1 /*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * Alternatively, this software may be distributed under the terms of the 18 * GNU General Public License ("GPL") version 2 as published by the Free 19 * Software Foundation. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/mbuf.h> 39 #include <sys/malloc.h> 40 #include <sys/kernel.h> 41 42 #include <sys/socket.h> 43 44 #include <net/if.h> 45 #include <net/if_media.h> 46 #include <net/ethernet.h> 47 48 #include <net80211/ieee80211_var.h> 49 50 #include <net/bpf.h> 51 52 static struct ieee80211_node *node_alloc(struct ieee80211_node_table *); 53 static void node_cleanup(struct ieee80211_node *); 54 static void node_free(struct ieee80211_node *); 55 static u_int8_t node_getrssi(const struct ieee80211_node *); 56 57 static void ieee80211_setup_node(struct ieee80211_node_table *, 58 struct ieee80211_node *, const u_int8_t *); 59 static void _ieee80211_free_node(struct ieee80211_node *); 60 static void ieee80211_free_allnodes(struct ieee80211_node_table *); 61 62 static void ieee80211_timeout_scan_candidates(struct ieee80211_node_table *); 63 static void ieee80211_timeout_stations(struct ieee80211_node_table *); 64 65 static void ieee80211_set_tim(struct ieee80211com *, 66 struct ieee80211_node *, int set); 67 68 static void ieee80211_node_table_init(struct ieee80211com *ic, 69 struct ieee80211_node_table *nt, const char *name, int inact, 70 void (*timeout)(struct ieee80211_node_table *)); 71 static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 72 73 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 74 75 void 76 ieee80211_node_attach(struct ieee80211com *ic) 77 { 78 79 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 80 IEEE80211_INACT_INIT, ieee80211_timeout_stations); 81 ieee80211_node_table_init(ic, &ic->ic_scan, "scan", 82 IEEE80211_INACT_SCAN, ieee80211_timeout_scan_candidates); 83 84 ic->ic_node_alloc = node_alloc; 85 ic->ic_node_free = node_free; 86 ic->ic_node_cleanup = node_cleanup; 87 ic->ic_node_getrssi = node_getrssi; 88 89 /* default station inactivity timer setings */ 90 ic->ic_inact_init = IEEE80211_INACT_INIT; 91 ic->ic_inact_auth = IEEE80211_INACT_AUTH; 92 ic->ic_inact_run = IEEE80211_INACT_RUN; 93 ic->ic_inact_probe = IEEE80211_INACT_PROBE; 94 95 /* XXX defer */ 96 if (ic->ic_max_aid == 0) 97 ic->ic_max_aid = IEEE80211_AID_DEF; 98 else if (ic->ic_max_aid > IEEE80211_AID_MAX) 99 ic->ic_max_aid = IEEE80211_AID_MAX; 100 MALLOC(ic->ic_aid_bitmap, u_int32_t *, 101 howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t), 102 M_DEVBUF, M_NOWAIT | M_ZERO); 103 if (ic->ic_aid_bitmap == NULL) { 104 /* XXX no way to recover */ 105 printf("%s: no memory for AID bitmap!\n", __func__); 106 ic->ic_max_aid = 0; 107 } 108 109 /* XXX defer until using hostap/ibss mode */ 110 ic->ic_tim_len = howmany(ic->ic_max_aid, 8) * sizeof(u_int8_t); 111 MALLOC(ic->ic_tim_bitmap, u_int8_t *, ic->ic_tim_len, 112 M_DEVBUF, M_NOWAIT | M_ZERO); 113 if (ic->ic_tim_bitmap == NULL) { 114 /* XXX no way to recover */ 115 printf("%s: no memory for TIM bitmap!\n", __func__); 116 } 117 ic->ic_set_tim = ieee80211_set_tim; /* NB: driver should override */ 118 } 119 120 void 121 ieee80211_node_lateattach(struct ieee80211com *ic) 122 { 123 struct ieee80211_node *ni; 124 struct ieee80211_rsnparms *rsn; 125 126 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 127 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 128 /* 129 * Setup "global settings" in the bss node so that 130 * each new station automatically inherits them. 131 */ 132 rsn = &ni->ni_rsn; 133 /* WEP, TKIP, and AES-CCM are always supported */ 134 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_WEP; 135 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_TKIP; 136 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_CCM; 137 if (ic->ic_caps & IEEE80211_C_AES) 138 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_OCB; 139 if (ic->ic_caps & IEEE80211_C_CKIP) 140 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_CKIP; 141 /* 142 * Default unicast cipher to WEP for 802.1x use. If 143 * WPA is enabled the management code will set these 144 * values to reflect. 145 */ 146 rsn->rsn_ucastcipher = IEEE80211_CIPHER_WEP; 147 rsn->rsn_ucastkeylen = 104 / NBBY; 148 /* 149 * WPA says the multicast cipher is the lowest unicast 150 * cipher supported. But we skip WEP which would 151 * otherwise be used based on this criteria. 152 */ 153 rsn->rsn_mcastcipher = IEEE80211_CIPHER_TKIP; 154 rsn->rsn_mcastkeylen = 128 / NBBY; 155 156 /* 157 * We support both WPA-PSK and 802.1x; the one used 158 * is determined by the authentication mode and the 159 * setting of the PSK state. 160 */ 161 rsn->rsn_keymgmtset = WPA_ASE_8021X_UNSPEC | WPA_ASE_8021X_PSK; 162 rsn->rsn_keymgmt = WPA_ASE_8021X_PSK; 163 164 ic->ic_bss = ieee80211_ref_node(ni); /* hold reference */ 165 ic->ic_auth = ieee80211_authenticator_get(ni->ni_authmode); 166 } 167 168 void 169 ieee80211_node_detach(struct ieee80211com *ic) 170 { 171 172 if (ic->ic_bss != NULL) { 173 ieee80211_free_node(ic->ic_bss); 174 ic->ic_bss = NULL; 175 } 176 ieee80211_node_table_cleanup(&ic->ic_scan); 177 ieee80211_node_table_cleanup(&ic->ic_sta); 178 if (ic->ic_aid_bitmap != NULL) { 179 FREE(ic->ic_aid_bitmap, M_DEVBUF); 180 ic->ic_aid_bitmap = NULL; 181 } 182 if (ic->ic_tim_bitmap != NULL) { 183 FREE(ic->ic_tim_bitmap, M_DEVBUF); 184 ic->ic_tim_bitmap = NULL; 185 } 186 } 187 188 /* 189 * Port authorize/unauthorize interfaces for use by an authenticator. 190 */ 191 192 void 193 ieee80211_node_authorize(struct ieee80211com *ic, struct ieee80211_node *ni) 194 { 195 ni->ni_flags |= IEEE80211_NODE_AUTH; 196 ni->ni_inact_reload = ic->ic_inact_run; 197 } 198 199 void 200 ieee80211_node_unauthorize(struct ieee80211com *ic, struct ieee80211_node *ni) 201 { 202 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 203 } 204 205 /* 206 * Set/change the channel. The rate set is also updated as 207 * to insure a consistent view by drivers. 208 */ 209 static __inline void 210 ieee80211_set_chan(struct ieee80211com *ic, 211 struct ieee80211_node *ni, struct ieee80211_channel *chan) 212 { 213 ni->ni_chan = chan; 214 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, chan)]; 215 } 216 217 /* 218 * AP scanning support. 219 */ 220 221 #ifdef IEEE80211_DEBUG 222 static void 223 dump_chanlist(const u_char chans[]) 224 { 225 const char *sep; 226 int i; 227 228 sep = " "; 229 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 230 if (isset(chans, i)) { 231 printf("%s%u", sep, i); 232 sep = ", "; 233 } 234 } 235 #endif /* IEEE80211_DEBUG */ 236 237 /* 238 * Initialize the channel set to scan based on the 239 * of available channels and the current PHY mode. 240 */ 241 static void 242 ieee80211_reset_scan(struct ieee80211com *ic) 243 { 244 245 /* XXX ic_des_chan should be handled with ic_chan_active */ 246 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC) { 247 memset(ic->ic_chan_scan, 0, sizeof(ic->ic_chan_scan)); 248 setbit(ic->ic_chan_scan, 249 ieee80211_chan2ieee(ic, ic->ic_des_chan)); 250 } else 251 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 252 sizeof(ic->ic_chan_active)); 253 /* NB: hack, setup so next_scan starts with the first channel */ 254 if (ic->ic_bss->ni_chan == IEEE80211_CHAN_ANYC) 255 ieee80211_set_chan(ic, ic->ic_bss, 256 &ic->ic_channels[IEEE80211_CHAN_MAX]); 257 #ifdef IEEE80211_DEBUG 258 if (ieee80211_msg_scan(ic)) { 259 printf("%s: scan set:", __func__); 260 dump_chanlist(ic->ic_chan_scan); 261 printf(" start chan %u\n", 262 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan)); 263 } 264 #endif /* IEEE80211_DEBUG */ 265 } 266 267 /* 268 * Begin an active scan. 269 */ 270 void 271 ieee80211_begin_scan(struct ieee80211com *ic, int reset) 272 { 273 274 ic->ic_scan.nt_scangen++; 275 /* 276 * In all but hostap mode scanning starts off in 277 * an active mode before switching to passive. 