ieee80211_node.c revision 1.35
1 /* $NetBSD: ieee80211_node.c,v 1.35 2004/10/04 07:17:41 dyoung Exp $ */ 2 /*- 3 * Copyright (c) 2001 Atsushi Onoe 4 * Copyright (c) 2002-2004 Sam Leffler, Errno Consulting 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. The name of the author may not be used to endorse or promote products 16 * derived from this software without specific prior written permission. 17 * 18 * Alternatively, this software may be distributed under the terms of the 19 * GNU General Public License ("GPL") version 2 as published by the Free 20 * Software Foundation. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 */ 33 34 #include <sys/cdefs.h> 35 #ifdef __FreeBSD__ 36 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_node.c,v 1.22 2004/04/05 04:15:55 sam Exp $"); 37 #else 38 __KERNEL_RCSID(0, "$NetBSD: ieee80211_node.c,v 1.35 2004/10/04 07:17:41 dyoung Exp $"); 39 #endif 40 41 #include "opt_inet.h" 42 43 #include <sys/param.h> 44 #include <sys/systm.h> 45 #include <sys/mbuf.h> 46 #include <sys/malloc.h> 47 #include <sys/kernel.h> 48 #include <sys/socket.h> 49 #include <sys/sockio.h> 50 #include <sys/endian.h> 51 #include <sys/errno.h> 52 #ifdef __FreeBSD__ 53 #include <sys/bus.h> 54 #endif 55 #include <sys/proc.h> 56 #include <sys/sysctl.h> 57 58 #ifdef __FreeBSD__ 59 #include <machine/atomic.h> 60 #endif 61 62 #include <net/if.h> 63 #include <net/if_dl.h> 64 #include <net/if_media.h> 65 #include <net/if_arp.h> 66 #ifdef __FreeBSD__ 67 #include <net/ethernet.h> 68 #else 69 #include <net/if_ether.h> 70 #endif 71 #include <net/if_llc.h> 72 73 #include <net80211/ieee80211_var.h> 74 #include <net80211/ieee80211_compat.h> 75 76 #include <net/bpf.h> 77 78 #ifdef INET 79 #include <netinet/in.h> 80 #ifdef __FreeBSD__ 81 #include <netinet/if_ether.h> 82 #else 83 #include <net/if_ether.h> 84 #endif 85 #endif 86 87 static struct ieee80211_node *ieee80211_node_alloc(struct ieee80211com *); 88 static void ieee80211_node_free(struct ieee80211com *, struct ieee80211_node *); 89 static void ieee80211_node_copy(struct ieee80211com *, 90 struct ieee80211_node *, const struct ieee80211_node *); 91 static u_int8_t ieee80211_node_getrssi(struct ieee80211com *, 92 struct ieee80211_node *); 93 94 static void ieee80211_setup_node(struct ieee80211com *ic, 95 struct ieee80211_node *ni, u_int8_t *macaddr); 96 static void ieee80211_free_node(struct ieee80211com *, 97 struct ieee80211_node *); 98 99 MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state"); 100 101 void 102 ieee80211_node_attach(struct ieee80211com *ic) 103 { 104 105 /* XXX need unit */ 106 IEEE80211_NODE_LOCK_INIT(ic, ic->ic_ifp->if_xname); 107 TAILQ_INIT(&ic->ic_node); 108 ic->ic_node_alloc = ieee80211_node_alloc; 109 ic->ic_node_free = ieee80211_node_free; 110 ic->ic_node_copy = ieee80211_node_copy; 111 ic->ic_node_getrssi = ieee80211_node_getrssi; 112 ic->ic_scangen = 1; 113 ic->ic_max_nnodes = ieee80211_cache_size; 114 115 if (ic->ic_max_aid == 0) 116 ic->ic_max_aid = IEEE80211_AID_DEF; 117 else if (ic->ic_max_aid > IEEE80211_AID_MAX) 118 ic->ic_max_aid = IEEE80211_AID_MAX; 119 MALLOC(ic->ic_aid_bitmap, u_int32_t *, 120 howmany(ic->ic_max_aid, 32) * sizeof(u_int32_t), 121 M_DEVBUF, M_NOWAIT | M_ZERO); 122 if (ic->ic_aid_bitmap == NULL) { 123 /* XXX no way to recover */ 124 printf("%s: no memory for AID bitmap!