Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / a04bd250fff00c837f5bdccd28528853295da1e5 / . / src / ap / wnm_ap.c
blob: 23a352c9ba54443053752020137f1c4abde263ae [file] [log] [blame]
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]1/*
2 * hostapd - WNM
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]3 * Copyright (c) 2011-2014, Qualcomm Atheros, Inc.
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]12#include "utils/eloop.h"
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]13#include "common/ieee802_11_defs.h"
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]14#include "common/wpa_ctrl.h"
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]15#include "common/ocv.h"
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]16#include "ap/hostapd.h"
17#include "ap/sta_info.h"
18#include "ap/ap_config.h"
19#include "ap/ap_drv_ops.h"
20#include "ap/wpa_auth.h"
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]21#include "mbo_ap.h"
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]22#include "wnm_ap.h"
23
24#define MAX_TFS_IE_LEN 1024
25
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]26
27/* get the TFS IE from driver */
28static int ieee80211_11_get_tfs_ie(struct hostapd_data *hapd, const u8 *addr,
29 u8 *buf, u16 *buf_len, enum wnm_oper oper)
30{
31 wpa_printf(MSG_DEBUG, "%s: TFS get operation %d", __func__, oper);
32
33 return hostapd_drv_wnm_oper(hapd, oper, addr, buf, buf_len);
34}
35
36
37/* set the TFS IE to driver */
38static int ieee80211_11_set_tfs_ie(struct hostapd_data *hapd, const u8 *addr,
39 u8 *buf, u16 *buf_len, enum wnm_oper oper)
40{
41 wpa_printf(MSG_DEBUG, "%s: TFS set operation %d", __func__, oper);
42
43 return hostapd_drv_wnm_oper(hapd, oper, addr, buf, buf_len);
44}
45
46
47/* MLME-SLEEPMODE.response */
48static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd,
49 const u8 *addr, u8 dialog_token,
50 u8 action_type, u16 intval)
51{
52 struct ieee80211_mgmt *mgmt;
53 int res;
54 size_t len;
55 size_t gtk_elem_len = 0;
56 size_t igtk_elem_len = 0;
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]57 size_t bigtk_elem_len = 0;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]58 struct wnm_sleep_element wnmsleep_ie;
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]59 u8 *wnmtfs_ie, *oci_ie;
60 u8 wnmsleep_ie_len, oci_ie_len;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]61 u16 wnmtfs_ie_len;
62 u8 *pos;
63 struct sta_info *sta;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]64 enum wnm_oper tfs_oper = action_type == WNM_SLEEP_MODE_ENTER ?
65 WNM_SLEEP_TFS_RESP_IE_ADD : WNM_SLEEP_TFS_RESP_IE_NONE;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]66
67 sta = ap_get_sta(hapd, addr);
68 if (sta == NULL) {
69 wpa_printf(MSG_DEBUG, "%s: station not found", __func__);
70 return -EINVAL;
71 }
72
73 /* WNM-Sleep Mode IE */
74 os_memset(&wnmsleep_ie, 0, sizeof(struct wnm_sleep_element));
75 wnmsleep_ie_len = sizeof(struct wnm_sleep_element);
76 wnmsleep_ie.eid = WLAN_EID_WNMSLEEP;
77 wnmsleep_ie.len = wnmsleep_ie_len - 2;
78 wnmsleep_ie.action_type = action_type;
79 wnmsleep_ie.status = WNM_STATUS_SLEEP_ACCEPT;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]80 wnmsleep_ie.intval = host_to_le16(intval);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]81
82 /* TFS IE(s) */
83 wnmtfs_ie = os_zalloc(MAX_TFS_IE_LEN);
84 if (wnmtfs_ie == NULL)
85 return -1;
86 if (ieee80211_11_get_tfs_ie(hapd, addr, wnmtfs_ie, &wnmtfs_ie_len,
87 tfs_oper)) {
88 wnmtfs_ie_len = 0;
89 os_free(wnmtfs_ie);
90 wnmtfs_ie = NULL;
91 }
92
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]93 oci_ie = NULL;
