1 /*
2 * WPA Supplicant - Basic mesh peer management
3 * Copyright (c) 2013-2014, cozybit, Inc. All rights reserved.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "common/hw_features_common.h"
15 #include "common/ocv.h"
16 #include "ap/hostapd.h"
17 #include "ap/sta_info.h"
18 #include "ap/ieee802_11.h"
19 #include "ap/beacon.h"
20 #include "ap/wpa_auth.h"
21 #include "wpa_supplicant_i.h"
22 #include "driver_i.h"
23 #include "mesh_mpm.h"
24 #include "mesh_rsn.h"
25 #include "notify.h"
26
27 struct mesh_peer_mgmt_ie {
28 const u8 *proto_id; /* Mesh Peering Protocol Identifier (2 octets) */
29 const u8 *llid; /* Local Link ID (2 octets) */
30 const u8 *plid; /* Peer Link ID (conditional, 2 octets) */
31 const u8 *reason; /* Reason Code (conditional, 2 octets) */
32 const u8 *chosen_pmk; /* Chosen PMK (optional, 16 octets) */
33 };
34
35 static void plink_timer(void *eloop_ctx, void *user_data);
36
37
38 enum plink_event {
39 PLINK_UNDEFINED,
40 OPN_ACPT,
41 OPN_RJCT,
42 CNF_ACPT,
43 CNF_RJCT,
44 CLS_ACPT,
45 REQ_RJCT
46 };
47
48 static const char * const mplstate[] = {
49 [0] = "UNINITIALIZED",
50 [PLINK_IDLE] = "IDLE",
51 [PLINK_OPN_SNT] = "OPN_SNT",
52 [PLINK_OPN_RCVD] = "OPN_RCVD",
53 [PLINK_CNF_RCVD] = "CNF_RCVD",
54 [PLINK_ESTAB] = "ESTAB",
55 [PLINK_HOLDING] = "HOLDING",
56 [PLINK_BLOCKED] = "BLOCKED"
57 };
58
59 static const char * const mplevent[] = {
60 [PLINK_UNDEFINED] = "UNDEFINED",
61 [OPN_ACPT] = "OPN_ACPT",
62 [OPN_RJCT] = "OPN_RJCT",
63 [CNF_ACPT] = "CNF_ACPT",
64 [CNF_RJCT] = "CNF_RJCT",
65 [CLS_ACPT] = "CLS_ACPT",
66 [REQ_RJCT] = "REQ_RJCT",
67 };
68
69
mesh_mpm_parse_peer_mgmt(struct wpa_supplicant * wpa_s,u8 action_field,const u8 * ie,size_t len,struct mesh_peer_mgmt_ie * mpm_ie)70 static int mesh_mpm_parse_peer_mgmt(struct wpa_supplicant *wpa_s,
71 u8 action_field,
72 const u8 *ie, size_t len,
73 struct mesh_peer_mgmt_ie *mpm_ie)
74 {
75 os_memset(mpm_ie, 0, sizeof(*mpm_ie));
76
77 /* Remove optional Chosen PMK field at end */
78 if (len >= SAE_PMKID_LEN) {
79 mpm_ie->chosen_pmk = ie + len - SAE_PMKID_LEN;
80 len -= SAE_PMKID_LEN;
81 }
82
83 if ((action_field == PLINK_OPEN && len != 4) ||
84 (action_field == PLINK_CONFIRM && len != 6) ||
85 (action_field == PLINK_CLOSE && len != 6 && len != 8)) {
86 wpa_msg(wpa_s, MSG_DEBUG, "MPM: Invalid peer mgmt ie");
87 return -1;
88 }
89
90 /* required fields */
91 if (len < 4)
92 return -1;
93 mpm_ie->proto_id = ie;
94 mpm_ie->llid = ie + 2;
95 ie += 4;
96 len -= 4;
97
98 /* close reason is always present at end for close */
99 if (action_field == PLINK_CLOSE) {
100 if (len < 2)
101 return -1;
102 mpm_ie->reason = ie + len - 2;
103 len -= 2;
104 }
105
106 /* Peer Link ID, present for confirm, and possibly close */
107 if (len >= 2)
108 mpm_ie->plid = ie;
109
110 return 0;
111 }
112
113
plink_free_count(struct hostapd_data * hapd)114 static int plink_free_count(struct hostapd_data *hapd)
115 {
116 if (hapd->max_plinks > hapd->num_plinks)
117 return hapd->max_plinks - hapd->num_plinks;
118 return 0;
119 }
120
121
copy_supp_rates(struct wpa_supplicant * wpa_s,struct sta_info * sta,struct ieee802_11_elems * elems)122 static u16 copy_supp_rates(struct wpa_supplicant *wpa_s,
123 struct sta_info *sta,
124 struct ieee802_11_elems *elems)
125 {
126 if (!elems->supp_rates) {
127 wpa_msg(wpa_s, MSG_ERROR, "no supported rates from " MACSTR,
128 MAC2STR(sta->addr));
129 return WLAN_STATUS_UNSPECIFIED_FAILURE;
130 }
131
132 if (elems->supp_rates_len + elems->ext_supp_rates_len >
133 sizeof(sta->supported_rates)) {
134 wpa_msg(wpa_s, MSG_ERROR,
135 "Invalid supported rates element length " MACSTR
136 " %d+%d", MAC2STR(sta->addr), elems->supp_rates_len,
137 elems->ext_supp_rates_len);
138 return WLAN_STATUS_UNSPECIFIED_FAILURE;
139 }
140
141 sta->supported_rates_len = merge_byte_arrays(
142 sta->supported_rates, sizeof(sta->supported_rates),
143 elems->supp_rates, elems->supp_rates_len,
144 elems->ext_supp_rates, elems->ext_supp_rates_len);
145
146 return WLAN_STATUS_SUCCESS;
147 }
148
149
150 /* return true if elems from a neighbor match this MBSS */
matches_local(struct wpa_supplicant * wpa_s,struct ieee802_11_elems * elems)151 static bool matches_local(struct wpa_supplicant *wpa_s,
152 struct ieee802_11_elems *elems)
153 {
154 struct mesh_conf *mconf = wpa_s->ifmsh->mconf;
155
156 if (elems->mesh_config_len < 5)
157 return false;
158
159 return (mconf->meshid_len == elems->mesh_id_len &&
160 os_memcmp(mconf->meshid, elems->mesh_id,
161 elems->mesh_id_len) == 0 &&
162 mconf->mesh_pp_id == elems->mesh_config[0] &&
163 mconf->mesh_pm_id == elems->mesh_config[1] &&
164 mconf->mesh_cc_id == elems->mesh_config[2] &&
165 mconf->mesh_sp_id == elems->mesh_config[3] &&
166 mconf->mesh_auth_id == elems->mesh_config[4]);
167 }
168
169
170 /* check if local link id is already used with another peer */
llid_in_use(struct wpa_supplicant * wpa_s,u16 llid)171 static bool llid_in_use(struct wpa_supplicant *wpa_s, u16 llid)
172 {
173 struct sta_info *sta;
174 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
175
176 for (sta = hapd->sta_list; sta; sta = sta->next) {
177 if (sta->my_lid == llid)
178 return true;
179 }
180
181 return false;
182 }
183
184
185 /* generate an llid for a link and set to initial state */
mesh_mpm_init_link(struct wpa_supplicant * wpa_s,struct sta_info * sta)186 static void mesh_mpm_init_link(struct wpa_supplicant *wpa_s,
187 struct sta_info *sta)
188 {
189 u16 llid;
190
191 do {
192 if (os_get_random((u8 *) &llid, sizeof(llid)) < 0)
193 llid = 0; /* continue */
194 } while (!llid || llid_in_use(wpa_s, llid));
195
196 sta->my_lid = llid;
197 sta->peer_lid = 0;
198 sta->peer_aid = 0;
199
200 /*
201 * We do not use wpa_mesh_set_plink_state() here because there is no
202 * entry in kernel yet.
