]>
Commit | Line | Data |
---|---|---|
d32d94db XC |
1 | /* |
2 | * hostapd - WNM | |
a30dff07 | 3 | * Copyright (c) 2011-2014, Qualcomm Atheros, Inc. |
d32d94db XC |
4 | * |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
2025cad9 | 12 | #include "utils/eloop.h" |
d32d94db | 13 | #include "common/ieee802_11_defs.h" |
53514800 | 14 | #include "common/wpa_ctrl.h" |
d32d94db XC |
15 | #include "ap/hostapd.h" |
16 | #include "ap/sta_info.h" | |
17 | #include "ap/ap_config.h" | |
18 | #include "ap/ap_drv_ops.h" | |
19 | #include "ap/wpa_auth.h" | |
8dd49f0c | 20 | #include "mbo_ap.h" |
d32d94db XC |
21 | #include "wnm_ap.h" |
22 | ||
23 | #define MAX_TFS_IE_LEN 1024 | |
24 | ||
d32d94db XC |
25 | |
26 | /* get the TFS IE from driver */ | |
27 | static int ieee80211_11_get_tfs_ie(struct hostapd_data *hapd, const u8 *addr, | |
28 | u8 *buf, u16 *buf_len, enum wnm_oper oper) | |
29 | { | |
30 | wpa_printf(MSG_DEBUG, "%s: TFS get operation %d", __func__, oper); | |
31 | ||
32 | return hostapd_drv_wnm_oper(hapd, oper, addr, buf, buf_len); | |
33 | } | |
34 | ||
35 | ||
36 | /* set the TFS IE to driver */ | |
37 | static int ieee80211_11_set_tfs_ie(struct hostapd_data *hapd, const u8 *addr, | |
38 | u8 *buf, u16 *buf_len, enum wnm_oper oper) | |
39 | { | |
40 | wpa_printf(MSG_DEBUG, "%s: TFS set operation %d", __func__, oper); | |
41 | ||
42 | return hostapd_drv_wnm_oper(hapd, oper, addr, buf, buf_len); | |
43 | } | |
44 | ||
45 | ||
46 | /* MLME-SLEEPMODE.response */ | |
47 | static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd, | |
48 | const u8 *addr, u8 dialog_token, | |
49 | u8 action_type, u16 intval) | |
50 | { | |
51 | struct ieee80211_mgmt *mgmt; | |
52 | int res; | |
53 | size_t len; | |
54 | size_t gtk_elem_len = 0; | |
55 | size_t igtk_elem_len = 0; | |
56 | struct wnm_sleep_element wnmsleep_ie; | |
57 | u8 *wnmtfs_ie; | |
58 | u8 wnmsleep_ie_len; | |
59 | u16 wnmtfs_ie_len; | |
60 | u8 *pos; | |
61 | struct sta_info *sta; | |
615a5d55 JM |
62 | enum wnm_oper tfs_oper = action_type == WNM_SLEEP_MODE_ENTER ? |
63 | WNM_SLEEP_TFS_RESP_IE_ADD : WNM_SLEEP_TFS_RESP_IE_NONE; | |
d32d94db XC |
64 | |
65 | sta = ap_get_sta(hapd, addr); | |
66 | if (sta == NULL) { | |
67 | wpa_printf(MSG_DEBUG, "%s: station not found", __func__); | |
68 | return -EINVAL; | |
69 | } | |
70 | ||
71 | /* WNM-Sleep Mode IE */ | |
72 | os_memset(&wnmsleep_ie, 0, sizeof(struct wnm_sleep_element)); | |
73 | wnmsleep_ie_len = sizeof(struct wnm_sleep_element); | |
74 | wnmsleep_ie.eid = WLAN_EID_WNMSLEEP; | |
75 | wnmsleep_ie.len = wnmsleep_ie_len - 2; | |
76 | wnmsleep_ie.action_type = action_type; | |
77 | wnmsleep_ie.status = WNM_STATUS_SLEEP_ACCEPT; | |
5ace51a4 | 78 | wnmsleep_ie.intval = host_to_le16(intval); |
d32d94db XC |
79 | |
80 | /* TFS IE(s) */ | |
81 | wnmtfs_ie = os_zalloc(MAX_TFS_IE_LEN); | |
82 | if (wnmtfs_ie == NULL) | |
83 | return -1; | |
84 | if (ieee80211_11_get_tfs_ie(hapd, addr, wnmtfs_ie, &wnmtfs_ie_len, | |
85 | tfs_oper)) { | |
86 | wnmtfs_ie_len = 0; | |
87 | os_free(wnmtfs_ie); | |
88 | wnmtfs_ie = NULL; | |
89 | } | |
90 | ||
91 | #define MAX_GTK_SUBELEM_LEN 45 | |
92 | #define MAX_IGTK_SUBELEM_LEN 26 | |
93 | mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len + | |
94 | MAX_GTK_SUBELEM_LEN + MAX_IGTK_SUBELEM_LEN); | |
95 | if (mgmt == NULL) { | |
96 | wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for " | |
97 | "WNM-Sleep Response action frame"); | |
e7ddd86a JM |
98 | res = -1; |
99 | goto fail; | |
d32d94db XC |
100 | } |
101 | os_memcpy(mgmt->da, addr, ETH_ALEN); | |
102 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
103 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
