1 /*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #include "opt_wlan.h" 31 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/mbuf.h> 35 #include <sys/malloc.h> 36 #include <sys/kernel.h> 37 38 #include <sys/socket.h> 39 40 #include <net/if.h> 41 #include <net/if_media.h> 42 #include <net/ethernet.h> 43 44 #include <net80211/ieee80211_var.h> 45 #include <net80211/ieee80211_input.h> 46 #include <net80211/ieee80211_wds.h> 47 48 #include <net/bpf.h> 49 50 /* 51 * Association id's are managed with a bit vector. 52 */ 53 #define IEEE80211_AID_SET(_vap, b) \ 54 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \ 55 (1 << (IEEE80211_AID(b) % 32))) 56 #define IEEE80211_AID_CLR(_vap, b) \ 57 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \ 58 ~(1 << (IEEE80211_AID(b) % 32))) 59 #define IEEE80211_AID_ISSET(_vap, b) \ 60 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 61 62 #ifdef IEEE80211_DEBUG_REFCNT 63 #define REFCNT_LOC "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line 64 #else 65 #define REFCNT_LOC "%s %p<%s> refcnt %d\n", __func__ 66 #endif 67 68 static int ieee80211_sta_join1(struct ieee80211_node *); 69 70 static struct ieee80211_node *node_alloc(struct ieee80211_node_table *); 71 static void node_cleanup(struct ieee80211_node *); 72 static void node_free(struct ieee80211_node *); 73 static void node_age(struct ieee80211_node *); 74 static int8_t node_getrssi(const struct ieee80211_node *); 75 static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *); 76 static void node_getmimoinfo(const struct ieee80211_node *, 77 struct ieee80211_mimo_info *); 78 79 static void _ieee80211_free_node(struct ieee80211_node *); 80 81 static void ieee80211_node_table_init(struct ieee80211com *ic, 82 struct ieee80211_node_table *nt, const char *name, 83 int inact, int keymaxix); 84 static void ieee80211_node_table_reset(struct ieee80211_node_table *, 85 struct ieee80211vap *); 86 static void ieee80211_node_reclaim(struct ieee80211_node *); 87 static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 88 static void ieee80211_erp_timeout(struct ieee80211com *); 89 90 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 91 MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie"); 92 93 void 94 ieee80211_node_attach(struct ieee80211com *ic) 95 { 96 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 97 IEEE80211_INACT_INIT, ic->ic_max_keyix); 98 callout_init(&ic->ic_inact, CALLOUT_MPSAFE); 99 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 100 ieee80211_node_timeout, ic); 101 102 ic->ic_node_alloc = node_alloc; 103 ic->ic_node_free = node_free; 104 ic->ic_node_cleanup = node_cleanup; 105 ic->ic_node_age = node_age; 106 ic->ic_node_drain = node_age; /* NB: same as age */ 107 ic->ic_node_getrssi = node_getrssi; 108 ic->ic_node_getsignal = node_getsignal; 109 ic->ic_node_getmimoinfo = node_getmimoinfo; 110 111 /* 112 * Set flags to be propagated to all vap's; 113 * these define default behaviour/configuration. 114 */ 115 ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */ 116 } 117 118 void 119 ieee80211_node_detach(struct ieee80211com *ic) 120 { 121 122 callout_drain(&ic->ic_inact); 123 ieee80211_node_table_cleanup(&ic->ic_sta); 124 } 125 126 void 127 ieee80211_node_vattach(struct ieee80211vap *vap) 128 { 129 /* NB: driver can override */ 130 vap->iv_max_aid = IEEE80211_AID_DEF; 131 132 /* default station inactivity timer setings */ 133 vap->iv_inact_init = IEEE80211_INACT_INIT; 134 vap->iv_inact_auth = IEEE80211_INACT_AUTH; 135 vap->iv_inact_run = IEEE80211_INACT_RUN; 136 vap->iv_inact_probe = IEEE80211_INACT_PROBE; 137 } 138 139 void 140 ieee80211_node_latevattach(struct ieee80211vap *vap) 141 { 142 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 143 /* XXX should we allow max aid to be zero? */ 144 if (vap->iv_max_aid < IEEE80211_AID_MIN) { 145 vap->iv_max_aid = IEEE80211_AID_MIN; 146 if_printf(vap->iv_ifp, 147 "WARNING: max aid too small, changed to %d\n", 148 vap->iv_max_aid); 149 } 150 MALLOC(vap->iv_aid_bitmap, uint32_t *, 151 howmany(vap->iv_max_aid, 32) * sizeof(uint32_t), 152 M_80211_NODE, M_NOWAIT | M_ZERO); 153 if (vap->iv_aid_bitmap == NULL) { 154 /* XXX no way to recover */ 155 printf("%s: no memory for AID bitmap, max aid %d!\n", 156 __func__, vap->iv_max_aid); 157 vap->iv_max_aid = 0; 158 } 159 } 160 161 ieee80211_reset_bss(vap); 162 163 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode); 164 } 165 166 void 167 ieee80211_node_vdetach(struct ieee80211vap *vap) 168 { 169 struct ieee80211com *ic = vap->iv_ic; 170 171 ieee80211_node_table_reset(&ic->ic_sta, vap); 172 if (vap->iv_bss != NULL) { 173 ieee80211_free_node(vap->iv_bss); 174 vap->iv_bss = NULL; 175 } 176 if (vap->iv_aid_bitmap != NULL) { 177 FREE(vap->iv_aid_bitmap, M_80211_NODE); 178 vap->iv_aid_bitmap = NULL; 179 } 180 } 181 182 /* 183 * Port authorize/unauthorize interfaces for use by an authenticator. 184 */ 185 186 void 187 ieee80211_node_authorize(struct ieee80211_node *ni) 188 { 189 ni->ni_flags |= IEEE80211_NODE_AUTH; 190 ni->ni_inact_reload = ni->ni_vap->iv_inact_run; 191 ni->ni_inact = ni->ni_inact_reload; 192 } 193 194 void 195 ieee80211_node_unauthorize(struct ieee80211_node *ni) 196 { 197 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 198 ni->ni_inact_reload = ni->ni_vap->iv_inact_auth; 199 if (ni->ni_inact > ni->ni_inact_reload) 200 ni->ni_inact = ni->ni_inact_reload; 201 } 202 203 /* 204 * Set/change the channel. The rate set is also updated as 205 * to insure a consistent view by drivers. 206 * XXX should be private but hostap needs it to deal with CSA 207 */ 208 void 209 ieee80211_node_set_chan(struct ieee80211_node *ni, 210 struct ieee80211_channel *chan) 211 { 212 struct ieee80211com *ic = ni->ni_ic; 213 214 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel")); 215 216 ni->ni_chan = chan; 217 if (IEEE80211_IS_CHAN_HT(chan)) { 218 /* 219 * XXX Gotta be careful here; the rate set returned by 220 * ieee80211_get_suprates is actually any HT rate 221 * set so blindly copying it will be bad. We must 222 * install the legacy rate est in ni_rates and the 223 * HT rate set in ni_htrates. 224 */ 225 ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan); 226 } 227 ni->ni_rates = *ieee80211_get_suprates(ic, chan); 228 } 229 230 static __inline void 231 copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 232 { 233 /* propagate useful state */ 234 nbss->ni_authmode = obss->ni_authmode; 235 nbss->ni_txpower = obss->ni_txpower; 236 nbss->ni_vlan = obss->ni_vlan; 237 /* XXX statistics? */ 238 /* XXX legacy WDS bssid? */ 239 } 240 241 void 242 ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan) 243 { 244 struct ieee80211com *ic = vap->iv_ic; 245 struct ieee80211_node *ni; 246 247 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 248 "%s: creating ibss on channel %u\n", __func__, 249 ieee80211_chan2ieee(ic, chan)); 250 251 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 252 if (ni == NULL) { 253 /* XXX recovery? */ 254 return; 255 } 256 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 257 ni->ni_esslen = vap->iv_des_ssid[0].len; 258 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 259 if (vap->iv_bss != NULL) 260 copy_bss(ni, vap->iv_bss); 261 ni->ni_intval = ic->ic_bintval; 262 if (vap->iv_flags & IEEE80211_F_PRIVACY) 263 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 264 if (ic->ic_phytype == IEEE80211_T_FH) { 265 ni->ni_fhdwell = 200; /* XXX */ 266 ni->ni_fhindex = 1; 267 } 268 if (vap->iv_opmode == IEEE80211_M_IBSS) { 269 vap->iv_flags |= IEEE80211_F_SIBSS; 270 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 271 if (vap->iv_flags & IEEE80211_F_DESBSSID) 272 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 273 else { 274 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN); 275 /* clear group bit, add local bit */ 276 ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02; 277 } 278 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 279 if (vap->iv_flags & IEEE80211_F_DESBSSID) 280 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 281 else 282 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN); 283 } 284 /* 285 * Fix the channel and related attributes. 286 */ 287 /* clear DFS CAC state on previous channel */ 288 if (ic->ic_bsschan != IEEE80211_CHAN_ANYC && 289 ic->ic_bsschan->ic_freq != chan->ic_freq && 290 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan)) 291 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan); 292 ic->ic_bsschan = chan; 293 ieee80211_node_set_chan(ni, chan); 294 ic->ic_curmode = ieee80211_chan2mode(chan); 295 /* 296 * Do mode-specific setup. 297 */ 298 if (IEEE80211_IS_CHAN_FULL(chan)) { 299 if (IEEE80211_IS_CHAN_ANYG(chan)) { 300 /* 301 * Use a mixed 11b/11g basic rate set. 302 */ 303 ieee80211_setbasicrates(&ni->ni_rates, 304 IEEE80211_MODE_11G); 305 if (vap->iv_flags & IEEE80211_F_PUREG) { 306 /* 307 * Also mark OFDM rates basic so 11b 308 * stations do not join (WiFi compliance). 309 */ 310 ieee80211_addbasicrates(&ni->ni_rates, 311 IEEE80211_MODE_11A); 312 } 313 } else if (IEEE80211_IS_CHAN_B(chan)) { 314 /* 315 * Force pure 11b rate set. 316 */ 317 ieee80211_setbasicrates(&ni->ni_rates, 318 IEEE80211_MODE_11B); 319 } 320 } 321 322 (void) ieee80211_sta_join1(ieee80211_ref_node(ni)); 323 } 324 325 /* 326 * Reset bss state on transition to the INIT state. 327 * Clear any stations from the table (they have been 328 * deauth'd) and reset the bss node (clears key, rate 329 * etc. state). 