]>
Commit | Line | Data |
---|---|---|
d32d94db XC |
1 | /* |
2 | * hostapd - WNM | |
a30dff07 | 3 | * Copyright (c) 2011-2014, Qualcomm Atheros, Inc. |
d32d94db XC |
4 | * |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
2025cad9 | 12 | #include "utils/eloop.h" |
d32d94db | 13 | #include "common/ieee802_11_defs.h" |
53514800 | 14 | #include "common/wpa_ctrl.h" |
fa979812 | 15 | #include "common/ocv.h" |
d32d94db XC |
16 | #include "ap/hostapd.h" |
17 | #include "ap/sta_info.h" | |
18 | #include "ap/ap_config.h" | |
19 | #include "ap/ap_drv_ops.h" | |
20 | #include "ap/wpa_auth.h" | |
8dd49f0c | 21 | #include "mbo_ap.h" |
d32d94db XC |
22 | #include "wnm_ap.h" |
23 | ||
24 | #define MAX_TFS_IE_LEN 1024 | |
25 | ||
d32d94db XC |
26 | |
27 | /* get the TFS IE from driver */ | |
28 | static int ieee80211_11_get_tfs_ie(struct hostapd_data *hapd, const u8 *addr, | |
29 | u8 *buf, u16 *buf_len, enum wnm_oper oper) | |
30 | { | |
31 | wpa_printf(MSG_DEBUG, "%s: TFS get operation %d", __func__, oper); | |
32 | ||
33 | return hostapd_drv_wnm_oper(hapd, oper, addr, buf, buf_len); | |
34 | } | |
35 | ||
36 | ||
37 | /* set the TFS IE to driver */ | |
38 | static int ieee80211_11_set_tfs_ie(struct hostapd_data *hapd, const u8 *addr, | |
39 | u8 *buf, u16 *buf_len, enum wnm_oper oper) | |
40 | { | |
41 | wpa_printf(MSG_DEBUG, "%s: TFS set operation %d", __func__, oper); | |
42 | ||
43 | return hostapd_drv_wnm_oper(hapd, oper, addr, buf, buf_len); | |
44 | } | |
45 | ||
46 | ||
47 | /* MLME-SLEEPMODE.response */ | |
48 | static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd, | |
49 | const u8 *addr, u8 dialog_token, | |
50 | u8 action_type, u16 intval) | |
51 | { | |
52 | struct ieee80211_mgmt *mgmt; | |
53 | int res; | |
54 | size_t len; | |
55 | size_t gtk_elem_len = 0; | |
56 | size_t igtk_elem_len = 0; | |
57 | struct wnm_sleep_element wnmsleep_ie; | |
fa979812 MV |
58 | u8 *wnmtfs_ie, *oci_ie; |
59 | u8 wnmsleep_ie_len, oci_ie_len; | |
d32d94db XC |
60 | u16 wnmtfs_ie_len; |
61 | u8 *pos; | |
62 | struct sta_info *sta; | |
615a5d55 JM |
63 | enum wnm_oper tfs_oper = action_type == WNM_SLEEP_MODE_ENTER ? |
64 | WNM_SLEEP_TFS_RESP_IE_ADD : WNM_SLEEP_TFS_RESP_IE_NONE; | |
d32d94db XC |
65 | |
66 | sta = ap_get_sta(hapd, addr); | |
67 | if (sta == NULL) { | |
68 | wpa_printf(MSG_DEBUG, "%s: station not found", __func__); | |
69 | return -EINVAL; | |
70 | } | |
71 | ||
72 | /* WNM-Sleep Mode IE */ | |
73 | os_memset(&wnmsleep_ie, 0, sizeof(struct wnm_sleep_element)); | |
74 | wnmsleep_ie_len = sizeof(struct wnm_sleep_element); | |
75 | wnmsleep_ie.eid = WLAN_EID_WNMSLEEP; | |
76 | wnmsleep_ie.len = wnmsleep_ie_len - 2; | |
77 | wnmsleep_ie.action_type = action_type; | |
78 | wnmsleep_ie.status = WNM_STATUS_SLEEP_ACCEPT; | |
5ace51a4 | 79 | wnmsleep_ie.intval = host_to_le16(intval); |
d32d94db XC |
80 | |
81 | /* TFS IE(s) */ | |
82 | wnmtfs_ie = os_zalloc(MAX_TFS_IE_LEN); | |
83 | if (wnmtfs_ie == NULL) | |
84 | return -1; | |
85 | if (ieee80211_11_get_tfs_ie(hapd, addr, wnmtfs_ie, &wnmtfs_ie_len, | |
86 | tfs_oper)) { | |
87 | wnmtfs_ie_len = 0; | |
88 | os_free(wnmtfs_ie); | |
89 | wnmtfs_ie = NULL; | |
90 | } | |
91 | ||
fa979812 MV |
92 | oci_ie = NULL; |
93 | oci_ie_len = 0; | |
94 | #ifdef CONFIG_OCV | |
95 | if (action_type == WNM_SLEEP_MODE_EXIT && | |
96 | wpa_auth_uses_ocv(sta->wpa_sm)) { | |
97 | struct wpa_channel_info ci; | |
98 | ||
99 | if (hostapd_drv_channel_info(hapd, &ci) != 0) { | |
100 | wpa_printf(MSG_WARNING, | |
101 | "Failed to get channel info for OCI element in WNM-Sleep Mode frame"); | |
102 | os_free(wnmtfs_ie); | |
103 | return -1; | |
104 | } | |
105 | ||
106 | oci_ie_len = OCV_OCI_EXTENDED_LEN; | |
107 | oci_ie = os_zalloc(oci_ie_len); | |
108 | if (!oci_ie) { | |
109 | wpa_printf(MSG_WARNING, | |
110 | "Failed to allocate buffer for OCI element in WNM-Sleep Mode frame"); | |
111 | os_free(wnmtfs_ie); | |
112 | return -1; | |
113 | } | |
114 | ||
115 | if (ocv_insert_extended_oci(&ci, oci_ie) < 0) { | |
116 | os_free(wnmtfs_ie); | |
