Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/net80211/ieee80211_node.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $NetBSD: ieee80211_node.c,v 1.82 2021/09/19 10:34:09 andvar Exp $ */ 2 3 /* 4 * Copyright (c) 2001 Atsushi Onoe 5 * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. The name of the author may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * Alternatively, this software may be distributed under the terms of the 20 * GNU General Public License ("GPL") version 2 as published by the Free 21 * Software Foundation. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include <sys/cdefs.h> 36 #ifdef __FreeBSD__ 37 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_node.c,v 1.65 2005/08/13 17:50:21 sam Exp $"); 38 #endif 39 #ifdef __NetBSD__ 40 __KERNEL_RCSID(0, "$NetBSD: ieee80211_node.c,v 1.82 2021/09/19 10:34:09 andvar Exp $"); 41 #endif 42 43 #ifdef _KERNEL_OPT 44 #include "opt_inet.h" 45 #endif 46 47 #include <sys/param.h> 48 #include <sys/systm.h> 49 #include <sys/mbuf.h> 50 #include <sys/malloc.h> 51 #include <sys/kernel.h> 52 53 #include <sys/socket.h> 54 #include <sys/sockio.h> 55 #include <sys/endian.h> 56 #include <sys/errno.h> 57 #include <sys/proc.h> 58 #include <sys/sysctl.h> 59 60 #include <net/if.h> 61 #include <net/if_media.h> 62 #include <net/if_arp.h> 63 #include <net/if_ether.h> 64 #include <net/if_llc.h> 65 66 #include <net80211/ieee80211_netbsd.h> 67 #include <net80211/ieee80211_var.h> 68 69 #include <net/bpf.h> 70 71 #ifdef INET 72 #include <netinet/in.h> 73 #include <net/if_ether.h> 74 #endif 75 76 /* 77 * Association id's are managed with a bit vector. 78 */ 79 #define IEEE80211_AID_SET(b, w) \ 80 ((w)[IEEE80211_AID(b) / 32] |= (1 << (IEEE80211_AID(b) % 32))) 81 #define IEEE80211_AID_CLR(b, w) \ 82 ((w)[IEEE80211_AID(b) / 32] &= ~(1 << (IEEE80211_AID(b) % 32))) 83 #define IEEE80211_AID_ISSET(b, w) \ 84 ((w)[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32))) 85 86 static struct ieee80211_node *node_alloc(struct ieee80211_node_table *); 87 static void node_cleanup(struct ieee80211_node *); 88 static void node_free(struct ieee80211_node *); 89 static u_int8_t node_getrssi(const struct ieee80211_node *); 90 91 static void ieee80211_setup_node(struct ieee80211_node_table *, 92 struct ieee80211_node *, const u_int8_t *); 93 static void _ieee80211_free_node(struct ieee80211_node *); 94 static void ieee80211_free_allnodes(struct ieee80211_node_table *); 95 96 static void ieee80211_timeout_scan_candidates(struct ieee80211_node_table *); 97 static void ieee80211_timeout_stations(struct ieee80211_node_table *); 98 99 static void ieee80211_set_tim(struct ieee80211_node *, int set); 100 101 static void ieee80211_node_table_init(struct ieee80211com *ic, 102 struct ieee80211_node_table *nt, const char *name, 103 int inact, int keyixmax, 104 void (*timeout)(struct ieee80211_node_table *)); 105 static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt); 106 107 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 108 109 void 110 ieee80211_node_attach(struct ieee80211com *ic) 111 { 112 113 ic->ic_node_alloc = node_alloc; 114 ic->ic_node_free = node_free; 115 ic->ic_node_cleanup = node_cleanup; 116 ic->ic_node_getrssi = node_getrssi; 117 118 /* default station inactivity timer settings */ 119 ic->ic_inact_init = IEEE80211_INACT_INIT; 120 ic->ic_inact_auth = IEEE80211_INACT_AUTH; 121 ic->ic_inact_run = IEEE80211_INACT_RUN; 122 ic->ic_inact_probe = IEEE80211_INACT_PROBE; 123 124 /* NB: driver should override */ 125 ic->ic_max_aid = IEEE80211_AID_DEF; 126 ic->ic_set_tim = ieee80211_set_tim; 127 } 128 129 void 130 ieee80211_node_lateattach(struct ieee80211com *ic) 131 { 132 struct ieee80211_rsnparms *rsn; 133 134 if (ic->ic_max_aid > IEEE80211_AID_MAX) 135 ic->ic_max_aid = IEEE80211_AID_MAX; 136 ic->ic_aid_bitmap = malloc(howmany(ic->ic_max_aid, 32) * 137 sizeof(u_int32_t), M_DEVBUF, M_WAITOK | M_ZERO); 138 139 /* XXX defer until using hostap/ibss mode */ 140 ic->ic_tim_len = howmany(ic->ic_max_aid, 8) * sizeof(u_int8_t); 141 ic->ic_tim_bitmap = malloc(ic->ic_tim_len, M_DEVBUF, M_WAITOK | M_ZERO); 142 143 ieee80211_node_table_init(ic, &ic->ic_sta, "station", 144 IEEE80211_INACT_INIT, ic->ic_crypto.cs_max_keyix, 145 ieee80211_timeout_stations); 146 ieee80211_node_table_init(ic, &ic->ic_scan, "scan", 147 IEEE80211_INACT_SCAN, 0, 148 ieee80211_timeout_scan_candidates); 149 150 ieee80211_reset_bss(ic); 151 /* 152 * Setup "global settings" in the bss node so that 153 * each new station automatically inherits them. 154 */ 155 rsn = &ic->ic_bss->ni_rsn; 156 /* WEP, TKIP, and AES-CCM are always supported */ 157 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_WEP; 158 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_TKIP; 159 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_CCM; 160 if (ic->ic_caps & IEEE80211_C_AES) 161 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_AES_OCB; 162 if (ic->ic_caps & IEEE80211_C_CKIP) 163 rsn->rsn_ucastcipherset |= 1<<IEEE80211_CIPHER_CKIP; 164 /* 165 * Default unicast cipher to WEP for 802.1x use. If 166 * WPA is enabled the management code will set these 167 * values to reflect. 168 */ 169 rsn->rsn_ucastcipher = IEEE80211_CIPHER_WEP; 170 rsn->rsn_ucastkeylen = 104 / NBBY; 171 /* 172 * WPA says the multicast cipher is the lowest unicast 173 * cipher supported. But we skip WEP which would 174 * otherwise be used based on this criteria. 175 */ 176 rsn->rsn_mcastcipher = IEEE80211_CIPHER_TKIP; 177 rsn->rsn_mcastkeylen = 128 / NBBY; 178 179 /* 180 * We support both WPA-PSK and 802.1x; the one used 181 * is determined by the authentication mode and the 182 * setting of the PSK state. 183 */ 184 rsn->rsn_keymgmtset = WPA_ASE_8021X_UNSPEC | WPA_ASE_8021X_PSK; 185 rsn->rsn_keymgmt = WPA_ASE_8021X_PSK; 186 187 ic->ic_auth = ieee80211_authenticator_get(ic->ic_bss->ni_authmode); 188 } 189 190 void 191 ieee80211_node_detach(struct ieee80211com *ic) 192 { 193 194 if (ic->ic_bss != NULL) { 195 ieee80211_free_node(ic->ic_bss); 196 ic->ic_bss = NULL; 197 } 198 ieee80211_node_table_cleanup(&ic->ic_scan); 199 ieee80211_node_table_cleanup(&ic->ic_sta); 200 if (ic->ic_aid_bitmap != NULL) { 201 free(ic->ic_aid_bitmap, M_DEVBUF); 202 ic->ic_aid_bitmap = NULL; 203 } 204 if (ic->ic_tim_bitmap != NULL) { 205 free(ic->ic_tim_bitmap, M_DEVBUF); 206 ic->ic_tim_bitmap = NULL; 207 } 208 } 209 210 /* 211 * Port authorize/unauthorize interfaces for use by an authenticator. 212 */ 213 214 void 215 ieee80211_node_authorize(struct ieee80211_node *ni) 216 { 217 struct ieee80211com *ic = ni->ni_ic; 218 219 ni->ni_flags |= IEEE80211_NODE_AUTH; 220 ni->ni_inact_reload = ic->ic_inact_run; 221 } 222 223 void 224 ieee80211_node_unauthorize(struct ieee80211_node *ni) 225 { 226 ni->ni_flags &= ~IEEE80211_NODE_AUTH; 227 } 228 229 /* 230 * Set/change the channel. The rate set is also updated as 231 * to insure a consistent view by drivers. 232 */ 233 static void 234 ieee80211_set_chan(struct ieee80211com *ic, 235 struct ieee80211_node *ni, struct ieee80211_channel *chan) 236 { 237 if (chan == IEEE80211_CHAN_ANYC) /* XXX while scanning */ 238 chan = ic->ic_curchan; 239 ni->ni_chan = chan; 240 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, chan)]; 241 } 242 243 /* 244 * AP scanning support. 245 */ 246 247 #ifdef IEEE80211_DEBUG 248 static void 249 dump_chanlist(const u_char chans[]) 250 { 251 const char *sep; 252 int i; 253 254 sep = " "; 255 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 256 if (isset(chans, i)) { 257 printf("%s%u", sep, i); 258 sep = ", "; 259 } 260 } 261 #endif /* IEEE80211_DEBUG */ 262 263 /* 264 * Initialize the channel set to scan based on the 265 * of available channels and the current PHY mode. 266 */ 267 static void 268 ieee80211_reset_scan(struct ieee80211com *ic) 269 { 270 271 /* XXX ic_des_chan should be handled with ic_chan_active */ 272 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC) { 273 memset(ic->ic_chan_scan, 0, sizeof(ic->ic_chan_scan)); 274 setbit(ic->ic_chan_scan, 275 ieee80211_chan2ieee(ic, ic->ic_des_chan)); 276 } else 277 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 278 sizeof(ic->ic_chan_active)); 279 #ifdef IEEE80211_DEBUG 280 if (ieee80211_msg_scan(ic)) { 281 printf("%s: scan set:", __func__); 282 dump_chanlist(ic->ic_chan_scan); 283 printf(" start chan %u\n", 284 ieee80211_chan2ieee(ic, ic->ic_curchan)); 285 } 286 #endif /* IEEE80211_DEBUG */ 287 } 288 289 /* 290 * Begin an active scan. 291 */ 292 void 293 ieee80211_begin_scan(struct ieee80211com *ic, int reset) 294 { 295 ic->ic_scan.nt_scangen++; 296 297 /* 298 * In all but hostap mode scanning starts off in 299 * an active mode before switching to passive. 300 */ 301 if (ic->ic_opmode != IEEE80211_M_HOSTAP) { 302 ic->ic_flags |= IEEE80211_F_ASCAN; 303 ic->ic_stats.is_scan_active++; 304 } else 305 ic->ic_stats.is_scan_passive++; 306 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 307 "begin %s scan in %s mode, scangen %u\n", 308 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive", 309 ieee80211_phymode_name[ic->ic_curmode], ic->ic_scan.nt_scangen); 310 311 /* 312 * Clear scan state and flush any previously seen AP's. 313 */ 314 ieee80211_reset_scan(ic); 315 if (reset) 316 ieee80211_free_allnodes(&ic->ic_scan); 317 318 ic->ic_flags |= IEEE80211_F_SCAN; 319 320 /* Scan the next channel. */ 321 ieee80211_next_scan(ic); 322 } 323 324 /* 325 * Switch to the next channel marked for scanning. 326 */ 327 int 328 ieee80211_next_scan(struct ieee80211com *ic) 329 { 330 struct ieee80211_channel *chan; 331 332 /* 333 * Insure any previous mgt frame timeouts don't fire. 334 * This assumes the driver does the right thing in 335 * flushing anything queued in the driver and below. 