summaryrefslogtreecommitdiff
path: root/sys/net80211
AgeCommit message (Collapse)Author
2010-09-29In the implementation of the SIOCS80211DELNODE ioctl, callMark Kettenis
ieee80211_node_leave() instead of ieee80211_release_node() which screws up reference counting and leads to use after free problems elsewhere in the code. Since ieee80211_node_leave() is only available if hostap support is compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling without hostap support (e.g. on ramdisks). ok deraadt@, damien@
2010-08-07No "\n" needed at the end of panic() strings.Kenneth R Westerback
Bogus chunks pointed out by matthew@ and miod@. No cookies for marco@ and jasper@. ok deraadt@ miod@ matthew@ jasper@ macro@
2010-07-28Suspending drivers need to do as little as possible in here, so when theTheo de Raadt
transition is to INIT, try to not generate management frames if we can avoid it. ok damien
2010-07-20Switch some obvious network stack MAC comparisons from bcmp() toMatthew Dempsky
timingsafe_bcmp(). ok deraadt@; committed over WPA.
2010-07-19in hostap mode, notify drivers via a new callback when a STA leavesDamien Bergamini
the BSS. this is needed by drivers that need to maintain a hardware table of associated STAs (like ral(4) RT2860). idea from Nathanael Rensen
2010-07-17use the correct block ack structure when building an ADDBA response.Damien Bergamini
2010-07-17Drop 3rd and 4th clauses from David Young's license.Damien Bergamini
from NetBSD
2010-06-19In ieee80211_node_leave(), clear the associd after callingDamien Bergamini
ieee80211_node_leave_rsn() since ieee80211_node_leave_rsn() calls ic_delete_key() and drivers like ral(4) RT2860 need a valid associd in their delete_key callbacks. This affects HostAP mode only. from Nathanael Rensen. remove a useless (nested) #ifndef IEEE80211_STA_ONLY while i'm here
2010-06-14fix my previous commit, i forgot BIP, so instead of enumeratingDamien Bergamini
what is not supported as a group cipher, enumerate what is supported.
2010-06-14do not try to associate with an AP using an unsupported group cipher,Damien Bergamini
otherwise we will panic in ieee80211_add_rsn_body(). this may be the cause of a panic seen by reyk@ though i'm not 100% sure.
2010-06-07no need to include <sys/endian.h> twice!Damien Bergamini
2010-06-07tweak ieee80211_decap():Damien Bergamini
instead of copying the 802.11 header on the stack and building the ethernet header directly in the mbuf, build the ethernet header on the stack directly from the 802.11 header in the mbuf and copy the ethernet header to the mbuf after stripping the 802.11 header. makes the code easier to read/understand, especially, it is now explicit what is being put in the ether_type field. diff from Matthew Dempsky (matthew at dempsky dot org) moved ieee80211_align_mbuf() under #ifdef __STRICT_ALIGNMENT while i'm here.
2010-06-05when rekeying the GTK/IGTK, send the new key to clients, not theDamien Bergamini
old one. found after reading a post by Nathanael Rensen to tech@
2010-06-05there is no need to copy the full 802.11 header in ieee80211_decap()Damien Bergamini
as we do not use any field after i_addr4. slightly modified version of a diff from Matthew Dempsky (matthew at dempsky dot org), used MIN instead of min.
2010-04-20remove proc.h include from uvm_map.h. This has far reaching effects, asTed Unangst
sysctl.h was reliant on this particular include, and many drivers included sysctl.h unnecessarily. remove sysctl.h or add proc.h as needed. ok deraadt
2010-03-28Four uses of uninitialized variables found by clang via jsg@. ar5416, ar9287Kenneth R Westerback
and athn are only theoretically interesting. i33380211_node fixes a real bug in occupied channel detection. ok damien@
2010-02-25fix two comments that i forgot when the SA query transaction identifierDamien Bergamini
changed from 16 bytes to 2 bytes. no binary change
2010-02-17Do not always create a new node when a beacon or a probe responseDamien Bergamini
is received. The creation of a new node is already handled in ieee80211_recv_probe_resp() when necessary. This avoids creating empty nodes with wrong channels when beacons are received on the wrong channel (overlapping channels). Those empty nodes may also prevent the real node from being discovered because of ieee80211_find_node_for_beacon() filtering. This should prevent entries of the form: nwid "" chan 3 bssid 00:01:02:03:04:05 0dB 54M in "ifconfig if0 scan" output, like reported by Rivo Nurges.