330 */ 331 void 332 ieee80211_reset_bss(struct ieee80211vap *vap) 333 { 334 struct ieee80211com *ic = vap->iv_ic; 335 struct ieee80211_node *ni, *obss; 336 337 ieee80211_node_table_reset(&ic->ic_sta, vap); 338 /* XXX multi-bss: wrong */ 339 ieee80211_reset_erp(ic); 340 341 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 342 KASSERT(ni != NULL, ("unable to setup inital BSS node")); 343 obss = vap->iv_bss; 344 vap->iv_bss = ieee80211_ref_node(ni); 345 if (obss != NULL) { 346 copy_bss(ni, obss); 347 ni->ni_intval = ic->ic_bintval; 348 ieee80211_free_node(obss); 349 } else 350 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 351 } 352 353 static int 354 match_ssid(const struct ieee80211_node *ni, 355 int nssid, const struct ieee80211_scan_ssid ssids[]) 356 { 357 int i; 358 359 for (i = 0; i < nssid; i++) { 360 if (ni->ni_esslen == ssids[i].len && 361 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0) 362 return 1; 363 } 364 return 0; 365 } 366 367 /* 368 * Test a node for suitability/compatibility. 369 */ 370 static int 371 check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni) 372 { 373 struct ieee80211com *ic = ni->ni_ic; 374 uint8_t rate; 375 376 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 377 return 0; 378 if (vap->iv_opmode == IEEE80211_M_IBSS) { 379 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 380 return 0; 381 } else { 382 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 383 return 0; 384 } 385 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 386 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 387 return 0; 388 } else { 389 /* XXX does this mean privacy is supported or required? */ 390 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 391 return 0; 392 } 393 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 394 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 395 if (rate & IEEE80211_RATE_BASIC) 396 return 0; 397 if (vap->iv_des_nssid != 0 && 398 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 399 return 0; 400 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 401 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 402 return 0; 403 return 1; 404 } 405 406 #ifdef IEEE80211_DEBUG 407 /* 408 * Display node suitability/compatibility. 409 */ 410 static void 411 check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni) 412 { 413 struct ieee80211com *ic = ni->ni_ic; 414 uint8_t rate; 415 int fail; 416 417 fail = 0; 418 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 419 fail |= 0x01; 420 if (vap->iv_opmode == IEEE80211_M_IBSS) { 421 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 422 fail |= 0x02; 423 } else { 424 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 425 fail |= 0x02; 426 } 427 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 428 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 429 fail |= 0x04; 430 } else { 431 /* XXX does this mean privacy is supported or required? */ 432 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 433 fail |= 0x04; 434 } 435 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 436 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 437 if (rate & IEEE80211_RATE_BASIC) 438 fail |= 0x08; 439 if (vap->iv_des_nssid != 0 && 440 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 441 fail |= 0x10; 442 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 443 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 444 fail |= 0x20; 445 446 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr)); 447 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' '); 448 printf(" %3d%c", 449 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' '); 450 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 451 fail & 0x08 ? '!' : ' '); 452 printf(" %4s%c", 453 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 454 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 455 "????", 456 fail & 0x02 ? '!' : ' '); 457 printf(" %3s%c ", 458 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no", 459 fail & 0x04 ? '!' : ' '); 460 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 461 printf("%s\n", fail & 0x10 ? "!" : ""); 462 } 463 #endif /* IEEE80211_DEBUG */ 464 465 /* 466 * Handle 802.11 ad hoc network merge. The 467 * convention, set by the Wireless Ethernet Compatibility Alliance 468 * (WECA), is that an 802.11 station will change its BSSID to match 469 * the "oldest" 802.11 ad hoc network, on the same channel, that 470 * has the station's desired SSID. The "oldest" 802.11 network 471 * sends beacons with the greatest TSF timestamp. 472 * 473 * The caller is assumed to validate TSF's before attempting a merge. 474 * 475 * Return !0 if the BSSID changed, 0 otherwise. 476 */ 477 int 478 ieee80211_ibss_merge(struct ieee80211_node *ni) 479 { 480 struct ieee80211vap *vap = ni->ni_vap; 481 #ifdef IEEE80211_DEBUG 482 struct ieee80211com *ic = ni->ni_ic; 483 #endif 484 485 if (ni == vap->iv_bss || 486 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) { 487 /* unchanged, nothing to do */ 488 return 0; 489 } 490 if (!check_bss(vap, ni)) { 491 /* capabilities mismatch */ 492 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 493 "%s: merge failed, capabilities mismatch\n", __func__); 494 #ifdef IEEE80211_DEBUG 495 if (ieee80211_msg_assoc(vap)) 496 check_bss_debug(vap, ni); 497 #endif 498 vap->iv_stats.is_ibss_capmismatch++; 499 return 0; 500 } 501 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 502 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 503 ether_sprintf(ni->ni_bssid), 504 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 505 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 506 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 507 ); 508 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 509 } 510 511 /* 512 * Calculate HT channel promotion flags for all vaps. 513 * This assumes ni_chan have been setup for each vap. 514 */ 515 static int 516 gethtadjustflags(struct ieee80211com *ic) 517 { 518 struct ieee80211vap *vap; 519 int flags; 520 521 flags = 0; 522 /* XXX locking */ 523 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 524 if (vap->iv_state < IEEE80211_S_RUN) 525 continue; 526 switch (vap->iv_opmode) { 527 case IEEE80211_M_WDS: 528 case IEEE80211_M_STA: 529 case IEEE80211_M_AHDEMO: 530 case IEEE80211_M_HOSTAP: 531 case IEEE80211_M_IBSS: 532 flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan); 533 break; 534 default: 535 break; 536 } 537 } 538 return flags; 539 } 540 541 /* 542 * Check if the current channel needs to change based on whether 543 * any vap's are using HT20/HT40. This is used sync the state of 544 * ic_curchan after a channel width change on a running vap. 545 */ 546 void 547 ieee80211_sync_curchan(struct ieee80211com *ic) 548 { 549 struct ieee80211_channel *c; 550 551 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic)); 552 if (c != ic->ic_curchan) { 553 ic->ic_curchan = c; 554 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 555 ic->ic_set_channel(ic); 556 } 557 } 558 559 /* 560 * Change the current channel. The request channel may be 561 * promoted if other vap's are operating with HT20/HT40. 562 */ 563 void 564 ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 565 { 566 if (ic->ic_htcaps & IEEE80211_HTC_HT) { 567 int flags = gethtadjustflags(ic); 568 /* 569 * Check for channel promotion required to support the 570 * set of running vap's. This assumes we are called 571 * after ni_chan is setup for each vap. 572 */ 573 /* NB: this assumes IEEE80211_FEXT_USEHT40 > IEEE80211_FEXT_HT */ 574 if (flags > ieee80211_htchanflags(c)) 575 c = ieee80211_ht_adjust_channel(ic, c, flags); 576 } 577 ic->ic_bsschan = ic->ic_curchan = c; 578 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 579 ic->ic_set_channel(ic); 580 } 581 582 /* 583 * Join the specified IBSS/BSS network. The node is assumed to 584 * be passed in with a held reference. 585 */ 586 static int 587 ieee80211_sta_join1(struct ieee80211_node *selbs) 588 { 589 struct ieee80211vap *vap = selbs->ni_vap; 590 struct ieee80211com *ic = selbs->ni_ic; 591 struct ieee80211_node *obss; 592 int canreassoc; 593 594 /* 595 * Committed to selbs, setup state. 596 */ 597 obss = vap->iv_bss; 598 /* 599 * Check if old+new node have the same address in which 600 * case we can reassociate when operating in sta mode. 601 */ 602 canreassoc = (obss != NULL && 603 vap->iv_state == IEEE80211_S_RUN && 604 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr)); 605 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt */ 606 if (obss != NULL) { 607 copy_bss(selbs, obss); 608 ieee80211_node_reclaim(obss); 609 obss = NULL; /* NB: guard against later use */ 610 } 611 612 /* 613 * Delete unusable rates; we've already checked 614 * that the negotiated rate set is acceptable. 615 */ 616 ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates, 617 IEEE80211_F_DODEL | IEEE80211_F_JOIN); 618 619 ieee80211_setcurchan(ic, selbs->ni_chan); 620 /* 621 * Set the erp state (mostly the slot time) to deal with 622 * the auto-select case; this should be redundant if the 623 * mode is locked. 624 */ 625 ieee80211_reset_erp(ic); 626 ieee80211_wme_initparams(vap); 627 628 if (vap->iv_opmode == IEEE80211_M_STA) { 629 if (canreassoc) { 630 /* Reassociate */ 631 ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1); 632 } else { 633 /* 634 * Act as if we received a DEAUTH frame in case we 635 * are invoked from the RUN state. This will cause 636 * us to try to re-authenticate if we are operating 637 * as a station. 638 */ 639 ieee80211_new_state(vap, IEEE80211_S_AUTH, 640 IEEE80211_FC0_SUBTYPE_DEAUTH); 641 } 642 } else 643 ieee80211_new_state(vap, IEEE80211_S_RUN, -1); 644 return 1; 645 } 646 647 int 648 ieee80211_sta_join(struct ieee80211vap *vap, 649 const struct ieee80211_scan_entry *se) 650 { 651 struct ieee80211com *ic = vap->iv_ic; 652 struct ieee80211_node *ni; 653 654 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr); 655 if (ni == NULL) { 656 /* XXX msg */ 657 return 0; 658 } 659 /* 660 * Expand scan state into node's format. 