1 /* $OpenBSD: ieee80211_node.c,v 1.73 2012/08/25 11:34:27 kettenis Exp $ */ 2 /* $NetBSD: ieee80211_node.c,v 1.14 2004/05/09 09:18:47 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2008 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "bpfilter.h" 34 #include "bridge.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/mbuf.h> 39 #include <sys/malloc.h> 40 #include <sys/kernel.h> 41 #include <sys/socket.h> 42 #include <sys/sockio.h> 43 #include <sys/endian.h> 44 #include <sys/errno.h> 45 #include <sys/proc.h> 46 #include <sys/sysctl.h> 47 #include <sys/tree.h> 48 49 #include <net/if.h> 50 #include <net/if_dl.h> 51 #include <net/if_media.h> 52 #include <net/if_arp.h> 53 #include <net/if_llc.h> 54 55 #if NBPFILTER > 0 56 #include <net/bpf.h> 57 #endif 58 59 #ifdef INET 60 #include <netinet/in.h> 61 #include <netinet/if_ether.h> 62 #endif 63 64 #if NBRIDGE > 0 65 #include <net/if_bridge.h> 66 #endif 67 68 #include <net80211/ieee80211_var.h> 69 #include <net80211/ieee80211_priv.h> 70 71 #include <dev/rndvar.h> 72 73 struct ieee80211_node *ieee80211_node_alloc(struct ieee80211com *); 74 void ieee80211_node_free(struct ieee80211com *, struct ieee80211_node *); 75 void ieee80211_node_copy(struct ieee80211com *, struct ieee80211_node *, 76 const struct ieee80211_node *); 77 void ieee80211_choose_rsnparams(struct ieee80211com *); 78 u_int8_t ieee80211_node_getrssi(struct ieee80211com *, 79 const struct ieee80211_node *); 80 void ieee80211_setup_node(struct ieee80211com *, struct ieee80211_node *, 81 const u_int8_t *); 82 void ieee80211_free_node(struct ieee80211com *, struct ieee80211_node *); 83 struct ieee80211_node *ieee80211_alloc_node_helper(struct ieee80211com *); 84 void ieee80211_node_cleanup(struct ieee80211com *, struct ieee80211_node *); 85 void ieee80211_needs_auth(struct ieee80211com *, struct ieee80211_node *); 86 #ifndef IEEE80211_STA_ONLY 87 #ifndef IEEE80211_NO_HT 88 void ieee80211_node_join_ht(struct ieee80211com *, struct ieee80211_node *); 89 #endif 90 void ieee80211_node_join_rsn(struct ieee80211com *, struct ieee80211_node *); 91 void ieee80211_node_join_11g(struct ieee80211com *, struct ieee80211_node *); 92 #ifndef IEEE80211_NO_HT 93 void ieee80211_node_leave_ht(struct ieee80211com *, struct ieee80211_node *); 94 #endif 95 void ieee80211_node_leave_rsn(struct ieee80211com *, struct ieee80211_node *); 96 void ieee80211_node_leave_11g(struct ieee80211com *, struct ieee80211_node *); 97 void ieee80211_set_tim(struct ieee80211com *, int, int); 98 void ieee80211_inact_timeout(void *); 99 void ieee80211_node_cache_timeout(void *); 100 #endif 101 102 #define M_80211_NODE M_DEVBUF 103 104 #ifndef IEEE80211_STA_ONLY 105 void 106 ieee80211_inact_timeout(void *arg) 107 { 108 struct ieee80211com *ic = arg; 109 struct ieee80211_node *ni, *next_ni; 110 int s; 111 112 s = splnet(); 113 for (ni = RB_MIN(ieee80211_tree, &ic->ic_tree); 114 ni != NULL; ni = next_ni) { 115 next_ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); 116 if (ni->ni_refcnt > 0) 117 continue; 118 if (ni->ni_inact < IEEE80211_INACT_MAX) 119 ni->ni_inact++; 120 } 121 splx(s); 122 123 timeout_add_sec(&ic->ic_inact_timeout, IEEE80211_INACT_WAIT); 124 } 125 126 void 127 ieee80211_node_cache_timeout(void *arg) 128 { 129 struct ieee80211com *ic = arg; 130 131 ieee80211_clean_nodes(ic, 1); 132 timeout_add_sec(&ic->ic_node_cache_timeout, IEEE80211_CACHE_WAIT); 133 } 134 #endif 135 136 void 137 ieee80211_node_attach(struct ifnet *ifp) 138 { 139 struct ieee80211com *ic = (void *)ifp; 140 #ifndef IEEE80211_STA_ONLY 141 int size; 142 #endif 143 144 RB_INIT(&ic->ic_tree); 145 ic->ic_node_alloc = ieee80211_node_alloc; 146 ic->ic_node_free = ieee80211_node_free; 147 ic->ic_node_copy = ieee80211_node_copy; 148 ic->ic_node_getrssi = ieee80211_node_getrssi; 149 ic->ic_scangen = 1; 150 ic->ic_max_nnodes = ieee80211_cache_size; 151 152 if (ic->ic_max_aid == 0) 153 ic->ic_max_aid = IEEE80211_AID_DEF; 154 else if (ic->ic_max_aid > IEEE80211_AID_MAX) 155 ic->ic_max_aid = IEEE80211_AID_MAX; 156 #ifndef IEEE80211_STA_ONLY 157 size = howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t); 158 ic->ic_aid_bitmap = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 159 if (ic->ic_aid_bitmap == NULL) { 160 /* XXX no way to recover */ 161 printf("%s: no memory for AID bitmap!\n", __func__); 162 ic->ic_max_aid = 0; 163 } 164 if (ic->ic_caps & (IEEE80211_C_HOSTAP | IEEE80211_C_IBSS)) { 165 ic->ic_tim_len = howmany(ic->ic_max_aid, 8); 166 ic->ic_tim_bitmap = malloc(ic->ic_tim_len, M_DEVBUF, 167 M_NOWAIT | M_ZERO); 168 if (ic->ic_tim_bitmap == NULL) { 169 printf("%s: no memory for TIM bitmap!\n", __func__); 170 ic->ic_tim_len = 0; 171 } else 172 ic->ic_set_tim = ieee80211_set_tim; 173 timeout_set(&ic->ic_rsn_timeout, 174 ieee80211_gtk_rekey_timeout, ic); 175 timeout_set(&ic->ic_inact_timeout, 176 ieee80211_inact_timeout, ic); 177 timeout_set(&ic->ic_node_cache_timeout, 178 ieee80211_node_cache_timeout, ic); 179 } 180 #endif 181 } 182 183 struct ieee80211_node * 184 ieee80211_alloc_node_helper(struct ieee80211com *ic) 185 { 186 struct ieee80211_node *ni; 187 if (ic->ic_nnodes >= ic->ic_max_nnodes) 188 ieee80211_clean_nodes(ic, 0); 189 if (ic->ic_nnodes >= ic->ic_max_nnodes) 190 return NULL; 191 ni = (*ic->ic_node_alloc)(ic); 192 return ni; 193 } 194 195 void 196 ieee80211_node_lateattach(struct ifnet *ifp) 197 { 198 struct ieee80211com *ic = (void *)ifp; 199 struct ieee80211_node *ni; 200 201 ni = ieee80211_alloc_node_helper(ic); 202 if (ni == NULL) 203 panic("unable to setup inital BSS node"); 204 ni->ni_chan = IEEE80211_CHAN_ANYC; 205 ic->ic_bss = ieee80211_ref_node(ni); 206 ic->ic_txpower = IEEE80211_TXPOWER_MAX; 207 #ifndef IEEE80211_STA_ONLY 208 IFQ_SET_MAXLEN(&ni->ni_savedq, IEEE80211_PS_MAX_QUEUE); 209 #endif 210 } 211 212 void 213 ieee80211_node_detach(struct ifnet *ifp) 214 { 215 struct ieee80211com *ic = (void *)ifp; 216 217 if (ic->ic_bss != NULL) { 218 (*ic->ic_node_free)(ic, ic->ic_bss); 219 ic->ic_bss = NULL; 220 } 221 ieee80211_free_allnodes(ic); 222 #ifndef IEEE80211_STA_ONLY 223 if (ic->ic_aid_bitmap != NULL) 224 free(ic->ic_aid_bitmap, M_DEVBUF); 225 if (ic->ic_tim_bitmap != NULL) 226 free(ic->ic_tim_bitmap, M_DEVBUF); 227 timeout_del(&ic->ic_inact_timeout); 228 timeout_del(&ic->ic_node_cache_timeout); 229 #endif 230 timeout_del(&ic->ic_rsn_timeout); 231 } 232 233 /* 234 * AP scanning support. 