summaryrefslogtreecommitdiffstats
path: root/sys/net80211 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Revised version of 'ifconfig mode' command fix.stsp2019-06-102-41/+51
| | | | | | | | | | The 'mode' command is supposed to force a wireless interface into 11a/b/g/n media mode. This stopped working some time ago, probably during my work on background scanning. Problem spotted by mlarkin@ who noticed that interfaces were using 11g mode while forced to 11b mode. ok phessler, jmatthew (earlier version) relentless testing by krw@
* Revert my "Repair the 'ifconfig mode' command" commit.stsp2019-05-312-57/+26
| | | | | The "recursion in end_scan()" problem is apparently still present in the committed version of the diff (reported by krw@).
* Repair the 'ifconfig mode' command.stsp2019-05-292-26/+57
| | | | | | | | | The 'mode' command is supposed to force a wireless interface into 11a/b/g/n media mode. This stopped working some time ago, probably during my work on background scanning. Problem spotted by mlarkin@ who noticed that interfaces were using 11g mode while forced to 11b mode. ok phessler, jmatthew
* Fix out-of-bounds array access in ieee80211_setbasicrates(); CID 1479607stsp2019-05-211-1/+2
| | | | ok kettenis@
* Fix 'ifconfig nwflags; These flags ended up overlapping with other flagsstsp2019-05-125-23/+32
| | | | | | | | | | | | in ieee80211com's ic_flags because we haven't been paying attention to them (they're not in the same place in the code and hence easy to miss). Move them to a dedicated variable to avoid this problem in the future. Add a new 'stayauth' nwflag which can be set to let net80211 ignore deauth frames. This can be useful when deauth frames are being persistently spoofed by an attacker. Idea from beck@ ok beck@ phessler@
* Show driver name on net80211 scan debug lines.stsp2019-05-111-2/+2
| | | | ok mpi@
* On the transmit path the ethernet and ip headers might not bepatrick2019-05-101-11/+12
| | | | | | | | | | | in contiguous memory. Taking the pointer to the data and simply looking at the IP header by adding an offset can lead to an out- of-bounds access. Make the ieee80211 classify function copy the ethernet and ip header into stack variables to fix it. Fixes a panic for florian@ Discussed with claudio@ ok stsp@
* Removes the KERNEL_LOCK() from bridge(4)'s output fast-path.mpi2019-04-281-5/+5
| | | | | | | | This redefines the ifp <-> bridge relationship. No lock can be currently used across the multiples contexts where the bridge has tentacles to protect a pointer, use an interface index. Tested by various, ok dlg@, visa@
* Use stricter validation checks for A-MPDUs in the net80211 input path.stsp2019-03-291-3/+21
| | | | | | Don't accept A-MPDUs if not in RUN state, and don't accept them from unassociated clients in hostap mode. ok jmatthew@ kevlo@
* fix autojoin for WEP network by actually saving the WEP auth keyphessler2019-03-151-2/+5
| | | | discovered while attempting to autojoin WEP networks
* Improve handling of HT protection for 'mode 11n' hostap.stsp2019-03-013-17/+39
| | | | | | | | | | | | | Consider the mere presence of HTCAP IEs as indicator of 11n support, rather than checking advertised Rx MCS. Fixes some devices being misclassified as 11a/g, causing HT protection to be enabled even though it is not needed. Use CTS-to-self frames for HT protection instead of RTS/CTS. These changes make my athn(4) AR9280 hostap perform much better. ok phessler@
* Pick up the AP's 11g ERP protection setting properly in 11n client mode.stsp2019-03-011-2/+4
| | | | ok phessler@
* Back in 2016 we enabled RTS threshold by default because it apparentlystsp2019-02-271-2/+2
| | | | | | | | | | | helped us on a loaded hackathon wifi network. In 11n mode we are now using a heuristic for this. Disable RTS threshold for all other modes again because it can do more harm than good in many situations. This change may increase Tx throughput in 11a/g modes, though results depend on the driver. Some drivers, e.g. urtwn(4), keep using RTS regardless for unknown reasons and may need to be fixed separately. And we will keep using RTS if the AP enables 11g protection while 11b clients are around.
