o add ic_flags_ext for eventual extention of ic_flags
o define/reserve flag+capabilities bits for superg,
bg scan, and roaming support
o refactor debug msg macros
MFC after: 3 days
we bailed if we couldn't collect the 16-bytes of data required
for an aes block cipher in 2 mbufs; now we deal with it. While
here make space accounting signed so a sanity check does the
right thing for malformed mbuf chains.
Approved by: re (scottl)
legacy parts (i.e. those that have 4 global key slots). We
blindly assign unicast keys to key slot 0. Devices that need
alternate allocation logic must override this method.
Reviewed by: avatar
Approved by: re (scottl)
don't mark the MORE_DATA bit when taking it off the ps queue, there's
no 802.11 header then; we must wait to do this at encap time so
mark the mbuf instead.
Reviewed by: avatar
Approved by: re (scottl)
Obtained from: Atheros
stations in ap mode. Track when a node's first auth frame is
received and use this to decide whether or not to bump the refcnt.
This insures we only ever bump the refcnt once.
Reviewed by: avatar
Approved by: re (scottl)
This fixes duplicative BSS entries(memory leaks as well) listed in
"ifconfig dev list scan" when a station fails to associate with an AP.
Reviewed by: sam
Approved by: re (scottl)
fixes a ref cnt leak
o make unicast key handling on delete identical to set
o change legacy wep key api to reset the 802.11 state
machine for backwards compatibility
Reviewed by: avatar
Approved by: re (scottl)
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.
This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.
Other changes of note:
- Struct arpcom is no longer referenced in normal interface code.
Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
To enforce this ac_enaddr has been renamed to _ac_enaddr.
- The second argument to ether_ifattach is now always the mac address
from driver private storage rather than sometimes being ac_enaddr.
Reviewed by: sobomax, sam
it; instead pass the space occupied by the header down into the
crypto modules (except in the demic case which needs it only when
doing int in s/w)
o while here fix defrag to strip the header from 2nd and later frames
o teach decap code how to handle 4-address frames
or a bssid+ssid. This is needed for later versions of wpa_supplicant
and for forthcoming addons to wpa_supplicant.
Note this is an api change and applications must be rebuilt.
o don't pre-assign key index to the global key table entries so device
has a chance to decide what to use
o make ieee80211_crypto_newkey take the desired flags as an argument
instead of wacking the key structure directly; this eliminates a
bunch of code warts
o add a new flag IEEE80211_KEY_GROUP to indicate a key is a WPA Group
key so devices don't need to guess (temporarily add this flag in the
ioctl code until we can get wpa_supplicant+hostapd updated)
o shuffle IEEE80211_KEY_* bits to move flags used internally to the high
nibble of the flags word
Reviewed by: Tai-hwa Liang
panic with the NDISulator if you did "ifconfig ndis0 10.0.0.1/24,"
whereas "ifconfig ndis0 10.0.0.1/24 up" worked fine. The double fault
was caused by the ifconfig thread running out of kernel stack space.
(This was partly due to the NDIsulator using a couple of big buffers on
the stack, but even after fixing that the double fault persisted.)
It turns out that ndis_init() is called in both cases, but in the first
case the code path passes through ieee80211_ioctl(), and it turns out
ieee80211_ioctl() consumes a whopping 2400 bytes of stack space.
Apparently, gcc -O2 causes the ieee80211_ioctl_get80211() routine to
be inlined into ieee80211_ioctl(), and for some reason which I do not
fully understand, this causes ieee80211_ioctl() to consume an extra 2K
of stack space.
To prevent this overly agressive optimization, ieee80211_ioctl_get80211()
is now declared with __attribute__ ((noinline)). With this change,
ieee80211_ioctl() now only reserves about 200 bytes of stack instead of 2400.
frame includes FCS (requires applications to be updated, but since
we weren't doing the out-of-line FCS stuff anyway app changes
were needed already)
o add a flag to indicate padding exists between the 802.11 header and
the payload (e.g. for Atheros cards)
o diff reducation against netbsd
MFC after: 1 week
happen on the first management frame received from a neighbor; we assume
any merge candidate will send more frames and those should be processed
with a suitable table entry.
Stepped on by: Tai-hwa Liang
Hold a lock on the table instead of futzing with reference counts which
was potentially dangerous except drivers were quiescent while we did this
so the table contents never changed. Disable the hack logic for removing
scan candidates with multiple association failures; it's never done the
right thing and will be fixed correctly with background scanning goes in.
not we're going to process the frame; this makes the counters reflect frames
actually processes instead of received (discarded frames were already counted)
o ic_inact_auth is a bad name, it's the inactivity threshold
for being associated but not authorized; use it that way
o reset ni_inact when switching inactivity thresholds to
minimize the race against the timer (don't want to lock
for this stuff)
o change the inactivity probe threshold from a one-shot to
cover a range: when below this threshold but not expired
send a probe each inactivity interval; should probably
guard against the interval being turned way down as this
could cause us to spam the net with probes
we're at it:
o WPA/802.11i has a unicast key and a group key; in station mode
everything is sent with the unicast key--we were consulting the
destination mac address and incorrectly using the group key
o (perpetuate fallback use of the default tx key to maintain
compatibility with the way wpa_supplicant works)
o correct EAPOL encryption logic to check unicast key instead
of assuming other state implies this
o move QoS encapsulation up to before enmic work so TKIP has the
information required to calculate the pseudo-header
o do not do QoS-encapsulation of EAPOL frames as some ap's do the
wrong thing with such frames (may need to revisit this if ap's
start dropping non-QoS frames from stations assoc'd with QoS)
o move ieee80211_mbuf_adjust closer to its caller
