2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2001 Atsushi Onoe
5 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
34 #include <sys/param.h>
35 #include <sys/systm.h>
37 #include <sys/malloc.h>
38 #include <sys/kernel.h>
40 #include <sys/socket.h>
43 #include <net/if_var.h>
44 #include <net/if_media.h>
45 #include <net/ethernet.h>
47 #include <net80211/ieee80211_var.h>
48 #include <net80211/ieee80211_input.h>
49 #ifdef IEEE80211_SUPPORT_SUPERG
50 #include <net80211/ieee80211_superg.h>
52 #ifdef IEEE80211_SUPPORT_TDMA
53 #include <net80211/ieee80211_tdma.h>
55 #include <net80211/ieee80211_wds.h>
56 #include <net80211/ieee80211_mesh.h>
57 #include <net80211/ieee80211_ratectl.h>
58 #include <net80211/ieee80211_vht.h>
63 * IEEE80211_NODE_HASHSIZE must be a power of 2.
65 CTASSERT((IEEE80211_NODE_HASHSIZE & (IEEE80211_NODE_HASHSIZE-1)) == 0);
68 * Association id's are managed with a bit vector.
70 #define IEEE80211_AID_SET(_vap, b) \
71 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \
72 (1 << (IEEE80211_AID(b) % 32)))
73 #define IEEE80211_AID_CLR(_vap, b) \
74 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \
75 ~(1 << (IEEE80211_AID(b) % 32)))
76 #define IEEE80211_AID_ISSET(_vap, b) \
77 ((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32)))
79 static int ieee80211_sta_join1(struct ieee80211_node *);
81 static struct ieee80211_node *node_alloc(struct ieee80211vap *,
82 const uint8_t [IEEE80211_ADDR_LEN]);
83 static void node_cleanup(struct ieee80211_node *);
84 static void node_free(struct ieee80211_node *);
85 static void node_age(struct ieee80211_node *);
86 static int8_t node_getrssi(const struct ieee80211_node *);
87 static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *);
88 static void node_getmimoinfo(const struct ieee80211_node *,
89 struct ieee80211_mimo_info *);
91 static void _ieee80211_free_node(struct ieee80211_node *);
93 static void node_reclaim(struct ieee80211_node_table *nt,
94 struct ieee80211_node *ni);
95 static void ieee80211_node_table_init(struct ieee80211com *ic,
96 struct ieee80211_node_table *nt, const char *name,
97 int inact, int keymaxix);
98 static void ieee80211_node_table_reset(struct ieee80211_node_table *,
99 struct ieee80211vap *);
100 static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt);
101 static void ieee80211_erp_timeout(struct ieee80211com *);
103 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state");
104 MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie");
107 ieee80211_node_attach(struct ieee80211com *ic)
109 /* XXX really want maxlen enforced per-sta */
110 ieee80211_ageq_init(&ic->ic_stageq, ic->ic_max_keyix * 8,
112 ieee80211_node_table_init(ic, &ic->ic_sta, "station",
113 IEEE80211_INACT_INIT, ic->ic_max_keyix);
114 callout_init(&ic->ic_inact, 1);
115 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz,
116 ieee80211_node_timeout, ic);
118 ic->ic_node_alloc = node_alloc;
119 ic->ic_node_free = node_free;
120 ic->ic_node_cleanup = node_cleanup;
121 ic->ic_node_age = node_age;
122 ic->ic_node_drain = node_age; /* NB: same as age */
123 ic->ic_node_getrssi = node_getrssi;
124 ic->ic_node_getsignal = node_getsignal;
125 ic->ic_node_getmimoinfo = node_getmimoinfo;
128 * Set flags to be propagated to all vap's;
129 * these define default behaviour/configuration.
131 ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */
135 ieee80211_node_detach(struct ieee80211com *ic)
138 callout_drain(&ic->ic_inact);
139 ieee80211_node_table_cleanup(&ic->ic_sta);
140 ieee80211_ageq_cleanup(&ic->ic_stageq);
144 ieee80211_node_vattach(struct ieee80211vap *vap)
146 /* NB: driver can override */
147 vap->iv_max_aid = IEEE80211_AID_DEF;
149 /* default station inactivity timer setings */
150 vap->iv_inact_init = IEEE80211_INACT_INIT;
151 vap->iv_inact_auth = IEEE80211_INACT_AUTH;
152 vap->iv_inact_run = IEEE80211_INACT_RUN;
153 vap->iv_inact_probe = IEEE80211_INACT_PROBE;
155 IEEE80211_DPRINTF(vap, IEEE80211_MSG_INACT,
156 "%s: init %u auth %u run %u probe %u\n", __func__,
157 vap->iv_inact_init, vap->iv_inact_auth,
158 vap->iv_inact_run, vap->iv_inact_probe);
162 ieee80211_node_latevattach(struct ieee80211vap *vap)
164 if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
165 /* XXX should we allow max aid to be zero? */
166 if (vap->iv_max_aid < IEEE80211_AID_MIN) {
167 vap->iv_max_aid = IEEE80211_AID_MIN;
168 if_printf(vap->iv_ifp,
169 "WARNING: max aid too small, changed to %d\n",
172 vap->iv_aid_bitmap = (uint32_t *) IEEE80211_MALLOC(
173 howmany(vap->iv_max_aid, 32) * sizeof(uint32_t),
175 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
176 if (vap->iv_aid_bitmap == NULL) {
177 /* XXX no way to recover */
178 printf("%s: no memory for AID bitmap, max aid %d!\n",
179 __func__, vap->iv_max_aid);
184 ieee80211_reset_bss(vap);
186 vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode);
190 ieee80211_node_vdetach(struct ieee80211vap *vap)
192 struct ieee80211com *ic = vap->iv_ic;
194 ieee80211_node_table_reset(&ic->ic_sta, vap);
195 if (vap->iv_bss != NULL) {
196 ieee80211_free_node(vap->iv_bss);
199 if (vap->iv_aid_bitmap != NULL) {
200 IEEE80211_FREE(vap->iv_aid_bitmap, M_80211_NODE);
201 vap->iv_aid_bitmap = NULL;
206 * Port authorize/unauthorize interfaces for use by an authenticator.
210 ieee80211_node_authorize(struct ieee80211_node *ni)
212 struct ieee80211vap *vap = ni->ni_vap;
214 ni->ni_flags |= IEEE80211_NODE_AUTH;
215 ni->ni_inact_reload = vap->iv_inact_run;
216 ni->ni_inact = ni->ni_inact_reload;
218 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni,
219 "%s: inact_reload %u", __func__, ni->ni_inact_reload);
223 ieee80211_node_unauthorize(struct ieee80211_node *ni)
225 struct ieee80211vap *vap = ni->ni_vap;
227 ni->ni_flags &= ~IEEE80211_NODE_AUTH;
228 ni->ni_inact_reload = vap->iv_inact_auth;
229 if (ni->ni_inact > ni->ni_inact_reload)
230 ni->ni_inact = ni->ni_inact_reload;
232 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni,
233 "%s: inact_reload %u inact %u", __func__,
234 ni->ni_inact_reload, ni->ni_inact);
238 * Fix tx parameters for a node according to ``association state''.
241 ieee80211_node_setuptxparms(struct ieee80211_node *ni)
243 struct ieee80211vap *vap = ni->ni_vap;
244 enum ieee80211_phymode mode;
246 if (ni->ni_flags & IEEE80211_NODE_HT) {
247 if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
248 mode = IEEE80211_MODE_11NA;
250 mode = IEEE80211_MODE_11NG;
251 } else { /* legacy rate handling */
252 if (IEEE80211_IS_CHAN_ST(ni->ni_chan))
253 mode = IEEE80211_MODE_STURBO_A;
254 else if (IEEE80211_IS_CHAN_HALF(ni->ni_chan))
255 mode = IEEE80211_MODE_HALF;
256 else if (IEEE80211_IS_CHAN_QUARTER(ni->ni_chan))
257 mode = IEEE80211_MODE_QUARTER;
258 /* NB: 108A should be handled as 11a */
259 else if (IEEE80211_IS_CHAN_A(ni->ni_chan))
260 mode = IEEE80211_MODE_11A;
261 else if (IEEE80211_IS_CHAN_108G(ni->ni_chan) ||
262 (ni->ni_flags & IEEE80211_NODE_ERP))
263 mode = IEEE80211_MODE_11G;
265 mode = IEEE80211_MODE_11B;
267 ni->ni_txparms = &vap->iv_txparms[mode];
271 * Set/change the channel. The rate set is also updated as
272 * to insure a consistent view by drivers.
273 * XXX should be private but hostap needs it to deal with CSA
276 ieee80211_node_set_chan(struct ieee80211_node *ni,
277 struct ieee80211_channel *chan)
279 struct ieee80211com *ic = ni->ni_ic;
280 struct ieee80211vap *vap = ni->ni_vap;
281 enum ieee80211_phymode mode;
283 KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel"));
286 mode = ieee80211_chan2mode(chan);
287 if (IEEE80211_IS_CHAN_HT(chan)) {
289 * We must install the legacy rate est in ni_rates and the
290 * HT rate set in ni_htrates.
292 ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan);
294 * Setup bss tx parameters based on operating mode. We
295 * use legacy rates when operating in a mixed HT+non-HT bss
296 * and non-ERP rates in 11g for mixed ERP+non-ERP bss.
298 if (mode == IEEE80211_MODE_11NA &&
299 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0)
300 mode = IEEE80211_MODE_11A;
301 else if (mode == IEEE80211_MODE_11NG &&
302 (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0)
303 mode = IEEE80211_MODE_11G;
304 if (mode == IEEE80211_MODE_11G &&
305 (vap->iv_flags & IEEE80211_F_PUREG) == 0)
306 mode = IEEE80211_MODE_11B;
308 ni->ni_txparms = &vap->iv_txparms[mode];
309 ni->ni_rates = *ieee80211_get_suprates(ic, chan);
313 copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss)
315 /* propagate useful state */
316 nbss->ni_authmode = obss->ni_authmode;
317 nbss->ni_txpower = obss->ni_txpower;
318 nbss->ni_vlan = obss->ni_vlan;
319 /* XXX statistics? */
320 /* XXX legacy WDS bssid? */
324 ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan)
326 struct ieee80211com *ic = vap->iv_ic;
327 struct ieee80211_node *ni;
329 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
330 "%s: creating %s on channel %u%c flags 0x%08x\n", __func__,
331 ieee80211_opmode_name[vap->iv_opmode],
332 ieee80211_chan2ieee(ic, chan),
333 ieee80211_channel_type_char(chan),
336 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr);
341 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr);
342 ni->ni_esslen = vap->iv_des_ssid[0].len;
343 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen);
344 if (vap->iv_bss != NULL)
345 copy_bss(ni, vap->iv_bss);
346 ni->ni_intval = ic->ic_bintval;
347 if (vap->iv_flags & IEEE80211_F_PRIVACY)
348 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY;
349 if (ic->ic_phytype == IEEE80211_T_FH) {
350 ni->ni_fhdwell = 200; /* XXX */
353 if (vap->iv_opmode == IEEE80211_M_IBSS) {
354 ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS; /* XXX */
355 if (vap->iv_flags & IEEE80211_F_DESBSSID)
356 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid);
358 get_random_bytes(ni->ni_bssid, IEEE80211_ADDR_LEN);
359 /* clear group bit, add local bit */
360 ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02;
362 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) {
363 if (vap->iv_flags & IEEE80211_F_DESBSSID)
364 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid);
366 #ifdef IEEE80211_SUPPORT_TDMA
367 if ((vap->iv_caps & IEEE80211_C_TDMA) == 0)
369 memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN);
370 #ifdef IEEE80211_SUPPORT_MESH
371 } else if (vap->iv_opmode == IEEE80211_M_MBSS) {
372 ni->ni_meshidlen = vap->iv_mesh->ms_idlen;
373 memcpy(ni->ni_meshid, vap->iv_mesh->ms_id, ni->ni_meshidlen);
377 * Fix the channel and related attributes.
