]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * WPA Supplicant - Basic mesh peer management | |
3 | * Copyright (c) 2013-2014, cozybit, Inc. All rights reserved. | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
12 | #include "utils/eloop.h" | |
13 | #include "common/ieee802_11_defs.h" | |
14 | #include "common/hw_features_common.h" | |
15 | #include "ap/hostapd.h" | |
16 | #include "ap/sta_info.h" | |
17 | #include "ap/ieee802_11.h" | |
18 | #include "ap/wpa_auth.h" | |
19 | #include "wpa_supplicant_i.h" | |
20 | #include "driver_i.h" | |
21 | #include "mesh_mpm.h" | |
22 | #include "mesh_rsn.h" | |
23 | ||
24 | struct mesh_peer_mgmt_ie { | |
25 | const u8 *proto_id; /* Mesh Peering Protocol Identifier (2 octets) */ | |
26 | const u8 *llid; /* Local Link ID (2 octets) */ | |
27 | const u8 *plid; /* Peer Link ID (conditional, 2 octets) */ | |
28 | const u8 *reason; /* Reason Code (conditional, 2 octets) */ | |
29 | const u8 *chosen_pmk; /* Chosen PMK (optional, 16 octets) */ | |
30 | }; | |
31 | ||
32 | static void plink_timer(void *eloop_ctx, void *user_data); | |
33 | ||
34 | ||
35 | enum plink_event { | |
36 | PLINK_UNDEFINED, | |
37 | OPN_ACPT, | |
38 | OPN_RJCT, | |
39 | CNF_ACPT, | |
40 | CNF_RJCT, | |
41 | CLS_ACPT, | |
42 | REQ_RJCT | |
43 | }; | |
44 | ||
45 | static const char * const mplstate[] = { | |
46 | [0] = "UNINITIALIZED", | |
47 | [PLINK_IDLE] = "IDLE", | |
48 | [PLINK_OPN_SNT] = "OPN_SNT", | |
49 | [PLINK_OPN_RCVD] = "OPN_RCVD", | |
50 | [PLINK_CNF_RCVD] = "CNF_RCVD", | |
51 | [PLINK_ESTAB] = "ESTAB", | |
52 | [PLINK_HOLDING] = "HOLDING", | |
53 | [PLINK_BLOCKED] = "BLOCKED" | |
54 | }; | |
55 | ||
56 | static const char * const mplevent[] = { | |
57 | [PLINK_UNDEFINED] = "UNDEFINED", | |
58 | [OPN_ACPT] = "OPN_ACPT", | |
59 | [OPN_RJCT] = "OPN_RJCT", | |
60 | [CNF_ACPT] = "CNF_ACPT", | |
61 | [CNF_RJCT] = "CNF_RJCT", | |
62 | [CLS_ACPT] = "CLS_ACPT", | |
63 | [REQ_RJCT] = "REQ_RJCT", | |
64 | }; | |
65 | ||
66 | ||
67 | static int mesh_mpm_parse_peer_mgmt(struct wpa_supplicant *wpa_s, | |
68 | u8 action_field, | |
69 | const u8 *ie, size_t len, | |
70 | struct mesh_peer_mgmt_ie *mpm_ie) | |
71 | { | |
72 | os_memset(mpm_ie, 0, sizeof(*mpm_ie)); | |
73 | ||
74 | /* Remove optional Chosen PMK field at end */ | |
75 | if (len >= SAE_PMKID_LEN) { | |
76 | mpm_ie->chosen_pmk = ie + len - SAE_PMKID_LEN; | |
77 | len -= SAE_PMKID_LEN; | |
78 | } | |
79 | ||
80 | if ((action_field == PLINK_OPEN && len != 4) || | |
81 | (action_field == PLINK_CONFIRM && len != 6) || | |
82 | (action_field == PLINK_CLOSE && len != 6 && len != 8)) { | |
83 | wpa_msg(wpa_s, MSG_DEBUG, "MPM: Invalid peer mgmt ie"); | |
84 | return -1; | |
85 | } | |
86 | ||
87 | /* required fields */ | |
88 | if (len < 4) | |
89 | return -1; | |
90 | mpm_ie->proto_id = ie; | |
91 | mpm_ie->llid = ie + 2; | |
92 | ie += 4; | |
93 | len -= 4; | |
94 | ||
95 | /* close reason is always present at end for close */ | |
96 | if (action_field == PLINK_CLOSE) { | |
97 | if (len < 2) | |
98 | return -1; | |
99 | mpm_ie->reason = ie + len - 2; | |
100 | len -= 2; | |
101 | } | |
102 | ||
103 | /* Peer Link ID, present for confirm, and possibly close */ | |
104 | if (len >= 2) | |
105 | mpm_ie->plid = ie; | |
106 | ||
107 | return 0; | |
108 | } | |
109 | ||
110 | ||
111 | static int plink_free_count(struct hostapd_data *hapd) | |
112 | { | |
113 | if (hapd->max_plinks > hapd->num_plinks) | |
114 | return hapd->max_plinks - hapd->num_plinks; | |
115 | return 0; | |
116 | } | |
117 | ||
118 | ||
119 | static u16 copy_supp_rates(struct wpa_supplicant *wpa_s, | |
120 | struct sta_info *sta, | |
121 | struct ieee802_11_elems *elems) | |
122 | { | |
123 | if (!elems->supp_rates) { | |
124 | wpa_msg(wpa_s, MSG_ERROR, "no supported rates from " MACSTR, | |
125 | MAC2STR(sta->addr)); | |
126 | return WLAN_STATUS_UNSPECIFIED_FAILURE; | |
127 | } | |
128 | ||
129 | if (elems->supp_rates_len + elems->ext_supp_rates_len > | |
130 | sizeof(sta->supported_rates)) { | |
131 | wpa_msg(wpa_s, MSG_ERROR, | |
132 | "Invalid supported rates element length " MACSTR | |
133 | " %d+%d", MAC2STR(sta->addr), elems->supp_rates_len, | |
134 | elems->ext_supp_rates_len); | |
135 | return WLAN_STATUS_UNSPECIFIED_FAILURE; | |
136 | } | |
137 | ||
138 | sta->supported_rates_len = merge_byte_arrays( | |
139 | sta->supported_rates, sizeof(sta->supported_rates), | |
140 | elems->supp_rates, elems->supp_rates_len, | |
141 | elems->ext_supp_rates, elems->ext_supp_rates_len); | |
142 | ||
143 | return WLAN_STATUS_SUCCESS; | |
144 | } | |
145 | ||
146 | ||
147 | /* return true if elems from a neighbor match this MBSS */ | |
148 | static Boolean matches_local(struct wpa_supplicant *wpa_s, | |
149 | struct ieee802_11_elems *elems) | |
150 | { | |
151 | struct mesh_conf *mconf = wpa_s->ifmsh->mconf; | |
152 | ||
153 | if (elems->mesh_config_len < 5) | |
154 | return FALSE; | |
155 | ||
156 | return (mconf->meshid_len == elems->mesh_id_len && | |
157 | os_memcmp(mconf->meshid, elems->mesh_id, | |
158 | elems->mesh_id_len) == 0 && | |
159 | mconf->mesh_pp_id == elems->mesh_config[0] && | |
160 | mconf->mesh_pm_id == elems->mesh_config[1] && | |
161 | mconf->mesh_cc_id == elems->mesh_config[2] && | |
162 | mconf->mesh_sp_id == elems->mesh_config[3] && | |
163 | mconf->mesh_auth_id == elems->mesh_config[4]); | |
164 | } | |
165 | ||
166 | ||
167 | /* check if local link id is already used with another peer */ | |
168 | static Boolean llid_in_use(struct wpa_supplicant *wpa_s, u16 llid) | |
169 | { | |
170 | struct sta_info *sta; | |
