni->ni_avgrssi; 1176 int32_t rssi; 1177 1178 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) 1179 return 0; 1180 rssi = IEEE80211_RSSI_GET(avgrssi); 1181 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 1182 } 1183 1184 static void 1185 node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise) 1186 { 1187 *rssi = node_getrssi(ni); 1188 *noise = ni->ni_noise; 1189 } 1190 1191 static void 1192 node_getmimoinfo(const struct ieee80211_node *ni, 1193 struct ieee80211_mimo_info *info) 1194 { 1195 int i; 1196 uint32_t avgrssi; 1197 int32_t rssi; 1198 1199 bzero(info, sizeof(*info)); 1200 1201 for (i = 0; i < ni->ni_mimo_chains; i++) { 1202 avgrssi = ni->ni_mimo_rssi_ctl[i]; 1203 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) { 1204 info->rssi[i] = 0; 1205 } else { 1206 rssi = IEEE80211_RSSI_GET(avgrssi); 1207 info->rssi[i] = rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 1208 } 1209 info->noise[i] = ni->ni_mimo_noise_ctl[i]; 1210 } 1211 1212 /* XXX ext radios? */ 1213 1214 /* XXX EVM? */ 1215 } 1216 1217 struct ieee80211_node * 1218 ieee80211_alloc_node(struct ieee80211_node_table *nt, 1219 struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1220 { 1221 struct ieee80211com *ic = nt->nt_ic; 1222 struct ieee80211_node *ni; 1223 int hash; 1224 1225 ni = ic->ic_node_alloc(vap, macaddr); 1226 if (ni == NULL) { 1227 vap->iv_stats.is_rx_nodealloc++; 1228 return NULL; 1229 } 1230 1231 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1232 "%s %p<%s> in %s table\n", __func__, ni, 1233 ether_sprintf(macaddr), nt->nt_name); 1234 1235 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1236 hash = IEEE80211_NODE_HASH(ic, macaddr); 1237 ieee80211_node_initref(ni); /* mark referenced */ 1238 ni->ni_chan = IEEE80211_CHAN_ANYC; 1239 ni->ni_authmode = IEEE80211_AUTH_OPEN; 1240 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 1241 ni->ni_txparms = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1242 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 1243 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER; 1244 ni->ni_inact_reload = nt->nt_inact_init; 1245 ni->ni_inact = ni->ni_inact_reload; 1246 ni->ni_ath_defkeyix = 0x7fff; 1247 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1248 #ifdef IEEE80211_SUPPORT_MESH 1249 if (vap->iv_opmode == IEEE80211_M_MBSS) 1250 ieee80211_mesh_node_init(vap, ni); 1251 #endif 1252 IEEE80211_NODE_LOCK(nt); 1253 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 1254 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 1255 ni->ni_table = nt; 1256 ni->ni_vap = vap; 1257 ni->ni_ic = ic; 1258 IEEE80211_NODE_UNLOCK(nt); 1259 1260 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 1261 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 1262 1263 ieee80211_ratectl_node_init(ni); 1264 1265 return ni; 1266 } 1267 1268 /* 1269 * Craft a temporary node suitable for sending a management frame 1270 * to the specified station. We craft only as much state as we 1271 * need to do the work since the node will be immediately reclaimed 1272 * once the send completes. 1273 */ 1274 struct ieee80211_node * 1275 ieee80211_tmp_node(struct ieee80211vap *vap, 1276 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1277 { 1278 struct ieee80211com *ic = vap->iv_ic; 1279 struct ieee80211_node *ni; 1280 1281 ni = ic->ic_node_alloc(vap, macaddr); 1282 if (ni != NULL) { 1283 struct ieee80211_node *bss = vap->iv_bss; 1284 1285 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1286 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1287 1288 ni->ni_table = NULL; /* NB: pedantic */ 1289 ni->ni_ic = ic; /* NB: needed to set channel */ 1290 ni->ni_vap = vap; 1291 1292 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1293 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1294 ieee80211_node_initref(ni); /* mark referenced */ 1295 /* NB: required by ieee80211_fix_rate */ 1296 ieee80211_node_set_chan(ni, bss->ni_chan); 1297 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, 1298 IEEE80211_KEYIX_NONE); 1299 ni->ni_txpower = bss->ni_txpower; 1300 /* XXX optimize away */ 1301 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1302 1303 ieee80211_ratectl_node_init(ni); 1304 } else { 1305 /* XXX msg */ 1306 vap->iv_stats.is_rx_nodealloc++; 1307 } 1308 return ni; 1309 } 1310 1311 struct ieee80211_node * 1312 ieee80211_dup_bss(struct ieee80211vap *vap, 1313 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1314 { 1315 struct ieee80211com *ic = vap->iv_ic; 1316 struct ieee80211_node *ni; 1317 1318 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr); 1319 if (ni != NULL) { 1320 struct ieee80211_node *bss = vap->iv_bss; 1321 /* 1322 * Inherit from iv_bss. 1323 */ 1324 copy_bss(ni, bss); 1325 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1326 ieee80211_node_set_chan(ni, bss->ni_chan); 1327 } 1328 return ni; 1329 } 1330 1331 /* 1332 * Create a bss node for a legacy WDS vap. The far end does 1333 * not associate so we just create create a new node and 1334 * simulate an association. The caller is responsible for 1335 * installing the node as the bss node and handling any further 1336 * setup work like authorizing the port. 1337 */ 1338 struct ieee80211_node * 1339 ieee80211_node_create_wds(struct ieee80211vap *vap, 1340 const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan) 1341 { 1342 struct ieee80211com *ic = vap->iv_ic; 1343 struct ieee80211_node *ni; 1344 1345 /* XXX check if node already in sta table? */ 1346 ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid); 1347 if (ni != NULL) { 1348 ni->ni_wdsvap = vap; 1349 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid); 1350 /* 1351 * Inherit any manually configured settings. 1352 */ 1353 copy_bss(ni, vap->iv_bss); 1354 ieee80211_node_set_chan(ni, chan); 1355 /* NB: propagate ssid so available to WPA supplicant */ 1356 ni->ni_esslen = vap->iv_des_ssid[0].len; 1357 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 1358 /* NB: no associd for peer */ 1359 /* 1360 * There are no management frames to use to 1361 * discover neighbor capabilities, so blindly 1362 * propagate the local configuration. 1363 */ 1364 if (vap->iv_flags & IEEE80211_F_WME) 1365 ni->ni_flags |= IEEE80211_NODE_QOS; 1366 #ifdef IEEE80211_SUPPORT_SUPERG 1367 if (vap->iv_flags & IEEE80211_F_FF) 1368 ni->ni_flags |= IEEE80211_NODE_FF; 1369 #endif 1370 if ((ic->ic_htcaps & IEEE80211_HTC_HT) && 1371 (vap->iv_flags_ht & IEEE80211_FHT_HT)) { 1372 /* 1373 * Device is HT-capable and HT is enabled for 1374 * the vap; setup HT operation. On return 1375 * ni_chan will be adjusted to an HT channel. 