1/* 2 * WPA Supplicant - Client mode MLME 3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> 4 * Copyright (c) 2004, Instant802 Networks, Inc. 5 * Copyright (c) 2005-2006, Devicescape Software, Inc. 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License version 2 as 9 * published by the Free Software Foundation. 10 * 11 * Alternatively, this software may be distributed under the terms of BSD 12 * license. 13 * 14 * See README and COPYING for more details. 15 */ 16 17#include "includes.h" 18 19#include "common.h" 20#include "eloop.h" 21#include "config_ssid.h" 22#include "wpa_supplicant_i.h" 23#include "notify.h" 24#include "driver_i.h" 25#include "rsn_supp/wpa.h" 26#include "common/ieee802_11_defs.h" 27#include "common/ieee802_11_common.h" 28#include "mlme.h" 29 30 31/* Timeouts and intervals in milliseconds */ 32#define IEEE80211_AUTH_TIMEOUT (200) 33#define IEEE80211_AUTH_MAX_TRIES 3 34#define IEEE80211_ASSOC_TIMEOUT (200) 35#define IEEE80211_ASSOC_MAX_TRIES 3 36#define IEEE80211_MONITORING_INTERVAL (2000) 37#define IEEE80211_PROBE_INTERVAL (60000) 38#define IEEE80211_RETRY_AUTH_INTERVAL (1000) 39#define IEEE80211_SCAN_INTERVAL (2000) 40#define IEEE80211_SCAN_INTERVAL_SLOW (15000) 41#define IEEE80211_IBSS_JOIN_TIMEOUT (20000) 42 43#define IEEE80211_PROBE_DELAY (33) 44#define IEEE80211_CHANNEL_TIME (33) 45#define IEEE80211_PASSIVE_CHANNEL_TIME (200) 46#define IEEE80211_SCAN_RESULT_EXPIRE (10000) 47#define IEEE80211_IBSS_MERGE_INTERVAL (30000) 48#define IEEE80211_IBSS_INACTIVITY_LIMIT (60000) 49 50#define IEEE80211_IBSS_MAX_STA_ENTRIES 128 51 52 53#define IEEE80211_FC(type, stype) host_to_le16((type << 2) | (stype << 4)) 54 55 56struct ieee80211_sta_bss { 57 struct ieee80211_sta_bss *next; 58 struct ieee80211_sta_bss *hnext; 59 60 u8 bssid[ETH_ALEN]; 61 u8 ssid[MAX_SSID_LEN]; 62 size_t ssid_len; 63 u16 capability; /* host byte order */ 64 int hw_mode; 65 int channel; 66 int freq; 67 int rssi; 68 u8 *ie; 69 size_t ie_len; 70 u8 *wpa_ie; 71 size_t wpa_ie_len; 72 u8 *rsn_ie; 73 size_t rsn_ie_len; 74 u8 *wmm_ie; 75 size_t wmm_ie_len; 76 u8 *mdie; 77 size_t mdie_len; 78#define IEEE80211_MAX_SUPP_RATES 32 79 u8 supp_rates[IEEE80211_MAX_SUPP_RATES]; 80 size_t supp_rates_len; 81 int beacon_int; 82 u64 timestamp; 83 84 int probe_resp; 85 struct os_time last_update; 86}; 87 88 89static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s, 90 const u8 *dst, 91 const u8 *ssid, size_t ssid_len); 92static struct ieee80211_sta_bss * 93ieee80211_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid); 94static int ieee80211_sta_find_ibss(struct wpa_supplicant *wpa_s); 95static int ieee80211_sta_wep_configured(struct wpa_supplicant *wpa_s); 96static void ieee80211_sta_timer(void *eloop_ctx, void *timeout_ctx); 97static void ieee80211_sta_scan_timer(void *eloop_ctx, void *timeout_ctx); 98static void ieee80211_build_tspec(struct wpabuf *buf); 99static int ieee80211_sta_set_probe_req_ie(struct wpa_supplicant *wpa_s, 100 const u8 *ies, size_t ies_len); 101 102 103static int ieee80211_sta_set_channel(struct wpa_supplicant *wpa_s, 104 enum hostapd_hw_mode phymode, int chan, 105 int freq) 106{ 107 size_t i; 108 struct hostapd_hw_modes *mode; 109 110 for (i = 0; i < wpa_s->mlme.num_modes; i++) { 111 mode = &wpa_s->mlme.modes[i]; 112 if (mode->mode == phymode) { 113 wpa_s->mlme.curr_rates = mode->rates; 114 wpa_s->mlme.num_curr_rates = mode->num_rates; 115 break; 116 } 117 } 118 119 return wpa_drv_set_channel(wpa_s, phymode, chan, freq); 120} 121 122 123static int ecw2cw(int ecw) 124{ 125 int cw = 1; 126 while (ecw > 0) { 127 cw <<= 1; 128 ecw--; 129 } 130 return cw - 1; 131} 132 133 134static void ieee80211_sta_wmm_params(struct wpa_supplicant *wpa_s, 135 const u8 *wmm_param, size_t wmm_param_len) 136{ 137 size_t left; 138 int count; 139 const u8 *pos; 140 u8 wmm_acm; 141 142 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1) 143 return; 144 count = wmm_param[6] & 0x0f; 145 if (count == wpa_s->mlme.wmm_last_param_set) 146 return; 147 wpa_s->mlme.wmm_last_param_set = count; 148 149 pos = wmm_param + 8; 150 left = wmm_param_len - 8; 151 152 wmm_acm = 0; 153 for (; left >= 4; left -= 4, pos += 4) { 154 int aci = (pos[0] >> 5) & 0x03; 155 int acm = (pos[0] >> 4) & 0x01; 156 int aifs, cw_max, cw_min, burst_time; 157 158 switch (aci) { 159 case 1: /* AC_BK */ 160 if (acm) 161 wmm_acm |= BIT(1) | BIT(2); /* BK/- */ 162 break; 163 case 2: /* AC_VI */ 164 if (acm) 165 wmm_acm |= BIT(4) | BIT(5); /* CL/VI */ 166 break; 167 case 3: /* AC_VO */ 168 if (acm) 169 wmm_acm |= BIT(6) | BIT(7); /* VO/NC */ 170 break; 171 case 0: /* AC_BE */ 172 default: 173 if (acm) 174 wmm_acm |= BIT(0) | BIT(3); /* BE/EE */ 175 break; 176 } 177 178 aifs = pos[0] & 0x0f; 179 cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 180 cw_min = ecw2cw(pos[1] & 0x0f); 181 /* TXOP is in units of 32 usec; burst_time in 0.1 ms */ 182 burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100; 183 wpa_printf(MSG_DEBUG, "MLME: WMM aci=%d acm=%d aifs=%d " 184 "cWmin=%d cWmax=%d burst=%d", 185 aci, acm, aifs, cw_min, cw_max, burst_time); 186 /* TODO: driver configuration */ 187 } 188} 189 190 191static void ieee80211_set_associated(struct wpa_supplicant *wpa_s, int assoc) 192{ 193 if (wpa_s->mlme.associated == assoc && !assoc) 194 return; 195 196 wpa_s->mlme.associated = assoc; 197 198 if (assoc) { 199 union wpa_event_data data; 200 os_memset(&data, 0, sizeof(data)); 201 wpa_s->mlme.prev_bssid_set = 1; 202 os_memcpy(wpa_s->mlme.prev_bssid, wpa_s->bssid, ETH_ALEN); 203 data.assoc_info.req_ies = wpa_s->mlme.assocreq_ies; 204 data.assoc_info.req_ies_len = wpa_s->mlme.assocreq_ies_len; 205 data.assoc_info.resp_ies = wpa_s->mlme.assocresp_ies; 206 data.assoc_info.resp_ies_len = wpa_s->mlme.assocresp_ies_len; 207 data.assoc_info.freq = wpa_s->mlme.freq; 208 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 209 } else { 210 wpa_supplicant_event(wpa_s, EVENT_DISASSOC, NULL); 211 } 212 os_get_time(&wpa_s->mlme.last_probe); 213} 214 215 216static int ieee80211_sta_tx(struct wpa_supplicant *wpa_s, const u8 *buf, 217 size_t len) 218{ 219 return wpa_drv_send_mlme(wpa_s, buf, len); 220} 221 222 223static void ieee80211_send_auth(struct wpa_supplicant *wpa_s, 224 int transaction, const u8 *extra, 225 size_t extra_len, int encrypt) 226{ 227 u8 *buf; 228 size_t len; 229 struct ieee80211_mgmt *mgmt; 230 231 buf = os_malloc(sizeof(*mgmt) + 6 + extra_len); 232 if (buf == NULL) { 233 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for " 234 "auth frame"); 235 return; 236 } 237 238 mgmt = (struct ieee80211_mgmt *) buf; 239 len = 24 + 6; 240 os_memset(mgmt, 0, 24 + 6); 241 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 242 WLAN_FC_STYPE_AUTH); 243 if (encrypt) 244 mgmt->frame_control |= host_to_le16(WLAN_FC_ISWEP); 245 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN); 246 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN); 247 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN); 248 mgmt->u.auth.auth_alg = host_to_le16(wpa_s->mlme.auth_alg); 249 mgmt->u.auth.auth_transaction = host_to_le16(transaction); 250 wpa_s->mlme.auth_transaction = transaction + 1; 251 mgmt->u.auth.status_code = host_to_le16(0); 252 if (extra) { 253 os_memcpy(buf + len, extra, extra_len); 254 len += extra_len; 255 } 256 257 ieee80211_sta_tx(wpa_s, buf, len); 258 os_free(buf); 259} 260 261 262static void ieee80211_reschedule_timer(struct wpa_supplicant *wpa_s, int ms) 263{ 264 eloop_cancel_timeout(ieee80211_sta_timer, wpa_s, NULL); 265 eloop_register_timeout(ms / 1000, 1000 * (ms % 1000), 266 ieee80211_sta_timer, wpa_s, NULL); 267} 268 269 270static void ieee80211_authenticate(struct wpa_supplicant *wpa_s) 271{ 272 u8 *extra; 273 size_t extra_len; 274 275 wpa_s->mlme.auth_tries++; 276 if (wpa_s->mlme.auth_tries > IEEE80211_AUTH_MAX_TRIES) { 277 wpa_printf(MSG_DEBUG, "MLME: authentication with AP " MACSTR 278 " timed out", MAC2STR(wpa_s->bssid)); 279 return; 280 } 281 282 wpa_s->mlme.state = IEEE80211_AUTHENTICATE; 283 wpa_printf(MSG_DEBUG, "MLME: authenticate with AP " MACSTR, 284 MAC2STR(wpa_s->bssid)); 285 286 extra = NULL; 287 extra_len = 0; 288 289#ifdef CONFIG_IEEE80211R 290 if ((wpa_s->mlme.key_mgmt == KEY_MGMT_FT_802_1X || 291 wpa_s->mlme.key_mgmt == KEY_MGMT_FT_PSK) && 292 wpa_s->mlme.ft_ies) { 293 struct ieee80211_sta_bss *bss; 294 struct rsn_mdie *mdie = NULL; 295 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid); 296 if (bss && bss->mdie_len >= 2 + sizeof(*mdie)) 297 mdie = (struct rsn_mdie *) (bss->mdie + 2); 298 if (mdie && 299 os_memcmp(mdie->mobility_domain, wpa_s->mlme.current_md, 300 MOBILITY_DOMAIN_ID_LEN) == 0) { 301 wpa_printf(MSG_DEBUG, "MLME: Trying to use FT " 302 "over-the-air"); 303 wpa_s->mlme.auth_alg = WLAN_AUTH_FT; 304 extra = wpa_s->mlme.ft_ies; 305 extra_len = wpa_s->mlme.ft_ies_len; 306 } 307 } 308#endif /* CONFIG_IEEE80211R */ 309 310 ieee80211_send_auth(wpa_s, 1, extra, extra_len, 0); 311 312 ieee80211_reschedule_timer(wpa_s, IEEE80211_AUTH_TIMEOUT); 313} 314 315 316static void ieee80211_send_assoc(struct wpa_supplicant *wpa_s) 317{ 318 struct ieee80211_mgmt *mgmt; 319 u8 *pos, *ies, *buf; 320 int i, len; 321 u16 capab; 322 struct ieee80211_sta_bss *bss; 323 int wmm = 0; 324 size_t blen, buflen; 325 326 if (wpa_s->mlme.curr_rates == NULL) { 327 wpa_printf(MSG_DEBUG, "MLME: curr_rates not set for assoc"); 328 return; 329 } 330 331 buflen = sizeof(*mgmt) + 200 + wpa_s->mlme.extra_ie_len + 332 wpa_s->mlme.ssid_len; 333#ifdef CONFIG_IEEE80211R 334 if (wpa_s->mlme.ft_ies) 335 buflen += wpa_s->mlme.ft_ies_len; 336#endif /* CONFIG_IEEE80211R */ 337 buf = os_malloc(buflen); 338 if (buf == NULL) { 339 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for " 340 "assoc frame"); 341 return; 342 } 343 blen = 0; 344 345 capab = wpa_s->mlme.capab; 346 if (wpa_s->mlme.phymode == HOSTAPD_MODE_IEEE80211G) { 347 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME | 348 WLAN_CAPABILITY_SHORT_PREAMBLE; 349 } 350 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid); 351 if (bss) { 352 if (bss->capability & WLAN_CAPABILITY_PRIVACY) 353 capab |= WLAN_CAPABILITY_PRIVACY; 354 if (bss->wmm_ie) { 355 wmm = 1; 356 } 357 } 358 359 mgmt = (struct ieee80211_mgmt *) buf; 360 blen += 24; 361 os_memset(mgmt, 0, 24); 362 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN); 363 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN); 364 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN); 365 366 if (wpa_s->mlme.prev_bssid_set) { 367 blen += 10; 368 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 369 WLAN_FC_STYPE_REASSOC_REQ); 370 mgmt->u.reassoc_req.capab_info = host_to_le16(capab); 371 mgmt->u.reassoc_req.listen_interval = host_to_le16(1); 372 os_memcpy(mgmt->u.reassoc_req.current_ap, 373 wpa_s->mlme.prev_bssid, 374 ETH_ALEN); 375 } else { 376 blen += 4; 377 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 378 WLAN_FC_STYPE_ASSOC_REQ); 379 mgmt->u.assoc_req.capab_info = host_to_le16(capab); 380 mgmt->u.assoc_req.listen_interval = host_to_le16(1); 381 } 382 383 /* SSID */ 384 ies = pos = buf + blen; 385 blen += 2 + wpa_s->mlme.ssid_len; 386 *pos++ = WLAN_EID_SSID; 387 *pos++ = wpa_s->mlme.ssid_len; 388 os_memcpy(pos, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len); 389 390 len = wpa_s->mlme.num_curr_rates; 391 if (len > 8) 392 len = 8; 393 pos = buf + blen; 394 blen += len + 2; 395 *pos++ = WLAN_EID_SUPP_RATES; 396 *pos++ = len; 397 for (i = 0; i < len; i++) 398 *pos++ = (u8) (wpa_s->mlme.curr_rates[i] / 5); 399 400 if (wpa_s->mlme.num_curr_rates > len) { 401 pos = buf + blen; 402 blen += wpa_s->mlme.num_curr_rates - len + 2; 403 *pos++ = WLAN_EID_EXT_SUPP_RATES; 404 *pos++ = wpa_s->mlme.num_curr_rates - len; 405 for (i = len; i < wpa_s->mlme.num_curr_rates; i++) 406 *pos++ = (u8) (wpa_s->mlme.curr_rates[i] / 5); 407 } 408 409 if (wpa_s->mlme.extra_ie && wpa_s->mlme.auth_alg != WLAN_AUTH_FT) { 410 pos = buf + blen; 411 blen += wpa_s->mlme.extra_ie_len; 412 os_memcpy(pos, wpa_s->mlme.extra_ie, wpa_s->mlme.extra_ie_len); 