[thirdparty/hostap.git] / src / ap / iapp.c

/*
 * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP)
 * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 *
 * Note: IEEE 802.11F-2003 was a experimental use specification. It has expired
 * and IEEE has withdrawn it. In other words, it is likely better to look at
 * using some other mechanism for AP-to-AP communication than extending the
 * implementation here.
 */

/* TODO:
 * Level 1: no administrative or security support
 *	(e.g., static BSSID to IP address mapping in each AP)
 * Level 2: support for dynamic mapping of BSSID to IP address
 * Level 3: support for encryption and authentication of IAPP messages
 * - add support for MOVE-notify and MOVE-response (this requires support for
 *   finding out IP address for previous AP using RADIUS)
 * - add support for Send- and ACK-Security-Block to speedup IEEE 802.1X during
 *   reassociation to another AP
 * - implement counters etc. for IAPP MIB
 * - verify endianness of fields in IAPP messages; are they big-endian as
 *   used here?
 * - RADIUS connection for AP registration and BSSID to IP address mapping
 * - TCP connection for IAPP MOVE, CACHE
 * - broadcast ESP for IAPP ADD-notify
 * - ESP for IAPP MOVE messages
 * - security block sending/processing
 * - IEEE 802.11 context transfer
 */

#include "utils/includes.h"
#include <net/if.h>
#include <sys/ioctl.h>
#include <netpacket/packet.h>

#include "utils/common.h"
#include "utils/eloop.h"
#include "common/ieee802_11_defs.h"
#include "hostapd.h"
#include "ap_config.h"
#include "ieee802_11.h"
#include "sta_info.h"
#include "iapp.h"


#define IAPP_MULTICAST "224.0.1.178"
#define IAPP_UDP_PORT 3517
#define IAPP_TCP_PORT 3517

struct iapp_hdr {
	u8 version;
	u8 command;
	be16 identifier;
	be16 length;
	/* followed by length-6 octets of data */
} __attribute__ ((packed));

#define IAPP_VERSION 0

enum IAPP_COMMAND {
	IAPP_CMD_ADD_notify = 0,
	IAPP_CMD_MOVE_notify = 1,
	IAPP_CMD_MOVE_response = 2,
	IAPP_CMD_Send_Security_Block = 3,
	IAPP_CMD_ACK_Security_Block = 4,
	IAPP_CMD_CACHE_notify = 5,
	IAPP_CMD_CACHE_response = 6,
};


/* ADD-notify - multicast UDP on the local LAN */
struct iapp_add_notify {
	u8 addr_len; /* ETH_ALEN */
	u8 reserved;
	u8 mac_addr[ETH_ALEN];
	be16 seq_num;
} __attribute__ ((packed));


/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */
struct iapp_layer2_update {
	u8 da[ETH_ALEN]; /* broadcast */
	u8 sa[ETH_ALEN]; /* STA addr */
	be16 len; /* 6 */
	u8 dsap; /* null DSAP address */
	u8 ssap; /* null SSAP address, CR=Response */
	u8 control;
	u8 xid_info[3];
} __attribute__ ((packed));


/* MOVE-notify - unicast TCP */
struct iapp_move_notify {
	u8 addr_len; /* ETH_ALEN */
	u8 reserved;
	u8 mac_addr[ETH_ALEN];
	u16 seq_num;
	u16 ctx_block_len;
	/* followed by ctx_block_len bytes */
} __attribute__ ((packed));


/* MOVE-response - unicast TCP */
struct iapp_move_response {
	u8 addr_len; /* ETH_ALEN */
	u8 status;
	u8 mac_addr[ETH_ALEN];
	u16 seq_num;
	u16 ctx_block_len;
	/* followed by ctx_block_len bytes */
} __attribute__ ((packed));

enum {
	IAPP_MOVE_SUCCESSFUL = 0,
	IAPP_MOVE_DENIED = 1,
	IAPP_MOVE_STALE_MOVE = 2,
};


/* CACHE-notify */
struct iapp_cache_notify {
	u8 addr_len; /* ETH_ALEN */
	u8 reserved;
	u8 mac_addr[ETH_ALEN];
	u16 seq_num;
	u8 current_ap[ETH_ALEN];
	u16 ctx_block_len;
	/* ctx_block_len bytes of context block followed by 16-bit context
	 * timeout */
} __attribute__ ((packed));


/* CACHE-response - unicast TCP */
struct iapp_cache_response {
	u8 addr_len; /* ETH_ALEN */
	u8 status;
	u8 mac_addr[ETH_ALEN];
	u16 seq_num;
} __attribute__ ((packed));

enum {
	IAPP_CACHE_SUCCESSFUL = 0,
	IAPP_CACHE_STALE_CACHE = 1,
};


/* Send-Security-Block - unicast TCP */
struct iapp_send_security_block {
	u8 iv[8];
	u16 sec_block_len;
	/* followed by sec_block_len bytes of security block */
} __attribute__ ((packed));


/* ACK-Security-Block - unicast TCP */
struct iapp_ack_security_block {
	u8 iv[8];
	u8 new_ap_ack_authenticator[48];
} __attribute__ ((packed));


struct iapp_data {
	struct hostapd_data *hapd;
	u16 identifier; /* next IAPP identifier */
	struct in_addr own, multicast;
	int udp_sock;
	int packet_sock;
};


static void iapp_send_add(struct iapp_data *iapp, u8 *mac_addr, u16 seq_num)
{
	char buf[128];
	struct iapp_hdr *hdr;
	struct iapp_add_notify *add;
	struct sockaddr_in addr;