235 */ 236 237 /* 238 * Initialize the active channel set based on the set 239 * of available channels and the current PHY mode. 240 */ 241 void 242 ieee80211_reset_scan(struct ifnet *ifp) 243 { 244 struct ieee80211com *ic = (void *)ifp; 245 246 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 247 sizeof(ic->ic_chan_active)); 248 /* NB: hack, setup so next_scan starts with the first channel */ 249 if (ic->ic_bss != NULL && ic->ic_bss->ni_chan == IEEE80211_CHAN_ANYC) 250 ic->ic_bss->ni_chan = &ic->ic_channels[IEEE80211_CHAN_MAX]; 251 } 252 253 /* 254 * Begin an active scan. 255 */ 256 void 257 ieee80211_begin_scan(struct ifnet *ifp) 258 { 259 struct ieee80211com *ic = (void *)ifp; 260 261 if (ic->ic_scan_lock & IEEE80211_SCAN_LOCKED) 262 return; 263 ic->ic_scan_lock |= IEEE80211_SCAN_LOCKED; 264 265 /* 266 * In all but hostap mode scanning starts off in 267 * an active mode before switching to passive. 268 */ 269 #ifndef IEEE80211_STA_ONLY 270 if (ic->ic_opmode != IEEE80211_M_HOSTAP) 271 #endif 272 { 273 ic->ic_flags |= IEEE80211_F_ASCAN; 274 ic->ic_stats.is_scan_active++; 275 } 276 #ifndef IEEE80211_STA_ONLY 277 else 278 ic->ic_stats.is_scan_passive++; 279 #endif 280 if (ifp->if_flags & IFF_DEBUG) 281 printf("%s: begin %s scan\n", ifp->if_xname, 282 (ic->ic_flags & IEEE80211_F_ASCAN) ? 283 "active" : "passive"); 284 285 /* 286 * Flush any previously seen AP's. Note that the latter 287 * assumes we don't act as both an AP and a station, 288 * otherwise we'll potentially flush state of stations 289 * associated with us. 290 */ 291 ieee80211_free_allnodes(ic); 292 293 /* 294 * Reset the current mode. Setting the current mode will also 295 * reset scan state. 296 */ 297 if (IFM_MODE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO) 298 ic->ic_curmode = IEEE80211_MODE_AUTO; 299 ieee80211_setmode(ic, ic->ic_curmode); 300 301 ic->ic_scan_count = 0; 302 303 /* Scan the next channel. */ 304 ieee80211_next_scan(ifp); 305 } 306 307 /* 308 * Switch to the next channel marked for scanning. 309 */ 310 void 311 ieee80211_next_scan(struct ifnet *ifp) 312 { 313 struct ieee80211com *ic = (void *)ifp; 314 struct ieee80211_channel *chan; 315 316 chan = ic->ic_bss->ni_chan; 317 for (;;) { 318 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 319 chan = &ic->ic_channels[0]; 320 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 321 /* 322 * Ignore channels marked passive-only 323 * during an active scan. 324 */ 325 if ((ic->ic_flags & IEEE80211_F_ASCAN) == 0 || 326 (chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0) 327 break; 328 } 329 if (chan == ic->ic_bss->ni_chan) { 330 ieee80211_end_scan(ifp); 331 return; 332 } 333 } 334 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 335 DPRINTF(("chan %d->%d\n", 336 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan), 337 ieee80211_chan2ieee(ic, chan))); 338 ic->ic_bss->ni_chan = chan; 339 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 340 } 341 342 #ifndef IEEE80211_STA_ONLY 343 void 344 ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 345 { 346 struct ieee80211_node *ni; 347 struct ifnet *ifp = &ic->ic_if; 348 349 ni = ic->ic_bss; 350 if (ifp->if_flags & IFF_DEBUG) 351 printf("%s: creating ibss\n", ifp->if_xname); 352 ic->ic_flags |= IEEE80211_F_SIBSS; 353 ni->ni_chan = chan; 354 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 355 ni->ni_txrate = 0; 356 IEEE80211_ADDR_COPY(ni->ni_macaddr, ic->ic_myaddr); 357 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 358 if (ic->ic_opmode == IEEE80211_M_IBSS) { 359 if ((ic->ic_flags & IEEE80211_F_DESBSSID) != 0) 360 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 361 else 362 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 363 } 364 ni->ni_esslen = ic->ic_des_esslen; 365 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 366 ni->ni_rssi = 0; 367 ni->ni_rstamp = 0; 368 memset(ni->ni_tstamp, 0, sizeof(ni->ni_tstamp)); 369 ni->ni_intval = ic->ic_lintval; 370 ni->ni_capinfo = IEEE80211_CAPINFO_IBSS; 371 if (ic->ic_flags & IEEE80211_F_WEPON) 372 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 373 if (ic->ic_flags & IEEE80211_F_RSNON) { 374 struct ieee80211_key *k; 375 376 /* initialize 256-bit global key counter to a random value */ 377 arc4random_buf(ic->ic_globalcnt, EAPOL_KEY_NONCE_LEN); 378 379 ni->ni_rsnprotos = ic->ic_rsnprotos; 380 ni->ni_rsnakms = ic->ic_rsnakms; 381 ni->ni_rsnciphers = ic->ic_rsnciphers; 382 ni->ni_rsngroupcipher = ic->ic_rsngroupcipher; 383 ni->ni_rsngroupmgmtcipher = ic->ic_rsngroupmgmtcipher; 384 ni->ni_rsncaps = 0; 385 if (ic->ic_caps & IEEE80211_C_MFP) { 386 ni->ni_rsncaps |= IEEE80211_RSNCAP_MFPC; 387 if (ic->ic_flags & IEEE80211_F_MFPR) 388 ni->ni_rsncaps |= IEEE80211_RSNCAP_MFPR; 389 } 390 391 ic->ic_def_txkey = 1; 392 k = &ic->ic_nw_keys[ic->ic_def_txkey]; 393 memset(k, 0, sizeof(*k)); 394 k->k_id = ic->ic_def_txkey; 395 k->k_cipher = ni->ni_rsngroupcipher; 396 k->k_flags = IEEE80211_KEY_GROUP | IEEE80211_KEY_TX; 397 k->k_len = ieee80211_cipher_keylen(k->k_cipher); 398 arc4random_buf(k->k_key, k->k_len); 399 (*ic->ic_set_key)(ic, ni, k); /* XXX */ 400 401 if (ic->ic_caps & IEEE80211_C_MFP) { 402 ic->ic_igtk_kid = 4; 403 k = &ic->ic_nw_keys[ic->ic_igtk_kid]; 404 memset(k, 0, sizeof(*k)); 405 k->k_id = ic->ic_igtk_kid; 406 k->k_cipher = ni->ni_rsngroupmgmtcipher; 407 k->k_flags = IEEE80211_KEY_IGTK | IEEE80211_KEY_TX; 408 k->k_len = 16; 409 arc4random_buf(k->k_key, k->k_len); 410 (*ic->ic_set_key)(ic, ni, k); /* XXX */ 411 } 412 /* 413 * In HostAP mode, multicast traffic is sent using ic_bss 414 * as the Tx node, so mark our node as valid so we can send 415 * multicast frames using the group key we've just configured. 416 */ 417 ni->ni_port_valid = 1; 418 ni->ni_flags |= IEEE80211_NODE_TXPROT; 419 420 /* schedule a GTK/IGTK rekeying after 3600s */ 421 timeout_add_sec(&ic->ic_rsn_timeout, 3600); 422 } 423 timeout_add_sec(&ic->ic_inact_timeout, IEEE80211_INACT_WAIT); 424 timeout_add_sec(&ic->ic_node_cache_timeout, IEEE80211_CACHE_WAIT); 425 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 426 } 427 #endif /* IEEE80211_STA_ONLY */ 428 429 int 430 ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 431 { 432 u_int8_t rate; 433 int fail; 434 435 fail = 0; 436 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 437 fail |= 0x01; 438 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 439 ni->ni_chan != ic->ic_des_chan) 440 fail |= 0x01; 441 #ifndef IEEE80211_STA_ONLY 442 if (ic->ic_opmode == IEEE80211_M_IBSS) { 443 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 444 fail |= 0x02; 445 } else 446 #endif 447 { 448 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 449 fail |= 0x02; 450 } 451 if (ic->ic_flags & (IEEE80211_F_WEPON | IEEE80211_F_RSNON)) { 452 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 453 fail |= 0x04; 454 } else { 455 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 456 fail |= 0x04; 457 } 458 459 rate = ieee80211_fix_rate(ic, ni, IEEE80211_F_DONEGO); 460 if (rate & IEEE80211_RATE_BASIC) 461 fail |= 0x08; 462 if (ic->ic_des_esslen != 0 && 463 (ni->ni_esslen != ic->ic_des_esslen || 464 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 465 fail |= 0x10; 466 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 467 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 468 fail |= 0x20; 469 470 if (ic->ic_flags & IEEE80211_F_RSNON) { 471 /* 472 * If at least one RSN IE field from the AP's RSN IE fails 473 * to overlap with any value the STA supports, the STA shall 474 * decline to associate with that AP. 475 */ 476 if ((ni->ni_rsnprotos & ic->ic_rsnprotos) == 0) 477 fail |= 0x40; 478 if ((ni->ni_rsnakms & ic->ic_rsnakms) == 0) 479 fail |= 0x40; 480 if ((ni->ni_rsnakms & ic->ic_rsnakms & 481 ~(IEEE80211_AKM_PSK | IEEE80211_AKM_SHA256_PSK)) == 0) { 482 /* AP only supports PSK AKMPs */ 483 if (!