ieee80211_input can receive cloned skb from the bridge layer, and thus makes copies to modify and use. The original was being freed immediately upon copying. The problem is that when you issue ANY response other than NETDEV_TX_OK the skb is returned to the kernel queue. So, basically there were wild pointers to skb in the skb queue, and these skb were being re-used by other applications and drivers - resulting in crashes all over the place.
With this new logic, we keep the original around until we know whether or not we will requeue it NETDEV_TX_BUSY or consume it NETDEV_TX_OK and we correctly free the skb only when appropriate.
We also get rid of the net80211_input_all function which was doing a bunch of unnecessary (and broken) copies and noe updates.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3501 0192ed92-7a03-0410-a25b-9323aeb14dbd
When CABQ transfer finishes, HAL reports the queue as inactive. Thus, if
we switch modes or change state the CABQ can be left with some ath_buf
referenced by it. The changes in this patch cause the CABQ to be checked
at DTIM even when no multicast is pending for the VAP and if "stalled"
then the queue is drained.
A subsequent patch will fix the tx tasklet logic for CABQ.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3499 0192ed92-7a03-0410-a25b-9323aeb14dbd
* Updated register dump based on ath5k database (refresh the list)
* Added a generic debug iwpriv delegation method to if_ath
* Added some functions to help diagnose lost ath_buf pointers
[resultant fixes will be checked in subsequent commits]
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3497 0192ed92-7a03-0410-a25b-9323aeb14dbd
The convention for this function ieee80211_pwrsave is to consume the SKB and either
queue it or free it. Also switch some SKB_CB(...)->ni to SKB_NI(...)
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3491 0192ed92-7a03-0410-a25b-9323aeb14dbd
1) Move all debug preprocessor flags out into make files
2) Add support for remaining preprocessor flags to be set by ENV variables
3) Add support for HAL tracing to include device name
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3481 0192ed92-7a03-0410-a25b-9323aeb14dbd
The need to use software instead of hardware for beacon timers in AP+STA mode (aka nosbeacon) is now just determined in software, as we always knew whether or not to enable this.
The confusing bssid and -bssid parameters are now deprecated.
The "uniquebssid" flag is equivalent to "bssid" and can be used to force IEEE80211_CLONE_BSSID flag. If this is not specified, then the BSSID used will be the next unused BSSID in the sequence, which could very well be the parent device's MAC address.
"uniquebssid" equates directly to IEEE80211_CLONE_BSSID" flag therefore.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3476 0192ed92-7a03-0410-a25b-9323aeb14dbd
* Restructure one set of control blocks into a more readable form
* Add some additional debug output
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3456 0192ed92-7a03-0410-a25b-9323aeb14dbd
This changeset adds a node statistic. If this is not liked, I encourage it to be fixed; I might learn something.
Thanks nbd.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3334 0192ed92-7a03-0410-a25b-9323aeb14dbd
So, ccmp_attach is called for each new key. Hence, only try to allocate a software context if IEEE80211_KEY_SWCRYPT is specified. Also, if we need a software context and fail, fail immediately; thus, the check in ccmp_setkey can be eleminated, as it is not actually a separate condition.
I think that when I touched this last, I was confused about the purpose of ccmp_attach.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3322 0192ed92-7a03-0410-a25b-9323aeb14dbd
time in ms, or the number of beacons for the
beacon miss alarm. If we haven't had a beacon
in this period, the alarm is sounded and
action (i.e. roaming) is taken.
This patch changes the storage of the beacon
miss threshold to integral beacon count but
corrects the previous intent.
The default beacon miss alarm is going to be
850ms which is half way between the two hard
coded limits that were there before.
The old hard coded limits assumed that the
beacon interval was 100ms and set the limit to
10 (1000ms) for software beacon miss timer
and 7 for hardware beacon miss timer.
The new default is 850ms (the midpoint between
the two previous defaults). This value is rounded
up to the next nearest beacon interval.
There is no upper bound on the beacon miss
threshold specified, since it may need to be
wildly inflated with 25ms beacon interval, or
wildly reduced with 1000ms beacon interval.
The minimum is still 2 beacons, regardless of
the beacon interval.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3314 0192ed92-7a03-0410-a25b-9323aeb14dbd
* Based on patches from nbd
* av_beacon_alloc code has been reimplemented using atomic bit operations; I think this is safe for SMP
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3310 0192ed92-7a03-0410-a25b-9323aeb14dbd
messages from 1000 to 192 and drop the length
needed to display the [atomic] node count.
