Commit Graph

783 Commits

Author SHA1 Message Date
adrian
a73ffc7e72 .. add missing include from an incorrect merge.
Sponsored by:	Hobnob, Inc.
2011-11-08 14:34:01 +00:00
adrian
b49080d51a Reject frames in STA mode which are not destined to the local STA address.
Some hardware (eg the AR9160 in STA mode) seems to "leak" unicast FROMDS
frames which aren't destined to itself. This angers the net80211 stack -
the existing code would fail to find an address in the node table and try
passing the frame up to each vap BSS. It would then be accepted in the
input routine and its contents would update the local crypto and sequence
number state.

If the sequence number / crypto IV replay counters from the leaked frame
were greater than the "real" state, subsequent "real" frames would be
rejected due to out of sequence / IV replay conditions.

This is also likely helpful if/when multi-STA modes are added to net80211.

Sponsored by:	Hobnob, Inc.
2011-11-08 14:28:33 +00:00
adrian
1a3216b041 Add 802.11h quiet time element support into net80211.
This supports both station and hostap modes:

* Station mode quiet time element support listens to quiet time
  IE's and modifies the local quiet time configuration as appropriate;
* Hostap mode both obeys the locally configured quiet time period
  and includes it in beacon frames so stations also can obey as needed.

Submitted by:	Himali Patel <himali.patel@sibridgetech.com>
Sponsored by:	Sibridge Technologies
2011-11-08 04:00:24 +00:00
ed
0c56cf839d Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.
The SYSCTL_NODE macro defines a list that stores all child-elements of
that node. If there's no SYSCTL_DECL macro anywhere else, there's no
reason why it shouldn't be static.
2011-11-07 15:43:11 +00:00
ed
e97eae1577 Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs.
This means that their use is restricted to a single C file.
2011-11-07 06:44:47 +00:00
adrian
2ce74f6cf1 Include the tid when printing out crypto replay errors.
I found this useful when trying to debug the AR9160 STA RX filter issue -
I'd get crypto reply errors but it wasn't entirely clear which TID it
was for.
2011-10-28 15:47:14 +00:00
adrian
69338c6aed Fix an unused variable warning/error when invariants isn't enabled.
Reported by:	bz
2011-10-12 10:19:55 +00:00
adrian
e4db174445 Fix a panic in the wifi stack when a software beacon miss occurs in the wrong state.
The ieee80211_swbmiss() callout is not called with the ic lock held, so it's
quite possible the scheduler will run the callout during a state change.

This patch:

* changes the swbmiss callout to be locked by the ic lock
* enforces the ic lock being held across the beacon vap functions
  by grabbing it inside beacon_miss() and beacon_swmiss().

This ensures that the ic lock is held (and thus the VAP state
stays constant) during beacon miss and software miss processing.
Since the callout is removed whilst the ic lock is held, it also
ensures that the ic lock can't be called during a state change
or exhibit any race conditions seen above.

Both Edgar and Joel report that this patch fixes the crash and
doesn't introduce new issues.

Reported by:	Edgar Martinez <emartinez@kbcnetworks.com>
Reported by:	Joel Dahl <joel@vnode.se>
Reported by:	emaste
2011-10-02 02:42:31 +00:00
adrian
8d7a219360 This patch fixes beacon frame sequence number generation. The code
didn't set a sequence number; it didn't show up earlier because the
hardware most people use for hostap (ie, AR5212 series stuff) sets the
sequence numbers up in hardware. Later hardware (AR5416, etc) which
can do 11n and aggregation require sequence numbers to be generated in
software.

Submitted by:	paradyse@gmail.com
Approved by:	re (kib)
2011-08-24 08:53:33 +00:00
adrian
b31a18eeb4 Correctly handle BAR TX failures.
On a TX failure, ic_raw_xmit will still call ieee80211_node_free().
There's no need to call it here.