203 */
204 sta->plink_state = PLINK_IDLE;
205 }
206
207
mesh_mpm_send_plink_action(struct wpa_supplicant * wpa_s,struct sta_info * sta,enum plink_action_field type,u16 close_reason)208 static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s,
209 struct sta_info *sta,
210 enum plink_action_field type,
211 u16 close_reason)
212 {
213 struct wpabuf *buf;
214 struct hostapd_iface *ifmsh = wpa_s->ifmsh;
215 struct hostapd_data *bss = ifmsh->bss[0];
216 struct mesh_conf *conf = ifmsh->mconf;
217 u8 supp_rates[2 + 2 + 32];
218 u8 *pos, *cat;
219 u8 ie_len, add_plid = 0;
220 int ret;
221 int ampe = conf->security & MESH_CONF_SEC_AMPE;
222 size_t buf_len;
223
224 if (!sta)
225 return;
226
227 buf_len = 2 + /* Category and Action */
228 2 + /* capability info */
229 2 + /* AID */
230 2 + 8 + /* supported rates */
231 2 + (32 - 8) +
232 2 + 32 + /* mesh ID */
233 2 + 7 + /* mesh config */
234 2 + 24 + /* peering management */
235 2 + 96 + 32 + 32 + /* AMPE (96 + max GTKlen + max IGTKlen) */
236 2 + 16; /* MIC */
237 if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) {
238 buf_len += 2 + 26 + /* HT capabilities */
239 2 + 22; /* HT operation */
240 }
241 #ifdef CONFIG_IEEE80211AC
242 if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) {
243 buf_len += 2 + 12 + /* VHT Capabilities */
244 2 + 5; /* VHT Operation */
245 }
246 #endif /* CONFIG_IEEE80211AC */
247 #ifdef CONFIG_IEEE80211AX
248 if (type != PLINK_CLOSE && wpa_s->mesh_he_enabled) {
249 buf_len += 3 +
250 HE_MAX_MAC_CAPAB_SIZE +
251 HE_MAX_PHY_CAPAB_SIZE +
252 HE_MAX_MCS_CAPAB_SIZE +
253 HE_MAX_PPET_CAPAB_SIZE;
254 buf_len += 3 + sizeof(struct ieee80211_he_operation);
255 if (is_6ghz_op_class(bss->iconf->op_class))
256 buf_len += sizeof(struct ieee80211_he_6ghz_oper_info) +
257 3 + sizeof(struct ieee80211_he_6ghz_band_cap);
258 }
259 #endif /* CONFIG_IEEE80211AX */
260 if (type != PLINK_CLOSE)
261 buf_len += conf->rsn_ie_len; /* RSN IE */
262 #ifdef CONFIG_OCV
263 /* OCI is included even when the other STA doesn't support OCV */
264 if (type != PLINK_CLOSE && conf->ocv)
265 buf_len += OCV_OCI_EXTENDED_LEN;
266 #endif /* CONFIG_OCV */
267 #ifdef CONFIG_IEEE80211BE
268 if (type != PLINK_CLOSE && wpa_s->mesh_eht_enabled) {
269 buf_len += 3 + 2 + EHT_PHY_CAPAB_LEN + EHT_MCS_NSS_CAPAB_LEN +
270 EHT_PPE_THRESH_CAPAB_LEN;
271 buf_len += 3 + sizeof(struct ieee80211_eht_operation);
272 }
273 #endif /* CONFIG_IEEE80211BE */
274
275 buf = wpabuf_alloc(buf_len);
276 if (!buf)
277 return;
278
279 cat = wpabuf_mhead_u8(buf);
280 wpabuf_put_u8(buf, WLAN_ACTION_SELF_PROTECTED);
281 wpabuf_put_u8(buf, type);
282
283 if (type != PLINK_CLOSE) {
284 u8 info;
285
286 /* capability info */
287 wpabuf_put_le16(buf, ampe ? IEEE80211_CAP_PRIVACY : 0);
288
289 /* aid */
290 if (type == PLINK_CONFIRM)
291 wpabuf_put_le16(buf, sta->aid);
292
293 /* IE: supp + ext. supp rates */
294 pos = hostapd_eid_supp_rates(bss, supp_rates);
295 pos = hostapd_eid_ext_supp_rates(bss, pos);
296 wpabuf_put_data(buf, supp_rates, pos - supp_rates);
297
298 /* IE: RSN IE */
299 wpabuf_put_data(buf, conf->rsn_ie, conf->rsn_ie_len);
300
301 /* IE: Mesh ID */
302 wpabuf_put_u8(buf, WLAN_EID_MESH_ID);
303 wpabuf_put_u8(buf, conf->meshid_len);
304 wpabuf_put_data(buf, conf->meshid, conf->meshid_len);
305
306 /* IE: mesh conf */
307 wpabuf_put_u8(buf, WLAN_EID_MESH_CONFIG);
308 wpabuf_put_u8(buf, 7);
309 wpabuf_put_u8(buf, conf->mesh_pp_id);
310 wpabuf_put_u8(buf, conf->mesh_pm_id);
311 wpabuf_put_u8(buf, conf->mesh_cc_id);
312 wpabuf_put_u8(buf, conf->mesh_sp_id);
313 wpabuf_put_u8(buf, conf->mesh_auth_id);
314 info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1;
315 /* TODO: Add Connected to Mesh Gate/AS subfields */
316 wpabuf_put_u8(buf, info);
317 /* Set forwarding based on configuration and always accept
318 * plinks for now */
319 wpabuf_put_u8(buf, MESH_CAP_ACCEPT_ADDITIONAL_PEER |
320 (conf->mesh_fwding ? MESH_CAP_FORWARDING : 0));
321 } else { /* Peer closing frame */
322 /* IE: Mesh ID */
323 wpabuf_put_u8(buf, WLAN_EID_MESH_ID);
324 wpabuf_put_u8(buf, conf->meshid_len);
325 wpabuf_put_data(buf, conf->meshid, conf->meshid_len);
326 }
327
328 /* IE: Mesh Peering Management element */
329 ie_len = 4;
330 if (ampe)
331 ie_len += PMKID_LEN;
332 switch (type) {
333 case PLINK_OPEN:
334 break;
335 case PLINK_CONFIRM:
336 ie_len += 2;
337 add_plid = 1;
338 break;
339 case PLINK_CLOSE:
340 ie_len += 2;
341 add_plid = 1;
342 ie_len += 2; /* reason code */
343 break;
344 }
345
346 wpabuf_put_u8(buf, WLAN_EID_PEER_MGMT);
347 wpabuf_put_u8(buf, ie_len);
348 /* peering protocol */
349 if (ampe)
350 wpabuf_put_le16(buf, 1);
351 else
352 wpabuf_put_le16(buf, 0);
353 wpabuf_put_le16(buf, sta->my_lid);
354 if (add_plid)
355 wpabuf_put_le16(buf, sta->peer_lid);
356 if (type == PLINK_CLOSE)
357 wpabuf_put_le16(buf, close_reason);
358 if (ampe) {
359 if (sta->sae == NULL) {
360 wpa_msg(wpa_s, MSG_INFO, "Mesh MPM: no SAE session");
361 goto fail;
362 }
363 mesh_rsn_get_pmkid(wpa_s->mesh_rsn, sta,
364 wpabuf_put(buf, PMKID_LEN));
365 }
366
367 if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) {
368 u8 ht_capa_oper[2 + 26 + 2 + 22];
369
370 pos = hostapd_eid_ht_capabilities(bss, ht_capa_oper);
371 pos = hostapd_eid_ht_operation(bss, pos);
372 wpabuf_put_data(buf, ht_capa_oper, pos - ht_capa_oper);
373 }
374 #ifdef CONFIG_IEEE80211AC
375 if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) {
376 u8 vht_capa_oper[2 + 12 + 2 + 5];
377
