1 /* $OpenBSD: ieee80211_proto.c,v 1.108 2022/03/14 15:07:24 stsp Exp $ */ 2 /* $NetBSD: ieee80211_proto.c,v 1.8 2004/04/30 23:58:20 dyoung Exp $ */ 3 4 /*- 5 * Copyright (c) 2001 Atsushi Onoe 6 * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting 7 * Copyright (c) 2008, 2009 Damien Bergamini 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * IEEE 802.11 protocol support. 35 */ 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/mbuf.h> 40 #include <sys/kernel.h> 41 #include <sys/socket.h> 42 #include <sys/sockio.h> 43 #include <sys/endian.h> 44 #include <sys/errno.h> 45 #include <sys/sysctl.h> 46 #ifdef __HAIKU__ 47 #include <sys/task.h> 48 #endif 49 50 #include <net/if.h> 51 #include <net/if_dl.h> 52 #include <net/if_media.h> 53 #include <net/if_llc.h> 54 #include <net/route.h> 55 56 #include <netinet/in.h> 57 #include <netinet/if_ether.h> 58 59 #include <net80211/ieee80211_var.h> 60 #include <net80211/ieee80211_priv.h> 61 62 const char * const ieee80211_mgt_subtype_name[] = { 63 "assoc_req", "assoc_resp", "reassoc_req", "reassoc_resp", 64 "probe_req", "probe_resp", "reserved#6", "reserved#7", 65 "beacon", "atim", "disassoc", "auth", 66 "deauth", "action", "action_noack", "reserved#15" 67 }; 68 const char * const ieee80211_state_name[IEEE80211_S_MAX] = { 69 "INIT", /* IEEE80211_S_INIT */ 70 "SCAN", /* IEEE80211_S_SCAN */ 71 "AUTH", /* IEEE80211_S_AUTH */ 72 "ASSOC", /* IEEE80211_S_ASSOC */ 73 "RUN" /* IEEE80211_S_RUN */ 74 }; 75 const char * const ieee80211_phymode_name[] = { 76 "auto", /* IEEE80211_MODE_AUTO */ 77 "11a", /* IEEE80211_MODE_11A */ 78 "11b", /* IEEE80211_MODE_11B */ 79 "11g", /* IEEE80211_MODE_11G */ 80 "11n", /* IEEE80211_MODE_11N */ 81 "11ac", /* IEEE80211_MODE_11AC */ 82 }; 83 84 void ieee80211_set_beacon_miss_threshold(struct ieee80211com *); 85 int ieee80211_newstate(struct ieee80211com *, enum ieee80211_state, int); 86 87 void 88 ieee80211_proto_attach(struct ifnet *ifp) 89 { 90 struct ieee80211com *ic = (void *)ifp; 91 92 mq_init(&ic->ic_mgtq, IFQ_MAXLEN, IPL_NET); 93 mq_init(&ic->ic_pwrsaveq, IFQ_MAXLEN, IPL_NET); 94 95 ifp->if_hdrlen = sizeof(struct ieee80211_frame); 96 97 ic->ic_rtsthreshold = IEEE80211_RTS_MAX; 98 ic->ic_fragthreshold = 2346; /* XXX not used yet */ 99 ic->ic_fixed_rate = -1; /* no fixed rate */ 100 ic->ic_fixed_mcs = -1; /* no fixed mcs */ 101 ic->ic_protmode = IEEE80211_PROT_CTSONLY; 102 103 /* protocol state change handler */ 104 ic->ic_newstate = ieee80211_newstate; 105 106 /* initialize management frame handlers */ 107 ic->ic_recv_mgmt = ieee80211_recv_mgmt; 108 ic->ic_send_mgmt = ieee80211_send_mgmt; 109 } 110 111 void 112 ieee80211_proto_detach(struct ifnet *ifp) 113 { 114 struct ieee80211com *ic = (void *)ifp; 115 116 mq_purge(&ic->ic_mgtq); 117 mq_purge(&ic->ic_pwrsaveq); 118 } 119 120 void 121 ieee80211_print_essid(const u_int8_t *essid, int len) 122 { 123 int i; 124 const u_int8_t *p; 125 126 if (len > IEEE80211_NWID_LEN) 127 len = IEEE80211_NWID_LEN; 128 /* determine printable or not */ 129 for (i = 0, p = essid; i < len; i++, p++) { 130 if (*p < ' ' || *p > 0x7e) 131 break; 132 } 133 if (i == len) { 134 printf("\""); 135 for (i = 0, p = essid; i < len; i++, p++) 136 printf("%c", *p); 137 printf("\""); 138 } else { 139 printf("0x"); 140 for (i = 0, p = essid; i < len; i++, p++) 141 printf("%02x", *p); 142 } 143 } 144 145 #ifdef IEEE80211_DEBUG 146 void 147 ieee80211_dump_pkt(const u_int8_t *buf, int len, int rate, int rssi) 148 { 149 struct ieee80211_frame *wh; 150 int i; 151 152 wh = (struct ieee80211_frame *)buf; 153 switch (wh->i_fc[1] & IEEE80211_FC1_DIR_MASK) { 154 case IEEE80211_FC1_DIR_NODS: 155 printf("NODS %s", ether_sprintf(wh->i_addr2)); 156 printf("->%s", ether_sprintf(wh->i_addr1)); 157 printf("(%s)", ether_sprintf(wh->i_addr3)); 158 break; 159 case IEEE80211_FC1_DIR_TODS: 160 printf("TODS %s", ether_sprintf(wh->i_addr2)); 161 printf("->%s", ether_sprintf(wh->i_addr3)); 162 printf("(%s)", ether_sprintf(wh->i_addr1)); 163 break; 164 case IEEE80211_FC1_DIR_FROMDS: 165 printf("FRDS %s", ether_sprintf(wh->i_addr3)); 166 printf("->%s", ether_sprintf(wh->i_addr1)); 167 printf("(%s)", ether_sprintf(wh->i_addr2)); 168 break; 169 case IEEE80211_FC1_DIR_DSTODS: 170 printf("DSDS %s", ether_sprintf((u_int8_t *)&wh[1])); 171 printf("->%s", ether_sprintf(wh->i_addr3)); 172 printf("(%s", ether_sprintf(wh->i_addr2)); 173 printf("->%s)", ether_sprintf(wh->i_addr1)); 174 break; 175 } 176 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 177 case IEEE80211_FC0_TYPE_DATA: 178 printf(" data"); 179 break; 180 case IEEE80211_FC0_TYPE_MGT: 181 printf(" %s", ieee80211_mgt_subtype_name[ 182 (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) 183 >> IEEE80211_FC0_SUBTYPE_SHIFT]); 184 break; 185 default: 186 printf(" type#%d", wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK); 187 break; 188 } 189 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 190 printf(" WEP"); 191 if (rate >= 0) 192 printf(" %d%sM", rate / 2, (rate & 1) ? ".5" : ""); 193 if (rssi >= 0) 194 printf(" +%d", rssi); 195 printf("\n"); 196 if (len > 0) { 197 for (i = 0; i < len; i++) { 198 if ((i & 1) == 0) 199 printf(" "); 200 printf("%02x", buf[i]); 201 } 202 printf("\n"); 203 } 204 } 205 #endif 206 207 int 208 ieee80211_fix_rate(struct ieee80211com *ic, struct ieee80211_node *ni, 209 int flags) 210 { 211 #define RV(v) ((v) & IEEE80211_RATE_VAL) 212 int i, j, ignore, error; 213 int okrate, badrate, fixedrate; 214 const struct ieee80211_rateset *srs; 215 struct ieee80211_rateset *nrs; 216 u_int8_t r; 217 218 /* 219 * If the fixed rate check was requested but no fixed rate has been 220 * defined then just remove the check. 