2 * hostapd / IEEE 802.11 Management
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #ifndef CONFIG_NATIVE_WINDOWS
13 #include "utils/common.h"
14 #include "utils/eloop.h"
15 #include "crypto/crypto.h"
16 #include "crypto/sha256.h"
17 #include "crypto/random.h"
18 #include "common/ieee802_11_defs.h"
19 #include "common/ieee802_11_common.h"
20 #include "common/wpa_ctrl.h"
21 #include "common/sae.h"
22 #include "radius/radius.h"
23 #include "radius/radius_client.h"
29 #include "ieee802_11_auth.h"
31 #include "ieee802_1x.h"
33 #include "pmksa_cache_auth.h"
36 #include "accounting.h"
37 #include "ap_config.h"
39 #include "p2p_hostapd.h"
40 #include "ap_drv_ops.h"
42 #include "hw_features.h"
43 #include "ieee802_11.h"
51 u8
* hostapd_eid_supp_rates(struct hostapd_data
*hapd
, u8
*eid
)
56 if (hapd
->iface
->current_rates
== NULL
)
59 *pos
++ = WLAN_EID_SUPP_RATES
;
60 num
= hapd
->iface
->num_rates
;
61 if (hapd
->iconf
->ieee80211n
&& hapd
->iconf
->require_ht
)
63 if (hapd
->iconf
->ieee80211ac
&& hapd
->iconf
->require_vht
)
66 /* rest of the rates are encoded in Extended supported
72 for (i
= 0, count
= 0; i
< hapd
->iface
->num_rates
&& count
< num
;
75 *pos
= hapd
->iface
->current_rates
[i
].rate
/ 5;
76 if (hapd
->iface
->current_rates
[i
].flags
& HOSTAPD_RATE_BASIC
)
81 if (hapd
->iconf
->ieee80211n
&& hapd
->iconf
->require_ht
&& count
< 8) {
83 *pos
++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY
;
86 if (hapd
->iconf
->ieee80211ac
&& hapd
->iconf
->require_vht
&& count
< 8) {
88 *pos
++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY
;
95 u8
* hostapd_eid_ext_supp_rates(struct hostapd_data
*hapd
, u8
*eid
)
100 if (hapd
->iface
->current_rates
== NULL
)
103 num
= hapd
->iface
->num_rates
;
104 if (hapd
->iconf
->ieee80211n
&& hapd
->iconf
->require_ht
)
106 if (hapd
->iconf
->ieee80211ac
&& hapd
->iconf
->require_vht
)
112 *pos
++ = WLAN_EID_EXT_SUPP_RATES
;
114 for (i
= 0, count
= 0; i
< hapd
->iface
->num_rates
&& count
< num
+ 8;
118 continue; /* already in SuppRates IE */
119 *pos
= hapd
->iface
->current_rates
[i
].rate
/ 5;
120 if (hapd
->iface
->current_rates
[i
].flags
& HOSTAPD_RATE_BASIC
)
125 if (hapd
->iconf
->ieee80211n
&& hapd
->iconf
->require_ht
) {
128 *pos
++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY
;
131 if (hapd
->iconf
->ieee80211ac
&& hapd
->iconf
->require_vht
) {
134 *pos
++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY
;
141 u16
hostapd_own_capab_info(struct hostapd_data
*hapd
)
143 int capab
= WLAN_CAPABILITY_ESS
;
148 /* Check if any of configured channels require DFS */
149 dfs
= hostapd_is_dfs_required(hapd
->iface
);
151 wpa_printf(MSG_WARNING
, "Failed to check if DFS is required; ret=%d",
156 if (hapd
->iface
->num_sta_no_short_preamble
== 0 &&
157 hapd
->iconf
->preamble
== SHORT_PREAMBLE
)
158 capab
|= WLAN_CAPABILITY_SHORT_PREAMBLE
;
160 privacy
= hapd
->conf
->ssid
.wep
.keys_set
;
162 if (hapd
->conf
->ieee802_1x
&&
163 (hapd
->conf
->default_wep_key_len
||
164 hapd
->conf
->individual_wep_key_len
))
171 if (hapd
->conf
->osen
)
173 #endif /* CONFIG_HS20 */
176 capab
|= WLAN_CAPABILITY_PRIVACY
;
178 if (hapd
->iface
->current_mode
&&
179 hapd
->iface
->current_mode
->mode
== HOSTAPD_MODE_IEEE80211G
&&
180 hapd
->iface
->num_sta_no_short_slot_time
== 0)
181 capab
|= WLAN_CAPABILITY_SHORT_SLOT_TIME
;
184 * Currently, Spectrum Management capability bit is set when directly
185 * requested in configuration by spectrum_mgmt_required or when AP is
186 * running on DFS channel.
187 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit
189 if (hapd
->iface
->current_mode
&&
190 hapd
->iface
->current_mode
->mode
== HOSTAPD_MODE_IEEE80211A
&&
191 (hapd
->iconf
->spectrum_mgmt_required
|| dfs
))
192 capab
|= WLAN_CAPABILITY_SPECTRUM_MGMT
;
194 for (i
= 0; i
< RRM_CAPABILITIES_IE_LEN
; i
++) {
195 if (hapd
->conf
->radio_measurements
[i
]) {
196 capab
|= IEEE80211_CAP_RRM
;
205 #ifndef CONFIG_NO_RC4
206 static u16
auth_shared_key(struct hostapd_data
*hapd
, struct sta_info
*sta
,
207 u16 auth_transaction
, const u8
*challenge
,
210 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
212 "authentication (shared key, transaction %d)",
215 if (auth_transaction
== 1) {
216 if (!sta
->challenge
) {
217 /* Generate a pseudo-random challenge */
220 sta
->challenge
= os_zalloc(WLAN_AUTH_CHALLENGE_LEN
);
221 if (sta
->challenge
== NULL
)
222 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
224 if (os_get_random(key
, sizeof(key
)) < 0) {
225 os_free(sta
->challenge
);
226 sta
->challenge
= NULL
;
227 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
230 rc4_skip(key
, sizeof(key
), 0,
231 sta
->challenge
, WLAN_AUTH_CHALLENGE_LEN
);
236 if (auth_transaction
!= 3)
237 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
240 if (!iswep
|| !sta
->challenge
|| !challenge
||
241 os_memcmp_const(sta
->challenge
, challenge
,
242 WLAN_AUTH_CHALLENGE_LEN
)) {
243 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
245 "shared key authentication - invalid "
246 "challenge-response");
247 return WLAN_STATUS_CHALLENGE_FAIL
;
250 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
252 "authentication OK (shared key)");
253 sta
->flags
|= WLAN_STA_AUTH
;
254 wpa_auth_sm_event(sta
->wpa_sm
, WPA_AUTH
);
255 os_free(sta
->challenge
);
256 sta
->challenge
= NULL
;
260 #endif /* CONFIG_NO_RC4 */
263 static int send_auth_reply(struct hostapd_data
*hapd
,
264 const u8
*dst
, const u8
*bssid
,
265 u16 auth_alg
, u16 auth_transaction
, u16 resp
,
266 const u8
*ies
, size_t ies_len
)
268 struct ieee80211_mgmt
*reply
;
271 int reply_res
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
273 rlen
= IEEE80211_HDRLEN
+ sizeof(reply
->u
.auth
) + ies_len
;
274 buf
= os_zalloc(rlen
);
278 reply
= (struct ieee80211_mgmt
*) buf
;
279 reply
->frame_control
= IEEE80211_FC(WLAN_FC_TYPE_MGMT
,
281 os_memcpy(reply
->da
, dst
, ETH_ALEN
);
282 os_memcpy(reply
->sa
, hapd
->own_addr
, ETH_ALEN
);
283 os_memcpy(reply
->bssid
, bssid
, ETH_ALEN
);
285 reply
->u
.auth
.auth_alg
= host_to_le16(auth_alg
);
286 reply
->u
.auth
.auth_transaction
= host_to_le16(auth_transaction
);
287 reply
->u
.auth
.status_code
= host_to_le16(resp
);
290 os_memcpy(reply
->u
.auth
.variable
, ies
, ies_len
);
292 wpa_printf(MSG_DEBUG
, "authentication reply: STA=" MACSTR
293 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)",
294 MAC2STR(dst
), auth_alg
, auth_transaction
,
295 resp
, (unsigned long) ies_len
);
296 if (hostapd_drv_send_mlme(hapd
, reply
, rlen
, 0) < 0)
297 wpa_printf(MSG_INFO
, "send_auth_reply: send failed");
299 reply_res
= WLAN_STATUS_SUCCESS
;
307 #ifdef CONFIG_IEEE80211R_AP
308 static void handle_auth_ft_finish(void *ctx
, const u8
*dst
, const u8
*bssid
,
309 u16 auth_transaction
, u16 status
,
310 const u8
*ies
, size_t ies_len
)
312 struct hostapd_data
*hapd
= ctx
;
313 struct sta_info
*sta
;
316 reply_res
= send_auth_reply(hapd
, dst
, bssid
, WLAN_AUTH_FT
,
317 auth_transaction
, status
, ies
, ies_len
);
319 sta
= ap_get_sta(hapd
, dst
);
323 if (sta
->added_unassoc
&& (reply_res
!= WLAN_STATUS_SUCCESS
||
324 status
!= WLAN_STATUS_SUCCESS
)) {
325 hostapd_drv_sta_remove(hapd
, sta
->addr
);
326 sta
->added_unassoc
= 0;
330 if (status
!= WLAN_STATUS_SUCCESS
)
333 hostapd_logger(hapd
, dst
, HOSTAPD_MODULE_IEEE80211
,
334 HOSTAPD_LEVEL_DEBUG
, "authentication OK (FT)");
335 sta
->flags
|= WLAN_STA_AUTH
;
336 mlme_authenticate_indication(hapd
, sta
);
338 #endif /* CONFIG_IEEE80211R_AP */
343 #define dot11RSNASAESync 5 /* attempts */
346 static struct wpabuf
* auth_build_sae_commit(struct hostapd_data
*hapd
,
347 struct sta_info
*sta
, int update
)
351 if (hapd
->conf
->ssid
.wpa_passphrase
== NULL
) {
352 wpa_printf(MSG_DEBUG
, "SAE: No password available");
357 sae_prepare_commit(hapd
->own_addr
, sta
->addr
,
358 (u8
*) hapd
->conf
->ssid
.wpa_passphrase
,
359 os_strlen(hapd
->conf
->ssid
.wpa_passphrase
),
361 wpa_printf(MSG_DEBUG
, "SAE: Could not pick PWE");
365 buf
= wpabuf_alloc(SAE_COMMIT_MAX_LEN
);
368 sae_write_commit(sta
->sae
, buf
, sta
->sae
->tmp
?
369 sta
->sae
->tmp
->anti_clogging_token
: NULL
);
375 static struct wpabuf
* auth_build_sae_confirm(struct hostapd_data
*hapd
,
376 struct sta_info
*sta
)
380 buf
= wpabuf_alloc(SAE_CONFIRM_MAX_LEN
);
384 sae_write_confirm(sta
->sae
, buf
);
390 static int auth_sae_send_commit(struct hostapd_data
*hapd
,
391 struct sta_info
*sta
,
392 const u8
*bssid
, int update
)
397 data
= auth_build_sae_commit(hapd
, sta
, update
);
399 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
401 reply_res
= send_auth_reply(hapd
, sta
->addr
, bssid
, WLAN_AUTH_SAE
, 1,
402 WLAN_STATUS_SUCCESS
, wpabuf_head(data
),
411 static int auth_sae_send_confirm(struct hostapd_data
*hapd
,
412 struct sta_info
*sta
,
418 data
= auth_build_sae_confirm(hapd
, sta
);
420 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
422 reply_res
= send_auth_reply(hapd
, sta
->addr
, bssid
, WLAN_AUTH_SAE
, 2,
423 WLAN_STATUS_SUCCESS
, wpabuf_head(data
),
432 static int use_sae_anti_clogging(struct hostapd_data
*hapd
)
434 struct sta_info
*sta
;
435 unsigned int open
= 0;
437 if (hapd
->conf
->sae_anti_clogging_threshold
== 0)
440 for (sta
= hapd
->sta_list
; sta
; sta
= sta
->next
) {
443 if (sta
->sae
->state
!= SAE_COMMITTED
&&
444 sta
->sae
->state
!= SAE_CONFIRMED
)
447 if (open
>= hapd
->conf
->sae_anti_clogging_threshold
)
455 static int check_sae_token(struct hostapd_data
*hapd
, const u8
*addr
,
456 const u8
*token
, size_t token_len
)
458 u8 mac
[SHA256_MAC_LEN
];
460 if (token_len
!= SHA256_MAC_LEN
)
462 if (hmac_sha256(hapd
->sae_token_key
, sizeof(hapd
->sae_token_key
),
463 addr
, ETH_ALEN
, mac
) < 0 ||
464 os_memcmp_const(token
, mac
, SHA256_MAC_LEN
) != 0)
471 static struct wpabuf
* auth_build_token_req(struct hostapd_data
*hapd
,
472 int group
, const u8
*addr
)
476 struct os_reltime now
;
478 os_get_reltime(&now
);
479 if (!os_reltime_initialized(&hapd
->last_sae_token_key_update
) ||
480 os_reltime_expired(&now
, &hapd
->last_sae_token_key_update
, 60)) {
481 if (random_get_bytes(hapd
->sae_token_key
,
482 sizeof(hapd
->sae_token_key
)) < 0)
484 wpa_hexdump(MSG_DEBUG
, "SAE: Updated token key",
485 hapd
->sae_token_key
, sizeof(hapd
->sae_token_key
));
486 hapd
->last_sae_token_key_update
= now
;
489 buf
= wpabuf_alloc(sizeof(le16
) + SHA256_MAC_LEN
);
493 wpabuf_put_le16(buf
, group
); /* Finite Cyclic Group */
495 token
= wpabuf_put(buf
, SHA256_MAC_LEN
);
496 hmac_sha256(hapd
->sae_token_key
, sizeof(hapd
->sae_token_key
),
497 addr
, ETH_ALEN
, token
);
503 static int sae_check_big_sync(struct sta_info
*sta
)
505 if (sta
->sae
->sync
> dot11RSNASAESync
) {
506 sta
->sae
->state
= SAE_NOTHING
;
514 static void auth_sae_retransmit_timer(void *eloop_ctx
, void *eloop_data
)
516 struct hostapd_data
*hapd
= eloop_ctx
;
517 struct sta_info
*sta
= eloop_data
;
520 if (sae_check_big_sync(sta
))
523 wpa_printf(MSG_DEBUG
, "SAE: Auth SAE retransmit timer for " MACSTR
524 " (sync=%d state=%d)",
525 MAC2STR(sta
->addr
), sta
->sae
->sync
, sta
->sae
->state
);
527 switch (sta
->sae
->state
) {
529 ret
= auth_sae_send_commit(hapd
, sta
, hapd
->own_addr
, 0);
530 eloop_register_timeout(0,
531 hapd
->dot11RSNASAERetransPeriod
* 1000,
532 auth_sae_retransmit_timer
, hapd
, sta
);
535 ret
= auth_sae_send_confirm(hapd
, sta
, hapd
->own_addr
);
536 eloop_register_timeout(0,
537 hapd
->dot11RSNASAERetransPeriod
* 1000,
538 auth_sae_retransmit_timer
, hapd
, sta
);
545 if (ret
!= WLAN_STATUS_SUCCESS
)
546 wpa_printf(MSG_INFO
, "SAE: Failed to retransmit: ret=%d", ret
);
550 void sae_clear_retransmit_timer(struct hostapd_data
*hapd
, struct sta_info
*sta
)
552 eloop_cancel_timeout(auth_sae_retransmit_timer
, hapd
, sta
);
556 static void sae_set_retransmit_timer(struct hostapd_data
*hapd
,
557 struct sta_info
*sta
)
559 if (!(hapd
->conf
->mesh
& MESH_ENABLED
))
562 eloop_cancel_timeout(auth_sae_retransmit_timer
, hapd
, sta
);
563 eloop_register_timeout(0, hapd
->dot11RSNASAERetransPeriod
* 1000,
564 auth_sae_retransmit_timer
, hapd
, sta
);
568 void sae_accept_sta(struct hostapd_data
*hapd
, struct sta_info
*sta
)
570 sta
->flags
|= WLAN_STA_AUTH
;
571 sta
->auth_alg
= WLAN_AUTH_SAE
;
572 mlme_authenticate_indication(hapd
, sta
);
573 wpa_auth_sm_event(sta
->wpa_sm
, WPA_AUTH
);
574 sta
->sae
->state
= SAE_ACCEPTED
;
575 wpa_auth_pmksa_add_sae(hapd
->wpa_auth
, sta
->addr
,
576 sta
->sae
->pmk
, sta
->sae
->pmkid
);
580 static int sae_sm_step(struct hostapd_data
*hapd
, struct sta_info
*sta
,
581 const u8
*bssid
, u8 auth_transaction
)
585 if (auth_transaction
!= 1 && auth_transaction
!= 2)
586 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
588 switch (sta
->sae
->state
) {
590 if (auth_transaction
== 1) {
591 ret
= auth_sae_send_commit(hapd
, sta
, bssid
, 1);
594 sta
->sae
->state
= SAE_COMMITTED
;
596 if (sae_process_commit(sta
->sae
) < 0)
597 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
600 * In mesh case, both Commit and Confirm can be sent
601 * immediately. In infrastructure BSS, only a single
602 * Authentication frame (Commit) is expected from the AP
603 * here and the second one (Confirm) will be sent once
604 * the STA has sent its second Authentication frame
607 if (hapd
->conf
->mesh
& MESH_ENABLED
) {
609 * Send both Commit and Confirm immediately
610 * based on SAE finite state machine
611 * Nothing -> Confirm transition.
613 ret
= auth_sae_send_confirm(hapd
, sta
, bssid
);
616 sta
->sae
->state
= SAE_CONFIRMED
;
619 * For infrastructure BSS, send only the Commit
620 * message now to get alternating sequence of
621 * Authentication frames between the AP and STA.
