1 /* $OpenBSD: ieee80211_node.c,v 1.158 2018/11/25 12:14:01 phessler Exp $ */ 2 /* $NetBSD: ieee80211_node.c,v 1.14 2004/05/09 09:18:47 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2008 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 #include "bridge.h" 34 35 #include <sys/param.h> 36 #include <sys/systm.h> 37 #include <sys/mbuf.h> 38 #include <sys/malloc.h> 39 #include <sys/kernel.h> 40 #include <sys/socket.h> 41 #include <sys/sockio.h> 42 #include <sys/endian.h> 43 #include <sys/errno.h> 44 #include <sys/sysctl.h> 45 #include <sys/tree.h> 46 47 #include <net/if.h> 48 #include <net/if_dl.h> 49 #include <net/if_media.h> 50 51 #include <netinet/in.h> 52 #include <netinet/if_ether.h> 53 54 #if NBRIDGE > 0 55 #include <net/if_bridge.h> 56 #endif 57 58 #include <net80211/ieee80211_var.h> 59 #include <net80211/ieee80211_priv.h> 60 61 struct ieee80211_node *ieee80211_node_alloc(struct ieee80211com *); 62 void ieee80211_node_free(struct ieee80211com *, struct ieee80211_node *); 63 void ieee80211_node_copy(struct ieee80211com *, struct ieee80211_node *, 64 const struct ieee80211_node *); 65 void ieee80211_choose_rsnparams(struct ieee80211com *); 66 u_int8_t ieee80211_node_getrssi(struct ieee80211com *, 67 const struct ieee80211_node *); 68 int ieee80211_node_checkrssi(struct ieee80211com *, 69 const struct ieee80211_node *); 70 int ieee80211_ess_is_better(struct ieee80211com *ic, struct ieee80211_node *, 71 struct ieee80211_node *); 72 void ieee80211_setup_node(struct ieee80211com *, struct ieee80211_node *, 73 const u_int8_t *); 74 void ieee80211_free_node(struct ieee80211com *, struct ieee80211_node *); 75 void ieee80211_ba_del(struct ieee80211_node *); 76 struct ieee80211_node *ieee80211_alloc_node_helper(struct ieee80211com *); 77 void ieee80211_node_cleanup(struct ieee80211com *, struct ieee80211_node *); 78 void ieee80211_node_switch_bss(struct ieee80211com *, struct ieee80211_node *); 79 void ieee80211_needs_auth(struct ieee80211com *, struct ieee80211_node *); 80 #ifndef IEEE80211_STA_ONLY 81 void ieee80211_node_join_ht(struct ieee80211com *, struct ieee80211_node *); 82 void ieee80211_node_join_rsn(struct ieee80211com *, struct ieee80211_node *); 83 void ieee80211_node_join_11g(struct ieee80211com *, struct ieee80211_node *); 84 void ieee80211_node_leave_ht(struct ieee80211com *, struct ieee80211_node *); 85 void ieee80211_node_leave_rsn(struct ieee80211com *, struct ieee80211_node *); 86 void ieee80211_node_leave_11g(struct ieee80211com *, struct ieee80211_node *); 87 void ieee80211_inact_timeout(void *); 88 void ieee80211_node_cache_timeout(void *); 89 #endif 90 91 #ifndef IEEE80211_STA_ONLY 92 void 93 ieee80211_inact_timeout(void *arg) 94 { 95 struct ieee80211com *ic = arg; 96 struct ieee80211_node *ni, *next_ni; 97 int s; 98 99 s = splnet(); 100 for (ni = RBT_MIN(ieee80211_tree, &ic->ic_tree); 101 ni != NULL; ni = next_ni) { 102 next_ni = RBT_NEXT(ieee80211_tree, ni); 103 if (ni->ni_refcnt > 0) 104 continue; 105 if (ni->ni_inact < IEEE80211_INACT_MAX) 106 ni->ni_inact++; 107 } 108 splx(s); 109 110 timeout_add_sec(&ic->ic_inact_timeout, IEEE80211_INACT_WAIT); 111 } 112 113 void 114 ieee80211_node_cache_timeout(void *arg) 115 { 116 struct ieee80211com *ic = arg; 117 118 ieee80211_clean_nodes(ic, 1); 119 timeout_add_sec(&ic->ic_node_cache_timeout, IEEE80211_CACHE_WAIT); 120 } 121 #endif 122 123 /* 124 * For debug purposes 125 */ 126 void 127 ieee80211_print_ess(struct ieee80211_ess *ess) 128 { 129 ieee80211_print_essid(ess->essid, ess->esslen); 130 if (ess->flags & IEEE80211_F_RSNON) { 131 printf(" wpa"); 132 if (ess->rsnprotos & IEEE80211_PROTO_RSN) 133 printf(",wpa2"); 134 if (ess->rsnprotos & IEEE80211_PROTO_WPA) 135 printf(",wpa1"); 136 137 if (ess->rsnakms & IEEE80211_AKM_8021X || 138 ess->rsnakms & IEEE80211_AKM_SHA256_8021X) 139 printf(",802.1x"); 140 printf(" "); 141 142 if (ess->rsnciphers & IEEE80211_CIPHER_USEGROUP) 143 printf(" usegroup"); 144 if (ess->rsnciphers & IEEE80211_CIPHER_WEP40) 145 printf(" wep40"); 146 if (ess->rsnciphers & IEEE80211_CIPHER_WEP104) 147 printf(" wep104"); 148 if (ess->rsnciphers & IEEE80211_CIPHER_TKIP) 149 printf(" tkip"); 150 if (ess->rsnciphers & IEEE80211_CIPHER_CCMP) 151 printf(" ccmp"); 152 } 153 if (ess->flags & IEEE80211_F_WEPON) { 154 int i = ess->def_txkey; 155 156 printf(" wep,"); 157 if (ess->nw_keys[i].k_cipher & IEEE80211_CIPHER_WEP40) 158 printf("wep40"); 159 if (ess->nw_keys[i].k_cipher & IEEE80211_CIPHER_WEP104) 160 printf("wep104"); 161 } 162 if (ess->flags == 0) 163 printf(" clear"); 164 printf("\n"); 165 } 166 167 void 168 ieee80211_print_ess_list(struct ieee80211com *ic) 169 { 170 struct ifnet *ifp = &ic->ic_if; 171 struct ieee80211_ess *ess; 172 173 printf("%s: known networks\n", ifp->if_xname); 174 TAILQ_FOREACH(ess, &ic->ic_ess, ess_next) { 175 ieee80211_print_ess(ess); 176 } 177 } 178 179 struct ieee80211_ess * 180 ieee80211_get_ess(struct ieee80211com *ic, const char *nwid, int len) 181 { 182 struct ieee80211_ess *ess; 183 184 TAILQ_FOREACH(ess, &ic->ic_ess, ess_next) { 185 if (len == ess->esslen && 186 memcmp(ess->essid, nwid, ess->esslen) == 0) 187 return ess; 188 } 189 190 return NULL; 191 } 192 193 void 194 ieee80211_del_ess(struct ieee80211com *ic, char *nwid, int all) 195 { 196 struct ieee80211_ess *ess, *next; 197 198 TAILQ_FOREACH_SAFE(ess, &ic->ic_ess, ess_next, next) { 199 if (all == 1 || (memcmp(ess->essid, nwid, 200 IEEE80211_NWID_LEN) == 0)) { 201 TAILQ_REMOVE(&ic->ic_ess, ess, ess_next); 202 explicit_bzero(ess, sizeof(*ess)); 203 free(ess, M_DEVBUF, sizeof(*ess)); 204 if (TAILQ_EMPTY(&ic->ic_ess)) 205 ic->ic_flags &= ~IEEE80211_F_AUTO_JOIN; 206 if (all != 1) 207 return; 208 } 209 } 210 } 211 212 /* Keep in sync with ieee80211_ioctl.c:ieee80211_ioctl_setnwkeys() */ 213 static int 214 ieee80211_ess_setnwkeys(struct ieee80211_ess *ess, 215 const struct ieee80211_nwkey *nwkey) 216 { 217 struct ieee80211_key *k; 218 int i; 219 220 if (nwkey->i_wepon == IEEE80211_NWKEY_OPEN) { 221 if (!(ess->flags & IEEE80211_F_WEPON)) 222 return 0; 223 ess->flags &= ~IEEE80211_F_WEPON; 224 return ENETRESET; 225 } 226 if (nwkey->i_defkid < 1 || nwkey->i_defkid > IEEE80211_WEP_NKID) 227 return EINVAL; 228 229 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 230 if (nwkey->i_key[i].i_keylen == 0 || 231 nwkey->i_key[i].i_keydat == NULL) 232 continue; /* entry not set */ 233 if (nwkey->i_key[i].i_keylen > IEEE80211_KEYBUF_SIZE) 234 return EINVAL; 235 236 /* map wep key to ieee80211_key */ 237 k = &ess->nw_keys[i]; 238 memset(k, 0, sizeof(*k)); 239 if (nwkey->i_key[i].i_keylen <= 5) 240 k->k_cipher = IEEE80211_CIPHER_WEP40; 241 else 242 k->k_cipher = IEEE80211_CIPHER_WEP104; 243 k->k_len = ieee80211_cipher_keylen(k->k_cipher); 244 k->k_flags = IEEE80211_KEY_GROUP | IEEE80211_KEY_TX; 245 } 246 ess->def_txkey = nwkey->i_defkid - 1; 247 ess->flags |= IEEE80211_F_WEPON; 248 249 return ENETRESET; 250 } 251 252 253 /* Keep in sync with ieee80211_ioctl.c:ieee80211_ioctl_setwpaparms() */ 254 static int 255 ieee80211_ess_setwpaparms(struct ieee80211_ess *ess, 256 const struct ieee80211_wpaparams *wpa) 257 { 258 if (!wpa->i_enabled) { 259 if (!(ess->flags & IEEE80211_F_RSNON)) 260 return 0; 261 ess->flags &= ~IEEE80211_F_RSNON; 262 ess->rsnprotos = 0; 263 ess->rsnakms = 0; 264 ess->rsngroupcipher = 0; 265 ess->rsnciphers = 0; 266 return ENETRESET; 267 } 268 269 ess->rsnprotos = 0; 270 if (wpa->i_protos & IEEE80211_WPA_PROTO_WPA1) 271 ess->rsnprotos |= IEEE80211_PROTO_WPA; 272 if (wpa->i_protos & IEEE80211_WPA_PROTO_WPA2) 273 ess->rsnprotos |= IEEE80211_PROTO_RSN; 274 if (ess->rsnprotos == 0) /* set to default (RSN) */ 275 ess->rsnprotos = IEEE80211_PROTO_RSN; 276 277 ess->rsnakms = 0; 278 if (wpa->i_akms & IEEE80211_WPA_AKM_PSK) 279 ess->rsnakms |= IEEE80211_AKM_PSK; 280 if (wpa->i_akms & IEEE80211_WPA_AKM_SHA256_PSK) 281 ess->rsnakms |= IEEE80211_AKM_SHA256_PSK; 282 if (wpa->i_akms & IEEE80211_WPA_AKM_8021X) 283 ess->rsnakms |= IEEE80211_AKM_8021X; 284 if (wpa->i_akms & IEEE80211_WPA_AKM_SHA256_8021X) 285 ess->rsnakms |= IEEE80211_AKM_SHA256_8021X; 286 if (ess->rsnakms == 0) /* set to default (PSK) */ 287 ess->rsnakms = IEEE80211_AKM_PSK; 288 289 if (wpa->i_groupcipher == IEEE80211_WPA_CIPHER_WEP40) 290 ess->rsngroupcipher = IEEE80211_CIPHER_WEP40; 291 else if (wpa->i_groupcipher == IEEE80211_WPA_CIPHER_TKIP) 292 ess->rsngroupcipher = IEEE80211_CIPHER_TKIP; 293 else if (wpa->i_groupcipher == IEEE80211_WPA_CIPHER_CCMP) 294 ess->rsngroupcipher = IEEE80211_CIPHER_CCMP; 295 else if (wpa->i_groupcipher == IEEE80211_WPA_CIPHER_WEP104) 296 ess->rsngroupcipher = IEEE80211_CIPHER_WEP104; 297 else { /* set to default */ 298 if (ess->rsnprotos & IEEE80211_PROTO_WPA) 299 ess->rsngroupcipher = IEEE80211_CIPHER_TKIP; 300 else 301 ess->rsngroupcipher = IEEE80211_CIPHER_CCMP; 302 } 303 304 ess->rsnciphers = 0; 305 if (wpa->i_ciphers & IEEE80211_WPA_CIPHER_TKIP) 306 ess->rsnciphers |= IEEE80211_CIPHER_TKIP; 307 if (wpa->i_ciphers & IEEE80211_WPA_CIPHER_CCMP) 308 ess->rsnciphers |= IEEE80211_CIPHER_CCMP; 309 if (wpa->i_ciphers & IEEE80211_WPA_CIPHER_USEGROUP) 310 ess->rsnciphers = IEEE80211_CIPHER_USEGROUP; 311 if (ess->rsnciphers == 0) { /* set to default (CCMP, TKIP if WPA1) */ 312 ess->rsnciphers = IEEE80211_CIPHER_CCMP; 313 if (ess->rsnprotos & IEEE80211_PROTO_WPA) 314 ess->rsnciphers |= IEEE80211_CIPHER_TKIP; 315 } 316 317 ess->flags |= IEEE80211_F_RSNON; 318 319 if (ess->rsnakms & 320 (IEEE80211_AKM_8021X|IEEE80211_WPA_AKM_SHA256_8021X)) 321 ess->flags |= IEEE80211_JOIN_8021X; 322 323 return ENETRESET; 324 } 325 326 static void 327 ieee80211_ess_clear_wep(struct ieee80211_ess *ess) 328 { 329 int i; 330 331 /* Disable WEP */ 332 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 333 explicit_bzero(&ess->nw_keys[i], sizeof(ess->nw_keys[0])); 334 } 335 ess->def_txkey = 0; 336 ess->flags &= ~IEEE80211_F_WEPON; 337 } 338 339 static void 340 ieee80211_ess_clear_wpa(struct ieee80211_ess *ess) 341 { 342 /* Disable WPA */ 343 ess->rsnprotos = ess->rsnakms = ess->rsngroupcipher = 344 ess->rsnciphers = 0; 345 explicit_bzero(ess->psk, sizeof(ess->psk)); 346 ess->flags &= ~(IEEE80211_F_PSK | IEEE80211_F_RSNON); 347 } 348 349 int 350 ieee80211_add_ess(struct ieee80211com *ic, struct ieee80211_join *join) 351 { 352 struct ieee80211_ess *ess; 353 int new = 0, ness = 0; 354 355 /* only valid for station (aka, client) mode */ 356 if (ic->ic_opmode != IEEE80211_M_STA) 357 return (0); 358 359 /* Don't save an empty nwid */ 360 if (join->i_len == 0) 361 return (0); 362 363 TAILQ_FOREACH(ess, &ic->ic_ess, ess_next) { 364 if (ess->esslen == join->i_len && 365 memcmp(ess->essid, join->i_nwid, ess->esslen) == 0) 366 break; 367 ness++; 368 } 369 370 if (ess == NULL) { 371 /* if not found, and wpa/wep are set, then return */ 372 if ((join->i_flags & IEEE80211_JOIN_WPA) && 373 (join->i_flags & IEEE80211_JOIN_NWKEY)) { 374 return (EINVAL); 375 } 376 if (ness > IEEE80211_CACHE_SIZE) 377 return (ERANGE); 378 new = 1; 379 ess = malloc(sizeof(*ess), M_DEVBUF, M_NOWAIT|M_ZERO); 380 if (ess == NULL) 381 return (ENOMEM); 382 memcpy(ess->essid, join->i_nwid, join->i_len); 383 ess->esslen = join->i_len; 384 } 385 386 if (join->i_flags & IEEE80211_JOIN_WPA) { 387 if (join->i_wpaparams.i_enabled) { 388 if (!