221 */ 222 if ((flags & IEEE80211_F_DOFRATE) && ic->ic_fixed_rate == -1) 223 flags &= ~IEEE80211_F_DOFRATE; 224 225 error = 0; 226 okrate = badrate = fixedrate = 0; 227 srs = &ic->ic_sup_rates[ieee80211_chan2mode(ic, ni->ni_chan)]; 228 nrs = &ni->ni_rates; 229 for (i = 0; i < nrs->rs_nrates; ) { 230 ignore = 0; 231 if (flags & IEEE80211_F_DOSORT) { 232 /* 233 * Sort rates. 234 */ 235 for (j = i + 1; j < nrs->rs_nrates; j++) { 236 if (RV(nrs->rs_rates[i]) > 237 RV(nrs->rs_rates[j])) { 238 r = nrs->rs_rates[i]; 239 nrs->rs_rates[i] = nrs->rs_rates[j]; 240 nrs->rs_rates[j] = r; 241 } 242 } 243 } 244 r = nrs->rs_rates[i] & IEEE80211_RATE_VAL; 245 badrate = r; 246 if (flags & IEEE80211_F_DOFRATE) { 247 /* 248 * Check fixed rate is included. 249 */ 250 if (r == RV(srs->rs_rates[ic->ic_fixed_rate])) 251 fixedrate = r; 252 } 253 if (flags & IEEE80211_F_DONEGO) { 254 /* 255 * Check against supported rates. 256 */ 257 for (j = 0; j < srs->rs_nrates; j++) { 258 if (r == RV(srs->rs_rates[j])) { 259 /* 260 * Overwrite with the supported rate 261 * value so any basic rate bit is set. 262 * This insures that response we send 263 * to stations have the necessary basic 264 * rate bit set. 265 */ 266 nrs->rs_rates[i] = srs->rs_rates[j]; 267 break; 268 } 269 } 270 if (j == srs->rs_nrates) { 271 /* 272 * A rate in the node's rate set is not 273 * supported. If this is a basic rate and we 274 * are operating as an AP then this is an error. 275 * Otherwise we just discard/ignore the rate. 276 * Note that this is important for 11b stations 277 * when they want to associate with an 11g AP. 278 */ 279 #ifndef IEEE80211_STA_ONLY 280 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 281 (nrs->rs_rates[i] & IEEE80211_RATE_BASIC)) 282 error++; 283 #endif 284 ignore++; 285 } 286 } 287 if (flags & IEEE80211_F_DODEL) { 288 /* 289 * Delete unacceptable rates. 290 */ 291 if (ignore) { 292 nrs->rs_nrates--; 293 for (j = i; j < nrs->rs_nrates; j++) 294 nrs->rs_rates[j] = nrs->rs_rates[j + 1]; 295 nrs->rs_rates[j] = 0; 296 continue; 297 } 298 } 299 if (!ignore) 300 okrate = nrs->rs_rates[i]; 301 i++; 302 } 303 if (okrate == 0 || error != 0 || 304 ((flags & IEEE80211_F_DOFRATE) && fixedrate == 0)) 305 return badrate | IEEE80211_RATE_BASIC; 306 else 307 return RV(okrate); 308 #undef RV 309 } 310 311 /* 312 * Reset 11g-related state. 313 */ 314 void 315 ieee80211_reset_erp(struct ieee80211com *ic) 316 { 317 ic->ic_flags &= ~IEEE80211_F_USEPROT; 318 319 ieee80211_set_shortslottime(ic, 320 ic->ic_curmode == IEEE80211_MODE_11A || 321 (ic->ic_curmode == IEEE80211_MODE_11N && 322 IEEE80211_IS_CHAN_5GHZ(ic->ic_ibss_chan)) 323 #ifndef IEEE80211_STA_ONLY 324 || 325 ((ic->ic_curmode == IEEE80211_MODE_11G || 326 (ic->ic_curmode == IEEE80211_MODE_11N && 327 IEEE80211_IS_CHAN_2GHZ(ic->ic_ibss_chan))) && 328 ic->ic_opmode == IEEE80211_M_HOSTAP && 329 (ic->ic_caps & IEEE80211_C_SHSLOT)) 330 #endif 331 ); 332 333 if (ic->ic_curmode == IEEE80211_MODE_11A || 334 (ic->ic_curmode == IEEE80211_MODE_11N && 335 IEEE80211_IS_CHAN_5GHZ(ic->ic_ibss_chan)) || 336 (ic->ic_caps & IEEE80211_C_SHPREAMBLE)) 337 ic->ic_flags |= IEEE80211_F_SHPREAMBLE; 338 else 339 ic->ic_flags &= ~IEEE80211_F_SHPREAMBLE; 340 } 341 342 /* 343 * Set the short slot time state and notify the driver. 344 */ 345 void 346 ieee80211_set_shortslottime(struct ieee80211com *ic, int on) 347 { 348 if (on) 349 ic->ic_flags |= IEEE80211_F_SHSLOT; 350 else 351 ic->ic_flags &= ~IEEE80211_F_SHSLOT; 352 353 /* notify the driver */ 354 if (ic->ic_updateslot != NULL) 355 ic->ic_updateslot(ic); 356 } 357 358 /* 359 * This function is called by the 802.1X PACP machine (via an ioctl) when 360 * the transmit key machine (4-Way Handshake for 802.11) should run. 361 */ 362 int 363 ieee80211_keyrun(struct ieee80211com *ic, u_int8_t *macaddr) 364 { 365 struct ieee80211_node *ni = ic->ic_bss; 366 #ifndef IEEE80211_STA_ONLY 367 struct ieee80211_pmk *pmk; 368 #endif 369 370 /* STA must be associated or AP must be ready */ 371 if (ic->ic_state != IEEE80211_S_RUN || 372 !