Changeset View
Standalone View
sys/dev/wtap/if_wtap.c
Show First 20 Lines • Show All 296 Lines • ▼ Show 20 Lines | wtap_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg) | ||||
if (nstate == IEEE80211_S_RUN) { | if (nstate == IEEE80211_S_RUN) { | ||||
/* NB: collect bss node again, it may have changed */ | /* NB: collect bss node again, it may have changed */ | ||||
ieee80211_free_node(ni); | ieee80211_free_node(ni); | ||||
ni = ieee80211_ref_node(vap->iv_bss); | ni = ieee80211_ref_node(vap->iv_bss); | ||||
switch (vap->iv_opmode) { | switch (vap->iv_opmode) { | ||||
case IEEE80211_M_IBSS: | case IEEE80211_M_IBSS: | ||||
case IEEE80211_M_MBSS: | case IEEE80211_M_MBSS: | ||||
case IEEE80211_M_HOSTAP: | |||||
/* | /* | ||||
* Stop any previous beacon callout. This may be | * Stop any previous beacon callout. This may be | ||||
* necessary, for example, when an ibss merge | * necessary, for example, when an ibss merge | ||||
* causes reconfiguration; there will be a state | * causes reconfiguration; there will be a state | ||||
* transition from RUN->RUN that means we may | * transition from RUN->RUN that means we may | ||||
* be called with beacon transmission active. | * be called with beacon transmission active. | ||||
*/ | */ | ||||
callout_stop(&avp->av_swba); | callout_stop(&avp->av_swba); | ||||
▲ Show 20 Lines • Show All 108 Lines • ▼ Show 20 Lines | |||||
} | } | ||||
static void | static void | ||||
wtap_parent(struct ieee80211com *ic) | wtap_parent(struct ieee80211com *ic) | ||||
{ | { | ||||
struct wtap_softc *sc = ic->ic_softc; | struct wtap_softc *sc = ic->ic_softc; | ||||
if (ic->ic_nrunning > 0) { | if (ic->ic_nrunning > 0) { | ||||
/* | |||||
bz: What is this pause for? Simulate delay or wait on something else? | |||||
Done Inline Actions
I have added comments, sorry for lack of explanation. enweiwu: > What is this pause for? Simulate delay or wait on something else?
I have added comments… | |||||
* There is a race of issuing scanning process between | |||||
* IF UP and wpa_supplicant(8). The pause() here is to | |||||
* delay the issuing of scanning process in IF up | |||||
* and let wpa_supplicant(8) win the race. (so the scan | |||||
* request and scan flags in wpa_supplicant(8) can pass | |||||
* into net80211 and take effect) | |||||
*/ | |||||
pause("wtap_parent", hz); | |||||
sc->up = 1; | sc->up = 1; | ||||
ieee80211_start_all(ic); | ieee80211_start_all(ic); | ||||
} else | } else | ||||
sc->up = 0; | sc->up = 0; | ||||
} | } | ||||
static void | static void | ||||
wtap_scan_start(struct ieee80211com *ic) | wtap_scan_start(struct ieee80211com *ic) | ||||
Show All 26 Lines | |||||
wtap_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, | wtap_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, | ||||
const struct ieee80211_bpf_params *params) | const struct ieee80211_bpf_params *params) | ||||
{ | { | ||||
#if 0 | #if 0 | ||||
DWTAP_PRINTF("%s, %p\n", __func__, m); | DWTAP_PRINTF("%s, %p\n", __func__, m); | ||||
#endif | #endif | ||||
struct ieee80211vap *vap = ni->ni_vap; | struct ieee80211vap *vap = ni->ni_vap; | ||||
