| Age | Commit message (Collapse) | Author |
|---|
|
The ic_bss is never put into the RB tree.
|
|
There is no need to keep nodes cached with never associated and were
inactive within the last 5 minutes or more. Keeps the node cache pretty
clean in my environment with typical city-center wlan noise.
|
|
Small parts of code for this feature were already present but unused.
A node becomes inactive after not sending or receiving a frame within
5 minutes. Inactive cached nodes (not authenticated or associated) are
automatically cleared from the cache once every hour, making room for
new nodes. If the node cache is full and room must be made for a new node,
clean either a cached node (active or inactive), or an inactive
authenticated or associated node.
Also, do not send de-auth frames to nodes which never authenticated,
and only send a de-auth frame once for a given node.
This part was contributed by Steven Chamberlain, thanks!
Tested by myself, krw@, edd@, Steven Chamberlain, and Markus Schatzl.
ok deraadt@
|
|
and freeing the node. Just in case an interrupt happens to ref the node after
the refcount was checked but before the node is freed.
Tested by several as part of a larger diff.
|
|
Check if the node was already cached first. Duplicate nodes aren't reachable
from the node cache's RB tree, so they leak and mess up node cache accounting.
As more and more nodes leak the global nodes counter keeps increasing,
eventually reaching the limit and hovering there. The system then constantly
tries to clean the node cache, sending de-auth frames to stations in the
process, even if the actual number of associated stations is small.
ok jsg@
|
|
only scanning for networks). These were never put into COLLECT state and
were thus never evicted from the node cache in hostap mode.
ok jsg@
|
|
essentially identical; the only difference being that m_pullup2 is
capable of handling mbuf clusters, but called m_pullup for shorter
lengths (!).
testing dlg@ ok claudio@
|
|
the caller and the function that the function will not fail to allocate
memory and return a NULL pointer. However, m_dup_pkthdr() violates
this contract, making it possible for functions that pass M_WAITOK to
be surprised in ways that hurt.
Fix this by passing the wait flag all the way down the functions that
actually do the allocation for m_dup_pkthdr() so that we won't be
surprised.
man page update forthcoming
ok claudio@
|
|
of nodes, otherwise we'll never actually clean any nodes. Fixes issues with
clients failing too attach because the node cache is completely filled.
ok damien@
|
|
damien@ ok. ports checked by sthen@.
|
|
deraadt@ ok.
|
|
ok damien; committing with miod's permission (src is soft-locked)
|
|
instead of a shallow copy to avoid problems if the mbuf is modified later
(e.g. if the frame is encrypted).
From FreeBSD.
http://marc.info/?l=freebsd-current&m=114168135819304&w=2
http://svn.freebsd.org/viewvc/base?view=revision&revision=156367
ok damien; committing with miod's permission (src is soft-locked)
|
|
explicit_bzero() where required
ok markus mikeb
|
|
ieee80211_node_leave() instead of ieee80211_release_node() which screws
up reference counting and leads to use after free problems elsewhere in the
code. Since ieee80211_node_leave() is only available if hostap support is
compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling
without hostap support (e.g. on ramdisks).
ok deraadt@, damien@
|
|
Bogus chunks pointed out by matthew@ and miod@. No cookies for
marco@ and jasper@.
ok deraadt@ miod@ matthew@ jasper@ macro@
|
|
transition is to INIT, try to not generate management frames if we can
avoid it.
ok damien
|
|
timingsafe_bcmp().
ok deraadt@; committed over WPA.
|
|
the BSS. this is needed by drivers that need to maintain a hardware
table of associated STAs (like ral(4) RT2860).
idea from Nathanael Rensen
|
|
|
|
from NetBSD
|
|
ieee80211_node_leave_rsn() since ieee80211_node_leave_rsn()
calls ic_delete_key() and drivers like ral(4) RT2860 need
a valid associd in their delete_key callbacks.
