1 /*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #include "opt_wlan.h" 31 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/mbuf.h> 35 #include <sys/malloc.h> 36 #include <sys/kernel.h> 37 38 #include <sys/socket.h> 39 40 #include <net/if.h> 41 #include <net/if_var.h> 42 #include <net/if_media.h> 43 #include <net/ethernet.h> 44 45 #include <net80211/ieee80211_var.h> 46 #include <net80211/ieee80211_input.h> 47 #ifdef IEEE80211_SUPPORT_SUPERG 48 #include <net80211/ieee80211_superg.h> 49 #endif 50 #ifdef IEEE80211_SUPPORT_TDMA 51 #include <net80211/ieee80211_tdma.h> 52 #endif 53 #include <net80211/ieee80211_wds.h> 54 #include <net80211/ieee80211_mesh.h> 55 #include <net80211/ieee80211_ratectl.h> 56 57 #include <net/bpf.h> 58 59 /* 60 * IEEE80211_NODE_HASHSIZE must be a power of 2. 61 */ 62 CTASSERT((IEEE80211_NODE_HASHSIZE & (IEEE80211_NODE_HASHSIZE-1)) == 0); 63 64 /* 65 * Association id's are managed with a bit vector. 66 */ 67 #define IEEE80211_AID_SET(_vap, b) \ 68 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \ 69 (1 << (IEEE80211_AID(b) % 32))) 70 #define IEEE80211_AID_CLR(_vap, b) \ 71 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \ 72 ~(1 << (IEEE80211_AID(b) % 32))) 73 #define IEEE80211_AID_ISSET(_vap, b) \ 74 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 75 76 static int ieee80211_sta_join1(struct ieee80211_node *); 77 78 static struct ieee80211_node *node_alloc(struct ieee80211vap *, 79 const uint8_t [IEEE80211_ADDR_LEN]); 80 static void node_cleanup(struct ieee80211_node *); 81 static void node_free(struct ieee80211_node *); 82 static void node_age(struct ieee80211_node *); 83 static int8_t node_getrssi(const struct ieee80211_node *); 84 static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *); 85 static void node_getmimoinfo(const struct ieee80211_node *, 86 struct ieee80211_mimo_info *); 87 88 static void _ieee80211_free_node(struct ieee80211_node *); 89 90 static void node_reclaim(struct ieee80211_node_table *nt, 91 struct ieee80211_node *ni); 92 static void ieee80211_node_table_init(struct ieee80211com *ic, 93 struct ieee80211_node_table *nt, const char *name, 94 int inact, int keymaxix); 95 static void ieee80211_node_table_reset(struct ieee80211_node_table *, 96 struct ieee80211vap *); 97 static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 98 static void ieee80211_erp_timeout(struct ieee80211com *); 99 100 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 101 MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie"); 102 103 void 104 ieee80211_node_attach(struct ieee80211com *ic) 105 { 106 /* XXX really want maxlen enforced per-sta */ 107 ieee80211_ageq_init(&ic->ic_stageq, ic->ic_max_keyix * 8, 108 "802.11 staging q"); 109 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 110 IEEE80211_INACT_INIT, ic->ic_max_keyix); 111 callout_init(&ic->ic_inact, 1); 112 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 113 ieee80211_node_timeout, ic); 114 115 ic->ic_node_alloc = node_alloc; 116 ic->ic_node_free = node_free; 117 ic->ic_node_cleanup = node_cleanup; 118 ic->ic_node_age = node_age; 119 ic->ic_node_drain = node_age; /* NB: same as age */ 120 ic->ic_node_getrssi = node_getrssi; 121 ic->ic_node_getsignal = node_getsignal; 122 ic->ic_node_getmimoinfo = node_getmimoinfo; 123 124 /* 125 * Set flags to be propagated to all vap's; 126 * these define default behaviour/configuration. 127 */ 128 ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */ 129 } 130 131 void 132 ieee80211_node_detach(struct ieee80211com *ic) 133 { 134 135 callout_drain(&ic->ic_inact); 136 ieee80211_node_table_cleanup(&ic->ic_sta); 137 ieee80211_ageq_cleanup(&ic->ic_stageq); 138 } 139 140 void 141 ieee80211_node_vattach(struct ieee80211vap *vap) 142 { 143 /* NB: driver can override */ 144 vap->iv_max_aid = IEEE80211_AID_DEF; 145 146 /* default station inactivity timer setings */ 147 vap->iv_inact_init = IEEE80211_INACT_INIT; 148 vap->iv_inact_auth = IEEE80211_INACT_AUTH; 149 vap->iv_inact_run = IEEE80211_INACT_RUN; 150 vap->iv_inact_probe = IEEE80211_INACT_PROBE; 151 152 IEEE80211_DPRINTF(vap, IEEE80211_MSG_INACT, 153 "%s: init %u auth %u run %u probe %u\n", __func__, 154 vap->iv_inact_init, vap->iv_inact_auth, 155 vap->iv_inact_run, vap->iv_inact_probe); 156 } 157 158 void 159 ieee80211_node_latevattach(struct ieee80211vap *vap) 160 { 161 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 162 /* XXX should we allow max aid to be zero? */ 163 if (vap->iv_max_aid < IEEE80211_AID_MIN) { 164 vap->iv_max_aid = IEEE80211_AID_MIN; 165 if_printf(vap->iv_ifp, 166 "WARNING: max aid too small, changed to %d\n", 167 vap->iv_max_aid); 168 } 169 vap->iv_aid_bitmap = (uint32_t *) IEEE80211_MALLOC( 170 howmany(vap->iv_max_aid, 32) * sizeof(uint32_t), 171 M_80211_NODE, 172 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 173 if (vap->iv_aid_bitmap == NULL) { 174 /* XXX no way to recover */ 175 printf("%s: no memory for AID bitmap, max aid %d!\n", 176 __func__, vap->iv_max_aid); 177 vap->iv_max_aid = 0; 178 } 179 } 180 181 ieee80211_reset_bss(vap); 182 183 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode); 184 } 185 186 void 187 ieee80211_node_vdetach(struct ieee80211vap *vap) 188 { 189 struct ieee80211com *ic = vap->iv_ic; 190 191 ieee80211_node_table_reset(&ic->ic_sta, vap); 192 if (vap->iv_bss != NULL) { 193 ieee80211_free_node(vap->iv_bss); 194 vap->iv_bss = NULL; 195 } 196 if (vap->iv_aid_bitmap != NULL) { 197 IEEE80211_FREE(vap->iv_aid_bitmap, M_80211_NODE); 198 vap->iv_aid_bitmap = NULL; 199 } 200 } 201 202 /* 203 * Port authorize/unauthorize interfaces for use by an authenticator. 204 */ 205 206 void 207 ieee80211_node_authorize(struct ieee80211_node *ni) 208 { 209 struct ieee80211vap *vap = ni->ni_vap; 210 211 ni->ni_flags |= IEEE80211_NODE_AUTH; 212 ni->ni_inact_reload = vap->iv_inact_run; 213 ni->ni_inact = ni->ni_inact_reload; 214 215 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 216 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 217 } 218 219 void 220 ieee80211_node_unauthorize(struct ieee80211_node *ni) 221 { 222 struct ieee80211vap *vap = ni->ni_vap; 223 224 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 225 ni->ni_inact_reload = vap->iv_inact_auth; 226 if (ni->ni_inact > ni->ni_inact_reload) 227 ni->ni_inact = ni->ni_inact_reload; 228 229 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 230 "%s: inact_reload %u inact %u", __func__, 231 ni->ni_inact_reload, ni->ni_inact); 232 } 233 234 /* 235 * Fix tx parameters for a node according to ``association state''. 236 */ 237 void 238 ieee80211_node_setuptxparms(struct ieee80211_node *ni) 239 { 240 struct ieee80211vap *vap = ni->ni_vap; 241 enum ieee80211_phymode mode; 242 243 if (ni->ni_flags & IEEE80211_NODE_HT) { 244 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) 245 mode = IEEE80211_MODE_11NA; 246 else 247 mode = IEEE80211_MODE_11NG; 248 } else { /* legacy rate handling */ 249 if (IEEE80211_IS_CHAN_ST(ni->ni_chan)) 250 mode = IEEE80211_MODE_STURBO_A; 251 else if (IEEE80211_IS_CHAN_HALF(ni->ni_chan)) 252 mode = IEEE80211_MODE_HALF; 253 else if (IEEE80211_IS_CHAN_QUARTER(ni->ni_chan)) 254 mode = IEEE80211_MODE_QUARTER; 255 /* NB: 108A should be handled as 11a */ 256 else if (IEEE80211_IS_CHAN_A(ni->ni_chan)) 257 mode = IEEE80211_MODE_11A; 258 else if (IEEE80211_IS_CHAN_108G(ni->ni_chan) || 259 (ni->ni_flags & IEEE80211_NODE_ERP)) 260 mode = IEEE80211_MODE_11G; 261 else 262 mode = IEEE80211_MODE_11B; 263 } 264 ni->ni_txparms = &vap->iv_txparms[mode]; 265 } 266 267 /* 268 * Set/change the channel. The rate set is also updated as 269 * to insure a consistent view by drivers. 270 * XXX should be private but hostap needs it to deal with CSA 271 */ 272 void 273 ieee80211_node_set_chan(struct ieee80211_node *ni, 274 struct ieee80211_channel *chan) 275 { 276 struct ieee80211com *ic = ni->ni_ic; 277 struct ieee80211vap *vap = ni->ni_vap; 278 enum ieee80211_phymode mode; 279 280 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel")); 281 282 ni->ni_chan = chan; 283 mode = ieee80211_chan2mode(chan); 284 if (IEEE80211_IS_CHAN_HT(chan)) { 285 /* 286 * We must install the legacy rate est in ni_rates and the 287 * HT rate set in ni_htrates. 288 */ 289 ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan); 290 /* 291 * Setup bss tx parameters based on operating mode. We 292 * use legacy rates when operating in a mixed HT+non-HT bss 293 * and non-ERP rates in 11g for mixed ERP+non-ERP bss. 294 */ 295 if (mode == IEEE80211_MODE_11NA && 296 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 297 mode = IEEE80211_MODE_11A; 298 else if (mode == IEEE80211_MODE_11NG && 299 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 300 mode = IEEE80211_MODE_11G; 301 if (mode == IEEE80211_MODE_11G && 302 (vap->iv_flags & IEEE80211_F_PUREG) == 0) 303 mode = IEEE80211_MODE_11B; 304 } 305 ni->ni_txparms = &vap->iv_txparms[mode]; 306 ni->ni_rates = *ieee80211_get_suprates(ic, chan); 307 } 308 309 static __inline void 310 copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 311 { 312 /* propagate useful state */ 313 nbss->ni_authmode = obss->ni_authmode; 314 nbss->ni_txpower = obss->ni_txpower; 315 nbss->ni_vlan = obss->ni_vlan; 316 /* XXX statistics? */ 317 /* XXX legacy WDS bssid? */ 318 } 319 320 void 321 ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan) 322 { 323 struct ieee80211com *ic = vap->iv_ic; 324 struct ieee80211_node *ni; 325 326 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 327 "%s: creating %s on channel %u%c\n", __func__, 328 ieee80211_opmode_name[vap->iv_opmode], 329 ieee80211_chan2ieee(ic, chan), 330 ieee80211_channel_type_char(chan)); 331 332 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 333 if (ni == NULL) { 334 /* XXX recovery? */ 335 return; 336 } 337 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 338 ni->ni_esslen = vap->iv_des_ssid[0].len; 339 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 340 if (vap->iv_bss != NULL) 341 copy_bss(ni, vap->iv_bss); 342 ni->ni_intval = ic->ic_bintval; 343 if (vap->iv_flags & IEEE80211_F_PRIVACY) 344 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 345 if (ic->ic_phytype == IEEE80211_T_FH) { 346 ni->ni_fhdwell = 200; /* XXX */ 347 ni->ni_fhindex = 1; 348 } 349 if (vap->iv_opmode == IEEE80211_M_IBSS) { 350 vap->iv_flags |= IEEE80211_F_SIBSS; 351 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 352 if (vap->iv_flags & IEEE80211_F_DESBSSID) 353 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 354 else { 355 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN); 356 /* clear group bit, add local bit */ 357 ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02; 358 } 359 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 360 if (vap->iv_flags & IEEE80211_F_DESBSSID) 361 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 362 else 363 #ifdef IEEE80211_SUPPORT_TDMA 364 if ((vap->iv_caps & IEEE80211_C_TDMA) == 0) 365 #endif 366 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN); 367 #ifdef IEEE80211_SUPPORT_MESH 368 } else if (vap->iv_opmode == IEEE80211_M_MBSS) { 369 ni->ni_meshidlen = vap->iv_mesh->ms_idlen; 370 memcpy(ni->ni_meshid, vap->iv_mesh->ms_id, ni->ni_meshidlen); 371 #endif 372 } 373 /* 374 * Fix the channel and related attributes. 