]> git.ipfire.org Git - thirdparty/hostap.git/blob - wlantest/rx_mgmt.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
wlantest: New mgmt_group_cipher values for BSS info and debug log
[thirdparty/hostap.git] / wlantest / rx_mgmt.c
1 /*
2 * Received Management frame processing
3 * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "common/ieee802_11_defs.h"
13 #include "common/ieee802_11_common.h"
14 #include "crypto/aes_wrap.h"
15 #include "wlantest.h"
16
17
18 static const char * mgmt_stype(u16 stype)
19 {
20 switch (stype) {
21 case WLAN_FC_STYPE_ASSOC_REQ:
22 return "ASSOC-REQ";
23 case WLAN_FC_STYPE_ASSOC_RESP:
24 return "ASSOC-RESP";
25 case WLAN_FC_STYPE_REASSOC_REQ:
26 return "REASSOC-REQ";
27 case WLAN_FC_STYPE_REASSOC_RESP:
28 return "REASSOC-RESP";
29 case WLAN_FC_STYPE_PROBE_REQ:
30 return "PROBE-REQ";
31 case WLAN_FC_STYPE_PROBE_RESP:
32 return "PROBE-RESP";
33 case WLAN_FC_STYPE_BEACON:
34 return "BEACON";
35 case WLAN_FC_STYPE_ATIM:
36 return "ATIM";
37 case WLAN_FC_STYPE_DISASSOC:
38 return "DISASSOC";
39 case WLAN_FC_STYPE_AUTH:
40 return "AUTH";
41 case WLAN_FC_STYPE_DEAUTH:
42 return "DEAUTH";
43 case WLAN_FC_STYPE_ACTION:
44 return "ACTION";
45 }
46 return "??";
47 }
48
49
50 static void rx_mgmt_beacon(struct wlantest *wt, const u8 *data, size_t len)
51 {
52 const struct ieee80211_mgmt *mgmt;
53 struct wlantest_bss *bss;
54 struct ieee802_11_elems elems;
55
56 mgmt = (const struct ieee80211_mgmt *) data;
57 bss = bss_get(wt, mgmt->bssid);
58 if (bss == NULL)
59 return;
60 if (bss->proberesp_seen)
61 return; /* do not override with Beacon data */
62 bss->capab_info = le_to_host16(mgmt->u.beacon.capab_info);
63 if (ieee802_11_parse_elems(mgmt->u.beacon.variable,
64 len - (mgmt->u.beacon.variable - data),
65 &elems, 0) == ParseFailed) {
66 if (bss->parse_error_reported)
67 return;
68 add_note(wt, MSG_INFO, "Invalid IEs in a Beacon frame from "
69 MACSTR, MAC2STR(mgmt->sa));
70 bss->parse_error_reported = 1;
71 return;
72 }
73
74 bss_update(wt, bss, &elems);
75 }
76
77
78 static void rx_mgmt_probe_resp(struct wlantest *wt, const u8 *data, size_t len)
79 {
80 const struct ieee80211_mgmt *mgmt;
81 struct wlantest_bss *bss;
82 struct ieee802_11_elems elems;
83
84 mgmt = (const struct ieee80211_mgmt *) data;
85 bss = bss_get(wt, mgmt->bssid);
86 if (bss == NULL)
87 return;
88
89 bss->counters[WLANTEST_BSS_COUNTER_PROBE_RESPONSE]++;
90 bss->capab_info = le_to_host16(mgmt->u.probe_resp.capab_info);
91 if (ieee802_11_parse_elems(mgmt->u.probe_resp.variable,
92 len - (mgmt->u.probe_resp.variable - data),
93 &elems, 0) == ParseFailed) {
94 if (bss->parse_error_reported)
95 return;
96 add_note(wt, MSG_INFO, "Invalid IEs in a Probe Response frame "
97 "from " MACSTR, MAC2STR(mgmt->sa));
98 bss->parse_error_reported = 1;
99 return;
100 }
101
102 bss_update(wt, bss, &elems);
103 }
104
105
106 static void rx_mgmt_auth(struct wlantest *wt, const u8 *data, size_t len)
107 {
108 const struct ieee80211_mgmt *mgmt;
109 struct wlantest_bss *bss;
110 struct wlantest_sta *sta;
111 u16 alg, trans, status;
112
113 mgmt = (const struct ieee80211_mgmt *) data;
114 bss = bss_get(wt, mgmt->bssid);
115 if (bss == NULL)
116 return;
117 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
118 sta = sta_get(bss, mgmt->da);
119 else
120 sta = sta_get(bss, mgmt->sa);
121 if (sta == NULL)
122 return;
123
124 if (len < 24 + 6) {
125 add_note(wt, MSG_INFO, "Too short Authentication frame from "
126 MACSTR, MAC2STR(mgmt->sa));
127 return;
128 }
129
130 alg = le_to_host16(mgmt->u.auth.auth_alg);
131 trans = le_to_host16(mgmt->u.auth.auth_transaction);
132 status = le_to_host16(mgmt->u.auth.status_code);
133
134 wpa_printf(MSG_DEBUG, "AUTH " MACSTR " -> " MACSTR
135 " (alg=%u trans=%u status=%u)",
136 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), alg, trans, status);
137
138 if (alg == 0 && trans == 2 && status == 0) {
139 if (sta->state == STATE1) {
140 add_note(wt, MSG_DEBUG, "STA " MACSTR
141 " moved to State 2 with " MACSTR,
142 MAC2STR(sta->addr), MAC2STR(bss->bssid));
143 sta->state = STATE2;
144 }
145 }
146
147 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
148 sta->counters[WLANTEST_STA_COUNTER_AUTH_RX]++;
149 else
150 sta->counters[WLANTEST_STA_COUNTER_AUTH_TX]++;
151 }
152
153
154 static void deauth_all_stas(struct wlantest *wt, struct wlantest_bss *bss)
155 {
156 struct wlantest_sta *sta;
157 dl_list_for_each(sta, &bss->sta, struct wlantest_sta, list) {
158 if (sta->state == STATE1)
159 continue;
160 add_note(wt, MSG_DEBUG, "STA " MACSTR
161 " moved to State 1 with " MACSTR,
162 MAC2STR(sta->addr), MAC2STR(bss->bssid));
163 sta->state = STATE1;
164 }
165 }
166
167
168 static void tdls_link_down(struct wlantest *wt, struct wlantest_bss *bss,
