]> git.ipfire.org Git - thirdparty/hostap.git/blame - wpa_supplicant/mlme.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Getting back to DISCONNECTED afer SCANNING
[thirdparty/hostap.git] / wpa_supplicant / mlme.c
CommitLineData
6fc6879b
JM		 1/*
2 * WPA Supplicant - Client mode MLME
3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 *
11 * Alternatively, this software may be distributed under the terms of BSD
12 * license.
13 *
14 * See README and COPYING for more details.
15 */
16
17#include "includes.h"
18
19#include "common.h"
20#include "eloop.h"
21#include "config_ssid.h"
22#include "wpa_supplicant_i.h"
8bac466b 23#include "notify.h"
2d5b792d 24#include "driver_i.h"
6fc6879b 25#include "wpa.h"
6fc6879b 26#include "ieee802_11_defs.h"
1add3c33 27#include "ieee802_11_common.h"
6fc6879b
JM		 28#include "mlme.h"
29
30
31/* Timeouts and intervals in milliseconds */
32#define IEEE80211_AUTH_TIMEOUT (200)
33#define IEEE80211_AUTH_MAX_TRIES 3
34#define IEEE80211_ASSOC_TIMEOUT (200)
35#define IEEE80211_ASSOC_MAX_TRIES 3
36#define IEEE80211_MONITORING_INTERVAL (2000)
37#define IEEE80211_PROBE_INTERVAL (60000)
38#define IEEE80211_RETRY_AUTH_INTERVAL (1000)
39#define IEEE80211_SCAN_INTERVAL (2000)
40#define IEEE80211_SCAN_INTERVAL_SLOW (15000)
41#define IEEE80211_IBSS_JOIN_TIMEOUT (20000)
42
43#define IEEE80211_PROBE_DELAY (33)
44#define IEEE80211_CHANNEL_TIME (33)
45#define IEEE80211_PASSIVE_CHANNEL_TIME (200)
46#define IEEE80211_SCAN_RESULT_EXPIRE (10000)
47#define IEEE80211_IBSS_MERGE_INTERVAL (30000)
48#define IEEE80211_IBSS_INACTIVITY_LIMIT (60000)
49
50#define IEEE80211_IBSS_MAX_STA_ENTRIES 128
51
52
53#define IEEE80211_FC(type, stype) host_to_le16((type << 2) | (stype << 4))
54
55
56struct ieee80211_sta_bss {
57 struct ieee80211_sta_bss *next;
58 struct ieee80211_sta_bss *hnext;
59
60 u8 bssid[ETH_ALEN];
61 u8 ssid[MAX_SSID_LEN];
62 size_t ssid_len;
63 u16 capability; /* host byte order */
64 int hw_mode;
65 int channel;
66 int freq;
67 int rssi;
68 u8 *ie;
69 size_t ie_len;
70 u8 *wpa_ie;
71 size_t wpa_ie_len;
72 u8 *rsn_ie;
73 size_t rsn_ie_len;
74 u8 *wmm_ie;
75 size_t wmm_ie_len;
76 u8 *mdie;
77 size_t mdie_len;
78#define IEEE80211_MAX_SUPP_RATES 32
79 u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
80 size_t supp_rates_len;
81 int beacon_int;
82 u64 timestamp;
83
84 int probe_resp;
85 struct os_time last_update;
86};
87
88
89static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s,
90 const u8 *dst,
91 const u8 *ssid, size_t ssid_len);
92static struct ieee80211_sta_bss *
93ieee80211_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid);
94static int ieee80211_sta_find_ibss(struct wpa_supplicant *wpa_s);
95static int ieee80211_sta_wep_configured(struct wpa_supplicant *wpa_s);
96static void ieee80211_sta_timer(void *eloop_ctx, void *timeout_ctx);
97static void ieee80211_sta_scan_timer(void *eloop_ctx, void *timeout_ctx);
babfbf15 98static void ieee80211_build_tspec(struct wpabuf *buf);
6fc6879b
JM		 99
100
6fc6879b 101static int ieee80211_sta_set_channel(struct wpa_supplicant *wpa_s,
6caf9ca6 102 hostapd_hw_mode phymode, int chan,
6fc6879b
JM		 103 int freq)
104{
105 size_t i;
6caf9ca6 106 struct hostapd_hw_modes *mode;
6fc6879b
JM		 107
108 for (i = 0; i < wpa_s->mlme.num_modes; i++) {
109 mode = &wpa_s->mlme.modes[i];
110 if (mode->mode == phymode) {
111 wpa_s->mlme.curr_rates = mode->rates;
112 wpa_s->mlme.num_curr_rates = mode->num_rates;
113 break;
114 }
115 }
116
117 return wpa_drv_set_channel(wpa_s, phymode, chan, freq);
118}
119
120
6fc6879b
JM		 121static int ecw2cw(int ecw)
122{
123 int cw = 1;
124 while (ecw > 0) {
125 cw <<= 1;
126 ecw--;
127 }
128 return cw - 1;
129}
6fc6879b
JM		 130
131
132static void ieee80211_sta_wmm_params(struct wpa_supplicant *wpa_s,
133 u8 *wmm_param, size_t wmm_param_len)
134{
135 size_t left;
136 int count;
137 u8 *pos;
5c3dd4eb 138 u8 wmm_acm;
6fc6879b
JM		 139
140 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
141 return;
142 count = wmm_param[6] & 0x0f;
143 if (count == wpa_s->mlme.wmm_last_param_set)
144 return;
145 wpa_s->mlme.wmm_last_param_set = count;
146
147 pos = wmm_param + 8;
148 left = wmm_param_len - 8;
149
6fc6879b
JM		 150 wmm_acm = 0;
151 for (; left >= 4; left -= 4, pos += 4) {
152 int aci = (pos[0] >> 5) & 0x03;
153 int acm = (pos[0] >> 4) & 0x01;
5c3dd4eb 154 int aifs, cw_max, cw_min, burst_time;
6fc6879b
JM		 155
156 switch (aci) {
5c3dd4eb 157 case 1: /* AC_BK */
6fc6879b 158 if (acm)
5c3dd4eb 159 wmm_acm |= BIT(1) | BIT(2); /* BK/- */
6fc6879b 160 break;
5c3dd4eb 161 case 2: /* AC_VI */
6fc6879b 162 if (acm)
5c3dd4eb 163 wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
6fc6879b 164 break;
5c3dd4eb 165 case 3: /* AC_VO */
6fc6879b 166 if (acm)
5c3dd4eb 167 wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
6fc6879b 168 break;
5c3dd4eb 169 case 0: /* AC_BE */
6fc6879b 170 default:
6fc6879b 171 if (acm)
5c3dd4eb 172 wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
6fc6879b
JM		 173 break;
174 }
175
5c3dd4eb
JM		 176 aifs = pos[0] & 0x0f;
177 cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
178 cw_min = ecw2cw(pos[1] & 0x0f);
6fc6879b 179 /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
5c3dd4eb
JM		 180 burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
181 wpa_printf(MSG_DEBUG, "MLME: WMM aci=%d acm=%d aifs=%d "
182 "cWmin=%d cWmax=%d burst=%d",
183 aci, acm, aifs, cw_min, cw_max, burst_time);
184 /* TODO: driver configuration */
6fc6879b 185 }
6fc6879b
JM		 186}
187
188
189static void ieee80211_set_associated(struct wpa_supplicant *wpa_s, int assoc)
190{
658d1662 191 if (wpa_s->mlme.associated == assoc && !assoc)
6fc6879b
JM		 192 return;
193
194 wpa_s->mlme.associated = assoc;
195
196 if (assoc) {
197 union wpa_event_data data;
198 os_memset(&data, 0, sizeof(data));
199 wpa_s->mlme.prev_bssid_set = 1;
200 os_memcpy(wpa_s->mlme.prev_bssid, wpa_s->bssid, ETH_ALEN);
201 data.assoc_info.req_ies = wpa_s->mlme.assocreq_ies;
202 data.assoc_info.req_ies_len = wpa_s->mlme.assocreq_ies_len;
203 data.assoc_info.resp_ies = wpa_s->mlme.assocresp_ies;
204 data.assoc_info.resp_ies_len = wpa_s->mlme.assocresp_ies_len;
205 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
206 } else {
207 wpa_supplicant_event(wpa_s, EVENT_DISASSOC, NULL);
208 }
209 os_get_time(&wpa_s->mlme.last_probe);
210}
211
212
213static int ieee80211_sta_tx(struct wpa_supplicant *wpa_s, const u8 *buf,
214 size_t len)
215{
216 return wpa_drv_send_mlme(wpa_s, buf, len);
217}
218
219
220static void ieee80211_send_auth(struct wpa_supplicant *wpa_s,
221 int transaction, u8 *extra, size_t extra_len,
222 int encrypt)
223{
224 u8 *buf;
225 size_t len;
226 struct ieee80211_mgmt *mgmt;
227
228 buf = os_malloc(sizeof(*mgmt) + 6 + extra_len);
229 if (buf == NULL) {
230 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
231 "auth frame");
232 return;
233 }
234
235 mgmt = (struct ieee80211_mgmt *) buf;
236 len = 24 + 6;
237 os_memset(mgmt, 0, 24 + 6);
238 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
239 WLAN_FC_STYPE_AUTH);
240 if (encrypt)
241 mgmt->frame_control |= host_to_le16(WLAN_FC_ISWEP);
242 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
243 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
244 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
245 mgmt->u.auth.auth_alg = host_to_le16(wpa_s->mlme.auth_alg);
246 mgmt->u.auth.auth_transaction = host_to_le16(transaction);
247 wpa_s->mlme.auth_transaction = transaction + 1;
248 mgmt->u.auth.status_code = host_to_le16(0);
249 if (extra) {
250 os_memcpy(buf + len, extra, extra_len);
251 len += extra_len;
252 }
253
254 ieee80211_sta_tx(wpa_s, buf, len);
255 os_free(buf);
256}
257
258
259static void ieee80211_reschedule_timer(struct wpa_supplicant *wpa_s, int ms)
260{
261 eloop_cancel_timeout(ieee80211_sta_timer, wpa_s, NULL);
262 eloop_register_timeout(ms / 1000, 1000 * (ms % 1000),
263 ieee80211_sta_timer, wpa_s, NULL);
264}
265
266
267static void ieee80211_authenticate(struct wpa_supplicant *wpa_s)
268{
269 u8 *extra;
270 size_t extra_len;
271
272 wpa_s->mlme.auth_tries++;
273 if (wpa_s->mlme.auth_tries > IEEE80211_AUTH_MAX_TRIES) {
274 wpa_printf(MSG_DEBUG, "MLME: authentication with AP " MACSTR
275 " timed out", MAC2STR(wpa_s->bssid));
276 return;
277 }
278
279 wpa_s->mlme.state = IEEE80211_AUTHENTICATE;
280 wpa_printf(MSG_DEBUG, "MLME: authenticate with AP " MACSTR,
281 MAC2STR(wpa_s->bssid));
282
283 extra = NULL;
284 extra_len = 0;
285
286#ifdef CONFIG_IEEE80211R
287 if ((wpa_s->mlme.key_mgmt == KEY_MGMT_FT_802_1X ||
288 wpa_s->mlme.key_mgmt == KEY_MGMT_FT_PSK) &&
289 wpa_s->mlme.ft_ies) {
290 struct ieee80211_sta_bss *bss;
291 struct rsn_mdie *mdie = NULL;
292 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
293 if (bss && bss->mdie_len >= 2 + sizeof(*mdie))
294 mdie = (struct rsn_mdie *) (bss->mdie + 2);
295 if (mdie &&
296 os_memcmp(mdie->mobility_domain, wpa_s->mlme.current_md,
297 MOBILITY_DOMAIN_ID_LEN) == 0) {
298 wpa_printf(MSG_DEBUG, "MLME: Trying to use FT "
299 "over-the-air");
300 wpa_s->mlme.auth_alg = WLAN_AUTH_FT;
301 extra = wpa_s->mlme.ft_ies;
302 extra_len = wpa_s->mlme.ft_ies_len;
303 }
304 }
305#endif /* CONFIG_IEEE80211R */
306
307 ieee80211_send_auth(wpa_s, 1, extra, extra_len, 0);
308
309 ieee80211_reschedule_timer(wpa_s, IEEE80211_AUTH_TIMEOUT);
310}
311
312
313static void ieee80211_send_assoc(struct wpa_supplicant *wpa_s)
314{
315 struct ieee80211_mgmt *mgmt;
316 u8 *pos, *ies, *buf;
317 int i, len;
318 u16 capab;
319 struct ieee80211_sta_bss *bss;
320 int wmm = 0;
321 size_t blen, buflen;
322
323 if (wpa_s->mlme.curr_rates == NULL) {
324 wpa_printf(MSG_DEBUG, "MLME: curr_rates not set for assoc");
325 return;
326 }
327
328 buflen = sizeof(*mgmt) + 200 + wpa_s->mlme.extra_ie_len +
329 wpa_s->mlme.ssid_len;
330#ifdef CONFIG_IEEE80211R
331 if (wpa_s->mlme.ft_ies)
332 buflen += wpa_s->mlme.ft_ies_len;
333#endif /* CONFIG_IEEE80211R */
334 buf = os_malloc(buflen);
335 if (buf == NULL) {
336 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
337 "assoc frame");
338 return;
339 }
340 blen = 0;
341
342 capab = wpa_s->mlme.capab;
6caf9ca6 343 if (wpa_s->mlme.phymode == HOSTAPD_MODE_IEEE80211G) {
6fc6879b
JM		 344 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
345 WLAN_CAPABILITY_SHORT_PREAMBLE;
346 }
347 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
348 if (bss) {
349 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
350 capab |= WLAN_CAPABILITY_PRIVACY;
351 if (bss->wmm_ie) {
352 wmm = 1;
353 }
354 }
355
356 mgmt = (struct ieee80211_mgmt *) buf;
357 blen += 24;
358 os_memset(mgmt, 0, 24);
359 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
360 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
361 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
362
363 if (wpa_s->mlme.prev_bssid_set) {
364 blen += 10;
365 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
366 WLAN_FC_STYPE_REASSOC_REQ);
367 mgmt->u.reassoc_req.capab_info = host_to_le16(capab);
368 mgmt->u.reassoc_req.listen_interval = host_to_le16(1);
369 os_memcpy(mgmt->u.reassoc_req.current_ap,
370 wpa_s->mlme.prev_bssid,
371 ETH_ALEN);
372 } else {
373 blen += 4;
374 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
375 WLAN_FC_STYPE_ASSOC_REQ);
376 mgmt->u.assoc_req.capab_info = host_to_le16(capab);
377 mgmt->u.assoc_req.listen_interval = host_to_le16(1);
378 }
379
380 /* SSID */
381 ies = pos = buf + blen;
382 blen += 2 + wpa_s->mlme.ssid_len;
383 *pos++ = WLAN_EID_SSID;
384 *pos++ = wpa_s->mlme.ssid_len;
385 os_memcpy(pos, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
386
387 len = wpa_s->mlme.num_curr_rates;
388 if (len > 8)
389 len = 8;
390 pos = buf + blen;
391 blen += len + 2;
392 *pos++ = WLAN_EID_SUPP_RATES;
393 *pos++ = len;
394 for (i = 0; i < len; i++) {
395 int rate = wpa_s->mlme.curr_rates[i].rate;
