Commit Graph

1291 Commits

Author SHA1 Message Date
Andriy Voskoboinyk
dfabbaa0e0 net80211: fix ieee80211_htrateset setup, return EINVAL for an unsupported
ucast/mcast/mgmt HT rate.

- Init global ieee80211_htrateset only once; neither ic_htcaps nor
ic_txstream is changed when device is attached;
- Move global ieee80211_htrateset structure to ieee80211com;
there was a possible data race when more than 1 wireless device is
used simultaneously;
- Discard unsupported rates in ieee80211_ioctl_settxparams(); otherwise,
an unsupported value may break connectivity (actually,
'ifconfig wlan0 ucastrate 8' for RTL8188EU results in immediate
disconnect + infinite 'device timeout's after it).

Tested with:
 - Intel 6205, STA mode.
 - RTL8821AU, STA mode.

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D9871
2017-03-03 01:06:27 +00:00
Adrian Chadd
46788bb1d2 [net80211] validate VHT IEs. 2017-02-20 04:04:59 +00:00
Adrian Chadd
ac0b7d3206 [net80211] teach the probe response routine to add VHT IEs as appropriate. 2017-02-20 04:02:50 +00:00
Adrian Chadd
7f19273c7c [net80211] fix up VHT IE comparison typo
Whilst here, add a comment that I need to validate VHT IEs.
2017-02-20 04:02:29 +00:00
Adrian Chadd
2023566223 [net80211] fix NULL pointer dereference in VHT operation in hostap mode.
The vht IEs are NULL at this point, so we shouldn't upgrade a node to VHT.
I'll fix the upgrade after this!

Tested:

* ath10k, hostap mode
2017-02-20 03:45:41 +00:00
Adrian Chadd
617f8b101e [net80211] RX parameter shuffle in net80211 in preparation for 4x4 NICs and 160MHz channels.
* Migrate the rx_params stuff out from ieee80211_freebsd.h where it doesn't belong -
  this isn't freebsd specific anymore.

* Don't use a hard-coded number of chains in the ioctl header; now we can shuffle
  MAX_CHAINS around so it can be used in the right spot.

* Extend the signal/noisefloor levels in the mimo stats struct to userland to include
  the signal and noisefloor levels for each 20MHz slice of a 160MHz channel.

* Bump the number of EVM pilots in preparation for 4x4 and 160MHz channels.

Tested:

* ath(4), STA mode
* iwn(4), STA mode
* local ath10k port, STA mode

TODO:

* 11ax chips will come with 5GHz 8x8 hardware for lots of MU-MIMO - I'll re-bump it
  at that point.

Note:

* This breaks the driver and ifconfig ABI; please recompile  the kernel,
  ifconfig and wpa_supplicant/hostapd.
2017-02-20 02:08:08 +00:00
Adrian Chadd
07569d5533 [net80211] add a sysctl that forces a vap restart.
Well, vap restart really does "all restart" for now, which will be a good
way of debugging firmware restart issues.
2017-02-11 05:33:49 +00:00
Adrian Chadd
43eafd0d1e [net80211] don't bother doing fragmentation if the driver supports fragmentation offload.
Tested:

* ath10k, which does its own fragmentation in firmware.
2017-02-09 23:29:57 +00:00
Adrian Chadd
4d3dcce5bb [net80211] quiet IE handling improvements
* on the station side, only call the quiet time IE method if we have a
  quiet IE - otherwise call the NULL method once, and then don't waste
  time calling NULL

* on the beacon generation side - force a beacon regeneration each time
  quiet time is enabled/disabled.  Without this, enabling/disabling quiet
  time IE would cause the beacon contents to be corrupted since none of
  the "move contents around" logic (like for CSA and TIM handling) is implemented.

This changes the size of ieee80211_node so it requires a kernel recompile,
but no userland recompile.

Tested:

* AR9380, AP mode, enabling/disabling quiet time IE
* AR9380, STA mode, with upcoming driver changes.
2017-02-09 04:07:30 +00:00
Adrian Chadd
ce4552cd1a [net80211] don't update quiet time counter values every probe request.
The quiet time counter update is happening each time the IE is added,
which also means it happens for each quiet time IE addition to the probe
response.

Only update the countdown if we request ie (ie, beacon updates.)
2017-02-03 06:04:06 +00:00
Andriy Voskoboinyk
704cd54206 net80211: cleanup ic_flags / iv_flags
Flags
 - IEEE80211_F_ASCAN
 - IEEE80211_F_SIBSS
 - IEEE80211_F_IBSSON
are not used since r170530 (old WI compatibility ioctls removal)
and r178354 (removed from other places).

IEEE80211_F_TXPOW_FIXED was never utilized; initially added with
IEEE80211_F_TXPOW_AUTO / IEEE80211_F_TXPOW_OFF flags,
which were replaced with IEEE80211_C_TXPMGT capability check in r138568.

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D9369
2017-01-31 22:21:08 +00:00
Adrian Chadd
9764ef21c4 [net80211] address seqno allocation for group addressed frames
After some digging and looking at packet traces, it looks like the
sequence number allocation being done by net80211 doesn't meet
802.11-2012.

Specifically, group addressed frames (broadcast, multicast) have
sequence numbers allocated from a separate pool, even if they're
QoS frames.

This patch starts to try and address this, both on transmit and
receive.

* When receiving, don't throw away multicast frames for now.
  It's sub-optimal, but until we correctly track group addressed
  frames via another TID counter, this is the best we can do.

* When doing A-MPDU checks, don't include group addressed frames
  in the sequence number checks.

* When transmitting, don't allocate group frame sequence numbers
  from the TID, instead use the NONQOS TID for allocation.

This may fix iwn(4) 11n because I /think/ this was one of the
handful of places where ni_txseqs[] was being assigned /outside/
of the driver itself.

