Commit Graph

1258 Commits

Author SHA1 Message Date
avos
bbef05d1dc net80211: reduce code duplication
Do not duplicate code between IEEE80211_IOC_WPAIE and IEEE80211_IOC_WPAIE2
switch cases.

Approved by:	adrian (mentor)
Differential Revision:	D5041 (part)
2016-01-24 23:28:14 +00:00
melifaro
14cf7637d1 Remove sys/eventhandler.h from net/route.h
Reviewed by:	ae
2016-01-09 09:34:39 +00:00
adrian
eee99444ca [net80211] fix duration field; it's unsigned, but not long.
Submitted by:	Imre Vadasz <imre@vdsz.com>
Obtained from:	DragonflyBSD
2016-01-04 17:17:06 +00:00
adrian
9b181806d2 [net80211] document the (not completely complete) set of places where
we're assuming hz=1000 and not gracefully handling when it isn't.

The math involved will return 0 for hz < 1000, which it is on some
platforms and on DragonflyBSD.

This doesn't fix it, it:

* converts one manual use over to use the macro, and
* comments where it needs some thought/fixing.

I'll think about this a bit more before fixing it.

Submitted by:	imre@vdsz.com
2016-01-01 00:21:07 +00:00
avos
093224c446 net80211: remove hardcoded slot time durations from drivers
- Add IEEE80211_GET_SLOTTIME(ic) macro.
- Use predefined macroses to set slot time.

Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D4044
2015-12-13 20:48:24 +00:00
adrian
87db22d33b [net80211] decode WPA cipher config '0' as "clear cipher config".
wpa_supplicant actually calls the wpa ioctl with cipher 0 as part
of the teardown process and this returns an ioctl error.

It's required as part of the (hopefully!) upcoming encrypted
IBSS support which does indeed do the above as part of interface
setup and then exits ungracefully when it gets an ioctl error.

(I'll fix wpa_supplicant in a later commit as part of other work.)
2015-11-26 01:54:58 +00:00
adrian
717f46c529 [net80211] log the A-MPDU setup attempt count as part of debugging.
I've seen some cases where we get stuck in a loop constantly trying to
negotiate A-MPDU TX which is definitely not supposed to happen.
This will let me see if it's something funky with the retry count or
not.
2015-11-25 18:16:42 +00:00
avos
ad82a0b990 net80211: add ieee80211_restart_all() call.
This call may be used when device cannot continue to operate normally
(e.g., throws firmware error, watchdog timer expires)
and need to be restarted.

Approved by:	adrian (mentor)
Differential Revision:	https://reviews.freebsd.org/D3998
2015-10-27 20:40:57 +00:00
adrian
ddc10d6668 net80211: move ieee80211_free_node() call on error from ic_raw_xmit() to ieee80211_raw_output().
This doesn't free the mbuf upon error; the driver ic_raw_xmit method is still
doing that.

Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3774
2015-10-12 04:55:20 +00:00
adrian
5a44e8c44b net80211: free node reference in the ieee80211_parent_xmitpkt() when error happened.
Move error handling into ieee80211_parent_xmitpkt() instead of spreading it
between functions.

Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3772
2015-10-12 04:30:38 +00:00
adrian
9c9f0d74e1 net80211: separate mbuf cleanup from ieee80211_fragment()
* Create ieee80211_free_mbuf() which frees a list of mbufs.
* Use it in the fragment transmit path and ath / uath transmit paths.
* Call it in xmit_pkt() if the transmission fails; otherwise fragments
  may be leaked.

This should be a big no-op.

Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3769
2015-10-12 03:27:08 +00:00
adrian
c43d61450f net80211: reduce code duplication in the ieee80211_ioctl_setwmeparam() + fix comments.
Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3701
2015-10-03 22:38:08 +00:00
adrian
974eef1704 net80211: drop ieee80211_beacon_offsets parameter from ieee80211_beacon_alloc() and ieee80211_beacon_update()
Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3659
2015-10-03 22:12:25 +00:00
adrian
53df85edd1 net80211: drop redundant 3rd parameter from iv_key_set().
The MAC can be fetched from the key struct.

I added the ndis updates to make it compile.

Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3657
2015-10-03 21:48:27 +00:00
adrian
792bb43e5b net80211: add a possibility to retrieve current TX key without encapsulation.
Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3639
2015-10-03 00:57:33 +00:00
adrian
49776fea0a net80211: add new method for ieee80211_cipher (ic_setiv).
This can be used to update IV state for the caller without adding
information to the mbuf.  Some hardware (eg rum) apparently requires
bits of this.

Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3638
2015-10-03 00:50:13 +00:00
adrian
961b8fe9bb net80211: get rid of tx_phase1_done flag (ieee80211_crypto_tkip.c).
Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3596
2015-10-03 00:03:07 +00:00
adrian
0b352922f5 net80211: separate ieee80211_crypto_get_keyid() from ieee80211_crypto_encap()
Tested:

* rum(4), STA mode
* rsu(4), STA mode
* urtwn(4), STA mode

Submitted by:	<s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3637
2015-10-02 21:25:48 +00:00
adrian
d57d798111 Fix neeed -> neeeded.
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3595
2015-10-02 02:21:36 +00:00
adrian
f3ace065cb Defer calling into the driver to update the QOS (WME) configuration.
This gets called from the driver RX path which leads to driver re-entry.
2015-09-29 03:40:21 +00:00
adrian
3868cd13d7 Remove some debugging that wasn't supposed to be there. 2015-09-28 06:26:46 +00:00
adrian
9f48c0215b Migrate the fast-frames transmit support away from using the txa_private
field and into a separate fast-frames staging pointer in ieee80211_node.

The A-MPDU TX path allows txa_private to be used by drivers.  So it will
clash with any attempt to use fast-frames.  Now, fast-frames is not really
anything special - it's just a custom ethernet frame type that contains
two MSDUs into one MPDU.  So all the NIC has to support doing is transmitting
up to a 4KiB frame with an arbitrary ethertype and bam! Fast-frames.
However, using txa_private means we can /either/ do fast-frames or A-MPDU TX,
so fast frames has been turned off in the Atheros HAL for 11n chipsets.
This is a bit silly - it actually means that 802.11 performance to/from
11abg Atheros chips is actually better than between an 11abg atheros device
and an 11n Atheros device.

So:

* create a new mbuf staging queue for fast frames.  It only queues a single
  frame in the staging queue (and there's a top-level ic staging queue
  used for expiry/tracking) so it's just an mbuf pointer per TID.

* Still use the ampdu TX packet counter to determine whether to do
  aggregation or not.  It'll double count if we start doing both A-MPDU TX
  and fast frames, but that's not all that important right now.

* Initialise the pps tracker so ticks isn't zero.  This ensures that
  fast-frames actually gets used - without it, the ticks math overflows
  and the pps math always sets txa_pps=0.  This is the same bug that
  plagued A-MPDU TX starting logic.

This actually allows fast-frames transmit to occur between the AR9331
(in 11n HT/20 mode) and AR9170 (if_otus) in 11bg mode.

Now, this is a great big no-op on atheros 11n hardware, so don't worry.
It may mean you start seeing more reliable fast-frames transmission on
11abg hardware which may expose some more amusing bugs.

TODO:

* further testing and debugging of all of this before flipping on
  fast-frames in if_ath (for 11n) and if_otus.
2015-09-28 00:59:07 +00:00
adrian
4c97ea521c Comments, mostly to remind myself of what's going on and why. 2015-09-28 00:51:24 +00:00
adrian
eb19154b86 Abstract out the ampdu TX pps initialisation code so it can be reused
in the superg fast-frames code.

This harks back to an earlier commit (r280349) where I found that
initialising the pps code with ticks=0 would cause hilariously bad
hz ticks wraparound failures, leading to never actually aggregating
traffic.  This is still true for the superg path and so I have to
do the same thing there.

This is a big no-op; a subsequent commit will flip this on so it
works with the fast-frames transmit path.

Tested:

* AR9170, otus(4) - STA mode, 11bg operation
* AR9331, AP mode
2015-09-28 00:17:51 +00:00
adrian
f0c602f715 Perform some rather amusing layering violations to add mbuf tags to the
net80211 receive path.  This allows drivers (notably USB right now, but
anything/everything!) to optionally defer bulk RX of 802.11 frames until
/outside/ of the driver lock(s), rather than doing:

UNLOCK(sc);
ieee80211_input*()
LOCK(sc);

.. which is really stupid.

The existing API is maintaned - if ieee80211_input() / ieee80211_input_all()
is called then the RSSI/NF values are used.  If the MIMO versions are called
with a given rx status pointer then it's used. Else, it'll use whatever
is in the RX mbuf tag.
2015-09-26 00:53:37 +00:00
adrian
f5a18ee76c net80211: include one copy of struct ieee80211_beacon_offsets into ieee80211vap
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3658
2015-09-22 06:34:07 +00:00
adrian
238d4c1fe4 Remove duplicate use of RV(), LE_* and other macros.
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3705
2015-09-22 02:25:52 +00:00
adrian
b71d742dc5 Add external facing methods to control TX A-MPDU negotiaton.
Some fullmac devices may rely on the stack starting it but not doing it.

Whilst here, remove a duplicate LE_* macro definition, thanks to
Andriy Voskoboinyk <s3erios@gmail.com>.
2015-09-22 02:25:29 +00:00
adrian
9ddda59a98 Define a rateval macro that drivers tend to hard-code.
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
Differential Revision:	https://reviews.freebsd.org/D3705
2015-09-22 02:24:13 +00:00
adrian
e1e1523f67 Add an external facing function to manually set the RX A-MPDU parameters
for re-ordering.

Devices like if_rsu don't pass through action/management frames but do send
firmware commands to inform us of things.  One of those notifications is
the RX A-MPDU negotiated parameters.
2015-09-18 05:01:05 +00:00
adrian
0ea2540bfd Expose the wme_info IE method. 2015-09-18 04:01:26 +00:00
glebius
619aca846f Replay r286410. Change KPI of how device drivers that provide wireless
connectivity interact with the net80211 stack.

Historical background: originally wireless devices created an interface,
just like Ethernet devices do. Name of an interface matched the name of
the driver that created. Later, wlan(4) layer was introduced, and the
wlanX interfaces become the actual interface, leaving original ones as
"a parent interface" of wlanX. Kernelwise, the KPI between net80211 layer
and a driver became a mix of methods that pass a pointer to struct ifnet
as identifier and methods that pass pointer to struct ieee80211com. From
user point of view, the parent interface just hangs on in the ifconfig
list, and user can't do anything useful with it.

Now, the struct ifnet goes away. The struct ieee80211com is the only
KPI between a device driver and net80211. Details:

- The struct ieee80211com is embedded into drivers softc.
- Packets are sent via new ic_transmit method, which is very much like
  the previous if_transmit.
- Bringing parent up/down is done via new ic_parent method, which notifies
  driver about any changes: number of wlan(4) interfaces, number of them
  in promisc or allmulti state.
- Device specific ioctls (if any) are received on new ic_ioctl method.
- Packets/errors accounting are done by the stack. In certain cases, when
  driver experiences errors and can not attribute them to any specific
  interface, driver updates ic_oerrors or ic_ierrors counters.

Details on interface configuration with new world order:
- A sequence of commands needed to bring up wireless DOESN"T change.
- /etc/rc.conf parameters DON'T change.
- List of devices that can be used to create wlan(4) interfaces is
  now provided by net.wlan.devices sysctl.

Most drivers in this change were converted by me, except of wpi(4),
that was done by Andriy Voskoboinyk. Big thanks to Kevin Lo for testing
changes to at least 8 drivers. Thanks to pluknet@, Oliver Hartmann,
Olivier Cochard, gjb@, mmoll@, op@ and lev@, who also participated in
testing.

Reviewed by:	adrian
Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2015-08-27 08:56:39 +00:00
adrian
2af8300f0a Reset the channel to the first available channel if the interface
is configured on a channel that isn't valid in the new operating mode.

This isn't strictly true - it should find the first channel that is
available for the given operating mode.

However, I think defaulting to the first channel is fine - it's typically
available for all modes.

If someone would like to correctly implement this feature - try to
find a channel that is valid for the given operating mode and error
out if we can't find one.

This prevents various NICs (eg wpi(4)) from throwing a firmware error.

Tested:

* ath(4), STA/AP mode
* iwn(4), STA/adhoc mode

PR:		kern/202502
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
2015-08-23 01:17:52 +00:00
adrian
bad6d5c89b Revert the wifi ifnet changes until things are more baked and tested.
* 286410
* 286413
* 286416

The initial commit broke a variety of debug and features that aren't
in the GENERIC kernels but are enabled in other platforms.
2015-08-08 01:10:17 +00:00
glebius
eb8a90b859 Change KPI of how device drivers that provide wireless connectivity interact
with the net80211 stack.

Historical background: originally wireless devices created an interface,
just like Ethernet devices do. Name of an interface matched the name of
the driver that created. Later, wlan(4) layer was introduced, and the
wlanX interfaces become the actual interface, leaving original ones as
"a parent interface" of wlanX. Kernelwise, the KPI between net80211 layer
and a driver became a mix of methods that pass a pointer to struct ifnet
as identifier and methods that pass pointer to struct ieee80211com. From
user point of view, the parent interface just hangs on in the ifconfig
list, and user can't do anything useful with it.

Now, the struct ifnet goes away. The struct ieee80211com is the only
KPI between a device driver and net80211. Details:

- The struct ieee80211com is embedded into drivers softc.
- Packets are sent via new ic_transmit method, which is very much like
  the previous if_transmit.
- Bringing parent up/down is done via new ic_parent method, which notifies
  driver about any changes: number of wlan(4) interfaces, number of them
  in promisc or allmulti state.
- Device specific ioctls (if any) are received on new ic_ioctl method.
- Packets/errors accounting are done by the stack. In certain cases, when
  driver experiences errors and can not attribute them to any specific
  interface, driver updates ic_oerrors or ic_ierrors counters.

Details on interface configuration with new world order:
- A sequence of commands needed to bring up wireless DOESN"T change.
- /etc/rc.conf parameters DON'T change.
- List of devices that can be used to create wlan(4) interfaces is
  now provided by net.wlan.devices sysctl.

Most drivers in this change were converted by me, except of wpi(4),
that was done by Andriy Voskoboinyk. Big thanks to Kevin Lo for testing
changes to at least 8 drivers. Thanks to Olivier Cochard, gjb@, mmoll@,
op@ and lev@, who also participated in testing. Details here:

https://wiki.freebsd.org/projects/ifnet/net80211

Still, drivers: ndis, wtap, mwl, ipw, bwn, wi, upgt, uath were not
tested. Changes to mwl, ipw, bwn, wi, upgt are trivial and chances
of problems are low. The wtap wasn't compilable even before this change.
But the ndis driver is complex, and it is likely to be broken with this
commit. Help with testing and debugging it is appreciated.

