Commit Graph

98 Commits

Author SHA1 Message Date
sam
fae048c859 Correct several issues with rate set negotiation:
o add IEEE80211_F_JOIN flag to ieee80211_fix_rate to indicate a station
  is joining a BSS; this is used to control whether or not we over-write
  the basic rate bit in the calculated rate set
o fix ieee80211_fix_rate to honor IEEE80211_F_DODEL when IEEE80211_F_DONEGO
  is not specified (e.g. when joining an ibss network)
o on sta join always delete unusable rates from the negotiated rate set,
  this was being done only ibss networks but is also needed for 11g bss
  with mixed stations
o on sta join delete unusable rates from the bss node's rate set, not the
  scan table entry's rate set
o when calculating a rate set for new neighbors in an ibss caculate a
  negotiated rate set so drivers are not presented with rates they should
  not use

Submitted by:	Sepherosa Ziehau (w/ modifications)
Obtained from:	DragonFly
MFC after:	1 month
2007-01-08 17:24:51 +00:00
sam
b49de5db1b back out use of LLC_SNAPFRAMELEN now that sizeof(struct llc) isn't
padded on arm
2006-12-01 17:58:33 +00:00
sam
012439b03a sizeof(struct llc) includes padding on arm; use LLC_SNAPFRAMELEN for now
Submitted by:	jhay
MFC after:	2 weeks
2006-12-01 05:48:35 +00:00
andre
2d9e7e4a32 Move ethernet VLAN tags from mtags to its own mbuf packet header field
m_pkthdr.ether_vlan.  The presence of the M_VLANTAG flag on the mbuf
signifies the presence and validity of its content.

Drivers that support hardware VLAN tag stripping fill in the received
VLAN tag (containing both vlan and priority information) into the
ether_vtag mbuf packet header field:

	m->m_pkthdr.ether_vtag = vlan_id;	/* ntohs()? */
	m->m_flags |= M_VLANTAG;

to mark the packet m with the specified VLAN tag.

On output the driver should check the mbuf for the M_VLANTAG flag to
see if a VLAN tag is present and valid:

	if (m->m_flags & M_VLANTAG) {
		... = m->m_pkthdr.ether_vtag;	/* htons()? */
		... pass tag to hardware ...
	}

VLAN tags are stored in host byte order.  Byte swapping may be necessary.

(Note: This driver conversion was mechanic and did not add or remove any
byte swapping in the drivers.)

Remove zone_mtag_vlan UMA zone and MTAG_VLAN definition.  No more tag
memory allocation have to be done.

Reviewed by:	thompsa, yar
Sponsored by:	TCP/IP Optimization Fundraise 2005
2006-09-17 13:33:30 +00:00
sam
3e268c1af8 minor fixups:
o add some missing stats to the global stat structure
o move accounting work for data frame rx into ieee80211_deliver_data
o add per-sta stats for rx ucast/mcast frames
o set rcvif in ieee80211_deliver_data so callers don't need to

MFC after:	2 weeks
2006-08-10 05:54:36 +00:00
sam
c088f3a6cc correct ie length check; need to include fixed part of ie
MFC after:	2 weeks
2006-07-16 21:19:28 +00:00
sam
a8a04e1bee tighten invariant on loops used to parse ie's; this ensures we never
touch data outside the packet (previously we might touch 1 byte); it
also has the happy side effect of working around broken orinoco/agere
firmware that sends malformed association response frames

Help by:	Vladimir Egorin
2006-07-16 16:02:17 +00:00
csjp
2c4f67981e Fix the following bpf(4) race condition which can result in a panic:
(1) bpf peer attaches to interface netif0
	(2) Packet is received by netif0
	(3) ifp->if_bpf pointer is checked and handed off to bpf
	(4) bpf peer detaches from netif0 resulting in ifp->if_bpf being
	    initialized to NULL.
	(5) ifp->if_bpf is dereferenced by bpf machinery
	(6) Kaboom

This race condition likely explains the various different kernel panics
reported around sending SIGINT to tcpdump or dhclient processes. But really
this race can result in kernel panics anywhere you have frequent bpf attach
and detach operations with high packet per second load.

