1 /*
2 * hostapd / Callback functions for driver wrappers
3 * Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "radius/radius.h"
14 #include "drivers/driver.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_11_common.h"
17 #include "common/wpa_ctrl.h"
18 #include "common/dpp.h"
19 #include "common/sae.h"
20 #include "common/hw_features_common.h"
21 #include "crypto/random.h"
22 #include "p2p/p2p.h"
23 #include "wps/wps.h"
24 #include "fst/fst.h"
25 #include "wnm_ap.h"
26 #include "hostapd.h"
27 #include "ieee802_11.h"
28 #include "ieee802_11_auth.h"
29 #include "sta_info.h"
30 #include "accounting.h"
31 #include "tkip_countermeasures.h"
32 #include "ieee802_1x.h"
33 #include "wpa_auth.h"
34 #include "wps_hostapd.h"
35 #include "ap_drv_ops.h"
36 #include "ap_config.h"
37 #include "ap_mlme.h"
38 #include "hw_features.h"
39 #include "dfs.h"
40 #include "beacon.h"
41 #include "mbo_ap.h"
42 #include "dpp_hostapd.h"
43 #include "fils_hlp.h"
44 #include "neighbor_db.h"
45
46
47 #ifdef CONFIG_FILS
hostapd_notify_assoc_fils_finish(struct hostapd_data * hapd,struct sta_info * sta)48 void hostapd_notify_assoc_fils_finish(struct hostapd_data *hapd,
49 struct sta_info *sta)
50 {
51 u16 reply_res = WLAN_STATUS_SUCCESS;
52 struct ieee802_11_elems elems;
53 u8 buf[IEEE80211_MAX_MMPDU_SIZE], *p = buf;
54 int new_assoc;
55
56 wpa_printf(MSG_DEBUG, "%s FILS: Finish association with " MACSTR,
57 __func__, MAC2STR(sta->addr));
58 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
59 if (!sta->fils_pending_assoc_req)
60 return;
61
62 ieee802_11_parse_elems(sta->fils_pending_assoc_req,
63 sta->fils_pending_assoc_req_len, &elems, 0);
64 if (!elems.fils_session) {
65 wpa_printf(MSG_DEBUG, "%s failed to find FILS Session element",
66 __func__);
67 return;
68 }
69
70 p = hostapd_eid_assoc_fils_session(sta->wpa_sm, p,
71 elems.fils_session,
72 sta->fils_hlp_resp);
73
74 reply_res = hostapd_sta_assoc(hapd, sta->addr,
75 sta->fils_pending_assoc_is_reassoc,
76 WLAN_STATUS_SUCCESS,
77 buf, p - buf);
78 ap_sta_set_authorized(hapd, sta, 1);
79 new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
80 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
81 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
82 hostapd_set_sta_flags(hapd, sta);
83 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FILS);
84 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
85 hostapd_new_assoc_sta(hapd, sta, !new_assoc);
86 os_free(sta->fils_pending_assoc_req);
87 sta->fils_pending_assoc_req = NULL;
88 sta->fils_pending_assoc_req_len = 0;
89 wpabuf_free(sta->fils_hlp_resp);
90 sta->fils_hlp_resp = NULL;
91 wpabuf_free(sta->hlp_dhcp_discover);
92 sta->hlp_dhcp_discover = NULL;
93 fils_hlp_deinit(hapd);
94
95 /*
96 * Remove the station in case transmission of a success response fails
97 * (the STA was added associated to the driver) or if the station was
98 * previously added unassociated.
99 */
100 if (reply_res != WLAN_STATUS_SUCCESS || sta->added_unassoc) {
101 hostapd_drv_sta_remove(hapd, sta->addr);
102 sta->added_unassoc = 0;
103 }
104 }
105 #endif /* CONFIG_FILS */
106
107
check_sa_query_need(struct hostapd_data * hapd,struct sta_info * sta)108 static bool check_sa_query_need(struct hostapd_data *hapd, struct sta_info *sta)
109 {
110 if ((sta->flags &
111 (WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED)) !=
112 (WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED))
113 return false;
114
115 if (!sta->sa_query_timed_out && sta->sa_query_count > 0)
116 ap_check_sa_query_timeout(hapd, sta);
117
118 if (!sta->sa_query_timed_out && (sta->auth_alg != WLAN_AUTH_FT)) {
119 /*
120 * STA has already been associated with MFP and SA Query timeout
121 * has not been reached. Reject the association attempt
122 * temporarily and start SA Query, if one is not pending.
123 */
124 if (sta->sa_query_count == 0)
125 ap_sta_start_sa_query(hapd, sta);
126
127 return true;
128 }
129
130 return false;
131 }
132
133
hostapd_notif_assoc(struct hostapd_data * hapd,const u8 * addr,const u8 * req_ies,size_t req_ies_len,int reassoc)134 int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
135 const u8 *req_ies, size_t req_ies_len, int reassoc)
136 {
137 struct sta_info *sta;
138 int new_assoc;
139 enum wpa_validate_result res;
140 struct ieee802_11_elems elems;
141 const u8 *ie;
142 size_t ielen;
143 u8 buf[sizeof(struct ieee80211_mgmt) + 1024];
144 u8 *p = buf;
145 u16 reason = WLAN_REASON_UNSPECIFIED;
146 int status = WLAN_STATUS_SUCCESS;
147 const u8 *p2p_dev_addr = NULL;
148
149 if (addr == NULL) {
150 /*
151 * This could potentially happen with unexpected event from the
152 * driver wrapper. This was seen at least in one case where the
153 * driver ended up being set to station mode while hostapd was
154 * running, so better make sure we stop processing such an
155 * event here.
156 */
157 wpa_printf(MSG_DEBUG,
158 "hostapd_notif_assoc: Skip event with no address");
159 return -1;
160 }
161
162 if (is_multicast_ether_addr(addr) ||
163 is_zero_ether_addr(addr) ||
164 os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
165 /* Do not process any frames with unexpected/invalid SA so that
166 * we do not add any state for unexpected STA addresses or end
167 * up sending out frames to unexpected destination. */
168 wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
169 " in received indication - ignore this indication silently",
170 __func__, MAC2STR(addr));
171 return 0;
172 }
173
174 random_add_randomness(addr, ETH_ALEN);
175
176 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
177 HOSTAPD_LEVEL_INFO, "associated");
178
179 ieee802_11_parse_elems(req_ies, req_ies_len, &elems, 0);
180 if (elems.wps_ie) {
181 ie = elems.wps_ie - 2;
182 ielen = elems.wps_ie_len + 2;
183 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)AssocReq");
184 } else if (elems.rsn_ie) {
185 ie = elems.rsn_ie - 2;
186 ielen = elems.rsn_ie_len + 2;
187 wpa_printf(MSG_DEBUG, "STA included RSN IE in (Re)AssocReq");
188 } else if (elems.wpa_ie) {
189 ie = elems.wpa_ie - 2;
190 ielen = elems.wpa_ie_len + 2;
191 wpa_printf(MSG_DEBUG, "STA included WPA IE in (Re)AssocReq");
192 #ifdef CONFIG_HS20
193 } else if (elems.osen) {
194 ie = elems.osen - 2;
195 ielen = elems.osen_len + 2;
196 wpa_printf(MSG_DEBUG, "STA included OSEN IE in (Re)AssocReq");
197 #endif /* CONFIG_HS20 */
198 } else {
199 ie = NULL;
200 ielen = 0;
201 wpa_printf(MSG_DEBUG,
202 "STA did not include WPS/RSN/WPA IE in (Re)AssocReq");
203 }
204
205 sta = ap_get_sta(hapd, addr);
206 if (sta) {
207 ap_sta_no_session_timeout(hapd, sta);
208 accounting_sta_stop(hapd, sta);
209
210 /*
211 * Make sure that the previously registered inactivity timer
212 * will not remove the STA immediately.
213 */
214 sta->timeout_next = STA_NULLFUNC;
215 } else {
216 sta = ap_sta_add(hapd, addr);
217 if (sta == NULL) {
218 hostapd_drv_sta_disassoc(hapd, addr,
219 WLAN_REASON_DISASSOC_AP_BUSY);
220 return -1;
221 }
222 }
223 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
224
225 /*
226 * ACL configurations to the drivers (implementing AP SME and ACL
227 * offload) without hostapd's knowledge, can result in a disconnection
228 * though the driver accepts the connection. Skip the hostapd check for
229 * ACL if the driver supports ACL offload to avoid potentially
230 * conflicting ACL rules.
