Commit Graph

17 Commits

Author SHA1 Message Date
Andriy Voskoboinyk
0046e1868f net80211 drivers: fix ieee80211_init_channels() usage
Fix out-of-bounds read (all) / write (11n capable) for drivers
that are using ieee80211_init_channels() to initialize channel list.

Tested with:
 * RTL8188EU, STA mode.
 * RTL8188CUS, STA mode.
 * WUSB54GC, HOSTAP mode.

Approved by:	adrian (mentor)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D4818
2016-01-07 18:41:03 +00:00
Andriy Voskoboinyk
bdfff33ff6 net80211: remove hardcoded slot time durations from drivers
- Add IEEE80211_GET_SLOTTIME(ic) macro.
- Use predefined macroses to set slot time.

Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D4044
2015-12-13 20:48:24 +00:00
Adrian Chadd
6933fefb10 otus(4) - add flags for RX filter, configuration and sniffer.
Obtained from:	Linux carl9170
2015-11-06 03:09:26 +00:00
Andriy Voskoboinyk
a14954c5d6 net80211: WME callback cleanup in various drivers
Since r288350, ic_wme_task() is called via ieee80211_runtask(),
so, any additional deferring from the driver side is not needed.

Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D4072
2015-11-05 17:58:18 +00:00
Adrian Chadd
a181f63f0d otus(4) - monitor mode fixes, large-mbuf crash fix
* refactor out the rx filter and operating mode code into a separate
  method.
* add some comments about what's left with setting the operating mode
  based on what carl9170 does.
* comment out some init from otus_init_mac() - it's no longer needed as
  it's always init'ed now.
* add debugging and a missing return around a failure to call m_get2() -
  during monitor mode operation I found RXing of frames > 2k, which
  fails allocation.  I'm sure they're valid (it's configuring 11n RX and
  receiving 11n frames even though the driver doesn't "do" 11n)
  and may be A-MSDU; but allocations fail and we should handle that
  gracefully.

Tested:

* UB82 reference NIC (AR9170 + AR9104 2x2 dual band NIC); STA and
  monitor mode operation.
2015-10-27 00:57:06 +00:00
Adrian Chadd
8f335b62c1 otus(4) - add missing ieee80211_free_node() call. 2015-10-23 02:09:23 +00:00
Adrian Chadd
b0f4d8f05a otus(4) - demagicify register names.
Obtained from:	Linux carl9170 hw.h
2015-10-23 02:08:47 +00:00
Adrian Chadd
5433f3578a otus(4): begin supporting raw transmit parameters in otus_tx()
* Add a comment about the parameters I should support, stolen shamelessly
  from iwn(4);
* Implement the rate bit for the raw transmit path;
* Print out the host-order versions of each of the transmit bits, so
  I have a hope in heck of debugging why things are going wrong.

This still doesn't fix 5GHz in the office but that's likely due to a lot
of other configuration parameters being 2GHz-specific.  That'll come next.

Tested:

* AR9170 + AR9103 (2/5GHz) 2x2, 5GHz association
2015-10-23 00:48:00 +00:00
Adrian Chadd
02b3773ac4 otus(4) - use the local node alloc function so there's space for statistics.
* Use the correct malloc type for node allocation - M_80211_NODE - so
  the default node free method in net80211 will work correctly.
* Fix otus_node_alloc() to suit FreeBSD's net80211.
* .. and actually call otus_node_alloc() so there's space for the
  per-node tx statistics.  Otherwise, well, it will be scribbling over
  random memory.

Tested:

* AR9170, STA mode
2015-10-19 01:21:29 +00:00
Adrian Chadd
fd7b55de48 otus(4) - add initial monitor mode; use lowest rate for EAPOL
The monitor mode stuff is from the openbsd driver, but it doesn't
100% work.  It doesn't seem to get all frames for all BSSes.
However, it's enough to at start debugging things.  That 0xffffffff
write is /I think/ the RX filter, but I am still not 100% sure about
it all.

Then, whilst here, use the lowest rate for EAPOL frames.  This is just
generally a good thing to do.
2015-10-19 01:14:26 +00:00
Adrian Chadd
4f4a7a03ce net80211 drivers: eliminate any references to sc_rxtap_len/sc_txtap_len (never used here)
Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3776
2015-10-12 05:21:51 +00:00
Adrian Chadd
d957a93abe net80211: move ieee80211_free_node() call on error from ic_raw_xmit() to ieee80211_raw_output().
This doesn't free the mbuf upon error; the driver ic_raw_xmit method is still
doing that.

Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3774
2015-10-12 04:55:20 +00:00
Kevin Lo
c99a4e8a47 Declare odata as a pointer type instead of a pointer to pointer.
Reviewed by:	adrian
2015-10-07 03:33:25 +00:00
Adrian Chadd
c74d474720 if_otus fixes; add fast-frames support.
Fast-frames:

* include opt_wlan.h ; tsk to not doing it earlier;
* add a tx pending tracking counter for seeing how deep
  the hardware TX queue is;
* add the frame aging code from if_ath;
* add fast-frames capability to the driver setup.

Bugs:

* free the buffers (and node references) before
  detaching net80211 state.  This prevents a use-after-free in
  the node free path where we've destroyed net80211 underneath it.
2015-09-28 01:09:48 +00:00
Adrian Chadd
c4dabdf78a Track the command response code buffer size and verify it in the
receive path.
2015-09-27 03:46:55 +00:00
Adrian Chadd
436ed6b50d Fix a bug in the TX command handling - log when a too-large payload is
sent, and fix a bug I found when doing so.
2015-09-26 07:14:00 +00:00
Adrian Chadd
a9fcb51fbb Add an initial driver for the AR9170 series draft-11n hardware from
Atheros.

Thanks to OpenBSD for providing a driver based on the original
Atheros open source driver circa 2008.  This uses the early, pre-carl9170
atheros provided firmware.

It only supports 11bg at the moment.  I've not tested it with 11a
(and so the TX rate control logic may be slightly wrong!) so if
you do have the dual-band version of this hardware please do let me know.

Tested:

* AR9170, TP-Link WN821N 2GHz.

TODO:

* Hook this up to a non-module build.
2015-09-26 07:08:35 +00:00