1
/*-
2
 * SPDX-License-Identifier: BSD-2-Clause
3
 *
4
 * Copyright (c) 2001 Atsushi Onoe
5
 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
6
 * All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 * 1. Redistributions of source code must retain the above copyright
12
 *    notice, this list of conditions and the following disclaimer.
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27
 */
28

29
#include <sys/cdefs.h>
30
#include "opt_wlan.h"
31

32
#include <sys/param.h>
33
#include <sys/systm.h>
34
#include <sys/mbuf.h>
35
#include <sys/malloc.h>
36
#include <sys/kernel.h>
37

38
#include <sys/socket.h>
39

40
#include <net/if.h>
41
#include <net/if_var.h>
42
#include <net/if_media.h>
43
#include <net/ethernet.h>
44

45
#include <net80211/ieee80211_var.h>
46
#include <net80211/ieee80211_input.h>
47
#ifdef IEEE80211_SUPPORT_SUPERG
48
#include <net80211/ieee80211_superg.h>
49
#endif
50
#ifdef IEEE80211_SUPPORT_TDMA
51
#include <net80211/ieee80211_tdma.h>
52
#endif
53
#include <net80211/ieee80211_wds.h>
54
#include <net80211/ieee80211_mesh.h>
55
#include <net80211/ieee80211_ratectl.h>
56
#include <net80211/ieee80211_vht.h>
57

58
#include <net/bpf.h>
59

60
#ifdef IEEE80211_DEBUG_REFCNT
61
#define	__debrefcnt_used
62
#else
63
#define	__debrefcnt_used	__unused
64
#endif
65

66
/*
67
 * IEEE80211_NODE_HASHSIZE must be a power of 2.
68
 */
69
CTASSERT((IEEE80211_NODE_HASHSIZE & (IEEE80211_NODE_HASHSIZE-1)) == 0);
70

71
/*
72
 * Association id's are managed with a bit vector.
73
 */
74
#define	IEEE80211_AID_SET(_vap, b) \
75
	((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] |= \
76
		(1 << (IEEE80211_AID(b) % 32)))
77
#define	IEEE80211_AID_CLR(_vap, b) \
78
	((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] &= \
79
		~(1 << (IEEE80211_AID(b) % 32)))
80
#define	IEEE80211_AID_ISSET(_vap, b) \
81
	((_vap)->iv_aid_bitmap[IEEE80211_AID(b) / 32] & (1 << (IEEE80211_AID(b) % 32)))
82

83
static int ieee80211_sta_join1(struct ieee80211_node *);
84

85
static struct ieee80211_node *ieee80211_alloc_node(
86
	struct ieee80211_node_table *, struct ieee80211vap *,
87
	const uint8_t macaddr[IEEE80211_ADDR_LEN], const char *, int);
88
static struct ieee80211_node *node_alloc(struct ieee80211vap *,
89
	const uint8_t [IEEE80211_ADDR_LEN]);
90
static int node_init(struct ieee80211_node *);
91
static void node_cleanup(struct ieee80211_node *);
92
static void node_free(struct ieee80211_node *);
93
static void node_age(struct ieee80211_node *);
94
static int8_t node_getrssi(const struct ieee80211_node *);
95
static void node_getsignal(const struct ieee80211_node *, int8_t *, int8_t *);
96
static void node_getmimoinfo(const struct ieee80211_node *,
97
	struct ieee80211_mimo_info *);
98

99
static void __ieee80211_free_node(struct ieee80211_node *);
100

101
static void node_reclaim(struct ieee80211_node_table *nt,
102
	struct ieee80211_node *ni);
103
static void ieee80211_node_table_init(struct ieee80211com *ic,
104
	struct ieee80211_node_table *nt, const char *name,
105
	int inact, int keymaxix);
106
static void ieee80211_node_table_reset(struct ieee80211_node_table *,
107
	struct ieee80211vap *);
108
static void ieee80211_node_table_cleanup(struct ieee80211_node_table *nt);
109
static void ieee80211_vap_erp_timeout(struct ieee80211vap *);
110

111
MALLOC_DEFINE(M_80211_NODE, "80211node", "802.11 node state");
112
MALLOC_DEFINE(M_80211_NODE_IE, "80211nodeie", "802.11 node ie");
113

114
void
115
ieee80211_node_attach(struct ieee80211com *ic)
116
{
117
	/* XXX really want maxlen enforced per-sta */
118
	ieee80211_ageq_init(&ic->ic_stageq, ic->ic_max_keyix * 8,
119
	    "802.11 staging q");
120
	ieee80211_node_table_init(ic, &ic->ic_sta, "station",
121
		IEEE80211_INACT_INIT, ic->ic_max_keyix);
122
	callout_init(&ic->ic_inact, 1);
123
	callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz,
124
		ieee80211_node_timeout, ic);
125

126
	ic->ic_node_alloc = node_alloc;
127
	ic->ic_node_init = node_init;
128
	ic->ic_node_free = node_free;
129
	ic->ic_node_cleanup = node_cleanup;
130
	ic->ic_node_age = node_age;
131
	ic->ic_node_drain = node_age;		/* NB: same as age */
132
	ic->ic_node_getrssi = node_getrssi;
133
	ic->ic_node_getsignal = node_getsignal;
134
	ic->ic_node_getmimoinfo = node_getmimoinfo;
135

136
	/*
137
	 * Set flags to be propagated to all vap's;
138
	 * these define default behaviour/configuration.
139
	 */
140
	ic->ic_flags_ext |= IEEE80211_FEXT_INACT; /* inactivity processing */
141
}
142

143
void
144
ieee80211_node_detach(struct ieee80211com *ic)
145
{
146

147
	callout_drain(&ic->ic_inact);
148
	ieee80211_node_table_cleanup(&ic->ic_sta);
149
	ieee80211_ageq_drain(&ic->ic_stageq);
150
	ieee80211_ageq_cleanup(&ic->ic_stageq);
151
}
152

153
void
154
ieee80211_node_vattach(struct ieee80211vap *vap)
155
{
156
	/* NB: driver can override */
157
	vap->iv_max_aid = IEEE80211_AID_DEF;
158

159
	/* default station inactivity timer settings */
160
	vap->iv_inact_init = IEEE80211_INACT_INIT;
161
	vap->iv_inact_auth = IEEE80211_INACT_AUTH;
162
	vap->iv_inact_run = IEEE80211_INACT_RUN;
163
	vap->iv_inact_probe = IEEE80211_INACT_PROBE;
164

165
	IEEE80211_DPRINTF(vap, IEEE80211_MSG_INACT,
166
	    "%s: init %u auth %u run %u probe %u\n", __func__,
167
	    vap->iv_inact_init, vap->iv_inact_auth,
168
	    vap->iv_inact_run, vap->iv_inact_probe);
169
}
170

171
void
172
ieee80211_node_latevattach(struct ieee80211vap *vap)
173
{
174

175
	/* XXX should ieee80211_vap_attach(), our only caller hold the lock? */
176
	IEEE80211_UNLOCK_ASSERT(vap->iv_ic);
177

178
	if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
179
		/* XXX should we allow max aid to be zero? */
180
		if (vap->iv_max_aid < IEEE80211_AID_MIN) {
181
			vap->iv_max_aid = IEEE80211_AID_MIN;
182
			net80211_vap_printf(vap,
183
			    "WARNING: max aid too small, changed to %d\n",
184
			    vap->iv_max_aid);
185
		}
186
		vap->iv_aid_bitmap = (uint32_t *) IEEE80211_MALLOC(
187
			howmany(vap->iv_max_aid, 32) * sizeof(uint32_t),
188
			M_80211_NODE,
189
			IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
190
		if (vap->iv_aid_bitmap == NULL) {
191
			/* XXX no way to recover */
192
			net80211_vap_printf(vap,
193
			    "%s: no memory for AID bitmap, max aid %d!\n",
194
			    __func__, vap->iv_max_aid);
195
			vap->iv_max_aid = 0;
196
		}
197
	}
198

199
	IEEE80211_LOCK(vap->iv_ic);
200
	ieee80211_reset_bss(vap);
201
	IEEE80211_UNLOCK(vap->iv_ic);
202

203
	vap->iv_auth = ieee80211_authenticator_get(vap->iv_bss->ni_authmode);
204
}
205

206
void
207
ieee80211_node_vdetach(struct ieee80211vap *vap)
208
{
209
	struct ieee80211com *ic = vap->iv_ic;
210

211
	/* XXX should ieee80211_vap_detach(), our only caller hold the lock? */
212
	IEEE80211_UNLOCK_ASSERT(vap->iv_ic);
213

214
	ieee80211_node_table_reset(&ic->ic_sta, vap);
215
	IEEE80211_LOCK(ic);
216
	if (vap->iv_bss != NULL) {
217
		ieee80211_free_node(vap->iv_bss);
218
		vap->iv_update_bss(vap, NULL);
219
	}
220
	IEEE80211_UNLOCK(ic);
221
	if (vap->iv_aid_bitmap != NULL) {
222
		IEEE80211_FREE(vap->iv_aid_bitmap, M_80211_NODE);
223
		vap->iv_aid_bitmap = NULL;
224
	}
225
}
226

227
/*
228
 * Port authorize/unauthorize interfaces for use by an authenticator.
229
 */
230

231
void
232
ieee80211_node_authorize(struct ieee80211_node *ni)
233
{
234
	struct ieee80211vap *vap = ni->ni_vap;
235

236
	ni->ni_flags |= IEEE80211_NODE_AUTH;
237
	ni->ni_inact_reload = vap->iv_inact_run;
238
	ni->ni_inact = ni->ni_inact_reload;
239

240
	IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni,
241
	    "%s: inact_reload %u", __func__, ni->ni_inact_reload);
242
}
243

244
void
245
ieee80211_node_unauthorize(struct ieee80211_node *ni)
246
{
247
	struct ieee80211vap *vap = ni->ni_vap;
248

249
	ni->ni_flags &= ~IEEE80211_NODE_AUTH;
250
	ni->ni_inact_reload = vap->iv_inact_auth;
251
	if (ni->ni_inact > ni->ni_inact_reload)
252
		ni->ni_inact = ni->ni_inact_reload;
253

254
	IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni,
255
	    "%s: inact_reload %u inact %u", __func__,
256
	    ni->ni_inact_reload, ni->ni_inact);
257
}
258

259
/*
260
 * Fix tx parameters for a node according to ``association state''.
261
 */
262
void
263
ieee80211_node_setuptxparms(struct ieee80211_node *ni)
264
{
265
	struct ieee80211vap *vap = ni->ni_vap;
266
	enum ieee80211_phymode mode;
267

268
	if (ni->ni_flags & IEEE80211_NODE_VHT) {
269
		if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
270
			mode = IEEE80211_MODE_VHT_5GHZ;
271
		else
272
			mode = IEEE80211_MODE_VHT_2GHZ;
273
	} else if (ni->ni_flags & IEEE80211_NODE_HT) {
274
		if (IEEE80211_IS_CHAN_5GHZ(ni->ni_chan))
275
			mode = IEEE80211_MODE_11NA;
276
		else
277
			mode = IEEE80211_MODE_11NG;
278
	} else {				/* legacy rate handling */
279
		if (IEEE80211_IS_CHAN_ST(ni->ni_chan))
280
			mode = IEEE80211_MODE_STURBO_A;
281
		else if (IEEE80211_IS_CHAN_HALF(ni->ni_chan))
282
			mode = IEEE80211_MODE_HALF;
283
		else if (IEEE80211_IS_CHAN_QUARTER(ni->ni_chan))
284
			mode = IEEE80211_MODE_QUARTER;
285
		/* NB: 108A should be handled as 11a */
286
		else if (IEEE80211_IS_CHAN_A(ni->ni_chan))
287
			mode = IEEE80211_MODE_11A;
288
		else if (IEEE80211_IS_CHAN_108G(ni->ni_chan) ||
289
		    (ni->ni_flags & IEEE80211_NODE_ERP))
290
			mode = IEEE80211_MODE_11G;
291
		else
292
			mode = IEEE80211_MODE_11B;
293
	}
294
	ni->ni_txparms = &vap->iv_txparms[mode];
295
}
296

297
/*
298
 * Set/change the channel.  The rate set is also updated as
299
 * to insure a consistent view by drivers.
300
 * XXX should be private but hostap needs it to deal with CSA
301
 */
302
void
303
ieee80211_node_set_chan(struct ieee80211_node *ni,
304
	struct ieee80211_channel *chan)
305
{
306
	struct ieee80211com *ic = ni->ni_ic;
307
	struct ieee80211vap *vap = ni->ni_vap;
308
	enum ieee80211_phymode mode;
309

310
	KASSERT(chan != IEEE80211_CHAN_ANYC, ("no channel"));
311

312
	ni->ni_chan = chan;
313
	mode = ieee80211_chan2mode(chan);
314
	if (IEEE80211_IS_CHAN_HT(chan)) {
315
		/*
316
		 * We must install the legacy rate est in ni_rates and the
317
		 * HT rate set in ni_htrates.
318
		 */
319
		ni->ni_htrates = *ieee80211_get_suphtrates(ic, chan);
320
		/*
321
		 * Setup bss tx parameters based on operating mode.  We
322
		 * use legacy rates when operating in a mixed HT+non-HT bss
323
		 * and non-ERP rates in 11g for mixed ERP+non-ERP bss.
324
		 */
325
		if (mode == IEEE80211_MODE_11NA &&
326
		    (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0)
327
			mode = IEEE80211_MODE_11A;
328
		else if (mode == IEEE80211_MODE_11NG &&
329
		    (vap->iv_flags_ht & IEEE80211_FHT_PUREN) == 0)
330
			mode = IEEE80211_MODE_11G;
331
		if (mode == IEEE80211_MODE_11G &&
332
		    (vap->iv_flags & IEEE80211_F_PUREG) == 0)
333
			mode = IEEE80211_MODE_11B;
334
	}
335
	ni->ni_txparms = &vap->iv_txparms[mode];
336
	ni->ni_rates = *ieee80211_get_suprates(ic, chan);
337
}
338

339
static __inline void
340
copy_bss(struct ieee80211_node *nbss, const struct ieee80211_node *obss)
341
{
342
	/* propagate useful state */
343
	nbss->ni_authmode = obss->ni_authmode;
344
	nbss->ni_txpower = obss->ni_txpower;
345
	nbss->ni_vlan = obss->ni_vlan;
346
	/* XXX statistics? */
347
	/* XXX legacy WDS bssid? */
348
}
349

350
void
351
ieee80211_create_ibss(struct ieee80211vap* vap, struct ieee80211_channel *chan)
352
{
353
	struct ieee80211com *ic = vap->iv_ic;
354
	struct ieee80211_node *ni;
355

356
	IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
357
		"%s: creating %s on channel %u%c flags 0x%08x\n", __func__,
358
		ieee80211_opmode_name[vap->iv_opmode],
359
		ieee80211_chan2ieee(ic, chan),
360
		ieee80211_channel_type_char(chan),
361
		chan->ic_flags);
362

363
	ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr,
364
	    __func__, __LINE__);
365
	if (ni == NULL) {
366
		/* XXX recovery? */
367
		return;
368
	}
369
	IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr);
370
	ni->ni_esslen = vap->iv_des_ssid[0].len;
371
	memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen);
372
	if (vap->iv_bss != NULL)
373
		copy_bss(ni, vap->iv_bss);
374
	ni->ni_intval = ic->ic_bintval;
375
	if (vap->iv_flags & IEEE80211_F_PRIVACY)
376
		ni->ni_capinfo |= IEEE80211_CAPINFO_PRIVACY;
377
	if (ic->ic_phytype == IEEE80211_T_FH) {
378
		ni->ni_fhdwell = 200;	/* XXX */
379
		ni->ni_fhindex = 1;
380
	}
381
	if (vap->iv_opmode == IEEE80211_M_IBSS) {
382
		ni->ni_capinfo |= IEEE80211_CAPINFO_IBSS;	/* XXX */
383
		if (vap->iv_flags & IEEE80211_F_DESBSSID)
384
			IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid);
385
		else {
386
			net80211_get_random_bytes(ni->ni_bssid,
387
			    IEEE80211_ADDR_LEN);
388
			/* clear group bit, add local bit */
389
			ni->ni_bssid[0] = (ni->ni_bssid[0] &~ 0x01) | 0x02;
390
		}
391
	} else if (vap->iv_opmode == IEEE80211_M_AHDEMO) {
392
		if (vap->iv_flags & IEEE80211_F_DESBSSID)
393
			IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_des_bssid);
394
		else
395
#ifdef IEEE80211_SUPPORT_TDMA
396
		if ((vap->iv_caps & IEEE80211_C_TDMA) == 0)
397
#endif
398
			memset(ni->ni_bssid, 0, IEEE80211_ADDR_LEN);
399
#ifdef IEEE80211_SUPPORT_MESH
400
	} else if (vap->iv_opmode == IEEE80211_M_MBSS) {
401
		ni->ni_meshidlen = vap->iv_mesh->ms_idlen;
402
		memcpy(ni->ni_meshid, vap->iv_mesh->ms_id, ni->ni_meshidlen);
403
#endif
404
	}
405
	/*
406
	 * Fix the channel and related attributes.
407
	 */
408
	/* clear DFS CAC state on previous channel */
409
	if (ic->ic_bsschan != IEEE80211_CHAN_ANYC &&
410
	    ic->ic_bsschan->ic_freq != chan->ic_freq &&
411
	    IEEE80211_IS_CHAN_CACDONE(ic->ic_bsschan))
412
		ieee80211_dfs_cac_clear(ic, ic->ic_bsschan);
413
	ic->ic_bsschan = chan;
414
	ieee80211_node_set_chan(ni, chan);
415
	ic->ic_curmode = ieee80211_chan2mode(chan);
416
	/*
417
	 * Do mode-specific setup.
418
	 */
419
	if (IEEE80211_IS_CHAN_FULL(chan)) {
420
		if (IEEE80211_IS_CHAN_ANYG(chan)) {
421
			/*
422
			 * Use a mixed 11b/11g basic rate set.
423
			 */
424
			ieee80211_setbasicrates(&ni->ni_rates,
425
			    IEEE80211_MODE_11G);
426
			if (vap->iv_flags & IEEE80211_F_PUREG) {
427
				/*
428
				 * Also mark OFDM rates basic so 11b
429
				 * stations do not join (WiFi compliance).
430
				 */
431
				ieee80211_addbasicrates(&ni->ni_rates,
432
				    IEEE80211_MODE_11A);
433
			}
434
		} else if (IEEE80211_IS_CHAN_B(chan)) {
435
			/*
436
			 * Force pure 11b rate set.
437
			 */
438
			ieee80211_setbasicrates(&ni->ni_rates,
439
				IEEE80211_MODE_11B);
440
		}
441
	}
442