378 pos = hostapd_eid_vht_capabilities(bss, vht_capa_oper, 0);
379 pos = hostapd_eid_vht_operation(bss, pos);
380 wpabuf_put_data(buf, vht_capa_oper, pos - vht_capa_oper);
381 }
382 #endif /* CONFIG_IEEE80211AC */
383 #ifdef CONFIG_IEEE80211AX
384 if (type != PLINK_CLOSE && wpa_s->mesh_he_enabled) {
385 u8 he_capa_oper[3 +
386 HE_MAX_MAC_CAPAB_SIZE +
387 HE_MAX_PHY_CAPAB_SIZE +
388 HE_MAX_MCS_CAPAB_SIZE +
389 HE_MAX_PPET_CAPAB_SIZE +
390 3 + sizeof(struct ieee80211_he_operation) +
391 sizeof(struct ieee80211_he_6ghz_oper_info) +
392 3 + sizeof(struct ieee80211_he_6ghz_band_cap)];
393
394 pos = hostapd_eid_he_capab(bss, he_capa_oper,
395 IEEE80211_MODE_MESH);
396 pos = hostapd_eid_he_operation(bss, pos);
397 pos = hostapd_eid_he_6ghz_band_cap(bss, pos);
398 wpabuf_put_data(buf, he_capa_oper, pos - he_capa_oper);
399 }
400 #endif /* CONFIG_IEEE80211AX */
401 #ifdef CONFIG_OCV
402 if (type != PLINK_CLOSE && conf->ocv) {
403 struct wpa_channel_info ci;
404
405 if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
406 wpa_printf(MSG_WARNING,
407 "Mesh MPM: Failed to get channel info for OCI element");
408 goto fail;
409 }
410
411 pos = wpabuf_put(buf, OCV_OCI_EXTENDED_LEN);
412 if (ocv_insert_extended_oci(&ci, pos) < 0)
413 goto fail;
414 }
415 #endif /* CONFIG_OCV */
416
417 #ifdef CONFIG_IEEE80211BE
418 if (type != PLINK_CLOSE && wpa_s->mesh_eht_enabled) {
419 u8 eht_capa_oper[3 +
420 2 +
421 EHT_PHY_CAPAB_LEN +
422 EHT_MCS_NSS_CAPAB_LEN +
423 EHT_PPE_THRESH_CAPAB_LEN +
424 3 + sizeof(struct ieee80211_eht_operation)];
425 pos = hostapd_eid_eht_capab(bss, eht_capa_oper,
426 IEEE80211_MODE_MESH);
427 pos = hostapd_eid_eht_operation(bss, pos);
428 wpabuf_put_data(buf, eht_capa_oper, pos - eht_capa_oper);
429 }
430 #endif /* CONFIG_IEEE80211BE */
431
432 if (ampe && mesh_rsn_protect_frame(wpa_s->mesh_rsn, sta, cat, buf)) {
433 wpa_msg(wpa_s, MSG_INFO,
434 "Mesh MPM: failed to add AMPE and MIC IE");
435 goto fail;
436 }
437
438 wpa_msg(wpa_s, MSG_DEBUG, "Mesh MPM: Sending peering frame type %d to "
439 MACSTR " (my_lid=0x%x peer_lid=0x%x)",
440 type, MAC2STR(sta->addr), sta->my_lid, sta->peer_lid);
441 ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0,
442 sta->addr, wpa_s->own_addr, wpa_s->own_addr,
443 wpabuf_head(buf), wpabuf_len(buf), 0);
444 if (ret < 0)
445 wpa_msg(wpa_s, MSG_INFO,
446 "Mesh MPM: failed to send peering frame");
447
448 fail:
449 wpabuf_free(buf);
450 }
451
452
453 /* configure peering state in ours and driver's station entry */
wpa_mesh_set_plink_state(struct wpa_supplicant * wpa_s,struct sta_info * sta,enum mesh_plink_state state)454 void wpa_mesh_set_plink_state(struct wpa_supplicant *wpa_s,
455 struct sta_info *sta,
456 enum mesh_plink_state state)
457 {
458 struct hostapd_sta_add_params params;
459 int ret;
460
461 wpa_msg(wpa_s, MSG_DEBUG, "MPM set " MACSTR " from %s into %s",
462 MAC2STR(sta->addr), mplstate[sta->plink_state],
463 mplstate[state]);
464 sta->plink_state = state;
465
466 os_memset(¶ms, 0, sizeof(params));
467 params.addr = sta->addr;
468 params.plink_state = state;
469 params.peer_aid = sta->peer_aid;
470 params.set = 1;
471
472 ret = wpa_drv_sta_add(wpa_s, ¶ms);
473 if (ret) {
474 wpa_msg(wpa_s, MSG_ERROR, "Driver failed to set " MACSTR
475 ": %d", MAC2STR(sta->addr), ret);
476 }
477 }
478
479
mesh_mpm_fsm_restart(struct wpa_supplicant * wpa_s,struct sta_info * sta)480 static void mesh_mpm_fsm_restart(struct wpa_supplicant *wpa_s,
481 struct sta_info *sta)
482 {
483 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
484
485 eloop_cancel_timeout(plink_timer, wpa_s, sta);
486
487 ap_free_sta(hapd, sta);
488 }
489
490
plink_timer(void * eloop_ctx,void * user_data)491 static void plink_timer(void *eloop_ctx, void *user_data)
492 {
493 struct wpa_supplicant *wpa_s = eloop_ctx;
494 struct sta_info *sta = user_data;
495 u16 reason = 0;
496 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
497 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
498
499 switch (sta->plink_state) {
500 case PLINK_OPN_RCVD:
501 case PLINK_OPN_SNT:
502 /* retry timer */
503 if (sta->mpm_retries < conf->dot11MeshMaxRetries) {
504 eloop_register_timeout(
505 conf->dot11MeshRetryTimeout / 1000,
506 (conf->dot11MeshRetryTimeout % 1000) * 1000,
507 plink_timer, wpa_s, sta);
508 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0);
509 sta->mpm_retries++;
510 break;
511 }
512 reason = WLAN_REASON_MESH_MAX_RETRIES;
513 /* fall through */
514
515 case PLINK_CNF_RCVD:
516 /* confirm timer */
517 if (!reason)
518 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT;
519 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
520 eloop_register_timeout(conf->dot11MeshHoldingTimeout / 1000,
521 (conf->dot11MeshHoldingTimeout % 1000) * 1000,
522 plink_timer, wpa_s, sta);
523 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason);
524 break;
525 case PLINK_HOLDING:
526 /* holding timer */
527
528 if (sta->mesh_sae_pmksa_caching) {
529 wpa_printf(MSG_DEBUG, "MPM: Peer " MACSTR
530 " looks like it does not support mesh SAE PMKSA caching, so remove the cached entry for it",
531 MAC2STR(sta->addr));
532 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
533 }
534 mesh_mpm_fsm_restart(wpa_s, sta);
535 break;
536 default:
537 break;
538 }
539 }
540
541
542 /* initiate peering with station */
543 static void
mesh_mpm_plink_open(struct wpa_supplicant * wpa_s,struct sta_info * sta,enum mesh_plink_state next_state)544 mesh_mpm_plink_open(struct wpa_supplicant *wpa_s, struct sta_info *sta,