(ic->ic_caps & IEEE80211_C_RSN)) { 389 free(ess, M_DEVBUF, sizeof(*ess)); 390 return ENODEV; 391 } 392 ieee80211_ess_setwpaparms(ess, 393 &join->i_wpaparams); 394 if (join->i_flags & IEEE80211_JOIN_WPAPSK) { 395 ess->flags |= IEEE80211_F_PSK; 396 explicit_bzero(ess->psk, sizeof(ess->psk)); 397 memcpy(ess->psk, &join->i_wpapsk.i_psk, 398 sizeof(ess->psk)); 399 } 400 ieee80211_ess_clear_wep(ess); 401 } else { 402 ieee80211_ess_clear_wpa(ess); 403 } 404 } else if (join->i_flags & IEEE80211_JOIN_NWKEY) { 405 if (join->i_nwkey.i_wepon) { 406 if (!(ic->ic_caps & IEEE80211_C_WEP)) { 407 free(ess, M_DEVBUF, sizeof(*ess)); 408 return ENODEV; 409 } 410 ieee80211_ess_setnwkeys(ess, &join->i_nwkey); 411 ieee80211_ess_clear_wpa(ess); 412 } else { 413 ieee80211_ess_clear_wep(ess); 414 } 415 } 416 417 if (new) 418 TAILQ_INSERT_TAIL(&ic->ic_ess, ess, ess_next); 419 420 return (0); 421 } 422 423 uint8_t 424 ieee80211_ess_adjust_rssi(struct ieee80211com *ic, struct ieee80211_node *ni) 425 { 426 uint8_t rssi = ni->ni_rssi; 427 428 /* 429 * Slightly punish 2 GHz RSSI values since they are usually 430 * stronger than 5 GHz RSSI values. 431 */ 432 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) { 433 if (ic->ic_max_rssi) { 434 uint8_t p = (5 * ic->ic_max_rssi) / 100; 435 if (rssi >= p) 436 rssi -= p; /* punish by 5% */ 437 } else { 438 if (rssi >= 8) 439 rssi -= 8; /* punish by 8 dBm */ 440 } 441 } 442 443 return rssi; 444 } 445 446 int 447 ieee80211_ess_calculate_score(struct ieee80211com *ic, 448 struct ieee80211_node *ni) 449 { 450 int score = 0; 451 uint8_t min_5ghz_rssi; 452 453 if (ic->ic_max_rssi) 454 min_5ghz_rssi = IEEE80211_RSSI_THRES_RATIO_5GHZ; 455 else 456 min_5ghz_rssi = (uint8_t)IEEE80211_RSSI_THRES_5GHZ; 457 458 /* Calculate the crypto score */ 459 if (ni->ni_rsnprotos & IEEE80211_PROTO_RSN) 460 score += 16; 461 if (ni->ni_rsnprotos & IEEE80211_PROTO_WPA) 462 score += 8; 463 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 464 score += 4; 465 466 /* 5GHz with a good signal */ 467 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) && 468 ni->ni_rssi > min_5ghz_rssi) 469 score += 2; 470 471 return score; 472 } 473 474 /* 475 * Given two APs, determine the "better" one of the two. 476 * We compute a score based on the following attributes: 477 * 478 * crypto: wpa2 > wpa1 > wep > open 479 * band: 5 GHz > 2 GHz provided 5 GHz rssi is above threshold 480 * rssi: rssi1 > rssi2 as a numeric comparison with a slight 481 * disadvantage for 2 GHz APs 482 * 483 * Crypto carries most weight, followed by band, followed by rssi. 484 */ 485 int 486 ieee80211_ess_is_better(struct ieee80211com *ic, 487 struct ieee80211_node *nicur, struct ieee80211_node *nican) 488 { 489 struct ifnet *ifp = &ic->ic_if; 490 int score_cur = 0, score_can = 0; 491 int cur_rssi, can_rssi; 492 493 score_cur = ieee80211_ess_calculate_score(ic, nicur); 494 score_can = ieee80211_ess_calculate_score(ic, nican); 495 496 cur_rssi = ieee80211_ess_adjust_rssi(ic, nicur); 497 can_rssi = ieee80211_ess_adjust_rssi(ic, nican); 498 499 if (can_rssi > cur_rssi) 500 score_can++; 501 502 if ((ifp->if_flags & IFF_DEBUG) && (score_can <= score_cur)) { 503 printf("%s: AP %s ", ifp->if_xname, 504 ether_sprintf(nican->ni_bssid)); 505 ieee80211_print_essid(nican->ni_essid, nican->ni_esslen); 506 printf(" score %d\n", score_can); 507 } 508 509 return score_can > score_cur; 510 } 511 512 /* Determine whether a candidate AP belongs to a given ESS. */ 513 int 514 ieee80211_match_ess(struct ieee80211_ess *ess, struct ieee80211_node *ni) 515 { 516 if (ess->esslen != ni->ni_esslen) 517 return 0; 518 if (memcmp(ess->essid, ni->ni_essid, ess->esslen) != 0) 519 return 0; 520 521 if (ess->flags & (IEEE80211_F_PSK | IEEE80211_F_RSNON)) { 522 /* Ensure same WPA version. */ 523 if ((ni->ni_rsnprotos & IEEE80211_PROTO_RSN) && 524 (ess->rsnprotos & IEEE80211_PROTO_RSN) == 0) 525 return 0; 526 if ((ni->ni_rsnprotos & IEEE80211_PROTO_WPA) && 527 (ess->rsnprotos & IEEE80211_PROTO_WPA) == 0) 528 return 0; 529 } else if (ess->flags & IEEE80211_F_WEPON) { 530 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 531 return 0; 532 } else { 533 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) != 0) 534 return 0; 535 } 536 537 return 1; 538 } 539 540 void 541 ieee80211_switch_ess(struct ieee80211com *ic) 542 { 543 struct ifnet *ifp = &ic->ic_if; 544 struct ieee80211_ess *ess, *seless = NULL; 545 struct ieee80211_node *ni, *selni = NULL; 546 547 if (!ISSET(ifp->if_flags, IFF_RUNNING)) 548 return; 549 550 /* Find the best AP matching an entry on our ESS join list. */ 551 RBT_FOREACH(ni, ieee80211_tree, &ic->ic_tree) { 552 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 553 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 554 continue; 555 556 TAILQ_FOREACH(ess, &ic->ic_ess, ess_next) { 557 if (ieee80211_match_ess(ess, ni)) 558 break; 559 } 560 if (ess == NULL) 561 continue; 562 563 /* 564 * Operate only on ic_des_essid if auto-join is disabled. 565 * We might have a password stored for this network. 566 */ 567 if (!ISSET(ic->ic_flags, IEEE80211_F_AUTO_JOIN)) { 568 if (ic->ic_des_esslen == ni->ni_esslen && 569 memcmp(ic->ic_des_essid, ni->ni_essid, 570 ni->ni_esslen) == 0) { 571 ieee80211_set_ess(ic, ess, ni); 572 return; 573 } 574 continue; 575 } 576 577 if (selni == NULL) { 578 seless = ess; 579 selni = ni; 580 continue; 581 } 582 583 if (ieee80211_ess_is_better(ic, selni, ni)) { 584 seless = ess; 585 selni = ni; 586 } 587 } 588 589 if (selni && seless && !(selni->ni_esslen == ic->ic_des_esslen && 590 (memcmp(ic->ic_des_essid, selni->ni_essid, 591 IEEE80211_NWID_LEN) == 0))) { 592 if (ifp->if_flags & IFF_DEBUG) { 593 printf("%s: best AP %s ", ifp->if_xname, 594 ether_sprintf(selni->ni_bssid)); 595 ieee80211_print_essid(selni->ni_essid, 596 selni->ni_esslen); 597 printf(" score %d\n", 598 ieee80211_ess_calculate_score(ic, selni)); 599 printf("%s: switching to network ", ifp->if_xname); 600 ieee80211_print_essid(selni->ni_essid, 601 selni->ni_esslen); 602 printf("\n"); 603 604 } 605 ieee80211_set_ess(ic, seless, selni); 606 } 607 } 608 609 void 610 ieee80211_set_ess(struct ieee80211com *ic, struct ieee80211_ess *ess, 611 struct ieee80211_node *ni) 612 { 613 memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN); 614 ic->ic_des_esslen = ni->ni_esslen; 615 memcpy(ic->ic_des_essid, ni->ni_essid, ic->ic_des_esslen); 616 617 ieee80211_disable_wep(ic); 618 ieee80211_disable_rsn(ic); 619 620 if (ess->flags & IEEE80211_F_RSNON) { 621 explicit_bzero(ic->ic_psk, sizeof(ic->ic_psk)); 622 memcpy(ic->ic_psk, ess->psk, sizeof(ic->ic_psk)); 623 624 ic->ic_rsnprotos = ess->rsnprotos; 625 ic->ic_rsnakms = ess->rsnakms; 626 ic->ic_rsngroupcipher = ess->rsngroupcipher; 627 ic->ic_rsnciphers = ess->rsnciphers; 628 ic->ic_flags |= IEEE80211_F_RSNON; 629 if (ess->flags & IEEE80211_F_PSK) 630 ic->ic_flags |= IEEE80211_F_PSK; 631 } else if (ess->flags & IEEE80211_F_WEPON) { 632 struct ieee80211_key *k; 633 int i; 634 635 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 636 k = &ic->ic_nw_keys[i]; 637 if (k->k_cipher != IEEE80211_CIPHER_NONE) 638 (*ic->ic_delete_key)(ic, NULL, k); 639 memcpy(&ic->ic_nw_keys[i], &ess->nw_keys[i], 640 sizeof(struct ieee80211_key)); 641 (*ic->ic_set_key)(ic, NULL, k); 642 } 643 ic->ic_def_txkey = ess->def_txkey; 644 ic->ic_flags |= IEEE80211_F_WEPON; 645 } 646 } 647 648 void 649 ieee80211_node_attach(struct ifnet *ifp) 650 { 651 struct ieee80211com *ic = (void *)ifp; 652 #ifndef IEEE80211_STA_ONLY 653 int size; 654 #endif 655 656 RBT_INIT(ieee80211_tree, &ic->ic_tree); 657 ic->ic_node_alloc = ieee80211_node_alloc; 658 ic->ic_node_free = ieee80211_node_free; 659 ic->ic_node_copy = ieee80211_node_copy; 660 ic->ic_node_getrssi = ieee80211_node_getrssi; 661 ic->ic_node_checkrssi = ieee80211_node_checkrssi; 662 ic->ic_scangen = 1; 663 ic->ic_max_nnodes = ieee80211_cache_size; 664 665 if (ic->ic_max_aid == 0) 666 ic->ic_max_aid = IEEE80211_AID_DEF; 667 else if (ic->ic_max_aid > IEEE80211_AID_MAX) 668 ic->ic_max_aid = IEEE80211_AID_MAX; 669 #ifndef IEEE80211_STA_ONLY 670 size = howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t); 671 ic->ic_aid_bitmap = malloc(size, M_DEVBUF, M_NOWAIT | M_ZERO); 672 if (ic->ic_aid_bitmap == NULL) { 673 /* XXX no way to recover */ 674 printf("%s: no memory for AID bitmap!\n", __func__); 675 ic->ic_max_aid = 0; 676 } 677 if (ic->ic_caps & (IEEE80211_C_HOSTAP | IEEE80211_C_IBSS)) { 678 ic->ic_tim_len = howmany(ic->ic_max_aid, 8); 679 ic->ic_tim_bitmap = malloc(ic->ic_tim_len, M_DEVBUF, 680 M_NOWAIT | M_ZERO); 681 if (ic->ic_tim_bitmap == NULL) { 682 printf("%s: no memory for TIM bitmap!\n", __func__); 683 ic->ic_tim_len = 0; 684 } else 685 ic->ic_set_tim = ieee80211_set_tim; 686 timeout_set(&ic->ic_rsn_timeout, 687 ieee80211_gtk_rekey_timeout, ic); 688 timeout_set(&ic->ic_inact_timeout, 689 ieee80211_inact_timeout, ic); 690 timeout_set(&ic->ic_node_cache_timeout, 691 ieee80211_node_cache_timeout, ic); 692 } 693 #endif 694 TAILQ_INIT(&ic->ic_ess); 695 } 696 697 struct ieee80211_node * 698 ieee80211_alloc_node_helper(struct ieee80211com *ic) 699 { 700 struct ieee80211_node *ni; 701 if (ic->ic_nnodes >= ic->ic_max_nnodes) 702 ieee80211_clean_nodes(ic, 0); 703 if (ic->ic_nnodes >= ic->ic_max_nnodes) 704 return NULL; 705 ni = (*ic->ic_node_alloc)(ic); 706 return ni; 707 } 708 709 void 710 ieee80211_node_lateattach(struct ifnet *ifp) 711 { 712 struct ieee80211com *ic = (void *)ifp; 713 struct ieee80211_node *ni; 714 715 ni = ieee80211_alloc_node_helper(ic); 716 if (ni == NULL) 717 panic("unable to setup inital BSS node"); 718 ni->ni_chan = IEEE80211_CHAN_ANYC; 719 ic->ic_bss = ieee80211_ref_node(ni); 720 ic->ic_txpower = IEEE80211_TXPOWER_MAX; 721 #ifndef IEEE80211_STA_ONLY 722 mq_init(&ni->ni_savedq, IEEE80211_PS_MAX_QUEUE, IPL_NET); 723 #endif 724 } 725 726 void 727 ieee80211_node_detach(struct ifnet *ifp) 728 { 729 struct ieee80211com *ic = (void *)ifp; 730 731 if (ic->ic_bss != NULL) { 732 (*ic->ic_node_free)(ic, ic->ic_bss); 733 ic->ic_bss = NULL; 734 } 735 ieee80211_del_ess(ic, NULL, 1); 736 ieee80211_free_allnodes(ic, 1); 737 #ifndef IEEE80211_STA_ONLY 738 free(ic->ic_aid_bitmap, M_DEVBUF, 739 howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t)); 740 free(ic->ic_tim_bitmap, M_DEVBUF, ic->ic_tim_len); 741 timeout_del(&ic->ic_inact_timeout); 742 timeout_del(&ic->ic_node_cache_timeout); 743 timeout_del(&ic->ic_tkip_micfail_timeout); 744 #endif 745 timeout_del(&ic->ic_rsn_timeout); 746 } 747 748 /* 749 * AP scanning support. 