1 /* $OpenBSD: ieee80211_node.c,v 1.80 2013/12/01 10:08:55 stsp Exp $ */ 2 /* $NetBSD: ieee80211_node.c,v 1.14 2004/05/09 09:18:47 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2008 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "bpfilter.h" 34 #include "bridge.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/mbuf.h> 39 #include <sys/malloc.h> 40 #include <sys/kernel.h> 41 #include <sys/socket.h> 42 #include <sys/sockio.h> 43 #include <sys/endian.h> 44 #include <sys/errno.h> 45 #include <sys/proc.h> 46 #include <sys/sysctl.h> 47 #include <sys/tree.h> 48 49 #include <net/if.h> 50 #include <net/if_dl.h> 51 #include <net/if_media.h> 52 #include <net/if_arp.h> 53 54 #if NBPFILTER > 0 55 #include <net/bpf.h> 56 #endif 57 58 #ifdef INET 59 #include <netinet/in.h> 60 #include <netinet/if_ether.h> 61 #endif 62 63 #if NBRIDGE > 0 64 #include <net/if_bridge.h> 65 #endif 66 67 #include <net80211/ieee80211_var.h> 68 #include <net80211/ieee80211_priv.h> 69 70 #include <dev/rndvar.h> 71 72 struct ieee80211_node *ieee80211_node_alloc(struct ieee80211com *); 73 void ieee80211_node_free(struct ieee80211com *, struct ieee80211_node *); 74 void ieee80211_node_copy(struct ieee80211com *, struct ieee80211_node *, 75 const struct ieee80211_node *); 76 void ieee80211_choose_rsnparams(struct ieee80211com *); 77 u_int8_t ieee80211_node_getrssi(struct ieee80211com *, 78 const struct ieee80211_node *); 79 void ieee80211_setup_node(struct ieee80211com *, struct ieee80211_node *, 80 const u_int8_t *); 81 void ieee80211_free_node(struct ieee80211com *, struct ieee80211_node *); 82 struct ieee80211_node *ieee80211_alloc_node_helper(struct ieee80211com *); 83 void ieee80211_node_cleanup(struct ieee80211com *, struct ieee80211_node *); 84 void ieee80211_needs_auth(struct ieee80211com *, struct ieee80211_node *); 85 #ifndef IEEE80211_STA_ONLY 86 #ifndef IEEE80211_NO_HT 87 void ieee80211_node_join_ht(struct ieee80211com *, struct ieee80211_node *); 88 #endif 89 void ieee80211_node_join_rsn(struct ieee80211com *, struct ieee80211_node *); 90 void ieee80211_node_join_11g(struct ieee80211com *, struct ieee80211_node *); 91 #ifndef IEEE80211_NO_HT 92 void ieee80211_node_leave_ht(struct ieee80211com *, struct ieee80211_node *); 93 #endif 94 void ieee80211_node_leave_rsn(struct ieee80211com *, struct ieee80211_node *); 95 void ieee80211_node_leave_11g(struct ieee80211com *, struct ieee80211_node *); 96 void ieee80211_inact_timeout(void *); 97 void ieee80211_node_cache_timeout(void *); 98 #endif 99 100 #ifndef IEEE80211_STA_ONLY 101 void 102 ieee80211_inact_timeout(void *arg) 103 { 104 struct ieee80211com *ic = arg; 105 struct ieee80211_node *ni, *next_ni; 106 int s; 107 108 s = splnet(); 109 for (ni = RB_MIN(ieee80211_tree, &ic->ic_tree); 110 ni != NULL; ni = next_ni) { 111 next_ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); 112 if (ni->ni_refcnt > 0) 113 continue; 114 if (ni->ni_inact < IEEE80211_INACT_MAX) 115 ni->ni_inact++; 116 } 117 splx(s); 118 119 timeout_add_sec(&ic->ic_inact_timeout, IEEE80211_INACT_WAIT); 120 } 121 122 void 123 ieee80211_node_cache_timeout(void *arg) 124 { 125 struct ieee80211com *ic = arg; 126 127 ieee80211_clean_nodes(ic, 1); 128 timeout_add_sec(&ic->ic_node_cache_timeout, IEEE80211_CACHE_WAIT); 129 } 130 #endif 131 132 void 133 ieee80211_node_attach(struct ifnet *ifp) 134 { 135 struct ieee80211com *ic = (void *)ifp; 136 #ifndef IEEE80211_STA_ONLY 137 int size; 138 #endif 139 140 RB_INIT(&ic->ic_tree); 141 ic->ic_node_alloc = ieee80211_node_alloc; 142 ic->ic_node_free = ieee80211_node_free; 143 ic->ic_node_copy = ieee80211_node_copy; 144 ic->ic_node_getrssi = ieee80211_node_getrssi; 145 ic->ic_scangen = 1; 146 ic->ic_max_nnodes = ieee80211_cache_size; 147 148 if (ic->ic_max_aid == 0) 149 ic->ic_max_aid = IEEE80211_AID_DEF; 150 else if (ic->ic_max_aid > IEEE80211_AID_MAX) 151 ic->ic_max_aid = IEEE80211_AID_MAX; 152 #ifndef IEEE80211_STA_ONLY 153 size = howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t); 154 ic->ic_aid_bitmap = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 155 if (ic->ic_aid_bitmap == NULL) { 156 /* XXX no way to recover */ 157 printf("%s: no memory for AID bitmap!\n", __func__); 158 ic->ic_max_aid = 0; 159 } 160 if (ic->ic_caps & (IEEE80211_C_HOSTAP | IEEE80211_C_IBSS)) { 161 ic->ic_tim_len = howmany(ic->ic_max_aid, 8); 162 ic->ic_tim_bitmap = malloc(ic->ic_tim_len, M_DEVBUF, 163 M_NOWAIT | M_ZERO); 164 if (ic->ic_tim_bitmap == NULL) { 165 printf("%s: no memory for TIM bitmap!\n", __func__); 166 ic->ic_tim_len = 0; 167 } else 168 ic->ic_set_tim = ieee80211_set_tim; 169 timeout_set(&ic->ic_rsn_timeout, 170 ieee80211_gtk_rekey_timeout, ic); 171 timeout_set(&ic->ic_inact_timeout, 172 ieee80211_inact_timeout, ic); 173 timeout_set(&ic->ic_node_cache_timeout, 174 ieee80211_node_cache_timeout, ic); 175 } 176 #endif 177 } 178 179 struct ieee80211_node * 180 ieee80211_alloc_node_helper(struct ieee80211com *ic) 181 { 182 struct ieee80211_node *ni; 183 if (ic->ic_nnodes >= ic->ic_max_nnodes) 184 ieee80211_clean_nodes(ic, 0); 185 if (ic->ic_nnodes >= ic->ic_max_nnodes) 186 return NULL; 187 ni = (*ic->ic_node_alloc)(ic); 188 return ni; 189 } 190 191 void 192 ieee80211_node_lateattach(struct ifnet *ifp) 193 { 194 struct ieee80211com *ic = (void *)ifp; 195 struct ieee80211_node *ni; 196 197 ni = ieee80211_alloc_node_helper(ic); 198 if (ni == NULL) 199 panic("unable to setup inital BSS node"); 200 ni->ni_chan = IEEE80211_CHAN_ANYC; 201 ic->ic_bss = ieee80211_ref_node(ni); 202 ic->ic_txpower = IEEE80211_TXPOWER_MAX; 203 #ifndef IEEE80211_STA_ONLY 204 IFQ_SET_MAXLEN(&ni->ni_savedq, IEEE80211_PS_MAX_QUEUE); 205 #endif 206 } 207 208 void 209 ieee80211_node_detach(struct ifnet *ifp) 210 { 211 struct ieee80211com *ic = (void *)ifp; 212 213 if (ic->ic_bss != NULL) { 214 (*ic->ic_node_free)(ic, ic->ic_bss); 215 ic->ic_bss = NULL; 216 } 217 ieee80211_free_allnodes(ic); 218 #ifndef IEEE80211_STA_ONLY 219 if (ic->ic_aid_bitmap != NULL) 220 free(ic->ic_aid_bitmap, M_DEVBUF); 221 if (ic->ic_tim_bitmap != NULL) 222 free(ic->ic_tim_bitmap, M_DEVBUF); 223 timeout_del(&ic->ic_inact_timeout); 224 timeout_del(&ic->ic_node_cache_timeout); 225 #endif 226 timeout_del(&ic->ic_rsn_timeout); 227 } 228 229 /* 230 * AP scanning support. 231 */ 232 233 /* 234 * Initialize the active channel set based on the set 235 * of available channels and the current PHY mode. 236 */ 237 void 238 ieee80211_reset_scan(struct ifnet *ifp) 239 { 240 struct ieee80211com *ic = (void *)ifp; 241 242 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 243 sizeof(ic->ic_chan_active)); 244 /* NB: hack, setup so next_scan starts with the first channel */ 245 if (ic->ic_bss != NULL && ic->ic_bss->ni_chan == IEEE80211_CHAN_ANYC) 246 ic->ic_bss->ni_chan = &ic->ic_channels[IEEE80211_CHAN_MAX]; 247 } 248 249 /* 250 * Begin an active scan. 251 */ 252 void 253 ieee80211_begin_scan(struct ifnet *ifp) 254 { 255 struct ieee80211com *ic = (void *)ifp; 256 257 if (ic->ic_scan_lock & IEEE80211_SCAN_LOCKED) 258 return; 259 ic->ic_scan_lock |= IEEE80211_SCAN_LOCKED; 260 261 /* 262 * In all but hostap mode scanning starts off in 263 * an active mode before switching to passive. 