]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * WPA Supplicant - Basic mesh peer management | |
3 | * Copyright (c) 2013-2014, cozybit, Inc. All rights reserved. | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
12 | #include "utils/eloop.h" | |
13 | #include "common/ieee802_11_defs.h" | |
14 | #include "common/hw_features_common.h" | |
15 | #include "common/ocv.h" | |
16 | #include "ap/hostapd.h" | |
17 | #include "ap/sta_info.h" | |
18 | #include "ap/ieee802_11.h" | |
19 | #include "ap/wpa_auth.h" | |
20 | #include "wpa_supplicant_i.h" | |
21 | #include "driver_i.h" | |
22 | #include "mesh_mpm.h" | |
23 | #include "mesh_rsn.h" | |
24 | #include "notify.h" | |
25 | ||
26 | struct mesh_peer_mgmt_ie { | |
27 | const u8 *proto_id; /* Mesh Peering Protocol Identifier (2 octets) */ | |
28 | const u8 *llid; /* Local Link ID (2 octets) */ | |
29 | const u8 *plid; /* Peer Link ID (conditional, 2 octets) */ | |
30 | const u8 *reason; /* Reason Code (conditional, 2 octets) */ | |
31 | const u8 *chosen_pmk; /* Chosen PMK (optional, 16 octets) */ | |
32 | }; | |
33 | ||
34 | static void plink_timer(void *eloop_ctx, void *user_data); | |
35 | ||
36 | ||
37 | enum plink_event { | |
38 | PLINK_UNDEFINED, | |
39 | OPN_ACPT, | |
40 | OPN_RJCT, | |
41 | CNF_ACPT, | |
42 | CNF_RJCT, | |
43 | CLS_ACPT, | |
44 | REQ_RJCT | |
45 | }; | |
46 | ||
47 | static const char * const mplstate[] = { | |
48 | [0] = "UNINITIALIZED", | |
49 | [PLINK_IDLE] = "IDLE", | |
50 | [PLINK_OPN_SNT] = "OPN_SNT", | |
51 | [PLINK_OPN_RCVD] = "OPN_RCVD", | |
52 | [PLINK_CNF_RCVD] = "CNF_RCVD", | |
53 | [PLINK_ESTAB] = "ESTAB", | |
54 | [PLINK_HOLDING] = "HOLDING", | |
55 | [PLINK_BLOCKED] = "BLOCKED" | |
56 | }; | |
57 | ||
58 | static const char * const mplevent[] = { | |
59 | [PLINK_UNDEFINED] = "UNDEFINED", | |
60 | [OPN_ACPT] = "OPN_ACPT", | |
61 | [OPN_RJCT] = "OPN_RJCT", | |
62 | [CNF_ACPT] = "CNF_ACPT", | |
63 | [CNF_RJCT] = "CNF_RJCT", | |
64 | [CLS_ACPT] = "CLS_ACPT", | |
65 | [REQ_RJCT] = "REQ_RJCT", | |
66 | }; | |
67 | ||
68 | ||
69 | static int mesh_mpm_parse_peer_mgmt(struct wpa_supplicant *wpa_s, | |
70 | u8 action_field, | |
71 | const u8 *ie, size_t len, | |
72 | struct mesh_peer_mgmt_ie *mpm_ie) | |
73 | { | |
74 | os_memset(mpm_ie, 0, sizeof(*mpm_ie)); | |
75 | ||
76 | /* Remove optional Chosen PMK field at end */ | |
77 | if (len >= SAE_PMKID_LEN) { | |
78 | mpm_ie->chosen_pmk = ie + len - SAE_PMKID_LEN; | |
79 | len -= SAE_PMKID_LEN; | |
80 | } | |
81 | ||
82 | if ((action_field == PLINK_OPEN && len != 4) || | |
83 | (action_field == PLINK_CONFIRM && len != 6) || | |
84 | (action_field == PLINK_CLOSE && len != 6 && len != 8)) { | |
85 | wpa_msg(wpa_s, MSG_DEBUG, "MPM: Invalid peer mgmt ie"); | |
86 | return -1; | |
87 | } | |
88 | ||
89 | /* required fields */ | |
90 | if (len < 4) | |
91 | return -1; | |
92 | mpm_ie->proto_id = ie; | |
93 | mpm_ie->llid = ie + 2; | |
94 | ie += 4; | |
95 | len -= 4; | |
96 | ||
97 | /* close reason is always present at end for close */ | |
98 | if (action_field == PLINK_CLOSE) { | |
99 | if (len < 2) | |
100 | return -1; | |
101 | mpm_ie->reason = ie + len - 2; | |
102 | len -= 2; | |
103 | } | |
104 | ||
105 | /* Peer Link ID, present for confirm, and possibly close */ | |
106 | if (len >= 2) | |
107 | mpm_ie->plid = ie; | |
108 | ||
109 | return 0; | |
110 | } | |
111 | ||
112 | ||
113 | static int plink_free_count(struct hostapd_data *hapd) | |
114 | { | |
115 | if (hapd->max_plinks > hapd->num_plinks) | |
116 | return hapd->max_plinks - hapd->num_plinks; | |
117 | return 0; | |
118 | } | |
119 | ||
120 | ||
121 | static u16 copy_supp_rates(struct wpa_supplicant *wpa_s, | |
122 | struct sta_info *sta, | |
123 | struct ieee802_11_elems *elems) | |
124 | { | |
125 | if (!elems->supp_rates) { | |
126 | wpa_msg(wpa_s, MSG_ERROR, "no supported rates from " MACSTR, | |
127 | MAC2STR(sta->addr)); | |
128 | return WLAN_STATUS_UNSPECIFIED_FAILURE; | |
129 | } | |
130 | ||
131 | if (elems->supp_rates_len + elems->ext_supp_rates_len > | |
132 | sizeof(sta->supported_rates)) { | |
133 | wpa_msg(wpa_s, MSG_ERROR, | |
134 | "Invalid supported rates element length " MACSTR | |
135 | " %d+%d", MAC2STR(sta->addr), elems->supp_rates_len, | |
136 | elems->ext_supp_rates_len); | |
137 | return WLAN_STATUS_UNSPECIFIED_FAILURE; | |
138 | } | |
139 | ||
140 | sta->supported_rates_len = merge_byte_arrays( | |
141 | sta->supported_rates, sizeof(sta->supported_rates), | |
142 | elems->supp_rates, elems->supp_rates_len, | |
143 | elems->ext_supp_rates, elems->ext_supp_rates_len); | |
144 | ||
145 | return WLAN_STATUS_SUCCESS; | |
146 | } | |
147 | ||
148 | ||
149 | /* return true if elems from a neighbor match this MBSS */ | |
150 | static Boolean matches_local(struct wpa_supplicant *wpa_s, | |
151 | struct ieee802_11_elems *elems) | |
152 | { | |
153 | struct mesh_conf *mconf = wpa_s->ifmsh->mconf; | |
154 | ||
155 | if (elems->mesh_config_len < 5) | |
156 | return FALSE; | |
157 | ||
158 | return (mconf->meshid_len == elems->mesh_id_len && | |
159 | os_memcmp(mconf->meshid, elems->mesh_id, | |
160 | elems->mesh_id_len) == 0 && | |
161 | mconf->mesh_pp_id == elems->mesh_config[0] && | |
162 | mconf->mesh_pm_id == elems->mesh_config[1] && | |
163 | mconf->mesh_cc_id == elems->mesh_config[2] && | |
164 | mconf->mesh_sp_id == elems->mesh_config[3] && | |
165 | mconf->mesh_auth_id == elems->mesh_config[4]); | |
166 | } | |
167 | ||
168 | ||
169 | /* check if local link id is already used with another peer */ | |
170 | static Boolean llid_in_use(struct wpa_supplicant *wpa_s, u16 llid) | |
171 | { | |
172 | struct sta_info *sta; | |
173 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
174 | ||
175 | for (sta = hapd->sta_list; sta; sta = sta->next) { | |
176 | if (sta->my_lid == llid) | |
177 | return TRUE; | |
178 | } | |
179 | ||
180 | return FALSE; | |
181 | } | |
182 | ||
183 | ||