Differential Revision:	D2655, D2740
Sponsored by:	Nginx, Inc.
Sponsored by:	Netflix
2015-08-07 11:43:14 +00:00
adrian
e853cb9f9b Break out the current 802.11 software scan methods into an indirect table.
In order for drivers to provide an alternate set of scan methods,
these have to finally use an indirection table and all of the calls
in ieee80211_scan.c need to use said table.

For all existing drivers - this is basically a glorified, KBI-breaking
functional no-op.

This is also not the final form - too much functionality is currently
hiding in ieee80211_scan_sw.c that should be in ieee80211_scan.c.
That'll be the target of some follow-up commits.

Note:

* You have to recompile your kernel/drivers after this - the net80211 KBI has
  changed.
* I'm not yet planning on bumping any versioning - I have a few more things
  to shuffle around.

Tested:

* urtwn(4) - STA mode
* Intel 7260 in local repo - overriding the methods and table at
  attach time has the desired effect (ie, all the methods are called,
  but nothing is ever performed.)
2015-06-08 02:35:43 +00:00
adrian
76faddae11 Remove the start-scan call and re-inline it for now. 2015-06-08 00:30:58 +00:00
adrian
80a30c3224 For now, just default to presenting "found" channels as 11g, not 11b.
The intel 7260 driver under development requires this - the scans come
in as normal frames but with the frequency provided.  The correct method
is to have the driver provide flags (so we can determine if it's 11b
or 11g); this will have to do in the meantime.

Without this, the channel found is 11b, and no ERP (ie "11g") bits
are negotiated with the AP.

This allows the 7260 in 2ghz mode to operate in 11bg, rather than
just 11b.

Tested:

* intel 7260 driver, 11bg channels
2015-06-05 06:49:08 +00:00
adrian
21439c6ed1 Some hostap setups may result in raw frames being transmitted with
no parameters set.  So, don't unconditionally call things.

Thanks to jkim@ for pointing this out!

MFC after:	2 weeks
Sponsored by:	Norse Corp, Inc.
2015-06-04 23:07:21 +00:00
adrian
128e89a1f9 Tag outbound raw 802.11 frames with both the node and an mbuf tag
with the transmit params.

This allows raw 802.11 frames to be queued in the driver if necessary,
rather than requiring it to be direct-dispatched into the hardware.

Tested:

* ath(4), STA mode
* iwn(4), STA mode

MFC after:	2 weeks
Sponsored by:	Norse Corp, Inc.
2015-06-04 17:54:41 +00:00
andrew
cb66f99a5e Fix the build by hiding ieee80211_add_xmit_params and
ieee80211_get_xmit_params from userspace.
2015-06-04 10:55:36 +00:00
adrian
32346ec843 First pass of adding transmit parameters as an option for outbound
802.11 mbufs.

The raw transmit path currently doesn't make it easy to queue
these frames:

* there's no node reference stored in the mbuf, like for the normal
  path, and
* the bpf supplied raw transmit parameters (rate, rts/cts, etc)
  are passed in as an argument, not as an mbuf tag.

In order to support driver queuing of these frames, we need to
be able to put the above into the mbuf before the driver gets it,
so the driver /can/ put it into a queue if needed.

Use an mbuf tag and for now just verbatim copy the bpf parameters
into it.  Later on it may grow to include more options but this
will do for now.

Why would you want to queue raw frames? Well, in the case of
iwn(4), we can't send the firmware frames to transmit before
we hear a beacon - the firmware will consider passive channels
as unavailable until it hears a beacon.  The firmware "passive"
channel state is cleared upon each RXON command, which is sent to
update association status.  So, when we attempt association and
authorisation, the RXON command causes the firmware to clear out
what it's already seen, and so we have to wait for a beacon before
we can transmit.

Before people get overly excited - this alone doesn't "fix" 5GHz
operation - it just makes it (more) possible.

The aim here is to convert all the drivers over to use a raw_xmit()
API that doesn't include the node and params - instead they'd get
those from the mbuf.  Then raw_xmit() becomes just a side-channel
version of the normal transmit path for management traffic.

MFC after:	2 weeks
Sponsored by:	Norse Corp, Inc.
2015-06-04 06:30:39 +00:00
glebius
abf78a3a27 Move counter.h include into ieee80211_freebsd.h. Should fix build.
Submitted by:	Zilvinas Valinskas <zilvinas.valinskas gmail.com>
2015-05-27 14:05:46 +00:00
gavin
fb30fe0460 Fix spelling mistake in comment. 2015-05-26 21:50:53 +00:00
glebius
86bbeb1849 Provide ieee80211_get_counter() that sums up ieee802com
errors to the errors of this vap interface.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2015-05-26 13:19:05 +00:00
glebius
8a80e38291 Add two counters to ieee80211com, that will be used to count transmission
or receive errors that can't be associated with any vap.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2015-05-26 12:51:14 +00:00
glebius
e1f6f6b9de Make ieee80211broadcastaddr global, so that drivers or other
code may use it and not paste.
2015-05-26 12:40:27 +00:00
glebius
a6c9cf8989 Reduce diff before functional changes:
- Use ic_name instead of if_xname.
- Formatting cleanup.
2015-05-26 12:06:36 +00:00
adrian
3280920228 Migrate the scan iterator lock typedefs out into ieee80211_freebsd.h.
This removes the final piece of freebsd-specific locking that snuck
into the tree - it's now all inside ieee80211_freebsd.h.
2015-05-26 04:37:59 +00:00
adrian
1591d10426 Migrate the 802.11s locks out into ieee80211_freebsd.h, so they can be
defined as platform specific bits.

This is to help make OS portability easier.
2015-05-26 04:25:11 +00:00
glebius
23e01a9f6f Cleanup compat shims for FreeBSD versions that predate 10.0-RELEASE.
There are no plans to merge anything save a trivial bugfix to stable/9.

Discussed with:	adrian
2015-05-25 20:06:49 +00:00
glebius
4a0e78ec55 Change three methods in struct ieee80211com, namely ic_updateslot,
ic_update_mcast and ic_update_promisc, to pass pointer to the ieee80211com,
not to the ifnet.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2015-05-25 19:53:29 +00:00
glebius
f48b822fcb When sending RTM_IEEE80211_CSA, RTM_IEEE80211_RADAR, RTM_IEEE80211_CAC and
RTM_IEEE80211_RADIO routing messages, broadcast them on all vap interfaces
instead of sending them on parent.

Reviewed by:	adrian
Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2015-05-25 19:48:48 +00:00
adrian
daa4dc6942 Convert malloc/free back to #define's, as part of OS portability work.
DragonflyBSD uses the FreeBSD wireless stack and drivers.  Their malloc()
API is named differently, so they don't have userland/kernel symbol
clashes like we do (think libuinet.)

So, to make it easier for them and to port to other BSDs/other operating
systems, start hiding the malloc specific bits behind defines in
ieee80211_freebsd.h.

DragonflyBSD can now put these portability defines in their local
ieee80211_dragonflybsd.h.

This should be a great big no-op for everyone running wifi.

TODO:

* kill M_WAITOK - some platforms just don't want you to use it
* .. and/or handle it returning NULL rather than waiting forever.
* MALLOC_DEFINE() ?
* Migrate the well-known malloc names (eg M_TEMP) to net80211
  namespace defines.
2015-05-25 19:18:16 +00:00
adrian
7eab7c352d Begin plumbing ieee80211_rx_stats through the receive path.
Smart NICs with firmware (eg wpi, iwn, the new atheros parts, the intel 7260
series, etc) support doing a lot of things in firmware.  This includes but
isn't limited to things like scanning, sending probe requests and receiving
probe responses.  However, net80211 doesn't know about any of this - it still
drives the whole scan/probe infrastructure itself.

In order to move towards suppoting smart NICs, the receive path needs to
know about the channel/details for each received packet.  In at least
the iwn and 7260 firmware (and I believe wpi, but I haven't tried it yet)
it will do the scanning, power-save and off-channel buffering for you -
all you need to do is handle receiving beacons and probe responses on
channels that aren't what you're currently on.  However the whole receive
path is peppered with ic->ic_curchan and manual scan/powersave handling.
The beacon parsing code also checks ic->ic_curchan to determine if the
received beacon is on the correct channel or not.[1]

So:

* add freq/ieee values to ieee80211_rx_stats;
* change ieee80211_parse_beacon() to accept the 'current' channel
  as an argument;
* modify the iv_input() and iv_recv_mgmt() methods to include the rx_stats;
* add a new method - ieee80211_lookup_channel_rxstats() - that looks up
  a channel based on the contents of ieee80211_rx_stats;
* if it exists, use it in the mgmt path to switch the current channel
  (which still defaults to ic->ic_curchan) over to something determined
  by rx_stats.

This is enough to kick-start scan offload support in the Intel 7260
driver that Rui/I are working on.  It also is a good start for scan
offload support for a handful of existing NICs (wpi, iwn, some USB
parts) and it'll very likely dramatically improve stability/performance
there.  It's not the whole thing - notably, we don't need to do powersave,
we should not scan all channels, and we should leave probe request sending
to the firmware and not do it ourselves.  But, this allows for continued
development on the above features whilst actually having a somewhat
working NIC.

TODO:

* Finish tidying up how the net80211 input path works.
  Right now ieee80211_input / ieee80211_input_all act as the top-level
  that everything feeds into; it should change so the MIMO input routines
  are those and the legacy routines are phased out.

* The band selection should be done by the driver, not by the net80211
  layer.

* ieee80211_lookup_channel_rxstats() only determines 11b or 11g channels
  for now - this is enough for scanning, but not 100% true in all cases.
  If we ever need to handle off-channel scan support for things like
  static-40MHz or static-80MHz, or turbo-G, or half/quarter rates,
  then we should extend this.

[1] This is a side effect of frequency-hopping and CCK modes - you
    can receive beacons when you think you're on a different channel.
    In particular, CCK (which is used by the low 11b rates, eg beacons!)
    is decodable from adjacent channels - just at a low SNR.
    FH is a side effect of having the hardware/firmware do the frequency
    hopping - it may pick up beacons transmitted from other FH networks
    that are in a different phase of hopping frequencies.
2015-05-25 16:37:41 +00:00
glebius
00952a32f7 Add void * member to struct ieee80211com, so that drivers can obtain their
softc without going through the struct ifnet.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2015-05-25 15:08:38 +00:00
glebius
57d6114e7f Remove unused include. 2015-05-25 14:54:10 +00:00
glebius
cc7b8a5e2f Use name from ieee80211com instead of parent ifnet, in debugging printfs.
Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2015-05-25 14:30:44 +00:00
glebius
f67a4dcfd7 Make net80211 drivers supply their device name to the net80211 layer, so
that the latter doesn't need to go through struct ifnet to get their name.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2015-05-25 13:51:13 +00:00
ae
d47d809301 Properly update TX statistics for wlan(4).
ieee80211_pwrsave() can fail due to queue overflow, check its return code
and increment oerrors counter when it fails. Also handle more error cases
and update oerrors counter when we don't send mbuf due to some errors.
Return ENETDOWN when parent interface isn't ready. Update obytes and omcasts
counters in corresponding places.

PR:		184626
Differential Revision:	https://reviews.freebsd.org/D2621
Reviewed by:	adrian
MFC after:	1 week
2015-05-23 09:49:40 +00:00
jkim
318c4f97e6 CALLOUT_MPSAFE has lost its meaning since r141428, i.e., for more than ten
years for head.  However, it is continuously misused as the mpsafe argument
for callout_init(9).  Deprecate the flag and clean up callout_init() calls
to make them more consistent.

Differential Revision:	https://reviews.freebsd.org/D2613
Reviewed by:	jhb
MFC after:	2 weeks
2015-05-22 17:05:21 +00:00
glebius
3d27307fc3 EVENTHANDLER_REGISTER() doesn't fail. 2015-05-20 09:42:33 +00:00
adrian
7ce4eee720 Do not check sequence number for QoS Null frames; set it for generated QoS Null
frames to 0

From IEEE Std. 802.11-2012, 8.3.2.1 "Data frame format", p. 415 (513):
"The Sequence Control field for QoS (+)Null frames is ignored by the receiver
upon reception."

At this moment, any <mode>_input() function interprets them as regular QoS data
frames with TID = 0. As a result, stations, that use another TX sequence for
QoS Null frames (e.g. wpi(4), where (QoS) Null frames are generated by the
firmware), may experience significant packet loss with any other NIC in hostap
mode.

Tested:

* wpi(4) (author)
* iwn(4) - Intel 5100, STA mode (me)

PR:		kern/200128
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
2015-05-12 16:55:50 +00:00
adrian
a4b25580a8 Prepare for supporting driver-overridden curchan when submitting scan
results.

Right now the scan infrastructure assumes the channel is under net80211
control, and that when receiving beacon frames for scanning, the
current channel is indeed what ic_curchan is set to.

But firmware NICs with firmware scan support need more than this -
they can do background scans whilst hiding the off-channel behaviour
from net80211.  Ie, net80211 still thinks everything is associated
and on the main channel, but it's getting scan results from all the
background traffic.

However sta_add() pays attention to ic_curchan and discards scan
results that aren't on the right channel.  CCK beacon frames can be
decoded from adjacent channels so the receive path and sta_add
discard these as appropriate.  This is fine for software scanning
like for ath(4), but not for firmware NICs.  So with those, the
whole concept of background firmware scanning won't work without
major hacks (eg, overriding ic_curchan before calling the beacon
input / scan add.)

As part of my scan overhaul, modify sta_add() and the scan_add()
APIs to take an explicit current channel.  The normal RX path
will set it to ic_curchan so it's a no-op.  However, drivers may
decide to (eventually!) override the scan method to set the
"right" current channel based on what the firmware reports the
scan state is.

So for example, iwn, rsu and other NICs will eventually do this:

* driver issues scan start firmware command;
* firmware sends a "scan start on channel X" notify;
* firmware sends a bunch of beacon RX's as part of
  the scan results;
* .. and the driver will replace scan_add() curchan with channel X,
  so scan results are correct.
* firmware sends a "scan start on channel Y" notify;
* firmware sends more beacons...
* .. the driver replaces scan_add() curchan with channel Y.