Submitted by:	moonlightakkiy@yahoo.ca
Approved by:	re (kib)
2011-08-19 15:21:13 +00:00
adrian
82e7e2a290 Fix BAR frame TX completion - successful transmission is indicated
by a status of 0.

Approved by:	re (kib)
2011-08-16 09:07:59 +00:00
bschmidt
085afcf6e3 When setting a fixed channel on adapters with 11n support the scan
channel list ends up with 2 entries, the HT and the legacy channel.
The scan itself is currently always done at legacy rates so we end
up receiving scan results for legacy networks on the HT channel and
erroneously assigning the BSS to the 11n channel. As the channel's
capabilities are used to setup the adapter we might end up with
non-working settings and/or firmware crashes.

Fix this by ensuring that scan results received on a HT channel
are only assigned to that channel if the htcap IE is available,
else use the legacy channel equivalent.

Tested by:	Pawel Worach, Raoul Megelas, Maciej Milewski,
		Andrei <az at azsupport dot com>
Approved by:	re (kib)
2011-08-08 16:29:07 +00:00
adrian
18fcf58be0 Fix brokenness introduced by my last commit.
Approved by:	re (implicit)
2011-07-20 00:36:47 +00:00
adrian
f16e320392 This sets the BSS channel for each VAP for the given interface.
It's only relevant in STA mode.

The CSA forces a channel switch for the interface, but doesn't update
the VAP channel.

Approved by:	re (bz)
2011-07-19 15:24:44 +00:00
kevlo
6fa05979e3 Fix memset sizeofs
Reviewed by:	bschmidt
2011-07-07 15:41:40 +00:00
adrian
aeac662df6 Print out a big warning if DFS can't find a channel to use.
This way people debugging DFS won't be surprised when their
AP stops talking.
2011-06-27 05:57:14 +00:00
adrian
16ca4a6ef7 Add a callback for ADDBA response timeouts.
TX for the given TID needs to be paused during ADDBA requests (and unpaused
once the session is established.) Since net80211 currently doesn't implement
software aggregation, if this pause/unpause is done in the driver (as it
is in my development branch) then it will need to be unpaused both on
ADDBA response and on ADDBA timeout.

This callback allows the driver to unpause TX for the relevant TID.

Reviewed by:	bschmidt
2011-06-20 11:46:03 +00:00
kevlo
cc8fba8d7c Change i_len in ieee80211req to be unsigned and fix other signed/unsigned
issues.

Reviewed by:	bschmidt
Obtained from:	NetBSD
2011-06-16 09:37:20 +00:00
bschmidt
1bcd9bb7cf Certain adapters have HT40 support on some but not all channels. The
Intel 4965 devices for example have HT40 on 2GHz completely disabled
but it is still supported for 5GHz. To handle that in sta mode we
need to check if we can "upgrade" to a HT40 channel after the
association, if that is not possible but we are still announcing
support to the remote side we are left with a very flabby connection.

Reviewed by:	adrian
2011-06-04 15:05:32 +00:00
bschmidt
aaeb38ff0e Data frames sent over the mgmt path might be part of a TX aggr session
too. In that case don't fiddle with the seqno as drivers are supposed
to handle that.

Currently only the powersave feature does sent QoS-null-data frames
before and after a background scan which must be handled correctly. Due
to this being quite rare we don't fiddle around with starting of aggr
sessions.
2011-06-04 14:28:09 +00:00
bschmidt
2c0ec39116 Fix typo, it is MPDU not MDPU. 2011-05-21 16:41:41 +00:00
adrian
0755b8e882 Fix up the net80211 alq logging - this commit makes it usable.
* revert a local path change that shouldn't have made it to the commit
* fix some indenting/wrapping

* Fix the ale data copy - i should be copying into the ale data pointer,
  not over the ale entry itself.
2011-05-11 17:20:35 +00:00
adrian
3e01906b9d net80211 alq bugfixes:
* Track number of logged operations
* call alq_post() so things are logged
* network order things
2011-05-11 16:44:19 +00:00
adrian
198275796f Fix some corner cases in the net80211 sequence number retransmission
handling.

