1 /* $NetBSD: ieee80211_node.c,v 1.40 2005/06/26 04:31:51 dyoung Exp $ */ 2 /*- 3 * Copyright (c) 2001 Atsushi Onoe 4 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote products 16 * derived from this software without specific prior written permission. 17 * 18 * Alternatively, this software may be distributed under the terms of the 19 * GNU General Public License ("GPL") version 2 as published by the Free 20 * Software Foundation. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 #ifdef __FreeBSD__ 36 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_node.c,v 1.43 2005/02/10 16:59:04 sam Exp $"); 37 #endif 38 #ifdef __NetBSD__ 39 __KERNEL_RCSID(0, "$NetBSD: ieee80211_node.c,v 1.40 2005/06/26 04:31:51 dyoung Exp $"); 40 #endif 41 42 #include "opt_inet.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/mbuf.h> 47 #include <sys/malloc.h> 48 #include <sys/kernel.h> 49 50 #include <sys/socket.h> 51 #include <sys/sockio.h> 52 #include <sys/endian.h> 53 #include <sys/errno.h> 54 #include <sys/proc.h> 55 #include <sys/sysctl.h> 56 57 #include <net/if.h> 58 #include <net/if_media.h> 59 #include <net/if_arp.h> 60 #include <net/if_ether.h> 61 #include <net/if_llc.h> 62 63 #include <net80211/ieee80211_netbsd.h> 64 #include <net80211/ieee80211_var.h> 65 66 #include <net/bpf.h> 67 68 #ifdef INET 69 #include <netinet/in.h> 70 #include <net/if_ether.h> 71 #endif 72 73 static struct ieee80211_node *node_alloc(struct ieee80211_node_table *); 74 static void node_cleanup(struct ieee80211_node *); 75 static void node_free(struct ieee80211_node *); 76 static u_int8_t node_getrssi(const struct ieee80211_node *); 77 78 static void ieee80211_setup_node(struct ieee80211_node_table *, 79 struct ieee80211_node *, const u_int8_t *); 80 static void _ieee80211_free_node(struct ieee80211_node *); 81 static void ieee80211_free_allnodes(struct ieee80211_node_table *); 82 83 static void ieee80211_timeout_scan_candidates(struct ieee80211_node_table *); 84 static void ieee80211_timeout_stations(struct ieee80211_node_table *); 85 86 static void ieee80211_set_tim(struct ieee80211com *, 87 struct ieee80211_node *, int set); 88 89 static void ieee80211_node_table_init(struct ieee80211com *ic, 90 struct ieee80211_node_table *nt, const char *name, int inact, 91 void (*timeout)(struct ieee80211_node_table *)); 92 static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 93 94 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 95 96 void 97 ieee80211_node_attach(struct ieee80211com *ic) 98 { 99 u_long sz; 100 101 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 102 IEEE80211_INACT_INIT, ieee80211_timeout_stations); 103 ieee80211_node_table_init(ic, &ic->ic_scan, "scan", 104 IEEE80211_INACT_SCAN, ieee80211_timeout_scan_candidates); 105 106 ic->ic_node_alloc = node_alloc; 107 ic->ic_node_free = node_free; 108 ic->ic_node_cleanup = node_cleanup; 109 ic->ic_node_getrssi = node_getrssi; 110 111 /* default station inactivity timer setings */ 112 ic->ic_inact_init = IEEE80211_INACT_INIT; 113 ic->ic_inact_auth = IEEE80211_INACT_AUTH; 114 ic->ic_inact_run = IEEE80211_INACT_RUN; 115 ic->ic_inact_probe = IEEE80211_INACT_PROBE; 116 117 /* XXX defer */ 118 if (ic->ic_max_aid == 0) 119 ic->ic_max_aid = IEEE80211_AID_DEF; 120 else if (ic->ic_max_aid > IEEE80211_AID_MAX) 121 ic->ic_max_aid = IEEE80211_AID_MAX; 122 MALLOC(ic->ic_aid_bitmap, u_int32_t *, 123 howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t), 124 M_DEVBUF, M_NOWAIT | M_ZERO); 125 if (ic->ic_aid_bitmap == NULL) { 126 /* XXX no way to recover */ 127 printf("%s: no memory for AID bitmap!\n", __func__); 128 ic->ic_max_aid = 0; 129 } 130 131 /* XXX defer until using hostap/ibss mode */ 132 ic->ic_tim_len = sz = howmany(ic->ic_max_aid, 8) * sizeof(u_int8_t); 133 MALLOC(ic->ic_tim_bitmap, u_int8_t *, sz, M_DEVBUF, M_NOWAIT | M_ZERO); 134 if (ic->ic_tim_bitmap == NULL) { 135 /* XXX no way to recover */ 136 printf("%s: no memory for TIM bitmap!\n", __func__); 137 } 138 ic->ic_set_tim = ieee80211_set_tim; /* NB: driver should override */ 139 } 140 141 void 142 ieee80211_node_lateattach(struct ieee80211com *ic) 143 { 144 struct ieee80211_node *ni; 145 struct ieee80211_rsnparms *rsn; 146 147 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 148 IASSERT(ni != NULL, ("unable to setup inital BSS node")); 149 /* 150 * Setup "global settings" in the bss node so that 151 * each new station automatically inherits them. 152 */ 153 rsn = &ni->ni_rsn; 154 /* WEP, TKIP, and AES-CCM are always supported */ 155 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_WEP; 156 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_TKIP; 157 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_CCM; 158 if (ic->ic_caps & IEEE80211_C_AES) 159 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_OCB; 160 if (ic->ic_caps & IEEE80211_C_CKIP) 161 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_CKIP; 162 /* 163 * Default unicast cipher to WEP for 802.1x use. If 164 * WPA is enabled the management code will set these 165 * values to reflect. 166 */ 167 rsn->rsn_ucastcipher = IEEE80211_CIPHER_WEP; 168 rsn->rsn_ucastkeylen = 104 / NBBY; 169 /* 170 * WPA says the multicast cipher is the lowest unicast 171 * cipher supported. But we skip WEP which would 172 * otherwise be used based on this criteria. 173 */ 174 rsn->rsn_mcastcipher = IEEE80211_CIPHER_TKIP; 175 rsn->rsn_mcastkeylen = 128 / NBBY; 176 177 /* 178 * We support both WPA-PSK and 802.1x; the one used 179 * is determined by the authentication mode and the 180 * setting of the PSK state. 181 */ 182 rsn->rsn_keymgmtset = WPA_ASE_8021X_UNSPEC | WPA_ASE_8021X_PSK; 183 rsn->rsn_keymgmt = WPA_ASE_8021X_PSK; 184 185 ic->ic_bss = ieee80211_ref_node(ni); /* hold reference */ 186 ic->ic_auth = ieee80211_authenticator_get(ni->ni_authmode); 187 } 188 189 void 190 ieee80211_node_detach(struct ieee80211com *ic) 191 { 192 193 if (ic->ic_bss != NULL) { 194 ieee80211_free_node(ic->ic_bss); 195 ic->ic_bss = NULL; 196 } 197 ieee80211_node_table_cleanup(&ic->ic_scan); 198 ieee80211_node_table_cleanup(&ic->ic_sta); 199 if (ic->ic_aid_bitmap != NULL) { 200 FREE(ic->ic_aid_bitmap, M_DEVBUF); 201 ic->ic_aid_bitmap = NULL; 202 } 203 if (ic->ic_tim_bitmap != NULL) { 204 FREE(ic->ic_tim_bitmap, M_DEVBUF); 205 ic->ic_tim_bitmap = NULL; 206 } 207 } 208 209 /* 210 * Port authorize/unauthorize interfaces for use by an authenticator. 211 */ 212 213 void 214 ieee80211_node_authorize(struct ieee80211com *ic, struct ieee80211_node *ni) 215 { 216 ni->ni_flags |= IEEE80211_NODE_AUTH; 217 ni->ni_inact_reload = ic->ic_inact_run; 218 } 219 220 void 221 ieee80211_node_unauthorize(struct ieee80211com *ic, struct ieee80211_node *ni) 222 { 223 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 224 } 225 226 /* 227 * Set/change the channel. The rate set is also updated as 228 * to insure a consistent view by drivers. 229 */ 230 static __inline void 231 ieee80211_set_chan(struct ieee80211com *ic, 232 struct ieee80211_node *ni, struct ieee80211_channel *chan) 233 { 234 ni->ni_chan = chan; 235 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, chan)]; 236 } 237 238 /* 239 * AP scanning support. 