]>
Commit | Line | Data |
---|---|---|
461d39af JM |
1 | /* |
2 | * Generic advertisement service (GAS) server | |
3 | * Copyright (c) 2017, Qualcomm Atheros, Inc. | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
12 | #include "utils/list.h" | |
13 | #include "utils/eloop.h" | |
14 | #include "ieee802_11_defs.h" | |
15 | #include "gas.h" | |
16 | #include "gas_server.h" | |
17 | ||
18 | ||
19 | #define MAX_ADV_PROTO_ID_LEN 10 | |
20 | #define GAS_QUERY_TIMEOUT 10 | |
21 | ||
22 | struct gas_server_handler { | |
23 | struct dl_list list; | |
24 | u8 adv_proto_id[MAX_ADV_PROTO_ID_LEN]; | |
25 | u8 adv_proto_id_len; | |
26 | struct wpabuf * (*req_cb)(void *ctx, const u8 *sa, | |
27 | const u8 *query, size_t query_len); | |
28 | void (*status_cb)(void *ctx, struct wpabuf *resp, int ok); | |
29 | void *ctx; | |
30 | struct gas_server *gas; | |
31 | }; | |
32 | ||
33 | struct gas_server_response { | |
34 | struct dl_list list; | |
35 | size_t offset; | |
36 | u8 frag_id; | |
37 | struct wpabuf *resp; | |
38 | int freq; | |
39 | u8 dst[ETH_ALEN]; | |
40 | u8 dialog_token; | |
41 | struct gas_server_handler *handler; | |
42 | }; | |
43 | ||
44 | struct gas_server { | |
45 | struct dl_list handlers; /* struct gas_server_handler::list */ | |
46 | struct dl_list responses; /* struct gas_server_response::list */ | |
47 | void (*tx)(void *ctx, int freq, const u8 *da, struct wpabuf *resp, | |
48 | unsigned int wait_time); | |
49 | void *ctx; | |
50 | }; | |
51 | ||
52 | static void gas_server_free_response(struct gas_server_response *response); | |
53 | ||
54 | ||
55 | static void gas_server_response_timeout(void *eloop_ctx, void *user_ctx) | |
56 | { | |
57 | struct gas_server_response *response = eloop_ctx; | |
58 | ||
59 | wpa_printf(MSG_DEBUG, "GAS: Response @%p timeout for " MACSTR | |
60 | " (dialog_token=%u freq=%d frag_id=%u sent=%lu/%lu) - drop pending data", | |
61 | response, MAC2STR(response->dst), response->dialog_token, | |
62 | response->freq, response->frag_id, | |
63 | (unsigned long) response->offset, | |
64 | (unsigned long) wpabuf_len(response->resp)); | |
65 | response->handler->status_cb(response->handler->ctx, | |
66 | response->resp, 0); | |
67 | response->resp = NULL; | |
68 | dl_list_del(&response->list); | |
69 | gas_server_free_response(response); | |
70 | } | |
71 | ||
72 | ||
73 | static void gas_server_free_response(struct gas_server_response *response) | |
74 | { | |
75 | if (!response) | |
76 | return; | |
77 | wpa_printf(MSG_DEBUG, "DPP: Free GAS response @%p", response); | |
78 | eloop_cancel_timeout(gas_server_response_timeout, response, NULL); | |
79 | wpabuf_free(response->resp); | |
80 | os_free(response); | |
81 | } | |
82 | ||
83 | ||
84 | static void | |
85 | gas_server_send_resp(struct gas_server *gas, struct gas_server_handler *handler, | |
86 | const u8 *da, int freq, u8 dialog_token, | |
87 | struct wpabuf *query_resp) | |
88 | { | |
89 | size_t max_len = (freq > 56160) ? 928 : 1400; | |
90 | size_t hdr_len = 24 + 2 + 5 + 3 + handler->adv_proto_id_len + 2; | |
91 | size_t resp_frag_len; | |
92 | struct wpabuf *resp; | |
93 | u16 comeback_delay; | |
94 | struct gas_server_response *response; | |
95 | ||
96 | if (!query_resp) | |
97 | return; | |
98 | ||
99 | response = os_zalloc(sizeof(*response)); | |
c7896ef9 JM |
100 | if (!response) { |
101 | wpabuf_free(query_resp); | |
461d39af | 102 | return; |
c7896ef9 | 103 | } |
461d39af JM |