661 * XXX may not need all this stuff 662 */ 663 IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid); 664 ni->ni_esslen = se->se_ssid[1]; 665 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen); 666 ni->ni_rstamp = se->se_rstamp; 667 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 668 ni->ni_intval = se->se_intval; 669 ni->ni_capinfo = se->se_capinfo; 670 ni->ni_chan = se->se_chan; 671 ni->ni_timoff = se->se_timoff; 672 ni->ni_fhdwell = se->se_fhdwell; 673 ni->ni_fhindex = se->se_fhindex; 674 ni->ni_erp = se->se_erp; 675 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi); 676 ni->ni_noise = se->se_noise; 677 678 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) { 679 ieee80211_ies_expand(&ni->ni_ies); 680 if (ni->ni_ies.ath_ie != NULL) 681 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 682 if (ni->ni_ies.htcap_ie != NULL) 683 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 684 if (ni->ni_ies.htinfo_ie != NULL) 685 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 686 } 687 688 vap->iv_dtim_period = se->se_dtimperiod; 689 vap->iv_dtim_count = 0; 690 691 /* NB: must be after ni_chan is setup */ 692 ieee80211_setup_rates(ni, se->se_rates, se->se_xrates, 693 IEEE80211_F_DOSORT); 694 695 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 696 } 697 698 /* 699 * Leave the specified IBSS/BSS network. The node is assumed to 700 * be passed in with a held reference. 701 */ 702 void 703 ieee80211_sta_leave(struct ieee80211_node *ni) 704 { 705 struct ieee80211com *ic = ni->ni_ic; 706 707 ic->ic_node_cleanup(ni); 708 ieee80211_notify_node_leave(ni); 709 } 710 711 /* 712 * Send a deauthenticate frame and drop the station. 713 */ 714 void 715 ieee80211_node_deauth(struct ieee80211_node *ni, int reason) 716 { 717 /* NB: bump the refcnt to be sure temporay nodes are not reclaimed */ 718 ieee80211_ref_node(ni); 719 if (ni->ni_associd != 0) 720 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 721 ieee80211_node_leave(ni); 722 ieee80211_free_node(ni); 723 } 724 725 static struct ieee80211_node * 726 node_alloc(struct ieee80211_node_table *nt) 727 { 728 struct ieee80211_node *ni; 729 730 MALLOC(ni, struct ieee80211_node *, sizeof(struct ieee80211_node), 731 M_80211_NODE, M_NOWAIT | M_ZERO); 732 return ni; 733 } 734 735 /* 736 * Initialize an ie blob with the specified data. If previous 737 * data exists re-use the data block. As a side effect we clear 738 * all references to specific ie's; the caller is required to 739 * recalculate them. 740 */ 741 int 742 ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len) 743 { 744 /* NB: assumes data+len are the last fields */ 745 memset(ies, 0, offsetof(struct ieee80211_ies, data)); 746 if (ies->data != NULL && ies->len != len) { 747 /* data size changed */ 748 FREE(ies->data, M_80211_NODE_IE); 749 ies->data = NULL; 750 } 751 if (ies->data == NULL) { 752 MALLOC(ies->data, uint8_t *, len, M_80211_NODE_IE, M_NOWAIT); 753 if (ies->data == NULL) { 754 ies->len = 0; 755 /* NB: pointers have already been zero'd above */ 756 return 0; 757 } 758 } 759 memcpy(ies->data, data, len); 760 ies->len = len; 761 return 1; 762 } 763 764 /* 765 * Reclaim storage for an ie blob. 766 */ 767 void 768 ieee80211_ies_cleanup(struct ieee80211_ies *ies) 769 { 770 if (ies->data != NULL) 771 FREE(ies->data, M_80211_NODE_IE); 772 } 773 774 /* 775 * Expand an ie blob data contents and to fillin individual 776 * ie pointers. The data blob is assumed to be well-formed; 777 * we don't do any validity checking of ie lengths. 778 */ 779 void 780 ieee80211_ies_expand(struct ieee80211_ies *ies) 781 { 782 uint8_t *ie; 783 int ielen; 784 785 ie = ies->data; 786 ielen = ies->len; 787 while (ielen > 0) { 788 switch (ie[0]) { 789 case IEEE80211_ELEMID_VENDOR: 790 if (iswpaoui(ie)) 791 ies->wpa_ie = ie; 792 else if (iswmeoui(ie)) 793 ies->wme_ie = ie; 794 else if (isatherosoui(ie)) 795 ies->ath_ie = ie; 796 break; 797 case IEEE80211_ELEMID_RSN: 798 ies->rsn_ie = ie; 799 break; 800 case IEEE80211_ELEMID_HTCAP: 801 ies->htcap_ie = ie; 802 break; 803 } 804 ielen -= 2 + ie[1]; 805 ie += 2 + ie[1]; 806 } 807 } 808 809 /* 810 * Reclaim any resources in a node and reset any critical 811 * state. Typically nodes are free'd immediately after, 812 * but in some cases the storage may be reused so we need 813 * to insure consistent state (should probably fix that). 814 */ 815 static void 816 node_cleanup(struct ieee80211_node *ni) 817 { 818 #define N(a) (sizeof(a)/sizeof(a[0])) 819 struct ieee80211vap *vap = ni->ni_vap; 820 int i; 821 822 /* NB: preserve ni_table */ 823 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 824 if (vap->iv_opmode != IEEE80211_M_STA) 825 vap->iv_ps_sta--; 826 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 827 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni, 828 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta); 829 } 830 /* 831 * Cleanup any HT-related state. 832 */ 833 if (ni->ni_flags & IEEE80211_NODE_HT) 834 ieee80211_ht_node_cleanup(ni); 835 /* 836 * Clear AREF flag that marks the authorization refcnt bump 837 * has happened. This is probably not needed as the node 838 * should always be removed from the table so not found but 839 * do it just in case. 840 */ 841 ni->ni_flags &= ~IEEE80211_NODE_AREF; 842 843 /* 844 * Drain power save queue and, if needed, clear TIM. 845 */ 846 if (ieee80211_node_saveq_drain(ni) != 0 && vap->iv_set_tim != NULL) 847 vap->iv_set_tim(ni, 0); 848 849 ni->ni_associd = 0; 850 if (ni->ni_challenge != NULL) { 851 FREE(ni->ni_challenge, M_80211_NODE); 852 ni->ni_challenge = NULL; 853 } 854 /* 855 * Preserve SSID, WPA, and WME ie's so the bss node is 856 * reusable during a re-auth/re-assoc state transition. 857 * If we remove these data they will not be recreated 858 * because they come from a probe-response or beacon frame 859 * which cannot be expected prior to the association-response. 860 * This should not be an issue when operating in other modes 861 * as stations leaving always go through a full state transition 862 * which will rebuild this state. 863 * 864 * XXX does this leave us open to inheriting old state? 865 */ 866 for (i = 0; i < N(ni->ni_rxfrag); i++) 867 if (ni->ni_rxfrag[i] != NULL) { 868 m_freem(ni->ni_rxfrag[i]); 869 ni->ni_rxfrag[i] = NULL; 870 } 871 /* 872 * Must be careful here to remove any key map entry w/o a LOR. 873 */ 874 ieee80211_node_delucastkey(ni); 875 #undef N 876 } 877 878 static void 879 node_free(struct ieee80211_node *ni) 880 { 881 struct ieee80211com *ic = ni->ni_ic; 882 883 ic->ic_node_cleanup(ni); 884 ieee80211_ies_cleanup(&ni->ni_ies); 885 IEEE80211_NODE_SAVEQ_DESTROY(ni); 886 IEEE80211_NODE_WDSQ_DESTROY(ni); 887 FREE(ni, M_80211_NODE); 888 } 889 890 static void 891 node_age(struct ieee80211_node *ni) 892 { 893 struct ieee80211vap *vap = ni->ni_vap; 894 #if 0 895 IEEE80211_NODE_LOCK_ASSERT(&ic->ic_sta); 896 #endif 897 /* 898 * Age frames on the power save queue. 899 */ 900 if (ieee80211_node_saveq_age(ni) != 0 && 901 IEEE80211_NODE_SAVEQ_QLEN(ni) == 0 && 902 vap->iv_set_tim != NULL) 903 vap->iv_set_tim(ni, 0); 904 /* 905 * Age frames on the wds pending queue. 906 */ 907 if (IEEE80211_NODE_WDSQ_QLEN(ni) != 0) 908 ieee80211_node_wdsq_age(ni); 909 /* 910 * Age out HT resources (e.g. frames on the 911 * A-MPDU reorder queues). 912 */ 913 if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT)) 914 ieee80211_ht_node_age(ni); 915 } 916 917 static int8_t 918 node_getrssi(const struct ieee80211_node *ni) 919 { 920 uint32_t avgrssi = ni->ni_avgrssi; 921 int32_t rssi; 922 923 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) 924 return 0; 925 rssi = IEEE80211_RSSI_GET(avgrssi); 926 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 927 } 928 929 static void 930 node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise) 931 { 932 *rssi = node_getrssi(ni); 933 *noise = ni->ni_noise; 934 } 935 936 static void 937 node_getmimoinfo(const struct ieee80211_node *ni, 938 struct ieee80211_mimo_info *info) 939 { 940 /* XXX zero data? */ 941 } 942 943 struct ieee80211_node * 944 ieee80211_alloc_node(struct ieee80211_node_table *nt, 945 struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 946 { 947 struct ieee80211com *ic = nt->nt_ic; 948 struct ieee80211_node *ni; 949 int hash; 950 951 ni = ic->ic_node_alloc(nt); 952 if (ni == NULL) { 953 vap->iv_stats.is_rx_nodealloc++; 954 return NULL; 955 } 956 957 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 958 "%s %p<%s> in %s table\n", __func__, ni, 959 ether_sprintf(macaddr), nt->nt_name); 960 961 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 962 hash = IEEE80211_NODE_HASH(macaddr); 963 ieee80211_node_initref(ni); /* mark referenced */ 964 ni->ni_chan = IEEE80211_CHAN_ANYC; 965 ni->ni_authmode = IEEE80211_AUTH_OPEN; 966 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 967 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 968 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER; 969 ni->ni_inact_reload = nt->nt_inact_init; 970 ni->ni_inact = ni->ni_inact_reload; 971 ni->ni_ath_defkeyix = 0x7fff; 972 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 973 IEEE80211_NODE_WDSQ_INIT(ni, "unknown"); 974 975 IEEE80211_NODE_LOCK(nt); 976 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 977 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 978 ni->ni_table = nt; 979 ni->ni_vap = vap; 980 ni->ni_ic = ic; 981 IEEE80211_NODE_UNLOCK(nt); 982 983 return ni; 984 } 985 986 /* 987 * Craft a temporary node suitable for sending a management frame 988 * to the specified station. We craft only as much state as we 989 * need to do the work since the node will be immediately reclaimed 990 * once the send completes. 