\n", __func__); 125 ic->ic_max_aid = 0; 126 } 127 } 128 129 static struct ieee80211_node * 130 ieee80211_alloc_node_helper(struct ieee80211com *ic) 131 { 132 struct ieee80211_node *ni; 133 if (ic->ic_nnodes >= ic->ic_max_nnodes) 134 ieee80211_clean_nodes(ic); 135 if (ic->ic_nnodes >= ic->ic_max_nnodes) 136 return NULL; 137 ni = (*ic->ic_node_alloc)(ic); 138 if (ni != NULL) 139 ic->ic_nnodes++; 140 return ni; 141 } 142 143 void 144 ieee80211_node_lateattach(struct ieee80211com *ic) 145 { 146 struct ieee80211_node *ni; 147 148 ni = ieee80211_alloc_node_helper(ic); 149 IASSERT(ni != NULL, ("unable to setup inital BSS node")); 150 ni->ni_chan = IEEE80211_CHAN_ANYC; 151 ic->ic_bss = ieee80211_ref_node(ni); 152 ic->ic_txpower = IEEE80211_TXPOWER_MAX; 153 } 154 155 void 156 ieee80211_node_detach(struct ieee80211com *ic) 157 { 158 159 if (ic->ic_bss != NULL) { 160 (*ic->ic_node_free)(ic, ic->ic_bss); 161 ic->ic_bss = NULL; 162 } 163 ieee80211_free_allnodes(ic); 164 IEEE80211_NODE_LOCK_DESTROY(ic); 165 if (ic->ic_aid_bitmap != NULL) 166 FREE(ic->ic_aid_bitmap, M_DEVBUF); 167 } 168 169 /* 170 * AP scanning support. 171 */ 172 173 /* 174 * Initialize the active channel set based on the set 175 * of available channels and the current PHY mode. 176 */ 177 static void 178 ieee80211_reset_scan(struct ieee80211com *ic) 179 { 180 181 memcpy(ic->ic_chan_scan, ic->ic_chan_active, 182 sizeof(ic->ic_chan_active)); 183 /* NB: hack, setup so next_scan starts with the first channel */ 184 if (ic->ic_bss->ni_chan == IEEE80211_CHAN_ANYC) 185 ic->ic_bss->ni_chan = &ic->ic_channels[IEEE80211_CHAN_MAX]; 186 } 187 188 /* 189 * Begin an active scan. 190 */ 191 void 192 ieee80211_begin_scan(struct ieee80211com *ic) 193 { 194 195 /* 196 * In all but hostap mode scanning starts off in 197 * an active mode before switching to passive. 198 */ 199 if (ic->ic_opmode != IEEE80211_M_HOSTAP) { 200 ic->ic_flags |= IEEE80211_F_ASCAN; 201 ic->ic_stats.is_scan_active++; 202 } else 203 ic->ic_stats.is_scan_passive++; 204 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, ("begin %s scan\n", 205 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive")); 206 /* 207 * Clear scan state and flush any previously seen 208 * AP's. Note that the latter assumes we don't act 209 * as both an AP and a station, otherwise we'll 210 * potentially flush state of stations associated 211 * with us. 212 */ 213 ieee80211_reset_scan(ic); 214 ieee80211_free_allnodes(ic); 215 216 /* Scan the next channel. */ 217 ieee80211_next_scan(ic); 218 } 219 220 /* 221 * Switch to the next channel marked for scanning. 222 */ 223 void 224 ieee80211_next_scan(struct ieee80211com *ic) 225 { 226 struct ieee80211_channel *chan; 227 228 chan = ic->ic_bss->ni_chan; 229 for (;;) { 230 if (++chan > &ic->ic_channels[IEEE80211_CHAN_MAX]) 231 chan = &ic->ic_channels[0]; 232 if (isset(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan))) { 233 /* 234 * Honor channels marked passive-only 235 * during an active scan. 236 */ 237 if ((ic->ic_flags & IEEE80211_F_ASCAN) == 0 || 238 (chan->ic_flags & IEEE80211_CHAN_PASSIVE) == 0) 239 break; 240 } 241 if (chan == ic->ic_bss->ni_chan) { 242 ieee80211_end_scan(ic); 243 return; 244 } 245 } 246 clrbit(ic->ic_chan_scan, ieee80211_chan2ieee(ic, chan)); 247 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 248 ("%s: chan %d->%d\n", __func__, 249 ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan), 250 ieee80211_chan2ieee(ic, chan))); 251 ic->ic_bss->ni_chan = chan; 252 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 253 } 254 255 void 256 ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) 257 { 258 struct ieee80211_node *ni; 259 260 ni = ic->ic_bss; 261 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, ("creating ibss\n")); 262 ic->ic_flags |= IEEE80211_F_SIBSS; 263 ni->ni_chan = chan; 264 ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 265 IEEE80211_ADDR_COPY(ni->ni_macaddr, ic->ic_myaddr); 266 