750 */ 751 752 /* 753 * Initialize the active channel set based on the set 754 * of available channels and the current PHY mode. 755 */ 756 void 757 ieee80211_reset_scan(struct ifnet *ifp) 758 { 759 struct ieee80211com *ic = (void *)ifp; 760 761 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 762 sizeof(ic->ic_chan_active)); 763 /* NB: hack, setup so next_scan starts with the first channel */ 764 if (ic->ic_bss != NULL && ic->ic_bss->ni_chan == IEEE80211_CHAN_ANYC) 765 ic->ic_bss->ni_chan = &ic->ic_channels[IEEE80211_CHAN_MAX]; 766 } 767 768 /* 769 * Begin an active scan. 770 */ 771 void 772 ieee80211_begin_scan(struct ifnet *ifp) 773 { 774 struct ieee80211com *ic = (void *)ifp; 775 776 /* 777 * In all but hostap mode scanning starts off in 778 * an active mode before switching to passive. 779 */ 780 #ifndef IEEE80211_STA_ONLY 781 if (ic->ic_opmode != IEEE80211_M_HOSTAP) 782 #endif 783 { 784 ic->ic_flags |= IEEE80211_F_ASCAN; 785 ic->ic_stats.is_scan_active++; 786 } 787 #ifndef IEEE80211_STA_ONLY 788 else 789 ic->ic_stats.is_scan_passive++; 790 #endif 791 if (ifp->if_flags & IFF_DEBUG) 792 printf("%s: begin %s scan\n", ifp->if_xname, 793 (ic->ic_flags & IEEE80211_F_ASCAN) ? 794 "active" : "passive"); 795 796 /* 797 * Flush any previously seen AP's. Note that the latter 798 * assumes we don't act as both an AP and a station, 799 * otherwise we'll potentially flush state of stations 800 * associated with us. 801 */ 802 ieee80211_free_allnodes(ic, 1); 803 804 /* 805 * Reset the current mode. Setting the current mode will also 806 * reset scan state. 807 */ 808 if (IFM_MODE(ic->ic_media.ifm_cur->ifm_media) == IFM_AUTO || 809 (ic->ic_caps & IEEE80211_C_SCANALLBAND)) 810 ic->ic_curmode = IEEE80211_MODE_AUTO; 811 ieee80211_setmode(ic, ic->ic_curmode); 812 813 ic->ic_scan_count = 0; 814 815 /* Scan the next channel. */ 816 ieee80211_next_scan(ifp); 817 } 818 819 /* 820 * Switch to the next channel marked for scanning. 821 */ 822 void 823 ieee80211_next_scan(struct ifnet *ifp) 824 { 825 struct ieee80211com *ic = (void *)ifp; 826 struct ieee80211_channel *chan; 827 828 chan = ic->ic_bss->ni_chan; 829 for (;;) { 830 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 831 chan = &ic->ic_channels[0]; 832 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 833 /* 834 * Ignore channels marked passive-only 835 * during an active scan. 836 */ 837 if ((ic->ic_flags & IEEE80211_F_ASCAN) == 0 || 838 (chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0) 839 break; 840 } 841 if (chan == ic->ic_bss->ni_chan) { 842 ieee80211_end_scan(ifp); 843 return; 844 } 845 } 846 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 847 DPRINTF(("chan %d->%d\n", 848 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan), 849 ieee80211_chan2ieee(ic, chan))); 850 ic->ic_bss->ni_chan = chan; 851 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 852 } 853 854 #ifndef IEEE80211_STA_ONLY 855 void 856 ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 857 { 858 struct ieee80211_node *ni; 859 struct ifnet *ifp = &ic->ic_if; 860 861 ni = ic->ic_bss; 862 if (ifp->if_flags & IFF_DEBUG) 863 printf("%s: creating ibss\n", ifp->if_xname); 864 ic->ic_flags |= IEEE80211_F_SIBSS; 865 ni->ni_chan = chan; 866 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 867 ni->ni_txrate = 0; 868 IEEE80211_ADDR_COPY(ni->ni_macaddr, ic->ic_myaddr); 869 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 870 if (ic->ic_opmode == IEEE80211_M_IBSS) { 871 if ((ic->ic_flags & IEEE80211_F_DESBSSID) != 0) 872 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 873 else 874 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 875 } 876 ni->ni_esslen = ic->ic_des_esslen; 877 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 878 ni->ni_rssi = 0; 879 ni->ni_rstamp = 0; 880 memset(ni->ni_tstamp, 0, sizeof(ni->ni_tstamp)); 881 ni->ni_intval = ic->ic_lintval; 882 ni->ni_capinfo = IEEE80211_CAPINFO_IBSS; 883 if (ic->ic_flags & IEEE80211_F_WEPON) 884 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 885 if (ic->ic_flags & IEEE80211_F_HTON) { 886 const struct ieee80211_edca_ac_params *ac_qap; 887 struct ieee80211_edca_ac_params *ac; 888 int aci; 889 890 /* 891 * Default to non-member HT protection. This will be updated 892 * later based on the number of non-HT nodes in the node cache. 893 */ 894 ni->ni_htop1 = IEEE80211_HTPROT_NONMEMBER; 895 ic->ic_protmode = IEEE80211_PROT_RTSCTS; 896 897 /* Configure QoS EDCA parameters. */ 898 for (aci = 0; aci < EDCA_NUM_AC; aci++) { 899 ac = &ic->ic_edca_ac[aci]; 900 ac_qap = &ieee80211_qap_edca_table[ic->ic_curmode][aci]; 901 ac->ac_acm = ac_qap->ac_acm; 902 ac->ac_aifsn = ac_qap->ac_aifsn; 903 ac->ac_ecwmin = ac_qap->ac_ecwmin; 904 ac->ac_ecwmax = ac_qap->ac_ecwmax; 905 ac->ac_txoplimit = ac_qap->ac_txoplimit; 906 } 907 if (ic->ic_updateedca) 908 (*ic->ic_updateedca)(ic); 909 } 910 if (ic->ic_flags & IEEE80211_F_RSNON) { 911 struct ieee80211_key *k; 912 913 /* initialize 256-bit global key counter to a random value */ 914 arc4random_buf(ic->ic_globalcnt, EAPOL_KEY_NONCE_LEN); 915 916 ni->ni_rsnprotos = ic->ic_rsnprotos; 917 ni->ni_rsnakms = ic->ic_rsnakms; 918 ni->ni_rsnciphers = ic->ic_rsnciphers; 919 ni->ni_rsngroupcipher = ic->ic_rsngroupcipher; 920 ni->ni_rsngroupmgmtcipher = ic->ic_rsngroupmgmtcipher; 921 ni->ni_rsncaps = 0; 922 if (ic->ic_caps & IEEE80211_C_MFP) { 923 ni->ni_rsncaps |= IEEE80211_RSNCAP_MFPC; 924 if (ic->ic_flags & IEEE80211_F_MFPR) 925 ni->ni_rsncaps |= IEEE80211_RSNCAP_MFPR; 926 } 927 928 ic->ic_def_txkey = 1; 929 ic->ic_flags &= ~IEEE80211_F_COUNTERM; 930 k = &ic->ic_nw_keys[ic->ic_def_txkey]; 931 memset(k, 0, sizeof(*k)); 932 k->k_id = ic->ic_def_txkey; 933 k->k_cipher = ni->ni_rsngroupcipher; 934 k->k_flags = IEEE80211_KEY_GROUP | IEEE80211_KEY_TX; 935 k->k_len = ieee80211_cipher_keylen(k->k_cipher); 936 arc4random_buf(k->k_key, k->k_len); 937 (*ic->ic_set_key)(ic, ni, k); /* XXX */ 938 939 if (ic->ic_caps & IEEE80211_C_MFP) { 940 ic->ic_igtk_kid = 4; 941 k = &ic->ic_nw_keys[ic->ic_igtk_kid]; 942 memset(k, 0, sizeof(*k)); 943 k->k_id = ic->ic_igtk_kid; 944 k->k_cipher = ni->ni_rsngroupmgmtcipher; 945 k->k_flags = IEEE80211_KEY_IGTK | IEEE80211_KEY_TX; 946 k->k_len = 16; 947 arc4random_buf(k->k_key, k->k_len); 948 (*ic->ic_set_key)(ic, ni, k); /* XXX */ 949 } 950 /* 951 * In HostAP mode, multicast traffic is sent using ic_bss 952 * as the Tx node, so mark our node as valid so we can send 953 * multicast frames using the group key we've just configured. 954 */ 955 ni->ni_port_valid = 1; 956 ni->ni_flags |= IEEE80211_NODE_TXPROT; 957 958 /* schedule a GTK/IGTK rekeying after 3600s */ 959 timeout_add_sec(&ic->ic_rsn_timeout, 3600); 960 } 961 timeout_add_sec(&ic->ic_inact_timeout, IEEE80211_INACT_WAIT); 962 timeout_add_sec(&ic->ic_node_cache_timeout, IEEE80211_CACHE_WAIT); 963 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 964 } 965 #endif /* IEEE80211_STA_ONLY */ 966 967 int 968 ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 969 { 970 u_int8_t rate; 971 int fail; 972 973 fail = 0; 974 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 975 fail |= 0x01; 976 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 977 ni->ni_chan != ic->ic_des_chan) 978 fail |= 0x01; 979 #ifndef IEEE80211_STA_ONLY 980 if (ic->ic_opmode == IEEE80211_M_IBSS) { 981 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 982 fail |= 0x02; 983 } else 984 #endif 985 { 986 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 987 fail |= 0x02; 988 } 989 if (ic->ic_flags & (IEEE80211_F_WEPON | IEEE80211_F_RSNON)) { 990 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 991 fail |= 0x04; 992 } else { 993 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 994 fail |= 0x04; 995 } 996 997 rate = ieee80211_fix_rate(ic, ni, IEEE80211_F_DONEGO); 998 if (rate & IEEE80211_RATE_BASIC) 999 fail |= 0x08; 1000 if (ic->ic_des_esslen != 0 && 1001 (ni->ni_esslen != ic->ic_des_esslen || 1002 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 1003 fail |= 0x10; 1004 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 1005 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 1006 fail |= 0x20; 1007 1008 if (ic->ic_flags & IEEE80211_F_RSNON) { 1009 /* 1010 * If at least one RSN IE field from the AP's RSN IE fails 1011 * to overlap with any value the STA supports, the STA shall 1012 * decline to associate with that AP. 1013 */ 1014 if ((ni->ni_rsnprotos & ic->ic_rsnprotos) == 0) 1015 fail |= 0x40; 1016 if ((ni->ni_rsnakms & ic->ic_rsnakms) == 0) 1017 fail |= 0x40; 1018 if ((ni->ni_rsnakms & ic->ic_rsnakms & 1019 ~(IEEE80211_AKM_PSK | IEEE80211_AKM_SHA256_PSK)) == 0) { 1020 /* AP only supports PSK AKMPs */ 1021 if (!(ic->ic_flags & IEEE80211_F_PSK)) 1022 fail |= 0x40; 1023 } 1024 if (ni->ni_rsngroupcipher != IEEE80211_CIPHER_WEP40 && 1025 ni->ni_rsngroupcipher != IEEE80211_CIPHER_TKIP && 1026 ni->ni_rsngroupcipher != IEEE80211_CIPHER_CCMP && 1027 ni->ni_rsngroupcipher != IEEE80211_CIPHER_WEP104) 1028 fail |= 0x40; 1029 if ((ni->ni_rsnciphers & ic->ic_rsnciphers) == 0) 1030 fail |= 0x40; 1031 1032 /* we only support BIP as the IGTK cipher */ 1033 if ((ni->ni_rsncaps & IEEE80211_RSNCAP_MFPC) && 1034 ni->ni_rsngroupmgmtcipher != IEEE80211_CIPHER_BIP) 1035 fail |= 0x40; 1036 1037 /* we do not support MFP but AP requires it */ 1038 if (!(ic->ic_caps & IEEE80211_C_MFP) && 1039 (ni->ni_rsncaps & IEEE80211_RSNCAP_MFPR)) 1040 fail |= 0x40; 1041 1042 /* we require MFP but AP does not support it */ 1043 if ((ic->ic_caps & IEEE80211_C_MFP) && 1044 (ic->ic_flags & IEEE80211_F_MFPR) && 1045 !(ni->ni_rsncaps & IEEE80211_RSNCAP_MFPC)) 1046 fail |= 0x40; 1047 } 1048 1049 if (ic->ic_if.if_flags & IFF_DEBUG) { 1050 printf(" %c %s%c", fail ? '-' : '+', 1051 ether_sprintf(ni->ni_bssid), 1052 fail & 0x20 ? '!' : ' '); 1053 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 1054 fail & 0x01 ? '!' : ' '); 1055 printf(" %+4d", ni->ni_rssi); 1056 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 1057 fail & 0x08 ? '!' : ' '); 1058 printf(" %4s%c", 1059 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 1060 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 1061 "????", 1062 fail & 0x02 ? '!' : ' '); 1063 printf(" %7s%c ", 1064 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 1065 "privacy" : "no", 1066 fail & 0x04 ? '!' : ' '); 1067 printf(" %3s%c ", 1068 (ic->ic_flags & IEEE80211_F_RSNON) ? 