1 /* $OpenBSD: ieee80211_node.c,v 1.18 2006/11/15 18:59:37 damien Exp $ */ 2 /* $NetBSD: ieee80211_node.c,v 1.14 2004/05/09 09:18:47 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 3. The name of the author may not be used to endorse or promote products 18 * derived from this software without specific prior written permission. 19 * 20 * Alternatively, this software may be distributed under the terms of the 21 * GNU General Public License ("GPL") version 2 as published by the Free 22 * Software Foundation. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 25 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 26 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 27 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 28 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 29 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 #include "bpfilter.h" 37 #include "bridge.h" 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/mbuf.h> 42 #include <sys/malloc.h> 43 #include <sys/kernel.h> 44 #include <sys/socket.h> 45 #include <sys/sockio.h> 46 #include <sys/endian.h> 47 #include <sys/errno.h> 48 #include <sys/proc.h> 49 #include <sys/sysctl.h> 50 #include <sys/tree.h> 51 52 #include <net/if.h> 53 #include <net/if_dl.h> 54 #include <net/if_media.h> 55 #include <net/if_arp.h> 56 #include <net/if_llc.h> 57 58 #if NBPFILTER > 0 59 #include <net/bpf.h> 60 #endif 61 62 #ifdef INET 63 #include <netinet/in.h> 64 #include <netinet/if_ether.h> 65 #endif 66 67 #if NBRIDGE > 0 68 #include <net/if_bridge.h> 69 #endif 70 71 #include <net80211/ieee80211_var.h> 72 73 #include <dev/rndvar.h> 74 75 static struct ieee80211_node *ieee80211_node_alloc(struct ieee80211com *); 76 static void ieee80211_node_free(struct ieee80211com *, struct ieee80211_node *); 77 static void ieee80211_node_copy(struct ieee80211com *, 78 struct ieee80211_node *, const struct ieee80211_node *); 79 static u_int8_t ieee80211_node_getrssi(struct ieee80211com *, 80 struct ieee80211_node *); 81 static void ieee80211_setup_node(struct ieee80211com *ic, 82 struct ieee80211_node *ni, u_int8_t *macaddr); 83 static void ieee80211_free_node(struct ieee80211com *, 84 struct ieee80211_node *); 85 static struct ieee80211_node * 86 ieee80211_alloc_node_helper(struct ieee80211com *); 87 static void ieee80211_node_cleanup(struct ieee80211com *, 88 struct ieee80211_node *); 89 static void ieee80211_node_join_11g(struct ieee80211com *, 90 struct ieee80211_node *); 91 static void ieee80211_node_leave_11g(struct ieee80211com *, 92 struct ieee80211_node *); 93 94 #define M_80211_NODE M_DEVBUF 95 96 void 97 ieee80211_node_attach(struct ifnet *ifp) 98 { 99 struct ieee80211com *ic = (void *)ifp; 100 int size; 101 102 IEEE80211_NODE_LOCK_INIT(ic, ifp->if_xname); 103 RB_INIT(&ic->ic_tree); 104 ic->ic_node_alloc = ieee80211_node_alloc; 105 ic->ic_node_free = ieee80211_node_free; 106 ic->ic_node_copy = ieee80211_node_copy; 107 ic->ic_node_getrssi = ieee80211_node_getrssi; 108 ic->ic_scangen = 1; 109 ic->ic_max_nnodes = ieee80211_cache_size; 110 111 if (ic->ic_max_aid == 0) 112 ic->ic_max_aid = IEEE80211_AID_DEF; 113 else if (ic->ic_max_aid > IEEE80211_AID_MAX) 114 ic->ic_max_aid = IEEE80211_AID_MAX; 115 size = howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t); 116 MALLOC(ic->ic_aid_bitmap, u_int32_t *, size, M_DEVBUF, M_NOWAIT); 117 if (ic->ic_aid_bitmap == NULL) { 118 /* XXX no way to recover */ 119 printf("%s: no memory for AID bitmap!\n", __func__); 120 ic->ic_max_aid = 0; 121 } else 122 memset(ic->ic_aid_bitmap, 0, size); 123 } 124 125 static struct ieee80211_node * 126 ieee80211_alloc_node_helper(struct ieee80211com *ic) 127 { 128 struct ieee80211_node *ni; 129 if (ic->ic_nnodes >= ic->ic_max_nnodes) 130 ieee80211_clean_nodes(ic); 131 if (ic->ic_nnodes >= ic->ic_max_nnodes) 132 return NULL; 133 ni = (*ic->ic_node_alloc)(ic); 134 if (ni != NULL) 135 ic->ic_nnodes++; 136 return ni; 137 } 138 139 void 140 ieee80211_node_lateattach(struct ifnet *ifp) 141 { 142 struct ieee80211com *ic = (void *)ifp; 143 struct ieee80211_node *ni; 144 145 ni = ieee80211_alloc_node_helper(ic); 146 if (ni == NULL) 147 panic("unable to setup inital BSS node"); 148 ni->ni_chan = IEEE80211_CHAN_ANYC; 149 ic->ic_bss = ieee80211_ref_node(ni); 150 ic->ic_txpower = IEEE80211_TXPOWER_MAX; 151 } 152 153 void 154 ieee80211_node_detach(struct ifnet *ifp) 155 { 156 struct ieee80211com *ic = (void *)ifp; 157 158 if (ic->ic_bss != NULL) { 159 (*ic->ic_node_free)(ic, ic->ic_bss); 160 ic->ic_bss = NULL; 161 } 162 ieee80211_free_allnodes(ic); 163 IEEE80211_NODE_LOCK_DESTROY(ic); 164 if (ic->ic_aid_bitmap != NULL) 165 FREE(ic->ic_aid_bitmap, M_DEVBUF); 166 } 167 168 /* 169 * AP scanning support. 