]>
Commit | Line | Data |
---|---|---|
461d39af JM |
1 | /* |
2 | * Generic advertisement service (GAS) server | |
3 | * Copyright (c) 2017, Qualcomm Atheros, Inc. | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
12 | #include "utils/list.h" | |
13 | #include "utils/eloop.h" | |
14 | #include "ieee802_11_defs.h" | |
15 | #include "gas.h" | |
16 | #include "gas_server.h" | |
17 | ||
18 | ||
19 | #define MAX_ADV_PROTO_ID_LEN 10 | |
20 | #define GAS_QUERY_TIMEOUT 10 | |
21 | ||
22 | struct gas_server_handler { | |
23 | struct dl_list list; | |
24 | u8 adv_proto_id[MAX_ADV_PROTO_ID_LEN]; | |
25 | u8 adv_proto_id_len; | |
26 | struct wpabuf * (*req_cb)(void *ctx, const u8 *sa, | |
27 | const u8 *query, size_t query_len); | |
28 | void (*status_cb)(void *ctx, struct wpabuf *resp, int ok); | |
29 | void *ctx; | |
30 | struct gas_server *gas; | |
31 | }; | |
32 | ||
33 | struct gas_server_response { | |
34 | struct dl_list list; | |
35 | size_t offset; | |
36 | u8 frag_id; | |
37 | struct wpabuf *resp; | |
38 | int freq; | |
39 | u8 dst[ETH_ALEN]; | |
40 | u8 dialog_token; | |
41 | struct gas_server_handler *handler; | |
42 | }; | |
43 | ||
44 | struct gas_server { | |
45 | struct dl_list handlers; /* struct gas_server_handler::list */ | |
46 | struct dl_list responses; /* struct gas_server_response::list */ | |
47 | void (*tx)(void *ctx, int freq, const u8 *da, struct wpabuf *resp, | |
48 | unsigned int wait_time); | |
49 | void *ctx; | |
50 | }; | |
51 | ||
52 | static void gas_server_free_response(struct gas_server_response *response); | |
53 | ||
54 | ||
55 | static void gas_server_response_timeout(void *eloop_ctx, void *user_ctx) | |
56 | { | |
57 | struct gas_server_response *response = eloop_ctx; | |
58 | ||
59 | wpa_printf(MSG_DEBUG, "GAS: Response @%p timeout for " MACSTR | |
60 | " (dialog_token=%u freq=%d frag_id=%u sent=%lu/%lu) - drop pending data", | |
61 | response, MAC2STR(response->dst), response->dialog_token, | |
62 | response->freq, response->frag_id, | |
63 | (unsigned long) response->offset, | |
64 | (unsigned long) wpabuf_len(response->resp)); | |
65 | response->handler->status_cb(response->handler->ctx, | |
66 | response->resp, 0); | |
67 | response->resp = NULL; | |
68 | dl_list_del(&response->list); | |
69 | gas_server_free_response(response); | |
70 | } | |
71 | ||
72 | ||
73 | static void gas_server_free_response(struct gas_server_response *response) | |
74 | { | |
75 | if (!response) | |
76 | return; | |
77 | wpa_printf(MSG_DEBUG, "DPP: Free GAS response @%p", response); | |
78 | eloop_cancel_timeout(gas_server_response_timeout, response, NULL); | |
79 | wpabuf_free(response->resp); | |
80 | os_free(response); | |
81 | } | |
82 | ||
83 | ||
84 | static void | |
85 | gas_server_send_resp(struct gas_server *gas, struct gas_server_handler *handler, | |
86 | const u8 *da, int freq, u8 dialog_token, | |
87 | struct wpabuf *query_resp) | |
88 | { | |
89 | size_t max_len = (freq > 56160) ? 928 : 1400; | |
90 | size_t hdr_len = 24 + 2 + 5 + 3 + handler->adv_proto_id_len + 2; | |
91 | size_t resp_frag_len; | |
92 | struct wpabuf *resp; | |
93 | u16 comeback_delay; | |
94 | struct gas_server_response *response; | |
95 | ||
96 | if (!query_resp) | |
97 | return; | |
98 | ||
99 | response = os_zalloc(sizeof(*response)); | |
100 | if (!response) | |
101 | return; | |
102 | wpa_printf(MSG_DEBUG, "DPP: Allocated GAS response @%p", response); | |