1376 */ 1377 ieee80211_ht_wds_init(ni); 1378 } else { 1379 struct ieee80211_channel *c = ni->ni_chan; 1380 /* 1381 * Force a legacy channel to be used. 1382 */ 1383 c = ieee80211_find_channel(ic, 1384 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT); 1385 KASSERT(c != NULL, ("no legacy channel, %u/%x", 1386 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags)); 1387 ni->ni_chan = c; 1388 } 1389 } 1390 return ni; 1391 } 1392 1393 struct ieee80211_node * 1394 #ifdef IEEE80211_DEBUG_REFCNT 1395 ieee80211_find_node_locked_debug(struct ieee80211_node_table *nt, 1396 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1397 #else 1398 ieee80211_find_node_locked(struct ieee80211_node_table *nt, 1399 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1400 #endif 1401 { 1402 struct ieee80211_node *ni; 1403 int hash; 1404 1405 IEEE80211_NODE_LOCK_ASSERT(nt); 1406 1407 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr); 1408 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1409 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1410 ieee80211_ref_node(ni); /* mark referenced */ 1411 #ifdef IEEE80211_DEBUG_REFCNT 1412 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1413 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1414 func, line, 1415 ni, ether_sprintf(ni->ni_macaddr), 1416 ieee80211_node_refcnt(ni)); 1417 #endif 1418 return ni; 1419 } 1420 } 1421 return NULL; 1422 } 1423 1424 struct ieee80211_node * 1425 #ifdef IEEE80211_DEBUG_REFCNT 1426 ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1427 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1428 #else 1429 ieee80211_find_node(struct ieee80211_node_table *nt, 1430 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1431 #endif 1432 { 1433 struct ieee80211_node *ni; 1434 1435 IEEE80211_NODE_LOCK(nt); 1436 ni = ieee80211_find_node_locked(nt, macaddr); 1437 IEEE80211_NODE_UNLOCK(nt); 1438 return ni; 1439 } 1440 1441 struct ieee80211_node * 1442 #ifdef IEEE80211_DEBUG_REFCNT 1443 ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table *nt, 1444 const struct ieee80211vap *vap, 1445 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1446 #else 1447 ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt, 1448 const struct ieee80211vap *vap, 1449 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1450 #endif 1451 { 1452 struct ieee80211_node *ni; 1453 int hash; 1454 1455 IEEE80211_NODE_LOCK_ASSERT(nt); 1456 1457 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr); 1458 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1459 if (ni->ni_vap == vap && 1460 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1461 ieee80211_ref_node(ni); /* mark referenced */ 1462 #ifdef IEEE80211_DEBUG_REFCNT 1463 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1464 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1465 func, line, 1466 ni, ether_sprintf(ni->ni_macaddr), 1467 ieee80211_node_refcnt(ni)); 1468 #endif 1469 return ni; 1470 } 1471 } 1472 return NULL; 1473 } 1474 1475 struct ieee80211_node * 1476 #ifdef IEEE80211_DEBUG_REFCNT 1477 ieee80211_find_vap_node_debug(struct ieee80211_node_table *nt, 1478 const struct ieee80211vap *vap, 1479 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1480 #else 1481 ieee80211_find_vap_node(struct ieee80211_node_table *nt, 1482 const struct ieee80211vap *vap, 1483 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1484 #endif 1485 { 1486 struct ieee80211_node *ni; 1487 1488 IEEE80211_NODE_LOCK(nt); 1489 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr); 1490 IEEE80211_NODE_UNLOCK(nt); 1491 return ni; 1492 } 1493 1494 /* 1495 * Fake up a node; this handles node discovery in adhoc mode. 1496 * Note that for the driver's benefit we we treat this like 1497 * an association so the driver has an opportunity to setup 1498 * it's private state. 1499 */ 1500 struct ieee80211_node * 1501 ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap, 1502 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1503 { 1504 struct ieee80211_node *ni; 1505 1506 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE | IEEE80211_MSG_ASSOC, 1507 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr)); 1508 ni = ieee80211_dup_bss(vap, macaddr); 1509 if (ni != NULL) { 1510 struct ieee80211com *ic = vap->iv_ic; 1511 1512 /* XXX no rate negotiation; just dup */ 1513 ni->ni_rates = vap->iv_bss->ni_rates; 1514 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1515 ni->ni_flags |= IEEE80211_NODE_ERP; 1516 if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 1517 /* 1518 * In adhoc demo mode there are no management 1519 * frames to use to discover neighbor capabilities, 1520 * so blindly propagate the local configuration 1521 * so we can do interesting things (e.g. use 1522 * WME to disable ACK's). 1523 */ 1524 if (vap->iv_flags & IEEE80211_F_WME) 1525 ni->ni_flags |= IEEE80211_NODE_QOS; 1526 #ifdef IEEE80211_SUPPORT_SUPERG 1527 if (vap->iv_flags & IEEE80211_F_FF) 1528 ni->ni_flags |= IEEE80211_NODE_FF; 1529 #endif 1530 } 1531 ieee80211_node_setuptxparms(ni); 1532 ieee80211_ratectl_node_init(ni); 1533 if (ic->ic_newassoc != NULL) 1534 ic->ic_newassoc(ni, 1); 1535 /* XXX not right for 802.1x/WPA */ 1536 ieee80211_node_authorize(ni); 1537 } 1538 return ni; 1539 } 1540 1541 void 1542 ieee80211_init_neighbor(struct ieee80211_node *ni, 1543 const struct ieee80211_frame *wh, 1544 const struct ieee80211_scanparams *sp) 1545 { 1546 int do_ht_setup = 0; 1547 1548 ni->ni_esslen = sp->ssid[1]; 1549 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1550 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1551 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1552 ni->ni_intval = sp->bintval; 1553 ni->ni_capinfo = sp->capinfo; 1554 ni->ni_chan = ni->ni_ic->ic_curchan; 1555 ni->ni_fhdwell = sp->fhdwell; 1556 ni->ni_fhindex = sp->fhindex; 1557 ni->ni_erp = sp->erp; 1558 ni->ni_timoff = sp->timoff; 1559 #ifdef IEEE80211_SUPPORT_MESH 1560 if (ni->ni_vap->iv_opmode == IEEE80211_M_MBSS) 1561 ieee80211_mesh_init_neighbor(ni, wh, sp); 1562 #endif 1563 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) { 1564 ieee80211_ies_expand(&ni->ni_ies); 1565 if (ni->ni_ies.wme_ie != NULL) 1566 ni->ni_flags |= IEEE80211_NODE_QOS; 1567 else 1568 ni->ni_flags &= ~IEEE80211_NODE_QOS; 1569 #ifdef IEEE80211_SUPPORT_SUPERG 1570 if (ni->ni_ies.ath_ie != NULL) 1571 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 1572 #endif 1573 if (ni->ni_ies.htcap_ie != NULL) 1574 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 1575 if (ni->ni_ies.htinfo_ie != NULL) 1576 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 1577 1578 if ((ni->ni_ies.htcap_ie != NULL) && 1579 (ni->ni_ies.htinfo_ie != NULL) && 1580 (ni->ni_vap->iv_flags_ht & IEEE80211_FHT_HT)) { 1581 do_ht_setup = 1; 1582 } 1583 } 1584 1585 /* NB: must be after ni_chan is setup */ 1586 ieee80211_setup_rates(ni, sp->rates, sp->xrates, 1587 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1588 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1589 1590 /* 1591 * If the neighbor is HT compatible, flip that on. 1592 */ 1593 if (do_ht_setup) { 1594 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 1595 "%s: doing HT setup\n", __func__); 1596 ieee80211_ht_node_init(ni); 1597 ieee80211_ht_updateparams(ni, 1598 ni->ni_ies.htcap_ie, 1599 ni->ni_ies.htinfo_ie); 1600 ieee80211_setup_htrates(ni, 1601 ni->ni_ies.htcap_ie, 1602 IEEE80211_F_JOIN | IEEE80211_F_DOBRS); 1603 ieee80211_setup_basic_htrates(ni, 1604 ni->ni_ies.htinfo_ie); 1605 ieee80211_node_setuptxparms(ni); 1606 ieee80211_ratectl_node_init(ni); 1607 } 1608 } 1609 1610 /* 1611 * Do node discovery in adhoc mode on receipt of a beacon 1612 * or probe response frame. Note that for the driver's 1613 * benefit we we treat this like an association so the 1614 * driver has an opportunity to setup it's private state. 