]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wnm_ap.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SAE: A bit optimized sae_confirm_immediate=2 for testing purposes
[thirdparty/hostap.git] / src / ap / wnm_ap.c
CommitLineData
d32d94db
XC		 1/*
2 * hostapd - WNM
a30dff07 3 * Copyright (c) 2011-2014, Qualcomm Atheros, Inc.
d32d94db
XC		 4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
2025cad9 12#include "utils/eloop.h"
d32d94db 13#include "common/ieee802_11_defs.h"
53514800 14#include "common/wpa_ctrl.h"
fa979812 15#include "common/ocv.h"
d32d94db
XC		 16#include "ap/hostapd.h"
17#include "ap/sta_info.h"
18#include "ap/ap_config.h"
19#include "ap/ap_drv_ops.h"
20#include "ap/wpa_auth.h"
8dd49f0c 21#include "mbo_ap.h"
d32d94db
XC		 22#include "wnm_ap.h"
23
24#define MAX_TFS_IE_LEN 1024
25
d32d94db
XC		 26
27/* get the TFS IE from driver */
28static int ieee80211_11_get_tfs_ie(struct hostapd_data *hapd, const u8 *addr,
29 u8 *buf, u16 *buf_len, enum wnm_oper oper)
30{
31 wpa_printf(MSG_DEBUG, "%s: TFS get operation %d", __func__, oper);
32
33 return hostapd_drv_wnm_oper(hapd, oper, addr, buf, buf_len);
34}
35
36
37/* set the TFS IE to driver */
38static int ieee80211_11_set_tfs_ie(struct hostapd_data *hapd, const u8 *addr,
39 u8 *buf, u16 *buf_len, enum wnm_oper oper)
40{
41 wpa_printf(MSG_DEBUG, "%s: TFS set operation %d", __func__, oper);
42
43 return hostapd_drv_wnm_oper(hapd, oper, addr, buf, buf_len);
44}
45
46
47/* MLME-SLEEPMODE.response */
48static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd,
49 const u8 *addr, u8 dialog_token,
50 u8 action_type, u16 intval)
51{
52 struct ieee80211_mgmt *mgmt;
53 int res;
54 size_t len;
55 size_t gtk_elem_len = 0;
56 size_t igtk_elem_len = 0;
57 struct wnm_sleep_element wnmsleep_ie;
fa979812
MV		 58 u8 *wnmtfs_ie, *oci_ie;
59 u8 wnmsleep_ie_len, oci_ie_len;
d32d94db
XC		 60 u16 wnmtfs_ie_len;
61 u8 *pos;
62 struct sta_info *sta;
615a5d55
JM		 63 enum wnm_oper tfs_oper = action_type == WNM_SLEEP_MODE_ENTER ?
64 WNM_SLEEP_TFS_RESP_IE_ADD : WNM_SLEEP_TFS_RESP_IE_NONE;
d32d94db
XC		 65
66 sta = ap_get_sta(hapd, addr);
67 if (sta == NULL) {
68 wpa_printf(MSG_DEBUG, "%s: station not found", __func__);
69 return -EINVAL;
70 }
71
72 /* WNM-Sleep Mode IE */
73 os_memset(&wnmsleep_ie, 0, sizeof(struct wnm_sleep_element));
74 wnmsleep_ie_len = sizeof(struct wnm_sleep_element);
75 wnmsleep_ie.eid = WLAN_EID_WNMSLEEP;
76 wnmsleep_ie.len = wnmsleep_ie_len - 2;
77 wnmsleep_ie.action_type = action_type;
78 wnmsleep_ie.status = WNM_STATUS_SLEEP_ACCEPT;
5ace51a4 79 wnmsleep_ie.intval = host_to_le16(intval);
d32d94db
XC		 80
81 /* TFS IE(s) */
82 wnmtfs_ie = os_zalloc(MAX_TFS_IE_LEN);
83 if (wnmtfs_ie == NULL)
84 return -1;
85 if (ieee80211_11_get_tfs_ie(hapd, addr, wnmtfs_ie, &wnmtfs_ie_len,
86 tfs_oper)) {
87 wnmtfs_ie_len = 0;
88 os_free(wnmtfs_ie);
89 wnmtfs_ie = NULL;
90 }
91
fa979812
MV		 92 oci_ie = NULL;
93 oci_ie_len = 0;
94#ifdef CONFIG_OCV
95 if (action_type == WNM_SLEEP_MODE_EXIT &&
96 wpa_auth_uses_ocv(sta->wpa_sm)) {
97 struct wpa_channel_info ci;
98
99 if (hostapd_drv_channel_info(hapd, &ci) != 0) {
100 wpa_printf(MSG_WARNING,
101 "Failed to get channel info for OCI element in WNM-Sleep Mode frame");
102 os_free(wnmtfs_ie);
103 return -1;
104 }
105
106 oci_ie_len = OCV_OCI_EXTENDED_LEN;
107 oci_ie = os_zalloc(oci_ie_len);
108 if (!oci_ie) {
109 wpa_printf(MSG_WARNING,
110 "Failed to allocate buffer for OCI element in WNM-Sleep Mode frame");
111 os_free(wnmtfs_ie);