231 */
232 if (hapd->iface->drv_max_acl_mac_addrs == 0 &&
233 hostapd_check_acl(hapd, addr, NULL) != HOSTAPD_ACL_ACCEPT) {
234 wpa_printf(MSG_INFO, "STA " MACSTR " not allowed to connect",
235 MAC2STR(addr));
236 reason = WLAN_REASON_UNSPECIFIED;
237 goto fail;
238 }
239
240 #ifdef CONFIG_P2P
241 if (elems.p2p) {
242 wpabuf_free(sta->p2p_ie);
243 sta->p2p_ie = ieee802_11_vendor_ie_concat(req_ies, req_ies_len,
244 P2P_IE_VENDOR_TYPE);
245 if (sta->p2p_ie)
246 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
247 }
248 #endif /* CONFIG_P2P */
249
250 #ifdef NEED_AP_MLME
251 if (elems.ht_capabilities &&
252 (hapd->iface->conf->ht_capab &
253 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) {
254 struct ieee80211_ht_capabilities *ht_cap =
255 (struct ieee80211_ht_capabilities *)
256 elems.ht_capabilities;
257
258 if (le_to_host16(ht_cap->ht_capabilities_info) &
259 HT_CAP_INFO_40MHZ_INTOLERANT)
260 ht40_intolerant_add(hapd->iface, sta);
261 }
262 #endif /* NEED_AP_MLME */
263
264 check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len);
265
266 #ifdef CONFIG_HS20
267 wpabuf_free(sta->hs20_ie);
268 if (elems.hs20 && elems.hs20_len > 4) {
269 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
270 elems.hs20_len - 4);
271 } else
272 sta->hs20_ie = NULL;
273
274 wpabuf_free(sta->roaming_consortium);
275 if (elems.roaming_cons_sel)
276 sta->roaming_consortium = wpabuf_alloc_copy(
277 elems.roaming_cons_sel + 4,
278 elems.roaming_cons_sel_len - 4);
279 else
280 sta->roaming_consortium = NULL;
281 #endif /* CONFIG_HS20 */
282
283 #ifdef CONFIG_FST
284 wpabuf_free(sta->mb_ies);
285 if (hapd->iface->fst)
286 sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
287 else
288 sta->mb_ies = NULL;
289 #endif /* CONFIG_FST */
290
291 mbo_ap_check_sta_assoc(hapd, sta, &elems);
292
293 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes,
294 elems.supp_op_classes_len);
295
296 if (hapd->conf->wpa) {
297 if (ie == NULL || ielen == 0) {
298 #ifdef CONFIG_WPS
299 if (hapd->conf->wps_state) {
300 wpa_printf(MSG_DEBUG,
301 "STA did not include WPA/RSN IE in (Re)Association Request - possible WPS use");
302 sta->flags |= WLAN_STA_MAYBE_WPS;
303 goto skip_wpa_check;
304 }
305 #endif /* CONFIG_WPS */
306
307 wpa_printf(MSG_DEBUG, "No WPA/RSN IE from STA");
308 reason = WLAN_REASON_INVALID_IE;
309 status = WLAN_STATUS_INVALID_IE;
310 goto fail;
311 }
312 #ifdef CONFIG_WPS
313 if (hapd->conf->wps_state && ie[0] == 0xdd && ie[1] >= 4 &&
314 os_memcmp(ie + 2, "\x00\x50\xf2\x04", 4) == 0) {
315 struct wpabuf *wps;
316
317 if (check_sa_query_need(hapd, sta)) {
318 status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
319
320 p = hostapd_eid_assoc_comeback_time(hapd, sta,
321 p);
322
323 hostapd_sta_assoc(hapd, addr, reassoc, status,
324 buf, p - buf);
325 return 0;
326 }
327
328 sta->flags |= WLAN_STA_WPS;
329 wps = ieee802_11_vendor_ie_concat(ie, ielen,
330 WPS_IE_VENDOR_TYPE);
331 if (wps) {
332 if (wps_is_20(wps)) {
333 wpa_printf(MSG_DEBUG,
334 "WPS: STA supports WPS 2.0");
335 sta->flags |= WLAN_STA_WPS2;
336 }
337 wpabuf_free(wps);
338 }
339 goto skip_wpa_check;
340 }
341 #endif /* CONFIG_WPS */
342
343 if (check_sa_query_need(hapd, sta)) {
344 status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
345
346 p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
347
348 hostapd_sta_assoc(hapd, addr, reassoc, status, buf,
349 p - buf);
350 return 0;
351 }
352
353 if (sta->wpa_sm == NULL)
354 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
355 sta->addr,
356 p2p_dev_addr);
357 if (sta->wpa_sm == NULL) {
358 wpa_printf(MSG_ERROR,
359 "Failed to initialize WPA state machine");
360 return -1;
361 }
362 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
363 hapd->iface->freq,
364 ie, ielen,
365 elems.rsnxe ? elems.rsnxe - 2 : NULL,
366 elems.rsnxe ? elems.rsnxe_len + 2 : 0,
367 elems.mdie, elems.mdie_len,
368 elems.owe_dh, elems.owe_dh_len);
369 reason = WLAN_REASON_INVALID_IE;
370 status = WLAN_STATUS_INVALID_IE;
371 switch (res) {
372 case WPA_IE_OK:
373 reason = WLAN_REASON_UNSPECIFIED;
374 status = WLAN_STATUS_SUCCESS;
375 break;
376 case WPA_INVALID_IE:
377 reason = WLAN_REASON_INVALID_IE;
378 status = WLAN_STATUS_INVALID_IE;
379 break;
380 case WPA_INVALID_GROUP:
381 reason = WLAN_REASON_GROUP_CIPHER_NOT_VALID;
382 status = WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
383 break;
384 case WPA_INVALID_PAIRWISE:
385 reason = WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID;
386 status = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
387 break;
388 case WPA_INVALID_AKMP:
389 reason = WLAN_REASON_AKMP_NOT_VALID;
390 status = WLAN_STATUS_AKMP_NOT_VALID;
391 break;
392 case WPA_NOT_ENABLED:
393 reason = WLAN_REASON_INVALID_IE;
394 status = WLAN_STATUS_INVALID_IE;
395 break;
396 case WPA_ALLOC_FAIL:
397 reason = WLAN_REASON_UNSPECIFIED;
398 status = WLAN_STATUS_UNSPECIFIED_FAILURE;
399 break;
400 case WPA_MGMT_FRAME_PROTECTION_VIOLATION:
401 reason = WLAN_REASON_INVALID_IE;
402 status = WLAN_STATUS_INVALID_IE;
403 break;
404 case WPA_INVALID_MGMT_GROUP_CIPHER:
405 reason = WLAN_REASON_CIPHER_SUITE_REJECTED;
406 status = WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
407 break;
408 case WPA_INVALID_MDIE:
409 reason = WLAN_REASON_INVALID_MDE;
410 status = WLAN_STATUS_INVALID_MDIE;
411 break;
412 case WPA_INVALID_PROTO:
413 reason = WLAN_REASON_INVALID_IE;
414 status = WLAN_STATUS_INVALID_IE;
415 break;
416 case WPA_INVALID_PMKID:
417 reason = WLAN_REASON_INVALID_PMKID;
418 status = WLAN_STATUS_INVALID_PMKID;
419 break;
420 case WPA_DENIED_OTHER_REASON:
421 reason = WLAN_REASON_UNSPECIFIED;
422 status = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
423 break;
424 }
425 if (status != WLAN_STATUS_SUCCESS) {
426 wpa_printf(MSG_DEBUG,
427 "WPA/RSN information element rejected? (res %u)",
428 res);
429 wpa_hexdump(MSG_DEBUG, "IE", ie, ielen);
430 goto fail;
431 }
432
433 if (wpa_auth_uses_mfp(sta->wpa_sm))
434 sta->flags |= WLAN_STA_MFP;
435 else
436 sta->flags &= ~WLAN_STA_MFP;
437
438 #ifdef CONFIG_IEEE80211R_AP
439 if (sta->auth_alg == WLAN_AUTH_FT) {
440 status = wpa_ft_validate_reassoc(sta->wpa_sm, req_ies,
441 req_ies_len);
442 if (status != WLAN_STATUS_SUCCESS) {
443 if (status == WLAN_STATUS_INVALID_PMKID)
444 reason = WLAN_REASON_INVALID_IE;
445 if (status == WLAN_STATUS_INVALID_MDIE)
446 reason = WLAN_REASON_INVALID_IE;
447 if (status == WLAN_STATUS_INVALID_FTIE)
448 reason = WLAN_REASON_INVALID_IE;
449 goto fail;
450 }
451 }
452 #endif /* CONFIG_IEEE80211R_AP */
453 #ifdef CONFIG_SAE