This however doesn't completely fix things - notably the way that
TID assignment versus WME assignment for driver hardware queues
will mess up multicast ordering. For example, if all multicast
QoS frames come from one sequence number space but they're
expected to obey the QoS value assigned, they'll end up in
different queues in the hardware and go out in different
orders.

I can't fix that right now and indeed fixing it will require some
pretty heavy lifting of both the WME<->TID QoS assignment, as well
as figuring out what the correct way for drivers to behave.

For example, both iwn(4) and ath(4) shouldn't put QoS multicast
traffic into the same output queue as aggregate traffic, because
the sequence numbers are all wrong. So perhaps the correct thing
to do there is ignore the WME/TID for QoS traffic and map it all
to the best effort queue or something, and ensure it doesn't
muck up the TID/blockack window tracking. However, I'm /pretty/
sure that is still going to happen.

.. maybe I should disable multicast QoS frames in general as well,
but I don't know what that'll do for whatever the current state
of 802.11s mesh support is.

Tested:

* STA mode, ath10k NIC
* AP mode, AR9344/AR9580 AP
* iperf tcp/udp tests with concurrent multicast QoS traffic.

Before this, iperfs would fail pretty quickly because the sending
AP would start sending out QoS multicast frames that would be
out of order from the rest of the TID traffic, causing the blockack
window to get way, way out of sync.

This now doesn't occur.

TODO:

* verify which QoS frames SHOULD be tagged as M_AMPDU_MPDU.
  For example, QoS NULL frames shouldn't be tagged!

Reviewed by: avos
Differential Revision: https://reviews.freebsd.org/D9357
2017-01-30 01:11:30 +00:00
Adrian Chadd
f551fe4637 [net80211] prepare configuration checks for VHT, fragment-offload and seqno-offload.
* allocate an ext bit for fragment offload.  Some NICs (like the ath10k
  hardware in native wifi or 802.3 mode) support doing packet fragmentation
  in firmware/hardware, so we don't have to do it here.

* allocate an ext bit for VHT and start using it.
2017-01-27 01:24:24 +00:00
Andriy Voskoboinyk
98ff1f7c6e net80211: fix flags setup for HT40 5GHz channels. 2017-01-22 23:45:59 +00:00
Andriy Voskoboinyk
c5bba9da5a net80211: allow to configure LDPC support
Tested with RTL8821AU, STA mode (Tx support only)

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D9268
2017-01-21 14:19:06 +00:00
Adrian Chadd
a2c31ee05e [net80211] allow for MCS16-23 to be statically configured.
Tested:

* AR9380, STA mode
2017-01-20 07:43:40 +00:00
Adrian Chadd
e0812c1468 [net80211] add some more "is this XXX" macros for CTRL and DATA.
There's already a macro for MGT.
2017-01-15 19:49:47 +00:00
Adrian Chadd
da6ee937ae [net80211] add a macro to check this configuration option. 2017-01-13 07:24:58 +00:00
Adrian Chadd
321eb9ffbe [net80211] begin laying the groundwork for drivers to do their own sequence number management.
I added IEEE80211_TX_LOCK() a few years ago because there were races between
seqno allocation, driver queuing and crypto IV allocation.  This meant that
they'd appear out of sequence and the receiver would drop them, leading to
terrible performance or flat out traffic hangs.

This flag should be set by drivers that do their own sequence number
allocation for all frames it needs to happen for, including beacon frames.

Eventually this should lead to the driver taking care of locking for
allocating seqno and other traffic-triggered events (eg addba setup.)
2017-01-13 07:08:14 +00:00
Adrian Chadd
51172f62a7 [net80211] Initial VHT node upgrade/downgrade support and initial IE parsing.
This is the bulk of the magic to start enabling VHT channel negotiation.
It is absolutely, positively not yet even a complete VHT wave-1 implementation.

* parse IEs in scan, assoc req/resp, probe req/resp;
* break apart the channel upgrade from the HT IE parsing - do it after the
  VHT IEs are parsed;
* (dirty! sigh) add channel width decision making in ieee80211_ht.c htinfo_update_chw().
  This is the main bit where negotiated channel promotion through IEs occur.
* Shoehorn in VHT node init ,teardown, rate control, etc calls like the HT
  versions;
* Do VHT channel adjustment where appropriate

Tested:

* monitor mode, ath10k port
* STA mode, ath10k port - VHT20, VHT40, VHT80 modes

TODO:

* IBSS;
* hostap;
* (ignore mesh, wds for now);
* finish 11n state engine - channel width change, opmode notifications, SMPS, etc;
* VHT basic rate negotiation and acceptance criteria when scanning, associating, etc;
* VHT control/management frame handling (group managment and operating mode being
  the two big ones);
* Verify TX/RX VHT rate negotiation is actually working correctly.

Whilst here, add some comments about seqno allocation and locking.  To achieve
the full VHT rates I need to push seqno allocation into the drivers and
finally remove the IEEE80211_TX_LOCK() I added years ago to fix issues. :/
2017-01-13 07:02:04 +00:00
Adrian Chadd
67f4aa3878 [net80211] initial, somewhat incomplete VHT channel setup code and attach path.
This sets up:

* vht capabilities in vaps;
* calls vht_announce to announce VHT capabilities if any;
* sets up vht20, vht40 and vht80 channels, assuming the regulatory code
  does the right thing with 80MHz available ranges;
* adds support to the ieee80211_add_channel_list_5ghz() code to populate
  VHT channels, as this is the API my ath10k driver is using;
* add support for the freq1/freq2 field population and lookup that
  VHT channels require.

