| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make ieee80211_input_ba() skip one missing frame at the head of the Rx block
ack (BA) window once the rest of the window has filled up with pending frames.
This avoids having to wait for the BA window gap timeout handler to run in
order to make progress in such situations.
Simplify the BA gap timeout handler by deferring the actual flushing of the
BA window buffer to the regular input path. The timeout handler now simply
advances the BA window across any missing frames at the head of the window,
and if_input() is no longer called from the context of this timeout handler.
The window will be flushed once another frame arrives.
Packet loss under streamy traffic conditions and during Rx bursts is reduced.
Much less stuttering, more stable tcpbench, and easier flight in Minecraft.
tested by phessler@, Martin Vahlensieck, jmc@, Uwe Werler, and myself
|
| | |
|
| |
|
|
|
|
| |
reconnect to the AP
OK stsp@
|
| |
|
|
| |
ok phessler benno
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
ifconfig display them in 'scan' output and on the ieee80211 status line if
the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often
turn out to be trivial misconfiguration issues that were previously
hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in
sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wiping the entire cache every time a scan is triggered.
This has benefits for userland programs trying to look at scan results,
and for drivers which don't get a full view from hardware on every scan.
Nodes will still be evicted from the cache in one of several ways:
Add a new way of timing out inactive nodes which don't send a beacon
within 10 scan iterations, for client mode only. This should get rid
of stale APs if we're scanning for some time in a changing environment.
If we fail to associate a few times, the corresponding node is removed.
If net80211 transitions back to INIT state (e.g. because of a
user-initiated configuration change) all nodes are removed.
When a background scan starts all nodes will be removed. This could be
revisited later but has been intentionally left as-is for now.
Tested by myself, jmc@, benno@, procter@ on iwm(4), athn(4) and ral(4).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In particular, add Tx block ack session management to net80211, with
enough funcionality to support Tx aggregation on devices which perform
A-MPDU subframe scheduling in firmware.
Make use of the iwn(4) firmware Tx scheduler to build A-MPDUs.
net80211's QoS support code is now enabled and used by Tx aggregation.
A-MSDU frames inside A-MPDUs have been tested and work in principle.
For now, this feature is disabled because unfair TCP connection sharing
was observed during testing, where bursts of TCP Ack frames for a single
tcpbench(1) connection arriving in A-MSDUs made other TCP connections stall.
Switch off support for A-MSDUs inside A-MPDUs on the Rx side as well.
Tested on iwn chipsets 1000, 4965, 5100, 5300, 2200, 6200, 6205, 6300
(committed version of tested diff has all debug printfs removed)
tests/ok benno kmos mlarkin kevlo
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Consider the mere presence of HTCAP IEs as indicator of 11n support,
rather than checking advertised Rx MCS. Fixes some devices being
misclassified as 11a/g, causing HT protection to be enabled even
though it is not needed.
Use CTS-to-self frames for HT protection instead of RTS/CTS.
These changes make my athn(4) AR9280 hostap perform much better.
ok phessler@
|
| |
|
|
| |
ok patrick@ mpi@
|
| |
|
|
|
|
|
|
| |
net80211 and drivers in general. Add ratesets for 'short guard interval'
(SGI) rates, and add SGI support to MiRA. SGI is currently only used by
iwm(4), and of course internally by bwfm(4) firmware.
Ratesets for 11n 40 MHz channels and 11ac will come later.
ok mpi@ phessler@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some access points have a feature called "band steering" where they
will try to push clients from 2 GHz channels to 5 GHz channels.
If a client sends probe-requests on both 2 GHz and 5GHz channels, and
then attempts to authenticate on a 2 GHz channel, such APs will deny
authentication and hope that the client will come back on a 5 GHz channel.
So if we fail to AUTH for any reason, and if there is a different
AP with the same ESSID that we haven't tried yet, try that AP next.
Keep trying until no APs are left, and only then continue scanning.
APs with support for this feature were provided by Mischa Peters.
ok phessler@ mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some APs (Aruba 105) send a bogus basic MCS set in assoc responses
which prevents us from enabling 11n support with those APs, while
these APs still behave as if were were an 11n client which renders
the association unusable.
The basic MSC set is already provided in beacons anyway, and the
802.11 2012 standard says the basic MSC set is reserved in frames
other than beacons (see Table 8-130).
ok mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up
OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years
|
| |
|
|
|
|
|
|
|
| |
get an up-to-date view of APs around us. In particular, we need to
kick out the AP we are associated to. Otherwise, our current AP might
stay cached if it is turned off while we are scanning, and we could
end up picking a now non-existent but "good looking" AP over and over.
found with and ok phessler@
|
| |
|
|
| |
no binary change on amd64
|
| |
|
|
|
|
| |
instead of testing some un-obvious bitfield
OK stsp@
|
| |
|
|
|
|
| |
left-over kernel malloc feature we don't use.
