1 /*- 2 * Copyright (c) 2001 Atsushi Onoe 3 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #include "opt_wlan.h" 31 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/mbuf.h> 35 #include <sys/malloc.h> 36 #include <sys/kernel.h> 37 38 #include <sys/socket.h> 39 40 #include <net/if.h> 41 #include <net/if_var.h> 42 #include <net/if_media.h> 43 #include <net/ethernet.h> 44 45 #include <net80211/ieee80211_var.h> 46 #include <net80211/ieee80211_input.h> 47 #ifdef IEEE80211_SUPPORT_SUPERG 48 #include <net80211/ieee80211_superg.h> 49 #endif 50 #ifdef IEEE80211_SUPPORT_TDMA 51 #include <net80211/ieee80211_tdma.h> 52 #endif 53 #include <net80211/ieee80211_wds.h> 54 #include <net80211/ieee80211_mesh.h> 55 #include <net80211/ieee80211_ratectl.h> 56 #include <net80211/ieee80211_vht.h> 57 58 #include <net/bpf.h> 59 60 /* 61 * IEEE80211_NODE_HASHSIZE must be a power of 2. 62 */ 63 CTASSERT((IEEE80211_NODE_HASHSIZE & (IEEE80211_NODE_HASHSIZE-1)) == 0); 64 65 /* 66 * Association id's are managed with a bit vector. 67 */ 68 #define IEEE80211_AID_SET(_vap, b) \ 69 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \ 70 (1 << (IEEE80211_AID(b) % 32))) 71 #define IEEE80211_AID_CLR(_vap, b) \ 72 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \ 73 ~(1 << (IEEE80211_AID(b) % 32))) 74 #define IEEE80211_AID_ISSET(_vap, b) \ 75 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 76 77 static int ieee80211_sta_join1(struct ieee80211_node *); 78 79 static struct ieee80211_node *node_alloc(struct ieee80211vap *, 80 const uint8_t [IEEE80211_ADDR_LEN]); 81 static void node_cleanup(struct ieee80211_node *); 82 static void node_free(struct ieee80211_node *); 83 static void node_age(struct ieee80211_node *); 84 static int8_t node_getrssi(const struct ieee80211_node *); 85 static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *); 86 static void node_getmimoinfo(const struct ieee80211_node *, 87 struct ieee80211_mimo_info *); 88 89 static void _ieee80211_free_node(struct ieee80211_node *); 90 91 static void node_reclaim(struct ieee80211_node_table *nt, 92 struct ieee80211_node *ni); 93 static void ieee80211_node_table_init(struct ieee80211com *ic, 94 struct ieee80211_node_table *nt, const char *name, 95 int inact, int keymaxix); 96 static void ieee80211_node_table_reset(struct ieee80211_node_table *, 97 struct ieee80211vap *); 98 static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 99 static void ieee80211_erp_timeout(struct ieee80211com *); 100 101 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 102 MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie"); 103 104 void 105 ieee80211_node_attach(struct ieee80211com *ic) 106 { 107 /* XXX really want maxlen enforced per-sta */ 108 ieee80211_ageq_init(&ic->ic_stageq, ic->ic_max_keyix * 8, 109 "802.11 staging q"); 110 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 111 IEEE80211_INACT_INIT, ic->ic_max_keyix); 112 callout_init(&ic->ic_inact, 1); 113 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 114 ieee80211_node_timeout, ic); 115 116 ic->ic_node_alloc = node_alloc; 117 ic->ic_node_free = node_free; 118 ic->ic_node_cleanup = node_cleanup; 119 ic->ic_node_age = node_age; 120 ic->ic_node_drain = node_age; /* NB: same as age */ 121 ic->ic_node_getrssi = node_getrssi; 122 ic->ic_node_getsignal = node_getsignal; 123 ic->ic_node_getmimoinfo = node_getmimoinfo; 124 125 /* 126 * Set flags to be propagated to all vap's; 127 * these define default behaviour/configuration. 128 */ 129 ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */ 130 } 131 132 void 133 ieee80211_node_detach(struct ieee80211com *ic) 134 { 135 136 callout_drain(&ic->ic_inact); 137 ieee80211_node_table_cleanup(&ic->ic_sta); 138 ieee80211_ageq_cleanup(&ic->ic_stageq); 139 } 140 141 void 142 ieee80211_node_vattach(struct ieee80211vap *vap) 143 { 144 /* NB: driver can override */ 145 vap->iv_max_aid = IEEE80211_AID_DEF; 146 147 /* default station inactivity timer setings */ 148 vap->iv_inact_init = IEEE80211_INACT_INIT; 149 vap->iv_inact_auth = IEEE80211_INACT_AUTH; 150 vap->iv_inact_run = IEEE80211_INACT_RUN; 151 vap->iv_inact_probe = IEEE80211_INACT_PROBE; 152 153 IEEE80211_DPRINTF(vap, IEEE80211_MSG_INACT, 154 "%s: init %u auth %u run %u probe %u\n", __func__, 155 vap->iv_inact_init, vap->iv_inact_auth, 156 vap->iv_inact_run, vap->iv_inact_probe); 157 } 158 159 void 160 ieee80211_node_latevattach(struct ieee80211vap *vap) 161 { 162 if (vap->iv_opmode == IEEE80211_M_HOSTAP) { 163 /* XXX should we allow max aid to be zero? */ 164 if (vap->iv_max_aid < IEEE80211_AID_MIN) { 165 vap->iv_max_aid = IEEE80211_AID_MIN; 166 if_printf(vap->iv_ifp, 167 "WARNING: max aid too small, changed to %d\n", 168 vap->iv_max_aid); 169 } 170 vap->iv_aid_bitmap = (uint32_t *) IEEE80211_MALLOC( 171 howmany(vap->iv_max_aid, 32) * sizeof(uint32_t), 172 M_80211_NODE, 173 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 174 if (vap->iv_aid_bitmap == NULL) { 175 /* XXX no way to recover */ 176 printf("%s: no memory for AID bitmap, max aid %d!\n", 177 __func__, vap->iv_max_aid); 178 vap->iv_max_aid = 0; 179 } 180 } 181 182 ieee80211_reset_bss(vap); 183 184 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode); 185 } 186 187 void 188 ieee80211_node_vdetach(struct ieee80211vap *vap) 189 { 190 struct ieee80211com *ic = vap->iv_ic; 191 192 ieee80211_node_table_reset(&ic->ic_sta, vap); 193 if (vap->iv_bss != NULL) { 194 ieee80211_free_node(vap->iv_bss); 195 vap->iv_bss = NULL; 196 } 197 if (vap->iv_aid_bitmap != NULL) { 198 IEEE80211_FREE(vap->iv_aid_bitmap, M_80211_NODE); 199 vap->iv_aid_bitmap = NULL; 200 } 201 } 202 203 /* 204 * Port authorize/unauthorize interfaces for use by an authenticator. 205 */ 206 207 void 208 ieee80211_node_authorize(struct ieee80211_node *ni) 209 { 210 struct ieee80211vap *vap = ni->ni_vap; 211 212 ni->ni_flags |= IEEE80211_NODE_AUTH; 213 ni->ni_inact_reload = vap->iv_inact_run; 214 ni->ni_inact = ni->ni_inact_reload; 215 216 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 217 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 218 } 219 220 void 221 ieee80211_node_unauthorize(struct ieee80211_node *ni) 222 { 223 struct ieee80211vap *vap = ni->ni_vap; 224 225 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 226 ni->ni_inact_reload = vap->iv_inact_auth; 227 if (ni->ni_inact > ni->ni_inact_reload) 228 ni->ni_inact = ni->ni_inact_reload; 229 230 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 231 "%s: inact_reload %u inact %u", __func__, 232 ni->ni_inact_reload, ni->ni_inact); 233 } 234 235 /* 236 * Fix tx parameters for a node according to ``association state''. 237 */ 238 void 239 ieee80211_node_setuptxparms(struct ieee80211_node *ni) 240 { 241 struct ieee80211vap *vap = ni->ni_vap; 242 enum ieee80211_phymode mode; 243 244 if (ni->ni_flags & IEEE80211_NODE_HT) { 245 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan)) 246 mode = IEEE80211_MODE_11NA; 247 else 248 mode = IEEE80211_MODE_11NG; 249 } else { /* legacy rate handling */ 250 if (IEEE80211_IS_CHAN_ST(ni->ni_chan)) 251 mode = IEEE80211_MODE_STURBO_A; 252 else if (IEEE80211_IS_CHAN_HALF(ni->ni_chan)) 253 mode = IEEE80211_MODE_HALF; 254 else if (IEEE80211_IS_CHAN_QUARTER(ni->ni_chan)) 255 mode = IEEE80211_MODE_QUARTER; 256 /* NB: 108A should be handled as 11a */ 257 else if (IEEE80211_IS_CHAN_A(ni->ni_chan)) 258 mode = IEEE80211_MODE_11A; 259 else if (IEEE80211_IS_CHAN_108G(ni->ni_chan) || 260 (ni->ni_flags & IEEE80211_NODE_ERP)) 261 mode = IEEE80211_MODE_11G; 262 else 263 mode = IEEE80211_MODE_11B; 264 } 265 ni->ni_txparms = &vap->iv_txparms[mode]; 266 } 267 268 /* 269 * Set/change the channel. The rate set is also updated as 270 * to insure a consistent view by drivers. 271 * XXX should be private but hostap needs it to deal with CSA 272 */ 273 void 274 ieee80211_node_set_chan(struct ieee80211_node *ni, 275 struct ieee80211_channel *chan) 276 { 277 struct ieee80211com *ic = ni->ni_ic; 278 struct ieee80211vap *vap = ni->ni_vap; 279 enum ieee80211_phymode mode; 280 281 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel")); 282 283 ni->ni_chan = chan; 284 mode = ieee80211_chan2mode(chan); 285 if (IEEE80211_IS_CHAN_HT(chan)) { 286 /* 287 * We must install the legacy rate est in ni_rates and the 288 * HT rate set in ni_htrates. 289 */ 290 ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan); 291 /* 292 * Setup bss tx parameters based on operating mode. We 293 * use legacy rates when operating in a mixed HT+non-HT bss 294 * and non-ERP rates in 11g for mixed ERP+non-ERP bss. 295 */ 296 if (mode == IEEE80211_MODE_11NA && 297 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 298 mode = IEEE80211_MODE_11A; 299 else if (mode == IEEE80211_MODE_11NG && 300 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0) 301 mode = IEEE80211_MODE_11G; 302 if (mode == IEEE80211_MODE_11G && 303 (vap->iv_flags & IEEE80211_F_PUREG) == 0) 304 mode = IEEE80211_MODE_11B; 305 } 306 ni->ni_txparms = &vap->iv_txparms[mode]; 307 ni->ni_rates = *ieee80211_get_suprates(ic, chan); 308 } 309 310 static __inline void 311 copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 312 { 313 /* propagate useful state */ 314 nbss->ni_authmode = obss->ni_authmode; 315 nbss->ni_txpower = obss->ni_txpower; 316 nbss->ni_vlan = obss->ni_vlan; 317 /* XXX statistics? */ 318 /* XXX legacy WDS bssid? */ 319 } 320 321 void 322 ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan) 323 { 324 struct ieee80211com *ic = vap->iv_ic; 325 struct ieee80211_node *ni; 326 327 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 328 "%s: creating %s on channel %u%c flags 0x%08x\n", __func__, 329 ieee80211_opmode_name[vap->iv_opmode], 330 ieee80211_chan2ieee(ic, chan), 331 ieee80211_channel_type_char(chan), 332 chan->ic_flags); 333 334 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 335 if (ni == NULL) { 336 /* XXX recovery? */ 337 return; 338 } 339 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 340 ni->ni_esslen = vap->iv_des_ssid[0].len; 341 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 342 if (vap->iv_bss != NULL) 343 copy_bss(ni, vap->iv_bss); 344 ni->ni_intval = ic->ic_bintval; 345 if (vap->iv_flags & IEEE80211_F_PRIVACY) 346 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 347 if (ic->ic_phytype == IEEE80211_T_FH) { 348 ni->ni_fhdwell = 200; /* XXX */ 349 ni->ni_fhindex = 1; 350 } 351 if (vap->iv_opmode == IEEE80211_M_IBSS) { 352 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 353 if (vap->iv_flags & IEEE80211_F_DESBSSID) 354 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 355 else { 356 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN); 357 /* clear group bit, add local bit */ 358 ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02; 359 } 360 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 361 if (vap->iv_flags & IEEE80211_F_DESBSSID) 362 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid); 363 else 364 #ifdef IEEE80211_SUPPORT_TDMA 365 if ((vap->iv_caps & IEEE80211_C_TDMA) == 0) 366 #endif 367 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN); 368 #ifdef IEEE80211_SUPPORT_MESH 369 } else if (vap->iv_opmode == IEEE80211_M_MBSS) { 370 ni->ni_meshidlen = vap->iv_mesh->ms_idlen; 371 memcpy(ni->ni_meshid, vap->iv_mesh->ms_id, ni->ni_meshidlen); 372 #endif 373 } 374 /* 375 * Fix the channel and related attributes. 376 */ 377 /* clear DFS CAC state on previous channel */ 378 if (ic->ic_bsschan != IEEE80211_CHAN_ANYC && 379 ic->ic_bsschan->ic_freq != chan->ic_freq && 380 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan)) 381 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan); 382 ic->ic_bsschan = chan; 383 ieee80211_node_set_chan(ni, chan); 384 ic->ic_curmode = ieee80211_chan2mode(chan); 385 /* 386 * Do mode-specific setup. 