264 */ 265 #ifndef IEEE80211_STA_ONLY 266 if (ic->ic_opmode != IEEE80211_M_HOSTAP) 267 #endif 268 { 269 ic->ic_flags |= IEEE80211_F_ASCAN; 270 ic->ic_stats.is_scan_active++; 271 } 272 #ifndef IEEE80211_STA_ONLY 273 else 274 ic->ic_stats.is_scan_passive++; 275 #endif 276 if (ifp->if_flags & IFF_DEBUG) 277 printf("%s: begin %s scan\n", ifp->if_xname, 278 (ic->ic_flags & IEEE80211_F_ASCAN) ? 279 "active" : "passive"); 280 281 /* 282 * Flush any previously seen AP's. Note that the latter 283 * assumes we don't act as both an AP and a station, 284 * otherwise we'll potentially flush state of stations 285 * associated with us. 286 */ 287 ieee80211_free_allnodes(ic); 288 289 /* 290 * Reset the current mode. Setting the current mode will also 291 * reset scan state. 292 */ 293 if (IFM_MODE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO) 294 ic->ic_curmode = IEEE80211_MODE_AUTO; 295 ieee80211_setmode(ic, ic->ic_curmode); 296 297 ic->ic_scan_count = 0; 298 299 /* Scan the next channel. */ 300 ieee80211_next_scan(ifp); 301 } 302 303 /* 304 * Switch to the next channel marked for scanning. 305 */ 306 void 307 ieee80211_next_scan(struct ifnet *ifp) 308 { 309 struct ieee80211com *ic = (void *)ifp; 310 struct ieee80211_channel *chan; 311 312 chan = ic->ic_bss->ni_chan; 313 for (;;) { 314 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 315 chan = &ic->ic_channels[0]; 316 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 317 /* 318 * Ignore channels marked passive-only 319 * during an active scan. 320 */ 321 if ((ic->ic_flags & IEEE80211_F_ASCAN) == 0 || 322 (chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0) 323 break; 324 } 325 if (chan == ic->ic_bss->ni_chan) { 326 ieee80211_end_scan(ifp); 327 return; 328 } 329 } 330 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 331 DPRINTF(("chan %d->%d\n", 332 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan), 333 ieee80211_chan2ieee(ic, chan))); 334 ic->ic_bss->ni_chan = chan; 335 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 336 } 337 338 #ifndef IEEE80211_STA_ONLY 339 void 340 ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 341 { 342 struct ieee80211_node *ni; 343 struct ifnet *ifp = &ic->ic_if; 344 345 ni = ic->ic_bss; 346 if (ifp->if_flags & IFF_DEBUG) 347 printf("%s: creating ibss\n", ifp->if_xname); 348 ic->ic_flags |= IEEE80211_F_SIBSS; 349 ni->ni_chan = chan; 350 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 351 ni->ni_txrate = 0; 352 IEEE80211_ADDR_COPY(ni->ni_macaddr, ic->ic_myaddr); 353 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 354 if (ic->ic_opmode == IEEE80211_M_IBSS) { 355 if ((ic->ic_flags & IEEE80211_F_DESBSSID) != 0) 356 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 357 else 358 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 359 } 360 ni->ni_esslen = ic->ic_des_esslen; 361 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 362 ni->ni_rssi = 0; 363 ni->ni_rstamp = 0; 364 memset(ni->ni_tstamp, 0, sizeof(ni->ni_tstamp)); 365 ni->ni_intval = ic->ic_lintval; 366 ni->ni_capinfo = IEEE80211_CAPINFO_IBSS; 367 if (ic->ic_flags & IEEE80211_F_WEPON) 368 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 369 if (ic->ic_flags & IEEE80211_F_RSNON) { 370 struct ieee80211_key *k; 371 372 /* initialize 256-bit global key counter to a random value */ 373 arc4random_buf(ic->ic_globalcnt, EAPOL_KEY_NONCE_LEN); 374 375 ni->ni_rsnprotos = ic->ic_rsnprotos; 376 ni->ni_rsnakms = ic->ic_rsnakms; 377 ni->ni_rsnciphers = ic->ic_rsnciphers; 378 ni->ni_rsngroupcipher = ic->ic_rsngroupcipher; 379 ni->ni_rsngroupmgmtcipher = ic->ic_rsngroupmgmtcipher; 380 ni->ni_rsncaps = 0; 381 if (ic->ic_caps & IEEE80211_C_MFP) { 382 ni->ni_rsncaps |= IEEE80211_RSNCAP_MFPC; 383 if (ic->ic_flags & IEEE80211_F_MFPR) 384 ni->ni_rsncaps |= IEEE80211_RSNCAP_MFPR; 385 } 386 387 ic->ic_def_txkey = 1; 388 k = &ic->ic_nw_keys[ic->ic_def_txkey]; 389 memset(k, 0, sizeof(*k)); 390 k->k_id = ic->ic_def_txkey; 391 k->k_cipher = ni->ni_rsngroupcipher; 392 k->k_flags = IEEE80211_KEY_GROUP | IEEE80211_KEY_TX; 393 k->k_len = ieee80211_cipher_keylen(k->k_cipher); 394 arc4random_buf(k->k_key, k->k_len); 395 (*ic->ic_set_key)(ic, ni, k); /* XXX */ 396 397 if (ic->ic_caps & IEEE80211_C_MFP) { 398 ic->ic_igtk_kid = 4; 399 k = &ic->ic_nw_keys[ic->ic_igtk_kid]; 400 memset(k, 0, sizeof(*k)); 401 k->k_id = ic->ic_igtk_kid; 402 k->k_cipher = ni->ni_rsngroupmgmtcipher; 403 k->k_flags = IEEE80211_KEY_IGTK | IEEE80211_KEY_TX; 404 k->k_len = 16; 405 arc4random_buf(k->k_key, k->k_len); 406 (*ic->ic_set_key)(ic, ni, k); /* XXX */ 407 } 408 /* 409 * In HostAP mode, multicast traffic is sent using ic_bss 410 * as the Tx node, so mark our node as valid so we can send 411 * multicast frames using the group key we've just configured. 412 */ 413 ni->ni_port_valid = 1; 414 ni->ni_flags |= IEEE80211_NODE_TXPROT; 415 416 /* schedule a GTK/IGTK rekeying after 3600s */ 417 timeout_add_sec(&ic->ic_rsn_timeout, 3600); 418 } 419 timeout_add_sec(&ic->ic_inact_timeout, IEEE80211_INACT_WAIT); 420 timeout_add_sec(&ic->ic_node_cache_timeout, IEEE80211_CACHE_WAIT); 421 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 422 } 423 #endif /* IEEE80211_STA_ONLY */ 424 425 int 426 ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 427 { 428 u_int8_t rate; 429 int fail; 430 431 fail = 0; 432 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 433 fail |= 0x01; 434 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 435 ni->ni_chan != ic->ic_des_chan) 436 fail |= 0x01; 437 #ifndef IEEE80211_STA_ONLY 438 if (ic->ic_opmode == IEEE80211_M_IBSS) { 439 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 440 fail |= 0x02; 441 } else 442 #endif 443 { 444 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 445 fail |= 0x02; 446 } 447 if (ic->ic_flags & (IEEE80211_F_WEPON | IEEE80211_F_RSNON)) { 448 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 449 fail |= 0x04; 450 } else { 451 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 452 fail |= 0x04; 453 } 454 455 rate = ieee80211_fix_rate(ic, ni, IEEE80211_F_DONEGO); 456 if (rate & IEEE80211_RATE_BASIC) 457 fail |= 0x08; 458 if (ic->ic_des_esslen != 0 && 459 (ni->ni_esslen != ic->ic_des_esslen || 460 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 461 fail |= 0x10; 462 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 463 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 464 fail |= 0x20; 465 466 if (ic->ic_flags & IEEE80211_F_RSNON) { 467 /* 468 * If at least one RSN IE field from the AP's RSN IE fails 469 * to overlap with any value the STA supports, the STA shall 470 * decline to associate with that AP. 471 */ 472 if ((ni->ni_rsnprotos & ic->ic_rsnprotos) == 0) 473 fail |= 0x40; 474 if ((ni->ni_rsnakms & ic->ic_rsnakms) == 0) 475 fail |= 0x40; 476 if ((ni->ni_rsnakms & ic->ic_rsnakms & 477 ~(IEEE80211_AKM_PSK | IEEE80211_AKM_SHA256_PSK)) == 0) { 478 /* AP only supports PSK AKMPs */ 479 if (!