fix wrong ifmedia macro used to check for IFM_AUTO

ok claudio@

Add 11ac/VHT Tx rate adaptation support to net80211.

Based on our existing RA module for 11n.
The main difference is in dealing with 11ac-specific ratesets.
Tx rate selection heuristics remain identical.

Only supports 80MHz channels, for now. 160MHz is left for future work.

ok sthen@

Add initial 802.11ac (VHT) support to net80211.

Add VHT capability and operation IE definitions to ieee80211.h.
Introduce channel flags to identify 80MHz and 160MHz capable channels.

Parse VHT IEs in beacons, announce the driver's VHT capabilities in
probe requests and assoc requests, and hop into 11ac mode after
association to the AP if possible.

Enable VHT by default if the driver announces support for it.

ok claudio@

Defer rtm_80211info() call from ieee80211_set_link_state() to a task context.

Sending routing messages requires a socket lock which may sleep.
ieee80211_set_link_state() is called from interrupts and timeouts where
sleeping is not allowed. mvs@ pointed out that if_link_state_change()
is already using a task for this reason.

Should fix a witness-related panic reported by cheloha@

ok mvs@ tobhe@ florian@

Add support for 40MHz channels to net80211 RA.

For the moment we use either the 40MHz rate set or the 20 MHz one,
depending on whether our peer supports 40MHz channels.
If this turns out to be suboptimal we could probe the 40MHz and 20MHz
rate sets separately to detect which one works better.

The same applies to use of the short guard interval (SGI), which is
either always on or off at the moment. Again, probing for this could
be added later if needed.

Undo pseudo-driver changes early in ieee80211_ifdetach() to prevent a
use-after-free when a wireless device is detached.

Pseudo-driver detach hooks may end up calling back into the driver, e.g. via
an ioctl. So these hooks must run before net80211 data structures are freed.

Reported by ratchov@ who saw the following trace when athn(4) detached while
it was part of a trunk(4) interface. The trunk(4) detach hooks were run after
ieee80211_ifdetach() had been run by athn_detach(). These hooks called back
into the driver via athn_ioctl() which now operated on freed memory.

uvm_fault(0xffffffff81facdd0, 0xb14, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at ieee80211_ba_del+0x20: cmpl $0,0x2c(%r15)
ddb{0}> ieee80211_ba_del(0) at ieee80211_ba_del+0x20
ieee80211_newstate(ffff8000000c1048,0,ffffffff) at ieee80211_newstate+0xb51
athn_stop(ffff8000000c1048,1) at athn_stop+0x70
athn_ioctl(ffff8000000c1048,80206910,ffff800014d63800) at athn_ioctl+0x15b
ifnewlladdr(ffff8000000c1048) at ifnewlladdr+0x100
trunk_port_destroy(ffff800000589800) at trunk_port_destroy+0x320
if_hooks_run(ffff8000000c10b8) at if_hooks_run+0xb0
if_deactivate(ffff8000000c1048) at if_deactivate+0x24
ether_ifdetach(ffff8000000c1048) at ether_ifdetach+0x1d
athn_detach(ffff8000000c1000) at athn_detach+0x17b
athn_pci_detach(ffff8000000c1000,1) at athn_pci_detach+0x2a
config_detach(ffff8000000c1000,1) at config_detach+0x156
config_detach_children(ffff8000000b7500,1) at config_detach_children+0x58
pci_detach_devices(ffff8000000b7500,1) at pci_detach_devices+0x24
ppb_hotplug_remove(ffff800000033e00) at ppb_hotplug_remove+0x35
taskq_thread(ffffffff81f4bd48) at

ok mpi@ ratchov@

Fix ifconfig "media:" line for 11n wifi interfaces during and after bgscan.

Media was displayed as e.g. "autoselect (OFDM6)" even though 11n was active
because the current media mode is changed to AUTO for background scanning
and was never switched back to 11N.

ok mpi@ pirofti@

Don't start background scans before WPA handshake has completed.
ok phessler

Whitespace removal, no code change.

Give access points which fail to AUTH or ASSOC less priority during
the next selection of networks from the join list. Prevents endless
attempts to connect to an AP which is out of reach but still somehow
manages to get a beacon or two across to us during scan.

Tested with wifi networks at the University of Bucharest.
Makes switching wifi networks possible after walking to a different
room without having to down/up the interface or suspend/resume.

ok phessler@

Raise net80211's "beacon miss" threshold to avoid frequent re-connects
to APs that are relatively far away and suffer some packet loss.

The former threshold was 7 beacons (about 700 ms).
This raises the threshold to 30 beacons (about 3 seconds).
Should still be good enough for detecting APs that have disappeared, and
makes wifi networks provided by the University of Bucharest more reliable
in the p2k19 hackroom.

While here, make 'ifconfig iwm0/iwn0 debug' print an obvious message when
we believe that the AP has disappeared.

Problem reported and fix tested by landry@ / pirofti@
ok mpi@ sthen@

Reset the current wireless PHY mode to 'auto' when a scan begins if we
are in media autoselect mode.

The interface might have been switched to a fixed PHY mode during association
and keeping it fixed will mislead AP selection after roaming failure.

Problem found and diagnosed at CCC camp 2019
Tested by myself, fkr@, chris@

Add support for 802.11n Tx aggregation to net80211 and the iwn(4) driver.

In particular, add Tx block ack session management to net80211, with
enough funcionality to support Tx aggregation on devices which perform
A-MPDU subframe scheduling in firmware.
Make use of the iwn(4) firmware Tx scheduler to build A-MPDUs.

net80211's QoS support code is now enabled and used by Tx aggregation.

A-MSDU frames inside A-MPDUs have been tested and work in principle.
For now, this feature is disabled because unfair TCP connection sharing
was observed during testing, where bursts of TCP Ack frames for a single
tcpbench(1) connection arriving in A-MSDUs made other TCP connections stall.
Switch off support for A-MSDUs inside A-MPDUs on the Rx side as well.

Tested on iwn chipsets 1000, 4965, 5100, 5300, 2200, 6200, 6205, 6300
(committed version of tested diff has all debug printfs removed)
tests/ok benno kmos mlarkin kevlo

Revised version of 'ifconfig mode' command fix.

The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.

ok phessler, jmatthew (earlier version)
relentless testing by krw@

Revert my "Repair the 'ifconfig mode' command" commit.

The "recursion in end_scan()" problem is apparently still present in
the committed version of the diff (reported by krw@).

Repair the 'ifconfig mode' command.

The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.

ok phessler, jmatthew

Fix out-of-bounds array access in ieee80211_setbasicrates(); CID 1479607
ok kettenis@

Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

Move 802.11n rateset definitions out of MiRA and make them available to
net80211 and drivers in general. Add ratesets for 'short guard interval'
(SGI) rates, and add SGI support to MiRA. SGI is currently only used by
iwm(4), and of course internally by bwfm(4) firmware.
Ratesets for 11n 40 MHz channels and 11ac will come later.
ok mpi@ phessler@

Nuke unused LIST() ieee80211com_head.

ok stsp@

Disambiguate the source of panics in sys/net* by adding __func__
magic constant to panic() calls.
ok benno@ henning@ tb@

When starting a background scan, free the nodes table to ensure we
get an up-to-date view of APs around us. In particular, we need to
kick out the AP we are associated to. Otherwise, our current AP might
stay cached if it is turned off while we are scanning, and we could
end up picking a now non-existent but "good looking" AP over and over.

found with and ok phessler@

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

remove the background scan timeout on detach, so we don't crash shortly
afterwards.

crash reported by Piotr Isajew
ok stsp@

Make ieee80211_chan2ieee() panic if a bogus channel pointer is detected.
ok patrick@

Add support for background scanning to net80211 and iwm(4).

The iwm(4) driver will now roam between access points which share an SSID.
Use 'ifconfig iwm0 debug' and 'tail -f /var/log/messages' to watch it do so.

Tested by several people in various iterations.
As usual, let me know if you run into issues.

ok phessler deraadt

When selecting the next wireless mode during the scan loop, always select
AUTO mode if the driver scans all bands at once. Otherwise the net80211
layer unnecessarily filters out some of the beacons received by the device.
ok phessler@ mpi@ kevlo@

Initialize the link state of a wireless interface to DOWN when the
interface is attached to the net80211 layer. Prevents confusion
in cases where drivers forget to initialize the link state.
ok mpi@ kettenis@

The net80211 stack was providing a 'beacon miss timeout' value (in ms)
which specified how much time may elapse without beacons before drivers
begin searching for a new AP.

Drivers convert this timeout value into the amount of beacons they're allowed
to miss. Having the stack provide this number upfront simplifies things.

ok mpi@

Improve the new ieee80211_{min,max}_rates() APIs and fix regressions.

Instead of returning an index into ni_rates, return the RVAL of the
basic rate we want to use. This allows a driver to unambiguously map
the basic rate to the corresponding hardware-specific rate value, and
reduces the possibility of bugs where indices are used with arrays
they weren't intended for.

Adjust iwn(4) accordingly, and use the lowest instead of the highest
basic rate in iwn_tx() to cope better in noisy environments.

Fixes association problems on 5GHz reported by tb@

Introduce ieee80211_min_basic_rate() and ieee80211_max_basic_rate().

These helpers can be used by drivers to improve compatibility with APs
that disable some mandatory PHY rates in the basic rate set.