387 */ 388 if (IEEE80211_IS_CHAN_FULL(chan)) { 389 if (IEEE80211_IS_CHAN_ANYG(chan)) { 390 /* 391 * Use a mixed 11b/11g basic rate set. 392 */ 393 ieee80211_setbasicrates(&ni->ni_rates, 394 IEEE80211_MODE_11G); 395 if (vap->iv_flags & IEEE80211_F_PUREG) { 396 /* 397 * Also mark OFDM rates basic so 11b 398 * stations do not join (WiFi compliance). 399 */ 400 ieee80211_addbasicrates(&ni->ni_rates, 401 IEEE80211_MODE_11A); 402 } 403 } else if (IEEE80211_IS_CHAN_B(chan)) { 404 /* 405 * Force pure 11b rate set. 406 */ 407 ieee80211_setbasicrates(&ni->ni_rates, 408 IEEE80211_MODE_11B); 409 } 410 } 411 412 /* XXX TODO: other bits and pieces - eg fast-frames? */ 413 414 /* If we're an 11n channel then initialise the 11n bits */ 415 if (IEEE80211_IS_CHAN_VHT(ni->ni_chan)) { 416 /* XXX what else? */ 417 ieee80211_ht_node_init(ni); 418 ieee80211_vht_node_init(ni); 419 } else if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) { 420 /* XXX what else? */ 421 ieee80211_ht_node_init(ni); 422 } 423 424 (void) ieee80211_sta_join1(ieee80211_ref_node(ni)); 425 } 426 427 /* 428 * Reset bss state on transition to the INIT state. 429 * Clear any stations from the table (they have been 430 * deauth'd) and reset the bss node (clears key, rate 431 * etc. state). 432 */ 433 void 434 ieee80211_reset_bss(struct ieee80211vap *vap) 435 { 436 struct ieee80211com *ic = vap->iv_ic; 437 struct ieee80211_node *ni, *obss; 438 439 ieee80211_node_table_reset(&ic->ic_sta, vap); 440 /* XXX multi-bss: wrong */ 441 ieee80211_reset_erp(ic); 442 443 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); 444 KASSERT(ni != NULL, ("unable to setup initial BSS node")); 445 obss = vap->iv_bss; 446 vap->iv_bss = ieee80211_ref_node(ni); 447 if (obss != NULL) { 448 copy_bss(ni, obss); 449 ni->ni_intval = ic->ic_bintval; 450 ieee80211_free_node(obss); 451 } else 452 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr); 453 } 454 455 static int 456 match_ssid(const struct ieee80211_node *ni, 457 int nssid, const struct ieee80211_scan_ssid ssids[]) 458 { 459 int i; 460 461 for (i = 0; i < nssid; i++) { 462 if (ni->ni_esslen == ssids[i].len && 463 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0) 464 return 1; 465 } 466 return 0; 467 } 468 469 /* 470 * Test a node for suitability/compatibility. 471 */ 472 static int 473 check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni) 474 { 475 struct ieee80211com *ic = ni->ni_ic; 476 uint8_t rate; 477 478 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 479 return 0; 480 if (vap->iv_opmode == IEEE80211_M_IBSS) { 481 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 482 return 0; 483 } else { 484 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 485 return 0; 486 } 487 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 488 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 489 return 0; 490 } else { 491 /* XXX does this mean privacy is supported or required? */ 492 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 493 return 0; 494 } 495 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 496 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 497 if (rate & IEEE80211_RATE_BASIC) 498 return 0; 499 if (vap->iv_des_nssid != 0 && 500 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 501 return 0; 502 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 503 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 504 return 0; 505 return 1; 506 } 507 508 #ifdef IEEE80211_DEBUG 509 /* 510 * Display node suitability/compatibility. 511 */ 512 static void 513 check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni) 514 { 515 struct ieee80211com *ic = ni->ni_ic; 516 uint8_t rate; 517 int fail; 518 519 fail = 0; 520 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 521 fail |= 0x01; 522 if (vap->iv_opmode == IEEE80211_M_IBSS) { 523 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 524 fail |= 0x02; 525 } else { 526 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 527 fail |= 0x02; 528 } 529 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 530 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 531 fail |= 0x04; 532 } else { 533 /* XXX does this mean privacy is supported or required? */ 534 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 535 fail |= 0x04; 536 } 537 rate = ieee80211_fix_rate(ni, &ni->ni_rates, 538 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 539 if (rate & IEEE80211_RATE_BASIC) 540 fail |= 0x08; 541 if (vap->iv_des_nssid != 0 && 542 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid)) 543 fail |= 0x10; 544 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 545 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid)) 546 fail |= 0x20; 547 548 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr)); 549 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' '); 550 printf(" %3d%c", 551 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' '); 552 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 553 fail & 0x08 ? '!' : ' '); 554 printf(" %4s%c", 555 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 556 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 557 "????", 558 fail & 0x02 ? '!' : ' '); 559 printf(" %3s%c ", 560 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no", 561 fail & 0x04 ? '!' : ' '); 562 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 563 printf("%s\n", fail & 0x10 ? "!" : ""); 564 } 565 #endif /* IEEE80211_DEBUG */ 566 567 568 int 569 ieee80211_ibss_merge_check(struct ieee80211_node *ni) 570 { 571 struct ieee80211vap *vap = ni->ni_vap; 572 573 if (ni == vap->iv_bss || 574 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) { 575 /* unchanged, nothing to do */ 576 return 0; 577 } 578 579 if (!check_bss(vap, ni)) { 580 /* capabilities mismatch */ 581 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 582 "%s: merge failed, capabilities mismatch\n", __func__); 583 #ifdef IEEE80211_DEBUG 584 if (ieee80211_msg_assoc(vap)) 585 check_bss_debug(vap, ni); 586 #endif 587 vap->iv_stats.is_ibss_capmismatch++; 588 return 0; 589 } 590 591 return 1; 592 } 593 594 /* 595 * Check if the given node should populate the node table. 596 * 597 * We need to be in "see all beacons for all ssids" mode in order 598 * to do IBSS merges, however this means we will populate nodes for 599 * /all/ IBSS SSIDs, versus just the one we care about. 600 * 601 * So this check ensures the node can actually belong to our IBSS 602 * configuration. For now it simply checks the SSID. 603 */ 604 int 605 ieee80211_ibss_node_check_new(struct ieee80211_node *ni, 606 const struct ieee80211_scanparams *scan) 607 { 608 struct ieee80211vap *vap = ni->ni_vap; 609 int i; 610 611 /* 612 * If we have no SSID and no scan SSID, return OK. 613 */ 614 if (vap->iv_des_nssid == 0 && scan->ssid == NULL) 615 goto ok; 616 617 /* 618 * If we have one of (SSID, scan SSID) then return error. 619 */ 620 if (!! (vap->iv_des_nssid == 0) != !! (scan->ssid == NULL)) 621 goto mismatch; 622 623 /* 624 * Double-check - we need scan SSID. 625 */ 626 if (scan->ssid == NULL) 627 goto mismatch; 628 629 /* 630 * Check if the scan SSID matches the SSID list for the VAP. 631 */ 632 for (i = 0; i < vap->iv_des_nssid; i++) { 633 634 /* Sanity length check */ 635 if (vap->iv_des_ssid[i].len != scan->ssid[1]) 636 continue; 637 638 /* Note: SSID in the scan entry is the IE format */ 639 if (memcmp(vap->iv_des_ssid[i].ssid, scan->ssid + 2, 640 vap->iv_des_ssid[i].len) == 0) 641 goto ok; 642 } 643 644 mismatch: 645 return (0); 646 ok: 647 return (1); 648 } 649 650 /* 651 * Handle 802.11 ad hoc network merge. The 652 * convention, set by the Wireless Ethernet Compatibility Alliance 653 * (WECA), is that an 802.11 station will change its BSSID to match 654 * the "oldest" 802.11 ad hoc network, on the same channel, that 655 * has the station's desired SSID. The "oldest" 802.11 network 656 * sends beacons with the greatest TSF timestamp. 657 * 658 * The caller is assumed to validate TSF's before attempting a merge. 659 * 660 * Return !0 if the BSSID changed, 0 otherwise. 661 */ 662 int 663 ieee80211_ibss_merge(struct ieee80211_node *ni) 664 { 665 #ifdef IEEE80211_DEBUG 666 struct ieee80211vap *vap = ni->ni_vap; 667 struct ieee80211com *ic = ni->ni_ic; 668 #endif 669 670 if (! ieee80211_ibss_merge_check(ni)) 671 return 0; 672 673 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 674 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 675 ether_sprintf(ni->ni_bssid), 676 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 677 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 678 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 679 ); 680 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 681 } 682 683 /* 684 * Calculate HT channel promotion flags for all vaps. 685 * This assumes ni_chan have been setup for each vap. 686 */ 687 static int 688 gethtadjustflags(struct ieee80211com *ic) 689 { 690 struct ieee80211vap *vap; 691 int flags; 692 693 flags = 0; 694 /* XXX locking */ 695 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 696 if (vap->iv_state < IEEE80211_S_RUN) 697 continue; 698 switch (vap->iv_opmode) { 699 case IEEE80211_M_WDS: 700 case IEEE80211_M_STA: 701 case IEEE80211_M_AHDEMO: 702 case IEEE80211_M_HOSTAP: 703 case IEEE80211_M_IBSS: 704 case IEEE80211_M_MBSS: 705 flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan); 706 break; 707 default: 708 break; 709 } 710 } 711 return flags; 712 } 713 714 /* 715 * Calculate VHT channel promotion flags for all vaps. 716 * This assumes ni_chan have been setup for each vap. 717 */ 718 static int 719 getvhtadjustflags(struct ieee80211com *ic) 720 { 721 struct ieee80211vap *vap; 722 int flags; 723 724 flags = 0; 725 /* XXX locking */ 726 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) { 727 if (vap->iv_state < IEEE80211_S_RUN) 728 continue; 729 switch (vap->iv_opmode) { 730 case IEEE80211_M_WDS: 731 case IEEE80211_M_STA: 732 case IEEE80211_M_AHDEMO: 733 case IEEE80211_M_HOSTAP: 734 case IEEE80211_M_IBSS: 735 case IEEE80211_M_MBSS: 736 flags |= ieee80211_vhtchanflags(vap->iv_bss->ni_chan); 737 break; 738 default: 739 break; 740 } 741 } 742 return flags; 743 } 744 745 /* 746 * Check if the current channel needs to change based on whether 747 * any vap's are using HT20/HT40. This is used to sync the state 748 * of ic_curchan after a channel width change on a running vap. 749 * 750 * Same applies for VHT. 751 */ 752 void 753 ieee80211_sync_curchan(struct ieee80211com *ic) 754 { 755 struct ieee80211_channel *c; 756 757 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic)); 758 c = ieee80211_vht_adjust_channel(ic, c, getvhtadjustflags(ic)); 759 760 if (c != ic->ic_curchan) { 761 ic->ic_curchan = c; 762 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 763 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 764 IEEE80211_UNLOCK(ic); 765 ic->ic_set_channel(ic); 766 ieee80211_radiotap_chan_change(ic); 767 IEEE80211_LOCK(ic); 768 } 769 } 770 771 /* 772 * Setup the current channel. The request channel may be 773 * promoted if other vap's are operating with HT20/HT40. 774 */ 775 void 776 ieee80211_setupcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 777 { 778 if (ic->ic_htcaps & IEEE80211_HTC_HT) { 779 int flags = gethtadjustflags(ic); 780 /* 781 * Check for channel promotion required to support the 782 * set of running vap's. This assumes we are called 783 * after ni_chan is setup for each vap. 784 */ 785 /* XXX VHT? */ 786 /* NB: this assumes IEEE80211_FHT_USEHT40 > IEEE80211_FHT_HT */ 787 if (flags > ieee80211_htchanflags(c)) 788 c = ieee80211_ht_adjust_channel(ic, c, flags); 789 } 790 791 /* 792 * VHT promotion - this will at least promote to VHT20/40 793 * based on what HT has done; it may further promote the 794 * channel to VHT80 or above. 795 */ 796 if (ic->ic_vhtcaps != 0) { 797 int flags = getvhtadjustflags(ic); 798 if (flags > ieee80211_vhtchanflags(c)) 799 c = ieee80211_vht_adjust_channel(ic, c, flags); 800 } 801 802 ic->ic_bsschan = ic->ic_curchan = c; 803 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); 804 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan); 805 } 806 807 /* 808 * Change the current channel. The channel change is guaranteed to have 809 * happened before the next state change. 