1069 "rsn" : "no", 1070 fail & 0x40 ? '!' : ' '); 1071 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 1072 printf("%s\n", fail & 0x10 ? "!" : ""); 1073 } 1074 1075 return fail; 1076 } 1077 1078 struct ieee80211_node_switch_bss_arg { 1079 u_int8_t cur_macaddr[IEEE80211_ADDR_LEN]; 1080 u_int8_t sel_macaddr[IEEE80211_ADDR_LEN]; 1081 }; 1082 1083 /* Implements ni->ni_unref_cb(). */ 1084 void 1085 ieee80211_node_switch_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 1086 { 1087 struct ifnet *ifp = &ic->ic_if; 1088 struct ieee80211_node_switch_bss_arg *sba = ni->ni_unref_arg; 1089 struct ieee80211_node *curbs, *selbs; 1090 1091 splassert(IPL_NET); 1092 1093 if ((ic->ic_flags & IEEE80211_F_BGSCAN) == 0) { 1094 free(sba, M_DEVBUF, sizeof(*sba)); 1095 return; 1096 } 1097 1098 ic->ic_xflags &= ~IEEE80211_F_TX_MGMT_ONLY; 1099 1100 selbs = ieee80211_find_node(ic, sba->sel_macaddr); 1101 if (selbs == NULL) { 1102 free(sba, M_DEVBUF, sizeof(*sba)); 1103 ic->ic_flags &= ~IEEE80211_F_BGSCAN; 1104 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1105 return; 1106 } 1107 1108 curbs = ieee80211_find_node(ic, sba->cur_macaddr); 1109 if (curbs == NULL) { 1110 free(sba, M_DEVBUF, sizeof(*sba)); 1111 ic->ic_flags &= ~IEEE80211_F_BGSCAN; 1112 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1113 return; 1114 } 1115 1116 if (ifp->if_flags & IFF_DEBUG) { 1117 printf("%s: roaming from %s chan %d ", 1118 ifp->if_xname, ether_sprintf(curbs->ni_macaddr), 1119 ieee80211_chan2ieee(ic, curbs->ni_chan)); 1120 printf("to %s chan %d\n", ether_sprintf(selbs->ni_macaddr), 1121 ieee80211_chan2ieee(ic, selbs->ni_chan)); 1122 } 1123 ieee80211_node_newstate(curbs, IEEE80211_STA_CACHE); 1124 ieee80211_node_join_bss(ic, selbs); /* frees arg and ic->ic_bss */ 1125 } 1126 1127 void 1128 ieee80211_node_join_bss(struct ieee80211com *ic, struct ieee80211_node *selbs) 1129 { 1130 enum ieee80211_phymode mode; 1131 struct ieee80211_node *ni; 1132 1133 /* Reinitialize media mode and channels if needed. */ 1134 mode = ieee80211_chan2mode(ic, selbs->ni_chan); 1135 if (mode != ic->ic_curmode) 1136 ieee80211_setmode(ic, mode); 1137 1138 (*ic->ic_node_copy)(ic, ic->ic_bss, selbs); 1139 ni = ic->ic_bss; 1140 1141 ic->ic_curmode = ieee80211_chan2mode(ic, ni->ni_chan); 1142 1143 /* Make sure we send valid rates in an association request. */ 1144 if (ic->ic_opmode == IEEE80211_M_STA) 1145 ieee80211_fix_rate(ic, ni, 1146 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE | 1147 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1148 1149 if (ic->ic_flags & IEEE80211_F_RSNON) 1150 ieee80211_choose_rsnparams(ic); 1151 else if (ic->ic_flags & IEEE80211_F_WEPON) 1152 ni->ni_rsncipher = IEEE80211_CIPHER_USEGROUP; 1153 1154 ieee80211_node_newstate(selbs, IEEE80211_STA_BSS); 1155 #ifndef IEEE80211_STA_ONLY 1156 if (ic->ic_opmode == IEEE80211_M_IBSS) { 1157 ieee80211_fix_rate(ic, ni, IEEE80211_F_DOFRATE | 1158 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 1159 if (ni->ni_rates.rs_nrates == 0) { 1160 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1161 return; 1162 } 1163 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1164 } else 1165 #endif 1166 { 1167 int bgscan = ((ic->ic_flags & IEEE80211_F_BGSCAN) && 1168 ic->ic_opmode == IEEE80211_M_STA && 1169 ic->ic_state == IEEE80211_S_RUN); 1170 int auth_next = (ic->ic_opmode == IEEE80211_M_STA && 1171 ic->ic_state == IEEE80211_S_AUTH); 1172 int mgt = -1; 1173 1174 timeout_del(&ic->ic_bgscan_timeout); 1175 ic->ic_flags &= ~IEEE80211_F_BGSCAN; 1176 1177 /* 1178 * After a background scan, we have now switched APs. 1179 * Pretend we were just de-authed, which makes 1180 * ieee80211_new_state() try to re-auth and thus send 1181 * an AUTH frame to our newly selected AP. 1182 */ 1183 if (bgscan) 1184 mgt = IEEE80211_FC0_SUBTYPE_DEAUTH; 1185 /* 1186 * If we are trying another AP after the previous one 1187 * failed (state transition AUTH->AUTH), ensure that 1188 * ieee80211_new_state() tries to send another auth frame. 1189 */ 1190 else if (auth_next) 1191 mgt = IEEE80211_FC0_SUBTYPE_AUTH; 1192 1193 ieee80211_new_state(ic, IEEE80211_S_AUTH, mgt); 1194 } 1195 } 1196 1197 struct ieee80211_node * 1198 ieee80211_node_choose_bss(struct ieee80211com *ic, int bgscan, 1199 struct ieee80211_node **curbs) 1200 { 1201 struct ieee80211_node *ni, *nextbs, *selbs = NULL, 1202 *selbs2 = NULL, *selbs5 = NULL; 1203 uint8_t min_5ghz_rssi; 1204 1205 ni = RBT_MIN(ieee80211_tree, &ic->ic_tree); 1206 1207 for (; ni != NULL; ni = nextbs) { 1208 nextbs = RBT_NEXT(ieee80211_tree, ni); 1209 if (ni->ni_fails) { 1210 /* 1211 * The configuration of the access points may change 1212 * during my scan. So delete the entry for the AP 1213 * and retry to associate if there is another beacon. 1214 */ 1215 if (ni->ni_fails++ > 2) 1216 ieee80211_free_node(ic, ni); 1217 continue; 1218 } 1219 1220 if (curbs && ieee80211_node_cmp(ic->ic_bss, ni) == 0) 1221 *curbs = ni; 1222 1223 if (ieee80211_match_bss(ic, ni) != 0) 1224 continue; 1225 1226 if (ic->ic_caps & IEEE80211_C_SCANALLBAND) { 1227 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan) && 1228 (selbs2 == NULL || ni->ni_rssi > selbs2->ni_rssi)) 1229 selbs2 = ni; 1230 else if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) && 1231 (selbs5 == NULL || ni->ni_rssi > selbs5->ni_rssi)) 1232 selbs5 = ni; 1233 } else if (selbs == NULL || ni->ni_rssi > selbs->ni_rssi) 1234 selbs = ni; 1235 } 1236 1237 if (ic->ic_max_rssi) 1238 min_5ghz_rssi = IEEE80211_RSSI_THRES_RATIO_5GHZ; 1239 else 1240 min_5ghz_rssi = (uint8_t)IEEE80211_RSSI_THRES_5GHZ; 1241 1242 /* 1243 * Prefer a 5Ghz AP even if its RSSI is weaker than the best 2Ghz AP 1244 * (as long as it meets the minimum RSSI threshold) since the 5Ghz band 1245 * is usually less saturated. 1246 */ 1247 if (selbs5 && selbs5->ni_rssi > min_5ghz_rssi) 1248 selbs = selbs5; 1249 else if (selbs5 && selbs2) 1250 selbs = (selbs5->ni_rssi >= selbs2->ni_rssi ? selbs5 : selbs2); 1251 else if (selbs2) 1252 selbs = selbs2; 1253 else if (selbs5) 1254 selbs = selbs5; 1255 1256 return selbs; 1257 } 1258 1259 /* 1260 * Complete a scan of potential channels. 1261 */ 1262 void 1263 ieee80211_end_scan(struct ifnet *ifp) 1264 { 1265 struct ieee80211com *ic = (void *)ifp; 1266 struct ieee80211_node *ni, *selbs = NULL, *curbs = NULL; 1267 int bgscan = ((ic->ic_flags & IEEE80211_F_BGSCAN) && 1268 ic->ic_opmode == IEEE80211_M_STA && 1269 ic->ic_state == IEEE80211_S_RUN); 1270 1271 if (ifp->if_flags & IFF_DEBUG) 1272 printf("%s: end %s scan\n", ifp->if_xname, 1273 bgscan ? "background" : 1274 ((ic->ic_flags & IEEE80211_F_ASCAN) ? 1275 "active" : "passive")); 1276 1277 if (ic->ic_scan_count) 1278 ic->ic_flags &= ~IEEE80211_F_ASCAN; 1279 1280 ni = RBT_MIN(ieee80211_tree, &ic->ic_tree); 1281 1282 #ifndef IEEE80211_STA_ONLY 1283 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 1284 /* XXX off stack? */ 1285 u_char occupied[howmany(IEEE80211_CHAN_MAX, NBBY)]; 1286 int i, fail; 1287 1288 /* 1289 * The passive scan to look for existing AP's completed, 1290 * select a channel to camp on. Identify the channels 1291 * that already have one or more AP's and try to locate 1292 * an unoccupied one. If that fails, pick a random 1293 * channel from the active set. 1294 */ 1295 memset(occupied, 0, sizeof(occupied)); 1296 RBT_FOREACH(ni, ieee80211_tree, &ic->ic_tree) 1297 setbit(occupied, ieee80211_chan2ieee(ic, ni->ni_chan)); 1298 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 1299 if (isset(ic->ic_chan_active, i) && isclr(occupied, i)) 1300 break; 1301 if (i == IEEE80211_CHAN_MAX) { 1302 fail = arc4random() & 3; /* random 0-3 */ 1303 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 1304 if (isset(ic->ic_chan_active, i) && fail-- == 0) 1305 break; 1306 } 1307 ieee80211_create_ibss(ic, &ic->ic_channels[i]); 1308 return; 1309 } 1310 #endif 1311 if (ni == NULL) { 1312 DPRINTF(("no scan candidate\n")); 1313 notfound: 1314 1315 #ifndef IEEE80211_STA_ONLY 1316 if (ic->ic_opmode == IEEE80211_M_IBSS && 1317 (ic->ic_flags & IEEE80211_F_IBSSON) && 1318 ic->ic_des_esslen != 0) { 1319 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 1320 return; 1321 } 1322 #endif 1323 /* 1324 * Scan the next mode if nothing has been found. This 1325 * is necessary if the device supports different 1326 * incompatible modes in the same channel range, like 1327 * like 11b and "pure" 11G mode. 1328 * If the device scans all bands in one fell swoop, return 1329 * current scan results to userspace regardless of mode. 1330 * This will loop forever except for user-initiated scans. 1331 */ 1332 if (ieee80211_next_mode(ifp) == IEEE80211_MODE_AUTO || 1333 (ic->ic_caps & IEEE80211_C_SCANALLBAND)) 1334 ic->ic_scan_count++; 1335 1336 /* 1337 * Reset the list of channels to scan and start again. 1338 */ 1339 ieee80211_next_scan(ifp); 1340 return; 1341 } 1342 1343 /* Possibly switch which ssid we are associated with */ 1344 if (!bgscan && ic->ic_opmode == IEEE80211_M_STA) 1345 ieee80211_switch_ess(ic); 1346 1347 selbs = ieee80211_node_choose_bss(ic, bgscan, &curbs); 1348 if (bgscan) { 1349 struct ieee80211_node_switch_bss_arg *arg; 1350 1351 /* AP disappeared? Should not happen. */ 1352 if (selbs == NULL || curbs == NULL) { 1353 ic->ic_flags &= ~IEEE80211_F_BGSCAN; 1354 goto notfound; 1355 } 1356 1357 /* 1358 * After a background scan we might end up choosing the 1359 * same AP again. Do not change ic->ic_bss in this case, 1360 * and make background scans less frequent. 1361 */ 1362 if (selbs == curbs) { 1363 if (ic->ic_bgscan_fail < IEEE80211_BGSCAN_FAIL_MAX) 1364 ic->ic_bgscan_fail++; 1365 ic->ic_flags &= ~IEEE80211_F_BGSCAN; 1366 return; 1367 } 1368 1369 arg = malloc(sizeof(*arg), M_DEVBUF, M_NOWAIT | M_ZERO); 1370 if (arg == NULL) { 1371 ic->ic_flags &= ~IEEE80211_F_BGSCAN; 1372 return; 1373 } 1374 1375 ic->ic_bgscan_fail = 0; 1376 1377 /* 1378 * We are going to switch APs. 1379 * Queue a de-auth frame addressed to our current AP. 1380 */ 1381 if (IEEE80211_SEND_MGMT(ic, ic->ic_bss, 1382 IEEE80211_FC0_SUBTYPE_DEAUTH, 1383 IEEE80211_REASON_AUTH_LEAVE) != 0) { 1384 ic->ic_flags &= ~IEEE80211_F_BGSCAN; 1385 free(arg, M_DEVBUF, sizeof(*arg)); 1386 return; 1387 } 1388 1389 /* Prevent dispatch of additional data frames to hardware. */ 1390 ic->ic_xflags |= IEEE80211_F_TX_MGMT_ONLY; 1391 1392 /* 1393 * Install a callback which will switch us to the new AP once 1394 * all dispatched frames have been processed by hardware. 