622 * Confirm will be sent in
623 * Committed -> Confirmed/Accepted transition
624 * when receiving Confirm from STA.
628 sae_set_retransmit_timer(hapd
, sta
);
630 hostapd_logger(hapd
, sta
->addr
,
631 HOSTAPD_MODULE_IEEE80211
,
633 "SAE confirm before commit");
637 sae_clear_retransmit_timer(hapd
, sta
);
638 if (auth_transaction
== 1) {
639 if (sae_process_commit(sta
->sae
) < 0)
640 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
642 ret
= auth_sae_send_confirm(hapd
, sta
, bssid
);
645 sta
->sae
->state
= SAE_CONFIRMED
;
647 sae_set_retransmit_timer(hapd
, sta
);
648 } else if (hapd
->conf
->mesh
& MESH_ENABLED
) {
650 * In mesh case, follow SAE finite state machine and
651 * send Commit now, if sync count allows.
653 if (sae_check_big_sync(sta
))
654 return WLAN_STATUS_SUCCESS
;
657 ret
= auth_sae_send_commit(hapd
, sta
, bssid
, 0);
661 sae_set_retransmit_timer(hapd
, sta
);
664 * For instructure BSS, send the postponed Confirm from
665 * Nothing -> Confirmed transition that was reduced to
666 * Nothing -> Committed above.
668 ret
= auth_sae_send_confirm(hapd
, sta
, bssid
);
672 sta
->sae
->state
= SAE_CONFIRMED
;
675 * Since this was triggered on Confirm RX, run another
676 * step to get to Accepted without waiting for
679 return sae_sm_step(hapd
, sta
, bssid
, auth_transaction
);
683 sae_clear_retransmit_timer(hapd
, sta
);
684 if (auth_transaction
== 1) {
685 if (sae_check_big_sync(sta
))
686 return WLAN_STATUS_SUCCESS
;
689 ret
= auth_sae_send_commit(hapd
, sta
, bssid
, 1);
693 if (sae_process_commit(sta
->sae
) < 0)
694 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
696 ret
= auth_sae_send_confirm(hapd
, sta
, bssid
);
700 sae_set_retransmit_timer(hapd
, sta
);
702 sae_accept_sta(hapd
, sta
);
706 if (auth_transaction
== 1) {
707 wpa_printf(MSG_DEBUG
, "SAE: remove the STA (" MACSTR
708 ") doing reauthentication",
710 ap_free_sta(hapd
, sta
);
711 wpa_auth_pmksa_remove(hapd
->wpa_auth
, sta
->addr
);
713 if (sae_check_big_sync(sta
))
714 return WLAN_STATUS_SUCCESS
;
717 ret
= auth_sae_send_confirm(hapd
, sta
, bssid
);
718 sae_clear_temp_data(sta
->sae
);
724 wpa_printf(MSG_ERROR
, "SAE: invalid state %d",
726 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
728 return WLAN_STATUS_SUCCESS
;
732 static void sae_pick_next_group(struct hostapd_data
*hapd
, struct sta_info
*sta
)
734 struct sae_data
*sae
= sta
->sae
;
735 int i
, *groups
= hapd
->conf
->sae_groups
;
737 if (sae
->state
!= SAE_COMMITTED
)
740 wpa_printf(MSG_DEBUG
, "SAE: Previously selected group: %d", sae
->group
);
742 for (i
= 0; groups
&& groups
[i
] > 0; i
++) {
743 if (sae
->group
== groups
[i
])
747 if (!groups
|| groups
[i
] <= 0) {
748 wpa_printf(MSG_DEBUG
,
749 "SAE: Previously selected group not found from the current configuration");
755 if (groups
[i
] <= 0) {
756 wpa_printf(MSG_DEBUG
,
757 "SAE: No alternative group enabled");
761 if (sae_set_group(sae
, groups
[i
]) < 0)
766 wpa_printf(MSG_DEBUG
, "SAE: Selected new group: %d", groups
[i
]);
770 static void handle_auth_sae(struct hostapd_data
*hapd
, struct sta_info
*sta
,
771 const struct ieee80211_mgmt
*mgmt
, size_t len
,
772 u16 auth_transaction
, u16 status_code
)
774 int resp
= WLAN_STATUS_SUCCESS
;
775 struct wpabuf
*data
= NULL
;
778 if (auth_transaction
!= 1 ||
779 status_code
!= WLAN_STATUS_SUCCESS
) {
783 sta
->sae
= os_zalloc(sizeof(*sta
->sae
));
788 sta
->sae
->state
= SAE_NOTHING
;
792 if (sta
->mesh_sae_pmksa_caching
) {
793 wpa_printf(MSG_DEBUG
,
794 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication");
795 wpa_auth_pmksa_remove(hapd
->wpa_auth
, sta
->addr
);
796 sta
->mesh_sae_pmksa_caching
= 0;
799 if (auth_transaction
== 1) {
800 const u8
*token
= NULL
, *pos
, *end
;
801 size_t token_len
= 0;
802 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
804 "start SAE authentication (RX commit, status=%u)",
807 if ((hapd
->conf
->mesh
& MESH_ENABLED
) &&
808 status_code
== WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ
&&
810 pos
= mgmt
->u
.auth
.variable
;
811 end
= ((const u8
*) mgmt
) + len
;
812 if (pos
+ sizeof(le16
) > end
) {
813 wpa_printf(MSG_ERROR
,
814 "SAE: Too short anti-clogging token request");
815 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
818 resp
= sae_group_allowed(sta
->sae
,
819 hapd
->conf
->sae_groups
,
821 if (resp
!= WLAN_STATUS_SUCCESS
) {
822 wpa_printf(MSG_ERROR
,
823 "SAE: Invalid group in anti-clogging token request");
828 wpabuf_free(sta
->sae
->tmp
->anti_clogging_token
);
829 sta
->sae
->tmp
->anti_clogging_token
=
830 wpabuf_alloc_copy(pos
, end
- pos
);
831 if (sta
->sae
->tmp
->anti_clogging_token
== NULL
) {
832 wpa_printf(MSG_ERROR
,
833 "SAE: Failed to alloc for anti-clogging token");
834 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
839 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code
840 * is 76, a new Commit Message shall be constructed
841 * with the Anti-Clogging Token from the received
842 * Authentication frame, and the commit-scalar and
843 * COMMIT-ELEMENT previously sent.
845 resp
= auth_sae_send_commit(hapd
, sta
, mgmt
->bssid
, 0);
846 if (resp
!= WLAN_STATUS_SUCCESS
) {
847 wpa_printf(MSG_ERROR
,
848 "SAE: Failed to send commit message");
851 sta
->sae
->state
= SAE_COMMITTED
;
853 sae_set_retransmit_timer(hapd
, sta
);
857 if ((hapd
->conf
->mesh
& MESH_ENABLED
) &&
859 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED
&&
861 wpa_printf(MSG_DEBUG
,
862 "SAE: Peer did not accept our SAE group");
863 sae_pick_next_group(hapd
, sta
);
867 if (status_code
!= WLAN_STATUS_SUCCESS
)
870 resp
= sae_parse_commit(sta
->sae
, mgmt
->u
.auth
.variable
,
871 ((const u8
*) mgmt
) + len
-
872 mgmt
->u
.auth
.variable
, &token
,
873 &token_len
, hapd
->conf
->sae_groups
);
874 if (resp
== SAE_SILENTLY_DISCARD
) {
875 wpa_printf(MSG_DEBUG
,
876 "SAE: Drop commit message from " MACSTR
" due to reflection attack",
880 if (token
&& check_sae_token(hapd
, sta
->addr
, token
, token_len
)
882 wpa_printf(MSG_DEBUG
, "SAE: Drop commit message with "
883 "incorrect token from " MACSTR
,
885 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
889 if (resp
!= WLAN_STATUS_SUCCESS
)
892 if (!token
&& use_sae_anti_clogging(hapd
)) {
893 wpa_printf(MSG_DEBUG
,
894 "SAE: Request anti-clogging token from "
895 MACSTR
, MAC2STR(sta
->addr
));
896 data
= auth_build_token_req(hapd
, sta
->sae
->group
,
898 resp
= WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ
;
899 if (hapd
->conf
->mesh
& MESH_ENABLED
)
900 sta
->sae
->state
= SAE_NOTHING
;
904 resp
= sae_sm_step(hapd
, sta
, mgmt
->bssid
, auth_transaction
);
905 } else if (auth_transaction
== 2) {
906 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
908 "SAE authentication (RX confirm, status=%u)",
910 if (status_code
!= WLAN_STATUS_SUCCESS
)
912 if (sta
->sae
->state
>= SAE_CONFIRMED
||
913 !(hapd
->conf
->mesh
& MESH_ENABLED
)) {
914 if (sae_check_confirm(sta
->sae
, mgmt
->u
.auth
.variable
,
915 ((u8
*) mgmt
) + len
-
916 mgmt
->u
.auth
.variable
) < 0) {
917 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
921 resp
= sae_sm_step(hapd
, sta
, mgmt
->bssid
, auth_transaction
);
923 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
925 "unexpected SAE authentication transaction %u (status=%u)",
926 auth_transaction
, status_code
);
927 if (status_code
!= WLAN_STATUS_SUCCESS
)
929 resp
= WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION
;
933 if (resp
!= WLAN_STATUS_SUCCESS
) {
934 send_auth_reply(hapd
, mgmt
->sa
, mgmt
->bssid
, WLAN_AUTH_SAE
,
935 auth_transaction
, resp
,
936 data
? wpabuf_head(data
) : (u8
*) "",
937 data
? wpabuf_len(data
) : 0);
941 if (sta
->added_unassoc
&& (resp
!= WLAN_STATUS_SUCCESS
||
942 status_code
!= WLAN_STATUS_SUCCESS
)) {
943 hostapd_drv_sta_remove(hapd
, sta
->addr
);
944 sta
->added_unassoc
= 0;
951 * auth_sae_init_committed - Send COMMIT and start SAE in committed state
952 * @hapd: BSS data for the device initiating the authentication
953 * @sta: the peer to which commit authentication frame is sent
955 * This function implements Init event handling (IEEE Std 802.11-2012,
956 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the
957 * sta->sae structure should be initialized appropriately via a call to
958 * sae_prepare_commit().
960 int auth_sae_init_committed(struct hostapd_data
*hapd
, struct sta_info
*sta
)
964 if (!sta
->sae
|| !sta
->sae
->tmp
)
967 if (sta
->sae
->state
!= SAE_NOTHING
)
970 ret
= auth_sae_send_commit(hapd
, sta
, hapd
->own_addr
, 0);
974 sta
->sae
->state
= SAE_COMMITTED
;
976 sae_set_retransmit_timer(hapd
, sta
);
981 #endif /* CONFIG_SAE */
984 static u16
wpa_res_to_status_code(int res
)
986 if (res
== WPA_INVALID_GROUP
)
987 return WLAN_STATUS_GROUP_CIPHER_NOT_VALID
;
988 if (res
== WPA_INVALID_PAIRWISE
)
989 return WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID
;
990 if (res
== WPA_INVALID_AKMP
)
991 return WLAN_STATUS_AKMP_NOT_VALID
;
992 if (res
== WPA_ALLOC_FAIL
)
993 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
994 #ifdef CONFIG_IEEE80211W
995 if (res
== WPA_MGMT_FRAME_PROTECTION_VIOLATION
)
996 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION
;
997 if (res
== WPA_INVALID_MGMT_GROUP_CIPHER
)
998 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION
;
999 #endif /* CONFIG_IEEE80211W */
1000 if (res
== WPA_INVALID_MDIE
)
1001 return WLAN_STATUS_INVALID_MDIE
;
1002 if (res
!= WPA_IE_OK
)
1003 return WLAN_STATUS_INVALID_IE
;
1004 return WLAN_STATUS_SUCCESS
;
1010 static void handle_auth_fils_finish(struct hostapd_data
*hapd
,
1011 struct sta_info
*sta
, u16 resp
,
1012 struct rsn_pmksa_cache_entry
*pmksa
,
1013 struct wpabuf
*erp_resp
,
1014 const u8
*msk
, size_t msk_len
);
1016 static void handle_auth_fils(struct hostapd_data
*hapd
, struct sta_info
*sta
,
1017 const struct ieee80211_mgmt
*mgmt
, size_t len
,
1018 u16 auth_transaction
, u16 status_code
)
1020 u16 resp
= WLAN_STATUS_SUCCESS
;
1021 const u8
*pos
, *end
;
1022 struct ieee802_11_elems elems
;
1024 struct wpa_ie_data rsn
;
1025 struct rsn_pmksa_cache_entry
*pmksa
= NULL
;
1027 if (auth_transaction
!= 1 || status_code
!= WLAN_STATUS_SUCCESS
)
1030 pos
= mgmt
->u
.auth
.variable
;
1031 end
= ((const u8
*) mgmt
) + len
;
1033 wpa_hexdump(MSG_DEBUG
, "FILS: Authentication frame fields",
1036 /* TODO: Finite Cyclic Group when using PK or PFS */
1037 /* TODO: Element when using PK or PFS */
1039 wpa_hexdump(MSG_DEBUG
, "FILS: Remaining IEs", pos
, end
- pos
);
1040 if (ieee802_11_parse_elems(pos
, end
- pos
, &elems
, 1) == ParseFailed
) {
1041 wpa_printf(MSG_DEBUG
, "FILS: Could not parse elements");
1042 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1047 wpa_hexdump(MSG_DEBUG
, "FILS: RSN element",
1048 elems
.rsn_ie
, elems
.rsn_ie_len
);
1049 if (!elems
.rsn_ie
||
1050 wpa_parse_wpa_ie_rsn(elems
.rsn_ie
- 2, elems
.rsn_ie_len
+ 2,
1052 wpa_printf(MSG_DEBUG
, "FILS: No valid RSN element");
1053 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1058 sta
->wpa_sm
= wpa_auth_sta_init(hapd
->wpa_auth
, sta
->addr
,
1061 wpa_printf(MSG_DEBUG
,
1062 "FILS: Failed to initialize RSN state machine");
1063 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1067 res
= wpa_validate_wpa_ie(hapd
->wpa_auth
, sta
->wpa_sm
,
1068 elems
.rsn_ie
- 2, elems
.rsn_ie_len
+ 2,
1069 elems
.mdie
, elems
.mdie_len
);
1070 resp
= wpa_res_to_status_code(res
);
1071 if (resp
!= WLAN_STATUS_SUCCESS
)
1074 /* TODO: MDE when using FILS+FT */
1075 /* TODO: FTE when using FILS+FT */
1077 if (!elems
.fils_nonce
) {
1078 wpa_printf(MSG_DEBUG
, "FILS: No FILS Nonce field");
1079 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1082 wpa_hexdump(MSG_DEBUG
, "FILS: SNonce", elems
.fils_nonce
,
1084 os_memcpy(sta
->fils_snonce
, elems
.fils_nonce
, FILS_NONCE_LEN
);
1087 if (rsn
.pmkid
&& rsn
.num_pmkid
> 0) {
1091 wpa_hexdump(MSG_DEBUG
, "FILS: PMKID List",
1092 rsn
.pmkid
, rsn
.num_pmkid
* PMKID_LEN
);
1095 num
= rsn
.num_pmkid
;
1097 wpa_hexdump(MSG_DEBUG
, "FILS: PMKID", pmkid
, PMKID_LEN
);
1098 pmksa
= wpa_auth_pmksa_get(hapd
->wpa_auth
, sta
->addr
,
1102 pmksa
= wpa_auth_pmksa_get_fils_cache_id(hapd
->wpa_auth
,
1111 if (pmksa
&& wpa_auth_sta_key_mgmt(sta
->wpa_sm
) != pmksa
->akmp
) {
1112 wpa_printf(MSG_DEBUG
,
1113 "FILS: Matching PMKSA cache entry has different AKMP (0x%x != 0x%x) - ignore",
1114 wpa_auth_sta_key_mgmt(sta
->wpa_sm
), pmksa
->akmp
);
1118 wpa_printf(MSG_DEBUG
, "FILS: Found matching PMKSA cache entry");
1121 if (!elems
.fils_session
) {
1122 wpa_printf(MSG_DEBUG
, "FILS: No FILS Session element");
1123 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1126 wpa_hexdump(MSG_DEBUG
, "FILS: FILS Session", elems
.fils_session
,
1128 os_memcpy(sta
->fils_session
, elems
.fils_session
, FILS_SESSION_LEN
);
1130 /* FILS Wrapped Data */
1131 if (elems
.fils_wrapped_data
) {
1132 wpa_hexdump(MSG_DEBUG
, "FILS: Wrapped Data",
1133 elems
.fils_wrapped_data
,
1134 elems
.fils_wrapped_data_len
);
1136 #ifndef CONFIG_NO_RADIUS
1137 if (!sta
->eapol_sm
) {
1139 ieee802_1x_alloc_eapol_sm(hapd
, sta
);
1141 wpa_printf(MSG_DEBUG
,
1142 "FILS: Forward EAP-Identity/Re-auth Start to authentication server");
1143 ieee802_1x_encapsulate_radius(
1144 hapd
, sta
, elems
.fils_wrapped_data
,
1145 elems
.fils_wrapped_data_len
);
1146 wpa_printf(MSG_DEBUG
,
1147 "FILS: Will send Authentication frame once the response from authentication server is available");
1148 sta
->flags
|= WLAN_STA_PENDING_FILS_ERP
;
1150 #else /* CONFIG_NO_RADIUS */
1151 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1153 #endif /* CONFIG_NO_RADIUS */