104 | wpa_printf(MSG_DEBUG, "DPP: Allocated GAS response @%p", response); |
105 | response->freq = freq; | |
106 | response->handler = handler; | |
107 | os_memcpy(response->dst, da, ETH_ALEN); | |
108 | response->dialog_token = dialog_token; | |
109 | if (hdr_len + wpabuf_len(query_resp) > max_len) { | |
110 | /* Need to use comeback to initiate fragmentation */ | |
111 | comeback_delay = 1; | |
112 | resp_frag_len = 0; | |
113 | } else { | |
114 | /* Full response fits into the initial response */ | |
115 | comeback_delay = 0; | |
116 | resp_frag_len = wpabuf_len(query_resp); | |
117 | } | |
118 | ||
119 | resp = gas_build_initial_resp(dialog_token, WLAN_STATUS_SUCCESS, | |
120 | comeback_delay, | |
121 | handler->adv_proto_id_len + | |
122 | resp_frag_len); | |
123 | if (!resp) { | |
c7896ef9 | 124 | wpabuf_free(query_resp); |
461d39af JM |
125 | gas_server_free_response(response); |
126 | return; | |
127 | } | |
128 | ||
129 | /* Advertisement Protocol element */ | |
130 | wpabuf_put_u8(resp, WLAN_EID_ADV_PROTO); | |
131 | wpabuf_put_u8(resp, 1 + handler->adv_proto_id_len); /* Length */ | |
132 | wpabuf_put_u8(resp, 0x7f); | |
133 | /* Advertisement Protocol ID */ | |
134 | wpabuf_put_data(resp, handler->adv_proto_id, handler->adv_proto_id_len); | |
135 | ||
136 | /* Query Response Length */ | |
137 | wpabuf_put_le16(resp, resp_frag_len); | |
138 | if (!comeback_delay) | |
139 | wpabuf_put_buf(resp, query_resp); | |
140 | ||
141 | if (comeback_delay) { | |
142 | wpa_printf(MSG_DEBUG, | |
143 | "GAS: Need to fragment query response"); | |
144 | } else { | |
145 | wpa_printf(MSG_DEBUG, | |
146 | "GAS: Full query response fits in the GAS Initial Response frame"); | |
147 | } | |
148 | response->offset = resp_frag_len; | |
149 | response->resp = query_resp; | |
150 | dl_list_add(&gas->responses, &response->list); | |
151 | gas->tx(gas->ctx, freq, da, resp, comeback_delay ? 2000 : 0); | |
152 | wpabuf_free(resp); | |
153 | eloop_register_timeout(GAS_QUERY_TIMEOUT, 0, | |
154 | gas_server_response_timeout, response, NULL); | |
155 | } | |
156 | ||
157 | ||
158 | static int | |
159 | gas_server_rx_initial_req(struct gas_server *gas, const u8 *da, const u8 *sa, | |
160 | const u8 *bssid, int freq, u8 dialog_token, | |
161 | const u8 *data, size_t len) | |
162 | { | |
163 | const u8 *pos, *end, *adv_proto, *query_req; | |
164 | u8 adv_proto_len; | |
165 | u16 query_req_len; | |
166 | struct gas_server_handler *handler; | |
167 | struct wpabuf *resp; | |
168 | ||
169 | wpa_hexdump(MSG_MSGDUMP, "GAS: Received GAS Initial Request frame", | |
170 | data, len); | |
171 | pos = data; | |
172 | end = data + len; | |
173 | ||
174 | if (end - pos < 2 || pos[0] != WLAN_EID_ADV_PROTO) { | |
175 | wpa_printf(MSG_DEBUG, | |
176 | "GAS: No Advertisement Protocol element found"); | |
177 | return -1; | |
178 | } | |
179 | pos++; | |
180 | adv_proto_len = *pos++; | |
181 | if (end - pos < adv_proto_len || adv_proto_len < 2) { | |
182 | wpa_printf(MSG_DEBUG, | |
183 | "GAS: Truncated Advertisement Protocol element"); | |
184 | return -1; | |
185 | } | |
186 | ||
187 | adv_proto = pos; | |
188 | pos += adv_proto_len; | |
189 | wpa_hexdump(MSG_MSGDUMP, "GAS: Advertisement Protocol element", | |
190 | adv_proto, adv_proto_len); | |
191 | ||
192 | if (end - pos < 2) { | |
193 | wpa_printf(MSG_DEBUG, "GAS: No Query Request Length field"); | |
194 | return -1; | |
195 | } | |
196 | query_req_len = WPA_GET_LE16(pos); | |