	/* Send IAPP ADD-notify to remove possible association from other APs
	 */

	hdr = (struct iapp_hdr *) buf;
	hdr->version = IAPP_VERSION;
	hdr->command = IAPP_CMD_ADD_notify;
	hdr->identifier = host_to_be16(iapp->identifier++);
	hdr->length = host_to_be16(sizeof(*hdr) + sizeof(*add));

	add = (struct iapp_add_notify *) (hdr + 1);
	add->addr_len = ETH_ALEN;
	add->reserved = 0;
	os_memcpy(add->mac_addr, mac_addr, ETH_ALEN);

	add->seq_num = host_to_be16(seq_num);
	
	os_memset(&addr, 0, sizeof(addr));
	addr.sin_family = AF_INET;
	addr.sin_addr.s_addr = iapp->multicast.s_addr;
	addr.sin_port = htons(IAPP_UDP_PORT);
	if (sendto(iapp->udp_sock, buf, (char *) (add + 1) - buf, 0,
		   (struct sockaddr *) &addr, sizeof(addr)) < 0)
		wpa_printf(MSG_INFO, "sendto[IAPP-ADD]: %s", strerror(errno));
}


static void iapp_send_layer2_update(struct iapp_data *iapp, u8 *addr)
{
	struct iapp_layer2_update msg;

	/* Send Level 2 Update Frame to update forwarding tables in layer 2
	 * bridge devices */

	/* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID)
	 * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */

	os_memset(msg.da, 0xff, ETH_ALEN);
	os_memcpy(msg.sa, addr, ETH_ALEN);
	msg.len = host_to_be16(6);
	msg.dsap = 0; /* NULL DSAP address */
	msg.ssap = 0x01; /* NULL SSAP address, CR Bit: Response */
	msg.control = 0xaf; /* XID response lsb.1111F101.
			     * F=0 (no poll command; unsolicited frame) */
	msg.xid_info[0] = 0x81; /* XID format identifier */
	msg.xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */
	msg.xid_info[2] = 1 << 1; /* XID sender's receive window size (RW)
				   * FIX: what is correct RW with 802.11? */

	if (send(iapp->packet_sock, &msg, sizeof(msg), 0) < 0)
		wpa_printf(MSG_INFO, "send[L2 Update]: %s", strerror(errno));
}


/**
 * iapp_new_station - IAPP processing for a new STA
 * @iapp: IAPP data
 * @sta: The associated station
 */
void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta)
{
	u16 seq = 0; /* TODO */

	if (iapp == NULL)
		return;

	/* IAPP-ADD.request(MAC Address, Sequence Number, Timeout) */
	hostapd_logger(iapp->hapd, sta->addr, HOSTAPD_MODULE_IAPP,
		       HOSTAPD_LEVEL_DEBUG, "IAPP-ADD.request(seq=%d)", seq);
	iapp_send_layer2_update(iapp, sta->addr);
	iapp_send_add(iapp, sta->addr, seq);

	/* TODO: If this was reassociation:
	 * IAPP-MOVE.request(MAC Address, Sequence Number, Old AP,
	 *                   Context Block, Timeout)
	 * TODO: Send IAPP-MOVE to the old AP; Map Old AP BSSID to
	 * IP address */
}


static void iapp_process_add_notify(struct iapp_data *iapp,
				    struct sockaddr_in *from,
				    struct iapp_hdr *hdr, int len)
{
	struct iapp_add_notify *add = (struct iapp_add_notify *) (hdr + 1);
	struct sta_info *sta;

	if (len != sizeof(*add)) {
		wpa_printf(MSG_INFO, "Invalid IAPP-ADD packet length %d (expected %lu)",
			   len, (unsigned long) sizeof(*add));
		return;
	}

	sta = ap_get_sta(iapp->hapd, add->mac_addr);

	/* IAPP-ADD.indication(MAC Address, Sequence Number) */
	hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP,
		       HOSTAPD_LEVEL_INFO,
		       "Received IAPP ADD-notify (seq# %d) from %s:%d%s",
		       be_to_host16(add->seq_num),
		       inet_ntoa(from->sin_addr), ntohs(from->sin_port),
		       sta ? "" : " (STA not found)");

	if (!sta)
		return;

	/* TODO: could use seq_num to try to determine whether last association
	 * to this AP is newer than the one advertised in IAPP-ADD. Although,
	 * this is not really a reliable verification. */

	hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP,
		       HOSTAPD_LEVEL_DEBUG,
		       "Removing STA due to IAPP ADD-notify");
	ap_sta_disconnect(iapp->hapd, sta, NULL, 0);
}


/**
 * iapp_receive_udp - Process IAPP UDP frames
 * @sock: File descriptor for the socket
 * @eloop_ctx: IAPP data (struct iapp_data *)
 * @sock_ctx: Not used
 */
static void iapp_receive_udp(int sock, void *eloop_ctx, void *sock_ctx)
{
	struct iapp_data *iapp = eloop_ctx;
	int len, hlen;
	unsigned char buf[128];
	struct sockaddr_in from;
	socklen_t fromlen;
	struct iapp_hdr *hdr;