Slamming this much data on the stack can cause
stack overflows with 4k stacks quite easily,
especially when hard interrupts occur and
extend a stack that is already almost full.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3307 0192ed92-7a03-0410-a25b-9323aeb14dbd
count of the new bss node. The allocation
function gives us a reference. With this extra
reference, every invocation of reset_bss was
causing a leak of one node ~4kb every time the
interface was brought back up (or the BSS was reset
for other reasons).
This fixes ticket #1682. I can run ifconfig down/up
cycle for a long time. I'll run it overnight next
to be sure.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3301 0192ed92-7a03-0410-a25b-9323aeb14dbd
node in the node table. The node reference was
being taken in any path where the wds node was found
and not just when the wds node was first added.
This would have caused wds nodes to get inflated
reference counts, and be leaked on bss reset when
nodes were flushed from the node tables.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3300 0192ed92-7a03-0410-a25b-9323aeb14dbd
copy of the bss node is used to send a message
we need to make sure all code paths release
it when done. This bug combined with repeated
auth failures would cause node references to
grow with every failure. Then, if you were
taking down the interface and bringing it back
up you would leak one page (4kb) every time the
the node table was flushed on transition to UP.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3299 0192ed92-7a03-0410-a25b-9323aeb14dbd
This changes some iwpriv names, because I believe they will be more readily usable and understandable
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3279 0192ed92-7a03-0410-a25b-9323aeb14dbd
symbol names to their corresponding HAL function names (ah.h)
- Add a script to generate a SED script from the current HAL (ah.h)
that will replace instances of obfuscated names with the correct names.
- Add the SED script for cleaning up text containing obfuscated function names for the current HAL
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3244 0192ed92-7a03-0410-a25b-9323aeb14dbd
avoid hitting the size limitations of wireless extensions. wext is a real pain.
Now the values are stored in ic_chan_non_occupy[] instead.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3207 0192ed92-7a03-0410-a25b-9323aeb14dbd
* Lots of coding style and formatting, tedious and annoying
* Quite a few bad merges as far as I can tell; at least one of which was serious - reintroduced a leak
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3202 0192ed92-7a03-0410-a25b-9323aeb14dbd
The symptom would be fragments of 802.11 header showing up in the ethernet header because of skb header offsets being corrupted by MadWifi devices on lower ports which then get forwarded as-is to wired ports.
Sorry for the lame explanation, but the short end of the story is that you have to copy the skb before you modify it if you are going to play nice with bridging.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3146 0192ed92-7a03-0410-a25b-9323aeb14dbd
I've fixed the logic so that multicast is dropped, with an error when disabled. I don't think this is a valid configuration. Also, we don't skip the filtering logic so that our own multicast traffic doesn't come back to us (looking like a bridging loop).
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3132 0192ed92-7a03-0410-a25b-9323aeb14dbd
hard_start_xmit() functions must either return NETDEV_TX_OK or
NETDEV_TX_BUSY (they might also return negative errno values as well,
like -ENETDOWN)
Correct a small missing static reported by sparse
This revert part of r3075
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3123 0192ed92-7a03-0410-a25b-9323aeb14dbd
Revert to the same API/ABI for crypto (used by hostapd/wpa_supplicant)
as used in 0.9.3.3. Tested with hostapd & wpa_supplicant.
Fixed a minor error in athkey usage display
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3110 0192ed92-7a03-0410-a25b-9323aeb14dbd
from the madwifi-dfs branch (benoit) r3086
Added MAC_FMT & MAC_ADDR macros that can be used as a drop-in
replacement for ether_sprintf(). Fixed some use of ether_sprintf() that
uses the same static buffer twice.
- Without the functional changes.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3091 0192ed92-7a03-0410-a25b-9323aeb14dbd
* packets dropped in ath_hardstart are cleaned up there, so cleaning up in parent_queue_xmit is an error
* packets in ieee80211_pwrsave must always have a reference in the cb, so it is better that is fails noisily otherwise
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3074 0192ed92-7a03-0410-a25b-9323aeb14dbd
arguments are boolean.