2010-02-06when receiving the first message of an rsn group key handshakejoshua stein
packet, copy the key out of it properly. fixes the problem where only broadcast packets like ipv6 router advertisements were failing decryption and processing, only after a rekey. ok damien@
2009-11-23how did i manage to forget that file in my last commit?Damien Bergamini
2009-11-21when wpa is enabled, defer setting the link up until the 802.1XDamien Bergamini
port is valid (keys have been successfully exchanged.) this avoids dhclient timeouts when wpa is enabled.
2009-11-02s/hz/Hz/ on multiples of the SI unit hertz other than MHz.Igor Sobrado
reminded by STeve Andre.
2009-10-30missing \n in log() message.Damien Bergamini
from Jurjen Oskam.
2009-09-24do not call m_free(n0) followed by m_freem(n0) when m_dup_pkthdr()Damien Bergamini
call fails. this double-free was introduced with the M_DUP_PKTHRD to m_dup_pkthdr change that got committed before I had a chance to review it.
2009-09-13M_DUP_PKTHDR() define -> m_dup_pkthdr() function to properly dealKenneth R Westerback
with m_tag_copy_chain() failures. Use m_defrag() to eliminate hand rolled defragging of mbufs and some uses of M_DUP_PKTHDR(). Original diff from thib@, claudio@'s feedback integrated by me. Tests kevlo@ claudio@, "reads ok" blambert@ ok thib@ claudio@, "m_defrag() bits ok" kettenis@
2009-09-12Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@Miod Vallat
2009-06-06In SIOCS80211SCAN, fail if the interface is not up *and* running.Damien Bergamini
There are cases where the interface can be up but not running, for instance if the driver's if_init routine fails halfway for whatever reason (firmware file not found, hardware switch turned off etc...) This is because in sys/net/if.c, the returned code of the driver is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set. netintro(4) does not say anything about values returned by SIOCSIFFLAGS, so I don't know whether it is the expected behavior or not. pointed out by halex@ and jacekm@ who noticed it was possible to trigger a scan on wpi(4) even when the hardware switch was turned off.
2009-06-03make wireless interfaces priority 4 by default. other interfaces remainBob Beck
priority 0. while we are in here make sure we add wi interfaces to group "wlan" in the same way the net80211 stuff already is. this makes dhcp multiple default routes useful on laptops. ok claudio@
2009-05-24fix prev commit (s/ic_flags/ic_caps/).Damien Bergamini
from dhill@
2009-05-19prevent injection of raw 802.11 control frames through bpf on driversDamien Bergamini
that do not explicitly state this capability (using flag IEEE80211_C_RAWCTL). also, perform all the sanity checks on injected raw 802.11 frames earlier (in ieee80211_output instead of ieee80211_encap). prevent kernel panics with many drivers when running aircrack-ng. when/if all drivers are capable, we can remove this C_RAWCTL flag.
2009-04-16make TKIP TSC start at 1 (instead of 0) to match the standard.Damien Bergamini
many implementations (including ours) will drop frames with a TSC equal to 0 (they are considered replayed frames.)
2009-04-14do not cache the computed TTAK unless MIC has been verified.Damien Bergamini
this prevents an attacker from changing the TTAK (DoS attack) by sending a frame with a large TSC but with a bad ICV and/or MIC. now an attacker can only invalidate the cached TTAK.
2009-03-26move #define IEEE80211_NO_HT under #ifdef SMALL_KERNEL insteadDamien Bergamini
of defining it unconditionnaly. although the HT code is not ready yet, making it compile on GENERIC kernels will help catch regressions/bugs if any.
