rename net80211 ioctl struct ieee80211_channel to struct ieee80211_chaninfo

ioctls should use dedicated names for their structs, but SIOCG80211ALLCHANS
duplicated struct ieee80211_channel. We cannot make changes to the kernel's
version of ieee80211_channel while an ioctl is squatting on the struct name.

Helpful guidance from deraadt@
Tested in a ports bulk build by sthen@, and tested by Mikhail.

ok sthen@

Always check for EBUSY when the return value of ic_set_key() is tested.

Fixes urtwn(4) repeated DEAUTH and subsequent loss/restoration of link.
It was a great dhclient(4) stress test. Note that urtwn(4) is the first
and so far only device whose *_set_key() function returns EBUSY.

Debugging hints and ok stsp@

If join is connected to an AP, remove the node from the cache so we properly
reconnect to the AP

OK stsp@

When we change attributes for a join essid, we should apply the change
immediately instead of waiting to (randomly) switch away and switch
back.

Found by martijn@
OK stsp@

Prevent a NULL deref in ieee80211_node2req() which could be triggered
by an ioctl if the driver had not yet initialized the channel map.
Crash reported by nayden@
ok sthen@

Trigger a background scan when root runs the 'ifconfig scan' command.
This will update the list of cached APs for future invocations of the
'scan' command, and will force a search for a better AP to roam to.
ok sthen@ phessler@

branches: 1.75.4;
Make net80211 expose reasons for association failures to userland and have
ifconfig display them in 'scan' output and on the ieee80211 status line if
the failure is applicable to an already selected AP (e.g. wrong WPA key).

This will hopefully reduce the amount of help requests for what often
turn out to be trivial misconfiguration issues that were previously
hard to diagnose without debug mode.

ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in
sync with the kernel. A full 'make build' will do the right thing!

Very helpful input by mpi@ and deraadt@

Fix 'ifconfig nwflags; These flags ended up overlapping with other flags
in ieee80211com's ic_flags because we haven't been paying attention to
them (they're not in the same place in the code and hence easy to miss).
Move them to a dedicated variable to avoid this problem in the future.

Add a new 'stayauth' nwflag which can be set to let net80211 ignore
deauth frames. This can be useful when deauth frames are being
persistently spoofed by an attacker. Idea from beck@

ok beck@ phessler@

branches: 1.73.2;
Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

when removing the currently active network from the join list, disconnect
from it as well

OK stsp@

add a len field when we delete an essid from the joinlist. this will have
us properly match, instead of hoping we got lucky when selecting it.

OK stsp@

let users automatically use join to connect to any open wifi network.
if a known network is visible, always prefer that instead.

requested by many, OK stsp@

print more details about the join'd networks we have saved when a user runs
ifconfig if joinlist

OK stsp@

clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared
based on the state of the joinlist

OK stsp@

do not immediately set the join'd network, the join command only updates
the list.

makes /etc/netstart very fast when ran while the interface is up

OK stsp@

use the correct essid when switching during the ioctl path

pointed out by stsp@

convert the things we save in 'join' into a single ioctl. mixing related
settings over multiple calls was risky and racy. Pass essid, wpa, and wep
paramaters in a single ioctl and process it atomically.

no change for 'nwid' users

OK stsp@ benno@

Make 'ifconfig nwid' override 'ifconfig join'.

There was no way to override a decision made by join's network
selection algorithm (apart from disabling the feature by clearing
the join list). Automatic selection is based on heuristics which
cannot always guess correctly so we need to provide an override.

One specific problem was that if 'nwid foo' and 'nwid bar' were
both visible in the scan and only 'nwid foo' was a member of the
join list, then there was no way at all to connect to 'nwid bar'.
The wireless stack would keep selecting 'nwid foo' instead.

'ifconfig iwm0 nwid bar' command will now disable automatic
network selection and force the use of ESSID 'bar'.
Any of these commands will re-enable automatic network selection:
ifconfig iwm0 -nwid
ifconfig iwm0 nwid ''
ifconfig iwm0 join some-network-id

ok phessler@ deraadt@

make ifconfig <if> join display the list of networks configured for
auto-join
with feedback from florian and stsp
ok florian@ phessler@ (on previous versions of the diff) stsp@

Refactor ieee80211_add_ess():

Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly
from the ic to make it more obvious where this function is reading from.

nwids are binary data with an explicit length, so treat them as such
instead of treating them like strings.

ok florian phessler

Introduce 'auto-join' to the wifi 802.11 stack.

This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.

Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.

example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up

OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

Remove almost unused `flags' argument of suser().

The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.

No objection from millert@, ok tedu@, bluhm@

Stop reporting WPA and WEP keys back to userland.
The kernel is not a password database; look your wifi keys up elsewhere.

Discussed with several.
ok phessler@ jca@

move a function declaration, so the whole net80211 stack can disable wep or wpa

OK stsp@

Changing nwid on a wifi network means it is a new network, so clear the
WPA and WEP configuration.

OK pirofti@ stsp@ sthen@

Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009.
ok stsp@ kevlo@ jca@

Move common code to add/remove multicast filters to ieee80211_ioctl(9).

ok jsg@, stsp@

Plug an information leak in ieee80211_node2req().
Problem reported by Ilja Van Sprundel.
ok tb@

branches: 1.52.4;
Use explicit_bzero() to wipe out key material and add some sizes to free().

ok stsp

When a new WPA key is set while WEP is enabled, disable WEP,
and when a new WEP key is set while WPA is enabled, disable WPA.
Prevents unusable configurations where both WEP and WPA are active
and makes switching between WEP/WPA networks easier.
ok deraadt@ tb@ sthen@

Introduce separate fields for supported WPA protocols and AKMs in struct
ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it
currently configured/enabled settings.
Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi
interface is not configured to use WPA (my previous commit attempted to
fix the same problem but didn't make it work in all cases).
ok tb@

Make 'ifconfig scan' display AP encryption correctly if WEP is configured
on the local wifi interface. ifconfig was mistakenly showing the common
supported subset of client and AP, rather than showing the AP's capabilities.
Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means
ifconfig must be recompiled to run on a new kernel.
ok deraadt@ mpi@

Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1.
Without this fix it was impossible to use WPA1 without also making use of the
wpaciphers option to enable TKIP. Problem noticed by pirofti@.
ok mpi@

When we disable WPA on an interface, wipe all of the WPA parameters,
including removing the 802.1x configuration from the card.

Found while coming home from CCC Congress.

OK stsp@

Disable TKIP (WPA1) by default.

It is time for this legacy of WEP to die (remember WEP?).
The 802.11-2012 standard says:
The use of TKIP is deprecated. The TKIP algorithm is unsuitable for
the purposes of this standard.

TKIP has numerous problems. One of which is that TKIP allows a denial of
service attack which can be triggered by any client. Report 2 Michael MIC
failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now
required by the 802.11 standard to lock everyone out for at least 60 seconds.
The network will remain unusable for as long as such MIC failure reports
are sent twice per minute.

TKIP remains available for interoperability purposes, for now.
It must be enabled manually with ifconfig(8).

Prompted by discussion with Mathy Vanhoef.
ok deraadt@ sthen@ reyk@

While copying out channel flags to userspace, omit the HT channel flag if
we're not in 11n mode. This will allow tcpdump to show the mode correctly.
ok mpi@

move from RB macros to the RBT functions.

shaves about 5k off an amd64 GENERIC.MP kernel

If a driver reports RSSI in the 20-100 range, convert to a negative value.
Fixes dBm values displayed by 'ifconfig scan' with several drivers.
ok mpi@ jca@

Expose more 802.11n information to userspace:
A flag which indicates whether HT has been negotiated with a node,
and the current Tx MCS value we use for a node.

This grows struct ieee80211_nodereq. Applications using it must be recompiled.

ok mpi@

branches: 1.41.2;
Copy some ieee8021_node HT information to userspace.
ifconfig needs to be recompiled.
ok mpi@

Fix manual scan while associated in 11a mode. It would only show APs on 5GHz.
Problem found by benno@
ok benno@ kettenis@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef some more INET. v4 4life.

remove uneeded proc.h includes
ok mpi@ kspillner@

Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes
which have been seen but which haven't otherwise interacted with us), fixing
a problem where old cached nodes are seen when doing a scan.
From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@

Return RSN (WPA) information to userland during wireless scan, and
make ifconfig show whether a wireless network uses WEP or WPA.
Since struct ieee80211_nodereq grows in size old ifconfig won't be
able to scan when running on a new kernel.
While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP.
ok jsg@

In the implementation of the SIOCS80211DELNODE ioctl, call
ieee80211_node_leave() instead of ieee80211_release_node() which screws
up reference counting and leads to use after free problems elsewhere in the
code. Since ieee80211_node_leave() is only available if hostap support is
compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling
without hostap support (e.g. on ramdisks).

ok deraadt@, damien@

Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@

In SIOCS80211SCAN, fail if the interface is not up *and* running.
There are cases where the interface can be up but not running, for
instance if the driver's if_init routine fails halfway for whatever
reason (firmware file not found, hardware switch turned off etc...)
This is because in sys/net/if.c, the returned code of the driver
is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set.
netintro(4) does not say anything about values returned by
SIOCSIFFLAGS, so I don't know whether it is the expected behavior
or not.

pointed out by halex@ and jacekm@ who noticed it was possible to
trigger a scan on wpi(4) even when the hardware switch was turned off.

make "ifconfig if0 chan" list the channels supported by the device.
add "ifconfig if0 scan" to scan for access points or to list known
stations in Host AP mode.
remove the [-]wmm command while i'm here. QoS is mandatory with
802.11n so there's not much point into making it an option.
fix parsing of the "powersave" command too.

discussed with deraadt@
man page hints from jmc@
display hints from sobrado@
"i like it" cnst@, grange@

Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'.
Some supplicants will autoselect 802.1X without giving users the
possibility to choose between PSK or 802.1X.

Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined
in Draft 802.11w) by default in the RSN IE of beacons and probe responses
as it confuses some broken supplicants. This kind of sacrifies security
for interoperability with shitty (but unfortunately widespread) clients
that do not follow the 802.11 standard properly.
This fixes associations from Intel PROSet on XP and also reportedly fixes
some Mac OS clients. I will likely make `psk-sha256' configurable through
ifconfig wpaakms after the 4.5 release.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

txpower range checks should be inclusive.
From FreeBSD via mickey in pr 6024.

ok damien@

small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific
flags using "nwflag".

First step towards cleaning up the Ethernet driver ioctl handling.
Move calling ether_ioctl() from the top of the ioctl function, which
at the moment does absolutely nothing, to the default switch case.
Thus allowing drivers to define their own ioctl handlers and then
falling back on ether_ioctl(). The only functional change this results
in at the moment is having all Ethernet drivers returning the proper
errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown
ioctl's.

Shrinks the i386 kernels by..
RAMDISK - 1024 bytes
RAMDISKB - 1120 bytes
RAMDISKC - 832 bytes

Tested by martin@/jsing@/todd@/brad@
Build tested on almost all archs by todd@/brad@

ok jsing@

Initial implementation of PMKSA caching and pre-authentication.
This will be required for future WPA-Enterprise support (802.1X).
Add ieee80211_needs_auth() function (not implemented yet) to
notify the userland 802.1X PACP machine when an 802.1X port
becomes enabled (that is after successfull 802.11 Open System
authentication).
Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the
PACP state machine can kick the 802.11 key state machine and
install PMKs obtained from 802.1X (pre-)authentication.

Enable SHA-256 based AKMPs by default while I'm here (TGw).
This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC
for data integrity, and AES Key Wrap for data protection of EAPOL-Key
frames. An OpenBSD AP will always advertise this capability and an
OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based
ones if both are supported by an AP.

move code to support Frequency-Hopping spread spectrum (FHSS) PHYs
to the Attic. nothing uses it in the tree and it is very unlikely
that something will use it one day.
the only driver supporting FHSS PHYs in the tree is ray(4) and it
does not use net80211.

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

new SHA-256 based AKMPs.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

return ENOTTY not EINVAL for an unknown ioctl.

ok reyk@ deraadt@ jsg@ dlg@

replace the ieee80211_wepkey structure with a more generic ieee80211_key
one that can be used with other ciphers than WEP.

constify

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

fix the key buffer size used for software wep, this could cause
problems with non-standard wep keys >= 104 bits.

thanks to Alexander Bluhm

ok mglocker@ jsg@

add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode
and "nwflag nobridge" to prevent inter-station communications.
"hidenwid" will also work with wi(4) to replace the old -E 3 option of
wicontrol.

ok damien@ jmc@

add an optional max_rssi attribute to the ieee80211com structure and
allow to export the RSSI Max value with ioctls and by radiotap
headers.

ok damien@ jsg@

description:

we currently use "dB" as an indication for the signal strength in
ifconfig and in the radiotap headers. it means "decibel difference
from an arbitrary, fixed reference". this is quite confusing, because
different chipsets have different references for the dB/rssi values.

we can use the plain RSSI which is described in IEEE 802.11: "The
receive signal strength indicator (RSSI) is an optional parameter that
has a value of 0 through RSSI Max.". all wireless chipsets have
something like a RSSI (normally as a Rx descriptor field), but the
value for RSSI Max is chipset-specific.

if we know the RSSI Max, we can calculate a percentage which is much
easier to understand for the user. we even don't have to use the
absolute RSSI Max, we can use an average RSSI Max, figured out by
monitoring and tuning the RSSI Max of the drivers. if the user gets a
signal of 110%, it would mean "better than the average Max signal".

there's no need to do any RSSI calculations in the kernel, it just
passes the the relative rssi and max_rssi values to userspace. this is
done in the ieee80211_nodereq ioctl structure and possible with a new
radiotap header. the radiotap RSSI header allows to get a flexible but
common signal indicator instead of the complex and unrelated dB/dBm
signal fields. it must include two 8bit values current rssi and RSSI
max.

replace the node hash table with a red-black tree. this fixes some
bugs in the node table (like duplicate nodes in hostap mode), we get
rid of possible hash collisions, and it simplifies the code.

tested by many, ok damien@, jsg@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

remove redundant suser() checks

Protect SIOCSIFMTU, too.

Protect more SIOCS* commands with suser() checks.

Fix some ioctl permission checks on the basis of what if_wi.c does.

remove dead code of unsupported ioctls from FreeBSD. we do it in a
different way.

ok deraadt@, martin@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

add the manual tx power option. this is supported by some prism2/2.5/3
cards in hostap mode but it depends on the firmware version. support
for other wireless chipsets will be added in the future using the
net80211-framework.

ok robert@ bob@ danh@, tested by some others

compatibility ioctls for things like "wicontrol ath0 -l" to
list known stations on a net80211-based ap.
ok millert@

Don't restrict WEP keys to exactly 40 or 108 bits.

Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do
ap scanning via wicontrol.

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

Always check for EBUSY when the return value of ic_set_key() is tested.

Fixes urtwn(4) repeated DEAUTH and subsequent loss/restoration of link.
It was a great dhclient(4) stress test. Note that urtwn(4) is the first
and so far only device whose *_set_key() function returns EBUSY.

Debugging hints and ok stsp@

If join is connected to an AP, remove the node from the cache so we properly
reconnect to the AP

OK stsp@

When we change attributes for a join essid, we should apply the change
immediately instead of waiting to (randomly) switch away and switch
back.

Found by martijn@
OK stsp@

Prevent a NULL deref in ieee80211_node2req() which could be triggered
by an ioctl if the driver had not yet initialized the channel map.
Crash reported by nayden@
ok sthen@

Trigger a background scan when root runs the 'ifconfig scan' command.
This will update the list of cached APs for future invocations of the
'scan' command, and will force a search for a better AP to roam to.
ok sthen@ phessler@

branches: 1.75.4;
Make net80211 expose reasons for association failures to userland and have
ifconfig display them in 'scan' output and on the ieee80211 status line if
the failure is applicable to an already selected AP (e.g. wrong WPA key).

This will hopefully reduce the amount of help requests for what often
turn out to be trivial misconfiguration issues that were previously
hard to diagnose without debug mode.

ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in
sync with the kernel. A full 'make build' will do the right thing!

Very helpful input by mpi@ and deraadt@

Fix 'ifconfig nwflags; These flags ended up overlapping with other flags
in ieee80211com's ic_flags because we haven't been paying attention to
them (they're not in the same place in the code and hence easy to miss).
Move them to a dedicated variable to avoid this problem in the future.

Add a new 'stayauth' nwflag which can be set to let net80211 ignore
deauth frames. This can be useful when deauth frames are being
persistently spoofed by an attacker. Idea from beck@

ok beck@ phessler@

branches: 1.73.2;
Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

when removing the currently active network from the join list, disconnect
from it as well

OK stsp@

add a len field when we delete an essid from the joinlist. this will have
us properly match, instead of hoping we got lucky when selecting it.

OK stsp@

let users automatically use join to connect to any open wifi network.
if a known network is visible, always prefer that instead.

requested by many, OK stsp@

print more details about the join'd networks we have saved when a user runs
ifconfig if joinlist

OK stsp@

clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared
based on the state of the joinlist

OK stsp@

do not immediately set the join'd network, the join command only updates
the list.

makes /etc/netstart very fast when ran while the interface is up

OK stsp@

use the correct essid when switching during the ioctl path

pointed out by stsp@

convert the things we save in 'join' into a single ioctl. mixing related
settings over multiple calls was risky and racy. Pass essid, wpa, and wep
paramaters in a single ioctl and process it atomically.

no change for 'nwid' users

OK stsp@ benno@

Make 'ifconfig nwid' override 'ifconfig join'.