1158 handle_auth_fils_finish(hapd
, sta
, resp
, pmksa
, NULL
, NULL
, 0);
1162 static void handle_auth_fils_finish(struct hostapd_data
*hapd
,
1163 struct sta_info
*sta
, u16 resp
,
1164 struct rsn_pmksa_cache_entry
*pmksa
,
1165 struct wpabuf
*erp_resp
,
1166 const u8
*msk
, size_t msk_len
)
1168 u8 fils_nonce
[FILS_NONCE_LEN
];
1170 struct wpabuf
*data
= NULL
;
1173 const u8
*pmk
= NULL
;
1175 u8 pmk_buf
[PMK_LEN_MAX
];
1177 if (resp
!= WLAN_STATUS_SUCCESS
)
1180 ie
= wpa_auth_get_wpa_ie(hapd
->wpa_auth
, &ielen
);
1182 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1186 /* Add PMKID of the selected PMKSA into RSNE */
1187 ie_buf
= os_malloc(ielen
+ 2 + 2 + PMKID_LEN
);
1189 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1192 os_memcpy(ie_buf
, ie
, ielen
);
1193 if (wpa_insert_pmkid(ie_buf
, &ielen
, pmksa
->pmkid
) < 0) {
1194 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1200 if (random_get_bytes(fils_nonce
, FILS_NONCE_LEN
) < 0) {
1201 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1204 wpa_hexdump(MSG_DEBUG
, "RSN: Generated FILS Nonce",
1205 fils_nonce
, FILS_NONCE_LEN
);
1207 data
= wpabuf_alloc(1000 + ielen
);
1209 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1213 /* TODO: Finite Cyclic Group when using PK or PFS */
1214 /* TODO: Element when using PK or PFS */
1217 wpabuf_put_data(data
, ie
, ielen
);
1219 /* TODO: MDE when using FILS+FT */
1220 /* TODO: FTE when using FILS+FT */
1223 wpabuf_put_u8(data
, WLAN_EID_EXTENSION
); /* Element ID */
1224 wpabuf_put_u8(data
, 1 + FILS_NONCE_LEN
); /* Length */
1225 /* Element ID Extension */
1226 wpabuf_put_u8(data
, WLAN_EID_EXT_FILS_NONCE
);
1227 wpabuf_put_data(data
, fils_nonce
, FILS_NONCE_LEN
);
1230 wpabuf_put_u8(data
, WLAN_EID_EXTENSION
); /* Element ID */
1231 wpabuf_put_u8(data
, 1 + FILS_SESSION_LEN
); /* Length */
1232 /* Element ID Extension */
1233 wpabuf_put_u8(data
, WLAN_EID_EXT_FILS_SESSION
);
1234 wpabuf_put_data(data
, sta
->fils_session
, FILS_SESSION_LEN
);
1236 /* FILS Wrapped Data */
1237 if (!pmksa
&& erp_resp
) {
1238 wpabuf_put_u8(data
, WLAN_EID_EXTENSION
); /* Element ID */
1239 wpabuf_put_u8(data
, 1 + wpabuf_len(erp_resp
)); /* Length */
1240 /* Element ID Extension */
1241 wpabuf_put_u8(data
, WLAN_EID_EXT_FILS_WRAPPED_DATA
);
1242 wpabuf_put_buf(data
, erp_resp
);
1244 if (fils_rmsk_to_pmk(wpa_auth_sta_key_mgmt(sta
->wpa_sm
),
1245 msk
, msk_len
, sta
->fils_snonce
, fils_nonce
,
1246 NULL
, 0, pmk_buf
, &pmk_len
)) {
1247 wpa_printf(MSG_DEBUG
, "FILS: Failed to derive PMK");
1248 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1256 pmk_len
= pmksa
->pmk_len
;
1260 wpa_printf(MSG_DEBUG
, "FILS: No PMK available");
1261 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1267 if (fils_auth_pmk_to_ptk(sta
->wpa_sm
, pmk
, pmk_len
,
1268 sta
->fils_snonce
, fils_nonce
) < 0) {
1269 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1276 send_auth_reply(hapd
, sta
->addr
, hapd
->own_addr
, WLAN_AUTH_FILS_SK
, 2,
1278 data
? wpabuf_head(data
) : (u8
*) "",
1279 data
? wpabuf_len(data
) : 0);
1282 if (resp
== WLAN_STATUS_SUCCESS
) {
1283 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
1284 HOSTAPD_LEVEL_DEBUG
,
1285 "authentication OK (FILS)");
1286 sta
->flags
|= WLAN_STA_AUTH
;
1287 wpa_auth_sm_event(sta
->wpa_sm
, WPA_AUTH
);
1288 sta
->auth_alg
= WLAN_AUTH_FILS_SK
;
1289 mlme_authenticate_indication(hapd
, sta
);
1296 void ieee802_11_finish_fils_auth(struct hostapd_data
*hapd
,
1297 struct sta_info
*sta
, int success
,
1298 struct wpabuf
*erp_resp
,
1299 const u8
*msk
, size_t msk_len
)
1301 sta
->flags
&= ~WLAN_STA_PENDING_FILS_ERP
;
1302 handle_auth_fils_finish(hapd
, sta
, success
? WLAN_STATUS_SUCCESS
:
1303 WLAN_STATUS_UNSPECIFIED_FAILURE
, NULL
,
1304 erp_resp
, msk
, msk_len
);
1307 #endif /* CONFIG_FILS */
1311 ieee802_11_allowed_address(struct hostapd_data
*hapd
, const u8
*addr
,
1312 const u8
*msg
, size_t len
, u32
*session_timeout
,
1313 u32
*acct_interim_interval
,
1314 struct vlan_description
*vlan_id
,
1315 struct hostapd_sta_wpa_psk_short
**psk
,
1316 char **identity
, char **radius_cui
)
1320 os_memset(vlan_id
, 0, sizeof(*vlan_id
));
1321 res
= hostapd_allowed_address(hapd
, addr
, msg
, len
,
1322 session_timeout
, acct_interim_interval
,
1323 vlan_id
, psk
, identity
, radius_cui
);
1325 if (res
== HOSTAPD_ACL_REJECT
) {
1326 wpa_printf(MSG_INFO
,
1327 "Station " MACSTR
" not allowed to authenticate",
1329 return HOSTAPD_ACL_REJECT
;
1332 if (res
== HOSTAPD_ACL_PENDING
) {
1333 wpa_printf(MSG_DEBUG
, "Authentication frame from " MACSTR
1334 " waiting for an external authentication",
1336 /* Authentication code will re-send the authentication frame
1337 * after it has received (and cached) information from the
1338 * external source. */
1339 return HOSTAPD_ACL_PENDING
;
1347 ieee802_11_set_radius_info(struct hostapd_data
*hapd
, struct sta_info
*sta
,
1348 int res
, u32 session_timeout
,
1349 u32 acct_interim_interval
,
1350 struct vlan_description
*vlan_id
,
1351 struct hostapd_sta_wpa_psk_short
**psk
,
1352 char **identity
, char **radius_cui
)
1354 if (vlan_id
->notempty
&&
1355 !hostapd_vlan_valid(hapd
->conf
->vlan
, vlan_id
)) {
1356 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_RADIUS
,
1358 "Invalid VLAN %d%s received from RADIUS server",
1360 vlan_id
->tagged
[0] ? "+" : "");
1363 if (ap_sta_set_vlan(hapd
, sta
, vlan_id
) < 0)
1366 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_RADIUS
,
1367 HOSTAPD_LEVEL_INFO
, "VLAN ID %d", sta
->vlan_id
);
1369 hostapd_free_psk_list(sta
->psk
);
1370 if (hapd
->conf
->wpa_psk_radius
!= PSK_RADIUS_IGNORED
) {
1377 sta
->identity
= *identity
;
1379 sta
->radius_cui
= *radius_cui
;
1382 if (hapd
->conf
->acct_interim_interval
== 0 && acct_interim_interval
)
1383 sta
->acct_interim_interval
= acct_interim_interval
;
1384 if (res
== HOSTAPD_ACL_ACCEPT_TIMEOUT
)
1385 ap_sta_session_timeout(hapd
, sta
, session_timeout
);
1387 ap_sta_no_session_timeout(hapd
, sta
);
1393 static void handle_auth(struct hostapd_data
*hapd
,
1394 const struct ieee80211_mgmt
*mgmt
, size_t len
)
1396 u16 auth_alg
, auth_transaction
, status_code
;
1397 u16 resp
= WLAN_STATUS_SUCCESS
;
1398 struct sta_info
*sta
= NULL
;
1401 const u8
*challenge
= NULL
;
1402 u32 session_timeout
, acct_interim_interval
;
1403 struct vlan_description vlan_id
;
1404 struct hostapd_sta_wpa_psk_short
*psk
= NULL
;
1405 u8 resp_ies
[2 + WLAN_AUTH_CHALLENGE_LEN
];
1406 size_t resp_ies_len
= 0;
1407 char *identity
= NULL
;
1408 char *radius_cui
= NULL
;
1411 if (len
< IEEE80211_HDRLEN
+ sizeof(mgmt
->u
.auth
)) {
1412 wpa_printf(MSG_INFO
, "handle_auth - too short payload (len=%lu)",
1413 (unsigned long) len
);
1417 #ifdef CONFIG_TESTING_OPTIONS
1418 if (hapd
->iconf
->ignore_auth_probability
> 0.0 &&
1419 drand48() < hapd
->iconf
->ignore_auth_probability
) {
1420 wpa_printf(MSG_INFO
,
1421 "TESTING: ignoring auth frame from " MACSTR
,
1425 #endif /* CONFIG_TESTING_OPTIONS */
1427 auth_alg
= le_to_host16(mgmt
->u
.auth
.auth_alg
);
1428 auth_transaction
= le_to_host16(mgmt
->u
.auth
.auth_transaction
);
1429 status_code
= le_to_host16(mgmt
->u
.auth
.status_code
);
1430 fc
= le_to_host16(mgmt
->frame_control
);
1431 seq_ctrl
= le_to_host16(mgmt
->seq_ctrl
);
1433 if (len
>= IEEE80211_HDRLEN
+ sizeof(mgmt
->u
.auth
) +
1434 2 + WLAN_AUTH_CHALLENGE_LEN
&&
1435 mgmt
->u
.auth
.variable
[0] == WLAN_EID_CHALLENGE
&&
1436 mgmt
->u
.auth
.variable
[1] == WLAN_AUTH_CHALLENGE_LEN
)
1437 challenge
= &mgmt
->u
.auth
.variable
[2];
1439 wpa_printf(MSG_DEBUG
, "authentication: STA=" MACSTR
" auth_alg=%d "
1440 "auth_transaction=%d status_code=%d wep=%d%s "
1442 MAC2STR(mgmt
->sa
), auth_alg
, auth_transaction
,
1443 status_code
, !!(fc
& WLAN_FC_ISWEP
),
1444 challenge
? " challenge" : "",
1445 seq_ctrl
, (fc
& WLAN_FC_RETRY
) ? " retry" : "");
1447 #ifdef CONFIG_NO_RC4
1448 if (auth_alg
== WLAN_AUTH_SHARED_KEY
) {
1449 wpa_printf(MSG_INFO
,
1450 "Unsupported authentication algorithm (%d)",
1452 resp
= WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG
;
1455 #endif /* CONFIG_NO_RC4 */
1457 if (hapd
->tkip_countermeasures
) {
1458 resp
= WLAN_REASON_MICHAEL_MIC_FAILURE
;
1462 if (!(((hapd
->conf
->auth_algs
& WPA_AUTH_ALG_OPEN
) &&
1463 auth_alg
== WLAN_AUTH_OPEN
) ||
1464 #ifdef CONFIG_IEEE80211R_AP
1465 (hapd
->conf
->wpa
&& wpa_key_mgmt_ft(hapd
->conf
->wpa_key_mgmt
) &&
1466 auth_alg
== WLAN_AUTH_FT
) ||
1467 #endif /* CONFIG_IEEE80211R_AP */
1469 (hapd
->conf
->wpa
&& wpa_key_mgmt_sae(hapd
->conf
->wpa_key_mgmt
) &&
1470 auth_alg
== WLAN_AUTH_SAE
) ||
1471 #endif /* CONFIG_SAE */
1473 (hapd
->conf
->wpa
&& wpa_key_mgmt_fils(hapd
->conf
->wpa_key_mgmt
) &&
1474 auth_alg
== WLAN_AUTH_FILS_SK
) ||
1475 #endif /* CONFIG_FILS */
1476 ((hapd
->conf
->auth_algs
& WPA_AUTH_ALG_SHARED
) &&
1477 auth_alg
== WLAN_AUTH_SHARED_KEY
))) {
1478 wpa_printf(MSG_INFO
, "Unsupported authentication algorithm (%d)",
1480 resp
= WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG
;
1484 if (!(auth_transaction
== 1 || auth_alg
== WLAN_AUTH_SAE
||
1485 (auth_alg
== WLAN_AUTH_SHARED_KEY
&& auth_transaction
== 3))) {
1486 wpa_printf(MSG_INFO
, "Unknown authentication transaction number (%d)",
1488 resp
= WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION
;
1492 if (os_memcmp(mgmt
->sa
, hapd
->own_addr
, ETH_ALEN
) == 0) {
1493 wpa_printf(MSG_INFO
, "Station " MACSTR
" not allowed to authenticate",
1495 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1499 if (hapd
->conf
->no_auth_if_seen_on
) {
1500 struct hostapd_data
*other
;
1502 other
= sta_track_seen_on(hapd
->iface
, mgmt
->sa
,
1503 hapd
->conf
->no_auth_if_seen_on
);
1507 u8 op_class
, channel
, phytype
;
1509 wpa_printf(MSG_DEBUG
, "%s: Reject authentication from "
1510 MACSTR
" since STA has been seen on %s",
1511 hapd
->conf
->iface
, MAC2STR(mgmt
->sa
),
1512 hapd
->conf
->no_auth_if_seen_on
);
1514 resp
= WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION
;
1516 *pos
++ = WLAN_EID_NEIGHBOR_REPORT
;
1518 os_memcpy(pos
, other
->own_addr
, ETH_ALEN
);
1520 info
= 0; /* TODO: BSSID Information */
1521 WPA_PUT_LE32(pos
, info
);
1523 if (other
->iconf
->hw_mode
== HOSTAPD_MODE_IEEE80211AD
)
1524 phytype
= 8; /* dmg */
1525 else if (other
->iconf
->ieee80211ac
)
1526 phytype
= 9; /* vht */
1527 else if (other
->iconf
->ieee80211n
)
1528 phytype
= 7; /* ht */
1529 else if (other
->iconf
->hw_mode
==
1530 HOSTAPD_MODE_IEEE80211A
)
1531 phytype
= 4; /* ofdm */
1532 else if (other
->iconf
->hw_mode
==
1533 HOSTAPD_MODE_IEEE80211G
)
1534 phytype
= 6; /* erp */
1536 phytype
= 5; /* hrdsss */
1537 if (ieee80211_freq_to_channel_ext(
1538 hostapd_hw_get_freq(other
,
1539 other
->iconf
->channel
),
1540 other
->iconf
->secondary_channel
,
1541 other
->iconf
->ieee80211ac
,
1542 &op_class
, &channel
) == NUM_HOSTAPD_MODES
) {
1544 channel
= other
->iconf
->channel
;
1549 resp_ies_len
= pos
- &resp_ies
[0];
1554 res
= ieee802_11_allowed_address(
1555 hapd
, mgmt
->sa
, (const u8
*) mgmt
, len
, &session_timeout
,
1556 &acct_interim_interval
, &vlan_id
, &psk
, &identity
, &radius_cui
);
1557 if (res
== HOSTAPD_ACL_REJECT
) {
1558 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1561 if (res
== HOSTAPD_ACL_PENDING
)
1564 sta
= ap_get_sta(hapd
, mgmt
->sa
);
1566 sta
->flags
&= ~WLAN_STA_PENDING_FILS_ERP
;
1567 if ((fc
& WLAN_FC_RETRY
) &&
1568 sta
->last_seq_ctrl
!= WLAN_INVALID_MGMT_SEQ
&&
1569 sta
->last_seq_ctrl
== seq_ctrl
&&
1570 sta
->last_subtype
== WLAN_FC_STYPE_AUTH
) {
1571 hostapd_logger(hapd
, sta
->addr
,
1572 HOSTAPD_MODULE_IEEE80211
,
1573 HOSTAPD_LEVEL_DEBUG
,
1574 "Drop repeated authentication frame seq_ctrl=0x%x",
1579 if ((hapd
->conf
->mesh
& MESH_ENABLED
) &&
1580 sta
->plink_state
== PLINK_BLOCKED
) {
1581 wpa_printf(MSG_DEBUG
, "Mesh peer " MACSTR
1582 " is blocked - drop Authentication frame",
1586 #endif /* CONFIG_MESH */
1589 if (hapd
->conf
->mesh
& MESH_ENABLED
) {
1590 /* if the mesh peer is not available, we don't do auth.
1592 wpa_printf(MSG_DEBUG
, "Mesh peer " MACSTR
1593 " not yet known - drop Authentication frame",
1596 * Save a copy of the frame so that it can be processed
1597 * if a new peer entry is added shortly after this.
1599 wpabuf_free(hapd
->mesh_pending_auth
);
1600 hapd
->mesh_pending_auth
= wpabuf_alloc_copy(mgmt
, len
);
1601 os_get_reltime(&hapd
->mesh_pending_auth_time
);
1604 #endif /* CONFIG_MESH */
1606 sta
= ap_sta_add(hapd
, mgmt
->sa
);
1608 resp
= WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA
;
1612 sta
->last_seq_ctrl
= seq_ctrl
;
1613 sta
->last_subtype
= WLAN_FC_STYPE_AUTH
;
1615 res
= ieee802_11_set_radius_info(
1616 hapd
, sta
, res
, session_timeout
, acct_interim_interval
,
1617 &vlan_id
, &psk
, &identity
, &radius_cui
);
1619 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1623 sta
->flags
&= ~WLAN_STA_PREAUTH
;
1624 ieee802_1x_notify_pre_auth(sta
->eapol_sm
, 0);
1627 * If the driver supports full AP client state, add a station to the
1628 * driver before sending authentication reply to make sure the driver
1629 * has resources, and not to go through the entire authentication and
1630 * association handshake, and fail it at the end.
1632 * If this is not the first transaction, in a multi-step authentication
1633 * algorithm, the station already exists in the driver
1634 * (sta->added_unassoc = 1) so skip it.
1636 * In mesh mode, the station was already added to the driver when the
1637 * NEW_PEER_CANDIDATE event is received.