443
	/* XXX TODO: other bits and pieces - eg fast-frames? */
444

445
	/* If we're an 11n channel then initialise the 11n bits */
446
	if (IEEE80211_IS_CHAN_VHT(ni->ni_chan)) {
447
		/* XXX what else? */
448
		ieee80211_ht_node_init(ni);
449
		ieee80211_vht_node_init(ni);
450
	} else if (IEEE80211_IS_CHAN_HT(ni->ni_chan)) {
451
		/* XXX what else? */
452
		ieee80211_ht_node_init(ni);
453
	}
454

455
	(void) ieee80211_sta_join1(ieee80211_ref_node(ni));
456
}
457

458
/*
459
 * Reset bss state on transition to the INIT state.
460
 * Clear any stations from the table (they have been
461
 * deauth'd) and reset the bss node (clears key, rate
462
 * etc. state).
463
 */
464
void
465
ieee80211_reset_bss(struct ieee80211vap *vap)
466
{
467
	struct ieee80211com *ic = vap->iv_ic;
468
	struct ieee80211_node *ni, *obss;
469

470
	IEEE80211_LOCK_ASSERT(ic);
471

472
	ieee80211_node_table_reset(&ic->ic_sta, vap);
473
	/* XXX multi-bss: wrong */
474
	ieee80211_vap_reset_erp(vap);
475

476
	ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr,
477
	    __func__, __LINE__);
478
	KASSERT(ni != NULL, ("unable to setup initial BSS node"));
479
	obss = vap->iv_update_bss(vap, ieee80211_ref_node(ni));
480
	if (obss != NULL) {
481
		copy_bss(ni, obss);
482
		ni->ni_intval = ic->ic_bintval;
483
		ieee80211_free_node(obss);
484
	} else
485
		IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_myaddr);
486
}
487

488
static int
489
match_ssid(const struct ieee80211_node *ni,
490
	int nssid, const struct ieee80211_scan_ssid ssids[])
491
{
492
	int i;
493

494
	for (i = 0; i < nssid; i++) {
495
		if (ni->ni_esslen == ssids[i].len &&
496
		     memcmp(ni->ni_essid, ssids[i].ssid, ni->ni_esslen) == 0)
497
			return 1;
498
	}
499
	return 0;
500
}
501

502
/*
503
 * Test a node for suitability/compatibility.
504
 */
505
static int
506
check_bss(struct ieee80211vap *vap, struct ieee80211_node *ni)
507
{
508
	struct ieee80211com *ic = ni->ni_ic;
509
        uint8_t rate;
510

511
	if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan)))
512
		return 0;
513
	if (vap->iv_opmode == IEEE80211_M_IBSS) {
514
		if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
515
			return 0;
516
	} else {
517
		if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0)
518
			return 0;
519
	}
520
	if (vap->iv_flags & IEEE80211_F_PRIVACY) {
521
		if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
522
			return 0;
523
	} else {
524
		/* XXX does this mean privacy is supported or required? */
525
		if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)
526
			return 0;
527
	}
528
	rate = ieee80211_fix_rate(ni, &ni->ni_rates,
529
	    IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE);
530
	if (rate & IEEE80211_RATE_BASIC)
531
		return 0;
532
	if (vap->iv_des_nssid != 0 &&
533
	    !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid))
534
		return 0;
535
	if ((vap->iv_flags & IEEE80211_F_DESBSSID) &&
536
	    !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid))
537
		return 0;
538
	return 1;
539
}
540

541
#ifdef IEEE80211_DEBUG
542
/*
543
 * Display node suitability/compatibility.
544
 */
545
static void
546
check_bss_debug(struct ieee80211vap *vap, struct ieee80211_node *ni)
547
{
548
	struct ieee80211com *ic = ni->ni_ic;
549
        uint8_t rate;
550
        int fail;
551

552
	fail = 0;
553
	if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, ni->ni_chan)))
554
		fail |= 0x01;
555
	if (vap->iv_opmode == IEEE80211_M_IBSS) {
556
		if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
557
			fail |= 0x02;
558
	} else {
559
		if ((ni->ni_capinfo & IEEE80211_CAPINFO_ESS) == 0)
560
			fail |= 0x02;
561
	}
562
	if (vap->iv_flags & IEEE80211_F_PRIVACY) {
563
		if ((ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
564
			fail |= 0x04;
565
	} else {
566
		/* XXX does this mean privacy is supported or required? */
567
		if (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY)
568
			fail |= 0x04;
569
	}
570
	rate = ieee80211_fix_rate(ni, &ni->ni_rates,
571
	     IEEE80211_F_JOIN | IEEE80211_F_DONEGO | IEEE80211_F_DOFRATE);
572
	if (rate & IEEE80211_RATE_BASIC)
573
		fail |= 0x08;
574
	if (vap->iv_des_nssid != 0 &&
575
	    !match_ssid(ni, vap->iv_des_nssid, vap->iv_des_ssid))
576
		fail |= 0x10;
577
	if ((vap->iv_flags & IEEE80211_F_DESBSSID) &&
578
	    !IEEE80211_ADDR_EQ(vap->iv_des_bssid, ni->ni_bssid))
579
		fail |= 0x20;
580

581
	net80211_printf(" %c %s", fail ? '-' : '+', ether_sprintf(ni->ni_macaddr));
582
	net80211_printf(" %s%c", ether_sprintf(ni->ni_bssid), fail & 0x20 ? '!' : ' ');
583
	net80211_printf(" %3d%c",
584
	    ieee80211_chan2ieee(ic, ni->ni_chan), fail & 0x01 ? '!' : ' ');
585
	net80211_printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2,
586
	    fail & 0x08 ? '!' : ' ');
587
	net80211_printf(" %4s%c",
588
	    (ni->ni_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" :
589
	    (ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" :
590
	    "????",
591
	    fail & 0x02 ? '!' : ' ');
592
	net80211_printf(" %3s%c ",
593
	    (ni->ni_capinfo & IEEE80211_CAPINFO_PRIVACY) ?  "wep" : "no",
594
	    fail & 0x04 ? '!' : ' ');
595
	ieee80211_print_essid(ni->ni_essid, ni->ni_esslen);
596
	net80211_printf("%s\n", fail & 0x10 ? "!" : "");
597
}
598
#endif /* IEEE80211_DEBUG */
599

600
int
601
ieee80211_ibss_merge_check(struct ieee80211_node *ni)
602
{
603
	struct ieee80211vap *vap = ni->ni_vap;
604

605
	if (ni == vap->iv_bss ||
606
	    IEEE80211_ADDR_EQ(ni->ni_bssid, vap->iv_bss->ni_bssid)) {
607
		/* unchanged, nothing to do */
608
		return 0;
609
	}
610

611
	if (!check_bss(vap, ni)) {
612
		/* capabilities mismatch */
613
		IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
614
		    "%s: merge failed, capabilities mismatch\n", __func__);
615
#ifdef IEEE80211_DEBUG
616
		if (ieee80211_msg_assoc(vap))
617
			check_bss_debug(vap, ni);
618
#endif
619
		vap->iv_stats.is_ibss_capmismatch++;
620
		return 0;
621
	}
622

623
	return 1;
624
}
625

626
/*
627
 * Check if the given node should populate the node table.
628
 *
629
 * We need to be in "see all beacons for all ssids" mode in order
630
 * to do IBSS merges, however this means we will populate nodes for
631
 * /all/ IBSS SSIDs, versus just the one we care about.
632
 *
633
 * So this check ensures the node can actually belong to our IBSS
634
 * configuration.  For now it simply checks the SSID.
635
 */
636
int
637
ieee80211_ibss_node_check_new(struct ieee80211_node *ni,
638
    const struct ieee80211_scanparams *scan)
639
{
640
	struct ieee80211vap *vap = ni->ni_vap;
641
	int i;
642

643
	/*
644
	 * If we have no SSID and no scan SSID, return OK.
645
	 */
646
	if (vap->iv_des_nssid == 0 && scan->ssid == NULL)
647
		goto ok;
648

649
	/*
650
	 * If we have one of (SSID, scan SSID) then return error.
651
	 */
652
	if (!! (vap->iv_des_nssid == 0) != !! (scan->ssid == NULL))
653
		goto mismatch;
654

655
	/*
656
	 * Double-check - we need scan SSID.
657
	 */
658
	if (scan->ssid == NULL)
659
		goto mismatch;
660

661
	/*
662
	 * Check if the scan SSID matches the SSID list for the VAP.
663
	 */
664
	for (i = 0; i < vap->iv_des_nssid; i++) {
665
		/* Sanity length check */
666
		if (vap->iv_des_ssid[i].len != scan->ssid[1])
667
			continue;
668

669
		/* Note: SSID in the scan entry is the IE format */
670
		if (memcmp(vap->iv_des_ssid[i].ssid, scan->ssid + 2,
671
		    vap->iv_des_ssid[i].len) == 0)
672
			goto ok;
673
	}
674

675
mismatch:
676
	return (0);
677
ok:
678
	return (1);
679
}
680

681
/*
682
 * Handle 802.11 ad hoc network merge.  The
683
 * convention, set by the Wireless Ethernet Compatibility Alliance
684
 * (WECA), is that an 802.11 station will change its BSSID to match
685
 * the "oldest" 802.11 ad hoc network, on the same channel, that
686
 * has the station's desired SSID.  The "oldest" 802.11 network
687
 * sends beacons with the greatest TSF timestamp.
688
 *
689
 * The caller is assumed to validate TSF's before attempting a merge.
690
 *
691
 * Return !0 if the BSSID changed, 0 otherwise.
692
 */
693
int
694
ieee80211_ibss_merge(struct ieee80211_node *ni)
695
{
696
#ifdef IEEE80211_DEBUG
697
	struct ieee80211vap *vap = ni->ni_vap;
698
#endif
699

700
	if (! ieee80211_ibss_merge_check(ni))
701
		return 0;
702

703
	IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
704
		"%s: new bssid %s: %s preamble, %s slot time%s\n", __func__,
705
		ether_sprintf(ni->ni_bssid),
706
		vap->iv_flags&IEEE80211_F_SHPREAMBLE ? "short" : "long",
707
		vap->iv_flags&IEEE80211_F_SHSLOT ? "short" : "long",
708
		vap->iv_flags&IEEE80211_F_USEPROT ? ", protection" : ""
709
	);
710
	return ieee80211_sta_join1(ieee80211_ref_node(ni));
711
}
712

713
/*
714
 * Calculate HT channel promotion flags for all vaps.
715
 * This assumes ni_chan have been setup for each vap.
716
 */
717
static int
718
gethtadjustflags(struct ieee80211com *ic)
719
{
720
	struct ieee80211vap *vap;
721
	int flags;
722

723
	flags = 0;
724
	/* XXX locking */
725
	TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
726
		if (vap->iv_state < IEEE80211_S_RUN)
727
			continue;
728
		switch (vap->iv_opmode) {
729
		case IEEE80211_M_WDS:
730
		case IEEE80211_M_STA:
731
		case IEEE80211_M_AHDEMO:
732
		case IEEE80211_M_HOSTAP:
733
		case IEEE80211_M_IBSS:
734
		case IEEE80211_M_MBSS:
735
			flags |= ieee80211_htchanflags(vap->iv_bss->ni_chan);
736
			break;
737
		default:
738
			break;
739
		}
740
	}
741
	return flags;
742
}
743

744
/*
745
 * Calculate VHT channel promotion flags for all vaps.
746
 * This assumes ni_chan have been setup for each vap.
747
 */
748
static int
749
getvhtadjustflags(struct ieee80211com *ic)
750
{
751
	struct ieee80211vap *vap;
752
	int flags;
753

754
	flags = 0;
755
	/* XXX locking */
756
	TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next) {
757
		if (vap->iv_state < IEEE80211_S_RUN)
758
			continue;
759
		switch (vap->iv_opmode) {
760
		case IEEE80211_M_WDS:
761
		case IEEE80211_M_STA:
762
		case IEEE80211_M_AHDEMO:
763
		case IEEE80211_M_HOSTAP:
764
		case IEEE80211_M_IBSS:
765
		case IEEE80211_M_MBSS:
766
			flags |= ieee80211_vhtchanflags(vap->iv_bss->ni_chan);
767
			break;
768
		default:
769
			break;
770
		}
771
	}
772
	return flags;
773
}
774

775
/*
776
 * Check if the current channel needs to change based on whether
777
 * any vap's are using HT20/HT40.  This is used to sync the state
778
 * of ic_curchan after a channel width change on a running vap.
779
 *
780
 * Same applies for VHT.
781
 */
782
void
783
ieee80211_sync_curchan(struct ieee80211com *ic)
784
{
785
	struct ieee80211_channel *c;
786

787
	c = ieee80211_ht_adjust_channel(ic, ic->ic_curchan, gethtadjustflags(ic));
788
	c = ieee80211_vht_adjust_channel(ic, c, getvhtadjustflags(ic));
789

790
	if (c != ic->ic_curchan) {
791
		ic->ic_curchan = c;
792
		ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan);
793
		ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan);
794
		IEEE80211_UNLOCK(ic);
795
		ic->ic_set_channel(ic);
796
		ieee80211_radiotap_chan_change(ic);
797
		IEEE80211_LOCK(ic);
798
	}
799
}
800

801
/*
802
 * Setup the current channel.  The request channel may be
803
 * promoted if other vap's are operating with HT20/HT40.
804
 */
805
void
806
ieee80211_setupcurchan(struct ieee80211com *ic, struct ieee80211_channel *c)
807
{
808
	if (ic->ic_htcaps & IEEE80211_HTC_HT) {
809
		int flags = gethtadjustflags(ic);
810
		/*
811
		 * Check for channel promotion required to support the
812
		 * set of running vap's.  This assumes we are called
813
		 * after ni_chan is setup for each vap.
814
		 */
815
		/* XXX VHT? */
816
		/* NB: this assumes IEEE80211_FHT_USEHT40 > IEEE80211_FHT_HT */
817
		if (flags > ieee80211_htchanflags(c))
818
			c = ieee80211_ht_adjust_channel(ic, c, flags);
819
	}
820

821
	/*
822
	 * VHT promotion - this will at least promote to VHT20/40
823
	 * based on what HT has done; it may further promote the
824
	 * channel to VHT80 or above.
825
	 */
826
	if (ic->ic_vht_cap.vht_cap_info != 0) {
827
		int flags = getvhtadjustflags(ic);
828
		if (flags > ieee80211_vhtchanflags(c))
829
			c = ieee80211_vht_adjust_channel(ic, c, flags);
830
	}
831

832
	ic->ic_bsschan = ic->ic_curchan = c;
833
	ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan);
834
	ic->ic_rt = ieee80211_get_ratetable(ic->ic_curchan);
835
}
836

837
/*
838
 * Change the current channel.  The channel change is guaranteed to have
839
 * happened before the next state change.
840
 */
841
void
842
ieee80211_setcurchan(struct ieee80211com *ic, struct ieee80211_channel *c)
843
{
844
	ieee80211_setupcurchan(ic, c);
845
	ieee80211_runtask(ic, &ic->ic_chan_task);
846
}
847

848
void
849
ieee80211_update_chw(struct ieee80211com *ic)
850
{
851

852
	ieee80211_setupcurchan(ic, ic->ic_curchan);
853
	ieee80211_runtask(ic, &ic->ic_chw_task);
854
}
855

856
/*
857
 * Join the specified IBSS/BSS network.  The node is assumed to
858
 * be passed in with a held reference.
859
 */
860
static int
861
ieee80211_sta_join1(struct ieee80211_node *selbs)
862
{
863
	struct ieee80211vap *vap = selbs->ni_vap;
864
	struct ieee80211com *ic = selbs->ni_ic;
865
	struct ieee80211_node *obss;
866
	int canreassoc;
867

868
	/*
869
	 * Committed to selbs, setup state.
870
	 */
871
	IEEE80211_LOCK(ic);			/* XXX may recurse here, check callers. */
872
	obss = vap->iv_update_bss(vap, selbs);	/* NB: caller assumed to bump refcnt */
873
	IEEE80211_UNLOCK(ic);
874
	/*
875
	 * Check if old+new node have the same address in which
876
	 * case we can reassociate when operating in sta mode.
877
	 */
878
	/* XXX We'll not be in RUN anymore as iv_state got updated already? */
879
	canreassoc = (obss != NULL &&
880
		vap->iv_state == IEEE80211_S_RUN &&
881
		IEEE80211_ADDR_EQ(obss->ni_macaddr, selbs->ni_macaddr));
882
	if (obss != NULL) {
883
		struct ieee80211_node_table *nt = obss->ni_table;
884

885
		copy_bss(selbs, obss);
886
		if (nt != NULL) {
887
			ieee80211_node_decref(obss);	/* iv_bss reference */
888
			IEEE80211_NODE_LOCK(nt);
889
			node_reclaim(nt, obss);		/* station table reference */
890
			IEEE80211_NODE_UNLOCK(nt);
891
		} else {
892
			ieee80211_free_node(obss);	/* iv_bss reference */
893
		}
894