struct wtap_vap *avp = WTAP_VAP(vap); | struct wtap_vap *avp = WTAP_VAP(vap); | ||||
struct wtap_softc *sc = vap->iv_ic->ic_softc; | |||||
struct ieee80211_frame *wh; | |||||
Not Done Inline ActionsPlease use a tab between`struct ieee80211_frame` and *wh; lwhsu: Please use a tab between`struct ieee80211_frame` and `*wh;` | |||||
int subtype, tsf; | |||||
Not Done Inline ActionsWithout more context here, this looks like it's writing something somewhere. Are we sure we are not overwriting anything and still write into valid memory? wh probably already points to the right place from line 477? bz: Without more context here, this looks like it's writing something somewhere. Are we sure we… | |||||
Done Inline Actions
I'm inserting a TSF timer into the timestamp field in a probe response, which is the mandatory field. I think maybe I should do the boundary check to avoid malicious probe response. enweiwu: > Without more context here, this looks like it's writing something somewhere. Are we sure we… | |||||
wh = mtod(m, struct ieee80211_frame *); | |||||
subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; | |||||
/* Insert TSFT if the frame is a probe response */ | |||||
if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) { | |||||
Not Done Inline ActionsPlease be aware of that there is a trailing space. lwhsu: Please be aware of that there is a trailing space. | |||||
tsf = wtap_hal_get_tsf(sc->hal); | |||||
adrianUnsubmitted Not Done Inline ActionsHm, is there no net80211 routine to update the TSF in a frame that has one? We should likely go add one. adrian: Hm, is there no net80211 routine to update the TSF in a frame that has one? We should likely go… | |||||
wh = mtod(m, struct ieee80211_frame *); | |||||
memcpy(&wh[1], &tsf, sizeof(tsf)); | |||||
} | |||||
if (ieee80211_radiotap_active_vap(vap)) { | if (ieee80211_radiotap_active_vap(vap)) { | ||||
ieee80211_radiotap_tx(vap, m); | ieee80211_radiotap_tx(vap, m); | ||||
} | } | ||||
if (m->m_flags & M_TXCB) | if (m->m_flags & M_TXCB) | ||||
ieee80211_process_callback(ni, m, 0); | ieee80211_process_callback(ni, m, 0); | ||||
ieee80211_free_node(ni); | ieee80211_free_node(ni); | ||||
return wtap_medium_enqueue(avp, m); | return wtap_medium_enqueue(avp, m); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 113 Lines • ▼ Show 20 Lines | |||||
static int | static int | ||||
wtap_transmit(struct ieee80211com *ic, struct mbuf *m) | wtap_transmit(struct ieee80211com *ic, struct mbuf *m) | ||||
{ | { | ||||
struct ieee80211_node *ni = | struct ieee80211_node *ni = | ||||
(struct ieee80211_node *) m->m_pkthdr.rcvif; | (struct ieee80211_node *) m->m_pkthdr.rcvif; | ||||
struct ieee80211vap *vap = ni->ni_vap; | struct ieee80211vap *vap = ni->ni_vap; | ||||
struct wtap_vap *avp = WTAP_VAP(vap); | struct wtap_vap *avp = WTAP_VAP(vap); | ||||
struct ieee80211_key *k = NULL; | |||||
struct ieee80211_frame *wh = NULL; | |||||
if(ni == NULL){ | if(ni == NULL){ | ||||
printf("m->m_pkthdr.rcvif is NULL we cant radiotap_tx\n"); | printf("m->m_pkthdr.rcvif is NULL we cant radiotap_tx\n"); | ||||
}else{ | }else{ | ||||
wh = mtod(m, struct ieee80211_frame *); | |||||
if (IEEE80211_IS_PROTECTED(wh)) { | |||||