104 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
105 | WLAN_FC_STYPE_ACTION); | |
106 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
107 | mgmt->u.action.u.wnm_sleep_resp.action = WNM_SLEEP_MODE_RESP; | |
108 | mgmt->u.action.u.wnm_sleep_resp.dialogtoken = dialog_token; | |
109 | pos = (u8 *)mgmt->u.action.u.wnm_sleep_resp.variable; | |
110 | /* add key data if MFP is enabled */ | |
4da10640 | 111 | if (!wpa_auth_uses_mfp(sta->wpa_sm) || |
348c9384 | 112 | hapd->conf->wnm_sleep_mode_no_keys || |
615a5d55 | 113 | action_type != WNM_SLEEP_MODE_EXIT) { |
d32d94db XC |
114 | mgmt->u.action.u.wnm_sleep_resp.keydata_len = 0; |
115 | } else { | |
116 | gtk_elem_len = wpa_wnmsleep_gtk_subelem(sta->wpa_sm, pos); | |
117 | pos += gtk_elem_len; | |
118 | wpa_printf(MSG_DEBUG, "Pass 4, gtk_len = %d", | |
119 | (int) gtk_elem_len); | |
120 | #ifdef CONFIG_IEEE80211W | |
121 | res = wpa_wnmsleep_igtk_subelem(sta->wpa_sm, pos); | |
e7ddd86a JM |
122 | if (res < 0) |
123 | goto fail; | |
d32d94db XC |
124 | igtk_elem_len = res; |
125 | pos += igtk_elem_len; | |
126 | wpa_printf(MSG_DEBUG, "Pass 4 igtk_len = %d", | |
127 | (int) igtk_elem_len); | |
128 | #endif /* CONFIG_IEEE80211W */ | |
129 | ||
130 | WPA_PUT_LE16((u8 *) | |
131 | &mgmt->u.action.u.wnm_sleep_resp.keydata_len, | |
132 | gtk_elem_len + igtk_elem_len); | |
133 | } | |
134 | os_memcpy(pos, &wnmsleep_ie, wnmsleep_ie_len); | |
135 | /* copy TFS IE here */ | |
136 | pos += wnmsleep_ie_len; | |
a8e93a1a JM |
137 | if (wnmtfs_ie) |
138 | os_memcpy(pos, wnmtfs_ie, wnmtfs_ie_len); | |
d32d94db XC |
139 | |
140 | len = 1 + sizeof(mgmt->u.action.u.wnm_sleep_resp) + gtk_elem_len + | |
141 | igtk_elem_len + wnmsleep_ie_len + wnmtfs_ie_len; | |
142 | ||
143 | /* In driver, response frame should be forced to sent when STA is in | |
144 | * PS mode */ | |
145 | res = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, | |
146 | mgmt->da, &mgmt->u.action.category, len); | |
147 | ||
148 | if (!res) { | |
149 | wpa_printf(MSG_DEBUG, "Successfully send WNM-Sleep Response " | |
150 | "frame"); | |
151 | ||
152 | /* when entering wnmsleep | |
153 | * 1. pause the node in driver | |
154 | * 2. mark the node so that AP won't update GTK/IGTK during | |
155 | * WNM Sleep | |
156 | */ | |
157 | if (wnmsleep_ie.status == WNM_STATUS_SLEEP_ACCEPT && | |
615a5d55 | 158 | wnmsleep_ie.action_type == WNM_SLEEP_MODE_ENTER) { |
3578e665 | 159 | sta->flags |= WLAN_STA_WNM_SLEEP_MODE; |
d32d94db XC |
160 | hostapd_drv_wnm_oper(hapd, WNM_SLEEP_ENTER_CONFIRM, |
161 | addr, NULL, NULL); | |
162 | wpa_set_wnmsleep(sta->wpa_sm, 1); | |
163 | } | |
164 | /* when exiting wnmsleep | |
165 | * 1. unmark the node | |
166 | * 2. start GTK/IGTK update if MFP is not used | |
167 | * 3. unpause the node in driver | |
168 | */ | |
4da10640 JM |
169 | if ((wnmsleep_ie.status == WNM_STATUS_SLEEP_ACCEPT || |
170 | wnmsleep_ie.status == | |
171 | WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) && | |
615a5d55 | 172 | wnmsleep_ie.action_type == WNM_SLEEP_MODE_EXIT) { |
3578e665 | 173 | sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE; |
d32d94db XC |
174 | wpa_set_wnmsleep(sta->wpa_sm, 0); |
175 | hostapd_drv_wnm_oper(hapd, WNM_SLEEP_EXIT_CONFIRM, | |
176 | addr, NULL, NULL); | |
348c9384 JM |
177 | if (!wpa_auth_uses_mfp(sta->wpa_sm) || |
178 | hapd->conf->wnm_sleep_mode_no_keys) | |
d32d94db XC |
179 | wpa_wnmsleep_rekey_gtk(sta->wpa_sm); |
180 | } | |
181 | } else | |
182 | wpa_printf(MSG_DEBUG, "Fail to send WNM-Sleep Response frame"); | |
183 | ||
184 | #undef MAX_GTK_SUBELEM_LEN | |
185 | #undef MAX_IGTK_SUBELEM_LEN | |
e7ddd86a | 186 | fail: |
d32d94db XC |
187 | os_free(wnmtfs_ie); |