171 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
172 | ||
173 | for (sta = hapd->sta_list; sta; sta = sta->next) { | |
174 | if (sta->my_lid == llid) | |
175 | return TRUE; | |
176 | } | |
177 | ||
178 | return FALSE; | |
179 | } | |
180 | ||
181 | ||
182 | /* generate an llid for a link and set to initial state */ | |
183 | static void mesh_mpm_init_link(struct wpa_supplicant *wpa_s, | |
184 | struct sta_info *sta) | |
185 | { | |
186 | u16 llid; | |
187 | ||
188 | do { | |
189 | if (os_get_random((u8 *) &llid, sizeof(llid)) < 0) | |
190 | continue; | |
191 | } while (!llid || llid_in_use(wpa_s, llid)); | |
192 | ||
193 | sta->my_lid = llid; | |
194 | sta->peer_lid = 0; | |
195 | sta->peer_aid = 0; | |
196 | ||
197 | /* | |
198 | * We do not use wpa_mesh_set_plink_state() here because there is no | |
199 | * entry in kernel yet. | |
200 | */ | |
201 | sta->plink_state = PLINK_IDLE; | |
202 | } | |
203 | ||
204 | ||
205 | static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s, | |
206 | struct sta_info *sta, | |
207 | enum plink_action_field type, | |
208 | u16 close_reason) | |
209 | { | |
210 | struct wpabuf *buf; | |
211 | struct hostapd_iface *ifmsh = wpa_s->ifmsh; | |
212 | struct hostapd_data *bss = ifmsh->bss[0]; | |
213 | struct mesh_conf *conf = ifmsh->mconf; | |
214 | u8 supp_rates[2 + 2 + 32]; | |
215 | u8 *pos, *cat; | |
216 | u8 ie_len, add_plid = 0; | |
217 | int ret; | |
218 | int ampe = conf->security & MESH_CONF_SEC_AMPE; | |
219 | size_t buf_len; | |
220 | ||
221 | if (!sta) | |
222 | return; | |
223 | ||
224 | buf_len = 2 + /* capability info */ | |
225 | 2 + /* AID */ | |
226 | 2 + 8 + /* supported rates */ | |
227 | 2 + (32 - 8) + | |
228 | 2 + 32 + /* mesh ID */ | |
229 | 2 + 7 + /* mesh config */ | |
230 | 2 + 23 + /* peering management */ | |
231 | 2 + 96 + /* AMPE */ | |
232 | 2 + 16; /* MIC */ | |
233 | #ifdef CONFIG_IEEE80211N | |
234 | if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) { | |
235 | buf_len += 2 + 26 + /* HT capabilities */ | |
236 | 2 + 22; /* HT operation */ | |
237 | } | |
238 | #endif /* CONFIG_IEEE80211N */ | |
239 | #ifdef CONFIG_IEEE80211AC | |
240 | if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) { | |
241 | buf_len += 2 + 12 + /* VHT Capabilities */ | |
242 | 2 + 5; /* VHT Operation */ | |
243 | } | |
244 | #endif /* CONFIG_IEEE80211AC */ | |
245 | if (type != PLINK_CLOSE) | |
246 | buf_len += conf->rsn_ie_len; /* RSN IE */ | |
247 | ||
248 | buf = wpabuf_alloc(buf_len); | |
249 | if (!buf) | |
250 | return; | |
251 | ||
252 | cat = wpabuf_mhead_u8(buf); | |
253 | wpabuf_put_u8(buf, WLAN_ACTION_SELF_PROTECTED); | |
254 | wpabuf_put_u8(buf, type); | |
255 | ||
256 | if (type != PLINK_CLOSE) { | |
257 | u8 info; | |
258 | ||
259 | /* capability info */ | |
260 | wpabuf_put_le16(buf, ampe ? IEEE80211_CAP_PRIVACY : 0); | |
261 | ||
262 | /* aid */ | |
263 | if (type == PLINK_CONFIRM) | |
264 | wpabuf_put_le16(buf, sta->aid); | |
265 | ||
266 | /* IE: supp + ext. supp rates */ | |
267 | pos = hostapd_eid_supp_rates(bss, supp_rates); | |
268 | pos = hostapd_eid_ext_supp_rates(bss, pos); | |
269 | wpabuf_put_data(buf, supp_rates, pos - supp_rates); | |
270 | ||
271 | /* IE: RSN IE */ | |
272 | wpabuf_put_data(buf, conf->rsn_ie, conf->rsn_ie_len); | |
273 | ||
274 | /* IE: Mesh ID */ | |
275 | wpabuf_put_u8(buf, WLAN_EID_MESH_ID); | |
276 | wpabuf_put_u8(buf, conf->meshid_len); | |
277 | wpabuf_put_data(buf, conf->meshid, conf->meshid_len); | |
278 | ||
279 | /* IE: mesh conf */ | |
280 | wpabuf_put_u8(buf, WLAN_EID_MESH_CONFIG); | |
281 | wpabuf_put_u8(buf, 7); | |
282 | wpabuf_put_u8(buf, conf->mesh_pp_id); | |
283 | wpabuf_put_u8(buf, conf->mesh_pm_id); | |
284 | wpabuf_put_u8(buf, conf->mesh_cc_id); | |
285 | wpabuf_put_u8(buf, conf->mesh_sp_id); | |
286 | wpabuf_put_u8(buf, conf->mesh_auth_id); | |
287 | info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1; | |
288 | /* TODO: Add Connected to Mesh Gate/AS subfields */ | |
289 | wpabuf_put_u8(buf, info); | |
290 | /* always forwarding & accepting plinks for now */ | |
291 | wpabuf_put_u8(buf, MESH_CAP_ACCEPT_ADDITIONAL_PEER | | |
292 | MESH_CAP_FORWARDING); | |
293 | } else { /* Peer closing frame */ | |
294 | /* IE: Mesh ID */ | |
295 | wpabuf_put_u8(buf, WLAN_EID_MESH_ID); | |
296 | wpabuf_put_u8(buf, conf->meshid_len); | |
297 | wpabuf_put_data(buf, conf->meshid, conf->meshid_len); | |
298 | } | |
299 | ||
300 | /* IE: Mesh Peering Management element */ | |
301 | ie_len = 4; | |
302 | if (ampe) | |
303 | ie_len += PMKID_LEN; | |
304 | switch (type) { | |
305 | case PLINK_OPEN: | |
306 | break; | |
307 | case PLINK_CONFIRM: | |
308 | ie_len += 2; | |
309 | add_plid = 1; | |
310 | break; | |
311 | case PLINK_CLOSE: | |
312 | ie_len += 2; | |
313 | add_plid = 1; | |
314 | ie_len += 2; /* reason code */ | |
315 | break; | |
316 | } | |
317 | ||
318 | wpabuf_put_u8(buf, WLAN_EID_PEER_MGMT); | |
319 | wpabuf_put_u8(buf, ie_len); | |
320 | /* peering protocol */ | |
321 | if (ampe) | |
322 | wpabuf_put_le16(buf, 1); | |
323 | else | |
324 | wpabuf_put_le16(buf, 0); | |
325 | wpabuf_put_le16(buf, sta->my_lid); | |
326 | if (add_plid) | |
327 | wpabuf_put_le16(buf, sta->peer_lid); | |
328 | if (type == PLINK_CLOSE) | |
329 | wpabuf_put_le16(buf, close_reason); | |
330 | if (ampe) { | |
331 | if (sta->sae == NULL) { | |
332 | wpa_msg(wpa_s, MSG_INFO, "Mesh MPM: no SAE session"); | |
333 | goto fail; | |
334 | } | |
335 | mesh_rsn_get_pmkid(wpa_s->mesh_rsn, sta, | |
336 | wpabuf_put(buf, PMKID_LEN)); | |
337 | } | |
