1 /* $NetBSD: ieee80211_node.c,v 1.47 2005/11/23 04:24:00 dyoung Exp $ */ 2 /*- 3 * Copyright (c) 2001 Atsushi Onoe 4 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote products 16 * derived from this software without specific prior written permission. 17 * 18 * Alternatively, this software may be distributed under the terms of the 19 * GNU General Public License ("GPL") version 2 as published by the Free 20 * Software Foundation. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 #ifdef __FreeBSD__ 36 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_node.c,v 1.65 2005/08/13 17:50:21 sam Exp $"); 37 #endif 38 #ifdef __NetBSD__ 39 __KERNEL_RCSID(0, "$NetBSD: ieee80211_node.c,v 1.47 2005/11/23 04:24:00 dyoung Exp $"); 40 #endif 41 42 #include "opt_inet.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/mbuf.h> 47 #include <sys/malloc.h> 48 #include <sys/kernel.h> 49 50 #include <sys/socket.h> 51 #include <sys/sockio.h> 52 #include <sys/endian.h> 53 #include <sys/errno.h> 54 #include <sys/proc.h> 55 #include <sys/sysctl.h> 56 57 #include <net/if.h> 58 #include <net/if_media.h> 59 #include <net/if_arp.h> 60 #include <net/if_ether.h> 61 #include <net/if_llc.h> 62 63 #include <net80211/ieee80211_netbsd.h> 64 #include <net80211/ieee80211_var.h> 65 66 #include <net/bpf.h> 67 68 #ifdef INET 69 #include <netinet/in.h> 70 #include <net/if_ether.h> 71 #endif 72 73 /* 74 * Association id's are managed with a bit vector. 75 */ 76 #define IEEE80211_AID_SET(b, w) \ 77 ((w)[IEEE80211_AID(b) / 32] |= (1 << (IEEE80211_AID(b) % 32))) 78 #define IEEE80211_AID_CLR(b, w) \ 79 ((w)[IEEE80211_AID(b) / 32] &= ~(1 << (IEEE80211_AID(b) % 32))) 80 #define IEEE80211_AID_ISSET(b, w) \ 81 ((w)[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 82 83 static struct ieee80211_node *node_alloc(struct ieee80211_node_table *); 84 static void node_cleanup(struct ieee80211_node *); 85 static void node_free(struct ieee80211_node *); 86 static u_int8_t node_getrssi(const struct ieee80211_node *); 87 88 static void ieee80211_setup_node(struct ieee80211_node_table *, 89 struct ieee80211_node *, const u_int8_t *); 90 static void _ieee80211_free_node(struct ieee80211_node *); 91 static void ieee80211_free_allnodes(struct ieee80211_node_table *); 92 93 static void ieee80211_timeout_scan_candidates(struct ieee80211_node_table *); 94 static void ieee80211_timeout_stations(struct ieee80211_node_table *); 95 96 static void ieee80211_set_tim(struct ieee80211_node *, int set); 97 98 static void ieee80211_node_table_init(struct ieee80211com *ic, 99 struct ieee80211_node_table *nt, const char *name, 100 int inact, int keyixmax, 101 void (*timeout)(struct ieee80211_node_table *)); 102 static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 103 104 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 105 106 void 107 ieee80211_node_attach(struct ieee80211com *ic) 108 { 109 110 ic->ic_node_alloc = node_alloc; 111 ic->ic_node_free = node_free; 112 ic->ic_node_cleanup = node_cleanup; 113 ic->ic_node_getrssi = node_getrssi; 114 115 /* default station inactivity timer setings */ 116 ic->ic_inact_init = IEEE80211_INACT_INIT; 117 ic->ic_inact_auth = IEEE80211_INACT_AUTH; 118 ic->ic_inact_run = IEEE80211_INACT_RUN; 119 ic->ic_inact_probe = IEEE80211_INACT_PROBE; 120 121 /* NB: driver should override */ 122 ic->ic_max_aid = IEEE80211_AID_DEF; 123 ic->ic_set_tim = ieee80211_set_tim; 124 } 125 126 void 127 ieee80211_node_lateattach(struct ieee80211com *ic) 128 { 129 struct ieee80211_rsnparms *rsn; 130 131 if (ic->ic_max_aid > IEEE80211_AID_MAX) 132 ic->ic_max_aid = IEEE80211_AID_MAX; 133 MALLOC(ic->ic_aid_bitmap, u_int32_t *, 134 howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t), 135 M_DEVBUF, M_NOWAIT | M_ZERO); 136 if (ic->ic_aid_bitmap == NULL) { 137 /* XXX no way to recover */ 138 printf("%s: no memory for AID bitmap!\n", __func__); 139 ic->ic_max_aid = 0; 140 } 141 142 /* XXX defer until using hostap/ibss mode */ 143 ic->ic_tim_len = howmany(ic->ic_max_aid, 8) * sizeof(u_int8_t); 144 MALLOC(ic->ic_tim_bitmap, u_int8_t *, ic->ic_tim_len, 145 M_DEVBUF, M_NOWAIT | M_ZERO); 146 if (ic->ic_tim_bitmap == NULL) { 147 /* XXX no way to recover */ 148 printf("%s: no memory for TIM bitmap!\n", __func__); 149 } 150 151 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 152 IEEE80211_INACT_INIT, ic->ic_crypto.cs_max_keyix, 153 ieee80211_timeout_stations); 154 ieee80211_node_table_init(ic, &ic->ic_scan, "scan", 155 IEEE80211_INACT_SCAN, 0, 156 ieee80211_timeout_scan_candidates); 157 158 ieee80211_reset_bss(ic); 159 /* 160 * Setup "global settings" in the bss node so that 161 * each new station automatically inherits them. 162 */ 163 rsn = &ic->ic_bss->ni_rsn; 164 /* WEP, TKIP, and AES-CCM are always supported */ 165 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_WEP; 166 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_TKIP; 167 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_CCM; 168 if (ic->ic_caps & IEEE80211_C_AES) 169 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_OCB; 170 if (ic->ic_caps & IEEE80211_C_CKIP) 171 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_CKIP; 172 /* 173 * Default unicast cipher to WEP for 802.1x use. If 174 * WPA is enabled the management code will set these 175 * values to reflect. 176 */ 177 rsn->rsn_ucastcipher = IEEE80211_CIPHER_WEP; 178 rsn->rsn_ucastkeylen = 104 / NBBY; 179 /* 180 * WPA says the multicast cipher is the lowest unicast 181 * cipher supported. But we skip WEP which would 182 * otherwise be used based on this criteria. 183 */ 184 rsn->rsn_mcastcipher = IEEE80211_CIPHER_TKIP; 185 rsn->rsn_mcastkeylen = 128 / NBBY; 186 187 /* 188 * We support both WPA-PSK and 802.1x; the one used 189 * is determined by the authentication mode and the 190 * setting of the PSK state. 191 */ 192 rsn->rsn_keymgmtset = WPA_ASE_8021X_UNSPEC | WPA_ASE_8021X_PSK; 193 rsn->rsn_keymgmt = WPA_ASE_8021X_PSK; 194 195 ic->ic_auth = ieee80211_authenticator_get(ic->ic_bss->ni_authmode); 196 } 197 198 void 199 ieee80211_node_detach(struct ieee80211com *ic) 200 { 201 202 if (ic->ic_bss != NULL) { 203 ieee80211_free_node(ic->ic_bss); 204 ic->ic_bss = NULL; 205 } 206 ieee80211_node_table_cleanup(&ic->ic_scan); 207 ieee80211_node_table_cleanup(&ic->ic_sta); 208 if (ic->ic_aid_bitmap != NULL) { 209 FREE(ic->ic_aid_bitmap, M_DEVBUF); 210 ic->ic_aid_bitmap = NULL; 211 } 212 if (ic->ic_tim_bitmap != NULL) { 213 FREE(ic->ic_tim_bitmap, M_DEVBUF); 214 ic->ic_tim_bitmap = NULL; 215 } 216 } 217 218 /* 219 * Port authorize/unauthorize interfaces for use by an authenticator. 220 */ 221 222 void 223 ieee80211_node_authorize(struct ieee80211_node *ni) 224 { 225 struct ieee80211com *ic = ni->ni_ic; 226 227 ni->ni_flags |= IEEE80211_NODE_AUTH; 228 ni->ni_inact_reload = ic->ic_inact_run; 229 } 230 231 void 232 ieee80211_node_unauthorize(struct ieee80211_node *ni) 233 { 234 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 235 } 236 237 /* 238 * Set/change the channel. The rate set is also updated as 239 * to insure a consistent view by drivers. 240 */ 241 static __inline void 242 ieee80211_set_chan(struct ieee80211com *ic, 243 struct ieee80211_node *ni, struct ieee80211_channel *chan) 244 { 245 ni->ni_chan = chan; 246 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, chan)]; 247 } 248 249 /* 250 * AP scanning support. 251 */ 252 253 #ifdef IEEE80211_DEBUG 254 static void 255 dump_chanlist(const u_char chans[]) 256 { 257 const char *sep; 258 int i; 259 260 sep = " "; 261 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 262 if (isset(chans, i)) { 263 printf("%s%u", sep, i); 264 sep = ", "; 265 } 266 } 267 #endif /* IEEE80211_DEBUG */ 268 269 /* 270 * Initialize the channel set to scan based on the 271 * of available channels and the current PHY mode. 272 */ 273 static void 274 ieee80211_reset_scan(struct ieee80211com *ic) 275 { 276 277 /* XXX ic_des_chan should be handled with ic_chan_active */ 278 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC) { 279 memset(ic->ic_chan_scan, 0, sizeof(ic->ic_chan_scan)); 280 setbit(ic->ic_chan_scan, 281 ieee80211_chan2ieee(ic, ic->ic_des_chan)); 282 } else 283 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 284 sizeof(ic->ic_chan_active)); 285 #ifdef IEEE80211_DEBUG 286 if (ieee80211_msg_scan(ic)) { 287 printf("%s: scan set:", __func__); 288 dump_chanlist(ic->ic_chan_scan); 289 printf(" start chan %u\n", 290 ieee80211_chan2ieee(ic, ic->ic_curchan)); 291 } 292 #endif /* IEEE80211_DEBUG */ 293 } 294 295 /* 296 * Begin an active scan. 297 */ 298 void 299 ieee80211_begin_scan(struct ieee80211com *ic, int reset) 300 { 301 302 ic->ic_scan.nt_scangen++; 303 /* 304 * In all but hostap mode scanning starts off in 305 * an active mode before switching to passive. 306 */ 307 if (ic->ic_opmode != IEEE80211_M_HOSTAP) { 308 ic->ic_flags |= IEEE80211_F_ASCAN; 309 ic->ic_stats.is_scan_active++; 310 } else 311 ic->ic_stats.is_scan_passive++; 312 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 313 "begin %s scan in %s mode, scangen %u\n", 314 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive", 315 ieee80211_phymode_name[ic->ic_curmode], ic->ic_scan.nt_scangen); 316 /* 317 * Clear scan state and flush any previously seen AP's. 318 */ 319 ieee80211_reset_scan(ic); 320 if (reset) 321 ieee80211_free_allnodes(&ic->ic_scan); 322 323 ic->ic_flags |= IEEE80211_F_SCAN; 324 325 /* Scan the next channel. */ 326 ieee80211_next_scan(ic); 327 } 328 329 /* 330 * Switch to the next channel marked for scanning. 