2 * Received Data frame processing
3 * Copyright (c) 2010-2015, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "common/defs.h"
13 #include "common/ieee802_11_defs.h"
17 static const char * data_stype(u16 stype
)
20 case WLAN_FC_STYPE_DATA
:
22 case WLAN_FC_STYPE_DATA_CFACK
:
24 case WLAN_FC_STYPE_DATA_CFPOLL
:
26 case WLAN_FC_STYPE_DATA_CFACKPOLL
:
27 return "DATA-CFACKPOLL";
28 case WLAN_FC_STYPE_NULLFUNC
:
30 case WLAN_FC_STYPE_CFACK
:
32 case WLAN_FC_STYPE_CFPOLL
:
34 case WLAN_FC_STYPE_CFACKPOLL
:
36 case WLAN_FC_STYPE_QOS_DATA
:
38 case WLAN_FC_STYPE_QOS_DATA_CFACK
:
39 return "QOSDATA-CFACK";
40 case WLAN_FC_STYPE_QOS_DATA_CFPOLL
:
41 return "QOSDATA-CFPOLL";
42 case WLAN_FC_STYPE_QOS_DATA_CFACKPOLL
:
43 return "QOSDATA-CFACKPOLL";
44 case WLAN_FC_STYPE_QOS_NULL
:
46 case WLAN_FC_STYPE_QOS_CFPOLL
:
48 case WLAN_FC_STYPE_QOS_CFACKPOLL
:
49 return "QOS-CFACKPOLL";
55 static void rx_data_eth(struct wlantest
*wt
, const u8
*bssid
,
56 const u8
*sta_addr
, const u8
*dst
, const u8
*src
,
57 u16 ethertype
, const u8
*data
, size_t len
, int prot
,
60 static void rx_data_vlan(struct wlantest
*wt
, const u8
*bssid
,
61 const u8
*sta_addr
, const u8
*dst
, const u8
*src
,
62 const u8
*data
, size_t len
, int prot
,
69 tag
= WPA_GET_BE16(data
);
70 wpa_printf(MSG_MSGDUMP
, "VLAN tag: Priority=%u ID=%u",
71 tag
>> 12, tag
& 0x0ffff);
72 /* ignore VLAN information and process the original frame */
73 rx_data_eth(wt
, bssid
, sta_addr
, dst
, src
, WPA_GET_BE16(data
+ 2),
74 data
+ 4, len
- 4, prot
, peer_addr
);
78 static void rx_data_eth(struct wlantest
*wt
, const u8
*bssid
,
79 const u8
*sta_addr
, const u8
*dst
, const u8
*src
,
80 u16 ethertype
, const u8
*data
, size_t len
, int prot
,
85 rx_data_eapol(wt
, bssid
, sta_addr
, dst
, src
, data
, len
, prot
);
88 rx_data_ip(wt
, bssid
, sta_addr
, dst
, src
, data
, len
,
92 rx_data_80211_encap(wt
, bssid
, sta_addr
, dst
, src
, data
, len
);
95 rx_data_vlan(wt
, bssid
, sta_addr
, dst
, src
, data
, len
, prot
,
102 static void rx_data_process(struct wlantest
*wt
, const u8
*bssid
,
104 const u8
*dst
, const u8
*src
,
105 const u8
*data
, size_t len
, int prot
,
111 if (len
>= 8 && os_memcmp(data
, "\xaa\xaa\x03\x00\x00\x00", 6) == 0) {
112 rx_data_eth(wt
, bssid
, sta_addr
, dst
, src
,
113 WPA_GET_BE16(data
+ 6), data
+ 8, len
- 8, prot
,
118 wpa_hexdump(MSG_DEBUG
, "Unrecognized LLC", data
, len
> 8 ? 8 : len
);
122 static void write_decrypted_note(struct wlantest
*wt
, const u8
*decrypted
,
123 const u8
*tk
, size_t tk_len
, int keyid
)
130 wpa_snprintf_hex(tk_hex
, sizeof(tk_hex
), tk
, tk_len
);
131 add_note(wt
, MSG_EXCESSIVE
, "TK[%d] %s", keyid
, tk_hex
);
135 static u8
* try_ptk(int pairwise_cipher
, struct wpa_ptk
*ptk
,
136 const struct ieee80211_hdr