The VHT80 code assumes that the regulatory domain already has limited VHT80
bands to, well, 80MHz wide chunks.
2017-01-13 06:53:56 +00:00
Sergey Kandaurov
30007e3fdc Fix build without IEEE80211_DEBUG.
Reported by:	many
2017-01-10 19:28:40 +00:00
Adrian Chadd
0c67d389f4 [net80211] add VHT mediatype initialisation and update helper functions. 2017-01-10 07:50:21 +00:00
Adrian Chadd
930dc01620 [net80211] Add default parameters for 11ac.
I doubt TDMA code will ever work for 11ac, but you never know, someone
may one day make it happen.
2017-01-10 07:24:29 +00:00
Adrian Chadd
86fee26330 [net80211] add VHT action frame placeholders for when it's time to implement. 2017-01-10 07:21:07 +00:00
Adrian Chadd
5fd74bfae8 [net80211] add missing VHTCAP declaration changes.
These are required for the recent ieee80211_vht.[ch] changes -
they make things start to work with MS() / SM() macros.
2017-01-10 05:33:34 +00:00
Adrian Chadd
94338935ee [net80211] add CHAN_VHT2G/CHAN_VHT5G macros. 2017-01-10 05:32:30 +00:00
Adrian Chadd
8fde59a7da [net80211] add VHT EDCA parameters for WME/QoS mode. 2017-01-10 05:32:02 +00:00
Adrian Chadd
791be271f1 [net80211] create a helper function to calculate the station facing VHT capabilities.
This is needed for two reasons:

* Drivers will need to know what the negotiated set of VHT capabilities
  and rates are in order to configure (and reconfigure for opmode/chanwidth
  changes) how to speak to a given peer; and
* Because some vendors are "special", we should be careful in what we announce
  to them during peer association.

This isn't the complete solution, as I still need to make sure that when
sending out probe requests before we know what we want, we don't limit
the capabilities being announced.  This is important for IBSS/mesh work
later on as probe request/response exchanges are the first hint at what
a peer supports.  I'll look at adding that to the API soon.
2017-01-10 05:30:15 +00:00
Adrian Chadd
a1dce3c0a3 [net80211] add roaming parameters for 11ac.
These are mostly placeholders for now.
2017-01-08 10:13:05 +00:00
Adrian Chadd
72ad0cc6be [net80211] use the correct freq2 field when populating VHT operation element.
Whilst here, leave a TODO comment so I revisit this routine in the context
of hostap operation probe requests for IBSS/mesh.
2017-01-08 10:07:54 +00:00
Adrian Chadd
b6fec8d603 [net80211] Add initial VHT support routines.
This is a skeleton set based on ieee80211_ht.c.  It implements some IE
parsing, some basic unfinished negotiation, and channel promotion/demotion.

However, by itself it's not enough to do VHT - notably, the actual
channel promotion for STA mode at least is done in ieee80211_ht.c as
part of htinfo_update_chw().  I was .. quite amused when I found that
out.

I'm checking this in so others can see progress rather than one huge
commit when VHT is "done" (which will likely be quite a while.)
2017-01-08 04:25:41 +00:00
Adrian Chadd
cb4319e3b4 [net80211] add a "is VHT available" macro.
We have run out of config bits, sigh, so until I expand the ic config
bits, just use this macro as a substitute.
2017-01-08 04:23:05 +00:00
Adrian Chadd
8e71a4aa83 [net80211] add syncflags methods for the VHT flags configuration.
I missed this in my last commit.  Pointy hat to me.
2017-01-07 07:35:27 +00:00
Adrian Chadd
4222790f35 [net80211] add some more bits. 2017-01-07 02:16:48 +00:00
Adrian Chadd
35bcfd1c70 [net80211] add VHT ioctl parameters and driver capabilities
* Add the VHT capability element to the driver capabilities so ifconfig
  can see if VHT is available
* Add ioctl plumbing for enabling/disabling VHT and each of the VHT
  widths.

Note: this DOES change the ABI (the driver caps ioctl struct size, sigh)
so this will require a recompile of at least ifconfig.
2017-01-07 01:59:39 +00:00
Adrian Chadd
55c68c64a4 [net80211] add VHT IEs to scan elements.
In preparation for VHT station support, we need to store VHT IEs when
scanning so we can choose to upgrade to VHT.

This doesn't change the ABI - it just steals spare[] entries.
2017-01-07 01:54:32 +00:00
Adrian Chadd
6d0ef1b905 [net80211] add VHT node flag; parsed chanwidth.
The VHT operational element (VHTOPMODE) isn't a uint32_t - it's
the MCS sets, freq1/freq2 parameters and channel width.
So, store the channel width too in lieu of just storing the
IE struct.

This changes the VHT parameter layout in ieee80211_node but it
doesn't change ABI at all.
2017-01-07 01:53:27 +00:00
Adrian Chadd
02527029a5 [net80211] add FVHT flags for channel widths.
The 11n code uses these bits for both configuration /and/ controlling
the channel width on softmac chips - it uses it to find the widest
width for all VAPs (eg a HT20 vap and a HT40 vap) to know what to
configure the ic_curchan.

For fullmac devices it isn't /as/ important, as each virtual device
exposed by the firmware will likely have its own configuration and the
firmware figures out what to do to enable it.
2017-01-07 01:51:54 +00:00
Adrian Chadd
efda3f5684 [net80211] Remove duplicate VHTOPMODE configuration bits.
These came from Linux mac80211 headers and are configuration bits, not
VHTOPMODE field parameters.

Whilst here, add the field names for the VHTCAP bits.

Tested:

* ath10k, 11ac STA mode
2017-01-07 01:49:34 +00:00
Adrian Chadd
4747f0df83 [net80211] correct VHT ieee80211com state bits.
* rename the ieee80211com field for vht mcsinfo to be ic_, not iv;
* add a vht config field, stealing from the spares I left there.