338 | ||
339 | #ifdef CONFIG_IEEE80211N | |
340 | if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) { | |
341 | u8 ht_capa_oper[2 + 26 + 2 + 22]; | |
342 | ||
343 | pos = hostapd_eid_ht_capabilities(bss, ht_capa_oper); | |
344 | pos = hostapd_eid_ht_operation(bss, pos); | |
345 | wpabuf_put_data(buf, ht_capa_oper, pos - ht_capa_oper); | |
346 | } | |
347 | #endif /* CONFIG_IEEE80211N */ | |
348 | #ifdef CONFIG_IEEE80211AC | |
349 | if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) { | |
350 | u8 vht_capa_oper[2 + 12 + 2 + 5]; | |
351 | ||
352 | pos = hostapd_eid_vht_capabilities(bss, vht_capa_oper, 0); | |
353 | pos = hostapd_eid_vht_operation(bss, pos); | |
354 | wpabuf_put_data(buf, vht_capa_oper, pos - vht_capa_oper); | |
355 | } | |
356 | #endif /* CONFIG_IEEE80211AC */ | |
357 | ||
358 | if (ampe && mesh_rsn_protect_frame(wpa_s->mesh_rsn, sta, cat, buf)) { | |
359 | wpa_msg(wpa_s, MSG_INFO, | |
360 | "Mesh MPM: failed to add AMPE and MIC IE"); | |
361 | goto fail; | |
362 | } | |
363 | ||
364 | wpa_msg(wpa_s, MSG_DEBUG, "Mesh MPM: Sending peering frame type %d to " | |
365 | MACSTR " (my_lid=0x%x peer_lid=0x%x)", | |
366 | type, MAC2STR(sta->addr), sta->my_lid, sta->peer_lid); | |
367 | ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, | |
368 | sta->addr, wpa_s->own_addr, wpa_s->own_addr, | |
369 | wpabuf_head(buf), wpabuf_len(buf), 0); | |
370 | if (ret < 0) | |
371 | wpa_msg(wpa_s, MSG_INFO, | |
372 | "Mesh MPM: failed to send peering frame"); | |
373 | ||
374 | fail: | |
375 | wpabuf_free(buf); | |
376 | } | |
377 | ||
378 | ||
379 | /* configure peering state in ours and driver's station entry */ | |
380 | void wpa_mesh_set_plink_state(struct wpa_supplicant *wpa_s, | |
381 | struct sta_info *sta, | |
382 | enum mesh_plink_state state) | |
383 | { | |
384 | struct hostapd_sta_add_params params; | |
385 | int ret; | |
386 | ||
387 | wpa_msg(wpa_s, MSG_DEBUG, "MPM set " MACSTR " from %s into %s", | |
388 | MAC2STR(sta->addr), mplstate[sta->plink_state], | |
389 | mplstate[state]); | |
390 | sta->plink_state = state; | |
391 | ||
392 | os_memset(¶ms, 0, sizeof(params)); | |
393 | params.addr = sta->addr; | |
394 | params.plink_state = state; | |
395 | params.peer_aid = sta->peer_aid; | |
396 | params.set = 1; | |
397 | ||
398 | ret = wpa_drv_sta_add(wpa_s, ¶ms); | |
399 | if (ret) { | |
400 | wpa_msg(wpa_s, MSG_ERROR, "Driver failed to set " MACSTR | |
401 | ": %d", MAC2STR(sta->addr), ret); | |
402 | } | |
403 | } | |
404 | ||
405 | ||
406 | static void mesh_mpm_fsm_restart(struct wpa_supplicant *wpa_s, | |
407 | struct sta_info *sta) | |
408 | { | |
409 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
410 | ||
411 | eloop_cancel_timeout(plink_timer, wpa_s, sta); | |
412 | ||
413 | ap_free_sta(hapd, sta); | |
414 | } | |
415 | ||
416 | ||
417 | static void plink_timer(void *eloop_ctx, void *user_data) | |
418 | { | |
419 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
420 | struct sta_info *sta = user_data; | |
421 | u16 reason = 0; | |
422 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
423 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
424 | ||
425 | switch (sta->plink_state) { | |
426 | case PLINK_OPN_RCVD: | |
427 | case PLINK_OPN_SNT: | |
428 | /* retry timer */ | |
429 | if (sta->mpm_retries < conf->dot11MeshMaxRetries) { | |
430 | eloop_register_timeout( | |
431 | conf->dot11MeshRetryTimeout / 1000, | |
432 | (conf->dot11MeshRetryTimeout % 1000) * 1000, | |
433 | plink_timer, wpa_s, sta); | |
434 | mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0); | |
435 | sta->mpm_retries++; | |
436 | break; | |
437 | } | |
438 | reason = WLAN_REASON_MESH_MAX_RETRIES; | |
439 | /* fall through on else */ | |
440 | ||
441 | case PLINK_CNF_RCVD: | |
442 | /* confirm timer */ | |
443 | if (!reason) | |
444 | reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; | |
445 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
446 | eloop_register_timeout(conf->dot11MeshHoldingTimeout / 1000, | |
447 | (conf->dot11MeshHoldingTimeout % 1000) * 1000, | |
448 | plink_timer, wpa_s, sta); | |
449 | mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason); | |
450 | break; | |
451 | case PLINK_HOLDING: | |
452 | /* holding timer */ | |
453 | ||
454 | if (sta->mesh_sae_pmksa_caching) { | |
455 | wpa_printf(MSG_DEBUG, "MPM: Peer " MACSTR | |
456 | " looks like it does not support mesh SAE PMKSA caching, so remove the cached entry for it", | |
457 | MAC2STR(sta->addr)); | |
458 | wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); | |
459 | } | |
460 | mesh_mpm_fsm_restart(wpa_s, sta); | |
461 | break; | |
462 | default: | |
463 | break; | |
464 | } | |
465 | } | |
466 | ||
467 | ||
468 | /* initiate peering with station */ | |
469 | static void | |
470 | mesh_mpm_plink_open(struct wpa_supplicant *wpa_s, struct sta_info *sta, | |
471 | enum mesh_plink_state next_state) | |
472 | { | |
473 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
474 | ||
475 | eloop_cancel_timeout(plink_timer, wpa_s, sta); | |
476 | eloop_register_timeout(conf->dot11MeshRetryTimeout / 1000, | |
477 | (conf->dot11MeshRetryTimeout % 1000) * 1000, | |
478 | plink_timer, wpa_s, sta); | |
479 | mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0); | |
480 | wpa_mesh_set_plink_state(wpa_s, sta, next_state); | |
481 | } | |
482 | ||
483 | ||
484 | static int mesh_mpm_plink_close(struct hostapd_data *hapd, struct sta_info *sta, | |
485 | void *ctx) | |
486 | { | |
487 | struct wpa_supplicant *wpa_s = ctx; | |