1615 */ 1616 struct ieee80211_node * 1617 ieee80211_add_neighbor(struct ieee80211vap *vap, 1618 const struct ieee80211_frame *wh, 1619 const struct ieee80211_scanparams *sp) 1620 { 1621 struct ieee80211_node *ni; 1622 1623 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 1624 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2)); 1625 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */ 1626 if (ni != NULL) { 1627 struct ieee80211com *ic = vap->iv_ic; 1628 1629 ieee80211_init_neighbor(ni, wh, sp); 1630 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1631 ni->ni_flags |= IEEE80211_NODE_ERP; 1632 ieee80211_node_setuptxparms(ni); 1633 ieee80211_ratectl_node_init(ni); 1634 if (ic->ic_newassoc != NULL) 1635 ic->ic_newassoc(ni, 1); 1636 /* XXX not right for 802.1x/WPA */ 1637 ieee80211_node_authorize(ni); 1638 } 1639 return ni; 1640 } 1641 1642 #define IS_PROBEREQ(wh) \ 1643 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) \ 1644 == (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 1645 #define IS_BCAST_PROBEREQ(wh) \ 1646 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \ 1647 ((const struct ieee80211_frame *)(wh))->i_addr3)) 1648 1649 static __inline struct ieee80211_node * 1650 _find_rxnode(struct ieee80211_node_table *nt, 1651 const struct ieee80211_frame_min *wh) 1652 { 1653 if (IS_BCAST_PROBEREQ(wh)) 1654 return NULL; /* spam bcast probe req to all vap's */ 1655 return ieee80211_find_node_locked(nt, wh->i_addr2); 1656 } 1657 1658 /* 1659 * Locate the node for sender, track state, and then pass the 1660 * (referenced) node up to the 802.11 layer for its use. Note 1661 * we can return NULL if the sender is not in the table. 1662 */ 1663 struct ieee80211_node * 1664 #ifdef IEEE80211_DEBUG_REFCNT 1665 ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1666 const struct ieee80211_frame_min *wh, const char *func, int line) 1667 #else 1668 ieee80211_find_rxnode(struct ieee80211com *ic, 1669 const struct ieee80211_frame_min *wh) 1670 #endif 1671 { 1672 struct ieee80211_node_table *nt; 1673 struct ieee80211_node *ni; 1674 1675 nt = &ic->ic_sta; 1676 IEEE80211_NODE_LOCK(nt); 1677 ni = _find_rxnode(nt, wh); 1678 IEEE80211_NODE_UNLOCK(nt); 1679 1680 return ni; 1681 } 1682 1683 /* 1684 * Like ieee80211_find_rxnode but use the supplied h/w 1685 * key index as a hint to locate the node in the key 1686 * mapping table. If an entry is present at the key 1687 * index we return it; otherwise do a normal lookup and 1688 * update the mapping table if the station has a unicast 1689 * key assigned to it. 1690 */ 1691 struct ieee80211_node * 1692 #ifdef IEEE80211_DEBUG_REFCNT 1693 ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic, 1694 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix, 1695 const char *func, int line) 1696 #else 1697 ieee80211_find_rxnode_withkey(struct ieee80211com *ic, 1698 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix) 1699 #endif 1700 { 1701 struct ieee80211_node_table *nt; 1702 struct ieee80211_node *ni; 1703 1704 nt = &ic->ic_sta; 1705 IEEE80211_NODE_LOCK(nt); 1706 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) 1707 ni = nt->nt_keyixmap[keyix]; 1708 else 1709 ni = NULL; 1710 if (ni == NULL) { 1711 ni = _find_rxnode(nt, wh); 1712 if (ni != NULL && nt->nt_keyixmap != NULL) { 1713 /* 1714 * If the station has a unicast key cache slot 1715 * assigned update the key->node mapping table. 1716 */ 1717 keyix = ni->ni_ucastkey.wk_rxkeyix; 1718 /* XXX can keyixmap[keyix] != NULL? */ 1719 if (keyix < nt->nt_keyixmax && 1720 nt->nt_keyixmap[keyix] == NULL) { 1721 IEEE80211_DPRINTF(ni->ni_vap, 1722 IEEE80211_MSG_NODE, 1723 "%s: add key map entry %p<%s> refcnt %d\n", 1724 __func__, ni, ether_sprintf(ni->ni_macaddr), 1725 ieee80211_node_refcnt(ni)+1); 1726 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1727 } 1728 } 1729 } else { 1730 if (IS_BCAST_PROBEREQ(wh)) 1731 ni = NULL; /* spam bcast probe req to all vap's */ 1732 else 1733 ieee80211_ref_node(ni); 1734 } 1735 IEEE80211_NODE_UNLOCK(nt); 1736 1737 return ni; 1738 } 1739 #undef IS_BCAST_PROBEREQ 1740 #undef IS_PROBEREQ 1741 1742 /* 1743 * Return a reference to the appropriate node for sending 1744 * a data frame. This handles node discovery in adhoc networks. 1745 */ 1746 struct ieee80211_node * 1747 #ifdef IEEE80211_DEBUG_REFCNT 1748 ieee80211_find_txnode_debug(struct ieee80211vap *vap, 1749 const uint8_t macaddr[IEEE80211_ADDR_LEN], 1750 const char *func, int line) 1751 #else 1752 ieee80211_find_txnode(struct ieee80211vap *vap, 1753 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1754 #endif 1755 { 1756 struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta; 1757 struct ieee80211_node *ni; 1758 1759 /* 1760 * The destination address should be in the node table 1761 * unless this is a multicast/broadcast frame. We can 1762 * also optimize station mode operation, all frames go 1763 * to the bss node. 1764 */ 1765 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1766 IEEE80211_NODE_LOCK(nt); 1767 if (vap->iv_opmode == IEEE80211_M_STA || 1768 vap->iv_opmode == IEEE80211_M_WDS || 1769 IEEE80211_IS_MULTICAST(macaddr)) 1770 ni = ieee80211_ref_node(vap->iv_bss); 1771 else 1772 ni = ieee80211_find_node_locked(nt, macaddr); 1773 IEEE80211_NODE_UNLOCK(nt); 1774 1775 if (ni == NULL) { 1776 if (vap->iv_opmode == IEEE80211_M_IBSS || 1777 vap->iv_opmode == IEEE80211_M_AHDEMO) { 1778 /* 1779 * In adhoc mode cons up a node for the destination. 1780 * Note that we need an additional reference for the 1781 * caller to be consistent with 1782 * ieee80211_find_node_locked. 1783 */ 1784 ni = ieee80211_fakeup_adhoc_node(vap, macaddr); 1785 if (ni != NULL) 1786 (void) ieee80211_ref_node(ni); 1787 } else { 1788 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr, 1789 "no node, discard frame (%s)", __func__); 1790 vap->iv_stats.is_tx_nonode++; 1791 } 1792 } 1793 return ni; 1794 } 1795 1796 static void 1797 _ieee80211_free_node(struct ieee80211_node *ni) 1798 { 1799 struct ieee80211_node_table *nt = ni->ni_table; 1800 1801 /* 1802 * NB: careful about referencing the vap as it may be 1803 * gone if the last reference was held by a driver. 