summaryrefslogtreecommitdiff
path: root/sys/net80211
AgeCommit message (Collapse)Author
2016-12-31When we disable WPA on an interface, wipe all of the WPA parameters,Peter Hessler
including removing the 802.1x configuration from the card. Found while coming home from CCC Congress. OK stsp@
2016-12-26Allow using 11n mode with APs that do not advertise support for all of MCS 0-7.Stefan Sperling
ok phessler@ tb@
2016-12-26When calculating the set of MCS rates below a particular MCS, skip ratesStefan Sperling
which are not supported by both peers, as already done elsewhere. ok phessler@ tb@
2016-12-20Disable TKIP (WPA1) by default.Stefan Sperling
It is time for this legacy of WEP to die (remember WEP?). The 802.11-2012 standard says: The use of TKIP is deprecated. The TKIP algorithm is unsuitable for the purposes of this standard. TKIP has numerous problems. One of which is that TKIP allows a denial of service attack which can be triggered by any client. Report 2 Michael MIC failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now required by the 802.11 standard to lock everyone out for at least 60 seconds. The network will remain unusable for as long as such MIC failure reports are sent twice per minute. TKIP remains available for interoperability purposes, for now. It must be enabled manually with ifconfig(8). Prompted by discussion with Mathy Vanhoef. ok deraadt@ sthen@ reyk@
2016-12-18While copying out channel flags to userspace, omit the HT channel flag ifStefan Sperling
we're not in 11n mode. This will allow tcpdump to show the mode correctly. ok mpi@
2016-12-18Set the maximum TKIP countermeasure timeout to 90 seconds instead of 120.Stefan Sperling
Waiting more time does not buy us anything and makes a denial of service a tiny bit easier. Suggested by Mathy Vanhoef.
2016-12-17Don't crash while sending a TKIP MIC failure report to the AP.Stefan Sperling
Client-side bug found while investigating TKIP countermeasures.
2016-12-17Complete our half-done implementation of TKIP countermeasures in hostap mode.Stefan Sperling
The previous code would disable the AP until next reboot upon MIC failure. Instead, disable the AP for 60 seconds, as required by the 802.11 standard. I randomly added a bit of time (up to 120 seconds total) just because we can. Problem reported by Mathy Vanhoef, thanks! ok deraadt@ random input reyk@
2016-12-10Make mira rate scaling actually work with MIMO Tx rates.Stefan Sperling
The previous approach with an extra timeout was dumb (and of course untested). Additional fixes include: - Take HT protection settings into account when determining whether RTS is used. - Stop probing the current rateset as soon as measurements become worse. - Properly move probing timeouts for bad rates further into the future. Tested with MIMO-enabled iwm(4) (MCS 0-15) and also iwn(4) (MCS 0-7 only). Early versions also tested by phessler@ and bmercer@, and more testing by tb@. ok tb@
2016-12-08Fix mira's next intra-rate calculations for MCS >= 8.Stefan Sperling
ok tb@ phessler@
2016-12-06avoid a potentially uninitialised return valueJonathan Gray
ok stsp@
2016-11-30Add a new implementation of MiRA, a rate scaling algorithm for 802.11n.Stefan Sperling
This algorithm was designed for use with MIMO and Tx aggregation. This is joint work with tb@, who helped with all the tricky math bits. Additional help with testing by phessler@, mpi@, and jmatthew@. I believe this is now ready for wider testing, and for future work to happen in-tree. A paper which explains the algorithm can be found at: http://www.cs.ucla.edu/wing/publication/papers/Pefkianakis.MOBICOM10.pdf Roughly, this algorithm attempts to keep track of the current "goodput" (the effective data rate) for each MCS. It converges towards a rate which gets the most bits per second transmitted with least loss. Occasionally, frames will be steered to different rates to probe for changes. (The algorithm does not send frames on its own. It only advances whenever the driver has sent a frame.) Time-based probing to adjacent MCS rates occurs periodically. This is similar to what AMRR does, except that eventually mira will try out multi-antenna modes as well. Event-based probing happens when a sudden change in goodput is detected. I've chosen to make downwards probing fast, and upwards probing slow. (The paper does not specify such a preference.) This means it should react quickly to worsening conditions and pull the rate down (perhaps to the lowest possible rate). It should then raise upwards slowly on a rate-per-rate basis as conditions improve again. In my testing this works as intended as I keep moving a laptop outside and inside the AP's range. Not linked to the build yet. ok mpi@ kettenis@
2016-10-08Allow writing an MCS index to radiotap's rate field. The format we use isStefan Sperling