117 | os_free(oci_ie); | |
118 | return -1; | |
119 | } | |
120 | } | |
121 | #endif /* CONFIG_OCV */ | |
122 | ||
d32d94db XC |
123 | #define MAX_GTK_SUBELEM_LEN 45 |
124 | #define MAX_IGTK_SUBELEM_LEN 26 | |
125 | mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len + | |
fa979812 MV |
126 | MAX_GTK_SUBELEM_LEN + MAX_IGTK_SUBELEM_LEN + |
127 | oci_ie_len); | |
d32d94db XC |
128 | if (mgmt == NULL) { |
129 | wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for " | |
130 | "WNM-Sleep Response action frame"); | |
e7ddd86a JM |
131 | res = -1; |
132 | goto fail; | |
d32d94db XC |
133 | } |
134 | os_memcpy(mgmt->da, addr, ETH_ALEN); | |
135 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
136 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
137 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
138 | WLAN_FC_STYPE_ACTION); | |
139 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
140 | mgmt->u.action.u.wnm_sleep_resp.action = WNM_SLEEP_MODE_RESP; | |
141 | mgmt->u.action.u.wnm_sleep_resp.dialogtoken = dialog_token; | |
142 | pos = (u8 *)mgmt->u.action.u.wnm_sleep_resp.variable; | |
143 | /* add key data if MFP is enabled */ | |
4da10640 | 144 | if (!wpa_auth_uses_mfp(sta->wpa_sm) || |
348c9384 | 145 | hapd->conf->wnm_sleep_mode_no_keys || |
615a5d55 | 146 | action_type != WNM_SLEEP_MODE_EXIT) { |
d32d94db XC |
147 | mgmt->u.action.u.wnm_sleep_resp.keydata_len = 0; |
148 | } else { | |
149 | gtk_elem_len = wpa_wnmsleep_gtk_subelem(sta->wpa_sm, pos); | |
150 | pos += gtk_elem_len; | |
151 | wpa_printf(MSG_DEBUG, "Pass 4, gtk_len = %d", | |
152 | (int) gtk_elem_len); | |
d32d94db | 153 | res = wpa_wnmsleep_igtk_subelem(sta->wpa_sm, pos); |
e7ddd86a JM |
154 | if (res < 0) |
155 | goto fail; | |
d32d94db XC |
156 | igtk_elem_len = res; |
157 | pos += igtk_elem_len; | |
158 | wpa_printf(MSG_DEBUG, "Pass 4 igtk_len = %d", | |
159 | (int) igtk_elem_len); | |
d32d94db XC |
160 | |
161 | WPA_PUT_LE16((u8 *) | |
162 | &mgmt->u.action.u.wnm_sleep_resp.keydata_len, | |
163 | gtk_elem_len + igtk_elem_len); | |
164 | } | |
165 | os_memcpy(pos, &wnmsleep_ie, wnmsleep_ie_len); | |
166 | /* copy TFS IE here */ | |
167 | pos += wnmsleep_ie_len; | |
fa979812 | 168 | if (wnmtfs_ie) { |
a8e93a1a | 169 | os_memcpy(pos, wnmtfs_ie, wnmtfs_ie_len); |
fa979812 MV |
170 | pos += wnmtfs_ie_len; |
171 | } | |
172 | #ifdef CONFIG_OCV | |
173 | /* copy OCV OCI here */ | |
174 | if (oci_ie_len > 0) | |
175 | os_memcpy(pos, oci_ie, oci_ie_len); | |
176 | #endif /* CONFIG_OCV */ | |
d32d94db XC |
177 | |
178 | len = 1 + sizeof(mgmt->u.action.u.wnm_sleep_resp) + gtk_elem_len + | |
fa979812 | 179 | igtk_elem_len + wnmsleep_ie_len + wnmtfs_ie_len + oci_ie_len; |
d32d94db XC |
180 | |
181 | /* In driver, response frame should be forced to sent when STA is in | |
182 | * PS mode */ | |
183 | res = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, | |
184 | mgmt->da, &mgmt->u.action.category, len); | |
185 | ||
186 | if (!res) { | |
187 | wpa_printf(MSG_DEBUG, "Successfully send WNM-Sleep Response " | |
188 | "frame"); | |
189 | ||
190 | /* when entering wnmsleep | |
191 | * 1. pause the node in driver | |
192 | * 2. mark the node so that AP won't update GTK/IGTK during | |
193 | * WNM Sleep | |
194 | */ | |
195 | if (wnmsleep_ie.status == WNM_STATUS_SLEEP_ACCEPT && | |
615a5d55 | 196 | wnmsleep_ie.action_type == WNM_SLEEP_MODE_ENTER) { |
3578e665 | 197 | sta->flags |= WLAN_STA_WNM_SLEEP_MODE; |
d32d94db XC |
198 | hostapd_drv_wnm_oper(hapd, WNM_SLEEP_ENTER_CONFIRM, |
199 | addr, NULL, NULL); | |
200 | wpa_set_wnmsleep(sta->wpa_sm, 1); | |
201 | } | |
202 | /* when exiting wnmsleep | |
203 | * 1. unmark the node | |
204 | * 2. start GTK/IGTK update if MFP is not used | |
205 | * 3. unpause the node in driver | |
206 | */ | |
4da10640 JM |
207 | if ((wnmsleep_ie.status == WNM_STATUS_SLEEP_ACCEPT || |
208 | wnmsleep_ie.status == | |
209 | WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) && | |
615a5d55 | 210 | wnmsleep_ie.action_type == WNM_SLEEP_MODE_EXIT) { |
