Massive 802_11 XRATE bug fixing.
- Correct ieee80211_fix_rate(IEEE80211_F_DODEL) operation by entering
IEEE80211_F_DONEGO code segment but avoiding real negotiation.
- In ieee80211_fix_rate(), remove duplicated rates if rate set is to
be sorted. This should be enough to protect us against maliciously
minted 802.11 management frames which contain supported rate and
extended supported rate ies. [*]
- In ieee80211_sta_join(), call ieee80211_fix_rate(IEEE80211_F_DODEL),
if the wireless NIC operates in STA mode. So drivers can depend on
ieee80211com.ic_bss's ni_rates even before entering RUN state, this
is *very important* for certain driver e.g. iwi(4) [*].
- Add ic_nbasicrates in ieee80211com, which records the number of
basic rates in the current BSS. [1]
- Add a new function ieee80211_copy_basicrates(). This function is
used to propagate IEEE80211_RATE_BASIC bit from second parameter
to the first parameter. It will return number of basic rates in
the second parameter. It is called in ieee80211_sta_join() to
properly setup basic rates in ieee80211com.ic_sup_rates and
ieee80211com.ic_nbasicrates. [2]
- Introduce extra parameter to ieee80211_setup_rates() and
ieee80211_fix_rate().
This parameter only affects how IEEE80211_F_DONEGO is done.
Adjust IEEE80211_F_DONEGO behavior after introducing this parameter:
If the new parameter is 1, then the negotiation is performed on the
behalf of a STA which wants to join either an infrastructured or an
independent BSS, and the rate set going to be negotiated is the BSS's
supported rate set:
o Don't overwrite the BSS basic rate set. So drivers and TX rate
control algorithm can have knowledge of the BSS basic rate set and
can do various setting accordingly.
o Avoid joining the BSS, if certain rates in the BSS basic rate set
are not supported.
If the new parameter is 0, then the negotiation is performed on the
behalf of a HOSTAP, or a STA that already joined/started an independent
BSS, and the rate set going to be negotiated is peer STA's supported
rate set:
o Overwrite the basic rates of peer STA's supported rate set with
basic rates in ieee80211com.ic_sup_rates, which is set up properly
in ieee80211_sta_join() by ieee80211_copy_basicrates() (see [2]),
so TX rate control algorithm can act accordingly.
o If the current operation mode is IEEE80211_M_HOSTAP, use a counter
to bookkeep how many basic rates got overwritten during negotiation.
If at the end of the negotiation the counter is less than
ieee80211com.ic_nbasicrates (see [1] and [2]), then it means that
the peer STA does not support certain rates in our basic rate set.
This kind of STA should not be allowed to join the current BSS.
This prevention mechanism should be more straightforword than the
old one in ieee80211_recv_mgmt(), nuke the old prevention mechanism
after this change.
- In ieee80211_init_neighbor(), do full rate set negotiation, so nodes
created by ieee80211_add_neighbor() or ieee80211_fakeup_adhoc_node(),
will not contain rates that the wireless NIC does not support.
- In ieee80211_{beacon,probe_resp}_alloc(), use ieee80211com.ic_sup_rates
to setup supported rates and extended supported rates ie, instead of
using ieee80211com.ic_bss's ni_rates. So two 11g STAs in a 11g/11b
mixed IBSS can comunicate with each other using OFDM rates, given proper
protection, like RTS-CTS/CTS-to-self, is applied. [**]
- In ieee80211_send_mgmt(), use ieee80211com.ic_sup_rates to create
supported rates and extended supported rates ie of (re)association
response. So these ies are consistent with what's in beacon and probe
response. [**]
- In ieee80211_send_mgmt(), use ieee80211_probe_resp_alloc() to create
frame body of probe response.
- Add more XRATE debug messages.
#
# [*] Details:
# http://lists.freebsd.org/pipermail/freebsd-current/2006-October/066679.html
#
# [**] Basic rates in ieee80211com.ic_sup_rates are set beforehand (see [2])
#
projects / dragonfly.git / commit