2011-10-17 16:30:43 +02:00
|
|
|
/*
|
|
|
|
* hostapd / IEEE 802.11 Management
|
2012-05-28 02:35:00 +02:00
|
|
|
* Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
|
2011-10-17 16:30:43 +02:00
|
|
|
*
|
2012-02-11 15:46:35 +01:00
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
* See README for more details.
|
2011-10-17 16:30:43 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "utils/includes.h"
|
|
|
|
|
|
|
|
#include "utils/common.h"
|
|
|
|
#include "common/ieee802_11_defs.h"
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
#include "common/ocv.h"
|
2020-05-25 17:41:04 +02:00
|
|
|
#include "common/wpa_ctrl.h"
|
2011-10-17 16:30:43 +02:00
|
|
|
#include "hostapd.h"
|
|
|
|
#include "sta_info.h"
|
|
|
|
#include "ap_config.h"
|
|
|
|
#include "ap_drv_ops.h"
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
#include "wpa_auth.h"
|
2022-07-23 15:54:47 +02:00
|
|
|
#include "dpp_hostapd.h"
|
2011-10-17 23:24:16 +02:00
|
|
|
#include "ieee802_11.h"
|
2011-10-17 16:30:43 +02:00
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_assoc_comeback_time(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
u32 timeout, tu;
|
2013-11-25 21:56:09 +01:00
|
|
|
struct os_reltime now, passed;
|
2011-10-17 16:30:43 +02:00
|
|
|
|
|
|
|
*pos++ = WLAN_EID_TIMEOUT_INTERVAL;
|
|
|
|
*pos++ = 5;
|
|
|
|
*pos++ = WLAN_TIMEOUT_ASSOC_COMEBACK;
|
2013-11-25 21:56:09 +01:00
|
|
|
os_get_reltime(&now);
|
|
|
|
os_reltime_sub(&now, &sta->sa_query_start, &passed);
|
2011-10-17 16:30:43 +02:00
|
|
|
tu = (passed.sec * 1000000 + passed.usec) / 1024;
|
|
|
|
if (hapd->conf->assoc_sa_query_max_timeout > tu)
|
|
|
|
timeout = hapd->conf->assoc_sa_query_max_timeout - tu;
|
|
|
|
else
|
|
|
|
timeout = 0;
|
|
|
|
if (timeout < hapd->conf->assoc_sa_query_max_timeout)
|
|
|
|
timeout++; /* add some extra time for local timers */
|
|
|
|
WPA_PUT_LE32(pos, timeout);
|
|
|
|
pos += 4;
|
|
|
|
|
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* MLME-SAQuery.request */
|
|
|
|
void ieee802_11_send_sa_query_req(struct hostapd_data *hapd,
|
|
|
|
const u8 *addr, const u8 *trans_id)
|
|
|
|
{
|
2023-11-21 00:51:41 +01:00
|
|
|
#if defined(CONFIG_OCV) || defined(CONFIG_IEEE80211BE)
|
|
|
|
struct sta_info *sta = ap_get_sta(hapd, addr);
|
|
|
|
#endif /* CONFIG_OCV || CONFIG_IEEE80211BE */
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
struct ieee80211_mgmt *mgmt;
|
|
|
|
u8 *oci_ie = NULL;
|
|
|
|
u8 oci_ie_len = 0;
|
2011-10-17 16:30:43 +02:00
|
|
|
u8 *end;
|
2023-11-21 00:51:41 +01:00
|
|
|
const u8 *own_addr = hapd->own_addr;
|
2011-10-17 16:30:43 +02:00
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Sending SA Query Request to "
|
|
|
|
MACSTR, MAC2STR(addr));
|
|
|
|
wpa_hexdump(MSG_DEBUG, "IEEE 802.11: SA Query Transaction ID",
|
|
|
|
trans_id, WLAN_SA_QUERY_TR_ID_LEN);
|
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if (sta && wpa_auth_uses_ocv(sta->wpa_sm)) {
|
|
|
|
struct wpa_channel_info ci;
|
|
|
|
|
|
|
|
if (hostapd_drv_channel_info(hapd, &ci) != 0) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Failed to get channel info for OCI element in SA Query Request");
|
|
|
|
return;
|
|
|
|
}
|
2020-05-29 23:04:53 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (hapd->conf->oci_freq_override_saquery_req) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TEST: Override OCI frequency %d -> %u MHz",
|
|
|
|
ci.frequency,
|
|
|
|
hapd->conf->oci_freq_override_saquery_req);
|
|
|
|
ci.frequency =
|
|
|
|
hapd->conf->oci_freq_override_saquery_req;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
|
|
|
|
oci_ie_len = OCV_OCI_EXTENDED_LEN;
|
|
|
|
oci_ie = os_zalloc(oci_ie_len);
|
|
|
|
if (!oci_ie) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Failed to allocate buffer for OCI element in SA Query Request");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ocv_insert_extended_oci(&ci, oci_ie) < 0) {
|
|
|
|
os_free(oci_ie);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OCV */
|
|
|
|
|
|
|
|
mgmt = os_zalloc(sizeof(*mgmt) + oci_ie_len);
|
|
|
|
if (!mgmt) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"Failed to allocate buffer for SA Query Response frame");
|
|
|
|
os_free(oci_ie);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-11-21 00:51:41 +01:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
if (hapd->conf->mld_ap && sta && sta->mld_info.mld_sta)
|
|
|
|
own_addr = hapd->mld_addr;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
|
|
|
|
WLAN_FC_STYPE_ACTION);
|
|
|
|
os_memcpy(mgmt->da, addr, ETH_ALEN);
|
2023-11-21 00:51:41 +01:00
|
|
|
os_memcpy(mgmt->sa, own_addr, ETH_ALEN);
|
|
|
|
os_memcpy(mgmt->bssid, own_addr, ETH_ALEN);
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
mgmt->u.action.category = WLAN_ACTION_SA_QUERY;
|
|
|
|
mgmt->u.action.u.sa_query_req.action = WLAN_SA_QUERY_REQUEST;
|
|
|
|
os_memcpy(mgmt->u.action.u.sa_query_req.trans_id, trans_id,
|
2011-10-17 16:30:43 +02:00
|
|
|
WLAN_SA_QUERY_TR_ID_LEN);
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
end = mgmt->u.action.u.sa_query_req.variable;
|
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if (oci_ie_len > 0) {
|
|
|
|
os_memcpy(end, oci_ie, oci_ie_len);
|
|
|
|
end += oci_ie_len;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OCV */
|
2020-01-03 12:34:37 +01:00
|
|
|
if (hostapd_drv_send_mlme(hapd, mgmt, end - (u8 *) mgmt, 0, NULL, 0, 0)
|
|
|
|
< 0)
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "ieee802_11_send_sa_query_req: send failed");
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
|
|
|
|
os_free(mgmt);
|
|
|
|
os_free(oci_ie);
|
2011-10-17 16:30:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-11-18 20:53:36 +01:00
|
|
|
static void ieee802_11_send_sa_query_resp(struct hostapd_data *hapd,
|
|
|
|
const u8 *sa, const u8 *trans_id)
|
2011-10-17 16:30:43 +02:00
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
struct ieee80211_mgmt *resp;
|
|
|
|
u8 *oci_ie = NULL;
|
|
|
|
u8 oci_ie_len = 0;
|
2011-10-17 16:30:43 +02:00
|
|
|
u8 *end;
|