169 struct wlantest_sta *sta)
170 {
171 struct wlantest_tdls *tdls;
172 dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
173 if ((tdls->init == sta || tdls->resp == sta) && tdls->link_up)
174 {
175 add_note(wt, MSG_DEBUG, "TDLS: Set link down based on "
176 "STA deauth/disassoc");
177 tdls->link_up = 0;
178 }
179 }
180 }
181
182
183 static void rx_mgmt_deauth(struct wlantest *wt, const u8 *data, size_t len,
184 int valid)
185 {
186 const struct ieee80211_mgmt *mgmt;
187 struct wlantest_bss *bss;
188 struct wlantest_sta *sta;
189 u16 fc, reason;
190
191 mgmt = (const struct ieee80211_mgmt *) data;
192 bss = bss_get(wt, mgmt->bssid);
193 if (bss == NULL)
194 return;
195 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
196 sta = sta_get(bss, mgmt->da);
197 else
198 sta = sta_get(bss, mgmt->sa);
199
200 if (len < 24 + 2) {
201 add_note(wt, MSG_INFO, "Too short Deauthentication frame from "
202 MACSTR, MAC2STR(mgmt->sa));
203 return;
204 }
205
206 reason = le_to_host16(mgmt->u.deauth.reason_code);
207 wpa_printf(MSG_DEBUG, "DEAUTH " MACSTR " -> " MACSTR
208 " (reason=%u) (valid=%d)",
209 MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
210 reason, valid);
211 wpa_hexdump(MSG_MSGDUMP, "DEAUTH payload", data + 24, len - 24);
212
213 if (sta == NULL) {
214 if (valid && mgmt->da[0] == 0xff)
215 deauth_all_stas(wt, bss);
216 return;
217 }
218
219 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0) {
220 sta->counters[valid ? WLANTEST_STA_COUNTER_VALID_DEAUTH_RX :
221 WLANTEST_STA_COUNTER_INVALID_DEAUTH_RX]++;
222 if (sta->pwrmgt && !sta->pspoll)
223 sta->counters[WLANTEST_STA_COUNTER_DEAUTH_RX_ASLEEP]++;
224 else
225 sta->counters[WLANTEST_STA_COUNTER_DEAUTH_RX_AWAKE]++;
226
227 fc = le_to_host16(mgmt->frame_control);
228 if (!(fc & WLAN_FC_ISWEP) && reason == 6)
229 sta->counters[WLANTEST_STA_COUNTER_DEAUTH_RX_RC6]++;
230 else if (!(fc & WLAN_FC_ISWEP) && reason == 7)
231 sta->counters[WLANTEST_STA_COUNTER_DEAUTH_RX_RC7]++;
232 } else
233 sta->counters[valid ? WLANTEST_STA_COUNTER_VALID_DEAUTH_TX :
234 WLANTEST_STA_COUNTER_INVALID_DEAUTH_TX]++;
235
236 if (!valid) {
237 add_note(wt, MSG_INFO, "Do not change STA " MACSTR " State "
238 "since Disassociation frame was not protected "
239 "correctly", MAC2STR(sta->addr));
240 return;
241 }
242
243 if (sta->state != STATE1) {
244 add_note(wt, MSG_DEBUG, "STA " MACSTR
245 " moved to State 1 with " MACSTR,
246 MAC2STR(sta->addr), MAC2STR(bss->bssid));
247 sta->state = STATE1;
248 }
249 tdls_link_down(wt, bss, sta);
250 }
251
252
253 static void rx_mgmt_assoc_req(struct wlantest *wt, const u8 *data, size_t len)
254 {
255 const struct ieee80211_mgmt *mgmt;
256 struct wlantest_bss *bss;
257 struct wlantest_sta *sta;
258 struct ieee802_11_elems elems;
259
260 mgmt = (const struct ieee80211_mgmt *) data;
261 bss = bss_get(wt, mgmt->bssid);
262 if (bss == NULL)
263 return;
264 sta = sta_get(bss, mgmt->sa);
265 if (sta == NULL)
266 return;
267
268 if (len < 24 + 4) {
269 add_note(wt, MSG_INFO, "Too short Association Request frame "
270 "from " MACSTR, MAC2STR(mgmt->sa));
271 return;
272 }
273
274 wpa_printf(MSG_DEBUG, "ASSOCREQ " MACSTR " -> " MACSTR
275 " (capab=0x%x listen_int=%u)",
276 MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
277 le_to_host16(mgmt->u.assoc_req.capab_info),
278 le_to_host16(mgmt->u.assoc_req.listen_interval));
279
280 sta->counters[WLANTEST_STA_COUNTER_ASSOCREQ_TX]++;
281
282 if (ieee802_11_parse_elems(mgmt->u.assoc_req.variable,
283 len - (mgmt->u.assoc_req.variable - data),
284 &elems, 0) == ParseFailed) {
285 add_note(wt, MSG_INFO, "Invalid IEs in Association Request "
286 "frame from " MACSTR, MAC2STR(mgmt->sa));
287 return;
288 }
289
290 sta->assocreq_capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
291 sta->assocreq_listen_int =
292 le_to_host16(mgmt->u.assoc_req.listen_interval);
293 os_free(sta->assocreq_ies);
294 sta->assocreq_ies_len = len - (mgmt->u.assoc_req.variable - data);
295 sta->assocreq_ies = os_malloc(sta->assocreq_ies_len);
296 if (sta->assocreq_ies)
297 os_memcpy(sta->assocreq_ies, mgmt->u.assoc_req.variable,
298 sta->assocreq_ies_len);
299
300 sta_update_assoc(sta, &elems);
301 }
302
303
304 static void rx_mgmt_assoc_resp(struct wlantest *wt, const u8 *data, size_t len)
305 {
306 const struct ieee80211_mgmt *mgmt;
307 struct wlantest_bss *bss;
308 struct wlantest_sta *sta;
309 u16 capab, status, aid;
310
311 mgmt = (const struct ieee80211_mgmt *) data;
312 bss = bss_get(wt, mgmt->bssid);
313 if (bss == NULL)
314 return;
315 sta = sta_get(bss, mgmt->da);
316 if (sta == NULL)
317 return;
318
319 if (len < 24 + 6) {
320 add_note(wt, MSG_INFO, "Too short Association Response frame "
321 "from " MACSTR, MAC2STR(mgmt->sa));
322 return;