454 if (hapd->conf->sae_pwe == SAE_PWE_BOTH &&
455 sta->auth_alg == WLAN_AUTH_SAE &&
456 sta->sae && !sta->sae->h2e &&
457 ieee802_11_rsnx_capab_len(elems.rsnxe, elems.rsnxe_len,
458 WLAN_RSNX_CAPAB_SAE_H2E)) {
459 wpa_printf(MSG_INFO, "SAE: " MACSTR
460 " indicates support for SAE H2E, but did not use it",
461 MAC2STR(sta->addr));
462 status = WLAN_STATUS_UNSPECIFIED_FAILURE;
463 reason = WLAN_REASON_UNSPECIFIED;
464 goto fail;
465 }
466 #endif /* CONFIG_SAE */
467 } else if (hapd->conf->wps_state) {
468 #ifdef CONFIG_WPS
469 struct wpabuf *wps;
470
471 if (req_ies)
472 wps = ieee802_11_vendor_ie_concat(req_ies, req_ies_len,
473 WPS_IE_VENDOR_TYPE);
474 else
475 wps = NULL;
476 #ifdef CONFIG_WPS_STRICT
477 if (wps && wps_validate_assoc_req(wps) < 0) {
478 reason = WLAN_REASON_INVALID_IE;
479 status = WLAN_STATUS_INVALID_IE;
480 wpabuf_free(wps);
481 goto fail;
482 }
483 #endif /* CONFIG_WPS_STRICT */
484 if (wps) {
485 sta->flags |= WLAN_STA_WPS;
486 if (wps_is_20(wps)) {
487 wpa_printf(MSG_DEBUG,
488 "WPS: STA supports WPS 2.0");
489 sta->flags |= WLAN_STA_WPS2;
490 }
491 } else
492 sta->flags |= WLAN_STA_MAYBE_WPS;
493 wpabuf_free(wps);
494 #endif /* CONFIG_WPS */
495 #ifdef CONFIG_HS20
496 } else if (hapd->conf->osen) {
497 if (elems.osen == NULL) {
498 hostapd_logger(
499 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
500 HOSTAPD_LEVEL_INFO,
501 "No HS 2.0 OSEN element in association request");
502 return WLAN_STATUS_INVALID_IE;
503 }
504
505 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
506 if (sta->wpa_sm == NULL)
507 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
508 sta->addr, NULL);
509 if (sta->wpa_sm == NULL) {
510 wpa_printf(MSG_WARNING,
511 "Failed to initialize WPA state machine");
512 return WLAN_STATUS_UNSPECIFIED_FAILURE;
513 }
514 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
515 elems.osen - 2, elems.osen_len + 2) < 0)
516 return WLAN_STATUS_INVALID_IE;
517 #endif /* CONFIG_HS20 */
518 }
519 #ifdef CONFIG_WPS
520 skip_wpa_check:
521 #endif /* CONFIG_WPS */
522
523 #ifdef CONFIG_MBO
524 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
525 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
526 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
527 wpa_printf(MSG_INFO,
528 "MBO: Reject WPA2 association without PMF");
529 return WLAN_STATUS_UNSPECIFIED_FAILURE;
530 }
531 #endif /* CONFIG_MBO */
532
533 #ifdef CONFIG_IEEE80211R_AP
534 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, buf, sizeof(buf),
535 sta->auth_alg, req_ies, req_ies_len,
536 !elems.rsnxe);
537 if (!p) {
538 wpa_printf(MSG_DEBUG, "FT: Failed to write AssocResp IEs");
539 return WLAN_STATUS_UNSPECIFIED_FAILURE;
540 }
541 #endif /* CONFIG_IEEE80211R_AP */
542
543 #ifdef CONFIG_FILS
544 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
545 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
546 sta->auth_alg == WLAN_AUTH_FILS_PK) {
547 int delay_assoc = 0;
548
549 if (!req_ies)
550 return WLAN_STATUS_UNSPECIFIED_FAILURE;
551
552 if (!wpa_fils_validate_fils_session(sta->wpa_sm, req_ies,
553 req_ies_len,
554 sta->fils_session)) {
555 wpa_printf(MSG_DEBUG,
556 "FILS: Session validation failed");
557 return WLAN_STATUS_UNSPECIFIED_FAILURE;
558 }
559
560 res = wpa_fils_validate_key_confirm(sta->wpa_sm, req_ies,
561 req_ies_len);
562 if (res < 0) {
563 wpa_printf(MSG_DEBUG,
564 "FILS: Key Confirm validation failed");
565 return WLAN_STATUS_UNSPECIFIED_FAILURE;
566 }
567
568 if (fils_process_hlp(hapd, sta, req_ies, req_ies_len) > 0) {
569 wpa_printf(MSG_DEBUG,
570 "FILS: Delaying Assoc Response (HLP)");
571 delay_assoc = 1;
572 } else {
573 wpa_printf(MSG_DEBUG,
574 "FILS: Going ahead with Assoc Response (no HLP)");
575 }
576
577 if (sta) {
578 wpa_printf(MSG_DEBUG, "FILS: HLP callback cleanup");
579 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
580 os_free(sta->fils_pending_assoc_req);
581 sta->fils_pending_assoc_req = NULL;
582 sta->fils_pending_assoc_req_len = 0;
583 wpabuf_free(sta->fils_hlp_resp);
584 sta->fils_hlp_resp = NULL;
585 sta->fils_drv_assoc_finish = 0;
586 }
587
588 if (sta && delay_assoc && status == WLAN_STATUS_SUCCESS) {
589 u8 *req_tmp;
590
591 req_tmp = os_malloc(req_ies_len);
592 if (!req_tmp) {
593 wpa_printf(MSG_DEBUG,
594 "FILS: buffer allocation failed for assoc req");
595 goto fail;
596 }
597 os_memcpy(req_tmp, req_ies, req_ies_len);
598 sta->fils_pending_assoc_req = req_tmp;
599 sta->fils_pending_assoc_req_len = req_ies_len;
600 sta->fils_pending_assoc_is_reassoc = reassoc;
601 sta->fils_drv_assoc_finish = 1;
602 wpa_printf(MSG_DEBUG,
603 "FILS: Waiting for HLP processing before sending (Re)Association Response frame to "
604 MACSTR, MAC2STR(sta->addr));
605 eloop_register_timeout(
606 0, hapd->conf->fils_hlp_wait_time * 1024,
607 fils_hlp_timeout, hapd, sta);
608 return 0;
609 }
610 p = hostapd_eid_assoc_fils_session(sta->wpa_sm, p,
611 elems.fils_session,
612 sta->fils_hlp_resp);
613 wpa_hexdump(MSG_DEBUG, "FILS Assoc Resp BUF (IEs)",
614 buf, p - buf);
615 }
616 #endif /* CONFIG_FILS */
617
618 #ifdef CONFIG_OWE
619 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
620 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
621 elems.owe_dh) {
622 u8 *npos;
623 u16 ret_status;
624
625 npos = owe_assoc_req_process(hapd, sta,
626 elems.owe_dh, elems.owe_dh_len,
627 p, sizeof(buf) - (p - buf),
628 &ret_status);
629 status = ret_status;
630 if (npos)
631 p = npos;
632
633 if (!npos &&
634 status == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
635 hostapd_sta_assoc(hapd, addr, reassoc, ret_status, buf,
636 p - buf);
637 return 0;
638 }
639
640 if (!npos || status != WLAN_STATUS_SUCCESS)
641 goto fail;
642 }
643 #endif /* CONFIG_OWE */
644
645 #ifdef CONFIG_DPP2
646 dpp_pfs_free(sta->dpp_pfs);
647 sta->dpp_pfs = NULL;
648
649 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
650 hapd->conf->dpp_netaccesskey && sta->wpa_sm &&
651 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_DPP &&
652 elems.owe_dh) {
653 sta->dpp_pfs = dpp_pfs_init(
654 wpabuf_head(hapd->conf->dpp_netaccesskey),
655 wpabuf_len(hapd->conf->dpp_netaccesskey));
656 if (!sta->dpp_pfs) {
657 wpa_printf(MSG_DEBUG,
658 "DPP: Could not initialize PFS");
659 /* Try to continue without PFS */
660 goto pfs_fail;
661 }
662
663 if (dpp_pfs_process(sta->dpp_pfs, elems.owe_dh,
664 elems.owe_dh_len) < 0) {
665 dpp_pfs_free(sta->dpp_pfs);
666 sta->dpp_pfs = NULL;
667 reason = WLAN_REASON_UNSPECIFIED;
668 goto fail;
669 }
670 }
671
672 wpa_auth_set_dpp_z(sta->wpa_sm, sta->dpp_pfs ?