2023-11-21 00:51:41 +01:00
|
|
|
const u8 *own_addr = hapd->own_addr;
|
2011-10-17 16:30:43 +02:00
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Received SA Query Request from "
|
|
|
|
MACSTR, MAC2STR(sa));
|
|
|
|
wpa_hexdump(MSG_DEBUG, "IEEE 802.11: SA Query Transaction ID",
|
|
|
|
trans_id, WLAN_SA_QUERY_TR_ID_LEN);
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, sa);
|
|
|
|
if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignore SA Query Request "
|
|
|
|
"from unassociated STA " MACSTR, MAC2STR(sa));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if (wpa_auth_uses_ocv(sta->wpa_sm)) {
|
|
|
|
struct wpa_channel_info ci;
|
|
|
|
|
|
|
|
if (hostapd_drv_channel_info(hapd, &ci) != 0) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Failed to get channel info for OCI element in SA Query Response");
|
|
|
|
return;
|
|
|
|
}
|
2020-05-29 23:04:53 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (hapd->conf->oci_freq_override_saquery_resp) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TEST: Override OCI frequency %d -> %u MHz",
|
|
|
|
ci.frequency,
|
|
|
|
hapd->conf->oci_freq_override_saquery_resp);
|
|
|
|
ci.frequency =
|
|
|
|
hapd->conf->oci_freq_override_saquery_resp;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
|
|
|
|
oci_ie_len = OCV_OCI_EXTENDED_LEN;
|
|
|
|
oci_ie = os_zalloc(oci_ie_len);
|
|
|
|
if (!oci_ie) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Failed to allocate buffer for for OCI element in SA Query Response");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ocv_insert_extended_oci(&ci, oci_ie) < 0) {
|
|
|
|
os_free(oci_ie);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OCV */
|
|
|
|
|
|
|
|
resp = os_zalloc(sizeof(*resp) + oci_ie_len);
|
|
|
|
if (!resp) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"Failed to allocate buffer for SA Query Response frame");
|
|
|
|
os_free(oci_ie);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-10-17 16:30:43 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Sending SA Query Response to "
|
|
|
|
MACSTR, MAC2STR(sa));
|
|
|
|
|
2023-11-21 00:51:41 +01:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
if (hapd->conf->mld_ap && sta->mld_info.mld_sta)
|
|
|
|
own_addr = hapd->mld_addr;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
resp->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
|
|
|
|
WLAN_FC_STYPE_ACTION);
|
|
|
|
os_memcpy(resp->da, sa, ETH_ALEN);
|
2023-11-21 00:51:41 +01:00
|
|
|
os_memcpy(resp->sa, own_addr, ETH_ALEN);
|
|
|
|
os_memcpy(resp->bssid, own_addr, ETH_ALEN);
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
resp->u.action.category = WLAN_ACTION_SA_QUERY;
|
|
|
|
resp->u.action.u.sa_query_req.action = WLAN_SA_QUERY_RESPONSE;
|
|
|
|
os_memcpy(resp->u.action.u.sa_query_req.trans_id, trans_id,
|
2011-10-17 16:30:43 +02:00
|
|
|
WLAN_SA_QUERY_TR_ID_LEN);
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
end = resp->u.action.u.sa_query_req.variable;
|
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if (oci_ie_len > 0) {
|
|
|
|
os_memcpy(end, oci_ie, oci_ie_len);
|
|
|
|
end += oci_ie_len;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OCV */
|
2020-01-03 12:34:37 +01:00
|
|
|
if (hostapd_drv_send_mlme(hapd, resp, end - (u8 *) resp, 0, NULL, 0, 0)
|
|
|
|
< 0)
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "ieee80211_mgmt_sa_query_request: send failed");
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
|
|
|
|
os_free(resp);
|
|
|
|
os_free(oci_ie);
|
2011-10-17 16:30:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
void ieee802_11_sa_query_action(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt,
|
|
|
|
size_t len)
|
2011-10-17 16:30:43 +02:00
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
int i;
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
const u8 *sa = mgmt->sa;
|
|
|
|
const u8 action_type = mgmt->u.action.u.sa_query_resp.action;
|
|
|
|
const u8 *trans_id = mgmt->u.action.u.sa_query_resp.trans_id;
|
|
|
|
|
2019-03-09 11:40:05 +01:00
|
|
|
if (((const u8 *) mgmt) + len <
|
|
|
|
mgmt->u.action.u.sa_query_resp.variable) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"IEEE 802.11: Too short SA Query Action frame (len=%lu)",
|
|
|
|
(unsigned long) len);
|
|
|
|
return;
|
|
|
|
}
|
2021-02-16 10:34:50 +01:00
|
|
|
if (is_multicast_ether_addr(mgmt->da)) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"IEEE 802.11: Ignore group-addressed SA Query frame (A1=" MACSTR " A2=" MACSTR ")",
|
|
|
|
MAC2STR(mgmt->da), MAC2STR(mgmt->sa));
|
|
|
|
return;
|
|
|
|
}
|
2019-03-09 11:40:05 +01:00
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
sta = ap_get_sta(hapd, sa);
|
|
|
|
|
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if (sta && wpa_auth_uses_ocv(sta->wpa_sm)) {
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
struct wpa_channel_info ci;
|
|
|
|
int tx_chanwidth;
|
|
|
|
int tx_seg1_idx;
|
|
|
|
size_t ies_len;
|
|
|
|
const u8 *ies;
|
|
|
|
|
|
|
|
ies = mgmt->u.action.u.sa_query_resp.variable;
|
|
|
|
ies_len = len - (ies - (u8 *) mgmt);
|
|
|
|
if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) ==
|
|
|
|
ParseFailed) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SA Query: Failed to parse elements");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (hostapd_drv_channel_info(hapd, &ci) != 0) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Failed to get channel info to validate received OCI in SA Query Action frame");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (get_sta_tx_parameters(sta->wpa_sm,
|
|
|
|
channel_width_to_int(ci.chanwidth),
|
|
|
|
ci.seg1_idx, &tx_chanwidth,
|
|
|
|
&tx_seg1_idx) < 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
|
2020-09-02 20:55:28 +02:00
|
|
|
tx_chanwidth, tx_seg1_idx) !=
|
|
|
|
OCI_SUCCESS) {
|
2020-05-25 17:41:04 +02:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_INFO, OCV_FAILURE "addr="
|
|
|
|
MACSTR " frame=saquery%s error=%s",
|
|
|
|
MAC2STR(sa),
|
|
|
|
action_type == WLAN_SA_QUERY_REQUEST ?