323 }
324
325 capab = le_to_host16(mgmt->u.assoc_resp.capab_info);
326 status = le_to_host16(mgmt->u.assoc_resp.status_code);
327 aid = le_to_host16(mgmt->u.assoc_resp.aid);
328
329 wpa_printf(MSG_DEBUG, "ASSOCRESP " MACSTR " -> " MACSTR
330 " (capab=0x%x status=%u aid=%u)",
331 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), capab, status,
332 aid & 0x3fff);
333
334 if (status == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
335 struct ieee802_11_elems elems;
336 const u8 *ies = mgmt->u.assoc_resp.variable;
337 size_t ies_len = len - (mgmt->u.assoc_resp.variable - data);
338 if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
339 ParseFailed) {
340 add_note(wt, MSG_INFO, "Failed to parse IEs in "
341 "AssocResp from " MACSTR,
342 MAC2STR(mgmt->sa));
343 } else if (elems.timeout_int == NULL ||
344 elems.timeout_int_len != 5 ||
345 elems.timeout_int[0] !=
346 WLAN_TIMEOUT_ASSOC_COMEBACK) {
347 add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
348 "with Assoc Comeback time in AssocResp "
349 "(status=30) from " MACSTR,
350 MAC2STR(mgmt->sa));
351 } else {
352 sta->counters[
353 WLANTEST_STA_COUNTER_ASSOCRESP_COMEBACK]++;
354 }
355 }
356
357 if (status)
358 return;
359
360 if ((aid & 0xc000) != 0xc000) {
361 add_note(wt, MSG_DEBUG, "Two MSBs of the AID were not set to 1 "
362 "in Association Response from " MACSTR,
363 MAC2STR(mgmt->sa));
364 }
365 sta->aid = aid & 0xc000;
366
367 if (sta->state < STATE2) {
368 add_note(wt, MSG_DEBUG,
369 "STA " MACSTR " was not in State 2 when "
370 "getting associated", MAC2STR(sta->addr));
371 }
372
373 if (sta->state < STATE3) {
374 add_note(wt, MSG_DEBUG, "STA " MACSTR
375 " moved to State 3 with " MACSTR,
376 MAC2STR(sta->addr), MAC2STR(bss->bssid));
377 sta->state = STATE3;
378 }
379 }
380
381
382 static void rx_mgmt_reassoc_req(struct wlantest *wt, const u8 *data,
383 size_t len)
384 {
385 const struct ieee80211_mgmt *mgmt;
386 struct wlantest_bss *bss;
387 struct wlantest_sta *sta;
388 struct ieee802_11_elems elems;
389
390 mgmt = (const struct ieee80211_mgmt *) data;
391 bss = bss_get(wt, mgmt->bssid);
392 if (bss == NULL)
393 return;
394 sta = sta_get(bss, mgmt->sa);
395 if (sta == NULL)
396 return;
397
398 if (len < 24 + 4 + ETH_ALEN) {
399 add_note(wt, MSG_INFO, "Too short Reassociation Request frame "
400 "from " MACSTR, MAC2STR(mgmt->sa));
401 return;
402 }
403
404 wpa_printf(MSG_DEBUG, "REASSOCREQ " MACSTR " -> " MACSTR
405 " (capab=0x%x listen_int=%u current_ap=" MACSTR ")",
406 MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
407 le_to_host16(mgmt->u.reassoc_req.capab_info),
408 le_to_host16(mgmt->u.reassoc_req.listen_interval),
409 MAC2STR(mgmt->u.reassoc_req.current_ap));
410
411 sta->counters[WLANTEST_STA_COUNTER_REASSOCREQ_TX]++;
412
413 if (ieee802_11_parse_elems(mgmt->u.reassoc_req.variable,
414 len - (mgmt->u.reassoc_req.variable - data),
415 &elems, 0) == ParseFailed) {
416 add_note(wt, MSG_INFO, "Invalid IEs in Reassociation Request "
417 "frame from " MACSTR, MAC2STR(mgmt->sa));
418 return;
419 }
420
421 sta->assocreq_capab_info =
422 le_to_host16(mgmt->u.reassoc_req.capab_info);
423 sta->assocreq_listen_int =
424 le_to_host16(mgmt->u.reassoc_req.listen_interval);
425 os_free(sta->assocreq_ies);
426 sta->assocreq_ies_len = len - (mgmt->u.reassoc_req.variable - data);
427 sta->assocreq_ies = os_malloc(sta->assocreq_ies_len);
428 if (sta->assocreq_ies)
429 os_memcpy(sta->assocreq_ies, mgmt->u.reassoc_req.variable,
430 sta->assocreq_ies_len);
431
432 sta_update_assoc(sta, &elems);
433 }
434
435
436 static void rx_mgmt_reassoc_resp(struct wlantest *wt, const u8 *data,
437 size_t len)
438 {
439 const struct ieee80211_mgmt *mgmt;
440 struct wlantest_bss *bss;
441 struct wlantest_sta *sta;
442 u16 capab, status, aid;
443
444 mgmt = (const struct ieee80211_mgmt *) data;
445 bss = bss_get(wt, mgmt->bssid);
446 if (bss == NULL)
447 return;
448 sta = sta_get(bss, mgmt->da);
449 if (sta == NULL)
450 return;
451
452 if (len < 24 + 6) {
453 add_note(wt, MSG_INFO, "Too short Reassociation Response frame "
454 "from " MACSTR, MAC2STR(mgmt->sa));
455 return;
456 }
457
458 capab = le_to_host16(mgmt->u.reassoc_resp.capab_info);
459 status = le_to_host16(mgmt->u.reassoc_resp.status_code);
460 aid = le_to_host16(mgmt->u.reassoc_resp.aid);
461
462 wpa_printf(MSG_DEBUG, "REASSOCRESP " MACSTR " -> " MACSTR
463 " (capab=0x%x status=%u aid=%u)",
464 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), capab, status,
465 aid & 0x3fff);
466
467 if (status == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
468 struct ieee802_11_elems elems;
469 const u8 *ies = mgmt->u.reassoc_resp.variable;
470 size_t ies_len = len - (mgmt->u.reassoc_resp.variable - data);