(ic->ic_flags & IEEE80211_F_PSK)) 484 fail |= 0x40; 485 } 486 if (ni->ni_rsngroupcipher != IEEE80211_CIPHER_WEP40 && 487 ni->ni_rsngroupcipher != IEEE80211_CIPHER_TKIP && 488 ni->ni_rsngroupcipher != IEEE80211_CIPHER_CCMP && 489 ni->ni_rsngroupcipher != IEEE80211_CIPHER_WEP104) 490 fail |= 0x40; 491 if ((ni->ni_rsnciphers & ic->ic_rsnciphers) == 0) 492 fail |= 0x40; 493 494 /* we only support BIP as the IGTK cipher */ 495 if ((ni->ni_rsncaps & IEEE80211_RSNCAP_MFPC) && 496 ni->ni_rsngroupmgmtcipher != IEEE80211_CIPHER_BIP) 497 fail |= 0x40; 498 499 /* we do not support MFP but AP requires it */ 500 if (!(ic->ic_caps & IEEE80211_C_MFP) && 501 (ni->ni_rsncaps & IEEE80211_RSNCAP_MFPR)) 502 fail |= 0x40; 503 504 /* we require MFP but AP does not support it */ 505 if ((ic->ic_caps & IEEE80211_C_MFP) && 506 (ic->ic_flags & IEEE80211_F_MFPR) && 507 !(ni->ni_rsncaps & IEEE80211_RSNCAP_MFPC)) 508 fail |= 0x40; 509 } 510 511 #ifdef IEEE80211_DEBUG 512 if (ic->ic_if.if_flags & IFF_DEBUG) { 513 printf(" %c %s", fail ? '-' : '+', 514 ether_sprintf(ni->ni_macaddr)); 515 printf(" %s%c", ether_sprintf(ni->ni_bssid), 516 fail & 0x20 ? '!' : ' '); 517 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 518 fail & 0x01 ? '!' : ' '); 519 printf(" %+4d", ni->ni_rssi); 520 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 521 fail & 0x08 ? '!' : ' '); 522 printf(" %4s%c", 523 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 524 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 525 "????", 526 fail & 0x02 ? '!' : ' '); 527 printf(" %7s%c ", 528 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 529 "privacy" : "no", 530 fail & 0x04 ? '!' : ' '); 531 printf(" %3s%c ", 532 (ic->ic_flags & IEEE80211_F_RSNON) ? 533 "rsn" : "no", 534 fail & 0x40 ? '!' : ' '); 535 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 536 printf("%s\n", fail & 0x10 ? "!" : ""); 537 } 538 #endif 539 return fail; 540 } 541 542 /* 543 * Complete a scan of potential channels. 544 */ 545 void 546 ieee80211_end_scan(struct ifnet *ifp) 547 { 548 struct ieee80211com *ic = (void *)ifp; 549 struct ieee80211_node *ni, *nextbs, *selbs; 550 551 if (ifp->if_flags & IFF_DEBUG) 552 printf("%s: end %s scan\n", ifp->if_xname, 553 (ic->ic_flags & IEEE80211_F_ASCAN) ? 554 "active" : "passive"); 555 556 if (ic->ic_scan_count) 557 ic->ic_flags &= ~IEEE80211_F_ASCAN; 558 559 ni = RB_MIN(ieee80211_tree, &ic->ic_tree); 560 561 #ifndef IEEE80211_STA_ONLY 562 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 563 /* XXX off stack? */ 564 u_char occupied[howmany(IEEE80211_CHAN_MAX, NBBY)]; 565 int i, fail; 566 567 /* 568 * The passive scan to look for existing AP's completed, 569 * select a channel to camp on. Identify the channels 570 * that already have one or more AP's and try to locate 571 * an unnoccupied one. If that fails, pick a random 572 * channel from the active set. 573 */ 574 memset(occupied, 0, sizeof(occupied)); 575 RB_FOREACH(ni, ieee80211_tree, &ic->ic_tree) 576 setbit(occupied, ieee80211_chan2ieee(ic, ni->ni_chan)); 577 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 578 if (isset(ic->ic_chan_active, i) && isclr(occupied, i)) 579 break; 580 if (i == IEEE80211_CHAN_MAX) { 581 fail = arc4random() & 3; /* random 0-3 */ 582 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 583 if (isset(ic->ic_chan_active, i) && fail-- == 0) 584 break; 585 } 586 ieee80211_create_ibss(ic, &ic->ic_channels[i]); 587 goto wakeup; 588 } 589 #endif 590 if (ni == NULL) { 591 DPRINTF(("no scan candidate\n")); 592 notfound: 593 594 #ifndef IEEE80211_STA_ONLY 595 if (ic->ic_opmode == IEEE80211_M_IBSS && 596 (ic->ic_flags & IEEE80211_F_IBSSON) && 597 ic->ic_des_esslen != 0) { 598 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 599 goto wakeup; 600 } 601 #endif 602 /* 603 * Scan the next mode if nothing has been found. This 604 * is necessary if the device supports different 605 * incompatible modes in the same channel range, like 606 * like 11b and "pure" 11G mode. This will loop 607 * forever except for user-initiated scans. 608 */ 609 if (ieee80211_next_mode(ifp) == IEEE80211_MODE_AUTO) { 610 if (ic->ic_scan_lock & IEEE80211_SCAN_REQUEST && 611 ic->ic_scan_lock & IEEE80211_SCAN_RESUME) { 612 ic->ic_scan_lock = IEEE80211_SCAN_LOCKED; 613 /* Return from an user-initiated scan */ 614 wakeup(&ic->ic_scan_lock); 615 } else if (ic->ic_scan_lock & IEEE80211_SCAN_REQUEST) 616 goto wakeup; 617 ic->ic_scan_count++; 618 } 619 620 /* 621 * Reset the list of channels to scan and start again. 622 */ 623 ieee80211_next_scan(ifp); 624 return; 625 } 626 selbs = NULL; 627 628 for (; ni != NULL; ni = nextbs) { 629 nextbs = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); 630 if (ni->ni_fails) { 631 /* 632 * The configuration of the access points may change 633 * during my scan. So delete the entry for the AP 634 * and retry to associate if there is another beacon. 635 */ 636 if (ni->ni_fails++ > 2) 637 ieee80211_free_node(ic, ni); 638 continue; 639 } 640 if (ieee80211_match_bss(ic, ni) == 0) { 641 if (selbs == NULL) 642 selbs = ni; 643 else if (ni->ni_rssi > selbs->ni_rssi) 644 selbs = ni; 645 } 646 } 647 if (selbs == NULL) 648 goto notfound; 649 (*ic->ic_node_copy)(ic, ic->ic_bss, selbs); 650 ni = ic->ic_bss; 651 652 /* 653 * Set the erp state (mostly the slot time) to deal with 654 * the auto-select case; this should be redundant if the 655 * mode is locked. 656 */ 657 ic->ic_curmode = ieee80211_chan2mode(ic, ni->ni_chan); 658 ieee80211_reset_erp(ic); 659 660 if (ic->ic_flags & IEEE80211_F_RSNON) 661 ieee80211_choose_rsnparams(ic); 662 else if (ic->ic_flags & IEEE80211_F_WEPON) 663 ni->ni_rsncipher = IEEE80211_CIPHER_USEGROUP; 664 665 ieee80211_node_newstate(selbs, IEEE80211_STA_BSS); 666 #ifndef IEEE80211_STA_ONLY 667 if (ic->ic_opmode == IEEE80211_M_IBSS) { 668 ieee80211_fix_rate(ic, ni, IEEE80211_F_DOFRATE | 669 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 670 if (ni->ni_rates.rs_nrates == 0) 671 goto notfound; 672 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 673 } else 674 #endif 675 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 676 677 wakeup: 678 if (ic->ic_scan_lock & IEEE80211_SCAN_REQUEST) { 679 /* Return from an user-initiated scan */ 680 wakeup(&ic->ic_scan_lock); 681 } 682 683 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 684 } 685 686 /* 687 * Autoselect the best RSN parameters (protocol, AKMP, pairwise cipher...) 