Summary of changes:

- Remove the bpf interface's "driverp" member
- When we attach bpf interfaces, we now set the ifp->if_bpf member to the
  bpf interface structure. Once this is done, ifp->if_bpf should never be
  NULL. [1]
- Introduce bpf_peers_present function, an inline operation which will do
  a lockless read bpf peer list associated with the interface. It should
  be noted that the bpf code will pickup the bpf_interface lock before adding
  or removing bpf peers. This should serialize the access to the bpf descriptor
  list, removing the race.
- Expose the bpf_if structure in bpf.h so that the bpf_peers_present function
  can use it. This also removes the struct bpf_if; hack that was there.
- Adjust all consumers of the raw if_bpf structure to use bpf_peers_present

Now what happens is:

	(1) Packet is received by netif0
	(2) Check to see if bpf descriptor list is empty
	(3) Pickup the bpf interface lock
	(4) Hand packet off to process

From the attach/detach side:

	(1) Pickup the bpf interface lock
	(2) Add/remove from bpf descriptor list

Now that we are storing the bpf interface structure with the ifnet, there is
is no need to walk the bpf interface list to locate the correct bpf interface.
We now simply look up the interface, and initialize the pointer. This has a
nice side effect of changing a bpf interface attach operation from O(N) (where
N is the number of bpf interfaces), to O(1).

[1] From now on, we can no longer check ifp->if_bpf to tell us whether or
    not we have any bpf peers that might be interested in receiving packets.

In collaboration with:	sam@
MFC after:	1 month
2006-06-02 19:59:33 +00:00
sam
d851e18329 use m_dup instead of m_copypacket when doing internal bridging
in case packets are modified (e.g. encrypted)

MFC after:	1 week
2006-03-07 03:55:05 +00:00
sam
4da3fa06be deliver an l2uf frame on sta join to prime the bridge
Obtained from:	madwifi
MFC after:	1 week
2006-03-06 17:26:16 +00:00
sam
d3539a10d4 when scanning channels marked passive defer probe request until
802.11 traffic is seen; fixes problems with ap's hiding their ssid

Obtained from:	atheros
MFC after:	1 week
2006-03-06 17:23:26 +00:00
sam
90a825465e s/w beacon miss facility; need to add knobs to fiddle with the settings
MFC after:	2 weeks
2006-01-23 21:02:49 +00:00
sam
1e87b34be9 bounds check each ie's length when parsing
Obtained from:	madwifi
MFC after:	1 week
2006-01-23 19:31:00 +00:00
glebius
175e16aa4d - Fix VLAN_INPUT_TAG() macro, so that it doesn't touch mtag in
case if memory allocation failed.
- Remove fourth argument from VLAN_INPUT_TAG(), that was used
  incorrectly in almost all drivers. Indicate failure with
  mbuf value of NULL.

In collaboration with:	yongari, ru, sam
2005-12-18 18:24:27 +00:00
sam
2911d079c2 Add ieee80211_beacon_miss for processing sta mode beacon miss events
in the 802.11 layer: we send a directed probe request frame to the
current ap bmiss_max times (w/o answer) before scanning for a new ap.

MFC after:	2 weeks
2005-12-12 18:04:44 +00:00
sam
9c83a5df85 Adhoc mode fixups:
o plug memory leak in adhoc mode: on rx the sender may be the
  current master so simply checking against ic_bss is not enough
  to identify if the packet comes from an unknown sender; must
  also check the mac address
o split neighbor node creation into two routines and fillin state
  of nodes faked up on xmit when a beacon or probe response frame
  is later received; this ensures important state like the rate set
  and advertised capabilities are correct

Obtained from:	netbsd
MFC after:	1 week
2005-12-04 04:50:27 +00:00
sam
ef3f2fcd84 fix dynamic changes in short slottime for 11g sta mode: set the
slot time based on the rcvd capabilities, not the existing ones