336 */ 337 ic->ic_mgt_timer = 0; 338 ic->ic_flags_ext &= ~IEEE80211_FEXT_PROBECHAN; 339 340 chan = ic->ic_curchan; 341 do { 342 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 343 chan = &ic->ic_channels[0]; 344 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 345 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 346 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 347 "%s: chan %d->%d\n", __func__, 348 ieee80211_chan2ieee(ic, ic->ic_curchan), 349 ieee80211_chan2ieee(ic, chan)); 350 ic->ic_curchan = chan; 351 /* 352 * XXX drivers should do this as needed, 353 * XXX for now maintain compatibility 354 */ 355 ic->ic_bss->ni_rates = 356 ic->ic_sup_rates[ieee80211_chan2mode(ic, chan)]; 357 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 358 return 1; 359 } 360 } while (chan != ic->ic_curchan); 361 362 ieee80211_end_scan(ic); 363 return 0; 364 } 365 366 /* 367 * Probe the curent channel, if allowed, while scanning. 368 * If the channel is not marked passive-only then send 369 * a probe request immediately. Otherwise mark state and 370 * listen for beacons on the channel; if we receive something 371 * then we'll transmit a probe request. 372 */ 373 void 374 ieee80211_probe_curchan(struct ieee80211com *ic, int force) 375 { 376 struct ifnet *ifp = ic->ic_ifp; 377 378 if ((ic->ic_curchan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0 || force) { 379 /* 380 * XXX send both broadcast+directed probe request 381 */ 382 ieee80211_send_probereq(ic->ic_bss, 383 ic->ic_myaddr, ifp->if_broadcastaddr, 384 ifp->if_broadcastaddr, 385 ic->ic_des_essid, ic->ic_des_esslen, 386 ic->ic_opt_ie, ic->ic_opt_ie_len); 387 } else 388 ic->ic_flags_ext |= IEEE80211_FEXT_PROBECHAN; 389 } 390 391 static __inline void 392 copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss) 393 { 394 /* propagate useful state */ 395 nbss->ni_authmode = obss->ni_authmode; 396 nbss->ni_txpower = obss->ni_txpower; 397 nbss->ni_vlan = obss->ni_vlan; 398 nbss->ni_rsn = obss->ni_rsn; 399 /* XXX statistics? */ 400 } 401 402 void 403 ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 404 { 405 struct ieee80211_node_table *nt; 406 struct ieee80211_node *ni; 407 408 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 409 "%s: creating ibss\n", __func__); 410 411 /* 412 * Create the station/neighbor table. Note that for adhoc 413 * mode we make the initial inactivity timer longer since 414 * we create nodes only through discovery and they typically 415 * are long-lived associations. 416 */ 417 nt = &ic->ic_sta; 418 IEEE80211_NODE_LOCK(nt); 419 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 420 nt->nt_name = "station"; 421 nt->nt_inact_init = ic->ic_inact_init; 422 } else { 423 nt->nt_name = "neighbor"; 424 nt->nt_inact_init = ic->ic_inact_run; 425 } 426 IEEE80211_NODE_UNLOCK(nt); 427 428 ni = ieee80211_alloc_node(&ic->ic_sta, ic->ic_myaddr); 429 if (ni == NULL) { 430 /* XXX recovery? */ 431 return; 432 } 433 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 434 ni->ni_esslen = ic->ic_des_esslen; 435 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 436 copy_bss(ni, ic->ic_bss); 437 ni->ni_intval = ic->ic_bintval; 438 if (ic->ic_flags & IEEE80211_F_PRIVACY) 439 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 440 if (ic->ic_phytype == IEEE80211_T_FH) { 441 ni->ni_fhdwell = 200; /* XXX */ 442 ni->ni_fhindex = 1; 443 } 444 if (ic->ic_opmode == IEEE80211_M_IBSS) { 445 ic->ic_flags |= IEEE80211_F_SIBSS; 446 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */ 447 if (ic->ic_flags & IEEE80211_F_DESBSSID) 448 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 449 else 450 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 451 } 452 453 /* 454 * Fix the channel and related attributes. 455 */ 456 ieee80211_set_chan(ic, ni, chan); 457 ic->ic_curchan = chan; 458 ic->ic_curmode = ieee80211_chan2mode(ic, chan); 459 460 /* 461 * Do mode-specific rate setup. 462 */ 463 if (ic->ic_curmode == IEEE80211_MODE_11G) { 464 /* 465 * Use a mixed 11b/11g rate set. 466 */ 467 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11G); 468 } else if (ic->ic_curmode == IEEE80211_MODE_11B) { 469 /* 470 * Force pure 11b rate set. 471 */ 472 ieee80211_set11gbasicrates(&ni->ni_rates, IEEE80211_MODE_11B); 473 } 474 475 (void)ieee80211_sta_join(ic, ieee80211_ref_node(ni)); 476 } 477 478 void 479 ieee80211_reset_bss(struct ieee80211com *ic) 480 { 481 struct ieee80211_node *ni, *obss; 482 483 ieee80211_node_table_reset(&ic->ic_scan); 484 ieee80211_node_table_reset(&ic->ic_sta); 485 486 ni = ieee80211_alloc_node(&ic->ic_scan, ic->ic_myaddr); 487 IASSERT(ni != NULL, ("unable to setup initial BSS node")); 488 obss = ic->ic_bss; 489 ic->ic_bss = ieee80211_ref_node(ni); 490 if (obss != NULL) { 491 copy_bss(ni, obss); 492 ni->ni_intval = ic->ic_bintval; 493 ieee80211_free_node(obss); 494 } 495 } 496 497 /* XXX tunable */ 498 #define STA_FAILS_MAX 2 /* assoc failures before ignored */ 499 500 static int 501 ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 502 { 503 u_int8_t rate; 504 int fail; 505 506 fail = 0; 507 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 508 fail |= 0x01; 509 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 510 ni->ni_chan != ic->ic_des_chan) 511 fail |= 0x01; 512 513 if (ic->ic_opmode == IEEE80211_M_IBSS) { 514 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 515 fail |= 0x02; 516 } else { 517 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 518 fail |= 0x02; 519 } 520 521 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 522 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 523 fail |= 0x04; 524 } else { 525 /* XXX does this mean privacy is supported or required? */ 526 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 527 fail |= 0x04; 528 } 529 530 rate = ieee80211_fix_rate(ni, IEEE80211_R_DONEGO | IEEE80211_R_DOFRATE); 531 if (rate & IEEE80211_RATE_BASIC) 532 fail |= 0x08; 533 534 if (ic->ic_des_esslen != 0 && 535 (ni->ni_esslen != ic->ic_des_esslen || 536 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 537 fail |= 0x10; 538 539 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 540 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 541 fail |= 0x20; 542 543 if (ni->ni_fails >= STA_FAILS_MAX) 544 fail |= 0x40; 545 546 /* If no ESS/IBSS is desired, do not match any. */ 547 if (ic->ic_des_esslen == 0) 548 fail |= 0x80; 549 550 #ifdef IEEE80211_DEBUG 551 if (ieee80211_msg_scan(ic)) { 552 printf(" %c %s", 553 fail & 0x40 ? '=' : fail & 0x80 ? '^' : fail ? '-' : '+', 554 ether_sprintf(ni->ni_macaddr)); 555 printf(" %s%c", ether_sprintf(ni->ni_bssid), 556 fail & 0x20 ? '!' : ' '); 557 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 558 fail & 0x01 ? '!' : ' '); 559 printf(" %+4d", ni->ni_rssi); 560 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 561 fail & 0x08 ? '!' : ' '); 562 printf(" %4s%c", 563 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 564 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 565 "????", 566 fail & 0x02 ? '!' : ' '); 567 printf(" %3s%c ", 568 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 569 "wep" : "no", 570 fail & 0x04 ? '!' : ' '); 571 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 572 printf("%s\n", fail & 0x10 ? "!" : ""); 573 } 574 #endif 575 576 return fail; 577 } 578 579 static __inline u_int8_t 580 maxrate(const struct ieee80211_node *ni) 581 { 582 const struct ieee80211_rateset *rs = &ni->ni_rates; 583 /* NB: assumes rate set is sorted (happens on frame receive) */ 584 return rs->rs_rates[rs->rs_nrates-1] & IEEE80211_RATE_VAL; 585 } 586 587 /* 588 * Compare the capabilities of two nodes and decide which is 589 * more desirable (return >0 if a is considered better). Note 590 * that we assume compatibility/usability has already been checked 591 * so we don't need to (e.g. validate whether privacy is supported). 592 * Used to select the best scan candidate for association in a BSS. 593 */ 594 static int 595 ieee80211_node_compare(struct ieee80211com *ic, const struct ieee80211_node *a, 596 const struct ieee80211_node *b) 597 { 598 u_int8_t maxa, maxb; 599 u_int8_t rssia, rssib; 600 int weight; 601 602 /* privacy support preferred */ 603 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) && 604 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 605 return 1; 606 if ((a->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0 && 607 (b->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)) 608 return -1; 609 610 /* compare count of previous failures */ 611 weight = b->ni_fails - a->ni_fails; 612 if (abs(weight) > 1) 613 return weight; 614 615 rssia = ic->ic_node_getrssi(a); 616 rssib = ic->ic_node_getrssi(b); 617 if (abs(rssib - rssia) < 5) { 618 /* best/max rate preferred if signal level close enough XXX */ 619 maxa = maxrate(a); 620 maxb = maxrate(b); 621 if (maxa != maxb) 622 return maxa - maxb; 623 /* XXX use freq for channel preference */ 624 /* for now just prefer 5 GHz band to all other bands */ 625 if (IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 626 !IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 627 return 1; 628 if (!IEEE80211_IS_CHAN_5GHZ(a->ni_chan) && 629 IEEE80211_IS_CHAN_5GHZ(b->ni_chan)) 630 return -1; 631 } 632 /* all things being equal, use signal level */ 633 return rssia - rssib; 634 } 635 636 /* 637 * Mark an ongoing scan stopped. 638 */ 639 void 640 ieee80211_cancel_scan(struct ieee80211com *ic) 641 { 642 643 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "%s: end %s scan\n", 644 __func__, 645 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive"); 646 647 ic->ic_flags &= ~(IEEE80211_F_SCAN | IEEE80211_F_ASCAN); 648 ic->ic_flags_ext &= ~IEEE80211_FEXT_PROBECHAN; 649 } 650 651 /* 652 * Complete a scan of potential channels. 653 */ 654 void 655 ieee80211_end_scan(struct ieee80211com *ic) 656 { 657 struct ieee80211_node_table *nt = &ic->ic_scan; 658 struct ieee80211_node *ni, *selbs; 659 660 ieee80211_cancel_scan(ic); 661 ieee80211_notify_scan_done(ic); 662 663 #ifndef IEEE80211_NO_HOSTAP 664 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 665 u_int8_t maxrssi[IEEE80211_CHAN_MAX]; /* XXX off stack? */ 666 int i, bestchan; 667 u_int8_t rssi; 668 669 /* 670 * The passive scan to look for existing AP's completed, 671 * select a channel to camp on. Identify the channels 672 * that already have one or more AP's and try to locate 673 * an unoccupied one. If that fails, pick a channel that 674 * looks to be quietest. 