1395 */ 1396 IEEE80211_ADDR_COPY(arg->cur_macaddr, curbs->ni_macaddr); 1397 IEEE80211_ADDR_COPY(arg->sel_macaddr, selbs->ni_macaddr); 1398 ic->ic_bss->ni_unref_arg = arg; 1399 ic->ic_bss->ni_unref_arg_size = sizeof(*arg); 1400 ic->ic_bss->ni_unref_cb = ieee80211_node_switch_bss; 1401 /* F_BGSCAN flag gets cleared in ieee80211_node_join_bss(). */ 1402 return; 1403 } else if (selbs == NULL) 1404 goto notfound; 1405 1406 ieee80211_node_join_bss(ic, selbs); 1407 } 1408 1409 /* 1410 * Autoselect the best RSN parameters (protocol, AKMP, pairwise cipher...) 1411 * that are supported by both peers (STA mode only). 1412 */ 1413 void 1414 ieee80211_choose_rsnparams(struct ieee80211com *ic) 1415 { 1416 struct ieee80211_node *ni = ic->ic_bss; 1417 struct ieee80211_pmk *pmk; 1418 1419 /* filter out unsupported protocol versions */ 1420 ni->ni_rsnprotos &= ic->ic_rsnprotos; 1421 /* prefer RSN (aka WPA2) over WPA */ 1422 if (ni->ni_rsnprotos & IEEE80211_PROTO_RSN) 1423 ni->ni_rsnprotos = IEEE80211_PROTO_RSN; 1424 else 1425 ni->ni_rsnprotos = IEEE80211_PROTO_WPA; 1426 1427 /* filter out unsupported AKMPs */ 1428 ni->ni_rsnakms &= ic->ic_rsnakms; 1429 /* prefer SHA-256 based AKMPs */ 1430 if ((ic->ic_flags & IEEE80211_F_PSK) && (ni->ni_rsnakms & 1431 (IEEE80211_AKM_PSK | IEEE80211_AKM_SHA256_PSK))) { 1432 /* AP supports PSK AKMP and a PSK is configured */ 1433 if (ni->ni_rsnakms & IEEE80211_AKM_SHA256_PSK) 1434 ni->ni_rsnakms = IEEE80211_AKM_SHA256_PSK; 1435 else 1436 ni->ni_rsnakms = IEEE80211_AKM_PSK; 1437 } else { 1438 if (ni->ni_rsnakms & IEEE80211_AKM_SHA256_8021X) 1439 ni->ni_rsnakms = IEEE80211_AKM_SHA256_8021X; 1440 else 1441 ni->ni_rsnakms = IEEE80211_AKM_8021X; 1442 /* check if we have a cached PMK for this AP */ 1443 if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN && 1444 (pmk = ieee80211_pmksa_find(ic, ni, NULL)) != NULL) { 1445 memcpy(ni->ni_pmkid, pmk->pmk_pmkid, 1446 IEEE80211_PMKID_LEN); 1447 ni->ni_flags |= IEEE80211_NODE_PMKID; 1448 } 1449 } 1450 1451 /* filter out unsupported pairwise ciphers */ 1452 ni->ni_rsnciphers &= ic->ic_rsnciphers; 1453 /* prefer CCMP over TKIP */ 1454 if (ni->ni_rsnciphers & IEEE80211_CIPHER_CCMP) 1455 ni->ni_rsnciphers = IEEE80211_CIPHER_CCMP; 1456 else 1457 ni->ni_rsnciphers = IEEE80211_CIPHER_TKIP; 1458 ni->ni_rsncipher = ni->ni_rsnciphers; 1459 1460 /* use MFP if we both support it */ 1461 if ((ic->ic_caps & IEEE80211_C_MFP) && 1462 (ni->ni_rsncaps & IEEE80211_RSNCAP_MFPC)) 1463 ni->ni_flags |= IEEE80211_NODE_MFP; 1464 } 1465 1466 int 1467 ieee80211_get_rate(struct ieee80211com *ic) 1468 { 1469 u_int8_t (*rates)[IEEE80211_RATE_MAXSIZE]; 1470 int rate; 1471 1472 rates = &ic->ic_bss->ni_rates.rs_rates; 1473 1474 if (ic->ic_fixed_rate != -1) 1475 rate = (*rates)[ic->ic_fixed_rate]; 1476 else if (ic->ic_state == IEEE80211_S_RUN) 1477 rate = (*rates)[ic->ic_bss->ni_txrate]; 1478 else 1479 rate = 0; 1480 1481 return rate & IEEE80211_RATE_VAL; 1482 } 1483 1484 struct ieee80211_node * 1485 ieee80211_node_alloc(struct ieee80211com *ic) 1486 { 1487 return malloc(sizeof(struct ieee80211_node), M_DEVBUF, 1488 M_NOWAIT | M_ZERO); 1489 } 1490 1491 void 1492 ieee80211_node_cleanup(struct ieee80211com *ic, struct ieee80211_node *ni) 1493 { 1494 if (ni->ni_rsnie != NULL) { 1495 free(ni->ni_rsnie, M_DEVBUF, 2 + ni->ni_rsnie[1]); 1496 ni->ni_rsnie = NULL; 1497 } 1498 ieee80211_ba_del(ni); 1499 free(ni->ni_unref_arg, M_DEVBUF, ni->ni_unref_arg_size); 1500 ni->ni_unref_arg = NULL; 1501 ni->ni_unref_arg_size = 0; 1502 } 1503 1504 void 1505 ieee80211_node_free(struct ieee80211com *ic, struct ieee80211_node *ni) 1506 { 1507 ieee80211_node_cleanup(ic, ni); 1508 free(ni, M_DEVBUF, 0); 1509 } 1510 1511 void 1512 ieee80211_node_copy(struct ieee80211com *ic, 1513 struct ieee80211_node *dst, const struct ieee80211_node *src) 1514 { 1515 ieee80211_node_cleanup(ic, dst); 1516 *dst = *src; 1517 dst->ni_rsnie = NULL; 1518 if (src->ni_rsnie != NULL) 1519 ieee80211_save_ie(src->ni_rsnie, &dst->ni_rsnie); 1520 } 1521 1522 u_int8_t 1523 ieee80211_node_getrssi(struct ieee80211com *ic, 1524 const struct ieee80211_node *ni) 1525 { 1526 return ni->ni_rssi; 1527 } 1528 1529 int 1530 ieee80211_node_checkrssi(struct ieee80211com *ic, 1531 const struct ieee80211_node *ni) 1532 { 1533 uint8_t thres; 1534 1535 if (ni->ni_chan == IEEE80211_CHAN_ANYC) 1536 return 0; 1537 1538 if (ic->ic_max_rssi) { 1539 thres = (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) ? 1540 IEEE80211_RSSI_THRES_RATIO_2GHZ : 1541 IEEE80211_RSSI_THRES_RATIO_5GHZ; 1542 return ((ni->ni_rssi * 100) / ic->ic_max_rssi >= thres); 1543 } 1544 1545 thres = (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) ? 1546 IEEE80211_RSSI_THRES_2GHZ : 1547 IEEE80211_RSSI_THRES_5GHZ; 1548 return (ni->ni_rssi >= (u_int8_t)thres); 1549 } 1550 1551 void 1552 ieee80211_setup_node(struct ieee80211com *ic, 1553 struct ieee80211_node *ni, const u_int8_t *macaddr) 1554 { 1555 int i, s; 1556 1557 DPRINTF(("%s\n", ether_sprintf((u_int8_t *)macaddr))); 1558 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1559 ieee80211_node_newstate(ni, IEEE80211_STA_CACHE); 1560 1561 ni->ni_ic = ic; /* back-pointer */ 1562 /* Initialize cached last sequence numbers with invalid values. */ 1563 ni->ni_rxseq = 0xffffU; 1564 for (i=0; i < IEEE80211_NUM_TID; ++i) 1565 ni->ni_qos_rxseqs[i] = 0xffffU; 1566 #ifndef IEEE80211_STA_ONLY 1567 mq_init(&ni->ni_savedq, IEEE80211_PS_MAX_QUEUE, IPL_NET); 1568 timeout_set(&ni->ni_eapol_to, ieee80211_eapol_timeout, ni); 1569 timeout_set(&ni->ni_sa_query_to, ieee80211_sa_query_timeout, ni); 1570 #endif 1571 s = splnet(); 1572 RBT_INSERT(ieee80211_tree, &ic->ic_tree, ni); 1573 ic->ic_nnodes++; 1574 splx(s); 1575 } 1576 1577 struct ieee80211_node * 1578 ieee80211_alloc_node(struct ieee80211com *ic, const u_int8_t *macaddr) 1579 { 1580 struct ieee80211_node *ni = ieee80211_alloc_node_helper(ic); 1581 if (ni != NULL) 1582 ieee80211_setup_node(ic, ni, macaddr); 1583 else 1584 ic->ic_stats.is_rx_nodealloc++; 1585 return ni; 1586 } 1587 1588 struct ieee80211_node * 1589 ieee80211_dup_bss(struct ieee80211com *ic, const u_int8_t *macaddr) 1590 { 1591 struct ieee80211_node *ni = ieee80211_alloc_node_helper(ic); 1592 if (ni != NULL) { 1593 ieee80211_setup_node(ic, ni, macaddr); 1594 /* 1595 * Inherit from ic_bss. 1596 */ 1597 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 1598 ni->ni_chan = ic->ic_bss->ni_chan; 1599 } else 1600 ic->ic_stats.is_rx_nodealloc++; 1601 return ni; 1602 } 1603 1604 struct ieee80211_node * 1605 ieee80211_find_node(struct ieee80211com *ic, const u_int8_t *macaddr) 1606 { 1607 struct ieee80211_node *ni; 1608 int cmp; 1609 1610 /* similar to RBT_FIND except we compare keys, not nodes */ 1611 ni = RBT_ROOT(ieee80211_tree, &ic->ic_tree); 1612 while (ni != NULL) { 1613 cmp = memcmp(macaddr, ni->ni_macaddr, IEEE80211_ADDR_LEN); 1614 if (cmp < 0) 1615 ni = RBT_LEFT(ieee80211_tree, ni); 1616 else if (cmp > 0) 1617 ni = RBT_RIGHT(ieee80211_tree, ni); 1618 else 1619 break; 1620 } 1621 return ni; 1622 } 1623 1624 /* 1625 * Return a reference to the appropriate node for sending 1626 * a data frame. This handles node discovery in adhoc networks. 1627 * 1628 * Drivers will call this, so increase the reference count before 1629 * returning the node. 1630 */ 1631 struct ieee80211_node * 1632 ieee80211_find_txnode(struct ieee80211com *ic, const u_int8_t *macaddr) 1633 { 1634 #ifndef IEEE80211_STA_ONLY 1635 struct ieee80211_node *ni; 1636 int s; 1637 #endif 1638 1639 /* 1640 * The destination address should be in the node table 1641 * unless we are operating in station mode or this is a 1642 * multicast/broadcast frame. 1643 */ 1644 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 1645 return ieee80211_ref_node(ic->ic_bss); 1646 1647 #ifndef IEEE80211_STA_ONLY 1648 s = splnet(); 1649 ni = ieee80211_find_node(ic, macaddr); 1650 splx(s); 1651 if (ni == NULL) { 1652 if (ic->ic_opmode != IEEE80211_M_IBSS && 1653 ic->ic_opmode != IEEE80211_M_AHDEMO) 1654 return NULL; 1655 1656 /* 1657 * Fake up a node; this handles node discovery in 1658 * adhoc mode. Note that for the driver's benefit 1659 * we we treat this like an association so the driver 1660 * has an opportunity to setup its private state. 1661 * 1662 * XXX need better way to handle this; issue probe 1663 * request so we can deduce rate set, etc. 1664 */ 1665 if ((ni = ieee80211_dup_bss(ic, macaddr)) == NULL) 1666 return NULL; 1667 /* XXX no rate negotiation; just dup */ 1668 ni->ni_rates = ic->ic_bss->ni_rates; 1669 ni->ni_txrate = 0; 1670 if (ic->ic_newassoc) 1671 (*ic->ic_newassoc)(ic, ni, 1); 1672 } 1673 return ieee80211_ref_node(ni); 1674 #else 1675 return NULL; /* can't get there */ 1676 #endif /* IEEE80211_STA_ONLY */ 1677 } 1678 1679 /* 1680 * It is usually desirable to process a Rx packet using its sender's 1681 * node-record instead of the BSS record. 1682 * 1683 * - AP mode: keep a node-record for every authenticated/associated 1684 * station *in the BSS*. For future use, we also track neighboring 1685 * APs, since they might belong to the same ESS. APs in the same 1686 * ESS may bridge packets to each other, forming a Wireless 1687 * Distribution System (WDS). 1688 * 1689 * - IBSS mode: keep a node-record for every station *in the BSS*. 1690 * Also track neighboring stations by their beacons/probe responses. 1691 * 1692 * - monitor mode: keep a node-record for every sender, regardless 1693 * of BSS. 1694 * 1695 * - STA mode: the only available node-record is the BSS record, 1696 * ic->ic_bss. 1697 * 1698 * Of all the 802.11 Control packets, only the node-records for 1699 * RTS packets node-record can be looked up. 1700 * 1701 * Return non-zero if the packet's node-record is kept, zero 1702 * otherwise. 