375 */ 376 /* clear DFS CAC state on previous channel */ 377 if (ic->ic_bsschan != IEEE80211_CHAN_ANYC && 378 ic->ic_bsschan->ic_freq != chan->ic_freq && 379 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan)) 380 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan); 381 ic->ic_bsschan = chan; 382 ieee80211_node_set_chan(ni, chan); 383 ic->ic_curmode = ieee80211_chan2mode(chan); 384 /* 385 * Do mode-specific setup. 386 */ 387 if (IEEE80211_IS_CHAN_FULL(chan)) { 388 if (IEEE80211_IS_CHAN_ANYG(chan)) { 389 /* 390 * Use a mixed 11b/11g basic rate set. 391 */ 392 ieee80211_setbasicrates(&ni->ni_rates, 393 IEEE80211_MODE_11G); 394 if (vap->iv_flags & IEEE80211_F_PUREG) { 395 /* 396 * Also mark OFDM rates basic so 11b 397 * stations do not join (WiFi compliance). 398 */ 399 ieee80211_addbasicrates(&ni->ni_rates, 400 IEEE80211_MODE_11A); 401 } 402 } else if (IEEE80211_IS_CHAN_B(chan)) { 403 /* 404 * Force pure 11b rate set. 405 */ 406 ieee80211_setbasicrates(&ni->ni_rates, 407 IEEE80211_MODE_11B); 408 } 409 } 410 411 (void) ieee80211_sta_join1(ieee80211_ref_node(ni)); 412 } 413 414 /* 415 * Reset bss state on transition to the INIT state. 416 * Clear any stations from the table (they have been 417 * deauth'd) and reset the bss node (clears key, rate 418 * etc. state). 419 */ 420 void 421 ieee80211_reset_bss(struct ieee80211vap *vap) 422 { 423 struct ieee80211com *ic = vap->iv_ic; 424 struct ieee80211_node *ni, *obss; 425 426 ieee80211_node_table_reset(&ic->ic_sta, vap); 427 /* XXX multi-bss: wrong */ 428 ieee80211_reset_erp(ic); 429 430 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 431 KASSERT(ni != NULL, ("unable to setup initial BSS node")); 432 obss = vap->iv_bss; 433 vap->iv_bss = ieee80211_ref_node(ni); 434 if (obss != NULL) { 435 copy_bss(ni, obss); 436 ni->ni_intval = ic->ic_bintval; 437 ieee80211_free_node(obss); 438 } else 439 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 440 } 441 442 static int 443 match_ssid(const struct ieee80211_node *ni, 444 int nssid, const struct ieee80211_scan_ssid ssids[]) 445 { 446 int i; 447 448 for (i = 0; i < nssid; i++) { 449 if (ni->ni_esslen == ssids[i].len && 450 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0) 451 return 1; 452 } 453 return 0; 454 } 455 456 /* 457 * Test a node for suitability/compatibility. 458 */ 459 static int 460 check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni) 461 { 462 struct ieee80211com *ic = ni->ni_ic; 463 uint8_t rate; 464 465 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 466 return 0; 467 if (vap->iv_opmode == IEEE80211_M_IBSS) { 468 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 469 return 0; 470 } else { 471 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 472 return 0; 473 } 474 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 475 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 476 return 0; 477 } else { 478 /* XXX does this mean privacy is supported or required? */ 479 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 480 return 0; 481 } 482 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 483 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 484 if (rate & IEEE80211_RATE_BASIC) 485 return 0; 486 if (vap->iv_des_nssid != 0 && 487 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 488 return 0; 489 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 490 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 491 return 0; 492 return 1; 493 } 494 495 #ifdef IEEE80211_DEBUG 496 /* 497 * Display node suitability/compatibility. 498 */ 499 static void 500 check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni) 501 { 502 struct ieee80211com *ic = ni->ni_ic; 503 uint8_t rate; 504 int fail; 505 506 fail = 0; 507 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 508 fail |= 0x01; 509 if (vap->iv_opmode == IEEE80211_M_IBSS) { 510 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 511 fail |= 0x02; 512 } else { 513 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 514 fail |= 0x02; 515 } 516 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 517 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 518 fail |= 0x04; 519 } else { 520 /* XXX does this mean privacy is supported or required? */ 521 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 522 fail |= 0x04; 523 } 524 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 525 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 526 if (rate & IEEE80211_RATE_BASIC) 527 fail |= 0x08; 528 if (vap->iv_des_nssid != 0 && 529 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 530 fail |= 0x10; 531 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 532 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 533 fail |= 0x20; 534 535 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr)); 536 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' '); 537 printf(" %3d%c", 538 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' '); 539 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 540 fail & 0x08 ? '!' : ' '); 541 printf(" %4s%c", 542 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 543 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 544 "????", 545 fail & 0x02 ? '!' : ' '); 546 printf(" %3s%c ", 547 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no", 548 fail & 0x04 ? '!' : ' '); 549 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 550 printf("%s\n", fail & 0x10 ? "!" : ""); 551 } 552 #endif /* IEEE80211_DEBUG */ 553 554 555 int 556 ieee80211_ibss_merge_check(struct ieee80211_node *ni) 557 { 558 struct ieee80211vap *vap = ni->ni_vap; 559 560 if (ni == vap->iv_bss || 561 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) { 562 /* unchanged, nothing to do */ 563 return 0; 564 } 565 566 if (!check_bss(vap, ni)) { 567 /* capabilities mismatch */ 568 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 569 "%s: merge failed, capabilities mismatch\n", __func__); 570 #ifdef IEEE80211_DEBUG 571 if (ieee80211_msg_assoc(vap)) 572 check_bss_debug(vap, ni); 573 #endif 574 vap->iv_stats.is_ibss_capmismatch++; 575 return 0; 576 } 577 578 return 1; 579 } 580 581 /* 582 * Check if the given node should populate the node table. 583 * 584 * We need to be in "see all beacons for all ssids" mode in order 585 * to do IBSS merges, however this means we will populate nodes for 586 * /all/ IBSS SSIDs, versus just the one we care about. 587 * 588 * So this check ensures the node can actually belong to our IBSS 589 * configuration. For now it simply checks the SSID. 590 */ 591 int 592 ieee80211_ibss_node_check_new(struct ieee80211_node *ni, 593 const struct ieee80211_scanparams *scan) 594 { 595 struct ieee80211vap *vap = ni->ni_vap; 596 int i; 597 598 /* 599 * If we have no SSID and no scan SSID, return OK. 600 */ 601 if (vap->iv_des_nssid == 0 && scan->ssid == NULL) 602 goto ok; 603 604 /* 605 * If we have one of (SSID, scan SSID) then return error. 606 */ 607 if (!! (vap->iv_des_nssid == 0) != !! (scan->ssid == NULL)) 608 goto mismatch; 609 610 /* 611 * Double-check - we need scan SSID. 612 */ 613 if (scan->ssid == NULL) 614 goto mismatch; 615 616 /* 617 * Check if the scan SSID matches the SSID list for the VAP. 618 */ 619 for (i = 0; i < vap->iv_des_nssid; i++) { 620 621 /* Sanity length check */ 622 if (vap->iv_des_ssid[i].len != scan->ssid[1]) 623 continue; 624 625 /* Note: SSID in the scan entry is the IE format */ 626 if (memcmp(vap->iv_des_ssid[i].ssid, scan->ssid + 2, 627 vap->iv_des_ssid[i].len) == 0) 628 goto ok; 629 } 630 631 mismatch: 632 return (0); 633 ok: 634 return (1); 635 } 636 637 /* 638 * Handle 802.11 ad hoc network merge. The 639 * convention, set by the Wireless Ethernet Compatibility Alliance 640 * (WECA), is that an 802.11 station will change its BSSID to match 641 * the "oldest" 802.11 ad hoc network, on the same channel, that 642 * has the station's desired SSID. The "oldest" 802.11 network 643 * sends beacons with the greatest TSF timestamp. 644 * 645 * The caller is assumed to validate TSF's before attempting a merge. 646 * 647 * Return !0 if the BSSID changed, 0 otherwise. 648 */ 649 int 650 ieee80211_ibss_merge(struct ieee80211_node *ni) 651 { 652 #ifdef IEEE80211_DEBUG 653 struct ieee80211vap *vap = ni->ni_vap; 654 struct ieee80211com *ic = ni->ni_ic; 655 #endif 656 657 if (! ieee80211_ibss_merge_check(ni)) 658 return 0; 659 660 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 661 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 662 ether_sprintf(ni->ni_bssid), 663 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 664 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 665 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 666 ); 667 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 668 } 669 670 /* 671 * Calculate HT channel promotion flags for all vaps. 672 * This assumes ni_chan have been setup for each vap. 673 */ 674 static int 675 gethtadjustflags(struct ieee80211com *ic) 676 { 677 struct ieee80211vap *vap; 678 int flags; 679 680 flags = 0; 681 /* XXX locking */ 682 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 683 if (vap->iv_state < IEEE80211_S_RUN) 684 continue; 685 switch (vap->iv_opmode) { 686 case IEEE80211_M_WDS: 687 case IEEE80211_M_STA: 688 case IEEE80211_M_AHDEMO: 689 case IEEE80211_M_HOSTAP: 690 case IEEE80211_M_IBSS: 691 case IEEE80211_M_MBSS: 692 flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan); 693 break; 694 default: 695 break; 696 } 697 } 698 return flags; 699 } 700 701 /* 702 * Check if the current channel needs to change based on whether 703 * any vap's are using HT20/HT40. This is used to sync the state 704 * of ic_curchan after a channel width change on a running vap. 705 */ 706 void 707 ieee80211_sync_curchan(struct ieee80211com *ic) 708 { 709 struct ieee80211_channel *c; 710 711 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic)); 712 if (c != ic->ic_curchan) { 713 ic->ic_curchan = c; 714 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 715 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 716 IEEE80211_UNLOCK(ic); 717 ic->ic_set_channel(ic); 718 ieee80211_radiotap_chan_change(ic); 719 IEEE80211_LOCK(ic); 720 } 721 } 722 723 /* 724 * Setup the current channel. The request channel may be 725 * promoted if other vap's are operating with HT20/HT40. 726 */ 727 void 728 ieee80211_setupcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 729 { 730 if (ic->ic_htcaps & IEEE80211_HTC_HT) { 731 int flags = gethtadjustflags(ic); 732 /* 733 * Check for channel promotion required to support the 734 * set of running vap's. This assumes we are called 735 * after ni_chan is setup for each vap. 736 */ 737 /* NB: this assumes IEEE80211_FHT_USEHT40 > IEEE80211_FHT_HT */ 738 if (flags > ieee80211_htchanflags(c)) 739 c = ieee80211_ht_adjust_channel(ic, c, flags); 740 } 741 ic->ic_bsschan = ic->ic_curchan = c; 742 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 743 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 744 } 745 746 /* 747 * Change the current channel. The channel change is guaranteed to have 748 * happened before the next state change. 