331 */ 332 int 333 ieee80211_next_scan(struct ieee80211com *ic) 334 { 335 struct ieee80211_channel *chan; 336 337 /* 338 * Insure any previous mgt frame timeouts don't fire. 339 * This assumes the driver does the right thing in 340 * flushing anything queued in the driver and below. 341 */ 342 ic->ic_mgt_timer = 0; 343 344 chan = ic->ic_curchan; 345 do { 346 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 347 chan = &ic->ic_channels[0]; 348 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 349 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 350 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 351 "%s: chan %d->%d\n", __func__, 352 ieee80211_chan2ieee(ic, ic->ic_curchan), 353 ieee80211_chan2ieee(ic, chan)); 354 ic->ic_curchan = chan; 355 /* 356 * XXX drivers should do this as needed, 357 * XXX for now maintain compatibility 358 */ 359 ic->ic_bss->ni_rates = 360 ic->ic_sup_rates[ieee80211_chan2mode(ic, chan)]; 361 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 362 return 1; 363 } 364 } while (chan != ic->ic_curchan); 365 ieee80211_end_scan(ic); 366 return 0; 367 } 368 369 static __inline void 370 copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 371 { 372 /* propagate useful state */ 373 nbss->ni_authmode = obss->ni_authmode; 374 nbss->ni_txpower = obss->ni_txpower; 375 nbss->ni_vlan = obss->ni_vlan; 376 nbss->ni_rsn = obss->ni_rsn; 377 /* XXX statistics? */ 378 } 379 380 void 381 ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 382 { 383 struct ieee80211_node_table *nt; 384 struct ieee80211_node *ni; 385 386 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 387 "%s: creating ibss\n", __func__); 388 389 /* 390 * Create the station/neighbor table. Note that for adhoc 391 * mode we make the initial inactivity timer longer since 392 * we create nodes only through discovery and they typically 393 * are long-lived associations. 394 */ 395 nt = &ic->ic_sta; 396 IEEE80211_NODE_LOCK(nt); 397 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 398 nt->nt_name = "station"; 399 nt->nt_inact_init = ic->ic_inact_init; 400 } else { 401 nt->nt_name = "neighbor"; 402 nt->nt_inact_init = ic->ic_inact_run; 403 } 404 IEEE80211_NODE_UNLOCK(nt); 405 406 ni = ieee80211_alloc_node(&ic->ic_sta, ic->ic_myaddr); 407 if (ni == NULL) { 408 /* XXX recovery? */ 409 return; 410 } 411 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 412 ni->ni_esslen = ic->ic_des_esslen; 413 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 414 copy_bss(ni, ic->ic_bss); 415 ni->ni_intval = ic->ic_bintval; 416 if (ic->ic_flags & IEEE80211_F_PRIVACY) 417 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 418 if (ic->ic_phytype == IEEE80211_T_FH) { 419 ni->ni_fhdwell = 200; /* XXX */ 420 ni->ni_fhindex = 1; 421 } 422 if (ic->ic_opmode == IEEE80211_M_IBSS) { 423 ic->ic_flags |= IEEE80211_F_SIBSS; 424 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 425 if (ic->ic_flags & IEEE80211_F_DESBSSID) 426 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 427 else 428 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 429 } 430 /* 431 * Fix the channel and related attributes. 432 */ 433 ieee80211_set_chan(ic, ni, chan); 434 ic->ic_curchan = chan; 435 ic->ic_curmode = ieee80211_chan2mode(ic, chan); 436 /* 437 * Do mode-specific rate setup. 438 */ 439 if (ic->ic_curmode == IEEE80211_MODE_11G) { 440 /* 441 * Use a mixed 11b/11g rate set. 442 */ 443 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11G); 444 } else if (ic->ic_curmode == IEEE80211_MODE_11B) { 445 /* 446 * Force pure 11b rate set. 447 */ 448 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11B); 449 } 450 451 (void) ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 452 } 453 454 void 455 ieee80211_reset_bss(struct ieee80211com *ic) 456 { 457 struct ieee80211_node *ni, *obss; 458 459 ieee80211_node_table_reset(&ic->ic_scan); 460 ieee80211_node_table_reset(&ic->ic_sta); 461 462 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 463 IASSERT(ni != NULL, ("unable to setup inital BSS node")); 464 obss = ic->ic_bss; 465 ic->ic_bss = ieee80211_ref_node(ni); 466 if (obss != NULL) { 467 copy_bss(ni, obss); 468 ni->ni_intval = ic->ic_bintval; 469 ieee80211_free_node(obss); 470 } 471 } 472 473 /* XXX tunable */ 474 #define STA_FAILS_MAX 2 /* assoc failures before ignored */ 475 476 static int 477 ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 478 { 479 u_int8_t rate; 480 int fail; 481 482 fail = 0; 483 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 484 fail |= 0x01; 485 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 486 ni->ni_chan != ic->ic_des_chan) 487 fail |= 0x01; 488 if (ic->ic_opmode == IEEE80211_M_IBSS) { 489 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 490 fail |= 0x02; 491 } else { 492 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 493 fail |= 0x02; 494 } 495 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 496 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 497 fail |= 0x04; 498 } else { 499 /* XXX does this mean privacy is supported or required? */ 500 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 501 fail |= 0x04; 502 } 503 rate = ieee80211_fix_rate(ni, IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE); 504 if (rate & IEEE80211_RATE_BASIC) 505 fail |= 0x08; 506 if (ic->ic_des_esslen != 0 && 507 (ni->ni_esslen != ic->ic_des_esslen || 508 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 509 fail |= 0x10; 510 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 511 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 512 fail |= 0x20; 513 if (ni->ni_fails >= STA_FAILS_MAX) 514 fail |= 0x40; 515 #ifdef IEEE80211_DEBUG 516 if (ieee80211_msg_scan(ic)) { 517 printf(" %c %s", 518 fail & 0x40 ? '=' : fail & 0x80 ? '^' : fail ? '-' : '+', 519 ether_sprintf(ni->ni_macaddr)); 520 printf(" %s%c", ether_sprintf(ni->ni_bssid), 521 fail & 0x20 ? '!' : ' '); 522 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 523 fail & 0x01 ? '!' : ' '); 524 printf(" %+4d", ni->ni_rssi); 525 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 526 fail & 0x08 ? '!' : ' '); 527 printf(" %4s%c", 528 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 529 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 530 "????", 531 fail & 0x02 ? '!' : ' '); 532 printf(" %3s%c ", 533 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 534 "wep" : "no", 535 fail & 0x04 ? '!' : ' '); 536 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 537 printf("%s\n", fail & 0x10 ? "!" : ""); 538 } 539 #endif 540 return fail; 541 } 542 543 static __inline u_int8_t 544 maxrate(const struct ieee80211_node *ni) 545 { 546 const struct ieee80211_rateset *rs = &ni->ni_rates; 547 /* NB: assumes rate set is sorted (happens on frame receive) */ 548 return rs->rs_rates[rs->rs_nrates-1] & IEEE80211_RATE_VAL; 549 } 550 551 /* 552 * Compare the capabilities of two nodes and decide which is 553 * more desirable (return >0 if a is considered better). Note 554 * that we assume compatibility/usability has already been checked 555 * so we don't need to (e.g. validate whether privacy is supported). 556 * Used to select the best scan candidate for association in a BSS. 557 */ 558 static int 559 ieee80211_node_compare(struct ieee80211com *ic, 560 const struct ieee80211_node *a, 561 const struct ieee80211_node *b) 562 { 563 u_int8_t maxa, maxb; 564 u_int8_t rssia, rssib; 565 int weight; 566 567 /* privacy support preferred */ 568 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) && 569 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 570 return 1; 571 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0 && 572 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)) 573 return -1; 574 575 /* compare count of previous failures */ 576 weight = b->ni_fails - a->ni_fails; 577 if (abs(weight) > 1) 578 return weight; 579 580 rssia = ic->ic_node_getrssi(a); 581 rssib = ic->ic_node_getrssi(b); 582 if (abs(rssib - rssia) < 5) { 583 /* best/max rate preferred if signal level close enough XXX */ 584 maxa = maxrate(a); 585 maxb = maxrate(b); 586 if (maxa != maxb) 587 return maxa - maxb; 588 /* XXX use freq for channel preference */ 589 /* for now just prefer 5Ghz band to all other bands */ 590 if (IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 591 !IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 592 return 1; 593 if (!IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 594 IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 595 return -1; 596 } 597 /* all things being equal, use signal level */ 598 return rssia - rssib; 599 } 600 601 /* 602 * Mark an ongoing scan stopped. 603 */ 604 void 605 ieee80211_cancel_scan(struct ieee80211com *ic) 606 { 607 608 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "%s: end %s scan\n", 609 __func__, 610 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive"); 611 612 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 613 } 614 615 /* 616 * Complete a scan of potential channels. 617 */ 618 void 619 ieee80211_end_scan(struct ieee80211com *ic) 620 { 621 struct ieee80211_node_table *nt = &ic->ic_scan; 622 struct ieee80211_node *ni, *selbs; 623 624 ieee80211_cancel_scan(ic); 625 ieee80211_notify_scan_done(ic); 626 627 #ifndef IEEE80211_NO_HOSTAP 628 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 629 u_int8_t maxrssi[IEEE80211_CHAN_MAX]; /* XXX off stack? */ 630 int i, bestchan; 631 u_int8_t rssi; 632 633 /* 634 * The passive scan to look for existing AP's completed, 635 * select a channel to camp on. Identify the channels 636 * that already have one or more AP's and try to locate 637 * an unoccupied one. If that fails, pick a channel that 638 * looks to be quietest. 