1 /* $NetBSD: ieee80211_node.c,v 1.43 2005/07/26 23:07:53 dyoung Exp $ */ 2 /*- 3 * Copyright (c) 2001 Atsushi Onoe 4 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote products 16 * derived from this software without specific prior written permission. 17 * 18 * Alternatively, this software may be distributed under the terms of the 19 * GNU General Public License ("GPL") version 2 as published by the Free 20 * Software Foundation. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 #ifdef __FreeBSD__ 36 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_node.c,v 1.48 2005/07/06 01:51:44 sam Exp $"); 37 #endif 38 #ifdef __NetBSD__ 39 __KERNEL_RCSID(0, "$NetBSD: ieee80211_node.c,v 1.43 2005/07/26 23:07:53 dyoung Exp $"); 40 #endif 41 42 #include "opt_inet.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/mbuf.h> 47 #include <sys/malloc.h> 48 #include <sys/kernel.h> 49 50 #include <sys/socket.h> 51 #include <sys/sockio.h> 52 #include <sys/endian.h> 53 #include <sys/errno.h> 54 #include <sys/proc.h> 55 #include <sys/sysctl.h> 56 57 #include <net/if.h> 58 #include <net/if_media.h> 59 #include <net/if_arp.h> 60 #include <net/if_ether.h> 61 #include <net/if_llc.h> 62 63 #include <net80211/ieee80211_netbsd.h> 64 #include <net80211/ieee80211_var.h> 65 66 #include <net/bpf.h> 67 68 #ifdef INET 69 #include <netinet/in.h> 70 #include <net/if_ether.h> 71 #endif 72 73 /* 74 * Association id's are managed with a bit vector. 75 */ 76 #define IEEE80211_AID_SET(b, w) \ 77 ((w)[IEEE80211_AID(b) / 32] |= (1 << (IEEE80211_AID(b) % 32))) 78 #define IEEE80211_AID_CLR(b, w) \ 79 ((w)[IEEE80211_AID(b) / 32] &= ~(1 << (IEEE80211_AID(b) % 32))) 80 #define IEEE80211_AID_ISSET(b, w) \ 81 ((w)[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 82 83 static struct ieee80211_node *node_alloc(struct ieee80211_node_table *); 84 static void node_cleanup(struct ieee80211_node *); 85 static void node_free(struct ieee80211_node *); 86 static u_int8_t node_getrssi(const struct ieee80211_node *); 87 88 static void ieee80211_setup_node(struct ieee80211_node_table *, 89 struct ieee80211_node *, const u_int8_t *); 90 static void _ieee80211_free_node(struct ieee80211_node *); 91 static void ieee80211_free_allnodes(struct ieee80211_node_table *); 92 93 static void ieee80211_timeout_scan_candidates(struct ieee80211_node_table *); 94 static void ieee80211_timeout_stations(struct ieee80211_node_table *); 95 96 static void ieee80211_set_tim(struct ieee80211com *, 97 struct ieee80211_node *, int set); 98 99 static void ieee80211_node_table_init(struct ieee80211com *ic, 100 struct ieee80211_node_table *nt, const char *name, int inact, 101 void (*timeout)(struct ieee80211_node_table *)); 102 static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 103 104 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 105 106 void 107 ieee80211_node_attach(struct ieee80211com *ic) 108 { 109 u_long sz; 110 111 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 112 IEEE80211_INACT_INIT, ieee80211_timeout_stations); 113 ieee80211_node_table_init(ic, &ic->ic_scan, "scan", 114 IEEE80211_INACT_SCAN, ieee80211_timeout_scan_candidates); 115 116 ic->ic_node_alloc = node_alloc; 117 ic->ic_node_free = node_free; 118 ic->ic_node_cleanup = node_cleanup; 119 ic->ic_node_getrssi = node_getrssi; 120 121 /* default station inactivity timer setings */ 122 ic->ic_inact_init = IEEE80211_INACT_INIT; 123 ic->ic_inact_auth = IEEE80211_INACT_AUTH; 124 ic->ic_inact_run = IEEE80211_INACT_RUN; 125 ic->ic_inact_probe = IEEE80211_INACT_PROBE; 126 127 /* XXX defer */ 128 if (ic->ic_max_aid == 0) 129 ic->ic_max_aid = IEEE80211_AID_DEF; 130 else if (ic->ic_max_aid > IEEE80211_AID_MAX) 131 ic->ic_max_aid = IEEE80211_AID_MAX; 132 MALLOC(ic->ic_aid_bitmap, u_int32_t *, 133 howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t), 134 M_DEVBUF, M_NOWAIT | M_ZERO); 135 if (ic->ic_aid_bitmap == NULL) { 136 /* XXX no way to recover */ 137 printf("%s: no memory for AID bitmap!\n", __func__); 138 ic->ic_max_aid = 0; 139 } 140 141 /* XXX defer until using hostap/ibss mode */ 142 ic->ic_tim_len = sz = howmany(ic->ic_max_aid, 8) * sizeof(u_int8_t); 143 MALLOC(ic->ic_tim_bitmap, u_int8_t *, sz, M_DEVBUF, M_NOWAIT | M_ZERO); 144 if (ic->ic_tim_bitmap == NULL) { 145 /* XXX no way to recover */ 146 printf("%s: no memory for TIM bitmap!\n", __func__); 147 } 148 ic->ic_set_tim = ieee80211_set_tim; /* NB: driver should override */ 149 } 150 151 void 152 ieee80211_node_lateattach(struct ieee80211com *ic) 153 { 154 struct ieee80211_node *ni; 155 struct ieee80211_rsnparms *rsn; 156 157 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 158 IASSERT(ni != NULL, ("unable to setup inital BSS node")); 159 /* 160 * Setup "global settings" in the bss node so that 161 * each new station automatically inherits them. 162 */ 163 rsn = &ni->ni_rsn; 164 /* WEP, TKIP, and AES-CCM are always supported */ 165 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_WEP; 166 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_TKIP; 167 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_CCM; 168 if (ic->ic_caps & IEEE80211_C_AES) 169 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_OCB; 170 if (ic->ic_caps & IEEE80211_C_CKIP) 171 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_CKIP; 172 /* 173 * Default unicast cipher to WEP for 802.1x use. If 174 * WPA is enabled the management code will set these 175 * values to reflect. 176 */ 177 rsn->rsn_ucastcipher = IEEE80211_CIPHER_WEP; 178 rsn->rsn_ucastkeylen = 104 / NBBY; 179 /* 180 * WPA says the multicast cipher is the lowest unicast 181 * cipher supported. But we skip WEP which would 182 * otherwise be used based on this criteria. 183 */ 184 rsn->rsn_mcastcipher = IEEE80211_CIPHER_TKIP; 185 rsn->rsn_mcastkeylen = 128 / NBBY; 186 187 /* 188 * We support both WPA-PSK and 802.1x; the one used 189 * is determined by the authentication mode and the 190 * setting of the PSK state. 191 */ 192 rsn->rsn_keymgmtset = WPA_ASE_8021X_UNSPEC | WPA_ASE_8021X_PSK; 193 rsn->rsn_keymgmt = WPA_ASE_8021X_PSK; 194 195 ic->ic_bss = ieee80211_ref_node(ni); /* hold reference */ 196 ic->ic_auth = ieee80211_authenticator_get(ni->ni_authmode); 197 } 198 199 void 200 ieee80211_node_detach(struct ieee80211com *ic) 201 { 202 203 if (ic->ic_bss != NULL) { 204 ieee80211_free_node(ic->ic_bss); 205 ic->ic_bss = NULL; 206 } 207 ieee80211_node_table_cleanup(&ic->ic_scan); 208 ieee80211_node_table_cleanup(&ic->ic_sta); 209 if (ic->ic_aid_bitmap != NULL) { 210 FREE(ic->ic_aid_bitmap, M_DEVBUF); 211 ic->ic_aid_bitmap = NULL; 212 } 213 if (ic->ic_tim_bitmap != NULL) { 214 FREE(ic->ic_tim_bitmap, M_DEVBUF); 215 ic->ic_tim_bitmap = NULL; 216 } 217 } 218 219 /* 220 * Port authorize/unauthorize interfaces for use by an authenticator. 221 */ 222 223 void 224 ieee80211_node_authorize(struct ieee80211com *ic, struct ieee80211_node *ni) 225 { 226 ni->ni_flags |= IEEE80211_NODE_AUTH; 227 ni->ni_inact_reload = ic->ic_inact_run; 228 } 229 230 void 231 ieee80211_node_unauthorize(struct ieee80211com *ic, struct ieee80211_node *ni) 232 { 233 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 234 } 235 236 /* 237 * Set/change the channel. The rate set is also updated as 238 * to insure a consistent view by drivers. 239 */ 240 static __inline void 241 ieee80211_set_chan(struct ieee80211com *ic, 242 struct ieee80211_node *ni, struct ieee80211_channel *chan) 243 { 244 ni->ni_chan = chan; 245 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, chan)]; 246 } 247 248 /* 249 * AP scanning support. 