k = ieee80211_crypto_encap(ni, m); | |||||
/* | |||||
Not Done Inline ActionsWhat happens with the mbuf in that case? bz: What happens with the mbuf in that case? | |||||
* This can happen when the key is yanked after the | |||||
* frame was queued. Just discard the frame; the | |||||
* 802.11 layer counts failures and provides | |||||
* debugging/diagnostics. | |||||
*/ | |||||
if (k == NULL) { | |||||
m_free(m); | |||||
ieee80211_free_node(ni); | |||||
return 0; | |||||
} | |||||
} | |||||
if (ieee80211_radiotap_active_vap(vap)) | if (ieee80211_radiotap_active_vap(vap)) | ||||
ieee80211_radiotap_tx(vap, m); | ieee80211_radiotap_tx(vap, m); | ||||
} | } | ||||
if (m->m_flags & M_TXCB) | if (m->m_flags & M_TXCB) | ||||
ieee80211_process_callback(ni, m, 0); | ieee80211_process_callback(ni, m, 0); | ||||
ieee80211_free_node(ni); | ieee80211_free_node(ni); | ||||
return wtap_medium_enqueue(avp, m); | return wtap_medium_enqueue(avp, m); | ||||
} | } | ||||
Show All 29 Lines | |||||
{ | { | ||||
struct ieee80211com *ic = &sc->sc_ic; | struct ieee80211com *ic = &sc->sc_ic; | ||||
DWTAP_PRINTF("%s\n", __func__); | DWTAP_PRINTF("%s\n", __func__); | ||||
sc->up = 0; | sc->up = 0; | ||||
STAILQ_INIT(&sc->sc_rxbuf); | STAILQ_INIT(&sc->sc_rxbuf); | ||||
sc->sc_tq = taskqueue_create("wtap_taskq", M_NOWAIT | M_ZERO, | sc->sc_tq = taskqueue_create("wtap_taskq", M_NOWAIT | M_ZERO, | ||||
taskqueue_thread_enqueue, &sc->sc_tq); | taskqueue_thread_enqueue, &sc->sc_tq); | ||||
Not Done Inline ActionsIndentation seems odd in Phabricator? bz: Indentation seems odd in Phabricator? | |||||
taskqueue_start_threads(&sc->sc_tq, 1, PI_SOFT, "%s taskQ", sc->name); | taskqueue_start_threads(&sc->sc_tq, 1, PI_SOFT, "%s taskQ", sc->name); | ||||
NET_TASK_INIT(&sc->sc_rxtask, 0, wtap_rx_proc, sc); | NET_TASK_INIT(&sc->sc_rxtask, 0, wtap_rx_proc, sc); | ||||
ic->ic_softc = sc; | ic->ic_softc = sc; | ||||
ic->ic_name = sc->name; | ic->ic_name = sc->name; | ||||
ic->ic_phytype = IEEE80211_T_DS; | ic->ic_phytype = IEEE80211_T_DS; | ||||
ic->ic_opmode = IEEE80211_M_MBSS; | ic->ic_opmode = IEEE80211_M_MBSS; | ||||
ic->ic_caps = IEEE80211_C_MBSS | IEEE80211_C_IBSS; | ic->ic_caps = | ||||
IEEE80211_C_MBSS /* mesh point link mode */ | |||||
| IEEE80211_C_IBSS /* ibss, nee adhoc, mode */ | |||||
| IEEE80211_C_STA /* station mode */ | |||||
| IEEE80211_C_HOSTAP /* hostap mode */ | |||||
| IEEE80211_C_WPA; /* capable of WPA1+WPA2 */ | |||||
ic->ic_max_keyix = 128; /* A value read from Atheros ATH_KEYMAX */ | ic->ic_max_keyix = 128; /* A value read from Atheros ATH_KEYMAX */ | ||||
ic->ic_regdomain.regdomain = SKU_ETSI; | ic->ic_regdomain.regdomain = SKU_ETSI; | ||||
ic->ic_regdomain.country = CTRY_SWEDEN; | ic->ic_regdomain.country = CTRY_SWEDEN; | ||||
ic->ic_regdomain.location = 1; /* Indoors */ | ic->ic_regdomain.location = 1; /* Indoors */ | ||||
ic->ic_regdomain.isocc[0] = 'S'; | ic->ic_regdomain.isocc[0] = 'S'; | ||||
ic->ic_regdomain.isocc[1] = 'E'; | ic->ic_regdomain.isocc[1] = 'E'; | ||||
▲ Show 20 Lines • Show All 97 Lines • Show Last 20 Lines |
What is this pause for? Simulate delay or wait on something else?