991 */ 992 struct ieee80211_node * 993 ieee80211_tmp_node(struct ieee80211vap *vap, 994 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 995 { 996 struct ieee80211com *ic = vap->iv_ic; 997 struct ieee80211_node *ni; 998 999 ni = ic->ic_node_alloc(&ic->ic_sta); 1000 if (ni != NULL) { 1001 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1002 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1003 1004 ni->ni_table = NULL; /* NB: pedantic */ 1005 ni->ni_ic = ic; /* NB: needed to set channel */ 1006 ni->ni_vap = vap; 1007 1008 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1009 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid); 1010 ieee80211_node_initref(ni); /* mark referenced */ 1011 /* NB: required by ieee80211_fix_rate */ 1012 ieee80211_node_set_chan(ni, vap->iv_bss->ni_chan); 1013 ni->ni_txpower = vap->iv_bss->ni_txpower; 1014 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, 1015 IEEE80211_KEYIX_NONE); 1016 /* XXX optimize away */ 1017 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 1018 IEEE80211_NODE_WDSQ_INIT(ni, "unknown"); 1019 } else { 1020 /* XXX msg */ 1021 vap->iv_stats.is_rx_nodealloc++; 1022 } 1023 return ni; 1024 } 1025 1026 struct ieee80211_node * 1027 ieee80211_dup_bss(struct ieee80211vap *vap, 1028 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1029 { 1030 struct ieee80211com *ic = vap->iv_ic; 1031 struct ieee80211_node *ni; 1032 1033 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr); 1034 if (ni != NULL) { 1035 /* 1036 * Inherit from iv_bss. 1037 */ 1038 ni->ni_authmode = vap->iv_bss->ni_authmode; 1039 ni->ni_txpower = vap->iv_bss->ni_txpower; 1040 ni->ni_vlan = vap->iv_bss->ni_vlan; /* XXX?? */ 1041 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid); 1042 ieee80211_node_set_chan(ni, vap->iv_bss->ni_chan); 1043 } 1044 return ni; 1045 } 1046 1047 /* 1048 * Create a bss node for a legacy WDS vap. The far end does 1049 * not associate so we just create create a new node and 1050 * simulate an association. The caller is responsible for 1051 * installing the node as the bss node and handling any further 1052 * setup work like authorizing the port. 1053 */ 1054 struct ieee80211_node * 1055 ieee80211_node_create_wds(struct ieee80211vap *vap, 1056 const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan) 1057 { 1058 struct ieee80211com *ic = vap->iv_ic; 1059 struct ieee80211_node *ni; 1060 1061 /* XXX check if node already in sta table? */ 1062 ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid); 1063 if (ni != NULL) { 1064 ni->ni_wdsvap = vap; 1065 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid); 1066 /* 1067 * Inherit any manually configured settings. 1068 */ 1069 ni->ni_authmode = vap->iv_bss->ni_authmode; 1070 ni->ni_txpower = vap->iv_bss->ni_txpower; 1071 ni->ni_vlan = vap->iv_bss->ni_vlan; 1072 ieee80211_node_set_chan(ni, chan); 1073 /* NB: propagate ssid so available to WPA supplicant */ 1074 ni->ni_esslen = vap->iv_des_ssid[0].len; 1075 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 1076 /* NB: no associd for peer */ 1077 /* 1078 * There are no management frames to use to 1079 * discover neighbor capabilities, so blindly 1080 * propagate the local configuration. 1081 */ 1082 if (vap->iv_flags & IEEE80211_F_WME) 1083 ni->ni_flags |= IEEE80211_NODE_QOS; 1084 if (vap->iv_flags & IEEE80211_F_FF) 1085 ni->ni_flags |= IEEE80211_NODE_FF; 1086 if ((ic->ic_htcaps & IEEE80211_HTC_HT) && 1087 (vap->iv_flags_ext & IEEE80211_FEXT_HT)) { 1088 /* 1089 * Device is HT-capable and HT is enabled for 1090 * the vap; setup HT operation. On return 1091 * ni_chan will be adjusted to an HT channel. 1092 */ 1093 ieee80211_ht_wds_init(ni); 1094 } else { 1095 struct ieee80211_channel *c = ni->ni_chan; 1096 /* 1097 * Force a legacy channel to be used. 1098 */ 1099 c = ieee80211_find_channel(ic, 1100 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT); 1101 KASSERT(c != NULL, ("no legacy channel, %u/%x", 1102 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags)); 1103 ni->ni_chan = c; 1104 } 1105 } 1106 return ni; 1107 } 1108 1109 struct ieee80211_node * 1110 #ifdef IEEE80211_DEBUG_REFCNT 1111 ieee80211_find_node_locked_debug(struct ieee80211_node_table *nt, 1112 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1113 #else 1114 ieee80211_find_node_locked(struct ieee80211_node_table *nt, 1115 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1116 #endif 1117 { 1118 struct ieee80211_node *ni; 1119 int hash; 1120 1121 IEEE80211_NODE_LOCK_ASSERT(nt); 1122 1123 hash = IEEE80211_NODE_HASH(macaddr); 1124 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1125 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1126 ieee80211_ref_node(ni); /* mark referenced */ 1127 #ifdef IEEE80211_DEBUG_REFCNT 1128 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1129 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1130 func, line, 1131 ni, ether_sprintf(ni->ni_macaddr), 1132 ieee80211_node_refcnt(ni)); 1133 #endif 1134 return ni; 1135 } 1136 } 1137 return NULL; 1138 } 1139 1140 struct ieee80211_node * 1141 #ifdef IEEE80211_DEBUG_REFCNT 1142 ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1143 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1144 #else 1145 ieee80211_find_node(struct ieee80211_node_table *nt, 1146 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1147 #endif 1148 { 1149 struct ieee80211_node *ni; 1150 1151 IEEE80211_NODE_LOCK(nt); 1152 ni = ieee80211_find_node_locked(nt, macaddr); 1153 IEEE80211_NODE_UNLOCK(nt); 1154 return ni; 1155 } 1156 1157 struct ieee80211_node * 1158 #ifdef IEEE80211_DEBUG_REFCNT 1159 ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table *nt, 1160 const struct ieee80211vap *vap, 1161 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1162 #else 1163 ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt, 1164 const struct ieee80211vap *vap, 1165 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1166 #endif 1167 { 1168 struct ieee80211_node *ni; 1169 int hash; 1170 1171 IEEE80211_NODE_LOCK_ASSERT(nt); 1172 1173 hash = IEEE80211_NODE_HASH(macaddr); 1174 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1175 if (ni->ni_vap == vap && 1176 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1177 ieee80211_ref_node(ni); /* mark referenced */ 1178 #ifdef IEEE80211_DEBUG_REFCNT 1179 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1180 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1181 func, line, 1182 ni, ether_sprintf(ni->ni_macaddr), 1183 ieee80211_node_refcnt(ni)); 1184 #endif 1185 return ni; 1186 } 1187 } 1188 return NULL; 1189 } 1190 1191 struct ieee80211_node * 1192 #ifdef IEEE80211_DEBUG_REFCNT 1193 ieee80211_find_vap_node_debug(struct ieee80211_node_table *nt, 1194 const struct ieee80211vap *vap, 1195 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1196 #else 1197 ieee80211_find_vap_node(struct ieee80211_node_table *nt, 1198 const struct ieee80211vap *vap, 1199 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1200 #endif 1201 { 1202 struct ieee80211_node *ni; 1203 1204 IEEE80211_NODE_LOCK(nt); 1205 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr); 1206 IEEE80211_NODE_UNLOCK(nt); 1207 return ni; 1208 } 1209 1210 /* 1211 * Fake up a node; this handles node discovery in adhoc mode. 1212 * Note that for the driver's benefit we we treat this like 1213 * an association so the driver has an opportunity to setup 1214 * it's private state. 1215 */ 1216 struct ieee80211_node * 1217 ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap, 1218 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1219 { 1220 struct ieee80211_node *ni; 1221 1222 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1223 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr)); 1224 ni = ieee80211_dup_bss(vap, macaddr); 1225 if (ni != NULL) { 1226 struct ieee80211com *ic = vap->iv_ic; 1227 1228 /* XXX no rate negotiation; just dup */ 1229 ni->ni_rates = vap->iv_bss->ni_rates; 1230 if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 1231 /* 1232 * In adhoc demo mode there are no management 1233 * frames to use to discover neighbor capabilities, 1234 * so blindly propagate the local configuration 1235 * so we can do interesting things (e.g. use 1236 * WME to disable ACK's). 1237 */ 1238 if (vap->iv_flags & IEEE80211_F_WME) 1239 ni->ni_flags |= IEEE80211_NODE_QOS; 1240 if (vap->iv_flags & IEEE80211_F_FF) 1241 ni->ni_flags |= IEEE80211_NODE_FF; 1242 } 1243 if (ic->ic_newassoc != NULL) 1244 ic->ic_newassoc(ni, 1); 1245 /* XXX not right for 802.1x/WPA */ 1246 ieee80211_node_authorize(ni); 1247 } 1248 return ni; 1249 } 1250 1251 void 1252 ieee80211_init_neighbor(struct ieee80211_node *ni, 1253 const struct ieee80211_frame *wh, 1254 const struct ieee80211_scanparams *sp) 1255 { 1256 ni->ni_esslen = sp->ssid[1]; 1257 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1258 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1259 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1260 ni->ni_intval = sp->bintval; 1261 ni->ni_capinfo = sp->capinfo; 1262 ni->ni_chan = ni->ni_ic->ic_curchan; 1263 ni->ni_fhdwell = sp->fhdwell; 1264 ni->ni_fhindex = sp->fhindex; 1265 ni->ni_erp = sp->erp; 1266 ni->ni_timoff = sp->timoff; 1267 1268 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) { 1269 ieee80211_ies_expand(&ni->ni_ies); 1270 if (ni->ni_ies.ath_ie != NULL) 1271 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 1272 } 1273 1274 /* NB: must be after ni_chan is setup */ 1275 ieee80211_setup_rates(ni, sp->rates, sp->xrates, 1276 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1277 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1278 } 1279 1280 /* 1281 * Do node discovery in adhoc mode on receipt of a beacon 1282 * or probe response frame. Note that for the driver's 1283 * benefit we we treat this like an association so the 1284 * driver has an opportunity to setup it's private state. 