184 | /* generate an llid for a link and set to initial state */ | |
185 | static void mesh_mpm_init_link(struct wpa_supplicant *wpa_s, | |
186 | struct sta_info *sta) | |
187 | { | |
188 | u16 llid; | |
189 | ||
190 | do { | |
191 | if (os_get_random((u8 *) &llid, sizeof(llid)) < 0) | |
192 | llid = 0; /* continue */ | |
193 | } while (!llid || llid_in_use(wpa_s, llid)); | |
194 | ||
195 | sta->my_lid = llid; | |
196 | sta->peer_lid = 0; | |
197 | sta->peer_aid = 0; | |
198 | ||
199 | /* | |
200 | * We do not use wpa_mesh_set_plink_state() here because there is no | |
201 | * entry in kernel yet. | |
202 | */ | |
203 | sta->plink_state = PLINK_IDLE; | |
204 | } | |
205 | ||
206 | ||
207 | static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s, | |
208 | struct sta_info *sta, | |
209 | enum plink_action_field type, | |
210 | u16 close_reason) | |
211 | { | |
212 | struct wpabuf *buf; | |
213 | struct hostapd_iface *ifmsh = wpa_s->ifmsh; | |
214 | struct hostapd_data *bss = ifmsh->bss[0]; | |
215 | struct mesh_conf *conf = ifmsh->mconf; | |
216 | u8 supp_rates[2 + 2 + 32]; | |
217 | u8 *pos, *cat; | |
218 | u8 ie_len, add_plid = 0; | |
219 | int ret; | |
220 | int ampe = conf->security & MESH_CONF_SEC_AMPE; | |
221 | size_t buf_len; | |
222 | ||
223 | if (!sta) | |
224 | return; | |
225 | ||
226 | buf_len = 2 + /* Category and Action */ | |
227 | 2 + /* capability info */ | |
228 | 2 + /* AID */ | |
229 | 2 + 8 + /* supported rates */ | |
230 | 2 + (32 - 8) + | |
231 | 2 + 32 + /* mesh ID */ | |
232 | 2 + 7 + /* mesh config */ | |
233 | 2 + 24 + /* peering management */ | |
234 | 2 + 96 + /* AMPE */ | |
235 | 2 + 16; /* MIC */ | |
236 | #ifdef CONFIG_IEEE80211N | |
237 | if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) { | |
238 | buf_len += 2 + 26 + /* HT capabilities */ | |
239 | 2 + 22; /* HT operation */ | |
240 | } | |
241 | #endif /* CONFIG_IEEE80211N */ | |
242 | #ifdef CONFIG_IEEE80211AC | |
243 | if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) { | |
244 | buf_len += 2 + 12 + /* VHT Capabilities */ | |
245 | 2 + 5; /* VHT Operation */ | |
246 | } | |
247 | #endif /* CONFIG_IEEE80211AC */ | |
248 | if (type != PLINK_CLOSE) | |
249 | buf_len += conf->rsn_ie_len; /* RSN IE */ | |
250 | #ifdef CONFIG_OCV | |
251 | /* OCI is included even when the other STA doesn't support OCV */ | |
252 | if (type != PLINK_CLOSE && conf->ocv) | |
253 | buf_len += OCV_OCI_EXTENDED_LEN; | |
254 | #endif /* CONFIG_OCV */ | |
255 | ||
256 | buf = wpabuf_alloc(buf_len); | |
257 | if (!buf) | |
258 | return; | |
259 | ||
260 | cat = wpabuf_mhead_u8(buf); | |
261 | wpabuf_put_u8(buf, WLAN_ACTION_SELF_PROTECTED); | |
262 | wpabuf_put_u8(buf, type); | |
263 | ||
264 | if (type != PLINK_CLOSE) { | |
265 | u8 info; | |
266 | ||
267 | /* capability info */ | |
268 | wpabuf_put_le16(buf, ampe ? IEEE80211_CAP_PRIVACY : 0); | |
269 | ||
270 | /* aid */ | |
271 | if (type == PLINK_CONFIRM) | |
272 | wpabuf_put_le16(buf, sta->aid); | |
273 | ||
274 | /* IE: supp + ext. supp rates */ | |
275 | pos = hostapd_eid_supp_rates(bss, supp_rates); | |
276 | pos = hostapd_eid_ext_supp_rates(bss, pos); | |
277 | wpabuf_put_data(buf, supp_rates, pos - supp_rates); | |
278 | ||
279 | /* IE: RSN IE */ | |
280 | wpabuf_put_data(buf, conf->rsn_ie, conf->rsn_ie_len); | |
281 | ||
282 | /* IE: Mesh ID */ | |
283 | wpabuf_put_u8(buf, WLAN_EID_MESH_ID); | |
284 | wpabuf_put_u8(buf, conf->meshid_len); | |
285 | wpabuf_put_data(buf, conf->meshid, conf->meshid_len); | |
286 | ||
287 | /* IE: mesh conf */ | |
288 | wpabuf_put_u8(buf, WLAN_EID_MESH_CONFIG); | |
289 | wpabuf_put_u8(buf, 7); | |
290 | wpabuf_put_u8(buf, conf->mesh_pp_id); | |
291 | wpabuf_put_u8(buf, conf->mesh_pm_id); | |
292 | wpabuf_put_u8(buf, conf->mesh_cc_id); | |
293 | wpabuf_put_u8(buf, conf->mesh_sp_id); | |
294 | wpabuf_put_u8(buf, conf->mesh_auth_id); | |
295 | info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1; | |
296 | /* TODO: Add Connected to Mesh Gate/AS subfields */ | |
297 | wpabuf_put_u8(buf, info); | |
298 | /* always forwarding & accepting plinks for now */ | |
299 | wpabuf_put_u8(buf, MESH_CAP_ACCEPT_ADDITIONAL_PEER | | |
300 | MESH_CAP_FORWARDING); | |
301 | } else { /* Peer closing frame */ | |
302 | /* IE: Mesh ID */ | |
303 | wpabuf_put_u8(buf, WLAN_EID_MESH_ID); | |
304 | wpabuf_put_u8(buf, conf->meshid_len); | |
305 | wpabuf_put_data(buf, conf->meshid, conf->meshid_len); | |
306 | } | |
307 | ||
308 | /* IE: Mesh Peering Management element */ | |
309 | ie_len = 4; | |
310 | if (ampe) | |
311 | ie_len += PMKID_LEN; | |
312 | switch (type) { | |
313 | case PLINK_OPEN: | |
314 | break; | |
315 | case PLINK_CONFIRM: | |
316 | ie_len += 2; | |
317 | add_plid = 1; | |
318 | break; | |
319 | case PLINK_CLOSE: | |
320 | ie_len += 2; | |
321 | add_plid = 1; | |
322 | ie_len += 2; /* reason code */ | |
323 | break; | |
324 | } | |
325 | ||
326 | wpabuf_put_u8(buf, WLAN_EID_PEER_MGMT); | |
327 | wpabuf_put_u8(buf, ie_len); | |
328 | /* peering protocol */ | |
329 | if (ampe) | |
330 | wpabuf_put_le16(buf, 1); | |
331 | else | |
332 | wpabuf_put_le16(buf, 0); | |
333 | wpabuf_put_le16(buf, sta->my_lid); | |
334 | if (add_plid) | |
335 | wpabuf_put_le16(buf, sta->peer_lid); | |
336 | if (type == PLINK_CLOSE) | |
337 | wpabuf_put_le16(buf, close_reason); | |
338 | if (ampe) { | |
339 | if (sta->sae == NULL) { | |
340 | wpa_msg(wpa_s, MSG_INFO, "Mesh MPM: no SAE session"); | |
341 | goto fail; | |
342 | } | |
343 | mesh_rsn_get_pmkid(wpa_s->mesh_rsn, sta, | |
344 | wpabuf_put(buf, PMKID_LEN)); | |
345 | } | |
346 | ||
347 | #ifdef CONFIG_IEEE80211N | |
348 | if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) { | |
349 | u8 ht_capa_oper[2 + 26 + 2 + 22]; | |
350 | ||
351 | pos = hostapd_eid_ht_capabilities(bss, ht_capa_oper); | |
352 | pos = hostapd_eid_ht_operation(bss, pos); | |
353 | wpabuf_put_data(buf, ht_capa_oper, pos - ht_capa_oper); | |