188 | os_free(mgmt); | |
189 | return res; | |
190 | } | |
191 | ||
192 | ||
193 | static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd, | |
194 | const u8 *addr, const u8 *frm, int len) | |
195 | { | |
c79938a5 JM |
196 | /* Dialog Token [1] | WNM-Sleep Mode IE | TFS Response IE */ |
197 | const u8 *pos = frm; | |
198 | u8 dialog_token; | |
d32d94db XC |
199 | struct wnm_sleep_element *wnmsleep_ie = NULL; |
200 | /* multiple TFS Req IE (assuming consecutive) */ | |
201 | u8 *tfsreq_ie_start = NULL; | |
202 | u8 *tfsreq_ie_end = NULL; | |
203 | u16 tfsreq_ie_len = 0; | |
204 | ||
114f2830 JM |
205 | if (!hapd->conf->wnm_sleep_mode) { |
206 | wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from " | |
207 | MACSTR " since WNM-Sleep Mode is disabled", | |
208 | MAC2STR(addr)); | |
209 | return; | |
210 | } | |
211 | ||
c79938a5 JM |
212 | dialog_token = *pos++; |
213 | while (pos + 1 < frm + len) { | |
214 | u8 ie_len = pos[1]; | |
215 | if (pos + 2 + ie_len > frm + len) | |
216 | break; | |
d6d5970e JM |
217 | if (*pos == WLAN_EID_WNMSLEEP && |
218 | ie_len >= (int) sizeof(*wnmsleep_ie) - 2) | |
c79938a5 | 219 | wnmsleep_ie = (struct wnm_sleep_element *) pos; |
d32d94db XC |
220 | else if (*pos == WLAN_EID_TFS_REQ) { |
221 | if (!tfsreq_ie_start) | |
c79938a5 JM |
222 | tfsreq_ie_start = (u8 *) pos; |
223 | tfsreq_ie_end = (u8 *) pos; | |
d32d94db | 224 | } else |
c79938a5 JM |
225 | wpa_printf(MSG_DEBUG, "WNM: EID %d not recognized", |
226 | *pos); | |
d32d94db XC |
227 | pos += ie_len + 2; |
228 | } | |
229 | ||
230 | if (!wnmsleep_ie) { | |
231 | wpa_printf(MSG_DEBUG, "No WNM-Sleep IE found"); | |
232 | return; | |
233 | } | |
234 | ||
615a5d55 JM |
235 | if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER && |
236 | tfsreq_ie_start && tfsreq_ie_end && | |
237 | tfsreq_ie_end - tfsreq_ie_start >= 0) { | |
d32d94db XC |
238 | tfsreq_ie_len = (tfsreq_ie_end + tfsreq_ie_end[1] + 2) - |
239 | tfsreq_ie_start; | |
240 | wpa_printf(MSG_DEBUG, "TFS Req IE(s) found"); | |
241 | /* pass the TFS Req IE(s) to driver for processing */ | |
242 | if (ieee80211_11_set_tfs_ie(hapd, addr, tfsreq_ie_start, | |
243 | &tfsreq_ie_len, | |
244 | WNM_SLEEP_TFS_REQ_IE_SET)) | |
245 | wpa_printf(MSG_DEBUG, "Fail to set TFS Req IE"); | |
246 | } | |
247 | ||
248 | ieee802_11_send_wnmsleep_resp(hapd, addr, dialog_token, | |
249 | wnmsleep_ie->action_type, | |
5ace51a4 | 250 | le_to_host16(wnmsleep_ie->intval)); |
d32d94db | 251 | |
615a5d55 | 252 | if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT) { |
d32d94db XC |
253 | /* clear the tfs after sending the resp frame */ |
254 | ieee80211_11_set_tfs_ie(hapd, addr, tfsreq_ie_start, | |
255 | &tfsreq_ie_len, WNM_SLEEP_TFS_IE_DEL); | |
256 | } | |
257 | } | |
258 | ||
259 | ||
28ab64af JM |
260 | static int ieee802_11_send_bss_trans_mgmt_request(struct hostapd_data *hapd, |
261 | const u8 *addr, | |
885bbd4d | 262 | u8 dialog_token) |
28ab64af JM |
263 | { |
264 | struct ieee80211_mgmt *mgmt; | |
885bbd4d | 265 | size_t len; |
28ab64af JM |
266 | u8 *pos; |
267 | int res; | |
268 | ||
885bbd4d | 269 | mgmt = os_zalloc(sizeof(*mgmt)); |
28ab64af JM |
270 | if (mgmt == NULL) |
271 | return -1; | |
272 | os_memcpy(mgmt->da, addr, ETH_ALEN); | |
273 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
274 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
275 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
276 | WLAN_FC_STYPE_ACTION); | |
277 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
278 | mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ; | |
279 | mgmt->u.action.u.bss_tm_req.dialog_token = dialog_token; | |
280 | mgmt->u.action.u.bss_tm_req.req_mode = 0; | |
