1 /* 2 * hostapd / Callback functions for driver wrappers 3 * Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "radius/radius.h" 13 #include "drivers/driver.h" 14 #include "common/ieee802_11_defs.h" 15 #include "common/ieee802_11_common.h" 16 #include "common/wpa_ctrl.h" 17 #include "crypto/random.h" 18 #include "p2p/p2p.h" 19 #include "wps/wps.h" 20 #include "wnm_ap.h" 21 #include "hostapd.h" 22 #include "ieee802_11.h" 23 #include "sta_info.h" 24 #include "accounting.h" 25 #include "tkip_countermeasures.h" 26 #include "ieee802_1x.h" 27 #include "wpa_auth.h" 28 #include "wps_hostapd.h" 29 #include "ap_drv_ops.h" 30 #include "ap_config.h" 31 #include "hw_features.h" 32 #include "dfs.h" 33 34 35 int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, 36 const u8 *req_ies, size_t req_ies_len, int reassoc) 37 { 38 struct sta_info *sta; 39 int new_assoc, res; 40 struct ieee802_11_elems elems; 41 const u8 *ie; 42 size_t ielen; 43 #ifdef CONFIG_IEEE80211R 44 u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; 45 u8 *p = buf; 46 #endif /* CONFIG_IEEE80211R */ 47 u16 reason = WLAN_REASON_UNSPECIFIED; 48 u16 status = WLAN_STATUS_SUCCESS; 49 const u8 *p2p_dev_addr = NULL; 50 51 if (addr == NULL) { 52 /* 53 * This could potentially happen with unexpected event from the 54 * driver wrapper. This was seen at least in one case where the 55 * driver ended up being set to station mode while hostapd was 56 * running, so better make sure we stop processing such an 57 * event here. 58 */ 59 wpa_printf(MSG_DEBUG, "hostapd_notif_assoc: Skip event with " 60 "no address"); 61 return -1; 62 } 63 random_add_randomness(addr, ETH_ALEN); 64 65 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, 66 HOSTAPD_LEVEL_INFO, "associated"); 67 68 ieee802_11_parse_elems(req_ies, req_ies_len, &elems, 0); 69 if (elems.wps_ie) { 70 ie = elems.wps_ie - 2; 71 ielen = elems.wps_ie_len + 2; 72 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)AssocReq"); 73 } else if (elems.rsn_ie) { 74 ie = elems.rsn_ie - 2; 75 ielen = elems.rsn_ie_len + 2; 76 wpa_printf(MSG_DEBUG, "STA included RSN IE in (Re)AssocReq"); 77 } else if (elems.wpa_ie) { 78 ie = elems.wpa_ie - 2; 79 ielen = elems.wpa_ie_len + 2; 80 wpa_printf(MSG_DEBUG, "STA included WPA IE in (Re)AssocReq"); 81 } else { 82 ie = NULL; 83 ielen = 0; 84 wpa_printf(MSG_DEBUG, "STA did not include WPS/RSN/WPA IE in " 85 "(Re)AssocReq"); 86 } 87 88 sta = ap_get_sta(hapd, addr); 89 if (sta) { 90 ap_sta_no_session_timeout(hapd, sta); 91 accounting_sta_stop(hapd, sta); 92 93 /* 94 * Make sure that the previously registered inactivity timer 95 * will not remove the STA immediately. 96 */ 97 sta->timeout_next = STA_NULLFUNC; 98 } else { 99 sta = ap_sta_add(hapd, addr); 100 if (sta == NULL) { 101 hostapd_drv_sta_disassoc(hapd, addr, 102 WLAN_REASON_DISASSOC_AP_BUSY); 103 return -1; 104 } 105 } 106 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 107 108 #ifdef CONFIG_P2P 109 if (elems.p2p) { 110 wpabuf_free(sta->p2p_ie); 111 sta->p2p_ie = ieee802_11_vendor_ie_concat(req_ies, req_ies_len, 112 P2P_IE_VENDOR_TYPE); 113 if (sta->p2p_ie) 114 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 115 } 116 #endif /* CONFIG_P2P */ 117 118 #ifdef CONFIG_INTERWORKING 119 if (elems.ext_capab && elems.ext_capab_len > 4) { 120 if (elems.ext_capab[4] & 0x01) 121 sta->qos_map_enabled = 1; 122 } 123 #endif /* CONFIG_INTERWORKING */ 124 125 #ifdef CONFIG_HS20 126 wpabuf_free(sta->hs20_ie); 127 if (elems.hs20 && elems.hs20_len > 4) { 128 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 129 elems.hs20_len - 4); 130 } else 131 sta->hs20_ie = NULL; 132 #endif /* CONFIG_HS20 */ 133 134 if (hapd->conf->wpa) { 135 if (ie == NULL || ielen == 0) { 136 #ifdef