1285 */ 1286 struct ieee80211_node * 1287 ieee80211_add_neighbor(struct ieee80211vap *vap, 1288 const struct ieee80211_frame *wh, 1289 const struct ieee80211_scanparams *sp) 1290 { 1291 struct ieee80211_node *ni; 1292 1293 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1294 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2)); 1295 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */ 1296 if (ni != NULL) { 1297 struct ieee80211com *ic = vap->iv_ic; 1298 1299 ieee80211_init_neighbor(ni, wh, sp); 1300 if (ic->ic_newassoc != NULL) 1301 ic->ic_newassoc(ni, 1); 1302 /* XXX not right for 802.1x/WPA */ 1303 ieee80211_node_authorize(ni); 1304 } 1305 return ni; 1306 } 1307 1308 #define IS_CTL(wh) \ 1309 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1310 #define IS_PSPOLL(wh) \ 1311 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1312 #define IS_BAR(wh) \ 1313 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_BAR) 1314 1315 /* 1316 * Locate the node for sender, track state, and then pass the 1317 * (referenced) node up to the 802.11 layer for its use. We 1318 * are required to pass some node so we fall back to ic_bss 1319 * when this frame is from an unknown sender. The 802.11 layer 1320 * knows this means the sender wasn't in the node table and 1321 * acts accordingly. 1322 */ 1323 struct ieee80211_node * 1324 #ifdef IEEE80211_DEBUG_REFCNT 1325 ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1326 const struct ieee80211_frame_min *wh, const char *func, int line) 1327 #else 1328 ieee80211_find_rxnode(struct ieee80211com *ic, 1329 const struct ieee80211_frame_min *wh) 1330 #endif 1331 { 1332 struct ieee80211_node_table *nt; 1333 struct ieee80211_node *ni; 1334 1335 /* XXX 4-address frames? */ 1336 nt = &ic->ic_sta; 1337 IEEE80211_NODE_LOCK(nt); 1338 if (IS_CTL(wh) && !IS_PSPOLL(wh) && !IS_BAR(wh) /*&& !IS_RTS(ah)*/) 1339 ni = ieee80211_find_node_locked(nt, wh->i_addr1); 1340 else 1341 ni = ieee80211_find_node_locked(nt, wh->i_addr2); 1342 IEEE80211_NODE_UNLOCK(nt); 1343 1344 return ni; 1345 } 1346 1347 /* 1348 * Like ieee80211_find_rxnode but use the supplied h/w 1349 * key index as a hint to locate the node in the key 1350 * mapping table. If an entry is present at the key 1351 * index we return it; otherwise do a normal lookup and 1352 * update the mapping table if the station has a unicast 1353 * key assigned to it. 1354 */ 1355 struct ieee80211_node * 1356 #ifdef IEEE80211_DEBUG_REFCNT 1357 ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic, 1358 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix, 1359 const char *func, int line) 1360 #else 1361 ieee80211_find_rxnode_withkey(struct ieee80211com *ic, 1362 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix) 1363 #endif 1364 { 1365 struct ieee80211_node_table *nt; 1366 struct ieee80211_node *ni; 1367 1368 nt = &ic->ic_sta; 1369 IEEE80211_NODE_LOCK(nt); 1370 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) 1371 ni = nt->nt_keyixmap[keyix]; 1372 else 1373 ni = NULL; 1374 if (ni == NULL) { 1375 if (IS_CTL(wh) && !IS_PSPOLL(wh) && !IS_BAR(wh) /*&& !IS_RTS(ah)*/) 1376 ni = ieee80211_find_node_locked(nt, wh->i_addr1); 1377 else 1378 ni = ieee80211_find_node_locked(nt, wh->i_addr2); 1379 if (ni != NULL && nt->nt_keyixmap != NULL) { 1380 /* 1381 * If the station has a unicast key cache slot 1382 * assigned update the key->node mapping table. 1383 */ 1384 keyix = ni->ni_ucastkey.wk_rxkeyix; 1385 /* XXX can keyixmap[keyix] != NULL? */ 1386 if (keyix < nt->nt_keyixmax && 1387 nt->nt_keyixmap[keyix] == NULL) { 1388 IEEE80211_DPRINTF(ni->ni_vap, 1389 IEEE80211_MSG_NODE, 1390 "%s: add key map entry %p<%s> refcnt %d\n", 1391 __func__, ni, ether_sprintf(ni->ni_macaddr), 1392 ieee80211_node_refcnt(ni)+1); 1393 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1394 } 1395 } 1396 } else 1397 ieee80211_ref_node(ni); 1398 IEEE80211_NODE_UNLOCK(nt); 1399 1400 return ni; 1401 } 1402 #undef IS_BAR 1403 #undef IS_PSPOLL 1404 #undef IS_CTL 1405 1406 /* 1407 * Return a reference to the appropriate node for sending 1408 * a data frame. This handles node discovery in adhoc networks. 1409 */ 1410 struct ieee80211_node * 1411 #ifdef IEEE80211_DEBUG_REFCNT 1412 ieee80211_find_txnode_debug(struct ieee80211vap *vap, 1413 const uint8_t macaddr[IEEE80211_ADDR_LEN], 1414 const char *func, int line) 1415 #else 1416 ieee80211_find_txnode(struct ieee80211vap *vap, 1417 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1418 #endif 1419 { 1420 struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta; 1421 struct ieee80211_node *ni; 1422 1423 /* 1424 * The destination address should be in the node table 1425 * unless this is a multicast/broadcast frame. We can 1426 * also optimize station mode operation, all frames go 1427 * to the bss node. 1428 */ 1429 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1430 IEEE80211_NODE_LOCK(nt); 1431 if (vap->iv_opmode == IEEE80211_M_STA || 1432 vap->iv_opmode == IEEE80211_M_WDS || 1433 IEEE80211_IS_MULTICAST(macaddr)) 1434 ni = ieee80211_ref_node(vap->iv_bss); 1435 else { 1436 ni = ieee80211_find_node_locked(nt, macaddr); 1437 if (vap->iv_opmode == IEEE80211_M_HOSTAP && 1438 (ni != NULL && ni->ni_associd == 0)) { 1439 /* 1440 * Station is not associated; don't permit the 1441 * data frame to be sent by returning NULL. This 1442 * is kinda a kludge but the least intrusive way 1443 * to add this check into all drivers. 1444 */ 1445 ieee80211_unref_node(&ni); /* NB: null's ni */ 1446 } 1447 } 1448 IEEE80211_NODE_UNLOCK(nt); 1449 1450 if (ni == NULL) { 1451 if (vap->iv_opmode == IEEE80211_M_IBSS || 1452 vap->iv_opmode == IEEE80211_M_AHDEMO) { 1453 /* 1454 * In adhoc mode cons up a node for the destination. 1455 * Note that we need an additional reference for the 1456 * caller to be consistent with 1457 * ieee80211_find_node_locked. 1458 */ 1459 ni = ieee80211_fakeup_adhoc_node(vap, macaddr); 1460 if (ni != NULL) 1461 (void) ieee80211_ref_node(ni); 1462 } else { 1463 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr, 1464 "no node, discard frame (%s)", __func__); 1465 vap->iv_stats.is_tx_nonode++; 1466 } 1467 } 1468 return ni; 1469 } 1470 1471 static void 1472 _ieee80211_free_node(struct ieee80211_node *ni) 1473 { 1474 struct ieee80211vap *vap = ni->ni_vap; 1475 struct ieee80211_node_table *nt = ni->ni_table; 1476 1477 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1478 "%s %p<%s> in %s table\n", __func__, ni, 1479 ether_sprintf(ni->ni_macaddr), 1480 nt != NULL ? nt->nt_name : "<gone>"); 1481 1482 if (vap->iv_aid_bitmap != NULL) 1483 IEEE80211_AID_CLR(vap, ni->ni_associd); 1484 if (nt != NULL) { 1485 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1486 LIST_REMOVE(ni, ni_hash); 1487 } 1488 vap->iv_ic->ic_node_free(ni); 1489 } 1490 1491 void 1492 #ifdef IEEE80211_DEBUG_REFCNT 1493 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1494 #else 1495 ieee80211_free_node(struct ieee80211_node *ni) 1496 #endif 1497 { 1498 struct ieee80211_node_table *nt = ni->ni_table; 1499 1500 #ifdef IEEE80211_DEBUG_REFCNT 1501 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1502 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1503 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1504 #endif 1505 if (nt != NULL) { 1506 IEEE80211_NODE_LOCK(nt); 1507 if (ieee80211_node_dectestref(ni)) { 1508 /* 1509 * Last reference, reclaim state. 1510 */ 1511 _ieee80211_free_node(ni); 1512 } else if (ieee80211_node_refcnt(ni) == 1 && 1513 nt->nt_keyixmap != NULL) { 1514 ieee80211_keyix keyix; 1515 /* 1516 * Check for a last reference in the key mapping table. 1517 */ 1518 keyix = ni->ni_ucastkey.wk_rxkeyix; 1519 if (keyix < nt->nt_keyixmax && 1520 nt->nt_keyixmap[keyix] == ni) { 1521 IEEE80211_DPRINTF(ni->ni_vap, 1522 IEEE80211_MSG_NODE, 1523 "%s: %p<%s> clear key map entry", __func__, 1524 ni, ether_sprintf(ni->ni_macaddr)); 1525 nt->nt_keyixmap[keyix] = NULL; 1526 ieee80211_node_decref(ni); /* XXX needed? */ 1527 _ieee80211_free_node(ni); 1528 } 1529 } 1530 IEEE80211_NODE_UNLOCK(nt); 1531 } else { 1532 if (ieee80211_node_dectestref(ni)) 1533 _ieee80211_free_node(ni); 1534 } 1535 } 1536 1537 /* 1538 * Reclaim a unicast key and clear any key cache state. 1539 */ 1540 int 1541 ieee80211_node_delucastkey(struct ieee80211_node *ni) 1542 { 1543 struct ieee80211vap *vap = ni->ni_vap; 1544 /* XXX is ni_table safe? */ 1545 struct ieee80211_node_table *nt = &ni->ni_ic->ic_sta; 1546 struct ieee80211_node *nikey; 1547 ieee80211_keyix keyix; 1548 int isowned, status; 1549 1550 /* 1551 * NB: We must beware of LOR here; deleting the key 1552 * can cause the crypto layer to block traffic updates 1553 * which can generate a LOR against the node table lock; 1554 * grab it here and stash the key index for our use below. 1555 * 1556 * Must also beware of recursion on the node table lock. 1557 * When called from node_cleanup we may already have 1558 * the node table lock held. Unfortunately there's no 1559 * way to separate out this path so we must do this 1560 * conditionally. 1561 */ 1562 isowned = IEEE80211_NODE_IS_LOCKED(nt); 1563 if (!isowned) 1564 IEEE80211_NODE_LOCK(nt); 1565 keyix = ni->ni_ucastkey.wk_rxkeyix; 1566 status = ieee80211_crypto_delkey(vap, &ni->ni_ucastkey); 1567 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1568 nikey = nt->nt_keyixmap[keyix]; 1569 nt->nt_keyixmap[keyix] = NULL;; 1570 } else 1571 nikey = NULL; 1572 if (!isowned) 1573 IEEE80211_NODE_UNLOCK(nt); 1574 1575 if (nikey != NULL) { 1576 KASSERT(nikey == ni, 1577 ("key map out of sync, ni %p nikey %p", ni, nikey)); 1578 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1579 "%s: delete key map entry %p<%s> refcnt %d\n", 1580 __func__, ni, ether_sprintf(ni->ni_macaddr), 1581 ieee80211_node_refcnt(ni)-1); 1582 ieee80211_free_node(ni); 1583 } 1584 return status; 1585 } 1586 1587 /* 1588 * Reclaim a node. If this is the last reference count then 1589 * do the normal free work. Otherwise remove it from the node 1590 * table and mark it gone by clearing the back-reference. 