688 * that are supported by both peers (STA mode only). 689 */ 690 void 691 ieee80211_choose_rsnparams(struct ieee80211com *ic) 692 { 693 struct ieee80211_node *ni = ic->ic_bss; 694 struct ieee80211_pmk *pmk; 695 696 /* filter out unsupported protocol versions */ 697 ni->ni_rsnprotos &= ic->ic_rsnprotos; 698 /* prefer RSN (aka WPA2) over WPA */ 699 if (ni->ni_rsnprotos & IEEE80211_PROTO_RSN) 700 ni->ni_rsnprotos = IEEE80211_PROTO_RSN; 701 else 702 ni->ni_rsnprotos = IEEE80211_PROTO_WPA; 703 704 /* filter out unsupported AKMPs */ 705 ni->ni_rsnakms &= ic->ic_rsnakms; 706 /* prefer SHA-256 based AKMPs */ 707 if ((ic->ic_flags & IEEE80211_F_PSK) && (ni->ni_rsnakms & 708 (IEEE80211_AKM_PSK | IEEE80211_AKM_SHA256_PSK))) { 709 /* AP supports PSK AKMP and a PSK is configured */ 710 if (ni->ni_rsnakms & IEEE80211_AKM_SHA256_PSK) 711 ni->ni_rsnakms = IEEE80211_AKM_SHA256_PSK; 712 else 713 ni->ni_rsnakms = IEEE80211_AKM_PSK; 714 } else { 715 if (ni->ni_rsnakms & IEEE80211_AKM_SHA256_8021X) 716 ni->ni_rsnakms = IEEE80211_AKM_SHA256_8021X; 717 else 718 ni->ni_rsnakms = IEEE80211_AKM_8021X; 719 /* check if we have a cached PMK for this AP */ 720 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN && 721 (pmk = ieee80211_pmksa_find(ic, ni, NULL)) != NULL) { 722 memcpy(ni->ni_pmkid, pmk->pmk_pmkid, 723 IEEE80211_PMKID_LEN); 724 ni->ni_flags |= IEEE80211_NODE_PMKID; 725 } 726 } 727 728 /* filter out unsupported pairwise ciphers */ 729 ni->ni_rsnciphers &= ic->ic_rsnciphers; 730 /* prefer CCMP over TKIP */ 731 if (ni->ni_rsnciphers & IEEE80211_CIPHER_CCMP) 732 ni->ni_rsnciphers = IEEE80211_CIPHER_CCMP; 733 else 734 ni->ni_rsnciphers = IEEE80211_CIPHER_TKIP; 735 ni->ni_rsncipher = ni->ni_rsnciphers; 736 737 /* use MFP if we both support it */ 738 if ((ic->ic_caps & IEEE80211_C_MFP) && 739 (ni->ni_rsncaps & IEEE80211_RSNCAP_MFPC)) 740 ni->ni_flags |= IEEE80211_NODE_MFP; 741 } 742 743 int 744 ieee80211_get_rate(struct ieee80211com *ic) 745 { 746 u_int8_t (*rates)[IEEE80211_RATE_MAXSIZE]; 747 int rate; 748 749 rates = &ic->ic_bss->ni_rates.rs_rates; 750 751 if (ic->ic_fixed_rate != -1) 752 rate = (*rates)[ic->ic_fixed_rate]; 753 else if (ic->ic_state == IEEE80211_S_RUN) 754 rate = (*rates)[ic->ic_bss->ni_txrate]; 755 else 756 rate = 0; 757 758 return rate & IEEE80211_RATE_VAL; 759 } 760 761 struct ieee80211_node * 762 ieee80211_node_alloc(struct ieee80211com *ic) 763 { 764 return malloc(sizeof(struct ieee80211_node), M_80211_NODE, 765 M_NOWAIT | M_ZERO); 766 } 767 768 void 769 ieee80211_node_cleanup(struct ieee80211com *ic, struct ieee80211_node *ni) 770 { 771 if (ni->ni_rsnie != NULL) { 772 free(ni->ni_rsnie, M_DEVBUF); 773 ni->ni_rsnie = NULL; 774 } 775 } 776 777 void 778 ieee80211_node_free(struct ieee80211com *ic, struct ieee80211_node *ni) 779 { 780 ieee80211_node_cleanup(ic, ni); 781 free(ni, M_80211_NODE); 782 } 783 784 void 785 ieee80211_node_copy(struct ieee80211com *ic, 786 struct ieee80211_node *dst, const struct ieee80211_node *src) 787 { 788 ieee80211_node_cleanup(ic, dst); 789 *dst = *src; 790 dst->ni_rsnie = NULL; 791 if (src->ni_rsnie != NULL) 792 ieee80211_save_ie(src->ni_rsnie, &dst->ni_rsnie); 793 } 794 795 u_int8_t 796 ieee80211_node_getrssi(struct ieee80211com *ic, 797 const struct ieee80211_node *ni) 798 { 799 return ni->ni_rssi; 800 } 801 802 void 803 ieee80211_setup_node(struct ieee80211com *ic, 804 struct ieee80211_node *ni, const u_int8_t *macaddr) 805 { 806 int s; 807 808 DPRINTF(("%s\n", ether_sprintf((u_int8_t *)macaddr))); 809 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 810 ieee80211_node_newstate(ni, IEEE80211_STA_CACHE); 811 812 ni->ni_ic = ic; /* back-pointer */ 813 #ifndef IEEE80211_STA_ONLY 814 IFQ_SET_MAXLEN(&ni->ni_savedq, IEEE80211_PS_MAX_QUEUE); 815 timeout_set(&ni->ni_eapol_to, ieee80211_eapol_timeout, ni); 816 timeout_set(&ni->ni_sa_query_to, ieee80211_sa_query_timeout, ni); 817 #endif 818 s = splnet(); 819 RB_INSERT(ieee80211_tree, &ic->ic_tree, ni); 820 ic->ic_nnodes++; 821 splx(s); 822 } 823 824 struct ieee80211_node * 825 ieee80211_alloc_node(struct ieee80211com *ic, const u_int8_t *macaddr) 826 { 827 struct ieee80211_node *ni = ieee80211_alloc_node_helper(ic); 828 if (ni != NULL) 829 ieee80211_setup_node(ic, ni, macaddr); 830 else 831 ic->ic_stats.is_rx_nodealloc++; 832 return ni; 833 } 834 835 struct ieee80211_node * 836 ieee80211_dup_bss(struct ieee80211com *ic, const u_int8_t *macaddr) 837 { 838 struct ieee80211_node *ni = ieee80211_alloc_node_helper(ic); 839 if (ni != NULL) { 840 ieee80211_setup_node(ic, ni, macaddr); 841 /* 842 * Inherit from ic_bss. 843 */ 844 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 845 ni->ni_chan = ic->ic_bss->ni_chan; 846 } else 847 ic->ic_stats.is_rx_nodealloc++; 848 return ni; 849 } 850 851 struct ieee80211_node * 852 ieee80211_find_node(struct ieee80211com *ic, const u_int8_t *macaddr) 853 { 854 struct ieee80211_node *ni; 855 int cmp; 856 857 /* similar to RB_FIND except we compare keys, not nodes */ 858 ni = RB_ROOT(&ic->ic_tree); 859 while (ni != NULL) { 860 cmp = memcmp(macaddr, ni->ni_macaddr, IEEE80211_ADDR_LEN); 861 if (cmp < 0) 862 ni = RB_LEFT(ni, ni_node); 863 else if (cmp > 0) 864 ni = RB_RIGHT(ni, ni_node); 865 else 866 break; 867 } 868 return ni; 869 } 870 871 /* 872 * Return a reference to the appropriate node for sending 873 * a data frame. This handles node discovery in adhoc networks. 874 * 875 * Drivers will call this, so increase the reference count before 876 * returning the node. 877 */ 878 struct ieee80211_node * 879 ieee80211_find_txnode(struct ieee80211com *ic, const u_int8_t *macaddr) 880 { 881 #ifndef IEEE80211_STA_ONLY 882 struct ieee80211_node *ni; 883 int s; 884 #endif 885 886 /* 887 * The destination address should be in the node table 888 * unless we are operating in station mode or this is a 889 * multicast/broadcast frame. 890 */ 891 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 892 return ieee80211_ref_node(ic->ic_bss); 893 894 #ifndef IEEE80211_STA_ONLY 895 s = splnet(); 896 ni = ieee80211_find_node(ic, macaddr); 897 splx(s); 898 if (ni == NULL) { 899 if (ic->ic_opmode != IEEE80211_M_IBSS && 900 ic->ic_opmode != IEEE80211_M_AHDEMO) 901 return NULL; 902 903 /* 904 * Fake up a node; this handles node discovery in 905 * adhoc mode. Note that for the driver's benefit 906 * we we treat this like an association so the driver 907 * has an opportunity to setup its private state. 