250 */ 251 252 #ifdef IEEE80211_DEBUG 253 static void 254 dump_chanlist(const u_char chans[]) 255 { 256 const char *sep; 257 int i; 258 259 sep = " "; 260 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 261 if (isset(chans, i)) { 262 printf("%s%u", sep, i); 263 sep = ", "; 264 } 265 } 266 #endif /* IEEE80211_DEBUG */ 267 268 /* 269 * Initialize the channel set to scan based on the 270 * of available channels and the current PHY mode. 271 */ 272 static void 273 ieee80211_reset_scan(struct ieee80211com *ic) 274 { 275 276 /* XXX ic_des_chan should be handled with ic_chan_active */ 277 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC) { 278 memset(ic->ic_chan_scan, 0, sizeof(ic->ic_chan_scan)); 279 setbit(ic->ic_chan_scan, 280 ieee80211_chan2ieee(ic, ic->ic_des_chan)); 281 } else 282 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 283 sizeof(ic->ic_chan_active)); 284 /* NB: hack, setup so next_scan starts with the first channel */ 285 if (ic->ic_bss->ni_chan == IEEE80211_CHAN_ANYC) 286 ieee80211_set_chan(ic, ic->ic_bss, 287 &ic->ic_channels[IEEE80211_CHAN_MAX]); 288 #ifdef IEEE80211_DEBUG 289 if (ieee80211_msg_scan(ic)) { 290 printf("%s: scan set:", __func__); 291 dump_chanlist(ic->ic_chan_scan); 292 printf(" start chan %u\n", 293 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan)); 294 } 295 #endif /* IEEE80211_DEBUG */ 296 } 297 298 /* 299 * Begin an active scan. 300 */ 301 void 302 ieee80211_begin_scan(struct ieee80211com *ic, int reset) 303 { 304 305 ic->ic_scan.nt_scangen++; 306 /* 307 * In all but hostap mode scanning starts off in 308 * an active mode before switching to passive. 309 */ 310 if (ic->ic_opmode != IEEE80211_M_HOSTAP) { 311 ic->ic_flags |= IEEE80211_F_ASCAN; 312 ic->ic_stats.is_scan_active++; 313 } else 314 ic->ic_stats.is_scan_passive++; 315 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 316 "begin %s scan in %s mode, scangen %u\n", 317 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive", 318 ieee80211_phymode_name[ic->ic_curmode], ic->ic_scan.nt_scangen); 319 /* 320 * Clear scan state and flush any previously seen AP's. 321 */ 322 ieee80211_reset_scan(ic); 323 if (reset) 324 ieee80211_free_allnodes(&ic->ic_scan); 325 326 ic->ic_flags |= IEEE80211_F_SCAN; 327 328 /* Scan the next channel. */ 329 ieee80211_next_scan(ic); 330 } 331 332 /* 333 * Switch to the next channel marked for scanning. 334 */ 335 int 336 ieee80211_next_scan(struct ieee80211com *ic) 337 { 338 struct ieee80211_channel *chan; 339 340 /* 341 * Insure any previous mgt frame timeouts don't fire. 342 * This assumes the driver does the right thing in 343 * flushing anything queued in the driver and below. 344 */ 345 ic->ic_mgt_timer = 0; 346 347 chan = ic->ic_bss->ni_chan; 348 do { 349 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 350 chan = &ic->ic_channels[0]; 351 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 352 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 353 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 354 "%s: chan %d->%d\n", __func__, 355 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan), 356 ieee80211_chan2ieee(ic, chan)); 357 ieee80211_set_chan(ic, ic->ic_bss, chan); 358 #ifdef notyet 359 /* XXX driver state change */ 360 /* 361 * Scan next channel. If doing an active scan 362 * and the channel is not marked passive-only 363 * then send a probe request. Otherwise just 364 * listen for beacons on the channel. 365 */ 366 if ((ic->ic_flags & IEEE80211_F_ASCAN) && 367 (ni->ni_chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0) { 368 IEEE80211_SEND_MGMT(ic, ni, 369 IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0); 370 } 371 #else 372 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 373 #endif 374 return 1; 375 } 376 } while (chan != ic->ic_bss->ni_chan); 377 ieee80211_end_scan(ic); 378 return 0; 379 } 380 381 static __inline void 382 copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 383 { 384 /* propagate useful state */ 385 nbss->ni_authmode = obss->ni_authmode; 386 nbss->ni_txpower = obss->ni_txpower; 387 nbss->ni_vlan = obss->ni_vlan; 388 nbss->ni_rsn = obss->ni_rsn; 389 /* XXX statistics? */ 390 } 391 392 void 393 ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 394 { 395 struct ieee80211_node_table *nt; 396 struct ieee80211_node *ni; 397 398 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 399 "%s: creating ibss\n", __func__); 400 401 /* 402 * Create the station/neighbor table. Note that for adhoc 403 * mode we make the initial inactivity timer longer since 404 * we create nodes only through discovery and they typically 405 * are long-lived associations. 406 */ 407 nt = &ic->ic_sta; 408 IEEE80211_NODE_LOCK(nt); 409 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 410 nt->nt_name = "station"; 411 nt->nt_inact_init = ic->ic_inact_init; 412 } else { 413 nt->nt_name = "neighbor"; 414 nt->nt_inact_init = ic->ic_inact_run; 415 } 416 IEEE80211_NODE_UNLOCK(nt); 417 418 ni = ieee80211_alloc_node(nt, ic->ic_myaddr); 419 if (ni == NULL) { 420 /* XXX recovery? */ 421 return; 422 } 423 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 424 (ic->ic_flags & IEEE80211_F_DESBSSID) != 0) 425 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 426 else 427 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 428 ni->ni_esslen = ic->ic_des_esslen; 429 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 430 copy_bss(ni, ic->ic_bss); 431 ni->ni_intval = ic->ic_lintval; 432 if (ic->ic_flags & IEEE80211_F_PRIVACY) 433 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 434 if (ic->ic_phytype == IEEE80211_T_FH) { 435 ni->ni_fhdwell = 200; /* XXX */ 436 ni->ni_fhindex = 1; 437 } 438 if (ic->ic_opmode == IEEE80211_M_IBSS) { 439 ic->ic_flags |= IEEE80211_F_SIBSS; 440 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 441 if (ic->ic_flags & IEEE80211_F_DESBSSID) 442 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 443 else 444 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 445 } 446 /* 447 * Fix the channel and related attributes. 448 */ 449 ieee80211_set_chan(ic, ni, chan); 450 ic->ic_curmode = ieee80211_chan2mode(ic, chan); 451 /* 452 * Do mode-specific rate setup. 453 */ 454 if (ic->ic_curmode == IEEE80211_MODE_11G) { 455 /* 456 * Use a mixed 11b/11g rate set. 457 */ 458 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11G); 459 } else if (ic->ic_curmode == IEEE80211_MODE_11B) { 460 /* 461 * Force pure 11b rate set. 462 */ 463 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11B); 464 } 465 466 (void) ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 467 } 468 469 void 470 ieee80211_reset_bss(struct ieee80211com *ic) 471 { 472 struct ieee80211_node *ni, *obss; 473 474 ieee80211_node_table_reset(&ic->ic_scan); 475 ieee80211_node_table_reset(&ic->ic_sta); 476 477 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 478 IASSERT(ni != NULL, ("unable to setup inital BSS node")); 479 obss = ic->ic_bss; 480 ic->ic_bss = ieee80211_ref_node(ni); 481 if (obss != NULL) { 482 copy_bss(ni, obss); 483 ni->ni_intval = ic->ic_lintval; 484 ieee80211_free_node(obss); 485 } 486 } 487 488 static int 489 ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 490 { 491 u_int8_t rate; 492 int fail; 493 494 fail = 0; 495 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 496 fail |= 0x01; 497 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 498 ni->ni_chan != ic->ic_des_chan) 499 fail |= 0x01; 500 if (ic->ic_opmode == IEEE80211_M_IBSS) { 501 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 502 fail |= 0x02; 503 } else { 504 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 505 fail |= 0x02; 506 } 507 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 508 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 509 fail |= 0x04; 510 } else { 511 /* XXX does this mean privacy is supported or required? */ 512 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 513 fail |= 0x04; 514 } 515 rate = ieee80211_fix_rate(ic, ni, 516 IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 517 if (rate & IEEE80211_RATE_BASIC) 518 fail |= 0x08; 519 if (ic->ic_des_esslen != 0 && 520 (ni->ni_esslen != ic->ic_des_esslen || 521 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 522 fail |= 0x10; 523 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 524 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 525 fail |= 0x20; 526 #ifdef IEEE80211_DEBUG 527 if (ieee80211_msg_scan(ic)) { 528 printf(" %c %s", fail ? '-' : '+', 529 ether_sprintf(ni->ni_macaddr)); 530 printf(" %s%c", ether_sprintf(ni->ni_bssid), 531 fail & 0x20 ? '!' : ' '); 532 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 533 fail & 0x01 ? '!' : ' '); 534 printf(" %+4d", ni->ni_rssi); 535 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 536 fail & 0x08 ? '!' : ' '); 537 printf(" %4s%c", 538 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 539 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 540 "????", 541 fail & 0x02 ? '!' : ' '); 542 printf(" %3s%c ", 543 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 544 "wep" : "no", 545 fail & 0x04 ? '!' : ' '); 546 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 547 printf("%s\n", fail & 0x10 ? "!" : ""); 548 } 549 #endif 550 return fail; 551 } 552 553 static __inline u_int8_t 554 maxrate(const struct ieee80211_node *ni) 555 { 556 const struct ieee80211_rateset *rs = &ni->ni_rates; 557 /* NB: assumes rate set is sorted (happens on frame receive) */ 558 return rs->rs_rates[rs->rs_nrates-1] & IEEE80211_RATE_VAL; 559 } 560 561 /* 562 * Compare the capabilities of two nodes and decide which is 563 * more desirable (return >0 if a is considered better). Note 564 * that we assume compatibility/usability has already been checked 565 * so we don't need to (e.g. validate whether privacy is supported). 566 * Used to select the best scan candidate for association in a BSS. 567 */ 568 static int 569 ieee80211_node_compare(struct ieee80211com *ic, 570 const struct ieee80211_node *a, 571 const struct ieee80211_node *b) 572 { 573 u_int8_t maxa, maxb; 574 u_int8_t rssia, rssib; 575 576 /* privacy support preferred */ 577 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) && 578 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 579 return 1; 580 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0 && 581 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)) 582 return -1; 583 584 rssia = ic->ic_node_getrssi(a); 585 rssib = ic->ic_node_getrssi(b); 586 if (abs(rssib - rssia) < 5) { 587 /* best/max rate preferred if signal level close enough XXX */ 588 maxa = maxrate(a); 589 maxb = maxrate(b); 590 if (maxa != maxb) 591 return maxa - maxb; 592 /* XXX use freq for channel preference */ 593 /* for now just prefer 5Ghz band to all other bands */ 594 if (IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 595 !IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 596 return 1; 597 if (!IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 598 IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 599 return -1; 600 } 601 /* all things being equal, use signal level */ 602 return rssia - rssib; 603 } 604 605 /* 606 * Mark an ongoing scan stopped. 607 */ 608 void 609 ieee80211_cancel_scan(struct ieee80211com *ic) 610 { 611 612 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "%s: end %s scan\n", 613 __func__, 614 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive"); 615 616 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 617 } 618 619 /* 620 * Complete a scan of potential channels. 621 */ 622 void 623 ieee80211_end_scan(struct ieee80211com *ic) 624 { 625 struct ieee80211_node_table *nt = &ic->ic_scan; 626 struct ieee80211_node *ni, *selbs; 627 628 ieee80211_cancel_scan(ic); 629 ieee80211_notify_scan_done(ic); 630 631 #ifndef IEEE80211_NO_HOSTAP 632 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 633 u_int8_t maxrssi[IEEE80211_CHAN_MAX]; /* XXX off stack? */ 634 int i, bestchan; 635 u_int8_t rssi; 636 637 /* 638 * The passive scan to look for existing AP's completed, 639 * select a channel to camp on. Identify the channels 640 * that already have one or more AP's and try to locate 641 * an unoccupied one. If that fails, pick a channel that 642 * looks to be quietest. 643 */ 644 memset(maxrssi, 0, sizeof(maxrssi)); 645 IEEE80211_NODE_LOCK(nt); 646 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 647 rssi = ic->ic_node_getrssi(ni); 648 i = ieee80211_chan2ieee(ic, ni->ni_chan); 649 if (rssi > maxrssi[i]) 650 maxrssi[i] = rssi; 651 } 652 IEEE80211_NODE_UNLOCK(nt); 653 /* XXX select channel more intelligently */ 654 bestchan = -1; 655 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 656 if (isset(ic->ic_chan_active, i)) { 657 /* 658 * If the channel is unoccupied the max rssi 659 * should be zero; just take it. Otherwise 660 * track the channel with the lowest rssi and 661 * use that when all channels appear occupied. 662 */ 663 if (maxrssi[i] == 0) { 664 bestchan = i; 665 break; 666 } 667 if (bestchan == -1 || 668 maxrssi[i] < maxrssi[bestchan]) 669 bestchan = i; 670 } 671 if (bestchan != -1) { 672 ieee80211_create_ibss(ic, &ic->ic_channels[bestchan]); 673 return; 674 } 675 /* no suitable channel, should not happen */ 676 } 677 #endif /* !IEEE80211_NO_HOSTAP */ 678 679 /* 680 * When manually sequencing the state machine; scan just once 681 * regardless of whether we have a candidate or not. The 682 * controlling application is expected to setup state and 683 * initiate an association. 684 */ 685 if (ic->ic_roaming == IEEE80211_ROAMING_MANUAL) 686 return; 687 /* 688 * Automatic sequencing; look for a candidate and 689 * if found join the network. 690 */ 691 /* NB: unlocked read should be ok */ 692 if (TAILQ_FIRST(&nt->nt_node) == NULL) { 693 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 694 "%s: no scan candidate\n", __func__); 695 notfound: 696 if (ic->ic_opmode == IEEE80211_M_IBSS && 697 (ic->ic_flags & IEEE80211_F_IBSSON) && 698 ic->ic_des_esslen != 0) { 699 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 700 return; 701 } 702 /* 703 * Reset the list of channels to scan and start again. 704 */ 705 ieee80211_reset_scan(ic); 706 ic->ic_flags |= IEEE80211_F_SCAN; 707 ieee80211_next_scan(ic); 708 return; 709 } 710 selbs = NULL; 711 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "\t%s\n", 712 "macaddr bssid chan rssi rate flag wep essid"); 713 IEEE80211_NODE_LOCK(nt); 714 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 715 if (ni->ni_fails) { 716 /* 717 * The configuration of the access points may change 718 * during my scan. So delete the entry for the AP 719 * and retry to associate if there is another beacon. 720 */ 721 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 722 "%s: skip scan candidate %s, fails %u\n", 723 __func__, ether_sprintf(ni->ni_macaddr), 724 ni->ni_fails); 725 ni->ni_fails++; 726 #if 0 727 if (ni->ni_fails++ > 2) 728 ieee80211_free_node(ni); 729 #endif 730 continue; 731 } 732 if (ieee80211_match_bss(ic, ni) == 0) { 733 if (selbs == NULL) 734 selbs = ni; 735 else if (ieee80211_node_compare(ic, ni, selbs) > 0) 736 selbs = ni; 737 } 738 } 739 if (selbs != NULL) /* NB: grab ref while dropping lock */ 740 (void) ieee80211_ref_node(selbs); 741 IEEE80211_NODE_UNLOCK(nt); 742 if (selbs == NULL) 743 goto notfound; 744 if (!ieee80211_sta_join(ic, selbs)) { 745 ieee80211_free_node(selbs); 746 goto notfound; 747 } 748 } 749 750 /* 751 * Handle 802.11 ad hoc network merge. The 752 * convention, set by the Wireless Ethernet Compatibility Alliance 753 * (WECA), is that an 802.11 station will change its BSSID to match 754 * the "oldest" 802.11 ad hoc network, on the same channel, that 755 * has the station's desired SSID. The "oldest" 802.11 network 756 * sends beacons with the greatest TSF timestamp. 757 * 758 * The caller is assumed to validate TSF's before attempting a merge. 759 * 760 * Return !0 if the BSSID changed, 0 otherwise. 761 */ 762 int 763 ieee80211_ibss_merge(struct ieee80211com *ic, struct ieee80211_node *ni) 764 { 765 766 if (ni == ic->ic_bss || 767 IEEE80211_ADDR_EQ(ni->ni_bssid, ic->ic_bss->ni_bssid)) { 768 /* unchanged, nothing to do */ 769 return 0; 770 } 771 if (ieee80211_match_bss(ic, ni) != 0) { /* capabilities mismatch */ 772 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 773 "%s: merge failed, capabilities mismatch\n", __func__); 774 ic->ic_stats.is_ibss_capmismatch++; 775 return 0; 776 } 777 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 778 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 779 ether_sprintf(ni->ni_bssid), 780 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 781 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 782 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 783 ); 784 return ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 785 } 786 787 /* 788 * Join the specified IBSS/BSS network. The node is assumed to 789 * be passed in with a held reference. 