There was no way to override a decision made by join's network
selection algorithm (apart from disabling the feature by clearing
the join list). Automatic selection is based on heuristics which
cannot always guess correctly so we need to provide an override.

One specific problem was that if 'nwid foo' and 'nwid bar' were
both visible in the scan and only 'nwid foo' was a member of the
join list, then there was no way at all to connect to 'nwid bar'.
The wireless stack would keep selecting 'nwid foo' instead.

'ifconfig iwm0 nwid bar' command will now disable automatic
network selection and force the use of ESSID 'bar'.
Any of these commands will re-enable automatic network selection:
ifconfig iwm0 -nwid
ifconfig iwm0 nwid ''
ifconfig iwm0 join some-network-id

ok phessler@ deraadt@

make ifconfig <if> join display the list of networks configured for
auto-join
with feedback from florian and stsp
ok florian@ phessler@ (on previous versions of the diff) stsp@

Refactor ieee80211_add_ess():

Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly
from the ic to make it more obvious where this function is reading from.

nwids are binary data with an explicit length, so treat them as such
instead of treating them like strings.

ok florian phessler

Introduce 'auto-join' to the wifi 802.11 stack.

This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.

Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.

example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up

OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

Remove almost unused `flags' argument of suser().

The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.

No objection from millert@, ok tedu@, bluhm@

Stop reporting WPA and WEP keys back to userland.
The kernel is not a password database; look your wifi keys up elsewhere.

Discussed with several.
ok phessler@ jca@

move a function declaration, so the whole net80211 stack can disable wep or wpa

OK stsp@

Changing nwid on a wifi network means it is a new network, so clear the
WPA and WEP configuration.

OK pirofti@ stsp@ sthen@

Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009.
ok stsp@ kevlo@ jca@

Move common code to add/remove multicast filters to ieee80211_ioctl(9).

ok jsg@, stsp@

Plug an information leak in ieee80211_node2req().
Problem reported by Ilja Van Sprundel.
ok tb@

branches: 1.52.4;
Use explicit_bzero() to wipe out key material and add some sizes to free().

ok stsp

When a new WPA key is set while WEP is enabled, disable WEP,
and when a new WEP key is set while WPA is enabled, disable WPA.
Prevents unusable configurations where both WEP and WPA are active
and makes switching between WEP/WPA networks easier.
ok deraadt@ tb@ sthen@

Introduce separate fields for supported WPA protocols and AKMs in struct
ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it
currently configured/enabled settings.
Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi
interface is not configured to use WPA (my previous commit attempted to
fix the same problem but didn't make it work in all cases).
ok tb@

Make 'ifconfig scan' display AP encryption correctly if WEP is configured
on the local wifi interface. ifconfig was mistakenly showing the common
supported subset of client and AP, rather than showing the AP's capabilities.
Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means
ifconfig must be recompiled to run on a new kernel.
ok deraadt@ mpi@

Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1.
Without this fix it was impossible to use WPA1 without also making use of the
wpaciphers option to enable TKIP. Problem noticed by pirofti@.
ok mpi@

When we disable WPA on an interface, wipe all of the WPA parameters,
including removing the 802.1x configuration from the card.

Found while coming home from CCC Congress.

OK stsp@

Disable TKIP (WPA1) by default.

It is time for this legacy of WEP to die (remember WEP?).
The 802.11-2012 standard says:
The use of TKIP is deprecated. The TKIP algorithm is unsuitable for
the purposes of this standard.

TKIP has numerous problems. One of which is that TKIP allows a denial of
service attack which can be triggered by any client. Report 2 Michael MIC
failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now
required by the 802.11 standard to lock everyone out for at least 60 seconds.
The network will remain unusable for as long as such MIC failure reports
are sent twice per minute.

TKIP remains available for interoperability purposes, for now.
It must be enabled manually with ifconfig(8).

Prompted by discussion with Mathy Vanhoef.
ok deraadt@ sthen@ reyk@

While copying out channel flags to userspace, omit the HT channel flag if
we're not in 11n mode. This will allow tcpdump to show the mode correctly.
ok mpi@

move from RB macros to the RBT functions.

shaves about 5k off an amd64 GENERIC.MP kernel

If a driver reports RSSI in the 20-100 range, convert to a negative value.
Fixes dBm values displayed by 'ifconfig scan' with several drivers.
ok mpi@ jca@

Expose more 802.11n information to userspace:
A flag which indicates whether HT has been negotiated with a node,
and the current Tx MCS value we use for a node.

This grows struct ieee80211_nodereq. Applications using it must be recompiled.

ok mpi@

branches: 1.41.2;
Copy some ieee8021_node HT information to userspace.
ifconfig needs to be recompiled.
ok mpi@

Fix manual scan while associated in 11a mode. It would only show APs on 5GHz.
Problem found by benno@
ok benno@ kettenis@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef some more INET. v4 4life.

remove uneeded proc.h includes
ok mpi@ kspillner@

Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes
which have been seen but which haven't otherwise interacted with us), fixing
a problem where old cached nodes are seen when doing a scan.
From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@

Return RSN (WPA) information to userland during wireless scan, and
make ifconfig show whether a wireless network uses WEP or WPA.
Since struct ieee80211_nodereq grows in size old ifconfig won't be
able to scan when running on a new kernel.
While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP.
ok jsg@

In the implementation of the SIOCS80211DELNODE ioctl, call
ieee80211_node_leave() instead of ieee80211_release_node() which screws
up reference counting and leads to use after free problems elsewhere in the
code. Since ieee80211_node_leave() is only available if hostap support is
compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling
without hostap support (e.g. on ramdisks).

ok deraadt@, damien@

Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@

In SIOCS80211SCAN, fail if the interface is not up *and* running.
There are cases where the interface can be up but not running, for
instance if the driver's if_init routine fails halfway for whatever
reason (firmware file not found, hardware switch turned off etc...)
This is because in sys/net/if.c, the returned code of the driver
is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set.
netintro(4) does not say anything about values returned by
SIOCSIFFLAGS, so I don't know whether it is the expected behavior
or not.

pointed out by halex@ and jacekm@ who noticed it was possible to
trigger a scan on wpi(4) even when the hardware switch was turned off.

make "ifconfig if0 chan" list the channels supported by the device.
add "ifconfig if0 scan" to scan for access points or to list known
stations in Host AP mode.
remove the [-]wmm command while i'm here. QoS is mandatory with
802.11n so there's not much point into making it an option.
fix parsing of the "powersave" command too.

discussed with deraadt@
man page hints from jmc@
display hints from sobrado@
"i like it" cnst@, grange@

Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'.
Some supplicants will autoselect 802.1X without giving users the
possibility to choose between PSK or 802.1X.

Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined
in Draft 802.11w) by default in the RSN IE of beacons and probe responses
as it confuses some broken supplicants. This kind of sacrifies security
for interoperability with shitty (but unfortunately widespread) clients
that do not follow the 802.11 standard properly.
This fixes associations from Intel PROSet on XP and also reportedly fixes
some Mac OS clients. I will likely make `psk-sha256' configurable through
ifconfig wpaakms after the 4.5 release.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

txpower range checks should be inclusive.
From FreeBSD via mickey in pr 6024.

ok damien@

small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific
flags using "nwflag".

First step towards cleaning up the Ethernet driver ioctl handling.
Move calling ether_ioctl() from the top of the ioctl function, which
at the moment does absolutely nothing, to the default switch case.
Thus allowing drivers to define their own ioctl handlers and then
falling back on ether_ioctl(). The only functional change this results
in at the moment is having all Ethernet drivers returning the proper
errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown
ioctl's.

Shrinks the i386 kernels by..
RAMDISK - 1024 bytes
RAMDISKB - 1120 bytes
RAMDISKC - 832 bytes

Tested by martin@/jsing@/todd@/brad@
Build tested on almost all archs by todd@/brad@

ok jsing@

Initial implementation of PMKSA caching and pre-authentication.
This will be required for future WPA-Enterprise support (802.1X).
Add ieee80211_needs_auth() function (not implemented yet) to
notify the userland 802.1X PACP machine when an 802.1X port
becomes enabled (that is after successfull 802.11 Open System
authentication).
Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the
PACP state machine can kick the 802.11 key state machine and
install PMKs obtained from 802.1X (pre-)authentication.

Enable SHA-256 based AKMPs by default while I'm here (TGw).
This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC
for data integrity, and AES Key Wrap for data protection of EAPOL-Key
frames. An OpenBSD AP will always advertise this capability and an
OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based
ones if both are supported by an AP.

move code to support Frequency-Hopping spread spectrum (FHSS) PHYs
to the Attic. nothing uses it in the tree and it is very unlikely
that something will use it one day.
the only driver supporting FHSS PHYs in the tree is ray(4) and it
does not use net80211.