240 */ 241 242 #ifdef IEEE80211_DEBUG 243 static void 244 dump_chanlist(const u_char chans[]) 245 { 246 const char *sep; 247 int i; 248 249 sep = " "; 250 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 251 if (isset(chans, i)) { 252 printf("%s%u", sep, i); 253 sep = ", "; 254 } 255 } 256 #endif /* IEEE80211_DEBUG */ 257 258 /* 259 * Initialize the channel set to scan based on the 260 * of available channels and the current PHY mode. 261 */ 262 static void 263 ieee80211_reset_scan(struct ieee80211com *ic) 264 { 265 266 /* XXX ic_des_chan should be handled with ic_chan_active */ 267 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC) { 268 memset(ic->ic_chan_scan, 0, sizeof(ic->ic_chan_scan)); 269 setbit(ic->ic_chan_scan, 270 ieee80211_chan2ieee(ic, ic->ic_des_chan)); 271 } else 272 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 273 sizeof(ic->ic_chan_active)); 274 /* NB: hack, setup so next_scan starts with the first channel */ 275 if (ic->ic_bss->ni_chan == IEEE80211_CHAN_ANYC) 276 ieee80211_set_chan(ic, ic->ic_bss, 277 &ic->ic_channels[IEEE80211_CHAN_MAX]); 278 #ifdef IEEE80211_DEBUG 279 if (ieee80211_msg_scan(ic)) { 280 printf("%s: scan set:", __func__); 281 dump_chanlist(ic->ic_chan_scan); 282 printf(" start chan %u\n", 283 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan)); 284 } 285 #endif /* IEEE80211_DEBUG */ 286 } 287 288 /* 289 * Begin an active scan. 290 */ 291 void 292 ieee80211_begin_scan(struct ieee80211com *ic, int reset) 293 { 294 295 ic->ic_scan.nt_scangen++; 296 /* 297 * In all but hostap mode scanning starts off in 298 * an active mode before switching to passive. 299 */ 300 if (ic->ic_opmode != IEEE80211_M_HOSTAP) { 301 ic->ic_flags |= IEEE80211_F_ASCAN; 302 ic->ic_stats.is_scan_active++; 303 } else 304 ic->ic_stats.is_scan_passive++; 305 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 306 "begin %s scan in %s mode, scangen %u\n", 307 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive", 308 ieee80211_phymode_name[ic->ic_curmode], ic->ic_scan.nt_scangen); 309 /* 310 * Clear scan state and flush any previously seen AP's. 311 */ 312 ieee80211_reset_scan(ic); 313 if (reset) 314 ieee80211_free_allnodes(&ic->ic_scan); 315 316 ic->ic_flags |= IEEE80211_F_SCAN; 317 318 /* Scan the next channel. */ 319 ieee80211_next_scan(ic); 320 } 321 322 /* 323 * Switch to the next channel marked for scanning. 324 */ 325 int 326 ieee80211_next_scan(struct ieee80211com *ic) 327 { 328 struct ieee80211_channel *chan; 329 330 /* 331 * Insure any previous mgt frame timeouts don't fire. 332 * This assumes the driver does the right thing in 333 * flushing anything queued in the driver and below. 334 */ 335 ic->ic_mgt_timer = 0; 336 337 chan = ic->ic_bss->ni_chan; 338 do { 339 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 340 chan = &ic->ic_channels[0]; 341 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 342 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 343 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 344 "%s: chan %d->%d\n", __func__, 345 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan), 346 ieee80211_chan2ieee(ic, chan)); 347 ieee80211_set_chan(ic, ic->ic_bss, chan); 348 #ifdef notyet 349 /* XXX driver state change */ 350 /* 351 * Scan next channel. If doing an active scan 352 * and the channel is not marked passive-only 353 * then send a probe request. Otherwise just 354 * listen for beacons on the channel. 355 */ 356 if ((ic->ic_flags & IEEE80211_F_ASCAN) && 357 (ni->ni_chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0) { 358 IEEE80211_SEND_MGMT(ic, ni, 359 IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0); 360 } 361 #else 362 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 363 #endif 364 return 1; 365 } 366 } while (chan != ic->ic_bss->ni_chan); 367 ieee80211_end_scan(ic); 368 return 0; 369 } 370 371 static __inline void 372 copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 373 { 374 /* propagate useful state */ 375 nbss->ni_authmode = obss->ni_authmode; 376 nbss->ni_txpower = obss->ni_txpower; 377 nbss->ni_vlan = obss->ni_vlan; 378 nbss->ni_rsn = obss->ni_rsn; 379 /* XXX statistics? */ 380 } 381 382 void 383 ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 384 { 385 struct ieee80211_node_table *nt; 386 struct ieee80211_node *ni; 387 388 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 389 "%s: creating ibss\n", __func__); 390 391 /* 392 * Create the station/neighbor table. Note that for adhoc 393 * mode we make the initial inactivity timer longer since 394 * we create nodes only through discovery and they typically 395 * are long-lived associations. 396 */ 397 nt = &ic->ic_sta; 398 IEEE80211_NODE_LOCK(nt); 399 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 400 nt->nt_name = "station"; 401 nt->nt_inact_init = ic->ic_inact_init; 402 } else { 403 nt->nt_name = "neighbor"; 404 nt->nt_inact_init = ic->ic_inact_run; 405 } 406 IEEE80211_NODE_UNLOCK(nt); 407 408 ni = ieee80211_alloc_node(nt, ic->ic_myaddr); 409 if (ni == NULL) { 410 /* XXX recovery? */ 411 return; 412 } 413 if (ic->ic_opmode != IEEE80211_M_HOSTAP && 414 (ic->ic_flags & IEEE80211_F_DESBSSID) != 0) 415 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 416 else 417 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 418 ni->ni_esslen = ic->ic_des_esslen; 419 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 420 copy_bss(ni, ic->ic_bss); 421 ni->ni_intval = ic->ic_lintval; 422 if (ic->ic_flags & IEEE80211_F_PRIVACY) 423 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 424 if (ic->ic_phytype == IEEE80211_T_FH) { 425 ni->ni_fhdwell = 200; /* XXX */ 426 ni->ni_fhindex = 1; 427 } 428 if (ic->ic_opmode == IEEE80211_M_IBSS) { 429 ic->ic_flags |= IEEE80211_F_SIBSS; 430 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 431 if (ic->ic_flags & IEEE80211_F_DESBSSID) 432 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 433 else 434 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 435 } 436 /* 437 * Fix the channel and related attributes. 438 */ 439 ieee80211_set_chan(ic, ni, chan); 440 ic->ic_curmode = ieee80211_chan2mode(ic, chan); 441 /* 442 * Do mode-specific rate setup. 443 */ 444 if (ic->ic_curmode == IEEE80211_MODE_11G) { 445 /* 446 * Use a mixed 11b/11g rate set. 447 */ 448 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11G); 449 } else if (ic->ic_curmode == IEEE80211_MODE_11B) { 450 /* 451 * Force pure 11b rate set. 452 */ 453 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11B); 454 } 455 456 (void) ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 457 } 458 459 void 460 ieee80211_reset_bss(struct ieee80211com *ic) 461 { 462 struct ieee80211_node *ni, *obss; 463 464 ieee80211_node_table_reset(&ic->ic_scan); 465 ieee80211_node_table_reset(&ic->ic_sta); 466 467 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 468 IASSERT(ni != NULL, ("unable to setup inital BSS node")); 469 obss = ic->ic_bss; 470 ic->ic_bss = ieee80211_ref_node(ni); 471 if (obss != NULL) { 472 copy_bss(ni, obss); 473 ni->ni_intval = ic->ic_lintval; 474 ieee80211_free_node(obss); 475 } 476 } 477 478 static int 479 ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 480 { 481 u_int8_t rate; 482 int fail; 483 484 fail = 0; 485 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 486 fail |= 0x01; 487 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 488 ni->ni_chan != ic->ic_des_chan) 489 fail |= 0x01; 490 if (ic->ic_opmode == IEEE80211_M_IBSS) { 491 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 492 fail |= 0x02; 493 } else { 494 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 495 fail |= 0x02; 496 } 497 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 498 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 499 fail |= 0x04; 500 } else { 501 /* XXX does this mean privacy is supported or required? */ 502 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 503 fail |= 0x04; 504 } 505 rate = ieee80211_fix_rate(ic, ni, 506 IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 507 if (rate & IEEE80211_RATE_BASIC) 508 fail |= 0x08; 509 if (ic->ic_des_esslen != 0 && 510 (ni->ni_esslen != ic->ic_des_esslen || 511 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 512 fail |= 0x10; 513 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 514 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 515 fail |= 0x20; 516 #ifdef IEEE80211_DEBUG 517 if (ieee80211_msg_scan(ic)) { 518 printf(" %c %s", fail ? '-' : '+', 519 ether_sprintf(ni->ni_macaddr)); 