Obtained from:	atheros
MFC after:	1 week
2005-11-30 19:54:41 +00:00
sam
7d1366bf6d Clarify/fix handling of the current channel:
o add ic_curchan and use it uniformly for specifying the current
  channel instead of overloading ic->ic_bss->ni_chan (or in some
  drivers ic_ibss_chan)
o add ieee80211_scanparams structure to encapsulate scanning-related
  state captured for rx frames
o move rx beacon+probe response frame handling into separate routines
o change beacon+probe response handling to treat the scan table
  more like a scan cache--look for an existing entry before adding
  a new one; this combined with ic_curchan use corrects handling of
  stations that were previously found at a different channel
o move adhoc neighbor discovery by beacon+probe response frames to
  a new ieee80211_add_neighbor routine

Reviewed by:	avatar
Tested by:	avatar, Michal Mertl
MFC after:	2 weeks
2005-08-10 16:22:30 +00:00
sam
a71123cebf Cleanup beacon/listen interval handling:
o separate configured beacon interval from listen interval; this
  avoids potential use of one value for the other (e.g. setting
  powersavesleep to 0 clobbers the beacon interval used in hostap
  or ibss mode)
o bounds check the beacon interval received in probe response and
  beacon frames and drop frames with bogus settings; not clear
  if we should instead clamp the value as any alteration would
  result in mismatched sta+ap configuration and probably be more
  confusing (don't want to log to the console but perhaps ok with
  rate limiting)
o while here up max beacon interval to reflect WiFi standard

Noticed by:	Martin <nakal@nurfuerspam.de>
MFC after:	1 week
2005-08-08 03:30:57 +00:00
sam
24da388011 fix debug msg typo
MFC after:	3 days
2005-08-06 04:57:27 +00:00
sam
820d1d2e7c Fix handling of frames sent prior to a station being authorized
when operating in ap mode.  Previously we allocated a node from the
station table, sent the frame (using the node), then released the
reference that "held the frame in the table".  But while the frame
was in flight the node might be reclaimed which could lead to
problems.  The solution is to add an ieee80211_tmp_node routine
that crafts a node that does exist in a table and so isn't ever
reclaimed; it exists only so long as the associated frame is in flight.

MFC after:	5 days
2005-08-06 04:56:49 +00:00
sam
2cd7f030b7 close a race between reclaiming a node when a station is inactive
and sending the null data frame used to probe inactive stations

MFC after:	5 days
2005-07-31 06:12:32 +00:00
sam
eb5cee9b56 when bridging internally bypass the bss node as traffic to it
must follow the normal input path

Submitted by:	Michal Mertl
MFC after:	5 days
2005-07-27 04:41:25 +00:00
sam
7e6c91d028 simplify tim callback api
MFC after:	3 days
2005-07-22 17:45:48 +00:00
sam
7c3e01b45a simplify ieee80211_node_authorize and ieee80211_node_unauthorize api's
MFC after:	3 days
2005-07-22 17:36:12 +00:00
sam
0fe58ae3f0 simplifiy ieee80211_send_nulldata api
MFC after:	3 days
2005-07-22 17:31:18 +00:00
sam
f661a632a6 simplify rate set api's by removing ic parameter (implicit in node reference)
MFC after:	3 days
2005-07-22 17:29:03 +00:00
sam
5531f8a211 reject association requests with a wpa/rsn ie when wpa/rsn is not
configured on the ap; previously we either ignored the ie or (possibly)
failed an assertion

Obtained from:	Atheros
MFC after:	3 days
2005-07-22 17:21:36 +00:00
sam
14689edafa missed one in last commit; add device name to discard msgs 2005-07-22 17:16:37 +00:00
sam
c461cb9244 include device name in discard msgs 2005-07-22 17:13:44 +00:00
sam
0303ee7475 add diag msgs for frames discarded because the direction field is wrong 2005-07-22 17:12:05 +00:00
sam
130e2c1101 split data frame delivery out to a new function ieee80211_deliver_data 2005-07-22 17:08:38 +00:00
sam
b04f929442 Diff reduction against p4:
o add ic_flags_ext for eventual extention of ic_flags
o define/reserve flag+capabilities bits for superg,
  bg scan, and roaming support
o refactor debug msg macros