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

new SHA-256 based AKMPs.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

return ENOTTY not EINVAL for an unknown ioctl.

ok reyk@ deraadt@ jsg@ dlg@

replace the ieee80211_wepkey structure with a more generic ieee80211_key
one that can be used with other ciphers than WEP.

constify

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

fix the key buffer size used for software wep, this could cause
problems with non-standard wep keys >= 104 bits.

thanks to Alexander Bluhm

ok mglocker@ jsg@

add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode
and "nwflag nobridge" to prevent inter-station communications.
"hidenwid" will also work with wi(4) to replace the old -E 3 option of
wicontrol.

ok damien@ jmc@

add an optional max_rssi attribute to the ieee80211com structure and
allow to export the RSSI Max value with ioctls and by radiotap
headers.

ok damien@ jsg@

description:

we currently use "dB" as an indication for the signal strength in
ifconfig and in the radiotap headers. it means "decibel difference
from an arbitrary, fixed reference". this is quite confusing, because
different chipsets have different references for the dB/rssi values.

we can use the plain RSSI which is described in IEEE 802.11: "The
receive signal strength indicator (RSSI) is an optional parameter that
has a value of 0 through RSSI Max.". all wireless chipsets have
something like a RSSI (normally as a Rx descriptor field), but the
value for RSSI Max is chipset-specific.

if we know the RSSI Max, we can calculate a percentage which is much
easier to understand for the user. we even don't have to use the
absolute RSSI Max, we can use an average RSSI Max, figured out by
monitoring and tuning the RSSI Max of the drivers. if the user gets a
signal of 110%, it would mean "better than the average Max signal".

there's no need to do any RSSI calculations in the kernel, it just
passes the the relative rssi and max_rssi values to userspace. this is
done in the ieee80211_nodereq ioctl structure and possible with a new
radiotap header. the radiotap RSSI header allows to get a flexible but
common signal indicator instead of the complex and unrelated dB/dBm
signal fields. it must include two 8bit values current rssi and RSSI
max.

replace the node hash table with a red-black tree. this fixes some
bugs in the node table (like duplicate nodes in hostap mode), we get
rid of possible hash collisions, and it simplifies the code.

tested by many, ok damien@, jsg@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

remove redundant suser() checks

Protect SIOCSIFMTU, too.

Protect more SIOCS* commands with suser() checks.

Fix some ioctl permission checks on the basis of what if_wi.c does.

remove dead code of unsupported ioctls from FreeBSD. we do it in a
different way.

ok deraadt@, martin@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

add the manual tx power option. this is supported by some prism2/2.5/3
cards in hostap mode but it depends on the firmware version. support
for other wireless chipsets will be added in the future using the
net80211-framework.

ok robert@ bob@ danh@, tested by some others

compatibility ioctls for things like "wicontrol ath0 -l" to
list known stations on a net80211-based ap.
ok millert@

Don't restrict WEP keys to exactly 40 or 108 bits.

Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do
ap scanning via wicontrol.

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

If join is connected to an AP, remove the node from the cache so we properly
reconnect to the AP

OK stsp@

When we change attributes for a join essid, we should apply the change
immediately instead of waiting to (randomly) switch away and switch
back.

Found by martijn@
OK stsp@

Prevent a NULL deref in ieee80211_node2req() which could be triggered
by an ioctl if the driver had not yet initialized the channel map.
Crash reported by nayden@
ok sthen@

Trigger a background scan when root runs the 'ifconfig scan' command.
This will update the list of cached APs for future invocations of the
'scan' command, and will force a search for a better AP to roam to.
ok sthen@ phessler@

branches: 1.75.4;
Make net80211 expose reasons for association failures to userland and have
ifconfig display them in 'scan' output and on the ieee80211 status line if
the failure is applicable to an already selected AP (e.g. wrong WPA key).

This will hopefully reduce the amount of help requests for what often
turn out to be trivial misconfiguration issues that were previously
hard to diagnose without debug mode.

ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in
sync with the kernel. A full 'make build' will do the right thing!

Very helpful input by mpi@ and deraadt@

Fix 'ifconfig nwflags; These flags ended up overlapping with other flags
in ieee80211com's ic_flags because we haven't been paying attention to
them (they're not in the same place in the code and hence easy to miss).
Move them to a dedicated variable to avoid this problem in the future.

Add a new 'stayauth' nwflag which can be set to let net80211 ignore
deauth frames. This can be useful when deauth frames are being
persistently spoofed by an attacker. Idea from beck@

ok beck@ phessler@

branches: 1.73.2;
Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

when removing the currently active network from the join list, disconnect
from it as well

OK stsp@

add a len field when we delete an essid from the joinlist. this will have
us properly match, instead of hoping we got lucky when selecting it.

OK stsp@

let users automatically use join to connect to any open wifi network.
if a known network is visible, always prefer that instead.

requested by many, OK stsp@

print more details about the join'd networks we have saved when a user runs
ifconfig if joinlist

OK stsp@

clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared
based on the state of the joinlist

OK stsp@

do not immediately set the join'd network, the join command only updates
the list.

makes /etc/netstart very fast when ran while the interface is up

OK stsp@

use the correct essid when switching during the ioctl path

pointed out by stsp@

convert the things we save in 'join' into a single ioctl. mixing related
settings over multiple calls was risky and racy. Pass essid, wpa, and wep
paramaters in a single ioctl and process it atomically.

no change for 'nwid' users

OK stsp@ benno@

Make 'ifconfig nwid' override 'ifconfig join'.

There was no way to override a decision made by join's network
selection algorithm (apart from disabling the feature by clearing
the join list). Automatic selection is based on heuristics which
cannot always guess correctly so we need to provide an override.

One specific problem was that if 'nwid foo' and 'nwid bar' were
both visible in the scan and only 'nwid foo' was a member of the
join list, then there was no way at all to connect to 'nwid bar'.
The wireless stack would keep selecting 'nwid foo' instead.

'ifconfig iwm0 nwid bar' command will now disable automatic
network selection and force the use of ESSID 'bar'.
Any of these commands will re-enable automatic network selection:
ifconfig iwm0 -nwid
ifconfig iwm0 nwid ''
ifconfig iwm0 join some-network-id

ok phessler@ deraadt@

make ifconfig <if> join display the list of networks configured for
auto-join
with feedback from florian and stsp
ok florian@ phessler@ (on previous versions of the diff) stsp@

Refactor ieee80211_add_ess():

Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly
from the ic to make it more obvious where this function is reading from.

nwids are binary data with an explicit length, so treat them as such
instead of treating them like strings.

ok florian phessler

Introduce 'auto-join' to the wifi 802.11 stack.

This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.

Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.

example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up

OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

Remove almost unused `flags' argument of suser().

The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.

No objection from millert@, ok tedu@, bluhm@

Stop reporting WPA and WEP keys back to userland.
The kernel is not a password database; look your wifi keys up elsewhere.

Discussed with several.
ok phessler@ jca@

move a function declaration, so the whole net80211 stack can disable wep or wpa

OK stsp@

Changing nwid on a wifi network means it is a new network, so clear the
WPA and WEP configuration.

OK pirofti@ stsp@ sthen@

Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009.
ok stsp@ kevlo@ jca@

Move common code to add/remove multicast filters to ieee80211_ioctl(9).

ok jsg@, stsp@

Plug an information leak in ieee80211_node2req().
Problem reported by Ilja Van Sprundel.
ok tb@

branches: 1.52.4;
Use explicit_bzero() to wipe out key material and add some sizes to free().

ok stsp

When a new WPA key is set while WEP is enabled, disable WEP,
and when a new WEP key is set while WPA is enabled, disable WPA.
Prevents unusable configurations where both WEP and WPA are active
and makes switching between WEP/WPA networks easier.
ok deraadt@ tb@ sthen@

Introduce separate fields for supported WPA protocols and AKMs in struct
ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it
currently configured/enabled settings.
Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi
interface is not configured to use WPA (my previous commit attempted to
fix the same problem but didn't make it work in all cases).
ok tb@

Make 'ifconfig scan' display AP encryption correctly if WEP is configured
on the local wifi interface. ifconfig was mistakenly showing the common
supported subset of client and AP, rather than showing the AP's capabilities.
Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means
ifconfig must be recompiled to run on a new kernel.
ok deraadt@ mpi@

Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1.
Without this fix it was impossible to use WPA1 without also making use of the
wpaciphers option to enable TKIP. Problem noticed by pirofti@.
ok mpi@

When we disable WPA on an interface, wipe all of the WPA parameters,
including removing the 802.1x configuration from the card.

Found while coming home from CCC Congress.

OK stsp@

Disable TKIP (WPA1) by default.

It is time for this legacy of WEP to die (remember WEP?).
The 802.11-2012 standard says:
The use of TKIP is deprecated. The TKIP algorithm is unsuitable for
the purposes of this standard.