379 /* clear DFS CAC state on previous channel */
380 if (ic->ic_bsschan != IEEE80211_CHAN_ANYC &&
381 ic->ic_bsschan->ic_freq != chan->ic_freq &&
382 IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan))
383 ieee80211_dfs_cac_clear(ic, ic->ic_bsschan);
384 ic->ic_bsschan = chan;
385 ieee80211_node_set_chan(ni, chan);
386 ic->ic_curmode = ieee80211_chan2mode(chan);
388 * Do mode-specific setup.
390 if (IEEE80211_IS_CHAN_FULL(chan)) {
391 if (IEEE80211_IS_CHAN_ANYG(chan)) {
393 * Use a mixed 11b/11g basic rate set.
395 ieee80211_setbasicrates(&ni->ni_rates,
397 if (vap->iv_flags & IEEE80211_F_PUREG) {
399 * Also mark OFDM rates basic so 11b
400 * stations do not join (WiFi compliance).
402 ieee80211_addbasicrates(&ni->ni_rates,
405 } else if (IEEE80211_IS_CHAN_B(chan)) {
407 * Force pure 11b rate set.
409 ieee80211_setbasicrates(&ni->ni_rates,
414 /* XXX TODO: other bits and pieces - eg fast-frames? */
416 /* If we're an 11n channel then initialise the 11n bits */
417 if (IEEE80211_IS_CHAN_VHT(ni->ni_chan)) {
419 ieee80211_ht_node_init(ni);
420 ieee80211_vht_node_init(ni);
421 } else if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
423 ieee80211_ht_node_init(ni);
426 (void) ieee80211_sta_join1(ieee80211_ref_node(ni));
430 * Reset bss state on transition to the INIT state.
431 * Clear any stations from the table (they have been
432 * deauth'd) and reset the bss node (clears key, rate
436 ieee80211_reset_bss(struct ieee80211vap *vap)
438 struct ieee80211com *ic = vap->iv_ic;
439 struct ieee80211_node *ni, *obss;
441 ieee80211_node_table_reset(&ic->ic_sta, vap);
442 /* XXX multi-bss: wrong */
443 ieee80211_reset_erp(ic);
445 ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr);
446 KASSERT(ni != NULL, ("unable to setup initial BSS node"));
448 vap->iv_bss = ieee80211_ref_node(ni);
451 ni->ni_intval = ic->ic_bintval;
452 ieee80211_free_node(obss);
454 IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr);
458 match_ssid(const struct ieee80211_node *ni,
459 int nssid, const struct ieee80211_scan_ssid ssids[])
463 for (i = 0; i < nssid; i++) {
464 if (ni->ni_esslen == ssids[i].len &&
465 memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0)
472 * Test a node for suitability/compatibility.
475 check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni)
477 struct ieee80211com *ic = ni->ni_ic;
480 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan)))
482 if (vap->iv_opmode == IEEE80211_M_IBSS) {
483 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
486 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0)
489 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
490 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
493 /* XXX does this mean privacy is supported or required? */
494 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)
497 rate = ieee80211_fix_rate(ni, &ni->ni_rates,
498 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE);
499 if (rate & IEEE80211_RATE_BASIC)
501 if (vap->iv_des_nssid != 0 &&
502 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid))
504 if ((vap->iv_flags & IEEE80211_F_DESBSSID) &&
505 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid))
510 #ifdef IEEE80211_DEBUG
512 * Display node suitability/compatibility.
515 check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni)
517 struct ieee80211com *ic = ni->ni_ic;
522 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan)))
524 if (vap->iv_opmode == IEEE80211_M_IBSS) {
525 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
528 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0)
531 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
532 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
535 /* XXX does this mean privacy is supported or required? */
536 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)
539 rate = ieee80211_fix_rate(ni, &ni->ni_rates,
540 IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE);
541 if (rate & IEEE80211_RATE_BASIC)
543 if (vap->iv_des_nssid != 0 &&
544 !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid))
546 if ((vap->iv_flags & IEEE80211_F_DESBSSID) &&
547 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid))
550 printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr));
551 printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' ');
553 ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' ');
554 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2,
555 fail & 0x08 ? '!' : ' ');
557 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" :
558 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" :
560 fail & 0x02 ? '!' : ' ');
562 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? "wep" : "no",
563 fail & 0x04 ? '!' : ' ');
564 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen);
565 printf("%s\n", fail & 0x10 ? "!" : "");
567 #endif /* IEEE80211_DEBUG */
571 ieee80211_ibss_merge_check(struct ieee80211_node *ni)
573 struct ieee80211vap *vap = ni->ni_vap;
575 if (ni == vap->iv_bss ||
576 IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) {
577 /* unchanged, nothing to do */
581 if (!check_bss(vap, ni)) {
582 /* capabilities mismatch */
583 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
584 "%s: merge failed, capabilities mismatch\n", __func__);
585 #ifdef IEEE80211_DEBUG
586 if (ieee80211_msg_assoc(vap))
587 check_bss_debug(vap, ni);
589 vap->iv_stats.is_ibss_capmismatch++;
597 * Check if the given node should populate the node table.
599 * We need to be in "see all beacons for all ssids" mode in order
600 * to do IBSS merges, however this means we will populate nodes for
601 * /all/ IBSS SSIDs, versus just the one we care about.
603 * So this check ensures the node can actually belong to our IBSS
604 * configuration. For now it simply checks the SSID.
607 ieee80211_ibss_node_check_new(struct ieee80211_node *ni,
608 const struct ieee80211_scanparams *scan)
610 struct ieee80211vap *vap = ni->ni_vap;
614 * If we have no SSID and no scan SSID, return OK.
616 if (vap->iv_des_nssid == 0 && scan->ssid == NULL)
620 * If we have one of (SSID, scan SSID) then return error.
622 if (!! (vap->iv_des_nssid == 0) != !! (scan->ssid == NULL))
626 * Double-check - we need scan SSID.
628 if (scan->ssid == NULL)
632 * Check if the scan SSID matches the SSID list for the VAP.
634 for (i = 0; i < vap->iv_des_nssid; i++) {
636 /* Sanity length check */
637 if (vap->iv_des_ssid[i].len != scan->ssid[1])
640 /* Note: SSID in the scan entry is the IE format */
641 if (memcmp(vap->iv_des_ssid[i].ssid, scan->ssid + 2,
642 vap->iv_des_ssid[i].len) == 0)
653 * Handle 802.11 ad hoc network merge. The
654 * convention, set by the Wireless Ethernet Compatibility Alliance
655 * (WECA), is that an 802.11 station will change its BSSID to match
656 * the "oldest" 802.11 ad hoc network, on the same channel, that
657 * has the station's desired SSID. The "oldest" 802.11 network
658 * sends beacons with the greatest TSF timestamp.
660 * The caller is assumed to validate TSF's before attempting a merge.
662 * Return !0 if the BSSID changed, 0 otherwise.
665 ieee80211_ibss_merge(struct ieee80211_node *ni)
667 #ifdef IEEE80211_DEBUG
668 struct ieee80211vap *vap = ni->ni_vap;
669 struct ieee80211com *ic = ni->ni_ic;
672 if (! ieee80211_ibss_merge_check(ni))
675 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
676 "%s: new bssid %s: %s preamble, %s slot time%s\n", __func__,
677 ether_sprintf(ni->ni_bssid),
678 ic->ic_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long",
679 ic->ic_flags&IEEE80211_F_SHSLOT ? "short" : "long",
680 ic->ic_flags&IEEE80211_F_USEPROT ? ", protection" : ""
682 return ieee80211_sta_join1(ieee80211_ref_node(ni));
686 * Calculate HT channel promotion flags for all vaps.
687 * This assumes ni_chan have been setup for each vap.
690 gethtadjustflags(struct ieee80211com *ic)
692 struct ieee80211vap *vap;
697 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
698 if (vap->iv_state < IEEE80211_S_RUN)
700 switch (vap->iv_opmode) {
701 case IEEE80211_M_WDS:
702 case IEEE80211_M_STA:
703 case IEEE80211_M_AHDEMO:
704 case IEEE80211_M_HOSTAP:
705 case IEEE80211_M_IBSS:
706 case IEEE80211_M_MBSS:
707 flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan);
717 * Calculate VHT channel promotion flags for all vaps.
718 * This assumes ni_chan have been setup for each vap.
721 getvhtadjustflags(struct ieee80211com *ic)
723 struct ieee80211vap *vap;
728 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
729 if (vap->iv_state < IEEE80211_S_RUN)
731 switch (vap->iv_opmode) {
732 case IEEE80211_M_WDS:
733 case IEEE80211_M_STA:
734 case IEEE80211_M_AHDEMO:
735 case IEEE80211_M_HOSTAP:
736 case IEEE80211_M_IBSS:
737 case IEEE80211_M_MBSS:
738 flags |= ieee80211_vhtchanflags(vap->iv_bss->ni_chan);
748 * Check if the current channel needs to change based on whether
749 * any vap's are using HT20/HT40. This is used to sync the state
750 * of ic_curchan after a channel width change on a running vap.
752 * Same applies for VHT.
755 ieee80211_sync_curchan(struct ieee80211com *ic)
757 struct ieee80211_channel *c;
759 c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic));
760 c = ieee80211_vht_adjust_channel(ic, c, getvhtadjustflags(ic));
762 if (c != ic->ic_curchan) {
764 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan);
765 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan);
766 IEEE80211_UNLOCK(ic);
767 ic->ic_set_channel(ic);
768 ieee80211_radiotap_chan_change(ic);
774 * Setup the current channel. The request channel may be
775 * promoted if other vap's are operating with HT20/HT40.
778 ieee80211_setupcurchan(struct ieee80211com *ic, struct ieee80211_channel *c)
780 if (ic->ic_htcaps & IEEE80211_HTC_HT) {
781 int flags = gethtadjustflags(ic);
783 * Check for channel promotion required to support the
784 * set of running vap's. This assumes we are called
785 * after ni_chan is setup for each vap.
788 /* NB: this assumes IEEE80211_FHT_USEHT40 > IEEE80211_FHT_HT */
789 if (flags > ieee80211_htchanflags(c))
790 c = ieee80211_ht_adjust_channel(ic, c, flags);
794 * VHT promotion - this will at least promote to VHT20/40
795 * based on what HT has done; it may further promote the
796 * channel to VHT80 or above.
798 if (ic->ic_vhtcaps != 0) {
799 int flags = getvhtadjustflags(ic);
800 if (flags > ieee80211_vhtchanflags(c))
801 c = ieee80211_vht_adjust_channel(ic, c, flags);
804 ic->ic_bsschan = ic->ic_curchan = c;
805 ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan);
806 ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan);
810 * Change the current channel. The channel change is guaranteed to have
811 * happened before the next state change.
814 ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c)
816 ieee80211_setupcurchan(ic, c);
817 ieee80211_runtask(ic, &ic->ic_chan_task);
821 ieee80211_update_chw(struct ieee80211com *ic)
824 ieee80211_setupcurchan(ic, ic->ic_curchan);
825 ieee80211_runtask(ic, &ic->ic_chw_task);
829 * Join the specified IBSS/BSS network. The node is assumed to
830 * be passed in with a held reference.
833 ieee80211_sta_join1(struct ieee80211_node *selbs)
835 struct ieee80211vap *vap = selbs->ni_vap;
836 struct ieee80211com *ic = selbs->ni_ic;
837 struct ieee80211_node *obss;
841 * Committed to selbs, setup state.
