summaryrefslogtreecommitdiffstats
path: root/sys/net80211 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Don't bother with background scans while the desired BSSID is fixed.stsp2018-04-291-2/+3
| | | | Patch by Jesper Wallin
* INIT->RUN transitions are valid in monitor mode, so don'tstsp2018-04-291-1/+3
| | | | debug print "invalid transition" to dmesg in this case.
* When starting a background scan, free the nodes table to ensure westsp2018-04-284-11/+20
| | | | | | | | | get an up-to-date view of APs around us. In particular, we need to kick out the AP we are associated to. Otherwise, our current AP might stay cached if it is turned off while we are scanning, and we could end up picking a now non-existent but "good looking" AP over and over. found with and ok phessler@
* Fix WEP key selection in ieee80211_get_txkey().stsp2018-04-281-2/+3
| | | | | | | | The WEP key index is stored in ic_def_txkey. The iGTK ("integrity group key") index is specific to WPA. The previous code happened to always select WEP key index 0 since the iGTK index is not yet used by any driver. ok phessler@
* If ieee80211_encrypt() is passed a key with an unrecognized cipherstsp2018-04-281-3/+2
| | | | | | type then panic immediately instead of silently dropping packets. ok phessler@
* If a wifi driver does not provide an ic_bgscan_start() function there is nostsp2018-04-271-2/+2
| | | | | | point in scheduling ic_bgscan_timeout() since this timeout will find that it has nothing to do. ok phessler pirofti
* Fix WEP.stsp2018-04-271-4/+7
| | | | | | | | | Clear group keys in iee80211_newstate only if we're doing WPA. Otherwise, ieee80211_crypto_clear_groupkeys() will clear WEP keys configured by userland before associating. (All WEP keys are group keys.) ok phessler@ tb@ pirofti@
* Fix the scan loop: We were only looking for an AP once and stoppedstsp2018-04-271-4/+2
| | | | | | scanning if none was found. Accidentally broken in recent ifconfig scan changes by pirofti and me. ok pirofti
* net80211: stub SIOCS80211SCAN, make ifconfig scan instant.pirofti2018-04-264-67/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The following removes the functionality of the SIOCS80211SCAN ioctl. After long discussions with stps@, mpi@, and deraadt@ we decided that this was the correct way of fixing ifconfig scan from blocking the network stack. The kernel will continue scanning in the background and filling the nodes array, but ifconfig scan commands will now basically do just a SIOCG80211ALLNODES and pretty print the array. So the output stays the same but is instant. In fact, when the interface is freshly brought up, if you type fast enough, you can see the array being filled by running multiple ifconfig scans in sequence. The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4) still need it around. But not for long... Another change that this introduces is the fact that ifconfig scan no longer plays with UP and DOWN. If the interface is down it complains and exits. This is needed in order to maintain the nodes list. Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4). Tested by mpi@, landry@, florian@, thanks! OK mpi@.
* remove the background scan timeout on detach, so we don't crash shortlyjmatthew2018-04-201-1/+2
| | | | | | | afterwards. crash reported by Piotr Isajew ok stsp@
* Remove almost unused `flags' argument of suser().mpi2018-02-191-15/+15
| | | | | | | The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field. No objection from millert@, ok tedu@, bluhm@
* convert __inline to inlinephessler2018-02-061-5/+5
| | | | no binary change on amd64
* convert the test if a node support HT (aka, 11n) into an inline function,phessler2018-02-063-6/+17
| | | | | | instead of testing some un-obvious bitfield OK stsp@
* remove extern from function prototypes, remove some variable names, and aphessler2018-02-061-36/+33
| | | | | | left-over kernel malloc feature we don't use. OK deraadt@
* Add a new function hook to struct ieee80211com which wireless driversstsp2018-02-053-12/+35
| | | | | | | | | | | | | can use to process, and then acknowledge or reject, incoming AUTH requests in hostap mode. net80211 accepts an AUTH request from any STA which fits into the node cache. This behaviour doesn't work for devices which have a lower limit on concurrent STAs they can serve, so such drivers need an override. This will be used by our athn(4) USB driver soon. ok kevlo@
* Call if_start() directly to send the EAPOL key.mpi2017-12-211-3/+8
| | | | | | | | | | | | | | | | | | | | Using if_enqueue() here, from interrupt context, might result in the packet beeing enqueued, incorrectly encrypted, on the TX ring. This race has been recently exposed by the re-introduction of the TX mitigation. It exists because the net80211 stack sets IEEE80211_NODE_TXPROT on the node while processing the 3rd message, assuming the answer has already been transmitted. However a CPU returns from if_enqueue() it cannot assume that the send queue is empty. So call if_start() to flush this queue. Encrypting the 4th message of the 4way handshake with the new key breaks WPA handshake as found the hardway by anton@. Race analysed by dlg@, a lot of net80211 inputs and suggetions from stsp@. ok stsp@, dlg@
* My previous commit broke the ramdisk build; fix itstsp2017-12-141-3/+5
|
* Stop printing debug info about stations leaving a wifi network whenstsp2017-12-141-5/+7
| | | | we aren't running in hostap or ibss mode.