749 */ 750 void 751 ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 752 { 753 ieee80211_setupcurchan(ic, c); 754 ieee80211_runtask(ic, &ic->ic_chan_task); 755 } 756 757 void 758 ieee80211_update_chw(struct ieee80211com *ic) 759 { 760 761 ieee80211_setupcurchan(ic, ic->ic_curchan); 762 ieee80211_runtask(ic, &ic->ic_chw_task); 763 } 764 765 /* 766 * Join the specified IBSS/BSS network. The node is assumed to 767 * be passed in with a held reference. 768 */ 769 static int 770 ieee80211_sta_join1(struct ieee80211_node *selbs) 771 { 772 struct ieee80211vap *vap = selbs->ni_vap; 773 struct ieee80211com *ic = selbs->ni_ic; 774 struct ieee80211_node *obss; 775 int canreassoc; 776 777 /* 778 * Committed to selbs, setup state. 779 */ 780 obss = vap->iv_bss; 781 /* 782 * Check if old+new node have the same address in which 783 * case we can reassociate when operating in sta mode. 784 */ 785 canreassoc = (obss != NULL && 786 vap->iv_state == IEEE80211_S_RUN && 787 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr)); 788 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt */ 789 if (obss != NULL) { 790 struct ieee80211_node_table *nt = obss->ni_table; 791 792 copy_bss(selbs, obss); 793 ieee80211_node_decref(obss); /* iv_bss reference */ 794 795 IEEE80211_NODE_LOCK(nt); 796 node_reclaim(nt, obss); /* station table reference */ 797 IEEE80211_NODE_UNLOCK(nt); 798 799 obss = NULL; /* NB: guard against later use */ 800 } 801 802 /* 803 * Delete unusable rates; we've already checked 804 * that the negotiated rate set is acceptable. 805 */ 806 ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates, 807 IEEE80211_F_DODEL | IEEE80211_F_JOIN); 808 809 ieee80211_setcurchan(ic, selbs->ni_chan); 810 /* 811 * Set the erp state (mostly the slot time) to deal with 812 * the auto-select case; this should be redundant if the 813 * mode is locked. 814 */ 815 ieee80211_reset_erp(ic); 816 ieee80211_wme_initparams(vap); 817 818 if (vap->iv_opmode == IEEE80211_M_STA) { 819 if (canreassoc) { 820 /* Reassociate */ 821 ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1); 822 } else { 823 /* 824 * Act as if we received a DEAUTH frame in case we 825 * are invoked from the RUN state. This will cause 826 * us to try to re-authenticate if we are operating 827 * as a station. 828 */ 829 ieee80211_new_state(vap, IEEE80211_S_AUTH, 830 IEEE80211_FC0_SUBTYPE_DEAUTH); 831 } 832 } else 833 ieee80211_new_state(vap, IEEE80211_S_RUN, -1); 834 return 1; 835 } 836 837 int 838 ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan, 839 const struct ieee80211_scan_entry *se) 840 { 841 struct ieee80211com *ic = vap->iv_ic; 842 struct ieee80211_node *ni; 843 844 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr); 845 if (ni == NULL) { 846 /* XXX msg */ 847 return 0; 848 } 849 850 /* 851 * Expand scan state into node's format. 852 * XXX may not need all this stuff 853 */ 854 IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid); 855 ni->ni_esslen = se->se_ssid[1]; 856 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen); 857 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 858 ni->ni_intval = se->se_intval; 859 ni->ni_capinfo = se->se_capinfo; 860 ni->ni_chan = chan; 861 ni->ni_timoff = se->se_timoff; 862 ni->ni_fhdwell = se->se_fhdwell; 863 ni->ni_fhindex = se->se_fhindex; 864 ni->ni_erp = se->se_erp; 865 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi); 866 ni->ni_noise = se->se_noise; 867 if (vap->iv_opmode == IEEE80211_M_STA) { 868 /* NB: only infrastructure mode requires an associd */ 869 ni->ni_flags |= IEEE80211_NODE_ASSOCID; 870 } 871 872 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) { 873 ieee80211_ies_expand(&ni->ni_ies); 874 #ifdef IEEE80211_SUPPORT_SUPERG 875 if (ni->ni_ies.ath_ie != NULL) 876 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 877 #endif 878 if (ni->ni_ies.htcap_ie != NULL) 879 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 880 if (ni->ni_ies.htinfo_ie != NULL) 881 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 882 #ifdef IEEE80211_SUPPORT_MESH 883 if (ni->ni_ies.meshid_ie != NULL) 884 ieee80211_parse_meshid(ni, ni->ni_ies.meshid_ie); 885 #endif 886 #ifdef IEEE80211_SUPPORT_TDMA 887 if (ni->ni_ies.tdma_ie != NULL) 888 ieee80211_parse_tdma(ni, ni->ni_ies.tdma_ie); 889 #endif 890 } 891 892 vap->iv_dtim_period = se->se_dtimperiod; 893 vap->iv_dtim_count = 0; 894 895 /* NB: must be after ni_chan is setup */ 896 ieee80211_setup_rates(ni, se->se_rates, se->se_xrates, 897 IEEE80211_F_DOSORT); 898 if (ieee80211_iserp_rateset(&ni->ni_rates)) 899 ni->ni_flags |= IEEE80211_NODE_ERP; 900 901 /* 902 * Setup HT state for this node if it's available, otherwise 903 * non-STA modes won't pick this state up. 904 * 905 * For IBSS and related modes that don't go through an 906 * association request/response, the only appropriate place 907 * to setup the HT state is here. 908 */ 909 if (ni->ni_ies.htinfo_ie != NULL && 910 ni->ni_ies.htcap_ie != NULL && 911 vap->iv_flags_ht & IEEE80211_FHT_HT) { 912 ieee80211_ht_node_init(ni); 913 ieee80211_ht_updateparams(ni, 914 ni->ni_ies.htcap_ie, 915 ni->ni_ies.htinfo_ie); 916 ieee80211_setup_htrates(ni, ni->ni_ies.htcap_ie, 917 IEEE80211_F_JOIN | IEEE80211_F_DOBRS); 918 ieee80211_setup_basic_htrates(ni, ni->ni_ies.htinfo_ie); 919 } 920 /* XXX else check for ath FF? */ 921 /* XXX QoS? Difficult given that WME config is specific to a master */ 922 923 ieee80211_node_setuptxparms(ni); 924 ieee80211_ratectl_node_init(ni); 925 926 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 927 } 928 929 /* 930 * Leave the specified IBSS/BSS network. The node is assumed to 931 * be passed in with a held reference. 932 */ 933 void 934 ieee80211_sta_leave(struct ieee80211_node *ni) 935 { 936 struct ieee80211com *ic = ni->ni_ic; 937 938 ic->ic_node_cleanup(ni); 939 ieee80211_notify_node_leave(ni); 940 } 941 942 /* 943 * Send a deauthenticate frame and drop the station. 944 */ 945 void 946 ieee80211_node_deauth(struct ieee80211_node *ni, int reason) 947 { 948 /* NB: bump the refcnt to be sure temporary nodes are not reclaimed */ 949 ieee80211_ref_node(ni); 950 if (ni->ni_associd != 0) 951 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 952 ieee80211_node_leave(ni); 953 ieee80211_free_node(ni); 954 } 955 956 static struct ieee80211_node * 957 node_alloc(struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 958 { 959 struct ieee80211_node *ni; 960 961 ni = (struct ieee80211_node *) IEEE80211_MALLOC(sizeof(struct ieee80211_node), 962 M_80211_NODE, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 963 return ni; 964 } 965 966 /* 967 * Initialize an ie blob with the specified data. If previous 968 * data exists re-use the data block. As a side effect we clear 969 * all references to specific ie's; the caller is required to 970 * recalculate them. 971 */ 972 int 973 ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len) 974 { 975 /* NB: assumes data+len are the last fields */ 976 memset(ies, 0, offsetof(struct ieee80211_ies, data)); 977 if (ies->data != NULL && ies->len != len) { 978 /* data size changed */ 979 IEEE80211_FREE(ies->data, M_80211_NODE_IE); 980 ies->data = NULL; 981 } 982 if (ies->data == NULL) { 983 ies->data = (uint8_t *) IEEE80211_MALLOC(len, M_80211_NODE_IE, 984 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 985 if (ies->data == NULL) { 986 ies->len = 0; 987 /* NB: pointers have already been zero'd above */ 988 return 0; 989 } 990 } 991 memcpy(ies->data, data, len); 992 ies->len = len; 993 return 1; 994 } 995 996 /* 997 * Reclaim storage for an ie blob. 998 */ 999 void 1000 ieee80211_ies_cleanup(struct ieee80211_ies *ies) 1001 { 1002 if (ies->data != NULL) 1003 IEEE80211_FREE(ies->data, M_80211_NODE_IE); 1004 } 1005 1006 /* 1007 * Expand an ie blob data contents and to fillin individual 1008 * ie pointers. The data blob is assumed to be well-formed; 1009 * we don't do any validity checking of ie lengths. 1010 */ 1011 void 1012 ieee80211_ies_expand(struct ieee80211_ies *ies) 1013 { 1014 uint8_t *ie; 1015 int ielen; 1016 1017 ie = ies->data; 1018 ielen = ies->len; 1019 while (ielen > 0) { 1020 switch (ie[0]) { 1021 case IEEE80211_ELEMID_VENDOR: 1022 if (iswpaoui(ie)) 1023 ies->wpa_ie = ie; 1024 else if (iswmeoui(ie)) 1025 ies->wme_ie = ie; 1026 #ifdef IEEE80211_SUPPORT_SUPERG 1027 else if (isatherosoui(ie)) 1028 ies->ath_ie = ie; 1029 #endif 1030 #ifdef IEEE80211_SUPPORT_TDMA 1031 else if (istdmaoui(ie)) 1032 ies->tdma_ie = ie; 1033 #endif 1034 break; 1035 case IEEE80211_ELEMID_RSN: 1036 ies->rsn_ie = ie; 1037 break; 1038 case IEEE80211_ELEMID_HTCAP: 1039 ies->htcap_ie = ie; 1040 break; 1041 case IEEE80211_ELEMID_HTINFO: 1042 ies->htinfo_ie = ie; 1043 break; 1044 #ifdef IEEE80211_SUPPORT_MESH 1045 case IEEE80211_ELEMID_MESHID: 1046 ies->meshid_ie = ie; 1047 break; 1048 #endif 1049 } 1050 ielen -= 2 + ie[1]; 1051 ie += 2 + ie[1]; 1052 } 1053 } 1054 1055 /* 1056 * Reclaim any resources in a node and reset any critical 1057 * state. Typically nodes are free'd immediately after, 1058 * but in some cases the storage may be reused so we need 1059 * to insure consistent state (should probably fix that). 1060 */ 1061 static void 1062 node_cleanup(struct ieee80211_node *ni) 1063 { 1064 struct ieee80211vap *vap = ni->ni_vap; 1065 struct ieee80211com *ic = ni->ni_ic; 1066 int i; 1067 1068 /* NB: preserve ni_table */ 1069 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 1070 if (vap->iv_opmode != IEEE80211_M_STA) 1071 vap->iv_ps_sta--; 1072 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 1073 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni, 1074 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta); 1075 } 1076 /* 1077 * Cleanup any HT-related state. 1078 */ 1079 if (ni->ni_flags & IEEE80211_NODE_HT) 1080 ieee80211_ht_node_cleanup(ni); 1081 #ifdef IEEE80211_SUPPORT_SUPERG 1082 /* Always do FF node cleanup; for A-MSDU */ 1083 ieee80211_ff_node_cleanup(ni); 1084 #endif 1085 #ifdef IEEE80211_SUPPORT_MESH 1086 /* 1087 * Cleanup any mesh-related state. 1088 */ 1089 if (vap->iv_opmode == IEEE80211_M_MBSS) 1090 ieee80211_mesh_node_cleanup(ni); 1091 #endif 1092 /* 1093 * Clear any staging queue entries. 1094 */ 1095 ieee80211_ageq_drain_node(&ic->ic_stageq, ni); 1096 1097 /* 1098 * Clear AREF flag that marks the authorization refcnt bump 1099 * has happened. This is probably not needed as the node 1100 * should always be removed from the table so not found but 1101 * do it just in case. 1102 * Likewise clear the ASSOCID flag as these flags are intended 1103 * to be managed in tandem. 1104 */ 1105 ni->ni_flags &= ~(IEEE80211_NODE_AREF | IEEE80211_NODE_ASSOCID); 1106 1107 /* 1108 * Drain power save queue and, if needed, clear TIM. 1109 */ 1110 if (ieee80211_node_psq_drain(ni) != 0 && vap->iv_set_tim != NULL) 1111 vap->iv_set_tim(ni, 0); 1112 1113 ni->ni_associd = 0; 1114 if (ni->ni_challenge != NULL) { 1115 IEEE80211_FREE(ni->ni_challenge, M_80211_NODE); 1116 ni->ni_challenge = NULL; 1117 } 1118 /* 1119 * Preserve SSID, WPA, and WME ie's so the bss node is 1120 * reusable during a re-auth/re-assoc state transition. 