OK deraadt@
|
| |
|
|
|
|
|
|
|
|
| |
The iwm(4) driver will now roam between access points which share an SSID.
Use 'ifconfig iwm0 debug' and 'tail -f /var/log/messages' to watch it do so.
Tested by several people in various iterations.
As usual, let me know if you run into issues.
ok phessler deraadt
|
| |
|
|
|
|
|
|
|
|
| |
group keys are being reused. OpenBSD wireless clients will now leave a
trail of such events in their message log.
There has been increased public scrutiny of WPA's security recently, so
I am curious to see if anyone is attempting replay attacks in the wild.
ok deraadt
|
| |
|
|
|
|
|
|
|
| |
ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it
currently configured/enabled settings.
Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi
interface is not configured to use WPA (my previous commit attempted to
fix the same problem but didn't make it work in all cases).
ok tb@
|
| |
|
|
|
|
| |
the presence of non-HT nodes in the node cache.
OpenBSD 11n APs will now disable HT protection if it is not necessary.
ok mpi@
|
| |
|
|
|
|
|
| |
A malicious AP could trick clients into connecting to the malicious AP
instead of the desired AP. All frames would then be sent in the clear.
This problem was found and reported by Mathy Vanhoef who also provided
an initial patch which we improved together.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
associated nodes with particular properties: 11b-only ("non-ERP") nodes,
nodes requiring long slot time, nodes using WPA, nodes not supporting 11n,
nodes currently dozing in powersave state, and nodes with a pending group
key update confirmation.
These counters weren't properly maintained.
There are bugs in the stack where these counters and actual node properties
got out of sync. This is exposed by panics which are supposed to help us
catch such bugs. But these panics don't provide real clues.
Instead of maintaining global counters forcing us to hunt refcounting bugs,
count nodes with the property in question on demand, by iterating over all
nodes and checking their state.
This is cheap since we'll never have more than 100 nodes cached, and none of
the cases where we need such information is in a performance critical path.
Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last
year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also
encountered by my 11n APs ("panic: bogus non-HT station count 0").
tested by Lauri, tb@, and myself
ok mpi@ tb@
|
| |
|
|
|
|
|
|
|
|
| |
clear HT capabilities stored in its node cache object.
A node may switch from 11n mode to 11a/b/g mode.
If we don't clear HT capabilities from the cache the node will
be mistaken as 11n-capable after reassociation.
ok phessler@ mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
command to the firmware and waits for confirmation. This command can
fail and there was no way we could recover from such an error.
Allow drivers to return EBUSY from their ic_ampdu_rx_start() handler to
tell the stack not to send a confirmation just yet. The stack provides
functions which the driver can call to accept or refuse the request.
There is no functional change yet. This just shuffles code around so
drivers may insert themselves into the process.
ok mpi@
|
| |
|
|
|
| |
in the node structure. This should be useful for iwm(4) in the future.
ok phessler@
|
| |
|
|
| |
shaves about 5k off an amd64 GENERIC.MP kernel
|
| |
|
|
|
| |
This value seems to be a sweet spot.
testing and ok tb@
|
| | |
|
| |
|
|
|
| |
is asking for it. This timeout should not be required anymore now that krw@'s
hangs are fixed by working around APs which make sequence numbers jump about.
|
| |
|
|
|
|
|
|
| |
than the current 11n BlockAck window. The previous code would be fooled into
moving the window forward and then drop packets until their sequence numbers
catch up with the new window, which can take several minutes.
Fixes traffic stalls observed with Broadcom APs.
ok krw@ tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
ieee80211_node. This way, we can keep track of the ACK policy and echo
it back to the AP as required by the standard. And use the correct bit
flag for the policy -- this code was confused between BlockAck and ADDBA,
both of which have a policy bit but in different places.
Fixes apple airport APs.
tested by tb@, krw@, sthen@, abieber@, and Henrik Friedrichsen
|
| |
|
|
|
|
|
| |
stalled BA sessions observed with iwn(4). We can revisit this later once
the underlying problem in iwn(4) has been found.
Prompted by report from krw@, I could reproduce the issue.
ok krw@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
the AP requests it, though I don't think I've ever seen one that does.
Per the 802.11-2012 spec a value of zero disables the timeout and some
APs seem to have trouble with timeouts forced onto them.
Our behaviour now matches Linux in this regard.
This gets Apple Airport APs somewhat working in 11n mode but there
is still a remaining issue with receiving frames from them.