197 | pos += 2; | |
198 | if (end - pos < query_req_len) { | |
199 | wpa_printf(MSG_DEBUG, "GAS: Truncated Query Request field"); | |
200 | return -1; | |
201 | } | |
202 | query_req = pos; | |
203 | pos += query_req_len; | |
204 | wpa_hexdump(MSG_MSGDUMP, "GAS: Query Request", | |
205 | query_req, query_req_len); | |
206 | ||
207 | if (pos < end) { | |
208 | wpa_hexdump(MSG_MSGDUMP, | |
209 | "GAS: Ignored extra data after Query Request field", | |
210 | pos, end - pos); | |
211 | } | |
212 | ||
213 | dl_list_for_each(handler, &gas->handlers, struct gas_server_handler, | |
214 | list) { | |
215 | if (adv_proto_len < 1 + handler->adv_proto_id_len || | |
216 | os_memcmp(adv_proto + 1, handler->adv_proto_id, | |
217 | handler->adv_proto_id_len) != 0) | |
218 | continue; | |
219 | ||
220 | wpa_printf(MSG_DEBUG, | |
221 | "GAS: Calling handler for the requested Advertisement Protocol ID"); | |
222 | resp = handler->req_cb(handler->ctx, sa, query_req, | |
223 | query_req_len); | |
224 | wpa_hexdump_buf(MSG_MSGDUMP, "GAS: Response from the handler", | |
225 | resp); | |
226 | gas_server_send_resp(gas, handler, sa, freq, dialog_token, | |
227 | resp); | |
228 | return 0; | |
229 | } | |
230 | ||
231 | wpa_printf(MSG_DEBUG, | |
232 | "GAS: No registered handler for the requested Advertisement Protocol ID"); | |
233 | return -1; | |
234 | } | |
235 | ||
236 | ||
237 | static void | |
238 | gas_server_handle_rx_comeback_req(struct gas_server_response *response) | |
239 | { | |
240 | struct gas_server_handler *handler = response->handler; | |
241 | struct gas_server *gas = handler->gas; | |
242 | size_t max_len = (response->freq > 56160) ? 928 : 1400; | |
243 | size_t hdr_len = 24 + 2 + 6 + 3 + handler->adv_proto_id_len + 2; | |
244 | size_t remaining, resp_frag_len; | |
245 | struct wpabuf *resp; | |
246 | ||
247 | remaining = wpabuf_len(response->resp) - response->offset; | |
248 | if (hdr_len + remaining > max_len) | |
249 | resp_frag_len = max_len - hdr_len; | |
250 | else | |
251 | resp_frag_len = remaining; | |
252 | wpa_printf(MSG_DEBUG, | |
253 | "GAS: Sending out %u/%u remaining Query Response octets", | |
254 | (unsigned int) resp_frag_len, (unsigned int) remaining); | |
255 | ||
256 | resp = gas_build_comeback_resp(response->dialog_token, | |
257 | WLAN_STATUS_SUCCESS, | |
258 | response->frag_id++, | |
259 | resp_frag_len < remaining, 0, | |
260 | handler->adv_proto_id_len + | |
261 | resp_frag_len); | |
262 | if (!resp) { | |
11f07f02 | 263 | dl_list_del(&response->list); |
461d39af JM |
264 | gas_server_free_response(response); |
265 | return; | |
266 | } | |
267 | ||
268 | /* Advertisement Protocol element */ | |
269 | wpabuf_put_u8(resp, WLAN_EID_ADV_PROTO); | |
270 | wpabuf_put_u8(resp, 1 + handler->adv_proto_id_len); /* Length */ | |
271 | wpabuf_put_u8(resp, 0x7f); | |
272 | /* Advertisement Protocol ID */ | |
273 | wpabuf_put_data(resp, handler->adv_proto_id, handler->adv_proto_id_len); | |
274 | ||
275 | /* Query Response Length */ | |
276 | wpabuf_put_le16(resp, resp_frag_len); | |
277 | wpabuf_put_data(resp, wpabuf_head_u8(response->resp) + response->offset, | |
278 | resp_frag_len); | |
279 | ||
280 | response->offset += resp_frag_len; | |
281 | ||
282 | gas->tx(gas->ctx, response->freq, response->dst, resp, | |
283 | remaining > resp_frag_len ? 2000 : 0); | |
284 | wpabuf_free(resp); | |
285 | } | |
286 | ||
287 | ||
288 | static int | |