1121 * If we remove these data they will not be recreated 1122 * because they come from a probe-response or beacon frame 1123 * which cannot be expected prior to the association-response. 1124 * This should not be an issue when operating in other modes 1125 * as stations leaving always go through a full state transition 1126 * which will rebuild this state. 1127 * 1128 * XXX does this leave us open to inheriting old state? 1129 */ 1130 for (i = 0; i < nitems(ni->ni_rxfrag); i++) 1131 if (ni->ni_rxfrag[i] != NULL) { 1132 m_freem(ni->ni_rxfrag[i]); 1133 ni->ni_rxfrag[i] = NULL; 1134 } 1135 /* 1136 * Must be careful here to remove any key map entry w/o a LOR. 1137 */ 1138 ieee80211_node_delucastkey(ni); 1139 } 1140 1141 static void 1142 node_free(struct ieee80211_node *ni) 1143 { 1144 struct ieee80211com *ic = ni->ni_ic; 1145 1146 ieee80211_ratectl_node_deinit(ni); 1147 ic->ic_node_cleanup(ni); 1148 ieee80211_ies_cleanup(&ni->ni_ies); 1149 ieee80211_psq_cleanup(&ni->ni_psq); 1150 IEEE80211_FREE(ni, M_80211_NODE); 1151 } 1152 1153 static void 1154 node_age(struct ieee80211_node *ni) 1155 { 1156 struct ieee80211vap *vap = ni->ni_vap; 1157 1158 /* 1159 * Age frames on the power save queue. 1160 */ 1161 if (ieee80211_node_psq_age(ni) != 0 && 1162 ni->ni_psq.psq_len == 0 && vap->iv_set_tim != NULL) 1163 vap->iv_set_tim(ni, 0); 1164 /* 1165 * Age out HT resources (e.g. frames on the 1166 * A-MPDU reorder queues). 1167 */ 1168 if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT)) 1169 ieee80211_ht_node_age(ni); 1170 } 1171 1172 static int8_t 1173 node_getrssi(const struct ieee80211_node *ni) 1174 { 1175 uint32_t avgrssi = ni->ni_avgrssi; 1176 int32_t rssi; 1177 1178 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) 1179 return 0; 1180 rssi = IEEE80211_RSSI_GET(avgrssi); 1181 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 1182 } 1183 1184 static void 1185 node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise) 1186 { 1187 *rssi = node_getrssi(ni); 1188 *noise = ni->ni_noise; 1189 } 1190 1191 static void 1192 node_getmimoinfo(const struct ieee80211_node *ni, 1193 struct ieee80211_mimo_info *info) 1194 { 1195 int i; 1196 uint32_t avgrssi; 1197 int32_t rssi; 1198 1199 bzero(info, sizeof(*info)); 1200 1201 for (i = 0; i < ni->ni_mimo_chains; i++) { 1202 avgrssi = ni->ni_mimo_rssi_ctl[i]; 1203 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) { 1204 info->rssi[i] = 0; 1205 } else { 1206 rssi = IEEE80211_RSSI_GET(avgrssi); 1207 info->rssi[i] = rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 1208 } 1209 info->noise[i] = ni->ni_mimo_noise_ctl[i]; 1210 } 1211 1212 /* XXX ext radios? */ 1213 1214 /* XXX EVM? */ 1215 } 1216 1217 static void 1218 ieee80211_add_node_nt(struct ieee80211_node_table *nt, 1219 struct ieee80211_node *ni) 1220 { 1221 struct ieee80211com *ic = nt->nt_ic; 1222 int hash; 1223 1224 IEEE80211_NODE_LOCK_ASSERT(nt); 1225 1226 hash = IEEE80211_NODE_HASH(ic, ni->ni_macaddr); 1227 (void) ic; /* XXX IEEE80211_NODE_HASH */ 1228 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 1229 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 1230 nt->nt_count++; 1231 ni->ni_table = nt; 1232 } 1233 1234 static void 1235 ieee80211_del_node_nt(struct ieee80211_node_table *nt, 1236 struct ieee80211_node *ni) 1237 { 1238 1239 IEEE80211_NODE_LOCK_ASSERT(nt); 1240 1241 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1242 LIST_REMOVE(ni, ni_hash); 1243 nt->nt_count--; 1244 KASSERT(nt->nt_count >= 0, 1245 ("nt_count is negative (%d)!\n", nt->nt_count)); 1246 ni->ni_table = NULL; 1247 } 1248 1249 struct ieee80211_node * 1250 ieee80211_alloc_node(struct ieee80211_node_table *nt, 1251 struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1252 { 1253 struct ieee80211com *ic = nt->nt_ic; 1254 struct ieee80211_node *ni; 1255 1256 ni = ic->ic_node_alloc(vap, macaddr); 1257 if (ni == NULL) { 1258 vap->iv_stats.is_rx_nodealloc++; 1259 return NULL; 1260 } 1261 1262 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1263 "%s %p<%s> in %s table\n", __func__, ni, 1264 ether_sprintf(macaddr), nt->nt_name); 1265 1266 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1267 ieee80211_node_initref(ni); /* mark referenced */ 1268 ni->ni_chan = IEEE80211_CHAN_ANYC; 1269 ni->ni_authmode = IEEE80211_AUTH_OPEN; 1270 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 1271 ni->ni_txparms = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1272 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 1273 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER; 1274 ni->ni_inact_reload = nt->nt_inact_init; 1275 ni->ni_inact = ni->ni_inact_reload; 1276 ni->ni_ath_defkeyix = 0x7fff; 1277 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1278 #ifdef IEEE80211_SUPPORT_MESH 1279 if (vap->iv_opmode == IEEE80211_M_MBSS) 1280 ieee80211_mesh_node_init(vap, ni); 1281 #endif 1282 IEEE80211_NODE_LOCK(nt); 1283 ieee80211_add_node_nt(nt, ni); 1284 ni->ni_vap = vap; 1285 ni->ni_ic = ic; 1286 IEEE80211_NODE_UNLOCK(nt); 1287 1288 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 1289 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 1290 1291 ieee80211_ratectl_node_init(ni); 1292 1293 return ni; 1294 } 1295 1296 /* 1297 * Craft a temporary node suitable for sending a management frame 1298 * to the specified station. We craft only as much state as we 1299 * need to do the work since the node will be immediately reclaimed 1300 * once the send completes. 1301 */ 1302 struct ieee80211_node * 1303 ieee80211_tmp_node(struct ieee80211vap *vap, 1304 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1305 { 1306 struct ieee80211com *ic = vap->iv_ic; 1307 struct ieee80211_node *ni; 1308 1309 ni = ic->ic_node_alloc(vap, macaddr); 1310 if (ni != NULL) { 1311 struct ieee80211_node *bss = vap->iv_bss; 1312 1313 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1314 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1315 1316 ni->ni_table = NULL; /* NB: pedantic */ 1317 ni->ni_ic = ic; /* NB: needed to set channel */ 1318 ni->ni_vap = vap; 1319 1320 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1321 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1322 ieee80211_node_initref(ni); /* mark referenced */ 1323 /* NB: required by ieee80211_fix_rate */ 1324 ieee80211_node_set_chan(ni, bss->ni_chan); 1325 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, 1326 IEEE80211_KEYIX_NONE); 1327 ni->ni_txpower = bss->ni_txpower; 1328 /* XXX optimize away */ 1329 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1330 1331 ieee80211_ratectl_node_init(ni); 1332 } else { 1333 /* XXX msg */ 1334 vap->iv_stats.is_rx_nodealloc++; 1335 } 1336 return ni; 1337 } 1338 1339 struct ieee80211_node * 1340 ieee80211_dup_bss(struct ieee80211vap *vap, 1341 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1342 { 1343 struct ieee80211com *ic = vap->iv_ic; 1344 struct ieee80211_node *ni; 1345 1346 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr); 1347 if (ni != NULL) { 1348 struct ieee80211_node *bss = vap->iv_bss; 1349 /* 1350 * Inherit from iv_bss. 1351 */ 1352 copy_bss(ni, bss); 1353 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1354 ieee80211_node_set_chan(ni, bss->ni_chan); 1355 } 1356 return ni; 1357 } 1358 1359 /* 1360 * Create a bss node for a legacy WDS vap. The far end does 1361 * not associate so we just create create a new node and 1362 * simulate an association. The caller is responsible for 1363 * installing the node as the bss node and handling any further 1364 * setup work like authorizing the port. 1365 */ 1366 struct ieee80211_node * 1367 ieee80211_node_create_wds(struct ieee80211vap *vap, 1368 const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan) 1369 { 1370 struct ieee80211com *ic = vap->iv_ic; 1371 struct ieee80211_node *ni; 1372 1373 /* XXX check if node already in sta table? */ 1374 ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid); 1375 if (ni != NULL) { 1376 ni->ni_wdsvap = vap; 1377 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid); 1378 /* 1379 * Inherit any manually configured settings. 1380 */ 1381 copy_bss(ni, vap->iv_bss); 1382 ieee80211_node_set_chan(ni, chan); 1383 /* NB: propagate ssid so available to WPA supplicant */ 1384 ni->ni_esslen = vap->iv_des_ssid[0].len; 1385 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 1386 /* NB: no associd for peer */ 1387 /* 1388 * There are no management frames to use to 1389 * discover neighbor capabilities, so blindly 1390 * propagate the local configuration. 1391 */ 1392 if (vap->iv_flags & IEEE80211_F_WME) 1393 ni->ni_flags |= IEEE80211_NODE_QOS; 1394 #ifdef IEEE80211_SUPPORT_SUPERG 1395 if (vap->iv_flags & IEEE80211_F_FF) 1396 ni->ni_flags |= IEEE80211_NODE_FF; 1397 #endif 1398 if ((ic->ic_htcaps & IEEE80211_HTC_HT) && 1399 (vap->iv_flags_ht & IEEE80211_FHT_HT)) { 1400 /* 1401 * Device is HT-capable and HT is enabled for 1402 * the vap; setup HT operation. On return 1403 * ni_chan will be adjusted to an HT channel. 1404 */ 1405 ieee80211_ht_wds_init(ni); 1406 } else { 1407 struct ieee80211_channel *c = ni->ni_chan; 1408 /* 1409 * Force a legacy channel to be used. 1410 */ 1411 c = ieee80211_find_channel(ic, 1412 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT); 1413 KASSERT(c != NULL, ("no legacy channel, %u/%x", 1414 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags)); 1415 ni->ni_chan = c; 1416 } 1417 } 1418 return ni; 1419 } 1420 1421 struct ieee80211_node * 1422 #ifdef IEEE80211_DEBUG_REFCNT 1423 ieee80211_find_node_locked_debug(struct ieee80211_node_table *nt, 1424 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1425 #else 1426 ieee80211_find_node_locked(struct ieee80211_node_table *nt, 1427 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1428 #endif 1429 { 1430 struct ieee80211_node *ni; 1431 int hash; 1432 1433 IEEE80211_NODE_LOCK_ASSERT(nt); 1434 1435 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr); 1436 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1437 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1438 ieee80211_ref_node(ni); /* mark referenced */ 1439 #ifdef IEEE80211_DEBUG_REFCNT 1440 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1441 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1442 func, line, 1443 ni, ether_sprintf(ni->ni_macaddr), 1444 ieee80211_node_refcnt(ni)); 1445 #endif 1446 return ni; 1447 } 1448 } 1449 return NULL; 1450 } 1451 1452 struct ieee80211_node * 1453 #ifdef IEEE80211_DEBUG_REFCNT 1454 ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1455 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1456 #else 1457 ieee80211_find_node(struct ieee80211_node_table *nt, 1458 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1459 #endif 1460 { 1461 struct ieee80211_node *ni; 1462 1463 IEEE80211_NODE_LOCK(nt); 1464 ni = ieee80211_find_node_locked(nt, macaddr); 