895
		obss = NULL;		/* NB: guard against later use */
896
	}
897

898
	/*
899
	 * Delete unusable rates; we've already checked
900
	 * that the negotiated rate set is acceptable.
901
	 */
902
	ieee80211_fix_rate(vap->iv_bss, &vap->iv_bss->ni_rates,
903
		IEEE80211_F_DODEL | IEEE80211_F_JOIN);
904

905
	ieee80211_setcurchan(ic, selbs->ni_chan);
906
	/*
907
	 * Set the erp state (mostly the slot time) to deal with
908
	 * the auto-select case; this should be redundant if the
909
	 * mode is locked.
910
	 */
911
	ieee80211_vap_reset_erp(vap);
912
	ieee80211_wme_initparams(vap);
913

914
	if (vap->iv_opmode == IEEE80211_M_STA) {
915
		if (canreassoc) {
916
			/* Reassociate */
917
			ieee80211_new_state(vap, IEEE80211_S_ASSOC, 1);
918
		} else {
919
			/*
920
			 * Act as if we received a DEAUTH frame in case we
921
			 * are invoked from the RUN state.  This will cause
922
			 * us to try to re-authenticate if we are operating
923
			 * as a station.
924
			 */
925
			IEEE80211_DPRINTF(vap, IEEE80211_MSG_AUTH,
926
			    "%s %p<%s> %s -> AUTH, FC0_SUBTYPE_DEAUTH\n",
927
			    __func__, selbs, ether_sprintf(selbs->ni_macaddr),
928
			    ieee80211_state_name[vap->iv_state]);
929
			ieee80211_new_state(vap, IEEE80211_S_AUTH,
930
				IEEE80211_FC0_SUBTYPE_DEAUTH);
931
		}
932
	} else
933
		ieee80211_new_state(vap, IEEE80211_S_RUN, -1);
934
	return 1;
935
}
936

937
int
938
ieee80211_sta_join(struct ieee80211vap *vap, struct ieee80211_channel *chan,
939
	const struct ieee80211_scan_entry *se)
940
{
941
	struct ieee80211com *ic = vap->iv_ic;
942
	struct ieee80211_node *ni;
943
	bool do_ht;
944

945
	ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr,
946
	    __func__, __LINE__);
947
	if (ni == NULL) {
948
		/* XXX msg */
949
		return 0;
950
	}
951

952
	/*
953
	 * Expand scan state into node's format.
954
	 * XXX may not need all this stuff
955
	 */
956
	IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid);
957
	ni->ni_esslen = se->se_ssid[1];
958
	memcpy(ni->ni_essid, se->se_ssid+2, ni->ni_esslen);
959
	ni->ni_tstamp.tsf = se->se_tstamp.tsf;
960
	ni->ni_intval = se->se_intval;
961
	ni->ni_capinfo = se->se_capinfo;
962
	ni->ni_chan = chan;
963
	ni->ni_timoff = se->se_timoff;
964
	ni->ni_fhdwell = se->se_fhdwell;
965
	ni->ni_fhindex = se->se_fhindex;
966
	ni->ni_erp = se->se_erp;
967
	IEEE80211_RSSI_LPF(ni->ni_avgrssi, se->se_rssi);
968
	ni->ni_noise = se->se_noise;
969
	if (vap->iv_opmode == IEEE80211_M_STA) {
970
		/* NB: only infrastructure mode requires an associd */
971
		ni->ni_flags |= IEEE80211_NODE_ASSOCID;
972
	}
973

974
	if (ieee80211_ies_init(&ni->ni_ies, se->se_ies.data, se->se_ies.len)) {
975
		ieee80211_ies_expand(&ni->ni_ies);
976
#ifdef IEEE80211_SUPPORT_SUPERG
977
		if (ni->ni_ies.ath_ie != NULL)
978
			ieee80211_parse_ath(ni, ni->ni_ies.ath_ie);
979
#endif
980
		if (ni->ni_ies.htcap_ie != NULL)
981
			ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie);
982
		if (ni->ni_ies.htinfo_ie != NULL)
983
			ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie);
984
#ifdef IEEE80211_SUPPORT_MESH
985
		if (ni->ni_ies.meshid_ie != NULL)
986
			ieee80211_parse_meshid(ni, ni->ni_ies.meshid_ie);
987
#endif
988
#ifdef IEEE80211_SUPPORT_TDMA
989
		if (ni->ni_ies.tdma_ie != NULL)
990
			ieee80211_parse_tdma(ni, ni->ni_ies.tdma_ie);
991
#endif
992
		if (ni->ni_ies.vhtcap_ie != NULL)
993
			ieee80211_parse_vhtcap(ni, ni->ni_ies.vhtcap_ie);
994
		if (ni->ni_ies.vhtopmode_ie != NULL)
995
			ieee80211_parse_vhtopmode(ni, ni->ni_ies.vhtopmode_ie);
996

997
		/* XXX parse BSSLOAD IE */
998
		/* XXX parse TXPWRENV IE */
999
		/* XXX parse APCHANREP IE */
1000
	}
1001

1002
	vap->iv_dtim_period = se->se_dtimperiod;
1003
	vap->iv_dtim_count = 0;
1004

1005
	/* NB: must be after ni_chan is setup */
1006
	ieee80211_setup_rates(ni, se->se_rates, se->se_xrates,
1007
		IEEE80211_F_DOSORT);
1008
	if (ieee80211_iserp_rateset(&ni->ni_rates))
1009
		ni->ni_flags |= IEEE80211_NODE_ERP;
1010

1011
	/*
1012
	 * Setup HT state for this node if it's available, otherwise
1013
	 * non-STA modes won't pick this state up.
1014
	 *
1015
	 * For IBSS and related modes that don't go through an
1016
	 * association request/response, the only appropriate place
1017
	 * to setup the HT state is here.
1018
	 */
1019
	do_ht = false;
1020
	if (ni->ni_ies.htinfo_ie != NULL &&
1021
	    ni->ni_ies.htcap_ie != NULL &&
1022
	    vap->iv_flags_ht & IEEE80211_FHT_HT) {
1023
		ieee80211_ht_node_init(ni);
1024
		ieee80211_ht_updateparams(ni,
1025
		    ni->ni_ies.htcap_ie,
1026
		    ni->ni_ies.htinfo_ie);
1027
		do_ht = true;
1028
	}
1029

1030
	/*
1031
	 * Setup VHT state for this node if it's available.
1032
	 * Same as the above.
1033
	 *
1034
	 * For now, don't allow 2GHz VHT operation.
1035
	 */
1036
	if (do_ht && ni->ni_ies.vhtopmode_ie != NULL &&
1037
	    ni->ni_ies.vhtcap_ie != NULL &&
1038
	    vap->iv_vht_flags & IEEE80211_FVHT_VHT) {
1039
		if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
1040
			net80211_vap_printf(ni->ni_vap,
1041
			    "%s: BSS %6D: 2GHz channel, VHT info; ignoring\n",
1042
			    __func__, ni->ni_macaddr, ":");
1043
		} else {
1044
			ieee80211_vht_node_init(ni);
1045
			ieee80211_vht_updateparams(ni,
1046
			    ni->ni_ies.vhtcap_ie,
1047
			    ni->ni_ies.vhtopmode_ie);
1048
			ieee80211_setup_vht_rates(ni);
1049
		}
1050
	}
1051

1052
	/* Finally do the node channel change */
1053
	if (do_ht) {
1054
		ieee80211_ht_updateparams_final(ni, ni->ni_ies.htcap_ie,
1055
		    ni->ni_ies.htinfo_ie);
1056
		ieee80211_setup_htrates(ni, ni->ni_ies.htcap_ie,
1057
		    IEEE80211_F_JOIN | IEEE80211_F_DOBRS);
1058
		ieee80211_setup_basic_htrates(ni, ni->ni_ies.htinfo_ie);
1059
	}
1060

1061
	/* XXX else check for ath FF? */
1062
	/* XXX QoS? Difficult given that WME config is specific to a master */
1063

1064
	ieee80211_node_setuptxparms(ni);
1065
	ieee80211_ratectl_node_init(ni);
1066

1067
	return ieee80211_sta_join1(ieee80211_ref_node(ni));
1068
}
1069

1070
/*
1071
 * Leave the specified IBSS/BSS network.  The node is assumed to
1072
 * be passed in with a held reference.
1073
 */
1074
void
1075
ieee80211_sta_leave(struct ieee80211_node *ni)
1076
{
1077
	struct ieee80211com *ic = ni->ni_ic;
1078

1079
	ic->ic_node_cleanup(ni);
1080
	ieee80211_notify_node_leave(ni);
1081
}
1082

1083
/*
1084
 * Send a deauthenticate frame and drop the station.
1085
 */
1086
void
1087
ieee80211_node_deauth(struct ieee80211_node *ni, int reason)
1088
{
1089
	/* NB: bump the refcnt to be sure temporary nodes are not reclaimed */
1090
	ieee80211_ref_node(ni);
1091
	if (ni->ni_associd != 0)
1092
		IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_DEAUTH, reason);
1093
	ieee80211_node_leave(ni);
1094
	ieee80211_free_node(ni);
1095
}
1096

1097
static struct ieee80211_node *
1098
node_alloc(struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN])
1099
{
1100
	struct ieee80211_node *ni;
1101

1102
	ni = (struct ieee80211_node *) IEEE80211_MALLOC(sizeof(struct ieee80211_node),
1103
		M_80211_NODE, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
1104
	return ni;
1105
}
1106

1107
static int
1108
node_init(struct ieee80211_node *ni)
1109
{
1110
	return 0;
1111
}
1112

1113
/*
1114
 * Initialize an ie blob with the specified data.  If previous
1115
 * data exists re-use the data block.  As a side effect we clear
1116
 * all references to specific ie's; the caller is required to
1117
 * recalculate them.
1118
 */
1119
int
1120
ieee80211_ies_init(struct ieee80211_ies *ies, const uint8_t *data, int len)
1121
{
1122
	/* NB: assumes data+len are the last fields */
1123
	memset(ies, 0, offsetof(struct ieee80211_ies, data));
1124
	if (ies->data != NULL && ies->len != len) {
1125
		/* data size changed */
1126
		IEEE80211_FREE(ies->data, M_80211_NODE_IE);
1127
		ies->data = NULL;
1128
	}
1129
	if (ies->data == NULL) {
1130
		ies->data = (uint8_t *) IEEE80211_MALLOC(len, M_80211_NODE_IE,
1131
		    IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
1132
		if (ies->data == NULL) {
1133
			ies->len = 0;
1134
			/* NB: pointers have already been zero'd above */
1135
			return 0;
1136
		}
1137
	}
1138
	memcpy(ies->data, data, len);
1139
	ies->len = len;
1140
	return 1;
1141
}
1142

1143
/*
1144
 * Reclaim storage for an ie blob.
1145
 */
1146
void
1147
ieee80211_ies_cleanup(struct ieee80211_ies *ies)
1148
{
1149
	if (ies->data != NULL)
1150
		IEEE80211_FREE(ies->data, M_80211_NODE_IE);
1151
}
1152

1153
/*
1154
 * Expand an ie blob data contents and to fillin individual
1155
 * ie pointers.  The data blob is assumed to be well-formed;
1156
 * we don't do any validity checking of ie lengths.
1157
 */
1158
void
1159
ieee80211_ies_expand(struct ieee80211_ies *ies)
1160
{
1161
	uint8_t *ie;
1162
	int ielen;
1163

1164
	ie = ies->data;
1165
	ielen = ies->len;
1166
	while (ielen > 1) {
1167
		/* Make sure the given IE length fits into the total length. */
1168
		if ((2 + ie[1]) > ielen) {
1169
			net80211_printf("%s: malformed IEs! ies %p { data %p len %d }: "
1170
			    "ie %u len 2+%u > total len left %d\n",
1171
			    __func__, ies, ies->data, ies->len,
1172
			    ie[0], ie[1], ielen);
1173
			return;
1174
		}
1175
		switch (ie[0]) {
1176
		case IEEE80211_ELEMID_VENDOR:
1177
			if (iswpaoui(ie))
1178
				ies->wpa_ie = ie;
1179
			else if (iswmeoui(ie))
1180
				ies->wme_ie = ie;
1181
#ifdef IEEE80211_SUPPORT_SUPERG
1182
			else if (isatherosoui(ie))
1183
				ies->ath_ie = ie;
1184
#endif
1185
#ifdef IEEE80211_SUPPORT_TDMA
1186
			else if (istdmaoui(ie))
1187
				ies->tdma_ie = ie;
1188
#endif
1189
			break;
1190
		case IEEE80211_ELEMID_RSN:
1191
			ies->rsn_ie = ie;
1192
			break;
1193
		case IEEE80211_ELEMID_HTCAP:
1194
			ies->htcap_ie = ie;
1195
			break;
1196
		case IEEE80211_ELEMID_HTINFO:
1197
			ies->htinfo_ie = ie;
1198
			break;
1199
#ifdef IEEE80211_SUPPORT_MESH
1200
		case IEEE80211_ELEMID_MESHID:
1201
			ies->meshid_ie = ie;
1202
			break;
1203
#endif
1204
		case IEEE80211_ELEMID_VHT_CAP:
1205
			ies->vhtcap_ie = ie;
1206
			break;
1207
		case IEEE80211_ELEMID_VHT_OPMODE:
1208
			ies->vhtopmode_ie = ie;
1209
			break;
1210
		case IEEE80211_ELEMID_VHT_PWR_ENV:
1211
			ies->vhtpwrenv_ie = ie;
1212
			break;
1213
		case IEEE80211_ELEMID_BSSLOAD:
1214
			ies->bssload_ie = ie;
1215
			break;
1216
		case IEEE80211_ELEMID_APCHANREP:
1217
			ies->apchanrep_ie = ie;
1218
			break;
1219
		}
1220
		ielen -= 2 + ie[1];
1221
		ie += 2 + ie[1];
1222
	}
1223
}
1224

1225
/*
1226
 * Reclaim any resources in a node and reset any critical
1227
 * state.  Typically nodes are free'd immediately after,
1228
 * but in some cases the storage may be reused so we need
1229
 * to insure consistent state (should probably fix that).
1230
 */
1231
static void
1232
node_cleanup(struct ieee80211_node *ni)
1233
{
1234
	struct ieee80211vap *vap = ni->ni_vap;
1235
	struct ieee80211com *ic = ni->ni_ic;
1236
	int i;
1237

1238
	/* NB: preserve ni_table */
1239
	if (ni->ni_flags & IEEE80211_NODE_PWR_MGT) {
1240
		if (vap->iv_opmode != IEEE80211_M_STA)
1241
			vap->iv_ps_sta--;
1242
		ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT;
1243
		IEEE80211_NOTE(vap, IEEE80211_MSG_POWER, ni,
1244
		    "power save mode off, %u sta's in ps mode", vap->iv_ps_sta);
1245
	}
1246
	/*
1247
	 * Cleanup any VHT and HT-related state.
1248
	 */
1249
	if (ni->ni_flags & IEEE80211_NODE_VHT)
1250
		ieee80211_vht_node_cleanup(ni);
1251
	if (ni->ni_flags & IEEE80211_NODE_HT)
1252
		ieee80211_ht_node_cleanup(ni);
1253
#ifdef IEEE80211_SUPPORT_SUPERG
1254
	/* Always do FF node cleanup; for A-MSDU */
1255
	ieee80211_ff_node_cleanup(ni);
1256
#endif
1257
#ifdef IEEE80211_SUPPORT_MESH
1258
	/*
1259
	 * Cleanup any mesh-related state.
1260
	 */
1261
	if (vap->iv_opmode == IEEE80211_M_MBSS)
1262
		ieee80211_mesh_node_cleanup(ni);
1263
#endif
1264
	/*
1265
	 * Clear any staging queue entries.
1266
	 */
1267
	ieee80211_ageq_drain_node(&ic->ic_stageq, ni);
1268

1269
	/*
1270
	 * Clear AREF flag that marks the authorization refcnt bump
1271
	 * has happened.  This is probably not needed as the node
1272
	 * should always be removed from the table so not found but
1273
	 * do it just in case.
1274
	 * Likewise clear the ASSOCID flag as these flags are intended
1275
	 * to be managed in tandem.
1276
	 */
1277
	ni->ni_flags &= ~(IEEE80211_NODE_AREF | IEEE80211_NODE_ASSOCID);
1278

1279
	/*
1280
	 * Drain power save queue and, if needed, clear TIM.
1281
	 */
1282
	if (ieee80211_node_psq_drain(ni) != 0 && vap->iv_set_tim != NULL)
1283
		vap->iv_set_tim(ni, 0);
1284

1285
	ni->ni_associd = 0;
1286
	if (ni->ni_challenge != NULL) {
1287
		IEEE80211_FREE(ni->ni_challenge, M_80211_NODE);
1288
		ni->ni_challenge = NULL;
1289
	}
1290
	/*
1291
	 * Preserve SSID, WPA, and WME ie's so the bss node is
1292
	 * reusable during a re-auth/re-assoc state transition.
1293
	 * If we remove these data they will not be recreated
1294
	 * because they come from a probe-response or beacon frame
1295
	 * which cannot be expected prior to the association-response.
1296
	 * This should not be an issue when operating in other modes
1297
	 * as stations leaving always go through a full state transition
1298
	 * which will rebuild this state.
1299
	 *
1300
	 * XXX does this leave us open to inheriting old state?
1301
	 */
1302
	for (i = 0; i < nitems(ni->ni_rxfrag); i++)
1303
		if (ni->ni_rxfrag[i] != NULL) {
1304
			m_freem(ni->ni_rxfrag[i]);
1305
			ni->ni_rxfrag[i] = NULL;
1306
		}
1307
	/*
1308
	 * Must be careful here to remove any key map entry w/o a LOR.
1309
	 */
1310
	ieee80211_node_delucastkey(ni);
1311
}
1312