For instance, many of our drivers hard-code 11b rates on 2 Ghz and run
into problems when APs disable them. Since 11b rates are being disabled
by default by some vendors, hardcoding them is not a good idea anymore.

ok mpi@ phessler@

Fix fallout from turbo mode removal commit: Channel initialization
was broken and lots of drivers ran into trouble as a result.
ok deraadt@

Remove wireless turbo mode support. It is a non-standard extension
which only worked with ath(4) devices from a decade ago.
Diff tested on ath(4) hardware by me to verify that 11a/b modes still work.
ok reyk deraadt chris sthen kettenis

Remove the IEEE80211_NO_HT macro. Reduces ifdef spaghetti, enables 11n mode
in bsd.rd, and might uncover some bugs. Suggested by tedu@ and deraadt@.
ok sthen@ jasper@ deraadt@

Don't return 11n mode from ieee80211_chan2mode() so we can switch into
11a and 11b/g mode correctly when the driver supports 11n.
And make sure the result of this funtion is only used to index ic_sup_rates.
Its stated purpose is to help select a legacy rate.
ok sthen jasper kettenis deraadt mpi

Skip over 11n mode during scanning to avoid scanning channels more than once.
ok sthen jasper kettenis deraadt mpi

Fix out of bounds array access in ieee80211_setbasicrates().
found by + ok jsg@

Don't forget about monitor mode while building the ifmedia list
for 802.11n capable wireless drivers.
ok mpi@

correct logic for a IEEE80211_MODE_11N test
ok stsp@

Expose 11n mode to the ifmedia layer and introduce the concept of MCS.
Make sure 11n features are enabled only if media type is autoselect or 11n.

11n mode uses MCS (modulation & coding scheme) instead of rates like 11a/b/g.
This means we'll have to take the current mode into account and decide whether
to use a rate or an MCS for transmission. Receiving frames on legacy rates
will still work in 11n mode. We just won't be using legacy rates to send
data frames to an STA or AP we negotiated 11n features with.

My initial plan was to grow the ieee80211_rateset structure and treat MCS
just like rates. However, ieee80211_rateset corresponds to rates and xrates
elements in management frames and is copied directly into such elements
so its size cannot change. Thus, MCS stands on its own and corresponds to
elements in management frames related to 11n HT capabilities.

ok deraadt mpi phessler kettenis guenther

IEEE80211_MODE_MAX has been raised to include 11n mode so make sure that
ieee80211_media_init doesn't index its rates array beyond turbo mode.

Declare 802.11n mode and channel flags. Tweak 11n related fields in struct
ieee80211com and move them inside #ifndef IEEE80211_NO_HT without breaking
the build in rsu(4) for RAMDISK_CD.
Also declare 11n protection modes and MCS count.
ok deraadt mpi kettenis guenther

Spell all "unexpected mode %u" panics in lower case, not just one of them.

Add ieee80211_channel_init(), factored out from ieee80211_ifattach().
Will be used by iwm(4) soon.
ok kettenis@

Make room for media types of the future. Extend the ifmedia word to 64 bits.
This changes numbers of the SIOCSIFMEDIA and SIOCGIFMEDIA ioctls and
grows struct ifmediareq.

Old ifconfig and dhclient binaries can still assign addresses, however
the 'media' subcommand stops working. Recompiling ifconfig and dhclient
with new headers before a reboot should not be necessary unless in very
special circumstances where non-default media settings must be used to
get link and console access is not available.

There may be some MD fallout but that will be cleared up later.

ok deraadt miod
with help and suggestions from several sharks attending l2k15

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef some more INET. v4 4life.

remove uneeded proc.h includes
ok mpi@ kspillner@

use nitems() instead of various local constructs

ok stsp@

Remove unneeded include.

ok deraadt@

No "\n" needed at the end of panic() strings.

Bogus chunks pointed out by matthew@ and miod@. No cookies for
marco@ and jasper@.

ok deraadt@ miod@ matthew@ jasper@ macro@

when wpa is enabled, defer setting the link up until the 802.1X
port is valid (keys have been successfully exchanged.)
this avoids dhclient timeouts when wpa is enabled.

s/hz/Hz/ on multiples of the SI unit hertz other than MHz.

reminded by STeve Andre.

make wireless interfaces priority 4 by default. other interfaces remain
priority 0. while we are in here make sure we add wi interfaces to group "wlan"
in the same way the net80211 stuff already is.

this makes dhcp multiple default routes useful on laptops.

ok claudio@

move code to support Frequency-Hopping spread spectrum (FHSS) PHYs
to the Attic. nothing uses it in the tree and it is very unlikely
that something will use it one day.
the only driver supporting FHSS PHYs in the tree is ray(4) and it
does not use net80211.

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

s/IEEE80211_DPRINTF/DPRINTF/
automatically prepend __func__ to output.

deobfuscates debug messages a bit.
no binary change unless compiled with IEEE80211_DEBUG.

add ieee80211_priv.h file: contains definitions private to net80211.
this must not be included by drivers.

move things from ieee80211_ifattach() to ieee80211_crypto_attach().

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

make it clear in the code and in the man page that the rate2plcp and
plcp2rate functions use plcp codes in most-significant-bit-first format
(R4-R1).
some drivers like wpi(4) and iwn(4) want plcp codes in lsb-first format
so they can't use those functions.
also the IEEE standard uses R1-R4 notation so this can be a bit confusing
for those refering to it.

use u_int8_t for plcp code and rate instead of int.

Add ieee80211_rate2plcp() and ieee80211_plcp2rate() functions, which
convert the PLCP header signal field to a rate value and vice versa.

This implementation has been discussed with Damien and doesn't change
any existing net80211 structures.

ok damien@

Revert last commit which added ieee80211_rate2plcp() and
ieee80211_plcp2rate() because I've got a late feedback from Damien that
he dislike the implementation method a lot.

Add ieee80211_rate2plcp() and ieee80211_plcp2rate() functions.

Help and OK reyk@

realy -> really in comments. Most reported on tech@ by Jung.

maintain the traffic-indication (TIM) virtual bitmap by defining
a default ieee80211_set_tim() function that drivers can override
by setting ic_set_tim.

constify

de-static

ok jsg@

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

print the phy mode in IFF_DEBUG status output which helps to debug
dual/multi mode chipset operation.

ok jsg@

Put all net80211 interfaces into the ``wlan'' interface group. Idea from me,
name ``wlan'' from henning@.

ok mbalmer@, reyk@, henning@, msf@

do not have each net80211 driver define its own rates structures. if they use
the standard rates, use some defined by net80211 itself. kernel shrinks a bit
ok jsg mglocker

Improve 802.11b/g interoperability and move toward better compliance
with IEEE Std 802.11g-2003 standard:

- add ERP Information Element in probe responses and beacons
- keep track of the number of associated non-ERP STAs and non-short slot
time capable STAs in the BSS
- enable use of RTS/CTS or CTS-to-self protection when required by the BSS
- add a ic_updateslot() callback to notify drivers of slot time changes
- cleanup computation of mgmt frames sizes in ieee80211_output.c
- nuke unnecessary <sys/cdefs.h> includes
- remove an unused macro (LOGICALLY_EQUAL) while i'm here

From {free,net}bsd, with additional fixes.

ok brad@, reyk@

Remove redundant calls to bpfdetach.
ok brad@

/* fall thru... */ -> /* FALLTHROUGH */

minor knf

mostly knf

ok jsg@

Remove the last of the FreeBSD compatiblity goop.
ok reyk@

Remove FreeBSD if_printf compat function from net80211.
ok reyk@

reset the scan state for each new mode

ok jsg@

Remove FreeBSD/NetBSD ifdef mess. We are not likely to be
doing a wholesale merge with them in future.
very enthusiastic ok from reyk@

enable IFCAP_VLAN_MTU because IEEE 802.11 defines a MTU of about 2290.
successfully tested with ural, ath, atw, atu and ath.

ok jsg@, brad@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

scan the next mode if nothing has been found. this is necessary if the
device supports different incompatible modes in the same channel
range, like like 11b and "pure" 11G mode.

ok dlg@ pvalchev@

send raw 802.11 frames with bpf(4) using the IEEE802_11 or
IEEE802_11_RADIO data link types.

ok canacar@ damien@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

Use IFM_IEEE80211_IBSS for IBSS mode instead of IFM_IEEE80211_ADHOC.
With this ipw(4) works in IBSS mode.
ok millert@ aaron@ damien@

some changes merged in from netbsd. ieee80211_regdomain.# will be used
by sdr (software defined radios).

ok deraadt@ millert@ damien@

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

Add 11ac/VHT Tx rate adaptation support to net80211.

Based on our existing RA module for 11n.
The main difference is in dealing with 11ac-specific ratesets.
Tx rate selection heuristics remain identical.

Only supports 80MHz channels, for now. 160MHz is left for future work.

ok sthen@

Add initial 802.11ac (VHT) support to net80211.

Add VHT capability and operation IE definitions to ieee80211.h.
Introduce channel flags to identify 80MHz and 160MHz capable channels.

Parse VHT IEs in beacons, announce the driver's VHT capabilities in
probe requests and assoc requests, and hop into 11ac mode after
association to the AP if possible.

Enable VHT by default if the driver announces support for it.

ok claudio@

Defer rtm_80211info() call from ieee80211_set_link_state() to a task context.

Sending routing messages requires a socket lock which may sleep.
ieee80211_set_link_state() is called from interrupts and timeouts where
sleeping is not allowed. mvs@ pointed out that if_link_state_change()
is already using a task for this reason.

Should fix a witness-related panic reported by cheloha@

ok mvs@ tobhe@ florian@

Add support for 40MHz channels to net80211 RA.

For the moment we use either the 40MHz rate set or the 20 MHz one,
depending on whether our peer supports 40MHz channels.
If this turns out to be suboptimal we could probe the 40MHz and 20MHz
rate sets separately to detect which one works better.

The same applies to use of the short guard interval (SGI), which is
either always on or off at the moment. Again, probing for this could
be added later if needed.

Undo pseudo-driver changes early in ieee80211_ifdetach() to prevent a
use-after-free when a wireless device is detached.