845 * Check if old+new node have the same address in which
846 * case we can reassociate when operating in sta mode.
848 canreassoc = (obss != NULL &&
849 vap->iv_state == IEEE80211_S_RUN &&
850 IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr));
851 vap->iv_bss = selbs; /* NB: caller assumed to bump refcnt */
853 struct ieee80211_node_table *nt = obss->ni_table;
855 copy_bss(selbs, obss);
856 ieee80211_node_decref(obss); /* iv_bss reference */
858 IEEE80211_NODE_LOCK(nt);
859 node_reclaim(nt, obss); /* station table reference */
860 IEEE80211_NODE_UNLOCK(nt);
862 obss = NULL; /* NB: guard against later use */
866 * Delete unusable rates; we've already checked
867 * that the negotiated rate set is acceptable.
869 ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates,
870 IEEE80211_F_DODEL | IEEE80211_F_JOIN);
872 ieee80211_setcurchan(ic, selbs->ni_chan);
874 * Set the erp state (mostly the slot time) to deal with
875 * the auto-select case; this should be redundant if the
878 ieee80211_reset_erp(ic);
879 ieee80211_wme_initparams(vap);
881 if (vap->iv_opmode == IEEE80211_M_STA) {
884 ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1);
887 * Act as if we received a DEAUTH frame in case we
888 * are invoked from the RUN state. This will cause
889 * us to try to re-authenticate if we are operating
892 ieee80211_new_state(vap, IEEE80211_S_AUTH,
893 IEEE80211_FC0_SUBTYPE_DEAUTH);
896 ieee80211_new_state(vap, IEEE80211_S_RUN, -1);
901 ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan,
902 const struct ieee80211_scan_entry *se)
904 struct ieee80211com *ic = vap->iv_ic;
905 struct ieee80211_node *ni;
908 ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr);
915 * Expand scan state into node's format.
916 * XXX may not need all this stuff
918 IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid);
919 ni->ni_esslen = se->se_ssid[1];
920 memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen);
921 ni->ni_tstamp.tsf = se->se_tstamp.tsf;
922 ni->ni_intval = se->se_intval;
923 ni->ni_capinfo = se->se_capinfo;
925 ni->ni_timoff = se->se_timoff;
926 ni->ni_fhdwell = se->se_fhdwell;
927 ni->ni_fhindex = se->se_fhindex;
928 ni->ni_erp = se->se_erp;
929 IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi);
930 ni->ni_noise = se->se_noise;
931 if (vap->iv_opmode == IEEE80211_M_STA) {
932 /* NB: only infrastructure mode requires an associd */
933 ni->ni_flags |= IEEE80211_NODE_ASSOCID;
936 if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) {
937 ieee80211_ies_expand(&ni->ni_ies);
938 #ifdef IEEE80211_SUPPORT_SUPERG
939 if (ni->ni_ies.ath_ie != NULL)
940 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie);
942 if (ni->ni_ies.htcap_ie != NULL)
943 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie);
944 if (ni->ni_ies.htinfo_ie != NULL)
945 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie);
946 #ifdef IEEE80211_SUPPORT_MESH
947 if (ni->ni_ies.meshid_ie != NULL)
948 ieee80211_parse_meshid(ni, ni->ni_ies.meshid_ie);
950 #ifdef IEEE80211_SUPPORT_TDMA
951 if (ni->ni_ies.tdma_ie != NULL)
952 ieee80211_parse_tdma(ni, ni->ni_ies.tdma_ie);
954 if (ni->ni_ies.vhtcap_ie != NULL)
955 ieee80211_parse_vhtcap(ni, ni->ni_ies.vhtcap_ie);
956 if (ni->ni_ies.vhtopmode_ie != NULL)
957 ieee80211_parse_vhtopmode(ni, ni->ni_ies.vhtopmode_ie);
959 /* XXX parse BSSLOAD IE */
960 /* XXX parse TXPWRENV IE */
961 /* XXX parse APCHANREP IE */
964 vap->iv_dtim_period = se->se_dtimperiod;
965 vap->iv_dtim_count = 0;
967 /* NB: must be after ni_chan is setup */
968 ieee80211_setup_rates(ni, se->se_rates, se->se_xrates,
970 if (ieee80211_iserp_rateset(&ni->ni_rates))
971 ni->ni_flags |= IEEE80211_NODE_ERP;
974 * Setup HT state for this node if it's available, otherwise
975 * non-STA modes won't pick this state up.
977 * For IBSS and related modes that don't go through an
978 * association request/response, the only appropriate place
979 * to setup the HT state is here.
981 if (ni->ni_ies.htinfo_ie != NULL &&
982 ni->ni_ies.htcap_ie != NULL &&
983 vap->iv_flags_ht & IEEE80211_FHT_HT) {
984 ieee80211_ht_node_init(ni);
985 ieee80211_ht_updateparams(ni,
987 ni->ni_ies.htinfo_ie);
992 * Setup VHT state for this node if it's available.
995 * For now, don't allow 2GHz VHT operation.
997 if (ni->ni_ies.vhtopmode_ie != NULL &&
998 ni->ni_ies.vhtcap_ie != NULL &&
999 vap->iv_flags_vht & IEEE80211_FVHT_VHT) {
1000 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
1001 printf("%s: BSS %6D: 2GHz channel, VHT info; ignoring\n",
1006 ieee80211_vht_node_init(ni);
1007 ieee80211_vht_updateparams(ni,
1008 ni->ni_ies.vhtcap_ie,
1009 ni->ni_ies.vhtopmode_ie);
1010 ieee80211_setup_vht_rates(ni, ni->ni_ies.vhtcap_ie,
1011 ni->ni_ies.vhtopmode_ie);
1016 /* Finally do the node channel change */
1018 ieee80211_ht_updateparams_final(ni, ni->ni_ies.htcap_ie,
1019 ni->ni_ies.htinfo_ie);
1020 ieee80211_setup_htrates(ni, ni->ni_ies.htcap_ie,
1021 IEEE80211_F_JOIN | IEEE80211_F_DOBRS);
1022 ieee80211_setup_basic_htrates(ni, ni->ni_ies.htinfo_ie);
1025 /* XXX else check for ath FF? */
1026 /* XXX QoS? Difficult given that WME config is specific to a master */
1028 ieee80211_node_setuptxparms(ni);
1029 ieee80211_ratectl_node_init(ni);
1031 return ieee80211_sta_join1(ieee80211_ref_node(ni));
1035 * Leave the specified IBSS/BSS network. The node is assumed to
1036 * be passed in with a held reference.
1039 ieee80211_sta_leave(struct ieee80211_node *ni)
1041 struct ieee80211com *ic = ni->ni_ic;
1043 ic->ic_node_cleanup(ni);
1044 ieee80211_notify_node_leave(ni);
1048 * Send a deauthenticate frame and drop the station.
1051 ieee80211_node_deauth(struct ieee80211_node *ni, int reason)
1053 /* NB: bump the refcnt to be sure temporary nodes are not reclaimed */
1054 ieee80211_ref_node(ni);
1055 if (ni->ni_associd != 0)
1056 IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason);
1057 ieee80211_node_leave(ni);
1058 ieee80211_free_node(ni);
1061 static struct ieee80211_node *
1062 node_alloc(struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN])
1064 struct ieee80211_node *ni;
1066 ni = (struct ieee80211_node *) IEEE80211_MALLOC(sizeof(struct ieee80211_node),
1067 M_80211_NODE, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
1072 * Initialize an ie blob with the specified data. If previous
1073 * data exists re-use the data block. As a side effect we clear
1074 * all references to specific ie's; the caller is required to
1078 ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len)
1080 /* NB: assumes data+len are the last fields */
1081 memset(ies, 0, offsetof(struct ieee80211_ies, data));
1082 if (ies->data != NULL && ies->len != len) {
1083 /* data size changed */
1084 IEEE80211_FREE(ies->data, M_80211_NODE_IE);
1087 if (ies->data == NULL) {
1088 ies->data = (uint8_t *) IEEE80211_MALLOC(len, M_80211_NODE_IE,
1089 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
1090 if (ies->data == NULL) {
1092 /* NB: pointers have already been zero'd above */
1096 memcpy(ies->data, data, len);
1102 * Reclaim storage for an ie blob.
1105 ieee80211_ies_cleanup(struct ieee80211_ies *ies)
1107 if (ies->data != NULL)
1108 IEEE80211_FREE(ies->data, M_80211_NODE_IE);
1112 * Expand an ie blob data contents and to fillin individual
1113 * ie pointers. The data blob is assumed to be well-formed;
1114 * we don't do any validity checking of ie lengths.
1117 ieee80211_ies_expand(struct ieee80211_ies *ies)
1126 case IEEE80211_ELEMID_VENDOR:
1129 else if (iswmeoui(ie))
1131 #ifdef IEEE80211_SUPPORT_SUPERG
1132 else if (isatherosoui(ie))
1135 #ifdef IEEE80211_SUPPORT_TDMA
1136 else if (istdmaoui(ie))
1140 case IEEE80211_ELEMID_RSN:
1143 case IEEE80211_ELEMID_HTCAP:
1146 case IEEE80211_ELEMID_HTINFO:
1147 ies->htinfo_ie = ie;
1149 #ifdef IEEE80211_SUPPORT_MESH
1150 case IEEE80211_ELEMID_MESHID:
1151 ies->meshid_ie = ie;
1154 case IEEE80211_ELEMID_VHT_CAP:
1155 ies->vhtcap_ie = ie;
1157 case IEEE80211_ELEMID_VHT_OPMODE:
1158 ies->vhtopmode_ie = ie;
1160 case IEEE80211_ELEMID_VHT_PWR_ENV:
1161 ies->vhtpwrenv_ie = ie;
1163 case IEEE80211_ELEMID_BSSLOAD:
1164 ies->bssload_ie = ie;
1166 case IEEE80211_ELEMID_APCHANREP:
1167 ies->apchanrep_ie = ie;
1176 * Reclaim any resources in a node and reset any critical
1177 * state. Typically nodes are free'd immediately after,
1178 * but in some cases the storage may be reused so we need
1179 * to insure consistent state (should probably fix that).
1182 node_cleanup(struct ieee80211_node *ni)
1184 struct ieee80211vap *vap = ni->ni_vap;
1185 struct ieee80211com *ic = ni->ni_ic;
1188 /* NB: preserve ni_table */
1189 if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) {
1190 if (vap->iv_opmode != IEEE80211_M_STA)
1192 ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT;
1193 IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni,
1194 "power save mode off, %u sta's in ps mode", vap->iv_ps_sta);
1197 * Cleanup any VHT and HT-related state.
1199 if (ni->ni_flags & IEEE80211_NODE_VHT)
1200 ieee80211_vht_node_cleanup(ni);
1201 if (ni->ni_flags & IEEE80211_NODE_HT)
1202 ieee80211_ht_node_cleanup(ni);
1203 #ifdef IEEE80211_SUPPORT_SUPERG
1204 /* Always do FF node cleanup; for A-MSDU */
1205 ieee80211_ff_node_cleanup(ni);
1207 #ifdef IEEE80211_SUPPORT_MESH
1209 * Cleanup any mesh-related state.
1211 if (vap->iv_opmode == IEEE80211_M_MBSS)
1212 ieee80211_mesh_node_cleanup(ni);
1215 * Clear any staging queue entries.
1217 ieee80211_ageq_drain_node(&ic->ic_stageq, ni);
1220 * Clear AREF flag that marks the authorization refcnt bump
1221 * has happened. This is probably not needed as the node
1222 * should always be removed from the table so not found but
1223 * do it just in case.
1224 * Likewise clear the ASSOCID flag as these flags are intended
1225 * to be managed in tandem.
1227 ni->ni_flags &= ~(IEEE80211_NODE_AREF | IEEE80211_NODE_ASSOCID);
1230 * Drain power save queue and, if needed, clear TIM.