396 *pos++ = (u8) (rate / 5);
397 }
398
399 if (wpa_s->mlme.num_curr_rates > len) {
400 pos = buf + blen;
401 blen += wpa_s->mlme.num_curr_rates - len + 2;
402 *pos++ = WLAN_EID_EXT_SUPP_RATES;
403 *pos++ = wpa_s->mlme.num_curr_rates - len;
404 for (i = len; i < wpa_s->mlme.num_curr_rates; i++) {
405 int rate = wpa_s->mlme.curr_rates[i].rate;
406 *pos++ = (u8) (rate / 5);
407 }
408 }
409
410 if (wpa_s->mlme.extra_ie && wpa_s->mlme.auth_alg != WLAN_AUTH_FT) {
411 pos = buf + blen;
412 blen += wpa_s->mlme.extra_ie_len;
413 os_memcpy(pos, wpa_s->mlme.extra_ie, wpa_s->mlme.extra_ie_len);
414 }
415
416#ifdef CONFIG_IEEE80211R
417 if ((wpa_s->mlme.key_mgmt == KEY_MGMT_FT_802_1X ||
418 wpa_s->mlme.key_mgmt == KEY_MGMT_FT_PSK) &&
419 wpa_s->mlme.auth_alg != WLAN_AUTH_FT &&
420 bss && bss->mdie &&
421 bss->mdie_len >= 2 + sizeof(struct rsn_mdie) &&
422 bss->mdie[1] >= sizeof(struct rsn_mdie)) {
423 pos = buf + blen;
424 blen += 2 + sizeof(struct rsn_mdie);
425 *pos++ = WLAN_EID_MOBILITY_DOMAIN;
426 *pos++ = sizeof(struct rsn_mdie);
427 os_memcpy(pos, bss->mdie + 2, MOBILITY_DOMAIN_ID_LEN);
428 pos += MOBILITY_DOMAIN_ID_LEN;
429 *pos++ = 0; /* FIX: copy from the target AP's MDIE */
430 }
431
432 if ((wpa_s->mlme.key_mgmt == KEY_MGMT_FT_802_1X ||
433 wpa_s->mlme.key_mgmt == KEY_MGMT_FT_PSK) &&
434 wpa_s->mlme.auth_alg == WLAN_AUTH_FT && wpa_s->mlme.ft_ies) {
435 pos = buf + blen;
436 os_memcpy(pos, wpa_s->mlme.ft_ies, wpa_s->mlme.ft_ies_len);
437 pos += wpa_s->mlme.ft_ies_len;
438 blen += wpa_s->mlme.ft_ies_len;
439 }
440#endif /* CONFIG_IEEE80211R */
441
442 if (wmm && wpa_s->mlme.wmm_enabled) {
443 pos = buf + blen;
444 blen += 9;
445 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
446 *pos++ = 7; /* len */
447 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
448 *pos++ = 0x50;
449 *pos++ = 0xf2;
77ac4466
JM		 450 *pos++ = 2; /* WMM */
451 *pos++ = 0; /* WMM info */
452 *pos++ = 1; /* WMM ver */
6fc6879b
JM		 453 *pos++ = 0;
454 }
455
456 os_free(wpa_s->mlme.assocreq_ies);
457 wpa_s->mlme.assocreq_ies_len = (buf + blen) - ies;
458 wpa_s->mlme.assocreq_ies = os_malloc(wpa_s->mlme.assocreq_ies_len);
459 if (wpa_s->mlme.assocreq_ies) {
460 os_memcpy(wpa_s->mlme.assocreq_ies, ies,
461 wpa_s->mlme.assocreq_ies_len);
462 }
463
464 ieee80211_sta_tx(wpa_s, buf, blen);
465 os_free(buf);
466}
467
468
469static void ieee80211_send_deauth(struct wpa_supplicant *wpa_s, u16 reason)
470{
471 u8 *buf;
472 size_t len;
473 struct ieee80211_mgmt *mgmt;
474
475 buf = os_zalloc(sizeof(*mgmt));
476 if (buf == NULL) {
477 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
478 "deauth frame");
479 return;
480 }
481
482 mgmt = (struct ieee80211_mgmt *) buf;
483 len = 24;
484 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
485 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
486 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
487 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
488 WLAN_FC_STYPE_DEAUTH);
489 len += 2;
490 mgmt->u.deauth.reason_code = host_to_le16(reason);
491
492 ieee80211_sta_tx(wpa_s, buf, len);
493 os_free(buf);
494}
495
496
497static void ieee80211_send_disassoc(struct wpa_supplicant *wpa_s, u16 reason)
498{
499 u8 *buf;
500 size_t len;
501 struct ieee80211_mgmt *mgmt;
502
503 buf = os_zalloc(sizeof(*mgmt));
504 if (buf == NULL) {
505 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
506 "disassoc frame");
507 return;
508 }
509
510 mgmt = (struct ieee80211_mgmt *) buf;
511 len = 24;
512 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
513 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
514 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
515 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
516 WLAN_FC_STYPE_DISASSOC);
517 len += 2;
518 mgmt->u.disassoc.reason_code = host_to_le16(reason);
519
520 ieee80211_sta_tx(wpa_s, buf, len);
521 os_free(buf);
522}
523
524
525static int ieee80211_privacy_mismatch(struct wpa_supplicant *wpa_s)
526{
527 struct ieee80211_sta_bss *bss;
528 int res = 0;
529
530 if (wpa_s->mlme.mixed_cell ||
531 wpa_s->mlme.key_mgmt != KEY_MGMT_NONE)
532 return 0;
533
534 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
535 if (bss == NULL)
536 return 0;
537
538 if (ieee80211_sta_wep_configured(wpa_s) !=
539 !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
540 res = 1;
541
542 return res;
543}
544
545
546static void ieee80211_associate(struct wpa_supplicant *wpa_s)
547{
548 wpa_s->mlme.assoc_tries++;
549 if (wpa_s->mlme.assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
550 wpa_printf(MSG_DEBUG, "MLME: association with AP " MACSTR
551 " timed out", MAC2STR(wpa_s->bssid));
552 return;
553 }
554
555 wpa_s->mlme.state = IEEE80211_ASSOCIATE;
556 wpa_printf(MSG_DEBUG, "MLME: associate with AP " MACSTR,
557 MAC2STR(wpa_s->bssid));
558 if (ieee80211_privacy_mismatch(wpa_s)) {
559 wpa_printf(MSG_DEBUG, "MLME: mismatch in privacy "
560 "configuration and mixed-cell disabled - abort "
561 "association");
562 return;
563 }
564
565 ieee80211_send_assoc(wpa_s);
566
567 ieee80211_reschedule_timer(wpa_s, IEEE80211_ASSOC_TIMEOUT);
568}
569
570
571static void ieee80211_associated(struct wpa_supplicant *wpa_s)
572{
573 int disassoc;
574
575 /* TODO: start monitoring current AP signal quality and number of
576 * missed beacons. Scan other channels every now and then and search
577 * for better APs. */
578 /* TODO: remove expired BSSes */
579
580 wpa_s->mlme.state = IEEE80211_ASSOCIATED;
581
582#if 0 /* FIX */
583 sta = sta_info_get(local, wpa_s->bssid);
584 if (sta == NULL) {
585 wpa_printf(MSG_DEBUG "MLME: No STA entry for own AP " MACSTR,
586 MAC2STR(wpa_s->bssid));
587 disassoc = 1;
588 } else {
589 disassoc = 0;
590 if (time_after(jiffies,
591 sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
592 if (wpa_s->mlme.probereq_poll) {
593 wpa_printf(MSG_DEBUG "MLME: No ProbeResp from "
594 "current AP " MACSTR " - assume "
595 "out of range",
596 MAC2STR(wpa_s->bssid));
597 disassoc = 1;
598 } else {
599 ieee80211_send_probe_req(
600 wpa_s->bssid,
601 wpa_s->mlme.scan_ssid,
602 wpa_s->mlme.scan_ssid_len);
603 wpa_s->mlme.probereq_poll = 1;
604 }
605 } else {
606 wpa_s->mlme.probereq_poll = 0;
607 if (time_after(jiffies, wpa_s->mlme.last_probe +
608 IEEE80211_PROBE_INTERVAL)) {
609 wpa_s->mlme.last_probe = jiffies;
610 ieee80211_send_probe_req(wpa_s->bssid,
611 wpa_s->mlme.ssid,
612 wpa_s->mlme.ssid_len);
613 }
614 }
615 sta_info_release(local, sta);
616 }
617#else
618 disassoc = 0;
619#endif
620 if (disassoc) {
621 wpa_supplicant_event(wpa_s, EVENT_DISASSOC, NULL);
622 ieee80211_reschedule_timer(wpa_s,
623 IEEE80211_MONITORING_INTERVAL +
624 30000);
625 } else {
626 ieee80211_reschedule_timer(wpa_s,
627 IEEE80211_MONITORING_INTERVAL);
628 }
629}
630
631
632static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s,
633 const u8 *dst,
634 const u8 *ssid, size_t ssid_len)
635{
636 u8 *buf;
637 size_t len;
638 struct ieee80211_mgmt *mgmt;
639 u8 *pos, *supp_rates;
640 u8 *esupp_rates = NULL;
641 int i;
642
643 buf = os_malloc(sizeof(*mgmt) + 200 + wpa_s->mlme.extra_probe_ie_len);
644 if (buf == NULL) {
645 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
646 "probe request");
647 return;
648 }
649
650 mgmt = (struct ieee80211_mgmt *) buf;
651 len = 24;
652 os_memset(mgmt, 0, 24);
653 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
654 WLAN_FC_STYPE_PROBE_REQ);
655 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
656 if (dst) {
657 os_memcpy(mgmt->da, dst, ETH_ALEN);
658 os_memcpy(mgmt->bssid, dst, ETH_ALEN);
659 } else {
660 os_memset(mgmt->da, 0xff, ETH_ALEN);
661 os_memset(mgmt->bssid, 0xff, ETH_ALEN);
662 }
663 pos = buf + len;
664 len += 2 + ssid_len;
665 *pos++ = WLAN_EID_SSID;
666 *pos++ = ssid_len;
667 os_memcpy(pos, ssid, ssid_len);
668
669 supp_rates = buf + len;
670 len += 2;
671 supp_rates[0] = WLAN_EID_SUPP_RATES;
672 supp_rates[1] = 0;
673 for (i = 0; i < wpa_s->mlme.num_curr_rates; i++) {
6caf9ca6 674 struct hostapd_rate_data *rate = &wpa_s->mlme.curr_rates[i];
6fc6879b
JM		 675 if (esupp_rates) {
676 pos = buf + len;
677 len++;
678 esupp_rates[1]++;
679 } else if (supp_rates[1] == 8) {
680 esupp_rates = pos;
681 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
682 esupp_rates[1] = 1;
683 pos = &esupp_rates[2];
10153326 684 len += 3;
6fc6879b
JM		 685 } else {
686 pos = buf + len;
687 len++;
688 supp_rates[1]++;
689 }
690 *pos++ = rate->rate / 5;
691 }
692
693 if (wpa_s->mlme.extra_probe_ie) {
694 os_memcpy(pos, wpa_s->mlme.extra_probe_ie,
695 wpa_s->mlme.extra_probe_ie_len);
696 len += wpa_s->mlme.extra_probe_ie_len;
697 }
698
699 ieee80211_sta_tx(wpa_s, buf, len);
700 os_free(buf);
701}
702
703
704static int ieee80211_sta_wep_configured(struct wpa_supplicant *wpa_s)
705{
706#if 0 /* FIX */
707 if (sdata == NULL || sdata->default_key == NULL ||
708 sdata->default_key->alg != ALG_WEP)
709 return 0;
710 return 1;
711#else
712 return 0;
713#endif
714}
715
716
717static void ieee80211_auth_completed(struct wpa_supplicant *wpa_s)
718{
719 wpa_printf(MSG_DEBUG, "MLME: authenticated");
720 wpa_s->mlme.authenticated = 1;
721 ieee80211_associate(wpa_s);
722}
723
724
725static void ieee80211_auth_challenge(struct wpa_supplicant *wpa_s,
726 struct ieee80211_mgmt *mgmt,
727 size_t len,
728 struct ieee80211_rx_status *rx_status)
729{
730 u8 *pos;
731 struct ieee802_11_elems elems;
732
733 wpa_printf(MSG_DEBUG, "MLME: replying to auth challenge");
734 pos = mgmt->u.auth.variable;
1add3c33 735 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems, 0)
6fc6879b
JM		 736 == ParseFailed) {
737 wpa_printf(MSG_DEBUG, "MLME: failed to parse Auth(challenge)");
738 return;
739 }
740 if (elems.challenge == NULL) {
741 wpa_printf(MSG_DEBUG, "MLME: no challenge IE in shared key "
742 "auth frame");
743 return;
744 }
745 ieee80211_send_auth(wpa_s, 3, elems.challenge - 2,
746 elems.challenge_len + 2, 1);
747}
748
749
750static void ieee80211_rx_mgmt_auth(struct wpa_supplicant *wpa_s,
751 struct ieee80211_mgmt *mgmt,
752 size_t len,
753 struct ieee80211_rx_status *rx_status)
754{
755 struct wpa_ssid *ssid = wpa_s->current_ssid;
756 u16 auth_alg, auth_transaction, status_code;
757 int adhoc;
758
759 adhoc = ssid && ssid->mode == 1;
760
761 if (wpa_s->mlme.state != IEEE80211_AUTHENTICATE && !adhoc) {
762 wpa_printf(MSG_DEBUG, "MLME: authentication frame received "
763 "from " MACSTR ", but not in authenticate state - "
764 "ignored", MAC2STR(mgmt->sa));
765 return;
766 }
767
768 if (len < 24 + 6) {
769 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) authentication "
770 "frame received from " MACSTR " - ignored",
771 (unsigned long) len, MAC2STR(mgmt->sa));
772 return;
773 }
774
775 if (!adhoc && os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
776 wpa_printf(MSG_DEBUG, "MLME: authentication frame received "
777 "from unknown AP (SA=" MACSTR " BSSID=" MACSTR
778 ") - ignored",
779 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
780 return;
781 }
782
783 if (adhoc && os_memcmp(wpa_s->bssid, mgmt->bssid, ETH_ALEN) != 0) {
784 wpa_printf(MSG_DEBUG, "MLME: authentication frame received "
785 "from unknown BSSID (SA=" MACSTR " BSSID=" MACSTR
786 ") - ignored",
787 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
788 return;
789 }
790
791 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
792 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
793 status_code = le_to_host16(mgmt->u.auth.status_code);
794
795 wpa_printf(MSG_DEBUG, "MLME: RX authentication from " MACSTR
796 " (alg=%d transaction=%d status=%d)",
797 MAC2STR(mgmt->sa), auth_alg, auth_transaction, status_code);
798
799 if (adhoc) {
800 /* IEEE 802.11 standard does not require authentication in IBSS
801 * networks and most implementations do not seem to use it.
802 * However, try to reply to authentication attempts if someone
803 * has actually implemented this.