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_myaddr); 267 if (ic->ic_opmode == IEEE80211_M_IBSS) { 268 if ((ic->ic_flags & IEEE80211_F_DESBSSID) != 0) 269 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_des_bssid); 270 else 271 ni->ni_bssid[0] |= 0x02; /* local bit for IBSS */ 272 } 273 ni->ni_esslen = ic->ic_des_esslen; 274 memcpy(ni->ni_essid, ic->ic_des_essid, ni->ni_esslen); 275 ni->ni_rssi = 0; 276 ni->ni_rstamp = 0; 277 memset(ni->ni_tstamp, 0, sizeof(ni->ni_tstamp)); 278 ni->ni_intval = ic->ic_lintval; 279 ni->ni_capinfo = IEEE80211_CAPINFO_IBSS; 280 if (ic->ic_flags & IEEE80211_F_PRIVACY) 281 ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY; 282 if (ic->ic_phytype == IEEE80211_T_FH) { 283 ni->ni_fhdwell = 200; /* XXX */ 284 ni->ni_fhindex = 1; 285 } 286 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 287 } 288 289 int 290 ieee80211_match_bss(struct ieee80211com *ic, struct ieee80211_node *ni) 291 { 292 u_int8_t rate; 293 int fail; 294 295 fail = 0; 296 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan))) 297 fail |= 0x01; 298 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 299 ni->ni_chan != ic->ic_des_chan) 300 fail |= 0x01; 301 if (ic->ic_opmode == IEEE80211_M_IBSS) { 302 if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 303 fail |= 0x02; 304 } else { 305 if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0) 306 fail |= 0x02; 307 } 308 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 309 if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 310 fail |= 0x04; 311 } else { 312 /* XXX does this mean privacy is supported or required? */ 313 if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) 314 fail |= 0x04; 315 } 316 rate = ieee80211_fix_rate(ic, ni, IEEE80211_F_DONEGO); 317 if (rate & IEEE80211_RATE_BASIC) 318 fail |= 0x08; 319 if (ic->ic_des_esslen != 0 && 320 (ni->ni_esslen != ic->ic_des_esslen || 321 memcmp(ni->ni_essid, ic->ic_des_essid, ic->ic_des_esslen) != 0)) 322 fail |= 0x10; 323 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 324 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ni->ni_bssid)) 325 fail |= 0x20; 326 #ifdef IEEE80211_DEBUG 327 if (ic->ic_if.if_flags & IFF_DEBUG) { 328 printf(" %c %s", fail ? '-' : '+', 329 ether_sprintf(ni->ni_macaddr)); 330 printf(" %s%c", ether_sprintf(ni->ni_bssid), 331 fail & 0x20 ? '!' : ' '); 332 printf(" %3d%c", ieee80211_chan2ieee(ic, ni->ni_chan), 333 fail & 0x01 ? '!' : ' '); 334 printf(" %+4d", ni->ni_rssi); 335 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 336 fail & 0x08 ? '!' : ' '); 337 printf(" %4s%c", 338 (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 339 (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 340 "????", 341 fail & 0x02 ? '!' : ' '); 342 printf(" %3s%c ", 343 (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 344 "wep" : "no", 345 fail & 0x04 ? '!' : ' '); 346 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 347 printf("%s\n", fail & 0x10 ? "!" : ""); 348 } 349 #endif 350 return fail; 351 } 352 353 /* 354 * Complete a scan of potential channels. 355 */ 356 void 357 ieee80211_end_scan(struct ieee80211com *ic) 358 { 359 struct ieee80211_node *ni, *nextbs, *selbs; 360 int i, fail; 361 362 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, ("end %s scan\n", 363 (ic->ic_flags & IEEE80211_F_ASCAN) ? "active" : "passive")); 364 365 ic->ic_flags &= ~IEEE80211_F_ASCAN; 366 ni = TAILQ_FIRST(&ic->ic_node); 367 368 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 369 /* XXX off stack? */ 370 u_char occupied[roundup(IEEE80211_CHAN_MAX, NBBY)]; 371 /* 372 * The passive scan to look for existing AP's completed, 373 * select a channel to camp