790 */ 791 int 792 ieee80211_sta_join(struct ieee80211com *ic, struct ieee80211_node *selbs) 793 { 794 struct ieee80211_node *obss; 795 796 if (ic->ic_opmode == IEEE80211_M_IBSS) { 797 struct ieee80211_node_table *nt; 798 /* 799 * Delete unusable rates; we've already checked 800 * that the negotiated rate set is acceptable. 801 */ 802 ieee80211_fix_rate(ic, selbs, IEEE80211_F_DODEL); 803 /* 804 * Fillin the neighbor table; it will already 805 * exist if we are simply switching mastership. 806 * XXX ic_sta always setup so this is unnecessary? 807 */ 808 nt = &ic->ic_sta; 809 IEEE80211_NODE_LOCK(nt); 810 nt->nt_name = "neighbor"; 811 nt->nt_inact_init = ic->ic_inact_run; 812 IEEE80211_NODE_UNLOCK(nt); 813 } 814 815 /* 816 * Committed to selbs, setup state. 817 */ 818 obss = ic->ic_bss; 819 ic->ic_bss = selbs; /* NB: caller assumed to bump refcnt */ 820 if (obss != NULL) 821 ieee80211_free_node(obss); 822 /* 823 * Set the erp state (mostly the slot time) to deal with 824 * the auto-select case; this should be redundant if the 825 * mode is locked. 826 */ 827 ic->ic_curmode = ieee80211_chan2mode(ic, selbs->ni_chan); 828 ieee80211_reset_erp(ic); 829 ieee80211_wme_initparams(ic); 830 831 if (ic->ic_opmode == IEEE80211_M_STA) 832 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 833 else 834 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 835 return 1; 836 } 837 838 /* 839 * Leave the specified IBSS/BSS network. The node is assumed to 840 * be passed in with a held reference. 841 */ 842 void 843 ieee80211_sta_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 844 { 845 ic->ic_node_cleanup(ni); 846 ieee80211_notify_node_leave(ic, ni); 847 } 848 849 int 850 ieee80211_get_rate(struct ieee80211com *ic) 851 { 852 u_int8_t (*rates)[IEEE80211_RATE_MAXSIZE]; 853 int rate; 854 855 rates = &ic->ic_bss->ni_rates.rs_rates; 856 857 if (ic->ic_fixed_rate != -1) 858 rate = (*rates)[ic->ic_fixed_rate]; 859 else if (ic->ic_state == IEEE80211_S_RUN) 860 rate = (*rates)[ic->ic_bss->ni_txrate]; 861 else 862 rate = 0; 863 864 return rate & IEEE80211_RATE_VAL; 865 } 866 867 static struct ieee80211_node * 868 node_alloc(struct ieee80211_node_table *nt) 869 { 870 struct ieee80211_node *ni; 871 872 MALLOC(ni, struct ieee80211_node *, sizeof(struct ieee80211_node), 873 M_80211_NODE, M_NOWAIT | M_ZERO); 874 return ni; 875 } 876 877 /* 878 * Reclaim any resources in a node and reset any critical 879 * state. Typically nodes are free'd immediately after, 880 * but in some cases the storage may be reused so we need 881 * to insure consistent state (should probably fix that). 882 */ 883 static void 884 node_cleanup(struct ieee80211_node *ni) 885 { 886 #define N(a) (sizeof(a)/sizeof(a[0])) 887 struct ieee80211com *ic = ni->ni_ic; 888 int i, qlen; 889 890 /* NB: preserve ni_table */ 891 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 892 ic->ic_ps_sta--; 893 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 894 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, 895 "[%s] power save mode off, %u sta's in ps mode\n", 896 ether_sprintf(ni->ni_macaddr), ic->ic_ps_sta); 897 } 898 /* 899 * Clear AREF flag that marks the authorization refcnt bump 900 * has happened. This is probably not needed as the node 901 * should always be removed from the table so not found but 902 * do it just in case. 903 */ 904 ni->ni_flags &= ~IEEE80211_NODE_AREF; 905 906 /* 907 * Drain power save queue and, if needed, clear TIM. 908 */ 909 IEEE80211_NODE_SAVEQ_DRAIN(ni, qlen); 910 if (qlen != 0 && ic->ic_set_tim != NULL) 911 ic->ic_set_tim(ic, ni, 0); 912 913 ni->ni_associd = 0; 914 if (ni->ni_challenge != NULL) { 915 FREE(ni->ni_challenge, M_DEVBUF); 916 ni->ni_challenge = NULL; 917 } 918 /* 919 * Preserve SSID, WPA, and WME ie's so the bss node is 920 * reusable during a re-auth/re-assoc state transition. 921 * If we remove these data they will not be recreated 922 * because they come from a probe-response or beacon frame 923 * which cannot be expected prior to the association-response. 924 * This should not be an issue when operating in other modes 925 * as stations leaving always go through a full state transition 926 * which will rebuild this state. 927 * 928 * XXX does this leave us open to inheriting old state? 929 */ 930 for (i = 0; i < N(ni->ni_rxfrag); i++) 931 if (ni->ni_rxfrag[i] != NULL) { 932 m_freem(ni->ni_rxfrag[i]); 933 ni->ni_rxfrag[i] = NULL; 934 } 935 ieee80211_crypto_delkey(ic, &ni->ni_ucastkey); 936 #undef N 937 } 938 939 static void 940 node_free(struct ieee80211_node *ni) 941 { 942 struct ieee80211com *ic = ni->ni_ic; 943 944 ic->ic_node_cleanup(ni); 945 if (ni->ni_wpa_ie != NULL) 946 FREE(ni->ni_wpa_ie, M_DEVBUF); 947 if (ni->ni_wme_ie != NULL) 948 FREE(ni->ni_wme_ie, M_DEVBUF); 949 IEEE80211_NODE_SAVEQ_DESTROY(ni); 950 FREE(ni, M_80211_NODE); 951 } 952 953 static u_int8_t 954 node_getrssi(const struct ieee80211_node *ni) 955 { 956 return ni->ni_rssi; 957 } 958 959 static void 960 ieee80211_setup_node(struct ieee80211_node_table *nt, 961 struct ieee80211_node *ni, const u_int8_t *macaddr) 962 { 963 struct ieee80211com *ic = nt->nt_ic; 964 int hash; 965 966 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 967 "%s %p<%s> in %s table\n", __func__, ni, 968 ether_sprintf(macaddr), nt->nt_name); 969 970 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 971 hash = IEEE80211_NODE_HASH(macaddr); 972 ieee80211_node_initref(ni); /* mark referenced */ 973 ni->ni_chan = IEEE80211_CHAN_ANYC; 974 ni->ni_authmode = IEEE80211_AUTH_OPEN; 975 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 976 ieee80211_crypto_resetkey(ic, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 977 ni->ni_inact_reload = nt->nt_inact_init; 978 ni->ni_inact = ni->ni_inact_reload; 979 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 980 981 IEEE80211_NODE_LOCK(nt); 982 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 983 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 984 ni->ni_table = nt; 985 ni->ni_ic = ic; 986 IEEE80211_NODE_UNLOCK(nt); 987 } 988 989 struct ieee80211_node * 990 ieee80211_alloc_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 991 { 992 struct ieee80211com *ic = nt->nt_ic; 993 struct ieee80211_node *ni; 994 995 ni = ic->ic_node_alloc(nt); 996 if (ni != NULL) 997 ieee80211_setup_node(nt, ni, macaddr); 998 else 999 ic->ic_stats.is_rx_nodealloc++; 1000 return ni; 1001 } 1002 1003 struct ieee80211_node * 1004 ieee80211_dup_bss(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 1005 { 1006 struct ieee80211com *ic = nt->nt_ic; 1007 struct ieee80211_node *ni; 1008 1009 ni = ic->ic_node_alloc(nt); 1010 if (ni != NULL) { 1011 ieee80211_setup_node(nt, ni, macaddr); 1012 /* 1013 * Inherit from ic_bss. 1014 */ 1015 ni->ni_authmode = ic->ic_bss->ni_authmode; 1016 ni->ni_txpower = ic->ic_bss->ni_txpower; 1017 ni->ni_vlan = ic->ic_bss->ni_vlan; /* XXX?? */ 1018 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 1019 ieee80211_set_chan(ic, ni, ic->ic_bss->ni_chan); 1020 ni->ni_rsn = ic->ic_bss->ni_rsn; 1021 } else 1022 ic->ic_stats.is_rx_nodealloc++; 1023 return ni; 1024 } 1025 1026 static struct ieee80211_node * 1027 #ifdef IEEE80211_DEBUG_REFCNT 1028 _ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1029 const u_int8_t *macaddr, const char *func, int line) 1030 #else 1031 _ieee80211_find_node(struct ieee80211_node_table *nt, 1032 const u_int8_t *macaddr) 1033 #endif 1034 { 1035 struct ieee80211_node *ni; 1036 int hash; 1037 1038 IEEE80211_NODE_LOCK_ASSERT(nt); 1039 1040 hash = IEEE80211_NODE_HASH(macaddr); 1041 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1042 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1043 ieee80211_ref_node(ni); /* mark referenced */ 1044 #ifdef IEEE80211_DEBUG_REFCNT 1045 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1046 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1047 func, line, 1048 ni, ether_sprintf(ni->ni_macaddr), 1049 ieee80211_node_refcnt(ni)); 1050 #endif 1051 return ni; 1052 } 1053 } 1054 return NULL; 1055 } 1056 #ifdef IEEE80211_DEBUG_REFCNT 1057 #define _ieee80211_find_node(nt, mac) \ 1058 _ieee80211_find_node_debug(nt, mac, func, line) 1059 #endif 1060 1061 struct ieee80211_node * 1062 #ifdef IEEE80211_DEBUG_REFCNT 1063 ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1064 const u_int8_t *macaddr, const char *func, int line) 1065 #else 1066 ieee80211_find_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 1067 #endif 1068 { 1069 struct ieee80211_node *ni; 1070 1071 IEEE80211_NODE_LOCK(nt); 1072 ni = _ieee80211_find_node(nt, macaddr); 1073 IEEE80211_NODE_UNLOCK(nt); 1074 return ni; 1075 } 1076 1077 /* 1078 * Fake up a node; this handles node discovery in adhoc mode. 1079 * Note that for the driver's benefit we we treat this like 1080 * an association so the driver has an opportunity to setup 1081 * it's private state. 1082 */ 1083 struct ieee80211_node * 1084 ieee80211_fakeup_adhoc_node(struct ieee80211_node_table *nt, 1085 const u_int8_t macaddr[IEEE80211_ADDR_LEN]) 1086 { 1087 struct ieee80211com *ic = nt->nt_ic; 1088 struct ieee80211_node *ni; 1089 1090 ni = ieee80211_dup_bss(nt, macaddr); 1091 if (ni != NULL) { 1092 /* XXX no rate negotiation; just dup */ 1093 ni->ni_rates = ic->ic_bss->ni_rates; 1094 if (ic->ic_newassoc != NULL) 1095 ic->ic_newassoc(ic, ni, 1); 1096 /* XXX not right for 802.1x/WPA */ 1097 ieee80211_node_authorize(ic, ni); 1098 } 1099 return ni; 1100 } 1101 1102 /* 1103 * Locate the node for sender, track state, and then pass the 1104 * (referenced) node up to the 802.11 layer for its use. We 1105 * are required to pass some node so we fall back to ic_bss 1106 * when this frame is from an unknown sender. The 802.11 layer 1107 * knows this means the sender wasn't in the node table and 1108 * acts accordingly. 1109 */ 1110 struct ieee80211_node * 1111 #ifdef IEEE80211_DEBUG_REFCNT 1112 ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1113 const struct ieee80211_frame_min *wh, const char *func, int line) 1114 #else 1115 ieee80211_find_rxnode(struct ieee80211com *ic, 1116 const struct ieee80211_frame_min *wh) 1117 #endif 1118 { 1119 #define IS_CTL(wh) \ 1120 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1121 #define IS_PSPOLL(wh) \ 1122 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1123 struct ieee80211_node_table *nt; 1124 struct ieee80211_node *ni; 1125 1126 /* XXX may want scanned nodes in the neighbor table for adhoc */ 1127 if (ic->ic_opmode == IEEE80211_M_STA || 1128 ic->ic_opmode == IEEE80211_M_MONITOR || 1129 (ic->ic_flags & IEEE80211_F_SCAN)) 1130 nt = &ic->ic_scan; 1131 else 1132 nt = &ic->ic_sta; 1133 /* XXX check ic_bss first in station mode */ 1134 /* XXX 4-address frames? */ 1135 IEEE80211_NODE_LOCK(nt); 1136 if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/) 1137 ni = _ieee80211_find_node(nt, wh->i_addr1); 1138 else 1139 ni = _ieee80211_find_node(nt, wh->i_addr2); 1140 IEEE80211_NODE_UNLOCK(nt); 1141 1142 return (ni != NULL ? ni : ieee80211_ref_node(ic->ic_bss)); 1143 #undef IS_PSPOLL 1144 #undef IS_CTL 1145 } 1146 1147 /* 1148 * Return a reference to the appropriate node for sending 1149 * a data frame. This handles node discovery in adhoc networks. 1150 */ 1151 struct ieee80211_node * 1152 #ifdef IEEE80211_DEBUG_REFCNT 1153 ieee80211_find_txnode_debug(struct ieee80211com *ic, const u_int8_t *macaddr, 1154 const char *func, int line) 1155 #else 1156 ieee80211_find_txnode(struct ieee80211com *ic, const u_int8_t *macaddr) 1157 #endif 1158 { 1159 struct ieee80211_node_table *nt = &ic->ic_sta; 1160 struct ieee80211_node *ni; 1161 1162 /* 1163 * The destination address should be in the node table 1164 * unless we are operating in station mode or this is a 1165 * multicast/broadcast frame. 1166 */ 1167 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 1168 return ieee80211_ref_node(ic->ic_bss); 1169 1170 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1171 IEEE80211_NODE_LOCK(nt); 1172 ni = _ieee80211_find_node(nt, macaddr); 1173 IEEE80211_NODE_UNLOCK(nt); 1174 1175 if (ni == NULL) { 1176 if (ic->ic_opmode == IEEE80211_M_IBSS || 1177 ic->ic_opmode == IEEE80211_M_AHDEMO) { 1178 /* 1179 * In adhoc mode cons up a node for the destination. 1180 * Note that we need an additional reference for the 1181 * caller to be consistent with _ieee80211_find_node. 1182 */ 1183 ni = ieee80211_fakeup_adhoc_node(nt, macaddr); 1184 if (ni != NULL) 1185 (void) ieee80211_ref_node(ni); 1186 } else { 1187 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, 1188 "[%s] no node, discard frame (%s)\n", 1189 ether_sprintf(macaddr), __func__); 1190 ic->ic_stats.is_tx_nonode++; 1191 } 1192 } 1193 return ni; 1194 } 1195 1196 /* 1197 * Like find but search based on the channel too. 1198 */ 1199 struct ieee80211_node * 1200 #ifdef IEEE80211_DEBUG_REFCNT 1201 ieee80211_find_node_with_channel_debug(struct ieee80211_node_table *nt, 1202 const u_int8_t *macaddr, struct ieee80211_channel *chan, 1203 const char *func, int line) 1204 #else 1205 ieee80211_find_node_with_channel(struct ieee80211_node_table *nt, 1206 const u_int8_t *macaddr, struct ieee80211_channel *chan) 1207 #endif 1208 { 1209 struct ieee80211_node *ni; 1210 int hash; 1211 1212 hash = IEEE80211_NODE_HASH(macaddr); 1213 IEEE80211_NODE_LOCK(nt); 1214 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1215 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1216 ni->ni_chan == chan) { 1217 ieee80211_ref_node(ni); /* mark referenced */ 1218 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1219 #ifdef IEEE80211_DEBUG_REFCNT 1220 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1221 func, line, 1222 #else 1223 "%s %p<%s> refcnt %d\n", __func__, 1224 #endif 1225 ni, ether_sprintf(ni->ni_macaddr), 1226 ieee80211_node_refcnt(ni)); 1227 break; 1228 } 1229 } 1230 IEEE80211_NODE_UNLOCK(nt); 1231 return ni; 1232 } 1233 1234 struct ieee80211_node * 1235 ieee80211_refine_node_for_beacon(struct ieee80211com *ic, 1236 struct ieee80211_node *ni0, struct ieee80211_channel *chan, 1237 const u_int8_t *ssid) 1238 { 1239 struct ieee80211_node_table *nt = ni0->ni_table; 1240 struct ieee80211_node *best, *ni; 1241 int best_score = 0, score; 1242 1243 if (nt == NULL) 1244 return ni0; 1245 1246 best = ni0; 1247 if (ssid[1] == 0 || best->ni_esslen == 0) 1248 best_score = 1; 1249 else if (ssid[1] == best->ni_esslen && 1250 memcmp(ssid + 2, best->ni_essid, ssid[1]) == 0) 1251 best_score = 2; 1252 else 1253 best_score = 0; 1254 1255 IEEE80211_NODE_LOCK(nt); 1256 for (ni = LIST_NEXT(ni0, ni_hash); ni != NULL; 1257 ni = LIST_NEXT(ni, ni_hash)) { 1258 if (!IEEE80211_ADDR_EQ(ni->ni_macaddr, best->ni_macaddr) || 1259 ni->ni_ic != best->ni_ic || ni->ni_chan != chan) 1260 continue; 1261 1262 if (ssid[1] == 0 || ni->ni_esslen == 0) 1263 score = 1; 1264 else if (ssid[1] == ni->ni_esslen && 1265 memcmp(ssid + 2, ni->ni_essid, ssid[1]) == 0) 1266 score = 2; 1267 else 1268 continue; 1269 1270 if (score > best_score) { 1271 best = ni; 1272 best_score = score; 1273 } 1274 } 1275 IEEE80211_NODE_UNLOCK(nt); 1276 return best; 1277 } 1278 1279 /* 1280 * Like find but search based on the ssid too. 1281 */ 1282 struct ieee80211_node * 1283 #ifdef IEEE80211_DEBUG_REFCNT 1284 ieee80211_find_node_with_ssid_debug(struct ieee80211_node_table *nt, 1285 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid, 1286 const char *func, int line) 1287 #else 1288 ieee80211_find_node_with_ssid(struct ieee80211_node_table *nt, 1289 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid) 1290 #endif 1291 { 1292 #define