*hdr
,
137 const u8
*data
, size_t data_len
, size_t *decrypted_len
)
140 unsigned int tk_len
= ptk
->tk_len
;
143 if ((pairwise_cipher
== WPA_CIPHER_CCMP
||
144 pairwise_cipher
== 0) && tk_len
== 16) {
145 decrypted
= ccmp_decrypt(ptk
->tk
, hdr
, data
,
146 data_len
, decrypted_len
);
147 } else if ((pairwise_cipher
== WPA_CIPHER_CCMP_256
||
148 pairwise_cipher
== 0) && tk_len
== 32) {
149 decrypted
= ccmp_256_decrypt(ptk
->tk
, hdr
, data
,
150 data_len
, decrypted_len
);
151 } else if ((pairwise_cipher
== WPA_CIPHER_GCMP
||
152 pairwise_cipher
== WPA_CIPHER_GCMP_256
||
153 pairwise_cipher
== 0) &&
154 (tk_len
== 16 || tk_len
== 32)) {
155 decrypted
= gcmp_decrypt(ptk
->tk
, tk_len
, hdr
,
156 data
, data_len
, decrypted_len
);
157 } else if ((pairwise_cipher
== WPA_CIPHER_TKIP
||
158 pairwise_cipher
== 0) && tk_len
== 32) {
159 decrypted
= tkip_decrypt(ptk
->tk
, hdr
, data
, data_len
,
167 static u8
* try_all_ptk(struct wlantest
*wt
, int pairwise_cipher
,
168 const struct ieee80211_hdr
*hdr
, int keyid
,
169 const u8
*data
, size_t data_len
, size_t *decrypted_len
)
171 struct wlantest_ptk
*ptk
;
173 int prev_level
= wpa_debug_level
;
175 wpa_debug_level
= MSG_WARNING
;
176 dl_list_for_each(ptk
, &wt
->ptk
, struct wlantest_ptk
, list
) {
177 decrypted
= try_ptk(pairwise_cipher
, &ptk
->ptk
, hdr
,
178 data
, data_len
, decrypted_len
);
180 wpa_debug_level
= prev_level
;
181 add_note(wt
, MSG_DEBUG
,
182 "Found PTK match from list of all known PTKs");
183 write_decrypted_note(wt
, decrypted
, ptk
->ptk
.tk
,
184 ptk
->ptk
.tk_len
, keyid
);
188 wpa_debug_level
= prev_level
;
194 static void check_plaintext_prot(struct wlantest
*wt
,
195 const struct ieee80211_hdr
*hdr
,
196 const u8
*data
, size_t len
)
198 if (len
< 8 + 3 || data
[8] != 0xaa || data
[9] != 0xaa ||
202 add_note(wt
, MSG_DEBUG
,
203 "Plaintext payload in protected frame");
204 wpa_printf(MSG_INFO
, "Plaintext payload in protected frame #%u: A2="
206 wt
->frame_num
, MAC2STR(hdr
->addr2
),
207 WLAN_GET_SEQ_SEQ(le_to_host16(hdr
->seq_ctrl
)));
211 static void rx_data_bss_prot_group(struct wlantest
*wt
,
212 const struct ieee80211_hdr
*hdr
,
214 const u8
*qos
, const u8
*dst
, const u8
*src
,
215 const u8
*data
, size_t len
)
217 struct wlantest_bss
*bss
;
219 u8
*decrypted
= NULL
;
224 bss
= bss_get(wt
, hdr
->addr2
);
228 add_note(wt
, MSG_INFO
, "Too short group addressed data frame");
232 if (bss
->group_cipher
& (WPA_CIPHER_TKIP
| WPA_CIPHER_CCMP
) &&
234 add_note(wt
, MSG_INFO
, "Expected TKIP/CCMP frame from "
235 MACSTR
" did not have ExtIV bit set to 1",
236 MAC2STR(bss
->bssid
));
240 if (bss
->group_cipher
== WPA_CIPHER_TKIP
) {
241 if (data
[3] & 0x1f) {
242 add_note(wt
, MSG_INFO
, "TKIP frame from " MACSTR