(ic->ic_flags & IEEE80211_F_PSK)) 480 fail |= 0x40; 481 } 482 if (ni->ni_rsngroupcipher != IEEE80211_CIPHER_WEP40 && 483 ni->ni_rsngroupcipher != IEEE80211_CIPHER_TKIP && 484 ni->ni_rsngroupcipher != IEEE80211_CIPHER_CCMP && 485 ni->ni_rsngroupcipher != IEEE80211_CIPHER_WEP104) 486 fail |= 0x40; 487 if ((ni->ni_rsnciphers & ic->ic_rsnciphers) == 0) 488 fail |= 0x40; 489 490 /* we only support BIP as the IGTK cipher */ 491 if ((ni->ni_rsncaps & IEEE80211_RSNCAP_MFPC) && 492 ni->ni_rsngroupmgmtcipher != IEEE80211_CIPHER_BIP) 493 fail |= 0x40; 494 495 /* we do not support MFP but AP requires it */ 496 if (!(ic->ic_caps & IEEE80211_C_MFP) && 497 (ni->ni_rsncaps & IEEE80211_RSNCAP_MFPR)) 498 fail |= 0x40; 499 500 /* we require MFP but AP does not support it */ 501 if ((ic->ic_caps & IEEE80211_C_MFP) && 502 (ic->ic_flags & IEEE80211_F_MFPR) && 503 !(ni->ni_rsncaps & IEEE80211_RSNCAP_MFPC)) 504 fail |= 0x40; 505 } 506 507 #ifdef IEEE80211_DEBUG 508 if (ic->ic_if.if_flags & IFF_DEBUG) { 509 printf(" %c %s", fail ? '-' : '+', 510 ether_sprintf(ni->ni_macaddr)); 511 printf(" %s%c", ether_sprintf(ni->ni_bssid), 512 fail & 0x20 ? '!' : ' '); 513 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 514 fail & 0x01 ? '!' : ' '); 515 printf(" %+4d", ni->ni_rssi); 516 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 517 fail & 0x08 ? '!' : ' '); 518 printf(" %4s%c", 519 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 520 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 521 "????", 522 fail & 0x02 ? '!' : ' '); 523 printf(" %7s%c ", 524 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 525 "privacy" : "no", 526 fail & 0x04 ? '!' : ' '); 527 printf(" %3s%c ", 528 (ic->ic_flags & IEEE80211_F_RSNON) ? 529 "rsn" : "no", 530 fail & 0x40 ? '!' : ' '); 531 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 532 printf("%s\n", fail & 0x10 ? "!" : ""); 533 } 534 #endif 535 return fail; 536 } 537 538 /* 539 * Complete a scan of potential channels. 540 */ 541 void 542 ieee80211_end_scan(struct ifnet *ifp) 543 { 544 struct ieee80211com *ic = (void *)ifp; 545 struct ieee80211_node *ni, *nextbs, *selbs; 546 547 if (ifp->if_flags & IFF_DEBUG) 548 printf("%s: end %s scan\n", ifp->if_xname, 549 (ic->ic_flags & IEEE80211_F_ASCAN) ? 550 "active" : "passive"); 551 552 if (ic->ic_scan_count) 553 ic->ic_flags &= ~IEEE80211_F_ASCAN; 554 555 ni = RB_MIN(ieee80211_tree, &ic->ic_tree); 556 557 #ifndef IEEE80211_STA_ONLY 558 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 559 /* XXX off stack? */ 560 u_char occupied[howmany(IEEE80211_CHAN_MAX, NBBY)]; 561 int i, fail; 562 563 /* 564 * The passive scan to look for existing AP's completed, 565 * select a channel to camp on. Identify the channels 566 * that already have one or more AP's and try to locate 567 * an unnoccupied one. If that fails, pick a random 568 * channel from the active set. 569 */ 570 memset(occupied, 0, sizeof(occupied)); 571 RB_FOREACH(ni, ieee80211_tree, &ic->ic_tree) 572 setbit(occupied, ieee80211_chan2ieee(ic, ni->ni_chan)); 573 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 574 if (isset(ic->ic_chan_active, i) && isclr(occupied, i)) 575 break; 576 if (i == IEEE80211_CHAN_MAX) { 577 fail = arc4random() & 3; /* random 0-3 */ 578 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 579 if (isset(ic->ic_chan_active, i) && fail-- == 0) 580 break; 581 } 582 ieee80211_create_ibss(ic, &ic->ic_channels[i]); 583 goto wakeup; 584 } 585 #endif 586 if (ni == NULL) { 587 DPRINTF(("no scan candidate\n")); 588 notfound: 589 590 #ifndef IEEE80211_STA_ONLY 591 if (ic->ic_opmode == IEEE80211_M_IBSS && 592 (ic->ic_flags & IEEE80211_F_IBSSON) && 593 ic->ic_des_esslen != 0) { 594 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 595 goto wakeup; 596 } 597 #endif 598 /* 599 * Scan the next mode if nothing has been found. This 600 * is necessary if the device supports different 601 * incompatible modes in the same channel range, like 602 * like 11b and "pure" 11G mode. This will loop 603 * forever except for user-initiated scans. 604 */ 605 if (ieee80211_next_mode(ifp) == IEEE80211_MODE_AUTO) { 606 if (ic->ic_scan_lock & IEEE80211_SCAN_REQUEST && 607 ic->ic_scan_lock & IEEE80211_SCAN_RESUME) { 608 ic->ic_scan_lock = IEEE80211_SCAN_LOCKED; 609 /* Return from an user-initiated scan */ 610 wakeup(&ic->ic_scan_lock); 611 } else if (ic->ic_scan_lock & IEEE80211_SCAN_REQUEST) 612 goto wakeup; 613 ic->ic_scan_count++; 614 } 615 616 /* 617 * Reset the list of channels to scan and start again. 618 */ 619 ieee80211_next_scan(ifp); 620 return; 621 } 622 selbs = NULL; 623 624 for (; ni != NULL; ni = nextbs) { 625 nextbs = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); 626 if (ni->ni_fails) { 627 /* 628 * The configuration of the access points may change 629 * during my scan. So delete the entry for the AP 630 * and retry to associate if there is another beacon. 631 */ 632 if (ni->ni_fails++ > 2) 633 ieee80211_free_node(ic, ni); 634 continue; 635 } 636 if (ieee80211_match_bss(ic, ni) == 0) { 637 if (selbs == NULL) 638 selbs = ni; 639 else if (ni->ni_rssi > selbs->ni_rssi) 640 selbs = ni; 641 } 642 } 643 if (selbs == NULL) 644 goto notfound; 645 (*ic->ic_node_copy)(ic, ic->ic_bss, selbs); 646 ni = ic->ic_bss; 647 648 /* 649 * Set the erp state (mostly the slot time) to deal with 650 * the auto-select case; this should be redundant if the 651 * mode is locked. 652 */ 653 ic->ic_curmode = ieee80211_chan2mode(ic, ni->ni_chan); 654 ieee80211_reset_erp(ic); 655 656 if (ic->ic_flags & IEEE80211_F_RSNON) 657 ieee80211_choose_rsnparams(ic); 658 else if (ic->ic_flags & IEEE80211_F_WEPON) 659 ni->ni_rsncipher = IEEE80211_CIPHER_USEGROUP; 660 661 ieee80211_node_newstate(selbs, IEEE80211_STA_BSS); 662 #ifndef IEEE80211_STA_ONLY 663 if (ic->ic_opmode == IEEE80211_M_IBSS) { 664 ieee80211_fix_rate(ic, ni, IEEE80211_F_DOFRATE | 665 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 666 if (ni->ni_rates.rs_nrates == 0) 667 goto notfound; 668 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 669 } else 670 #endif 671 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 672 673 wakeup: 674 if (ic->ic_scan_lock & IEEE80211_SCAN_REQUEST) { 675 /* Return from an user-initiated scan */ 676 wakeup(&ic->ic_scan_lock); 677 } 678 679 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 680 } 681 682 /* 683 * Autoselect the best RSN parameters (protocol, AKMP, pairwise cipher...) 