1232 if (ieee80211_node_psq_drain(ni) != 0 && vap->iv_set_tim != NULL)
1233 vap->iv_set_tim(ni, 0);
1236 if (ni->ni_challenge != NULL) {
1237 IEEE80211_FREE(ni->ni_challenge, M_80211_NODE);
1238 ni->ni_challenge = NULL;
1241 * Preserve SSID, WPA, and WME ie's so the bss node is
1242 * reusable during a re-auth/re-assoc state transition.
1243 * If we remove these data they will not be recreated
1244 * because they come from a probe-response or beacon frame
1245 * which cannot be expected prior to the association-response.
1246 * This should not be an issue when operating in other modes
1247 * as stations leaving always go through a full state transition
1248 * which will rebuild this state.
1250 * XXX does this leave us open to inheriting old state?
1252 for (i = 0; i < nitems(ni->ni_rxfrag); i++)
1253 if (ni->ni_rxfrag[i] != NULL) {
1254 m_freem(ni->ni_rxfrag[i]);
1255 ni->ni_rxfrag[i] = NULL;
1258 * Must be careful here to remove any key map entry w/o a LOR.
1260 ieee80211_node_delucastkey(ni);
1264 node_free(struct ieee80211_node *ni)
1266 struct ieee80211com *ic = ni->ni_ic;
1268 ieee80211_ratectl_node_deinit(ni);
1269 ic->ic_node_cleanup(ni);
1270 ieee80211_ies_cleanup(&ni->ni_ies);
1271 ieee80211_psq_cleanup(&ni->ni_psq);
1272 IEEE80211_FREE(ni, M_80211_NODE);
1276 node_age(struct ieee80211_node *ni)
1278 struct ieee80211vap *vap = ni->ni_vap;
1281 * Age frames on the power save queue.
1283 if (ieee80211_node_psq_age(ni) != 0 &&
1284 ni->ni_psq.psq_len == 0 && vap->iv_set_tim != NULL)
1285 vap->iv_set_tim(ni, 0);
1287 * Age out HT resources (e.g. frames on the
1288 * A-MPDU reorder queues).
1290 if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT))
1291 ieee80211_ht_node_age(ni);
1295 node_getrssi(const struct ieee80211_node *ni)
1297 uint32_t avgrssi = ni->ni_avgrssi;
1300 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER)
1302 rssi = IEEE80211_RSSI_GET(avgrssi);
1303 return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi;
1307 node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise)
1309 *rssi = node_getrssi(ni);
1310 *noise = ni->ni_noise;
1314 node_getmimoinfo(const struct ieee80211_node *ni,
1315 struct ieee80211_mimo_info *info)
1321 bzero(info, sizeof(*info));
1323 for (i = 0; i < MIN(IEEE80211_MAX_CHAINS, ni->ni_mimo_chains); i++) {
1324 /* Note: for now, just pri20 channel info */
1325 avgrssi = ni->ni_mimo_rssi_ctl[i];
1326 if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) {
1327 info->ch[i].rssi[0] = 0;
1329 rssi = IEEE80211_RSSI_GET(avgrssi);
1330 info->ch[i].rssi[0] = rssi < 0 ? 0 : rssi > 127 ? 127 : rssi;
1332 info->ch[i].noise[0] = ni->ni_mimo_noise_ctl[i];
1335 /* XXX ext radios? */
1341 ieee80211_add_node_nt(struct ieee80211_node_table *nt,
1342 struct ieee80211_node *ni)
1344 struct ieee80211com *ic = nt->nt_ic;
1347 IEEE80211_NODE_LOCK_ASSERT(nt);
1349 hash = IEEE80211_NODE_HASH(ic, ni->ni_macaddr);
1350 (void) ic; /* XXX IEEE80211_NODE_HASH */
1351 TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list);
1352 LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash);
1358 ieee80211_del_node_nt(struct ieee80211_node_table *nt,
1359 struct ieee80211_node *ni)
1362 IEEE80211_NODE_LOCK_ASSERT(nt);
1364 TAILQ_REMOVE(&nt->nt_node, ni, ni_list);
1365 LIST_REMOVE(ni, ni_hash);
1367 KASSERT(nt->nt_count >= 0,
1368 ("nt_count is negative (%d)!\n", nt->nt_count));
1369 ni->ni_table = NULL;
1372 struct ieee80211_node *
1373 ieee80211_alloc_node(struct ieee80211_node_table *nt,
1374 struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN])
1376 struct ieee80211com *ic = nt->nt_ic;
1377 struct ieee80211_node *ni;
1379 ni = ic->ic_node_alloc(vap, macaddr);
1381 vap->iv_stats.is_rx_nodealloc++;
1385 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1386 "%s %p<%s> in %s table\n", __func__, ni,
1387 ether_sprintf(macaddr), nt->nt_name);
1389 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
1390 ieee80211_node_initref(ni); /* mark referenced */
1391 ni->ni_chan = IEEE80211_CHAN_ANYC;
1392 ni->ni_authmode = IEEE80211_AUTH_OPEN;
1393 ni->ni_txpower = ic->ic_txpowlimit; /* max power */
1394 ni->ni_txparms = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
1395 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE);
1396 ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER;
1397 ni->ni_inact_reload = nt->nt_inact_init;
1398 ni->ni_inact = ni->ni_inact_reload;
1399 ni->ni_ath_defkeyix = 0x7fff;
1400 ieee80211_psq_init(&ni->ni_psq, "unknown");
1401 #ifdef IEEE80211_SUPPORT_MESH
1402 if (vap->iv_opmode == IEEE80211_M_MBSS)
1403 ieee80211_mesh_node_init(vap, ni);
1405 IEEE80211_NODE_LOCK(nt);
1406 ieee80211_add_node_nt(nt, ni);
1409 IEEE80211_NODE_UNLOCK(nt);
1411 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni,
1412 "%s: inact_reload %u", __func__, ni->ni_inact_reload);
1414 ieee80211_ratectl_node_init(ni);
1420 * Craft a temporary node suitable for sending a management frame
1421 * to the specified station. We craft only as much state as we
1422 * need to do the work since the node will be immediately reclaimed
1423 * once the send completes.
1425 struct ieee80211_node *
1426 ieee80211_tmp_node(struct ieee80211vap *vap,
1427 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1429 struct ieee80211com *ic = vap->iv_ic;
1430 struct ieee80211_node *ni;
1432 ni = ic->ic_node_alloc(vap, macaddr);
1434 struct ieee80211_node *bss = vap->iv_bss;
1436 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1437 "%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr));
1439 ni->ni_table = NULL; /* NB: pedantic */
1440 ni->ni_ic = ic; /* NB: needed to set channel */
1443 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
1444 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid);
1445 ieee80211_node_initref(ni); /* mark referenced */
1446 /* NB: required by ieee80211_fix_rate */
1447 ieee80211_node_set_chan(ni, bss->ni_chan);
1448 ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey,
1449 IEEE80211_KEYIX_NONE);
1450 ni->ni_txpower = bss->ni_txpower;
1451 /* XXX optimize away */
1452 ieee80211_psq_init(&ni->ni_psq, "unknown");
1454 ieee80211_ratectl_node_init(ni);
1457 vap->iv_stats.is_rx_nodealloc++;
1462 struct ieee80211_node *
1463 ieee80211_dup_bss(struct ieee80211vap *vap,
1464 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1466 struct ieee80211com *ic = vap->iv_ic;
1467 struct ieee80211_node *ni;
1469 ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr);
1471 struct ieee80211_node *bss = vap->iv_bss;
1473 * Inherit from iv_bss.
1476 IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid);
1477 ieee80211_node_set_chan(ni, bss->ni_chan);
1483 * Create a bss node for a legacy WDS vap. The far end does
1484 * not associate so we just create create a new node and
1485 * simulate an association. The caller is responsible for
1486 * installing the node as the bss node and handling any further
1487 * setup work like authorizing the port.
1489 struct ieee80211_node *
1490 ieee80211_node_create_wds(struct ieee80211vap *vap,
1491 const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan)
1493 struct ieee80211com *ic = vap->iv_ic;
1494 struct ieee80211_node *ni;
1496 /* XXX check if node already in sta table? */
1497 ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid);
1499 ni->ni_wdsvap = vap;
1500 IEEE80211_ADDR_COPY(ni->ni_bssid, bssid);
1502 * Inherit any manually configured settings.
1504 copy_bss(ni, vap->iv_bss);
1505 ieee80211_node_set_chan(ni, chan);
1506 /* NB: propagate ssid so available to WPA supplicant */
1507 ni->ni_esslen = vap->iv_des_ssid[0].len;
1508 memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen);
1509 /* NB: no associd for peer */
1511 * There are no management frames to use to
1512 * discover neighbor capabilities, so blindly
1513 * propagate the local configuration.
1515 if (vap->iv_flags & IEEE80211_F_WME)
1516 ni->ni_flags |= IEEE80211_NODE_QOS;
1517 #ifdef IEEE80211_SUPPORT_SUPERG
1518 if (vap->iv_flags & IEEE80211_F_FF)
1519 ni->ni_flags |= IEEE80211_NODE_FF;
1522 if ((ic->ic_htcaps & IEEE80211_HTC_HT) &&
1523 (vap->iv_flags_ht & IEEE80211_FHT_HT)) {
1525 * Device is HT-capable and HT is enabled for
1526 * the vap; setup HT operation. On return
1527 * ni_chan will be adjusted to an HT channel.
1529 ieee80211_ht_wds_init(ni);
1530 if (vap->iv_flags_vht & IEEE80211_FVHT_VHT) {
1531 printf("%s: TODO: vht_wds_init\n", __func__);
1534 struct ieee80211_channel *c = ni->ni_chan;
1536 * Force a legacy channel to be used.
1538 c = ieee80211_find_channel(ic,
1539 c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT);
1540 KASSERT(c != NULL, ("no legacy channel, %u/%x",
1541 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags));
1548 struct ieee80211_node *
1549 #ifdef IEEE80211_DEBUG_REFCNT
1550 ieee80211_find_node_locked_debug(struct ieee80211_node_table *nt,
1551 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1553 ieee80211_find_node_locked(struct ieee80211_node_table *nt,
1554 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1557 struct ieee80211_node *ni;
1560 IEEE80211_NODE_LOCK_ASSERT(nt);
1562 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr);
1563 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) {
1564 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) {
1565 ieee80211_ref_node(ni); /* mark referenced */
1566 #ifdef IEEE80211_DEBUG_REFCNT
1567 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1568 "%s (%s:%u) %p<%s> refcnt %d\n", __func__,
1570 ni, ether_sprintf(ni->ni_macaddr),
1571 ieee80211_node_refcnt(ni));
1579 struct ieee80211_node *
1580 #ifdef IEEE80211_DEBUG_REFCNT
1581 ieee80211_find_node_debug(struct ieee80211_node_table *nt,
1582 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1584 ieee80211_find_node(struct ieee80211_node_table *nt,
1585 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1588 struct ieee80211_node *ni;
1590 IEEE80211_NODE_LOCK(nt);
1591 ni = ieee80211_find_node_locked(nt, macaddr);
1592 IEEE80211_NODE_UNLOCK(nt);
1596 struct ieee80211_node *
1597 #ifdef IEEE80211_DEBUG_REFCNT
1598 ieee80211_find_vap_node_locked_debug(struct ieee80211_node_table *nt,
1599 const struct ieee80211vap *vap,
1600 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1602 ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt,
1603 const struct ieee80211vap *vap,
1604 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1607 struct ieee80211_node *ni;
1610 IEEE80211_NODE_LOCK_ASSERT(nt);
1612 hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr);
1613 LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) {
1614 if (ni->ni_vap == vap &&
1615 IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) {
1616 ieee80211_ref_node(ni); /* mark referenced */
1617 #ifdef IEEE80211_DEBUG_REFCNT
1618 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1619 "%s (%s:%u) %p<%s> refcnt %d\n", __func__,
1621 ni, ether_sprintf(ni->ni_macaddr),
1622 ieee80211_node_refcnt(ni));
1630 struct ieee80211_node *
1631 #ifdef IEEE80211_DEBUG_REFCNT
1632 ieee80211_find_vap_node_debug(struct ieee80211_node_table *nt,
1633 const struct ieee80211vap *vap,
1634 const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *func, int line)
1636 ieee80211_find_vap_node(struct ieee80211_node_table *nt,
1637 const struct ieee80211vap *vap,
1638 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1641 struct ieee80211_node *ni;
1643 IEEE80211_NODE_LOCK(nt);
1644 ni = ieee80211_find_vap_node_locked(nt, vap, macaddr);
1645 IEEE80211_NODE_UNLOCK(nt);
1650 * Fake up a node; this handles node discovery in adhoc mode.