908 * 909 * XXX need better way to handle this; issue probe 910 * request so we can deduce rate set, etc. 911 */ 912 if ((ni = ieee80211_dup_bss(ic, macaddr)) == NULL) 913 return NULL; 914 /* XXX no rate negotiation; just dup */ 915 ni->ni_rates = ic->ic_bss->ni_rates; 916 if (ic->ic_newassoc) 917 (*ic->ic_newassoc)(ic, ni, 1); 918 } 919 return ieee80211_ref_node(ni); 920 #else 921 return NULL; /* can't get there */ 922 #endif /* IEEE80211_STA_ONLY */ 923 } 924 925 /* 926 * It is usually desirable to process a Rx packet using its sender's 927 * node-record instead of the BSS record. 928 * 929 * - AP mode: keep a node-record for every authenticated/associated 930 * station *in the BSS*. For future use, we also track neighboring 931 * APs, since they might belong to the same ESS. APs in the same 932 * ESS may bridge packets to each other, forming a Wireless 933 * Distribution System (WDS). 934 * 935 * - IBSS mode: keep a node-record for every station *in the BSS*. 936 * Also track neighboring stations by their beacons/probe responses. 937 * 938 * - monitor mode: keep a node-record for every sender, regardless 939 * of BSS. 940 * 941 * - STA mode: the only available node-record is the BSS record, 942 * ic->ic_bss. 943 * 944 * Of all the 802.11 Control packets, only the node-records for 945 * RTS packets node-record can be looked up. 946 * 947 * Return non-zero if the packet's node-record is kept, zero 948 * otherwise. 949 */ 950 static __inline int 951 ieee80211_needs_rxnode(struct ieee80211com *ic, 952 const struct ieee80211_frame *wh, const u_int8_t **bssid) 953 { 954 int monitor, rc = 0; 955 956 monitor = (ic->ic_opmode == IEEE80211_M_MONITOR); 957 958 *bssid = NULL; 959 960 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 961 case IEEE80211_FC0_TYPE_CTL: 962 if (!monitor) 963 break; 964 return (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 965 IEEE80211_FC0_SUBTYPE_RTS; 966 case IEEE80211_FC0_TYPE_MGT: 967 *bssid = wh->i_addr3; 968 switch (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) { 969 case IEEE80211_FC0_SUBTYPE_BEACON: 970 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 971 break; 972 default: 973 #ifndef IEEE80211_STA_ONLY 974 if (ic->ic_opmode == IEEE80211_M_STA) 975 break; 976 rc = IEEE80211_ADDR_EQ(*bssid, ic->ic_bss->ni_bssid) || 977 IEEE80211_ADDR_EQ(*bssid, etherbroadcastaddr); 978 #endif 979 break; 980 } 981 break; 982 case IEEE80211_FC0_TYPE_DATA: 983 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 984 case IEEE80211_FC1_DIR_NODS: 985 *bssid = wh->i_addr3; 986 #ifndef IEEE80211_STA_ONLY 987 if (ic->ic_opmode == IEEE80211_M_IBSS || 988 ic->ic_opmode == IEEE80211_M_AHDEMO) 989 rc = IEEE80211_ADDR_EQ(*bssid, 990 ic->ic_bss->ni_bssid); 991 #endif 992 break; 993 case IEEE80211_FC1_DIR_TODS: 994 *bssid = wh->i_addr1; 995 #ifndef IEEE80211_STA_ONLY 996 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 997 rc = IEEE80211_ADDR_EQ(*bssid, 998 ic->ic_bss->ni_bssid); 999 #endif 1000 break; 1001 case IEEE80211_FC1_DIR_FROMDS: 1002 case IEEE80211_FC1_DIR_DSTODS: 1003 *bssid = wh->i_addr2; 1004 #ifndef IEEE80211_STA_ONLY 1005 rc = (ic->ic_opmode == IEEE80211_M_HOSTAP); 1006 #endif 1007 break; 1008 } 1009 break; 1010 } 1011 return monitor || rc; 1012 } 1013 1014 /* 1015 * Drivers call this, so increase the reference count before returning 1016 * the node. 1017 */ 1018 struct ieee80211_node * 1019 ieee80211_find_rxnode(struct ieee80211com *ic, 1020 const struct ieee80211_frame *wh) 1021 { 1022 static const u_int8_t zero[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 1023 struct ieee80211_node *ni; 1024 const u_int8_t *bssid; 1025 int s; 1026 1027 if (!ieee80211_needs_rxnode(ic, wh, &bssid)) 1028 return ieee80211_ref_node(ic->ic_bss); 1029 1030 s = splnet(); 1031 ni = ieee80211_find_node(ic, wh->i_addr2); 1032 splx(s); 1033 1034 if (ni != NULL) 1035 return ieee80211_ref_node(ni); 1036 #ifndef IEEE80211_STA_ONLY 1037 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 1038 return ieee80211_ref_node(ic->ic_bss); 1039 #endif 1040 /* XXX see remarks in ieee80211_find_txnode */ 1041 /* XXX no rate negotiation; just dup */ 1042 if ((ni = ieee80211_dup_bss(ic, wh->i_addr2)) == NULL) 1043 return ieee80211_ref_node(ic->ic_bss); 1044 1045 IEEE80211_ADDR_COPY(ni->ni_bssid, (bssid != NULL) ? bssid : zero); 1046 1047 ni->ni_rates = ic->ic_bss->ni_rates; 1048 if (ic->ic_newassoc) 1049 (*ic->ic_newassoc)(ic, ni, 1); 1050 1051 DPRINTF(("faked-up node %p for %s\n", ni, 1052 ether_sprintf((u_int8_t *)wh->i_addr2))); 1053 1054 return ieee80211_ref_node(ni); 1055 } 1056 1057 struct ieee80211_node * 1058 ieee80211_find_node_for_beacon(struct ieee80211com *ic, 1059 const u_int8_t *macaddr, const struct ieee80211_channel *chan, 1060 const char *ssid, u_int8_t rssi) 1061 { 1062 struct ieee80211_node *ni, *keep = NULL; 1063 int s, score = 0; 1064 1065 if ((ni = ieee80211_find_node(ic, macaddr)) != NULL) { 1066 s = splnet(); 1067 1068 if (ni->ni_chan != chan && ni->ni_rssi >= rssi) 1069 score++; 1070 if (ssid[1] == 0 && ni->ni_esslen != 0) 1071 score++; 1072 if (score > 0) 1073 keep = ni; 1074 1075 splx(s); 1076 } 1077 1078 return (keep); 1079 } 1080 1081 void 1082 ieee80211_free_node(struct ieee80211com *ic, struct ieee80211_node *ni) 1083 { 1084 if (ni == ic->ic_bss) 1085 panic("freeing bss node"); 1086 1087 splassert(IPL_NET); 1088 1089 DPRINTF(("%s\n", ether_sprintf(ni->ni_macaddr))); 1090 #ifndef IEEE80211_STA_ONLY 1091 timeout_del(&ni->ni_eapol_to); 1092 timeout_del(&ni->ni_sa_query_to); 1093 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1094 #endif 1095 RB_REMOVE(ieee80211_tree, &ic->ic_tree, ni); 1096 ic->ic_nnodes--; 1097 #ifndef IEEE80211_STA_ONLY 1098 if (!IF_IS_EMPTY(&ni->ni_savedq)) { 1099 IF_PURGE(&ni->ni_savedq); 1100 if (ic->ic_set_tim != NULL) 1101 (*ic->ic_set_tim)(ic, ni->ni_associd, 0); 1102 } 1103 #endif 1104 (*ic->ic_node_free)(ic, ni); 1105 /* TBD indicate to drivers that a new node can be allocated */ 1106 } 1107 1108 void 1109 ieee80211_release_node(struct ieee80211com *ic, struct ieee80211_node *ni) 1110 { 1111 int s; 1112 1113 DPRINTF(("%s refcnt %d\n", ether_sprintf(ni->ni_macaddr), 1114 ni->ni_refcnt)); 1115 s = splnet(); 1116 if (ieee80211_node_decref(ni) == 0 && 1117 ni->ni_state == IEEE80211_STA_COLLECT) { 1118 ieee80211_free_node(ic, ni); 1119 } 1120 splx(s); 1121 } 1122 1123 void 1124 ieee80211_free_allnodes(struct ieee80211com *ic) 1125 { 1126 struct ieee80211_node *ni; 1127 int s; 1128 1129 DPRINTF(("freeing all nodes\n")); 1130 s = splnet(); 1131 while ((ni = RB_MIN(ieee80211_tree, &ic->ic_tree)) != NULL) 1132 ieee80211_free_node(ic, ni); 1133 splx(s); 1134 1135 if (ic->ic_bss != NULL) 1136 ieee80211_node_cleanup(ic, ic->ic_bss); /* for station mode */ 1137 } 1138 1139 /* 1140 * Timeout inactive nodes. 