278 */ 279 if (ic->ic_opmode != IEEE80211_M_HOSTAP) { 280 ic->ic_flags |= IEEE80211_F_ASCAN; 281 ic->ic_stats.is_scan_active++; 282 } else 283 ic->ic_stats.is_scan_passive++; 284 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 285 "begin %s scan in %s mode, scangen %u\n", 286 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive", 287 ieee80211_phymode_name[ic->ic_curmode], ic->ic_scan.nt_scangen); 288 /* 289 * Clear scan state and flush any previously seen AP's. 290 */ 291 ieee80211_reset_scan(ic); 292 if (reset) 293 ieee80211_free_allnodes(&ic->ic_scan); 294 295 ic->ic_flags |= IEEE80211_F_SCAN; 296 297 /* Scan the next channel. */ 298 ieee80211_next_scan(ic); 299 } 300 301 /* 302 * Switch to the next channel marked for scanning. 303 */ 304 int 305 ieee80211_next_scan(struct ieee80211com *ic) 306 { 307 struct ieee80211_channel *chan; 308 309 /* 310 * Insure any previous mgt frame timeouts don't fire. 311 * This assumes the driver does the right thing in 312 * flushing anything queued in the driver and below. 313 */ 314 ic->ic_mgt_timer = 0; 315 316 chan = ic->ic_bss->ni_chan; 317 do { 318 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 319 chan = &ic->ic_channels[0]; 320 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 321 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 322 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 323 "%s: chan %d->%d\n", __func__, 324 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan), 325 ieee80211_chan2ieee(ic, chan)); 326 ieee80211_set_chan(ic, ic->ic_bss, chan); 327 #ifdef notyet 328 /* XXX driver state change */ 329 /* 330 * Scan next channel. If doing an active scan 331 * and the channel is not marked passive-only 332 * then send a probe request. Otherwise just 333 * listen for beacons on the channel. 334 */ 335 if ((ic->ic_flags & IEEE80211_F_ASCAN) && 336 (ni->ni_chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0) { 337 IEEE80211_SEND_MGMT(ic, ni, 338 IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0); 339 } 340 #else 341 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 342 #endif 343 return 1; 344 } 345 } while (chan != ic->ic_bss->ni_chan); 346 ieee80211_end_scan(ic); 347 return 0; 348 } 349 350 void 351 ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 352 { 353 struct ieee80211_node_table *nt; 354 struct ieee80211_node *ni; 355 356 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 357 "%s: creating ibss\n", __func__); 358 359 /* 360 * Create the station/neighbor table. Note that for adhoc 361 * mode we make the initial inactivity timer longer since 362 * we create nodes only through discovery and they typically 363 * are long-lived associations. 364 */ 365 nt = &ic->ic_sta; 366 IEEE80211_NODE_LOCK(nt); 367 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 368 nt->nt_name = "station"; 369 nt->nt_inact_init = ic->ic_inact_init; 370 } else { 371 nt->nt_name = "neighbor"; 372 nt->nt_inact_init = ic->ic_inact_run; 373 } 374 IEEE80211_NODE_UNLOCK(nt); 375 376 ni = ieee80211_alloc_node(nt, ic->ic_myaddr); 377 if (ni == NULL) { 378 /* XXX recovery? */ 379 return; 380 } 381 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 382 ni->ni_esslen = ic->ic_des_esslen; 383 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 384 ni->ni_intval = ic->ic_lintval; 385 if (ic->ic_flags & IEEE80211_F_PRIVACY) 386 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 387 if (ic->ic_phytype == IEEE80211_T_FH) { 388 ni->ni_fhdwell = 200; /* XXX */ 389 ni->ni_fhindex = 1; 390 } 391 if (ic->ic_opmode == IEEE80211_M_IBSS) { 392 ic->ic_flags |= IEEE80211_F_SIBSS; 393 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 394 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 395 } 396 /* 397 * Fix the channel and related attributes. 398 */ 399 ieee80211_set_chan(ic, ni, chan); 400 ic->ic_curmode = ieee80211_chan2mode(ic, chan); 401 /* 402 * Do mode-specific rate setup. 403 */ 404 if (ic->ic_curmode == IEEE80211_MODE_11G) { 405 /* 406 * Use a mixed 11b/11g rate set. 407 */ 408 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11G); 409 } else if (ic->ic_curmode == IEEE80211_MODE_11B) { 410 /* 411 * Force pure 11b rate set. 412 */ 413 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11B); 414 } 415 416 (void) ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 417 } 418 419 void 420 ieee80211_reset_bss(struct ieee80211com *ic) 421 { 422 struct ieee80211_node *ni, *obss; 423 424 ieee80211_node_table_reset(&ic->ic_scan); 425 ieee80211_node_table_reset(&ic->ic_sta); 426 427 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 428 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 429 obss = ic->ic_bss; 430 ic->ic_bss = ieee80211_ref_node(ni); 431 if (obss != NULL) 432 ieee80211_free_node(obss); 433 } 434 435 static int 436 ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 437 { 438 u_int8_t rate; 439 int fail; 440 441 fail = 0; 442 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 443 fail |= 0x01; 444 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 445 ni->ni_chan != ic->ic_des_chan) 446 fail |= 0x01; 447 if (ic->ic_opmode == IEEE80211_M_IBSS) { 448 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 449 fail |= 0x02; 450 } else { 451 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 452 fail |= 0x02; 453 } 454 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 455 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 456 fail |= 0x04; 457 } else { 458 /* XXX does this mean privacy is supported or required? */ 459 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 460 fail |= 0x04; 461 } 462 rate = ieee80211_fix_rate(ic, ni, 463 IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 464 if (rate & IEEE80211_RATE_BASIC) 465 fail |= 0x08; 466 if (ic->ic_des_esslen != 0 && 467 (ni->ni_esslen != ic->ic_des_esslen || 468 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 469 fail |= 0x10; 470 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 471 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 472 fail |= 0x20; 473 #ifdef IEEE80211_DEBUG 474 if (ieee80211_msg_scan(ic)) { 475 printf(" %c %s", fail ? '-' : '+', 476 ether_sprintf(ni->ni_macaddr)); 477 printf(" %s%c", ether_sprintf(ni->ni_bssid), 478 fail & 0x20 ? '!' : ' '); 479 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 480 fail & 0x01 ? '!' : ' '); 481 printf(" %+4d", ni->ni_rssi); 482 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 483 fail & 0x08 ? '!' : ' '); 484 printf(" %4s%c", 485 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 486 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 487 "????", 488 fail & 0x02 ? '!' : ' '); 489 printf(" %3s%c ", 490 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 491 "wep" : "no", 492 fail & 0x04 ? '!' : ' '); 493 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 494 printf("%s\n", fail & 0x10 ? "!" : ""); 495 } 496 #endif 497 return fail; 498 } 499 500 static __inline u_int8_t 501 maxrate(const struct ieee80211_node *ni) 502 { 503 const struct ieee80211_rateset *rs = &ni->ni_rates; 504 /* NB: assumes rate set is sorted (happens on frame receive) */ 505 return rs->rs_rates[rs->rs_nrates-1] & IEEE80211_RATE_VAL; 506 } 507 508 /* 509 * Compare the capabilities of two nodes and decide which is 510 * more desirable (return >0 if a is considered better). Note 511 * that we assume compatibility/usability has already been checked 512 * so we don't need to (e.g. validate whether privacy is supported). 