804 * TODO: Could implement shared key authentication. */
805 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
806 wpa_printf(MSG_DEBUG, "MLME: unexpected IBSS "
807 "authentication frame (alg=%d "
808 "transaction=%d)",
809 auth_alg, auth_transaction);
810 return;
811 }
812 ieee80211_send_auth(wpa_s, 2, NULL, 0, 0);
813 }
814
815 if (auth_alg != wpa_s->mlme.auth_alg ||
816 auth_transaction != wpa_s->mlme.auth_transaction) {
817 wpa_printf(MSG_DEBUG, "MLME: unexpected authentication frame "
818 "(alg=%d transaction=%d)",
819 auth_alg, auth_transaction);
820 return;
821 }
822
823 if (status_code != WLAN_STATUS_SUCCESS) {
824 wpa_printf(MSG_DEBUG, "MLME: AP denied authentication "
825 "(auth_alg=%d code=%d)", wpa_s->mlme.auth_alg,
826 status_code);
827 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
828 const int num_algs = 3;
829 u8 algs[num_algs];
830 int i, pos;
831 algs[0] = algs[1] = algs[2] = 0xff;
832 if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_OPEN)
833 algs[0] = WLAN_AUTH_OPEN;
834 if (wpa_s->mlme.auth_algs &
835 IEEE80211_AUTH_ALG_SHARED_KEY)
836 algs[1] = WLAN_AUTH_SHARED_KEY;
837 if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_LEAP)
838 algs[2] = WLAN_AUTH_LEAP;
839 if (wpa_s->mlme.auth_alg == WLAN_AUTH_OPEN)
840 pos = 0;
841 else if (wpa_s->mlme.auth_alg == WLAN_AUTH_SHARED_KEY)
842 pos = 1;
843 else
844 pos = 2;
845 for (i = 0; i < num_algs; i++) {
846 pos++;
847 if (pos >= num_algs)
848 pos = 0;
849 if (algs[pos] == wpa_s->mlme.auth_alg ||
850 algs[pos] == 0xff)
851 continue;
852 if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
853 !ieee80211_sta_wep_configured(wpa_s))
854 continue;
855 wpa_s->mlme.auth_alg = algs[pos];
856 wpa_printf(MSG_DEBUG, "MLME: set auth_alg=%d "
857 "for next try",
858 wpa_s->mlme.auth_alg);
859 break;
860 }
861 }
862 return;
863 }
864
865 switch (wpa_s->mlme.auth_alg) {
866 case WLAN_AUTH_OPEN:
867 case WLAN_AUTH_LEAP:
868 ieee80211_auth_completed(wpa_s);
869 break;
870 case WLAN_AUTH_SHARED_KEY:
871 if (wpa_s->mlme.auth_transaction == 4)
872 ieee80211_auth_completed(wpa_s);
873 else
874 ieee80211_auth_challenge(wpa_s, mgmt, len,
875 rx_status);
876 break;
877#ifdef CONFIG_IEEE80211R
878 case WLAN_AUTH_FT:
879 {
880 union wpa_event_data data;
babfbf15 881 struct wpabuf *ric = NULL;
6fc6879b
JM		 882 os_memset(&data, 0, sizeof(data));
883 data.ft_ies.ies = mgmt->u.auth.variable;
884 data.ft_ies.ies_len = len -
885 (mgmt->u.auth.variable - (u8 *) mgmt);
658d1662 886 os_memcpy(data.ft_ies.target_ap, wpa_s->bssid, ETH_ALEN);
babfbf15
JM		 887 if (os_strcmp(wpa_s->driver->name, "test") == 0 &&
888 wpa_s->mlme.wmm_enabled) {
889 ric = wpabuf_alloc(200);
890 if (ric) {
891 /* Build simple RIC-Request: RDIE | TSPEC */
892
893 /* RIC Data (RDIE) */
894 wpabuf_put_u8(ric, WLAN_EID_RIC_DATA);
895 wpabuf_put_u8(ric, 4);
896 wpabuf_put_u8(ric, 0); /* RDIE Identifier */
897 wpabuf_put_u8(ric, 1); /* Resource Descriptor
898 * Count */
899 wpabuf_put_le16(ric, 0); /* Status Code */
900
901 /* WMM TSPEC */
902 ieee80211_build_tspec(ric);
903
904 data.ft_ies.ric_ies = wpabuf_head(ric);
905 data.ft_ies.ric_ies_len = wpabuf_len(ric);
906 }
907 }
908
6fc6879b 909 wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &data);
babfbf15 910 wpabuf_free(ric);
6fc6879b
JM		 911 ieee80211_auth_completed(wpa_s);
912 break;
913 }
914#endif /* CONFIG_IEEE80211R */
915 }
916}
917
918
919static void ieee80211_rx_mgmt_deauth(struct wpa_supplicant *wpa_s,
920 struct ieee80211_mgmt *mgmt,
921 size_t len,
922 struct ieee80211_rx_status *rx_status)
923{
924 u16 reason_code;
925
926 if (len < 24 + 2) {
927 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) deauthentication "
928 "frame received from " MACSTR " - ignored",
929 (unsigned long) len, MAC2STR(mgmt->sa));
930 return;
931 }
932
933 if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
934 wpa_printf(MSG_DEBUG, "MLME: deauthentication frame received "
935 "from unknown AP (SA=" MACSTR " BSSID=" MACSTR
936 ") - ignored",
937 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
938 return;
939 }
940
941 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
942
943 wpa_printf(MSG_DEBUG, "MLME: RX deauthentication from " MACSTR
944 " (reason=%d)", MAC2STR(mgmt->sa), reason_code);
945
946 if (wpa_s->mlme.authenticated)
947 wpa_printf(MSG_DEBUG, "MLME: deauthenticated");
948
949 if (wpa_s->mlme.state == IEEE80211_AUTHENTICATE ||
950 wpa_s->mlme.state == IEEE80211_ASSOCIATE ||
951 wpa_s->mlme.state == IEEE80211_ASSOCIATED) {
952 wpa_s->mlme.state = IEEE80211_AUTHENTICATE;
953 ieee80211_reschedule_timer(wpa_s,
954 IEEE80211_RETRY_AUTH_INTERVAL);
955 }
956
957 ieee80211_set_associated(wpa_s, 0);
958 wpa_s->mlme.authenticated = 0;
959}
960
961
962static void ieee80211_rx_mgmt_disassoc(struct wpa_supplicant *wpa_s,
963 struct ieee80211_mgmt *mgmt,
964 size_t len,
965 struct ieee80211_rx_status *rx_status)
966{
967 u16 reason_code;
968
969 if (len < 24 + 2) {
970 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) disassociation "
971 "frame received from " MACSTR " - ignored",
972 (unsigned long) len, MAC2STR(mgmt->sa));
973 return;
974 }
975
976 if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
977 wpa_printf(MSG_DEBUG, "MLME: disassociation frame received "
978 "from unknown AP (SA=" MACSTR " BSSID=" MACSTR
979 ") - ignored",
980 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
981 return;
982 }
983
984 reason_code = le_to_host16(mgmt->u.disassoc.reason_code);
985
986 wpa_printf(MSG_DEBUG, "MLME: RX disassociation from " MACSTR
987 " (reason=%d)", MAC2STR(mgmt->sa), reason_code);
988
989 if (wpa_s->mlme.associated)
990 wpa_printf(MSG_DEBUG, "MLME: disassociated");
991
992 if (wpa_s->mlme.state == IEEE80211_ASSOCIATED) {
993 wpa_s->mlme.state = IEEE80211_ASSOCIATE;
994 ieee80211_reschedule_timer(wpa_s,
995 IEEE80211_RETRY_AUTH_INTERVAL);
996 }
997
998 ieee80211_set_associated(wpa_s, 0);
999}
1000
1001
1002static int ieee80211_ft_assoc_resp(struct wpa_supplicant *wpa_s,
1003 struct ieee802_11_elems *elems)
1004{
1005#ifdef CONFIG_IEEE80211R
1006 const u8 *mobility_domain = NULL;
1007 const u8 *r0kh_id = NULL;
1008 size_t r0kh_id_len = 0;
1009 const u8 *r1kh_id = NULL;
1010 struct rsn_ftie *hdr;
1011 const u8 *pos, *end;
1012
1013 if (elems->mdie && elems->mdie_len >= MOBILITY_DOMAIN_ID_LEN)
1014 mobility_domain = elems->mdie;
1015 if (elems->ftie && elems->ftie_len >= sizeof(struct rsn_ftie)) {
1016 end = elems->ftie + elems->ftie_len;
1017 hdr = (struct rsn_ftie *) elems->ftie;
1018 pos = (const u8 *) (hdr + 1);
1019 while (pos + 1 < end) {
1020 if (pos + 2 + pos[1] > end)
1021 break;
1022 if (pos[0] == FTIE_SUBELEM_R1KH_ID &&
1023 pos[1] == FT_R1KH_ID_LEN)
1024 r1kh_id = pos + 2;
1025 else if (pos[0] == FTIE_SUBELEM_R0KH_ID &&
1026 pos[1] >= 1 && pos[1] <= FT_R0KH_ID_MAX_LEN) {
1027 r0kh_id = pos + 2;
1028 r0kh_id_len = pos[1];
1029 }
1030 pos += 2 + pos[1];
1031 }
1032 }
1033 return wpa_sm_set_ft_params(wpa_s->wpa, mobility_domain, r0kh_id,
1034 r0kh_id_len, r1kh_id);
1035#else /* CONFIG_IEEE80211R */
1036 return 0;
1037#endif /* CONFIG_IEEE80211R */
1038}
1039
1040
babfbf15 1041static void ieee80211_build_tspec(struct wpabuf *buf)
ed843aaa 1042{
ed843aaa 1043 struct wmm_tspec_element *tspec;
ed843aaa
JM		 1044 int tid, up;
1045
ed843aaa
JM		 1046 tspec = wpabuf_put(buf, sizeof(*tspec));
1047 tspec->eid = WLAN_EID_VENDOR_SPECIFIC;
1048 tspec->length = sizeof(*tspec) - 2;
1049 tspec->oui[0] = 0x00;
1050 tspec->oui[1] = 0x50;
1051 tspec->oui[2] = 0xf2;
1052 tspec->oui_type = 2;
1053 tspec->oui_subtype = 2;
1054 tspec->version = 1;
1055
1056 tid = 1;
1057 up = 6; /* Voice */
1058 tspec->ts_info[0] = (tid << 1) |
1059 (WMM_TSPEC_DIRECTION_BI_DIRECTIONAL << 5) |
1060 BIT(7);
1061 tspec->ts_info[1] = up << 3;
1062 tspec->nominal_msdu_size = host_to_le16(1530);
1063 tspec->mean_data_rate = host_to_le32(128000); /* bits per second */
1064 tspec->minimum_phy_rate = host_to_le32(6000000);
1065 tspec->surplus_bandwidth_allowance = host_to_le16(0x3000); /* 150% */
babfbf15
JM		 1066}
1067
1068
1069static void ieee80211_tx_addts(struct wpa_supplicant *wpa_s)
1070{
1071 struct wpabuf *buf;
1072 struct ieee80211_mgmt *mgmt;
1073 size_t alen;
1074
1075 wpa_printf(MSG_DEBUG, "MLME: Send ADDTS Request for Voice TSPEC");
1076 mgmt = NULL;
1077 alen = mgmt->u.action.u.wmm_action.variable - (u8 *) mgmt;
1078
1079 buf = wpabuf_alloc(alen + sizeof(struct wmm_tspec_element));
1080 if (buf == NULL)
1081 return;
1082
1083 mgmt = wpabuf_put(buf, alen);
1084 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
1085 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
1086 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
1087 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
1088 WLAN_FC_STYPE_ACTION);
1089 mgmt->u.action.category = WLAN_ACTION_WMM;
1090 mgmt->u.action.u.wmm_action.action_code = WMM_ACTION_CODE_ADDTS_REQ;
1091 mgmt->u.action.u.wmm_action.dialog_token = 1;
1092 mgmt->u.action.u.wmm_action.status_code = 0;
1093
1094 ieee80211_build_tspec(buf);
ed843aaa
JM		 1095
1096 ieee80211_sta_tx(wpa_s, wpabuf_head(buf), wpabuf_len(buf));
1097 wpabuf_free(buf);
1098}
1099
1100
6fc6879b
JM		 1101static void ieee80211_rx_mgmt_assoc_resp(struct wpa_supplicant *wpa_s,
1102 struct ieee80211_mgmt *mgmt,
1103 size_t len,
1104 struct ieee80211_rx_status *rx_status,
1105 int reassoc)
1106{
1107 u8 rates[32];
1108 size_t rates_len;
1109 u16 capab_info, status_code, aid;
1110 struct ieee802_11_elems elems;
1111 u8 *pos;
1112
1113 /* AssocResp and ReassocResp have identical structure, so process both
1114 * of them in this function. */
1115
1116 if (wpa_s->mlme.state != IEEE80211_ASSOCIATE) {
1117 wpa_printf(MSG_DEBUG, "MLME: association frame received from "
1118 MACSTR ", but not in associate state - ignored",
1119 MAC2STR(mgmt->sa));
1120 return;
1121 }
1122
1123 if (len < 24 + 6) {
1124 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) association "
1125 "frame received from " MACSTR " - ignored",
1126 (unsigned long) len, MAC2STR(mgmt->sa));
1127 return;
1128 }
1129
1130 if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
1131 wpa_printf(MSG_DEBUG, "MLME: association frame received from "
1132 "unknown AP (SA=" MACSTR " BSSID=" MACSTR ") - "
1133 "ignored", MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
1134 return;
1135 }
1136
1137 capab_info = le_to_host16(mgmt->u.assoc_resp.capab_info);
1138 status_code = le_to_host16(mgmt->u.assoc_resp.status_code);
1139 aid = le_to_host16(mgmt->u.assoc_resp.aid);
1140 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1141 wpa_printf(MSG_DEBUG, "MLME: invalid aid value %d; bits 15:14 "
1142 "not set", aid);
1143 aid &= ~(BIT(15) | BIT(14));
1144
1145 wpa_printf(MSG_DEBUG, "MLME: RX %sssocResp from " MACSTR
1146 " (capab=0x%x status=%d aid=%d)",
1147 reassoc ? "Rea" : "A", MAC2STR(mgmt->sa),
1148 capab_info, status_code, aid);
1149
6fc6879b 1150 pos = mgmt->u.assoc_resp.variable;
1add3c33 1151 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems, 0)
6fc6879b
JM		 1152 == ParseFailed) {
1153 wpa_printf(MSG_DEBUG, "MLME: failed to parse AssocResp");
1154 return;
1155 }
1156
6572fc0d
JM		 1157 if (status_code != WLAN_STATUS_SUCCESS) {
1158 wpa_printf(MSG_DEBUG, "MLME: AP denied association (code=%d)",
1159 status_code);
1160#ifdef CONFIG_IEEE80211W
1161 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
adddffd1
JM		 1162 elems.timeout_int && elems.timeout_int_len == 5 &&
1163 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
6572fc0d 1164 u32 tu, ms;
adddffd1 1165 tu = WPA_GET_LE32(elems.timeout_int + 1);
6572fc0d
JM		 1166 ms = tu * 1024 / 1000;
1167 wpa_printf(MSG_DEBUG, "MLME: AP rejected association "
1168 "temporarily; comeback duration %u TU "
1169 "(%u ms)", tu, ms);
1170 if (ms > IEEE80211_ASSOC_TIMEOUT) {
1171 wpa_printf(MSG_DEBUG, "MLME: Update timer "
1172 "based on comeback duration");
1173 ieee80211_reschedule_timer(wpa_s, ms);
1174 }
1175 }
1176#endif /* CONFIG_IEEE80211W */
1177 return;
1178 }
1179
6fc6879b
JM		 1180 if (elems.supp_rates == NULL) {
1181 wpa_printf(MSG_DEBUG, "MLME: no SuppRates element in "
1182 "AssocResp");
1183 return;
1184 }
1185
1186 if (wpa_s->mlme.auth_alg == WLAN_AUTH_FT) {
1187 if (!reassoc) {
1188 wpa_printf(MSG_DEBUG, "MLME: AP tried to use "
1189 "association, not reassociation, response "
1190 "with FT");
1191 return;
1192 }
1193 if (wpa_ft_validate_reassoc_resp(
658d1662
JM		 1194 wpa_s->wpa, pos, len - (pos - (u8 *) mgmt),
1195 mgmt->sa) < 0) {
6fc6879b
JM		 1196 wpa_printf(MSG_DEBUG, "MLME: FT validation of Reassoc"