243 " used non-zero reserved bit",
244 MAC2STR(bss
->bssid
));
246 if (data
[1] != ((data
[0] | 0x20) & 0x7f)) {
247 add_note(wt
, MSG_INFO
, "TKIP frame from " MACSTR
248 " used incorrect WEPSeed[1] (was 0x%x, "
250 MAC2STR(bss
->bssid
), data
[1],
251 (data
[0] | 0x20) & 0x7f);
253 } else if (bss
->group_cipher
== WPA_CIPHER_CCMP
) {
254 if (data
[2] != 0 || (data
[3] & 0x1f) != 0) {
255 add_note(wt
, MSG_INFO
, "CCMP frame from " MACSTR
256 " used non-zero reserved bit",
257 MAC2STR(bss
->bssid
));
261 check_plaintext_prot(wt
, hdr
, data
, len
);
262 keyid
= data
[3] >> 6;
263 if (bss
->gtk_len
[keyid
] == 0 &&
264 (bss
->group_cipher
!= WPA_CIPHER_WEP40
||
265 dl_list_empty(&wt
->wep
))) {
266 add_note(wt
, MSG_MSGDUMP
, "No GTK known to decrypt the frame "
267 "(A2=" MACSTR
" KeyID=%d)",
268 MAC2STR(hdr
->addr2
), keyid
);
272 if (bss
->group_cipher
== WPA_CIPHER_TKIP
)
273 tkip_get_pn(pn
, data
);
274 else if (bss
->group_cipher
== WPA_CIPHER_WEP40
)
275 goto skip_replay_det
;
277 ccmp_get_pn(pn
, data
);
278 if (os_memcmp(pn
, bss
->rsc
[keyid
], 6) <= 0) {
279 u16 seq_ctrl
= le_to_host16(hdr
->seq_ctrl
);
280 char pn_hex
[6 * 2 + 1], rsc_hex
[6 * 2 + 1];
282 wpa_snprintf_hex(pn_hex
, sizeof(pn_hex
), pn
, 6);
283 wpa_snprintf_hex(rsc_hex
, sizeof(rsc_hex
), bss
->rsc
[keyid
], 6);
284 add_note(wt
, MSG_INFO
, "replay detected: A1=" MACSTR
285 " A2=" MACSTR
" A3=" MACSTR
286 " seq=%u frag=%u%s keyid=%d %s<=%s",
287 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
289 WLAN_GET_SEQ_SEQ(seq_ctrl
),
290 WLAN_GET_SEQ_FRAG(seq_ctrl
),
291 (le_to_host16(hdr
->frame_control
) & WLAN_FC_RETRY
) ?
293 keyid
, pn_hex
, rsc_hex
);
298 if (bss
->group_cipher
== WPA_CIPHER_TKIP
)
299 decrypted
= tkip_decrypt(bss
->gtk
[keyid
], hdr
, data
, len
,
301 else if (bss
->group_cipher
== WPA_CIPHER_WEP40
)
302 decrypted
= wep_decrypt(wt
, hdr
, data
, len
, &dlen
);
303 else if (bss
->group_cipher
== WPA_CIPHER_CCMP
)
304 decrypted
= ccmp_decrypt(bss
->gtk
[keyid
], hdr
, data
, len
,
306 else if (bss
->group_cipher
== WPA_CIPHER_CCMP_256
)
307 decrypted
= ccmp_256_decrypt(bss
->gtk
[keyid
], hdr
, data
, len
,
309 else if (bss
->group_cipher
== WPA_CIPHER_GCMP
||
310 bss
->group_cipher
== WPA_CIPHER_GCMP_256
)
311 decrypted
= gcmp_decrypt(bss
->gtk
[keyid
], bss
->gtk_len
[keyid
],
312 hdr
, data
, len
, &dlen
);
317 wpa_snprintf_hex(gtk
, sizeof(gtk
), bss
->gtk
[keyid
],
318 bss
->gtk_len
[keyid
]);
319 add_note(wt
, MSG_EXCESSIVE
, "GTK[%d] %s", keyid
, gtk
);
320 rx_data_process(wt
, bss
->bssid
, NULL
, dst
, src
, decrypted
,
323 os_memcpy(bss
->rsc
[keyid
], pn
, 6);
324 write_pcap_decrypted(wt
, (const u8
*) hdr
, hdrlen
,
327 wpa_printf(MSG_DEBUG
, "Failed to decrypt frame (group) #%u A2="
329 wt