413 } 414 415#ifdef CONFIG_IEEE80211R 416 if ((wpa_s->mlme.key_mgmt == KEY_MGMT_FT_802_1X || 417 wpa_s->mlme.key_mgmt == KEY_MGMT_FT_PSK) && 418 wpa_s->mlme.auth_alg != WLAN_AUTH_FT && 419 bss && bss->mdie && 420 bss->mdie_len >= 2 + sizeof(struct rsn_mdie) && 421 bss->mdie[1] >= sizeof(struct rsn_mdie)) { 422 pos = buf + blen; 423 blen += 2 + sizeof(struct rsn_mdie); 424 *pos++ = WLAN_EID_MOBILITY_DOMAIN; 425 *pos++ = sizeof(struct rsn_mdie); 426 os_memcpy(pos, bss->mdie + 2, MOBILITY_DOMAIN_ID_LEN); 427 pos += MOBILITY_DOMAIN_ID_LEN; 428 *pos++ = 0; /* FIX: copy from the target AP's MDIE */ 429 } 430 431 if ((wpa_s->mlme.key_mgmt == KEY_MGMT_FT_802_1X || 432 wpa_s->mlme.key_mgmt == KEY_MGMT_FT_PSK) && 433 wpa_s->mlme.auth_alg == WLAN_AUTH_FT && wpa_s->mlme.ft_ies) { 434 pos = buf + blen; 435 os_memcpy(pos, wpa_s->mlme.ft_ies, wpa_s->mlme.ft_ies_len); 436 pos += wpa_s->mlme.ft_ies_len; 437 blen += wpa_s->mlme.ft_ies_len; 438 } 439#endif /* CONFIG_IEEE80211R */ 440 441 if (wmm && wpa_s->mlme.wmm_enabled) { 442 pos = buf + blen; 443 blen += 9; 444 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 445 *pos++ = 7; /* len */ 446 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 447 *pos++ = 0x50; 448 *pos++ = 0xf2; 449 *pos++ = 2; /* WMM */ 450 *pos++ = 0; /* WMM info */ 451 *pos++ = 1; /* WMM ver */ 452 *pos++ = 0; 453 } 454 455 os_free(wpa_s->mlme.assocreq_ies); 456 wpa_s->mlme.assocreq_ies_len = (buf + blen) - ies; 457 wpa_s->mlme.assocreq_ies = os_malloc(wpa_s->mlme.assocreq_ies_len); 458 if (wpa_s->mlme.assocreq_ies) { 459 os_memcpy(wpa_s->mlme.assocreq_ies, ies, 460 wpa_s->mlme.assocreq_ies_len); 461 } 462 463 ieee80211_sta_tx(wpa_s, buf, blen); 464 os_free(buf); 465} 466 467 468static void ieee80211_send_deauth(struct wpa_supplicant *wpa_s, u16 reason) 469{ 470 u8 *buf; 471 size_t len; 472 struct ieee80211_mgmt *mgmt; 473 474 buf = os_zalloc(sizeof(*mgmt)); 475 if (buf == NULL) { 476 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for " 477 "deauth frame"); 478 return; 479 } 480 481 mgmt = (struct ieee80211_mgmt *) buf; 482 len = 24; 483 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN); 484 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN); 485 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN); 486 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 487 WLAN_FC_STYPE_DEAUTH); 488 len += 2; 489 mgmt->u.deauth.reason_code = host_to_le16(reason); 490 491 ieee80211_sta_tx(wpa_s, buf, len); 492 os_free(buf); 493} 494 495 496static void ieee80211_send_disassoc(struct wpa_supplicant *wpa_s, u16 reason) 497{ 498 u8 *buf; 499 size_t len; 500 struct ieee80211_mgmt *mgmt; 501 502 buf = os_zalloc(sizeof(*mgmt)); 503 if (buf == NULL) { 504 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for " 505 "disassoc frame"); 506 return; 507 } 508 509 mgmt = (struct ieee80211_mgmt *) buf; 510 len = 24; 511 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN); 512 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN); 513 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN); 514 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 515 WLAN_FC_STYPE_DISASSOC); 516 len += 2; 517 mgmt->u.disassoc.reason_code = host_to_le16(reason); 518 519 ieee80211_sta_tx(wpa_s, buf, len); 520 os_free(buf); 521} 522 523 524static int ieee80211_privacy_mismatch(struct wpa_supplicant *wpa_s) 525{ 526 struct ieee80211_sta_bss *bss; 527 int res = 0; 528 529 if (wpa_s->mlme.mixed_cell || 530 wpa_s->mlme.key_mgmt != KEY_MGMT_NONE) 531 return 0; 532 533 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid); 534 if (bss == NULL) 535 return 0; 536 537 if (ieee80211_sta_wep_configured(wpa_s) != 538 !!(bss->capability & WLAN_CAPABILITY_PRIVACY)) 539 res = 1; 540 541 return res; 542} 543 544 545static void ieee80211_associate(struct wpa_supplicant *wpa_s) 546{ 547 wpa_s->mlme.assoc_tries++; 548 if (wpa_s->mlme.assoc_tries > IEEE80211_ASSOC_MAX_TRIES) { 549 wpa_printf(MSG_DEBUG, "MLME: association with AP " MACSTR 550 " timed out", MAC2STR(wpa_s->bssid)); 551 return; 552 } 553 554 wpa_s->mlme.state = IEEE80211_ASSOCIATE; 555 wpa_printf(MSG_DEBUG, "MLME: associate with AP " MACSTR, 556 MAC2STR(wpa_s->bssid)); 557 if (ieee80211_privacy_mismatch(wpa_s)) { 558 wpa_printf(MSG_DEBUG, "MLME: mismatch in privacy " 559 "configuration and mixed-cell disabled - abort " 560 "association"); 561 return; 562 } 563 564 ieee80211_send_assoc(wpa_s); 565 566 ieee80211_reschedule_timer(wpa_s, IEEE80211_ASSOC_TIMEOUT); 567} 568 569 570static void ieee80211_associated(struct wpa_supplicant *wpa_s) 571{ 572 int disassoc; 573 574 /* TODO: start monitoring current AP signal quality and number of 575 * missed beacons. Scan other channels every now and then and search 576 * for better APs. */ 577 /* TODO: remove expired BSSes */ 578 579 wpa_s->mlme.state = IEEE80211_ASSOCIATED; 580 581#if 0 /* FIX */ 582 sta = sta_info_get(local, wpa_s->bssid); 583 if (sta == NULL) { 584 wpa_printf(MSG_DEBUG "MLME: No STA entry for own AP " MACSTR, 585 MAC2STR(wpa_s->bssid)); 586 disassoc = 1; 587 } else { 588 disassoc = 0; 589 if (time_after(jiffies, 590 sta->last_rx + IEEE80211_MONITORING_INTERVAL)) { 591 if (wpa_s->mlme.probereq_poll) { 592 wpa_printf(MSG_DEBUG "MLME: No ProbeResp from " 593 "current AP " MACSTR " - assume " 594 "out of range", 595 MAC2STR(wpa_s->bssid)); 596 disassoc = 1; 597 } else { 598 ieee80211_send_probe_req( 599 wpa_s->bssid, 600 wpa_s->mlme.scan_ssid, 601 wpa_s->mlme.scan_ssid_len); 602 wpa_s->mlme.probereq_poll = 1; 603 } 604 } else { 605 wpa_s->mlme.probereq_poll = 0; 606 if (time_after(jiffies, wpa_s->mlme.last_probe + 607 IEEE80211_PROBE_INTERVAL)) { 608 wpa_s->mlme.last_probe = jiffies; 609 ieee80211_send_probe_req(wpa_s->bssid, 610 wpa_s->mlme.ssid, 611 wpa_s->mlme.ssid_len); 612 } 613 } 614 sta_info_release(local, sta); 615 } 616#else 617 disassoc = 0; 618#endif 619 if (disassoc) { 620 wpa_supplicant_event(wpa_s, EVENT_DISASSOC, NULL); 621 ieee80211_reschedule_timer(wpa_s, 622 IEEE80211_MONITORING_INTERVAL + 623 30000); 624 } else { 625 ieee80211_reschedule_timer(wpa_s, 626 IEEE80211_MONITORING_INTERVAL); 627 } 628} 629 630 631static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s, 632 const u8 *dst, 633 const u8 *ssid, size_t ssid_len) 634{ 635 u8 *buf; 636 size_t len; 637 struct ieee80211_mgmt *mgmt; 638 u8 *pos, *supp_rates; 639 u8 *esupp_rates = NULL; 640 int i; 641 642 buf = os_malloc(sizeof(*mgmt) + 200 + wpa_s->mlme.extra_probe_ie_len); 643 if (buf == NULL) { 644 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for " 645 "probe request"); 646 return; 647 } 648 649 mgmt = (struct ieee80211_mgmt *) buf; 650 len = 24; 651 os_memset(mgmt, 0, 24); 652 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 653 WLAN_FC_STYPE_PROBE_REQ); 654 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN); 655 if (dst) { 656 os_memcpy(mgmt->da, dst, ETH_ALEN); 657 os_memcpy(mgmt->bssid, dst, ETH_ALEN); 658 } else { 659 os_memset(mgmt->da, 0xff, ETH_ALEN); 660 os_memset(mgmt->bssid, 0xff, ETH_ALEN); 661 } 662 pos = buf + len; 663 len += 2 + ssid_len; 664 *pos++ = WLAN_EID_SSID; 665 *pos++ = ssid_len; 666 os_memcpy(pos, ssid, ssid_len); 667 668 supp_rates = buf + len; 669 len += 2; 670 supp_rates[0] = WLAN_EID_SUPP_RATES; 671 supp_rates[1] = 0; 672 for (i = 0; i < wpa_s->mlme.num_curr_rates; i++) { 673 if (esupp_rates) { 674 pos = buf + len; 675 len++; 676 esupp_rates[1]++; 677 } else if (supp_rates[1] == 8) { 678 esupp_rates = pos; 679 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES; 680 esupp_rates[1] = 1; 681 pos = &esupp_rates[2]; 682 len += 3; 683 } else { 684 pos = buf + len; 685 len++; 686 supp_rates[1]++; 687 } 688 *pos++ = wpa_s->mlme.curr_rates[i] / 5; 689 } 690 691 if (wpa_s->mlme.extra_probe_ie) { 692 os_memcpy(pos, wpa_s->mlme.extra_probe_ie, 693 wpa_s->mlme.extra_probe_ie_len); 694 len += wpa_s->mlme.extra_probe_ie_len; 695 } 696 697 ieee80211_sta_tx(wpa_s, buf, len); 698 os_free(buf); 699} 700 701 702static int ieee80211_sta_wep_configured(struct wpa_supplicant *wpa_s) 703{ 704#if 0 /* FIX */ 705 if (sdata == NULL || sdata->default_key == NULL || 706 sdata->default_key->alg != ALG_WEP) 707 return 0; 708 return 1; 709#else 710 return 0; 711#endif 712} 713 714 715static void ieee80211_auth_completed(struct wpa_supplicant *wpa_s) 716{ 717 wpa_printf(MSG_DEBUG, "MLME: authenticated"); 718 wpa_s->mlme.authenticated = 1; 719 ieee80211_associate(wpa_s); 720} 721 722 723static void ieee80211_auth_challenge(struct wpa_supplicant *wpa_s, 724 struct ieee80211_mgmt *mgmt, 725 size_t len, 726 struct ieee80211_rx_status *rx_status) 727{ 728 u8 *pos; 729 struct ieee802_11_elems elems; 730 731 wpa_printf(MSG_DEBUG, "MLME: replying to auth challenge"); 732 pos = mgmt->u.auth.variable; 733 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems, 0) 734 == ParseFailed) { 735 wpa_printf(MSG_DEBUG, "MLME: failed to parse Auth(challenge)"); 736 return; 737 } 738 if (elems.challenge == NULL) { 739 wpa_printf(MSG_DEBUG, "MLME: no challenge IE in shared key " 740 "auth frame"); 741 return; 742 } 743 ieee80211_send_auth(wpa_s, 3, elems.challenge - 2, 744 elems.challenge_len + 2, 1); 745} 746 747 748static void ieee80211_rx_mgmt_auth(struct wpa_supplicant *wpa_s, 749 struct ieee80211_mgmt *mgmt, 750 size_t len, 751 struct ieee80211_rx_status *rx_status) 752{ 753 struct wpa_ssid *ssid = wpa_s->current_ssid; 754 u16 auth_alg, auth_transaction, status_code; 755 int adhoc; 756 757 adhoc = ssid && ssid->mode == WPAS_MODE_IBSS; 758 759 if (wpa_s->mlme.state != IEEE80211_AUTHENTICATE && !adhoc) { 760 wpa_printf(MSG_DEBUG, "MLME: authentication frame received " 761 "from " MACSTR ", but not in authenticate state - " 762 "ignored", MAC2STR(mgmt->sa)); 763 return; 764 } 765 766 if (len < 24 + 6) { 767 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) authentication " 768 "frame received from " MACSTR " - ignored", 769 (unsigned long) len, MAC2STR(mgmt->sa)); 770 return; 771 } 772 773 if (!adhoc && os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) { 774 wpa_printf(MSG_DEBUG, "MLME: authentication frame received " 775 "from unknown AP (SA=" MACSTR " BSSID=" MACSTR 776 ") - ignored", 777 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid)); 778 return; 779 } 780 781 if (adhoc && os_memcmp(wpa_s->bssid, mgmt->bssid, ETH_ALEN) != 0) { 782 wpa_printf(MSG_DEBUG, "MLME: authentication frame received " 783 "from unknown BSSID (SA=" MACSTR " BSSID=" MACSTR 784 ") - ignored", 785 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid)); 786 return; 787 } 788 789 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 790 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 791 status_code = le_to_host16(mgmt->u.auth.status_code); 792 793 wpa_printf(MSG_DEBUG, "MLME: RX authentication from " MACSTR 794 " (alg=%d transaction=%d status=%d)", 795 MAC2STR(mgmt->sa), auth_alg, auth_transaction, status_code); 796 797 if (adhoc) { 798 /* IEEE 802.11 standard does not require authentication in IBSS 799 * networks and most implementations do not seem to use it. 800 * However, try to reply to authentication attempts if someone 801 * has actually implemented this. 802 * TODO: Could implement shared key authentication. */ 803 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) { 804 wpa_printf(MSG_DEBUG, "MLME: unexpected IBSS " 805 "authentication frame (alg=%d " 806 "transaction=%d)", 807 auth_alg, auth_transaction); 808 return; 809 } 810 ieee80211_send_auth(wpa_s, 2, NULL, 0, 0); 811 } 812 813 if (auth_alg != wpa_s->mlme.auth_alg || 814 auth_transaction != wpa_s->mlme.auth_transaction) { 815 wpa_printf(MSG_DEBUG, "MLME: unexpected authentication frame " 816 "(alg=%d transaction=%d)", 817 auth_alg, auth_transaction); 818 return; 819 } 820 821 if (status_code != WLAN_STATUS_SUCCESS) { 822 wpa_printf(MSG_DEBUG, "MLME: AP denied authentication " 823 "(auth_alg=%d code=%d)", wpa_s->mlme.auth_alg, 824 status_code); 825 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) { 826 const int