Pseudo-driver detach hooks may end up calling back into the driver, e.g. via
an ioctl. So these hooks must run before net80211 data structures are freed.

Reported by ratchov@ who saw the following trace when athn(4) detached while
it was part of a trunk(4) interface. The trunk(4) detach hooks were run after
ieee80211_ifdetach() had been run by athn_detach(). These hooks called back
into the driver via athn_ioctl() which now operated on freed memory.

uvm_fault(0xffffffff81facdd0, 0xb14, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at ieee80211_ba_del+0x20: cmpl $0,0x2c(%r15)
ddb{0}> ieee80211_ba_del(0) at ieee80211_ba_del+0x20
ieee80211_newstate(ffff8000000c1048,0,ffffffff) at ieee80211_newstate+0xb51
athn_stop(ffff8000000c1048,1) at athn_stop+0x70
athn_ioctl(ffff8000000c1048,80206910,ffff800014d63800) at athn_ioctl+0x15b
ifnewlladdr(ffff8000000c1048) at ifnewlladdr+0x100
trunk_port_destroy(ffff800000589800) at trunk_port_destroy+0x320
if_hooks_run(ffff8000000c10b8) at if_hooks_run+0xb0
if_deactivate(ffff8000000c1048) at if_deactivate+0x24
ether_ifdetach(ffff8000000c1048) at ether_ifdetach+0x1d
athn_detach(ffff8000000c1000) at athn_detach+0x17b
athn_pci_detach(ffff8000000c1000,1) at athn_pci_detach+0x2a
config_detach(ffff8000000c1000,1) at config_detach+0x156
config_detach_children(ffff8000000b7500,1) at config_detach_children+0x58
pci_detach_devices(ffff8000000b7500,1) at pci_detach_devices+0x24
ppb_hotplug_remove(ffff800000033e00) at ppb_hotplug_remove+0x35
taskq_thread(ffffffff81f4bd48) at

ok mpi@ ratchov@

Fix ifconfig "media:" line for 11n wifi interfaces during and after bgscan.

Media was displayed as e.g. "autoselect (OFDM6)" even though 11n was active
because the current media mode is changed to AUTO for background scanning
and was never switched back to 11N.

ok mpi@ pirofti@

Don't start background scans before WPA handshake has completed.
ok phessler

Whitespace removal, no code change.

Give access points which fail to AUTH or ASSOC less priority during
the next selection of networks from the join list. Prevents endless
attempts to connect to an AP which is out of reach but still somehow
manages to get a beacon or two across to us during scan.

Tested with wifi networks at the University of Bucharest.
Makes switching wifi networks possible after walking to a different
room without having to down/up the interface or suspend/resume.

ok phessler@

Raise net80211's "beacon miss" threshold to avoid frequent re-connects
to APs that are relatively far away and suffer some packet loss.

The former threshold was 7 beacons (about 700 ms).
This raises the threshold to 30 beacons (about 3 seconds).
Should still be good enough for detecting APs that have disappeared, and
makes wifi networks provided by the University of Bucharest more reliable
in the p2k19 hackroom.

While here, make 'ifconfig iwm0/iwn0 debug' print an obvious message when
we believe that the AP has disappeared.

Problem reported and fix tested by landry@ / pirofti@
ok mpi@ sthen@

Reset the current wireless PHY mode to 'auto' when a scan begins if we
are in media autoselect mode.

The interface might have been switched to a fixed PHY mode during association
and keeping it fixed will mislead AP selection after roaming failure.

Problem found and diagnosed at CCC camp 2019
Tested by myself, fkr@, chris@

Add support for 802.11n Tx aggregation to net80211 and the iwn(4) driver.

In particular, add Tx block ack session management to net80211, with
enough funcionality to support Tx aggregation on devices which perform
A-MPDU subframe scheduling in firmware.
Make use of the iwn(4) firmware Tx scheduler to build A-MPDUs.

net80211's QoS support code is now enabled and used by Tx aggregation.

A-MSDU frames inside A-MPDUs have been tested and work in principle.
For now, this feature is disabled because unfair TCP connection sharing
was observed during testing, where bursts of TCP Ack frames for a single
tcpbench(1) connection arriving in A-MSDUs made other TCP connections stall.
Switch off support for A-MSDUs inside A-MPDUs on the Rx side as well.

Tested on iwn chipsets 1000, 4965, 5100, 5300, 2200, 6200, 6205, 6300
(committed version of tested diff has all debug printfs removed)
tests/ok benno kmos mlarkin kevlo

Revised version of 'ifconfig mode' command fix.

The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.

ok phessler, jmatthew (earlier version)
relentless testing by krw@

Revert my "Repair the 'ifconfig mode' command" commit.

The "recursion in end_scan()" problem is apparently still present in
the committed version of the diff (reported by krw@).

Repair the 'ifconfig mode' command.

The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.

ok phessler, jmatthew

Fix out-of-bounds array access in ieee80211_setbasicrates(); CID 1479607
ok kettenis@

Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

Move 802.11n rateset definitions out of MiRA and make them available to
net80211 and drivers in general. Add ratesets for 'short guard interval'
(SGI) rates, and add SGI support to MiRA. SGI is currently only used by
iwm(4), and of course internally by bwfm(4) firmware.
Ratesets for 11n 40 MHz channels and 11ac will come later.
ok mpi@ phessler@

Nuke unused LIST() ieee80211com_head.

ok stsp@

Disambiguate the source of panics in sys/net* by adding __func__
magic constant to panic() calls.
ok benno@ henning@ tb@

When starting a background scan, free the nodes table to ensure we
get an up-to-date view of APs around us. In particular, we need to
kick out the AP we are associated to. Otherwise, our current AP might
stay cached if it is turned off while we are scanning, and we could
end up picking a now non-existent but "good looking" AP over and over.

found with and ok phessler@

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

remove the background scan timeout on detach, so we don't crash shortly
afterwards.

crash reported by Piotr Isajew
ok stsp@

Make ieee80211_chan2ieee() panic if a bogus channel pointer is detected.
ok patrick@

Add support for background scanning to net80211 and iwm(4).

The iwm(4) driver will now roam between access points which share an SSID.
Use 'ifconfig iwm0 debug' and 'tail -f /var/log/messages' to watch it do so.

Tested by several people in various iterations.
As usual, let me know if you run into issues.

ok phessler deraadt

When selecting the next wireless mode during the scan loop, always select
AUTO mode if the driver scans all bands at once. Otherwise the net80211
layer unnecessarily filters out some of the beacons received by the device.
ok phessler@ mpi@ kevlo@

Initialize the link state of a wireless interface to DOWN when the
interface is attached to the net80211 layer. Prevents confusion
in cases where drivers forget to initialize the link state.
ok mpi@ kettenis@

The net80211 stack was providing a 'beacon miss timeout' value (in ms)
which specified how much time may elapse without beacons before drivers
begin searching for a new AP.

Drivers convert this timeout value into the amount of beacons they're allowed
to miss. Having the stack provide this number upfront simplifies things.

ok mpi@

Improve the new ieee80211_{min,max}_rates() APIs and fix regressions.

Instead of returning an index into ni_rates, return the RVAL of the
basic rate we want to use. This allows a driver to unambiguously map
the basic rate to the corresponding hardware-specific rate value, and
reduces the possibility of bugs where indices are used with arrays
they weren't intended for.

Adjust iwn(4) accordingly, and use the lowest instead of the highest
basic rate in iwn_tx() to cope better in noisy environments.

Fixes association problems on 5GHz reported by tb@

Introduce ieee80211_min_basic_rate() and ieee80211_max_basic_rate().

These helpers can be used by drivers to improve compatibility with APs
that disable some mandatory PHY rates in the basic rate set.

For instance, many of our drivers hard-code 11b rates on 2 Ghz and run
into problems when APs disable them. Since 11b rates are being disabled
by default by some vendors, hardcoding them is not a good idea anymore.

ok mpi@ phessler@

Fix fallout from turbo mode removal commit: Channel initialization
was broken and lots of drivers ran into trouble as a result.
ok deraadt@

Remove wireless turbo mode support. It is a non-standard extension
which only worked with ath(4) devices from a decade ago.
Diff tested on ath(4) hardware by me to verify that 11a/b modes still work.
ok reyk deraadt chris sthen kettenis

Remove the IEEE80211_NO_HT macro. Reduces ifdef spaghetti, enables 11n mode
in bsd.rd, and might uncover some bugs. Suggested by tedu@ and deraadt@.
ok sthen@ jasper@ deraadt@

Don't return 11n mode from ieee80211_chan2mode() so we can switch into
11a and 11b/g mode correctly when the driver supports 11n.
And make sure the result of this funtion is only used to index ic_sup_rates.
Its stated purpose is to help select a legacy rate.
ok sthen jasper kettenis deraadt mpi

Skip over 11n mode during scanning to avoid scanning channels more than once.
ok sthen jasper kettenis deraadt mpi

Fix out of bounds array access in ieee80211_setbasicrates().
found by + ok jsg@

Don't forget about monitor mode while building the ifmedia list
for 802.11n capable wireless drivers.
ok mpi@

correct logic for a IEEE80211_MODE_11N test
ok stsp@

Expose 11n mode to the ifmedia layer and introduce the concept of MCS.
Make sure 11n features are enabled only if media type is autoselect or 11n.

11n mode uses MCS (modulation & coding scheme) instead of rates like 11a/b/g.
This means we'll have to take the current mode into account and decide whether
to use a rate or an MCS for transmission. Receiving frames on legacy rates
will still work in 11n mode. We just won't be using legacy rates to send
data frames to an STA or AP we negotiated 11n features with.