1804 * We know the com will always be present so it's safe 1805 * to use ni_ic below to reclaim resources. 1806 */ 1807 #if 0 1808 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1809 "%s %p<%s> in %s table\n", __func__, ni, 1810 ether_sprintf(ni->ni_macaddr), 1811 nt != NULL ? nt->nt_name : "<gone>"); 1812 #endif 1813 if (ni->ni_associd != 0) { 1814 struct ieee80211vap *vap = ni->ni_vap; 1815 if (vap->iv_aid_bitmap != NULL) 1816 IEEE80211_AID_CLR(vap, ni->ni_associd); 1817 } 1818 if (nt != NULL) { 1819 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1820 LIST_REMOVE(ni, ni_hash); 1821 } 1822 ni->ni_ic->ic_node_free(ni); 1823 } 1824 1825 /* 1826 * Clear any entry in the unicast key mapping table. 1827 */ 1828 static int 1829 node_clear_keyixmap(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1830 { 1831 ieee80211_keyix keyix; 1832 1833 keyix = ni->ni_ucastkey.wk_rxkeyix; 1834 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 1835 nt->nt_keyixmap[keyix] == ni) { 1836 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1837 "%s: %p<%s> clear key map entry %u\n", 1838 __func__, ni, ether_sprintf(ni->ni_macaddr), keyix); 1839 nt->nt_keyixmap[keyix] = NULL; 1840 ieee80211_node_decref(ni); 1841 return 1; 1842 } 1843 1844 return 0; 1845 } 1846 1847 void 1848 #ifdef IEEE80211_DEBUG_REFCNT 1849 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1850 #else 1851 ieee80211_free_node(struct ieee80211_node *ni) 1852 #endif 1853 { 1854 struct ieee80211_node_table *nt = ni->ni_table; 1855 1856 #ifdef IEEE80211_DEBUG_REFCNT 1857 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1858 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1859 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1860 #endif 1861 if (nt != NULL) { 1862 IEEE80211_NODE_LOCK(nt); 1863 if (ieee80211_node_dectestref(ni)) { 1864 /* 1865 * Last reference, reclaim state. 1866 */ 1867 _ieee80211_free_node(ni); 1868 } else if (ieee80211_node_refcnt(ni) == 1) 1869 if (node_clear_keyixmap(nt, ni)) 1870 _ieee80211_free_node(ni); 1871 IEEE80211_NODE_UNLOCK(nt); 1872 } else { 1873 if (ieee80211_node_dectestref(ni)) 1874 _ieee80211_free_node(ni); 1875 } 1876 } 1877 1878 /* 1879 * Reclaim a unicast key and clear any key cache state. 1880 */ 1881 int 1882 ieee80211_node_delucastkey(struct ieee80211_node *ni) 1883 { 1884 struct ieee80211com *ic = ni->ni_ic; 1885 struct ieee80211_node_table *nt = &ic->ic_sta; 1886 struct ieee80211_node *nikey; 1887 ieee80211_keyix keyix; 1888 int isowned, status; 1889 1890 /* 1891 * NB: We must beware of LOR here; deleting the key 1892 * can cause the crypto layer to block traffic updates 1893 * which can generate a LOR against the node table lock; 1894 * grab it here and stash the key index for our use below. 1895 * 1896 * Must also beware of recursion on the node table lock. 1897 * When called from node_cleanup we may already have 1898 * the node table lock held. Unfortunately there's no 1899 * way to separate out this path so we must do this 1900 * conditionally. 1901 */ 1902 isowned = IEEE80211_NODE_IS_LOCKED(nt); 1903 if (!isowned) 1904 IEEE80211_NODE_LOCK(nt); 1905 nikey = NULL; 1906 status = 1; /* NB: success */ 1907 if (ni->ni_ucastkey.wk_keyix != IEEE80211_KEYIX_NONE) { 1908 keyix = ni->ni_ucastkey.wk_rxkeyix; 1909 status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey); 1910 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1911 nikey = nt->nt_keyixmap[keyix]; 1912 nt->nt_keyixmap[keyix] = NULL; 1913 } 1914 } 1915 if (!isowned) 1916 IEEE80211_NODE_UNLOCK(nt); 1917 1918 if (nikey != NULL) { 1919 KASSERT(nikey == ni, 1920 ("key map out of sync, ni %p nikey %p", ni, nikey)); 1921 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1922 "%s: delete key map entry %p<%s> refcnt %d\n", 1923 __func__, ni, ether_sprintf(ni->ni_macaddr), 1924 ieee80211_node_refcnt(ni)-1); 1925 ieee80211_free_node(ni); 1926 } 1927 return status; 1928 } 1929 1930 /* 1931 * Reclaim a node. If this is the last reference count then 1932 * do the normal free work. Otherwise remove it from the node 1933 * table and mark it gone by clearing the back-reference. 1934 */ 1935 static void 1936 node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1937 { 1938 1939 IEEE80211_NODE_LOCK_ASSERT(nt); 1940 1941 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1942 "%s: remove %p<%s> from %s table, refcnt %d\n", 1943 __func__, ni, ether_sprintf(ni->ni_macaddr), 1944 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1945 /* 1946 * Clear any entry in the unicast key mapping table. 1947 * We need to do it here so rx lookups don't find it 1948 * in the mapping table even if it's not in the hash 1949 * table. We cannot depend on the mapping table entry 1950 * being cleared because the node may not be free'd. 1951 */ 1952 (void)node_clear_keyixmap(nt, ni); 1953 if (!ieee80211_node_dectestref(ni)) { 1954 /* 1955 * Other references are present, just remove the 1956 * node from the table so it cannot be found. When 1957 * the references are dropped storage will be 1958 * reclaimed. 1959 */ 1960 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1961 LIST_REMOVE(ni, ni_hash); 1962 ni->ni_table = NULL; /* clear reference */ 1963 } else 1964 _ieee80211_free_node(ni); 1965 } 1966 1967 /* 1968 * Node table support. 1969 */ 1970 1971 static void 1972 ieee80211_node_table_init(struct ieee80211com *ic, 1973 struct ieee80211_node_table *nt, 1974 const char *name, int inact, int keyixmax) 1975 { 1976 1977 nt->nt_ic = ic; 1978 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_name); 1979 TAILQ_INIT(&nt->nt_node); 1980 nt->nt_name = name; 1981 nt->nt_inact_init = inact; 1982 nt->nt_keyixmax = keyixmax; 1983 if (nt->nt_keyixmax > 0) { 1984 nt->nt_keyixmap = (struct ieee80211_node **) IEEE80211_MALLOC( 1985 keyixmax * sizeof(struct ieee80211_node *), 1986 M_80211_NODE, 1987 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 1988 if (nt->nt_keyixmap == NULL) 1989 ic_printf(ic, 1990 "Cannot allocate key index map with %u entries\n", 1991 keyixmax); 1992 } else 1993 nt->nt_keyixmap = NULL; 1994 } 1995 1996 static void 1997 ieee80211_node_table_reset(struct ieee80211_node_table *nt, 1998 struct ieee80211vap *match) 1999 { 2000 struct ieee80211_node *ni, *next; 2001 2002 IEEE80211_NODE_LOCK(nt); 2003 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { 2004 if (match != NULL && ni->ni_vap != match) 2005 continue; 2006 /* XXX can this happen? if so need's work */ 2007 if (ni->ni_associd != 0) { 2008 struct ieee80211vap *vap = ni->ni_vap; 2009 2010 if (vap->iv_auth->ia_node_leave != NULL) 2011 vap->iv_auth->ia_node_leave(ni); 2012 if (vap->iv_aid_bitmap != NULL) 2013 IEEE80211_AID_CLR(vap, ni->ni_associd); 2014 } 2015 ni->ni_wdsvap = NULL; /* clear reference */ 2016 node_reclaim(nt, ni); 2017 } 2018 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) { 2019 /* 2020 * Make a separate pass to clear references to this vap 2021 * held by DWDS entries. They will not be matched above 2022 * because ni_vap will point to the ap vap but we still 2023 * need to clear ni_wdsvap when the WDS vap is destroyed 2024 * and/or reset. 