This doesn't change the ABI.
2017-01-05 05:03:11 +00:00
Adrian Chadd
f0ab3d3668 [net80211] Add VHT flags for printf/debugging.
Whilst here, note that the last bit is currently used by ifconfig (_CHAN_HT)
so don't use it without fixing that first.
2017-01-04 08:08:50 +00:00
Adrian Chadd
7c87f23e82 [net80211] add placeholders for the VHT action frame handling.
Upcoming vht support will register send/receive action handlers.
2016-12-31 07:50:14 +00:00
Adrian Chadd
781487cfc6 [net80211] turn the default TX key configuration (for WEP) into a vap callback.
The ath10k firmware supports hardware WEP offload, and in native wifi mode
(or 802.3 ethernet mode, for that matter) the WEP key isn't actually included
in the TX payload from net80211.  Instead, a separate firmware command is issued
that sets the default TX key to be the specified key.

However, net80211 doesn't at all inform the driver layer that this is
occuring - it just "expects" to be inserting WEP header information
when doing WEP TX, even with hardware encryption.

So, to better support the newer world order, turn the default TX key assignment
into a VAP method that can be overridden by the driver and ensure its wrapped
in a crypto begin/end set.  That way it should be correctly atomic from the
point of view of keychanges (as long as the driver does the right thing.)

It'd be nice if we passed through to the key_set call a flag that says
"also make this the default key" - that's captured here by calling the
deftxkey method after the key_set method.  Maybe I can do that later.

Note: this is a net80211 ABI change, and will require a kernel+modules
recompile.  Happy Holidays, etc.

Tested:

* ath10k driver port
* rtwn_usb, WEP station
2016-12-27 06:10:28 +00:00
Andriy Voskoboinyk
e0625c4c1f net80211: fix 'pending CAC -> RUN transition lost' bug.
Ensure that CAC -> RUN state transition will be requested
for every vap only once.
2016-12-24 23:43:14 +00:00
Adrian Chadd
f29b919350 [net80211] WEP offload support.
Yes, the ath10k NIC actually also does do WEP TX/RX offload.

Tested:

* ath10k driver port, WEP STA mode.
2016-12-22 23:59:53 +00:00
Adrian Chadd
7aebd3e55d [net80211] sigh, course I would miss a commit from the 11ac prep commit. 2016-12-16 04:44:14 +00:00
Adrian Chadd
fdbc9e6e82 [net80211] start laying down the foundation for 11ac support.
This is a work in progress and some of this stuff may change;
but hopefully I'm laying down enough stuff and space in fields
to allow it to grow without another major recompile.

We'll see!

* Add a net80211 PHY type for VHT 2G and VHT 5G.

  Note - yes, VHT is supposed to be for 5GHZ, however some vendors
  (*cough* most of them) support some subset of VHT rate support
  in 2GHz.  No - not 80MHz wide channels, but at least some MCS8-9
  support, maybe some beamforming, and maybe some longer A-MPDU
  aggregates.  I don't want to even think about MU-MIMO on 2GHz.

* Add an ifmedia placeholder type for VHT rates.

* Add channel flags for VHT, VHT20/40U/40D/80/80+80/160
* Add channel macros for the above
* Add ieee80211_channel fields for the VHT information and flags,
  along with some padding (so this struct definitely grows.)
* Add a phy type flag for VHT - 'v'

* Bump the number of channels to a much higher amount - until we get
  something like the linux mac80211 chanctx abstraction (where the
  stack provides a current channel configuration via callbacks,
  versus the driver ever checking ic->ic_curchan or similar) we'll
  have to populate VHT+HT combinations.

Eg, there'll likely be a full set of duplicate VHT20/40 channels to match
HT channels.  There will also be a full set of duplicate VHT80 channels -
note that for VHT80, its assumed you're doing VHT40 as a base, so we
don't need a duplicate of VHT80 + 20MHz only primary channels, only
a duplicate of all the VHT40 combinations.

I don't want to think about VHT80+80 or VHT160 for now - and I won't,
as the current device I'm doing 11ac bringup on (QCA9880) only does
VHT80.

I'll likely revisit the channel configuration and scanning related
stuff after I get VHT20/40 up.

* Add vht flags and the basic MCS rate setup to ieee80211com, ieee80211vap
  and ieee80211_node in preparation for 11ac configuration.
  There is zero code that uses this right now.
* Whilst here, add some more placeholders in case I need to extend
  out things by some uint32_t flag sized fields.  Hopefully I won't!

What I haven't yet done:

* any of the code that uses this
* any of the beamforming related fields
* any of the MU-MIMO fields required for STA/AP operation
* any of the IE fields in beacon frame / probe request/response handling
  and the calculations required for shifting beacon contents around
  when the TIM grows/shrinks

This will require a full rebuild of net80211 related programs -
ifconfig, hostapd, wpa_supplicant.
2016-12-16 04:43:31 +00:00
Adrian Chadd
4869f5945e [net80211] add a field for storing a 64 bit TSC. 2016-12-08 07:57:16 +00:00
Adrian Chadd
36c8d0de0f [net80211] begin fleshing out support for channel survey information to be
pushed back up into net80211.
2016-12-08 07:56:25 +00:00
Andriy Voskoboinyk
83faf8fc96 net80211: remove obsolete comment.
The described LOR should be fixed in r302283.
2016-12-07 23:33:59 +00:00
Andriy Voskoboinyk
4a19d71238 net80211 + drivers: convert to ieee80211_crypto_get_key_wepidx().
Proposed by:	adrian
2016-12-07 22:16:07 +00:00
Xin LI
d0155f67a3 Fix typo. 2016-12-07 06:29:01 +00:00
Adrian Chadd
ba58946fd6 [net80211] flesh out more RX phy information.
I'm teaching my ath10k port to communicate up the per-rate / channel width
information I get from the firmware.