520 printf(" %s%c", ether_sprintf(ni->ni_bssid), 521 fail & 0x20 ? '!' : ' '); 522 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 523 fail & 0x01 ? '!' : ' '); 524 printf(" %+4d", ni->ni_rssi); 525 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 526 fail & 0x08 ? '!' : ' '); 527 printf(" %4s%c", 528 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 529 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 530 "????", 531 fail & 0x02 ? '!' : ' '); 532 printf(" %3s%c ", 533 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 534 "wep" : "no", 535 fail & 0x04 ? '!' : ' '); 536 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 537 printf("%s\n", fail & 0x10 ? "!" : ""); 538 } 539 #endif 540 return fail; 541 } 542 543 static __inline u_int8_t 544 maxrate(const struct ieee80211_node *ni) 545 { 546 const struct ieee80211_rateset *rs = &ni->ni_rates; 547 /* NB: assumes rate set is sorted (happens on frame receive) */ 548 return rs->rs_rates[rs->rs_nrates-1] & IEEE80211_RATE_VAL; 549 } 550 551 /* 552 * Compare the capabilities of two nodes and decide which is 553 * more desirable (return >0 if a is considered better). Note 554 * that we assume compatibility/usability has already been checked 555 * so we don't need to (e.g. validate whether privacy is supported). 556 * Used to select the best scan candidate for association in a BSS. 557 */ 558 static int 559 ieee80211_node_compare(struct ieee80211com *ic, 560 const struct ieee80211_node *a, 561 const struct ieee80211_node *b) 562 { 563 u_int8_t maxa, maxb; 564 u_int8_t rssia, rssib; 565 566 /* privacy support preferred */ 567 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) && 568 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 569 return 1; 570 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0 && 571 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)) 572 return -1; 573 574 rssia = ic->ic_node_getrssi(a); 575 rssib = ic->ic_node_getrssi(b); 576 if (abs(rssib - rssia) < 5) { 577 /* best/max rate preferred if signal level close enough XXX */ 578 maxa = maxrate(a); 579 maxb = maxrate(b); 580 if (maxa != maxb) 581 return maxa - maxb; 582 /* XXX use freq for channel preference */ 583 /* for now just prefer 5Ghz band to all other bands */ 584 if (IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 585 !IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 586 return 1; 587 if (!IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 588 IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 589 return -1; 590 } 591 /* all things being equal, use signal level */ 592 return rssia - rssib; 593 } 594 595 /* 596 * Mark an ongoing scan stopped. 597 */ 598 void 599 ieee80211_cancel_scan(struct ieee80211com *ic) 600 { 601 602 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "%s: end %s scan\n", 603 __func__, 604 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive"); 605 606 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 607 } 608 609 /* 610 * Complete a scan of potential channels. 611 */ 612 void 613 ieee80211_end_scan(struct ieee80211com *ic) 614 { 615 struct ieee80211_node_table *nt = &ic->ic_scan; 616 struct ieee80211_node *ni, *selbs; 617 618 ieee80211_cancel_scan(ic); 619 ieee80211_notify_scan_done(ic); 620 621 #ifndef IEEE80211_NO_HOSTAP 622 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 623 u_int8_t maxrssi[IEEE80211_CHAN_MAX]; /* XXX off stack? */ 624 int i, bestchan; 625 u_int8_t rssi; 626 627 /* 628 * The passive scan to look for existing AP's completed, 629 * select a channel to camp on. Identify the channels 630 * that already have one or more AP's and try to locate 631 * an unoccupied one. If that fails, pick a channel that 632 * looks to be quietest. 633 */ 634 memset(maxrssi, 0, sizeof(maxrssi)); 635 IEEE80211_NODE_LOCK(nt); 636 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 637 rssi = ic->ic_node_getrssi(ni); 638 i = ieee80211_chan2ieee(ic, ni->ni_chan); 639 if (rssi > maxrssi[i]) 640 maxrssi[i] = rssi; 641 } 642 IEEE80211_NODE_UNLOCK(nt); 643 /* XXX select channel more intelligently */ 644 bestchan = -1; 645 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 646 if (isset(ic->ic_chan_active, i)) { 647 /* 648 * If the channel is unoccupied the max rssi 649 * should be zero; just take it. Otherwise 650 * track the channel with the lowest rssi and 651 * use that when all channels appear occupied. 652 */ 653 if (maxrssi[i] == 0) { 654 bestchan = i; 655 break; 656 } 657 if (bestchan == -1 || 658 maxrssi[i] < maxrssi[bestchan]) 659 bestchan = i; 660 } 661 if (bestchan != -1) { 662 ieee80211_create_ibss(ic, &ic->ic_channels[bestchan]); 663 return; 664 } 665 /* no suitable channel, should not happen */ 666 } 667 #endif /* !IEEE80211_NO_HOSTAP */ 668 669 /* 670 * When manually sequencing the state machine; scan just once 671 * regardless of whether we have a candidate or not. The 672 * controlling application is expected to setup state and 673 * initiate an association. 674 */ 675 if (ic->ic_roaming == IEEE80211_ROAMING_MANUAL) 676 return; 677 /* 678 * Automatic sequencing; look for a candidate and 679 * if found join the network. 680 */ 681 /* NB: unlocked read should be ok */ 682 if (TAILQ_FIRST(&nt->nt_node) == NULL) { 683 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 684 "%s: no scan candidate\n", __func__); 685 notfound: 686 if (ic->ic_opmode == IEEE80211_M_IBSS && 687 (ic->ic_flags & IEEE80211_F_IBSSON) && 688 ic->ic_des_esslen != 0) { 689 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 690 return; 691 } 692 /* 693 * Reset the list of channels to scan and start again. 694 */ 695 ieee80211_reset_scan(ic); 696 ic->ic_flags |= IEEE80211_F_SCAN; 697 ieee80211_next_scan(ic); 698 return; 699 } 700 selbs = NULL; 701 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "\t%s\n", 702 "macaddr bssid chan rssi rate flag wep essid"); 703 IEEE80211_NODE_LOCK(nt); 704 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 705 if (ni->ni_fails) { 706 /* 707 * The configuration of the access points may change 708 * during my scan. So delete the entry for the AP 709 * and retry to associate if there is another beacon. 710 */ 711 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 712 "%s: skip scan candidate %s, fails %u\n", 713 __func__, ether_sprintf(ni->ni_macaddr), 714 ni->ni_fails); 715 ni->ni_fails++; 716 #if 0 717 if (ni->ni_fails++ > 2) 718 ieee80211_free_node(ni); 719 #endif 720 continue; 721 } 722 if (ieee80211_match_bss(ic, ni) == 0) { 723 if (selbs == NULL) 724 selbs = ni; 725 else if (ieee80211_node_compare(ic, ni, selbs) > 0) 726 selbs = ni; 727 } 728 } 729 if (selbs != NULL) /* NB: grab ref while dropping lock */ 730 (void) ieee80211_ref_node(selbs); 731 IEEE80211_NODE_UNLOCK(nt); 732 if (selbs == NULL) 733 goto notfound; 734 if (!ieee80211_sta_join(ic, selbs)) { 735 ieee80211_free_node(selbs); 736 goto notfound; 737 } 738 } 739 740 /* 741 * Handle 802.11 ad hoc network merge. The 742 * convention, set by the Wireless Ethernet Compatibility Alliance 743 * (WECA), is that an 802.11 station will change its BSSID to match 744 * the "oldest" 802.11 ad hoc network, on the same channel, that 745 * has the station's desired SSID. The "oldest" 802.11 network 746 * sends beacons with the greatest TSF timestamp. 747 * 748 * The caller is assumed to validate TSF's before attempting a merge. 749 * 750 * Return !0 if the BSSID changed, 0 otherwise. 