(ic->ic_flags & IEEE80211_F_RSNON)) 373 return ENETDOWN; 374 375 ni->ni_rsn_supp_state = RSNA_SUPP_PTKSTART; 376 #ifndef IEEE80211_STA_ONLY 377 if (ic->ic_opmode == IEEE80211_M_STA) 378 #endif 379 return 0; /* supplicant only, do nothing */ 380 381 #ifndef IEEE80211_STA_ONLY 382 /* find the STA with which we must start the key exchange */ 383 if ((ni = ieee80211_find_node(ic, macaddr)) == NULL) { 384 DPRINTF(("no node found for %s\n", ether_sprintf(macaddr))); 385 return EINVAL; 386 } 387 /* check that the STA is in the correct state */ 388 if (ni->ni_state != IEEE80211_STA_ASSOC || 389 ni->ni_rsn_state != RSNA_AUTHENTICATION_2) { 390 DPRINTF(("unexpected in state %d\n", ni->ni_rsn_state)); 391 return EINVAL; 392 } 393 ni->ni_rsn_state = RSNA_INITPMK; 394 395 /* make sure a PMK is available for this STA, otherwise deauth it */ 396 if ((pmk = ieee80211_pmksa_find(ic, ni, NULL)) == NULL) { 397 DPRINTF(("no PMK available for %s\n", ether_sprintf(macaddr))); 398 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, 399 IEEE80211_REASON_AUTH_LEAVE); 400 ieee80211_node_leave(ic, ni); 401 return EINVAL; 402 } 403 memcpy(ni->ni_pmk, pmk->pmk_key, IEEE80211_PMK_LEN); 404 memcpy(ni->ni_pmkid, pmk->pmk_pmkid, IEEE80211_PMKID_LEN); 405 ni->ni_flags |= IEEE80211_NODE_PMK; 406 407 /* initiate key exchange (4-Way Handshake) with STA */ 408 return ieee80211_send_4way_msg1(ic, ni); 409 #endif /* IEEE80211_STA_ONLY */ 410 } 411 412 #ifndef IEEE80211_STA_ONLY 413 /* 414 * Initiate a group key handshake with a node. 415 */ 416 static void 417 ieee80211_node_gtk_rekey(void *arg, struct ieee80211_node *ni) 418 { 419 struct ieee80211com *ic = arg; 420 421 if (ni->ni_state != IEEE80211_STA_ASSOC || 422 ni->ni_rsn_gstate != RSNA_IDLE) 423 return; 424 425 /* initiate a group key handshake with STA */ 426 ni->ni_flags |= IEEE80211_NODE_REKEY; 427 if (ieee80211_send_group_msg1(ic, ni) != 0) 428 ni->ni_flags &= ~IEEE80211_NODE_REKEY; 429 } 430 431 /* 432 * This function is called in HostAP mode when the group key needs to be 433 * changed. 434 */ 435 void 436 ieee80211_setkeys(struct ieee80211com *ic) 437 { 438 struct ieee80211_key *k; 439 u_int8_t kid; 440 int rekeysta = 0; 441 442 /* Swap(GM, GN) */ 443 kid = (ic->ic_def_txkey == 1) ? 2 : 1; 444 k = &ic->ic_nw_keys[kid]; 445 memset(k, 0, sizeof(*k)); 446 k->k_id = kid; 447 k->k_cipher = ic->ic_bss->ni_rsngroupcipher; 448 k->k_flags = IEEE80211_KEY_GROUP | IEEE80211_KEY_TX; 449 k->k_len = ieee80211_cipher_keylen(k->k_cipher); 450 arc4random_buf(k->k_key, k->k_len); 451 452 if (ic->ic_caps & IEEE80211_C_MFP) { 453 /* Swap(GM_igtk, GN_igtk) */ 454 kid = (ic->ic_igtk_kid == 4) ? 5 : 4; 455 k = &ic->ic_nw_keys[kid]; 456 memset(k, 0, sizeof(*k)); 457 k->k_id = kid; 458 k->k_cipher = ic->ic_bss->ni_rsngroupmgmtcipher; 459 k->k_flags = IEEE80211_KEY_IGTK | IEEE80211_KEY_TX; 460 k->k_len = 16; 461 arc4random_buf(k->k_key, k->k_len); 462 } 463 464 ieee80211_iterate_nodes(ic, ieee80211_node_gtk_rekey, ic); 465 ieee80211_iterate_nodes(ic, ieee80211_count_rekeysta, &rekeysta); 466 if (rekeysta == 0) 467 ieee80211_setkeysdone(ic); 468 } 469 470 /* 471 * The group key handshake has been completed with all associated stations. 472 */ 473 void 474 ieee80211_setkeysdone(struct ieee80211com *ic) 475 { 476 u_int8_t kid; 477 478 /* install GTK */ 479 kid = (ic->ic_def_txkey == 1) ? 2 : 1; 480 switch ((*ic->ic_set_key)(ic, ic->ic_bss, &ic->ic_nw_keys[kid])) { 481 case 0: 482 case EBUSY: 483 ic->ic_def_txkey = kid; 484 break; 485 default: 486 break; 487 } 488 489 if (ic->ic_caps & IEEE80211_C_MFP) { 490 /* install IGTK */ 491 kid = (ic->ic_igtk_kid == 4) ? 5 : 4; 492 switch ((*ic->ic_set_key)(ic, ic->ic_bss, &ic->ic_nw_keys[kid])) { 493 case 0: 494 case EBUSY: 495 ic->ic_igtk_kid = kid; 496 break; 497 default: 498 break; 499 } 500 } 501 } 502 503 /* 504 * Group key lifetime has expired, update it. 505 */ 506 void 507 ieee80211_gtk_rekey_timeout(void *arg) 508 { 509 struct ieee80211com *ic = arg; 510 int s; 511 512 s = splnet(); 513 ieee80211_setkeys(ic); 514 splx(s); 515 516 /* re-schedule a GTK rekeying after 3600s */ 517 timeout_add_sec(&ic->ic_rsn_timeout, 3600); 518 } 519 520 void 521 ieee80211_sa_query_timeout(void *arg) 522 { 523 struct ieee80211_node *ni = arg; 524 struct ieee80211com *ic = ni->ni_ic; 525 int s; 526 527 s = splnet(); 528 if (++ni->ni_sa_query_count >= 3) { 529 ni->ni_flags &= ~IEEE80211_NODE_SA_QUERY; 530 ni->ni_flags |= IEEE80211_NODE_SA_QUERY_FAILED; 531 } else /* retry SA Query Request */ 532 ieee80211_sa_query_request(ic, ni); 533 splx(s); 534 } 535 536 /* 537 * Request that a SA Query Request frame be sent to a specified peer STA 538 * to which the STA is associated. 539 */ 540 void 541 ieee80211_sa_query_request(struct ieee80211com *ic, struct ieee80211_node *ni) 542 { 543 /* MLME-SAQuery.request */ 544 545 if (!(ni->ni_flags & IEEE80211_NODE_SA_QUERY)) { 546 ni->ni_flags |= IEEE80211_NODE_SA_QUERY; 547 ni->ni_flags &= ~IEEE80211_NODE_SA_QUERY_FAILED; 548 ni->ni_sa_query_count = 0; 549 } 550 /* generate new Transaction Identifier */ 551 ni->ni_sa_query_trid++; 552 553 /* send SA Query Request */ 554 IEEE80211_SEND_ACTION(ic, ni, IEEE80211_CATEG_SA_QUERY, 555 IEEE80211_ACTION_SA_QUERY_REQ, 0); 556 timeout_add_msec(&ni->ni_sa_query_to, 10); 557 } 558 #endif /* IEEE80211_STA_ONLY */ 559 560 void 561 ieee80211_ht_negotiate(struct ieee80211com *ic, struct ieee80211_node *ni) 562 { 563 int i; 564 565 ni->ni_flags &= ~(IEEE80211_NODE_HT | IEEE80211_NODE_HT_SGI20 | 566 IEEE80211_NODE_HT_SGI40); 567 568 /* Check if we support HT. */ 569 if ((ic->ic_modecaps & (1 << IEEE80211_MODE_11N)) == 0) 570 return; 571 572 /* Check if HT support has been explicitly disabled. */ 573 if ((ic->ic_flags & IEEE80211_F_HTON) == 0) 574 return; 575 576 /* 577 * Check if the peer supports HT. 578 * Require at least one of the mandatory MCS. 579 * MCS 0-7 are mandatory but some APs have particular MCS disabled. 