684 * that are supported by both peers (STA mode only). 685 */ 686 void 687 ieee80211_choose_rsnparams(struct ieee80211com *ic) 688 { 689 struct ieee80211_node *ni = ic->ic_bss; 690 struct ieee80211_pmk *pmk; 691 692 /* filter out unsupported protocol versions */ 693 ni->ni_rsnprotos &= ic->ic_rsnprotos; 694 /* prefer RSN (aka WPA2) over WPA */ 695 if (ni->ni_rsnprotos & IEEE80211_PROTO_RSN) 696 ni->ni_rsnprotos = IEEE80211_PROTO_RSN; 697 else 698 ni->ni_rsnprotos = IEEE80211_PROTO_WPA; 699 700 /* filter out unsupported AKMPs */ 701 ni->ni_rsnakms &= ic->ic_rsnakms; 702 /* prefer SHA-256 based AKMPs */ 703 if ((ic->ic_flags & IEEE80211_F_PSK) && (ni->ni_rsnakms & 704 (IEEE80211_AKM_PSK | IEEE80211_AKM_SHA256_PSK))) { 705 /* AP supports PSK AKMP and a PSK is configured */ 706 if (ni->ni_rsnakms & IEEE80211_AKM_SHA256_PSK) 707 ni->ni_rsnakms = IEEE80211_AKM_SHA256_PSK; 708 else 709 ni->ni_rsnakms = IEEE80211_AKM_PSK; 710 } else { 711 if (ni->ni_rsnakms & IEEE80211_AKM_SHA256_8021X) 712 ni->ni_rsnakms = IEEE80211_AKM_SHA256_8021X; 713 else 714 ni->ni_rsnakms = IEEE80211_AKM_8021X; 715 /* check if we have a cached PMK for this AP */ 716 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN && 717 (pmk = ieee80211_pmksa_find(ic, ni, NULL)) != NULL) { 718 memcpy(ni->ni_pmkid, pmk->pmk_pmkid, 719 IEEE80211_PMKID_LEN); 720 ni->ni_flags |= IEEE80211_NODE_PMKID; 721 } 722 } 723 724 /* filter out unsupported pairwise ciphers */ 725 ni->ni_rsnciphers &= ic->ic_rsnciphers; 726 /* prefer CCMP over TKIP */ 727 if (ni->ni_rsnciphers & IEEE80211_CIPHER_CCMP) 728 ni->ni_rsnciphers = IEEE80211_CIPHER_CCMP; 729 else 730 ni->ni_rsnciphers = IEEE80211_CIPHER_TKIP; 731 ni->ni_rsncipher = ni->ni_rsnciphers; 732 733 /* use MFP if we both support it */ 734 if ((ic->ic_caps & IEEE80211_C_MFP) && 735 (ni->ni_rsncaps & IEEE80211_RSNCAP_MFPC)) 736 ni->ni_flags |= IEEE80211_NODE_MFP; 737 } 738 739 int 740 ieee80211_get_rate(struct ieee80211com *ic) 741 { 742 u_int8_t (*rates)[IEEE80211_RATE_MAXSIZE]; 743 int rate; 744 745 rates = &ic->ic_bss->ni_rates.rs_rates; 746 747 if (ic->ic_fixed_rate != -1) 748 rate = (*rates)[ic->ic_fixed_rate]; 749 else if (ic->ic_state == IEEE80211_S_RUN) 750 rate = (*rates)[ic->ic_bss->ni_txrate]; 751 else 752 rate = 0; 753 754 return rate & IEEE80211_RATE_VAL; 755 } 756 757 struct ieee80211_node * 758 ieee80211_node_alloc(struct ieee80211com *ic) 759 { 760 return malloc(sizeof(struct ieee80211_node), M_DEVBUF, 761 M_NOWAIT | M_ZERO); 762 } 763 764 void 765 ieee80211_node_cleanup(struct ieee80211com *ic, struct ieee80211_node *ni) 766 { 767 if (ni->ni_rsnie != NULL) { 768 free(ni->ni_rsnie, M_DEVBUF); 769 ni->ni_rsnie = NULL; 770 } 771 } 772 773 void 774 ieee80211_node_free(struct ieee80211com *ic, struct ieee80211_node *ni) 775 { 776 ieee80211_node_cleanup(ic, ni); 777 free(ni, M_DEVBUF); 778 } 779 780 void 781 ieee80211_node_copy(struct ieee80211com *ic, 782 struct ieee80211_node *dst, const struct ieee80211_node *src) 783 { 784 ieee80211_node_cleanup(ic, dst); 785 *dst = *src; 786 dst->ni_rsnie = NULL; 787 if (src->ni_rsnie != NULL) 788 ieee80211_save_ie(src->ni_rsnie, &dst->ni_rsnie); 789 } 790 791 u_int8_t 792 ieee80211_node_getrssi(struct ieee80211com *ic, 793 const struct ieee80211_node *ni) 794 { 795 return ni->ni_rssi; 796 } 797 798 void 799 ieee80211_setup_node(struct ieee80211com *ic, 800 struct ieee80211_node *ni, const u_int8_t *macaddr) 801 { 802 int s; 803 804 DPRINTF(("%s\n", ether_sprintf((u_int8_t *)macaddr))); 805 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 806 ieee80211_node_newstate(ni, IEEE80211_STA_CACHE); 807 808 ni->ni_ic = ic; /* back-pointer */ 809 #ifndef IEEE80211_STA_ONLY 810 IFQ_SET_MAXLEN(&ni->ni_savedq, IEEE80211_PS_MAX_QUEUE); 811 timeout_set(&ni->ni_eapol_to, ieee80211_eapol_timeout, ni); 812 timeout_set(&ni->ni_sa_query_to, ieee80211_sa_query_timeout, ni); 813 #endif 814 s = splnet(); 815 RB_INSERT(ieee80211_tree, &ic->ic_tree, ni); 816 ic->ic_nnodes++; 817 splx(s); 818 } 819 820 struct ieee80211_node * 821 ieee80211_alloc_node(struct ieee80211com *ic, const u_int8_t *macaddr) 822 { 823 struct ieee80211_node *ni = ieee80211_alloc_node_helper(ic); 824 if (ni != NULL) 825 ieee80211_setup_node(ic, ni, macaddr); 826 else 827 ic->ic_stats.is_rx_nodealloc++; 828 return ni; 829 } 830 831 struct ieee80211_node * 832 ieee80211_dup_bss(struct ieee80211com *ic, const u_int8_t *macaddr) 833 { 834 struct ieee80211_node *ni = ieee80211_alloc_node_helper(ic); 835 if (ni != NULL) { 836 ieee80211_setup_node(ic, ni, macaddr); 837 /* 838 * Inherit from ic_bss. 839 */ 840 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 841 ni->ni_chan = ic->ic_bss->ni_chan; 842 } else 843 ic->ic_stats.is_rx_nodealloc++; 844 return ni; 845 } 846 847 struct ieee80211_node * 848 ieee80211_find_node(struct ieee80211com *ic, const u_int8_t *macaddr) 849 { 850 struct ieee80211_node *ni; 851 int cmp; 852 853 /* similar to RB_FIND except we compare keys, not nodes */ 854 ni = RB_ROOT(&ic->ic_tree); 855 while (ni != NULL) { 856 cmp = memcmp(macaddr, ni->ni_macaddr, IEEE80211_ADDR_LEN); 857 if (cmp < 0) 858 ni = RB_LEFT(ni, ni_node); 859 else if (cmp > 0) 860 ni = RB_RIGHT(ni, ni_node); 861 else 862 break; 863 } 864 return ni; 865 } 866 867 /* 868 * Return a reference to the appropriate node for sending 869 * a data frame. This handles node discovery in adhoc networks. 870 * 871 * Drivers will call this, so increase the reference count before 872 * returning the node. 873 */ 874 struct ieee80211_node * 875 ieee80211_find_txnode(struct ieee80211com *ic, const u_int8_t *macaddr) 876 { 877 #ifndef IEEE80211_STA_ONLY 878 struct ieee80211_node *ni; 879 int s; 880 #endif 881 882 /* 883 * The destination address should be in the node table 884 * unless we are operating in station mode or this is a 885 * multicast/broadcast frame. 886 */ 887 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 888 return ieee80211_ref_node(ic->ic_bss); 889 890 #ifndef IEEE80211_STA_ONLY 891 s = splnet(); 892 ni = ieee80211_find_node(ic, macaddr); 893 splx(s); 894 if (ni == NULL) { 895 if (ic->ic_opmode != IEEE80211_M_IBSS && 896 ic->ic_opmode != IEEE80211_M_AHDEMO) 897 return NULL; 898 899 /* 900 * Fake up a node; this handles node discovery in 901 * adhoc mode. Note that for the driver's benefit 902 * we we treat this like an association so the driver 903 * has an opportunity to setup its private state. 