281 | mgmt->u.action.u.bss_tm_req.disassoc_timer = host_to_le16(0); | |
282 | mgmt->u.action.u.bss_tm_req.validity_interval = 1; | |
283 | pos = mgmt->u.action.u.bss_tm_req.variable; | |
28ab64af JM |
284 | |
285 | wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to " | |
286 | MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u " | |
287 | "validity_interval=%u", | |
288 | MAC2STR(addr), dialog_token, | |
289 | mgmt->u.action.u.bss_tm_req.req_mode, | |
290 | le_to_host16(mgmt->u.action.u.bss_tm_req.disassoc_timer), | |
291 | mgmt->u.action.u.bss_tm_req.validity_interval); | |
292 | ||
293 | len = pos - &mgmt->u.action.category; | |
294 | res = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, | |
295 | mgmt->da, &mgmt->u.action.category, len); | |
296 | os_free(mgmt); | |
297 | return res; | |
298 | } | |
299 | ||
300 | ||
301 | static void ieee802_11_rx_bss_trans_mgmt_query(struct hostapd_data *hapd, | |
302 | const u8 *addr, const u8 *frm, | |
303 | size_t len) | |
304 | { | |
305 | u8 dialog_token, reason; | |
306 | const u8 *pos, *end; | |
3d0fb955 JM |
307 | int enabled = hapd->conf->bss_transition; |
308 | ||
309 | #ifdef CONFIG_MBO | |
310 | if (hapd->conf->mbo_enabled) | |
311 | enabled = 1; | |
312 | #endif /* CONFIG_MBO */ | |
313 | if (!enabled) { | |
314 | wpa_printf(MSG_DEBUG, | |
315 | "Ignore BSS Transition Management Query from " | |
316 | MACSTR | |
317 | " since BSS Transition Management is disabled", | |
318 | MAC2STR(addr)); | |
319 | return; | |
320 | } | |
28ab64af JM |
321 | |
322 | if (len < 2) { | |
323 | wpa_printf(MSG_DEBUG, "WNM: Ignore too short BSS Transition Management Query from " | |
324 | MACSTR, MAC2STR(addr)); | |
325 | return; | |
326 | } | |
327 | ||
328 | pos = frm; | |
329 | end = pos + len; | |
330 | dialog_token = *pos++; | |
331 | reason = *pos++; | |
332 | ||
333 | wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management Query from " | |
334 | MACSTR " dialog_token=%u reason=%u", | |
335 | MAC2STR(addr), dialog_token, reason); | |
336 | ||
337 | wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries", | |
338 | pos, end - pos); | |
339 | ||
885bbd4d | 340 | ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token); |
28ab64af JM |
341 | } |
342 | ||
343 | ||
d58c3bd8 RM |
344 | void ap_sta_reset_steer_flag_timer(void *eloop_ctx, void *timeout_ctx) |
345 | { | |
346 | struct hostapd_data *hapd = eloop_ctx; | |
347 | struct sta_info *sta = timeout_ctx; | |
348 | ||
349 | if (sta->agreed_to_steer) { | |
350 | wpa_printf(MSG_DEBUG, "%s: Reset steering flag for STA " MACSTR, | |
351 | hapd->conf->iface, MAC2STR(sta->addr)); | |
352 | sta->agreed_to_steer = 0; | |
353 | } | |
354 | } | |
355 | ||
356 | ||
28ab64af JM |
357 | static void ieee802_11_rx_bss_trans_mgmt_resp(struct hostapd_data *hapd, |
358 | const u8 *addr, const u8 *frm, | |
359 | size_t len) | |
360 | { | |
361 | u8 dialog_token, status_code, bss_termination_delay; | |
362 | const u8 *pos, *end; | |
3d0fb955 | 363 | int enabled = hapd->conf->bss_transition; |
d58c3bd8 | 364 | struct sta_info *sta; |
3d0fb955 JM |
365 | |
366 | #ifdef CONFIG_MBO | |
367 | if (hapd->conf->mbo_enabled) | |
368 | enabled = 1; | |
369 | #endif /* CONFIG_MBO */ | |
370 | if (!enabled) { | |
371 | wpa_printf(MSG_DEBUG, | |
372 | "Ignore BSS Transition Management Response from " | |
373 | MACSTR | |
374 | " since BSS Transition Management is disabled", | |
375 | MAC2STR(addr)); | |
376 | return; | |
377 | } | |
28ab64af JM |
378 | |
379 | if (len < 3) { | |
380 | wpa_printf(MSG_DEBUG, "WNM: Ignore too short BSS Transition Management Response from " | |
381 | MACSTR, MAC2STR(addr)); | |
382 | return; | |