|
|
|
|
"req" : "resp", ocv_errorstr);
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OCV */
|
2011-10-17 16:30:43 +02:00
|
|
|
|
|
|
|
if (action_type == WLAN_SA_QUERY_REQUEST) {
|
2020-05-25 20:55:49 +02:00
|
|
|
if (sta)
|
|
|
|
sta->post_csa_sa_query = 0;
|
2011-10-17 16:30:43 +02:00
|
|
|
ieee802_11_send_sa_query_resp(hapd, sa, trans_id);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (action_type != WLAN_SA_QUERY_RESPONSE) {
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Unexpected SA Query "
|
|
|
|
"Action %d", action_type);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Received SA Query Response from "
|
|
|
|
MACSTR, MAC2STR(sa));
|
|
|
|
wpa_hexdump(MSG_DEBUG, "IEEE 802.11: SA Query Transaction ID",
|
|
|
|
trans_id, WLAN_SA_QUERY_TR_ID_LEN);
|
|
|
|
|
|
|
|
/* MLME-SAQuery.confirm */
|
|
|
|
|
|
|
|
if (sta == NULL || sta->sa_query_trans_id == NULL) {
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: No matching STA with "
|
|
|
|
"pending SA Query request found");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < sta->sa_query_count; i++) {
|
|
|
|
if (os_memcmp(sta->sa_query_trans_id +
|
|
|
|
i * WLAN_SA_QUERY_TR_ID_LEN,
|
|
|
|
trans_id, WLAN_SA_QUERY_TR_ID_LEN) == 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (i >= sta->sa_query_count) {
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: No matching SA Query "
|
|
|
|
"transaction identifier found");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Reply to pending SA Query received");
|
|
|
|
ap_sta_stop_sa_query(hapd, sta);
|
|
|
|
}
|
|
|
|
|
2011-10-17 20:03:52 +02:00
|
|
|
|
2022-12-01 04:18:39 +01:00
|
|
|
static void hostapd_ext_capab_byte(struct hostapd_data *hapd, u8 *pos, int idx,
|
|
|
|
bool mbssid_complete)
|
2013-03-31 20:51:44 +02:00
|
|
|
{
|
|
|
|
*pos = 0x00;
|
|
|
|
|
|
|
|
switch (idx) {
|
|
|
|
case 0: /* Bits 0-7 */
|
2014-03-12 23:28:39 +01:00
|
|
|
if (hapd->iconf->obss_interval)
|
|
|
|
*pos |= 0x01; /* Bit 0 - Coexistence management */
|
2015-09-08 11:46:15 +02:00
|
|
|
if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_CSA)
|
|
|
|
*pos |= 0x04; /* Bit 2 - Extended Channel Switching */
|
2013-03-31 20:51:44 +02:00
|
|
|
break;
|
|
|
|
case 1: /* Bits 8-15 */
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
if (hapd->conf->proxy_arp)
|
|
|
|
*pos |= 0x10; /* Bit 12 - Proxy ARP */
|
2018-10-30 13:00:00 +01:00
|
|
|
if (hapd->conf->coloc_intf_reporting) {
|
|
|
|
/* Bit 13 - Collocated Interference Reporting */
|
|
|
|
*pos |= 0x20;
|
|
|
|
}
|
2013-03-31 20:51:44 +02:00
|
|
|
break;
|
|
|
|
case 2: /* Bits 16-23 */
|
|
|
|
if (hapd->conf->wnm_sleep_mode)
|
|
|
|
*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
|
|
|
|
if (hapd->conf->bss_transition)
|
|
|
|
*pos |= 0x08; /* Bit 19 - BSS Transition */
|
2022-12-01 04:18:39 +01:00
|
|
|
if (hapd->iconf->mbssid)
|
|
|
|
*pos |= 0x40; /* Bit 22 - Multiple BSSID */
|
2013-03-31 20:51:44 +02:00
|
|
|
break;
|
|
|
|
case 3: /* Bits 24-31 */
|
2017-06-12 08:29:27 +02:00
|
|
|
#ifdef CONFIG_WNM_AP
|
2013-03-31 20:51:44 +02:00
|
|
|
*pos |= 0x02; /* Bit 25 - SSID List */
|
2017-06-12 08:29:27 +02:00
|
|
|
#endif /* CONFIG_WNM_AP */
|
2013-03-31 20:51:44 +02:00
|
|
|
if (hapd->conf->time_advertisement == 2)
|
|
|
|
*pos |= 0x08; /* Bit 27 - UTC TSF Offset */
|
|
|
|
if (hapd->conf->interworking)
|
|
|
|
*pos |= 0x80; /* Bit 31 - Interworking */
|
|
|
|
break;
|
|
|
|
case 4: /* Bits 32-39 */
|
2013-07-24 11:28:20 +02:00
|
|
|
if (hapd->conf->qos_map_set_len)
|
|
|
|
*pos |= 0x01; /* Bit 32 - QoS Map */
|
2013-03-31 20:51:44 +02:00
|
|
|
if (hapd->conf->tdls & TDLS_PROHIBIT)
|
|
|
|
*pos |= 0x40; /* Bit 38 - TDLS Prohibited */
|
|
|
|
if (hapd->conf->tdls & TDLS_PROHIBIT_CHAN_SWITCH) {
|
|
|
|
/* Bit 39 - TDLS Channel Switching Prohibited */
|
|
|
|
*pos |= 0x80;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case 5: /* Bits 40-47 */
|
2013-03-17 15:03:42 +01:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
if (hapd->conf->hs20)
|
|
|
|
*pos |= 0x40; /* Bit 46 - WNM-Notification */
|
|
|
|
#endif /* CONFIG_HS20 */
|
2016-02-22 11:41:00 +01:00
|
|
|
#ifdef CONFIG_MBO
|
|
|
|
if (hapd->conf->mbo_enabled)
|
|
|
|
*pos |= 0x40; /* Bit 46 - WNM-Notification */
|
|
|
|
#endif /* CONFIG_MBO */
|
2013-03-31 20:51:44 +02:00
|
|
|
break;
|
|
|
|
case 6: /* Bits 48-55 */
|
|
|
|
if (hapd->conf->ssid.utf8_ssid)
|
|
|
|
*pos |= 0x01; /* Bit 48 - UTF-8 SSID */
|
|
|
|
break;
|
2015-09-01 18:44:23 +02:00
|
|
|
case 7: /* Bits 56-63 */
|
|
|
|
break;
|
2016-08-03 16:41:53 +02:00
|
|
|
case 8: /* Bits 64-71 */
|
|
|
|
if (hapd->conf->ftm_responder)
|
|
|
|
*pos |= 0x40; /* Bit 70 - FTM responder */
|
|
|
|
if (hapd->conf->ftm_initiator)
|
|
|
|
*pos |= 0x80; /* Bit 71 - FTM initiator */
|
2018-01-21 23:07:44 +01:00
|
|
|
break;
|
2015-09-01 18:44:23 +02:00
|
|
|
case 9: /* Bits 72-79 */
|
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
if ((hapd->conf->wpa & WPA_PROTO_RSN) &&
|
|
|
|
wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt))
|
|
|
|
*pos |= 0x01;
|
|
|
|
#endif /* CONFIG_FILS */
|
2020-02-04 09:05:41 +01:00
|
|