354 | } | |
355 | #endif /* CONFIG_IEEE80211N */ | |
356 | #ifdef CONFIG_IEEE80211AC | |
357 | if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) { | |
358 | u8 vht_capa_oper[2 + 12 + 2 + 5]; | |
359 | ||
360 | pos = hostapd_eid_vht_capabilities(bss, vht_capa_oper, 0); | |
361 | pos = hostapd_eid_vht_operation(bss, pos); | |
362 | wpabuf_put_data(buf, vht_capa_oper, pos - vht_capa_oper); | |
363 | } | |
364 | #endif /* CONFIG_IEEE80211AC */ | |
365 | ||
366 | #ifdef CONFIG_OCV | |
367 | if (type != PLINK_CLOSE && conf->ocv) { | |
368 | struct wpa_channel_info ci; | |
369 | ||
370 | if (wpa_drv_channel_info(wpa_s, &ci) != 0) { | |
371 | wpa_printf(MSG_WARNING, | |
372 | "Mesh MPM: Failed to get channel info for OCI element"); | |
373 | goto fail; | |
374 | } | |
375 | ||
376 | pos = wpabuf_put(buf, OCV_OCI_EXTENDED_LEN); | |
377 | if (ocv_insert_extended_oci(&ci, pos) < 0) | |
378 | goto fail; | |
379 | } | |
380 | #endif /* CONFIG_OCV */ | |
381 | ||
382 | if (ampe && mesh_rsn_protect_frame(wpa_s->mesh_rsn, sta, cat, buf)) { | |
383 | wpa_msg(wpa_s, MSG_INFO, | |
384 | "Mesh MPM: failed to add AMPE and MIC IE"); | |
385 | goto fail; | |
386 | } | |
387 | ||
388 | wpa_msg(wpa_s, MSG_DEBUG, "Mesh MPM: Sending peering frame type %d to " | |
389 | MACSTR " (my_lid=0x%x peer_lid=0x%x)", | |
390 | type, MAC2STR(sta->addr), sta->my_lid, sta->peer_lid); | |
391 | ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, | |
392 | sta->addr, wpa_s->own_addr, wpa_s->own_addr, | |
393 | wpabuf_head(buf), wpabuf_len(buf), 0); | |
394 | if (ret < 0) | |
395 | wpa_msg(wpa_s, MSG_INFO, | |
396 | "Mesh MPM: failed to send peering frame"); | |
397 | ||
398 | fail: | |
399 | wpabuf_free(buf); | |
400 | } | |
401 | ||
402 | ||
403 | /* configure peering state in ours and driver's station entry */ | |
404 | void wpa_mesh_set_plink_state(struct wpa_supplicant *wpa_s, | |
405 | struct sta_info *sta, | |
406 | enum mesh_plink_state state) | |
407 | { | |
408 | struct hostapd_sta_add_params params; | |
409 | int ret; | |
410 | ||
411 | wpa_msg(wpa_s, MSG_DEBUG, "MPM set " MACSTR " from %s into %s", | |
412 | MAC2STR(sta->addr), mplstate[sta->plink_state], | |
413 | mplstate[state]); | |
414 | sta->plink_state = state; | |
415 | ||
416 | os_memset(¶ms, 0, sizeof(params)); | |
417 | params.addr = sta->addr; | |
418 | params.plink_state = state; | |
419 | params.peer_aid = sta->peer_aid; | |
420 | params.set = 1; | |
421 | ||
422 | ret = wpa_drv_sta_add(wpa_s, ¶ms); | |
423 | if (ret) { | |
424 | wpa_msg(wpa_s, MSG_ERROR, "Driver failed to set " MACSTR | |
425 | ": %d", MAC2STR(sta->addr), ret); | |
426 | } | |
427 | } | |
428 | ||
429 | ||
430 | static void mesh_mpm_fsm_restart(struct wpa_supplicant *wpa_s, | |
431 | struct sta_info *sta) | |
432 | { | |
433 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
434 | ||
435 | eloop_cancel_timeout(plink_timer, wpa_s, sta); | |
436 | ||
437 | ap_free_sta(hapd, sta); | |
438 | } | |
439 | ||
440 | ||
441 | static void plink_timer(void *eloop_ctx, void *user_data) | |
442 | { | |
443 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
444 | struct sta_info *sta = user_data; | |
445 | u16 reason = 0; | |
446 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
447 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
448 | ||
449 | switch (sta->plink_state) { | |
450 | case PLINK_OPN_RCVD: | |
451 | case PLINK_OPN_SNT: | |
452 | /* retry timer */ | |
453 | if (sta->mpm_retries < conf->dot11MeshMaxRetries) { | |
454 | eloop_register_timeout( | |
455 | conf->dot11MeshRetryTimeout / 1000, | |
456 | (conf->dot11MeshRetryTimeout % 1000) * 1000, | |
457 | plink_timer, wpa_s, sta); | |
458 | mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0); | |
459 | sta->mpm_retries++; | |
460 | break; | |
461 | } | |
462 | reason = WLAN_REASON_MESH_MAX_RETRIES; | |
463 | /* fall through */ | |
464 | ||
465 | case PLINK_CNF_RCVD: | |
466 | /* confirm timer */ | |
467 | if (!reason) | |
468 | reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; | |
469 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
470 | eloop_register_timeout(conf->dot11MeshHoldingTimeout / 1000, | |
471 | (conf->dot11MeshHoldingTimeout % 1000) * 1000, | |
472 | plink_timer, wpa_s, sta); | |
473 | mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason); | |
474 | break; | |
475 | case PLINK_HOLDING: | |
476 | /* holding timer */ | |
477 | ||
478 | if (sta->mesh_sae_pmksa_caching) { | |
479 | wpa_printf(MSG_DEBUG, "MPM: Peer " MACSTR | |
480 | " looks like it does not support mesh SAE PMKSA caching, so remove the cached entry for it", | |
481 | MAC2STR(sta->addr)); | |
482 | wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); | |
483 | } | |
484 | mesh_mpm_fsm_restart(wpa_s, sta); | |
485 | break; | |
486 | default: | |
487 | break; | |
488 | } | |
489 | } | |
490 | ||
491 | ||
492 | /* initiate peering with station */ | |
493 | static void | |
494 | mesh_mpm_plink_open(struct wpa_supplicant *wpa_s, struct sta_info *sta, | |
495 | enum mesh_plink_state next_state) | |
496 | { | |
497 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
498 | ||
499 | eloop_cancel_timeout(plink_timer, wpa_s, sta); | |
500 | eloop_register_timeout(conf->dot11MeshRetryTimeout / 1000, | |
501 | (conf->dot11MeshRetryTimeout % 1000) * 1000, | |
502 | plink_timer, wpa_s, sta); | |
503 | mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0); | |
504 | wpa_mesh_set_plink_state(wpa_s, sta, next_state); | |
505 | } | |
506 | ||
507 | ||
508 | static int mesh_mpm_plink_close(struct hostapd_data *hapd, struct sta_info *sta, | |
509 | void *ctx) | |
510 | { | |
511 | struct wpa_supplicant *wpa_s = ctx; | |
512 | int reason = WLAN_REASON_MESH_PEERING_CANCELLED; | |
513 | ||
514 | if (sta) { | |
515 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
516 | mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason); | |