1197 "Resp failed");
1198 return;
1199 }
1200 } else if (ieee80211_ft_assoc_resp(wpa_s, &elems) < 0)
1201 return;
1202
1203 wpa_printf(MSG_DEBUG, "MLME: associated");
1204 wpa_s->mlme.aid = aid;
1205 wpa_s->mlme.ap_capab = capab_info;
1206
1207 os_free(wpa_s->mlme.assocresp_ies);
1208 wpa_s->mlme.assocresp_ies_len = len - (pos - (u8 *) mgmt);
1209 wpa_s->mlme.assocresp_ies = os_malloc(wpa_s->mlme.assocresp_ies_len);
1210 if (wpa_s->mlme.assocresp_ies) {
1211 os_memcpy(wpa_s->mlme.assocresp_ies, pos,
1212 wpa_s->mlme.assocresp_ies_len);
1213 }
1214
1215 ieee80211_set_associated(wpa_s, 1);
1216
1217 rates_len = elems.supp_rates_len;
1218 if (rates_len > sizeof(rates))
1219 rates_len = sizeof(rates);
1220 os_memcpy(rates, elems.supp_rates, rates_len);
1221 if (elems.ext_supp_rates) {
1222 size_t _len = elems.ext_supp_rates_len;
1223 if (_len > sizeof(rates) - rates_len)
1224 _len = sizeof(rates) - rates_len;
1225 os_memcpy(rates + rates_len, elems.ext_supp_rates, _len);
1226 rates_len += _len;
1227 }
1228
1229 if (wpa_drv_set_bssid(wpa_s, wpa_s->bssid) < 0) {
1230 wpa_printf(MSG_DEBUG, "MLME: failed to set BSSID for the "
1231 "netstack");
1232 }
1233 if (wpa_drv_set_ssid(wpa_s, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len) <
1234 0) {
1235 wpa_printf(MSG_DEBUG, "MLME: failed to set SSID for the "
1236 "netstack");
1237 }
1238
1239 /* Remove STA entry before adding a new one just in case to avoid
1240 * problems with existing configuration (e.g., keys). */
1241 wpa_drv_mlme_remove_sta(wpa_s, wpa_s->bssid);
1242 if (wpa_drv_mlme_add_sta(wpa_s, wpa_s->bssid, rates, rates_len) < 0) {
1243 wpa_printf(MSG_DEBUG, "MLME: failed to add STA entry to the "
1244 "netstack");
1245 }
1246
5c3dd4eb 1247 if (elems.wmm && wpa_s->mlme.wmm_enabled)
77ac4466 1248 ieee80211_sta_wmm_params(wpa_s, elems.wmm, elems.wmm_len);
6fc6879b
JM		 1249
1250 ieee80211_associated(wpa_s);
ed843aaa 1251
babfbf15
JM		 1252 if (wpa_s->mlme.auth_alg != WLAN_AUTH_FT &&
1253 os_strcmp(wpa_s->driver->name, "test") == 0 &&
ed843aaa
JM		 1254 elems.wmm && wpa_s->mlme.wmm_enabled) {
1255 /* Test WMM-AC - send ADDTS for WMM TSPEC */
1256 ieee80211_tx_addts(wpa_s);
1257 }
6fc6879b
JM		 1258}
1259
1260
1261/* Caller must hold local->sta_bss_lock */
1262static void __ieee80211_bss_hash_add(struct wpa_supplicant *wpa_s,
1263 struct ieee80211_sta_bss *bss)
1264{
1265 bss->hnext = wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)];
1266 wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)] = bss;
1267}
1268
1269
1270/* Caller must hold local->sta_bss_lock */
1271static void __ieee80211_bss_hash_del(struct wpa_supplicant *wpa_s,
1272 struct ieee80211_sta_bss *bss)
1273{
1274 struct ieee80211_sta_bss *b, *prev = NULL;
1275 b = wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)];
1276 while (b) {
1277 if (b == bss) {
1278 if (prev == NULL) {
1279 wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)]
1280 = bss->hnext;
1281 } else {
1282 prev->hnext = bss->hnext;
1283 }
1284 break;
1285 }
1286 prev = b;
1287 b = b->hnext;
1288 }
1289}
1290
1291
1292static struct ieee80211_sta_bss *
1293ieee80211_bss_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
1294{
1295 struct ieee80211_sta_bss *bss;
1296
1297 bss = os_zalloc(sizeof(*bss));
1298 if (bss == NULL)
1299 return NULL;
1300 os_memcpy(bss->bssid, bssid, ETH_ALEN);
1301
1302 /* TODO: order by RSSI? */
1303 bss->next = wpa_s->mlme.sta_bss_list;
1304 wpa_s->mlme.sta_bss_list = bss;
1305 __ieee80211_bss_hash_add(wpa_s, bss);
1306 return bss;
1307}
1308
1309
1310static struct ieee80211_sta_bss *
1311ieee80211_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid)
1312{
1313 struct ieee80211_sta_bss *bss;
1314
1315 bss = wpa_s->mlme.sta_bss_hash[STA_HASH(bssid)];
1316 while (bss) {
1317 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
1318 break;
1319 bss = bss->hnext;
1320 }
1321 return bss;
1322}
1323
1324
1325static void ieee80211_bss_free(struct wpa_supplicant *wpa_s,
1326 struct ieee80211_sta_bss *bss)
1327{
1328 __ieee80211_bss_hash_del(wpa_s, bss);
1329 os_free(bss->ie);
1330 os_free(bss->wpa_ie);
1331 os_free(bss->rsn_ie);
1332 os_free(bss->wmm_ie);
1333 os_free(bss->mdie);
1334 os_free(bss);
1335}
1336
1337
1338static void ieee80211_bss_list_deinit(struct wpa_supplicant *wpa_s)
1339{
1340 struct ieee80211_sta_bss *bss, *prev;
1341
1342 bss = wpa_s->mlme.sta_bss_list;
1343 wpa_s->mlme.sta_bss_list = NULL;
1344 while (bss) {
1345 prev = bss;
1346 bss = bss->next;
1347 ieee80211_bss_free(wpa_s, prev);
1348 }
1349}
1350
1351
1352static void ieee80211_bss_info(struct wpa_supplicant *wpa_s,
1353 struct ieee80211_mgmt *mgmt,
1354 size_t len,
1355 struct ieee80211_rx_status *rx_status,
1356 int beacon)
1357{
1358 struct ieee802_11_elems elems;
1359 size_t baselen;
1360 int channel, invalid = 0, clen;
1361 struct ieee80211_sta_bss *bss;
1362 u64 timestamp;
1363 u8 *pos, *ie_pos;
1364 size_t ie_len;
1365
1366 if (!beacon && os_memcmp(mgmt->da, wpa_s->own_addr, ETH_ALEN))
1367 return; /* ignore ProbeResp to foreign address */
1368
1369#if 0
1370 wpa_printf(MSG_MSGDUMP, "MLME: RX %s from " MACSTR " to " MACSTR,
1371 beacon ? "Beacon" : "Probe Response",
1372 MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
1373#endif
1374
1375 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1376 if (baselen > len)
1377 return;
1378
1379 pos = mgmt->u.beacon.timestamp;
1380 timestamp = WPA_GET_LE64(pos);
1381
1382#if 0 /* FIX */
1383 if (local->conf.mode == IW_MODE_ADHOC && beacon &&
1384 os_memcmp(mgmt->bssid, local->bssid, ETH_ALEN) == 0) {
1385#ifdef IEEE80211_IBSS_DEBUG
1386 static unsigned long last_tsf_debug = 0;
1387 u64 tsf;
1388 if (local->hw->get_tsf)
1389 tsf = local->hw->get_tsf(local->mdev);
1390 else
1391 tsf = -1LLU;
1392 if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
1393 wpa_printf(MSG_DEBUG, "RX beacon SA=" MACSTR " BSSID="
1394 MACSTR " TSF=0x%llx BCN=0x%llx diff=%lld "
1395 "@%ld",
1396 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid),
1397 tsf, timestamp, tsf - timestamp, jiffies);
1398 last_tsf_debug = jiffies;
1399 }
1400#endif /* IEEE80211_IBSS_DEBUG */
1401 }
1402#endif
1403
1404 ie_pos = mgmt->u.beacon.variable;
1405 ie_len = len - baselen;
1add3c33 1406 if (ieee802_11_parse_elems(ie_pos, ie_len, &elems, 0) == ParseFailed)
6fc6879b
JM		 1407 invalid = 1;
1408
1409#if 0 /* FIX */
1410 if (local->conf.mode == IW_MODE_ADHOC && elems.supp_rates &&
1411 os_memcmp(mgmt->bssid, local->bssid, ETH_ALEN) == 0 &&
1412 (sta = sta_info_get(local, mgmt->sa))) {
1413 struct ieee80211_rate *rates;
1414 size_t num_rates;
1415 u32 supp_rates, prev_rates;
1416 int i, j, oper_mode;
1417
1418 rates = local->curr_rates;
1419 num_rates = local->num_curr_rates;
1420 oper_mode = wpa_s->mlme.sta_scanning ?
1421 local->scan_oper_phymode : local->conf.phymode;
1422 for (i = 0; i < local->hw->num_modes; i++) {
1423 struct ieee80211_hw_modes *mode = &local->hw->modes[i];
1424 if (oper_mode == mode->mode) {
1425 rates = mode->rates;
1426 num_rates = mode->num_rates;
1427 break;
1428 }
1429 }
1430
1431 supp_rates = 0;
1432 for (i = 0; i < elems.supp_rates_len +
1433 elems.ext_supp_rates_len; i++) {
1434 u8 rate = 0;
1435 int own_rate;
1436 if (i < elems.supp_rates_len)
1437 rate = elems.supp_rates[i];
1438 else if (elems.ext_supp_rates)
1439 rate = elems.ext_supp_rates
1440 [i - elems.supp_rates_len];
1441 own_rate = 5 * (rate & 0x7f);
1442 if (oper_mode == MODE_ATHEROS_TURBO)
1443 own_rate *= 2;
1444 for (j = 0; j < num_rates; j++)
1445 if (rates[j].rate == own_rate)
1446 supp_rates |= BIT(j);
1447 }
1448
1449 prev_rates = sta->supp_rates;
1450 sta->supp_rates &= supp_rates;
1451 if (sta->supp_rates == 0) {
1452 /* No matching rates - this should not really happen.
1453 * Make sure that at least one rate is marked
1454 * supported to avoid issues with TX rate ctrl. */
1455 sta->supp_rates = wpa_s->mlme.supp_rates_bits;
1456 }
1457 if (sta->supp_rates != prev_rates) {
1458 wpa_printf(MSG_DEBUG, "MLME: updated supp_rates set "
1459 "for " MACSTR " based on beacon info "
1460 "(0x%x & 0x%x -> 0x%x)",
1461 MAC2STR(sta->addr), prev_rates,
1462 supp_rates, sta->supp_rates);
1463 }
1464 sta_info_release(local, sta);
1465 }
1466#endif
1467
1468 if (elems.ssid == NULL)
1469 return;
1470
1471 if (elems.ds_params && elems.ds_params_len == 1)
1472 channel = elems.ds_params[0];
1473 else
1474 channel = rx_status->channel;
1475
1476 bss = ieee80211_bss_get(wpa_s, mgmt->bssid);
1477 if (bss == NULL) {
1478 bss = ieee80211_bss_add(wpa_s, mgmt->bssid);
1479 if (bss == NULL)
1480 return;
1481 } else {
1482#if 0
1483 /* TODO: order by RSSI? */
1484 spin_lock_bh(&local->sta_bss_lock);
1485 list_move_tail(&bss->list, &local->sta_bss_list);
1486 spin_unlock_bh(&local->sta_bss_lock);
1487#endif
1488 }
1489
1490 if (bss->probe_resp && beacon) {
1491 /* Do not allow beacon to override data from Probe Response. */
1492 return;
1493 }
1494
1495 bss->beacon_int = le_to_host16(mgmt->u.beacon.beacon_int);
1496 bss->capability = le_to_host16(mgmt->u.beacon.capab_info);
1497
1498 if (bss->ie == NULL || bss->ie_len < ie_len) {
1499 os_free(bss->ie);
1500 bss->ie = os_malloc(ie_len);
1501 }
1502 if (bss->ie) {
1503 os_memcpy(bss->ie, ie_pos, ie_len);
1504 bss->ie_len = ie_len;
1505 }
1506
1507 if (elems.ssid && elems.ssid_len <= MAX_SSID_LEN) {
1508 os_memcpy(bss->ssid, elems.ssid, elems.ssid_len);
1509 bss->ssid_len = elems.ssid_len;
1510 }
1511
1512 bss->supp_rates_len = 0;
1513 if (elems.supp_rates) {
1514 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1515 if (clen > elems.supp_rates_len)
1516 clen = elems.supp_rates_len;
1517 os_memcpy(&bss->supp_rates[bss->supp_rates_len],
1518 elems.supp_rates, clen);
1519 bss->supp_rates_len += clen;
1520 }
1521 if (elems.ext_supp_rates) {
1522 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1523 if (clen > elems.ext_supp_rates_len)
1524 clen = elems.ext_supp_rates_len;
1525 os_memcpy(&bss->supp_rates[bss->supp_rates_len],
1526 elems.ext_supp_rates, clen);
1527 bss->supp_rates_len += clen;
1528 }
1529
1add3c33
JM		 1530 if (elems.wpa_ie &&
1531 (bss->wpa_ie == NULL || bss->wpa_ie_len != elems.wpa_ie_len ||
1532 os_memcmp(bss->wpa_ie, elems.wpa_ie, elems.wpa_ie_len))) {
6fc6879b 1533 os_free(bss->wpa_ie);
1add3c33 1534 bss->wpa_ie = os_malloc(elems.wpa_ie_len + 2);
6fc6879b 1535 if (bss->wpa_ie) {
1add3c33
JM		 1536 os_memcpy(bss->wpa_ie, elems.wpa_ie - 2,
1537 elems.wpa_ie_len + 2);
1538 bss->wpa_ie_len = elems.wpa_ie_len + 2;
6fc6879b
JM		 1539 } else
1540 bss->wpa_ie_len = 0;
1add3c33 1541 } else if (!elems.wpa_ie && bss->wpa_ie) {
6fc6879b
JM		 1542 os_free(bss->wpa_ie);
1543 bss->wpa_ie = NULL;
1544 bss->wpa_ie_len = 0;
1545 }
1546
1add3c33
JM		 1547 if (elems.rsn_ie &&
1548 (bss->rsn_ie == NULL || bss->rsn_ie_len != elems.rsn_ie_len ||
1549 os_memcmp(bss->rsn_ie, elems.rsn_ie, elems.rsn_ie_len))) {
6fc6879b 1550 os_free(bss->rsn_ie);
1add3c33 1551 bss->rsn_ie = os_malloc(elems.rsn_ie_len + 2);
6fc6879b 1552 if (bss->rsn_ie) {
1add3c33
JM		 1553 os_memcpy(bss->rsn_ie, elems.rsn_ie - 2,
1554 elems.rsn_ie_len + 2);
1555 bss->rsn_ie_len = elems.rsn_ie_len + 2;
6fc6879b
JM		 1556 } else
1557 bss->rsn_ie_len = 0;
1add3c33 1558 } else if (!elems.rsn_ie && bss->rsn_ie) {
6fc6879b
JM		 1559 os_free(bss->rsn_ie);
1560 bss->rsn_ie = NULL;
1561 bss->rsn_ie_len = 0;
1562 }
1563
77ac4466
JM		 1564 if (elems.wmm &&
1565 (bss->wmm_ie == NULL || bss->wmm_ie_len != elems.wmm_len ||
1566 os_memcmp(bss->wmm_ie, elems.wmm, elems.wmm_len))) {
6fc6879b 1567 os_free(bss->wmm_ie);
77ac4466 1568 bss->wmm_ie = os_malloc(elems.wmm_len + 2);
6fc6879b 1569 if (bss->wmm_ie) {
77ac4466
JM		 1570 os_memcpy(bss->wmm_ie, elems.wmm - 2,
1571 elems.wmm_len + 2);
1572 bss->wmm_ie_len = elems.wmm_len + 2;
6fc6879b
JM		 1573 } else
1574 bss->wmm_ie_len = 0;
77ac4466 1575 } else if (!elems.wmm && bss->wmm_ie) {
6fc6879b
JM		 1576 os_free(bss->wmm_ie);
1577 bss->wmm_ie = NULL;
1578 bss->wmm_ie_len = 0;
1579 }
1580
1581#ifdef CONFIG_IEEE80211R
1582 if (elems.mdie &&
1583 (bss->mdie == NULL || bss->mdie_len != elems.mdie_len ||
1584 os_memcmp(bss->mdie, elems.mdie, elems.mdie_len))) {
1585 os_free(bss->mdie);
1586 bss->mdie = os_malloc(elems.mdie_len + 2);
1587 if (bss->mdie) {
1588 os_memcpy(bss->mdie, elems.mdie - 2,
1589 elems.mdie_len + 2);
1590 bss->mdie_len = elems.mdie_len + 2;
1591 } else
1592 bss->mdie_len = 0;
1593 } else if (!elems.mdie && bss->mdie) {
1594 os_free(bss->mdie);
1595 bss->mdie = NULL;
1596 bss->mdie_len = 0;
1597 }
1598#endif /* CONFIG_IEEE80211R */
1599
1600 bss->hw_mode = wpa_s->mlme.phymode;