TKIP has numerous problems. One of which is that TKIP allows a denial of
service attack which can be triggered by any client. Report 2 Michael MIC
failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now
required by the 802.11 standard to lock everyone out for at least 60 seconds.
The network will remain unusable for as long as such MIC failure reports
are sent twice per minute.

TKIP remains available for interoperability purposes, for now.
It must be enabled manually with ifconfig(8).

Prompted by discussion with Mathy Vanhoef.
ok deraadt@ sthen@ reyk@

While copying out channel flags to userspace, omit the HT channel flag if
we're not in 11n mode. This will allow tcpdump to show the mode correctly.
ok mpi@

move from RB macros to the RBT functions.

shaves about 5k off an amd64 GENERIC.MP kernel

If a driver reports RSSI in the 20-100 range, convert to a negative value.
Fixes dBm values displayed by 'ifconfig scan' with several drivers.
ok mpi@ jca@

Expose more 802.11n information to userspace:
A flag which indicates whether HT has been negotiated with a node,
and the current Tx MCS value we use for a node.

This grows struct ieee80211_nodereq. Applications using it must be recompiled.

ok mpi@

branches: 1.41.2;
Copy some ieee8021_node HT information to userspace.
ifconfig needs to be recompiled.
ok mpi@

Fix manual scan while associated in 11a mode. It would only show APs on 5GHz.
Problem found by benno@
ok benno@ kettenis@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef some more INET. v4 4life.

remove uneeded proc.h includes
ok mpi@ kspillner@

Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes
which have been seen but which haven't otherwise interacted with us), fixing
a problem where old cached nodes are seen when doing a scan.
From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@

Return RSN (WPA) information to userland during wireless scan, and
make ifconfig show whether a wireless network uses WEP or WPA.
Since struct ieee80211_nodereq grows in size old ifconfig won't be
able to scan when running on a new kernel.
While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP.
ok jsg@

In the implementation of the SIOCS80211DELNODE ioctl, call
ieee80211_node_leave() instead of ieee80211_release_node() which screws
up reference counting and leads to use after free problems elsewhere in the
code. Since ieee80211_node_leave() is only available if hostap support is
compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling
without hostap support (e.g. on ramdisks).

ok deraadt@, damien@

Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@

In SIOCS80211SCAN, fail if the interface is not up *and* running.
There are cases where the interface can be up but not running, for
instance if the driver's if_init routine fails halfway for whatever
reason (firmware file not found, hardware switch turned off etc...)
This is because in sys/net/if.c, the returned code of the driver
is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set.
netintro(4) does not say anything about values returned by
SIOCSIFFLAGS, so I don't know whether it is the expected behavior
or not.

pointed out by halex@ and jacekm@ who noticed it was possible to
trigger a scan on wpi(4) even when the hardware switch was turned off.

make "ifconfig if0 chan" list the channels supported by the device.
add "ifconfig if0 scan" to scan for access points or to list known
stations in Host AP mode.
remove the [-]wmm command while i'm here. QoS is mandatory with
802.11n so there's not much point into making it an option.
fix parsing of the "powersave" command too.

discussed with deraadt@
man page hints from jmc@
display hints from sobrado@
"i like it" cnst@, grange@

Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'.
Some supplicants will autoselect 802.1X without giving users the
possibility to choose between PSK or 802.1X.

Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined
in Draft 802.11w) by default in the RSN IE of beacons and probe responses
as it confuses some broken supplicants. This kind of sacrifies security
for interoperability with shitty (but unfortunately widespread) clients
that do not follow the 802.11 standard properly.
This fixes associations from Intel PROSet on XP and also reportedly fixes
some Mac OS clients. I will likely make `psk-sha256' configurable through
ifconfig wpaakms after the 4.5 release.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

txpower range checks should be inclusive.
From FreeBSD via mickey in pr 6024.

ok damien@

small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific
flags using "nwflag".

First step towards cleaning up the Ethernet driver ioctl handling.
Move calling ether_ioctl() from the top of the ioctl function, which
at the moment does absolutely nothing, to the default switch case.
Thus allowing drivers to define their own ioctl handlers and then
falling back on ether_ioctl(). The only functional change this results
in at the moment is having all Ethernet drivers returning the proper
errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown
ioctl's.

Shrinks the i386 kernels by..
RAMDISK - 1024 bytes
RAMDISKB - 1120 bytes
RAMDISKC - 832 bytes

Tested by martin@/jsing@/todd@/brad@
Build tested on almost all archs by todd@/brad@

ok jsing@

Initial implementation of PMKSA caching and pre-authentication.
This will be required for future WPA-Enterprise support (802.1X).
Add ieee80211_needs_auth() function (not implemented yet) to
notify the userland 802.1X PACP machine when an 802.1X port
becomes enabled (that is after successfull 802.11 Open System
authentication).
Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the
PACP state machine can kick the 802.11 key state machine and
install PMKs obtained from 802.1X (pre-)authentication.

Enable SHA-256 based AKMPs by default while I'm here (TGw).
This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC
for data integrity, and AES Key Wrap for data protection of EAPOL-Key
frames. An OpenBSD AP will always advertise this capability and an
OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based
ones if both are supported by an AP.

move code to support Frequency-Hopping spread spectrum (FHSS) PHYs
to the Attic. nothing uses it in the tree and it is very unlikely
that something will use it one day.
the only driver supporting FHSS PHYs in the tree is ray(4) and it
does not use net80211.

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

new SHA-256 based AKMPs.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

return ENOTTY not EINVAL for an unknown ioctl.

ok reyk@ deraadt@ jsg@ dlg@

replace the ieee80211_wepkey structure with a more generic ieee80211_key
one that can be used with other ciphers than WEP.

constify

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

fix the key buffer size used for software wep, this could cause
problems with non-standard wep keys >= 104 bits.

thanks to Alexander Bluhm

ok mglocker@ jsg@

add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode
and "nwflag nobridge" to prevent inter-station communications.
"hidenwid" will also work with wi(4) to replace the old -E 3 option of
wicontrol.

ok damien@ jmc@

add an optional max_rssi attribute to the ieee80211com structure and
allow to export the RSSI Max value with ioctls and by radiotap
headers.

ok damien@ jsg@

description:

we currently use "dB" as an indication for the signal strength in
ifconfig and in the radiotap headers. it means "decibel difference
from an arbitrary, fixed reference". this is quite confusing, because
different chipsets have different references for the dB/rssi values.

we can use the plain RSSI which is described in IEEE 802.11: "The
receive signal strength indicator (RSSI) is an optional parameter that
has a value of 0 through RSSI Max.". all wireless chipsets have
something like a RSSI (normally as a Rx descriptor field), but the
value for RSSI Max is chipset-specific.

if we know the RSSI Max, we can calculate a percentage which is much
easier to understand for the user. we even don't have to use the
absolute RSSI Max, we can use an average RSSI Max, figured out by
monitoring and tuning the RSSI Max of the drivers. if the user gets a
signal of 110%, it would mean "better than the average Max signal".

there's no need to do any RSSI calculations in the kernel, it just
passes the the relative rssi and max_rssi values to userspace. this is
done in the ieee80211_nodereq ioctl structure and possible with a new
radiotap header. the radiotap RSSI header allows to get a flexible but
common signal indicator instead of the complex and unrelated dB/dBm
signal fields. it must include two 8bit values current rssi and RSSI
max.

replace the node hash table with a red-black tree. this fixes some
bugs in the node table (like duplicate nodes in hostap mode), we get
rid of possible hash collisions, and it simplifies the code.

tested by many, ok damien@, jsg@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

remove redundant suser() checks

Protect SIOCSIFMTU, too.

Protect more SIOCS* commands with suser() checks.

Fix some ioctl permission checks on the basis of what if_wi.c does.

remove dead code of unsupported ioctls from FreeBSD. we do it in a
different way.

ok deraadt@, martin@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

add the manual tx power option. this is supported by some prism2/2.5/3
cards in hostap mode but it depends on the firmware version. support
for other wireless chipsets will be added in the future using the
net80211-framework.

ok robert@ bob@ danh@, tested by some others

compatibility ioctls for things like "wicontrol ath0 -l" to
list known stations on a net80211-based ap.
ok millert@

Don't restrict WEP keys to exactly 40 or 108 bits.

Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do
ap scanning via wicontrol.

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

When we change attributes for a join essid, we should apply the change
immediately instead of waiting to (randomly) switch away and switch
back.

Found by martijn@
OK stsp@

Prevent a NULL deref in ieee80211_node2req() which could be triggered
by an ioctl if the driver had not yet initialized the channel map.
Crash reported by nayden@
ok sthen@

Trigger a background scan when root runs the 'ifconfig scan' command.
This will update the list of cached APs for future invocations of the
'scan' command, and will force a search for a better AP to roam to.
ok sthen@ phessler@

branches: 1.75.4;
Make net80211 expose reasons for association failures to userland and have
ifconfig display them in 'scan' output and on the ieee80211 status line if
the failure is applicable to an already selected AP (e.g. wrong WPA key).