1703 */ 1704 static __inline int 1705 ieee80211_needs_rxnode(struct ieee80211com *ic, 1706 const struct ieee80211_frame *wh, const u_int8_t **bssid) 1707 { 1708 int monitor, rc = 0; 1709 1710 monitor = (ic->ic_opmode == IEEE80211_M_MONITOR); 1711 1712 *bssid = NULL; 1713 1714 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 1715 case IEEE80211_FC0_TYPE_CTL: 1716 if (!monitor) 1717 break; 1718 return (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 1719 IEEE80211_FC0_SUBTYPE_RTS; 1720 case IEEE80211_FC0_TYPE_MGT: 1721 *bssid = wh->i_addr3; 1722 switch (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) { 1723 case IEEE80211_FC0_SUBTYPE_BEACON: 1724 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 1725 break; 1726 default: 1727 #ifndef IEEE80211_STA_ONLY 1728 if (ic->ic_opmode == IEEE80211_M_STA) 1729 break; 1730 rc = IEEE80211_ADDR_EQ(*bssid, ic->ic_bss->ni_bssid) || 1731 IEEE80211_ADDR_EQ(*bssid, etherbroadcastaddr); 1732 #endif 1733 break; 1734 } 1735 break; 1736 case IEEE80211_FC0_TYPE_DATA: 1737 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 1738 case IEEE80211_FC1_DIR_NODS: 1739 *bssid = wh->i_addr3; 1740 #ifndef IEEE80211_STA_ONLY 1741 if (ic->ic_opmode == IEEE80211_M_IBSS || 1742 ic->ic_opmode == IEEE80211_M_AHDEMO) 1743 rc = IEEE80211_ADDR_EQ(*bssid, 1744 ic->ic_bss->ni_bssid); 1745 #endif 1746 break; 1747 case IEEE80211_FC1_DIR_TODS: 1748 *bssid = wh->i_addr1; 1749 #ifndef IEEE80211_STA_ONLY 1750 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 1751 rc = IEEE80211_ADDR_EQ(*bssid, 1752 ic->ic_bss->ni_bssid); 1753 #endif 1754 break; 1755 case IEEE80211_FC1_DIR_FROMDS: 1756 case IEEE80211_FC1_DIR_DSTODS: 1757 *bssid = wh->i_addr2; 1758 #ifndef IEEE80211_STA_ONLY 1759 rc = (ic->ic_opmode == IEEE80211_M_HOSTAP); 1760 #endif 1761 break; 1762 } 1763 break; 1764 } 1765 return monitor || rc; 1766 } 1767 1768 /* 1769 * Drivers call this, so increase the reference count before returning 1770 * the node. 1771 */ 1772 struct ieee80211_node * 1773 ieee80211_find_rxnode(struct ieee80211com *ic, 1774 const struct ieee80211_frame *wh) 1775 { 1776 static const u_int8_t zero[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 1777 struct ieee80211_node *ni; 1778 const u_int8_t *bssid; 1779 int s; 1780 1781 if (!ieee80211_needs_rxnode(ic, wh, &bssid)) 1782 return ieee80211_ref_node(ic->ic_bss); 1783 1784 s = splnet(); 1785 ni = ieee80211_find_node(ic, wh->i_addr2); 1786 splx(s); 1787 1788 if (ni != NULL) 1789 return ieee80211_ref_node(ni); 1790 #ifndef IEEE80211_STA_ONLY 1791 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 1792 return ieee80211_ref_node(ic->ic_bss); 1793 #endif 1794 /* XXX see remarks in ieee80211_find_txnode */ 1795 /* XXX no rate negotiation; just dup */ 1796 if ((ni = ieee80211_dup_bss(ic, wh->i_addr2)) == NULL) 1797 return ieee80211_ref_node(ic->ic_bss); 1798 1799 IEEE80211_ADDR_COPY(ni->ni_bssid, (bssid != NULL) ? bssid : zero); 1800 1801 ni->ni_rates = ic->ic_bss->ni_rates; 1802 ni->ni_txrate = 0; 1803 if (ic->ic_newassoc) 1804 (*ic->ic_newassoc)(ic, ni, 1); 1805 1806 DPRINTF(("faked-up node %p for %s\n", ni, 1807 ether_sprintf((u_int8_t *)wh->i_addr2))); 1808 1809 return ieee80211_ref_node(ni); 1810 } 1811 1812 struct ieee80211_node * 1813 ieee80211_find_node_for_beacon(struct ieee80211com *ic, 1814 const u_int8_t *macaddr, const struct ieee80211_channel *chan, 1815 const char *ssid, u_int8_t rssi) 1816 { 1817 struct ieee80211_node *ni, *keep = NULL; 1818 int s, score = 0; 1819 1820 if ((ni = ieee80211_find_node(ic, macaddr)) != NULL) { 1821 s = splnet(); 1822 1823 if (ni->ni_chan != chan && ni->ni_rssi >= rssi) 1824 score++; 1825 if (ssid[1] == 0 && ni->ni_esslen != 0) 1826 score++; 1827 if (score > 0) 1828 keep = ni; 1829 1830 splx(s); 1831 } 1832 1833 return (keep); 1834 } 1835 1836 void 1837 ieee80211_ba_del(struct ieee80211_node *ni) 1838 { 1839 int tid; 1840 1841 for (tid = 0; tid < nitems(ni->ni_rx_ba); tid++) { 1842 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 1843 if (ba->ba_state != IEEE80211_BA_INIT) { 1844 if (timeout_pending(&ba->ba_to)) 1845 timeout_del(&ba->ba_to); 1846 if (timeout_pending(&ba->ba_gap_to)) 1847 timeout_del(&ba->ba_gap_to); 1848 ba->ba_state = IEEE80211_BA_INIT; 1849 } 1850 } 1851 1852 for (tid = 0; tid < nitems(ni->ni_tx_ba); tid++) { 1853 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1854 if (ba->ba_state != IEEE80211_BA_INIT) { 1855 if (timeout_pending(&ba->ba_to)) 1856 timeout_del(&ba->ba_to); 1857 ba->ba_state = IEEE80211_BA_INIT; 1858 } 1859 } 1860 } 1861 1862 void 1863 ieee80211_free_node(struct ieee80211com *ic, struct ieee80211_node *ni) 1864 { 1865 if (ni == ic->ic_bss) 1866 panic("freeing bss node"); 1867 1868 splassert(IPL_NET); 1869 1870 DPRINTF(("%s\n", ether_sprintf(ni->ni_macaddr))); 1871 #ifndef IEEE80211_STA_ONLY 1872 timeout_del(&ni->ni_eapol_to); 1873 timeout_del(&ni->ni_sa_query_to); 1874 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1875 #endif 1876 ieee80211_ba_del(ni); 1877 RBT_REMOVE(ieee80211_tree, &ic->ic_tree, ni); 1878 ic->ic_nnodes--; 1879 #ifndef IEEE80211_STA_ONLY 1880 if (mq_purge(&ni->ni_savedq) > 0) { 1881 if (ic->ic_set_tim != NULL) 1882 (*ic->ic_set_tim)(ic, ni->ni_associd, 0); 1883 } 1884 #endif 1885 (*ic->ic_node_free)(ic, ni); 1886 /* TBD indicate to drivers that a new node can be allocated */ 1887 } 1888 1889 void 1890 ieee80211_release_node(struct ieee80211com *ic, struct ieee80211_node *ni) 1891 { 1892 int s; 1893 1894 DPRINTF(("%s refcnt %u\n", ether_sprintf(ni->ni_macaddr), 1895 ni->ni_refcnt)); 1896 s = splnet(); 1897 if (ieee80211_node_decref(ni) == 0) { 1898 if (ni->ni_unref_cb) { 1899 (*ni->ni_unref_cb)(ic, ni); 1900 ni->ni_unref_cb = NULL; 1901 /* Freed by callback if necessary: */ 1902 ni->ni_unref_arg = NULL; 1903 ni->ni_unref_arg_size = 0; 1904 } 1905 if (ni->ni_state == IEEE80211_STA_COLLECT) 1906 ieee80211_free_node(ic, ni); 1907 } 1908 splx(s); 1909 } 1910 1911 void 1912 ieee80211_free_allnodes(struct ieee80211com *ic, int clear_ic_bss) 1913 { 1914 struct ieee80211_node *ni; 1915 int s; 1916 1917 DPRINTF(("freeing all nodes\n")); 1918 s = splnet(); 1919 while ((ni = RBT_MIN(ieee80211_tree, &ic->ic_tree)) != NULL) 1920 ieee80211_free_node(ic, ni); 1921 splx(s); 1922 1923 if (clear_ic_bss && ic->ic_bss != NULL) 1924 ieee80211_node_cleanup(ic, ic->ic_bss); /* for station mode */ 1925 } 1926 1927 void 1928 ieee80211_clean_cached(struct ieee80211com *ic) 1929 { 1930 struct ieee80211_node *ni, *next_ni; 1931 int s; 1932 1933 s = splnet(); 1934 for (ni = RBT_MIN(ieee80211_tree, &ic->ic_tree); 1935 ni != NULL; ni = next_ni) { 1936 next_ni = RBT_NEXT(ieee80211_tree, ni); 1937 if (ni->ni_state == IEEE80211_STA_CACHE) 1938 ieee80211_free_node(ic, ni); 1939 } 1940 splx(s); 1941 } 1942 /* 1943 * Timeout inactive nodes. 1944 * 1945 * If called because of a cache timeout, which happens only in hostap and ibss 1946 * modes, clean all inactive cached or authenticated nodes but don't de-auth 1947 * any associated nodes. Also update HT protection settings. 1948 * 1949 * Else, this function is called because a new node must be allocated but the 1950 * node cache is full. In this case, return as soon as a free slot was made 1951 * available. If acting as hostap, clean cached nodes regardless of their 1952 * recent activity and also allow de-authing of authenticated nodes older 1953 * than one cache wait interval, and de-authing of inactive associated nodes. 1954 */ 1955 void 1956 ieee80211_clean_nodes(struct ieee80211com *ic, int cache_timeout) 1957 { 1958 struct ieee80211_node *ni, *next_ni; 1959 u_int gen = ic->ic_scangen++; /* NB: ok 'cuz single-threaded*/ 1960 int s; 1961 #ifndef IEEE80211_STA_ONLY 1962 int nnodes = 0, nonht = 0, nonhtassoc = 0; 1963 struct ifnet *ifp = &ic->ic_if; 1964 enum ieee80211_htprot htprot = IEEE80211_HTPROT_NONE; 1965 enum ieee80211_protmode protmode = IEEE80211_PROT_NONE; 1966 #endif 1967 1968 s = splnet(); 1969 for (ni = RBT_MIN(ieee80211_tree, &ic->ic_tree); 1970 ni != NULL; ni = next_ni) { 1971 next_ni = RBT_NEXT(ieee80211_tree, ni); 1972 if (!cache_timeout && ic->ic_nnodes < ic->ic_max_nnodes) 1973 break; 1974 if (ni->ni_scangen == gen) /* previously handled */ 1975 continue; 1976 #ifndef IEEE80211_STA_ONLY 1977 nnodes++; 1978 if ((ic->ic_flags & IEEE80211_F_HTON) && cache_timeout) { 1979 if (!ieee80211_node_supports_ht(ni)) { 1980 nonht++; 1981 if (ni->ni_state == IEEE80211_STA_ASSOC) 1982 nonhtassoc++; 1983 } 1984 } 1985 #endif 1986 ni->ni_scangen = gen; 1987 if (ni->ni_refcnt > 0) 1988 continue; 1989 #ifndef IEEE80211_STA_ONLY 1990 if ((ic->ic_opmode == IEEE80211_M_HOSTAP || 1991 ic->ic_opmode == IEEE80211_M_IBSS) && 1992 ic->ic_state == IEEE80211_S_RUN) { 1993 if (cache_timeout) { 1994 if (ni->ni_state != IEEE80211_STA_COLLECT && 1995 (ni->ni_state == IEEE80211_STA_ASSOC || 1996 ni->ni_inact < IEEE80211_INACT_MAX)) 1997 continue; 1998 } else { 1999 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 2000 ((ni->ni_state == IEEE80211_STA_ASSOC && 2001 ni->ni_inact < IEEE80211_INACT_MAX) || 2002 (ni->ni_state == IEEE80211_STA_AUTH && 2003 ni->ni_inact == 0))) 2004 continue; 2005 2006 if (ic->ic_opmode == IEEE80211_M_IBSS && 2007 ni->ni_state != IEEE80211_STA_COLLECT && 2008 ni->ni_state != IEEE80211_STA_CACHE && 2009 ni->ni_inact < IEEE80211_INACT_MAX) 2010 continue; 2011 } 2012 } 2013 if (ifp->if_flags & IFF_DEBUG) 2014 printf("%s: station %s purged from node cache\n", 2015 ifp->if_xname, ether_sprintf(ni->ni_macaddr)); 2016 #endif 2017 /* 2018 * If we're hostap and the node is authenticated, send 2019 * a deauthentication frame. The node will be freed when 2020 * the driver calls ieee80211_release_node(). 2021 */ 2022 #ifndef IEEE80211_STA_ONLY 2023 nnodes--; 2024 if ((ic->ic_flags & IEEE80211_F_HTON) && cache_timeout) { 2025 if (!ieee80211_node_supports_ht(ni)) { 2026 nonht--; 2027 if (ni->ni_state == IEEE80211_STA_ASSOC) 2028 nonhtassoc--; 2029 } 2030 } 2031 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 2032 ni->ni_state >= IEEE80211_STA_AUTH && 2033 ni->ni_state != IEEE80211_STA_COLLECT) { 2034 IEEE80211_SEND_MGMT(ic, ni, 2035 IEEE80211_FC0_SUBTYPE_DEAUTH, 2036 IEEE80211_REASON_AUTH_EXPIRE); 2037 ieee80211_node_leave(ic, ni); 2038 } else 2039 #endif 2040 ieee80211_free_node(ic, ni); 2041 ic->ic_stats.is_node_timeout++; 2042 } 2043 2044 #ifndef IEEE80211_STA_ONLY 2045 if ((ic->ic_flags & IEEE80211_F_HTON) && cache_timeout) { 2046 /* Update HT protection settings. */ 2047 if (nonht) { 2048 protmode = IEEE80211_PROT_RTSCTS; 2049 if (nonhtassoc) 2050 htprot = IEEE80211_HTPROT_NONHT_MIXED; 2051 else 2052 htprot = IEEE80211_HTPROT_NONMEMBER; 2053 } 2054 if (ic->ic_bss->ni_htop1 != htprot) { 2055 ic->ic_bss->ni_htop1 = htprot; 2056 ic->ic_protmode = protmode; 2057 if (ic->ic_update_htprot) 2058 ic->ic_update_htprot(ic, ic->ic_bss); 2059 } 2060 } 2061 2062 /* 2063 * During a cache timeout we iterate over all nodes. 2064 * Check for node leaks by comparing the actual number of cached 2065 * nodes with the ic_nnodes count, which is maintained while adding 2066 * and removing nodes from the cache. 