517 | wpa_printf(MSG_DEBUG, "MPM closing plink sta=" MACSTR, | |
518 | MAC2STR(sta->addr)); | |
519 | eloop_cancel_timeout(plink_timer, wpa_s, sta); | |
520 | return 0; | |
521 | } | |
522 | ||
523 | return 1; | |
524 | } | |
525 | ||
526 | ||
527 | int mesh_mpm_close_peer(struct wpa_supplicant *wpa_s, const u8 *addr) | |
528 | { | |
529 | struct hostapd_data *hapd; | |
530 | struct sta_info *sta; | |
531 | ||
532 | if (!wpa_s->ifmsh) { | |
533 | wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet"); | |
534 | return -1; | |
535 | } | |
536 | ||
537 | hapd = wpa_s->ifmsh->bss[0]; | |
538 | sta = ap_get_sta(hapd, addr); | |
539 | if (!sta) { | |
540 | wpa_msg(wpa_s, MSG_INFO, "No such mesh peer"); | |
541 | return -1; | |
542 | } | |
543 | ||
544 | return mesh_mpm_plink_close(hapd, sta, wpa_s) == 0 ? 0 : -1; | |
545 | } | |
546 | ||
547 | ||
548 | static void peer_add_timer(void *eloop_ctx, void *user_data) | |
549 | { | |
550 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
551 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
552 | ||
553 | os_memset(hapd->mesh_required_peer, 0, ETH_ALEN); | |
554 | } | |
555 | ||
556 | ||
557 | int mesh_mpm_connect_peer(struct wpa_supplicant *wpa_s, const u8 *addr, | |
558 | int duration) | |
559 | { | |
560 | struct wpa_ssid *ssid = wpa_s->current_ssid; | |
561 | struct hostapd_data *hapd; | |
562 | struct sta_info *sta; | |
563 | struct mesh_conf *conf; | |
564 | ||
565 | if (!wpa_s->ifmsh) { | |
566 | wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet"); | |
567 | return -1; | |
568 | } | |
569 | ||
570 | if (!ssid || !ssid->no_auto_peer) { | |
571 | wpa_msg(wpa_s, MSG_INFO, | |
572 | "This command is available only with no_auto_peer mesh network"); | |
573 | return -1; | |
574 | } | |
575 | ||
576 | hapd = wpa_s->ifmsh->bss[0]; | |
577 | conf = wpa_s->ifmsh->mconf; | |
578 | ||
579 | sta = ap_get_sta(hapd, addr); | |
580 | if (!sta) { | |
581 | wpa_msg(wpa_s, MSG_INFO, "No such mesh peer"); | |
582 | return -1; | |
583 | } | |
584 | ||
585 | if ((PLINK_OPN_SNT <= sta->plink_state && | |
586 | sta->plink_state <= PLINK_ESTAB) || | |
587 | (sta->sae && sta->sae->state > SAE_NOTHING)) { | |
588 | wpa_msg(wpa_s, MSG_INFO, | |
589 | "Specified peer is connecting/connected"); | |
590 | return -1; | |
591 | } | |
592 | ||
593 | if (conf->security == MESH_CONF_SEC_NONE) { | |
594 | mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); | |
595 | } else { | |
596 | mesh_rsn_auth_sae_sta(wpa_s, sta); | |
597 | os_memcpy(hapd->mesh_required_peer, addr, ETH_ALEN); | |
598 | eloop_register_timeout(duration == -1 ? 10 : duration, 0, | |
599 | peer_add_timer, wpa_s, NULL); | |
600 | } | |
601 | ||
602 | return 0; | |
603 | } | |
604 | ||
605 | ||
606 | void mesh_mpm_deinit(struct wpa_supplicant *wpa_s, struct hostapd_iface *ifmsh) | |
607 | { | |
608 | struct hostapd_data *hapd = ifmsh->bss[0]; | |
609 | ||
610 | /* notify peers we're leaving */ | |
611 | ap_for_each_sta(hapd, mesh_mpm_plink_close, wpa_s); | |
612 | ||
613 | hapd->num_plinks = 0; | |
614 | hostapd_free_stas(hapd); | |
615 | eloop_cancel_timeout(peer_add_timer, wpa_s, NULL); | |
616 | } | |
617 | ||
618 | ||
619 | /* for mesh_rsn to indicate this peer has completed authentication, and we're | |
620 | * ready to start AMPE */ | |
621 | void mesh_mpm_auth_peer(struct wpa_supplicant *wpa_s, const u8 *addr) | |
622 | { | |
623 | struct hostapd_data *data = wpa_s->ifmsh->bss[0]; | |
624 | struct hostapd_sta_add_params params; | |
625 | struct sta_info *sta; | |
626 | int ret; | |
627 | ||
628 | sta = ap_get_sta(data, addr); | |
629 | if (!sta) { | |
630 | wpa_msg(wpa_s, MSG_DEBUG, "no such mesh peer"); | |
631 | return; | |
632 | } | |
633 | ||
634 | /* TODO: Should do nothing if this STA is already authenticated, but | |
635 | * the AP code already sets this flag. */ | |
636 | sta->flags |= WLAN_STA_AUTH; | |
637 | ||
638 | mesh_rsn_init_ampe_sta(wpa_s, sta); | |
639 | ||
640 | os_memset(¶ms, 0, sizeof(params)); | |
641 | params.addr = sta->addr; | |
642 | params.flags = WPA_STA_AUTHENTICATED | WPA_STA_AUTHORIZED; | |
643 | params.set = 1; | |
644 | ||
645 | wpa_msg(wpa_s, MSG_DEBUG, "MPM authenticating " MACSTR, | |
646 | MAC2STR(sta->addr)); | |
647 | ret = wpa_drv_sta_add(wpa_s, ¶ms); | |
648 | if (ret) { | |
649 | wpa_msg(wpa_s, MSG_ERROR, | |
650 | "Driver failed to set " MACSTR ": %d", | |
651 | MAC2STR(sta->addr), ret); | |
652 | } | |
653 | ||
654 | if (!sta->my_lid) | |
655 | mesh_mpm_init_link(wpa_s, sta); | |
656 | ||
657 | mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); | |
658 | } | |
659 | ||
660 | /* | |
661 | * Initialize a sta_info structure for a peer and upload it into the driver | |
662 | * in preparation for beginning authentication or peering. This is done when a | |
663 | * Beacon (secure or open mesh) or a peering open frame (for open mesh) is | |
664 | * received from the peer for the first time. | |
665 | */ | |
666 | static struct sta_info * mesh_mpm_add_peer(struct wpa_supplicant *wpa_s, | |
667 | const u8 *addr, | |
668 | struct ieee802_11_elems *elems) | |
669 | { | |
670 | struct hostapd_sta_add_params params; | |
671 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
672 | struct hostapd_data *data = wpa_s->ifmsh->bss[0]; | |
673 | struct sta_info *sta; | |
674 | #ifdef CONFIG_IEEE80211N | |
675 | struct ieee80211_ht_operation *oper; | |
676 | #endif /* CONFIG_IEEE80211N */ | |
677 | int ret; | |
678 | ||
679 | if (elems->mesh_config_len >= 7 && | |
680 | !(elems->mesh_config[6] & MESH_CAP_ACCEPT_ADDITIONAL_PEER)) { | |
681 | wpa_msg(wpa_s, MSG_DEBUG, | |
682 | "mesh: Ignore a crowded peer " MACSTR, | |
683 | MAC2STR(addr)); | |
684 | return NULL; | |
685 | } | |
686 | ||
687 | sta = ap_get_sta(data, addr); | |
688 | if (!sta) { | |
689 | sta = ap_sta_add(data, addr); | |
690 | if (!sta) | |
691 | return NULL; | |
692 | } | |
693 | ||
