Ticket #907: madwifi-refcnt.9.diff

net80211/ieee80211_node.c

@@ -65 +65 @@
-#define IEEE80211_AID_ISSET(_vap, _b) \
-        ((_vap)->iv_aid_bitmap[IEEE80211_AID(_b) / 32] & (1 << (IEEE80211_AID(_b) % 32)))
-
+static struct ieee80211_node *ieee80211_alloc_node(struct ieee80211vap *, const u_int8_t *);
+
-static int ieee80211_sta_join1(struct ieee80211_node *);
-
-
-
+
-static void node_cleanup(struct ieee80211_node *);
-static void node_free(struct ieee80211_node *);
-static u_int8_t node_getrssi(const struct ieee80211_node *);
-
-ieee80211_free_node(
-node_reclaim(struct ieee80211_node_table *, struct ieee80211_node
+node_table_leave(struct ieee80211_node_table *, 
+_node_table_join(struct ieee80211_node_table *, struct ieee80211_node 
-
-static void ieee80211_node_timeout(unsigned long);
-
@@ -194 +195 @@
-
-        ieee80211_node_table_reset(&ic->ic_sta, vap);
-        if (vap->iv_bss != NULL) {
-
-
+
-        }
-        if (vap->iv_aid_bitmap != NULL) {
-                FREE(vap->iv_aid_bitmap, M_DEVBUF);
@@ -263 +263 @@
-                "%s: creating ibss on channel %u\n", __func__,
-                ieee80211_chan2ieee(ic, chan));
-
-
+
+
+
-        ni = ieee80211_find_node(&ic->ic_sta, vap->iv_myaddr);
-        if (ni == NULL) {
-(&ic->ic_sta, 
+_table(
-                if (ni == NULL) {
-                        /* XXX recovery? */
-                        return;
-                }
-        }
-        else
-                ieee80211_free_node(ni);
-
-        IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, "%s: %p<%s> refcnt %d\n",
-                __func__, vap->iv_bss, ether_sprintf(vap->iv_bss->ni_macaddr),
@@ -345 +345 @@
-        else if (IEEE80211_IS_CHAN_QUARTER(chan))
-                ni->ni_rates = ic->ic_sup_quarter_rates;
-
-ieee80211_ref_node
+PASS_NODE
-}
-EXPORT_SYMBOL(ieee80211_create_ibss);
-
@@ -369 +369 @@
-        /* XXX multi-bss wrong */
-        ieee80211_reset_erp(ic, ic->ic_curmode);
-
-(&ic->ic_sta, 
+_table(
-        KASSERT(ni != NULL, ("unable to setup inital BSS node"));
-        obss = vap->iv_bss;
+        // Caller's reference
-        vap->iv_bss = ieee80211_ref_node(ni);
-
-        IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, "%s: new bss %p<%s> refcnt %d\n",
@@ -381 +382 @@
-        if (obss != NULL) {
-                copy_bss(ni, obss);
-                ni->ni_intval = ic->ic_lintval;
-
+
+
-        }
-}
-
@@ -587 +589 @@
-                vap->iv_state == IEEE80211_S_RUN && ssid_equal(obss, selbs));
-        vap->iv_bss = selbs;
-        if (obss != NULL)
-free_node(
+unref_node(&
-        ic->ic_bsschan = selbs->ni_chan;
-        ic->ic_curchan = ic->ic_bsschan;
-        ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan);
@@ -644 +646 @@
-
-        ni = ieee80211_find_node(&ic->ic_sta, se->se_macaddr);
-        if (ni == NULL) {
-(&ic->ic_sta, 
+_table(
-                if (ni == NULL) {
-                        /* XXX msg */
-                        return 0;
-                }
-
-
+
-
-        /*
-         * Expand scan state into node's format.
-         * XXX may not need all this stuff
-         */
-       
+
-        /* inherit the WPA setup as well (structure copy!) */
-        ni->ni_rsn = vap->iv_bss->ni_rsn; 
-        IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid);
@@ -690 +691 @@
-
-        IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 
-        "%s: %p<%s> refcnt %d\n", __func__, ni, ether_sprintf(ni->ni_macaddr), 
-+1
+
-
-ieee80211_ref_node
+PASS_NODE
-}
-EXPORT_SYMBOL(ieee80211_sta_join);
-
@@ -704 +705 @@
-ieee80211_sta_leave(struct ieee80211_node *ni)
-{
-        struct ieee80211vap *vap = ni->ni_vap;
-        struct ieee80211com *ic = vap->iv_ic;
-
-        /* WDS/Repeater: Stop software beacon timer for STA */
-        if (vap->iv_opmode == IEEE80211_M_STA &&
-            vap->iv_flags_ext & IEEE80211_FEXT_SWBMISS) {
-                del_timer(&vap->iv_swbmiss);
-        }
-
-
+
-        ieee80211_notify_node_leave(ni);
-}
-
@@ -721 +720 @@
- */
-
-static void
-
-struct ieee80211_node_table *nt,
+ struct ieee80211_node_table *nt,
+
-{
-        nt->nt_ic = ic;
-
+TABLE_
-        IEEE80211_SCAN_LOCK_INIT(nt, ic->ic_dev->name);
-        TAILQ_INIT(&nt->nt_node);
-        nt->nt_name = name;
@@ -737 +736 @@
-        mod_timer(&nt->nt_wds_aging_timer, jiffies + HZ * WDS_AGING_TIMER_VAL);
-}
-
+static __inline void _node_table_join(struct ieee80211_node_table *nt, struct ieee80211_node *ni) {
+        IEEE80211_NODE_TABLE_LOCK_ASSERT(nt);
+
+        ni->ni_table = nt;
+        TAILQ_INSERT_TAIL(&nt->nt_node, ieee80211_ref_node(ni), ni_list);
+        LIST_INSERT_HEAD(&nt->nt_hash[IEEE80211_NODE_HASH(ni->ni_macaddr)], ni, ni_hash);
+}
+
+static __inline void _node_table_leave(struct ieee80211_node_table *nt, struct ieee80211_node *ni) {
+        struct ieee80211_node *hni;
+        IEEE80211_NODE_TABLE_LOCK_ASSERT(nt);
+        
+        TAILQ_REMOVE(&nt->nt_node, ni, ni_list);
+        LIST_FOREACH(hni, &nt->nt_hash[IEEE80211_NODE_HASH(ni->ni_macaddr)], ni_hash) {
+                LIST_REMOVE(ni, ni_hash);
+        }
+        ni->ni_table = NULL;
+        _ieee80211_unref_node(ni);
+}
+
+/* This is overridden by ath_node_alloc in ath/if_ath.c, and so
+ * should never get called.
+ */
-static struct ieee80211_node *
-_node_table *nt, struct ieee80211
+
-{
-        struct ieee80211_node *ni;
-
@@ -779 +801 @@
-                        IEEE80211_UNLOCK_IRQ(ni->ni_ic);
-                }
-        }
-        /*
-         * Clear AREF flag that marks the authorization refcnt bump
-         * has happened.  This is probably not needed as the node
-         * should always be removed from the table so not found but
-         * do it just in case.
-         */
-        ni->ni_flags &= ~IEEE80211_NODE_AREF;
-
-        /*
-         * Drain power save queue and, if needed, clear TIM.
@@ -794 +809 @@
-                vap->iv_set_tim(ni, 0);
-
-        ni->ni_associd = 0;
-
-
-
-
+
-        /*
-         * Preserve SSID, WPA, and WME ie's so the bss node is
-         * reusable during a re-auth/re-assoc state transition.
@@ -823 +835 @@
-static void
-node_free(struct ieee80211_node *ni)
-{
+#if 0
+        // We should 'cleanup' and then free'ing should be done automatically on decref
-        struct ieee80211com *ic = ni->ni_ic;
-
-        ic->ic_node_cleanup(ni);
+#endif 
+        KASSERT(ieee80211_node_refcnt(ni) == 0, ("node being free whilst still referenced"));
+
+        if (ni->ni_challenge != NULL) 
+                FREE(ni->ni_challenge, M_DEVBUF);
-        if (ni->ni_wpa_ie != NULL)
-                FREE(ni->ni_wpa_ie, M_DEVBUF);
-        if (ni->ni_rsn_ie != NULL)
@@ -835 +854 @@
-        if (ni->ni_ath_ie != NULL)
-                FREE(ni->ni_ath_ie, M_DEVBUF);
-        IEEE80211_NODE_SAVEQ_DESTROY(ni);
+        
-        FREE(ni, M_80211_NODE);
-}
-
@@ -851 +871 @@
- * This interface is not intended for general use, it is
- * used by the routines below to create entries with a
- * specific purpose.
+ * Dont assume a BSS?
- */
-struct ieee80211_node *
-(struct ieee80211_node_table *nt,
-struct ieee80211vap *vap, 
+_table(struct ieee80211vap *vap, 
+
-{
-
+
+
-        struct ieee80211_node *ni;
-        int hash;
-        int i;
-
-
-
-
-
-
-
+
+
+
-
-
-
-
-
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+                ieee80211_node_initref(ni);             /* mark referenced */
+                
+                IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
+                
+                ni->ni_chan = IEEE80211_CHAN_ANYC;
+                ni->ni_authmode = IEEE80211_AUTH_OPEN;
+                ni->ni_txpower = ic->ic_txpowlimit;
+                
+                ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey,
+                        IEEE80211_KEYIX_NONE);
+                ni->ni_ath_defkeyindex = IEEE80211_INVAL_DEFKEY;
+
+                ni->ni_vap = vap;
+                ni->ni_ic = ic;