580 */ 581 if (!ieee80211_node_supports_ht(ni)) { 582 ic->ic_stats.is_ht_nego_no_mandatory_mcs++; 583 return; 584 } 585 586 if (ic->ic_opmode == IEEE80211_M_STA) { 587 /* We must support the AP's basic MCS set. */ 588 for (i = 0; i < IEEE80211_HT_NUM_MCS; i++) { 589 if (isset(ni->ni_basic_mcs, i) && 590 !isset(ic->ic_sup_mcs, i)) { 591 ic->ic_stats.is_ht_nego_no_basic_mcs++; 592 return; 593 } 594 } 595 } 596 597 /* 598 * Don't allow group cipher (includes WEP) or TKIP 599 * for pairwise encryption (see 802.11-2012 11.1.6). 600 */ 601 if (ic->ic_flags & IEEE80211_F_WEPON) { 602 ic->ic_stats.is_ht_nego_bad_crypto++; 603 return; 604 } 605 if ((ic->ic_flags & IEEE80211_F_RSNON) && 606 (ni->ni_rsnciphers & IEEE80211_CIPHER_USEGROUP || 607 ni->ni_rsnciphers & IEEE80211_CIPHER_TKIP)) { 608 ic->ic_stats.is_ht_nego_bad_crypto++; 609 return; 610 } 611 612 ni->ni_flags |= IEEE80211_NODE_HT; 613 614 if (ieee80211_node_supports_ht_sgi20(ni) && 615 (ic->ic_htcaps & IEEE80211_HTCAP_SGI20)) 616 ni->ni_flags |= IEEE80211_NODE_HT_SGI20; 617 if (ieee80211_node_supports_ht_sgi40(ni) && 618 (ic->ic_htcaps & IEEE80211_HTCAP_SGI40)) 619 ni->ni_flags |= IEEE80211_NODE_HT_SGI40; 620 } 621 622 void 623 ieee80211_vht_negotiate(struct ieee80211com *ic, struct ieee80211_node *ni) 624 { 625 int n; 626 627 ni->ni_flags &= ~(IEEE80211_NODE_VHT | IEEE80211_NODE_VHT_SGI80 | 628 IEEE80211_NODE_VHT_SGI160); 629 630 /* Check if we support VHT. */ 631 if ((ic->ic_modecaps & (1 << IEEE80211_MODE_11AC)) == 0) 632 return; 633 634 /* Check if VHT support has been explicitly disabled. */ 635 if ((ic->ic_flags & IEEE80211_F_VHTON) == 0) 636 return; 637 638 /* 639 * Check if the peer supports VHT. 640 * MCS 0-7 for a single spatial stream are mandatory. 641 */ 642 if (!ieee80211_node_supports_vht(ni)) { 643 ic->ic_stats.is_vht_nego_no_mandatory_mcs++; 644 return; 645 } 646 647 if (ic->ic_opmode == IEEE80211_M_STA) { 648 /* We must support the AP's basic MCS set. */ 649 for (n = 1; n <= IEEE80211_VHT_NUM_SS; n++) { 650 uint16_t basic_mcs = (ni->ni_vht_basic_mcs & 651 IEEE80211_VHT_MCS_FOR_SS_MASK(n)) >> 652 IEEE80211_VHT_MCS_FOR_SS_SHIFT(n); 653 uint16_t rx_mcs = (ic->ic_vht_rxmcs & 654 IEEE80211_VHT_MCS_FOR_SS_MASK(n)) >> 655 IEEE80211_VHT_MCS_FOR_SS_SHIFT(n); 656 if (basic_mcs != IEEE80211_VHT_MCS_SS_NOT_SUPP && 657 basic_mcs > rx_mcs) { 658 ic->ic_stats.is_vht_nego_no_basic_mcs++; 659 return; 660 } 661 } 662 } 663 664 ni->ni_flags |= IEEE80211_NODE_VHT; 665 666 if ((ni->ni_vhtcaps & IEEE80211_VHTCAP_SGI80) && 667 (ic->ic_vhtcaps & IEEE80211_VHTCAP_SGI80)) 668 ni->ni_flags |= IEEE80211_NODE_VHT_SGI80; 669 if ((ni->ni_vhtcaps & IEEE80211_VHTCAP_SGI160) && 670 (ic->ic_vhtcaps & IEEE80211_VHTCAP_SGI160)) 671 ni->ni_flags |= IEEE80211_NODE_VHT_SGI160; 672 } 673 674 void 675 ieee80211_tx_ba_timeout(void *arg) 676 { 677 struct ieee80211_tx_ba *ba = arg; 678 struct ieee80211_node *ni = ba->ba_ni; 679 struct ieee80211com *ic = ni->ni_ic; 680 u_int8_t tid; 681 int s; 682 683 s = splnet(); 684 tid = ((caddr_t)ba - (caddr_t)ni->ni_tx_ba) / sizeof(*ba); 685 if (ba->ba_state == IEEE80211_BA_REQUESTED) { 686 /* MLME-ADDBA.confirm(TIMEOUT) */ 687 ba->ba_state = IEEE80211_BA_INIT; 688 if (ni->ni_addba_req_intval[tid] < 689 IEEE80211_ADDBA_REQ_INTVAL_MAX) 690 ni->ni_addba_req_intval[tid]++; 691 /* 692 * In case the peer believes there is an existing 693 * block ack agreement with us, try to delete it. 694 */ 695 IEEE80211_SEND_ACTION(ic, ni, IEEE80211_CATEG_BA, 696 IEEE80211_ACTION_DELBA, 697 IEEE80211_REASON_SETUP_REQUIRED << 16 | 1 << 8 | tid); 698 } else if (ba->ba_state == IEEE80211_BA_AGREED) { 699 /* Block Ack inactivity timeout */ 700 ic->ic_stats.is_ht_tx_ba_timeout++; 701 ieee80211_delba_request(ic, ni, IEEE80211_REASON_TIMEOUT, 702 1, tid); 703 } 704 splx(s); 705 } 706 707 void 708 ieee80211_rx_ba_timeout(void *arg) 709 { 710 struct ieee80211_rx_ba *ba = arg; 711 struct ieee80211_node *ni = ba->ba_ni; 712 struct ieee80211com *ic = ni->ni_ic; 713 u_int8_t tid; 714 int s; 715 716 ic->ic_stats.is_ht_rx_ba_timeout++; 717 718 s = splnet(); 719 720 /* Block Ack inactivity timeout */ 721 tid = ((caddr_t)ba - (caddr_t)ni->ni_rx_ba) / sizeof(*ba); 722 ieee80211_delba_request(ic, ni, IEEE80211_REASON_TIMEOUT, 0, tid); 723 724 splx(s); 725 } 726 727 /* 728 * Request initiation of Block Ack with the specified peer. 729 */ 730 int 731 ieee80211_addba_request(struct ieee80211com *ic, struct ieee80211_node *ni, 732 u_int16_t ssn, u_int8_t tid) 733 { 734 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 735 736 if (ba->ba_state != IEEE80211_BA_INIT) 