675 */ 676 memset(maxrssi, 0, sizeof(maxrssi)); 677 IEEE80211_NODE_LOCK(nt); 678 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 679 rssi = ic->ic_node_getrssi(ni); 680 i = ieee80211_chan2ieee(ic, ni->ni_chan); 681 if (rssi > maxrssi[i]) 682 maxrssi[i] = rssi; 683 } 684 IEEE80211_NODE_UNLOCK(nt); 685 686 /* XXX select channel more intelligently */ 687 bestchan = -1; 688 for (i = 0; i < IEEE80211_CHAN_MAX; i++) { 689 if (isset(ic->ic_chan_active, i)) { 690 /* 691 * If the channel is unoccupied the max rssi 692 * should be zero; just take it. Otherwise 693 * track the channel with the lowest rssi and 694 * use that when all channels appear occupied. 695 */ 696 if (maxrssi[i] == 0) { 697 bestchan = i; 698 break; 699 } 700 if (bestchan == -1 || 701 maxrssi[i] < maxrssi[bestchan]) 702 bestchan = i; 703 } 704 } 705 if (bestchan != -1) { 706 ieee80211_create_ibss(ic, &ic->ic_channels[bestchan]); 707 return; 708 } 709 /* no suitable channel, should not happen */ 710 } 711 #endif /* !IEEE80211_NO_HOSTAP */ 712 713 /* 714 * When manually sequencing the state machine; scan just once 715 * regardless of whether we have a candidate or not. The 716 * controlling application is expected to setup state and 717 * initiate an association. 718 */ 719 if (ic->ic_roaming == IEEE80211_ROAMING_MANUAL) 720 return; 721 722 /* 723 * Automatic sequencing; look for a candidate and 724 * if found join the network. 725 */ 726 /* NB: unlocked read should be ok */ 727 if (TAILQ_FIRST(&nt->nt_node) == NULL) { 728 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 729 "%s: no scan candidate\n", __func__); 730 731 notfound: 732 if (ic->ic_opmode == IEEE80211_M_IBSS && 733 (ic->ic_flags & IEEE80211_F_IBSSON) && 734 ic->ic_des_esslen != 0) { 735 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 736 return; 737 } 738 739 /* 740 * Decrement the failure counts so entries will be 741 * reconsidered the next time around. We really want 742 * to do this only for sta's where we've previously 743 * had some success. 744 */ 745 IEEE80211_NODE_LOCK(nt); 746 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 747 if (ni->ni_fails) 748 ni->ni_fails--; 749 } 750 IEEE80211_NODE_UNLOCK(nt); 751 752 /* 753 * Reset the list of channels to scan and start again. 754 */ 755 ieee80211_reset_scan(ic); 756 ic->ic_flags |= IEEE80211_F_SCAN; 757 ieee80211_next_scan(ic); 758 return; 759 } 760 761 selbs = NULL; 762 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, "\t%s\n", 763 "macaddr bssid chan rssi rate flag wep essid"); 764 765 IEEE80211_NODE_LOCK(nt); 766 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 767 if (ieee80211_match_bss(ic, ni) == 0) { 768 if (selbs == NULL) 769 selbs = ni; 770 else if (ieee80211_node_compare(ic, ni, selbs) > 0) 771 selbs = ni; 772 } 773 } 774 if (selbs != NULL) /* NB: grab ref while dropping lock */ 775 (void)ieee80211_ref_node(selbs); 776 IEEE80211_NODE_UNLOCK(nt); 777 778 if (selbs == NULL) 779 goto notfound; 780 if (!ieee80211_sta_join(ic, selbs)) { 781 ieee80211_free_node(selbs); 782 goto notfound; 783 } 784 } 785 786 /* 787 * Handle 802.11 ad hoc network merge. The 788 * convention, set by the Wireless Ethernet Compatibility Alliance 789 * (WECA), is that an 802.11 station will change its BSSID to match 790 * the "oldest" 802.11 ad hoc network, on the same channel, that 791 * has the station's desired SSID. The "oldest" 802.11 network 792 * sends beacons with the greatest TSF timestamp. 793 * 794 * The caller is assumed to validate TSF's before attempting a merge. 795 * 796 * Return !0 if the BSSID changed, 0 otherwise. 797 */ 798 int 799 ieee80211_ibss_merge(struct ieee80211_node *ni) 800 { 801 struct ieee80211com *ic = ni->ni_ic; 802 803 if (ni == ic->ic_bss || 804 IEEE80211_ADDR_EQ(ni->ni_bssid, ic->ic_bss->ni_bssid)) { 805 /* unchanged, nothing to do */ 806 return 0; 807 } 808 if (ieee80211_match_bss(ic, ni) != 0) { /* capabilities mismatch */ 809 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 810 "%s: merge failed, capabilities mismatch\n", __func__); 811 ic->ic_stats.is_ibss_capmismatch++; 812 return 0; 813 } 814 if (!ieee80211_sta_join(ic, ieee80211_ref_node(ni))) 815 return 0; 816 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 817 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__, 818 ether_sprintf(ni->ni_bssid), 819 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long", 820 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long", 821 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : "" 822 ); 823 ic->ic_flags &= ~IEEE80211_F_SIBSS; 824 return 1; 825 } 826 827 /* 828 * Join the specified IBSS/BSS network. The node is assumed to 829 * be passed in with a held reference. 830 */ 831 int 832 ieee80211_sta_join(struct ieee80211com *ic, struct ieee80211_node *selbs) 833 { 834 struct ieee80211_node *obss; 835 836 if (ic->ic_opmode == IEEE80211_M_IBSS) { 837 struct ieee80211_node_table *nt; 838 839 /* 840 * Delete unusable rates; we've already checked 841 * that the negotiated rate set is acceptable. 842 */ 843 ieee80211_fix_rate(selbs, IEEE80211_R_DODEL); 844 845 /* 846 * Fill in the neighbor table; it will already 847 * exist if we are simply switching mastership. 848 * XXX ic_sta always setup so this is unnecessary? 849 */ 850 nt = &ic->ic_sta; 851 IEEE80211_NODE_LOCK(nt); 852 nt->nt_name = "neighbor"; 853 nt->nt_inact_init = ic->ic_inact_run; 854 IEEE80211_NODE_UNLOCK(nt); 855 } 856 857 /* 858 * Committed to selbs, setup state. 859 */ 860 obss = ic->ic_bss; 861 ic->ic_bss = selbs; /* NB: caller assumed to bump refcnt */ 862 if (obss != NULL) { 863 copy_bss(selbs, obss); 864 ieee80211_free_node(obss); 865 } 866 867 /* 868 * Set the erp state (mostly the slot time) to deal with 869 * the auto-select case; this should be redundant if the 870 * mode is locked. 871 */ 872 ic->ic_curmode = ieee80211_chan2mode(ic, selbs->ni_chan); 873 ic->ic_curchan = selbs->ni_chan; 874 ieee80211_reset_erp(ic); 875 ieee80211_wme_initparams(ic); 876 877 if (ic->ic_opmode == IEEE80211_M_STA) 878 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 879 else 880 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 881 return 1; 882 } 883 884 /* 885 * Leave the specified IBSS/BSS network. The node is assumed to 886 * be passed in with a held reference. 887 */ 888 void 889 ieee80211_sta_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 890 { 891 ic->ic_node_cleanup(ni); 892 ieee80211_notify_node_leave(ic, ni); 893 } 894 895 int 896 ieee80211_get_rate(const struct ieee80211_node * const ni) 897 { 898 #define RATE(_ix) (ni->ni_rates.rs_rates[(_ix)] & IEEE80211_RATE_VAL) 899 int ix, rate; 900 struct ieee80211com *ic = ni->ni_ic; 901 const struct ieee80211_rateset *rs; 902 903 IASSERT(ni != NULL, ("ni != NULL")); 904 IASSERT(ieee80211_node_refcnt(ni) > 0, 905 ("refcnt(ni) == %d", ieee80211_node_refcnt(ni))); 906 IASSERT(ic != NULL, ("ic != NULL")); 907 908 if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE) { 909 rs = &ic->ic_sup_rates[ic->ic_curmode]; 910 rate = rs->rs_rates[ic->ic_fixed_rate] & IEEE80211_RATE_VAL; 911 for (ix = ni->ni_rates.rs_nrates - 1; 912 ix >= 0 && RATE(ix) != rate; ix--) 913 ; 914 if (ix < 0) { 915 IEEE80211_DPRINTF(ic, IEEE80211_MSG_DEBUG, 916 "%s: fixed rate %d (%d.%d Mb/s) not in rate set", 917 __func__, ic->ic_fixed_rate, (rate * 5) / 10, 918 (rate * 5) % 10); 919 goto no_rate; 920 } 921 } else if (ic->ic_state == IEEE80211_S_RUN) { 922 rate = ni->ni_rates.rs_rates[ni->ni_txrate]; 923 } else { 924 no_rate: 925 rs = &ni->ni_rates; 926 /* Choose node's lowest basic rate, or else its lowest rate. */ 927 for (ix = 0; ix < rs->rs_nrates; ix++) { 928 if (rs->rs_rates[ix] & IEEE80211_RATE_BASIC) 929 return rs->rs_rates[ix] & IEEE80211_RATE_VAL; 930 } 931 return ni->ni_rates.rs_rates[0] & IEEE80211_RATE_VAL; 932 } 933 934 return rate & IEEE80211_RATE_VAL; 935 } 936 937 static struct ieee80211_node * 938 node_alloc(struct ieee80211_node_table *nt) 939 { 940 struct ieee80211_node *ni; 941 942 ni = malloc(sizeof(struct ieee80211_node), 943 M_80211_NODE, M_NOWAIT | M_ZERO); 944 return ni; 945 } 946 947 /* 948 * Reclaim any resources in a node and reset any critical 949 * state. Typically nodes are free'd immediately after, 950 * but in some cases the storage may be reused so we need 951 * to insure consistent state (should probably fix that). 952 */ 953 static void 954 node_cleanup(struct ieee80211_node *ni) 955 { 956 #define N(a) (sizeof(a)/sizeof(a[0])) 957 struct ieee80211com *ic = ni->ni_ic; 958 int i, qlen; 959 960 /* NB: preserve ni_table */ 961 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) { 962 ic->ic_ps_sta--; 963 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; 964 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, 965 "[%s] power save mode off, %u sta's in ps mode\n", 966 ether_sprintf(ni->ni_macaddr), ic->ic_ps_sta); 967 } 968 969 /* 970 * Clear AREF flag that marks the authorization refcnt bump 971 * has happened. This is probably not needed as the node 972 * should always be removed from the table so not found but 973 * do it just in case. 974 */ 975 ni->ni_flags &= ~IEEE80211_NODE_AREF; 976 977 /* 978 * Drain power save queue and, if needed, clear TIM. 979 */ 980 IEEE80211_NODE_SAVEQ_DRAIN(ni, qlen); 981 if (qlen != 0 && ic->ic_set_tim != NULL) 982 ic->ic_set_tim(ni, 0); 983 984 ni->ni_associd = 0; 985 if (ni->ni_challenge != NULL) { 986 free(ni->ni_challenge, M_DEVBUF); 987 ni->ni_challenge = NULL; 988 } 989 990 /* 991 * Preserve SSID, WPA, and WME ie's so the bss node is 992 * reusable during a re-auth/re-assoc state transition. 993 * If we remove these data they will not be recreated 994 * because they come from a probe-response or beacon frame 995 * which cannot be expected prior to the association-response. 