* Implement support for dynamic RTS threshold in MiRA.stsp2019-02-272-5/+123
| | | | | Improves throughput and latency on 11n networks. Tested by myself, jmc@, jcs@, phessler@, benno@
* Remove 11n support from AMRR. All 11n drivers switched to MiRA long ago.stsp2019-02-241-22/+3
|
* Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.stsp2019-02-197-20/+190
| | | | ok patrick@ mpi@
* Move 802.11n rateset definitions out of MiRA and make them available tostsp2019-01-236-111/+171
| | | | | | | | net80211 and drivers in general. Add ratesets for 'short guard interval' (SGI) rates, and add SGI support to MiRA. SGI is currently only used by iwm(4), and of course internally by bwfm(4) firmware. Ratesets for 11n 40 MHz channels and 11ac will come later. ok mpi@ phessler@
* when removing the currently active network from the join list, disconnectphessler2019-01-181-5/+22
| | | | | | from it as well OK stsp@
* add a len field when we delete an essid from the joinlist. this will havephessler2019-01-183-9/+9
| | | | | | us properly match, instead of hoping we got lucky when selecting it. OK stsp@
* let users automatically use join to connect to any open wifi network.phessler2019-01-183-11/+25
| | | | | | if a known network is visible, always prefer that instead. requested by many, OK stsp@
* Stop processing "no data" frames in ieee80211_input() before decryption.stsp2019-01-151-1/+8
| | | | | | Previously such frames would be counted as decryption failures which is nonsense because they don't carry any data which could be encrypted. Problem analyzed by, and fix developed together with, Lauri Tirkkonen.
* Rename some data frame subtype macros to make the difference betweenstsp2019-01-151-7/+7
| | | | | | "data" and "no data" frames more obvious. These renamed macros aren't actually used anywhere in net80211 yet. cross-checked with 802.11 specs by myself and Lauri Tirkkonen
* MH_ALIGN -> m_align and make the spacing look the same in all three places.claudio2018-11-301-6/+6
| | | | OK bluhm@
* print more details about the join'd networks we have saved when a user runsphessler2018-11-253-3/+59
| | | | | | ifconfig if joinlist OK stsp@
* fix whitespace in debugging functionphessler2018-11-201-6/+6
|
* The first packet received from each AP in each QoS class would bepatrick2018-11-201-2/+6
| | | | | | | | | | | | dropped as the sequence number matches the initial value of the cached last sequence number (zero). On some APs (notably Android WIFI hotspots) this hits the first packet of the WPA2 4-way handshake. This causes connection delays and in some cases connection to the AP fails completely. Initialize the cached last sequence numbers for received packets to an invalid value instead. From Christian Ehrhardt ok gerhard@ stsp@
* Add new routing socket message RTM_80211INFO to provide details ofkrw2018-11-121-1/+16
| | | | | | | | | 802.11 interface state changes (e.g. SSID) to interested parties. Original diff from phessler@. Many suggestions and tweaks from claudio@, stsp@, anton@. ok claudio@ stsp@ anton@ phessler@
* M_LEADINGSPACE() and M_TRAILINGSPACE() are just wrappers forclaudio2018-11-094-8/+8
| | | | | | m_leadingspace() and m_trailingspace(). Convert all callers to call directly the functions and remove the defines. OK krw@, mpi@
* Remove 'reused group key update received' printfs.stsp2018-11-021-16/+6
| | | | | | These have served no useful purpose in practice; all reported instances were legitimate group key retransmissions by the AP, e.g. after laptop suspend. We fixed KRACK long ago; re-used group key messages are nothing to worry about.