The current sequence number code does a few things incorrectly:

* It didn't try eliminating duplications from HT nodes. I guess it's assumed
  that out of order / retransmission handling would be handled by the AMPDU RX
  routines. If a HT node isn't doing AMPDU RX, then retransmissions need to
  be eliminated. Since most of my debugging is based on this (as AMPDU TX
  software packet aggregation isn't yet handled), handle this corner case.

* When a sequence number of 4095 was received, any subsequent sequence number
  is going to be (by definition) less than 4095. So if the following sequence
  number (0) doesn't initially occur and the retransmit is received, it's
  incorrectly eliminated by the IEEE80211_FC1_RETRY && SEQ_LEQ() check.
  Try to handle this better.

This almost completely eliminates out of order TCP statistics showing up during
iperf testing for the 11a, 11g and non-aggregate 11n AMPDU RX case. The only
other packet loss conditions leading to this are due to baseband resets or
heavy interference.
2011-05-04 02:23:59 +00:00
bz
99f9647714 We need in.h for both INET and INET6, as according to RFC 3493 it
defines struct in6_addr, which is needed by ip6_hdr used in here.

Reviewed by:	gnn
Sponsored by:	The FreeBSD Foundation
Sponsored by:	iXsystems
MFC after:	5 days
2011-04-25 16:37:47 +00:00
adrian
f0e5a695e9 Revert r220907 and r220915.
Changing the size of struct ieee80211_mimo_info changes
the STA info data, breaking ifconfig in general.
2011-04-22 00:44:27 +00:00
adrian
b6d230d6e1 Implement very basic ALQ logging for net80211.
This is destined to be a lightweight and optional set of ALQ
probes for debugging events which are just impossible to debug
with printf/log (eg packet TX/RX handling; AMPDU handling.)

The probes and operations themselves will appear in subsequent
commits.
2011-04-21 03:59:37 +00:00
adrian
81acf70347 Change the MIMO userland export ABI to include flags, number of radio chains,
extended EVM statistics and EXT channel data.

ifconfig still displays 3 chains worth of ctl noise/rssi.
2011-04-21 03:47:40 +00:00
adrian
b1fd8bca14 Re-add the pad[2] I deleted by accident. 2011-04-08 09:56:31 +00:00
adrian
04a664ee1b Add initial support for MIMO statistics to net80211.
This introduces struct ieee80211_rx_stats - which stores the various kinds
of RX statistics which a MIMO and non-MIMO 802.11 device can export.

It also fleshes out the mimo export to userland (node_getmimoinfo()).

It assumes that MIMO radios (for now) export both ctl and ext channels.
Non-11n MIMO radios are possible (and I believe Atheros made at least
one), so if that chipset support is added, extra flags to the
struct ieee80211_rx_stats can be added to extend this support.

Two new input functions have been added - ieee80211_input_mimo() and
ieee80211_input_mimo_all() - which MIMO-aware devices can call with
MIMO specific statistics.

802.11 devices calling the non-MIMO input functions will still function.
2011-04-08 09:20:45 +00:00
adrian
f20bb6e7e3 Fix a WME corner case found by the FreeBSD 802.11n testing crew.
The symptom: sometimes 11n (and non-11n) throughput is great.
Sometimes it isn't. Much teeth gnashing occured, and much kernel
bisecting happened, until someone figured out it was the order
of which things were rebooted, not the kernel versions.
(Which was great news to me, it meant that I hadn't broken if_ath.)

What we found was that sometimes the WME parameters for the best-effort
queue had a burst window ("txop") in which the station would be allowed
to TX as many packets as it could fit inside that particular burst
window. This improved throughput.