694 | /* Set WMM by default since Mesh STAs are QoS STAs */ | |
695 | sta->flags |= WLAN_STA_WMM; | |
696 | ||
697 | /* initialize sta */ | |
698 | if (copy_supp_rates(wpa_s, sta, elems)) { | |
699 | ap_free_sta(data, sta); | |
700 | return NULL; | |
701 | } | |
702 | ||
703 | if (!sta->my_lid) | |
704 | mesh_mpm_init_link(wpa_s, sta); | |
705 | ||
706 | #ifdef CONFIG_IEEE80211N | |
707 | copy_sta_ht_capab(data, sta, elems->ht_capabilities); | |
708 | ||
709 | oper = (struct ieee80211_ht_operation *) elems->ht_operation; | |
710 | if (oper && | |
711 | !(oper->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) && | |
712 | sta->ht_capabilities) { | |
713 | wpa_msg(wpa_s, MSG_DEBUG, MACSTR | |
714 | " does not support 40 MHz bandwidth", | |
715 | MAC2STR(sta->addr)); | |
716 | set_disable_ht40(sta->ht_capabilities, 1); | |
717 | } | |
718 | ||
719 | update_ht_state(data, sta); | |
720 | #endif /* CONFIG_IEEE80211N */ | |
721 | ||
722 | #ifdef CONFIG_IEEE80211AC | |
723 | copy_sta_vht_capab(data, sta, elems->vht_capabilities); | |
724 | copy_sta_vht_oper(data, sta, elems->vht_operation); | |
725 | set_sta_vht_opmode(data, sta, elems->vht_opmode_notif); | |
726 | #endif /* CONFIG_IEEE80211AC */ | |
727 | ||
728 | if (hostapd_get_aid(data, sta) < 0) { | |
729 | wpa_msg(wpa_s, MSG_ERROR, "No AIDs available"); | |
730 | ap_free_sta(data, sta); | |
731 | return NULL; | |
732 | } | |
733 | ||
734 | /* insert into driver */ | |
735 | os_memset(¶ms, 0, sizeof(params)); | |
736 | params.supp_rates = sta->supported_rates; | |
737 | params.supp_rates_len = sta->supported_rates_len; | |
738 | params.addr = addr; | |
739 | params.plink_state = sta->plink_state; | |
740 | params.aid = sta->aid; | |
741 | params.peer_aid = sta->peer_aid; | |
742 | params.listen_interval = 100; | |
743 | params.ht_capabilities = sta->ht_capabilities; | |
744 | params.vht_capabilities = sta->vht_capabilities; | |
745 | params.flags |= WPA_STA_WMM; | |
746 | params.flags_mask |= WPA_STA_AUTHENTICATED; | |
747 | if (conf->security == MESH_CONF_SEC_NONE) { | |
748 | params.flags |= WPA_STA_AUTHORIZED; | |
749 | params.flags |= WPA_STA_AUTHENTICATED; | |
750 | } else { | |
751 | sta->flags |= WLAN_STA_MFP; | |
752 | params.flags |= WPA_STA_MFP; | |
753 | } | |
754 | ||
755 | ret = wpa_drv_sta_add(wpa_s, ¶ms); | |
756 | if (ret) { | |
757 | wpa_msg(wpa_s, MSG_ERROR, | |
758 | "Driver failed to insert " MACSTR ": %d", | |
759 | MAC2STR(addr), ret); | |
760 | ap_free_sta(data, sta); | |
761 | return NULL; | |
762 | } | |
763 | ||
764 | return sta; | |
765 | } | |
766 | ||
767 | ||
768 | void wpa_mesh_new_mesh_peer(struct wpa_supplicant *wpa_s, const u8 *addr, | |
769 | struct ieee802_11_elems *elems) | |
770 | { | |
771 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
772 | struct hostapd_data *data = wpa_s->ifmsh->bss[0]; | |
773 | struct sta_info *sta; | |
774 | struct wpa_ssid *ssid = wpa_s->current_ssid; | |
775 | ||
776 | sta = mesh_mpm_add_peer(wpa_s, addr, elems); | |
777 | if (!sta) | |
778 | return; | |
779 | ||
780 | if (ssid && ssid->no_auto_peer && | |
781 | (is_zero_ether_addr(data->mesh_required_peer) || | |
782 | os_memcmp(data->mesh_required_peer, addr, ETH_ALEN) != 0)) { | |
783 | wpa_msg(wpa_s, MSG_INFO, "will not initiate new peer link with " | |
784 | MACSTR " because of no_auto_peer", MAC2STR(addr)); | |
785 | if (data->mesh_pending_auth) { | |
786 | struct os_reltime age; | |
787 | const struct ieee80211_mgmt *mgmt; | |
788 | struct hostapd_frame_info fi; | |
789 | ||
790 | mgmt = wpabuf_head(data->mesh_pending_auth); | |
791 | os_reltime_age(&data->mesh_pending_auth_time, &age); | |
792 | if (age.sec < 2 && | |
793 | os_memcmp(mgmt->sa, addr, ETH_ALEN) == 0) { | |
794 | wpa_printf(MSG_DEBUG, | |
795 | "mesh: Process pending Authentication frame from %u.%06u seconds ago", | |
796 | (unsigned int) age.sec, | |
797 | (unsigned int) age.usec); | |
798 | os_memset(&fi, 0, sizeof(fi)); | |
799 | ieee802_11_mgmt( | |
800 | data, | |
801 | wpabuf_head(data->mesh_pending_auth), | |
802 | wpabuf_len(data->mesh_pending_auth), | |
803 | &fi); | |
804 | } | |
805 | wpabuf_free(data->mesh_pending_auth); | |
806 | data->mesh_pending_auth = NULL; | |
807 | } | |
808 | return; | |
809 | } | |
810 | ||
811 | if (conf->security == MESH_CONF_SEC_NONE) { | |
812 | if (sta->plink_state < PLINK_OPN_SNT || | |
813 | sta->plink_state > PLINK_ESTAB) | |
814 | mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); | |
815 | } else { | |
816 | mesh_rsn_auth_sae_sta(wpa_s, sta); | |
817 | } | |
818 | } | |
819 | ||
820 | ||
821 | void mesh_mpm_mgmt_rx(struct wpa_supplicant *wpa_s, struct rx_mgmt *rx_mgmt) | |
822 | { | |
823 | struct hostapd_frame_info fi; | |
824 | ||
825 | os_memset(&fi, 0, sizeof(fi)); | |
826 | fi.datarate = rx_mgmt->datarate; | |
827 | fi.ssi_signal = rx_mgmt->ssi_signal; | |
828 | ieee802_11_mgmt(wpa_s->ifmsh->bss[0], rx_mgmt->frame, | |
829 | rx_mgmt->frame_len, &fi); | |
830 | } | |
831 | ||
832 | ||
833 | static void mesh_mpm_plink_estab(struct wpa_supplicant *wpa_s, | |
834 | struct sta_info *sta) | |
835 | { | |
836 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
837 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
838 | u8 seq[6] = {}; | |
839 | ||
840 | wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR " established", | |
841 | MAC2STR(sta->addr)); | |
842 | ||
843 | if (conf->security & MESH_CONF_SEC_AMPE) { | |
844 | wpa_hexdump_key(MSG_DEBUG, "mesh: MTK", sta->mtk, sta->mtk_len); | |
845 | wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->pairwise_cipher), | |
846 | sta->addr, 0, 0, seq, sizeof(seq), | |
847 | sta->mtk, sta->mtk_len); | |
848 | ||
849 | wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK Key RSC", | |
850 | sta->mgtk_rsc, sizeof(sta->mgtk_rsc)); | |
851 | wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK", | |
852 | sta->mgtk, sta->mgtk_len); | |