737 return EBUSY; 738 739 /* MLME-ADDBA.request */ 740 741 /* setup Block Ack */ 742 ba->ba_ni = ni; 743 ba->ba_state = IEEE80211_BA_REQUESTED; 744 ba->ba_token = ic->ic_dialog_token++; 745 ba->ba_timeout_val = 0; 746 timeout_set(&ba->ba_to, ieee80211_tx_ba_timeout, ba); 747 ba->ba_winsize = IEEE80211_BA_MAX_WINSZ; 748 ba->ba_winstart = ssn; 749 ba->ba_winend = (ba->ba_winstart + ba->ba_winsize - 1) & 0xfff; 750 ba->ba_params = 751 (ba->ba_winsize << IEEE80211_ADDBA_BUFSZ_SHIFT) | 752 (tid << IEEE80211_ADDBA_TID_SHIFT); 753 ba->ba_params |= IEEE80211_ADDBA_AMSDU; 754 if ((ic->ic_htcaps & IEEE80211_HTCAP_DELAYEDBA) == 0) 755 /* immediate BA */ 756 ba->ba_params |= IEEE80211_ADDBA_BA_POLICY; 757 758 if ((ic->ic_caps & IEEE80211_C_ADDBA_OFFLOAD) && 759 ic->ic_ampdu_tx_start != NULL) { 760 int err = ic->ic_ampdu_tx_start(ic, ni, tid); 761 if (err && err != EBUSY) { 762 /* driver failed to setup, rollback */ 763 ieee80211_addba_resp_refuse(ic, ni, tid, 764 IEEE80211_STATUS_UNSPECIFIED); 765 } else if (err == 0) 766 ieee80211_addba_resp_accept(ic, ni, tid); 767 return err; /* The device will send an ADDBA frame. */ 768 } 769 770 timeout_add_sec(&ba->ba_to, 1); /* dot11ADDBAResponseTimeout */ 771 IEEE80211_SEND_ACTION(ic, ni, IEEE80211_CATEG_BA, 772 IEEE80211_ACTION_ADDBA_REQ, tid); 773 return 0; 774 } 775 776 /* 777 * Request the deletion of Block Ack with a peer and notify driver. 778 */ 779 void 780 ieee80211_delba_request(struct ieee80211com *ic, struct ieee80211_node *ni, 781 u_int16_t reason, u_int8_t dir, u_int8_t tid) 782 { 783 /* MLME-DELBA.request */ 784 785 if (reason) { 786 /* transmit a DELBA frame */ 787 IEEE80211_SEND_ACTION(ic, ni, IEEE80211_CATEG_BA, 788 IEEE80211_ACTION_DELBA, reason << 16 | dir << 8 | tid); 789 } 790 if (dir) { 791 /* MLME-DELBA.confirm(Originator) */ 792 if (ic->ic_ampdu_tx_stop != NULL) 793 ic->ic_ampdu_tx_stop(ic, ni, tid); 794 ieee80211_node_tx_ba_clear(ni, tid); 795 } else { 796 /* MLME-DELBA.confirm(Recipient) */ 797 struct ieee80211_rx_ba *ba = &ni->ni_rx_ba[tid]; 798 int i; 799 800 if (ic->ic_ampdu_rx_stop != NULL) 801 ic->ic_ampdu_rx_stop(ic, ni, tid); 802 803 ba->ba_state = IEEE80211_BA_INIT; 804 /* stop Block Ack inactivity timer */ 805 timeout_del(&ba->ba_to); 806 timeout_del(&ba->ba_gap_to); 807 808 if (ba->ba_buf != NULL) { 809 /* free all MSDUs stored in reordering buffer */ 810 for (i = 0; i < IEEE80211_BA_MAX_WINSZ; i++) 811 m_freem(ba->ba_buf[i].m); 812 /* free reordering buffer */ 813 free(ba->ba_buf, M_DEVBUF, 814 IEEE80211_BA_MAX_WINSZ * sizeof(*ba->ba_buf)); 815 ba->ba_buf = NULL; 816 } 817 } 818 } 819 820 #ifndef IEEE80211_STA_ONLY 821 void 822 ieee80211_auth_open_confirm(struct ieee80211com *ic, 823 struct ieee80211_node *ni, uint16_t seq) 824 { 825 struct ifnet *ifp = &ic->ic_if; 826 827 IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1); 828 if (ifp->if_flags & IFF_DEBUG) 829 printf("%s: station %s %s authenticated (open)\n", 830 ifp->if_xname, 831 ether_sprintf((u_int8_t *)ni->ni_macaddr), 832 ni->ni_state != IEEE80211_STA_CACHE ? 833 "newly" : "already"); 834 ieee80211_node_newstate(ni, IEEE80211_STA_AUTH); 835 } 836 #endif 837 838 void 839 ieee80211_try_another_bss(struct ieee80211com *ic) 840 { 841 struct ieee80211_node *curbs, *selbs; 842 struct ifnet *ifp = &ic->ic_if; 843 844 /* Don't select our current AP again. */ 845 curbs = ieee80211_find_node(ic, ic->ic_bss->ni_macaddr); 846 if (curbs) { 847 curbs->ni_fails++; 848 ieee80211_node_newstate(curbs, IEEE80211_STA_CACHE); 849 } 850 851 /* Try a different AP from the same ESS if available. */ 852 if (ic->ic_caps & IEEE80211_C_SCANALLBAND) { 853 /* 854 * Make sure we will consider APs on all bands during 855 * access point selection in ieee80211_node_choose_bss(). 856 * During multi-band scans, our previous AP may be trying 857 * to steer us onto another band by denying authentication. 858 */ 859 ieee80211_setmode(ic, IEEE80211_MODE_AUTO); 860 } 861 selbs = ieee80211_node_choose_bss(ic, 0, NULL); 862 if (selbs == NULL) 863 return; 864 865 /* Should not happen but seriously, don't try the same AP again. */ 866 if (memcmp(selbs->ni_macaddr, ic->ic_bss->ni_macaddr, 867 IEEE80211_NWID_LEN) == 0) 868 return; 869 870 if (ifp->if_flags & IFF_DEBUG) 871 printf("%s: trying AP %s on channel %d instead\n", 872 ifp->if_xname, ether_sprintf(selbs->ni_macaddr), 873 ieee80211_chan2ieee(ic, selbs->ni_chan)); 874 875 /* Triggers an AUTH->AUTH transition, avoiding another SCAN. */ 876 ieee80211_node_join_bss(ic, selbs); 877 } 878 879 void 880 ieee80211_auth_open(struct ieee80211com *ic, const struct ieee80211_frame *wh, 881 struct ieee80211_node *ni, struct ieee80211_rxinfo *rxi, u_int16_t seq, 882 u_int16_t status) 883 { 884 struct ifnet *ifp = &ic->ic_if; 885 switch (ic->ic_opmode) { 886 #ifndef IEEE80211_STA_ONLY 887 case IEEE80211_M_IBSS: 888 if (ic->ic_state != IEEE80211_S_RUN || 889 seq != IEEE80211_AUTH_OPEN_REQUEST) { 890 DPRINTF(("discard auth from %s; state %u, seq %u\n", 891 ether_sprintf((u_int8_t *)wh->i_addr2), 892 ic->ic_state, seq)); 893 