904 * 905 * XXX need better way to handle this; issue probe 906 * request so we can deduce rate set, etc. 907 */ 908 if ((ni = ieee80211_dup_bss(ic, macaddr)) == NULL) 909 return NULL; 910 /* XXX no rate negotiation; just dup */ 911 ni->ni_rates = ic->ic_bss->ni_rates; 912 ni->ni_txrate = 0; 913 if (ic->ic_newassoc) 914 (*ic->ic_newassoc)(ic, ni, 1); 915 } 916 return ieee80211_ref_node(ni); 917 #else 918 return NULL; /* can't get there */ 919 #endif /* IEEE80211_STA_ONLY */ 920 } 921 922 /* 923 * It is usually desirable to process a Rx packet using its sender's 924 * node-record instead of the BSS record. 925 * 926 * - AP mode: keep a node-record for every authenticated/associated 927 * station *in the BSS*. For future use, we also track neighboring 928 * APs, since they might belong to the same ESS. APs in the same 929 * ESS may bridge packets to each other, forming a Wireless 930 * Distribution System (WDS). 931 * 932 * - IBSS mode: keep a node-record for every station *in the BSS*. 933 * Also track neighboring stations by their beacons/probe responses. 934 * 935 * - monitor mode: keep a node-record for every sender, regardless 936 * of BSS. 937 * 938 * - STA mode: the only available node-record is the BSS record, 939 * ic->ic_bss. 940 * 941 * Of all the 802.11 Control packets, only the node-records for 942 * RTS packets node-record can be looked up. 943 * 944 * Return non-zero if the packet's node-record is kept, zero 945 * otherwise. 946 */ 947 static __inline int 948 ieee80211_needs_rxnode(struct ieee80211com *ic, 949 const struct ieee80211_frame *wh, const u_int8_t **bssid) 950 { 951 int monitor, rc = 0; 952 953 monitor = (ic->ic_opmode == IEEE80211_M_MONITOR); 954 955 *bssid = NULL; 956 957 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 958 case IEEE80211_FC0_TYPE_CTL: 959 if (!monitor) 960 break; 961 return (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 962 IEEE80211_FC0_SUBTYPE_RTS; 963 case IEEE80211_FC0_TYPE_MGT: 964 *bssid = wh->i_addr3; 965 switch (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) { 966 case IEEE80211_FC0_SUBTYPE_BEACON: 967 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 968 break; 969 default: 970 #ifndef IEEE80211_STA_ONLY 971 if (ic->ic_opmode == IEEE80211_M_STA) 972 break; 973 rc = IEEE80211_ADDR_EQ(*bssid, ic->ic_bss->ni_bssid) || 974 IEEE80211_ADDR_EQ(*bssid, etherbroadcastaddr); 975 #endif 976 break; 977 } 978 break; 979 case IEEE80211_FC0_TYPE_DATA: 980 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 981 case IEEE80211_FC1_DIR_NODS: 982 *bssid = wh->i_addr3; 983 #ifndef IEEE80211_STA_ONLY 984 if (ic->ic_opmode == IEEE80211_M_IBSS || 985 ic->ic_opmode == IEEE80211_M_AHDEMO) 986 rc = IEEE80211_ADDR_EQ(*bssid, 987 ic->ic_bss->ni_bssid); 988 #endif 989 break; 990 case IEEE80211_FC1_DIR_TODS: 991 *bssid = wh->i_addr1; 992 #ifndef IEEE80211_STA_ONLY 993 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 994 rc = IEEE80211_ADDR_EQ(*bssid, 995 ic->ic_bss->ni_bssid); 996 #endif 997 break; 998 case IEEE80211_FC1_DIR_FROMDS: 999 case IEEE80211_FC1_DIR_DSTODS: 1000 *bssid = wh->i_addr2; 1001 #ifndef IEEE80211_STA_ONLY 1002 rc = (ic->ic_opmode == IEEE80211_M_HOSTAP); 1003 #endif 1004 break; 1005 } 1006 break; 1007 } 1008 return monitor || rc; 1009 } 1010 1011 /* 1012 * Drivers call this, so increase the reference count before returning 1013 * the node. 1014 */ 1015 struct ieee80211_node * 1016 ieee80211_find_rxnode(struct ieee80211com *ic, 1017 const struct ieee80211_frame *wh) 1018 { 1019 static const u_int8_t zero[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 1020 struct ieee80211_node *ni; 1021 const u_int8_t *bssid; 1022 int s; 1023 1024 if (!ieee80211_needs_rxnode(ic, wh, &bssid)) 1025 return ieee80211_ref_node(ic->ic_bss); 1026 1027 s = splnet(); 1028 ni = ieee80211_find_node(ic, wh->i_addr2); 1029 splx(s); 1030 1031 if (ni != NULL) 1032 return ieee80211_ref_node(ni); 1033 #ifndef IEEE80211_STA_ONLY 1034 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 1035 return ieee80211_ref_node(ic->ic_bss); 1036 #endif 1037 /* XXX see remarks in ieee80211_find_txnode */ 1038 /* XXX no rate negotiation; just dup */ 1039 if ((ni = ieee80211_dup_bss(ic, wh->i_addr2)) == NULL) 1040 return ieee80211_ref_node(ic->ic_bss); 1041 1042 IEEE80211_ADDR_COPY(ni->ni_bssid, (bssid != NULL) ? bssid : zero); 1043 1044 ni->ni_rates = ic->ic_bss->ni_rates; 1045 ni->ni_txrate = 0; 1046 if (ic->ic_newassoc) 1047 (*ic->ic_newassoc)(ic, ni, 1); 1048 1049 DPRINTF(("faked-up node %p for %s\n", ni, 1050 ether_sprintf((u_int8_t *)wh->i_addr2))); 1051 1052 return ieee80211_ref_node(ni); 1053 } 1054 1055 struct ieee80211_node * 1056 ieee80211_find_node_for_beacon(struct ieee80211com *ic, 1057 const u_int8_t *macaddr, const struct ieee80211_channel *chan, 1058 const char *ssid, u_int8_t rssi) 1059 { 1060 struct ieee80211_node *ni, *keep = NULL; 1061 int s, score = 0; 1062 1063 if ((ni = ieee80211_find_node(ic, macaddr)) != NULL) { 1064 s = splnet(); 1065 1066 if (ni->ni_chan != chan && ni->ni_rssi >= rssi) 1067 score++; 1068 if (ssid[1] == 0 && ni->ni_esslen != 0) 1069 score++; 1070 if (score > 0) 1071 keep = ni; 1072 1073 splx(s); 1074 } 1075 1076 return (keep); 1077 } 1078 1079 void 1080 ieee80211_free_node(struct ieee80211com *ic, struct ieee80211_node *ni) 1081 { 1082 if (ni == ic->ic_bss) 1083 panic("freeing bss node"); 1084 1085 splassert(IPL_NET); 1086 1087 DPRINTF(("%s\n", ether_sprintf(ni->ni_macaddr))); 1088 #ifndef IEEE80211_STA_ONLY 1089 timeout_del(&ni->ni_eapol_to); 1090 timeout_del(&ni->ni_sa_query_to); 1091 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1092 #endif 1093 RB_REMOVE(ieee80211_tree, &ic->ic_tree, ni); 1094 ic->ic_nnodes--; 1095 #ifndef IEEE80211_STA_ONLY 1096 if (!IF_IS_EMPTY(&ni->ni_savedq)) { 1097 IF_PURGE(&ni->ni_savedq); 1098 if (ic->ic_set_tim != NULL) 1099 (*ic->ic_set_tim)(ic, ni->ni_associd, 0); 1100 } 1101 #endif 1102 (*ic->ic_node_free)(ic, ni); 1103 /* TBD indicate to drivers that a new node can be allocated */ 1104 } 1105 1106 void 1107 ieee80211_release_node(struct ieee80211com *ic, struct ieee80211_node *ni) 1108 { 1109 int s; 1110 1111 DPRINTF(("%s refcnt %u\n", ether_sprintf(ni->ni_macaddr), 1112 ni->ni_refcnt)); 1113 s = splnet(); 1114 if (ieee80211_node_decref(ni) == 0 && 1115 ni->ni_state == IEEE80211_STA_COLLECT) { 1116 ieee80211_free_node(ic, ni); 1117 } 1118 splx(s); 1119 } 1120 1121 void 1122 ieee80211_free_allnodes(struct ieee80211com *ic) 1123 { 1124 struct ieee80211_node *ni; 1125 int s; 1126 1127 DPRINTF(("freeing all nodes\n")); 1128 s = splnet(); 1129 while ((ni = RB_MIN(ieee80211_tree, &ic->ic_tree)) != NULL) 1130 ieee80211_free_node(ic, ni); 1131 splx(s); 1132 1133 if (ic->ic_bss != NULL) 1134 ieee80211_node_cleanup(ic, ic->ic_bss); /* for station mode */ 1135 } 1136 1137 /* 1138 * Timeout inactive nodes. 1139 * 1140 * If called because of a cache timeout, which happens only in hostap and ibss 1141 * modes, clean all inactive cached or authenticated nodes but don't de-auth 1142 * any associated nodes. 