853 | wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->group_cipher), | |
854 | sta->addr, sta->mgtk_key_id, 0, | |
855 | sta->mgtk_rsc, sizeof(sta->mgtk_rsc), | |
856 | sta->mgtk, sta->mgtk_len); | |
857 | ||
858 | if (sta->igtk_len) { | |
859 | wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK Key RSC", | |
860 | sta->igtk_rsc, sizeof(sta->igtk_rsc)); | |
861 | wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK", | |
862 | sta->igtk, sta->igtk_len); | |
863 | wpa_drv_set_key( | |
864 | wpa_s, | |
865 | wpa_cipher_to_alg(conf->mgmt_group_cipher), | |
866 | sta->addr, sta->igtk_key_id, 0, | |
867 | sta->igtk_rsc, sizeof(sta->igtk_rsc), | |
868 | sta->igtk, sta->igtk_len); | |
869 | } | |
870 | } | |
871 | ||
872 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_ESTAB); | |
873 | hapd->num_plinks++; | |
874 | ||
875 | sta->flags |= WLAN_STA_ASSOC; | |
876 | sta->mesh_sae_pmksa_caching = 0; | |
877 | ||
878 | eloop_cancel_timeout(peer_add_timer, wpa_s, NULL); | |
879 | peer_add_timer(wpa_s, NULL); | |
880 | eloop_cancel_timeout(plink_timer, wpa_s, sta); | |
881 | ||
882 | /* Send ctrl event */ | |
883 | wpa_msg(wpa_s, MSG_INFO, MESH_PEER_CONNECTED MACSTR, | |
884 | MAC2STR(sta->addr)); | |
885 | ||
886 | /* Send D-Bus event */ | |
887 | wpas_notify_mesh_peer_connected(wpa_s, sta->addr); | |
888 | } | |
889 | ||
890 | ||
891 | static void mesh_mpm_fsm(struct wpa_supplicant *wpa_s, struct sta_info *sta, | |
892 | enum plink_event event, u16 reason) | |
893 | { | |
894 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
895 | struct mesh_conf *conf = wpa_s->ifmsh->mconf; | |
896 | ||
897 | wpa_msg(wpa_s, MSG_DEBUG, "MPM " MACSTR " state %s event %s", | |
898 | MAC2STR(sta->addr), mplstate[sta->plink_state], | |
899 | mplevent[event]); | |
900 | ||
901 | switch (sta->plink_state) { | |
902 | case PLINK_IDLE: | |
903 | switch (event) { | |
904 | case CLS_ACPT: | |
905 | mesh_mpm_fsm_restart(wpa_s, sta); | |
906 | break; | |
907 | case OPN_ACPT: | |
908 | mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_RCVD); | |
909 | mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CONFIRM, | |
910 | 0); | |
911 | break; | |
912 | case REQ_RJCT: | |
913 | mesh_mpm_send_plink_action(wpa_s, sta, | |
914 | PLINK_CLOSE, reason); | |
915 | break; | |
916 | default: | |
917 | break; | |
918 | } | |
919 | break; | |
920 | case PLINK_OPN_SNT: | |
921 | switch (event) { | |
922 | case OPN_RJCT: | |
923 | case CNF_RJCT: | |
924 | if (!reason) | |
925 | reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; | |
926 | /* fall-through */ | |
927 | case CLS_ACPT: | |
928 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
929 | if (!reason) | |
930 | reason = WLAN_REASON_MESH_CLOSE_RCVD; | |
931 | eloop_register_timeout( | |
932 | conf->dot11MeshHoldingTimeout / 1000, | |
933 | (conf->dot11MeshHoldingTimeout % 1000) * 1000, | |
934 | plink_timer, wpa_s, sta); | |
935 | mesh_mpm_send_plink_action(wpa_s, sta, | |
936 | PLINK_CLOSE, reason); | |
937 | break; | |
938 | case OPN_ACPT: | |
939 | /* retry timer is left untouched */ | |
940 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_OPN_RCVD); | |
941 | mesh_mpm_send_plink_action(wpa_s, sta, | |
942 | PLINK_CONFIRM, 0); | |
943 | break; | |
944 | case CNF_ACPT: | |
945 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_CNF_RCVD); | |
946 | eloop_cancel_timeout(plink_timer, wpa_s, sta); | |
947 | eloop_register_timeout( | |
948 | conf->dot11MeshConfirmTimeout / 1000, | |
949 | (conf->dot11MeshConfirmTimeout % 1000) * 1000, | |
950 | plink_timer, wpa_s, sta); | |
951 | break; | |
952 | default: | |
953 | break; | |
954 | } | |
955 | break; | |
956 | case PLINK_OPN_RCVD: | |
957 | switch (event) { | |
958 | case OPN_RJCT: | |
959 | case CNF_RJCT: | |
960 | if (!reason) | |
961 | reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; | |
962 | /* fall-through */ | |
963 | case CLS_ACPT: | |
964 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
965 | if (!reason) | |
966 | reason = WLAN_REASON_MESH_CLOSE_RCVD; | |
967 | eloop_register_timeout( | |
968 | conf->dot11MeshHoldingTimeout / 1000, | |
969 | (conf->dot11MeshHoldingTimeout % 1000) * 1000, | |
970 | plink_timer, wpa_s, sta); | |
971 | sta->mpm_close_reason = reason; | |
972 | mesh_mpm_send_plink_action(wpa_s, sta, | |
973 | PLINK_CLOSE, reason); | |
974 | break; | |
975 | case OPN_ACPT: | |
976 | mesh_mpm_send_plink_action(wpa_s, sta, | |
977 | PLINK_CONFIRM, 0); | |
978 | break; | |
979 | case CNF_ACPT: | |
980 | if (conf->security & MESH_CONF_SEC_AMPE) | |
981 | mesh_rsn_derive_mtk(wpa_s, sta); | |
982 | mesh_mpm_plink_estab(wpa_s, sta); | |
983 | break; | |
984 | default: | |
985 | break; | |
986 | } | |
987 | break; | |
988 | case PLINK_CNF_RCVD: | |
989 | switch (event) { | |
990 | case OPN_RJCT: | |
991 | case CNF_RJCT: | |
992 | if (!reason) | |
993 | reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; | |
994 | /* fall-through */ | |
995 | case CLS_ACPT: | |
996 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
997 | if (!reason) | |
998 | reason = WLAN_REASON_MESH_CLOSE_RCVD; | |
999 | eloop_register_timeout( | |
1000 | conf->dot11MeshHoldingTimeout / 1000, | |
1001 | (conf->dot11MeshHoldingTimeout % 1000) * 1000, | |
1002 | plink_timer, wpa_s, sta); | |
1003 | sta->mpm_close_reason = reason; | |
1004 | mesh_mpm_send_plink_action(wpa_s, sta, | |
1005 | PLINK_CLOSE, reason); | |
1006 | break; | |
1007 | case OPN_ACPT: | |
1008 | if (conf->security & MESH_CONF_SEC_AMPE) | |
1009 | mesh_rsn_derive_mtk(wpa_s, sta); | |
1010 | mesh_mpm_plink_estab(wpa_s, sta); | |
1011 | mesh_mpm_send_plink_action(wpa_s, sta, | |
1012 | PLINK_CONFIRM, 0); | |
1013 | break; | |
1014 | default: | |
1015 | break; | |
1016 | } | |
1017 | break; | |
1018 | case PLINK_ESTAB: | |
1019 | switch (event) { | |
1020 | case OPN_RJCT: | |
1021 | case CNF_RJCT: | |
1022 | case CLS_ACPT: | |
