| Age | Commit message (Collapse) | Author |
|---|
|
ok stsp
|
|
This should make fading APs time out consistently regardless of what the
beacon interval is set to (range is 1 to 2^16 TU, though in practice 100 TU
seems to be a common value).
Print the beacon interval and missed beacon counter threshold to dmesg
if the DEBUG flag was set on the wireless interface with ifconfig(8).
This should help with diagnosing any issues that pop up.
Requested and diff eye-balled by kettenis@
help & ok tb@ phessler@
|
|
which specified how much time may elapse without beacons before drivers
begin searching for a new AP.
Drivers convert this timeout value into the amount of beacons they're allowed
to miss. Having the stack provide this number upfront simplifies things.
ok mpi@
|
|
Instead of returning an index into ni_rates, return the RVAL of the
basic rate we want to use. This allows a driver to unambiguously map
the basic rate to the corresponding hardware-specific rate value, and
reduces the possibility of bugs where indices are used with arrays
they weren't intended for.
Adjust iwn(4) accordingly, and use the lowest instead of the highest
basic rate in iwn_tx() to cope better in noisy environments.
Fixes association problems on 5GHz reported by tb@
|
|
These helpers can be used by drivers to improve compatibility with APs
that disable some mandatory PHY rates in the basic rate set.
For instance, many of our drivers hard-code 11b rates on 2 Ghz and run
into problems when APs disable them. Since 11b rates are being disabled
by default by some vendors, hardcoding them is not a good idea anymore.
ok mpi@ phessler@
|
|
of whether the wifi interface happens to be leaving RUN state. The interface
is never usable during state transitions so setting the link DOWN is the only
reasonable option when any transition is triggered.
Fixes a problem where, at boot time, the link state of wifi interfaces was
reported to userland as UNKNOWN (which, curiously, has value 0). dhclient's
link detection logic was recently changed from ifmedia to getifaddrs which
exposed the UNKOWN link state. Since dhclient assumes an UNKNOWN link state
means UP it would start trying to negotiate a lease too early during boot.
Problem reported by tb@
ok krw@
|
|
OK stsp@
|
|
If an AP is configured to hide its SSID it sends a non-zero length SSID
which contains only zeroes. The AP sends its actual SSID only in probe
responses after a client includes this SSID in a probe request.
If we happened to receive a beacon before the probe response we stored a
non-zero-length SSID of zeroes and never updated the SSID when the probe
response arrived. The client was then unable to find the AP.
test & ok jung@
|
|
Problem reported by Colton Lewis on misc@
ok tb@
|
|
constants.
The consensus is that if both operands are constant, we don't need
mallocarray. Reminded by tedu@
ok deraadt@
|
|
ok deraadt@
|
|
ok stsp
|
|
and when a new WEP key is set while WPA is enabled, disable WPA.
Prevents unusable configurations where both WEP and WPA are active
and makes switching between WEP/WPA networks easier.
ok deraadt@ tb@ sthen@
|
|
the interface operates in hostap mode.
test & ok tb@
|
|
ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it
currently configured/enabled settings.
Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi
interface is not configured to use WPA (my previous commit attempted to
fix the same problem but didn't make it work in all cases).
ok tb@
|
|
on the local wifi interface. ifconfig was mistakenly showing the common
supported subset of client and AP, rather than showing the AP's capabilities.
Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means
ifconfig must be recompiled to run on a new kernel.
ok deraadt@ mpi@
|
|
the presence of non-HT nodes in the node cache.
OpenBSD 11n APs will now disable HT protection if it is not necessary.
ok mpi@
|
|
changes I made to my WPA security patch. Affects WPA enterprise only.
Problem found by patrick@
ok sthen@
|
|
No fnuctional change.
|
|
A malicious AP could trick clients into connecting to the malicious AP
instead of the desired AP. All frames would then be sent in the clear.
This problem was found and reported by Mathy Vanhoef who also provided
an initial patch which we improved together.
|
|
ok mpi@
|
|
rateset with the AP is calculated only after the association response was
received, which is too late. Fix rates when an AP is selected after a scan.
ok mpi@ tb@
|
|
associated nodes with particular properties: 11b-only ("non-ERP") nodes,
nodes requiring long slot time, nodes using WPA, nodes not supporting 11n,
nodes currently dozing in powersave state, and nodes with a pending group
key update confirmation.
These counters weren't properly maintained.
There are bugs in the stack where these counters and actual node properties
got out of sync. This is exposed by panics which are supposed to help us
catch such bugs. But these panics don't provide real clues.
Instead of maintaining global counters forcing us to hunt refcounting bugs,
count nodes with the property in question on demand, by iterating over all
nodes and checking their state.
This is cheap since we'll never have more than 100 nodes cached, and none of
the cases where we need such information is in a performance critical path.
Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last
year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also
encountered by my 11n APs ("panic: bogus non-HT station count 0").
tested by Lauri, tb@, and myself
ok mpi@ tb@
|
|
number from the 802.11-2007 standard to the 802.11-2012 standard.
|
|
from the client parameter set, rather than from the AP parameter set.
ok mpi@
|
|
by drivers to pass default EDCA parameters to firmware instead of passing
local hardcoded values.
ok millert@
|
|
These are either due to driver bugs or rounding errors in fixed point math
but can be dealt with gracefully and don't occur often (only one instance
of this problem has been reported in the wild so far).
Turn related panics into debug printfs.
With 'ifconfig athn0 debug' the kernel now prints notifications about
out-of-range SFER values in dmesg. Compile a kernel with 'option MIRA_DEBUG'
to get a dump of driver stats in dmesg as well.
This change should prevent an undesirable panic reported by Peter Kay,
though it does not actually address the root cause of the problem.
ok tb@
|
|
cancels timeouts, and resets driver stats. Call it when probing has
finished instead of manually resetting only probing state.
Right now this is only called once but an upcoming change will reuse it.
|
|
chain. Else this function will sometimes signal end of AMSDU frame too early.
Patch by Imre Vadasz.
ok mpi@ phessler@
|
|
Without this fix it was impossible to use WPA1 without also making use of the
wpaciphers option to enable TKIP. Problem noticed by pirofti@.
ok mpi@
|
|
The existing code (from damien@) already took care of freeing related buffers
but because block ack state was not reset we were still trying to use these
buffers if the node sent another A-MPDU. This problem only affects 11n hostap.
Fixes kernel crash reported by Timo Myyra on bugs@
|
|
titled "Predicting and Abusing WPA2/802.11 Group Keys" by Mathy Vanhoef.
https://media.ccc.de/v/33c3-8195-predicting_and_abusing_wpa2_802_11_group_keys
If an attacker knows the WPA group key the attacker could inject a unicast
frame by sending a group-encrypted frame to the AP with addresses set as:
addr1 (receiver): ff:ff:ff:ff:ff:ff
addr2 (source): MAC of attacker
addr3 (target): MAC of victim client
The AP would forward this frame as unicast, re-encrypted with the pair-wise
session key of the victim client. But an AP should not forward such frames.
Guessing a WPA group key used by an OpenBSD AP is hard because our random
numbers are actually random. So we are not vulnerable to this attack but
we are fixing the forwarding path anyway.
ok mpi@ tb@
|
|
No functional change.
The previous name was chosen at a time when I could not yet anticipate
what this function would really end up doing.
The new name should make this function's purpose more obvious, especially
where it appears at strategic places in driver code.
|
|
requiring 11n wireless drivers to provide an ic_ampdu_rx_start() function.
The athn(4) driver won't need this function since the hardware receives
A-MPDU and sends block ack without setting up anything.
|
|
clear HT capabilities stored in its node cache object.
A node may switch from 11n mode to 11a/b/g mode.
If we don't clear HT capabilities from the cache the node will
be mistaken as 11n-capable after reassociation.
ok phessler@ mpi@
|
|
|
|
|
|
Fixes problems with timing of frame transmissions which caused packet loss.
tested by myself and tb@
ok phessler@ mpi@ tb@
|
|
that Linux clients will decide to use 11n mode.
ok phessler@
|
|
For now we flip-flop only between non-member protection and non-HT protection.
Running a HT network without protection would require monitoring environmental
conditions (e.g. foreign beacons) which make HT protection necessary.
The ic_update_htprot driver function becomes optional because it won't be
needed by all drivers. Only call it if the driver has set a function pointer.
ok tb@
|
|
Return early and do nothing if the node is already in COLLECT state upon
entry to this function.
|
|
function, not afterwards. Drivers now know whether a joining node supports HT
which helps with setting up state such as which Tx rate to use.
|
|
It was creating a corrupt beacon element by ommitting one byte.
Fix this and fill the element with actual data from the ic_bss node instead
of filling it with zeroes, allowing future 11n hostap to announce the current
HT protection mode correctly.
|
|
including removing the 802.1x configuration from the card.
Found while coming home from CCC Congress.
OK stsp@
|
|
ok phessler@ tb@
|
|
which are not supported by both peers, as already done elsewhere.
ok phessler@ tb@
|
|
It is time for this legacy of WEP to die (remember WEP?).
The 802.11-2012 standard says:
The use of TKIP is deprecated. The TKIP algorithm is unsuitable for
the purposes of this standard.
TKIP has numerous problems. One of which is that TKIP allows a denial of
service attack which can be triggered by any client. Report 2 Michael MIC
failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now
required by the 802.11 standard to lock everyone out for at least 60 seconds.
The network will remain unusable for as long as such MIC failure reports
are sent twice per minute.
TKIP remains available for interoperability purposes, for now.
It must be enabled manually with ifconfig(8).
Prompted by discussion with Mathy Vanhoef.
ok deraadt@ sthen@ reyk@
|
|
we're not in 11n mode. This will allow tcpdump to show the mode correctly.
ok mpi@
|
|
Waiting more time does not buy us anything and makes a denial of service
a tiny bit easier.
Suggested by Mathy Vanhoef.
|
|
Client-side bug found while investigating TKIP countermeasures.
|