996 * This should not be an issue when operating in other modes 997 * as stations leaving always go through a full state transition 998 * which will rebuild this state. 999 * 1000 * XXX does this leave us open to inheriting old state? 1001 */ 1002 for (i = 0; i < N(ni->ni_rxfrag); i++) { 1003 if (ni->ni_rxfrag[i] != NULL) { 1004 m_freem(ni->ni_rxfrag[i]); 1005 ni->ni_rxfrag[i] = NULL; 1006 } 1007 } 1008 1009 /* 1010 * Must be careful here to remove any key map entry w/o a LOR. 1011 */ 1012 ieee80211_node_delucastkey(ni); 1013 #undef N 1014 } 1015 1016 static void 1017 node_free(struct ieee80211_node *ni) 1018 { 1019 struct ieee80211com *ic = ni->ni_ic; 1020 1021 ic->ic_node_cleanup(ni); 1022 if (ni->ni_wpa_ie != NULL) 1023 free(ni->ni_wpa_ie, M_DEVBUF); 1024 if (ni->ni_wme_ie != NULL) 1025 free(ni->ni_wme_ie, M_DEVBUF); 1026 IEEE80211_NODE_SAVEQ_DESTROY(ni); 1027 free(ni, M_80211_NODE); 1028 } 1029 1030 static u_int8_t 1031 node_getrssi(const struct ieee80211_node *ni) 1032 { 1033 return ni->ni_rssi; 1034 } 1035 1036 static void 1037 ieee80211_setup_node(struct ieee80211_node_table *nt, 1038 struct ieee80211_node *ni, const u_int8_t *macaddr) 1039 { 1040 struct ieee80211com *ic = nt->nt_ic; 1041 int hash; 1042 1043 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1044 "%s %p<%s> in %s table\n", __func__, ni, 1045 ether_sprintf(macaddr), nt->nt_name); 1046 1047 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1048 hash = IEEE80211_NODE_HASH(macaddr); 1049 ieee80211_node_initref(ni); /* mark referenced */ 1050 ni->ni_chan = IEEE80211_CHAN_ANYC; 1051 ni->ni_authmode = IEEE80211_AUTH_OPEN; 1052 ni->ni_txpower = ic->ic_txpowlimit; /* max power */ 1053 ieee80211_crypto_resetkey(ic, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); 1054 ni->ni_inact_reload = nt->nt_inact_init; 1055 ni->ni_inact = ni->ni_inact_reload; 1056 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 1057 1058 IEEE80211_NODE_LOCK(nt); 1059 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); 1060 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); 1061 ni->ni_table = nt; 1062 ni->ni_ic = ic; 1063 IEEE80211_NODE_UNLOCK(nt); 1064 } 1065 1066 struct ieee80211_node * 1067 ieee80211_alloc_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 1068 { 1069 struct ieee80211com *ic = nt->nt_ic; 1070 struct ieee80211_node *ni; 1071 1072 ni = ic->ic_node_alloc(nt); 1073 if (ni != NULL) 1074 ieee80211_setup_node(nt, ni, macaddr); 1075 else 1076 ic->ic_stats.is_rx_nodealloc++; 1077 return ni; 1078 } 1079 1080 /* 1081 * Craft a temporary node suitable for sending a management frame 1082 * to the specified station. We craft only as much state as we 1083 * need to do the work since the node will be immediately reclaimed 1084 * once the send completes. 1085 */ 1086 struct ieee80211_node * 1087 ieee80211_tmp_node(struct ieee80211com *ic, const u_int8_t *macaddr) 1088 { 1089 struct ieee80211_node *ni; 1090 1091 ni = ic->ic_node_alloc(&ic->ic_sta); 1092 if (ni != NULL) { 1093 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1094 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr)); 1095 1096 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 1097 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 1098 ieee80211_node_initref(ni); /* mark referenced */ 1099 ni->ni_txpower = ic->ic_bss->ni_txpower; 1100 /* NB: required by ieee80211_fix_rate */ 1101 ieee80211_set_chan(ic, ni, ic->ic_bss->ni_chan); 1102 ieee80211_crypto_resetkey(ic, &ni->ni_ucastkey, 1103 IEEE80211_KEYIX_NONE); 1104 /* XXX optimize away */ 1105 IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); 1106 1107 ni->ni_table = NULL; /* NB: pedantic */ 1108 ni->ni_ic = ic; 1109 } else { 1110 /* XXX msg */ 1111 ic->ic_stats.is_rx_nodealloc++; 1112 } 1113 return ni; 1114 } 1115 1116 struct ieee80211_node * 1117 ieee80211_dup_bss(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 1118 { 1119 struct ieee80211com *ic = nt->nt_ic; 1120 struct ieee80211_node *ni; 1121 1122 ni = ic->ic_node_alloc(nt); 1123 if (ni != NULL) { 1124 ieee80211_setup_node(nt, ni, macaddr); 1125 /* 1126 * Inherit from ic_bss. 1127 */ 1128 ni->ni_authmode = ic->ic_bss->ni_authmode; 1129 ni->ni_txpower = ic->ic_bss->ni_txpower; 1130 ni->ni_vlan = ic->ic_bss->ni_vlan; /* XXX?? */ 1131 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 1132 ieee80211_set_chan(ic, ni, ic->ic_bss->ni_chan); 1133 ni->ni_rsn = ic->ic_bss->ni_rsn; 1134 } else { 1135 ic->ic_stats.is_rx_nodealloc++; 1136 } 1137 return ni; 1138 } 1139 1140 static struct ieee80211_node * 1141 #ifdef IEEE80211_DEBUG_REFCNT 1142 _ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1143 const u_int8_t *macaddr, const char *func, int line) 1144 #else 1145 _ieee80211_find_node(struct ieee80211_node_table *nt, 1146 const u_int8_t *macaddr) 1147 #endif 1148 { 1149 struct ieee80211_node *ni; 1150 int hash; 1151 1152 IEEE80211_NODE_LOCK_ASSERT(nt); 1153 1154 hash = IEEE80211_NODE_HASH(macaddr); 1155 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1156 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 1157 ieee80211_ref_node(ni); /* mark referenced */ 1158 #ifdef IEEE80211_DEBUG_REFCNT 1159 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1160 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1161 func, line, 1162 ni, ether_sprintf(ni->ni_macaddr), 1163 ieee80211_node_refcnt(ni)); 1164 #endif 1165 return ni; 1166 } 1167 } 1168 return NULL; 1169 } 1170 #ifdef IEEE80211_DEBUG_REFCNT 1171 #define _ieee80211_find_node(nt, mac) \ 1172 _ieee80211_find_node_debug(nt, mac, func, line) 1173 #endif 1174 1175 struct ieee80211_node * 1176 #ifdef IEEE80211_DEBUG_REFCNT 1177 ieee80211_find_node_debug(struct ieee80211_node_table *nt, 1178 const u_int8_t *macaddr, const char *func, int line) 1179 #else 1180 ieee80211_find_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) 1181 #endif 1182 { 1183 struct ieee80211_node *ni; 1184 1185 IEEE80211_NODE_LOCK(nt); 1186 ni = _ieee80211_find_node(nt, macaddr); 1187 IEEE80211_NODE_UNLOCK(nt); 1188 return ni; 1189 } 1190 1191 /* 1192 * Fake up a node; this handles node discovery in adhoc mode. 1193 * Note that for the driver's benefit we treat this like 1194 * an association so the driver has an opportunity to setup 1195 * its private state. 1196 */ 1197 struct ieee80211_node * 1198 ieee80211_fakeup_adhoc_node(struct ieee80211_node_table *nt, 1199 const u_int8_t macaddr[IEEE80211_ADDR_LEN]) 1200 { 1201 struct ieee80211com *ic = nt->nt_ic; 1202 struct ieee80211_node *ni; 1203 1204 ni = ieee80211_dup_bss(nt, macaddr); 1205 if (ni != NULL) { 1206 /* XXX no rate negotiation; just dup */ 1207 ni->ni_rates = ic->ic_bss->ni_rates; 1208 if (ic->ic_newassoc != NULL) 1209 ic->ic_newassoc(ni, 1); 1210 /* XXX not right for 802.1x/WPA */ 1211 ieee80211_node_authorize(ni); 1212 } 1213 return ni; 1214 } 1215 1216 #ifdef IEEE80211_DEBUG 1217 static void 1218 dump_probe_beacon(u_int8_t subtype, int isnew, 1219 const u_int8_t mac[IEEE80211_ADDR_LEN], 1220 const struct ieee80211_scanparams *sp) 1221 { 1222 1223 printf("[%s] %s%s on chan %u (bss chan %u) ", 1224 ether_sprintf(mac), isnew ? "new " : "", 1225 ieee80211_mgt_subtype_name[subtype >> IEEE80211_FC0_SUBTYPE_SHIFT], 1226 sp->sp_chan, sp->sp_bchan); 1227 ieee80211_print_essid(sp->sp_ssid + 2, sp->sp_ssid[1]); 1228 printf("\n"); 1229 1230 if (isnew) { 1231 printf("[%s] caps 0x%x bintval %u erp 0x%x", 1232 ether_sprintf(mac), sp->sp_capinfo, sp->sp_bintval, 1233 sp->sp_erp); 1234 if (sp->sp_country != NULL) { 1235 #ifdef __FreeBSD__ 1236 printf(" country info %*D", 1237 sp->sp_country[1], sp->sp_country+2, " "); 1238 #else 1239 int i; 1240 printf(" country info"); 1241 for (i = 0; i < sp->sp_country[1]; i++) 1242 printf(" %02x", sp->sp_country[i+2]); 1243 #endif 1244 } 1245 printf("\n"); 1246 } 1247 } 1248 #endif /* IEEE80211_DEBUG */ 1249 1250 static void 1251 saveie(u_int8_t **iep, const u_int8_t *ie) 1252 { 1253 1254 if (ie == NULL) 1255 *iep = NULL; 1256 else 1257 ieee80211_saveie(iep, ie); 1258 } 1259 1260 /* 1261 * Process a beacon or probe response frame. 1262 */ 1263 void 1264 ieee80211_add_scan(struct ieee80211com *ic, 1265 const struct ieee80211_scanparams *sp, const struct ieee80211_frame *wh, 1266 int subtype, int rssi, int rstamp) 1267 { 1268 #define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1269 struct ieee80211_node_table *nt = &ic->ic_scan; 1270 struct ieee80211_node *ni; 1271 int newnode = 0; 1272 1273 ni = ieee80211_find_node(nt, wh->i_addr2); 1274 if (ni == NULL) { 1275 /* 1276 * Create a new entry. 1277 */ 1278 ni = ic->ic_node_alloc(nt); 1279 if (ni == NULL) { 1280 ic->ic_stats.is_rx_nodealloc++; 1281 return; 1282 } 1283 ieee80211_setup_node(nt, ni, wh->i_addr2); 1284 1285 /* 1286 * XXX inherit from ic_bss. 1287 */ 1288 ni->ni_authmode = ic->ic_bss->ni_authmode; 1289 ni->ni_txpower = ic->ic_bss->ni_txpower; 1290 ni->ni_vlan = ic->ic_bss->ni_vlan; /* XXX?? */ 1291 ieee80211_set_chan(ic, ni, ic->ic_curchan); 1292 ni->ni_rsn = ic->ic_bss->ni_rsn; 1293 newnode = 1; 1294 } 1295 1296 #ifdef IEEE80211_DEBUG 1297 if (ieee80211_msg_scan(ic) && (ic->ic_flags & IEEE80211_F_SCAN)) 1298 dump_probe_beacon(subtype, newnode, wh->i_addr2, sp); 1299 #endif 1300 1301 /* XXX ap beaconing multiple ssid w/ same bssid */ 1302 if (sp->sp_ssid[1] != 0 && (ISPROBE(subtype) || ni->ni_esslen == 0)) { 1303 ni->ni_esslen = sp->sp_ssid[1]; 1304 memset(ni->ni_essid, 0, sizeof(ni->ni_essid)); 1305 memcpy(ni->ni_essid, sp->sp_ssid + 2, sp->sp_ssid[1]); 1306 } 1307 1308 ni->ni_scangen = ic->ic_scan.nt_scangen; 1309 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1310 ni->ni_rssi = rssi; 1311 ni->ni_rstamp = rstamp; 1312 memcpy(ni->ni_tstamp.data, sp->sp_tstamp, sizeof(ni->ni_tstamp)); 1313 ni->ni_intval = sp->sp_bintval; 1314 ni->ni_capinfo = sp->sp_capinfo; 1315 ni->ni_chan = &ic->ic_channels[sp->sp_chan]; 1316 ni->ni_fhdwell = sp->sp_fhdwell; 1317 ni->ni_fhindex = sp->sp_fhindex; 1318 ni->ni_erp = sp->sp_erp; 1319 1320 if (sp->sp_tim != NULL) { 1321 struct ieee80211_tim_ie *ie = 1322 (struct ieee80211_tim_ie *)sp->sp_tim; 1323 1324 ni->ni_dtim_count = ie->tim_count; 1325 ni->ni_dtim_period = ie->tim_period; 1326 } 1327 1328 /* 1329 * Record the byte offset from the mac header to 1330 * the start of the TIM information element for 1331 * use by hardware and/or to speedup software 1332 * processing of beacon frames. 