CONFIG_WPS 137 if (hapd->conf->wps_state) { 138 wpa_printf(MSG_DEBUG, "STA did not include " 139 "WPA/RSN IE in (Re)Association " 140 "Request - possible WPS use"); 141 sta->flags |= WLAN_STA_MAYBE_WPS; 142 goto skip_wpa_check; 143 } 144 #endif /* CONFIG_WPS */ 145 146 wpa_printf(MSG_DEBUG, "No WPA/RSN IE from STA"); 147 return -1; 148 } 149 #ifdef CONFIG_WPS 150 if (hapd->conf->wps_state && ie[0] == 0xdd && ie[1] >= 4 && 151 os_memcmp(ie + 2, "\x00\x50\xf2\x04", 4) == 0) { 152 struct wpabuf *wps; 153 sta->flags |= WLAN_STA_WPS; 154 wps = ieee802_11_vendor_ie_concat(ie, ielen, 155 WPS_IE_VENDOR_TYPE); 156 if (wps) { 157 if (wps_is_20(wps)) { 158 wpa_printf(MSG_DEBUG, "WPS: STA " 159 "supports WPS 2.0"); 160 sta->flags |= WLAN_STA_WPS2; 161 } 162 wpabuf_free(wps); 163 } 164 goto skip_wpa_check; 165 } 166 #endif /* CONFIG_WPS */ 167 168 if (sta->wpa_sm == NULL) 169 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 170 sta->addr, 171 p2p_dev_addr); 172 if (sta->wpa_sm == NULL) { 173 wpa_printf(MSG_ERROR, "Failed to initialize WPA state " 174 "machine"); 175 return -1; 176 } 177 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 178 ie, ielen, 179 elems.mdie, elems.mdie_len); 180 if (res != WPA_IE_OK) { 181 wpa_printf(MSG_DEBUG, "WPA/RSN information element " 182 "rejected? (res %u)", res); 183 wpa_hexdump(MSG_DEBUG, "IE", ie, ielen); 184 if (res == WPA_INVALID_GROUP) { 185 reason = WLAN_REASON_GROUP_CIPHER_NOT_VALID; 186 status = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 187 } else if (res == WPA_INVALID_PAIRWISE) { 188 reason = WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID; 189 status = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 190 } else if (res == WPA_INVALID_AKMP) { 191 reason = WLAN_REASON_AKMP_NOT_VALID; 192 status = WLAN_STATUS_AKMP_NOT_VALID; 193 } 194 #ifdef CONFIG_IEEE80211W 195 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) { 196 reason = WLAN_REASON_INVALID_IE; 197 status = WLAN_STATUS_INVALID_IE; 198 } else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) { 199 reason = WLAN_REASON_GROUP_CIPHER_NOT_VALID; 200 status = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 201 } 202 #endif /* CONFIG_IEEE80211W */ 203 else { 204 reason = WLAN_REASON_INVALID_IE; 205 status = WLAN_STATUS_INVALID_IE; 206 } 207 goto fail; 208 } 209 #ifdef CONFIG_IEEE80211W 210 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 211 sta->sa_query_count > 0) 212 ap_check_sa_query_timeout(hapd, sta); 213 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out && 214 (sta->auth_alg != WLAN_AUTH_FT)) { 215 /* 216 * STA has already been associated with MFP and SA 217 * Query timeout has not been reached. Reject the 218 * association attempt temporarily and start SA Query, 219 * if one is not pending. 220 */ 221 222 if (sta->sa_query_count == 0) 223 ap_sta_start_sa_query(hapd, sta); 224 225 #ifdef CONFIG_IEEE80211R 226 status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 227 228 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 229 230 hostapd_sta_assoc(hapd, addr, reassoc, status, buf, 231 p - buf); 232 #endif /* CONFIG_IEEE80211R */ 233 return 0; 234 } 235 236 if (wpa_auth_uses_mfp(sta->wpa_sm)) 237 sta->flags |= WLAN_STA_MFP; 238 else 239 sta->flags &= ~WLAN_STA_MFP; 240 #endif /* CONFIG_IEEE80211W */ 241 242 #ifdef CONFIG_IEEE80211R 243 if (sta->auth_alg == WLAN_AUTH_FT) { 244 status = wpa_ft_validate_reassoc(sta->wpa_sm, req_ies, 245 req_ies_len); 246 if (status != WLAN_STATUS_SUCCESS) { 247 if (status == WLAN_STATUS_INVALID_PMKID) 248 reason = WLAN_REASON_INVALID_IE; 249 if (status == WLAN_STATUS_INVALID_MDIE) 250 reason = WLAN_REASON_INVALID_IE; 251 if (status == WLAN_STATUS_INVALID_FTIE) 252 reason = WLAN_REASON_INVALID_IE; 253 goto fail; 254 } 255 } 256 #endif /* CONFIG_IEEE80211R */ 257 } else if (hapd->conf->wps_state) { 258 #ifdef CONFIG_WPS 259 struct wpabuf *wps; 260 if (req_ies) 261 wps = ieee802_11_vendor_ie_concat(req_ies, req_ies_len, 262 WPS_IE_VENDOR_TYPE); 263 else 264 wps = NULL; 265 #ifdef CONFIG_WPS_STRICT 266 if (wps && wps_validate_assoc_req(wps) < 0) { 267 reason = WLAN_REASON_INVALID_IE; 268 status = WLAN_STATUS_INVALID_IE; 269 wpabuf_free(wps); 270 goto fail; 271 } 272 #endif /* CONFIG_WPS_STRICT */ 273 if (wps) { 274 sta->flags |= WLAN_STA_WPS; 275 if (wps_is_20(wps)) { 276 wpa_printf(MSG_DEBUG, "WPS: STA supports " 277 "WPS 2.0"); 278 sta->flags |= WLAN_STA_WPS2; 279 } 280 } else 281 sta->flags |= WLAN_STA_MAYBE_WPS; 282 wpabuf_free(wps); 283 #endif /* CONFIG_WPS */ 284 } 285 #ifdef CONFIG_WPS 286 skip_wpa_check: 287 #endif /* CONFIG_WPS */ 288 289 #ifdef CONFIG_IEEE80211R 290 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, buf, sizeof(buf), 291 sta->auth_alg, req_ies, req_ies_len); 292 293 hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf); 294 #else /* CONFIG_IEEE80211R */ 295 /* Keep compiler silent about unused variables */ 296 if (status) { 297 } 298 #endif /* CONFIG_IEEE80211R */ 299 300 new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0; 301 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC; 302 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE; 303 304 if (reassoc && (sta->auth_alg == WLAN_AUTH_FT)) 305 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 306 else 307 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 308 309 hostapd_new_assoc_sta(hapd, sta, !new_assoc); 310 311 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 312 313 #ifdef CONFIG_P2P 314 if (req_ies) { 315 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, 316 req_ies, req_ies_len); 317 } 318 #endif /* CONFIG_P2P */ 319 320 return 0; 321 322 fail: 323 #ifdef CONFIG_IEEE80211R 324 hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf); 325 #endif /* CONFIG_IEEE80211R */ 326 hostapd_drv_sta_disassoc(hapd, sta->addr, reason); 327 ap_free_sta(hapd, sta); 328 return -1; 329 } 330 331 332 void hostapd_notif_disassoc(struct hostapd_data *hapd, const u8 *addr) 333 { 334 struct sta_info *sta; 335 336 if (addr == NULL) { 337 /* 338 * This could potentially happen with unexpected event from the 339 * driver wrapper. This was seen at least in one case where the 340 * driver ended up reporting a station mode event while hostapd 341 * was running, so better make sure we stop processing such an 342 * event here. 343 */ 344 wpa_printf(MSG_DEBUG, "hostapd_notif_disassoc: Skip event " 345 "with no address"); 346 return; 347 } 348 349 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, 350 HOSTAPD_LEVEL_INFO, "disassociated"); 351 352 sta = ap_get_sta(hapd, addr); 353 if (sta == NULL) { 354 wpa_printf(MSG_DEBUG, "Disassociation notification for " 355 "unknown STA " MACSTR, MAC2STR(addr)); 356 return; 357 } 358 359 ap_sta_set_authorized(hapd, sta, 0); 360 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 361 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 362 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 363 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 364 ap_free_sta(hapd, sta); 365 } 366 367 368 void hostapd_event_sta_low_ack(struct hostapd_data *hapd, const u8 *addr) 369 { 370 struct sta_info *sta = ap_get_sta(hapd, addr); 371 372 if (!sta || !hapd->conf->disassoc_low_ack) 373 return; 374 375 hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, 376 HOSTAPD_LEVEL_INFO, "disconnected due to excessive " 377 "missing ACKs"); 378 hostapd_drv_sta_disassoc(hapd, addr, WLAN_REASON_DISASSOC_LOW_ACK); 