1313
static void
1314
node_free(struct ieee80211_node *ni)
1315
{
1316
	struct ieee80211com *ic = ni->ni_ic;
1317

1318
	ieee80211_ratectl_node_deinit(ni);
1319
	ic->ic_node_cleanup(ni);
1320
	ieee80211_ies_cleanup(&ni->ni_ies);
1321
	ieee80211_psq_cleanup(&ni->ni_psq);
1322
	IEEE80211_FREE(ni, M_80211_NODE);
1323
}
1324

1325
static void
1326
node_age(struct ieee80211_node *ni)
1327
{
1328
	struct ieee80211vap *vap = ni->ni_vap;
1329

1330
	/*
1331
	 * Age frames on the power save queue.
1332
	 */
1333
	if (ieee80211_node_psq_age(ni) != 0 &&
1334
	    ni->ni_psq.psq_len == 0 && vap->iv_set_tim != NULL)
1335
		vap->iv_set_tim(ni, 0);
1336
	/*
1337
	 * Age out HT resources (e.g. frames on the
1338
	 * A-MPDU reorder queues).
1339
	 */
1340
	if (ni->ni_associd != 0 && (ni->ni_flags & IEEE80211_NODE_HT))
1341
		ieee80211_ht_node_age(ni);
1342
}
1343

1344
static int8_t
1345
node_getrssi(const struct ieee80211_node *ni)
1346
{
1347
	uint32_t avgrssi = ni->ni_avgrssi;
1348
	int32_t rssi;
1349

1350
	if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER)
1351
		return 0;
1352
	rssi = IEEE80211_RSSI_GET(avgrssi);
1353
	return rssi < 0 ? 0 : rssi > 127 ? 127 : rssi;
1354
}
1355

1356
static void
1357
node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise)
1358
{
1359
	*rssi = node_getrssi(ni);
1360
	*noise = ni->ni_noise;
1361
}
1362

1363
static void
1364
node_getmimoinfo(const struct ieee80211_node *ni,
1365
	struct ieee80211_mimo_info *info)
1366
{
1367
	int i;
1368
	uint32_t avgrssi;
1369
	int32_t rssi;
1370

1371
	bzero(info, sizeof(*info));
1372

1373
	for (i = 0; i < MIN(IEEE80211_MAX_CHAINS, ni->ni_mimo_chains); i++) {
1374
		/* Note: for now, just pri20 channel info */
1375
		avgrssi = ni->ni_mimo_rssi_ctl[i];
1376
		if (avgrssi == IEEE80211_RSSI_DUMMY_MARKER) {
1377
			info->ch[i].rssi[0] = 0;
1378
		} else {
1379
			rssi = IEEE80211_RSSI_GET(avgrssi);
1380
			info->ch[i].rssi[0] = rssi < 0 ? 0 : rssi > 127 ? 127 : rssi;
1381
		}
1382
		info->ch[i].noise[0] = ni->ni_mimo_noise_ctl[i];
1383
	}
1384

1385
	/* XXX ext radios? */
1386

1387
	/* XXX EVM? */
1388
}
1389

1390
static void
1391
ieee80211_add_node_nt(struct ieee80211_node_table *nt,
1392
    struct ieee80211_node *ni)
1393
{
1394
	struct ieee80211com *ic = nt->nt_ic;
1395
	int hash;
1396

1397
	IEEE80211_NODE_LOCK_ASSERT(nt);
1398

1399
	hash = IEEE80211_NODE_HASH(ic, ni->ni_macaddr);
1400
	(void) ic;	/* XXX IEEE80211_NODE_HASH */
1401
	TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list);
1402
	LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash);
1403
	nt->nt_count++;
1404
	ni->ni_table = nt;
1405
}
1406

1407
static void
1408
ieee80211_del_node_nt(struct ieee80211_node_table *nt,
1409
    struct ieee80211_node *ni)
1410
{
1411

1412
	IEEE80211_NODE_LOCK_ASSERT(nt);
1413

1414
	TAILQ_REMOVE(&nt->nt_node, ni, ni_list);
1415
	LIST_REMOVE(ni, ni_hash);
1416
	nt->nt_count--;
1417
	KASSERT(nt->nt_count >= 0,
1418
	    ("nt_count is negative (%d)!\n", nt->nt_count));
1419
	ni->ni_table = NULL;
1420
}
1421

1422
static struct ieee80211_node *
1423
ieee80211_alloc_node(struct ieee80211_node_table *nt,
1424
	struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN],
1425
	const char *func __debrefcnt_used, int line __debrefcnt_used)
1426
{
1427
	struct ieee80211com *ic = nt->nt_ic;
1428
	struct ieee80211_node *ni;
1429

1430
	ni = ic->ic_node_alloc(vap, macaddr);
1431
	if (ni == NULL) {
1432
		vap->iv_stats.is_rx_nodealloc++;
1433
		return NULL;
1434
	}
1435

1436
	IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1437
		"%s %p<%s> in %s table\n", __func__, ni,
1438
		ether_sprintf(macaddr), nt->nt_name);
1439

1440
	IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
1441
	ieee80211_node_initref(ni);		/* mark referenced */
1442
#ifdef IEEE80211_DEBUG_REFCNT
1443
	IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1444
	    "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni,
1445
	    ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni));
1446
#endif
1447
	ni->ni_chan = IEEE80211_CHAN_ANYC;
1448
	ni->ni_authmode = IEEE80211_AUTH_OPEN;
1449
	ni->ni_txpower = ic->ic_txpowlimit;	/* max power */
1450
	ni->ni_txparms = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
1451
	ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE);
1452
	ni->ni_avgrssi = IEEE80211_RSSI_DUMMY_MARKER;
1453
	ni->ni_inact_reload = nt->nt_inact_init;
1454
	ni->ni_inact = ni->ni_inact_reload;
1455
	ni->ni_ath_defkeyix = 0x7fff;
1456
	ieee80211_psq_init(&ni->ni_psq, "unknown");
1457
#ifdef IEEE80211_SUPPORT_MESH
1458
	if (vap->iv_opmode == IEEE80211_M_MBSS)
1459
		ieee80211_mesh_node_init(vap, ni);
1460
#endif
1461
	IEEE80211_NODE_LOCK(nt);
1462
	ieee80211_add_node_nt(nt, ni);
1463
	ni->ni_vap = vap;
1464
	ni->ni_ic = ic;
1465
	IEEE80211_NODE_UNLOCK(nt);
1466

1467
	/* handle failure; free node state */
1468
	if (ic->ic_node_init(ni) != 0) {
1469
		vap->iv_stats.is_rx_nodealloc++;
1470
		ieee80211_psq_cleanup(&ni->ni_psq);
1471
		ieee80211_ratectl_node_deinit(ni);
1472
		__ieee80211_free_node(ni);
1473
		return NULL;
1474
	}
1475

1476
	IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni,
1477
	    "%s: inact_reload %u", __func__, ni->ni_inact_reload);
1478

1479
	return ni;
1480
}
1481

1482
/*
1483
 * Craft a temporary node suitable for sending a management frame
1484
 * to the specified station.  We craft only as much state as we
1485
 * need to do the work since the node will be immediately reclaimed
1486
 * once the send completes.
1487
 */
1488
struct ieee80211_node *
1489
ieee80211_tmp_node(struct ieee80211vap *vap,
1490
	const uint8_t macaddr[IEEE80211_ADDR_LEN])
1491
{
1492
	struct ieee80211com *ic = vap->iv_ic;
1493
	struct ieee80211_node *ni;
1494

1495
	ni = ic->ic_node_alloc(vap, macaddr);
1496
	if (ni != NULL) {
1497
		struct ieee80211_node *bss = vap->iv_bss;
1498

1499
		IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1500
			"%s %p<%s>\n", __func__, ni, ether_sprintf(macaddr));
1501

1502
		ni->ni_table = NULL;		/* NB: pedantic */
1503
		ni->ni_ic = ic;			/* NB: needed to set channel */
1504
		ni->ni_vap = vap;
1505

1506
		IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
1507
		IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid);
1508
		ieee80211_node_initref(ni);		/* mark referenced */
1509
#ifdef IEEE80211_DEBUG_REFCNT
1510
		/* Only one caller so we skip func/line passing into the func. */
1511
		IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
1512
		    "%s (%s:%u) %p<%s> refcnt %d\n", __func__, "", -1, ni,
1513
		    ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni));
1514
#endif
1515
		/* NB: required by ieee80211_fix_rate */
1516
		ieee80211_node_set_chan(ni, bss->ni_chan);
1517
		ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey,
1518
			IEEE80211_KEYIX_NONE);
1519
		ni->ni_txpower = bss->ni_txpower;
1520
		/* XXX optimize away */
1521
		ieee80211_psq_init(&ni->ni_psq, "unknown");
1522

1523
		ieee80211_ratectl_node_init(ni);
1524

1525
		/* handle failure; free node state */
1526
		if (ic->ic_node_init(ni) != 0) {
1527
			vap->iv_stats.is_rx_nodealloc++;
1528
			ieee80211_psq_cleanup(&ni->ni_psq);
1529
			ieee80211_ratectl_node_deinit(ni);
1530
			__ieee80211_free_node(ni);
1531
			return NULL;
1532
		}
1533

1534
	} else {
1535
		/* XXX msg */
1536
		vap->iv_stats.is_rx_nodealloc++;
1537
	}
1538
	return ni;
1539
}
1540

1541
struct ieee80211_node *
1542
ieee80211_dup_bss(struct ieee80211vap *vap,
1543
	const uint8_t macaddr[IEEE80211_ADDR_LEN])
1544
{
1545
	struct ieee80211com *ic = vap->iv_ic;
1546
	struct ieee80211_node *ni;
1547

1548
	ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr, __func__, __LINE__);
1549
	if (ni != NULL) {
1550
		struct ieee80211_node *bss = vap->iv_bss;
1551
		/*
1552
		 * Inherit from iv_bss.
1553
		 */
1554
		copy_bss(ni, bss);
1555
		IEEE80211_ADDR_COPY(ni->ni_bssid, bss->ni_bssid);
1556
		ieee80211_node_set_chan(ni, bss->ni_chan);
1557
	}
1558
	return ni;
1559
}
1560

1561
/*
1562
 * Create a bss node for a legacy WDS vap.  The far end does
1563
 * not associate so we just create create a new node and
1564
 * simulate an association.  The caller is responsible for
1565
 * installing the node as the bss node and handling any further
1566
 * setup work like authorizing the port.
1567
 */
1568
struct ieee80211_node *
1569
ieee80211_node_create_wds(struct ieee80211vap *vap,
1570
	const uint8_t bssid[IEEE80211_ADDR_LEN], struct ieee80211_channel *chan)
1571
{
1572
	struct ieee80211com *ic = vap->iv_ic;
1573
	struct ieee80211_node *ni;
1574

1575
	/* XXX check if node already in sta table? */
1576
	ni = ieee80211_alloc_node(&ic->ic_sta, vap, bssid, __func__, __LINE__);
1577
	if (ni != NULL) {
1578
		ni->ni_wdsvap = vap;
1579
		IEEE80211_ADDR_COPY(ni->ni_bssid, bssid);
1580
		/*
1581
		 * Inherit any manually configured settings.
1582
		 */
1583
		copy_bss(ni, vap->iv_bss);
1584
		ieee80211_node_set_chan(ni, chan);
1585
		/* NB: propagate ssid so available to WPA supplicant */
1586
		ni->ni_esslen = vap->iv_des_ssid[0].len;
1587
		memcpy(ni->ni_essid, vap->iv_des_ssid[0].ssid, ni->ni_esslen);
1588
		/* NB: no associd for peer */
1589
		/*
1590
		 * There are no management frames to use to
1591
		 * discover neighbor capabilities, so blindly
1592
		 * propagate the local configuration.
1593
		 */
1594
		if (vap->iv_flags & IEEE80211_F_WME)
1595
			ni->ni_flags |= IEEE80211_NODE_QOS;
1596
#ifdef IEEE80211_SUPPORT_SUPERG
1597
		if (vap->iv_flags & IEEE80211_F_FF)
1598
			ni->ni_flags |= IEEE80211_NODE_FF;
1599
#endif
1600
		/* XXX VHT */
1601
		if ((ic->ic_htcaps & IEEE80211_HTC_HT) &&
1602
		    (vap->iv_flags_ht & IEEE80211_FHT_HT)) {
1603
			/*
1604
			 * Device is HT-capable and HT is enabled for
1605
			 * the vap; setup HT operation.  On return
1606
			 * ni_chan will be adjusted to an HT channel.
1607
			 */
1608
			ieee80211_ht_wds_init(ni);
1609
			if (vap->iv_vht_flags & IEEE80211_FVHT_VHT) {
1610
				net80211_vap_printf(vap,
1611
				    "%s: TODO: vht_wds_init\n", __func__);
1612
			}
1613
		} else {
1614
			struct ieee80211_channel *c = ni->ni_chan;
1615
			/*
1616
			 * Force a legacy channel to be used.
1617
			 */
1618
			c = ieee80211_find_channel(ic,
1619
			    c->ic_freq, c->ic_flags &~ IEEE80211_CHAN_HT);
1620
			KASSERT(c != NULL, ("no legacy channel, %u/%x",
1621
			    ni->ni_chan->ic_freq, ni->ni_chan->ic_flags));
1622
			ni->ni_chan = c;
1623
		}
1624
	}
1625
	return ni;
1626
}
1627

1628
struct ieee80211_node *
1629
_ieee80211_find_node_locked(struct ieee80211_node_table *nt,
1630
    const uint8_t macaddr[IEEE80211_ADDR_LEN],
1631
    const char *func __debrefcnt_used, int line __debrefcnt_used)
1632
{
1633
	struct ieee80211_node *ni;
1634
	int hash;
1635

1636
	IEEE80211_NODE_LOCK_ASSERT(nt);
1637

1638
	hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr);
1639
	LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) {
1640
		if (IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) {
1641
			ieee80211_ref_node(ni);	/* mark referenced */
1642
#ifdef IEEE80211_DEBUG_REFCNT
1643
			IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1644
			    "%s (%s:%u) %p<%s> refcnt %d\n", __func__,
1645
			    func, line,
1646
			    ni, ether_sprintf(ni->ni_macaddr),
1647
			    ieee80211_node_refcnt(ni));
1648
#endif
1649
			return ni;
1650
		}
1651
	}
1652
	return NULL;
1653
}
1654

1655
struct ieee80211_node *
1656
_ieee80211_find_node(struct ieee80211_node_table *nt,
1657
    const uint8_t macaddr[IEEE80211_ADDR_LEN],
1658
    const char *func __debrefcnt_used, int line __debrefcnt_used)
1659
{
1660
	struct ieee80211_node *ni;
1661

1662
	IEEE80211_NODE_LOCK(nt);
1663
	ni = _ieee80211_find_node_locked(nt, macaddr, func, line);
1664
	IEEE80211_NODE_UNLOCK(nt);
1665
	return ni;
1666
}
1667

1668
struct ieee80211_node *
1669
_ieee80211_find_vap_node_locked(struct ieee80211_node_table *nt,
1670
    const struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN],
1671
    const char *func __debrefcnt_used, int line __debrefcnt_used)
1672
{
1673
	struct ieee80211_node *ni;
1674
	int hash;
1675

1676
	IEEE80211_NODE_LOCK_ASSERT(nt);
1677

1678
	hash = IEEE80211_NODE_HASH(nt->nt_ic, macaddr);
1679
	LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) {
1680
		if (ni->ni_vap == vap &&
1681
		    IEEE80211_ADDR_EQ(ni->ni_macaddr, macaddr)) {
1682
			ieee80211_ref_node(ni);	/* mark referenced */
1683
#ifdef IEEE80211_DEBUG_REFCNT
1684
			IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
1685
			    "%s (%s:%u) %p<%s> refcnt %d\n", __func__,
1686
			    func, line,
1687
			    ni, ether_sprintf(ni->ni_macaddr),
1688
			    ieee80211_node_refcnt(ni));
1689
#endif
1690
			return ni;
1691
		}
1692
	}
1693
	return NULL;
1694
}
1695

1696
struct ieee80211_node *
1697
_ieee80211_find_vap_node(struct ieee80211_node_table *nt,
1698
    const struct ieee80211vap *vap, const uint8_t macaddr[IEEE80211_ADDR_LEN],
1699
    const char *func __debrefcnt_used, int line __debrefcnt_used)
1700
{
1701
	struct ieee80211_node *ni;
1702

1703
	IEEE80211_NODE_LOCK(nt);
1704
	ni = _ieee80211_find_vap_node_locked(nt, vap, macaddr, func, line);
1705
	IEEE80211_NODE_UNLOCK(nt);
1706
	return ni;
1707
}
1708

1709
/*
1710
 * Fake up a node; this handles node discovery in adhoc mode.
1711
 * Note that for the driver's benefit we treat this like
1712
 * an association so the driver has an opportunity to setup
1713
 * it's private state.
1714
 */
1715
struct ieee80211_node *
1716
ieee80211_fakeup_adhoc_node(struct ieee80211vap *vap,
1717
	const uint8_t macaddr[IEEE80211_ADDR_LEN])
1718
{
1719
	struct ieee80211_node *ni;
1720

1721
	IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE | IEEE80211_MSG_ASSOC,
1722
	    "%s: mac<%s>\n", __func__, ether_sprintf(macaddr));
1723
	ni = ieee80211_dup_bss(vap, macaddr);
1724
	if (ni != NULL) {
1725
		struct ieee80211com *ic = vap->iv_ic;
1726