num_algs = 3; 827 u8 algs[num_algs]; 828 int i, pos; 829 algs[0] = algs[1] = algs[2] = 0xff; 830 if (wpa_s->mlme.auth_algs & WPA_AUTH_ALG_OPEN) 831 algs[0] = WLAN_AUTH_OPEN; 832 if (wpa_s->mlme.auth_algs & WPA_AUTH_ALG_SHARED) 833 algs[1] = WLAN_AUTH_SHARED_KEY; 834 if (wpa_s->mlme.auth_algs & WPA_AUTH_ALG_LEAP) 835 algs[2] = WLAN_AUTH_LEAP; 836 if (wpa_s->mlme.auth_alg == WLAN_AUTH_OPEN) 837 pos = 0; 838 else if (wpa_s->mlme.auth_alg == WLAN_AUTH_SHARED_KEY) 839 pos = 1; 840 else 841 pos = 2; 842 for (i = 0; i < num_algs; i++) { 843 pos++; 844 if (pos >= num_algs) 845 pos = 0; 846 if (algs[pos] == wpa_s->mlme.auth_alg || 847 algs[pos] == 0xff) 848 continue; 849 if (algs[pos] == WLAN_AUTH_SHARED_KEY && 850 !ieee80211_sta_wep_configured(wpa_s)) 851 continue; 852 wpa_s->mlme.auth_alg = algs[pos]; 853 wpa_printf(MSG_DEBUG, "MLME: set auth_alg=%d " 854 "for next try", 855 wpa_s->mlme.auth_alg); 856 break; 857 } 858 } 859 return; 860 } 861 862 switch (wpa_s->mlme.auth_alg) { 863 case WLAN_AUTH_OPEN: 864 case WLAN_AUTH_LEAP: 865 ieee80211_auth_completed(wpa_s); 866 break; 867 case WLAN_AUTH_SHARED_KEY: 868 if (wpa_s->mlme.auth_transaction == 4) 869 ieee80211_auth_completed(wpa_s); 870 else 871 ieee80211_auth_challenge(wpa_s, mgmt, len, 872 rx_status); 873 break; 874#ifdef CONFIG_IEEE80211R 875 case WLAN_AUTH_FT: 876 { 877 union wpa_event_data data; 878 struct wpabuf *ric = NULL; 879 os_memset(&data, 0, sizeof(data)); 880 data.ft_ies.ies = mgmt->u.auth.variable; 881 data.ft_ies.ies_len = len - 882 (mgmt->u.auth.variable - (u8 *) mgmt); 883 os_memcpy(data.ft_ies.target_ap, wpa_s->bssid, ETH_ALEN); 884 if (os_strcmp(wpa_s->driver->name, "test") == 0 && 885 wpa_s->mlme.wmm_enabled) { 886 ric = wpabuf_alloc(200); 887 if (ric) { 888 /* Build simple RIC-Request: RDIE | TSPEC */ 889 890 /* RIC Data (RDIE) */ 891 wpabuf_put_u8(ric, WLAN_EID_RIC_DATA); 892 wpabuf_put_u8(ric, 4); 893 wpabuf_put_u8(ric, 0); /* RDIE Identifier */ 894 wpabuf_put_u8(ric, 1); /* Resource Descriptor 895 * Count */ 896 wpabuf_put_le16(ric, 0); /* Status Code */ 897 898 /* WMM TSPEC */ 899 ieee80211_build_tspec(ric); 900 901 data.ft_ies.ric_ies = wpabuf_head(ric); 902 data.ft_ies.ric_ies_len = wpabuf_len(ric); 903 } 904 } 905 906 wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &data); 907 wpabuf_free(ric); 908 ieee80211_auth_completed(wpa_s); 909 break; 910 } 911#endif /* CONFIG_IEEE80211R */ 912 } 913} 914 915 916static void ieee80211_rx_mgmt_deauth(struct wpa_supplicant *wpa_s, 917 struct ieee80211_mgmt *mgmt, 918 size_t len, 919 struct ieee80211_rx_status *rx_status) 920{ 921 u16 reason_code; 922 923 if (len < 24 + 2) { 924 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) deauthentication " 925 "frame received from " MACSTR " - ignored", 926 (unsigned long) len, MAC2STR(mgmt->sa)); 927 return; 928 } 929 930 if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) { 931 wpa_printf(MSG_DEBUG, "MLME: deauthentication frame received " 932 "from unknown AP (SA=" MACSTR " BSSID=" MACSTR 933 ") - ignored", 934 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid)); 935 return; 936 } 937 938 reason_code = le_to_host16(mgmt->u.deauth.reason_code); 939 940 wpa_printf(MSG_DEBUG, "MLME: RX deauthentication from " MACSTR 941 " (reason=%d)", MAC2STR(mgmt->sa), reason_code); 942 943 if (wpa_s->mlme.authenticated) 944 wpa_printf(MSG_DEBUG, "MLME: deauthenticated"); 945 946 if (wpa_s->mlme.state == IEEE80211_AUTHENTICATE || 947 wpa_s->mlme.state == IEEE80211_ASSOCIATE || 948 wpa_s->mlme.state == IEEE80211_ASSOCIATED) { 949 wpa_s->mlme.state = IEEE80211_AUTHENTICATE; 950 ieee80211_reschedule_timer(wpa_s, 951 IEEE80211_RETRY_AUTH_INTERVAL); 952 } 953 954 ieee80211_set_associated(wpa_s, 0); 955 wpa_s->mlme.authenticated = 0; 956} 957 958 959static void ieee80211_rx_mgmt_disassoc(struct wpa_supplicant *wpa_s, 960 struct ieee80211_mgmt *mgmt, 961 size_t len, 962 struct ieee80211_rx_status *rx_status) 963{ 964 u16 reason_code; 965 966 if (len < 24 + 2) { 967 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) disassociation " 968 "frame received from " MACSTR " - ignored", 969 (unsigned long) len, MAC2STR(mgmt->sa)); 970 return; 971 } 972 973 if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) { 974 wpa_printf(MSG_DEBUG, "MLME: disassociation frame received " 975 "from unknown AP (SA=" MACSTR " BSSID=" MACSTR 976 ") - ignored", 977 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid)); 978 return; 979 } 980 981 reason_code = le_to_host16(mgmt->u.disassoc.reason_code); 982 983 wpa_printf(MSG_DEBUG, "MLME: RX disassociation from " MACSTR 984 " (reason=%d)", MAC2STR(mgmt->sa), reason_code); 985 986 if (wpa_s->mlme.associated) 987 wpa_printf(MSG_DEBUG, "MLME: disassociated"); 988 989 if (wpa_s->mlme.state == IEEE80211_ASSOCIATED) { 990 wpa_s->mlme.state = IEEE80211_ASSOCIATE; 991 ieee80211_reschedule_timer(wpa_s, 992 IEEE80211_RETRY_AUTH_INTERVAL); 993 } 994 995 ieee80211_set_associated(wpa_s, 0); 996} 997 998 999static void ieee80211_build_tspec(struct wpabuf *buf) 1000{ 1001 struct wmm_tspec_element *tspec; 1002 int tid, up; 1003 1004 tspec = wpabuf_put(buf, sizeof(*tspec)); 1005 tspec->eid = WLAN_EID_VENDOR_SPECIFIC; 1006 tspec->length = sizeof(*tspec) - 2; 1007 tspec->oui[0] = 0x00; 1008 tspec->oui[1] = 0x50; 1009 tspec->oui[2] = 0xf2; 1010 tspec->oui_type = 2; 1011 tspec->oui_subtype = 2; 1012 tspec->version = 1; 1013 1014 tid = 1; 1015 up = 6; /* Voice */ 1016 tspec->ts_info[0] = (tid << 1) | 1017 (WMM_TSPEC_DIRECTION_BI_DIRECTIONAL << 5) | 1018 BIT(7); 1019 tspec->ts_info[1] = up << 3; 1020 tspec->nominal_msdu_size = host_to_le16(1530); 1021 tspec->mean_data_rate = host_to_le32(128000); /* bits per second */ 1022 tspec->minimum_phy_rate = host_to_le32(6000000); 1023 tspec->surplus_bandwidth_allowance = host_to_le16(0x3000); /* 150% */ 1024} 1025 1026 1027static void ieee80211_tx_addts(struct wpa_supplicant *wpa_s) 1028{ 1029 struct wpabuf *buf; 1030 struct ieee80211_mgmt *mgmt; 1031 size_t alen; 1032 1033 wpa_printf(MSG_DEBUG, "MLME: Send ADDTS Request for Voice TSPEC"); 1034 mgmt = NULL; 1035 alen = mgmt->u.action.u.wmm_action.variable - (u8 *) mgmt; 1036 1037 buf = wpabuf_alloc(alen + sizeof(struct wmm_tspec_element)); 1038 if (buf == NULL) 1039 return; 1040 1041 mgmt = wpabuf_put(buf, alen); 1042 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN); 1043 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN); 1044 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN); 1045 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1046 WLAN_FC_STYPE_ACTION); 1047 mgmt->u.action.category = WLAN_ACTION_WMM; 1048 mgmt->u.action.u.wmm_action.action_code = WMM_ACTION_CODE_ADDTS_REQ; 1049 mgmt->u.action.u.wmm_action.dialog_token = 1; 1050 mgmt->u.action.u.wmm_action.status_code = 0; 1051 1052 ieee80211_build_tspec(buf); 1053 1054 ieee80211_sta_tx(wpa_s, wpabuf_head(buf), wpabuf_len(buf)); 1055 wpabuf_free(buf); 1056} 1057 1058 1059static void ieee80211_rx_mgmt_assoc_resp(struct wpa_supplicant *wpa_s, 1060 struct ieee80211_mgmt *mgmt, 1061 size_t len, 1062 struct ieee80211_rx_status *rx_status, 1063 int reassoc) 1064{ 1065 u8 rates[32]; 1066 size_t rates_len; 1067 u16 capab_info, status_code, aid; 1068 struct ieee802_11_elems elems; 1069 u8 *pos; 1070 1071 /* AssocResp and ReassocResp have identical structure, so process both 1072 * of them in this function. */ 1073 1074 if (wpa_s->mlme.state != IEEE80211_ASSOCIATE) { 1075 wpa_printf(MSG_DEBUG, "MLME: association frame received from " 1076 MACSTR ", but not in associate state - ignored", 1077 MAC2STR(mgmt->sa)); 1078 return; 1079 } 1080 1081 if (len < 24 + 6) { 1082 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) association " 1083 "frame received from " MACSTR " - ignored", 1084 (unsigned long) len, MAC2STR(mgmt->sa)); 1085 return; 1086 } 1087 1088 if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) { 1089 wpa_printf(MSG_DEBUG, "MLME: association frame received from " 1090 "unknown AP (SA=" MACSTR " BSSID=" MACSTR ") - " 1091 "ignored", MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid)); 1092 return; 1093 } 1094 1095 capab_info = le_to_host16(mgmt->u.assoc_resp.capab_info); 1096 status_code = le_to_host16(mgmt->u.assoc_resp.status_code); 1097 aid = le_to_host16(mgmt->u.assoc_resp.aid); 1098 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14))) 1099 wpa_printf(MSG_DEBUG, "MLME: invalid aid value %d; bits 15:14 " 1100 "not set", aid); 1101 aid &= ~(BIT(15) | BIT(14)); 1102 1103 wpa_printf(MSG_DEBUG, "MLME: RX %sssocResp from " MACSTR 1104 " (capab=0x%x status=%d aid=%d)", 1105 reassoc ? "Rea" : "A", MAC2STR(mgmt->sa), 1106 capab_info, status_code, aid); 1107 1108 pos = mgmt->u.assoc_resp.variable; 1109 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems, 0) 1110 == ParseFailed) { 1111 wpa_printf(MSG_DEBUG, "MLME: failed to parse AssocResp"); 1112 return; 1113 } 1114 1115 if (status_code != WLAN_STATUS_SUCCESS) { 1116 wpa_printf(MSG_DEBUG, "MLME: AP denied association (code=%d)", 1117 status_code); 1118#ifdef CONFIG_IEEE80211W 1119 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 1120 elems.timeout_int && elems.timeout_int_len == 5 && 1121 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 1122 u32 tu, ms; 1123 tu = WPA_GET_LE32(elems.timeout_int + 1); 1124 ms = tu * 1024 / 1000; 1125 wpa_printf(MSG_DEBUG, "MLME: AP rejected association " 1126 "temporarily; comeback duration %u TU " 1127 "(%u ms)", tu, ms); 1128 if (ms > IEEE80211_ASSOC_TIMEOUT) { 1129 wpa_printf(MSG_DEBUG, "MLME: Update timer " 1130 "based on comeback duration"); 1131 ieee80211_reschedule_timer(wpa_s, ms); 1132 } 1133 } 1134#endif /* CONFIG_IEEE80211W */ 1135 return; 1136 } 1137 1138 if (elems.supp_rates == NULL) { 1139 wpa_printf(MSG_DEBUG, "MLME: no SuppRates element in " 1140 "AssocResp"); 1141 return; 1142 } 1143 1144 if (wpa_s->mlme.auth_alg == WLAN_AUTH_FT) { 1145 if (!reassoc) { 1146 wpa_printf(MSG_DEBUG, "MLME: AP tried to use " 1147 "association, not reassociation, response " 1148 "with FT"); 1149 return; 1150 } 1151 if (wpa_ft_validate_reassoc_resp( 1152 wpa_s->wpa, pos, len - (pos - (u8 *) mgmt), 1153 mgmt->sa) < 0) { 1154 wpa_printf(MSG_DEBUG, "MLME: FT validation of Reassoc" 1155 "Resp failed"); 1156 return; 1157 } 1158 } else if (wpa_sm_set_ft_params(wpa_s->wpa, pos, 1159 len - (pos - (u8 *) mgmt)) < 0) 1160 return; 1161 1162 wpa_printf(MSG_DEBUG, "MLME: associated"); 1163 wpa_s->mlme.aid = aid; 1164 wpa_s->mlme.ap_capab = capab_info; 1165 1166 os_free(wpa_s->mlme.assocresp_ies); 1167 wpa_s->mlme.assocresp_ies_len = len - (pos - (u8 *) mgmt); 1168 wpa_s->mlme.assocresp_ies = os_malloc(wpa_s->mlme.assocresp_ies_len); 1169 if (wpa_s->mlme.assocresp_ies) { 1170 os_memcpy(wpa_s->mlme.assocresp_ies, pos, 1171 wpa_s->mlme.assocresp_ies_len); 1172 } 1173 1174 ieee80211_set_associated(wpa_s, 1); 1175 1176 rates_len = elems.supp_rates_len; 1177 if (rates_len > sizeof(rates)) 1178 rates_len = sizeof(rates); 1179 os_memcpy(rates, elems.supp_rates, rates_len); 1180 if (elems.ext_supp_rates) { 1181 size_t _len = elems.ext_supp_rates_len; 1182 if (_len > sizeof(rates) - rates_len) 1183 _len = sizeof(rates) - rates_len; 1184 os_memcpy(rates + rates_len, elems.ext_supp_rates, _len); 1185 rates_len += _len; 1186 } 1187 1188 if (wpa_drv_set_bssid(wpa_s, wpa_s->bssid) < 0) { 1189 wpa_printf(MSG_DEBUG, "MLME: failed to set BSSID for the " 1190 "netstack"); 1191 } 1192 if (wpa_drv_set_ssid(wpa_s, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len) < 1193 0) { 1194 wpa_printf(MSG_DEBUG, "MLME: failed to set SSID for the " 1195 "netstack"); 1196 } 1197 1198 /* Remove STA entry before adding a new one just in case to avoid 1199 * problems with existing configuration (e.g., keys). */ 1200 wpa_drv_mlme_remove_sta(wpa_s, wpa_s->bssid); 1201 if (wpa_drv_mlme_add_sta(wpa_s, wpa_s->bssid, rates, rates_len) < 0) { 1202 wpa_printf(MSG_DEBUG, "MLME: failed to add STA entry to the " 1203 "netstack"); 1204 } 1205 1206 if (elems.wmm && wpa_s->mlme.wmm_enabled) 1207 