471 if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
472 ParseFailed) {
473 add_note(wt, MSG_INFO, "Failed to parse IEs in "
474 "ReassocResp from " MACSTR,
475 MAC2STR(mgmt->sa));
476 } else if (elems.timeout_int == NULL ||
477 elems.timeout_int_len != 5 ||
478 elems.timeout_int[0] !=
479 WLAN_TIMEOUT_ASSOC_COMEBACK) {
480 add_note(wt, MSG_INFO, "No valid Timeout Interval IE "
481 "with Assoc Comeback time in ReassocResp "
482 "(status=30) from " MACSTR,
483 MAC2STR(mgmt->sa));
484 } else {
485 sta->counters[
486 WLANTEST_STA_COUNTER_REASSOCRESP_COMEBACK]++;
487 }
488 }
489
490 if (status)
491 return;
492
493 if ((aid & 0xc000) != 0xc000) {
494 add_note(wt, MSG_DEBUG, "Two MSBs of the AID were not set to 1 "
495 "in Reassociation Response from " MACSTR,
496 MAC2STR(mgmt->sa));
497 }
498 sta->aid = aid & 0xc000;
499
500 if (sta->state < STATE2) {
501 add_note(wt, MSG_DEBUG,
502 "STA " MACSTR " was not in State 2 when "
503 "getting associated", MAC2STR(sta->addr));
504 }
505
506 if (sta->state < STATE3) {
507 add_note(wt, MSG_DEBUG, "STA " MACSTR
508 " moved to State 3 with " MACSTR,
509 MAC2STR(sta->addr), MAC2STR(bss->bssid));
510 sta->state = STATE3;
511 }
512 }
513
514
515 static void disassoc_all_stas(struct wlantest *wt, struct wlantest_bss *bss)
516 {
517 struct wlantest_sta *sta;
518 dl_list_for_each(sta, &bss->sta, struct wlantest_sta, list) {
519 if (sta->state <= STATE2)
520 continue;
521 add_note(wt, MSG_DEBUG, "STA " MACSTR
522 " moved to State 2 with " MACSTR,
523 MAC2STR(sta->addr), MAC2STR(bss->bssid));
524 sta->state = STATE2;
525 }
526 }
527
528
529 static void rx_mgmt_disassoc(struct wlantest *wt, const u8 *data, size_t len,
530 int valid)
531 {
532 const struct ieee80211_mgmt *mgmt;
533 struct wlantest_bss *bss;
534 struct wlantest_sta *sta;
535 u16 fc, reason;
536
537 mgmt = (const struct ieee80211_mgmt *) data;
538 bss = bss_get(wt, mgmt->bssid);
539 if (bss == NULL)
540 return;
541 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
542 sta = sta_get(bss, mgmt->da);
543 else
544 sta = sta_get(bss, mgmt->sa);
545
546 if (len < 24 + 2) {
547 add_note(wt, MSG_INFO, "Too short Disassociation frame from "
548 MACSTR, MAC2STR(mgmt->sa));
549 return;
550 }
551
552 reason = le_to_host16(mgmt->u.disassoc.reason_code);
553 wpa_printf(MSG_DEBUG, "DISASSOC " MACSTR " -> " MACSTR
554 " (reason=%u) (valid=%d)",
555 MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
556 reason, valid);
557 wpa_hexdump(MSG_MSGDUMP, "DISASSOC payload", data + 24, len - 24);
558
559 if (sta == NULL) {
560 if (valid && mgmt->da[0] == 0xff)
561 disassoc_all_stas(wt, bss);
562 return;
563 }
564
565 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0) {
566 sta->counters[valid ? WLANTEST_STA_COUNTER_VALID_DISASSOC_RX :
567 WLANTEST_STA_COUNTER_INVALID_DISASSOC_RX]++;
568 if (sta->pwrmgt && !sta->pspoll)
569 sta->counters[
570 WLANTEST_STA_COUNTER_DISASSOC_RX_ASLEEP]++;
571 else
572 sta->counters[
573 WLANTEST_STA_COUNTER_DISASSOC_RX_AWAKE]++;
574
575 fc = le_to_host16(mgmt->frame_control);
576 if (!(fc & WLAN_FC_ISWEP) && reason == 6)
577 sta->counters[WLANTEST_STA_COUNTER_DISASSOC_RX_RC6]++;
578 else if (!(fc & WLAN_FC_ISWEP) && reason == 7)
579 sta->counters[WLANTEST_STA_COUNTER_DISASSOC_RX_RC7]++;
580 } else
581 sta->counters[valid ? WLANTEST_STA_COUNTER_VALID_DISASSOC_TX :
582 WLANTEST_STA_COUNTER_INVALID_DISASSOC_TX]++;
583
584 if (!valid) {
585 add_note(wt, MSG_INFO, "Do not change STA " MACSTR " State "
586 "since Disassociation frame was not protected "
587 "correctly", MAC2STR(sta->addr));
588 return;
589 }
590
591 if (sta->state < STATE2) {
592 add_note(wt, MSG_DEBUG,
593 "STA " MACSTR " was not in State 2 or 3 "
594 "when getting disassociated", MAC2STR(sta->addr));
595 }
596
597 if (sta->state > STATE2) {
598 add_note(wt, MSG_DEBUG, "STA " MACSTR
599 " moved to State 2 with " MACSTR,
600 MAC2STR(sta->addr), MAC2STR(bss->bssid));
601 sta->state = STATE2;
602 }
603 tdls_link_down(wt, bss, sta);
604 }
605
606
607 static void rx_mgmt_action_sa_query_req(struct wlantest *wt,
608 struct wlantest_sta *sta,
609 const struct ieee80211_mgmt *mgmt,
610 size_t len, int valid)
611 {
612 const u8 *rx_id;
613 u8 *id;
614
615 rx_id = (const u8 *) mgmt->u.action.u.sa_query_req.trans_id;
616 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
617 id = sta->ap_sa_query_tr;
618 else
619 id = sta->sta_sa_query_tr;
620 add_note(wt, MSG_INFO, "SA Query Request " MACSTR " -> " MACSTR
621 " (trans_id=%02x%02x)%s",
622 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), rx_id[0], rx_id[1],
623 valid ? "" : " (invalid protection)");
624 os_memcpy(id, mgmt->u.action.u.sa_query_req.trans_id, 2);
625 if (os_memcmp(mgmt->sa, sta->addr, ETH_ALEN) == 0)
626 sta->counters[valid ?