The HT40 flag field should just be retired and instead moved to use the
PHY bandwidth field.
2016-12-07 04:03:51 +00:00
Adrian Chadd
54a95d0d68 [net80211] start refactoring out the "am I a wep / group key!" code.
This is a bunch of pointer arithmetic that is copypasta'ed everywhere.
Let's undo that copypasta.
2016-12-07 04:02:41 +00:00
Adrian Chadd
4774b99992 [net80211] prepare for 11ac aware NICs that want to know per-vdev channel and centre frequencies.
* ic_freq is the centre of the primary channel, not the centre of the
  HT40/HT80/etc channel.  Add a method to access that.
* Add a method to access the centre of the primary channel, including
  knowing the centre of the 5/10/20/40/80, versus the primary channel.
  Ie, it's the centre of the 40, 80, 160MHz channel.
* Add a method to access the centre frequency of the secondary 80MHz
  channel - we don't support VHT yet, but when we do.
* Add methods to access the current channel and the per-dev desired
  channel.  Ideally drivers that do full offload with a per-vap channel
  configuration should use the vap channel, NOT ic_curchan.
  Non-offload drivers that require net80211 to change the channel should
  be accessing ic_curchan.
2016-12-03 02:45:18 +00:00
Adrian Chadd
5899368a8a [net80211] high oops on the high seas, or "god damnit compilers, it's 2016 and you're supposed to save me from this."
TODO:

* drink real coffee before committing in the morning, or there's a high
  risk of more obviously self-evident commits being turned into attempts
  at humour.

Reported by:	cem, Coverity CID 1366219
2016-11-22 17:36:16 +00:00
Adrian Chadd
e65d4e8abc [net80211] Only send out a probe request if we see an unknown IBSS node that matches our SSID. 2016-11-22 06:53:52 +00:00
Adrian Chadd
74a54be9a4 [net80211] store references to VHT and related IEs.
This just stores pointers to the IE; it doesn't yet parse anything.

Note: it blows out the size of ieee80211_node, so this will require
ye olde kernel/modules recompile.
2016-11-22 02:51:06 +00:00
Adrian Chadd
3d12d1f14f [net80211] Remove extra \n. 2016-11-22 02:02:13 +00:00
Adrian Chadd
869897d2e5 [net80211] flesh out more IBSS 11n support
* Pepper comments around which describe what state(s) we're in when faking
  up 11n nodes.
* By default don't fake it up as 11n until we properly negotiate the 11n
  capabilities using probe request/response frames.
* Send a probe request with our HT information, as the 802.11-2012 spec
  suggests.
* Reassociate with the driver if we've been promoted.

This is done because although learning a peer via beacons can learn 11n
state, learning peers via hearing probe frames and broadcast frames
does not.  Thus, sometimes you end up with an 11n peer in the peer
table and sometimes you don't.

Note that the probe request/response exchange may not actually succeed.
Ideally we'd put the peer into some blocking state until we've exchanged
probe request/reponse to learn capabilities, or we timeout and just
stay non-11n.

This is more an experiment to get 11n IBSS nodes actually discovering
each other and be able to transmit.  There are other issues that creep
up which I'll attempt to address in future commits.

Tested:

* AR9380 NICs in 11n mode.

Reviewed by:	avos
Differential Revision:	https://reviews.freebsd.org/D8365
2016-11-22 01:22:54 +00:00
Adrian Chadd
fe75b45213 [net80211] handle hardware encryption offload in the receive path
* teach the crypto modules about receive offload - although I have
  to do some further reviewing in places where we /can't/ have an RX key
* teach the RX data path about receive offload encryption - check the flag,
  handle NULL key, do decap and checking as appropriate.

Tested:

* iwn(4), STA mode
* ath(4), STA and AP mode
* ath10k port, STA mode (hardware encryption)

Reviewed by:	avos
Differential Revision:	https://reviews.freebsd.org/D8533
2016-11-19 02:00:24 +00:00
Adrian Chadd
e4ce50a443 [net80211] shuffle IEEE80211_C and HTC bits over to _ieee80211.h so userland can use this.
Reviewed by:	avos
Differential Revision:	https://reviews.freebsd.org/D8553
2016-11-18 21:12:13 +00:00
Imre Vadász
260b8f08e6 [net80211] Don't check bgscanidle setting in net80211 for full-offload scan.
If full-offload scan is used, the NIC driver (or rather the firmware of
the NIC) should take care of interrupting and continuing the background
scan. So net80211 should ignore the vap->iv_bgscanidle setting then, instead
the NIC driver might look at this setting and pass it on to the firmware
in some way if possible.

Since full-offload scans won't be explicitly interrupted by net80211, it
also doesn't really make sense to check the vap->iv_bgscanidle condition
in that case, before starting a background scan. If the NIC driver
advertises background scan support and full-offload scanning, the firmware
should be able to execute that scan without interfering too much with our
data traffic.

Reviewed by:	adrian, avos
Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D8539
2016-11-17 21:52:00 +00:00
Adrian Chadd
f8a67728f3 [net80211] announce 11n capabilities in probe requests in IBSS mode.
The 802.11-2012 specification notes that a subset of IEs should be present
in IBSS probe requests.  This is what (initially) allows nodes to discover
that other nodes are 11n capable.  Notably - HTCAP, but not HTINFO.

This isn't everything required to reliably enable 11n between net80211
peers; there's more work to come.

Tested:

* AR9380, IBSS+11n mode
2016-11-15 01:47:37 +00:00
Andriy Voskoboinyk
7db788c66f net80211: switch from ieee80211_iterate_nodes() to
ieee80211_iterate_nodes_vap() where possible; this should
make the code a bit cleaner.
2016-11-14 23:51:28 +00:00
Adrian Chadd
339be86fdb [net80211] implement "first RX defines the BAW" hack.
Unfortunately (sigh) some firmware doesn't provide the RX BA starting point,
so we need to cope and set a "close enough" sequence number so we (hopefully!)
don't discard frames as duplicates.