545 enum mesh_plink_state next_state)
546 {
547 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
548
549 eloop_cancel_timeout(plink_timer, wpa_s, sta);
550 eloop_register_timeout(conf->dot11MeshRetryTimeout / 1000,
551 (conf->dot11MeshRetryTimeout % 1000) * 1000,
552 plink_timer, wpa_s, sta);
553 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0);
554 wpa_mesh_set_plink_state(wpa_s, sta, next_state);
555 }
556
557
mesh_mpm_plink_close(struct hostapd_data * hapd,struct sta_info * sta,void * ctx)558 static int mesh_mpm_plink_close(struct hostapd_data *hapd, struct sta_info *sta,
559 void *ctx)
560 {
561 struct wpa_supplicant *wpa_s = ctx;
562 int reason = WLAN_REASON_MESH_PEERING_CANCELLED;
563
564 if (sta) {
565 if (sta->plink_state == PLINK_ESTAB) {
566 hapd->num_plinks--;
567 wpas_notify_mesh_peer_disconnected(
568 wpa_s, sta->addr, WLAN_REASON_UNSPECIFIED);
569 }
570 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
571 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason);
572 wpa_printf(MSG_DEBUG, "MPM closing plink sta=" MACSTR,
573 MAC2STR(sta->addr));
574 eloop_cancel_timeout(plink_timer, wpa_s, sta);
575 eloop_cancel_timeout(mesh_auth_timer, wpa_s, sta);
576 return 0;
577 }
578
579 return 1;
580 }
581
582
mesh_mpm_close_peer(struct wpa_supplicant * wpa_s,const u8 * addr)583 int mesh_mpm_close_peer(struct wpa_supplicant *wpa_s, const u8 *addr)
584 {
585 struct hostapd_data *hapd;
586 struct sta_info *sta;
587
588 if (!wpa_s->ifmsh) {
589 wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet");
590 return -1;
591 }
592
593 hapd = wpa_s->ifmsh->bss[0];
594 sta = ap_get_sta(hapd, addr);
595 if (!sta) {
596 wpa_msg(wpa_s, MSG_INFO, "No such mesh peer");
597 return -1;
598 }
599
600 return mesh_mpm_plink_close(hapd, sta, wpa_s) == 0 ? 0 : -1;
601 }
602
603
peer_add_timer(void * eloop_ctx,void * user_data)604 static void peer_add_timer(void *eloop_ctx, void *user_data)
605 {
606 struct wpa_supplicant *wpa_s = eloop_ctx;
607 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
608
609 os_memset(hapd->mesh_required_peer, 0, ETH_ALEN);
610 }
611
612
mesh_mpm_connect_peer(struct wpa_supplicant * wpa_s,const u8 * addr,int duration)613 int mesh_mpm_connect_peer(struct wpa_supplicant *wpa_s, const u8 *addr,
614 int duration)
615 {
616 struct wpa_ssid *ssid = wpa_s->current_ssid;
617 struct hostapd_data *hapd;
618 struct sta_info *sta;
619 struct mesh_conf *conf;
620
621 if (!wpa_s->ifmsh) {
622 wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet");
623 return -1;
624 }
625
626 if (!ssid || !ssid->no_auto_peer) {
627 wpa_msg(wpa_s, MSG_INFO,
628 "This command is available only with no_auto_peer mesh network");
629 return -1;
630 }
631
632 hapd = wpa_s->ifmsh->bss[0];
633 conf = wpa_s->ifmsh->mconf;
634
635 sta = ap_get_sta(hapd, addr);
636 if (!sta) {
637 wpa_msg(wpa_s, MSG_INFO, "No such mesh peer");
638 return -1;
639 }
640
641 if ((PLINK_OPN_SNT <= sta->plink_state &&
642 sta->plink_state <= PLINK_ESTAB) ||
643 (sta->sae && sta->sae->state > SAE_NOTHING)) {
644 wpa_msg(wpa_s, MSG_INFO,
645 "Specified peer is connecting/connected");
646 return -1;
647 }
648
649 if (conf->security == MESH_CONF_SEC_NONE) {
650 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT);
651 } else {
652 mesh_rsn_auth_sae_sta(wpa_s, sta);
653 os_memcpy(hapd->mesh_required_peer, addr, ETH_ALEN);
654 eloop_register_timeout(duration == -1 ? 10 : duration, 0,
655 peer_add_timer, wpa_s, NULL);
656 }
657
658 return 0;
659 }
660
661
mesh_mpm_deinit(struct wpa_supplicant * wpa_s,struct hostapd_iface * ifmsh)662 void mesh_mpm_deinit(struct wpa_supplicant *wpa_s, struct hostapd_iface *ifmsh)
663 {
664 struct hostapd_data *hapd = ifmsh->bss[0];
665
666 /* notify peers we're leaving */
667 ap_for_each_sta(hapd, mesh_mpm_plink_close, wpa_s);
668
669 hapd->num_plinks = 0;
670 hostapd_free_stas(hapd);
671 eloop_cancel_timeout(peer_add_timer, wpa_s, NULL);
672 }
673
674
675 /* for mesh_rsn to indicate this peer has completed authentication, and we're
676 * ready to start AMPE */
mesh_mpm_auth_peer(struct wpa_supplicant * wpa_s,const u8 * addr)677 void mesh_mpm_auth_peer(struct wpa_supplicant *wpa_s, const u8 *addr)
678 {
679 struct hostapd_data *data = wpa_s->ifmsh->bss[0];
680 struct hostapd_sta_add_params params;
681 struct sta_info *sta;
682 int ret;
683
684 sta = ap_get_sta(data, addr);
685 if (!sta) {
686 wpa_msg(wpa_s, MSG_DEBUG, "no such mesh peer");
687 return;
688 }
689
690 /* TODO: Should do nothing if this STA is already authenticated, but
691 * the AP code already sets this flag. */
692 sta->flags |= WLAN_STA_AUTH;
693
694 mesh_rsn_init_ampe_sta(wpa_s, sta);
695
696 os_memset(¶ms, 0, sizeof(params));
697 params.addr = sta->addr;
698 params.flags = WPA_STA_AUTHENTICATED | WPA_STA_AUTHORIZED;
699 params.set = 1;
700
701 wpa_msg(wpa_s, MSG_DEBUG, "MPM authenticating " MACSTR,
702 MAC2STR(sta->addr));
703 ret = wpa_drv_sta_add(wpa_s, ¶ms);
704 if (ret) {
705 wpa_msg(wpa_s, MSG_ERROR,
706 "Driver failed to set " MACSTR ": %d",
707 MAC2STR(sta->addr), ret);
708 }
709
710 if (!sta->my_lid)
711 mesh_mpm_init_link(wpa_s, sta);
712
713 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT);
714 }
715
716 /*
717 * Initialize a sta_info structure for a peer and upload it into the driver
718 * in preparation for beginning authentication or peering. This is done when a
719 * Beacon (secure or open mesh) or a peering open frame (for open mesh) is
720 * received from the peer for the first time.