103 | response->freq = freq; | |
104 | response->handler = handler; | |
105 | os_memcpy(response->dst, da, ETH_ALEN); | |
106 | response->dialog_token = dialog_token; | |
107 | if (hdr_len + wpabuf_len(query_resp) > max_len) { | |
108 | /* Need to use comeback to initiate fragmentation */ | |
109 | comeback_delay = 1; | |
110 | resp_frag_len = 0; | |
111 | } else { | |
112 | /* Full response fits into the initial response */ | |
113 | comeback_delay = 0; | |
114 | resp_frag_len = wpabuf_len(query_resp); | |
115 | } | |
116 | ||
117 | resp = gas_build_initial_resp(dialog_token, WLAN_STATUS_SUCCESS, | |
118 | comeback_delay, | |
119 | handler->adv_proto_id_len + | |
120 | resp_frag_len); | |
121 | if (!resp) { | |
122 | gas_server_free_response(response); | |
123 | return; | |
124 | } | |
125 | ||
126 | /* Advertisement Protocol element */ | |
127 | wpabuf_put_u8(resp, WLAN_EID_ADV_PROTO); | |
128 | wpabuf_put_u8(resp, 1 + handler->adv_proto_id_len); /* Length */ | |
129 | wpabuf_put_u8(resp, 0x7f); | |
130 | /* Advertisement Protocol ID */ | |
131 | wpabuf_put_data(resp, handler->adv_proto_id, handler->adv_proto_id_len); | |
132 | ||
133 | /* Query Response Length */ | |
134 | wpabuf_put_le16(resp, resp_frag_len); | |
135 | if (!comeback_delay) | |
136 | wpabuf_put_buf(resp, query_resp); | |
137 | ||
138 | if (comeback_delay) { | |
139 | wpa_printf(MSG_DEBUG, | |
140 | "GAS: Need to fragment query response"); | |
141 | } else { | |
142 | wpa_printf(MSG_DEBUG, | |
143 | "GAS: Full query response fits in the GAS Initial Response frame"); | |
144 | } | |
145 | response->offset = resp_frag_len; | |
146 | response->resp = query_resp; | |
147 | dl_list_add(&gas->responses, &response->list); | |
148 | gas->tx(gas->ctx, freq, da, resp, comeback_delay ? 2000 : 0); | |
149 | wpabuf_free(resp); | |
150 | eloop_register_timeout(GAS_QUERY_TIMEOUT, 0, | |
151 | gas_server_response_timeout, response, NULL); | |
152 | } | |
153 | ||
154 | ||
155 | static int | |
156 | gas_server_rx_initial_req(struct gas_server *gas, const u8 *da, const u8 *sa, | |
157 | const u8 *bssid, int freq, u8 dialog_token, | |
158 | const u8 *data, size_t len) | |
159 | { | |
160 | const u8 *pos, *end, *adv_proto, *query_req; | |
161 | u8 adv_proto_len; | |
162 | u16 query_req_len; | |
163 | struct gas_server_handler *handler; | |
164 | struct wpabuf *resp; | |
165 | ||
166 | wpa_hexdump(MSG_MSGDUMP, "GAS: Received GAS Initial Request frame", | |
167 | data, len); | |
168 | pos = data; | |
169 | end = data + len; | |
170 | ||
171 | if (end - pos < 2 || pos[0] != WLAN_EID_ADV_PROTO) { | |
172 | wpa_printf(MSG_DEBUG, | |
173 | "GAS: No Advertisement Protocol element found"); | |
174 | return -1; | |
175 | } | |
176 | pos++; | |
177 | adv_proto_len = *pos++; | |
178 | if (end - pos < adv_proto_len || adv_proto_len < 2) { | |
179 | wpa_printf(MSG_DEBUG, | |
180 | "GAS: Truncated Advertisement Protocol element"); | |
181 | return -1; | |
182 | } | |
183 | ||
184 | adv_proto = pos; | |
185 | pos += adv_proto_len; | |
186 | wpa_hexdump(MSG_MSGDUMP, "GAS: Advertisement Protocol element", | |
187 | adv_proto, adv_proto_len); | |
188 | ||
189 | if (end - pos < 2) { | |
190 | wpa_printf(MSG_DEBUG, "GAS: No Query Request Length field"); | |
191 | return -1; | |
192 | } | |
193 | query_req_len = WPA_GET_LE16(pos); | |
194 | pos += 2; | |
195 | if (end - pos < query_req_len) { | |