2009-03-26sync with 802.11w draft 8.0.Damien Bergamini
the SA Query Transaction Identifier field is now a 16-bit non-negative counter value instead of a 128-bit random value.
2009-03-06Fix setting of the Short Slot Time subfield of the Capability InformationDamien Bergamini
field in (Re)Association Requests. This fixes association with APs refusing non-short-slot-time capable STAs. This should also prevent the AP we're associating with to disable the use of short slot time in the BSS as we join. Fix debug message in recv_assoc_resp() while I'm here (s/reason/status/). Scary. Thanks to Adam Emanuel for spotting this.
2009-02-15make "ifconfig if0 chan" list the channels supported by the device.Damien Bergamini
add "ifconfig if0 scan" to scan for access points or to list known stations in Host AP mode. remove the [-]wmm command while i'm here. QoS is mandatory with 802.11n so there's not much point into making it an option. fix parsing of the "powersave" command too. discussed with deraadt@ man page hints from jmc@ display hints from sobrado@ "i like it" cnst@, grange@
2009-02-13Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'.Damien Bergamini
Some supplicants will autoselect 802.1X without giving users the possibility to choose between PSK or 802.1X. Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined in Draft 802.11w) by default in the RSN IE of beacons and probe responses as it confuses some broken supplicants. This kind of sacrifies security for interoperability with shitty (but unfortunately widespread) clients that do not follow the 802.11 standard properly. This fixes associations from Intel PROSet on XP and also reportedly fixes some Mac OS clients. I will likely make `psk-sha256' configurable through ifconfig wpaakms after the 4.5 release.
2009-02-08initial 802.11 defragmentation bits.Damien Bergamini
the code will allow the concurrent reception of fragments of three fragmented MSDUs or MMPDUs as required by the 802.11 standard.
2009-01-29fix a panic that occurs when IEEE80211_STA_ONLY is defined (SMALL_KERNEL).Damien Bergamini
noticed by ray@, more investigation from sthen@ fix tested by sthen@
2009-01-28Block Ack agreements are unidirectional.Damien Bergamini
Maintain state for both originator and recipient roles separately. Do not allocate receive reordering buffer in addba_request(). Test the "initiator" bit in incoming DELBA frames and set it appropriately in outgoing DELBA frames. Separate callbacks for Tx/Rx too. no binary change since all this is #ifdef'ed out.
2009-01-28In ieee80211_find_node(), roll our own RB_FIND() based on the key (macaddr)Damien Bergamini
instead of resorting to horrid hacks/casts. Restore the ieee80211_node structure back to its original state.
2009-01-27unbreak SMALL_KERNEL builds by adding missing #ifndef IEEE80211_STA_ONLYDamien Bergamini
pointed out by krw@
2009-01-26move ni_macaddr field at the top of the ieee80211_node structure.Damien Bergamini
this way we can avoid putting a full node structure (which is huge) on the stack in ieee80211_find_node(). this is a bit tricky but the RB_FIND macro wants an "elem" structure, not a field of "elem".
2009-01-26remove ni_ba field from ieee80211_node structure as it is not used yet.Damien Bergamini
this reduces memory footprint and avoids a stack usage warning in ieee80211_find_node() that breaks amd64 build. pointed out by landry@
2009-01-26Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:Damien Bergamini
- implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys) Did some code cleanup too. The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler. Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
2008-12-14txpower range checks should be inclusive.Jonathan Gray
From FreeBSD via mickey in pr 6024. ok damien@
2008-12-14Add an ieee80211_notify_dtim() function that drivers should call afterDamien Bergamini
every DTIM in HostAP mode. Flushes all group addressed MSDUs buffered at the AP for power management.
2008-12-06typo, no binary change.Damien Bergamini
2008-12-03typos in comments - no binary change.Damien Bergamini
2008-12-03small fix for IEEE80211_STA_ONLY: do not let users set HostAP specificDamien Bergamini
flags using "nwflag".