Note:

* Eventually, net80211 should eventually grow the idea of a per-packet
  current channel.  It's possible in various modes (eg WAVE, P2P, etc)
  that individual frames can come in from different channels and that
  is under firmware control rather than driver/net80211 control, so
  we should support that.
2015-05-10 22:07:53 +00:00
adrian
7ba0ad012b Fix typo introduced in previous commit.
PR:		kern/199632
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
2015-05-10 21:05:32 +00:00
adrian
d46813ebcd Turn ieee80211_start_scan_locked() into a swscan module private method.
It turns out that ieee80211_start_scan_locked() is only ever called by
the swscan code and it won't likely be required by firmware scanning
implementations.

So, don't bother keeping it in ieee80211_scan.c and it likely won't
become an API call.

Tested:

* Intel 5100, STA mode
* AR5416, STA mode
2015-05-10 06:59:34 +00:00
adrian
cbf7ef174d Attempt to address Bug #176201 - don't advertise what the AP announced
to us. Instead, advertise what we can do based on what the AP says and what
we're capped at by the VAP settings.

For non-STA modes we still advertise what our VAP settings are.

It may be that I've over-complicated this and instead of capping things
we can just always announce what we're capable of.  But this should at least
stop the blatantly wrong handling of A-MPDU parameters.

(I'll happily simplify things if someone can dig up a replacement, better
compliant behaviour.)

PR:		kern/176201
2015-05-10 06:57:53 +00:00
adrian
1415762e0a Fix string concatenation - "wlan_##name" -> "wlan_" #name
PR:		kern/197623
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
2015-05-04 00:47:22 +00:00
adrian
d33c24b96f Use bssid validation for data frames only + add RUN -> RUN state transition
However, IBSS merge will be performed only if a driver calls
ieee80211_ibss_merge(); so, this applicable to the ath(4) only.
Also, this should fix bug 167870.

PR:		kern/199632
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
2015-05-04 00:32:10 +00:00
adrian
331244de48 Add node_clear_keyixmap() and use it in the ieee80211_free_node() / node_reclaim().
PR:		kern/199672
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
2015-05-04 00:29:19 +00:00
adrian
128603d747 Remove old iv_bss entry from the node table
This may happen on RUN -> SCAN -> RUN -> SCAN state transition:

1. RUN -> SCAN: in ieee80211_sta_join1(): iv_bss will be moved to obss,
   refcnt will be reduced by 2 (default minimum).

Now, if old iv_bss have some extra references (for example, from
unacknowledged probe responses), it will not be freed and will stay
in the node table.

2. SCAN -> RUN.

3. If old iv_bss will not be deleted by the time when the next RUN -> SCAN
   state transition occurs, then sta_leave() will reduce it's reference
   counter once more. As a result, two last users will free it -> this will
   lead to kernel panic.

In this patch old iv_bss entry is explicitly removed from the node table in
ieee80211_sta_join1() (as a result, it will not be processed by sta_leave()).

PR:		kern/199676
Differential Revision:	Andriy Voskoboinyk <s3erios@gmail.com>
2015-05-03 22:28:42 +00:00
eadler
0a3f7d0390 iwn, wlan: fix typos
Fxi tow typos

Obtained from:	DragonFlyBSD
MFC after:	3 days
2015-04-10 20:55:17 +00:00
adrian
2b3ffcb5ee Initialise the pps / packet tracking timestamp so 11n aggregation works again.
There's a bug in the ticks handling where when initialised at '0', once
the ticks counter wrapped the comparison math would never trigger.
The pps calculation would never happen, and thus aggregation was never
enabled.

It manifests itself as "oh you only get 11n transmit aggregation for the
first 10 minutes of uptime."

I'm sure there are other ticks related issues lurking in net80211.

Tested:

* ath / iwn, both with 'wlandebug +11n' and a little bit of iperf to
  kick off the transmit A-MPDU negotiation once the pps gets high enough.
2015-03-22 17:54:00 +00:00
ian
abf88399a0 Use SYSCTL_OUT_STR() to return strings.
PR:		195668
2015-03-14 21:41:00 +00:00
adrian
d43da4a89c Fix kern/196290 - don't announce 11n HTINFO rates if the channel is
configured as 11b.

This came up when debugging other issues surrounding scanning and
channel modes.

What's going on:

* The VAP comes up as an 11b VAP, but on an 11n capable NIC;
* .. it announces HTINFO and MCS rates;
* The AP thinks it's an 11n capable device and transmits 11n frames
  to the STA;
* But the STA is in 11b mode, and thus doesn't receive/ACK the frames.

It didn't happen for the ath(4) devices as the AR5416/AR9300 HALs
unconditionally enable MCS frame reception, even if the channel
mode is not 11n.  But the Intel NICs are configured in 11b/11a/11g
modes when doing those, even if 11n is enabled and available.

So, don't announce 11n capabilities if the VAP isn't on an 11n
channel when sending management assocation request / reassociation
request frames.

TODO:

* Lots more testing - 11n should be "upgraded" after association,
  and I just want to make sure I haven't broken 11n upgrade.
  I shouldn't have - this is only happening for /sending/ association
  requests, which APs aren't doing.

Tested:

* ath(4) APs (AR9331, AR7161+AR9280, AR934x)
* AR5416, STA mode
* Intel 5100, STA mode

PR:		kern/196290
2015-02-27 04:45:47 +00:00
adrian
6211c8c929 Switch around the order of static inline to be in line with how it's
used elsewhere, and to keep gcc-4.7 happy.

This is a request from the DragonflyBSD project.
2015-01-11 18:43:45 +00:00
adrian
de9e60f9e9 Global-ify channel_type() - this fixes non-debug net80211 builds. 2015-01-06 18:25:10 +00:00
adrian
ab03e99258 Refactor and split out the net80211 software scan engine from the rest
of the scan API.

The eventual aim is to have 'ieee80211_scan.c' have the net80211 and
driver facing scan API to start, finish and continue doing scanning
while 'ieee80211_swscan.c' implements the software scanner that
runs the scan task, handles probe request/reply bits, configures
the VAP off-channel, changes channel and does the scanning bits.

For NICs that do no scanning at all, the existing code is needed.
ath(4) and most of the other NICs (dumb USB ones in particular)
do little to no scan offload - it's all done in software.

Some NICs may do single channel at a time scanning; I haven't really
checked them out in detail.

iwn(4), the upcoming 7260 driver stuff, the new Qualcomm Atheros
11ac chipsets and the Atheros mobile/USB full-offload chips all
have complete scan engines in firmware.  We don't have to drive
any of it at all - the firmware just needs to be told what to scan,
when to scan, how long to scan.  It'll take care of going off
channel, pausing TX/RX appropriately, sending sleep notification
to the AP, sending probe requests and handling probe responses.
It'll do passive/active scan itself.  It's almost completely
transparent to the network stack - all we see are scan notifications
when it finishes scanning each channel and beacons/probe responses
when it does its thing.  Once it's done we get a final notification
that the scan is complete, with some scan results in the message.
The iwn(4) NICs handle doing active scanning too as an option
and will handle waiting appropriately on 5GHz passive channels
before active scanning.

There's some more refactoring, tidying up and lock assertions to
sprinkle around to tidy this whole thing up before I turn swscan.c
into another set of ic methods to override by the driver or
alternate scan module.  So in theory this is all one big no-op
commit.  In theory.

Tested:

* iwn(4) 5200, STA mode
* ath(4) 6205, STA mode
* ath(4) - various NICs, AP mode
2015-01-06 02:08:45 +00:00
rwatson
1c44e71143 To ease changes to underlying mbuf structure and the mbuf allocator, reduce
the knowledge of mbuf layout, and in particular constants such as M_EXT,
MLEN, MHLEN, and so on, in mbuf consumers by unifying various alignment
utility functions (M_ALIGN(), MH_ALIGN(), MEXT_ALIGN() in a single
M_ALIGN() macro, implemented by a now-inlined m_align() function:

- Move m_align() from uipc_mbuf.c to mbuf.h; mark as __inline.
- Reimplement M_ALIGN(), MH_ALIGN(), and MEXT_ALIGN() using m_align().
- Update consumers around the tree to simply use M_ALIGN().

This change eliminates a number of cases where mbuf consumers must be aware
of whether or not mbufs returned by the allocator use external storage, but
also assumptions about the size of the returned mbuf. This will make it
easier to introduce changes in how we use external storage, as well as
features such as variable-size mbufs.

Differential Revision:	https://reviews.freebsd.org/D1436
Reviewed by:	glebius, trasz, gnn, bz
Sponsored by:	EMC / Isilon Storage Division
2015-01-05 09:58:32 +00:00
adrian
4f57c7deee Update ieee80211_sta_tim_notify() to do double duty - handle STA sleep
to awake transition as well as handle waking up a VAP in STA powersave
mode if it's in bgscan.

This was a reasonably hairy bug to try and figure out and it became
more obvious because of stuff I've done.

Specifically:

* a NIC would go into bgscan mode - either because of a bgscan timer
  or wpa_supplicant asked it to;
* the AP would indicate there's traffic for the STA by setting the TIM
  bitmap bit for it;
* mindwell would be met during scan, so it'd wake up and break out of
  the scan loop in scan_task(), but
* because the scan wasn't completed, it wouldn't bring the VAP out of
  STA mode powersave (so it wouldn't tell the AP about it and it would
  block VAP TX);
* .. but because we kept seeing the TIM bit set, ic->ic_lastdata was
  being constantly updated, and ..
* bgscancont() would thus never say "yes we can continue a bgscan"
  so the bgscan would hang and never make progress.

Now, I do see this particular state occur on iwn(4) - /however/ -
this NIC has the firmware call ieee80211_scan_next() once the firmware
scan for that channel has completed.  This has the effect of moving
the scan along to the next channel.  I do see the debug that I'm adding
where we see a beacon with a TIM bit set whilst we're in bgscan, so
the condition about waking up to receive traffic is triggering.
It just won't cause a hang.

For other NICs - all of the USB ones and at least ath(4) -
ieee80211_scan_next() / ieee80211_scan_done() isn't called.
So it relies upon the mindwell timer, the beacon receive and the
beacon / probe response -> ieee80211_add_scan() to move along
the scan state.

In the above case, mindwell triggered, there's no beacons triggering
the scan_add code to move things along, and we weren't waking things
up when seeing the TIM set for us.  So it just hung until the interface
was dropped.

So, the short-term fix here is to do what the comment in scan_task()
says - if we are in bgscan mode and we see our TIM bit set, just wake
up the VAP.  If it's already awake then it's a nop.  If we're awake
then we transition to awake and handle the traffic.  Once there's no
TX or RX traffic going on, ic->ic_lastdata won't be updated anymore
and bgscancont() will continue.

This was triggered more often after my initial SLEEP state handling
for software sleep states - because now I update ic->ic_lastdata
upon seeing a TIM bit set, not just the RX of the subsequent traffic.
That's needed so the thing doesn't ping-pong up and down between
seeing the TIM bit set, sending the "I'm awake" NULL data frame, and
starting to receive data from the AP.

I'd like to subsequently split ic_lastdata into two - one for TX and
one for RX - so it becomes easier to use the correct one (or both!)
when making decisions like whether to scan, go to sleep, etc.

I'd appreciate this getting some further testing.

Tested:

* rsu(4), STA mode, bgscan on
* iwn(4), STA mode, bgscan on
2014-12-21 04:58:45 +00:00
adrian
f3a1738444 Break out the unicast/multicast TIM bit setting into "set something
that indicates we have traffic" bit and a "do something if we have
traffic bit."

I'm going to be fleshing out this stuff more over time and it'll make
more sense to have it broken out into two pieces here.
2014-12-21 04:48:54 +00:00
adrian
45f134002b Add more debugging to try and track down this scan hang nonsense. 2014-12-21 01:15:55 +00:00
adrian
ab5e442e43 Add some more debugging to the scan cancel methods - I'd like to see
what situations would cause the scan cancel's to not complete.
2014-12-20 23:41:37 +00:00
adrian
8f1c7a6d1b Document where in scan_task the scan state can change, and potentially
deal/log a warning if the scan flags change during one of those race
windows.

It's highly likely that I need to actually sit down and replace this
scan infrastructure at some point.  It has some other side effects too -
the scan task is a blocking task scheduled in the net80211 taskqueue;
so drivers that use this taskqueue have other things not run.  Eek.

If you see this printf happen then please let me know!
2014-12-20 19:41:31 +00:00
adrian
63664fe5dd Make ieee80211_add_ssid() public.
Some drivers use private copies of this.

PR:		kern/196116
Submitted by:	Andriy Voskoboinyk <s3erios@gmail.com>
2014-12-19 01:39:58 +00:00
adrian
befcdd660f Fix the scan handling for 11b->11g upgrades in a world where, well,
it's not just 11b/11g.

The following was happening, and it's quite .. annoyingly grr-y.

* create vap, setup wpa_supplicant with no bgscanning, etc - there's
  no call to ieee80211_media_change, so vap->iv_des_mode is
  IEEE80211_MODE_AUTO;
* do ifconfig wlan0 scan - same thing, media_change doesn't get called,
  iv_des_mode stays as auto.
* But then, run wpa_cli and do 'scan' - it'll do a media change.
* if you're on 11ng, vap->iv_des_mode gets changed to IEEE80211_MODE_11NG
* Then makescanlist() is called.  There's a block of code that gets
  called if iv_des_mode != IEEE80211_MODE_AUTO, and it does this:

		if (vap->iv_des_mode != IEEE80211_MODE_11G ||
			    mode != IEEE80211_MODE_11B)
			continue;
		mode = IEEE80211_MODE_11G;	/* upgrade */

* .. now, iv_des_mode is not IEEE80211_MODE_11G, so it always runs
  'continue'
* .. and thus the scan list stays empty and no further channel
  scans occur. Ever.(1)

If you then disassociate and try associating to something, your
scan table has likely been purged / aged out and you'll never
see anything in the scan list.

(1) You need to do 'ifconfig wlan0 mode auto' or just destroy/re-create
    the VAP to get working wireless again.

Tested:

* iwn(4) - intel 5300 wifi; STA mode; using wpa_supplicant; bgscan
  enabled -and- wpa_supplicant scanning.

Thanks to:

* Everyone who kept poking me about this and wondering why the hell
  their wifi would eventually stop seeing scan lists.  Grr.
  I eventually snapped this evening and dug back into this code.
2014-12-18 05:17:18 +00:00
hselasky
49c137f7be Fix multiple incorrect SYSCTL arguments in the kernel:
- Wrong integer type was specified.