1465 IEEE80211_NODE_UNLOCK(nt); 1466 return ni; 1467 } 1468 1469 struct ieee80211_node * 1470 #ifdef IEEE80211_DEBUG_REFCNT 1471 ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table *nt, 1472 const struct ieee80211vap *vap, 1473 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1474 #else 1475 ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt, 1476 const struct ieee80211vap *vap, 1477 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1478 #endif 1479 { 1480 struct ieee80211_node *ni; 1481 int hash; 1482 1483 IEEE80211_NODE_LOCK_ASSERT(nt); 1484 1485 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr); 1486 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1487 if (ni->ni_vap == vap && 1488 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1489 ieee80211_ref_node(ni); /* mark referenced */ 1490 #ifdef IEEE80211_DEBUG_REFCNT 1491 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1492 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1493 func, line, 1494 ni, ether_sprintf(ni->ni_macaddr), 1495 ieee80211_node_refcnt(ni)); 1496 #endif 1497 return ni; 1498 } 1499 } 1500 return NULL; 1501 } 1502 1503 struct ieee80211_node * 1504 #ifdef IEEE80211_DEBUG_REFCNT 1505 ieee80211_find_vap_node_debug(struct ieee80211_node_table *nt, 1506 const struct ieee80211vap *vap, 1507 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1508 #else 1509 ieee80211_find_vap_node(struct ieee80211_node_table *nt, 1510 const struct ieee80211vap *vap, 1511 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1512 #endif 1513 { 1514 struct ieee80211_node *ni; 1515 1516 IEEE80211_NODE_LOCK(nt); 1517 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr); 1518 IEEE80211_NODE_UNLOCK(nt); 1519 return ni; 1520 } 1521 1522 /* 1523 * Fake up a node; this handles node discovery in adhoc mode. 1524 * Note that for the driver's benefit we we treat this like 1525 * an association so the driver has an opportunity to setup 1526 * it's private state. 1527 */ 1528 struct ieee80211_node * 1529 ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap, 1530 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1531 { 1532 struct ieee80211_node *ni; 1533 1534 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE | IEEE80211_MSG_ASSOC, 1535 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr)); 1536 ni = ieee80211_dup_bss(vap, macaddr); 1537 if (ni != NULL) { 1538 struct ieee80211com *ic = vap->iv_ic; 1539 1540 /* XXX no rate negotiation; just dup */ 1541 ni->ni_rates = vap->iv_bss->ni_rates; 1542 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1543 ni->ni_flags |= IEEE80211_NODE_ERP; 1544 if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 1545 /* 1546 * In adhoc demo mode there are no management 1547 * frames to use to discover neighbor capabilities, 1548 * so blindly propagate the local configuration 1549 * so we can do interesting things (e.g. use 1550 * WME to disable ACK's). 1551 */ 1552 if (vap->iv_flags & IEEE80211_F_WME) 1553 ni->ni_flags |= IEEE80211_NODE_QOS; 1554 #ifdef IEEE80211_SUPPORT_SUPERG 1555 if (vap->iv_flags & IEEE80211_F_FF) 1556 ni->ni_flags |= IEEE80211_NODE_FF; 1557 #endif 1558 } 1559 ieee80211_node_setuptxparms(ni); 1560 ieee80211_ratectl_node_init(ni); 1561 if (ic->ic_newassoc != NULL) 1562 ic->ic_newassoc(ni, 1); 1563 /* XXX not right for 802.1x/WPA */ 1564 ieee80211_node_authorize(ni); 1565 } 1566 return ni; 1567 } 1568 1569 void 1570 ieee80211_init_neighbor(struct ieee80211_node *ni, 1571 const struct ieee80211_frame *wh, 1572 const struct ieee80211_scanparams *sp) 1573 { 1574 int do_ht_setup = 0; 1575 1576 ni->ni_esslen = sp->ssid[1]; 1577 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1578 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1579 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1580 ni->ni_intval = sp->bintval; 1581 ni->ni_capinfo = sp->capinfo; 1582 ni->ni_chan = ni->ni_ic->ic_curchan; 1583 ni->ni_fhdwell = sp->fhdwell; 1584 ni->ni_fhindex = sp->fhindex; 1585 ni->ni_erp = sp->erp; 1586 ni->ni_timoff = sp->timoff; 1587 #ifdef IEEE80211_SUPPORT_MESH 1588 if (ni->ni_vap->iv_opmode == IEEE80211_M_MBSS) 1589 ieee80211_mesh_init_neighbor(ni, wh, sp); 1590 #endif 1591 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) { 1592 ieee80211_ies_expand(&ni->ni_ies); 1593 if (ni->ni_ies.wme_ie != NULL) 1594 ni->ni_flags |= IEEE80211_NODE_QOS; 1595 else 1596 ni->ni_flags &= ~IEEE80211_NODE_QOS; 1597 #ifdef IEEE80211_SUPPORT_SUPERG 1598 if (ni->ni_ies.ath_ie != NULL) 1599 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 1600 #endif 1601 if (ni->ni_ies.htcap_ie != NULL) 1602 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 1603 if (ni->ni_ies.htinfo_ie != NULL) 1604 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 1605 1606 if ((ni->ni_ies.htcap_ie != NULL) && 1607 (ni->ni_ies.htinfo_ie != NULL) && 1608 (ni->ni_vap->iv_flags_ht & IEEE80211_FHT_HT)) { 1609 do_ht_setup = 1; 1610 } 1611 } 1612 1613 /* NB: must be after ni_chan is setup */ 1614 ieee80211_setup_rates(ni, sp->rates, sp->xrates, 1615 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1616 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1617 1618 /* 1619 * If the neighbor is HT compatible, flip that on. 1620 */ 1621 if (do_ht_setup) { 1622 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 1623 "%s: doing HT setup\n", __func__); 1624 ieee80211_ht_node_init(ni); 1625 ieee80211_ht_updateparams(ni, 1626 ni->ni_ies.htcap_ie, 1627 ni->ni_ies.htinfo_ie); 1628 ieee80211_setup_htrates(ni, 1629 ni->ni_ies.htcap_ie, 1630 IEEE80211_F_JOIN | IEEE80211_F_DOBRS); 1631 ieee80211_setup_basic_htrates(ni, 1632 ni->ni_ies.htinfo_ie); 1633 ieee80211_node_setuptxparms(ni); 1634 ieee80211_ratectl_node_init(ni); 1635 } 1636 } 1637 1638 /* 1639 * Do node discovery in adhoc mode on receipt of a beacon 1640 * or probe response frame. Note that for the driver's 1641 * benefit we we treat this like an association so the 1642 * driver has an opportunity to setup it's private state. 1643 */ 1644 struct ieee80211_node * 1645 ieee80211_add_neighbor(struct ieee80211vap *vap, 1646 const struct ieee80211_frame *wh, 1647 const struct ieee80211_scanparams *sp) 1648 { 1649 struct ieee80211_node *ni; 1650 1651 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 1652 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2)); 1653 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */ 1654 if (ni != NULL) { 1655 struct ieee80211com *ic = vap->iv_ic; 1656 1657 ieee80211_init_neighbor(ni, wh, sp); 1658 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1659 ni->ni_flags |= IEEE80211_NODE_ERP; 1660 ieee80211_node_setuptxparms(ni); 1661 ieee80211_ratectl_node_init(ni); 1662 if (ic->ic_newassoc != NULL) 1663 ic->ic_newassoc(ni, 1); 1664 /* XXX not right for 802.1x/WPA */ 1665 ieee80211_node_authorize(ni); 1666 } 1667 return ni; 1668 } 1669 1670 #define IS_PROBEREQ(wh) \ 1671 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) \ 1672 == (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 1673 #define IS_BCAST_PROBEREQ(wh) \ 1674 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \ 1675 ((const struct ieee80211_frame *)(wh))->i_addr3)) 1676 1677 static __inline struct ieee80211_node * 1678 _find_rxnode(struct ieee80211_node_table *nt, 1679 const struct ieee80211_frame_min *wh) 1680 { 1681 if (IS_BCAST_PROBEREQ(wh)) 1682 return NULL; /* spam bcast probe req to all vap's */ 1683 return ieee80211_find_node_locked(nt, wh->i_addr2); 1684 } 1685 1686 /* 1687 * Locate the node for sender, track state, and then pass the 1688 * (referenced) node up to the 802.11 layer for its use. Note 1689 * we can return NULL if the sender is not in the table. 1690 */ 1691 struct ieee80211_node * 1692 #ifdef IEEE80211_DEBUG_REFCNT 1693 ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1694 const struct ieee80211_frame_min *wh, const char *func, int line) 1695 #else 1696 ieee80211_find_rxnode(struct ieee80211com *ic, 1697 const struct ieee80211_frame_min *wh) 1698 #endif 1699 { 1700 struct ieee80211_node_table *nt; 1701 struct ieee80211_node *ni; 1702 1703 nt = &ic->ic_sta; 1704 IEEE80211_NODE_LOCK(nt); 1705 ni = _find_rxnode(nt, wh); 1706 IEEE80211_NODE_UNLOCK(nt); 1707 1708 return ni; 1709 } 1710 1711 /* 1712 * Like ieee80211_find_rxnode but use the supplied h/w 1713 * key index as a hint to locate the node in the key 1714 * mapping table. If an entry is present at the key 1715 * index we return it; otherwise do a normal lookup and 1716 * update the mapping table if the station has a unicast 1717 * key assigned to it. 1718 */ 1719 struct ieee80211_node * 1720 #ifdef IEEE80211_DEBUG_REFCNT 1721 ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic, 1722 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix, 1723 const char *func, int line) 1724 #else 1725 ieee80211_find_rxnode_withkey(struct ieee80211com *ic, 1726 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix) 1727 #endif 1728 { 1729 struct ieee80211_node_table *nt; 1730 struct ieee80211_node *ni; 1731 1732 nt = &ic->ic_sta; 1733 IEEE80211_NODE_LOCK(nt); 1734 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) 1735 ni = nt->nt_keyixmap[keyix]; 1736 else 1737 ni = NULL; 1738 if (ni == NULL) { 1739 ni = _find_rxnode(nt, wh); 1740 if (ni != NULL && nt->nt_keyixmap != NULL) { 1741 /* 1742 * If the station has a unicast key cache slot 1743 * assigned update the key->node mapping table. 1744 */ 1745 keyix = ni->ni_ucastkey.wk_rxkeyix; 1746 /* XXX can keyixmap[keyix] != NULL? */ 1747 if (keyix < nt->nt_keyixmax && 1748 nt->nt_keyixmap[keyix] == NULL) { 1749 IEEE80211_DPRINTF(ni->ni_vap, 1750 IEEE80211_MSG_NODE, 1751 "%s: add key map entry %p<%s> refcnt %d\n", 1752 __func__, ni, ether_sprintf(ni->ni_macaddr), 1753 ieee80211_node_refcnt(ni)+1); 1754 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1755 } 1756 } 1757 } else { 1758 if (IS_BCAST_PROBEREQ(wh)) 1759 ni = NULL; /* spam bcast probe req to all vap's */ 1760 else 1761 ieee80211_ref_node(ni); 1762 } 1763 IEEE80211_NODE_UNLOCK(nt); 1764 1765 return ni; 1766 } 1767 #undef IS_BCAST_PROBEREQ 1768 #undef IS_PROBEREQ 1769 1770 /* 1771 * Return a reference to the appropriate node for sending 1772 * a data frame. This handles node discovery in adhoc networks. 1773 */ 1774 struct ieee80211_node * 1775 #ifdef IEEE80211_DEBUG_REFCNT 1776 ieee80211_find_txnode_debug(struct ieee80211vap *vap, 1777 const uint8_t macaddr[IEEE80211_ADDR_LEN], 1778 const char *func, int line) 1779 #else 1780 ieee80211_find_txnode(struct ieee80211vap *vap, 1781 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1782 #endif 1783 { 1784 struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta; 1785 struct ieee80211_node *ni; 1786 1787 /* 1788 * The destination address should be in the node table 1789 * unless this is a multicast/broadcast frame. We can 1790 * also optimize station mode operation, all frames go 1791 * to the bss node. 1792 */ 1793 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1794 IEEE80211_NODE_LOCK(nt); 1795 if (vap->iv_opmode == IEEE80211_M_STA || 1796 vap->iv_opmode == IEEE80211_M_WDS || 1797 IEEE80211_IS_MULTICAST(macaddr)) 1798 ni = ieee80211_ref_node(vap->iv_bss); 1799 else 1800 ni = ieee80211_find_node_locked(nt, macaddr); 1801 IEEE80211_NODE_UNLOCK(nt); 1802 1803 if (ni == NULL) { 1804 if (vap->iv_opmode == IEEE80211_M_IBSS || 1805 vap->iv_opmode == IEEE80211_M_AHDEMO) { 1806 /* 1807 * In adhoc mode cons up a node for the destination. 