MATCH_SSID(ni, ssid, ssidlen) \ 1293 (ni->ni_esslen == ssidlen && memcmp(ni->ni_essid, ssid, ssidlen) == 0) 1294 static const u_int8_t zeromac[IEEE80211_ADDR_LEN]; 1295 struct ieee80211com *ic = nt->nt_ic; 1296 struct ieee80211_node *ni; 1297 int hash; 1298 1299 IEEE80211_NODE_LOCK(nt); 1300 /* 1301 * A mac address that is all zero means match only the ssid; 1302 * otherwise we must match both. 1303 */ 1304 if (IEEE80211_ADDR_EQ(macaddr, zeromac)) { 1305 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1306 if (MATCH_SSID(ni, ssid, ssidlen)) 1307 break; 1308 } 1309 } else { 1310 hash = IEEE80211_NODE_HASH(macaddr); 1311 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1312 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1313 MATCH_SSID(ni, ssid, ssidlen)) 1314 break; 1315 } 1316 } 1317 if (ni != NULL) { 1318 ieee80211_ref_node(ni); /* mark referenced */ 1319 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1320 #ifdef IEEE80211_DEBUG_REFCNT 1321 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1322 func, line, 1323 #else 1324 "%s %p<%s> refcnt %d\n", __func__, 1325 #endif 1326 ni, ether_sprintf(ni->ni_macaddr), 1327 ieee80211_node_refcnt(ni)); 1328 } 1329 IEEE80211_NODE_UNLOCK(nt); 1330 return ni; 1331 #undef MATCH_SSID 1332 } 1333 1334 static void 1335 _ieee80211_free_node(struct ieee80211_node *ni) 1336 { 1337 struct ieee80211com *ic = ni->ni_ic; 1338 struct ieee80211_node_table *nt = ni->ni_table; 1339 1340 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1341 "%s %p<%s> in %s table\n", __func__, ni, 1342 ether_sprintf(ni->ni_macaddr), 1343 nt != NULL ? nt->nt_name : "<gone>"); 1344 1345 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1346 if (nt != NULL) { 1347 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1348 LIST_REMOVE(ni, ni_hash); 1349 } 1350 ic->ic_node_free(ni); 1351 } 1352 1353 void 1354 #ifdef IEEE80211_DEBUG_REFCNT 1355 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1356 #else 1357 ieee80211_free_node(struct ieee80211_node *ni) 1358 #endif 1359 { 1360 struct ieee80211_node_table *nt = ni->ni_table; 1361 1362 #ifdef IEEE80211_DEBUG_REFCNT 1363 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1364 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1365 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1366 #endif 1367 if (ieee80211_node_dectestref(ni)) { 1368 /* 1369 * Beware; if the node is marked gone then it's already 1370 * been removed from the table and we cannot assume the 1371 * table still exists. Regardless, there's no need to lock 1372 * the table. 1373 */ 1374 if (ni->ni_table != NULL) { 1375 IEEE80211_NODE_LOCK(nt); 1376 _ieee80211_free_node(ni); 1377 IEEE80211_NODE_UNLOCK(nt); 1378 } else 1379 _ieee80211_free_node(ni); 1380 } 1381 } 1382 1383 /* 1384 * Reclaim a node. If this is the last reference count then 1385 * do the normal free work. Otherwise remove it from the node 1386 * table and mark it gone by clearing the back-reference. 1387 */ 1388 static void 1389 node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1390 { 1391 1392 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1393 "%s: remove %p<%s> from %s table, refcnt %d\n", 1394 __func__, ni, ether_sprintf(ni->ni_macaddr), 1395 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1396 if (!ieee80211_node_dectestref(ni)) { 1397 /* 1398 * Other references are present, just remove the 1399 * node from the table so it cannot be found. When 1400 * the references are dropped storage will be 1401 * reclaimed. 1402 */ 1403 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1404 LIST_REMOVE(ni, ni_hash); 1405 ni->ni_table = NULL; /* clear reference */ 1406 } else 1407 _ieee80211_free_node(ni); 1408 } 1409 1410 static void 1411 ieee80211_free_allnodes_locked(struct ieee80211_node_table *nt) 1412 { 1413 struct ieee80211com *ic = nt->nt_ic; 1414 struct ieee80211_node *ni; 1415 1416 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1417 "%s: free all nodes in %s table\n", __func__, nt->nt_name); 1418 1419 while ((ni = TAILQ_FIRST(&nt->nt_node)) != NULL) { 1420 if (ni->ni_associd != 0) { 1421 if (ic->ic_auth->ia_node_leave != NULL) 1422 ic->ic_auth->ia_node_leave(ic, ni); 1423 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1424 } 1425 node_reclaim(nt, ni); 1426 } 1427 ieee80211_reset_erp(ic); 1428 } 1429 1430 static void 1431 ieee80211_free_allnodes(struct ieee80211_node_table *nt) 1432 { 1433 1434 IEEE80211_NODE_LOCK(nt); 1435 ieee80211_free_allnodes_locked(nt); 1436 IEEE80211_NODE_UNLOCK(nt); 1437 } 1438 1439 /* 1440 * Timeout entries in the scan cache. 1441 */ 1442 static void 1443 ieee80211_timeout_scan_candidates(struct ieee80211_node_table *nt) 1444 { 1445 struct ieee80211com *ic = nt->nt_ic; 1446 struct ieee80211_node *ni, *tni; 1447 1448 IEEE80211_NODE_LOCK(nt); 1449 ni = ic->ic_bss; 1450 /* XXX belongs elsewhere */ 1451 if (ni->ni_rxfrag[0] != NULL && ticks > ni->ni_rxfragstamp + hz) { 1452 m_freem(ni->ni_rxfrag[0]); 1453 ni->ni_rxfrag[0] = NULL; 1454 } 1455 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, tni) { 1456 if (ni->ni_inact && --ni->ni_inact == 0) { 1457 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1458 "[%s] scan candidate purged from cache " 1459 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1460 ieee80211_node_refcnt(ni)); 1461 node_reclaim(nt, ni); 1462 } 1463 } 1464 IEEE80211_NODE_UNLOCK(nt); 1465 1466 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1467 } 1468 1469 /* 1470 * Timeout inactive stations and do related housekeeping. 1471 * Note that we cannot hold the node lock while sending a 1472 * frame as this would lead to a LOR. Instead we use a 1473 * generation number to mark nodes that we've scanned and 1474 * drop the lock and restart a scan if we have to time out 1475 * a node. Since we are single-threaded by virtue of 1476 * controlling the inactivity timer we can be sure this will 1477 * process each node only once. 1478 */ 1479 static void 1480 ieee80211_timeout_stations(struct ieee80211_node_table *nt) 1481 { 1482 struct ieee80211com *ic = nt->nt_ic; 1483 struct ieee80211_node *ni; 1484 u_int gen; 1485 1486 IEEE80211_SCAN_LOCK(nt); 1487 gen = nt->nt_scangen++; 1488 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1489 "%s: %s scangen %u\n", __func__, nt->nt_name, gen); 1490 restart: 1491 IEEE80211_NODE_LOCK(nt); 1492 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1493 if (ni->ni_scangen == gen) /* previously handled */ 1494 continue; 1495 ni->ni_scangen = gen; 1496 /* 1497 * Ignore entries for which have yet to receive an 1498 * authentication frame. These are transient and 1499 * will be reclaimed when the last reference to them 1500 * goes away (when frame xmits complete). 1501 */ 1502 if ((ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1503 continue; 1504 /* 1505 * Free fragment if not needed anymore 1506 * (last fragment older than 1s). 1507 * XXX doesn't belong here 1508 */ 1509 if (ni->ni_rxfrag[0] != NULL && 1510 ticks > ni->ni_rxfragstamp + hz) { 1511 m_freem(ni->ni_rxfrag[0]); 1512 ni->ni_rxfrag[0] = NULL; 1513 } 1514 /* 1515 * Special case ourself; we may be idle for extended periods 1516 * of time and regardless reclaiming our state is wrong. 1517 */ 1518 if (ni == ic->ic_bss) 1519 continue; 1520 ni->ni_inact--; 1521 if (ni->ni_associd != 0) { 1522 /* 1523 * Age frames on the power save queue. The 1524 * aging interval is 4 times the listen 1525 * interval specified by the station. This 1526 * number is factored into the age calculations 1527 * when the frame is placed on the queue. We 1528 * store ages as time differences we can check 1529 * and/or adjust only the head of the list. 1530 */ 1531 if (IEEE80211_NODE_SAVEQ_QLEN(ni) != 0) { 1532 struct mbuf *m; 1533 int discard = 0; 1534 1535 IEEE80211_NODE_SAVEQ_LOCK(ni); 1536 while (IF_POLL(&ni->ni_savedq, m) != NULL && 1537 M_AGE_GET(m) < IEEE80211_INACT_WAIT) { 1538 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, "[%s] discard frame, age %u\n", ether_sprintf(ni->ni_macaddr), M_AGE_GET(m));/*XXX*/ 1539 _IEEE80211_NODE_SAVEQ_DEQUEUE_HEAD(ni, m); 1540 m_freem(m); 1541 discard++; 1542 } 1543 if (m != NULL) 1544 M_AGE_SUB(m, IEEE80211_INACT_WAIT); 1545 IEEE80211_NODE_SAVEQ_UNLOCK(ni); 1546 1547 if (discard != 0) { 1548 IEEE80211_DPRINTF(ic, 1549 IEEE80211_MSG_POWER, 1550 "[%s] discard %u frames for age\n", 1551 ether_sprintf(ni->ni_macaddr), 1552 discard); 1553 IEEE80211_NODE_STAT_ADD(ni, 1554 ps_discard, discard); 1555 if (IEEE80211_NODE_SAVEQ_QLEN(ni) == 0) 1556 ic->ic_set_tim(ic, ni, 0); 1557 } 1558 } 1559 /* 1560 * Probe the station before time it out. We 1561 * send a null data frame which may not be 1562 * universally supported by drivers (need it 1563 * for ps-poll support so it should be...). 