From owner-p4-projects@FreeBSD.ORG Fri Jan 30 12:10:41 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D784416A4D0; Fri, 30 Jan 2004 12:10:40 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91AC016A4CE for ; Fri, 30 Jan 2004 12:10:40 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADE9D43D1D for ; Fri, 30 Jan 2004 12:10:36 -0800 (PST) (envelope-from sam@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i0UKAa0B053323 for ; Fri, 30 Jan 2004 12:10:36 -0800 (PST) (envelope-from sam@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i0UKAamq053320 for perforce@freebsd.org; Fri, 30 Jan 2004 12:10:36 -0800 (PST) (envelope-from sam@freebsd.org) Date: Fri, 30 Jan 2004 12:10:36 -0800 (PST) Message-Id: <200401302010.i0UKAamq053320@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to sam@freebsd.org using -f From: Sam Leffler To: Perforce Change Reviews Subject: PERFORCE change 46223 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jan 2004 20:10:41 -0000 http://perforce.freebsd.org/chv.cgi?CH=46223 Change 46223 by sam@sam_ebb on 2004/01/30 12:09:35 o change pspoll handling to reflect replacement of ni_pwrsave by ni_flags (with power save flag chosen to be identical to frame bit to simplify checking on the input path) o move bpf tap at the 802.11 layer to be after fragment reassembly; the idea is that radiotap handles "raw frames" at the driver level and the 802.11-level tap provides reassembled and decrypted frames (based on discussion with David Young) o add 802.1x check to reject data frames received prior to port authentication Affected files ... .. //depot/projects/netperf+sockets/sys/net80211/ieee80211_input.c#10 edit Differences ... ==== //depot/projects/netperf+sockets/sys/net80211/ieee80211_input.c#10 (text+ko) ==== @@ -202,31 +202,33 @@ ni->ni_inact = 0; } - if (ic->ic_set_tim != NULL && - (wh->i_fc[1] & IEEE80211_FC1_PWR_MGT) - && ni->ni_pwrsave == 0) { - /* turn on power save mode */ + /* + * Check for ps-poll state change for the station. + * XXX is there a response when pspoll is not supported? + */ + if (ic->ic_opmode == IEEE80211_M_HOSTAP && + ic->ic_set_tim != NULL && + ((wh->i_fc[1] & IEEE80211_FC1_PWR_MGT) ^ + (ni->ni_flags & IEEE80211_NODE_PWR_MGT))) { + /* XXX statistics? */ IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, - ("power save mode on for %s\n", + ("power save mode %s for %s\n", + (wh->i_fc[1] & IEEE80211_FC1_PWR_MGT ? "on" : "off"), ether_sprintf(wh->i_addr2))); - ni->ni_pwrsave = IEEE80211_PS_SLEEP; - } - if (ic->ic_set_tim != NULL && - (wh->i_fc[1] & IEEE80211_FC1_PWR_MGT) == 0 && - ni->ni_pwrsave != 0) { - /* turn off power save mode, dequeue stored packets */ - ni->ni_pwrsave = 0; - if (ic->ic_set_tim) - ic->ic_set_tim(ic, ni->ni_associd, 0); - IEEE80211_DPRINTF(ic, IEEE80211_MSG_POWER, - ("power save mode off for %s\n", - ether_sprintf(wh->i_addr2))); - while (!_IF_QLEN(&ni->ni_savedq) != 0) { - struct mbuf *m0; - IF_DEQUEUE(&ni->ni_savedq, m0); - /* XXX need different driver interface */ - IF_ENQUEUE(&ic->ic_pwrsaveq, m); - (*ifp->if_start)(ifp); + if ((wh->i_fc[1] & IEEE80211_FC1_PWR_MGT) == 0) { + /* turn off power save mode, dequeue stored packets */ + ni->ni_flags &= ~IEEE80211_NODE_PWR_MGT; + (*ic->ic_set_tim)(ic, ni->ni_associd, 0); + while (!_IF_QLEN(&ni->ni_savedq) != 0) { + struct mbuf *m0; + IF_DEQUEUE(&ni->ni_savedq, m0); + /* XXX need different driver interface */ + IF_ENQUEUE(&ic->ic_pwrsaveq, m); + (*ifp->if_start)(ifp); + } + } else { + /* turn on power save mode */ + ni->ni_flags |= IEEE80211_NODE_PWR_MGT; } } @@ -292,11 +294,29 @@ ic->ic_stats.is_rx_notassoc++; goto err; } + /* + * When station is to be authenticated with 802.1x + * deny any data frames until authentication has + * been completed. + */ + if (ni->ni_authmode == IEEE80211_AUTH_8021X && + (ni->ni_flags & IEEE80211_NODE_AUTH) == 0) { + IEEE80211_DPRINTF(ic, IEEE80211_MSG_INPUT, + ("%s: data from unauthenticated src %s\n", + __func__, ether_sprintf(wh->i_addr2))); + ieee80211_unref_node(&ni); + ic->ic_stats.is_rx_not1xauth++; + /* XXX node statistic */ + goto err; + } break; case IEEE80211_M_MONITOR: break; } if (wh->i_fc[1] & IEEE80211_FC1_WEP) { + /* + * Device didn't handle WEP; do it in software. + */ if (ic->ic_flags & IEEE80211_F_WEPON) { m = ieee80211_wep_crypt(ic, m, 0); if (m == NULL) { @@ -309,16 +329,19 @@ goto out; } } - /* copy to listener after decrypt */ - if (ic->ic_rawbpf) - bpf_mtap(ic->ic_rawbpf, m); - /* XXX tap before or after defrag? */ m = ieee80211_defrag(ic, ni, m); if (m == NULL) { /* XXX statistic */ /* Fragment dropped or frame not complete yet */ goto out; } + /* + * Copy to listener after decrypt and defrag. + * If someone wants fragments they can tap at + * the driver level. + */ + if (ic->ic_rawbpf) + bpf_mtap(ic->ic_rawbpf, m); m = ieee80211_decap(ic, m); if (m == NULL) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_INPUT,