->frame_num
, MAC2STR(hdr
->addr2
),
330 WLAN_GET_SEQ_SEQ(le_to_host16(hdr
->seq_ctrl
)));
331 add_note(wt
, MSG_DEBUG
, "Failed to decrypt frame (group)");
337 static u8
* try_ptk_decrypt(struct wlantest
*wt
, struct wlantest_sta
*sta
,
338 const struct ieee80211_hdr
*hdr
, int keyid
,
339 const u8
*data
, size_t len
,
340 const u8
*tk
, size_t tk_len
, size_t *dlen
)
342 u8
*decrypted
= NULL
;
344 if (sta
->pairwise_cipher
== WPA_CIPHER_CCMP_256
)
345 decrypted
= ccmp_256_decrypt(tk
, hdr
, data
, len
, dlen
);
346 else if (sta
->pairwise_cipher
== WPA_CIPHER_GCMP
||
347 sta
->pairwise_cipher
== WPA_CIPHER_GCMP_256
)
348 decrypted
= gcmp_decrypt(tk
, tk_len
, hdr
, data
, len
, dlen
);
350 decrypted
= ccmp_decrypt(tk
, hdr
, data
, len
, dlen
);
351 write_decrypted_note(wt
, decrypted
, tk
, tk_len
, keyid
);
357 static void rx_data_bss_prot(struct wlantest
*wt
,
358 const struct ieee80211_hdr
*hdr
, size_t hdrlen
,
359 const u8
*qos
, const u8
*dst
, const u8
*src
,
360 const u8
*data
, size_t len
)
362 struct wlantest_bss
*bss
, *bss2
;
363 struct wlantest_sta
*sta
, *sta2
;
365 u16 fc
= le_to_host16(hdr
->frame_control
);
366 u8
*decrypted
= NULL
;
369 u8 pn
[6], *rsc
= NULL
;
370 struct wlantest_tdls
*tdls
= NULL
, *found
;
372 int ptk_iter_done
= 0;
373 int try_ptk_iter
= 0;
375 int only_zero_tk
= 0;
376 u16 seq_ctrl
= le_to_host16(hdr
->seq_ctrl
);
378 if (hdr
->addr1
[0] & 0x01) {
379 rx_data_bss_prot_group(wt
, hdr
, hdrlen
, qos
, dst
, src
,
384 if ((fc
& (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) ==
385 (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) {
386 bss
= bss_find(wt
, hdr
->addr1
);
388 sta
= sta_find(bss
, hdr
->addr2
);
391 WLANTEST_STA_COUNTER_PROT_DATA_TX
]++;
393 if (!sta
|| !sta
->ptk_set
) {
394 bss2
= bss_find(wt
, hdr
->addr2
);
396 sta2
= sta_find(bss2
, hdr
->addr1
);
397 if (sta2
&& (!sta
|| sta2
->ptk_set
)) {
404 bss
= bss_find(wt
, hdr
->addr2
);
407 sta
= sta_find(bss
, hdr
->addr1
);
409 } else if (fc
& WLAN_FC_TODS
) {
410 bss
= bss_get(wt
, hdr
->addr1
);
413 sta
= sta_get(bss
, hdr
->addr2
);
415 sta
->counters
[WLANTEST_STA_COUNTER_PROT_DATA_TX
]++;
416 } else if (fc
& WLAN_FC_FROMDS
) {
417 bss
= bss_get(wt
, hdr
->addr2
);
420 sta
= sta_get(bss
, hdr
->addr1
);
422 bss
= bss_get(wt
, hdr
->addr3
);
425 sta
= sta_find(bss
, hdr
->addr2
);
426 sta2
= sta_find(bss
, hdr
->addr1
);
427 if (sta
== NULL
|| sta2
== NULL
)
430 dl_list_for_each(tdls
, &bss
->tdls
, struct wlantest_tdls
, list
)
432 if ((tdls
->init
== sta
&& tdls
->resp
== sta2
) ||
433 (tdls
->init
== sta2
&& tdls
->resp
== sta
)) {
441 add_note(wt
, MSG_DEBUG
,
442 "TDLS: Link not up, but Data "
448 check_plaintext_prot(wt
, hdr
, data
, len
);
450 (!sta
->ptk_set
&& sta
->pairwise_cipher