1564 */ 1565 if (0 < ni->ni_inact && 1566 ni->ni_inact <= ic->ic_inact_probe) { 1567 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1568 "[%s] probe station due to inactivity\n", 1569 ether_sprintf(ni->ni_macaddr)); 1570 IEEE80211_NODE_UNLOCK(nt); 1571 ieee80211_send_nulldata(ic, ni); 1572 /* XXX stat? */ 1573 goto restart; 1574 } 1575 } 1576 if (ni->ni_inact <= 0) { 1577 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1578 "[%s] station timed out due to inactivity " 1579 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1580 ieee80211_node_refcnt(ni)); 1581 /* 1582 * Send a deauthenticate frame and drop the station. 1583 * This is somewhat complicated due to reference counts 1584 * and locking. At this point a station will typically 1585 * have a reference count of 1. ieee80211_node_leave 1586 * will do a "free" of the node which will drop the 1587 * reference count. But in the meantime a reference 1588 * wil be held by the deauth frame. The actual reclaim 1589 * of the node will happen either after the tx is 1590 * completed or by ieee80211_node_leave. 1591 * 1592 * Separately we must drop the node lock before sending 1593 * in case the driver takes a lock, as this will result 1594 * in LOR between the node lock and the driver lock. 1595 */ 1596 IEEE80211_NODE_UNLOCK(nt); 1597 if (ni->ni_associd != 0) { 1598 IEEE80211_SEND_MGMT(ic, ni, 1599 IEEE80211_FC0_SUBTYPE_DEAUTH, 1600 IEEE80211_REASON_AUTH_EXPIRE); 1601 } 1602 ieee80211_node_leave(ic, ni); 1603 ic->ic_stats.is_node_timeout++; 1604 goto restart; 1605 } 1606 } 1607 IEEE80211_NODE_UNLOCK(nt); 1608 1609 IEEE80211_SCAN_UNLOCK(nt); 1610 1611 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1612 } 1613 1614 void 1615 ieee80211_iterate_nodes(struct ieee80211_node_table *nt, ieee80211_iter_func *f, void *arg) 1616 { 1617 struct ieee80211_node *ni; 1618 u_int gen; 1619 1620 IEEE80211_SCAN_LOCK(nt); 1621 gen = nt->nt_scangen++; 1622 restart: 1623 IEEE80211_NODE_LOCK(nt); 1624 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1625 if (ni->ni_scangen != gen) { 1626 ni->ni_scangen = gen; 1627 (void) ieee80211_ref_node(ni); 1628 IEEE80211_NODE_UNLOCK(nt); 1629 (*f)(arg, ni); 1630 ieee80211_free_node(ni); 1631 goto restart; 1632 } 1633 } 1634 IEEE80211_NODE_UNLOCK(nt); 1635 1636 IEEE80211_SCAN_UNLOCK(nt); 1637 } 1638 1639 void 1640 ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1641 { 1642 printf("0x%p: mac %s refcnt %d\n", ni, 1643 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 1644 printf("\tscangen %u authmode %u flags 0x%x\n", 1645 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 1646 printf("\tassocid 0x%x txpower %u vlan %u\n", 1647 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 1648 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 1649 ni->ni_txseqs[0], 1650 ni->ni_rxseqs[0] >> IEEE80211_SEQ_SEQ_SHIFT, 1651 ni->ni_rxseqs[0] & IEEE80211_SEQ_FRAG_MASK, 1652 ni->ni_rxfragstamp); 1653 printf("\trstamp %u rssi %u intval %u capinfo 0x%x\n", 1654 ni->ni_rstamp, ni->ni_rssi, ni->ni_intval, ni->ni_capinfo); 1655 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 1656 ether_sprintf(ni->ni_bssid), 1657 ni->ni_esslen, ni->ni_essid, 1658 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 1659 printf("\tfails %u inact %u txrate %u\n", 1660 ni->ni_fails, ni->ni_inact, ni->ni_txrate); 1661 } 1662 1663 void 1664 ieee80211_dump_nodes(struct ieee80211_node_table *nt) 1665 { 1666 ieee80211_iterate_nodes(nt, 1667 (ieee80211_iter_func *) ieee80211_dump_node, nt); 1668 } 1669 1670 /* 1671 * Handle a station joining an 11g network. 1672 */ 1673 static void 1674 ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1675 { 1676 1677 /* 1678 * Station isn't capable of short slot time. Bump 1679 * the count of long slot time stations and disable 1680 * use of short slot time. Note that the actual switch 1681 * over to long slot time use may not occur until the 1682 * next beacon transmission (per sec. 7.3.1.4 of 11g). 1683 */ 1684 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 1685 ic->ic_longslotsta++; 1686 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1687 "[%s] station needs long slot time, count %d\n", 1688 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 1689 /* XXX vap's w/ conflicting needs won't work */ 1690 ieee80211_set_shortslottime(ic, 0); 1691 } 1692 /* 1693 * If the new station is not an ERP station 1694 * then bump the counter and enable protection 1695 * if configured. 1696 */ 1697 if (!ieee80211_iserp_rateset(ic, &ni->ni_rates)) { 1698 ic->ic_nonerpsta++; 1699 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1700 "[%s] station is !ERP, %d non-ERP stations associated\n", 1701 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 1702 /* 1703 * If protection is configured, enable it. 1704 */ 1705 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 1706 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1707 "%s: enable use of protection\n", __func__); 1708 ic->ic_flags |= IEEE80211_F_USEPROT; 1709 } 1710 /* 1711 * If station does not support short preamble 1712 * then we must enable use of Barker preamble. 1713 */ 1714 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 1715 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1716 "[%s] station needs long preamble\n", 1717 ether_sprintf(ni->ni_macaddr)); 1718 ic->ic_flags |= IEEE80211_F_USEBARKER; 1719 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 1720 } 1721 } else 1722 ni->ni_flags |= IEEE80211_NODE_ERP; 1723 } 1724 1725 void 1726 ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, int resp) 1727 { 1728 int newassoc; 1729 1730 if (ni->ni_associd == 0) { 1731 u_int16_t aid; 1732 1733 /* 1734 * It would be good to search the bitmap 1735 * more efficiently, but this will do for now. 1736 */ 1737 for (aid = 1; aid < ic->ic_max_aid; aid++) { 1738 if (!IEEE80211_AID_ISSET(aid, 1739 ic->ic_aid_bitmap)) 1740 break; 1741 } 1742 if (aid >= ic->ic_max_aid) { 1743 IEEE80211_SEND_MGMT(ic, ni, resp, 1744 IEEE80211_REASON_ASSOC_TOOMANY); 1745 ieee80211_node_leave(ic, ni); 1746 return; 1747 } 1748 ni->ni_associd = aid | 0xc000; 1749 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 1750 ic->ic_sta_assoc++; 1751 newassoc = 1; 1752 if (ic->ic_curmode == IEEE80211_MODE_11G || 1753 ic->ic_curmode == IEEE80211_MODE_TURBO_G) 1754 ieee80211_node_join_11g(ic, ni); 1755 } else 1756 newassoc = 0; 1757 1758 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 1759 "[%s] station %sassociated at aid %d: %s preamble, %s slot time%s%s\n", 1760 ether_sprintf(ni->ni_macaddr), newassoc ? "" : "re", 1761 IEEE80211_NODE_AID(ni), 1762 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 1763 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 1764 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 1765 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "" 1766 ); 1767 1768 /* give driver a chance to setup state like ni_txrate */ 1769 if (ic->ic_newassoc != NULL) 1770 ic->ic_newassoc(ic, ni, newassoc); 1771 ni->ni_inact_reload = ic->ic_inact_auth; 1772 ni->ni_inact = ni->ni_inact_reload; 1773 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 1774 /* tell the authenticator about new station */ 1775 if (ic->ic_auth->ia_node_join != NULL) 1776 ic->ic_auth->ia_node_join(ic, ni); 1777 ieee80211_notify_node_join(ic, ni, newassoc); 1778 } 1779 1780 /* 1781 * Handle a station leaving an 11g network. 