| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
in case we want WPA2 and they have WPA1 still enabled
|
| |
|
|
| |
OK stsp@
|
| |
|
|
|
|
|
|
| |
Make sure all of the crypto options the AP announces matches what we
would configure. While here, don't switch if the user has specified
a specific BSSID, and the new AP does not match.
OK stsp@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up
OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years
|
| |
|
|
|
|
|
|
|
| |
get an up-to-date view of APs around us. In particular, we need to
kick out the AP we are associated to. Otherwise, our current AP might
stay cached if it is turned off while we are scanning, and we could
end up picking a now non-existent but "good looking" AP over and over.
found with and ok phessler@
|
| |
|
|
|
|
| |
scanning if none was found.
Accidentally broken in recent ifconfig scan changes by pirofti and me.
ok pirofti
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.
The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.
In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.
The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...
Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.
Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).
Tested by mpi@, landry@, florian@, thanks!
OK mpi@.
|
| |
|
|
|
|
| |
instead of testing some un-obvious bitfield
OK stsp@
|
| |
|
|
| |
Problem reported by Gregoire Jadi on bugs@
|
| |
|
|
|
|
| |
strongest received signal.
OK stsp@
|
| |
|
|
|
|
|
|
|
| |
2Ghz APs because the 5Ghz band is generally less saturated.
The previous implementation was dependent upon the order of walking
APs.
ok stsp
|
| |
|
|
|
|
|
|
|
|
| |
The iwm(4) driver will now roam between access points which share an SSID.
Use 'ifconfig iwm0 debug' and 'tail -f /var/log/messages' to watch it do so.
Tested by several people in various iterations.
As usual, let me know if you run into issues.
ok phessler deraadt
|
| |
|
|
|
|
| |
all bands at once. Fixes a problem where e.g. 5GHz APs were filtered out
if we were previously associated to an 11g-only AP.
ok mpi@ phessler@
|
| |
|
|
|
|
|
|
|
|
| |
group keys are being reused. OpenBSD wireless clients will now leave a
trail of such events in their message log.
There has been increased public scrutiny of WPA's security recently, so
I am curious to see if anyone is attempting replay attacks in the wild.
ok deraadt
|
| |
|
|
|
|
|
|
| |
guarded by the IEEE80211_DEBUG preprocessor flag. This shows one line
per detected AP after a scan, and indicates which APs are considered
candidates for association.
Shorten the output a bit to fit into 80 columns more likely.
ok sthen@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous code wasn't quite right: it didn't account for the fact that
some drivers don't set ic_max_rssi, and it compared 5GHz APs to a threshold
relative to the max RSSI, rather than comparing RSSI on 5GHz relative to
RSSI on 2GHz.
This heuristic is only used by SCANNALLBAND drivers: iwn(4), iwm(4), wpi(4)
In the future the AP selection heuristic should be made more intelligent,
e.g. it should take BSS load information in beacons into account.
Another open problem is inconsistent representation of RSSI measurement
values throughout our drivers and stack. Help is welcome!
For now, this hopefully improves AP selection at busy airports.
ok sthen@ deraadt@
|
| |
|
|
|
|
| |
to make it more readable.
help, many explanations and ok stsp
|
| |
|
|
| |
Input, help & ok stsp
|
| |
|
|
|
|
| |
the presence of non-HT nodes in the node cache.
OpenBSD 11n APs will now disable HT protection if it is not necessary.
ok mpi@
|
| |
|
|
|
|
| |
rateset with the AP is calculated only after the association response was
received, which is too late. Fix rates when an AP is selected after a scan.
ok mpi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
associated nodes with particular properties: 11b-only ("non-ERP") nodes,
nodes requiring long slot time, nodes using WPA, nodes not supporting 11n,
nodes currently dozing in powersave state, and nodes with a pending group
key update confirmation.
These counters weren't properly maintained.
There are bugs in the stack where these counters and actual node properties
got out of sync. This is exposed by panics which are supposed to help us
catch such bugs. But these panics don't provide real clues.
Instead of maintaining global counters forcing us to hunt refcounting bugs,
count nodes with the property in question on demand, by iterating over all
nodes and checking their state.
This is cheap since we'll never have more than 100 nodes cached, and none of
the cases where we need such information is in a performance critical path.
Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last
year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also
encountered by my 11n APs ("panic: bogus non-HT station count 0").
tested by Lauri, tb@, and myself
ok mpi@ tb@
|
| |
|
|
|
|
|
| |
The existing code (from damien@) already took care of freeing related buffers
but because block ack state was not reset we were still trying to use these
buffers if the node sent another A-MPDU. This problem only affects 11n hostap.
Fixes kernel crash reported by Timo Myyra on bugs@
|
| |
|
|
|
|
|
|
|
|
| |
clear HT capabilities stored in its node cache object.
A node may switch from 11n mode to 11a/b/g mode.
If we don't clear HT capabilities from the cache the node will
be mistaken as 11n-capable after reassociation.
ok phessler@ mpi@
|
| |
|
|
|
|
| |
Fixes problems with timing of frame transmissions which caused packet loss.
tested by myself and tb@
ok phessler@ mpi@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
For now we flip-flop only between non-member protection and non-HT protection.
Running a HT network without protection would require monitoring environmental
conditions (e.g. foreign beacons) which make HT protection necessary.