2067 */ 2068 if ((ifp->if_flags & IFF_DEBUG) && cache_timeout && 2069 nnodes != ic->ic_nnodes) 2070 printf("%s: number of cached nodes is %d, expected %d," 2071 "possible nodes leak\n", ifp->if_xname, nnodes, 2072 ic->ic_nnodes); 2073 #endif 2074 splx(s); 2075 } 2076 2077 void 2078 ieee80211_iterate_nodes(struct ieee80211com *ic, ieee80211_iter_func *f, 2079 void *arg) 2080 { 2081 struct ieee80211_node *ni; 2082 int s; 2083 2084 s = splnet(); 2085 RBT_FOREACH(ni, ieee80211_tree, &ic->ic_tree) 2086 (*f)(arg, ni); 2087 splx(s); 2088 } 2089 2090 2091 /* 2092 * Install received HT caps information in the node's state block. 2093 */ 2094 void 2095 ieee80211_setup_htcaps(struct ieee80211_node *ni, const uint8_t *data, 2096 uint8_t len) 2097 { 2098 uint16_t rxrate; 2099 2100 if (len != 26) 2101 return; 2102 2103 ni->ni_htcaps = (data[0] | (data[1] << 8)); 2104 ni->ni_ampdu_param = data[2]; 2105 2106 memcpy(ni->ni_rxmcs, &data[3], sizeof(ni->ni_rxmcs)); 2107 /* clear reserved bits */ 2108 clrbit(ni->ni_rxmcs, 77); 2109 clrbit(ni->ni_rxmcs, 78); 2110 clrbit(ni->ni_rxmcs, 79); 2111 2112 /* Max MCS Rx rate in 1Mb/s units (0 means "not specified"). */ 2113 rxrate = ((data[13] | (data[14]) << 8) & IEEE80211_MCS_RX_RATE_HIGH); 2114 if (rxrate < 1024) 2115 ni->ni_max_rxrate = rxrate; 2116 2117 ni->ni_tx_mcs_set = data[15]; 2118 ni->ni_htxcaps = (data[19] | (data[20] << 8)); 2119 ni->ni_txbfcaps = (data[21] | (data[22] << 8) | (data[23] << 16) | 2120 (data[24] << 24)); 2121 ni->ni_aselcaps = data[25]; 2122 } 2123 2124 #ifndef IEEE80211_STA_ONLY 2125 /* 2126 * Handle nodes switching from 11n into legacy modes. 2127 */ 2128 void 2129 ieee80211_clear_htcaps(struct ieee80211_node *ni) 2130 { 2131 ni->ni_htcaps = 0; 2132 ni->ni_ampdu_param = 0; 2133 memset(ni->ni_rxmcs, 0, sizeof(ni->ni_rxmcs)); 2134 ni->ni_max_rxrate = 0; 2135 ni->ni_tx_mcs_set = 0; 2136 ni->ni_htxcaps = 0; 2137 ni->ni_txbfcaps = 0; 2138 ni->ni_aselcaps = 0; 2139 2140 ni->ni_flags &= ~IEEE80211_NODE_HT; 2141 2142 } 2143 #endif 2144 2145 /* 2146 * Install received HT op information in the node's state block. 2147 */ 2148 int 2149 ieee80211_setup_htop(struct ieee80211_node *ni, const uint8_t *data, 2150 uint8_t len, int isprobe) 2151 { 2152 if (len != 22) 2153 return 0; 2154 2155 ni->ni_primary_chan = data[0]; /* XXX corresponds to ni_chan */ 2156 2157 ni->ni_htop0 = data[1]; 2158 ni->ni_htop1 = (data[2] | (data[3] << 8)); 2159 ni->ni_htop2 = (data[3] | (data[4] << 8)); 2160 2161 /* 2162 * According to 802.11-2012 Table 8-130 the Basic MCS set is 2163 * only "present in Beacon, Probe Response, Mesh Peering Open 2164 * and Mesh Peering Confirm frames. Otherwise reserved." 2165 */ 2166 if (isprobe) 2167 memcpy(ni->ni_basic_mcs, &data[6], sizeof(ni->ni_basic_mcs)); 2168 2169 return 1; 2170 } 2171 2172 /* 2173 * Install received rate set information in the node's state block. 2174 */ 2175 int 2176 ieee80211_setup_rates(struct ieee80211com *ic, struct ieee80211_node *ni, 2177 const u_int8_t *rates, const u_int8_t *xrates, int flags) 2178 { 2179 struct ieee80211_rateset *rs = &ni->ni_rates; 2180 2181 memset(rs, 0, sizeof(*rs)); 2182 rs->rs_nrates = rates[1]; 2183 memcpy(rs->rs_rates, rates + 2, rs->rs_nrates); 2184 if (xrates != NULL) { 2185 u_int8_t nxrates; 2186 /* 2187 * Tack on 11g extended supported rate element. 2188 */ 2189 nxrates = xrates[1]; 2190 if (rs->rs_nrates + nxrates > IEEE80211_RATE_MAXSIZE) { 2191 nxrates = IEEE80211_RATE_MAXSIZE - rs->rs_nrates; 2192 DPRINTF(("extended rate set too large; " 2193 "only using %u of %u rates\n", 2194 nxrates, xrates[1])); 2195 ic->ic_stats.is_rx_rstoobig++; 2196 } 2197 memcpy(rs->rs_rates + rs->rs_nrates, xrates+2, nxrates); 2198 rs->rs_nrates += nxrates; 2199 } 2200 return ieee80211_fix_rate(ic, ni, flags); 2201 } 2202 2203 #ifndef IEEE80211_STA_ONLY 2204 /* 2205 * Check if the specified node supports ERP. 2206 */ 2207 int 2208 ieee80211_iserp_sta(const struct ieee80211_node *ni) 2209 { 2210 static const u_int8_t rates[] = { 2, 4, 11, 22, 12, 24, 48 }; 2211 const struct ieee80211_rateset *rs = &ni->ni_rates; 2212 int i, j; 2213 2214 /* 2215 * A STA supports ERP operation if it includes all the Clause 19 2216 * mandatory rates in its supported rate set. 2217 */ 2218 for (i = 0; i < nitems(rates); i++) { 2219 for (j = 0; j < rs->rs_nrates; j++) { 2220 if ((rs->rs_rates[j] & IEEE80211_RATE_VAL) == rates[i]) 2221 break; 2222 } 2223 if (j == rs->rs_nrates) 2224 return 0; 2225 } 2226 return 1; 2227 } 2228 2229 /* 2230 * This function is called to notify the 802.1X PACP machine that a new 2231 * 802.1X port is enabled and must be authenticated. For 802.11, a port 2232 * becomes enabled whenever a STA successfully completes Open System 2233 * authentication with an AP. 2234 */ 2235 void 2236 ieee80211_needs_auth(struct ieee80211com *ic, struct ieee80211_node *ni) 2237 { 2238 /* 2239 * XXX this could be done via the route socket of via a dedicated 2240 * EAP socket or another kernel->userland notification mechanism. 2241 * The notification should include the MAC address (ni_macaddr). 2242 */ 2243 } 2244 2245 /* 2246 * Handle an HT STA joining an HT network. 2247 */ 2248 void 2249 ieee80211_node_join_ht(struct ieee80211com *ic, struct ieee80211_node *ni) 2250 { 2251 enum ieee80211_htprot; 2252 2253 /* Update HT protection setting. */ 2254 if ((ni->ni_flags & IEEE80211_NODE_HT) == 0) { 2255 ic->ic_bss->ni_htop1 = IEEE80211_HTPROT_NONHT_MIXED; 2256 if (ic->ic_update_htprot) 2257 ic->ic_update_htprot(ic, ic->ic_bss); 2258 } 2259 } 2260 2261 /* 2262 * Handle a station joining an RSN network. 2263 */ 2264 void 2265 ieee80211_node_join_rsn(struct ieee80211com *ic, struct ieee80211_node *ni) 2266 { 2267 DPRINTF(("station %s associated using proto %d akm 0x%x " 2268 "cipher 0x%x groupcipher 0x%x\n", ether_sprintf(ni->ni_macaddr), 2269 ni->ni_rsnprotos, ni->ni_rsnakms, ni->ni_rsnciphers, 2270 ni->ni_rsngroupcipher)); 2271 2272 ni->ni_rsn_state = RSNA_AUTHENTICATION; 2273 2274 ni->ni_key_count = 0; 2275 ni->ni_port_valid = 0; 2276 ni->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 2277 ni->ni_flags &= ~IEEE80211_NODE_RSN_NEW_PTK; 2278 ni->ni_replaycnt = -1; /* XXX */ 2279 ni->ni_rsn_retries = 0; 2280 ni->ni_rsncipher = ni->ni_rsnciphers; 2281 2282 ni->ni_rsn_state = RSNA_AUTHENTICATION_2; 2283 2284 /* generate a new authenticator nonce (ANonce) */ 2285 arc4random_buf(ni->ni_nonce, EAPOL_KEY_NONCE_LEN); 2286 2287 if (!ieee80211_is_8021x_akm(ni->ni_rsnakms)) { 2288 memcpy(ni->ni_pmk, ic->ic_psk, IEEE80211_PMK_LEN); 2289 ni->ni_flags |= IEEE80211_NODE_PMK; 2290 (void)ieee80211_send_4way_msg1(ic, ni); 2291 } else if (ni->ni_flags & IEEE80211_NODE_PMK) { 2292 /* skip 802.1X auth if a cached PMK was found */ 2293 (void)ieee80211_send_4way_msg1(ic, ni); 2294 } else { 2295 /* no cached PMK found, needs full 802.1X auth */ 2296 ieee80211_needs_auth(ic, ni); 2297 } 2298 } 2299 2300 void 2301 ieee80211_count_longslotsta(void *arg, struct ieee80211_node *ni) 2302 { 2303 int *longslotsta = arg; 2304 2305 if (ni->ni_associd == 0 || ni->ni_state == IEEE80211_STA_COLLECT) 2306 return; 2307 2308 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)) 2309 (*longslotsta)++; 2310 } 2311 2312 void 2313 ieee80211_count_nonerpsta(void *arg, struct ieee80211_node *ni) 2314 { 2315 int *nonerpsta = arg; 2316 2317 if (ni->ni_associd == 0 || ni->ni_state == IEEE80211_STA_COLLECT) 2318 return; 2319 2320 if (!ieee80211_iserp_sta(ni)) 2321 (*nonerpsta)++; 2322 } 2323 2324 void 2325 ieee80211_count_pssta(void *arg, struct ieee80211_node *ni) 2326 { 2327 int *pssta = arg; 2328 2329 if (ni->ni_associd == 0 || ni->ni_state == IEEE80211_STA_COLLECT) 2330 return; 2331 2332 if (ni->ni_pwrsave == IEEE80211_PS_DOZE) 2333 (*pssta)++; 2334 } 2335 2336 void 2337 ieee80211_count_rekeysta(void *arg, struct ieee80211_node *ni) 2338 { 2339 int *rekeysta = arg; 2340 2341 if (ni->ni_associd == 0 || ni->ni_state == IEEE80211_STA_COLLECT) 2342 return; 2343 2344 if (ni->ni_flags & IEEE80211_NODE_REKEY) 2345 (*rekeysta)++; 2346 } 2347 2348 /* 2349 * Handle a station joining an 11g network. 2350 */ 2351 void 2352 ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 2353 { 2354 int longslotsta = 0, nonerpsta = 0; 2355 2356 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)) { 2357 /* 2358 * Joining STA doesn't support short slot time. We must 2359 * disable the use of short slot time for all other associated 2360 * STAs and give the driver a chance to reconfigure the 2361 * hardware. 2362 */ 2363 ieee80211_iterate_nodes(ic, 2364 ieee80211_count_longslotsta, &longslotsta); 2365 if (longslotsta == 1) { 2366 if (ic->ic_caps & IEEE80211_C_SHSLOT) 2367 ieee80211_set_shortslottime(ic, 0); 2368 } 2369 DPRINTF(("[%s] station needs long slot time, count %d\n", 2370 ether_sprintf(ni->ni_macaddr), longslotsta)); 2371 } 2372 2373 if (!ieee80211_iserp_sta(ni)) { 2374 /* 2375 * Joining STA is non-ERP. 2376 */ 2377 ieee80211_iterate_nodes(ic, 2378 ieee80211_count_nonerpsta, &nonerpsta); 2379 DPRINTF(("[%s] station is non-ERP, %d non-ERP " 2380 "stations associated\n", ether_sprintf(ni->ni_macaddr), 2381 nonerpsta)); 2382 /* must enable the use of protection */ 2383 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 2384 DPRINTF(("enable use of protection\n")); 2385 ic->ic_flags |= IEEE80211_F_USEPROT; 2386 } 2387 2388 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE)) 2389 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2390 } else 2391 ni->ni_flags |= IEEE80211_NODE_ERP; 2392 } 2393 2394 void 2395 ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, 2396 int resp) 2397 { 2398 int newassoc = (ni->ni_state != IEEE80211_STA_ASSOC); 2399 2400 if (ni->ni_associd == 0) { 2401 u_int16_t aid; 2402 2403 /* 2404 * It would be clever to search the bitmap 2405 * more efficiently, but this will do for now. 2406 */ 2407 for (aid = 1; aid < ic->ic_max_aid; aid++) { 2408 if (!IEEE80211_AID_ISSET(aid, 2409 ic->ic_aid_bitmap)) 2410 break; 2411 } 2412 if (aid >= ic->ic_max_aid) { 2413 IEEE80211_SEND_MGMT(ic, ni, resp, 2414 IEEE80211_REASON_ASSOC_TOOMANY); 2415 ieee80211_node_leave(ic, ni); 2416 return; 2417 } 2418 ni->ni_associd = aid | 0xc000; 2419 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 2420 if (ic->ic_curmode == IEEE80211_MODE_11G || 2421 (ic->ic_curmode == IEEE80211_MODE_11N && 2422 IEEE80211_IS_CHAN_2GHZ(ic->ic_bss->ni_chan))) 2423 ieee80211_node_join_11g(ic, ni); 2424 } 2425 2426 DPRINTF(("station %s %s associated at aid %d\n", 2427 ether_sprintf(ni->ni_macaddr), newassoc ? "newly" : "already", 2428 ni->ni_associd & ~0xc000)); 2429 2430 ieee80211_ht_negotiate(ic, ni); 2431 if (ic->ic_flags & IEEE80211_F_HTON) 2432 ieee80211_node_join_ht(ic, ni); 2433 2434 /* give driver a chance to setup state like ni_txrate */ 2435 if (ic->ic_newassoc) 2436 (*ic->ic_newassoc)(ic, ni, newassoc); 2437 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 2438 ieee80211_node_newstate(ni, IEEE80211_STA_ASSOC); 2439 2440 if (!