513 * Used to select the best scan candidate for association in a BSS. 514 */ 515 static int 516 ieee80211_node_compare(struct ieee80211com *ic, 517 const struct ieee80211_node *a, 518 const struct ieee80211_node *b) 519 { 520 u_int8_t maxa, maxb; 521 u_int8_t rssia, rssib; 522 523 /* privacy support preferred */ 524 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) && 525 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 526 return 1; 527 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0 && 528 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)) 529 return -1; 530 531 rssia = ic->ic_node_getrssi(a); 532 rssib = ic->ic_node_getrssi(b); 533 if (abs(rssib - rssia) < 5) { 534 /* best/max rate preferred if signal level close enough XXX */ 535 maxa = maxrate(a); 536 maxb = maxrate(b); 537 if (maxa != maxb) 538 return maxa - maxb; 539 /* XXX use freq for channel preference */ 540 /* for now just prefer 5Ghz band to all other bands */ 541 if (IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 542 !IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 543 return 1; 544 if (!IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 545 IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 546 return -1; 547 } 548 /* all things being equal, use signal level */ 549 return rssia - rssib; 550 } 551 552 /* 553 * Mark an ongoing scan stopped. 554 */ 555 void 556 ieee80211_cancel_scan(struct ieee80211com *ic) 557 { 558 559 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "%s: end %s scan\n", 560 __func__, 561 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive"); 562 563 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 564 } 565 566 /* 567 * Complete a scan of potential channels. 568 */ 569 void 570 ieee80211_end_scan(struct ieee80211com *ic) 571 { 572 struct ieee80211_node_table *nt = &ic->ic_scan; 573 struct ieee80211_node *ni, *selbs; 574 575 ieee80211_cancel_scan(ic); 576 ieee80211_notify_scan_done(ic); 577 578 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 579 u_int8_t maxrssi[IEEE80211_CHAN_MAX]; /* XXX off stack? */ 580 int i, bestchan; 581 u_int8_t rssi; 582 583 /* 584 * The passive scan to look for existing AP's completed, 585 * select a channel to camp on. Identify the channels 586 * that already have one or more AP's and try to locate 587 * an unoccupied one. If that fails, pick a channel that 588 * looks to be quietest. 589 */ 590 memset(maxrssi, 0, sizeof(maxrssi)); 591 IEEE80211_NODE_LOCK(nt); 592 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 593 rssi = ic->ic_node_getrssi(ni); 594 i = ieee80211_chan2ieee(ic, ni->ni_chan); 595 if (rssi > maxrssi[i]) 596 maxrssi[i] = rssi; 597 } 598 IEEE80211_NODE_UNLOCK(nt); 599 /* XXX select channel more intelligently */ 600 bestchan = -1; 601 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 602 if (isset(ic->ic_chan_active, i)) { 603 /* 604 * If the channel is unoccupied the max rssi 605 * should be zero; just take it. Otherwise 606 * track the channel with the lowest rssi and 607 * use that when all channels appear occupied. 608 */ 609 if (maxrssi[i] == 0) { 610 bestchan = i; 611 break; 612 } 613 if (maxrssi[i] < maxrssi[bestchan]) 614 bestchan = i; 615 } 616 if (bestchan != -1) { 617 ieee80211_create_ibss(ic, &ic->ic_channels[bestchan]); 618 return; 619 } 620 /* no suitable channel, should not happen */ 621 } 622 623 /* 624 * When manually sequencing the state machine; scan just once 625 * regardless of whether we have a candidate or not. The 626 * controlling application is expected to setup state and 627 * initiate an association. 628 */ 629 if (ic->ic_roaming == IEEE80211_ROAMING_MANUAL) 630 return; 631 /* 632 * Automatic sequencing; look for a candidate and 633 * if found join the network. 634 */ 635 /* NB: unlocked read should be ok */ 636 if (TAILQ_FIRST(&nt->nt_node) == NULL) { 637 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 638 "%s: no scan candidate\n", __func__); 639 notfound: 640 if (ic->ic_opmode == IEEE80211_M_IBSS && 641 (ic->ic_flags & IEEE80211_F_IBSSON) && 642 ic->ic_des_esslen != 0) { 643 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 644 return; 645 } 646 /* 647 * Reset the list of channels to scan and start again. 648 */ 649 ieee80211_reset_scan(ic); 650 ic->ic_flags |= IEEE80211_F_SCAN; 651 ieee80211_next_scan(ic); 652 return; 653 } 654 selbs = NULL; 655 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "\t%s\n", 656 "macaddr bssid chan rssi rate flag wep essid"); 657 IEEE80211_NODE_LOCK(nt); 658 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 659 if (ni->ni_fails) { 660 /* 661 * The configuration of the access points may change 662 * during my scan. So delete the entry for the AP 663 * and retry to associate if there is another beacon. 664 */ 665 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 666 "%s: skip scan candidate %s, fails %u\n", 667 __func__, ether_sprintf(ni->ni_macaddr), 668 ni->ni_fails); 669 ni->ni_fails++; 670 #if 0 671 if (ni->ni_fails++ > 2) 672 ieee80211_free_node(ni); 673 #endif 674 continue; 675 } 676 if (ieee80211_match_bss(ic, ni) == 0) { 677 if (selbs == NULL) 678 selbs = ni; 679 else if (ieee80211_node_compare(ic, ni, selbs) > 0) 680 selbs = ni; 681 } 682 } 683 if (selbs != NULL) /* NB: grab ref while dropping lock */ 684 (void) ieee80211_ref_node(selbs); 685 IEEE80211_NODE_UNLOCK(nt); 686 if (selbs == NULL) 687 goto notfound; 688 if (!ieee80211_sta_join(ic, selbs)) { 689 ieee80211_free_node(selbs); 690 goto notfound; 691 } 692 } 693 694 /* 695 * Handle 802.11 ad hoc network merge. The 696 * convention, set by the Wireless Ethernet Compatibility Alliance 697 * (WECA), is that an 802.11 station will change its BSSID to match 698 * the "oldest" 802.11 ad hoc network, on the same channel, that 699 * has the station's desired SSID. The "oldest" 802.11 network 700 * sends beacons with the greatest TSF timestamp. 701 * 702 * The caller is assumed to validate TSF's before attempting a merge. 703 * 704 * Return !0 if the BSSID changed, 0 otherwise. 705 */ 706 int 707 ieee80211_ibss_merge(struct ieee80211com *ic, struct ieee80211_node *ni) 708 { 709 710 if (ni == ic->ic_bss || 711 IEEE80211_ADDR_EQ(ni->ni_bssid, ic->ic_bss->ni_bssid)) { 712 /* unchanged, nothing to do */ 713 return 0; 714 } 715 if (ieee80211_match_bss(ic, ni) != 0) { /* capabilities mismatch */ 716 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 717 "%s: merge failed, capabilities mismatch\n", __func__); 718 ic->ic_stats.is_ibss_capmismatch++; 719 return 0; 720 } 721 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 722 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 723 ether_sprintf(ni->ni_bssid), 724 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 725 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 726 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 727 ); 728 return ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 729 } 730 731 /* 732 * Join the specified IBSS/BSS network. The node is assumed to 733 * be passed in with a held reference. 