627 WLANTEST_STA_COUNTER_VALID_SAQUERYREQ_TX :
628 WLANTEST_STA_COUNTER_INVALID_SAQUERYREQ_TX]++;
629 else
630 sta->counters[valid ?
631 WLANTEST_STA_COUNTER_VALID_SAQUERYREQ_RX :
632 WLANTEST_STA_COUNTER_INVALID_SAQUERYREQ_RX]++;
633 }
634
635
636 static void rx_mgmt_action_sa_query_resp(struct wlantest *wt,
637 struct wlantest_sta *sta,
638 const struct ieee80211_mgmt *mgmt,
639 size_t len, int valid)
640 {
641 const u8 *rx_id;
642 u8 *id;
643 int match;
644
645 rx_id = (const u8 *) mgmt->u.action.u.sa_query_resp.trans_id;
646 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
647 id = sta->sta_sa_query_tr;
648 else
649 id = sta->ap_sa_query_tr;
650 match = os_memcmp(rx_id, id, 2) == 0;
651 add_note(wt, MSG_INFO, "SA Query Response " MACSTR " -> " MACSTR
652 " (trans_id=%02x%02x; %s)%s",
653 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), rx_id[0], rx_id[1],
654 match ? "match" : "mismatch",
655 valid ? "" : " (invalid protection)");
656 if (os_memcmp(mgmt->sa, sta->addr, ETH_ALEN) == 0)
657 sta->counters[(valid && match) ?
658 WLANTEST_STA_COUNTER_VALID_SAQUERYRESP_TX :
659 WLANTEST_STA_COUNTER_INVALID_SAQUERYRESP_TX]++;
660 else
661 sta->counters[(valid && match) ?
662 WLANTEST_STA_COUNTER_VALID_SAQUERYRESP_RX :
663 WLANTEST_STA_COUNTER_INVALID_SAQUERYRESP_RX]++;
664 }
665
666
667 static void rx_mgmt_action_sa_query(struct wlantest *wt,
668 struct wlantest_sta *sta,
669 const struct ieee80211_mgmt *mgmt,
670 size_t len, int valid)
671 {
672 if (len < 24 + 2 + WLAN_SA_QUERY_TR_ID_LEN) {
673 add_note(wt, MSG_INFO, "Too short SA Query frame from " MACSTR,
674 MAC2STR(mgmt->sa));
675 return;
676 }
677
678 if (len > 24 + 2 + WLAN_SA_QUERY_TR_ID_LEN) {
679 size_t elen = len - (24 + 2 + WLAN_SA_QUERY_TR_ID_LEN);
680 add_note(wt, MSG_INFO, "Unexpected %u octets of extra data at "
681 "the end of SA Query frame from " MACSTR,
682 (unsigned) elen, MAC2STR(mgmt->sa));
683 wpa_hexdump(MSG_INFO, "SA Query extra data",
684 ((const u8 *) mgmt) + len - elen, elen);
685 }
686
687 switch (mgmt->u.action.u.sa_query_req.action) {
688 case WLAN_SA_QUERY_REQUEST:
689 rx_mgmt_action_sa_query_req(wt, sta, mgmt, len, valid);
690 break;
691 case WLAN_SA_QUERY_RESPONSE:
692 rx_mgmt_action_sa_query_resp(wt, sta, mgmt, len, valid);
693 break;
694 default:
695 add_note(wt, MSG_INFO, "Unexpected SA Query action value %u "
696 "from " MACSTR,
697 mgmt->u.action.u.sa_query_req.action,
698 MAC2STR(mgmt->sa));
699 }
700 }
701
702
703 static void rx_mgmt_action(struct wlantest *wt, const u8 *data, size_t len,
704 int valid)
705 {
706 const struct ieee80211_mgmt *mgmt;
707 struct wlantest_bss *bss;
708 struct wlantest_sta *sta;
709
710 mgmt = (const struct ieee80211_mgmt *) data;
711 if (mgmt->da[0] & 0x01) {
712 add_note(wt, MSG_DEBUG, "Group addressed Action frame: DA="
713 MACSTR " SA=" MACSTR " BSSID=" MACSTR
714 " category=%u",
715 MAC2STR(mgmt->da), MAC2STR(mgmt->sa),
716 MAC2STR(mgmt->bssid), mgmt->u.action.category);
717 return; /* Ignore group addressed Action frames for now */
718 }
719 bss = bss_get(wt, mgmt->bssid);
720 if (bss == NULL)
721 return;
722 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
723 sta = sta_get(bss, mgmt->da);
724 else
725 sta = sta_get(bss, mgmt->sa);
726 if (sta == NULL)
727 return;
728
729 if (len < 24 + 1) {
730 add_note(wt, MSG_INFO, "Too short Action frame from " MACSTR,
731 MAC2STR(mgmt->sa));
732 return;
733 }
734
735 wpa_printf(MSG_DEBUG, "ACTION " MACSTR " -> " MACSTR
736 " (category=%u) (valid=%d)",
737 MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
738 mgmt->u.action.category, valid);
739 wpa_hexdump(MSG_MSGDUMP, "ACTION payload", data + 24, len - 24);
740
741 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
742 sta->state < STATE3) {
743 add_note(wt, MSG_INFO, "Action frame sent when STA is not in "
744 "State 3 (SA=" MACSTR " DATA=" MACSTR ")",
745 MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
746 }
747
748 switch (mgmt->u.action.category) {
749 case WLAN_ACTION_SA_QUERY:
750 rx_mgmt_action_sa_query(wt, sta, mgmt, len, valid);
751 break;
752 }
753 }
754
755
756 static int check_mmie_mic(const u8 *igtk, size_t igtk_len,