751 */ 752 int 753 ieee80211_ibss_merge(struct ieee80211com *ic, struct ieee80211_node *ni) 754 { 755 756 if (ni == ic->ic_bss || 757 IEEE80211_ADDR_EQ(ni->ni_bssid, ic->ic_bss->ni_bssid)) { 758 /* unchanged, nothing to do */ 759 return 0; 760 } 761 if (ieee80211_match_bss(ic, ni) != 0) { /* capabilities mismatch */ 762 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 763 "%s: merge failed, capabilities mismatch\n", __func__); 764 ic->ic_stats.is_ibss_capmismatch++; 765 return 0; 766 } 767 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 768 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 769 ether_sprintf(ni->ni_bssid), 770 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 771 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 772 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 773 ); 774 return ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 775 } 776 777 /* 778 * Join the specified IBSS/BSS network. The node is assumed to 779 * be passed in with a held reference. 780 */ 781 int 782 ieee80211_sta_join(struct ieee80211com *ic, struct ieee80211_node *selbs) 783 { 784 struct ieee80211_node *obss; 785 786 if (ic->ic_opmode == IEEE80211_M_IBSS) { 787 struct ieee80211_node_table *nt; 788 /* 789 * Delete unusable rates; we've already checked 790 * that the negotiated rate set is acceptable. 791 */ 792 ieee80211_fix_rate(ic, selbs, IEEE80211_F_DODEL); 793 /* 794 * Fillin the neighbor table; it will already 795 * exist if we are simply switching mastership. 796 * XXX ic_sta always setup so this is unnecessary? 797 */ 798 nt = &ic->ic_sta; 799 IEEE80211_NODE_LOCK(nt); 800 nt->nt_name = "neighbor"; 801 nt->nt_inact_init = ic->ic_inact_run; 802 IEEE80211_NODE_UNLOCK(nt); 803 } 804 805 /* 806 * Committed to selbs, setup state. 807 */ 808 obss = ic->ic_bss; 809 ic->ic_bss = selbs; /* NB: caller assumed to bump refcnt */ 810 if (obss != NULL) 811 ieee80211_free_node(obss); 812 /* 813 * Set the erp state (mostly the slot time) to deal with 814 * the auto-select case; this should be redundant if the 815 * mode is locked. 816 */ 817 ic->ic_curmode = ieee80211_chan2mode(ic, selbs->ni_chan); 818 ieee80211_reset_erp(ic); 819 ieee80211_wme_initparams(ic); 820 821 if (ic->ic_opmode == IEEE80211_M_STA) 822 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 823 else 824 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 825 return 1; 826 } 827 828 /* 829 * Leave the specified IBSS/BSS network. The node is assumed to 830 * be passed in with a held reference. 831 */ 832 void 833 ieee80211_sta_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 834 { 835 ic->ic_node_cleanup(ni); 836 ieee80211_notify_node_leave(ic, ni); 837 } 838 839 int 840 ieee80211_get_rate(struct ieee80211com *ic) 841 { 842 u_int8_t (*rates)[IEEE80211_RATE_MAXSIZE]; 843 int rate; 844 845 rates = &ic->ic_bss->ni_rates.rs_rates; 846 847 if (ic->ic_fixed_rate != -1) 848 rate = (*rates)[ic->ic_fixed_rate]; 849 else if (ic->ic_state == IEEE80211_S_RUN) 850 rate = (*rates)[ic->ic_bss->ni_txrate]; 851 else 852 rate = 0; 853 854 return rate & IEEE80211_RATE_VAL; 855 } 856 857 static struct ieee80211_node * 858 node_alloc(struct ieee80211_node_table *nt) 859 { 860 struct ieee80211_node *ni; 861 862 MALLOC(ni, struct ieee80211_node *, sizeof(struct ieee80211_node), 863 M_80211_NODE, M_NOWAIT | M_ZERO); 864 return ni; 865 } 866 867 /* 868 * Reclaim any resources in a node and reset any critical 869 * state. Typically nodes are free'd immediately after, 870 * but in some cases the storage may be reused so we need 871 * to insure consistent state (should probably fix that). 872 */ 873 static void 874 node_cleanup(struct ieee80211_node *ni) 875 { 876 #define N(a) (sizeof(a)/sizeof(a[0])) 877 struct ieee80211com *ic = ni->ni_ic; 878 int i, qlen; 879 880 /* NB: preserve ni_table */ 881 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 882 ic->ic_ps_sta--; 883 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 884 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, 885 "[%s] power save mode off, %u sta's in ps mode\n", 886 ether_sprintf(ni->ni_macaddr), ic->ic_ps_sta); 887 } 888 889 /* 890 * Drain power save queue and, if needed, clear TIM. 891 */ 892 IEEE80211_NODE_SAVEQ_DRAIN(ni, qlen); 893 if (qlen != 0 && ic->ic_set_tim != NULL) 894 ic->ic_set_tim(ic, ni, 0); 895 896 ni->ni_associd = 0; 897 if (ni->ni_challenge != NULL) { 898 FREE(ni->ni_challenge, M_DEVBUF); 899 ni->ni_challenge = NULL; 900 } 901 /* 902 * Preserve SSID, WPA, and WME ie's so the bss node is 903 * reusable during a re-auth/re-assoc state transition. 904 * If we remove these data they will not be recreated 905 * because they come from a probe-response or beacon frame 906 * which cannot be expected prior to the association-response. 907 * This should not be an issue when operating in other modes 908 * as stations leaving always go through a full state transition 909 * which will rebuild this state. 910 * 911 * XXX does this leave us open to inheriting old state? 912 */ 913 for (i = 0; i < N(ni->ni_rxfrag); i++) 914 if (ni->ni_rxfrag[i] != NULL) { 915 m_freem(ni->ni_rxfrag[i]); 916 ni->ni_rxfrag[i] = NULL; 917 } 918 ieee80211_crypto_delkey(ic, &ni->ni_ucastkey); 919 #undef N 920 } 921 922 static void 923 node_free(struct ieee80211_node *ni) 924 { 925 struct ieee80211com *ic = ni->ni_ic; 926 927 ic->ic_node_cleanup(ni); 928 if (ni->ni_wpa_ie != NULL) 929 FREE(ni->ni_wpa_ie, M_DEVBUF); 930 if (ni->ni_wme_ie != NULL) 931 FREE(ni->ni_wme_ie, M_DEVBUF); 932 IEEE80211_NODE_SAVEQ_DESTROY(ni); 933 FREE(ni, M_80211_NODE); 934 } 935 936 static u_int8_t 937 node_getrssi(const struct ieee80211_node *ni) 938 { 939 return ni->ni_rssi; 940 } 941 942 static void 943 ieee80211_setup_node(struct ieee80211_node_table *nt, 944 struct ieee80211_node *ni, const u_int8_t *macaddr) 945 { 946 struct ieee80211com *ic = nt->nt_ic; 947 int hash; 948 949 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 950 "%s %p<%s> in %s table\n", __func__, ni, 951 ether_sprintf(macaddr), nt->nt_name); 952 953 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 954 hash = IEEE80211_NODE_HASH(macaddr); 955 ieee80211_node_initref(ni); /* mark referenced */ 956 ni->ni_chan = IEEE80211_CHAN_ANYC; 957 ni->ni_authmode = IEEE80211_AUTH_OPEN; 958 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 959 ieee80211_crypto_resetkey(ic, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 960 ni->ni_inact_reload = nt->nt_inact_init; 961 ni->ni_inact = ni->ni_inact_reload; 962 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 963 964 IEEE80211_NODE_LOCK(nt); 965 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 966 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 967 ni->ni_table = nt; 968 ni->ni_ic = ic; 969 IEEE80211_NODE_UNLOCK(nt); 970 } 971 972 struct ieee80211_node * 973 ieee80211_alloc_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 974 { 975 struct ieee80211com *ic = nt->nt_ic; 976 struct ieee80211_node *ni; 977 978 ni = ic->ic_node_alloc(nt); 979 if (ni != NULL) 980 ieee80211_setup_node(nt, ni, macaddr); 981 else 982 ic->ic_stats.is_rx_nodealloc++; 983 return ni; 984 } 985 986 struct ieee80211_node * 987 ieee80211_dup_bss(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 988 { 989 struct ieee80211com *ic = nt->nt_ic; 990 struct ieee80211_node *ni; 991 992 ni = ic->ic_node_alloc(nt); 993 if (ni != NULL) { 994 ieee80211_setup_node(nt, ni, macaddr); 995 /* 996 * Inherit from ic_bss. 997 */ 998 ni->ni_authmode = ic->ic_bss->ni_authmode; 999 ni->ni_txpower = ic->ic_bss->ni_txpower; 1000 ni->ni_vlan = ic->ic_bss->ni_vlan; /* XXX?? */ 1001 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 1002 ieee80211_set_chan(ic, ni, ic->ic_bss->ni_chan); 1003 ni->ni_rsn = ic->ic_bss->ni_rsn; 1004 } else 1005 ic->ic_stats.is_rx_nodealloc++; 1006 return ni; 1007 } 1008 1009 static struct ieee80211_node * 1010 #ifdef IEEE80211_DEBUG_REFCNT 1011 _ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1012 const u_int8_t *macaddr, const char *func, int line) 1013 #else 1014 _ieee80211_find_node(struct ieee80211_node_table *nt, 1015 const u_int8_t *macaddr) 1016 #endif 1017 { 1018 struct ieee80211_node *ni; 1019 int hash; 1020 1021 IEEE80211_NODE_LOCK_ASSERT(nt); 