379 if (sta) 380 ap_sta_disassociate(hapd, sta, WLAN_REASON_DISASSOC_LOW_ACK); 381 } 382 383 384 void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht, 385 int offset, int width, int cf1, int cf2) 386 { 387 #ifdef NEED_AP_MLME 388 int channel, chwidth, seg0_idx = 0, seg1_idx = 0; 389 390 hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, 391 HOSTAPD_LEVEL_INFO, "driver had channel switch: " 392 "freq=%d, ht=%d, offset=%d, width=%d, cf1=%d, cf2=%d", 393 freq, ht, offset, width, cf1, cf2); 394 395 hapd->iface->freq = freq; 396 397 channel = hostapd_hw_get_channel(hapd, freq); 398 if (!channel) { 399 hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, 400 HOSTAPD_LEVEL_WARNING, "driver switched to " 401 "bad channel!"); 402 return; 403 } 404 405 switch (width) { 406 case CHAN_WIDTH_80: 407 chwidth = VHT_CHANWIDTH_80MHZ; 408 break; 409 case CHAN_WIDTH_80P80: 410 chwidth = VHT_CHANWIDTH_80P80MHZ; 411 break; 412 case CHAN_WIDTH_160: 413 chwidth = VHT_CHANWIDTH_160MHZ; 414 break; 415 case CHAN_WIDTH_20_NOHT: 416 case CHAN_WIDTH_20: 417 case CHAN_WIDTH_40: 418 default: 419 chwidth = VHT_CHANWIDTH_USE_HT; 420 break; 421 } 422 423 switch (hapd->iface->current_mode->mode) { 424 case HOSTAPD_MODE_IEEE80211A: 425 if (cf1 > 5000) 426 seg0_idx = (cf1 - 5000) / 5; 427 if (cf2 > 5000) 428 seg1_idx = (cf2 - 5000) / 5; 429 break; 430 default: 431 seg0_idx = hostapd_hw_get_channel(hapd, cf1); 432 seg1_idx = hostapd_hw_get_channel(hapd, cf2); 433 break; 434 } 435 436 hapd->iconf->channel = channel; 437 hapd->iconf->ieee80211n = ht; 438 hapd->iconf->secondary_channel = offset; 439 hapd->iconf->vht_oper_chwidth = chwidth; 440 hapd->iconf->vht_oper_centr_freq_seg0_idx = seg0_idx; 441 hapd->iconf->vht_oper_centr_freq_seg1_idx = seg1_idx; 442 443 if (hapd->iface->csa_in_progress && 444 freq == hapd->iface->cs_freq_params.freq) { 445 hostapd_cleanup_cs_params(hapd); 446 447 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_CSA_FINISHED "freq=%d", 448 freq); 449 } 450 #endif /* NEED_AP_MLME */ 451 } 452 453 454 void hostapd_event_connect_failed_reason(struct hostapd_data *hapd, 455 const u8 *addr, int reason_code) 456 { 457 switch (reason_code) { 458 case MAX_CLIENT_REACHED: 459 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_REJECTED_MAX_STA MACSTR, 460 MAC2STR(addr)); 461 break; 462 case BLOCKED_CLIENT: 463 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_REJECTED_BLOCKED_STA MACSTR, 464 MAC2STR(addr)); 465 break; 466 } 467 } 468 469 470 int hostapd_probe_req_rx(struct hostapd_data *hapd, const u8 *sa, const u8 *da, 471 const u8 *bssid, const u8 *ie, size_t ie_len, 472 int ssi_signal) 473 { 474 size_t i; 475 int ret = 0; 476 477 if (sa == NULL || ie == NULL) 478 return -1; 479 480 random_add_randomness(sa, ETH_ALEN); 481 for (i = 0; hapd->probereq_cb && i < hapd->num_probereq_cb; i++) { 482 if (hapd->probereq_cb[i].cb(hapd->probereq_cb[i].ctx, 483 sa, da, bssid, ie, ie_len, 484 ssi_signal) > 0) { 485 ret = 1; 486 break; 487 } 488 } 489 return ret; 490 } 491 492 493 #ifdef HOSTAPD 494 495 #ifdef CONFIG_IEEE80211R 496 static void hostapd_notify_auth_ft_finish(void *ctx, const u8 *dst, 497 const u8 *bssid, 498 u16 auth_transaction, u16 status, 499 const u8 *ies, size_t ies_len) 500 { 501 struct hostapd_data *hapd = ctx; 502 struct sta_info *sta; 503 504 sta = ap_get_sta(hapd, dst); 505 if (sta == NULL) 506 return; 507 508 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 509 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 510 sta->flags |= WLAN_STA_AUTH; 511 512 hostapd_sta_auth(hapd, dst, auth_transaction, status, ies, ies_len); 513 } 514 #endif /* CONFIG_IEEE80211R */ 515 516 517 static void hostapd_notif_auth(struct hostapd_data *hapd, 518 