My initial plan was to grow the ieee80211_rateset structure and treat MCS
just like rates. However, ieee80211_rateset corresponds to rates and xrates
elements in management frames and is copied directly into such elements
so its size cannot change. Thus, MCS stands on its own and corresponds to
elements in management frames related to 11n HT capabilities.

ok deraadt mpi phessler kettenis guenther

IEEE80211_MODE_MAX has been raised to include 11n mode so make sure that
ieee80211_media_init doesn't index its rates array beyond turbo mode.

Declare 802.11n mode and channel flags. Tweak 11n related fields in struct
ieee80211com and move them inside #ifndef IEEE80211_NO_HT without breaking
the build in rsu(4) for RAMDISK_CD.
Also declare 11n protection modes and MCS count.
ok deraadt mpi kettenis guenther

Spell all "unexpected mode %u" panics in lower case, not just one of them.

Add ieee80211_channel_init(), factored out from ieee80211_ifattach().
Will be used by iwm(4) soon.
ok kettenis@

Make room for media types of the future. Extend the ifmedia word to 64 bits.
This changes numbers of the SIOCSIFMEDIA and SIOCGIFMEDIA ioctls and
grows struct ifmediareq.

Old ifconfig and dhclient binaries can still assign addresses, however
the 'media' subcommand stops working. Recompiling ifconfig and dhclient
with new headers before a reboot should not be necessary unless in very
special circumstances where non-default media settings must be used to
get link and console access is not available.

There may be some MD fallout but that will be cleared up later.

ok deraadt miod
with help and suggestions from several sharks attending l2k15

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef some more INET. v4 4life.

remove uneeded proc.h includes
ok mpi@ kspillner@

use nitems() instead of various local constructs

ok stsp@

Remove unneeded include.

ok deraadt@

No "\n" needed at the end of panic() strings.

Bogus chunks pointed out by matthew@ and miod@. No cookies for
marco@ and jasper@.

ok deraadt@ miod@ matthew@ jasper@ macro@

when wpa is enabled, defer setting the link up until the 802.1X
port is valid (keys have been successfully exchanged.)
this avoids dhclient timeouts when wpa is enabled.

s/hz/Hz/ on multiples of the SI unit hertz other than MHz.

reminded by STeve Andre.

make wireless interfaces priority 4 by default. other interfaces remain
priority 0. while we are in here make sure we add wi interfaces to group "wlan"
in the same way the net80211 stuff already is.

this makes dhcp multiple default routes useful on laptops.

ok claudio@

move code to support Frequency-Hopping spread spectrum (FHSS) PHYs
to the Attic. nothing uses it in the tree and it is very unlikely
that something will use it one day.
the only driver supporting FHSS PHYs in the tree is ray(4) and it
does not use net80211.

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

s/IEEE80211_DPRINTF/DPRINTF/
automatically prepend __func__ to output.

deobfuscates debug messages a bit.
no binary change unless compiled with IEEE80211_DEBUG.

add ieee80211_priv.h file: contains definitions private to net80211.
this must not be included by drivers.

move things from ieee80211_ifattach() to ieee80211_crypto_attach().

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

make it clear in the code and in the man page that the rate2plcp and
plcp2rate functions use plcp codes in most-significant-bit-first format
(R4-R1).
some drivers like wpi(4) and iwn(4) want plcp codes in lsb-first format
so they can't use those functions.
also the IEEE standard uses R1-R4 notation so this can be a bit confusing
for those refering to it.

use u_int8_t for plcp code and rate instead of int.

Add ieee80211_rate2plcp() and ieee80211_plcp2rate() functions, which
convert the PLCP header signal field to a rate value and vice versa.

This implementation has been discussed with Damien and doesn't change
any existing net80211 structures.

ok damien@

Revert last commit which added ieee80211_rate2plcp() and
ieee80211_plcp2rate() because I've got a late feedback from Damien that
he dislike the implementation method a lot.

Add ieee80211_rate2plcp() and ieee80211_plcp2rate() functions.

Help and OK reyk@

realy -> really in comments. Most reported on tech@ by Jung.

maintain the traffic-indication (TIM) virtual bitmap by defining
a default ieee80211_set_tim() function that drivers can override
by setting ic_set_tim.

constify

de-static

ok jsg@

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

print the phy mode in IFF_DEBUG status output which helps to debug
dual/multi mode chipset operation.

ok jsg@

Put all net80211 interfaces into the ``wlan'' interface group. Idea from me,
name ``wlan'' from henning@.

ok mbalmer@, reyk@, henning@, msf@

do not have each net80211 driver define its own rates structures. if they use
the standard rates, use some defined by net80211 itself. kernel shrinks a bit
ok jsg mglocker

Improve 802.11b/g interoperability and move toward better compliance
with IEEE Std 802.11g-2003 standard:

- add ERP Information Element in probe responses and beacons
- keep track of the number of associated non-ERP STAs and non-short slot
time capable STAs in the BSS
- enable use of RTS/CTS or CTS-to-self protection when required by the BSS
- add a ic_updateslot() callback to notify drivers of slot time changes
- cleanup computation of mgmt frames sizes in ieee80211_output.c
- nuke unnecessary <sys/cdefs.h> includes
- remove an unused macro (LOGICALLY_EQUAL) while i'm here

From {free,net}bsd, with additional fixes.

ok brad@, reyk@

Remove redundant calls to bpfdetach.
ok brad@

/* fall thru... */ -> /* FALLTHROUGH */

minor knf

mostly knf

ok jsg@

Remove the last of the FreeBSD compatiblity goop.
ok reyk@

Remove FreeBSD if_printf compat function from net80211.
ok reyk@

reset the scan state for each new mode

ok jsg@

Remove FreeBSD/NetBSD ifdef mess. We are not likely to be
doing a wholesale merge with them in future.
very enthusiastic ok from reyk@

enable IFCAP_VLAN_MTU because IEEE 802.11 defines a MTU of about 2290.
successfully tested with ural, ath, atw, atu and ath.

ok jsg@, brad@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

scan the next mode if nothing has been found. this is necessary if the
device supports different incompatible modes in the same channel
range, like like 11b and "pure" 11G mode.

ok dlg@ pvalchev@

send raw 802.11 frames with bpf(4) using the IEEE802_11 or
IEEE802_11_RADIO data link types.

ok canacar@ damien@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

Use IFM_IEEE80211_IBSS for IBSS mode instead of IFM_IEEE80211_ADHOC.
With this ipw(4) works in IBSS mode.
ok millert@ aaron@ damien@

some changes merged in from netbsd. ieee80211_regdomain.# will be used
by sdr (software defined radios).

ok deraadt@ millert@ damien@

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

Add initial 802.11ac (VHT) support to net80211.

Add VHT capability and operation IE definitions to ieee80211.h.
Introduce channel flags to identify 80MHz and 160MHz capable channels.

Parse VHT IEs in beacons, announce the driver's VHT capabilities in
probe requests and assoc requests, and hop into 11ac mode after
association to the AP if possible.

Enable VHT by default if the driver announces support for it.

ok claudio@

Defer rtm_80211info() call from ieee80211_set_link_state() to a task context.

Sending routing messages requires a socket lock which may sleep.
ieee80211_set_link_state() is called from interrupts and timeouts where
sleeping is not allowed. mvs@ pointed out that if_link_state_change()
is already using a task for this reason.

Should fix a witness-related panic reported by cheloha@

ok mvs@ tobhe@ florian@

Add support for 40MHz channels to net80211 RA.

For the moment we use either the 40MHz rate set or the 20 MHz one,
depending on whether our peer supports 40MHz channels.
If this turns out to be suboptimal we could probe the 40MHz and 20MHz
rate sets separately to detect which one works better.

The same applies to use of the short guard interval (SGI), which is
either always on or off at the moment. Again, probing for this could
be added later if needed.

Undo pseudo-driver changes early in ieee80211_ifdetach() to prevent a
use-after-free when a wireless device is detached.

Pseudo-driver detach hooks may end up calling back into the driver, e.g. via
an ioctl. So these hooks must run before net80211 data structures are freed.

Reported by ratchov@ who saw the following trace when athn(4) detached while
it was part of a trunk(4) interface. The trunk(4) detach hooks were run after
ieee80211_ifdetach() had been run by athn_detach(). These hooks called back
into the driver via athn_ioctl() which now operated on freed memory.

uvm_fault(0xffffffff81facdd0, 0xb14, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at ieee80211_ba_del+0x20: cmpl $0,0x2c(%r15)
ddb{0}> ieee80211_ba_del(0) at ieee80211_ba_del+0x20
ieee80211_newstate(ffff8000000c1048,0,ffffffff) at ieee80211_newstate+0xb51
athn_stop(ffff8000000c1048,1) at athn_stop+0x70
athn_ioctl(ffff8000000c1048,80206910,ffff800014d63800) at athn_ioctl+0x15b
ifnewlladdr(ffff8000000c1048) at ifnewlladdr+0x100
trunk_port_destroy(ffff800000589800) at trunk_port_destroy+0x320
if_hooks_run(ffff8000000c10b8) at if_hooks_run+0xb0
if_deactivate(ffff8000000c1048) at if_deactivate+0x24
ether_ifdetach(ffff8000000c1048) at ether_ifdetach+0x1d
athn_detach(ffff8000000c1000) at athn_detach+0x17b
athn_pci_detach(ffff8000000c1000,1) at athn_pci_detach+0x2a
config_detach(ffff8000000c1000,1) at config_detach+0x156
config_detach_children(ffff8000000b7500,1) at config_detach_children+0x58
pci_detach_devices(ffff8000000b7500,1) at pci_detach_devices+0x24
ppb_hotplug_remove(ffff800000033e00) at ppb_hotplug_remove+0x35
taskq_thread(ffffffff81f4bd48) at

ok mpi@ ratchov@

Fix ifconfig "media:" line for 11n wifi interfaces during and after bgscan.