- Wrong or missing "access" specifier. The "access" specifier
sometimes included the SYSCTL type, which it should not, except for
procedural SYSCTL nodes.

- Logical OR where binary OR was expected.

- Properly assert the "access" argument passed to all SYSCTL macros,
using the CTASSERT macro. This applies to both static- and dynamically
created SYSCTLs.

- Properly assert the the data type for both static and dynamic
SYSCTLs. In the case of static SYSCTLs we only assert that the data
pointed to by the SYSCTL data pointer has the correct size, hence
there is no easy way to assert types in the C language outside a
C-function.

- Rewrote some code which doesn't pass a constant "access" specifier
when creating dynamic SYSCTL nodes, which is now a requirement.

- Updated "EXAMPLES" section in SYSCTL manual page.

MFC after:	3 days
Sponsored by:	Mellanox Technologies
2014-10-21 07:31:21 +00:00
glebius
2ca697202c Mechanically convert to if_inc_counter(). 2014-09-19 09:20:55 +00:00
adrian
42a486f3a8 After much toying around with this AMRR initial rate stuff,
I've decided that for 11n rates it's best to start (very) low and work
our way up.

So, from now on, the initial rate for AMRR 11n is MCS4.
It doesn't try MCS12 or MCS20 - at low signal strengths those don't
work very well at all.

AMRR will step the rate control up over time if things work out better.

Tested:

* Intel 5100
* Intel 5300 (using local diffs to test out 3x3 stream support)
2014-08-20 09:10:03 +00:00
adrian
5d48d93213 Undo r195846 for now - allow raw frame transmit in monitor mode.
The original commit was supposed to stop the ability to do raw frame
injection in monitor mode to arbitrary channels (whether supported
by regulatory or not) however it doesn't seem to have been followed
by any useful way of doing it.

Apparently AHDEMO is supposed to be that way, but it seems to require
too much fiddly things (disable scanning, set a garbage SSID, etc)
for it to actually be useful for spoofing things.

So for now let's just disable it and instead look to filter transmit
in the output path if the channel isn't allowed by regulatory.
That way monitor RX works fine but TX will be blocked.

I don't plan on MFC'ing this to -10 until the regulatory enforcement
bits are written.
2014-08-10 08:35:42 +00:00
ian
6638a90d8b Use logical rather than bitwise OR in if() expression. 2014-04-26 23:22:49 +00:00
adrian
708e57f874 Add a SLEEP->SCAN transition. Without this a disassociate or scan
request during SLEEP results in a hang.

Whilst I'm here, add in some disabled code that will transition to RUN
if there's multicast traffic.  It's not needed for Atheros hardware but
it may be for other hardware.

Tested:

* AR5416, STA mode (powersave)
* AR5212, STA mode (powersave)
2014-04-25 01:20:10 +00:00
adrian
24de3d7092 Modify the ioctl path to support querying things if the vap state is
SLEEP rather than RUN.

Without this things like 'ifconfig wlan0 list sta' don't work when the
NIC is power save.

Tested:

* AR5212, STA mode (with powersave)
* AR5416, STA mode (with powersave)
2014-04-24 23:12:40 +00:00
adrian
ad8f268a6e Begin fleshing out support for net80211 provided (legacy) sleep management.
This transitions the VAP in and out of SLEEP state based on:

* whether there's been an active transmission in the last (hardcoded) 500ms;
* whether the TIM from the AP indicates there is data available.

It uses the beacon reception to trigger the active traffic check.
This way there's no further timer running to wake up the CPU
from its own sleep states.

Right now the VAP isn't woken up for multicast traffic - mostly because
the only NIC I plan on doing this for right will auto wakeup and stay
awake for multicast traffic indicated in the TIM.  So I don't have
to manually keep the hardware awake.

This doesn't do anything if the NIC doesn't advertise it implements
the new SWSLEEP capability AND if the VAP doesn't have powersave
enabled.

It also doesn't do much with ath(4) as it doesn't currently implement
the SLEEP state.

Tested:

* AR5416, STA mode (with local ath(4) changes)
2014-04-24 01:39:53 +00:00
adrian
535eed4ef9 Add a capability to indicate that the net80211 stack should be doing
RUN->SLEEP->RUN transitions for station mode sleep management.
2014-04-24 01:28:39 +00:00
adrian
c5e575f92a Allow frames to be transmitted in either RUN or SLEEP state
Frames transmitted during SLEEP state should be queued in the
power save queue before waking the unit up.  Otherwise DHCP
requests and such will be dropped if the NIC is asleep - the
NIC will wake up but not transmit the frame.
2014-04-23 22:44:49 +00:00
adrian
449cf3af57 Allow the state of the interface to be "up" if the VAP is in SLEEP state.
Without this, the carrier will drop when the NIC transitions to SLEEP
and nothing will ever transmit.
2014-04-23 22:43:39 +00:00
glebius
d494babace Remove IPX support.
IPX was a network transport protocol in Novell's NetWare network operating
system from late 80s and then 90s. The NetWare itself switched to TCP/IP
as default transport in 1998. Later, in this century the Novell Open
Enterprise Server became successor of Novell NetWare. The last release
that claimed to still support IPX was OES 2 in 2007. Routing equipment
vendors (e.g. Cisco) discontinued support for IPX in 2011.

Thus, IPX won't be supported in FreeBSD 11.0-RELEASE.
2014-03-14 02:58:48 +00:00
glebius
529a68392a Another round of removing historical mbuf(9) allocator flags.
They are breeding! New ones arouse since last round.

Sponsored by:	Nginx, Inc.
2014-01-16 13:44:47 +00:00
kevlo
2d30c961db Rename definition of IEEE80211_FC1_WEP to IEEE80211_FC1_PROTECTED.
The origin of WEP comes from IEEE Std 802.11-1997 where it defines
whether the frame body of MAC frame has been encrypted using WEP
algorithm or not.
IEEE Std. 802.11-2007 changes WEP to Protected Frame, indicates
whether the frame is protected by a cryptographic encapsulation
algorithm.

Reviewed by:	adrian, rpaulo
2014-01-08 08:06:56 +00:00
adrian
a64c18c004 Make sure any waiters on the scan results get notified if the scan task
decides to do nothing.

If this isn't done, then a scan request whilst a scan occurs in an active
channel set or a completed channel set will hang.

Tested:

* Intel 5100, STA mode
2013-11-29 22:24:57 +00:00
rpaulo
d895e55630 Fix typo in comment. 2013-11-29 07:55:44 +00:00
adrian
afca1d3839 Fix AMRR to correctly select the initial rate.
There were two bugs:

* If the initial lowest rate didn't go through the loop at least once,
  the AMRR rate index would be the highest rate in the table
  (eg the rix mapping to MCS15) but rate would stay at the default
  value, namely 0.

  This meant that the initial rate selection would be MCS15 _but_ the
  node ni_txrate value would be MCS0.

* If the node is 11n, then break out of the loop correctly.  Beforehand,
  my initial 11n AMRR commit would immediately exit out as it would
  fail the 11n check, then it would always fall through to the non-11n
  rate which would then see if it was < 36mbit (ie, "72"), which would
  always match.  Hence, it'd always return MCS15.

Tested:

* Intel Centrino 2230 STA (local changes), STA mode
* Intel Wifi 5100, STA
2013-11-09 07:30:13 +00:00
adrian
f293f84ee2 Don't return ENOBUFS if the transmit path handles the frame but queues it (eg in power save.)
This is definitely an MFC candidate for 10.0-REL.

MFC after:	1 week
2013-11-06 17:20:49 +00:00
adrian
54f6325afa Don't treat the node as an 11n node if 11n rates are disabled.
For now, the AMRR code only knows about _either_ MCS or non-MCS rates.
It doesn't know how to downgrade (ie, doing 11b CCK rates if MCS0 isn't
reliable.)

PR:		kern/183428
2013-10-31 02:04:53 +00:00
glebius
f9369b9459 - Provide necessary includes, that before came via if.h pollution.
- Remove unnecessary ones.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2013-10-28 22:26:03 +00:00
glebius
f469ae1d45 Include necessary headers that now are available due to pollution
via if_var.h.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2013-10-28 07:29:16 +00:00
glebius
2c1ec831c9 Provide includes that are needed in these files, and before were read
in implicitly via if.h -> if_var.h pollution.

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2013-10-26 18:18:50 +00:00
glebius
ff6e113f1b The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare
to this event, adding if_var.h to files that do need it. Also, include
all includes that now are included due to implicit pollution via if_var.h

Sponsored by:	Netflix
Sponsored by:	Nginx, Inc.
2013-10-26 17:58:36 +00:00
adrian
151389a51e Fix a use-after-free node reference issue when waiting for a return
from a management frame transmission.

This bug is a bit loopy, so here goes.

The underlying cause is pretty easy to understand - the node isn't
referenced before passing into the callout, so if the node is deleted
before the callout fires, it'll dereference free'd memory.

The code path however is slightly more convoluted.

The functions _say_ mgt_tx - ie management transmit - which is partially
true.  Yes, that callback is attached to the mbuf for some management
frames.  However, it's only for frames relating to scanning and
authentication attempts.  It helpfully drives the VAP state back to
"SCAN" if the transmission fails _OR_ (as I subsequently found out!)
if the transmission succeeds but the state machine doesn't make progress
towards being authenticated and active.

Now, the code itself isn't terribly clear about this.

It _looks_ like it's just handling the transmit failure case.

However, when you look at what goes on in the transmit success case, it's
moving the VAP state back to SCAN if it hasn't changed state since
the time the callback was scheduled.  Ie, if it's in ASSOC or AUTH still,
it'll go back to SCAN.  But if it has transitioned to the RUN state,
the comparison will fail and it'll not transition things back to the
SCAN state.

So, to fix this, I decided to leave everything the way it is and merely
fix the locking and remove the node reference.

The _better_ fix would be to turn this callout into a "assoc/auth request"
timeout callback and make the callout locked, thus eliminating all races.
However, until all the drivers have been fixed so that transmit completions
occur outside of any locking that's going on, it's going to be impossible
to do this without introducing LORs.  So, I leave some of the evilness
in there.

Tested:

* AR5212, ath(4), STA mode
* 5100 and 4965 wifi, iwn(4), STA mode
2013-10-24 17:04:16 +00:00
adrian
a022b44571 Fix the "am I a net80211 vap" check for bpf listeners.
I changed it to use if_transmit a while ago but apparently with monitor
mode the if_transmit method is overridden.

This is (mostly) a workaround until a more permanent solution can be
found.

Submitted by:	Patrick Kelsey <kelsey@ieee.org>
Approved by:	re@ (gjb)
2013-10-10 19:56:31 +00:00
adrian
d3ddbbbab8 Create a new function to complete 802.11 mbuf transmission.
The aim of this function is to eventually be the completion entry point
for all 802.11 encapsulated mbufs.  All the wifi drivers end up doing
what is in this function so it's an easy win to turn it into a net80211
method and abstract out this code.

Ideally the drivers will all eventually be modified to queue up completed
mbufs and call this function with all the driver locks not held.
This will allow for some much more interesting software queue handling
in the future (like net80211 based A-MSDU, fast-frames, A-MPDU aggregation
and retransmission.)

Tested:

* ath(4), iwn(4)
2013-08-27 14:37:13 +00:00
adrian
ce40cb7097 Migrate the ff_encap1() routine out into the normal output code.
This will eventually be used by the A-MSDU encapsulation code that
I'm writing - the sub-frame encapsulation requirement is the same.
2013-08-26 09:52:05 +00:00
adrian
40e805bbd2 Add in some backwards compatability hacks to make -HEAD net80211 compile
on -9.
2013-08-22 05:53:47 +00:00
andre
328ae66ebf Reorder the mbuf defines to make more sense and group related flags
together.

Add M_FLAG_PRINTF for use with printf(9) %b indentifier.

Use the generic mbuf flags print names in the net80211 code and adjust
the protocol specific bits for their new positions.

Change SCTP M_PROTO mapping from 5 to 1 to fit within the 16bit field
they use internally to store some additional information.

Discussed with:	trociny, glebius
2013-08-19 14:25:11 +00:00
andre
653dac5a00 Migrate the net80211 protocol specific use of M_FRAG, M_FIRSTFRAG and
M_LASTFRAG flags to protocol specific flags.

Remove the now unused M_FRAG, M_FIRSTFRAG and M_LASTFRAG mbuf flags.

Discussed with:	trociny, glebius, adrian
2013-08-19 14:07:31 +00:00
andre
7cc6cc696c Add m_clrprotoflags() to clear protocol specific mbuf flags at up and
downwards layer crossings.

Consistently use it within IP, IPv6 and ethernet protocols.

Discussed with:	trociny, glebius
2013-08-19 13:27:32 +00:00
adrian
7fb3e64ee2 Don't return ENOTSUPP here - the net80211 pluggable ioctl API will treat
this as the final item in the linker set and not try others.

This stopped the fast frames IOCTLs from being called.
2013-08-18 23:40:30 +00:00
adrian
7bc0ae6019 Return the correct status if ieee80211_ff_check() consumes the mbuf.
I broke this when converting the net80211 TX path to use if_transmit.
2013-08-18 20:40:13 +00:00
rpaulo
b66e5efc0f Replace the homegrown implementation of nitems() with calls to nitems()
(param.h).

Operating systems that don't have nitems() can easily define it on their own
net80211 OS-specific header file.

Discussed with:		adrian
2013-08-14 04:24:25 +00:00
adrian
a2aef27368 Blank m_nextpkt before passing it up. 2013-08-12 22:27:53 +00:00
adrian
fea1a66936 When flushing packets from the powersave queue, make sure that
m_nextpkt is NULL before passing it up to the parent transmit
method.
2013-08-12 02:21:44 +00:00
adrian
5c0ad988c9 Add in missing m_free()'s during error conditions. 2013-08-10 21:46:58 +00:00
adrian
aa68907eda Convert net80211 over to using if_transmit for the dispatch from the
upper layer(s).

This eliminates the if_snd queue from net80211. Yay!

This unfortunately has a few side effects:

* It breaks ALTQ to net80211 for now - sorry everyone, but fixing
  parallelism and eliminating the if_snd queue is more important
  than supporting this broken traffic scheduling model. :-)

* There's no VAP and IC flush methods just yet - I think I'll add
  some NULL methods for now just as placeholders.

* It reduces throughput a little because now net80211 will drop packets
  rather than buffer them if the driver doesn't do its own buffering.
  This will be addressed in the future as I implement per-node software
  queues.