734 */ 735 int 736 ieee80211_sta_join(struct ieee80211com *ic, struct ieee80211_node *selbs) 737 { 738 struct ieee80211_node *obss; 739 740 if (ic->ic_opmode == IEEE80211_M_IBSS) { 741 struct ieee80211_node_table *nt; 742 /* 743 * Delete unusable rates; we've already checked 744 * that the negotiated rate set is acceptable. 745 */ 746 ieee80211_fix_rate(ic, selbs, IEEE80211_F_DODEL); 747 /* 748 * Fillin the neighbor table; it will already 749 * exist if we are simply switching mastership. 750 * XXX ic_sta always setup so this is unnecessary? 751 */ 752 nt = &ic->ic_sta; 753 IEEE80211_NODE_LOCK(nt); 754 nt->nt_name = "neighbor"; 755 nt->nt_inact_init = ic->ic_inact_run; 756 IEEE80211_NODE_UNLOCK(nt); 757 } 758 759 /* 760 * Committed to selbs, setup state. 761 */ 762 obss = ic->ic_bss; 763 ic->ic_bss = selbs; /* NB: caller assumed to bump refcnt */ 764 if (obss != NULL) 765 ieee80211_free_node(obss); 766 /* 767 * Set the erp state (mostly the slot time) to deal with 768 * the auto-select case; this should be redundant if the 769 * mode is locked. 770 */ 771 ic->ic_curmode = ieee80211_chan2mode(ic, selbs->ni_chan); 772 ieee80211_reset_erp(ic); 773 ieee80211_wme_initparams(ic); 774 775 if (ic->ic_opmode == IEEE80211_M_STA) 776 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 777 else 778 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 779 return 1; 780 } 781 782 /* 783 * Leave the specified IBSS/BSS network. The node is assumed to 784 * be passed in with a held reference. 785 */ 786 void 787 ieee80211_sta_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 788 { 789 ic->ic_node_cleanup(ni); 790 ieee80211_notify_node_leave(ic, ni); 791 } 792 793 static struct ieee80211_node * 794 node_alloc(struct ieee80211_node_table *nt) 795 { 796 struct ieee80211_node *ni; 797 798 MALLOC(ni, struct ieee80211_node *, sizeof(struct ieee80211_node), 799 M_80211_NODE, M_NOWAIT | M_ZERO); 800 return ni; 801 } 802 803 /* 804 * Reclaim any resources in a node and reset any critical 805 * state. Typically nodes are free'd immediately after, 806 * but in some cases the storage may be reused so we need 807 * to insure consistent state (should probably fix that). 808 */ 809 static void 810 node_cleanup(struct ieee80211_node *ni) 811 { 812 #define N(a) (sizeof(a)/sizeof(a[0])) 813 struct ieee80211com *ic = ni->ni_ic; 814 int i, qlen; 815 816 /* NB: preserve ni_table */ 817 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 818 ic->ic_ps_sta--; 819 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 820 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, 821 "[%s] power save mode off, %u sta's in ps mode\n", 822 ether_sprintf(ni->ni_macaddr), ic->ic_ps_sta); 823 } 824 825 /* 826 * Drain power save queue and, if needed, clear TIM. 827 */ 828 IEEE80211_NODE_SAVEQ_DRAIN(ni, qlen); 829 if (qlen != 0 && ic->ic_set_tim != NULL) 830 ic->ic_set_tim(ic, ni, 0); 831 832 ni->ni_associd = 0; 833 if (ni->ni_challenge != NULL) { 834 FREE(ni->ni_challenge, M_DEVBUF); 835 ni->ni_challenge = NULL; 836 } 837 /* 838 * Preserve SSID, WPA, and WME ie's so the bss node is 839 * reusable during a re-auth/re-assoc state transition. 840 * If we remove these data they will not be recreated 841 * because they come from a probe-response or beacon frame 842 * which cannot be expected prior to the association-response. 843 * This should not be an issue when operating in other modes 844 * as stations leaving always go through a full state transition 845 * which will rebuild this state. 846 * 847 * XXX does this leave us open to inheriting old state? 848 */ 849 for (i = 0; i < N(ni->ni_rxfrag); i++) 850 if (ni->ni_rxfrag[i] != NULL) { 851 m_freem(ni->ni_rxfrag[i]); 852 ni->ni_rxfrag[i] = NULL; 853 } 854 ieee80211_crypto_delkey(ic, &ni->ni_ucastkey); 855 #undef N 856 } 857 858 static void 859 node_free(struct ieee80211_node *ni) 860 { 861 struct ieee80211com *ic = ni->ni_ic; 862 863 ic->ic_node_cleanup(ni); 864 if (ni->ni_wpa_ie != NULL) 865 FREE(ni->ni_wpa_ie, M_DEVBUF); 866 if (ni->ni_wme_ie != NULL) 867 FREE(ni->ni_wme_ie, M_DEVBUF); 868 IEEE80211_NODE_SAVEQ_DESTROY(ni); 869 FREE(ni, M_80211_NODE); 870 } 871 872 static u_int8_t 873 node_getrssi(const struct ieee80211_node *ni) 874 { 875 return ni->ni_rssi; 876 } 877 878 static void 879 ieee80211_setup_node(struct ieee80211_node_table *nt, 880 struct ieee80211_node *ni, const u_int8_t *macaddr) 881 { 882 struct ieee80211com *ic = nt->nt_ic; 883 int hash; 884 885 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 886 "%s %p<%s> in %s table\n", __func__, ni, 887 ether_sprintf(macaddr), nt->nt_name); 888 889 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 890 hash = IEEE80211_NODE_HASH(macaddr); 891 ieee80211_node_initref(ni); /* mark referenced */ 892 ni->ni_chan = IEEE80211_CHAN_ANYC; 893 ni->ni_authmode = IEEE80211_AUTH_OPEN; 894 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 895 ieee80211_crypto_resetkey(ic, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 896 ni->ni_inact_reload = nt->nt_inact_init; 897 ni->ni_inact = ni->ni_inact_reload; 898 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 899 900 IEEE80211_NODE_LOCK(nt); 901 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 902 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 903 ni->ni_table = nt; 904 ni->ni_ic = ic; 905 IEEE80211_NODE_UNLOCK(nt); 906 } 907 908 struct ieee80211_node * 909 ieee80211_alloc_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 910 { 911 struct ieee80211com *ic = nt->nt_ic; 912 struct ieee80211_node *ni; 913 914 ni = ic->ic_node_alloc(nt); 915 if (ni != NULL) 916 ieee80211_setup_node(nt, ni, macaddr); 917 else 918 ic->ic_stats.is_rx_nodealloc++; 919 return ni; 920 } 921 922 struct ieee80211_node * 923 ieee80211_dup_bss(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 924 { 925 struct ieee80211com *ic = nt->nt_ic; 926 struct ieee80211_node *ni; 927 928 ni = ic->ic_node_alloc(nt); 929 if (ni != NULL) { 930 ieee80211_setup_node(nt, ni, macaddr); 931 /* 932 * Inherit from ic_bss. 933 */ 934 ni->ni_authmode = ic->ic_bss->ni_authmode; 935 ni->ni_txpower = ic->ic_bss->ni_txpower; 936 ni->ni_vlan = ic->ic_bss->ni_vlan; /* XXX?? */ 937 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 938 ieee80211_set_chan(ic, ni, ic->ic_bss->ni_chan); 939 ni->ni_rsn = ic->ic_bss->ni_rsn; 940 } else 941 ic->ic_stats.is_rx_nodealloc++; 942 return ni; 943 } 944 945 static struct ieee80211_node * 946 #ifdef IEEE80211_DEBUG_REFCNT 947 _ieee80211_find_node_debug(struct ieee80211_node_table *nt, 948 const u_int8_t *macaddr, const char *func, int line) 949 #else 950 _ieee80211_find_node(struct ieee80211_node_table *nt, 951 const u_int8_t *macaddr) 952 #endif 953 { 954 struct ieee80211_node *ni; 955 int hash; 956 957 IEEE80211_NODE_LOCK_ASSERT(nt); 958 959 hash = IEEE80211_NODE_HASH(macaddr); 960 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 961 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 962 ieee80211_ref_node(ni); /* mark referenced */ 963 #ifdef IEEE80211_DEBUG_REFCNT 964 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 965 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 966 func, line, 967 ni, ether_sprintf(ni->ni_macaddr), 968 ieee80211_node_refcnt(ni)); 969 #endif 970 return ni; 971 } 972 } 973 return NULL; 974 } 975 #ifdef IEEE80211_DEBUG_REFCNT 976 #define _ieee80211_find_node(nt, mac) \ 977 _ieee80211_find_node_debug(nt, mac, func, line) 978 #endif 979 980 struct ieee80211_node * 981 #ifdef IEEE80211_DEBUG_REFCNT 982 ieee80211_find_node_debug(struct ieee80211_node_table *nt, 983 const u_int8_t *macaddr, const char *func, int line) 984 #else 985 ieee80211_find_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 986 #endif 987 { 988 struct ieee80211_node *ni; 989 990 IEEE80211_NODE_LOCK(nt); 991 ni = _ieee80211_find_node(nt, macaddr); 992 IEEE80211_NODE_UNLOCK(nt); 993 return ni; 994 } 995 996 /* 997 * Fake up a node; this handles node discovery in adhoc mode. 998 * Note that for the driver's benefit we we treat this like 999 * an association so the driver has an opportunity to setup 1000 * it's private state. 