2025 */ 2026 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) 2027 if (ni->ni_wdsvap == match) 2028 ni->ni_wdsvap = NULL; 2029 } 2030 IEEE80211_NODE_UNLOCK(nt); 2031 } 2032 2033 static void 2034 ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 2035 { 2036 ieee80211_node_table_reset(nt, NULL); 2037 if (nt->nt_keyixmap != NULL) { 2038 #ifdef DIAGNOSTIC 2039 /* XXX verify all entries are NULL */ 2040 int i; 2041 for (i = 0; i < nt->nt_keyixmax; i++) 2042 if (nt->nt_keyixmap[i] != NULL) 2043 printf("%s: %s[%u] still active\n", __func__, 2044 nt->nt_name, i); 2045 #endif 2046 IEEE80211_FREE(nt->nt_keyixmap, M_80211_NODE); 2047 nt->nt_keyixmap = NULL; 2048 } 2049 IEEE80211_NODE_LOCK_DESTROY(nt); 2050 } 2051 2052 static void 2053 timeout_stations(void *arg __unused, struct ieee80211_node *ni) 2054 { 2055 struct ieee80211com *ic = ni->ni_ic; 2056 struct ieee80211vap *vap = ni->ni_vap; 2057 2058 /* 2059 * Only process stations when in RUN state. This 2060 * insures, for example, that we don't timeout an 2061 * inactive station during CAC. Note that CSA state 2062 * is actually handled in ieee80211_node_timeout as 2063 * it applies to more than timeout processing. 2064 */ 2065 if (vap->iv_state != IEEE80211_S_RUN) 2066 return; 2067 /* 2068 * Ignore entries for which have yet to receive an 2069 * authentication frame. These are transient and 2070 * will be reclaimed when the last reference to them 2071 * goes away (when frame xmits complete). 2072 */ 2073 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 2074 vap->iv_opmode == IEEE80211_M_STA) && 2075 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 2076 return; 2077 /* 2078 * Free fragment if not needed anymore 2079 * (last fragment older than 1s). 2080 * XXX doesn't belong here, move to node_age 2081 */ 2082 if (ni->ni_rxfrag[0] != NULL && 2083 ticks > ni->ni_rxfragstamp + hz) { 2084 m_freem(ni->ni_rxfrag[0]); 2085 ni->ni_rxfrag[0] = NULL; 2086 } 2087 if (ni->ni_inact > 0) { 2088 ni->ni_inact--; 2089 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 2090 "%s: inact %u inact_reload %u nrates %u", 2091 __func__, ni->ni_inact, ni->ni_inact_reload, 2092 ni->ni_rates.rs_nrates); 2093 } 2094 /* 2095 * Special case ourself; we may be idle for extended periods 2096 * of time and regardless reclaiming our state is wrong. 2097 * XXX run ic_node_age 2098 */ 2099 /* XXX before inact decrement? */ 2100 if (ni == vap->iv_bss) 2101 return; 2102 if (ni->ni_associd != 0 || 2103 (vap->iv_opmode == IEEE80211_M_IBSS || 2104 vap->iv_opmode == IEEE80211_M_AHDEMO)) { 2105 /* 2106 * Age/drain resources held by the station. 2107 */ 2108 ic->ic_node_age(ni); 2109 /* 2110 * Probe the station before time it out. We 2111 * send a null data frame which may not be 2112 * universally supported by drivers (need it 2113 * for ps-poll support so it should be...). 2114 * 2115 * XXX don't probe the station unless we've 2116 * received a frame from them (and have 2117 * some idea of the rates they are capable 2118 * of); this will get fixed more properly 2119 * soon with better handling of the rate set. 2120 */ 2121 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 2122 (0 < ni->ni_inact && 2123 ni->ni_inact <= vap->iv_inact_probe) && 2124 ni->ni_rates.rs_nrates != 0) { 2125 IEEE80211_NOTE(vap, 2126 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, 2127 ni, "%s", 2128 "probe station due to inactivity"); 2129 /* 2130 * Grab a reference so the node cannot 2131 * be reclaimed before we send the frame. 2132 * ieee80211_send_nulldata understands 2133 * we've done this and reclaims the 2134 * ref for us as needed. 2135 */ 2136 /* XXX fix this (not required anymore). */ 2137 ieee80211_ref_node(ni); 2138 /* XXX useless */ 2139 ieee80211_send_nulldata(ni); 2140 /* XXX stat? */ 2141 return; 2142 } 2143 } 2144 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 2145 ni->ni_inact <= 0) { 2146 IEEE80211_NOTE(vap, 2147 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni, 2148 "station timed out due to inactivity " 2149 "(refcnt %u)", ieee80211_node_refcnt(ni)); 2150 /* 2151 * Send a deauthenticate frame and drop the station. 2152 * This is somewhat complicated due to reference counts 2153 * and locking. At this point a station will typically 2154 * have a reference count of 2. ieee80211_node_leave 2155 * will do a "free" of the node which will drop the 2156 * reference count. But in the meantime a reference 2157 * wil be held by the deauth frame. The actual reclaim 2158 * of the node will happen either after the tx is 2159 * completed or by ieee80211_node_leave. 2160 */ 2161 if (ni->ni_associd != 0) { 2162 IEEE80211_SEND_MGMT(ni, 2163 IEEE80211_FC0_SUBTYPE_DEAUTH, 2164 IEEE80211_REASON_AUTH_EXPIRE); 2165 } 2166 ieee80211_node_leave(ni); 2167 vap->iv_stats.is_node_timeout++; 2168 } 2169 } 2170 2171 /* 2172 * Timeout inactive stations and do related housekeeping. 2173 */ 2174 static void 2175 ieee80211_timeout_stations(struct ieee80211com *ic) 2176 { 2177 struct ieee80211_node_table *nt = &ic->ic_sta; 2178 2179 ieee80211_iterate_nodes(nt, timeout_stations, NULL); 2180 } 2181 2182 /* 2183 * Aggressively reclaim resources. This should be used 2184 * only in a critical situation to reclaim mbuf resources. 2185 */ 2186 void 2187 ieee80211_drain(struct ieee80211com *ic) 2188 { 2189 struct ieee80211_node_table *nt = &ic->ic_sta; 2190 struct ieee80211vap *vap; 2191 struct ieee80211_node *ni; 2192 2193 IEEE80211_NODE_LOCK(nt); 2194 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2195 /* 2196 * Ignore entries for which have yet to receive an 2197 * authentication frame. These are transient and 2198 * will be reclaimed when the last reference to them 2199 * goes away (when frame xmits complete). 2200 */ 2201 vap = ni->ni_vap; 2202 /* 2203 * Only process stations when in RUN state. This 2204 * insures, for example, that we don't timeout an 2205 * inactive station during CAC. Note that CSA state 2206 * is actually handled in ieee80211_node_timeout as 2207 * it applies to more than timeout processing. 