This will hopefully reduce the amount of help requests for what often
turn out to be trivial misconfiguration issues that were previously
hard to diagnose without debug mode.

ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in
sync with the kernel. A full 'make build' will do the right thing!

Very helpful input by mpi@ and deraadt@

Fix 'ifconfig nwflags; These flags ended up overlapping with other flags
in ieee80211com's ic_flags because we haven't been paying attention to
them (they're not in the same place in the code and hence easy to miss).
Move them to a dedicated variable to avoid this problem in the future.

Add a new 'stayauth' nwflag which can be set to let net80211 ignore
deauth frames. This can be useful when deauth frames are being
persistently spoofed by an attacker. Idea from beck@

ok beck@ phessler@

branches: 1.73.2;
Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

when removing the currently active network from the join list, disconnect
from it as well

OK stsp@

add a len field when we delete an essid from the joinlist. this will have
us properly match, instead of hoping we got lucky when selecting it.

OK stsp@

let users automatically use join to connect to any open wifi network.
if a known network is visible, always prefer that instead.

requested by many, OK stsp@

print more details about the join'd networks we have saved when a user runs
ifconfig if joinlist

OK stsp@

clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared
based on the state of the joinlist

OK stsp@

do not immediately set the join'd network, the join command only updates
the list.

makes /etc/netstart very fast when ran while the interface is up

OK stsp@

use the correct essid when switching during the ioctl path

pointed out by stsp@

convert the things we save in 'join' into a single ioctl. mixing related
settings over multiple calls was risky and racy. Pass essid, wpa, and wep
paramaters in a single ioctl and process it atomically.

no change for 'nwid' users

OK stsp@ benno@

Make 'ifconfig nwid' override 'ifconfig join'.

There was no way to override a decision made by join's network
selection algorithm (apart from disabling the feature by clearing
the join list). Automatic selection is based on heuristics which
cannot always guess correctly so we need to provide an override.

One specific problem was that if 'nwid foo' and 'nwid bar' were
both visible in the scan and only 'nwid foo' was a member of the
join list, then there was no way at all to connect to 'nwid bar'.
The wireless stack would keep selecting 'nwid foo' instead.

'ifconfig iwm0 nwid bar' command will now disable automatic
network selection and force the use of ESSID 'bar'.
Any of these commands will re-enable automatic network selection:
ifconfig iwm0 -nwid
ifconfig iwm0 nwid ''
ifconfig iwm0 join some-network-id

ok phessler@ deraadt@

make ifconfig <if> join display the list of networks configured for
auto-join
with feedback from florian and stsp
ok florian@ phessler@ (on previous versions of the diff) stsp@

Refactor ieee80211_add_ess():

Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly
from the ic to make it more obvious where this function is reading from.

nwids are binary data with an explicit length, so treat them as such
instead of treating them like strings.

ok florian phessler

Introduce 'auto-join' to the wifi 802.11 stack.

This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.

Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.

example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up

OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

Remove almost unused `flags' argument of suser().

The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.

No objection from millert@, ok tedu@, bluhm@

Stop reporting WPA and WEP keys back to userland.
The kernel is not a password database; look your wifi keys up elsewhere.

Discussed with several.
ok phessler@ jca@

move a function declaration, so the whole net80211 stack can disable wep or wpa

OK stsp@

Changing nwid on a wifi network means it is a new network, so clear the
WPA and WEP configuration.

OK pirofti@ stsp@ sthen@

Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009.
ok stsp@ kevlo@ jca@

Move common code to add/remove multicast filters to ieee80211_ioctl(9).

ok jsg@, stsp@

Plug an information leak in ieee80211_node2req().
Problem reported by Ilja Van Sprundel.
ok tb@

branches: 1.52.4;
Use explicit_bzero() to wipe out key material and add some sizes to free().

ok stsp

When a new WPA key is set while WEP is enabled, disable WEP,
and when a new WEP key is set while WPA is enabled, disable WPA.
Prevents unusable configurations where both WEP and WPA are active
and makes switching between WEP/WPA networks easier.
ok deraadt@ tb@ sthen@

Introduce separate fields for supported WPA protocols and AKMs in struct
ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it
currently configured/enabled settings.
Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi
interface is not configured to use WPA (my previous commit attempted to
fix the same problem but didn't make it work in all cases).
ok tb@

Make 'ifconfig scan' display AP encryption correctly if WEP is configured
on the local wifi interface. ifconfig was mistakenly showing the common
supported subset of client and AP, rather than showing the AP's capabilities.
Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means
ifconfig must be recompiled to run on a new kernel.
ok deraadt@ mpi@

Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1.
Without this fix it was impossible to use WPA1 without also making use of the
wpaciphers option to enable TKIP. Problem noticed by pirofti@.
ok mpi@

When we disable WPA on an interface, wipe all of the WPA parameters,
including removing the 802.1x configuration from the card.

Found while coming home from CCC Congress.

OK stsp@

Disable TKIP (WPA1) by default.

It is time for this legacy of WEP to die (remember WEP?).
The 802.11-2012 standard says:
The use of TKIP is deprecated. The TKIP algorithm is unsuitable for
the purposes of this standard.

TKIP has numerous problems. One of which is that TKIP allows a denial of
service attack which can be triggered by any client. Report 2 Michael MIC
failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now
required by the 802.11 standard to lock everyone out for at least 60 seconds.
The network will remain unusable for as long as such MIC failure reports
are sent twice per minute.

TKIP remains available for interoperability purposes, for now.
It must be enabled manually with ifconfig(8).

Prompted by discussion with Mathy Vanhoef.
ok deraadt@ sthen@ reyk@

While copying out channel flags to userspace, omit the HT channel flag if
we're not in 11n mode. This will allow tcpdump to show the mode correctly.
ok mpi@

move from RB macros to the RBT functions.

shaves about 5k off an amd64 GENERIC.MP kernel

If a driver reports RSSI in the 20-100 range, convert to a negative value.
Fixes dBm values displayed by 'ifconfig scan' with several drivers.
ok mpi@ jca@

Expose more 802.11n information to userspace:
A flag which indicates whether HT has been negotiated with a node,
and the current Tx MCS value we use for a node.

This grows struct ieee80211_nodereq. Applications using it must be recompiled.

ok mpi@

branches: 1.41.2;
Copy some ieee8021_node HT information to userspace.
ifconfig needs to be recompiled.
ok mpi@

Fix manual scan while associated in 11a mode. It would only show APs on 5GHz.
Problem found by benno@
ok benno@ kettenis@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef some more INET. v4 4life.

remove uneeded proc.h includes
ok mpi@ kspillner@

Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes
which have been seen but which haven't otherwise interacted with us), fixing
a problem where old cached nodes are seen when doing a scan.
From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@

Return RSN (WPA) information to userland during wireless scan, and
make ifconfig show whether a wireless network uses WEP or WPA.
Since struct ieee80211_nodereq grows in size old ifconfig won't be
able to scan when running on a new kernel.
While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP.
ok jsg@

In the implementation of the SIOCS80211DELNODE ioctl, call
ieee80211_node_leave() instead of ieee80211_release_node() which screws
up reference counting and leads to use after free problems elsewhere in the
code. Since ieee80211_node_leave() is only available if hostap support is
compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling
without hostap support (e.g. on ramdisks).

ok deraadt@, damien@

Correctly report copyout() failure in SIOCG80211STATS ioctl; ok damien@ jsg@

In SIOCS80211SCAN, fail if the interface is not up *and* running.
There are cases where the interface can be up but not running, for
instance if the driver's if_init routine fails halfway for whatever
reason (firmware file not found, hardware switch turned off etc...)
This is because in sys/net/if.c, the returned code of the driver
is ignored for SIOCSIFFLAGS and the IFF_UP flags is left set.
netintro(4) does not say anything about values returned by
SIOCSIFFLAGS, so I don't know whether it is the expected behavior
or not.

pointed out by halex@ and jacekm@ who noticed it was possible to
trigger a scan on wpi(4) even when the hardware switch was turned off.

make "ifconfig if0 chan" list the channels supported by the device.
add "ifconfig if0 scan" to scan for access points or to list known
stations in Host AP mode.
remove the [-]wmm command while i'm here. QoS is mandatory with
802.11n so there's not much point into making it an option.
fix parsing of the "powersave" command too.

discussed with deraadt@
man page hints from jmc@
display hints from sobrado@
"i like it" cnst@, grange@

Change ifconfig wpaakms default setting to `psk' instead of `psk,802.1x'.
Some supplicants will autoselect 802.1X without giving users the
possibility to choose between PSK or 802.1X.