on. Identify the channels 374 * that already have one or more AP's and try to locate 375 * an unnoccupied one. If that fails, pick a random 376 * channel from the active set. 377 */ 378 for (; ni != NULL; ni = nextbs) { 379 nextbs = TAILQ_NEXT(ni, ni_list); 380 setbit(occupied, ieee80211_chan2ieee(ic, ni->ni_chan)); 381 } 382 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 383 if (isset(ic->ic_chan_active, i) && isclr(occupied, i)) 384 break; 385 if (i == IEEE80211_CHAN_MAX) { 386 fail = arc4random() & 3; /* random 0-3 */ 387 for (i = 0; i < IEEE80211_CHAN_MAX; i++) 388 if (isset(ic->ic_chan_active, i) && fail-- == 0) 389 break; 390 } 391 ieee80211_create_ibss(ic, &ic->ic_channels[i]); 392 return; 393 } 394 if (ni == NULL) { 395 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 396 ("%s: no scan candidate\n", __func__)); 397 notfound: 398 if (ic->ic_opmode == IEEE80211_M_IBSS && 399 (ic->ic_flags & IEEE80211_F_IBSSON) && 400 ic->ic_des_esslen != 0) { 401 ieee80211_create_ibss(ic, ic->ic_ibss_chan); 402 return; 403 } 404 /* 405 * Reset the list of channels to scan and start again. 406 */ 407 ieee80211_reset_scan(ic); 408 ieee80211_next_scan(ic); 409 return; 410 } 411 selbs = NULL; 412 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 413 ("\tmacaddr bssid chan rssi rate flag wep essid\n")); 414 for (; ni != NULL; ni = nextbs) { 415 nextbs = TAILQ_NEXT(ni, ni_list); 416 if (ni->ni_fails) { 417 /* 418 * The configuration of the access points may change 419 * during my scan. So delete the entry for the AP 420 * and retry to associate if there is another beacon. 421 */ 422 if (ni->ni_fails++ > 2) 423 ieee80211_free_node(ic, ni); 424 continue; 425 } 426 if (ieee80211_match_bss(ic, ni) == 0) { 427 if (selbs == NULL) 428 selbs = ni; 429 else if (ni->ni_rssi > selbs->ni_rssi) 430 selbs = ni; 431 } 432 } 433 if (selbs == NULL) 434 goto notfound; 435 ieee80211_node_newstate(selbs, IEEE80211_STA_BSS); 436 (*ic->ic_node_copy)(ic, ic->ic_bss, selbs); 437 if (ic->ic_opmode == IEEE80211_M_IBSS) { 438 ieee80211_fix_rate(ic, ic->ic_bss, IEEE80211_F_DOFRATE | 439 IEEE80211_F_DONEGO | IEEE80211_F_DODEL); 440 if (ic->ic_bss->ni_rates.rs_nrates == 0) 441 goto notfound; 442 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 443 } else { 444 ieee80211_new_state(ic, IEEE80211_S_AUTH, -1); 445 } 446 } 447 448 int 449 ieee80211_get_rate(struct ieee80211com *ic) 450 { 451 u_int8_t (*rates)[IEEE80211_RATE_MAXSIZE]; 452 int rate; 453 454 rates = &ic->ic_bss->ni_rates.rs_rates; 455 456 if (ic->ic_fixed_rate != -1) 457 rate = (*rates)[ic->ic_fixed_rate]; 458 else if (ic->ic_state == IEEE80211_S_RUN) 459 rate = (*rates)[ic->ic_bss->ni_txrate]; 460 else 461 rate = 0; 462 463 return rate & IEEE80211_RATE_VAL; 464 } 465 466 static struct ieee80211_node * 467 ieee80211_node_alloc(struct ieee80211com *ic) 468 { 469 struct ieee80211_node *ni; 470 MALLOC(ni, struct ieee80211_node *, sizeof(struct ieee80211_node), 471 M_80211_NODE, M_NOWAIT | M_ZERO); 472 return ni; 473 } 474 475 static void 476 node_cleanup(struct ieee80211com *ic, struct ieee80211_node *ni) 477 { 478 if (ni->ni_challenge != NULL) { 479 FREE(ni->ni_challenge, M_DEVBUF); 480 ni->ni_challenge = NULL; 481 } 482 } 483 484 static void 485 ieee80211_node_free(struct ieee80211com *ic, struct ieee80211_node *ni) 486 { 487 node_cleanup(ic, ni); 488 FREE(ni, M_80211_NODE); 489 } 490 491 static void 492 ieee80211_node_copy(struct ieee80211com *ic, 493 struct ieee80211_node *dst, const struct ieee80211_node *src) 494 { 495 node_cleanup(ic, dst); 496 *dst = *src; 497 dst->ni_challenge = NULL; 498 } 499 500 static u_int8_t 501 ieee80211_node_getrssi(struct