Tested:

* QCA9880v2, athp driver (under development), STA mode
2016-11-10 18:36:40 +00:00
Bryan Drewery
28323add09 Fix improper use of "its".
Sponsored by:	Dell EMC Isilon
2016-11-08 23:59:41 +00:00
Adrian Chadd
2b668041d1 [net80211] extend the net80211 ALQ code to support variable payloads.
Also - allow driver specific bits to be added, rather than just net80211.

This still isn't as useful as it should be by default; it needs to
be a standalone struct/instance so it can be done before net80211
registration occurs, and it can log per-device items.

But, it's getting there.
2016-11-06 19:18:25 +00:00
Adrian Chadd
0cc0288529 [net80211] add a method to also explicitly tear down RX A-MPDU.
The ath10k firmware API doesn't pass up the ADDBA/DELBA frames, only
WMI firmware notifications.

Tested:

* ath10k (QCA9880), doing actual (ha!) 11n!
2016-11-06 19:16:46 +00:00
Adrian Chadd
ee9d294b36 [net80211] begin fleshing out new hardware crypto offload features.
* extend the keycache flag word to be 32 bits, not 16 bits
* add new key flags for transmit:
  + IEEE80211_KEY_NOIV: Don't insert IV in the payload when transmitting data frames;
  + IEEE80211_KEY_NOIVMGT:  Don't insert IV in the payload when transmitting MIC frames;
  + IEEE80211_KEY_NOMIC: Don't insert MIC in the payload when transmitting data frames;
  + IEEE80211_KEY_NOMICMGT: don't insert MIC in the payload when transmitting management
    frames.

* teach ieee80211_crypto_demic() about hardware decrypted frames:
  + if frames are hardware decrypted and the frame has failed MIC, treat it as a
     michael failure.
  + if frames are hardware decrypted and the frame has stripped MIC, we can't check the
    MIC in the payload - we don't have anything to compare it against.

This is only part of the work required to successfully transmit/receive
hardware crypto frames such as the qualcomm atheros 11ac offload chips.

There will be further work in the transmit and receive path before this
can be done by default.

Reviewed by:	avos
Differential Revision:	https://reviews.freebsd.org/D8364
2016-11-05 22:41:22 +00:00
Adrian Chadd
f6c2cdb12f [net80211] add comments! 2016-10-28 02:10:07 +00:00
Adrian Chadd
020fe0de15 [net80211] don't abort a background scan upon reception of a single packet.
Full offload drivers don't need this behaviour - they do it in firmware.
2016-10-28 02:09:45 +00:00
Adrian Chadd
d24ac5fb28 [net80211] Add a variant on ieee80211_get_rx_params() that returns a pointer.
Be careful when calling this, as the underlying mbuf may change
afterwards - common in the RX path.
2016-10-23 08:21:35 +00:00
Adrian Chadd
561da369d7 [net80211] Add a macro to see if a frame is a management frame or not. 2016-10-23 08:19:43 +00:00
Adrian Chadd
84c7170e29 [net80211] Initial full-offload scan support.
This is a very simple addition to the net80211 scan support.

It doesn't implement a replacement scan interface - it just disables
the pieces that we should disable to make this lifecycle a bit
more managable.

There's more work to come before full scan offload support is available
but it should be good enough for driver work.

* add a flag to say "full offload"
* don't do probe requests when scanning full-offload - firmware can do that
* don't do powersave transitions and buffering - firmware can do that

tested:

* iwm(4) - STA mode
* ath10k port (local, not in freebsd-head yet)

Reviewed by:	avos
Differential Revision:	https://reviews.freebsd.org/D8262
2016-10-19 05:03:46 +00:00
Adrian Chadd
07ed811deb [net80211] add some more RX flags. 2016-10-17 04:30:10 +00:00
Adrian Chadd
562b9792f0 [net80211] remove now duplicate copy of the QOSDATA check macro. 2016-10-13 16:45:01 +00:00
Adrian Chadd
f3ef2aa1bd [net80211] add some more QoS frame subtypes. 2016-10-13 16:41:34 +00:00
Andriy Voskoboinyk
bdc7291ec9 net80211: convert all ieee80211_input_mimo*() consumers
to ieee80211_add_rx_params() + drop last (ieee80211_rx_stats) parameter

Note: there is an additional check for ieee80211_get_rx_params()
return value (which does not exist in the original diff).

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D8207
2016-10-12 20:50:13 +00:00
Adrian Chadd
e97796e2b6 [net80211] extend the ieee80211_rx_stats struct to include more information.
There are a variety of more interesting RX statistics that we should
keep track of but we don't.  This is a starting point for adding more
information.

Specifically:

* now the RX rate information and some of the packet status is
  passed up;
* The 32 bit or 64 bit TSF is passed up;
* the PHY mode is passed up;
* the "I'm decap'ed AMSDU!" state is passed up;
* number of RX chains is bumped to 4.

This is all mostly a placeholder for getting the data into the RX status
before we pass it up to net80211 - unfortunately we don't yet enforce
that drivers provide it, nor do we pass the provided info back up the
stack so anyone can use the data.

We're going to need to use some of this data moving forward.
Notably, now that some hardware can do AMSDU decap for us (the intel iwm
driver can do it when we flip it on; the ath10k port I'm doing does
it for us) then we need to pass it up through the stack so the duplicate
RX sequence numbers and crypto/IV details don't cause the packet to
be dropped and/or counted against a replay counter.

It's also the beginning of being able to do more interesting node
accounting in net80211.  Specifically, once drivers start populating
per-packet rate information, AMPDU information, timestamps, etc,
we can start providing histograms of rate-versus-RSSI, account
for receive time spent per node and other such interesting things.