1782 */ 1783 static void 1784 ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1785 { 1786 1787 IASSERT(ic->ic_curmode == IEEE80211_MODE_11G || 1788 ic->ic_curmode == IEEE80211_MODE_TURBO_G, 1789 ("not in 11g, curmode %x", ic->ic_curmode)); 1790 1791 /* 1792 * If a long slot station do the slot time bookkeeping. 1793 */ 1794 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 1795 IASSERT(ic->ic_longslotsta > 0, 1796 ("bogus long slot station count %d", ic->ic_longslotsta)); 1797 ic->ic_longslotsta--; 1798 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1799 "[%s] long slot time station leaves, count now %d\n", 1800 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 1801 if (ic->ic_longslotsta == 0) { 1802 /* 1803 * Re-enable use of short slot time if supported 1804 * and not operating in IBSS mode (per spec). 1805 */ 1806 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 1807 ic->ic_opmode != IEEE80211_M_IBSS) { 1808 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1809 "%s: re-enable use of short slot time\n", 1810 __func__); 1811 ieee80211_set_shortslottime(ic, 1); 1812 } 1813 } 1814 } 1815 /* 1816 * If a non-ERP station do the protection-related bookkeeping. 1817 */ 1818 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 1819 IASSERT(ic->ic_nonerpsta > 0, 1820 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 1821 ic->ic_nonerpsta--; 1822 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1823 "[%s] non-ERP station leaves, count now %d\n", 1824 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 1825 if (ic->ic_nonerpsta == 0) { 1826 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1827 "%s: disable use of protection\n", __func__); 1828 ic->ic_flags &= ~IEEE80211_F_USEPROT; 1829 /* XXX verify mode? */ 1830 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 1831 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1832 "%s: re-enable use of short preamble\n", 1833 __func__); 1834 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 1835 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 1836 } 1837 } 1838 } 1839 } 1840 1841 /* 1842 * Handle bookkeeping for station deauthentication/disassociation 1843 * when operating as an ap. 1844 */ 1845 void 1846 ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 1847 { 1848 struct ieee80211_node_table *nt = ni->ni_table; 1849 1850 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 1851 "[%s] station with aid %d leaves\n", 1852 ether_sprintf(ni->ni_macaddr), IEEE80211_NODE_AID(ni)); 1853 1854 IASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 1855 ic->ic_opmode == IEEE80211_M_IBSS || 1856 ic->ic_opmode == IEEE80211_M_AHDEMO, 1857 ("unexpected operating mode %u", ic->ic_opmode)); 1858 /* 1859 * If node wasn't previously associated all 1860 * we need to do is reclaim the reference. 1861 */ 1862 /* XXX ibss mode bypasses 11g and notification */ 1863 if (ni->ni_associd == 0) 1864 goto done; 1865 /* 1866 * Tell the authenticator the station is leaving. 1867 * Note that we must do this before yanking the 1868 * association id as the authenticator uses the 1869 * associd to locate it's state block. 1870 */ 1871 if (ic->ic_auth->ia_node_leave != NULL) 1872 ic->ic_auth->ia_node_leave(ic, ni); 1873 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1874 ni->ni_associd = 0; 1875 ic->ic_sta_assoc--; 1876 1877 if (ic->ic_curmode == IEEE80211_MODE_11G || 1878 ic->ic_curmode == IEEE80211_MODE_TURBO_G) 1879 ieee80211_node_leave_11g(ic, ni); 1880 /* 1881 * Cleanup station state. In particular clear various 1882 * state that might otherwise be reused if the node 1883 * is reused before the reference count goes to zero 1884 * (and memory is reclaimed). 1885 */ 1886 ieee80211_sta_leave(ic, ni); 1887 done: 1888 /* 1889 * Remove the node from any table it's recorded in and 1890 * drop the caller's reference. Removal from the table 1891 * is important to insure the node is not reprocessed 1892 * for inactivity. 1893 */ 1894 if (nt != NULL) { 1895 IEEE80211_NODE_LOCK(nt); 1896 node_reclaim(nt, ni); 1897 IEEE80211_NODE_UNLOCK(nt); 1898 } else 1899 ieee80211_free_node(ni); 1900 } 1901 1902 u_int8_t 1903 ieee80211_getrssi(struct ieee80211com *ic) 1904 { 1905 #define NZ(x) ((x) == 0 ? 1 : (x)) 1906 struct ieee80211_node_table *nt = &ic->ic_sta; 1907 u_int32_t rssi_samples, rssi_total; 1908 struct ieee80211_node *ni; 1909 1910 rssi_total = 0; 1911 rssi_samples = 0; 1912 switch (ic->ic_opmode) { 1913 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 1914 /* XXX locking */ 1915 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 1916 if (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) { 1917 rssi_samples++; 1918 rssi_total += ic->ic_node_getrssi(ni); 1919 } 1920 break; 1921 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 1922 /* XXX locking */ 1923 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1924 rssi_samples++; 1925 rssi_total += ic->ic_node_getrssi(ni); 1926 } 1927 break; 1928 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 1929 #ifndef IEEE80211_NO_HOSTAP 1930 /* XXX locking */ 1931 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 1932 if (IEEE80211_AID(ni->ni_associd) != 0) { 1933 rssi_samples++; 1934 rssi_total += ic->ic_node_getrssi(ni); 1935 } 1936 #endif /* !IEEE80211_NO_HOSTAP */ 1937 break; 1938 case IEEE80211_M_MONITOR: /* XXX */ 1939 case IEEE80211_M_STA: /* use stats from associated ap */ 1940 default: 1941 if (ic->ic_bss != NULL) 1942 rssi_total = ic->ic_node_getrssi(ic->ic_bss); 1943 rssi_samples = 1; 1944 break; 1945 } 1946 return rssi_total / NZ(rssi_samples); 1947 #undef NZ 1948 } 1949 1950 /* 1951 * Indicate whether there are frames queued for a station in power-save mode. 1952 */ 1953 static void 1954 ieee80211_set_tim(struct ieee80211com *ic, struct ieee80211_node *ni, int set) 1955 { 1956 u_int16_t aid; 1957 1958 IASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 1959 ic->ic_opmode == IEEE80211_M_IBSS, 1960 ("operating mode %u", ic->ic_opmode)); 1961 1962 aid = IEEE80211_AID(ni->ni_associd); 1963 IASSERT(aid < ic->ic_max_aid, 1964 ("bogus aid %u, max %u", aid, ic->ic_max_aid)); 1965 1966 IEEE80211_BEACON_LOCK(ic); 1967 if (set != (isset(ic->ic_tim_bitmap, aid) != 0)) { 1968 if (set) { 1969 setbit(ic->ic_tim_bitmap, aid); 1970 ic->ic_ps_pending++; 1971 } else { 1972 clrbit(ic->ic_tim_bitmap, aid); 1973 ic->ic_ps_pending--; 1974 } 1975 ic->ic_flags |= IEEE80211_F_TIMUPDATE; 1976 } 1977 IEEE80211_BEACON_UNLOCK(ic); 1978 } 1979 1980 /* 1981 * Node table support. 1982 */ 1983 1984 static void 1985 ieee80211_node_table_init(struct ieee80211com *ic, 1986 struct ieee80211_node_table *nt, 1987 const char *name, int inact, 1988 void (*timeout)(struct ieee80211_node_table *)) 1989 { 1990 1991 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1992 "%s %s table, inact %u\n", __func__, name, inact); 1993 1994 nt->nt_ic = ic; 1995 /* XXX need unit */ 1996 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_ifp->if_xname); 1997 IEEE80211_SCAN_LOCK_INIT(nt, ic->ic_ifp->if_xname); 1998 TAILQ_INIT(&nt->nt_node); 1999 nt->nt_name = name; 2000 nt->nt_scangen = 1; 2001 nt->nt_inact_init = inact; 2002 nt->nt_timeout = timeout; 2003 } 2004 2005 void 2006 ieee80211_node_table_reset(struct ieee80211_node_table *nt) 2007 { 2008 2009 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 2010 "%s %s table\n", __func__, nt->nt_name); 2011 2012 IEEE80211_NODE_LOCK(nt); 2013 nt->nt_inact_timer = 0; 2014 ieee80211_free_allnodes_locked(nt); 2015 IEEE80211_NODE_UNLOCK(nt); 2016 } 2017 2018 static void 2019 ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 2020 { 2021 2022 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 2023 "%s %s table\n", __func__, nt->nt_name); 2024 2025 ieee80211_free_allnodes_locked(nt); 2026 IEEE80211_SCAN_LOCK_DESTROY(nt); 2027 IEEE80211_NODE_LOCK_DESTROY(nt); 2028 } 2029