struct auth_info *rx_auth) 519 { 520 struct sta_info *sta; 521 u16 status = WLAN_STATUS_SUCCESS; 522 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 523 size_t resp_ies_len = 0; 524 525 sta = ap_get_sta(hapd, rx_auth->peer); 526 if (!sta) { 527 sta = ap_sta_add(hapd, rx_auth->peer); 528 if (sta == NULL) { 529 status = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 530 goto fail; 531 } 532 } 533 sta->flags &= ~WLAN_STA_PREAUTH; 534 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 535 #ifdef CONFIG_IEEE80211R 536 if (rx_auth->auth_type == WLAN_AUTH_FT && hapd->wpa_auth) { 537 sta->auth_alg = WLAN_AUTH_FT; 538 if (sta->wpa_sm == NULL) 539 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 540 sta->addr, NULL); 541 if (sta->wpa_sm == NULL) { 542 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 543 "state machine"); 544 status = WLAN_STATUS_UNSPECIFIED_FAILURE; 545 goto fail; 546 } 547 wpa_ft_process_auth(sta->wpa_sm, rx_auth->bssid, 548 rx_auth->auth_transaction, rx_auth->ies, 549 rx_auth->ies_len, 550 hostapd_notify_auth_ft_finish, hapd); 551 return; 552 } 553 #endif /* CONFIG_IEEE80211R */ 554 fail: 555 hostapd_sta_auth(hapd, rx_auth->peer, rx_auth->auth_transaction + 1, 556 status, resp_ies, resp_ies_len); 557 } 558 559 560 static void hostapd_action_rx(struct hostapd_data *hapd, 561 struct rx_mgmt *drv_mgmt) 562 { 563 struct ieee80211_mgmt *mgmt; 564 struct sta_info *sta; 565 size_t plen __maybe_unused; 566 u16 fc; 567 568 if (drv_mgmt->frame_len < 24 + 1) 569 return; 570 571 plen = drv_mgmt->frame_len - 24 - 1; 572 573 mgmt = (struct ieee80211_mgmt *) drv_mgmt->frame; 574 fc = le_to_host16(mgmt->frame_control); 575 if (WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION) 576 return; /* handled by the driver */ 577 578 wpa_printf(MSG_DEBUG, "RX_ACTION cat %d action plen %d", 579 mgmt->u.action.category, (int) plen); 580 581 sta = ap_get_sta(hapd, mgmt->sa); 582 if (sta == NULL) { 583 wpa_printf(MSG_DEBUG, "%s: station not found", __func__); 584 return; 585 } 586 #ifdef CONFIG_IEEE80211R 587 if (mgmt->u.action.category == WLAN_ACTION_FT) { 588 const u8 *payload = drv_mgmt->frame + 24 + 1; 589 wpa_ft_action_rx(sta->wpa_sm, payload, plen); 590 } 591 #endif /* CONFIG_IEEE80211R */ 592 #ifdef CONFIG_IEEE80211W 593 if (mgmt->u.action.category == WLAN_ACTION_SA_QUERY && plen >= 4) { 594 ieee802_11_sa_query_action( 595 hapd, mgmt->sa, 596 mgmt->u.action.u.sa_query_resp.action, 597 mgmt->u.action.u.sa_query_resp.trans_id); 598 } 599 #endif /* CONFIG_IEEE80211W */ 600 #ifdef CONFIG_WNM 601 if (mgmt->u.action.category == WLAN_ACTION_WNM) { 602 ieee802_11_rx_wnm_action_ap(hapd, mgmt, drv_mgmt->frame_len); 603 } 604 #endif /* CONFIG_WNM */ 605 } 606 607 608 #ifdef NEED_AP_MLME 609 610 #define HAPD_BROADCAST ((struct hostapd_data *) -1) 611 612 static struct hostapd_data * get_hapd_bssid(struct hostapd_iface *iface, 613 const u8 *bssid) 614 { 615 size_t i; 616 617 if (bssid == NULL) 618 return NULL; 619 if (bssid[0] == 0xff && bssid[1] == 0xff && bssid[2] == 0xff && 620 bssid[3] == 0xff && bssid[4] == 0xff && bssid[5] == 0xff) 621 return HAPD_BROADCAST; 622 623 for (i = 0; i < iface->num_bss; i++) { 624 if (os_memcmp(bssid, iface->bss[i]->own_addr, ETH_ALEN) == 0) 625 return iface->bss[i]; 626 } 627 628 return NULL; 629 } 630 631 632 static void hostapd_rx_from_unknown_sta(struct hostapd_data *hapd, 633 const u8 *bssid, const u8 *addr, 634 int wds) 635 { 636 hapd = get_hapd_bssid(hapd->iface, bssid); 637 if (hapd == NULL || hapd == HAPD_BROADCAST) 638 return; 639 640 ieee802_11_rx_from_unknown(hapd, addr, wds); 641 } 642 643 644 static int hostapd_mgmt_rx(struct hostapd_data *hapd, struct rx_mgmt *rx_mgmt) 645 { 646 struct hostapd_iface *iface = hapd->iface; 647 const struct ieee80211_hdr *hdr; 648 const u8 *bssid; 649 struct hostapd_frame_info fi; 650 int ret; 651 652 hdr = (const struct ieee80211_hdr *) rx_mgmt->frame; 653 bssid = get_hdr_bssid(hdr, rx_mgmt->frame_len); 654 if (bssid == NULL) 655 return 0; 656 657 hapd = get_hapd_bssid(iface, bssid); 658 if (hapd == NULL) { 659 u16 fc; 660 fc = le_to_host16(hdr->frame_control); 661 662 /* 663 * Drop frames to unknown BSSIDs except for Beacon frames which 664 * could be used to update neighbor information. 