112 return -1;
113 }
114
115 if (ocv_insert_extended_oci(&ci, oci_ie) < 0) {
116 os_free(wnmtfs_ie);
117 os_free(oci_ie);
118 return -1;
119 }
120 }
121#endif /* CONFIG_OCV */
122
d32d94db
XC		 123#define MAX_GTK_SUBELEM_LEN 45
124#define MAX_IGTK_SUBELEM_LEN 26
125 mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len +
fa979812
MV		 126 MAX_GTK_SUBELEM_LEN + MAX_IGTK_SUBELEM_LEN +
127 oci_ie_len);
d32d94db
XC		 128 if (mgmt == NULL) {
129 wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for "
130 "WNM-Sleep Response action frame");
e7ddd86a
JM		 131 res = -1;
132 goto fail;
d32d94db
XC		 133 }
134 os_memcpy(mgmt->da, addr, ETH_ALEN);
135 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
136 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
137 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
138 WLAN_FC_STYPE_ACTION);
139 mgmt->u.action.category = WLAN_ACTION_WNM;
140 mgmt->u.action.u.wnm_sleep_resp.action = WNM_SLEEP_MODE_RESP;
141 mgmt->u.action.u.wnm_sleep_resp.dialogtoken = dialog_token;
142 pos = (u8 *)mgmt->u.action.u.wnm_sleep_resp.variable;
143 /* add key data if MFP is enabled */
4da10640 144 if (!wpa_auth_uses_mfp(sta->wpa_sm) ||
348c9384 145 hapd->conf->wnm_sleep_mode_no_keys ||
615a5d55 146 action_type != WNM_SLEEP_MODE_EXIT) {
d32d94db
XC		 147 mgmt->u.action.u.wnm_sleep_resp.keydata_len = 0;
148 } else {
149 gtk_elem_len = wpa_wnmsleep_gtk_subelem(sta->wpa_sm, pos);
150 pos += gtk_elem_len;
151 wpa_printf(MSG_DEBUG, "Pass 4, gtk_len = %d",
152 (int) gtk_elem_len);
d32d94db 153 res = wpa_wnmsleep_igtk_subelem(sta->wpa_sm, pos);
e7ddd86a
JM		 154 if (res < 0)
155 goto fail;
d32d94db
XC		 156 igtk_elem_len = res;
157 pos += igtk_elem_len;
158 wpa_printf(MSG_DEBUG, "Pass 4 igtk_len = %d",
159 (int) igtk_elem_len);
d32d94db
XC		 160
161 WPA_PUT_LE16((u8 *)
162 &mgmt->u.action.u.wnm_sleep_resp.keydata_len,
163 gtk_elem_len + igtk_elem_len);
164 }
165 os_memcpy(pos, &wnmsleep_ie, wnmsleep_ie_len);
166 /* copy TFS IE here */
167 pos += wnmsleep_ie_len;
fa979812 168 if (wnmtfs_ie) {
a8e93a1a 169 os_memcpy(pos, wnmtfs_ie, wnmtfs_ie_len);
fa979812
MV		 170 pos += wnmtfs_ie_len;
171 }
172#ifdef CONFIG_OCV
173 /* copy OCV OCI here */
174 if (oci_ie_len > 0)
175 os_memcpy(pos, oci_ie, oci_ie_len);
176#endif /* CONFIG_OCV */
d32d94db
XC		 177
178 len = 1 + sizeof(mgmt->u.action.u.wnm_sleep_resp) + gtk_elem_len +
fa979812 179 igtk_elem_len + wnmsleep_ie_len + wnmtfs_ie_len + oci_ie_len;
d32d94db
XC		 180
181 /* In driver, response frame should be forced to sent when STA is in
182 * PS mode */
183 res = hostapd_drv_send_action(hapd, hapd->iface->freq, 0,
184 mgmt->da, &mgmt->u.action.category, len);
185
186 if (!res) {
187 wpa_printf(MSG_DEBUG, "Successfully send WNM-Sleep Response "
188 "frame");
189
190 /* when entering wnmsleep
191 * 1. pause the node in driver
192 * 2. mark the node so that AP won't update GTK/IGTK during
193 * WNM Sleep
194 */
195 if (wnmsleep_ie.status == WNM_STATUS_SLEEP_ACCEPT &&
615a5d55 196 wnmsleep_ie.action_type == WNM_SLEEP_MODE_ENTER) {
3578e665 197 sta->flags |= WLAN_STA_WNM_SLEEP_MODE;
d32d94db
XC		 198 hostapd_drv_wnm_oper(hapd, WNM_SLEEP_ENTER_CONFIRM,
199 addr, NULL, NULL);
200 wpa_set_wnmsleep(sta->wpa_sm, 1);
201 }
202 /* when exiting wnmsleep
203 * 1. unmark the node
204 * 2. start GTK/IGTK update if MFP is not used
205 * 3. unpause the node in driver
206 */
4da10640
JM		 207 if ((wnmsleep_ie.status == WNM_STATUS_SLEEP_ACCEPT ||
208 wnmsleep_ie.status ==