* Only trigger background scans while we are in RUN state, and do not updatestsp2017-12-121-9/+11
| | | | | | a node's RSSI info while we are still in INIT state. ok phessler@
* Make ieee80211_chan2ieee() panic if a bogus channel pointer is detected.stsp2017-12-121-9/+3
| | | | ok patrick@
* Make IEEE80211_CHAN_ANYC be a NULL pointer instead of a pointer to 0xffff.stsp2017-12-121-2/+2
| | | | | Should speed up debugging. ok phessler patrick
* Don't dereference IEEE80211_CHAN_ANYC pointer in ieee80211_node_checkrssi().stsp2017-12-121-1/+4
| | | | Problem reported by Gregoire Jadi on bugs@
* Allow interfaces that aren't SCANNALLBAND drivers to benefit from thephessler2017-12-121-9/+10
| | | | | | strongest received signal. OK stsp@
* Fix the behavior of preferring weaker-but-still-good 5Ghz APs overjcs2017-12-121-26/+29
| | | | | | | | | 2Ghz APs because the 5Ghz band is generally less saturated. The previous implementation was dependent upon the order of walking APs. ok stsp
* Omit the PMKID count field from RSN information elements (IE) if the PMKIDstsp2017-12-111-4/+6
| | | | | | | | | list has zero elements and PMKID would be the last field in the RSN IE. This is correct as per 802.11-2012 8.4.2.27.1 and aligns net80211 code with behaviour of bwfm(4) firmware, unblocking further progress in that driver. ok patrick@ phessler@
* Add support for background scanning to net80211 and iwm(4).stsp2017-12-086-56/+309
| | | | | | | | | | The iwm(4) driver will now roam between access points which share an SSID. Use 'ifconfig iwm0 debug' and 'tail -f /var/log/messages' to watch it do so. Tested by several people in various iterations. As usual, let me know if you run into issues. ok phessler deraadt
* Stop reporting WPA and WEP keys back to userland.stsp2017-11-271-24/+8
| | | | | | | The kernel is not a password database; look your wifi keys up elsewhere. Discussed with several. ok phessler@ jca@
* move a function declaration, so the whole net80211 stack can disable wep or wpaphessler2017-11-062-4/+4
| | | | OK stsp@
* Changing nwid on a wifi network means it is a new network, so clear thephessler2017-11-051-1/+4
| | | | | | WPA and WEP configuration. OK pirofti@ stsp@ sthen@
* Kill unused members using forward declaration only types.mpi2017-10-291-3/+1
| | | | Found with ctfconv(1). ok jsg@, guenther@
* Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009.jsg2017-10-272-30/+2
| | | | ok stsp@ kevlo@ jca@
* Move common code to add/remove multicast filters to ieee80211_ioctl(9).mpi2017-10-261-1/+9
| | | | ok jsg@, stsp@
* remove defines for ioctls the kernel doesn't recognisejsg2017-10-241-10/+1
| | | | ok mpi@
* Make ieee80211_classify() available in a header so we can make thepatrick2017-10-212-3/+3
| | | | priority visible to underlying bus protocols like bwfm(4)'s bcdc.