810 */ 811 void 812 ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c) 813 { 814 ieee80211_setupcurchan(ic, c); 815 ieee80211_runtask(ic, &ic->ic_chan_task); 816 } 817 818 void 819 ieee80211_update_chw(struct ieee80211com *ic) 820 { 821 822 ieee80211_setupcurchan(ic, ic->ic_curchan); 823 ieee80211_runtask(ic, &ic->ic_chw_task); 824 } 825 826 /* 827 * Join the specified IBSS/BSS network. The node is assumed to 828 * be passed in with a held reference. 829 */ 830 static int 831 ieee80211_sta_join1(struct ieee80211_node *selbs) 832 { 833 struct ieee80211vap *vap = selbs->ni_vap; 834 struct ieee80211com *ic = selbs->ni_ic; 835 struct ieee80211_node *obss; 836 int canreassoc; 837 838 /* 839 * Committed to selbs, setup state. 840 */ 841 obss = vap->iv_bss; 842 /* 843 * Check if old+new node have the same address in which 844 * case we can reassociate when operating in sta mode. 845 */ 846 canreassoc = (obss != NULL && 847 vap->iv_state == IEEE80211_S_RUN && 848 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr)); 849 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt */ 850 if (obss != NULL) { 851 struct ieee80211_node_table *nt = obss->ni_table; 852 853 copy_bss(selbs, obss); 854 ieee80211_node_decref(obss); /* iv_bss reference */ 855 856 IEEE80211_NODE_LOCK(nt); 857 node_reclaim(nt, obss); /* station table reference */ 858 IEEE80211_NODE_UNLOCK(nt); 859 860 obss = NULL; /* NB: guard against later use */ 861 } 862 863 /* 864 * Delete unusable rates; we've already checked 865 * that the negotiated rate set is acceptable. 866 */ 867 ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates, 868 IEEE80211_F_DODEL | IEEE80211_F_JOIN); 869 870 ieee80211_setcurchan(ic, selbs->ni_chan); 871 /* 872 * Set the erp state (mostly the slot time) to deal with 873 * the auto-select case; this should be redundant if the 874 * mode is locked. 875 */ 876 ieee80211_reset_erp(ic); 877 ieee80211_wme_initparams(vap); 878 879 if (vap->iv_opmode == IEEE80211_M_STA) { 880 if (canreassoc) { 881 /* Reassociate */ 882 ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1); 883 } else { 884 /* 885 * Act as if we received a DEAUTH frame in case we 886 * are invoked from the RUN state. This will cause 887 * us to try to re-authenticate if we are operating 888 * as a station. 889 */ 890 ieee80211_new_state(vap, IEEE80211_S_AUTH, 891 IEEE80211_FC0_SUBTYPE_DEAUTH); 892 } 893 } else 894 ieee80211_new_state(vap, IEEE80211_S_RUN, -1); 895 return 1; 896 } 897 898 int 899 ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan, 900 const struct ieee80211_scan_entry *se) 901 { 902 struct ieee80211com *ic = vap->iv_ic; 903 struct ieee80211_node *ni; 904 int do_ht = 0; 905 906 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr); 907 if (ni == NULL) { 908 /* XXX msg */ 909 return 0; 910 } 911 912 /* 913 * Expand scan state into node's format. 914 * XXX may not need all this stuff 915 */ 916 IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid); 917 ni->ni_esslen = se->se_ssid[1]; 918 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen); 919 ni->ni_tstamp.tsf = se->se_tstamp.tsf; 920 ni->ni_intval = se->se_intval; 921 ni->ni_capinfo = se->se_capinfo; 922 ni->ni_chan = chan; 923 ni->ni_timoff = se->se_timoff; 924 ni->ni_fhdwell = se->se_fhdwell; 925 ni->ni_fhindex = se->se_fhindex; 926 ni->ni_erp = se->se_erp; 927 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi); 928 ni->ni_noise = se->se_noise; 929 if (vap->iv_opmode == IEEE80211_M_STA) { 930 /* NB: only infrastructure mode requires an associd */ 931 ni->ni_flags |= IEEE80211_NODE_ASSOCID; 932 } 933 934 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) { 935 ieee80211_ies_expand(&ni->ni_ies); 936 #ifdef IEEE80211_SUPPORT_SUPERG 937 if (ni->ni_ies.ath_ie != NULL) 938 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 939 #endif 940 if (ni->ni_ies.htcap_ie != NULL) 941 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 942 if (ni->ni_ies.htinfo_ie != NULL) 943 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 944 #ifdef IEEE80211_SUPPORT_MESH 945 if (ni->ni_ies.meshid_ie != NULL) 946 ieee80211_parse_meshid(ni, ni->ni_ies.meshid_ie); 947 #endif 948 #ifdef IEEE80211_SUPPORT_TDMA 949 if (ni->ni_ies.tdma_ie != NULL) 950 ieee80211_parse_tdma(ni, ni->ni_ies.tdma_ie); 951 #endif 952 if (ni->ni_ies.vhtcap_ie != NULL) 953 ieee80211_parse_vhtcap(ni, ni->ni_ies.vhtcap_ie); 954 if (ni->ni_ies.vhtopmode_ie != NULL) 955 ieee80211_parse_vhtopmode(ni, ni->ni_ies.vhtopmode_ie); 956 957 /* XXX parse BSSLOAD IE */ 958 /* XXX parse TXPWRENV IE */ 959 /* XXX parse APCHANREP IE */ 960 } 961 962 vap->iv_dtim_period = se->se_dtimperiod; 963 vap->iv_dtim_count = 0; 964 965 /* NB: must be after ni_chan is setup */ 966 ieee80211_setup_rates(ni, se->se_rates, se->se_xrates, 967 IEEE80211_F_DOSORT); 968 if (ieee80211_iserp_rateset(&ni->ni_rates)) 969 ni->ni_flags |= IEEE80211_NODE_ERP; 970 971 /* 972 * Setup HT state for this node if it's available, otherwise 973 * non-STA modes won't pick this state up. 974 * 975 * For IBSS and related modes that don't go through an 976 * association request/response, the only appropriate place 977 * to setup the HT state is here. 978 */ 979 if (ni->ni_ies.htinfo_ie != NULL && 980 ni->ni_ies.htcap_ie != NULL && 981 vap->iv_flags_ht & IEEE80211_FHT_HT) { 982 ieee80211_ht_node_init(ni); 983 ieee80211_ht_updateparams(ni, 984 ni->ni_ies.htcap_ie, 985 ni->ni_ies.htinfo_ie); 986 do_ht = 1; 987 } 988 989 /* 990 * Setup VHT state for this node if it's available. 991 * Same as the above. 992 * 993 * For now, don't allow 2GHz VHT operation. 994 */ 995 if (ni->ni_ies.vhtopmode_ie != NULL && 996 ni->ni_ies.vhtcap_ie != NULL && 997 vap->iv_flags_vht & IEEE80211_FVHT_VHT) { 998 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) { 999 printf("%s: BSS %6D: 2GHz channel, VHT info; ignoring\n", 1000 __func__, 1001 ni->ni_macaddr, 1002 ":"); 1003 } else { 1004 ieee80211_vht_node_init(ni); 1005 ieee80211_vht_updateparams(ni, 1006 ni->ni_ies.vhtcap_ie, 1007 ni->ni_ies.vhtopmode_ie); 1008 ieee80211_setup_vht_rates(ni, ni->ni_ies.vhtcap_ie, 1009 ni->ni_ies.vhtopmode_ie); 1010 do_ht = 1; 1011 } 1012 } 1013 1014 /* Finally do the node channel change */ 1015 if (do_ht) { 1016 ieee80211_ht_updateparams_final(ni, ni->ni_ies.htcap_ie, 1017 ni->ni_ies.htinfo_ie); 1018 ieee80211_setup_htrates(ni, ni->ni_ies.htcap_ie, 1019 IEEE80211_F_JOIN | IEEE80211_F_DOBRS); 1020 ieee80211_setup_basic_htrates(ni, ni->ni_ies.htinfo_ie); 1021 } 1022 1023 /* XXX else check for ath FF? */ 1024 /* XXX QoS? Difficult given that WME config is specific to a master */ 1025 1026 ieee80211_node_setuptxparms(ni); 1027 ieee80211_ratectl_node_init(ni); 1028 1029 return ieee80211_sta_join1(ieee80211_ref_node(ni)); 1030 } 1031 1032 /* 1033 * Leave the specified IBSS/BSS network. The node is assumed to 1034 * be passed in with a held reference. 1035 */ 1036 void 1037 ieee80211_sta_leave(struct ieee80211_node *ni) 1038 { 1039 struct ieee80211com *ic = ni->ni_ic; 1040 1041 ic->ic_node_cleanup(ni); 1042 ieee80211_notify_node_leave(ni); 1043 } 1044 1045 /* 1046 * Send a deauthenticate frame and drop the station. 1047 */ 1048 void 1049 ieee80211_node_deauth(struct ieee80211_node *ni, int reason) 1050 { 1051 /* NB: bump the refcnt to be sure temporary nodes are not reclaimed */ 1052 ieee80211_ref_node(ni); 1053 if (ni->ni_associd != 0) 1054 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason); 1055 ieee80211_node_leave(ni); 1056 ieee80211_free_node(ni); 1057 } 1058 1059 static struct ieee80211_node * 1060 node_alloc(struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1061 { 1062 struct ieee80211_node *ni; 1063 1064 ni = (struct ieee80211_node *) IEEE80211_MALLOC(sizeof(struct ieee80211_node), 1065 M_80211_NODE, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 1066 return ni; 1067 } 1068 1069 /* 1070 * Initialize an ie blob with the specified data. If previous 1071 * data exists re-use the data block. As a side effect we clear 1072 * all references to specific ie's; the caller is required to 1073 * recalculate them. 1074 */ 1075 int 1076 ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len) 1077 { 1078 /* NB: assumes data+len are the last fields */ 1079 memset(ies, 0, offsetof(struct ieee80211_ies, data)); 1080 if (ies->data != NULL && ies->len != len) { 1081 /* data size changed */ 1082 IEEE80211_FREE(ies->data, M_80211_NODE_IE); 1083 ies->data = NULL; 1084 } 1085 if (ies->data == NULL) { 1086 ies->data = (uint8_t *) IEEE80211_MALLOC(len, M_80211_NODE_IE, 1087 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 1088 if (ies->data == NULL) { 1089 ies->len = 0; 1090 /* NB: pointers have already been zero'd above */ 1091 return 0; 1092 } 1093 } 1094 memcpy(ies->data, data, len); 1095 ies->len = len; 1096 return 1; 1097 } 1098 1099 /* 1100 * Reclaim storage for an ie blob. 1101 */ 1102 void 1103 ieee80211_ies_cleanup(struct ieee80211_ies *ies) 1104 { 1105 if (ies->data != NULL) 1106 IEEE80211_FREE(ies->data, M_80211_NODE_IE); 1107 } 1108 1109 /* 1110 * Expand an ie blob data contents and to fillin individual 1111 * ie pointers. The data blob is assumed to be well-formed; 1112 * we don't do any validity checking of ie lengths. 1113 */ 1114 void 1115 ieee80211_ies_expand(struct ieee80211_ies *ies) 1116 { 1117 uint8_t *ie; 1118 int ielen; 1119 1120 ie = ies->data; 1121 ielen = ies->len; 1122 while (ielen > 0) { 1123 switch (ie[0]) { 1124 case IEEE80211_ELEMID_VENDOR: 1125 if (iswpaoui(ie)) 1126 ies->wpa_ie = ie; 1127 else if (iswmeoui(ie)) 1128 ies->wme_ie = ie; 1129 #ifdef IEEE80211_SUPPORT_SUPERG 1130 else if (isatherosoui(ie)) 1131 ies->ath_ie = ie; 1132 #endif 1133 #ifdef IEEE80211_SUPPORT_TDMA 1134 else if (istdmaoui(ie)) 1135 ies->tdma_ie = ie; 1136 #endif 1137 break; 1138 case IEEE80211_ELEMID_RSN: 1139 ies->rsn_ie = ie; 1140 break; 1141 case IEEE80211_ELEMID_HTCAP: 1142 ies->htcap_ie = ie; 1143 break; 1144 case IEEE80211_ELEMID_HTINFO: 1145 ies->htinfo_ie = ie; 1146 break; 1147 #ifdef IEEE80211_SUPPORT_MESH 1148 case IEEE80211_ELEMID_MESHID: 1149 ies->meshid_ie = ie; 1150 break; 1151 #endif 1152 case IEEE80211_ELEMID_VHT_CAP: 1153 ies->vhtcap_ie = ie; 1154 break; 1155 case IEEE80211_ELEMID_VHT_OPMODE: 1156 ies->vhtopmode_ie = ie; 1157 break; 1158 case IEEE80211_ELEMID_VHT_PWR_ENV: 1159 ies->vhtpwrenv_ie = ie; 1160 break; 1161 case IEEE80211_ELEMID_BSSLOAD: 1162 ies->bssload_ie = ie; 1163 break; 1164 case IEEE80211_ELEMID_APCHANREP: 1165 ies->apchanrep_ie = ie; 1166 break; 1167 } 1168 ielen -= 2 + ie[1]; 1169 ie += 2 + ie[1]; 1170 } 1171 } 1172 1173 /* 1174 * Reclaim any resources in a node and reset any critical 1175 * state. Typically nodes are free'd immediately after, 1176 * but in some cases the storage may be reused so we need 1177 * to insure consistent state (should probably fix that). 1178 */ 1179 static void 1180 node_cleanup(struct ieee80211_node *ni) 1181 { 1182 struct ieee80211vap *vap = ni->ni_vap; 1183 struct ieee80211com *ic = ni->ni_ic; 1184 int i; 1185 1186 /* NB: preserve ni_table */ 1187 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 1188 if (vap->iv_opmode != IEEE80211_M_STA) 1189 vap->iv_ps_sta--; 1190 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 1191 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni, 1192 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta); 1193 } 1194 /* 1195 * Cleanup any VHT and HT-related state. 1196 */ 1197 if (ni->ni_flags & IEEE80211_NODE_VHT) 1198 ieee80211_vht_node_cleanup(ni); 1199 if (ni->ni_flags & IEEE80211_NODE_HT) 1200 ieee80211_ht_node_cleanup(ni); 1201 #ifdef IEEE80211_SUPPORT_SUPERG 1202 /* Always do FF node cleanup; for A-MSDU */ 1203 ieee80211_ff_node_cleanup(ni); 1204 #endif 1205 #ifdef IEEE80211_SUPPORT_MESH 1206 /* 1207 * Cleanup any mesh-related state. 