209 WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) &&
615a5d55 210 wnmsleep_ie.action_type == WNM_SLEEP_MODE_EXIT) {
3578e665 211 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
d32d94db
XC		 212 wpa_set_wnmsleep(sta->wpa_sm, 0);
213 hostapd_drv_wnm_oper(hapd, WNM_SLEEP_EXIT_CONFIRM,
214 addr, NULL, NULL);
348c9384
JM		 215 if (!wpa_auth_uses_mfp(sta->wpa_sm) ||
216 hapd->conf->wnm_sleep_mode_no_keys)
d32d94db
XC		 217 wpa_wnmsleep_rekey_gtk(sta->wpa_sm);
218 }
219 } else
220 wpa_printf(MSG_DEBUG, "Fail to send WNM-Sleep Response frame");
221
222#undef MAX_GTK_SUBELEM_LEN
223#undef MAX_IGTK_SUBELEM_LEN
e7ddd86a 224fail:
d32d94db 225 os_free(wnmtfs_ie);
fa979812 226 os_free(oci_ie);
d32d94db
XC		 227 os_free(mgmt);
228 return res;
229}
230
231
232static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd,
233 const u8 *addr, const u8 *frm, int len)
234{
c79938a5
JM		 235 /* Dialog Token [1] | WNM-Sleep Mode IE | TFS Response IE */
236 const u8 *pos = frm;
237 u8 dialog_token;
d32d94db
XC		 238 struct wnm_sleep_element *wnmsleep_ie = NULL;
239 /* multiple TFS Req IE (assuming consecutive) */
240 u8 *tfsreq_ie_start = NULL;
241 u8 *tfsreq_ie_end = NULL;
242 u16 tfsreq_ie_len = 0;
fa979812
MV		 243#ifdef CONFIG_OCV
244 struct sta_info *sta;
245 const u8 *oci_ie = NULL;
246 u8 oci_ie_len = 0;
247#endif /* CONFIG_OCV */
d32d94db 248
114f2830
JM		 249 if (!hapd->conf->wnm_sleep_mode) {
250 wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from "
251 MACSTR " since WNM-Sleep Mode is disabled",
252 MAC2STR(addr));
253 return;
254 }
255
e34cd9f0
JM		 256 if (len < 1) {
257 wpa_printf(MSG_DEBUG,
258 "WNM: Ignore too short WNM-Sleep Mode Request from "
259 MACSTR, MAC2STR(addr));
260 return;
261 }
262
c79938a5
JM		 263 dialog_token = *pos++;
264 while (pos + 1 < frm + len) {
265 u8 ie_len = pos[1];
266 if (pos + 2 + ie_len > frm + len)
267 break;
d6d5970e
JM		 268 if (*pos == WLAN_EID_WNMSLEEP &&
269 ie_len >= (int) sizeof(*wnmsleep_ie) - 2)
c79938a5 270 wnmsleep_ie = (struct wnm_sleep_element *) pos;
d32d94db
XC		 271 else if (*pos == WLAN_EID_TFS_REQ) {
272 if (!tfsreq_ie_start)
c79938a5
JM		 273 tfsreq_ie_start = (u8 *) pos;
274 tfsreq_ie_end = (u8 *) pos;
fa979812
MV		 275#ifdef CONFIG_OCV
276 } else if (*pos == WLAN_EID_EXTENSION && ie_len >= 1 &&
277 pos[2] == WLAN_EID_EXT_OCV_OCI) {
278 oci_ie = pos + 3;
279 oci_ie_len = ie_len - 1;
280#endif /* CONFIG_OCV */
d32d94db 281 } else
c79938a5
JM		 282 wpa_printf(MSG_DEBUG, "WNM: EID %d not recognized",
283 *pos);
d32d94db
XC		 284 pos += ie_len + 2;
285 }
286
287 if (!wnmsleep_ie) {
288 wpa_printf(MSG_DEBUG, "No WNM-Sleep IE found");
289 return;
290 }
291
fa979812
MV		 292#ifdef CONFIG_OCV
293 sta = ap_get_sta(hapd, addr);
294 if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT &&
295 sta && wpa_auth_uses_ocv(sta->wpa_sm)) {
296 struct wpa_channel_info ci;
297
298 if (hostapd_drv_channel_info(hapd, &ci) != 0) {
299 wpa_printf(MSG_WARNING,
300 "Failed to get channel info to validate received OCI in WNM-Sleep Mode frame");
301 return;
302 }
303
304 if (ocv_verify_tx_params(oci_ie, oci_ie_len, &ci,
305 channel_width_to_int(ci.chanwidth),
306 ci.seg1_idx) != 0) {
307 wpa_msg(hapd, MSG_WARNING, "WNM: %s", ocv_errorstr);
308 return;
309 }
310 }
311#endif /* CONFIG_OCV */
312
615a5d55
JM		 313 if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER &&
314 tfsreq_ie_start && tfsreq_ie_end &&
315 tfsreq_ie_end - tfsreq_ie_start >= 0) {
d32d94db