+        } else {
+                /* XXX msg */
+                vap->iv_stats.is_rx_nodealloc++;
+        }
-        return ni;
-}
-EXPORT_SYMBOL(ieee80211_alloc_node);
-
-/* Add wds address to the node table */
-int
@@ -925 +956 @@
-                wds->wds_agingcount = WDS_AGING_COUNT;
-        hash = IEEE80211_NODE_HASH(macaddr);
-        IEEE80211_ADDR_COPY(wds->wds_macaddr, macaddr);
-ieee80211_ref_node(ni);                /* Reference node */
-wds->wds_ni = ni
-IEEE80211_NODE_LOCK_IRQ(nt
+
+IEEE80211_NODE_TABLE_LOCK_IRQ(nt)
+wds->wds_ni = ieee80211_ref_node(ni
-        LIST_INSERT_HEAD(&nt->nt_wds_hash[hash], wds, wds_hash);
-
+TABLE_
-        return 0;
-}
-EXPORT_SYMBOL(ieee80211_add_wds_addr);
@@ -942 +973 @@
-        struct ieee80211_wds_addr *wds;
-
-        hash = IEEE80211_NODE_HASH(macaddr);
-
+TABLE_
-        LIST_FOREACH(wds, &nt->nt_wds_hash[hash], wds_hash) {
-                if (IEEE80211_ADDR_EQ(wds->wds_macaddr, macaddr)) {
-
-
-
-
-
-
+
+
+
+
-                }
-        }
-
+TABLE_
-}
-EXPORT_SYMBOL(ieee80211_remove_wds_addr);
-
@@ -965 +994 @@
-        int hash;
-        struct ieee80211_wds_addr *wds;
-
-
+TABLE_
-        for (hash = 0; hash < IEEE80211_NODE_HASHSIZE; hash++) {
-                LIST_FOREACH(wds, &nt->nt_wds_hash[hash], wds_hash) {
-                        if (wds->wds_ni == ni) {
-
-
-
-
-
+
+
+
-                        }
-                }
-        }
-
+TABLE_
-}
-EXPORT_SYMBOL(ieee80211_del_wds_node);
-
@@ -988 +1015 @@
-        int hash;
-        struct ieee80211_wds_addr *wds;
-
-
+TABLE_
-        for (hash = 0; hash < IEEE80211_NODE_HASHSIZE; hash++) {
-                LIST_FOREACH(wds, &nt->nt_wds_hash[hash], wds_hash) {
-                        if (wds->wds_agingcount != WDS_AGING_STATIC) {
-                                if (!wds->wds_agingcount) {
-
-
-
-
-
+
+
+
-                                } else
-                                        wds->wds_agingcount--;
-                        }
-                }
-        }
-
+TABLE_
-        mod_timer(&nt->nt_wds_aging_timer, jiffies + HZ * WDS_AGING_TIMER_VAL);
-}
-
-
-/*
- * Craft a temporary node suitable for sending a management frame
- * to the specified station.  We craft only as much state as we
- * need to do the work since the node will be immediately reclaimed
- * once the send completes.
- */
-struct ieee80211_node *
-ieee80211_tmp_node(struct ieee80211vap *vap, const u_int8_t *macaddr)
-{
-        struct ieee80211com *ic = vap->iv_ic;
-        struct ieee80211_node *ni;
-        int i;
-
-        ni = ic->ic_node_alloc(&ic->ic_sta,vap);
-        if (ni != NULL) {
-                IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 
-                "%s: %p<%s> refcnt %d\n", __func__, ni, ether_sprintf(macaddr), 
-                ieee80211_node_refcnt(ni)+1);
-
-                IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr);
-                IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid);
-                ieee80211_node_initref(ni);             /* mark referenced */
-                ni->ni_txpower = vap->iv_bss->ni_txpower;
-                ni->ni_vap = vap;
-                /* NB: required by ieee80211_fix_rate */
-                ieee80211_node_set_chan(ic, ni);
-                ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey,
-                        IEEE80211_KEYIX_NONE);
-                /* XXX optimize away */
-                IEEE80211_NODE_SAVEQ_INIT(ni, "unknown");
-
-                ni->ni_table = NULL;            /* NB: pedantic */
-                ni->ni_ic = ic;
-#define N(a)    (sizeof(a)/sizeof(a[0]))
-                for (i = 0; i < N(ni->ni_rxfrag); i++)
-                        ni->ni_rxfrag[i] = NULL;
-#undef N
-                ni->ni_challenge = NULL;
-        } else {
-                /* XXX msg */
-                vap->iv_stats.is_rx_nodealloc++;
-        }
-        return ni;
-}
-
-/*
- * Add the specified station to the station table.
- */
-struct ieee80211_node *
-
+
+
-{
-        struct ieee80211com *ic = vap->iv_ic;
-        struct ieee80211_node *ni;
-
+
+
+
+
+
+
-
-        ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr);
-        if (ni != NULL) {
-
-
-
-
-
-
+
-                IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid);
-
-
-
-
-
-
+
+
+
+
-        }
-        return ni;
-}
@@ -1085 +1062 @@
-static struct ieee80211_node *
-_ieee80211_find_wds_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr)
-{
-        struct ieee80211_node *ni;
-        struct ieee80211_wds_addr *wds;
-        int hash;
-
+TABLE_
-
-        hash = IEEE80211_NODE_HASH(macaddr);
-        LIST_FOREACH(wds, &nt->nt_wds_hash[hash], wds_hash) {
-                if (IEEE80211_ADDR_EQ(wds->wds_macaddr, macaddr)) {
-                        ni = wds->wds_ni;
-                        if (wds->wds_agingcount != WDS_AGING_STATIC)
-                                wds->wds_agingcount = WDS_AGING_COUNT; /* reset the aging count */
-
-
+
-                }
-        }
-        return NULL;
@@ -1115 +1089 @@
-        int hash;
-        struct ieee80211_wds_addr *wds;
-
-
+TABLE_
-
-        hash = IEEE80211_NODE_HASH(macaddr);
-        LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) {
@@ -1136 +1110 @@
-           nodes. */
-        LIST_FOREACH(wds, &nt->nt_wds_hash[hash], wds_hash) {
-                if (IEEE80211_ADDR_EQ(wds->wds_macaddr, macaddr)) {
-
-
-
+
-                }
-        }
-        return NULL;
@@ -1153 +1125 @@
-{
-        struct ieee80211_node *ni;
-
-
+TABLE_
-        ni = _ieee80211_find_wds_node(nt, macaddr);
-
+TABLE_
-        return ni;
-}
-EXPORT_SYMBOL(ieee80211_find_wds_node);
@@ -1170 +1142 @@
-{
-        struct ieee80211_node *ni;
-
-
+TABLE_
-        ni = _ieee80211_find_node(nt, macaddr);
-
+TABLE_
-        return ni;
-}
-#ifdef IEEE80211_DEBUG_REFCNT
@@ -1195 +1167 @@
-{
-        struct ieee80211_node *ni;
-
-
+, 0
-        if (ni != NULL) {
-                /* XXX no rate negotiation; just dup */
-                ni->ni_rates = vap->iv_bss->ni_rates;
@@ -1218 +1190 @@
- * driver has an opportunity to setup it's private state.
- */
-struct ieee80211_node *
-       
+ 
-        const struct ieee80211_scanparams *sp)
-{
-        struct ieee80211com *ic = vap->iv_ic;
-        struct ieee80211_node *ni;
-
-
-
+
-        if (ni != NULL) {
-                ni->ni_esslen = sp->ssid[1];
-                memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]);
@@ -1300 +1271 @@
-        /* XXX check ic_bss first in station mode */
-        /* XXX 4-address frames? */
-        nt = &ic->ic_sta;
-
+TABLE_
-        if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/)
-                ni = _ieee80211_find_node(nt, wh->i_addr1);
-        else
-                ni = _ieee80211_find_node(nt, wh->i_addr2);
-
+TABLE_
-
-        return ni;
-#undef IS_PSPOLL
@@ -1342 +1313 @@
-
-        /* XXX can't hold lock across dup_bss due to recursive locking */
-        nt = &vap->iv_ic->ic_sta;
-
+TABLE_
-        ni = _ieee80211_find_node(nt, mac);
-
+TABLE_
-
-        if (ni == NULL) {
-                if (vap->iv_opmode == IEEE80211_M_IBSS ||
@@ -1371 +1342 @@
-EXPORT_SYMBOL(ieee80211_find_txnode);
-#endif
-
-
-
-
+
- */
-static 
+
-_ieee80211_free_node(struct ieee80211_node *ni)
-{
-        struct ieee80211vap *vap = ni->ni_vap;
@@ -1389 +1358 @@
-
-        if (vap->iv_aid_bitmap != NULL)
-                IEEE80211_AID_CLR(vap, ni->ni_associd);
-
-
-
-
+
-        vap->iv_ic->ic_node_free(ni);
-}
+EXPORT_SYMBOL(_ieee80211_free_node);
-
-void
-#ifdef IEEE80211_DEBUG_REFCNT
-ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line)
-#else
-ieee80211_free_node(struct ieee80211_node *ni)
-#endif
-{
-        struct ieee80211_node_table *nt = ni->ni_table;
-        struct ieee80211com *ic = ni->ni_ic;
-
-#ifdef IEEE80211_DEBUG_REFCNT
-        IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