1808 * Note that we need an additional reference for the 1809 * caller to be consistent with 1810 * ieee80211_find_node_locked. 1811 */ 1812 ni = ieee80211_fakeup_adhoc_node(vap, macaddr); 1813 if (ni != NULL) 1814 (void) ieee80211_ref_node(ni); 1815 } else { 1816 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr, 1817 "no node, discard frame (%s)", __func__); 1818 vap->iv_stats.is_tx_nonode++; 1819 } 1820 } 1821 return ni; 1822 } 1823 1824 static void 1825 _ieee80211_free_node(struct ieee80211_node *ni) 1826 { 1827 struct ieee80211_node_table *nt = ni->ni_table; 1828 1829 /* 1830 * NB: careful about referencing the vap as it may be 1831 * gone if the last reference was held by a driver. 1832 * We know the com will always be present so it's safe 1833 * to use ni_ic below to reclaim resources. 1834 */ 1835 #if 0 1836 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1837 "%s %p<%s> in %s table\n", __func__, ni, 1838 ether_sprintf(ni->ni_macaddr), 1839 nt != NULL ? nt->nt_name : "<gone>"); 1840 #endif 1841 if (ni->ni_associd != 0) { 1842 struct ieee80211vap *vap = ni->ni_vap; 1843 if (vap->iv_aid_bitmap != NULL) 1844 IEEE80211_AID_CLR(vap, ni->ni_associd); 1845 } 1846 if (nt != NULL) 1847 ieee80211_del_node_nt(nt, ni); 1848 ni->ni_ic->ic_node_free(ni); 1849 } 1850 1851 /* 1852 * Clear any entry in the unicast key mapping table. 1853 */ 1854 static int 1855 node_clear_keyixmap(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1856 { 1857 ieee80211_keyix keyix; 1858 1859 keyix = ni->ni_ucastkey.wk_rxkeyix; 1860 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 1861 nt->nt_keyixmap[keyix] == ni) { 1862 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1863 "%s: %p<%s> clear key map entry %u\n", 1864 __func__, ni, ether_sprintf(ni->ni_macaddr), keyix); 1865 nt->nt_keyixmap[keyix] = NULL; 1866 ieee80211_node_decref(ni); 1867 return 1; 1868 } 1869 1870 return 0; 1871 } 1872 1873 void 1874 #ifdef IEEE80211_DEBUG_REFCNT 1875 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1876 #else 1877 ieee80211_free_node(struct ieee80211_node *ni) 1878 #endif 1879 { 1880 struct ieee80211_node_table *nt = ni->ni_table; 1881 1882 #ifdef IEEE80211_DEBUG_REFCNT 1883 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1884 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1885 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1886 #endif 1887 if (nt != NULL) { 1888 IEEE80211_NODE_LOCK(nt); 1889 if (ieee80211_node_dectestref(ni)) { 1890 /* 1891 * Last reference, reclaim state. 1892 */ 1893 _ieee80211_free_node(ni); 1894 } else if (ieee80211_node_refcnt(ni) == 1) 1895 if (node_clear_keyixmap(nt, ni)) 1896 _ieee80211_free_node(ni); 1897 IEEE80211_NODE_UNLOCK(nt); 1898 } else { 1899 if (ieee80211_node_dectestref(ni)) 1900 _ieee80211_free_node(ni); 1901 } 1902 } 1903 1904 /* 1905 * Reclaim a unicast key and clear any key cache state. 1906 */ 1907 int 1908 ieee80211_node_delucastkey(struct ieee80211_node *ni) 1909 { 1910 struct ieee80211com *ic = ni->ni_ic; 1911 struct ieee80211_node_table *nt = &ic->ic_sta; 1912 struct ieee80211_node *nikey; 1913 ieee80211_keyix keyix; 1914 int isowned, status; 1915 1916 /* 1917 * NB: We must beware of LOR here; deleting the key 1918 * can cause the crypto layer to block traffic updates 1919 * which can generate a LOR against the node table lock; 1920 * grab it here and stash the key index for our use below. 1921 * 1922 * Must also beware of recursion on the node table lock. 1923 * When called from node_cleanup we may already have 1924 * the node table lock held. Unfortunately there's no 1925 * way to separate out this path so we must do this 1926 * conditionally. 1927 */ 1928 isowned = IEEE80211_NODE_IS_LOCKED(nt); 1929 if (!isowned) 1930 IEEE80211_NODE_LOCK(nt); 1931 nikey = NULL; 1932 status = 1; /* NB: success */ 1933 if (ni->ni_ucastkey.wk_keyix != IEEE80211_KEYIX_NONE) { 1934 keyix = ni->ni_ucastkey.wk_rxkeyix; 1935 status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey); 1936 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1937 nikey = nt->nt_keyixmap[keyix]; 1938 nt->nt_keyixmap[keyix] = NULL; 1939 } 1940 } 1941 if (!isowned) 1942 IEEE80211_NODE_UNLOCK(nt); 1943 1944 if (nikey != NULL) { 1945 KASSERT(nikey == ni, 1946 ("key map out of sync, ni %p nikey %p", ni, nikey)); 1947 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1948 "%s: delete key map entry %p<%s> refcnt %d\n", 1949 __func__, ni, ether_sprintf(ni->ni_macaddr), 1950 ieee80211_node_refcnt(ni)-1); 1951 ieee80211_free_node(ni); 1952 } 1953 return status; 1954 } 1955 1956 /* 1957 * Reclaim a node. If this is the last reference count then 1958 * do the normal free work. Otherwise remove it from the node 1959 * table and mark it gone by clearing the back-reference. 1960 */ 1961 static void 1962 node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1963 { 1964 1965 IEEE80211_NODE_LOCK_ASSERT(nt); 1966 1967 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1968 "%s: remove %p<%s> from %s table, refcnt %d\n", 1969 __func__, ni, ether_sprintf(ni->ni_macaddr), 1970 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1971 /* 1972 * Clear any entry in the unicast key mapping table. 1973 * We need to do it here so rx lookups don't find it 1974 * in the mapping table even if it's not in the hash 1975 * table. We cannot depend on the mapping table entry 1976 * being cleared because the node may not be free'd. 1977 */ 1978 (void)node_clear_keyixmap(nt, ni); 1979 if (!ieee80211_node_dectestref(ni)) { 1980 /* 1981 * Other references are present, just remove the 1982 * node from the table so it cannot be found. When 1983 * the references are dropped storage will be 1984 * reclaimed. 1985 */ 1986 ieee80211_del_node_nt(nt, ni); 1987 } else 1988 _ieee80211_free_node(ni); 1989 } 1990 1991 /* 1992 * Node table support. 1993 */ 1994 1995 static void 1996 ieee80211_node_table_init(struct ieee80211com *ic, 1997 struct ieee80211_node_table *nt, 1998 const char *name, int inact, int keyixmax) 1999 { 2000 2001 nt->nt_ic = ic; 2002 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_name); 2003 TAILQ_INIT(&nt->nt_node); 2004 nt->nt_count = 0; 2005 nt->nt_name = name; 2006 nt->nt_inact_init = inact; 2007 nt->nt_keyixmax = keyixmax; 2008 if (nt->nt_keyixmax > 0) { 2009 nt->nt_keyixmap = (struct ieee80211_node **) IEEE80211_MALLOC( 2010 keyixmax * sizeof(struct ieee80211_node *), 2011 M_80211_NODE, 2012 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 2013 if (nt->nt_keyixmap == NULL) 2014 ic_printf(ic, 2015 "Cannot allocate key index map with %u entries\n", 2016 keyixmax); 2017 } else 2018 nt->nt_keyixmap = NULL; 2019 } 2020 2021 static void 2022 ieee80211_node_table_reset(struct ieee80211_node_table *nt, 2023 struct ieee80211vap *match) 2024 { 2025 struct ieee80211_node *ni, *next; 2026 2027 IEEE80211_NODE_LOCK(nt); 2028 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { 2029 if (match != NULL && ni->ni_vap != match) 2030 continue; 2031 /* XXX can this happen? if so need's work */ 2032 if (ni->ni_associd != 0) { 2033 struct ieee80211vap *vap = ni->ni_vap; 2034 2035 if (vap->iv_auth->ia_node_leave != NULL) 2036 vap->iv_auth->ia_node_leave(ni); 2037 if (vap->iv_aid_bitmap != NULL) 2038 IEEE80211_AID_CLR(vap, ni->ni_associd); 2039 } 2040 ni->ni_wdsvap = NULL; /* clear reference */ 2041 node_reclaim(nt, ni); 2042 } 2043 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) { 2044 /* 2045 * Make a separate pass to clear references to this vap 2046 * held by DWDS entries. They will not be matched above 2047 * because ni_vap will point to the ap vap but we still 2048 * need to clear ni_wdsvap when the WDS vap is destroyed 2049 * and/or reset. 2050 */ 2051 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) 2052 if (ni->ni_wdsvap == match) 2053 ni->ni_wdsvap = NULL; 2054 } 2055 IEEE80211_NODE_UNLOCK(nt); 2056 } 2057 2058 static void 2059 ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 2060 { 2061 ieee80211_node_table_reset(nt, NULL); 2062 if (nt->nt_keyixmap != NULL) { 2063 #ifdef DIAGNOSTIC 2064 /* XXX verify all entries are NULL */ 2065 int i; 2066 for (i = 0; i < nt->nt_keyixmax; i++) 2067 if (nt->nt_keyixmap[i] != NULL) 2068 printf("%s: %s[%u] still active\n", __func__, 2069 nt->nt_name, i); 2070 #endif 2071 IEEE80211_FREE(nt->nt_keyixmap, M_80211_NODE); 2072 nt->nt_keyixmap = NULL; 2073 } 2074 IEEE80211_NODE_LOCK_DESTROY(nt); 2075 } 2076 2077 static void 2078 timeout_stations(void *arg __unused, struct ieee80211_node *ni) 2079 { 2080 struct ieee80211com *ic = ni->ni_ic; 2081 struct ieee80211vap *vap = ni->ni_vap; 2082 2083 /* 2084 * Only process stations when in RUN state. This 2085 * insures, for example, that we don't timeout an 2086 * inactive station during CAC. Note that CSA state 2087 * is actually handled in ieee80211_node_timeout as 2088 * it applies to more than timeout processing. 2089 */ 2090 if (vap->iv_state != IEEE80211_S_RUN) 2091 return; 2092 /* 2093 * Ignore entries for which have yet to receive an 2094 * authentication frame. These are transient and 2095 * will be reclaimed when the last reference to them 2096 * goes away (when frame xmits complete). 2097 */ 2098 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 2099 vap->iv_opmode == IEEE80211_M_STA) && 2100 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 2101 return; 2102 /* 2103 * Free fragment if not needed anymore 2104 * (last fragment older than 1s). 2105 * XXX doesn't belong here, move to node_age 2106 */ 2107 if (ni->ni_rxfrag[0] != NULL && 2108 ticks > ni->ni_rxfragstamp + hz) { 2109 m_freem(ni->ni_rxfrag[0]); 2110 ni->ni_rxfrag[0] = NULL; 2111 } 2112 if (ni->ni_inact > 0) { 2113 ni->ni_inact--; 2114 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 2115 "%s: inact %u inact_reload %u nrates %u", 2116 __func__, ni->ni_inact, ni->ni_inact_reload, 2117 ni->ni_rates.rs_nrates); 2118 } 2119 /* 2120 * Special case ourself; we may be idle for extended periods 2121 * of time and regardless reclaiming our state is wrong. 2122 * XXX run ic_node_age 2123 */ 2124 /* XXX before inact decrement? */ 2125 if (ni == vap->iv_bss) 2126 return; 2127 if (ni->ni_associd != 0 || 2128 (vap->iv_opmode == IEEE80211_M_IBSS || 2129 vap->iv_opmode == IEEE80211_M_AHDEMO)) { 2130 /* 2131 * Age/drain resources held by the station. 2132 */ 2133 ic->ic_node_age(ni); 2134 /* 2135 * Probe the station before time it out. We 2136 * send a null data frame which may not be 2137 * universally supported by drivers (need it 2138 * for ps-poll support so it should be...). 