1651 * Note that for the driver's benefit we we treat this like
1652 * an association so the driver has an opportunity to setup
1653 * it's private state.
1655 struct ieee80211_node *
1656 ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap,
1657 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1659 struct ieee80211_node *ni;
1661 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE | IEEE80211_MSG_ASSOC,
1662 "%s: mac<%s>\n", __func__, ether_sprintf(macaddr));
1663 ni = ieee80211_dup_bss(vap, macaddr);
1665 struct ieee80211com *ic = vap->iv_ic;
1667 /* XXX no rate negotiation; just dup */
1668 ni->ni_rates = vap->iv_bss->ni_rates;
1669 if (ieee80211_iserp_rateset(&ni->ni_rates))
1670 ni->ni_flags |= IEEE80211_NODE_ERP;
1671 if (vap->iv_opmode == IEEE80211_M_AHDEMO) {
1673 * In adhoc demo mode there are no management
1674 * frames to use to discover neighbor capabilities,
1675 * so blindly propagate the local configuration
1676 * so we can do interesting things (e.g. use
1677 * WME to disable ACK's).
1682 if (vap->iv_flags & IEEE80211_F_WME)
1683 ni->ni_flags |= IEEE80211_NODE_QOS;
1684 #ifdef IEEE80211_SUPPORT_SUPERG
1685 if (vap->iv_flags & IEEE80211_F_FF)
1686 ni->ni_flags |= IEEE80211_NODE_FF;
1689 ieee80211_node_setuptxparms(ni);
1690 ieee80211_ratectl_node_init(ni);
1693 * XXX TODO: 11n? At least 20MHz, at least A-MPDU RX,
1694 * not A-MPDU TX; not 11n rates, etc. We'll cycle
1695 * that after we hear that we can indeed do 11n
1696 * (either by a beacon frame or by a probe response.)
1700 * This is the first time we see the node.
1702 if (ic->ic_newassoc != NULL)
1703 ic->ic_newassoc(ni, 1);
1706 * Kick off a probe request to the given node;
1707 * we will then use the probe response to update
1708 * 11n/etc configuration state.
1710 * XXX TODO: this isn't guaranteed, and until we get
1711 * a probe response, we won't be able to actually
1712 * do anything 802.11n related to the node.
1713 * So if this does indeed work, maybe we should hold
1714 * off on sending responses until we get the probe
1715 * response, or just default to some sensible subset
1716 * of 802.11n behaviour (eg always allow aggregation
1717 * negotiation TO us, but not FROM us, etc) so we
1718 * aren't entirely busted.
1720 if (vap->iv_opmode == IEEE80211_M_IBSS) {
1721 ieee80211_send_probereq(ni, /* node */
1722 vap->iv_myaddr, /* SA */
1723 ni->ni_macaddr, /* DA */
1724 vap->iv_bss->ni_bssid, /* BSSID */
1725 vap->iv_bss->ni_essid,
1726 vap->iv_bss->ni_esslen); /* SSID */
1729 /* XXX not right for 802.1x/WPA */
1730 ieee80211_node_authorize(ni);
1736 ieee80211_init_neighbor(struct ieee80211_node *ni,
1737 const struct ieee80211_frame *wh,
1738 const struct ieee80211_scanparams *sp)
1740 int do_ht_setup = 0, do_vht_setup = 0;
1742 ni->ni_esslen = sp->ssid[1];
1743 memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]);
1744 IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3);
1745 memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp));
1746 ni->ni_intval = sp->bintval;
1747 ni->ni_capinfo = sp->capinfo;
1748 ni->ni_chan = ni->ni_ic->ic_curchan;
1749 ni->ni_fhdwell = sp->fhdwell;
1750 ni->ni_fhindex = sp->fhindex;
1751 ni->ni_erp = sp->erp;
1752 ni->ni_timoff = sp->timoff;
1753 #ifdef IEEE80211_SUPPORT_MESH
1754 if (ni->ni_vap->iv_opmode == IEEE80211_M_MBSS)
1755 ieee80211_mesh_init_neighbor(ni, wh, sp);
1757 if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) {
1758 ieee80211_ies_expand(&ni->ni_ies);
1759 if (ni->ni_ies.wme_ie != NULL)
1760 ni->ni_flags |= IEEE80211_NODE_QOS;
1762 ni->ni_flags &= ~IEEE80211_NODE_QOS;
1763 #ifdef IEEE80211_SUPPORT_SUPERG
1764 if (ni->ni_ies.ath_ie != NULL)
1765 ieee80211_parse_ath(ni, ni->ni_ies.ath_ie);
1767 if (ni->ni_ies.htcap_ie != NULL)
1768 ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie);
1769 if (ni->ni_ies.htinfo_ie != NULL)
1770 ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie);
1772 if (ni->ni_ies.vhtcap_ie != NULL)
1773 ieee80211_parse_vhtcap(ni, ni->ni_ies.vhtcap_ie);
1774 if (ni->ni_ies.vhtopmode_ie != NULL)
1775 ieee80211_parse_vhtopmode(ni, ni->ni_ies.vhtopmode_ie);
1777 if ((ni->ni_ies.htcap_ie != NULL) &&
1778 (ni->ni_ies.htinfo_ie != NULL) &&
1779 (ni->ni_vap->iv_flags_ht & IEEE80211_FHT_HT)) {
1783 if ((ni->ni_ies.vhtcap_ie != NULL) &&
1784 (ni->ni_ies.vhtopmode_ie != NULL) &&
1785 (ni->ni_vap->iv_flags_vht & IEEE80211_FVHT_VHT)) {
1791 /* NB: must be after ni_chan is setup */
1792 ieee80211_setup_rates(ni, sp->rates, sp->xrates,
1793 IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE |
1794 IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
1797 * If the neighbor is HT compatible, flip that on.
1800 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC,
1801 "%s: doing HT setup\n", __func__);
1802 ieee80211_ht_node_init(ni);
1803 ieee80211_ht_updateparams(ni,
1804 ni->ni_ies.htcap_ie,
1805 ni->ni_ies.htinfo_ie);
1808 if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
1809 printf("%s: BSS %6D: 2GHz channel, VHT info; ignoring\n",
1814 ieee80211_vht_node_init(ni);
1815 ieee80211_vht_updateparams(ni,
1816 ni->ni_ies.vhtcap_ie,
1817 ni->ni_ies.vhtopmode_ie);
1818 ieee80211_setup_vht_rates(ni,
1819 ni->ni_ies.vhtcap_ie,
1820 ni->ni_ies.vhtopmode_ie);
1825 * Finally do the channel upgrade/change based
1826 * on the HT/VHT configuration.
1828 ieee80211_ht_updateparams_final(ni, ni->ni_ies.htcap_ie,
1829 ni->ni_ies.htinfo_ie);
1830 ieee80211_setup_htrates(ni,
1831 ni->ni_ies.htcap_ie,
1832 IEEE80211_F_JOIN | IEEE80211_F_DOBRS);
1833 ieee80211_setup_basic_htrates(ni,
1834 ni->ni_ies.htinfo_ie);
1836 ieee80211_node_setuptxparms(ni);
1837 ieee80211_ratectl_node_init(ni);
1839 /* Reassociate; we're now 11n/11ac */
1841 * XXX TODO: this is the wrong thing to do -
1842 * we're calling it with isnew=1 so the ath(4)
1843 * driver reinitialises the rate tables.
1844 * This "mostly" works for ath(4), but it won't
1845 * be right for firmware devices which allocate
1848 * So, do we just create a new node and delete
1851 if (ni->ni_ic->ic_newassoc)
1852 ni->ni_ic->ic_newassoc(ni, 1);
1857 * Do node discovery in adhoc mode on receipt of a beacon
1858 * or probe response frame. Note that for the driver's
1859 * benefit we we treat this like an association so the
1860 * driver has an opportunity to setup it's private state.
1862 struct ieee80211_node *
1863 ieee80211_add_neighbor(struct ieee80211vap *vap,
1864 const struct ieee80211_frame *wh,
1865 const struct ieee80211_scanparams *sp)
1867 struct ieee80211_node *ni;
1869 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
1870 "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2));
1871 ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */
1873 struct ieee80211com *ic = vap->iv_ic;
1875 ieee80211_init_neighbor(ni, wh, sp);
1876 if (ieee80211_iserp_rateset(&ni->ni_rates))
1877 ni->ni_flags |= IEEE80211_NODE_ERP;
1878 ieee80211_node_setuptxparms(ni);
1879 ieee80211_ratectl_node_init(ni);
1880 if (ic->ic_newassoc != NULL)
1881 ic->ic_newassoc(ni, 1);
1882 /* XXX not right for 802.1x/WPA */
1883 ieee80211_node_authorize(ni);
1888 #define IS_PROBEREQ(wh) \
1889 ((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) \
1890 == (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ))
1891 #define IS_BCAST_PROBEREQ(wh) \
1892 (IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \
1893 ((const struct ieee80211_frame *)(wh))->i_addr3))
1895 static __inline struct ieee80211_node *
1896 _find_rxnode(struct ieee80211_node_table *nt,
1897 const struct ieee80211_frame_min *wh)
1899 if (IS_BCAST_PROBEREQ(wh))
1900 return NULL; /* spam bcast probe req to all vap's */
1901 return ieee80211_find_node_locked(nt, wh->i_addr2);
1905 * Locate the node for sender, track state, and then pass the
1906 * (referenced) node up to the 802.11 layer for its use. Note
1907 * we can return NULL if the sender is not in the table.
1909 struct ieee80211_node *
1910 #ifdef IEEE80211_DEBUG_REFCNT
1911 ieee80211_find_rxnode_debug(struct ieee80211com *ic,
1912 const struct ieee80211_frame_min *wh, const char *func, int line)
1914 ieee80211_find_rxnode(struct ieee80211com *ic,
1915 const struct ieee80211_frame_min *wh)
1918 struct ieee80211_node_table *nt;
1919 struct ieee80211_node *ni;
1922 IEEE80211_NODE_LOCK(nt);
1923 ni = _find_rxnode(nt, wh);
1924 IEEE80211_NODE_UNLOCK(nt);
1930 * Like ieee80211_find_rxnode but use the supplied h/w
1931 * key index as a hint to locate the node in the key
1932 * mapping table. If an entry is present at the key
1933 * index we return it; otherwise do a normal lookup and
1934 * update the mapping table if the station has a unicast
1935 * key assigned to it.