-                "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni,
-                 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni) - 1);
-#endif
-        /*
-         * XXX: may need to lock out the following race. we dectestref
-         *      and determine it's time to free the node. between the if()
-         *      and lock, we take an rx intr to receive a frame from this
-         *      node. the rx path (tasklet or intr) bumps this node's
-         *      refcnt and xmits a response frame. eventually that response
-         *      will get reaped, and the reaping code will attempt to use
-         *      the node. the code below will delete the node prior
-         *      to the reap and we could get a crash.
-         *
-         *      as a stopgap before delving deeper, lock intrs to
-         *      prevent this case.
-         */
-        IEEE80211_LOCK_IRQ(ic);
-        if (ieee80211_node_dectestref(ni)) {
-                /*
-                 * Beware; if the node is marked gone then it's already
-                 * been removed from the table and we cannot assume the
-                 * table still exists.  Regardless, there's no need to lock
-                 * the table.
-                 */
-                if (ni->ni_table != NULL) {
-                        IEEE80211_NODE_LOCK(nt);
-                        _ieee80211_free_node(ni);
-                        IEEE80211_NODE_UNLOCK(nt);
-                } else
-                        _ieee80211_free_node(ni);
-        }
-        IEEE80211_UNLOCK_IRQ(ic);
-}
-#ifdef IEEE80211_DEBUG_REFCNT
-EXPORT_SYMBOL(ieee80211_free_node_debug);
-#else
-EXPORT_SYMBOL(ieee80211_free_node);
-#endif
-
-/*
- * Reclaim a node.  If this is the last reference count then
- * do the normal free work.  Otherwise remove it from the node
- * table and mark it gone by clearing the back-reference.
- */
-static void
-node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni)
-{
-
-        IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE,
-                "%s: remove %p<%s> from %s table, refcnt %d\n",
-                __func__, ni, ether_sprintf(ni->ni_macaddr),
-                nt->nt_name, ieee80211_node_refcnt(ni)-1);
-        if (!ieee80211_node_dectestref(ni)) {
-                /*
-                 * Other references are present, just remove the
-                 * node from the table so it cannot be found.  When
-                 * the references are dropped storage will be
-                 * reclaimed.  This normally only happens for ic_bss.
-                 */
-                TAILQ_REMOVE(&nt->nt_node, ni, ni_list);
-                LIST_REMOVE(ni, ni_hash);
-                ni->ni_table = NULL;            /* clear reference */
-        } else
-                _ieee80211_free_node(ni);
-}
-
-static void
-ieee80211_node_table_reset(struct ieee80211_node_table *nt,
-        struct ieee80211vap *match)
-{
-        struct ieee80211_node *ni, *next;
-
-
+TABLE_
-        TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) {
-                if (match != NULL && ni->ni_vap != match)
-                        continue;
@@ -1492 +1381 @@
-                        if (vap->iv_aid_bitmap != NULL)
-                                IEEE80211_AID_CLR(vap, ni->ni_associd);
-                }
-node_reclaim(nt, 
+ieee80211_node_leave(
-        }
-
+TABLE_
-}
-
-static void
-ieee80211_node_table_cleanup(struct ieee80211_node_table *nt)
-{
+        struct ieee80211com *ic = nt->nt_ic;
-        struct ieee80211_node *ni, *next;
-
-        TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) {
@@ -1511 +1401 @@
-                        if (vap->iv_aid_bitmap != NULL)
-                                IEEE80211_AID_CLR(vap, ni->ni_associd);
-                }
-node_reclaim(nt, 
+ic->ic_node_cleanup(
-        }
-        del_timer(&nt->nt_wds_aging_timer);
-        IEEE80211_SCAN_LOCK_DESTROY(nt);
-
+TABLE_
-}
-
-/*
@@ -1543 +1433 @@
-        IEEE80211_SCAN_LOCK_IRQ(nt); 
-        gen = ++nt->nt_scangen;
-restart:
-
+TABLE_
-        TAILQ_FOREACH(ni, &nt->nt_node, ni_list) {
-                if (ni->ni_scangen == gen)      /* previously handled */
-                        continue;
+                /* Temporary entries should no longer be in the node table */
-                /*
-                 * Ignore entries for which have yet to receive an
-                 * authentication frame.  These are transient and
-                 * will be reclaimed when the last reference to them
-                 * goes away (when frame xmits complete).
-                 */
-
-
-
+
+
+
+
+
-                ni->ni_scangen = gen;
-                /*
-                 * Free fragment if not needed anymore
@@ -1607 +1500 @@
-                                 * ref for us as needed.
-                                 */
-                                ieee80211_ref_node(ni);
-
+TABLE_
-                                ieee80211_send_nulldata(ni);
-                                /* XXX stat? */
-                                goto restart;
@@ -1630 +1523 @@
-                         */
-                        ni->ni_vap->iv_stats.is_node_timeout++;
-                        ieee80211_ref_node(ni);
-
+TABLE_
-                        if (ni->ni_associd != 0) {
-                                IEEE80211_SEND_MGMT(ni,
-                                        IEEE80211_FC0_SUBTYPE_DEAUTH,
-                                        IEEE80211_REASON_AUTH_EXPIRE);
-                        }
-                        ieee80211_node_leave(ni);
-free_node(
+unref_node(&
-                        goto restart;
-                }
-        }
-
+TABLE_
-
-        IEEE80211_SCAN_UNLOCK_IRQ(nt);
-}
@@ -1664 +1557 @@
-void
-ieee80211_iterate_nodes(struct ieee80211_node_table *nt, ieee80211_iter_func *f, void *arg)
-{
-
+tni, *
-        u_int gen;
-
-        IEEE80211_SCAN_LOCK_IRQ(nt);
-        gen = ++nt->nt_scangen;
+        
-restart:
-
-
-
-
-
-
+
+
+
+
+
+
+
+
-                        (*f)(arg, ni);
-
+
+
-                        goto restart;
-                }
-        }
-UNLOCK
+TABLE_UNLOCK_IRQ
-
-        IEEE80211_SCAN_UNLOCK_IRQ(nt);
-}
@@ -1955 +1852 @@
-                "station with aid %d leaves (refcnt %u)",
-                IEEE80211_NODE_AID(ni), ieee80211_node_refcnt(ni));
-
+        /* From this point onwards we can no longer find the node,
+         * so no more references are generated
+         */
+        ieee80211_remove_wds_addr(nt, ni->ni_macaddr);
+        ieee80211_del_wds_node(nt, ni);
+        IEEE80211_NODE_TABLE_LOCK_IRQ(nt);
+        _node_table_leave(nt, ni);
+        IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt);
+
-        /*
-         * If node wasn't previously associated all
-         * we need to do is reclaim the reference.
+         * This also goes for nodes that are auth'ed but
+         * not associated.
-         */
-        /* XXX ibss mode bypasses 11g and notification */
-        if (ni->ni_associd == 0)
@@ -1975 +1883 @@
-        IEEE80211_LOCK_IRQ(ic);
-        if (vap->iv_aid_bitmap != NULL)
-                IEEE80211_AID_CLR(vap, ni->ni_associd);
+
-        ni->ni_associd = 0;
-        vap->iv_sta_assoc--;
-        ic->ic_sta_assoc--;
+
-#ifdef ATH_SUPERG_XR
-        if (ni->ni_vap->iv_flags & IEEE80211_F_XR)
-                ic->ic_xr_sta_assoc--;
@@ -1988 +1898 @@
-        if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan))
-                ieee80211_node_leave_11g(ni);
-        IEEE80211_UNLOCK_IRQ(ic);
+
-        /*
-         * Cleanup station state.  In particular clear various
-         * state that might otherwise be reused if the node
@@ -1997 +1908 @@
-        ieee80211_sta_leave(ni);
-done:
-        /*
-
-
-
-
+
-         */
-
-
-
-
-
-
-
-
+
+
-}
-EXPORT_SYMBOL(ieee80211_node_leave);
-
@@ -2069 +1971 @@
-void
-ieee80211_node_reset(struct ieee80211_node *ni, struct ieee80211vap *vap)
-{
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
-}