2139 * 2140 * XXX don't probe the station unless we've 2141 * received a frame from them (and have 2142 * some idea of the rates they are capable 2143 * of); this will get fixed more properly 2144 * soon with better handling of the rate set. 2145 */ 2146 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 2147 (0 < ni->ni_inact && 2148 ni->ni_inact <= vap->iv_inact_probe) && 2149 ni->ni_rates.rs_nrates != 0) { 2150 IEEE80211_NOTE(vap, 2151 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, 2152 ni, "%s", 2153 "probe station due to inactivity"); 2154 /* 2155 * Grab a reference so the node cannot 2156 * be reclaimed before we send the frame. 2157 * ieee80211_send_nulldata understands 2158 * we've done this and reclaims the 2159 * ref for us as needed. 2160 */ 2161 /* XXX fix this (not required anymore). */ 2162 ieee80211_ref_node(ni); 2163 /* XXX useless */ 2164 ieee80211_send_nulldata(ni); 2165 /* XXX stat? */ 2166 return; 2167 } 2168 } 2169 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 2170 ni->ni_inact <= 0) { 2171 IEEE80211_NOTE(vap, 2172 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni, 2173 "station timed out due to inactivity " 2174 "(refcnt %u)", ieee80211_node_refcnt(ni)); 2175 /* 2176 * Send a deauthenticate frame and drop the station. 2177 * This is somewhat complicated due to reference counts 2178 * and locking. At this point a station will typically 2179 * have a reference count of 2. ieee80211_node_leave 2180 * will do a "free" of the node which will drop the 2181 * reference count. But in the meantime a reference 2182 * wil be held by the deauth frame. The actual reclaim 2183 * of the node will happen either after the tx is 2184 * completed or by ieee80211_node_leave. 2185 */ 2186 if (ni->ni_associd != 0) { 2187 IEEE80211_SEND_MGMT(ni, 2188 IEEE80211_FC0_SUBTYPE_DEAUTH, 2189 IEEE80211_REASON_AUTH_EXPIRE); 2190 } 2191 ieee80211_node_leave(ni); 2192 vap->iv_stats.is_node_timeout++; 2193 } 2194 } 2195 2196 /* 2197 * Timeout inactive stations and do related housekeeping. 2198 */ 2199 static void 2200 ieee80211_timeout_stations(struct ieee80211com *ic) 2201 { 2202 struct ieee80211_node_table *nt = &ic->ic_sta; 2203 2204 ieee80211_iterate_nodes(nt, timeout_stations, NULL); 2205 } 2206 2207 /* 2208 * Aggressively reclaim resources. This should be used 2209 * only in a critical situation to reclaim mbuf resources. 2210 */ 2211 void 2212 ieee80211_drain(struct ieee80211com *ic) 2213 { 2214 struct ieee80211_node_table *nt = &ic->ic_sta; 2215 struct ieee80211vap *vap; 2216 struct ieee80211_node *ni; 2217 2218 IEEE80211_NODE_LOCK(nt); 2219 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2220 /* 2221 * Ignore entries for which have yet to receive an 2222 * authentication frame. These are transient and 2223 * will be reclaimed when the last reference to them 2224 * goes away (when frame xmits complete). 2225 */ 2226 vap = ni->ni_vap; 2227 /* 2228 * Only process stations when in RUN state. This 2229 * insures, for example, that we don't timeout an 2230 * inactive station during CAC. Note that CSA state 2231 * is actually handled in ieee80211_node_timeout as 2232 * it applies to more than timeout processing. 2233 */ 2234 if (vap->iv_state != IEEE80211_S_RUN) 2235 continue; 2236 /* XXX can vap be NULL? */ 2237 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 2238 vap->iv_opmode == IEEE80211_M_STA) && 2239 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 2240 continue; 2241 /* 2242 * Free fragments. 2243 * XXX doesn't belong here, move to node_drain 2244 */ 2245 if (ni->ni_rxfrag[0] != NULL) { 2246 m_freem(ni->ni_rxfrag[0]); 2247 ni->ni_rxfrag[0] = NULL; 2248 } 2249 /* 2250 * Drain resources held by the station. 2251 */ 2252 ic->ic_node_drain(ni); 2253 } 2254 IEEE80211_NODE_UNLOCK(nt); 2255 } 2256 2257 /* 2258 * Per-ieee80211com inactivity timer callback. 2259 */ 2260 void 2261 ieee80211_node_timeout(void *arg) 2262 { 2263 struct ieee80211com *ic = arg; 2264 2265 /* 2266 * Defer timeout processing if a channel switch is pending. 2267 * We typically need to be mute so not doing things that 2268 * might generate frames is good to handle in one place. 2269 * Suppressing the station timeout processing may extend the 2270 * lifetime of inactive stations (by not decrementing their 2271 * idle counters) but this should be ok unless the CSA is 2272 * active for an unusually long time. 2273 */ 2274 if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) { 2275 ieee80211_scan_timeout(ic); 2276 ieee80211_timeout_stations(ic); 2277 ieee80211_ageq_age(&ic->ic_stageq, IEEE80211_INACT_WAIT); 2278 2279 IEEE80211_LOCK(ic); 2280 ieee80211_erp_timeout(ic); 2281 ieee80211_ht_timeout(ic); 2282 IEEE80211_UNLOCK(ic); 2283 } 2284 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 2285 ieee80211_node_timeout, ic); 2286 } 2287 2288 /* 2289 * The same as ieee80211_iterate_nodes(), but for one vap only. 2290 */ 2291 int 2292 ieee80211_iterate_nodes_vap(struct ieee80211_node_table *nt, 2293 struct ieee80211vap *vap, ieee80211_iter_func *f, void *arg) 2294 { 2295 struct ieee80211_node **ni_arr; 2296 struct ieee80211_node *ni; 2297 size_t size; 2298 int count, i; 2299 2300 /* 2301 * Iterate over the node table and save an array of ref'ed nodes. 2302 * 2303 * This is separated out from calling the actual node function so that 2304 * no LORs will occur. 2305 */ 2306 IEEE80211_NODE_LOCK(nt); 2307 count = nt->nt_count; 2308 size = count * sizeof(struct ieee80211_node *); 2309 ni_arr = (struct ieee80211_node **) IEEE80211_MALLOC(size, M_80211_NODE, 2310 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 2311 if (ni_arr == NULL) { 2312 IEEE80211_NODE_UNLOCK(nt); 2313 return (ENOMEM); 2314 } 2315 2316 i = 0; 2317 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2318 if (vap != NULL && ni->ni_vap != vap) 2319 continue; 2320 KASSERT(i < count, 2321 ("node array overflow (vap %p, i %d, count %d)\n", 2322 vap, i, count)); 2323 ni_arr[i] = ieee80211_ref_node(ni); 2324 i++; 2325 } 2326 IEEE80211_NODE_UNLOCK(nt); 2327 2328 for (i = 0; i < count; i++) { 2329 if (ni_arr[i] == NULL) /* end of the list */ 2330 break; 2331 (*f)(arg, ni_arr[i]); 2332 /* ieee80211_free_node() locks by itself */ 2333 ieee80211_free_node(ni_arr[i]); 2334 } 2335 2336 IEEE80211_FREE(ni_arr, M_80211_NODE); 2337 2338 return (0); 2339 } 2340 2341 /* 2342 * Just a wrapper, so we don't have to change every ieee80211_iterate_nodes() 2343 * reference in the source. 2344 */ 2345 void 2346 ieee80211_iterate_nodes(struct ieee80211_node_table *nt, 2347 ieee80211_iter_func *f, void *arg) 2348 { 2349 /* XXX no way to pass error to the caller. */ 2350 (void) ieee80211_iterate_nodes_vap(nt, NULL, f, arg); 2351 } 2352 2353 void 2354 ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 2355 { 2356 printf("0x%p: mac %s refcnt %d\n", ni, 2357 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2358 printf("\tauthmode %u flags 0x%x\n", 2359 ni->ni_authmode, ni->ni_flags); 2360 printf("\tassocid 0x%x txpower %u vlan %u\n", 2361 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2362 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2363 ni->ni_txseqs[IEEE80211_NONQOS_TID], 2364 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT, 2365 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK, 2366 ni->ni_rxfragstamp); 2367 printf("\trssi %d noise %d intval %u capinfo 0x%x\n", 2368 node_getrssi(ni), ni->ni_noise, 2369 ni->ni_intval, ni->ni_capinfo); 2370 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 2371 ether_sprintf(ni->ni_bssid), 2372 ni->ni_esslen, ni->ni_essid, 2373 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2374 printf("\tinact %u inact_reload %u txrate %u\n", 2375 ni->ni_inact, ni->ni_inact_reload, ni->ni_txrate); 2376 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n", 2377 ni->ni_htcap, ni->ni_htparam, 2378 ni->ni_htctlchan, ni->ni_ht2ndchan); 2379 printf("\thtopmode %x htstbc %x chw %u\n", 2380 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw); 2381 } 2382 2383 void 2384 ieee80211_dump_nodes(struct ieee80211_node_table *nt) 2385 { 2386 ieee80211_iterate_nodes(nt, 2387 (ieee80211_iter_func *) ieee80211_dump_node, nt); 2388 } 2389 2390 static void 2391 ieee80211_notify_erp_locked(struct ieee80211com *ic) 2392 { 2393 struct ieee80211vap *vap; 2394 2395 IEEE80211_LOCK_ASSERT(ic); 2396 2397 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) 2398 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2399 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP); 2400 } 2401 2402 void 2403 ieee80211_notify_erp(struct ieee80211com *ic) 2404 { 2405 IEEE80211_LOCK(ic); 2406 ieee80211_notify_erp_locked(ic); 2407 IEEE80211_UNLOCK(ic); 2408 } 2409 2410 /* 2411 * Handle a station joining an 11g network. 2412 */ 2413 static void 2414 ieee80211_node_join_11g(struct ieee80211_node *ni) 2415 { 2416 struct ieee80211com *ic = ni->ni_ic; 2417 2418 IEEE80211_LOCK_ASSERT(ic); 2419 2420 /* 2421 * Station isn't capable of short slot time. Bump 2422 * the count of long slot time stations and disable 2423 * use of short slot time. Note that the actual switch 2424 * over to long slot time use may not occur until the 2425 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2426 */ 2427 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2428 ic->ic_longslotsta++; 2429 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2430 "station needs long slot time, count %d", 2431 ic->ic_longslotsta); 2432 /* XXX vap's w/ conflicting needs won't work */ 2433 if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) { 2434 /* 2435 * Don't force slot time when switched to turbo 2436 * mode as non-ERP stations won't be present; this 2437 * need only be done when on the normal G channel. 2438 */ 2439 ieee80211_set_shortslottime(ic, 0); 2440 } 2441 } 2442 /* 2443 * If the new station is not an ERP station 2444 * then bump the counter and enable protection 2445 * if configured. 2446 */ 2447 if (!ieee80211_iserp_rateset(&ni->ni_rates)) { 2448 ic->ic_nonerpsta++; 2449 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2450 "station is !ERP, %d non-ERP stations associated", 2451 ic->ic_nonerpsta); 2452 /* 2453 * If station does not support short preamble 2454 * then we must enable use of Barker preamble. 