383 | } | |
384 | ||
385 | pos = frm; | |
386 | end = pos + len; | |
387 | dialog_token = *pos++; | |
388 | status_code = *pos++; | |
389 | bss_termination_delay = *pos++; | |
390 | ||
391 | wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management Response from " | |
392 | MACSTR " dialog_token=%u status_code=%u " | |
393 | "bss_termination_delay=%u", MAC2STR(addr), dialog_token, | |
394 | status_code, bss_termination_delay); | |
395 | ||
d58c3bd8 RM |
396 | sta = ap_get_sta(hapd, addr); |
397 | if (!sta) { | |
398 | wpa_printf(MSG_DEBUG, "Station " MACSTR | |
399 | " not found for received BSS TM Response", | |
400 | MAC2STR(addr)); | |
401 | return; | |
402 | } | |
403 | ||
28ab64af JM |
404 | if (status_code == WNM_BSS_TM_ACCEPT) { |
405 | if (end - pos < ETH_ALEN) { | |
406 | wpa_printf(MSG_DEBUG, "WNM: not enough room for Target BSSID field"); | |
407 | return; | |
408 | } | |
d58c3bd8 RM |
409 | sta->agreed_to_steer = 1; |
410 | eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta); | |
411 | eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer, | |
412 | hapd, sta); | |
28ab64af JM |
413 | wpa_printf(MSG_DEBUG, "WNM: Target BSSID: " MACSTR, |
414 | MAC2STR(pos)); | |
53514800 JM |
415 | wpa_msg(hapd->msg_ctx, MSG_INFO, BSS_TM_RESP MACSTR |
416 | " status_code=%u bss_termination_delay=%u target_bssid=" | |
417 | MACSTR, | |
418 | MAC2STR(addr), status_code, bss_termination_delay, | |
419 | MAC2STR(pos)); | |
28ab64af | 420 | pos += ETH_ALEN; |
53514800 | 421 | } else { |
d58c3bd8 | 422 | sta->agreed_to_steer = 0; |
53514800 JM |
423 | wpa_msg(hapd->msg_ctx, MSG_INFO, BSS_TM_RESP MACSTR |
424 | " status_code=%u bss_termination_delay=%u", | |
425 | MAC2STR(addr), status_code, bss_termination_delay); | |
28ab64af JM |
426 | } |
427 | ||
428 | wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries", | |
429 | pos, end - pos); | |
430 | } | |
431 | ||
432 | ||
f3cb7a69 JM |
433 | static void ieee802_11_rx_wnm_notification_req(struct hostapd_data *hapd, |
434 | const u8 *addr, const u8 *buf, | |
435 | size_t len) | |
436 | { | |
437 | u8 dialog_token, type; | |
438 | ||
439 | if (len < 2) | |
440 | return; | |
441 | dialog_token = *buf++; | |
442 | type = *buf++; | |
443 | len -= 2; | |
444 | ||
445 | wpa_printf(MSG_DEBUG, | |
446 | "WNM: Received WNM Notification Request frame from " | |
447 | MACSTR " (dialog_token=%u type=%u)", | |
448 | MAC2STR(addr), dialog_token, type); | |
449 | wpa_hexdump(MSG_MSGDUMP, "WNM: Notification Request subelements", | |
450 | buf, len); | |
8dd49f0c JM |
451 | if (type == WLAN_EID_VENDOR_SPECIFIC) |
452 | mbo_ap_wnm_notification_req(hapd, addr, buf, len); | |
f3cb7a69 JM |
453 | } |
454 | ||
455 | ||
d514b502 JM |
456 | static void ieee802_11_rx_wnm_coloc_intf_report(struct hostapd_data *hapd, |
457 | const u8 *addr, const u8 *buf, | |
458 | size_t len) | |
459 | { | |
460 | u8 dialog_token; | |
461 | char *hex; | |
462 | size_t hex_len; | |
463 | ||
464 | if (!hapd->conf->coloc_intf_reporting) { | |
465 | wpa_printf(MSG_DEBUG, | |
466 | "WNM: Ignore unexpected Collocated Interference Report from " | |
467 | MACSTR, MAC2STR(addr)); | |
468 | return; | |
469 | } | |
470 | ||
471 | if (len < 1) { | |
472 | wpa_printf(MSG_DEBUG, | |
473 | "WNM: Ignore too short Collocated Interference Report from " | |
474 | MACSTR, MAC2STR(addr)); | |
475 | return; | |
476 | } | |
477 | dialog_token = *buf++; | |
478 | len--; | |
479 | ||
480 | wpa_printf(MSG_DEBUG, | |
481 | "WNM: Received Collocated Interference Report frame from " | |
482 | MACSTR " (dialog_token=%u)", | |
483 | MAC2STR(addr), dialog_token); | |
484 | wpa_hexdump(MSG_MSGDUMP, "WNM: Collocated Interference Report Elements", | |