721 */
mesh_mpm_add_peer(struct wpa_supplicant * wpa_s,const u8 * addr,struct ieee802_11_elems * elems)722 static struct sta_info * mesh_mpm_add_peer(struct wpa_supplicant *wpa_s,
723 const u8 *addr,
724 struct ieee802_11_elems *elems)
725 {
726 struct hostapd_sta_add_params params;
727 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
728 struct hostapd_data *data = wpa_s->ifmsh->bss[0];
729 struct sta_info *sta;
730 struct ieee80211_ht_operation *oper;
731 int ret;
732
733 if (elems->mesh_config_len >= 7 &&
734 !(elems->mesh_config[6] & MESH_CAP_ACCEPT_ADDITIONAL_PEER)) {
735 wpa_msg(wpa_s, MSG_DEBUG,
736 "mesh: Ignore a crowded peer " MACSTR,
737 MAC2STR(addr));
738 return NULL;
739 }
740
741 sta = ap_get_sta(data, addr);
742 if (sta)
743 return NULL;
744
745 sta = ap_sta_add(data, addr);
746 if (!sta)
747 return NULL;
748
749 /* Set WMM by default since Mesh STAs are QoS STAs */
750 sta->flags |= WLAN_STA_WMM;
751
752 /* initialize sta */
753 if (copy_supp_rates(wpa_s, sta, elems)) {
754 ap_free_sta(data, sta);
755 return NULL;
756 }
757
758 if (!sta->my_lid)
759 mesh_mpm_init_link(wpa_s, sta);
760
761 copy_sta_ht_capab(data, sta, elems->ht_capabilities);
762
763 oper = (struct ieee80211_ht_operation *) elems->ht_operation;
764 if (oper &&
765 !(oper->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) &&
766 sta->ht_capabilities) {
767 wpa_msg(wpa_s, MSG_DEBUG, MACSTR
768 " does not support 40 MHz bandwidth",
769 MAC2STR(sta->addr));
770 set_disable_ht40(sta->ht_capabilities, 1);
771 }
772
773 if (update_ht_state(data, sta) > 0)
774 ieee802_11_update_beacons(data->iface);
775
776 #ifdef CONFIG_IEEE80211AC
777 copy_sta_vht_capab(data, sta, elems->vht_capabilities);
778 copy_sta_vht_oper(data, sta, elems->vht_operation);
779 set_sta_vht_opmode(data, sta, elems->opmode_notif);
780 #endif /* CONFIG_IEEE80211AC */
781
782 #ifdef CONFIG_IEEE80211AX
783 copy_sta_he_capab(data, sta, IEEE80211_MODE_MESH,
784 elems->he_capabilities, elems->he_capabilities_len);
785 copy_sta_he_6ghz_capab(data, sta, elems->he_6ghz_band_cap);
786 #endif /* CONFIG_IEEE80211AX */
787 #ifdef CONFIG_IEEE80211BE
788 copy_sta_eht_capab(data, sta, IEEE80211_MODE_MESH,
789 elems->he_capabilities,
790 elems->he_capabilities_len,
791 elems->eht_capabilities,
792 elems->eht_capabilities_len);
793 #endif /*CONFIG_IEEE80211BE */
794
795 if (hostapd_get_aid(data, sta) < 0) {
796 wpa_msg(wpa_s, MSG_ERROR, "No AIDs available");
797 ap_free_sta(data, sta);
798 return NULL;
799 }
800
801 /* insert into driver */
802 os_memset(¶ms, 0, sizeof(params));
803 params.supp_rates = sta->supported_rates;
804 params.supp_rates_len = sta->supported_rates_len;
805 params.addr = addr;
806 params.plink_state = sta->plink_state;
807 params.aid = sta->aid;
808 params.peer_aid = sta->peer_aid;
809 params.listen_interval = 100;
810 params.ht_capabilities = sta->ht_capabilities;
811 params.vht_capabilities = sta->vht_capabilities;
812 params.he_capab = sta->he_capab;
813 params.he_capab_len = sta->he_capab_len;
814 params.he_6ghz_capab = sta->he_6ghz_capab;
815 params.eht_capab = sta->eht_capab;
816 params.eht_capab_len = sta->eht_capab_len;
817 params.flags |= WPA_STA_WMM;
818 params.flags_mask |= WPA_STA_AUTHENTICATED;
819 if (conf->security == MESH_CONF_SEC_NONE) {
820 params.flags |= WPA_STA_AUTHORIZED;
821 params.flags |= WPA_STA_AUTHENTICATED;
822 } else {
823 sta->flags |= WLAN_STA_MFP;
824 params.flags |= WPA_STA_MFP;
825 }
826
827 ret = wpa_drv_sta_add(wpa_s, ¶ms);
828 if (ret) {
829 wpa_msg(wpa_s, MSG_ERROR,
830 "Driver failed to insert " MACSTR ": %d",
831 MAC2STR(addr), ret);
832 ap_free_sta(data, sta);
833 return NULL;
834 }
835
836 return sta;
837 }
838
839
wpa_mesh_new_mesh_peer(struct wpa_supplicant * wpa_s,const u8 * addr,struct ieee802_11_elems * elems)840 void wpa_mesh_new_mesh_peer(struct wpa_supplicant *wpa_s, const u8 *addr,
841 struct ieee802_11_elems *elems)
842 {
843 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
844 struct hostapd_data *data = wpa_s->ifmsh->bss[0];
845 struct sta_info *sta;
846 struct wpa_ssid *ssid = wpa_s->current_ssid;
847
848 sta = mesh_mpm_add_peer(wpa_s, addr, elems);
849 if (!sta)
850 return;
851
852 if (ssid && ssid->no_auto_peer &&
853 (is_zero_ether_addr(data->mesh_required_peer) ||
854 os_memcmp(data->mesh_required_peer, addr, ETH_ALEN) != 0)) {
855 wpa_msg(wpa_s, MSG_INFO, "will not initiate new peer link with "
856 MACSTR " because of no_auto_peer", MAC2STR(addr));
857 if (data->mesh_pending_auth) {
858 struct os_reltime age;
859 const struct ieee80211_mgmt *mgmt;
860 struct hostapd_frame_info fi;
861
862 mgmt = wpabuf_head(data->mesh_pending_auth);
863 os_reltime_age(&data->mesh_pending_auth_time, &age);
864 if (age.sec < 2 &&
865 os_memcmp(mgmt->sa, addr, ETH_ALEN) == 0) {
866 wpa_printf(MSG_DEBUG,
867 "mesh: Process pending Authentication frame from %u.%06u seconds ago",
868 (unsigned int) age.sec,
869 (unsigned int) age.usec);
870 os_memset(&fi, 0, sizeof(fi));
871 ieee802_11_mgmt(
872 data,
873 wpabuf_head(data->mesh_pending_auth),
874 wpabuf_len(data->mesh_pending_auth),
875 &fi);
876 }
877 wpabuf_free(data->mesh_pending_auth);
878 data->mesh_pending_auth = NULL;
879 }
880 return;
881 }
882
883 if (conf->security == MESH_CONF_SEC_NONE) {
884 if (sta->plink_state < PLINK_OPN_SNT ||
885 sta->plink_state > PLINK_ESTAB)
886 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT);
887 } else {
888 mesh_rsn_auth_sae_sta(wpa_s, sta);
889 }
890 }