1022 1023 hash = IEEE80211_NODE_HASH(macaddr); 1024 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1025 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1026 ieee80211_ref_node(ni); /* mark referenced */ 1027 #ifdef IEEE80211_DEBUG_REFCNT 1028 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1029 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1030 func, line, 1031 ni, ether_sprintf(ni->ni_macaddr), 1032 ieee80211_node_refcnt(ni)); 1033 #endif 1034 return ni; 1035 } 1036 } 1037 return NULL; 1038 } 1039 #ifdef IEEE80211_DEBUG_REFCNT 1040 #define _ieee80211_find_node(nt, mac) \ 1041 _ieee80211_find_node_debug(nt, mac, func, line) 1042 #endif 1043 1044 struct ieee80211_node * 1045 #ifdef IEEE80211_DEBUG_REFCNT 1046 ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1047 const u_int8_t *macaddr, const char *func, int line) 1048 #else 1049 ieee80211_find_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 1050 #endif 1051 { 1052 struct ieee80211_node *ni; 1053 1054 IEEE80211_NODE_LOCK(nt); 1055 ni = _ieee80211_find_node(nt, macaddr); 1056 IEEE80211_NODE_UNLOCK(nt); 1057 return ni; 1058 } 1059 1060 /* 1061 * Fake up a node; this handles node discovery in adhoc mode. 1062 * Note that for the driver's benefit we we treat this like 1063 * an association so the driver has an opportunity to setup 1064 * it's private state. 1065 */ 1066 struct ieee80211_node * 1067 ieee80211_fakeup_adhoc_node(struct ieee80211_node_table *nt, 1068 const u_int8_t macaddr[IEEE80211_ADDR_LEN]) 1069 { 1070 struct ieee80211com *ic = nt->nt_ic; 1071 struct ieee80211_node *ni; 1072 1073 ni = ieee80211_dup_bss(nt, macaddr); 1074 if (ni != NULL) { 1075 /* XXX no rate negotiation; just dup */ 1076 ni->ni_rates = ic->ic_bss->ni_rates; 1077 if (ic->ic_newassoc != NULL) 1078 ic->ic_newassoc(ic, ni, 1); 1079 /* XXX not right for 802.1x/WPA */ 1080 ieee80211_node_authorize(ic, ni); 1081 } 1082 return ni; 1083 } 1084 1085 /* 1086 * Locate the node for sender, track state, and then pass the 1087 * (referenced) node up to the 802.11 layer for its use. We 1088 * are required to pass some node so we fall back to ic_bss 1089 * when this frame is from an unknown sender. The 802.11 layer 1090 * knows this means the sender wasn't in the node table and 1091 * acts accordingly. 1092 */ 1093 struct ieee80211_node * 1094 #ifdef IEEE80211_DEBUG_REFCNT 1095 ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1096 const struct ieee80211_frame_min *wh, const char *func, int line) 1097 #else 1098 ieee80211_find_rxnode(struct ieee80211com *ic, 1099 const struct ieee80211_frame_min *wh) 1100 #endif 1101 { 1102 #define IS_CTL(wh) \ 1103 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1104 #define IS_PSPOLL(wh) \ 1105 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1106 struct ieee80211_node_table *nt; 1107 struct ieee80211_node *ni; 1108 1109 /* XXX may want scanned nodes in the neighbor table for adhoc */ 1110 if (ic->ic_opmode == IEEE80211_M_STA || 1111 ic->ic_opmode == IEEE80211_M_MONITOR || 1112 (ic->ic_flags & IEEE80211_F_SCAN)) 1113 nt = &ic->ic_scan; 1114 else 1115 nt = &ic->ic_sta; 1116 /* XXX check ic_bss first in station mode */ 1117 /* XXX 4-address frames? */ 1118 IEEE80211_NODE_LOCK(nt); 1119 if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/) 1120 ni = _ieee80211_find_node(nt, wh->i_addr1); 1121 else 1122 ni = _ieee80211_find_node(nt, wh->i_addr2); 1123 IEEE80211_NODE_UNLOCK(nt); 1124 1125 return (ni != NULL ? ni : ieee80211_ref_node(ic->ic_bss)); 1126 #undef IS_PSPOLL 1127 #undef IS_CTL 1128 } 1129 1130 /* 1131 * Return a reference to the appropriate node for sending 1132 * a data frame. This handles node discovery in adhoc networks. 1133 */ 1134 struct ieee80211_node * 1135 #ifdef IEEE80211_DEBUG_REFCNT 1136 ieee80211_find_txnode_debug(struct ieee80211com *ic, const u_int8_t *macaddr, 1137 const char *func, int line) 1138 #else 1139 ieee80211_find_txnode(struct ieee80211com *ic, const u_int8_t *macaddr) 1140 #endif 1141 { 1142 struct ieee80211_node_table *nt = &ic->ic_sta; 1143 struct ieee80211_node *ni; 1144 1145 /* 1146 * The destination address should be in the node table 1147 * unless we are operating in station mode or this is a 1148 * multicast/broadcast frame. 1149 */ 1150 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 1151 return ieee80211_ref_node(ic->ic_bss); 1152 1153 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1154 IEEE80211_NODE_LOCK(nt); 1155 ni = _ieee80211_find_node(nt, macaddr); 1156 IEEE80211_NODE_UNLOCK(nt); 1157 1158 if (ni == NULL) { 1159 if (ic->ic_opmode == IEEE80211_M_IBSS || 1160 ic->ic_opmode == IEEE80211_M_AHDEMO) { 1161 /* 1162 * In adhoc mode cons up a node for the destination. 1163 * Note that we need an additional reference for the 1164 * caller to be consistent with _ieee80211_find_node. 1165 */ 1166 ni = ieee80211_fakeup_adhoc_node(nt, macaddr); 1167 if (ni != NULL) 1168 (void) ieee80211_ref_node(ni); 1169 } else { 1170 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, 1171 "[%s] no node, discard frame (%s)\n", 1172 ether_sprintf(macaddr), __func__); 1173 ic->ic_stats.is_tx_nonode++; 1174 } 1175 } 1176 return ni; 1177 } 1178 1179 /* 1180 * Like find but search based on the channel too. 1181 */ 1182 struct ieee80211_node * 1183 #ifdef IEEE80211_DEBUG_REFCNT 1184 ieee80211_find_node_with_channel_debug(struct ieee80211_node_table *nt, 1185 const u_int8_t *macaddr, struct ieee80211_channel *chan, 1186 const char *func, int line) 1187 #else 1188 ieee80211_find_node_with_channel(struct ieee80211_node_table *nt, 1189 const u_int8_t *macaddr, struct ieee80211_channel *chan) 1190 #endif 1191 { 1192 struct ieee80211_node *ni; 1193 int hash; 1194 1195 hash = IEEE80211_NODE_HASH(macaddr); 1196 IEEE80211_NODE_LOCK(nt); 1197 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1198 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1199 ni->ni_chan == chan) { 1200 ieee80211_ref_node(ni); /* mark referenced */ 1201 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1202 #ifdef IEEE80211_DEBUG_REFCNT 1203 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1204 func, line, 1205 #else 1206 "%s %p<%s> refcnt %d\n", __func__, 1207 #endif 1208 ni, ether_sprintf(ni->ni_macaddr), 1209 ieee80211_node_refcnt(ni)); 1210 break; 1211 } 1212 } 1213 IEEE80211_NODE_UNLOCK(nt); 1214 return ni; 1215 } 1216 1217 struct ieee80211_node * 1218 ieee80211_refine_node_for_beacon(struct ieee80211com *ic, 1219 struct ieee80211_node *ni0, struct ieee80211_channel *chan, 1220 const u_int8_t *ssid) 1221 { 1222 struct ieee80211_node_table *nt = ni0->ni_table; 1223 struct ieee80211_node *best, *ni; 1224 int best_score = 0, score; 1225 1226 best = ni0; 1227 if (ssid[1] == 0 || best->ni_esslen == 0) 1228 best_score = 1; 1229 else if (ssid[1] == best->ni_esslen && 1230 memcmp(ssid + 2, best->ni_essid, ssid[1]) == 0) 1231 best_score = 2; 1232 else 1233 best_score = 0; 1234 1235 IEEE80211_NODE_LOCK(nt); 1236 for (ni = LIST_NEXT(ni0, ni_hash); ni != NULL; 1237 ni = LIST_NEXT(ni, ni_hash)) { 1238 if (!IEEE80211_ADDR_EQ(ni->ni_macaddr, best->ni_macaddr) || 1239 ni->ni_ic != best->ni_ic || ni->ni_chan != chan) 1240 continue; 1241 1242 if (ssid[1] == 0 || ni->ni_esslen == 0) 1243 score = 1; 1244 else if (ssid[1] == ni->ni_esslen && 1245 memcmp(ssid + 2, ni->ni_essid, ssid[1]) == 0) 1246 score = 2; 1247 else 1248 continue; 1249 1250 if (score > best_score) { 1251 ieee80211_ref_node(ni); 1252 ieee80211_unref_node(&best); 1253 best = ni; 1254 best_score = score; 1255 } 1256 } 1257 IEEE80211_NODE_UNLOCK(nt); 1258 return best; 1259 } 1260 1261 /* 1262 * Like find but search based on the ssid too. 1263 */ 1264 struct ieee80211_node * 1265 #ifdef IEEE80211_DEBUG_REFCNT 1266 ieee80211_find_node_with_ssid_debug(struct ieee80211_node_table *nt, 1267 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid, 