3578e665 | 211 | sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE; |
d32d94db XC |
212 | wpa_set_wnmsleep(sta->wpa_sm, 0); |
213 | hostapd_drv_wnm_oper(hapd, WNM_SLEEP_EXIT_CONFIRM, | |
214 | addr, NULL, NULL); | |
348c9384 JM |
215 | if (!wpa_auth_uses_mfp(sta->wpa_sm) || |
216 | hapd->conf->wnm_sleep_mode_no_keys) | |
d32d94db XC |
217 | wpa_wnmsleep_rekey_gtk(sta->wpa_sm); |
218 | } | |
219 | } else | |
220 | wpa_printf(MSG_DEBUG, "Fail to send WNM-Sleep Response frame"); | |
221 | ||
222 | #undef MAX_GTK_SUBELEM_LEN | |
223 | #undef MAX_IGTK_SUBELEM_LEN | |
e7ddd86a | 224 | fail: |
d32d94db | 225 | os_free(wnmtfs_ie); |
fa979812 | 226 | os_free(oci_ie); |
d32d94db XC |
227 | os_free(mgmt); |
228 | return res; | |
229 | } | |
230 | ||
231 | ||
232 | static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd, | |
233 | const u8 *addr, const u8 *frm, int len) | |
234 | { | |
c79938a5 JM |
235 | /* Dialog Token [1] | WNM-Sleep Mode IE | TFS Response IE */ |
236 | const u8 *pos = frm; | |
237 | u8 dialog_token; | |
d32d94db XC |
238 | struct wnm_sleep_element *wnmsleep_ie = NULL; |
239 | /* multiple TFS Req IE (assuming consecutive) */ | |
240 | u8 *tfsreq_ie_start = NULL; | |
241 | u8 *tfsreq_ie_end = NULL; | |
242 | u16 tfsreq_ie_len = 0; | |
fa979812 MV |
243 | #ifdef CONFIG_OCV |
244 | struct sta_info *sta; | |
245 | const u8 *oci_ie = NULL; | |
246 | u8 oci_ie_len = 0; | |
247 | #endif /* CONFIG_OCV */ | |
d32d94db | 248 | |
114f2830 JM |
249 | if (!hapd->conf->wnm_sleep_mode) { |
250 | wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from " | |
251 | MACSTR " since WNM-Sleep Mode is disabled", | |
252 | MAC2STR(addr)); | |
253 | return; | |
254 | } | |
255 | ||
e34cd9f0 JM |
256 | if (len < 1) { |
257 | wpa_printf(MSG_DEBUG, | |
258 | "WNM: Ignore too short WNM-Sleep Mode Request from " | |
259 | MACSTR, MAC2STR(addr)); | |
260 | return; | |
261 | } | |
262 | ||
c79938a5 JM |
263 | dialog_token = *pos++; |
264 | while (pos + 1 < frm + len) { | |
265 | u8 ie_len = pos[1]; | |
266 | if (pos + 2 + ie_len > frm + len) | |
267 | break; | |
d6d5970e JM |
268 | if (*pos == WLAN_EID_WNMSLEEP && |
269 | ie_len >= (int) sizeof(*wnmsleep_ie) - 2) | |
c79938a5 | 270 | wnmsleep_ie = (struct wnm_sleep_element *) pos; |
d32d94db XC |
271 | else if (*pos == WLAN_EID_TFS_REQ) { |
272 | if (!tfsreq_ie_start) | |
c79938a5 JM |
273 | tfsreq_ie_start = (u8 *) pos; |
274 | tfsreq_ie_end = (u8 *) pos; | |
fa979812 MV |
275 | #ifdef CONFIG_OCV |
276 | } else if (*pos == WLAN_EID_EXTENSION && ie_len >= 1 && | |
277 | pos[2] == WLAN_EID_EXT_OCV_OCI) { | |
278 | oci_ie = pos + 3; | |
279 | oci_ie_len = ie_len - 1; | |
280 | #endif /* CONFIG_OCV */ | |
d32d94db | 281 | } else |
c79938a5 JM |
282 | wpa_printf(MSG_DEBUG, "WNM: EID %d not recognized", |
283 | *pos); | |
d32d94db XC |
284 | pos += ie_len + 2; |
285 | } | |
286 | ||
287 | if (!wnmsleep_ie) { | |
288 | wpa_printf(MSG_DEBUG, "No WNM-Sleep IE found"); | |
289 | return; | |
290 | } | |
291 | ||
fa979812 MV |
292 | #ifdef CONFIG_OCV |
293 | sta = ap_get_sta(hapd, addr); | |
294 | if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT && | |
295 | sta && wpa_auth_uses_ocv(sta->wpa_sm)) { | |
296 | struct wpa_channel_info ci; | |
297 | ||
298 | if (hostapd_drv_channel_info(hapd, &ci) != 0) { | |
299 | wpa_printf(MSG_WARNING, | |
300 | "Failed to get channel info to validate received OCI in WNM-Sleep Mode frame"); | |
301 | return; | |
302 | } | |
303 | ||
304 | if (ocv_verify_tx_params(oci_ie, oci_ie_len, &ci, | |
305 | channel_width_to_int(ci.chanwidth), | |
306 | ci.seg1_idx) != 0) { | |
307 | wpa_msg(hapd, MSG_WARNING, "WNM: %s", ocv_errorstr); | |
308 | return; | |
309 | } | |
310 | } | |
311 | #endif /* CONFIG_OCV */ | |
312 | ||
615a5d55 JM |
313 | if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER && |
314 | tfsreq_ie_start && tfsreq_ie_end && | |
315 | tfsreq_ie_end - tfsreq_ie_start >= 0) { | |
d32d94db XC |
316 | tfsreq_ie_len = (tfsreq_ie_end + tfsreq_ie_end[1] + 2) - |
317 | tfsreq_ie_start; | |