ic->ic_stats.is_rx_bad_auth++; 894 return; 895 } 896 ieee80211_new_state(ic, IEEE80211_S_AUTH, 897 wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 898 899 /* In IBSS mode no (re)association frames are sent. */ 900 if (ic->ic_flags & IEEE80211_F_RSNON) 901 ni->ni_rsn_supp_state = RSNA_SUPP_PTKSTART; 902 break; 903 904 case IEEE80211_M_AHDEMO: 905 /* should not come here */ 906 break; 907 908 case IEEE80211_M_HOSTAP: 909 if (ic->ic_state != IEEE80211_S_RUN || 910 seq != IEEE80211_AUTH_OPEN_REQUEST) { 911 DPRINTF(("discard auth from %s; state %u, seq %u\n", 912 ether_sprintf((u_int8_t *)wh->i_addr2), 913 ic->ic_state, seq)); 914 ic->ic_stats.is_rx_bad_auth++; 915 return; 916 } 917 if (ni == ic->ic_bss) { 918 ni = ieee80211_find_node(ic, wh->i_addr2); 919 if (ni == NULL) 920 ni = ieee80211_alloc_node(ic, wh->i_addr2); 921 if (ni == NULL) { 922 return; 923 } 924 IEEE80211_ADDR_COPY(ni->ni_bssid, ic->ic_bss->ni_bssid); 925 ni->ni_rssi = rxi->rxi_rssi; 926 ni->ni_rstamp = rxi->rxi_tstamp; 927 ni->ni_chan = ic->ic_bss->ni_chan; 928 } 929 930 /* 931 * Drivers may want to set up state before confirming. 932 * In which case this returns EBUSY and the driver will 933 * later call ieee80211_auth_open_confirm() by itself. 934 */ 935 if (ic->ic_newauth && ic->ic_newauth(ic, ni, 936 ni->ni_state != IEEE80211_STA_CACHE, seq) != 0) 937 break; 938 ieee80211_auth_open_confirm(ic, ni, seq); 939 break; 940 #endif /* IEEE80211_STA_ONLY */ 941 942 case IEEE80211_M_STA: 943 if (ic->ic_state != IEEE80211_S_AUTH || 944 seq != IEEE80211_AUTH_OPEN_RESPONSE) { 945 ic->ic_stats.is_rx_bad_auth++; 946 DPRINTF(("discard auth from %s; state %u, seq %u\n", 947 ether_sprintf((u_int8_t *)wh->i_addr2), 948 ic->ic_state, seq)); 949 return; 950 } 951 if (ic->ic_flags & IEEE80211_F_RSNON) { 952 /* XXX not here! */ 953 ic->ic_bss->ni_flags &= ~IEEE80211_NODE_TXRXPROT; 954 ic->ic_bss->ni_port_valid = 0; 955 ic->ic_bss->ni_replaycnt_ok = 0; 956 (*ic->ic_delete_key)(ic, ic->ic_bss, 957 &ic->ic_bss->ni_pairwise_key); 958 } 959 if (status != 0) { 960 if (ifp->if_flags & IFF_DEBUG) 961 printf("%s: open authentication failed " 962 "(status %d) for %s\n", ifp->if_xname, 963 status, 964 ether_sprintf((u_int8_t *)wh->i_addr3)); 965 if (ni != ic->ic_bss) 966 ni->ni_fails++; 967 else 968 ieee80211_try_another_bss(ic); 969 ic->ic_stats.is_rx_auth_fail++; 970 return; 971 } 972 ieee80211_new_state(ic, IEEE80211_S_ASSOC, 973 wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK); 974 break; 975 default: 976 break; 977 } 978 } 979 980 void 981 ieee80211_set_beacon_miss_threshold(struct ieee80211com *ic) 982 { 983 struct ifnet *ifp = &ic->ic_if; 984 985 /* 986 * Scale the missed beacon counter threshold to the AP's actual 987 * beacon interval. 988 */ 989 int btimeout = MIN(IEEE80211_BEACON_MISS_THRES * ic->ic_bss->ni_intval, 990 IEEE80211_BEACON_MISS_THRES * (IEEE80211_DUR_TU / 10)); 991 /* Ensure that at least one beacon may be missed. */ 992 btimeout = MAX(btimeout, 2 * ic->ic_bss->ni_intval); 993 if (ic->ic_bss->ni_intval > 0) /* don't crash if interval is bogus */ 994 ic->ic_bmissthres = btimeout / ic->ic_bss->ni_intval; 995 996 if (ifp->if_flags & IFF_DEBUG) 997 printf("%s: missed beacon threshold set to %d beacons, " 998 "beacon interval is %u TU\n", ifp->if_xname, 999 ic->ic_bmissthres, ic->ic_bss->ni_intval); 1000 } 1001 1002 /* Tell our peer, and the driver, to stop A-MPDU Tx for all TIDs. */ 1003 void 1004 ieee80211_stop_ampdu_tx(struct ieee80211com *ic, struct ieee80211_node *ni, 1005 int mgt) 1006 { 1007 int tid; 1008 1009 for (tid = 0; tid < nitems(ni->ni_tx_ba); tid++) { 1010 struct ieee80211_tx_ba *ba = &ni->ni_tx_ba[tid]; 1011 if (ba->ba_state != IEEE80211_BA_AGREED) 1012 continue; 1013 1014 if (ic->ic_caps & IEEE80211_C_ADDBA_OFFLOAD) { 1015 if (ic->ic_ampdu_tx_stop != NULL) 1016 ic->ic_ampdu_tx_stop(ic, ni, tid); 1017 continue; /* Don't change ba->ba_state! */ 1018 } 1019 1020 ieee80211_delba_request(ic, ni, 1021 mgt == -1 ? 0 : IEEE80211_REASON_AUTH_LEAVE, 1, tid); 1022 } 1023 } 1024 1025 void 1026 ieee80211_check_wpa_supplicant_failure(struct ieee80211com *ic, 1027 struct ieee80211_node *ni) 1028 { 1029 struct ieee80211_node *ni2; 1030 1031 if (ic->ic_opmode != IEEE80211_M_STA 1032 #ifndef IEEE80211_STA_ONLY 1033 && ic->ic_opmode != IEEE80211_M_IBSS 1034 #endif 1035 ) 1036 return; 1037 1038 if (ni->ni_rsn_supp_state != RSNA_SUPP_PTKNEGOTIATING) 1039 return; 1040 1041 ni->ni_assoc_fail |= IEEE80211_NODE_ASSOCFAIL_WPA_KEY; 1042 1043 if (ni != ic->ic_bss) 1044 return; 1045 1046 /* Also update the copy of our AP's node in the node cache. */ 1047 ni2 = ieee80211_find_node(ic, ic->ic_bss->ni_macaddr); 1048 if (ni2) 1049 ni2->ni_assoc_fail |= ic->ic_bss->ni_assoc_fail; 1050 } 1051 1052 int 1053 ieee80211_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, 1054 int mgt) 1055 { 1056 struct ifnet *ifp = &ic->ic_if; 1057 struct ieee80211_node *ni; 1058 enum ieee80211_state ostate; 1059 u_int rate; 1060 #ifndef IEEE80211_STA_ONLY 1061 int s; 1062 #endif 1063 1064 ostate = ic->ic_state; 1065 #ifdef __FreeBSD_version 1066 if (bootverbose || ifp->if_flags & IFF_DEBUG) 1067 #else 1068 if (ifp->if_flags & IFF_DEBUG) 1069 #endif 1070 printf("%s: %s -> %s\n", ifp->if_xname, 1071 ieee80211_state_name[ostate], ieee80211_state_name[nstate]); 1072 ic->ic_state = nstate; /* state transition */ 1073 ni = ic->ic_bss; /* NB: no reference held */ 1074 ieee80211_set_link_state(ic, LINK_STATE_DOWN); 1075 ic->ic_xflags &= ~IEEE80211_F_TX_MGMT_ONLY; 1076 switch (nstate) { 1077 case IEEE80211_S_INIT: 1078 /* 1079 * If mgt = -1, driver is already partway down, so do 1080 * not send management frames. 