1268 const char *func, int line) 1269 #else 1270 ieee80211_find_node_with_ssid(struct ieee80211_node_table *nt, 1271 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid) 1272 #endif 1273 { 1274 struct ieee80211com *ic = nt->nt_ic; 1275 struct ieee80211_node *ni; 1276 int hash; 1277 1278 hash = IEEE80211_NODE_HASH(macaddr); 1279 IEEE80211_NODE_LOCK(nt); 1280 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1281 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1282 ni->ni_esslen == ic->ic_des_esslen && 1283 memcmp(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen) == 0) { 1284 ieee80211_ref_node(ni); /* mark referenced */ 1285 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1286 #ifdef IEEE80211_DEBUG_REFCNT 1287 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1288 func, line, 1289 #else 1290 "%s %p<%s> refcnt %d\n", __func__, 1291 #endif 1292 ni, ether_sprintf(ni->ni_macaddr), 1293 ieee80211_node_refcnt(ni)); 1294 break; 1295 } 1296 } 1297 IEEE80211_NODE_UNLOCK(nt); 1298 return ni; 1299 } 1300 1301 static void 1302 _ieee80211_free_node(struct ieee80211_node *ni) 1303 { 1304 struct ieee80211com *ic = ni->ni_ic; 1305 struct ieee80211_node_table *nt = ni->ni_table; 1306 1307 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1308 "%s %p<%s> in %s table\n", __func__, ni, 1309 ether_sprintf(ni->ni_macaddr), 1310 nt != NULL ? nt->nt_name : "<gone>"); 1311 1312 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1313 if (nt != NULL) { 1314 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1315 LIST_REMOVE(ni, ni_hash); 1316 } 1317 ic->ic_node_free(ni); 1318 } 1319 1320 void 1321 #ifdef IEEE80211_DEBUG_REFCNT 1322 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1323 #else 1324 ieee80211_free_node(struct ieee80211_node *ni) 1325 #endif 1326 { 1327 struct ieee80211_node_table *nt = ni->ni_table; 1328 1329 #ifdef IEEE80211_DEBUG_REFCNT 1330 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1331 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1332 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1333 #endif 1334 if (ieee80211_node_dectestref(ni)) { 1335 /* 1336 * Beware; if the node is marked gone then it's already 1337 * been removed from the table and we cannot assume the 1338 * table still exists. Regardless, there's no need to lock 1339 * the table. 1340 */ 1341 if (ni->ni_table != NULL) { 1342 IEEE80211_NODE_LOCK(nt); 1343 _ieee80211_free_node(ni); 1344 IEEE80211_NODE_UNLOCK(nt); 1345 } else 1346 _ieee80211_free_node(ni); 1347 } 1348 } 1349 1350 /* 1351 * Reclaim a node. If this is the last reference count then 1352 * do the normal free work. Otherwise remove it from the node 1353 * table and mark it gone by clearing the back-reference. 1354 */ 1355 static void 1356 node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1357 { 1358 1359 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1360 "%s: remove %p<%s> from %s table, refcnt %d\n", 1361 __func__, ni, ether_sprintf(ni->ni_macaddr), 1362 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1363 if (!ieee80211_node_dectestref(ni)) { 1364 /* 1365 * Other references are present, just remove the 1366 * node from the table so it cannot be found. When 1367 * the references are dropped storage will be 1368 * reclaimed. 1369 */ 1370 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1371 LIST_REMOVE(ni, ni_hash); 1372 ni->ni_table = NULL; /* clear reference */ 1373 } else 1374 _ieee80211_free_node(ni); 1375 } 1376 1377 static void 1378 ieee80211_free_allnodes_locked(struct ieee80211_node_table *nt) 1379 { 1380 struct ieee80211com *ic = nt->nt_ic; 1381 struct ieee80211_node *ni; 1382 1383 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1384 "%s: free all nodes in %s table\n", __func__, nt->nt_name); 1385 1386 while ((ni = TAILQ_FIRST(&nt->nt_node)) != NULL) { 1387 if (ni->ni_associd != 0) { 1388 if (ic->ic_auth->ia_node_leave != NULL) 1389 ic->ic_auth->ia_node_leave(ic, ni); 1390 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1391 } 1392 node_reclaim(nt, ni); 1393 } 1394 ieee80211_reset_erp(ic); 1395 } 1396 1397 static void 1398 ieee80211_free_allnodes(struct ieee80211_node_table *nt) 1399 { 1400 1401 IEEE80211_NODE_LOCK(nt); 1402 ieee80211_free_allnodes_locked(nt); 1403 IEEE80211_NODE_UNLOCK(nt); 1404 } 1405 1406 /* 1407 * Timeout entries in the scan cache. 1408 */ 1409 static void 1410 ieee80211_timeout_scan_candidates(struct ieee80211_node_table *nt) 1411 { 1412 struct ieee80211com *ic = nt->nt_ic; 1413 struct ieee80211_node *ni, *tni; 1414 1415 IEEE80211_NODE_LOCK(nt); 1416 ni = ic->ic_bss; 1417 /* XXX belongs elsewhere */ 1418 if (ni->ni_rxfrag[0] != NULL && ticks > ni->ni_rxfragstamp + hz) { 1419 m_freem(ni->ni_rxfrag[0]); 1420 ni->ni_rxfrag[0] = NULL; 1421 } 1422 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, tni) { 1423 if (ni->ni_inact && --ni->ni_inact == 0) { 1424 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1425 "[%s] scan candidate purged from cache " 1426 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1427 ieee80211_node_refcnt(ni)); 1428 node_reclaim(nt, ni); 1429 } 1430 } 1431 IEEE80211_NODE_UNLOCK(nt); 1432 1433 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1434 } 1435 1436 /* 1437 * Timeout inactive stations and do related housekeeping. 1438 * Note that we cannot hold the node lock while sending a 1439 * frame as this would lead to a LOR. Instead we use a 1440 * generation number to mark nodes that we've scanned and 1441 * drop the lock and restart a scan if we have to time out 1442 * a node. Since we are single-threaded by virtue of 1443 * controlling the inactivity timer we can be sure this will 1444 * process each node only once. 1445 */ 1446 static void 1447 ieee80211_timeout_stations(struct ieee80211_node_table *nt) 1448 { 1449 struct ieee80211com *ic = nt->nt_ic; 1450 struct ieee80211_node *ni; 1451 u_int gen; 1452 1453 IEEE80211_SCAN_LOCK(nt); 1454 gen = nt->nt_scangen++; 1455 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1456 "%s: %s scangen %u\n", __func__, nt->nt_name, gen); 1457 restart: 1458 IEEE80211_NODE_LOCK(nt); 1459 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1460 if (ni->ni_scangen == gen) /* previously handled */ 1461 continue; 1462 ni->ni_scangen = gen; 1463 /* 1464 * Free fragment if not needed anymore 1465 * (last fragment older than 1s). 1466 * XXX doesn't belong here 1467 */ 1468 if (ni->ni_rxfrag[0] != NULL && 1469 ticks > ni->ni_rxfragstamp + hz) { 1470 m_freem(ni->ni_rxfrag[0]); 1471 ni->ni_rxfrag[0] = NULL; 1472 } 1473 /* 1474 * Special case ourself; we may be idle for extended periods 1475 * of time and regardless reclaiming our state is wrong. 1476 */ 1477 if (ni == ic->ic_bss) 1478 continue; 1479 ni->ni_inact--; 1480 if (ni->ni_associd != 0) { 1481 /* 1482 * Age frames on the power save queue. The 1483 * aging interval is 4 times the listen 1484 * interval specified by the station. This 1485 * number is factored into the age calculations 1486 * when the frame is placed on the queue. We 1487 * store ages as time differences we can check 1488 * and/or adjust only the head of the list. 1489 */ 1490 if (IEEE80211_NODE_SAVEQ_QLEN(ni) != 0) { 1491 struct mbuf *m; 1492 int discard = 0; 1493 1494 IEEE80211_NODE_SAVEQ_LOCK(ni); 1495 while (IF_POLL(&ni->ni_savedq, m) != NULL && 1496 M_AGE_GET(m) < IEEE80211_INACT_WAIT) { 1497 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, "[%s] discard frame, age %u\n", ether_sprintf(ni->ni_macaddr), M_AGE_GET(m));/*XXX*/ 1498 _IEEE80211_NODE_SAVEQ_DEQUEUE_HEAD(ni, m); 1499 m_freem(m); 1500 discard++; 1501 } 1502 if (m != NULL) 1503 M_AGE_SUB(m, IEEE80211_INACT_WAIT); 1504 IEEE80211_NODE_SAVEQ_UNLOCK(ni); 1505 1506 if (discard != 0) { 1507 IEEE80211_DPRINTF(ic, 1508 IEEE80211_MSG_POWER, 1509 "[%s] discard %u frames for age\n", 1510 ether_sprintf(ni->ni_macaddr), 1511 discard); 1512 IEEE80211_NODE_STAT_ADD(ni, 1513 ps_discard, discard); 1514 if (IEEE80211_NODE_SAVEQ_QLEN(ni) == 0) 1515 ic->ic_set_tim(ic, ni, 0); 1516 } 1517 } 1518 /* 1519 * Probe the station before time it out. We 1520 * send a null data frame which may not be 1521 * universally supported by drivers (need it 1522 * for ps-poll support so it should be...). 