1601 bss->channel = channel;
1602 bss->freq = wpa_s->mlme.freq;
1603 if (channel != wpa_s->mlme.channel &&
6caf9ca6
JM		 1604 (wpa_s->mlme.phymode == HOSTAPD_MODE_IEEE80211G ||
1605 wpa_s->mlme.phymode == HOSTAPD_MODE_IEEE80211B) &&
6fc6879b
JM		 1606 channel >= 1 && channel <= 14) {
1607 static const int freq_list[] = {
1608 2412, 2417, 2422, 2427, 2432, 2437, 2442,
1609 2447, 2452, 2457, 2462, 2467, 2472, 2484
1610 };
1611 /* IEEE 802.11g/b mode can receive packets from neighboring
1612 * channels, so map the channel into frequency. */
1613 bss->freq = freq_list[channel - 1];
1614 }
1615 bss->timestamp = timestamp;
1616 os_get_time(&bss->last_update);
1617 bss->rssi = rx_status->ssi;
1618 if (!beacon)
1619 bss->probe_resp++;
1620}
1621
1622
1623static void ieee80211_rx_mgmt_probe_resp(struct wpa_supplicant *wpa_s,
1624 struct ieee80211_mgmt *mgmt,
1625 size_t len,
1626 struct ieee80211_rx_status *rx_status)
1627{
1628 ieee80211_bss_info(wpa_s, mgmt, len, rx_status, 0);
1629}
1630
1631
1632static void ieee80211_rx_mgmt_beacon(struct wpa_supplicant *wpa_s,
1633 struct ieee80211_mgmt *mgmt,
1634 size_t len,
1635 struct ieee80211_rx_status *rx_status)
1636{
1637 int use_protection;
1638 size_t baselen;
1639 struct ieee802_11_elems elems;
1640
1641 ieee80211_bss_info(wpa_s, mgmt, len, rx_status, 1);
1642
1643 if (!wpa_s->mlme.associated ||
1644 os_memcmp(wpa_s->bssid, mgmt->bssid, ETH_ALEN) != 0)
1645 return;
1646
1647 /* Process beacon from the current BSS */
1648 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1649 if (baselen > len)
1650 return;
1651
1652 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
1add3c33 1653 &elems, 0) == ParseFailed)
6fc6879b
JM		 1654 return;
1655
1656 use_protection = 0;
1657 if (elems.erp_info && elems.erp_info_len >= 1) {
1658 use_protection =
1659 (elems.erp_info[0] & ERP_INFO_USE_PROTECTION) != 0;
1660 }
1661
1662 if (use_protection != !!wpa_s->mlme.use_protection) {
1663 wpa_printf(MSG_DEBUG, "MLME: CTS protection %s (BSSID=" MACSTR
1664 ")",
1665 use_protection ? "enabled" : "disabled",
1666 MAC2STR(wpa_s->bssid));
1667 wpa_s->mlme.use_protection = use_protection ? 1 : 0;
1668 wpa_s->mlme.cts_protect_erp_frames = use_protection;
1669 }
1670
77ac4466
JM		 1671 if (elems.wmm && wpa_s->mlme.wmm_enabled) {
1672 ieee80211_sta_wmm_params(wpa_s, elems.wmm,
1673 elems.wmm_len);
6fc6879b
JM		 1674 }
1675}
1676
1677
1678static void ieee80211_rx_mgmt_probe_req(struct wpa_supplicant *wpa_s,
1679 struct ieee80211_mgmt *mgmt,
1680 size_t len,
1681 struct ieee80211_rx_status *rx_status)
1682{
1683 int tx_last_beacon, adhoc;
1684#if 0 /* FIX */
1685 struct ieee80211_mgmt *resp;
1686#endif
1687 u8 *pos, *end;
1688 struct wpa_ssid *ssid = wpa_s->current_ssid;
1689
1690 adhoc = ssid && ssid->mode == 1;
1691
1692 if (!adhoc || wpa_s->mlme.state != IEEE80211_IBSS_JOINED ||
1693 len < 24 + 2 || wpa_s->mlme.probe_resp == NULL)
1694 return;
1695
1696#if 0 /* FIX */
1697 if (local->hw->tx_last_beacon)
1698 tx_last_beacon = local->hw->tx_last_beacon(local->mdev);
1699 else
1700#endif
1701 tx_last_beacon = 1;
1702
1703#ifdef IEEE80211_IBSS_DEBUG
1704 wpa_printf(MSG_DEBUG, "MLME: RX ProbeReq SA=" MACSTR " DA=" MACSTR
1705 " BSSID=" MACSTR " (tx_last_beacon=%d)",
1706 MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
1707 MAC2STR(mgmt->bssid), tx_last_beacon);
1708#endif /* IEEE80211_IBSS_DEBUG */
1709
1710 if (!tx_last_beacon)
1711 return;
1712
1713 if (os_memcmp(mgmt->bssid, wpa_s->bssid, ETH_ALEN) != 0 &&
1714 os_memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
1715 return;
1716
1717 end = ((u8 *) mgmt) + len;
1718 pos = mgmt->u.probe_req.variable;
1719 if (pos[0] != WLAN_EID_SSID ||
1720 pos + 2 + pos[1] > end) {
1721 wpa_printf(MSG_DEBUG, "MLME: Invalid SSID IE in ProbeReq from "
1722 MACSTR, MAC2STR(mgmt->sa));
1723 return;
1724 }
1725 if (pos[1] != 0 &&
1726 (pos[1] != wpa_s->mlme.ssid_len ||
1727 os_memcmp(pos + 2, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len) != 0))
1728 {
1729 /* Ignore ProbeReq for foreign SSID */
1730 return;
1731 }
1732
1733#if 0 /* FIX */
1734 /* Reply with ProbeResp */
1735 skb = skb_copy(wpa_s->mlme.probe_resp, GFP_ATOMIC);
1736 if (skb == NULL)
1737 return;
1738
1739 resp = (struct ieee80211_mgmt *) skb->data;
1740 os_memcpy(resp->da, mgmt->sa, ETH_ALEN);
1741#ifdef IEEE80211_IBSS_DEBUG
1742 wpa_printf(MSG_DEBUG, "MLME: Sending ProbeResp to " MACSTR,
1743 MAC2STR(resp->da));
1744#endif /* IEEE80211_IBSS_DEBUG */
1745 ieee80211_sta_tx(wpa_s, skb, 0, 1);
1746#endif
1747}
1748
1749
5d22a1d5 1750#ifdef CONFIG_IEEE80211R
6fc6879b
JM		 1751static void ieee80211_rx_mgmt_ft_action(struct wpa_supplicant *wpa_s,
1752 struct ieee80211_mgmt *mgmt,
1753 size_t len,
1754 struct ieee80211_rx_status *rx_status)
1755{
1756 union wpa_event_data data;
1757 u16 status;
1758 u8 *sta_addr, *target_ap_addr;
1759
1760 if (len < 24 + 1 + sizeof(mgmt->u.action.u.ft_action_resp)) {
1761 wpa_printf(MSG_DEBUG, "MLME: Too short FT Action frame");
1762 return;
1763 }
1764
1765 /*
1766 * Only FT Action Response is needed for now since reservation
1767 * protocol is not supported.
1768 */
1769 if (mgmt->u.action.u.ft_action_resp.action != 2) {
1770 wpa_printf(MSG_DEBUG, "MLME: Unexpected FT Action %d",
1771 mgmt->u.action.u.ft_action_resp.action);
1772 return;
1773 }
1774
1775 status = le_to_host16(mgmt->u.action.u.ft_action_resp.status_code);
1776 sta_addr = mgmt->u.action.u.ft_action_resp.sta_addr;
1777 target_ap_addr = mgmt->u.action.u.ft_action_resp.target_ap_addr;
1778 wpa_printf(MSG_DEBUG, "MLME: Received FT Action Response: STA " MACSTR
1779 " TargetAP " MACSTR " Status Code %d",
1780 MAC2STR(sta_addr), MAC2STR(target_ap_addr), status);
1781 if (os_memcmp(sta_addr, wpa_s->own_addr, ETH_ALEN) != 0) {
1782 wpa_printf(MSG_DEBUG, "MLME: Foreign STA Address " MACSTR
1783 " in FT Action Response", MAC2STR(sta_addr));
1784 return;
6fc6879b
JM		 1785 }
1786
1787 if (status) {
1788 wpa_printf(MSG_DEBUG, "MLME: FT Action Response indicates "
1789 "failure (status code %d)", status);
1790 /* TODO: report error to FT code(?) */
1791 return;
1792 }
1793
1794 os_memset(&data, 0, sizeof(data));
1795 data.ft_ies.ies = mgmt->u.action.u.ft_action_resp.variable;
1796 data.ft_ies.ies_len = len - (mgmt->u.action.u.ft_action_resp.variable -
1797 (u8 *) mgmt);
1798 data.ft_ies.ft_action = 1;
1799 os_memcpy(data.ft_ies.target_ap, target_ap_addr, ETH_ALEN);
1800 wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &data);
1801 /* TODO: should only re-associate, if EVENT_FT_RESPONSE was processed
1802 * successfully */
1803 wpa_s->mlme.prev_bssid_set = 1;
1804 wpa_s->mlme.auth_alg = WLAN_AUTH_FT;
1805 os_memcpy(wpa_s->mlme.prev_bssid, wpa_s->bssid, ETH_ALEN);
1806 os_memcpy(wpa_s->bssid, target_ap_addr, ETH_ALEN);
1807 ieee80211_associate(wpa_s);
1808}
5d22a1d5
JM		 1809#endif /* CONFIG_IEEE80211R */
1810
1811
1812#ifdef CONFIG_IEEE80211W
1813
93b76319
JM		 1814/* MLME-SAQuery.response */
1815static int ieee80211_sta_send_sa_query_resp(struct wpa_supplicant *wpa_s,
1816 const u8 *addr, const u8 *trans_id)
5d22a1d5
JM		 1817{
1818 struct ieee80211_mgmt *mgmt;
1819 int res;
1820 size_t len;
1821
1822 mgmt = os_zalloc(sizeof(*mgmt));
1823 if (mgmt == NULL) {
1824 wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for "
93b76319 1825 "SA Query action frame");
5d22a1d5
JM		 1826 return -1;
1827 }
1828
1829 len = 24;
1830 os_memcpy(mgmt->da, addr, ETH_ALEN);
1831 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
1832 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
1833 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
1834 WLAN_FC_STYPE_ACTION);
93b76319
JM		 1835 mgmt->u.action.category = WLAN_ACTION_SA_QUERY;
1836 mgmt->u.action.u.sa_query_resp.action = WLAN_SA_QUERY_RESPONSE;
1837 os_memcpy(mgmt->u.action.u.sa_query_resp.trans_id, trans_id,
1838 WLAN_SA_QUERY_TR_ID_LEN);
1839 len += 1 + sizeof(mgmt->u.action.u.sa_query_resp);
5d22a1d5
JM		 1840
1841 res = ieee80211_sta_tx(wpa_s, (u8 *) mgmt, len);
1842 os_free(mgmt);
1843
1844 return res;
1845}
1846
1847
93b76319 1848static void ieee80211_rx_mgmt_sa_query_action(
5d22a1d5
JM		 1849 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len,
1850 struct ieee80211_rx_status *rx_status)
1851{
93b76319
JM		 1852 if (len < 24 + 1 + sizeof(mgmt->u.action.u.sa_query_req)) {
1853 wpa_printf(MSG_DEBUG, "MLME: Too short SA Query Action frame");
5d22a1d5
JM		 1854 return;
1855 }
1856
93b76319
JM		 1857 if (mgmt->u.action.u.sa_query_req.action != WLAN_SA_QUERY_REQUEST) {
1858 wpa_printf(MSG_DEBUG, "MLME: Unexpected SA Query Action %d",
1859 mgmt->u.action.u.sa_query_req.action);
5d22a1d5
JM		 1860 return;
1861 }
1862
1863 if (os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) != 0) {
93b76319
JM		 1864 wpa_printf(MSG_DEBUG, "MLME: Ignore SA Query from unknown "
1865 "source " MACSTR, MAC2STR(mgmt->sa));
5d22a1d5
JM		 1866 return;
1867 }
1868
1869 if (wpa_s->mlme.state == IEEE80211_ASSOCIATE) {
93b76319 1870 wpa_printf(MSG_DEBUG, "MLME: Ignore SA query request during "
5d22a1d5
JM		 1871 "association process");
1872 return;
1873 }
1874
93b76319
JM		 1875 wpa_printf(MSG_DEBUG, "MLME: Replying to SA Query request");
1876 ieee80211_sta_send_sa_query_resp(wpa_s, mgmt->sa, mgmt->u.action.u.
1877 sa_query_req.trans_id);
5d22a1d5
JM		 1878}
1879
1880#endif /* CONFIG_IEEE80211W */
6fc6879b
JM		 1881
1882
ed843aaa
JM		 1883static void dump_tspec(struct wmm_tspec_element *tspec)
1884{
1885 int up, psb, dir, tid;
1886 u16 val;
1887
1888 up = (tspec->ts_info[1] >> 3) & 0x07;
1889 psb = (tspec->ts_info[1] >> 2) & 0x01;
1890 dir = (tspec->ts_info[0] >> 5) & 0x03;
1891 tid = (tspec->ts_info[0] >> 1) & 0x0f;
1892 wpa_printf(MSG_DEBUG, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d",
1893 up, psb, dir, tid);
1894 val = le_to_host16(tspec->nominal_msdu_size);
1895 wpa_printf(MSG_DEBUG, "WMM: Nominal MSDU Size: %d%s",
1896 val & 0x7fff, val & 0x8000 ? " (fixed)" : "");
1897 wpa_printf(MSG_DEBUG, "WMM: Mean Data Rate: %u bps",
1898 le_to_host32(tspec->mean_data_rate));
1899 wpa_printf(MSG_DEBUG, "WMM: Minimum PHY Rate: %u bps",
1900 le_to_host32(tspec->minimum_phy_rate));
1901 val = le_to_host16(tspec->surplus_bandwidth_allowance);
1902 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance: %u.%04u",
1903 val >> 13, 10000 * (val & 0x1fff) / 0x2000);
1904 val = le_to_host16(tspec->medium_time);
1905 wpa_printf(MSG_DEBUG, "WMM: Medium Time: %u (= %u usec/sec)",
1906 val, 32 * val);
1907}
1908
1909
1910static int is_wmm_tspec(const u8 *ie, size_t len)
1911{
1912 const struct wmm_tspec_element *tspec;
1913
1914 if (len < sizeof(*tspec))
1915 return 0;
1916
1917 tspec = (const struct wmm_tspec_element *) ie;
1918 if (tspec->eid != WLAN_EID_VENDOR_SPECIFIC ||
1919 tspec->length < sizeof(*tspec) - 2 ||
1920 tspec->oui[0] != 0x00 || tspec->oui[1] != 0x50 ||
1921 tspec->oui[2] != 0xf2 || tspec->oui_type != 2 ||
1922 tspec->oui_subtype != 2 || tspec->version != 1)
1923 return 0;
1924
1925 return 1;
1926}
1927
1928
1929static void ieee80211_rx_addts_resp(
1930 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len,
1931 size_t var_len)
1932{
1933 struct wmm_tspec_element *tspec;
1934
1935 wpa_printf(MSG_DEBUG, "WMM: Received ADDTS Response");
1936 wpa_hexdump(MSG_MSGDUMP, "WMM: ADDTS Response IE(s)",
1937 mgmt->u.action.u.wmm_action.variable, var_len);
1938 if (!is_wmm_tspec(mgmt->u.action.u.wmm_action.variable, var_len))
1939 return;
1940 tspec = (struct wmm_tspec_element *)
1941 mgmt->u.action.u.wmm_action.variable;
1942 dump_tspec(tspec);
1943}
1944
1945
1946static void ieee80211_rx_delts(
1947 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len,
1948 size_t var_len)
1949{
1950 struct wmm_tspec_element *tspec;
1951
1952 wpa_printf(MSG_DEBUG, "WMM: Received DELTS");
1953 wpa_hexdump(MSG_MSGDUMP, "WMM: DELTS IE(s)",
1954 mgmt->u.action.u.wmm_action.variable, var_len);
1955 if (!is_wmm_tspec(mgmt->u.action.u.wmm_action.variable, var_len))
1956 return;
1957 tspec = (struct wmm_tspec_element *)
1958 mgmt->u.action.u.wmm_action.variable;
1959 dump_tspec(tspec);
1960}
1961
1962
1963static void ieee80211_rx_mgmt_wmm_action(
1964 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len,
1965 struct ieee80211_rx_status *rx_status)
1966{
1967 size_t alen;
1968
1969 alen = mgmt->u.action.u.wmm_action.variable - (u8 *) mgmt;
1970 if (len < alen) {
1971 wpa_printf(MSG_DEBUG, "WMM: Received Action frame too short");
1972 return;
1973 }
1974
1975 wpa_printf(MSG_DEBUG, "WMM: Received Action frame: Action Code %d, "
1976 "Dialog Token %d, Status Code %d",