1639 * If PMF was negotiated for the existing association, skip this to
1640 * avoid dropping the STA entry and the associated keys. This is needed
1641 * to allow the original connection work until the attempt can complete
1642 * (re)association, so that unprotected Authentication frame cannot be
1643 * used to bypass PMF protection.
1645 if (FULL_AP_CLIENT_STATE_SUPP(hapd
->iface
->drv_flags
) &&
1646 (!(sta
->flags
& WLAN_STA_MFP
) || !ap_sta_is_authorized(sta
)) &&
1647 !(hapd
->conf
->mesh
& MESH_ENABLED
) &&
1648 !(sta
->added_unassoc
)) {
1650 * If a station that is already associated to the AP, is trying
1651 * to authenticate again, remove the STA entry, in order to make
1652 * sure the STA PS state gets cleared and configuration gets
1653 * updated. To handle this, station's added_unassoc flag is
1654 * cleared once the station has completed association.
1656 hostapd_drv_sta_remove(hapd
, sta
->addr
);
1657 sta
->flags
&= ~(WLAN_STA_ASSOC
| WLAN_STA_AUTH
|
1658 WLAN_STA_AUTHORIZED
);
1660 if (hostapd_sta_add(hapd
, sta
->addr
, 0, 0, NULL
, 0, 0,
1661 NULL
, NULL
, sta
->flags
, 0, 0, 0, 0)) {
1662 hostapd_logger(hapd
, sta
->addr
,
1663 HOSTAPD_MODULE_IEEE80211
,
1664 HOSTAPD_LEVEL_NOTICE
,
1665 "Could not add STA to kernel driver");
1666 resp
= WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA
;
1670 sta
->added_unassoc
= 1;
1674 case WLAN_AUTH_OPEN
:
1675 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
1676 HOSTAPD_LEVEL_DEBUG
,
1677 "authentication OK (open system)");
1678 sta
->flags
|= WLAN_STA_AUTH
;
1679 wpa_auth_sm_event(sta
->wpa_sm
, WPA_AUTH
);
1680 sta
->auth_alg
= WLAN_AUTH_OPEN
;
1681 mlme_authenticate_indication(hapd
, sta
);
1683 #ifndef CONFIG_NO_RC4
1684 case WLAN_AUTH_SHARED_KEY
:
1685 resp
= auth_shared_key(hapd
, sta
, auth_transaction
, challenge
,
1686 fc
& WLAN_FC_ISWEP
);
1687 sta
->auth_alg
= WLAN_AUTH_SHARED_KEY
;
1688 mlme_authenticate_indication(hapd
, sta
);
1689 if (sta
->challenge
&& auth_transaction
== 1) {
1690 resp_ies
[0] = WLAN_EID_CHALLENGE
;
1691 resp_ies
[1] = WLAN_AUTH_CHALLENGE_LEN
;
1692 os_memcpy(resp_ies
+ 2, sta
->challenge
,
1693 WLAN_AUTH_CHALLENGE_LEN
);
1694 resp_ies_len
= 2 + WLAN_AUTH_CHALLENGE_LEN
;
1697 #endif /* CONFIG_NO_RC4 */
1698 #ifdef CONFIG_IEEE80211R_AP
1700 sta
->auth_alg
= WLAN_AUTH_FT
;
1701 if (sta
->wpa_sm
== NULL
)
1702 sta
->wpa_sm
= wpa_auth_sta_init(hapd
->wpa_auth
,
1704 if (sta
->wpa_sm
== NULL
) {
1705 wpa_printf(MSG_DEBUG
, "FT: Failed to initialize WPA "
1707 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1710 wpa_ft_process_auth(sta
->wpa_sm
, mgmt
->bssid
,
1711 auth_transaction
, mgmt
->u
.auth
.variable
,
1712 len
- IEEE80211_HDRLEN
-
1713 sizeof(mgmt
->u
.auth
),
1714 handle_auth_ft_finish
, hapd
);
1715 /* handle_auth_ft_finish() callback will complete auth. */
1717 #endif /* CONFIG_IEEE80211R_AP */
1721 if (status_code
== WLAN_STATUS_SUCCESS
&&
1722 hapd
->conf
->mesh
& MESH_ENABLED
) {
1723 if (sta
->wpa_sm
== NULL
)
1725 wpa_auth_sta_init(hapd
->wpa_auth
,
1727 if (sta
->wpa_sm
== NULL
) {
1728 wpa_printf(MSG_DEBUG
,
1729 "SAE: Failed to initialize WPA state machine");
1730 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
1734 #endif /* CONFIG_MESH */
1735 handle_auth_sae(hapd
, sta
, mgmt
, len
, auth_transaction
,
1738 #endif /* CONFIG_SAE */
1740 case WLAN_AUTH_FILS_SK
:
1741 handle_auth_fils(hapd
, sta
, mgmt
, len
, auth_transaction
,
1744 #endif /* CONFIG_FILS */
1749 os_free(radius_cui
);
1750 hostapd_free_psk_list(psk
);
1752 reply_res
= send_auth_reply(hapd
, mgmt
->sa
, mgmt
->bssid
, auth_alg
,
1753 auth_transaction
+ 1, resp
, resp_ies
,
1756 if (sta
&& sta
->added_unassoc
&& (resp
!= WLAN_STATUS_SUCCESS
||
1757 reply_res
!= WLAN_STATUS_SUCCESS
)) {
1758 hostapd_drv_sta_remove(hapd
, sta
->addr
);
1759 sta
->added_unassoc
= 0;
1764 int hostapd_get_aid(struct hostapd_data
*hapd
, struct sta_info
*sta
)
1768 /* get a unique AID */
1770 wpa_printf(MSG_DEBUG
, " old AID %d", sta
->aid
);
1777 for (i
= 0; i
< AID_WORDS
; i
++) {
1778 if (hapd
->sta_aid
[i
] == (u32
) -1)
1780 for (j
= 0; j
< 32; j
++) {
1781 if (!(hapd
->sta_aid
[i
] & BIT(j
)))
1789 aid
= i
* 32 + j
+ 1;
1794 hapd
->sta_aid
[i
] |= BIT(j
);
1795 wpa_printf(MSG_DEBUG
, " new AID %d", sta
->aid
);
1800 static u16
check_ssid(struct hostapd_data
*hapd
, struct sta_info
*sta
,
1801 const u8
*ssid_ie
, size_t ssid_ie_len
)
1803 if (ssid_ie
== NULL
)
1804 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
1806 if (ssid_ie_len
!= hapd
->conf
->ssid
.ssid_len
||
1807 os_memcmp(ssid_ie
, hapd
->conf
->ssid
.ssid
, ssid_ie_len
) != 0) {
1808 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
1810 "Station tried to associate with unknown SSID "
1811 "'%s'", wpa_ssid_txt(ssid_ie
, ssid_ie_len
));
1812 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
1815 return WLAN_STATUS_SUCCESS
;
1819 static u16
check_wmm(struct hostapd_data
*hapd
, struct sta_info
*sta
,
1820 const u8
*wmm_ie
, size_t wmm_ie_len
)
1822 sta
->flags
&= ~WLAN_STA_WMM
;
1824 if (wmm_ie
&& hapd
->conf
->wmm_enabled
) {
1825 struct wmm_information_element
*wmm
;
1827 if (!hostapd_eid_wmm_valid(hapd
, wmm_ie
, wmm_ie_len
)) {
1828 hostapd_logger(hapd
, sta
->addr
,
1830 HOSTAPD_LEVEL_DEBUG
,
1831 "invalid WMM element in association "
1833 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
1836 sta
->flags
|= WLAN_STA_WMM
;
1837 wmm
= (struct wmm_information_element
*) wmm_ie
;
1838 sta
->qosinfo
= wmm
->qos_info
;
1840 return WLAN_STATUS_SUCCESS
;
1844 static u16
copy_supp_rates(struct hostapd_data
*hapd
, struct sta_info
*sta
,
1845 struct ieee802_11_elems
*elems
)
1847 /* Supported rates not used in IEEE 802.11ad/DMG */
1848 if (hapd
->iface
->current_mode
&&
1849 hapd
->iface
->current_mode
->mode
== HOSTAPD_MODE_IEEE80211AD
)
1850 return WLAN_STATUS_SUCCESS
;
1852 if (!elems
->supp_rates
) {
1853 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
1854 HOSTAPD_LEVEL_DEBUG
,
1855 "No supported rates element in AssocReq");
1856 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
1859 if (elems
->supp_rates_len
+ elems
->ext_supp_rates_len
>
1860 sizeof(sta
->supported_rates
)) {
1861 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
1862 HOSTAPD_LEVEL_DEBUG
,
1863 "Invalid supported rates element length %d+%d",
1864 elems
->supp_rates_len
,
1865 elems
->ext_supp_rates_len
);
1866 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
1869 sta
->supported_rates_len
= merge_byte_arrays(
1870 sta
->supported_rates
, sizeof(sta
->supported_rates
),
1871 elems
->supp_rates
, elems
->supp_rates_len
,
1872 elems
->ext_supp_rates
, elems
->ext_supp_rates_len
);
1874 return WLAN_STATUS_SUCCESS
;
1878 static u16
check_ext_capab(struct hostapd_data
*hapd
, struct sta_info
*sta
,
1879 const u8
*ext_capab_ie
, size_t ext_capab_ie_len
)
1881 #ifdef CONFIG_INTERWORKING
1882 /* check for QoS Map support */
1883 if (ext_capab_ie_len
>= 5) {
1884 if (ext_capab_ie
[4] & 0x01)
1885 sta
->qos_map_enabled
= 1;
1887 #endif /* CONFIG_INTERWORKING */
1889 if (ext_capab_ie_len
> 0)
1890 sta
->ecsa_supported
= !!(ext_capab_ie
[0] & BIT(2));
1892 return WLAN_STATUS_SUCCESS
;
1896 static u16
check_assoc_ies(struct hostapd_data
*hapd
, struct sta_info
*sta
,
1897 const u8
*ies
, size_t ies_len
, int reassoc
)
1899 struct ieee802_11_elems elems
;
1903 const u8
*p2p_dev_addr
= NULL
;
1905 if (ieee802_11_parse_elems(ies
, ies_len
, &elems
, 1) == ParseFailed
) {
1906 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
1907 HOSTAPD_LEVEL_INFO
, "Station sent an invalid "
1908 "association request");
1909 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
1912 resp
= check_ssid(hapd
, sta
, elems
.ssid
, elems
.ssid_len
);
1913 if (resp
!= WLAN_STATUS_SUCCESS
)
1915 resp
= check_wmm(hapd
, sta
, elems
.wmm
, elems
.wmm_len
);
1916 if (resp
!= WLAN_STATUS_SUCCESS
)
1918 resp
= check_ext_capab(hapd
, sta
, elems
.ext_capab
, elems
.ext_capab_len
);
1919 if (resp
!= WLAN_STATUS_SUCCESS
)
1921 resp
= copy_supp_rates(hapd
, sta
, &elems
);
1922 if (resp
!= WLAN_STATUS_SUCCESS
)
1924 #ifdef CONFIG_IEEE80211N
1925 resp
= copy_sta_ht_capab(hapd
, sta
, elems
.ht_capabilities
);
1926 if (resp
!= WLAN_STATUS_SUCCESS
)
1928 if (hapd
->iconf
->ieee80211n
&& hapd
->iconf
->require_ht
&&
1929 !(sta
->flags
& WLAN_STA_HT
)) {
1930 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
1931 HOSTAPD_LEVEL_INFO
, "Station does not support "
1932 "mandatory HT PHY - reject association");
1933 return WLAN_STATUS_ASSOC_DENIED_NO_HT
;
1935 #endif /* CONFIG_IEEE80211N */
1937 #ifdef CONFIG_IEEE80211AC
1938 if (hapd
->iconf
->ieee80211ac
) {
1939 resp
= copy_sta_vht_capab(hapd
, sta
, elems
.vht_capabilities
);
1940 if (resp
!= WLAN_STATUS_SUCCESS
)
1943 resp
= set_sta_vht_opmode(hapd
, sta
, elems
.vht_opmode_notif
);
1944 if (resp
!= WLAN_STATUS_SUCCESS
)
1948 if (hapd
->iconf
->ieee80211ac
&& hapd
->iconf
->require_vht
&&
1949 !(sta
->flags
& WLAN_STA_VHT
)) {
1950 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
1951 HOSTAPD_LEVEL_INFO
, "Station does not support "
1952 "mandatory VHT PHY - reject association");
1953 return WLAN_STATUS_ASSOC_DENIED_NO_VHT
;
1956 if (hapd
->conf
->vendor_vht
&& !elems
.vht_capabilities
) {
1957 resp
= copy_sta_vendor_vht(hapd
, sta
, elems
.vendor_vht
,
1958 elems
.vendor_vht_len
);
1959 if (resp
!= WLAN_STATUS_SUCCESS
)
1962 #endif /* CONFIG_IEEE80211AC */
1966 wpabuf_free(sta
->p2p_ie
);
1967 sta
->p2p_ie
= ieee802_11_vendor_ie_concat(ies
, ies_len
,
1968 P2P_IE_VENDOR_TYPE
);
1970 p2p_dev_addr
= p2p_get_go_dev_addr(sta
->p2p_ie
);
1972 wpabuf_free(sta
->p2p_ie
);
1975 #endif /* CONFIG_P2P */
1977 if ((hapd
->conf
->wpa
& WPA_PROTO_RSN
) && elems
.rsn_ie
) {
1978 wpa_ie
= elems
.rsn_ie
;
1979 wpa_ie_len
= elems
.rsn_ie_len
;
1980 } else if ((hapd
->conf
->wpa
& WPA_PROTO_WPA
) &&
1982 wpa_ie
= elems
.wpa_ie
;
1983 wpa_ie_len
= elems
.wpa_ie_len
;
1990 sta
->flags
&= ~(WLAN_STA_WPS
| WLAN_STA_MAYBE_WPS
| WLAN_STA_WPS2
);
1991 if (hapd
->conf
->wps_state
&& elems
.wps_ie
) {
1992 wpa_printf(MSG_DEBUG
, "STA included WPS IE in (Re)Association "
1993 "Request - assume WPS is used");
1994 sta
->flags
|= WLAN_STA_WPS
;
1995 wpabuf_free(sta
->wps_ie
);
1996 sta
->wps_ie
= ieee802_11_vendor_ie_concat(ies
, ies_len
,
1997 WPS_IE_VENDOR_TYPE
);
1998 if (sta
->wps_ie
&& wps_is_20(sta
->wps_ie
)) {
1999 wpa_printf(MSG_DEBUG
, "WPS: STA supports WPS 2.0");
2000 sta
->flags
|= WLAN_STA_WPS2
;
2004 if (sta
->wps_ie
&& wps_validate_assoc_req(sta
->wps_ie
) < 0) {
2005 wpa_printf(MSG_DEBUG
, "WPS: Invalid WPS IE in "
2006 "(Re)Association Request - reject");
2007 return WLAN_STATUS_INVALID_IE
;
2009 } else if (hapd
->conf
->wps_state
&& wpa_ie
== NULL
) {
2010 wpa_printf(MSG_DEBUG
, "STA did not include WPA/RSN IE in "
2011 "(Re)Association Request - possible WPS use");
2012 sta
->flags
|= WLAN_STA_MAYBE_WPS
;
2014 #endif /* CONFIG_WPS */
2015 if (hapd
->conf
->wpa
&& wpa_ie
== NULL
) {
2016 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
2018 "No WPA/RSN IE in association request");
2019 return WLAN_STATUS_INVALID_IE
;
2022 if (hapd
->conf
->wpa
&& wpa_ie
) {
2026 if (sta
->wpa_sm
== NULL
)
2027 sta
->wpa_sm
= wpa_auth_sta_init(hapd
->wpa_auth
,
2030 if (sta
->wpa_sm
== NULL
) {
2031 wpa_printf(MSG_WARNING
, "Failed to initialize WPA "
2033 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
2035 res
= wpa_validate_wpa_ie(hapd
->wpa_auth
, sta
->wpa_sm
,
2037 elems
.mdie
, elems
.mdie_len
);
2038 resp
= wpa_res_to_status_code(res
);
2039 if (resp
!= WLAN_STATUS_SUCCESS
)
2041 #ifdef CONFIG_IEEE80211W
2042 if ((sta
->flags
& WLAN_STA_MFP
) && !sta
->sa_query_timed_out
&&
2043 sta
->sa_query_count
> 0)
2044 ap_check_sa_query_timeout(hapd
, sta
);
2045 if ((sta
->flags
& WLAN_STA_MFP
) && !sta
->sa_query_timed_out
&&
2046 (!reassoc
|| sta
->auth_alg
!= WLAN_AUTH_FT
)) {
2048 * STA has already been associated with MFP and SA
2049 * Query timeout has not been reached. Reject the
2050 * association attempt temporarily and start SA Query,
2051 * if one is not pending.