	/* Handle incoming IAPP frames (over UDP/IP) */

	fromlen = sizeof(from);
	len = recvfrom(iapp->udp_sock, buf, sizeof(buf), 0,
		       (struct sockaddr *) &from, &fromlen);
	if (len < 0) {
		wpa_printf(MSG_INFO, "iapp_receive_udp - recvfrom: %s",
			   strerror(errno));
		return;
	}

	if (from.sin_addr.s_addr == iapp->own.s_addr)
		return; /* ignore own IAPP messages */

	hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP,
		       HOSTAPD_LEVEL_DEBUG,
		       "Received %d byte IAPP frame from %s%s\n",
		       len, inet_ntoa(from.sin_addr),
		       len < (int) sizeof(*hdr) ? " (too short)" : "");

	if (len < (int) sizeof(*hdr))
		return;

	hdr = (struct iapp_hdr *) buf;
	hlen = be_to_host16(hdr->length);
	hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP,
		       HOSTAPD_LEVEL_DEBUG,
		       "RX: version=%d command=%d id=%d len=%d\n",
		       hdr->version, hdr->command,
		       be_to_host16(hdr->identifier), hlen);
	if (hdr->version != IAPP_VERSION) {
		wpa_printf(MSG_INFO, "Dropping IAPP frame with unknown version %d",
			   hdr->version);
		return;
	}
	if (hlen > len) {
		wpa_printf(MSG_INFO, "Underflow IAPP frame (hlen=%d len=%d)",
			   hlen, len);
		return;
	}
	if (hlen < len) {
		wpa_printf(MSG_INFO, "Ignoring %d extra bytes from IAPP frame",
			   len - hlen);
		len = hlen;
	}

	switch (hdr->command) {
	case IAPP_CMD_ADD_notify:
		iapp_process_add_notify(iapp, &from, hdr, len - sizeof(*hdr));
		break;
	case IAPP_CMD_MOVE_notify:
		/* TODO: MOVE is using TCP; so move this to TCP handler once it
		 * is implemented.. */
		/* IAPP-MOVE.indication(MAC Address, New BSSID,
		 * Sequence Number, AP Address, Context Block) */
		/* TODO: process */
		break;
	default:
		wpa_printf(MSG_INFO, "Unknown IAPP command %d", hdr->command);
		break;
	}
}


struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface)
{
	struct ifreq ifr;
	struct sockaddr_ll addr;
	int ifindex;
	struct sockaddr_in *paddr, uaddr;
	struct iapp_data *iapp;
	struct ip_mreqn mreq;

	iapp = os_zalloc(sizeof(*iapp));
	if (iapp == NULL)
		return NULL;
	iapp->hapd = hapd;
	iapp->udp_sock = iapp->packet_sock = -1;

	/* TODO:
	 * open socket for sending and receiving IAPP frames over TCP
	 */

	iapp->udp_sock = socket(PF_INET, SOCK_DGRAM, 0);
	if (iapp->udp_sock < 0) {
		wpa_printf(MSG_INFO, "iapp_init - socket[PF_INET,SOCK_DGRAM]: %s",
			   strerror(errno));
		iapp_deinit(iapp);
		return NULL;
	}

	os_memset(&ifr, 0, sizeof(ifr));
	os_strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
	if (ioctl(iapp->udp_sock, SIOCGIFINDEX, &ifr) != 0) {
		wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFINDEX): %s",
			   strerror(errno));
		iapp_deinit(iapp);
		return NULL;
	}
	ifindex = ifr.ifr_ifindex;

	if (ioctl(iapp->udp_sock, SIOCGIFADDR, &ifr) != 0) {
		wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFADDR): %s",
			   strerror(errno));
		iapp_deinit(iapp);
		return NULL;
	}
	paddr = (struct sockaddr_in *) &ifr.ifr_addr;
	if (paddr->sin_family != AF_INET) {
		wpa_printf(MSG_INFO, "IAPP: Invalid address family %i (SIOCGIFADDR)",
			   paddr->sin_family);
		iapp_deinit(iapp);
		return NULL;
	}
	iapp->own.s_addr = paddr->sin_addr.s_addr;

	if (ioctl(iapp->udp_sock, SIOCGIFBRDADDR, &ifr) != 0) {
		wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFBRDADDR): %s",
			   strerror(errno));
		iapp_deinit(iapp);
		return NULL;
	}
	paddr = (struct sockaddr_in *) &ifr.ifr_addr;
	if (paddr->sin_family != AF_INET) {
		wpa_printf(MSG_INFO, "Invalid address family %i (SIOCGIFBRDADDR)",
			   paddr->sin_family);
		iapp_deinit(iapp);
		return NULL;
	}
	inet_aton(IAPP_MULTICAST, &iapp->multicast);

	os_memset(&uaddr, 0, sizeof(uaddr));
	uaddr.sin_family = AF_INET;
	uaddr.sin_port = htons(IAPP_UDP_PORT);
	if (bind(iapp->udp_sock, (struct sockaddr *) &uaddr,
		 sizeof(uaddr)) < 0) {
		wpa_printf(MSG_INFO, "iapp_init - bind[UDP]: %s",
			   strerror(errno));
		iapp_deinit(iapp);
		return NULL;
	}