639 */ 640 memset(maxrssi, 0, sizeof(maxrssi)); 641 IEEE80211_NODE_LOCK(nt); 642 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 643 rssi = ic->ic_node_getrssi(ni); 644 i = ieee80211_chan2ieee(ic, ni->ni_chan); 645 if (rssi > maxrssi[i]) 646 maxrssi[i] = rssi; 647 } 648 IEEE80211_NODE_UNLOCK(nt); 649 /* XXX select channel more intelligently */ 650 bestchan = -1; 651 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 652 if (isset(ic->ic_chan_active, i)) { 653 /* 654 * If the channel is unoccupied the max rssi 655 * should be zero; just take it. Otherwise 656 * track the channel with the lowest rssi and 657 * use that when all channels appear occupied. 658 */ 659 if (maxrssi[i] == 0) { 660 bestchan = i; 661 break; 662 } 663 if (bestchan == -1 || 664 maxrssi[i] < maxrssi[bestchan]) 665 bestchan = i; 666 } 667 if (bestchan != -1) { 668 ieee80211_create_ibss(ic, &ic->ic_channels[bestchan]); 669 return; 670 } 671 /* no suitable channel, should not happen */ 672 } 673 #endif /* !IEEE80211_NO_HOSTAP */ 674 675 /* 676 * When manually sequencing the state machine; scan just once 677 * regardless of whether we have a candidate or not. The 678 * controlling application is expected to setup state and 679 * initiate an association. 680 */ 681 if (ic->ic_roaming == IEEE80211_ROAMING_MANUAL) 682 return; 683 /* 684 * Automatic sequencing; look for a candidate and 685 * if found join the network. 686 */ 687 /* NB: unlocked read should be ok */ 688 if (TAILQ_FIRST(&nt->nt_node) == NULL) { 689 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 690 "%s: no scan candidate\n", __func__); 691 notfound: 692 if (ic->ic_opmode == IEEE80211_M_IBSS && 693 (ic->ic_flags & IEEE80211_F_IBSSON) && 694 ic->ic_des_esslen != 0) { 695 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 696 return; 697 } 698 /* 699 * Decrement the failure counts so entries will be 700 * reconsidered the next time around. We really want 701 * to do this only for sta's where we've previously 702 had some success. 703 */ 704 IEEE80211_NODE_LOCK(nt); 705 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 706 if (ni->ni_fails) 707 ni->ni_fails--; 708 IEEE80211_NODE_UNLOCK(nt); 709 /* 710 * Reset the list of channels to scan and start again. 711 */ 712 ieee80211_reset_scan(ic); 713 ic->ic_flags |= IEEE80211_F_SCAN; 714 ieee80211_next_scan(ic); 715 return; 716 } 717 selbs = NULL; 718 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "\t%s\n", 719 "macaddr bssid chan rssi rate flag wep essid"); 720 IEEE80211_NODE_LOCK(nt); 721 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 722 if (ieee80211_match_bss(ic, ni) == 0) { 723 if (selbs == NULL) 724 selbs = ni; 725 else if (ieee80211_node_compare(ic, ni, selbs) > 0) 726 selbs = ni; 727 } 728 } 729 if (selbs != NULL) /* NB: grab ref while dropping lock */ 730 (void) ieee80211_ref_node(selbs); 731 IEEE80211_NODE_UNLOCK(nt); 732 if (selbs == NULL) 733 goto notfound; 734 if (!ieee80211_sta_join(ic, selbs)) { 735 ieee80211_free_node(selbs); 736 goto notfound; 737 } 738 } 739 740 /* 741 * Handle 802.11 ad hoc network merge. The 742 * convention, set by the Wireless Ethernet Compatibility Alliance 743 * (WECA), is that an 802.11 station will change its BSSID to match 744 * the "oldest" 802.11 ad hoc network, on the same channel, that 745 * has the station's desired SSID. The "oldest" 802.11 network 746 * sends beacons with the greatest TSF timestamp. 747 * 748 * The caller is assumed to validate TSF's before attempting a merge. 749 * 750 * Return !0 if the BSSID changed, 0 otherwise. 751 */ 752 int 753 ieee80211_ibss_merge(struct ieee80211_node *ni) 754 { 755 struct ieee80211com *ic = ni->ni_ic; 756 757 if (ni == ic->ic_bss || 758 IEEE80211_ADDR_EQ(ni->ni_bssid, ic->ic_bss->ni_bssid)) { 759 /* unchanged, nothing to do */ 760 return 0; 761 } 762 if (ieee80211_match_bss(ic, ni) != 0) { /* capabilities mismatch */ 763 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 764 "%s: merge failed, capabilities mismatch\n", __func__); 765 ic->ic_stats.is_ibss_capmismatch++; 766 return 0; 767 } 768 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 769 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 770 ether_sprintf(ni->ni_bssid), 771 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 772 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 773 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 774 ); 775 return ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 776 } 777 778 /* 779 * Join the specified IBSS/BSS network. The node is assumed to 780 * be passed in with a held reference. 781 */ 782 int 783 ieee80211_sta_join(struct ieee80211com *ic, struct ieee80211_node *selbs) 784 { 785 struct ieee80211_node *obss; 786 787 if (ic->ic_opmode == IEEE80211_M_IBSS) { 788 struct ieee80211_node_table *nt; 789 /* 790 * Delete unusable rates; we've already checked 791 * that the negotiated rate set is acceptable. 792 */ 793 ieee80211_fix_rate(selbs, IEEE80211_F_DODEL); 794 /* 795 * Fillin the neighbor table; it will already 796 * exist if we are simply switching mastership. 797 * XXX ic_sta always setup so this is unnecessary? 798 */ 799 nt = &ic->ic_sta; 800 IEEE80211_NODE_LOCK(nt); 801 nt->nt_name = "neighbor"; 802 nt->nt_inact_init = ic->ic_inact_run; 803 IEEE80211_NODE_UNLOCK(nt); 804 } 805 806 /* 807 * Committed to selbs, setup state. 808 */ 809 obss = ic->ic_bss; 810 ic->ic_bss = selbs; /* NB: caller assumed to bump refcnt */ 811 if (obss != NULL) 812 ieee80211_free_node(obss); 813 /* 814 * Set the erp state (mostly the slot time) to deal with 815 * the auto-select case; this should be redundant if the 816 * mode is locked. 817 */ 818 ic->ic_curmode = ieee80211_chan2mode(ic, selbs->ni_chan); 819 ic->ic_curchan = selbs->ni_chan; 820 ieee80211_reset_erp(ic); 821 ieee80211_wme_initparams(ic); 822 823 if (ic->ic_opmode == IEEE80211_M_STA) 824 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 825 else 826 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 827 return 1; 828 } 829 830 /* 831 * Leave the specified IBSS/BSS network. The node is assumed to 832 * be passed in with a held reference. 833 */ 834 void 835 ieee80211_sta_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 836 { 837 ic->ic_node_cleanup(ni); 838 ieee80211_notify_node_leave(ic, ni); 839 } 840 841 int 842 ieee80211_get_rate(struct ieee80211com *ic) 843 { 844 u_int8_t (*rates)[IEEE80211_RATE_MAXSIZE]; 845 int rate; 846 847 rates = &ic->ic_bss->ni_rates.rs_rates; 848 849 if (ic->ic_fixed_rate != -1) 850 rate = (*rates)[ic->ic_fixed_rate]; 851 else if (ic->ic_state == IEEE80211_S_RUN) 852 rate = (*rates)[ic->ic_bss->ni_txrate]; 853 else 854 rate = 0; 855 856 return rate & IEEE80211_RATE_VAL; 857 } 858 859 static struct ieee80211_node * 860 node_alloc(struct ieee80211_node_table *nt) 861 { 862 struct ieee80211_node *ni; 863 864 MALLOC(ni, struct ieee80211_node *, sizeof(struct ieee80211_node), 865 M_80211_NODE, M_NOWAIT | M_ZERO); 866 return ni; 867 } 868 869 /* 870 * Reclaim any resources in a node and reset any critical 871 * state. Typically nodes are free'd immediately after, 872 * but in some cases the storage may be reused so we need 873 * to insure consistent state (should probably fix that). 874 */ 875 static void 876 node_cleanup(struct ieee80211_node *ni) 877 { 878 #define N(a) (sizeof(a)/sizeof(a[0])) 879 struct ieee80211com *ic = ni->ni_ic; 880 int i, qlen; 881 882 /* NB: preserve ni_table */ 883 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 884 ic->ic_ps_sta--; 885 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 886 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, 887 "[%s] power save mode off, %u sta's in ps mode\n", 888 ether_sprintf(ni->ni_macaddr), ic->ic_ps_sta); 889 } 890 /* 891 * Clear AREF flag that marks the authorization refcnt bump 892 * has happened. This is probably not needed as the node 893 * should always be removed from the table so not found but 894 * do it just in case. 895 */ 896 ni->ni_flags &= ~IEEE80211_NODE_AREF; 897 898 /* 899 * Drain power save queue and, if needed, clear TIM. 900 */ 901 IEEE80211_NODE_SAVEQ_DRAIN(ni, qlen); 902 if (qlen != 0 && ic->ic_set_tim != NULL) 903 ic->ic_set_tim(ni, 0); 904 905 ni->ni_associd = 0; 906 if (ni->ni_challenge != NULL) { 907 FREE(ni->ni_challenge, M_DEVBUF); 908 ni->ni_challenge = NULL; 909 } 910 /* 911 * Preserve SSID, WPA, and WME ie's so the bss node is 912 * reusable during a re-auth/re-assoc state transition. 913 * If we remove these data they will not be recreated 914 * because they come from a probe-response or beacon frame 915 * which cannot be expected prior to the association-response. 916 * This should not be an issue when operating in other modes 917 * as stations leaving always go through a full state transition 918 * which will rebuild this state. 919 * 920 * XXX does this leave us open to inheriting old state? 