After initially thinking it was a bug - the WME parameters for the
best-effort queue -should- have a txop of 0, Bernard and I discovered
"aggressive mode" in net80211 - where the WME BE queue parameters
are changed if there's not a lot of high priority traffic going on.
The WME parameters announced in the association response and beacon
frames just "change" based on what the current traffic levels are.
So in fact yes, the STA was acutally supposed to be doing this higher
throughput stuff as it's just meant to be configuring things based on
the WME parameters - but it wasn't.

What was eventually happening was this:

* at startup, the wme qosinfo count field would be 0;
* it'd be parsed in ieee80211_parse_wmeparams();
* and it would be bumped (to say 10);
* .. and the WME queue parameters would be correctly parsed and set.

But then, when you restarted the assocation (eg hostap goes away and
comes back with the same qosinfo count field of 10, or if you
destroy the sta VIF and re-create it), the WME qosinfo count field -
which is associated not to the VIF, but to the main interface -
wouldn't be cleared, so the queue default parameters would be used
(which include no burst setting for the BE queue) and would remain
that way until the hostap qosinfo count field changed, or the STA
was actually rebooted.

This fix simply cleares the wme capability field (which has the count
field) to 0, forcing it to be reset by the next received beacon.

Thanks go to Milu for finding it and helping me track down what was
going on, and Bernard Schmidt for working through the net80211 and
WME specific magic.
2011-03-24 15:27:15 +00:00
bschmidt
ae697aa085 Constantly use MHz instead of Mhz.
Pointed out by:	N.J. Mann <njm at njm.me.uk>
2011-03-13 13:05:50 +00:00
bschmidt
2671ddd113 When injecting frames a temporary node is faked, during this several
uses of ic_curchan occur. Due to the nature of a scan, switching
channels constantly and all this happening without any kind of locks
held, it might happen that ic_curchan points to nowhere leading to
panics. Fix this by not allowing frame injections while in SCAN state.

Tested by:	Paul B. Mahol <onemda at gmail.com>
2011-03-13 12:56:46 +00:00
bschmidt
e31826f679 Fix a cut&paste error while parsing htcap/htinfo elements. This one is
reponsible for not filling ni_htrates if a pre-ht information element is
present.
2011-03-13 12:21:04 +00:00
bschmidt
6a3ac63bc7 Honor device capabilities while initializing ni_htrates.
Instead of hardcoding MCS0-15 generate the table dynamically, also
restrict the MCS rates to our own capabilities while parsing a htcap
element.
2011-03-13 12:16:23 +00:00
bschmidt
0e5f5b1d23 Fix rmax calculation during BSS selection.
If multiple networks are available the max bandwidth is one
condition used for selecting the "best" BSS. To achieve that
we should consider all parameters which affect the max RX rate.
This includes 20/40MHz, SGI and the of course the MCS set.

If the TX MCS parameters are available we should use those,
because an AP announcing support for receiving frames at 450Mbps
might only be able to transmit at 150Mbps (1T3R). I haven't seen
devices with support for transmitting at higher rates then
receiving, so prefering TX over RX information should be safe.

While here, remove the hardcoded assumption that MCS15 is the max
possible MCS rate, use MCS31 instead which really is the highest
rate (according to the 802.11n std). Also, fix a mismatch of an
40MHz/SGI check.
2011-03-13 11:58:40 +00:00
bschmidt
ac4db85efe Fill hc_mcsset completely.
Contrary to the rateset information in legacy frames the MCS Set
field also contains TX capability information in cases where the
number of available TX and RX spartial streams differ. Because a
rateset doesn't contain that information we have to pull the
those directly from the hardware capabilities.
2011-03-13 11:56:33 +00:00
bschmidt
865ccb7c05 While determining the maxrate for ieee80211_media_setup() honor
the device capabilities.
2011-03-13 11:47:43 +00:00
bschmidt
cc08936106 Change the way HT capatibilities are announced.
Get rid of the assumption that every device is capable of 40MHz,
SGI and 2 spartial streams. Instead of printing, in the worst case,
8 times 76 MCS rates, print logically connect ranges and the
support RX/TX streams.

