1/*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2007-2008 Sam Leffler, Errno Consulting 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include <sys/cdefs.h> 29#ifdef __FreeBSD__ 30__FBSDID("$FreeBSD: releng/12.0/sys/net80211/ieee80211_dfs.c 326272 2017-11-27 15:23:17Z pfg $"); 31#endif 32 33/* 34 * IEEE 802.11 DFS/Radar support. 35 */ 36#include "opt_inet.h" 37#include "opt_wlan.h" 38 39#include <sys/param.h> 40#include <sys/systm.h> 41#include <sys/mbuf.h> 42#include <sys/malloc.h> 43#include <sys/kernel.h> 44 45#include <sys/socket.h> 46#include <sys/sockio.h> 47#include <sys/endian.h> 48#include <sys/errno.h> 49#include <sys/proc.h> 50#include <sys/sysctl.h> 51 52#include <net/if.h> 53#include <net/if_var.h> 54#include <net/if_media.h> 55#include <net/ethernet.h> 56 57#include <net80211/ieee80211_var.h> 58 59static MALLOC_DEFINE(M_80211_DFS, "80211dfs", "802.11 DFS state"); 60 61static int ieee80211_nol_timeout = 30*60; /* 30 minutes */ 62SYSCTL_INT(_net_wlan, OID_AUTO, nol_timeout, CTLFLAG_RW, 63 &ieee80211_nol_timeout, 0, "NOL timeout (secs)"); 64#define NOL_TIMEOUT msecs_to_ticks(ieee80211_nol_timeout*1000) 65 66static int ieee80211_cac_timeout = 60; /* 60 seconds */ 67SYSCTL_INT(_net_wlan, OID_AUTO, cac_timeout, CTLFLAG_RW, 68 &ieee80211_cac_timeout, 0, "CAC timeout (secs)"); 69#define CAC_TIMEOUT msecs_to_ticks(ieee80211_cac_timeout*1000) 70 71/* 72 DFS* In order to facilitate debugging, a couple of operating 73 * modes aside from the default are needed. 74 * 75 * 0 - default CAC/NOL behaviour - ie, start CAC, place 76 * channel on NOL list. 77 * 1 - send CAC, but don't change channel or add the channel 78 * to the NOL list. 79 * 2 - just match on radar, don't send CAC or place channel in 80 * the NOL list. 81 */ 82static int ieee80211_dfs_debug = DFS_DBG_NONE; 83 84/* 85 * This option must not be included in the default kernel 86 * as it allows users to plainly disable CAC/NOL handling. 87 */ 88#ifdef IEEE80211_DFS_DEBUG 89SYSCTL_INT(_net_wlan, OID_AUTO, dfs_debug, CTLFLAG_RW, 90 &ieee80211_dfs_debug, 0, "DFS debug behaviour"); 91#endif 92 93static int 94null_set_quiet(struct ieee80211_node *ni, u_int8_t *quiet_elm) 95{ 96 return ENOSYS; 97} 98 99void 100ieee80211_dfs_attach(struct ieee80211com *ic) 101{ 102 struct ieee80211_dfs_state *dfs = &ic->ic_dfs; 103 104 callout_init_mtx(&dfs->nol_timer, IEEE80211_LOCK_OBJ(ic), 0); 105 callout_init_mtx(&dfs->cac_timer, IEEE80211_LOCK_OBJ(ic), 0); 106 107 ic->ic_set_quiet = null_set_quiet; 108} 109 110void 111ieee80211_dfs_detach(struct ieee80211com *ic) 112{ 113 /* NB: we assume no locking is needed */ 114 ieee80211_dfs_reset(ic); 115} 116 117void 118ieee80211_dfs_reset(struct ieee80211com *ic) 119{ 120 struct ieee80211_dfs_state *dfs = &ic->ic_dfs; 121 int i; 122 123 /* NB: we assume no locking is needed */ 124 /* NB: cac_timer should be cleared by the state machine */ 125 callout_drain(&dfs->nol_timer); 126 for (i = 0; i < ic->ic_nchans; i++) 127 ic->ic_channels[i].ic_state = 0; 128 dfs->lastchan = NULL; 129} 130 131static void 132cac_timeout(void *arg) 133{ 134 struct ieee80211vap *vap = arg; 135 struct ieee80211com *ic = vap->iv_ic; 136 struct ieee80211_dfs_state *dfs = &ic->ic_dfs; 137 int i; 138 139 IEEE80211_LOCK_ASSERT(ic); 140 141 if (vap->iv_state != IEEE80211_S_CAC) /* NB: just in case */ 142 return; 143 /* 144 * When radar is detected during a CAC we are woken 145 * up prematurely to switch to a new channel. 