The IEEE80211_F_WME checks done on the ic were changed to be per-vap
back in the time when multi-bss was introduced or earlier in 2008.
This one was left out but given it is a (re-)accos-req case I see
no reason not to use the vap value here for consistency too.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D36733
Convert most of the cloner customers who require custom params
to the new if_clone KPI.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D36636
MFC after: 2 weeks
Fix types for various struct fields (initially added as int).
Move structs and inline functions logically together, e.g., for wowlan.
Add more skeleton functions and #defines needed for iwlwifi d3.c
in the future.
Add struct ieee80211_vht_cap (without "_ie") to net80211 and remove
duplicate definitions in LinuxKPI headers now using net80211 structs.
For now leave ieee80211_ie_vhtcap in net80211. I am not sure yet if we
actually need it as such. That'll be cleaned up with more VHT updates
in net80211 in the future.
No functional changes in currently compiled code intended.
Try to implement ieee80211_action_contains_tpc() as I ran into it with
an older iwlwifi chipset. This depends on c994352a88.
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Update to the full list of action field category values based on
802.11-2020 with 11ax extensions and remove one value Reserved nowadays.
While here annotate them with descriptions.
Also add Spectrum Management and Radio Measurement action field values
needed in LinuxKPI.
No functional changes.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Update to the full list of frame type and subtype values based on
802.11-2020 with 11ax and 11ay extensions. This includes the 4th type
"Extension" (IEEE80211_FC0_TYPE_EXT).
While here annotate them with descriptions which should help matching
names (as at times things get confusing with LinuxKPI).
Also remove some 802.11-1997 values Reserved nowadays.
No functional changes.
Sponsored by: The FreeBSD Foundation
MFC after: 5 days
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D36410
Going through the Frame (Sub)types the "QOS Data" being called "QOS"
scheme leads to a naming conflict for QOS_CFPOLL and QOS_CFACKPOLL
(if added). Rename QOS* to QOS_DATA* to avoid the conflict and
to also better match the standards name.
No functional changes intended.
Sponsored by: The FreeBSD Foundation
MFC after: 5 days
Reviewed by: hselasky
Differential Revision: https://reviews.freebsd.org/D36409
I got lost in the #ifdef #endif here so I changed the code to a
switch block with two non-overlapping #ifdef parts and a default
which makes it a lot easier to read.
No functional changes.
Sponsored by: The FreeBSD Foundation
Reviewed by: (zlei.huang gmail.com)
MFC after: 5 days
Differential Revision: https://reviews.freebsd.org/D36411
o Statically initialize max_linkhdr to default value without relying
on domain(9) code doing that.
o Statically initialize max_protohdr to a sane value, without relying
on TCP being always compiled in.
o Retire max_datalen. Set, but not used.
o Don't make the domain(9) system responsible in validating these
values and updating max_hdr. Instead provide KPI max_linkhdr_grow()
and max_protohdr_grow().
o Call max_linkhdr_grow() from IEEE802.11 and max_protohdr_grow() from
TCP. Those are the only protocols today that may want to grow.
Reviewed by: tuexen
Differential revision: https://reviews.freebsd.org/D36376
Rather than defining the same values in two places and having to do
conflict resulution on the name in LKPI, change the defines to an
enum in net80211. In addition to de-duplication this also gives us
value checks in certain cases.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D36250
Replace a malloc() by IEEE80211_MALLOC().
For malloc flags even in the local ieee80211_freebsd.c there was a mix
of both versions M_ and IEEE80211_M_.
Consistently use the IEEE80211_M_ malloc options everywhere.
If the field is changed for malloc, it'll also be changed for the
other accessor functions taking a "how" field to avoid any confusion.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D36249
Make sure the given IE length fits into the total length left when
parsing through the information elements. In theory I would say
discard everything if there is an error but that proves hard with
the current code.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D36245
Summary: This returns whether the given 802.11 frame has the protected bit set.
Test Plan:
* tested in AP/STA mode
* STA mode - local athp/ath10k driver
* AP mode - in tree ath driver
Subscribers: imp, melifaro, glebius
Reviewed by: bz
Approved by: bz
Differential Revision: https://reviews.freebsd.org/D36183
When printing the current state name and the old state numeric value,
both are always the same. Remove the redundant ostate. It is always
the same as iv_state.
Reviewed by: bz
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35849
While 80P80 is less likely to be used, VHT160 (a single contiguous
width) is harder to acquire but also preferable so return that first.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D35977
In ieee80211_vht_adjust_channel() we have to check for all possible
IEEE80211_FVHT_VHT* options using the mask rather than just checking
for IEEE80211_FVHT_VHT; ieee80211_vhtchanflags() (contrary to its
HT counterpart) only returns the "highest" flag nor or-ing them together
with the base flag. For the moment this seems to make sense as with
more width options we'd add a pyramid.