318 | wpa_printf(MSG_DEBUG, "TFS Req IE(s) found"); | |
319 | /* pass the TFS Req IE(s) to driver for processing */ | |
320 | if (ieee80211_11_set_tfs_ie(hapd, addr, tfsreq_ie_start, | |
321 | &tfsreq_ie_len, | |
322 | WNM_SLEEP_TFS_REQ_IE_SET)) | |
323 | wpa_printf(MSG_DEBUG, "Fail to set TFS Req IE"); | |
324 | } | |
325 | ||
326 | ieee802_11_send_wnmsleep_resp(hapd, addr, dialog_token, | |
327 | wnmsleep_ie->action_type, | |
5ace51a4 | 328 | le_to_host16(wnmsleep_ie->intval)); |
d32d94db | 329 | |
615a5d55 | 330 | if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT) { |
d32d94db XC |
331 | /* clear the tfs after sending the resp frame */ |
332 | ieee80211_11_set_tfs_ie(hapd, addr, tfsreq_ie_start, | |
333 | &tfsreq_ie_len, WNM_SLEEP_TFS_IE_DEL); | |
334 | } | |
335 | } | |
336 | ||
337 | ||
28ab64af JM |
338 | static int ieee802_11_send_bss_trans_mgmt_request(struct hostapd_data *hapd, |
339 | const u8 *addr, | |
885bbd4d | 340 | u8 dialog_token) |
28ab64af JM |
341 | { |
342 | struct ieee80211_mgmt *mgmt; | |
885bbd4d | 343 | size_t len; |
28ab64af JM |
344 | u8 *pos; |
345 | int res; | |
346 | ||
885bbd4d | 347 | mgmt = os_zalloc(sizeof(*mgmt)); |
28ab64af JM |
348 | if (mgmt == NULL) |
349 | return -1; | |
350 | os_memcpy(mgmt->da, addr, ETH_ALEN); | |
351 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
352 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
353 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
354 | WLAN_FC_STYPE_ACTION); | |
355 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
356 | mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ; | |
357 | mgmt->u.action.u.bss_tm_req.dialog_token = dialog_token; | |
358 | mgmt->u.action.u.bss_tm_req.req_mode = 0; | |
359 | mgmt->u.action.u.bss_tm_req.disassoc_timer = host_to_le16(0); | |
360 | mgmt->u.action.u.bss_tm_req.validity_interval = 1; | |
361 | pos = mgmt->u.action.u.bss_tm_req.variable; | |
28ab64af JM |
362 | |
363 | wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to " | |
364 | MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u " | |
365 | "validity_interval=%u", | |
366 | MAC2STR(addr), dialog_token, | |
367 | mgmt->u.action.u.bss_tm_req.req_mode, | |
368 | le_to_host16(mgmt->u.action.u.bss_tm_req.disassoc_timer), | |
369 | mgmt->u.action.u.bss_tm_req.validity_interval); | |
370 | ||
371 | len = pos - &mgmt->u.action.category; | |
372 | res = hostapd_drv_send_action(hapd, hapd->iface->freq, 0, | |
373 | mgmt->da, &mgmt->u.action.category, len); | |
374 | os_free(mgmt); | |
375 | return res; | |
376 | } | |
377 | ||
378 | ||
379 | static void ieee802_11_rx_bss_trans_mgmt_query(struct hostapd_data *hapd, | |
380 | const u8 *addr, const u8 *frm, | |
381 | size_t len) | |
382 | { | |
383 | u8 dialog_token, reason; | |
384 | const u8 *pos, *end; | |
3d0fb955 JM |
385 | int enabled = hapd->conf->bss_transition; |
386 | ||
387 | #ifdef CONFIG_MBO | |
388 | if (hapd->conf->mbo_enabled) | |
389 | enabled = 1; | |
390 | #endif /* CONFIG_MBO */ | |
391 | if (!enabled) { | |
392 | wpa_printf(MSG_DEBUG, | |
393 | "Ignore BSS Transition Management Query from " | |
394 | MACSTR | |
395 | " since BSS Transition Management is disabled", | |
396 | MAC2STR(addr)); | |
397 | return; | |
398 | } | |
28ab64af JM |
399 | |
400 | if (len < 2) { | |
401 | wpa_printf(MSG_DEBUG, "WNM: Ignore too short BSS Transition Management Query from " | |
402 | MACSTR, MAC2STR(addr)); | |
403 | return; | |
404 | } | |
405 | ||
406 | pos = frm; | |
407 | end = pos + len; | |
408 | dialog_token = *pos++; | |
409 | reason = *pos++; | |
410 | ||
411 | wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management Query from " | |
412 | MACSTR " dialog_token=%u reason=%u", | |
413 | MAC2STR(addr), dialog_token, reason); | |
414 | ||
415 | wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries", | |
416 | pos, end - pos); | |
417 | ||
885bbd4d | 418 | ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token); |
28ab64af JM |
419 | } |
420 | ||
421 | ||
d58c3bd8 RM |
422 | void ap_sta_reset_steer_flag_timer(void *eloop_ctx, void *timeout_ctx) |