1001 */ 1002 struct ieee80211_node * 1003 ieee80211_fakeup_adhoc_node(struct ieee80211_node_table *nt, 1004 const u_int8_t macaddr[IEEE80211_ADDR_LEN]) 1005 { 1006 struct ieee80211com *ic = nt->nt_ic; 1007 struct ieee80211_node *ni; 1008 1009 ni = ieee80211_dup_bss(nt, macaddr); 1010 if (ni != NULL) { 1011 /* XXX no rate negotiation; just dup */ 1012 ni->ni_rates = ic->ic_bss->ni_rates; 1013 if (ic->ic_newassoc != NULL) 1014 ic->ic_newassoc(ic, ni, 1); 1015 /* XXX not right for 802.1x/WPA */ 1016 ieee80211_node_authorize(ic, ni); 1017 } 1018 return ni; 1019 } 1020 1021 /* 1022 * Locate the node for sender, track state, and then pass the 1023 * (referenced) node up to the 802.11 layer for its use. We 1024 * are required to pass some node so we fall back to ic_bss 1025 * when this frame is from an unknown sender. The 802.11 layer 1026 * knows this means the sender wasn't in the node table and 1027 * acts accordingly. 1028 */ 1029 struct ieee80211_node * 1030 #ifdef IEEE80211_DEBUG_REFCNT 1031 ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1032 const struct ieee80211_frame_min *wh, const char *func, int line) 1033 #else 1034 ieee80211_find_rxnode(struct ieee80211com *ic, 1035 const struct ieee80211_frame_min *wh) 1036 #endif 1037 { 1038 #define IS_CTL(wh) \ 1039 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1040 #define IS_PSPOLL(wh) \ 1041 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1042 struct ieee80211_node_table *nt; 1043 struct ieee80211_node *ni; 1044 1045 /* XXX may want scanned nodes in the neighbor table for adhoc */ 1046 if (ic->ic_opmode == IEEE80211_M_STA || 1047 ic->ic_opmode == IEEE80211_M_MONITOR || 1048 (ic->ic_flags & IEEE80211_F_SCAN)) 1049 nt = &ic->ic_scan; 1050 else 1051 nt = &ic->ic_sta; 1052 /* XXX check ic_bss first in station mode */ 1053 /* XXX 4-address frames? */ 1054 IEEE80211_NODE_LOCK(nt); 1055 if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/) 1056 ni = _ieee80211_find_node(nt, wh->i_addr1); 1057 else 1058 ni = _ieee80211_find_node(nt, wh->i_addr2); 1059 IEEE80211_NODE_UNLOCK(nt); 1060 1061 return (ni != NULL ? ni : ieee80211_ref_node(ic->ic_bss)); 1062 #undef IS_PSPOLL 1063 #undef IS_CTL 1064 } 1065 1066 /* 1067 * Return a reference to the appropriate node for sending 1068 * a data frame. This handles node discovery in adhoc networks. 1069 */ 1070 struct ieee80211_node * 1071 #ifdef IEEE80211_DEBUG_REFCNT 1072 ieee80211_find_txnode_debug(struct ieee80211com *ic, const u_int8_t *macaddr, 1073 const char *func, int line) 1074 #else 1075 ieee80211_find_txnode(struct ieee80211com *ic, const u_int8_t *macaddr) 1076 #endif 1077 { 1078 struct ieee80211_node_table *nt = &ic->ic_sta; 1079 struct ieee80211_node *ni; 1080 1081 /* 1082 * The destination address should be in the node table 1083 * unless we are operating in station mode or this is a 1084 * multicast/broadcast frame. 1085 */ 1086 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 1087 return ieee80211_ref_node(ic->ic_bss); 1088 1089 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1090 IEEE80211_NODE_LOCK(nt); 1091 ni = _ieee80211_find_node(nt, macaddr); 1092 IEEE80211_NODE_UNLOCK(nt); 1093 1094 if (ni == NULL) { 1095 if (ic->ic_opmode == IEEE80211_M_IBSS || 1096 ic->ic_opmode == IEEE80211_M_AHDEMO) { 1097 /* 1098 * In adhoc mode cons up a node for the destination. 1099 * Note that we need an additional reference for the 1100 * caller to be consistent with _ieee80211_find_node. 1101 */ 1102 ni = ieee80211_fakeup_adhoc_node(nt, macaddr); 1103 if (ni != NULL) 1104 (void) ieee80211_ref_node(ni); 1105 } else { 1106 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, 1107 "[%s] no node, discard frame (%s)\n", 1108 ether_sprintf(macaddr), __func__); 1109 ic->ic_stats.is_tx_nonode++; 1110 } 1111 } 1112 return ni; 1113 } 1114 1115 /* 1116 * Like find but search based on the channel too. 1117 */ 1118 struct ieee80211_node * 1119 #ifdef IEEE80211_DEBUG_REFCNT 1120 ieee80211_find_node_with_channel_debug(struct ieee80211_node_table *nt, 1121 const u_int8_t *macaddr, struct ieee80211_channel *chan, 1122 const char *func, int line) 1123 #else 1124 ieee80211_find_node_with_channel(struct ieee80211_node_table *nt, 1125 const u_int8_t *macaddr, struct ieee80211_channel *chan) 1126 #endif 1127 { 1128 struct ieee80211_node *ni; 1129 int hash; 1130 1131 hash = IEEE80211_NODE_HASH(macaddr); 1132 IEEE80211_NODE_LOCK(nt); 1133 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1134 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1135 ni->ni_chan == chan) { 1136 ieee80211_ref_node(ni); /* mark referenced */ 1137 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1138 #ifdef IEEE80211_DEBUG_REFCNT 1139 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1140 func, line, 1141 #else 1142 "%s %p<%s> refcnt %d\n", __func__, 1143 #endif 1144 ni, ether_sprintf(ni->ni_macaddr), 1145 ieee80211_node_refcnt(ni)); 1146 break; 1147 } 1148 } 1149 IEEE80211_NODE_UNLOCK(nt); 1150 return ni; 1151 } 1152 1153 /* 1154 * Like find but search based on the ssid too. 1155 */ 1156 struct ieee80211_node * 1157 #ifdef IEEE80211_DEBUG_REFCNT 1158 ieee80211_find_node_with_ssid_debug(struct ieee80211_node_table *nt, 1159 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid, 1160 const char *func, int line) 1161 #else 1162 ieee80211_find_node_with_ssid(struct ieee80211_node_table *nt, 1163 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid) 1164 #endif 1165 { 1166 struct ieee80211com *ic = nt->nt_ic; 1167 struct ieee80211_node *ni; 1168 int hash; 1169 1170 hash = IEEE80211_NODE_HASH(macaddr); 1171 IEEE80211_NODE_LOCK(nt); 1172 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1173 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1174 ni->ni_esslen == ic->ic_des_esslen && 1175 memcmp(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen) == 0) { 1176 ieee80211_ref_node(ni); /* mark referenced */ 1177 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1178 #ifdef IEEE80211_DEBUG_REFCNT 1179 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1180 func, line, 1181 #else 1182 "%s %p<%s> refcnt %d\n", __func__, 1183 #endif 1184 ni, ether_sprintf(ni->ni_macaddr), 1185 ieee80211_node_refcnt(ni)); 1186 break; 1187 } 1188 } 1189 IEEE80211_NODE_UNLOCK(nt); 1190 return ni; 1191 } 1192 1193 static void 1194 _ieee80211_free_node(struct ieee80211_node *ni) 1195 { 1196 struct ieee80211com *ic = ni->ni_ic; 1197 struct ieee80211_node_table *nt = ni->ni_table; 1198 1199 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1200 "%s %p<%s> in %s table\n", __func__, ni, 1201 ether_sprintf(ni->ni_macaddr), 1202 nt != NULL ? nt->nt_name : "<gone>"); 1203 1204 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1205 if (nt != NULL) { 1206 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1207 LIST_REMOVE(ni, ni_hash); 1208 } 1209 ic->ic_node_free(ni); 1210 } 1211 1212 void 1213 #ifdef IEEE80211_DEBUG_REFCNT 1214 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1215 #else 1216 ieee80211_free_node(struct ieee80211_node *ni) 1217 #endif 1218 { 1219 struct ieee80211_node_table *nt = ni->ni_table; 1220 1221 #ifdef IEEE80211_DEBUG_REFCNT 1222 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1223 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1224 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1225 #endif 1226 if (ieee80211_node_dectestref(ni)) { 1227 /* 1228 * Beware; if the node is marked gone then it's already 1229 * been removed from the table and we cannot assume the 1230 * table still exists. Regardless, there's no need to lock 1231 * the table. 1232 */ 1233 if (ni->ni_table != NULL) { 1234 IEEE80211_NODE_LOCK(nt); 1235 _ieee80211_free_node(ni); 1236 IEEE80211_NODE_UNLOCK(nt); 1237 } else 1238 _ieee80211_free_node(ni); 1239 } 1240 } 1241 1242 /* 1243 * Reclaim a node. If this is the last reference count then 1244 * do the normal free work. Otherwise remove it from the node 1245 * table and mark it gone by clearing the back-reference. 1246 */ 1247 static void 1248 node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1249 { 1250 1251 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1252 "%s: remove %p<%s> from %s table, refcnt %d\n", 1253 __func__, ni, ether_sprintf(ni->ni_macaddr), 1254 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1255 if (!ieee80211_node_dectestref(ni)) { 1256 /* 1257 * Other references are present, just remove the 1258 * node from the table so it cannot be found. When 1259 * the references are dropped storage will be 1260 * reclaimed. 1261 */ 1262 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1263 LIST_REMOVE(ni, ni_hash); 1264 ni->ni_table = NULL; /* clear reference */ 1265 } else 1266 _ieee80211_free_node(ni); 1267 } 1268 1269 static void 1270 ieee80211_free_allnodes_locked(struct ieee80211_node_table *nt) 1271 { 1272 struct ieee80211com *ic = nt->nt_ic; 1273 struct ieee80211_node *ni; 1274 1275 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1276 "%s: free all nodes in %s table\n", __func__, nt->nt_name); 1277 1278 while ((ni = TAILQ_FIRST(&nt->nt_node)) != NULL) { 1279 if (ni->ni_associd != 0) { 1280 if (ic->ic_auth->ia_node_leave != NULL) 1281 ic->ic_auth->ia_node_leave(ic, ni); 1282 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1283 } 1284 node_reclaim(nt, ni); 1285 } 1286 ieee80211_reset_erp(ic); 1287 } 1288 1289 static void 1290 ieee80211_free_allnodes(struct ieee80211_node_table *nt) 1291 { 1292 1293 IEEE80211_NODE_LOCK(nt); 1294 ieee80211_free_allnodes_locked(nt); 1295 IEEE80211_NODE_UNLOCK(nt); 1296 } 1297 1298 /* 1299 * Timeout entries in the scan cache. 1300 */ 1301 static void 1302 ieee80211_timeout_scan_candidates(struct ieee80211_node_table *nt) 1303 { 1304 struct ieee80211com *ic = nt->nt_ic; 1305 struct ieee80211_node *ni, *tni; 1306 1307 IEEE80211_NODE_LOCK(nt); 1308 ni = ic->ic_bss; 1309 /* XXX belongs elsewhere */ 1310 if (ni->ni_rxfrag[0] != NULL && ticks > ni->ni_rxfragstamp + hz) { 1311 m_freem(ni->ni_rxfrag[0]); 1312 ni->ni_rxfrag[0] = NULL; 1313 } 1314 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, tni) { 1315 if (ni->ni_inact && --ni->ni_inact == 0) { 1316 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1317 "[%s] scan candidate purged from cache " 1318 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1319 ieee80211_node_refcnt(ni)); 1320 node_reclaim(nt, ni); 1321 } 1322 } 1323 IEEE80211_NODE_UNLOCK(nt); 1324 1325 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1326 } 1327 1328 /* 1329 * Timeout inactive stations and do related housekeeping. 1330 * Note that we cannot hold the node lock while sending a 1331 * frame as this would lead to a LOR. Instead we use a 1332 * generation number to mark nodes that we've scanned and 1333 * drop the lock and restart a scan if we have to time out 1334 * a node. Since we are single-threaded by virtue of 1335 * controlling the inactivity timer we can be sure this will 1336 * process each node only once. 1337 */ 1338 static void 1339 ieee80211_timeout_stations(struct ieee80211_node_table *nt) 1340 { 1341 struct ieee80211com *ic = nt->nt_ic; 1342 struct ieee80211_node *ni; 1343 u_int gen; 1344 1345 IEEE80211_SCAN_LOCK(nt); 1346 gen = nt->nt_scangen++; 1347 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1348 "%s: %s scangen %u\n", __func__, nt->nt_name, gen); 1349 restart: 1350 IEEE80211_NODE_LOCK(nt); 1351 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1352 if (ni->ni_scangen == gen) /* previously handled */ 1353 continue; 1354 ni->ni_scangen = gen; 1355 /* 1356 * Free fragment if not needed anymore 1357 * (last fragment older than 1s). 1358 * XXX doesn't belong here 1359 */ 1360 if (ni->ni_rxfrag[0] != NULL && 1361 ticks > ni->ni_rxfragstamp + hz) { 1362 m_freem(ni->ni_rxfrag[0]); 1363 ni->ni_rxfrag[0] = NULL; 1364 } 1365 /* 1366 * Special case ourself; we may be idle for extended periods 1367 * of time and regardless reclaiming our state is wrong. 1368 */ 1369 if (ni == ic->ic_bss) 1370 continue; 1371 ni->ni_inact--; 1372 if (ni->ni_associd != 0) { 1373 /* 1374 * Age frames on the power save queue. The 1375 * aging interval is 4 times the listen 1376 * interval specified by the station. This 1377 * number is factored into the age calculations 1378 * when the frame is placed on the queue. We 1379 * store ages as time differences we can check 1380 * and/or adjust only the head of the list. 1381 */ 1382 if (IEEE80211_NODE_SAVEQ_QLEN(ni) != 0) { 1383 struct mbuf *m; 1384 int discard = 0; 1385 1386 IEEE80211_NODE_SAVEQ_LOCK(ni); 1387 while (IF_POLL(&ni->ni_savedq, m) != NULL && 1388 M_AGE_GET(m) < IEEE80211_INACT_WAIT) { 1389 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, "[%s] discard frame, age %u\n", ether_sprintf(ni->ni_macaddr), M_AGE_GET(m));/*XXX*/ 1390 _IEEE80211_NODE_SAVEQ_DEQUEUE_HEAD(ni, m); 1391 m_freem(m); 1392 discard++; 1393 } 1394 if (m != NULL) 1395 M_AGE_SUB(m, IEEE80211_INACT_WAIT); 1396 IEEE80211_NODE_SAVEQ_UNLOCK(ni); 1397 1398 if (discard != 0) { 1399 IEEE80211_DPRINTF(ic, 1400 IEEE80211_MSG_POWER, 1401 "[%s] discard %u frames for age\n", 1402 ether_sprintf(ni->ni_macaddr), 1403 discard); 1404 IEEE80211_NODE_STAT_ADD(ni, 1405 ps_discard, discard); 1406 if (IEEE80211_NODE_SAVEQ_QLEN(ni) == 0) 1407 ic->ic_set_tim(ic, ni, 0); 1408 } 1409 } 1410 /* 1411 * Probe the station before time it out. We 1412 * send a null data frame which may not be 1413 * universally supported by drivers (need it 1414 * for ps-poll support so it should be...). 1415 */ 1416 if (0 < ni->ni_inact && 1417 ni->ni_inact <= ic->ic_inact_probe) { 1418 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1419 "[%s] probe station due to inactivity\n", 1420 ether_sprintf(ni->ni_macaddr)); 1421 IEEE80211_NODE_UNLOCK(nt); 1422 ieee80211_send_nulldata(ic, ni); 1423 /* XXX stat? */ 1424 goto restart; 1425 } 1426 } 1427 if (ni->ni_inact <= 0) { 1428 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1429 "[%s] station timed out due to inactivity " 1430 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1431 ieee80211_node_refcnt(ni)); 1432 /* 1433 * Send a deauthenticate frame and drop the station. 