1081 */ 1082 switch (ostate) { 1083 case IEEE80211_S_INIT: 1084 break; 1085 case IEEE80211_S_RUN: 1086 if (mgt == -1) 1087 goto justcleanup; 1088 ieee80211_stop_ampdu_tx(ic, ni, mgt); 1089 ieee80211_ba_del(ni); 1090 switch (ic->ic_opmode) { 1091 case IEEE80211_M_STA: 1092 IEEE80211_SEND_MGMT(ic, ni, 1093 IEEE80211_FC0_SUBTYPE_DISASSOC, 1094 IEEE80211_REASON_ASSOC_LEAVE); 1095 break; 1096 #ifndef IEEE80211_STA_ONLY 1097 case IEEE80211_M_HOSTAP: 1098 s = splnet(); 1099 RBT_FOREACH(ni, ieee80211_tree, &ic->ic_tree) { 1100 if (ni->ni_state != IEEE80211_STA_ASSOC) 1101 continue; 1102 IEEE80211_SEND_MGMT(ic, ni, 1103 IEEE80211_FC0_SUBTYPE_DISASSOC, 1104 IEEE80211_REASON_ASSOC_LEAVE); 1105 } 1106 splx(s); 1107 break; 1108 #endif 1109 default: 1110 break; 1111 } 1112 /* FALLTHROUGH */ 1113 case IEEE80211_S_ASSOC: 1114 if (mgt == -1) 1115 goto justcleanup; 1116 switch (ic->ic_opmode) { 1117 case IEEE80211_M_STA: 1118 IEEE80211_SEND_MGMT(ic, ni, 1119 IEEE80211_FC0_SUBTYPE_DEAUTH, 1120 IEEE80211_REASON_AUTH_LEAVE); 1121 break; 1122 #ifndef IEEE80211_STA_ONLY 1123 case IEEE80211_M_HOSTAP: 1124 s = splnet(); 1125 RBT_FOREACH(ni, ieee80211_tree, &ic->ic_tree) { 1126 IEEE80211_SEND_MGMT(ic, ni, 1127 IEEE80211_FC0_SUBTYPE_DEAUTH, 1128 IEEE80211_REASON_AUTH_LEAVE); 1129 } 1130 splx(s); 1131 break; 1132 #endif 1133 default: 1134 break; 1135 } 1136 /* FALLTHROUGH */ 1137 case IEEE80211_S_AUTH: 1138 case IEEE80211_S_SCAN: 1139 justcleanup: 1140 #ifndef IEEE80211_STA_ONLY 1141 if (ic->ic_opmode == IEEE80211_M_HOSTAP) 1142 timeout_del(&ic->ic_rsn_timeout); 1143 #endif 1144 ieee80211_ba_del(ni); 1145 timeout_del(&ic->ic_bgscan_timeout); 1146 ic->ic_bgscan_fail = 0; 1147 ic->ic_mgt_timer = 0; 1148 mq_purge(&ic->ic_mgtq); 1149 mq_purge(&ic->ic_pwrsaveq); 1150 ieee80211_free_allnodes(ic, 1); 1151 break; 1152 } 1153 ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE; 1154 ni->ni_assoc_fail = 0; 1155 if (ic->ic_flags & IEEE80211_F_RSNON) 1156 ieee80211_crypto_clear_groupkeys(ic); 1157 break; 1158 case IEEE80211_S_SCAN: 1159 ic->ic_flags &= ~IEEE80211_F_SIBSS; 1160 /* initialize bss for probe request */ 1161 IEEE80211_ADDR_COPY(ni->ni_macaddr, etherbroadcastaddr); 1162 IEEE80211_ADDR_COPY(ni->ni_bssid, etherbroadcastaddr); 1163 ni->ni_rates = ic->ic_sup_rates[ 1164 ieee80211_chan2mode(ic, ni->ni_chan)]; 1165 ni->ni_associd = 0; 1166 ni->ni_rstamp = 0; 1167 ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE; 1168 if (ic->ic_flags & IEEE80211_F_RSNON) 1169 ieee80211_crypto_clear_groupkeys(ic); 1170 switch (ostate) { 1171 case IEEE80211_S_INIT: 1172 #ifndef IEEE80211_STA_ONLY 1173 if (ic->ic_opmode == IEEE80211_M_HOSTAP && 1174 ic->ic_des_chan != IEEE80211_CHAN_ANYC) { 1175 /* 1176 * AP operation and we already have a channel; 1177 * bypass the scan and startup immediately. 1178 */ 1179 ieee80211_create_ibss(ic, ic->ic_des_chan); 1180 } else 1181 #endif 1182 ieee80211_begin_scan(ifp); 1183 break; 1184 case IEEE80211_S_SCAN: 1185 /* scan next */ 1186 if (ic->ic_flags & IEEE80211_F_ASCAN) { 1187 IEEE80211_SEND_MGMT(ic, ni, 1188 IEEE80211_FC0_SUBTYPE_PROBE_REQ, 0); 1189 } 1190 break; 1191 case IEEE80211_S_RUN: 1192 /* beacon miss */ 1193 if (ifp->if_flags & IFF_DEBUG) { 1194 /* XXX bssid clobbered above */ 1195 printf("%s: no recent beacons from %s;" 1196 " rescanning\n", ifp->if_xname, 1197 ether_sprintf(ic->ic_bss->ni_bssid)); 1198 } 1199 timeout_del(&ic->ic_bgscan_timeout); 1200 ic->ic_bgscan_fail = 0; 1201 ieee80211_stop_ampdu_tx(ic, ni, mgt); 1202 ieee80211_free_allnodes(ic, 1); 1203 /* FALLTHROUGH */ 1204 case IEEE80211_S_AUTH: 1205 case IEEE80211_S_ASSOC: 1206 /* timeout restart scan */ 1207 ni = ieee80211_find_node(ic, ic->ic_bss->ni_macaddr); 1208 if (ni != NULL) 1209 ni->ni_fails++; 1210 ieee80211_begin_scan(ifp); 1211 break; 1212 } 1213 break; 1214 case IEEE80211_S_AUTH: 1215 if (ostate == IEEE80211_S_RUN) 1216 ieee80211_check_wpa_supplicant_failure(ic, ni); 1217 ni->ni_rsn_supp_state = RSNA_SUPP_INITIALIZE; 1218 if (ic->ic_flags & IEEE80211_F_RSNON) 1219 ieee80211_crypto_clear_groupkeys(ic); 1220 switch (ostate) { 1221 case IEEE80211_S_INIT: 1222 if (ifp->if_flags & IFF_DEBUG) 1223 printf("%s: invalid transition %s -> %s\n", 1224 ifp->if_xname, ieee80211_state_name[ostate], 1225 ieee80211_state_name[nstate]); 1226 break; 1227 case IEEE80211_S_SCAN: 1228 IEEE80211_SEND_MGMT(ic, ni, 1229 IEEE80211_FC0_SUBTYPE_AUTH, 1); 1230 break; 1231 case IEEE80211_S_AUTH: 1232 case IEEE80211_S_ASSOC: 1233 