423 | { | |
424 | struct hostapd_data *hapd = eloop_ctx; | |
425 | struct sta_info *sta = timeout_ctx; | |
426 | ||
427 | if (sta->agreed_to_steer) { | |
428 | wpa_printf(MSG_DEBUG, "%s: Reset steering flag for STA " MACSTR, | |
429 | hapd->conf->iface, MAC2STR(sta->addr)); | |
430 | sta->agreed_to_steer = 0; | |
431 | } | |
432 | } | |
433 | ||
434 | ||
28ab64af JM |
435 | static void ieee802_11_rx_bss_trans_mgmt_resp(struct hostapd_data *hapd, |
436 | const u8 *addr, const u8 *frm, | |
437 | size_t len) | |
438 | { | |
439 | u8 dialog_token, status_code, bss_termination_delay; | |
440 | const u8 *pos, *end; | |
3d0fb955 | 441 | int enabled = hapd->conf->bss_transition; |
d58c3bd8 | 442 | struct sta_info *sta; |
3d0fb955 JM |
443 | |
444 | #ifdef CONFIG_MBO | |
445 | if (hapd->conf->mbo_enabled) | |
446 | enabled = 1; | |
447 | #endif /* CONFIG_MBO */ | |
448 | if (!enabled) { | |
449 | wpa_printf(MSG_DEBUG, | |
450 | "Ignore BSS Transition Management Response from " | |
451 | MACSTR | |
452 | " since BSS Transition Management is disabled", | |
453 | MAC2STR(addr)); | |
454 | return; | |
455 | } | |
28ab64af JM |
456 | |
457 | if (len < 3) { | |
458 | wpa_printf(MSG_DEBUG, "WNM: Ignore too short BSS Transition Management Response from " | |
459 | MACSTR, MAC2STR(addr)); | |
460 | return; | |
461 | } | |
462 | ||
463 | pos = frm; | |
464 | end = pos + len; | |
465 | dialog_token = *pos++; | |
466 | status_code = *pos++; | |
467 | bss_termination_delay = *pos++; | |
468 | ||
469 | wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management Response from " | |
470 | MACSTR " dialog_token=%u status_code=%u " | |
471 | "bss_termination_delay=%u", MAC2STR(addr), dialog_token, | |
472 | status_code, bss_termination_delay); | |
473 | ||
d58c3bd8 RM |
474 | sta = ap_get_sta(hapd, addr); |
475 | if (!sta) { | |
476 | wpa_printf(MSG_DEBUG, "Station " MACSTR | |
477 | " not found for received BSS TM Response", | |
478 | MAC2STR(addr)); | |
479 | return; | |
480 | } | |
481 | ||
28ab64af JM |
482 | if (status_code == WNM_BSS_TM_ACCEPT) { |
483 | if (end - pos < ETH_ALEN) { | |
484 | wpa_printf(MSG_DEBUG, "WNM: not enough room for Target BSSID field"); | |
485 | return; | |
486 | } | |
d58c3bd8 RM |
487 | sta->agreed_to_steer = 1; |
488 | eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta); | |
489 | eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer, | |
490 | hapd, sta); | |
28ab64af JM |
491 | wpa_printf(MSG_DEBUG, "WNM: Target BSSID: " MACSTR, |
492 | MAC2STR(pos)); | |
53514800 JM |
493 | wpa_msg(hapd->msg_ctx, MSG_INFO, BSS_TM_RESP MACSTR |
494 | " status_code=%u bss_termination_delay=%u target_bssid=" | |
495 | MACSTR, | |
496 | MAC2STR(addr), status_code, bss_termination_delay, | |
497 | MAC2STR(pos)); | |
28ab64af | 498 | pos += ETH_ALEN; |
53514800 | 499 | } else { |
d58c3bd8 | 500 | sta->agreed_to_steer = 0; |
53514800 JM |
501 | wpa_msg(hapd->msg_ctx, MSG_INFO, BSS_TM_RESP MACSTR |
502 | " status_code=%u bss_termination_delay=%u", | |
503 | MAC2STR(addr), status_code, bss_termination_delay); | |
28ab64af JM |
504 | } |
505 | ||
506 | wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries", | |
507 | pos, end - pos); | |
508 | } | |
509 | ||
510 | ||
f3cb7a69 JM |
511 | static void ieee802_11_rx_wnm_notification_req(struct hostapd_data *hapd, |
512 | const u8 *addr, const u8 *buf, | |
513 | size_t len) | |
514 | { | |
515 | u8 dialog_token, type; | |
516 | ||
517 | if (len < 2) | |
518 | return; | |
519 | dialog_token = *buf++; | |
520 | type = *buf++; | |
521 | len -= 2; | |
522 | ||
523 | wpa_printf(MSG_DEBUG, | |
524 | "WNM: Received WNM Notification Request frame from " | |
525 | MACSTR " (dialog_token=%u type=%u)", | |
526 | MAC2STR(addr), dialog_token, type); | |
527 | wpa_hexdump(MSG_MSGDUMP, "WNM: Notification Request subelements", | |
528 | buf, len); | |
8dd49f0c JM |
529 | if (type == WLAN_EID_VENDOR_SPECIFIC) |
530 | mbo_ap_wnm_notification_req(hapd, addr, buf, len); | |
f3cb7a69 JM |
531 | } |
532 | ||