XC		 316 tfsreq_ie_len = (tfsreq_ie_end + tfsreq_ie_end[1] + 2) -
317 tfsreq_ie_start;
318 wpa_printf(MSG_DEBUG, "TFS Req IE(s) found");
319 /* pass the TFS Req IE(s) to driver for processing */
320 if (ieee80211_11_set_tfs_ie(hapd, addr, tfsreq_ie_start,
321 &tfsreq_ie_len,
322 WNM_SLEEP_TFS_REQ_IE_SET))
323 wpa_printf(MSG_DEBUG, "Fail to set TFS Req IE");
324 }
325
326 ieee802_11_send_wnmsleep_resp(hapd, addr, dialog_token,
327 wnmsleep_ie->action_type,
5ace51a4 328 le_to_host16(wnmsleep_ie->intval));
d32d94db 329
615a5d55 330 if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT) {
d32d94db
XC		 331 /* clear the tfs after sending the resp frame */
332 ieee80211_11_set_tfs_ie(hapd, addr, tfsreq_ie_start,
333 &tfsreq_ie_len, WNM_SLEEP_TFS_IE_DEL);
334 }
335}
336
337
28ab64af
JM		 338static int ieee802_11_send_bss_trans_mgmt_request(struct hostapd_data *hapd,
339 const u8 *addr,
885bbd4d 340 u8 dialog_token)
28ab64af
JM		 341{
342 struct ieee80211_mgmt *mgmt;
885bbd4d 343 size_t len;
28ab64af
JM		 344 u8 *pos;
345 int res;
346
885bbd4d 347 mgmt = os_zalloc(sizeof(*mgmt));
28ab64af
JM		 348 if (mgmt == NULL)
349 return -1;
350 os_memcpy(mgmt->da, addr, ETH_ALEN);
351 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
352 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
353 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
354 WLAN_FC_STYPE_ACTION);
355 mgmt->u.action.category = WLAN_ACTION_WNM;
356 mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
357 mgmt->u.action.u.bss_tm_req.dialog_token = dialog_token;
358 mgmt->u.action.u.bss_tm_req.req_mode = 0;
359 mgmt->u.action.u.bss_tm_req.disassoc_timer = host_to_le16(0);
360 mgmt->u.action.u.bss_tm_req.validity_interval = 1;
361 pos = mgmt->u.action.u.bss_tm_req.variable;
28ab64af
JM		 362
363 wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
364 MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u "
365 "validity_interval=%u",
366 MAC2STR(addr), dialog_token,
367 mgmt->u.action.u.bss_tm_req.req_mode,
368 le_to_host16(mgmt->u.action.u.bss_tm_req.disassoc_timer),
369 mgmt->u.action.u.bss_tm_req.validity_interval);
370
371 len = pos - &mgmt->u.action.category;
372 res = hostapd_drv_send_action(hapd, hapd->iface->freq, 0,
373 mgmt->da, &mgmt->u.action.category, len);
374 os_free(mgmt);
375 return res;
376}
377
378
379static void ieee802_11_rx_bss_trans_mgmt_query(struct hostapd_data *hapd,
380 const u8 *addr, const u8 *frm,
381 size_t len)
382{
383 u8 dialog_token, reason;
384 const u8 *pos, *end;
3d0fb955
JM		 385 int enabled = hapd->conf->bss_transition;
386
387#ifdef CONFIG_MBO
388 if (hapd->conf->mbo_enabled)
389 enabled = 1;
390#endif /* CONFIG_MBO */
391 if (!enabled) {
392 wpa_printf(MSG_DEBUG,
393 "Ignore BSS Transition Management Query from "
394 MACSTR
395 " since BSS Transition Management is disabled",
396 MAC2STR(addr));
397 return;
398 }
28ab64af
JM		 399
400 if (len < 2) {
401 wpa_printf(MSG_DEBUG, "WNM: Ignore too short BSS Transition Management Query from "
402 MACSTR, MAC2STR(addr));
403 return;
404 }
405
406 pos = frm;
407 end = pos + len;
408 dialog_token = *pos++;
409 reason = *pos++;
410
411 wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management Query from "
412 MACSTR " dialog_token=%u reason=%u",
413 MAC2STR(addr), dialog_token, reason);
414
415 wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries",
416 pos, end - pos);
417
885bbd4d 418 ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token);
28ab64af
JM		 419}
420