This affects HostAP mode only.
from Nathanael Rensen.
remove a useless (nested) #ifndef IEEE80211_STA_ONLY while i'm here
|
|
what is not supported as a group cipher, enumerate what is supported.
|
|
otherwise we will panic in ieee80211_add_rsn_body().
this may be the cause of a panic seen by reyk@ though i'm not 100% sure.
|
|
|
|
instead of copying the 802.11 header on the stack and building
the ethernet header directly in the mbuf, build the ethernet
header on the stack directly from the 802.11 header in the
mbuf and copy the ethernet header to the mbuf after stripping
the 802.11 header.
makes the code easier to read/understand, especially, it is
now explicit what is being put in the ether_type field.
diff from Matthew Dempsky (matthew at dempsky dot org)
moved ieee80211_align_mbuf() under #ifdef __STRICT_ALIGNMENT
while i'm here.
|
|
old one.
found after reading a post by Nathanael Rensen to tech@
|
|
as we do not use any field after i_addr4.
slightly modified version of a diff from Matthew Dempsky (matthew at
dempsky dot org), used MIN instead of min.
|
|
sysctl.h was reliant on this particular include, and many drivers included
sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed.
ok deraadt
|
|
and athn are only theoretically interesting. i33380211_node fixes a real
bug in occupied channel detection.
ok damien@
|
|
changed from 16 bytes to 2 bytes.
no binary change
|
|
is received. The creation of a new node is already handled in
ieee80211_recv_probe_resp() when necessary.
This avoids creating empty nodes with wrong channels when beacons
are received on the wrong channel (overlapping channels).
Those empty nodes may also prevent the real node from being
discovered because of ieee80211_find_node_for_beacon() filtering.
This should prevent entries of the form:
nwid "" chan 3 bssid 00:01:02:03:04:05 0dB 54M
in "ifconfig if0 scan" output, like reported by Rivo Nurges.
|
|
packet, copy the key out of it properly.
fixes the problem where only broadcast packets like ipv6 router
advertisements were failing decryption and processing, only after a
rekey.
ok damien@
|
|
|
|
port is valid (keys have been successfully exchanged.)
this avoids dhclient timeouts when wpa is enabled.
|
|
reminded by STeve Andre.
|
|
from Jurjen Oskam.
|
|
call fails. this double-free was introduced with the M_DUP_PKTHRD
to m_dup_pkthdr change that got committed before I had a chance to
review it.
|
|
with m_tag_copy_chain() failures.
Use m_defrag() to eliminate hand rolled defragging of mbufs and
some uses of M_DUP_PKTHDR().
Original diff from thib@, claudio@'s feedback integrated by me.
Tests kevlo@ claudio@, "reads ok" blambert@
ok thib@ claudio@, "m_defrag() bits ok" kettenis@
|
|
|
|
There are cases where the interface can be up but not running, for
instance if the driver's if_init routine fails halfway for whatever
reason (firmware file not found, hardware switch turned off etc...)
This is because in sys/net/if.c, the returned code of the driver
is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set.
netintro(4) does not say anything about values returned by
SIOCSIFFLAGS, so I don't know whether it is the expected behavior
or not.
pointed out by halex@ and jacekm@ who noticed it was possible to
trigger a scan on wpi(4) even when the hardware switch was turned off.
|
|
priority 0. while we are in here make sure we add wi interfaces to group "wlan"
in the same way the net80211 stuff already is.
this makes dhcp multiple default routes useful on laptops.
ok claudio@
|
|
from dhill@
|
|
that do not explicitly state this capability (using flag IEEE80211_C_RAWCTL).
also, perform all the sanity checks on injected raw 802.11 frames earlier
(in ieee80211_output instead of ieee80211_encap).
prevent kernel panics with many drivers when running aircrack-ng.
when/if all drivers are capable, we can remove this C_RAWCTL flag.
|
|
many implementations (including ours) will drop frames with a
TSC equal to 0 (they are considered replayed frames.)
|
|
this prevents an attacker from changing the TTAK (DoS attack) by
sending a frame with a large TSC but with a bad ICV and/or MIC.
now an attacker can only invalidate the cached TTAK.
|
|
of defining it unconditionnaly.
although the HT code is not ready yet, making it compile on
GENERIC kernels will help catch regressions/bugs if any.
|
|
the SA Query Transaction Identifier field is now a 16-bit non-negative
counter value instead of a 128-bit random value.
|
|
field in (Re)Association Requests.
This fixes association with APs refusing non-short-slot-time capable STAs.
This should also prevent the AP we're associating with to disable the use
of short slot time in the BSS as we join.
Fix debug message in recv_assoc_resp() while I'm here (s/reason/status/).
Scary.
Thanks to Adam Emanuel for spotting this.
|
|
add "ifconfig if0 scan" to scan for access points or to list known
stations in Host AP mode.
remove the [-]wmm command while i'm here. QoS is mandatory with
802.11n so there's not much point into making it an option.
fix parsing of the "powersave" command too.
discussed with deraadt@
man page hints from jmc@
display hints from sobrado@
"i like it" cnst@, grange@
|