673 sta->dpp_pfs->secret : NULL);
674 pfs_fail:
675 #endif /* CONFIG_DPP2 */
676
677 if (elems.rrm_enabled &&
678 elems.rrm_enabled_len >= sizeof(sta->rrm_enabled_capa))
679 os_memcpy(sta->rrm_enabled_capa, elems.rrm_enabled,
680 sizeof(sta->rrm_enabled_capa));
681
682 #if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_FILS) || defined(CONFIG_OWE)
683 hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
684
685 if (sta->auth_alg == WLAN_AUTH_FT ||
686 sta->auth_alg == WLAN_AUTH_FILS_SK ||
687 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
688 sta->auth_alg == WLAN_AUTH_FILS_PK)
689 ap_sta_set_authorized(hapd, sta, 1);
690 #else /* CONFIG_IEEE80211R_AP || CONFIG_FILS */
691 /* Keep compiler silent about unused variables */
692 if (status) {
693 }
694 #endif /* CONFIG_IEEE80211R_AP || CONFIG_FILS */
695
696 new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
697 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
698 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
699
700 hostapd_set_sta_flags(hapd, sta);
701
702 if (reassoc && (sta->auth_alg == WLAN_AUTH_FT))
703 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
704 #ifdef CONFIG_FILS
705 else if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
706 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
707 sta->auth_alg == WLAN_AUTH_FILS_PK)
708 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FILS);
709 #endif /* CONFIG_FILS */
710 else
711 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
712
713 hostapd_new_assoc_sta(hapd, sta, !new_assoc);
714
715 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
716
717 #ifdef CONFIG_P2P
718 if (req_ies) {
719 p2p_group_notif_assoc(hapd->p2p_group, sta->addr,
720 req_ies, req_ies_len);
721 }
722 #endif /* CONFIG_P2P */
723
724 return 0;
725
726 fail:
727 #ifdef CONFIG_IEEE80211R_AP
728 if (status >= 0)
729 hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
730 #endif /* CONFIG_IEEE80211R_AP */
731 hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
732 ap_free_sta(hapd, sta);
733 return -1;
734 }
735
736
hostapd_notif_disassoc(struct hostapd_data * hapd,const u8 * addr)737 void hostapd_notif_disassoc(struct hostapd_data *hapd, const u8 *addr)
738 {
739 struct sta_info *sta;
740
741 if (addr == NULL) {
742 /*
743 * This could potentially happen with unexpected event from the
744 * driver wrapper. This was seen at least in one case where the
745 * driver ended up reporting a station mode event while hostapd
746 * was running, so better make sure we stop processing such an
747 * event here.
748 */
749 wpa_printf(MSG_DEBUG,
750 "hostapd_notif_disassoc: Skip event with no address");
751 return;
752 }
753
754 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
755 HOSTAPD_LEVEL_INFO, "disassociated");
756
757 sta = ap_get_sta(hapd, addr);
758 if (sta == NULL) {
759 wpa_printf(MSG_DEBUG,
760 "Disassociation notification for unknown STA "
761 MACSTR, MAC2STR(addr));
762 return;
763 }
764
765 ap_sta_set_authorized(hapd, sta, 0);
766 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
767 hostapd_set_sta_flags(hapd, sta);
768 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
769 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
770 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
771 ap_free_sta(hapd, sta);
772 }
773
774
hostapd_event_sta_low_ack(struct hostapd_data * hapd,const u8 * addr)775 void hostapd_event_sta_low_ack(struct hostapd_data *hapd, const u8 *addr)
776 {
777 struct sta_info *sta = ap_get_sta(hapd, addr);
778
779 if (!sta || !hapd->conf->disassoc_low_ack || sta->agreed_to_steer)
780 return;
781
782 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
783 HOSTAPD_LEVEL_INFO,
784 "disconnected due to excessive missing ACKs");
785 hostapd_drv_sta_disassoc(hapd, addr, WLAN_REASON_DISASSOC_LOW_ACK);
786 ap_sta_disassociate(hapd, sta, WLAN_REASON_DISASSOC_LOW_ACK);
787 }
788
789
hostapd_event_sta_opmode_changed(struct hostapd_data * hapd,const u8 * addr,enum smps_mode smps_mode,enum chan_width chan_width,u8 rx_nss)790 void hostapd_event_sta_opmode_changed(struct hostapd_data *hapd, const u8 *addr,
791 enum smps_mode smps_mode,
792 enum chan_width chan_width, u8 rx_nss)
793 {
794 struct sta_info *sta = ap_get_sta(hapd, addr);
795 const char *txt;
796
797 if (!sta)
798 return;
799
800 switch (smps_mode) {
801 case SMPS_AUTOMATIC:
802 txt = "automatic";
803 break;
804 case SMPS_OFF:
805 txt = "off";
806 break;
807 case SMPS_DYNAMIC:
808 txt = "dynamic";
809 break;
810 case SMPS_STATIC:
811 txt = "static";
812 break;
813 default:
814 txt = NULL;
815 break;
816 }
817 if (txt) {
818 wpa_msg(hapd->msg_ctx, MSG_INFO, STA_OPMODE_SMPS_MODE_CHANGED
819 MACSTR " %s", MAC2STR(addr), txt);
820 }
821
822 switch (chan_width) {
823 case CHAN_WIDTH_20_NOHT:
824 txt = "20(no-HT)";
825 break;
826 case CHAN_WIDTH_20:
827 txt = "20";
828 break;
829 case CHAN_WIDTH_40:
830 txt = "40";
831 break;
832 case CHAN_WIDTH_80:
833 txt = "80";
834 break;
835 case CHAN_WIDTH_80P80:
836 txt = "80+80";
837 break;
838 case CHAN_WIDTH_160:
839 txt = "160";
840 break;
841 case CHAN_WIDTH_320:
842 txt = "320";
843 break;
844 default:
845 txt = NULL;
846 break;
847 }
848 if (txt) {
849 wpa_msg(hapd->msg_ctx, MSG_INFO, STA_OPMODE_MAX_BW_CHANGED
850 MACSTR " %s", MAC2STR(addr), txt);
851 }
852
853 if (rx_nss != 0xff) {
854 wpa_msg(hapd->msg_ctx, MSG_INFO, STA_OPMODE_N_SS_CHANGED
855 MACSTR " %d", MAC2STR(addr), rx_nss);
856 }
857 }
858
859
hostapd_event_ch_switch(struct hostapd_data * hapd,int freq,int ht,int offset,int width,int cf1,int cf2,u16 punct_bitmap,int finished)860 void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht,
861 int offset, int width, int cf1, int cf2,
862 u16 punct_bitmap, int finished)
863 {
864 #ifdef NEED_AP_MLME
865 int channel, chwidth, is_dfs0, is_dfs;
866 u8 seg0_idx = 0, seg1_idx = 0;
867 size_t i;
868
869 hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
870 HOSTAPD_LEVEL_INFO,
871 "driver %s channel switch: iface->freq=%d, freq=%d, ht=%d, vht_ch=0x%x, he_ch=0x%x, eht_ch=0x%x, offset=%d, width=%d (%s), cf1=%d, cf2=%d, puncturing_bitmap=0x%x",
872 finished ? "had" : "starting",
873 hapd->iface->freq,
874 freq, ht, hapd->iconf->ch_switch_vht_config,
875 hapd->iconf->ch_switch_he_config,
876 hapd->iconf->ch_switch_eht_config, offset,
877 width, channel_width_to_string(width), cf1, cf2,
878 punct_bitmap);
879
880 if (!hapd->iface->current_mode) {
881 hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
882 HOSTAPD_LEVEL_WARNING,
883 "ignore channel switch since the interface is not yet ready");
884 return;
885 }
886
887 /* Check if any of configured channels require DFS */
888 is_dfs0 = hostapd_is_dfs_required(hapd->iface);
889 hapd->iface->freq = freq;
890
891 channel = hostapd_hw_get_channel(hapd, freq);
892 if (!channel) {
893 hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
894 HOSTAPD_LEVEL_WARNING,
895 "driver switched to bad channel!");
896 return;
897 }
898
899 switch (width) {
900 case CHAN_WIDTH_80:
901 chwidth = CONF_OPER_CHWIDTH_80MHZ;
902 break;
903 case CHAN_WIDTH_80P80:
904 chwidth = CONF_OPER_CHWIDTH_80P80MHZ;
905 break;
906 case CHAN_WIDTH_160:
907 chwidth = CONF_OPER_CHWIDTH_160MHZ;
908 break;
909 case CHAN_WIDTH_320:
910 chwidth = CONF_OPER_CHWIDTH_320MHZ;
911 break;
912 case CHAN_WIDTH_20_NOHT:
913 case CHAN_WIDTH_20:
914 case CHAN_WIDTH_40:
915 default:
916 chwidth = CONF_OPER_CHWIDTH_USE_HT;
917 break;
918 }
919
920 switch (hapd->iface->current_mode->mode) {
921 case HOSTAPD_MODE_IEEE80211A:
922 if (cf1 == 5935)
923 seg0_idx = (cf1 - 5925) / 5;
924 else if (cf1 > 5950)
925 seg0_idx = (cf1 - 5950) / 5;
926 else if (cf1 > 5000)
927 seg0_idx = (cf1 - 5000) / 5;
928
929 if (cf2 == 5935)
930 seg1_idx = (cf2 - 5925) / 5;
931 else if (cf2 > 5950)
932 seg1_idx = (cf2 - 5950) / 5;
933 else if (cf2 > 5000)
934 seg1_idx = (cf2 - 5000) / 5;
935 break;
936 default:
937 ieee80211_freq_to_chan(cf1, &seg0_idx);
938 ieee80211_freq_to_chan(cf2, &seg1_idx);
939 break;
940 }
941
942 hapd->iconf->channel = channel;
943 hapd->iconf->ieee80211n = ht;
944 if (!ht) {
945 hapd->iconf->ieee80211ac = 0;
946 } else if (hapd->iconf->ch_switch_vht_config) {
947 /* CHAN_SWITCH VHT config */
948 if (hapd->iconf->ch_switch_vht_config &
949 CH_SWITCH_VHT_ENABLED)
950 hapd->iconf->ieee80211ac = 1;
951 else if (hapd->iconf->ch_switch_vht_config &
952 CH_SWITCH_VHT_DISABLED)
953 hapd->iconf->ieee80211ac = 0;
954 } else if (hapd->iconf->ch_switch_he_config) {
955 /* CHAN_SWITCH HE config */
956 if (hapd->iconf->ch_switch_he_config &
957 CH_SWITCH_HE_ENABLED)
958 hapd->iconf->ieee80211ax = 1;
959 else if (hapd->iconf->ch_switch_he_config &
960 CH_SWITCH_HE_DISABLED)
961 hapd->iconf->ieee80211ax = 0;
962 #ifdef CONFIG_IEEE80211BE
963 } else if (hapd->iconf->ch_switch_eht_config) {
964 /* CHAN_SWITCH EHT config */
965 if (hapd->iconf->ch_switch_eht_config &
966 CH_SWITCH_EHT_ENABLED) {
967 hapd->iconf->ieee80211be = 1;
968 hapd->iconf->ieee80211ax = 1;
969 if (!is_6ghz_freq(hapd->iface->freq))
970 hapd->iconf->ieee80211ac = 1;
971 } else if (hapd->iconf->ch_switch_eht_config &
972 CH_SWITCH_EHT_DISABLED)
973 hapd->iconf->ieee80211be = 0;
974 #endif /* CONFIG_IEEE80211BE */
975 }
976 hapd->iconf->ch_switch_vht_config = 0;
977 hapd->iconf->ch_switch_he_config = 0;
978 hapd->iconf->ch_switch_eht_config = 0;
979
980 if (width == CHAN_WIDTH_40 || width == CHAN_WIDTH_80 ||
981 width == CHAN_WIDTH_80P80 || width == CHAN_WIDTH_160 ||
982 width == CHAN_WIDTH_320)
983 hapd->iconf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
984 else if (width == CHAN_WIDTH_20 || width == CHAN_WIDTH_20_NOHT)
985 hapd->iconf->ht_capab &= ~HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET;
986