ieee80211_sta_wmm_params(wpa_s, elems.wmm, elems.wmm_len); 1208 1209 ieee80211_associated(wpa_s); 1210 1211 if (wpa_s->mlme.auth_alg != WLAN_AUTH_FT && 1212 os_strcmp(wpa_s->driver->name, "test") == 0 && 1213 elems.wmm && wpa_s->mlme.wmm_enabled) { 1214 /* Test WMM-AC - send ADDTS for WMM TSPEC */ 1215 ieee80211_tx_addts(wpa_s); 1216 } 1217} 1218 1219 1220/* Caller must hold local->sta_bss_lock */ 1221static void __ieee80211_bss_hash_add(struct wpa_supplicant *wpa_s, 1222 struct ieee80211_sta_bss *bss) 1223{ 1224 bss->hnext = wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)]; 1225 wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)] = bss; 1226} 1227 1228 1229/* Caller must hold local->sta_bss_lock */ 1230static void __ieee80211_bss_hash_del(struct wpa_supplicant *wpa_s, 1231 struct ieee80211_sta_bss *bss) 1232{ 1233 struct ieee80211_sta_bss *b, *prev = NULL; 1234 b = wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)]; 1235 while (b) { 1236 if (b == bss) { 1237 if (prev == NULL) { 1238 wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)] 1239 = bss->hnext; 1240 } else { 1241 prev->hnext = bss->hnext; 1242 } 1243 break; 1244 } 1245 prev = b; 1246 b = b->hnext; 1247 } 1248} 1249 1250 1251static struct ieee80211_sta_bss * 1252ieee80211_bss_add(struct wpa_supplicant *wpa_s, const u8 *bssid) 1253{ 1254 struct ieee80211_sta_bss *bss; 1255 1256 bss = os_zalloc(sizeof(*bss)); 1257 if (bss == NULL) 1258 return NULL; 1259 os_memcpy(bss->bssid, bssid, ETH_ALEN); 1260 1261 /* TODO: order by RSSI? */ 1262 bss->next = wpa_s->mlme.sta_bss_list; 1263 wpa_s->mlme.sta_bss_list = bss; 1264 __ieee80211_bss_hash_add(wpa_s, bss); 1265 return bss; 1266} 1267 1268 1269static struct ieee80211_sta_bss * 1270ieee80211_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid) 1271{ 1272 struct ieee80211_sta_bss *bss; 1273 1274 bss = wpa_s->mlme.sta_bss_hash[STA_HASH(bssid)]; 1275 while (bss) { 1276 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0) 1277 break; 1278 bss = bss->hnext; 1279 } 1280 return bss; 1281} 1282 1283 1284static void ieee80211_bss_free(struct wpa_supplicant *wpa_s, 1285 struct ieee80211_sta_bss *bss) 1286{ 1287 __ieee80211_bss_hash_del(wpa_s, bss); 1288 os_free(bss->ie); 1289 os_free(bss->wpa_ie); 1290 os_free(bss->rsn_ie); 1291 os_free(bss->wmm_ie); 1292 os_free(bss->mdie); 1293 os_free(bss); 1294} 1295 1296 1297static void ieee80211_bss_list_deinit(struct wpa_supplicant *wpa_s) 1298{ 1299 struct ieee80211_sta_bss *bss, *prev; 1300 1301 bss = wpa_s->mlme.sta_bss_list; 1302 wpa_s->mlme.sta_bss_list = NULL; 1303 while (bss) { 1304 prev = bss; 1305 bss = bss->next; 1306 ieee80211_bss_free(wpa_s, prev); 1307 } 1308} 1309 1310 1311static void ieee80211_bss_info(struct wpa_supplicant *wpa_s, 1312 struct ieee80211_mgmt *mgmt, 1313 size_t len, 1314 struct ieee80211_rx_status *rx_status, 1315 int beacon) 1316{ 1317 struct ieee802_11_elems elems; 1318 size_t baselen; 1319 int channel, invalid = 0, clen; 1320 struct ieee80211_sta_bss *bss; 1321 u64 timestamp; 1322 u8 *pos, *ie_pos; 1323 size_t ie_len; 1324 1325 if (!beacon && os_memcmp(mgmt->da, wpa_s->own_addr, ETH_ALEN)) 1326 return; /* ignore ProbeResp to foreign address */ 1327 1328#if 0 1329 wpa_printf(MSG_MSGDUMP, "MLME: RX %s from " MACSTR " to " MACSTR, 1330 beacon ? "Beacon" : "Probe Response", 1331 MAC2STR(mgmt->sa), MAC2STR(mgmt->da)); 1332#endif 1333 1334 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 1335 if (baselen > len) 1336 return; 1337 1338 pos = mgmt->u.beacon.timestamp; 1339 timestamp = WPA_GET_LE64(pos); 1340 1341#if 0 /* FIX */ 1342 if (local->conf.mode == IW_MODE_ADHOC && beacon && 1343 os_memcmp(mgmt->bssid, local->bssid, ETH_ALEN) == 0) { 1344#ifdef IEEE80211_IBSS_DEBUG 1345 static unsigned long last_tsf_debug = 0; 1346 u64 tsf; 1347 if (local->hw->get_tsf) 1348 tsf = local->hw->get_tsf(local->mdev); 1349 else 1350 tsf = -1LLU; 1351 if (time_after(jiffies, last_tsf_debug + 5 * HZ)) { 1352 wpa_printf(MSG_DEBUG, "RX beacon SA=" MACSTR " BSSID=" 1353 MACSTR " TSF=0x%llx BCN=0x%llx diff=%lld " 1354 "@%ld", 1355 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid), 1356 tsf, timestamp, tsf - timestamp, jiffies); 1357 last_tsf_debug = jiffies; 1358 } 1359#endif /* IEEE80211_IBSS_DEBUG */ 1360 } 1361#endif 1362 1363 ie_pos = mgmt->u.beacon.variable; 1364 ie_len = len - baselen; 1365 if (ieee802_11_parse_elems(ie_pos, ie_len, &elems, 0) == ParseFailed) 1366 invalid = 1; 1367 1368#if 0 /* FIX */ 1369 if (local->conf.mode == IW_MODE_ADHOC && elems.supp_rates && 1370 os_memcmp(mgmt->bssid, local->bssid, ETH_ALEN) == 0 && 1371 (sta = sta_info_get(local, mgmt->sa))) { 1372 struct ieee80211_rate *rates; 1373 size_t num_rates; 1374 u32 supp_rates, prev_rates; 1375 int i, j, oper_mode; 1376 1377 rates = local->curr_rates; 1378 num_rates = local->num_curr_rates; 1379 oper_mode = wpa_s->mlme.sta_scanning ? 1380 local->scan_oper_phymode : local->conf.phymode; 1381 for (i = 0; i < local->hw->num_modes; i++) { 1382 struct ieee80211_hw_modes *mode = &local->hw->modes[i]; 1383 if (oper_mode == mode->mode) { 1384 rates = mode->rates; 1385 num_rates = mode->num_rates; 1386 break; 1387 } 1388 } 1389 1390 supp_rates = 0; 1391 for (i = 0; i < elems.supp_rates_len + 1392 elems.ext_supp_rates_len; i++) { 1393 u8 rate = 0; 1394 int own_rate; 1395 if (i < elems.supp_rates_len) 1396 rate = elems.supp_rates[i]; 1397 else if (elems.ext_supp_rates) 1398 rate = elems.ext_supp_rates 1399 [i - elems.supp_rates_len]; 1400 own_rate = 5 * (rate & 0x7f); 1401 if (oper_mode == MODE_ATHEROS_TURBO) 1402 own_rate *= 2; 1403 for (j = 0; j < num_rates; j++) 1404 if (rates[j].rate == own_rate) 1405 supp_rates |= BIT(j); 1406 } 1407 1408 prev_rates = sta->supp_rates; 1409 sta->supp_rates &= supp_rates; 1410 if (sta->supp_rates == 0) { 1411 /* No matching rates - this should not really happen. 1412 * Make sure that at least one rate is marked 1413 * supported to avoid issues with TX rate ctrl. */ 1414 sta->supp_rates = wpa_s->mlme.supp_rates_bits; 1415 } 1416 if (sta->supp_rates != prev_rates) { 1417 wpa_printf(MSG_DEBUG, "MLME: updated supp_rates set " 1418 "for " MACSTR " based on beacon info " 1419 "(0x%x & 0x%x -> 0x%x)", 1420 MAC2STR(sta->addr), prev_rates, 1421 supp_rates, sta->supp_rates); 1422 } 1423 sta_info_release(local, sta); 1424 } 1425#endif 1426 1427 if (elems.ssid == NULL) 1428 return; 1429 1430 if (elems.ds_params && elems.ds_params_len == 1) 1431 channel = elems.ds_params[0]; 1432 else 1433 channel = rx_status->channel; 1434 1435 bss = ieee80211_bss_get(wpa_s, mgmt->bssid); 1436 if (bss == NULL) { 1437 bss = ieee80211_bss_add(wpa_s, mgmt->bssid); 1438 if (bss == NULL) 1439 return; 1440 } else { 1441#if 0 1442 /* TODO: order by RSSI? */ 1443 spin_lock_bh(&local->sta_bss_lock); 1444 list_move_tail(&bss->list, &local->sta_bss_list); 1445 spin_unlock_bh(&local->sta_bss_lock); 1446#endif 1447 } 1448 1449 if (bss->probe_resp && beacon) { 1450 /* Do not allow beacon to override data from Probe Response. */ 1451 return; 1452 } 1453 1454 bss->beacon_int = le_to_host16(mgmt->u.beacon.beacon_int); 1455 bss->capability = le_to_host16(mgmt->u.beacon.capab_info); 1456 1457 if (bss->ie == NULL || bss->ie_len < ie_len) { 1458 os_free(bss->ie); 1459 bss->ie = os_malloc(ie_len); 1460 } 1461 if (bss->ie) { 1462 os_memcpy(bss->ie, ie_pos, ie_len); 1463 bss->ie_len = ie_len; 1464 } 1465 1466 if (elems.ssid && elems.ssid_len <= MAX_SSID_LEN) { 1467 os_memcpy(bss->ssid, elems.ssid, elems.ssid_len); 1468 bss->ssid_len = elems.ssid_len; 1469 } 1470 1471 bss->supp_rates_len = 0; 1472 if (elems.supp_rates) { 1473 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 1474 if (clen > elems.supp_rates_len) 1475 clen = elems.supp_rates_len; 1476 os_memcpy(&bss->supp_rates[bss->supp_rates_len], 1477 elems.supp_rates, clen); 1478 bss->supp_rates_len += clen; 1479 } 1480 if (elems.ext_supp_rates) { 1481 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 1482 if (clen > elems.ext_supp_rates_len) 1483 clen = elems.ext_supp_rates_len; 1484 os_memcpy(&bss->supp_rates[bss->supp_rates_len], 1485 elems.ext_supp_rates, clen); 1486 bss->supp_rates_len += clen; 1487 } 1488 1489 if (elems.wpa_ie && 1490 (bss->wpa_ie == NULL || bss->wpa_ie_len != elems.wpa_ie_len || 1491 os_memcmp(bss->wpa_ie, elems.wpa_ie, elems.wpa_ie_len))) { 1492 os_free(bss->wpa_ie); 1493 bss->wpa_ie = os_malloc(elems.wpa_ie_len + 2); 1494 if (bss->wpa_ie) { 1495 os_memcpy(bss->wpa_ie, elems.wpa_ie - 2, 1496 elems.wpa_ie_len + 2); 1497 bss->wpa_ie_len = elems.wpa_ie_len + 2; 1498 } else 1499 bss->wpa_ie_len = 0; 1500 } else if (!elems.wpa_ie && bss->wpa_ie) { 1501 os_free(bss->wpa_ie); 1502 bss->wpa_ie = NULL; 1503 bss->wpa_ie_len = 0; 1504 } 1505 1506 if (elems.rsn_ie && 1507 (bss->rsn_ie == NULL || bss->rsn_ie_len != elems.rsn_ie_len || 1508 os_memcmp(bss->rsn_ie, elems.rsn_ie, elems.rsn_ie_len))) { 1509 os_free(bss->rsn_ie); 1510 bss->rsn_ie = os_malloc(elems.rsn_ie_len + 2); 1511 if (bss->rsn_ie) { 1512 os_memcpy(bss->rsn_ie, elems.rsn_ie - 2, 1513 elems.rsn_ie_len + 2); 1514 bss->rsn_ie_len = elems.rsn_ie_len + 2; 1515 } else 1516 bss->rsn_ie_len = 0; 1517 } else if (!elems.rsn_ie && bss->rsn_ie) { 1518 os_free(bss->rsn_ie); 1519 bss->rsn_ie = NULL; 1520 bss->rsn_ie_len = 0; 1521 } 1522 1523 if (elems.wmm && 1524 (bss->wmm_ie == NULL || bss->wmm_ie_len != elems.wmm_len || 1525 os_memcmp(bss->wmm_ie, elems.wmm, elems.wmm_len))) { 1526 os_free(bss->wmm_ie); 1527 bss->wmm_ie = os_malloc(elems.wmm_len + 2); 1528 if (bss->wmm_ie) { 1529 os_memcpy(bss->wmm_ie, elems.wmm - 2, 1530 elems.wmm_len + 2); 1531 bss->wmm_ie_len = elems.wmm_len + 2; 1532 } else 1533 bss->wmm_ie_len = 0; 1534 } else if (!elems.wmm && bss->wmm_ie) { 1535 os_free(bss->wmm_ie); 1536 bss->wmm_ie = NULL; 1537 bss->wmm_ie_len = 0; 1538 } 1539 1540#ifdef CONFIG_IEEE80211R 1541 if (elems.mdie && 1542 (bss->mdie == NULL || bss->mdie_len != elems.mdie_len || 1543 os_memcmp(bss->mdie, elems.mdie, elems.mdie_len))) { 1544 os_free(bss->mdie); 1545 bss->mdie = os_malloc(elems.mdie_len + 2); 1546 if (bss->mdie) { 1547 os_memcpy(bss->mdie, elems.mdie - 2, 1548 elems.mdie_len + 2); 1549 bss->mdie_len = elems.mdie_len + 2; 1550 } else 1551 bss->mdie_len = 0; 1552 } else if (!elems.mdie && bss->mdie) { 1553 os_free(bss->mdie); 1554 bss->mdie = NULL; 1555 bss->mdie_len = 0; 1556 } 1557#endif /* CONFIG_IEEE80211R */ 1558 1559 bss->hw_mode = wpa_s->mlme.phymode; 1560 bss->channel = channel; 1561 bss->freq = wpa_s->mlme.freq; 1562 if (channel != wpa_s->mlme.channel && 1563 (wpa_s->mlme.phymode == HOSTAPD_MODE_IEEE80211G || 1564 wpa_s->mlme.phymode == HOSTAPD_MODE_IEEE80211B) && 1565 channel >= 1 && channel <= 14) { 1566 static const int freq_list[] = { 1567 2412, 2417, 2422, 2427, 2432, 2437, 2442, 1568 2447, 2452, 2457, 2462, 2467, 2472, 2484 1569 }; 1570 /* IEEE 802.11g/b mode can receive packets from neighboring 1571 * channels, so map the channel into frequency. */ 1572 bss->freq = freq_list[channel - 1]; 1573 } 1574 bss->timestamp = timestamp; 1575 os_get_time(&bss->last_update); 1576 bss->rssi = rx_status->ssi; 1577 if (!beacon) 1578 bss->probe_resp++; 1579} 1580 1581 1582static void ieee80211_rx_mgmt_probe_resp(struct wpa_supplicant *wpa_s, 1583 struct ieee80211_mgmt *mgmt, 1584 size_t len, 1585 struct ieee80211_rx_status *rx_status) 1586{ 1587 ieee80211_bss_info(wpa_s, mgmt, len, rx_status, 0); 1588} 1589 1590 1591static void ieee80211_rx_mgmt_beacon(struct wpa_supplicant *wpa_s, 1592 struct ieee80211_mgmt *mgmt, 1593 size_t len, 1594 struct ieee80211_rx_status *rx_status) 1595{ 1596 int use_protection; 1597 size_t baselen; 1598 struct ieee802_11_elems elems; 1599 1600 ieee80211_bss_info(wpa_s, mgmt, len, rx_status, 1); 1601 1602 if (!wpa_s->mlme.associated || 1603 os_memcmp(wpa_s->bssid, mgmt->bssid, ETH_ALEN) != 0) 1604 return; 1605 1606 /* Process beacon from the current BSS */ 1607 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 1608 if (baselen > len) 1609 return; 1610 1611 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen, 1612 &elems, 0) == ParseFailed) 1613 return; 1614 1615 use_protection = 0; 1616 if (elems.erp_info && elems.erp_info_len >= 1) { 1617 use_protection = 1618 (elems.erp_info[0] & ERP_INFO_USE_PROTECTION) != 0; 1619 } 1620 1621 if (use_protection != !!wpa_s->mlme.use_protection) { 1622 wpa_printf(MSG_DEBUG, "MLME: CTS protection %s (BSSID=" MACSTR 1623 ")", 1624 use_protection ? "enabled" : "disabled", 1625 MAC2STR(wpa_s->bssid)); 1626 wpa_s->mlme.use_protection = use_protection ? 