485 | buf, len); | |
486 | ||
487 | hex_len = 2 * len + 1; | |
488 | hex = os_malloc(hex_len); | |
489 | if (!hex) | |
490 | return; | |
491 | wpa_snprintf_hex(hex, hex_len, buf, len); | |
492 | wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, COLOC_INTF_REPORT MACSTR " %d %s", | |
493 | MAC2STR(addr), dialog_token, hex); | |
494 | os_free(hex); | |
495 | } | |
496 | ||
497 | ||
c79938a5 | 498 | int ieee802_11_rx_wnm_action_ap(struct hostapd_data *hapd, |
dbfb8e82 | 499 | const struct ieee80211_mgmt *mgmt, size_t len) |
d32d94db | 500 | { |
dbfb8e82 JM |
501 | u8 action; |
502 | const u8 *payload; | |
503 | size_t plen; | |
504 | ||
505 | if (len < IEEE80211_HDRLEN + 2) | |
c79938a5 | 506 | return -1; |
d32d94db | 507 | |
da995b2e | 508 | payload = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 1; |
dbfb8e82 | 509 | action = *payload++; |
da995b2e | 510 | plen = len - IEEE80211_HDRLEN - 2; |
dbfb8e82 JM |
511 | |
512 | switch (action) { | |
2049a875 | 513 | case WNM_BSS_TRANS_MGMT_QUERY: |
dbfb8e82 JM |
514 | ieee802_11_rx_bss_trans_mgmt_query(hapd, mgmt->sa, payload, |
515 | plen); | |
28ab64af | 516 | return 0; |
2049a875 | 517 | case WNM_BSS_TRANS_MGMT_RESP: |
dbfb8e82 JM |
518 | ieee802_11_rx_bss_trans_mgmt_resp(hapd, mgmt->sa, payload, |
519 | plen); | |
28ab64af | 520 | return 0; |
d32d94db | 521 | case WNM_SLEEP_MODE_REQ: |
dbfb8e82 | 522 | ieee802_11_rx_wnmsleep_req(hapd, mgmt->sa, payload, plen); |
c79938a5 | 523 | return 0; |
f3cb7a69 JM |
524 | case WNM_NOTIFICATION_REQ: |
525 | ieee802_11_rx_wnm_notification_req(hapd, mgmt->sa, payload, | |
526 | plen); | |
527 | return 0; | |
d514b502 JM |
528 | case WNM_COLLOCATED_INTERFERENCE_REPORT: |
529 | ieee802_11_rx_wnm_coloc_intf_report(hapd, mgmt->sa, payload, | |
530 | plen); | |
531 | return 0; | |
d32d94db | 532 | } |
c79938a5 JM |
533 | |
534 | wpa_printf(MSG_DEBUG, "WNM: Unsupported WNM Action %u from " MACSTR, | |
dbfb8e82 | 535 | action, MAC2STR(mgmt->sa)); |
c79938a5 | 536 | return -1; |
d32d94db | 537 | } |
2025cad9 JM |
538 | |
539 | ||
8d321a7d JM |
540 | int wnm_send_disassoc_imminent(struct hostapd_data *hapd, |
541 | struct sta_info *sta, int disassoc_timer) | |
542 | { | |
543 | u8 buf[1000], *pos; | |
544 | struct ieee80211_mgmt *mgmt; | |
545 | ||
546 | os_memset(buf, 0, sizeof(buf)); | |
547 | mgmt = (struct ieee80211_mgmt *) buf; | |
548 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
549 | WLAN_FC_STYPE_ACTION); | |
550 | os_memcpy(mgmt->da, sta->addr, ETH_ALEN); | |
551 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
552 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
553 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
554 | mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ; | |
555 | mgmt->u.action.u.bss_tm_req.dialog_token = 1; | |
556 | mgmt->u.action.u.bss_tm_req.req_mode = | |
557 | WNM_BSS_TM_REQ_DISASSOC_IMMINENT; | |
558 | mgmt->u.action.u.bss_tm_req.disassoc_timer = | |
559 | host_to_le16(disassoc_timer); | |
560 | mgmt->u.action.u.bss_tm_req.validity_interval = 0; | |
561 | ||
562 | pos = mgmt->u.action.u.bss_tm_req.variable; | |
563 | ||
564 | wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request frame to indicate imminent disassociation (disassoc_timer=%d) to " | |
565 | MACSTR, disassoc_timer, MAC2STR(sta->addr)); | |
566 | if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0) < 0) { | |
567 | wpa_printf(MSG_DEBUG, "Failed to send BSS Transition " | |
568 | "Management Request frame"); | |
569 | return -1; | |
570 | } | |
571 | ||
572 | return 0; | |
573 | } | |
574 | ||
575 | ||
a30dff07 JM |
576 | static void set_disassoc_timer(struct hostapd_data *hapd, struct sta_info *sta, |