Media was displayed as e.g. "autoselect (OFDM6)" even though 11n was active
because the current media mode is changed to AUTO for background scanning
and was never switched back to 11N.

ok mpi@ pirofti@

Don't start background scans before WPA handshake has completed.
ok phessler

Whitespace removal, no code change.

Give access points which fail to AUTH or ASSOC less priority during
the next selection of networks from the join list. Prevents endless
attempts to connect to an AP which is out of reach but still somehow
manages to get a beacon or two across to us during scan.

Tested with wifi networks at the University of Bucharest.
Makes switching wifi networks possible after walking to a different
room without having to down/up the interface or suspend/resume.

ok phessler@

Raise net80211's "beacon miss" threshold to avoid frequent re-connects
to APs that are relatively far away and suffer some packet loss.

The former threshold was 7 beacons (about 700 ms).
This raises the threshold to 30 beacons (about 3 seconds).
Should still be good enough for detecting APs that have disappeared, and
makes wifi networks provided by the University of Bucharest more reliable
in the p2k19 hackroom.

While here, make 'ifconfig iwm0/iwn0 debug' print an obvious message when
we believe that the AP has disappeared.

Problem reported and fix tested by landry@ / pirofti@
ok mpi@ sthen@

Reset the current wireless PHY mode to 'auto' when a scan begins if we
are in media autoselect mode.

The interface might have been switched to a fixed PHY mode during association
and keeping it fixed will mislead AP selection after roaming failure.

Problem found and diagnosed at CCC camp 2019
Tested by myself, fkr@, chris@

Add support for 802.11n Tx aggregation to net80211 and the iwn(4) driver.

In particular, add Tx block ack session management to net80211, with
enough funcionality to support Tx aggregation on devices which perform
A-MPDU subframe scheduling in firmware.
Make use of the iwn(4) firmware Tx scheduler to build A-MPDUs.

net80211's QoS support code is now enabled and used by Tx aggregation.

A-MSDU frames inside A-MPDUs have been tested and work in principle.
For now, this feature is disabled because unfair TCP connection sharing
was observed during testing, where bursts of TCP Ack frames for a single
tcpbench(1) connection arriving in A-MSDUs made other TCP connections stall.
Switch off support for A-MSDUs inside A-MPDUs on the Rx side as well.

Tested on iwn chipsets 1000, 4965, 5100, 5300, 2200, 6200, 6205, 6300
(committed version of tested diff has all debug printfs removed)
tests/ok benno kmos mlarkin kevlo

Revised version of 'ifconfig mode' command fix.

The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.

ok phessler, jmatthew (earlier version)
relentless testing by krw@

Revert my "Repair the 'ifconfig mode' command" commit.

The "recursion in end_scan()" problem is apparently still present in
the committed version of the diff (reported by krw@).

Repair the 'ifconfig mode' command.

The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.

ok phessler, jmatthew

Fix out-of-bounds array access in ieee80211_setbasicrates(); CID 1479607
ok kettenis@

Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

Move 802.11n rateset definitions out of MiRA and make them available to
net80211 and drivers in general. Add ratesets for 'short guard interval'
(SGI) rates, and add SGI support to MiRA. SGI is currently only used by
iwm(4), and of course internally by bwfm(4) firmware.
Ratesets for 11n 40 MHz channels and 11ac will come later.
ok mpi@ phessler@

Nuke unused LIST() ieee80211com_head.

ok stsp@

Disambiguate the source of panics in sys/net* by adding __func__
magic constant to panic() calls.
ok benno@ henning@ tb@

When starting a background scan, free the nodes table to ensure we
get an up-to-date view of APs around us. In particular, we need to
kick out the AP we are associated to. Otherwise, our current AP might
stay cached if it is turned off while we are scanning, and we could
end up picking a now non-existent but "good looking" AP over and over.

found with and ok phessler@

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

remove the background scan timeout on detach, so we don't crash shortly
afterwards.

crash reported by Piotr Isajew
ok stsp@

Make ieee80211_chan2ieee() panic if a bogus channel pointer is detected.
ok patrick@

Add support for background scanning to net80211 and iwm(4).

The iwm(4) driver will now roam between access points which share an SSID.
Use 'ifconfig iwm0 debug' and 'tail -f /var/log/messages' to watch it do so.

Tested by several people in various iterations.
As usual, let me know if you run into issues.

ok phessler deraadt

When selecting the next wireless mode during the scan loop, always select
AUTO mode if the driver scans all bands at once. Otherwise the net80211
layer unnecessarily filters out some of the beacons received by the device.
ok phessler@ mpi@ kevlo@

Initialize the link state of a wireless interface to DOWN when the
interface is attached to the net80211 layer. Prevents confusion
in cases where drivers forget to initialize the link state.
ok mpi@ kettenis@

The net80211 stack was providing a 'beacon miss timeout' value (in ms)
which specified how much time may elapse without beacons before drivers
begin searching for a new AP.

Drivers convert this timeout value into the amount of beacons they're allowed
to miss. Having the stack provide this number upfront simplifies things.

ok mpi@

Improve the new ieee80211_{min,max}_rates() APIs and fix regressions.

Instead of returning an index into ni_rates, return the RVAL of the
basic rate we want to use. This allows a driver to unambiguously map
the basic rate to the corresponding hardware-specific rate value, and
reduces the possibility of bugs where indices are used with arrays
they weren't intended for.

Adjust iwn(4) accordingly, and use the lowest instead of the highest
basic rate in iwn_tx() to cope better in noisy environments.

Fixes association problems on 5GHz reported by tb@

Introduce ieee80211_min_basic_rate() and ieee80211_max_basic_rate().

These helpers can be used by drivers to improve compatibility with APs
that disable some mandatory PHY rates in the basic rate set.

For instance, many of our drivers hard-code 11b rates on 2 Ghz and run
into problems when APs disable them. Since 11b rates are being disabled
by default by some vendors, hardcoding them is not a good idea anymore.

ok mpi@ phessler@

Fix fallout from turbo mode removal commit: Channel initialization
was broken and lots of drivers ran into trouble as a result.
ok deraadt@

Remove wireless turbo mode support. It is a non-standard extension
which only worked with ath(4) devices from a decade ago.
Diff tested on ath(4) hardware by me to verify that 11a/b modes still work.
ok reyk deraadt chris sthen kettenis

Remove the IEEE80211_NO_HT macro. Reduces ifdef spaghetti, enables 11n mode
in bsd.rd, and might uncover some bugs. Suggested by tedu@ and deraadt@.
ok sthen@ jasper@ deraadt@

Don't return 11n mode from ieee80211_chan2mode() so we can switch into
11a and 11b/g mode correctly when the driver supports 11n.
And make sure the result of this funtion is only used to index ic_sup_rates.
Its stated purpose is to help select a legacy rate.
ok sthen jasper kettenis deraadt mpi

Skip over 11n mode during scanning to avoid scanning channels more than once.
ok sthen jasper kettenis deraadt mpi

Fix out of bounds array access in ieee80211_setbasicrates().
found by + ok jsg@

Don't forget about monitor mode while building the ifmedia list
for 802.11n capable wireless drivers.
ok mpi@

correct logic for a IEEE80211_MODE_11N test
ok stsp@

Expose 11n mode to the ifmedia layer and introduce the concept of MCS.
Make sure 11n features are enabled only if media type is autoselect or 11n.

11n mode uses MCS (modulation & coding scheme) instead of rates like 11a/b/g.
This means we'll have to take the current mode into account and decide whether
to use a rate or an MCS for transmission. Receiving frames on legacy rates
will still work in 11n mode. We just won't be using legacy rates to send
data frames to an STA or AP we negotiated 11n features with.

My initial plan was to grow the ieee80211_rateset structure and treat MCS
just like rates. However, ieee80211_rateset corresponds to rates and xrates
elements in management frames and is copied directly into such elements
so its size cannot change. Thus, MCS stands on its own and corresponds to
elements in management frames related to 11n HT capabilities.

ok deraadt mpi phessler kettenis guenther

IEEE80211_MODE_MAX has been raised to include 11n mode so make sure that
ieee80211_media_init doesn't index its rates array beyond turbo mode.

Declare 802.11n mode and channel flags. Tweak 11n related fields in struct
ieee80211com and move them inside #ifndef IEEE80211_NO_HT without breaking
the build in rsu(4) for RAMDISK_CD.
Also declare 11n protection modes and MCS count.
ok deraadt mpi kettenis guenther

Spell all "unexpected mode %u" panics in lower case, not just one of them.

Add ieee80211_channel_init(), factored out from ieee80211_ifattach().
Will be used by iwm(4) soon.
ok kettenis@

Make room for media types of the future. Extend the ifmedia word to 64 bits.
This changes numbers of the SIOCSIFMEDIA and SIOCGIFMEDIA ioctls and
grows struct ifmediareq.

Old ifconfig and dhclient binaries can still assign addresses, however
the 'media' subcommand stops working. Recompiling ifconfig and dhclient
with new headers before a reboot should not be necessary unless in very
special circumstances where non-default media settings must be used to
get link and console access is not available.

There may be some MD fallout but that will be cleared up later.

ok deraadt miod
with help and suggestions from several sharks attending l2k15

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef some more INET. v4 4life.

remove uneeded proc.h includes
ok mpi@ kspillner@

use nitems() instead of various local constructs

ok stsp@

Remove unneeded include.

ok deraadt@

No "\n" needed at the end of panic() strings.