1977 mgmt->u.action.u.wmm_action.action_code,
1978 mgmt->u.action.u.wmm_action.dialog_token,
1979 mgmt->u.action.u.wmm_action.status_code);
1980
1981 switch (mgmt->u.action.u.wmm_action.action_code) {
1982 case WMM_ACTION_CODE_ADDTS_RESP:
1983 ieee80211_rx_addts_resp(wpa_s, mgmt, len, len - alen);
1984 break;
1985 case WMM_ACTION_CODE_DELTS:
1986 ieee80211_rx_delts(wpa_s, mgmt, len, len - alen);
1987 break;
1988 default:
1989 wpa_printf(MSG_DEBUG, "WMM: Unsupported Action Code %d",
1990 mgmt->u.action.u.wmm_action.action_code);
1991 break;
1992 }
1993}
1994
1995
6fc6879b
JM		 1996static void ieee80211_rx_mgmt_action(struct wpa_supplicant *wpa_s,
1997 struct ieee80211_mgmt *mgmt,
1998 size_t len,
1999 struct ieee80211_rx_status *rx_status)
2000{
2001 wpa_printf(MSG_DEBUG, "MLME: received Action frame");
2002
2003 if (len < 25)
2004 return;
2005
5d22a1d5
JM		 2006 switch (mgmt->u.action.category) {
2007#ifdef CONFIG_IEEE80211R
2008 case WLAN_ACTION_FT:
6fc6879b 2009 ieee80211_rx_mgmt_ft_action(wpa_s, mgmt, len, rx_status);
5d22a1d5
JM		 2010 break;
2011#endif /* CONFIG_IEEE80211R */
488af690 2012#ifdef CONFIG_IEEE80211W
93b76319
JM		 2013 case WLAN_ACTION_SA_QUERY:
2014 ieee80211_rx_mgmt_sa_query_action(wpa_s, mgmt, len, rx_status);
5d22a1d5 2015 break;
5d22a1d5 2016#endif /* CONFIG_IEEE80211W */
ed843aaa
JM		 2017 case WLAN_ACTION_WMM:
2018 ieee80211_rx_mgmt_wmm_action(wpa_s, mgmt, len, rx_status);
2019 break;
5d22a1d5 2020 default:
6fc6879b
JM		 2021 wpa_printf(MSG_DEBUG, "MLME: unknown Action Category %d",
2022 mgmt->u.action.category);
5d22a1d5
JM		 2023 break;
2024 }
6fc6879b
JM		 2025}
2026
2027
2028static void ieee80211_sta_rx_mgmt(struct wpa_supplicant *wpa_s,
2029 const u8 *buf, size_t len,
2030 struct ieee80211_rx_status *rx_status)
2031{
2032 struct ieee80211_mgmt *mgmt;
2033 u16 fc;
2034
2035 if (len < 24)
2036 return;
2037
2038 mgmt = (struct ieee80211_mgmt *) buf;
2039 fc = le_to_host16(mgmt->frame_control);
2040
2041 switch (WLAN_FC_GET_STYPE(fc)) {
2042 case WLAN_FC_STYPE_PROBE_REQ:
2043 ieee80211_rx_mgmt_probe_req(wpa_s, mgmt, len, rx_status);
2044 break;
2045 case WLAN_FC_STYPE_PROBE_RESP:
2046 ieee80211_rx_mgmt_probe_resp(wpa_s, mgmt, len, rx_status);
2047 break;
2048 case WLAN_FC_STYPE_BEACON:
2049 ieee80211_rx_mgmt_beacon(wpa_s, mgmt, len, rx_status);
2050 break;
2051 case WLAN_FC_STYPE_AUTH:
2052 ieee80211_rx_mgmt_auth(wpa_s, mgmt, len, rx_status);
2053 break;
2054 case WLAN_FC_STYPE_ASSOC_RESP:
2055 ieee80211_rx_mgmt_assoc_resp(wpa_s, mgmt, len, rx_status, 0);
2056 break;
2057 case WLAN_FC_STYPE_REASSOC_RESP:
2058 ieee80211_rx_mgmt_assoc_resp(wpa_s, mgmt, len, rx_status, 1);
2059 break;
2060 case WLAN_FC_STYPE_DEAUTH:
2061 ieee80211_rx_mgmt_deauth(wpa_s, mgmt, len, rx_status);
2062 break;
2063 case WLAN_FC_STYPE_DISASSOC:
2064 ieee80211_rx_mgmt_disassoc(wpa_s, mgmt, len, rx_status);
2065 break;
2066 case WLAN_FC_STYPE_ACTION:
2067 ieee80211_rx_mgmt_action(wpa_s, mgmt, len, rx_status);
2068 break;
2069 default:
2070 wpa_printf(MSG_DEBUG, "MLME: received unknown management "
2071 "frame - stype=%d", WLAN_FC_GET_STYPE(fc));
2072 break;
2073 }
2074}
2075
2076
2077static void ieee80211_sta_rx_scan(struct wpa_supplicant *wpa_s,
2078 const u8 *buf, size_t len,
2079 struct ieee80211_rx_status *rx_status)
2080{
2081 struct ieee80211_mgmt *mgmt;
2082 u16 fc;
2083
2084 if (len < 24)
2085 return;
2086
2087 mgmt = (struct ieee80211_mgmt *) buf;
2088 fc = le_to_host16(mgmt->frame_control);
2089
2090 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT) {
2091 if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
2092 ieee80211_rx_mgmt_probe_resp(wpa_s, mgmt,
2093 len, rx_status);
2094 } else if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) {
2095 ieee80211_rx_mgmt_beacon(wpa_s, mgmt, len, rx_status);
2096 }
2097 }
2098}
2099
2100
2101static int ieee80211_sta_active_ibss(struct wpa_supplicant *wpa_s)
2102{
2103 int active = 0;
2104
2105#if 0 /* FIX */
2106 list_for_each(ptr, &local->sta_list) {
2107 sta = list_entry(ptr, struct sta_info, list);
2108 if (sta->dev == dev &&
2109 time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
2110 jiffies)) {
2111 active++;
2112 break;
2113 }
2114 }
2115#endif
2116
2117 return active;
2118}
2119
2120
2121static void ieee80211_sta_expire(struct wpa_supplicant *wpa_s)
2122{
2123#if 0 /* FIX */
2124 list_for_each_safe(ptr, n, &local->sta_list) {
2125 sta = list_entry(ptr, struct sta_info, list);
2126 if (time_after(jiffies, sta->last_rx +
2127 IEEE80211_IBSS_INACTIVITY_LIMIT)) {
2128 wpa_printf(MSG_DEBUG, "MLME: expiring inactive STA "
2129 MACSTR, MAC2STR(sta->addr));
2130 sta_info_free(local, sta, 1);
2131 }
2132 }
2133#endif
2134}
2135
2136
2137static void ieee80211_sta_merge_ibss(struct wpa_supplicant *wpa_s)
2138{
2139 ieee80211_reschedule_timer(wpa_s, IEEE80211_IBSS_MERGE_INTERVAL);
2140
2141 ieee80211_sta_expire(wpa_s);
2142 if (ieee80211_sta_active_ibss(wpa_s))
2143 return;
2144
2145 wpa_printf(MSG_DEBUG, "MLME: No active IBSS STAs - trying to scan for "
2146 "other IBSS networks with same SSID (merge)");
2147 ieee80211_sta_req_scan(wpa_s, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
2148}
2149
2150
2151static void ieee80211_sta_timer(void *eloop_ctx, void *timeout_ctx)
2152{
2153 struct wpa_supplicant *wpa_s = eloop_ctx;
2154
2155 switch (wpa_s->mlme.state) {
2156 case IEEE80211_DISABLED:
2157 break;
2158 case IEEE80211_AUTHENTICATE:
2159 ieee80211_authenticate(wpa_s);
2160 break;
2161 case IEEE80211_ASSOCIATE:
2162 ieee80211_associate(wpa_s);
2163 break;
2164 case IEEE80211_ASSOCIATED:
2165 ieee80211_associated(wpa_s);
2166 break;
2167 case IEEE80211_IBSS_SEARCH:
2168 ieee80211_sta_find_ibss(wpa_s);
2169 break;
2170 case IEEE80211_IBSS_JOINED:
2171 ieee80211_sta_merge_ibss(wpa_s);
2172 break;
2173 default:
2174 wpa_printf(MSG_DEBUG, "ieee80211_sta_timer: Unknown state %d",
2175 wpa_s->mlme.state);
2176 break;
2177 }
2178
2179 if (ieee80211_privacy_mismatch(wpa_s)) {
2180 wpa_printf(MSG_DEBUG, "MLME: privacy configuration mismatch "
2181 "and mixed-cell disabled - disassociate");
2182
2183 ieee80211_send_disassoc(wpa_s, WLAN_REASON_UNSPECIFIED);
2184 ieee80211_set_associated(wpa_s, 0);
2185 }
2186}
2187
2188
2189static void ieee80211_sta_new_auth(struct wpa_supplicant *wpa_s)
2190{
2191 struct wpa_ssid *ssid = wpa_s->current_ssid;
2192 if (ssid && ssid->mode != 0)
2193 return;
2194
2195#if 0 /* FIX */
2196 if (local->hw->reset_tsf) {
2197 /* Reset own TSF to allow time synchronization work. */
2198 local->hw->reset_tsf(local->mdev);
2199 }
2200#endif
2201
2202 wpa_s->mlme.wmm_last_param_set = -1; /* allow any WMM update */
2203
2204
2205 if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_OPEN)
2206 wpa_s->mlme.auth_alg = WLAN_AUTH_OPEN;
2207 else if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
2208 wpa_s->mlme.auth_alg = WLAN_AUTH_SHARED_KEY;
2209 else if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_LEAP)
2210 wpa_s->mlme.auth_alg = WLAN_AUTH_LEAP;
2211 else
2212 wpa_s->mlme.auth_alg = WLAN_AUTH_OPEN;
2213 wpa_printf(MSG_DEBUG, "MLME: Initial auth_alg=%d",
2214 wpa_s->mlme.auth_alg);
2215 wpa_s->mlme.auth_transaction = -1;
2216 wpa_s->mlme.auth_tries = wpa_s->mlme.assoc_tries = 0;
2217 ieee80211_authenticate(wpa_s);
2218}
2219
2220
2221static int ieee80211_ibss_allowed(struct wpa_supplicant *wpa_s)
2222{
2223#if 0 /* FIX */
2224 int m, c;
2225
2226 for (m = 0; m < local->hw->num_modes; m++) {
2227 struct ieee80211_hw_modes *mode = &local->hw->modes[m];
2228 if (mode->mode != local->conf.phymode)
2229 continue;
2230 for (c = 0; c < mode->num_channels; c++) {
2231 struct ieee80211_channel *chan = &mode->channels[c];
2232 if (chan->flag & IEEE80211_CHAN_W_SCAN &&
2233 chan->chan == local->conf.channel) {
2234 if (chan->flag & IEEE80211_CHAN_W_IBSS)
2235 return 1;
2236 break;
2237 }
2238 }
2239 }
2240#endif
2241
2242 return 0;
2243}
2244
2245
2246static int ieee80211_sta_join_ibss(struct wpa_supplicant *wpa_s,
2247 struct ieee80211_sta_bss *bss)
2248{
8bac466b 2249 int res = 0, rates, done = 0, bssid_changed;
6fc6879b
JM		 2250 struct ieee80211_mgmt *mgmt;
2251#if 0 /* FIX */
2252 struct ieee80211_tx_control control;
2253 struct ieee80211_rate *rate;
2254 struct rate_control_extra extra;
2255#endif
2256 u8 *pos, *buf;
2257 size_t len;
2258
2259 /* Remove possible STA entries from other IBSS networks. */
2260#if 0 /* FIX */
2261 sta_info_flush(local, NULL);
2262
2263 if (local->hw->reset_tsf) {
2264 /* Reset own TSF to allow time synchronization work. */
2265 local->hw->reset_tsf(local->mdev);
2266 }
2267#endif
8bac466b 2268 bssid_changed = os_memcmp(wpa_s->bssid, bss->bssid, ETH_ALEN);
6fc6879b 2269 os_memcpy(wpa_s->bssid, bss->bssid, ETH_ALEN);
8bac466b
JM		 2270 if (bssid_changed)
2271 wpas_notify_bssid_changed(wpa_s);
6fc6879b
JM		 2272
2273#if 0 /* FIX */
2274 local->conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
2275
2276 sdata->drop_unencrypted = bss->capability &
2277 host_to_le16(WLAN_CAPABILITY_PRIVACY) ? 1 : 0;
2278#endif
2279
2280#if 0 /* FIX */
2281 os_memset(&rq, 0, sizeof(rq));
2282 rq.m = bss->freq * 100000;
2283 rq.e = 1;
2284 res = ieee80211_ioctl_siwfreq(wpa_s, NULL, &rq, NULL);
2285#endif
2286
2287 if (!ieee80211_ibss_allowed(wpa_s)) {
2288#if 0 /* FIX */
2289 wpa_printf(MSG_DEBUG, "MLME: IBSS not allowed on channel %d "
2290 "(%d MHz)", local->conf.channel,
2291 local->conf.freq);
2292#endif
2293 return -1;
2294 }
2295
2296 /* Set beacon template based on scan results */
2297 buf = os_malloc(400);
2298 len = 0;
2299 do {
2300 if (buf == NULL)
2301 break;
2302
2303 mgmt = (struct ieee80211_mgmt *) buf;
2304 len += 24 + sizeof(mgmt->u.beacon);
2305 os_memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2306 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2307 WLAN_FC_STYPE_BEACON);
2308 os_memset(mgmt->da, 0xff, ETH_ALEN);
2309 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
2310 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
2311#if 0 /* FIX */
2312 mgmt->u.beacon.beacon_int =
2313 host_to_le16(local->conf.beacon_int);
2314#endif
2315 mgmt->u.beacon.capab_info = host_to_le16(bss->capability);
2316
2317 pos = buf + len;
2318 len += 2 + wpa_s->mlme.ssid_len;
2319 *pos++ = WLAN_EID_SSID;
2320 *pos++ = wpa_s->mlme.ssid_len;
2321 os_memcpy(pos, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
2322
2323 rates = bss->supp_rates_len;
2324 if (rates > 8)
2325 rates = 8;
2326 pos = buf + len;
2327 len += 2 + rates;
2328 *pos++ = WLAN_EID_SUPP_RATES;
2329 *pos++ = rates;
2330 os_memcpy(pos, bss->supp_rates, rates);
2331
2332 pos = buf + len;
2333 len += 2 + 1;
2334 *pos++ = WLAN_EID_DS_PARAMS;
2335 *pos++ = 1;
2336 *pos++ = bss->channel;
2337
2338 pos = buf + len;
2339 len += 2 + 2;
2340 *pos++ = WLAN_EID_IBSS_PARAMS;
2341 *pos++ = 2;
2342 /* FIX: set ATIM window based on scan results */
2343 *pos++ = 0;
2344 *pos++ = 0;
2345
2346 if (bss->supp_rates_len > 8) {
2347 rates = bss->supp_rates_len - 8;
2348 pos = buf + len;
2349 len += 2 + rates;
2350 *pos++ = WLAN_EID_EXT_SUPP_RATES;
2351 *pos++ = rates;
2352 os_memcpy(pos, &bss->supp_rates[8], rates);
2353 }
2354
2355#if 0 /* FIX */
2356 os_memset(&control, 0, sizeof(control));
2357 control.pkt_type = PKT_PROBE_RESP;
2358 os_memset(&extra, 0, sizeof(extra));
2359 extra.endidx = local->num_curr_rates;
2360 rate = rate_control_get_rate(wpa_s, skb, &extra);
2361 if (rate == NULL) {
2362 wpa_printf(MSG_DEBUG, "MLME: Failed to determine TX "
2363 "rate for IBSS beacon");
2364 break;
2365 }
2366 control.tx_rate = (wpa_s->mlme.short_preamble &&
2367 (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
2368 rate->val2 : rate->val;
2369 control.antenna_sel = local->conf.antenna_sel;
2370 control.power_level = local->conf.power_level;
2371 control.no_ack = 1;
2372 control.retry_limit = 1;
2373 control.rts_cts_duration = 0;
2374#endif
2375
2376#if 0 /* FIX */
2377 wpa_s->mlme.probe_resp = skb_copy(skb, GFP_ATOMIC);
2378 if (wpa_s->mlme.probe_resp) {
2379 mgmt = (struct ieee80211_mgmt *)
2380 wpa_s->mlme.probe_resp->data;
2381 mgmt->frame_control =
2382 IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2383 WLAN_FC_STYPE_PROBE_RESP);
2384 } else {
2385 wpa_printf(MSG_DEBUG, "MLME: Could not allocate "
2386 "ProbeResp template for IBSS");
2387 }
2388
2389 if (local->hw->beacon_update &&
2390 local->hw->beacon_update(wpa_s, skb, &control) == 0) {
2391 wpa_printf(MSG_DEBUG, "MLME: Configured IBSS beacon "
2392 "template based on scan results");
2393 skb = NULL;
2394 }
2395
2396 rates = 0;
2397 for (i = 0; i < bss->supp_rates_len; i++) {