net80211/ieee80211_node.h

@@ -52 +52 @@
- * authorized.  The latter timeout is shorter to more aggressively
- * reclaim nodes that leave part way through the 802.1x exchange.
- */
-
+               
-#define IEEE80211_INACT_INIT    (30/IEEE80211_INACT_WAIT)       /* initial */
-#define IEEE80211_INACT_AUTH    (180/IEEE80211_INACT_WAIT)      /* associated but not authorized */
-#define IEEE80211_INACT_RUN     (300/IEEE80211_INACT_WAIT)      /* authorized */
-#define IEEE80211_INACT_PROBE   (30/IEEE80211_INACT_WAIT)       /* probe */
-#define IEEE80211_INACT_SCAN    (300/IEEE80211_INACT_WAIT)      /* scanned */
-
-
+               
-
-#define IEEE80211_NODE_HASHSIZE 32
-/* simple hash is enough for variation of macaddr */
@@ -94 +94 @@
-        struct ieee80211_node_table *ni_table;
-        TAILQ_ENTRY(ieee80211_node) ni_list;
-        LIST_ENTRY(ieee80211_node) ni_hash;
-
+
+
-        u_int ni_scangen;                       /* gen# for timeout scan */
-        u_int8_t ni_authmode;                   /* authentication algorithm */
-        u_int16_t ni_flags;                     /* special-purpose state */
@@ -121 +122 @@
-        u_int16_t ni_associd;                   /* assoc response */
-        u_int16_t ni_txpower;                   /* current transmit power (in 0.5 dBm) */
-        u_int16_t ni_vlan;                      /* vlan tag */
-       
+
-        u_int8_t *ni_wpa_ie;                    /* captured WPA ie */
-        u_int8_t *ni_rsn_ie;                    /* captured RSN ie */
-        u_int8_t *ni_wme_ie;                    /* captured WME ie */
-        u_int8_t *ni_ath_ie;                    /* captured Atheros ie */
-       
-       
+
+
-        u_int32_t ni_rxfragstamp;               /* time stamp of last rx frag */
-        struct sk_buff *ni_rxfrag[3];           /* rx frag reassembly */
-        struct ieee80211_rsnparms ni_rsn;       /* RSN/WPA parameters */
@@ -156 +157 @@
-        struct ieee80211_channel *ni_chan;
-        u_int16_t ni_fhdwell;                   /* FH only */
-        u_int8_t ni_fhindex;                    /* FH only */
-       
+
-        u_int16_t ni_timoff;                    /* byte offset to TIM ie */
-
-        /* others */
@@ -168 +169 @@
-        struct ieee80211vap *ni_prev_vap;       /* previously associated vap */
-        u_int8_t ni_uapsd;                      /* U-APSD per-node flags matching WMM STA Qos Info field */
-        u_int8_t ni_uapsd_maxsp;                /* maxsp from flags above */
- 
+
-        __le16 ni_pschangeseq;
-};
-MALLOC_DECLARE(M_80211_NODE);
@@ -186 +187 @@
-#define WME_UAPSD_NODE_INVALIDSEQ       0xffff
-#define WME_UAPSD_NODE_TRIGSEQINIT(_ni) (memset(&(_ni)->ni_uapsd_trigseq[0], 0xff, sizeof((_ni)->ni_uapsd_trigseq)))
-
-static __inline struct ieee80211_node *
-ieee80211_ref_node(struct ieee80211_node *ni)
-{
-        ieee80211_node_incref(ni);
-        return ni;
-}
-
-static __inline void
-ieee80211_unref_node(struct ieee80211_node **ni)
-{
-        ieee80211_node_decref(*ni);
-        *ni = NULL;                     /* guard against use */
-}
-
-void ieee80211_node_attach(struct ieee80211com *);
-void ieee80211_node_detach(struct ieee80211com *);
-void ieee80211_node_vattach(struct ieee80211vap *);
@@ -242 +229 @@
- * is a second table for associated stations or neighbors.
- */
-struct ieee80211_node_table {
+        const char *nt_name;                    /* for debugging */
-        struct ieee80211com *nt_ic;             /* back reference */
-
+table_
-        TAILQ_HEAD(, ieee80211_node) nt_node;   /* information of all nodes */
-        ATH_LIST_HEAD(, ieee80211_node) nt_hash[IEEE80211_NODE_HASHSIZE];
-        ATH_LIST_HEAD(, ieee80211_wds_addr) nt_wds_hash[IEEE80211_NODE_HASHSIZE];
-        const char *nt_name;                    /* for debugging */
-        ieee80211_scan_lock_t nt_scanlock;      /* on nt_scangen */
-        u_int nt_scangen;                       /* gen# for timeout scan */
-        int nt_inact_init;                      /* initial node inact setting */
-        struct timer_list nt_wds_aging_timer;   /* timer to age out wds entries */
-};
-
-
-
-
+
-        const u_int8_t *);
-
-
+ 
+, unsigned char
-void ieee80211_node_reset(struct ieee80211_node *, struct ieee80211vap *);
-#ifdef IEEE80211_DEBUG_REFCNT
-void ieee80211_free_node_debug(struct ieee80211_node *, const char *, int);
-struct ieee80211_node *ieee80211_find_node_debug(struct ieee80211_node_table *,
-        const u_int8_t *, const char *, int);
-struct ieee80211_node *ieee80211_find_rxnode_debug(struct ieee80211com *,
-        const struct ieee80211_frame_min *, const char *, int);
-struct ieee80211_node *ieee80211_find_txnode_debug(struct ieee80211vap *,
-        const u_int8_t *, const char *, int);
-free_node(
-free_node_debug(
-nt, 
-nt, 
-nt, 
-nt, 
-nt, 
-nt, 
+unref_node(_
+unref_node_debug(_
+_nt, _
+_nt, _
+_nt, _
+_nt, _
+_nt, _
+_nt, _
-#else
-void ieee80211_free_node(struct ieee80211_node *);
-
-struct ieee80211_node *ieee80211_find_node(struct ieee80211_node_table *,
-        const u_int8_t *);
@@ -287 +270 @@
-struct ieee80211_node *ieee80211_find_txnode(struct ieee80211vap *,
-        const u_int8_t *);
-#endif
+
+void _ieee80211_free_node(struct ieee80211_node *);
+
+static __inline struct ieee80211_node *
+ieee80211_ref_node(struct ieee80211_node *ni)
+{
+        ieee80211_node_incref(ni);
+        return ni;
+}
+
+static __inline struct ieee80211_node *
+_ieee80211_pass_node(struct ieee80211_node **pni) {
+        struct ieee80211_node *tmp = *pni;
+        *pni = NULL;
+        return (tmp);
+}
+
+#define PASS_NODE(_ni) \
+        _ieee80211_pass_node(&_ni)
+
+static __inline int
+_ieee80211_unref_node(struct ieee80211_node *ni) {
+        if (ieee80211_node_dectestref(ni)) {
+                _ieee80211_free_node(ni);
+                return 1;
+        } else {
+                return 0;
+        }
+}
+
+static __inline void
+#ifdef IEEE80211_DEBUG_REFCNT
+ieee80211_unref_node_debug(struct ieee80211_node **pni, const char *func, int line)
+#else
+ieee80211_unref_node(struct ieee80211_node **pni)
+#endif
+{       
+        struct ieee80211_node *ni = *pni;
+#ifdef IEEE80211_DEBUG_REFCNT
+        IEEE80211_DPRINTF(NULL, IEEE80211_MSG_NODE,
+                "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni,
+                 ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni) - 1);
+#endif
+        _ieee80211_unref_node(ni); 
+        *pni = NULL;                    /* guard against use */
+}
+
-int ieee80211_add_wds_addr(struct ieee80211_node_table *, struct ieee80211_node *,
-        const u_int8_t *, u_int8_t);
-void ieee80211_remove_wds_addr(struct ieee80211_node_table *, const u_int8_t *);

net80211/ieee80211_debug.h

@@ +1 @@
+/*-
+ * Copyright (c) 2001 Atsushi Onoe
+ * Copyright (c) 2002-2005 Sam Leffler, Errno Consulting
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * Alternatively, this software may be distributed under the terms of the
+ * GNU General Public License ("GPL") version 2 as published by the Free
+ * Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * $Id: ieee80211_var.h 1969 2007-01-16 03:05:18Z scottr $
+ */
+#ifndef _NET80211_IEEE80211_DEBUG_H_
+#define _NET80211_IEEE80211_DEBUG_H_
+
+#define IEEE80211_DEBUG
+#define IEEE80211_DEBUG_REFCNT                  /* node refcnt stuff */
+
+#include <net80211/ieee80211.h>
+
+#define IEEE80211_MSG_DEBUG     0x40000000      /* IFF_DEBUG equivalent */
+#define IEEE80211_MSG_DUMPPKTS  0x20000000      /* IFF_LINK2 equivalent */
+#define IEEE80211_MSG_CRYPTO    0x10000000      /* crypto work */
+#define IEEE80211_MSG_INPUT     0x08000000      /* input handling */
+#define IEEE80211_MSG_XRATE     0x04000000      /* rate set handling */
+#define IEEE80211_MSG_ELEMID    0x02000000      /* element id parsing */
+#define IEEE80211_MSG_NODE      0x01000000      /* node handling */
+#define IEEE80211_MSG_ASSOC     0x00800000      /* association handling */
+#define IEEE80211_MSG_AUTH      0x00400000      /* authentication handling */
+#define IEEE80211_MSG_SCAN      0x00200000      /* scanning */
+#define IEEE80211_MSG_OUTPUT    0x00100000      /* output handling */
+#define IEEE80211_MSG_STATE     0x00080000      /* state machine */
+#define IEEE80211_MSG_POWER     0x00040000      /* power save handling */
+#define IEEE80211_MSG_DOT1X     0x00020000      /* 802.1x authenticator */
+#define IEEE80211_MSG_DOT1XSM   0x00010000      /* 802.1x state machine */
+#define IEEE80211_MSG_RADIUS    0x00008000      /* 802.1x radius client */
+#define IEEE80211_MSG_RADDUMP   0x00004000      /* dump 802.1x radius packets */
+#define IEEE80211_MSG_RADKEYS   0x00002000      /* dump 802.1x keys */
+#define IEEE80211_MSG_WPA       0x00001000      /* WPA/RSN protocol */
+#define IEEE80211_MSG_ACL       0x00000800      /* ACL handling */
+#define IEEE80211_MSG_WME       0x00000400      /* WME protocol */
+#define IEEE80211_MSG_SUPG      0x00000200      /* SUPERG */
+#define IEEE80211_MSG_DOTH      0x00000100      /* 11.h */
+#define IEEE80211_MSG_INACT     0x00000080      /* inactivity handling */
+#define IEEE80211_MSG_ROAM      0x00000040      /* sta-mode roaming */
+
+#define IEEE80211_MSG_ANY       0xffffffff      /* anything */
+
+#ifdef IEEE80211_DEBUG
+int ieee80211_msg_is_reported(struct ieee80211vap *, unsigned int msg);
+#define IEEE80211_DPRINTF(_vap, _m, _fmt, ...) do {                     \
+        if (ieee80211_msg_is_reported(_vap, _m))                                        \
+                ieee80211_note(_vap, _fmt, __VA_ARGS__);                \
+} while (0)
+#define IEEE80211_NOTE(_vap, _m, _ni, _fmt, ...) do {                   \
+        if (ieee80211_msg_is_reported(_vap, _m))                                        \
+                ieee80211_note_mac(_vap, (_ni)->ni_macaddr, _fmt, __VA_ARGS__);\
+} while (0)
+#define IEEE80211_NOTE_MAC(_vap, _m, _mac, _fmt, ...) do {              \
+        if (ieee80211_msg_is_reported(_vap, _m))                                        \
+                ieee80211_note_mac(_vap, _mac, _fmt, __VA_ARGS__);      \
+} while (0)
+#define IEEE80211_NOTE_FRAME(_vap, _m, _wh, _fmt, ...) do {             \
+        if (ieee80211_msg_is_reported(_vap, _m))                                        \
+                ieee80211_note_frame(_vap, _wh, _fmt, __VA_ARGS__);     \
+} while (0)
+struct ieee80211vap;
+struct ieee80211_frame;
+void ieee80211_note(struct ieee80211vap *, const char *, ...);
+void ieee80211_note_mac(struct ieee80211vap *,
+        const u_int8_t mac[IEEE80211_ADDR_LEN], const char *, ...);
+void ieee80211_note_frame(struct ieee80211vap *,
+        const struct ieee80211_frame *, const char *, ...);
+#define ieee80211_msg_debug(_vap) \
+        ieee80211_msg_is_reported(_vap, IEEE80211_MSG_DEBUG)
+#define ieee80211_msg_dumppkts(_vap) \
+        ieee80211_msg_is_reported(_vap, IEEE80211_MSG_DUMPPKTS)
+#define ieee80211_msg_input(_vap) \
+        ieee80211_msg_is_reported(_vap, IEEE80211_MSG_INPUT)
+#define ieee80211_msg_radius(_vap) \
+        ieee80211_msg_is_reported(_vap, IEEE80211_MSG_RADIUS)
+#define ieee80211_msg_dumpradius(_vap) \
+        ieee80211_msg_is_reported(_vap, IEEE80211_MSG_RADDUMP)
+#define ieee80211_msg_dumpradkeys(_vap) \
+        ieee80211_msg_is_reported(_vap, IEEE80211_MSG_RADKEYS)
+#define ieee80211_msg_scan(_vap) \
+        ieee80211_msg_is_reported(_vap, IEEE80211_MSG_SCAN)
+#define ieee80211_msg_assoc(_vap) \
+        ieee80211_msg_is_reported(_vap, IEEE80211_MSG_ASSOC)
+#else /* IEEE80211_DEBUG */
+#define IEEE80211_DPRINTF(_vap, _m, _fmt, ...)
+#define IEEE80211_NOTE(_vap, _m, _wh, _fmt, ...)
+#define IEEE80211_NOTE_FRAME(_vap, _m, _wh, _fmt, ...)
+#define IEEE80211_NOTE_MAC(_vap, _m, _mac, _fmt, ...)
+#endif /* IEEE80211_DEBUG */
+
+#endif /* _NET80211_IEEE80211_DEBUG_H_ */
+