94 oci_ie_len = 0;
95#ifdef CONFIG_OCV
96 if (action_type == WNM_SLEEP_MODE_EXIT &&
97 wpa_auth_uses_ocv(sta->wpa_sm)) {
98 struct wpa_channel_info ci;
99
100 if (hostapd_drv_channel_info(hapd, &ci) != 0) {
101 wpa_printf(MSG_WARNING,
102 "Failed to get channel info for OCI element in WNM-Sleep Mode frame");
103 os_free(wnmtfs_ie);
104 return -1;
105 }
Hai Shalom899fcc72020-10-19 14:38:18 -0700[diff] [blame]106#ifdef CONFIG_TESTING_OPTIONS
107 if (hapd->conf->oci_freq_override_wnm_sleep) {
108 wpa_printf(MSG_INFO,
109 "TEST: Override OCI frequency %d -> %u MHz",
110 ci.frequency,
111 hapd->conf->oci_freq_override_wnm_sleep);
112 ci.frequency = hapd->conf->oci_freq_override_wnm_sleep;
113 }
114#endif /* CONFIG_TESTING_OPTIONS */
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]115
116 oci_ie_len = OCV_OCI_EXTENDED_LEN;
117 oci_ie = os_zalloc(oci_ie_len);
118 if (!oci_ie) {
119 wpa_printf(MSG_WARNING,
120 "Failed to allocate buffer for OCI element in WNM-Sleep Mode frame");
121 os_free(wnmtfs_ie);
122 return -1;
123 }
124
125 if (ocv_insert_extended_oci(&ci, oci_ie) < 0) {
126 os_free(wnmtfs_ie);
127 os_free(oci_ie);
128 return -1;
129 }
130 }
131#endif /* CONFIG_OCV */
132
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]133#define MAX_GTK_SUBELEM_LEN 45
134#define MAX_IGTK_SUBELEM_LEN 26
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]135#define MAX_BIGTK_SUBELEM_LEN 26
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]136 mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len +
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]137 MAX_GTK_SUBELEM_LEN + MAX_IGTK_SUBELEM_LEN +
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]138 MAX_BIGTK_SUBELEM_LEN +
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]139 oci_ie_len);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]140 if (mgmt == NULL) {
141 wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for "
142 "WNM-Sleep Response action frame");
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]143 res = -1;
144 goto fail;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]145 }
146 os_memcpy(mgmt->da, addr, ETH_ALEN);
147 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
148 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
149 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
150 WLAN_FC_STYPE_ACTION);
151 mgmt->u.action.category = WLAN_ACTION_WNM;
152 mgmt->u.action.u.wnm_sleep_resp.action = WNM_SLEEP_MODE_RESP;
153 mgmt->u.action.u.wnm_sleep_resp.dialogtoken = dialog_token;
154 pos = (u8 *)mgmt->u.action.u.wnm_sleep_resp.variable;
155 /* add key data if MFP is enabled */
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]156 if (!wpa_auth_uses_mfp(sta->wpa_sm) ||
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]157 hapd->conf->wnm_sleep_mode_no_keys ||
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]158 action_type != WNM_SLEEP_MODE_EXIT) {
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]159 mgmt->u.action.u.wnm_sleep_resp.keydata_len = 0;
160 } else {
161 gtk_elem_len = wpa_wnmsleep_gtk_subelem(sta->wpa_sm, pos);
162 pos += gtk_elem_len;
163 wpa_printf(MSG_DEBUG, "Pass 4, gtk_len = %d",
164 (int) gtk_elem_len);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]165 res = wpa_wnmsleep_igtk_subelem(sta->wpa_sm, pos);
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]166 if (res < 0)
167 goto fail;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]168 igtk_elem_len = res;
169 pos += igtk_elem_len;
170 wpa_printf(MSG_DEBUG, "Pass 4 igtk_len = %d",
171 (int) igtk_elem_len);
Hai Shalom60840252021-02-19 19:02:11 -0800[diff] [blame]172 if (hapd->conf->beacon_prot &&