2054 if (sta
->sa_query_count
== 0)
2055 ap_sta_start_sa_query(hapd
, sta
);
2057 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY
;
2060 if (wpa_auth_uses_mfp(sta
->wpa_sm
))
2061 sta
->flags
|= WLAN_STA_MFP
;
2063 sta
->flags
&= ~WLAN_STA_MFP
;
2064 #endif /* CONFIG_IEEE80211W */
2066 #ifdef CONFIG_IEEE80211R_AP
2067 if (sta
->auth_alg
== WLAN_AUTH_FT
) {
2069 wpa_printf(MSG_DEBUG
, "FT: " MACSTR
" tried "
2070 "to use association (not "
2071 "re-association) with FT auth_alg",
2072 MAC2STR(sta
->addr
));
2073 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
2076 resp
= wpa_ft_validate_reassoc(sta
->wpa_sm
, ies
,
2078 if (resp
!= WLAN_STATUS_SUCCESS
)
2081 #endif /* CONFIG_IEEE80211R_AP */
2084 if (wpa_auth_uses_sae(sta
->wpa_sm
) &&
2085 sta
->auth_alg
== WLAN_AUTH_OPEN
) {
2086 struct rsn_pmksa_cache_entry
*sa
;
2087 sa
= wpa_auth_sta_get_pmksa(sta
->wpa_sm
);
2088 if (!sa
|| sa
->akmp
!= WPA_KEY_MGMT_SAE
) {
2089 wpa_printf(MSG_DEBUG
,
2090 "SAE: No PMKSA cache entry found for "
2091 MACSTR
, MAC2STR(sta
->addr
));
2092 return WLAN_STATUS_INVALID_PMKID
;
2094 wpa_printf(MSG_DEBUG
, "SAE: " MACSTR
2095 " using PMKSA caching", MAC2STR(sta
->addr
));
2096 } else if (wpa_auth_uses_sae(sta
->wpa_sm
) &&
2097 sta
->auth_alg
!= WLAN_AUTH_SAE
&&
2098 !(sta
->auth_alg
== WLAN_AUTH_FT
&&
2099 wpa_auth_uses_ft_sae(sta
->wpa_sm
))) {
2100 wpa_printf(MSG_DEBUG
, "SAE: " MACSTR
" tried to use "
2101 "SAE AKM after non-SAE auth_alg %u",
2102 MAC2STR(sta
->addr
), sta
->auth_alg
);
2103 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG
;
2105 #endif /* CONFIG_SAE */
2107 #ifdef CONFIG_IEEE80211N
2108 if ((sta
->flags
& (WLAN_STA_HT
| WLAN_STA_VHT
)) &&
2109 wpa_auth_get_pairwise(sta
->wpa_sm
) == WPA_CIPHER_TKIP
) {
2110 hostapd_logger(hapd
, sta
->addr
,
2111 HOSTAPD_MODULE_IEEE80211
,
2113 "Station tried to use TKIP with HT "
2115 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY
;
2117 #endif /* CONFIG_IEEE80211N */
2119 } else if (hapd
->conf
->osen
) {
2120 if (elems
.osen
== NULL
) {
2122 hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
2124 "No HS 2.0 OSEN element in association request");
2125 return WLAN_STATUS_INVALID_IE
;
2128 wpa_printf(MSG_DEBUG
, "HS 2.0: OSEN association");
2129 if (sta
->wpa_sm
== NULL
)
2130 sta
->wpa_sm
= wpa_auth_sta_init(hapd
->wpa_auth
,
2132 if (sta
->wpa_sm
== NULL
) {
2133 wpa_printf(MSG_WARNING
, "Failed to initialize WPA "
2135 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
2137 if (wpa_validate_osen(hapd
->wpa_auth
, sta
->wpa_sm
,
2138 elems
.osen
- 2, elems
.osen_len
+ 2) < 0)
2139 return WLAN_STATUS_INVALID_IE
;
2140 #endif /* CONFIG_HS20 */
2142 wpa_auth_sta_no_wpa(sta
->wpa_sm
);
2145 p2p_group_notif_assoc(hapd
->p2p_group
, sta
->addr
, ies
, ies_len
);
2146 #endif /* CONFIG_P2P */
2149 wpabuf_free(sta
->hs20_ie
);
2150 if (elems
.hs20
&& elems
.hs20_len
> 4) {
2151 sta
->hs20_ie
= wpabuf_alloc_copy(elems
.hs20
+ 4,
2152 elems
.hs20_len
- 4);
2154 sta
->hs20_ie
= NULL
;
2155 #endif /* CONFIG_HS20 */
2158 wpabuf_free(sta
->mb_ies
);
2159 if (hapd
->iface
->fst
)
2160 sta
->mb_ies
= mb_ies_by_info(&elems
.mb_ies
);
2163 #endif /* CONFIG_FST */
2166 mbo_ap_check_sta_assoc(hapd
, sta
, &elems
);
2168 if (hapd
->conf
->mbo_enabled
&& (hapd
->conf
->wpa
& 2) &&
2169 elems
.mbo
&& sta
->cell_capa
&& !(sta
->flags
& WLAN_STA_MFP
) &&
2170 hapd
->conf
->ieee80211w
!= NO_MGMT_FRAME_PROTECTION
) {
2171 wpa_printf(MSG_INFO
,
2172 "MBO: Reject WPA2 association without PMF");
2173 return WLAN_STATUS_UNSPECIFIED_FAILURE
;
2175 #endif /* CONFIG_MBO */
2177 ap_copy_sta_supp_op_classes(sta
, elems
.supp_op_classes
,
2178 elems
.supp_op_classes_len
);
2180 if ((sta
->capability
& WLAN_CAPABILITY_RADIO_MEASUREMENT
) &&
2181 elems
.rrm_enabled
&&
2182 elems
.rrm_enabled_len
>= sizeof(sta
->rrm_enabled_capa
))
2183 os_memcpy(sta
->rrm_enabled_capa
, elems
.rrm_enabled
,
2184 sizeof(sta
->rrm_enabled_capa
));
2186 return WLAN_STATUS_SUCCESS
;
2190 static void send_deauth(struct hostapd_data
*hapd
, const u8
*addr
,
2194 struct ieee80211_mgmt reply
;
2196 os_memset(&reply
, 0, sizeof(reply
));
2197 reply
.frame_control
=
2198 IEEE80211_FC(WLAN_FC_TYPE_MGMT
, WLAN_FC_STYPE_DEAUTH
);
2199 os_memcpy(reply
.da
, addr
, ETH_ALEN
);
2200 os_memcpy(reply
.sa
, hapd
->own_addr
, ETH_ALEN
);
2201 os_memcpy(reply
.bssid
, hapd
->own_addr
, ETH_ALEN
);
2203 send_len
= IEEE80211_HDRLEN
+ sizeof(reply
.u
.deauth
);
2204 reply
.u
.deauth
.reason_code
= host_to_le16(reason_code
);
2206 if (hostapd_drv_send_mlme(hapd
, &reply
, send_len
, 0) < 0)
2207 wpa_printf(MSG_INFO
, "Failed to send deauth: %s",
2212 static int add_associated_sta(struct hostapd_data
*hapd
,
2213 struct sta_info
*sta
)
2215 struct ieee80211_ht_capabilities ht_cap
;
2216 struct ieee80211_vht_capabilities vht_cap
;
2219 * Remove the STA entry to ensure the STA PS state gets cleared and
2220 * configuration gets updated. This is relevant for cases, such as
2221 * FT-over-the-DS, where a station re-associates back to the same AP but
2222 * skips the authentication flow, or if working with a driver that
2223 * does not support full AP client state.
2225 if (!sta
->added_unassoc
)
2226 hostapd_drv_sta_remove(hapd
, sta
->addr
);
2228 #ifdef CONFIG_IEEE80211N
2229 if (sta
->flags
& WLAN_STA_HT
)
2230 hostapd_get_ht_capab(hapd
, sta
->ht_capabilities
, &ht_cap
);
2231 #endif /* CONFIG_IEEE80211N */
2232 #ifdef CONFIG_IEEE80211AC
2233 if (sta
->flags
& WLAN_STA_VHT
)
2234 hostapd_get_vht_capab(hapd
, sta
->vht_capabilities
, &vht_cap
);
2235 #endif /* CONFIG_IEEE80211AC */
2238 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags
2239 * will be set when the ACK frame for the (Re)Association Response frame
2240 * is processed (TX status driver event).
2242 if (hostapd_sta_add(hapd
, sta
->addr
, sta
->aid
, sta
->capability
,
2243 sta
->supported_rates
, sta
->supported_rates_len
,
2244 sta
->listen_interval
,
2245 sta
->flags
& WLAN_STA_HT
? &ht_cap
: NULL
,
2246 sta
->flags
& WLAN_STA_VHT
? &vht_cap
: NULL
,
2247 sta
->flags
| WLAN_STA_ASSOC
, sta
->qosinfo
,
2248 sta
->vht_opmode
, sta
->p2p_ie
? 1 : 0,
2249 sta
->added_unassoc
)) {
2250 hostapd_logger(hapd
, sta
->addr
,
2251 HOSTAPD_MODULE_IEEE80211
, HOSTAPD_LEVEL_NOTICE
,
2252 "Could not %s STA to kernel driver",
2253 sta
->added_unassoc
? "set" : "add");
2255 if (sta
->added_unassoc
) {
2256 hostapd_drv_sta_remove(hapd
, sta
->addr
);
2257 sta
->added_unassoc
= 0;
2263 sta
->added_unassoc
= 0;
2269 static u16
send_assoc_resp(struct hostapd_data
*hapd
, struct sta_info
*sta
,
2270 const u8
*addr
, u16 status_code
, int reassoc
,
2271 const u8
*ies
, size_t ies_len
)
2276 struct ieee80211_mgmt
*reply
;
2278 u16 res
= WLAN_STATUS_SUCCESS
;
2280 buflen
= sizeof(struct ieee80211_mgmt
) + 1024;
2282 if (sta
&& sta
->fils_hlp_resp
)
2283 buflen
+= wpabuf_len(sta
->fils_hlp_resp
);
2284 #endif /* CONFIG_FILS */
2285 buf
= os_zalloc(buflen
);
2287 res
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
2290 reply
= (struct ieee80211_mgmt
*) buf
;
2291 reply
->frame_control
=
2292 IEEE80211_FC(WLAN_FC_TYPE_MGMT
,
2293 (reassoc
? WLAN_FC_STYPE_REASSOC_RESP
:
2294 WLAN_FC_STYPE_ASSOC_RESP
));
2295 os_memcpy(reply
->da
, addr
, ETH_ALEN
);
2296 os_memcpy(reply
->sa
, hapd
->own_addr
, ETH_ALEN
);
2297 os_memcpy(reply
->bssid
, hapd
->own_addr
, ETH_ALEN
);
2299 send_len
= IEEE80211_HDRLEN
;
2300 send_len
+= sizeof(reply
->u
.assoc_resp
);
2301 reply
->u
.assoc_resp
.capab_info
=
2302 host_to_le16(hostapd_own_capab_info(hapd
));
2303 reply
->u
.assoc_resp
.status_code
= host_to_le16(status_code
);
2305 reply
->u
.assoc_resp
.aid
= host_to_le16((sta
? sta
->aid
: 0) |
2307 /* Supported rates */
2308 p
= hostapd_eid_supp_rates(hapd
, reply
->u
.assoc_resp
.variable
);
2309 /* Extended supported rates */
2310 p
= hostapd_eid_ext_supp_rates(hapd
, p
);
2312 #ifdef CONFIG_IEEE80211R_AP
2313 if (sta
&& status_code
== WLAN_STATUS_SUCCESS
) {
2314 /* IEEE 802.11r: Mobility Domain Information, Fast BSS
2315 * Transition Information, RSN, [RIC Response] */
2316 p
= wpa_sm_write_assoc_resp_ies(sta
->wpa_sm
, p
,
2318 sta
->auth_alg
, ies
, ies_len
);
2320 #endif /* CONFIG_IEEE80211R_AP */
2322 #ifdef CONFIG_IEEE80211W
2323 if (sta
&& status_code
== WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY
)
2324 p
= hostapd_eid_assoc_comeback_time(hapd
, sta
, p
);
2325 #endif /* CONFIG_IEEE80211W */
2327 #ifdef CONFIG_IEEE80211N
2328 p
= hostapd_eid_ht_capabilities(hapd
, p
);
2329 p
= hostapd_eid_ht_operation(hapd
, p
);
2330 #endif /* CONFIG_IEEE80211N */
2332 #ifdef CONFIG_IEEE80211AC
2333 if (hapd
->iconf
->ieee80211ac
&& !hapd
->conf
->disable_11ac
) {
2334 u32 nsts
= 0, sta_nsts
;
2336 if (sta
&& hapd
->conf
->use_sta_nsts
&& sta
->vht_capabilities
) {
2337 struct ieee80211_vht_capabilities
*capa
;
2339 nsts
= (hapd
->iface
->conf
->vht_capab
>>
2340 VHT_CAP_BEAMFORMEE_STS_OFFSET
) & 7;
2341 capa
= sta
->vht_capabilities
;
2342 sta_nsts
= (le_to_host32(capa
->vht_capabilities_info
) >>
2343 VHT_CAP_BEAMFORMEE_STS_OFFSET
) & 7;
2345 if (nsts
< sta_nsts
)
2350 p
= hostapd_eid_vht_capabilities(hapd
, p
, nsts
);
2351 p
= hostapd_eid_vht_operation(hapd
, p
);
2353 #endif /* CONFIG_IEEE80211AC */
2355 p
= hostapd_eid_ext_capab(hapd
, p
);
2356 p
= hostapd_eid_bss_max_idle_period(hapd
, p
);
2357 if (sta
&& sta
->qos_map_enabled
)
2358 p
= hostapd_eid_qos_map_set(hapd
, p
);
2361 if (hapd
->iface
->fst_ies
) {
2362 os_memcpy(p
, wpabuf_head(hapd
->iface
->fst_ies
),
2363 wpabuf_len(hapd
->iface
->fst_ies
));
2364 p
+= wpabuf_len(hapd
->iface
->fst_ies
);
2366 #endif /* CONFIG_FST */
2368 #ifdef CONFIG_IEEE80211AC
2369 if (sta
&& hapd
->conf
->vendor_vht
&& (sta
->flags
& WLAN_STA_VENDOR_VHT
))
2370 p
= hostapd_eid_vendor_vht(hapd
, p
);
2371 #endif /* CONFIG_IEEE80211AC */
2373 if (sta
&& (sta
->flags
& WLAN_STA_WMM
))
2374 p
= hostapd_eid_wmm(hapd
, p
);
2378 ((sta
->flags
& WLAN_STA_WPS
) ||
2379 ((sta
->flags
& WLAN_STA_MAYBE_WPS
) && hapd
->conf
->wpa
))) {
2380 struct wpabuf
*wps
= wps_build_assoc_resp_ie();
2382 os_memcpy(p
, wpabuf_head(wps
), wpabuf_len(wps
));
2383 p
+= wpabuf_len(wps
);
2387 #endif /* CONFIG_WPS */
2390 if (sta
&& sta
->p2p_ie
&& hapd
->p2p_group
) {
2391 struct wpabuf
*p2p_resp_ie
;
2392 enum p2p_status_code status
;
2393 switch (status_code
) {
2394 case WLAN_STATUS_SUCCESS
:
2395 status
= P2P_SC_SUCCESS
;
2397 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA
:
2398 status
= P2P_SC_FAIL_LIMIT_REACHED
;
2401 status
= P2P_SC_FAIL_INVALID_PARAMS
;
2404 p2p_resp_ie
= p2p_group_assoc_resp_ie(hapd
->p2p_group
, status
);
2406 os_memcpy(p
, wpabuf_head(p2p_resp_ie
),
2407 wpabuf_len(p2p_resp_ie
));
2408 p
+= wpabuf_len(p2p_resp_ie
);
2409 wpabuf_free(p2p_resp_ie
);
2412 #endif /* CONFIG_P2P */
2414 #ifdef CONFIG_P2P_MANAGER
2415 if (hapd
->conf
->p2p
& P2P_MANAGE
)
2416 p
= hostapd_eid_p2p_manage(hapd
, p
);
2417 #endif /* CONFIG_P2P_MANAGER */
2419 p
= hostapd_eid_mbo(hapd
, p
, buf
+ buflen
- p
);
2421 if (hapd
->conf
->assocresp_elements
&&
2422 (size_t) (buf
+ buflen
- p
) >=
2423 wpabuf_len(hapd
->conf
->assocresp_elements
)) {
2424 os_memcpy(p
, wpabuf_head(hapd
->conf
->assocresp_elements
),
2425 wpabuf_len(hapd
->conf
->assocresp_elements
));
2426 p
+= wpabuf_len(hapd
->conf
->assocresp_elements
);
2429 send_len
+= p
- reply
->u
.assoc_resp
.variable
;
2433 (sta
->auth_alg
== WLAN_AUTH_FILS_SK
||
2434 sta
->auth_alg
== WLAN_AUTH_FILS_SK_PFS
||
2435 sta
->auth_alg
== WLAN_AUTH_FILS_PK
) &&
2436 status_code
== WLAN_STATUS_SUCCESS
) {
2437 struct ieee802_11_elems elems
;
2439 if (ieee802_11_parse_elems(ies
, ies_len
, &elems
, 0) ==
2440 ParseFailed
|| !elems
.fils_session
) {
2441 res
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
2446 *p
++ = WLAN_EID_EXTENSION
; /* Element ID */
2447 *p
++ = 1 + FILS_SESSION_LEN
; /* Length */
2448 *p
++ = WLAN_EID_EXT_FILS_SESSION
; /* Element ID Extension */
2449 os_memcpy(p
, elems
.fils_session
, FILS_SESSION_LEN
);
2450 send_len
+= 2 + 1 + FILS_SESSION_LEN
;
2452 send_len
= fils_encrypt_assoc(sta
->wpa_sm
, buf
, send_len
,
2453 buflen
, sta
->fils_hlp_resp
);
2455 res
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
2459 #endif /* CONFIG_FILS */
2461 if (hostapd_drv_send_mlme(hapd
, reply
, send_len
, 0) < 0) {
2462 wpa_printf(MSG_INFO
, "Failed to send assoc resp: %s",
2464 res
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
2475 void fils_hlp_finish_assoc(struct hostapd_data
*hapd
, struct sta_info
*sta
)
2479 wpa_printf(MSG_DEBUG
, "FILS: Finish association with " MACSTR
,
2480 MAC2STR(sta
->addr
));
2481 eloop_cancel_timeout(fils_hlp_timeout
, hapd
, sta
);
2482 if (!sta
->fils_pending_assoc_req
)
2484 reply_res
= send_assoc_resp(hapd
, sta
, sta
->addr
, WLAN_STATUS_SUCCESS
,
2485 sta
->fils_pending_assoc_is_reassoc
,
2486 sta
->fils_pending_assoc_req
,
2487 sta
->fils_pending_assoc_req_len
);
2488 os_free(sta
->fils_pending_assoc_req
);
2489 sta
->fils_pending_assoc_req
= NULL
;
2490 sta
->fils_pending_assoc_req_len
= 0;
2491 wpabuf_free(sta
->fils_hlp_resp
);
2492 sta
->fils_hlp_resp
= NULL
;
2493 wpabuf_free(sta
->hlp_dhcp_discover
);
2494 sta
->hlp_dhcp_discover
= NULL
;
2497 * Remove the station in case tranmission of a success response fails
2498 * (the STA was added associated to the driver) or if the station was
2499 * previously added unassociated.