1727
		/* XXX no rate negotiation; just dup */
1728
		ni->ni_rates = vap->iv_bss->ni_rates;
1729
		if (ieee80211_iserp_rateset(&ni->ni_rates))
1730
			ni->ni_flags |= IEEE80211_NODE_ERP;
1731
		if (vap->iv_opmode == IEEE80211_M_AHDEMO) {
1732
			/*
1733
			 * In adhoc demo mode there are no management
1734
			 * frames to use to discover neighbor capabilities,
1735
			 * so blindly propagate the local configuration
1736
			 * so we can do interesting things (e.g. use
1737
			 * WME to disable ACK's).
1738
			 */
1739
			/*
1740
			 * XXX TODO: 11n?
1741
			 */
1742
			if (vap->iv_flags & IEEE80211_F_WME)
1743
				ni->ni_flags |= IEEE80211_NODE_QOS;
1744
#ifdef IEEE80211_SUPPORT_SUPERG
1745
			if (vap->iv_flags & IEEE80211_F_FF)
1746
				ni->ni_flags |= IEEE80211_NODE_FF;
1747
#endif
1748
		}
1749
		ieee80211_node_setuptxparms(ni);
1750
		ieee80211_ratectl_node_init(ni);
1751

1752
		/*
1753
		 * XXX TODO: 11n? At least 20MHz, at least A-MPDU RX,
1754
		 * not A-MPDU TX; not 11n rates, etc.  We'll cycle
1755
		 * that after we hear that we can indeed do 11n
1756
		 * (either by a beacon frame or by a probe response.)
1757
		 */
1758

1759
		/*
1760
		 * This is the first time we see the node.
1761
		 */
1762
		if (ic->ic_newassoc != NULL)
1763
			ic->ic_newassoc(ni, 1);
1764

1765
		/*
1766
		 * Kick off a probe request to the given node;
1767
		 * we will then use the probe response to update
1768
		 * 11n/etc configuration state.
1769
		 *
1770
		 * XXX TODO: this isn't guaranteed, and until we get
1771
		 * a probe response, we won't be able to actually
1772
		 * do anything 802.11n related to the node.
1773
		 * So if this does indeed work, maybe we should hold
1774
		 * off on sending responses until we get the probe
1775
		 * response, or just default to some sensible subset
1776
		 * of 802.11n behaviour (eg always allow aggregation
1777
		 * negotiation TO us, but not FROM us, etc) so we
1778
		 * aren't entirely busted.
1779
		 */
1780
		if (vap->iv_opmode == IEEE80211_M_IBSS) {
1781
			ieee80211_send_probereq(ni, /* node */
1782
				vap->iv_myaddr, /* SA */
1783
				ni->ni_macaddr, /* DA */
1784
				vap->iv_bss->ni_bssid, /* BSSID */
1785
				vap->iv_bss->ni_essid,
1786
				vap->iv_bss->ni_esslen); /* SSID */
1787
		}
1788

1789
		/* XXX not right for 802.1x/WPA */
1790
		ieee80211_node_authorize(ni);
1791
	}
1792
	return ni;
1793
}
1794

1795
void
1796
ieee80211_init_neighbor(struct ieee80211_node *ni,
1797
	const struct ieee80211_frame *wh,
1798
	const struct ieee80211_scanparams *sp)
1799
{
1800
	int do_ht_setup = 0, do_vht_setup = 0;
1801

1802
	ni->ni_esslen = sp->ssid[1];
1803
	memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]);
1804
	IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3);
1805
	memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp));
1806
	ni->ni_intval = sp->bintval;
1807
	ni->ni_capinfo = sp->capinfo;
1808
	ni->ni_chan = ni->ni_ic->ic_curchan;
1809
	ni->ni_fhdwell = sp->fhdwell;
1810
	ni->ni_fhindex = sp->fhindex;
1811
	ni->ni_erp = sp->erp;
1812
	ni->ni_timoff = sp->timoff;
1813
#ifdef IEEE80211_SUPPORT_MESH
1814
	if (ni->ni_vap->iv_opmode == IEEE80211_M_MBSS)
1815
		ieee80211_mesh_init_neighbor(ni, wh, sp);
1816
#endif
1817
	if (ieee80211_ies_init(&ni->ni_ies, sp->ies, sp->ies_len)) {
1818
		ieee80211_ies_expand(&ni->ni_ies);
1819
		if (ni->ni_ies.wme_ie != NULL)
1820
			ni->ni_flags |= IEEE80211_NODE_QOS;
1821
		else
1822
			ni->ni_flags &= ~IEEE80211_NODE_QOS;
1823
#ifdef IEEE80211_SUPPORT_SUPERG
1824
		if (ni->ni_ies.ath_ie != NULL)
1825
			ieee80211_parse_ath(ni, ni->ni_ies.ath_ie);
1826
#endif
1827
		if (ni->ni_ies.htcap_ie != NULL)
1828
			ieee80211_parse_htcap(ni, ni->ni_ies.htcap_ie);
1829
		if (ni->ni_ies.htinfo_ie != NULL)
1830
			ieee80211_parse_htinfo(ni, ni->ni_ies.htinfo_ie);
1831

1832
		if (ni->ni_ies.vhtcap_ie != NULL)
1833
			ieee80211_parse_vhtcap(ni, ni->ni_ies.vhtcap_ie);
1834
		if (ni->ni_ies.vhtopmode_ie != NULL)
1835
			ieee80211_parse_vhtopmode(ni, ni->ni_ies.vhtopmode_ie);
1836

1837
		if ((ni->ni_ies.htcap_ie != NULL) &&
1838
		    (ni->ni_ies.htinfo_ie != NULL) &&
1839
		    (ni->ni_vap->iv_flags_ht & IEEE80211_FHT_HT)) {
1840
			do_ht_setup = 1;
1841
		}
1842

1843
		if ((ni->ni_ies.vhtcap_ie != NULL) &&
1844
		    (ni->ni_ies.vhtopmode_ie != NULL) &&
1845
		    (ni->ni_vap->iv_vht_flags & IEEE80211_FVHT_VHT)) {
1846
			do_vht_setup = 1;
1847
		}
1848
	}
1849

1850
	/* NB: must be after ni_chan is setup */
1851
	ieee80211_setup_rates(ni, sp->rates, sp->xrates,
1852
		IEEE80211_F_DOSORT | IEEE80211_F_DOFRATE |
1853
		IEEE80211_F_DONEGO | IEEE80211_F_DODEL);
1854

1855
	/*
1856
	 * If the neighbor is HT compatible, flip that on.
1857
	 */
1858
	if (do_ht_setup) {
1859
		IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC,
1860
		    "%s: doing HT setup\n", __func__);
1861
		ieee80211_ht_node_init(ni);
1862
		ieee80211_ht_updateparams(ni,
1863
		    ni->ni_ies.htcap_ie,
1864
		    ni->ni_ies.htinfo_ie);
1865

1866
		if (do_vht_setup) {
1867
			if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
1868
				net80211_vap_printf(ni->ni_vap,
1869
				    "%s: BSS %6D: 2GHz channel, VHT info; ignoring\n",
1870
				    __func__, ni->ni_macaddr, ":");
1871
			} else {
1872
				ieee80211_vht_node_init(ni);
1873
				ieee80211_vht_updateparams(ni,
1874
				    ni->ni_ies.vhtcap_ie,
1875
				    ni->ni_ies.vhtopmode_ie);
1876
				ieee80211_setup_vht_rates(ni);
1877
			}
1878
		}
1879

1880
		/*
1881
		 * Finally do the channel upgrade/change based
1882
		 * on the HT/VHT configuration.
1883
		 */
1884
		ieee80211_ht_updateparams_final(ni, ni->ni_ies.htcap_ie,
1885
		    ni->ni_ies.htinfo_ie);
1886
		ieee80211_setup_htrates(ni,
1887
		    ni->ni_ies.htcap_ie,
1888
		    IEEE80211_F_JOIN | IEEE80211_F_DOBRS);
1889
		ieee80211_setup_basic_htrates(ni,
1890
		    ni->ni_ies.htinfo_ie);
1891

1892
		ieee80211_node_setuptxparms(ni);
1893
		ieee80211_ratectl_node_init(ni);
1894

1895
		/* Reassociate; we're now 11n/11ac */
1896
		/*
1897
		 * XXX TODO: this is the wrong thing to do -
1898
		 * we're calling it with isnew=1 so the ath(4)
1899
		 * driver reinitialises the rate tables.
1900
		 * This "mostly" works for ath(4), but it won't
1901
		 * be right for firmware devices which allocate
1902
		 * node states.
1903
		 *
1904
		 * So, do we just create a new node and delete
1905
		 * the old one? Or?
1906
		 */
1907
		if (ni->ni_ic->ic_newassoc)
1908
			ni->ni_ic->ic_newassoc(ni, 1);
1909
	}
1910
}
1911

1912
/*
1913
 * Do node discovery in adhoc mode on receipt of a beacon
1914
 * or probe response frame.  Note that for the driver's
1915
 * benefit we treat this like an association so the
1916
 * driver has an opportunity to setup it's private state.
1917
 */
1918
struct ieee80211_node *
1919
ieee80211_add_neighbor(struct ieee80211vap *vap,
1920
	const struct ieee80211_frame *wh,
1921
	const struct ieee80211_scanparams *sp)
1922
{
1923
	struct ieee80211_node *ni;
1924

1925
	IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
1926
	    "%s: mac<%s>\n", __func__, ether_sprintf(wh->i_addr2));
1927
	ni = ieee80211_dup_bss(vap, wh->i_addr2);/* XXX alloc_node? */
1928
	if (ni != NULL) {
1929
		struct ieee80211com *ic = vap->iv_ic;
1930

1931
		ieee80211_init_neighbor(ni, wh, sp);
1932
		if (ieee80211_iserp_rateset(&ni->ni_rates))
1933
			ni->ni_flags |= IEEE80211_NODE_ERP;
1934
		ieee80211_node_setuptxparms(ni);
1935
		ieee80211_ratectl_node_init(ni);
1936
		if (ic->ic_newassoc != NULL)
1937
			ic->ic_newassoc(ni, 1);
1938
		/* XXX not right for 802.1x/WPA */
1939
		ieee80211_node_authorize(ni);
1940
	}
1941
	return ni;
1942
}
1943

1944
#define	IS_PROBEREQ(wh) \
1945
	((wh->i_fc[0] & (IEEE80211_FC0_TYPE_MASK|IEEE80211_FC0_SUBTYPE_MASK)) \
1946
	    == (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_REQ))
1947
#define	IS_BCAST_PROBEREQ(wh) \
1948
	(IS_PROBEREQ(wh) && IEEE80211_IS_MULTICAST( \
1949
	    ((const struct ieee80211_frame *)(wh))->i_addr3))
1950

1951
static __inline struct ieee80211_node *
1952
_find_rxnode(struct ieee80211_node_table *nt,
1953
    const struct ieee80211_frame_min *wh,
1954
    const char *func __debrefcnt_used, int line __debrefcnt_used)
1955
{
1956
	if (IS_BCAST_PROBEREQ(wh))
1957
		return NULL;		/* spam bcast probe req to all vap's */
1958
	return _ieee80211_find_node_locked(nt, wh->i_addr2, func, line);
1959
}
1960

1961
/*
1962
 * Locate the node for sender, track state, and then pass the
1963
 * (referenced) node up to the 802.11 layer for its use.  Note
1964
 * we can return NULL if the sender is not in the table.
1965
 */
1966
struct ieee80211_node *
1967
_ieee80211_find_rxnode(struct ieee80211com *ic,
1968
    const struct ieee80211_frame_min *wh,
1969
    const char *func __debrefcnt_used, int line __debrefcnt_used)
1970
{
1971
	struct ieee80211_node_table *nt;
1972
	struct ieee80211_node *ni;
1973

1974
	nt = &ic->ic_sta;
1975
	IEEE80211_NODE_LOCK(nt);
1976
	ni = _find_rxnode(nt, wh, func, line);
1977
	IEEE80211_NODE_UNLOCK(nt);
1978

1979
	return ni;
1980
}
1981

1982
/*
1983
 * Like ieee80211_find_rxnode but use the supplied h/w
1984
 * key index as a hint to locate the node in the key
1985
 * mapping table.  If an entry is present at the key
1986
 * index we return it; otherwise do a normal lookup and
1987
 * update the mapping table if the station has a unicast
1988
 * key assigned to it.
1989
 */
1990
struct ieee80211_node *
1991
_ieee80211_find_rxnode_withkey(struct ieee80211com *ic,
1992
    const struct ieee80211_frame_min *wh, ieee80211_keyix keyix,
1993
    const char *func __debrefcnt_used, int line __debrefcnt_used)
1994
{
1995
	struct ieee80211_node_table *nt;
1996
	struct ieee80211_node *ni;
1997

1998
	nt = &ic->ic_sta;
1999
	IEEE80211_NODE_LOCK(nt);
2000
	if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax)
2001
		ni = nt->nt_keyixmap[keyix];
2002
	else
2003
		ni = NULL;
2004
	if (ni == NULL) {
2005
		ni = _find_rxnode(nt, wh, func, line);
2006
		if (ni != NULL && nt->nt_keyixmap != NULL) {
2007
			/*
2008
			 * If the station has a unicast key cache slot
2009
			 * assigned update the key->node mapping table.
2010
			 */
2011
			keyix = ni->ni_ucastkey.wk_rxkeyix;
2012
			/* XXX can keyixmap[keyix] != NULL? */
2013
			if (keyix < nt->nt_keyixmax &&
2014
			    nt->nt_keyixmap[keyix] == NULL) {
2015
				IEEE80211_DPRINTF(ni->ni_vap,
2016
				    IEEE80211_MSG_NODE,
2017
				    "%s: add key map entry %p<%s> refcnt %d\n",
2018
				    __func__, ni, ether_sprintf(ni->ni_macaddr),
2019
				    ieee80211_node_refcnt(ni)+1);
2020
				nt->nt_keyixmap[keyix] = ieee80211_ref_node(ni);
2021
			}
2022
		}
2023
	} else {
2024
		if (IS_BCAST_PROBEREQ(wh))
2025
			ni = NULL;	/* spam bcast probe req to all vap's */
2026
		else
2027
			ieee80211_ref_node(ni);
2028
	}
2029
	IEEE80211_NODE_UNLOCK(nt);
2030

2031
	return ni;
2032
}
2033
#undef IS_BCAST_PROBEREQ
2034
#undef IS_PROBEREQ
2035

2036
/*
2037
 * Return a reference to the appropriate node for sending
2038
 * a data frame.  This handles node discovery in adhoc networks.
2039
 */
2040
struct ieee80211_node *
2041
_ieee80211_find_txnode(struct ieee80211vap *vap,
2042
    const uint8_t macaddr[IEEE80211_ADDR_LEN],
2043
    const char *func __debrefcnt_used, int line __debrefcnt_used)
2044
{
2045
	struct ieee80211_node_table *nt = &vap->iv_ic->ic_sta;
2046
	struct ieee80211_node *ni;
2047

2048
	/*
2049
	 * The destination address should be in the node table
2050
	 * unless this is a multicast/broadcast frame.  We can
2051
	 * also optimize station mode operation, all frames go
2052
	 * to the bss node.
2053
	 */
2054
	/* XXX can't hold lock across dup_bss 'cuz of recursive locking */
2055
	IEEE80211_NODE_LOCK(nt);
2056
	if (vap->iv_opmode == IEEE80211_M_STA ||
2057
	    vap->iv_opmode == IEEE80211_M_WDS ||
2058
	    IEEE80211_IS_MULTICAST(macaddr))
2059
		ni = ieee80211_ref_node(vap->iv_bss);
2060
	else
2061
		ni = _ieee80211_find_node_locked(nt, macaddr, func, line);
2062
	IEEE80211_NODE_UNLOCK(nt);
2063

2064
	if (ni == NULL) {
2065
		if (vap->iv_opmode == IEEE80211_M_IBSS ||
2066
		    vap->iv_opmode == IEEE80211_M_AHDEMO) {
2067
			/*
2068
			 * In adhoc mode cons up a node for the destination.
2069
			 * Note that we need an additional reference for the
2070
			 * caller to be consistent with
2071
			 * ieee80211_find_node_locked.
2072
			 */
2073
			/*
2074
			 * XXX TODO: this doesn't fake up 11n state; we need
2075
			 * to find another way to get it upgraded.
2076
			 */
2077
			ni = ieee80211_fakeup_adhoc_node(vap, macaddr);
2078
			if (ni != NULL)
2079
				(void) ieee80211_ref_node(ni);
2080
		} else {
2081
			IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_OUTPUT, macaddr,
2082
			    "no node, discard frame (%s)", __func__);
2083
			vap->iv_stats.is_tx_nonode++;
2084
		}
2085
	}
2086
	return ni;
2087
}
2088

2089
struct ieee80211_node *
2090
_ieee80211_ref_node(struct ieee80211_node *ni,
2091
    const char *func __debrefcnt_used, int line __debrefcnt_used)
2092
{
2093

2094
#ifdef IEEE80211_DEBUG_REFCNT
2095
	IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
2096
	    "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni,
2097
	    ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)+1);
2098
#endif
2099
	ieee80211_node_incref(ni);
2100
	return (ni);
2101
}
2102

2103
static void
2104
__ieee80211_free_node(struct ieee80211_node *ni)
2105
{
2106
	struct ieee80211_node_table *nt = ni->ni_table;
2107

2108
	/*
2109
	 * NB: careful about referencing the vap as it may be
2110
	 * gone if the last reference was held by a driver.
2111
	 * We know the com will always be present so it's safe
2112
	 * to use ni_ic below to reclaim resources.
2113
	 */
2114
#if 0
2115
	IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE,
2116
		"%s %p<%s> in %s table\n", __func__, ni,
2117
		ether_sprintf(ni->ni_macaddr),
2118
		nt != NULL ? nt->nt_name : "<gone>");
2119
#endif
2120
	if (ni->ni_associd != 0) {
2121
		struct ieee80211vap *vap = ni->ni_vap;
2122
		if (vap->iv_aid_bitmap != NULL)
2123
			IEEE80211_AID_CLR(vap, ni->ni_associd);
2124
	}
2125
	if (nt != NULL)
2126
		ieee80211_del_node_nt(nt, ni);
2127
	ni->ni_ic->ic_node_free(ni);
2128
}
2129