|
#ifdef CONFIG_IEEE80211AX
|
2022-07-06 15:57:59 +02:00
|
|
|
if (hostapd_get_he_twt_responder(hapd, IEEE80211_MODE_AP))
|
2020-02-04 09:05:41 +01:00
|
|
|
*pos |= 0x40; /* Bit 78 - TWT responder */
|
|
|
|
#endif /* CONFIG_IEEE80211AX */
|
2016-08-03 16:41:53 +02:00
|
|
|
break;
|
2019-01-23 23:00:28 +01:00
|
|
|
case 10: /* Bits 80-87 */
|
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
if (hapd->conf->wpa &&
|
|
|
|
wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt)) {
|
|
|
|
int in_use = hostapd_sae_pw_id_in_use(hapd->conf);
|
|
|
|
|
|
|
|
if (in_use)
|
|
|
|
*pos |= 0x02; /* Bit 81 - SAE Password
|
|
|
|
* Identifiers In Use */
|
|
|
|
if (in_use == 2)
|
|
|
|
*pos |= 0x04; /* Bit 82 - SAE Password
|
|
|
|
* Identifiers Used Exclusively */
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
2020-12-03 08:47:33 +01:00
|
|
|
if (hapd->conf->beacon_prot &&
|
|
|
|
(hapd->iface->drv_flags &
|
|
|
|
WPA_DRIVER_FLAGS_BEACON_PROTECTION))
|
2020-02-17 21:55:12 +01:00
|
|
|
*pos |= 0x10; /* Bit 84 - Beacon Protection Enabled */
|
2022-12-01 04:18:39 +01:00
|
|
|
if (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED)
|
|
|
|
*pos |= 0x08; /* Bit 83 - Enhanced multiple BSSID */
|
|
|
|
if (mbssid_complete)
|
|
|
|
*pos |= 0x01; /* Bit 80 - Complete List of NonTxBSSID
|
|
|
|
* Profiles */
|
2019-01-23 23:00:28 +01:00
|
|
|
break;
|
2020-05-30 22:30:42 +02:00
|
|
|
case 11: /* Bits 88-95 */
|
|
|
|
#ifdef CONFIG_SAE_PK
|
|
|
|
if (hapd->conf->wpa &&
|
|
|
|
wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
|
|
|
|
hostapd_sae_pk_exclusively(hapd->conf))
|
|
|
|
*pos |= 0x01; /* Bit 88 - SAE PK Exclusively */
|
|
|
|
#endif /* CONFIG_SAE_PK */
|
|
|
|
break;
|
2013-03-31 20:51:44 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-12-01 04:18:39 +01:00
|
|
|
u8 * hostapd_eid_ext_capab(struct hostapd_data *hapd, u8 *eid,
|
|
|
|
bool mbssid_complete)
|
2011-10-17 20:03:52 +02:00
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
2021-03-22 10:29:31 +01:00
|
|
|
u8 len = EXT_CAPA_MAX_LEN, i;
|
2021-03-22 10:12:39 +01:00
|
|
|
|
2013-03-31 20:51:44 +02:00
|
|
|
if (len < hapd->iface->extended_capa_len)
|
|
|
|
len = hapd->iface->extended_capa_len;
|
2011-10-17 20:03:52 +02:00
|
|
|
|
|
|
|
*pos++ = WLAN_EID_EXT_CAPAB;
|
|
|
|
*pos++ = len;
|
2013-03-31 20:51:44 +02:00
|
|
|
for (i = 0; i < len; i++, pos++) {
|
2022-12-01 04:18:39 +01:00
|
|
|
hostapd_ext_capab_byte(hapd, pos, i, mbssid_complete);
|
2011-10-17 20:03:52 +02:00
|
|
|
|
2013-03-31 20:51:44 +02:00
|
|
|
if (i < hapd->iface->extended_capa_len) {
|
|
|
|
*pos &= ~hapd->iface->extended_capa_mask[i];
|
|
|
|
*pos |= hapd->iface->extended_capa[i];
|
|
|
|
}
|
2021-03-22 10:29:31 +01:00
|
|
|
|
|
|
|
if (i < EXT_CAPA_MAX_LEN) {
|
|
|
|
*pos &= ~hapd->conf->ext_capa_mask[i];
|
|
|
|
*pos |= hapd->conf->ext_capa[i];
|
|
|
|
}
|
2022-12-01 04:18:39 +01:00
|
|
|
|
|
|
|
/* Clear bits 83 and 22 if EMA and MBSSID are not enabled
|
|
|
|
* otherwise association fails with some clients */
|
|
|
|
if (i == 10 && hapd->iconf->mbssid < ENHANCED_MBSSID_ENABLED)
|
|
|
|
*pos &= ~0x08;
|
|
|
|
if (i == 2 && !hapd->iconf->mbssid)
|
|
|
|
*pos &= ~0x40;
|
2013-03-31 20:51:44 +02:00
|
|
|
}
|
2012-12-16 19:46:51 +01:00
|
|
|
|
2013-03-31 20:58:17 +02:00
|
|
|
while (len > 0 && eid[1 + len] == 0) {
|
|
|
|
len--;
|
|
|
|
eid[1] = len;
|
|
|
|
}
|
|
|
|
if (len == 0)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
return eid + 2 + len;
|
2011-10-17 20:03:52 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-07-24 11:28:20 +02:00
|
|
|
u8 * hostapd_eid_qos_map_set(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
u8 len = hapd->conf->qos_map_set_len;
|
|
|
|
|
|
|
|
if (!len)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_QOS_MAP_SET;
|
|
|
|
*pos++ = len;
|
|
|
|
os_memcpy(pos, hapd->conf->qos_map_set, len);
|
|
|
|
pos += len;
|
|
|
|
|
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-10-17 20:03:52 +02:00
|
|
|
u8 * hostapd_eid_interworking(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
#ifdef CONFIG_INTERWORKING
|
|
|
|
u8 *len;
|
|
|
|
|
|
|
|
if (!hapd->conf->interworking)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_INTERWORKING;
|
|
|
|
len = pos++;
|
|
|
|
|
|
|
|
*pos = hapd->conf->access_network_type;
|
|
|
|
if (hapd->conf->internet)
|
|
|
|
*pos |= INTERWORKING_ANO_INTERNET;
|
|
|
|
if (hapd->conf->asra)
|
|
|
|
*pos |= INTERWORKING_ANO_ASRA;
|
|
|
|
if (hapd->conf->esr)
|
|
|
|
*pos |= INTERWORKING_ANO_ESR;
|
|
|
|
if (hapd->conf->uesa)
|
|
|
|
*pos |= INTERWORKING_ANO_UESA;
|
|
|
|
pos++;
|
|
|
|
|
|
|
|
if (hapd->conf->venue_info_set) {
|
|
|
|
*pos++ = hapd->conf->venue_group;
|
|
|
|
*pos++ = hapd->conf->venue_type;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!is_zero_ether_addr(hapd->conf->hessid)) {
|
|
|
|
os_memcpy(pos, hapd->conf->hessid, ETH_ALEN);
|
|
|
|
pos += ETH_ALEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
*len = pos - len - 1;
|
|
|
|
#endif /* CONFIG_INTERWORKING */
|
|
|
|
|
|
|
|
return pos;
|
|
|
|
}
|
2011-10-17 22:19:52 +02:00