757 const u8 *data, size_t len)
758 {
759 u8 *buf;
760 u8 mic[16];
761 u16 fc;
762 const struct ieee80211_hdr *hdr;
763 int ret, mic_len;
764
765 if (igtk_len == 32)
766 mic_len = 16;
767 else if (igtk_len == 16)
768 mic_len = 8;
769 else
770 return -1;
771
772 if (len < 24 || len - 24 < mic_len)
773 return -1;
774
775 buf = os_malloc(len + 20 - 24);
776 if (buf == NULL)
777 return -1;
778
779 /* BIP AAD: FC(masked) A1 A2 A3 */
780 hdr = (const struct ieee80211_hdr *) data;
781 fc = le_to_host16(hdr->frame_control);
782 fc &= ~(WLAN_FC_RETRY | WLAN_FC_PWRMGT | WLAN_FC_MOREDATA);
783 WPA_PUT_LE16(buf, fc);
784 os_memcpy(buf + 2, hdr->addr1, 3 * ETH_ALEN);
785
786 /* Frame body with MMIE MIC masked to zero */
787 os_memcpy(buf + 20, data + 24, len - 24 - mic_len);
788 os_memset(buf + 20 + len - 24 - mic_len, 0, mic_len);
789
790 wpa_hexdump(MSG_MSGDUMP, "BIP: AAD|Body(masked)", buf, len + 20 - 24);
791 /* MIC = L(AES-128-CMAC(AAD || Frame Body(masked)), 0, 64) */
792 if (igtk_len == 32)
793 ret = omac1_aes_256(igtk, buf, len + 20 - 24, mic);
794 else
795 ret = omac1_aes_128(igtk, buf, len + 20 - 24, mic);
796 if (ret < 0) {
797 os_free(buf);
798 return -1;
799 }
800
801 os_free(buf);
802
803 if (os_memcmp(data + len - mic_len, mic, mic_len) != 0)
804 return -1;
805
806 return 0;
807 }
808
809
810 static int check_bip(struct wlantest *wt, const u8 *data, size_t len)
811 {
812 const struct ieee80211_mgmt *mgmt;
813 u16 fc, stype;
814 const u8 *mmie;
815 u16 keyid;
816 struct wlantest_bss *bss;
817 size_t mic_len;
818
819 mgmt = (const struct ieee80211_mgmt *) data;
820 fc = le_to_host16(mgmt->frame_control);
821 stype = WLAN_FC_GET_STYPE(fc);
822
823 if (stype == WLAN_FC_STYPE_ACTION) {
824 if (len < 24 + 1)
825 return 0;
826 if (mgmt->u.action.category == WLAN_ACTION_PUBLIC)
827 return 0; /* Not a robust management frame */
828 }
829
830 bss = bss_get(wt, mgmt->bssid);
831 if (bss == NULL)
832 return 0; /* No key known yet */
833
834 mic_len = bss->igtk_len[4] == 32 || bss->igtk_len[5] == 32 ? 16 : 8;
835
836 if (len < 24 + 10 + mic_len ||
837 data[len - (10 + mic_len)] != WLAN_EID_MMIE ||
838 data[len - (10 + mic_len - 1)] != 8 + mic_len) {
839 /* No MMIE */
840 if (bss->rsn_capab & WPA_CAPABILITY_MFPC) {
841 add_note(wt, MSG_INFO, "Robust group-addressed "
842 "management frame sent without BIP by "
843 MACSTR, MAC2STR(mgmt->sa));
844 bss->counters[WLANTEST_BSS_COUNTER_MISSING_BIP_MMIE]++;
845 return -1;
846 }
847 return 0;
848 }
849
850 mmie = data + len - (8 + mic_len);
851 keyid = WPA_GET_LE16(mmie);
852 if (keyid & 0xf000) {
853 add_note(wt, MSG_INFO, "MMIE KeyID reserved bits not zero "
854 "(%04x) from " MACSTR, keyid, MAC2STR(mgmt->sa));
855 keyid &= 0x0fff;
856 }
857 if (keyid < 4 || keyid > 5) {
858 add_note(wt, MSG_INFO, "Unexpected MMIE KeyID %u from " MACSTR,
859 keyid, MAC2STR(mgmt->sa));
860 bss->counters[WLANTEST_BSS_COUNTER_INVALID_BIP_MMIE]++;
861 return 0;
862 }
863 wpa_printf(MSG_DEBUG, "MMIE KeyID %u", keyid);
864 wpa_hexdump(MSG_MSGDUMP, "MMIE IPN", mmie + 2, 6);
865 wpa_hexdump(MSG_MSGDUMP, "MMIE MIC", mmie + 8, mic_len);
866
867 if (!bss->igtk_len[keyid]) {
868 add_note(wt, MSG_DEBUG, "No IGTK known to validate BIP frame");
869 return 0;
870 }
871
872 if (os_memcmp(mmie + 2, bss->ipn[keyid], 6) <= 0) {
873 add_note(wt, MSG_INFO, "BIP replay detected: SA=" MACSTR,
874 MAC2STR(mgmt->sa));
875 wpa_hexdump(MSG_INFO, "RX IPN", mmie + 2, 6);
876 wpa_hexdump(MSG_INFO, "Last RX IPN", bss->ipn[keyid], 6);
877 }
878
879 if (check_mmie_mic(bss->igtk[keyid], bss->igtk_len[keyid], data, len) <
880 0) {
881 add_note(wt, MSG_INFO, "Invalid MMIE MIC in a frame from "
882 MACSTR, MAC2STR(mgmt->sa));
883 bss->counters[WLANTEST_BSS_COUNTER_INVALID_BIP_MMIE]++;
884 return -1;
885 }
886
887 add_note(wt, MSG_DEBUG, "Valid MMIE MIC");
888 os_memcpy(bss->ipn[keyid], mmie + 2, 6);
889 bss->counters[WLANTEST_BSS_COUNTER_VALID_BIP_MMIE]++;
890
891 if (stype == WLAN_FC_STYPE_DEAUTH)
892 bss->counters[WLANTEST_BSS_COUNTER_BIP_DEAUTH]++;
893 else if (stype == WLAN_FC_STYPE_DISASSOC)
894 bss->counters[WLANTEST_BSS_COUNTER_BIP_DISASSOC]++;
895
896 return 0;
897 }
898
899