net80211/ieee80211_scan_sta.c

@@ -762 +762 @@
-        if (se->se_rssi < STA_RSSI_MIN)
-                fail |= 0x100;
-#ifdef IEEE80211_DEBUG
-
+_is_reported
-                printf(" %03x", fail);
-                printf(" %c %s",
-                        fail & 0x40 ? '=' : fail & 0x80 ? '^' : fail ? '-' : '+',

net80211/ieee80211_wireless.c

@@ -3160 +3160 @@
-                error = -ENXIO;
-        ieee80211_key_update_end(vap);
-        if (ni != NULL)
-free_node(
+unref_node(&
-#ifdef ATH_SUPERG_XR
-        /* set the same params on the xr vap device if exists */
-        if (vap->iv_xrvap && !(vap->iv_flags & IEEE80211_F_XR))
@@ -3220 +3220 @@
-                memset(ik.ik_keydata, 0, sizeof(ik.ik_keydata));
-        }
-        if (ni != NULL)
-free_node(
+unref_node(&
-        return (copy_to_user(iwr->u.data.pointer, &ik, sizeof(ik)) ? -EFAULT : 0);
-}
-
@@ -3243 +3243 @@
-                        return -EINVAL;         /* XXX */
-                /* XXX error return */
-                ieee80211_crypto_delkey(vap, &ni->ni_ucastkey, ni);
-free_node(
+unref_node(&
-        } else {
-                if (kid >= IEEE80211_WEP_NKID)
-                        return -EINVAL;
@@ -3345 +3345 @@
-                                if (ni == NULL)
-                                        return -EINVAL;
-                                domlme(mlme, ni);
-free_node(
+unref_node(&
-                        } else
-                                ieee80211_iterate_nodes(&ic->ic_sta, domlme, mlme);
-                        break;
@@ -3364 +3364 @@
-                        ieee80211_node_authorize(ni);
-                else
-                        ieee80211_node_unauthorize(ni);
-free_node(
+unref_node(&
-                break;
-        case IEEE80211_MLME_CLEAR_STATS:
-                if (vap->iv_opmode != IEEE80211_M_HOSTAP)
@@ -3375 +3375 @@
-                
-                /* clear statistics */
-                memset(&ni->ni_stats, 0, sizeof(struct ieee80211_nodestats));
-free_node(
+unref_node(&
-                break;
-        default:
-                return -EINVAL;
@@ -3745 +3745 @@
-                        ielen = sizeof(wpaie.rsn_ie);
-                memcpy(wpaie.rsn_ie, ni->ni_rsn_ie, ielen);
-        }
-free_node(
+unref_node(&
-        return (copy_to_user(iwr->u.data.pointer, &wpaie, sizeof(wpaie)) ?
-                -EFAULT : 0);
-}
@@ -3772 +3772 @@
-        /* NB: copy out only the statistics */
-        error = copy_to_user(iwr->u.data.pointer + off, &ni->ni_stats,
-                iwr->u.data.length - off);
-free_node(
+unref_node(&
-        return (error ? -EFAULT : 0);
-}
-

net80211/ieee80211_input.c

@@ -310 +310 @@
-                                /*
-                                 * Try to find sender in local node table.
-                                 */
-free_node(
+unref_node(&
-                                ni = ieee80211_find_node(vap->iv_bss->ni_table, wh->i_addr2);
-                                if (ni == NULL) {
-                                        /*
@@ -491 +491 @@
-                                        nt = &ic->ic_sta;
-                                        ni_wds = ieee80211_find_wds_node(nt, wh->i_addr3);
-                                        if (ni_wds) {
-free_node(
+unref_node(&
-                                                IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT,
-                                                        wh, NULL, "%s",
-                                                        "multicast echo originated from node behind me");
@@ -571 +571 @@
-                                if (ni_wds == NULL)
-                                        ieee80211_add_wds_addr(nt, ni, wh4->i_addr4, 0);
-                                else
-free_node(
+unref_node(&
-                        }
-                        
-                        /*
@@ -930 +930 @@
-                }
-                ni = ieee80211_ref_node(vap->iv_bss);
-                type = ieee80211_input(ni, skb1, rssi, rstamp);
-free_node(
+unref_node(&
-        }
-        if (skb != NULL)                /* no vaps, reclaim skb */
-                dev_kfree_skb(skb);
@@ -980 +980 @@
-        }
-
-        /*
-         * Use this lock to make sure ni->ni_rxfrag[0] is
-         * not freed by the timer process while we use it.
-         * XXX bogus
-         */
-        IEEE80211_NODE_LOCK_IRQ(ni->ni_table);
-
-        /*
-         * Update the time stamp.  As a side effect, it
-         * also makes sure that the timer will not change
-         * ni->ni_rxfrag[0] for at least 1 second, or in
-         * other words, for the remaining of this function.
+         * XXX HUGE HORRIFIC HACK
-         */
-        ni->ni_rxfragstamp = jiffies;
-
-        IEEE80211_NODE_UNLOCK_IRQ(ni->ni_table);
-
-        /*
-         * Validate that fragment is in order and
-         * related to the previous ones.
@@ -1124 +1116 @@
-                                        skb = NULL;
-                                }
-                                /* XXX statistic? */
-free_node(
+unref_node(&
-                        }
-                }
-                if (skb1 != NULL) {
@@ -1248 +1240 @@
-        int rssi, u_int32_t rstamp, u_int16_t seq, u_int16_t status)
-{
-        struct ieee80211vap *vap = ni->ni_vap;
+        unsigned int tmpnode = 0;
-
-        if (ni->ni_authmode == IEEE80211_AUTH_SHARED) {
-                IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_AUTH,
@@ -1255 +1248 @@
-                        "bad sta auth mode %u", ni->ni_authmode);
-                vap->iv_stats.is_rx_bad_auth++; /* XXX maybe a unique error? */
-                if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
-                        /* XXX hack to workaround calling convention */
-
-                        /* XXX To send the frame to the requesting STA, we have to
-                         * create a node for the station that we're going to reject.
-                         * The node will be freed automatically */
-                        if (ni == vap->iv_bss) {
-
+
+
-                                if (ni == NULL)
-                                        return;
-
-                                IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 
-                                "%s: %p<%s> refcnt %d\n", __func__, ni, ether_sprintf(ni->ni_macaddr), 
-                                ieee80211_node_refcnt(ni));
+                                tmpnode = 1;
-                        }
-                        IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH,
-                                (seq + 1) | (IEEE80211_STATUS_ALG<<16));
+                        
+                        if (tmpnode)
+                                ieee80211_unref_node(&ni);
-                        return;
-                }
-        }
@@ -1298 +1291 @@
-                }
-                /* always accept open authentication requests */
-                if (ni == vap->iv_bss) {
-
+
+
-                        if (ni == NULL)
-                                return;
-
-                        IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, 
-                        "%s: %p<%s> refcnt %d\n", __func__, ni, ether_sprintf(ni->ni_macaddr), 
-                        ieee80211_node_refcnt(ni));
-
-
-
-
-
-
-
-
-
-
+
+
+
-                IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1);
-                IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH,
-                        ni, "station authenticated (%s)", "open");
@@ -1324 +1311 @@
-                 */
-                if (ni->ni_authmode != IEEE80211_AUTH_8021X)
-                        ieee80211_node_authorize(ni);
+                if (tmpnode)
+                        ieee80211_unref_node(&ni);
-                break;
-
-        case IEEE80211_M_STA:
@@ -1362 +1351 @@
-        int istmp;
-
-        if (ni == vap->iv_bss) {
-
+
+
-                if (ni == NULL) {
-                        /* XXX msg */
-                        return;
@@ -1372 +1362 @@
-                istmp = 0;
-        IEEE80211_SEND_MGMT(ni, subtype, arg);
-        if (istmp)
-free_node(
+unref_node(&
-}
-
-static int
@@ -1398 +1388 @@
-{
-        struct ieee80211vap *vap = ni->ni_vap;
-        u_int8_t *challenge;
-, estatus
+ = 0, estatus = 0
-
-        /*
-         * NB: this can happen as we allow pre-shared key
@@ -1408 +1398 @@
-         * ordering in which case this check would just be
-         * for sanity/consistency.
-         */
-        estatus = 0;                    /* NB: silence compiler */
-        if ((vap->iv_flags & IEEE80211_F_PRIVACY) == 0) {
-                IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_AUTH,
-                        ni->ni_macaddr, "shared key auth",
@@ -1488 +1477 @@
-                switch (seq) {
-                case IEEE80211_AUTH_SHARED_REQUEST:
-                        if (ni == vap->iv_bss) {
-
+
+
-                                if (ni == NULL) {
-                                        /* NB: no way to return an error */
-                                        return;
@@ -1499 +1489 @@
-                                ieee80211_node_refcnt(ni));
-
-                                allocbs = 1;
-                        } else {
-                                if ((ni->ni_flags & IEEE80211_NODE_AREF) == 0)
-                                        (void) ieee80211_ref_node(ni);
-                                allocbs = 0;
-                        }
-
-
-
-
-
-
+
-                        ni->ni_rssi = rssi;
-                        ni->ni_rstamp = rstamp;
-                        ni->ni_last_rx = jiffies;
@@ -1603 +1584 @@
-        }
-        return;
-bad:
-
-
-
+
-        if (vap->iv_opmode == IEEE80211_M_HOSTAP) {
-                /* XXX hack to workaround calling convention */
-                ieee80211_send_error(ni, wh->i_addr2, 
-                        IEEE80211_FC0_SUBTYPE_AUTH,
-                        (seq + 1) | (estatus<<16));
+                ieee80211_node_leave(ni);
-        } else if (vap->iv_opmode == IEEE80211_M_STA) {
-                /*
-                 * Kick the state machine.  This short-circuits
@@ -2074 +2054 @@
-        /* optional RSN capabilities */
-        if (len > 2)
-                rsn_parm->rsn_caps = LE_READ_2(frm);
-
+ 
-
-        return 0;
-}
@@ -2568 +2548 @@
-        u_int8_t *frm, *efrm;
-        u_int8_t *ssid, *rates, *xrates, *wpa, *rsn, *wme, *ath;
-        u_int8_t rate;
-
+ = 0
-        u_int8_t qosinfo;
-
-        wh = (struct ieee80211_frame *) skb->data;
@@ -2849 +2829 @@
-                }
-                if (scan.capinfo & IEEE80211_CAPINFO_IBSS) {
-                        if (!IEEE80211_ADDR_EQ(wh->i_addr2, ni->ni_macaddr)) {
-                                /*
-                                 * Create a new entry in the neighbor table.
-                                 */
-                                ni = ieee80211_add_neighbor(vap, wh, &scan);
-                        } else {
-                                /*
@@ -2965 +2942 @@
-                                 */
-                                ni = ieee80211_fakeup_adhoc_node(vap,
-                                        wh->i_addr2);
-
-
+
+
+
+
-                        if (ni == NULL)
-                                return;
-                        allocbs = 1;
- else
-
+
+
-                IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_INPUT, wh->i_addr2,
-                        "%s", "recv probe req");
-                ni->ni_rssi = rssi;
@@ -2994 +2973 @@
-                         * Temporary node created just to send a
-                         * response, reclaim immediately
-                         */
-free_node(
+unref_node(&
-                } else if (ath != NULL)
-                        ieee80211_saveath(ni, ath);
-                break;
@@ -3024 +3003 @@
-                                        ni = vap->iv_xrvap->iv_bss;
-                                else {
-                                        ieee80211_node_leave(ni);
+                                        /* This would be a stupid place to add a node to the table
+                                         * XR stuff needs work anyway
+                                         */
-                                        ieee80211_node_reset(ni, vap->iv_xrvap);
-                                }
-                                vap = vap->iv_xrvap;
@@ -3036 +3018 @@
-#endif
-                IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_AUTH, wh->i_addr2,
-                        "recv auth frame with algorithm %d seq %d", algo, seq);
-
-
-
+
-                if (vap->iv_acl != NULL &&
-                    !vap->iv_acl->iac_check(vap, wh->i_addr2)) {
-                        IEEE80211_DISCARD(vap, IEEE80211_MSG_ACL,
@@ -3071 +3051 @@
-                                /* XXX not right */
-                                ieee80211_send_error(ni, wh->i_addr2,
-                                        IEEE80211_FC0_SUBTYPE_AUTH,
-+
+ + 
-                        }
-                        return;
-                } 