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_adv_proto(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
#ifdef CONFIG_INTERWORKING
|
|
|
|
|
|
|
|
/* TODO: Separate configuration for ANQP? */
|
|
|
|
if (!hapd->conf->interworking)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_ADV_PROTO;
|
|
|
|
*pos++ = 2;
|
2011-10-25 10:31:21 +02:00
|
|
|
*pos++ = 0x7F; /* Query Response Length Limit | PAME-BI */
|
2011-10-17 22:19:52 +02:00
|
|
|
*pos++ = ACCESS_NETWORK_QUERY_PROTOCOL;
|
|
|
|
#endif /* CONFIG_INTERWORKING */
|
|
|
|
|
|
|
|
return pos;
|
|
|
|
}
|
2011-10-17 22:55:50 +02:00
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_roaming_consortium(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
#ifdef CONFIG_INTERWORKING
|
|
|
|
u8 *len;
|
|
|
|
unsigned int i, count;
|
|
|
|
|
|
|
|
if (!hapd->conf->interworking ||
|
|
|
|
hapd->conf->roaming_consortium == NULL ||
|
|
|
|
hapd->conf->roaming_consortium_count == 0)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_ROAMING_CONSORTIUM;
|
|
|
|
len = pos++;
|
|
|
|
|
|
|
|
/* Number of ANQP OIs (in addition to the max 3 listed here) */
|
|
|
|
if (hapd->conf->roaming_consortium_count > 3 + 255)
|
|
|
|
*pos++ = 255;
|
|
|
|
else if (hapd->conf->roaming_consortium_count > 3)
|
|
|
|
*pos++ = hapd->conf->roaming_consortium_count - 3;
|
|
|
|
else
|
|
|
|
*pos++ = 0;
|
|
|
|
|
|
|
|
/* OU #1 and #2 Lengths */
|
|
|
|
*pos = hapd->conf->roaming_consortium[0].len;
|
|
|
|
if (hapd->conf->roaming_consortium_count > 1)
|
|
|
|
*pos |= hapd->conf->roaming_consortium[1].len << 4;
|
|
|
|
pos++;
|
|
|
|
|
|
|
|
if (hapd->conf->roaming_consortium_count > 3)
|
|
|
|
count = 3;
|
|
|
|
else
|
|
|
|
count = hapd->conf->roaming_consortium_count;
|
|
|
|
|
|
|
|
for (i = 0; i < count; i++) {
|
|
|
|
os_memcpy(pos, hapd->conf->roaming_consortium[i].oi,
|
|
|
|
hapd->conf->roaming_consortium[i].len);
|
|
|
|
pos += hapd->conf->roaming_consortium[i].len;
|
|
|
|
}
|
|
|
|
|
|
|
|
*len = pos - len - 1;
|
|
|
|
#endif /* CONFIG_INTERWORKING */
|
|
|
|
|
|
|
|
return pos;
|
|
|
|
}
|
2011-10-17 23:24:16 +02:00
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_time_adv(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
if (hapd->conf->time_advertisement != 2)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
if (hapd->time_adv == NULL &&
|
|
|
|
hostapd_update_time_adv(hapd) < 0)
|
|
|
|
return eid;
|
|
|
|
|
2011-11-13 21:45:16 +01:00
|
|
|
if (hapd->time_adv == NULL)
|
|
|
|
return eid;
|
|
|
|
|
2011-10-17 23:24:16 +02:00
|
|
|
os_memcpy(eid, wpabuf_head(hapd->time_adv),
|
|
|
|
wpabuf_len(hapd->time_adv));
|
|
|
|
eid += wpabuf_len(hapd->time_adv);
|
|
|
|
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_time_zone(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
size_t len;
|
|
|
|
|
2018-05-28 22:26:46 +02:00
|
|
|
if (hapd->conf->time_advertisement != 2 || !hapd->conf->time_zone)
|
2011-10-17 23:24:16 +02:00
|
|
|
return eid;
|
|
|
|
|
|
|
|
len = os_strlen(hapd->conf->time_zone);
|
|
|
|
|
|
|
|
*eid++ = WLAN_EID_TIME_ZONE;
|
|
|
|
*eid++ = len;
|
|
|
|
os_memcpy(eid, hapd->conf->time_zone, len);
|
|
|
|
eid += len;
|
|
|
|
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int hostapd_update_time_adv(struct hostapd_data *hapd)
|
|
|
|
{
|
|
|
|
const int elen = 2 + 1 + 10 + 5 + 1;
|
|
|
|
struct os_time t;
|
|
|
|
struct os_tm tm;
|
|
|
|
u8 *pos;
|
|
|
|
|
|
|
|
if (hapd->conf->time_advertisement != 2)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (os_get_time(&t) < 0 || os_gmtime(t.sec, &tm) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (!hapd->time_adv) {
|
|
|
|
hapd->time_adv = wpabuf_alloc(elen);
|
|
|
|
if (hapd->time_adv == NULL)
|
|
|
|
return -1;
|
|
|
|
pos = wpabuf_put(hapd->time_adv, elen);
|
|
|
|
} else
|
|
|
|
pos = wpabuf_mhead_u8(hapd->time_adv);
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_TIME_ADVERTISEMENT;
|
|
|
|
*pos++ = 1 + 10 + 5 + 1;
|
|
|
|
|
|
|
|
*pos++ = 2; /* UTC time at which the TSF timer is 0 */
|
|
|
|
|
|
|
|
/* Time Value at TSF 0 */
|
|
|
|
/* FIX: need to calculate this based on the current TSF value */
|
|
|
|
WPA_PUT_LE16(pos, tm.year); /* Year */
|
|
|
|
pos += 2;
|
|
|
|
*pos++ = tm.month; /* Month */
|
|
|
|
*pos++ = tm.day; /* Day of month */
|
|
|
|
*pos++ = tm.hour; /* Hours */
|
|
|
|
*pos++ = tm.min; /* Minutes */
|
|
|
|
*pos++ = tm.sec; /* Seconds */
|
|
|
|
WPA_PUT_LE16(pos, 0); /* Milliseconds (not used) */
|
|
|
|
pos += 2;
|
|
|
|
*pos++ = 0; /* Reserved */
|
|
|
|
|
|
|
|
/* Time Error */
|
|
|
|
/* TODO: fill in an estimate on the error */
|
|
|
|
*pos++ = 0;
|
|
|
|
*pos++ = 0;
|
|
|
|
*pos++ = 0;
|
|
|
|
*pos++ = 0;
|
|
|
|
*pos++ = 0;
|
|
|
|
|
|
|
|
*pos++ = hapd->time_update_counter++;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2012-05-28 02:35:00 +02:00
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_bss_max_idle_period(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
|
2017-06-12 08:29:27 +02:00
|
|
|
#ifdef CONFIG_WNM_AP
|
2012-05-28 02:35:00 +02:00
|
|
|
if (hapd->conf->ap_max_inactivity > 0) {
|
|
|
|
unsigned int val;
|
|
|
|
*pos++ = WLAN_EID_BSS_MAX_IDLE_PERIOD;