421
d58c3bd8
RM		 422void ap_sta_reset_steer_flag_timer(void *eloop_ctx, void *timeout_ctx)
423{
424 struct hostapd_data *hapd = eloop_ctx;
425 struct sta_info *sta = timeout_ctx;
426
427 if (sta->agreed_to_steer) {
428 wpa_printf(MSG_DEBUG, "%s: Reset steering flag for STA " MACSTR,
429 hapd->conf->iface, MAC2STR(sta->addr));
430 sta->agreed_to_steer = 0;
431 }
432}
433
434
28ab64af
JM		 435static void ieee802_11_rx_bss_trans_mgmt_resp(struct hostapd_data *hapd,
436 const u8 *addr, const u8 *frm,
437 size_t len)
438{
439 u8 dialog_token, status_code, bss_termination_delay;
440 const u8 *pos, *end;
3d0fb955 441 int enabled = hapd->conf->bss_transition;
d58c3bd8 442 struct sta_info *sta;
3d0fb955
JM		 443
444#ifdef CONFIG_MBO
445 if (hapd->conf->mbo_enabled)
446 enabled = 1;
447#endif /* CONFIG_MBO */
448 if (!enabled) {
449 wpa_printf(MSG_DEBUG,
450 "Ignore BSS Transition Management Response from "
451 MACSTR
452 " since BSS Transition Management is disabled",
453 MAC2STR(addr));
454 return;
455 }
28ab64af
JM		 456
457 if (len < 3) {
458 wpa_printf(MSG_DEBUG, "WNM: Ignore too short BSS Transition Management Response from "
459 MACSTR, MAC2STR(addr));
460 return;
461 }
462
463 pos = frm;
464 end = pos + len;
465 dialog_token = *pos++;
466 status_code = *pos++;
467 bss_termination_delay = *pos++;
468
469 wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management Response from "
470 MACSTR " dialog_token=%u status_code=%u "
471 "bss_termination_delay=%u", MAC2STR(addr), dialog_token,
472 status_code, bss_termination_delay);
473
d58c3bd8
RM		 474 sta = ap_get_sta(hapd, addr);
475 if (!sta) {
476 wpa_printf(MSG_DEBUG, "Station " MACSTR
477 " not found for received BSS TM Response",
478 MAC2STR(addr));
479 return;
480 }
481
28ab64af
JM		 482 if (status_code == WNM_BSS_TM_ACCEPT) {
483 if (end - pos < ETH_ALEN) {
484 wpa_printf(MSG_DEBUG, "WNM: not enough room for Target BSSID field");
485 return;
486 }
d58c3bd8
RM		 487 sta->agreed_to_steer = 1;
488 eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
489 eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer,
490 hapd, sta);
28ab64af
JM		 491 wpa_printf(MSG_DEBUG, "WNM: Target BSSID: " MACSTR,
492 MAC2STR(pos));
53514800
JM		 493 wpa_msg(hapd->msg_ctx, MSG_INFO, BSS_TM_RESP MACSTR
494 " status_code=%u bss_termination_delay=%u target_bssid="
495 MACSTR,
496 MAC2STR(addr), status_code, bss_termination_delay,
497 MAC2STR(pos));
28ab64af 498 pos += ETH_ALEN;
53514800 499 } else {
d58c3bd8 500 sta->agreed_to_steer = 0;
53514800
JM		 501 wpa_msg(hapd->msg_ctx, MSG_INFO, BSS_TM_RESP MACSTR
502 " status_code=%u bss_termination_delay=%u",
503 MAC2STR(addr), status_code, bss_termination_delay);
28ab64af
JM		 504 }
505
506 wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries",
507 pos, end - pos);
508}
509
510
f3cb7a69
JM		 511static void ieee802_11_rx_wnm_notification_req(struct hostapd_data *hapd,
512 const u8 *addr, const u8 *buf,
513 size_t len)
514{
515 u8 dialog_token, type;
516
517 if (len < 2)
518 return;
519 dialog_token = *buf++;
520 type = *buf++;
521 len -= 2;
522
523 wpa_printf(MSG_DEBUG,
524 "WNM: Received WNM Notification Request frame from "
525 MACSTR " (dialog_token=%u type=%u)",
526 MAC2STR(addr), dialog_token, type);
527 wpa_hexdump(MSG_MSGDUMP, "WNM: Notification Request subelements",
528 buf, len);
8dd49f0c
JM		 529 if (type == WLAN_EID_VENDOR_SPECIFIC)
530 mbo_ap_wnm_notification_req(hapd, addr, buf, len);
f3cb7a69
JM		 531}
532
533
d514b502