	os_memset(&mreq, 0, sizeof(mreq));
	mreq.imr_multiaddr = iapp->multicast;
	mreq.imr_address.s_addr = INADDR_ANY;
	mreq.imr_ifindex = 0;
	if (setsockopt(iapp->udp_sock, SOL_IP, IP_ADD_MEMBERSHIP, &mreq,
		       sizeof(mreq)) < 0) {
		wpa_printf(MSG_INFO, "iapp_init - setsockopt[UDP,IP_ADD_MEMBERSHIP]: %s",
			   strerror(errno));
		iapp_deinit(iapp);
		return NULL;
	}

	iapp->packet_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
	if (iapp->packet_sock < 0) {
		wpa_printf(MSG_INFO, "iapp_init - socket[PF_PACKET,SOCK_RAW]: %s",
			   strerror(errno));
		iapp_deinit(iapp);
		return NULL;
	}

	os_memset(&addr, 0, sizeof(addr));
	addr.sll_family = AF_PACKET;
	addr.sll_ifindex = ifindex;
	if (bind(iapp->packet_sock, (struct sockaddr *) &addr,
		 sizeof(addr)) < 0) {
		wpa_printf(MSG_INFO, "iapp_init - bind[PACKET]: %s",
			   strerror(errno));
		iapp_deinit(iapp);
		return NULL;
	}

	if (eloop_register_read_sock(iapp->udp_sock, iapp_receive_udp,
				     iapp, NULL)) {
		wpa_printf(MSG_INFO, "Could not register read socket for IAPP");
		iapp_deinit(iapp);
		return NULL;
	}

	wpa_printf(MSG_INFO, "IEEE 802.11F (IAPP) using interface %s", iface);

	/* TODO: For levels 2 and 3: send RADIUS Initiate-Request, receive
	 * RADIUS Initiate-Accept or Initiate-Reject. IAPP port should actually
	 * be openned only after receiving Initiate-Accept. If Initiate-Reject
	 * is received, IAPP is not started. */

	return iapp;
}


void iapp_deinit(struct iapp_data *iapp)
{
	struct ip_mreqn mreq;

	if (iapp == NULL)
		return;

	if (iapp->udp_sock >= 0) {
		os_memset(&mreq, 0, sizeof(mreq));
		mreq.imr_multiaddr = iapp->multicast;
		mreq.imr_address.s_addr = INADDR_ANY;
		mreq.imr_ifindex = 0;
		if (setsockopt(iapp->udp_sock, SOL_IP, IP_DROP_MEMBERSHIP,
			       &mreq, sizeof(mreq)) < 0) {
			wpa_printf(MSG_INFO, "iapp_deinit - setsockopt[UDP,IP_DEL_MEMBERSHIP]: %s",
				   strerror(errno));
		}