987 hapd->iconf->secondary_channel = offset;
988 hostapd_set_oper_chwidth(hapd->iconf, chwidth);
989 hostapd_set_oper_centr_freq_seg0_idx(hapd->iconf, seg0_idx);
990 hostapd_set_oper_centr_freq_seg1_idx(hapd->iconf, seg1_idx);
991 #ifdef CONFIG_IEEE80211BE
992 hapd->iconf->punct_bitmap = punct_bitmap;
993 #endif /* CONFIG_IEEE80211BE */
994 if (hapd->iconf->ieee80211ac) {
995 hapd->iconf->vht_capab &= ~VHT_CAP_SUPP_CHAN_WIDTH_MASK;
996 if (chwidth == CONF_OPER_CHWIDTH_160MHZ)
997 hapd->iconf->vht_capab |=
998 VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
999 else if (chwidth == CONF_OPER_CHWIDTH_80P80MHZ)
1000 hapd->iconf->vht_capab |=
1001 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
1002 }
1003
1004 is_dfs = ieee80211_is_dfs(freq, hapd->iface->hw_features,
1005 hapd->iface->num_hw_features);
1006
1007 wpa_msg(hapd->msg_ctx, MSG_INFO,
1008 "%sfreq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d is_dfs0=%d dfs=%d puncturing_bitmap=0x%04x",
1009 finished ? WPA_EVENT_CHANNEL_SWITCH :
1010 WPA_EVENT_CHANNEL_SWITCH_STARTED,
1011 freq, ht, offset, channel_width_to_string(width),
1012 cf1, cf2, is_dfs0, is_dfs, punct_bitmap);
1013 if (!finished)
1014 return;
1015
1016 if (hapd->csa_in_progress &&
1017 freq == hapd->cs_freq_params.freq) {
1018 hostapd_cleanup_cs_params(hapd);
1019 ieee802_11_set_beacon(hapd);
1020
1021 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_CSA_FINISHED
1022 "freq=%d dfs=%d", freq, is_dfs);
1023 } else if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD) {
1024 /* Complete AP configuration for the first bring up. */
1025 if (is_dfs0 > 0 &&
1026 hostapd_is_dfs_required(hapd->iface) <= 0 &&
1027 hapd->iface->state != HAPD_IFACE_ENABLED) {
1028 /* Fake a CAC start bit to skip setting channel */
1029 hapd->iface->cac_started = 1;
1030 hostapd_setup_interface_complete(hapd->iface, 0);
1031 }
1032 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_CSA_FINISHED
1033 "freq=%d dfs=%d", freq, is_dfs);
1034 } else if (is_dfs &&
1035 hostapd_is_dfs_required(hapd->iface) &&
1036 !hostapd_is_dfs_chan_available(hapd->iface) &&
1037 !hapd->iface->cac_started) {
1038 hostapd_disable_iface(hapd->iface);
1039 hostapd_enable_iface(hapd->iface);
1040 }
1041
1042 for (i = 0; i < hapd->iface->num_bss; i++)
1043 hostapd_neighbor_set_own_report(hapd->iface->bss[i]);
1044
1045 #ifdef CONFIG_OCV
1046 if (hapd->conf->ocv &&
1047 !(hapd->iface->drv_flags2 &
1048 WPA_DRIVER_FLAGS2_SA_QUERY_OFFLOAD_AP)) {
1049 struct sta_info *sta;
1050 bool check_sa_query = false;
1051
1052 for (sta = hapd->sta_list; sta; sta = sta->next) {
1053 if (wpa_auth_uses_ocv(sta->wpa_sm) &&
1054 !(sta->flags & WLAN_STA_WNM_SLEEP_MODE)) {
1055 sta->post_csa_sa_query = 1;
1056 check_sa_query = true;
1057 }
1058 }
1059
1060 if (check_sa_query) {
1061 wpa_printf(MSG_DEBUG,
1062 "OCV: Check post-CSA SA Query initiation in 15 seconds");
1063 eloop_register_timeout(15, 0,
1064 hostapd_ocv_check_csa_sa_query,
1065 hapd, NULL);
1066 }
1067 }
1068 #endif /* CONFIG_OCV */
1069 #endif /* NEED_AP_MLME */
1070 }
1071
1072
hostapd_event_connect_failed_reason(struct hostapd_data * hapd,const u8 * addr,int reason_code)1073 void hostapd_event_connect_failed_reason(struct hostapd_data *hapd,
1074 const u8 *addr, int reason_code)
1075 {
1076 switch (reason_code) {
1077 case MAX_CLIENT_REACHED:
1078 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_REJECTED_MAX_STA MACSTR,
1079 MAC2STR(addr));
1080 break;
1081 case BLOCKED_CLIENT:
1082 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_REJECTED_BLOCKED_STA MACSTR,
1083 MAC2STR(addr));
1084 break;
1085 }
1086 }
1087
1088
1089 #ifdef CONFIG_ACS
hostapd_acs_channel_selected(struct hostapd_data * hapd,struct acs_selected_channels * acs_res)1090 void hostapd_acs_channel_selected(struct hostapd_data *hapd,
1091 struct acs_selected_channels *acs_res)
1092 {
1093 int ret, i;
1094 int err = 0;
1095 struct hostapd_channel_data *pri_chan;
1096
1097 if (hapd->iconf->channel) {
1098 wpa_printf(MSG_INFO, "ACS: Channel was already set to %d",
1099 hapd->iconf->channel);
1100 return;
1101 }
1102
1103 hapd->iface->freq = acs_res->pri_freq;
1104
1105 if (!hapd->iface->current_mode) {
1106 for (i = 0; i < hapd->iface->num_hw_features; i++) {
1107 struct hostapd_hw_modes *mode =
1108 &hapd->iface->hw_features[i];
1109
1110 if (mode->mode == acs_res->hw_mode) {
1111 if (hapd->iface->freq > 0 &&
1112 !hw_get_chan(mode->mode,
1113 hapd->iface->freq,
1114 hapd->iface->hw_features,
1115 hapd->iface->num_hw_features))
1116 continue;
1117 hapd->iface->current_mode = mode;
1118 break;
1119 }
1120 }
1121 if (!hapd->iface->current_mode) {
1122 hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
1123 HOSTAPD_LEVEL_WARNING,
1124 "driver selected to bad hw_mode");
1125 err = 1;
1126 goto out;
1127 }
1128 }
1129
1130 if (!acs_res->pri_freq) {
1131 hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
1132 HOSTAPD_LEVEL_WARNING,
1133 "driver switched to bad channel");
1134 err = 1;
1135 goto out;
1136 }
1137 pri_chan = hw_get_channel_freq(hapd->iface->current_mode->mode,
1138 acs_res->pri_freq, NULL,
1139 hapd->iface->hw_features,
1140 hapd->iface->num_hw_features);
1141 if (!pri_chan) {
1142 wpa_printf(MSG_ERROR,
1143 "ACS: Could not determine primary channel number from pri_freq %u",
1144 acs_res->pri_freq);
1145 err = 1;
1146 goto out;
1147 }
1148
1149 hapd->iconf->channel = pri_chan->chan;
1150 hapd->iconf->acs = 1;
1151
1152 if (acs_res->sec_freq == 0)
1153 hapd->iconf->secondary_channel = 0;
1154 else if (acs_res->sec_freq < acs_res->pri_freq)
1155 hapd->iconf->secondary_channel = -1;
1156 else if (acs_res->sec_freq > acs_res->pri_freq)
1157 hapd->iconf->secondary_channel = 1;
1158 else {
1159 wpa_printf(MSG_ERROR, "Invalid secondary channel!");
1160 err = 1;
1161 goto out;
1162 }
1163
1164 hapd->iconf->edmg_channel = acs_res->edmg_channel;
1165
1166 if (hapd->iface->conf->ieee80211ac || hapd->iface->conf->ieee80211ax) {
1167 /* set defaults for backwards compatibility */
1168 hostapd_set_oper_centr_freq_seg1_idx(hapd->iconf, 0);
1169 hostapd_set_oper_centr_freq_seg0_idx(hapd->iconf, 0);
1170 hostapd_set_oper_chwidth(hapd->iconf, CONF_OPER_CHWIDTH_USE_HT);
1171 if (acs_res->ch_width == 40) {
1172 if (is_6ghz_freq(acs_res->pri_freq))
1173 hostapd_set_oper_centr_freq_seg0_idx(
1174 hapd->iconf,
1175 acs_res->vht_seg0_center_ch);
1176 } else if (acs_res->ch_width == 80) {
1177 hostapd_set_oper_centr_freq_seg0_idx(
1178 hapd->iconf, acs_res->vht_seg0_center_ch);
1179 if (acs_res->vht_seg1_center_ch == 0) {
1180 hostapd_set_oper_chwidth(
1181 hapd->iconf, CONF_OPER_CHWIDTH_80MHZ);
1182 } else {
1183 hostapd_set_oper_chwidth(
1184 hapd->iconf,
1185 CONF_OPER_CHWIDTH_80P80MHZ);
1186 hostapd_set_oper_centr_freq_seg1_idx(
1187 hapd->iconf,
1188 acs_res->vht_seg1_center_ch);
1189 }
1190 } else if (acs_res->ch_width == 160) {
1191 hostapd_set_oper_chwidth(hapd->iconf,
1192 CONF_OPER_CHWIDTH_160MHZ);
1193 hostapd_set_oper_centr_freq_seg0_idx(
1194 hapd->iconf, acs_res->vht_seg1_center_ch);
1195 }
1196 }
1197
1198 #ifdef CONFIG_IEEE80211BE
1199 if (hapd->iface->conf->ieee80211be && acs_res->ch_width == 320) {
1200 hostapd_set_oper_chwidth(hapd->iconf, CONF_OPER_CHWIDTH_320MHZ);
1201 hostapd_set_oper_centr_freq_seg0_idx(
1202 hapd->iconf, acs_res->vht_seg1_center_ch);
1203 hostapd_set_oper_centr_freq_seg1_idx(hapd->iconf, 0);
1204 }
1205 #endif /* CONFIG_IEEE80211BE */
1206
1207 out:
1208 ret = hostapd_acs_completed(hapd->iface, err);
1209 if (ret) {
1210 wpa_printf(MSG_ERROR,
1211 "ACS: Possibly channel configuration is invalid");
1212 }
1213 }
1214 #endif /* CONFIG_ACS */
1215
1216
hostapd_probe_req_rx(struct hostapd_data * hapd,const u8 * sa,const u8 * da,const u8 * bssid,const u8 * ie,size_t ie_len,int ssi_signal)1217 int hostapd_probe_req_rx(struct hostapd_data *hapd, const u8 *sa, const u8 *da,
1218 const u8 *bssid, const u8 *ie, size_t ie_len,
1219 int ssi_signal)
1220 {
1221 size_t i;
1222 int ret = 0;
1223
1224 if (sa == NULL || ie == NULL)
1225 return -1;
1226
1227 random_add_randomness(sa, ETH_ALEN);
1228 for (i = 0; hapd->probereq_cb && i < hapd->num_probereq_cb; i++) {
1229 if (hapd->probereq_cb[i].cb(hapd->probereq_cb[i].ctx,
1230 sa, da, bssid, ie, ie_len,
1231 ssi_signal) > 0) {
1232 ret = 1;
1233 break;
1234 }
1235 }
1236 return ret;
1237 }
1238
1239
1240 #ifdef HOSTAPD
1241
1242 #ifdef CONFIG_IEEE80211R_AP
hostapd_notify_auth_ft_finish(void * ctx,const u8 * dst,const u8 * bssid,u16 auth_transaction,u16 status,const u8 * ies,size_t ies_len)1243 static void hostapd_notify_auth_ft_finish(void *ctx, const u8 *dst,
1244 const u8 *bssid,
1245 u16 auth_transaction, u16 status,
1246 const u8 *ies, size_t ies_len)
1247 {
1248 struct hostapd_data *hapd = ctx;
1249 struct sta_info *sta;
1250
1251 sta = ap_get_sta(hapd, dst);
1252 if (sta == NULL)
1253 return;
1254
1255 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
1256 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
1257 sta->flags |= WLAN_STA_AUTH;
1258
1259 hostapd_sta_auth(hapd, dst, auth_transaction, status, ies, ies_len);
1260 }
1261 #endif /* CONFIG_IEEE80211R_AP */
1262
1263
1264 #ifdef CONFIG_FILS
hostapd_notify_auth_fils_finish(struct hostapd_data * hapd,struct sta_info * sta,u16 resp,struct wpabuf * data,int pub)1265 static void hostapd_notify_auth_fils_finish(struct hostapd_data *hapd,
1266 struct sta_info *sta, u16 resp,
1267 struct wpabuf *data, int pub)
1268 {
1269 if (resp == WLAN_STATUS_SUCCESS) {
1270 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1271 HOSTAPD_LEVEL_DEBUG, "authentication OK (FILS)");
1272 sta->flags |= WLAN_STA_AUTH;
1273 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1274 sta->auth_alg = WLAN_AUTH_FILS_SK;