170 */ 171 172 /* 173 * Initialize the active channel set based on the set 174 * of available channels and the current PHY mode. 175 */ 176 void 177 ieee80211_reset_scan(struct ifnet *ifp) 178 { 179 struct ieee80211com *ic = (void *)ifp; 180 181 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 182 sizeof(ic->ic_chan_active)); 183 /* NB: hack, setup so next_scan starts with the first channel */ 184 if (ic->ic_bss != NULL && ic->ic_bss->ni_chan == IEEE80211_CHAN_ANYC) 185 ic->ic_bss->ni_chan = &ic->ic_channels[IEEE80211_CHAN_MAX]; 186 } 187 188 /* 189 * Begin an active scan. 190 */ 191 void 192 ieee80211_begin_scan(struct ifnet *ifp) 193 { 194 struct ieee80211com *ic = (void *)ifp; 195 196 if (ic->ic_scan_lock & IEEE80211_SCAN_LOCKED) 197 return; 198 ic->ic_scan_lock |= IEEE80211_SCAN_LOCKED; 199 200 /* 201 * In all but hostap mode scanning starts off in 202 * an active mode before switching to passive. 203 */ 204 if (ic->ic_opmode != IEEE80211_M_HOSTAP) { 205 ic->ic_flags |= IEEE80211_F_ASCAN; 206 ic->ic_stats.is_scan_active++; 207 } else 208 ic->ic_stats.is_scan_passive++; 209 if (ifp->if_flags & IFF_DEBUG) 210 printf("%s: begin %s scan\n", ifp->if_xname, 211 (ic->ic_flags & IEEE80211_F_ASCAN) ? 212 "active" : "passive"); 213 214 /* 215 * Flush any previously seen AP's. Note that the latter 216 * assumes we don't act as both an AP and a station, 217 * otherwise we'll potentially flush state of stations 218 * associated with us. 219 */ 220 ieee80211_free_allnodes(ic); 221 222 /* 223 * Reset the current mode. Setting the current mode will also 224 * reset scan state. 225 */ 226 if (IFM_MODE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO) 227 ic->ic_curmode = IEEE80211_MODE_AUTO; 228 ieee80211_setmode(ic, ic->ic_curmode); 229 230 ic->ic_scan_count = 0; 231 232 /* Scan the next channel. */ 233 ieee80211_next_scan(ifp); 234 } 235 236 /* 237 * Switch to the next channel marked for scanning. 238 */ 239 void 240 ieee80211_next_scan(struct ifnet *ifp) 241 { 242 struct ieee80211com *ic = (void *)ifp; 243 struct ieee80211_channel *chan; 244 245 chan = ic->ic_bss->ni_chan; 246 for (;;) { 247 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 248 chan = &ic->ic_channels[0]; 249 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 250 /* 251 * Ignore channels marked passive-only 252 * during an active scan. 253 */ 254 if ((ic->ic_flags & IEEE80211_F_ASCAN) == 0 || 255 (chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0) 256 break; 257 } 258 if (chan == ic->ic_bss->ni_chan) { 259 ieee80211_end_scan(ifp); 260 return; 261 } 262 } 263 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 264 IEEE80211_DPRINTF(("%s: chan %d->%d\n", __func__, 265 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan), 266 ieee80211_chan2ieee(ic, chan))); 267 ic->ic_bss->ni_chan = chan; 268 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 269 } 270 271 void 272 ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 273 { 274 struct ieee80211_node *ni; 275 struct ifnet *ifp = &ic->ic_if; 276 277 ni = ic->ic_bss; 278 if (ifp->if_flags & IFF_DEBUG) 279 printf("%s: creating ibss\n", ifp->if_xname); 280 ic->ic_flags |= IEEE80211_F_SIBSS; 281 ni->ni_chan = chan; 282 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 283 IEEE80211_ADDR_COPY(ni->ni_macaddr, ic->ic_myaddr); 284 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 285 if (ic->ic_opmode == IEEE80211_M_IBSS) { 286 if ((ic->ic_flags & IEEE80211_F_DESBSSID) != 0) 287 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 288 else 289 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 290 } 291 ni->ni_esslen = ic->ic_des_esslen; 292 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 293 ni->ni_rssi = 0; 294 ni->ni_rstamp = 0; 295 memset(ni->ni_tstamp, 0, sizeof(ni->ni_tstamp)); 296 ni->ni_intval = ic->ic_lintval; 297 ni->ni_capinfo = IEEE80211_CAPINFO_IBSS; 298 if (ic->ic_flags & IEEE80211_F_WEPON) 299 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 300 if (ic->ic_phytype == IEEE80211_T_FH) { 301 ni->ni_fhdwell = 200; /* XXX */ 302 ni->ni_fhindex = 1; 303 } 304 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 305 } 306 307 int 308 ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 309 { 310 u_int8_t rate; 311 int fail; 312 313 fail = 0; 314 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 315 fail |= 0x01; 316 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 317 ni->ni_chan != ic->ic_des_chan) 318 fail |= 0x01; 319 if (ic->ic_opmode == IEEE80211_M_IBSS) { 320 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 321 fail |= 0x02; 322 } else { 323 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 324 fail |= 0x02; 325 } 326 if (ic->ic_flags & IEEE80211_F_WEPON) { 327 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 328 fail |= 0x04; 329 } else { 330 /* XXX does this mean privacy is supported or required? */ 331 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 332 fail |= 0x04; 333 } 334 rate = ieee80211_fix_rate(ic, ni, IEEE80211_F_DONEGO); 335 if (rate & IEEE80211_RATE_BASIC) 336 fail |= 0x08; 337 if (ic->ic_des_esslen != 0 && 338 (ni->ni_esslen != ic->ic_des_esslen || 339 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 340 fail |= 0x10; 341 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 342 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 343 fail |= 0x20; 344 #ifdef IEEE80211_DEBUG 345 if (ic->ic_if.if_flags & IFF_DEBUG) { 346 printf(" %c %s", fail ? '-' : '+', 347 ether_sprintf(ni->ni_macaddr)); 348 printf(" %s%c", ether_sprintf(ni->ni_bssid), 349 fail & 0x20 ? '!' : ' '); 350 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 351 fail & 0x01 ? '!' : ' '); 352 printf(" %+4d", ni->ni_rssi); 353 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 354 fail & 0x08 ? '!' : ' '); 355 printf(" %4s%c", 356 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 357 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 358 "????", 359 fail & 0x02 ? '!' : ' '); 360 printf(" %3s%c ", 361 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 362 "wep" : "no", 363 fail & 0x04 ? '!' : ' '); 364 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 365 printf("%s\n", fail & 0x10 ? "!" : ""); 366 } 367 #endif 368 return fail; 369 } 370 371 /* 372 * Complete a scan of potential channels. 373 */ 374 void 375 ieee80211_end_scan(struct ifnet *ifp) 376 { 377 struct ieee80211com *ic = (void *)ifp; 378 struct ieee80211_node *ni, *nextbs, *selbs; 379 int i, fail; 380 381 if (ifp->if_flags & IFF_DEBUG) 382 printf("%s: end %s scan\n", ifp->if_xname, 383 (ic->ic_flags & IEEE80211_F_ASCAN) ? 384 "active" : "passive"); 385 386 if (ic->ic_scan_count) 387 ic->ic_flags &= ~IEEE80211_F_ASCAN; 388 389 ni = RB_MIN(ieee80211_tree, &ic->ic_tree); 390 391 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 392 /* XXX off stack? */ 393 u_char occupied[howmany(IEEE80211_CHAN_MAX, NBBY)]; 394 /* 395 * The passive scan to look for existing AP's completed, 396 * select a channel to camp on. Identify the channels 397 * that already have one or more AP's and try to locate 398 * an unnoccupied one. If that fails, pick a random 399 * channel from the active set. 400 */ 401 RB_FOREACH(ni, ieee80211_tree, &ic->ic_tree) 402 setbit(occupied, ieee80211_chan2ieee(ic, ni->ni_chan)); 403 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 404 if (isset(ic->ic_chan_active, i) && isclr(occupied, i)) 405 break; 406 if (i == IEEE80211_CHAN_MAX) { 407 fail = arc4random() & 3; /* random 0-3 */ 408 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 409 if (isset(ic->ic_chan_active, i) && fail-- == 0) 410 break; 411 } 412 ieee80211_create_ibss(ic, &ic->ic_channels[i]); 413 goto wakeup; 414 } 415 if (ni == NULL) { 416 IEEE80211_DPRINTF(("%s: no scan candidate\n", __func__)); 417 notfound: 418 if (ic->ic_opmode == IEEE80211_M_IBSS && 419 (ic->ic_flags & IEEE80211_F_IBSSON) && 420 ic->ic_des_esslen != 0) { 421 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 422 goto wakeup; 423 } 424 425 /* 426 * Scan the next mode if nothing has been found. This 427 * is necessary if the device supports different 428 * incompatible modes in the same channel range, like 429 * like 11b and "pure" 11G mode. This will loop 430 * forever except for user-initiated scans. 