!= WPA_CIPHER_WEP40
)) &&
452 add_note(wt
, MSG_MSGDUMP
, "No PTK known to decrypt the frame");
453 if (dl_list_empty(&wt
->ptk
)) {
454 if (len
>= 4 && sta
) {
455 keyid
= data
[3] >> 6;
466 add_note(wt
, MSG_INFO
, "Too short encrypted data frame");
472 if (sta
->pairwise_cipher
& (WPA_CIPHER_TKIP
| WPA_CIPHER_CCMP
) &&
474 add_note(wt
, MSG_INFO
, "Expected TKIP/CCMP frame from "
475 MACSTR
" did not have ExtIV bit set to 1",
480 if (tk
== NULL
&& sta
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
481 if (data
[3] & 0x1f) {
482 add_note(wt
, MSG_INFO
, "TKIP frame from " MACSTR
483 " used non-zero reserved bit",
484 MAC2STR(hdr
->addr2
));
486 if (data
[1] != ((data
[0] | 0x20) & 0x7f)) {
487 add_note(wt
, MSG_INFO
, "TKIP frame from " MACSTR
488 " used incorrect WEPSeed[1] (was 0x%x, "
490 MAC2STR(hdr
->addr2
), data
[1],
491 (data
[0] | 0x20) & 0x7f);
493 } else if (tk
|| sta
->pairwise_cipher
== WPA_CIPHER_CCMP
) {
494 if (data
[2] != 0 || (data
[3] & 0x1f) != 0) {
495 add_note(wt
, MSG_INFO
, "CCMP frame from " MACSTR
496 " used non-zero reserved bit",
497 MAC2STR(hdr
->addr2
));
501 keyid
= data
[3] >> 6;
503 (!(sta
->rsn_capab
& WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST
) ||
504 !(bss
->rsn_capab
& WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST
) ||
506 add_note(wt
, MSG_INFO
,
507 "Unexpected KeyID %d in individually addressed Data frame from "
509 keyid
, MAC2STR(hdr
->addr2
));
514 if (fc
& WLAN_FC_TODS
)
520 if (fc
& WLAN_FC_TODS
)
526 if (os_memcmp(hdr
->addr2
, tdls
->init
->addr
, ETH_ALEN
) == 0)
527 rsc
= tdls
->rsc_init
[tid
];
529 rsc
= tdls
->rsc_resp
[tid
];
530 } else if ((fc
& (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) ==
531 (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) {
532 if (os_memcmp(sta
->addr
, hdr
->addr2
, ETH_ALEN
) == 0)
533 rsc
= sta
->rsc_tods
[tid
];
535 rsc
= sta
->rsc_fromds
[tid
];
536 } else if (fc
& WLAN_FC_TODS
)
537 rsc
= sta
->rsc_tods
[tid
];
539 rsc
= sta
->rsc_fromds
[tid
];
542 if (tk
== NULL
&& sta
->pairwise_cipher
== WPA_CIPHER_TKIP
)
543 tkip_get_pn(pn
, data
);
544 else if (sta
->pairwise_cipher
== WPA_CIPHER_WEP40
)
545 goto skip_replay_det
;
547 ccmp_get_pn(pn
, data
);
548 if (os_memcmp(pn
, rsc
, 6) <= 0) {
549 char pn_hex
[6 * 2 + 1], rsc_hex
[6 * 2 + 1];
551 wpa_snprintf_hex(pn_hex
, sizeof(pn_hex
), pn
, 6);
552 wpa_snprintf_hex(rsc_hex
, sizeof(rsc_hex
), rsc
, 6);
553 add_note(wt
, MSG_INFO
, "replay detected: A1=" MACSTR
554 " A2=" MACSTR
" A3=" MACSTR
555 " seq=%u frag=%u%s keyid=%d tid=%d %s<=%s",
556 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
558 WLAN_GET_SEQ_SEQ(seq_ctrl
),
559 WLAN_GET_SEQ_FRAG(seq_ctrl
),
560 (le_to_host16(hdr
->frame_control
) & WLAN_FC_RETRY
) ?