1 : 0; 1627 wpa_s->mlme.cts_protect_erp_frames = use_protection; 1628 } 1629 1630 if (elems.wmm && wpa_s->mlme.wmm_enabled) { 1631 ieee80211_sta_wmm_params(wpa_s, elems.wmm, 1632 elems.wmm_len); 1633 } 1634} 1635 1636 1637static void ieee80211_rx_mgmt_probe_req(struct wpa_supplicant *wpa_s, 1638 struct ieee80211_mgmt *mgmt, 1639 size_t len, 1640 struct ieee80211_rx_status *rx_status) 1641{ 1642 int tx_last_beacon, adhoc; 1643#if 0 /* FIX */ 1644 struct ieee80211_mgmt *resp; 1645#endif 1646 u8 *pos, *end; 1647 struct wpa_ssid *ssid = wpa_s->current_ssid; 1648 1649 adhoc = ssid && ssid->mode == WPAS_MODE_IBSS; 1650 1651 if (!adhoc || wpa_s->mlme.state != IEEE80211_IBSS_JOINED || 1652 len < 24 + 2 || wpa_s->mlme.probe_resp == NULL) 1653 return; 1654 1655#if 0 /* FIX */ 1656 if (local->hw->tx_last_beacon) 1657 tx_last_beacon = local->hw->tx_last_beacon(local->mdev); 1658 else 1659#endif 1660 tx_last_beacon = 1; 1661 1662#ifdef IEEE80211_IBSS_DEBUG 1663 wpa_printf(MSG_DEBUG, "MLME: RX ProbeReq SA=" MACSTR " DA=" MACSTR 1664 " BSSID=" MACSTR " (tx_last_beacon=%d)", 1665 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), 1666 MAC2STR(mgmt->bssid), tx_last_beacon); 1667#endif /* IEEE80211_IBSS_DEBUG */ 1668 1669 if (!tx_last_beacon) 1670 return; 1671 1672 if (os_memcmp(mgmt->bssid, wpa_s->bssid, ETH_ALEN) != 0 && 1673 os_memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0) 1674 return; 1675 1676 end = ((u8 *) mgmt) + len; 1677 pos = mgmt->u.probe_req.variable; 1678 if (pos[0] != WLAN_EID_SSID || 1679 pos + 2 + pos[1] > end) { 1680 wpa_printf(MSG_DEBUG, "MLME: Invalid SSID IE in ProbeReq from " 1681 MACSTR, MAC2STR(mgmt->sa)); 1682 return; 1683 } 1684 if (pos[1] != 0 && 1685 (pos[1] != wpa_s->mlme.ssid_len || 1686 os_memcmp(pos + 2, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len) != 0)) 1687 { 1688 /* Ignore ProbeReq for foreign SSID */ 1689 return; 1690 } 1691 1692#if 0 /* FIX */ 1693 /* Reply with ProbeResp */ 1694 skb = skb_copy(wpa_s->mlme.probe_resp, GFP_ATOMIC); 1695 if (skb == NULL) 1696 return; 1697 1698 resp = (struct ieee80211_mgmt *) skb->data; 1699 os_memcpy(resp->da, mgmt->sa, ETH_ALEN); 1700#ifdef IEEE80211_IBSS_DEBUG 1701 wpa_printf(MSG_DEBUG, "MLME: Sending ProbeResp to " MACSTR, 1702 MAC2STR(resp->da)); 1703#endif /* IEEE80211_IBSS_DEBUG */ 1704 ieee80211_sta_tx(wpa_s, skb, 0, 1); 1705#endif 1706} 1707 1708 1709#ifdef CONFIG_IEEE80211R 1710static void ieee80211_rx_mgmt_ft_action(struct wpa_supplicant *wpa_s, 1711 struct ieee80211_mgmt *mgmt, 1712 size_t len, 1713 struct ieee80211_rx_status *rx_status) 1714{ 1715 union wpa_event_data data; 1716 u16 status; 1717 u8 *sta_addr, *target_ap_addr; 1718 1719 if (len < 24 + 1 + sizeof(mgmt->u.action.u.ft_action_resp)) { 1720 wpa_printf(MSG_DEBUG, "MLME: Too short FT Action frame"); 1721 return; 1722 } 1723 1724 /* 1725 * Only FT Action Response is needed for now since reservation 1726 * protocol is not supported. 1727 */ 1728 if (mgmt->u.action.u.ft_action_resp.action != 2) { 1729 wpa_printf(MSG_DEBUG, "MLME: Unexpected FT Action %d", 1730 mgmt->u.action.u.ft_action_resp.action); 1731 return; 1732 } 1733 1734 status = le_to_host16(mgmt->u.action.u.ft_action_resp.status_code); 1735 sta_addr = mgmt->u.action.u.ft_action_resp.sta_addr; 1736 target_ap_addr = mgmt->u.action.u.ft_action_resp.target_ap_addr; 1737 wpa_printf(MSG_DEBUG, "MLME: Received FT Action Response: STA " MACSTR 1738 " TargetAP " MACSTR " Status Code %d", 1739 MAC2STR(sta_addr), MAC2STR(target_ap_addr), status); 1740 if (os_memcmp(sta_addr, wpa_s->own_addr, ETH_ALEN) != 0) { 1741 wpa_printf(MSG_DEBUG, "MLME: Foreign STA Address " MACSTR 1742 " in FT Action Response", MAC2STR(sta_addr)); 1743 return; 1744 } 1745 1746 if (status) { 1747 wpa_printf(MSG_DEBUG, "MLME: FT Action Response indicates " 1748 "failure (status code %d)", status); 1749 /* TODO: report error to FT code(?) */ 1750 return; 1751 } 1752 1753 os_memset(&data, 0, sizeof(data)); 1754 data.ft_ies.ies = mgmt->u.action.u.ft_action_resp.variable; 1755 data.ft_ies.ies_len = len - (mgmt->u.action.u.ft_action_resp.variable - 1756 (u8 *) mgmt); 1757 data.ft_ies.ft_action = 1; 1758 os_memcpy(data.ft_ies.target_ap, target_ap_addr, ETH_ALEN); 1759 wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &data); 1760 /* TODO: should only re-associate, if EVENT_FT_RESPONSE was processed 1761 * successfully */ 1762 wpa_s->mlme.prev_bssid_set = 1; 1763 wpa_s->mlme.auth_alg = WLAN_AUTH_FT; 1764 os_memcpy(wpa_s->mlme.prev_bssid, wpa_s->bssid, ETH_ALEN); 1765 os_memcpy(wpa_s->bssid, target_ap_addr, ETH_ALEN); 1766 ieee80211_associate(wpa_s); 1767} 1768#endif /* CONFIG_IEEE80211R */ 1769 1770 1771#ifdef CONFIG_IEEE80211W 1772 1773/* MLME-SAQuery.response */ 1774static int ieee80211_sta_send_sa_query_resp(struct wpa_supplicant *wpa_s, 1775 const u8 *addr, const u8 *trans_id) 1776{ 1777 struct ieee80211_mgmt *mgmt; 1778 int res; 1779 size_t len; 1780 1781 mgmt = os_zalloc(sizeof(*mgmt)); 1782 if (mgmt == NULL) { 1783 wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for " 1784 "SA Query action frame"); 1785 return -1; 1786 } 1787 1788 len = 24; 1789 os_memcpy(mgmt->da, addr, ETH_ALEN); 1790 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN); 1791 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN); 1792 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1793 WLAN_FC_STYPE_ACTION); 1794 mgmt->u.action.category = WLAN_ACTION_SA_QUERY; 1795 mgmt->u.action.u.sa_query_resp.action = WLAN_SA_QUERY_RESPONSE; 1796 os_memcpy(mgmt->u.action.u.sa_query_resp.trans_id, trans_id, 1797 WLAN_SA_QUERY_TR_ID_LEN); 1798 len += 1 + sizeof(mgmt->u.action.u.sa_query_resp); 1799 1800 res = ieee80211_sta_tx(wpa_s, (u8 *) mgmt, len); 1801 os_free(mgmt); 1802 1803 return res; 1804} 1805 1806 1807static void ieee80211_rx_mgmt_sa_query_action( 1808 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len, 1809 struct ieee80211_rx_status *rx_status) 1810{ 1811 if (len < 24 + 1 + sizeof(mgmt->u.action.u.sa_query_req)) { 1812 wpa_printf(MSG_DEBUG, "MLME: Too short SA Query Action frame"); 1813 return; 1814 } 1815 1816 if (mgmt->u.action.u.sa_query_req.action != WLAN_SA_QUERY_REQUEST) { 1817 wpa_printf(MSG_DEBUG, "MLME: Unexpected SA Query Action %d", 1818 mgmt->u.action.u.sa_query_req.action); 1819 return; 1820 } 1821 1822 if (os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) != 0) { 1823 wpa_printf(MSG_DEBUG, "MLME: Ignore SA Query from unknown " 1824 "source " MACSTR, MAC2STR(mgmt->sa)); 1825 return; 1826 } 1827 1828 if (wpa_s->mlme.state == IEEE80211_ASSOCIATE) { 1829 wpa_printf(MSG_DEBUG, "MLME: Ignore SA query request during " 1830 "association process"); 1831 return; 1832 } 1833 1834 wpa_printf(MSG_DEBUG, "MLME: Replying to SA Query request"); 1835 ieee80211_sta_send_sa_query_resp(wpa_s, mgmt->sa, mgmt->u.action.u. 1836 sa_query_req.trans_id); 1837} 1838 1839#endif /* CONFIG_IEEE80211W */ 1840 1841 1842static void dump_tspec(struct wmm_tspec_element *tspec) 1843{ 1844 int up, psb, dir, tid; 1845 u16 val; 1846 1847 up = (tspec->ts_info[1] >> 3) & 0x07; 1848 psb = (tspec->ts_info[1] >> 2) & 0x01; 1849 dir = (tspec->ts_info[0] >> 5) & 0x03; 1850 tid = (tspec->ts_info[0] >> 1) & 0x0f; 1851 wpa_printf(MSG_DEBUG, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d", 1852 up, psb, dir, tid); 1853 val = le_to_host16(tspec->nominal_msdu_size); 1854 wpa_printf(MSG_DEBUG, "WMM: Nominal MSDU Size: %d%s", 1855 val & 0x7fff, val & 0x8000 ? " (fixed)" : ""); 1856 wpa_printf(MSG_DEBUG, "WMM: Mean Data Rate: %u bps", 1857 le_to_host32(tspec->mean_data_rate)); 1858 wpa_printf(MSG_DEBUG, "WMM: Minimum PHY Rate: %u bps", 1859 le_to_host32(tspec->minimum_phy_rate)); 1860 val = le_to_host16(tspec->surplus_bandwidth_allowance); 1861 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance: %u.%04u", 1862 val >> 13, 10000 * (val & 0x1fff) / 0x2000); 1863 val = le_to_host16(tspec->medium_time); 1864 wpa_printf(MSG_DEBUG, "WMM: Medium Time: %u (= %u usec/sec)", 1865 val, 32 * val); 1866} 1867 1868 1869static int is_wmm_tspec(const u8 *ie, size_t len) 1870{ 1871 const struct wmm_tspec_element *tspec; 1872 1873 if (len < sizeof(*tspec)) 1874 return 0; 1875 1876 tspec = (const struct wmm_tspec_element *) ie; 1877 if (tspec->eid != WLAN_EID_VENDOR_SPECIFIC || 1878 tspec->length < sizeof(*tspec) - 2 || 1879 tspec->oui[0] != 0x00 || tspec->oui[1] != 0x50 || 1880 tspec->oui[2] != 0xf2 || tspec->oui_type != 2 || 1881 tspec->oui_subtype != 2 || tspec->version != 1) 1882 return 0; 1883 1884 return 1; 1885} 1886 1887 1888static void ieee80211_rx_addts_resp( 1889 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len, 1890 size_t var_len) 1891{ 1892 struct wmm_tspec_element *tspec; 1893 1894 wpa_printf(MSG_DEBUG, "WMM: Received ADDTS Response"); 1895 wpa_hexdump(MSG_MSGDUMP, "WMM: ADDTS Response IE(s)", 1896 mgmt->u.action.u.wmm_action.variable, var_len); 1897 if (!is_wmm_tspec(mgmt->u.action.u.wmm_action.variable, var_len)) 1898 return; 1899 tspec = (struct wmm_tspec_element *) 1900 mgmt->u.action.u.wmm_action.variable; 1901 dump_tspec(tspec); 1902} 1903 1904 1905static void ieee80211_rx_delts( 1906 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len, 1907 size_t var_len) 1908{ 1909 struct wmm_tspec_element *tspec; 1910 1911 wpa_printf(MSG_DEBUG, "WMM: Received DELTS"); 1912 wpa_hexdump(MSG_MSGDUMP, "WMM: DELTS IE(s)", 1913 mgmt->u.action.u.wmm_action.variable, var_len); 1914 if (!is_wmm_tspec(mgmt->u.action.u.wmm_action.variable, var_len)) 1915 return; 1916 tspec = (struct wmm_tspec_element *) 1917 mgmt->u.action.u.wmm_action.variable; 1918 dump_tspec(tspec); 1919} 1920 1921 1922static void ieee80211_rx_mgmt_wmm_action( 1923 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len, 1924 struct ieee80211_rx_status *rx_status) 1925{ 1926 size_t alen; 1927 1928 alen = mgmt->u.action.u.wmm_action.variable - (u8 *) mgmt; 1929 if (len < alen) { 1930 wpa_printf(MSG_DEBUG, "WMM: Received Action frame too short"); 1931 return; 1932 } 1933 1934 wpa_printf(MSG_DEBUG, "WMM: Received Action frame: Action Code %d, " 1935 "Dialog Token %d, Status Code %d", 1936 mgmt->u.action.u.wmm_action.action_code, 1937 mgmt->u.action.u.wmm_action.dialog_token, 1938 mgmt->u.action.u.wmm_action.status_code); 1939 1940 switch (mgmt->u.action.u.wmm_action.action_code) { 1941 case WMM_ACTION_CODE_ADDTS_RESP: 1942 ieee80211_rx_addts_resp(wpa_s, mgmt, len, len - alen); 1943 break; 1944 case WMM_ACTION_CODE_DELTS: 1945 ieee80211_rx_delts(wpa_s, mgmt, len, len - alen); 1946 break; 1947 default: 1948 wpa_printf(MSG_DEBUG, "WMM: Unsupported Action Code %d", 1949 mgmt->u.action.u.wmm_action.action_code); 1950 break; 1951 } 1952} 1953 1954 1955static void ieee80211_rx_mgmt_action(struct wpa_supplicant *wpa_s, 1956 struct ieee80211_mgmt *mgmt, 1957 size_t len, 1958 struct ieee80211_rx_status *rx_status) 1959{ 1960 wpa_printf(MSG_DEBUG, "MLME: received Action frame"); 1961 1962 if (len < 25) 1963 return; 1964 1965 switch (mgmt->u.action.category) { 1966#ifdef CONFIG_IEEE80211R 1967 case WLAN_ACTION_FT: 1968 ieee80211_rx_mgmt_ft_action(wpa_s, mgmt, len, rx_status); 1969 break; 1970#endif /* CONFIG_IEEE80211R */ 1971#ifdef CONFIG_IEEE80211W 1972 case WLAN_ACTION_SA_QUERY: 1973 ieee80211_rx_mgmt_sa_query_action(wpa_s, mgmt, len, rx_status); 1974 break; 1975#endif /* CONFIG_IEEE80211W */ 1976 case WLAN_ACTION_WMM: 1977 ieee80211_rx_mgmt_wmm_action(wpa_s, mgmt, len, rx_status); 1978 break; 1979 case WLAN_ACTION_PUBLIC: 1980 if (wpa_s->mlme.public_action_cb) { 1981 wpa_s->mlme.public_action_cb( 1982 