488 | int reason = WLAN_REASON_MESH_PEERING_CANCELLED; | |
489 | ||
490 | if (sta) { | |
491 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
492 | mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason); | |
493 | wpa_printf(MSG_DEBUG, "MPM closing plink sta=" MACSTR, | |
494 | MAC2STR(sta->addr)); | |
495 | eloop_cancel_timeout(plink_timer, wpa_s, sta); | |
496 | return 0; | |
497 | } | |
498 | ||
499 | return 1; | |
500 | } | |
501 | ||
502 | ||
503 | int mesh_mpm_close_peer(struct wpa_supplicant *wpa_s, const u8 *addr) | |
504 | { | |
505 | struct hostapd_data *hapd; | |
506 | struct sta_info *sta; | |
507 | ||
508 | if (!wpa_s->ifmsh) { | |
509 | wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet"); | |
510 | return -1; | |
511 | } | |
512 | ||
513 | hapd = wpa_s->ifmsh->bss[0]; | |
514 | sta = ap_get_sta(hapd, addr); | |
515 | if (!sta) { | |
516 | wpa_msg(wpa_s, MSG_INFO, "No such mesh peer"); | |
517 | return -1; | |
518 | } | |
519 | ||
520 | return mesh_mpm_plink_close(hapd, sta, wpa_s) == 0 ? 0 : -1; | |
521 | } | |
522 | ||
523 | ||
524 | static void peer_add_timer(void *eloop_ctx, void *user_data) | |
525 | { | |
526 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
527 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
528 | ||
529 | os_memset(hapd->mesh_required_peer, 0, ETH_ALEN); | |
530 | } | |
531 | ||
532 | ||
533 | int mesh_mpm_connect_peer(struct wpa_supplicant *wpa_s, const u8 *addr, | |
534 | int duration) | |
535 | { | |
536 | struct wpa_ssid *ssid = wpa_s->current_ssid; | |
537 | struct hostapd_data *hapd; | |
538 | struct sta_info *sta; | |
539 | struct mesh_conf *conf; | |
540 | ||
541 | if (!wpa_s->ifmsh) { | |
542 | wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet"); | |
543 | return -1; | |
544 | } | |
545 | ||
546 | if (!ssid || !ssid->no_auto_peer) { | |
547 | wpa_msg(wpa_s, MSG_INFO, | |
548 | "This command is available only with no_auto_peer mesh network"); | |
549 | return -1; | |
550 | } | |
551 | ||
552 | hapd = wpa_s->ifmsh->bss[0]; | |
553 | conf = wpa_s->ifmsh->mconf; | |
554 | ||
555 | sta = ap_get_sta(hapd, addr); | |
556 | if (!sta) { | |
557 | wpa_msg(wpa_s, MSG_INFO, "No such mesh peer"); | |
558 | return -1; | |
559 | } | |
560 | ||
561 | if ((PLINK_OPN_SNT <= sta->plink_state && | |
562 | sta->plink_state <= PLINK_ESTAB) || | |
563 | (sta->sae && sta->sae->state > SAE_NOTHING)) { | |
564 | wpa_msg(wpa_s, MSG_INFO, | |
565 | "Specified peer is connecting/connected"); | |
566 | return -1; | |
567 | } | |
568 | ||
569 | if (conf->security == MESH_CONF_SEC_NONE) { | |
570 | mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); | |
571 | } else { | |
572 | mesh_rsn_auth_sae_sta(wpa_s, sta); | |
573 | os_memcpy(hapd->mesh_required_peer, addr, ETH_ALEN); | |
574 | eloop_register_timeout(duration == -1 ? 10 : duration, 0, | |
575 | peer_add_timer, wpa_s, NULL); | |
576 | } | |
577 | ||
578 | return 0; | |
579 | } | |
580 | ||
581 | ||
582 | void mesh_mpm_deinit(struct wpa_supplicant *wpa_s, struct hostapd_iface *ifmsh) | |
583 | { | |
584 | struct hostapd_data *hapd = ifmsh->bss[0]; | |
585 | ||
586 | /* notify peers we're leaving */ | |
587 | ap_for_each_sta(hapd, mesh_mpm_plink_close, wpa_s); | |
588 | ||
589 | hapd->num_plinks = 0; | |
590 | hostapd_free_stas(hapd); | |
591 | eloop_cancel_timeout(peer_add_timer, wpa_s, NULL); | |
592 | } | |
593 | ||
594 | ||
595 | /* for mesh_rsn to indicate this peer has completed authentication, and we're | |
596 | * ready to start AMPE */ | |
597 | void mesh_mpm_auth_peer(struct wpa_supplicant *wpa_s, const u8 *addr) | |
598 | { | |
599 | struct hostapd_data *data = wpa_s->ifmsh->bss[0]; | |
600 | struct hostapd_sta_add_params params; | |
601 | struct sta_info *sta; | |
602 | int ret; | |
603 | ||
604 | sta = ap_get_sta(data, addr); | |
605 | if (!sta) { | |
606 | wpa_msg(wpa_s, MSG_DEBUG, "no such mesh peer"); | |
607 | return; | |
608 | } | |
609 | ||
610 | /* TODO: Should do nothing if this STA is already authenticated, but | |
611 | * the AP code already sets this flag. */ | |
612 | sta->flags |= WLAN_STA_AUTH; | |
613 | ||
614 | mesh_rsn_init_ampe_sta(wpa_s, sta); | |
615 | ||
616 | os_memset(¶ms, 0, sizeof(params)); | |
617 | params.addr = sta->addr; | |
618 | params.flags = WPA_STA_AUTHENTICATED | WPA_STA_AUTHORIZED; | |
619 | params.set = 1; | |
620 | ||
621 | wpa_msg(wpa_s, MSG_DEBUG, "MPM authenticating " MACSTR, | |
622 | MAC2STR(sta->addr)); | |
623 | ret = wpa_drv_sta_add(wpa_s, ¶ms); | |
624 | if (ret) { | |
625 | wpa_msg(wpa_s, MSG_ERROR, | |
626 | "Driver failed to set " MACSTR ": %d", | |
627 | MAC2STR(sta->addr), ret); | |
628 | } | |
629 | ||
630 | if (!sta->my_lid) | |
631 | mesh_mpm_init_link(wpa_s, sta); | |
632 | ||
633 | mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); | |
634 | } | |
635 | ||
636 | /* | |
637 | * Initialize a sta_info structure for a peer and upload it into the driver | |
638 | * in preparation for beginning authentication or peering. This is done when a | |
639 | * Beacon (secure or open mesh) or a peering open frame (for open mesh) is | |
640 | * received from the peer for the first time. | |
641 | */ | |
642 | static struct sta_info * mesh_mpm_add_peer(struct wpa_supplicant *wpa_s, | |
643 | const u8 *addr, | |
644 | struct ieee802_11_elems *elems) | |
645 | { | |
646 | struct hostapd_sta_add_params params; | |
647 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
648 | struct hostapd_data *data = wpa_s->ifmsh->bss[0]; | |
649 | struct sta_info *sta; | |
650 | #ifdef CONFIG_IEEE80211N | |