562 keyid
, tid
, pn_hex
, rsc_hex
);
568 if (sta
->pairwise_cipher
== WPA_CIPHER_CCMP_256
) {
569 decrypted
= ccmp_256_decrypt(tk
, hdr
, data
, len
, &dlen
);
570 write_decrypted_note(wt
, decrypted
, tk
, 32, keyid
);
571 } else if (sta
->pairwise_cipher
== WPA_CIPHER_GCMP
||
572 sta
->pairwise_cipher
== WPA_CIPHER_GCMP_256
) {
573 decrypted
= gcmp_decrypt(tk
, sta
->ptk
.tk_len
, hdr
, data
,
575 write_decrypted_note(wt
, decrypted
, tk
, sta
->ptk
.tk_len
,
578 decrypted
= ccmp_decrypt(tk
, hdr
, data
, len
, &dlen
);
579 write_decrypted_note(wt
, decrypted
, tk
, 16, keyid
);
581 } else if (sta
->pairwise_cipher
== WPA_CIPHER_TKIP
) {
582 decrypted
= tkip_decrypt(sta
->ptk
.tk
, hdr
, data
, len
, &dlen
);
583 write_decrypted_note(wt
, decrypted
, sta
->ptk
.tk
, 32, keyid
);
584 } else if (sta
->pairwise_cipher
== WPA_CIPHER_WEP40
) {
585 decrypted
= wep_decrypt(wt
, hdr
, data
, len
, &dlen
);
586 } else if (sta
->ptk_set
) {
587 decrypted
= try_ptk_decrypt(wt
, sta
, hdr
, keyid
, data
, len
,
588 sta
->ptk
.tk
, sta
->ptk
.tk_len
,
591 decrypted
= try_all_ptk(wt
, sta
->pairwise_cipher
, hdr
, keyid
,
595 if (!decrypted
&& !ptk_iter_done
) {
596 decrypted
= try_all_ptk(wt
, sta
->pairwise_cipher
, hdr
, keyid
,
599 add_note(wt
, MSG_DEBUG
, "Current PTK did not work, but found a match from all known PTKs");
604 struct wpa_ptk zero_ptk
;
605 int old_debug_level
= wpa_debug_level
;
607 os_memset(&zero_ptk
, 0, sizeof(zero_ptk
));
608 zero_ptk
.tk_len
= wpa_cipher_key_len(sta
->pairwise_cipher
);
609 wpa_debug_level
= MSG_ERROR
;
610 decrypted
= try_ptk(sta
->pairwise_cipher
, &zero_ptk
, hdr
,
612 wpa_debug_level
= old_debug_level
;
614 add_note(wt
, MSG_DEBUG
,
615 "Frame was encrypted with zero TK");
616 wpa_printf(MSG_INFO
, "Zero TK used in frame #%u: A2="
618 wt
->frame_num
, MAC2STR(hdr
->addr2
),
620 le_to_host16(hdr
->seq_ctrl
)));
621 write_decrypted_note(wt
, decrypted
, zero_ptk
.tk
,
622 zero_ptk
.tk_len
, keyid
);
626 u16 fc
= le_to_host16(hdr
->frame_control
);
627 const u8
*peer_addr
= NULL
;
628 if (!(fc
& (WLAN_FC_FROMDS
| WLAN_FC_TODS
)))
629 peer_addr
= hdr
->addr1
;
631 os_memcpy(rsc
, pn
, 6);
632 rx_data_process(wt
, bss
->bssid
, sta
->addr
, dst
, src
, decrypted
,
634 write_pcap_decrypted(wt
, (const u8
*) hdr
, hdrlen
,
636 } else if (sta
->tptk_set
) {
637 /* Check whether TPTK has a matching TK that could be used to
638 * decrypt the frame. That could happen if EAPOL-Key msg 4/4
639 * was missing in the capture and this was PTK rekeying. */
640 decrypted
= try_ptk_decrypt(wt
, sta
, hdr
, keyid
, data
, len
,
641 sta
->tptk
.tk
, sta
->tptk
.tk_len
,
644 add_note(wt
, MSG_DEBUG
,
645 "Update PTK (rekeying; no valid EAPOL-Key msg 4/4 seen)");
646 os_memcpy(&sta
->ptk
, &sta
->tptk
, sizeof(sta
->ptk
));
649 os_memset(sta
->rsc_tods
, 0, sizeof(sta
->rsc_tods
));
650 os_memset(sta
->rsc_fromds
, 0, sizeof(sta
->rsc_fromds
));
653 if (!try_ptk_iter
&& !only_zero_tk
) {
654 wpa_printf(MSG_DEBUG
,
655 "Failed to decrypt frame #%u A2=" MACSTR
657 wt
->frame_num
, MAC2STR(hdr
->addr2
),
658 WLAN_GET_SEQ_SEQ(seq_ctrl
));
659 add_note(wt
, MSG_DEBUG
, "Failed to decrypt frame");
662 /* Assume the frame was corrupted and there was no FCS to check.