the same as FreeBSD is using and is already recognized by third party tools. For this file a documentation change is all that's needed. ok kettenis
2016-09-21When processing an ADDBA request, iwm(4) runs a task which sends aStefan Sperling
command to the firmware and waits for confirmation. This command can fail and there was no way we could recover from such an error. Allow drivers to return EBUSY from their ic_ampdu_rx_start() handler to tell the stack not to send a confirmation just yet. The stack provides functions which the driver can call to accept or refuse the request. There is no functional change yet. This just shuffles code around so drivers may insert themselves into the process. ok mpi@
2016-09-20Parse the DTIM count and period advertised in beacons and store themStefan Sperling
in the node structure. This should be useful for iwm(4) in the future. ok phessler@
2016-09-15move from RB macros to the RBT functions.David Gwynne
shaves about 5k off an amd64 GENERIC.MP kernel
2016-08-31If a driver reports RSSI in the 20-100 range, convert to a negative value.Stefan Sperling
Fixes dBm values displayed by 'ifconfig scan' with several drivers. ok mpi@ jca@
2016-08-17If a wireless device or driver scans all bands at once give 5GHz APsStefan Sperling
a slight priority in cases where good matches exist in either band. ok sthen@
2016-08-15Expose more 802.11n information to userspace:Stefan Sperling
A flag which indicates whether HT has been negotiated with a node, and the current Tx MCS value we use for a node. This grows struct ieee80211_nodereq. Applications using it must be recompiled. ok mpi@
2016-07-20In net80211, enable RTS for frames above a particular size (currently 512Stefan Sperling
bytes). This is what other OS have been doing for years. In our stack this feature was present but disabled at compile-time by an #ifdef. This is a low risk change because drivers were already required to use RTS whenever the AP set the USE_PROTECTION flag in ERP elements of its beacons. This change allows for reasonable throughput on loaded 11g networks whereas before they were practically unusable. tests and ok phessler@
2016-05-21Add a wireless driver capability flag for devices which scan 2GHz and 5GHzStefan Sperling
bands in a single scan offload request. This will be used by iwm(4) soon. ok kettenis@, earlier version ok phessler@
2016-05-18In hostap mode, don't re-use association IDs (AIDs) of nodes which areStefan Sperling
still lingering in the node cache. This could cause an AID to be assigned twice, once to a newly associated node and once to a different node in COLLECT cache state (i.e. marked for future eviction from the node cache). Drivers (e.g. rt2860) may use AIDs to keep track of nodes in firmware tables and get confused when AIDs aren't unique across the node cache. The symptom observed with rt2860 were nodes stuck at 1 Mbps Tx rate since the duplicate AID made the driver perform Tx rate (AMRR) accounting on the wrong node object. To find out if a node is associated we now check the node's cache state, rather than comparing the node's AID against zero. An AID is assigned when a node associates and it lasts until the node is eventually purged from the node cache (previously, the AID was made available for re-use when the node was placed in COLLECT state). There is no need to be stingy with AIDs since the number of possible AIDs exceeds the maximum number of nodes in the cache. Problem found by Nathanael Rensen. Fix written by Nathanael and myself. Tested by Nathanael. Comitting now to get this change tested across as many drivers as possible.
2016-05-12Fix "comma at end of enumerator list" warningsDavid Coppa
Sure stsp@
2016-05-10make bpf_mtap callers set the M_FILDROP flag if they care about it.David Gwynne
ok mpi@
2016-05-02Fix a corner case of 12-bit arithmetic: also increment the ba_winmissTheo Buehler
counter if sn == 0 and ba_missedsn == 0xfff. ok stsp@
2016-05-02IEEE 802.11 sequence numbers wrap at 12 bit.Stefan Sperling
Fix a case where ieee80211_ba_input() failed to account for that. ok tb@
2016-04-28Rework handling of frames which fall beyond the block ack window.Stefan Sperling
tb@ discovered that we were not following the 802.11-2012 standard correctly for frames which fall within the range [winend, windend+winsize]. This could cause valid frames to be dropped because we moved the window too far ahead. with and ok tb@
2016-04-28Add a net80211 stat counter for block ack window "slides" as opposedStefan Sperling
to "jumps". Will be used soon by refined block ack window handling. netstat needs to be recompiled. With and ok tb@
2016-04-28When a frame which falls into the block ack window is received, clearStefan Sperling
counters that keep track of consecutive frames falling outside the window.
