| Age | Commit message (Collapse) | Author |
|---|
|
When sizing a memory allocation for a probe response frame, the AP used
the SSID length stored in the node structure which represents the client,
but used the actual length of the SSID when copying it into the frame.
If the actual length is sufficiently large this will result in corruption
of an adjacent mbuf on the free list since m->m_next will be overwritten
with data written to the tail of the probe response frame.
Bad things happen later on when the adjacent mbuf is used. Sometimes
the corruption is detected by mbufpl's use-after-free checking, at
other times we end up crashing somewhere in the network stack.
To prevent such a mistake from occuring again I am removing the 'ni'
argument from ieee80211_get_probe_resp() altogether. It is not needed.
A quick workaround is to configure a short SSID.
Debugged with help from claudio, kettenis, and dlg.
ok claudio
|
|
reconnect to the AP
OK stsp@
|
|
immediately instead of waiting to (randomly) switch away and switch
back.
Found by martijn@
OK stsp@
|
|
that will also trigger background scans, remain with the current AP.
Avoids ping-pong in environments where APs are tuned for low transmit
range, such as 36c3.
ok phessler benno
|
|
ok phessler benno
|
|
ok phessler
|
|
Some peers will eagerly try to negotiate block ack (asking us to reserve
buffer space) before they are done authenticating themselves. No thanks.
Just let them try again later.
ok mpi@
|
|
as well as pulling frames off the Rx block ack reordering queue, when
an incoming frame above the current seqnum window forces us to slide
the window forward, potentially losing frames within the old window.
Leaving the seqnum window out of sync with the queue would cause needlessly
long stalls in traffic until the window moved again for some other reason.
Problem observed on lossy wifi whenever netstat -W indicated an increasing
"input block ack window slides" counter. With this fix, stalled frames can
be observed only for a relatively short amount of time whenever one or more
frames in the current window are lost.
ok mpi@
|
|
Firmware-based Tx retries were disabled when it was found that MiRA
makes better choices while probing with a constant Tx retry rate.
Before that change, high Tx rates looked better than they actually
were. The change resulted in less retries and thus higher throughput
because a lower, but actually working, initial Tx rate eventually
became the preferred choice.
However, disallowing retries at lower rates also resulted in increased
amounts of observable packet loss, especially while the connection to
the AP was still fresh and bad Tx rates had not been discovered yet.
To get the best of both worlds, use a constant Tx rate for retries while
MiRA is probing and otherwise allow firmware fallback to lower rates.
tested by Tracey Emery, pamela, jasper, and myself, on 7265/8265/9260
|
|
|
|
by an ioctl if the driver had not yet initialized the channel map.
Crash reported by nayden@
ok sthen@
|
|
From now on, this behaviour must be explicitly enabled with ifconfig join "".
ok sthen jcs deraadt
|
|
the next selection of networks from the join list. Prevents endless
attempts to connect to an AP which is out of reach but still somehow
manages to get a beacon or two across to us during scan.
Tested with wifi networks at the University of Bucharest.
Makes switching wifi networks possible after walking to a different
room without having to down/up the interface or suspend/resume.
ok phessler@
|
|
This will update the list of cached APs for future invocations of the
'scan' command, and will force a search for a better AP to roam to.
ok sthen@ phessler@
|
|
ok mpi@
|
|
to APs that are relatively far away and suffer some packet loss.
The former threshold was 7 beacons (about 700 ms).
This raises the threshold to 30 beacons (about 3 seconds).
Should still be good enough for detecting APs that have disappeared, and
makes wifi networks provided by the University of Bucharest more reliable
in the p2k19 hackroom.
While here, make 'ifconfig iwm0/iwn0 debug' print an obvious message when
we believe that the AP has disappeared.
Problem reported and fix tested by landry@ / pirofti@
ok mpi@ sthen@
|
|
This helps a bit in situations where a single AP is used and background scans
are causing packet loss, as seen with Jesper Wellin's Broadcom-based AP and my
Android phone in hotspot mode. This is not a proper fix but our background scan
frequency against a single AP was much higher than needed anyway.
Tested by jan, job, benno, Tracey Emery, Jesper Wallin
|
|
which we only send if an SSID is already configured. Thus a
scan only creates beacons. Especially on bwfm(4) only beacons
frames are faked, there are no probe responses. When a node
first is created, ni_rssi is 0, which is always smaller than
rxi_rssi, and it wil never be set for nodes on 5 GHz. Thus we
should always set ni_rssi if it is 0.
Tested by jan@ tobhe@
ok stsp@ deraadt@
|
|
PS-poll and BA-req frames are in fact being processed.
Do not count such frames as discarded control frames.
OK phessler kn mpi
|
|
AP on a new channel. Not doing so leads to a disconnect because AP
messages on the new channel are ignored.
|
|
This reduces drops caused by the ifq pressure drop mechanism and hence
increases throughput. Such drops are visible with e.g. 'netstat -dnI iwm0'.
Not all affected drivers have been tested yet but these changes are largely
mechanical and should be safe. As usual, please report any regressions.
With help from dlg@ and mpi@
Problem found by robert@
Tested by robert, jmc, Tracey Emer, Matthias Schmidt, florian, Björn Ketelaars
ok mpi@
|
|
ifconfig display them in 'scan' output and on the ieee80211 status line if
the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often
turn out to be trivial misconfiguration issues that were previously
hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in
sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
|
are in media autoselect mode.
The interface might have been switched to a fixed PHY mode during association
and keeping it fixed will mislead AP selection after roaming failure.