900 static u8 * mgmt_ccmp_decrypt(struct wlantest *wt, const u8 *data, size_t len,
901 size_t *dlen)
902 {
903 struct wlantest_bss *bss;
904 struct wlantest_sta *sta;
905 const struct ieee80211_hdr *hdr;
906 int keyid;
907 u8 *decrypted, *frame = NULL;
908 u8 pn[6], *rsc;
909
910 hdr = (const struct ieee80211_hdr *) data;
911 bss = bss_get(wt, hdr->addr3);
912 if (bss == NULL)
913 return NULL;
914 if (os_memcmp(hdr->addr1, hdr->addr3, ETH_ALEN) == 0)
915 sta = sta_get(bss, hdr->addr2);
916 else
917 sta = sta_get(bss, hdr->addr1);
918 if (sta == NULL || !sta->ptk_set) {
919 add_note(wt, MSG_MSGDUMP, "No PTK known to decrypt the frame");
920 return NULL;
921 }
922
923 if (len < 24 + 4)
924 return NULL;
925
926 if (!(data[24 + 3] & 0x20)) {
927 add_note(wt, MSG_INFO, "Expected CCMP frame from " MACSTR
928 " did not have ExtIV bit set to 1",
929 MAC2STR(hdr->addr2));
930 return NULL;
931 }
932
933 if (data[24 + 2] != 0 || (data[24 + 3] & 0x1f) != 0) {
934 add_note(wt, MSG_INFO, "CCMP mgmt frame from " MACSTR " used "
935 "non-zero reserved bit", MAC2STR(hdr->addr2));
936 }
937
938 keyid = data[24 + 3] >> 6;
939 if (keyid != 0) {
940 add_note(wt, MSG_INFO, "Unexpected non-zero KeyID %d in "
941 "individually addressed Management frame from "
942 MACSTR, keyid, MAC2STR(hdr->addr2));
943 }
944
945 if (os_memcmp(hdr->addr1, hdr->addr3, ETH_ALEN) == 0)
946 rsc = sta->rsc_tods[16];
947 else
948 rsc = sta->rsc_fromds[16];
949
950 ccmp_get_pn(pn, data + 24);
951 if (os_memcmp(pn, rsc, 6) <= 0) {
952 u16 seq_ctrl = le_to_host16(hdr->seq_ctrl);
953 add_note(wt, MSG_INFO, "CCMP/TKIP replay detected: A1=" MACSTR
954 " A2=" MACSTR " A3=" MACSTR " seq=%u frag=%u%s",
955 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
956 MAC2STR(hdr->addr3),
957 WLAN_GET_SEQ_SEQ(seq_ctrl),
958 WLAN_GET_SEQ_FRAG(seq_ctrl),
959 (le_to_host16(hdr->frame_control) & WLAN_FC_RETRY) ?
960 " Retry" : "");
961 wpa_hexdump(MSG_INFO, "RX PN", pn, 6);
962 wpa_hexdump(MSG_INFO, "RSC", rsc, 6);
963 }
964
965 decrypted = ccmp_decrypt(sta->ptk.tk1, hdr, data + 24, len - 24, dlen);
966 if (decrypted) {
967 os_memcpy(rsc, pn, 6);
968 frame = os_malloc(24 + *dlen);
969 if (frame) {
970 os_memcpy(frame, data, 24);
971 os_memcpy(frame + 24, decrypted, *dlen);
972 *dlen += 24;
973 }
974 }
975
976 os_free(decrypted);
977
978 return frame;
979 }
980
981
982 static int check_mgmt_ccmp(struct wlantest *wt, const u8 *data, size_t len)
983 {
984 const struct ieee80211_mgmt *mgmt;
985 u16 fc;
986 struct wlantest_bss *bss;
987 struct wlantest_sta *sta;
988
989 mgmt = (const struct ieee80211_mgmt *) data;
990 fc = le_to_host16(mgmt->frame_control);
991
992 if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) {
993 if (len > 24 &&
994 mgmt->u.action.category == WLAN_ACTION_PUBLIC)
995 return 0; /* Not a robust management frame */
996 }
997
998 bss = bss_get(wt, mgmt->bssid);
999 if (bss == NULL)
1000 return 0;
1001 if (os_memcmp(mgmt->da, mgmt->bssid, ETH_ALEN) == 0)
1002 sta = sta_get(bss, mgmt->sa);
1003 else
1004 sta = sta_get(bss, mgmt->da);
1005 if (sta == NULL)
1006 return 0;
1007
1008 if ((sta->rsn_capab & WPA_CAPABILITY_MFPC) &&
1009 (sta->state == STATE3 ||
1010 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION)) {
1011 add_note(wt, MSG_INFO, "Robust individually-addressed "
1012 "management frame sent without CCMP by "
1013 MACSTR, MAC2STR(mgmt->sa));
1014 return -1;
1015 }
1016
1017 return 0;
1018 }
1019
1020
1021 void rx_mgmt(struct wlantest *wt, const u8 *data, size_t len)
1022 {
1023 const struct ieee80211_hdr *hdr;
1024 u16 fc, stype;
1025 int valid = 1;
1026 u8 *decrypted = NULL;
1027 size_t dlen;
1028
1029 if (len < 24)
1030 return;
1031
1032 hdr = (const struct ieee80211_hdr *) data;
1033 fc = le_to_host16(hdr->frame_control);
1034 wt->rx_mgmt++;
1035 stype = WLAN_FC_GET_STYPE(fc);
1036
1037 if ((hdr->addr1[0] & 0x01) &&
1038 (stype == WLAN_FC_STYPE_DEAUTH ||
1039 stype == WLAN_FC_STYPE_DISASSOC ||
1040 stype == WLAN_FC_STYPE_ACTION)) {
1041 if (check_bip(wt, data, len) < 0)
1042 valid = 0;
1043 }
1044
1045 wpa_printf((stype == WLAN_FC_STYPE_BEACON ||
1046 stype == WLAN_FC_STYPE_PROBE_RESP ||
1047 stype == WLAN_FC_STYPE_PROBE_REQ) ?