651 | struct ieee80211_ht_operation *oper; | |
652 | #endif /* CONFIG_IEEE80211N */ | |
653 | int ret; | |
654 | ||
655 | if (elems->mesh_config_len >= 7 && | |
656 | !(elems->mesh_config[6] & MESH_CAP_ACCEPT_ADDITIONAL_PEER)) { | |
657 | wpa_msg(wpa_s, MSG_DEBUG, | |
658 | "mesh: Ignore a crowded peer " MACSTR, | |
659 | MAC2STR(addr)); | |
660 | return NULL; | |
661 | } | |
662 | ||
663 | sta = ap_get_sta(data, addr); | |
664 | if (!sta) { | |
665 | sta = ap_sta_add(data, addr); | |
666 | if (!sta) | |
667 | return NULL; | |
668 | } | |
669 | ||
670 | /* Set WMM by default since Mesh STAs are QoS STAs */ | |
671 | sta->flags |= WLAN_STA_WMM; | |
672 | ||
673 | /* initialize sta */ | |
674 | if (copy_supp_rates(wpa_s, sta, elems)) { | |
675 | ap_free_sta(data, sta); | |
676 | return NULL; | |
677 | } | |
678 | ||
679 | if (!sta->my_lid) | |
680 | mesh_mpm_init_link(wpa_s, sta); | |
681 | ||
682 | #ifdef CONFIG_IEEE80211N | |
683 | copy_sta_ht_capab(data, sta, elems->ht_capabilities); | |
684 | ||
685 | oper = (struct ieee80211_ht_operation *) elems->ht_operation; | |
686 | if (oper && | |
687 | !(oper->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH)) { | |
688 | wpa_msg(wpa_s, MSG_DEBUG, MACSTR | |
689 | " does not support 40 MHz bandwidth", | |
690 | MAC2STR(sta->addr)); | |
691 | set_disable_ht40(sta->ht_capabilities, 1); | |
692 | } | |
693 | ||
694 | update_ht_state(data, sta); | |
695 | #endif /* CONFIG_IEEE80211N */ | |
696 | ||
697 | #ifdef CONFIG_IEEE80211AC | |
698 | copy_sta_vht_capab(data, sta, elems->vht_capabilities); | |
699 | set_sta_vht_opmode(data, sta, elems->vht_opmode_notif); | |
700 | #endif /* CONFIG_IEEE80211AC */ | |
701 | ||
702 | if (hostapd_get_aid(data, sta) < 0) { | |
703 | wpa_msg(wpa_s, MSG_ERROR, "No AIDs available"); | |
704 | ap_free_sta(data, sta); | |
705 | return NULL; | |
706 | } | |
707 | ||
708 | /* insert into driver */ | |
709 | os_memset(¶ms, 0, sizeof(params)); | |
710 | params.supp_rates = sta->supported_rates; | |
711 | params.supp_rates_len = sta->supported_rates_len; | |
712 | params.addr = addr; | |
713 | params.plink_state = sta->plink_state; | |
714 | params.aid = sta->aid; | |
715 | params.peer_aid = sta->peer_aid; | |
716 | params.listen_interval = 100; | |
717 | params.ht_capabilities = sta->ht_capabilities; | |
718 | params.vht_capabilities = sta->vht_capabilities; | |
719 | params.flags |= WPA_STA_WMM; | |
720 | params.flags_mask |= WPA_STA_AUTHENTICATED; | |
721 | if (conf->security == MESH_CONF_SEC_NONE) { | |
722 | params.flags |= WPA_STA_AUTHORIZED; | |
723 | params.flags |= WPA_STA_AUTHENTICATED; | |
724 | } else { | |
725 | sta->flags |= WLAN_STA_MFP; | |
726 | params.flags |= WPA_STA_MFP; | |
727 | } | |
728 | ||
729 | ret = wpa_drv_sta_add(wpa_s, ¶ms); | |
730 | if (ret) { | |
731 | wpa_msg(wpa_s, MSG_ERROR, | |
732 | "Driver failed to insert " MACSTR ": %d", | |
733 | MAC2STR(addr), ret); | |
734 | ap_free_sta(data, sta); | |
735 | return NULL; | |
736 | } | |
737 | ||
738 | return sta; | |
739 | } | |
740 | ||
741 | ||
742 | void wpa_mesh_new_mesh_peer(struct wpa_supplicant *wpa_s, const u8 *addr, | |
743 | struct ieee802_11_elems *elems) | |
744 | { | |
745 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
746 | struct hostapd_data *data = wpa_s->ifmsh->bss[0]; | |
747 | struct sta_info *sta; | |
748 | struct wpa_ssid *ssid = wpa_s->current_ssid; | |
749 | ||
750 | sta = mesh_mpm_add_peer(wpa_s, addr, elems); | |
751 | if (!sta) | |
752 | return; | |
753 | ||
754 | if (ssid && ssid->no_auto_peer && | |
755 | (is_zero_ether_addr(data->mesh_required_peer) || | |
756 | os_memcmp(data->mesh_required_peer, addr, ETH_ALEN) != 0)) { | |
757 | wpa_msg(wpa_s, MSG_INFO, "will not initiate new peer link with " | |
758 | MACSTR " because of no_auto_peer", MAC2STR(addr)); | |
759 | if (data->mesh_pending_auth) { | |
760 | struct os_reltime age; | |
761 | const struct ieee80211_mgmt *mgmt; | |
762 | struct hostapd_frame_info fi; | |
763 | ||
764 | mgmt = wpabuf_head(data->mesh_pending_auth); | |
765 | os_reltime_age(&data->mesh_pending_auth_time, &age); | |
766 | if (age.sec < 2 && | |
767 | os_memcmp(mgmt->sa, addr, ETH_ALEN) == 0) { | |
768 | wpa_printf(MSG_DEBUG, | |
769 | "mesh: Process pending Authentication frame from %u.%06u seconds ago", | |
770 | (unsigned int) age.sec, | |
771 | (unsigned int) age.usec); | |
772 | os_memset(&fi, 0, sizeof(fi)); | |
773 | ieee802_11_mgmt( | |
774 | data, | |
775 | wpabuf_head(data->mesh_pending_auth), | |
776 | wpabuf_len(data->mesh_pending_auth), | |
777 | &fi); | |
778 | } | |
779 | wpabuf_free(data->mesh_pending_auth); | |
780 | data->mesh_pending_auth = NULL; | |
781 | } | |
782 | return; | |
783 | } | |
784 | ||
785 | if (conf->security == MESH_CONF_SEC_NONE) { | |
786 | if (sta->plink_state < PLINK_OPN_SNT || | |
787 | sta->plink_state > PLINK_ESTAB) | |
788 | mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); | |
789 | } else { | |
790 | mesh_rsn_auth_sae_sta(wpa_s, sta); | |
791 | } | |
792 | } | |
793 | ||
794 | ||
795 | void mesh_mpm_mgmt_rx(struct wpa_supplicant *wpa_s, struct rx_mgmt *rx_mgmt) | |
796 | { | |
797 | struct hostapd_frame_info fi; | |
798 | ||
799 | os_memset(&fi, 0, sizeof(fi)); | |
800 | fi.datarate = rx_mgmt->datarate; | |
801 | fi.ssi_signal = rx_mgmt->ssi_signal; | |
802 | ieee802_11_mgmt(wpa_s->ifmsh->bss[0], rx_mgmt->frame, | |
803 | rx_mgmt->frame_len, &fi); | |
804 | } | |
805 | ||
806 | ||
807 | static void mesh_mpm_plink_estab(struct wpa_supplicant *wpa_s, | |
808 | struct sta_info *sta) | |
809 | { | |