921 */ 922 for (i = 0; i < N(ni->ni_rxfrag); i++) 923 if (ni->ni_rxfrag[i] != NULL) { 924 m_freem(ni->ni_rxfrag[i]); 925 ni->ni_rxfrag[i] = NULL; 926 } 927 /* 928 * Must be careful here to remove any key map entry w/o a LOR. 929 */ 930 ieee80211_node_delucastkey(ni); 931 #undef N 932 } 933 934 static void 935 node_free(struct ieee80211_node *ni) 936 { 937 struct ieee80211com *ic = ni->ni_ic; 938 939 ic->ic_node_cleanup(ni); 940 if (ni->ni_wpa_ie != NULL) 941 FREE(ni->ni_wpa_ie, M_DEVBUF); 942 if (ni->ni_wme_ie != NULL) 943 FREE(ni->ni_wme_ie, M_DEVBUF); 944 IEEE80211_NODE_SAVEQ_DESTROY(ni); 945 FREE(ni, M_80211_NODE); 946 } 947 948 static u_int8_t 949 node_getrssi(const struct ieee80211_node *ni) 950 { 951 return ni->ni_rssi; 952 } 953 954 static void 955 ieee80211_setup_node(struct ieee80211_node_table *nt, 956 struct ieee80211_node *ni, const u_int8_t *macaddr) 957 { 958 struct ieee80211com *ic = nt->nt_ic; 959 int hash; 960 961 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 962 "%s %p<%s> in %s table\n", __func__, ni, 963 ether_sprintf(macaddr), nt->nt_name); 964 965 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 966 hash = IEEE80211_NODE_HASH(macaddr); 967 ieee80211_node_initref(ni); /* mark referenced */ 968 ni->ni_chan = IEEE80211_CHAN_ANYC; 969 ni->ni_authmode = IEEE80211_AUTH_OPEN; 970 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 971 ieee80211_crypto_resetkey(ic, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 972 ni->ni_inact_reload = nt->nt_inact_init; 973 ni->ni_inact = ni->ni_inact_reload; 974 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 975 976 IEEE80211_NODE_LOCK(nt); 977 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 978 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 979 ni->ni_table = nt; 980 ni->ni_ic = ic; 981 IEEE80211_NODE_UNLOCK(nt); 982 } 983 984 struct ieee80211_node * 985 ieee80211_alloc_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 986 { 987 struct ieee80211com *ic = nt->nt_ic; 988 struct ieee80211_node *ni; 989 990 ni = ic->ic_node_alloc(nt); 991 if (ni != NULL) 992 ieee80211_setup_node(nt, ni, macaddr); 993 else 994 ic->ic_stats.is_rx_nodealloc++; 995 return ni; 996 } 997 998 /* 999 * Craft a temporary node suitable for sending a management frame 1000 * to the specified station. We craft only as much state as we 1001 * need to do the work since the node will be immediately reclaimed 1002 * once the send completes. 1003 */ 1004 struct ieee80211_node * 1005 ieee80211_tmp_node(struct ieee80211com *ic, const u_int8_t *macaddr) 1006 { 1007 struct ieee80211_node *ni; 1008 1009 ni = ic->ic_node_alloc(&ic->ic_sta); 1010 if (ni != NULL) { 1011 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1012 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1013 1014 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1015 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 1016 ieee80211_node_initref(ni); /* mark referenced */ 1017 ni->ni_txpower = ic->ic_bss->ni_txpower; 1018 /* NB: required by ieee80211_fix_rate */ 1019 ieee80211_set_chan(ic, ni, ic->ic_bss->ni_chan); 1020 ieee80211_crypto_resetkey(ic, &ni->ni_ucastkey, 1021 IEEE80211_KEYIX_NONE); 1022 /* XXX optimize away */ 1023 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 1024 1025 ni->ni_table = NULL; /* NB: pedantic */ 1026 ni->ni_ic = ic; 1027 } else { 1028 /* XXX msg */ 1029 ic->ic_stats.is_rx_nodealloc++; 1030 } 1031 return ni; 1032 } 1033 1034 struct ieee80211_node * 1035 ieee80211_dup_bss(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 1036 { 1037 struct ieee80211com *ic = nt->nt_ic; 1038 struct ieee80211_node *ni; 1039 1040 ni = ic->ic_node_alloc(nt); 1041 if (ni != NULL) { 1042 ieee80211_setup_node(nt, ni, macaddr); 1043 /* 1044 * Inherit from ic_bss. 1045 */ 1046 ni->ni_authmode = ic->ic_bss->ni_authmode; 1047 ni->ni_txpower = ic->ic_bss->ni_txpower; 1048 ni->ni_vlan = ic->ic_bss->ni_vlan; /* XXX?? */ 1049 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 1050 ieee80211_set_chan(ic, ni, ic->ic_bss->ni_chan); 1051 ni->ni_rsn = ic->ic_bss->ni_rsn; 1052 } else 1053 ic->ic_stats.is_rx_nodealloc++; 1054 return ni; 1055 } 1056 1057 static struct ieee80211_node * 1058 #ifdef IEEE80211_DEBUG_REFCNT 1059 _ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1060 const u_int8_t *macaddr, const char *func, int line) 1061 #else 1062 _ieee80211_find_node(struct ieee80211_node_table *nt, 1063 const u_int8_t *macaddr) 1064 #endif 1065 { 1066 struct ieee80211_node *ni; 1067 int hash; 1068 1069 IEEE80211_NODE_LOCK_ASSERT(nt); 1070 1071 hash = IEEE80211_NODE_HASH(macaddr); 1072 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1073 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1074 ieee80211_ref_node(ni); /* mark referenced */ 1075 #ifdef IEEE80211_DEBUG_REFCNT 1076 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1077 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1078 func, line, 1079 ni, ether_sprintf(ni->ni_macaddr), 1080 ieee80211_node_refcnt(ni)); 1081 #endif 1082 return ni; 1083 } 1084 } 1085 return NULL; 1086 } 1087 #ifdef IEEE80211_DEBUG_REFCNT 1088 #define _ieee80211_find_node(nt, mac) \ 1089 _ieee80211_find_node_debug(nt, mac, func, line) 1090 #endif 1091 1092 struct ieee80211_node * 1093 #ifdef IEEE80211_DEBUG_REFCNT 1094 ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1095 const u_int8_t *macaddr, const char *func, int line) 1096 #else 1097 ieee80211_find_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 1098 #endif 1099 { 1100 struct ieee80211_node *ni; 1101 1102 IEEE80211_NODE_LOCK(nt); 1103 ni = _ieee80211_find_node(nt, macaddr); 1104 IEEE80211_NODE_UNLOCK(nt); 1105 return ni; 1106 } 1107 1108 /* 1109 * Fake up a node; this handles node discovery in adhoc mode. 1110 * Note that for the driver's benefit we we treat this like 1111 * an association so the driver has an opportunity to setup 1112 * it's private state. 1113 */ 1114 struct ieee80211_node * 1115 ieee80211_fakeup_adhoc_node(struct ieee80211_node_table *nt, 1116 const u_int8_t macaddr[IEEE80211_ADDR_LEN]) 1117 { 1118 struct ieee80211com *ic = nt->nt_ic; 1119 struct ieee80211_node *ni; 1120 1121 ni = ieee80211_dup_bss(nt, macaddr); 1122 if (ni != NULL) { 1123 /* XXX no rate negotiation; just dup */ 1124 ni->ni_rates = ic->ic_bss->ni_rates; 1125 if (ic->ic_newassoc != NULL) 1126 ic->ic_newassoc(ni, 1); 1127 /* XXX not right for 802.1x/WPA */ 1128 ieee80211_node_authorize(ni); 1129 } 1130 return ni; 1131 } 1132 1133 #ifdef IEEE80211_DEBUG 1134 static void 1135 dump_probe_beacon(u_int8_t subtype, int isnew, 1136 const u_int8_t mac[IEEE80211_ADDR_LEN], 1137 const struct ieee80211_scanparams *sp) 1138 { 1139 1140 printf("[%s] %s%s on chan %u (bss chan %u) ", 1141 ether_sprintf(mac), isnew ? "new " : "", 1142 ieee80211_mgt_subtype_name[subtype >> IEEE80211_FC0_SUBTYPE_SHIFT], 1143 sp->chan, sp->bchan); 1144 ieee80211_print_essid(sp->ssid + 2, sp->ssid[1]); 1145 printf("\n"); 1146 1147 if (isnew) { 1148 printf("[%s] caps 0x%x bintval %u erp 0x%x", 1149 ether_sprintf(mac), sp->capinfo, sp->bintval, sp->erp); 1150 if (sp->country != NULL) { 1151 #ifdef __FreeBSD__ 1152 printf(" country info %*D", 1153 sp->country[1], sp->country+2, " "); 1154 #else 1155 int i; 1156 printf(" country info"); 1157 for (i = 0; i < sp->country[1]; i++) 1158 printf(" %02x", sp->country[i+2]); 1159 #endif 1160 } 1161 printf("\n"); 1162 } 1163 } 1164 #endif /* IEEE80211_DEBUG */ 1165 1166 static void 1167 saveie(u_int8_t **iep, const u_int8_t *ie) 1168 { 1169 1170 if (ie == NULL) 1171 *iep = NULL; 1172 else 1173 ieee80211_saveie(iep, ie); 1174 } 1175 1176 /* 1177 * Process a beacon or probe response frame. 1178 */ 1179 void 1180 ieee80211_add_scan(struct ieee80211com *ic, 1181 const struct ieee80211_scanparams *sp, 1182 const struct ieee80211_frame *wh, 1183 int subtype, int rssi, int rstamp) 1184 { 1185 #define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1186 struct ieee80211_node_table *nt = &ic->ic_scan; 1187 struct ieee80211_node *ni; 1188 int newnode = 0; 1189 1190 ni = ieee80211_find_node(nt, wh->i_addr2); 1191 if (ni == NULL) { 1192 /* 1193 * Create a new entry. 1194 */ 1195 ni = ic->ic_node_alloc(nt); 1196 if (ni == NULL) { 1197 ic->ic_stats.is_rx_nodealloc++; 1198 return; 1199 } 1200 ieee80211_setup_node(nt, ni, wh->i_addr2); 1201 /* 1202 * XXX inherit from ic_bss. 1203 */ 1204 ni->ni_authmode = ic->ic_bss->ni_authmode; 1205 ni->ni_txpower = ic->ic_bss->ni_txpower; 1206 ni->ni_vlan = ic->ic_bss->ni_vlan; /* XXX?? */ 1207 ieee80211_set_chan(ic, ni, ic->ic_curchan); 1208 ni->ni_rsn = ic->ic_bss->ni_rsn; 1209 newnode = 1; 1210 } 1211 #ifdef IEEE80211_DEBUG 1212 if (ieee80211_msg_scan(ic) && (ic->ic_flags & IEEE80211_F_SCAN)) 1213 dump_probe_beacon(subtype, newnode, wh->i_addr2, sp); 1214 #endif 1215 /* XXX ap beaconing multiple ssid w/ same bssid */ 1216 if (sp->ssid[1] != 0 && 1217 (ISPROBE(subtype) || ni->ni_esslen == 0)) { 1218 ni->ni_esslen = sp->ssid[1]; 1219 memset(ni->ni_essid, 0, sizeof(ni->ni_essid)); 1220 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1221 } 1222 ni->ni_scangen = ic->ic_scan.nt_scangen; 1223 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1224 ni->ni_rssi = rssi; 1225 ni->ni_rstamp = rstamp; 1226 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1227 ni->ni_intval = sp->bintval; 1228 ni->ni_capinfo = sp->capinfo; 1229 ni->ni_chan = &ic->ic_channels[sp->chan]; 1230 ni->ni_fhdwell = sp->fhdwell; 1231 ni->ni_fhindex = sp->fhindex; 1232 ni->ni_erp = sp->erp; 1233 if (sp->tim != NULL) { 1234 struct ieee80211_tim_ie *ie = 1235 (struct ieee80211_tim_ie *) sp->tim; 1236 1237 ni->ni_dtim_count = ie->tim_count; 1238 ni->ni_dtim_period = ie->tim_period; 1239 } 1240 /* 1241 * Record the byte offset from the mac header to 1242 * the start of the TIM information element for 1243 * use by hardware and/or to speedup software 1244 * processing of beacon frames. 1245 */ 1246 ni->ni_timoff = sp->timoff; 1247 /* 1248 * Record optional information elements that might be 1249 * used by applications or drivers. 