173 (hapd->iface->drv_flags &
174 WPA_DRIVER_FLAGS_BEACON_PROTECTION)) {
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]175 res = wpa_wnmsleep_bigtk_subelem(sta->wpa_sm, pos);
176 if (res < 0)
177 goto fail;
178 bigtk_elem_len = res;
179 pos += bigtk_elem_len;
180 wpa_printf(MSG_DEBUG, "Pass 4 bigtk_len = %d",
181 (int) bigtk_elem_len);
182 }
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]183
184 WPA_PUT_LE16((u8 *)
185 &mgmt->u.action.u.wnm_sleep_resp.keydata_len,
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]186 gtk_elem_len + igtk_elem_len + bigtk_elem_len);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]187 }
188 os_memcpy(pos, &wnmsleep_ie, wnmsleep_ie_len);
189 /* copy TFS IE here */
190 pos += wnmsleep_ie_len;
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]191 if (wnmtfs_ie) {
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]192 os_memcpy(pos, wnmtfs_ie, wnmtfs_ie_len);
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]193 pos += wnmtfs_ie_len;
194 }
195#ifdef CONFIG_OCV
196 /* copy OCV OCI here */
197 if (oci_ie_len > 0)
198 os_memcpy(pos, oci_ie, oci_ie_len);
199#endif /* CONFIG_OCV */
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]200
201 len = 1 + sizeof(mgmt->u.action.u.wnm_sleep_resp) + gtk_elem_len +
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]202 igtk_elem_len + bigtk_elem_len +
203 wnmsleep_ie_len + wnmtfs_ie_len + oci_ie_len;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]204
205 /* In driver, response frame should be forced to sent when STA is in
206 * PS mode */
207 res = hostapd_drv_send_action(hapd, hapd->iface->freq, 0,
208 mgmt->da, &mgmt->u.action.category, len);
209
210 if (!res) {
211 wpa_printf(MSG_DEBUG, "Successfully send WNM-Sleep Response "
212 "frame");
213
214 /* when entering wnmsleep
215 * 1. pause the node in driver
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]216 * 2. mark the node so that AP won't update GTK/IGTK/BIGTK
217 * during WNM Sleep
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]218 */
219 if (wnmsleep_ie.status == WNM_STATUS_SLEEP_ACCEPT &&
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]220 wnmsleep_ie.action_type == WNM_SLEEP_MODE_ENTER) {
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]221 sta->flags |= WLAN_STA_WNM_SLEEP_MODE;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]222 hostapd_drv_wnm_oper(hapd, WNM_SLEEP_ENTER_CONFIRM,
223 addr, NULL, NULL);
224 wpa_set_wnmsleep(sta->wpa_sm, 1);
225 }
226 /* when exiting wnmsleep
227 * 1. unmark the node
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]228 * 2. start GTK/IGTK/BIGTK update if MFP is not used
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]229 * 3. unpause the node in driver
230 */
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]231 if ((wnmsleep_ie.status == WNM_STATUS_SLEEP_ACCEPT ||
232 wnmsleep_ie.status ==
233 WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) &&
234 wnmsleep_ie.action_type == WNM_SLEEP_MODE_EXIT) {
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]235 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]236 wpa_set_wnmsleep(sta->wpa_sm, 0);
237 hostapd_drv_wnm_oper(hapd, WNM_SLEEP_EXIT_CONFIRM,
238 addr, NULL, NULL);
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]239 if (!wpa_auth_uses_mfp(sta->wpa_sm) ||
240 hapd->conf->wnm_sleep_mode_no_keys)
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]241 wpa_wnmsleep_rekey_gtk(sta->wpa_sm);
242 }
243 } else
244 wpa_printf(MSG_DEBUG, "Fail to send WNM-Sleep Response frame");
245
246#undef MAX_GTK_SUBELEM_LEN
247#undef MAX_IGTK_SUBELEM_LEN