1523 */ 1524 if (0 < ni->ni_inact && 1525 ni->ni_inact <= ic->ic_inact_probe) { 1526 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1527 "[%s] probe station due to inactivity\n", 1528 ether_sprintf(ni->ni_macaddr)); 1529 IEEE80211_NODE_UNLOCK(nt); 1530 ieee80211_send_nulldata(ic, ni); 1531 /* XXX stat? */ 1532 goto restart; 1533 } 1534 } 1535 if (ni->ni_inact <= 0) { 1536 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1537 "[%s] station timed out due to inactivity " 1538 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1539 ieee80211_node_refcnt(ni)); 1540 /* 1541 * Send a deauthenticate frame and drop the station. 1542 * This is somewhat complicated due to reference counts 1543 * and locking. At this point a station will typically 1544 * have a reference count of 1. ieee80211_node_leave 1545 * will do a "free" of the node which will drop the 1546 * reference count. But in the meantime a reference 1547 * wil be held by the deauth frame. The actual reclaim 1548 * of the node will happen either after the tx is 1549 * completed or by ieee80211_node_leave. 1550 * 1551 * Separately we must drop the node lock before sending 1552 * in case the driver takes a lock, as this will result 1553 * in LOR between the node lock and the driver lock. 1554 */ 1555 IEEE80211_NODE_UNLOCK(nt); 1556 if (ni->ni_associd != 0) { 1557 IEEE80211_SEND_MGMT(ic, ni, 1558 IEEE80211_FC0_SUBTYPE_DEAUTH, 1559 IEEE80211_REASON_AUTH_EXPIRE); 1560 } 1561 ieee80211_node_leave(ic, ni); 1562 ic->ic_stats.is_node_timeout++; 1563 goto restart; 1564 } 1565 } 1566 IEEE80211_NODE_UNLOCK(nt); 1567 1568 IEEE80211_SCAN_UNLOCK(nt); 1569 1570 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1571 } 1572 1573 void 1574 ieee80211_iterate_nodes(struct ieee80211_node_table *nt, ieee80211_iter_func *f, void *arg) 1575 { 1576 struct ieee80211_node *ni; 1577 u_int gen; 1578 1579 IEEE80211_SCAN_LOCK(nt); 1580 gen = nt->nt_scangen++; 1581 restart: 1582 IEEE80211_NODE_LOCK(nt); 1583 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1584 if (ni->ni_scangen != gen) { 1585 ni->ni_scangen = gen; 1586 (void) ieee80211_ref_node(ni); 1587 IEEE80211_NODE_UNLOCK(nt); 1588 (*f)(arg, ni); 1589 ieee80211_free_node(ni); 1590 goto restart; 1591 } 1592 } 1593 IEEE80211_NODE_UNLOCK(nt); 1594 1595 IEEE80211_SCAN_UNLOCK(nt); 1596 } 1597 1598 void 1599 ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1600 { 1601 printf("0x%p: mac %s refcnt %d\n", ni, 1602 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 1603 printf("\tscangen %u authmode %u flags 0x%x\n", 1604 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 1605 printf("\tassocid 0x%x txpower %u vlan %u\n", 1606 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 1607 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 1608 ni->ni_txseqs[0], 1609 ni->ni_rxseqs[0] >> IEEE80211_SEQ_SEQ_SHIFT, 1610 ni->ni_rxseqs[0] & IEEE80211_SEQ_FRAG_MASK, 1611 ni->ni_rxfragstamp); 1612 printf("\trstamp %u rssi %u intval %u capinfo 0x%x\n", 1613 ni->ni_rstamp, ni->ni_rssi, ni->ni_intval, ni->ni_capinfo); 1614 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 1615 ether_sprintf(ni->ni_bssid), 1616 ni->ni_esslen, ni->ni_essid, 1617 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 1618 printf("\tfails %u inact %u txrate %u\n", 1619 ni->ni_fails, ni->ni_inact, ni->ni_txrate); 1620 } 1621 1622 void 1623 ieee80211_dump_nodes(struct ieee80211_node_table *nt) 1624 { 1625 ieee80211_iterate_nodes(nt, 1626 (ieee80211_iter_func *) ieee80211_dump_node, nt); 1627 } 1628 1629 /* 1630 * Handle a station joining an 11g network. 1631 */ 1632 static void 1633 ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1634 { 1635 1636 /* 1637 * Station isn't capable of short slot time. Bump 1638 * the count of long slot time stations and disable 1639 * use of short slot time. Note that the actual switch 1640 * over to long slot time use may not occur until the 1641 * next beacon transmission (per sec. 7.3.1.4 of 11g). 1642 */ 1643 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 1644 ic->ic_longslotsta++; 1645 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1646 "[%s] station needs long slot time, count %d\n", 1647 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 1648 /* XXX vap's w/ conflicting needs won't work */ 1649 ieee80211_set_shortslottime(ic, 0); 1650 } 1651 /* 1652 * If the new station is not an ERP station 1653 * then bump the counter and enable protection 1654 * if configured. 1655 */ 1656 if (!ieee80211_iserp_rateset(ic, &ni->ni_rates)) { 1657 ic->ic_nonerpsta++; 1658 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1659 "[%s] station is !ERP, %d non-ERP stations associated\n", 1660 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 1661 /* 1662 * If protection is configured, enable it. 1663 */ 1664 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 1665 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1666 "%s: enable use of protection\n", __func__); 1667 ic->ic_flags |= IEEE80211_F_USEPROT; 1668 } 1669 /* 1670 * If station does not support short preamble 1671 * then we must enable use of Barker preamble. 1672 */ 1673 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 1674 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1675 "[%s] station needs long preamble\n", 1676 ether_sprintf(ni->ni_macaddr)); 1677 ic->ic_flags |= IEEE80211_F_USEBARKER; 1678 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 1679 } 1680 } else 1681 ni->ni_flags |= IEEE80211_NODE_ERP; 1682 } 1683 1684 void 1685 ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, int resp) 1686 { 1687 int newassoc; 1688 1689 if (ni->ni_associd == 0) { 1690 u_int16_t aid; 1691 1692 /* 1693 * It would be good to search the bitmap 1694 * more efficiently, but this will do for now. 1695 */ 1696 for (aid = 1; aid < ic->ic_max_aid; aid++) { 1697 if (!IEEE80211_AID_ISSET(aid, 1698 ic->ic_aid_bitmap)) 1699 break; 1700 } 1701 if (aid >= ic->ic_max_aid) { 1702 IEEE80211_SEND_MGMT(ic, ni, resp, 1703 IEEE80211_REASON_ASSOC_TOOMANY); 1704 ieee80211_node_leave(ic, ni); 1705 return; 1706 } 1707 ni->ni_associd = aid | 0xc000; 1708 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 1709 ic->ic_sta_assoc++; 1710 newassoc = 1; 1711 if (ic->ic_curmode == IEEE80211_MODE_11G || 1712 ic->ic_curmode == IEEE80211_MODE_TURBO_G) 1713 ieee80211_node_join_11g(ic, ni); 1714 } else 1715 newassoc = 0; 1716 1717 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 1718 "[%s] station %sassociated at aid %d: %s preamble, %s slot time%s%s\n", 1719 ether_sprintf(ni->ni_macaddr), newassoc ? "" : "re", 1720 IEEE80211_NODE_AID(ni), 1721 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 1722 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 1723 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 1724 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "" 1725 ); 1726 1727 /* give driver a chance to setup state like ni_txrate */ 1728 if (ic->ic_newassoc != NULL) 1729 ic->ic_newassoc(ic, ni, newassoc); 1730 ni->ni_inact_reload = ic->ic_inact_auth; 1731 ni->ni_inact = ni->ni_inact_reload; 1732 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 1733 /* tell the authenticator about new station */ 1734 if (ic->ic_auth->ia_node_join != NULL) 1735 ic->ic_auth->ia_node_join(ic, ni); 1736 ieee80211_notify_node_join(ic, ni, newassoc); 1737 } 1738 1739 /* 1740 * Handle a station leaving an 11g network. 