665 */ 666 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 667 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) 668 hapd = iface->bss[0]; 669 else 670 return 0; 671 } 672 673 os_memset(&fi, 0, sizeof(fi)); 674 fi.datarate = rx_mgmt->datarate; 675 fi.ssi_signal = rx_mgmt->ssi_signal; 676 677 if (hapd == HAPD_BROADCAST) { 678 size_t i; 679 ret = 0; 680 for (i = 0; i < iface->num_bss; i++) { 681 if (ieee802_11_mgmt(iface->bss[i], rx_mgmt->frame, 682 rx_mgmt->frame_len, &fi) > 0) 683 ret = 1; 684 } 685 } else 686 ret = ieee802_11_mgmt(hapd, rx_mgmt->frame, rx_mgmt->frame_len, 687 &fi); 688 689 random_add_randomness(&fi, sizeof(fi)); 690 691 return ret; 692 } 693 694 695 static void hostapd_mgmt_tx_cb(struct hostapd_data *hapd, const u8 *buf, 696 size_t len, u16 stype, int ok) 697 { 698 struct ieee80211_hdr *hdr; 699 hdr = (struct ieee80211_hdr *) buf; 700 hapd = get_hapd_bssid(hapd->iface, get_hdr_bssid(hdr, len)); 701 if (hapd == NULL || hapd == HAPD_BROADCAST) 702 return; 703 ieee802_11_mgmt_cb(hapd, buf, len, stype, ok); 704 } 705 706 #endif /* NEED_AP_MLME */ 707 708 709 static int hostapd_event_new_sta(struct hostapd_data *hapd, const u8 *addr) 710 { 711 struct sta_info *sta = ap_get_sta(hapd, addr); 712 if (sta) 713 return 0; 714 715 wpa_printf(MSG_DEBUG, "Data frame from unknown STA " MACSTR 716 " - adding a new STA", MAC2STR(addr)); 717 sta = ap_sta_add(hapd, addr); 718 if (sta) { 719 hostapd_new_assoc_sta(hapd, sta, 0); 720 } else { 721 wpa_printf(MSG_DEBUG, "Failed to add STA entry for " MACSTR, 722 MAC2STR(addr)); 723 return -1; 724 } 725 726 return 0; 727 } 728 729 730 static void hostapd_event_eapol_rx(struct hostapd_data *hapd, const u8 *src, 731 const u8 *data, size_t data_len) 732 { 733 struct hostapd_iface *iface = hapd->iface; 734 struct sta_info *sta; 735 size_t j; 736 737 for (j = 0; j < iface->num_bss; j++) { 738 if ((sta = ap_get_sta(iface->bss[j], src))) { 739 if (sta->flags & WLAN_STA_ASSOC) { 740 hapd = iface->bss[j]; 741 break; 742 } 743 } 744 } 745 746 ieee802_1x_receive(hapd, src, data, data_len); 747 } 748 749 750 static struct hostapd_channel_data * hostapd_get_mode_channel( 751 struct hostapd_iface *iface, unsigned int freq) 752 { 753 int i; 754 struct hostapd_channel_data *chan; 755 756 for (i = 0; i < iface->current_mode->num_channels; i++) { 757 chan = &iface->current_mode->channels[i]; 758 if (!chan) 759 return NULL; 760 if ((unsigned int) chan->freq == freq) 761 return chan; 762 } 763 764 return NULL; 765 } 766 767 768 static void hostapd_update_nf(struct hostapd_iface *iface, 769 struct hostapd_channel_data *chan, 770 struct freq_survey *survey) 771 { 772 if (!iface->chans_surveyed) { 773 chan->min_nf = survey->nf; 774 iface->lowest_nf = survey->nf; 775 } else { 776 if (dl_list_empty(&chan->survey_list)) 777 chan->min_nf = survey->nf; 778 else if (survey->nf < chan->min_nf) 779 chan->min_nf = survey->nf; 780 if (survey->nf < iface->lowest_nf) 781 iface->lowest_nf = survey->nf; 782 } 783 } 784 785 786 static void hostapd_event_get_survey(struct hostapd_data *hapd, 787 struct survey_results *survey_results) 788 { 789 struct hostapd_iface *iface = hapd->iface; 790 struct freq_survey *survey, *tmp; 791 struct hostapd_channel_data *chan; 792 793 if (dl_list_empty(&survey_results->survey_list)) { 794 wpa_printf(MSG_DEBUG, "No survey data received"); 795 return; 796 } 797 798 dl_list_for_each_safe(survey, tmp, &survey_results->survey_list, 799 struct freq_survey, list) { 800 chan = hostapd_get_mode_channel(iface, survey->freq); 801 if (!chan) 802 continue; 803 if (chan->flag & HOSTAPD_CHAN_DISABLED) 804 continue; 805 806 dl_list_del(&survey->list); 807 dl_list_add_tail(&chan->survey_list, &survey->list); 808 809 hostapd_update_nf(iface, chan, survey); 810 811 iface->chans_surveyed++; 812 } 813 } 814 815 816 #ifdef NEED_AP_MLME 817 818 static void hostapd_event_dfs_radar_detected(struct hostapd_data *hapd, 819 struct dfs_event *radar) 820 { 821 wpa_printf(MSG_DEBUG, "DFS radar detected on %d MHz", radar->freq); 822 hostapd_dfs_radar_detected(hapd->iface, radar->freq, radar->ht_enabled, 823 radar->chan_offset, radar->chan_width, 824 radar->cf1, radar->cf2); 825 } 826 827 828 static void hostapd_event_dfs_cac_finished(struct hostapd_data *hapd, 829 struct dfs_event *radar) 830 { 831 wpa_printf(MSG_DEBUG, "DFS CAC finished on %d MHz", radar->freq); 832 hostapd_dfs_complete_cac(hapd->iface, 1, radar->freq, radar->ht_enabled, 833 radar->chan_offset, radar->chan_width, 834 radar->cf1, radar->cf2); 835 } 836 837 838 static void hostapd_event_dfs_cac_aborted(struct hostapd_data *hapd, 839 struct dfs_event *radar) 840 { 841 wpa_printf(MSG_DEBUG, "DFS CAC aborted on %d MHz", radar->freq); 842 hostapd_dfs_complete_cac(hapd->iface, 0, radar->freq, radar->ht_enabled, 843 radar->chan_offset, radar->chan_width, 844 radar->cf1, radar->cf2); 845 } 846 847 848 static void hostapd_event_dfs_nop_finished(struct hostapd_data *hapd, 849 struct dfs_event *radar) 850 { 851 wpa_printf(MSG_DEBUG, "DFS NOP finished on %d MHz", radar->freq); 852 hostapd_dfs_nop_finished(hapd->iface, radar->freq, radar->ht_enabled, 853 radar->chan_offset, radar->chan_width, 854 radar->cf1, radar->cf2); 855 } 856 857 #endif /* NEED_AP_MLME */ 858 859 860 void wpa_supplicant_event(void *ctx, enum wpa_event_type event, 861 union wpa_event_data *data) 862 { 863 struct hostapd_data *hapd = ctx; 864 #ifndef CONFIG_NO_STDOUT_DEBUG 865 int level = MSG_DEBUG; 866 867 if (event == EVENT_RX_MGMT && data->rx_mgmt.frame && 868 data->rx_mgmt.frame_len >= 24) { 869 const struct ieee80211_hdr *hdr; 870 u16 fc; 871 hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame; 872 fc = le_to_host16(hdr->frame_control); 873 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 874 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) 875 level = MSG_EXCESSIVE; 876 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 877 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_REQ) 878 level = MSG_EXCESSIVE; 879 } 880 881 wpa_dbg(hapd->msg_ctx, level, "Event %s (%d) received", 882 event_to_string(event), event); 883 #endif /* CONFIG_NO_STDOUT_DEBUG */ 884 885 switch (event) { 886 case EVENT_MICHAEL_MIC_FAILURE: 887 michael_mic_failure(hapd, data->michael_mic_failure.src, 1); 888 break; 889 case EVENT_SCAN_RESULTS: 890 if (hapd->iface->scan_cb) 891 hapd->iface->scan_cb(hapd->iface); 892 break; 893 #ifdef CONFIG_IEEE80211R 894 case EVENT_FT_RRB_RX: 895 wpa_ft_rrb_rx(hapd->wpa_auth, data->ft_rrb_rx.src, 896 data->ft_rrb_rx.data, data->ft_rrb_rx.data_len); 897 break; 898 #endif /* CONFIG_IEEE80211R */ 899 case EVENT_WPS_BUTTON_PUSHED: 900 hostapd_wps_button_pushed(hapd, NULL); 901 break; 902 #ifdef NEED_AP_MLME 903 case EVENT_TX_STATUS: 904 switch (data->tx_status.type) { 905 case WLAN_FC_TYPE_MGMT: 906 hostapd_mgmt_tx_cb(hapd, data->tx_status.data, 907 data->tx_status.data_len, 908 data->tx_status.stype, 909 