2208 */ 2209 if (vap->iv_state != IEEE80211_S_RUN) 2210 continue; 2211 /* XXX can vap be NULL? */ 2212 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 2213 vap->iv_opmode == IEEE80211_M_STA) && 2214 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 2215 continue; 2216 /* 2217 * Free fragments. 2218 * XXX doesn't belong here, move to node_drain 2219 */ 2220 if (ni->ni_rxfrag[0] != NULL) { 2221 m_freem(ni->ni_rxfrag[0]); 2222 ni->ni_rxfrag[0] = NULL; 2223 } 2224 /* 2225 * Drain resources held by the station. 2226 */ 2227 ic->ic_node_drain(ni); 2228 } 2229 IEEE80211_NODE_UNLOCK(nt); 2230 } 2231 2232 /* 2233 * Per-ieee80211com inactivity timer callback. 2234 */ 2235 void 2236 ieee80211_node_timeout(void *arg) 2237 { 2238 struct ieee80211com *ic = arg; 2239 2240 /* 2241 * Defer timeout processing if a channel switch is pending. 2242 * We typically need to be mute so not doing things that 2243 * might generate frames is good to handle in one place. 2244 * Suppressing the station timeout processing may extend the 2245 * lifetime of inactive stations (by not decrementing their 2246 * idle counters) but this should be ok unless the CSA is 2247 * active for an unusually long time. 2248 */ 2249 if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) { 2250 ieee80211_scan_timeout(ic); 2251 ieee80211_timeout_stations(ic); 2252 ieee80211_ageq_age(&ic->ic_stageq, IEEE80211_INACT_WAIT); 2253 2254 IEEE80211_LOCK(ic); 2255 ieee80211_erp_timeout(ic); 2256 ieee80211_ht_timeout(ic); 2257 IEEE80211_UNLOCK(ic); 2258 } 2259 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 2260 ieee80211_node_timeout, ic); 2261 } 2262 2263 /* 2264 * Iterate over the node table and return an array of ref'ed nodes. 2265 * 2266 * This is separated out from calling the actual node function so that 2267 * no LORs will occur. 2268 * 2269 * If there are too many nodes (ie, the number of nodes doesn't fit 2270 * within 'max_aid' entries) then the node references will be freed 2271 * and an error will be returned. 2272 * 2273 * The responsibility of allocating and freeing "ni_arr" is up to 2274 * the caller. 2275 */ 2276 int 2277 ieee80211_iterate_nt(struct ieee80211_node_table *nt, 2278 struct ieee80211_node **ni_arr, uint16_t max_aid) 2279 { 2280 int i, j, ret; 2281 struct ieee80211_node *ni; 2282 2283 IEEE80211_NODE_LOCK(nt); 2284 2285 i = ret = 0; 2286 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2287 if (i >= max_aid) { 2288 ret = E2BIG; 2289 ic_printf(nt->nt_ic, "Node array overflow: max=%u", 2290 max_aid); 2291 break; 2292 } 2293 ni_arr[i] = ieee80211_ref_node(ni); 2294 i++; 2295 } 2296 2297 /* 2298 * It's safe to unlock here. 2299 * 2300 * If we're successful, the list is returned. 2301 * If we're unsuccessful, the list is ignored 2302 * and we remove our references. 2303 * 2304 * This avoids any potential LOR with 2305 * ieee80211_free_node(). 2306 */ 2307 IEEE80211_NODE_UNLOCK(nt); 2308 2309 /* 2310 * If ret is non-zero, we hit some kind of error. 2311 * Rather than walking some nodes, we'll walk none 2312 * of them. 2313 */ 2314 if (ret) { 2315 for (j = 0; j < i; j++) { 2316 /* ieee80211_free_node() locks by itself */ 2317 ieee80211_free_node(ni_arr[j]); 2318 } 2319 } 2320 2321 return (ret); 2322 } 2323 2324 /* 2325 * Just a wrapper, so we don't have to change every ieee80211_iterate_nodes() 2326 * reference in the source. 2327 * 2328 * Note that this fetches 'max_aid' from the first VAP, rather than finding 2329 * the largest max_aid from all VAPs. 2330 */ 2331 void 2332 ieee80211_iterate_nodes(struct ieee80211_node_table *nt, 2333 ieee80211_iter_func *f, void *arg) 2334 { 2335 struct ieee80211_node **ni_arr; 2336 size_t size; 2337 int i; 2338 uint16_t max_aid; 2339 struct ieee80211vap *vap; 2340 2341 /* Overdoing it default */ 2342 max_aid = IEEE80211_AID_MAX; 2343 2344 /* Handle the case of there being no vaps just yet */ 2345 vap = TAILQ_FIRST(&nt->nt_ic->ic_vaps); 2346 if (vap != NULL) 2347 max_aid = vap->iv_max_aid; 2348 2349 size = max_aid * sizeof(struct ieee80211_node *); 2350 ni_arr = (struct ieee80211_node **) IEEE80211_MALLOC(size, M_80211_NODE, 2351 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 2352 if (ni_arr == NULL) 2353 return; 2354 2355 /* 2356 * If this fails, the node table won't have any 2357 * valid entries - ieee80211_iterate_nt() frees 2358 * the references to them. So don't try walking 2359 * the table; just skip to the end and free the 2360 * temporary memory. 2361 */ 2362 if (ieee80211_iterate_nt(nt, ni_arr, max_aid) != 0) 2363 goto done; 2364 2365 for (i = 0; i < max_aid; i++) { 2366 if (ni_arr[i] == NULL) /* end of the list */ 2367 break; 2368 (*f)(arg, ni_arr[i]); 2369 /* ieee80211_free_node() locks by itself */ 2370 ieee80211_free_node(ni_arr[i]); 2371 } 2372 2373 done: 2374 IEEE80211_FREE(ni_arr, M_80211_NODE); 2375 } 2376 2377 void 2378 ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 2379 { 2380 printf("0x%p: mac %s refcnt %d\n", ni, 2381 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2382 printf("\tauthmode %u flags 0x%x\n", 2383 ni->ni_authmode, ni->ni_flags); 2384 printf("\tassocid 0x%x txpower %u vlan %u\n", 2385 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2386 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2387 ni->ni_txseqs[IEEE80211_NONQOS_TID], 2388 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT, 2389 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK, 2390 ni->ni_rxfragstamp); 2391 printf("\trssi %d noise %d intval %u capinfo 0x%x\n", 2392 node_getrssi(ni), ni->ni_noise, 2393 ni->ni_intval, ni->ni_capinfo); 2394 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 2395 ether_sprintf(ni->ni_bssid), 2396 ni->ni_esslen, ni->ni_essid, 2397 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2398 printf("\tinact %u inact_reload %u txrate %u\n", 2399 ni->ni_inact, ni->ni_inact_reload, ni->ni_txrate); 2400 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n", 2401 ni->ni_htcap, ni->ni_htparam, 2402 ni->ni_htctlchan, ni->ni_ht2ndchan); 2403 printf("\thtopmode %x htstbc %x chw %u\n", 2404 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw); 2405 } 2406 2407 void 2408 ieee80211_dump_nodes(struct ieee80211_node_table *nt) 2409 { 2410 ieee80211_iterate_nodes(nt, 2411 (ieee80211_iter_func *) ieee80211_dump_node, nt); 2412 } 2413 2414 static void 2415 ieee80211_notify_erp_locked(struct ieee80211com *ic) 2416 { 2417 struct ieee80211vap *vap; 2418 2419 IEEE80211_LOCK_ASSERT(ic); 2420 2421 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) 2422 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2423 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP); 2424 } 2425 2426 void 2427 ieee80211_notify_erp(struct ieee80211com *ic) 2428 { 2429 IEEE80211_LOCK(ic); 2430 ieee80211_notify_erp_locked(ic); 2431 IEEE80211_UNLOCK(ic); 2432 } 2433 2434 /* 2435 * Handle a station joining an 11g network. 