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]248#undef MAX_BIGTK_SUBELEM_LEN
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]249fail:
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]250 os_free(wnmtfs_ie);
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]251 os_free(oci_ie);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]252 os_free(mgmt);
253 return res;
254}
255
256
257static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd,
258 const u8 *addr, const u8 *frm, int len)
259{
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]260 /* Dialog Token [1] | WNM-Sleep Mode IE | TFS Response IE */
261 const u8 *pos = frm;
262 u8 dialog_token;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]263 struct wnm_sleep_element *wnmsleep_ie = NULL;
264 /* multiple TFS Req IE (assuming consecutive) */
265 u8 *tfsreq_ie_start = NULL;
266 u8 *tfsreq_ie_end = NULL;
267 u16 tfsreq_ie_len = 0;
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]268#ifdef CONFIG_OCV
269 struct sta_info *sta;
270 const u8 *oci_ie = NULL;
271 u8 oci_ie_len = 0;
272#endif /* CONFIG_OCV */
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]273
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]274 if (!hapd->conf->wnm_sleep_mode) {
275 wpa_printf(MSG_DEBUG, "Ignore WNM-Sleep Mode Request from "
276 MACSTR " since WNM-Sleep Mode is disabled",
277 MAC2STR(addr));
278 return;
279 }
280
Jouni Malinen83e54022018-10-29 20:48:07 +0200[diff] [blame]281 if (len < 1) {
282 wpa_printf(MSG_DEBUG,
283 "WNM: Ignore too short WNM-Sleep Mode Request from "
284 MACSTR, MAC2STR(addr));
285 return;
286 }
287
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]288 dialog_token = *pos++;
289 while (pos + 1 < frm + len) {
290 u8 ie_len = pos[1];
291 if (pos + 2 + ie_len > frm + len)
292 break;
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]293 if (*pos == WLAN_EID_WNMSLEEP &&
294 ie_len >= (int) sizeof(*wnmsleep_ie) - 2)
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]295 wnmsleep_ie = (struct wnm_sleep_element *) pos;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]296 else if (*pos == WLAN_EID_TFS_REQ) {
297 if (!tfsreq_ie_start)
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]298 tfsreq_ie_start = (u8 *) pos;
299 tfsreq_ie_end = (u8 *) pos;
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]300#ifdef CONFIG_OCV
301 } else if (*pos == WLAN_EID_EXTENSION && ie_len >= 1 &&
302 pos[2] == WLAN_EID_EXT_OCV_OCI) {
303 oci_ie = pos + 3;
304 oci_ie_len = ie_len - 1;
305#endif /* CONFIG_OCV */
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]306 } else
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]307 wpa_printf(MSG_DEBUG, "WNM: EID %d not recognized",
308 *pos);
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]309 pos += ie_len + 2;
310 }
311
312 if (!wnmsleep_ie) {
313 wpa_printf(MSG_DEBUG, "No WNM-Sleep IE found");
314 return;
315 }
316
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]317#ifdef CONFIG_OCV
318 sta = ap_get_sta(hapd, addr);
319 if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT &&
320 sta && wpa_auth_uses_ocv(sta->wpa_sm)) {
321 struct wpa_channel_info ci;
322
323 if (hostapd_drv_channel_info(hapd, &ci) != 0) {
324 wpa_printf(MSG_WARNING,
325 "Failed to get channel info to validate received OCI in WNM-Sleep Mode frame");
326 return;
327 }
328
329 if (ocv_verify_tx_params(oci_ie, oci_ie_len, &ci,
330 channel_width_to_int(ci.chanwidth),
Hai Shalom899fcc72020-10-19 14:38:18 -0700[diff] [blame]331 ci.seg1_idx) != OCI_SUCCESS) {
332 wpa_msg(hapd, MSG_WARNING, "WNM: OCV failed: %s",
333 ocv_errorstr);