		eloop_unregister_read_sock(iapp->udp_sock);
		close(iapp->udp_sock);
	}
	if (iapp->packet_sock >= 0) {
		eloop_unregister_read_sock(iapp->packet_sock);
		close(iapp->packet_sock);
	}
	os_free(iapp);
}
Commit	Line	Data
6fc6879b JM	1	/*
	2	* hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP)
	3	* Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi>
	4	*
0f3d578e JM	5	* This software may be distributed under the terms of the BSD license.
0f3d578e JM	6	* See README for more details.
6fc6879b JM	7	*
	8	* Note: IEEE 802.11F-2003 was a experimental use specification. It has expired
	9	* and IEEE has withdrawn it. In other words, it is likely better to look at
1c6e69cc	10	* using some other mechanism for AP-to-AP communication than extending the
6fc6879b JM	11	* implementation here.
	12	*/
	13
	14	/* TODO:
	15	* Level 1: no administrative or security support
	16	* (e.g., static BSSID to IP address mapping in each AP)
	17	* Level 2: support for dynamic mapping of BSSID to IP address
	18	* Level 3: support for encryption and authentication of IAPP messages
	19	* - add support for MOVE-notify and MOVE-response (this requires support for
	20	* finding out IP address for previous AP using RADIUS)
	21	* - add support for Send- and ACK-Security-Block to speedup IEEE 802.1X during
	22	* reassociation to another AP
	23	* - implement counters etc. for IAPP MIB
	24	* - verify endianness of fields in IAPP messages; are they big-endian as
	25	* used here?
	26	* - RADIUS connection for AP registration and BSSID to IP address mapping
	27	* - TCP connection for IAPP MOVE, CACHE
	28	* - broadcast ESP for IAPP ADD-notify
	29	* - ESP for IAPP MOVE messages
	30	* - security block sending/processing
	31	* - IEEE 802.11 context transfer
	32	*/
	33
1057d78e	34	#include "utils/includes.h"
6fc6879b JM	35	#include <net/if.h>
6fc6879b JM	36	#include <sys/ioctl.h>
6fc6879b	37	#include <netpacket/packet.h>
6fc6879b	38
1057d78e JM	39	#include "utils/common.h"
1057d78e JM	40	#include "utils/eloop.h"
81f4f619	41	#include "common/ieee802_11_defs.h"
6226e38d JM	42	#include "hostapd.h"
	43	#include "ap_config.h"
	44	#include "ieee802_11.h"
	45	#include "sta_info.h"
6fc6879b	46	#include "iapp.h"
6fc6879b JM	47
	48
	49	#define IAPP_MULTICAST "224.0.1.178"
	50	#define IAPP_UDP_PORT 3517
	51	#define IAPP_TCP_PORT 3517
	52
	53	struct iapp_hdr {
	54	u8 version;
	55	u8 command;
	56	be16 identifier;
	57	be16 length;
	58	/* followed by length-6 octets of data */
	59	} __attribute__ ((packed));
	60
	61	#define IAPP_VERSION 0
	62
	63	enum IAPP_COMMAND {
	64	IAPP_CMD_ADD_notify = 0,
	65	IAPP_CMD_MOVE_notify = 1,
	66	IAPP_CMD_MOVE_response = 2,
	67	IAPP_CMD_Send_Security_Block = 3,
	68	IAPP_CMD_ACK_Security_Block = 4,
	69	IAPP_CMD_CACHE_notify = 5,
	70	IAPP_CMD_CACHE_response = 6,
	71	};
	72
	73
	74	/* ADD-notify - multicast UDP on the local LAN */
	75	struct iapp_add_notify {
	76	u8 addr_len; /* ETH_ALEN */
	77	u8 reserved;
	78	u8 mac_addr[ETH_ALEN];
	79	be16 seq_num;
	80	} __attribute__ ((packed));
	81
	82
	83	/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */
	84	struct iapp_layer2_update {
	85	u8 da[ETH_ALEN]; /* broadcast */
	86	u8 sa[ETH_ALEN]; /* STA addr */
	87	be16 len; /* 6 */
	88	u8 dsap; /* null DSAP address */
	89	u8 ssap; /* null SSAP address, CR=Response */
	90	u8 control;
	91	u8 xid_info[3];
	92	} __attribute__ ((packed));
	93
	94
	95	/* MOVE-notify - unicast TCP */
	96	struct iapp_move_notify {
	97	u8 addr_len; /* ETH_ALEN */
	98	u8 reserved;
	99	u8 mac_addr[ETH_ALEN];
	100	u16 seq_num;
	101	u16 ctx_block_len;
	102	/* followed by ctx_block_len bytes */
	103	} __attribute__ ((packed));
	104
	105
	106	/* MOVE-response - unicast TCP */
	107	struct iapp_move_response {
	108	u8 addr_len; /* ETH_ALEN */
	109	u8 status;
	110	u8 mac_addr[ETH_ALEN];
111	u16 seq_num;
112	u16 ctx_block_len;
113	/* followed by ctx_block_len bytes */
114	} __attribute__ ((packed));
115
116	enum {
117	IAPP_MOVE_SUCCESSFUL = 0,
118	IAPP_MOVE_DENIED = 1,
119	IAPP_MOVE_STALE_MOVE = 2,
120	};
121
122
123	/* CACHE-notify */
124	struct iapp_cache_notify {
125	u8 addr_len; /* ETH_ALEN */
126	u8 reserved;
127	u8 mac_addr[ETH_ALEN];
128	u16 seq_num;
129	u8 current_ap[ETH_ALEN];
130	u16 ctx_block_len;
131	/* ctx_block_len bytes of context block followed by 16-bit context
132	* timeout */
133	} __attribute__ ((packed));