533 | ||
d514b502 JM |
534 | static void ieee802_11_rx_wnm_coloc_intf_report(struct hostapd_data *hapd, |
535 | const u8 *addr, const u8 *buf, | |
536 | size_t len) | |
537 | { | |
538 | u8 dialog_token; | |
539 | char *hex; | |
540 | size_t hex_len; | |
541 | ||
542 | if (!hapd->conf->coloc_intf_reporting) { | |
543 | wpa_printf(MSG_DEBUG, | |
544 | "WNM: Ignore unexpected Collocated Interference Report from " | |
545 | MACSTR, MAC2STR(addr)); | |
546 | return; | |
547 | } | |
548 | ||
549 | if (len < 1) { | |
550 | wpa_printf(MSG_DEBUG, | |
551 | "WNM: Ignore too short Collocated Interference Report from " | |
552 | MACSTR, MAC2STR(addr)); | |
553 | return; | |
554 | } | |
555 | dialog_token = *buf++; | |
556 | len--; | |
557 | ||
558 | wpa_printf(MSG_DEBUG, | |
559 | "WNM: Received Collocated Interference Report frame from " | |
560 | MACSTR " (dialog_token=%u)", | |
561 | MAC2STR(addr), dialog_token); | |
562 | wpa_hexdump(MSG_MSGDUMP, "WNM: Collocated Interference Report Elements", | |
563 | buf, len); | |
564 | ||
565 | hex_len = 2 * len + 1; | |
566 | hex = os_malloc(hex_len); | |
567 | if (!hex) | |
568 | return; | |
569 | wpa_snprintf_hex(hex, hex_len, buf, len); | |
570 | wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, COLOC_INTF_REPORT MACSTR " %d %s", | |
571 | MAC2STR(addr), dialog_token, hex); | |
572 | os_free(hex); | |
573 | } | |
574 | ||
575 | ||
c79938a5 | 576 | int ieee802_11_rx_wnm_action_ap(struct hostapd_data *hapd, |
dbfb8e82 | 577 | const struct ieee80211_mgmt *mgmt, size_t len) |
d32d94db | 578 | { |
dbfb8e82 JM |
579 | u8 action; |
580 | const u8 *payload; | |
581 | size_t plen; | |
582 | ||
583 | if (len < IEEE80211_HDRLEN + 2) | |
c79938a5 | 584 | return -1; |
d32d94db | 585 | |
da995b2e | 586 | payload = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 1; |
dbfb8e82 | 587 | action = *payload++; |
da995b2e | 588 | plen = len - IEEE80211_HDRLEN - 2; |
dbfb8e82 JM |
589 | |
590 | switch (action) { | |
2049a875 | 591 | case WNM_BSS_TRANS_MGMT_QUERY: |
dbfb8e82 JM |
592 | ieee802_11_rx_bss_trans_mgmt_query(hapd, mgmt->sa, payload, |
593 | plen); | |
28ab64af | 594 | return 0; |
2049a875 | 595 | case WNM_BSS_TRANS_MGMT_RESP: |
dbfb8e82 JM |
596 | ieee802_11_rx_bss_trans_mgmt_resp(hapd, mgmt->sa, payload, |
597 | plen); | |
28ab64af | 598 | return 0; |
d32d94db | 599 | case WNM_SLEEP_MODE_REQ: |
dbfb8e82 | 600 | ieee802_11_rx_wnmsleep_req(hapd, mgmt->sa, payload, plen); |
c79938a5 | 601 | return 0; |
f3cb7a69 JM |
602 | case WNM_NOTIFICATION_REQ: |
603 | ieee802_11_rx_wnm_notification_req(hapd, mgmt->sa, payload, | |
604 | plen); | |
605 | return 0; | |
d514b502 JM |
606 | case WNM_COLLOCATED_INTERFERENCE_REPORT: |
607 | ieee802_11_rx_wnm_coloc_intf_report(hapd, mgmt->sa, payload, | |
608 | plen); | |
609 | return 0; | |
d32d94db | 610 | } |
c79938a5 JM |
611 | |
612 | wpa_printf(MSG_DEBUG, "WNM: Unsupported WNM Action %u from " MACSTR, | |
dbfb8e82 | 613 | action, MAC2STR(mgmt->sa)); |
c79938a5 | 614 | return -1; |
d32d94db | 615 | } |
2025cad9 JM |
616 | |
617 | ||
8d321a7d JM |
618 | int wnm_send_disassoc_imminent(struct hostapd_data *hapd, |
619 | struct sta_info *sta, int disassoc_timer) | |
620 | { | |
621 | u8 buf[1000], *pos; | |
622 | struct ieee80211_mgmt *mgmt; | |
623 | ||
624 | os_memset(buf, 0, sizeof(buf)); | |
625 | mgmt = (struct ieee80211_mgmt *) buf; | |
626 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
627 | WLAN_FC_STYPE_ACTION); | |
628 | os_memcpy(mgmt->da, sta->addr, ETH_ALEN); | |
629 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
630 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
631 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
632 | mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ; | |
633 | mgmt->u.action.u.bss_tm_req.dialog_token = 1; | |
634 | mgmt->u.action.u.bss_tm_req.req_mode = | |
635 | WNM_BSS_TM_REQ_DISASSOC_IMMINENT; | |
636 | mgmt->u.action.u.bss_tm_req.disassoc_timer = | |
637 | host_to_le16(disassoc_timer); | |
638 | mgmt->u.action.u.bss_tm_req.validity_interval = 0; | |