2455 */ 2456 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2457 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2458 "%s", "station needs long preamble"); 2459 ic->ic_flags |= IEEE80211_F_USEBARKER; 2460 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2461 } 2462 /* 2463 * If protection is configured and this is the first 2464 * indication we should use protection, enable it. 2465 */ 2466 if (ic->ic_protmode != IEEE80211_PROT_NONE && 2467 ic->ic_nonerpsta == 1 && 2468 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2469 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2470 "%s: enable use of protection\n", __func__); 2471 ic->ic_flags |= IEEE80211_F_USEPROT; 2472 ieee80211_notify_erp_locked(ic); 2473 } 2474 } else 2475 ni->ni_flags |= IEEE80211_NODE_ERP; 2476 } 2477 2478 void 2479 ieee80211_node_join(struct ieee80211_node *ni, int resp) 2480 { 2481 struct ieee80211com *ic = ni->ni_ic; 2482 struct ieee80211vap *vap = ni->ni_vap; 2483 int newassoc; 2484 2485 if (ni->ni_associd == 0) { 2486 uint16_t aid; 2487 2488 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap")); 2489 /* 2490 * It would be good to search the bitmap 2491 * more efficiently, but this will do for now. 2492 */ 2493 for (aid = 1; aid < vap->iv_max_aid; aid++) { 2494 if (!IEEE80211_AID_ISSET(vap, aid)) 2495 break; 2496 } 2497 if (aid >= vap->iv_max_aid) { 2498 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY); 2499 ieee80211_node_leave(ni); 2500 return; 2501 } 2502 ni->ni_associd = aid | 0xc000; 2503 ni->ni_jointime = time_uptime; 2504 IEEE80211_LOCK(ic); 2505 IEEE80211_AID_SET(vap, ni->ni_associd); 2506 vap->iv_sta_assoc++; 2507 ic->ic_sta_assoc++; 2508 2509 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2510 ieee80211_ht_node_join(ni); 2511 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2512 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2513 ieee80211_node_join_11g(ni); 2514 IEEE80211_UNLOCK(ic); 2515 2516 newassoc = 1; 2517 } else 2518 newassoc = 0; 2519 2520 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2521 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s%s%s", 2522 IEEE80211_NODE_AID(ni), 2523 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2524 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2525 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2526 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "", 2527 ni->ni_flags & IEEE80211_NODE_HT ? 2528 (ni->ni_chw == 40 ? ", HT40" : ", HT20") : "", 2529 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "", 2530 ni->ni_flags & IEEE80211_NODE_MIMO_RTS ? " (+SMPS-DYN)" : 2531 ni->ni_flags & IEEE80211_NODE_MIMO_PS ? " (+SMPS)" : "", 2532 ni->ni_flags & IEEE80211_NODE_RIFS ? " (+RIFS)" : "", 2533 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ? 2534 ", fast-frames" : "", 2535 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ? 2536 ", turbo" : "" 2537 ); 2538 2539 ieee80211_node_setuptxparms(ni); 2540 ieee80211_ratectl_node_init(ni); 2541 /* give driver a chance to setup state like ni_txrate */ 2542 if (ic->ic_newassoc != NULL) 2543 ic->ic_newassoc(ni, newassoc); 2544 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS); 2545 /* tell the authenticator about new station */ 2546 if (vap->iv_auth->ia_node_join != NULL) 2547 vap->iv_auth->ia_node_join(ni); 2548 ieee80211_notify_node_join(ni, 2549 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 2550 } 2551 2552 static void 2553 disable_protection(struct ieee80211com *ic) 2554 { 2555 KASSERT(ic->ic_nonerpsta == 0 && 2556 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0, 2557 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta, 2558 ic->ic_flags_ext)); 2559 2560 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2561 /* XXX verify mode? */ 2562 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2563 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 2564 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2565 } 2566 ieee80211_notify_erp_locked(ic); 2567 } 2568 2569 /* 2570 * Handle a station leaving an 11g network. 2571 */ 2572 static void 2573 ieee80211_node_leave_11g(struct ieee80211_node *ni) 2574 { 2575 struct ieee80211com *ic = ni->ni_ic; 2576 2577 IEEE80211_LOCK_ASSERT(ic); 2578 2579 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan), 2580 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq, 2581 ic->ic_bsschan->ic_flags)); 2582 2583 /* 2584 * If a long slot station do the slot time bookkeeping. 2585 */ 2586 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2587 KASSERT(ic->ic_longslotsta > 0, 2588 ("bogus long slot station count %d", ic->ic_longslotsta)); 2589 ic->ic_longslotsta--; 2590 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2591 "long slot time station leaves, count now %d", 2592 ic->ic_longslotsta); 2593 if (ic->ic_longslotsta == 0) { 2594 /* 2595 * Re-enable use of short slot time if supported 2596 * and not operating in IBSS mode (per spec). 2597 */ 2598 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2599 ic->ic_opmode != IEEE80211_M_IBSS) { 2600 IEEE80211_DPRINTF(ni->ni_vap, 2601 IEEE80211_MSG_ASSOC, 2602 "%s: re-enable use of short slot time\n", 2603 __func__); 2604 ieee80211_set_shortslottime(ic, 1); 2605 } 2606 } 2607 } 2608 /* 2609 * If a non-ERP station do the protection-related bookkeeping. 2610 */ 2611 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2612 KASSERT(ic->ic_nonerpsta > 0, 2613 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2614 ic->ic_nonerpsta--; 2615 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2616 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta, 2617 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ? 2618 " (non-ERP sta present)" : ""); 2619 if (ic->ic_nonerpsta == 0 && 2620 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2621 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2622 "%s: disable use of protection\n", __func__); 2623 disable_protection(ic); 2624 } 2625 } 2626 } 2627 2628 /* 2629 * Time out presence of an overlapping bss with non-ERP 2630 * stations. When operating in hostap mode we listen for 2631 * beacons from other stations and if we identify a non-ERP 2632 * station is present we enable protection. To identify 2633 * when all non-ERP stations are gone we time out this 2634 * condition. 2635 */ 2636 static void 2637 ieee80211_erp_timeout(struct ieee80211com *ic) 2638 { 2639 2640 IEEE80211_LOCK_ASSERT(ic); 2641 2642 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) && 2643 ieee80211_time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) { 2644 #if 0 2645 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2646 "%s", "age out non-ERP sta present on channel"); 2647 #endif 2648 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR; 2649 if (ic->ic_nonerpsta == 0) 2650 disable_protection(ic); 2651 } 2652 } 2653 2654 /* 2655 * Handle bookkeeping for station deauthentication/disassociation 2656 * when operating as an ap. 2657 */ 2658 void 2659 ieee80211_node_leave(struct ieee80211_node *ni) 2660 { 2661 struct ieee80211com *ic = ni->ni_ic; 2662 struct ieee80211vap *vap = ni->ni_vap; 2663 struct ieee80211_node_table *nt = ni->ni_table; 2664 2665 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2666 "station with aid %d leaves", IEEE80211_NODE_AID(ni)); 2667 2668 KASSERT(vap->iv_opmode != IEEE80211_M_STA, 2669 ("unexpected operating mode %u", vap->iv_opmode)); 2670 /* 2671 * If node wasn't previously associated all 2672 * we need to do is reclaim the reference. 2673 */ 2674 /* XXX ibss mode bypasses 11g and notification */ 2675 if (ni->ni_associd == 0) 2676 goto done; 2677 /* 2678 * Tell the authenticator the station is leaving. 2679 * Note that we must do this before yanking the 2680 * association id as the authenticator uses the 2681 * associd to locate it's state block. 2682 */ 2683 if (vap->iv_auth->ia_node_leave != NULL) 2684 vap->iv_auth->ia_node_leave(ni); 2685 2686 IEEE80211_LOCK(ic); 2687 IEEE80211_AID_CLR(vap, ni->ni_associd); 2688 vap->iv_sta_assoc--; 2689 ic->ic_sta_assoc--; 2690 2691 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2692 ieee80211_ht_node_leave(ni); 2693 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2694 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2695 ieee80211_node_leave_11g(ni); 2696 IEEE80211_UNLOCK(ic); 2697 /* 2698 * Cleanup station state. In particular clear various 2699 * state that might otherwise be reused if the node 2700 * is reused before the reference count goes to zero 2701 * (and memory is reclaimed). 2702 */ 2703 ieee80211_sta_leave(ni); 2704 done: 2705 /* 2706 * Remove the node from any table it's recorded in and 2707 * drop the caller's reference. Removal from the table 2708 * is important to insure the node is not reprocessed 2709 * for inactivity. 2710 */ 2711 if (nt != NULL) { 2712 IEEE80211_NODE_LOCK(nt); 2713 node_reclaim(nt, ni); 2714 IEEE80211_NODE_UNLOCK(nt); 2715 } else 2716 ieee80211_free_node(ni); 2717 } 2718 2719 struct rssiinfo { 2720 struct ieee80211vap *vap; 2721 int rssi_samples; 2722 uint32_t rssi_total; 2723 }; 2724 2725 static void 2726 get_hostap_rssi(void *arg, struct ieee80211_node *ni) 2727 { 2728 struct rssiinfo *info = arg; 2729 struct ieee80211vap *vap = ni->ni_vap; 2730 int8_t rssi; 2731 2732 if (info->vap != vap) 2733 return; 2734 /* only associated stations */ 2735 if (ni->ni_associd == 0) 2736 return; 2737 rssi = vap->iv_ic->ic_node_getrssi(ni); 2738 if (rssi != 0) { 2739 info->rssi_samples++; 2740 info->rssi_total += rssi; 2741 } 2742 } 2743 2744 static void 2745 get_adhoc_rssi(void *arg, struct ieee80211_node *ni) 2746 { 2747 struct rssiinfo *info = arg; 2748 struct ieee80211vap *vap = ni->ni_vap; 2749 int8_t rssi; 2750 2751 if (info->vap != vap) 2752 return; 2753 /* only neighbors */ 2754 /* XXX check bssid */ 2755 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 2756 return; 2757 rssi = vap->iv_ic->ic_node_getrssi(ni); 2758 if (rssi != 0) { 2759 info->rssi_samples++; 2760 info->rssi_total += rssi; 2761 } 2762 } 2763 2764 #ifdef IEEE80211_SUPPORT_MESH 2765 static void 2766 get_mesh_rssi(void *arg, struct ieee80211_node *ni) 2767 { 2768 struct rssiinfo *info = arg; 2769 struct ieee80211vap *vap = ni->ni_vap; 2770 int8_t rssi; 2771 2772 if (info->vap != vap) 2773 return; 2774 /* only neighbors that peered successfully */ 2775 if (ni->ni_mlstate != IEEE80211_NODE_MESH_ESTABLISHED) 2776 return; 2777 rssi = vap->iv_ic->ic_node_getrssi(ni); 2778 if (rssi != 0) { 2779 info->rssi_samples++; 2780 info->rssi_total += rssi; 2781 } 2782 } 2783 #endif /* IEEE80211_SUPPORT_MESH */ 2784 2785 int8_t 2786 ieee80211_getrssi(struct ieee80211vap *vap) 2787 { 2788 #define NZ(x) ((x) == 0 ? 1 : (x)) 2789 struct ieee80211com *ic = vap->iv_ic; 2790 struct rssiinfo info; 2791 2792 info.rssi_total = 0; 2793 info.rssi_samples = 0; 2794 info.vap = vap; 2795 switch (vap->iv_opmode) { 2796 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 2797 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 2798 ieee80211_iterate_nodes(&ic->ic_sta, get_adhoc_rssi, &info); 2799 break; 2800 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 2801 ieee80211_iterate_nodes(&ic->ic_sta, get_hostap_rssi, &info); 2802 break; 2803 #ifdef IEEE80211_SUPPORT_MESH 2804 case IEEE80211_M_MBSS: /* average of all mesh neighbors */ 2805 ieee80211_iterate_nodes(&ic->ic_sta, get_mesh_rssi, &info); 2806 break; 2807 #endif 2808 case IEEE80211_M_MONITOR: /* XXX */ 2809 case IEEE80211_M_STA: /* use stats from associated ap */ 2810 default: 2811 if (vap->iv_bss != NULL) 2812 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss); 2813 info.rssi_samples = 1; 2814 break; 2815 } 2816 return info.rssi_total / NZ(info.rssi_samples); 2817 #undef NZ 2818 } 2819 2820 void 2821 ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise) 2822 { 2823 2824 if (vap->iv_bss == NULL) /* NB: shouldn't happen */ 2825 return; 2826 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise); 2827 /* for non-station mode return avg'd rssi accounting */ 2828 if (vap->iv_opmode != IEEE80211_M_STA) 2829 *rssi = ieee80211_getrssi(vap); 2830 } 2831