810 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
811 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
812 | u8 seq[6] = {}; | |
813 | ||
814 | wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR " established", | |
815 | MAC2STR(sta->addr)); | |
816 | ||
817 | if (conf->security & MESH_CONF_SEC_AMPE) { | |
818 | wpa_hexdump_key(MSG_DEBUG, "mesh: MTK", sta->mtk, sta->mtk_len); | |
819 | wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->pairwise_cipher), | |
820 | sta->addr, 0, 0, seq, sizeof(seq), | |
821 | sta->mtk, sta->mtk_len); | |
822 | ||
823 | wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK Key RSC", | |
824 | sta->mgtk_rsc, sizeof(sta->mgtk_rsc)); | |
825 | wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK", | |
826 | sta->mgtk, sta->mgtk_len); | |
827 | wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->group_cipher), | |
828 | sta->addr, sta->mgtk_key_id, 0, | |
829 | sta->mgtk_rsc, sizeof(sta->mgtk_rsc), | |
830 | sta->mgtk, sta->mgtk_len); | |
831 | ||
832 | if (sta->igtk_len) { | |
833 | wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK Key RSC", | |
834 | sta->igtk_rsc, sizeof(sta->igtk_rsc)); | |
835 | wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK", | |
836 | sta->igtk, sta->igtk_len); | |
837 | wpa_drv_set_key( | |
838 | wpa_s, | |
839 | wpa_cipher_to_alg(conf->mgmt_group_cipher), | |
840 | sta->addr, sta->igtk_key_id, 0, | |
841 | sta->igtk_rsc, sizeof(sta->igtk_rsc), | |
842 | sta->igtk, sta->igtk_len); | |
843 | } | |
844 | } | |
845 | ||
846 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_ESTAB); | |
847 | hapd->num_plinks++; | |
848 | ||
849 | sta->flags |= WLAN_STA_ASSOC; | |
850 | sta->mesh_sae_pmksa_caching = 0; | |
851 | ||
852 | eloop_cancel_timeout(peer_add_timer, wpa_s, NULL); | |
853 | peer_add_timer(wpa_s, NULL); | |
854 | eloop_cancel_timeout(plink_timer, wpa_s, sta); | |
855 | ||
856 | /* Send ctrl event */ | |
857 | wpa_msg(wpa_s, MSG_INFO, MESH_PEER_CONNECTED MACSTR, | |
858 | MAC2STR(sta->addr)); | |
859 | } | |
860 | ||
861 | ||
862 | static void mesh_mpm_fsm(struct wpa_supplicant *wpa_s, struct sta_info *sta, | |
863 | enum plink_event event, u16 reason) | |
864 | { | |
865 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
866 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
867 | ||
868 | wpa_msg(wpa_s, MSG_DEBUG, "MPM " MACSTR " state %s event %s", | |
869 | MAC2STR(sta->addr), mplstate[sta->plink_state], | |
870 | mplevent[event]); | |
871 | ||
872 | switch (sta->plink_state) { | |
873 | case PLINK_IDLE: | |
874 | switch (event) { | |
875 | case CLS_ACPT: | |
876 | mesh_mpm_fsm_restart(wpa_s, sta); | |
877 | break; | |
878 | case OPN_ACPT: | |
879 | mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_RCVD); | |
880 | mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CONFIRM, | |
881 | 0); | |
882 | break; | |
883 | case REQ_RJCT: | |
884 | mesh_mpm_send_plink_action(wpa_s, sta, | |
885 | PLINK_CLOSE, reason); | |
886 | break; | |
887 | default: | |
888 | break; | |
889 | } | |
890 | break; | |
891 | case PLINK_OPN_SNT: | |
892 | switch (event) { | |
893 | case OPN_RJCT: | |
894 | case CNF_RJCT: | |
895 | if (!reason) | |
896 | reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; | |
897 | /* fall-through */ | |
898 | case CLS_ACPT: | |
899 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
900 | if (!reason) | |
901 | reason = WLAN_REASON_MESH_CLOSE_RCVD; | |
902 | eloop_register_timeout( | |
903 | conf->dot11MeshHoldingTimeout / 1000, | |
904 | (conf->dot11MeshHoldingTimeout % 1000) * 1000, | |
905 | plink_timer, wpa_s, sta); | |
906 | mesh_mpm_send_plink_action(wpa_s, sta, | |
907 | PLINK_CLOSE, reason); | |
908 | break; | |
909 | case OPN_ACPT: | |
910 | /* retry timer is left untouched */ | |
911 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_OPN_RCVD); | |
912 | mesh_mpm_send_plink_action(wpa_s, sta, | |
913 | PLINK_CONFIRM, 0); | |
914 | break; | |
915 | case CNF_ACPT: | |
916 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_CNF_RCVD); | |
917 | eloop_cancel_timeout(plink_timer, wpa_s, sta); | |
918 | eloop_register_timeout( | |
919 | conf->dot11MeshConfirmTimeout / 1000, | |
920 | (conf->dot11MeshConfirmTimeout % 1000) * 1000, | |
921 | plink_timer, wpa_s, sta); | |
922 | break; | |
923 | default: | |
924 | break; | |
925 | } | |
926 | break; | |
927 | case PLINK_OPN_RCVD: | |
928 | switch (event) { | |
929 | case OPN_RJCT: | |
930 | case CNF_RJCT: | |
931 | if (!reason) | |
932 | reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; | |
933 | /* fall-through */ | |
934 | case CLS_ACPT: | |
935 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
936 | if (!reason) | |
937 | reason = WLAN_REASON_MESH_CLOSE_RCVD; | |
938 | eloop_register_timeout( | |
939 | conf->dot11MeshHoldingTimeout / 1000, | |
940 | (conf->dot11MeshHoldingTimeout % 1000) * 1000, | |
941 | plink_timer, wpa_s, sta); | |
942 | sta->mpm_close_reason = reason; | |
943 | mesh_mpm_send_plink_action(wpa_s, sta, | |
944 | PLINK_CLOSE, reason); | |
945 | break; | |
946 | case OPN_ACPT: | |
947 | mesh_mpm_send_plink_action(wpa_s, sta, | |
948 | PLINK_CONFIRM, 0); | |
949 | break; | |
950 | case CNF_ACPT: | |
951 | if (conf->security & MESH_CONF_SEC_AMPE) | |
952 | mesh_rsn_derive_mtk(wpa_s, sta); | |
953 | mesh_mpm_plink_estab(wpa_s, sta); | |
954 | break; | |
955 | default: | |
956 | break; | |
957 | } | |
958 | break; | |
959 | case PLINK_CNF_RCVD: | |
960 | switch (event) { | |
961 | case OPN_RJCT: | |
962 | case CNF_RJCT: | |
963 | if (!reason) | |