1937 struct ieee80211_node *
1938 #ifdef IEEE80211_DEBUG_REFCNT
1939 ieee80211_find_rxnode_withkey_debug(struct ieee80211com *ic,
1940 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix,
1941 const char *func, int line)
1943 ieee80211_find_rxnode_withkey(struct ieee80211com *ic,
1944 const struct ieee80211_frame_min *wh, ieee80211_keyix keyix)
1947 struct ieee80211_node_table *nt;
1948 struct ieee80211_node *ni;
1951 IEEE80211_NODE_LOCK(nt);
1952 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax)
1953 ni = nt->nt_keyixmap[keyix];
1957 ni = _find_rxnode(nt, wh);
1958 if (ni != NULL && nt->nt_keyixmap != NULL) {
1960 * If the station has a unicast key cache slot
1961 * assigned update the key->node mapping table.
1963 keyix = ni->ni_ucastkey.wk_rxkeyix;
1964 /* XXX can keyixmap[keyix] != NULL? */
1965 if (keyix < nt->nt_keyixmax &&
1966 nt->nt_keyixmap[keyix] == NULL) {
1967 IEEE80211_DPRINTF(ni->ni_vap,
1969 "%s: add key map entry %p<%s> refcnt %d\n",
1970 __func__, ni, ether_sprintf(ni->ni_macaddr),
1971 ieee80211_node_refcnt(ni)+1);
1972 nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni);
1976 if (IS_BCAST_PROBEREQ(wh))
1977 ni = NULL; /* spam bcast probe req to all vap's */
1979 ieee80211_ref_node(ni);
1981 IEEE80211_NODE_UNLOCK(nt);
1985 #undef IS_BCAST_PROBEREQ
1989 * Return a reference to the appropriate node for sending
1990 * a data frame. This handles node discovery in adhoc networks.
1992 struct ieee80211_node *
1993 #ifdef IEEE80211_DEBUG_REFCNT
1994 ieee80211_find_txnode_debug(struct ieee80211vap *vap,
1995 const uint8_t macaddr[IEEE80211_ADDR_LEN],
1996 const char *func, int line)
1998 ieee80211_find_txnode(struct ieee80211vap *vap,
1999 const uint8_t macaddr[IEEE80211_ADDR_LEN])
2002 struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta;
2003 struct ieee80211_node *ni;
2006 * The destination address should be in the node table
2007 * unless this is a multicast/broadcast frame. We can
2008 * also optimize station mode operation, all frames go
2011 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */
2012 IEEE80211_NODE_LOCK(nt);
2013 if (vap->iv_opmode == IEEE80211_M_STA ||
2014 vap->iv_opmode == IEEE80211_M_WDS ||
2015 IEEE80211_IS_MULTICAST(macaddr))
2016 ni = ieee80211_ref_node(vap->iv_bss);
2018 ni = ieee80211_find_node_locked(nt, macaddr);
2019 IEEE80211_NODE_UNLOCK(nt);
2022 if (vap->iv_opmode == IEEE80211_M_IBSS ||
2023 vap->iv_opmode == IEEE80211_M_AHDEMO) {
2025 * In adhoc mode cons up a node for the destination.
2026 * Note that we need an additional reference for the
2027 * caller to be consistent with
2028 * ieee80211_find_node_locked.
2031 * XXX TODO: this doesn't fake up 11n state; we need
2032 * to find another way to get it upgraded.
2034 ni = ieee80211_fakeup_adhoc_node(vap, macaddr);
2036 (void) ieee80211_ref_node(ni);
2038 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr,
2039 "no node, discard frame (%s)", __func__);
2040 vap->iv_stats.is_tx_nonode++;
2047 _ieee80211_free_node(struct ieee80211_node *ni)
2049 struct ieee80211_node_table *nt = ni->ni_table;
2052 * NB: careful about referencing the vap as it may be
2053 * gone if the last reference was held by a driver.
2054 * We know the com will always be present so it's safe
2055 * to use ni_ic below to reclaim resources.
2058 IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
2059 "%s %p<%s> in %s table\n", __func__, ni,
2060 ether_sprintf(ni->ni_macaddr),
2061 nt != NULL ? nt->nt_name : "<gone>");
2063 if (ni->ni_associd != 0) {
2064 struct ieee80211vap *vap = ni->ni_vap;
2065 if (vap->iv_aid_bitmap != NULL)
2066 IEEE80211_AID_CLR(vap, ni->ni_associd);
2069 ieee80211_del_node_nt(nt, ni);
2070 ni->ni_ic->ic_node_free(ni);
2074 * Clear any entry in the unicast key mapping table.
2077 node_clear_keyixmap(struct ieee80211_node_table *nt, struct ieee80211_node *ni)
2079 ieee80211_keyix keyix;
2081 keyix = ni->ni_ucastkey.wk_rxkeyix;
2082 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax &&
2083 nt->nt_keyixmap[keyix] == ni) {
2084 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
2085 "%s: %p<%s> clear key map entry %u\n",
2086 __func__, ni, ether_sprintf(ni->ni_macaddr), keyix);
2087 nt->nt_keyixmap[keyix] = NULL;
2088 ieee80211_node_decref(ni);
2096 #ifdef IEEE80211_DEBUG_REFCNT
2097 ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line)
2099 ieee80211_free_node(struct ieee80211_node *ni)
2102 struct ieee80211_node_table *nt = ni->ni_table;
2104 #ifdef IEEE80211_DEBUG_REFCNT
2105 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
2106 "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni,
2107 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1);
2110 IEEE80211_NODE_LOCK(nt);
2111 if (ieee80211_node_dectestref(ni)) {
2113 * Last reference, reclaim state.
2115 _ieee80211_free_node(ni);
2116 } else if (ieee80211_node_refcnt(ni) == 1)
2117 if (node_clear_keyixmap(nt, ni))
2118 _ieee80211_free_node(ni);
2119 IEEE80211_NODE_UNLOCK(nt);
2121 if (ieee80211_node_dectestref(ni))
2122 _ieee80211_free_node(ni);
2127 * Reclaim a unicast key and clear any key cache state.
2130 ieee80211_node_delucastkey(struct ieee80211_node *ni)
2132 struct ieee80211com *ic = ni->ni_ic;
2133 struct ieee80211_node_table *nt = &ic->ic_sta;
2134 struct ieee80211_node *nikey;
2135 ieee80211_keyix keyix;
2136 int isowned, status;
2139 * NB: We must beware of LOR here; deleting the key
2140 * can cause the crypto layer to block traffic updates
2141 * which can generate a LOR against the node table lock;
2142 * grab it here and stash the key index for our use below.
2144 * Must also beware of recursion on the node table lock.
2145 * When called from node_cleanup we may already have
2146 * the node table lock held. Unfortunately there's no
2147 * way to separate out this path so we must do this
2150 isowned = IEEE80211_NODE_IS_LOCKED(nt);
2152 IEEE80211_NODE_LOCK(nt);
2154 status = 1; /* NB: success */
2155 if (ni->ni_ucastkey.wk_keyix != IEEE80211_KEYIX_NONE) {
2156 keyix = ni->ni_ucastkey.wk_rxkeyix;
2157 status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey);
2158 if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) {
2159 nikey = nt->nt_keyixmap[keyix];
2160 nt->nt_keyixmap[keyix] = NULL;
2164 IEEE80211_NODE_UNLOCK(nt);
2166 if (nikey != NULL) {
2167 KASSERT(nikey == ni,
2168 ("key map out of sync, ni %p nikey %p", ni, nikey));
2169 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
2170 "%s: delete key map entry %p<%s> refcnt %d\n",
2171 __func__, ni, ether_sprintf(ni->ni_macaddr),
2172 ieee80211_node_refcnt(ni)-1);
2173 ieee80211_free_node(ni);
2179 * Reclaim a node. If this is the last reference count then
2180 * do the normal free work. Otherwise remove it from the node
2181 * table and mark it gone by clearing the back-reference.
2184 node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni)
2187 IEEE80211_NODE_LOCK_ASSERT(nt);
2189 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
2190 "%s: remove %p<%s> from %s table, refcnt %d\n",
2191 __func__, ni, ether_sprintf(ni->ni_macaddr),
2192 nt->nt_name, ieee80211_node_refcnt(ni)-1);
2194 * Clear any entry in the unicast key mapping table.
2195 * We need to do it here so rx lookups don't find it
2196 * in the mapping table even if it's not in the hash
2197 * table. We cannot depend on the mapping table entry
2198 * being cleared because the node may not be free'd.
2200 (void)node_clear_keyixmap(nt, ni);
2201 if (!ieee80211_node_dectestref(ni)) {
2203 * Other references are present, just remove the
2204 * node from the table so it cannot be found. When
2205 * the references are dropped storage will be
2208 ieee80211_del_node_nt(nt, ni);
2210 _ieee80211_free_node(ni);
2214 * Node table support.
2218 ieee80211_node_table_init(struct ieee80211com *ic,
2219 struct ieee80211_node_table *nt,
2220 const char *name, int inact, int keyixmax)
2224 IEEE80211_NODE_LOCK_INIT(nt, ic->ic_name);
2225 TAILQ_INIT(&nt->nt_node);
2228 nt->nt_inact_init = inact;
2229 nt->nt_keyixmax = keyixmax;
2230 if (nt->nt_keyixmax > 0) {
2231 nt->nt_keyixmap = (struct ieee80211_node **) IEEE80211_MALLOC(
2232 keyixmax * sizeof(struct ieee80211_node *),
2234 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
2235 if (nt->nt_keyixmap == NULL)
2237 "Cannot allocate key index map with %u entries\n",
2240 nt->nt_keyixmap = NULL;
2244 ieee80211_node_table_reset(struct ieee80211_node_table *nt,
2245 struct ieee80211vap *match)
2247 struct ieee80211_node *ni, *next;
2249 IEEE80211_NODE_LOCK(nt);
2250 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) {
2251 if (match != NULL && ni->ni_vap != match)
2253 /* XXX can this happen? if so need's work */
2254 if (ni->ni_associd != 0) {
2255 struct ieee80211vap *vap = ni->ni_vap;
2257 if (vap->iv_auth->ia_node_leave != NULL)
2258 vap->iv_auth->ia_node_leave(ni);
2259 if (vap->iv_aid_bitmap != NULL)
2260 IEEE80211_AID_CLR(vap, ni->ni_associd);
2262 ni->ni_wdsvap = NULL; /* clear reference */
2263 node_reclaim(nt, ni);
2265 if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) {
2267 * Make a separate pass to clear references to this vap
2268 * held by DWDS entries. They will not be matched above
2269 * because ni_vap will point to the ap vap but we still
2270 * need to clear ni_wdsvap when the WDS vap is destroyed
2273 TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next)
2274 if (ni->ni_wdsvap == match)
2275 ni->ni_wdsvap = NULL;
2277 IEEE80211_NODE_UNLOCK(nt);
2281 ieee80211_node_table_cleanup(struct ieee80211_node_table *nt)
2283 ieee80211_node_table_reset(nt, NULL);
2284 if (nt->nt_keyixmap != NULL) {
2286 /* XXX verify all entries are NULL */
2288 for (i = 0; i < nt->nt_keyixmax; i++)
2289 if (nt->nt_keyixmap[i] != NULL)
2290 printf("%s: %s[%u] still active\n", __func__,
2293 IEEE80211_FREE(nt->nt_keyixmap, M_80211_NODE);
2294 nt->nt_keyixmap = NULL;
2296 IEEE80211_NODE_LOCK_DESTROY(nt);
2300 timeout_stations(void *arg __unused, struct ieee80211_node *ni)
2302 struct ieee80211com *ic = ni->ni_ic;
2303 struct ieee80211vap *vap = ni->ni_vap;
2306 * Only process stations when in RUN state. This
2307 * insures, for example, that we don't timeout an
2308 * inactive station during CAC. Note that CSA state
2309 * is actually handled in ieee80211_node_timeout as
2310 * it applies to more than timeout processing.