1048 MSG_EXCESSIVE : MSG_MSGDUMP,
1049 "MGMT %s%s%s DA=" MACSTR " SA=" MACSTR " BSSID=" MACSTR,
1050 mgmt_stype(stype),
1051 fc & WLAN_FC_PWRMGT ? " PwrMgt" : "",
1052 fc & WLAN_FC_ISWEP ? " Prot" : "",
1053 MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
1054 MAC2STR(hdr->addr3));
1055
1056 if ((fc & WLAN_FC_ISWEP) &&
1057 !(hdr->addr1[0] & 0x01) &&
1058 (stype == WLAN_FC_STYPE_DEAUTH ||
1059 stype == WLAN_FC_STYPE_DISASSOC ||
1060 stype == WLAN_FC_STYPE_ACTION)) {
1061 decrypted = mgmt_ccmp_decrypt(wt, data, len, &dlen);
1062 if (decrypted) {
1063 write_pcap_decrypted(wt, decrypted, dlen, NULL, 0);
1064 data = decrypted;
1065 len = dlen;
1066 } else
1067 valid = 0;
1068 }
1069
1070 if (!(fc & WLAN_FC_ISWEP) &&
1071 !(hdr->addr1[0] & 0x01) &&
1072 (stype == WLAN_FC_STYPE_DEAUTH ||
1073 stype == WLAN_FC_STYPE_DISASSOC ||
1074 stype == WLAN_FC_STYPE_ACTION)) {
1075 if (check_mgmt_ccmp(wt, data, len) < 0)
1076 valid = 0;
1077 }
1078
1079 switch (stype) {
1080 case WLAN_FC_STYPE_BEACON:
1081 rx_mgmt_beacon(wt, data, len);
1082 break;
1083 case WLAN_FC_STYPE_PROBE_RESP:
1084 rx_mgmt_probe_resp(wt, data, len);
1085 break;
1086 case WLAN_FC_STYPE_AUTH:
1087 rx_mgmt_auth(wt, data, len);
1088 break;
1089 case WLAN_FC_STYPE_DEAUTH:
1090 rx_mgmt_deauth(wt, data, len, valid);
1091 break;
1092 case WLAN_FC_STYPE_ASSOC_REQ:
1093 rx_mgmt_assoc_req(wt, data, len);
1094 break;
1095 case WLAN_FC_STYPE_ASSOC_RESP:
1096 rx_mgmt_assoc_resp(wt, data, len);
1097 break;
1098 case WLAN_FC_STYPE_REASSOC_REQ:
1099 rx_mgmt_reassoc_req(wt, data, len);
1100 break;
1101 case WLAN_FC_STYPE_REASSOC_RESP:
1102 rx_mgmt_reassoc_resp(wt, data, len);
1103 break;
1104 case WLAN_FC_STYPE_DISASSOC:
1105 rx_mgmt_disassoc(wt, data, len, valid);
1106 break;
1107 case WLAN_FC_STYPE_ACTION:
1108 rx_mgmt_action(wt, data, len, valid);
1109 break;
1110 }
1111
1112 os_free(decrypted);
1113
1114 wt->last_mgmt_valid = valid;
1115 }
1116
1117
1118 static void rx_mgmt_deauth_ack(struct wlantest *wt,
1119 const struct ieee80211_hdr *hdr)
1120 {
1121 const struct ieee80211_mgmt *mgmt;
1122 struct wlantest_bss *bss;
1123 struct wlantest_sta *sta;
1124
1125 mgmt = (const struct ieee80211_mgmt *) hdr;
1126 bss = bss_get(wt, mgmt->bssid);
1127 if (bss == NULL)
1128 return;
1129 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
1130 sta = sta_get(bss, mgmt->da);
1131 else
1132 sta = sta_get(bss, mgmt->sa);
1133 if (sta == NULL)
1134 return;
1135
1136 add_note(wt, MSG_DEBUG, "DEAUTH from " MACSTR " acknowledged by "
1137 MACSTR, MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
1138 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0) {
1139 int c;
1140 c = wt->last_mgmt_valid ?
1141 WLANTEST_STA_COUNTER_VALID_DEAUTH_RX_ACK :
1142 WLANTEST_STA_COUNTER_INVALID_DEAUTH_RX_ACK;
1143 sta->counters[c]++;
1144 }
1145 }
1146
1147
1148 static void rx_mgmt_disassoc_ack(struct wlantest *wt,
1149 const struct ieee80211_hdr *hdr)
1150 {
1151 const struct ieee80211_mgmt *mgmt;
1152 struct wlantest_bss *bss;
1153 struct wlantest_sta *sta;
1154
1155 mgmt = (const struct ieee80211_mgmt *) hdr;
1156 bss = bss_get(wt, mgmt->bssid);
1157 if (bss == NULL)
1158 return;
1159 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0)
1160 sta = sta_get(bss, mgmt->da);
1161 else
1162 sta = sta_get(bss, mgmt->sa);
1163 if (sta == NULL)
1164 return;
1165
1166 add_note(wt, MSG_DEBUG, "DISASSOC from " MACSTR " acknowledged by "
1167 MACSTR, MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
1168 if (os_memcmp(mgmt->sa, mgmt->bssid, ETH_ALEN) == 0) {
1169 int c;
1170 c = wt->last_mgmt_valid ?
1171 WLANTEST_STA_COUNTER_VALID_DISASSOC_RX_ACK :
1172 WLANTEST_STA_COUNTER_INVALID_DISASSOC_RX_ACK;
1173 sta->counters[c]++;
1174 }
1175 }
1176
1177
1178 void rx_mgmt_ack(struct wlantest *wt, const struct ieee80211_hdr *hdr)
1179 {
1180 u16 fc, stype;
1181 fc = le_to_host16(hdr->frame_control);
1182 stype = WLAN_FC_GET_STYPE(fc);
1183
1184 wpa_printf(MSG_MSGDUMP, "MGMT ACK: stype=%u a1=" MACSTR " a2=" MACSTR
1185 " a3=" MACSTR,
1186 stype, MAC2STR(hdr->addr1), MAC2STR(hdr->addr2),
1187 MAC2STR(hdr->addr3));
1188
1189 switch (stype) {
1190 case WLAN_FC_STYPE_DEAUTH:
1191 rx_mgmt_deauth_ack(wt, hdr);
1192 break;
1193 case WLAN_FC_STYPE_DISASSOC:
1194 rx_mgmt_disassoc_ack(wt, hdr);
1195 break;
1196 }
1197 }
Unnamed repository; edit this file 'description' to name the repository.