2130
/*
2131
 * Clear any entry in the unicast key mapping table.
2132
 */
2133
static int
2134
node_clear_keyixmap(struct ieee80211_node_table *nt, struct ieee80211_node *ni)
2135
{
2136
	ieee80211_keyix keyix;
2137

2138
	keyix = ni->ni_ucastkey.wk_rxkeyix;
2139
	if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax &&
2140
	    nt->nt_keyixmap[keyix] == ni) {
2141
		IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
2142
			"%s: %p<%s> clear key map entry %u\n",
2143
			__func__, ni, ether_sprintf(ni->ni_macaddr), keyix);
2144
		nt->nt_keyixmap[keyix] = NULL;
2145
		ieee80211_node_decref(ni);
2146
		return 1;
2147
	}
2148

2149
	return 0;
2150
}
2151

2152
void
2153
_ieee80211_free_node(struct ieee80211_node *ni,
2154
    const char *func __debrefcnt_used, int line __debrefcnt_used)
2155
{
2156
	struct ieee80211_node_table *nt = ni->ni_table;
2157

2158
#ifdef IEEE80211_DEBUG_REFCNT
2159
	IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
2160
		"%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni,
2161
		 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni)-1);
2162
#endif
2163
	if (nt != NULL) {
2164
		IEEE80211_NODE_LOCK(nt);
2165
		if (ieee80211_node_dectestref(ni)) {
2166
			/*
2167
			 * Last reference, reclaim state.
2168
			 */
2169
			__ieee80211_free_node(ni);
2170
		} else if (ieee80211_node_refcnt(ni) == 1)
2171
			if (node_clear_keyixmap(nt, ni))
2172
				__ieee80211_free_node(ni);
2173
		IEEE80211_NODE_UNLOCK(nt);
2174
	} else {
2175
		if (ieee80211_node_dectestref(ni))
2176
			__ieee80211_free_node(ni);
2177
	}
2178
}
2179

2180
/*
2181
 * Reclaim a unicast key and clear any key cache state.
2182
 */
2183
int
2184
ieee80211_node_delucastkey(struct ieee80211_node *ni)
2185
{
2186
	struct ieee80211com *ic = ni->ni_ic;
2187
	struct ieee80211_node_table *nt = &ic->ic_sta;
2188
	struct ieee80211_node *nikey;
2189
	ieee80211_keyix keyix;
2190
	int isowned, status;
2191

2192
	/*
2193
	 * NB: We must beware of LOR here; deleting the key
2194
	 * can cause the crypto layer to block traffic updates
2195
	 * which can generate a LOR against the node table lock;
2196
	 * grab it here and stash the key index for our use below.
2197
	 *
2198
	 * Must also beware of recursion on the node table lock.
2199
	 * When called from node_cleanup we may already have
2200
	 * the node table lock held.  Unfortunately there's no
2201
	 * way to separate out this path so we must do this
2202
	 * conditionally.
2203
	 */
2204
	isowned = IEEE80211_NODE_IS_LOCKED(nt);
2205
	if (!isowned)
2206
		IEEE80211_NODE_LOCK(nt);
2207
	nikey = NULL;
2208
	status = 1;		/* NB: success */
2209
	if (!IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) {
2210
		keyix = ni->ni_ucastkey.wk_rxkeyix;
2211
		status = ieee80211_crypto_delkey(ni->ni_vap, &ni->ni_ucastkey);
2212
		if (nt->nt_keyixmap != NULL && keyix < nt->nt_keyixmax) {
2213
			nikey = nt->nt_keyixmap[keyix];
2214
			nt->nt_keyixmap[keyix] = NULL;
2215
		}
2216
	}
2217
	if (!isowned)
2218
		IEEE80211_NODE_UNLOCK(nt);
2219

2220
	if (nikey != NULL) {
2221
		KASSERT(nikey == ni,
2222
			("key map out of sync, ni %p nikey %p", ni, nikey));
2223
		IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
2224
			"%s: delete key map entry %p<%s> refcnt %d\n",
2225
			__func__, ni, ether_sprintf(ni->ni_macaddr),
2226
			ieee80211_node_refcnt(ni)-1);
2227
		ieee80211_free_node(ni);
2228
	}
2229
	return status;
2230
}
2231

2232
/*
2233
 * Reclaim a node.  If this is the last reference count then
2234
 * do the normal free work.  Otherwise remove it from the node
2235
 * table and mark it gone by clearing the back-reference.
2236
 */
2237
static void
2238
node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni)
2239
{
2240

2241
	IEEE80211_NODE_LOCK_ASSERT(nt);
2242

2243
	IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
2244
		"%s: remove %p<%s> from %s table, refcnt %d\n",
2245
		__func__, ni, ether_sprintf(ni->ni_macaddr),
2246
		nt->nt_name, ieee80211_node_refcnt(ni)-1);
2247
	/*
2248
	 * Clear any entry in the unicast key mapping table.
2249
	 * We need to do it here so rx lookups don't find it
2250
	 * in the mapping table even if it's not in the hash
2251
	 * table.  We cannot depend on the mapping table entry
2252
	 * being cleared because the node may not be free'd.
2253
	 */
2254
	(void)node_clear_keyixmap(nt, ni);
2255
	if (!ieee80211_node_dectestref(ni)) {
2256
		/*
2257
		 * Other references are present, just remove the
2258
		 * node from the table so it cannot be found.  When
2259
		 * the references are dropped storage will be
2260
		 * reclaimed.
2261
		 */
2262
		ieee80211_del_node_nt(nt, ni);
2263
	} else
2264
		__ieee80211_free_node(ni);
2265
}
2266

2267
/*
2268
 * Node table support.
2269
 */
2270

2271
static void
2272
ieee80211_node_table_init(struct ieee80211com *ic,
2273
	struct ieee80211_node_table *nt,
2274
	const char *name, int inact, int keyixmax)
2275
{
2276

2277
	nt->nt_ic = ic;
2278
	IEEE80211_NODE_LOCK_INIT(nt, ic->ic_name);
2279
	TAILQ_INIT(&nt->nt_node);
2280
	nt->nt_count = 0;
2281
	nt->nt_name = name;
2282
	nt->nt_inact_init = inact;
2283
	nt->nt_keyixmax = keyixmax;
2284
	if (nt->nt_keyixmax > 0) {
2285
		nt->nt_keyixmap = (struct ieee80211_node **) IEEE80211_MALLOC(
2286
			keyixmax * sizeof(struct ieee80211_node *),
2287
			M_80211_NODE,
2288
			IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
2289
		if (nt->nt_keyixmap == NULL)
2290
			ic_printf(ic,
2291
			    "Cannot allocate key index map with %u entries\n",
2292
			    keyixmax);
2293
	} else
2294
		nt->nt_keyixmap = NULL;
2295
}
2296

2297
static void
2298
ieee80211_node_table_reset(struct ieee80211_node_table *nt,
2299
	struct ieee80211vap *match)
2300
{
2301
	struct ieee80211_node *ni, *next;
2302

2303
	IEEE80211_NODE_LOCK(nt);
2304
	TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) {
2305
		if (match != NULL && ni->ni_vap != match)
2306
			continue;
2307
		/* XXX can this happen?  if so need's work */
2308
		if (ni->ni_associd != 0) {
2309
			struct ieee80211vap *vap = ni->ni_vap;
2310

2311
			if (vap->iv_auth->ia_node_leave != NULL)
2312
				vap->iv_auth->ia_node_leave(ni);
2313
			if (vap->iv_aid_bitmap != NULL)
2314
				IEEE80211_AID_CLR(vap, ni->ni_associd);
2315
		}
2316
		ni->ni_wdsvap = NULL;		/* clear reference */
2317
		node_reclaim(nt, ni);
2318
	}
2319
	if (match != NULL && match->iv_opmode == IEEE80211_M_WDS) {
2320
		/*
2321
		 * Make a separate pass to clear references to this vap
2322
		 * held by DWDS entries.  They will not be matched above
2323
		 * because ni_vap will point to the ap vap but we still
2324
		 * need to clear ni_wdsvap when the WDS vap is destroyed
2325
		 * and/or reset.
2326
		 */
2327
		TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next)
2328
			if (ni->ni_wdsvap == match)
2329
				ni->ni_wdsvap = NULL;
2330
	}
2331
	IEEE80211_NODE_UNLOCK(nt);
2332
}
2333

2334
static void
2335
ieee80211_node_table_cleanup(struct ieee80211_node_table *nt)
2336
{
2337
	ieee80211_node_table_reset(nt, NULL);
2338
	if (nt->nt_keyixmap != NULL) {
2339
#ifdef DIAGNOSTIC
2340
		/* XXX verify all entries are NULL */
2341
		int i;
2342
		for (i = 0; i < nt->nt_keyixmax; i++)
2343
			if (nt->nt_keyixmap[i] != NULL)
2344
				net80211_printf("%s: %s[%u] still active\n", __func__,
2345
					nt->nt_name, i);
2346
#endif
2347
		IEEE80211_FREE(nt->nt_keyixmap, M_80211_NODE);
2348
		nt->nt_keyixmap = NULL;
2349
	}
2350
	IEEE80211_NODE_LOCK_DESTROY(nt);
2351
}
2352

2353
static void
2354
timeout_stations(void *arg __unused, struct ieee80211_node *ni)
2355
{
2356
	struct ieee80211com *ic = ni->ni_ic;
2357
	struct ieee80211vap *vap = ni->ni_vap;
2358

2359
	/*
2360
	 * Only process stations when in RUN state.  This
2361
	 * insures, for example, that we don't timeout an
2362
	 * inactive station during CAC.  Note that CSA state
2363
	 * is actually handled in ieee80211_node_timeout as
2364
	 * it applies to more than timeout processing.
2365
	 */
2366
	if (vap->iv_state != IEEE80211_S_RUN)
2367
		return;
2368
	/*
2369
	 * Ignore entries for which have yet to receive an
2370
	 * authentication frame.  These are transient and
2371
	 * will be reclaimed when the last reference to them
2372
	 * goes away (when frame xmits complete).
2373
	 */
2374
	if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
2375
	     vap->iv_opmode == IEEE80211_M_STA) &&
2376
	    (ni->ni_flags & IEEE80211_NODE_AREF) == 0)
2377
		return;
2378
	/*
2379
	 * Free fragment if not needed anymore
2380
	 * (last fragment older than 1s).
2381
	 * XXX doesn't belong here, move to node_age
2382
	 */
2383
	if (ni->ni_rxfrag[0] != NULL &&
2384
	    ticks > ni->ni_rxfragstamp + hz) {
2385
		m_freem(ni->ni_rxfrag[0]);
2386
		ni->ni_rxfrag[0] = NULL;
2387
	}
2388
	if (ni->ni_inact > 0) {
2389
		ni->ni_inact--;
2390
		IEEE80211_NOTE(vap, IEEE80211_MSG_INACT, ni,
2391
		    "%s: inact %u inact_reload %u nrates %u",
2392
		    __func__, ni->ni_inact, ni->ni_inact_reload,
2393
		    ni->ni_rates.rs_nrates);
2394
	}
2395
	/*
2396
	 * Special case ourself; we may be idle for extended periods
2397
	 * of time and regardless reclaiming our state is wrong.
2398
	 * XXX run ic_node_age
2399
	 */
2400
	/* XXX before inact decrement? */
2401
	if (ni == vap->iv_bss)
2402
		return;
2403
	if (ni->ni_associd != 0 ||
2404
	    (vap->iv_opmode == IEEE80211_M_IBSS ||
2405
	     vap->iv_opmode == IEEE80211_M_AHDEMO)) {
2406
		/*
2407
		 * Age/drain resources held by the station.
2408
		 */
2409
		ic->ic_node_age(ni);
2410
		/*
2411
		 * Probe the station before time it out.  We
2412
		 * send a null data frame which may not be
2413
		 * universally supported by drivers (need it
2414
		 * for ps-poll support so it should be...).
2415
		 *
2416
		 * XXX don't probe the station unless we've
2417
		 *     received a frame from them (and have
2418
		 *     some idea of the rates they are capable
2419
		 *     of); this will get fixed more properly
2420
		 *     soon with better handling of the rate set.
2421
		 */
2422
		if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) &&
2423
		    (0 < ni->ni_inact &&
2424
		     ni->ni_inact <= vap->iv_inact_probe) &&
2425
		    ni->ni_rates.rs_nrates != 0) {
2426
			IEEE80211_NOTE(vap,
2427
			    IEEE80211_MSG_INACT | IEEE80211_MSG_NODE,
2428
			    ni, "%s",
2429
			    "probe station due to inactivity");
2430
			/*
2431
			 * Grab a reference so the node cannot
2432
			 * be reclaimed before we send the frame.
2433
			 * ieee80211_send_nulldata understands
2434
			 * we've done this and reclaims the
2435
			 * ref for us as needed.
2436
			 */
2437
			/* XXX fix this (not required anymore). */
2438
			ieee80211_ref_node(ni);
2439
			/* XXX useless */
2440
			ieee80211_send_nulldata(ni);
2441
			/* XXX stat? */
2442
			return;
2443
		}
2444
	}
2445
	if ((vap->iv_flags_ext & IEEE80211_FEXT_INACT) &&
2446
	    ni->ni_inact <= 0) {
2447
		IEEE80211_NOTE(vap,
2448
		    IEEE80211_MSG_INACT | IEEE80211_MSG_NODE, ni,
2449
		    "station timed out due to inactivity "
2450
		    "(refcnt %u)", ieee80211_node_refcnt(ni));
2451
		/*
2452
		 * Send a deauthenticate frame and drop the station.
2453
		 * This is somewhat complicated due to reference counts
2454
		 * and locking.  At this point a station will typically
2455
		 * have a reference count of 2.  ieee80211_node_leave
2456
		 * will do a "free" of the node which will drop the
2457
		 * reference count.  But in the meantime a reference
2458
		 * wil be held by the deauth frame.  The actual reclaim
2459
		 * of the node will happen either after the tx is
2460
		 * completed or by ieee80211_node_leave.
2461
		 */
2462
		if (ni->ni_associd != 0) {
2463
			IEEE80211_SEND_MGMT(ni,
2464
			    IEEE80211_FC0_SUBTYPE_DEAUTH,
2465
			    IEEE80211_REASON_AUTH_EXPIRE);
2466
		}
2467
		ieee80211_node_leave(ni);
2468
		vap->iv_stats.is_node_timeout++;
2469
	}
2470
}
2471

2472
/*
2473
 * Timeout inactive stations and do related housekeeping.
2474
 */
2475
static void
2476
ieee80211_timeout_stations(struct ieee80211com *ic)
2477
{
2478
	struct ieee80211_node_table *nt = &ic->ic_sta;
2479

2480
	ieee80211_iterate_nodes(nt, timeout_stations, NULL);
2481
}
2482

2483
/*
2484
 * Aggressively reclaim resources.  This should be used
2485
 * only in a critical situation to reclaim mbuf resources.
2486
 */
2487
void
2488
ieee80211_drain(struct ieee80211com *ic)
2489
{
2490
	struct ieee80211_node_table *nt = &ic->ic_sta;
2491
	struct ieee80211vap *vap;
2492
	struct ieee80211_node *ni;
2493

2494
	IEEE80211_NODE_LOCK(nt);
2495
	TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
2496
		/*
2497
		 * Ignore entries for which have yet to receive an
2498
		 * authentication frame.  These are transient and
2499
		 * will be reclaimed when the last reference to them
2500
		 * goes away (when frame xmits complete).
2501
		 */
2502
		vap = ni->ni_vap;
2503
		/*
2504
		 * Only process stations when in RUN state.  This
2505
		 * insures, for example, that we don't timeout an
2506
		 * inactive station during CAC.  Note that CSA state
2507
		 * is actually handled in ieee80211_node_timeout as
2508
		 * it applies to more than timeout processing.
2509
		 */
2510
		if (vap->iv_state != IEEE80211_S_RUN)
2511
			continue;
2512
		/* XXX can vap be NULL? */
2513
		if ((vap->iv_opmode == IEEE80211_M_HOSTAP ||
2514
		     vap->iv_opmode == IEEE80211_M_STA) &&
2515
		    (ni->ni_flags & IEEE80211_NODE_AREF) == 0)
2516
			continue;
2517
		/*
2518
		 * Free fragments.
2519
		 * XXX doesn't belong here, move to node_drain
2520
		 */
2521
		if (ni->ni_rxfrag[0] != NULL) {
2522
			m_freem(ni->ni_rxfrag[0]);
2523
			ni->ni_rxfrag[0] = NULL;
2524
		}
2525
		/*
2526
		 * Drain resources held by the station.
2527
		 */
2528
		ic->ic_node_drain(ni);
2529
	}
2530
	IEEE80211_NODE_UNLOCK(nt);
2531
}
2532

2533
/*
2534
 * Per-ieee80211vap inactivity timer callback.
2535
 */
2536
static void
2537
ieee80211_vap_timeout(struct ieee80211vap *vap)
2538
{
2539

2540
	IEEE80211_LOCK_ASSERT(vap->iv_ic);
2541

2542
	ieee80211_vap_erp_timeout(vap);
2543
	ieee80211_ht_timeout(vap);
2544
	ieee80211_vht_timeout(vap);
2545
}
2546

2547
/*
2548
 * Per-ieee80211com inactivity timer callback.
2549
 */
2550
void
2551
ieee80211_node_timeout(void *arg)
2552
{
2553
	struct ieee80211com *ic = arg;
2554
	struct ieee80211vap *vap;
2555