2501 if (reply_res
!= WLAN_STATUS_SUCCESS
|| sta
->added_unassoc
) {
2502 hostapd_drv_sta_remove(hapd
, sta
->addr
);
2503 sta
->added_unassoc
= 0;
2508 void fils_hlp_timeout(void *eloop_ctx
, void *eloop_data
)
2510 struct hostapd_data
*hapd
= eloop_ctx
;
2511 struct sta_info
*sta
= eloop_data
;
2513 wpa_printf(MSG_DEBUG
,
2514 "FILS: HLP response timeout - continue with association response for "
2515 MACSTR
, MAC2STR(sta
->addr
));
2516 fils_hlp_finish_assoc(hapd
, sta
);
2519 #endif /* CONFIG_FILS */
2522 static void handle_assoc(struct hostapd_data
*hapd
,
2523 const struct ieee80211_mgmt
*mgmt
, size_t len
,
2526 u16 capab_info
, listen_interval
, seq_ctrl
, fc
;
2527 u16 resp
= WLAN_STATUS_SUCCESS
, reply_res
;
2530 struct sta_info
*sta
;
2532 struct hostapd_sta_wpa_psk_short
*psk
= NULL
;
2533 char *identity
= NULL
;
2534 char *radius_cui
= NULL
;
2536 int delay_assoc
= 0;
2537 #endif /* CONFIG_FILS */
2539 if (len
< IEEE80211_HDRLEN
+ (reassoc
? sizeof(mgmt
->u
.reassoc_req
) :
2540 sizeof(mgmt
->u
.assoc_req
))) {
2541 wpa_printf(MSG_INFO
, "handle_assoc(reassoc=%d) - too short payload (len=%lu)",
2542 reassoc
, (unsigned long) len
);
2546 #ifdef CONFIG_TESTING_OPTIONS
2548 if (hapd
->iconf
->ignore_reassoc_probability
> 0.0 &&
2549 drand48() < hapd
->iconf
->ignore_reassoc_probability
) {
2550 wpa_printf(MSG_INFO
,
2551 "TESTING: ignoring reassoc request from "
2552 MACSTR
, MAC2STR(mgmt
->sa
));
2556 if (hapd
->iconf
->ignore_assoc_probability
> 0.0 &&
2557 drand48() < hapd
->iconf
->ignore_assoc_probability
) {
2558 wpa_printf(MSG_INFO
,
2559 "TESTING: ignoring assoc request from "
2560 MACSTR
, MAC2STR(mgmt
->sa
));
2564 #endif /* CONFIG_TESTING_OPTIONS */
2566 fc
= le_to_host16(mgmt
->frame_control
);
2567 seq_ctrl
= le_to_host16(mgmt
->seq_ctrl
);
2570 capab_info
= le_to_host16(mgmt
->u
.reassoc_req
.capab_info
);
2571 listen_interval
= le_to_host16(
2572 mgmt
->u
.reassoc_req
.listen_interval
);
2573 wpa_printf(MSG_DEBUG
, "reassociation request: STA=" MACSTR
2574 " capab_info=0x%02x listen_interval=%d current_ap="
2575 MACSTR
" seq_ctrl=0x%x%s",
2576 MAC2STR(mgmt
->sa
), capab_info
, listen_interval
,
2577 MAC2STR(mgmt
->u
.reassoc_req
.current_ap
),
2578 seq_ctrl
, (fc
& WLAN_FC_RETRY
) ? " retry" : "");
2579 left
= len
- (IEEE80211_HDRLEN
+ sizeof(mgmt
->u
.reassoc_req
));
2580 pos
= mgmt
->u
.reassoc_req
.variable
;
2582 capab_info
= le_to_host16(mgmt
->u
.assoc_req
.capab_info
);
2583 listen_interval
= le_to_host16(
2584 mgmt
->u
.assoc_req
.listen_interval
);
2585 wpa_printf(MSG_DEBUG
, "association request: STA=" MACSTR
2586 " capab_info=0x%02x listen_interval=%d "
2588 MAC2STR(mgmt
->sa
), capab_info
, listen_interval
,
2589 seq_ctrl
, (fc
& WLAN_FC_RETRY
) ? " retry" : "");
2590 left
= len
- (IEEE80211_HDRLEN
+ sizeof(mgmt
->u
.assoc_req
));
2591 pos
= mgmt
->u
.assoc_req
.variable
;
2594 sta
= ap_get_sta(hapd
, mgmt
->sa
);
2595 #ifdef CONFIG_IEEE80211R_AP
2596 if (sta
&& sta
->auth_alg
== WLAN_AUTH_FT
&&
2597 (sta
->flags
& WLAN_STA_AUTH
) == 0) {
2598 wpa_printf(MSG_DEBUG
, "FT: Allow STA " MACSTR
" to associate "
2599 "prior to authentication since it is using "
2600 "over-the-DS FT", MAC2STR(mgmt
->sa
));
2603 * Mark station as authenticated, to avoid adding station
2604 * entry in the driver as associated and not authenticated
2606 sta
->flags
|= WLAN_STA_AUTH
;
2608 #endif /* CONFIG_IEEE80211R_AP */
2609 if (sta
== NULL
|| (sta
->flags
& WLAN_STA_AUTH
) == 0) {
2610 if (hapd
->iface
->current_mode
&&
2611 hapd
->iface
->current_mode
->mode
==
2612 HOSTAPD_MODE_IEEE80211AD
) {
2614 u32 session_timeout
, acct_interim_interval
;
2615 struct vlan_description vlan_id
;
2617 acl_res
= ieee802_11_allowed_address(
2618 hapd
, mgmt
->sa
, (const u8
*) mgmt
, len
,
2619 &session_timeout
, &acct_interim_interval
,
2620 &vlan_id
, &psk
, &identity
, &radius_cui
);
2621 if (acl_res
== HOSTAPD_ACL_REJECT
) {
2622 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
2625 if (acl_res
== HOSTAPD_ACL_PENDING
)
2628 /* DMG/IEEE 802.11ad does not use authentication.
2629 * Allocate sta entry upon association. */
2630 sta
= ap_sta_add(hapd
, mgmt
->sa
);
2632 hostapd_logger(hapd
, mgmt
->sa
,
2633 HOSTAPD_MODULE_IEEE80211
,
2635 "Failed to add STA");
2636 resp
= WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA
;
2640 acl_res
= ieee802_11_set_radius_info(
2641 hapd
, sta
, acl_res
, session_timeout
,
2642 acct_interim_interval
, &vlan_id
, &psk
,
2643 &identity
, &radius_cui
);
2645 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
2649 hostapd_logger(hapd
, sta
->addr
,
2650 HOSTAPD_MODULE_IEEE80211
,
2651 HOSTAPD_LEVEL_DEBUG
,
2652 "Skip authentication for DMG/IEEE 802.11ad");
2653 sta
->flags
|= WLAN_STA_AUTH
;
2654 wpa_auth_sm_event(sta
->wpa_sm
, WPA_AUTH
);
2655 sta
->auth_alg
= WLAN_AUTH_OPEN
;
2657 hostapd_logger(hapd
, mgmt
->sa
,
2658 HOSTAPD_MODULE_IEEE80211
,
2660 "Station tried to associate before authentication (aid=%d flags=0x%x)",
2661 sta
? sta
->aid
: -1,
2662 sta
? sta
->flags
: 0);
2663 send_deauth(hapd
, mgmt
->sa
,
2664 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA
);
2669 if ((fc
& WLAN_FC_RETRY
) &&
2670 sta
->last_seq_ctrl
!= WLAN_INVALID_MGMT_SEQ
&&
2671 sta
->last_seq_ctrl
== seq_ctrl
&&
2672 sta
->last_subtype
== (reassoc
? WLAN_FC_STYPE_REASSOC_REQ
:
2673 WLAN_FC_STYPE_ASSOC_REQ
)) {
2674 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
2675 HOSTAPD_LEVEL_DEBUG
,
2676 "Drop repeated association frame seq_ctrl=0x%x",
2680 sta
->last_seq_ctrl
= seq_ctrl
;
2681 sta
->last_subtype
= reassoc
? WLAN_FC_STYPE_REASSOC_REQ
:
2682 WLAN_FC_STYPE_ASSOC_REQ
;
2684 if (hapd
->tkip_countermeasures
) {
2685 resp
= WLAN_REASON_MICHAEL_MIC_FAILURE
;
2689 if (listen_interval
> hapd
->conf
->max_listen_interval
) {
2690 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
2691 HOSTAPD_LEVEL_DEBUG
,
2692 "Too large Listen Interval (%d)",
2694 resp
= WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE
;
2699 if (hapd
->conf
->mbo_enabled
&& hapd
->mbo_assoc_disallow
) {
2700 resp
= WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA
;
2703 #endif /* CONFIG_MBO */
2706 * sta->capability is used in check_assoc_ies() for RRM enabled
2707 * capability element.
2709 sta
->capability
= capab_info
;
2712 if (sta
->auth_alg
== WLAN_AUTH_FILS_SK
||
2713 sta
->auth_alg
== WLAN_AUTH_FILS_SK_PFS
||
2714 sta
->auth_alg
== WLAN_AUTH_FILS_PK
) {
2715 /* The end of the payload is encrypted. Need to decrypt it
2716 * before parsing. */
2718 tmp
= os_malloc(left
);
2720 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
2723 os_memcpy(tmp
, pos
, left
);
2725 left
= fils_decrypt_assoc(sta
->wpa_sm
, sta
->fils_session
, mgmt
,
2728 resp
= WLAN_STATUS_UNSPECIFIED_FAILURE
;
2733 #endif /* CONFIG_FILS */
2735 /* followed by SSID and Supported rates; and HT capabilities if 802.11n
2737 resp
= check_assoc_ies(hapd
, sta
, pos
, left
, reassoc
);
2738 if (resp
!= WLAN_STATUS_SUCCESS
)
2741 if (hostapd_get_aid(hapd
, sta
) < 0) {
2742 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
2743 HOSTAPD_LEVEL_INFO
, "No room for more AIDs");
2744 resp
= WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA
;
2748 sta
->listen_interval
= listen_interval
;
2750 if (hapd
->iface
->current_mode
->mode
== HOSTAPD_MODE_IEEE80211G
)
2751 sta
->flags
|= WLAN_STA_NONERP
;
2752 for (i
= 0; i
< sta
->supported_rates_len
; i
++) {
2753 if ((sta
->supported_rates
[i
] & 0x7f) > 22) {
2754 sta
->flags
&= ~WLAN_STA_NONERP
;
2758 if (sta
->flags
& WLAN_STA_NONERP
&& !sta
->nonerp_set
) {
2759 sta
->nonerp_set
= 1;
2760 hapd
->iface
->num_sta_non_erp
++;
2761 if (hapd
->iface
->num_sta_non_erp
== 1)
2762 ieee802_11_set_beacons(hapd
->iface
);
2765 if (!(sta
->capability
& WLAN_CAPABILITY_SHORT_SLOT_TIME
) &&
2766 !sta
->no_short_slot_time_set
) {
2767 sta
->no_short_slot_time_set
= 1;
2768 hapd
->iface
->num_sta_no_short_slot_time
++;
2769 if (hapd
->iface
->current_mode
->mode
==
2770 HOSTAPD_MODE_IEEE80211G
&&
2771 hapd
->iface
->num_sta_no_short_slot_time
== 1)
2772 ieee802_11_set_beacons(hapd
->iface
);
2775 if (sta
->capability
& WLAN_CAPABILITY_SHORT_PREAMBLE
)
2776 sta
->flags
|= WLAN_STA_SHORT_PREAMBLE
;
2778 sta
->flags
&= ~WLAN_STA_SHORT_PREAMBLE
;
2780 if (!(sta
->capability
& WLAN_CAPABILITY_SHORT_PREAMBLE
) &&
2781 !sta
->no_short_preamble_set
) {
2782 sta
->no_short_preamble_set
= 1;
2783 hapd
->iface
->num_sta_no_short_preamble
++;
2784 if (hapd
->iface
->current_mode
->mode
== HOSTAPD_MODE_IEEE80211G
2785 && hapd
->iface
->num_sta_no_short_preamble
== 1)
2786 ieee802_11_set_beacons(hapd
->iface
);
2789 #ifdef CONFIG_IEEE80211N
2790 update_ht_state(hapd
, sta
);
2791 #endif /* CONFIG_IEEE80211N */
2793 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
2794 HOSTAPD_LEVEL_DEBUG
,
2795 "association OK (aid %d)", sta
->aid
);
2796 /* Station will be marked associated, after it acknowledges AssocResp
2798 sta
->flags
|= WLAN_STA_ASSOC_REQ_OK
;
2800 #ifdef CONFIG_IEEE80211W
2801 if ((sta
->flags
& WLAN_STA_MFP
) && sta
->sa_query_timed_out
) {
2802 wpa_printf(MSG_DEBUG
, "Allowing %sassociation after timed out "
2803 "SA Query procedure", reassoc
? "re" : "");
2804 /* TODO: Send a protected Disassociate frame to the STA using
2805 * the old key and Reason Code "Previous Authentication no
2806 * longer valid". Make sure this is only sent protected since
2807 * unprotected frame would be received by the STA that is now
2808 * trying to associate.
2811 #endif /* CONFIG_IEEE80211W */
2813 /* Make sure that the previously registered inactivity timer will not
2814 * remove the STA immediately. */
2815 sta
->timeout_next
= STA_NULLFUNC
;
2817 #ifdef CONFIG_TAXONOMY
2818 taxonomy_sta_info_assoc_req(hapd
, sta
, pos
, left
);
2819 #endif /* CONFIG_TAXONOMY */
2821 sta
->pending_wds_enable
= 0;
2824 if (sta
->auth_alg
== WLAN_AUTH_FILS_SK
||
2825 sta
->auth_alg
== WLAN_AUTH_FILS_SK_PFS
||
2826 sta
->auth_alg
== WLAN_AUTH_FILS_PK
) {
2827 if (fils_process_hlp(hapd
, sta
, pos
, left
) > 0)
2830 #endif /* CONFIG_FILS */
2834 os_free(radius_cui
);
2835 hostapd_free_psk_list(psk
);
2838 * In case of a successful response, add the station to the driver.
2839 * Otherwise, the kernel may ignore Data frames before we process the
2840 * ACK frame (TX status). In case of a failure, this station will be
2843 * Note that this is not compliant with the IEEE 802.11 standard that
2844 * states that a non-AP station should transition into the
2845 * authenticated/associated state only after the station acknowledges
2846 * the (Re)Association Response frame. However, still do this as:
2848 * 1. In case the station does not acknowledge the (Re)Association
2849 * Response frame, it will be removed.
2850 * 2. Data frames will be dropped in the kernel until the station is
2851 * set into authorized state, and there are no significant known
2852 * issues with processing other non-Data Class 3 frames during this
2855 if (resp
== WLAN_STATUS_SUCCESS
&& sta
&& add_associated_sta(hapd
, sta
))
2856 resp
= WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA
;
2860 eloop_cancel_timeout(fils_hlp_timeout
, hapd
, sta
);
2861 os_free(sta
->fils_pending_assoc_req
);
2862 sta
->fils_pending_assoc_req
= NULL
;
2863 sta
->fils_pending_assoc_req_len
= 0;
2864 wpabuf_free(sta
->fils_hlp_resp
);
2865 sta
->fils_hlp_resp
= NULL
;
2867 if (sta
&& delay_assoc
&& resp
== WLAN_STATUS_SUCCESS
) {
2868 sta
->fils_pending_assoc_req
= tmp
;
2869 sta
->fils_pending_assoc_req_len
= left
;
2870 sta
->fils_pending_assoc_is_reassoc
= reassoc
;
2871 wpa_printf(MSG_DEBUG
,
2872 "FILS: Waiting for HLP processing before sending (Re)Association Response frame to "
2873 MACSTR
, MAC2STR(sta
->addr
));
2874 eloop_cancel_timeout(fils_hlp_timeout
, hapd
, sta
);
2875 eloop_register_timeout(0, hapd
->conf
->fils_hlp_wait_time
* 1024,
2876 fils_hlp_timeout
, hapd
, sta
);
2879 #endif /* CONFIG_FILS */
2881 reply_res
= send_assoc_resp(hapd
, sta
, mgmt
->sa
, resp
, reassoc
, pos
,
2886 * Remove the station in case tranmission of a success response fails
2887 * (the STA was added associated to the driver) or if the station was
2888 * previously added unassociated.