146 * Check the channel to decide how to act. 147 */ 148 if (IEEE80211_IS_CHAN_RADAR(ic->ic_curchan)) { 149 ieee80211_notify_cac(ic, ic->ic_curchan, 150 IEEE80211_NOTIFY_CAC_RADAR); 151 152 if_printf(vap->iv_ifp, 153 "CAC timer on channel %u (%u MHz) stopped due to radar\n", 154 ic->ic_curchan->ic_ieee, ic->ic_curchan->ic_freq); 155 156 /* XXX clobbers any existing desired channel */ 157 /* NB: dfs->newchan may be NULL, that's ok */ 158 vap->iv_des_chan = dfs->newchan; 159 ieee80211_new_state_locked(vap, IEEE80211_S_SCAN, 0); 160 } else { 161 if_printf(vap->iv_ifp, 162 "CAC timer on channel %u (%u MHz) expired; " 163 "no radar detected\n", 164 ic->ic_curchan->ic_ieee, ic->ic_curchan->ic_freq); 165 /* 166 * Mark all channels with the current frequency 167 * as having completed CAC; this keeps us from 168 * doing it again until we change channels. 169 */ 170 for (i = 0; i < ic->ic_nchans; i++) { 171 struct ieee80211_channel *c = &ic->ic_channels[i]; 172 if (c->ic_freq == ic->ic_curchan->ic_freq) 173 c->ic_state |= IEEE80211_CHANSTATE_CACDONE; 174 } 175 ieee80211_notify_cac(ic, ic->ic_curchan, 176 IEEE80211_NOTIFY_CAC_EXPIRE); 177 ieee80211_cac_completeswitch(vap); 178 } 179} 180 181/* 182 * Initiate the CAC timer. The driver is responsible 183 * for setting up the hardware to scan for radar on the 184 * channnel, we just handle timing things out. 185 */ 186void 187ieee80211_dfs_cac_start(struct ieee80211vap *vap) 188{ 189 struct ieee80211com *ic = vap->iv_ic; 190 struct ieee80211_dfs_state *dfs = &ic->ic_dfs; 191 192 IEEE80211_LOCK_ASSERT(ic); 193 194 callout_reset(&dfs->cac_timer, CAC_TIMEOUT, cac_timeout, vap); 195 if_printf(vap->iv_ifp, "start %d second CAC timer on channel %u (%u MHz)\n", 196 ticks_to_secs(CAC_TIMEOUT), 197 ic->ic_curchan->ic_ieee, ic->ic_curchan->ic_freq); 198 ieee80211_notify_cac(ic, ic->ic_curchan, IEEE80211_NOTIFY_CAC_START); 199} 200 201/* 202 * Clear the CAC timer. 203 */ 204void 205ieee80211_dfs_cac_stop(struct ieee80211vap *vap) 206{ 207 struct ieee80211com *ic = vap->iv_ic; 208 struct ieee80211_dfs_state *dfs = &ic->ic_dfs; 209 210 IEEE80211_LOCK_ASSERT(ic); 211 212 /* NB: racey but not important */ 213 if (callout_pending(&dfs->cac_timer)) { 214 if_printf(vap->iv_ifp, "stop CAC timer on channel %u (%u MHz)\n", 215 ic->ic_curchan->ic_ieee, ic->ic_curchan->ic_freq); 216 ieee80211_notify_cac(ic, ic->ic_curchan, 217 IEEE80211_NOTIFY_CAC_STOP); 218 } 219 callout_stop(&dfs->cac_timer); 220} 221 222void 223ieee80211_dfs_cac_clear(struct ieee80211com *ic, 224 const struct ieee80211_channel *chan) 225{ 226 int i; 227 228 for (i = 0; i < ic->ic_nchans; i++) { 229 struct ieee80211_channel *c = &ic->ic_channels[i]; 230 if (c->ic_freq == chan->ic_freq) 231 c->ic_state &= ~IEEE80211_CHANSTATE_CACDONE; 