964 | reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; | |
965 | /* fall-through */ | |
966 | case CLS_ACPT: | |
967 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
968 | if (!reason) | |
969 | reason = WLAN_REASON_MESH_CLOSE_RCVD; | |
970 | eloop_register_timeout( | |
971 | conf->dot11MeshHoldingTimeout / 1000, | |
972 | (conf->dot11MeshHoldingTimeout % 1000) * 1000, | |
973 | plink_timer, wpa_s, sta); | |
974 | sta->mpm_close_reason = reason; | |
975 | mesh_mpm_send_plink_action(wpa_s, sta, | |
976 | PLINK_CLOSE, reason); | |
977 | break; | |
978 | case OPN_ACPT: | |
979 | if (conf->security & MESH_CONF_SEC_AMPE) | |
980 | mesh_rsn_derive_mtk(wpa_s, sta); | |
981 | mesh_mpm_plink_estab(wpa_s, sta); | |
982 | mesh_mpm_send_plink_action(wpa_s, sta, | |
983 | PLINK_CONFIRM, 0); | |
984 | break; | |
985 | default: | |
986 | break; | |
987 | } | |
988 | break; | |
989 | case PLINK_ESTAB: | |
990 | switch (event) { | |
991 | case OPN_RJCT: | |
992 | case CNF_RJCT: | |
993 | case CLS_ACPT: | |
994 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
995 | if (!reason) | |
996 | reason = WLAN_REASON_MESH_CLOSE_RCVD; | |
997 | ||
998 | eloop_register_timeout( | |
999 | conf->dot11MeshHoldingTimeout / 1000, | |
1000 | (conf->dot11MeshHoldingTimeout % 1000) * 1000, | |
1001 | plink_timer, wpa_s, sta); | |
1002 | sta->mpm_close_reason = reason; | |
1003 | ||
1004 | wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR | |
1005 | " closed with reason %d", | |
1006 | MAC2STR(sta->addr), reason); | |
1007 | ||
1008 | wpa_msg(wpa_s, MSG_INFO, MESH_PEER_DISCONNECTED MACSTR, | |
1009 | MAC2STR(sta->addr)); | |
1010 | ||
1011 | hapd->num_plinks--; | |
1012 | ||
1013 | mesh_mpm_send_plink_action(wpa_s, sta, | |
1014 | PLINK_CLOSE, reason); | |
1015 | break; | |
1016 | case OPN_ACPT: | |
1017 | mesh_mpm_send_plink_action(wpa_s, sta, | |
1018 | PLINK_CONFIRM, 0); | |
1019 | break; | |
1020 | default: | |
1021 | break; | |
1022 | } | |
1023 | break; | |
1024 | case PLINK_HOLDING: | |
1025 | switch (event) { | |
1026 | case CLS_ACPT: | |
1027 | mesh_mpm_fsm_restart(wpa_s, sta); | |
1028 | break; | |
1029 | case OPN_ACPT: | |
1030 | case CNF_ACPT: | |
1031 | case OPN_RJCT: | |
1032 | case CNF_RJCT: | |
1033 | reason = sta->mpm_close_reason; | |
1034 | mesh_mpm_send_plink_action(wpa_s, sta, | |
1035 | PLINK_CLOSE, reason); | |
1036 | break; | |
1037 | default: | |
1038 | break; | |
1039 | } | |
1040 | break; | |
1041 | default: | |
1042 | wpa_msg(wpa_s, MSG_DEBUG, | |
1043 | "Unsupported MPM event %s for state %s", | |
1044 | mplevent[event], mplstate[sta->plink_state]); | |
1045 | break; | |
1046 | } | |
1047 | } | |
1048 | ||
1049 | ||
1050 | void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s, | |
1051 | const struct ieee80211_mgmt *mgmt, size_t len) | |
1052 | { | |
1053 | u8 action_field; | |
1054 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
1055 | struct mesh_conf *mconf = wpa_s->ifmsh->mconf; | |
1056 | struct sta_info *sta; | |
1057 | u16 plid = 0, llid = 0, aid = 0; | |
1058 | enum plink_event event; | |
1059 | struct ieee802_11_elems elems; | |
1060 | struct mesh_peer_mgmt_ie peer_mgmt_ie; | |
1061 | const u8 *ies; | |
1062 | size_t ie_len; | |
1063 | int ret; | |
1064 | u16 reason = 0; | |
1065 | ||
1066 | if (mgmt->u.action.category != WLAN_ACTION_SELF_PROTECTED) | |
1067 | return; | |
1068 | ||
1069 | action_field = mgmt->u.action.u.slf_prot_action.action; | |
1070 | if (action_field != PLINK_OPEN && | |
1071 | action_field != PLINK_CONFIRM && | |
1072 | action_field != PLINK_CLOSE) | |
1073 | return; | |
1074 | ||
1075 | ies = mgmt->u.action.u.slf_prot_action.variable; | |
1076 | ie_len = (const u8 *) mgmt + len - | |
1077 | mgmt->u.action.u.slf_prot_action.variable; | |
1078 | ||
1079 | /* at least expect mesh id and peering mgmt */ | |
1080 | if (ie_len < 2 + 2) { | |
1081 | wpa_printf(MSG_DEBUG, | |
1082 | "MPM: Ignore too short action frame %u ie_len %u", | |
1083 | action_field, (unsigned int) ie_len); | |
1084 | return; | |
1085 | } | |
1086 | wpa_printf(MSG_DEBUG, "MPM: Received PLINK action %u", action_field); | |
1087 | ||
1088 | if (action_field == PLINK_OPEN || action_field == PLINK_CONFIRM) { | |
1089 | wpa_printf(MSG_DEBUG, "MPM: Capability 0x%x", | |
1090 | WPA_GET_LE16(ies)); | |
1091 | ies += 2; /* capability */ | |
1092 | ie_len -= 2; | |
1093 | } | |
1094 | if (action_field == PLINK_CONFIRM) { | |
1095 | aid = WPA_GET_LE16(ies); | |
1096 | wpa_printf(MSG_DEBUG, "MPM: AID 0x%x", aid); | |
1097 | ies += 2; /* aid */ | |
1098 | ie_len -= 2; | |
1099 | } | |
1100 | ||
1101 | /* check for mesh peering, mesh id and mesh config IEs */ | |
1102 | if (ieee802_11_parse_elems(ies, ie_len, &elems, 0) == ParseFailed) { | |
1103 | wpa_printf(MSG_DEBUG, "MPM: Failed to parse PLINK IEs"); | |
1104 | return; | |
1105 | } | |
1106 | if (!elems.peer_mgmt) { | |
1107 | wpa_printf(MSG_DEBUG, | |
1108 | "MPM: No Mesh Peering Management element"); | |
1109 | return; | |
1110 | } | |
1111 | if (action_field != PLINK_CLOSE) { | |
1112 | if (!elems.mesh_id || !elems.mesh_config) { | |
1113 | wpa_printf(MSG_DEBUG, | |
1114 | "MPM: No Mesh ID or Mesh Configuration element"); | |
1115 | return; | |
1116 | } | |
1117 | ||
1118 | if (!matches_local(wpa_s, &elems)) { | |
1119 | wpa_printf(MSG_DEBUG, | |
1120 | "MPM: Mesh ID or Mesh Configuration element do not match local MBSS"); | |
1121 | return; | |
1122 | } | |
1123 | } | |
1124 | ||
1125 | ret = mesh_mpm_parse_peer_mgmt(wpa_s, action_field, | |
1126 | elems.peer_mgmt, | |
1127 | elems.peer_mgmt_len, | |