(Note: I'm also hoping to include ranging and RTT information for
future chipset support; and it's likely going to include it in
this kind of fashion.)
2016-10-08 01:12:29 +00:00
Andriy Voskoboinyk
f6930bec33 net80211: ieee80211_ratectl*: switch to reusable KPI
Replace various void * / int argument combinations with common structures:
- ieee80211_ratectl_tx_status for *_tx_complete();
- ieee80211_ratectl_tx_stats for *_tx_update();

While here, improve amrr_tx_update() for a bit:
1. In case, if receiver is not known (typical for Ralink USB drivers),
refresh Tx rate for all nodes on the interface.
2. There was a misuse:
- otus(4) sends non-decreasing counters (as originally intended);
- but ural(4), rum(4) and run(4) are using 'read & clear' registers
to obtain statistics for some period of time (and those 'last period'
values are used as arguments for tx_update()). If arguments are not big
enough, they are just discarded after the next call.

Fix: move counting into *_tx_update()
(now otus(4) will zero out all node counters after every tx_update() call)

Tested with:
- Intel 3945BG (wpi(4)), STA mode.
- WUSB54GC (rum(4)), STA / HOSTAP mode.
- RTL8188EU (urtwn(4)), STA mode.

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D8037
2016-10-02 20:35:55 +00:00
Andriy Voskoboinyk
d2e877f0fa net80211: add one-vap version of ieee80211_iterate_nodes()
- Add a counter into 'struct ieee80211_node_table' to save current number
of allocated nodes.
(allows to remove array overflow checking in ieee80211_iterate_nodes()).
- Add ieee80211_iterate_nodes_vap() function; unlike non-vap version,
it iterates on nodes for specified vap only.

In addition to the above:
- Remove ieee80211_iterate_nt(); it is not used by drivers / net80211
outside ieee80211_iterate_nodes() function + cannot be separated due
to structural changes in code.

Since size of 'struct ieee80211_node_table' (part of ieee80211com,
which is a part of driver's softc) is changed all wireless drivers /
kernel need to be recompiled.

Tested with wpi(4), STA mode.

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D7996
2016-10-02 19:39:23 +00:00
Andriy Voskoboinyk
f8312481e5 net80211: do not cancel scan when packet is sent.
Restore pre-r300383 behavior when a frame is sent:
- stop scan;
- send frame;
- when beacon arrives and our bit in TIM is not set - restart the scan.

NOTE:
Ideally, this should introduce new interface (ieee80211_pause_anyscan());
however, since ieee80211_cancel_anyscan() is not used by drivers and only
called by ieee80211_start_pkt() the current patch overrides it's behavior
instead.

Tested with Intel 3945BG, STA mode

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D7979
2016-09-30 18:43:39 +00:00
Adrian Chadd
172b009aef [net80211] don't add IBSS node table entries for neighbors from other SSIDs.
The adhoc probe/beacon input path was creating nodes for all SSIDs.
This wasn't a problem when the NICs were configured to only process
frames for the current BSSID, but that didn't allow IBSS merges.
Once avos and I flipped on "beacons from all BSSIDs" to allow for
correct IBSS merging, we found this interesting behaviour.

This adds a check against the current SSID.

* If there's no VAP SSID, allow anything
* If there's a VAP SSID, check if the incoming frame has a suitable
  SSID and if so, allow it.

This prevents nodes being created for other SSIDs in probe and beacon
frames - ie, beacons overlapping IBSSes with different SSIDs, and
probe requests from arbitrary devices.

Tested:

* AR9380, IBSS mode, both local and other IBSSes.

Reviewed by:	avos
Differential Revision:	https://reviews.freebsd.org/D7959
2016-09-21 19:48:07 +00:00
Adrian Chadd
f383e58f2e [net80211] add a HT method to populate HTCAP based on IBSS requirements.
IBSS negotiation is a subset of the STA/AP negotiation.  We always have a
current channel, so base the HT capabilities on the current channel.
This is then put into IBSS probe requests to inform peers of our
11n capabilities.
2016-09-17 05:44:57 +00:00
Andriy Voskoboinyk
5d7c8f2065 net80211: allow to override SWCRYPT/SWMIC bits in the driver
Add IEEE80211_KEY_SWCRYPT / IEEE80211_KEY_SWMIC bits to the
IEEE80211_KEY_DEVICE mask - as a result, those bits will be preserved
during group key handshake.

A driver can override them in iv_key_alloc() for some keys in case
when hardware crypto support is not possible. As an example:
 - multi-vap without multicast key search support;
 - IBSS RSN for devices w/ fixed storage for group keys;

Tested with RTL8188EU (AP, sw crypto) and
RTL8821AU (STA, sw crypto for group keys + hw crypto for pairwise keys)

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D7901
2016-09-15 22:27:00 +00:00
Andriy Voskoboinyk
95d9a127b2 net80211: improve error checking in ieee80211_parse_{wpa,rsn}()
- Add few checks for group/pairwise ciphers into
ieee80211_parse_{wpa,rsn}().
- Split error code and cipher value in wpa_cipher() / rsn_cipher(); current
hack with (1 << 32) does not work - it's 1, not 0 (detected by CSA).
- Return IEEE80211_REASON_UNSUPP_RSN_IE_VERSION instead of
IEEE80211_REASON_IE_INVALID when version field is not equal to RSN_VERSION.

Tested with wpi(4) / urtwn(4) (HOSTAP mode).

Reviewed by:	adrian
Differential Revision:	https://reviews.freebsd.org/D7887
2016-09-13 22:59:38 +00:00
Andriy Voskoboinyk
04a5c73b30 net80211: fix possible panic in adhoc mode (INIT -> RUN state transition).
In case if there is already running interface, a second non-sta
interface will omit scanning, going directly to RUN state. Handle
this case for adhoc mode appropriately.