431 */ 432 if (ieee80211_next_mode(ifp) == IEEE80211_MODE_AUTO) { 433 if (ic->ic_scan_lock & IEEE80211_SCAN_REQUEST && 434 ic->ic_scan_lock & IEEE80211_SCAN_RESUME) { 435 ic->ic_scan_lock = IEEE80211_SCAN_LOCKED; 436 /* Return from an user-initiated scan */ 437 wakeup(&ic->ic_scan_lock); 438 } else if (ic->ic_scan_lock & IEEE80211_SCAN_REQUEST) 439 goto wakeup; 440 ic->ic_scan_count++; 441 } 442 443 /* 444 * Reset the list of channels to scan and start again. 445 */ 446 ieee80211_next_scan(ifp); 447 return; 448 } 449 selbs = NULL; 450 451 for (; ni != NULL; ni = nextbs) { 452 nextbs = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); 453 if (ni->ni_fails) { 454 /* 455 * The configuration of the access points may change 456 * during my scan. So delete the entry for the AP 457 * and retry to associate if there is another beacon. 458 */ 459 if (ni->ni_fails++ > 2) 460 ieee80211_free_node(ic, ni); 461 continue; 462 } 463 if (ieee80211_match_bss(ic, ni) == 0) { 464 if (selbs == NULL) 465 selbs = ni; 466 else if (ni->ni_rssi > selbs->ni_rssi) 467 selbs = ni; 468 } 469 } 470 if (selbs == NULL) 471 goto notfound; 472 (*ic->ic_node_copy)(ic, ic->ic_bss, selbs); 473 474 /* 475 * Set the erp state (mostly the slot time) to deal with 476 * the auto-select case; this should be redundant if the 477 * mode is locked. 478 */ 479 ic->ic_curmode = ieee80211_chan2mode(ic, selbs->ni_chan); 480 ieee80211_reset_erp(ic); 481 482 ieee80211_node_newstate(selbs, IEEE80211_STA_BSS); 483 if (ic->ic_opmode == IEEE80211_M_IBSS) { 484 ieee80211_fix_rate(ic, ic->ic_bss, IEEE80211_F_DOFRATE | 485 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 486 if (ic->ic_bss->ni_rates.rs_nrates == 0) 487 goto notfound; 488 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 489 } else { 490 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 491 } 492 493 wakeup: 494 if (ic->ic_scan_lock & IEEE80211_SCAN_REQUEST) { 495 /* Return from an user-initiated scan */ 496 wakeup(&ic->ic_scan_lock); 497 } 498 499 ic->ic_scan_lock = IEEE80211_SCAN_UNLOCKED; 500 } 501 502 int 503 ieee80211_get_rate(struct ieee80211com *ic) 504 { 505 u_int8_t (*rates)[IEEE80211_RATE_MAXSIZE]; 506 int rate; 507 508 rates = &ic->ic_bss->ni_rates.rs_rates; 509 510 if (ic->ic_fixed_rate != -1) 511 rate = (*rates)[ic->ic_fixed_rate]; 512 else if (ic->ic_state == IEEE80211_S_RUN) 513 rate = (*rates)[ic->ic_bss->ni_txrate]; 514 else 515 rate = 0; 516 517 return rate & IEEE80211_RATE_VAL; 518 } 519 520 static struct ieee80211_node * 521 ieee80211_node_alloc(struct ieee80211com *ic) 522 { 523 struct ieee80211_node *ni; 524 MALLOC(ni, struct ieee80211_node *, sizeof(struct ieee80211_node), 525 M_80211_NODE, M_NOWAIT); 526 if (ni != NULL) 527 memset(ni, 0, sizeof(struct ieee80211_node)); 528 return ni; 529 } 530 531 static void 532 ieee80211_node_cleanup(struct ieee80211com *ic, struct ieee80211_node *ni) 533 { 534 if (ni->ni_challenge != NULL) { 535 FREE(ni->ni_challenge, M_DEVBUF); 536 ni->ni_challenge = NULL; 537 } 538 } 539 540 static void 541 ieee80211_node_free(struct ieee80211com *ic, struct ieee80211_node *ni) 542 { 543 ieee80211_node_cleanup(ic, ni); 544 FREE(ni, M_80211_NODE); 545 } 546 547 static void 548 ieee80211_node_copy(struct ieee80211com *ic, 549 struct ieee80211_node *dst, const struct ieee80211_node *src) 550 { 551 ieee80211_node_cleanup(ic, dst); 552 *dst = *src; 553 dst->ni_challenge = NULL; 554 } 555 556 static u_int8_t 557 ieee80211_node_getrssi(struct ieee80211com *ic, struct ieee80211_node *ni) 558 { 559 return ni->ni_rssi; 560 } 561 562 static void 563 ieee80211_setup_node(struct ieee80211com *ic, 564 struct ieee80211_node *ni, u_int8_t *macaddr) 565 { 566 IEEE80211_DPRINTF(("%s %s\n", __func__, ether_sprintf(macaddr))); 567 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 568 ieee80211_node_newstate(ni, IEEE80211_STA_CACHE); 569 IEEE80211_NODE_LOCK_BH(ic); 570 571 /* 572 * Note we don't enable the inactive timer when acting 573 * as a station. Nodes created in this mode represent 574 * AP's identified while scanning. If we time them out 575 * then several things happen: we can't return the data 576 * to users to show the list of AP's we encountered, and 577 * more importantly, we'll