Tested:

* ath(4) and iwn(4) in STA operation
2013-08-08 05:09:35 +00:00
adrian
8897697280 Allow net80211 to compile on stable/9 and stable/8. 2013-08-07 22:01:43 +00:00
adrian
7096445057 Fix compilation when debugging is disabled. 2013-07-28 17:35:19 +00:00
adrian
302dbbc64e Commit the missing header change. 2013-07-28 16:50:45 +00:00
adrian
7594fa5c70 Refactor the VAP transmit path code into a utility function that both
the normal and the mesh transmit paths can use.

The API is a bit horrible because it both consumes the mbuf and frees
the node reference regardless of whether it succeeds or not.
It's a hold-over from how the code behaves; it'd be nice to have it
not free the node reference / mbuf if TX fails and let the caller
decide what to do.
2013-07-28 04:53:00 +00:00
rpaulo
d94b5d358f Add ieee80211_add_{qos,wpa,rsn}() functions since they are needed by an
OpenBSD driver that is being ported to FreeBSD.

Reviewed by:	adrian
2013-07-25 06:23:26 +00:00
alfred
89aac2b3a1 Make kassert_printf use __printflike.
Fix associated errors/warnings while I'm here.

Requested by: avg
2013-07-07 21:39:37 +00:00
adrian
ae37349274 Add a missing unlock. 2013-07-05 22:10:50 +00:00
adrian
266c009204 Document the current 11n rate selection shortcoming in the AMRR code. 2013-07-05 00:03:53 +00:00
adrian
1724725351 Implement basic 802.11n awareness in the PHY and AMRR rate control code.
* Add 802.11n 2ghz and 5ghz tables, including legacy rates and up to
  MCS23 rates (3x3.)

* Populate the rate code -> rate index lookup table with MCS _and_
  normal rates, but _not_ the basic rate flag.  Since the basic rate flag
  is the same as the MCS flag, we can only use one.

* Introduce some accessor inlines that do PLCP and rate table lookup/access
  and enforce that it doesn't set the basic rate bit.  They're not
  designed for MCS rates, so it will panic.

* Start converting drivers that use the rate table stuff to use the
  accessor inlines and strip the basic flag.

* Teach AMRR about basic 11n - it's still as crap for MCS as it is
  being used by iwn, so it's not a step _backwardS_.

* Convert iwn over to accept 11n MCS rates rather than 'translate' legacy
  to MCS rates.  It doesn't use a lookup table any longer; instead it's a
  function which takes the current node (for HT parameters) and the
  rate code, and returns the hardware PLCP code to use.

Tested:

* ath - it's a no-op, and it works that way
* iwn - both 11n and non-11n
2013-07-04 21:16:49 +00:00
rpaulo
19c9c3ef18 Don't panic the kernel if we run wpa_supplicant on a hostap VAP.
Reviewed by:	adrian
2013-06-29 06:36:42 +00:00
eadler
7df13c4780 Fix typo (dbM -> dBm)
Submitted by:	Daan@vitsch.nl
Reviewed by:	adrian
2013-06-14 23:04:31 +00:00
adrian
c7b7fe134d Don't hold the node lock over the iterator.
The "find node" function call will increase the node reference anyway;
so there's no reason to hold the node table lock during the MLME change.

The only reason I could think of is to stop overlapping mlme ioctls
from causing issues, but this should be fixed a different way.

This fixes a whole class of LORs that creep up when nodes are being
timed out or removed by hostapd.

Tested:

* AR5416, hostap, with nodes coming and going.  No LORs or stability
  issues were observed.
2013-06-07 09:03:56 +00:00
adrian
58d0c29676 Fix net80211 fragment creation.
When creating fragment frames, the header length should honour the
DATAPAD flag.

This fixes the fragments that are queued to the ath(4) driver but it
doesn't yet fix fragment transmission.  That requires further changes
to the ath(4) transmit path.  Well, strictly speaking, it requires
further changes to _all_ wifi driver transmit paths, but this is at least
a start.

Tested:

* AR5416, STA mode, w/ fragthreshold set to 256.
2013-05-25 06:28:30 +00:00
adrian
9bbb992f11 Fix a VAP BSS node reference in the HT code to actually take a reference
before using said node.

The "blessed" way here is to take a node reference before referencing
anything inside the node, otherwise the node can be freed between
the time the pointer is copied/dereferenced and the time the node contents
are used.

This mirrors fixes that I've done elsewhere in the net80211/driver
stack.

PR:		kern/178470
2013-05-10 09:37:58 +00:00
glebius
b4bc270e8f Add const qualifier to the dst parameter of the ifnet if_output method. 2013-04-26 12:50:32 +00:00
adrian
0128a675f3 Implement a utility function to return the current TX power cap for
the given node.

This takes into account the per-node cap, the ic cap and the
per-channel regulatory caps.

This is designed to replace references to ni_txpower in various net80211
drivers - ni_txpower doesn't necessarily reflect the actual cap for
the given node (eg if the node has the default value of 50dBm (100) and
the administrator has manually configured a lower TX power.)
2013-04-16 20:36:32 +00:00
adrian
d607a69714 Add VNET wrappers around the rest of the ieee80211 rtsock messages.
I triggered the cac/radar messages when doing testing in DFS channels.
2013-03-20 02:42:52 +00:00
adrian
e4cecd0fe3 Kill this, it's not needed at this point and (hopefully) the parent
has correctly locked the ic/vap.
2013-03-10 04:38:06 +00:00
adrian
7c437f512e Fix another compiler warning issue when invariants are disabled. 2013-03-09 15:35:31 +00:00
adrian
11f27b0f39 Fix non-invariant compilation. 2013-03-09 05:20:33 +00:00
adrian
291b1e2469 Bring over my initial work from the net80211 TX locking branch.
This patchset implements a new TX lock, covering both the per-VAP (and
thus per-node) TX locking and the serialisation through to the underlying
physical device.

This implements the hard requirement that frames to the underlying physical
device are scheduled to the underlying device in the same order that they
are processed at the VAP layer.  This includes adding extra encapsulation
state (such as sequence numbers and CCMP IV numbers.)  Any order mismatch
here will result in dropped packets at the receiver.

There are multiple transmit contexts from the upper protocol layers as well
as the "raw" interface via the management and BPF transmit paths.
All of these need to be correctly serialised or bad behaviour will result
under load.

The specifics:

* add a new TX IC lock - it will eventually just be used for serialisation
  to the underlying physical device but for now it's used for both the
  VAP encapsulation/serialisation and the physical device dispatch.

  This lock is specifically non-recursive.

* Methodize the parent transmit, vap transmit and ic_raw_xmit function
  pointers; use lock assertions in the parent/vap transmit routines.

* Add a lock assertion in ieee80211_encap() - the TX lock must be held
  here to guarantee sensible behaviour.

* Refactor out the packet sending code from ieee80211_start() - now
  ieee80211_start() is just a loop over the ifnet queue and it dispatches
  each VAP packet send through ieee80211_start_pkt().

  Yes, I will likely rename ieee80211_start_pkt() to something that
  better reflects its status as a VAP packet transmit path.  More on
  that later.

* Add locking around the management and BAR TX sending - to ensure that
  encapsulation and TX are done hand-in-hand.

* Add locking in the mesh code - again, to ensure that encapsulation
  and mesh transmit are done hand-in-hand.

* Add locking around the power save queue and ageq handling, when
  dispatching to the parent interface.

* Add locking around the WDS handoff.

* Add a note in the mesh dispatch code that the TX path needs to be
  re-thought-out - right now it's doing a direct parent device transmit
  rather than going via the vap layer.  It may "work", but it's likely
  incorrect (as it bypasses any possible per-node power save and
  aggregation handling.)

Why not a per-VAP or per-node lock?

Because in order to ensure per-VAP ordering, we'd have to hold the
VAP lock across parent->if_transmit().  There are a few problems
with this:

* There's some state being setup during each driver transmit - specifically,
  the encryption encap / CCMP IV setup.  That should eventually be dragged
  back into the encapsulation phase but for now it lives in the driver TX path.
  This should be locked.

* Two drivers (ath, iwn) re-use the node->ni_txseqs array in order to
  allocate sequence numbers when doing transmit aggregation.  This should
  also be locked.

* Drivers may have multiple frames queued already - so when one calls
  if_transmit(), it may end up dispatching multiple frames for different
  VAPs/nodes, each needing a different lock when handling that particular
  end destination.

So to be "correct" locking-wise, we'd end up needing to grab a VAP or
node lock inside the driver TX path when setting up crypto / AMPDU sequence
numbers, and we may already _have_ a TX lock held - mostly for the same
destination vap/node, but sometimes it'll be for others.  That could lead
to LORs and thus deadlocks.

So for now, I'm sticking with an IC TX lock.  It has the advantage of
papering over the above and it also has the added advantage that I can
assert that it's being held when doing a parent device transmit.
I'll look at splitting the locks out a bit more later on.

General outstanding net80211 TX path issues / TODO:

* Look into separating out the VAP serialisation and the IC handoff.
  It's going to be tricky as parent->if_transmit() doesn't give me the
  opportunity to split queuing from driver dispatch.  See above.

* Work with monthadar to fix up the mesh transmit path so it doesn't go via
  the parent interface when retransmitting frames.

* Push the encryption handling back into the driver, if it's at all
  architectually sane to do so.  I know it's possible - it's what mac80211
  in Linux does.

* Make ieee80211_raw_xmit() queue a frame into VAP or parent queue rather
  than doing a short-cut direct into the driver.  There are QoS issues
  here - you do want your management frames to be encapsulated and pushed
  onto the stack sooner than the (large, bursty) amount of data frames
  that are queued.  But there has to be a saner way to do this.

* Fragments are still broken - drivers need to be upgraded to an if_transmit()
  implementation and then fragmentation handling needs to be properly fixed.

Tested:

* STA - AR5416, AR9280, Intel 5300 abgn wifi
* Hostap - AR5416, AR9160, AR9280
* Mesh - some testing by monthadar@, more to come.
2013-03-08 20:23:55 +00:00
adrian
6c5725b06d Disable this variable; the code using it is also disabled. 2013-02-18 01:37:55 +00:00
adrian
4089ecb7c4 Disable this code and add a note as to why.
It wasn't currently being called anyway - but being explicit about it
can't hurt.
2013-02-18 01:08:59 +00:00
adrian
8261579eca Fix an incorrect sizeof()
Spotted by:	clang

Submitted by:	dim
2013-02-16 00:12:21 +00:00
monthadar
095b73eee8 Mesh: QoS Control field bit flags fix.
* The following bit flags where incroccetly defined:
    o Mesh Control Present
    o Mesh Power Save Level
    o RSPI
  This is now corrected according to Table 8.4 as per IEEE 802.11 2012;

Approved by:	adrian (mentor)
2013-02-14 20:00:38 +00:00
glebius
f03c14c9a7 Substitute '#ifdef ALIGNED_POINTER' with '#ifndef __NO_STRICT_ALIGNMENT',
since the former is defined everywhere. This cuts off some code not
necessary on non strict aligment arches.

Reviewed by:	adrian
Sponsored by:	Nginx, Inc.
2013-02-12 11:24:37 +00:00
adrian
cfebb21d99 Fix ieee80211_mesh.c compilation.
* Add the superg.h header to allow ieee80211_check_ff() to work
* Since the assert stuff creates assertions based on line numbers and there
  was a conflict, just nudge things down a bit.
2013-02-08 09:11:55 +00:00
monthadar
541d8676f1 Mesh: recevied GANN frames where not parsed correctly.
* Added mesh_parse_meshgate_action that parse all values to host endian;
* Add more detailed debug output;

Approved by:	adrian (mentor)
2013-02-07 21:32:09 +00:00
monthadar
2587b68b1c Mesh HWMP forwarding information: updating FI for transmitter.
* Added hwmp_update_transmitter function that checks if the metric
  to the transmitter have improved. If old FI is invalid or metric
  is larger the FI to the transmitter is updated occurdingly.
  This is a recommendation from the 802.11 2012 standard, table 13-9;

Approved by:	adrian (mentor)
2013-02-07 21:31:37 +00:00
monthadar
6c23af63de Mesh HWMP PERR bug fixes.
* When calling ieee80211_mesh_rt_flush_peer, the rt->rt_dest argument
  should not be passed because it can get freed before invalidating
  the other routes that depends on it to compare with next_hop.
  Use PERR_DADDR(i) instead;

Approved by:	adrian (mentor)
2013-02-07 21:30:58 +00:00
monthadar
ecd76b4133 Mesh bug: debug infomartion showing swapped SA and DA address.
* Fix bug for "forward frame from SA(%6D), DA(%6D)" where addresses where
  swapped between SA and DA;

Approved by:	adrian (mentor)
2013-02-07 21:30:29 +00:00
monthadar
3e303ed5b8 Update ddb to print mesh routing table.
* Modified _db_show_vap and _db_show_com to print mesh routing table
  if the 'm' modifier is specified;

Approved by:	adrian (mentor)
2013-02-07 21:29:48 +00:00
monthadar
422806540d Mesh HWMP PREQ: fixed conditions for discarding elements.
Approved by:	adrian (mentor)
2013-02-07 21:29:14 +00:00
monthadar
94b538df94 Mesh HWMP: don't send an intermediate PREP for proxy entries.
* The standard is unclear about what should happen in case a mesh STA (not
  marked as a mesh gate) recevies a PREQ for a destination that is marked
  as proxy. Solution for now is not to do intermediate reply at all, and
  let the PREQ reach the mesh gate;

Approved by:	adrian (mentor)
2013-02-07 21:28:25 +00:00
monthadar
989940d9ef Mesh HWMP PREQ update: proxy reply only if mesh STA is a meshgate.
* Original PREP frame is transmitted only by the target mesh STA or the
  mesh STA that is the proxy target;
* Fixed so that metric value is not over written incorrectly in
  hwmp_recv_preq for when replying back with a PREP;

Approved by:	adrian (mentor)
2013-02-07 21:27:40 +00:00
monthadar
f3631fce3f HWMP: ic->raw_xmit didn't always point to correct ni.
This is a code re-write. ic->raw_xmit need a pointer to ieee80211_node
for the destination node (da). I have reorganized the code so that
a pointer to the da node is searched for in the end & in one place.