1275 mlme_authenticate_indication(hapd, sta);
1276 } else {
1277 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1278 HOSTAPD_LEVEL_DEBUG,
1279 "authentication failed (FILS)");
1280 }
1281
1282 hostapd_sta_auth(hapd, sta->addr, 2, resp,
1283 data ? wpabuf_head(data) : NULL,
1284 data ? wpabuf_len(data) : 0);
1285 wpabuf_free(data);
1286 }
1287 #endif /* CONFIG_FILS */
1288
1289
hostapd_notif_auth(struct hostapd_data * hapd,struct auth_info * rx_auth)1290 static void hostapd_notif_auth(struct hostapd_data *hapd,
1291 struct auth_info *rx_auth)
1292 {
1293 struct sta_info *sta;
1294 u16 status = WLAN_STATUS_SUCCESS;
1295 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
1296 size_t resp_ies_len = 0;
1297
1298 sta = ap_get_sta(hapd, rx_auth->peer);
1299 if (!sta) {
1300 sta = ap_sta_add(hapd, rx_auth->peer);
1301 if (sta == NULL) {
1302 status = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1303 goto fail;
1304 }
1305 }
1306 sta->flags &= ~WLAN_STA_PREAUTH;
1307 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
1308 #ifdef CONFIG_IEEE80211R_AP
1309 if (rx_auth->auth_type == WLAN_AUTH_FT && hapd->wpa_auth) {
1310 sta->auth_alg = WLAN_AUTH_FT;
1311 if (sta->wpa_sm == NULL)
1312 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
1313 sta->addr, NULL);
1314 if (sta->wpa_sm == NULL) {
1315 wpa_printf(MSG_DEBUG,
1316 "FT: Failed to initialize WPA state machine");
1317 status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1318 goto fail;
1319 }
1320 wpa_ft_process_auth(sta->wpa_sm, rx_auth->bssid,
1321 rx_auth->auth_transaction, rx_auth->ies,
1322 rx_auth->ies_len,
1323 hostapd_notify_auth_ft_finish, hapd);
1324 return;
1325 }
1326 #endif /* CONFIG_IEEE80211R_AP */
1327
1328 #ifdef CONFIG_FILS
1329 if (rx_auth->auth_type == WLAN_AUTH_FILS_SK) {
1330 sta->auth_alg = WLAN_AUTH_FILS_SK;
1331 handle_auth_fils(hapd, sta, rx_auth->ies, rx_auth->ies_len,
1332 rx_auth->auth_type, rx_auth->auth_transaction,
1333 rx_auth->status_code,
1334 hostapd_notify_auth_fils_finish);
1335 return;
1336 }
1337 #endif /* CONFIG_FILS */
1338
1339 fail:
1340 hostapd_sta_auth(hapd, rx_auth->peer, rx_auth->auth_transaction + 1,
1341 status, resp_ies, resp_ies_len);
1342 }
1343
1344
1345 #ifndef NEED_AP_MLME
hostapd_action_rx(struct hostapd_data * hapd,struct rx_mgmt * drv_mgmt)1346 static void hostapd_action_rx(struct hostapd_data *hapd,
1347 struct rx_mgmt *drv_mgmt)
1348 {
1349 struct ieee80211_mgmt *mgmt;
1350 struct sta_info *sta;
1351 size_t plen __maybe_unused;
1352 u16 fc;
1353 u8 *action __maybe_unused;
1354
1355 if (drv_mgmt->frame_len < IEEE80211_HDRLEN + 2 + 1)
1356 return;
1357
1358 plen = drv_mgmt->frame_len - IEEE80211_HDRLEN;
1359
1360 mgmt = (struct ieee80211_mgmt *) drv_mgmt->frame;
1361 fc = le_to_host16(mgmt->frame_control);
1362 if (WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION)
1363 return; /* handled by the driver */
1364
1365 action = (u8 *) &mgmt->u.action.u;
1366 wpa_printf(MSG_DEBUG, "RX_ACTION category %u action %u sa " MACSTR
1367 " da " MACSTR " plen %d",
1368 mgmt->u.action.category, *action,
1369 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), (int) plen);
1370
1371 sta = ap_get_sta(hapd, mgmt->sa);
1372 if (sta == NULL) {
1373 wpa_printf(MSG_DEBUG, "%s: station not found", __func__);
1374 return;
1375 }
1376 #ifdef CONFIG_IEEE80211R_AP
1377 if (mgmt->u.action.category == WLAN_ACTION_FT) {
1378 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, plen);
1379 return;
1380 }
1381 #endif /* CONFIG_IEEE80211R_AP */
1382 if (mgmt->u.action.category == WLAN_ACTION_SA_QUERY) {
1383 ieee802_11_sa_query_action(hapd, mgmt, drv_mgmt->frame_len);
1384 return;
1385 }
1386 #ifdef CONFIG_WNM_AP
1387 if (mgmt->u.action.category == WLAN_ACTION_WNM) {
1388 ieee802_11_rx_wnm_action_ap(hapd, mgmt, drv_mgmt->frame_len);
1389 return;
1390 }
1391 #endif /* CONFIG_WNM_AP */
1392 #ifdef CONFIG_FST
1393 if (mgmt->u.action.category == WLAN_ACTION_FST && hapd->iface->fst) {
1394 fst_rx_action(hapd->iface->fst, mgmt, drv_mgmt->frame_len);
1395 return;
1396 }
1397 #endif /* CONFIG_FST */
1398 #ifdef CONFIG_DPP
1399 if (plen >= 2 + 4 &&
1400 mgmt->u.action.u.vs_public_action.action ==
1401 WLAN_PA_VENDOR_SPECIFIC &&
1402 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
1403 OUI_WFA &&
1404 mgmt->u.action.u.vs_public_action.variable[0] ==
1405 DPP_OUI_TYPE) {
1406 const u8 *pos, *end;
1407
1408 pos = mgmt->u.action.u.vs_public_action.oui;
1409 end = drv_mgmt->frame + drv_mgmt->frame_len;
1410 hostapd_dpp_rx_action(hapd, mgmt->sa, pos, end - pos,
1411 drv_mgmt->freq);
1412 return;
1413 }
1414 #endif /* CONFIG_DPP */
1415 }
1416 #endif /* NEED_AP_MLME */
1417
1418
1419 #ifdef NEED_AP_MLME
1420
1421 #define HAPD_BROADCAST ((struct hostapd_data *) -1)
1422
get_hapd_bssid(struct hostapd_iface * iface,const u8 * bssid)1423 static struct hostapd_data * get_hapd_bssid(struct hostapd_iface *iface,
1424 const u8 *bssid)
1425 {
1426 size_t i;
1427
1428 if (bssid == NULL)
1429 return NULL;
1430 if (bssid[0] == 0xff && bssid[1] == 0xff && bssid[2] == 0xff &&
1431 bssid[3] == 0xff && bssid[4] == 0xff && bssid[5] == 0xff)
1432 return HAPD_BROADCAST;
1433
1434 for (i = 0; i < iface->num_bss; i++) {
1435 if (os_memcmp(bssid, iface->bss[i]->own_addr, ETH_ALEN) == 0)
1436 return iface->bss[i];
1437 }
1438
1439 return NULL;
1440 }
1441
1442
hostapd_rx_from_unknown_sta(struct hostapd_data * hapd,const u8 * bssid,const u8 * addr,int wds)1443 static void hostapd_rx_from_unknown_sta(struct hostapd_data *hapd,
1444 const u8 *bssid, const u8 *addr,
1445 int wds)
1446 {
1447 hapd = get_hapd_bssid(hapd->iface, bssid);
1448 if (hapd == NULL || hapd == HAPD_BROADCAST)
1449 return;
1450
1451 ieee802_11_rx_from_unknown(hapd, addr, wds);
1452 }
1453
1454
hostapd_mgmt_rx(struct hostapd_data * hapd,struct rx_mgmt * rx_mgmt)1455 static int hostapd_mgmt_rx(struct hostapd_data *hapd, struct rx_mgmt *rx_mgmt)
1456 {
1457 struct hostapd_iface *iface = hapd->iface;
1458 const struct ieee80211_hdr *hdr;
1459 const u8 *bssid;
1460 struct hostapd_frame_info fi;
1461 int ret;
1462
1463 #ifdef CONFIG_TESTING_OPTIONS
1464 if (hapd->ext_mgmt_frame_handling) {
1465 size_t hex_len = 2 * rx_mgmt->frame_len + 1;
1466 char *hex = os_malloc(hex_len);
1467
1468 if (hex) {
1469 wpa_snprintf_hex(hex, hex_len, rx_mgmt->frame,
1470 rx_mgmt->frame_len);
1471 wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-RX %s", hex);
1472 os_free(hex);
1473 }
1474 return 1;
1475 }
1476 #endif /* CONFIG_TESTING_OPTIONS */
1477
1478 hdr = (const struct ieee80211_hdr *) rx_mgmt->frame;
1479 bssid = get_hdr_bssid(hdr, rx_mgmt->frame_len);
1480 if (bssid == NULL)
1481 return 0;
1482
1483 hapd = get_hapd_bssid(iface, bssid);
1484 if (hapd == NULL) {
1485 u16 fc = le_to_host16(hdr->frame_control);
1486
1487 /*
1488 * Drop frames to unknown BSSIDs except for Beacon frames which
1489 * could be used to update neighbor information.
1490 */
1491 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
1492 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON)
1493 hapd = iface->bss[0];
1494 else
1495 return 0;
1496 }
1497
1498 os_memset(&fi, 0, sizeof(fi));
1499 fi.freq = rx_mgmt->freq;
1500 fi.datarate = rx_mgmt->datarate;
1501 fi.ssi_signal = rx_mgmt->ssi_signal;
1502
1503 if (hapd == HAPD_BROADCAST) {
1504 size_t i;
1505
1506 ret = 0;
1507 for (i = 0; i < iface->num_bss; i++) {
1508 /* if bss is set, driver will call this function for
1509 * each bss individually. */
1510 if (rx_mgmt->drv_priv &&
1511 (iface->bss[i]->drv_priv != rx_mgmt->drv_priv))
1512 continue;
1513
1514 if (ieee802_11_mgmt(iface->bss[i], rx_mgmt->frame,
1515 rx_mgmt->frame_len, &fi) > 0)
1516 ret = 1;
1517 }
1518 } else
1519 ret = ieee802_11_mgmt(hapd, rx_mgmt->frame, rx_mgmt->frame_len,
1520 &fi);
1521
1522 random_add_randomness(&fi, sizeof(fi));
1523
1524 return ret;
1525 }
1526
1527
hostapd_mgmt_tx_cb(struct hostapd_data * hapd,const u8 * buf,size_t len,u16 stype,int ok)1528 static void hostapd_mgmt_tx_cb(struct hostapd_data *hapd, const u8 *buf,
1529 size_t len, u16 stype, int ok)
1530 {
1531 struct ieee80211_hdr *hdr;
1532 struct hostapd_data *orig_hapd = hapd;
1533
1534 hdr = (struct ieee80211_hdr *) buf;
1535 hapd = get_hapd_bssid(hapd->iface, get_hdr_bssid(hdr, len));
1536 if (!hapd)
1537 return;
1538 if (hapd == HAPD_BROADCAST) {
1539 if (stype != WLAN_FC_STYPE_ACTION || len <= 25 ||
1540 buf[24] != WLAN_ACTION_PUBLIC)
1541 return;
1542 hapd = get_hapd_bssid(orig_hapd->iface, hdr->addr2);
1543 if (!hapd || hapd == HAPD_BROADCAST)
1544 return;
1545 /*
1546 * Allow processing of TX status for a Public Action frame that
1547 * used wildcard BBSID.
1548 */
1549 }
1550 ieee802_11_mgmt_cb(hapd, buf, len, stype, ok);
1551 }
1552
1553 #endif /* NEED_AP_MLME */
1554
1555
hostapd_event_new_sta(struct hostapd_data * hapd,const u8 * addr)1556 static int hostapd_event_new_sta(struct hostapd_data *hapd, const u8 *addr)
1557 {
1558 struct sta_info *sta = ap_get_sta(hapd, addr);
1559
1560 if (sta)
1561 return 0;
1562
1563 wpa_printf(MSG_DEBUG, "Data frame from unknown STA " MACSTR
1564 " - adding a new STA", MAC2STR(addr));
1565 sta = ap_sta_add(hapd, addr);
1566 if (sta) {
1567 hostapd_new_assoc_sta(hapd, sta, 0);
1568 } else {
1569 wpa_printf(MSG_DEBUG, "Failed to add STA entry for " MACSTR,
1570 MAC2STR(addr));
1571 return -1;
1572 }
1573
1574 return 0;
1575 }
1576
1577
hostapd_event_eapol_rx(struct hostapd_data * hapd,const u8 * src,const u8 * data,size_t data_len,enum frame_encryption encrypted)1578 static void hostapd_event_eapol_rx(struct hostapd_data *hapd, const u8 *src,
1579 const u8 *data, size_t data_len,
1580 enum frame_encryption encrypted)
1581 {
1582 struct hostapd_iface *iface = hapd->iface;
1583 struct sta_info *sta;