1591 */ 1592 static void 1593 node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1594 { 1595 ieee80211_keyix keyix; 1596 1597 IEEE80211_NODE_LOCK_ASSERT(nt); 1598 1599 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1600 "%s: remove %p<%s> from %s table, refcnt %d\n", 1601 __func__, ni, ether_sprintf(ni->ni_macaddr), 1602 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1603 /* 1604 * Clear any entry in the unicast key mapping table. 1605 * We need to do it here so rx lookups don't find it 1606 * in the mapping table even if it's not in the hash 1607 * table. We cannot depend on the mapping table entry 1608 * being cleared because the node may not be free'd. 1609 */ 1610 keyix = ni->ni_ucastkey.wk_rxkeyix; 1611 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 1612 nt->nt_keyixmap[keyix] == ni) { 1613 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1614 "%s: %p<%s> clear key map entry\n", 1615 __func__, ni, ether_sprintf(ni->ni_macaddr)); 1616 nt->nt_keyixmap[keyix] = NULL; 1617 ieee80211_node_decref(ni); /* NB: don't need free */ 1618 } 1619 if (!ieee80211_node_dectestref(ni)) { 1620 /* 1621 * Other references are present, just remove the 1622 * node from the table so it cannot be found. When 1623 * the references are dropped storage will be 1624 * reclaimed. 1625 */ 1626 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1627 LIST_REMOVE(ni, ni_hash); 1628 ni->ni_table = NULL; /* clear reference */ 1629 } else 1630 _ieee80211_free_node(ni); 1631 } 1632 1633 /* 1634 * Reclaim a (bss) node. Decrement the refcnt and reclaim 1635 * the node if the only other reference to it is in the sta 1636 * table. This is effectively ieee80211_free_node followed 1637 * by node_reclaim when the refcnt is 1 (after the free). 1638 */ 1639 static void 1640 ieee80211_node_reclaim(struct ieee80211_node *ni) 1641 { 1642 struct ieee80211_node_table *nt = ni->ni_table; 1643 1644 KASSERT(nt != NULL, ("reclaim node not in table")); 1645 1646 #ifdef IEEE80211_DEBUG_REFCNT 1647 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1648 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1649 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1650 #endif 1651 IEEE80211_NODE_LOCK(nt); 1652 if (ieee80211_node_dectestref(ni)) { 1653 /* 1654 * Last reference, reclaim state. 1655 */ 1656 _ieee80211_free_node(ni); 1657 nt = NULL; 1658 } else if (ieee80211_node_refcnt(ni) == 1 && 1659 nt->nt_keyixmap != NULL) { 1660 ieee80211_keyix keyix; 1661 /* 1662 * Check for a last reference in the key mapping table. 1663 */ 1664 keyix = ni->ni_ucastkey.wk_rxkeyix; 1665 if (keyix < nt->nt_keyixmax && 1666 nt->nt_keyixmap[keyix] == ni) { 1667 IEEE80211_DPRINTF(ni->ni_vap, 1668 IEEE80211_MSG_NODE, 1669 "%s: %p<%s> clear key map entry", __func__, 1670 ni, ether_sprintf(ni->ni_macaddr)); 1671 nt->nt_keyixmap[keyix] = NULL; 1672 ieee80211_node_decref(ni); /* XXX needed? */ 1673 _ieee80211_free_node(ni); 1674 nt = NULL; 1675 } 1676 } 1677 if (nt != NULL && ieee80211_node_refcnt(ni) == 1) { 1678 /* 1679 * Last reference is in the sta table; complete 1680 * the reclaim. This handles bss nodes being 1681 * recycled: the node has two references, one for 1682 * iv_bss and one for the table. After dropping 1683 * the iv_bss ref above we need to reclaim the sta 1684 * table reference. 1685 */ 1686 ieee80211_node_decref(ni); /* NB: be pendantic */ 1687 _ieee80211_free_node(ni); 1688 } 1689 IEEE80211_NODE_UNLOCK(nt); 1690 } 1691 1692 /* 1693 * Node table support. 1694 */ 1695 1696 static void 1697 ieee80211_node_table_init(struct ieee80211com *ic, 1698 struct ieee80211_node_table *nt, 1699 const char *name, int inact, int keyixmax) 1700 { 1701 struct ifnet *ifp = ic->ic_ifp; 1702 1703 nt->nt_ic = ic; 1704 IEEE80211_NODE_LOCK_INIT(nt, ifp->if_xname); 1705 IEEE80211_NODE_ITERATE_LOCK_INIT(nt, ifp->if_xname); 1706 TAILQ_INIT(&nt->nt_node); 1707 nt->nt_name = name; 1708 nt->nt_scangen = 1; 1709 nt->nt_inact_init = inact; 1710 nt->nt_keyixmax = keyixmax; 1711 if (nt->nt_keyixmax > 0) { 1712 MALLOC(nt->nt_keyixmap, struct ieee80211_node **, 1713 keyixmax * sizeof(struct ieee80211_node *), 1714 M_80211_NODE, M_NOWAIT | M_ZERO); 1715 if (nt->nt_keyixmap == NULL) 1716 if_printf(ic->ic_ifp, 1717 "Cannot allocate key index map with %u entries\n", 1718 keyixmax); 1719 } else 1720 nt->nt_keyixmap = NULL; 1721 } 1722 1723 static void 1724 ieee80211_node_table_reset(struct ieee80211_node_table *nt, 1725 struct ieee80211vap *match) 1726 { 1727 struct ieee80211_node *ni, *next; 1728 1729 IEEE80211_NODE_LOCK(nt); 1730 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { 1731 if (match != NULL && ni->ni_vap != match) 1732 continue; 1733 /* XXX can this happen? if so need's work */ 1734 if (ni->ni_associd != 0) { 1735 struct ieee80211vap *vap = ni->ni_vap; 1736 1737 if (vap->iv_auth->ia_node_leave != NULL) 1738 vap->iv_auth->ia_node_leave(ni); 1739 if (vap->iv_aid_bitmap != NULL) 1740 IEEE80211_AID_CLR(vap, ni->ni_associd); 1741 } 1742 ni->ni_wdsvap = NULL; /* clear reference */ 1743 node_reclaim(nt, ni); 1744 } 1745 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) { 1746 /* 1747 * Make a separate pass to clear references to this vap 1748 * held by DWDS entries. They will not be matched above 1749 * because ni_vap will point to the ap vap but we still 1750 * need to clear ni_wdsvap when the WDS vap is destroyed 1751 * and/or reset. 1752 */ 1753 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) 1754 if (ni->ni_wdsvap == match) 1755 ni->ni_wdsvap = NULL; 1756 } 1757 IEEE80211_NODE_UNLOCK(nt); 1758 } 1759 1760 static void 1761 ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 1762 { 1763 ieee80211_node_table_reset(nt, NULL); 1764 if (nt->nt_keyixmap != NULL) { 1765 #ifdef DIAGNOSTIC 1766 /* XXX verify all entries are NULL */ 1767 int i; 1768 for (i = 0; i < nt->nt_keyixmax; i++) 1769 if (nt->nt_keyixmap[i] != NULL) 1770 printf("%s: %s[%u] still active\n", __func__, 1771 nt->nt_name, i); 1772 #endif 1773 FREE(nt->nt_keyixmap, M_80211_NODE); 1774 nt->nt_keyixmap = NULL; 1775 } 1776 IEEE80211_NODE_ITERATE_LOCK_DESTROY(nt); 1777 IEEE80211_NODE_LOCK_DESTROY(nt); 1778 } 1779 1780 /* 1781 * Timeout inactive stations and do related housekeeping. 1782 * Note that we cannot hold the node lock while sending a 1783 * frame as this would lead to a LOR. Instead we use a 1784 * generation number to mark nodes that we've scanned and 1785 * drop the lock and restart a scan if we have to time out 1786 * a node. Since we are single-threaded by virtue of 1787 * controlling the inactivity timer we can be sure this will 1788 * process each node only once. 1789 */ 1790 static void 1791 ieee80211_timeout_stations(struct ieee80211com *ic) 1792 { 1793 struct ieee80211_node_table *nt = &ic->ic_sta; 1794 struct ieee80211vap *vap; 1795 struct ieee80211_node *ni; 1796 int gen = 0; 1797 1798 IEEE80211_NODE_ITERATE_LOCK(nt); 1799 gen = ++nt->nt_scangen; 1800 restart: 1801 IEEE80211_NODE_LOCK(nt); 1802 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1803 if (ni->ni_scangen == gen) /* previously handled */ 1804 continue; 1805 ni->ni_scangen = gen; 1806 /* 1807 * Ignore entries for which have yet to receive an 1808 * authentication frame. These are transient and 1809 * will be reclaimed when the last reference to them 1810 * goes away (when frame xmits complete). 1811 */ 1812 vap = ni->ni_vap; 1813 /* 1814 * Only process stations when in RUN state. This 1815 * insures, for example, that we don't timeout an 1816 * inactive station during CAC. Note that CSA state 1817 * is actually handled in ieee80211_node_timeout as 1818 * it applies to more than timeout processing. 1819 */ 1820 if (vap->iv_state != IEEE80211_S_RUN) 1821 continue; 1822 /* XXX can vap be NULL? */ 1823 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 1824 vap->iv_opmode == IEEE80211_M_STA) && 1825 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1826 continue; 1827 /* 1828 * Free fragment if not needed anymore 1829 * (last fragment older than 1s). 1830 * XXX doesn't belong here, move to node_age 1831 */ 1832 if (ni->ni_rxfrag[0] != NULL && 1833 ticks > ni->ni_rxfragstamp + hz) { 1834 m_freem(ni->ni_rxfrag[0]); 1835 ni->ni_rxfrag[0] = NULL; 1836 } 1837 if (ni->ni_inact > 0) 1838 ni->ni_inact--; 1839 /* 1840 * Special case ourself; we may be idle for extended periods 1841 * of time and regardless reclaiming our state is wrong. 1842 * XXX run ic_node_age 1843 */ 1844 if (ni == vap->iv_bss) 1845 continue; 1846 if (ni->ni_associd != 0 || 1847 (vap->iv_opmode == IEEE80211_M_IBSS || 1848 vap->iv_opmode == IEEE80211_M_AHDEMO)) { 1849 /* 1850 * Age/drain resources held by the station. 1851 */ 1852 ic->ic_node_age(ni); 1853 /* 1854 * Probe the station before time it out. We 1855 * send a null data frame which may not be 1856 * universally supported by drivers (need it 1857 * for ps-poll support so it should be...). 1858 * 1859 * XXX don't probe the station unless we've 1860 * received a frame from them (and have 1861 * some idea of the rates they are capable 1862 * of); this will get fixed more properly 1863 * soon with better handling of the rate set. 1864 */ 1865 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 1866 (0 < ni->ni_inact && 1867 ni->ni_inact <= vap->iv_inact_probe) && 1868 ni->ni_rates.rs_nrates != 0) { 1869 IEEE80211_NOTE(vap, 1870 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, 1871 ni, "%s", 1872 "probe station due to inactivity"); 1873 /* 1874 * Grab a reference before unlocking the table 1875 * so the node cannot be reclaimed before we 1876 * send the frame. ieee80211_send_nulldata 1877 * understands we've done this and reclaims the 1878 * ref for us as needed. 