Similarly, no longer announce `PSK with SHA-256 based KDF' AKMP (defined
in Draft 802.11w) by default in the RSN IE of beacons and probe responses
as it confuses some broken supplicants. This kind of sacrifies security
for interoperability with shitty (but unfortunately widespread) clients
that do not follow the 802.11 standard properly.
This fixes associations from Intel PROSet on XP and also reportedly fixes
some Mac OS clients. I will likely make `psk-sha256' configurable through
ifconfig wpaakms after the 4.5 release.

Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:
- implement A-MPDU frames buffering and reordering
- implement A-MSDU decapsulation
- process/send ADDBA Request, ADDBA Response and DELBA action frames
- process Block Ack Request control frames (including MTBAR)
- implement PBAC support (Protected Block Ack)
- add some incomplete HT Capabilities and HT Operation IEs parsing

Add more Management Frame Protection bits based on 802.11w Draft 7.0:
- implement SA Query procedure (both AP and STA)
- cleanup BIP

Fix some bugs:
- fix check for WEP key length that otherwise caused a stack smash in
ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc)
- properly stop EAPOL timeout: fixes a panic that occured in HostAP mode
when turning the interface down while a 4-way handshake is in progress
(pointed out by Doughertys)

Did some code cleanup too.

The HT bits are currently not compiled in (IEEE80211_NO_HT is defined)
because they won't be ready until after the next release and I didn't
want to grow the kernel or to inadvertently introduce new bugs.
They are here such that other people can look at the code.
Notice that I had to add an extra parameter to ic_send_mgmt() for
action frames, that is why there are small changes in drivers defining
their own ic_send_mgmt() handler.

Sorry for the not very incremental diff but this has been sitting in
my tree for too long now.

txpower range checks should be inclusive.
From FreeBSD via mickey in pr 6024.

ok damien@

small fix for IEEE80211_STA_ONLY: do not let users set HostAP specific
flags using "nwflag".

First step towards cleaning up the Ethernet driver ioctl handling.
Move calling ether_ioctl() from the top of the ioctl function, which
at the moment does absolutely nothing, to the default switch case.
Thus allowing drivers to define their own ioctl handlers and then
falling back on ether_ioctl(). The only functional change this results
in at the moment is having all Ethernet drivers returning the proper
errno of ENOTTY instead of EINVAL/ENXIO when encountering unknown
ioctl's.

Shrinks the i386 kernels by..
RAMDISK - 1024 bytes
RAMDISKB - 1120 bytes
RAMDISKC - 832 bytes

Tested by martin@/jsing@/todd@/brad@
Build tested on almost all archs by todd@/brad@

ok jsing@

Initial implementation of PMKSA caching and pre-authentication.
This will be required for future WPA-Enterprise support (802.1X).
Add ieee80211_needs_auth() function (not implemented yet) to
notify the userland 802.1X PACP machine when an 802.1X port
becomes enabled (that is after successfull 802.11 Open System
authentication).
Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the
PACP state machine can kick the 802.11 key state machine and
install PMKs obtained from 802.1X (pre-)authentication.

Enable SHA-256 based AKMPs by default while I'm here (TGw).
This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC
for data integrity, and AES Key Wrap for data protection of EAPOL-Key
frames. An OpenBSD AP will always advertise this capability and an
OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based
ones if both are supported by an AP.

move code to support Frequency-Hopping spread spectrum (FHSS) PHYs
to the Attic. nothing uses it in the tree and it is very unlikely
that something will use it one day.
the only driver supporting FHSS PHYs in the tree is ray(4) and it
does not use net80211.

introduce new IEEE80211_STA_ONLY kernel option that can be set to
remove IBSS and HostAP support from net80211 and 802.11 drivers.
it can be used to shrink RAMDISK kernels for instance (like what
was done for wi(4)).
it also has the benefit of highlighting what is specific to IBSS
and HostAP modes in the code.
the cost is that we now have two code paths to maintain.

new SHA-256 based AKMPs.

Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

return ENOTTY not EINVAL for an unknown ioctl.

ok reyk@ deraadt@ jsg@ dlg@

replace the ieee80211_wepkey structure with a more generic ieee80211_key
one that can be used with other ciphers than WEP.

constify

The license permits us to redistribute this code under the BSD or the GPLv2.
Choose the BSD license so that future enhancements will be BSD-only.

ok jsg@ reyk@ deraadt@

fix the key buffer size used for software wep, this could cause
problems with non-standard wep keys >= 104 bits.

thanks to Alexander Bluhm

ok mglocker@ jsg@

add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode
and "nwflag nobridge" to prevent inter-station communications.
"hidenwid" will also work with wi(4) to replace the old -E 3 option of
wicontrol.

ok damien@ jmc@

add an optional max_rssi attribute to the ieee80211com structure and
allow to export the RSSI Max value with ioctls and by radiotap
headers.

ok damien@ jsg@

description:

we currently use "dB" as an indication for the signal strength in
ifconfig and in the radiotap headers. it means "decibel difference
from an arbitrary, fixed reference". this is quite confusing, because
different chipsets have different references for the dB/rssi values.

we can use the plain RSSI which is described in IEEE 802.11: "The
receive signal strength indicator (RSSI) is an optional parameter that
has a value of 0 through RSSI Max.". all wireless chipsets have
something like a RSSI (normally as a Rx descriptor field), but the
value for RSSI Max is chipset-specific.

if we know the RSSI Max, we can calculate a percentage which is much
easier to understand for the user. we even don't have to use the
absolute RSSI Max, we can use an average RSSI Max, figured out by
monitoring and tuning the RSSI Max of the drivers. if the user gets a
signal of 110%, it would mean "better than the average Max signal".

there's no need to do any RSSI calculations in the kernel, it just
passes the the relative rssi and max_rssi values to userspace. this is
done in the ieee80211_nodereq ioctl structure and possible with a new
radiotap header. the radiotap RSSI header allows to get a flexible but
common signal indicator instead of the complex and unrelated dB/dBm
signal fields. it must include two 8bit values current rssi and RSSI
max.

replace the node hash table with a red-black tree. this fixes some
bugs in the node table (like duplicate nodes in hostap mode), we get
rid of possible hash collisions, and it simplifies the code.

tested by many, ok damien@, jsg@

add ifconfig -M option to replace wicontrol -L and -l for ap scanning
and node listing. wicontrol is not supported by net80211 drivers
anymore. further improvements will be done.

ok dlg@, jsg@

remove redundant suser() checks

Protect SIOCSIFMTU, too.

Protect more SIOCS* commands with suser() checks.

Fix some ioctl permission checks on the basis of what if_wi.c does.

remove dead code of unsupported ioctls from FreeBSD. we do it in a
different way.

ok deraadt@, martin@

derived from NetBSD:

---
Make the node table into an LRU cache: least-recently used nodes
are at the end of the node queue. Change the reference-counting
discipline: ni->ni_refcnt indicates how many times net80211 has
granted ni to the driver. Every node in the table with ni_refcnt=0
is eligible to be garbage-collected. The mere presence of a node
in the table does not any longer indicate its auth/assoc state;
nodes have a ni_state variable, now.

While I am here, patch ieee80211_find_node_for_beacon to do a "best
match" by bssid/ssid/channel, not a "perfect match." This keeps
net80211 from caching duplicate nodes in the table.
---

ok deraadt@ dlg@, looks good jsg@

add the manual tx power option. this is supported by some prism2/2.5/3
cards in hostap mode but it depends on the firmware version. support
for other wireless chipsets will be added in the future using the
net80211-framework.

ok robert@ bob@ danh@, tested by some others

compatibility ioctls for things like "wicontrol ath0 -l" to
list known stations on a net80211-based ap.
ok millert@

Don't restrict WEP keys to exactly 40 or 108 bits.

Enable AP scanning via the WI_RID_PRISM2 ioctl. Now atw(4) can do
ap scanning via wicontrol.

Import current NetBSD/FreeBSD 802.11 framework.
Based in part on a diff from Matthew Gream.

Prevent a NULL deref in ieee80211_node2req() which could be triggered
by an ioctl if the driver had not yet initialized the channel map.
Crash reported by nayden@
ok sthen@

Trigger a background scan when root runs the 'ifconfig scan' command.
This will update the list of cached APs for future invocations of the
'scan' command, and will force a search for a better AP to roam to.
ok sthen@ phessler@

Make net80211 expose reasons for association failures to userland and have
ifconfig display them in 'scan' output and on the ieee80211 status line if
the failure is applicable to an already selected AP (e.g. wrong WPA key).

This will hopefully reduce the amount of help requests for what often
turn out to be trivial misconfiguration issues that were previously
hard to diagnose without debug mode.

ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in
sync with the kernel. A full 'make build' will do the right thing!

Very helpful input by mpi@ and deraadt@

Fix 'ifconfig nwflags; These flags ended up overlapping with other flags
in ieee80211com's ic_flags because we haven't been paying attention to
them (they're not in the same place in the code and hence easy to miss).
Move them to a dedicated variable to avoid this problem in the future.

