summaryrefslogtreecommitdiffstats
path: root/sys/net80211/ieee80211_output.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* spellingjsg2021-03-101-3/+3
| | | | ok gnezdo@ semarie@ mpi@
* Fix 802.11 RSN capabilities announced to peers.stsp2020-12-081-3/+12
| | | | | | | | | | | | | | | | | | | | We were echoing back all RSN capabilities announced by our peer, even for features which we don't support. One such feature is Management Frame Protection (MFP). If we announce this capability then the peer sends us encrypted management frames which won't be processed. One symptom of this is that we fail to negotiate block ack with APs that support MFP. Only echo the RSN capabilities which we support, i.e. key replay counters. Handle MFP and PBAR bits here as done elsewhere. Neither of these features is enabled yet at run-time. As far as I can tell, the remaining RSN caps are not supported by drivers (e.g. SPP A-MPDU) or won't be supported (outdated WEP->TKIP transition support). The corresponding bits should always be clear. Problem with 0 input block ack sessions found by sthen@ and robert@ Fix tested by sthen@, robert@, phessler@, and kmos@ ok phessler@ kmos@
* Revert previous; Set the ESS capability bit in assoc requests again.stsp2020-05-191-2/+2
| | | | | | | Association to some access points breaks without the ESS capability bit. Apparently I misunderstood something. Reported by krw@ and tb@
* Do not set the 802.11 ESS capability bit in association requests.stsp2020-05-191-2/+2
| | | | | | | The ESS capability bit should be set if the transmitter is an AP. Association requests are sent by clients. ok jca@
* Properly wrap 802.11 frame sequence numbers when incrementing them.stsp2020-03-061-4/+4
| | | | ok tb@ tobhe@ mpi@
* Do not send any QoS data frames unless Tx aggregation has been negotiated.stsp2020-03-031-10/+7
| | | | | | | | | | Actual QoS support could be added to net80211 in the future, but for now we only use QoS frames for A-MPDU aggregation. Without QoS support, sending non-aggregated QoS frames does not actually buy us anything and makes it harder to look at packet captures and tell whether frames sent by an OpenBSD machine were in fact aggregated or not. Tested on iwn(4) by jmc@, paco@, bket@, paco@, and Lauri Tirkkonen
* Fix an mbuf corruption issue which occurs in net80211 hostap mode.stsp2020-02-181-9/+8
| | | | | | | | | | | | | | | | | | | | | | | When sizing a memory allocation for a probe response frame, the AP used the SSID length stored in the node structure which represents the client, but used the actual length of the SSID when copying it into the frame. If the actual length is sufficiently large this will result in corruption of an adjacent mbuf on the free list since m->m_next will be overwritten with data written to the tail of the probe response frame. Bad things happen later on when the adjacent mbuf is used. Sometimes the corruption is detected by mbufpl's use-after-free checking, at other times we end up crashing somewhere in the network stack. To prevent such a mistake from occuring again I am removing the 'ni' argument from ieee80211_get_probe_resp() altogether. It is not needed. A quick workaround is to configure a short SSID. Debugged with help from claudio, kettenis, and dlg. ok claudio
* Add support for 802.11n Tx aggregation to net80211 and the iwn(4) driver.stsp2019-07-291-14/+171
| | | | | | | | | | | | | | | | | | | In particular, add Tx block ack session management to net80211, with enough funcionality to support Tx aggregation on devices which perform A-MPDU subframe scheduling in firmware. Make use of the iwn(4) firmware Tx scheduler to build A-MPDUs. net80211's QoS support code is now enabled and used by Tx aggregation. A-MSDU frames inside A-MPDUs have been tested and work in principle. For now, this feature is disabled because unfair TCP connection sharing was observed during testing, where bursts of TCP Ack frames for a single tcpbench(1) connection arriving in A-MSDUs made other TCP connections stall. Switch off support for A-MSDUs inside A-MPDUs on the Rx side as well. Tested on iwn chipsets 1000, 4965, 5100, 5300, 2200, 6200, 6205, 6300 (committed version of tested diff has all debug printfs removed) tests/ok benno kmos mlarkin kevlo
* Fix 'ifconfig nwflags; These flags ended up overlapping with other flagsstsp2019-05-121-3/+4
| | | | | | | | | | | | in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future. Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@ ok beck@ phessler@
* On the transmit path the ethernet and ip headers might not bepatrick2019-05-101-11/+12
| | | | | | | | | | | in contiguous memory. Taking the pointer to the data and simply looking at the IP header by adding an offset can lead to an out- of-bounds access. Make the ieee80211 classify function copy the ethernet and ip header into stack variables to fix it. Fixes a panic for florian@ Discussed with claudio@ ok stsp@
* MH_ALIGN -> m_align and make the spacing look the same in all three places.claudio2018-11-301-6/+6
| | | | OK bluhm@
* My previous commit broke the ramdisk build; fix itstsp2017-12-141-3/+5
|
* Stop printing debug info about stations leaving a wifi network whenstsp2017-12-141-5/+7
| | | | we aren't running in hostap or ibss mode.