ieee80211com *ic, struct ieee80211_node *ni) 502 { 503 return ni->ni_rssi; 504 } 505 506 static void 507 ieee80211_setup_node(struct ieee80211com *ic, 508 struct ieee80211_node *ni, u_int8_t *macaddr) 509 { 510 int hash; 511 512 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 513 ("%s %s\n", __func__, ether_sprintf(macaddr))); 514 IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); 515 hash = IEEE80211_NODE_HASH(macaddr); 516 ieee80211_node_newstate(ni, IEEE80211_STA_CACHE); 517 518 IEEE80211_NODE_LOCK_BH(ic); 519 /* 520 * Note we don't enable the inactive timer when acting 521 * as a station. Nodes created in this mode represent 522 * AP's identified while scanning. If we time them out 523 * then several things happen: we can't return the data 524 * to users to show the list of AP's we encountered, and 525 * more importantly, we'll incorrectly deauthenticate 526 * ourself because the inactivity timer will kick us off. 527 */ 528 if (ic->ic_opmode != IEEE80211_M_STA && 529 TAILQ_EMPTY(&ic->ic_node)) 530 ic->ic_inact_timer = IEEE80211_INACT_WAIT; 531 TAILQ_INSERT_TAIL(&ic->ic_node, ni, ni_list); 532 LIST_INSERT_HEAD(&ic->ic_hash[hash], ni, ni_hash); 533 IEEE80211_NODE_UNLOCK_BH(ic); 534 } 535 536 struct ieee80211_node * 537 ieee80211_alloc_node(struct ieee80211com *ic, u_int8_t *macaddr) 538 { 539 struct ieee80211_node *ni = ieee80211_alloc_node_helper(ic); 540 if (ni != NULL) { 541 ieee80211_setup_node(ic, ni, macaddr); 542 } else 543 ic->ic_stats.is_rx_nodealloc++; 544 return ni; 545 } 546 547 struct ieee80211_node * 548 ieee80211_dup_bss(struct ieee80211com *ic, u_int8_t *macaddr) 549 { 550 struct ieee80211_node *ni = ieee80211_alloc_node_helper(ic); 551 if (ni != NULL) { 552 ieee80211_setup_node(ic, ni, macaddr); 553 /* 554 * Inherit from ic_bss. 555 */ 556 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 557 ni->ni_chan = ic->ic_bss->ni_chan; 558 } else 559 ic->ic_stats.is_rx_nodealloc++; 560 return ni; 561 } 562 563 static struct ieee80211_node * 564 _ieee80211_find_node(struct ieee80211com *ic, u_int8_t *macaddr) 565 { 566 struct ieee80211_node *ni; 567 int hash; 568 569 IEEE80211_NODE_LOCK_ASSERT(ic); 570 571 hash = IEEE80211_NODE_HASH(macaddr); 572 LIST_FOREACH(ni, &ic->ic_hash[hash], ni_hash) { 573 if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) { 574 /* least-recently used is at tail */ 575 TAILQ_REMOVE(&ic->ic_node, ni, ni_list); 576 TAILQ_INSERT_TAIL(&ic->ic_node, ni, ni_list); 577 return ni; 578 } 579 } 580 return NULL; 581 } 582 583 struct ieee80211_node * 584 ieee80211_find_node(struct ieee80211com *ic, u_int8_t *macaddr) 585 { 586 struct ieee80211_node *ni; 587 588 IEEE80211_NODE_LOCK(ic); 589 ni = _ieee80211_find_node(ic, macaddr); 590 IEEE80211_NODE_UNLOCK(ic); 591 return ni; 592 } 593 594 /* 595 * Return a reference to the appropriate node for sending 596 * a data frame. This handles node discovery in adhoc networks. 597 * 598 * Drivers will call this, so increase the reference count before 599 * returning the node. 600 */ 601 struct ieee80211_node * 602 ieee80211_find_txnode(struct ieee80211com *ic, u_int8_t *macaddr) 603 { 604 struct ieee80211_node *ni; 605 606 /* 607 * The destination address should be in the node table 608 * unless we are operating in station mode or this is a 609 * multicast/broadcast frame. 610 */ 611 if (ic->ic_opmode == IEEE80211_M_STA || IEEE80211_IS_MULTICAST(macaddr)) 612 return ieee80211_ref_node(ic->ic_bss); 613 614 /* XXX can't hold lock across dup_bss 'cuz of recursive locking */ 615 IEEE80211_NODE_LOCK(ic); 616 ni = _ieee80211_find_node(ic, macaddr); 617 IEEE80211_NODE_UNLOCK(ic); 618 if (ni == NULL) { 619 if (ic->ic_opmode != IEEE80211_M_IBSS && 620 ic->ic_opmode != IEEE80211_M_AHDEMO) 621 return NULL; 622 /* 623 * Fake up a node; this handles node discovery in 624 * adhoc mode. Note that for the driver's benefit 625 * we we treat this like an association so the driver 626 * has an opportunity to setup it's private state. 