1141 * 1142 * If called because of a cache timeout, which happens only in hostap and ibss 1143 * modes, clean all inactive cached or authenticated nodes but don't de-auth 1144 * any associated nodes. 1145 * 1146 * Else, this function is called because a new node must be allocated but the 1147 * node cache is full. In this case, return as soon as a free slot was made 1148 * available. If acting as hostap, clean cached nodes regardless of their 1149 * recent activity and also allow de-authing of authenticated nodes older 1150 * than one cache wait interval, and de-authing of inactive associated nodes. 1151 */ 1152 void 1153 ieee80211_clean_nodes(struct ieee80211com *ic, int cache_timeout) 1154 { 1155 struct ieee80211_node *ni, *next_ni; 1156 u_int gen = ic->ic_scangen++; /* NB: ok 'cuz single-threaded*/ 1157 int s; 1158 #ifndef IEEE80211_STA_ONLY 1159 int nnodes = 0; 1160 struct ifnet *ifp = &ic->ic_if; 1161 #endif 1162 1163 s = splnet(); 1164 for (ni = RB_MIN(ieee80211_tree, &ic->ic_tree); 1165 ni != NULL; ni = next_ni) { 1166 next_ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); 1167 if (!cache_timeout && ic->ic_nnodes < ic->ic_max_nnodes) 1168 break; 1169 if (ni->ni_scangen == gen) /* previously handled */ 1170 continue; 1171 #ifndef IEEE80211_STA_ONLY 1172 nnodes++; 1173 #endif 1174 ni->ni_scangen = gen; 1175 if (ni->ni_refcnt > 0) 1176 continue; 1177 #ifndef IEEE80211_STA_ONLY 1178 if ((ic->ic_opmode == IEEE80211_M_HOSTAP || 1179 ic->ic_opmode == IEEE80211_M_IBSS) && 1180 ic->ic_state == IEEE80211_S_RUN) { 1181 if (cache_timeout) { 1182 if (ni->ni_state != IEEE80211_STA_COLLECT && 1183 (ni->ni_state == IEEE80211_STA_ASSOC || 1184 ni->ni_inact < IEEE80211_INACT_MAX)) 1185 continue; 1186 } else { 1187 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 1188 ((ni->ni_state == IEEE80211_STA_ASSOC && 1189 ni->ni_inact < IEEE80211_INACT_MAX) || 1190 (ni->ni_state == IEEE80211_STA_AUTH && 1191 ni->ni_inact == 0))) 1192 continue; 1193 1194 if (ic->ic_opmode == IEEE80211_M_IBSS && 1195 ni->ni_state != IEEE80211_STA_COLLECT && 1196 ni->ni_state != IEEE80211_STA_CACHE && 1197 ni->ni_inact < IEEE80211_INACT_MAX) 1198 continue; 1199 } 1200 } 1201 if (ifp->if_flags & IFF_DEBUG) 1202 printf("%s: station %s purged from node cache\n", 1203 ifp->if_xname, ether_sprintf(ni->ni_macaddr)); 1204 #endif 1205 /* 1206 * If we're hostap and the node is authenticated, send 1207 * a deauthentication frame. The node will be freed when 1208 * the driver calls ieee80211_release_node(). 1209 */ 1210 #ifndef IEEE80211_STA_ONLY 1211 nnodes--; 1212 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 1213 ni->ni_state >= IEEE80211_STA_AUTH && 1214 ni->ni_state != IEEE80211_STA_COLLECT) { 1215 splx(s); 1216 IEEE80211_SEND_MGMT(ic, ni, 1217 IEEE80211_FC0_SUBTYPE_DEAUTH, 1218 IEEE80211_REASON_AUTH_EXPIRE); 1219 s = splnet(); 1220 ieee80211_node_leave(ic, ni); 1221 } else 1222 #endif 1223 ieee80211_free_node(ic, ni); 1224 ic->ic_stats.is_node_timeout++; 1225 } 1226 1227 #ifndef IEEE80211_STA_ONLY 1228 /* 1229 * During a cache timeout we iterate over all nodes. 1230 * Check for node leaks by comparing the actual number of cached 1231 * nodes with the ic_nnodes count, which is maintained while adding 1232 * and removing nodes from the cache. 1233 */ 1234 if ((ifp->if_flags & IFF_DEBUG) && cache_timeout && 1235 nnodes != ic->ic_nnodes) 1236 printf("%s: number of cached nodes is %d, expected %d," 1237 "possible nodes leak\n", ifp->if_xname, nnodes, 1238 ic->ic_nnodes); 1239 #endif 1240 splx(s); 1241 } 1242 1243 void 1244 ieee80211_iterate_nodes(struct ieee80211com *ic, ieee80211_iter_func *f, 1245 void *arg) 1246 { 1247 struct ieee80211_node *ni; 1248 int s; 1249 1250 s = splnet(); 1251 RB_FOREACH(ni, ieee80211_tree, &ic->ic_tree) 1252 (*f)(arg, ni); 1253 splx(s); 1254 } 1255 1256 /* 1257 * Install received rate set information in the node's state block. 1258 */ 1259 int 1260 ieee80211_setup_rates(struct ieee80211com *ic, struct ieee80211_node *ni, 1261 const u_int8_t *rates, const u_int8_t *xrates, int flags) 1262 { 1263 struct ieee80211_rateset *rs = &ni->ni_rates; 1264 1265 memset(rs, 0, sizeof(*rs)); 1266 rs->rs_nrates = rates[1]; 1267 memcpy(rs->rs_rates, rates + 2, rs->rs_nrates); 1268 if (xrates != NULL) { 1269 u_int8_t nxrates; 1270 /* 1271 * Tack on 11g extended supported rate element. 1272 */ 1273 nxrates = xrates[1]; 1274 if (rs->rs_nrates + nxrates > IEEE80211_RATE_MAXSIZE) { 1275 nxrates = IEEE80211_RATE_MAXSIZE - rs->rs_nrates; 1276 DPRINTF(("extended rate set too large; " 1277 "only using %u of %u rates\n", 1278 nxrates, xrates[1])); 1279 ic->ic_stats.is_rx_rstoobig++; 1280 } 1281 memcpy(rs->rs_rates + rs->rs_nrates, xrates+2, nxrates); 1282 rs->rs_nrates += nxrates; 1283 } 1284 return ieee80211_fix_rate(ic, ni, flags); 1285 } 1286 1287 #ifndef IEEE80211_STA_ONLY 1288 /* 1289 * Check if the specified node supports ERP. 1290 */ 1291 int 1292 ieee80211_iserp_sta(const struct ieee80211_node *ni) 1293 { 1294 #define N(a) (sizeof (a) / sizeof (a)[0]) 1295 static const u_int8_t rates[] = { 2, 4, 11, 22, 12, 24, 48 }; 1296 const struct ieee80211_rateset *rs = &ni->ni_rates; 1297 int i, j; 1298 1299 /* 1300 * A STA supports ERP operation if it includes all the Clause 19 1301 * mandatory rates in its supported rate set. 1302 */ 1303 for (i = 0; i < N(rates); i++) { 1304 for (j = 0; j < rs->rs_nrates; j++) { 1305 if ((rs->rs_rates[j] & IEEE80211_RATE_VAL) == rates[i]) 1306 break; 1307 } 1308 if (j == rs->rs_nrates) 1309 return 0; 1310 } 1311 return 1; 1312 #undef N 1313 } 1314 1315 /* 1316 * This function is called to notify the 802.1X PACP machine that a new 1317 * 802.1X port is enabled and must be authenticated. For 802.11, a port 1318 * becomes enabled whenever a STA successfully completes Open System 1319 * authentication with an AP. 1320 */ 1321 void 1322 ieee80211_needs_auth(struct ieee80211com *ic, struct ieee80211_node *ni) 1323 { 1324 /* 1325 * XXX this could be done via the route socket of via a dedicated 1326 * EAP socket or another kernel->userland notification mechanism. 1327 * The notification should include the MAC address (ni_macaddr). 1328 */ 1329 } 1330 1331 #ifndef IEEE80211_NO_HT 1332 /* 1333 * Handle an HT STA joining an HT network. 1334 */ 1335 void 1336 ieee80211_node_join_ht(struct ieee80211com *ic, struct ieee80211_node *ni) 1337 { 1338 /* TBD */ 1339 } 1340 #endif /* !IEEE80211_NO_HT */ 1341 1342 /* 1343 * Handle a station joining an RSN network. 