577 | int disassoc_timer) | |
578 | { | |
579 | int timeout, beacon_int; | |
580 | ||
581 | /* | |
582 | * Prevent STA from reconnecting using cached PMKSA to force | |
583 | * full authentication with the authentication server (which may | |
584 | * decide to reject the connection), | |
585 | */ | |
586 | wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); | |
587 | ||
588 | beacon_int = hapd->iconf->beacon_int; | |
589 | if (beacon_int < 1) | |
590 | beacon_int = 100; /* best guess */ | |
591 | /* Calculate timeout in ms based on beacon_int in TU */ | |
592 | timeout = disassoc_timer * beacon_int * 128 / 125; | |
593 | wpa_printf(MSG_DEBUG, "Disassociation timer for " MACSTR | |
594 | " set to %d ms", MAC2STR(sta->addr), timeout); | |
595 | ||
596 | sta->timeout_next = STA_DISASSOC_FROM_CLI; | |
597 | eloop_cancel_timeout(ap_handle_timer, hapd, sta); | |
598 | eloop_register_timeout(timeout / 1000, | |
599 | timeout % 1000 * 1000, | |
600 | ap_handle_timer, hapd, sta); | |
601 | } | |
602 | ||
603 | ||
2025cad9 JM |
604 | int wnm_send_ess_disassoc_imminent(struct hostapd_data *hapd, |
605 | struct sta_info *sta, const char *url, | |
606 | int disassoc_timer) | |
607 | { | |
608 | u8 buf[1000], *pos; | |
609 | struct ieee80211_mgmt *mgmt; | |
610 | size_t url_len; | |
611 | ||
612 | os_memset(buf, 0, sizeof(buf)); | |
613 | mgmt = (struct ieee80211_mgmt *) buf; | |
614 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
615 | WLAN_FC_STYPE_ACTION); | |
616 | os_memcpy(mgmt->da, sta->addr, ETH_ALEN); | |
617 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
618 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
619 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
620 | mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ; | |
621 | mgmt->u.action.u.bss_tm_req.dialog_token = 1; | |
622 | mgmt->u.action.u.bss_tm_req.req_mode = | |
623 | WNM_BSS_TM_REQ_DISASSOC_IMMINENT | | |
624 | WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT; | |
625 | mgmt->u.action.u.bss_tm_req.disassoc_timer = | |
626 | host_to_le16(disassoc_timer); | |
627 | mgmt->u.action.u.bss_tm_req.validity_interval = 0x01; | |
628 | ||
629 | pos = mgmt->u.action.u.bss_tm_req.variable; | |
630 | ||
631 | /* Session Information URL */ | |
632 | url_len = os_strlen(url); | |
633 | if (url_len > 255) | |
634 | return -1; | |
635 | *pos++ = url_len; | |
636 | os_memcpy(pos, url, url_len); | |
637 | pos += url_len; | |
638 | ||
639 | if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0) < 0) { | |
640 | wpa_printf(MSG_DEBUG, "Failed to send BSS Transition " | |
641 | "Management Request frame"); | |
642 | return -1; | |
643 | } | |
644 | ||
2025cad9 | 645 | if (disassoc_timer) { |
a30dff07 JM |
646 | /* send disassociation frame after time-out */ |
647 | set_disassoc_timer(hapd, sta, disassoc_timer); | |
648 | } | |
2025cad9 | 649 | |
a30dff07 JM |
650 | return 0; |
651 | } | |
652 | ||
653 | ||
654 | int wnm_send_bss_tm_req(struct hostapd_data *hapd, struct sta_info *sta, | |
655 | u8 req_mode, int disassoc_timer, u8 valid_int, | |
656 | const u8 *bss_term_dur, const char *url, | |
c0e2a172 AS |
657 | const u8 *nei_rep, size_t nei_rep_len, |
658 | const u8 *mbo_attrs, size_t mbo_len) | |
a30dff07 JM |
659 | { |
660 | u8 *buf, *pos; | |
661 | struct ieee80211_mgmt *mgmt; | |
662 | size_t url_len; | |
663 | ||
664 | wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to " | |
665 | MACSTR " req_mode=0x%x disassoc_timer=%d valid_int=0x%x", | |
666 | MAC2STR(sta->addr), req_mode, disassoc_timer, valid_int); | |
c0e2a172 | 667 | buf = os_zalloc(1000 + nei_rep_len + mbo_len); |
a30dff07 JM |
668 | if (buf == NULL) |