1208 */ 1209 if (vap->iv_opmode == IEEE80211_M_MBSS) 1210 ieee80211_mesh_node_cleanup(ni); 1211 #endif 1212 /* 1213 * Clear any staging queue entries. 1214 */ 1215 ieee80211_ageq_drain_node(&ic->ic_stageq, ni); 1216 1217 /* 1218 * Clear AREF flag that marks the authorization refcnt bump 1219 * has happened. This is probably not needed as the node 1220 * should always be removed from the table so not found but 1221 * do it just in case. 1222 * Likewise clear the ASSOCID flag as these flags are intended 1223 * to be managed in tandem. 1224 */ 1225 ni->ni_flags &= ~(IEEE80211_NODE_AREF | IEEE80211_NODE_ASSOCID); 1226 1227 /* 1228 * Drain power save queue and, if needed, clear TIM. 1229 */ 1230 if (ieee80211_node_psq_drain(ni) != 0 && vap->iv_set_tim != NULL) 1231 vap->iv_set_tim(ni, 0); 1232 1233 ni->ni_associd = 0; 1234 if (ni->ni_challenge != NULL) { 1235 IEEE80211_FREE(ni->ni_challenge, M_80211_NODE); 1236 ni->ni_challenge = NULL; 1237 } 1238 /* 1239 * Preserve SSID, WPA, and WME ie's so the bss node is 1240 * reusable during a re-auth/re-assoc state transition. 1241 * If we remove these data they will not be recreated 1242 * because they come from a probe-response or beacon frame 1243 * which cannot be expected prior to the association-response. 1244 * This should not be an issue when operating in other modes 1245 * as stations leaving always go through a full state transition 1246 * which will rebuild this state. 1247 * 1248 * XXX does this leave us open to inheriting old state? 1249 */ 1250 for (i = 0; i < nitems(ni->ni_rxfrag); i++) 1251 if (ni->ni_rxfrag[i] != NULL) { 1252 m_freem(ni->ni_rxfrag[i]); 1253 ni->ni_rxfrag[i] = NULL; 1254 } 1255 /* 1256 * Must be careful here to remove any key map entry w/o a LOR. 1257 */ 1258 ieee80211_node_delucastkey(ni); 1259 } 1260 1261 static void 1262 node_free(struct ieee80211_node *ni) 1263 { 1264 struct ieee80211com *ic = ni->ni_ic; 1265 1266 ieee80211_ratectl_node_deinit(ni); 1267 ic->ic_node_cleanup(ni); 1268 ieee80211_ies_cleanup(&ni->ni_ies); 1269 ieee80211_psq_cleanup(&ni->ni_psq); 1270 IEEE80211_FREE(ni, M_80211_NODE); 1271 } 1272 1273 static void 1274 node_age(struct ieee80211_node *ni) 1275 { 1276 struct ieee80211vap *vap = ni->ni_vap; 1277 1278 /* 1279 * Age frames on the power save queue. 1280 */ 1281 if (ieee80211_node_psq_age(ni) != 0 && 1282 ni->ni_psq.psq_len == 0 && vap->iv_set_tim != NULL) 1283 vap->iv_set_tim(ni, 0); 1284 /* 1285 * Age out HT resources (e.g. frames on the 1286 * A-MPDU reorder queues). 1287 */ 1288 if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT)) 1289 ieee80211_ht_node_age(ni); 1290 } 1291 1292 static int8_t 1293 node_getrssi(const struct ieee80211_node *ni) 1294 { 1295 uint32_t avgrssi = ni->ni_avgrssi; 1296 int32_t rssi; 1297 1298 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) 1299 return 0; 1300 rssi = IEEE80211_RSSI_GET(avgrssi); 1301 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 1302 } 1303 1304 static void 1305 node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise) 1306 { 1307 *rssi = node_getrssi(ni); 1308 *noise = ni->ni_noise; 1309 } 1310 1311 static void 1312 node_getmimoinfo(const struct ieee80211_node *ni, 1313 struct ieee80211_mimo_info *info) 1314 { 1315 int i; 1316 uint32_t avgrssi; 1317 int32_t rssi; 1318 1319 bzero(info, sizeof(*info)); 1320 1321 for (i = 0; i < ni->ni_mimo_chains; i++) { 1322 avgrssi = ni->ni_mimo_rssi_ctl[i]; 1323 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) { 1324 info->rssi[i] = 0; 1325 } else { 1326 rssi = IEEE80211_RSSI_GET(avgrssi); 1327 info->rssi[i] = rssi < 0 ? 0 : rssi > 127 ? 127 : rssi; 1328 } 1329 info->noise[i] = ni->ni_mimo_noise_ctl[i]; 1330 } 1331 1332 /* XXX ext radios? */ 1333 1334 /* XXX EVM? */ 1335 } 1336 1337 static void 1338 ieee80211_add_node_nt(struct ieee80211_node_table *nt, 1339 struct ieee80211_node *ni) 1340 { 1341 struct ieee80211com *ic = nt->nt_ic; 1342 int hash; 1343 1344 IEEE80211_NODE_LOCK_ASSERT(nt); 1345 1346 hash = IEEE80211_NODE_HASH(ic, ni->ni_macaddr); 1347 (void) ic; /* XXX IEEE80211_NODE_HASH */ 1348 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 1349 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 1350 nt->nt_count++; 1351 ni->ni_table = nt; 1352 } 1353 1354 static void 1355 ieee80211_del_node_nt(struct ieee80211_node_table *nt, 1356 struct ieee80211_node *ni) 1357 { 1358 1359 IEEE80211_NODE_LOCK_ASSERT(nt); 1360 1361 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1362 LIST_REMOVE(ni, ni_hash); 1363 nt->nt_count--; 1364 KASSERT(nt->nt_count >= 0, 1365 ("nt_count is negative (%d)!\n", nt->nt_count)); 1366 ni->ni_table = NULL; 1367 } 1368 1369 struct ieee80211_node * 1370 ieee80211_alloc_node(struct ieee80211_node_table *nt, 1371 struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1372 { 1373 struct ieee80211com *ic = nt->nt_ic; 1374 struct ieee80211_node *ni; 1375 1376 ni = ic->ic_node_alloc(vap, macaddr); 1377 if (ni == NULL) { 1378 vap->iv_stats.is_rx_nodealloc++; 1379 return NULL; 1380 } 1381 1382 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1383 "%s %p<%s> in %s table\n", __func__, ni, 1384 ether_sprintf(macaddr), nt->nt_name); 1385 1386 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1387 ieee80211_node_initref(ni); /* mark referenced */ 1388 ni->ni_chan = IEEE80211_CHAN_ANYC; 1389 ni->ni_authmode = IEEE80211_AUTH_OPEN; 1390 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 1391 ni->ni_txparms = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)]; 1392 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 1393 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER; 1394 ni->ni_inact_reload = nt->nt_inact_init; 1395 ni->ni_inact = ni->ni_inact_reload; 1396 ni->ni_ath_defkeyix = 0x7fff; 1397 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1398 #ifdef IEEE80211_SUPPORT_MESH 1399 if (vap->iv_opmode == IEEE80211_M_MBSS) 1400 ieee80211_mesh_node_init(vap, ni); 1401 #endif 1402 IEEE80211_NODE_LOCK(nt); 1403 ieee80211_add_node_nt(nt, ni); 1404 ni->ni_vap = vap; 1405 ni->ni_ic = ic; 1406 IEEE80211_NODE_UNLOCK(nt); 1407 1408 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 1409 "%s: inact_reload %u", __func__, ni->ni_inact_reload); 1410 1411 ieee80211_ratectl_node_init(ni); 1412 1413 return ni; 1414 } 1415 1416 /* 1417 * Craft a temporary node suitable for sending a management frame 1418 * to the specified station. We craft only as much state as we 1419 * need to do the work since the node will be immediately reclaimed 1420 * once the send completes. 1421 */ 1422 struct ieee80211_node * 1423 ieee80211_tmp_node(struct ieee80211vap *vap, 1424 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1425 { 1426 struct ieee80211com *ic = vap->iv_ic; 1427 struct ieee80211_node *ni; 1428 1429 ni = ic->ic_node_alloc(vap, macaddr); 1430 if (ni != NULL) { 1431 struct ieee80211_node *bss = vap->iv_bss; 1432 1433 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 1434 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1435 1436 ni->ni_table = NULL; /* NB: pedantic */ 1437 ni->ni_ic = ic; /* NB: needed to set channel */ 1438 ni->ni_vap = vap; 1439 1440 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1441 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1442 ieee80211_node_initref(ni); /* mark referenced */ 1443 /* NB: required by ieee80211_fix_rate */ 1444 ieee80211_node_set_chan(ni, bss->ni_chan); 1445 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, 1446 IEEE80211_KEYIX_NONE); 1447 ni->ni_txpower = bss->ni_txpower; 1448 /* XXX optimize away */ 1449 ieee80211_psq_init(&ni->ni_psq, "unknown"); 1450 1451 ieee80211_ratectl_node_init(ni); 1452 } else { 1453 /* XXX msg */ 1454 vap->iv_stats.is_rx_nodealloc++; 1455 } 1456 return ni; 1457 } 1458 1459 struct ieee80211_node * 1460 ieee80211_dup_bss(struct ieee80211vap *vap, 1461 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1462 { 1463 struct ieee80211com *ic = vap->iv_ic; 1464 struct ieee80211_node *ni; 1465 1466 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr); 1467 if (ni != NULL) { 1468 struct ieee80211_node *bss = vap->iv_bss; 1469 /* 1470 * Inherit from iv_bss. 1471 */ 1472 copy_bss(ni, bss); 1473 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid); 1474 ieee80211_node_set_chan(ni, bss->ni_chan); 1475 } 1476 return ni; 1477 } 1478 1479 /* 1480 * Create a bss node for a legacy WDS vap. The far end does 1481 * not associate so we just create create a new node and 1482 * simulate an association. The caller is responsible for 1483 * installing the node as the bss node and handling any further 1484 * setup work like authorizing the port. 1485 */ 1486 struct ieee80211_node * 1487 ieee80211_node_create_wds(struct ieee80211vap *vap, 1488 const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan) 1489 { 1490 struct ieee80211com *ic = vap->iv_ic; 1491 struct ieee80211_node *ni; 1492 1493 /* XXX check if node already in sta table? */ 1494 ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid); 1495 if (ni != NULL) { 1496 ni->ni_wdsvap = vap; 1497 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid); 1498 /* 1499 * Inherit any manually configured settings. 1500 */ 1501 copy_bss(ni, vap->iv_bss); 1502 ieee80211_node_set_chan(ni, chan); 1503 /* NB: propagate ssid so available to WPA supplicant */ 1504 ni->ni_esslen = vap->iv_des_ssid[0].len; 1505 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen); 1506 /* NB: no associd for peer */ 1507 /* 1508 * There are no management frames to use to 1509 * discover neighbor capabilities, so blindly 1510 * propagate the local configuration. 1511 */ 1512 if (vap->iv_flags & IEEE80211_F_WME) 1513 ni->ni_flags |= IEEE80211_NODE_QOS; 1514 #ifdef IEEE80211_SUPPORT_SUPERG 1515 if (vap->iv_flags & IEEE80211_F_FF) 1516 ni->ni_flags |= IEEE80211_NODE_FF; 1517 #endif 1518 /* XXX VHT */ 1519 if ((ic->ic_htcaps & IEEE80211_HTC_HT) && 1520 (vap->iv_flags_ht & IEEE80211_FHT_HT)) { 1521 /* 1522 * Device is HT-capable and HT is enabled for 1523 * the vap; setup HT operation. On return 1524 * ni_chan will be adjusted to an HT channel. 1525 */ 1526 ieee80211_ht_wds_init(ni); 1527 if (vap->iv_flags_vht & IEEE80211_FVHT_VHT) { 1528 printf("%s: TODO: vht_wds_init\n", __func__); 1529 } 1530 } else { 1531 struct ieee80211_channel *c = ni->ni_chan; 1532 /* 1533 * Force a legacy channel to be used. 1534 */ 1535 c = ieee80211_find_channel(ic, 1536 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT); 1537 KASSERT(c != NULL, ("no legacy channel, %u/%x", 1538 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags)); 1539 ni->ni_chan = c; 1540 } 1541 } 1542 return ni; 1543 } 1544 1545 struct ieee80211_node * 1546 #ifdef IEEE80211_DEBUG_REFCNT 1547 ieee80211_find_node_locked_debug(struct ieee80211_node_table *nt, 1548 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1549 #else 1550 ieee80211_find_node_locked(struct ieee80211_node_table *nt, 1551 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1552 #endif 1553 { 1554 struct ieee80211_node *ni; 1555 int hash; 1556 1557 IEEE80211_NODE_LOCK_ASSERT(nt); 1558 1559 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr); 1560 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1561 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1562 ieee80211_ref_node(ni); /* mark referenced */ 1563 #ifdef IEEE80211_DEBUG_REFCNT 1564 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1565 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1566 func, line, 1567 ni, ether_sprintf(ni->ni_macaddr), 1568 ieee80211_node_refcnt(ni)); 1569 #endif 1570 return ni; 1571 } 1572 } 1573 return NULL; 1574 } 1575 1576 struct ieee80211_node * 1577 #ifdef IEEE80211_DEBUG_REFCNT 1578 ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1579 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1580 #else 1581 ieee80211_find_node(struct ieee80211_node_table *nt, 1582 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1583 #endif 1584 { 1585 struct ieee80211_node *ni; 1586 1587 IEEE80211_NODE_LOCK(nt); 1588 ni = ieee80211_find_node_locked(nt, macaddr); 1589 IEEE80211_NODE_UNLOCK(nt); 1590 return ni; 1591 } 1592 1593 struct ieee80211_node * 1594 #ifdef IEEE80211_DEBUG_REFCNT 1595 ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table *nt, 1596 const struct ieee80211vap *vap, 1597 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1598 #else 1599 ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt, 1600 const struct ieee80211vap *vap, 1601 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1602 #endif 1603 { 1604 struct ieee80211_node *ni; 1605 int hash; 1606 1607 IEEE80211_NODE_LOCK_ASSERT(nt); 1608 1609 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr); 1610 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1611 if (ni->ni_vap == vap && 1612 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1613 ieee80211_ref_node(ni); /* mark referenced */ 1614 #ifdef IEEE80211_DEBUG_REFCNT 1615 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 1616 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1617 func, line, 1618 ni, ether_sprintf(ni->ni_macaddr), 1619 ieee80211_node_refcnt(ni)); 1620 #endif 1621 return ni; 1622 } 1623 } 1624 return NULL; 1625 } 1626 1627 struct ieee80211_node * 1628 #ifdef IEEE80211_DEBUG_REFCNT 1629 ieee80211_find_vap_node_debug(struct ieee80211_node_table *nt, 1630 const struct ieee80211vap *vap, 1631 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line) 1632 #else 1633 ieee80211_find_vap_node(struct ieee80211_node_table *nt, 1634 const struct ieee80211vap *vap, 1635 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1636 #endif 1637 { 1638 struct ieee80211_node *ni; 1639 1640 IEEE80211_NODE_LOCK(nt); 1641 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr); 1642 IEEE80211_NODE_UNLOCK(nt); 1643 return ni; 1644 } 1645 1646 /* 1647 * Fake up a node; this handles node discovery in adhoc mode. 1648 * Note that for the driver's benefit we we treat this like 1649 * an association so the driver has an opportunity to setup 1650 * it's private state. 1651 */ 1652 struct ieee80211_node * 1653 ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap, 1654 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1655 { 1656 struct ieee80211_node *ni; 1657 1658 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE | IEEE80211_MSG_ASSOC, 1659 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr)); 1660 ni = ieee80211_dup_bss(vap, macaddr); 1661 if (ni != NULL) { 1662 struct ieee80211com *ic = vap->iv_ic; 1663 1664 /* XXX no rate negotiation; just dup */ 1665 ni->ni_rates = vap->iv_bss->ni_rates; 1666 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1667 ni->ni_flags |= IEEE80211_NODE_ERP; 1668 if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 1669 /* 1670 * In adhoc demo mode there are no management 1671 * frames to use to discover neighbor capabilities, 1672 * so blindly propagate the local configuration 1673 * so we can do interesting things (e.g. use 1674 * WME to disable ACK's). 1675 */ 1676 /* 1677 * XXX TODO: 11n? 1678 */ 1679 if (vap->iv_flags & IEEE80211_F_WME) 1680 ni->ni_flags |= IEEE80211_NODE_QOS; 1681 #ifdef IEEE80211_SUPPORT_SUPERG 1682 if (vap->iv_flags & IEEE80211_F_FF) 1683 ni->ni_flags |= IEEE80211_NODE_FF; 1684 #endif 1685 } 1686 ieee80211_node_setuptxparms(ni); 1687 ieee80211_ratectl_node_init(ni); 1688 1689 /* 1690 * XXX TODO: 11n? At least 20MHz, at least A-MPDU RX, 1691 * not A-MPDU TX; not 11n rates, etc. We'll cycle 1692 * that after we hear that we can indeed do 11n 1693 * (either by a beacon frame or by a probe response.) 1694 */ 1695 1696 /* 1697 * This is the first time we see the node. 1698 */ 1699 if (ic->ic_newassoc != NULL) 1700 ic->ic_newassoc(ni, 1); 1701 1702 /* 1703 * Kick off a probe request to the given node; 1704 * we will then use the probe response to update 1705 * 11n/etc configuration state. 1706 * 1707 * XXX TODO: this isn't guaranteed, and until we get 1708 * a probe response, we won't be able to actually 1709 * do anything 802.11n related to the node. 1710 * So if this does indeed work, maybe we should hold 1711 * off on sending responses until we get the probe 1712 * response, or just default to some sensible subset 1713 * of 802.11n behaviour (eg always allow aggregation 1714 * negotiation TO us, but not FROM us, etc) so we 1715 * aren't entirely busted. 1716 */ 1717 if (vap->iv_opmode == IEEE80211_M_IBSS) { 1718 ieee80211_send_probereq(ni, /* node */ 1719 vap->iv_myaddr, /* SA */ 1720 ni->ni_macaddr, /* DA */ 1721 vap->iv_bss->ni_bssid, /* BSSID */ 1722 vap->iv_bss->ni_essid, 1723 vap->iv_bss->ni_esslen); /* SSID */ 1724 } 1725 1726 /* XXX not right for 802.1x/WPA */ 1727 ieee80211_node_authorize(ni); 1728 } 1729 return ni; 1730 } 1731 1732 void 1733 ieee80211_init_neighbor(struct ieee80211_node *ni, 1734 const struct ieee80211_frame *wh, 1735 const struct ieee80211_scanparams *sp) 1736 { 1737 int do_ht_setup = 0, do_vht_setup = 0; 1738 1739 ni->ni_esslen = sp->ssid[1]; 1740 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1741 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1742 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1743 ni->ni_intval = sp->bintval; 1744 ni->ni_capinfo = sp->capinfo; 1745 ni->ni_chan = ni->ni_ic->ic_curchan; 1746 ni->ni_fhdwell = sp->fhdwell; 1747 ni->ni_fhindex = sp->fhindex; 1748 ni->ni_erp = sp->erp; 1749 ni->ni_timoff = sp->timoff; 1750 #ifdef IEEE80211_SUPPORT_MESH 1751 if (ni->ni_vap->iv_opmode == IEEE80211_M_MBSS) 1752 ieee80211_mesh_init_neighbor(ni, wh, sp); 1753 #endif 1754 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) { 1755 ieee80211_ies_expand(&ni->ni_ies); 1756 if (ni->ni_ies.wme_ie != NULL) 1757 ni->ni_flags |= IEEE80211_NODE_QOS; 1758 else 1759 ni->ni_flags &= ~IEEE80211_NODE_QOS; 1760 #ifdef IEEE80211_SUPPORT_SUPERG 1761 if (ni->ni_ies.ath_ie != NULL) 1762 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie); 1763 #endif 1764 if (ni->ni_ies.htcap_ie != NULL) 1765 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie); 1766 if (ni->ni_ies.htinfo_ie != NULL) 1767 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie); 1768 1769 if (ni->ni_ies.vhtcap_ie != NULL) 1770 ieee80211_parse_vhtcap(ni, ni->ni_ies.vhtcap_ie); 1771 if (ni->ni_ies.vhtopmode_ie != NULL) 1772 ieee80211_parse_vhtopmode(ni, ni->ni_ies.vhtopmode_ie); 1773 1774 if ((ni->ni_ies.htcap_ie != NULL) && 1775 (ni->ni_ies.htinfo_ie != NULL) && 1776 (ni->ni_vap->iv_flags_ht & IEEE80211_FHT_HT)) { 1777 do_ht_setup = 1; 1778 } 1779 1780 if ((ni->ni_ies.vhtcap_ie != NULL) && 1781 (ni->ni_ies.vhtopmode_ie != NULL) && 1782 (ni->ni_vap->iv_flags_vht & IEEE80211_FVHT_VHT)) { 1783 do_vht_setup = 1; 1784 } 1785 1786 } 1787 1788 /* NB: must be after ni_chan is setup */ 1789 ieee80211_setup_rates(ni, sp->rates, sp->xrates, 1790 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1791 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1792 1793 /* 1794 * If the neighbor is HT compatible, flip that on. 1795 */ 1796 if (do_ht_setup) { 1797 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 1798 "%s: doing HT setup\n", __func__); 1799 ieee80211_ht_node_init(ni); 1800 ieee80211_ht_updateparams(ni, 1801 ni->ni_ies.htcap_ie, 1802 ni->ni_ies.htinfo_ie); 1803 1804 if (do_vht_setup) { 1805 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) { 1806 printf("%s: BSS %6D: 2GHz channel, VHT info; ignoring\n", 1807 __func__, 1808 ni->ni_macaddr, 1809 ":"); 1810 } else { 1811 ieee80211_vht_node_init(ni); 1812 ieee80211_vht_updateparams(ni, 1813 ni->ni_ies.vhtcap_ie, 1814 ni->ni_ies.vhtopmode_ie); 1815 ieee80211_setup_vht_rates(ni, 1816 ni->ni_ies.vhtcap_ie, 1817 ni->ni_ies.vhtopmode_ie); 1818 } 1819 } 1820 1821 /* 1822 * Finally do the channel upgrade/change based 1823 * on the HT/VHT configuration. 1824 */ 1825 ieee80211_ht_updateparams_final(ni, ni->ni_ies.htcap_ie, 1826 ni->ni_ies.htinfo_ie); 1827 ieee80211_setup_htrates(ni, 1828 ni->ni_ies.htcap_ie, 1829 IEEE80211_F_JOIN | IEEE80211_F_DOBRS); 1830 ieee80211_setup_basic_htrates(ni, 1831 ni->ni_ies.htinfo_ie); 1832 1833 ieee80211_node_setuptxparms(ni); 1834 ieee80211_ratectl_node_init(ni); 1835 1836 /* Reassociate; we're now 11n/11ac */ 1837 /* 1838 * XXX TODO: this is the wrong thing to do - 1839 * we're calling it with isnew=1 so the ath(4) 1840 * driver reinitialises the rate tables. 1841 * This "mostly" works for ath(4), but it won't 1842 * be right for firmware devices which allocate 1843 * node states. 1844 * 1845 * So, do we just create a new node and delete 1846 * the old one? Or? 1847 */ 1848 if (ni->ni_ic->ic_newassoc) 1849 ni->ni_ic->ic_newassoc(ni, 1); 1850 } 1851 } 1852 1853 /* 1854 * Do node discovery in adhoc mode on receipt of a beacon 1855 * or probe response frame. Note that for the driver's 1856 * benefit we we treat this like an association so the 1857 * driver has an opportunity to setup it's private state. 1858 */ 1859 struct ieee80211_node * 1860 ieee80211_add_neighbor(struct ieee80211vap *vap, 1861 const struct ieee80211_frame *wh, 1862 const struct ieee80211_scanparams *sp) 1863 { 1864 struct ieee80211_node *ni; 1865 1866 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC, 1867 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2)); 1868 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */ 1869 if (ni != NULL) { 1870 struct ieee80211com *ic = vap->iv_ic; 1871 1872 ieee80211_init_neighbor(ni, wh, sp); 1873 if (ieee80211_iserp_rateset(&ni->ni_rates)) 1874 ni->ni_flags |= IEEE80211_NODE_ERP; 1875 ieee80211_node_setuptxparms(ni); 1876 ieee80211_ratectl_node_init(ni); 1877 if (ic->ic_newassoc != NULL) 1878 ic->ic_newassoc(ni, 1); 1879 /* XXX not right for 802.1x/WPA */ 1880 ieee80211_node_authorize(ni); 1881 } 1882 return ni; 1883 } 1884 1885 #define IS_PROBEREQ(wh) \ 1886 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) \ 1887 == (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ)) 1888 #define IS_BCAST_PROBEREQ(wh) \ 1889 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \ 1890 ((const struct ieee80211_frame *)(wh))->i_addr3)) 1891 1892 static __inline struct ieee80211_node * 1893 _find_rxnode(struct ieee80211_node_table *nt, 1894 const struct ieee80211_frame_min *wh) 1895 { 1896 if (IS_BCAST_PROBEREQ(wh)) 1897 return NULL; /* spam bcast probe req to all vap's */ 1898 return ieee80211_find_node_locked(nt, wh->i_addr2); 1899 } 1900 1901 /* 1902 * Locate the node for sender, track state, and then pass the 1903 * (referenced) node up to the 802.11 layer for its use. Note 1904 * we can return NULL if the sender is not in the table. 1905 */ 1906 struct ieee80211_node * 1907 #ifdef IEEE80211_DEBUG_REFCNT 1908 ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1909 const struct ieee80211_frame_min *wh, const char *func, int line) 1910 #else 1911 ieee80211_find_rxnode(struct ieee80211com *ic, 1912 const struct ieee80211_frame_min *wh) 1913 #endif 1914 { 1915 struct ieee80211_node_table *nt; 1916 struct ieee80211_node *ni; 1917 1918 nt = &ic->ic_sta; 1919 IEEE80211_NODE_LOCK(nt); 1920 ni = _find_rxnode(nt, wh); 1921 IEEE80211_NODE_UNLOCK(nt); 1922 1923 return ni; 1924 } 1925 1926 /* 1927 * Like ieee80211_find_rxnode but use the supplied h/w 1928 * key index as a hint to locate the node in the key 1929 * mapping table. If an entry is present at the key 1930 * index we return it; otherwise do a normal lookup and 1931 * update the mapping table if the station has a unicast 1932 * key assigned to it. 1933 */ 1934 struct ieee80211_node * 1935 #ifdef IEEE80211_DEBUG_REFCNT 1936 ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic, 1937 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix, 1938 const char *func, int line) 1939 #else 1940 ieee80211_find_rxnode_withkey(struct ieee80211com *ic, 1941 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix) 1942 #endif 1943 { 1944 struct ieee80211_node_table *nt; 1945 struct ieee80211_node *ni; 1946 1947 nt = &ic->ic_sta; 1948 IEEE80211_NODE_LOCK(nt); 1949 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) 1950 ni = nt->nt_keyixmap[keyix]; 1951 else 1952 ni = NULL; 1953 if (ni == NULL) { 1954 ni = _find_rxnode(nt, wh); 1955 if (ni != NULL && nt->nt_keyixmap != NULL) { 1956 /* 1957 * If the station has a unicast key cache slot 1958 * assigned update the key->node mapping table. 