The ic_update_htprot driver function becomes optional because it won't be
needed by all drivers. Only call it if the driver has set a function pointer.
ok tb@
|
| |
|
|
|
| |
Return early and do nothing if the node is already in COLLECT state upon
entry to this function.
|
| |
|
|
|
| |
function, not afterwards. Drivers now know whether a joining node supports HT
which helps with setting up state such as which Tx rate to use.
|
| |
|
|
|
|
|
|
|
|
| |
The previous code would disable the AP until next reboot upon MIC failure.
Instead, disable the AP for 60 seconds, as required by the 802.11 standard.
I randomly added a bit of time (up to 120 seconds total) just because we can.
Problem reported by Mathy Vanhoef, thanks!
ok deraadt@
random input reyk@
|
| |
|
|
| |
shaves about 5k off an amd64 GENERIC.MP kernel
|
| |
|
|
|
| |
a slight priority in cases where good matches exist in either band.
ok sthen@
|
| |
|
|
|
| |
bands in a single scan offload request. This will be used by iwm(4) soon.
ok kettenis@, earlier version ok phessler@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
still lingering in the node cache. This could cause an AID to be assigned
twice, once to a newly associated node and once to a different node in
COLLECT cache state (i.e. marked for future eviction from the node cache).
Drivers (e.g. rt2860) may use AIDs to keep track of nodes in firmware
tables and get confused when AIDs aren't unique across the node cache.
The symptom observed with rt2860 were nodes stuck at 1 Mbps Tx rate since
the duplicate AID made the driver perform Tx rate (AMRR) accounting on
the wrong node object.
To find out if a node is associated we now check the node's cache state,
rather than comparing the node's AID against zero. An AID is assigned when
a node associates and it lasts until the node is eventually purged from the
node cache (previously, the AID was made available for re-use when the node
was placed in COLLECT state). There is no need to be stingy with AIDs since
the number of possible AIDs exceeds the maximum number of nodes in the cache.
Problem found by Nathanael Rensen.
Fix written by Nathanael and myself. Tested by Nathanael.
Comitting now to get this change tested across as many drivers as possible.
|
| |
|
|
|
|
|
|
|
|
|
| |
pointers.
These functions have been introduced to abstract some of the MP-
safeness^Wmadness and should be use everywhere.
Prodded by a comment from jsg@.
ok mikeb@, stsp@
|
| |
|
|
|
|
|
| |
moving the ERP code to post-assoc phase. Fixes iwi(4) fatal firmware
errors.
ok stsp@, sobrado@
|
| |
|
|
| |
ok millert@
|
| |
|
|
| |
ok mpi@ millert@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
some subframes or let the sequence number jump up by more than 1 (hard
to tell which it is). We decrease the BA inactivity timeout for quicker
recovery from stalled BA sessions, and add a new timeout which keeps track
of gaps in the subframe sequence number space due to dropped frames.
Gaps expire after 500 msec, the same value FreeBSD uses for their
implementation of this workaround. And Linux uses this trick, too.
This should fix network stalls some people have been seeing in 11n mode.
ok deraadt@
|
| |
|
|
|
| |
in bsd.rd, and might uncover some bugs. Suggested by tedu@ and deraadt@.
ok sthen@ jasper@ deraadt@
|
| |
|
|
|
| |
configure ERP once we are sure about our operation mode against the AP.
ok sthen jasper kettenis deraadt mpi
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial implementation was added by damien@ years ago.
Summary of the changes made in this commit:
- In ieee80211_input(), process A-MPDUs before duplicate detection.
- Don't forget to set ba->ba_ni in ieee80211_recv_addba_req()
so we don't crash in ieee80211_rx_ba_timeout().
- In ieee80211_recv_addba_req(), tweak the logic to deny BlockAck
requests if the driver has no callback for doing so.
- Implement ieee80211_ba_del() which cleans up BlockAck state.
- Increase the minimum and maximum lifetime for BlockAck agrements.
ok mpi@
|
| |
|
|
|
|
|
|
|
| |
This header is only needed because <netinet/if_ether.h> declares a
structure that needs it. But it turns out that <net/if.h> already
includes it as workaround.
A proper solution would be to stop declarting "struct ether_arp"
there. But no driver should need this header.
|
| |
|
|
|
|
|
| |
frames, negotiate HT with the AP, and move the interface into or out of
11n mode accordingly. If running as AP negotiate HT with nodes joining the BSS.
ok deraadt mpi kettenis guenther
|
| |
|
|
|
|
|
|
|
|
|
|
| |
HT operational information sent by 11n APs. These fields reflect the structure
of elements in management frames so that IEEE80211_HTCAP* and IEEE80211_HTOP*
macros designed to operate on frame elements can be used directly to read
or set the fields.
Populate nodes with HT information received in probe responses, probe
requests, and association requests.
ok deraadt mpi phessler kettenis guenther
|
| |
|
|
|
|
|
|
| |
the specific queues are ic_mgtq, ic_pwrsaveq, and ni_savedq. rtw
had its own queue for beacons.
tested by mpi@ and jmc@
ok mpi@
|
| |
|
|
| |
ok stsp mpi
|
| |
|
|
|
|
|
| |
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
| | |
|
| |
|
|
| |
to include that than rdnvar.h. ok deraadt dlg
|
| |
|
|
| |
ok mpi@ kspillner@
|
phessler
stsp
pirofti
jcs
tb
dlg
mpi
gerhard
sthen
deraadt
jsg
tedu