Later on, in the same function when we get VHT160 actually go and look
for VHT160 and not VHT80.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D35977
Add the fields for VHT (2Ghz and 5Ghz) to report back by media_status
so we actually have a chance to get the right information.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D35977
Start adding more fields to DDB output related to VHT (11ac) and
mark COM, VAP, and STA more explicitly to make show all vaps /..
more readable.
Sponsored by: The FreeBSD Foundaton
MFC after: 1 week
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D35977
Correct IEEE80211_FEXT_BITS adding the missed one and move the later
one further. This will actually make VHT to show.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D35977
Add more Element IDs for VHT (11ac) to complete the current list
and we can use them if/as needed.
Sposnored by: The FreeBSD Foundation
MFC after: 1 week
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D35977
With clang 15, the following -Werror warning is produced:
sys/net80211/ieee80211_proto.c:1070:34: error: variable 'num_mixed' set but not used [-Werror,-Wunused-but-set-variable]
int num_vaps = 0, num_pure = 0, num_mixed = 0;
^
The 'num_mixed' variable was in ieee80211_proto.c when the function
vap_update_ht_protmode() was added, but it was never used for anything,
so remove it.
MFC after: 3 days
802.11i-2004 did not specify that RSN can be added to the probereq,
only to the proberesp (and others) yet it was added in what seems was
b032f27c36 (multi-BSS support).
802.11-2020 does not list the IE either for probereq so remove it.
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Okayed by: adrian
Differential Revision: https://reviews.freebsd.org/D34893
Combine the comment and double-unsetting of OACTIVE into a single case
after e8de31cace.
This saves the question of why we do it twice--once right before and
one more time right after the state change check.
Also move the XXX comment about kicking the queue up to where it seems
better suited now.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D35135
This took an embarrasingly long time to find.
The state changes for a radio with a STA /and/ AP VAP gets a bit messy.
The AP maps are marked as waiting, waiting for the STA AP to find a
channel to use before the AP VAPs become active.
However, the code path that clears the OACTIVE flag on a VAP only runs
during a successful run of ieee80211_newstate_cb().
So here is how it goes:
* the STA VAP goes down and needs to scan;
* the AP vap goes RUN->INIT; but it doesn't YET call ieee80211_newstate_cb();
* meanwhile - a send on the AP VAP causes the VAP to set the OACTIVE flag here;
* then the STA VAP finishes scan and goes to RUN;
* which will call wakeupwaiting() as part of the STA VAP transition to RUN;
* .. then the AP VAP goes INIT->RUN directly via a call to hostap_newstate
in wakeupwaiting rather than it being through the deferred path;
* /then/ the ieee80211_newstate_cb() is called, but it sees the state go
RUN->RUN;
* .. which results in the OACTIVE flag never being cleared.
This clears the OACTIVE flag when a VAP transitions RUN->RUN; the
driver layer or net80211 layer can set it if required in a subsequent
transmit.
Differential Revision: https://reviews.freebsd.org/D34920
Reviewed by: bz
Following up on fb8c87b4f3, which was
supposed to go into all supported branches, increase ieee80211_scanparams
status field from 8bit to 32bit (enum size) and add a dedicated error
code for Mesh ID.
Sponsored by: The FreeBSD Foundation
Introduce (*iv_update_bss)() with a default implementation to allow
drivers to overload/intercept the time when we swap iv_bss.
This helps firmware based drivers to synchronize state with firmware.
Otherwise, for some state changes, we begin with one ni (and in
LinuxKPI lsta) and try to finish with another ni (and a new lsta
in different state) and may no longer have access to the previous state.
This also saves us from constantly checking for ni changes complicating
code.
No functional changes intended.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
X-MFC: move (*iv_update_bss) to spare area
When forcing DEUATH in ieee80211_sta_join1() log the current state
we are coming from as well. Note this isn't always the state we
are expecting as iv_state was updated already, so contrary to the
comment we usually do not see RUN there.
Leave a comment earlier with regards to this as well.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Add maxchans to the disabled debugging in addchan() and copychan_prev()
to aid debugging possible errors rreturned due to reaching maxchans
limits.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Printing %p does not need the 0x prefix and while here mark the
ieee80211_node_table argument unused given we do not need it in the
current incarnation of the function.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Throughout net80211 there are multiple ways to log (debugging)
information. Start to clenaup one as I kept hitting it to harmonize
the output. The more we get away from printfs into either wrapper
functions or macros the more likely we can use holistic systematic
tracing in the future.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Add more STATE / DEBUG probes and enhance the output of one in order
to track state changes triggered by "ack" (or not).