2398 int rate = (bss->supp_rates[i] & 0x7f) * 5;
2399 if (local->conf.phymode == MODE_ATHEROS_TURBO)
2400 rate *= 2;
2401 for (j = 0; j < local->num_curr_rates; j++)
2402 if (local->curr_rates[j].rate == rate)
2403 rates |= BIT(j);
2404 }
2405 wpa_s->mlme.supp_rates_bits = rates;
2406#endif
2407 done = 1;
2408 } while (0);
2409
2410 os_free(buf);
2411 if (!done) {
2412 wpa_printf(MSG_DEBUG, "MLME: Failed to configure IBSS beacon "
2413 "template");
2414 }
2415
2416 wpa_s->mlme.state = IEEE80211_IBSS_JOINED;
2417 ieee80211_reschedule_timer(wpa_s, IEEE80211_IBSS_MERGE_INTERVAL);
2418
2419 return res;
2420}
2421
2422
2423#if 0 /* FIX */
2424static int ieee80211_sta_create_ibss(struct wpa_supplicant *wpa_s)
2425{
2426 struct ieee80211_sta_bss *bss;
2427 u8 bssid[ETH_ALEN], *pos;
2428 int i;
2429
2430#if 0
2431 /* Easier testing, use fixed BSSID. */
2432 os_memset(bssid, 0xfe, ETH_ALEN);
2433#else
2434 /* Generate random, not broadcast, locally administered BSSID. Mix in
2435 * own MAC address to make sure that devices that do not have proper
2436 * random number generator get different BSSID. */
2437 os_get_random(bssid, ETH_ALEN);
2438 for (i = 0; i < ETH_ALEN; i++)
2439 bssid[i] ^= wpa_s->own_addr[i];
2440 bssid[0] &= ~0x01;
2441 bssid[0] |= 0x02;
2442#endif
2443
2444 wpa_printf(MSG_DEBUG, "MLME: Creating new IBSS network, BSSID "
2445 MACSTR "", MAC2STR(bssid));
2446
2447 bss = ieee80211_bss_add(wpa_s, bssid);
2448 if (bss == NULL)
2449 return -ENOMEM;
2450
2451#if 0 /* FIX */
2452 if (local->conf.beacon_int == 0)
2453 local->conf.beacon_int = 100;
2454 bss->beacon_int = local->conf.beacon_int;
2455 bss->hw_mode = local->conf.phymode;
2456 bss->channel = local->conf.channel;
2457 bss->freq = local->conf.freq;
2458#endif
2459 os_get_time(&bss->last_update);
2460 bss->capability = host_to_le16(WLAN_CAPABILITY_IBSS);
2461#if 0 /* FIX */
2462 if (sdata->default_key) {
2463 bss->capability |= host_to_le16(WLAN_CAPABILITY_PRIVACY);
2464 } else
2465 sdata->drop_unencrypted = 0;
2466 bss->supp_rates_len = local->num_curr_rates;
2467#endif
2468 pos = bss->supp_rates;
2469#if 0 /* FIX */
2470 for (i = 0; i < local->num_curr_rates; i++) {
2471 int rate = local->curr_rates[i].rate;
2472 if (local->conf.phymode == MODE_ATHEROS_TURBO)
2473 rate /= 2;
2474 *pos++ = (u8) (rate / 5);
2475 }
2476#endif
2477
2478 return ieee80211_sta_join_ibss(wpa_s, bss);
2479}
2480#endif
2481
2482
2483static int ieee80211_sta_find_ibss(struct wpa_supplicant *wpa_s)
2484{
2485 struct ieee80211_sta_bss *bss;
2486 int found = 0;
2487 u8 bssid[ETH_ALEN];
2488 int active_ibss;
2489 struct os_time now;
2490
2491 if (wpa_s->mlme.ssid_len == 0)
2492 return -EINVAL;
2493
2494 active_ibss = ieee80211_sta_active_ibss(wpa_s);
2495#ifdef IEEE80211_IBSS_DEBUG
2496 wpa_printf(MSG_DEBUG, "MLME: sta_find_ibss (active_ibss=%d)",
2497 active_ibss);
2498#endif /* IEEE80211_IBSS_DEBUG */
2499 for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next) {
2500 if (wpa_s->mlme.ssid_len != bss->ssid_len ||
2501 os_memcmp(wpa_s->mlme.ssid, bss->ssid, bss->ssid_len) != 0
2502 || !(bss->capability & WLAN_CAPABILITY_IBSS))
2503 continue;
2504#ifdef IEEE80211_IBSS_DEBUG
2505 wpa_printf(MSG_DEBUG, " bssid=" MACSTR " found",
2506 MAC2STR(bss->bssid));
2507#endif /* IEEE80211_IBSS_DEBUG */
2508 os_memcpy(bssid, bss->bssid, ETH_ALEN);
2509 found = 1;
2510 if (active_ibss ||
2511 os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0)
2512 break;
2513 }
2514
2515#ifdef IEEE80211_IBSS_DEBUG
2516 wpa_printf(MSG_DEBUG, " sta_find_ibss: selected " MACSTR " current "
2517 MACSTR, MAC2STR(bssid), MAC2STR(wpa_s->bssid));
2518#endif /* IEEE80211_IBSS_DEBUG */
2519 if (found && os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) != 0 &&
2520 (bss = ieee80211_bss_get(wpa_s, bssid))) {
2521 wpa_printf(MSG_DEBUG, "MLME: Selected IBSS BSSID " MACSTR
2522 " based on configured SSID",
2523 MAC2STR(bssid));
2524 return ieee80211_sta_join_ibss(wpa_s, bss);
2525 }
2526#ifdef IEEE80211_IBSS_DEBUG
2527 wpa_printf(MSG_DEBUG, " did not try to join ibss");
2528#endif /* IEEE80211_IBSS_DEBUG */
2529
2530 /* Selected IBSS not found in current scan results - try to scan */
2531 os_get_time(&now);
2532#if 0 /* FIX */
2533 if (wpa_s->mlme.state == IEEE80211_IBSS_JOINED &&
2534 !ieee80211_sta_active_ibss(wpa_s)) {
2535 ieee80211_reschedule_timer(wpa_s,
2536 IEEE80211_IBSS_MERGE_INTERVAL);
2537 } else if (time_after(jiffies, wpa_s->mlme.last_scan_completed +
2538 IEEE80211_SCAN_INTERVAL)) {
2539 wpa_printf(MSG_DEBUG, "MLME: Trigger new scan to find an IBSS "
2540 "to join");
2541 return ieee80211_sta_req_scan(wpa_s->mlme.ssid,
2542 wpa_s->mlme.ssid_len);
2543 } else if (wpa_s->mlme.state != IEEE80211_IBSS_JOINED) {
2544 int interval = IEEE80211_SCAN_INTERVAL;
2545
2546 if (time_after(jiffies, wpa_s->mlme.ibss_join_req +
2547 IEEE80211_IBSS_JOIN_TIMEOUT)) {
2548 if (wpa_s->mlme.create_ibss &&
2549 ieee80211_ibss_allowed(wpa_s))
2550 return ieee80211_sta_create_ibss(wpa_s);
2551 if (wpa_s->mlme.create_ibss) {
2552 wpa_printf(MSG_DEBUG, "MLME: IBSS not allowed "
2553 "on the configured channel %d "
2554 "(%d MHz)",
2555 local->conf.channel,
2556 local->conf.freq);
2557 }
2558
2559 /* No IBSS found - decrease scan interval and continue
2560 * scanning. */
2561 interval = IEEE80211_SCAN_INTERVAL_SLOW;
2562 }
2563
2564 wpa_s->mlme.state = IEEE80211_IBSS_SEARCH;
2565 ieee80211_reschedule_timer(wpa_s, interval);
2566 return 0;
2567 }
2568#endif
2569
2570 return 0;
2571}
2572
2573
2574int ieee80211_sta_get_ssid(struct wpa_supplicant *wpa_s, u8 *ssid,
2575 size_t *len)
2576{
2577 os_memcpy(ssid, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
2578 *len = wpa_s->mlme.ssid_len;
2579 return 0;
2580}
2581
2582
2583int ieee80211_sta_associate(struct wpa_supplicant *wpa_s,
2584 struct wpa_driver_associate_params *params)
2585{
2586 struct ieee80211_sta_bss *bss;
8bac466b 2587 int bssid_changed;
6fc6879b
JM		 2588
2589 wpa_s->mlme.bssid_set = 0;
2590 wpa_s->mlme.freq = params->freq;
2591 if (params->bssid) {
8bac466b
JM		 2592 bssid_changed = os_memcmp(wpa_s->bssid, params->bssid,
2593 ETH_ALEN);
6fc6879b 2594 os_memcpy(wpa_s->bssid, params->bssid, ETH_ALEN);
8bac466b
JM		 2595 if (bssid_changed)
2596 wpas_notify_bssid_changed(wpa_s);
2597
a8e16edc 2598 if (!is_zero_ether_addr(params->bssid))
6fc6879b
JM		 2599 wpa_s->mlme.bssid_set = 1;
2600 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
2601 if (bss) {
2602 wpa_s->mlme.phymode = bss->hw_mode;
2603 wpa_s->mlme.channel = bss->channel;
2604 wpa_s->mlme.freq = bss->freq;
2605 }
2606 }
2607
2608#if 0 /* FIX */
2609 /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is
2610 * not defined. */
2611 if (local->hw->conf_tx) {
2612 struct ieee80211_tx_queue_params qparam;
2613 int i;
2614
2615 os_memset(&qparam, 0, sizeof(qparam));
2616 /* TODO: are these ok defaults for all hw_modes? */
2617 qparam.aifs = 2;
2618 qparam.cw_min =
2619 local->conf.phymode == MODE_IEEE80211B ? 31 : 15;
2620 qparam.cw_max = 1023;
2621 qparam.burst_time = 0;
2622 for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++)
2623 {
2624 local->hw->conf_tx(wpa_s, i + IEEE80211_TX_QUEUE_DATA0,
2625 &qparam);
2626 }
2627 /* IBSS uses different parameters for Beacon sending */
2628 qparam.cw_min++;
2629 qparam.cw_min *= 2;
2630 qparam.cw_min--;
2631 local->hw->conf_tx(wpa_s, IEEE80211_TX_QUEUE_BEACON, &qparam);
2632 }
2633#endif
2634
2635 if (wpa_s->mlme.ssid_len != params->ssid_len ||
2636 os_memcmp(wpa_s->mlme.ssid, params->ssid, params->ssid_len) != 0)
2637 wpa_s->mlme.prev_bssid_set = 0;
2638 os_memcpy(wpa_s->mlme.ssid, params->ssid, params->ssid_len);
2639 os_memset(wpa_s->mlme.ssid + params->ssid_len, 0,
2640 MAX_SSID_LEN - params->ssid_len);
2641 wpa_s->mlme.ssid_len = params->ssid_len;
2642 wpa_s->mlme.ssid_set = 1;
2643
2644 os_free(wpa_s->mlme.extra_ie);
2645 if (params->wpa_ie == NULL || params->wpa_ie_len == 0) {
2646 wpa_s->mlme.extra_ie = NULL;
2647 wpa_s->mlme.extra_ie_len = 0;
2648 } else {
2649 wpa_s->mlme.extra_ie = os_malloc(params->wpa_ie_len);
2650 if (wpa_s->mlme.extra_ie == NULL) {
2651 wpa_s->mlme.extra_ie_len = 0;
2652 return -1;
2653 }
2654 os_memcpy(wpa_s->mlme.extra_ie, params->wpa_ie,
2655 params->wpa_ie_len);
2656 wpa_s->mlme.extra_ie_len = params->wpa_ie_len;
2657 }
2658
2659 wpa_s->mlme.key_mgmt = params->key_mgmt_suite;
2660
2661 ieee80211_sta_set_channel(wpa_s, wpa_s->mlme.phymode,
2662 wpa_s->mlme.channel, wpa_s->mlme.freq);
2663
2664 if (params->mode == 1 && !wpa_s->mlme.bssid_set) {
2665 os_get_time(&wpa_s->mlme.ibss_join_req);
2666 wpa_s->mlme.state = IEEE80211_IBSS_SEARCH;
2667 return ieee80211_sta_find_ibss(wpa_s);
2668 }
2669
2670 if (wpa_s->mlme.bssid_set)
2671 ieee80211_sta_new_auth(wpa_s);
2672
2673 return 0;
2674}
2675
2676
2677static void ieee80211_sta_save_oper_chan(struct wpa_supplicant *wpa_s)
2678{
2679 wpa_s->mlme.scan_oper_channel = wpa_s->mlme.channel;
2680 wpa_s->mlme.scan_oper_freq = wpa_s->mlme.freq;
2681 wpa_s->mlme.scan_oper_phymode = wpa_s->mlme.phymode;
2682}
2683
2684
2685static int ieee80211_sta_restore_oper_chan(struct wpa_supplicant *wpa_s)
2686{
2687 wpa_s->mlme.channel = wpa_s->mlme.scan_oper_channel;
2688 wpa_s->mlme.freq = wpa_s->mlme.scan_oper_freq;
2689 wpa_s->mlme.phymode = wpa_s->mlme.scan_oper_phymode;
2690 if (wpa_s->mlme.freq == 0)
2691 return 0;
2692 return ieee80211_sta_set_channel(wpa_s, wpa_s->mlme.phymode,
2693 wpa_s->mlme.channel,
2694 wpa_s->mlme.freq);
2695}
2696
2697
2698static int ieee80211_active_scan(struct wpa_supplicant *wpa_s)
2699{
2700 size_t m;
2701 int c;
2702
2703 for (m = 0; m < wpa_s->mlme.num_modes; m++) {
6caf9ca6 2704 struct hostapd_hw_modes *mode = &wpa_s->mlme.modes[m];
6fc6879b
JM		 2705 if ((int) mode->mode != (int) wpa_s->mlme.phymode)
2706 continue;
2707 for (c = 0; c < mode->num_channels; c++) {
6caf9ca6
JM		 2708 struct hostapd_channel_data *chan = &mode->channels[c];
2709 if (!(chan->flag & HOSTAPD_CHAN_DISABLED) &&
6fc6879b 2710 chan->chan == wpa_s->mlme.channel) {
6caf9ca6 2711 if (!(chan->flag & HOSTAPD_CHAN_PASSIVE_SCAN))
6fc6879b
JM		 2712 return 1;
2713 break;
2714 }
2715 }
2716 }
2717
2718 return 0;
2719}
2720
2721
2722static void ieee80211_sta_scan_timer(void *eloop_ctx, void *timeout_ctx)
2723{
2724 struct wpa_supplicant *wpa_s = eloop_ctx;
6caf9ca6
JM		 2725 struct hostapd_hw_modes *mode;
2726 struct hostapd_channel_data *chan;
6fc6879b
JM		 2727 int skip = 0;
2728 int timeout = 0;
2729 struct wpa_ssid *ssid = wpa_s->current_ssid;
2730 int adhoc;
2731
2732 if (!wpa_s->mlme.sta_scanning || wpa_s->mlme.modes == NULL)
2733 return;
2734
2735 adhoc = ssid && ssid->mode == 1;
2736
2737 switch (wpa_s->mlme.scan_state) {
2738 case SCAN_SET_CHANNEL:
2739 mode = &wpa_s->mlme.modes[wpa_s->mlme.scan_hw_mode_idx];
2740 if (wpa_s->mlme.scan_hw_mode_idx >=
2741 (int) wpa_s->mlme.num_modes ||
2742 (wpa_s->mlme.scan_hw_mode_idx + 1 ==
2743 (int) wpa_s->mlme.num_modes
2744 && wpa_s->mlme.scan_channel_idx >= mode->num_channels)) {
2745 if (ieee80211_sta_restore_oper_chan(wpa_s)) {
2746 wpa_printf(MSG_DEBUG, "MLME: failed to "
2747 "restore operational channel after "
2748 "scan");
2749 }
2750 wpa_printf(MSG_DEBUG, "MLME: scan completed");
2751 wpa_s->mlme.sta_scanning = 0;
2752 os_get_time(&wpa_s->mlme.last_scan_completed);
2753 wpa_supplicant_event(wpa_s, EVENT_SCAN_RESULTS, NULL);
2754 if (adhoc) {
2755 if (!wpa_s->mlme.bssid_set ||
2756 (wpa_s->mlme.state ==
2757 IEEE80211_IBSS_JOINED &&
2758 !ieee80211_sta_active_ibss(wpa_s)))
2759 ieee80211_sta_find_ibss(wpa_s);
2760 }
2761 return;
2762 }
2763 skip = !(wpa_s->mlme.hw_modes & (1 << mode->mode));
2764 chan = &mode->channels[wpa_s->mlme.scan_channel_idx];
6caf9ca6
JM		 2765 if ((chan->flag & HOSTAPD_CHAN_DISABLED) ||
2766 (adhoc && (chan->flag & HOSTAPD_CHAN_NO_IBSS)) ||
2767 (wpa_s->mlme.hw_modes & (1 << HOSTAPD_MODE_IEEE80211G) &&
2768 mode->mode == HOSTAPD_MODE_IEEE80211B &&
6fc6879b
JM		 2769 wpa_s->mlme.scan_skip_11b))
2770 skip = 1;
2771
2772 if (!skip) {
2773 wpa_printf(MSG_MSGDUMP,
2774 "MLME: scan channel %d (%d MHz)",
2775 chan->chan, chan->freq);
2776
2777 wpa_s->mlme.channel = chan->chan;
2778 wpa_s->mlme.freq = chan->freq;
2779 wpa_s->mlme.phymode = mode->mode;
2780 if (ieee80211_sta_set_channel(wpa_s, mode->mode,
2781 chan->chan, chan->freq))
2782 {
2783 wpa_printf(MSG_DEBUG, "MLME: failed to set "
2784 "channel %d (%d MHz) for scan",
2785 chan->chan, chan->freq);
2786 skip = 1;
2787 }
2788 }
2789
2790 wpa_s->mlme.scan_channel_idx++;
2791 if (wpa_s->mlme.scan_channel_idx >=
2792 wpa_s->mlme.modes[wpa_s->mlme.scan_hw_mode_idx].