1959 */ 1960 keyix = ni->ni_ucastkey.wk_rxkeyix; 1961 /* XXX can keyixmap[keyix] != NULL? */ 1962 if (keyix < nt->nt_keyixmax && 1963 nt->nt_keyixmap[keyix] == NULL) { 1964 IEEE80211_DPRINTF(ni->ni_vap, 1965 IEEE80211_MSG_NODE, 1966 "%s: add key map entry %p<%s> refcnt %d\n", 1967 __func__, ni, ether_sprintf(ni->ni_macaddr), 1968 ieee80211_node_refcnt(ni)+1); 1969 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1970 } 1971 } 1972 } else { 1973 if (IS_BCAST_PROBEREQ(wh)) 1974 ni = NULL; /* spam bcast probe req to all vap's */ 1975 else 1976 ieee80211_ref_node(ni); 1977 } 1978 IEEE80211_NODE_UNLOCK(nt); 1979 1980 return ni; 1981 } 1982 #undef IS_BCAST_PROBEREQ 1983 #undef IS_PROBEREQ 1984 1985 /* 1986 * Return a reference to the appropriate node for sending 1987 * a data frame. This handles node discovery in adhoc networks. 1988 */ 1989 struct ieee80211_node * 1990 #ifdef IEEE80211_DEBUG_REFCNT 1991 ieee80211_find_txnode_debug(struct ieee80211vap *vap, 1992 const uint8_t macaddr[IEEE80211_ADDR_LEN], 1993 const char *func, int line) 1994 #else 1995 ieee80211_find_txnode(struct ieee80211vap *vap, 1996 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1997 #endif 1998 { 1999 struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta; 2000 struct ieee80211_node *ni; 2001 2002 /* 2003 * The destination address should be in the node table 2004 * unless this is a multicast/broadcast frame. We can 2005 * also optimize station mode operation, all frames go 2006 * to the bss node. 2007 */ 2008 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 2009 IEEE80211_NODE_LOCK(nt); 2010 if (vap->iv_opmode == IEEE80211_M_STA || 2011 vap->iv_opmode == IEEE80211_M_WDS || 2012 IEEE80211_IS_MULTICAST(macaddr)) 2013 ni = ieee80211_ref_node(vap->iv_bss); 2014 else 2015 ni = ieee80211_find_node_locked(nt, macaddr); 2016 IEEE80211_NODE_UNLOCK(nt); 2017 2018 if (ni == NULL) { 2019 if (vap->iv_opmode == IEEE80211_M_IBSS || 2020 vap->iv_opmode == IEEE80211_M_AHDEMO) { 2021 /* 2022 * In adhoc mode cons up a node for the destination. 2023 * Note that we need an additional reference for the 2024 * caller to be consistent with 2025 * ieee80211_find_node_locked. 2026 */ 2027 /* 2028 * XXX TODO: this doesn't fake up 11n state; we need 2029 * to find another way to get it upgraded. 2030 */ 2031 ni = ieee80211_fakeup_adhoc_node(vap, macaddr); 2032 if (ni != NULL) 2033 (void) ieee80211_ref_node(ni); 2034 } else { 2035 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr, 2036 "no node, discard frame (%s)", __func__); 2037 vap->iv_stats.is_tx_nonode++; 2038 } 2039 } 2040 return ni; 2041 } 2042 2043 static void 2044 _ieee80211_free_node(struct ieee80211_node *ni) 2045 { 2046 struct ieee80211_node_table *nt = ni->ni_table; 2047 2048 /* 2049 * NB: careful about referencing the vap as it may be 2050 * gone if the last reference was held by a driver. 2051 * We know the com will always be present so it's safe 2052 * to use ni_ic below to reclaim resources. 2053 */ 2054 #if 0 2055 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 2056 "%s %p<%s> in %s table\n", __func__, ni, 2057 ether_sprintf(ni->ni_macaddr), 2058 nt != NULL ? nt->nt_name : "<gone>"); 2059 #endif 2060 if (ni->ni_associd != 0) { 2061 struct ieee80211vap *vap = ni->ni_vap; 2062 if (vap->iv_aid_bitmap != NULL) 2063 IEEE80211_AID_CLR(vap, ni->ni_associd); 2064 } 2065 if (nt != NULL) 2066 ieee80211_del_node_nt(nt, ni); 2067 ni->ni_ic->ic_node_free(ni); 2068 } 2069 2070 /* 2071 * Clear any entry in the unicast key mapping table. 2072 */ 2073 static int 2074 node_clear_keyixmap(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 2075 { 2076 ieee80211_keyix keyix; 2077 2078 keyix = ni->ni_ucastkey.wk_rxkeyix; 2079 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 2080 nt->nt_keyixmap[keyix] == ni) { 2081 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 2082 "%s: %p<%s> clear key map entry %u\n", 2083 __func__, ni, ether_sprintf(ni->ni_macaddr), keyix); 2084 nt->nt_keyixmap[keyix] = NULL; 2085 ieee80211_node_decref(ni); 2086 return 1; 2087 } 2088 2089 return 0; 2090 } 2091 2092 void 2093 #ifdef IEEE80211_DEBUG_REFCNT 2094 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 2095 #else 2096 ieee80211_free_node(struct ieee80211_node *ni) 2097 #endif 2098 { 2099 struct ieee80211_node_table *nt = ni->ni_table; 2100 2101 #ifdef IEEE80211_DEBUG_REFCNT 2102 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 2103 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 2104 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 2105 #endif 2106 if (nt != NULL) { 2107 IEEE80211_NODE_LOCK(nt); 2108 if (ieee80211_node_dectestref(ni)) { 2109 /* 2110 * Last reference, reclaim state. 2111 */ 2112 _ieee80211_free_node(ni); 2113 } else if (ieee80211_node_refcnt(ni) == 1) 2114 if (node_clear_keyixmap(nt, ni)) 2115 _ieee80211_free_node(ni); 2116 IEEE80211_NODE_UNLOCK(nt); 2117 } else { 2118 if (ieee80211_node_dectestref(ni)) 2119 _ieee80211_free_node(ni); 2120 } 2121 } 2122 2123 /* 2124 * Reclaim a unicast key and clear any key cache state. 2125 */ 2126 int 2127 ieee80211_node_delucastkey(struct ieee80211_node *ni) 2128 { 2129 struct ieee80211com *ic = ni->ni_ic; 2130 struct ieee80211_node_table *nt = &ic->ic_sta; 2131 struct ieee80211_node *nikey; 2132 ieee80211_keyix keyix; 2133 int isowned, status; 2134 2135 /* 2136 * NB: We must beware of LOR here; deleting the key 2137 * can cause the crypto layer to block traffic updates 2138 * which can generate a LOR against the node table lock; 2139 * grab it here and stash the key index for our use below. 2140 * 2141 * Must also beware of recursion on the node table lock. 2142 * When called from node_cleanup we may already have 2143 * the node table lock held. Unfortunately there's no 2144 * way to separate out this path so we must do this 2145 * conditionally. 2146 */ 2147 isowned = IEEE80211_NODE_IS_LOCKED(nt); 2148 if (!isowned) 2149 IEEE80211_NODE_LOCK(nt); 2150 nikey = NULL; 2151 status = 1; /* NB: success */ 2152 if (ni->ni_ucastkey.wk_keyix != IEEE80211_KEYIX_NONE) { 2153 keyix = ni->ni_ucastkey.wk_rxkeyix; 2154 status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey); 2155 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 2156 nikey = nt->nt_keyixmap[keyix]; 2157 nt->nt_keyixmap[keyix] = NULL; 2158 } 2159 } 2160 if (!isowned) 2161 IEEE80211_NODE_UNLOCK(nt); 2162 2163 if (nikey != NULL) { 2164 KASSERT(nikey == ni, 2165 ("key map out of sync, ni %p nikey %p", ni, nikey)); 2166 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 2167 "%s: delete key map entry %p<%s> refcnt %d\n", 2168 __func__, ni, ether_sprintf(ni->ni_macaddr), 2169 ieee80211_node_refcnt(ni)-1); 2170 ieee80211_free_node(ni); 2171 } 2172 return status; 2173 } 2174 2175 /* 2176 * Reclaim a node. If this is the last reference count then 2177 * do the normal free work. Otherwise remove it from the node 2178 * table and mark it gone by clearing the back-reference. 2179 */ 2180 static void 2181 node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 2182 { 2183 2184 IEEE80211_NODE_LOCK_ASSERT(nt); 2185 2186 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, 2187 "%s: remove %p<%s> from %s table, refcnt %d\n", 2188 __func__, ni, ether_sprintf(ni->ni_macaddr), 2189 nt->nt_name, ieee80211_node_refcnt(ni)-1); 2190 /* 2191 * Clear any entry in the unicast key mapping table. 2192 * We need to do it here so rx lookups don't find it 2193 * in the mapping table even if it's not in the hash 2194 * table. We cannot depend on the mapping table entry 2195 * being cleared because the node may not be free'd. 2196 */ 2197 (void)node_clear_keyixmap(nt, ni); 2198 if (!ieee80211_node_dectestref(ni)) { 2199 /* 2200 * Other references are present, just remove the 2201 * node from the table so it cannot be found. When 2202 * the references are dropped storage will be 2203 * reclaimed. 2204 */ 2205 ieee80211_del_node_nt(nt, ni); 2206 } else 2207 _ieee80211_free_node(ni); 2208 } 2209 2210 /* 2211 * Node table support. 2212 */ 2213 2214 static void 2215 ieee80211_node_table_init(struct ieee80211com *ic, 2216 struct ieee80211_node_table *nt, 2217 const char *name, int inact, int keyixmax) 2218 { 2219 2220 nt->nt_ic = ic; 2221 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_name); 2222 TAILQ_INIT(&nt->nt_node); 2223 nt->nt_count = 0; 2224 nt->nt_name = name; 2225 nt->nt_inact_init = inact; 2226 nt->nt_keyixmax = keyixmax; 2227 if (nt->nt_keyixmax > 0) { 2228 nt->nt_keyixmap = (struct ieee80211_node **) IEEE80211_MALLOC( 2229 keyixmax * sizeof(struct ieee80211_node *), 2230 M_80211_NODE, 2231 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 2232 if (nt->nt_keyixmap == NULL) 2233 ic_printf(ic, 2234 "Cannot allocate key index map with %u entries\n", 2235 keyixmax); 2236 } else 2237 nt->nt_keyixmap = NULL; 2238 } 2239 2240 static void 2241 ieee80211_node_table_reset(struct ieee80211_node_table *nt, 2242 struct ieee80211vap *match) 2243 { 2244 struct ieee80211_node *ni, *next; 2245 2246 IEEE80211_NODE_LOCK(nt); 2247 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { 2248 if (match != NULL && ni->ni_vap != match) 2249 continue; 2250 /* XXX can this happen? if so need's work */ 2251 if (ni->ni_associd != 0) { 2252 struct ieee80211vap *vap = ni->ni_vap; 2253 2254 if (vap->iv_auth->ia_node_leave != NULL) 2255 vap->iv_auth->ia_node_leave(ni); 2256 if (vap->iv_aid_bitmap != NULL) 2257 IEEE80211_AID_CLR(vap, ni->ni_associd); 2258 } 2259 ni->ni_wdsvap = NULL; /* clear reference */ 2260 node_reclaim(nt, ni); 2261 } 2262 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) { 2263 /* 2264 * Make a separate pass to clear references to this vap 2265 * held by DWDS entries. They will not be matched above 2266 * because ni_vap will point to the ap vap but we still 2267 * need to clear ni_wdsvap when the WDS vap is destroyed 2268 * and/or reset. 2269 */ 2270 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) 2271 if (ni->ni_wdsvap == match) 2272 ni->ni_wdsvap = NULL; 2273 } 2274 IEEE80211_NODE_UNLOCK(nt); 2275 } 2276 2277 static void 2278 ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 2279 { 2280 ieee80211_node_table_reset(nt, NULL); 2281 if (nt->nt_keyixmap != NULL) { 2282 #ifdef DIAGNOSTIC 2283 /* XXX verify all entries are NULL */ 2284 int i; 2285 for (i = 0; i < nt->nt_keyixmax; i++) 2286 if (nt->nt_keyixmap[i] != NULL) 2287 printf("%s: %s[%u] still active\n", __func__, 2288 nt->nt_name, i); 2289 #endif 2290 IEEE80211_FREE(nt->nt_keyixmap, M_80211_NODE); 2291 nt->nt_keyixmap = NULL; 2292 } 2293 IEEE80211_NODE_LOCK_DESTROY(nt); 2294 } 2295 2296 static void 2297 timeout_stations(void *arg __unused, struct ieee80211_node *ni) 2298 { 2299 struct ieee80211com *ic = ni->ni_ic; 2300 struct ieee80211vap *vap = ni->ni_vap; 2301 2302 /* 2303 * Only process stations when in RUN state. This 2304 * insures, for example, that we don't timeout an 2305 * inactive station during CAC. Note that CSA state 2306 * is actually handled in ieee80211_node_timeout as 2307 * it applies to more than timeout processing. 2308 */ 2309 if (vap->iv_state != IEEE80211_S_RUN) 2310 return; 2311 /* 2312 * Ignore entries for which have yet to receive an 2313 * authentication frame. These are transient and 2314 * will be reclaimed when the last reference to them 2315 * goes away (when frame xmits complete). 2316 */ 2317 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 2318 vap->iv_opmode == IEEE80211_M_STA) && 2319 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 2320 return; 2321 /* 2322 * Free fragment if not needed anymore 2323 * (last fragment older than 1s). 