wpa_s->mlme.public_action_cb_ctx, 1983 (u8 *) mgmt, len, rx_status->freq); 1984 return; 1985 } 1986 break; 1987 default: 1988 wpa_printf(MSG_DEBUG, "MLME: unknown Action Category %d", 1989 mgmt->u.action.category); 1990 break; 1991 } 1992} 1993 1994 1995static void ieee80211_sta_rx_mgmt(struct wpa_supplicant *wpa_s, 1996 const u8 *buf, size_t len, 1997 struct ieee80211_rx_status *rx_status) 1998{ 1999 struct ieee80211_mgmt *mgmt; 2000 u16 fc; 2001 2002 if (len < 24) 2003 return; 2004 2005 mgmt = (struct ieee80211_mgmt *) buf; 2006 fc = le_to_host16(mgmt->frame_control); 2007 2008 switch (WLAN_FC_GET_STYPE(fc)) { 2009 case WLAN_FC_STYPE_PROBE_REQ: 2010 ieee80211_rx_mgmt_probe_req(wpa_s, mgmt, len, rx_status); 2011 break; 2012 case WLAN_FC_STYPE_PROBE_RESP: 2013 ieee80211_rx_mgmt_probe_resp(wpa_s, mgmt, len, rx_status); 2014 break; 2015 case WLAN_FC_STYPE_BEACON: 2016 ieee80211_rx_mgmt_beacon(wpa_s, mgmt, len, rx_status); 2017 break; 2018 case WLAN_FC_STYPE_AUTH: 2019 ieee80211_rx_mgmt_auth(wpa_s, mgmt, len, rx_status); 2020 break; 2021 case WLAN_FC_STYPE_ASSOC_RESP: 2022 ieee80211_rx_mgmt_assoc_resp(wpa_s, mgmt, len, rx_status, 0); 2023 break; 2024 case WLAN_FC_STYPE_REASSOC_RESP: 2025 ieee80211_rx_mgmt_assoc_resp(wpa_s, mgmt, len, rx_status, 1); 2026 break; 2027 case WLAN_FC_STYPE_DEAUTH: 2028 ieee80211_rx_mgmt_deauth(wpa_s, mgmt, len, rx_status); 2029 break; 2030 case WLAN_FC_STYPE_DISASSOC: 2031 ieee80211_rx_mgmt_disassoc(wpa_s, mgmt, len, rx_status); 2032 break; 2033 case WLAN_FC_STYPE_ACTION: 2034 ieee80211_rx_mgmt_action(wpa_s, mgmt, len, rx_status); 2035 break; 2036 default: 2037 wpa_printf(MSG_DEBUG, "MLME: received unknown management " 2038 "frame - stype=%d", WLAN_FC_GET_STYPE(fc)); 2039 break; 2040 } 2041} 2042 2043 2044static void ieee80211_sta_rx_scan(struct wpa_supplicant *wpa_s, 2045 const u8 *buf, size_t len, 2046 struct ieee80211_rx_status *rx_status) 2047{ 2048 struct ieee80211_mgmt *mgmt; 2049 u16 fc; 2050 2051 if (len < 24) 2052 return; 2053 2054 mgmt = (struct ieee80211_mgmt *) buf; 2055 fc = le_to_host16(mgmt->frame_control); 2056 2057 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT) { 2058 if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) { 2059 ieee80211_rx_mgmt_probe_resp(wpa_s, mgmt, 2060 len, rx_status); 2061 } else if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) { 2062 ieee80211_rx_mgmt_beacon(wpa_s, mgmt, len, rx_status); 2063 } 2064 } 2065} 2066 2067 2068static int ieee80211_sta_active_ibss(struct wpa_supplicant *wpa_s) 2069{ 2070 int active = 0; 2071 2072#if 0 /* FIX */ 2073 list_for_each(ptr, &local->sta_list) { 2074 sta = list_entry(ptr, struct sta_info, list); 2075 if (sta->dev == dev && 2076 time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL, 2077 jiffies)) { 2078 active++; 2079 break; 2080 } 2081 } 2082#endif 2083 2084 return active; 2085} 2086 2087 2088static void ieee80211_sta_expire(struct wpa_supplicant *wpa_s) 2089{ 2090#if 0 /* FIX */ 2091 list_for_each_safe(ptr, n, &local->sta_list) { 2092 sta = list_entry(ptr, struct sta_info, list); 2093 if (time_after(jiffies, sta->last_rx + 2094 IEEE80211_IBSS_INACTIVITY_LIMIT)) { 2095 wpa_printf(MSG_DEBUG, "MLME: expiring inactive STA " 2096 MACSTR, MAC2STR(sta->addr)); 2097 sta_info_free(local, sta, 1); 2098 } 2099 } 2100#endif 2101} 2102 2103 2104static void ieee80211_sta_merge_ibss(struct wpa_supplicant *wpa_s) 2105{ 2106 struct wpa_driver_scan_params params; 2107 2108 ieee80211_reschedule_timer(wpa_s, IEEE80211_IBSS_MERGE_INTERVAL); 2109 2110 ieee80211_sta_expire(wpa_s); 2111 if (ieee80211_sta_active_ibss(wpa_s)) 2112 return; 2113 2114 wpa_printf(MSG_DEBUG, "MLME: No active IBSS STAs - trying to scan for " 2115 "other IBSS networks with same SSID (merge)"); 2116 os_memset(¶ms, 0, sizeof(params)); 2117 params.ssids[0].ssid = wpa_s->mlme.ssid; 2118 params.ssids[0].ssid_len = wpa_s->mlme.ssid_len; 2119 params.num_ssids = wpa_s->mlme.ssid_len ? 1 : 0; 2120 ieee80211_sta_req_scan(wpa_s, ¶ms); 2121} 2122 2123 2124static void ieee80211_sta_timer(void *eloop_ctx, void *timeout_ctx) 2125{ 2126 struct wpa_supplicant *wpa_s = eloop_ctx; 2127 2128 switch (wpa_s->mlme.state) { 2129 case IEEE80211_DISABLED: 2130 break; 2131 case IEEE80211_AUTHENTICATE: 2132 ieee80211_authenticate(wpa_s); 2133 break; 2134 case IEEE80211_ASSOCIATE: 2135 ieee80211_associate(wpa_s); 2136 break; 2137 case IEEE80211_ASSOCIATED: 2138 ieee80211_associated(wpa_s); 2139 break; 2140 case IEEE80211_IBSS_SEARCH: 2141 ieee80211_sta_find_ibss(wpa_s); 2142 break; 2143 case IEEE80211_IBSS_JOINED: 2144 ieee80211_sta_merge_ibss(wpa_s); 2145 break; 2146 default: 2147 wpa_printf(MSG_DEBUG, "ieee80211_sta_timer: Unknown state %d", 2148 wpa_s->mlme.state); 2149 break; 2150 } 2151 2152 if (ieee80211_privacy_mismatch(wpa_s)) { 2153 wpa_printf(MSG_DEBUG, "MLME: privacy configuration mismatch " 2154 "and mixed-cell disabled - disassociate"); 2155 2156 ieee80211_send_disassoc(wpa_s, WLAN_REASON_UNSPECIFIED); 2157 ieee80211_set_associated(wpa_s, 0); 2158 } 2159} 2160 2161 2162static void ieee80211_sta_new_auth(struct wpa_supplicant *wpa_s) 2163{ 2164 struct wpa_ssid *ssid = wpa_s->current_ssid; 2165 if (ssid && ssid->mode != WPAS_MODE_INFRA) 2166 return; 2167 2168#if 0 /* FIX */ 2169 if (local->hw->reset_tsf) { 2170 /* Reset own TSF to allow time synchronization work. */ 2171 local->hw->reset_tsf(local->mdev); 2172 } 2173#endif 2174 2175 wpa_s->mlme.wmm_last_param_set = -1; /* allow any WMM update */ 2176 2177 2178 if (wpa_s->mlme.auth_algs & WPA_AUTH_ALG_OPEN) 2179 wpa_s->mlme.auth_alg = WLAN_AUTH_OPEN; 2180 else if (wpa_s->mlme.auth_algs & WPA_AUTH_ALG_SHARED) 2181 wpa_s->mlme.auth_alg = WLAN_AUTH_SHARED_KEY; 2182 else if (wpa_s->mlme.auth_algs & WPA_AUTH_ALG_LEAP) 2183 wpa_s->mlme.auth_alg = WLAN_AUTH_LEAP; 2184 else 2185 wpa_s->mlme.auth_alg = WLAN_AUTH_OPEN; 2186 wpa_printf(MSG_DEBUG, "MLME: Initial auth_alg=%d", 2187 wpa_s->mlme.auth_alg); 2188 wpa_s->mlme.auth_transaction = -1; 2189 wpa_s->mlme.auth_tries = wpa_s->mlme.assoc_tries = 0; 2190 ieee80211_authenticate(wpa_s); 2191} 2192 2193 2194static int ieee80211_ibss_allowed(struct wpa_supplicant *wpa_s) 2195{ 2196#if 0 /* FIX */ 2197 int m, c; 2198 2199 for (m = 0; m < local->hw->num_modes; m++) { 2200 struct ieee80211_hw_modes *mode = &local->hw->modes[m]; 2201 if (mode->mode != local->conf.phymode) 2202 continue; 2203 for (c = 0; c < mode->num_channels; c++) { 2204 struct ieee80211_channel *chan = &mode->channels[c]; 2205 if (chan->flag & IEEE80211_CHAN_W_SCAN && 2206 chan->chan == local->conf.channel) { 2207 if (chan->flag & IEEE80211_CHAN_W_IBSS) 2208 return 1; 2209 break; 2210 } 2211 } 2212 } 2213#endif 2214 2215 return 0; 2216} 2217 2218 2219static int ieee80211_sta_join_ibss(struct wpa_supplicant *wpa_s, 2220 struct ieee80211_sta_bss *bss) 2221{ 2222 int res = 0, rates, done = 0, bssid_changed; 2223 struct ieee80211_mgmt *mgmt; 2224#if 0 /* FIX */ 2225 struct ieee80211_tx_control control; 2226 struct ieee80211_rate *rate; 2227 struct rate_control_extra extra; 2228#endif 2229 u8 *pos, *buf; 2230 size_t len; 2231 2232 /* Remove possible STA entries from other IBSS networks. */ 2233#if 0 /* FIX */ 2234 sta_info_flush(local, NULL); 2235 2236 if (local->hw->reset_tsf) { 2237 /* Reset own TSF to allow time synchronization work. */ 2238 local->hw->reset_tsf(local->mdev); 2239 } 2240#endif 2241 bssid_changed = os_memcmp(wpa_s->bssid, bss->bssid, ETH_ALEN); 2242 os_memcpy(wpa_s->bssid, bss->bssid, ETH_ALEN); 2243 if (bssid_changed) 2244 wpas_notify_bssid_changed(wpa_s); 2245 2246#if 0 /* FIX */ 2247 local->conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10; 2248 2249 sdata->drop_unencrypted = bss->capability & 2250 host_to_le16(WLAN_CAPABILITY_PRIVACY) ? 1 : 0; 2251#endif 2252 2253#if 0 /* FIX */ 2254 os_memset(&rq, 0, sizeof(rq)); 2255 rq.m = bss->freq * 100000; 2256 rq.e = 1; 2257 res = ieee80211_ioctl_siwfreq(wpa_s, NULL, &rq, NULL); 2258#endif 2259 2260 if (!ieee80211_ibss_allowed(wpa_s)) { 2261#if 0 /* FIX */ 2262 wpa_printf(MSG_DEBUG, "MLME: IBSS not allowed on channel %d " 2263 "(%d MHz)", local->conf.channel, 2264 local->conf.freq); 2265#endif 2266 return -1; 2267 } 2268 2269 /* Set beacon template based on scan results */ 2270 buf = os_malloc(400); 2271 len = 0; 2272 do { 2273 if (buf == NULL) 2274 break; 2275 2276 mgmt = (struct ieee80211_mgmt *) buf; 2277 len += 24 + sizeof(mgmt->u.beacon); 2278 os_memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon)); 2279 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 2280 WLAN_FC_STYPE_BEACON); 2281 os_memset(mgmt->da, 0xff, ETH_ALEN); 2282 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN); 2283 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN); 2284#if 0 /* FIX */ 2285 mgmt->u.beacon.beacon_int = 2286 host_to_le16(local->conf.beacon_int); 2287#endif 2288 mgmt->u.beacon.capab_info = host_to_le16(bss->capability); 2289 2290 pos = buf + len; 2291 len += 2 + wpa_s->mlme.ssid_len; 2292 *pos++ = WLAN_EID_SSID; 2293 *pos++ = wpa_s->mlme.ssid_len; 2294 os_memcpy(pos, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len); 2295 2296 rates = bss->supp_rates_len; 2297 if (rates > 8) 2298 rates = 8; 2299 pos = buf + len; 2300 len += 2 + rates; 2301 *pos++ = WLAN_EID_SUPP_RATES; 2302 *pos++ = rates; 2303 os_memcpy(pos, bss->supp_rates, rates); 2304 2305 pos = buf + len; 2306 len += 2 + 1; 2307 *pos++ = WLAN_EID_DS_PARAMS; 2308 *pos++ = 1; 2309 *pos++ = bss->channel; 2310 2311 pos = buf + len; 2312 len += 2 + 2; 2313 *pos++ = WLAN_EID_IBSS_PARAMS; 2314 *pos++ = 2; 2315 /* FIX: set ATIM window based on scan results */ 2316 *pos++ = 0; 2317 *pos++ = 0; 2318 2319 if (bss->supp_rates_len > 8) { 2320 rates = bss->supp_rates_len - 8; 2321 pos = buf + len; 2322 len += 2 + rates; 2323 *pos++ = WLAN_EID_EXT_SUPP_RATES; 2324 *pos++ = rates; 2325 os_memcpy(pos, &bss->supp_rates[8], rates); 2326 } 2327 2328#if 0 /* FIX */ 2329 os_memset(&control, 0, sizeof(control)); 2330 control.pkt_type = PKT_PROBE_RESP; 2331 os_memset(&extra, 0, sizeof(extra)); 2332 extra.endidx = local->num_curr_rates; 2333 rate = rate_control_get_rate(wpa_s, skb, &extra); 2334 if (rate == NULL) { 2335 wpa_printf(MSG_DEBUG, "MLME: Failed to determine TX " 2336 "rate for IBSS beacon"); 2337 break; 2338 } 2339 control.tx_rate = (wpa_s->mlme.short_preamble && 2340 (rate->flags & IEEE80211_RATE_PREAMBLE2)) ? 