1434 * This is somewhat complicated due to reference counts 1435 * and locking. At this point a station will typically 1436 * have a reference count of 1. ieee80211_node_leave 1437 * will do a "free" of the node which will drop the 1438 * reference count. But in the meantime a reference 1439 * wil be held by the deauth frame. The actual reclaim 1440 * of the node will happen either after the tx is 1441 * completed or by ieee80211_node_leave. 1442 * 1443 * Separately we must drop the node lock before sending 1444 * in case the driver takes a lock, as this will result 1445 * in LOR between the node lock and the driver lock. 1446 */ 1447 IEEE80211_NODE_UNLOCK(nt); 1448 if (ni->ni_associd != 0) { 1449 IEEE80211_SEND_MGMT(ic, ni, 1450 IEEE80211_FC0_SUBTYPE_DEAUTH, 1451 IEEE80211_REASON_AUTH_EXPIRE); 1452 } 1453 ieee80211_node_leave(ic, ni); 1454 ic->ic_stats.is_node_timeout++; 1455 goto restart; 1456 } 1457 } 1458 IEEE80211_NODE_UNLOCK(nt); 1459 1460 IEEE80211_SCAN_UNLOCK(nt); 1461 1462 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1463 } 1464 1465 void 1466 ieee80211_iterate_nodes(struct ieee80211_node_table *nt, ieee80211_iter_func *f, void *arg) 1467 { 1468 struct ieee80211_node *ni; 1469 u_int gen; 1470 1471 IEEE80211_SCAN_LOCK(nt); 1472 gen = nt->nt_scangen++; 1473 restart: 1474 IEEE80211_NODE_LOCK(nt); 1475 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1476 if (ni->ni_scangen != gen) { 1477 ni->ni_scangen = gen; 1478 (void) ieee80211_ref_node(ni); 1479 IEEE80211_NODE_UNLOCK(nt); 1480 (*f)(arg, ni); 1481 ieee80211_free_node(ni); 1482 goto restart; 1483 } 1484 } 1485 IEEE80211_NODE_UNLOCK(nt); 1486 1487 IEEE80211_SCAN_UNLOCK(nt); 1488 } 1489 1490 void 1491 ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1492 { 1493 printf("0x%p: mac %s refcnt %d\n", ni, 1494 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 1495 printf("\tscangen %u authmode %u flags 0x%x\n", 1496 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 1497 printf("\tassocid 0x%x txpower %u vlan %u\n", 1498 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 1499 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 1500 ni->ni_txseqs[0], 1501 ni->ni_rxseqs[0] >> IEEE80211_SEQ_SEQ_SHIFT, 1502 ni->ni_rxseqs[0] & IEEE80211_SEQ_FRAG_MASK, 1503 ni->ni_rxfragstamp); 1504 printf("\trstamp %u rssi %u intval %u capinfo 0x%x\n", 1505 ni->ni_rstamp, ni->ni_rssi, ni->ni_intval, ni->ni_capinfo); 1506 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 1507 ether_sprintf(ni->ni_bssid), 1508 ni->ni_esslen, ni->ni_essid, 1509 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 1510 printf("\tfails %u inact %u txrate %u\n", 1511 ni->ni_fails, ni->ni_inact, ni->ni_txrate); 1512 } 1513 1514 void 1515 ieee80211_dump_nodes(struct ieee80211_node_table *nt) 1516 { 1517 ieee80211_iterate_nodes(nt, 1518 (ieee80211_iter_func *) ieee80211_dump_node, nt); 1519 } 1520 1521 /* 1522 * Handle a station joining an 11g network. 1523 */ 1524 static void 1525 ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1526 { 1527 1528 /* 1529 * Station isn't capable of short slot time. Bump 1530 * the count of long slot time stations and disable 1531 * use of short slot time. Note that the actual switch 1532 * over to long slot time use may not occur until the 1533 * next beacon transmission (per sec. 7.3.1.4 of 11g). 1534 */ 1535 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 1536 ic->ic_longslotsta++; 1537 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1538 "[%s] station needs long slot time, count %d\n", 1539 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 1540 /* XXX vap's w/ conflicting needs won't work */ 1541 ieee80211_set_shortslottime(ic, 0); 1542 } 1543 /* 1544 * If the new station is not an ERP station 1545 * then bump the counter and enable protection 1546 * if configured. 1547 */ 1548 if (!ieee80211_iserp_rateset(ic, &ni->ni_rates)) { 1549 ic->ic_nonerpsta++; 1550 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1551 "[%s] station is !ERP, %d non-ERP stations associated\n", 1552 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 1553 /* 1554 * If protection is configured, enable it. 1555 */ 1556 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 1557 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1558 "%s: enable use of protection\n", __func__); 1559 ic->ic_flags |= IEEE80211_F_USEPROT; 1560 } 1561 /* 1562 * If station does not support short preamble 1563 * then we must enable use of Barker preamble. 1564 */ 1565 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 1566 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1567 "[%s] station needs long preamble\n", 1568 ether_sprintf(ni->ni_macaddr)); 1569 ic->ic_flags |= IEEE80211_F_USEBARKER; 1570 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 1571 } 1572 } else 1573 ni->ni_flags |= IEEE80211_NODE_ERP; 1574 } 1575 1576 void 1577 ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, int resp) 1578 { 1579 int newassoc; 1580 1581 if (ni->ni_associd == 0) { 1582 u_int16_t aid; 1583 1584 /* 1585 * It would be good to search the bitmap 1586 * more efficiently, but this will do for now. 1587 */ 1588 for (aid = 1; aid < ic->ic_max_aid; aid++) { 1589 if (!IEEE80211_AID_ISSET(aid, 1590 ic->ic_aid_bitmap)) 1591 break; 1592 } 1593 if (aid >= ic->ic_max_aid) { 1594 IEEE80211_SEND_MGMT(ic, ni, resp, 1595 IEEE80211_REASON_ASSOC_TOOMANY); 1596 ieee80211_node_leave(ic, ni); 1597 return; 1598 } 1599 ni->ni_associd = aid | 0xc000; 1600 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 1601 ic->ic_sta_assoc++; 1602 newassoc = 1; 1603 if (ic->ic_curmode == IEEE80211_MODE_11G || 1604 ic->ic_curmode == IEEE80211_MODE_TURBO_G) 1605 ieee80211_node_join_11g(ic, ni); 1606 } else 1607 newassoc = 0; 1608 1609 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 1610 "[%s] station %sassociated at aid %d: %s preamble, %s slot time%s%s\n", 1611 ether_sprintf(ni->ni_macaddr), newassoc ? "" : "re", 1612 IEEE80211_NODE_AID(ni), 1613 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 1614 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 1615 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 1616 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "" 1617 ); 1618 1619 /* give driver a chance to setup state like ni_txrate */ 1620 if (ic->ic_newassoc != NULL) 1621 ic->ic_newassoc(ic, ni, newassoc); 1622 ni->ni_inact_reload = ic->ic_inact_auth; 1623 ni->ni_inact = ni->ni_inact_reload; 1624 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 1625 /* tell the authenticator about new station */ 1626 if (ic->ic_auth->ia_node_join != NULL) 1627 ic->ic_auth->ia_node_join(ic, ni); 1628 ieee80211_notify_node_join(ic, ni, newassoc); 1629 } 1630 1631 /* 1632 * Handle a station leaving an 11g network. 1633 */ 1634 static void 1635 ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1636 { 1637 1638 KASSERT(ic->ic_curmode == IEEE80211_MODE_11G || 1639 ic->ic_curmode == IEEE80211_MODE_TURBO_G, 1640 ("not in 11g, curmode %x", ic->ic_curmode)); 1641 1642 /* 1643 * If a long slot station do the slot time bookkeeping. 