* Add comments which document already fixed WPA attack vectors.stsp2017-10-161-1/+18
|
* When starting a new scan always set the mode to AUTO if the driver scansstsp2017-09-051-2/+3
| | | | | | all bands at once. Fixes a problem where e.g. 5GHz APs were filtered out if we were previously associated to an 11g-only AP. ok mpi@ phessler@
* When selecting the next wireless mode during the scan loop, always selectstsp2017-09-051-2/+4
| | | | | | AUTO mode if the driver scans all bands at once. Otherwise the net80211 layer unnecessarily filters out some of the beacons received by the device. ok phessler@ mpi@ kevlo@
* If a beacon is received in RUN state, reset the management timer.stsp2017-09-041-1/+9
| | | | | | | | | | | | | | | | Some wifi drivers send a probe request if the hardware reports "missed beacon" events. If the AP replies with a probe response it is still servicing us and there is no need to search for a new AP. However, the management timer was not reset if a beacon was received while in RUN state. So the interface watchdog always ended up putting the driver into SCAN state after a missed beacon event, even if the AP did respond to our probe request. Under some conditions this bug would cause spurious disconnects. Problem reported and fix tested by mlarkin@ (Using the management timer in RUN state is a new convention. Before support for missed beacons was added, this timer was only used during the association sequence to handle APs which don't respond to our assoc requests and such.)
* Clear WPA group keys from memory before initiating a key exchangestsp2017-08-183-11/+21
| | | | | | | with an access point. Prevents false positive 'reused group key' warnings in dmesg when re-associating to the same access point. Problem reported by tb@ ok tb@
* Add an entry to dmesg if pairwise WPA keys arrive unexpectedly or if WPAstsp2017-08-173-74/+115
| | | | | | | | | | group keys are being reused. OpenBSD wireless clients will now leave a trail of such events in their message log. There has been increased public scrutiny of WPA's security recently, so I am curious to see if anyone is attempting replay attacks in the wild. ok deraadt
* Compile a debug printf in ieee80211_match_bss() by default, previouslystsp2017-08-041-6/+4
| | | | | | | | guarded by the IEEE80211_DEBUG preprocessor flag. This shows one line per detected AP after a scan, and indicates which APs are considered candidates for association. Shorten the output a bit to fit into 80 columns more likely. ok sthen@
* Remove ieee80211_input_print() which printed information about receivedstsp2017-08-041-70/+1
| | | | | | | frames to dmesg, if debug mode was enabled with ifconfig. This debug output was much too verbose and not actually useful for debugging. tcpdump -y IEEE802_11_RADIO will show the same information. ok sthen@
* Show net80211 state transitions in desmg if 'ifconfig debug' was used.stsp2017-08-041-12/+16
| | | | | | | | | | This information is needed in bug reports. Convert the invalid state transitions from panic() to a printf() which is also guarded by ifconfig debug. There are many races exposed by these panics which should all be fixed. But that will surely take some time, and the panics have now served their purpose. Thanks to everyone who reported these panics being triggered, your help is appreciated.
* Make the kernel panic if an invalid state transition occurs in net80211.stsp2017-07-221-4/+10
| | | | | Triggers on driver bugs such as those which were fixed in rsu(4) recently. ok kevlo@
* Fix length checks in EAPOL key frame parsing.stsp2017-07-221-5/+7
| | | | | Problem reported by Ilja Van Sprundel. ok tb@ kevlo@
* Plug an information leak in ieee80211_node2req().stsp2017-07-192-4/+6
| | | | | Problem reported by Ilja Van Sprundel. ok tb@
* Improve the heuristic which selects 5GHz APs over 2GHz APs.stsp2017-07-191-4/+18
| | | | | | | | | | | | | | | | | | The previous code wasn't quite right: it didn't account for the fact that some drivers don't set ic_max_rssi, and it compared 5GHz APs to a threshold relative to the max RSSI, rather than comparing RSSI on 5GHz relative to RSSI on 2GHz. This heuristic is only used by SCANNALLBAND drivers: iwn(4), iwm(4), wpi(4) In the future the AP selection heuristic should be made more intelligent, e.g. it should take BSS load information in beacons into account. Another open problem is inconsistent representation of RSSI measurement values throughout our drivers and stack. Help is welcome! For now, this hopefully improves AP selection at busy airports. ok sthen@ deraadt@
* Add the definition of IEEE80211_DUR_DS_SHSLOT.kevlo2017-07-021-1/+2
| | | | | | | | | | | From IEEE Std. 802.11-2016, Table 18-5 "ERP characteristics", p. 2332: aSlotTime characteristic: If dont11OperatingClassesRequired is false: Long = 20 us Short = 9 us ok stsp@
* Initialize the link state of a wireless interface to DOWN when thestsp2017-06-201-1/+3
| | | | | | interface is attached to the net80211 layer. Prevents confusion in cases where drivers forget to initialize the link state. ok mpi@ kettenis@
* Add sizes for free for the RSN IEs. Rewrite ieee80211_save_ie() slightlytb2017-06-042-7/+10
| | | | | | to make it more readable. help, many explanations and ok stsp
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.