net80211/ieee80211_output.c

@@ -254 +254 @@
-                goto bad;
-        }
-        
-ni
+ieee80211_ref_node(ni)
-        
-        /* power-save checks */
-        if (WME_UAPSD_AC_CAN_TRIGGER(skb->priority, ni)) {
@@ -293 +293 @@
-        }
-#endif
-        ieee80211_parent_queue_xmit(skb);
+        ieee80211_unref_node(&ni);
-        return 0;
-
-bad:
-        if (skb != NULL)
-                dev_kfree_skb(skb);
-        if (ni != NULL)
-free_node(
+unref_node(&
-        return 0;
-}
-
@@ -453 +454 @@
-        if (skb == NULL) {
-                /* XXX debug msg */
-                vap->iv_stats.is_tx_nobuf++;
-free_node(
+unref_node(&
-                return -ENOMEM;
-        }
-        cb = (struct ieee80211_cb *)skb->cb;
@@ -507 +508 @@
-        u_int8_t *frm;
-        int tid;
-
-        ieee80211_ref_node(ni);
-        skb = ieee80211_getmgtframe(&frm, 2);
-        if (skb == NULL) {
-                /* XXX debug msg */
-                vap->iv_stats.is_tx_nobuf++;
-                ieee80211_free_node(ni);
-                return -ENOMEM;
-        }
-        cb = (struct ieee80211_cb *)skb->cb;
-ni
+ieee80211_ref_node(ni)
-
-        skb->priority = ac;
-        qwh = (struct ieee80211_qosframe *)skb_push(skb, sizeof(struct ieee80211_qosframe));
@@ -865 +864 @@
-                                nt = &ic->ic_sta;
-                                ni_wds = ieee80211_find_wds_node(nt, eh.ether_shost);
-                                if (ni_wds)
-free_node(
+unref_node(&
-                                else
-                                        ieee80211_add_wds_addr(nt, ni, eh.ether_shost, 0);
-                        }
@@ -1719 +1718 @@
-                __func__, __LINE__,
-                ni, ether_sprintf(ni->ni_macaddr),
-                ieee80211_node_refcnt(ni) + 1);
-        ieee80211_ref_node(ni);
-
-        /*
-         * prreq frame format
@@ -1735 +1733 @@
-               vap->app_ie[IEEE80211_APPIE_FRAME_PROBE_REQ].length);
-        if (skb == NULL) {
-                vap->iv_stats.is_tx_nobuf++;
-                ieee80211_free_node(ni);
-                return -ENOMEM;
-        }
-
@@ -1758 +1755 @@
-        skb_trim(skb, frm - skb->data);
-
-        cb = (struct ieee80211_cb *)skb->cb;
-ni
+ieee80211_ref_node(ni)
-
-        wh = (struct ieee80211_frame *)
-                skb_push(skb, sizeof(struct ieee80211_frame));
@@ -2233 +2230 @@
-                mod_timer(&vap->iv_mgtsend, jiffies + timer * HZ);
-        return 0;
-bad:
-free_node(
+unref_node(&
-        return ret;
-#undef senderr
-}

net80211/ieee80211_power.c

@@ -109 +109 @@
-int
-ieee80211_node_saveq_drain(struct ieee80211_node *ni)
-{
+        struct ieee80211_cb *cb = NULL;
-        struct sk_buff *skb;
-        int qlen;
-
-        IEEE80211_NODE_SAVEQ_LOCK(ni);
-        qlen = skb_queue_len(&ni->ni_savedq);
-        while ((skb = __skb_dequeue(&ni->ni_savedq)) != NULL) {
-
+
+
-                dev_kfree_skb_any(skb);
-        }
-        IEEE80211_NODE_SAVEQ_UNLOCK(ni);