1143 * 1144 * Else, this function is called because a new node must be allocated but the 1145 * node cache is full. In this case, return as soon as a free slot was made 1146 * available. If acting as hostap, clean cached nodes regardless of their 1147 * recent activity and also allow de-authing of authenticated nodes older 1148 * than one cache wait interval, and de-authing of inactive associated nodes. 1149 */ 1150 void 1151 ieee80211_clean_nodes(struct ieee80211com *ic, int cache_timeout) 1152 { 1153 struct ieee80211_node *ni, *next_ni; 1154 u_int gen = ic->ic_scangen++; /* NB: ok 'cuz single-threaded*/ 1155 int s; 1156 #ifndef IEEE80211_STA_ONLY 1157 int nnodes = 0; 1158 struct ifnet *ifp = &ic->ic_if; 1159 #endif 1160 1161 s = splnet(); 1162 for (ni = RB_MIN(ieee80211_tree, &ic->ic_tree); 1163 ni != NULL; ni = next_ni) { 1164 next_ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); 1165 if (!cache_timeout && ic->ic_nnodes < ic->ic_max_nnodes) 1166 break; 1167 if (ni->ni_scangen == gen) /* previously handled */ 1168 continue; 1169 #ifndef IEEE80211_STA_ONLY 1170 nnodes++; 1171 #endif 1172 ni->ni_scangen = gen; 1173 if (ni->ni_refcnt > 0) 1174 continue; 1175 #ifndef IEEE80211_STA_ONLY 1176 if ((ic->ic_opmode == IEEE80211_M_HOSTAP || 1177 ic->ic_opmode == IEEE80211_M_IBSS) && 1178 ic->ic_state == IEEE80211_S_RUN) { 1179 if (cache_timeout) { 1180 if (ni->ni_state != IEEE80211_STA_COLLECT && 1181 (ni->ni_state == IEEE80211_STA_ASSOC || 1182 ni->ni_inact < IEEE80211_INACT_MAX)) 1183 continue; 1184 } else { 1185 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 1186 ((ni->ni_state == IEEE80211_STA_ASSOC && 1187 ni->ni_inact < IEEE80211_INACT_MAX) || 1188 (ni->ni_state == IEEE80211_STA_AUTH && 1189 ni->ni_inact == 0))) 1190 continue; 1191 1192 if (ic->ic_opmode == IEEE80211_M_IBSS && 1193 ni->ni_state != IEEE80211_STA_COLLECT && 1194 ni->ni_state != IEEE80211_STA_CACHE && 1195 ni->ni_inact < IEEE80211_INACT_MAX) 1196 continue; 1197 } 1198 } 1199 if (ifp->if_flags & IFF_DEBUG) 1200 printf("%s: station %s purged from node cache\n", 1201 ifp->if_xname, ether_sprintf(ni->ni_macaddr)); 1202 #endif 1203 /* 1204 * If we're hostap and the node is authenticated, send 1205 * a deauthentication frame. The node will be freed when 1206 * the driver calls ieee80211_release_node(). 1207 */ 1208 #ifndef IEEE80211_STA_ONLY 1209 nnodes--; 1210 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 1211 ni->ni_state >= IEEE80211_STA_AUTH && 1212 ni->ni_state != IEEE80211_STA_COLLECT) { 1213 splx(s); 1214 IEEE80211_SEND_MGMT(ic, ni, 1215 IEEE80211_FC0_SUBTYPE_DEAUTH, 1216 IEEE80211_REASON_AUTH_EXPIRE); 1217 s = splnet(); 1218 ieee80211_node_leave(ic, ni); 1219 } else 1220 #endif 1221 ieee80211_free_node(ic, ni); 1222 ic->ic_stats.is_node_timeout++; 1223 } 1224 1225 #ifndef IEEE80211_STA_ONLY 1226 /* 1227 * During a cache timeout we iterate over all nodes. 1228 * Check for node leaks by comparing the actual number of cached 1229 * nodes with the ic_nnodes count, which is maintained while adding 1230 * and removing nodes from the cache. 1231 */ 1232 if ((ifp->if_flags & IFF_DEBUG) && cache_timeout && 1233 nnodes != ic->ic_nnodes) 1234 printf("%s: number of cached nodes is %d, expected %d," 1235 "possible nodes leak\n", ifp->if_xname, nnodes, 1236 ic->ic_nnodes); 1237 #endif 1238 splx(s); 1239 } 1240 1241 void 1242 ieee80211_iterate_nodes(struct ieee80211com *ic, ieee80211_iter_func *f, 1243 void *arg) 1244 { 1245 struct ieee80211_node *ni; 1246 int s; 1247 1248 s = splnet(); 1249 RB_FOREACH(ni, ieee80211_tree, &ic->ic_tree) 1250 (*f)(arg, ni); 1251 splx(s); 1252 } 1253 1254 /* 1255 * Install received rate set information in the node's state block. 1256 */ 1257 int 1258 ieee80211_setup_rates(struct ieee80211com *ic, struct ieee80211_node *ni, 1259 const u_int8_t *rates, const u_int8_t *xrates, int flags) 1260 { 1261 struct ieee80211_rateset *rs = &ni->ni_rates; 1262 1263 memset(rs, 0, sizeof(*rs)); 1264 rs->rs_nrates = rates[1]; 1265 memcpy(rs->rs_rates, rates + 2, rs->rs_nrates); 1266 if (xrates != NULL) { 1267 u_int8_t nxrates; 1268 /* 1269 * Tack on 11g extended supported rate element. 1270 */ 1271 nxrates = xrates[1]; 1272 if (rs->rs_nrates + nxrates > IEEE80211_RATE_MAXSIZE) { 1273 nxrates = IEEE80211_RATE_MAXSIZE - rs->rs_nrates; 1274 DPRINTF(("extended rate set too large; " 1275 "only using %u of %u rates\n", 1276 nxrates, xrates[1])); 1277 ic->ic_stats.is_rx_rstoobig++; 1278 } 1279 memcpy(rs->rs_rates + rs->rs_nrates, xrates+2, nxrates); 1280 rs->rs_nrates += nxrates; 1281 } 1282 return ieee80211_fix_rate(ic, ni, flags); 1283 } 1284 1285 #ifndef IEEE80211_STA_ONLY 1286 /* 1287 * Check if the specified node supports ERP. 1288 */ 1289 int 1290 ieee80211_iserp_sta(const struct ieee80211_node *ni) 1291 { 1292 #define N(a) (sizeof (a) / sizeof (a)[0]) 1293 static const u_int8_t rates[] = { 2, 4, 11, 22, 12, 24, 48 }; 1294 const struct ieee80211_rateset *rs = &ni->ni_rates; 1295 int i, j; 1296 1297 /* 1298 * A STA supports ERP operation if it includes all the Clause 19 1299 * mandatory rates in its supported rate set. 1300 */ 1301 for (i = 0; i < N(rates); i++) { 1302 for (j = 0; j < rs->rs_nrates; j++) { 1303 if ((rs->rs_rates[j] & IEEE80211_RATE_VAL) == rates[i]) 1304 break; 1305 } 1306 if (j == rs->rs_nrates) 1307 return 0; 1308 } 1309 return 1; 1310 #undef N 1311 } 1312 1313 /* 1314 * This function is called to notify the 802.1X PACP machine that a new 1315 * 802.1X port is enabled and must be authenticated. For 802.11, a port 1316 * becomes enabled whenever a STA successfully completes Open System 1317 * authentication with an AP. 1318 */ 1319 void 1320 ieee80211_needs_auth(struct ieee80211com *ic, struct ieee80211_node *ni) 1321 { 1322 /* 1323 * XXX this could be done via the route socket of via a dedicated 1324 * EAP socket or another kernel->userland notification mechanism. 1325 * The notification should include the MAC address (ni_macaddr). 1326 */ 1327 } 1328 1329 #ifndef IEEE80211_NO_HT 1330 /* 1331 * Handle an HT STA joining an HT network. 1332 */ 1333 void 1334 ieee80211_node_join_ht(struct ieee80211com *ic, struct ieee80211_node *ni) 1335 { 1336 /* TBD */ 1337 } 1338 #endif /* !IEEE80211_NO_HT */ 1339 1340 /* 1341 * Handle a station joining an RSN network. 