289 | gas_server_rx_comeback_req(struct gas_server *gas, const u8 *da, const u8 *sa, | |
290 | const u8 *bssid, int freq, u8 dialog_token) | |
291 | { | |
292 | struct gas_server_response *response; | |
293 | ||
294 | dl_list_for_each(response, &gas->responses, struct gas_server_response, | |
295 | list) { | |
296 | if (response->dialog_token != dialog_token || | |
297 | os_memcmp(sa, response->dst, ETH_ALEN) != 0) | |
298 | continue; | |
299 | gas_server_handle_rx_comeback_req(response); | |
300 | return 0; | |
301 | } | |
302 | ||
303 | wpa_printf(MSG_DEBUG, "GAS: No pending GAS response for " MACSTR | |
304 | " (dialog token %u)", MAC2STR(sa), dialog_token); | |
305 | return -1; | |
306 | } | |
307 | ||
308 | ||
309 | /** | |
310 | * gas_query_rx - Indicate reception of a Public Action or Protected Dual frame | |
311 | * @gas: GAS query data from gas_server_init() | |
312 | * @da: Destination MAC address of the Action frame | |
313 | * @sa: Source MAC address of the Action frame | |
314 | * @bssid: BSSID of the Action frame | |
315 | * @categ: Category of the Action frame | |
316 | * @data: Payload of the Action frame | |
317 | * @len: Length of @data | |
318 | * @freq: Frequency (in MHz) on which the frame was received | |
319 | * Returns: 0 if the Public Action frame was a GAS request frame or -1 if not | |
320 | */ | |
321 | int gas_server_rx(struct gas_server *gas, const u8 *da, const u8 *sa, | |
322 | const u8 *bssid, u8 categ, const u8 *data, size_t len, | |
323 | int freq) | |
324 | { | |
325 | u8 action, dialog_token; | |
326 | const u8 *pos, *end; | |
327 | ||
328 | if (!gas || len < 2) | |
329 | return -1; | |
330 | ||
331 | if (categ == WLAN_ACTION_PROTECTED_DUAL) | |
332 | return -1; /* Not supported for now */ | |
333 | ||
334 | pos = data; | |
335 | end = data + len; | |
336 | action = *pos++; | |
337 | dialog_token = *pos++; | |
338 | ||
339 | if (action != WLAN_PA_GAS_INITIAL_REQ && | |
340 | action != WLAN_PA_GAS_COMEBACK_REQ) | |
341 | return -1; /* Not a GAS request */ | |
342 | ||
343 | wpa_printf(MSG_DEBUG, "GAS: Received GAS %s Request frame DA=" MACSTR | |
344 | " SA=" MACSTR " BSSID=" MACSTR | |
345 | " freq=%d dialog_token=%u len=%u", | |
346 | action == WLAN_PA_GAS_INITIAL_REQ ? "Initial" : "Comeback", | |
347 | MAC2STR(da), MAC2STR(sa), MAC2STR(bssid), freq, dialog_token, | |
348 | (unsigned int) len); | |
349 | ||
350 | if (action == WLAN_PA_GAS_INITIAL_REQ) | |
351 | return gas_server_rx_initial_req(gas, da, sa, bssid, | |
352 | freq, dialog_token, | |
353 | pos, end - pos); | |
354 | return gas_server_rx_comeback_req(gas, da, sa, bssid, | |
355 | freq, dialog_token); | |
356 | } | |
357 | ||
358 | ||
359 | static void gas_server_handle_tx_status(struct gas_server_response *response, | |
360 | int ack) | |
361 | { | |
362 | if (ack && response->offset < wpabuf_len(response->resp)) { | |
363 | wpa_printf(MSG_DEBUG, | |
364 | "GAS: More fragments remaining - keep pending entry"); | |
365 | return; | |
366 | } | |
367 | ||
368 | if (!ack) | |
369 | wpa_printf(MSG_DEBUG, | |
370 | "GAS: No ACK received - drop pending entry"); | |
371 | else | |
372 | wpa_printf(MSG_DEBUG, | |
373 | "GAS: Last fragment of the response sent out - drop pending entry"); | |
374 | ||
375 | response->handler->status_cb(response->handler->ctx, | |
376 | response->resp, ack); | |
377 | response->resp = NULL; | |
378 | dl_list_del(&response->list); | |
379 | gas_server_free_response(response); | |