2890 if (sta
&& ((reply_res
!= WLAN_STATUS_SUCCESS
&&
2891 resp
== WLAN_STATUS_SUCCESS
) || sta
->added_unassoc
)) {
2892 hostapd_drv_sta_remove(hapd
, sta
->addr
);
2893 sta
->added_unassoc
= 0;
2898 static void handle_disassoc(struct hostapd_data
*hapd
,
2899 const struct ieee80211_mgmt
*mgmt
, size_t len
)
2901 struct sta_info
*sta
;
2903 if (len
< IEEE80211_HDRLEN
+ sizeof(mgmt
->u
.disassoc
)) {
2904 wpa_printf(MSG_INFO
, "handle_disassoc - too short payload (len=%lu)",
2905 (unsigned long) len
);
2909 wpa_printf(MSG_DEBUG
, "disassocation: STA=" MACSTR
" reason_code=%d",
2911 le_to_host16(mgmt
->u
.disassoc
.reason_code
));
2913 sta
= ap_get_sta(hapd
, mgmt
->sa
);
2915 wpa_printf(MSG_INFO
, "Station " MACSTR
" trying to disassociate, but it is not associated",
2920 ap_sta_set_authorized(hapd
, sta
, 0);
2921 sta
->last_seq_ctrl
= WLAN_INVALID_MGMT_SEQ
;
2922 sta
->flags
&= ~(WLAN_STA_ASSOC
| WLAN_STA_ASSOC_REQ_OK
);
2923 wpa_auth_sm_event(sta
->wpa_sm
, WPA_DISASSOC
);
2924 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
2925 HOSTAPD_LEVEL_INFO
, "disassociated");
2926 sta
->acct_terminate_cause
= RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST
;
2927 ieee802_1x_notify_port_enabled(sta
->eapol_sm
, 0);
2928 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA
2930 accounting_sta_stop(hapd
, sta
);
2931 ieee802_1x_free_station(hapd
, sta
);
2933 hostapd_drv_br_delete_ip_neigh(hapd
, 4, (u8
*) &sta
->ipaddr
);
2934 ap_sta_ip6addr_del(hapd
, sta
);
2935 hostapd_drv_sta_remove(hapd
, sta
->addr
);
2936 sta
->added_unassoc
= 0;
2938 if (sta
->timeout_next
== STA_NULLFUNC
||
2939 sta
->timeout_next
== STA_DISASSOC
) {
2940 sta
->timeout_next
= STA_DEAUTH
;
2941 eloop_cancel_timeout(ap_handle_timer
, hapd
, sta
);
2942 eloop_register_timeout(AP_DEAUTH_DELAY
, 0, ap_handle_timer
,
2946 mlme_disassociate_indication(
2947 hapd
, sta
, le_to_host16(mgmt
->u
.disassoc
.reason_code
));
2949 /* DMG/IEEE 802.11ad does not use deauthication. Deallocate sta upon
2950 * disassociation. */
2951 if (hapd
->iface
->current_mode
&&
2952 hapd
->iface
->current_mode
->mode
== HOSTAPD_MODE_IEEE80211AD
) {
2953 sta
->flags
&= ~WLAN_STA_AUTH
;
2954 wpa_auth_sm_event(sta
->wpa_sm
, WPA_DEAUTH
);
2955 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
2956 HOSTAPD_LEVEL_DEBUG
, "deauthenticated");
2957 ap_free_sta(hapd
, sta
);
2962 static void handle_deauth(struct hostapd_data
*hapd
,
2963 const struct ieee80211_mgmt
*mgmt
, size_t len
)
2965 struct sta_info
*sta
;
2967 if (len
< IEEE80211_HDRLEN
+ sizeof(mgmt
->u
.deauth
)) {
2968 wpa_msg(hapd
->msg_ctx
, MSG_DEBUG
, "handle_deauth - too short "
2969 "payload (len=%lu)", (unsigned long) len
);
2973 wpa_msg(hapd
->msg_ctx
, MSG_DEBUG
, "deauthentication: STA=" MACSTR
2975 MAC2STR(mgmt
->sa
), le_to_host16(mgmt
->u
.deauth
.reason_code
));
2977 sta
= ap_get_sta(hapd
, mgmt
->sa
);
2979 wpa_msg(hapd
->msg_ctx
, MSG_DEBUG
, "Station " MACSTR
" trying "
2980 "to deauthenticate, but it is not authenticated",
2985 ap_sta_set_authorized(hapd
, sta
, 0);
2986 sta
->last_seq_ctrl
= WLAN_INVALID_MGMT_SEQ
;
2987 sta
->flags
&= ~(WLAN_STA_AUTH
| WLAN_STA_ASSOC
|
2988 WLAN_STA_ASSOC_REQ_OK
);
2989 wpa_auth_sm_event(sta
->wpa_sm
, WPA_DEAUTH
);
2990 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
2991 HOSTAPD_LEVEL_DEBUG
, "deauthenticated");
2992 mlme_deauthenticate_indication(
2993 hapd
, sta
, le_to_host16(mgmt
->u
.deauth
.reason_code
));
2994 sta
->acct_terminate_cause
= RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST
;
2995 ieee802_1x_notify_port_enabled(sta
->eapol_sm
, 0);
2996 ap_free_sta(hapd
, sta
);
3000 static void handle_beacon(struct hostapd_data
*hapd
,
3001 const struct ieee80211_mgmt
*mgmt
, size_t len
,
3002 struct hostapd_frame_info
*fi
)
3004 struct ieee802_11_elems elems
;
3006 if (len
< IEEE80211_HDRLEN
+ sizeof(mgmt
->u
.beacon
)) {
3007 wpa_printf(MSG_INFO
, "handle_beacon - too short payload (len=%lu)",
3008 (unsigned long) len
);
3012 (void) ieee802_11_parse_elems(mgmt
->u
.beacon
.variable
,
3013 len
- (IEEE80211_HDRLEN
+
3014 sizeof(mgmt
->u
.beacon
)), &elems
,
3017 ap_list_process_beacon(hapd
->iface
, mgmt
, &elems
, fi
);
3021 #ifdef CONFIG_IEEE80211W
3023 static int hostapd_sa_query_action(struct hostapd_data
*hapd
,
3024 const struct ieee80211_mgmt
*mgmt
,
3029 end
= mgmt
->u
.action
.u
.sa_query_resp
.trans_id
+
3030 WLAN_SA_QUERY_TR_ID_LEN
;
3031 if (((u8
*) mgmt
) + len
< end
) {
3032 wpa_printf(MSG_DEBUG
, "IEEE 802.11: Too short SA Query Action "
3033 "frame (len=%lu)", (unsigned long) len
);
3037 ieee802_11_sa_query_action(hapd
, mgmt
->sa
,
3038 mgmt
->u
.action
.u
.sa_query_resp
.action
,
3039 mgmt
->u
.action
.u
.sa_query_resp
.trans_id
);
3044 static int robust_action_frame(u8 category
)
3046 return category
!= WLAN_ACTION_PUBLIC
&&
3047 category
!= WLAN_ACTION_HT
;
3049 #endif /* CONFIG_IEEE80211W */
3052 static int handle_action(struct hostapd_data
*hapd
,
3053 const struct ieee80211_mgmt
*mgmt
, size_t len
)
3055 struct sta_info
*sta
;
3056 sta
= ap_get_sta(hapd
, mgmt
->sa
);
3058 if (len
< IEEE80211_HDRLEN
+ 1) {
3059 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
3060 HOSTAPD_LEVEL_DEBUG
,
3061 "handle_action - too short payload (len=%lu)",
3062 (unsigned long) len
);
3066 if (mgmt
->u
.action
.category
!= WLAN_ACTION_PUBLIC
&&
3067 (sta
== NULL
|| !(sta
->flags
& WLAN_STA_ASSOC
))) {
3068 wpa_printf(MSG_DEBUG
, "IEEE 802.11: Ignored Action "
3069 "frame (category=%u) from unassociated STA " MACSTR
,
3070 mgmt
->u
.action
.category
, MAC2STR(mgmt
->sa
));
3074 #ifdef CONFIG_IEEE80211W
3075 if (sta
&& (sta
->flags
& WLAN_STA_MFP
) &&
3076 !(mgmt
->frame_control
& host_to_le16(WLAN_FC_ISWEP
)) &&
3077 robust_action_frame(mgmt
->u
.action
.category
)) {
3078 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
3079 HOSTAPD_LEVEL_DEBUG
,
3080 "Dropped unprotected Robust Action frame from "
3084 #endif /* CONFIG_IEEE80211W */
3087 u16 fc
= le_to_host16(mgmt
->frame_control
);
3088 u16 seq_ctrl
= le_to_host16(mgmt
->seq_ctrl
);
3090 if ((fc
& WLAN_FC_RETRY
) &&
3091 sta
->last_seq_ctrl
!= WLAN_INVALID_MGMT_SEQ
&&
3092 sta
->last_seq_ctrl
== seq_ctrl
&&
3093 sta
->last_subtype
== WLAN_FC_STYPE_ACTION
) {
3094 hostapd_logger(hapd
, sta
->addr
,
3095 HOSTAPD_MODULE_IEEE80211
,
3096 HOSTAPD_LEVEL_DEBUG
,
3097 "Drop repeated action frame seq_ctrl=0x%x",
3102 sta
->last_seq_ctrl
= seq_ctrl
;
3103 sta
->last_subtype
= WLAN_FC_STYPE_ACTION
;
3106 switch (mgmt
->u
.action
.category
) {
3107 #ifdef CONFIG_IEEE80211R_AP
3108 case WLAN_ACTION_FT
:
3110 wpa_ft_action_rx(sta
->wpa_sm
, (u8
*) &mgmt
->u
.action
,
3111 len
- IEEE80211_HDRLEN
))
3114 #endif /* CONFIG_IEEE80211R_AP */
3115 case WLAN_ACTION_WMM
:
3116 hostapd_wmm_action(hapd
, mgmt
, len
);
3118 #ifdef CONFIG_IEEE80211W
3119 case WLAN_ACTION_SA_QUERY
:
3120 return hostapd_sa_query_action(hapd
, mgmt
, len
);
3121 #endif /* CONFIG_IEEE80211W */
3123 case WLAN_ACTION_WNM
:
3124 ieee802_11_rx_wnm_action_ap(hapd
, mgmt
, len
);
3126 #endif /* CONFIG_WNM */
3128 case WLAN_ACTION_FST
:
3129 if (hapd
->iface
->fst
)
3130 fst_rx_action(hapd
->iface
->fst
, mgmt
, len
);
3132 wpa_printf(MSG_DEBUG
,
3133 "FST: Ignore FST Action frame - no FST attached");
3135 #endif /* CONFIG_FST */
3136 case WLAN_ACTION_PUBLIC
:
3137 case WLAN_ACTION_PROTECTED_DUAL
:
3138 #ifdef CONFIG_IEEE80211N
3139 if (len
>= IEEE80211_HDRLEN
+ 2 &&
3140 mgmt
->u
.action
.u
.public_action
.action
==
3141 WLAN_PA_20_40_BSS_COEX
) {
3142 wpa_printf(MSG_DEBUG
,
3143 "HT20/40 coex mgmt frame received from STA "
3144 MACSTR
, MAC2STR(mgmt
->sa
));
3145 hostapd_2040_coex_action(hapd
, mgmt
, len
);
3147 #endif /* CONFIG_IEEE80211N */
3148 if (hapd
->public_action_cb
) {
3149 hapd
->public_action_cb(hapd
->public_action_cb_ctx
,
3153 if (hapd
->public_action_cb2
) {
3154 hapd
->public_action_cb2(hapd
->public_action_cb2_ctx
,
3158 if (hapd
->public_action_cb
|| hapd
->public_action_cb2
)
3161 case WLAN_ACTION_VENDOR_SPECIFIC
:
3162 if (hapd
->vendor_action_cb
) {
3163 if (hapd
->vendor_action_cb(hapd
->vendor_action_cb_ctx
,
3165 hapd
->iface
->freq
) == 0)
3169 case WLAN_ACTION_RADIO_MEASUREMENT
:
3170 hostapd_handle_radio_measurement(hapd
, (const u8
*) mgmt
, len
);
3174 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
3175 HOSTAPD_LEVEL_DEBUG
,
3176 "handle_action - unknown action category %d or invalid "
3178 mgmt
->u
.action
.category
);
3179 if (!is_multicast_ether_addr(mgmt
->da
) &&
3180 !(mgmt
->u
.action
.category
& 0x80) &&
3181 !is_multicast_ether_addr(mgmt
->sa
)) {
3182 struct ieee80211_mgmt
*resp
;
3185 * IEEE 802.11-REVma/D9.0 - 7.3.1.11
3186 * Return the Action frame to the source without change
3187 * except that MSB of the Category set to 1.
3189 wpa_printf(MSG_DEBUG
, "IEEE 802.11: Return unknown Action "
3190 "frame back to sender");
3191 resp
= os_malloc(len
);
3194 os_memcpy(resp
, mgmt
, len
);
3195 os_memcpy(resp
->da
, resp
->sa
, ETH_ALEN
);
3196 os_memcpy(resp
->sa
, hapd
->own_addr
, ETH_ALEN
);
3197 os_memcpy(resp
->bssid
, hapd
->own_addr
, ETH_ALEN
);
3198 resp
->u
.action
.category
|= 0x80;
3200 if (hostapd_drv_send_mlme(hapd
, resp
, len
, 0) < 0) {
3201 wpa_printf(MSG_ERROR
, "IEEE 802.11: Failed to send "
3212 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames
3213 * @hapd: hostapd BSS data structure (the BSS to which the management frame was
3215 * @buf: management frame data (starting from IEEE 802.11 header)
3216 * @len: length of frame data in octets
3217 * @fi: meta data about received frame (signal level, etc.)
3219 * Process all incoming IEEE 802.11 management frames. This will be called for
3220 * each frame received from the kernel driver through wlan#ap interface. In
3221 * addition, it can be called to re-inserted pending frames (e.g., when using
3222 * external RADIUS server as an MAC ACL).
3224 int ieee802_11_mgmt(struct hostapd_data
*hapd
, const u8
*buf
, size_t len
,
3225 struct hostapd_frame_info
*fi
)
3227 struct ieee80211_mgmt
*mgmt
;
3234 mgmt
= (struct ieee80211_mgmt
*) buf
;
3235 fc
= le_to_host16(mgmt
->frame_control
);
3236 stype
= WLAN_FC_GET_STYPE(fc
);
3238 if (stype
== WLAN_FC_STYPE_BEACON
) {
3239 handle_beacon(hapd
, mgmt
, len
, fi
);
3243 if (!is_broadcast_ether_addr(mgmt
->bssid
) &&
3245 /* Invitation responses can be sent with the peer MAC as BSSID */
3246 !((hapd
->conf
->p2p
& P2P_GROUP_OWNER
) &&
3247 stype
== WLAN_FC_STYPE_ACTION
) &&
3248 #endif /* CONFIG_P2P */
3250 !(hapd
->conf
->mesh
& MESH_ENABLED
) &&
3251 #endif /* CONFIG_MESH */
3252 os_memcmp(mgmt
->bssid
, hapd
->own_addr
, ETH_ALEN
) != 0) {
3253 wpa_printf(MSG_INFO
, "MGMT: BSSID=" MACSTR
" not our address",
3254 MAC2STR(mgmt
->bssid
));
3259 if (stype
== WLAN_FC_STYPE_PROBE_REQ
) {
3260 handle_probe_req(hapd
, mgmt
, len
, fi
->ssi_signal
);
3264 if (os_memcmp(mgmt
->da
, hapd
->own_addr
, ETH_ALEN
) != 0) {
3265 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
3266 HOSTAPD_LEVEL_DEBUG
,
3267 "MGMT: DA=" MACSTR
" not our address",
3272 if (hapd
->iconf
->track_sta_max_num
)
3273 sta_track_add(hapd
->iface
, mgmt
->sa
, fi
->ssi_signal
);
3276 case WLAN_FC_STYPE_AUTH
:
3277 wpa_printf(MSG_DEBUG
, "mgmt::auth");
3278 handle_auth(hapd
, mgmt
, len
);
3281 case WLAN_FC_STYPE_ASSOC_REQ
:
3282 wpa_printf(MSG_DEBUG
, "mgmt::assoc_req");
3283 handle_assoc(hapd
, mgmt
, len
, 0);
3286 case WLAN_FC_STYPE_REASSOC_REQ
:
3287 wpa_printf(MSG_DEBUG
, "mgmt::reassoc_req");
3288 handle_assoc(hapd
, mgmt
, len
, 1);
3291 case WLAN_FC_STYPE_DISASSOC
:
3292 wpa_printf(MSG_DEBUG
, "mgmt::disassoc");
3293 handle_disassoc(hapd
, mgmt
, len
);
3296 case WLAN_FC_STYPE_DEAUTH
:
3297 wpa_msg(hapd
->msg_ctx
, MSG_DEBUG
, "mgmt::deauth");
3298 handle_deauth(hapd
, mgmt
, len
);
3301 case WLAN_FC_STYPE_ACTION
:
3302 wpa_printf(MSG_DEBUG
, "mgmt::action");
3303 ret
= handle_action(hapd
, mgmt
, len
);
3306 hostapd_logger(hapd
, mgmt
->sa
, HOSTAPD_MODULE_IEEE80211
,
3307 HOSTAPD_LEVEL_DEBUG
,
3308 "unknown mgmt frame subtype %d", stype
);
3316 static void handle_auth_cb(struct hostapd_data
*hapd
,
3317 const struct ieee80211_mgmt
*mgmt
,
3320 u16 auth_alg
, auth_transaction
, status_code
;
3321 struct sta_info
*sta
;
3323 sta
= ap_get_sta(hapd
, mgmt
->da
);
3325 wpa_printf(MSG_INFO
, "handle_auth_cb: STA " MACSTR
" not found",
3330 auth_alg
= le_to_host16(mgmt
->u
.auth
.auth_alg
);
3331 auth_transaction
= le_to_host16(mgmt
->u
.auth
.auth_transaction
);
3332 status_code
= le_to_host16(mgmt
->u
.auth
.status_code
);
3335 hostapd_logger(hapd
, mgmt
->da
, HOSTAPD_MODULE_IEEE80211
,
3336 HOSTAPD_LEVEL_NOTICE
,
3337 "did not acknowledge authentication response");
3341 if (len
< IEEE80211_HDRLEN
+ sizeof(mgmt
->u
.auth
)) {
3342 wpa_printf(MSG_INFO
, "handle_auth_cb - too short payload (len=%lu)",
3343 (unsigned long) len
);
3347 if (status_code
== WLAN_STATUS_SUCCESS
&&
3348 ((auth_alg
== WLAN_AUTH_OPEN
&& auth_transaction
== 2) ||
3349 (auth_alg
== WLAN_AUTH_SHARED_KEY
&& auth_transaction
== 4))) {
3350 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
3351 HOSTAPD_LEVEL_INFO
, "authenticated");
3352 sta
->flags
|= WLAN_STA_AUTH
;
3353 if (sta
->added_unassoc
)
3354 hostapd_set_sta_flags(hapd
, sta
);
3359 if (status_code
!= WLAN_STATUS_SUCCESS
&& sta
->added_unassoc
) {
3360 hostapd_drv_sta_remove(hapd
, sta
->addr
);
3361 sta
->added_unassoc
= 0;
3366 static void hostapd_set_wds_encryption(struct hostapd_data
*hapd
,
3367 struct sta_info
*sta
,
3371 struct hostapd_ssid
*ssid
= &hapd
->conf
->ssid
;
3373 if (hapd
->conf
->ieee802_1x
|| hapd
->conf
->wpa
)
3376 for (i
= 0; i
< 4; i
++) {
3377 if (ssid
->wep
.key
[i
] &&
3378 hostapd_drv_set_key(ifname_wds
, hapd
, WPA_ALG_WEP
, NULL
, i
,
3379 i
== ssid
->wep
.idx
, NULL
, 0,
3380 ssid
->wep
.key
[i
], ssid
->wep
.len
[i
])) {
3381 wpa_printf(MSG_WARNING
,
3382 "Could not set WEP keys for WDS interface; %s",
3390 static void handle_assoc_cb(struct hostapd_data
*hapd
,
3391 const struct ieee80211_mgmt
*mgmt
,
3392 size_t len
, int reassoc
, int ok
)
3395 struct sta_info
*sta
;
3398 sta
= ap_get_sta(hapd
, mgmt
->da
);
3400 wpa_printf(MSG_INFO
, "handle_assoc_cb: STA " MACSTR
" not found",
3405 if (len
< IEEE80211_HDRLEN
+ (reassoc
? sizeof(mgmt
->u
.reassoc_resp
) :
3406 sizeof(mgmt
->u
.assoc_resp
))) {
3407 wpa_printf(MSG_INFO
,
3408 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)",
3409 reassoc
, (unsigned long) len
);
3410 hostapd_drv_sta_remove(hapd
, sta
->addr
);
3415 status
= le_to_host16(mgmt
->u
.reassoc_resp
.status_code
);
3417 status
= le_to_host16(mgmt
->u
.assoc_resp
.status_code
);
3420 hostapd_logger(hapd
, mgmt
->da
, HOSTAPD_MODULE_IEEE80211
,
3421 HOSTAPD_LEVEL_DEBUG
,
3422 "did not acknowledge association response");
3423 sta
->flags
&= ~WLAN_STA_ASSOC_REQ_OK
;
3424 /* The STA is added only in case of SUCCESS */
3425 if (status
== WLAN_STATUS_SUCCESS
)
3426 hostapd_drv_sta_remove(hapd
, sta
->addr
);
3431 if (status
!= WLAN_STATUS_SUCCESS
)
3434 /* Stop previous accounting session, if one is started, and allocate
3435 * new session id for the new session. */
3436 accounting_sta_stop(hapd
, sta
);
3438 hostapd_logger(hapd
, sta
->addr
, HOSTAPD_MODULE_IEEE80211
,
3440 "associated (aid %d)",
3443 if (sta
->flags
& WLAN_STA_ASSOC
)
3445 sta
->flags
|= WLAN_STA_ASSOC
;
3446 sta
->flags
&= ~WLAN_STA_WNM_SLEEP_MODE
;
3447 if ((!hapd
->conf
->ieee802_1x
&& !hapd
->conf
->wpa
&&
3448 !hapd
->conf
->osen
) ||
3449 sta
->auth_alg
== WLAN_AUTH_FILS_SK
||
3450 sta
->auth_alg
== WLAN_AUTH_FILS_SK_PFS
||
3451 sta
->auth_alg
== WLAN_AUTH_FILS_PK
||
3452 sta
->auth_alg
== WLAN_AUTH_FT
) {
3454 * Open, static WEP, FT protocol, or FILS; no separate
3455 * authorization step.