A device without 40MHz and SGI support looks like:
ath0: 2T2R
ath0: 11na MCS 20Mhz
ath0: MCS 0-7: 6.5Mbps - 65Mbps
ath0: MCS 8-15: 13Mbps - 130Mbps
ath0: 11ng MCS 20Mhz
ath0: MCS 0-7: 6.5Mbps - 65Mbps
ath0: MCS 8-15: 13Mbps - 130Mbps
2011-03-13 11:45:58 +00:00
bschmidt
41875be2d5 First step on removing the harcoded RX/TX stream and MCS0-15 assumptions.
Initialize ic_rxstream/ic_txstream with 2, for compatibility reasons.
Introduce 4 new HTC flags, which are used in addition to ic_rxstream
and ic_txstream to compute the hc_mcsset content and also for initializing
ni_htrates. The number of spatial streams is enough to determine support
for MCS0-31 but not for MCS32-76 as well as some TX parameters in the
hc_mcsset field.
2011-03-13 11:40:18 +00:00
bschmidt
3d57f75785 Complete the MCS rate table based on the final 802.11n std. While here
adjust the IEEE80211_HTRATE_MAXSIZE constant, only MCS0 - 76 are valid
the other bits in the mcsset IE (77 - 127) are either reserved or used
for TX parameters.
2011-03-10 18:17:24 +00:00
brucec
4a353c54fd Fix typos - remove duplicate "is".
PR:		docs/154934
Submitted by:	Eitan Adler <lists at eitanadler.com>
MFC after:	3 days
2011-02-23 09:22:33 +00:00
bschmidt
f2afad1aea Make sure to only accept and handle action frames which are for us. In
promiscuous mode we might receive stuff which otherwise gets filtered
by hardware.
2011-02-22 19:05:42 +00:00
bschmidt
5c94a497c1 It is IEEE80211_SUPPORT_XXX not IEEE80211_XXX_SUPPORT. 2011-02-21 20:02:02 +00:00
bschmidt
4a678eb796 Add a new mgmt subtype "ACTION NO ACK" defined in 802.11n-2009, while here
clean up parts of the *_recv_mgmt() functions.
- make sure appropriate counters are bumped and debug messages are printed
- order the unhandled subtypes by value and add a few missing ones
- fix some whitespace nits
- remove duplicate code in adhoc_recv_mgmt()
- remove a useless comment, probably left in while c&p
2011-02-21 19:59:43 +00:00
adrian
0ac5f04e56 Default to the lowest negotiated rate for mgmt/multicast traffic in 11n mode
The current code transmits management and multicast frames at MCS 0.
What it should do is check whether the negotiated basic set is zero (and
the MCS set is not) before making this decision.

For now, simply default to the lowest negotiated rate, rather than
MCS 0. This fixes the behaviour with at least the DLINK DIR-825, which
ACKs but silently ignores block-ack (BA) response frames.
2011-02-21 15:49:59 +00:00
bschmidt
14dd7e3bfc Instead of always returning 0 to a scan request, indicate if there is
one running already.

MFC after:	1 month
2011-01-30 14:05:21 +00:00
bschmidt
df7538722d Change return code semantics of start_scan_locked(). Instead of reporting
if a scan is running, report if a scan has been started. The return value
itself is not (yet) used anywhere in the tree and it is also not exported
to userspace.

MFC after:	1 month
2011-01-30 14:00:50 +00:00
bschmidt
e03ae5f207 Honor the IEEE80211_SCAN_BGSCAN flag, which makes it possible to actually
request a background scan using IEEE80211_IOC_SCAN_BGSCAN.

MFC after:	1 month
2011-01-30 11:23:59 +00:00
bschmidt
7276c51686 Jump to the next element and not to an arbitrary point. frm[1] contains
the element's data length, frm[2] is the first byte of the element's data.

Submitted by:	Monthadar Al Jaberi <monthadar at gmail.com>
MFC after:	1 week
2011-01-19 17:40:58 +00:00