Age | Commit message (Collapse) | Author |
|
OK bluhm@
|
|
ifconfig if joinlist
OK stsp@
|
|
|
|
dropped as the sequence number matches the initial value of the
cached last sequence number (zero). On some APs (notably Android
WIFI hotspots) this hits the first packet of the WPA2 4-way
handshake. This causes connection delays and in some cases
connection to the AP fails completely. Initialize the cached last
sequence numbers for received packets to an invalid value instead.
From Christian Ehrhardt
ok gerhard@ stsp@
|
|
802.11 interface state changes (e.g. SSID) to interested parties.
Original diff from phessler@. Many suggestions and tweaks from
claudio@, stsp@, anton@.
ok claudio@ stsp@ anton@ phessler@
|
|
m_leadingspace() and m_trailingspace(). Convert all callers to call
directly the functions and remove the defines.
OK krw@, mpi@
|
|
These have served no useful purpose in practice; all reported instances were
legitimate group key retransmissions by the AP, e.g. after laptop suspend.
We fixed KRACK long ago; re-used group key messages are nothing to worry about.
|
|
of rediscovering them (possibly badly).
OK stsp@
|
|
based on the state of the joinlist
OK stsp@
|
|
OK stsp@
|
|
key (IGTK) if a node doesn't have management frame protection (MFP) enabled.
The IGTK is not initialized if MFP is disabled, so using it triggers this
panic in ieee80211_encrypt(): panic("invalid key cipher 0x%x", k->k_cipher)
(As far as I can tell, at present, MFP is never enabled.)
Problem reported and fix tested by tj@ on athn(4) hostap
|
|
OK phessler@ jsg@
|
|
ok stsp@ phessler@
|
|
reminded by stsp@
|
|
ok stsp@
|
|
crosshairs.
|
|
consider during auto-join. This can help users determine why a specific
network was chosen.
OK stsp@
|
|
the list.
makes /etc/netstart very fast when ran while the interface is up
OK stsp@
|
|
found with and OK stsp@
|
|
|
|
pointed out by stsp@
|
|
to switch to.
pointed out by stsp@
|
|
settings over multiple calls was risky and racy. Pass essid, wpa, and wep
paramaters in a single ioctl and process it atomically.
no change for 'nwid' users
OK stsp@ benno@
|
|
|
|
There was no way to override a decision made by join's network
selection algorithm (apart from disabling the feature by clearing
the join list). Automatic selection is based on heuristics which
cannot always guess correctly so we need to provide an override.
One specific problem was that if 'nwid foo' and 'nwid bar' were
both visible in the scan and only 'nwid foo' was a member of the
join list, then there was no way at all to connect to 'nwid bar'.
The wireless stack would keep selecting 'nwid foo' instead.
'ifconfig iwm0 nwid bar' command will now disable automatic
network selection and force the use of ESSID 'bar'.
Any of these commands will re-enable automatic network selection:
ifconfig iwm0 -nwid
ifconfig iwm0 nwid ''
ifconfig iwm0 join some-network-id
ok phessler@ deraadt@
|
|
We now prefer stronger crypto over weaker crypto over none, prefer 5 GHz
band with reasonable RSSI, and use RSSI as a tie-breaker with a slight
advantage for 5GHz. Candidate APs are now ranked by a score which is
calculated based on these attributes.
There is likely room for improvements to make these heuristics
work well across many different environments, but it's a start.
ok phessler@
|
|
Some access points have a feature called "band steering" where they
will try to push clients from 2 GHz channels to 5 GHz channels.
If a client sends probe-requests on both 2 GHz and 5GHz channels, and
then attempts to authenticate on a 2 GHz channel, such APs will deny
authentication and hope that the client will come back on a 5 GHz channel.
So if we fail to AUTH for any reason, and if there is a different
AP with the same ESSID that we haven't tried yet, try that AP next.
Keep trying until no APs are left, and only then continue scanning.
APs with support for this feature were provided by Mischa Peters.
ok phessler@ mpi@
|
|
requested by mpi@
|
|
Some APs (Aruba 105) send a bogus basic MCS set in assoc responses
which prevents us from enabling 11n support with those APs, while
these APs still behave as if were were an 11n client which renders
the association unusable.
The basic MSC set is already provided in beacons anyway, and the
802.11 2012 standard says the basic MSC set is reserved in frames
other than beacons (see Table 8-130).
ok mpi@
|
|
Status codes and reason codes are separate things listed in distinct tables.
This debug message made me look at the wrong table and scratch my head.
|
|
auto-join
with feedback from florian and stsp
ok florian@ phessler@ (on previous versions of the diff) stsp@
|
|
Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly
from the ic to make it more obvious where this function is reading from.
nwids are binary data with an explicit length, so treat them as such
instead of treating them like strings.
ok florian phessler
|
|
the nwid. It will not have changed in the meantime.
OK stsp
|
|
the stack doesn't always fill in the paramaters correctly
reported by many
|
|
Should fix a panic with bwfm(4) reported by mlarkin@
ok phessler@
|
|
false so we always selected the first wifi available, not the best
one.
While here shuffle some deck chairs to make it clearer that anything is
better than nothing.
tweak & OK phessler
|
|
in case we want WPA2 and they have WPA1 still enabled
|
|
OK stsp@
|
|
Make sure all of the crypto options the AP announces matches what we
would configure. While here, don't switch if the user has specified
a specific BSSID, and the new AP does not match.
OK stsp@
|
|
magic constant to panic() calls.
ok benno@ henning@ tb@
|
|
This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up
OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years
|
|
OK stsp@
|
|
response in case a lower RSSI is measured for a subsequent beacon.
I have run into a 5Ghz AP which sends beacons with very low Tx power for some
reason, while probe responses are transmitted with reasonable signal strength.
This change ensures such 5GHz APs will be considered as a reasonable choice
during access point selection.
Discussed with sthen@, Patrick Dohman, and others on tech@
ok phessler@ pirofti@
|
|
Patch by Jesper Wallin
|
|
debug print "invalid transition" to dmesg in this case.
|
|
get an up-to-date view of APs around us. In particular, we need to
kick out the AP we are associated to. Otherwise, our current AP might
stay cached if it is turned off while we are scanning, and we could
end up picking a now non-existent but "good looking" AP over and over.
found with and ok phessler@
|
|
The WEP key index is stored in ic_def_txkey. The iGTK ("integrity group key")
index is specific to WPA. The previous code happened to always select WEP key
index 0 since the iGTK index is not yet used by any driver.
ok phessler@
|
|
type then panic immediately instead of silently dropping packets.
ok phessler@
|
|
point in scheduling ic_bgscan_timeout() since this timeout will find that
it has nothing to do.
ok phessler pirofti
|
|
Clear group keys in iee80211_newstate only if we're doing WPA.
Otherwise, ieee80211_crypto_clear_groupkeys() will clear WEP
keys configured by userland before associating.
(All WEP keys are group keys.)
ok phessler@ tb@ pirofti@
|