627 * 628 * XXX need better way to handle this; issue probe 629 * request so we can deduce rate set, etc. 630 */ 631 if ((ni = ieee80211_dup_bss(ic, macaddr)) == NULL) 632 return NULL; 633 /* XXX no rate negotiation; just dup */ 634 ni->ni_rates = ic->ic_bss->ni_rates; 635 if (ic->ic_newassoc) 636 (*ic->ic_newassoc)(ic, ni, 1); 637 } 638 return ieee80211_ref_node(ni); 639 } 640 641 /* 642 * It is usually desirable to process a Rx packet using its sender's 643 * node-record instead of the BSS record. 644 * 645 * - AP mode: keep a node-record for every authenticated/associated 646 * station *in the BSS*. For future use, we also track neighboring 647 * APs, since they might belong to the same ESS. APs in the same 648 * ESS may bridge packets to each other, forming a Wireless 649 * Distribution System (WDS). 650 * 651 * - IBSS mode: keep a node-record for every station *in the BSS*. 652 * Also track neighboring stations by their beacons/probe responses. 653 * 654 * - monitor mode: keep a node-record for every sender, regardless 655 * of BSS. 656 * 657 * - STA mode: the only available node-record is the BSS record, 658 * ic->ic_bss. 659 * 660 * Of all the 802.11 Control packets, only the node-records for 661 * RTS packets node-record can be looked up. 662 * 663 * Return non-zero if the packet's node-record is kept, zero 664 * otherwise. 665 */ 666 static __inline int 667 ieee80211_needs_rxnode(struct ieee80211com *ic, struct ieee80211_frame *wh, 668 u_int8_t **bssid) 669 { 670 struct ieee80211_node *bss = ic->ic_bss; 671 int monitor, rc = 0; 672 673 monitor = (ic->ic_opmode == IEEE80211_M_MONITOR); 674 675 *bssid = NULL; 676 677 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 678 case IEEE80211_FC0_TYPE_CTL: 679 if (!monitor) 680 break; 681 return (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 682 IEEE80211_FC0_SUBTYPE_RTS; 683 case IEEE80211_FC0_TYPE_MGT: 684 *bssid = wh->i_addr3; 685 switch (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) { 686 case IEEE80211_FC0_SUBTYPE_BEACON: 687 case IEEE80211_FC0_SUBTYPE_PROBE_RESP: 688 rc = 1; 689 break; 690 default: 691 if (ic->ic_opmode == IEEE80211_M_STA) 692 break; 693 rc = IEEE80211_ADDR_EQ(*bssid, bss->ni_bssid) || 694 IEEE80211_ADDR_EQ(*bssid, etherbroadcastaddr); 695 break; 696 } 697 break; 698 case IEEE80211_FC0_TYPE_DATA: 699 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 700 case IEEE80211_FC1_DIR_NODS: 701 *bssid = wh->i_addr3; 702 if (ic->ic_opmode == IEEE80211_M_IBSS || 703 ic->ic_opmode == IEEE80211_M_AHDEMO) 704 rc = IEEE80211_ADDR_EQ(*bssid, bss->ni_bssid); 705 break; 706 case IEEE80211_FC1_DIR_TODS: 707 *bssid = wh->i_addr1; 708 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 709 rc = IEEE80211_ADDR_EQ(*bssid, bss->ni_bssid); 710 break; 711 case IEEE80211_FC1_DIR_FROMDS: 712 case IEEE80211_FC1_DIR_DSTODS: 713 *bssid = wh->i_addr2; 714 rc = (ic->ic_opmode == IEEE80211_M_HOSTAP); 715 break; 716 } 717 break; 718 } 719 return monitor || rc; 720 } 721 722 /* Drivers call this, so increase the reference count before returning 723 * the node. 724 */ 725 struct ieee80211_node * 726 ieee80211_find_rxnode(struct ieee80211com *ic, struct ieee80211_frame *wh) 727 { 728 struct ieee80211_node *ni; 729 const static u_int8_t zero[IEEE80211_ADDR_LEN]; 730 u_int8_t *bssid; 731 732 if (!ieee80211_needs_rxnode(ic, wh, &bssid)) 