232 } 233} 234 235static void 236dfs_timeout(void *arg) 237{ 238 struct ieee80211com *ic = arg; 239 struct ieee80211_dfs_state *dfs = &ic->ic_dfs; 240 struct ieee80211_channel *c; 241 int i, oldest, now; 242 243 IEEE80211_LOCK_ASSERT(ic); 244 245 now = oldest = ticks; 246 for (i = 0; i < ic->ic_nchans; i++) { 247 c = &ic->ic_channels[i]; 248 if (IEEE80211_IS_CHAN_RADAR(c)) { 249 if (ieee80211_time_after_eq(now, dfs->nol_event[i]+NOL_TIMEOUT)) { 250 c->ic_state &= ~IEEE80211_CHANSTATE_RADAR; 251 if (c->ic_state & IEEE80211_CHANSTATE_NORADAR) { 252 /* 253 * NB: do this here so we get only one 254 * msg instead of one for every channel 255 * table entry. 256 */ 257 ic_printf(ic, "radar on channel %u " 258 "(%u MHz) cleared after timeout\n", 259 c->ic_ieee, c->ic_freq); 260 /* notify user space */ 261 c->ic_state &= 262 ~IEEE80211_CHANSTATE_NORADAR; 263 ieee80211_notify_radar(ic, c); 264 } 265 } else if (dfs->nol_event[i] < oldest) 266 oldest = dfs->nol_event[i]; 267 } 268 } 269 if (oldest != now) { 270 /* arrange to process next channel up for a status change */ 271 callout_schedule(&dfs->nol_timer, oldest + NOL_TIMEOUT - now); 272 } 273} 274 275static void 276announce_radar(struct ieee80211com *ic, const struct ieee80211_channel *curchan, 277 const struct ieee80211_channel *newchan) 278{ 279 if (newchan == NULL) 280 ic_printf(ic, "radar detected on channel %u (%u MHz)\n", 281 curchan->ic_ieee, curchan->ic_freq); 282 else 283 ic_printf(ic, "radar detected on channel %u (%u MHz), " 284 "moving to channel %u (%u MHz)\n", 285 curchan->ic_ieee, curchan->ic_freq, 286 newchan->ic_ieee, newchan->ic_freq); 287} 288 289/* 290 * Handle a radar detection event on a channel. The channel is 291 * added to the NOL list and we record the time of the event. 292 * Entries are aged out after NOL_TIMEOUT. If radar was 293 * detected while doing CAC we force a state/channel change. 294 * Otherwise radar triggers a channel switch using the CSA 295 * mechanism (when the channel is the bss channel). 296 */ 297void 298ieee80211_dfs_notify_radar(struct ieee80211com *ic, struct ieee80211_channel *chan) 299{ 300 struct ieee80211_dfs_state *dfs = &ic->ic_dfs; 301 int i, now; 302 303 IEEE80211_LOCK_ASSERT(ic); 304 305 /* 306 * If doing DFS debugging (mode 2), don't bother 307 * running the rest of this function. 308 * 309 * Simply announce the presence of the radar and continue 310 * along merrily. 311 */ 312 if (ieee80211_dfs_debug == DFS_DBG_NOCSANOL) { 313 announce_radar(ic, chan, chan); 314 ieee80211_notify_radar(ic, chan); 315 return; 316 } 317 318 /* 319 * Don't mark the channel and don't put it into NOL 320 * if we're doing DFS debugging. 321 */ 322 if (ieee80211_dfs_debug == DFS_DBG_NONE) { 323 /* 324 * Mark all entries with this frequency. Notify user 325 * space and arrange for notification when the radar 326 * indication is cleared. Then kick the NOL processing 327 * thread if not already running. 