1879 */ 1880 ieee80211_ref_node(ni); 1881 IEEE80211_NODE_UNLOCK(nt); 1882 ieee80211_send_nulldata(ni); 1883 /* XXX stat? */ 1884 goto restart; 1885 } 1886 } 1887 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 1888 ni->ni_inact <= 0) { 1889 IEEE80211_NOTE(vap, 1890 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni, 1891 "station timed out due to inactivity " 1892 "(refcnt %u)", ieee80211_node_refcnt(ni)); 1893 /* 1894 * Send a deauthenticate frame and drop the station. 1895 * This is somewhat complicated due to reference counts 1896 * and locking. At this point a station will typically 1897 * have a reference count of 1. ieee80211_node_leave 1898 * will do a "free" of the node which will drop the 1899 * reference count. But in the meantime a reference 1900 * wil be held by the deauth frame. The actual reclaim 1901 * of the node will happen either after the tx is 1902 * completed or by ieee80211_node_leave. 1903 * 1904 * Separately we must drop the node lock before sending 1905 * in case the driver takes a lock, as this can result 1906 * in a LOR between the node lock and the driver lock. 1907 */ 1908 ieee80211_ref_node(ni); 1909 IEEE80211_NODE_UNLOCK(nt); 1910 if (ni->ni_associd != 0) { 1911 IEEE80211_SEND_MGMT(ni, 1912 IEEE80211_FC0_SUBTYPE_DEAUTH, 1913 IEEE80211_REASON_AUTH_EXPIRE); 1914 } 1915 ieee80211_node_leave(ni); 1916 ieee80211_free_node(ni); 1917 vap->iv_stats.is_node_timeout++; 1918 goto restart; 1919 } 1920 } 1921 IEEE80211_NODE_UNLOCK(nt); 1922 1923 IEEE80211_NODE_ITERATE_UNLOCK(nt); 1924 } 1925 1926 /* 1927 * Aggressively reclaim resources. This should be used 1928 * only in a critical situation to reclaim mbuf resources. 1929 */ 1930 void 1931 ieee80211_drain(struct ieee80211com *ic) 1932 { 1933 struct ieee80211_node_table *nt = &ic->ic_sta; 1934 struct ieee80211vap *vap; 1935 struct ieee80211_node *ni; 1936 1937 IEEE80211_NODE_LOCK(nt); 1938 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1939 /* 1940 * Ignore entries for which have yet to receive an 1941 * authentication frame. These are transient and 1942 * will be reclaimed when the last reference to them 1943 * goes away (when frame xmits complete). 1944 */ 1945 vap = ni->ni_vap; 1946 /* 1947 * Only process stations when in RUN state. This 1948 * insures, for example, that we don't timeout an 1949 * inactive station during CAC. Note that CSA state 1950 * is actually handled in ieee80211_node_timeout as 1951 * it applies to more than timeout processing. 1952 */ 1953 if (vap->iv_state != IEEE80211_S_RUN) 1954 continue; 1955 /* XXX can vap be NULL? */ 1956 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 1957 vap->iv_opmode == IEEE80211_M_STA) && 1958 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1959 continue; 1960 /* 1961 * Free fragments. 1962 * XXX doesn't belong here, move to node_drain 1963 */ 1964 if (ni->ni_rxfrag[0] != NULL) { 1965 m_freem(ni->ni_rxfrag[0]); 1966 ni->ni_rxfrag[0] = NULL; 1967 } 1968 /* 1969 * Drain resources held by the station. 1970 */ 1971 ic->ic_node_drain(ni); 1972 } 1973 IEEE80211_NODE_UNLOCK(nt); 1974 } 1975 1976 /* 1977 * Per-ieee80211com inactivity timer callback. 1978 */ 1979 void 1980 ieee80211_node_timeout(void *arg) 1981 { 1982 struct ieee80211com *ic = arg; 1983 1984 /* 1985 * Defer timeout processing if a channel switch is pending. 1986 * We typically need to be mute so not doing things that 1987 * might generate frames is good to handle in one place. 1988 * Supressing the station timeout processing may extend the 1989 * lifetime of inactive stations (by not decrementing their 1990 * idle counters) but this should be ok unless the CSA is 1991 * active for an unusually long time. 1992 */ 1993 if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) { 1994 ieee80211_scan_timeout(ic); 1995 ieee80211_timeout_stations(ic); 1996 1997 IEEE80211_LOCK(ic); 1998 ieee80211_erp_timeout(ic); 1999 ieee80211_ht_timeout(ic); 2000 IEEE80211_UNLOCK(ic); 2001 } 2002 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 2003 ieee80211_node_timeout, ic); 2004 } 2005 2006 void 2007 ieee80211_iterate_nodes(struct ieee80211_node_table *nt, 2008 ieee80211_iter_func *f, void *arg) 2009 { 2010 struct ieee80211_node *ni; 2011 u_int gen; 2012 2013 IEEE80211_NODE_ITERATE_LOCK(nt); 2014 gen = ++nt->nt_scangen; 2015 restart: 2016 IEEE80211_NODE_LOCK(nt); 2017 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2018 if (ni->ni_scangen != gen) { 2019 ni->ni_scangen = gen; 2020 (void) ieee80211_ref_node(ni); 2021 IEEE80211_NODE_UNLOCK(nt); 2022 (*f)(arg, ni); 2023 ieee80211_free_node(ni); 2024 goto restart; 2025 } 2026 } 2027 IEEE80211_NODE_UNLOCK(nt); 2028 2029 IEEE80211_NODE_ITERATE_UNLOCK(nt); 2030 } 2031 2032 void 2033 ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 2034 { 2035 printf("0x%p: mac %s refcnt %d\n", ni, 2036 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2037 printf("\tscangen %u authmode %u flags 0x%x\n", 2038 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 2039 printf("\tassocid 0x%x txpower %u vlan %u\n", 2040 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2041 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2042 ni->ni_txseqs[IEEE80211_NONQOS_TID], 2043 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT, 2044 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK, 2045 ni->ni_rxfragstamp); 2046 printf("\trstamp %u rssi %d noise %d intval %u capinfo 0x%x\n", 2047 ni->ni_rstamp, node_getrssi(ni), ni->ni_noise, 2048 ni->ni_intval, ni->ni_capinfo); 2049 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 2050 ether_sprintf(ni->ni_bssid), 2051 ni->ni_esslen, ni->ni_essid, 2052 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2053 printf("\tinact %u txrate %u\n", 2054 ni->ni_inact, ni->ni_txrate); 2055 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n", 2056 ni->ni_htcap, ni->ni_htparam, 2057 ni->ni_htctlchan, ni->ni_ht2ndchan); 2058 printf("\thtopmode %x htstbc %x chw %u\n", 2059 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw); 2060 } 2061 2062 void 2063 ieee80211_dump_nodes(struct ieee80211_node_table *nt) 2064 { 2065 ieee80211_iterate_nodes(nt, 2066 (ieee80211_iter_func *) ieee80211_dump_node, nt); 2067 } 2068 2069 void 2070 ieee80211_notify_erp(struct ieee80211com *ic) 2071 { 2072 struct ieee80211vap *vap; 2073 2074 IEEE80211_LOCK_ASSERT(ic); 2075 2076 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) 2077 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2078 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP); 2079 } 2080 2081 /* 2082 * Handle a station joining an 11g network. 2083 */ 2084 static void 2085 ieee80211_node_join_11g(struct ieee80211_node *ni) 2086 { 2087 struct ieee80211com *ic = ni->ni_ic; 2088 2089 IEEE80211_LOCK_ASSERT(ic); 2090 2091 /* 2092 * Station isn't capable of short slot time. Bump 2093 * the count of long slot time stations and disable 2094 * use of short slot time. Note that the actual switch 2095 * over to long slot time use may not occur until the 2096 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2097 */ 2098 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2099 ic->ic_longslotsta++; 2100 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2101 "station needs long slot time, count %d", 2102 ic->ic_longslotsta); 2103 /* XXX vap's w/ conflicting needs won't work */ 2104 if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) { 2105 /* 2106 * Don't force slot time when switched to turbo 2107 * mode as non-ERP stations won't be present; this 2108 * need only be done when on the normal G channel. 2109 */ 2110 ieee80211_set_shortslottime(ic, 0); 2111 } 2112 } 2113 /* 2114 * If the new station is not an ERP station 2115 * then bump the counter and enable protection 2116 * if configured. 2117 */ 2118 if (!ieee80211_iserp_rateset(&ni->ni_rates)) { 2119 ic->ic_nonerpsta++; 2120 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2121 "station is !ERP, %d non-ERP stations associated", 2122 ic->ic_nonerpsta); 2123 /* 2124 * If station does not support short preamble 2125 * then we must enable use of Barker preamble. 2126 */ 2127 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2128 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2129 "%s", "station needs long preamble"); 2130 ic->ic_flags |= IEEE80211_F_USEBARKER; 2131 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2132 } 2133 /* 2134 * If protection is configured and this is the first 2135 * indication we should use protection, enable it. 2136 */ 2137 if (ic->ic_protmode != IEEE80211_PROT_NONE && 2138 ic->ic_nonerpsta == 1 && 2139 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2140 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2141 "%s: enable use of protection\n", __func__); 2142 ic->ic_flags |= IEEE80211_F_USEPROT; 2143 ieee80211_notify_erp(ic); 2144 } 2145 } else 2146 ni->ni_flags |= IEEE80211_NODE_ERP; 2147 } 2148 2149 void 2150 ieee80211_node_join(struct ieee80211_node *ni, int resp) 2151 { 2152 struct ieee80211com *ic = ni->ni_ic; 2153 struct ieee80211vap *vap = ni->ni_vap; 2154 int newassoc; 2155 2156 if (ni->ni_associd == 0) { 2157 uint16_t aid; 2158 2159 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap")); 2160 /* 2161 * It would be good to search the bitmap 2162 * more efficiently, but this will do for now. 2163 */ 2164 for (aid = 1; aid < vap->iv_max_aid; aid++) { 2165 if (!IEEE80211_AID_ISSET(vap, aid)) 2166 break; 2167 } 2168 if (aid >= vap->iv_max_aid) { 2169 IEEE80211_SEND_MGMT(ni, resp, 2170 IEEE80211_REASON_ASSOC_TOOMANY); 2171 ieee80211_node_leave(ni); 2172 return; 2173 } 2174 ni->ni_associd = aid | 0xc000; 2175 ni->ni_jointime = time_uptime; 2176 IEEE80211_LOCK(ic); 2177 IEEE80211_AID_SET(vap, ni->ni_associd); 2178 vap->iv_sta_assoc++; 2179 ic->ic_sta_assoc++; 2180 2181 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2182 ieee80211_ht_node_join(ni); 2183 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2184 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2185 ieee80211_node_join_11g(ni); 2186 IEEE80211_UNLOCK(ic); 2187 2188 newassoc = 1; 2189 } else 2190 newassoc = 0; 2191 2192 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2193 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s", 2194 IEEE80211_NODE_AID(ni), 2195 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2196 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2197 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2198 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "", 2199 ni->ni_flags & IEEE80211_NODE_HT ? 