2341 rate->val2 : rate->val; 2342 control.antenna_sel = local->conf.antenna_sel; 2343 control.power_level = local->conf.power_level; 2344 control.no_ack = 1; 2345 control.retry_limit = 1; 2346 control.rts_cts_duration = 0; 2347#endif 2348 2349#if 0 /* FIX */ 2350 wpa_s->mlme.probe_resp = skb_copy(skb, GFP_ATOMIC); 2351 if (wpa_s->mlme.probe_resp) { 2352 mgmt = (struct ieee80211_mgmt *) 2353 wpa_s->mlme.probe_resp->data; 2354 mgmt->frame_control = 2355 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 2356 WLAN_FC_STYPE_PROBE_RESP); 2357 } else { 2358 wpa_printf(MSG_DEBUG, "MLME: Could not allocate " 2359 "ProbeResp template for IBSS"); 2360 } 2361 2362 if (local->hw->beacon_update && 2363 local->hw->beacon_update(wpa_s, skb, &control) == 0) { 2364 wpa_printf(MSG_DEBUG, "MLME: Configured IBSS beacon " 2365 "template based on scan results"); 2366 skb = NULL; 2367 } 2368 2369 rates = 0; 2370 for (i = 0; i < bss->supp_rates_len; i++) { 2371 int rate = (bss->supp_rates[i] & 0x7f) * 5; 2372 if (local->conf.phymode == MODE_ATHEROS_TURBO) 2373 rate *= 2; 2374 for (j = 0; j < local->num_curr_rates; j++) 2375 if (local->curr_rates[j] == rate) 2376 rates |= BIT(j); 2377 } 2378 wpa_s->mlme.supp_rates_bits = rates; 2379#endif 2380 done = 1; 2381 } while (0); 2382 2383 os_free(buf); 2384 if (!done) { 2385 wpa_printf(MSG_DEBUG, "MLME: Failed to configure IBSS beacon " 2386 "template"); 2387 } 2388 2389 wpa_s->mlme.state = IEEE80211_IBSS_JOINED; 2390 ieee80211_reschedule_timer(wpa_s, IEEE80211_IBSS_MERGE_INTERVAL); 2391 2392 return res; 2393} 2394 2395 2396#if 0 /* FIX */ 2397static int ieee80211_sta_create_ibss(struct wpa_supplicant *wpa_s) 2398{ 2399 struct ieee80211_sta_bss *bss; 2400 u8 bssid[ETH_ALEN], *pos; 2401 int i; 2402 2403#if 0 2404 /* Easier testing, use fixed BSSID. */ 2405 os_memset(bssid, 0xfe, ETH_ALEN); 2406#else 2407 /* Generate random, not broadcast, locally administered BSSID. Mix in 2408 * own MAC address to make sure that devices that do not have proper 2409 * random number generator get different BSSID. */ 2410 os_get_random(bssid, ETH_ALEN); 2411 for (i = 0; i < ETH_ALEN; i++) 2412 bssid[i] ^= wpa_s->own_addr[i]; 2413 bssid[0] &= ~0x01; 2414 bssid[0] |= 0x02; 2415#endif 2416 2417 wpa_printf(MSG_DEBUG, "MLME: Creating new IBSS network, BSSID " 2418 MACSTR "", MAC2STR(bssid)); 2419 2420 bss = ieee80211_bss_add(wpa_s, bssid); 2421 if (bss == NULL) 2422 return -ENOMEM; 2423 2424#if 0 /* FIX */ 2425 if (local->conf.beacon_int == 0) 2426 local->conf.beacon_int = 100; 2427 bss->beacon_int = local->conf.beacon_int; 2428 bss->hw_mode = local->conf.phymode; 2429 bss->channel = local->conf.channel; 2430 bss->freq = local->conf.freq; 2431#endif 2432 os_get_time(&bss->last_update); 2433 bss->capability = host_to_le16(WLAN_CAPABILITY_IBSS); 2434#if 0 /* FIX */ 2435 if (sdata->default_key) { 2436 bss->capability |= host_to_le16(WLAN_CAPABILITY_PRIVACY); 2437 } else 2438 sdata->drop_unencrypted = 0; 2439 bss->supp_rates_len = local->num_curr_rates; 2440#endif 2441 pos = bss->supp_rates; 2442#if 0 /* FIX */ 2443 for (i = 0; i < local->num_curr_rates; i++) { 2444 int rate = local->curr_rates[i]; 2445 if (local->conf.phymode == MODE_ATHEROS_TURBO) 2446 rate /= 2; 2447 *pos++ = (u8) (rate / 5); 2448 } 2449#endif 2450 2451 return ieee80211_sta_join_ibss(wpa_s, bss); 2452} 2453#endif 2454 2455 2456static int ieee80211_sta_find_ibss(struct wpa_supplicant *wpa_s) 2457{ 2458 struct ieee80211_sta_bss *bss; 2459 int found = 0; 2460 u8 bssid[ETH_ALEN]; 2461 int active_ibss; 2462 struct os_time now; 2463 2464 if (wpa_s->mlme.ssid_len == 0) 2465 return -EINVAL; 2466 2467 active_ibss = ieee80211_sta_active_ibss(wpa_s); 2468#ifdef IEEE80211_IBSS_DEBUG 2469 wpa_printf(MSG_DEBUG, "MLME: sta_find_ibss (active_ibss=%d)", 2470 active_ibss); 2471#endif /* IEEE80211_IBSS_DEBUG */ 2472 for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next) { 2473 if (wpa_s->mlme.ssid_len != bss->ssid_len || 2474 os_memcmp(wpa_s->mlme.ssid, bss->ssid, bss->ssid_len) != 0 2475 || !(bss->capability & WLAN_CAPABILITY_IBSS)) 2476 continue; 2477#ifdef IEEE80211_IBSS_DEBUG 2478 wpa_printf(MSG_DEBUG, " bssid=" MACSTR " found", 2479 MAC2STR(bss->bssid)); 2480#endif /* IEEE80211_IBSS_DEBUG */ 2481 os_memcpy(bssid, bss->bssid, ETH_ALEN); 2482 found = 1; 2483 if (active_ibss || 2484 os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) 2485 break; 2486 } 2487 2488#ifdef IEEE80211_IBSS_DEBUG 2489 wpa_printf(MSG_DEBUG, " sta_find_ibss: selected " MACSTR " current " 2490 MACSTR, MAC2STR(bssid), MAC2STR(wpa_s->bssid)); 2491#endif /* IEEE80211_IBSS_DEBUG */ 2492 if (found && os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) != 0 && 2493 (bss = ieee80211_bss_get(wpa_s, bssid))) { 2494 wpa_printf(MSG_DEBUG, "MLME: Selected IBSS BSSID " MACSTR 2495 " based on configured SSID", 2496 MAC2STR(bssid)); 2497 return ieee80211_sta_join_ibss(wpa_s, bss); 2498 } 2499#ifdef IEEE80211_IBSS_DEBUG 2500 wpa_printf(MSG_DEBUG, " did not try to join ibss"); 2501#endif /* IEEE80211_IBSS_DEBUG */ 2502 2503 /* Selected IBSS not found in current scan results - try to scan */ 2504 os_get_time(&now); 2505#if 0 /* FIX */ 2506 if (wpa_s->mlme.state == IEEE80211_IBSS_JOINED && 2507 !ieee80211_sta_active_ibss(wpa_s)) { 2508 ieee80211_reschedule_timer(wpa_s, 2509 IEEE80211_IBSS_MERGE_INTERVAL); 2510 } else if (time_after(jiffies, wpa_s->mlme.last_scan_completed + 2511 IEEE80211_SCAN_INTERVAL)) { 2512 wpa_printf(MSG_DEBUG, "MLME: Trigger new scan to find an IBSS " 2513 "to join"); 2514 return ieee80211_sta_req_scan(wpa_s->mlme.ssid, 2515 wpa_s->mlme.ssid_len); 2516 } else if (wpa_s->mlme.state != IEEE80211_IBSS_JOINED) { 2517 int interval = IEEE80211_SCAN_INTERVAL; 2518 2519 if (time_after(jiffies, wpa_s->mlme.ibss_join_req + 2520 IEEE80211_IBSS_JOIN_TIMEOUT)) { 2521 if (wpa_s->mlme.create_ibss && 2522 ieee80211_ibss_allowed(wpa_s)) 2523 return ieee80211_sta_create_ibss(wpa_s); 2524 if (wpa_s->mlme.create_ibss) { 2525 wpa_printf(MSG_DEBUG, "MLME: IBSS not allowed " 2526 "on the configured channel %d " 2527 "(%d MHz)", 2528 local->conf.channel, 2529 local->conf.freq); 2530 } 2531 2532 /* No IBSS found - decrease scan interval and continue 2533 * scanning. */ 2534 interval = IEEE80211_SCAN_INTERVAL_SLOW; 2535 } 2536 2537 wpa_s->mlme.state = IEEE80211_IBSS_SEARCH; 2538 ieee80211_reschedule_timer(wpa_s, interval); 2539 return 0; 2540 } 2541#endif 2542 2543 return 0; 2544} 2545 2546 2547int ieee80211_sta_get_ssid(struct wpa_supplicant *wpa_s, u8 *ssid, 2548 size_t *len) 2549{ 2550 os_memcpy(ssid, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len); 2551 *len = wpa_s->mlme.ssid_len; 2552 return 0; 2553} 2554 2555 2556int ieee80211_sta_associate(struct wpa_supplicant *wpa_s, 2557 struct wpa_driver_associate_params *params) 2558{ 2559 struct ieee80211_sta_bss *bss; 2560 int bssid_changed; 2561 2562 wpa_s->mlme.bssid_set = 0; 2563 wpa_s->mlme.freq = params->freq; 2564 if (params->bssid) { 2565 bssid_changed = os_memcmp(wpa_s->bssid, params->bssid, 2566 ETH_ALEN); 2567 os_memcpy(wpa_s->bssid, params->bssid, ETH_ALEN); 2568 if (bssid_changed) 2569 wpas_notify_bssid_changed(wpa_s); 2570 2571 if (!is_zero_ether_addr(params->bssid)) 2572 wpa_s->mlme.bssid_set = 1; 2573 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid); 2574 if (bss) { 2575 wpa_s->mlme.phymode = bss->hw_mode; 2576 wpa_s->mlme.channel = bss->channel; 2577 wpa_s->mlme.freq = bss->freq; 2578 } 2579 } 2580 2581#if 0 /* FIX */ 2582 /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is 2583 * not defined. */ 2584 if (local->hw->conf_tx) { 2585 struct ieee80211_tx_queue_params qparam; 2586 int i; 2587 2588 os_memset(&qparam, 0, sizeof(qparam)); 2589 /* TODO: are these ok defaults for all hw_modes? */ 2590 qparam.aifs = 2; 2591 qparam.cw_min = 2592 local->conf.phymode == MODE_IEEE80211B ? 31 : 15; 2593 qparam.cw_max = 1023; 2594 qparam.burst_time = 0; 2595 for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++) 2596 { 2597 local->hw->conf_tx(wpa_s, i + IEEE80211_TX_QUEUE_DATA0, 2598 &qparam); 2599 } 2600 /* IBSS uses different parameters for Beacon sending */ 2601 qparam.cw_min++; 2602 qparam.cw_min *= 2; 2603 qparam.cw_min--; 2604 local->hw->conf_tx(wpa_s, IEEE80211_TX_QUEUE_BEACON, &qparam); 2605 } 2606#endif 2607 2608 if (wpa_s->mlme.ssid_len != params->ssid_len || 2609 os_memcmp(wpa_s->mlme.ssid, params->ssid, params->ssid_len) != 0) 2610 wpa_s->mlme.prev_bssid_set = 0; 2611 os_memcpy(wpa_s->mlme.ssid, params->ssid, params->ssid_len); 2612 os_memset(wpa_s->mlme.ssid + params->ssid_len, 0, 2613 MAX_SSID_LEN - params->ssid_len); 2614 wpa_s->mlme.ssid_len = params->ssid_len; 2615 wpa_s->mlme.ssid_set = 1; 2616 2617 os_free(wpa_s->mlme.extra_ie); 2618 if (params->wpa_ie == NULL || params->wpa_ie_len == 0) { 2619 wpa_s->mlme.extra_ie = NULL; 2620 wpa_s->mlme.extra_ie_len = 0; 2621 } else { 2622 wpa_s->mlme.extra_ie = os_malloc(params->wpa_ie_len); 2623 if (wpa_s->mlme.extra_ie == NULL) { 2624 wpa_s->mlme.extra_ie_len = 0; 2625 return -1; 2626 } 2627 os_memcpy(wpa_s->mlme.extra_ie, params->wpa_ie, 2628 params->wpa_ie_len); 2629 wpa_s->mlme.extra_ie_len = params->wpa_ie_len; 2630 } 2631 2632 wpa_s->mlme.key_mgmt = params->key_mgmt_suite; 2633 2634 ieee80211_sta_set_channel(wpa_s, wpa_s->mlme.phymode, 2635 wpa_s->mlme.channel, wpa_s->mlme.freq); 2636 2637 if (params->mode == WPAS_MODE_IBSS && !wpa_s->mlme.bssid_set) { 2638 os_get_time(&wpa_s->mlme.ibss_join_req); 2639 wpa_s->mlme.state = IEEE80211_IBSS_SEARCH; 2640 return ieee80211_sta_find_ibss(wpa_s); 2641 } 2642 2643 if (wpa_s->mlme.bssid_set) 2644 ieee80211_sta_new_auth(wpa_s); 2645 2646 return 0; 2647} 2648 2649 2650static void ieee80211_sta_save_oper_chan(struct wpa_supplicant *wpa_s) 2651{ 2652 wpa_s->mlme.scan_oper_channel = wpa_s->mlme.channel; 2653 wpa_s->mlme.scan_oper_freq = wpa_s->mlme.freq; 2654 wpa_s->mlme.scan_oper_phymode = wpa_s->mlme.phymode; 2655} 2656 2657 2658static int ieee80211_sta_restore_oper_chan(struct wpa_supplicant *wpa_s) 2659{ 2660 wpa_s->mlme.channel = wpa_s->mlme.scan_oper_channel; 2661 wpa_s->mlme.freq = wpa_s->mlme.scan_oper_freq; 2662 wpa_s->mlme.phymode = wpa_s->mlme.scan_oper_phymode; 2663 if (wpa_s->mlme.freq == 0) 2664 return 0; 2665 return ieee80211_sta_set_channel(wpa_s, wpa_s->mlme.phymode, 2666 wpa_s->mlme.channel, 2667 wpa_s->mlme.freq); 2668} 2669 2670 2671static int ieee80211_active_scan(struct wpa_supplicant *wpa_s) 2672{ 2673 size_t m; 2674 int c; 2675 2676 for (m = 0; m < wpa_s->mlme.num_modes; m++) { 2677 struct hostapd_hw_modes *mode = &wpa_s->mlme.modes[m]; 2678 if ((int) mode->mode != (int) wpa_s->mlme.phymode) 2679 continue; 2680 for (c = 0; c < mode->num_channels; c++) { 2681 struct hostapd_channel_data *chan = &mode->channels[c]; 2682 if (!(chan->flag & HOSTAPD_CHAN_DISABLED) && 2683 chan->chan == wpa_s->mlme.channel) { 2684 if (!(chan->flag & HOSTAPD_CHAN_PASSIVE_SCAN)) 2685 return 1; 2686 break; 2687 } 2688 } 2689 } 2690 2691 return 0; 2692} 2693 2694 2695static void ieee80211_sta_scan_timer(void *eloop_ctx, void *timeout_ctx) 2696{ 2697 struct wpa_supplicant *wpa_s = eloop_ctx; 2698 struct hostapd_hw_modes *mode; 2699 struct hostapd_channel_data *chan; 2700 int skip = 0; 2701 int timeout = 0; 2702 struct wpa_ssid *ssid = wpa_s->current_ssid; 2703 int adhoc; 2704 2705 if (!wpa_s->mlme.sta_scanning || wpa_s->mlme.modes == NULL) 2706 return; 2707 2708 adhoc = ssid && ssid->mode == 1; 2709 2710 switch (wpa_s->mlme.scan_state) { 2711 case SCAN_SET_CHANNEL: 2712 mode = &wpa_s->mlme.modes[wpa_s->mlme.scan_hw_mode_idx]; 2713 if (wpa_s->mlme.scan_hw_mode_idx >= 2714 (int) wpa_s->mlme.num_modes || 2715 (wpa_s->mlme.scan_hw_mode_idx + 1 == 2716 (int) wpa_s->mlme.num_modes 2717 && wpa_s->mlme.scan_channel_idx >= mode->num_channels)) { 2718 if (ieee80211_sta_restore_oper_chan(wpa_s)) { 2719 wpa_printf(MSG_DEBUG, "MLME: failed to " 2720 "restore operational channel after " 2721 "scan"); 2722 } 2723 wpa_printf(MSG_DEBUG, "MLME: scan completed"); 2724 wpa_s->mlme.sta_scanning = 0; 2725 os_get_time(&wpa_s->mlme.last_scan_completed); 2726 wpa_supplicant_event(wpa_s, EVENT_SCAN_RESULTS, NULL); 2727 if (adhoc) { 2728 if (!wpa_s->mlme.bssid_set || 2729 (wpa_s->mlme.state == 2730 IEEE80211_IBSS_JOINED && 2731 !ieee80211_sta_active_ibss(wpa_s))) 2732 ieee80211_sta_find_ibss(wpa_s); 2733 } 2734 return; 2735 } 2736 skip = !(wpa_s->mlme.hw_modes & (1 << mode->mode)); 2737 chan = &mode->channels[wpa_s->mlme.scan_channel_idx]; 2738 if ((chan->flag & HOSTAPD_CHAN_DISABLED) || 2739 (adhoc && (chan->flag & HOSTAPD_CHAN_NO_IBSS)) || 2740 (wpa_s->mlme.hw_modes & (1 << HOSTAPD_MODE_IEEE80211G) && 2741 mode->mode == HOSTAPD_MODE_IEEE80211B && 2742 wpa_s->mlme.scan_skip_11b)) 2743 skip = 1; 2744 if (!skip && wpa_s->mlme.scan_freqs) { 2745 int i, found = 0; 2746 for (i = 0; wpa_s->mlme.scan_freqs[i]; i++) { 2747 if (wpa_s->mlme.scan_freqs[i] == chan->freq) { 2748 found = 1; 2749 break; 2750 } 2751 } 2752 if (!found) 2753 skip = 1; 2754 } 2755 2756 if (!skip) { 2757 wpa_printf(MSG_MSGDUMP, 2758 "MLME: scan channel %d (%d MHz)", 2759 chan->chan, chan->freq); 2760 2761 wpa_s->mlme.channel = chan->chan; 2762 wpa_s->mlme.freq = chan->freq; 2763 wpa_s->mlme.phymode = mode->mode; 2764 if (ieee80211_sta_set_channel(wpa_s, mode->mode, 2765 chan->chan, chan->freq)) 2766 { 2767 wpa_printf(MSG_DEBUG, "MLME: failed to set " 2768 "channel %d (%d MHz) for scan", 2769 chan->chan, chan->freq); 2770 skip = 1; 2771 } 2772 } 2773 2774 wpa_s->mlme.scan_channel_idx++; 2775 if (wpa_s->mlme.scan_channel_idx >= 2776 wpa_s->mlme.modes[wpa_s->mlme.scan_hw_mode_idx]. 