|
|
|
|
*pos++ = 3;
|
|
|
|
val = hapd->conf->ap_max_inactivity;
|
|
|
|
if (val > 68000)
|
|
|
|
val = 68000;
|
|
|
|
val *= 1000;
|
|
|
|
val /= 1024;
|
|
|
|
if (val == 0)
|
|
|
|
val = 1;
|
|
|
|
if (val > 65535)
|
|
|
|
val = 65535;
|
|
|
|
WPA_PUT_LE16(pos, val);
|
|
|
|
pos += 2;
|
|
|
|
*pos++ = 0x00; /* TODO: Protected Keep-Alive Required */
|
|
|
|
}
|
2017-06-12 08:29:27 +02:00
|
|
|
#endif /* CONFIG_WNM_AP */
|
2012-05-28 02:35:00 +02:00
|
|
|
|
|
|
|
return pos;
|
|
|
|
}
|
2016-02-15 15:53:52 +01:00
|
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_MBO
|
|
|
|
|
2017-08-21 18:43:53 +02:00
|
|
|
u8 * hostapd_eid_mbo_rssi_assoc_rej(struct hostapd_data *hapd, u8 *eid,
|
|
|
|
size_t len, int delta)
|
|
|
|
{
|
|
|
|
u8 mbo[4];
|
|
|
|
|
|
|
|
mbo[0] = OCE_ATTR_ID_RSSI_BASED_ASSOC_REJECT;
|
|
|
|
mbo[1] = 2;
|
|
|
|
/* Delta RSSI */
|
|
|
|
mbo[2] = delta;
|
|
|
|
/* Retry delay */
|
|
|
|
mbo[3] = hapd->iconf->rssi_reject_assoc_timeout;
|
|
|
|
|
|
|
|
return eid + mbo_add_ie(eid, len, mbo, 4);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-02-15 15:53:52 +01:00
|
|
|
u8 * hostapd_eid_mbo(struct hostapd_data *hapd, u8 *eid, size_t len)
|
|
|
|
{
|
2017-06-16 14:17:03 +02:00
|
|
|
u8 mbo[9], *mbo_pos = mbo;
|
2016-02-15 15:53:52 +01:00
|
|
|
u8 *pos = eid;
|
|
|
|
|
2018-10-16 16:32:19 +02:00
|
|
|
if (!hapd->conf->mbo_enabled &&
|
|
|
|
!OCE_STA_CFON_ENABLED(hapd) && !OCE_AP_ENABLED(hapd))
|
2016-02-15 15:53:52 +01:00
|
|
|
return eid;
|
|
|
|
|
2017-06-16 14:17:03 +02:00
|
|
|
if (hapd->conf->mbo_enabled) {
|
|
|
|
*mbo_pos++ = MBO_ATTR_ID_AP_CAPA_IND;
|
|
|
|
*mbo_pos++ = 1;
|
|
|
|
/* Not Cellular aware */
|
|
|
|
*mbo_pos++ = 0;
|
|
|
|
}
|
2016-02-15 15:53:52 +01:00
|
|
|
|
2017-06-16 14:17:03 +02:00
|
|
|
if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) {
|
2016-02-15 15:53:52 +01:00
|
|
|
*mbo_pos++ = MBO_ATTR_ID_ASSOC_DISALLOW;
|
|
|
|
*mbo_pos++ = 1;
|
|
|
|
*mbo_pos++ = hapd->mbo_assoc_disallow;
|
|
|
|
}
|
|
|
|
|
2018-10-16 16:32:19 +02:00
|
|
|
if (OCE_STA_CFON_ENABLED(hapd) || OCE_AP_ENABLED(hapd)) {
|
2017-06-16 14:17:03 +02:00
|
|
|
u8 ctrl;
|
|
|
|
|
|
|
|
ctrl = OCE_RELEASE;
|
2018-10-16 16:32:19 +02:00
|
|
|
if (OCE_STA_CFON_ENABLED(hapd) && !OCE_AP_ENABLED(hapd))
|
2017-06-16 14:17:03 +02:00
|
|
|
ctrl |= OCE_IS_STA_CFON;
|
|
|
|
|
|
|
|
*mbo_pos++ = OCE_ATTR_ID_CAPA_IND;
|
|
|
|
*mbo_pos++ = 1;
|
|
|
|
*mbo_pos++ = ctrl;
|
|
|
|
}
|
|
|
|
|
2016-02-15 15:53:52 +01:00
|
|
|
pos += mbo_add_ie(pos, len, mbo, mbo_pos - mbo);
|
|
|
|
|
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
u8 hostapd_mbo_ie_len(struct hostapd_data *hapd)
|
|
|
|
{
|
2017-06-16 14:17:03 +02:00
|
|
|
u8 len;
|
|
|
|
|
2018-10-16 16:32:19 +02:00
|
|
|
if (!hapd->conf->mbo_enabled &&
|
|
|
|
!OCE_STA_CFON_ENABLED(hapd) && !OCE_AP_ENABLED(hapd))
|
2016-02-15 15:53:52 +01:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* MBO IE header (6) + Capability Indication attribute (3) +
|
|
|
|
* Association Disallowed attribute (3) = 12
|
|
|
|
*/
|
2017-06-16 14:17:03 +02:00
|
|
|
len = 6;
|
|
|
|
if (hapd->conf->mbo_enabled)
|
|
|
|
len += 3 + (hapd->mbo_assoc_disallow ? 3 : 0);
|
|
|
|
|
|
|
|
/* OCE capability indication attribute (3) */
|
2018-10-16 16:32:19 +02:00
|
|
|
if (OCE_STA_CFON_ENABLED(hapd) || OCE_AP_ENABLED(hapd))
|
2017-06-16 14:17:03 +02:00
|
|
|
len += 3;
|
|
|
|
|
|
|
|
return len;
|
2016-02-15 15:53:52 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* CONFIG_MBO */
|
2016-02-24 11:20:31 +01:00
|
|
|
|
|
|
|
|
2018-01-16 10:03:14 +01:00
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
static int hostapd_eid_owe_trans_enabled(struct hostapd_data *hapd)
|
|
|
|
{
|
|
|
|
return hapd->conf->owe_transition_ssid_len > 0 &&
|
|
|
|
!is_zero_ether_addr(hapd->conf->owe_transition_bssid);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OWE */
|
|
|
|
|
|
|
|
|
|
|
|
size_t hostapd_eid_owe_trans_len(struct hostapd_data *hapd)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
if (!hostapd_eid_owe_trans_enabled(hapd))
|
|
|
|
return 0;
|
|
|
|
return 6 + ETH_ALEN + 1 + hapd->conf->owe_transition_ssid_len;
|
|
|
|
#else /* CONFIG_OWE */
|
|
|
|
return 0;
|
|
|
|
#endif /* CONFIG_OWE */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_owe_trans(struct hostapd_data *hapd, u8 *eid,
|
|
|
|
size_t len)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
u8 *pos = eid;
|
|
|
|
size_t elen;
|
|
|
|
|
|
|
|
if (hapd->conf->owe_transition_ifname[0] &&
|
|
|
|
!hostapd_eid_owe_trans_enabled(hapd))
|
|
|
|
hostapd_owe_trans_get_info(hapd);
|
|
|
|
|
|
|
|
if (!hostapd_eid_owe_trans_enabled(hapd))
|
|
|
|
return pos;
|
|
|
|
|
|
|
|
elen = hostapd_eid_owe_trans_len(hapd);
|
|
|
|
if (len < elen) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"OWE: Not enough room in the buffer for OWE IE");
|
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_VENDOR_SPECIFIC;
|
|
|
|
*pos++ = elen - 2;
|
|
|
|
WPA_PUT_BE24(pos, OUI_WFA);
|
|
|
|
pos += 3;
|
|
|
|
*pos++ = OWE_OUI_TYPE;
|
|
|
|
os_memcpy(pos, hapd->conf->owe_transition_bssid, ETH_ALEN);
|
|
|
|
pos += ETH_ALEN;
|
|
|
|