2324 * XXX doesn't belong here, move to node_age 2325 */ 2326 if (ni->ni_rxfrag[0] != NULL && 2327 ticks > ni->ni_rxfragstamp + hz) { 2328 m_freem(ni->ni_rxfrag[0]); 2329 ni->ni_rxfrag[0] = NULL; 2330 } 2331 if (ni->ni_inact > 0) { 2332 ni->ni_inact--; 2333 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni, 2334 "%s: inact %u inact_reload %u nrates %u", 2335 __func__, ni->ni_inact, ni->ni_inact_reload, 2336 ni->ni_rates.rs_nrates); 2337 } 2338 /* 2339 * Special case ourself; we may be idle for extended periods 2340 * of time and regardless reclaiming our state is wrong. 2341 * XXX run ic_node_age 2342 */ 2343 /* XXX before inact decrement? */ 2344 if (ni == vap->iv_bss) 2345 return; 2346 if (ni->ni_associd != 0 || 2347 (vap->iv_opmode == IEEE80211_M_IBSS || 2348 vap->iv_opmode == IEEE80211_M_AHDEMO)) { 2349 /* 2350 * Age/drain resources held by the station. 2351 */ 2352 ic->ic_node_age(ni); 2353 /* 2354 * Probe the station before time it out. We 2355 * send a null data frame which may not be 2356 * universally supported by drivers (need it 2357 * for ps-poll support so it should be...). 2358 * 2359 * XXX don't probe the station unless we've 2360 * received a frame from them (and have 2361 * some idea of the rates they are capable 2362 * of); this will get fixed more properly 2363 * soon with better handling of the rate set. 2364 */ 2365 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 2366 (0 < ni->ni_inact && 2367 ni->ni_inact <= vap->iv_inact_probe) && 2368 ni->ni_rates.rs_nrates != 0) { 2369 IEEE80211_NOTE(vap, 2370 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, 2371 ni, "%s", 2372 "probe station due to inactivity"); 2373 /* 2374 * Grab a reference so the node cannot 2375 * be reclaimed before we send the frame. 2376 * ieee80211_send_nulldata understands 2377 * we've done this and reclaims the 2378 * ref for us as needed. 2379 */ 2380 /* XXX fix this (not required anymore). */ 2381 ieee80211_ref_node(ni); 2382 /* XXX useless */ 2383 ieee80211_send_nulldata(ni); 2384 /* XXX stat? */ 2385 return; 2386 } 2387 } 2388 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) && 2389 ni->ni_inact <= 0) { 2390 IEEE80211_NOTE(vap, 2391 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni, 2392 "station timed out due to inactivity " 2393 "(refcnt %u)", ieee80211_node_refcnt(ni)); 2394 /* 2395 * Send a deauthenticate frame and drop the station. 2396 * This is somewhat complicated due to reference counts 2397 * and locking. At this point a station will typically 2398 * have a reference count of 2. ieee80211_node_leave 2399 * will do a "free" of the node which will drop the 2400 * reference count. But in the meantime a reference 2401 * wil be held by the deauth frame. The actual reclaim 2402 * of the node will happen either after the tx is 2403 * completed or by ieee80211_node_leave. 2404 */ 2405 if (ni->ni_associd != 0) { 2406 IEEE80211_SEND_MGMT(ni, 2407 IEEE80211_FC0_SUBTYPE_DEAUTH, 2408 IEEE80211_REASON_AUTH_EXPIRE); 2409 } 2410 ieee80211_node_leave(ni); 2411 vap->iv_stats.is_node_timeout++; 2412 } 2413 } 2414 2415 /* 2416 * Timeout inactive stations and do related housekeeping. 2417 */ 2418 static void 2419 ieee80211_timeout_stations(struct ieee80211com *ic) 2420 { 2421 struct ieee80211_node_table *nt = &ic->ic_sta; 2422 2423 ieee80211_iterate_nodes(nt, timeout_stations, NULL); 2424 } 2425 2426 /* 2427 * Aggressively reclaim resources. This should be used 2428 * only in a critical situation to reclaim mbuf resources. 2429 */ 2430 void 2431 ieee80211_drain(struct ieee80211com *ic) 2432 { 2433 struct ieee80211_node_table *nt = &ic->ic_sta; 2434 struct ieee80211vap *vap; 2435 struct ieee80211_node *ni; 2436 2437 IEEE80211_NODE_LOCK(nt); 2438 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2439 /* 2440 * Ignore entries for which have yet to receive an 2441 * authentication frame. These are transient and 2442 * will be reclaimed when the last reference to them 2443 * goes away (when frame xmits complete). 2444 */ 2445 vap = ni->ni_vap; 2446 /* 2447 * Only process stations when in RUN state. This 2448 * insures, for example, that we don't timeout an 2449 * inactive station during CAC. Note that CSA state 2450 * is actually handled in ieee80211_node_timeout as 2451 * it applies to more than timeout processing. 2452 */ 2453 if (vap->iv_state != IEEE80211_S_RUN) 2454 continue; 2455 /* XXX can vap be NULL? */ 2456 if ((vap->iv_opmode == IEEE80211_M_HOSTAP || 2457 vap->iv_opmode == IEEE80211_M_STA) && 2458 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 2459 continue; 2460 /* 2461 * Free fragments. 2462 * XXX doesn't belong here, move to node_drain 2463 */ 2464 if (ni->ni_rxfrag[0] != NULL) { 2465 m_freem(ni->ni_rxfrag[0]); 2466 ni->ni_rxfrag[0] = NULL; 2467 } 2468 /* 2469 * Drain resources held by the station. 2470 */ 2471 ic->ic_node_drain(ni); 2472 } 2473 IEEE80211_NODE_UNLOCK(nt); 2474 } 2475 2476 /* 2477 * Per-ieee80211com inactivity timer callback. 2478 */ 2479 void 2480 ieee80211_node_timeout(void *arg) 2481 { 2482 struct ieee80211com *ic = arg; 2483 2484 /* 2485 * Defer timeout processing if a channel switch is pending. 2486 * We typically need to be mute so not doing things that 2487 * might generate frames is good to handle in one place. 2488 * Suppressing the station timeout processing may extend the 2489 * lifetime of inactive stations (by not decrementing their 2490 * idle counters) but this should be ok unless the CSA is 2491 * active for an unusually long time. 2492 */ 2493 if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) { 2494 ieee80211_scan_timeout(ic); 2495 ieee80211_timeout_stations(ic); 2496 ieee80211_ageq_age(&ic->ic_stageq, IEEE80211_INACT_WAIT); 2497 2498 IEEE80211_LOCK(ic); 2499 ieee80211_erp_timeout(ic); 2500 ieee80211_ht_timeout(ic); 2501 ieee80211_vht_timeout(ic); 2502 IEEE80211_UNLOCK(ic); 2503 } 2504 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz, 2505 ieee80211_node_timeout, ic); 2506 } 2507 2508 /* 2509 * The same as ieee80211_iterate_nodes(), but for one vap only. 2510 */ 2511 int 2512 ieee80211_iterate_nodes_vap(struct ieee80211_node_table *nt, 2513 struct ieee80211vap *vap, ieee80211_iter_func *f, void *arg) 2514 { 2515 struct ieee80211_node **ni_arr; 2516 struct ieee80211_node *ni; 2517 size_t size; 2518 int count, i; 2519 2520 /* 2521 * Iterate over the node table and save an array of ref'ed nodes. 2522 * 2523 * This is separated out from calling the actual node function so that 2524 * no LORs will occur. 2525 */ 2526 IEEE80211_NODE_LOCK(nt); 2527 count = nt->nt_count; 2528 size = count * sizeof(struct ieee80211_node *); 2529 ni_arr = (struct ieee80211_node **) IEEE80211_MALLOC(size, M_80211_NODE, 2530 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 2531 if (ni_arr == NULL) { 2532 IEEE80211_NODE_UNLOCK(nt); 2533 return (ENOMEM); 2534 } 2535 2536 i = 0; 2537 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2538 if (vap != NULL && ni->ni_vap != vap) 2539 continue; 2540 KASSERT(i < count, 2541 ("node array overflow (vap %p, i %d, count %d)\n", 2542 vap, i, count)); 2543 ni_arr[i] = ieee80211_ref_node(ni); 2544 i++; 2545 } 2546 IEEE80211_NODE_UNLOCK(nt); 2547 2548 for (i = 0; i < count; i++) { 2549 if (ni_arr[i] == NULL) /* end of the list */ 2550 break; 2551 (*f)(arg, ni_arr[i]); 2552 /* ieee80211_free_node() locks by itself */ 2553 ieee80211_free_node(ni_arr[i]); 2554 } 2555 2556 IEEE80211_FREE(ni_arr, M_80211_NODE); 2557 2558 return (0); 2559 } 2560 2561 /* 2562 * Just a wrapper, so we don't have to change every ieee80211_iterate_nodes() 2563 * reference in the source. 2564 */ 2565 void 2566 ieee80211_iterate_nodes(struct ieee80211_node_table *nt, 2567 ieee80211_iter_func *f, void *arg) 2568 { 2569 /* XXX no way to pass error to the caller. */ 2570 (void) ieee80211_iterate_nodes_vap(nt, NULL, f, arg); 2571 } 2572 2573 void 2574 ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 2575 { 2576 printf("0x%p: mac %s refcnt %d\n", ni, 2577 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2578 printf("\tauthmode %u flags 0x%x\n", 2579 ni->ni_authmode, ni->ni_flags); 2580 printf("\tassocid 0x%x txpower %u vlan %u\n", 2581 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2582 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2583 ni->ni_txseqs[IEEE80211_NONQOS_TID], 2584 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT, 2585 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK, 2586 ni->ni_rxfragstamp); 2587 printf("\trssi %d noise %d intval %u capinfo 0x%x\n", 2588 node_getrssi(ni), ni->ni_noise, 2589 ni->ni_intval, ni->ni_capinfo); 2590 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 2591 ether_sprintf(ni->ni_bssid), 2592 ni->ni_esslen, ni->ni_essid, 2593 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2594 printf("\tinact %u inact_reload %u txrate %u\n", 2595 ni->ni_inact, ni->ni_inact_reload, ni->ni_txrate); 2596 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n", 2597 ni->ni_htcap, ni->ni_htparam, 2598 ni->ni_htctlchan, ni->ni_ht2ndchan); 2599 printf("\thtopmode %x htstbc %x htchw %u\n", 2600 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw); 2601 printf("\tvhtcap %x freq1 %d freq2 %d vhtbasicmcs %x\n", 2602 ni->ni_vhtcap, (int) ni->ni_vht_chan1, (int) ni->ni_vht_chan2, 2603 (int) ni->ni_vht_basicmcs); 2604 /* XXX VHT state */ 2605 } 2606 2607 void 2608 ieee80211_dump_nodes(struct ieee80211_node_table *nt) 2609 { 2610 ieee80211_iterate_nodes(nt, 2611 (ieee80211_iter_func *) ieee80211_dump_node, nt); 2612 } 2613 2614 static void 2615 ieee80211_notify_erp_locked(struct ieee80211com *ic) 2616 { 2617 struct ieee80211vap *vap; 2618 2619 IEEE80211_LOCK_ASSERT(ic); 2620 2621 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) 2622 if (vap->iv_opmode == IEEE80211_M_HOSTAP) 2623 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP); 2624 } 2625 2626 void 2627 ieee80211_notify_erp(struct ieee80211com *ic) 2628 { 2629 IEEE80211_LOCK(ic); 2630 ieee80211_notify_erp_locked(ic); 2631 IEEE80211_UNLOCK(ic); 2632 } 2633 2634 /* 2635 * Handle a station joining an 11g network. 2636 */ 2637 static void 2638 ieee80211_node_join_11g(struct ieee80211_node *ni) 2639 { 2640 struct ieee80211com *ic = ni->ni_ic; 2641 2642 IEEE80211_LOCK_ASSERT(ic); 2643 2644 /* 2645 * Station isn't capable of short slot time. Bump 2646 * the count of long slot time stations and disable 2647 * use of short slot time. Note that the actual switch 2648 * over to long slot time use may not occur until the 2649 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2650 */ 2651 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2652 ic->ic_longslotsta++; 2653 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2654 "station needs long slot time, count %d", 2655 ic->ic_longslotsta); 2656 /* XXX vap's w/ conflicting needs won't work */ 2657 if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) { 2658 /* 2659 * Don't force slot time when switched to turbo 2660 * mode as non-ERP stations won't be present; this 2661 * need only be done when on the normal G channel. 2662 */ 2663 ieee80211_set_shortslottime(ic, 0); 2664 } 2665 } 2666 /* 2667 * If the new station is not an ERP station 2668 * then bump the counter and enable protection 2669 * if configured. 2670 */ 2671 if (!ieee80211_iserp_rateset(&ni->ni_rates)) { 2672 ic->ic_nonerpsta++; 2673 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2674 "station is !ERP, %d non-ERP stations associated", 2675 ic->ic_nonerpsta); 2676 /* 2677 * If station does not support short preamble 2678 * then we must enable use of Barker preamble. 