2793 num_channels) {
2794 wpa_s->mlme.scan_hw_mode_idx++;
2795 wpa_s->mlme.scan_channel_idx = 0;
2796 }
2797
2798 if (skip) {
2799 timeout = 0;
2800 break;
2801 }
2802
2803 timeout = IEEE80211_PROBE_DELAY;
2804 wpa_s->mlme.scan_state = SCAN_SEND_PROBE;
2805 break;
2806 case SCAN_SEND_PROBE:
2807 if (ieee80211_active_scan(wpa_s)) {
2808 ieee80211_send_probe_req(wpa_s, NULL,
2809 wpa_s->mlme.scan_ssid,
2810 wpa_s->mlme.scan_ssid_len);
2811 timeout = IEEE80211_CHANNEL_TIME;
2812 } else {
2813 timeout = IEEE80211_PASSIVE_CHANNEL_TIME;
2814 }
2815 wpa_s->mlme.scan_state = SCAN_SET_CHANNEL;
2816 break;
2817 }
2818
2819 eloop_register_timeout(timeout / 1000, 1000 * (timeout % 1000),
2820 ieee80211_sta_scan_timer, wpa_s, NULL);
2821}
2822
2823
2824int ieee80211_sta_req_scan(struct wpa_supplicant *wpa_s, const u8 *ssid,
2825 size_t ssid_len)
2826{
2827 if (ssid_len > MAX_SSID_LEN)
2828 return -1;
2829
2830 /* MLME-SCAN.request (page 118) page 144 (11.1.3.1)
2831 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
2832 * BSSID: MACAddress
2833 * SSID
2834 * ScanType: ACTIVE, PASSIVE
2835 * ProbeDelay: delay (in microseconds) to be used prior to transmitting
2836 * a Probe frame during active scanning
2837 * ChannelList
2838 * MinChannelTime (>= ProbeDelay), in TU
2839 * MaxChannelTime: (>= MinChannelTime), in TU
2840 */
2841
2842 /* MLME-SCAN.confirm
2843 * BSSDescriptionSet
2844 * ResultCode: SUCCESS, INVALID_PARAMETERS
2845 */
2846
2847 /* TODO: if assoc, move to power save mode for the duration of the
2848 * scan */
2849
2850 if (wpa_s->mlme.sta_scanning)
2851 return -1;
2852
2853 wpa_printf(MSG_DEBUG, "MLME: starting scan");
2854
2855 ieee80211_sta_save_oper_chan(wpa_s);
2856
2857 wpa_s->mlme.sta_scanning = 1;
2858 /* TODO: stop TX queue? */
2859
2860 if (ssid) {
2861 wpa_s->mlme.scan_ssid_len = ssid_len;
2862 os_memcpy(wpa_s->mlme.scan_ssid, ssid, ssid_len);
2863 } else
2864 wpa_s->mlme.scan_ssid_len = 0;
2865 wpa_s->mlme.scan_skip_11b = 1; /* FIX: clear this is 11g is not
2866 * supported */
2867 wpa_s->mlme.scan_state = SCAN_SET_CHANNEL;
2868 wpa_s->mlme.scan_hw_mode_idx = 0;
2869 wpa_s->mlme.scan_channel_idx = 0;
2870 eloop_register_timeout(0, 1, ieee80211_sta_scan_timer, wpa_s, NULL);
2871
2872 return 0;
2873}
2874
2875
2876struct wpa_scan_results *
2877ieee80211_sta_get_scan_results(struct wpa_supplicant *wpa_s)
2878{
2879 size_t ap_num = 0;
2880 struct wpa_scan_results *res;
2881 struct wpa_scan_res *r;
2882 struct ieee80211_sta_bss *bss;
2883
2884 res = os_zalloc(sizeof(*res));
2885 for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next)
2886 ap_num++;
2887 res->res = os_zalloc(ap_num * sizeof(struct wpa_scan_res *));
2888 if (res->res == NULL) {
2889 os_free(res);
2890 return NULL;
2891 }
2892
2893 for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next) {
2894 r = os_zalloc(sizeof(*r) + bss->ie_len);
2895 if (r == NULL)
2896 break;
2897 os_memcpy(r->bssid, bss->bssid, ETH_ALEN);
2898 r->freq = bss->freq;
2899 r->beacon_int = bss->beacon_int;
2900 r->caps = bss->capability;
2901 r->level = bss->rssi;
2902 r->tsf = bss->timestamp;
2903 if (bss->ie) {
2904 r->ie_len = bss->ie_len;
2905 os_memcpy(r + 1, bss->ie, bss->ie_len);
2906 }
2907
2908 res->res[res->num++] = r;
2909 }
2910
2911 return res;
2912}
2913
2914
2915#if 0 /* FIX */
2916struct sta_info * ieee80211_ibss_add_sta(struct wpa_supplicant *wpa_s,
2917 struct sk_buff *skb, u8 *bssid,
2918 u8 *addr)
2919{
2920 struct ieee80211_local *local = dev->priv;
2921 struct list_head *ptr;
2922 struct sta_info *sta;
2923 struct wpa_supplicant *sta_dev = NULL;
2924
2925 /* TODO: Could consider removing the least recently used entry and
2926 * allow new one to be added. */
2927 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
2928 if (net_ratelimit()) {
2929 wpa_printf(MSG_DEBUG, "MLME: No room for a new IBSS "
2930 "STA entry " MACSTR, MAC2STR(addr));
2931 }
2932 return NULL;
2933 }
2934
2935 spin_lock_bh(&local->sub_if_lock);
2936 list_for_each(ptr, &local->sub_if_list) {
2937 sdata = list_entry(ptr, struct ieee80211_sub_if_data, list);
2938 if (sdata->type == IEEE80211_SUB_IF_TYPE_STA &&
2939 os_memcmp(bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
2940 sta_dev = sdata->dev;
2941 break;
2942 }
2943 }
2944 spin_unlock_bh(&local->sub_if_lock);
2945
2946 if (sta_dev == NULL)
2947 return NULL;
2948
2949 wpa_printf(MSG_DEBUG, "MLME: Adding new IBSS station " MACSTR
2950 " (dev=%s)", MAC2STR(addr), sta_dev->name);
2951
2952 sta = sta_info_add(wpa_s, addr);
2953 if (sta == NULL) {
2954 return NULL;
2955 }
2956
2957 sta->dev = sta_dev;
2958 sta->supp_rates = wpa_s->mlme.supp_rates_bits;
2959
2960 rate_control_rate_init(local, sta);
2961
2962 return sta; /* caller will call sta_info_release() */
2963}
2964#endif
2965
2966
2967int ieee80211_sta_deauthenticate(struct wpa_supplicant *wpa_s, u16 reason)
2968{
2969 wpa_printf(MSG_DEBUG, "MLME: deauthenticate(reason=%d)", reason);
2970
2971 ieee80211_send_deauth(wpa_s, reason);
2972 ieee80211_set_associated(wpa_s, 0);
2973 return 0;
2974}
2975
2976
2977int ieee80211_sta_disassociate(struct wpa_supplicant *wpa_s, u16 reason)
2978{
2979 wpa_printf(MSG_DEBUG, "MLME: disassociate(reason=%d)", reason);
2980
2981 if (!wpa_s->mlme.associated)
2982 return -1;
2983
2984 ieee80211_send_disassoc(wpa_s, reason);
2985 ieee80211_set_associated(wpa_s, 0);
2986 return 0;
2987}
2988
2989
2990void ieee80211_sta_rx(struct wpa_supplicant *wpa_s, const u8 *buf, size_t len,
2991 struct ieee80211_rx_status *rx_status)
2992{
2993 struct ieee80211_mgmt *mgmt;
2994 u16 fc;
2995 const u8 *pos;
2996
2997 /* wpa_hexdump(MSG_MSGDUMP, "MLME: Received frame", buf, len); */
2998
2999 if (wpa_s->mlme.sta_scanning) {
3000 ieee80211_sta_rx_scan(wpa_s, buf, len, rx_status);
3001 return;
3002 }
3003
3004 if (len < 24)
3005 return;
3006
3007 mgmt = (struct ieee80211_mgmt *) buf;
3008 fc = le_to_host16(mgmt->frame_control);
3009
3010 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
3011 ieee80211_sta_rx_mgmt(wpa_s, buf, len, rx_status);
3012 else if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA) {
3013 if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) !=
3014 WLAN_FC_FROMDS)
3015 return;
3016 /* mgmt->sa is actually BSSID for FromDS data frames */
3017 if (os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) != 0)
3018 return;
3019 /* Skip IEEE 802.11 and LLC headers */
3020 pos = buf + 24 + 6;
3021 if (WPA_GET_BE16(pos) != ETH_P_EAPOL)
3022 return;
3023 pos += 2;
3024 /* mgmt->bssid is actually BSSID for SA data frames */
3025 wpa_supplicant_rx_eapol(wpa_s, mgmt->bssid,
3026 pos, buf + len - pos);
3027 }
3028}
3029
3030
6caf9ca6 3031void ieee80211_sta_free_hw_features(struct hostapd_hw_modes *hw_features,
6fc6879b
JM		 3032 size_t num_hw_features)
3033{
3034 size_t i;
3035
3036 if (hw_features == NULL)
3037 return;
3038
3039 for (i = 0; i < num_hw_features; i++) {
3040 os_free(hw_features[i].channels);
3041 os_free(hw_features[i].rates);
3042 }
3043
3044 os_free(hw_features);
3045}
3046
3047
3048int ieee80211_sta_init(struct wpa_supplicant *wpa_s)
3049{
3050 u16 num_modes, flags;
3051
3052 wpa_s->mlme.modes = wpa_drv_get_hw_feature_data(wpa_s, &num_modes,
3053 &flags);
3054 if (wpa_s->mlme.modes == NULL) {
3055 wpa_printf(MSG_ERROR, "MLME: Failed to read supported "
3056 "channels and rates from the driver");
3057 return -1;
3058 }
3059
3060 wpa_s->mlme.num_modes = num_modes;
3061
6caf9ca6
JM		 3062 wpa_s->mlme.hw_modes = 1 << HOSTAPD_MODE_IEEE80211A;
3063 wpa_s->mlme.hw_modes |= 1 << HOSTAPD_MODE_IEEE80211B;
3064 wpa_s->mlme.hw_modes |= 1 << HOSTAPD_MODE_IEEE80211G;
6fc6879b 3065
5c3dd4eb
JM		 3066 wpa_s->mlme.wmm_enabled = 1;
3067
6fc6879b
JM		 3068 return 0;
3069}
3070
3071
3072void ieee80211_sta_deinit(struct wpa_supplicant *wpa_s)
3073{
3074 eloop_cancel_timeout(ieee80211_sta_timer, wpa_s, NULL);
3075 eloop_cancel_timeout(ieee80211_sta_scan_timer, wpa_s, NULL);
3076 os_free(wpa_s->mlme.extra_ie);
3077 wpa_s->mlme.extra_ie = NULL;
3078 os_free(wpa_s->mlme.extra_probe_ie);
3079 wpa_s->mlme.extra_probe_ie = NULL;
3080 os_free(wpa_s->mlme.assocreq_ies);
3081 wpa_s->mlme.assocreq_ies = NULL;
3082 os_free(wpa_s->mlme.assocresp_ies);
3083 wpa_s->mlme.assocresp_ies = NULL;
3084 ieee80211_bss_list_deinit(wpa_s);
3085 ieee80211_sta_free_hw_features(wpa_s->mlme.modes,
3086 wpa_s->mlme.num_modes);
3087#ifdef CONFIG_IEEE80211R
3088 os_free(wpa_s->mlme.ft_ies);
3089 wpa_s->mlme.ft_ies = NULL;
3090 wpa_s->mlme.ft_ies_len = 0;
3091#endif /* CONFIG_IEEE80211R */
3092}
3093
3094
3095#ifdef CONFIG_IEEE80211R
3096
3097int ieee80211_sta_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
3098 const u8 *ies, size_t ies_len)
3099{
3100 if (md == NULL) {
3101 wpa_printf(MSG_DEBUG, "MLME: Clear FT mobility domain");
3102 os_memset(wpa_s->mlme.current_md, 0, MOBILITY_DOMAIN_ID_LEN);
3103 } else {
3104 wpa_printf(MSG_DEBUG, "MLME: Update FT IEs for MD " MACSTR,
3105 MAC2STR(md));
3106 os_memcpy(wpa_s->mlme.current_md, md, MOBILITY_DOMAIN_ID_LEN);
3107 }
3108
3109 wpa_hexdump(MSG_DEBUG, "MLME: FT IEs", ies, ies_len);
3110 os_free(wpa_s->mlme.ft_ies);
3111 wpa_s->mlme.ft_ies = os_malloc(ies_len);
3112 if (wpa_s->mlme.ft_ies == NULL)
3113 return -1;
3114 os_memcpy(wpa_s->mlme.ft_ies, ies, ies_len);
3115 wpa_s->mlme.ft_ies_len = ies_len;
3116
3117 return 0;
3118}
3119
3120
3121int ieee80211_sta_send_ft_action(struct wpa_supplicant *wpa_s, u8 action,
3122 const u8 *target_ap,
3123 const u8 *ies, size_t ies_len)
3124{
3125 u8 *buf;
3126 size_t len;
3127 struct ieee80211_mgmt *mgmt;
3128 int res;
3129
3130 /*
3131 * Action frame payload:
3132 * Category[1] = 6 (Fast BSS Transition)
3133 * Action[1] = 1 (Fast BSS Transition Request)
3134 * STA Address
3135 * Target AP Address
3136 * FT IEs
3137 */
3138
3139 buf = os_zalloc(sizeof(*mgmt) + ies_len);
3140 if (buf == NULL) {
3141 wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for "
3142 "FT action frame");
3143 return -1;
3144 }
3145
3146 mgmt = (struct ieee80211_mgmt *) buf;
3147 len = 24;
3148 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
3149 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
3150 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
3151 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
3152 WLAN_FC_STYPE_ACTION);
3153 mgmt->u.action.category = WLAN_ACTION_FT;
3154 mgmt->u.action.u.ft_action_req.action = action;
3155 os_memcpy(mgmt->u.action.u.ft_action_req.sta_addr, wpa_s->own_addr,
3156 ETH_ALEN);
3157 os_memcpy(mgmt->u.action.u.ft_action_req.target_ap_addr, target_ap,
3158 ETH_ALEN);
3159 os_memcpy(mgmt->u.action.u.ft_action_req.variable, ies, ies_len);
3160 len += 1 + sizeof(mgmt->u.action.u.ft_action_req) + ies_len;
3161
3162 wpa_printf(MSG_DEBUG, "MLME: Send FT Action Frame: Action=%d "
fa2ec7eb
JM		 3163 "Target AP=" MACSTR " body_len=%lu",
3164 action, MAC2STR(target_ap), (unsigned long) ies_len);
6fc6879b
JM		 3165
3166 res = ieee80211_sta_tx(wpa_s, buf, len);
3167 os_free(buf);
3168
3169 return res;
3170}
3171
3172#endif /* CONFIG_IEEE80211R */
3173
3174
3175int ieee80211_sta_set_probe_req_ie(struct wpa_supplicant *wpa_s, const u8 *ies,
3176 size_t ies_len)
3177{
3178 os_free(wpa_s->mlme.extra_probe_ie);
3179 wpa_s->mlme.extra_probe_ie = NULL;
3180 wpa_s->mlme.extra_probe_ie_len = 0;
3181
3182 if (ies == NULL)
3183 return 0;
3184
3185 wpa_s->mlme.extra_probe_ie = os_malloc(ies_len);
3186 if (wpa_s->mlme.extra_probe_ie == NULL)
3187 return -1;
3188
3189 os_memcpy(wpa_s->mlme.extra_probe_ie, ies, ies_len);
3190 wpa_s->mlme.extra_probe_ie_len = ies_len;
3191
3192 return 0;
3193}
Unnamed repository; edit this file 'description' to name the repository.