* Make mesh_find_txnode public to be used by HWMP, renamed to
  ieee80211_mesh_finx_txnode;
* changed the argument from ieee80211_node to ieee80211vap for all
  hwmp_send_* functions;
* removed the 'sa' argument from hwmp_send_* functions as all HWMP frames
  have the source address equal to vap->iv_myaddr;
* Modified hwmp_send_action so that if da is MULTCAST ni=vap->iv_bss
  otherwise we called ieee80211_mesh_find_txnode. Also no need to hold
  a reference in this functions if da is not MULTICAST as by finding the
  node it became referenced in ieee80211_find_txnode;

Approved by:	adrian (mentor)
2013-02-07 21:26:40 +00:00
monthadar
9cc12d2c5f Mesh gate code to transmit to all mesh gates.
* Modified mesh_find_txnode to be able to handle proxy marked entries by
  recursively calling itself to find the txnode towards the active mesh gate;
* Mesh Gate: Added a new function that transmits data frames
  similar to ieee80211_start;
* Modified ieee80211_mesh_forward_to_gates so that:
     + Frames are duplicated and sent to each valid Mesh Gate;
     + Route is marked invalid before return of function, this is
       because we dont know yet which Mesh Gate is we will use;

Approved by:	adrian (mentor)
2013-02-07 21:26:06 +00:00
monthadar
6bc4d32622 Send frames to mesh gate if 11s discovery fails.
* Send frames that have no path to a known valid Mesh Gate;
* Added the function ieee80211_mesh_forward_to_gates that sends the frame
  to the first found Mesh Gate in the forwarding information;
* If we try to discover again while we are discovering queue frame,
  the discovery callout will send the frames either to mesh gates
  or discards them silently;
* Queue frame also if we try to discover to frequently;

Approved by:	adrian (mentor)
2013-02-07 21:25:32 +00:00
monthadar
4ef618069c Mark root mesh as gate when mesh gate flag set.
* Add function ieee80211_mesh_mark_gate in ieee80211_mesh.h;
* When received a proactive PREQ or RANN with corresponding mesh gate
  flag set, create a new entry in the known mesh gate list;

Approved by:	adrian (mentor)
2013-02-07 21:24:52 +00:00
monthadar
81a1f6861c Propagate GANN frames, and store know gate info.
* Modified mesh_recv_action_meshgate to do following:
    + if mesh STA already knows the mesh gate of the recevied GANN frame
    + if mesh gate is know, check seq number according to 802.11 standard
    + if mesh gate is not know, add it to the list of known mesh gates
    + if forwarding is enabled and ttl >= 1 then propagate the GANN frame;
* Declare a new malloc type M_80211_MESH_GT_RT;
* Declare a struct to store GANN information, ieee80211_mesh_gate_route. And
  add it as a TAILQ list to ieee80211_mesh_state;

Approved by:	adrian (mentor)
2013-02-07 21:24:20 +00:00
monthadar
27872c7169 Mesh update: add base Mesh Gate functionality.
A Mesh Gate should transmit a Mesh Action frame containing
ieee80211_meshgann_ie as its only information element periodically
every ieee80211_mesh_gateint ms. Unless the mesh gate is also configure
as a ROOT, then these frames should not be send.
This is according to 802.11 2012 standard;

* Introduce new SYSCTL net.wlan.mesh.gateint, with 10s default;
* Add two new functions mesh_gatemode_setup and mesh_gatemode_cb. This
  is similar to how HWMP setups up a callout;
* Add two new action handlers mesh_recv_action_meshgate and
  mesh_send_action_meshgate;
* Added ieee80211_add_meshgate to ieee80211_mesh.h;
* Modified mesh_send_action to look similar to hwmp_send_action. This is
  because we need to send out broadcast management frames.
* Introduced a new flag for mesh state IEEE80211_MESHFLAGS_ROOT. This flag
  is now set by HWMP code when a mesh STA is configured as a ROOT. This
  is then checked by mesh_gatemode_cb before scheduling a new callout;
* Added to new field to ieee80211_mesh_state:
    + struct callout                  ms_gatetimer
    + ieee80211_mesh_seq              ms_gateseq;

Approved by:	adrian (mentor)
2013-02-07 21:23:43 +00:00
monthadar
92c96a118c Start accepting IEEE80211_ACTION_MESH_GANN frames;
* Add IEEE80211_ACTION_MESH_GANN Action frame verification in
  ieee80211_parse_action;

Approved by:	adrian (mentor)
2013-02-07 21:22:14 +00:00
monthadar
aeaacfbfb3 Mesh: management mesh action frames are to be discarded
when not peered.

* Modified ieee80211_recv_action to check if neighbour is peered for
  IEEE80211_ACTION_CAT_MESH frames, if not frame is discarded. This is
  according to IEEE802.11 2012 standard;
* Removed duplicate checks in each hwmp_recv_* handlers because HWMP
  is a subtype of mesh action;

Approved by:	adrian (mentor)
2013-02-07 21:21:40 +00:00
monthadar
3f965e686d Update in ieee80211_action.c for mesh code handlers.
* Removed meshlm_send_action and hwmp_send_action. Introduced one common
  for all Mesh Action frames meshaction_send_action. According to 802.11
  standard Link Metric and HWMP are all under Mesh Action category;
* Did similar changes to recv_action part;
* The size of meshaction_*_action is set to 12. This is to make room for
  the rest of Mesh Action category subtypes;

Approved by:	adrian (mentor)
2013-02-07 21:21:05 +00:00
monthadar
9c4d8abf33 Update net80211 mesh struct ieee80211_meshgann_ie.
* Change all field prefix from pann_ to gann_;
* Added IEEE80211_MESHGANN_BASE_SZ macro to be used in the length field
  of a GANN frame according to 802.11 standard;
* Changed gann_seq field type to uint32_t;
* Added a Gate Announcement interval field according to
  IEEE802.11 2012 standard;
* Added IEEE80211_MESHRT_FLAGS_GATE as flag bit to ieee80211_mesh_route;
* Added IEEE80211_MESHRT_FLAGS_GATE as flag bit to ieee80211req_mesh_route;

Approved by:	adrian (mentor)
2013-02-07 21:20:28 +00:00
monthadar
23b698b92f HWMP: Accept a PERR even if path is valid.
* An HWMP PERR should be accepted even if path is valid. Because
  we check if we recevied it from a neighbour that we use as a next hop;

Approved by:	adrian (mentor)
2013-02-07 21:19:44 +00:00
monthadar
d1e96afdf8 Add mesh debug for interarction between DS & MBSS.
* Add mesh debug information when frames enter or leave the MBSS;
* Set IEEE80211_MSG_OUTPUT bit to enable output;

Approved by:	adrian (mentor)
2013-02-07 21:18:22 +00:00
monthadar
6029a16e37 Fix mesh path flag.
* A bug occurs while in discovery mode which leaves a path marked with
  both Discover and Valid flag. This happens when receiving/sending
  PREQ and PREP in a particular order. Solution is to assign the Valid bit
  instead of oring it;

Approved by:	adrian (mentor)
2013-02-07 21:17:35 +00:00
monthadar
33a227cb8a Stop a mesh STA from flooding with peer frames.
This problem happens when using ACL policy to filter mesh STA
but two nodes have different policy. Then one of them will try to
peer all the time. This can also help if for any reason one of the
peering mesh STA have problems sending/receiving peer frames.

* Modified struct ieee80211_node to include two new fields:
    + struct callout ni_mlhtimer /* link mesh backoff timer */
    + uint8_t ni_mlhcnt /* link mesh holding counter */
* Added two new sysctl (check sysctl -d for more info):
    + net.wlan.mesh.backofftimeout=5000
    + net.wlan.mesh.maxholding=2;
* When receiving a beacon and we are in IEEE80211_NODE_MESH_IDLE
  check if ni_mlhcnt >= ieee80211_mesh_maxholding, if so do not do anything;
* In mesh_peer_timeout_cb when transitioning from IEEE80211_NODE_MESH_HOLDING
  to IEEE80211_NODE_MESH_IDLE increment ni_mlhcnt, and eventually start
  ieee80211_mesh_backofftimeout;

Approved by:	adrian (mentor)
2013-02-07 21:12:55 +00:00
adrian
b5f69f6990 Wrap this in an #ifdef so IEEE80211_SUPPORT_SUPERG will work correctly
in a wlan.ko module.
2013-02-02 02:00:10 +00:00
adrian
88c7f81825 Initial cut at making IBSS support 802.11n aware.
* Add HTINFO field decoding to ieee80211_ies_expand() - it's likely not
  100% correct as it's not looking at the draft 11n HTINFO location,
  but I don't think anyone will care.

* When doing an IBSS join make sure the 11n channel configuration
  is used - otherwise the 11a/11bg channel will be used
  and there won't be any chance for an upgrade to 11n.

* When creating an IBSS network, ensure the channel is updated to an
  11n channel so other 11n nodes can see it and speak to it with MCS
  rates.

* Add a bit of code that's disabled for now which handles the HT
  field updating.  This won't work out very well with lots of adhoc
  nodes as we'd end up ping-ponging between the HT configuration for
  each node.  Instead, we should likely only pay attention to the
  "master" node we initially associated against and then ensure we
  propagate that information forward in our subsequent beacons.  However,
  due to the nature of IBSS (ie, there's no specific "master" node in
  the specification) it's unclear which node we should lift the HT
  parameters from.

  So for now this assumes the HT parameters are squirreled away in the
  initial beacon/probe response.

So there's some trickiness here.

With ap/sta pairing, the probe response just populates a legacy node
and the association request/response is what is used for negotiation
11n-ness (and upgrading things as needed.)

With ibss networks, the pairing is done with probe request/response,
with discovery being done by creating nodes when new beacons in the
IBSS / BSSID are heard.  There's no assoc request/response frames going on.

So the trick here has been to figure out where to upgrade things.
I don't like how I just taught ieee80211_sta_join() to "speak" HT -
I'd rather there be an upgrade path when an IBSS node joins and there
are HT parameters present.  Once I've done that, I'll kill this
HT special casing that's going on in ieee80211_sta_join().

Tested:

* AR9280, AR5416, AR5212 - basic iperf and ping interoperability tests
  whilst in a non-encrypted adhoc network.

TODO:

* Fix up the HT upgrade path for IBSS nodes rather than adding code
  in ieee80211_sta_join(), then remove my code from there.

* When associating, there's a concept of a "master" node in the IBSS
  which is the node you first joined the network through.  It's possible
  the correct thing to do is to listen to HT updates and configure WME
  parameters from that node.  However, once that node goes away, which
  node(s) should be listened to for configuration changes?

  For things like HT channel width, it's likely going to be ok to
  just associate as HT40 and then use the per-neighbor rate control
  and HTINFO/HTCAP fields to figure out which rates and configuration
  to speak.  Ie, for a 20MHz 11n node, just speak 20MHz rates to
  it.  It shouldn't "change", like what goes on in AP/STA configurations.
2013-01-26 00:37:54 +00:00
adrian
7c5e15d91f Remove the use of the ifnet send queue and if_start() in the power
save queue code.

Instead, use if_transmit() directly - and handle the cases where frame
transmission fails.

I don't necessarily like this and I think at this point the M_ENCAP check,
node freeing upon fail and the actual if_transmit() call should be done
in methods in ieee80211_freebsd.c, but I digress slightly..

This removes one of the last few uses of if_start() and the ifnet
if_snd queue.  The last major offender is ieee80211_output.c, where
ieee80211_start() implements if_start() and uses the ifnet queue
directly.

(There's a couple of gotchas here, where the if_start pointer is
compared to ieee80211_start(), but that's a later problem.)
2013-01-15 17:50:07 +00:00
adrian
301464d559 Add in the missing radiotap definitions from the sipsolutions.net
radiotap "upstream" source.
2013-01-08 06:59:21 +00:00
adrian
cb53fcbe56 Handle ps-poll data frame if_transmit() failure.
If the data frame transmission failures, it may have a node reference
that needs cleaning up.

If the frame is marked as M_ENCAP then it should treat recvif as a node
reference and clear it.

Now - since the mbuf has been freed by calling if_transmit() (even on
failure), the mbuf has to be treated as invalid.  Hence why the ifp is
used.
2013-01-06 04:40:07 +00:00
adrian
df2147e23e Handle HWMP if_transmit() failure gracefully.
If if_transmit() fails, the node ref may need freeing.

This is based on the same logic used by the ageq, which the mesh code
(re) uses for frames which need to be staged before transmitting.
It also does the same thing - if M_ENCAP is set on the mbuf, it treats
the recvif pointer as a node reference and derefs it.
2013-01-06 04:38:31 +00:00
adrian
0d3b266bb9 if_start() is being used here as a way of kick-starting the new queue
processing.  For if_transmit() style hardware drivers (which none publicly
exist yet, for wireless) they will need to still implement if_start()
but only to re-start the TX queue.
2012-12-22 01:17:49 +00:00
adrian
60bdcd31a7 Remove a use of if_start() - instead, use if_transmit() to dispatch the
frame.
2012-12-22 01:16:28 +00:00
adrian
f0196dc70a Adjust the channel to correctly setup the HT flags when transitioning
an IBSS VAP to RUN.

An 11n IBSS was beaconing HTINFO/HTCAP IE's that didn't have any HT
information setup (like the HT TX/RX MCS bitmask.)

Tested:

* AR9280, IBSS - both a statically setup channel and a scanned channel

PR:		kern/172955
2012-12-10 07:00:46 +00:00
adrian
02d1402204 Update the aggressive mode logic to also enable aggressive mode
parameters in IBSSes.

IBSS was just being plainly ignored here even though aggressive mode
was 'on'.

This still doesn't fix the "why are the WME parameters reset upon
interface down/up" issue.

PR:		kern/165969
2012-12-10 00:16:38 +00:00
adrian
e8cc21d443 Undo the previous adhoc commit - doing the WME IE handling here
is totally wrong.

If we parse the WME IE here, we'll be constantly updating the WME
configuration from each WME enabled IBSS node we see.

There's a separate issue where the WME configuration is blanked out
when the interface is brought up; the WME parameters aren't "sticky."

Also, ieee80211_init_neighbor() parses the ath IE, so doing it here
isn't required.

Sorry about the noise.

PR:		kern/165969
2012-12-09 23:56:29 +00:00
adrian
c64b0a5666 Handle ath-specific and WME IE's in adhoc mode.
The Adhoc support wasn't parsing and handling the ath specific and WME
IEs, thus the atheros vendor support and WME TXOP parameters aren't being
copied from the peer.

It copies the WME parameters from whichever adhoc node it decides to
associate to, rather than just having them be statically configured
per adhoc node.  This may or may not be exactly "right", but it's certainly
going to be more convienent for people - they just have to ensure their
adhoc nodes are setup with correct WME parameters.

Since WME parameters aren't per-node but are configured on hardware TX
queues, if some nodes support WME and some don't - or perhaps, have
different WME parameters - things will get quite quirky.