Add a new 'stayauth' nwflag which can be set to let net80211 ignore
deauth frames. This can be useful when deauth frames are being
persistently spoofed by an attacker. Idea from beck@

ok beck@ phessler@

Make ifconfig(8) display whether bwfm(4) firmware is using 802.11ac.
ok patrick@ mpi@

when removing the currently active network from the join list, disconnect
from it as well

OK stsp@

add a len field when we delete an essid from the joinlist. this will have
us properly match, instead of hoping we got lucky when selecting it.

OK stsp@

let users automatically use join to connect to any open wifi network.
if a known network is visible, always prefer that instead.

requested by many, OK stsp@

print more details about the join'd networks we have saved when a user runs
ifconfig if joinlist

OK stsp@

clean up accounting of the AUTO_JOIN flag by making sure it is set or cleared
based on the state of the joinlist

OK stsp@

do not immediately set the join'd network, the join command only updates
the list.

makes /etc/netstart very fast when ran while the interface is up

OK stsp@

use the correct essid when switching during the ioctl path

pointed out by stsp@

convert the things we save in 'join' into a single ioctl. mixing related
settings over multiple calls was risky and racy. Pass essid, wpa, and wep
paramaters in a single ioctl and process it atomically.

no change for 'nwid' users

OK stsp@ benno@

Make 'ifconfig nwid' override 'ifconfig join'.

There was no way to override a decision made by join's network
selection algorithm (apart from disabling the feature by clearing
the join list). Automatic selection is based on heuristics which
cannot always guess correctly so we need to provide an override.

One specific problem was that if 'nwid foo' and 'nwid bar' were
both visible in the scan and only 'nwid foo' was a member of the
join list, then there was no way at all to connect to 'nwid bar'.
The wireless stack would keep selecting 'nwid foo' instead.

'ifconfig iwm0 nwid bar' command will now disable automatic
network selection and force the use of ESSID 'bar'.
Any of these commands will re-enable automatic network selection:
ifconfig iwm0 -nwid
ifconfig iwm0 nwid ''
ifconfig iwm0 join some-network-id

ok phessler@ deraadt@

make ifconfig <if> join display the list of networks configured for
auto-join
with feedback from florian and stsp
ok florian@ phessler@ (on previous versions of the diff) stsp@

Refactor ieee80211_add_ess():

Drop ieee80211_add_ess's nwid parameter. Read nwid and length directly
from the ic to make it more obvious where this function is reading from.

nwids are binary data with an explicit length, so treat them as such
instead of treating them like strings.

ok florian phessler

Introduce 'auto-join' to the wifi 802.11 stack.

This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.

Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.

example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up

OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years

net80211: stub SIOCS80211SCAN, make ifconfig scan instant.

The following removes the functionality of the SIOCS80211SCAN ioctl.
After long discussions with stps@, mpi@, and deraadt@ we decided that
this was the correct way of fixing ifconfig scan from blocking the
network stack.

The kernel will continue scanning in the background and filling the
nodes array, but ifconfig scan commands will now basically do just a
SIOCG80211ALLNODES and pretty print the array. So the output stays the
same but is instant.

In fact, when the interface is freshly brought up, if you type fast
enough, you can see the array being filled by running multiple ifconfig
scans in sequence.

The SIOCS80211SCAN ioctl stays for now as wi(4), pgt(4) and malo(4)
still need it around. But not for long...

Another change that this introduces is the fact that ifconfig scan no
longer plays with UP and DOWN. If the interface is down it complains and
exits. This is needed in order to maintain the nodes list.

Works on iwm(4), iwn(4), urtwn(4), run(4) and athn(4).

Tested by mpi@, landry@, florian@, thanks!
OK mpi@.

Remove almost unused `flags' argument of suser().

The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.

No objection from millert@, ok tedu@, bluhm@

Stop reporting WPA and WEP keys back to userland.
The kernel is not a password database; look your wifi keys up elsewhere.

Discussed with several.
ok phessler@ jca@

move a function declaration, so the whole net80211 stack can disable wep or wpa

OK stsp@

Changing nwid on a wifi network means it is a new network, so clear the
WPA and WEP configuration.

OK pirofti@ stsp@ sthen@

Remove 80211WMMPARMS ioctls. Last used in ifconfig in 2009.
ok stsp@ kevlo@ jca@

Move common code to add/remove multicast filters to ieee80211_ioctl(9).

ok jsg@, stsp@

Plug an information leak in ieee80211_node2req().
Problem reported by Ilja Van Sprundel.
ok tb@

branches: 1.52.4;
Use explicit_bzero() to wipe out key material and add some sizes to free().

ok stsp

When a new WPA key is set while WEP is enabled, disable WEP,
and when a new WEP key is set while WPA is enabled, disable WPA.
Prevents unusable configurations where both WEP and WPA are active
and makes switching between WEP/WPA networks easier.
ok deraadt@ tb@ sthen@

Introduce separate fields for supported WPA protocols and AKMs in struct
ieee80211_node. Pass these fields to 'ifconfig scan' instead of giving it
currently configured/enabled settings.
Fixes display of AP WPA capabilities in 'ifconfig scan' while the wifi
interface is not configured to use WPA (my previous commit attempted to
fix the same problem but didn't make it work in all cases).
ok tb@

Make 'ifconfig scan' display AP encryption correctly if WEP is configured
on the local wifi interface. ifconfig was mistakenly showing the common
supported subset of client and AP, rather than showing the AP's capabilities.
Exposes WPA protocol capabilities in struct ieee80211_nodereq, which means
ifconfig must be recompiled to run on a new kernel.
ok deraadt@ mpi@

Enable TKIP as pairwise cipher when ifconfig's wpaprotos option enables WPA1.
Without this fix it was impossible to use WPA1 without also making use of the
wpaciphers option to enable TKIP. Problem noticed by pirofti@.
ok mpi@

When we disable WPA on an interface, wipe all of the WPA parameters,
including removing the 802.1x configuration from the card.

Found while coming home from CCC Congress.

OK stsp@

Disable TKIP (WPA1) by default.

It is time for this legacy of WEP to die (remember WEP?).
The 802.11-2012 standard says:
The use of TKIP is deprecated. The TKIP algorithm is unsuitable for
the purposes of this standard.

TKIP has numerous problems. One of which is that TKIP allows a denial of
service attack which can be triggered by any client. Report 2 Michael MIC
failures to a TKIP AP to trigger "TKIP countermeasures". The AP is now
required by the 802.11 standard to lock everyone out for at least 60 seconds.
The network will remain unusable for as long as such MIC failure reports
are sent twice per minute.

TKIP remains available for interoperability purposes, for now.
It must be enabled manually with ifconfig(8).

Prompted by discussion with Mathy Vanhoef.
ok deraadt@ sthen@ reyk@

While copying out channel flags to userspace, omit the HT channel flag if
we're not in 11n mode. This will allow tcpdump to show the mode correctly.
ok mpi@

move from RB macros to the RBT functions.

shaves about 5k off an amd64 GENERIC.MP kernel

If a driver reports RSSI in the 20-100 range, convert to a negative value.
Fixes dBm values displayed by 'ifconfig scan' with several drivers.
ok mpi@ jca@

Expose more 802.11n information to userspace:
A flag which indicates whether HT has been negotiated with a node,
and the current Tx MCS value we use for a node.

This grows struct ieee80211_nodereq. Applications using it must be recompiled.

ok mpi@

branches: 1.41.2;
Copy some ieee8021_node HT information to userspace.
ifconfig needs to be recompiled.
ok mpi@

Fix manual scan while associated in 11a mode. It would only show APs on 5GHz.
Problem found by benno@
ok benno@ kettenis@

Remove some includes include-what-you-use claims don't
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.

ok tedu@ deraadt@

unifdef some more INET. v4 4life.

remove uneeded proc.h includes
ok mpi@ kspillner@

Remove cached 802.11 nodes in IEEE80211_STA_CACHE state (these are nodes
which have been seen but which haven't otherwise interacted with us), fixing
a problem where old cached nodes are seen when doing a scan.
From Marcin Piotr Pawlowski, feedback stsp@ ok kspillner@ dcoppa@

Return RSN (WPA) information to userland during wireless scan, and
make ifconfig show whether a wireless network uses WEP or WPA.
Since struct ieee80211_nodereq grows in size old ifconfig won't be
able to scan when running on a new kernel.
While here, add missing ioctl constant IEEE80211_WPA_CIPHER_BIP.
ok jsg@

In the implementation of the SIOCS80211DELNODE ioctl, call
ieee80211_node_leave() instead of ieee80211_release_node() which screws
up reference counting and leads to use after free problems elsewhere in the
code. Since ieee80211_node_leave() is only available if hostap support is
compiled in, don't privide the SIOCS80211DELNODE ioctl if we're compiling
without hostap support (e.g. on ramdisks).

ok deraadt@, damien@