328 */ 329 now = ticks; 330 for (i = 0; i < ic->ic_nchans; i++) { 331 struct ieee80211_channel *c = &ic->ic_channels[i]; 332 if (c->ic_freq == chan->ic_freq) { 333 c->ic_state &= ~IEEE80211_CHANSTATE_CACDONE; 334 c->ic_state |= IEEE80211_CHANSTATE_RADAR; 335 dfs->nol_event[i] = now; 336 } 337 } 338 ieee80211_notify_radar(ic, chan); 339 chan->ic_state |= IEEE80211_CHANSTATE_NORADAR; 340 if (!callout_pending(&dfs->nol_timer)) 341 callout_reset(&dfs->nol_timer, NOL_TIMEOUT, 342 dfs_timeout, ic); 343 } 344 345 /* 346 * If radar is detected on the bss channel while 347 * doing CAC; force a state change by scheduling the 348 * callout to be dispatched asap. Otherwise, if this 349 * event is for the bss channel then we must quiet 350 * traffic and schedule a channel switch. 351 * 352 * Note this allows us to receive notification about 353 * channels other than the bss channel; not sure 354 * that can/will happen but it's simple to support. 355 */ 356 if (chan == ic->ic_bsschan) { 357 /* XXX need a way to defer to user app */ 358 359 /* 360 * Don't flip over to a new channel if 361 * we are currently doing DFS debugging. 362 */ 363 if (ieee80211_dfs_debug == DFS_DBG_NONE) 364 dfs->newchan = ieee80211_dfs_pickchannel(ic); 365 else 366 dfs->newchan = chan; 367 368 announce_radar(ic, chan, dfs->newchan); 369 370 if (callout_pending(&dfs->cac_timer)) 371 callout_schedule(&dfs->cac_timer, 0); 372 else if (dfs->newchan != NULL) { 373 /* XXX mode 1, switch count 2 */ 374 /* XXX calculate switch count based on max 375 switch time and beacon interval? */ 376 ieee80211_csa_startswitch(ic, dfs->newchan, 1, 2); 377 } else { 378 /* 379 * Spec says to stop all transmissions and 380 * wait on the current channel for an entry 381 * on the NOL to expire. 382 */ 383 /*XXX*/ 384 ic_printf(ic, "%s: No free channels; waiting for entry " 385 "on NOL to expire\n", __func__); 386 } 387 } else { 388 /* 389 * Issue rate-limited console msgs. 390 */ 391 if (dfs->lastchan != chan) { 392 dfs->lastchan = chan; 393 dfs->cureps = 0; 394 announce_radar(ic, chan, NULL); 395 } else if (ppsratecheck(&dfs->lastevent, &dfs->cureps, 1)) { 396 announce_radar(ic, chan, NULL); 397 } 398 } 399} 400 401struct ieee80211_channel * 402ieee80211_dfs_pickchannel(struct ieee80211com *ic) 403{ 404 struct ieee80211_channel *c; 405 int i, flags; 406 uint16_t v; 407 408 /* 409 * Consult the scan cache first. 410 */ 411 flags = ic->ic_curchan->ic_flags & IEEE80211_CHAN_ALL; 412 /* 413 * XXX if curchan is HT this will never find a channel 414 * XXX 'cuz we scan only legacy channels 415 */ 416 c = ieee80211_scan_pickchannel(ic, flags); 417 if (c != NULL) 418 return c; 419 /* 420 * No channel found in scan cache; select a compatible 421 * one at random (skipping channels where radar has 422 * been detected). 423 */ 424 get_random_bytes(&v, sizeof(v)); 425 v %= ic->ic_nchans; 426 for (i = v; i < ic->ic_nchans; i++) { 427 c = &ic->ic_channels[i]; 428 if (!IEEE80211_IS_CHAN_RADAR(c) && 429 (c->ic_flags & flags) == flags) 430 return c; 431 } 432 for (i = 0; i < v; i++) { 433 c = &ic->ic_channels[i]; 434 if (!IEEE80211_IS_CHAN_RADAR(c) && 435 (c->ic_flags & flags) == flags) 436 return c; 437 } 438 ic_printf(ic, "HELP, no channel located to switch to!\n"); 439 return NULL; 440} 441