1344 */ 1345 void 1346 ieee80211_node_join_rsn(struct ieee80211com *ic, struct ieee80211_node *ni) 1347 { 1348 DPRINTF(("station %s associated using proto %d akm 0x%x " 1349 "cipher 0x%x groupcipher 0x%x\n", ether_sprintf(ni->ni_macaddr), 1350 ni->ni_rsnprotos, ni->ni_rsnakms, ni->ni_rsnciphers, 1351 ni->ni_rsngroupcipher)); 1352 1353 ni->ni_rsn_state = RSNA_AUTHENTICATION; 1354 ic->ic_rsnsta++; 1355 1356 ni->ni_key_count = 0; 1357 ni->ni_port_valid = 0; 1358 ni->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 1359 ni->ni_replaycnt = -1; /* XXX */ 1360 ni->ni_rsn_retries = 0; 1361 ni->ni_rsncipher = ni->ni_rsnciphers; 1362 1363 ni->ni_rsn_state = RSNA_AUTHENTICATION_2; 1364 1365 /* generate a new authenticator nonce (ANonce) */ 1366 arc4random_buf(ni->ni_nonce, EAPOL_KEY_NONCE_LEN); 1367 1368 if (!ieee80211_is_8021x_akm(ni->ni_rsnakms)) { 1369 memcpy(ni->ni_pmk, ic->ic_psk, IEEE80211_PMK_LEN); 1370 ni->ni_flags |= IEEE80211_NODE_PMK; 1371 (void)ieee80211_send_4way_msg1(ic, ni); 1372 } else if (ni->ni_flags & IEEE80211_NODE_PMK) { 1373 /* skip 802.1X auth if a cached PMK was found */ 1374 (void)ieee80211_send_4way_msg1(ic, ni); 1375 } else { 1376 /* no cached PMK found, needs full 802.1X auth */ 1377 ieee80211_needs_auth(ic, ni); 1378 } 1379 } 1380 1381 /* 1382 * Handle a station joining an 11g network. 1383 */ 1384 void 1385 ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1386 { 1387 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)) { 1388 /* 1389 * Joining STA doesn't support short slot time. We must 1390 * disable the use of short slot time for all other associated 1391 * STAs and give the driver a chance to reconfigure the 1392 * hardware. 1393 */ 1394 if (++ic->ic_longslotsta == 1) { 1395 if (ic->ic_caps & IEEE80211_C_SHSLOT) 1396 ieee80211_set_shortslottime(ic, 0); 1397 } 1398 DPRINTF(("[%s] station needs long slot time, count %d\n", 1399 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta)); 1400 } 1401 1402 if (!ieee80211_iserp_sta(ni)) { 1403 /* 1404 * Joining STA is non-ERP. 1405 */ 1406 ic->ic_nonerpsta++; 1407 1408 DPRINTF(("[%s] station is non-ERP, %d non-ERP " 1409 "stations associated\n", ether_sprintf(ni->ni_macaddr), 1410 ic->ic_nonerpsta)); 1411 1412 /* must enable the use of protection */ 1413 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 1414 DPRINTF(("enable use of protection\n")); 1415 ic->ic_flags |= IEEE80211_F_USEPROT; 1416 } 1417 1418 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE)) 1419 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 1420 } else 1421 ni->ni_flags |= IEEE80211_NODE_ERP; 1422 } 1423 1424 void 1425 ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, 1426 int resp) 1427 { 1428 int newassoc; 1429 1430 if (ni->ni_associd == 0) { 1431 u_int16_t aid; 1432 1433 /* 1434 * It would be clever to search the bitmap 1435 * more efficiently, but this will do for now. 1436 */ 1437 for (aid = 1; aid < ic->ic_max_aid; aid++) { 1438 if (!IEEE80211_AID_ISSET(aid, 1439 ic->ic_aid_bitmap)) 1440 break; 1441 } 1442 if (aid >= ic->ic_max_aid) { 1443 IEEE80211_SEND_MGMT(ic, ni, resp, 1444 IEEE80211_REASON_ASSOC_TOOMANY); 1445 ieee80211_node_leave(ic, ni); 1446 return; 1447 } 1448 ni->ni_associd = aid | 0xc000; 1449 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 1450 newassoc = 1; 1451 if (ic->ic_curmode == IEEE80211_MODE_11G) 1452 ieee80211_node_join_11g(ic, ni); 1453 } else 1454 newassoc = 0; 1455 1456 DPRINTF(("station %s %s associated at aid %d\n", 1457 ether_sprintf(ni->ni_macaddr), newassoc ? "newly" : "already", 1458 ni->ni_associd & ~0xc000)); 1459 1460 /* give driver a chance to setup state like ni_txrate */ 1461 if (ic->ic_newassoc) 1462 (*ic->ic_newassoc)(ic, ni, newassoc); 1463 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 1464 ieee80211_node_newstate(ni, IEEE80211_STA_ASSOC); 1465 1466 if (!(ic->ic_flags & IEEE80211_F_RSNON)) { 1467 ni->ni_port_valid = 1; 1468 ni->ni_rsncipher = IEEE80211_CIPHER_USEGROUP; 1469 } else 1470 ieee80211_node_join_rsn(ic, ni); 1471 1472 #ifndef IEEE80211_NO_HT 1473 if (ni->ni_flags & IEEE80211_NODE_HT) 1474 ieee80211_node_join_ht(ic, ni); 1475 #endif 1476 1477 #if NBRIDGE > 0 1478 /* 1479 * If the parent interface belongs to a bridge, learn 1480 * the node's address dynamically on this interface. 1481 */ 1482 if (ic->ic_if.if_bridge != NULL) 1483 bridge_update(&ic->ic_if, 1484 (struct ether_addr *)ni->ni_macaddr, 0); 1485 #endif 1486 } 1487 1488 #ifndef IEEE80211_NO_HT 1489 /* 1490 * Handle an HT STA leaving an HT network. 1491 */ 1492 void 1493 ieee80211_node_leave_ht(struct ieee80211com *ic, struct ieee80211_node *ni) 1494 { 1495 struct ieee80211_rx_ba *ba; 1496 u_int8_t tid; 1497 int i; 1498 1499 /* free all Block Ack records */ 1500 for (tid = 0; tid < IEEE80211_NUM_TID; tid++) { 1501 ba = &ni->ni_rx_ba[tid]; 1502 if (ba->ba_buf != NULL) { 1503 for (i = 0; i < IEEE80211_BA_MAX_WINSZ; i++) 1504 if (ba->ba_buf[i].m != NULL) 1505 m_freem(ba->ba_buf[i].m); 1506 free(ba->ba_buf, M_DEVBUF); 1507 ba->ba_buf = NULL; 1508 } 1509 } 1510 } 1511 #endif /* !IEEE80211_NO_HT */ 1512 1513 /* 1514 * Handle a station leaving an RSN network. 1515 */ 1516 void 1517 ieee80211_node_leave_rsn(struct ieee80211com *ic, struct ieee80211_node *ni) 1518 { 1519 ni->ni_rsn_state = RSNA_DISCONNECTED; 1520 ic->ic_rsnsta--; 1521 1522 ni->ni_rsn_state = RSNA_INITIALIZE; 1523 if ((ni->ni_flags & IEEE80211_NODE_REKEY) && 1524 --ic->ic_rsn_keydonesta == 0) 1525 ieee80211_setkeysdone(ic); 1526 ni->ni_flags &= ~IEEE80211_NODE_REKEY; 1527 1528 ni->ni_flags &= ~IEEE80211_NODE_PMK; 1529 ni->ni_rsn_gstate = RSNA_IDLE; 1530 1531 timeout_del(&ni->ni_eapol_to); 1532 timeout_del(&ni->ni_sa_query_to); 1533 1534 ni->ni_rsn_retries = 0; 1535 ni->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 1536 ni->ni_port_valid = 0; 1537 (*ic->ic_delete_key)(ic, ni, &ni->ni_pairwise_key); 1538 } 1539 1540 /* 1541 * Handle a station leaving an 11g network. 1542 */ 1543 void 1544 ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1545 { 1546 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)) { 1547 #ifdef DIAGNOSTIC 1548 if (ic->ic_longslotsta == 0) { 1549 panic("bogus long slot station count %d", 1550 ic->ic_longslotsta); 1551 } 1552 #endif 1553 /* leaving STA did not support short slot time */ 1554 if (--ic->ic_longslotsta == 0) { 1555 /* 1556 * All associated STAs now support short slot time, so 1557 * enable this feature and give the driver a chance to 1558 * reconfigure the hardware. Notice that IBSS always 1559 * use a long slot time. 1560 */ 1561 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 1562 ic->ic_opmode != IEEE80211_M_IBSS) 1563 ieee80211_set_shortslottime(ic, 1); 1564 } 1565 DPRINTF(("[%s] long slot time station leaves, count %d\n", 1566 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta)); 1567 } 1568 1569 if (!(ni->ni_flags & IEEE80211_NODE_ERP)) { 1570 #ifdef DIAGNOSTIC 1571 if (ic->ic_nonerpsta == 0) { 1572 panic("bogus non-ERP station count %d", 1573 ic->ic_nonerpsta); 1574 } 1575 #endif 1576 /* leaving STA was non-ERP */ 1577 if (--ic->ic_nonerpsta == 0) { 1578 /* 1579 * All associated STAs are now ERP capable, disable use 1580 * of protection and re-enable short preamble support. 