Bogus chunks pointed out by matthew@ and miod@. No cookies for
marco@ and jasper@.

ok deraadt@ miod@ matthew@ jasper@ macro@

when wpa is enabled, defer setting the link up until the 802.1X
port is valid (keys have been successfully exchanged.)
this avoids dhclient timeouts when wpa is enabled.

s/hz/Hz/ on multiples of the SI unit hertz other than MHz.

reminded by STeve Andre.

make wireless interfaces priority 4 by default. other interfaces remain
priority 0. while we are in here make sure we add wi interfaces to group "wlan"
in the same way the net80211 stuff already is.

this makes dhcp multiple default routes useful on laptops.

ok claudio@

move code to support Frequency-Hopping spread spectrum (FHSS) PHYs
to the Attic. nothing uses it in the tree and it is very unlikely
that something will use it one day.
the only driver supporting FHSS PHYs in the tree is ray(4) and it
does not use net80211.

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

s/IEEE80211_DPRINTF/DPRINTF/
automatically prepend __func__ to output.

deobfuscates debug messages a bit.
no binary change unless compiled with IEEE80211_DEBUG.

add ieee80211_priv.h file: contains definitions private to net80211.
this must not be included by drivers.

move things from ieee80211_ifattach() to ieee80211_crypto_attach().

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

make it clear in the code and in the man page that the rate2plcp and
plcp2rate functions use plcp codes in most-significant-bit-first format
(R4-R1).
some drivers like wpi(4) and iwn(4) want plcp codes in lsb-first format
so they can't use those functions.
also the IEEE standard uses R1-R4 notation so this can be a bit confusing
for those refering to it.

use u_int8_t for plcp code and rate instead of int.

Add ieee80211_rate2plcp() and ieee80211_plcp2rate() functions, which
convert the PLCP header signal field to a rate value and vice versa.

This implementation has been discussed with Damien and doesn't change
any existing net80211 structures.

ok damien@

Revert last commit which added ieee80211_rate2plcp() and
ieee80211_plcp2rate() because I've got a late feedback from Damien that
he dislike the implementation method a lot.

Add ieee80211_rate2plcp() and ieee80211_plcp2rate() functions.

Help and OK reyk@

realy -> really in comments. Most reported on tech@ by Jung.

maintain the traffic-indication (TIM) virtual bitmap by defining
a default ieee80211_set_tim() function that drivers can override
by setting ic_set_tim.

constify

de-static

ok jsg@

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

print the phy mode in IFF_DEBUG status output which helps to debug
dual/multi mode chipset operation.

ok jsg@

Put all net80211 interfaces into the ``wlan'' interface group. Idea from me,
name ``wlan'' from henning@.

ok mbalmer@, reyk@, henning@, msf@

do not have each net80211 driver define its own rates structures. if they use
the standard rates, use some defined by net80211 itself. kernel shrinks a bit
ok jsg mglocker

Improve 802.11b/g interoperability and move toward better compliance
with IEEE Std 802.11g-2003 standard:

- add ERP Information Element in probe responses and beacons
- keep track of the number of associated non-ERP STAs and non-short slot
time capable STAs in the BSS
- enable use of RTS/CTS or CTS-to-self protection when required by the BSS
- add a ic_updateslot() callback to notify drivers of slot time changes
- cleanup computation of mgmt frames sizes in ieee80211_output.c
- nuke unnecessary <sys/cdefs.h> includes
- remove an unused macro (LOGICALLY_EQUAL) while i'm here

From {free,net}bsd, with additional fixes.

ok brad@, reyk@

Remove redundant calls to bpfdetach.
ok brad@

/* fall thru... */ -> /* FALLTHROUGH */

minor knf

mostly knf

ok jsg@

Remove the last of the FreeBSD compatiblity goop.
ok reyk@

Remove FreeBSD if_printf compat function from net80211.
ok reyk@

reset the scan state for each new mode

ok jsg@

Remove FreeBSD/NetBSD ifdef mess. We are not likely to be
doing a wholesale merge with them in future.
very enthusiastic ok from reyk@

enable IFCAP_VLAN_MTU because IEEE 802.11 defines a MTU of about 2290.
successfully tested with ural, ath, atw, atu and ath.

ok jsg@, brad@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

scan the next mode if nothing has been found. this is necessary if the
device supports different incompatible modes in the same channel
range, like like 11b and "pure" 11G mode.

ok dlg@ pvalchev@

send raw 802.11 frames with bpf(4) using the IEEE802_11 or
IEEE802_11_RADIO data link types.

ok canacar@ damien@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

Use IFM_IEEE80211_IBSS for IBSS mode instead of IFM_IEEE80211_ADHOC.
With this ipw(4) works in IBSS mode.
ok millert@ aaron@ damien@

some changes merged in from netbsd. ieee80211_regdomain.# will be used
by sdr (software defined radios).

ok deraadt@ millert@ damien@

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

Defer rtm_80211info() call from ieee80211_set_link_state() to a task context.

Sending routing messages requires a socket lock which may sleep.
ieee80211_set_link_state() is called from interrupts and timeouts where
sleeping is not allowed. mvs@ pointed out that if_link_state_change()
is already using a task for this reason.

Should fix a witness-related panic reported by cheloha@

ok mvs@ tobhe@ florian@

Add support for 40MHz channels to net80211 RA.

For the moment we use either the 40MHz rate set or the 20 MHz one,
depending on whether our peer supports 40MHz channels.
If this turns out to be suboptimal we could probe the 40MHz and 20MHz
rate sets separately to detect which one works better.

The same applies to use of the short guard interval (SGI), which is
either always on or off at the moment. Again, probing for this could
be added later if needed.

Undo pseudo-driver changes early in ieee80211_ifdetach() to prevent a
use-after-free when a wireless device is detached.

Pseudo-driver detach hooks may end up calling back into the driver, e.g. via
an ioctl. So these hooks must run before net80211 data structures are freed.

Reported by ratchov@ who saw the following trace when athn(4) detached while
it was part of a trunk(4) interface. The trunk(4) detach hooks were run after
ieee80211_ifdetach() had been run by athn_detach(). These hooks called back
into the driver via athn_ioctl() which now operated on freed memory.

uvm_fault(0xffffffff81facdd0, 0xb14, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at ieee80211_ba_del+0x20: cmpl $0,0x2c(%r15)
ddb{0}> ieee80211_ba_del(0) at ieee80211_ba_del+0x20
ieee80211_newstate(ffff8000000c1048,0,ffffffff) at ieee80211_newstate+0xb51
athn_stop(ffff8000000c1048,1) at athn_stop+0x70
athn_ioctl(ffff8000000c1048,80206910,ffff800014d63800) at athn_ioctl+0x15b
ifnewlladdr(ffff8000000c1048) at ifnewlladdr+0x100
trunk_port_destroy(ffff800000589800) at trunk_port_destroy+0x320
if_hooks_run(ffff8000000c10b8) at if_hooks_run+0xb0
if_deactivate(ffff8000000c1048) at if_deactivate+0x24
ether_ifdetach(ffff8000000c1048) at ether_ifdetach+0x1d
athn_detach(ffff8000000c1000) at athn_detach+0x17b
athn_pci_detach(ffff8000000c1000,1) at athn_pci_detach+0x2a
config_detach(ffff8000000c1000,1) at config_detach+0x156
config_detach_children(ffff8000000b7500,1) at config_detach_children+0x58
pci_detach_devices(ffff8000000b7500,1) at pci_detach_devices+0x24
ppb_hotplug_remove(ffff800000033e00) at ppb_hotplug_remove+0x35
taskq_thread(ffffffff81f4bd48) at

ok mpi@ ratchov@

Fix ifconfig "media:" line for 11n wifi interfaces during and after bgscan.

Media was displayed as e.g. "autoselect (OFDM6)" even though 11n was active
because the current media mode is changed to AUTO for background scanning
and was never switched back to 11N.

ok mpi@ pirofti@

Don't start background scans before WPA handshake has completed.
ok phessler

Whitespace removal, no code change.

Give access points which fail to AUTH or ASSOC less priority during
the next selection of networks from the join list. Prevents endless
attempts to connect to an AP which is out of reach but still somehow
manages to get a beacon or two across to us during scan.

Tested with wifi networks at the University of Bucharest.
Makes switching wifi networks possible after walking to a different
room without having to down/up the interface or suspend/resume.

ok phessler@

Raise net80211's "beacon miss" threshold to avoid frequent re-connects
to APs that are relatively far away and suffer some packet loss.

The former threshold was 7 beacons (about 700 ms).
This raises the threshold to 30 beacons (about 3 seconds).
Should still be good enough for detecting APs that have disappeared, and
makes wifi networks provided by the University of Bucharest more reliable
in the p2k19 hackroom.

While here, make 'ifconfig iwm0/iwn0 debug' print an obvious message when
we believe that the AP has disappeared.

Problem reported and fix tested by landry@ / pirofti@
ok mpi@ sthen@

Reset the current wireless PHY mode to 'auto' when a scan begins if we
are in media autoselect mode.

The interface might have been switched to a fixed PHY mode during association
and keeping it fixed will mislead AP selection after roaming failure.

Problem found and diagnosed at CCC camp 2019
Tested by myself, fkr@, chris@

Add support for 802.11n Tx aggregation to net80211 and the iwn(4) driver.

In particular, add Tx block ack session management to net80211, with
enough funcionality to support Tx aggregation on devices which perform
A-MPDU subframe scheduling in firmware.
Make use of the iwn(4) firmware Tx scheduler to build A-MPDUs.

net80211's QoS support code is now enabled and used by Tx aggregation.

A-MSDU frames inside A-MPDUs have been tested and work in principle.
For now, this feature is disabled because unfair TCP connection sharing
was observed during testing, where bursts of TCP Ack frames for a single
tcpbench(1) connection arriving in A-MSDUs made other TCP connections stall.
Switch off support for A-MSDUs inside A-MPDUs on the Rx side as well.

Tested on iwn chipsets 1000, 4965, 5100, 5300, 2200, 6200, 6205, 6300
(committed version of tested diff has all debug printfs removed)
tests/ok benno kmos mlarkin kevlo

Revised version of 'ifconfig mode' command fix.