1342 */ 1343 void 1344 ieee80211_node_join_rsn(struct ieee80211com *ic, struct ieee80211_node *ni) 1345 { 1346 DPRINTF(("station %s associated using proto %d akm 0x%x " 1347 "cipher 0x%x groupcipher 0x%x\n", ether_sprintf(ni->ni_macaddr), 1348 ni->ni_rsnprotos, ni->ni_rsnakms, ni->ni_rsnciphers, 1349 ni->ni_rsngroupcipher)); 1350 1351 ni->ni_rsn_state = RSNA_AUTHENTICATION; 1352 ic->ic_rsnsta++; 1353 1354 ni->ni_key_count = 0; 1355 ni->ni_port_valid = 0; 1356 ni->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 1357 ni->ni_replaycnt = -1; /* XXX */ 1358 ni->ni_rsn_retries = 0; 1359 ni->ni_rsncipher = ni->ni_rsnciphers; 1360 1361 ni->ni_rsn_state = RSNA_AUTHENTICATION_2; 1362 1363 /* generate a new authenticator nonce (ANonce) */ 1364 arc4random_buf(ni->ni_nonce, EAPOL_KEY_NONCE_LEN); 1365 1366 if (!ieee80211_is_8021x_akm(ni->ni_rsnakms)) { 1367 memcpy(ni->ni_pmk, ic->ic_psk, IEEE80211_PMK_LEN); 1368 ni->ni_flags |= IEEE80211_NODE_PMK; 1369 (void)ieee80211_send_4way_msg1(ic, ni); 1370 } else if (ni->ni_flags & IEEE80211_NODE_PMK) { 1371 /* skip 802.1X auth if a cached PMK was found */ 1372 (void)ieee80211_send_4way_msg1(ic, ni); 1373 } else { 1374 /* no cached PMK found, needs full 802.1X auth */ 1375 ieee80211_needs_auth(ic, ni); 1376 } 1377 } 1378 1379 /* 1380 * Handle a station joining an 11g network. 1381 */ 1382 void 1383 ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1384 { 1385 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)) { 1386 /* 1387 * Joining STA doesn't support short slot time. We must 1388 * disable the use of short slot time for all other associated 1389 * STAs and give the driver a chance to reconfigure the 1390 * hardware. 1391 */ 1392 if (++ic->ic_longslotsta == 1) { 1393 if (ic->ic_caps & IEEE80211_C_SHSLOT) 1394 ieee80211_set_shortslottime(ic, 0); 1395 } 1396 DPRINTF(("[%s] station needs long slot time, count %d\n", 1397 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta)); 1398 } 1399 1400 if (!ieee80211_iserp_sta(ni)) { 1401 /* 1402 * Joining STA is non-ERP. 1403 */ 1404 ic->ic_nonerpsta++; 1405 1406 DPRINTF(("[%s] station is non-ERP, %d non-ERP " 1407 "stations associated\n", ether_sprintf(ni->ni_macaddr), 1408 ic->ic_nonerpsta)); 1409 1410 /* must enable the use of protection */ 1411 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 1412 DPRINTF(("enable use of protection\n")); 1413 ic->ic_flags |= IEEE80211_F_USEPROT; 1414 } 1415 1416 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE)) 1417 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 1418 } else 1419 ni->ni_flags |= IEEE80211_NODE_ERP; 1420 } 1421 1422 void 1423 ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, 1424 int resp) 1425 { 1426 int newassoc; 1427 1428 if (ni->ni_associd == 0) { 1429 u_int16_t aid; 1430 1431 /* 1432 * It would be clever to search the bitmap 1433 * more efficiently, but this will do for now. 1434 */ 1435 for (aid = 1; aid < ic->ic_max_aid; aid++) { 1436 if (!IEEE80211_AID_ISSET(aid, 1437 ic->ic_aid_bitmap)) 1438 break; 1439 } 1440 if (aid >= ic->ic_max_aid) { 1441 IEEE80211_SEND_MGMT(ic, ni, resp, 1442 IEEE80211_REASON_ASSOC_TOOMANY); 1443 ieee80211_node_leave(ic, ni); 1444 return; 1445 } 1446 ni->ni_associd = aid | 0xc000; 1447 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 1448 newassoc = 1; 1449 if (ic->ic_curmode == IEEE80211_MODE_11G) 1450 ieee80211_node_join_11g(ic, ni); 1451 } else 1452 newassoc = 0; 1453 1454 DPRINTF(("station %s %s associated at aid %d\n", 1455 ether_sprintf(ni->ni_macaddr), newassoc ? "newly" : "already", 1456 ni->ni_associd & ~0xc000)); 1457 1458 /* give driver a chance to setup state like ni_txrate */ 1459 if (ic->ic_newassoc) 1460 (*ic->ic_newassoc)(ic, ni, newassoc); 1461 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 1462 ieee80211_node_newstate(ni, IEEE80211_STA_ASSOC); 1463 1464 if (!(ic->ic_flags & IEEE80211_F_RSNON)) { 1465 ni->ni_port_valid = 1; 1466 ni->ni_rsncipher = IEEE80211_CIPHER_USEGROUP; 1467 } else 1468 ieee80211_node_join_rsn(ic, ni); 1469 1470 #ifndef IEEE80211_NO_HT 1471 if (ni->ni_flags & IEEE80211_NODE_HT) 1472 ieee80211_node_join_ht(ic, ni); 1473 #endif 1474 1475 #if NBRIDGE > 0 1476 /* 1477 * If the parent interface is a bridgeport, learn 1478 * the node's address dynamically on this interface. 1479 */ 1480 if (ic->ic_if.if_bridgeport != NULL) 1481 bridge_update(&ic->ic_if, 1482 (struct ether_addr *)ni->ni_macaddr, 0); 1483 #endif 1484 } 1485 1486 #ifndef IEEE80211_NO_HT 1487 /* 1488 * Handle an HT STA leaving an HT network. 1489 */ 1490 void 1491 ieee80211_node_leave_ht(struct ieee80211com *ic, struct ieee80211_node *ni) 1492 { 1493 struct ieee80211_rx_ba *ba; 1494 u_int8_t tid; 1495 int i; 1496 1497 /* free all Block Ack records */ 1498 for (tid = 0; tid < IEEE80211_NUM_TID; tid++) { 1499 ba = &ni->ni_rx_ba[tid]; 1500 if (ba->ba_buf != NULL) { 1501 for (i = 0; i < IEEE80211_BA_MAX_WINSZ; i++) 1502 if (ba->ba_buf[i].m != NULL) 1503 m_freem(ba->ba_buf[i].m); 1504 free(ba->ba_buf, M_DEVBUF); 1505 ba->ba_buf = NULL; 1506 } 1507 } 1508 } 1509 #endif /* !IEEE80211_NO_HT */ 1510 1511 /* 1512 * Handle a station leaving an RSN network. 1513 */ 1514 void 1515 ieee80211_node_leave_rsn(struct ieee80211com *ic, struct ieee80211_node *ni) 1516 { 1517 ni->ni_rsn_state = RSNA_DISCONNECTED; 1518 ic->ic_rsnsta--; 1519 1520 ni->ni_rsn_state = RSNA_INITIALIZE; 1521 if ((ni->ni_flags & IEEE80211_NODE_REKEY) && 1522 --ic->ic_rsn_keydonesta == 0) 1523 ieee80211_setkeysdone(ic); 1524 ni->ni_flags &= ~IEEE80211_NODE_REKEY; 1525 1526 ni->ni_flags &= ~IEEE80211_NODE_PMK; 1527 ni->ni_rsn_gstate = RSNA_IDLE; 1528 1529 timeout_del(&ni->ni_eapol_to); 1530 timeout_del(&ni->ni_sa_query_to); 1531 1532 ni->ni_rsn_retries = 0; 1533 ni->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 1534 ni->ni_port_valid = 0; 1535 (*ic->ic_delete_key)(ic, ni, &ni->ni_pairwise_key); 1536 } 1537 1538 /* 1539 * Handle a station leaving an 11g network. 1540 */ 1541 void 1542 ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1543 { 1544 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)) { 1545 #ifdef DIAGNOSTIC 1546 if (ic->ic_longslotsta == 0) { 1547 panic("bogus long slot station count %d", 1548 ic->ic_longslotsta); 1549 } 1550 #endif 1551 /* leaving STA did not support short slot time */ 1552 if (--ic->ic_longslotsta == 0) { 1553 /* 1554 * All associated STAs now support short slot time, so 1555 * enable this feature and give the driver a chance to 1556 * reconfigure the hardware. Notice that IBSS always 1557 * use a long slot time. 1558 */ 1559 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 1560 ic->ic_opmode != IEEE80211_M_IBSS) 1561 ieee80211_set_shortslottime(ic, 1); 1562 } 1563 DPRINTF(("[%s] long slot time station leaves, count %d\n", 1564 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta)); 1565 } 1566 1567 if (!(ni->ni_flags & IEEE80211_NODE_ERP)) { 1568 #ifdef DIAGNOSTIC 1569 if (ic->ic_nonerpsta == 0) { 1570 panic("bogus non-ERP station count %d", 1571 ic->ic_nonerpsta); 1572 } 1573 #endif 1574 /* leaving STA was non-ERP */ 1575 if (--ic->ic_nonerpsta == 0) { 1576 /* 1577 * All associated STAs are now ERP capable, disable use 1578 * of protection and re-enable short preamble support. 