Originally the arguments were converted to booleans, but r2345 removed
this conversion. I've added the conversion to booleans back again and
removed the use of XOR as it's confusing and unnecessary.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3062 0192ed92-7a03-0410-a25b-9323aeb14dbd
They are of no use, because they are not updated as the developmnet
continues. It's better to have a single version for MadWifi.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3039 0192ed92-7a03-0410-a25b-9323aeb14dbd
places where we could use vap->iv_bss->ni_bssid instead of ni->ni_bssid but i'm
not sure about the other ones.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3036 0192ed92-7a03-0410-a25b-9323aeb14dbd
We were setting this field to 0 as we had no easy way of determining
what TX power was used to transmit a frame. However, by including this
field and setting it to 0dBm we are saying that each frame is being
transmitted at 1mW, which is incorrect. Better to simply not write the
field at all, however this introduces the need for padding in the TX
header to ensure that the TX_FLAGS field is aligned to a 16-bit
boundary.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3014 0192ed92-7a03-0410-a25b-9323aeb14dbd
* Remove comments that merely duplicate the code (i.e., they don't provide information on Why or explain the opaque)
* Rename some variable for consistency
* Line length -> 80 chars
* Reorder non-dependent code blocks in a function to make it more readable (at least to me)
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3003 0192ed92-7a03-0410-a25b-9323aeb14dbd
beacons and management frames.
this includes benoits r2993 (from dfs branch) and the patch i sent to the list
for review a couple of days ago.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@3002 0192ed92-7a03-0410-a25b-9323aeb14dbd
ARRAY_SIZE is present in all kernel versions we support. Use it instead
of other definitions. Define ARRAY_SIZE in the userspace tools as well.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@2988 0192ed92-7a03-0410-a25b-9323aeb14dbd
Split skb and node debug flags - one ending in _ref tracks minute changes to reference counts, while the non _ref flag trackes more coarse grained debug events.
Fix a node reference leak before skb_orphan detected by the debug destructor.
Fix debug flag display order for athdebug and 80211debug so that the shorter
name comes first and matches, otherwise only the _ref flags match.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@2964 0192ed92-7a03-0410-a25b-9323aeb14dbd
Preprocessor flag now used to toggle printk output prior to blocking on
a spinlock.
There is of course a chance that the spinlock will be taken between the time we check it and print our little message, but this should still be of some assistance troubleshoot locking mistakes that come up in the future.
If you turn on the flag, you can find out what locks are being contended for and from which functions... i.e. ath_intr fights for a particular lock, etc.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@2944 0192ed92-7a03-0410-a25b-9323aeb14dbd
* Counters for total outstanding instances for each resource type (skb, ath_node and ath_buf)
* One pair of acquisition/release functions per resource type in unlocked and one in locked
* Adds some more _debug versions of functions in the call chain that acquire/release resources so that the original func/line in the driver as well as the func/line that affected the resource use can be shown in the trace. Intermediate stack frames aren't necessary to trace the leaks.
* Changes naming convention for "lock-required" functions to suffix _locked for the versions that expect locking, to be consistent with some other places in the code.
* Consolidate debug messages to the helper functions that actually affect the reference count or acquire/release a resource
* Additional sanity checks and leak detection (esp for detecting node ref leaks through skb)
* skb references are nulled out by the new sbk unref/free function.
I've tested these changes extensively and found lots of cases where we didn't get enough node references when cloning skbuff, and where the kernel drops packets due to performance issues and leaks our node references.
With these changes and the tracing enabled I have verified that:
* TX BUF: tx buffers always go down to zero when the tx queue is done, and you can watch tx queue usage ratio go up and down again as the driver is working. There are no leaks here at the moment, although there *are* some in the madwifi-dfs branch during CAC at the moment.
* skbuff leaks in all the common flows are fixed. We were leaking node references in a lot of places where kernel was dropping skb's due to congestion and we were failing to increment node references when cloning skbuffs. These are now detected, as are skbuffs that are reaped by the kernel while still holding a node reference.
* the ath_node count works correctly and on an idle system we get about 5 references per station table node, with 2 node instances per VAP. One for the bss and one for the node in the station table, I believe. The ath_node count goes up and down but always lands back at the stable number based on the vaps you have configured and the number of actual stations in the station table. The point here is that it's pretty constant what you will see over time, despite excessive node creation/release in our code during input (esp input_all). Thank god for the slab allocator.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@2902 0192ed92-7a03-0410-a25b-9323aeb14dbd
Move the outer ni_tmp in ieee80211_deliver_data() to the scope where
it's used. Don't set it to NULL, it goes out of scope and cannot be
used elsewhere.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@2901 0192ed92-7a03-0410-a25b-9323aeb14dbd
Refcount fix for skb_clone/etc where we were not keeping reference counter matching the number of skbuff instances and were not having enough references.
git-svn-id: http://madwifi-project.org/svn/madwifi/trunk@2894 0192ed92-7a03-0410-a25b-9323aeb14dbd