1250 */ 1251 saveie(&ni->ni_wme_ie, sp->wme); 1252 saveie(&ni->ni_wpa_ie, sp->wpa); 1253 1254 /* NB: must be after ni_chan is setup */ 1255 ieee80211_setup_rates(ni, sp->rates, sp->xrates, IEEE80211_F_DOSORT); 1256 1257 if (!newnode) 1258 ieee80211_free_node(ni); 1259 #undef ISPROBE 1260 } 1261 1262 void 1263 ieee80211_init_neighbor(struct ieee80211com *ic, struct ieee80211_node *ni, 1264 const struct ieee80211_frame *wh, const struct ieee80211_scanparams *sp, 1265 int isnew) 1266 { 1267 ni->ni_esslen = sp->ssid[1]; 1268 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); 1269 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1270 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); 1271 ni->ni_intval = sp->bintval; 1272 ni->ni_capinfo = sp->capinfo; 1273 ni->ni_chan = ic->ic_bss->ni_chan; 1274 ni->ni_fhdwell = sp->fhdwell; 1275 ni->ni_fhindex = sp->fhindex; 1276 ni->ni_erp = sp->erp; 1277 ni->ni_timoff = sp->timoff; 1278 if (sp->wme != NULL) 1279 ieee80211_saveie(&ni->ni_wme_ie, sp->wme); 1280 if (sp->wpa != NULL) 1281 ieee80211_saveie(&ni->ni_wpa_ie, sp->wpa); 1282 1283 /* NB: must be after ni_chan is setup */ 1284 ieee80211_setup_rates(ni, sp->rates, sp->xrates, 1285 IEEE80211_F_DODEL | IEEE80211_F_DONEGO | IEEE80211_F_DOSORT); 1286 1287 if (ic->ic_newassoc != NULL) 1288 ic->ic_newassoc(ni, isnew); 1289 } 1290 1291 /* 1292 * Do node discovery in adhoc mode on receipt of a beacon 1293 * or probe response frame. Note that for the driver's 1294 * benefit we we treat this like an association so the 1295 * driver has an opportunity to setup it's private state. 1296 */ 1297 struct ieee80211_node * 1298 ieee80211_add_neighbor(struct ieee80211com *ic, 1299 const struct ieee80211_frame *wh, 1300 const struct ieee80211_scanparams *sp) 1301 { 1302 struct ieee80211_node *ni; 1303 1304 ni = ieee80211_dup_bss(&ic->ic_sta, wh->i_addr2);/* XXX alloc_node? */ 1305 if (ni != NULL) { 1306 ieee80211_init_neighbor(ic, ni, wh, sp, 1); 1307 /* XXX not right for 802.1x/WPA */ 1308 ieee80211_node_authorize(ni); 1309 } 1310 return ni; 1311 } 1312 1313 #define IS_CTL(wh) \ 1314 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1315 #define IS_PSPOLL(wh) \ 1316 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1317 /* 1318 * Locate the node for sender, track state, and then pass the 1319 * (referenced) node up to the 802.11 layer for its use. We 1320 * are required to pass some node so we fall back to ic_bss 1321 * when this frame is from an unknown sender. The 802.11 layer 1322 * knows this means the sender wasn't in the node table and 1323 * acts accordingly. 1324 */ 1325 struct ieee80211_node * 1326 #ifdef IEEE80211_DEBUG_REFCNT 1327 ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1328 const struct ieee80211_frame_min *wh, const char *func, int line) 1329 #else 1330 ieee80211_find_rxnode(struct ieee80211com *ic, 1331 const struct ieee80211_frame_min *wh) 1332 #endif 1333 { 1334 struct ieee80211_node_table *nt; 1335 struct ieee80211_node *ni; 1336 1337 /* XXX may want scanned nodes in the neighbor table for adhoc */ 1338 if (ic->ic_opmode == IEEE80211_M_STA || 1339 ic->ic_opmode == IEEE80211_M_MONITOR || 1340 (ic->ic_flags & IEEE80211_F_SCAN)) 1341 nt = &ic->ic_scan; 1342 else 1343 nt = &ic->ic_sta; 1344 /* XXX check ic_bss first in station mode */ 1345 /* XXX 4-address frames? */ 1346 IEEE80211_NODE_LOCK(nt); 1347 if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/) 1348 ni = _ieee80211_find_node(nt, wh->i_addr1); 1349 else 1350 ni = _ieee80211_find_node(nt, wh->i_addr2); 1351 if (ni == NULL) 1352 ni = ieee80211_ref_node(ic->ic_bss); 1353 IEEE80211_NODE_UNLOCK(nt); 1354 1355 return ni; 1356 } 1357 1358 /* 1359 * Like ieee80211_find_rxnode but use the supplied h/w 1360 * key index as a hint to locate the node in the key 1361 * mapping table. If an entry is present at the key 1362 * index we return it; otherwise do a normal lookup and 1363 * update the mapping table if the station has a unicast 1364 * key assigned to it. 1365 */ 1366 struct ieee80211_node * 1367 #ifdef IEEE80211_DEBUG_REFCNT 1368 ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic, 1369 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix, 1370 const char *func, int line) 1371 #else 1372 ieee80211_find_rxnode_withkey(struct ieee80211com *ic, 1373 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix) 1374 #endif 1375 { 1376 struct ieee80211_node_table *nt; 1377 struct ieee80211_node *ni; 1378 1379 if (ic->ic_opmode == IEEE80211_M_STA || 1380 ic->ic_opmode == IEEE80211_M_MONITOR || 1381 (ic->ic_flags & IEEE80211_F_SCAN)) 1382 nt = &ic->ic_scan; 1383 else 1384 nt = &ic->ic_sta; 1385 IEEE80211_NODE_LOCK(nt); 1386 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) 1387 ni = nt->nt_keyixmap[keyix]; 1388 else 1389 ni = NULL; 1390 if (ni == NULL) { 1391 if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/) 1392 ni = _ieee80211_find_node(nt, wh->i_addr1); 1393 else 1394 ni = _ieee80211_find_node(nt, wh->i_addr2); 1395 if (ni == NULL) 1396 ni = ieee80211_ref_node(ic->ic_bss); 1397 if (nt->nt_keyixmap != NULL) { 1398 /* 1399 * If the station has a unicast key cache slot 1400 * assigned update the key->node mapping table. 1401 */ 1402 keyix = ni->ni_ucastkey.wk_rxkeyix; 1403 /* XXX can keyixmap[keyix] != NULL? */ 1404 if (keyix < nt->nt_keyixmax && 1405 nt->nt_keyixmap[keyix] == NULL) { 1406 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1407 "%s: add key map entry %p<%s> refcnt %d\n", 1408 __func__, ni, ether_sprintf(ni->ni_macaddr), 1409 ieee80211_node_refcnt(ni)+1); 1410 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1411 } 1412 } 1413 } else { 1414 ieee80211_ref_node(ni); 1415 } 1416 IEEE80211_NODE_UNLOCK(nt); 1417 1418 return ni; 1419 } 1420 #undef IS_PSPOLL 1421 #undef IS_CTL 1422 1423 /* 1424 * Return a reference to the appropriate node for sending 1425 * a data frame. This handles node discovery in adhoc networks. 1426 */ 1427 struct ieee80211_node * 1428 #ifdef IEEE80211_DEBUG_REFCNT 1429 ieee80211_find_txnode_debug(struct ieee80211com *ic, const u_int8_t *macaddr, 1430 const char *func, int line) 1431 #else 1432 ieee80211_find_txnode(struct ieee80211com *ic, const u_int8_t *macaddr) 1433 #endif 1434 { 1435 struct ieee80211_node_table *nt = &ic->ic_sta; 1436 struct ieee80211_node *ni; 1437 1438 /* 1439 * The destination address should be in the node table 1440 * unless this is a multicast/broadcast frame. We can 1441 * also optimize station mode operation, all frames go 1442 * to the bss node. 1443 */ 1444 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1445 IEEE80211_NODE_LOCK(nt); 1446 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 1447 ni = ieee80211_ref_node(ic->ic_bss); 1448 else 1449 ni = _ieee80211_find_node(nt, macaddr); 1450 IEEE80211_NODE_UNLOCK(nt); 1451 1452 if (ni == NULL) { 1453 if (ic->ic_opmode == IEEE80211_M_IBSS || 1454 ic->ic_opmode == IEEE80211_M_AHDEMO) { 1455 /* 1456 * In adhoc mode cons up a node for the destination. 1457 * Note that we need an additional reference for the 1458 * caller to be consistent with _ieee80211_find_node. 1459 */ 1460 ni = ieee80211_fakeup_adhoc_node(nt, macaddr); 1461 if (ni != NULL) 1462 (void) ieee80211_ref_node(ni); 1463 } else { 1464 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, 1465 "[%s] no node, discard frame (%s)\n", 1466 ether_sprintf(macaddr), __func__); 1467 ic->ic_stats.is_tx_nonode++; 1468 } 1469 } 1470 return ni; 1471 } 1472 1473 /* 1474 * Like find but search based on the channel too. 1475 */ 1476 struct ieee80211_node * 1477 #ifdef IEEE80211_DEBUG_REFCNT 1478 ieee80211_find_node_with_channel_debug(struct ieee80211_node_table *nt, 1479 const u_int8_t *macaddr, struct ieee80211_channel *chan, 1480 const char *func, int line) 1481 #else 1482 ieee80211_find_node_with_channel(struct ieee80211_node_table *nt, 1483 const u_int8_t *macaddr, struct ieee80211_channel *chan) 1484 #endif 1485 { 1486 struct ieee80211_node *ni; 1487 int hash; 1488 1489 hash = IEEE80211_NODE_HASH(macaddr); 1490 IEEE80211_NODE_LOCK(nt); 1491 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1492 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1493 ni->ni_chan == chan) { 1494 ieee80211_ref_node(ni); /* mark referenced */ 1495 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1496 #ifdef IEEE80211_DEBUG_REFCNT 1497 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1498 func, line, 1499 #else 1500 "%s %p<%s> refcnt %d\n", __func__, 1501 #endif 1502 ni, ether_sprintf(ni->ni_macaddr), 1503 ieee80211_node_refcnt(ni)); 1504 break; 1505 } 1506 } 1507 IEEE80211_NODE_UNLOCK(nt); 1508 return ni; 1509 } 1510 1511 struct ieee80211_node * 1512 ieee80211_refine_node_for_beacon(struct ieee80211com *ic, 1513 struct ieee80211_node *ni0, struct ieee80211_channel *chan, 1514 const u_int8_t *ssid) 1515 { 1516 struct ieee80211_node_table *nt = ni0->ni_table; 1517 struct ieee80211_node *best, *ni; 1518 int best_score = 0, score; 1519 1520 if (nt == NULL) 1521 return ni0; 1522 1523 best = ni0; 1524 if (ssid[1] == 0 || best->ni_esslen == 0) 1525 best_score = 1; 1526 else if (ssid[1] == best->ni_esslen && 1527 memcmp(ssid + 2, best->ni_essid, ssid[1]) == 0) 1528 best_score = 2; 1529 else 1530 best_score = 0; 1531 1532 IEEE80211_NODE_LOCK(nt); 1533 for (ni = LIST_NEXT(ni0, ni_hash); ni != NULL; 1534 ni = LIST_NEXT(ni, ni_hash)) { 1535 if (!IEEE80211_ADDR_EQ(ni->ni_macaddr, best->ni_macaddr) || 1536 ni->ni_ic != best->ni_ic || ni->ni_chan != chan) 1537 continue; 1538 1539 if (ssid[1] == 0 || ni->ni_esslen == 0) 1540 score = 1; 1541 else if (ssid[1] == ni->ni_esslen && 1542 memcmp(ssid + 2, ni->ni_essid, ssid[1]) == 