1579 */ 1580 ic->ic_flags &= ~IEEE80211_F_USEPROT; 1581 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) 1582 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 1583 } 1584 DPRINTF(("[%s] non-ERP station leaves, count %d\n", 1585 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta)); 1586 } 1587 } 1588 1589 /* 1590 * Handle bookkeeping for station deauthentication/disassociation 1591 * when operating as an ap. 1592 */ 1593 void 1594 ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 1595 { 1596 if (ic->ic_opmode != IEEE80211_M_HOSTAP) 1597 panic("not in ap mode, mode %u", ic->ic_opmode); 1598 /* 1599 * If node wasn't previously associated all we need to do is 1600 * reclaim the reference. 1601 */ 1602 if (ni->ni_associd == 0) { 1603 ieee80211_node_newstate(ni, IEEE80211_STA_COLLECT); 1604 return; 1605 } 1606 1607 if (ni->ni_pwrsave == IEEE80211_PS_DOZE) { 1608 ic->ic_pssta--; 1609 ni->ni_pwrsave = IEEE80211_PS_AWAKE; 1610 } 1611 1612 if (!IF_IS_EMPTY(&ni->ni_savedq)) { 1613 IF_PURGE(&ni->ni_savedq); 1614 if (ic->ic_set_tim != NULL) 1615 (*ic->ic_set_tim)(ic, ni->ni_associd, 0); 1616 } 1617 1618 if (ic->ic_flags & IEEE80211_F_RSNON) 1619 ieee80211_node_leave_rsn(ic, ni); 1620 1621 if (ic->ic_curmode == IEEE80211_MODE_11G) 1622 ieee80211_node_leave_11g(ic, ni); 1623 1624 #ifndef IEEE80211_NO_HT 1625 if (ni->ni_flags & IEEE80211_NODE_HT) 1626 ieee80211_node_leave_ht(ic, ni); 1627 #endif 1628 1629 if (ic->ic_node_leave != NULL) 1630 (*ic->ic_node_leave)(ic, ni); 1631 1632 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1633 ni->ni_associd = 0; 1634 ieee80211_node_newstate(ni, IEEE80211_STA_COLLECT); 1635 1636 #if NBRIDGE > 0 1637 /* 1638 * If the parent interface is a bridgeport, delete 1639 * any dynamically learned address for this node. 1640 */ 1641 if (ic->ic_if.if_bridgeport != NULL) 1642 bridge_update(&ic->ic_if, 1643 (struct ether_addr *)ni->ni_macaddr, 1); 1644 #endif 1645 } 1646 1647 static int 1648 ieee80211_do_slow_print(struct ieee80211com *ic, int *did_print) 1649 { 1650 static const struct timeval merge_print_intvl = { 1651 .tv_sec = 1, .tv_usec = 0 1652 }; 1653 if ((ic->ic_if.if_flags & IFF_LINK0) == 0) 1654 return 0; 1655 if (!*did_print && (ic->ic_if.if_flags & IFF_DEBUG) == 0 && 1656 !ratecheck(&ic->ic_last_merge_print, &merge_print_intvl)) 1657 return 0; 1658 1659 *did_print = 1; 1660 return 1; 1661 } 1662 1663 /* ieee80211_ibss_merge helps merge 802.11 ad hoc networks. The 1664 * convention, set by the Wireless Ethernet Compatibility Alliance 1665 * (WECA), is that an 802.11 station will change its BSSID to match 1666 * the "oldest" 802.11 ad hoc network, on the same channel, that 1667 * has the station's desired SSID. The "oldest" 802.11 network 1668 * sends beacons with the greatest TSF timestamp. 1669 * 1670 * Return ENETRESET if the BSSID changed, 0 otherwise. 1671 * 1672 * XXX Perhaps we should compensate for the time that elapses 1673 * between the MAC receiving the beacon and the host processing it 1674 * in ieee80211_ibss_merge. 1675 */ 1676 int 1677 ieee80211_ibss_merge(struct ieee80211com *ic, struct ieee80211_node *ni, 1678 u_int64_t local_tsft) 1679 { 1680 u_int64_t beacon_tsft; 1681 int did_print = 0, sign; 1682 union { 1683 u_int64_t word; 1684 u_int8_t tstamp[8]; 1685 } u; 1686 1687 /* ensure alignment */ 1688 (void)memcpy(&u, &ni->ni_tstamp[0], sizeof(u)); 1689 beacon_tsft = letoh64(u.word); 1690 1691 /* we are faster, let the other guy catch up */ 1692 if (beacon_tsft < local_tsft) 1693 sign = -1; 1694 else 1695 sign = 1; 1696 1697 if (IEEE80211_ADDR_EQ(ni->ni_bssid, ic->ic_bss->ni_bssid)) { 1698 if (!ieee80211_do_slow_print(ic, &did_print)) 1699 return 0; 1700 printf("%s: tsft offset %s%llu\n", ic->ic_if.if_xname, 1701 (sign < 0) ? "-" : "", 1702 (sign < 0) 1703 ? (local_tsft - beacon_tsft) 1704 : (beacon_tsft - local_tsft)); 1705 return 0; 1706 } 1707 1708 if (sign < 0) 1709 return 0; 1710 1711 if (ieee80211_match_bss(ic, ni) != 0) 1712 return 0; 1713 1714 if (ieee80211_do_slow_print(ic, &did_print)) { 1715 printf("%s: ieee80211_ibss_merge: bssid mismatch %s\n", 1716 ic->ic_if.if_xname, ether_sprintf(ni->ni_bssid)); 1717 printf("%s: my tsft %llu beacon tsft %llu\n", 1718 ic->ic_if.if_xname, local_tsft, beacon_tsft); 1719 printf("%s: sync TSF with %s\n", 1720 ic->ic_if.if_xname, ether_sprintf(ni->ni_macaddr)); 1721 } 1722 1723 ic->ic_flags &= ~IEEE80211_F_SIBSS; 1724 1725 /* negotiate rates with new IBSS */ 1726 ieee80211_fix_rate(ic, ni, IEEE80211_F_DOFRATE | 1727 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1728 if (ni->ni_rates.rs_nrates == 0) { 1729 if (ieee80211_do_slow_print(ic, &did_print)) { 1730 printf("%s: rates mismatch, BSSID %s\n", 1731 ic->ic_if.if_xname, ether_sprintf(ni->ni_bssid)); 1732 } 1733 return 0; 1734 } 1735 1736 if (ieee80211_do_slow_print(ic, &did_print)) { 1737 printf("%s: sync BSSID %s -> ", 1738 ic->ic_if.if_xname, ether_sprintf(ic->ic_bss->ni_bssid)); 1739 printf("%s ", ether_sprintf(ni->ni_bssid)); 1740 printf("(from %s)\n", ether_sprintf(ni->ni_macaddr)); 1741 } 1742 1743 ieee80211_node_newstate(ni, IEEE80211_STA_BSS); 1744 (*ic->ic_node_copy)(ic, ic->ic_bss, ni); 1745 1746 return ENETRESET; 1747 } 1748 1749 void 1750 ieee80211_set_tim(struct ieee80211com *ic, int aid, int set) 1751 { 1752 if (set) 1753 setbit(ic->ic_tim_bitmap, aid & ~0xc000); 1754 else 1755 clrbit(ic->ic_tim_bitmap, aid & ~0xc000); 1756 } 1757 1758 /* 1759 * This function shall be called by drivers immediately after every DTIM. 1760 * Transmit all group addressed MSDUs buffered at the AP. 1761 */ 1762 void 1763 ieee80211_notify_dtim(struct ieee80211com *ic) 1764 { 1765 /* NB: group addressed MSDUs are buffered in ic_bss */ 1766 struct ieee80211_node *ni = ic->ic_bss; 1767 struct ifnet *ifp = &ic->ic_if; 1768 struct ieee80211_frame *wh; 1769 struct mbuf *m; 1770 1771 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP); 1772 1773 for (;;) { 1774 IF_DEQUEUE(&ni->ni_savedq, m); 1775 if (m == NULL) 1776 break; 1777 if (!IF_IS_EMPTY(&ni->ni_savedq)) { 1778 /* more queued frames, set the more data bit */ 1779 wh = mtod(m, struct ieee80211_frame *); 1780 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 1781 } 1782 IF_ENQUEUE(&ic->ic_pwrsaveq, m); 1783 (*ifp->if_start)(ifp); 1784 } 1785 /* XXX assumes everything has been sent */ 1786 ic->ic_tim_mcast_pending = 0; 1787 } 1788 #endif /* IEEE80211_STA_ONLY */ 1789 1790 /* 1791 * Compare nodes in the tree by lladdr 1792 */ 1793 int 1794 ieee80211_node_cmp(const struct ieee80211_node *b1, 1795 const struct ieee80211_node *b2) 1796 { 1797 return (memcmp(b1->ni_macaddr, b2->ni_macaddr, IEEE80211_ADDR_LEN)); 1798 } 1799 1800 /* 1801 * Generate red-black tree function logic 1802 */ 1803 RB_GENERATE(ieee80211_tree, ieee80211_node, ni_node, ieee80211_node_cmp); 1804