380 | } | |
381 | ||
382 | ||
383 | void gas_server_tx_status(struct gas_server *gas, const u8 *dst, const u8 *data, | |
384 | size_t data_len, int ack) | |
385 | { | |
386 | const u8 *pos; | |
387 | u8 action, code, dialog_token; | |
388 | struct gas_server_response *response; | |
389 | ||
390 | if (data_len < 24 + 3) | |
391 | return; | |
392 | pos = data + 24; | |
393 | action = *pos++; | |
394 | code = *pos++; | |
395 | dialog_token = *pos++; | |
396 | if (action != WLAN_ACTION_PUBLIC || | |
397 | (code != WLAN_PA_GAS_INITIAL_RESP && | |
398 | code != WLAN_PA_GAS_COMEBACK_RESP)) | |
399 | return; | |
400 | wpa_printf(MSG_DEBUG, "GAS: TX status dst=" MACSTR | |
401 | " ack=%d %s dialog_token=%u", | |
402 | MAC2STR(dst), ack, | |
403 | code == WLAN_PA_GAS_INITIAL_RESP ? "initial" : "comeback", | |
404 | dialog_token); | |
405 | dl_list_for_each(response, &gas->responses, struct gas_server_response, | |
406 | list) { | |
407 | if (response->dialog_token != dialog_token || | |
408 | os_memcmp(dst, response->dst, ETH_ALEN) != 0) | |
409 | continue; | |
410 | gas_server_handle_tx_status(response, ack); | |
411 | return; | |
412 | } | |
413 | ||
414 | wpa_printf(MSG_DEBUG, "GAS: No pending response matches TX status"); | |
415 | } | |
416 | ||
417 | ||
418 | struct gas_server * gas_server_init(void *ctx, | |
419 | void (*tx)(void *ctx, int freq, | |
420 | const u8 *da, | |
421 | struct wpabuf *buf, | |
422 | unsigned int wait_time)) | |
423 | { | |
424 | struct gas_server *gas; | |
425 | ||
426 | gas = os_zalloc(sizeof(*gas)); | |
427 | if (!gas) | |
428 | return NULL; | |
429 | gas->ctx = ctx; | |
430 | gas->tx = tx; | |
431 | dl_list_init(&gas->handlers); | |
432 | dl_list_init(&gas->responses); | |
433 | return gas; | |
434 | } | |
435 | ||
436 | ||
437 | void gas_server_deinit(struct gas_server *gas) | |
438 | { | |
439 | struct gas_server_handler *handler, *tmp; | |
440 | struct gas_server_response *response, *tmp_r; | |
441 | ||
442 | if (!gas) | |
443 | return; | |
444 | ||
445 | dl_list_for_each_safe(handler, tmp, &gas->handlers, | |
446 | struct gas_server_handler, list) { | |
447 | dl_list_del(&handler->list); | |
448 | os_free(handler); | |
449 | } | |
450 | ||
451 | dl_list_for_each_safe(response, tmp_r, &gas->responses, | |
452 | struct gas_server_response, list) { | |
453 | dl_list_del(&response->list); | |
454 | gas_server_free_response(response); | |
455 | } | |
456 | ||
457 | os_free(gas); | |
458 | } | |
459 | ||
460 | ||
461 | int gas_server_register(struct gas_server *gas, | |
462 | const u8 *adv_proto_id, u8 adv_proto_id_len, | |
463 | struct wpabuf * | |
464 | (*req_cb)(void *ctx, const u8 *sa, | |
465 | const u8 *query, size_t query_len), | |
466 | void (*status_cb)(void *ctx, struct wpabuf *resp, | |
467 | int ok), | |
468 | void *ctx) | |
469 | { | |
470 | struct gas_server_handler *handler; | |
471 | ||
472 | if (!gas || adv_proto_id_len > MAX_ADV_PROTO_ID_LEN) | |
473 | return -1; | |
474 | handler = os_zalloc(sizeof(*handler)); | |
475 | if (!handler) | |
476 | return -1; | |
477 | ||
478 | os_memcpy(handler->adv_proto_id, adv_proto_id, adv_proto_id_len); | |
479 | handler->adv_proto_id_len = adv_proto_id_len; | |
480 | handler->req_cb = req_cb; | |
481 | handler->status_cb = status_cb; | |
482 | handler->ctx = ctx; | |
483 | handler->gas = gas; | |
484 | dl_list_add(&gas->handlers, &handler->list); | |
485 | ||
486 | return 0; | |
487 | } |