2556
	/*
2557
	 * Defer timeout processing if a channel switch is pending.
2558
	 * We typically need to be mute so not doing things that
2559
	 * might generate frames is good to handle in one place.
2560
	 * Suppressing the station timeout processing may extend the
2561
	 * lifetime of inactive stations (by not decrementing their
2562
	 * idle counters) but this should be ok unless the CSA is
2563
	 * active for an unusually long time.
2564
	 */
2565
	if ((ic->ic_flags & IEEE80211_F_CSAPENDING) == 0) {
2566
		ieee80211_scan_timeout(ic);
2567
		ieee80211_timeout_stations(ic);
2568
		ieee80211_ageq_age(&ic->ic_stageq, IEEE80211_INACT_WAIT);
2569

2570
		IEEE80211_LOCK(ic);
2571
		TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
2572
			ieee80211_vap_timeout(vap);
2573
		IEEE80211_UNLOCK(ic);
2574
	}
2575
	callout_reset(&ic->ic_inact, IEEE80211_INACT_WAIT*hz,
2576
		ieee80211_node_timeout, ic);
2577
}
2578

2579
/*
2580
 * The same as ieee80211_iterate_nodes(), but for one vap only.
2581
 */
2582
int
2583
ieee80211_iterate_nodes_vap(struct ieee80211_node_table *nt,
2584
    struct ieee80211vap *vap, ieee80211_iter_func *f, void *arg)
2585
{
2586
	struct ieee80211_node **ni_arr;
2587
	struct ieee80211_node *ni;
2588
	size_t size;
2589
	int count, i;
2590

2591
	/*
2592
	 * Iterate over the node table and save an array of ref'ed nodes.
2593
	 *
2594
	 * This is separated out from calling the actual node function so that
2595
	 * no LORs will occur.
2596
	 */
2597
	IEEE80211_NODE_LOCK(nt);
2598
	count = nt->nt_count;
2599
	size = count * sizeof(struct ieee80211_node *);
2600
	ni_arr = (struct ieee80211_node **) IEEE80211_MALLOC(size, M_80211_NODE,
2601
	    IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
2602
	if (ni_arr == NULL) {
2603
		IEEE80211_NODE_UNLOCK(nt);
2604
		return (ENOMEM);
2605
	}
2606

2607
	i = 0;
2608
	TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
2609
		if (vap != NULL && ni->ni_vap != vap)
2610
			continue;
2611
		KASSERT(i < count,
2612
		    ("node array overflow (vap %p, i %d, count %d)\n",
2613
		    vap, i, count));
2614
		ni_arr[i] = ieee80211_ref_node(ni);
2615
		i++;
2616
	}
2617
	IEEE80211_NODE_UNLOCK(nt);
2618

2619
	for (i = 0; i < count; i++) {
2620
		if (ni_arr[i] == NULL)	/* end of the list */
2621
			break;
2622
		(*f)(arg, ni_arr[i]);
2623
		/* ieee80211_free_node() locks by itself */
2624
		ieee80211_free_node(ni_arr[i]);
2625
	}
2626

2627
	IEEE80211_FREE(ni_arr, M_80211_NODE);
2628

2629
	return (0);
2630
}
2631

2632
/*
2633
 * Just a wrapper, so we don't have to change every ieee80211_iterate_nodes()
2634
 * reference in the source.
2635
 */
2636
void
2637
ieee80211_iterate_nodes(struct ieee80211_node_table *nt,
2638
	ieee80211_iter_func *f, void *arg)
2639
{
2640
	/* XXX no way to pass error to the caller. */
2641
	(void) ieee80211_iterate_nodes_vap(nt, NULL, f, arg);
2642
}
2643

2644
void
2645
ieee80211_dump_node(struct ieee80211_node_table *nt __unused,
2646
    struct ieee80211_node *ni)
2647
{
2648
	net80211_printf("%p: mac %s refcnt %d\n", ni,
2649
		ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni));
2650
	net80211_printf("\tauthmode %u flags 0x%x\n",
2651
		ni->ni_authmode, ni->ni_flags);
2652
	net80211_printf("\tassocid 0x%x txpower %u vlan %u\n",
2653
		ni->ni_associd, ni->ni_txpower, ni->ni_vlan);
2654
	net80211_printf("\ttxseq %u rxseq %u fragno %u rxfragstamp %u\n",
2655
		ni->ni_txseqs[IEEE80211_NONQOS_TID],
2656
		ni->ni_rxseqs[IEEE80211_NONQOS_TID] >> IEEE80211_SEQ_SEQ_SHIFT,
2657
		ni->ni_rxseqs[IEEE80211_NONQOS_TID] & IEEE80211_SEQ_FRAG_MASK,
2658
		ni->ni_rxfragstamp);
2659
	net80211_printf("\trssi %d noise %d intval %u capinfo 0x%x\n",
2660
		node_getrssi(ni), ni->ni_noise,
2661
		ni->ni_intval, ni->ni_capinfo);
2662
	net80211_printf("\tbssid %s essid \"%.*s\" channel %u:0x%x\n",
2663
		ether_sprintf(ni->ni_bssid),
2664
		ni->ni_esslen, ni->ni_essid,
2665
		(ni->ni_chan != IEEE80211_CHAN_ANYC) ? ni->ni_chan->ic_freq : 0,
2666
		(ni->ni_chan != IEEE80211_CHAN_ANYC) ? ni->ni_chan->ic_flags : 0);
2667
	net80211_printf("\tinact %u inact_reload %u txrate type %d dot11rate %u\n",
2668
		ni->ni_inact, ni->ni_inact_reload,
2669
		ni->ni_txrate.type,
2670
		ni->ni_txrate.dot11rate);
2671
	net80211_printf("\thtcap %x htparam %x htctlchan %u ht2ndchan %u\n",
2672
		ni->ni_htcap, ni->ni_htparam,
2673
		ni->ni_htctlchan, ni->ni_ht2ndchan);
2674
	net80211_printf("\thtopmode %x htstbc %x htchw %d (%s)\n",
2675
		ni->ni_htopmode, ni->ni_htstbc,
2676
		ni->ni_chw, net80211_ni_chw_to_str(ni->ni_chw));
2677
	net80211_printf("\tvhtcap %x freq1 %d freq2 %d vhtbasicmcs %x\n",
2678
		ni->ni_vhtcap, (int) ni->ni_vht_chan1, (int) ni->ni_vht_chan2,
2679
		(int) ni->ni_vht_basicmcs);
2680
	/* XXX VHT state */
2681
}
2682

2683
void
2684
ieee80211_dump_nodes(struct ieee80211_node_table *nt)
2685
{
2686
	ieee80211_iterate_nodes(nt,
2687
		(ieee80211_iter_func *) ieee80211_dump_node, nt);
2688
}
2689

2690
/*
2691
 * Iterate over the VAPs and update their ERP beacon IEs.
2692
 *
2693
 * Note this must be called from the deferred ERP update task paths.
2694
 */
2695
void
2696
ieee80211_notify_erp_locked(struct ieee80211com *ic)
2697
{
2698
	struct ieee80211vap *vap;
2699

2700
	IEEE80211_LOCK_ASSERT(ic);
2701

2702
	TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
2703
		if (vap->iv_opmode == IEEE80211_M_HOSTAP)
2704
			ieee80211_beacon_notify(vap, IEEE80211_BEACON_ERP);
2705
}
2706

2707
/*
2708
 * Handle a station joining an 11g network.
2709
 */
2710
static void
2711
ieee80211_node_join_11g(struct ieee80211_node *ni)
2712
{
2713
	struct ieee80211com *ic = ni->ni_ic;
2714
	struct ieee80211vap *vap = ni->ni_vap;
2715

2716
	IEEE80211_LOCK_ASSERT(ic);
2717

2718
	/*
2719
	 * Station isn't capable of short slot time.  Bump
2720
	 * the count of long slot time stations and disable
2721
	 * use of short slot time.  Note that the actual switch
2722
	 * over to long slot time use may not occur until the
2723
	 * next beacon transmission (per sec. 7.3.1.4 of 11g).
2724
	 */
2725
	if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) {
2726
		vap->iv_longslotsta++;
2727
		IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2728
		    "station needs long slot time, count %d",
2729
		    vap->iv_longslotsta);
2730
		/*
2731
		 * XXX TODO: this may need all VAPs checked!
2732
		 */
2733
		if (!IEEE80211_IS_CHAN_108G(ic->ic_bsschan)) {
2734
			/*
2735
			 * Don't force slot time when switched to turbo
2736
			 * mode as non-ERP stations won't be present; this
2737
			 * need only be done when on the normal G channel.
2738
			 */
2739
			ieee80211_vap_set_shortslottime(vap, 0);
2740
		}
2741
	}
2742
	/*
2743
	 * If the new station is not an ERP station
2744
	 * then bump the counter and enable protection
2745
	 * if configured.
2746
	 */
2747
	if (!ieee80211_iserp_rateset(&ni->ni_rates)) {
2748
		vap->iv_nonerpsta++;
2749
		IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2750
		    "station is !ERP, %d non-ERP stations associated",
2751
		    vap->iv_nonerpsta);
2752
		/*
2753
		 * If station does not support short preamble
2754
		 * then we must enable use of Barker preamble.
2755
		 */
2756
		if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE) == 0) {
2757
			IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2758
			    "%s", "station needs long preamble");
2759
			vap->iv_flags |= IEEE80211_F_USEBARKER;
2760
			vap->iv_flags &= ~IEEE80211_F_SHPREAMBLE;
2761
			ieee80211_vap_update_preamble(vap);
2762
		}
2763
		/*
2764
		 * If protection is configured and this is the first
2765
		 * indication we should use protection, enable it.
2766
		 */
2767
		if (vap->iv_protmode != IEEE80211_PROT_NONE &&
2768
		    vap->iv_nonerpsta == 1 &&
2769
		    (vap->iv_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) {
2770
			IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC,
2771
			    "%s: enable use of protection\n", __func__);
2772
			vap->iv_flags |= IEEE80211_F_USEPROT;
2773
			ieee80211_vap_update_erp_protmode(vap);
2774
		}
2775
	} else
2776
		ni->ni_flags |= IEEE80211_NODE_ERP;
2777
}
2778

2779
void
2780
ieee80211_node_join(struct ieee80211_node *ni, int resp)
2781
{
2782
	struct ieee80211com *ic = ni->ni_ic;
2783
	struct ieee80211vap *vap = ni->ni_vap;
2784
	int newassoc;
2785

2786
	if (ni->ni_associd == 0) {
2787
		uint16_t aid;
2788

2789
		KASSERT(vap->iv_aid_bitmap != NULL, ("no aid bitmap"));
2790
		/*
2791
		 * It would be good to search the bitmap
2792
		 * more efficiently, but this will do for now.
2793
		 */
2794
		for (aid = 1; aid < vap->iv_max_aid; aid++) {
2795
			if (!IEEE80211_AID_ISSET(vap, aid))
2796
				break;
2797
		}
2798
		if (aid >= vap->iv_max_aid) {
2799
			IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_TOOMANY);
2800
			ieee80211_node_leave(ni);
2801
			return;
2802
		}
2803
		ni->ni_associd = aid | 0xc000;
2804
		ni->ni_jointime = time_uptime;
2805
		IEEE80211_LOCK(ic);
2806
		IEEE80211_AID_SET(vap, ni->ni_associd);
2807
		vap->iv_sta_assoc++;
2808

2809
		if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan))
2810
			ieee80211_ht_node_join(ni);
2811
		if (IEEE80211_IS_CHAN_VHT(ic->ic_bsschan))
2812
			ieee80211_vht_node_join(ni);
2813
		if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) &&
2814
		    IEEE80211_IS_CHAN_FULL(ic->ic_bsschan))
2815
			ieee80211_node_join_11g(ni);
2816
		IEEE80211_UNLOCK(ic);
2817

2818
		newassoc = 1;
2819
	} else
2820
		newassoc = 0;
2821

2822
	/*
2823
	 * XXX VHT - should log VHT channel width, etc
2824
	 */
2825
	IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni,
2826
	    "station associated at aid %d: %s preamble, %s slot time%s%s%s%s%s%s%s%s%s",
2827
	    IEEE80211_NODE_AID(ni),
2828
	    vap->iv_flags & IEEE80211_F_SHPREAMBLE ? "short" : "long",
2829
	    vap->iv_flags & IEEE80211_F_SHSLOT ? "short" : "long",
2830
	    vap->iv_flags & IEEE80211_F_USEPROT ? ", protection" : "",
2831
	    ni->ni_flags & IEEE80211_NODE_QOS ? ", QoS" : "",
2832
	    /* XXX update for VHT string */
2833
	    ni->ni_flags & IEEE80211_NODE_HT ?
2834
		(ni->ni_chw == NET80211_STA_RX_BW_40 ? ", HT40" : ", HT20") : "",
2835
	    ni->ni_flags & IEEE80211_NODE_AMPDU ? " (+AMPDU)" : "",
2836
	    ni->ni_flags & IEEE80211_NODE_AMSDU ? " (+AMSDU)" : "",
2837
	    ni->ni_flags & IEEE80211_NODE_MIMO_RTS ? " (+SMPS-DYN)" :
2838
	        ni->ni_flags & IEEE80211_NODE_MIMO_PS ? " (+SMPS)" : "",
2839
	    ni->ni_flags & IEEE80211_NODE_RIFS ? " (+RIFS)" : "",
2840
	    IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_FF) ?
2841
		", fast-frames" : "",
2842
	    IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_TURBOP) ?
2843
		", turbo" : ""
2844
	);
2845

2846
	ieee80211_node_setuptxparms(ni);
2847
	ieee80211_ratectl_node_init(ni);
2848
	/* give driver a chance to setup state like ni_txrate */
2849
	if (ic->ic_newassoc != NULL)
2850
		ic->ic_newassoc(ni, newassoc);
2851
	IEEE80211_SEND_MGMT(ni, resp, IEEE80211_STATUS_SUCCESS);
2852
	/* tell the authenticator about new station */
2853
	if (vap->iv_auth->ia_node_join != NULL)
2854
		vap->iv_auth->ia_node_join(ni);
2855
	ieee80211_notify_node_join(ni,
2856
	    resp == IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
2857
}
2858

2859
static void
2860
disable_protection(struct ieee80211vap *vap)
2861
{
2862
	struct ieee80211com *ic = vap->iv_ic;
2863

2864
	KASSERT(vap->iv_nonerpsta == 0 &&
2865
	    (vap->iv_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0,
2866
	   ("%d non ERP stations, flags 0x%x", vap->iv_nonerpsta,
2867
	   vap->iv_flags_ext));
2868

2869
	vap->iv_flags &= ~IEEE80211_F_USEPROT;
2870
	/* XXX verify mode? */
2871
	if (ic->ic_caps & IEEE80211_C_SHPREAMBLE) {
2872
		vap->iv_flags |= IEEE80211_F_SHPREAMBLE;
2873
		vap->iv_flags &= ~IEEE80211_F_USEBARKER;
2874
	}
2875
	ieee80211_vap_update_erp_protmode(vap);
2876
	ieee80211_vap_update_preamble(vap);
2877
}
2878

2879
/*
2880
 * Handle a station leaving an 11g network.
2881
 */
2882
static void
2883
ieee80211_node_leave_11g(struct ieee80211_node *ni)
2884
{
2885
	struct ieee80211com *ic = ni->ni_ic;
2886
	struct ieee80211vap *vap = ni->ni_vap;
2887

2888
	IEEE80211_LOCK_ASSERT(ic);
2889

2890
	KASSERT(IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan),
2891
	     ("not in 11g, bss %u:0x%x", ic->ic_bsschan->ic_freq,
2892
	      ic->ic_bsschan->ic_flags));
2893

2894
	/*
2895
	 * If a long slot station do the slot time bookkeeping.
2896
	 */
2897
	if ((ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_SLOTTIME) == 0) {
2898
		KASSERT(vap->iv_longslotsta > 0,
2899
		    ("bogus long slot station count %d", vap->iv_longslotsta));
2900
		vap->iv_longslotsta--;
2901
		IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2902
		    "long slot time station leaves, count now %d",
2903
		    vap->iv_longslotsta);
2904
		/*
2905
		 * XXX TODO: this may need all VAPs checked!
2906
		 */
2907
		if (vap->iv_longslotsta == 0) {
2908
			/*
2909
			 * Re-enable use of short slot time if supported
2910
			 * and not operating in IBSS mode (per spec).
2911
			 */
2912
			if ((ic->ic_caps & IEEE80211_C_SHSLOT) &&
2913
			    ic->ic_opmode != IEEE80211_M_IBSS) {
2914
				IEEE80211_DPRINTF(ni->ni_vap,
2915
				    IEEE80211_MSG_ASSOC,
2916
				    "%s: re-enable use of short slot time\n",
2917
				    __func__);
2918
				ieee80211_vap_set_shortslottime(vap, 1);
2919
			}
2920
		}
2921
	}
2922
	/*
2923
	 * If a non-ERP station do the protection-related bookkeeping.
2924
	 */
2925
	if ((ni->ni_flags & IEEE80211_NODE_ERP) == 0) {
2926
		KASSERT(vap->iv_nonerpsta > 0,
2927
		    ("bogus non-ERP station count %d", vap->iv_nonerpsta));
2928
		vap->iv_nonerpsta--;
2929
		IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_ASSOC, ni,
2930
		    "non-ERP station leaves, count now %d%s", vap->iv_nonerpsta,
2931
		    (vap->iv_flags_ext & IEEE80211_FEXT_NONERP_PR) ?
2932
			" (non-ERP sta present)" : "");
2933
		if (vap->iv_nonerpsta == 0 &&
2934
		    (vap->iv_flags_ext & IEEE80211_FEXT_NONERP_PR) == 0) {
2935
			IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_ASSOC,
2936
				"%s: disable use of protection\n", __func__);
2937
			disable_protection(vap);
2938
		}
2939
	}
2940
}
2941

2942
/*
2943
 * Time out presence of an overlapping bss with non-ERP
2944
 * stations.  When operating in hostap mode we listen for
2945
 * beacons from other stations and if we identify a non-ERP
2946
 * station is present we enable protection.  To identify
2947
 * when all non-ERP stations are gone we time out this
2948
 * condition.
2949
 */
2950
static void
2951
ieee80211_vap_erp_timeout(struct ieee80211vap *vap)
2952
{
2953