(ic->ic_flags & IEEE80211_F_RSNON)) { 2441 ni->ni_port_valid = 1; 2442 ni->ni_rsncipher = IEEE80211_CIPHER_USEGROUP; 2443 } else 2444 ieee80211_node_join_rsn(ic, ni); 2445 2446 #if NBRIDGE > 0 2447 /* 2448 * If the parent interface is a bridgeport, learn 2449 * the node's address dynamically on this interface. 2450 */ 2451 if (ic->ic_if.if_bridgeport != NULL) 2452 bridge_update(&ic->ic_if, 2453 (struct ether_addr *)ni->ni_macaddr, 0); 2454 #endif 2455 } 2456 2457 /* 2458 * Handle an HT STA leaving an HT network. 2459 */ 2460 void 2461 ieee80211_node_leave_ht(struct ieee80211com *ic, struct ieee80211_node *ni) 2462 { 2463 struct ieee80211_rx_ba *ba; 2464 u_int8_t tid; 2465 int i; 2466 2467 /* free all Block Ack records */ 2468 ieee80211_ba_del(ni); 2469 for (tid = 0; tid < IEEE80211_NUM_TID; tid++) { 2470 ba = &ni->ni_rx_ba[tid]; 2471 if (ba->ba_buf != NULL) { 2472 for (i = 0; i < IEEE80211_BA_MAX_WINSZ; i++) 2473 m_freem(ba->ba_buf[i].m); 2474 free(ba->ba_buf, M_DEVBUF, 2475 IEEE80211_BA_MAX_WINSZ * sizeof(*ba->ba_buf)); 2476 ba->ba_buf = NULL; 2477 } 2478 } 2479 2480 ieee80211_clear_htcaps(ni); 2481 } 2482 2483 /* 2484 * Handle a station leaving an RSN network. 2485 */ 2486 void 2487 ieee80211_node_leave_rsn(struct ieee80211com *ic, struct ieee80211_node *ni) 2488 { 2489 int rekeysta = 0; 2490 2491 ni->ni_rsn_state = RSNA_DISCONNECTED; 2492 2493 ni->ni_rsn_state = RSNA_INITIALIZE; 2494 if (ni->ni_flags & IEEE80211_NODE_REKEY) { 2495 ni->ni_flags &= ~IEEE80211_NODE_REKEY; 2496 ieee80211_iterate_nodes(ic, 2497 ieee80211_count_rekeysta, &rekeysta); 2498 if (rekeysta == 0) 2499 ieee80211_setkeysdone(ic); 2500 } 2501 ni->ni_flags &= ~IEEE80211_NODE_PMK; 2502 ni->ni_rsn_gstate = RSNA_IDLE; 2503 2504 timeout_del(&ni->ni_eapol_to); 2505 timeout_del(&ni->ni_sa_query_to); 2506 2507 ni->ni_rsn_retries = 0; 2508 ni->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 2509 ni->ni_port_valid = 0; 2510 (*ic->ic_delete_key)(ic, ni, &ni->ni_pairwise_key); 2511 } 2512 2513 /* 2514 * Handle a station leaving an 11g network. 2515 */ 2516 void 2517 ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 2518 { 2519 int longslotsta = 0, nonerpsta = 0; 2520 2521 if (!(ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME)) { 2522 /* leaving STA did not support short slot time */ 2523 ieee80211_iterate_nodes(ic, 2524 ieee80211_count_longslotsta, &longslotsta); 2525 if (longslotsta == 1) { 2526 /* 2527 * All associated STAs now support short slot time, so 2528 * enable this feature and give the driver a chance to 2529 * reconfigure the hardware. Notice that IBSS always 2530 * use a long slot time. 2531 */ 2532 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2533 ic->ic_opmode != IEEE80211_M_IBSS) 2534 ieee80211_set_shortslottime(ic, 1); 2535 } 2536 DPRINTF(("[%s] long slot time station leaves, count %d\n", 2537 ether_sprintf(ni->ni_macaddr), longslotsta)); 2538 } 2539 2540 if (!(ni->ni_flags & IEEE80211_NODE_ERP)) { 2541 /* leaving STA was non-ERP */ 2542 ieee80211_iterate_nodes(ic, 2543 ieee80211_count_nonerpsta, &nonerpsta); 2544 if (nonerpsta == 1) { 2545 /* 2546 * All associated STAs are now ERP capable, disable use 2547 * of protection and re-enable short preamble support. 2548 */ 2549 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2550 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) 2551 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 2552 } 2553 DPRINTF(("[%s] non-ERP station leaves, count %d\n", 2554 ether_sprintf(ni->ni_macaddr), nonerpsta)); 2555 } 2556 } 2557 2558 /* 2559 * Handle bookkeeping for station deauthentication/disassociation 2560 * when operating as an ap. 2561 */ 2562 void 2563 ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 2564 { 2565 if (ic->ic_opmode != IEEE80211_M_HOSTAP) 2566 panic("not in ap mode, mode %u", ic->ic_opmode); 2567 2568 if (ni->ni_state == IEEE80211_STA_COLLECT) 2569 return; 2570 /* 2571 * If node wasn't previously associated all we need to do is 2572 * reclaim the reference. 2573 */ 2574 if (ni->ni_associd == 0) { 2575 ieee80211_node_newstate(ni, IEEE80211_STA_COLLECT); 2576 return; 2577 } 2578 2579 if (ni->ni_pwrsave == IEEE80211_PS_DOZE) 2580 ni->ni_pwrsave = IEEE80211_PS_AWAKE; 2581 2582 if (mq_purge(&ni->ni_savedq) > 0) { 2583 if (ic->ic_set_tim != NULL) 2584 (*ic->ic_set_tim)(ic, ni->ni_associd, 0); 2585 } 2586 2587 if (ic->ic_flags & IEEE80211_F_RSNON) 2588 ieee80211_node_leave_rsn(ic, ni); 2589 2590 if (ic->ic_curmode == IEEE80211_MODE_11G || 2591 (ic->ic_curmode == IEEE80211_MODE_11N && 2592 IEEE80211_IS_CHAN_2GHZ(ic->ic_bss->ni_chan))) 2593 ieee80211_node_leave_11g(ic, ni); 2594 2595 if (ni->ni_flags & IEEE80211_NODE_HT) 2596 ieee80211_node_leave_ht(ic, ni); 2597 2598 if (ic->ic_node_leave != NULL) 2599 (*ic->ic_node_leave)(ic, ni); 2600 2601 ieee80211_node_newstate(ni, IEEE80211_STA_COLLECT); 2602 2603 #if NBRIDGE > 0 2604 /* 2605 * If the parent interface is a bridgeport, delete 2606 * any dynamically learned address for this node. 2607 */ 2608 if (ic->ic_if.if_bridgeport != NULL) 2609 bridge_update(&ic->ic_if, 2610 (struct ether_addr *)ni->ni_macaddr, 1); 2611 #endif 2612 } 2613 2614 static int 2615 ieee80211_do_slow_print(struct ieee80211com *ic, int *did_print) 2616 { 2617 static const struct timeval merge_print_intvl = { 2618 .tv_sec = 1, .tv_usec = 0 2619 }; 2620 if ((ic->ic_if.if_flags & IFF_LINK0) == 0) 2621 return 0; 2622 if (!*did_print && (ic->ic_if.if_flags & IFF_DEBUG) == 0 && 2623 !ratecheck(&ic->ic_last_merge_print, &merge_print_intvl)) 2624 return 0; 2625 2626 *did_print = 1; 2627 return 1; 2628 } 2629 2630 /* ieee80211_ibss_merge helps merge 802.11 ad hoc networks. The 2631 * convention, set by the Wireless Ethernet Compatibility Alliance 2632 * (WECA), is that an 802.11 station will change its BSSID to match 2633 * the "oldest" 802.11 ad hoc network, on the same channel, that 2634 * has the station's desired SSID. The "oldest" 802.11 network 2635 * sends beacons with the greatest TSF timestamp. 2636 * 2637 * Return ENETRESET if the BSSID changed, 0 otherwise. 2638 * 2639 * XXX Perhaps we should compensate for the time that elapses 2640 * between the MAC receiving the beacon and the host processing it 2641 * in ieee80211_ibss_merge. 2642 */ 2643 int 2644 ieee80211_ibss_merge(struct ieee80211com *ic, struct ieee80211_node *ni, 2645 u_int64_t local_tsft) 2646 { 2647 u_int64_t beacon_tsft; 2648 int did_print = 0, sign; 2649 union { 2650 u_int64_t word; 2651 u_int8_t tstamp[8]; 2652 } u; 2653 2654 /* ensure alignment */ 2655 (void)memcpy(&u, &ni->ni_tstamp[0], sizeof(u)); 2656 beacon_tsft = letoh64(u.word); 2657 2658 /* we are faster, let the other guy catch up */ 2659 if (beacon_tsft < local_tsft) 2660 sign = -1; 2661 else 2662 sign = 1; 2663 2664 if (IEEE80211_ADDR_EQ(ni->ni_bssid, ic->ic_bss->ni_bssid)) { 2665 if (!ieee80211_do_slow_print(ic, &did_print)) 2666 return 0; 2667 printf("%s: tsft offset %s%llu\n", ic->ic_if.if_xname, 2668 (sign < 0) ? "-" : "", 2669 (sign < 0) 2670 ? (local_tsft - beacon_tsft) 2671 : (beacon_tsft - local_tsft)); 2672 return 0; 2673 } 2674 2675 if (sign < 0) 2676 return 0; 2677 2678 if (ieee80211_match_bss(ic, ni) != 0) 2679 return 0; 2680 2681 if (ieee80211_do_slow_print(ic, &did_print)) { 2682 printf("%s: ieee80211_ibss_merge: bssid mismatch %s\n", 2683 ic->ic_if.if_xname, ether_sprintf(ni->ni_bssid)); 2684 printf("%s: my tsft %llu beacon tsft %llu\n", 2685 ic->ic_if.if_xname, local_tsft, beacon_tsft); 2686 printf("%s: sync TSF with %s\n", 2687 ic->ic_if.if_xname, ether_sprintf(ni->ni_macaddr)); 2688 } 2689 2690 ic->ic_flags &= ~IEEE80211_F_SIBSS; 2691 2692 /* negotiate rates with new IBSS */ 2693 ieee80211_fix_rate(ic, ni, IEEE80211_F_DOFRATE | 2694 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 2695 if (ni->ni_rates.rs_nrates == 0) { 2696 if (ieee80211_do_slow_print(ic, &did_print)) { 2697 printf("%s: rates mismatch, BSSID %s\n", 2698 ic->ic_if.if_xname, ether_sprintf(ni->ni_bssid)); 2699 } 2700 return 0; 2701 } 2702 2703 if (ieee80211_do_slow_print(ic, &did_print)) { 2704 printf("%s: sync BSSID %s -> ", 2705 ic->ic_if.if_xname, ether_sprintf(ic->ic_bss->ni_bssid)); 2706 printf("%s ", ether_sprintf(ni->ni_bssid)); 2707 printf("(from %s)\n", ether_sprintf(ni->ni_macaddr)); 2708 } 2709 2710 ieee80211_node_newstate(ni, IEEE80211_STA_BSS); 2711 (*ic->ic_node_copy)(ic, ic->ic_bss, ni); 2712 2713 return ENETRESET; 2714 } 2715 2716 void 2717 ieee80211_set_tim(struct ieee80211com *ic, int aid, int set) 2718 { 2719 if (set) 2720 setbit(ic->ic_tim_bitmap, aid & ~0xc000); 2721 else 2722 clrbit(ic->ic_tim_bitmap, aid & ~0xc000); 2723 } 2724 2725 /* 2726 * This function shall be called by drivers immediately after every DTIM. 2727 * Transmit all group addressed MSDUs buffered at the AP. 2728 */ 2729 void 2730 ieee80211_notify_dtim(struct ieee80211com *ic) 2731 { 2732 /* NB: group addressed MSDUs are buffered in ic_bss */ 2733 struct ieee80211_node *ni = ic->ic_bss; 2734 struct ifnet *ifp = &ic->ic_if; 2735 struct ieee80211_frame *wh; 2736 struct mbuf *m; 2737 2738 KASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP); 2739 2740 while ((m = mq_dequeue(&ni->ni_savedq)) != NULL) { 2741 if (!mq_empty(&ni->ni_savedq)) { 2742 /* more queued frames, set the more data bit */ 2743 wh = mtod(m, struct ieee80211_frame *); 2744 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 2745 } 2746 mq_enqueue(&ic->ic_pwrsaveq, m); 2747 if_start(ifp); 2748 } 2749 /* XXX assumes everything has been sent */ 2750 ic->ic_tim_mcast_pending = 0; 2751 } 2752 #endif /* IEEE80211_STA_ONLY */ 2753 2754 /* 2755 * Compare nodes in the tree by lladdr 2756 */ 2757 int 2758 ieee80211_node_cmp(const struct ieee80211_node *b1, 2759 const struct ieee80211_node *b2) 2760 { 2761 return (memcmp(b1->ni_macaddr, b2->ni_macaddr, IEEE80211_ADDR_LEN)); 2762 } 2763 2764 /* 2765 * Compare nodes in the tree by essid 2766 */ 2767 int 2768 ieee80211_ess_cmp(const struct ieee80211_ess_rbt *b1, 2769 const struct ieee80211_ess_rbt *b2) 2770 { 2771 return (memcmp(b1->essid, b2->essid, IEEE80211_NWID_LEN)); 2772 } 2773 2774 /* 2775 * Generate red-black tree function logic 2776 */ 2777 RBT_GENERATE(ieee80211_tree, ieee80211_node, ni_node, ieee80211_node_cmp); 2778 RBT_GENERATE(ieee80211_ess_tree, ieee80211_ess_rbt, ess_rbt, ieee80211_ess_cmp); 2779