So ensure that you configure your adhoc nodes with the same WME
parameters.

Secondly - the Atheros Vendor IE is parsed and operated on per-node, so
this should work out ok between nodes that do and don't do Atheros
extensions.  Once you see a becaon from that node and you setup the
association state, it _should_ parse things correctly.

TODO:

* I do need to ensure that both adhoc setup paths are correctly updating
  the IE stuff.  Ie, if the adhoc node is created by a data frame instead
  of a beacon frame, it'll come up with no WME/ath IE config.  The next
  beacon frame that it receives from that node will update the state.
  I just need to sit down and better understand how that's suppose to
  work in IBSS mode.

Tested:

* AR5416 <-> AR9280 - fast frames and the WME configuration both popped
  up. (This is with a local HAL patch that enables the fast frames
  capability on the AR5416 chipsets.)

PR:		kern/165969
2012-12-09 22:56:29 +00:00
adrian
d004c46035 Atheros SuperG bug fixes, as part of hunting down kern/174283.
The stageqdepth (global, over all staging queues) was being kept
incorrectly.  It was being incremented whenever things were added,
but only decremented during a flush.  During active fast frames activity
it wasn't being decremented, resulting in it always having a non-zero
value during normal fast-frames operation.

It was only used when checking if the aging queue should be checked;
we may as well just defer to each of those staging queue counters (which
look correct, thankfully.)

Whilst I'm here, add locking assertions in the staging queue add/remove
functions.  The current crash shows that the staging queue has one frame,
but only has a tail pointer set (the head pointer being set to NULL.)
I'd like to grab a few more crashes where these locking assertions are
in place so I can narrow down the issue between "somehow locking is
messed up and things are racy" and "the stage queue head/tail pointer
manipulation logic is subtly wrong."

Tested:

* AR5416 STA, AR5413 AP; with FastFrames enabled in the AR5416 HAL.

PR:		kern/174283
2012-12-09 19:20:28 +00:00
adrian
2961cca711 Don't panic if the stageq here is empty; just fall through with NULL
pointers and leave the stage queue flush routine to just do nothing
(since both head and tail here will be NULL.)

This should quieten the "stageq empty" panic where the stageq itself
is empty, but it won't fix the second KASSERT() here "staging queue empty"
as that's likely a different underlying problem.

PR:		kern/174283
2012-12-09 01:08:44 +00:00
adrian
47e04cdf7b Fix a use-after-free bug in the Atheros fast-frames support.
Tested:

* AR5212 AP, AR5413 STA, iperf TCP STA->AP, destroyed and/or shutdown
  the STA vap during active iperf TCP traffic.

PR:		kern/174273
MFC after:	1 week
2012-12-08 09:48:03 +00:00
adrian
51bed028d5 Add a new 900MHz GSM regulatory SKU for the Xagyl Communications XC900M.
The XC900M acts as a Ubiquiti XR9 (and I _think_ SR9) by default;
it uses the same 900MHz<->2.4GHz downconverter mapping.

However it has an alternative frequency mapping which squeezes in a couple
more half/quarter rate channels.  Since the default HAL doesn't support
fractional tuning (sub-1MHz) in 2.4GHz mode on the AR5413/AR5414, they
implement it using a jumper.

Datasheet: http://www.xagyl.com/download/XC900M_Datasheet.pdf

Thankyou to Xagyl Communications for the XC900M NICs and Edgar Martinez
for organising the donation.

Tested:

* XC900M <-> XC900M
* Ubiquiti XR9 <-> XC900M

TODO:

* Test against SR9 and GZ901 if possible (the IEEE channel<->frequency
  mapping may not match up, thanks to the slightly different channels
  involved)
2012-12-07 06:34:46 +00:00
glebius
8e20fa5ae9 Mechanically substitute flags from historic mbuf allocator with
malloc(9) flags within sys.

Exceptions:

- sys/contrib not touched
- sys/mbuf.h edited manually
2012-12-05 08:04:20 +00:00
adrian
776254641b Add a primitive to check if a lock is not owned. 2012-11-26 00:06:55 +00:00
adrian
d0137a78c6 Add some further BAR TX debugging; it was useful when figuring out
when BAR TX was actually failing.
2012-10-28 04:18:49 +00:00
adrian
cdbf140d92 Oops, missed in my last commit. 2012-10-26 19:46:55 +00:00
adrian
fd573bf186 Allow net80211 to be built on -9 and -8.
There are some people who use the -HEAD net80211 and wireless drivers
on earlier FreeBSD versions in order to get the updated 802.11n support.
The previous if_clone API changes broke this.
2012-10-26 19:06:24 +00:00
adrian
cc93b91b81 Fix up some initial issues with creation and deletion of hotplugged
net80211 devices and vaps.

* vnet sets vnet0 during kldload and device probe/attach, but not for
  the hotplug event.  Thus, plugging in a NIC causes things to panic.
  So, add a CURVNET_SET(vnet0) for now during the attach phase, until
  the hotplug code is taught to set CURVNET_SET(vnet0).

* there's also no implied detach vnet context - so teach the detach
  path about ifp->if_vnet.

* When creating/deleting vaps, also set the vnet context appropriately.
  These can be done at any time.

Now, the problems!

* ieee80211.c is supposed to be OS-portable code, with no OS-specific stuff
  like vnet. That should be fixed.

* When the device hotplug code gets taught about CURVNET_SET(vnet0), the
  device vnet set can go away; but the VAP vnet set still needs to be there.

* .. and there still is the question about potentially adding an implied
  CURVNET_SET(ifp->if_vnet) on if_free(), since any/all devices may end up
  being detached by a hotplug event in today's world.  That's going to be
  a topic of a subsequent commit.
2012-10-26 16:56:55 +00:00
glebius
05f24a6b77 Make the "struct if_clone" opaque to users of the cloning API. Users
now use function calls:

  if_clone_simple()
  if_clone_advanced()

to initialize a cloner, instead of macros that initialize if_clone
structure.

Discussed with:		brooks, bz, 1 year ago
2012-10-16 13:37:54 +00:00
kevlo
ceb08698f2 Revert previous commit...
Pointyhat to:	kevlo (myself)
2012-10-10 08:36:38 +00:00
kevlo
8747a46991 Prefer NULL over 0 for pointers 2012-10-09 08:27:40 +00:00
adrian
b7889929b9 Migrate the power-save functions to be overridable VAP methods.
This turns ieee80211_node_pwrsave(), ieee80211_sta_pwrsave() and
ieee80211_recv_pspoll() into methods.

The intent is to let drivers override these and tie into the power save
management pathway.

For ath(4), this is the beginning of forcing a node software queue to
stop and start as needed, as well as supporting "leaking" single frames
from the software queue to the hardware.

Right now, ieee80211_recv_pspoll() will attempt to transmit a single frame
to the hardware (whether it be a data frame on the power-save queue or
a NULL data frame) but the driver may have hardware/software queued frames
queued up.  This initial work is an attempt at providing the hooks required
to implement correct behaviour.

Allowing ieee80211_node_pwrsave() to be overridden allows the ath(4)
driver to pause and unpause the entire software queue for a given node.
It doesn't make sense to transmit anything whilst the node is asleep.

Please note that there are other corner cases to correctly handle -
specifically, setting the MORE data bit correctly on frames to a station,
as well as keeping the TIM updated.  Those particular issues can be
addressed later.
2012-10-02 17:45:19 +00:00
adrian
3ee466e6fc Fix a crash bug introduced in the iterate node work recently done.
When resuming, the first VAP is checked for max_aid; however if there
is no VAP, this results in a NULL pointer dereference and kernel
panic.
2012-09-16 22:45:00 +00:00
eadler
2dc3520f1e s/ is is / is /g
s/ a a / a /g

Approved by:	cperciva
MFC after:	3 days
2012-09-14 22:00:03 +00:00
adrian
4b09851610 Fix an incorrect comparison.
PR:		kern/170098
2012-08-16 00:53:23 +00:00
adrian
313bc375b2 Don't call the node iteration function inside the node table / node
iterate lock.

This causes LORs and deadlocks as some code paths will have the com lock
held when calling ieee80211_iterate_nodes().

Here, the comlock isn't held during the node table and node iteration
locks; and the callback isn't called with any (extra) lock held.

PR:		kern/170098
Submitted by:	moonlightakkiy@yahoo.ca
MFC after:	4 weeks
2012-08-15 20:01:28 +00:00
adrian
1e2fd29d32 Fix an incorrect comment. 2012-08-08 17:16:06 +00:00
monthadar
29285e1a1a Fixed some debug output in hwmp_recv_prep. 2012-07-31 08:05:40 +00:00
monthadar
7d32606c1b Fix a PREQ comparison error in 11s HWMP.
* Earlier we compared two not equal metrics, one was what we recevied
in the 'new PREQ' while the other was what we already have saved which
was 'old PREQ' + link metric for the last hop;
* Fixed by adding 'new PREQ' + link metric for the last hop in a
temporary variable;
2012-07-31 07:36:27 +00:00
monthadar
c2d63929b4 Fix bugs in net80211s found with wtap simulator.
For description of the test scripts refer to projects/net80211_testsuite/wtap.

* Test 007 showed a bug in intermediate PREP for a proxy entry. Resolved;
* Test 002 showed a bug in the Addressing Mode flag for a PREQ. Resolved;
2012-07-31 07:31:47 +00:00
adrian
c266a0edd4 Add a check for dynamic OFDM/CCK channel types. 2012-07-01 04:25:49 +00:00
monthadar
074e234794 Mesh mode, potential garbage in QoS subfield.
* qos[1] subfield is never assigned a value before this statement.
qos[1] can potentially be OR:ed with garbage. Make it an assignment instead;
* Remove brackets around if statement;

Approved by: adrian
2012-06-25 11:52:26 +00:00
adrian
5958fc908c Extend the radiotap code to be aware of the size of any extra vendor
bitmaps that may occur.

The way this works is:

* the beginning of the radiotap frame has a 32 bit "radiotap" namespace
  bitmap;
* if the vendor bitmap bit is set, then the next bitmap will be interpreted
  as a vendor bitmap;
* this can keep going on and on (ie, more vendor and radiotap namespace
  bitmaps can be added) until the last bitmap with no "more bitmaps" set.

Now, the radiotap code gets its grubby fingers into the supplied
radiotap rx/tx buffer and replaces the channel configuration
for each frame.  I don't know why it's not up to the drivers themselves
to do this, but I digress.  So, if a vendor bitmap (or two, etc) exists,
the offset calculations will be all completely wrong.

This particular patch introduces ieee80211_radiotap_attachv(), which
includes the number of vendor bitmaps (well, any other bitmaps, vendor
or otherwise) between the end of the bitmap/header and the start of the
actual radiotap field entries.  This makes the radiotap calculations
"right", so it correctly calculates where to overwrite the channel
configuration.

The long term fix is to go through and make each driver update the channel
configuration, as some of the fields are already being updated.

That, however, is a longer term fix that will need each driver fixed.

I leave that as an exercise to someone in the future.
2012-06-18 02:08:04 +00:00
adrian
e4c6de87cb Fix some corner cases in the ieee80211_send_bar() handling.
* If the first call succeeded but failed to transmit, a timer would
  reschedule it via bar_timeout().  Unfortunately bar_timeout() didn't
  check the return value from the ieee80211_send_bar() reattempt and
  if that failed (eg the driver ic_raw_xmit() failed), it would never
  re-arm the timer.

* If BARPEND is cleared (which ieee80211_send_bar() will do if it can't
  TX), then re-arming the timer isn't enough - once bar_timeout() occurs,
  it'll see BARPEND is 0 and not run through the rest of the routine.
  So when rearming the timer, also set that flag.

* If the TX wasn't occuring, bar_tx_complete() wouldn't be called and the
  driver callback wouldn't be called either.  So the driver had no idea
  that the BAR TX attempt had failed.  In the ath(4) case, TX would stay
  paused.

  (There's no callback to indicate that BAR TX had failed or not;
  only a "BAR TX was attempted".  That's a separate, later problem.)

  So call the driver callback (ic_bar_response()) before the ADDBA session
  is torn down, so it has a chance of being notified that things didn't
  quite go to plan.

I've verified that yes, this does suspend traffic for ath(4), retry BAR
TX even if the driver is failing ic_raw_xmit(), and then eventually giving
up and sending a DELBA.  I'll address the "out of ath_buf" issue in ath(4)
in a subsequent commit - this commit just fixes the edge case where any
driver is (way) out of internal buffers/descriptors and fails frame TX.