2954
	IEEE80211_LOCK_ASSERT(vap->iv_ic);
2955

2956
	if ((vap->iv_flags_ext & IEEE80211_FEXT_NONERP_PR) &&
2957
	    ieee80211_time_after(ticks, vap->iv_lastnonerp + IEEE80211_NONERP_PRESENT_AGE)) {
2958
		IEEE80211_DPRINTF(vap, IEEE80211_MSG_ASSOC,
2959
		    "%s", "age out non-ERP sta present on channel");
2960
		vap->iv_flags_ext &= ~IEEE80211_FEXT_NONERP_PR;
2961
		if (vap->iv_nonerpsta == 0)
2962
			disable_protection(vap);
2963
	}
2964
}
2965

2966
/*
2967
 * Handle bookkeeping for station deauthentication/disassociation
2968
 * when operating as an ap.
2969
 */
2970
void
2971
ieee80211_node_leave(struct ieee80211_node *ni)
2972
{
2973
	struct ieee80211com *ic = ni->ni_ic;
2974
	struct ieee80211vap *vap = ni->ni_vap;
2975
	struct ieee80211_node_table *nt = ni->ni_table;
2976

2977
	IEEE80211_NOTE(vap, IEEE80211_MSG_ASSOC | IEEE80211_MSG_DEBUG, ni,
2978
	    "station with aid %d leaves", IEEE80211_NODE_AID(ni));
2979

2980
	KASSERT(vap->iv_opmode != IEEE80211_M_STA,
2981
		("unexpected operating mode %u", vap->iv_opmode));
2982
	/*
2983
	 * If node wasn't previously associated all
2984
	 * we need to do is reclaim the reference.
2985
	 */
2986
	/* XXX ibss mode bypasses 11g and notification */
2987
	if (ni->ni_associd == 0)
2988
		goto done;
2989
	/*
2990
	 * Tell the authenticator the station is leaving.
2991
	 * Note that we must do this before yanking the
2992
	 * association id as the authenticator uses the
2993
	 * associd to locate it's state block.
2994
	 */
2995
	if (vap->iv_auth->ia_node_leave != NULL)
2996
		vap->iv_auth->ia_node_leave(ni);
2997

2998
	IEEE80211_LOCK(ic);
2999
	IEEE80211_AID_CLR(vap, ni->ni_associd);
3000
	vap->iv_sta_assoc--;
3001

3002
	if (IEEE80211_IS_CHAN_VHT(ic->ic_bsschan))
3003
		ieee80211_vht_node_leave(ni);
3004
	if (IEEE80211_IS_CHAN_HT(ic->ic_bsschan))
3005
		ieee80211_ht_node_leave(ni);
3006
	if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan) &&
3007
	    IEEE80211_IS_CHAN_FULL(ic->ic_bsschan))
3008
		ieee80211_node_leave_11g(ni);
3009
	IEEE80211_UNLOCK(ic);
3010
	/*
3011
	 * Cleanup station state.  In particular clear various
3012
	 * state that might otherwise be reused if the node
3013
	 * is reused before the reference count goes to zero
3014
	 * (and memory is reclaimed).
3015
	 */
3016
	ieee80211_sta_leave(ni);
3017
done:
3018
	/*
3019
	 * Remove the node from any table it's recorded in and
3020
	 * drop the caller's reference.  Removal from the table
3021
	 * is important to insure the node is not reprocessed
3022
	 * for inactivity.
3023
	 */
3024
	if (nt != NULL) {
3025
		IEEE80211_NODE_LOCK(nt);
3026
		node_reclaim(nt, ni);
3027
		IEEE80211_NODE_UNLOCK(nt);
3028
	} else
3029
		ieee80211_free_node(ni);
3030
}
3031

3032
struct rssiinfo {
3033
	int	rssi_samples;
3034
	uint32_t rssi_total;
3035
};
3036

3037
static void
3038
get_hostap_rssi(void *arg, struct ieee80211_node *ni)
3039
{
3040
	struct rssiinfo *info = arg;
3041
	struct ieee80211vap *vap = ni->ni_vap;
3042
	int8_t rssi;
3043

3044
	/* only associated stations */
3045
	if (ni->ni_associd == 0)
3046
		return;
3047
	rssi = vap->iv_ic->ic_node_getrssi(ni);
3048
	if (rssi != 0) {
3049
		info->rssi_samples++;
3050
		info->rssi_total += rssi;
3051
	}
3052
}
3053

3054
static void
3055
get_adhoc_rssi(void *arg, struct ieee80211_node *ni)
3056
{
3057
	struct rssiinfo *info = arg;
3058
	struct ieee80211vap *vap = ni->ni_vap;
3059
	int8_t rssi;
3060

3061
	/* only neighbors */
3062
	/* XXX check bssid */
3063
	if ((ni->ni_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
3064
		return;
3065
	rssi = vap->iv_ic->ic_node_getrssi(ni);
3066
	if (rssi != 0) {
3067
		info->rssi_samples++;
3068
		info->rssi_total += rssi;
3069
	}
3070
}
3071

3072
#ifdef IEEE80211_SUPPORT_MESH
3073
static void
3074
get_mesh_rssi(void *arg, struct ieee80211_node *ni)
3075
{
3076
	struct rssiinfo *info = arg;
3077
	struct ieee80211vap *vap = ni->ni_vap;
3078
	int8_t rssi;
3079

3080
	/* only neighbors that peered successfully */
3081
	if (ni->ni_mlstate != IEEE80211_NODE_MESH_ESTABLISHED)
3082
		return;
3083
	rssi = vap->iv_ic->ic_node_getrssi(ni);
3084
	if (rssi != 0) {
3085
		info->rssi_samples++;
3086
		info->rssi_total += rssi;
3087
	}
3088
}
3089
#endif /* IEEE80211_SUPPORT_MESH */
3090

3091
int8_t
3092
ieee80211_getrssi(struct ieee80211vap *vap)
3093
{
3094
#define	NZ(x)	((x) == 0 ? 1 : (x))
3095
	struct ieee80211com *ic = vap->iv_ic;
3096
	struct rssiinfo info;
3097

3098
	info.rssi_total = 0;
3099
	info.rssi_samples = 0;
3100
	switch (vap->iv_opmode) {
3101
	case IEEE80211_M_IBSS:		/* average of all ibss neighbors */
3102
	case IEEE80211_M_AHDEMO:	/* average of all neighbors */
3103
		ieee80211_iterate_nodes_vap(&ic->ic_sta, vap, get_adhoc_rssi,
3104
		    &info);
3105
		break;
3106
	case IEEE80211_M_HOSTAP:	/* average of all associated stations */
3107
		ieee80211_iterate_nodes_vap(&ic->ic_sta, vap, get_hostap_rssi,
3108
		    &info);
3109
		break;
3110
#ifdef IEEE80211_SUPPORT_MESH
3111
	case IEEE80211_M_MBSS:		/* average of all mesh neighbors */
3112
		ieee80211_iterate_nodes_vap(&ic->ic_sta, vap, get_mesh_rssi,
3113
		    &info);
3114
		break;
3115
#endif
3116
	case IEEE80211_M_MONITOR:	/* XXX */
3117
	case IEEE80211_M_STA:		/* use stats from associated ap */
3118
	default:
3119
		if (vap->iv_bss != NULL)
3120
			info.rssi_total = ic->ic_node_getrssi(vap->iv_bss);
3121
		info.rssi_samples = 1;
3122
		break;
3123
	}
3124
	return info.rssi_total / NZ(info.rssi_samples);
3125
#undef NZ
3126
}
3127

3128
void
3129
ieee80211_getsignal(struct ieee80211vap *vap, int8_t *rssi, int8_t *noise)
3130
{
3131

3132
	if (vap->iv_bss == NULL)		/* NB: shouldn't happen */
3133
		return;
3134
	vap->iv_ic->ic_node_getsignal(vap->iv_bss, rssi, noise);
3135
	/* for non-station mode return avg'd rssi accounting */
3136
	if (vap->iv_opmode != IEEE80211_M_STA)
3137
		*rssi = ieee80211_getrssi(vap);
3138
}
3139

3140
/**
3141
 * @brief Increment the given TID TX sequence, return the current one.
3142
 *
3143
 * @param ni ieee80211_node to operate on
3144
 * @param tid TID, or IEEE80211_NONQOS_TID
3145
 * @returns sequence number, from 0 .. 4095 inclusive, post increments
3146
 */
3147
ieee80211_seq ieee80211_tx_seqno_fetch_incr(struct ieee80211_node *ni,
3148
    uint8_t tid)
3149
{
3150
	ieee80211_seq seq;
3151

3152
	seq = ni->ni_txseqs[tid];
3153
	ni->ni_txseqs[tid] = (ni->ni_txseqs[tid] + 1) % IEEE80211_SEQ_RANGE;
3154
	return (seq);
3155
}
3156

3157
/**
3158
 * @brief Return the current sequence number for the given TID
3159
 *
3160
 * @param ni ieee80211_node to operate on
3161
 * @param tid TID, or IEEE80211_NONQOS_TID
3162
 * @returns sequence number, from 0 .. 4095 inclusive
3163
 */
3164
ieee80211_seq ieee80211_tx_seqno_fetch(const struct ieee80211_node *ni,
3165
    uint8_t tid)
3166
{
3167
	return (ni->ni_txseqs[tid]);
3168
}
3169

3170
/**
3171
 * @brief return a dot11rate / ratecode representing the current transmit rate
3172
 *
3173
 * This is the API call for legacy / 802.11n drivers and rate control APIs
3174
 * which expect a dot11rate / ratecode representation for legacy and HT MCS
3175
 * rates.
3176
 *
3177
 * Drivers which support VHT should not use this API, as it will log an error
3178
 * and return a low rate if a VHT rate is selected.
3179
 *
3180
 * @param ni		the ieee80211_node to return the transmit rate for
3181
 * @returns		the dot11rate / ratecode for legacy/MCS, or the
3182
 *			lowest available dot11rate if it's VHT (and shouldn't
3183
 *			have been called.)
3184
 */
3185
uint8_t
3186
ieee80211_node_get_txrate_dot11rate(struct ieee80211_node *ni)
3187
{
3188
	switch (ni->ni_txrate.type) {
3189
	case IEEE80211_NODE_TXRATE_LEGACY:
3190
	case IEEE80211_NODE_TXRATE_HT:
3191
		return (ni->ni_txrate.dot11rate);
3192
		break;
3193
	case IEEE80211_NODE_TXRATE_VHT:
3194
	default:
3195
		net80211_vap_printf(ni->ni_vap,
3196
		    "%s: called for VHT / unknown rate (type %d)!\n",
3197
		    __func__, ni->ni_txrate.type);
3198
		return (12);		/* OFDM6 for now */
3199
	}
3200
}
3201

3202
/**
3203
 * @brief return the txrate representing the current transmit rate
3204
 *
3205
 * This is the API call for drivers and rate control APIs to fetch
3206
 * rates.  It will populate a struct ieee80211_node_txrate with the
3207
 * current rate configuration to use.
3208
 *
3209
 * @param ni		the ieee80211_node to return the transmit rate for
3210
 * @param txrate	the struct ieee80211_node_txrate to populate
3211
 */
3212
void
3213
ieee80211_node_get_txrate(struct ieee80211_node *ni,
3214
    struct ieee80211_node_txrate *txr)
3215
{
3216
	MPASS(ni != NULL);
3217
	MPASS(txr != NULL);
3218

3219
	*txr = ni->ni_txrate;
3220
}
3221

3222
/**
3223
 * @brief Set the txrate representing the current transmit rate
3224
 *
3225
 * This is the API call for drivers and rate control APIs to set
3226
 * rates.  It will copy a struct ieee80211_node_txrate with the
3227
 * current rate configuration to use.
3228
 *
3229
 * @param ni		the ieee80211_node to return the transmit rate for
3230
 * @param txrate	the struct ieee80211_node_txrate to copy to the node
3231
 */
3232
void
3233
ieee80211_node_set_txrate(struct ieee80211_node *ni,
3234
    const struct ieee80211_node_txrate *txr)
3235
{
3236
	MPASS(ni != NULL);
3237
	MPASS(txr != NULL);
3238

3239
	ni->ni_txrate = *txr;
3240
}
3241

3242
/**
3243
 * @brief set the dot11rate / ratecode representing the current transmit rate
3244
 *
3245
 * This is the API call for legacy / 802.11n drivers and rate control APIs
3246
 * which expect a dot11rate / ratecode representation for legacy and HT MCS
3247
 * rates.
3248
 *
3249
 * @param ni		the ieee80211_node to return the transmit rate for
3250
 * @param dot11rate	the dot11rate rate code to use
3251
 */
3252
void
3253
ieee80211_node_set_txrate_dot11rate(struct ieee80211_node *ni,
3254
    uint8_t dot11Rate)
3255
{
3256
	if (dot11Rate & IEEE80211_RATE_MCS) {
3257
		ni->ni_txrate.type = IEEE80211_NODE_TXRATE_HT;
3258
		ni->ni_txrate.mcs = dot11Rate & IEEE80211_RATE_VAL;
3259
		ni->ni_txrate.nss = 0;
3260
		ni->ni_txrate.dot11rate = dot11Rate;
3261
	} else {
3262
		ni->ni_txrate.type = IEEE80211_NODE_TXRATE_LEGACY;
3263
		ni->ni_txrate.mcs = ni->ni_txrate.nss = 0;
3264
		ni->ni_txrate.dot11rate = dot11Rate;
3265
	}
3266
}
3267

3268
/**
3269
 * @brief set the dot11rate / ratecode representing the current HT transmit rate
3270
 *
3271
 * This is the API call for 802.11n drivers and rate control APIs
3272
 * which expect a dot11rate / ratecode representation for legacy and HT MCS
3273
 * rates.  It expects an MCS rate code from 0 .. 76.
3274
 *
3275
 * @param ni		the ieee80211_node to return the transmit rate for
3276
 * @param mcs		the MCS rate to select
3277
 */
3278
void
3279
ieee80211_node_set_txrate_ht_mcsrate(struct ieee80211_node *ni,
3280
    uint8_t mcs)
3281
{
3282
	KASSERT(mcs <= 76, ("%s: MCS is not 0..76 (%d)", __func__, mcs));
3283
	if (mcs > 76) {
3284
		ic_printf(ni->ni_ic, "%s: invalid MCS (%d)\n", __func__, mcs);
3285
		return;
3286
	}
3287

3288
	ni->ni_txrate.type = IEEE80211_NODE_TXRATE_HT;
3289
	ni->ni_txrate.mcs = mcs;
3290
	ni->ni_txrate.nss = 0;
3291
	ni->ni_txrate.dot11rate = IEEE80211_RATE_MCS | mcs;
3292
}
3293

3294
/**
3295
 * @brief set the rate to the given VHT transmission rate.
3296
 *
3297
 * This sets the current transmit rate to the given VHT NSS/MCS.
3298
 *
3299
 * @param ni		the ieee80211_node to set the transmit rate for
3300
 * @param nss		the number of spatial streams
3301
 * @param mcs		the MCS rate to select
3302
 */
3303
void
3304
ieee80211_node_set_txrate_vht_rate(struct ieee80211_node *ni,
3305
    uint8_t nss, uint8_t mcs)
3306
{
3307
	MPASS(ni != NULL);
3308

3309
	ni->ni_txrate.type = IEEE80211_NODE_TXRATE_VHT;
3310
	ni->ni_txrate.mcs = mcs;
3311
	ni->ni_txrate.nss = nss;
3312
	ni->ni_txrate.dot11rate = 0;
3313
}
3314

3315
/*
3316
 * @brief Fetch the transmit rate for the given node in kbit/s.
3317
 *
3318
 * This currently only works for CCK, OFDM and HT rates.
3319
 *
3320
 * @param ni	struct ieee80211_node * to lookup
3321
 * @returns	current transmit rate in kbit/s
3322
 */
3323
uint32_t
3324
ieee80211_node_get_txrate_kbit(struct ieee80211_node *ni)
3325
{
3326
	uint32_t kbps;
3327

3328
	switch (ni->ni_txrate.type) {
3329
	case IEEE80211_NODE_TXRATE_LEGACY:
3330
		kbps = ni->ni_txrate.dot11rate * 500;
3331
		break;
3332
	case IEEE80211_NODE_TXRATE_HT:
3333
		/* Note: Valid for MCS 0..76 */
3334
		{
3335
			const struct ieee80211_mcs_rates *mcs =
3336
			    &ieee80211_htrates[ni->ni_txrate.dot11rate &
3337
			    ~IEEE80211_RATE_MCS];
3338

3339
			if (IEEE80211_IS_CHAN_HT40(ni->ni_chan)) {
3340
				if (ni->ni_flags & IEEE80211_NODE_SGI40)
3341
					kbps = mcs->ht40_rate_800ns * 500;
3342
				else
3343
					kbps = mcs->ht40_rate_400ns * 500;
3344
			} else {
3345
				if (ni->ni_flags & IEEE80211_NODE_SGI20)
3346
					kbps = mcs->ht20_rate_800ns * 500;
3347
				else
3348
					kbps = mcs->ht20_rate_400ns * 500;
3349
			}
3350
		}
3351
		break;
3352
	case IEEE80211_NODE_TXRATE_VHT:
3353
		/* Note: valid for VHT rates, assumes long-GI for now */
3354
		kbps = ieee80211_phy_vht_get_mcs_kbit(ni->ni_chw,
3355
		    ni->ni_txrate.nss, ni->ni_txrate.mcs, false);
3356
		break;
3357
	default:
3358
		net80211_vap_printf(ni->ni_vap,
3359
		    "%s: called for unknown rate (type %d)!\n", __func__,
3360
		    ni->ni_txrate.type);
3361
		return (0);
3362
	}
3363

3364
	return (kbps);
3365
}
3366

3367