Problem found and diagnosed at CCC camp 2019
Tested by myself, fkr@, chris@
|
|
Prevents WPA APs from appearing as non-WPA APs to the AP selection logic.
The decision whether or not to parse the IE was made as a side-effect
of a check for the highest mutually supported version of WPA.
We can safely assume that all our drivers support WPA versions <= 2
and parse the IE regardless of whether WPA is currently active or not.
ok mpi@
|
|
wiping the entire cache every time a scan is triggered.
This has benefits for userland programs trying to look at scan results,
and for drivers which don't get a full view from hardware on every scan.
Nodes will still be evicted from the cache in one of several ways:
Add a new way of timing out inactive nodes which don't send a beacon
within 10 scan iterations, for client mode only. This should get rid
of stale APs if we're scanning for some time in a changing environment.
If we fail to associate a few times, the corresponding node is removed.
If net80211 transitions back to INIT state (e.g. because of a
user-initiated configuration change) all nodes are removed.
When a background scan starts all nodes will be removed. This could be
revisited later but has been intentionally left as-is for now.
Tested by myself, jmc@, benno@, procter@ on iwm(4), athn(4) and ral(4).
|
|
This assignment to ic_curmode is redundant because it already occurs
inside ieee80211_setmode(), and channel information in selbs and ni
is equivalent after node_copy().
ok mpi@ kevlo@
|
|
offload, it needn't be. the stack must otherwise rely on every
offloading driver correctly handling all frames governed by a
given key.
ok stsp@
|
|
In particular, add Tx block ack session management to net80211, with
enough funcionality to support Tx aggregation on devices which perform
A-MPDU subframe scheduling in firmware.
Make use of the iwn(4) firmware Tx scheduler to build A-MPDUs.
net80211's QoS support code is now enabled and used by Tx aggregation.
A-MSDU frames inside A-MPDUs have been tested and work in principle.
For now, this feature is disabled because unfair TCP connection sharing
was observed during testing, where bursts of TCP Ack frames for a single
tcpbench(1) connection arriving in A-MSDUs made other TCP connections stall.
Switch off support for A-MSDUs inside A-MPDUs on the Rx side as well.
Tested on iwn chipsets 1000, 4965, 5100, 5300, 2200, 6200, 6205, 6300
(committed version of tested diff has all debug printfs removed)
tests/ok benno kmos mlarkin kevlo
|
|
by actually overwriting the relevant bits in ni_htop1.
ok tedu@ phessler@ kettenis@
|
|
Fixes stalling TCP connections on wifi in some situations.
testing jmatthew@, jmc@, Bruno Flueckiger, Micah Muer, Matthias Schmidt
|
|
The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.
ok phessler, jmatthew (earlier version)
relentless testing by krw@
|
|
The "recursion in end_scan()" problem is apparently still present in
the committed version of the diff (reported by krw@).
|
|
The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.
ok phessler, jmatthew
|
|
ok kettenis@
|
|
in ieee80211com's ic_flags because we haven't been paying attention to
them (they're not in the same place in the code and hence easy to miss).
Move them to a dedicated variable to avoid this problem in the future.
Add a new 'stayauth' nwflag which can be set to let net80211 ignore
deauth frames. This can be useful when deauth frames are being
persistently spoofed by an attacker. Idea from beck@
ok beck@ phessler@
|
|
ok mpi@
|
|
in contiguous memory. Taking the pointer to the data and simply
looking at the IP header by adding an offset can lead to an out-
of-bounds access. Make the ieee80211 classify function copy the
ethernet and ip header into stack variables to fix it.
Fixes a panic for florian@
Discussed with claudio@
ok stsp@
|
|
This redefines the ifp <-> bridge relationship. No lock can be
currently used across the multiples contexts where the bridge has
tentacles to protect a pointer, use an interface index.
Tested by various, ok dlg@, visa@
|
|
Don't accept A-MPDUs if not in RUN state, and don't accept them from
unassociated clients in hostap mode.
ok jmatthew@ kevlo@
|
|
discovered while attempting to autojoin WEP networks
|
|
Consider the mere presence of HTCAP IEs as indicator of 11n support,
rather than checking advertised Rx MCS. Fixes some devices being
misclassified as 11a/g, causing HT protection to be enabled even
though it is not needed.
Use CTS-to-self frames for HT protection instead of RTS/CTS.
These changes make my athn(4) AR9280 hostap perform much better.
ok phessler@
|
|
ok phessler@
|
|
helped us on a loaded hackathon wifi network. In 11n mode we are now
using a heuristic for this. Disable RTS threshold for all other modes
again because it can do more harm than good in many situations.
This change may increase Tx throughput in 11a/g modes, though results depend
on the driver. Some drivers, e.g. urtwn(4), keep using RTS regardless for
unknown reasons and may need to be fixed separately. And we will keep using
RTS if the AP enables 11g protection while 11b clients are around.
|
|
Improves throughput and latency on 11n networks.
Tested by myself, jmc@, jcs@, phessler@, benno@
|
|
|
|
ok patrick@ mpi@
|
|
net80211 and drivers in general. Add ratesets for 'short guard interval'
(SGI) rates, and add SGI support to MiRA. SGI is currently only used by
iwm(4), and of course internally by bwfm(4) firmware.
Ratesets for 11n 40 MHz channels and 11ac will come later.
ok mpi@ phessler@
|
|
from it as well
OK stsp@
|
|
us properly match, instead of hoping we got lucky when selecting it.
OK stsp@
|
|
if a known network is visible, always prefer that instead.
requested by many, OK stsp@
|