891
892
mesh_mpm_mgmt_rx(struct wpa_supplicant * wpa_s,struct rx_mgmt * rx_mgmt)893 void mesh_mpm_mgmt_rx(struct wpa_supplicant *wpa_s, struct rx_mgmt *rx_mgmt)
894 {
895 struct hostapd_frame_info fi;
896
897 os_memset(&fi, 0, sizeof(fi));
898 fi.datarate = rx_mgmt->datarate;
899 fi.ssi_signal = rx_mgmt->ssi_signal;
900 ieee802_11_mgmt(wpa_s->ifmsh->bss[0], rx_mgmt->frame,
901 rx_mgmt->frame_len, &fi);
902 }
903
904
mesh_mpm_plink_estab(struct wpa_supplicant * wpa_s,struct sta_info * sta)905 static void mesh_mpm_plink_estab(struct wpa_supplicant *wpa_s,
906 struct sta_info *sta)
907 {
908 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
909 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
910 u8 seq[6] = {};
911
912 wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR " established",
913 MAC2STR(sta->addr));
914
915 if (conf->security & MESH_CONF_SEC_AMPE) {
916 wpa_hexdump_key(MSG_DEBUG, "mesh: MTK", sta->mtk, sta->mtk_len);
917 wpa_drv_set_key(wpa_s, -1,
918 wpa_cipher_to_alg(conf->pairwise_cipher),
919 sta->addr, 0, 0, seq, sizeof(seq),
920 sta->mtk, sta->mtk_len,
921 KEY_FLAG_PAIRWISE_RX_TX);
922
923 wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK Key RSC",
924 sta->mgtk_rsc, sizeof(sta->mgtk_rsc));
925 wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK",
926 sta->mgtk, sta->mgtk_len);
927 wpa_drv_set_key(wpa_s, -1,
928 wpa_cipher_to_alg(conf->group_cipher),
929 sta->addr, sta->mgtk_key_id, 0,
930 sta->mgtk_rsc, sizeof(sta->mgtk_rsc),
931 sta->mgtk, sta->mgtk_len,
932 KEY_FLAG_GROUP_RX);
933
934 if (sta->igtk_len) {
935 wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK Key RSC",
936 sta->igtk_rsc, sizeof(sta->igtk_rsc));
937 wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK",
938 sta->igtk, sta->igtk_len);
939 wpa_drv_set_key(
940 wpa_s, -1,
941 wpa_cipher_to_alg(conf->mgmt_group_cipher),
942 sta->addr, sta->igtk_key_id, 0,
943 sta->igtk_rsc, sizeof(sta->igtk_rsc),
944 sta->igtk, sta->igtk_len,
945 KEY_FLAG_GROUP_RX);
946 }
947 }
948
949 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_ESTAB);
950 hapd->num_plinks++;
951
952 sta->flags |= WLAN_STA_ASSOC;
953 sta->mesh_sae_pmksa_caching = 0;
954
955 eloop_cancel_timeout(peer_add_timer, wpa_s, NULL);
956 peer_add_timer(wpa_s, NULL);
957 eloop_cancel_timeout(plink_timer, wpa_s, sta);
958
959 wpas_notify_mesh_peer_connected(wpa_s, sta->addr);
960 }
961
962
mesh_mpm_fsm(struct wpa_supplicant * wpa_s,struct sta_info * sta,enum plink_event event,u16 reason)963 static void mesh_mpm_fsm(struct wpa_supplicant *wpa_s, struct sta_info *sta,
964 enum plink_event event, u16 reason)
965 {
966 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
967 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
968
969 wpa_msg(wpa_s, MSG_DEBUG, "MPM " MACSTR " state %s event %s",
970 MAC2STR(sta->addr), mplstate[sta->plink_state],
971 mplevent[event]);
972
973 switch (sta->plink_state) {
974 case PLINK_IDLE:
975 switch (event) {
976 case CLS_ACPT:
977 mesh_mpm_fsm_restart(wpa_s, sta);
978 break;
979 case OPN_ACPT:
980 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_RCVD);
981 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CONFIRM,
982 0);
983 break;
984 case REQ_RJCT:
985 mesh_mpm_send_plink_action(wpa_s, sta,
986 PLINK_CLOSE, reason);
987 break;
988 default:
989 break;
990 }
991 break;
992 case PLINK_OPN_SNT:
993 switch (event) {
994 case OPN_RJCT:
995 case CNF_RJCT:
996 if (!reason)
997 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION;
998 /* fall-through */
999 case CLS_ACPT:
1000 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
1001 if (!reason)
1002 reason = WLAN_REASON_MESH_CLOSE_RCVD;
1003 eloop_register_timeout(
1004 conf->dot11MeshHoldingTimeout / 1000,
1005 (conf->dot11MeshHoldingTimeout % 1000) * 1000,
1006 plink_timer, wpa_s, sta);
1007 mesh_mpm_send_plink_action(wpa_s, sta,
1008 PLINK_CLOSE, reason);
1009 break;
1010 case OPN_ACPT:
1011 /* retry timer is left untouched */
1012 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_OPN_RCVD);
1013 mesh_mpm_send_plink_action(wpa_s, sta,
1014 PLINK_CONFIRM, 0);
1015 break;
1016 case CNF_ACPT:
1017 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_CNF_RCVD);
1018 eloop_cancel_timeout(plink_timer, wpa_s, sta);
1019 eloop_register_timeout(
1020 conf->dot11MeshConfirmTimeout / 1000,
1021 (conf->dot11MeshConfirmTimeout % 1000) * 1000,
1022 plink_timer, wpa_s, sta);
1023 break;
1024 default:
1025 break;
1026 }
1027 break;
1028 case PLINK_OPN_RCVD:
1029 switch (event) {
1030 case OPN_RJCT:
1031 case CNF_RJCT:
1032 if (!reason)
1033 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION;
1034 /* fall-through */
1035 case CLS_ACPT:
1036 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
1037 if (!reason)
1038 reason = WLAN_REASON_MESH_CLOSE_RCVD;
1039 eloop_register_timeout(
1040 conf->dot11MeshHoldingTimeout / 1000,
1041 (conf->dot11MeshHoldingTimeout % 1000) * 1000,
1042 plink_timer, wpa_s, sta);
1043 sta->mpm_close_reason = reason;
1044 mesh_mpm_send_plink_action(wpa_s, sta,
1045 PLINK_CLOSE, reason);
1046 break;
1047 case OPN_ACPT:
1048 mesh_mpm_send_plink_action(wpa_s, sta,
1049 PLINK_CONFIRM, 0);
1050 break;
1051 case CNF_ACPT:
1052 if (conf->security & MESH_CONF_SEC_AMPE)
1053 mesh_rsn_derive_mtk(wpa_s, sta);
1054 mesh_mpm_plink_estab(wpa_s, sta);
1055 break;
1056 default:
1057 break;
1058 }
1059 break;
1060 case PLINK_CNF_RCVD:
1061 switch (event) {
1062 case OPN_RJCT:
1063 case CNF_RJCT:
1064 if (!reason)
1065 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION;
1066 /* fall-through */
1067 case CLS_ACPT:
1068 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
1069 if (!reason)
1070 reason = WLAN_REASON_MESH_CLOSE_RCVD;
1071 eloop_register_timeout(
1072 conf->dot11MeshHoldingTimeout / 1000,
1073 (conf->dot11MeshHoldingTimeout % 1000) * 1000,
1074 plink_timer, wpa_s, sta);
1075 sta->mpm_close_reason = reason;
1076 mesh_mpm_send_plink_action(wpa_s, sta,
1077 PLINK_CLOSE, reason);
1078 break;
1079 case OPN_ACPT:
1080 if (conf->security & MESH_CONF_SEC_AMPE)
1081 mesh_rsn_derive_mtk(wpa_s, sta);
1082 mesh_mpm_plink_estab(wpa_s, sta);
1083 mesh_mpm_send_plink_action(wpa_s, sta,
1084 PLINK_CONFIRM, 0);
1085 break;
1086 default:
1087 break;
1088 }
1089 break;
1090 case PLINK_ESTAB:
1091 switch (event) {
1092 case OPN_RJCT:
1093 case CNF_RJCT:
1094 case CLS_ACPT:
1095 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
1096 if (!reason)
1097 reason = WLAN_REASON_MESH_CLOSE_RCVD;
1098
1099 eloop_register_timeout(
1100 conf->dot11MeshHoldingTimeout / 1000,
1101 (conf->dot11MeshHoldingTimeout % 1000) * 1000,
1102 plink_timer, wpa_s, sta);
1103 sta->mpm_close_reason = reason;
1104
1105 wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR
1106 " closed with reason %d",
1107 MAC2STR(sta->addr), reason);
1108
1109 wpas_notify_mesh_peer_disconnected(wpa_s, sta->addr,
1110 reason);
1111
1112 hapd->num_plinks--;
1113
1114 mesh_mpm_send_plink_action(wpa_s, sta,
1115 PLINK_CLOSE, reason);
1116 break;
1117 case OPN_ACPT:
1118 mesh_mpm_send_plink_action(wpa_s, sta,
1119 PLINK_CONFIRM, 0);
1120 break;
1121 default:
1122 break;
1123 }
1124 break;
1125 case PLINK_HOLDING:
1126 switch (event) {
1127 case CLS_ACPT:
1128 mesh_mpm_fsm_restart(wpa_s, sta);
1129 break;
1130 case OPN_ACPT:
1131 case CNF_ACPT:
1132 case OPN_RJCT:
1133 case CNF_RJCT:
1134 reason = sta->mpm_close_reason;
1135 mesh_mpm_send_plink_action(wpa_s, sta,
1136 PLINK_CLOSE, reason);
1137 break;
1138 default:
1139 break;
1140 }
1141 break;
1142 default:
1143 wpa_msg(wpa_s, MSG_DEBUG,
1144 "Unsupported MPM event %s for state %s",
1145 mplevent[event], mplstate[sta->plink_state]);
1146 break;
1147 }
1148 }
1149
1150
mesh_mpm_action_rx(struct wpa_supplicant * wpa_s,const struct ieee80211_mgmt * mgmt,size_t len)1151 void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s,
1152 const struct ieee80211_mgmt *mgmt, size_t len)
1153 {
1154 u8 action_field;
1155 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
1156 struct mesh_conf *mconf = wpa_s->ifmsh->mconf;
1157 struct sta_info *sta;
1158 u16 plid = 0, llid = 0, aid = 0;
1159 enum plink_event event;
1160 struct ieee802_11_elems elems;
1161 struct mesh_peer_mgmt_ie peer_mgmt_ie;
1162 const u8 *ies;
1163 size_t ie_len;
1164 int ret;
1165 u16 reason = 0;
1166
1167 if (mgmt->u.action.category != WLAN_ACTION_SELF_PROTECTED)
1168 return;
1169
1170 action_field = mgmt->u.action.u.slf_prot_action.action;
1171 if (action_field != PLINK_OPEN &&
1172 action_field != PLINK_CONFIRM &&
1173 action_field != PLINK_CLOSE)
1174 return;
1175
1176 ies = mgmt->u.action.u.slf_prot_action.variable;
1177 ie_len = (const u8 *) mgmt + len -
1178 mgmt->u.action.u.slf_prot_action.variable;
1179
1180 /* at least expect mesh id and peering mgmt */
1181 if (ie_len < 2 + 2) {
1182 wpa_printf(MSG_DEBUG,
1183 "MPM: Ignore too short action frame %u ie_len %u",
1184 action_field, (unsigned int) ie_len);
1185 return;
1186 }
1187 wpa_printf(MSG_DEBUG, "MPM: Received PLINK action %u", action_field);
1188
1189 if (action_field == PLINK_OPEN || action_field == PLINK_CONFIRM) {
1190 wpa_printf(MSG_DEBUG, "MPM: Capability 0x%x",
1191 WPA_GET_LE16(ies));
1192 ies += 2; /* capability */
1193 ie_len -= 2;
1194 }
1195 if (action_field == PLINK_CONFIRM) {
1196 aid = WPA_GET_LE16(ies);
1197 wpa_printf(MSG_DEBUG, "MPM: AID 0x%x", aid);
1198 ies += 2; /* aid */
1199 ie_len -= 2;
1200 }
1201
1202 /* check for mesh peering, mesh id and mesh config IEs */
1203 if (ieee802_11_parse_elems(ies, ie_len, &elems, 0) == ParseFailed) {
1204 wpa_printf(MSG_DEBUG, "MPM: Failed to parse PLINK IEs");
1205 return;
1206 }
1207 if (!elems.peer_mgmt) {
1208 wpa_printf(MSG_DEBUG,
1209 "MPM: No Mesh Peering Management element");
1210 return;
1211 }
1212 if (action_field != PLINK_CLOSE) {
1213 if (!elems.mesh_id || !elems.mesh_config) {
1214 wpa_printf(MSG_DEBUG,
1215 "MPM: No Mesh ID or Mesh Configuration element");
1216 return;
1217 }
1218
1219 if (!matches_local(wpa_s, &elems)) {
1220 wpa_printf(MSG_DEBUG,
1221 "MPM: Mesh ID or Mesh Configuration element do not match local MBSS");
1222 return;
1223 }
1224 }
1225
1226 ret = mesh_mpm_parse_peer_mgmt(wpa_s, action_field,
1227 elems.peer_mgmt,
1228 elems.peer_mgmt_len,
1229 &peer_mgmt_ie);
1230 if (ret) {
1231 wpa_printf(MSG_DEBUG, "MPM: Mesh parsing rejected frame");
1232 return;
1233 }
1234
1235 /* the sender's llid is our plid and vice-versa */
1236 plid = WPA_GET_LE16(peer_mgmt_ie.llid);
1237 if (peer_mgmt_ie.plid)
1238 llid = WPA_GET_LE16(peer_mgmt_ie.plid);
1239 wpa_printf(MSG_DEBUG, "MPM: plid=0x%x llid=0x%x", plid, llid);
1240
1241 if (action_field == PLINK_CLOSE)
1242 wpa_printf(MSG_DEBUG, "MPM: close reason=%u",
1243 WPA_GET_LE16(peer_mgmt_ie.reason));
1244
1245 sta = ap_get_sta(hapd, mgmt->sa);
1246
1247 /*
1248 * If this is an open frame from an unknown STA, and this is an
1249 * open mesh, then go ahead and add the peer before proceeding.