663 * Allow retry of this particular frame to be processed so that
664 * it could end up getting decrypted if it was received without
666 sta
->allow_duplicate
= 1;
672 static void rx_data_bss(struct wlantest
*wt
, const struct ieee80211_hdr
*hdr
,
673 size_t hdrlen
, const u8
*qos
, const u8
*dst
,
674 const u8
*src
, const u8
*data
, size_t len
)
676 u16 fc
= le_to_host16(hdr
->frame_control
);
677 int prot
= !!(fc
& WLAN_FC_ISWEP
);
680 u8 ack
= (qos
[0] & 0x60) >> 5;
681 wpa_printf(MSG_MSGDUMP
, "BSS DATA: " MACSTR
" -> " MACSTR
682 " len=%u%s tid=%u%s%s",
683 MAC2STR(src
), MAC2STR(dst
), (unsigned int) len
,
684 prot
? " Prot" : "", qos
[0] & 0x0f,
685 (qos
[0] & 0x10) ? " EOSP" : "",
687 (ack
== 1 ? " NoAck" :
688 (ack
== 2 ? " NoExpAck" : " BA")));
690 wpa_printf(MSG_MSGDUMP
, "BSS DATA: " MACSTR
" -> " MACSTR
692 MAC2STR(src
), MAC2STR(dst
), (unsigned int) len
,
693 prot
? " Prot" : "");
697 rx_data_bss_prot(wt
, hdr
, hdrlen
, qos
, dst
, src
, data
, len
);
699 const u8
*bssid
, *sta_addr
, *peer_addr
;
700 struct wlantest_bss
*bss
;
702 if (fc
& WLAN_FC_TODS
) {
704 sta_addr
= hdr
->addr2
;
706 } else if (fc
& WLAN_FC_FROMDS
) {
708 sta_addr
= hdr
->addr1
;
712 sta_addr
= hdr
->addr2
;
713 peer_addr
= hdr
->addr1
;
716 bss
= bss_get(wt
, bssid
);
718 struct wlantest_sta
*sta
= sta_get(bss
, sta_addr
);
722 int tid
= qos
[0] & 0x0f;
723 if (fc
& WLAN_FC_TODS
)
728 if (fc
& WLAN_FC_TODS
)
736 rx_data_process(wt
, bssid
, sta_addr
, dst
, src
, data
, len
, 0,
742 static struct wlantest_tdls
* get_tdls(struct wlantest
*wt
, const u8
*bssid
,
746 struct wlantest_bss
*bss
;
747 struct wlantest_sta
*sta1
, *sta2
;
748 struct wlantest_tdls
*tdls
, *found
= NULL
;
750 bss
= bss_find(wt
, bssid
);
753 sta1
= sta_find(bss
, sta1_addr
);
756 sta2
= sta_find(bss
, sta2_addr
);
760 dl_list_for_each(tdls
, &bss
->tdls
, struct wlantest_tdls
, list
) {
761 if ((tdls
->init
== sta1
&& tdls
->resp
== sta2
) ||
762 (tdls
->init
== sta2
&& tdls
->resp
== sta1
)) {
773 static void add_direct_link(struct wlantest
*wt
, const u8
*bssid
,
774 const u8
*sta1_addr
, const u8
*sta2_addr
)
776 struct wlantest_tdls
*tdls
;
778 tdls
= get_tdls(wt
, bssid
, sta1_addr
, sta2_addr
);
783 tdls
->counters
[WLANTEST_TDLS_COUNTER_VALID_DIRECT_LINK
]++;
785 tdls
->counters
[WLANTEST_TDLS_COUNTER_INVALID_DIRECT_LINK
]++;
789 static void add_ap_path(struct wlantest
*wt
, const u8
*bssid
,
790 const u8
*sta1_addr
, const u8
*sta2_addr
)
792 struct wlantest_tdls
*tdls
;
794 tdls