switch (mgt) { 1234 case IEEE80211_FC0_SUBTYPE_AUTH: 1235 if (ic->ic_opmode == IEEE80211_M_STA) { 1236 IEEE80211_SEND_MGMT(ic, ni, 1237 IEEE80211_FC0_SUBTYPE_AUTH, 1238 IEEE80211_AUTH_OPEN_REQUEST); 1239 } 1240 break; 1241 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1242 /* ignore and retry scan on timeout */ 1243 break; 1244 } 1245 break; 1246 case IEEE80211_S_RUN: 1247 timeout_del(&ic->ic_bgscan_timeout); 1248 ic->ic_bgscan_fail = 0; 1249 ieee80211_stop_ampdu_tx(ic, ni, mgt); 1250 ieee80211_ba_del(ni); 1251 switch (mgt) { 1252 case IEEE80211_FC0_SUBTYPE_AUTH: 1253 IEEE80211_SEND_MGMT(ic, ni, 1254 IEEE80211_FC0_SUBTYPE_AUTH, 2); 1255 ic->ic_state = ostate; /* stay RUN */ 1256 break; 1257 case IEEE80211_FC0_SUBTYPE_DEAUTH: 1258 /* try to reauth */ 1259 IEEE80211_SEND_MGMT(ic, ni, 1260 IEEE80211_FC0_SUBTYPE_AUTH, 1); 1261 break; 1262 } 1263 break; 1264 } 1265 break; 1266 case IEEE80211_S_ASSOC: 1267 switch (ostate) { 1268 case IEEE80211_S_INIT: 1269 case IEEE80211_S_SCAN: 1270 case IEEE80211_S_ASSOC: 1271 if (ifp->if_flags & IFF_DEBUG) 1272 printf("%s: invalid transition %s -> %s\n", 1273 ifp->if_xname, ieee80211_state_name[ostate], 1274 ieee80211_state_name[nstate]); 1275 break; 1276 case IEEE80211_S_AUTH: 1277 IEEE80211_SEND_MGMT(ic, ni, 1278 IEEE80211_FC0_SUBTYPE_ASSOC_REQ, 0); 1279 break; 1280 case IEEE80211_S_RUN: 1281 ieee80211_stop_ampdu_tx(ic, ni, mgt); 1282 ieee80211_ba_del(ni); 1283 IEEE80211_SEND_MGMT(ic, ni, 1284 IEEE80211_FC0_SUBTYPE_ASSOC_REQ, 1); 1285 break; 1286 } 1287 break; 1288 case IEEE80211_S_RUN: 1289 switch (ostate) { 1290 case IEEE80211_S_INIT: 1291 if (ic->ic_opmode == IEEE80211_M_MONITOR) 1292 break; 1293 case IEEE80211_S_AUTH: 1294 case IEEE80211_S_RUN: 1295 if (ifp->if_flags & IFF_DEBUG) 1296 printf("%s: invalid transition %s -> %s\n", 1297 ifp->if_xname, ieee80211_state_name[ostate], 1298 ieee80211_state_name[nstate]); 1299 break; 1300 case IEEE80211_S_SCAN: /* adhoc/hostap mode */ 1301 case IEEE80211_S_ASSOC: /* infra mode */ 1302 if (ni->ni_txrate >= ni->ni_rates.rs_nrates) 1303 panic("%s: bogus xmit rate %u setup", 1304 __func__, ni->ni_txrate); 1305 if (ifp->if_flags & IFF_DEBUG) { 1306 printf("%s: %s with %s ssid ", 1307 ifp->if_xname, 1308 ic->ic_opmode == IEEE80211_M_STA ? 1309 "associated" : "synchronized", 1310 ether_sprintf(ni->ni_bssid)); 1311 ieee80211_print_essid(ic->ic_bss->ni_essid, 1312 ni->ni_esslen); 1313 rate = ni->ni_rates.rs_rates[ni->ni_txrate] & 1314 IEEE80211_RATE_VAL; 1315 printf(" channel %d", 1316 ieee80211_chan2ieee(ic, ni->ni_chan)); 1317 if (ni->ni_flags & IEEE80211_NODE_HT) 1318 printf(" start MCS %u", ni->ni_txmcs); 1319 else 1320 printf(" start %u%sMb", 1321 rate / 2, (rate & 1) ? ".5" : ""); 1322 printf(" %s preamble %s slot time%s%s%s\n", 1323 (ic->ic_flags & IEEE80211_F_SHPREAMBLE) ? 1324 "short" : "long", 1325 (ic->ic_flags & IEEE80211_F_SHSLOT) ? 1326 "short" : "long", 1327 (ic->ic_flags & IEEE80211_F_USEPROT) ? 1328 " protection enabled" : "", 1329 (ni->ni_flags & IEEE80211_NODE_HT) ? 1330 " HT enabled" : "", 1331 (ni->ni_flags & IEEE80211_NODE_VHT) ? 1332 " VHT enabled" : ""); 1333 } 1334 if (!(ic->ic_flags & IEEE80211_F_RSNON)) { 1335 /* 1336 * NB: When RSN is enabled, we defer setting 1337 * the link up until the port is valid. 1338 */ 1339 ieee80211_set_link_state(ic, LINK_STATE_UP); 1340 ni->ni_assoc_fail = 0; 1341 } 1342 ic->ic_mgt_timer = 0; 1343 ieee80211_set_beacon_miss_threshold(ic); 1344 if_start(ifp); 1345 break; 1346 } 1347 break; 1348 } 1349 return 0; 1350 } 1351 1352 #ifndef __FreeBSD_version 1353 void 1354 ieee80211_rtm_80211info_task(void *arg) 1355 { 1356 struct ieee80211com *ic = arg; 1357 struct ifnet *ifp = &ic->ic_if; 1358 struct if_ieee80211_data ifie; 1359 int s = splnet(); 1360 1361 if (LINK_STATE_IS_UP(ifp->if_link_state)) { 1362 memset(&ifie, 0, sizeof(ifie)); 1363 ifie.ifie_nwid_len = ic->ic_bss->ni_esslen; 1364 memcpy(ifie.ifie_nwid, ic->ic_bss->ni_essid, 1365 sizeof(ifie.ifie_nwid)); 1366 memcpy(ifie.ifie_addr, ic->ic_bss->ni_bssid, 1367 sizeof(ifie.ifie_addr)); 1368 ifie.ifie_channel = ieee80211_chan2ieee(ic, 1369 ic->ic_bss->ni_chan); 1370 ifie.ifie_flags = ic->ic_flags; 1371 ifie.ifie_xflags = ic->ic_xflags; 1372 rtm_80211info(&ic->ic_if, &ifie); 1373 } 1374 1375 splx(s); 1376 } 1377 #endif 1378 1379 void 1380 ieee80211_set_link_state(struct ieee80211com *ic, int nstate) 1381 { 1382 struct ifnet *ifp = &ic->ic_if; 1383 1384 switch (ic->ic_opmode) { 1385 #ifndef IEEE80211_STA_ONLY 1386 case IEEE80211_M_IBSS: 1387 case IEEE80211_M_HOSTAP: 1388 nstate = LINK_STATE_UNKNOWN; 1389 break; 1390 #endif 1391 case IEEE80211_M_MONITOR: 1392 nstate = LINK_STATE_DOWN; 1393 break; 1394 default: 1395 break; 1396 } 1397 if (nstate != ifp->if_link_state) { 1398 #ifdef __FreeBSD_version 1399 if_link_state_change(ifp, nstate); 1400 task_add(systq, &ic->ic_rtm_80211info_task); 1401 #else 1402 ifp->if_link_state = nstate; 1403 if (LINK_STATE_IS_UP(nstate)) 1404 task_add(systq, &ic->ic_rtm_80211info_task); 1405 if_link_state_change(ifp); 1406 #endif 1407 } 1408 } 1409