1250 */
1251 if (!sta && action_field == PLINK_OPEN &&
1252 (!(mconf->security & MESH_CONF_SEC_AMPE) ||
1253 wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa, NULL)))
1254 sta = mesh_mpm_add_peer(wpa_s, mgmt->sa, &elems);
1255
1256 if (!sta) {
1257 wpa_printf(MSG_DEBUG, "MPM: No STA entry for peer");
1258 return;
1259 }
1260
1261 #ifdef CONFIG_SAE
1262 /* peer is in sae_accepted? */
1263 if (sta->sae && sta->sae->state != SAE_ACCEPTED) {
1264 wpa_printf(MSG_DEBUG, "MPM: SAE not yet accepted for peer");
1265 return;
1266 }
1267 #endif /* CONFIG_SAE */
1268
1269 if (!sta->my_lid)
1270 mesh_mpm_init_link(wpa_s, sta);
1271
1272 if (mconf->security & MESH_CONF_SEC_AMPE) {
1273 int res;
1274
1275 res = mesh_rsn_process_ampe(wpa_s, sta, &elems,
1276 &mgmt->u.action.category,
1277 peer_mgmt_ie.chosen_pmk,
1278 ies, ie_len);
1279 if (res) {
1280 wpa_printf(MSG_DEBUG,
1281 "MPM: RSN process rejected frame (res=%d)",
1282 res);
1283 if (action_field == PLINK_OPEN && res == -2) {
1284 /* AES-SIV decryption failed */
1285 mesh_mpm_fsm(wpa_s, sta, OPN_RJCT,
1286 WLAN_REASON_MESH_INVALID_GTK);
1287 }
1288 return;
1289 }
1290
1291 #ifdef CONFIG_OCV
1292 if (action_field == PLINK_OPEN && elems.rsn_ie) {
1293 struct wpa_state_machine *sm = sta->wpa_sm;
1294 struct wpa_ie_data data;
1295
1296 res = wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2,
1297 elems.rsn_ie_len + 2,
1298 &data);
1299 if (res) {
1300 wpa_printf(MSG_DEBUG,
1301 "Failed to parse RSN IE (res=%d)",
1302 res);
1303 wpa_hexdump(MSG_DEBUG, "RSN IE", elems.rsn_ie,
1304 elems.rsn_ie_len);
1305 return;
1306 }
1307
1308 wpa_auth_set_ocv(sm, mconf->ocv &&
1309 (data.capabilities &
1310 WPA_CAPABILITY_OCVC));
1311 }
1312
1313 if (action_field != PLINK_CLOSE &&
1314 wpa_auth_uses_ocv(sta->wpa_sm)) {
1315 struct wpa_channel_info ci;
1316 int tx_chanwidth;
1317 int tx_seg1_idx;
1318
1319 if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
1320 wpa_printf(MSG_WARNING,
1321 "MPM: Failed to get channel info to validate received OCI in MPM Confirm");
1322 return;
1323 }
1324
1325 if (get_tx_parameters(
1326 sta, channel_width_to_int(ci.chanwidth),
1327 ci.seg1_idx, &tx_chanwidth,
1328 &tx_seg1_idx) < 0)
1329 return;
1330
1331 if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
1332 tx_chanwidth, tx_seg1_idx) !=
1333 OCI_SUCCESS) {
1334 wpa_printf(MSG_WARNING, "MPM: OCV failed: %s",
1335 ocv_errorstr);
1336 return;
1337 }
1338 }
1339 #endif /* CONFIG_OCV */
1340 }
1341
1342 if (sta->plink_state == PLINK_BLOCKED) {
1343 wpa_printf(MSG_DEBUG, "MPM: PLINK_BLOCKED");
1344 return;
1345 }
1346
1347 /* Now we will figure out the appropriate event... */
1348 switch (action_field) {
1349 case PLINK_OPEN:
1350 if (plink_free_count(hapd) == 0) {
1351 event = REQ_RJCT;
1352 reason = WLAN_REASON_MESH_MAX_PEERS;
1353 wpa_printf(MSG_INFO,
1354 "MPM: Peer link num over quota(%d)",
1355 hapd->max_plinks);
1356 } else if (sta->peer_lid && sta->peer_lid != plid) {
1357 wpa_printf(MSG_DEBUG,
1358 "MPM: peer_lid mismatch: 0x%x != 0x%x",
1359 sta->peer_lid, plid);
1360 return; /* no FSM event */
1361 } else {
1362 sta->peer_lid = plid;
1363 event = OPN_ACPT;
1364 }
1365 break;
1366 case PLINK_CONFIRM:
1367 if (plink_free_count(hapd) == 0) {
1368 event = REQ_RJCT;
1369 reason = WLAN_REASON_MESH_MAX_PEERS;
1370 wpa_printf(MSG_INFO,
1371 "MPM: Peer link num over quota(%d)",
1372 hapd->max_plinks);
1373 } else if (sta->my_lid != llid ||
1374 (sta->peer_lid && sta->peer_lid != plid)) {
1375 wpa_printf(MSG_DEBUG,
1376 "MPM: lid mismatch: my_lid: 0x%x != 0x%x or peer_lid: 0x%x != 0x%x",
1377 sta->my_lid, llid, sta->peer_lid, plid);
1378 return; /* no FSM event */
1379 } else {
1380 if (!sta->peer_lid)
1381 sta->peer_lid = plid;
1382 sta->peer_aid = aid;
1383 event = CNF_ACPT;
1384 }
1385 break;
1386 case PLINK_CLOSE:
1387 if (sta->plink_state == PLINK_ESTAB)
1388 /* Do not check for llid or plid. This does not
1389 * follow the standard but since multiple plinks
1390 * per cand are not supported, it is necessary in
1391 * order to avoid a livelock when MP A sees an
1392 * establish peer link to MP B but MP B does not
1393 * see it. This can be caused by a timeout in
1394 * B's peer link establishment or B being
1395 * restarted.
1396 */
1397 event = CLS_ACPT;
1398 else if (sta->peer_lid != plid) {
1399 wpa_printf(MSG_DEBUG,
1400 "MPM: peer_lid mismatch: 0x%x != 0x%x",
1401 sta->peer_lid, plid);
1402 return; /* no FSM event */
1403 } else if (peer_mgmt_ie.plid && sta->my_lid != llid) {
1404 wpa_printf(MSG_DEBUG,
1405 "MPM: my_lid mismatch: 0x%x != 0x%x",
1406 sta->my_lid, llid);
1407 return; /* no FSM event */
1408 } else {
1409 event = CLS_ACPT;
1410 }
1411 break;
1412 default:
1413 /*
1414 * This cannot be hit due to the action_field check above, but
1415 * compilers may not be able to figure that out and can warn
1416 * about uninitialized event below.
1417 */
1418 return;
1419 }
1420 mesh_mpm_fsm(wpa_s, sta, event, reason);
1421 }
1422
1423
1424 /* called by ap_free_sta */
mesh_mpm_free_sta(struct hostapd_data * hapd,struct sta_info * sta)1425 void mesh_mpm_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
1426 {
1427 struct wpa_supplicant *wpa_s = hapd->iface->owner;
1428
1429 if (sta->plink_state == PLINK_ESTAB) {
1430 hapd->num_plinks--;
1431 wpas_notify_mesh_peer_disconnected(
1432 wpa_s, sta->addr, WLAN_REASON_UNSPECIFIED);
1433 }
1434 eloop_cancel_timeout(plink_timer, ELOOP_ALL_CTX, sta);
1435 eloop_cancel_timeout(mesh_auth_timer, ELOOP_ALL_CTX, sta);
1436 }
1437