incorrectly deauthenticate 578 * ourself because the inactivity timer will kick us off. 579 */ 580 if (ic->ic_opmode != IEEE80211_M_STA && 581 RB_EMPTY(&ic->ic_tree)) 582 ic->ic_inact_timer = IEEE80211_INACT_WAIT; 583 RB_INSERT(ieee80211_tree, &ic->ic_tree, ni); 584 IEEE80211_NODE_UNLOCK_BH(ic); 585 } 586 587 struct ieee80211_node * 588 ieee80211_alloc_node(struct ieee80211com *ic, u_int8_t *macaddr) 589 { 590 struct ieee80211_node *ni = ieee80211_alloc_node_helper(ic); 591 if (ni != NULL) 592 ieee80211_setup_node(ic, ni, macaddr); 593 else 594 ic->ic_stats.is_rx_nodealloc++; 595 return ni; 596 } 597 598 struct ieee80211_node * 599 ieee80211_dup_bss(struct ieee80211com *ic, u_int8_t *macaddr) 600 { 601 struct ieee80211_node *ni = ieee80211_alloc_node_helper(ic); 602 if (ni != NULL) { 603 ieee80211_setup_node(ic, ni, macaddr); 604 /* 605 * Inherit from ic_bss. 606 */ 607 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 608 ni->ni_chan = ic->ic_bss->ni_chan; 609 } else 610 ic->ic_stats.is_rx_nodealloc++; 611 return ni; 612 } 613 614 struct ieee80211_node * 615 ieee80211_find_node(struct ieee80211com *ic, u_int8_t *macaddr) 616 { 617 struct ieee80211_node ni; 618 619 IEEE80211_ADDR_COPY(ni.ni_macaddr, macaddr); 620 return (RB_FIND(ieee80211_tree, &ic->ic_tree, &ni)); 621 } 622 623 /* 624 * Return a reference to the appropriate node for sending 625 * a data frame. This handles node discovery in adhoc networks. 626 * 627 * Drivers will call this, so increase the reference count before 628 * returning the node. 629 */ 630 struct ieee80211_node * 631 ieee80211_find_txnode(struct ieee80211com *ic, u_int8_t *macaddr) 632 { 633 struct ieee80211_node *ni; 634 635 /* 636 * The destination address should be in the node table 637 * unless we are operating in station mode or this is a 638 * multicast/broadcast frame. 639 */ 640 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 641 return ieee80211_ref_node(ic->ic_bss); 642 643 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 644 IEEE80211_NODE_LOCK(ic); 645 ni = ieee80211_find_node(ic, macaddr); 646 IEEE80211_NODE_UNLOCK(ic); 647 if (ni == NULL) { 648 if (ic->ic_opmode != IEEE80211_M_IBSS && 649 ic->ic_opmode != IEEE80211_M_AHDEMO) 650 return NULL; 651 652 /* 653 * Fake up a node; this handles node discovery in 654 * adhoc mode. Note that for the driver's benefit 655 * we we treat this like an association so the driver 656 * has an opportunity to setup it's private state. 657 * 658 * XXX need better way to handle this; issue probe 659 * request so we can deduce rate set, etc. 660 */ 661 if ((ni = ieee80211_dup_bss(ic, macaddr)) == NULL) 662 return NULL; 663 /* XXX no rate negotiation; just dup */ 664 ni->ni_rates = ic->ic_bss->ni_rates; 665 if (ic->ic_newassoc) 666 (*ic->ic_newassoc)(ic, ni, 1); 667 } 668 return ieee80211_ref_node(ni); 669 } 670 671 /* 672 * It is usually desirable to process a Rx packet using its sender's 673 * node-record instead of the BSS record. 674 * 675 * - AP mode: keep a node-record for every authenticated/associated 676 * station *in the BSS*. For future use, we also track neighboring 677 * APs, since they might belong to the same ESS. APs in the same 678 * ESS may bridge packets to each other, forming a Wireless 679 * Distribution System (WDS). 680 * 681 * - IBSS mode: keep a node-record for every station *in the BSS*. 682 * Also track neighboring stations by their beacons/probe responses. 683 * 684 * - monitor mode: keep a node-record for every sender, regardless 685 * of BSS. 686 * 687 * - STA mode: the only available node-record is the BSS record, 688 * ic->ic_bss. 689 * 690 * Of all the 802.11 Control packets, only the node-records for 691 * RTS packets node-record can be looked up. 692 * 693 * Return non-zero if the packet's node-record is kept, zero 694 * otherwise. 