1128 | &peer_mgmt_ie); | |
1129 | if (ret) { | |
1130 | wpa_printf(MSG_DEBUG, "MPM: Mesh parsing rejected frame"); | |
1131 | return; | |
1132 | } | |
1133 | ||
1134 | /* the sender's llid is our plid and vice-versa */ | |
1135 | plid = WPA_GET_LE16(peer_mgmt_ie.llid); | |
1136 | if (peer_mgmt_ie.plid) | |
1137 | llid = WPA_GET_LE16(peer_mgmt_ie.plid); | |
1138 | wpa_printf(MSG_DEBUG, "MPM: plid=0x%x llid=0x%x", plid, llid); | |
1139 | ||
1140 | if (action_field == PLINK_CLOSE) | |
1141 | wpa_printf(MSG_DEBUG, "MPM: close reason=%u", | |
1142 | WPA_GET_LE16(peer_mgmt_ie.reason)); | |
1143 | ||
1144 | sta = ap_get_sta(hapd, mgmt->sa); | |
1145 | ||
1146 | /* | |
1147 | * If this is an open frame from an unknown STA, and this is an | |
1148 | * open mesh, then go ahead and add the peer before proceeding. | |
1149 | */ | |
1150 | if (!sta && action_field == PLINK_OPEN && | |
1151 | (!(mconf->security & MESH_CONF_SEC_AMPE) || | |
1152 | wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa, NULL))) | |
1153 | sta = mesh_mpm_add_peer(wpa_s, mgmt->sa, &elems); | |
1154 | ||
1155 | if (!sta) { | |
1156 | wpa_printf(MSG_DEBUG, "MPM: No STA entry for peer"); | |
1157 | return; | |
1158 | } | |
1159 | ||
1160 | #ifdef CONFIG_SAE | |
1161 | /* peer is in sae_accepted? */ | |
1162 | if (sta->sae && sta->sae->state != SAE_ACCEPTED) { | |
1163 | wpa_printf(MSG_DEBUG, "MPM: SAE not yet accepted for peer"); | |
1164 | return; | |
1165 | } | |
1166 | #endif /* CONFIG_SAE */ | |
1167 | ||
1168 | if (!sta->my_lid) | |
1169 | mesh_mpm_init_link(wpa_s, sta); | |
1170 | ||
1171 | if (mconf->security & MESH_CONF_SEC_AMPE) { | |
1172 | int res; | |
1173 | ||
1174 | res = mesh_rsn_process_ampe(wpa_s, sta, &elems, | |
1175 | &mgmt->u.action.category, | |
1176 | peer_mgmt_ie.chosen_pmk, | |
1177 | ies, ie_len); | |
1178 | if (res) { | |
1179 | wpa_printf(MSG_DEBUG, | |
1180 | "MPM: RSN process rejected frame (res=%d)", | |
1181 | res); | |
1182 | if (action_field == PLINK_OPEN && res == -2) { | |
1183 | /* AES-SIV decryption failed */ | |
1184 | mesh_mpm_fsm(wpa_s, sta, OPN_RJCT, | |
1185 | WLAN_REASON_MESH_INVALID_GTK); | |
1186 | } | |
1187 | return; | |
1188 | } | |
1189 | } | |
1190 | ||
1191 | if (sta->plink_state == PLINK_BLOCKED) { | |
1192 | wpa_printf(MSG_DEBUG, "MPM: PLINK_BLOCKED"); | |
1193 | return; | |
1194 | } | |
1195 | ||
1196 | /* Now we will figure out the appropriate event... */ | |
1197 | switch (action_field) { | |
1198 | case PLINK_OPEN: | |
1199 | if (plink_free_count(hapd) == 0) { | |
1200 | event = REQ_RJCT; | |
1201 | reason = WLAN_REASON_MESH_MAX_PEERS; | |
1202 | wpa_printf(MSG_INFO, | |
1203 | "MPM: Peer link num over quota(%d)", | |
1204 | hapd->max_plinks); | |
1205 | } else if (sta->peer_lid && sta->peer_lid != plid) { | |
1206 | wpa_printf(MSG_DEBUG, | |
1207 | "MPM: peer_lid mismatch: 0x%x != 0x%x", | |
1208 | sta->peer_lid, plid); | |
1209 | return; /* no FSM event */ | |
1210 | } else { | |
1211 | sta->peer_lid = plid; | |
1212 | event = OPN_ACPT; | |
1213 | } | |
1214 | break; | |
1215 | case PLINK_CONFIRM: | |
1216 | if (plink_free_count(hapd) == 0) { | |
1217 | event = REQ_RJCT; | |
1218 | reason = WLAN_REASON_MESH_MAX_PEERS; | |
1219 | wpa_printf(MSG_INFO, | |
1220 | "MPM: Peer link num over quota(%d)", | |
1221 | hapd->max_plinks); | |
1222 | } else if (sta->my_lid != llid || | |
1223 | (sta->peer_lid && sta->peer_lid != plid)) { | |
1224 | wpa_printf(MSG_DEBUG, | |
1225 | "MPM: lid mismatch: my_lid: 0x%x != 0x%x or peer_lid: 0x%x != 0x%x", | |
1226 | sta->my_lid, llid, sta->peer_lid, plid); | |
1227 | return; /* no FSM event */ | |
1228 | } else { | |
1229 | if (!sta->peer_lid) | |
1230 | sta->peer_lid = plid; | |
1231 | sta->peer_aid = aid; | |
1232 | event = CNF_ACPT; | |
1233 | } | |
1234 | break; | |
1235 | case PLINK_CLOSE: | |
1236 | if (sta->plink_state == PLINK_ESTAB) | |
1237 | /* Do not check for llid or plid. This does not | |
1238 | * follow the standard but since multiple plinks | |
1239 | * per cand are not supported, it is necessary in | |
1240 | * order to avoid a livelock when MP A sees an | |
1241 | * establish peer link to MP B but MP B does not | |
1242 | * see it. This can be caused by a timeout in | |
1243 | * B's peer link establishment or B being | |
1244 | * restarted. | |
1245 | */ | |
1246 | event = CLS_ACPT; | |
1247 | else if (sta->peer_lid != plid) { | |
1248 | wpa_printf(MSG_DEBUG, | |
1249 | "MPM: peer_lid mismatch: 0x%x != 0x%x", | |
1250 | sta->peer_lid, plid); | |
1251 | return; /* no FSM event */ | |
1252 | } else if (peer_mgmt_ie.plid && sta->my_lid != llid) { | |
1253 | wpa_printf(MSG_DEBUG, | |
1254 | "MPM: my_lid mismatch: 0x%x != 0x%x", | |
1255 | sta->my_lid, llid); | |
1256 | return; /* no FSM event */ | |
1257 | } else { | |
1258 | event = CLS_ACPT; | |
1259 | } | |
1260 | break; | |
1261 | default: | |
1262 | /* | |
1263 | * This cannot be hit due to the action_field check above, but | |
1264 | * compilers may not be able to figure that out and can warn | |
1265 | * about uninitialized event below. | |
1266 | */ | |
1267 | return; | |
1268 | } | |
1269 | mesh_mpm_fsm(wpa_s, sta, event, reason); | |
1270 | } | |
1271 | ||
1272 | ||
1273 | /* called by ap_free_sta */ | |
1274 | void mesh_mpm_free_sta(struct hostapd_data *hapd, struct sta_info *sta) | |
1275 | { | |
1276 | if (sta->plink_state == PLINK_ESTAB) | |
1277 | hapd->num_plinks--; | |
1278 | eloop_cancel_timeout(plink_timer, ELOOP_ALL_CTX, sta); | |
1279 | eloop_cancel_timeout(mesh_auth_timer, ELOOP_ALL_CTX, sta); | |
1280 | } |