1333 */ 1334 ni->ni_timoff = sp->sp_timoff; 1335 1336 /* 1337 * Record optional information elements that might be 1338 * used by applications or drivers. 1339 */ 1340 saveie(&ni->ni_wme_ie, sp->sp_wme); 1341 saveie(&ni->ni_wpa_ie, sp->sp_wpa); 1342 1343 /* NB: must be after ni_chan is setup */ 1344 ieee80211_setup_rates(ni, sp->sp_rates, sp->sp_xrates, 1345 IEEE80211_R_DOSORT); 1346 1347 if (!newnode) 1348 ieee80211_free_node(ni); 1349 #undef ISPROBE 1350 } 1351 1352 void 1353 ieee80211_init_neighbor(struct ieee80211com *ic, struct ieee80211_node *ni, 1354 const struct ieee80211_frame *wh, const struct ieee80211_scanparams *sp, 1355 int isnew) 1356 { 1357 ni->ni_esslen = sp->sp_ssid[1]; 1358 memcpy(ni->ni_essid, sp->sp_ssid + 2, sp->sp_ssid[1]); 1359 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); 1360 memcpy(ni->ni_tstamp.data, sp->sp_tstamp, sizeof(ni->ni_tstamp)); 1361 ni->ni_intval = sp->sp_bintval; 1362 ni->ni_capinfo = sp->sp_capinfo; 1363 ni->ni_chan = ic->ic_bss->ni_chan; 1364 ni->ni_fhdwell = sp->sp_fhdwell; 1365 ni->ni_fhindex = sp->sp_fhindex; 1366 ni->ni_erp = sp->sp_erp; 1367 ni->ni_timoff = sp->sp_timoff; 1368 if (sp->sp_wme != NULL) 1369 ieee80211_saveie(&ni->ni_wme_ie, sp->sp_wme); 1370 if (sp->sp_wpa != NULL) 1371 ieee80211_saveie(&ni->ni_wpa_ie, sp->sp_wpa); 1372 1373 /* NB: must be after ni_chan is setup */ 1374 ieee80211_setup_rates(ni, sp->sp_rates, sp->sp_xrates, 1375 IEEE80211_R_DODEL | IEEE80211_R_DONEGO | IEEE80211_R_DOSORT); 1376 1377 if (ic->ic_newassoc != NULL) 1378 ic->ic_newassoc(ni, isnew); 1379 } 1380 1381 /* 1382 * Do node discovery in adhoc mode on receipt of a beacon 1383 * or probe response frame. Note that for the driver's 1384 * benefit we treat this like an association so the 1385 * driver has an opportunity to setup its private state. 1386 */ 1387 struct ieee80211_node * 1388 ieee80211_add_neighbor(struct ieee80211com *ic, 1389 const struct ieee80211_frame *wh, 1390 const struct ieee80211_scanparams *sp) 1391 { 1392 struct ieee80211_node *ni; 1393 1394 ni = ieee80211_dup_bss(&ic->ic_sta, wh->i_addr2);/* XXX alloc_node? */ 1395 if (ni != NULL) { 1396 ieee80211_init_neighbor(ic, ni, wh, sp, 1); 1397 /* XXX not right for 802.1x/WPA */ 1398 ieee80211_node_authorize(ni); 1399 } 1400 return ni; 1401 } 1402 1403 #define IS_CTL(wh) \ 1404 ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == IEEE80211_FC0_TYPE_CTL) 1405 #define IS_PSPOLL(wh) \ 1406 ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == IEEE80211_FC0_SUBTYPE_PS_POLL) 1407 /* 1408 * Locate the node for sender, track state, and then pass the 1409 * (referenced) node up to the 802.11 layer for its use. We 1410 * are required to pass some node so we fall back to ic_bss 1411 * when this frame is from an unknown sender. The 802.11 layer 1412 * knows this means the sender wasn't in the node table and 1413 * acts accordingly. 1414 */ 1415 struct ieee80211_node * 1416 #ifdef IEEE80211_DEBUG_REFCNT 1417 ieee80211_find_rxnode_debug(struct ieee80211com *ic, 1418 const struct ieee80211_frame_min *wh, const char *func, int line) 1419 #else 1420 ieee80211_find_rxnode(struct ieee80211com *ic, 1421 const struct ieee80211_frame_min *wh) 1422 #endif 1423 { 1424 struct ieee80211_node_table *nt; 1425 struct ieee80211_node *ni; 1426 1427 /* XXX may want scanned nodes in the neighbor table for adhoc */ 1428 if (ic->ic_opmode == IEEE80211_M_STA || 1429 ic->ic_opmode == IEEE80211_M_MONITOR || 1430 (ic->ic_flags & IEEE80211_F_SCAN)) 1431 nt = &ic->ic_scan; 1432 else 1433 nt = &ic->ic_sta; 1434 1435 /* XXX check ic_bss first in station mode */ 1436 /* XXX 4-address frames? */ 1437 IEEE80211_NODE_LOCK(nt); 1438 if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/) 1439 ni = _ieee80211_find_node(nt, wh->i_addr1); 1440 else 1441 ni = _ieee80211_find_node(nt, wh->i_addr2); 1442 if (ni == NULL) 1443 ni = ieee80211_ref_node(ic->ic_bss); 1444 IEEE80211_NODE_UNLOCK(nt); 1445 1446 return ni; 1447 } 1448 1449 /* 1450 * Like ieee80211_find_rxnode but use the supplied h/w 1451 * key index as a hint to locate the node in the key 1452 * mapping table. If an entry is present at the key 1453 * index we return it; otherwise do a normal lookup and 1454 * update the mapping table if the station has a unicast 1455 * key assigned to it. 1456 */ 1457 struct ieee80211_node * 1458 #ifdef IEEE80211_DEBUG_REFCNT 1459 ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic, 1460 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix, 1461 const char *func, int line) 1462 #else 1463 ieee80211_find_rxnode_withkey(struct ieee80211com *ic, 1464 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix) 1465 #endif 1466 { 1467 struct ieee80211_node_table *nt; 1468 struct ieee80211_node *ni; 1469 1470 if (ic->ic_opmode == IEEE80211_M_STA || 1471 ic->ic_opmode == IEEE80211_M_MONITOR || 1472 (ic->ic_flags & IEEE80211_F_SCAN)) { 1473 nt = &ic->ic_scan; 1474 } else { 1475 nt = &ic->ic_sta; 1476 } 1477 1478 IEEE80211_NODE_LOCK(nt); 1479 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1480 ni = nt->nt_keyixmap[keyix]; 1481 } else { 1482 ni = NULL; 1483 } 1484 if (ni == NULL) { 1485 if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/) 1486 ni = _ieee80211_find_node(nt, wh->i_addr1); 1487 else 1488 ni = _ieee80211_find_node(nt, wh->i_addr2); 1489 if (ni == NULL) 1490 ni = ieee80211_ref_node(ic->ic_bss); 1491 if (nt->nt_keyixmap != NULL) { 1492 /* 1493 * If the station has a unicast key cache slot 1494 * assigned update the key->node mapping table. 1495 */ 1496 keyix = ni->ni_ucastkey.wk_rxkeyix; 1497 /* XXX can keyixmap[keyix] != NULL? */ 1498 if (keyix < nt->nt_keyixmax && 1499 nt->nt_keyixmap[keyix] == NULL) { 1500 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1501 "%s: add key map entry %p<%s> refcnt %d\n", 1502 __func__, ni, ether_sprintf(ni->ni_macaddr), 1503 ieee80211_node_refcnt(ni)+1); 1504 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni); 1505 } 1506 } 1507 } else { 1508 ieee80211_ref_node(ni); 1509 } 1510 IEEE80211_NODE_UNLOCK(nt); 1511 1512 return ni; 1513 } 1514 #undef IS_PSPOLL 1515 #undef IS_CTL 1516 1517 /* 1518 * Return a reference to the appropriate node for sending 1519 * a data frame. This handles node discovery in adhoc networks. 1520 */ 1521 struct ieee80211_node * 1522 #ifdef IEEE80211_DEBUG_REFCNT 1523 ieee80211_find_txnode_debug(struct ieee80211com *ic, const u_int8_t *macaddr, 1524 const char *func, int line) 1525 #else 1526 ieee80211_find_txnode(struct ieee80211com *ic, const u_int8_t *macaddr) 1527 #endif 1528 { 1529 struct ieee80211_node_table *nt = &ic->ic_sta; 1530 struct ieee80211_node *ni; 1531 1532 /* 1533 * The destination address should be in the node table 1534 * unless this is a multicast/broadcast frame. We can 1535 * also optimize station mode operation, all frames go 1536 * to the bss node. 1537 */ 1538 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 1539 IEEE80211_NODE_LOCK(nt); 1540 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 1541 ni = ieee80211_ref_node(ic->ic_bss); 1542 else 1543 ni = _ieee80211_find_node(nt, macaddr); 1544 IEEE80211_NODE_UNLOCK(nt); 1545 1546 if (ni == NULL) { 1547 if (ic->ic_opmode == IEEE80211_M_IBSS || 1548 ic->ic_opmode == IEEE80211_M_AHDEMO) { 1549 /* 1550 * In adhoc mode cons up a node for the destination. 1551 * Note that we need an additional reference for the 1552 * caller to be consistent with _ieee80211_find_node. 1553 */ 1554 ni = ieee80211_fakeup_adhoc_node(nt, macaddr); 1555 if (ni != NULL) 1556 (void)ieee80211_ref_node(ni); 1557 } else { 1558 IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, 1559 "[%s] no node, discard frame (%s)\n", 1560 ether_sprintf(macaddr), __func__); 1561 ic->ic_stats.is_tx_nonode++; 1562 } 1563 } 1564 return ni; 1565 } 1566 1567 /* 1568 * Like find but search based on the channel too. 1569 */ 1570 struct ieee80211_node * 1571 #ifdef IEEE80211_DEBUG_REFCNT 1572 ieee80211_find_node_with_channel_debug(struct ieee80211_node_table *nt, 1573 const u_int8_t *macaddr, struct ieee80211_channel *chan, 1574 const char *func, int line) 1575 #else 1576 ieee80211_find_node_with_channel(struct ieee80211_node_table *nt, 1577 const u_int8_t *macaddr, struct ieee80211_channel *chan) 1578 #endif 1579 { 1580 struct ieee80211_node *ni; 1581 int hash; 1582 1583 hash = IEEE80211_NODE_HASH(macaddr); 1584 1585 IEEE80211_NODE_LOCK(nt); 1586 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1587 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1588 ni->ni_chan == chan) { 1589 ieee80211_ref_node(ni); /* mark referenced */ 1590 #ifdef IEEE80211_DEBUG_REFCNT 1591 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1592 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1593 func, line, 1594 ni, ether_sprintf(ni->ni_macaddr), 1595 ieee80211_node_refcnt(ni)); 1596 #else 1597 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 1598 "%s %p<%s> refcnt %d\n", __func__, 1599 ni, ether_sprintf(ni->ni_macaddr), 1600 ieee80211_node_refcnt(ni)); 1601 #endif 1602 break; 1603 } 1604 } 1605 IEEE80211_NODE_UNLOCK(nt); 1606 1607 return ni; 1608 } 1609 1610 struct ieee80211_node * 1611 ieee80211_refine_node_for_beacon(struct ieee80211com *ic, 1612 struct ieee80211_node *ni0, struct ieee80211_channel *chan, 1613 const u_int8_t *ssid) 1614 { 1615 struct ieee80211_node_table *nt = ni0->ni_table; 1616 struct ieee80211_node *best, *ni; 1617 int best_score = 0, score; 1618 1619 if (nt == NULL) 1620 return ni0; 1621 1622 best = ni0; 1623 if (ssid[1] == 0 || best->ni_esslen == 0) 1624 best_score = 1; 1625 else if (ssid[1] == best->ni_esslen && 1626 memcmp(ssid + 2, best->ni_essid, ssid[1]) == 0) 1627 best_score = 2; 1628 else 1629 best_score = 0; 1630 1631 IEEE80211_NODE_LOCK(nt); 1632 for (ni = LIST_NEXT(ni0, ni_hash); ni != NULL; 1633 ni = LIST_NEXT(ni, ni_hash)) { 1634 if (!IEEE80211_ADDR_EQ(ni->ni_macaddr, best->ni_macaddr) || 1635 ni->ni_ic != best->ni_ic || ni->ni_chan != chan) 1636 continue; 1637 1638 if (ssid[1] == 0 || ni->ni_esslen == 0) 1639 score = 1; 1640 else if (ssid[1] == ni->ni_esslen && 1641 memcmp(ssid + 2, ni->ni_essid, ssid[1]) == 0) 1642 score = 2; 1643 else 1644 continue; 1645 1646 if (score > best_score) { 1647 best = ni; 1648 best_score = score; 1649 } 1650 } 1651 IEEE80211_NODE_UNLOCK(nt); 1652 1653 return best; 1654 } 1655 1656 /* 1657 * Like find but search based on the ssid too. 1658 */ 1659 struct ieee80211_node * 1660 #ifdef IEEE80211_DEBUG_REFCNT 1661 ieee80211_find_node_with_ssid_debug(struct ieee80211_node_table *nt, 1662 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid, 1663 const char *func, int line) 1664 #else 1665 ieee80211_find_node_with_ssid(struct ieee80211_node_table *nt, 1666 const u_int8_t *macaddr, u_int ssidlen, const u_int8_t *ssid) 1667 #endif 1668 { 1669 #define MATCH_SSID(ni, ssid, ssidlen) \ 1670 (ni->ni_esslen == ssidlen && memcmp(ni->ni_essid, ssid, ssidlen) == 0) 1671 static const u_int8_t zeromac[IEEE80211_ADDR_LEN]; 1672 struct ieee80211com *ic = nt->nt_ic; 1673 struct ieee80211_node *ni; 1674 int hash; 1675 1676 IEEE80211_NODE_LOCK(nt); 1677 __USE(ic); 1678 1679 /* 1680 * A mac address that is all zero means match only the ssid; 1681 * otherwise we must match both. 1682 */ 1683 if (IEEE80211_ADDR_EQ(macaddr, zeromac)) { 1684 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1685 if (MATCH_SSID(ni, ssid, ssidlen)) 1686 break; 1687 } 1688 } else { 1689 hash = IEEE80211_NODE_HASH(macaddr); 1690 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { 1691 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr) && 1692 MATCH_SSID(ni, ssid, ssidlen)) 1693 break; 1694 } 1695 } 1696 if (ni != NULL) { 1697 ieee80211_ref_node(ni); /* mark referenced */ 1698 #ifdef IEEE80211_DEBUG_REFCNT 1699 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1700 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, 1701 func, line, 1702 ni, ether_sprintf(ni->ni_macaddr), 1703 ieee80211_node_refcnt(ni)); 1704 #else 1705 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1706 "%s %p<%s> refcnt %d\n", __func__, 1707 ni, ether_sprintf(ni->ni_macaddr), 1708 ieee80211_node_refcnt(ni)); 1709 #endif 1710 } 1711 1712 IEEE80211_NODE_UNLOCK(nt); 1713 1714 return ni; 1715 #undef MATCH_SSID 1716 } 1717 1718 static void 1719 _ieee80211_free_node(struct ieee80211_node *ni) 1720 { 1721 struct ieee80211com *ic = ni->ni_ic; 1722 struct ieee80211_node_table *nt = ni->ni_table; 1723 1724 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1725 "%s %p<%s> in %s table\n", __func__, ni, 1726 ether_sprintf(ni->ni_macaddr), 1727 nt != NULL ? nt->nt_name : "<gone>"); 1728 1729 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1730 if (nt != NULL) { 1731 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1732 LIST_REMOVE(ni, ni_hash); 1733 } 1734 ic->ic_node_free(ni); 1735 } 1736 1737 void 1738 #ifdef IEEE80211_DEBUG_REFCNT 1739 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) 1740 #else 1741 ieee80211_free_node(struct ieee80211_node *ni) 1742 #endif 1743 { 1744 struct ieee80211_node_table *nt = ni->ni_table; 1745 1746 #ifdef IEEE80211_DEBUG_REFCNT 1747 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1748 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, 1749 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1); 1750 #endif 1751 1752 if (nt != NULL) { 1753 IEEE80211_NODE_LOCK(nt); 1754 if (ieee80211_node_dectestref(ni)) { 1755 /* 1756 * Last reference, reclaim state. 1757 */ 1758 _ieee80211_free_node(ni); 1759 } else if (ieee80211_node_refcnt(ni) == 1 && 1760 nt->nt_keyixmap != NULL) { 1761 ieee80211_keyix keyix; 1762 1763 /* 1764 * Check for a last reference in the key mapping table. 1765 */ 1766 keyix = ni->ni_ucastkey.wk_rxkeyix; 1767 if (keyix < nt->nt_keyixmax && 1768 nt->nt_keyixmap[keyix] == ni) { 1769 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1770 "%s: %p<%s> clear key map entry", __func__, 1771 ni, ether_sprintf(ni->ni_macaddr)); 1772 nt->nt_keyixmap[keyix] = NULL; 1773 ieee80211_node_decref(ni); /* XXX needed? */ 1774 _ieee80211_free_node(ni); 1775 } 1776 } 1777 IEEE80211_NODE_UNLOCK(nt); 1778 } else { 1779 if (ieee80211_node_dectestref(ni)) 1780 _ieee80211_free_node(ni); 1781 } 1782 } 1783 1784 /* 1785 * Reclaim a unicast key and clear any key cache state. 1786 */ 1787 int 1788 ieee80211_node_delucastkey(struct ieee80211_node *ni) 1789 { 1790 struct ieee80211com *ic = ni->ni_ic; 1791 struct ieee80211_node_table *nt = &ic->ic_sta; 1792 struct ieee80211_node *nikey; 1793 ieee80211_keyix keyix; 1794 int isowned, status; 1795 1796 /* 1797 * NB: We must beware of LOR here; deleting the key 1798 * can cause the crypto layer to block traffic updates 1799 * which can generate a LOR against the node table lock; 1800 * grab it here and stash the key index for our use below. 1801 * 1802 * Must also beware of recursion on the node table lock. 1803 * When called from node_cleanup we may already have 1804 * the node table lock held. Unfortunately there's no 1805 * way to separate out this path so we must do this 1806 * conditionally. 1807 */ 1808 isowned = IEEE80211_NODE_IS_LOCKED(nt); 1809 if (!isowned) 1810 IEEE80211_NODE_LOCK(nt); 1811 keyix = ni->ni_ucastkey.wk_rxkeyix; 1812 status = ieee80211_crypto_delkey(ic, &ni->ni_ucastkey); 1813 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) { 1814 nikey = nt->nt_keyixmap[keyix]; 1815 nt->nt_keyixmap[keyix] = NULL; 1816 } else 1817 nikey = NULL; 1818 if (!isowned) 1819 IEEE80211_NODE_UNLOCK(&ic->ic_sta); 1820 1821 if (nikey != NULL) { 1822 IASSERT(nikey == ni, 1823 ("key map out of sync, ni %p nikey %p", ni, nikey)); 1824 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1825 "%s: delete key map entry %p<%s> refcnt %d\n", 1826 __func__, ni, ether_sprintf(ni->ni_macaddr), 1827 ieee80211_node_refcnt(ni)-1); 1828 ieee80211_free_node(ni); 1829 } 1830 return status; 1831 } 1832 1833 /* 1834 * Reclaim a node. If this is the last reference count then 1835 * do the normal free work. Otherwise remove it from the node 1836 * table and mark it gone by clearing the back-reference. 1837 */ 1838 static void 1839 node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) 1840 { 1841 ieee80211_keyix keyix; 1842 1843 IEEE80211_NODE_LOCK_ASSERT(nt); 1844 1845 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1846 "%s: remove %p<%s> from %s table, refcnt %d\n", 1847 __func__, ni, ether_sprintf(ni->ni_macaddr), 1848 nt->nt_name, ieee80211_node_refcnt(ni)-1); 1849 /* 1850 * Clear any entry in the unicast key mapping table. 1851 * We need to do it here so rx lookups don't find it 1852 * in the mapping table even if it's not in the hash 1853 * table. We cannot depend on the mapping table entry 1854 * being cleared because the node may not be free'd. 1855 */ 1856 keyix = ni->ni_ucastkey.wk_rxkeyix; 1857 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax && 1858 nt->nt_keyixmap[keyix] == ni) { 1859 IEEE80211_DPRINTF(ni->ni_ic, IEEE80211_MSG_NODE, 1860 "%s: %p<%s> clear key map entry\n", 1861 __func__, ni, ether_sprintf(ni->ni_macaddr)); 1862 nt->nt_keyixmap[keyix] = NULL; 1863 ieee80211_node_decref(ni); /* NB: don't need free */ 1864 } 1865 if (!ieee80211_node_dectestref(ni)) { 1866 /* 1867 * Other references are present, just remove the 1868 * node from the table so it cannot be found. When 1869 * the references are dropped storage will be 1870 * reclaimed. 1871 */ 1872 TAILQ_REMOVE(&nt->nt_node, ni, ni_list); 1873 LIST_REMOVE(ni, ni_hash); 1874 ni->ni_table = NULL; /* clear reference */ 1875 } else 1876 _ieee80211_free_node(ni); 1877 } 1878 1879 static void 1880 ieee80211_free_allnodes_locked(struct ieee80211_node_table *nt) 1881 { 1882 struct ieee80211com *ic = nt->nt_ic; 1883 struct ieee80211_node *ni; 1884 1885 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1886 "%s: free all nodes in %s table\n", __func__, nt->nt_name); 1887 1888 while ((ni = TAILQ_FIRST(&nt->nt_node)) != NULL) { 1889 if (ni->ni_associd != 0) { 1890 if (ic->ic_auth->ia_node_leave != NULL) 1891 ic->ic_auth->ia_node_leave(ic, ni); 1892 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 1893 } 1894 node_reclaim(nt, ni); 1895 } 1896 ieee80211_reset_erp(ic); 1897 } 1898 1899 static void 1900 ieee80211_free_allnodes(struct ieee80211_node_table *nt) 1901 { 1902 1903 IEEE80211_NODE_LOCK(nt); 1904 ieee80211_free_allnodes_locked(nt); 1905 IEEE80211_NODE_UNLOCK(nt); 1906 } 1907 1908 /* 1909 * Timeout entries in the scan cache. 1910 */ 1911 static void 1912 ieee80211_timeout_scan_candidates(struct ieee80211_node_table *nt) 1913 { 1914 struct ieee80211com *ic = nt->nt_ic; 1915 struct ieee80211_node *ni, *tni; 1916 1917 IEEE80211_NODE_LOCK(nt); 1918 ni = ic->ic_bss; 1919 /* XXX belongs elsewhere */ 1920 if (ni->ni_rxfrag[0] != NULL && ticks > ni->ni_rxfragstamp + hz) { 1921 m_freem(ni->ni_rxfrag[0]); 1922 ni->ni_rxfrag[0] = NULL; 1923 } 1924 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, tni) { 1925 if (ni->ni_inact && --ni->ni_inact == 0) { 1926 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1927 "[%s] scan candidate purged from cache " 1928 "(refcnt %u)\n", ether_sprintf(ni->ni_macaddr), 1929 ieee80211_node_refcnt(ni)); 1930 node_reclaim(nt, ni); 1931 } 1932 } 1933 IEEE80211_NODE_UNLOCK(nt); 1934 1935 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 1936 } 1937 1938 /* 1939 * Timeout inactive stations and do related housekeeping. 