196 | wpa_printf(MSG_DEBUG, "GAS: Truncated Query Request field"); | |
197 | return -1; | |
198 | } | |
199 | query_req = pos; | |
200 | pos += query_req_len; | |
201 | wpa_hexdump(MSG_MSGDUMP, "GAS: Query Request", | |
202 | query_req, query_req_len); | |
203 | ||
204 | if (pos < end) { | |
205 | wpa_hexdump(MSG_MSGDUMP, | |
206 | "GAS: Ignored extra data after Query Request field", | |
207 | pos, end - pos); | |
208 | } | |
209 | ||
210 | dl_list_for_each(handler, &gas->handlers, struct gas_server_handler, | |
211 | list) { | |
212 | if (adv_proto_len < 1 + handler->adv_proto_id_len || | |
213 | os_memcmp(adv_proto + 1, handler->adv_proto_id, | |
214 | handler->adv_proto_id_len) != 0) | |
215 | continue; | |
216 | ||
217 | wpa_printf(MSG_DEBUG, | |
218 | "GAS: Calling handler for the requested Advertisement Protocol ID"); | |
219 | resp = handler->req_cb(handler->ctx, sa, query_req, | |
220 | query_req_len); | |
221 | wpa_hexdump_buf(MSG_MSGDUMP, "GAS: Response from the handler", | |
222 | resp); | |
223 | gas_server_send_resp(gas, handler, sa, freq, dialog_token, | |
224 | resp); | |
225 | return 0; | |
226 | } | |
227 | ||
228 | wpa_printf(MSG_DEBUG, | |
229 | "GAS: No registered handler for the requested Advertisement Protocol ID"); | |
230 | return -1; | |
231 | } | |
232 | ||
233 | ||
234 | static void | |
235 | gas_server_handle_rx_comeback_req(struct gas_server_response *response) | |
236 | { | |
237 | struct gas_server_handler *handler = response->handler; | |
238 | struct gas_server *gas = handler->gas; | |
239 | size_t max_len = (response->freq > 56160) ? 928 : 1400; | |
240 | size_t hdr_len = 24 + 2 + 6 + 3 + handler->adv_proto_id_len + 2; | |
241 | size_t remaining, resp_frag_len; | |
242 | struct wpabuf *resp; | |
243 | ||
244 | remaining = wpabuf_len(response->resp) - response->offset; | |
245 | if (hdr_len + remaining > max_len) | |
246 | resp_frag_len = max_len - hdr_len; | |
247 | else | |
248 | resp_frag_len = remaining; | |
249 | wpa_printf(MSG_DEBUG, | |
250 | "GAS: Sending out %u/%u remaining Query Response octets", | |
251 | (unsigned int) resp_frag_len, (unsigned int) remaining); | |
252 | ||
253 | resp = gas_build_comeback_resp(response->dialog_token, | |
254 | WLAN_STATUS_SUCCESS, | |
255 | response->frag_id++, | |
256 | resp_frag_len < remaining, 0, | |
257 | handler->adv_proto_id_len + | |
258 | resp_frag_len); | |
259 | if (!resp) { | |
260 | gas_server_free_response(response); | |
261 | return; | |
262 | } | |
263 | ||
264 | /* Advertisement Protocol element */ | |
265 | wpabuf_put_u8(resp, WLAN_EID_ADV_PROTO); | |
266 | wpabuf_put_u8(resp, 1 + handler->adv_proto_id_len); /* Length */ | |
267 | wpabuf_put_u8(resp, 0x7f); | |
268 | /* Advertisement Protocol ID */ | |
269 | wpabuf_put_data(resp, handler->adv_proto_id, handler->adv_proto_id_len); | |
270 | ||
271 | /* Query Response Length */ | |
272 | wpabuf_put_le16(resp, resp_frag_len); | |
273 | wpabuf_put_data(resp, wpabuf_head_u8(response->resp) + response->offset, | |
274 | resp_frag_len); | |
275 | ||
276 | response->offset += resp_frag_len; | |
277 | ||
278 | gas->tx(gas->ctx, response->freq, response->dst, resp, | |
279 | remaining > resp_frag_len ? 2000 : 0); | |
280 | wpabuf_free(resp); | |
281 | } | |
282 | ||
283 | ||
284 | static int | |
285 | gas_server_rx_comeback_req(struct gas_server *gas, const u8 *da, const u8 *sa, | |