Hai Shalom74f70d42019-02-11 14:42:39 -0800[diff] [blame]334 return;
335 }
336 }
337#endif /* CONFIG_OCV */
338
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]339 if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER &&
340 tfsreq_ie_start && tfsreq_ie_end &&
341 tfsreq_ie_end - tfsreq_ie_start >= 0) {
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]342 tfsreq_ie_len = (tfsreq_ie_end + tfsreq_ie_end[1] + 2) -
343 tfsreq_ie_start;
344 wpa_printf(MSG_DEBUG, "TFS Req IE(s) found");
345 /* pass the TFS Req IE(s) to driver for processing */
346 if (ieee80211_11_set_tfs_ie(hapd, addr, tfsreq_ie_start,
347 &tfsreq_ie_len,
348 WNM_SLEEP_TFS_REQ_IE_SET))
349 wpa_printf(MSG_DEBUG, "Fail to set TFS Req IE");
350 }
351
352 ieee802_11_send_wnmsleep_resp(hapd, addr, dialog_token,
353 wnmsleep_ie->action_type,
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]354 le_to_host16(wnmsleep_ie->intval));
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]355
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]356 if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT) {
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]357 /* clear the tfs after sending the resp frame */
358 ieee80211_11_set_tfs_ie(hapd, addr, tfsreq_ie_start,
359 &tfsreq_ie_len, WNM_SLEEP_TFS_IE_DEL);
360 }
361}
362
363
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]364static int ieee802_11_send_bss_trans_mgmt_request(struct hostapd_data *hapd,
365 const u8 *addr,
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]366 u8 dialog_token)
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]367{
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]368 struct ieee80211_mgmt *mgmt;
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]369 size_t len;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]370 u8 *pos;
371 int res;
372
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]373 mgmt = os_zalloc(sizeof(*mgmt));
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]374 if (mgmt == NULL)
375 return -1;
376 os_memcpy(mgmt->da, addr, ETH_ALEN);
377 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
378 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
379 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
380 WLAN_FC_STYPE_ACTION);
381 mgmt->u.action.category = WLAN_ACTION_WNM;
382 mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
383 mgmt->u.action.u.bss_tm_req.dialog_token = dialog_token;
384 mgmt->u.action.u.bss_tm_req.req_mode = 0;
385 mgmt->u.action.u.bss_tm_req.disassoc_timer = host_to_le16(0);
386 mgmt->u.action.u.bss_tm_req.validity_interval = 1;
387 pos = mgmt->u.action.u.bss_tm_req.variable;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]388
389 wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
390 MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u "
391 "validity_interval=%u",
392 MAC2STR(addr), dialog_token,
393 mgmt->u.action.u.bss_tm_req.req_mode,
394 le_to_host16(mgmt->u.action.u.bss_tm_req.disassoc_timer),
395 mgmt->u.action.u.bss_tm_req.validity_interval);
396
397 len = pos - &mgmt->u.action.category;
398 res = hostapd_drv_send_action(hapd, hapd->iface->freq, 0,
399 mgmt->da, &mgmt->u.action.category, len);
400 os_free(mgmt);
401 return res;
402}
403
404
405static void ieee802_11_rx_bss_trans_mgmt_query(struct hostapd_data *hapd,
406 const u8 *addr, const u8 *frm,
407 size_t len)
408{
409 u8 dialog_token, reason;
410 const u8 *pos, *end;
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]411 int enabled = hapd->conf->bss_transition;
Sunil Ravia04bd252022-05-02 22:54:18 -0700[diff] [blame^]412 char *hex = NULL;
413 size_t hex_len;