1581 */ 1582 ic->ic_flags &= ~IEEE80211_F_USEPROT; 1583 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) 1584 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 1585 } 1586 DPRINTF(("[%s] non-ERP station leaves, count %d\n", 1587 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta)); 1588 } 1589 } 1590 1591 /* 1592 * Handle bookkeeping for station deauthentication/disassociation 1593 * when operating as an ap. 1594 */ 1595 void 1596 ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 1597 { 1598 if (ic->ic_opmode != IEEE80211_M_HOSTAP) 1599 panic("not in ap mode, mode %u", ic->ic_opmode); 1600 /* 1601 * If node wasn't previously associated all we need to do is 1602 * reclaim the reference. 1603 */ 1604 if (ni->ni_associd == 0) { 1605 ieee80211_node_newstate(ni, IEEE80211_STA_COLLECT); 1606 return; 1607 } 1608 1609 if (ni->ni_pwrsave == IEEE80211_PS_DOZE) 1610 ic->ic_pssta--; 1611 1612 if (ic->ic_flags & IEEE80211_F_RSNON) 1613 ieee80211_node_leave_rsn(ic, ni); 1614 1615 if (ic->ic_curmode == IEEE80211_MODE_11G) 1616 ieee80211_node_leave_11g(ic, ni); 1617 1618 #ifndef IEEE80211_NO_HT 1619 if (ni->ni_flags & IEEE80211_NODE_HT) 1620 ieee80211_node_leave_ht(ic, ni); 1621 #endif 1622 1623 if (ic->ic_node_leave != NULL) 1624 (*ic->ic_node_leave)(ic, ni); 1625 1626 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1627 ni->ni_associd = 0; 1628 ieee80211_node_newstate(ni, IEEE80211_STA_COLLECT); 1629 1630 #if NBRIDGE > 0 1631 /* 1632 * If the parent interface belongs to a bridge, delete 1633 * any dynamically learned address for this node. 1634 */ 1635 if (ic->ic_if.if_bridge != NULL) 1636 bridge_update(&ic->ic_if, 1637 (struct ether_addr *)ni->ni_macaddr, 1); 1638 #endif 1639 } 1640 1641 static int 1642 ieee80211_do_slow_print(struct ieee80211com *ic, int *did_print) 1643 { 1644 static const struct timeval merge_print_intvl = { 1645 .tv_sec = 1, .tv_usec = 0 1646 }; 1647 if ((ic->ic_if.if_flags & IFF_LINK0) == 0) 1648 return 0; 1649 if (!*did_print && (ic->ic_if.if_flags & IFF_DEBUG) == 0 && 1650 !ratecheck(&ic->ic_last_merge_print, &merge_print_intvl)) 1651 return 0; 1652 1653 *did_print = 1; 1654 return 1; 1655 } 1656 1657 /* ieee80211_ibss_merge helps merge 802.11 ad hoc networks. The 1658 * convention, set by the Wireless Ethernet Compatibility Alliance 1659 * (WECA), is that an 802.11 station will change its BSSID to match 1660 * the "oldest" 802.11 ad hoc network, on the same channel, that 1661 * has the station's desired SSID. The "oldest" 802.11 network 1662 * sends beacons with the greatest TSF timestamp. 1663 * 1664 * Return ENETRESET if the BSSID changed, 0 otherwise. 1665 * 1666 * XXX Perhaps we should compensate for the time that elapses 1667 * between the MAC receiving the beacon and the host processing it 1668 * in ieee80211_ibss_merge. 1669 */ 1670 int 1671 ieee80211_ibss_merge(struct ieee80211com *ic, struct ieee80211_node *ni, 1672 u_int64_t local_tsft) 1673 { 1674 u_int64_t beacon_tsft; 1675 int did_print = 0, sign; 1676 union { 1677 u_int64_t word; 1678 u_int8_t tstamp[8]; 1679 } u; 1680 1681 /* ensure alignment */ 1682 (void)memcpy(&u, &ni->ni_tstamp[0], sizeof(u)); 1683 beacon_tsft = letoh64(u.word); 1684 1685 /* we are faster, let the other guy catch up */ 1686 if (beacon_tsft < local_tsft) 1687 sign = -1; 1688 else 1689 sign = 1; 1690 1691 if (IEEE80211_ADDR_EQ(ni->ni_bssid, ic->ic_bss->ni_bssid)) { 1692 if (!ieee80211_do_slow_print(ic, &did_print)) 1693 return 0; 1694 printf("%s: tsft offset %s%llu\n", ic->ic_if.if_xname, 1695 (sign < 0) ? "-" : "", 1696 (sign < 0) 1697 ? (local_tsft - beacon_tsft) 1698 : (beacon_tsft - local_tsft)); 1699 return 0; 1700 } 1701 1702 if (sign < 0) 1703 return 0; 1704 1705 if (ieee80211_match_bss(ic, ni) != 0) 1706 return 0; 1707 1708 if (ieee80211_do_slow_print(ic, &did_print)) { 1709 printf("%s: ieee80211_ibss_merge: bssid mismatch %s\n", 1710 ic->ic_if.if_xname, ether_sprintf(ni->ni_bssid)); 1711 printf("%s: my tsft %llu beacon tsft %llu\n", 1712 ic->ic_if.if_xname, local_tsft, beacon_tsft); 1713 printf("%s: sync TSF with %s\n", 1714 ic->ic_if.if_xname, ether_sprintf(ni->ni_macaddr)); 1715 } 1716 1717 ic->ic_flags &= ~IEEE80211_F_SIBSS; 1718 1719 /* negotiate rates with new IBSS */ 1720 ieee80211_fix_rate(ic, ni, IEEE80211_F_DOFRATE | 1721 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1722 if (ni->ni_rates.rs_nrates == 0) { 1723 if (ieee80211_do_slow_print(ic, &did_print)) { 1724 printf("%s: rates mismatch, BSSID %s\n", 1725 ic->ic_if.if_xname, ether_sprintf(ni->ni_bssid)); 1726 } 1727 return 0; 1728 } 1729 1730 if (ieee80211_do_slow_print(ic, &did_print)) { 1731 printf("%s: sync BSSID %s -> ", 1732 ic->ic_if.if_xname, ether_sprintf(ic->ic_bss->ni_bssid)); 1733 printf("%s ", ether_sprintf(ni->ni_bssid)); 1734 printf("(from %s)\n", ether_sprintf(ni->ni_macaddr)); 1735 } 1736 1737 ieee80211_node_newstate(ni, IEEE80211_STA_BSS); 1738 (*ic->ic_node_copy)(ic, ic->ic_bss, ni); 1739 1740 return ENETRESET; 1741 } 1742 1743 void 1744 ieee80211_set_tim(struct ieee80211com *ic, int aid, int set) 1745 { 1746 if (set) 1747 setbit(ic->ic_tim_bitmap, aid & ~0xc000); 1748 else 1749 clrbit(ic->ic_tim_bitmap, aid & ~0xc000); 1750 } 1751 1752 /* 1753 * This function shall be called by drivers immediately after every DTIM. 1754 * Transmit all group addressed MSDUs buffered at the AP. 1755 */ 1756 void 1757 ieee80211_notify_dtim(struct ieee80211com *ic) 1758 { 1759 /* NB: group addressed MSDUs are buffered in ic_bss */ 1760 struct ieee80211_node *ni = ic->ic_bss; 1761 struct ifnet *ifp = &ic->ic_if; 1762 struct ieee80211_frame *wh; 1763 struct mbuf *m; 1764 1765 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP); 1766 1767 for (;;) { 1768 IF_DEQUEUE(&ni->ni_savedq, m); 1769 if (m == NULL) 1770 break; 1771 if (!IF_IS_EMPTY(&ni->ni_savedq)) { 1772 /* more queued frames, set the more data bit */ 1773 wh = mtod(m, struct ieee80211_frame *); 1774 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 1775 } 1776 IF_ENQUEUE(&ic->ic_pwrsaveq, m); 1777 (*ifp->if_start)(ifp); 1778 } 1779 /* XXX assumes everything has been sent */ 1780 ic->ic_tim_mcast_pending = 0; 1781 } 1782 #endif /* IEEE80211_STA_ONLY */ 1783 1784 /* 1785 * Compare nodes in the tree by lladdr 1786 */ 1787 int 1788 ieee80211_node_cmp(const struct ieee80211_node *b1, 1789 const struct ieee80211_node *b2) 1790 { 1791 return (memcmp(b1->ni_macaddr, b2->ni_macaddr, IEEE80211_ADDR_LEN)); 1792 } 1793 1794 /* 1795 * Generate red-black tree function logic 1796 */ 1797 RB_GENERATE(ieee80211_tree, ieee80211_node, ni_node, ieee80211_node_cmp); 1798