286 | const u8 *bssid, int freq, u8 dialog_token) | |
287 | { | |
288 | struct gas_server_response *response; | |
289 | ||
290 | dl_list_for_each(response, &gas->responses, struct gas_server_response, | |
291 | list) { | |
292 | if (response->dialog_token != dialog_token || | |
293 | os_memcmp(sa, response->dst, ETH_ALEN) != 0) | |
294 | continue; | |
295 | gas_server_handle_rx_comeback_req(response); | |
296 | return 0; | |
297 | } | |
298 | ||
299 | wpa_printf(MSG_DEBUG, "GAS: No pending GAS response for " MACSTR | |
300 | " (dialog token %u)", MAC2STR(sa), dialog_token); | |
301 | return -1; | |
302 | } | |
303 | ||
304 | ||
305 | /** | |
306 | * gas_query_rx - Indicate reception of a Public Action or Protected Dual frame | |
307 | * @gas: GAS query data from gas_server_init() | |
308 | * @da: Destination MAC address of the Action frame | |
309 | * @sa: Source MAC address of the Action frame | |
310 | * @bssid: BSSID of the Action frame | |
311 | * @categ: Category of the Action frame | |
312 | * @data: Payload of the Action frame | |
313 | * @len: Length of @data | |
314 | * @freq: Frequency (in MHz) on which the frame was received | |
315 | * Returns: 0 if the Public Action frame was a GAS request frame or -1 if not | |
316 | */ | |
317 | int gas_server_rx(struct gas_server *gas, const u8 *da, const u8 *sa, | |
318 | const u8 *bssid, u8 categ, const u8 *data, size_t len, | |
319 | int freq) | |
320 | { | |
321 | u8 action, dialog_token; | |
322 | const u8 *pos, *end; | |
323 | ||
324 | if (!gas || len < 2) | |
325 | return -1; | |
326 | ||
327 | if (categ == WLAN_ACTION_PROTECTED_DUAL) | |
328 | return -1; /* Not supported for now */ | |
329 | ||
330 | pos = data; | |
331 | end = data + len; | |
332 | action = *pos++; | |
333 | dialog_token = *pos++; | |
334 | ||
335 | if (action != WLAN_PA_GAS_INITIAL_REQ && | |
336 | action != WLAN_PA_GAS_COMEBACK_REQ) | |
337 | return -1; /* Not a GAS request */ | |
338 | ||
339 | wpa_printf(MSG_DEBUG, "GAS: Received GAS %s Request frame DA=" MACSTR | |
340 | " SA=" MACSTR " BSSID=" MACSTR | |
341 | " freq=%d dialog_token=%u len=%u", | |
342 | action == WLAN_PA_GAS_INITIAL_REQ ? "Initial" : "Comeback", | |
343 | MAC2STR(da), MAC2STR(sa), MAC2STR(bssid), freq, dialog_token, | |
344 | (unsigned int) len); | |
345 | ||
346 | if (action == WLAN_PA_GAS_INITIAL_REQ) | |
347 | return gas_server_rx_initial_req(gas, da, sa, bssid, | |
348 | freq, dialog_token, | |
349 | pos, end - pos); | |
350 | return gas_server_rx_comeback_req(gas, da, sa, bssid, | |
351 | freq, dialog_token); | |
352 | } | |
353 | ||
354 | ||
355 | static void gas_server_handle_tx_status(struct gas_server_response *response, | |
356 | int ack) | |
357 | { | |
358 | if (ack && response->offset < wpabuf_len(response->resp)) { | |
359 | wpa_printf(MSG_DEBUG, | |
360 | "GAS: More fragments remaining - keep pending entry"); | |
361 | return; | |
362 | } | |
363 | ||
364 | if (!ack) | |
365 | wpa_printf(MSG_DEBUG, | |
366 | "GAS: No ACK received - drop pending entry"); | |
367 | else | |
368 | wpa_printf(MSG_DEBUG, | |
369 | "GAS: Last fragment of the response sent out - drop pending entry"); | |
370 | ||
371 | response->handler->status_cb(response->handler->ctx, | |
372 | response->resp, ack); | |
373 | response->resp = NULL; | |
374 | dl_list_del(&response->list); | |
375 | gas_server_free_response(response); | |
376 | } | |
377 | ||
378 | ||