695 */ 696 static __inline int 697 ieee80211_needs_rxnode(struct ieee80211com *ic, struct ieee80211_frame *wh, 698 u_int8_t **bssid) 699 { 700 struct ieee80211_node *bss = ic->ic_bss; 701 int monitor, rc = 0; 702 703 monitor = (ic->ic_opmode == IEEE80211_M_MONITOR); 704 705 *bssid = NULL; 706 707 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 708 case IEEE80211_FC0_TYPE_CTL: 709 if (!monitor) 710 break; 711 return (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 712 IEEE80211_FC0_SUBTYPE_RTS; 713 case IEEE80211_FC0_TYPE_MGT: 714 *bssid = wh->i_addr3; 715 switch (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) { 716 case IEEE80211_FC0_SUBTYPE_BEACON: 717 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 718 rc = 1; 719 break; 720 default: 721 if (ic->ic_opmode == IEEE80211_M_STA) 722 break; 723 rc = IEEE80211_ADDR_EQ(*bssid, bss->ni_bssid) || 724 IEEE80211_ADDR_EQ(*bssid, etherbroadcastaddr); 725 break; 726 } 727 break; 728 case IEEE80211_FC0_TYPE_DATA: 729 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 730 case IEEE80211_FC1_DIR_NODS: 731 *bssid = wh->i_addr3; 732 if (ic->ic_opmode == IEEE80211_M_IBSS || 733 ic->ic_opmode == IEEE80211_M_AHDEMO) 734 rc = IEEE80211_ADDR_EQ(*bssid, bss->ni_bssid); 735 break; 736 case IEEE80211_FC1_DIR_TODS: 737 *bssid = wh->i_addr1; 738 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 739 rc = IEEE80211_ADDR_EQ(*bssid, bss->ni_bssid); 740 break; 741 case IEEE80211_FC1_DIR_FROMDS: 742 case IEEE80211_FC1_DIR_DSTODS: 743 *bssid = wh->i_addr2; 744 rc = (ic->ic_opmode == IEEE80211_M_HOSTAP); 745 break; 746 } 747 break; 748 } 749 return monitor || rc; 750 } 751 752 /* 753 * Drivers call this, so increase the reference count before returning 754 * the node. 755 */ 756 struct ieee80211_node * 757 ieee80211_find_rxnode(struct ieee80211com *ic, struct ieee80211_frame *wh) 758 { 759 struct ieee80211_node *ni; 760 const static u_int8_t zero[IEEE80211_ADDR_LEN]; 761 u_int8_t *bssid; 762 763 if (!ieee80211_needs_rxnode(ic, wh, &bssid)) 764 return ieee80211_ref_node(ic->ic_bss); 765 766 IEEE80211_NODE_LOCK(ic); 767 ni = ieee80211_find_node(ic, wh->i_addr2); 768 IEEE80211_NODE_UNLOCK(ic); 769 770 if (ni != NULL) 771 return ieee80211_ref_node(ni); 772 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 773 return ieee80211_ref_node(ic->ic_bss); 774 775 /* XXX see remarks in ieee80211_find_txnode */ 776 /* XXX no rate negotiation; just dup */ 777 if ((ni = ieee80211_dup_bss(ic, wh->i_addr2)) == NULL) 778 return ieee80211_ref_node(ic->ic_bss); 779 780 IEEE80211_ADDR_COPY(ni->ni_bssid, (bssid != NULL) ? bssid : zero); 781 782 ni->ni_rates = ic->ic_bss->ni_rates; 783 if (ic->ic_newassoc) 784 (*ic->ic_newassoc)(ic, ni, 1); 785 786 IEEE80211_DPRINTF(("%s: faked-up node %p for %s\n", __func__, ni, 787 ether_sprintf(wh->i_addr2))); 788 789 return ieee80211_ref_node(ni); 790 } 791 792 struct ieee80211_node * 793 ieee80211_find_node_for_beacon(struct ieee80211com *ic, u_int8_t *macaddr, 794 struct ieee80211_channel *chan, char *ssid, u_int8_t rssi) 795 { 796 struct ieee80211_node *ni, *keep = NULL; 797 int score = 0; 798 799 if ((ni = ieee80211_find_node(ic, macaddr)) != NULL) { 800 IEEE80211_NODE_LOCK(ic); 801 802 if (ni->ni_chan != chan && ni->ni_rssi >= rssi) 803 score++; 804 if (ssid[1] == 0 && ni->ni_esslen != 0) 805 score++; 806 if (score > 0) 807 keep = ni; 808 809 IEEE80211_NODE_UNLOCK(ic); 810 } 811 812 return (keep); 813 } 814 815 static void 816 ieee80211_free_node(struct ieee80211com *ic, struct ieee80211_node *ni) 817 { 818 if (ni == ic->ic_bss) 819 panic("freeing bss node"); 820 821 IEEE80211_DPRINTF(("%s %s\n", __func__, ether_sprintf(ni->ni_macaddr))); 822 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 823 RB_REMOVE(ieee80211_tree, &ic->ic_tree, ni); 824 ic->ic_nnodes--; 825 if (!IF_IS_EMPTY(&ni->ni_savedq)) { 826 IF_PURGE(&ni->ni_savedq); 827 if (ic->ic_set_tim) 828 (*ic->ic_set_tim)(ic, ni->ni_associd, 0); 829 } 830 if (RB_EMPTY(&ic->ic_tree)) 831 ic->ic_inact_timer = 0; 832 (*ic->ic_node_free)(ic, ni); 833 /* TBD indicate to drivers that a new node can be allocated */ 834 } 835 836 void 837 ieee80211_release_node(struct ieee80211com *ic, struct ieee80211_node *ni) 838 { 839 IEEE80211_DPRINTF(("%s %s refcnt %d\n", __func__, 840 ether_sprintf(ni->ni_macaddr), ni->ni_refcnt)); 841 if (ieee80211_node_decref(ni) == 0 && 842 ni->ni_state == IEEE80211_STA_COLLECT) { 843 IEEE80211_NODE_LOCK_BH(ic); 844 ieee80211_free_node(ic, ni); 845 IEEE80211_NODE_UNLOCK_BH(ic); 846 } 847 } 848 849 void 850 ieee80211_free_allnodes(struct ieee80211com *ic) 851 { 852 struct ieee80211_node *ni; 853 854 IEEE80211_DPRINTF(("%s\n", __func__)); 855 IEEE80211_NODE_LOCK_BH(ic); 856 while ((ni = RB_MIN(ieee80211_tree, &ic->ic_tree)) != NULL) 