639 | ||
640 | pos = mgmt->u.action.u.bss_tm_req.variable; | |
641 | ||
642 | wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request frame to indicate imminent disassociation (disassoc_timer=%d) to " | |
643 | MACSTR, disassoc_timer, MAC2STR(sta->addr)); | |
37100274 | 644 | if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) { |
8d321a7d JM |
645 | wpa_printf(MSG_DEBUG, "Failed to send BSS Transition " |
646 | "Management Request frame"); | |
647 | return -1; | |
648 | } | |
649 | ||
650 | return 0; | |
651 | } | |
652 | ||
653 | ||
a30dff07 JM |
654 | static void set_disassoc_timer(struct hostapd_data *hapd, struct sta_info *sta, |
655 | int disassoc_timer) | |
656 | { | |
657 | int timeout, beacon_int; | |
658 | ||
659 | /* | |
660 | * Prevent STA from reconnecting using cached PMKSA to force | |
661 | * full authentication with the authentication server (which may | |
662 | * decide to reject the connection), | |
663 | */ | |
664 | wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); | |
665 | ||
666 | beacon_int = hapd->iconf->beacon_int; | |
667 | if (beacon_int < 1) | |
668 | beacon_int = 100; /* best guess */ | |
669 | /* Calculate timeout in ms based on beacon_int in TU */ | |
670 | timeout = disassoc_timer * beacon_int * 128 / 125; | |
671 | wpa_printf(MSG_DEBUG, "Disassociation timer for " MACSTR | |
672 | " set to %d ms", MAC2STR(sta->addr), timeout); | |
673 | ||
674 | sta->timeout_next = STA_DISASSOC_FROM_CLI; | |
675 | eloop_cancel_timeout(ap_handle_timer, hapd, sta); | |
676 | eloop_register_timeout(timeout / 1000, | |
677 | timeout % 1000 * 1000, | |
678 | ap_handle_timer, hapd, sta); | |
679 | } | |
680 | ||
681 | ||
2025cad9 JM |
682 | int wnm_send_ess_disassoc_imminent(struct hostapd_data *hapd, |
683 | struct sta_info *sta, const char *url, | |
684 | int disassoc_timer) | |
685 | { | |
686 | u8 buf[1000], *pos; | |
687 | struct ieee80211_mgmt *mgmt; | |
688 | size_t url_len; | |
689 | ||
690 | os_memset(buf, 0, sizeof(buf)); | |
691 | mgmt = (struct ieee80211_mgmt *) buf; | |
692 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
693 | WLAN_FC_STYPE_ACTION); | |
694 | os_memcpy(mgmt->da, sta->addr, ETH_ALEN); | |
695 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
696 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
697 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
698 | mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ; | |
699 | mgmt->u.action.u.bss_tm_req.dialog_token = 1; | |
700 | mgmt->u.action.u.bss_tm_req.req_mode = | |
701 | WNM_BSS_TM_REQ_DISASSOC_IMMINENT | | |
702 | WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT; | |
703 | mgmt->u.action.u.bss_tm_req.disassoc_timer = | |
704 | host_to_le16(disassoc_timer); | |
705 | mgmt->u.action.u.bss_tm_req.validity_interval = 0x01; | |
706 | ||
707 | pos = mgmt->u.action.u.bss_tm_req.variable; | |
708 | ||
709 | /* Session Information URL */ | |
710 | url_len = os_strlen(url); | |
711 | if (url_len > 255) | |
712 | return -1; | |
713 | *pos++ = url_len; | |
714 | os_memcpy(pos, url, url_len); | |
715 | pos += url_len; | |
716 | ||
37100274 | 717 | if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) { |
2025cad9 JM |
718 | wpa_printf(MSG_DEBUG, "Failed to send BSS Transition " |
719 | "Management Request frame"); | |
720 | return -1; | |
721 | } | |
722 | ||
2025cad9 | 723 | if (disassoc_timer) { |
a30dff07 JM |
724 | /* send disassociation frame after time-out */ |
725 | set_disassoc_timer(hapd, sta, disassoc_timer); | |
726 | } | |
2025cad9 | 727 | |
a30dff07 JM |
728 | return 0; |
729 | } | |
730 | ||
731 | ||
732 | int wnm_send_bss_tm_req(struct hostapd_data *hapd, struct sta_info *sta, | |
733 | u8 req_mode, int disassoc_timer, u8 valid_int, | |
734 | const u8 *bss_term_dur, const char *url, | |
c0e2a172 AS |
735 | const u8 *nei_rep, size_t nei_rep_len, |
736 | const u8 *mbo_attrs, size_t mbo_len) | |
a30dff07 JM |
737 | { |
738 | u8 *buf, *pos; | |
739 | struct ieee80211_mgmt *mgmt; | |
740 | size_t url_len; | |