*pos++ = hapd->conf->owe_transition_ssid_len;
|
|
|
|
os_memcpy(pos, hapd->conf->owe_transition_ssid,
|
|
|
|
hapd->conf->owe_transition_ssid_len);
|
|
|
|
pos += hapd->conf->owe_transition_ssid_len;
|
|
|
|
|
|
|
|
return pos;
|
|
|
|
#else /* CONFIG_OWE */
|
|
|
|
return eid;
|
|
|
|
#endif /* CONFIG_OWE */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-03-27 13:03:04 +01:00
|
|
|
size_t hostapd_eid_dpp_cc_len(struct hostapd_data *hapd)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_DPP2
|
2022-07-23 15:54:47 +02:00
|
|
|
if (hostapd_dpp_configurator_connectivity(hapd))
|
2020-03-27 13:03:04 +01:00
|
|
|
return 6;
|
|
|
|
#endif /* CONFIG_DPP2 */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_dpp_cc(struct hostapd_data *hapd, u8 *eid, size_t len)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
|
2020-05-11 16:30:26 +02:00
|
|
|
#ifdef CONFIG_DPP2
|
2022-07-23 15:54:47 +02:00
|
|
|
if (!hostapd_dpp_configurator_connectivity(hapd) || len < 6)
|
2020-03-27 13:03:04 +01:00
|
|
|
return pos;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_VENDOR_SPECIFIC;
|
|
|
|
*pos++ = 4;
|
|
|
|
WPA_PUT_BE24(pos, OUI_WFA);
|
|
|
|
pos += 3;
|
|
|
|
*pos++ = DPP_CC_OUI_TYPE;
|
2020-05-11 16:30:26 +02:00
|
|
|
#endif /* CONFIG_DPP2 */
|
2020-03-27 13:03:04 +01:00
|
|
|
|
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-02-24 11:20:31 +01:00
|
|
|
void ap_copy_sta_supp_op_classes(struct sta_info *sta,
|
|
|
|
const u8 *supp_op_classes,
|
|
|
|
size_t supp_op_classes_len)
|
|
|
|
{
|
|
|
|
if (!supp_op_classes)
|
|
|
|
return;
|
|
|
|
os_free(sta->supp_op_classes);
|
|
|
|
sta->supp_op_classes = os_malloc(1 + supp_op_classes_len);
|
|
|
|
if (!sta->supp_op_classes)
|
|
|
|
return;
|
|
|
|
|
|
|
|
sta->supp_op_classes[0] = supp_op_classes_len;
|
|
|
|
os_memcpy(sta->supp_op_classes + 1, supp_op_classes,
|
|
|
|
supp_op_classes_len);
|
|
|
|
}
|
2015-09-01 18:33:32 +02:00
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_fils_indic(struct hostapd_data *hapd, u8 *eid, int hessid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
u8 *len;
|
|
|
|
u16 fils_info = 0;
|
2016-12-17 16:19:34 +01:00
|
|
|
size_t realms;
|
|
|
|
struct fils_realm *realm;
|
2015-09-01 18:33:32 +02:00
|
|
|
|
|
|
|
if (!(hapd->conf->wpa & WPA_PROTO_RSN) ||
|
|
|
|
!wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt))
|
|
|
|
return pos;
|
|
|
|
|
2016-12-17 16:19:34 +01:00
|
|
|
realms = dl_list_len(&hapd->conf->fils_realms);
|
|
|
|
if (realms > 7)
|
|
|
|
realms = 7; /* 3 bit count field limits this to max 7 */
|
|
|
|
|
2015-09-01 18:33:32 +02:00
|
|
|
*pos++ = WLAN_EID_FILS_INDICATION;
|
|
|
|
len = pos++;
|
|
|
|
/* TODO: B0..B2: Number of Public Key Identifiers */
|
2015-09-02 15:33:42 +02:00
|
|
|
if (hapd->conf->erp_domain) {
|
|
|
|
/* B3..B5: Number of Realm Identifiers */
|
2016-12-17 16:19:34 +01:00
|
|
|
fils_info |= realms << 3;
|
2015-09-02 15:33:42 +02:00
|
|
|
}
|
2015-09-01 18:33:32 +02:00
|
|
|
/* TODO: B6: FILS IP Address Configuration */
|
|
|
|
if (hapd->conf->fils_cache_id_set)
|
|
|
|
fils_info |= BIT(7);
|
|
|
|
if (hessid && !is_zero_ether_addr(hapd->conf->hessid))
|
|
|
|
fils_info |= BIT(8); /* HESSID Included */
|
|
|
|
/* FILS Shared Key Authentication without PFS Supported */
|
|
|
|
fils_info |= BIT(9);
|
2017-03-12 21:40:56 +01:00
|
|
|
if (hapd->conf->fils_dh_group) {
|
|
|
|
/* FILS Shared Key Authentication with PFS Supported */
|
|
|
|
fils_info |= BIT(10);
|
|
|
|
}
|
2015-09-01 18:33:32 +02:00
|
|
|
/* TODO: B11: FILS Public Key Authentication Supported */
|
|
|
|
/* B12..B15: Reserved */
|
|
|
|
WPA_PUT_LE16(pos, fils_info);
|
|
|
|
pos += 2;
|
|
|
|
if (hapd->conf->fils_cache_id_set) {
|
|
|
|
os_memcpy(pos, hapd->conf->fils_cache_id, FILS_CACHE_ID_LEN);
|
|
|
|
pos += FILS_CACHE_ID_LEN;
|
|
|
|
}
|
|
|
|
if (hessid && !is_zero_ether_addr(hapd->conf->hessid)) {
|
|
|
|
os_memcpy(pos, hapd->conf->hessid, ETH_ALEN);
|
|
|
|
pos += ETH_ALEN;
|
|
|
|
}
|
2016-12-17 16:19:34 +01:00
|
|
|
|
|
|
|
dl_list_for_each(realm, &hapd->conf->fils_realms, struct fils_realm,
|
|
|
|
list) {
|
|
|
|
if (realms == 0)
|
|
|
|
break;
|
|
|
|
realms--;
|
|
|
|
os_memcpy(pos, realm->hash, 2);
|
2015-09-02 15:33:42 +02:00
|
|
|
pos += 2;
|
|
|
|
}
|
2015-09-01 18:33:32 +02:00
|
|
|
*len = pos - len - 1;
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
|
|
|
return pos;
|
|
|
|
}
|
2018-08-06 21:46:30 +02:00
|
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
int get_tx_parameters(struct sta_info *sta, int ap_max_chanwidth,
|
|
|
|
int ap_seg1_idx, int *bandwidth, int *seg1_idx)
|
|
|
|
{
|
|
|
|
int ht_40mhz = 0;
|
|
|
|
int vht_80p80 = 0;
|
|
|
|
int requested_bw;
|
|
|
|
|
|
|
|
if (sta->ht_capabilities)
|
|
|
|
ht_40mhz = !!(sta->ht_capabilities->ht_capabilities_info &
|
|
|
|
HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET);
|
|
|
|
|
|
|
|
if (sta->vht_operation) {
|
|
|
|
struct ieee80211_vht_operation *oper = sta->vht_operation;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If a VHT Operation element was present, use it to determine
|
|
|
|
* the supported channel bandwidth.