Doesn't seem to hurt any other APs I've tried.
ok sthen@ mpi@ millert@
|
| |
|
|
| |
ok mpi@ millert@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
some subframes or let the sequence number jump up by more than 1 (hard
to tell which it is). We decrease the BA inactivity timeout for quicker
recovery from stalled BA sessions, and add a new timeout which keeps track
of gaps in the subframe sequence number space due to dropped frames.
Gaps expire after 500 msec, the same value FreeBSD uses for their
implementation of this workaround. And Linux uses this trick, too.
This should fix network stalls some people have been seeing in 11n mode.
ok deraadt@
|
| |
|
|
|
| |
in bsd.rd, and might uncover some bugs. Suggested by tedu@ and deraadt@.
ok sthen@ jasper@ deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial implementation was added by damien@ years ago.
Summary of the changes made in this commit:
- In ieee80211_input(), process A-MPDUs before duplicate detection.
- Don't forget to set ba->ba_ni in ieee80211_recv_addba_req()
so we don't crash in ieee80211_rx_ba_timeout().
- In ieee80211_recv_addba_req(), tweak the logic to deny BlockAck
requests if the driver has no callback for doing so.
- Implement ieee80211_ba_del() which cleans up BlockAck state.
- Increase the minimum and maximum lifetime for BlockAck agrements.
ok mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure 11n features are enabled only if media type is autoselect or 11n.
11n mode uses MCS (modulation & coding scheme) instead of rates like 11a/b/g.
This means we'll have to take the current mode into account and decide whether
to use a rate or an MCS for transmission. Receiving frames on legacy rates
will still work in 11n mode. We just won't be using legacy rates to send
data frames to an STA or AP we negotiated 11n features with.
My initial plan was to grow the ieee80211_rateset structure and treat MCS
just like rates. However, ieee80211_rateset corresponds to rates and xrates
elements in management frames and is copied directly into such elements
so its size cannot change. Thus, MCS stands on its own and corresponds to
elements in management frames related to 11n HT capabilities.
ok deraadt mpi phessler kettenis guenther
|
| |
|
|
|
|
|
|
|
|
|
|
| |
HT operational information sent by 11n APs. These fields reflect the structure
of elements in management frames so that IEEE80211_HTCAP* and IEEE80211_HTOP*
macros designed to operate on frame elements can be used directly to read
or set the fields.
Populate nodes with HT information received in probe responses, probe
requests, and association requests.
ok deraadt mpi phessler kettenis guenther
|
| |
|
|
|
|
|
|
| |
the specific queues are ic_mgtq, ic_pwrsaveq, and ni_savedq. rtw
had its own queue for beacons.
tested by mpi@ and jmc@
ok mpi@
|
| |
|
|
|
|
| |
which have been seen but which haven't otherwise interacted with us), fixing
a problem where old cached nodes are seen when doing a scan.
From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@
|
| |
|
|
|
|
| |
tree and the 80211 nodes need it.
ok henning@, mikeb@
|
| |
|
|
|
| |
so drivers like acx(4) can use that function directly instead of
reimplementing the function again. Requested by kettenis@ long time ago.
|
| |
|
|
|
|
| |
siblings already are. And fix return value of ieee80211_node_decref()
which should be unsigned but was signed.
diff originally from dhill; ok kettenis reyk
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Small parts of code for this feature were already present but unused.
A node becomes inactive after not sending or receiving a frame within
5 minutes. Inactive cached nodes (not authenticated or associated) are
automatically cleared from the cache once every hour, making room for
new nodes. If the node cache is full and room must be made for a new node,
clean either a cached node (active or inactive), or an inactive
authenticated or associated node.
Also, do not send de-auth frames to nodes which never authenticated,
and only send a de-auth frame once for a given node.
This part was contributed by Steven Chamberlain, thanks!
Tested by myself, krw@, edd@, Steven Chamberlain, and Markus Schatzl.
ok deraadt@
|
| |
|
|
|
|
| |
of defining it unconditionnaly.
although the HT code is not ready yet, making it compile on
GENERIC kernels will help catch regressions/bugs if any.
|
| |
|
|
|
| |
the SA Query Transaction Identifier field is now a 16-bit non-negative
counter value instead of a 128-bit random value.
|
| |
|
|
|
|
|
|
|
|
| |
Maintain state for both originator and recipient roles separately.
Do not allocate receive reordering buffer in addba_request().
Test the "initiator" bit in incoming DELBA frames and set it appropriately
in outgoing DELBA frames.
Separate callbacks for Tx/Rx too.
no binary change since all this is #ifdef'ed out.
|
| |
|
|
|
| |
instead of resorting to horrid hacks/casts.
Restore the ieee80211_node structure back to its original state.
|
stsp
phessler
dlg
sthen
mpi
claudio
damien