The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.

ok phessler, jmatthew (earlier version)
relentless testing by krw@

Revert my "Repair the 'ifconfig mode' command" commit.

The "recursion in end_scan()" problem is apparently still present in
the committed version of the diff (reported by krw@).

Repair the 'ifconfig mode' command.

The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.

ok phessler, jmatthew

Fix out-of-bounds array access in ieee80211_setbasicrates(); CID 1479607
ok kettenis@

Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

Move 802.11n rateset definitions out of MiRA and make them available to
net80211 and drivers in general. Add ratesets for 'short guard interval'
(SGI) rates, and add SGI support to MiRA. SGI is currently only used by
iwm(4), and of course internally by bwfm(4) firmware.
Ratesets for 11n 40 MHz channels and 11ac will come later.
ok mpi@ phessler@

Nuke unused LIST() ieee80211com_head.

ok stsp@

Disambiguate the source of panics in sys/net* by adding __func__
magic constant to panic() calls.
ok benno@ henning@ tb@

When starting a background scan, free the nodes table to ensure we
get an up-to-date view of APs around us. In particular, we need to
kick out the AP we are associated to. Otherwise, our current AP might
stay cached if it is turned off while we are scanning, and we could
end up picking a now non-existent but "good looking" AP over and over.

found with and ok phessler@

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

remove the background scan timeout on detach, so we don't crash shortly
afterwards.

crash reported by Piotr Isajew
ok stsp@

Make ieee80211_chan2ieee() panic if a bogus channel pointer is detected.
ok patrick@

Add support for background scanning to net80211 and iwm(4).

The iwm(4) driver will now roam between access points which share an SSID.
Use 'ifconfig iwm0 debug' and 'tail -f /var/log/messages' to watch it do so.

Tested by several people in various iterations.
As usual, let me know if you run into issues.

ok phessler deraadt

When selecting the next wireless mode during the scan loop, always select
AUTO mode if the driver scans all bands at once. Otherwise the net80211
layer unnecessarily filters out some of the beacons received by the device.
ok phessler@ mpi@ kevlo@

Initialize the link state of a wireless interface to DOWN when the
interface is attached to the net80211 layer. Prevents confusion
in cases where drivers forget to initialize the link state.
ok mpi@ kettenis@

The net80211 stack was providing a 'beacon miss timeout' value (in ms)
which specified how much time may elapse without beacons before drivers
begin searching for a new AP.

Drivers convert this timeout value into the amount of beacons they're allowed
to miss. Having the stack provide this number upfront simplifies things.

ok mpi@

Improve the new ieee80211_{min,max}_rates() APIs and fix regressions.

Instead of returning an index into ni_rates, return the RVAL of the
basic rate we want to use. This allows a driver to unambiguously map
the basic rate to the corresponding hardware-specific rate value, and
reduces the possibility of bugs where indices are used with arrays
they weren't intended for.

Adjust iwn(4) accordingly, and use the lowest instead of the highest
basic rate in iwn_tx() to cope better in noisy environments.

Fixes association problems on 5GHz reported by tb@

Introduce ieee80211_min_basic_rate() and ieee80211_max_basic_rate().

These helpers can be used by drivers to improve compatibility with APs
that disable some mandatory PHY rates in the basic rate set.

For instance, many of our drivers hard-code 11b rates on 2 Ghz and run
into problems when APs disable them. Since 11b rates are being disabled
by default by some vendors, hardcoding them is not a good idea anymore.

ok mpi@ phessler@

Fix fallout from turbo mode removal commit: Channel initialization
was broken and lots of drivers ran into trouble as a result.
ok deraadt@

Remove wireless turbo mode support. It is a non-standard extension
which only worked with ath(4) devices from a decade ago.
Diff tested on ath(4) hardware by me to verify that 11a/b modes still work.
ok reyk deraadt chris sthen kettenis

Remove the IEEE80211_NO_HT macro. Reduces ifdef spaghetti, enables 11n mode
in bsd.rd, and might uncover some bugs. Suggested by tedu@ and deraadt@.
ok sthen@ jasper@ deraadt@

Don't return 11n mode from ieee80211_chan2mode() so we can switch into
11a and 11b/g mode correctly when the driver supports 11n.
And make sure the result of this funtion is only used to index ic_sup_rates.
Its stated purpose is to help select a legacy rate.
ok sthen jasper kettenis deraadt mpi

Skip over 11n mode during scanning to avoid scanning channels more than once.
ok sthen jasper kettenis deraadt mpi

Fix out of bounds array access in ieee80211_setbasicrates().
found by + ok jsg@

Don't forget about monitor mode while building the ifmedia list
for 802.11n capable wireless drivers.
ok mpi@

correct logic for a IEEE80211_MODE_11N test
ok stsp@

Expose 11n mode to the ifmedia layer and introduce the concept of MCS.
Make sure 11n features are enabled only if media type is autoselect or 11n.

11n mode uses MCS (modulation & coding scheme) instead of rates like 11a/b/g.
This means we'll have to take the current mode into account and decide whether
to use a rate or an MCS for transmission. Receiving frames on legacy rates
will still work in 11n mode. We just won't be using legacy rates to send
data frames to an STA or AP we negotiated 11n features with.

My initial plan was to grow the ieee80211_rateset structure and treat MCS
just like rates. However, ieee80211_rateset corresponds to rates and xrates
elements in management frames and is copied directly into such elements
so its size cannot change. Thus, MCS stands on its own and corresponds to
elements in management frames related to 11n HT capabilities.

ok deraadt mpi phessler kettenis guenther

IEEE80211_MODE_MAX has been raised to include 11n mode so make sure that
ieee80211_media_init doesn't index its rates array beyond turbo mode.

Declare 802.11n mode and channel flags. Tweak 11n related fields in struct
ieee80211com and move them inside #ifndef IEEE80211_NO_HT without breaking
the build in rsu(4) for RAMDISK_CD.
Also declare 11n protection modes and MCS count.
ok deraadt mpi kettenis guenther

Spell all "unexpected mode %u" panics in lower case, not just one of them.

Add ieee80211_channel_init(), factored out from ieee80211_ifattach().
Will be used by iwm(4) soon.
ok kettenis@

Make room for media types of the future. Extend the ifmedia word to 64 bits.
This changes numbers of the SIOCSIFMEDIA and SIOCGIFMEDIA ioctls and
grows struct ifmediareq.

Old ifconfig and dhclient binaries can still assign addresses, however
the 'media' subcommand stops working. Recompiling ifconfig and dhclient
with new headers before a reboot should not be necessary unless in very
special circumstances where non-default media settings must be used to
get link and console access is not available.

There may be some MD fallout but that will be cleared up later.

ok deraadt miod
with help and suggestions from several sharks attending l2k15

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef some more INET. v4 4life.

remove uneeded proc.h includes
ok mpi@ kspillner@

use nitems() instead of various local constructs

ok stsp@

Remove unneeded include.

ok deraadt@

No "\n" needed at the end of panic() strings.

Bogus chunks pointed out by matthew@ and miod@. No cookies for
marco@ and jasper@.

ok deraadt@ miod@ matthew@ jasper@ macro@

when wpa is enabled, defer setting the link up until the 802.1X
port is valid (keys have been successfully exchanged.)
this avoids dhclient timeouts when wpa is enabled.

s/hz/Hz/ on multiples of the SI unit hertz other than MHz.

reminded by STeve Andre.

make wireless interfaces priority 4 by default. other interfaces remain
priority 0. while we are in here make sure we add wi interfaces to group "wlan"
in the same way the net80211 stuff already is.

this makes dhcp multiple default routes useful on laptops.

ok claudio@

move code to support Frequency-Hopping spread spectrum (FHSS) PHYs
to the Attic. nothing uses it in the tree and it is very unlikely
that something will use it one day.
the only driver supporting FHSS PHYs in the tree is ray(4) and it
does not use net80211.

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

s/IEEE80211_DPRINTF/DPRINTF/
automatically prepend __func__ to output.

deobfuscates debug messages a bit.
no binary change unless compiled with IEEE80211_DEBUG.

add ieee80211_priv.h file: contains definitions private to net80211.
this must not be included by drivers.

move things from ieee80211_ifattach() to ieee80211_crypto_attach().

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

make it clear in the code and in the man page that the rate2plcp and
plcp2rate functions use plcp codes in most-significant-bit-first format
(R4-R1).
some drivers like wpi(4) and iwn(4) want plcp codes in lsb-first format
so they can't use those functions.
also the IEEE standard uses R1-R4 notation so this can be a bit confusing
for those refering to it.

use u_int8_t for plcp code and rate instead of int.

Add ieee80211_rate2plcp() and ieee80211_plcp2rate() functions, which
convert the PLCP header signal field to a rate value and vice versa.

This implementation has been discussed with Damien and doesn't change
any existing net80211 structures.

ok damien@

Revert last commit which added ieee80211_rate2plcp() and
ieee80211_plcp2rate() because I've got a late feedback from Damien that
he dislike the implementation method a lot.

Add ieee80211_rate2plcp() and ieee80211_plcp2rate() functions.