857 ieee80211_free_node(ic, ni); 858 IEEE80211_NODE_UNLOCK_BH(ic); 859 860 if (ic->ic_bss != NULL) 861 ieee80211_node_cleanup(ic, ic->ic_bss); /* for station mode */ 862 } 863 864 /* 865 * Timeout inactive nodes. Note that we cannot hold the node 866 * lock while sending a frame as this would lead to a LOR. 867 * Instead we use a generation number to mark nodes that we've 868 * scanned and drop the lock and restart a scan if we have to 869 * time out a node. Since we are single-threaded by virtue of 870 * controlling the inactivity timer we can be sure this will 871 * process each node only once. 872 */ 873 void 874 ieee80211_clean_nodes(struct ieee80211com *ic) 875 { 876 struct ieee80211_node *ni, *next_ni; 877 u_int gen = ic->ic_scangen++; /* NB: ok 'cuz single-threaded*/ 878 879 IEEE80211_NODE_LOCK(ic); 880 for (ni = RB_MIN(ieee80211_tree, &ic->ic_tree); 881 ni != NULL; ni = next_ni) { 882 next_ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); 883 if (ic->ic_nnodes <= ic->ic_max_nnodes) 884 break; 885 if (ni->ni_scangen == gen) /* previously handled */ 886 continue; 887 ni->ni_scangen = gen; 888 if (ni->ni_refcnt > 0) 889 continue; 890 IEEE80211_DPRINTF(("station %s purged from LRU cache\n", 891 ether_sprintf(ni->ni_macaddr))); 892 /* 893 * Send a deauthenticate frame. 894 */ 895 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 896 IEEE80211_NODE_UNLOCK(ic); 897 IEEE80211_SEND_MGMT(ic, ni, 898 IEEE80211_FC0_SUBTYPE_DEAUTH, 899 IEEE80211_REASON_AUTH_EXPIRE); 900 IEEE80211_NODE_LOCK(ic); 901 ieee80211_node_leave(ic, ni); 902 } else 903 ieee80211_free_node(ic, ni); 904 ic->ic_stats.is_node_timeout++; 905 } 906 IEEE80211_NODE_UNLOCK(ic); 907 } 908 909 void 910 ieee80211_iterate_nodes(struct ieee80211com *ic, ieee80211_iter_func *f, 911 void *arg) 912 { 913 struct ieee80211_node *ni; 914 915 IEEE80211_NODE_LOCK(ic); 916 RB_FOREACH(ni, ieee80211_tree, &ic->ic_tree) 917 (*f)(arg, ni); 918 IEEE80211_NODE_UNLOCK(ic); 919 } 920 921 /* 922 * Check if the specified node supports ERP. 923 */ 924 int 925 ieee80211_iserp_sta(struct ieee80211_node *ni) 926 { 927 #define N(a) (sizeof (a) / sizeof (a)[0]) 928 static const uint8_t rates[] = { 2, 4, 11, 22, 12, 24, 48 }; 929 struct ieee80211_rateset *rs = &ni->ni_rates; 930 int i, j; 931 932 /* 933 * A STA supports ERP operation if it includes all the Clause 19 934 * mandatory rates in its supported rate set. 935 */ 936 for (i = 0; i < N(rates); i++) { 937 for (j = 0; j < rs->rs_nrates; j++) { 938 if ((rs->rs_rates[j] & IEEE80211_RATE_VAL) == rates[i]) 939 break; 940 } 941 if (j == rs->rs_nrates) 942 return 0; 943 } 944 return 1; 945 #undef N 946 } 947 948 /* 949 * Handle a station joining an 11g network. 950 */ 951 static void 952 ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 953 { 954 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)) { 955 /* 956 * Joining STA doesn't support short slot time. We must 957 * disable the use of short slot time for all other associated 958 * STAs and give the driver a chance to reconfigure the 959 * hardware. 960 */ 961 if (++ic->ic_longslotsta == 1) { 962 if (ic->ic_caps & IEEE80211_C_SHSLOT) 963 ieee80211_set_shortslottime(ic, 0); 964 } 965 IEEE80211_DPRINTF(("[%s] station needs long slot time, " 966 "count %d\n", ether_sprintf(ni->ni_macaddr), 967 ic->ic_longslotsta)); 968 } 969 970 if (!ieee80211_iserp_sta(ni)) { 971 /* 972 * Joining STA is non-ERP. 973 */ 974 ic->ic_nonerpsta++; 975 976 IEEE80211_DPRINTF(("[%s] station is non-ERP, %d non-ERP " 977 "stations associated\n", ether_sprintf(ni->ni_macaddr), 978 ic->ic_nonerpsta)); 979 980 /* must enable the use of protection */ 981 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 982 IEEE80211_DPRINTF(("%s: enable use of protection\n", 983 __func__)); 984 ic->ic_flags |= IEEE80211_F_USEPROT; 985 } 986 987 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE)) 988 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 989 } else 990 ni->ni_flags |= IEEE80211_NODE_ERP; 991 } 992 993 void 994 ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, 995 int resp) 996 { 997 int newassoc; 998 999 if (ni->ni_associd == 0) { 1000 u_int16_t aid; 1001 1002 /* 1003 * It would be clever to search the bitmap 1004 * more efficiently, but this will do for now. 1005 */ 1006 for (aid = 