669 | return -1; | |
670 | mgmt = (struct ieee80211_mgmt *) buf; | |
671 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
672 | WLAN_FC_STYPE_ACTION); | |
673 | os_memcpy(mgmt->da, sta->addr, ETH_ALEN); | |
674 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
675 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
676 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
677 | mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ; | |
678 | mgmt->u.action.u.bss_tm_req.dialog_token = 1; | |
679 | mgmt->u.action.u.bss_tm_req.req_mode = req_mode; | |
680 | mgmt->u.action.u.bss_tm_req.disassoc_timer = | |
681 | host_to_le16(disassoc_timer); | |
682 | mgmt->u.action.u.bss_tm_req.validity_interval = valid_int; | |
683 | ||
684 | pos = mgmt->u.action.u.bss_tm_req.variable; | |
685 | ||
686 | if ((req_mode & WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED) && | |
687 | bss_term_dur) { | |
688 | os_memcpy(pos, bss_term_dur, 12); | |
689 | pos += 12; | |
690 | } | |
691 | ||
692 | if (url) { | |
693 | /* Session Information URL */ | |
694 | url_len = os_strlen(url); | |
b62b0cb7 HD |
695 | if (url_len > 255) { |
696 | os_free(buf); | |
a30dff07 | 697 | return -1; |
b62b0cb7 HD |
698 | } |
699 | ||
a30dff07 JM |
700 | *pos++ = url_len; |
701 | os_memcpy(pos, url, url_len); | |
702 | pos += url_len; | |
703 | } | |
704 | ||
705 | if (nei_rep) { | |
706 | os_memcpy(pos, nei_rep, nei_rep_len); | |
707 | pos += nei_rep_len; | |
708 | } | |
709 | ||
c0e2a172 AS |
710 | if (mbo_len > 0) { |
711 | pos += mbo_add_ie(pos, buf + sizeof(buf) - pos, mbo_attrs, | |
712 | mbo_len); | |
713 | } | |
714 | ||
a30dff07 JM |
715 | if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0) < 0) { |
716 | wpa_printf(MSG_DEBUG, | |
717 | "Failed to send BSS Transition Management Request frame"); | |
718 | os_free(buf); | |
719 | return -1; | |
720 | } | |
721 | os_free(buf); | |
722 | ||
723 | if (disassoc_timer) { | |
724 | /* send disassociation frame after time-out */ | |
725 | set_disassoc_timer(hapd, sta, disassoc_timer); | |
2025cad9 JM |
726 | } |
727 | ||
728 | return 0; | |
729 | } | |
d514b502 JM |
730 | |
731 | ||
732 | int wnm_send_coloc_intf_req(struct hostapd_data *hapd, struct sta_info *sta, | |
733 | unsigned int auto_report, unsigned int timeout) | |
734 | { | |
735 | u8 buf[100], *pos; | |
736 | struct ieee80211_mgmt *mgmt; | |
737 | u8 dialog_token = 1; | |
738 | ||
739 | if (auto_report > 3 || timeout > 63) | |
740 | return -1; | |
741 | os_memset(buf, 0, sizeof(buf)); | |
742 | mgmt = (struct ieee80211_mgmt *) buf; | |
743 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
744 | WLAN_FC_STYPE_ACTION); | |
745 | os_memcpy(mgmt->da, sta->addr, ETH_ALEN); | |
746 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
747 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
748 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
749 | mgmt->u.action.u.coloc_intf_req.action = | |
750 | WNM_COLLOCATED_INTERFERENCE_REQ; | |
751 | mgmt->u.action.u.coloc_intf_req.dialog_token = dialog_token; | |
752 | mgmt->u.action.u.coloc_intf_req.req_info = auto_report | (timeout << 2); | |
753 | pos = &mgmt->u.action.u.coloc_intf_req.req_info; | |
754 | pos++; | |
755 | ||
756 | wpa_printf(MSG_DEBUG, "WNM: Sending Collocated Interference Request to " | |
757 | MACSTR " (dialog_token=%u auto_report=%u timeout=%u)", | |
758 | MAC2STR(sta->addr), dialog_token, auto_report, timeout); | |
759 | if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0) < 0) { | |
760 | wpa_printf(MSG_DEBUG, | |
761 | "WNM: Failed to send Collocated Interference Request frame"); | |
762 | return -1; | |
763 | } | |
764 | ||
765 | return 0; | |
766 | } |