3457 ap_sta_set_authorized(hapd
, sta
, 1);
3461 mlme_reassociate_indication(hapd
, sta
);
3463 mlme_associate_indication(hapd
, sta
);
3465 #ifdef CONFIG_IEEE80211W
3466 sta
->sa_query_timed_out
= 0;
3467 #endif /* CONFIG_IEEE80211W */
3469 if (sta
->eapol_sm
== NULL
) {
3471 * This STA does not use RADIUS server for EAP authentication,
3472 * so bind it to the selected VLAN interface now, since the
3473 * interface selection is not going to change anymore.
3475 if (ap_sta_bind_vlan(hapd
, sta
) < 0)
3477 } else if (sta
->vlan_id
) {
3478 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
3479 if (ap_sta_bind_vlan(hapd
, sta
) < 0)
3483 hostapd_set_sta_flags(hapd
, sta
);
3485 if (!(sta
->flags
& WLAN_STA_WDS
) && sta
->pending_wds_enable
) {
3486 wpa_printf(MSG_DEBUG
, "Enable 4-address WDS mode for STA "
3487 MACSTR
" based on pending request",
3488 MAC2STR(sta
->addr
));
3489 sta
->pending_wds_enable
= 0;
3490 sta
->flags
|= WLAN_STA_WDS
;
3493 if (sta
->flags
& WLAN_STA_WDS
) {
3495 char ifname_wds
[IFNAMSIZ
+ 1];
3497 wpa_printf(MSG_DEBUG
, "Reenable 4-address WDS mode for STA "
3499 MAC2STR(sta
->addr
), sta
->aid
);
3500 ret
= hostapd_set_wds_sta(hapd
, ifname_wds
, sta
->addr
,
3503 hostapd_set_wds_encryption(hapd
, sta
, ifname_wds
);
3506 if (sta
->auth_alg
== WLAN_AUTH_FT
)
3507 wpa_auth_sm_event(sta
->wpa_sm
, WPA_ASSOC_FT
);
3509 wpa_auth_sm_event(sta
->wpa_sm
, WPA_ASSOC
);
3510 hapd
->new_assoc_sta_cb(hapd
, sta
, !new_assoc
);
3511 ieee802_1x_notify_port_enabled(sta
->eapol_sm
, 1);
3514 if ((sta
->auth_alg
== WLAN_AUTH_FILS_SK
||
3515 sta
->auth_alg
== WLAN_AUTH_FILS_SK_PFS
||
3516 sta
->auth_alg
== WLAN_AUTH_FILS_PK
) &&
3517 fils_set_tk(sta
->wpa_sm
) < 0) {
3518 wpa_printf(MSG_DEBUG
, "FILS: TK configuration failed");
3519 ap_sta_disconnect(hapd
, sta
, sta
->addr
,
3520 WLAN_REASON_UNSPECIFIED
);
3523 #endif /* CONFIG_FILS */
3525 if (sta
->pending_eapol_rx
) {
3526 struct os_reltime now
, age
;
3528 os_get_reltime(&now
);
3529 os_reltime_sub(&now
, &sta
->pending_eapol_rx
->rx_time
, &age
);
3530 if (age
.sec
== 0 && age
.usec
< 200000) {
3531 wpa_printf(MSG_DEBUG
,
3532 "Process pending EAPOL frame that was received from " MACSTR
" just before association notification",
3533 MAC2STR(sta
->addr
));
3536 wpabuf_head(sta
->pending_eapol_rx
->buf
),
3537 wpabuf_len(sta
->pending_eapol_rx
->buf
));
3539 wpabuf_free(sta
->pending_eapol_rx
->buf
);
3540 os_free(sta
->pending_eapol_rx
);
3541 sta
->pending_eapol_rx
= NULL
;
3546 static void handle_deauth_cb(struct hostapd_data
*hapd
,
3547 const struct ieee80211_mgmt
*mgmt
,
3550 struct sta_info
*sta
;
3551 if (is_multicast_ether_addr(mgmt
->da
))
3553 sta
= ap_get_sta(hapd
, mgmt
->da
);
3555 wpa_printf(MSG_DEBUG
, "handle_deauth_cb: STA " MACSTR
3556 " not found", MAC2STR(mgmt
->da
));
3560 wpa_printf(MSG_DEBUG
, "STA " MACSTR
" acknowledged deauth",
3561 MAC2STR(sta
->addr
));
3563 wpa_printf(MSG_DEBUG
, "STA " MACSTR
" did not acknowledge "
3564 "deauth", MAC2STR(sta
->addr
));
3566 ap_sta_deauth_cb(hapd
, sta
);
3570 static void handle_disassoc_cb(struct hostapd_data
*hapd
,
3571 const struct ieee80211_mgmt
*mgmt
,
3574 struct sta_info
*sta
;
3575 if (is_multicast_ether_addr(mgmt
->da
))
3577 sta
= ap_get_sta(hapd
, mgmt
->da
);
3579 wpa_printf(MSG_DEBUG
, "handle_disassoc_cb: STA " MACSTR
3580 " not found", MAC2STR(mgmt
->da
));
3584 wpa_printf(MSG_DEBUG
, "STA " MACSTR
" acknowledged disassoc",
3585 MAC2STR(sta
->addr
));
3587 wpa_printf(MSG_DEBUG
, "STA " MACSTR
" did not acknowledge "
3588 "disassoc", MAC2STR(sta
->addr
));
3590 ap_sta_disassoc_cb(hapd
, sta
);
3594 static void handle_action_cb(struct hostapd_data
*hapd
,
3595 const struct ieee80211_mgmt
*mgmt
,
3598 struct sta_info
*sta
;
3599 const struct rrm_measurement_report_element
*report
;
3601 if (is_multicast_ether_addr(mgmt
->da
))
3603 sta
= ap_get_sta(hapd
, mgmt
->da
);
3605 wpa_printf(MSG_DEBUG
, "handle_action_cb: STA " MACSTR
3606 " not found", MAC2STR(mgmt
->da
));
3610 if (len
< 24 + 5 + sizeof(*report
))
3612 report
= (const struct rrm_measurement_report_element
*)
3613 &mgmt
->u
.action
.u
.rrm
.variable
[2];
3614 if (mgmt
->u
.action
.category
== WLAN_ACTION_RADIO_MEASUREMENT
&&
3615 mgmt
->u
.action
.u
.rrm
.action
== WLAN_RRM_RADIO_MEASUREMENT_REQUEST
&&
3616 report
->eid
== WLAN_EID_MEASURE_REQUEST
&&
3618 report
->type
== MEASURE_TYPE_BEACON
)
3619 hostapd_rrm_beacon_req_tx_status(hapd
, mgmt
, len
, ok
);
3624 * ieee802_11_mgmt_cb - Process management frame TX status callback
3625 * @hapd: hostapd BSS data structure (the BSS from which the management frame
3627 * @buf: management frame data (starting from IEEE 802.11 header)
3628 * @len: length of frame data in octets
3629 * @stype: management frame subtype from frame control field
3630 * @ok: Whether the frame was ACK'ed
3632 void ieee802_11_mgmt_cb(struct hostapd_data
*hapd
, const u8
*buf
, size_t len
,
3635 const struct ieee80211_mgmt
*mgmt
;
3636 mgmt
= (const struct ieee80211_mgmt
*) buf
;
3638 #ifdef CONFIG_TESTING_OPTIONS
3639 if (hapd
->ext_mgmt_frame_handling
) {
3640 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, "MGMT-TX-STATUS stype=%u ok=%d",
3644 #endif /* CONFIG_TESTING_OPTIONS */
3647 case WLAN_FC_STYPE_AUTH
:
3648 wpa_printf(MSG_DEBUG
, "mgmt::auth cb");
3649 handle_auth_cb(hapd
, mgmt
, len
, ok
);
3651 case WLAN_FC_STYPE_ASSOC_RESP
:
3652 wpa_printf(MSG_DEBUG
, "mgmt::assoc_resp cb");
3653 handle_assoc_cb(hapd
, mgmt
, len
, 0, ok
);
3655 case WLAN_FC_STYPE_REASSOC_RESP
:
3656 wpa_printf(MSG_DEBUG
, "mgmt::reassoc_resp cb");
3657 handle_assoc_cb(hapd
, mgmt
, len
, 1, ok
);
3659 case WLAN_FC_STYPE_PROBE_RESP
:
3660 wpa_printf(MSG_EXCESSIVE
, "mgmt::proberesp cb ok=%d", ok
);
3662 case WLAN_FC_STYPE_DEAUTH
:
3663 wpa_printf(MSG_DEBUG
, "mgmt::deauth cb");
3664 handle_deauth_cb(hapd
, mgmt
, len
, ok
);
3666 case WLAN_FC_STYPE_DISASSOC
:
3667 wpa_printf(MSG_DEBUG
, "mgmt::disassoc cb");
3668 handle_disassoc_cb(hapd
, mgmt
, len
, ok
);
3670 case WLAN_FC_STYPE_ACTION
:
3671 wpa_printf(MSG_DEBUG
, "mgmt::action cb ok=%d", ok
);
3672 handle_action_cb(hapd
, mgmt
, len
, ok
);
3675 wpa_printf(MSG_INFO
, "unknown mgmt cb frame subtype %d", stype
);
3681 int ieee802_11_get_mib(struct hostapd_data
*hapd
, char *buf
, size_t buflen
)
3688 int ieee802_11_get_mib_sta(struct hostapd_data
*hapd
, struct sta_info
*sta
,
3689 char *buf
, size_t buflen
)
3696 void hostapd_tx_status(struct hostapd_data
*hapd
, const u8
*addr
,
3697 const u8
*buf
, size_t len
, int ack
)
3699 struct sta_info
*sta
;
3700 struct hostapd_iface
*iface
= hapd
->iface
;
3702 sta
= ap_get_sta(hapd
, addr
);
3703 if (sta
== NULL
&& iface
->num_bss
> 1) {
3705 for (j
= 0; j
< iface
->num_bss
; j
++) {
3706 hapd
= iface
->bss
[j
];
3707 sta
= ap_get_sta(hapd
, addr
);
3712 if (sta
== NULL
|| !(sta
->flags
& WLAN_STA_ASSOC
))
3714 if (sta
->flags
& WLAN_STA_PENDING_POLL
) {
3715 wpa_printf(MSG_DEBUG
, "STA " MACSTR
" %s pending "
3716 "activity poll", MAC2STR(sta
->addr
),
3717 ack
? "ACKed" : "did not ACK");
3719 sta
->flags
&= ~WLAN_STA_PENDING_POLL
;
3722 ieee802_1x_tx_status(hapd
, sta
, buf
, len
, ack
);
3726 void hostapd_eapol_tx_status(struct hostapd_data
*hapd
, const u8
*dst
,
3727 const u8
*data
, size_t len
, int ack
)
3729 struct sta_info
*sta
;
3730 struct hostapd_iface
*iface
= hapd
->iface
;
3732 sta
= ap_get_sta(hapd
, dst
);
3733 if (sta
== NULL
&& iface
->num_bss
> 1) {
3735 for (j
= 0; j
< iface
->num_bss
; j
++) {
3736 hapd
= iface
->bss
[j
];
3737 sta
= ap_get_sta(hapd
, dst
);
3742 if (sta
== NULL
|| !(sta
->flags
& WLAN_STA_ASSOC
)) {
3743 wpa_printf(MSG_DEBUG
, "Ignore TX status for Data frame to STA "
3744 MACSTR
" that is not currently associated",
3749 ieee802_1x_eapol_tx_status(hapd
, sta
, data
, len
, ack
);
3753 void hostapd_client_poll_ok(struct hostapd_data
*hapd
, const u8
*addr
)
3755 struct sta_info
*sta
;
3756 struct hostapd_iface
*iface
= hapd
->iface
;
3758 sta
= ap_get_sta(hapd
, addr
);
3759 if (sta
== NULL
&& iface
->num_bss
> 1) {
3761 for (j
= 0; j
< iface
->num_bss
; j
++) {
3762 hapd
= iface
->bss
[j
];
3763 sta
= ap_get_sta(hapd
, addr
);
3770 wpa_msg(hapd
->msg_ctx
, MSG_INFO
, AP_STA_POLL_OK MACSTR
,
3771 MAC2STR(sta
->addr
));
3772 if (!(sta
->flags
& WLAN_STA_PENDING_POLL
))
3775 wpa_printf(MSG_DEBUG
, "STA " MACSTR
" ACKed pending "
3776 "activity poll", MAC2STR(sta
->addr
));
3777 sta
->flags
&= ~WLAN_STA_PENDING_POLL
;
3781 void ieee802_11_rx_from_unknown(struct hostapd_data
*hapd
, const u8
*src
,
3784 struct sta_info
*sta
;
3786 sta
= ap_get_sta(hapd
, src
);
3788 ((sta
->flags
& WLAN_STA_ASSOC
) ||
3789 ((sta
->flags
& WLAN_STA_ASSOC_REQ_OK
) && wds
))) {
3790 if (!hapd
->conf
->wds_sta
)
3793 if ((sta
->flags
& (WLAN_STA_ASSOC
| WLAN_STA_ASSOC_REQ_OK
)) ==
3794 WLAN_STA_ASSOC_REQ_OK
) {
3795 wpa_printf(MSG_DEBUG
,
3796 "Postpone 4-address WDS mode enabling for STA "
3797 MACSTR
" since TX status for AssocResp is not yet known",
3798 MAC2STR(sta
->addr
));
3799 sta
->pending_wds_enable
= 1;
3803 if (wds
&& !(sta
->flags
& WLAN_STA_WDS
)) {
3805 char ifname_wds
[IFNAMSIZ
+ 1];
3807 wpa_printf(MSG_DEBUG
, "Enable 4-address WDS mode for "
3808 "STA " MACSTR
" (aid %u)",
3809 MAC2STR(sta
->addr
), sta
->aid
);
3810 sta
->flags
|= WLAN_STA_WDS
;
3811 ret
= hostapd_set_wds_sta(hapd
, ifname_wds
,
3812 sta
->addr
, sta
->aid
, 1);
3814 hostapd_set_wds_encryption(hapd
, sta
,
3820 wpa_printf(MSG_DEBUG
, "Data/PS-poll frame from not associated STA "
3821 MACSTR
, MAC2STR(src
));
3822 if (is_multicast_ether_addr(src
)) {
3823 /* Broadcast bit set in SA?! Ignore the frame silently. */
3827 if (sta
&& (sta
->flags
& WLAN_STA_ASSOC_REQ_OK
)) {
3828 wpa_printf(MSG_DEBUG
, "Association Response to the STA has "
3829 "already been sent, but no TX status yet known - "
3830 "ignore Class 3 frame issue with " MACSTR
,
3835 if (sta
&& (sta
->flags
& WLAN_STA_AUTH
))
3836 hostapd_drv_sta_disassoc(
3838 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA
);
3840 hostapd_drv_sta_deauth(
3842 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA
);
3846 #endif /* CONFIG_NATIVE_WINDOWS */