2312 if (vap->iv_state != IEEE80211_S_RUN)
2315 * Ignore entries for which have yet to receive an
2316 * authentication frame. These are transient and
2317 * will be reclaimed when the last reference to them
2318 * goes away (when frame xmits complete).
2320 if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
2321 vap->iv_opmode == IEEE80211_M_STA) &&
2322 (ni->ni_flags & IEEE80211_NODE_AREF) == 0)
2325 * Free fragment if not needed anymore
2326 * (last fragment older than 1s).
2327 * XXX doesn't belong here, move to node_age
2329 if (ni->ni_rxfrag[0] != NULL &&
2330 ticks > ni->ni_rxfragstamp + hz) {
2331 m_freem(ni->ni_rxfrag[0]);
2332 ni->ni_rxfrag[0] = NULL;
2334 if (ni->ni_inact > 0) {
2336 IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni,
2337 "%s: inact %u inact_reload %u nrates %u",
2338 __func__, ni->ni_inact, ni->ni_inact_reload,
2339 ni->ni_rates.rs_nrates);
2342 * Special case ourself; we may be idle for extended periods
2343 * of time and regardless reclaiming our state is wrong.
2344 * XXX run ic_node_age
2346 /* XXX before inact decrement? */
2347 if (ni == vap->iv_bss)
2349 if (ni->ni_associd != 0 ||
2350 (vap->iv_opmode == IEEE80211_M_IBSS ||
2351 vap->iv_opmode == IEEE80211_M_AHDEMO)) {
2353 * Age/drain resources held by the station.
2355 ic->ic_node_age(ni);
2357 * Probe the station before time it out. We
2358 * send a null data frame which may not be
2359 * universally supported by drivers (need it
2360 * for ps-poll support so it should be...).
2362 * XXX don't probe the station unless we've
2363 * received a frame from them (and have
2364 * some idea of the rates they are capable
2365 * of); this will get fixed more properly
2366 * soon with better handling of the rate set.
2368 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) &&
2369 (0 < ni->ni_inact &&
2370 ni->ni_inact <= vap->iv_inact_probe) &&
2371 ni->ni_rates.rs_nrates != 0) {
2373 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE,
2375 "probe station due to inactivity");
2377 * Grab a reference so the node cannot
2378 * be reclaimed before we send the frame.
2379 * ieee80211_send_nulldata understands
2380 * we've done this and reclaims the
2381 * ref for us as needed.
2383 /* XXX fix this (not required anymore). */
2384 ieee80211_ref_node(ni);
2386 ieee80211_send_nulldata(ni);
2391 if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) &&
2392 ni->ni_inact <= 0) {
2394 IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni,
2395 "station timed out due to inactivity "
2396 "(refcnt %u)", ieee80211_node_refcnt(ni));
2398 * Send a deauthenticate frame and drop the station.
2399 * This is somewhat complicated due to reference counts
2400 * and locking. At this point a station will typically
2401 * have a reference count of 2. ieee80211_node_leave
2402 * will do a "free" of the node which will drop the
2403 * reference count. But in the meantime a reference
2404 * wil be held by the deauth frame. The actual reclaim
2405 * of the node will happen either after the tx is
2406 * completed or by ieee80211_node_leave.
2408 if (ni->ni_associd != 0) {
2409 IEEE80211_SEND_MGMT(ni,
2410 IEEE80211_FC0_SUBTYPE_DEAUTH,
2411 IEEE80211_REASON_AUTH_EXPIRE);
2413 ieee80211_node_leave(ni);
2414 vap->iv_stats.is_node_timeout++;
2419 * Timeout inactive stations and do related housekeeping.
2422 ieee80211_timeout_stations(struct ieee80211com *ic)
2424 struct ieee80211_node_table *nt = &ic->ic_sta;
2426 ieee80211_iterate_nodes(nt, timeout_stations, NULL);
2430 * Aggressively reclaim resources. This should be used
2431 * only in a critical situation to reclaim mbuf resources.
2434 ieee80211_drain(struct ieee80211com *ic)
2436 struct ieee80211_node_table *nt = &ic->ic_sta;
2437 struct ieee80211vap *vap;
2438 struct ieee80211_node *ni;
2440 IEEE80211_NODE_LOCK(nt);
2441 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
2443 * Ignore entries for which have yet to receive an
2444 * authentication frame. These are transient and
2445 * will be reclaimed when the last reference to them
2446 * goes away (when frame xmits complete).
2450 * Only process stations when in RUN state. This
2451 * insures, for example, that we don't timeout an
2452 * inactive station during CAC. Note that CSA state
2453 * is actually handled in ieee80211_node_timeout as
2454 * it applies to more than timeout processing.
2456 if (vap->iv_state != IEEE80211_S_RUN)
2458 /* XXX can vap be NULL? */
2459 if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
2460 vap->iv_opmode == IEEE80211_M_STA) &&
2461 (ni->ni_flags & IEEE80211_NODE_AREF) == 0)
2465 * XXX doesn't belong here, move to node_drain
2467 if (ni->ni_rxfrag[0] != NULL) {
2468 m_freem(ni->ni_rxfrag[0]);
2469 ni->ni_rxfrag[0] = NULL;
2472 * Drain resources held by the station.
2474 ic->ic_node_drain(ni);
2476 IEEE80211_NODE_UNLOCK(nt);
2480 * Per-ieee80211com inactivity timer callback.
2483 ieee80211_node_timeout(void *arg)
2485 struct ieee80211com *ic = arg;
2488 * Defer timeout processing if a channel switch is pending.
2489 * We typically need to be mute so not doing things that
2490 * might generate frames is good to handle in one place.
2491 * Suppressing the station timeout processing may extend the
2492 * lifetime of inactive stations (by not decrementing their
2493 * idle counters) but this should be ok unless the CSA is
2494 * active for an unusually long time.
2496 if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) {
2497 ieee80211_scan_timeout(ic);
2498 ieee80211_timeout_stations(ic);
2499 ieee80211_ageq_age(&ic->ic_stageq, IEEE80211_INACT_WAIT);
2502 ieee80211_erp_timeout(ic);
2503 ieee80211_ht_timeout(ic);
2504 ieee80211_vht_timeout(ic);
2505 IEEE80211_UNLOCK(ic);
2507 callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz,
2508 ieee80211_node_timeout, ic);
2512 * The same as ieee80211_iterate_nodes(), but for one vap only.
2515 ieee80211_iterate_nodes_vap(struct ieee80211_node_table *nt,
2516 struct ieee80211vap *vap, ieee80211_iter_func *f, void *arg)
2518 struct ieee80211_node **ni_arr;
2519 struct ieee80211_node *ni;
2524 * Iterate over the node table and save an array of ref'ed nodes.
2526 * This is separated out from calling the actual node function so that
2527 * no LORs will occur.
2529 IEEE80211_NODE_LOCK(nt);
2530 count = nt->nt_count;
2531 size = count * sizeof(struct ieee80211_node *);
2532 ni_arr = (struct ieee80211_node **) IEEE80211_MALLOC(size, M_80211_NODE,
2533 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
2534 if (ni_arr == NULL) {
2535 IEEE80211_NODE_UNLOCK(nt);
2540 TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
2541 if (vap != NULL && ni->ni_vap != vap)
2544 ("node array overflow (vap %p, i %d, count %d)\n",
2546 ni_arr[i] = ieee80211_ref_node(ni);
2549 IEEE80211_NODE_UNLOCK(nt);
2551 for (i = 0; i < count; i++) {
2552 if (ni_arr[i] == NULL) /* end of the list */
2554 (*f)(arg, ni_arr[i]);
2555 /* ieee80211_free_node() locks by itself */
2556 ieee80211_free_node(ni_arr[i]);
2559 IEEE80211_FREE(ni_arr, M_80211_NODE);
2565 * Just a wrapper, so we don't have to change every ieee80211_iterate_nodes()
2566 * reference in the source.
2569 ieee80211_iterate_nodes(struct ieee80211_node_table *nt,
2570 ieee80211_iter_func *f, void *arg)
2572 /* XXX no way to pass error to the caller. */
2573 (void) ieee80211_iterate_nodes_vap(nt, NULL, f, arg);
2577 ieee80211_dump_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni)
2579 printf("0x%p: mac %s refcnt %d\n", ni,
2580 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni));
2581 printf("\tauthmode %u flags 0x%x\n",
2582 ni->ni_authmode, ni->ni_flags);
2583 printf("\tassocid 0x%x txpower %u vlan %u\n",
2584 ni->ni_associd, ni->ni_txpower, ni->ni_vlan);
2585 printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n",
2586 ni->ni_txseqs[IEEE80211_NONQOS_TID],
2587 ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT,
2588 ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK,
2589 ni->ni_rxfragstamp);
2590 printf("\trssi %d noise %d intval %u capinfo 0x%x\n",
2591 node_getrssi(ni), ni->ni_noise,
2592 ni->ni_intval, ni->ni_capinfo);
2593 printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n",
2594 ether_sprintf(ni->ni_bssid),
2595 ni->ni_esslen, ni->ni_essid,
2596 ni->ni_chan->ic_freq, ni->ni_chan->ic_flags);
2597 printf("\tinact %u inact_reload %u txrate %u\n",
2598 ni->ni_inact, ni->ni_inact_reload, ni->ni_txrate);
2599 printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n",
2600 ni->ni_htcap, ni->ni_htparam,
2601 ni->ni_htctlchan, ni->ni_ht2ndchan);
2602 printf("\thtopmode %x htstbc %x htchw %u\n",
2603 ni->ni_htopmode, ni->ni_htstbc, ni->ni_chw);
2604 printf("\tvhtcap %x freq1 %d freq2 %d vhtbasicmcs %x\n",
2605 ni->ni_vhtcap, (int) ni->ni_vht_chan1, (int) ni->ni_vht_chan2,
2606 (int) ni->ni_vht_basicmcs);
2611 ieee80211_dump_nodes(struct ieee80211_node_table *nt)
2613 ieee80211_iterate_nodes(nt,
2614 (ieee80211_iter_func *) ieee80211_dump_node, nt);
2618 ieee80211_notify_erp_locked(struct ieee80211com *ic)
2620 struct ieee80211vap *vap;
2622 IEEE80211_LOCK_ASSERT(ic);
2624 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
2625 if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2626 ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP);
2630 ieee80211_notify_erp(struct ieee80211com *ic)
2633 ieee80211_notify_erp_locked(ic);
2634 IEEE80211_UNLOCK(ic);
2638 * Handle a station joining an 11g network.
2641 ieee80211_node_join_11g(struct ieee80211_node *ni)
2643 struct ieee80211com *ic = ni->ni_ic;
2645 IEEE80211_LOCK_ASSERT(ic);
2648 * Station isn't capable of short slot time. Bump
2649 * the count of long slot time stations and disable
2650 * use of short slot time. Note that the actual switch
2651 * over to long slot time use may not occur until the
2652 * next beacon transmission (per sec. 7.3.1.4 of 11g).
2654 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) {
2655 ic->ic_longslotsta++;
2656 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2657 "station needs long slot time, count %d",
2658 ic->ic_longslotsta);
2659 /* XXX vap's w/ conflicting needs won't work */
2660 if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) {
2662 * Don't force slot time when switched to turbo
2663 * mode as non-ERP stations won't be present; this
2664 * need only be done when on the normal G channel.
2666 ieee80211_set_shortslottime(ic, 0);
2670 * If the new station is not an ERP station
2671 * then bump the counter and enable protection
2674 if (!ieee80211_iserp_rateset(&ni->ni_rates)) {
2676 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2677 "station is !ERP, %d non-ERP stations associated",
2680 * If station does not support short preamble
2681 * then we must enable use of Barker preamble.
2683 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) {
2684 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2685 "%s", "station needs long preamble");
2686 ic->ic_flags |= IEEE80211_F_USEBARKER;
2687 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE;
2690 * If protection is configured and this is the first
2691 * indication we should use protection, enable it.