2436 */ 2437 static void 2438 ieee80211_node_join_11g(struct ieee80211_node *ni) 2439 { 2440 struct ieee80211com *ic = ni->ni_ic; 2441 2442 IEEE80211_LOCK_ASSERT(ic); 2443 2444 /* 2445 * Station isn't capable of short slot time. Bump 2446 * the count of long slot time stations and disable 2447 * use of short slot time. Note that the actual switch 2448 * over to long slot time use may not occur until the 2449 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2450 */ 2451 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2452 ic->ic_longslotsta++; 2453 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2454 "station needs long slot time, count %d", 2455 ic->ic_longslotsta); 2456 /* XXX vap's w/ conflicting needs won't work */ 2457 if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) { 2458 /* 2459 * Don't force slot time when switched to turbo 2460 * mode as non-ERP stations won't be present; this 2461 * need only be done when on the normal G channel. 2462 */ 2463 ieee80211_set_shortslottime(ic, 0); 2464 } 2465 } 2466 /* 2467 * If the new station is not an ERP station 2468 * then bump the counter and enable protection 2469 * if configured. 2470 */ 2471 if (!ieee80211_iserp_rateset(&ni->ni_rates)) { 2472 ic->ic_nonerpsta++; 2473 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2474 "station is !ERP, %d non-ERP stations associated", 2475 ic->ic_nonerpsta); 2476 /* 2477 * If station does not support short preamble 2478 * then we must enable use of Barker preamble. 2479 */ 2480 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2481 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2482 "%s", "station needs long preamble"); 2483 ic->ic_flags |= IEEE80211_F_USEBARKER; 2484 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2485 } 2486 /* 2487 * If protection is configured and this is the first 2488 * indication we should use protection, enable it. 2489 */ 2490 if (ic->ic_protmode != IEEE80211_PROT_NONE && 2491 ic->ic_nonerpsta == 1 && 2492 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2493 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2494 "%s: enable use of protection\n", __func__); 2495 ic->ic_flags |= IEEE80211_F_USEPROT; 2496 ieee80211_notify_erp_locked(ic); 2497 } 2498 } else 2499 ni->ni_flags |= IEEE80211_NODE_ERP; 2500 } 2501 2502 void 2503 ieee80211_node_join(struct ieee80211_node *ni, int resp) 2504 { 2505 struct ieee80211com *ic = ni->ni_ic; 2506 struct ieee80211vap *vap = ni->ni_vap; 2507 int newassoc; 2508 2509 if (ni->ni_associd == 0) { 2510 uint16_t aid; 2511 2512 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap")); 2513 /* 2514 * It would be good to search the bitmap 2515 * more efficiently, but this will do for now. 2516 */ 2517 for (aid = 1; aid < vap->iv_max_aid; aid++) { 2518 if (!IEEE80211_AID_ISSET(vap, aid)) 2519 break; 2520 } 2521 if (aid >= vap->iv_max_aid) { 2522 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY); 2523 ieee80211_node_leave(ni); 2524 return; 2525 } 2526 ni->ni_associd = aid | 0xc000; 2527 ni->ni_jointime = time_uptime; 2528 IEEE80211_LOCK(ic); 2529 IEEE80211_AID_SET(vap, ni->ni_associd); 2530 vap->iv_sta_assoc++; 2531 ic->ic_sta_assoc++; 2532 2533 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2534 ieee80211_ht_node_join(ni); 2535 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2536 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2537 ieee80211_node_join_11g(ni); 2538 IEEE80211_UNLOCK(ic); 2539 2540 newassoc = 1; 2541 } else 2542 newassoc = 0; 2543 2544 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2545 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s%s%s", 2546 IEEE80211_NODE_AID(ni), 2547 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2548 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2549 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2550 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "", 2551 ni->ni_flags & IEEE80211_NODE_HT ? 2552 (ni->ni_chw == 40 ? ", HT40" : ", HT20") : "", 2553 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "", 2554 ni->ni_flags & IEEE80211_NODE_MIMO_RTS ? " (+SMPS-DYN)" : 2555 ni->ni_flags & IEEE80211_NODE_MIMO_PS ? " (+SMPS)" : "", 2556 ni->ni_flags & IEEE80211_NODE_RIFS ? " (+RIFS)" : "", 2557 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ? 2558 ", fast-frames" : "", 2559 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ? 2560 ", turbo" : "" 2561 ); 2562 2563 ieee80211_node_setuptxparms(ni); 2564 ieee80211_ratectl_node_init(ni); 2565 /* give driver a chance to setup state like ni_txrate */ 2566 if (ic->ic_newassoc != NULL) 2567 ic->ic_newassoc(ni, newassoc); 2568 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS); 2569 /* tell the authenticator about new station */ 2570 if (vap->iv_auth->ia_node_join != NULL) 2571 vap->iv_auth->ia_node_join(ni); 2572 ieee80211_notify_node_join(ni, 2573 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 2574 } 2575 2576 static void 2577 disable_protection(struct ieee80211com *ic) 2578 { 2579 KASSERT(ic->ic_nonerpsta == 0 && 2580 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0, 2581 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta, 2582 ic->ic_flags_ext)); 2583 2584 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2585 /* XXX verify mode? */ 2586 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2587 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 2588 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2589 } 2590 ieee80211_notify_erp_locked(ic); 2591 } 2592 2593 /* 2594 * Handle a station leaving an 11g network. 2595 */ 2596 static void 2597 ieee80211_node_leave_11g(struct ieee80211_node *ni) 2598 { 2599 struct ieee80211com *ic = ni->ni_ic; 2600 2601 IEEE80211_LOCK_ASSERT(ic); 2602 2603 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan), 2604 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq, 2605 ic->ic_bsschan->ic_flags)); 2606 2607 /* 2608 * If a long slot station do the slot time bookkeeping. 2609 */ 2610 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2611 KASSERT(ic->ic_longslotsta > 0, 2612 ("bogus long slot station count %d", ic->ic_longslotsta)); 2613 ic->ic_longslotsta--; 2614 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2615 "long slot time station leaves, count now %d", 2616 ic->ic_longslotsta); 2617 if (ic->ic_longslotsta == 0) { 2618 /* 2619 * Re-enable use of short slot time if supported 2620 * and not operating in IBSS mode (per spec). 2621 */ 2622 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2623 ic->ic_opmode != IEEE80211_M_IBSS) { 2624 IEEE80211_DPRINTF(ni->ni_vap, 2625 IEEE80211_MSG_ASSOC, 2626 "%s: re-enable use of short slot time\n", 2627 __func__); 2628 ieee80211_set_shortslottime(ic, 1); 2629 } 2630 } 2631 } 2632 /* 2633 * If a non-ERP station do the protection-related bookkeeping. 