* Omit the PMKID count field from RSN information elements (IE) if the PMKIDstsp2017-12-111-4/+6
| | | | | | | | | list has zero elements and PMKID would be the last field in the RSN IE. This is correct as per 802.11-2012 8.4.2.27.1 and aligns net80211 code with behaviour of bwfm(4) firmware, unblocking further progress in that driver. ok patrick@ phessler@
* Make ieee80211_classify() available in a header so we can make thepatrick2017-10-211-2/+1
| | | | priority visible to underlying bus protocols like bwfm(4)'s bcdc.
* Remove global counters from struct ieee80211com which track the number ofstsp2017-02-021-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | associated nodes with particular properties: 11b-only ("non-ERP") nodes, nodes requiring long slot time, nodes using WPA, nodes not supporting 11n, nodes currently dozing in powersave state, and nodes with a pending group key update confirmation. These counters weren't properly maintained. There are bugs in the stack where these counters and actual node properties got out of sync. This is exposed by panics which are supposed to help us catch such bugs. But these panics don't provide real clues. Instead of maintaining global counters forcing us to hunt refcounting bugs, count nodes with the property in question on demand, by iterating over all nodes and checking their state. This is cheap since we'll never have more than 100 nodes cached, and none of the cases where we need such information is in a performance critical path. Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also encountered by my 11n APs ("panic: bogus non-HT station count 0"). tested by Lauri, tb@, and myself ok mpi@ tb@
* In a comment inside ieee80211_up_to_ac(), update a reference sectionstsp2017-01-311-2/+2
| | | | number from the 802.11-2007 standard to the 802.11-2012 standard.
* When telling clients which EDCA parameters to use, copy these parametersstsp2017-01-311-3/+3
| | | | | from the client parameter set, rather than from the AP parameter set. ok mpi@
* Enable ieee80211_edca_table, which was under #if 0. This table can be usedstsp2017-01-301-4/+2
| | | | | | by drivers to pass default EDCA parameters to firmware instead of passing local hardcoded values. ok millert@
* Make the net80211 stack send EDCA parameters to the driver in hostap mode.stsp2017-01-091-2/+2
| | | | | | Fixes problems with timing of frame transmissions which caused packet loss. tested by myself and tb@ ok phessler@ mpi@ tb@
* When acting as 11n hostap, send Microsoft WME parameters to clients sostsp2017-01-091-4/+7
| | | | | that Linux clients will decide to use 11n mode. ok phessler@
* Fix ieee80211_add_htop(), which is not yet called in active code paths.stsp2017-01-091-3/+4
| | | | | | | It was creating a corrupt beacon element by ommitting one byte. Fix this and fill the element with actual data from the ic_bss node instead of filling it with zeroes, allowing future 11n hostap to announce the current HT protection mode correctly.
* Call if_enqueue() and if_start() instead of dereferencing the ifpmpi2016-04-121-2/+2
| | | | | | | | | | | pointers. These functions have been introduced to abstract some of the MP- safeness^Wmadness and should be use everywhere. Prodded by a comment from jsg@. ok mikeb@, stsp@
* Define EDCA tables for 11n mode. Per 802.11-2012 they are the same asstsp2016-02-051-1/+53
| | | | | | | | | | | the tables for 11a/11g modes. Add a function to append a Microsoft WME parameter element to a frame, using EDCA tables to construct the parameter records. Some 11n AP's I have observed provide this element. None of this code is used yet, so no functional change. I wrote this while debugging BlockAck and then realized it was only needed for hostap mode. Once we support 11n in hostap mode and send A-MPDUs, this code will be needed.
* Store ADDBA request and response parameters in the block ack record ofstsp2016-02-051-10/+5
| | | | | | | | | | | ieee80211_node. This way, we can keep track of the ACK policy and echo it back to the AP as required by the standard. And use the correct bit flag for the policy -- this code was confused between BlockAck and ADDBA, both of which have a policy bit but in different places. Fixes apple airport APs. tested by tb@, krw@, sthen@, abieber@, and Henrik Friedrichsen
* Fix the timeout value sent in ADDBA request and response frames.stsp2016-01-211-3/+3
| | | | | ba_timeout_val is in usec so we must divide by TU when copying it to the frame. ok kettenis@ millert@
* Remove wireless turbo mode support. It is a non-standard extensionstsp2016-01-121-14/+1
| | | | | | which only worked with ath(4) devices from a decade ago. Diff tested on ath(4) hardware by me to verify that 11a/b modes still work. ok reyk deraadt chris sthen kettenis
* Initialize the A-MPDU parameters field in HT capability elements.stsp2016-01-061-2/+2
| | | | ok kettenis@
* Remove the IEEE80211_NO_HT macro. Reduces ifdef spaghetti, enables 11n modestsp2016-01-051-23/+1
| | | | | in bsd.rd, and might uncover some bugs. Suggested by tedu@ and deraadt@. ok sthen@ jasper@ deraadt@
* Fix another case where the return value of ieee80211_chan2mode() wasstsp2016-01-041-3/+2
| | | | | used for indexing something other than ic_sup_rates. Should have been part of earlier commit.