2693 if (ic->ic_protmode != IEEE80211_PROT_NONE &&
2694 ic->ic_nonerpsta == 1 &&
2695 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) {
2696 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC,
2697 "%s: enable use of protection\n", __func__);
2698 ic->ic_flags |= IEEE80211_F_USEPROT;
2699 ieee80211_notify_erp_locked(ic);
2702 ni->ni_flags |= IEEE80211_NODE_ERP;
2706 ieee80211_node_join(struct ieee80211_node *ni, int resp)
2708 struct ieee80211com *ic = ni->ni_ic;
2709 struct ieee80211vap *vap = ni->ni_vap;
2712 if (ni->ni_associd == 0) {
2715 KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap"));
2717 * It would be good to search the bitmap
2718 * more efficiently, but this will do for now.
2720 for (aid = 1; aid < vap->iv_max_aid; aid++) {
2721 if (!IEEE80211_AID_ISSET(vap, aid))
2724 if (aid >= vap->iv_max_aid) {
2725 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY);
2726 ieee80211_node_leave(ni);
2729 ni->ni_associd = aid | 0xc000;
2730 ni->ni_jointime = time_uptime;
2732 IEEE80211_AID_SET(vap, ni->ni_associd);
2733 vap->iv_sta_assoc++;
2736 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan))
2737 ieee80211_ht_node_join(ni);
2738 if (IEEE80211_IS_CHAN_VHT(ic->ic_bsschan))
2739 ieee80211_vht_node_join(ni);
2740 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) &&
2741 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan))
2742 ieee80211_node_join_11g(ni);
2743 IEEE80211_UNLOCK(ic);
2750 * XXX VHT - should log VHT channel width, etc
2752 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni,
2753 "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s%s%s",
2754 IEEE80211_NODE_AID(ni),
2755 ic->ic_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long",
2756 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long",
2757 ic->ic_flags & IEEE80211_F_USEPROT ? ", protection" : "",
2758 ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "",
2759 /* XXX update for VHT string */
2760 ni->ni_flags & IEEE80211_NODE_HT ?
2761 (ni->ni_chw == 40 ? ", HT40" : ", HT20") : "",
2762 ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "",
2763 ni->ni_flags & IEEE80211_NODE_MIMO_RTS ? " (+SMPS-DYN)" :
2764 ni->ni_flags & IEEE80211_NODE_MIMO_PS ? " (+SMPS)" : "",
2765 ni->ni_flags & IEEE80211_NODE_RIFS ? " (+RIFS)" : "",
2766 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ?
2767 ", fast-frames" : "",
2768 IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ?
2772 ieee80211_node_setuptxparms(ni);
2773 ieee80211_ratectl_node_init(ni);
2774 /* give driver a chance to setup state like ni_txrate */
2775 if (ic->ic_newassoc != NULL)
2776 ic->ic_newassoc(ni, newassoc);
2777 IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS);
2778 /* tell the authenticator about new station */
2779 if (vap->iv_auth->ia_node_join != NULL)
2780 vap->iv_auth->ia_node_join(ni);
2781 ieee80211_notify_node_join(ni,
2782 resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
2786 disable_protection(struct ieee80211com *ic)
2788 KASSERT(ic->ic_nonerpsta == 0 &&
2789 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0,
2790 ("%d non ERP stations, flags 0x%x", ic->ic_nonerpsta,
2793 ic->ic_flags &= ~IEEE80211_F_USEPROT;
2794 /* XXX verify mode? */
2795 if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) {
2796 ic->ic_flags |= IEEE80211_F_SHPREAMBLE;
2797 ic->ic_flags &= ~IEEE80211_F_USEBARKER;
2799 ieee80211_notify_erp_locked(ic);
2803 * Handle a station leaving an 11g network.
2806 ieee80211_node_leave_11g(struct ieee80211_node *ni)
2808 struct ieee80211com *ic = ni->ni_ic;
2810 IEEE80211_LOCK_ASSERT(ic);
2812 KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan),
2813 ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq,
2814 ic->ic_bsschan->ic_flags));
2817 * If a long slot station do the slot time bookkeeping.
2819 if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) {
2820 KASSERT(ic->ic_longslotsta > 0,
2821 ("bogus long slot station count %d", ic->ic_longslotsta));
2822 ic->ic_longslotsta--;
2823 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2824 "long slot time station leaves, count now %d",
2825 ic->ic_longslotsta);
2826 if (ic->ic_longslotsta == 0) {
2828 * Re-enable use of short slot time if supported
2829 * and not operating in IBSS mode (per spec).
2831 if ((ic->ic_caps & IEEE80211_C_SHSLOT) &&
2832 ic->ic_opmode != IEEE80211_M_IBSS) {
2833 IEEE80211_DPRINTF(ni->ni_vap,
2834 IEEE80211_MSG_ASSOC,
2835 "%s: re-enable use of short slot time\n",
2837 ieee80211_set_shortslottime(ic, 1);
2842 * If a non-ERP station do the protection-related bookkeeping.
2844 if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) {
2845 KASSERT(ic->ic_nonerpsta > 0,
2846 ("bogus non-ERP station count %d", ic->ic_nonerpsta));
2848 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2849 "non-ERP station leaves, count now %d%s", ic->ic_nonerpsta,
2850 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) ?
2851 " (non-ERP sta present)" : "");
2852 if (ic->ic_nonerpsta == 0 &&
2853 (ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) {
2854 IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC,
2855 "%s: disable use of protection\n", __func__);
2856 disable_protection(ic);
2862 * Time out presence of an overlapping bss with non-ERP
2863 * stations. When operating in hostap mode we listen for
2864 * beacons from other stations and if we identify a non-ERP
2865 * station is present we enable protection. To identify
2866 * when all non-ERP stations are gone we time out this
2870 ieee80211_erp_timeout(struct ieee80211com *ic)
2873 IEEE80211_LOCK_ASSERT(ic);
2875 if ((ic->ic_flags_ext & IEEE80211_FEXT_NONERP_PR) &&
2876 ieee80211_time_after(ticks, ic->ic_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) {
2878 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC, ni,
2879 "%s", "age out non-ERP sta present on channel");
2881 ic->ic_flags_ext &= ~IEEE80211_FEXT_NONERP_PR;
2882 if (ic->ic_nonerpsta == 0)
2883 disable_protection(ic);
2888 * Handle bookkeeping for station deauthentication/disassociation
2889 * when operating as an ap.
2892 ieee80211_node_leave(struct ieee80211_node *ni)
2894 struct ieee80211com *ic = ni->ni_ic;
2895 struct ieee80211vap *vap = ni->ni_vap;
2896 struct ieee80211_node_table *nt = ni->ni_table;
2898 IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni,
2899 "station with aid %d leaves", IEEE80211_NODE_AID(ni));
2901 KASSERT(vap->iv_opmode != IEEE80211_M_STA,
2902 ("unexpected operating mode %u", vap->iv_opmode));
2904 * If node wasn't previously associated all
2905 * we need to do is reclaim the reference.
2907 /* XXX ibss mode bypasses 11g and notification */
2908 if (ni->ni_associd == 0)
2911 * Tell the authenticator the station is leaving.
2912 * Note that we must do this before yanking the
2913 * association id as the authenticator uses the
2914 * associd to locate it's state block.
2916 if (vap->iv_auth->ia_node_leave != NULL)
2917 vap->iv_auth->ia_node_leave(ni);
2920 IEEE80211_AID_CLR(vap, ni->ni_associd);
2921 vap->iv_sta_assoc--;
2924 if (IEEE80211_IS_CHAN_VHT(ic->ic_bsschan))
2925 ieee80211_vht_node_leave(ni);
2926 if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan))
2927 ieee80211_ht_node_leave(ni);
2928 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) &&
2929 IEEE80211_IS_CHAN_FULL(ic->ic_bsschan))
2930 ieee80211_node_leave_11g(ni);
2931 IEEE80211_UNLOCK(ic);
2933 * Cleanup station state. In particular clear various
2934 * state that might otherwise be reused if the node
2935 * is reused before the reference count goes to zero
2936 * (and memory is reclaimed).
2938 ieee80211_sta_leave(ni);
2941 * Remove the node from any table it's recorded in and
2942 * drop the caller's reference. Removal from the table
2943 * is important to insure the node is not reprocessed
2947 IEEE80211_NODE_LOCK(nt);
2948 node_reclaim(nt, ni);
2949 IEEE80211_NODE_UNLOCK(nt);
2951 ieee80211_free_node(ni);
2956 uint32_t rssi_total;
2960 get_hostap_rssi(void *arg, struct ieee80211_node *ni)
2962 struct rssiinfo *info = arg;
2963 struct ieee80211vap *vap = ni->ni_vap;
2966 /* only associated stations */
2967 if (ni->ni_associd == 0)
2969 rssi = vap->iv_ic->ic_node_getrssi(ni);
2971 info->rssi_samples++;
2972 info->rssi_total += rssi;
2977 get_adhoc_rssi(void *arg, struct ieee80211_node *ni)
2979 struct rssiinfo *info = arg;
2980 struct ieee80211vap *vap = ni->ni_vap;
2983 /* only neighbors */
2984 /* XXX check bssid */
2985 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
2987 rssi = vap->iv_ic->ic_node_getrssi(ni);
2989 info->rssi_samples++;
2990 info->rssi_total += rssi;
2994 #ifdef IEEE80211_SUPPORT_MESH
2996 get_mesh_rssi(void *arg, struct ieee80211_node *ni)
2998 struct rssiinfo *info = arg;
2999 struct ieee80211vap *vap = ni->ni_vap;
3002 /* only neighbors that peered successfully */
3003 if (ni->ni_mlstate != IEEE80211_NODE_MESH_ESTABLISHED)
3005 rssi = vap->iv_ic->ic_node_getrssi(ni);
3007 info->rssi_samples++;
3008 info->rssi_total += rssi;
3011 #endif /* IEEE80211_SUPPORT_MESH */
3014 ieee80211_getrssi(struct ieee80211vap *vap)
3016 #define NZ(x) ((x) == 0 ? 1 : (x))
3017 struct ieee80211com *ic = vap->iv_ic;
3018 struct rssiinfo info;
3020 info.rssi_total = 0;
3021 info.rssi_samples = 0;
3022 switch (vap->iv_opmode) {
3023 case IEEE80211_M_IBSS: /* average of all ibss neighbors */
3024 case IEEE80211_M_AHDEMO: /* average of all neighbors */
3025 ieee80211_iterate_nodes_vap(&ic->ic_sta, vap, get_adhoc_rssi,
3028 case IEEE80211_M_HOSTAP: /* average of all associated stations */
3029 ieee80211_iterate_nodes_vap(&ic->ic_sta, vap, get_hostap_rssi,
3032 #ifdef IEEE80211_SUPPORT_MESH
3033 case IEEE80211_M_MBSS: /* average of all mesh neighbors */
3034 ieee80211_iterate_nodes_vap(&ic->ic_sta, vap, get_mesh_rssi,
3038 case IEEE80211_M_MONITOR: /* XXX */
3039 case IEEE80211_M_STA: /* use stats from associated ap */
3041 if (vap->iv_bss != NULL)
3042 info.rssi_total = ic->ic_node_getrssi(vap->iv_bss);
3043 info.rssi_samples = 1;
3046 return info.rssi_total / NZ(info.rssi_samples);
3051 ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise)
3054 if (vap->iv_bss == NULL) /* NB: shouldn't happen */
3056 vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise);
3057 /* for non-station mode return avg'd rssi accounting */
3058 if (vap->iv_opmode != IEEE80211_M_STA)
3059 *rssi = ieee80211_getrssi(vap);
projects / FreeBSD / FreeBSD.git / blob