2634 */ 2635 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2636 KASSERT(ic->ic_nonerpsta > 0, 2637 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2638 ic->ic_nonerpsta--; 2639 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2640 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta, 2641 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ? 2642 " (non-ERP sta present)" : ""); 2643 if (ic->ic_nonerpsta == 0 && 2644 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2645 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2646 "%s: disable use of protection\n", __func__); 2647 disable_protection(ic); 2648 } 2649 } 2650 } 2651 2652 /* 2653 * Time out presence of an overlapping bss with non-ERP 2654 * stations. When operating in hostap mode we listen for 2655 * beacons from other stations and if we identify a non-ERP 2656 * station is present we enable protection. To identify 2657 * when all non-ERP stations are gone we time out this 2658 * condition. 2659 */ 2660 static void 2661 ieee80211_erp_timeout(struct ieee80211com *ic) 2662 { 2663 2664 IEEE80211_LOCK_ASSERT(ic); 2665 2666 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) && 2667 ieee80211_time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) { 2668 #if 0 2669 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2670 "%s", "age out non-ERP sta present on channel"); 2671 #endif 2672 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR; 2673 if (ic->ic_nonerpsta == 0) 2674 disable_protection(ic); 2675 } 2676 } 2677 2678 /* 2679 * Handle bookkeeping for station deauthentication/disassociation 2680 * when operating as an ap. 2681 */ 2682 void 2683 ieee80211_node_leave(struct ieee80211_node *ni) 2684 { 2685 struct ieee80211com *ic = ni->ni_ic; 2686 struct ieee80211vap *vap = ni->ni_vap; 2687 struct ieee80211_node_table *nt = ni->ni_table; 2688 2689 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2690 "station with aid %d leaves", IEEE80211_NODE_AID(ni)); 2691 2692 KASSERT(vap->iv_opmode != IEEE80211_M_STA, 2693 ("unexpected operating mode %u", vap->iv_opmode)); 2694 /* 2695 * If node wasn't previously associated all 2696 * we need to do is reclaim the reference. 2697 */ 2698 /* XXX ibss mode bypasses 11g and notification */ 2699 if (ni->ni_associd == 0) 2700 goto done; 2701 /* 2702 * Tell the authenticator the station is leaving. 2703 * Note that we must do this before yanking the 2704 * association id as the authenticator uses the 2705 * associd to locate it's state block. 2706 */ 2707 if (vap->iv_auth->ia_node_leave != NULL) 2708 vap->iv_auth->ia_node_leave(ni); 2709 2710 IEEE80211_LOCK(ic); 2711 IEEE80211_AID_CLR(vap, ni->ni_associd); 2712 vap->iv_sta_assoc--; 2713 ic->ic_sta_assoc--; 2714 2715 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2716 ieee80211_ht_node_leave(ni); 2717 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2718 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2719 ieee80211_node_leave_11g(ni); 2720 IEEE80211_UNLOCK(ic); 2721 /* 2722 * Cleanup station state. In particular clear various 2723 * state that might otherwise be reused if the node 2724 * is reused before the reference count goes to zero 2725 * (and memory is reclaimed). 2726 */ 2727 ieee80211_sta_leave(ni); 2728 done: 2729 /* 2730 * Remove the node from any table it's recorded in and 2731 * drop the caller's reference. Removal from the table 2732 * is important to insure the node is not reprocessed 2733 * for inactivity. 2734 */ 2735 if (nt != NULL) { 2736 IEEE80211_NODE_LOCK(nt); 2737 node_reclaim(nt, ni); 2738 IEEE80211_NODE_UNLOCK(nt); 2739 } else 2740 ieee80211_free_node(ni); 2741 } 2742 2743 struct rssiinfo { 2744 struct ieee80211vap *vap; 2745 int rssi_samples; 2746 uint32_t rssi_total; 2747 }; 2748 2749 static void 2750 get_hostap_rssi(void *arg, struct ieee80211_node *ni) 2751 { 2752 struct rssiinfo *info = arg; 2753 struct ieee80211vap *vap = ni->ni_vap; 2754 int8_t rssi; 2755 2756 if (info->vap != vap) 2757 return; 2758 /* only associated stations */ 2759 if (ni->ni_associd == 0) 2760 return; 2761 rssi = vap->iv_ic->ic_node_getrssi(ni); 2762 if (rssi != 0) { 2763 info->rssi_samples++; 2764 info->rssi_total += rssi; 2765 } 2766 } 2767 2768 static void 2769 get_adhoc_rssi(void *arg, struct ieee80211_node *ni) 2770 { 2771 struct rssiinfo *info = arg; 2772 struct ieee80211vap *vap = ni->ni_vap; 2773 int8_t rssi; 2774 2775 if (info->vap != vap) 2776 return; 2777 /* only neighbors */ 2778 /* XXX check bssid */ 2779 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 2780 return; 2781 rssi = vap->iv_ic->ic_node_getrssi(ni); 2782 if (rssi != 0) { 2783 info->rssi_samples++; 2784 info->rssi_total += rssi; 2785 } 2786 } 2787 2788 #ifdef IEEE80211_SUPPORT_MESH 2789 static void 2790 get_mesh_rssi(void *arg, struct ieee80211_node *ni) 2791 { 2792 struct rssiinfo *info = arg; 2793 struct ieee80211vap *vap = ni->ni_vap; 2794 int8_t rssi; 2795 2796 if (info->vap != vap) 2797 return; 2798 /* only neighbors that peered successfully */ 2799 if (ni->ni_mlstate != IEEE80211_NODE_MESH_ESTABLISHED) 2800 return; 2801 rssi = vap->iv_ic->ic_node_getrssi(ni); 2802 if (rssi != 0) { 2803 info->rssi_samples++; 2804 info->rssi_total += rssi; 2805 } 2806 } 2807 #endif /* IEEE80211_SUPPORT_MESH */ 2808 2809 int8_t 2810 ieee80211_getrssi(struct ieee80211vap *vap) 2811 { 2812 #define NZ(x) ((x) == 0 ? 1 : (x)) 2813 struct ieee80211com *ic = vap->iv_ic; 2814 struct rssiinfo info; 2815 2816 info.rssi_total = 0; 2817 info.rssi_samples = 0; 2818 info.vap = vap; 2819 switch (vap->iv_opmode) { 2820 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 2821 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 2822 ieee80211_iterate_nodes(&ic->ic_sta, get_adhoc_rssi, &info); 2823 break; 2824 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 2825 ieee80211_iterate_nodes(&ic->ic_sta, get_hostap_rssi, &info); 2826 break; 2827 #ifdef IEEE80211_SUPPORT_MESH 2828 case IEEE80211_M_MBSS: /* average of all mesh neighbors */ 2829 ieee80211_iterate_nodes(&ic->ic_sta, get_mesh_rssi, &info); 2830 break; 2831 #endif 2832 case IEEE80211_M_MONITOR: /* XXX */ 2833 case IEEE80211_M_STA: /* use stats from associated ap */ 2834 default: 2835 if (vap->iv_bss != NULL) 2836 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss); 2837 info.rssi_samples = 1; 2838 break; 2839 } 2840 return info.rssi_total / NZ(info.rssi_samples); 2841 #undef NZ 2842 } 2843 2844 void 2845 ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise) 2846 { 2847 2848 if (vap->iv_bss == NULL) /* NB: shouldn't happen */ 2849 return; 2850 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise); 2851 /* for non-station mode return avg'd rssi accounting */ 2852 if (vap->iv_opmode != IEEE80211_M_STA) 2853 *rssi = ieee80211_getrssi(vap); 2854 } 2855