net80211/ieee80211_var.h

@@ -37 +37 @@
-/*
- * Definitions for IEEE 802.11 drivers.
- */
-
-
+
-
-#include <net80211/ieee80211_linux.h>
-
@@ -230 +229 @@
-        /* new station association callback/notification */
-        void (*ic_newassoc)(struct ieee80211_node *, int);
-        /* node state management */
-
-
+
-        void (*ic_node_free)(struct ieee80211_node *);
-        void (*ic_node_cleanup)(struct ieee80211_node *);
-        u_int8_t (*ic_node_getrssi)(const struct ieee80211_node *);
@@ -406 +404 @@
-        u_int32_t app_filter;                   /* filters which management frames are forwarded to app */
-
-};
+
+static __inline int ieee80211_is_printed(struct ieee80211vap *vap, unsigned m)
+{
+        return !!(vap->iv_debug & m);
+}
+
-MALLOC_DECLARE(M_80211_VAP);
-
-#define IEEE80211_ADDR_NULL(a1)         (memcmp(a1, "\x00\x00\x00\x00\x00\x00", \
@@ -613 +617 @@
-                size = roundup(size, sizeof(u_int32_t));
-        return size;
-}
-
-#define IEEE80211_MSG_DEBUG     0x40000000      /* IFF_DEBUG equivalent */
-#define IEEE80211_MSG_DUMPPKTS  0x20000000      /* IFF_LINK2 equivalent */
-#define IEEE80211_MSG_CRYPTO    0x10000000      /* crypto work */
-#define IEEE80211_MSG_INPUT     0x08000000      /* input handling */
-#define IEEE80211_MSG_XRATE     0x04000000      /* rate set handling */
-#define IEEE80211_MSG_ELEMID    0x02000000      /* element id parsing */
-#define IEEE80211_MSG_NODE      0x01000000      /* node handling */
-#define IEEE80211_MSG_ASSOC     0x00800000      /* association handling */
-#define IEEE80211_MSG_AUTH      0x00400000      /* authentication handling */
-#define IEEE80211_MSG_SCAN      0x00200000      /* scanning */
-#define IEEE80211_MSG_OUTPUT    0x00100000      /* output handling */
-#define IEEE80211_MSG_STATE     0x00080000      /* state machine */
-#define IEEE80211_MSG_POWER     0x00040000      /* power save handling */
-#define IEEE80211_MSG_DOT1X     0x00020000      /* 802.1x authenticator */
-#define IEEE80211_MSG_DOT1XSM   0x00010000      /* 802.1x state machine */
-#define IEEE80211_MSG_RADIUS    0x00008000      /* 802.1x radius client */
-#define IEEE80211_MSG_RADDUMP   0x00004000      /* dump 802.1x radius packets */
-#define IEEE80211_MSG_RADKEYS   0x00002000      /* dump 802.1x keys */
-#define IEEE80211_MSG_WPA       0x00001000      /* WPA/RSN protocol */
-#define IEEE80211_MSG_ACL       0x00000800      /* ACL handling */
-#define IEEE80211_MSG_WME       0x00000400      /* WME protocol */
-#define IEEE80211_MSG_SUPG      0x00000200      /* SUPERG */
-#define IEEE80211_MSG_DOTH      0x00000100      /* 11.h */
-#define IEEE80211_MSG_INACT     0x00000080      /* inactivity handling */
-#define IEEE80211_MSG_ROAM      0x00000040      /* sta-mode roaming */
-
-#define IEEE80211_MSG_ANY       0xffffffff      /* anything */
-
-#ifdef IEEE80211_DEBUG
-#define ieee80211_msg(_vap, _m) ((_vap)->iv_debug & (_m))
-#define IEEE80211_DPRINTF(_vap, _m, _fmt, ...) do {                     \
-        if (ieee80211_msg(_vap, _m))                                    \
-                ieee80211_note(_vap, _fmt, __VA_ARGS__);                \
-} while (0)
-#define IEEE80211_NOTE(_vap, _m, _ni, _fmt, ...) do {                   \
-        if (ieee80211_msg(_vap, _m))                                    \
-                ieee80211_note_mac(_vap, (_ni)->ni_macaddr, _fmt, __VA_ARGS__);\
-} while (0)
-#define IEEE80211_NOTE_MAC(_vap, _m, _mac, _fmt, ...) do {              \
-        if (ieee80211_msg(_vap, _m))                                    \
-                ieee80211_note_mac(_vap, _mac, _fmt, __VA_ARGS__);      \
-} while (0)
-#define IEEE80211_NOTE_FRAME(_vap, _m, _wh, _fmt, ...) do {             \
-        if (ieee80211_msg(_vap, _m))                                    \
-                ieee80211_note_frame(_vap, _wh, _fmt, __VA_ARGS__);     \
-} while (0)
-void ieee80211_note(struct ieee80211vap *, const char *, ...);
-void ieee80211_note_mac(struct ieee80211vap *,
-        const u_int8_t mac[IEEE80211_ADDR_LEN], const char *, ...);
-void ieee80211_note_frame(struct ieee80211vap *,
-        const struct ieee80211_frame *, const char *, ...);
-#define ieee80211_msg_debug(_vap) \
-        ieee80211_msg(_vap, IEEE80211_MSG_DEBUG)
-#define ieee80211_msg_dumppkts(_vap) \
-        ieee80211_msg(_vap, IEEE80211_MSG_DUMPPKTS)
-#define ieee80211_msg_input(_vap) \
-        ieee80211_msg(_vap, IEEE80211_MSG_INPUT)
-#define ieee80211_msg_radius(_vap) \
-        ieee80211_msg(_vap, IEEE80211_MSG_RADIUS)
-#define ieee80211_msg_dumpradius(_vap) \
-        ieee80211_msg(_vap, IEEE80211_MSG_RADDUMP)
-#define ieee80211_msg_dumpradkeys(_vap) \
-        ieee80211_msg(_vap, IEEE80211_MSG_RADKEYS)
-#define ieee80211_msg_scan(_vap) \
-        ieee80211_msg(_vap, IEEE80211_MSG_SCAN)
-#define ieee80211_msg_assoc(_vap) \
-        ieee80211_msg(_vap, IEEE80211_MSG_ASSOC)
-#else /* IEEE80211_DEBUG */
-#define IEEE80211_DPRINTF(_vap, _m, _fmt, ...)
-#define IEEE80211_NOTE(_vap, _m, _wh, _fmt, ...)
-#define IEEE80211_NOTE_FRAME(_vap, _m, _wh, _fmt, ...)
-#define IEEE80211_NOTE_MAC(_vap, _m, _mac, _fmt, ...)
-#endif /* IEEE80211_DEBUG */
-
-#endif /* _NET80211_IEEE80211_VAR_H_ */

net80211/ieee80211_proto.c

@@ -1456 +1456 @@
-                                 */                             
-                                if (vap->iv_opmode == IEEE80211_M_WDS) {
-                                        struct ieee80211_node *wds_ni;
-(&ic->ic_sta, 
+_table(
-                                        if (wds_ni != NULL) {
-                                                if (ieee80211_add_wds_addr(&ic->ic_sta, wds_ni, vap->wds_mac, 1) == 0) {
-                                                        ieee80211_node_authorize(wds_ni);

net80211/ieee80211_linux.h

@@ -63 +63 @@
-
-#define IEEE80211_RESCHEDULE    schedule
-
+/* Locking */
+/* NB: beware, spin_is_locked() is not usefully defined for !(DEBUG || SMP)
+ * because spinlocks do not exist in this configuration. Instead IRQs 
+ * or pre-emption are simply disabled, as this is all that is needed.
+ */
+
-/*
- * Beacon handler locking definitions.
- * Beacon locking 
@@ -85 +91 @@
-#define IEEE80211_LOCK(_ic)     spin_lock(&(_ic)->ic_comlock)
-#define IEEE80211_UNLOCK(_ic)   spin_unlock(&(_ic)->ic_comlock)
-
-
-
+
-#define IEEE80211_LOCK_ASSERT(_ic) \
-        KASSERT(spin_is_locked(&(_ic)->ic_comlock),("ieee80211com not locked!"))
-#else
-#define IEEE80211_LOCK_ASSERT(_ic)
-#endif
-
+
-#define IEEE80211_VAPS_LOCK_INIT(_ic, _name)            \
-        spin_lock_init(&(_ic)->ic_vapslock)
-#define IEEE80211_VAPS_LOCK_DESTROY(_ic)
@@ -108 +114 @@
-} while (0)
-#define IEEE80211_VAPS_UNLOCK_IRQ_EARLY(_ic)    spin_unlock_irqrestore(&(_ic)->ic_vapslock, _vaps_lockflags)
-
-
-
-
+
-#define IEEE80211_VAPS_LOCK_ASSERT(_ic) \
-
+
+
-#else
-#define IEEE80211_VAPS_LOCK_ASSERT(_ic)
-#endif
@@ -121 +126 @@
-/*
- * Node locking definitions.
- */
+#if 0
+
-typedef spinlock_t ieee80211_node_lock_t;
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
-        unsigned long __node_lockflags;         \
+        spin_lock_irqsave(&(_ni)->ni_nodelock, __node_lockflags);
+#define IEEE80211_NODE_UNLOCK_IRQ(_ni)          \
+        spin_unlock_irqrestore(&(_ni)->ni_nodelock, __node_lockflags); \
+} while(0)
+#define IEEE80211_NODE_UNLOCK_IRQ_EARLY(_ni)            \
+        spin_unlock_irqrestore(&(_ni)->ni_nodelock, __node_lockflags);
+
+#if (defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK)) && defined(spin_is_locked)
+#define IEEE80211_NODE_LOCK_ASSERT(_nt) \
+        KASSERT(spin_is_locked(&(_ni)->ni_nodelock), \
+                ("802.11 node not locked!"))
+#else
+#define IEEE80211_NODE_LOCK_ASSERT(_ni)
+#endif
+
+#endif /* node lock */
+
+/*
+ * Node table locking definitions.
+ */
+typedef spinlock_t ieee80211_node_table_lock_t;
+#define IEEE80211_NODE_TABLE_LOCK_INIT(_nt, _name)      spin_lock_init(&(_nt)->nt_nodelock)
+#define IEEE80211_NODE_TABLE_LOCK_DESTROY(_nt)
+#if 0   /* We should always be contesting in the same contexts */
+#define IEEE80211_NODE_TABLE_LOCK(_nt)  spin_lock(&(_nt)->nt_nodelock)
+#define IEEE80211_NODE_TABLE_UNLOCK(_nt)        spin_unlock(&(_nt)->nt_nodelock)
+#define IEEE80211_NODE_TABLE_LOCK_BH(_nt)       spin_lock_bh(&(_nt)->nt_nodelock)
+#define IEEE80211_NODE_TABLE_UNLOCK_BH(_nt)     spin_unlock_bh(&(_nt)->nt_nodelock)
+#endif
+#define IEEE80211_NODE_TABLE_LOCK_IRQ(_nt)      do {    \
+        unsigned long __node_lockflags;         \
-        spin_lock_irqsave(&(_nt)->nt_nodelock, __node_lockflags);
-
+TABLE_
-        spin_unlock_irqrestore(&(_nt)->nt_nodelock, __node_lockflags); \
-} while(0)
-
+TABLE_
-        spin_unlock_irqrestore(&(_nt)->nt_nodelock, __node_lockflags);
-
-
-
-
-
+
+
+
-                ("802.11 node table not locked!"))
-#else
-
+TABLE_
-#endif
-
-/*
@@ -163 +202 @@
-#define IEEE80211_SCAN_UNLOCK_IRQ_EARLY(_nt)            \
-        spin_unlock_irqrestore(&(_nt)->nt_scanlock, __scan_lockflags);
-
-
-
+
-#define IEEE80211_SCAN_LOCK_ASSERT(_nt) \
-        KASSERT(spin_is_locked(&(_nt)->nt_scanlock), ("scangen not locked!"))
-#else
@@ -182 +220 @@
-#define ACL_LOCK_BH(_as)                spin_lock_bh(&(_as)->as_lock)
-#define ACL_UNLOCK_BH(_as)              spin_unlock_bh(&(_as)->as_lock)
-
-
-
+
-#define ACL_LOCK_ASSERT(_as) \
-        KASSERT(spin_is_locked(&(_as)->as_lock), ("ACL not locked!"))
-#else
@@ -299 +336 @@
- *                              is the last reference, otherwise 0
- * ieee80211_node_refcnt        reference count for printing (only)
- */
+typedef atomic_t ieee80211_node_ref_count_t; 
-#define ieee80211_node_initref(_ni)     atomic_set(&(_ni)->ni_refcnt, 1)
-#define ieee80211_node_incref(_ni)      atomic_inc(&(_ni)->ni_refcnt)
-#define ieee80211_node_decref(_ni)      atomic_dec(&(_ni)->ni_refcnt)
@@ -379 +417 @@
-/* msecs_to_jiffies appeared in 2.6.7 and 2.4.29 */
-#include <linux/delay.h>
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) && \
- 
- 
+
+
-
-/* The following definitions and inline functions are
- * copied from the kernel src, include/linux/jiffies.h */