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]414
415#ifdef CONFIG_MBO
416 if (hapd->conf->mbo_enabled)
417 enabled = 1;
418#endif /* CONFIG_MBO */
419 if (!enabled) {
420 wpa_printf(MSG_DEBUG,
421 "Ignore BSS Transition Management Query from "
422 MACSTR
423 " since BSS Transition Management is disabled",
424 MAC2STR(addr));
425 return;
426 }
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]427
428 if (len < 2) {
429 wpa_printf(MSG_DEBUG, "WNM: Ignore too short BSS Transition Management Query from "
430 MACSTR, MAC2STR(addr));
431 return;
432 }
433
434 pos = frm;
435 end = pos + len;
436 dialog_token = *pos++;
437 reason = *pos++;
438
439 wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management Query from "
440 MACSTR " dialog_token=%u reason=%u",
441 MAC2STR(addr), dialog_token, reason);
442
443 wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries",
444 pos, end - pos);
445
Sunil Ravia04bd252022-05-02 22:54:18 -0700[diff] [blame^]446 hex_len = 2 * (end - pos) + 1;
447 if (hex_len > 1) {
448 hex = os_malloc(hex_len);
449 if (hex)
450 wpa_snprintf_hex(hex, hex_len, pos, end - pos);
451 }
452 wpa_msg(hapd->msg_ctx, MSG_INFO,
453 BSS_TM_QUERY MACSTR " reason=%u%s%s",
454 MAC2STR(addr), reason, hex ? " neighbor=" : "", hex);
455 os_free(hex);
456
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]457 ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token);
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]458}
459
460
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]461void ap_sta_reset_steer_flag_timer(void *eloop_ctx, void *timeout_ctx)
462{
463 struct hostapd_data *hapd = eloop_ctx;
464 struct sta_info *sta = timeout_ctx;
465
466 if (sta->agreed_to_steer) {
467 wpa_printf(MSG_DEBUG, "%s: Reset steering flag for STA " MACSTR,
468 hapd->conf->iface, MAC2STR(sta->addr));
469 sta->agreed_to_steer = 0;
470 }
471}
472
473
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]474static void ieee802_11_rx_bss_trans_mgmt_resp(struct hostapd_data *hapd,
475 const u8 *addr, const u8 *frm,
476 size_t len)
477{
478 u8 dialog_token, status_code, bss_termination_delay;
479 const u8 *pos, *end;
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]480 int enabled = hapd->conf->bss_transition;
481 struct sta_info *sta;
482
483#ifdef CONFIG_MBO
484 if (hapd->conf->mbo_enabled)
485 enabled = 1;
486#endif /* CONFIG_MBO */
487 if (!enabled) {
488 wpa_printf(MSG_DEBUG,
489 "Ignore BSS Transition Management Response from "
490 MACSTR
491 " since BSS Transition Management is disabled",
492 MAC2STR(addr));
493 return;
494 }
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]495
496 if (len < 3) {
497 wpa_printf(MSG_DEBUG, "WNM: Ignore too short BSS Transition Management Response from "
498 MACSTR, MAC2STR(addr));
499 return;
500 }
501
502 pos = frm;
503 end = pos + len;
504 dialog_token = *pos++;
505 status_code = *pos++;
506 bss_termination_delay = *pos++;
507
508 wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management Response from "
509 MACSTR " dialog_token=%u status_code=%u "
510 "bss_termination_delay=%u", MAC2STR(addr), dialog_token,
511 status_code, bss_termination_delay);
512
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]513 sta = ap_get_sta(hapd, addr);
514 if (!sta) {
515 wpa_printf(MSG_DEBUG, "Station " MACSTR
516 " not found for received BSS TM Response",
517 MAC2STR(addr));
518 return;
519 }
520
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]521 if (status_code == WNM_BSS_TM_ACCEPT) {
522 if (end - pos < ETH_ALEN) {
523 wpa_printf(MSG_DEBUG, "WNM: not enough room for Target BSSID field");
524 return;
525 }