|
|
|
|
*/
|
2022-05-13 18:17:40 +02:00
|
|
|
if (oper->vht_op_info_chwidth == CHANWIDTH_USE_HT) {
|
2018-08-06 21:46:30 +02:00
|
|
|
requested_bw = ht_40mhz ? 40 : 20;
|
|
|
|
} else if (oper->vht_op_info_chan_center_freq_seg1_idx == 0) {
|
|
|
|
requested_bw = 80;
|
|
|
|
} else {
|
|
|
|
int diff;
|
|
|
|
|
|
|
|
requested_bw = 160;
|
|
|
|
diff = abs((int)
|
|
|
|
oper->vht_op_info_chan_center_freq_seg0_idx -
|
|
|
|
(int)
|
|
|
|
oper->vht_op_info_chan_center_freq_seg1_idx);
|
|
|
|
vht_80p80 = oper->vht_op_info_chan_center_freq_seg1_idx
|
|
|
|
!= 0 && diff > 16;
|
|
|
|
}
|
|
|
|
} else if (sta->vht_capabilities) {
|
|
|
|
struct ieee80211_vht_capabilities *capab;
|
|
|
|
int vht_chanwidth;
|
|
|
|
|
|
|
|
capab = sta->vht_capabilities;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If only the VHT Capabilities element is present (e.g., for
|
|
|
|
* normal clients), use it to determine the supported channel
|
|
|
|
* bandwidth.
|
|
|
|
*/
|
|
|
|
vht_chanwidth = capab->vht_capabilities_info &
|
|
|
|
VHT_CAP_SUPP_CHAN_WIDTH_MASK;
|
|
|
|
vht_80p80 = capab->vht_capabilities_info &
|
|
|
|
VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
|
|
|
|
|
|
|
|
/* TODO: Also take into account Extended NSS BW Support field */
|
|
|
|
requested_bw = vht_chanwidth ? 160 : 80;
|
|
|
|
} else {
|
|
|
|
requested_bw = ht_40mhz ? 40 : 20;
|
|
|
|
}
|
|
|
|
|
|
|
|
*bandwidth = requested_bw < ap_max_chanwidth ?
|
|
|
|
requested_bw : ap_max_chanwidth;
|
|
|
|
|
|
|
|
*seg1_idx = 0;
|
|
|
|
if (ap_seg1_idx && vht_80p80)
|
|
|
|
*seg1_idx = ap_seg1_idx;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OCV */
|
2019-10-18 14:49:32 +02:00
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_rsnxe(struct hostapd_data *hapd, u8 *eid, size_t len)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
2020-05-30 22:30:42 +02:00
|
|
|
bool sae_pk = false;
|
2020-12-16 12:01:37 +01:00
|
|
|
u16 capab = 0;
|
|
|
|
size_t flen;
|
|
|
|
|
|
|
|
if (!(hapd->conf->wpa & WPA_PROTO_RSN))
|
|
|
|
return eid;
|
2020-05-30 22:30:42 +02:00
|
|
|
|
|
|
|
#ifdef CONFIG_SAE_PK
|
|
|
|
sae_pk = hostapd_sae_pk_in_use(hapd->conf);
|
|
|
|
#endif /* CONFIG_SAE_PK */
|
2019-10-18 14:49:32 +02:00
|
|
|
|
2020-12-16 12:01:37 +01:00
|
|
|
if (wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
|
2022-11-29 19:36:15 +01:00
|
|
|
(hapd->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
|
|
|
|
hapd->conf->sae_pwe == SAE_PWE_BOTH ||
|
2022-07-24 21:20:58 +02:00
|
|
|
hostapd_sae_pw_id_in_use(hapd->conf) || sae_pk ||
|
|
|
|
wpa_key_mgmt_sae_ext_key(hapd->conf->wpa_key_mgmt)) &&
|
2022-11-29 19:36:15 +01:00
|
|
|
hapd->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK) {
|
2020-12-16 12:01:37 +01:00
|
|
|
capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
|
2020-05-30 22:30:42 +02:00
|
|
|
#ifdef CONFIG_SAE_PK
|
2020-12-16 12:01:37 +01:00
|
|
|
if (sae_pk)
|
|
|
|
capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
|
2020-05-30 22:30:42 +02:00
|
|
|
#endif /* CONFIG_SAE_PK */
|
2020-12-16 12:01:37 +01:00
|
|
|
}
|
|
|
|
|
2022-03-20 14:56:02 +01:00
|
|
|
if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF_AP)
|
2021-02-16 14:23:57 +01:00
|
|
|
capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
|
2022-03-20 14:56:02 +01:00
|
|
|
if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_AP)
|
2021-02-16 14:23:57 +01:00
|
|
|
capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
|
2022-03-20 14:56:02 +01:00
|
|
|
if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_AP)
|
2022-12-04 13:46:15 +01:00
|
|
|
capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR);
|
2020-12-16 12:01:37 +01:00
|
|
|
|
|
|
|
flen = (capab & 0xff00) ? 2 : 1;
|
|
|
|
if (len < 2 + flen || !capab)
|
|
|
|
return eid; /* no supported extended RSN capabilities */
|
|
|
|
capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_RSNX;
|
|
|
|
*pos++ = flen;
|
|
|
|
*pos++ = capab & 0x00ff;
|
|
|
|
capab >>= 8;
|
|
|
|
if (capab)
|
|
|
|
*pos++ = capab;
|
2019-10-18 14:49:32 +02:00
|
|
|
|
|
|
|
return pos;
|
|
|
|
}
|
2022-03-22 10:53:21 +01:00
|
|
|
|
|
|
|
|
|
|
|
u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *ext_capab_ie, size_t ext_capab_ie_len)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_INTERWORKING
|
|
|
|
/* check for QoS Map support */
|
|
|
|
if (ext_capab_ie_len >= 5) {
|
|
|
|
if (ext_capab_ie[4] & 0x01)
|
|
|
|
sta->qos_map_enabled = 1;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_INTERWORKING */
|
|
|
|
|
|
|
|
if (ext_capab_ie_len > 0) {
|
|
|
|
sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
|
|
|
|
os_free(sta->ext_capability);
|
|
|
|
sta->ext_capability = os_malloc(1 + ext_capab_ie_len);
|
|
|
|
if (sta->ext_capability) {
|
|
|
|
sta->ext_capability[0] = ext_capab_ie_len;
|
|
|
|
os_memcpy(sta->ext_capability + 1, ext_capab_ie,
|
|
|
|
ext_capab_ie_len);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
2023-12-25 18:43:00 +01:00
|
|
|
|
|
|
|
|
|
|
|
struct sta_info * hostapd_ml_get_assoc_sta(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
struct hostapd_data **assoc_hapd)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
struct hostapd_data *other_hapd = NULL;
|
|
|
|
struct sta_info *tmp_sta;
|
|
|
|
|
|
|
|
if (!sta->mld_info.mld_sta)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
*assoc_hapd = hapd;
|
|
|
|
|
|
|
|
/* The station is the one on which the association was performed */
|
|
|
|
if (sta->mld_assoc_link_id == hapd->mld_link_id)
|
|
|
|
return sta;
|
|
|
|
|
|
|
|
other_hapd = hostapd_mld_get_link_bss(hapd, sta->mld_assoc_link_id);
|
|
|
|
if (!other_hapd) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: No link match for link_id=%u",
|
|
|
|
sta->mld_assoc_link_id);
|
|
|
|
return sta;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Iterate over the stations and find the one with the matching link ID
|
|
|
|
* and association ID.
|
|
|
|
*/
|
|
|
|
for (tmp_sta = other_hapd->sta_list; tmp_sta; tmp_sta = tmp_sta->next) {
|
|
|
|
if (tmp_sta->mld_assoc_link_id == sta->mld_assoc_link_id &&
|
|
|
|
tmp_sta->aid == sta->aid) {
|
|
|
|
*assoc_hapd = other_hapd;
|
|
|
|
return tmp_sta;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
|
|
|
return sta;
|
|
|
|
}
|