1940 * Note that we cannot hold the node lock while sending a 1941 * frame as this would lead to a LOR. Instead we use a 1942 * generation number to mark nodes that we've scanned and 1943 * drop the lock and restart a scan if we have to time out 1944 * a node. Since we are single-threaded by virtue of 1945 * controlling the inactivity timer we can be sure this will 1946 * process each node only once. 1947 */ 1948 static void 1949 ieee80211_timeout_stations(struct ieee80211_node_table *nt) 1950 { 1951 struct ieee80211com *ic = nt->nt_ic; 1952 struct ieee80211_node *ni; 1953 u_int gen; 1954 int isadhoc; 1955 1956 isadhoc = (ic->ic_opmode == IEEE80211_M_IBSS || 1957 ic->ic_opmode == IEEE80211_M_AHDEMO); 1958 IEEE80211_SCAN_LOCK(nt); 1959 gen = ++nt->nt_scangen; 1960 IEEE80211_SCAN_UNLOCK(nt); 1961 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 1962 "%s: %s scangen %u\n", __func__, nt->nt_name, gen); 1963 restart: 1964 IEEE80211_SCAN_LOCK(nt); 1965 if (gen != nt->nt_scangen) { 1966 printf("%s: scan aborted %u\n", __func__, gen); 1967 IEEE80211_SCAN_UNLOCK(nt); 1968 return; 1969 } 1970 IEEE80211_SCAN_UNLOCK(nt); 1971 1972 IEEE80211_NODE_LOCK(nt); 1973 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 1974 if (ni->ni_scangen == gen) /* previously handled */ 1975 continue; 1976 ni->ni_scangen = gen; 1977 /* 1978 * Ignore entries for which have yet to receive an 1979 * authentication frame. These are transient and 1980 * will be reclaimed when the last reference to them 1981 * goes away (when frame xmits complete). 1982 */ 1983 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 1984 (ni->ni_flags & IEEE80211_NODE_AREF) == 0) 1985 continue; 1986 /* 1987 * Free fragment if not needed anymore 1988 * (last fragment older than 1s). 1989 * XXX doesn't belong here 1990 */ 1991 if (ni->ni_rxfrag[0] != NULL && 1992 ticks > ni->ni_rxfragstamp + hz) { 1993 m_freem(ni->ni_rxfrag[0]); 1994 ni->ni_rxfrag[0] = NULL; 1995 } 1996 /* 1997 * Special case ourself; we may be idle for extended periods 1998 * of time and regardless reclaiming our state is wrong. 1999 */ 2000 if (ni == ic->ic_bss) 2001 continue; 2002 ni->ni_inact--; 2003 if (ni->ni_associd != 0 || isadhoc) { 2004 /* 2005 * Age frames on the power save queue. The 2006 * aging interval is 4 times the listen 2007 * interval specified by the station. This 2008 * number is factored into the age calculations 2009 * when the frame is placed on the queue. We 2010 * store ages as time differences we can check 2011 * and/or adjust only the head of the list. 2012 */ 2013 if (IEEE80211_NODE_SAVEQ_QLEN(ni) != 0) { 2014 struct mbuf *m; 2015 int discard = 0; 2016 2017 IEEE80211_NODE_SAVEQ_LOCK(ni); 2018 while (IF_POLL(&ni->ni_savedq, m) != NULL && 2019 M_AGE_GET(m) < IEEE80211_INACT_WAIT) { 2020 IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, "[%s] discard frame, age %u\n", ether_sprintf(ni->ni_macaddr), M_AGE_GET(m));/*XXX*/ 2021 _IEEE80211_NODE_SAVEQ_DEQUEUE_HEAD(ni, m); 2022 m_freem(m); 2023 discard++; 2024 } 2025 if (m != NULL) 2026 M_AGE_SUB(m, IEEE80211_INACT_WAIT); 2027 IEEE80211_NODE_SAVEQ_UNLOCK(ni); 2028 2029 if (discard != 0) { 2030 IEEE80211_DPRINTF(ic, 2031 IEEE80211_MSG_POWER, 2032 "[%s] discard %u frames for age\n", 2033 ether_sprintf(ni->ni_macaddr), 2034 discard); 2035 IEEE80211_NODE_STAT_ADD(ni, 2036 ps_discard, discard); 2037 if (IEEE80211_NODE_SAVEQ_QLEN(ni) == 0) 2038 ic->ic_set_tim(ni, 0); 2039 } 2040 } 2041 /* 2042 * Probe the station before time it out. We 2043 * send a null data frame which may not be 2044 * universally supported by drivers (need it 2045 * for ps-poll support so it should be...). 2046 */ 2047 if (0 < ni->ni_inact && 2048 ni->ni_inact <= ic->ic_inact_probe) { 2049 IEEE80211_NOTE(ic, 2050 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, 2051 ni, "%s", 2052 "probe station due to inactivity"); 2053 /* 2054 * Grab a reference before unlocking the table 2055 * so the node cannot be reclaimed before we 2056 * send the frame. ieee80211_send_nulldata 2057 * understands we've done this and reclaims the 2058 * ref for us as needed. 2059 */ 2060 ieee80211_ref_node(ni); 2061 IEEE80211_NODE_UNLOCK(nt); 2062 ieee80211_send_nulldata(ni); 2063 /* XXX stat? */ 2064 goto restart; 2065 } 2066 } 2067 if (ni->ni_inact <= 0) { 2068 IEEE80211_NOTE(ic, 2069 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni, 2070 "station timed out due to inactivity " 2071 "(refcnt %u)", ieee80211_node_refcnt(ni)); 2072 /* 2073 * Send a deauthenticate frame and drop the station. 2074 * This is somewhat complicated due to reference counts 2075 * and locking. At this point a station will typically 2076 * have a reference count of 1. ieee80211_node_leave 2077 * will do a "free" of the node which will drop the 2078 * reference count. But in the meantime a reference 2079 * will be held by the deauth frame. The actual reclaim 2080 * of the node will happen either after the tx is 2081 * completed or by ieee80211_node_leave. 2082 * 2083 * Separately we must drop the node lock before sending 2084 * in case the driver takes a lock, as this will result 2085 * in LOR between the node lock and the driver lock. 2086 */ 2087 IEEE80211_NODE_UNLOCK(nt); 2088 if (ni->ni_associd != 0) { 2089 IEEE80211_SEND_MGMT(ic, ni, 2090 IEEE80211_FC0_SUBTYPE_DEAUTH, 2091 IEEE80211_REASON_AUTH_EXPIRE); 2092 } 2093 ieee80211_node_leave(ic, ni); 2094 ic->ic_stats.is_node_timeout++; 2095 goto restart; 2096 } 2097 } 2098 IEEE80211_NODE_UNLOCK(nt); 2099 2100 nt->nt_inact_timer = IEEE80211_INACT_WAIT; 2101 } 2102 2103 void 2104 ieee80211_iterate_nodes(struct ieee80211_node_table *nt, ieee80211_iter_func *f, void *arg) 2105 { 2106 struct ieee80211_node *ni; 2107 u_int gen; 2108 2109 IEEE80211_SCAN_LOCK(nt); 2110 gen = ++nt->nt_scangen; 2111 IEEE80211_SCAN_UNLOCK(nt); 2112 restart: 2113 IEEE80211_SCAN_LOCK(nt); 2114 if (gen != nt->nt_scangen) { 2115 printf("%s: scan aborted %u\n", __func__, gen); 2116 IEEE80211_SCAN_UNLOCK(nt); 2117 return; 2118 } 2119 IEEE80211_SCAN_UNLOCK(nt); 2120 2121 IEEE80211_NODE_LOCK(nt); 2122 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2123 if (ni->ni_scangen != gen) { 2124 ni->ni_scangen = gen; 2125 (void) ieee80211_ref_node(ni); 2126 IEEE80211_NODE_UNLOCK(nt); 2127 (*f)(arg, ni); 2128 ieee80211_free_node(ni); 2129 goto restart; 2130 } 2131 } 2132 IEEE80211_NODE_UNLOCK(nt); 2133 } 2134 2135 void 2136 ieee80211_dump_node(struct ieee80211_node_table *nt, 2137 struct ieee80211_node *ni) 2138 { 2139 printf("%p: mac %s refcnt %d\n", ni, 2140 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)); 2141 printf("\tscangen %u authmode %u flags 0x%x\n", 2142 ni->ni_scangen, ni->ni_authmode, ni->ni_flags); 2143 printf("\tassocid 0x%x txpower %u vlan %u\n", 2144 ni->ni_associd, ni->ni_txpower, ni->ni_vlan); 2145 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n", 2146 ni->ni_txseqs[0], 2147 ni->ni_rxseqs[0] >> IEEE80211_SEQ_SEQ_SHIFT, 2148 ni->ni_rxseqs[0] & IEEE80211_SEQ_FRAG_MASK, 2149 ni->ni_rxfragstamp); 2150 printf("\trstamp %u rssi %u intval %u capinfo 0x%x\n", 2151 ni->ni_rstamp, ni->ni_rssi, ni->ni_intval, ni->ni_capinfo); 2152 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n", 2153 ether_sprintf(ni->ni_bssid), 2154 ni->ni_esslen, ni->ni_essid, 2155 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags); 2156 printf("\tfails %u inact %u txrate %u\n", 2157 ni->ni_fails, ni->ni_inact, ni->ni_txrate); 2158 } 2159 2160 void 2161 ieee80211_dump_nodes(struct ieee80211_node_table *nt) 2162 { 2163 ieee80211_iterate_nodes(nt, 2164 (ieee80211_iter_func *) ieee80211_dump_node, nt); 2165 } 2166 2167 /* 2168 * Handle a station joining an 11g network. 2169 */ 2170 static void 2171 ieee80211_node_join_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 2172 { 2173 2174 /* 2175 * Station isn't capable of short slot time. Bump 2176 * the count of long slot time stations and disable 2177 * use of short slot time. Note that the actual switch 2178 * over to long slot time use may not occur until the 2179 * next beacon transmission (per sec. 7.3.1.4 of 11g). 2180 */ 2181 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2182 ic->ic_longslotsta++; 2183 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2184 "[%s] station needs long slot time, count %d\n", 2185 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 2186 /* XXX vap's w/ conflicting needs won't work */ 2187 ieee80211_set_shortslottime(ic, 0); 2188 } 2189 2190 /* 2191 * If the new station is not an ERP station 2192 * then bump the counter and enable protection 2193 * if configured. 2194 */ 2195 if (!ieee80211_iserp_rateset(ic, &ni->ni_rates)) { 2196 ic->ic_nonerpsta++; 2197 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2198 "[%s] station is !ERP, %d non-ERP stations associated\n", 2199 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 2200 /* 2201 * If protection is configured, enable it. 2202 */ 2203 if (ic->ic_protmode != IEEE80211_PROT_NONE) { 2204 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2205 "%s: enable use of protection\n", __func__); 2206 ic->ic_flags |= IEEE80211_F_USEPROT; 2207 } 2208 /* 2209 * If station does not support short preamble 2210 * then we must enable use of Barker preamble. 