* ADDBA frames have a parameter set which we check against our own capabilitiesstsp2016-01-041-2/+6
| | | | | | but we were checking bits in these parameters with the wrong set of bitmasks. Negotiating A-MPDUs with some APs failed because of this bug. ok kettenis@
* 11n/HT negotiation fixes:stsp2015-12-121-7/+32
| | | | | | | | | | | | Some APs will not negotiate HT if the vendor-specific WME info element is missing in probe and association requests, so add one. Fix the wrong flag (NODE_HT) being checked to determine whether 11n related elements should be included in management frames. If 11n mode is enabled (F_HTON flag) we can always include 11n related elements in management frames. ok mpi@
* No need to include <net/if_types.h> for <net/if_vlan_var.h>mpi2015-11-241-2/+1
|
* Declare 802.11n mode and channel flags. Tweak 11n related fields in structstsp2015-11-151-3/+9
| | | | | | | ieee80211com and move them inside #ifndef IEEE80211_NO_HT without breaking the build in rsu(4) for RAMDISK_CD. Also declare 11n protection modes and MCS count. ok deraadt mpi kettenis guenther
* Update section and table numbers inside comments in the RSN code tostsp2015-11-081-3/+3
| | | | | the 802.11-2012 standard. ok mpi@
* replace the ifqueues in net80211 with mbuf_queues.dlg2015-11-041-15/+9
| | | | | | | | the specific queues are ic_mgtq, ic_pwrsaveq, and ni_savedq. rtw had its own queue for beacons. tested by mpi@ and jmc@ ok mpi@
* m_freem() can handle NULL, do not check for this condition beforehands.deraadt2015-07-151-5/+3
| | | | ok stsp mpi
* Rename if_output() into if_enqueue() to avoid confusion with commentsmpi2015-06-301-2/+2
| | | | | | talking about (*ifp->if_output)(). ok claudio@, dlg@
* Use if_output() instead of rerolling it.mpi2015-05-261-27/+3
| | | | ok stsp@
* Remove some includes include-what-you-use claims don'tjsg2015-03-141-2/+1
| | | | | | | have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
* unifdef some more INET. v4 4life.tedu2014-12-231-7/+1
|
* remove uneeded proc.h includesjsg2014-09-141-2/+1
| | | | ok mpi@ kspillner@
* Fewer <netinet/in_systm.h> !mpi2014-07-221-2/+1
|
* Stop abusing the rcvif pointer to pass wireless nodes down to thempi2014-03-191-12/+11
| | | | | | | | | | driver start routines. Instead add & use a pointer in the pkthdr since we don't want the overhead of using a mbuf_tags(9). claudio@ pointed out that other subsystems might want to use this pointer too, so here's a new cookie! ok claudio@, mikeb@, deraadt@
* #if 0 out the ieee80211_edca_table table to appease the LLVM warning.brad2013-12-071-1/+3
| | | | | | ieee80211_output.c:311:5: error: unused variable 'ieee80211_edca_table' [-Werror,-Wunused-const-variable] ok stsp@
* use the correct block ack structure when building an ADDBA response.damien2010-07-171-2/+2
|
* fix prev commit (s/ic_flags/ic_caps/).damien2009-05-241-2/+2
| | | | from dhill@
* prevent injection of raw 802.11 control frames through bpf on driversdamien2009-05-191-9/+14
| | | | | | | | | that do not explicitly state this capability (using flag IEEE80211_C_RAWCTL). also, perform all the sanity checks on injected raw 802.11 frames earlier (in ieee80211_output instead of ieee80211_encap). prevent kernel panics with many drivers when running aircrack-ng. when/if all drivers are capable, we can remove this C_RAWCTL flag.
* sync with 802.11w draft 8.0.damien2009-03-261-3/+5
| | | | | the SA Query Transaction Identifier field is now a 16-bit non-negative counter value instead of a 128-bit random value.
* Fix setting of the Short Slot Time subfield of the Capability Informationdamien2009-03-061-3/+2
| | | | | | | | | | | field in (Re)Association Requests. This fixes association with APs refusing non-short-slot-time capable STAs. This should also prevent the AP we're associating with to disable the use of short slot time in the BSS as we join. Fix debug message in recv_assoc_resp() while I'm here (s/reason/status/). Scary. Thanks to Adam Emanuel for spotting this.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.