ath/if_ath.c

@@ -159 +159 @@
-static int ath_desc_alloc(struct ath_softc *);
-static void ath_desc_free(struct ath_softc *);
-static void ath_desc_swap(struct ath_desc *);
-
-
+
-static void ath_node_cleanup(struct ieee80211_node *);
-static void ath_node_free(struct ieee80211_node *);
-static u_int8_t ath_node_getrssi(const struct ieee80211_node *);
@@ -2462 +2461 @@
-                if (ath_tx_start(sc->sc_dev, ni, bf_ff, bf_ff->bf_skb, 0) == 0)
-                        continue;
-        bad:
-free_node(
+unref_node(&
-                if (bf_ff->bf_skb != NULL) {
-                        dev_kfree_skb(bf_ff->bf_skb);
-                        bf_ff->bf_skb = NULL;
@@ -2603 +2602 @@
-                        ATH_FF_MAGIC_PUT(skb);
-
-                        /* decrement extra node reference made when an_tx_ffbuf[] was set */
-free_node(
+unref_node(&
-
-                        DPRINTF(sc, ATH_DEBUG_XMIT | ATH_DEBUG_FF,
-                                "%s: aggregating fast-frame\n", __func__);
@@ -2662 +2661 @@
-                ff_flushbad:
-                        DPRINTF(sc, ATH_DEBUG_XMIT | ATH_DEBUG_FF,
-                                "%s: ff stageq flush failure\n", __func__);
-free_node(
+unref_node(&
-                        if (bf_ff->bf_skb) {
-                                dev_kfree_skb(bf_ff->bf_skb);
-                                bf_ff->bf_skb = NULL;
@@ -2787 +2786 @@
-                        tbf->bf_node = NULL;
-                        
-                        if (ni != NULL) 
-free_node(
+unref_node(&
-
-                        STAILQ_INSERT_TAIL(&sc->sc_txbuf, tbf, bf_list);
-                }
@@ -2869 +2868 @@
-        /* fall thru... */
-bad:
-        if (ni != NULL)
-free_node(
+unref_node(&
-        if (bf != NULL) {
-                bf->bf_skb = NULL;
-                bf->bf_node = NULL;
@@ -3255 +3254 @@
-         */
-        ni = sc->sc_keyixmap[keyix];
-        if (ni != NULL) {
-free_node(
+unref_node(&
-                sc->sc_keyixmap[keyix] = NULL;
-        }
-        /*
@@ -3266 +3265 @@
-                ath_hal_keyreset(ah, keyix + 32);       /* RX key */
-                ni = sc->sc_keyixmap[keyix + 32];
-                if (ni != NULL) {                       /* as above... */
-free_node(
+unref_node(&
-                        sc->sc_keyixmap[keyix + 32] = NULL;
-                }
-        }
@@ -3279 +3278 @@
-                        ath_hal_keyreset(ah, keyix + rxkeyoff);
-                        ni = sc->sc_keyixmap[keyix + rxkeyoff];
-                        if (ni != NULL) {       /* as above... */
-free_node(
+unref_node(&
-                                sc->sc_keyixmap[keyix + rxkeyoff] = NULL;
-                        }
-                }
@@ -3835 +3834 @@
-                dev_kfree_skb(bf->bf_skb);
-                bf->bf_skb = NULL;
-        }
-
-
-
-
+
+
-
-        /*
-         * NB: the beacon data buffer must be 32-bit aligned;
@@ -4382 +4379 @@
-                dev_kfree_skb(bf->bf_skb);
-                bf->bf_skb = NULL;
-        }
-
-
-
-
+
+
-        STAILQ_INSERT_TAIL(&sc->sc_bbuf, bf, bf_list);
-}
-
@@ -4404 +4399 @@
-                        dev_kfree_skb(bf->bf_skb);
-                        bf->bf_skb = NULL;
-                }
-
-
-
-
+
+
-        }
-}
-
@@ -4692 +4685 @@
-                        /*
-                         * Reclaim node reference.
-                         */
-free_node(
+unref_node(&
-                }
-        }
-
@@ -4751 +4744 @@
-}
-
-static struct ieee80211_node *
-_node_table *nt,struct ieee80211
+
-{
-nt->nt
+vap->iv
-        const size_t space = sizeof(struct ath_node) + sc->sc_rc->arc_space;
-        struct ath_node *an;
-
-        an = kmalloc(space, GFP_ATOMIC);
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-                return NULL;
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-}
-
-static void
@@ -4791 +4786 @@
-        struct ath_softc *sc = ni->ni_ic->ic_dev->priv;
-        struct ath_node *an = ATH_NODE(ni);
-        struct ath_buf *bf;
+        struct ieee80211_cb *cb = NULL;
-        
-        /*
-         * U-APSD cleanup
@@ -4805 +4801 @@
-        while (an->an_uapsd_qdepth) {
-                bf = STAILQ_FIRST(&an->an_uapsd_q);
-                STAILQ_REMOVE_HEAD(&an->an_uapsd_q, bf_list);
-                bf->bf_desc->ds_link = (u_int32_t)NULL;
-
+                cb = (struct ieee80211_cb *) bf->bf_skb->cb;
+                ieee80211_unref_node(&cb->ni);
-                dev_kfree_skb_any(bf->bf_skb);
+
+                bf->bf_desc->ds_link = 0;
-                bf->bf_skb = NULL;
-                bf->bf_node = NULL;
+
-                ATH_TXBUF_LOCK_IRQ(sc);
-                STAILQ_INSERT_TAIL(&sc->sc_txbuf, bf, bf_list);
-                ATH_TXBUF_UNLOCK_IRQ(sc);
-                ieee80211_free_node(ni);
-
-                an->an_uapsd_qdepth--;
-        }
@@ -4821 +4820 @@
-        while (an->an_uapsd_overflowqdepth) {
-                bf = STAILQ_FIRST(&an->an_uapsd_overflowq);
-                STAILQ_REMOVE_HEAD(&an->an_uapsd_overflowq, bf_list);
-                bf->bf_desc->ds_link = (u_int32_t)NULL;
-
+                cb = (struct ieee80211_cb *) bf->bf_skb->cb;
+                ieee80211_unref_node(&cb->ni);
-                dev_kfree_skb_any(bf->bf_skb);
+
-                bf->bf_skb = NULL;
-                bf->bf_node = NULL;
+                bf->bf_desc->ds_link = 0;
+                
-                ATH_TXBUF_LOCK_IRQ(sc);
-                STAILQ_INSERT_TAIL(&sc->sc_txbuf, bf, bf_list);
-                ATH_TXBUF_UNLOCK_IRQ(sc);
-                ieee80211_free_node(ni);
-
-                an->an_uapsd_overflowqdepth--;
-        }
-
+        // Clean up node-specific rate things - this currently appears to always be a no-op
+        sc->sc_rc->ops->node_cleanup(sc, ATH_NODE(ni));
+
-        ATH_NODE_UAPSD_LOCK_IRQ(an);
-        sc->sc_node_cleanup(ni);
-        ATH_NODE_UAPSD_UNLOCK_IRQ(an);
@@ -4844 +4849 @@
-{
-        struct ath_softc *sc = ni->ni_ic->ic_dev->priv;
-
-        sc->sc_rc->ops->node_cleanup(sc, ATH_NODE(ni));
-        sc->sc_node_free(ni);
-#ifdef ATH_SUPERG_XR
-        ath_grppoll_period_update(sc);
@@ -5727 +5731 @@
-                        ATH_RSSI_LPF(an->an_avgrssi, ds->ds_rxstat.rs_rssi);
-                        type = ieee80211_input(ni, skb,
-                                ds->ds_rxstat.rs_rssi, ds->ds_rxstat.rs_tstamp);
-free_node(
+unref_node(&
-                } else {
-                        /*
-                         * No key index or no entry, do a lookup and
@@ -5752 +5756 @@
-                                if (keyix != IEEE80211_KEYIX_NONE &&
-                                    sc->sc_keyixmap[keyix] == NULL)
-                                        sc->sc_keyixmap[keyix] = ieee80211_ref_node(ni);
-free_node(
+unref_node(&
-                        } else
-                                type = ieee80211_input_all(ic, skb,
-                                        ds->ds_rxstat.rs_rssi,
@@ -6552 +6556 @@
-                STAILQ_REMOVE_HEAD(&an->an_uapsd_q, bf_list);
-                dev_kfree_skb(lastbuf->bf_skb);
-                lastbuf->bf_skb = NULL;
-
-
+
-                ATH_TXBUF_LOCK_IRQ(sc);
-                STAILQ_INSERT_TAIL(&sc->sc_txbuf, lastbuf, bf_list);
-                ATH_TXBUF_UNLOCK_IRQ(sc);
@@ -7304 +7307 @@
-                         *     this is a DEAUTH message that was sent and the
-                         *     node was timed out due to inactivity.
-                         */
-free_node(
+unref_node(&
-                }
-
-                bus_unmap_single(sc->sc_bdev, bf->bf_skbaddr, 
@@ -7552 +7555 @@
-                }
-#endif /* ATH_SUPERG_FF */
-                if (bf->bf_node)
-free_node(
+unref_node(&
-
-                bf->bf_skb = NULL;
-                bf->bf_node = NULL;