Tested with RTL8821AU, 2 vaps in IBSS mode.
2016-09-12 23:00:31 +00:00
Adrian Chadd
c028fb5098 [net80211] add in ToA/ToD based location mbuf tags for some experimenting. 2016-09-09 04:47:48 +00:00
Adrian Chadd
c7ee5294ca [net80211] correctly lock the ifp before accessing the lladdr.
Tested by: dhw
2016-08-18 01:25:12 +00:00
Pedro F. Giffuni
a061aa46fe sys: replace comma with semicolon when pertinent.
Uses of commas instead of a semicolons can easily go undetected. The comma
can serve as a statement separator but this shouldn't be abused when
statements are meant to be standalone.

Detected with devel/coccinelle following a hint from DragonFlyBSD.

MFC after:	1 month
2016-08-09 19:42:20 +00:00
Adrian Chadd
eb81dc79e9 Extract out the various local definitions of ETHER_IS_BROADCAST() and
turn them into a shared definition.

Set M_MCAST/M_BCAST appropriately upon packet reception in net80211, just
before they are delivered up to the ethernet stack.

Submitted by:	rstone
2016-08-07 03:48:33 +00:00
Adrian Chadd
eec8884595 [net80211] teach AMRR to log the initial MCS rate as "MCS X"
Otheriwse it logs it as the rate value, which is 0x80 (MCS flag) + MCS,
which isn't that helpful.

Approved by:	re (gjb)
2016-07-01 19:58:13 +00:00
Andriy Voskoboinyk
cdc0cf21eb net80211: fix LOR/deadlock in ieee80211_ff_node_cleanup().
Add new lock for stageq (part of ieee80211_superg structure) and
ni_tx_superg (part of ieee80211_node structure);
drop com_lock protection where it is used to protect them.

While here, drop duplicate OPACKETS counter incrementation.

ni_tx_ampdu is not protected with it (however, it is also used without
locking in other places; probably, it requires some other solution
to be thread-safe).

Tested with RTL8188CUS (AP) and RTL8188EU (STA).

NOTE: Since this change breaks KBI, all wireless drivers need to be
recompiled.

Reviewed by:	adrian
Approved by:	re (gjb)
Differential Revision:	https://reviews.freebsd.org/D6958
2016-06-29 17:25:46 +00:00
Adrian Chadd
a56a0ef314 [net80211] re-revert the ibss "is this local to the bss" patch.
avos@ pointed out to me that this broke IBSS merging because the rest of
the input path no longer was called for non-IBSS frames.

I committed a change to not input non-IBSS frames, which stopped
nodes being created for BSSes that weren't ours.  Unfortunately
thta stopped the input path for non-IBSS frames in general,
so the management input path didn't work.

So, I'll revert this until I come up with a better solution.
(Hopefully before 11.)

Reviewed by:	avos
Approved by:	re (gjb)
2016-06-25 20:31:20 +00:00
Adrian Chadd
03475bd01a [net80211] remove node scan lock / generation number + fix few LORs
Drop scan generation number and node table scan lock - the only place
where ni_scangen is checked is in ieee80211_timeout_stations() (and it
is used to prevent duplicate checking of the same node); node scan lock
protects only this variable + node table scan generation number.

This will fix (at least) next LOR (hostap mode):

lock order reversal:
1st 0xc175f84c urtwm0_scan_loc (urtwm0_scan_loc) @ /usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c:2019
2nd 0xc175e018 urtwm0_com_lock (urtwm0_com_lock) @ /usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c:2693
stack backtrace:
#0 0xa070d1c5 at witness_debugger+0x75
#1 0xa070d0f6 at witness_checkorder+0xd46
#2 0xa0694cce at __mtx_lock_flags+0x9e
#3 0xb03ad9ef at ieee80211_node_leave+0x12f
#4 0xb03afd13 at ieee80211_timeout_stations+0x483
#5 0xb03aa1c2 at ieee80211_node_timeout+0x42
#6 0xa06c6fa1 at softclock_call_cc+0x1e1
#7 0xa06c7518 at softclock+0xc8
#8 0xa06789ae at intr_event_execute_handlers+0x8e
#9 0xa0678fa0 at ithread_loop+0x90
#10 0xa0675fbe at fork_exit+0x7e
#11 0xa08af910 at fork_trampoline+0x8

In addition to the above:

* switch to ieee80211_iterate_nodes();
* do not assert that node table lock is held, while calling node_age();
  that's not really needed (there are no resources, which can be protected
  by this lock) + this fixes LOR/deadlock between ieee80211_timeout_stations()
  and ieee80211_set_tim() (easy to reproduce in HOSTAP mode while
  sending something to an STA with enabled power management).

Tested:

* (avos) urtwn0, hostap mode
* (adrian) AR9380, STA mode
* (adrian) AR9380, AR9331, AR9580, hostap mode

Notes:

* This changes the net80211 internals, so you have to recompile all of it
  and the wifi drivers.

Submitted by:	avos
Approved by:	re (delphij)
Differential Revision:	https://reviews.freebsd.org/D6833
2016-06-19 07:31:02 +00:00
Andriy Voskoboinyk
c8898568fd net80211: discard an injected frame if it is smaller than header length.
Do not try to pass such frames; a correct frame cannot be smaller than
(the corresponding) header size.
(for wpi(4) an additional check was added in r289012).

PR:		144987
2016-06-09 13:42:18 +00:00
Andriy Voskoboinyk
4d4d5e2508 net80211: fix duplicate packet counter incrementation.
Remove 'if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);' from raw xmit
and apbridge path; it will be incremented by ieee80211_tx_complete()
after packet transmission.

Noticed by:	Imre Vadasz <imre@vdsz.com>
2016-06-09 08:19:42 +00:00
Andriy Voskoboinyk
18d20be00f net80211: replace m_getcl/m_gethdr pair with m_get2 in ieee80211_fragment()
- Switch to m_get2() for mbuf allocation instead of manual mbuf size
determination.
- Reuse MIN() macro for mbuf size selection.
2016-05-28 19:13:39 +00:00