1023 | wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); | |
1024 | if (!reason) | |
1025 | reason = WLAN_REASON_MESH_CLOSE_RCVD; | |
1026 | ||
1027 | eloop_register_timeout( | |
1028 | conf->dot11MeshHoldingTimeout / 1000, | |
1029 | (conf->dot11MeshHoldingTimeout % 1000) * 1000, | |
1030 | plink_timer, wpa_s, sta); | |
1031 | sta->mpm_close_reason = reason; | |
1032 | ||
1033 | wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR | |
1034 | " closed with reason %d", | |
1035 | MAC2STR(sta->addr), reason); | |
1036 | ||
1037 | wpa_msg(wpa_s, MSG_INFO, MESH_PEER_DISCONNECTED MACSTR, | |
1038 | MAC2STR(sta->addr)); | |
1039 | ||
1040 | /* Send D-Bus event */ | |
1041 | wpas_notify_mesh_peer_disconnected(wpa_s, sta->addr, | |
1042 | reason); | |
1043 | ||
1044 | hapd->num_plinks--; | |
1045 | ||
1046 | mesh_mpm_send_plink_action(wpa_s, sta, | |
1047 | PLINK_CLOSE, reason); | |
1048 | break; | |
1049 | case OPN_ACPT: | |
1050 | mesh_mpm_send_plink_action(wpa_s, sta, | |
1051 | PLINK_CONFIRM, 0); | |
1052 | break; | |
1053 | default: | |
1054 | break; | |
1055 | } | |
1056 | break; | |
1057 | case PLINK_HOLDING: | |
1058 | switch (event) { | |
1059 | case CLS_ACPT: | |
1060 | mesh_mpm_fsm_restart(wpa_s, sta); | |
1061 | break; | |
1062 | case OPN_ACPT: | |
1063 | case CNF_ACPT: | |
1064 | case OPN_RJCT: | |
1065 | case CNF_RJCT: | |
1066 | reason = sta->mpm_close_reason; | |
1067 | mesh_mpm_send_plink_action(wpa_s, sta, | |
1068 | PLINK_CLOSE, reason); | |
1069 | break; | |
1070 | default: | |
1071 | break; | |
1072 | } | |
1073 | break; | |
1074 | default: | |
1075 | wpa_msg(wpa_s, MSG_DEBUG, | |
1076 | "Unsupported MPM event %s for state %s", | |
1077 | mplevent[event], mplstate[sta->plink_state]); | |
1078 | break; | |
1079 | } | |
1080 | } | |
1081 | ||
1082 | ||
1083 | void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s, | |
1084 | const struct ieee80211_mgmt *mgmt, size_t len) | |
1085 | { | |
1086 | u8 action_field; | |
1087 | struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; | |
1088 | struct mesh_conf *mconf = wpa_s->ifmsh->mconf; | |
1089 | struct sta_info *sta; | |
1090 | u16 plid = 0, llid = 0, aid = 0; | |
1091 | enum plink_event event; | |
1092 | struct ieee802_11_elems elems; | |
1093 | struct mesh_peer_mgmt_ie peer_mgmt_ie; | |
1094 | const u8 *ies; | |
1095 | size_t ie_len; | |
1096 | int ret; | |
1097 | u16 reason = 0; | |
1098 | ||
1099 | if (mgmt->u.action.category != WLAN_ACTION_SELF_PROTECTED) | |
1100 | return; | |
1101 | ||
1102 | action_field = mgmt->u.action.u.slf_prot_action.action; | |
1103 | if (action_field != PLINK_OPEN && | |
1104 | action_field != PLINK_CONFIRM && | |
1105 | action_field != PLINK_CLOSE) | |
1106 | return; | |
1107 | ||
1108 | ies = mgmt->u.action.u.slf_prot_action.variable; | |
1109 | ie_len = (const u8 *) mgmt + len - | |
1110 | mgmt->u.action.u.slf_prot_action.variable; | |
1111 | ||
1112 | /* at least expect mesh id and peering mgmt */ | |
1113 | if (ie_len < 2 + 2) { | |
1114 | wpa_printf(MSG_DEBUG, | |
1115 | "MPM: Ignore too short action frame %u ie_len %u", | |
1116 | action_field, (unsigned int) ie_len); | |
1117 | return; | |
1118 | } | |
1119 | wpa_printf(MSG_DEBUG, "MPM: Received PLINK action %u", action_field); | |
1120 | ||
1121 | if (action_field == PLINK_OPEN || action_field == PLINK_CONFIRM) { | |
1122 | wpa_printf(MSG_DEBUG, "MPM: Capability 0x%x", | |
1123 | WPA_GET_LE16(ies)); | |
1124 | ies += 2; /* capability */ | |
1125 | ie_len -= 2; | |
1126 | } | |
1127 | if (action_field == PLINK_CONFIRM) { | |
1128 | aid = WPA_GET_LE16(ies); | |
1129 | wpa_printf(MSG_DEBUG, "MPM: AID 0x%x", aid); | |
1130 | ies += 2; /* aid */ | |
1131 | ie_len -= 2; | |
1132 | } | |
1133 | ||
1134 | /* check for mesh peering, mesh id and mesh config IEs */ | |
1135 | if (ieee802_11_parse_elems(ies, ie_len, &elems, 0) == ParseFailed) { | |
1136 | wpa_printf(MSG_DEBUG, "MPM: Failed to parse PLINK IEs"); | |
1137 | return; | |
1138 | } | |
1139 | if (!elems.peer_mgmt) { | |
1140 | wpa_printf(MSG_DEBUG, | |
1141 | "MPM: No Mesh Peering Management element"); | |
1142 | return; | |
1143 | } | |
1144 | if (action_field != PLINK_CLOSE) { | |
1145 | if (!elems.mesh_id || !elems.mesh_config) { | |
1146 | wpa_printf(MSG_DEBUG, | |
1147 | "MPM: No Mesh ID or Mesh Configuration element"); | |
1148 | return; | |
1149 | } | |
1150 | ||
1151 | if (!matches_local(wpa_s, &elems)) { | |
1152 | wpa_printf(MSG_DEBUG, | |
1153 | "MPM: Mesh ID or Mesh Configuration element do not match local MBSS"); | |
1154 | return; | |
1155 | } | |
1156 | } | |
1157 | ||
1158 | ret = mesh_mpm_parse_peer_mgmt(wpa_s, action_field, | |
1159 | elems.peer_mgmt, | |
1160 | elems.peer_mgmt_len, | |
1161 | &peer_mgmt_ie); | |
1162 | if (ret) { | |
1163 | wpa_printf(MSG_DEBUG, "MPM: Mesh parsing rejected frame"); | |
1164 | return; | |
1165 | } | |
1166 | ||
1167 | /* the sender's llid is our plid and vice-versa */ | |
1168 | plid = WPA_GET_LE16(peer_mgmt_ie.llid); | |
1169 | if (peer_mgmt_ie.plid) | |
1170 | llid = WPA_GET_LE16(peer_mgmt_ie.plid); | |
1171 | wpa_printf(MSG_DEBUG, "MPM: plid=0x%x llid=0x%x", plid, llid); | |
1172 | ||
1173 | if (action_field == PLINK_CLOSE) | |
1174 | wpa_printf(MSG_DEBUG, "MPM: close reason=%u", | |
1175 | WPA_GET_LE16(peer_mgmt_ie.reason)); | |
1176 | ||
1177 | sta = ap_get_sta(hapd, mgmt->sa); | |
1178 | ||
1179 | /* | |
1180 | * If this is an open frame from an unknown STA, and this is an | |
1181 | * open mesh, then go ahead and add the peer before proceeding. | |
1182 | */ | |
1183 | if (!sta && action_field == PLINK_OPEN && | |
1184 | (!(mconf->security & MESH_CONF_SEC_AMPE) || | |
1185 | wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa, NULL))) | |
1186 | sta = mesh_mpm_add_peer(wpa_s, mgmt->sa, &elems); | |
1187 | ||
1188 | if (!sta) { | |
1189 | wpa_printf(MSG_DEBUG, "MPM: No STA entry for peer"); | |
1190 | return; | |
1191 | } | |
1192 | ||
1193 | #ifdef CONFIG_SAE | |