0) 1543 score = 2; 1544 else 1545 continue; 1546 1547 if (score > best_score) { 1548 best = ni; 1549 best_score = score; 1550 } 1551 } 1552 IEEE80211_NODE_UNLOCK(nt); 1553 return best; 1554 } 1555 1556 /* 1557 * Like find but search based on the ssid too. 1558 */ 1559 struct ieee80211_node * 1560 #ifdef IEEE80211_DEBUG_REFCNT 1561 ieee80211_find_node_with_ssid_debug(struct ieee80211_node_table *nt, 1562 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid, 1563 const char *func, int line) 1564 #else 1565 ieee80211_find_node_with_ssid(struct ieee80211_node_table *nt, 1566 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid) 1567 #endif 1568 { 1569 #define MATCH_SSID(ni, ssid, ssidlen) \ 1570 (ni->ni_esslen == ssidlen && memcmp(ni->ni_essid, ssid, ssidlen) == 0) 1571 static const u_int8_t zeromac[IEEE80211_ADDR_LEN]; 1572 struct ieee80211com *ic = nt->nt_ic; 1573 struct ieee80211_node *ni; 1574 int hash; 1575 1576 IEEE80211_NODE_LOCK(nt); 1577 /* 1578 * A mac address that is all zero means match only the ssid; 1579 * otherwise we must match both. 1580 */ 1581 if (IEEE80211_ADDR_EQ(macaddr, zeromac)) { 1582 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1583 if (MATCH_SSID(ni, ssid, ssidlen)) 1584 break; 1585 } 1586 } else { 1587 hash = IEEE80211_NODE_HASH(macaddr); 1588 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1589 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1590 MATCH_SSID(ni, ssid, ssidlen)) 1591 break; 1592 } 1593 } 1594 if (ni != NULL) { 1595 ieee80211_ref_node(ni); /* mark referenced */ 1596 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1597 #ifdef IEEE80211_DEBUG_REFCNT 1598 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1599 func, line, 1600 #else 1601 "%s %p<%s> refcnt %d\n", __func__, 1602 #endif 1603 ni, ether_sprintf(ni->ni_macaddr), 1604 ieee80211_node_refcnt(ni)); 1605 } 1606 IEEE80211_NODE_UNLOCK(nt); 1607 return ni; 1608 #undef MATCH_SSID 1609 } 1610 1611 static void 1612 _ieee80211_free_node(struct ieee80211_node *ni) 1613 { 1614 struct ieee80211com *ic = ni->ni_ic; 1615 struct ieee80211_node_table *nt = ni->ni_table; 1616 1617 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1618 "%s %p<%s> in %s table\n", __func__, ni, 1619 ether_sprintf(ni->ni_macaddr), 1620 nt != NULL ? nt->nt_name : "<gone>"); 1621 1622 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1623 if (nt != NULL) { 1624 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1625 LIST_REMOVE(ni, ni_hash); 1626 } 1627 ic->ic_node_free(ni); 1628 } 1629 1630 void 1631 #ifdef IEEE80211_DEBUG_REFCNT 1632 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1633 #else 1634 ieee80211_free_node(struct ieee80211_node *ni) 1635 #endif 1636 { 1637 struct ieee80211_node_table *nt = ni->ni_table; 1638 1639 #ifdef IEEE80211_DEBUG_REFCNT 1640 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1641 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1642 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1643 #endif 1644 if (nt != NULL) { 1645 IEEE80211_NODE_LOCK(nt); 1646 if (ieee80211_node_dectestref(ni)) { 1647 /* 1648 * Last reference, reclaim state. 1649 */ 1650 _ieee80211_free_node(ni); 1651 } else if (ieee80211_node_refcnt(ni) == 1 && 1652 nt->nt_keyixmap != NULL) { 1653 ieee80211_keyix keyix; 1654 /* 1655 * Check for a last reference in the key mapping table. 1656 */ 1657 keyix = ni->ni_ucastkey.wk_rxkeyix; 1658 if (keyix < nt->nt_keyixmax && 1659 nt->nt_keyixmap[keyix] == ni) { 1660 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1661 "%s: %p<%s> clear key map entry", __func__, 1662 ni, ether_sprintf(ni->ni_macaddr)); 1663 nt->nt_keyixmap[keyix] = NULL; 1664 ieee80211_node_decref(ni); /* XXX needed? */ 1665 _ieee80211_free_node(ni); 1666 } 1667 } 1668 IEEE80211_NODE_UNLOCK(nt); 1669 } else { 1670 if (ieee80211_node_dectestref(ni)) 1671 _ieee80211_free_node(ni); 1672 } 1673 } 1674 1675 /* 1676 * Reclaim a unicast key and clear any key cache state. 1677 */ 1678 int 1679 ieee80211_node_delucastkey(struct ieee80211_node *ni) 1680 { 1681 struct ieee80211com *ic = ni->ni_ic; 1682 struct ieee80211_node_table *nt = &ic->ic_sta; 1683 struct ieee80211_node *nikey; 1684 ieee80211_keyix keyix; 1685 int isowned, status; 1686 1687 /* 1688 * NB: We must beware of LOR here; deleting the key 1689 * can cause the crypto layer to block traffic updates 1690 * which can generate a LOR against the node table lock; 1691 * grab it here and stash the key index for our use below. 1692 * 1693 * Must also beware of recursion on the node table lock. 1694 * When called from node_cleanup we may already have 1695 * the node table lock held. Unfortunately there's no 1696 * way to separate out this path so we must do this 1697 * conditionally. 1698 */ 1699 isowned = IEEE80211_NODE_IS_LOCKED(nt); 1700 if (!isowned) 1701 IEEE80211_NODE_LOCK(nt); 1702 keyix = ni->ni_ucastkey.wk_rxkeyix; 1703 status = ieee80211_crypto_delkey(ic, &ni->ni_ucastkey); 1704 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1705 nikey = nt->nt_keyixmap[keyix]; 1706 nt->nt_keyixmap[keyix] = NULL;; 1707 } else 1708 nikey = NULL; 1709 if (!isowned) 1710 IEEE80211_NODE_UNLOCK(&ic->ic_sta); 1711 1712 if (nikey != NULL) { 1713 IASSERT(nikey == ni, 1714 ("key map out of sync, ni %p nikey %p", ni, nikey)); 1715 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1716 "%s: delete key map entry %p<%s> refcnt %d\n", 1717 __func__, ni, ether_sprintf(ni->ni_macaddr), 1718 ieee80211_node_refcnt(ni)-1); 1719 ieee80211_free_node(ni); 1720 } 1721 return status; 1722 } 1723 1724 /* 1725 * Reclaim a node. If this is the last reference count then 1726 * do the normal free work. Otherwise remove it from the node 1727 * table and mark it gone by clearing the back-reference. 1728 */ 1729 static void 1730 node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1731 { 1732 ieee80211_keyix keyix; 1733 1734 IEEE80211_NODE_LOCK_ASSERT(nt); 1735 1736 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1737 "%s: remove %p<%s> from %s table, refcnt %d\n", 1738 __func__, ni, ether_sprintf(ni->ni_macaddr), 1739 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1740 /* 1741 * Clear any entry in the unicast key mapping table. 1742 * We need to do it here so rx lookups don't find it 1743 * in the mapping table even if it's not in the hash 1744 * table. We cannot depend on the mapping table entry 1745 * being cleared because the node may not be free'd. 1746 */ 1747 keyix = ni->ni_ucastkey.wk_rxkeyix; 1748 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 1749 nt->nt_keyixmap[keyix] == ni) { 1750 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1751 "%s: %p<%s> clear key map entry\n", 1752 __func__, ni, ether_sprintf(ni->ni_macaddr)); 1753 nt->nt_keyixmap[keyix] = NULL; 1754 ieee80211_node_decref(ni); /* NB: don't need free */ 1755 } 1756 if (!ieee80211_node_dectestref(ni)) { 1757 /* 1758 * Other references are present, just remove the 1759 * node from the table so it cannot be found. When 1760 * the references are dropped storage will be 1761 * reclaimed. 1762 */ 1763 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1764 LIST_REMOVE(ni, ni_hash); 1765 ni->ni_table = NULL; /* clear reference */ 1766 } else 1767 _ieee80211_free_node(ni); 1768 } 1769 1770 static void 1771 ieee80211_free_allnodes_locked(struct ieee80211_node_table *nt) 1772 { 1773 struct ieee80211com *ic = nt->nt_ic; 1774 struct ieee80211_node *ni; 1775 1776 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1777 "%s: free all nodes in %s table\n", __func__, nt->nt_name); 1778 1779 while ((ni = TAILQ_FIRST(&nt->nt_node)) != NULL) { 1780 if (ni->ni_associd != 0) { 1781 if (ic->ic_auth->ia_node_leave != NULL) 1782 ic->ic_auth->ia_node_leave(ic, ni); 1783 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1784 } 1785 node_reclaim(nt, ni); 1786 } 1787 ieee80211_reset_erp(ic); 1788 } 1789 1790 static void 1791 ieee80211_free_allnodes(struct ieee80211_node_table *nt) 1792 { 1793 1794 IEEE80211_NODE_LOCK(nt); 1795 ieee80211_free_allnodes_locked(nt); 1796 IEEE80211_NODE_UNLOCK(nt); 1797 } 1798 1799 /* 1800 * Timeout entries in the scan cache. 1801 */ 1802 static void 1803 ieee80211_timeout_scan_candidates(struct ieee80211_node_table *nt) 1804 { 1805 struct ieee80211com *ic = nt->nt_ic; 1806 struct ieee80211_node *ni, *tni; 1807 1808 IEEE80211_NODE_LOCK(nt); 1809 ni = ic->ic_bss; 1810 /* XXX belongs elsewhere */ 1811 if (ni->ni_rxfrag[0] != NULL && ticks > ni->ni_rxfragstamp + hz) { 1812 m_freem(ni->ni_rxfrag[0]); 1813 ni->ni_rxfrag[0] = NULL; 1814 } 1815 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, tni) { 1816 if (ni->ni_inact && --ni->ni_inact == 0) { 1817 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1818 "[%s] scan candidate purged from cache " 1819 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1820 ieee80211_node_refcnt(ni)); 1821 node_reclaim(nt, ni); 1822 } 1823 } 1824 IEEE80211_NODE_UNLOCK(nt); 1825 1826 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1827 } 1828 1829 /* 1830 * Timeout inactive stations and do related housekeeping. 