1741 */ 1742 static void 1743 ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1744 { 1745 1746 IASSERT(ic->ic_curmode == IEEE80211_MODE_11G || 1747 ic->ic_curmode == IEEE80211_MODE_TURBO_G, 1748 ("not in 11g, curmode %x", ic->ic_curmode)); 1749 1750 /* 1751 * If a long slot station do the slot time bookkeeping. 1752 */ 1753 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 1754 IASSERT(ic->ic_longslotsta > 0, 1755 ("bogus long slot station count %d", ic->ic_longslotsta)); 1756 ic->ic_longslotsta--; 1757 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1758 "[%s] long slot time station leaves, count now %d\n", 1759 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 1760 if (ic->ic_longslotsta == 0) { 1761 /* 1762 * Re-enable use of short slot time if supported 1763 * and not operating in IBSS mode (per spec). 1764 */ 1765 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 1766 ic->ic_opmode != IEEE80211_M_IBSS) { 1767 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1768 "%s: re-enable use of short slot time\n", 1769 __func__); 1770 ieee80211_set_shortslottime(ic, 1); 1771 } 1772 } 1773 } 1774 /* 1775 * If a non-ERP station do the protection-related bookkeeping. 1776 */ 1777 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 1778 IASSERT(ic->ic_nonerpsta > 0, 1779 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 1780 ic->ic_nonerpsta--; 1781 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1782 "[%s] non-ERP station leaves, count now %d\n", 1783 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 1784 if (ic->ic_nonerpsta == 0) { 1785 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1786 "%s: disable use of protection\n", __func__); 1787 ic->ic_flags &= ~IEEE80211_F_USEPROT; 1788 /* XXX verify mode? */ 1789 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 1790 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 1791 "%s: re-enable use of short preamble\n", 1792 __func__); 1793 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 1794 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 1795 } 1796 } 1797 } 1798 } 1799 1800 /* 1801 * Handle bookkeeping for station deauthentication/disassociation 1802 * when operating as an ap. 1803 */ 1804 void 1805 ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 1806 { 1807 struct ieee80211_node_table *nt = ni->ni_table; 1808 1809 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 1810 "[%s] station with aid %d leaves\n", 1811 ether_sprintf(ni->ni_macaddr), IEEE80211_NODE_AID(ni)); 1812 1813 IASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 1814 ic->ic_opmode == IEEE80211_M_IBSS || 1815 ic->ic_opmode == IEEE80211_M_AHDEMO, 1816 ("unexpected operating mode %u", ic->ic_opmode)); 1817 /* 1818 * If node wasn't previously associated all 1819 * we need to do is reclaim the reference. 1820 */ 1821 /* XXX ibss mode bypasses 11g and notification */ 1822 if (ni->ni_associd == 0) 1823 goto done; 1824 /* 1825 * Tell the authenticator the station is leaving. 1826 * Note that we must do this before yanking the 1827 * association id as the authenticator uses the 1828 * associd to locate it's state block. 1829 */ 1830 if (ic->ic_auth->ia_node_leave != NULL) 1831 ic->ic_auth->ia_node_leave(ic, ni); 1832 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1833 ni->ni_associd = 0; 1834 ic->ic_sta_assoc--; 1835 1836 if (ic->ic_curmode == IEEE80211_MODE_11G || 1837 ic->ic_curmode == IEEE80211_MODE_TURBO_G) 1838 ieee80211_node_leave_11g(ic, ni); 1839 /* 1840 * Cleanup station state. In particular clear various 1841 * state that might otherwise be reused if the node 1842 * is reused before the reference count goes to zero 1843 * (and memory is reclaimed). 1844 */ 1845 ieee80211_sta_leave(ic, ni); 1846 done: 1847 /* 1848 * Remove the node from any table it's recorded in and 1849 * drop the caller's reference. Removal from the table 1850 * is important to insure the node is not reprocessed 1851 * for inactivity. 1852 */ 1853 if (nt != NULL) { 1854 IEEE80211_NODE_LOCK(nt); 1855 node_reclaim(nt, ni); 1856 IEEE80211_NODE_UNLOCK(nt); 1857 } else 1858 ieee80211_free_node(ni); 1859 } 1860 1861 u_int8_t 1862 ieee80211_getrssi(struct ieee80211com *ic) 1863 { 1864 #define NZ(x) ((x) == 0 ? 1 : (x)) 1865 struct ieee80211_node_table *nt = &ic->ic_sta; 1866 u_int32_t rssi_samples, rssi_total; 1867 struct ieee80211_node *ni; 1868 1869 rssi_total = 0; 1870 rssi_samples = 0; 1871 switch (ic->ic_opmode) { 1872 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 1873 /* XXX locking */ 1874 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 1875 if (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) { 1876 rssi_samples++; 1877 rssi_total += ic->ic_node_getrssi(ni); 1878 } 1879 break; 1880 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 1881 /* XXX locking */ 1882 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1883 rssi_samples++; 1884 rssi_total += ic->ic_node_getrssi(ni); 1885 } 1886 break; 1887 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 1888 #ifndef IEEE80211_NO_HOSTAP 1889 /* XXX locking */ 1890 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 1891 if (IEEE80211_AID(ni->ni_associd) != 0) { 1892 rssi_samples++; 1893 rssi_total += ic->ic_node_getrssi(ni); 1894 } 1895 #endif /* !IEEE80211_NO_HOSTAP */ 1896 break; 1897 case IEEE80211_M_MONITOR: /* XXX */ 1898 case IEEE80211_M_STA: /* use stats from associated ap */ 1899 default: 1900 if (ic->ic_bss != NULL) 1901 rssi_total = ic->ic_node_getrssi(ic->ic_bss); 1902 rssi_samples = 1; 1903 break; 1904 } 1905 return rssi_total / NZ(rssi_samples); 1906 #undef NZ 1907 } 1908 1909 /* 1910 * Indicate whether there are frames queued for a station in power-save mode. 1911 */ 1912 static void 1913 ieee80211_set_tim(struct ieee80211com *ic, struct ieee80211_node *ni, int set) 1914 { 1915 u_int16_t aid; 1916 1917 IASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 1918 ic->ic_opmode == IEEE80211_M_IBSS, 1919 ("operating mode %u", ic->ic_opmode)); 1920 1921 aid = IEEE80211_AID(ni->ni_associd); 1922 IASSERT(aid < ic->ic_max_aid, 1923 ("bogus aid %u, max %u", aid, ic->ic_max_aid)); 1924 1925 IEEE80211_BEACON_LOCK(ic); 1926 if (set != (isset(ic->ic_tim_bitmap, aid) != 0)) { 1927 if (set) { 1928 setbit(ic->ic_tim_bitmap, aid); 1929 ic->ic_ps_pending++; 1930 } else { 1931 clrbit(ic->ic_tim_bitmap, aid); 1932 ic->ic_ps_pending--; 1933 } 1934 ic->ic_flags |= IEEE80211_F_TIMUPDATE; 1935 } 1936 IEEE80211_BEACON_UNLOCK(ic); 1937 } 1938 1939 /* 1940 * Node table support. 1941 */ 1942 1943 static void 1944 ieee80211_node_table_init(struct ieee80211com *ic, 1945 struct ieee80211_node_table *nt, 1946 const char *name, int inact, 1947 void (*timeout)(struct ieee80211_node_table *)) 1948 { 1949 1950 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1951 "%s %s table, inact %u\n", __func__, name, inact); 1952 1953 nt->nt_ic = ic; 1954 /* XXX need unit */ 1955 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_ifp->if_xname); 1956 IEEE80211_SCAN_LOCK_INIT(nt, ic->ic_ifp->if_xname); 1957 TAILQ_INIT(&nt->nt_node); 1958 nt->nt_name = name; 1959 nt->nt_scangen = 1; 1960 nt->nt_inact_init = inact; 1961 nt->nt_timeout = timeout; 1962 } 1963 1964 void 1965 ieee80211_node_table_reset(struct ieee80211_node_table *nt) 1966 { 1967 1968 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1969 "%s %s table\n", __func__, nt->nt_name); 1970 1971 IEEE80211_NODE_LOCK(nt); 1972 nt->nt_inact_timer = 0; 1973 ieee80211_free_allnodes_locked(nt); 1974 IEEE80211_NODE_UNLOCK(nt); 1975 } 1976 1977 static void 1978 ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 1979 { 1980 1981 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1982 "%s %s table\n", __func__, nt->nt_name); 1983 1984 ieee80211_free_allnodes_locked(nt); 1985 IEEE80211_SCAN_LOCK_DESTROY(nt); 1986 IEEE80211_NODE_LOCK_DESTROY(nt); 1987 } 1988