data->tx_status.ack); 910 break; 911 case WLAN_FC_TYPE_DATA: 912 hostapd_tx_status(hapd, data->tx_status.dst, 913 data->tx_status.data, 914 data->tx_status.data_len, 915 data->tx_status.ack); 916 break; 917 } 918 break; 919 case EVENT_EAPOL_TX_STATUS: 920 hostapd_eapol_tx_status(hapd, data->eapol_tx_status.dst, 921 data->eapol_tx_status.data, 922 data->eapol_tx_status.data_len, 923 data->eapol_tx_status.ack); 924 break; 925 case EVENT_DRIVER_CLIENT_POLL_OK: 926 hostapd_client_poll_ok(hapd, data->client_poll.addr); 927 break; 928 case EVENT_RX_FROM_UNKNOWN: 929 hostapd_rx_from_unknown_sta(hapd, data->rx_from_unknown.bssid, 930 data->rx_from_unknown.addr, 931 data->rx_from_unknown.wds); 932 break; 933 #endif /* NEED_AP_MLME */ 934 case EVENT_RX_MGMT: 935 #ifdef NEED_AP_MLME 936 if (hostapd_mgmt_rx(hapd, &data->rx_mgmt) > 0) 937 break; 938 #endif /* NEED_AP_MLME */ 939 hostapd_action_rx(hapd, &data->rx_mgmt); 940 break; 941 case EVENT_RX_PROBE_REQ: 942 if (data->rx_probe_req.sa == NULL || 943 data->rx_probe_req.ie == NULL) 944 break; 945 hostapd_probe_req_rx(hapd, data->rx_probe_req.sa, 946 data->rx_probe_req.da, 947 data->rx_probe_req.bssid, 948 data->rx_probe_req.ie, 949 data->rx_probe_req.ie_len, 950 data->rx_probe_req.ssi_signal); 951 break; 952 case EVENT_NEW_STA: 953 hostapd_event_new_sta(hapd, data->new_sta.addr); 954 break; 955 case EVENT_EAPOL_RX: 956 hostapd_event_eapol_rx(hapd, data->eapol_rx.src, 957 data->eapol_rx.data, 958 data->eapol_rx.data_len); 959 break; 960 case EVENT_ASSOC: 961 hostapd_notif_assoc(hapd, data->assoc_info.addr, 962 data->assoc_info.req_ies, 963 data->assoc_info.req_ies_len, 964 data->assoc_info.reassoc); 965 break; 966 case EVENT_DISASSOC: 967 if (data) 968 hostapd_notif_disassoc(hapd, data->disassoc_info.addr); 969 break; 970 case EVENT_DEAUTH: 971 if (data) 972 hostapd_notif_disassoc(hapd, data->deauth_info.addr); 973 break; 974 case EVENT_STATION_LOW_ACK: 975 if (!data) 976 break; 977 hostapd_event_sta_low_ack(hapd, data->low_ack.addr); 978 break; 979 case EVENT_AUTH: 980 hostapd_notif_auth(hapd, &data->auth); 981 break; 982 case EVENT_CH_SWITCH: 983 if (!data) 984 break; 985 hostapd_event_ch_switch(hapd, data->ch_switch.freq, 986 data->ch_switch.ht_enabled, 987 data->ch_switch.ch_offset, 988 data->ch_switch.ch_width, 989 data->ch_switch.cf1, 990 data->ch_switch.cf2); 991 break; 992 case EVENT_CONNECT_FAILED_REASON: 993 if (!data) 994 break; 995 hostapd_event_connect_failed_reason( 996 hapd, data->connect_failed_reason.addr, 997 data->connect_failed_reason.code); 998 break; 999 case EVENT_SURVEY: 1000 hostapd_event_get_survey(hapd, &data->survey_results); 1001 break; 1002 #ifdef NEED_AP_MLME 1003 case EVENT_DFS_RADAR_DETECTED: 1004 if (!data) 1005 break; 1006 hostapd_event_dfs_radar_detected(hapd, &data->dfs_event); 1007 break; 1008 case EVENT_DFS_CAC_FINISHED: 1009 if (!data) 1010 break; 1011 hostapd_event_dfs_cac_finished(hapd, &data->dfs_event); 1012 break; 1013 case EVENT_DFS_CAC_ABORTED: 1014 if (!data) 1015 break; 1016 hostapd_event_dfs_cac_aborted(hapd, &data->dfs_event); 1017 break; 1018 case EVENT_DFS_NOP_FINISHED: 1019 if (!data) 1020 break; 1021 hostapd_event_dfs_nop_finished(hapd, &data->dfs_event); 1022 break; 1023 case EVENT_CHANNEL_LIST_CHANGED: 1024 /* channel list changed (regulatory?), update channel list */ 1025 /* TODO: check this. hostapd_get_hw_features() initializes 1026 * too much stuff. */ 1027 /* hostapd_get_hw_features(hapd->iface); */ 1028 hostapd_channel_list_updated( 1029 hapd->iface, data->channel_list_changed.initiator); 1030 break; 1031 #endif /* NEED_AP_MLME */ 1032 default: 1033 wpa_printf(MSG_DEBUG, "Unknown event %d", event); 1034 break; 1035 } 1036 } 1037 1038 #endif /* HOSTAPD */ 1039