JM		 534static void ieee802_11_rx_wnm_coloc_intf_report(struct hostapd_data *hapd,
535 const u8 *addr, const u8 *buf,
536 size_t len)
537{
538 u8 dialog_token;
539 char *hex;
540 size_t hex_len;
541
542 if (!hapd->conf->coloc_intf_reporting) {
543 wpa_printf(MSG_DEBUG,
544 "WNM: Ignore unexpected Collocated Interference Report from "
545 MACSTR, MAC2STR(addr));
546 return;
547 }
548
549 if (len < 1) {
550 wpa_printf(MSG_DEBUG,
551 "WNM: Ignore too short Collocated Interference Report from "
552 MACSTR, MAC2STR(addr));
553 return;
554 }
555 dialog_token = *buf++;
556 len--;
557
558 wpa_printf(MSG_DEBUG,
559 "WNM: Received Collocated Interference Report frame from "
560 MACSTR " (dialog_token=%u)",
561 MAC2STR(addr), dialog_token);
562 wpa_hexdump(MSG_MSGDUMP, "WNM: Collocated Interference Report Elements",
563 buf, len);
564
565 hex_len = 2 * len + 1;
566 hex = os_malloc(hex_len);
567 if (!hex)
568 return;
569 wpa_snprintf_hex(hex, hex_len, buf, len);
570 wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, COLOC_INTF_REPORT MACSTR " %d %s",
571 MAC2STR(addr), dialog_token, hex);
572 os_free(hex);
573}
574
575
c79938a5 576int ieee802_11_rx_wnm_action_ap(struct hostapd_data *hapd,
dbfb8e82 577 const struct ieee80211_mgmt *mgmt, size_t len)
d32d94db 578{
dbfb8e82
JM		 579 u8 action;
580 const u8 *payload;
581 size_t plen;
582
583 if (len < IEEE80211_HDRLEN + 2)
c79938a5 584 return -1;
d32d94db 585
da995b2e 586 payload = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 1;
dbfb8e82 587 action = *payload++;
da995b2e 588 plen = len - IEEE80211_HDRLEN - 2;
dbfb8e82
JM		 589
590 switch (action) {
2049a875 591 case WNM_BSS_TRANS_MGMT_QUERY:
dbfb8e82
JM		 592 ieee802_11_rx_bss_trans_mgmt_query(hapd, mgmt->sa, payload,
593 plen);
28ab64af 594 return 0;
2049a875 595 case WNM_BSS_TRANS_MGMT_RESP:
dbfb8e82
JM		 596 ieee802_11_rx_bss_trans_mgmt_resp(hapd, mgmt->sa, payload,
597 plen);
28ab64af 598 return 0;
d32d94db 599 case WNM_SLEEP_MODE_REQ:
dbfb8e82 600 ieee802_11_rx_wnmsleep_req(hapd, mgmt->sa, payload, plen);
c79938a5 601 return 0;
f3cb7a69
JM		 602 case WNM_NOTIFICATION_REQ:
603 ieee802_11_rx_wnm_notification_req(hapd, mgmt->sa, payload,
604 plen);
605 return 0;
d514b502
JM		 606 case WNM_COLLOCATED_INTERFERENCE_REPORT:
607 ieee802_11_rx_wnm_coloc_intf_report(hapd, mgmt->sa, payload,
608 plen);
609 return 0;
d32d94db 610 }
c79938a5
JM		 611
612 wpa_printf(MSG_DEBUG, "WNM: Unsupported WNM Action %u from " MACSTR,
dbfb8e82 613 action, MAC2STR(mgmt->sa));
c79938a5 614 return -1;
d32d94db 615}
2025cad9
JM		 616
617
8d321a7d
JM		 618int wnm_send_disassoc_imminent(struct hostapd_data *hapd,
619 struct sta_info *sta, int disassoc_timer)
620{
621 u8 buf[1000], *pos;
622 struct ieee80211_mgmt *mgmt;
623
624 os_memset(buf, 0, sizeof(buf));
625 mgmt = (struct ieee80211_mgmt *) buf;
626 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
627 WLAN_FC_STYPE_ACTION);
628 os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
629 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
630 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
631 mgmt->u.action.category = WLAN_ACTION_WNM;
632 mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
633 mgmt->u.action.u.bss_tm_req.dialog_token = 1;
634 mgmt->u.action.u.bss_tm_req.req_mode =
635 WNM_BSS_TM_REQ_DISASSOC_IMMINENT;
636 mgmt->u.action.u.bss_tm_req.disassoc_timer =
637 host_to_le16(disassoc_timer);
638 mgmt->u.action.u.bss_tm_req.validity_interval = 0;
639
640 pos = mgmt->u.action.u.bss_tm_req.variable;