This helped to narrow down causes from drivers or the LinuxKPI 802.11
compat framework which kept us in a scan -> auth -> scan loop.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Making use of the debug output was hard given debug lines were run in
parts through vlog (if_printf) and in (multiple) parts through printf(s).
Like some of the functions alreay have, use a local buffer to format
the string and then use a single if_printf; in addition given these
functions are debug-only, add an extra printf in case we find our
buffers still to be too small so we can adjust for the future.
We already found that 128 characters are to short for some log messages.
Bump the buffer sizes collectively to 256 characters which also is
the maximum of if_vlog() so getting longer would need further changes
elsewhere.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
We are printing %p in _db_show_sta(), there is no need to prefix it
with 0x again to get a 0x0x...
Spsonsored by: The FreeBSD Foundation
MFC after: 3 days
Put the offending variables under the appropriate #ifdefs
(mostly IEEE80211_DEBUG, in one case IEEE80211_SUPPORT_SUPERG, and
in two cases under __notyet__ to revisit why these had been left
there but not used).
Sponsored by: The FreeBSD Foundation
MFC after: 10 days
Add a void *ni_drv_data field to struct ieee80211_node that drivers
can use to backtrack to their internal state from a net80211 node.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
X-Differential Revision: https://reviews.freebsd.org/D30654 (abandoned)
Correct input_sta "assertion" checks. CTS/ACK CTRL frames are shorter
then sizeof(struct ieee80211_frame_min) and were thus running into the
is_rx_tooshort error case.
Use ieee80211_anyhdrsize() to handle this better but make sure we do
at least have the first 2 octets needed for that.
While here move the safety checks before any code which may not obey
them later, just for good style.
The non-scanning check further down assumes a frame format also not
matching control frames. For now skip the checks for control frames
which allows us to deal with some of them at least now.
Sponsored by: The FreeBSD Foundation
Obtained from: 20210906 wireless v0.91 code drop
MFC after: 3 days
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D32238
While IEEE80211_R_BAND was defined, there was no place to store the
band. Add a field for that, adjust ieee80211_lookup_channel_rxstatus()
to require it, and update drivers passing "R_{FREQ|IEEE}" in already to
provide the band as well. For the moment keep the fall-back code
requiring all three fields.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D30662
In 526370fb85 "net80211: proper ssid
length check in setmlme_assoc_adhoc()" we are checking the
sizeof on an array function parameter which leads to a warning that
it will resturn the size of the type of the array rather than the
array size itself. Use the defined length used both in the ioctl
and the sizing of the array function parameter instead.
Reported by: CI
MFC after: 3 days
X-MFC with: 526370fb85
In ieee80211_ies_expand() we are looping over Elements
(also known as Information Elements or IEs).
The comment suggests that we assume well-formedness of
the IEs themselves.
Checking the buffer length being least 2 (1 byte Element ID and
1 byte Length fields) rather than just 1 before accessing ie[1]
is still good practise and can prevent and out-of-bounds read in
case the input is not behaving according to the comment.
Reported by: (coypu sdf.org)
admbugs: 857
MFC after: 3 days
Reviewed by: adrian, markj
Differential Revision: https://reviews.freebsd.org/D32340
A user supplied SSID length is used without proper checks in
setmlme_assoc_adhoc() which can lead to copies beyond the end
of the user supplied buffer.
The ssid is a fixed size array for the ioctl and the argument
to setmlme_assoc_adhoc().
In addition to an ssid_len check of 0 also error in case the
ssid_len is larger than the size of the ssid array to prevent
problems.
PR: 254737
Reported by: Tommaso (cutesmilee.research protonmail.com)
MFC after: 3 days
Reviewed by: emaste, adrian
Differential Revision: https://reviews.freebsd.org/D32341
No longer accept plaintext A-MSDU frames that start with an RFC1042
header with EtherType EAPOL. This is done by only accepting EAPOL
packets that are included in non-aggregated 802.11 frames.
Note that before this patch, FreeBSD also only accepted EAPOL frames
that are sent in a non-aggregated 802.11 frame due to bugs in
processing EAPOL packets inside A-MSDUs. In other words,
compatibility with legitimate devices remains the same.
This relates to section 6.5 in the 2021 Usenix "FragAttacks" (Fragment
and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation)
paper.
Submitted by: Mathy Vanhoef (Mathy.Vanhoef kuleuven.be)
Security: CVE-2020-26144
PR: 256120
MFC after: 7 days
Differential Revision: https://reviews.freebsd.org/D30665