= get_tdls(wt
, bssid
, sta1_addr
, sta2_addr
);
799 tdls
->counters
[WLANTEST_TDLS_COUNTER_INVALID_AP_PATH
]++;
801 tdls
->counters
[WLANTEST_TDLS_COUNTER_VALID_AP_PATH
]++;
805 void rx_data(struct wlantest
*wt
, const u8
*data
, size_t len
)
807 const struct ieee80211_hdr
*hdr
;
810 const u8
*qos
= NULL
;
815 hdr
= (const struct ieee80211_hdr
*) data
;
816 fc
= le_to_host16(hdr
->frame_control
);
817 stype
= WLAN_FC_GET_STYPE(fc
);
819 if ((fc
& (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) ==
820 (WLAN_FC_TODS
| WLAN_FC_FROMDS
))
830 switch (fc
& (WLAN_FC_TODS
| WLAN_FC_FROMDS
)) {
832 wpa_printf(MSG_EXCESSIVE
, "DATA %s%s%s IBSS DA=" MACSTR
" SA="
833 MACSTR
" BSSID=" MACSTR
,
834 data_stype(WLAN_FC_GET_STYPE(fc
)),
835 fc
& WLAN_FC_PWRMGT
? " PwrMgt" : "",
836 fc
& WLAN_FC_ISWEP
? " Prot" : "",
837 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
838 MAC2STR(hdr
->addr3
));
839 add_direct_link(wt
, hdr
->addr3
, hdr
->addr1
, hdr
->addr2
);
840 rx_data_bss(wt
, hdr
, hdrlen
, qos
, hdr
->addr1
, hdr
->addr2
,
841 data
+ hdrlen
, len
- hdrlen
);
844 wpa_printf(MSG_EXCESSIVE
, "DATA %s%s%s FromDS DA=" MACSTR
845 " BSSID=" MACSTR
" SA=" MACSTR
,
846 data_stype(WLAN_FC_GET_STYPE(fc
)),
847 fc
& WLAN_FC_PWRMGT
? " PwrMgt" : "",
848 fc
& WLAN_FC_ISWEP
? " Prot" : "",
849 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
850 MAC2STR(hdr
->addr3
));
851 add_ap_path(wt
, hdr
->addr2
, hdr
->addr1
, hdr
->addr3
);
852 rx_data_bss(wt
, hdr
, hdrlen
, qos
, hdr
->addr1
, hdr
->addr3
,
853 data
+ hdrlen
, len
- hdrlen
);
856 wpa_printf(MSG_EXCESSIVE
, "DATA %s%s%s ToDS BSSID=" MACSTR
857 " SA=" MACSTR
" DA=" MACSTR
,
858 data_stype(WLAN_FC_GET_STYPE(fc
)),
859 fc
& WLAN_FC_PWRMGT
? " PwrMgt" : "",
860 fc
& WLAN_FC_ISWEP
? " Prot" : "",
861 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
862 MAC2STR(hdr
->addr3
));
863 add_ap_path(wt
, hdr
->addr1
, hdr
->addr3
, hdr
->addr2
);
864 rx_data_bss(wt
, hdr
, hdrlen
, qos
, hdr
->addr3
, hdr
->addr2
,
865 data
+ hdrlen
, len
- hdrlen
);
867 case WLAN_FC_TODS
| WLAN_FC_FROMDS
:
868 wpa_printf(MSG_EXCESSIVE
, "DATA %s%s%s WDS RA=" MACSTR
" TA="
869 MACSTR
" DA=" MACSTR
" SA=" MACSTR
,
870 data_stype(WLAN_FC_GET_STYPE(fc
)),
871 fc
& WLAN_FC_PWRMGT
? " PwrMgt" : "",
872 fc
& WLAN_FC_ISWEP
? " Prot" : "",
873 MAC2STR(hdr
->addr1
), MAC2STR(hdr
->addr2
),
875 MAC2STR((const u8
*) (hdr
+ 1)));
876 rx_data_bss(wt
, hdr
, hdrlen
, qos
, hdr
->addr1
, hdr
->addr2
,
877 data
+ hdrlen
, len
- hdrlen
);