641
642 wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request frame to indicate imminent disassociation (disassoc_timer=%d) to "
643 MACSTR, disassoc_timer, MAC2STR(sta->addr));
37100274 644 if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
8d321a7d
JM		 645 wpa_printf(MSG_DEBUG, "Failed to send BSS Transition "
646 "Management Request frame");
647 return -1;
648 }
649
650 return 0;
651}
652
653
a30dff07
JM		 654static void set_disassoc_timer(struct hostapd_data *hapd, struct sta_info *sta,
655 int disassoc_timer)
656{
657 int timeout, beacon_int;
658
659 /*
660 * Prevent STA from reconnecting using cached PMKSA to force
661 * full authentication with the authentication server (which may
662 * decide to reject the connection),
663 */
664 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
665
666 beacon_int = hapd->iconf->beacon_int;
667 if (beacon_int < 1)
668 beacon_int = 100; /* best guess */
669 /* Calculate timeout in ms based on beacon_int in TU */
670 timeout = disassoc_timer * beacon_int * 128 / 125;
671 wpa_printf(MSG_DEBUG, "Disassociation timer for " MACSTR
672 " set to %d ms", MAC2STR(sta->addr), timeout);
673
674 sta->timeout_next = STA_DISASSOC_FROM_CLI;
675 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
676 eloop_register_timeout(timeout / 1000,
677 timeout % 1000 * 1000,
678 ap_handle_timer, hapd, sta);
679}
680
681
2025cad9
JM		 682int wnm_send_ess_disassoc_imminent(struct hostapd_data *hapd,
683 struct sta_info *sta, const char *url,
684 int disassoc_timer)
685{
686 u8 buf[1000], *pos;
687 struct ieee80211_mgmt *mgmt;
688 size_t url_len;
689
690 os_memset(buf, 0, sizeof(buf));
691 mgmt = (struct ieee80211_mgmt *) buf;
692 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
693 WLAN_FC_STYPE_ACTION);
694 os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
695 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
696 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
697 mgmt->u.action.category = WLAN_ACTION_WNM;
698 mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
699 mgmt->u.action.u.bss_tm_req.dialog_token = 1;
700 mgmt->u.action.u.bss_tm_req.req_mode =
701 WNM_BSS_TM_REQ_DISASSOC_IMMINENT |
702 WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT;
703 mgmt->u.action.u.bss_tm_req.disassoc_timer =
704 host_to_le16(disassoc_timer);
705 mgmt->u.action.u.bss_tm_req.validity_interval = 0x01;
706
707 pos = mgmt->u.action.u.bss_tm_req.variable;
708
709 /* Session Information URL */
710 url_len = os_strlen(url);
711 if (url_len > 255)
712 return -1;
713 *pos++ = url_len;
714 os_memcpy(pos, url, url_len);
715 pos += url_len;
716
37100274 717 if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
2025cad9
JM		 718 wpa_printf(MSG_DEBUG, "Failed to send BSS Transition "
719 "Management Request frame");
720 return -1;
721 }
722
2025cad9 723 if (disassoc_timer) {
a30dff07
JM		 724 /* send disassociation frame after time-out */
725 set_disassoc_timer(hapd, sta, disassoc_timer);
726 }
2025cad9 727
a30dff07
JM		 728 return 0;
729}
730
731
732int wnm_send_bss_tm_req(struct hostapd_data *hapd, struct sta_info *sta,
733 u8 req_mode, int disassoc_timer, u8 valid_int,
734 const u8 *bss_term_dur, const char *url,
c0e2a172
AS		 735 const u8 *nei_rep, size_t nei_rep_len,
736 const u8 *mbo_attrs, size_t mbo_len)
a30dff07
JM		 737{
738 u8 *buf, *pos;
739 struct ieee80211_mgmt *mgmt;
740 size_t url_len;
741
742 wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