2777 num_channels) { 2778 wpa_s->mlme.scan_hw_mode_idx++; 2779 wpa_s->mlme.scan_channel_idx = 0; 2780 } 2781 2782 if (skip) { 2783 timeout = 0; 2784 break; 2785 } 2786 2787 timeout = IEEE80211_PROBE_DELAY; 2788 wpa_s->mlme.scan_state = SCAN_SEND_PROBE; 2789 break; 2790 case SCAN_SEND_PROBE: 2791 if (ieee80211_active_scan(wpa_s)) { 2792 ieee80211_send_probe_req(wpa_s, NULL, 2793 wpa_s->mlme.scan_ssid, 2794 wpa_s->mlme.scan_ssid_len); 2795 timeout = IEEE80211_CHANNEL_TIME; 2796 } else { 2797 timeout = IEEE80211_PASSIVE_CHANNEL_TIME; 2798 } 2799 wpa_s->mlme.scan_state = SCAN_SET_CHANNEL; 2800 break; 2801 } 2802 2803 eloop_register_timeout(timeout / 1000, 1000 * (timeout % 1000), 2804 ieee80211_sta_scan_timer, wpa_s, NULL); 2805} 2806 2807 2808int ieee80211_sta_req_scan(struct wpa_supplicant *wpa_s, 2809 struct wpa_driver_scan_params *params) 2810{ 2811 const u8 *ssid = params->ssids[0].ssid; 2812 size_t ssid_len = params->ssids[0].ssid_len; 2813 2814 if (ssid_len > MAX_SSID_LEN) 2815 return -1; 2816 2817 /* MLME-SCAN.request (page 118) page 144 (11.1.3.1) 2818 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS 2819 * BSSID: MACAddress 2820 * SSID 2821 * ScanType: ACTIVE, PASSIVE 2822 * ProbeDelay: delay (in microseconds) to be used prior to transmitting 2823 * a Probe frame during active scanning 2824 * ChannelList 2825 * MinChannelTime (>= ProbeDelay), in TU 2826 * MaxChannelTime: (>= MinChannelTime), in TU 2827 */ 2828 2829 /* MLME-SCAN.confirm 2830 * BSSDescriptionSet 2831 * ResultCode: SUCCESS, INVALID_PARAMETERS 2832 */ 2833 2834 /* TODO: if assoc, move to power save mode for the duration of the 2835 * scan */ 2836 2837 if (wpa_s->mlme.sta_scanning) 2838 return -1; 2839 2840 wpa_printf(MSG_DEBUG, "MLME: starting scan"); 2841 2842 ieee80211_sta_set_probe_req_ie(wpa_s, params->extra_ies, 2843 params->extra_ies_len); 2844 2845 os_free(wpa_s->mlme.scan_freqs); 2846 if (params->freqs) { 2847 int i; 2848 for (i = 0; params->freqs[i]; i++) 2849 ; 2850 wpa_s->mlme.scan_freqs = os_malloc((i + 1) * sizeof(int)); 2851 if (wpa_s->mlme.scan_freqs) 2852 os_memcpy(wpa_s->mlme.scan_freqs, params->freqs, 2853 (i + 1) * sizeof(int)); 2854 } else 2855 wpa_s->mlme.scan_freqs = NULL; 2856 2857 ieee80211_sta_save_oper_chan(wpa_s); 2858 2859 wpa_s->mlme.sta_scanning = 1; 2860 /* TODO: stop TX queue? */ 2861 2862 if (ssid) { 2863 wpa_s->mlme.scan_ssid_len = ssid_len; 2864 os_memcpy(wpa_s->mlme.scan_ssid, ssid, ssid_len); 2865 } else 2866 wpa_s->mlme.scan_ssid_len = 0; 2867 wpa_s->mlme.scan_skip_11b = 1; /* FIX: clear this is 11g is not 2868 * supported */ 2869 wpa_s->mlme.scan_state = SCAN_SET_CHANNEL; 2870 wpa_s->mlme.scan_hw_mode_idx = 0; 2871 wpa_s->mlme.scan_channel_idx = 0; 2872 eloop_register_timeout(0, 1, ieee80211_sta_scan_timer, wpa_s, NULL); 2873 2874 return 0; 2875} 2876 2877 2878struct wpa_scan_results * 2879ieee80211_sta_get_scan_results(struct wpa_supplicant *wpa_s) 2880{ 2881 size_t ap_num = 0; 2882 struct wpa_scan_results *res; 2883 struct wpa_scan_res *r; 2884 struct ieee80211_sta_bss *bss; 2885 2886 res = os_zalloc(sizeof(*res)); 2887 for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next) 2888 ap_num++; 2889 res->res = os_zalloc(ap_num * sizeof(struct wpa_scan_res *)); 2890 if (res->res == NULL) { 2891 os_free(res); 2892 return NULL; 2893 } 2894 2895 for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next) { 2896 r = os_zalloc(sizeof(*r) + bss->ie_len); 2897 if (r == NULL) 2898 break; 2899 os_memcpy(r->bssid, bss->bssid, ETH_ALEN); 2900 r->freq = bss->freq; 2901 r->beacon_int = bss->beacon_int; 2902 r->caps = bss->capability; 2903 r->level = bss->rssi; 2904 r->tsf = bss->timestamp; 2905 if (bss->ie) { 2906 r->ie_len = bss->ie_len; 2907 os_memcpy(r + 1, bss->ie, bss->ie_len); 2908 } 2909 2910 res->res[res->num++] = r; 2911 } 2912 2913 return res; 2914} 2915 2916 2917#if 0 /* FIX */ 2918struct sta_info * ieee80211_ibss_add_sta(struct wpa_supplicant *wpa_s, 2919 struct sk_buff *skb, u8 *bssid, 2920 u8 *addr) 2921{ 2922 struct ieee80211_local *local = dev->priv; 2923 struct list_head *ptr; 2924 struct sta_info *sta; 2925 struct wpa_supplicant *sta_dev = NULL; 2926 2927 /* TODO: Could consider removing the least recently used entry and 2928 * allow new one to be added. */ 2929 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) { 2930 if (net_ratelimit()) { 2931 wpa_printf(MSG_DEBUG, "MLME: No room for a new IBSS " 2932 "STA entry " MACSTR, MAC2STR(addr)); 2933 } 2934 return NULL; 2935 } 2936 2937 spin_lock_bh(&local->sub_if_lock); 2938 list_for_each(ptr, &local->sub_if_list) { 2939 sdata = list_entry(ptr, struct ieee80211_sub_if_data, list); 2940 if (sdata->type == IEEE80211_SUB_IF_TYPE_STA && 2941 os_memcmp(bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) { 2942 sta_dev = sdata->dev; 2943 break; 2944 } 2945 } 2946 spin_unlock_bh(&local->sub_if_lock); 2947 2948 if (sta_dev == NULL) 2949 return NULL; 2950 2951 wpa_printf(MSG_DEBUG, "MLME: Adding new IBSS station " MACSTR 2952 " (dev=%s)", MAC2STR(addr), sta_dev->name); 2953 2954 sta = sta_info_add(wpa_s, addr); 2955 if (sta == NULL) { 2956 return NULL; 2957 } 2958 2959 sta->dev = sta_dev; 2960 sta->supp_rates = wpa_s->mlme.supp_rates_bits; 2961 2962 rate_control_rate_init(local, sta); 2963 2964 return sta; /* caller will call sta_info_release() */ 2965} 2966#endif 2967 2968 2969int ieee80211_sta_deauthenticate(struct wpa_supplicant *wpa_s, u16 reason) 2970{ 2971 wpa_printf(MSG_DEBUG, "MLME: deauthenticate(reason=%d)", reason); 2972 2973 ieee80211_send_deauth(wpa_s, reason); 2974 ieee80211_set_associated(wpa_s, 0); 2975 return 0; 2976} 2977 2978 2979int ieee80211_sta_disassociate(struct wpa_supplicant *wpa_s, u16 reason) 2980{ 2981 wpa_printf(MSG_DEBUG, "MLME: disassociate(reason=%d)", reason); 2982 2983 if (!wpa_s->mlme.associated) 2984 return -1; 2985 2986 ieee80211_send_disassoc(wpa_s, reason); 2987 ieee80211_set_associated(wpa_s, 0); 2988 return 0; 2989} 2990 2991 2992void ieee80211_sta_rx(struct wpa_supplicant *wpa_s, const u8 *buf, size_t len, 2993 struct ieee80211_rx_status *rx_status) 2994{ 2995 struct ieee80211_mgmt *mgmt; 2996 u16 fc; 2997 const u8 *pos; 2998 2999 /* wpa_hexdump(MSG_MSGDUMP, "MLME: Received frame", buf, len); */ 3000 3001 if (wpa_s->mlme.sta_scanning) { 3002 ieee80211_sta_rx_scan(wpa_s, buf, len, rx_status); 3003 return; 3004 } 3005 3006 if (len < 24) 3007 return; 3008 3009 mgmt = (struct ieee80211_mgmt *) buf; 3010 fc = le_to_host16(mgmt->frame_control); 3011 3012 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT) 3013 ieee80211_sta_rx_mgmt(wpa_s, buf, len, rx_status); 3014 else if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA) { 3015 if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) != 3016 WLAN_FC_FROMDS) 3017 return; 3018 /* mgmt->sa is actually BSSID for FromDS data frames */ 3019 if (os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) != 0) 3020 return; 3021 /* Skip IEEE 802.11 and LLC headers */ 3022 pos = buf + 24 + 6; 3023 if (WPA_GET_BE16(pos) != ETH_P_EAPOL) 3024 return; 3025 pos += 2; 3026 /* mgmt->bssid is actually BSSID for SA data frames */ 3027 wpa_supplicant_rx_eapol(wpa_s, mgmt->bssid, 3028 pos, buf + len - pos); 3029 } 3030} 3031 3032 3033void ieee80211_sta_free_hw_features(struct hostapd_hw_modes *hw_features, 3034 size_t num_hw_features) 3035{ 3036 size_t i; 3037 3038 if (hw_features == NULL) 3039 return; 3040 3041 for (i = 0; i < num_hw_features; i++) { 3042 os_free(hw_features[i].channels); 3043 os_free(hw_features[i].rates); 3044 } 3045 3046 os_free(hw_features); 3047} 3048 3049 3050int ieee80211_sta_init(struct wpa_supplicant *wpa_s) 3051{ 3052 u16 num_modes, flags; 3053 3054 wpa_s->mlme.modes = wpa_drv_get_hw_feature_data(wpa_s, &num_modes, 3055 &flags); 3056 if (wpa_s->mlme.modes == NULL) { 3057 wpa_printf(MSG_ERROR, "MLME: Failed to read supported " 3058 "channels and rates from the driver"); 3059 return -1; 3060 } 3061 3062 wpa_s->mlme.num_modes = num_modes; 3063 3064 wpa_s->mlme.hw_modes = 1 << HOSTAPD_MODE_IEEE80211A; 3065 wpa_s->mlme.hw_modes |= 1 << HOSTAPD_MODE_IEEE80211B; 3066 wpa_s->mlme.hw_modes |= 1 << HOSTAPD_MODE_IEEE80211G; 3067 3068 wpa_s->mlme.wmm_enabled = 1; 3069 3070 return 0; 3071} 3072 3073 3074void ieee80211_sta_deinit(struct wpa_supplicant *wpa_s) 3075{ 3076 eloop_cancel_timeout(ieee80211_sta_timer, wpa_s, NULL); 3077 eloop_cancel_timeout(ieee80211_sta_scan_timer, wpa_s, NULL); 3078 os_free(wpa_s->mlme.extra_ie); 3079 wpa_s->mlme.extra_ie = NULL; 3080 os_free(wpa_s->mlme.extra_probe_ie); 3081 wpa_s->mlme.extra_probe_ie = NULL; 3082 os_free(wpa_s->mlme.assocreq_ies); 3083 wpa_s->mlme.assocreq_ies = NULL; 3084 os_free(wpa_s->mlme.assocresp_ies); 3085 wpa_s->mlme.assocresp_ies = NULL; 3086 ieee80211_bss_list_deinit(wpa_s); 3087 ieee80211_sta_free_hw_features(wpa_s->mlme.modes, 3088 wpa_s->mlme.num_modes); 3089#ifdef CONFIG_IEEE80211R 3090 os_free(wpa_s->mlme.ft_ies); 3091 wpa_s->mlme.ft_ies = NULL; 3092 wpa_s->mlme.ft_ies_len = 0; 3093#endif /* CONFIG_IEEE80211R */ 3094 3095 os_free(wpa_s->mlme.scan_freqs); 3096 wpa_s->mlme.scan_freqs = NULL; 3097} 3098 3099 3100#ifdef CONFIG_IEEE80211R 3101 3102int ieee80211_sta_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md, 3103 const u8 *ies, size_t ies_len) 3104{ 3105 if (md == NULL) { 3106 wpa_printf(MSG_DEBUG, "MLME: Clear FT mobility domain"); 3107 os_memset(wpa_s->mlme.current_md, 0, MOBILITY_DOMAIN_ID_LEN); 3108 } else { 3109 wpa_printf(MSG_DEBUG, "MLME: Update FT IEs for MD " MACSTR, 3110 MAC2STR(md)); 3111 os_memcpy(wpa_s->mlme.current_md, md, MOBILITY_DOMAIN_ID_LEN); 3112 } 3113 3114 wpa_hexdump(MSG_DEBUG, "MLME: FT IEs", ies, ies_len); 3115 os_free(wpa_s->mlme.ft_ies); 3116 wpa_s->mlme.ft_ies = os_malloc(ies_len); 3117 if (wpa_s->mlme.ft_ies == NULL) 3118 return -1; 3119 os_memcpy(wpa_s->mlme.ft_ies, ies, ies_len); 3120 wpa_s->mlme.ft_ies_len = ies_len; 3121 3122 return 0; 3123} 3124 3125 3126int ieee80211_sta_send_ft_action(struct wpa_supplicant *wpa_s, u8 action, 3127 const u8 *target_ap, 3128 const u8 *ies, size_t ies_len) 3129{ 3130 u8 *buf; 3131 size_t len; 3132 struct ieee80211_mgmt *mgmt; 3133 int res; 3134 3135 /* 3136 * Action frame payload: 3137 * Category[1] = 6 (Fast BSS Transition) 3138 * Action[1] = 1 (Fast BSS Transition Request) 3139 * STA Address 3140 * Target AP Address 3141 * FT IEs 3142 */ 3143 3144 buf = os_zalloc(sizeof(*mgmt) + ies_len); 3145 if (buf == NULL) { 3146 wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for " 3147 "FT action frame"); 3148 return -1; 3149 } 3150 3151 mgmt = (struct ieee80211_mgmt *) buf; 3152 len = 24; 3153 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN); 3154 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN); 3155 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN); 3156 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 3157 WLAN_FC_STYPE_ACTION); 3158 mgmt->u.action.category = WLAN_ACTION_FT; 3159 mgmt->u.action.u.ft_action_req.action = action; 3160 os_memcpy(mgmt->u.action.u.ft_action_req.sta_addr, wpa_s->own_addr, 3161 ETH_ALEN); 3162 os_memcpy(mgmt->u.action.u.ft_action_req.target_ap_addr, target_ap, 3163 ETH_ALEN); 3164 os_memcpy(mgmt->u.action.u.ft_action_req.variable, ies, ies_len); 3165 len += 1 + sizeof(mgmt->u.action.u.ft_action_req) + ies_len; 3166 3167 wpa_printf(MSG_DEBUG, "MLME: Send FT Action Frame: Action=%d " 3168 "Target AP=" MACSTR " body_len=%lu", 3169 action, MAC2STR(target_ap), (unsigned long) ies_len); 3170 3171 res = ieee80211_sta_tx(wpa_s, buf, len); 3172 os_free(buf); 3173 3174 return res; 3175} 3176 3177#endif /* CONFIG_IEEE80211R */ 3178 3179 3180static int ieee80211_sta_set_probe_req_ie(struct wpa_supplicant *wpa_s, 3181 const u8 *ies, size_t ies_len) 3182{ 3183 os_free(wpa_s->mlme.extra_probe_ie); 3184 wpa_s->mlme.extra_probe_ie = NULL; 3185 wpa_s->mlme.extra_probe_ie_len = 0; 3186 3187 if (ies == NULL) 3188 return 0; 3189 3190 wpa_s->mlme.extra_probe_ie = os_malloc(ies_len); 3191 if (wpa_s->mlme.extra_probe_ie == NULL) 3192 return -1; 3193 3194 os_memcpy(wpa_s->mlme.extra_probe_ie, ies, ies_len); 3195 wpa_s->mlme.extra_probe_ie_len = ies_len; 3196 3197 return 0; 3198} 3199