1644 */ 1645 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 1646 KASSERT(ic->ic_longslotsta > 0, 1647 ("bogus long slot station count %d", ic->ic_longslotsta)); 1648 ic->ic_longslotsta--; 1649 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1650 "[%s] long slot time station leaves, count now %d\n", 1651 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 1652 if (ic->ic_longslotsta == 0) { 1653 /* 1654 * Re-enable use of short slot time if supported 1655 * and not operating in IBSS mode (per spec). 1656 */ 1657 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 1658 ic->ic_opmode != IEEE80211_M_IBSS) { 1659 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1660 "%s: re-enable use of short slot time\n", 1661 __func__); 1662 ieee80211_set_shortslottime(ic, 1); 1663 } 1664 } 1665 } 1666 /* 1667 * If a non-ERP station do the protection-related bookkeeping. 1668 */ 1669 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 1670 KASSERT(ic->ic_nonerpsta > 0, 1671 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 1672 ic->ic_nonerpsta--; 1673 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1674 "[%s] non-ERP station leaves, count now %d\n", 1675 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 1676 if (ic->ic_nonerpsta == 0) { 1677 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1678 "%s: disable use of protection\n", __func__); 1679 ic->ic_flags &= ~IEEE80211_F_USEPROT; 1680 /* XXX verify mode? */ 1681 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 1682 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1683 "%s: re-enable use of short preamble\n", 1684 __func__); 1685 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 1686 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 1687 } 1688 } 1689 } 1690 } 1691 1692 /* 1693 * Handle bookkeeping for station deauthentication/disassociation 1694 * when operating as an ap. 1695 */ 1696 void 1697 ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 1698 { 1699 struct ieee80211_node_table *nt = ni->ni_table; 1700 1701 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 1702 "[%s] station with aid %d leaves\n", 1703 ether_sprintf(ni->ni_macaddr), IEEE80211_NODE_AID(ni)); 1704 1705 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 1706 ic->ic_opmode == IEEE80211_M_IBSS || 1707 ic->ic_opmode == IEEE80211_M_AHDEMO, 1708 ("unexpected operating mode %u", ic->ic_opmode)); 1709 /* 1710 * If node wasn't previously associated all 1711 * we need to do is reclaim the reference. 1712 */ 1713 /* XXX ibss mode bypasses 11g and notification */ 1714 if (ni->ni_associd == 0) 1715 goto done; 1716 /* 1717 * Tell the authenticator the station is leaving. 1718 * Note that we must do this before yanking the 1719 * association id as the authenticator uses the 1720 * associd to locate it's state block. 1721 */ 1722 if (ic->ic_auth->ia_node_leave != NULL) 1723 ic->ic_auth->ia_node_leave(ic, ni); 1724 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1725 ni->ni_associd = 0; 1726 ic->ic_sta_assoc--; 1727 1728 if (ic->ic_curmode == IEEE80211_MODE_11G || 1729 ic->ic_curmode == IEEE80211_MODE_TURBO_G) 1730 ieee80211_node_leave_11g(ic, ni); 1731 /* 1732 * Cleanup station state. In particular clear various 1733 * state that might otherwise be reused if the node 1734 * is reused before the reference count goes to zero 1735 * (and memory is reclaimed). 1736 */ 1737 ieee80211_sta_leave(ic, ni); 1738 done: 1739 /* 1740 * Remove the node from any table it's recorded in and 1741 * drop the caller's reference. Removal from the table 1742 * is important to insure the node is not reprocessed 1743 * for inactivity. 1744 */ 1745 if (nt != NULL) { 1746 IEEE80211_NODE_LOCK(nt); 1747 node_reclaim(nt, ni); 1748 IEEE80211_NODE_UNLOCK(nt); 1749 } else 1750 ieee80211_free_node(ni); 1751 } 1752 1753 u_int8_t 1754 ieee80211_getrssi(struct ieee80211com *ic) 1755 { 1756 #define NZ(x) ((x) == 0 ? 1 : (x)) 1757 struct ieee80211_node_table *nt = &ic->ic_sta; 1758 u_int32_t rssi_samples, rssi_total; 1759 struct ieee80211_node *ni; 1760 1761 rssi_total = 0; 1762 rssi_samples = 0; 1763 switch (ic->ic_opmode) { 1764 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 1765 /* XXX locking */ 1766 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 1767 if (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) { 1768 rssi_samples++; 1769 rssi_total += ic->ic_node_getrssi(ni); 1770 } 1771 break; 1772 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 1773 /* XXX locking */ 1774 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1775 rssi_samples++; 1776 rssi_total += ic->ic_node_getrssi(ni); 1777 } 1778 break; 1779 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 1780 /* XXX locking */ 1781 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 1782 if (IEEE80211_AID(ni->ni_associd) != 0) { 1783 rssi_samples++; 1784 rssi_total += ic->ic_node_getrssi(ni); 1785 } 1786 break; 1787 case IEEE80211_M_MONITOR: /* XXX */ 1788 case IEEE80211_M_STA: /* use stats from associated ap */ 1789 default: 1790 if (ic->ic_bss != NULL) 1791 rssi_total = ic->ic_node_getrssi(ic->ic_bss); 1792 rssi_samples = 1; 1793 break; 1794 } 1795 return rssi_total / NZ(rssi_samples); 1796 #undef NZ 1797 } 1798 1799 /* 1800 * Indicate whether there are frames queued for a station in power-save mode. 1801 */ 1802 static void 1803 ieee80211_set_tim(struct ieee80211com *ic, struct ieee80211_node *ni, int set) 1804 { 1805 u_int16_t aid; 1806 1807 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 1808 ic->ic_opmode == IEEE80211_M_IBSS, 1809 ("operating mode %u", ic->ic_opmode)); 1810 1811 aid = IEEE80211_AID(ni->ni_associd); 1812 KASSERT(aid < ic->ic_max_aid, 1813 ("bogus aid %u, max %u", aid, ic->ic_max_aid)); 1814 1815 IEEE80211_BEACON_LOCK(ic); 1816 if (set != (isset(ic->ic_tim_bitmap, aid) != 0)) { 1817 if (set) { 1818 setbit(ic->ic_tim_bitmap, aid); 1819 ic->ic_ps_pending++; 1820 } else { 1821 clrbit(ic->ic_tim_bitmap, aid); 1822 ic->ic_ps_pending--; 1823 } 1824 ic->ic_flags |= IEEE80211_F_TIMUPDATE; 1825 } 1826 IEEE80211_BEACON_UNLOCK(ic); 1827 } 1828 1829 /* 1830 * Node table support. 1831 */ 1832 1833 static void 1834 ieee80211_node_table_init(struct ieee80211com *ic, 1835 struct ieee80211_node_table *nt, 1836 const char *name, int inact, 1837 void (*timeout)(struct ieee80211_node_table *)) 1838 { 1839 1840 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1841 "%s %s table, inact %u\n", __func__, name, inact); 1842 1843 nt->nt_ic = ic; 1844 /* XXX need unit */ 1845 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_ifp->if_xname); 1846 IEEE80211_SCAN_LOCK_INIT(nt, ic->ic_ifp->if_xname); 1847 TAILQ_INIT(&nt->nt_node); 1848 nt->nt_name = name; 1849 nt->nt_scangen = 1; 1850 nt->nt_inact_init = inact; 1851 nt->nt_timeout = timeout; 1852 } 1853 1854 void 1855 ieee80211_node_table_reset(struct ieee80211_node_table *nt) 1856 { 1857 1858 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1859 "%s %s table\n", __func__, nt->nt_name); 1860 1861 IEEE80211_NODE_LOCK(nt); 1862 nt->nt_inact_timer = 0; 1863 ieee80211_free_allnodes_locked(nt); 1864 IEEE80211_NODE_UNLOCK(nt); 1865 } 1866 1867 static void 1868 ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 1869 { 1870 1871 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1872 "%s %s table\n", __func__, nt->nt_name); 1873 1874 ieee80211_free_allnodes_locked(nt); 1875 IEEE80211_SCAN_LOCK_DESTROY(nt); 1876 IEEE80211_NODE_LOCK_DESTROY(nt); 1877 } 1878