743 MACSTR " req_mode=0x%x disassoc_timer=%d valid_int=0x%x",
744 MAC2STR(sta->addr), req_mode, disassoc_timer, valid_int);
c0e2a172 745 buf = os_zalloc(1000 + nei_rep_len + mbo_len);
a30dff07
JM		 746 if (buf == NULL)
747 return -1;
748 mgmt = (struct ieee80211_mgmt *) buf;
749 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
750 WLAN_FC_STYPE_ACTION);
751 os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
752 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
753 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
754 mgmt->u.action.category = WLAN_ACTION_WNM;
755 mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
756 mgmt->u.action.u.bss_tm_req.dialog_token = 1;
757 mgmt->u.action.u.bss_tm_req.req_mode = req_mode;
758 mgmt->u.action.u.bss_tm_req.disassoc_timer =
759 host_to_le16(disassoc_timer);
760 mgmt->u.action.u.bss_tm_req.validity_interval = valid_int;
761
762 pos = mgmt->u.action.u.bss_tm_req.variable;
763
764 if ((req_mode & WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED) &&
765 bss_term_dur) {
766 os_memcpy(pos, bss_term_dur, 12);
767 pos += 12;
768 }
769
770 if (url) {
771 /* Session Information URL */
772 url_len = os_strlen(url);
b62b0cb7
HD		 773 if (url_len > 255) {
774 os_free(buf);
a30dff07 775 return -1;
b62b0cb7
HD		 776 }
777
a30dff07
JM		 778 *pos++ = url_len;
779 os_memcpy(pos, url, url_len);
780 pos += url_len;
781 }
782
783 if (nei_rep) {
784 os_memcpy(pos, nei_rep, nei_rep_len);
785 pos += nei_rep_len;
786 }
787
c0e2a172
AS		 788 if (mbo_len > 0) {
789 pos += mbo_add_ie(pos, buf + sizeof(buf) - pos, mbo_attrs,
790 mbo_len);
791 }
792
37100274 793 if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
a30dff07
JM		 794 wpa_printf(MSG_DEBUG,
795 "Failed to send BSS Transition Management Request frame");
796 os_free(buf);
797 return -1;
798 }
799 os_free(buf);
800
801 if (disassoc_timer) {
802 /* send disassociation frame after time-out */
803 set_disassoc_timer(hapd, sta, disassoc_timer);
2025cad9
JM		 804 }
805
806 return 0;
807}
d514b502
JM		 808
809
810int wnm_send_coloc_intf_req(struct hostapd_data *hapd, struct sta_info *sta,
811 unsigned int auto_report, unsigned int timeout)
812{
813 u8 buf[100], *pos;
814 struct ieee80211_mgmt *mgmt;
815 u8 dialog_token = 1;
816
817 if (auto_report > 3 || timeout > 63)
818 return -1;
819 os_memset(buf, 0, sizeof(buf));
820 mgmt = (struct ieee80211_mgmt *) buf;
821 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
822 WLAN_FC_STYPE_ACTION);
823 os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
824 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
825 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
826 mgmt->u.action.category = WLAN_ACTION_WNM;
827 mgmt->u.action.u.coloc_intf_req.action =
828 WNM_COLLOCATED_INTERFERENCE_REQ;
829 mgmt->u.action.u.coloc_intf_req.dialog_token = dialog_token;
830 mgmt->u.action.u.coloc_intf_req.req_info = auto_report | (timeout << 2);
831 pos = &mgmt->u.action.u.coloc_intf_req.req_info;
832 pos++;
833
834 wpa_printf(MSG_DEBUG, "WNM: Sending Collocated Interference Request to "
835 MACSTR " (dialog_token=%u auto_report=%u timeout=%u)",
836 MAC2STR(sta->addr), dialog_token, auto_report, timeout);
37100274 837 if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
d514b502
JM		 838 wpa_printf(MSG_DEBUG,
839 "WNM: Failed to send Collocated Interference Request frame");
840 return -1;
841 }
842
843 return 0;
844}
Unnamed repository; edit this file 'description' to name the repository.