2200 (ni->ni_chw == 20 ? ", HT20" : ", HT40") : "", 2201 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "", 2202 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ? 2203 ", fast-frames" : "", 2204 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ? 2205 ", turbo" : "" 2206 ); 2207 2208 /* give driver a chance to setup state like ni_txrate */ 2209 if (ic->ic_newassoc != NULL) 2210 ic->ic_newassoc(ni, newassoc); 2211 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS); 2212 /* tell the authenticator about new station */ 2213 if (vap->iv_auth->ia_node_join != NULL) 2214 vap->iv_auth->ia_node_join(ni); 2215 ieee80211_notify_node_join(ni, 2216 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 2217 } 2218 2219 static void 2220 disable_protection(struct ieee80211com *ic) 2221 { 2222 KASSERT(ic->ic_nonerpsta == 0 && 2223 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0, 2224 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta, 2225 ic->ic_flags_ext)); 2226 2227 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2228 /* XXX verify mode? */ 2229 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2230 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 2231 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2232 } 2233 ieee80211_notify_erp(ic); 2234 } 2235 2236 /* 2237 * Handle a station leaving an 11g network. 2238 */ 2239 static void 2240 ieee80211_node_leave_11g(struct ieee80211_node *ni) 2241 { 2242 struct ieee80211com *ic = ni->ni_ic; 2243 2244 IEEE80211_LOCK_ASSERT(ic); 2245 2246 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan), 2247 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq, 2248 ic->ic_bsschan->ic_flags)); 2249 2250 /* 2251 * If a long slot station do the slot time bookkeeping. 2252 */ 2253 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2254 KASSERT(ic->ic_longslotsta > 0, 2255 ("bogus long slot station count %d", ic->ic_longslotsta)); 2256 ic->ic_longslotsta--; 2257 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2258 "long slot time station leaves, count now %d", 2259 ic->ic_longslotsta); 2260 if (ic->ic_longslotsta == 0) { 2261 /* 2262 * Re-enable use of short slot time if supported 2263 * and not operating in IBSS mode (per spec). 2264 */ 2265 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2266 ic->ic_opmode != IEEE80211_M_IBSS) { 2267 IEEE80211_DPRINTF(ni->ni_vap, 2268 IEEE80211_MSG_ASSOC, 2269 "%s: re-enable use of short slot time\n", 2270 __func__); 2271 ieee80211_set_shortslottime(ic, 1); 2272 } 2273 } 2274 } 2275 /* 2276 * If a non-ERP station do the protection-related bookkeeping. 2277 */ 2278 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2279 KASSERT(ic->ic_nonerpsta > 0, 2280 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2281 ic->ic_nonerpsta--; 2282 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2283 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta, 2284 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ? 2285 " (non-ERP sta present)" : ""); 2286 if (ic->ic_nonerpsta == 0 && 2287 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2288 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2289 "%s: disable use of protection\n", __func__); 2290 disable_protection(ic); 2291 } 2292 } 2293 } 2294 2295 /* 2296 * Time out presence of an overlapping bss with non-ERP 2297 * stations. When operating in hostap mode we listen for 2298 * beacons from other stations and if we identify a non-ERP 2299 * station is present we enable protection. To identify 2300 * when all non-ERP stations are gone we time out this 2301 * condition. 2302 */ 2303 static void 2304 ieee80211_erp_timeout(struct ieee80211com *ic) 2305 { 2306 2307 IEEE80211_LOCK_ASSERT(ic); 2308 2309 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) && 2310 time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) { 2311 #if 0 2312 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2313 "%s", "age out non-ERP sta present on channel"); 2314 #endif 2315 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR; 2316 if (ic->ic_nonerpsta == 0) 2317 disable_protection(ic); 2318 } 2319 } 2320 2321 /* 2322 * Handle bookkeeping for station deauthentication/disassociation 2323 * when operating as an ap. 2324 */ 2325 void 2326 ieee80211_node_leave(struct ieee80211_node *ni) 2327 { 2328 struct ieee80211com *ic = ni->ni_ic; 2329 struct ieee80211vap *vap = ni->ni_vap; 2330 struct ieee80211_node_table *nt = ni->ni_table; 2331 2332 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2333 "station with aid %d leaves", IEEE80211_NODE_AID(ni)); 2334 2335 KASSERT(vap->iv_opmode != IEEE80211_M_STA, 2336 ("unexpected operating mode %u", vap->iv_opmode)); 2337 /* 2338 * If node wasn't previously associated all 2339 * we need to do is reclaim the reference. 2340 */ 2341 /* XXX ibss mode bypasses 11g and notification */ 2342 if (ni->ni_associd == 0) 2343 goto done; 2344 /* 2345 * Tell the authenticator the station is leaving. 2346 * Note that we must do this before yanking the 2347 * association id as the authenticator uses the 2348 * associd to locate it's state block. 2349 */ 2350 if (vap->iv_auth->ia_node_leave != NULL) 2351 vap->iv_auth->ia_node_leave(ni); 2352 2353 IEEE80211_LOCK(ic); 2354 IEEE80211_AID_CLR(vap, ni->ni_associd); 2355 ni->ni_associd = 0; 2356 vap->iv_sta_assoc--; 2357 ic->ic_sta_assoc--; 2358 2359 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2360 ieee80211_ht_node_leave(ni); 2361 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2362 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2363 ieee80211_node_leave_11g(ni); 2364 IEEE80211_UNLOCK(ic); 2365 /* 2366 * Cleanup station state. In particular clear various 2367 * state that might otherwise be reused if the node 2368 * is reused before the reference count goes to zero 2369 * (and memory is reclaimed). 2370 */ 2371 ieee80211_sta_leave(ni); 2372 done: 2373 /* 2374 * Remove the node from any table it's recorded in and 2375 * drop the caller's reference. Removal from the table 2376 * is important to insure the node is not reprocessed 2377 * for inactivity. 2378 */ 2379 if (nt != NULL) { 2380 IEEE80211_NODE_LOCK(nt); 2381 node_reclaim(nt, ni); 2382 IEEE80211_NODE_UNLOCK(nt); 2383 } else 2384 ieee80211_free_node(ni); 2385 } 2386 2387 struct rssiinfo { 2388 struct ieee80211vap *vap; 2389 int rssi_samples; 2390 uint32_t rssi_total; 2391 }; 2392 2393 static void 2394 get_hostap_rssi(void *arg, struct ieee80211_node *ni) 2395 { 2396 struct rssiinfo *info = arg; 2397 struct ieee80211vap *vap = ni->ni_vap; 2398 int8_t rssi; 2399 2400 if (info->vap != vap) 2401 return; 2402 /* only associated stations */ 2403 if (ni->ni_associd == 0) 2404 return; 2405 rssi = vap->iv_ic->ic_node_getrssi(ni); 2406 if (rssi != 0) { 2407 info->rssi_samples++; 2408 info->rssi_total += rssi; 2409 } 2410 } 2411 2412 static void 2413 get_adhoc_rssi(void *arg, struct ieee80211_node *ni) 2414 { 2415 struct rssiinfo *info = arg; 2416 struct ieee80211vap *vap = ni->ni_vap; 2417 int8_t rssi; 2418 2419 if (info->vap != vap) 2420 return; 2421 /* only neighbors */ 2422 /* XXX check bssid */ 2423 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 2424 return; 2425 rssi = vap->iv_ic->ic_node_getrssi(ni); 2426 if (rssi != 0) { 2427 info->rssi_samples++; 2428 info->rssi_total += rssi; 2429 } 2430 } 2431 2432 int8_t 2433 ieee80211_getrssi(struct ieee80211vap *vap) 2434 { 2435 #define NZ(x) ((x) == 0 ? 1 : (x)) 2436 struct ieee80211com *ic = vap->iv_ic; 2437 struct rssiinfo info; 2438 2439 info.rssi_total = 0; 2440 info.rssi_samples = 0; 2441 info.vap = vap; 2442 switch (vap->iv_opmode) { 2443 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 2444 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 2445 ieee80211_iterate_nodes(&ic->ic_sta, get_adhoc_rssi, &info); 2446 break; 2447 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 2448 ieee80211_iterate_nodes(&ic->ic_sta, get_hostap_rssi, &info); 2449 break; 2450 case IEEE80211_M_MONITOR: /* XXX */ 2451 case IEEE80211_M_STA: /* use stats from associated ap */ 2452 default: 2453 if (vap->iv_bss != NULL) 2454 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss); 2455 info.rssi_samples = 1; 2456 break; 2457 } 2458 return info.rssi_total / NZ(info.rssi_samples); 2459 #undef NZ 2460 } 2461 2462 void 2463 ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise) 2464 { 2465 2466 if (vap->iv_bss == NULL) /* NB: shouldn't happen */ 2467 return; 2468 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise); 2469 /* for non-station mode return avg'd rssi accounting */ 2470 if (vap->iv_opmode != IEEE80211_M_STA) 2471 *rssi = ieee80211_getrssi(vap); 2472 } 2473