1831 * Note that we cannot hold the node lock while sending a 1832 * frame as this would lead to a LOR. Instead we use a 1833 * generation number to mark nodes that we've scanned and 1834 * drop the lock and restart a scan if we have to time out 1835 * a node. Since we are single-threaded by virtue of 1836 * controlling the inactivity timer we can be sure this will 1837 * process each node only once. 1838 */ 1839 static void 1840 ieee80211_timeout_stations(struct ieee80211_node_table *nt) 1841 { 1842 struct ieee80211com *ic = nt->nt_ic; 1843 struct ieee80211_node *ni; 1844 u_int gen; 1845 int isadhoc; 1846 1847 isadhoc = (ic->ic_opmode == IEEE80211_M_IBSS || 1848 ic->ic_opmode == IEEE80211_M_AHDEMO); 1849 IEEE80211_SCAN_LOCK(nt); 1850 gen = nt->nt_scangen++; 1851 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1852 "%s: %s scangen %u\n", __func__, nt->nt_name, gen); 1853 restart: 1854 IEEE80211_NODE_LOCK(nt); 1855 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1856 if (ni->ni_scangen == gen) /* previously handled */ 1857 continue; 1858 ni->ni_scangen = gen; 1859 /* 1860 * Ignore entries for which have yet to receive an 1861 * authentication frame. These are transient and 1862 * will be reclaimed when the last reference to them 1863 * goes away (when frame xmits complete). 1864 */ 1865 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 1866 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1867 continue; 1868 /* 1869 * Free fragment if not needed anymore 1870 * (last fragment older than 1s). 1871 * XXX doesn't belong here 1872 */ 1873 if (ni->ni_rxfrag[0] != NULL && 1874 ticks > ni->ni_rxfragstamp + hz) { 1875 m_freem(ni->ni_rxfrag[0]); 1876 ni->ni_rxfrag[0] = NULL; 1877 } 1878 /* 1879 * Special case ourself; we may be idle for extended periods 1880 * of time and regardless reclaiming our state is wrong. 1881 */ 1882 if (ni == ic->ic_bss) 1883 continue; 1884 ni->ni_inact--; 1885 if (ni->ni_associd != 0 || isadhoc) { 1886 /* 1887 * Age frames on the power save queue. The 1888 * aging interval is 4 times the listen 1889 * interval specified by the station. This 1890 * number is factored into the age calculations 1891 * when the frame is placed on the queue. We 1892 * store ages as time differences we can check 1893 * and/or adjust only the head of the list. 1894 */ 1895 if (IEEE80211_NODE_SAVEQ_QLEN(ni) != 0) { 1896 struct mbuf *m; 1897 int discard = 0; 1898 1899 IEEE80211_NODE_SAVEQ_LOCK(ni); 1900 while (IF_POLL(&ni->ni_savedq, m) != NULL && 1901 M_AGE_GET(m) < IEEE80211_INACT_WAIT) { 1902 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, "[%s] discard frame, age %u\n", ether_sprintf(ni->ni_macaddr), M_AGE_GET(m));/*XXX*/ 1903 _IEEE80211_NODE_SAVEQ_DEQUEUE_HEAD(ni, m); 1904 m_freem(m); 1905 discard++; 1906 } 1907 if (m != NULL) 1908 M_AGE_SUB(m, IEEE80211_INACT_WAIT); 1909 IEEE80211_NODE_SAVEQ_UNLOCK(ni); 1910 1911 if (discard != 0) { 1912 IEEE80211_DPRINTF(ic, 1913 IEEE80211_MSG_POWER, 1914 "[%s] discard %u frames for age\n", 1915 ether_sprintf(ni->ni_macaddr), 1916 discard); 1917 IEEE80211_NODE_STAT_ADD(ni, 1918 ps_discard, discard); 1919 if (IEEE80211_NODE_SAVEQ_QLEN(ni) == 0) 1920 ic->ic_set_tim(ni, 0); 1921 } 1922 } 1923 /* 1924 * Probe the station before time it out. We 1925 * send a null data frame which may not be 1926 * universally supported by drivers (need it 1927 * for ps-poll support so it should be...). 1928 */ 1929 if (0 < ni->ni_inact && 1930 ni->ni_inact <= ic->ic_inact_probe) { 1931 IEEE80211_NOTE(ic, 1932 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, 1933 ni, "%s", 1934 "probe station due to inactivity"); 1935 /* 1936 * Grab a reference before unlocking the table 1937 * so the node cannot be reclaimed before we 1938 * send the frame. ieee80211_send_nulldata 1939 * understands we've done this and reclaims the 1940 * ref for us as needed. 1941 */ 1942 ieee80211_ref_node(ni); 1943 IEEE80211_NODE_UNLOCK(nt); 1944 ieee80211_send_nulldata(ni); 1945 /* XXX stat? */ 1946 goto restart; 1947 } 1948 } 1949 if (ni->ni_inact <= 0) { 1950 IEEE80211_NOTE(ic, 1951 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni, 1952 "station timed out due to inactivity " 1953 "(refcnt %u)", ieee80211_node_refcnt(ni)); 1954 /* 1955 * Send a deauthenticate frame and drop the station. 1956 * This is somewhat complicated due to reference counts 1957 * and locking. At this point a station will typically 1958 * have a reference count of 1. ieee80211_node_leave 1959 * will do a "free" of the node which will drop the 1960 * reference count. But in the meantime a reference 1961 * wil be held by the deauth frame. The actual reclaim 1962 * of the node will happen either after the tx is 1963 * completed or by ieee80211_node_leave. 1964 * 1965 * Separately we must drop the node lock before sending 1966 * in case the driver takes a lock, as this will result 1967 * in LOR between the node lock and the driver lock. 1968 */ 1969 IEEE80211_NODE_UNLOCK(nt); 1970 if (ni->ni_associd != 0) { 1971 IEEE80211_SEND_MGMT(ic, ni, 1972 IEEE80211_FC0_SUBTYPE_DEAUTH, 1973 IEEE80211_REASON_AUTH_EXPIRE); 1974 } 1975 ieee80211_node_leave(ic, ni); 1976 ic->ic_stats.is_node_timeout++; 1977 goto restart; 1978 } 1979 } 1980 IEEE80211_NODE_UNLOCK(nt); 1981 1982 IEEE80211_SCAN_UNLOCK(nt); 1983 1984 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1985 } 1986 1987 void 1988 ieee80211_iterate_nodes(struct ieee80211_node_table *nt, ieee80211_iter_func *f, void *arg) 1989 { 1990 struct ieee80211_node *ni; 1991 u_int gen; 1992 1993 IEEE80211_SCAN_LOCK(nt); 1994 gen = nt->nt_scangen++; 1995 restart: 1996 IEEE80211_NODE_LOCK(nt); 1997 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1998 if (ni->ni_scangen != gen) { 1999 ni->ni_scangen = gen; 2000 (void) ieee80211_ref_node(ni); 2001 IEEE80211_NODE_UNLOCK(nt); 2002 (*f)(arg, ni); 2003 ieee80211_free_node(ni); 2004 goto restart; 2005 } 2006 } 2007 IEEE80211_NODE_UNLOCK(nt); 2008 2009 IEEE80211_SCAN_UNLOCK(nt); 2010 } 2011 2012 void 2013 ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 2014 { 2015 printf("0x%p: mac %s refcnt %d\n", ni, 2016 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2017 printf("\tscangen %u authmode %u flags 0x%x\n", 2018 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 2019 printf("\tassocid 0x%x txpower %u vlan %u\n", 2020 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2021 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2022 ni->ni_txseqs[0], 2023 ni->ni_rxseqs[0] >> IEEE80211_SEQ_SEQ_SHIFT, 2024 ni->ni_rxseqs[0] & IEEE80211_SEQ_FRAG_MASK, 2025 ni->ni_rxfragstamp); 2026 printf("\trstamp %u rssi %u intval %u capinfo 0x%x\n", 2027 ni->ni_rstamp, ni->ni_rssi, ni->ni_intval, ni->ni_capinfo); 2028 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 2029 ether_sprintf(ni->ni_bssid), 2030 ni->ni_esslen, ni->ni_essid, 2031 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2032 printf("\tfails %u inact %u txrate %u\n", 2033 ni->ni_fails, ni->ni_inact, ni->ni_txrate); 2034 } 2035 2036 void 2037 ieee80211_dump_nodes(struct ieee80211_node_table *nt) 2038 { 2039 ieee80211_iterate_nodes(nt, 2040 (ieee80211_iter_func *) ieee80211_dump_node, nt); 2041 } 2042 2043 /* 2044 * Handle a station joining an 11g network. 2045 */ 2046 static void 2047 ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 2048 { 2049 2050 /* 2051 * Station isn't capable of short slot time. Bump 2052 * the count of long slot time stations and disable 2053 * use of short slot time. Note that the actual switch 2054 * over to long slot time use may not occur until the 2055 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2056 */ 2057 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2058 ic->ic_longslotsta++; 2059 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2060 "[%s] station needs long slot time, count %d\n", 2061 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 2062 /* XXX vap's w/ conflicting needs won't work */ 2063 ieee80211_set_shortslottime(ic, 0); 2064 } 2065 /* 2066 * If the new station is not an ERP station 2067 * then bump the counter and enable protection 2068 * if configured. 2069 */ 2070 if (!ieee80211_iserp_rateset(ic, &ni->ni_rates)) { 2071 ic->ic_nonerpsta++; 2072 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2073 "[%s] station is !ERP, %d non-ERP stations associated\n", 2074 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 2075 /* 2076 * If protection is configured, enable it. 2077 */ 2078 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 2079 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2080 "%s: enable use of protection\n", __func__); 2081 ic->ic_flags |= IEEE80211_F_USEPROT; 2082 } 2083 /* 2084 * If station does not support short preamble 2085 * then we must enable use of Barker preamble. 2086 */ 2087 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2088 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2089 "[%s] station needs long preamble\n", 2090 ether_sprintf(ni->ni_macaddr)); 2091 ic->ic_flags |= IEEE80211_F_USEBARKER; 2092 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2093 } 2094 } else 2095 ni->ni_flags |= IEEE80211_NODE_ERP; 2096 } 2097 2098 void 2099 ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, int resp) 2100 { 2101 int newassoc; 2102 2103 if (ni->ni_associd == 0) { 2104 u_int16_t aid; 2105 2106 /* 2107 * It would be good to search the bitmap 2108 * more efficiently, but this will do for now. 2109 */ 2110 for (aid = 1; aid < ic->ic_max_aid; aid++) { 2111 if (!IEEE80211_AID_ISSET(aid, 2112 ic->ic_aid_bitmap)) 2113 break; 2114 } 2115 if (aid >= ic->ic_max_aid) { 2116 IEEE80211_SEND_MGMT(ic, ni, resp, 2117 IEEE80211_REASON_ASSOC_TOOMANY); 2118 ieee80211_node_leave(ic, ni); 2119 return; 2120 } 2121 ni->ni_associd = aid | 0xc000; 2122 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 2123 ic->ic_sta_assoc++; 2124 newassoc = 1; 2125 if (ic->ic_curmode == IEEE80211_MODE_11G) 2126 ieee80211_node_join_11g(ic, ni); 2127 } else 2128 newassoc = 0; 2129 2130 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 2131 "[%s] station %sassociated at aid %d: %s preamble, %s slot time%s%s\n", 2132 ether_sprintf(ni->ni_macaddr), newassoc ? "" : "re", 2133 IEEE80211_NODE_AID(ni), 2134 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2135 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2136 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2137 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "" 2138 ); 2139 2140 /* give driver a chance to setup state like ni_txrate */ 2141 if (ic->ic_newassoc != NULL) 2142 ic->ic_newassoc(ni, newassoc); 2143 ni->ni_inact_reload = ic->ic_inact_auth; 2144 ni->ni_inact = ni->ni_inact_reload; 2145 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 2146 /* tell the authenticator about new station */ 2147 if (ic->ic_auth->ia_node_join != NULL) 2148 ic->ic_auth->ia_node_join(ic, ni); 2149 ieee80211_notify_node_join(ic, ni, newassoc); 2150 } 2151 2152 /* 2153 * Handle a station leaving an 11g network. 