733 return ieee80211_ref_node(ic->ic_bss); 734 735 IEEE80211_NODE_LOCK(ic); 736 ni = _ieee80211_find_node(ic, wh->i_addr2); 737 IEEE80211_NODE_UNLOCK(ic); 738 739 if (ni != NULL) 740 return ieee80211_ref_node(ni); 741 742 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 743 return ieee80211_ref_node(ic->ic_bss); 744 745 /* XXX see remarks in ieee80211_find_txnode */ 746 /* XXX no rate negotiation; just dup */ 747 if ((ni = ieee80211_dup_bss(ic, wh->i_addr2)) == NULL) 748 return ieee80211_ref_node(ic->ic_bss); 749 750 IEEE80211_ADDR_COPY(ni->ni_bssid, (bssid != NULL) ? bssid : zero); 751 752 ni->ni_rates = ic->ic_bss->ni_rates; 753 if (ic->ic_newassoc) 754 (*ic->ic_newassoc)(ic, ni, 1); 755 756 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 757 ("%s: faked-up node %p for %s\n", __func__, ni, 758 ether_sprintf(wh->i_addr2))); 759 760 return ieee80211_ref_node(ni); 761 } 762 763 /* 764 * Like find but search based on the channel too. 765 */ 766 struct ieee80211_node * 767 ieee80211_find_node_for_beacon(struct ieee80211com *ic, u_int8_t *macaddr, 768 struct ieee80211_channel *chan, char *ssid) 769 { 770 struct ieee80211_node *ni, *best; 771 int hash; 772 int best_score, score; 773 774 best = NULL; 775 best_score = -1; 776 777 hash = IEEE80211_NODE_HASH(macaddr); 778 IEEE80211_NODE_LOCK(ic); 779 LIST_FOREACH(ni, &ic->ic_hash[hash], ni_hash) { 780 if (!IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) 781 continue; 782 783 score = (ni->ni_chan == chan) ? 1 : 0; 784 785 if (ssid[1] == 0 || ni->ni_esslen == 0) 786 score++; 787 else if (ssid[1] != ni->ni_esslen || 788 memcmp(ssid + 2, ni->ni_essid, ssid[1]) != 0) 789 continue; 790 791 if (score > best_score) { 792 if (best != NULL) 793 (void)ieee80211_node_decref(best); 794 best = ieee80211_ref_node(ni); 795 best_score = score; 796 } 797 } 798 IEEE80211_NODE_UNLOCK(ic); 799 return best; 800 } 801 802 static void 803 ieee80211_free_node(struct ieee80211com *ic, struct ieee80211_node *ni) 804 { 805 IASSERT(ni != ic->ic_bss, ("freeing bss node")); 806 807 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 808 ("%s %s\n", __func__, ether_sprintf(ni->ni_macaddr))); 809 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 810 TAILQ_REMOVE(&ic->ic_node, ni, ni_list); 811 LIST_REMOVE(ni, ni_hash); 812 ic->ic_nnodes--; 813 if (!IF_IS_EMPTY(&ni->ni_savedq)) { 814 IF_PURGE(&ni->ni_savedq); 815 if (ic->ic_set_tim) 816 (*ic->ic_set_tim)(ic, ni->ni_associd, 0); 817 } 818 if (TAILQ_EMPTY(&ic->ic_node)) 819 ic->ic_inact_timer = 0; 820 (*ic->ic_node_free)(ic, ni); 821 /* TBD indicate to drivers that a new node can be allocated */ 822 } 823 824 void 825 ieee80211_release_node(struct ieee80211com *ic, struct ieee80211_node *ni) 826 { 827 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 828 ("%s %s refcnt %d\n", __func__, 829 ether_sprintf(ni->ni_macaddr), ni->ni_refcnt)); 830 if (ieee80211_node_decref(ni) == 0 && 831 ni->ni_state == IEEE80211_STA_COLLECT) { 832 IEEE80211_NODE_LOCK_BH(ic); 833 ieee80211_free_node(ic, ni); 834 IEEE80211_NODE_UNLOCK_BH(ic); 835 } 836 } 837 838 void 839 ieee80211_free_allnodes(struct ieee80211com *ic) 840 { 841 struct ieee80211_node *ni; 842 843 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, ("free all nodes\n")); 844 IEEE80211_NODE_LOCK_BH(ic); 845 while ((ni = TAILQ_FIRST(&ic->ic_node)) != NULL) 846 ieee80211_free_node(ic, ni); 847 IEEE80211_NODE_UNLOCK_BH(ic); 848 849 if (ic->ic_bss != NULL) 850 node_cleanup(ic, ic->ic_bss); /* for station mode */ 851 } 852 853 /* 854 * Timeout inactive nodes. Note that we cannot hold the node 855 * lock while sending a frame as this would lead to a LOR. 