1584 size_t j;
1585
1586 for (j = 0; j < iface->num_bss; j++) {
1587 sta = ap_get_sta(iface->bss[j], src);
1588 if (sta && sta->flags & WLAN_STA_ASSOC) {
1589 hapd = iface->bss[j];
1590 break;
1591 }
1592 }
1593
1594 ieee802_1x_receive(hapd, src, data, data_len, encrypted);
1595 }
1596
1597 #endif /* HOSTAPD */
1598
1599
1600 static struct hostapd_channel_data *
hostapd_get_mode_chan(struct hostapd_hw_modes * mode,unsigned int freq)1601 hostapd_get_mode_chan(struct hostapd_hw_modes *mode, unsigned int freq)
1602 {
1603 int i;
1604 struct hostapd_channel_data *chan;
1605
1606 for (i = 0; i < mode->num_channels; i++) {
1607 chan = &mode->channels[i];
1608 if ((unsigned int) chan->freq == freq)
1609 return chan;
1610 }
1611
1612 return NULL;
1613 }
1614
1615
hostapd_get_mode_channel(struct hostapd_iface * iface,unsigned int freq)1616 static struct hostapd_channel_data * hostapd_get_mode_channel(
1617 struct hostapd_iface *iface, unsigned int freq)
1618 {
1619 int i;
1620 struct hostapd_channel_data *chan;
1621
1622 for (i = 0; i < iface->num_hw_features; i++) {
1623 if (hostapd_hw_skip_mode(iface, &iface->hw_features[i]))
1624 continue;
1625 chan = hostapd_get_mode_chan(&iface->hw_features[i], freq);
1626 if (chan)
1627 return chan;
1628 }
1629
1630 return NULL;
1631 }
1632
1633
hostapd_update_nf(struct hostapd_iface * iface,struct hostapd_channel_data * chan,struct freq_survey * survey)1634 static void hostapd_update_nf(struct hostapd_iface *iface,
1635 struct hostapd_channel_data *chan,
1636 struct freq_survey *survey)
1637 {
1638 if (!iface->chans_surveyed) {
1639 chan->min_nf = survey->nf;
1640 iface->lowest_nf = survey->nf;
1641 } else {
1642 if (dl_list_empty(&chan->survey_list))
1643 chan->min_nf = survey->nf;
1644 else if (survey->nf < chan->min_nf)
1645 chan->min_nf = survey->nf;
1646 if (survey->nf < iface->lowest_nf)
1647 iface->lowest_nf = survey->nf;
1648 }
1649 }
1650
1651
hostapd_single_channel_get_survey(struct hostapd_iface * iface,struct survey_results * survey_res)1652 static void hostapd_single_channel_get_survey(struct hostapd_iface *iface,
1653 struct survey_results *survey_res)
1654 {
1655 struct hostapd_channel_data *chan;
1656 struct freq_survey *survey;
1657 u64 divisor, dividend;
1658
1659 survey = dl_list_first(&survey_res->survey_list, struct freq_survey,
1660 list);
1661 if (!survey || !survey->freq)
1662 return;
1663
1664 chan = hostapd_get_mode_channel(iface, survey->freq);
1665 if (!chan || chan->flag & HOSTAPD_CHAN_DISABLED)
1666 return;
1667
1668 wpa_printf(MSG_DEBUG,
1669 "Single Channel Survey: (freq=%d channel_time=%ld channel_time_busy=%ld)",
1670 survey->freq,
1671 (unsigned long int) survey->channel_time,
1672 (unsigned long int) survey->channel_time_busy);
1673
1674 if (survey->channel_time > iface->last_channel_time &&
1675 survey->channel_time > survey->channel_time_busy) {
1676 dividend = survey->channel_time_busy -
1677 iface->last_channel_time_busy;
1678 divisor = survey->channel_time - iface->last_channel_time;
1679
1680 iface->channel_utilization = dividend * 255 / divisor;
1681 wpa_printf(MSG_DEBUG, "Channel Utilization: %d",
1682 iface->channel_utilization);
1683 }
1684 iface->last_channel_time = survey->channel_time;
1685 iface->last_channel_time_busy = survey->channel_time_busy;
1686 }
1687
1688
hostapd_event_get_survey(struct hostapd_iface * iface,struct survey_results * survey_results)1689 void hostapd_event_get_survey(struct hostapd_iface *iface,
1690 struct survey_results *survey_results)
1691 {
1692 struct freq_survey *survey, *tmp;
1693 struct hostapd_channel_data *chan;
1694
1695 if (dl_list_empty(&survey_results->survey_list)) {
1696 wpa_printf(MSG_DEBUG, "No survey data received");
1697 return;
1698 }
1699
1700 if (survey_results->freq_filter) {
1701 hostapd_single_channel_get_survey(iface, survey_results);
1702 return;
1703 }
1704
1705 dl_list_for_each_safe(survey, tmp, &survey_results->survey_list,
1706 struct freq_survey, list) {
1707 chan = hostapd_get_mode_channel(iface, survey->freq);
1708 if (!chan)
1709 continue;
1710 if (chan->flag & HOSTAPD_CHAN_DISABLED)
1711 continue;
1712
1713 dl_list_del(&survey->list);
1714 dl_list_add_tail(&chan->survey_list, &survey->list);
1715
1716 hostapd_update_nf(iface, chan, survey);
1717
1718 iface->chans_surveyed++;
1719 }
1720 }
1721
1722
1723 #ifdef HOSTAPD
1724 #ifdef NEED_AP_MLME
1725
hostapd_event_iface_unavailable(struct hostapd_data * hapd)1726 static void hostapd_event_iface_unavailable(struct hostapd_data *hapd)
1727 {
1728 wpa_printf(MSG_DEBUG, "Interface %s is unavailable -- stopped",
1729 hapd->conf->iface);
1730
1731 if (hapd->csa_in_progress) {
1732 wpa_printf(MSG_INFO, "CSA failed (%s was stopped)",
1733 hapd->conf->iface);
1734 hostapd_switch_channel_fallback(hapd->iface,
1735 &hapd->cs_freq_params);
1736 }
1737
1738 // inform framework that interface is unavailable
1739 hostapd_disable_iface(hapd->iface);
1740 }
1741
1742
hostapd_event_dfs_radar_detected(struct hostapd_data * hapd,struct dfs_event * radar)1743 static void hostapd_event_dfs_radar_detected(struct hostapd_data *hapd,
1744 struct dfs_event *radar)
1745 {
1746 wpa_printf(MSG_DEBUG, "DFS radar detected on %d MHz", radar->freq);
1747 hostapd_dfs_radar_detected(hapd->iface, radar->freq, radar->ht_enabled,
1748 radar->chan_offset, radar->chan_width,
1749 radar->cf1, radar->cf2);
1750 }
1751
1752
hostapd_event_dfs_pre_cac_expired(struct hostapd_data * hapd,struct dfs_event * radar)1753 static void hostapd_event_dfs_pre_cac_expired(struct hostapd_data *hapd,
1754 struct dfs_event *radar)
1755 {
1756 wpa_printf(MSG_DEBUG, "DFS Pre-CAC expired on %d MHz", radar->freq);
1757 hostapd_dfs_pre_cac_expired(hapd->iface, radar->freq, radar->ht_enabled,
1758 radar->chan_offset, radar->chan_width,
1759 radar->cf1, radar->cf2);
1760 }
1761
1762
hostapd_event_dfs_cac_finished(struct hostapd_data * hapd,struct dfs_event * radar)1763 static void hostapd_event_dfs_cac_finished(struct hostapd_data *hapd,
1764 struct dfs_event *radar)
1765 {
1766 wpa_printf(MSG_DEBUG, "DFS CAC finished on %d MHz", radar->freq);
1767 hostapd_dfs_complete_cac(hapd->iface, 1, radar->freq, radar->ht_enabled,
1768 radar->chan_offset, radar->chan_width,
1769 radar->cf1, radar->cf2);
1770 }
1771
1772
hostapd_event_dfs_cac_aborted(struct hostapd_data * hapd,struct dfs_event * radar)1773 static void hostapd_event_dfs_cac_aborted(struct hostapd_data *hapd,
1774 struct dfs_event *radar)
1775 {
1776 wpa_printf(MSG_DEBUG, "DFS CAC aborted on %d MHz", radar->freq);
1777 hostapd_dfs_complete_cac(hapd->iface, 0, radar->freq, radar->ht_enabled,
1778 radar->chan_offset, radar->chan_width,
1779 radar->cf1, radar->cf2);
1780 }
1781
1782
hostapd_event_dfs_nop_finished(struct hostapd_data * hapd,struct dfs_event * radar)1783 static void hostapd_event_dfs_nop_finished(struct hostapd_data *hapd,
1784 struct dfs_event *radar)
1785 {
1786 wpa_printf(MSG_DEBUG, "DFS NOP finished on %d MHz", radar->freq);
1787 hostapd_dfs_nop_finished(hapd->iface, radar->freq, radar->ht_enabled,
1788 radar->chan_offset, radar->chan_width,
1789 radar->cf1, radar->cf2);
1790 }
1791
1792
hostapd_event_dfs_cac_started(struct hostapd_data * hapd,struct dfs_event * radar)1793 static void hostapd_event_dfs_cac_started(struct hostapd_data *hapd,
1794 struct dfs_event *radar)
1795 {
1796 wpa_printf(MSG_DEBUG, "DFS offload CAC started on %d MHz", radar->freq);
1797 hostapd_dfs_start_cac(hapd->iface, radar->freq, radar->ht_enabled,
1798 radar->chan_offset, radar->chan_width,
1799 radar->cf1, radar->cf2);
1800 }
1801
1802 #endif /* NEED_AP_MLME */
1803
1804
hostapd_event_wds_sta_interface_status(struct hostapd_data * hapd,int istatus,const char * ifname,const u8 * addr)1805 static void hostapd_event_wds_sta_interface_status(struct hostapd_data *hapd,
1806 int istatus,
1807 const char *ifname,
1808 const u8 *addr)
1809 {
1810 struct sta_info *sta = ap_get_sta(hapd, addr);
1811
1812 if (sta) {
1813 os_free(sta->ifname_wds);
1814 if (istatus == INTERFACE_ADDED)
1815 sta->ifname_wds = os_strdup(ifname);
1816 else
1817 sta->ifname_wds = NULL;
1818 }
1819
1820 wpa_msg(hapd->msg_ctx, MSG_INFO, "%sifname=%s sta_addr=" MACSTR,
1821 istatus == INTERFACE_ADDED ?
1822 WDS_STA_INTERFACE_ADDED : WDS_STA_INTERFACE_REMOVED,
1823 ifname, MAC2STR(addr));
1824 }
1825
1826
1827 #ifdef CONFIG_OWE
hostapd_notif_update_dh_ie(struct hostapd_data * hapd,const u8 * peer,const u8 * ie,size_t ie_len)1828 static int hostapd_notif_update_dh_ie(struct hostapd_data *hapd,
1829 const u8 *peer, const u8 *ie,
1830 size_t ie_len)
1831 {
1832 u16 status;
1833 struct sta_info *sta;
1834 struct ieee802_11_elems elems;
1835
1836 if (!hapd || !hapd->wpa_auth) {
1837 wpa_printf(MSG_DEBUG, "OWE: Invalid hapd context");
1838 return -1;
1839 }
1840 if (!peer) {
1841 wpa_printf(MSG_DEBUG, "OWE: Peer unknown");
1842 return -1;
1843 }
1844 if (!(hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE)) {
1845 wpa_printf(MSG_DEBUG, "OWE: No OWE AKM configured");
1846 status = WLAN_STATUS_AKMP_NOT_VALID;
1847 goto err;
1848 }
1849 if (ieee802_11_parse_elems(ie, ie_len, &elems, 1) == ParseFailed) {
1850 wpa_printf(MSG_DEBUG, "OWE: Failed to parse OWE IE for "
1851 MACSTR, MAC2STR(peer));
1852 status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1853 goto err;
1854 }
1855 status = owe_validate_request(hapd, peer, elems.rsn_ie,
1856 elems.rsn_ie_len,
1857 elems.owe_dh, elems.owe_dh_len);
1858 if (status != WLAN_STATUS_SUCCESS)
1859 goto err;
1860
1861 sta = ap_get_sta(hapd, peer);
1862 if (sta) {
1863 ap_sta_no_session_timeout(hapd, sta);
1864 accounting_sta_stop(hapd, sta);
1865
1866 /*
1867 * Make sure that the previously registered inactivity timer
1868 * will not remove the STA immediately.