2211 */ 2212 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) { 2213 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2214 "[%s] station needs long preamble\n", 2215 ether_sprintf(ni->ni_macaddr)); 2216 ic->ic_flags |= IEEE80211_F_USEBARKER; 2217 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 2218 } 2219 } else { 2220 ni->ni_flags |= IEEE80211_NODE_ERP; 2221 } 2222 } 2223 2224 void 2225 ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, 2226 int resp) 2227 { 2228 int newassoc; 2229 2230 if (ni->ni_associd == 0) { 2231 u_int16_t aid; 2232 2233 /* 2234 * It would be good to search the bitmap 2235 * more efficiently, but this will do for now. 2236 */ 2237 for (aid = 1; aid < ic->ic_max_aid; aid++) { 2238 if (!IEEE80211_AID_ISSET(aid, 2239 ic->ic_aid_bitmap)) 2240 break; 2241 } 2242 if (aid >= ic->ic_max_aid) { 2243 IEEE80211_SEND_MGMT(ic, ni, resp, 2244 IEEE80211_REASON_ASSOC_TOOMANY); 2245 ieee80211_node_leave(ic, ni); 2246 return; 2247 } 2248 ni->ni_associd = aid | 0xc000; 2249 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 2250 ic->ic_sta_assoc++; 2251 newassoc = 1; 2252 if (ic->ic_curmode == IEEE80211_MODE_11G) 2253 ieee80211_node_join_11g(ic, ni); 2254 } else 2255 newassoc = 0; 2256 2257 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 2258 "[%s] station %sassociated at aid %d: %s preamble, %s slot time%s%s\n", 2259 ether_sprintf(ni->ni_macaddr), newassoc ? "" : "re", 2260 IEEE80211_NODE_AID(ni), 2261 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long", 2262 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", 2263 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "", 2264 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "" 2265 ); 2266 2267 /* give driver a chance to setup state like ni_txrate */ 2268 if (ic->ic_newassoc != NULL) 2269 ic->ic_newassoc(ni, newassoc); 2270 ni->ni_inact_reload = ic->ic_inact_auth; 2271 ni->ni_inact = ni->ni_inact_reload; 2272 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 2273 /* tell the authenticator about new station */ 2274 if (ic->ic_auth->ia_node_join != NULL) 2275 ic->ic_auth->ia_node_join(ic, ni); 2276 ieee80211_notify_node_join(ic, ni, newassoc); 2277 } 2278 2279 /* 2280 * Handle a station leaving an 11g network. 2281 */ 2282 static void 2283 ieee80211_node_leave_11g(struct ieee80211com *ic, struct ieee80211_node *ni) 2284 { 2285 2286 IASSERT(ic->ic_curmode == IEEE80211_MODE_11G, 2287 ("not in 11g, bss %u:0x%x, curmode %u", ni->ni_chan->ic_freq, 2288 ni->ni_chan->ic_flags, ic->ic_curmode)); 2289 2290 /* 2291 * If a long slot station do the slot time bookkeeping. 2292 */ 2293 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) { 2294 IASSERT(ic->ic_longslotsta > 0, 2295 ("bogus long slot station count %d", ic->ic_longslotsta)); 2296 ic->ic_longslotsta--; 2297 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2298 "[%s] long slot time station leaves, count now %d\n", 2299 ether_sprintf(ni->ni_macaddr), ic->ic_longslotsta); 2300 if (ic->ic_longslotsta == 0) { 2301 /* 2302 * Re-enable use of short slot time if supported 2303 * and not operating in IBSS mode (per spec). 2304 */ 2305 if ((ic->ic_caps & IEEE80211_C_SHSLOT) && 2306 ic->ic_opmode != IEEE80211_M_IBSS) { 2307 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2308 "%s: re-enable use of short slot time\n", 2309 __func__); 2310 ieee80211_set_shortslottime(ic, 1); 2311 } 2312 } 2313 } 2314 2315 /* 2316 * If a non-ERP station do the protection-related bookkeeping. 2317 */ 2318 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) { 2319 IASSERT(ic->ic_nonerpsta > 0, 2320 ("bogus non-ERP station count %d", ic->ic_nonerpsta)); 2321 ic->ic_nonerpsta--; 2322 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2323 "[%s] non-ERP station leaves, count now %d\n", 2324 ether_sprintf(ni->ni_macaddr), ic->ic_nonerpsta); 2325 if (ic->ic_nonerpsta == 0) { 2326 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2327 "%s: disable use of protection\n", __func__); 2328 ic->ic_flags &= ~IEEE80211_F_USEPROT; 2329 /* XXX verify mode? */ 2330 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) { 2331 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC, 2332 "%s: re-enable use of short preamble\n", 2333 __func__); 2334 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 2335 ic->ic_flags &= ~IEEE80211_F_USEBARKER; 2336 } 2337 } 2338 } 2339 } 2340 2341 /* 2342 * Handle bookkeeping for station deauthentication/disassociation 2343 * when operating as an ap. 2344 */ 2345 void 2346 ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 2347 { 2348 struct ieee80211_node_table *nt = ni->ni_table; 2349 2350 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 2351 "[%s] station with aid %d leaves\n", 2352 ether_sprintf(ni->ni_macaddr), IEEE80211_NODE_AID(ni)); 2353 IASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 2354 ic->ic_opmode == IEEE80211_M_IBSS || 2355 ic->ic_opmode == IEEE80211_M_AHDEMO, 2356 ("unexpected operating mode %u", ic->ic_opmode)); 2357 2358 /* 2359 * If node wasn't previously associated all 2360 * we need to do is reclaim the reference. 2361 */ 2362 /* XXX ibss mode bypasses 11g and notification */ 2363 if (ni->ni_associd == 0) 2364 goto done; 2365 2366 /* 2367 * Tell the authenticator the station is leaving. 2368 * Note that we must do this before yanking the 2369 * association id as the authenticator uses the 2370 * associd to locate its state block. 2371 */ 2372 if (ic->ic_auth->ia_node_leave != NULL) 2373 ic->ic_auth->ia_node_leave(ic, ni); 2374 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 2375 ni->ni_associd = 0; 2376 ic->ic_sta_assoc--; 2377 2378 if (ic->ic_curmode == IEEE80211_MODE_11G) 2379 ieee80211_node_leave_11g(ic, ni); 2380 2381 /* 2382 * Cleanup station state. In particular clear various 2383 * state that might otherwise be reused if the node 2384 * is reused before the reference count goes to zero 2385 * (and memory is reclaimed). 2386 */ 2387 ieee80211_sta_leave(ic, ni); 2388 2389 done: 2390 /* 2391 * Remove the node from any table it's recorded in and 2392 * drop the caller's reference. Removal from the table 2393 * is important to insure the node is not reprocessed 2394 * for inactivity. 2395 */ 2396 if (nt != NULL) { 2397 IEEE80211_NODE_LOCK(nt); 2398 node_reclaim(nt, ni); 2399 IEEE80211_NODE_UNLOCK(nt); 2400 } else 2401 ieee80211_free_node(ni); 2402 } 2403 2404 u_int8_t 2405 ieee80211_getrssi(struct ieee80211com *ic) 2406 { 2407 #define NZ(x) ((x) == 0 ? 1 : (x)) 2408 struct ieee80211_node_table *nt = &ic->ic_sta; 2409 u_int32_t rssi_samples, rssi_total; 2410 struct ieee80211_node *ni; 2411 2412 rssi_total = 0; 2413 rssi_samples = 0; 2414 switch (ic->ic_opmode) { 2415 case IEEE80211_M_IBSS: /* average of all ibss neighbors */ 2416 /* XXX locking */ 2417 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 2418 if (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) { 2419 rssi_samples++; 2420 rssi_total += ic->ic_node_getrssi(ni); 2421 } 2422 break; 2423 case IEEE80211_M_AHDEMO: /* average of all neighbors */ 2424 /* XXX locking */ 2425 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { 2426 rssi_samples++; 2427 rssi_total += ic->ic_node_getrssi(ni); 2428 } 2429 break; 2430 case IEEE80211_M_HOSTAP: /* average of all associated stations */ 2431 #ifndef IEEE80211_NO_HOSTAP 2432 /* XXX locking */ 2433 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) 2434 if (IEEE80211_AID(ni->ni_associd) != 0) { 2435 rssi_samples++; 2436 rssi_total += ic->ic_node_getrssi(ni); 2437 } 2438 #endif /* !IEEE80211_NO_HOSTAP */ 2439 break; 2440 case IEEE80211_M_MONITOR: /* XXX */ 2441 case IEEE80211_M_STA: /* use stats from associated ap */ 2442 default: 2443 if (ic->ic_bss != NULL) 2444 rssi_total = ic->ic_node_getrssi(ic->ic_bss); 2445 rssi_samples = 1; 2446 break; 2447 } 2448 return rssi_total / NZ(rssi_samples); 2449 #undef NZ 2450 } 2451 2452 /* 2453 * Indicate whether there are frames queued for a station in power-save mode. 2454 */ 2455 static void 2456 ieee80211_set_tim(struct ieee80211_node *ni, int set) 2457 { 2458 struct ieee80211com *ic = ni->ni_ic; 2459 u_int16_t aid; 2460 2461 IASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP || 2462 ic->ic_opmode == IEEE80211_M_IBSS, 2463 ("operating mode %u", ic->ic_opmode)); 2464 2465 aid = IEEE80211_AID(ni->ni_associd); 2466 IASSERT(aid < ic->ic_max_aid, 2467 ("bogus aid %u, max %u", aid, ic->ic_max_aid)); 2468 2469 IEEE80211_BEACON_LOCK(ic); 2470 if (set != (isset(ic->ic_tim_bitmap, aid) != 0)) { 2471 if (set) { 2472 setbit(ic->ic_tim_bitmap, aid); 2473 ic->ic_ps_pending++; 2474 } else { 2475 clrbit(ic->ic_tim_bitmap, aid); 2476 ic->ic_ps_pending--; 2477 } 2478 ic->ic_flags |= IEEE80211_F_TIMUPDATE; 2479 } 2480 IEEE80211_BEACON_UNLOCK(ic); 2481 } 2482 2483 /* 2484 * Node table support. 2485 */ 2486 2487 static void 2488 ieee80211_node_table_init(struct ieee80211com *ic, 2489 struct ieee80211_node_table *nt, 2490 const char *name, int inact, int keyixmax, 2491 void (*timeout)(struct ieee80211_node_table *)) 2492 { 2493 2494 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 2495 "%s %s table, inact %u\n", __func__, name, inact); 2496 2497 nt->nt_ic = ic; 2498 /* XXX need unit */ 2499 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_ifp->if_xname); 2500 IEEE80211_SCAN_LOCK_INIT(nt, ic->ic_ifp->if_xname); 2501 TAILQ_INIT(&nt->nt_node); 2502 nt->nt_name = name; 2503 nt->nt_scangen = 1; 2504 nt->nt_inact_init = inact; 2505 nt->nt_timeout = timeout; 2506 nt->nt_keyixmax = keyixmax; 2507 if (nt->nt_keyixmax > 0) { 2508 nt->nt_keyixmap = malloc(keyixmax * 2509 sizeof(struct ieee80211_node *), M_80211_NODE, 2510 M_WAITOK | M_ZERO); 2511 } else 2512 nt->nt_keyixmap = NULL; 2513 } 2514 2515 void 2516 ieee80211_node_table_reset(struct ieee80211_node_table *nt) 2517 { 2518 2519 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 2520 "%s %s table\n", __func__, nt->nt_name); 2521 2522 IEEE80211_NODE_LOCK(nt); 2523 nt->nt_inact_timer = 0; 2524 ieee80211_free_allnodes_locked(nt); 2525 IEEE80211_NODE_UNLOCK(nt); 2526 } 2527 2528 static void 2529 ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) 2530 { 2531 2532 IEEE80211_DPRINTF(nt->nt_ic, IEEE80211_MSG_NODE, 2533 "%s %s table\n", __func__, nt->nt_name); 2534 2535 IEEE80211_NODE_LOCK(nt); 2536 ieee80211_free_allnodes_locked(nt); 2537 IEEE80211_NODE_UNLOCK(nt); 2538 if (nt->nt_keyixmap != NULL) { 2539 /* XXX verify all entries are NULL */ 2540 int i; 2541 for (i = 0; i < nt->nt_keyixmax; i++) 2542 if (nt->nt_keyixmap[i] != NULL) 2543 printf("%s: %s[%u] still active\n", __func__, 2544 nt->nt_name, i); 2545 free(nt->nt_keyixmap, M_80211_NODE); 2546 nt->nt_keyixmap = NULL; 2547 } 2548 IEEE80211_SCAN_LOCK_DESTROY(nt); 2549 IEEE80211_NODE_LOCK_DESTROY(nt); 2550 }
Cache object: e90c6d8724b4d13ecc46f15fa2b259a1
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]