1194 | /* peer is in sae_accepted? */ | |
1195 | if (sta->sae && sta->sae->state != SAE_ACCEPTED) { | |
1196 | wpa_printf(MSG_DEBUG, "MPM: SAE not yet accepted for peer"); | |
1197 | return; | |
1198 | } | |
1199 | #endif /* CONFIG_SAE */ | |
1200 | ||
1201 | if (!sta->my_lid) | |
1202 | mesh_mpm_init_link(wpa_s, sta); | |
1203 | ||
1204 | if (mconf->security & MESH_CONF_SEC_AMPE) { | |
1205 | int res; | |
1206 | ||
1207 | res = mesh_rsn_process_ampe(wpa_s, sta, &elems, | |
1208 | &mgmt->u.action.category, | |
1209 | peer_mgmt_ie.chosen_pmk, | |
1210 | ies, ie_len); | |
1211 | if (res) { | |
1212 | wpa_printf(MSG_DEBUG, | |
1213 | "MPM: RSN process rejected frame (res=%d)", | |
1214 | res); | |
1215 | if (action_field == PLINK_OPEN && res == -2) { | |
1216 | /* AES-SIV decryption failed */ | |
1217 | mesh_mpm_fsm(wpa_s, sta, OPN_RJCT, | |
1218 | WLAN_REASON_MESH_INVALID_GTK); | |
1219 | } | |
1220 | return; | |
1221 | } | |
1222 | ||
1223 | #ifdef CONFIG_OCV | |
1224 | if (action_field == PLINK_OPEN && elems.rsn_ie) { | |
1225 | struct wpa_state_machine *sm = sta->wpa_sm; | |
1226 | struct wpa_ie_data data; | |
1227 | ||
1228 | res = wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, | |
1229 | elems.rsn_ie_len + 2, | |
1230 | &data); | |
1231 | if (res) { | |
1232 | wpa_printf(MSG_DEBUG, | |
1233 | "Failed to parse RSN IE (res=%d)", | |
1234 | res); | |
1235 | wpa_hexdump(MSG_DEBUG, "RSN IE", elems.rsn_ie, | |
1236 | elems.rsn_ie_len); | |
1237 | return; | |
1238 | } | |
1239 | ||
1240 | wpa_auth_set_ocv(sm, mconf->ocv && | |
1241 | (data.capabilities & | |
1242 | WPA_CAPABILITY_OCVC)); | |
1243 | } | |
1244 | ||
1245 | if (action_field != PLINK_CLOSE && | |
1246 | wpa_auth_uses_ocv(sta->wpa_sm)) { | |
1247 | struct wpa_channel_info ci; | |
1248 | int tx_chanwidth; | |
1249 | int tx_seg1_idx; | |
1250 | ||
1251 | if (wpa_drv_channel_info(wpa_s, &ci) != 0) { | |
1252 | wpa_printf(MSG_WARNING, | |
1253 | "MPM: Failed to get channel info to validate received OCI in MPM Confirm"); | |
1254 | return; | |
1255 | } | |
1256 | ||
1257 | if (get_tx_parameters( | |
1258 | sta, channel_width_to_int(ci.chanwidth), | |
1259 | ci.seg1_idx, &tx_chanwidth, | |
1260 | &tx_seg1_idx) < 0) | |
1261 | return; | |
1262 | ||
1263 | if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci, | |
1264 | tx_chanwidth, tx_seg1_idx) != | |
1265 | 0) { | |
1266 | wpa_printf(MSG_WARNING, "MPM: %s", | |
1267 | ocv_errorstr); | |
1268 | return; | |
1269 | } | |
1270 | } | |
1271 | #endif /* CONFIG_OCV */ | |
1272 | } | |
1273 | ||
1274 | if (sta->plink_state == PLINK_BLOCKED) { | |
1275 | wpa_printf(MSG_DEBUG, "MPM: PLINK_BLOCKED"); | |
1276 | return; | |
1277 | } | |
1278 | ||
1279 | /* Now we will figure out the appropriate event... */ | |
1280 | switch (action_field) { | |
1281 | case PLINK_OPEN: | |
1282 | if (plink_free_count(hapd) == 0) { | |
1283 | event = REQ_RJCT; | |
1284 | reason = WLAN_REASON_MESH_MAX_PEERS; | |
1285 | wpa_printf(MSG_INFO, | |
1286 | "MPM: Peer link num over quota(%d)", | |
1287 | hapd->max_plinks); | |
1288 | } else if (sta->peer_lid && sta->peer_lid != plid) { | |
1289 | wpa_printf(MSG_DEBUG, | |
1290 | "MPM: peer_lid mismatch: 0x%x != 0x%x", | |
1291 | sta->peer_lid, plid); | |
1292 | return; /* no FSM event */ | |
1293 | } else { | |
1294 | sta->peer_lid = plid; | |
1295 | event = OPN_ACPT; | |
1296 | } | |
1297 | break; | |
1298 | case PLINK_CONFIRM: | |
1299 | if (plink_free_count(hapd) == 0) { | |
1300 | event = REQ_RJCT; | |
1301 | reason = WLAN_REASON_MESH_MAX_PEERS; | |
1302 | wpa_printf(MSG_INFO, | |
1303 | "MPM: Peer link num over quota(%d)", | |
1304 | hapd->max_plinks); | |
1305 | } else if (sta->my_lid != llid || | |
1306 | (sta->peer_lid && sta->peer_lid != plid)) { | |
1307 | wpa_printf(MSG_DEBUG, | |
1308 | "MPM: lid mismatch: my_lid: 0x%x != 0x%x or peer_lid: 0x%x != 0x%x", | |
1309 | sta->my_lid, llid, sta->peer_lid, plid); | |
1310 | return; /* no FSM event */ | |
1311 | } else { | |
1312 | if (!sta->peer_lid) | |
1313 | sta->peer_lid = plid; | |
1314 | sta->peer_aid = aid; | |
1315 | event = CNF_ACPT; | |
1316 | } | |
1317 | break; | |
1318 | case PLINK_CLOSE: | |
1319 | if (sta->plink_state == PLINK_ESTAB) | |
1320 | /* Do not check for llid or plid. This does not | |
1321 | * follow the standard but since multiple plinks | |
1322 | * per cand are not supported, it is necessary in | |
1323 | * order to avoid a livelock when MP A sees an | |
1324 | * establish peer link to MP B but MP B does not | |
1325 | * see it. This can be caused by a timeout in | |
1326 | * B's peer link establishment or B being | |
1327 | * restarted. | |
1328 | */ | |
1329 | event = CLS_ACPT; | |
1330 | else if (sta->peer_lid != plid) { | |
1331 | wpa_printf(MSG_DEBUG, | |
1332 | "MPM: peer_lid mismatch: 0x%x != 0x%x", | |
1333 | sta->peer_lid, plid); | |
1334 | return; /* no FSM event */ | |
1335 | } else if (peer_mgmt_ie.plid && sta->my_lid != llid) { | |
1336 | wpa_printf(MSG_DEBUG, | |
1337 | "MPM: my_lid mismatch: 0x%x != 0x%x", | |
1338 | sta->my_lid, llid); | |
1339 | return; /* no FSM event */ | |
1340 | } else { | |
1341 | event = CLS_ACPT; | |
1342 | } | |
1343 | break; | |
1344 | default: | |
1345 | /* | |
1346 | * This cannot be hit due to the action_field check above, but | |
1347 | * compilers may not be able to figure that out and can warn | |
1348 | * about uninitialized event below. | |
1349 | */ | |
1350 | return; | |
1351 | } | |
1352 | mesh_mpm_fsm(wpa_s, sta, event, reason); | |
1353 | } | |
1354 | ||
1355 | ||
1356 | /* called by ap_free_sta */ | |
1357 | void mesh_mpm_free_sta(struct hostapd_data *hapd, struct sta_info *sta) | |
1358 | { | |
1359 | if (sta->plink_state == PLINK_ESTAB) | |
1360 | hapd->num_plinks--; | |
1361 | eloop_cancel_timeout(plink_timer, ELOOP_ALL_CTX, sta); | |
1362 | eloop_cancel_timeout(mesh_auth_timer, ELOOP_ALL_CTX, sta); | |
1363 | } |