* pass around the ess and ni structures we plan to use directly, insteadphessler2018-10-272-20/+18
| | | | | | of rediscovering them (possibly badly). OK stsp@
* clean up accounting of the AUTO_JOIN flag by making sure it is set or clearedphessler2018-10-272-3/+5
| | | | | | based on the state of the joinlist OK stsp@
* don't join to a network where we expect cleartext, and the AP is using cryptophessler2018-10-271-1/+4
| | | | OK stsp@
* Prevent ieee80211_get_txkey() from returning the integrity group temporalstsp2018-09-241-7/+6
| | | | | | | | | | key (IGTK) if a node doesn't have management frame protection (MFP) enabled. The IGTK is not initialized if MFP is disabled, so using it triggers this panic in ieee80211_encrypt(): panic("invalid key cipher 0x%x", k->k_cipher) (As far as I can tell, at present, MFP is never enabled.) Problem reported and fix tested by tj@ on athn(4) hostap
* fix memory leak in ieee80211_end_scan()mestre2018-09-181-1/+2
| | | | OK phessler@ jsg@
* fix memory leaks in ieee80211_add_ess()jsg2018-09-171-3/+7
| | | | ok stsp@ phessler@
* ues the format string for signed ints, for signed intsphessler2018-09-111-3/+3
| | | | reminded by stsp@
* Nuke unused LIST() ieee80211com_head.krw2018-09-112-10/+2
| | | | ok stsp@
* Nuke some trailing spaces that wandered into thekrw2018-09-111-8/+8
| | | | crosshairs.
* With the interface debug flag enabled, print a "score" for each AP wephessler2018-09-111-93/+45
| | | | | | | consider during auto-join. This can help users determine why a specific network was chosen. OK stsp@
* do not immediately set the join'd network, the join command only updatesphessler2018-09-101-3/+1
| | | | | | | | the list. makes /etc/netstart very fast when ran while the interface is up OK stsp@
* fix typo in the length of the essid we want to switch tophessler2018-09-101-2/+2
| | | | found with and OK stsp@
* extract clearing WEP/WPA in ess into helper functionsphessler2018-09-101-29/+29
|
* use the correct essid when switching during the ioctl pathphessler2018-09-101-2/+2
| | | | pointed out by stsp@
* give set_ess a len variable, so we can correctly match the essid we wantphessler2018-09-102-11/+7
| | | | | | to switch to. pointed out by stsp@
* convert the things we save in 'join' into a single ioctl. mixing relatedphessler2018-09-094-53/+164
| | | | | | | | | settings over multiple calls was risky and racy. Pass essid, wpa, and wep paramaters in a single ioctl and process it atomically. no change for 'nwid' users OK stsp@ benno@
* fix whitespacejsg2018-09-061-2/+2
|
* Make 'ifconfig nwid' override 'ifconfig join'.stsp2018-09-013-7/+32
| | | | | | | | | | | | | | | | | | | | | There was no way to override a decision made by join's network selection algorithm (apart from disabling the feature by clearing the join list). Automatic selection is based on heuristics which cannot always guess correctly so we need to provide an override. One specific problem was that if 'nwid foo' and 'nwid bar' were both visible in the scan and only 'nwid foo' was a member of the join list, then there was no way at all to connect to 'nwid bar'. The wireless stack would keep selecting 'nwid foo' instead. 'ifconfig iwm0 nwid bar' command will now disable automatic network selection and force the use of ESSID 'bar'. Any of these commands will re-enable automatic network selection: ifconfig iwm0 -nwid ifconfig iwm0 nwid '' ifconfig iwm0 join some-network-id ok phessler@ deraadt@
* Update AP selection heuristics for auto-join.stsp2018-08-151-76/+178
| | | | | | | | | | | | We now prefer stronger crypto over weaker crypto over none, prefer 5 GHz band with reasonable RSSI, and use RSSI as a tie-breaker with a slight advantage for 5GHz. Candidate APs are now ranked by a score which is calculated based on these attributes. There is likely room for improvements to make these heuristics work well across many different environments, but it's a start. ok phessler@
* Add support for band-steering access points to net80211.stsp2018-08-133-61/+132
| | | | | | | | | | | | | | | | Some access points have a feature called "band steering" where they will try to push clients from 2 GHz channels to 5 GHz channels. If a client sends probe-requests on both 2 GHz and 5GHz channels, and then attempts to authenticate on a 2 GHz channel, such APs will deny authentication and hope that the client will come back on a 5 GHz channel. So if we fail to AUTH for any reason, and if there is a different AP with the same ESSID that we haven't tried yet, try that AP next. Keep trying until no APs are left, and only then continue scanning. APs with support for this feature were provided by Mischa Peters. ok phessler@ mpi@
* Add comment explaining why we read basic MCS set only from beacon/probereq.stsp2018-08-111-1/+6
| | | | requested by mpi@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.