2679 */ 2680 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2681 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2682 "%s", "station needs long preamble"); 2683 ic->ic_flags |= IEEE80211_F_USEBARKER; 2684 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2685 } 2686 /* 2687 * If protection is configured and this is the first 2688 * indication we should use protection, enable it. 2689 */ 2690 if (ic->ic_protmode != IEEE80211_PROT_NONE && 2691 ic->ic_nonerpsta == 1 && 2692 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2693 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2694 "%s: enable use of protection\n", __func__); 2695 ic->ic_flags |= IEEE80211_F_USEPROT; 2696 ieee80211_notify_erp_locked(ic); 2697 } 2698 } else 2699 ni->ni_flags |= IEEE80211_NODE_ERP; 2700 } 2701 2702 void 2703 ieee80211_node_join(struct ieee80211_node *ni, int resp) 2704 { 2705 struct ieee80211com *ic = ni->ni_ic; 2706 struct ieee80211vap *vap = ni->ni_vap; 2707 int newassoc; 2708 2709 if (ni->ni_associd == 0) { 2710 uint16_t aid; 2711 2712 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap")); 2713 /* 2714 * It would be good to search the bitmap 2715 * more efficiently, but this will do for now. 2716 */ 2717 for (aid = 1; aid < vap->iv_max_aid; aid++) { 2718 if (!IEEE80211_AID_ISSET(vap, aid)) 2719 break; 2720 } 2721 if (aid >= vap->iv_max_aid) { 2722 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY); 2723 ieee80211_node_leave(ni); 2724 return; 2725 } 2726 ni->ni_associd = aid | 0xc000; 2727 ni->ni_jointime = time_uptime; 2728 IEEE80211_LOCK(ic); 2729 IEEE80211_AID_SET(vap, ni->ni_associd); 2730 vap->iv_sta_assoc++; 2731 ic->ic_sta_assoc++; 2732 2733 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2734 ieee80211_ht_node_join(ni); 2735 if (IEEE80211_IS_CHAN_VHT(ic->ic_bsschan)) 2736 ieee80211_vht_node_join(ni); 2737 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2738 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2739 ieee80211_node_join_11g(ni); 2740 IEEE80211_UNLOCK(ic); 2741 2742 newassoc = 1; 2743 } else 2744 newassoc = 0; 2745 2746 /* 2747 * XXX VHT - should log VHT channel width, etc 2748 */ 2749 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2750 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s%s%s", 2751 IEEE80211_NODE_AID(ni), 2752 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2753 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2754 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2755 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "", 2756 /* XXX update for VHT string */ 2757 ni->ni_flags & IEEE80211_NODE_HT ? 2758 (ni->ni_chw == 40 ? ", HT40" : ", HT20") : "", 2759 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "", 2760 ni->ni_flags & IEEE80211_NODE_MIMO_RTS ? " (+SMPS-DYN)" : 2761 ni->ni_flags & IEEE80211_NODE_MIMO_PS ? " (+SMPS)" : "", 2762 ni->ni_flags & IEEE80211_NODE_RIFS ? " (+RIFS)" : "", 2763 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ? 2764 ", fast-frames" : "", 2765 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ? 2766 ", turbo" : "" 2767 ); 2768 2769 ieee80211_node_setuptxparms(ni); 2770 ieee80211_ratectl_node_init(ni); 2771 /* give driver a chance to setup state like ni_txrate */ 2772 if (ic->ic_newassoc != NULL) 2773 ic->ic_newassoc(ni, newassoc); 2774 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS); 2775 /* tell the authenticator about new station */ 2776 if (vap->iv_auth->ia_node_join != NULL) 2777 vap->iv_auth->ia_node_join(ni); 2778 ieee80211_notify_node_join(ni, 2779 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP); 2780 } 2781 2782 static void 2783 disable_protection(struct ieee80211com *ic) 2784 { 2785 KASSERT(ic->ic_nonerpsta == 0 && 2786 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0, 2787 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta, 2788 ic->ic_flags_ext)); 2789 2790 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2791 /* XXX verify mode? */ 2792 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2793 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 2794 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2795 } 2796 ieee80211_notify_erp_locked(ic); 2797 } 2798 2799 /* 2800 * Handle a station leaving an 11g network. 2801 */ 2802 static void 2803 ieee80211_node_leave_11g(struct ieee80211_node *ni) 2804 { 2805 struct ieee80211com *ic = ni->ni_ic; 2806 2807 IEEE80211_LOCK_ASSERT(ic); 2808 2809 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan), 2810 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq, 2811 ic->ic_bsschan->ic_flags)); 2812 2813 /* 2814 * If a long slot station do the slot time bookkeeping. 2815 */ 2816 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2817 KASSERT(ic->ic_longslotsta > 0, 2818 ("bogus long slot station count %d", ic->ic_longslotsta)); 2819 ic->ic_longslotsta--; 2820 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2821 "long slot time station leaves, count now %d", 2822 ic->ic_longslotsta); 2823 if (ic->ic_longslotsta == 0) { 2824 /* 2825 * Re-enable use of short slot time if supported 2826 * and not operating in IBSS mode (per spec). 2827 */ 2828 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2829 ic->ic_opmode != IEEE80211_M_IBSS) { 2830 IEEE80211_DPRINTF(ni->ni_vap, 2831 IEEE80211_MSG_ASSOC, 2832 "%s: re-enable use of short slot time\n", 2833 __func__); 2834 ieee80211_set_shortslottime(ic, 1); 2835 } 2836 } 2837 } 2838 /* 2839 * If a non-ERP station do the protection-related bookkeeping. 2840 */ 2841 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2842 KASSERT(ic->ic_nonerpsta > 0, 2843 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2844 ic->ic_nonerpsta--; 2845 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni, 2846 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta, 2847 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ? 2848 " (non-ERP sta present)" : ""); 2849 if (ic->ic_nonerpsta == 0 && 2850 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) { 2851 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC, 2852 "%s: disable use of protection\n", __func__); 2853 disable_protection(ic); 2854 } 2855 } 2856 } 2857 2858 /* 2859 * Time out presence of an overlapping bss with non-ERP 2860 * stations. When operating in hostap mode we listen for 2861 * beacons from other stations and if we identify a non-ERP 2862 * station is present we enable protection. To identify 2863 * when all non-ERP stations are gone we time out this 2864 * condition. 2865 */ 2866 static void 2867 ieee80211_erp_timeout(struct ieee80211com *ic) 2868 { 2869 2870 IEEE80211_LOCK_ASSERT(ic); 2871 2872 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) && 2873 ieee80211_time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) { 2874 #if 0 2875 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni, 2876 "%s", "age out non-ERP sta present on channel"); 2877 #endif 2878 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR; 2879 if (ic->ic_nonerpsta == 0) 2880 disable_protection(ic); 2881 } 2882 } 2883 2884 /* 2885 * Handle bookkeeping for station deauthentication/disassociation 2886 * when operating as an ap. 2887 */ 2888 void 2889 ieee80211_node_leave(struct ieee80211_node *ni) 2890 { 2891 struct ieee80211com *ic = ni->ni_ic; 2892 struct ieee80211vap *vap = ni->ni_vap; 2893 struct ieee80211_node_table *nt = ni->ni_table; 2894 2895 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni, 2896 "station with aid %d leaves", IEEE80211_NODE_AID(ni)); 2897 2898 KASSERT(vap->iv_opmode != IEEE80211_M_STA, 2899 ("unexpected operating mode %u", vap->iv_opmode)); 2900 /* 2901 * If node wasn't previously associated all 2902 * we need to do is reclaim the reference. 2903 */ 2904 /* XXX ibss mode bypasses 11g and notification */ 2905 if (ni->ni_associd == 0) 2906 goto done; 2907 /* 2908 * Tell the authenticator the station is leaving. 2909 * Note that we must do this before yanking the 2910 * association id as the authenticator uses the 2911 * associd to locate it's state block. 2912 */ 2913 if (vap->iv_auth->ia_node_leave != NULL) 2914 vap->iv_auth->ia_node_leave(ni); 2915 2916 IEEE80211_LOCK(ic); 2917 IEEE80211_AID_CLR(vap, ni->ni_associd); 2918 vap->iv_sta_assoc--; 2919 ic->ic_sta_assoc--; 2920 2921 if (IEEE80211_IS_CHAN_VHT(ic->ic_bsschan)) 2922 ieee80211_vht_node_leave(ni); 2923 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan)) 2924 ieee80211_ht_node_leave(ni); 2925 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) && 2926 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan)) 2927 ieee80211_node_leave_11g(ni); 2928 IEEE80211_UNLOCK(ic); 2929 /* 2930 * Cleanup station state. In particular clear various 2931 * state that might otherwise be reused if the node 2932 * is reused before the reference count goes to zero 2933 * (and memory is reclaimed). 2934 */ 2935 ieee80211_sta_leave(ni); 2936 done: 2937 /* 2938 * Remove the node from any table it's recorded in and 2939 * drop the caller's reference. Removal from the table 2940 * is important to insure the node is not reprocessed 2941 * for inactivity. 2942 */ 2943 if (nt != NULL) { 2944 IEEE80211_NODE_LOCK(nt); 2945 node_reclaim(nt, ni); 2946 IEEE80211_NODE_UNLOCK(nt); 2947 } else 2948 ieee80211_free_node(ni); 2949 } 2950 2951 struct rssiinfo { 2952 int rssi_samples; 2953 uint32_t rssi_total; 2954 }; 2955 2956 static void 2957 get_hostap_rssi(void *arg, struct ieee80211_node *ni) 2958 { 2959 struct rssiinfo *info = arg; 2960 struct ieee80211vap *vap = ni->ni_vap; 2961 int8_t rssi; 2962 2963 /* only associated stations */ 2964 if (ni->ni_associd == 0) 2965 return; 2966 rssi = vap->iv_ic->ic_node_getrssi(ni); 2967 if (rssi != 0) { 2968 info->rssi_samples++; 2969 info->rssi_total += rssi; 2970 } 2971 } 2972 2973 static void 2974 get_adhoc_rssi(void *arg, struct ieee80211_node *ni) 2975 { 2976 struct rssiinfo *info = arg; 2977 struct ieee80211vap *vap = ni->ni_vap; 2978 int8_t rssi; 2979 2980 /* only neighbors */ 2981 /* XXX check bssid */ 2982 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 2983 return; 2984 rssi = vap->iv_ic->ic_node_getrssi(ni); 2985 if (rssi != 0) { 2986 info->rssi_samples++; 2987 info->rssi_total += rssi; 2988 } 2989 } 2990 2991 #ifdef IEEE80211_SUPPORT_MESH 2992 static void 2993 get_mesh_rssi(void *arg, struct ieee80211_node *ni) 2994 { 2995 struct rssiinfo *info = arg; 2996 struct ieee80211vap *vap = ni->ni_vap; 2997 int8_t rssi; 2998 2999 /* only neighbors that peered successfully */ 3000 if (ni->ni_mlstate != IEEE80211_NODE_MESH_ESTABLISHED) 3001 return; 3002 rssi = vap->iv_ic->ic_node_getrssi(ni); 3003 if (rssi != 0) { 3004 info->rssi_samples++; 3005 info->rssi_total += rssi; 3006 } 3007 } 3008 #endif /* IEEE80211_SUPPORT_MESH */ 3009 3010 int8_t 3011 ieee80211_getrssi(struct ieee80211vap *vap) 3012 { 3013 #define NZ(x) ((x) == 0 ? 1 : (x)) 3014 struct ieee80211com *ic = vap->iv_ic; 3015 struct rssiinfo info; 3016 3017 info.rssi_total = 0; 3018 info.rssi_samples = 0; 3019 switch (vap->iv_opmode) { 3020 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 3021 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 3022 ieee80211_iterate_nodes_vap(&ic->ic_sta, vap, get_adhoc_rssi, 3023 &info); 3024 break; 3025 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 3026 ieee80211_iterate_nodes_vap(&ic->ic_sta, vap, get_hostap_rssi, 3027 &info); 3028 break; 3029 #ifdef IEEE80211_SUPPORT_MESH 3030 case IEEE80211_M_MBSS: /* average of all mesh neighbors */ 3031 ieee80211_iterate_nodes_vap(&ic->ic_sta, vap, get_mesh_rssi, 3032 &info); 3033 break; 3034 #endif 3035 case IEEE80211_M_MONITOR: /* XXX */ 3036 case IEEE80211_M_STA: /* use stats from associated ap */ 3037 default: 3038 if (vap->iv_bss != NULL) 3039 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss); 3040 info.rssi_samples = 1; 3041 break; 3042 } 3043 return info.rssi_total / NZ(info.rssi_samples); 3044 #undef NZ 3045 } 3046 3047 void 3048 ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise) 3049 { 3050 3051 if (vap->iv_bss == NULL) /* NB: shouldn't happen */ 3052 return; 3053 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise); 3054 /* for non-station mode return avg'd rssi accounting */ 3055 if (vap->iv_opmode != IEEE80211_M_STA) 3056 *rssi = ieee80211_getrssi(vap); 3057 } 3058