856 * Instead we use a generation number to mark nodes that we've 857 * scanned and drop the lock and restart a scan if we have to 858 * time out a node. Since we are single-threaded by virtue of 859 * controlling the inactivity timer we can be sure this will 860 * process each node only once. 861 */ 862 void 863 ieee80211_clean_nodes(struct ieee80211com *ic) 864 { 865 struct ieee80211_node *ni; 866 u_int gen = ic->ic_scangen++; /* NB: ok 'cuz single-threaded*/ 867 868 restart: 869 IEEE80211_NODE_LOCK(ic); 870 TAILQ_FOREACH(ni, &ic->ic_node, ni_list) { 871 if (ic->ic_nnodes <= ic->ic_max_nnodes) 872 break; 873 if (ni->ni_scangen == gen) /* previously handled */ 874 continue; 875 ni->ni_scangen = gen; 876 if (ni->ni_refcnt > 0) 877 continue; 878 IEEE80211_DPRINTF(ic, IEEE80211_MSG_NODE, 879 ("station %s purged from LRU cache\n", 880 ether_sprintf(ni->ni_macaddr))); 881 /* 882 * Send a deauthenticate frame. 883 * 884 * Drop the node lock before sending the 885 * deauthentication frame in case the driver takes 886 * a lock, as this will result in a LOR between the 887 * node lock and the driver lock. 888 */ 889 IEEE80211_NODE_UNLOCK(ic); 890 if (ic->ic_opmode == IEEE80211_M_HOSTAP) { 891 IEEE80211_SEND_MGMT(ic, ni, 892 IEEE80211_FC0_SUBTYPE_DEAUTH, 893 IEEE80211_REASON_AUTH_EXPIRE); 894 ieee80211_node_leave(ic, ni); 895 } else 896 ieee80211_free_node(ic, ni); 897 ic->ic_stats.is_node_timeout++; 898 goto restart; 899 } 900 IEEE80211_NODE_UNLOCK(ic); 901 } 902 903 void 904 ieee80211_iterate_nodes(struct ieee80211com *ic, ieee80211_iter_func *f, void *arg) 905 { 906 struct ieee80211_node *ni; 907 908 IEEE80211_NODE_LOCK(ic); 909 TAILQ_FOREACH(ni, &ic->ic_node, ni_list) 910 (*f)(arg, ni); 911 IEEE80211_NODE_UNLOCK(ic); 912 } 913 914 void 915 ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, int resp) 916 { 917 int newassoc; 918 919 if (ni->ni_associd == 0) { 920 u_int16_t aid; 921 922 /* 923 * It would be clever to search the bitmap 924 * more efficiently, but this will do for now. 925 */ 926 for (aid = 1; aid < ic->ic_max_aid; aid++) { 927 if (!IEEE80211_AID_ISSET(aid, 928 ic->ic_aid_bitmap)) 929 break; 930 } 931 if (aid >= ic->ic_max_aid) { 932 IEEE80211_SEND_MGMT(ic, ni, resp, 933 IEEE80211_REASON_ASSOC_TOOMANY); 934 ieee80211_node_leave(ic, ni); 935 return; 936 } 937 ni->ni_associd = aid | 0xc000; 938 IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); 939 newassoc = 1; 940 /* XXX for 11g must turn off short slot time if long 941 slot time sta associates */ 942 } else 943 newassoc = 0; 944 945 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, 946 ("station %s %s associated at aid %d\n", 947 ether_sprintf(ni->ni_macaddr), 948 (newassoc ? "newly" : "already"), 949 ni->ni_associd & ~0xc000)); 950 951 /* give driver a chance to setup state like ni_txrate */ 952 if (ic->ic_newassoc) 953 (*ic->ic_newassoc)(ic, ni, newassoc); 954 IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); 955 ieee80211_node_newstate(ni, IEEE80211_STA_ASSOC); 956 } 957 958 /* 959 * Handle bookkeeping for station deauthentication/disassociation 960 * when operating as an ap. 961 */ 962 void 963 ieee80211_node_leave(struct ieee80211com *ic, struct ieee80211_node *ni) 964 { 965 966 IASSERT(ic->ic_opmode == IEEE80211_M_HOSTAP, 967 ("not in ap mode, mode %u", ic->ic_opmode)); 968 /* 969 * If node wasn't previously associated all 970 * we need to do is reclaim the reference. 971 */ 972 if (ni->ni_associd == 0) 973 return; 974 IEEE80211_AID_CLR(ni->ni_associd, ic->ic_aid_bitmap); 975 ni->ni_associd = 0; 976 ieee80211_node_newstate(ni, IEEE80211_STA_COLLECT); 977 } 978
Indexes created Tue Sep 23 14:10:03 GMT 2025