PR:		kern/168170
Reviewed by:	bschmidt
MFC after:	1 month
2012-05-22 19:37:12 +00:00
monthadar
3ea2b961af Update HWMP Proactive code and mesh route flags.
* Modified hwmp_recv_preq:
    o cleaned up code, removed rootmac variable because preq->origaddr
      is the root when we recevie a Proactive PREQ;
    o Modified so that a PREP in response of a Proactive PREQ is unicast,
      a PREP is ALWAYS unicast;
* Modified hwmp_recv_prep:
    o Before we mark a route to be valid we should remove the discovery
      flag and then mark it valid in such a way we wont lose the isgate flag;

Approved by: adrian
2012-05-01 16:18:38 +00:00
monthadar
6ebd719aaa PREQ discovery update.
* Added a new discovery flag IEEE80211_MESHRT_FLAGS_DISCOVER;
* Modified ieee80211_ioctl.h to include IEEE80211_MESHRT_FLAGS_DISCOVER;
* Added hwmp_rediscover_cb, which will be called by a timeout to do
rediscovery if we have not reach max number of preq discovery;
* Modified hwmp_discover to setup a callout for path rediscovery;
* Added to ieee80211req_mesh_route to have a back pointer to ieee80211vap
for the discovery callout context;
* Modified mesh_rt_add_locked arguemnt from ieee80211_mesh_state to
ieee80211vap, this because we have to initialize the above back pointer;

Approved by: adrian
2012-05-01 16:16:20 +00:00
monthadar
973bb2517d Net80211s update: Mesh Gate Announcement and removal of Portal Announcement.
* Renamed IEEE80211_ELEMID_MESHPANN to IEEE80211_ELEMID_MESHGANN according to
 amendment;
 * Added IEEE80211_IOC_MESH_GATE that controls whether Mesh Gate Announcement
 is activated or not;
 * Renamed all flags from Portal to Gate in HWMP frames;
 * Removed IEEE80211_ACTION_MESHPANN enum cause its part of the Mesh Action
 category now as per amendment;
 * Renamed IEEE80211_MESHFLAGS_PORTAL to IEEE80211_MESHFLAGS_GATE in
 ieee80211_mesh_state flags;
 * Modified ieee80211_hwmp.c/ieee80211_mesh.c to use new GATE flags;

Approved by: adrian
2012-05-01 16:14:18 +00:00
monthadar
72d34b4c26 RANN update
* Introduced a new HWMP sysctl, Root Confirmation Interval;
* Added hr_lastrootconf to hwmp_route, is for ratecheck for a specific ROOT;
* We missed reading RANN.interval subfield from a RANN frame before;
* Updated hwmp_recv_rann according to amendment, see comments;

Approved by: adrian
2012-05-01 16:13:22 +00:00
monthadar
730d2de83b PERR update to be called from mesh code.
* Added mpp_senderror for Mesh Path Selection protocol;
* Added hwmp_senderror that will send an HWMP PERR according to the
supplied reason code;
* Call mpp_senderror when deleting a route with correct reason code
for whether the route is marked proxy or not;
* Call mpp_senderror when trying to forward an individually addressed
frame and there is no forwarding information;

Approved by: adrian
2012-05-01 16:12:39 +00:00
monthadar
1b62f837a7 * Modified PERR acceptance criteria according to amendment;
* Modified how PERR is handled and propagated according to amendment;

Approved by: adrian
2012-05-01 16:11:47 +00:00
monthadar
d3678caa9e Updated PREQ propagation code;
* When receiving a Proactive PREQ dont return after processing it but propagate;
* When we propagate we should not enforce ratechecking;
* Added checking for multiple pred ID detection;
* Storing proxy orig address when PREQ is not for us;

Approved by: adrian
2012-05-01 16:10:32 +00:00
monthadar
cedb36bb2d * PREQ acceptance criteria updated to check for proxy condition as in amendment;
Approved by: adrian
2012-05-01 16:09:44 +00:00
monthadar
85e4cd546c * Proactive PREQ (original transmission) must also set
IEEE80211_MESHPREQ_TFLAGS_USN flag in target_flag field;

Approved by: adrian
2012-05-01 16:08:46 +00:00
monthadar
61b3092da4 * Fixed hwmp_discover code to populate a PREQ packet correctly;
* Removed IEEE80211_MESHPREQ_TFLAGS_RF which is no longer part of the
amendment spec;

Approved by: adrian
2012-05-01 16:07:35 +00:00
monthadar
7c47930be0 * Fixed PREQ flag field Adressing mode subfiled according to amendment specs;
Approved by: adria
2012-05-01 16:06:20 +00:00
monthadar
44ee994da6 * Added a mesh max PREQ retires sysctl that governous how many times
we try to discover an address;
* Added a mesh net travelse time across an MBSS, which is used to enforce
discovery rate check;

Approved by: adrian
2012-05-01 16:05:09 +00:00
monthadar
84762f9912 Change how we enforce PREQ minimum interval.
* Moved hs_lastpreq to be hr_lastpreq cause this rate check should be per
target mesh STA according to amendment (NB: not applicable for PERR);
* Modified hwmp_send_preq to use two extra arguments for last sent PREQ and
minimum PREQ interval;
* hwmp_send_preq is called with last two arguments equal to NULL when sending
Proactive PREQs cause the call back task enforces the rate check;

Approved by: adrian
2012-05-01 16:03:27 +00:00
monthadar
3e48b3819f PREP update
* Added assertion in mesh_rt_update;
* Fixed some prep propagation that where multicast, ALL PREPS ARE UNICAST;
* Fixed PREP acceptance criteria;
* Fixed some PREP debug messages;
* HWMP intermediate reply (PREP) should only be sent if we have newer
forwarding infomration (FI) about target;
* Fixed PREP propagation condition and PREP w/ AE handling;
* Ignore PREPs that have unknown originator.
* Removed old code inside PREP that was for proactive path building
to root mesh;

Other errors include:
* use seq number of target and not orig mesh STA;
* Metric is what we have stored in our FI;
* Error in amendment, Hop count is not 0 but equals FI hopcount for target;

Approved by: adrian
2012-05-01 16:02:31 +00:00
monthadar
01443cbc25 * MeshForwarding update mesh_recv_indiv_data_to_fwrd to silently discard
unknown meshDA instead of panic, which is allowed per amendment spec;

Approved by: adrian
2012-05-01 16:00:31 +00:00
monthadar
c2bc330cbb Added route lifetime update for destination and source mesh along a mesh path;
* In mesh_recv_indiv_data_to_fwd update route entry for both meshDA and meshSA;
 * In mesh_recv_indiv_data_to_me update route entry for meshSA;
 * in ieee80211_mesh_rt_update put code so that a proxy entry that is gated
 by us (number of hops == 0) is never invalidated;
 * Fixed so that we always call ieee80211_mesh_rt_update with lifetime in ms;

Approved by: adrian
2012-05-01 15:58:10 +00:00
monthadar
66eb02c1dc Mesh forwarding with proxy support.
* Modified HWMP PREP/PREQ to contain a proxy entry and also changed PREP
frame processing according to amendment as following:
        o Fixed PREP to always update/create if acceptance criteria is meet;
        o PREQ processing to reply if request is for a proxy entry that is
          proxied by us;
        o Removed hwmp_discover call from PREQ, because sending a PREP will
          build the forward path, and by receving and accepting a PREQ we
          have already built the reverse path (non-proactive code);
* Disabled code for pro-active in PREP for now (will make a separate patch for
pro-active HWMP routing later)
* Added proxy information for a Mesh route, mesh gate to use and proxy seqno;
* Modified ieee80211_encap according to amendment;
* Introduced Mesh control address extension enum and removed unused struct,
also rename some structure element names.
* Modified mesh_input and added mesh_recv_* that should verify and process mesh
data frames according to 9.32 Mesh forwarding framework in amendment;
* Modified mesh_decap accordingly to changes done in mesh control AE struct;

Approved by: adrian
2012-05-01 15:56:26 +00:00
monthadar
661f0aa0b4 Implemented so that Mesh forwarding information lifetime is dynamic.
* Introduced ieee80211_mesh_rt_update that updates a route with the
 maximum(lifetime left, new lifetime);
 * Modified ieee80211_mesh_route struct by adding a lock that will be used
 by both ieee80211_mesh_rt_update and precursor code (added in future commit);
 * Modified in ieee80211_hwmp.c HWMP code to use new ieee80211_mesh_rt_update;
 * Modified mesh_rt_flush_invalid to use new ieee80211_mesh_rt_update;
 * mesh_rt_flush also checks that lifetime == 0, this gives route discovery
 a change to complete;
 * Modified mesh_recv_mgmt case IEEE80211_FC0_SUBTYPE_BEACON:
 when ever we received a beacon from a neighbor we update route lifetime;

Approved by: adrian
2012-05-01 15:47:30 +00:00
monthadar
6b5007d019 Fixed some MPM reason codes and max number of neighbors check
* Added IEEE80211_MESH_MAX_NEIGHBORS and it is set to 15, same as before;
 * Modified mesh_parse_meshpeering_action to verify MPM frame and send
 correct reason code for when a frame is rejected according to standard spec;
 * Modified mesh_recv_action_meshpeering_* according to the standard spec;
 * Modified mesh_peer_timeout_cb to always send CLOSE frame when in CONFIRMRCV
 state according to the standard spec;

Approved by: adrian
2012-05-01 15:42:41 +00:00
monthadar
9d51d66dc0 Modified structure and code that handles Mesh peering management.
* Old struct ieee80211_meshpeer_ie had wrong peer_proto field size;
 * Added IEEE80211_MPM_* size macros;
 * Created an enum for the Mesh Peering Protocol Identifier field according
 to the standard spec and removed old defines;
 * Abbreviated Handshake Protocol is not used by the standard anymore;
 * Modified mesh_verify_meshpeer to use IEEE80211_MPM_* macros for verification;
 * Modified mesh_parse_meshpeering_action to parse complete frame, also to parse
 it according to the standard spec;
 * Modified ieee80211_add_meshpeer to construct correct MPM frames according to
 the standard spec;

Approved by: adrian
2012-05-01 15:39:16 +00:00
monthadar
3b1abc6390 Added Self-protected action category (including MPM).
* Added new action category IEEE80211_ACTION_CAT_SELF_PROT which is used by 11s
for Mesh Peering Management;
* Updated Self protected enum Action codes to start from 1 instead of 0
according to the standard spec;
* Removed old and wrong action categories IEEE80211_ACTION_CAT_MESHPEERING;
* Modified ieee80211_mesh.c and ieee80211_action.c to use the new action
category code;
* Added earlier verification code in ieee80211_input;

Approved by: adrian
2012-05-01 15:35:10 +00:00
adrian
69f376da56 Migrate the net80211 TX aggregation state to be from per-AC to per-TID.
TODO:

* Test mwl(4) more thoroughly!

Reviewed by:	bschmidt (for iwn)
2012-04-15 20:29:39 +00:00
adrian
f16af2226b Add some statistics to track BAR TX. 2012-04-08 04:51:25 +00:00
bschmidt
d54496d7dd Add basic HT channel setup to ieee80211_init_channels(), this will be
used by at least ral(4).

Reviewed by:	ray
2012-04-03 17:48:42 +00:00
adrian
5e8fce0c81 Correct the ordering of tid/crypto ic_name.
Because the code lacks all the GNU extensions to printf() format stuff,
the compiler doesn't helpfully tell us that I messed up in a previous
commit.

Pointy hat to: adrian, who likely only cares about this because he's the
  only one who bothers flipping on net80211 debugging.
2012-03-27 04:15:38 +00:00
adrian
2acdb6a872 Create a new task to handle 802.11n channel width changes.
Currently, a channel width change updates the 802.11n HT info data in
net80211 but it doesn't trigger any device changes.  So the device
driver may decide that HT40 frames can be transmitted but the last
device channel set only had HT20 set.

Now, a task is scheduled so a hardware reset or change isn't done
during any active ongoing RX. It also means that it's serialised
with the other task operations (eg channel change.)

This isn't the final incantation of this work, see below.

For now, any unmodified drivers will simply receive a channel
change log entry.  A subsequent patch to ath(4) will introduce
some basic channel change handling (by resetting the NIC.)
Other NICs may need to update their rate control information.

TODO:

* There's still a small window at the present moment where the
  channel width has been updated but the task hasn't been fired.
  The final version of this should likely pass in a channel width
  field to the driver and let the driver atomically do whatever
  it needs to before changing the channel.

PR:		kern/166286
2012-03-25 03:11:57 +00:00
adrian
2365bc6b1e Re-commit this - store the alq payload in network order. 2012-03-21 03:19:50 +00:00
adrian
57c81ebaa2 .. revert out a local change that I hadn't yet completely finished fleshing
out and testing.

sorry!
2012-03-18 21:54:59 +00:00
adrian
a4e442e5d2 Add a missing endian conversion. 2012-03-18 19:35:30 +00:00
adrian
2a00d3a2e7 Pull in a dependency on ALQ if it's compiled with IEEE80211_ALQ. 2012-03-16 23:08:13 +00:00
adrian
c7c5399057 Add missing \n's.
This showed up when testing the wtap module, as it attaches with
no radiotap tx/rx configuration.
2012-03-08 23:46:42 +00:00
adrian
2960bf1153 Modify HWMP to be able to allocate memory for PREQ/PREP/PERR for all scenarios.
* Added verify_mesh_*_len functions that verify the length
  according to the amendment spec and return number of destination addresses
  for allocation of appropriate struct size in memory;
* Modified hwmp_recv_action_meshpath to allocate HWMP ie instead of
  storing them on the stack and store all available field according the flags;
* Modify hwmp_add_mesh* to work with all cases of HWMP according to amendment.
* Modify hwmp_send_* to calculate correct len of bytes for the HWMP ie.
* Added new M_80211_MESH_* malloc defines.
* Added macros with magic numbers for HWMP ie sizes according to amendment.
* Added the external address to all HWMP ie structs.

Submitted by:	monthadar@gmail.com
2012-03-06 21:20:16 +00:00
adrian
a7377c574a Oops - used the wrong field.
Noticed by:	nwhitehorn
2012-03-05 02:36:15 +00:00
adrian
44c3f77031 Add the thread id to the net80211 alq records.
This will (hopefully) aid in debugging concurrency related issues.
2012-03-04 23:13:52 +00:00
adrian
83811db6cb Fix style(9) issues. 2012-03-04 23:04:16 +00:00
glebius
2ef7dea431 Fix build w/o 'options IEEE80211_SUPPORT_MESH'. 2012-03-04 09:45:43 +00:00
adrian
56640b8eb7 * Introduce new flag for QoS control field;
* Change in mesh_input to validate that QoS is set and Mesh Control field
  is present, also both bytes of the QoS are read;
* Moved defragmentation in mesh_input before we try to forward packet as
  inferred from amendment spec, because Mesh Control field only present in first
  fragment;
* Changed in ieee80211_encap to set QoS subtype and Mesh Control field present,
  only first fragment have Mesh Control field present bit equal to 1;

Submitted by:	monthadar@gmail.com
2012-03-04 05:52:26 +00:00
adrian
8d7335fa92 * Added IEEE80211_ACTION_CAT_MESH in ieee80211.h as specified amendment spec;
* Moved old categories as specified by D4.0 to be action fields of MESH category
  as specified in amendment spec;
* Modified functions to use MESH category and its action fields:
  + ieee80211_send_action_register
  + ieee80211_send_action
  + ieee80211_recv_action_register
  +ieee80211_recv_action;
* Modified ieee80211_hwmp_init and hwmp_send_action so they uses correct
  action fields as specified in amendment spec;
* Modified ieee80211_parse_action so that it verifies MESH frames.
* Change Mesh Link Metric to use one information element as amendment spec.
  Draft 4.0 defined two different information elements for request and response.

Submitted by:	monthadar@gmail.com
2012-03-04 05:49:39 +00:00
adrian
8aaa665509 Attempt to catch scan cancellations at exactly the wrong time from occuring.
The scan code unlocks the comlock and calls into the driver.  It then
assumes the state hasn't changed from underneath it.

Although I haven't seen this particular condition trigger, I'd like to
be informed if I or anyone else sees it.

What I'm thinking may occur:

* A cancellation comes in during the scan_end call;
* the cancel flag is set;
* but it's never checked, so scandone isn't updated;
* .. and the interface stays in the STA power save mode.

It's a subtle race, if it even exists.

PR:		kern/163318
2012-03-02 02:53:43 +00:00