1; aid < ic->ic_max_aid; aid++) { 1007 if (!IEEE80211_AID_ISSET(aid, 1008 ic->ic_aid_bitmap)) 1009 break; 1010 } 1011 if (aid >= ic->ic_max_aid) { 1012 IEEE80211_SEND_MGMT(ic, ni, resp, 1013 IEEE80211_REASON_ASSOC_TOOMANY); 1014 ieee80211_node_leave(ic, ni); 1015 return; 1016 } 1017 ni->ni_associd = aid | 0xc000; 1018 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 1019 newassoc = 1; 1020 if (ic->ic_curmode == IEEE80211_MODE_11G) 1021 ieee80211_node_join_11g(ic, ni); 1022 } else 1023 newassoc = 0; 1024 1025 IEEE80211_DPRINTF(("station %s %s associated at aid %d\n", 1026 ether_sprintf(ni->ni_macaddr), 1027 (newassoc ? "newly" : "already"), 1028 ni->ni_associd & ~0xc000)); 1029 1030 /* give driver a chance to setup state like ni_txrate */ 1031 if (ic->ic_newassoc) 1032 (*ic->ic_newassoc)(ic, ni, newassoc); 1033 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 1034 ieee80211_node_newstate(ni, IEEE80211_STA_ASSOC); 1035 1036 #if NBRIDGE > 0 1037 /* 1038 * If the parent interface belongs to a bridge, learn 1039 * the node's address dynamically on this interface. 1040 */ 1041 if (ic->ic_if.if_bridge != NULL) 1042 bridge_update(&ic->ic_if, 1043 (struct ether_addr *)ni->ni_macaddr, 0); 1044 #endif 1045 } 1046 1047 /* 1048 * Handle a station leaving an 11g network. 1049 */ 1050 static void 1051 ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 1052 { 1053 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)) { 1054 #ifdef DIAGNOSTIC 1055 if (ic->ic_longslotsta == 0) { 1056 panic("bogus long slot station count %d", 1057 ic->ic_longslotsta); 1058 } 1059 #endif 1060 /* leaving STA did not support short slot time */ 1061 if (--ic->ic_longslotsta == 0) { 1062 /* 1063 * All associated STAs now support short slot time, so 1064 * enable this feature and give the driver a chance to 1065 * reconfigure the hardware. Notice that IBSS always 1066 * use a long slot time. 1067 */ 1068 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 1069 ic->ic_opmode != IEEE80211_M_IBSS) 1070 ieee80211_set_shortslottime(ic, 1); 1071 } 1072 IEEE80211_DPRINTF(("[%s] long slot time station leaves, " 1073 "count now %d\n", ether_sprintf(ni->ni_macaddr), 1074 ic->ic_longslotsta)); 1075 } 1076 1077 if (!(ni->ni_flags & IEEE80211_NODE_ERP)) { 1078 #ifdef DIAGNOSTIC 1079 if (ic->ic_nonerpsta == 0) { 1080 panic("bogus non-ERP station count %d\n", 1081 ic->ic_nonerpsta); 1082 } 1083 #endif 1084 /* leaving STA was non-ERP */ 1085 if (--ic->ic_nonerpsta == 0) { 1086 /* 1087 * All associated STAs are now ERP capable, disable use 1088 * of protection and re-enable short preamble support. 1089 */ 1090 ic->ic_flags &= ~IEEE80211_F_USEPROT; 1091 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) 1092 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 1093 } 1094 IEEE80211_DPRINTF(("[%s] non-ERP station leaves, " 1095 "count now %d\n", ether_sprintf(ni->ni_macaddr), 1096 ic->ic_nonerpsta)); 1097 } 1098 } 1099 1100 /* 1101 * Handle bookkeeping for station deauthentication/disassociation 1102 * when operating as an ap. 1103 */ 1104 void 1105 ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 1106 { 1107 if (ic->ic_opmode != IEEE80211_M_HOSTAP) 1108 panic("not in ap mode, mode %u", ic->ic_opmode); 1109 /* 1110 * If node wasn't previously associated all 1111 * we need to do is reclaim the reference. 1112 */ 1113 if (ni->ni_associd == 0) 1114 return; 1115 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1116 ni->ni_associd = 0; 1117 1118 if (ic->ic_curmode == IEEE80211_MODE_11G) 1119 ieee80211_node_leave_11g(ic, ni); 1120 1121 ieee80211_node_newstate(ni, IEEE80211_STA_COLLECT); 1122 1123 #if NBRIDGE > 0 1124 /* 1125 * If the parent interface belongs to a bridge, delete 1126 * any dynamically learned address for this node. 1127 */ 1128 if (ic->ic_if.if_bridge != NULL) 1129 bridge_update(&ic->ic_if, 1130 (struct ether_addr *)ni->ni_macaddr, 1); 1131 #endif 1132 } 1133 1134 /* 1135 * Compare nodes in the tree by lladdr 1136 */ 1137 int 1138 ieee80211_node_cmp(struct ieee80211_node *b1, struct ieee80211_node *b2) 1139 { 1140 return (memcmp(b1->ni_macaddr, b2->ni_macaddr, IEEE80211_ADDR_LEN)); 1141 } 1142 1143 /* 1144 * Generate red-black tree function logic 1145 */ 1146 RB_GENERATE(ieee80211_tree, ieee80211_node, ni_node, ieee80211_node_cmp); 1147