134
135
136	/* CACHE-response - unicast TCP */
137	struct iapp_cache_response {
138	u8 addr_len; /* ETH_ALEN */
139	u8 status;
140	u8 mac_addr[ETH_ALEN];
141	u16 seq_num;
142	} __attribute__ ((packed));
143
144	enum {
145	IAPP_CACHE_SUCCESSFUL = 0,
146	IAPP_CACHE_STALE_CACHE = 1,
147	};
148
149
150	/* Send-Security-Block - unicast TCP */
151	struct iapp_send_security_block {
152	u8 iv[8];
153	u16 sec_block_len;
154	/* followed by sec_block_len bytes of security block */
155	} __attribute__ ((packed));
156
157
158	/* ACK-Security-Block - unicast TCP */
159	struct iapp_ack_security_block {
160	u8 iv[8];
161	u8 new_ap_ack_authenticator[48];
162	} __attribute__ ((packed));
163
164
165	struct iapp_data {
166	struct hostapd_data *hapd;
167	u16 identifier; /* next IAPP identifier */
168	struct in_addr own, multicast;
169	int udp_sock;
170	int packet_sock;
171	};
172
173
174	static void iapp_send_add(struct iapp_data iapp, u8 mac_addr, u16 seq_num)
175	{
176	char buf[128];
177	struct iapp_hdr *hdr;
178	struct iapp_add_notify *add;
179	struct sockaddr_in addr;
180
181	/* Send IAPP ADD-notify to remove possible association from other APs
182	*/
183
184	hdr = (struct iapp_hdr *) buf;
185	hdr->version = IAPP_VERSION;
186	hdr->command = IAPP_CMD_ADD_notify;
187	hdr->identifier = host_to_be16(iapp->identifier++);
188	hdr->length = host_to_be16(sizeof(hdr) + sizeof(add));
189
190	add = (struct iapp_add_notify *) (hdr + 1);
191	add->addr_len = ETH_ALEN;
192	add->reserved = 0;
193	os_memcpy(add->mac_addr, mac_addr, ETH_ALEN);
194
195	add->seq_num = host_to_be16(seq_num);
196
197	os_memset(&addr, 0, sizeof(addr));
198	addr.sin_family = AF_INET;
199	addr.sin_addr.s_addr = iapp->multicast.s_addr;
200	addr.sin_port = htons(IAPP_UDP_PORT);
201	if (sendto(iapp->udp_sock, buf, (char *) (add + 1) - buf, 0,
202	(struct sockaddr *) &addr, sizeof(addr)) < 0)
61323e70	203	wpa_printf(MSG_INFO, "sendto[IAPP-ADD]: %s", strerror(errno));
6fc6879b JM	204	}
	205
	206
	207	static void iapp_send_layer2_update(struct iapp_data iapp, u8 addr)
	208	{
	209	struct iapp_layer2_update msg;
	210
	211	/* Send Level 2 Update Frame to update forwarding tables in layer 2
	212	* bridge devices */
	213
	214	/* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID)
	215	* Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */
	216
	217	os_memset(msg.da, 0xff, ETH_ALEN);
	218	os_memcpy(msg.sa, addr, ETH_ALEN);
	219	msg.len = host_to_be16(6);
	220	msg.dsap = 0; /* NULL DSAP address */
	221	msg.ssap = 0x01; /* NULL SSAP address, CR Bit: Response */
	222	msg.control = 0xaf; /* XID response lsb.1111F101.
	223	* F=0 (no poll command; unsolicited frame) */
	224	msg.xid_info[0] = 0x81; /* XID format identifier */
	225	msg.xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */
	226	msg.xid_info[2] = 1 << 1; /* XID sender's receive window size (RW)
	227	* FIX: what is correct RW with 802.11? */
	228
	229	if (send(iapp->packet_sock, &msg, sizeof(msg), 0) < 0)
61323e70	230	wpa_printf(MSG_INFO, "send[L2 Update]: %s", strerror(errno));
6fc6879b JM	231	}
	232
	233
1c6e69cc JM	234	/**
	235	* iapp_new_station - IAPP processing for a new STA
	236	* @iapp: IAPP data
	237	* @sta: The associated station
	238	*/
6fc6879b JM	239	void iapp_new_station(struct iapp_data iapp, struct sta_info sta)
6fc6879b JM	240	{
5bdac4ab	241	u16 seq = 0; /* TODO */
6fc6879b JM	242
	243	if (iapp == NULL)
	244	return;
	245
6fc6879b JM	246	/* IAPP-ADD.request(MAC Address, Sequence Number, Timeout) */
	247	hostapd_logger(iapp->hapd, sta->addr, HOSTAPD_MODULE_IAPP,
	248	HOSTAPD_LEVEL_DEBUG, "IAPP-ADD.request(seq=%d)", seq);
	249	iapp_send_layer2_update(iapp, sta->addr);
	250	iapp_send_add(iapp, sta->addr, seq);
	251
5bdac4ab JM	252	/* TODO: If this was reassociation:
	253	* IAPP-MOVE.request(MAC Address, Sequence Number, Old AP,
	254	* Context Block, Timeout)
	255	* TODO: Send IAPP-MOVE to the old AP; Map Old AP BSSID to
	256	* IP address */
6fc6879b JM	257	}
	258
	259
	260	static void iapp_process_add_notify(struct iapp_data *iapp,
	261	struct sockaddr_in *from,
	262	struct iapp_hdr *hdr, int len)
	263	{
	264	struct iapp_add_notify add = (struct iapp_add_notify ) (hdr + 1);
	265	struct sta_info *sta;
	266
	267	if (len != sizeof(*add)) {
61323e70 JM	268	wpa_printf(MSG_INFO, "Invalid IAPP-ADD packet length %d (expected %lu)",