Help and OK reyk@

realy -> really in comments. Most reported on tech@ by Jung.

maintain the traffic-indication (TIM) virtual bitmap by defining
a default ieee80211_set_tim() function that drivers can override
by setting ic_set_tim.

constify

de-static

ok jsg@

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

print the phy mode in IFF_DEBUG status output which helps to debug
dual/multi mode chipset operation.

ok jsg@

Put all net80211 interfaces into the ``wlan'' interface group. Idea from me,
name ``wlan'' from henning@.

ok mbalmer@, reyk@, henning@, msf@

do not have each net80211 driver define its own rates structures. if they use
the standard rates, use some defined by net80211 itself. kernel shrinks a bit
ok jsg mglocker

Improve 802.11b/g interoperability and move toward better compliance
with IEEE Std 802.11g-2003 standard:

- add ERP Information Element in probe responses and beacons
- keep track of the number of associated non-ERP STAs and non-short slot
time capable STAs in the BSS
- enable use of RTS/CTS or CTS-to-self protection when required by the BSS
- add a ic_updateslot() callback to notify drivers of slot time changes
- cleanup computation of mgmt frames sizes in ieee80211_output.c
- nuke unnecessary <sys/cdefs.h> includes
- remove an unused macro (LOGICALLY_EQUAL) while i'm here

From {free,net}bsd, with additional fixes.

ok brad@, reyk@

Remove redundant calls to bpfdetach.
ok brad@

/* fall thru... */ -> /* FALLTHROUGH */

minor knf

mostly knf

ok jsg@

Remove the last of the FreeBSD compatiblity goop.
ok reyk@

Remove FreeBSD if_printf compat function from net80211.
ok reyk@

reset the scan state for each new mode

ok jsg@

Remove FreeBSD/NetBSD ifdef mess. We are not likely to be
doing a wholesale merge with them in future.
very enthusiastic ok from reyk@

enable IFCAP_VLAN_MTU because IEEE 802.11 defines a MTU of about 2290.
successfully tested with ural, ath, atw, atu and ath.

ok jsg@, brad@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

scan the next mode if nothing has been found. this is necessary if the
device supports different incompatible modes in the same channel
range, like like 11b and "pure" 11G mode.

ok dlg@ pvalchev@

send raw 802.11 frames with bpf(4) using the IEEE802_11 or
IEEE802_11_RADIO data link types.

ok canacar@ damien@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

Use IFM_IEEE80211_IBSS for IBSS mode instead of IFM_IEEE80211_ADHOC.
With this ipw(4) works in IBSS mode.
ok millert@ aaron@ damien@

some changes merged in from netbsd. ieee80211_regdomain.# will be used
by sdr (software defined radios).

ok deraadt@ millert@ damien@

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

Add support for 40MHz channels to net80211 RA.

For the moment we use either the 40MHz rate set or the 20 MHz one,
depending on whether our peer supports 40MHz channels.
If this turns out to be suboptimal we could probe the 40MHz and 20MHz
rate sets separately to detect which one works better.

The same applies to use of the short guard interval (SGI), which is
either always on or off at the moment. Again, probing for this could
be added later if needed.

Undo pseudo-driver changes early in ieee80211_ifdetach() to prevent a
use-after-free when a wireless device is detached.

Pseudo-driver detach hooks may end up calling back into the driver, e.g. via
an ioctl. So these hooks must run before net80211 data structures are freed.

Reported by ratchov@ who saw the following trace when athn(4) detached while
it was part of a trunk(4) interface. The trunk(4) detach hooks were run after
ieee80211_ifdetach() had been run by athn_detach(). These hooks called back
into the driver via athn_ioctl() which now operated on freed memory.

uvm_fault(0xffffffff81facdd0, 0xb14, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at ieee80211_ba_del+0x20: cmpl $0,0x2c(%r15)
ddb{0}> ieee80211_ba_del(0) at ieee80211_ba_del+0x20
ieee80211_newstate(ffff8000000c1048,0,ffffffff) at ieee80211_newstate+0xb51
athn_stop(ffff8000000c1048,1) at athn_stop+0x70
athn_ioctl(ffff8000000c1048,80206910,ffff800014d63800) at athn_ioctl+0x15b
ifnewlladdr(ffff8000000c1048) at ifnewlladdr+0x100
trunk_port_destroy(ffff800000589800) at trunk_port_destroy+0x320
if_hooks_run(ffff8000000c10b8) at if_hooks_run+0xb0
if_deactivate(ffff8000000c1048) at if_deactivate+0x24
ether_ifdetach(ffff8000000c1048) at ether_ifdetach+0x1d
athn_detach(ffff8000000c1000) at athn_detach+0x17b
athn_pci_detach(ffff8000000c1000,1) at athn_pci_detach+0x2a
config_detach(ffff8000000c1000,1) at config_detach+0x156
config_detach_children(ffff8000000b7500,1) at config_detach_children+0x58
pci_detach_devices(ffff8000000b7500,1) at pci_detach_devices+0x24
ppb_hotplug_remove(ffff800000033e00) at ppb_hotplug_remove+0x35
taskq_thread(ffffffff81f4bd48) at

ok mpi@ ratchov@

Fix ifconfig "media:" line for 11n wifi interfaces during and after bgscan.

Media was displayed as e.g. "autoselect (OFDM6)" even though 11n was active
because the current media mode is changed to AUTO for background scanning
and was never switched back to 11N.

ok mpi@ pirofti@

Don't start background scans before WPA handshake has completed.
ok phessler

Whitespace removal, no code change.

Give access points which fail to AUTH or ASSOC less priority during
the next selection of networks from the join list. Prevents endless
attempts to connect to an AP which is out of reach but still somehow
manages to get a beacon or two across to us during scan.

Tested with wifi networks at the University of Bucharest.
Makes switching wifi networks possible after walking to a different
room without having to down/up the interface or suspend/resume.

ok phessler@

Raise net80211's "beacon miss" threshold to avoid frequent re-connects
to APs that are relatively far away and suffer some packet loss.

The former threshold was 7 beacons (about 700 ms).
This raises the threshold to 30 beacons (about 3 seconds).
Should still be good enough for detecting APs that have disappeared, and
makes wifi networks provided by the University of Bucharest more reliable
in the p2k19 hackroom.

While here, make 'ifconfig iwm0/iwn0 debug' print an obvious message when
we believe that the AP has disappeared.

Problem reported and fix tested by landry@ / pirofti@
ok mpi@ sthen@

Reset the current wireless PHY mode to 'auto' when a scan begins if we
are in media autoselect mode.

The interface might have been switched to a fixed PHY mode during association
and keeping it fixed will mislead AP selection after roaming failure.

Problem found and diagnosed at CCC camp 2019
Tested by myself, fkr@, chris@

Add support for 802.11n Tx aggregation to net80211 and the iwn(4) driver.

In particular, add Tx block ack session management to net80211, with
enough funcionality to support Tx aggregation on devices which perform
A-MPDU subframe scheduling in firmware.
Make use of the iwn(4) firmware Tx scheduler to build A-MPDUs.

net80211's QoS support code is now enabled and used by Tx aggregation.

A-MSDU frames inside A-MPDUs have been tested and work in principle.
For now, this feature is disabled because unfair TCP connection sharing
was observed during testing, where bursts of TCP Ack frames for a single
tcpbench(1) connection arriving in A-MSDUs made other TCP connections stall.
Switch off support for A-MSDUs inside A-MPDUs on the Rx side as well.

Tested on iwn chipsets 1000, 4965, 5100, 5300, 2200, 6200, 6205, 6300
(committed version of tested diff has all debug printfs removed)
tests/ok benno kmos mlarkin kevlo

Revised version of 'ifconfig mode' command fix.

The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.

ok phessler, jmatthew (earlier version)
relentless testing by krw@

Revert my "Repair the 'ifconfig mode' command" commit.

The "recursion in end_scan()" problem is apparently still present in
the committed version of the diff (reported by krw@).

Repair the 'ifconfig mode' command.

The 'mode' command is supposed to force a wireless interface into 11a/b/g/n
media mode. This stopped working some time ago, probably during my work on
background scanning. Problem spotted by mlarkin@ who noticed that interfaces
were using 11g mode while forced to 11b mode.

ok phessler, jmatthew

Fix out-of-bounds array access in ieee80211_setbasicrates(); CID 1479607
ok kettenis@

Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

Move 802.11n rateset definitions out of MiRA and make them available to
net80211 and drivers in general. Add ratesets for 'short guard interval'
(SGI) rates, and add SGI support to MiRA. SGI is currently only used by
iwm(4), and of course internally by bwfm(4) firmware.
Ratesets for 11n 40 MHz channels and 11ac will come later.
ok mpi@ phessler@

Nuke unused LIST() ieee80211com_head.

ok stsp@

Disambiguate the source of panics in sys/net* by adding __func__
magic constant to panic() calls.
ok benno@ henning@ tb@

When starting a background scan, free the nodes table to ensure we
get an up-to-date view of APs around us. In particular, we need to
kick out the AP we are associated to. Otherwise, our current AP might
stay cached if it is turned off while we are scanning, and we could
end up picking a now non-existent but "good looking" AP over and over.

found with and ok phessler@

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

remove the background scan timeout on detach, so we don't crash shortly
afterwards.

crash reported by Piotr Isajew
ok stsp@

Make ieee80211_chan2ieee() panic if a bogus channel pointer is detected.
ok patrick@

Add support for background scanning to net80211 and iwm(4).

The iwm(4) driver will now roam between access points which share an SSID.
Use 'ifconfig iwm0 debug' and 'tail -f /var/log/messages' to watch it do so.

Tested by several people in various iterations.
As usual, let me know if you run into issues.

ok phessler deraadt

When selecting the next wireless mode during the scan loop, always select
AUTO mode if the driver scans all bands at once. Otherwise the net80211
layer unnecessarily filters out some of the beacons received by the device.
ok phessler@ mpi@ kevlo@

Initialize the link state of a wireless interface to DOWN when the
interface is attached to the net80211 layer. Prevents confusion
in cases where drivers forget to initialize the link state.
ok mpi@ kettenis@

The net80211 stack was providing a 'beacon miss timeout' value (in ms)
which specified how much time may elapse without beacons before drivers
begin searching for a new AP.

Drivers convert this timeout value into the amount of beacons they're allowed
to miss. Having the stack provide this number upfront simplifies things.

ok mpi@