741 | ||
742 | wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to " | |
743 | MACSTR " req_mode=0x%x disassoc_timer=%d valid_int=0x%x", | |
744 | MAC2STR(sta->addr), req_mode, disassoc_timer, valid_int); | |
c0e2a172 | 745 | buf = os_zalloc(1000 + nei_rep_len + mbo_len); |
a30dff07 JM |
746 | if (buf == NULL) |
747 | return -1; | |
748 | mgmt = (struct ieee80211_mgmt *) buf; | |
749 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
750 | WLAN_FC_STYPE_ACTION); | |
751 | os_memcpy(mgmt->da, sta->addr, ETH_ALEN); | |
752 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
753 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
754 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
755 | mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ; | |
756 | mgmt->u.action.u.bss_tm_req.dialog_token = 1; | |
757 | mgmt->u.action.u.bss_tm_req.req_mode = req_mode; | |
758 | mgmt->u.action.u.bss_tm_req.disassoc_timer = | |
759 | host_to_le16(disassoc_timer); | |
760 | mgmt->u.action.u.bss_tm_req.validity_interval = valid_int; | |
761 | ||
762 | pos = mgmt->u.action.u.bss_tm_req.variable; | |
763 | ||
764 | if ((req_mode & WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED) && | |
765 | bss_term_dur) { | |
766 | os_memcpy(pos, bss_term_dur, 12); | |
767 | pos += 12; | |
768 | } | |
769 | ||
770 | if (url) { | |
771 | /* Session Information URL */ | |
772 | url_len = os_strlen(url); | |
b62b0cb7 HD |
773 | if (url_len > 255) { |
774 | os_free(buf); | |
a30dff07 | 775 | return -1; |
b62b0cb7 HD |
776 | } |
777 | ||
a30dff07 JM |
778 | *pos++ = url_len; |
779 | os_memcpy(pos, url, url_len); | |
780 | pos += url_len; | |
781 | } | |
782 | ||
783 | if (nei_rep) { | |
784 | os_memcpy(pos, nei_rep, nei_rep_len); | |
785 | pos += nei_rep_len; | |
786 | } | |
787 | ||
c0e2a172 AS |
788 | if (mbo_len > 0) { |
789 | pos += mbo_add_ie(pos, buf + sizeof(buf) - pos, mbo_attrs, | |
790 | mbo_len); | |
791 | } | |
792 | ||
37100274 | 793 | if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) { |
a30dff07 JM |
794 | wpa_printf(MSG_DEBUG, |
795 | "Failed to send BSS Transition Management Request frame"); | |
796 | os_free(buf); | |
797 | return -1; | |
798 | } | |
799 | os_free(buf); | |
800 | ||
801 | if (disassoc_timer) { | |
802 | /* send disassociation frame after time-out */ | |
803 | set_disassoc_timer(hapd, sta, disassoc_timer); | |
2025cad9 JM |
804 | } |
805 | ||
806 | return 0; | |
807 | } | |
d514b502 JM |
808 | |
809 | ||
810 | int wnm_send_coloc_intf_req(struct hostapd_data *hapd, struct sta_info *sta, | |
811 | unsigned int auto_report, unsigned int timeout) | |
812 | { | |
813 | u8 buf[100], *pos; | |
814 | struct ieee80211_mgmt *mgmt; | |
815 | u8 dialog_token = 1; | |
816 | ||
817 | if (auto_report > 3 || timeout > 63) | |
818 | return -1; | |
819 | os_memset(buf, 0, sizeof(buf)); | |
820 | mgmt = (struct ieee80211_mgmt *) buf; | |
821 | mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
822 | WLAN_FC_STYPE_ACTION); | |
823 | os_memcpy(mgmt->da, sta->addr, ETH_ALEN); | |
824 | os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); | |
825 | os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); | |
826 | mgmt->u.action.category = WLAN_ACTION_WNM; | |
827 | mgmt->u.action.u.coloc_intf_req.action = | |
828 | WNM_COLLOCATED_INTERFERENCE_REQ; | |
829 | mgmt->u.action.u.coloc_intf_req.dialog_token = dialog_token; | |
830 | mgmt->u.action.u.coloc_intf_req.req_info = auto_report | (timeout << 2); | |
831 | pos = &mgmt->u.action.u.coloc_intf_req.req_info; | |
832 | pos++; | |
833 | ||
834 | wpa_printf(MSG_DEBUG, "WNM: Sending Collocated Interference Request to " | |
835 | MACSTR " (dialog_token=%u auto_report=%u timeout=%u)", | |
836 | MAC2STR(sta->addr), dialog_token, auto_report, timeout); | |
37100274 | 837 | if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) { |
d514b502 JM |
838 | wpa_printf(MSG_DEBUG, |
839 | "WNM: Failed to send Collocated Interference Request frame"); | |
840 | return -1; | |
841 | } | |
842 | ||
843 | return 0; | |
844 | } |