2154 */ 2155 static void 2156 ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 2157 { 2158 2159 IASSERT(ic->ic_curmode == IEEE80211_MODE_11G, 2160 ("not in 11g, bss %u:0x%x, curmode %u", ni->ni_chan->ic_freq, 2161 ni->ni_chan->ic_flags, ic->ic_curmode)); 2162 2163 /* 2164 * If a long slot station do the slot time bookkeeping. 2165 */ 2166 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2167 IASSERT(ic->ic_longslotsta > 0, 2168 ("bogus long slot station count %d", ic->ic_longslotsta)); 2169 ic->ic_longslotsta--; 2170 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2171 "[%s] long slot time station leaves, count now %d\n", 2172 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 2173 if (ic->ic_longslotsta == 0) { 2174 /* 2175 * Re-enable use of short slot time if supported 2176 * and not operating in IBSS mode (per spec). 2177 */ 2178 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2179 ic->ic_opmode != IEEE80211_M_IBSS) { 2180 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2181 "%s: re-enable use of short slot time\n", 2182 __func__); 2183 ieee80211_set_shortslottime(ic, 1); 2184 } 2185 } 2186 } 2187 /* 2188 * If a non-ERP station do the protection-related bookkeeping. 2189 */ 2190 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2191 IASSERT(ic->ic_nonerpsta > 0, 2192 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2193 ic->ic_nonerpsta--; 2194 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2195 "[%s] non-ERP station leaves, count now %d\n", 2196 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 2197 if (ic->ic_nonerpsta == 0) { 2198 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2199 "%s: disable use of protection\n", __func__); 2200 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2201 /* XXX verify mode? */ 2202 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2203 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2204 "%s: re-enable use of short preamble\n", 2205 __func__); 2206 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 2207 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2208 } 2209 } 2210 } 2211 } 2212 2213 /* 2214 * Handle bookkeeping for station deauthentication/disassociation 2215 * when operating as an ap. 2216 */ 2217 void 2218 ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 2219 { 2220 struct ieee80211_node_table *nt = ni->ni_table; 2221 2222 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 2223 "[%s] station with aid %d leaves\n", 2224 ether_sprintf(ni->ni_macaddr), IEEE80211_NODE_AID(ni)); 2225 2226 IASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 2227 ic->ic_opmode == IEEE80211_M_IBSS || 2228 ic->ic_opmode == IEEE80211_M_AHDEMO, 2229 ("unexpected operating mode %u", ic->ic_opmode)); 2230 /* 2231 * If node wasn't previously associated all 2232 * we need to do is reclaim the reference. 2233 */ 2234 /* XXX ibss mode bypasses 11g and notification */ 2235 if (ni->ni_associd == 0) 2236 goto done; 2237 /* 2238 * Tell the authenticator the station is leaving. 2239 * Note that we must do this before yanking the 2240 * association id as the authenticator uses the 2241 * associd to locate it's state block. 2242 */ 2243 if (ic->ic_auth->ia_node_leave != NULL) 2244 ic->ic_auth->ia_node_leave(ic, ni); 2245 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 2246 ni->ni_associd = 0; 2247 ic->ic_sta_assoc--; 2248 2249 if (ic->ic_curmode == IEEE80211_MODE_11G) 2250 ieee80211_node_leave_11g(ic, ni); 2251 /* 2252 * Cleanup station state. In particular clear various 2253 * state that might otherwise be reused if the node 2254 * is reused before the reference count goes to zero 2255 * (and memory is reclaimed). 2256 */ 2257 ieee80211_sta_leave(ic, ni); 2258 done: 2259 /* 2260 * Remove the node from any table it's recorded in and 2261 * drop the caller's reference. Removal from the table 2262 * is important to insure the node is not reprocessed 2263 * for inactivity. 2264 */ 2265 if (nt != NULL) { 2266 IEEE80211_NODE_LOCK(nt); 2267 node_reclaim(nt, ni); 2268 IEEE80211_NODE_UNLOCK(nt); 2269 } else 2270 ieee80211_free_node(ni); 2271 } 2272 2273 u_int8_t 2274 ieee80211_getrssi(struct ieee80211com *ic) 2275 { 2276 #define NZ(x) ((x) == 0 ? 1 : (x)) 2277 struct ieee80211_node_table *nt = &ic->ic_sta; 2278 u_int32_t rssi_samples, rssi_total; 2279 struct ieee80211_node *ni; 2280 2281 rssi_total = 0; 2282 rssi_samples = 0; 2283 switch (ic->ic_opmode) { 2284 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 2285 /* XXX locking */ 2286 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 2287 if (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) { 2288 rssi_samples++; 2289 rssi_total += ic->ic_node_getrssi(ni); 2290 } 2291 break; 2292 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 2293 /* XXX locking */ 2294 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2295 rssi_samples++; 2296 rssi_total += ic->ic_node_getrssi(ni); 2297 } 2298 break; 2299 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 2300 #ifndef IEEE80211_NO_HOSTAP 2301 /* XXX locking */ 2302 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 2303 if (IEEE80211_AID(ni->ni_associd) != 0) { 2304 rssi_samples++; 2305 rssi_total += ic->ic_node_getrssi(ni); 2306 } 2307 #endif /* !IEEE80211_NO_HOSTAP */ 2308 break; 2309 case IEEE80211_M_MONITOR: /* XXX */ 2310 case IEEE80211_M_STA: /* use stats from associated ap */ 2311 default: 2312 if (ic->ic_bss != NULL) 2313 rssi_total = ic->ic_node_getrssi(ic->ic_bss); 2314 rssi_samples = 1; 2315 break; 2316 } 2317 return rssi_total / NZ(rssi_samples); 2318 #undef NZ 2319 } 2320 2321 /* 2322 * Indicate whether there are frames queued for a station in power-save mode. 2323 */ 2324 static void 2325 ieee80211_set_tim(struct ieee80211_node *ni, int set) 2326 { 2327 struct ieee80211com *ic = ni->ni_ic; 2328 u_int16_t aid; 2329 2330 IASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 2331 ic->ic_opmode == IEEE80211_M_IBSS, 2332 ("operating mode %u", ic->ic_opmode)); 2333 2334 aid = IEEE80211_AID(ni->ni_associd); 2335 IASSERT(aid < ic->ic_max_aid, 2336 ("bogus aid %u, max %u", aid, ic->ic_max_aid)); 2337 2338 IEEE80211_BEACON_LOCK(ic); 2339 if (set != (isset(ic->ic_tim_bitmap, aid) != 0)) { 2340 if (set) { 2341 setbit(ic->ic_tim_bitmap, aid); 2342 ic->ic_ps_pending++; 2343 } else { 2344 clrbit(ic->ic_tim_bitmap, aid); 2345 ic->ic_ps_pending--; 2346 } 2347 ic->ic_flags |= IEEE80211_F_TIMUPDATE; 2348 } 2349 IEEE80211_BEACON_UNLOCK(ic); 2350 } 2351 2352 /* 2353 * Node table support. 2354 */ 2355 2356 static void 2357 ieee80211_node_table_init(struct ieee80211com *ic, 2358 struct ieee80211_node_table *nt, 2359 const char *name, int inact, int keyixmax, 2360 void (*timeout)(struct ieee80211_node_table *)) 2361 { 2362 2363 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 2364 "%s %s table, inact %u\n", __func__, name, inact); 2365 2366 nt->nt_ic = ic; 2367 /* XXX need unit */ 2368 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_ifp->if_xname); 2369 IEEE80211_SCAN_LOCK_INIT(nt, ic->ic_ifp->if_xname); 2370 TAILQ_INIT(&nt->nt_node); 2371 nt->nt_name = name; 2372 nt->nt_scangen = 1; 2373 nt->nt_inact_init = inact; 2374 nt->nt_timeout = timeout; 2375 nt->nt_keyixmax = keyixmax; 2376 if (nt->nt_keyixmax > 0) { 2377 MALLOC(nt->nt_keyixmap, struct ieee80211_node **, 2378 keyixmax * sizeof(struct ieee80211_node *), 2379 M_80211_NODE, M_NOWAIT | M_ZERO); 2380 if (nt->nt_keyixmap == NULL) 2381 if_printf(ic->ic_ifp, 2382 "Cannot allocate key index map with %u entries\n", 2383 keyixmax); 2384 } else 2385 nt->nt_keyixmap = NULL; 2386 } 2387 2388 void 2389 ieee80211_node_table_reset(struct ieee80211_node_table *nt) 2390 { 2391 2392 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 2393 "%s %s table\n", __func__, nt->nt_name); 2394 2395 IEEE80211_NODE_LOCK(nt); 2396 nt->nt_inact_timer = 0; 2397 ieee80211_free_allnodes_locked(nt); 2398 IEEE80211_NODE_UNLOCK(nt); 2399 } 2400 2401 static void 2402 ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 2403 { 2404 2405 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 2406 "%s %s table\n", __func__, nt->nt_name); 2407 2408 IEEE80211_NODE_LOCK(nt); 2409 ieee80211_free_allnodes_locked(nt); 2410 if (nt->nt_keyixmap != NULL) { 2411 /* XXX verify all entries are NULL */ 2412 int i; 2413 for (i = 0; i < nt->nt_keyixmax; i++) 2414 if (nt->nt_keyixmap[i] != NULL) 2415 printf("%s: %s[%u] still active\n", __func__, 2416 nt->nt_name, i); 2417 FREE(nt->nt_keyixmap, M_80211_NODE); 2418 nt->nt_keyixmap = NULL; 2419 } 2420 IEEE80211_SCAN_LOCK_DESTROY(nt); 2421 IEEE80211_NODE_LOCK_DESTROY(nt); 2422 } 2423