61323e70 JM	269	len, (unsigned long) sizeof(*add));
6fc6879b JM	270	return;
	271	}
	272
	273	sta = ap_get_sta(iapp->hapd, add->mac_addr);
	274
	275	/* IAPP-ADD.indication(MAC Address, Sequence Number) */
	276	hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP,
	277	HOSTAPD_LEVEL_INFO,
	278	"Received IAPP ADD-notify (seq# %d) from %s:%d%s",
	279	be_to_host16(add->seq_num),
	280	inet_ntoa(from->sin_addr), ntohs(from->sin_port),
	281	sta ? "" : " (STA not found)");
	282
	283	if (!sta)
	284	return;
	285
	286	/* TODO: could use seq_num to try to determine whether last association
	287	* to this AP is newer than the one advertised in IAPP-ADD. Although,
	288	* this is not really a reliable verification. */
	289
	290	hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP,
	291	HOSTAPD_LEVEL_DEBUG,
	292	"Removing STA due to IAPP ADD-notify");
45cefa0b	293	ap_sta_disconnect(iapp->hapd, sta, NULL, 0);
6fc6879b JM	294	}
	295
	296
1c6e69cc JM	297	/**
	298	* iapp_receive_udp - Process IAPP UDP frames
	299	* @sock: File descriptor for the socket
	300	* @eloop_ctx: IAPP data (struct iapp_data *)
	301	* @sock_ctx: Not used
	302	*/
6fc6879b JM	303	static void iapp_receive_udp(int sock, void eloop_ctx, void sock_ctx)
	304	{
	305	struct iapp_data *iapp = eloop_ctx;
	306	int len, hlen;
	307	unsigned char buf[128];
	308	struct sockaddr_in from;
	309	socklen_t fromlen;
	310	struct iapp_hdr *hdr;
	311
	312	/* Handle incoming IAPP frames (over UDP/IP) */
	313
	314	fromlen = sizeof(from);
	315	len = recvfrom(iapp->udp_sock, buf, sizeof(buf), 0,
	316	(struct sockaddr *) &from, &fromlen);
	317	if (len < 0) {
61323e70 JM	318	wpa_printf(MSG_INFO, "iapp_receive_udp - recvfrom: %s",
61323e70 JM	319	strerror(errno));
6fc6879b JM	320	return;
	321	}
	322
	323	if (from.sin_addr.s_addr == iapp->own.s_addr)
	324	return; /* ignore own IAPP messages */
	325
	326	hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP,
	327	HOSTAPD_LEVEL_DEBUG,
	328	"Received %d byte IAPP frame from %s%s\n",
	329	len, inet_ntoa(from.sin_addr),
	330	len < (int) sizeof(*hdr) ? " (too short)" : "");
	331
	332	if (len < (int) sizeof(*hdr))
	333	return;
	334
	335	hdr = (struct iapp_hdr *) buf;
	336	hlen = be_to_host16(hdr->length);
	337	hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP,
	338	HOSTAPD_LEVEL_DEBUG,
	339	"RX: version=%d command=%d id=%d len=%d\n",
	340	hdr->version, hdr->command,
	341	be_to_host16(hdr->identifier), hlen);
	342	if (hdr->version != IAPP_VERSION) {
61323e70 JM	343	wpa_printf(MSG_INFO, "Dropping IAPP frame with unknown version %d",
61323e70 JM	344	hdr->version);
6fc6879b JM	345	return;
	346	}
	347	if (hlen > len) {
61323e70 JM	348	wpa_printf(MSG_INFO, "Underflow IAPP frame (hlen=%d len=%d)",
61323e70 JM	349	hlen, len);
6fc6879b JM	350	return;
	351	}
	352	if (hlen < len) {
61323e70 JM	353	wpa_printf(MSG_INFO, "Ignoring %d extra bytes from IAPP frame",
61323e70 JM	354	len - hlen);
6fc6879b JM	355	len = hlen;
	356	}
	357
	358	switch (hdr->command) {
	359	case IAPP_CMD_ADD_notify:
4aa01d38	360	iapp_process_add_notify(iapp, &from, hdr, len - sizeof(*hdr));
6fc6879b JM	361	break;
	362	case IAPP_CMD_MOVE_notify:
	363	/* TODO: MOVE is using TCP; so move this to TCP handler once it
	364	* is implemented.. */
	365	/* IAPP-MOVE.indication(MAC Address, New BSSID,
	366	* Sequence Number, AP Address, Context Block) */
	367	/* TODO: process */
	368	break;
	369	default:
61323e70	370	wpa_printf(MSG_INFO, "Unknown IAPP command %d", hdr->command);
6fc6879b JM	371	break;
	372	}
	373	}
	374
	375
	376	struct iapp_data * iapp_init(struct hostapd_data hapd, const char iface)
	377	{
	378	struct ifreq ifr;
	379	struct sockaddr_ll addr;
	380	int ifindex;
	381	struct sockaddr_in *paddr, uaddr;
	382	struct iapp_data *iapp;
	383	struct ip_mreqn mreq;
	384
	385	iapp = os_zalloc(sizeof(*iapp));
	386	if (iapp == NULL)
	387	return NULL;
	388	iapp->hapd = hapd;
	389	iapp->udp_sock = iapp->packet_sock = -1;
	390
	391	/* TODO:
	392	* open socket for sending and receiving IAPP frames over TCP
	393	*/
	394
	395	iapp->udp_sock = socket(PF_INET, SOCK_DGRAM, 0);
	396	if (iapp->udp_sock < 0) {
61323e70 JM	397	wpa_printf(MSG_INFO, "iapp_init - socket[PF_INET,SOCK_DGRAM]: %s",
61323e70 JM	398	strerror(errno));
6fc6879b JM	399	iapp_deinit(iapp);
	400	return NULL;
	401	}
	402
	403	os_memset(&ifr, 0, sizeof(ifr));