MFC after:	3 days
2005-07-22 16:36:12 +00:00
sam
186ec2eefb send a response when an auth request is denied due to an acl;
might be better to silently ignore the frame but this way we
give stations a chance of figuring out what's wrong
2005-07-22 05:17:52 +00:00
sam
edad1e6d8a remove excess whitespace 2005-07-22 05:15:53 +00:00
sam
7c66d9190d use IF_HANDOFF when bridging frames internally so if_start gets
called; fixes communication between associated sta's

MFC after:	3 days
2005-07-22 04:55:40 +00:00
sam
e1d30f6c56 nuke assert that duplicates real check
Reviewed by:	avatar
Approved by:	re (scottl)
2005-07-11 03:00:20 +00:00
sam
514091a2b5 correct check for high priority wme traffic
Noticed by:	Ralf Assmann
Reviewed by:	apatti
Approved by:	re (scottl)
2005-07-08 22:49:26 +00:00
sam
20d38d6afa fix another instance of the MORE_DATA bit handling for frames on the
power save queue (missed in previous commit)

Submitted by:	Bruno Randolf
Approved by:	re (scottl)
2005-07-08 16:36:02 +00:00
sam
61cabe0353 add "pureg" mode for ap operation: reject association requests from
11b-only stations when operating in 11g

Reviewed by:	avatar
Approved by:	re (scottl)
2005-07-06 15:38:27 +00:00
sam
636341c188 Fix handling of data frames queued for a station in power save mode:
don't mark the MORE_DATA bit when taking it off the ps queue, there's
no 802.11 header then; we must wait to do this at encap time so
mark the mbuf instead.

Reviewed by:	avatar
Approved by:	re (scottl)
Obtained from:	Atheros
2005-07-06 01:55:17 +00:00
sam
42be4e8353 Fix race condition in handling node reference counts for authenticating
stations in ap mode.  Track when a node's first auth frame is
received and use this to decide whether or not to bump the refcnt.
This insures we only ever bump the refcnt once.

Reviewed by:	avatar
Approved by:	re (scottl)
2005-07-06 01:51:44 +00:00
avatar
9fb6cc8fde Only update the scan entry state based on newly received frames.
This fixes duplicative BSS entries(memory leaks as well) listed in
"ifconfig dev list scan" when a station fails to associate with an AP.

Reviewed by:	sam
Approved by:	re (scottl)
2005-07-06 01:31:34 +00:00
sam
4e4b8392b5 revert 1.53; it breaks ibss merge
Noticed by:	Bruno Randolf
Approved by:	re (dwhite)
2005-06-13 21:01:06 +00:00
sam
105387b318 don't look at the wme ie in a beacon unless we negotiated use 2005-06-10 21:30:29 +00:00
sam
3eaa67c3ad validate the bssid for non-data frames too when operating in
adhoc/ahdemo/hostap modes
2005-06-10 16:14:48 +00:00
sam
6ee6d88916 o fix wpa w/ wme: don't strip the QoS header on recv as tkip requires
it; instead pass the space occupied by the header down into the
  crypto modules (except in the demic case which needs it only when
  doing int in s/w)
o while here fix defrag to strip the header from 2nd and later frames
o teach decap code how to handle 4-address frames
2005-06-10 16:11:24 +00:00
sam
836efd552e mark stations authorized during recv processing instead of doing it
as a side effect of sending an auth success frame; sending mgmt
frames should not have side effects
2005-06-10 05:04:42 +00:00
sam
d6dd7e9d2a accept diassoc frame in ASSOC state 2005-06-10 04:37:05 +00:00
sam
f524fb8e7d pull some debug msgs up so they're seen more often 2005-06-10 01:48:57 +00:00