1869 */
1870 sta->timeout_next = STA_NULLFUNC;
1871 } else {
1872 sta = ap_sta_add(hapd, peer);
1873 if (!sta) {
1874 status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1875 goto err;
1876 }
1877 }
1878 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
1879
1880 status = owe_process_rsn_ie(hapd, sta, elems.rsn_ie,
1881 elems.rsn_ie_len, elems.owe_dh,
1882 elems.owe_dh_len);
1883 if (status != WLAN_STATUS_SUCCESS)
1884 ap_free_sta(hapd, sta);
1885
1886 return 0;
1887 err:
1888 hostapd_drv_update_dh_ie(hapd, peer, status, NULL, 0);
1889 return 0;
1890 }
1891 #endif /* CONFIG_OWE */
1892
1893
wpa_supplicant_event(void * ctx,enum wpa_event_type event,union wpa_event_data * data)1894 void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
1895 union wpa_event_data *data)
1896 {
1897 struct hostapd_data *hapd = ctx;
1898 #ifndef CONFIG_NO_STDOUT_DEBUG
1899 int level = MSG_DEBUG;
1900
1901 if (event == EVENT_RX_MGMT && data->rx_mgmt.frame &&
1902 data->rx_mgmt.frame_len >= 24) {
1903 const struct ieee80211_hdr *hdr;
1904 u16 fc;
1905
1906 hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame;
1907 fc = le_to_host16(hdr->frame_control);
1908 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
1909 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON)
1910 level = MSG_EXCESSIVE;
1911 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
1912 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_REQ)
1913 level = MSG_EXCESSIVE;
1914 }
1915
1916 wpa_dbg(hapd->msg_ctx, level, "Event %s (%d) received",
1917 event_to_string(event), event);
1918 #endif /* CONFIG_NO_STDOUT_DEBUG */
1919
1920 switch (event) {
1921 case EVENT_MICHAEL_MIC_FAILURE:
1922 michael_mic_failure(hapd, data->michael_mic_failure.src, 1);
1923 break;
1924 case EVENT_SCAN_RESULTS:
1925 if (hapd->iface->scan_cb)
1926 hapd->iface->scan_cb(hapd->iface);
1927 break;
1928 case EVENT_WPS_BUTTON_PUSHED:
1929 hostapd_wps_button_pushed(hapd, NULL);
1930 break;
1931 #ifdef NEED_AP_MLME
1932 case EVENT_TX_STATUS:
1933 switch (data->tx_status.type) {
1934 case WLAN_FC_TYPE_MGMT:
1935 hostapd_mgmt_tx_cb(hapd, data->tx_status.data,
1936 data->tx_status.data_len,
1937 data->tx_status.stype,
1938 data->tx_status.ack);
1939 break;
1940 case WLAN_FC_TYPE_DATA:
1941 hostapd_tx_status(hapd, data->tx_status.dst,
1942 data->tx_status.data,
1943 data->tx_status.data_len,
1944 data->tx_status.ack);
1945 break;
1946 }
1947 break;
1948 case EVENT_EAPOL_TX_STATUS:
1949 hostapd_eapol_tx_status(hapd, data->eapol_tx_status.dst,
1950 data->eapol_tx_status.data,
1951 data->eapol_tx_status.data_len,
1952 data->eapol_tx_status.ack);
1953 break;
1954 case EVENT_DRIVER_CLIENT_POLL_OK:
1955 hostapd_client_poll_ok(hapd, data->client_poll.addr);
1956 break;
1957 case EVENT_RX_FROM_UNKNOWN:
1958 hostapd_rx_from_unknown_sta(hapd, data->rx_from_unknown.bssid,
1959 data->rx_from_unknown.addr,
1960 data->rx_from_unknown.wds);
1961 break;
1962 #endif /* NEED_AP_MLME */
1963 case EVENT_RX_MGMT:
1964 if (!data->rx_mgmt.frame)
1965 break;
1966 #ifdef NEED_AP_MLME
1967 hostapd_mgmt_rx(hapd, &data->rx_mgmt);
1968 #else /* NEED_AP_MLME */
1969 hostapd_action_rx(hapd, &data->rx_mgmt);
1970 #endif /* NEED_AP_MLME */
1971 break;
1972 case EVENT_RX_PROBE_REQ:
1973 if (data->rx_probe_req.sa == NULL ||
1974 data->rx_probe_req.ie == NULL)
1975 break;
1976 hostapd_probe_req_rx(hapd, data->rx_probe_req.sa,
1977 data->rx_probe_req.da,
1978 data->rx_probe_req.bssid,
1979 data->rx_probe_req.ie,
1980 data->rx_probe_req.ie_len,
1981 data->rx_probe_req.ssi_signal);
1982 break;
1983 case EVENT_NEW_STA:
1984 hostapd_event_new_sta(hapd, data->new_sta.addr);
1985 break;
1986 case EVENT_EAPOL_RX:
1987 hostapd_event_eapol_rx(hapd, data->eapol_rx.src,
1988 data->eapol_rx.data,
1989 data->eapol_rx.data_len,
1990 data->eapol_rx.encrypted);
1991 break;
1992 case EVENT_ASSOC:
1993 if (!data)
1994 return;
1995 hostapd_notif_assoc(hapd, data->assoc_info.addr,
1996 data->assoc_info.req_ies,
1997 data->assoc_info.req_ies_len,
1998 data->assoc_info.reassoc);
1999 break;
2000 #ifdef CONFIG_OWE
2001 case EVENT_UPDATE_DH:
2002 if (!data)
2003 return;
2004 hostapd_notif_update_dh_ie(hapd, data->update_dh.peer,
2005 data->update_dh.ie,
2006 data->update_dh.ie_len);
2007 break;
2008 #endif /* CONFIG_OWE */
2009 case EVENT_DISASSOC:
2010 if (data)
2011 hostapd_notif_disassoc(hapd, data->disassoc_info.addr);
2012 break;
2013 case EVENT_DEAUTH:
2014 if (data)
2015 hostapd_notif_disassoc(hapd, data->deauth_info.addr);
2016 break;
2017 case EVENT_STATION_LOW_ACK:
2018 if (!data)
2019 break;
2020 hostapd_event_sta_low_ack(hapd, data->low_ack.addr);
2021 break;
2022 case EVENT_AUTH:
2023 hostapd_notif_auth(hapd, &data->auth);
2024 break;
2025 case EVENT_CH_SWITCH_STARTED:
2026 case EVENT_CH_SWITCH:
2027 if (!data)
2028 break;
2029 hostapd_event_ch_switch(hapd, data->ch_switch.freq,
2030 data->ch_switch.ht_enabled,
2031 data->ch_switch.ch_offset,
2032 data->ch_switch.ch_width,
2033 data->ch_switch.cf1,
2034 data->ch_switch.cf2,
2035 data->ch_switch.punct_bitmap,
2036 event == EVENT_CH_SWITCH);
2037 break;
2038 case EVENT_CONNECT_FAILED_REASON:
2039 if (!data)
2040 break;
2041 hostapd_event_connect_failed_reason(
2042 hapd, data->connect_failed_reason.addr,
2043 data->connect_failed_reason.code);
2044 break;
2045 case EVENT_SURVEY:
2046 hostapd_event_get_survey(hapd->iface, &data->survey_results);
2047 break;
2048 #ifdef NEED_AP_MLME
2049 case EVENT_INTERFACE_UNAVAILABLE:
2050 hostapd_event_iface_unavailable(hapd);
2051 break;
2052 case EVENT_DFS_RADAR_DETECTED:
2053 if (!data)
2054 break;
2055 hostapd_event_dfs_radar_detected(hapd, &data->dfs_event);
2056 break;
2057 case EVENT_DFS_PRE_CAC_EXPIRED:
2058 if (!data)
2059 break;
2060 hostapd_event_dfs_pre_cac_expired(hapd, &data->dfs_event);
2061 break;
2062 case EVENT_DFS_CAC_FINISHED:
2063 if (!data)
2064 break;
2065 hostapd_event_dfs_cac_finished(hapd, &data->dfs_event);
2066 break;
2067 case EVENT_DFS_CAC_ABORTED:
2068 if (!data)
2069 break;
2070 hostapd_event_dfs_cac_aborted(hapd, &data->dfs_event);
2071 break;
2072 case EVENT_DFS_NOP_FINISHED:
2073 if (!data)
2074 break;
2075 hostapd_event_dfs_nop_finished(hapd, &data->dfs_event);
2076 break;
2077 case EVENT_CHANNEL_LIST_CHANGED:
2078 /* channel list changed (regulatory?), update channel list */
2079 /* TODO: check this. hostapd_get_hw_features() initializes
2080 * too much stuff. */
2081 /* hostapd_get_hw_features(hapd->iface); */
2082 hostapd_channel_list_updated(
2083 hapd->iface, data->channel_list_changed.initiator);
2084 break;
2085 case EVENT_DFS_CAC_STARTED:
2086 if (!data)
2087 break;
2088 hostapd_event_dfs_cac_started(hapd, &data->dfs_event);
2089 break;
2090 #endif /* NEED_AP_MLME */
2091 case EVENT_INTERFACE_ENABLED:
2092 wpa_msg(hapd->msg_ctx, MSG_INFO, INTERFACE_ENABLED);
2093 if (hapd->disabled && hapd->started) {
2094 hapd->disabled = 0;
2095 /*
2096 * Try to re-enable interface if the driver stopped it
2097 * when the interface got disabled.
2098 */
2099 if (hapd->wpa_auth)
2100 wpa_auth_reconfig_group_keys(hapd->wpa_auth);
2101 else
2102 hostapd_reconfig_encryption(hapd);
2103 hapd->reenable_beacon = 1;
2104 ieee802_11_set_beacon(hapd);
2105 #ifdef NEED_AP_MLME
2106 } else if (hapd->disabled && hapd->iface->cac_started) {
2107 wpa_printf(MSG_DEBUG, "DFS: restarting pending CAC");
2108 hostapd_handle_dfs(hapd->iface);
2109 #endif /* NEED_AP_MLME */
2110 }
2111 break;
2112 case EVENT_INTERFACE_DISABLED:
2113 hostapd_free_stas(hapd);
2114 wpa_msg(hapd->msg_ctx, MSG_INFO, INTERFACE_DISABLED);
2115 hapd->disabled = 1;
2116 break;
2117 #ifdef CONFIG_ACS
2118 case EVENT_ACS_CHANNEL_SELECTED:
2119 hostapd_acs_channel_selected(hapd,
2120 &data->acs_selected_channels);
2121 break;
2122 #endif /* CONFIG_ACS */
2123 case EVENT_STATION_OPMODE_CHANGED:
2124 hostapd_event_sta_opmode_changed(hapd, data->sta_opmode.addr,
2125 data->sta_opmode.smps_mode,
2126 data->sta_opmode.chan_width,
2127 data->sta_opmode.rx_nss);
2128 break;
2129 case EVENT_WDS_STA_INTERFACE_STATUS:
2130 hostapd_event_wds_sta_interface_status(
2131 hapd, data->wds_sta_interface.istatus,
2132 data->wds_sta_interface.ifname,
2133 data->wds_sta_interface.sta_addr);
2134 break;
2135 #ifdef CONFIG_IEEE80211AX
2136 case EVENT_BSS_COLOR_COLLISION:
2137 /* The BSS color is shared amongst all BBSs on a specific phy.
2138 * Therefore we always start the color change on the primary
2139 * BSS. */
2140 wpa_printf(MSG_DEBUG, "BSS color collision on %s",
2141 hapd->conf->iface);
2142 hostapd_switch_color(hapd->iface->bss[0],
2143 data->bss_color_collision.bitmap);
2144 break;
2145 case EVENT_CCA_STARTED_NOTIFY:
2146 wpa_printf(MSG_DEBUG, "CCA started on on %s",
2147 hapd->conf->iface);
2148 break;
2149 case EVENT_CCA_ABORTED_NOTIFY:
2150 wpa_printf(MSG_DEBUG, "CCA aborted on on %s",
2151 hapd->conf->iface);
2152 hostapd_cleanup_cca_params(hapd);
2153 break;
2154 case EVENT_CCA_NOTIFY:
2155 wpa_printf(MSG_DEBUG, "CCA finished on on %s",
2156 hapd->conf->iface);
2157 hapd->iface->conf->he_op.he_bss_color = hapd->cca_color;
2158 hostapd_cleanup_cca_params(hapd);
2159 break;
2160 #endif /* CONFIG_IEEE80211AX */
2161 default:
2162 wpa_printf(MSG_DEBUG, "Unknown event %d", event);
2163 break;
2164 }
2165 }
2166
2167
wpa_supplicant_event_global(void * ctx,enum wpa_event_type event,union wpa_event_data * data)2168 void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
2169 union wpa_event_data *data)
2170 {
2171 struct hapd_interfaces *interfaces = ctx;
2172 struct hostapd_data *hapd;
2173
2174 if (event != EVENT_INTERFACE_STATUS)
2175 return;
2176
2177 hapd = hostapd_get_iface(interfaces, data->interface_status.ifname);
2178 if (hapd && hapd->driver && hapd->driver->get_ifindex &&
2179 hapd->drv_priv) {
2180 unsigned int ifindex;
2181
2182 ifindex = hapd->driver->get_ifindex(hapd->drv_priv);
2183 if (ifindex != data->interface_status.ifindex) {
2184 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
2185 "interface status ifindex %d mismatch (%d)",
2186 ifindex, data->interface_status.ifindex);
2187 return;
2188 }
2189 }
2190 if (hapd)
2191 wpa_supplicant_event(hapd, event, data);
2192 }
2193
2194 #endif /* HOSTAPD */
2195