	404	os_strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name));
	405	if (ioctl(iapp->udp_sock, SIOCGIFINDEX, &ifr) != 0) {
61323e70 JM	406	wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFINDEX): %s",
61323e70 JM	407	strerror(errno));
6fc6879b JM	408	iapp_deinit(iapp);
	409	return NULL;
	410	}
	411	ifindex = ifr.ifr_ifindex;
	412
	413	if (ioctl(iapp->udp_sock, SIOCGIFADDR, &ifr) != 0) {
61323e70 JM	414	wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFADDR): %s",
61323e70 JM	415	strerror(errno));
6fc6879b JM	416	iapp_deinit(iapp);
	417	return NULL;
	418	}
	419	paddr = (struct sockaddr_in *) &ifr.ifr_addr;
	420	if (paddr->sin_family != AF_INET) {
61323e70 JM	421	wpa_printf(MSG_INFO, "IAPP: Invalid address family %i (SIOCGIFADDR)",
61323e70 JM	422	paddr->sin_family);
6fc6879b JM	423	iapp_deinit(iapp);
	424	return NULL;
	425	}
	426	iapp->own.s_addr = paddr->sin_addr.s_addr;
	427
	428	if (ioctl(iapp->udp_sock, SIOCGIFBRDADDR, &ifr) != 0) {
61323e70 JM	429	wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFBRDADDR): %s",
61323e70 JM	430	strerror(errno));
6fc6879b JM	431	iapp_deinit(iapp);
	432	return NULL;
	433	}
	434	paddr = (struct sockaddr_in *) &ifr.ifr_addr;
	435	if (paddr->sin_family != AF_INET) {
61323e70 JM	436	wpa_printf(MSG_INFO, "Invalid address family %i (SIOCGIFBRDADDR)",
61323e70 JM	437	paddr->sin_family);
6fc6879b JM	438	iapp_deinit(iapp);
	439	return NULL;
	440	}
	441	inet_aton(IAPP_MULTICAST, &iapp->multicast);
	442
	443	os_memset(&uaddr, 0, sizeof(uaddr));
	444	uaddr.sin_family = AF_INET;
	445	uaddr.sin_port = htons(IAPP_UDP_PORT);
	446	if (bind(iapp->udp_sock, (struct sockaddr *) &uaddr,
	447	sizeof(uaddr)) < 0) {
61323e70 JM	448	wpa_printf(MSG_INFO, "iapp_init - bind[UDP]: %s",
61323e70 JM	449	strerror(errno));
6fc6879b JM	450	iapp_deinit(iapp);
	451	return NULL;
	452	}
	453
	454	os_memset(&mreq, 0, sizeof(mreq));
	455	mreq.imr_multiaddr = iapp->multicast;
	456	mreq.imr_address.s_addr = INADDR_ANY;
	457	mreq.imr_ifindex = 0;
	458	if (setsockopt(iapp->udp_sock, SOL_IP, IP_ADD_MEMBERSHIP, &mreq,
	459	sizeof(mreq)) < 0) {
61323e70 JM	460	wpa_printf(MSG_INFO, "iapp_init - setsockopt[UDP,IP_ADD_MEMBERSHIP]: %s",
61323e70 JM	461	strerror(errno));
6fc6879b JM	462	iapp_deinit(iapp);
	463	return NULL;
	464	}
	465
	466	iapp->packet_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
	467	if (iapp->packet_sock < 0) {
61323e70 JM	468	wpa_printf(MSG_INFO, "iapp_init - socket[PF_PACKET,SOCK_RAW]: %s",
61323e70 JM	469	strerror(errno));
6fc6879b JM	470	iapp_deinit(iapp);
	471	return NULL;
	472	}
	473
	474	os_memset(&addr, 0, sizeof(addr));
	475	addr.sll_family = AF_PACKET;
	476	addr.sll_ifindex = ifindex;
	477	if (bind(iapp->packet_sock, (struct sockaddr *) &addr,
	478	sizeof(addr)) < 0) {
61323e70 JM	479	wpa_printf(MSG_INFO, "iapp_init - bind[PACKET]: %s",
61323e70 JM	480	strerror(errno));
6fc6879b JM	481	iapp_deinit(iapp);
	482	return NULL;
	483	}
	484
	485	if (eloop_register_read_sock(iapp->udp_sock, iapp_receive_udp,
	486	iapp, NULL)) {
61323e70	487	wpa_printf(MSG_INFO, "Could not register read socket for IAPP");
6fc6879b JM	488	iapp_deinit(iapp);
	489	return NULL;
	490	}
	491
61323e70	492	wpa_printf(MSG_INFO, "IEEE 802.11F (IAPP) using interface %s", iface);
6fc6879b JM	493
	494	/* TODO: For levels 2 and 3: send RADIUS Initiate-Request, receive
	495	* RADIUS Initiate-Accept or Initiate-Reject. IAPP port should actually
	496	* be openned only after receiving Initiate-Accept. If Initiate-Reject
	497	* is received, IAPP is not started. */
	498
	499	return iapp;
	500	}
	501
	502
	503	void iapp_deinit(struct iapp_data *iapp)
	504	{
	505	struct ip_mreqn mreq;
	506
	507	if (iapp == NULL)
	508	return;
	509
	510	if (iapp->udp_sock >= 0) {
	511	os_memset(&mreq, 0, sizeof(mreq));
	512	mreq.imr_multiaddr = iapp->multicast;
	513	mreq.imr_address.s_addr = INADDR_ANY;
	514	mreq.imr_ifindex = 0;
	515	if (setsockopt(iapp->udp_sock, SOL_IP, IP_DROP_MEMBERSHIP,
	516	&mreq, sizeof(mreq)) < 0) {
61323e70 JM	517	wpa_printf(MSG_INFO, "iapp_deinit - setsockopt[UDP,IP_DEL_MEMBERSHIP]: %s",
61323e70 JM	518	strerror(errno));
6fc6879b JM	519	}
	520
	521	eloop_unregister_read_sock(iapp->udp_sock);
	522	close(iapp->udp_sock);
	523	}
	524	if (iapp->packet_sock >= 0) {
	525	eloop_unregister_read_sock(iapp->packet_sock);
	526	close(iapp->packet_sock);
	527	}
	528	os_free(iapp);
	529	}