379 | void gas_server_tx_status(struct gas_server *gas, const u8 *dst, const u8 *data, | |
380 | size_t data_len, int ack) | |
381 | { | |
382 | const u8 *pos; | |
383 | u8 action, code, dialog_token; | |
384 | struct gas_server_response *response; | |
385 | ||
386 | if (data_len < 24 + 3) | |
387 | return; | |
388 | pos = data + 24; | |
389 | action = *pos++; | |
390 | code = *pos++; | |
391 | dialog_token = *pos++; | |
392 | if (action != WLAN_ACTION_PUBLIC || | |
393 | (code != WLAN_PA_GAS_INITIAL_RESP && | |
394 | code != WLAN_PA_GAS_COMEBACK_RESP)) | |
395 | return; | |
396 | wpa_printf(MSG_DEBUG, "GAS: TX status dst=" MACSTR | |
397 | " ack=%d %s dialog_token=%u", | |
398 | MAC2STR(dst), ack, | |
399 | code == WLAN_PA_GAS_INITIAL_RESP ? "initial" : "comeback", | |
400 | dialog_token); | |
401 | dl_list_for_each(response, &gas->responses, struct gas_server_response, | |
402 | list) { | |
403 | if (response->dialog_token != dialog_token || | |
404 | os_memcmp(dst, response->dst, ETH_ALEN) != 0) | |
405 | continue; | |
406 | gas_server_handle_tx_status(response, ack); | |
407 | return; | |
408 | } | |
409 | ||
410 | wpa_printf(MSG_DEBUG, "GAS: No pending response matches TX status"); | |
411 | } | |
412 | ||
413 | ||
414 | struct gas_server * gas_server_init(void *ctx, | |
415 | void (*tx)(void *ctx, int freq, | |
416 | const u8 *da, | |
417 | struct wpabuf *buf, | |
418 | unsigned int wait_time)) | |
419 | { | |
420 | struct gas_server *gas; | |
421 | ||
422 | gas = os_zalloc(sizeof(*gas)); | |
423 | if (!gas) | |
424 | return NULL; | |
425 | gas->ctx = ctx; | |
426 | gas->tx = tx; | |
427 | dl_list_init(&gas->handlers); | |
428 | dl_list_init(&gas->responses); | |
429 | return gas; | |
430 | } | |
431 | ||
432 | ||
433 | void gas_server_deinit(struct gas_server *gas) | |
434 | { | |
435 | struct gas_server_handler *handler, *tmp; | |
436 | struct gas_server_response *response, *tmp_r; | |
437 | ||
438 | if (!gas) | |
439 | return; | |
440 | ||
441 | dl_list_for_each_safe(handler, tmp, &gas->handlers, | |
442 | struct gas_server_handler, list) { | |
443 | dl_list_del(&handler->list); | |
444 | os_free(handler); | |
445 | } | |
446 | ||
447 | dl_list_for_each_safe(response, tmp_r, &gas->responses, | |
448 | struct gas_server_response, list) { | |
449 | dl_list_del(&response->list); | |
450 | gas_server_free_response(response); | |
451 | } | |
452 | ||
453 | os_free(gas); | |
454 | } | |
455 | ||
456 | ||
457 | int gas_server_register(struct gas_server *gas, | |
458 | const u8 *adv_proto_id, u8 adv_proto_id_len, | |
459 | struct wpabuf * | |
460 | (*req_cb)(void *ctx, const u8 *sa, | |
461 | const u8 *query, size_t query_len), | |
462 | void (*status_cb)(void *ctx, struct wpabuf *resp, | |
463 | int ok), | |
464 | void *ctx) | |
465 | { | |
466 | struct gas_server_handler *handler; | |
467 | ||
468 | if (!gas || adv_proto_id_len > MAX_ADV_PROTO_ID_LEN) | |
469 | return -1; | |
470 | handler = os_zalloc(sizeof(*handler)); | |
471 | if (!handler) | |
472 | return -1; | |
473 | ||
474 | os_memcpy(handler->adv_proto_id, adv_proto_id, adv_proto_id_len); | |
475 | handler->adv_proto_id_len = adv_proto_id_len; | |
476 | handler->req_cb = req_cb; | |
477 | handler->status_cb = status_cb; | |
478 | handler->ctx = ctx; | |
479 | handler->gas = gas; | |
480 | dl_list_add(&gas->handlers, &handler->list); | |
481 | ||
482 | return 0; | |
483 | } |