2016-04-28Copy some ieee8021_node HT information to userspace.Stefan Sperling
ifconfig needs to be recompiled. ok mpi@
2016-04-28Reduce block ack gap timeout to 300 msec in order to reduce Rx latency.Stefan Sperling
This value seems to be a sweet spot. testing and ok tb@
2016-04-27Add some stat counters for events related to 802.11n.Stefan Sperling
netstat(1) needs to be recompiled to work with new kernel. ok deraadt mpi
2016-04-15replace m_copym2 with m_dup_pktDavid Gwynne
tested by and ok stsp@
2016-04-12Call if_enqueue() and if_start() instead of dereferencing the ifpMartin Pieuchot
pointers. These functions have been introduced to abstract some of the MP- safeness^Wmadness and should be use everywhere. Prodded by a comment from jsg@. ok mikeb@, stsp@
2016-03-22replace ieee80211_align_mbuf with m_dup_pktDavid Gwynne
ok stsp@
2016-03-03Restore assignment of ic_curmode that was accidentally removed whenGerhard Roth
moving the ERP code to post-assoc phase. Fixes iwi(4) fatal firmware errors. ok stsp@, sobrado@
2016-02-12Remove superfluous assignments of 'subtype' in ieee80211_input().Stefan Sperling
Suggested by sthen@ ok tb@
2016-02-11In ieee80211_input(), initialize 'subtype' variable before using it.Stefan Sperling
Should have been part of the QoS "no data" fix. ok tb@
2016-02-11Fix whitespace.Stefan Sperling
2016-02-11Make the heuristic which catches frames with sequence numbers outside theStefan Sperling
current BlockAck window compare against the actual window size, rather than the maximum window size possible. As a result, two consecutive if-blocks now check for the same condition, so merge them.
2016-02-11Trim text in comment.Stefan Sperling
2016-02-11In ieee80211_ba_input(), compute the expression '(sn - ba->ba_winend) & 0xfff'Stefan Sperling
just once, by assigning its value to the 'count' variable earlier and reusing 'count' where this expression was used. No functional change. This just results in better readability.
2016-02-11Don't pass QoS "no data" frames to the A-MPDU reordering logic. Such framesStefan Sperling
will cause major confusion since they don't carry a sequence number. ok mpi@ sthen@
2016-02-09Log frames which fall outside the BlockAack window in dmesg if theStefan Sperling
interface debug flag is set (enabled with: ifconfig iwn0 debug). Shows the frame's sequence number and the current BA window. I'm adding this for diagnosis, just in case it will be needed to make future decisions about tuning the heuristic which works around network stalls caused by such frames.
2016-02-08Stop requiring a BlockAck session timeout (again), and just use it if the APStefan Sperling
is asking for it. This timeout should not be required anymore now that krw@'s hangs are fixed by working around APs which make sequence numbers jump about.
2016-02-08Work around buggy APs which occasionally emit sequence numbers much higherStefan Sperling
than the current 11n BlockAck window. The previous code would be fooled into moving the window forward and then drop packets until their sequence numbers catch up with the new window, which can take several minutes. Fixes traffic stalls observed with Broadcom APs. ok krw@ tb@
2016-02-07Hide some excessive net80211 debug printfs behind ieee80211_debug >= 2.Stefan Sperling
2016-02-05Count A-MPDU subframes with sequence number below the current BA window asStefan Sperling
duplicates rather than input errors. These subframes have either already been received, or the window was moved by the gap timeout which should only happen with buggy APs. Neither condition indicates a severe problem. Perhaps we will introduce a separate counter for this later.
2016-02-05Define EDCA tables for 11n mode. Per 802.11-2012 they are the same asStefan Sperling
the tables for 11a/11g modes. Add a function to append a Microsoft WME parameter element to a frame, using EDCA tables to construct the parameter records. Some 11n AP's I have observed provide this element. None of this code is used yet, so no functional change. I wrote this while debugging BlockAck and then realized it was only needed for hostap mode. Once we support 11n in hostap mode and send A-MPDUs, this code will be needed.
2016-02-05Store ADDBA request and response parameters in the block ack record ofStefan Sperling
ieee80211_node. This way, we can keep track of the ACK policy and echo it back to the AP as required by the standard. And use the correct bit flag for the policy -- this code was confused between BlockAck and ADDBA, both of which have a policy bit but in different places. Fixes apple airport APs. tested by tb@, krw@, sthen@, abieber@, and Henrik Friedrichsen