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]526 sta->agreed_to_steer = 1;
527 eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
528 eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer,
529 hapd, sta);
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]530 wpa_printf(MSG_DEBUG, "WNM: Target BSSID: " MACSTR,
531 MAC2STR(pos));
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]532 wpa_msg(hapd->msg_ctx, MSG_INFO, BSS_TM_RESP MACSTR
533 " status_code=%u bss_termination_delay=%u target_bssid="
534 MACSTR,
535 MAC2STR(addr), status_code, bss_termination_delay,
536 MAC2STR(pos));
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]537 pos += ETH_ALEN;
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]538 } else {
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]539 sta->agreed_to_steer = 0;
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]540 wpa_msg(hapd->msg_ctx, MSG_INFO, BSS_TM_RESP MACSTR
541 " status_code=%u bss_termination_delay=%u",
542 MAC2STR(addr), status_code, bss_termination_delay);
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]543 }
544
545 wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries",
546 pos, end - pos);
547}
548
549
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]550static void wnm_beacon_protection_failure(struct hostapd_data *hapd,
551 const u8 *addr)
552{
553 struct sta_info *sta;
554
Hai Shalom60840252021-02-19 19:02:11 -0800[diff] [blame]555 if (!hapd->conf->beacon_prot ||
556 !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]557 return;
558
559 sta = ap_get_sta(hapd, addr);
560 if (!sta || !(sta->flags & WLAN_STA_AUTHORIZED)) {
561 wpa_printf(MSG_DEBUG, "Station " MACSTR
562 " not found for received WNM-Notification Request",
563 MAC2STR(addr));
564 return;
565 }
566
567 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
568 HOSTAPD_LEVEL_INFO,
569 "Beacon protection failure reported");
570 wpa_msg(hapd->msg_ctx, MSG_INFO, WPA_EVENT_UNPROT_BEACON "reporter="
571 MACSTR, MAC2STR(addr));
572}
573
574
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]575static void ieee802_11_rx_wnm_notification_req(struct hostapd_data *hapd,
576 const u8 *addr, const u8 *buf,
577 size_t len)
578{
579 u8 dialog_token, type;
580
581 if (len < 2)
582 return;
583 dialog_token = *buf++;
584 type = *buf++;
585 len -= 2;
586
587 wpa_printf(MSG_DEBUG,
588 "WNM: Received WNM Notification Request frame from "
589 MACSTR " (dialog_token=%u type=%u)",
590 MAC2STR(addr), dialog_token, type);
591 wpa_hexdump(MSG_MSGDUMP, "WNM: Notification Request subelements",
592 buf, len);
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]593 switch (type) {
594 case WNM_NOTIF_TYPE_BEACON_PROTECTION_FAILURE:
595 wnm_beacon_protection_failure(hapd, addr);
596 break;
597 case WNM_NOTIF_TYPE_VENDOR_SPECIFIC:
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]598 mbo_ap_wnm_notification_req(hapd, addr, buf, len);
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]599 break;
600 }
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]601}
602
603
Hai Shalom39ba6fc2019-01-22 12:40:38 -0800[diff] [blame]604static void ieee802_11_rx_wnm_coloc_intf_report(struct hostapd_data *hapd,
605 const u8 *addr, const u8 *buf,
606 size_t len)
607{
608 u8 dialog_token;
609 char *hex;
610 size_t hex_len;
611
612 if (!hapd->conf->coloc_intf_reporting) {
613 wpa_printf(MSG_DEBUG,
614 "WNM: Ignore unexpected Collocated Interference Report from "
615 MACSTR, MAC2STR(addr));
616 return;
617 }
618
619 if (len < 1) {
620 wpa_printf(MSG_DEBUG,
621 "WNM: Ignore too short Collocated Interference Report from "
622 MACSTR, MAC2STR(addr));
623 return;
624 }
625 dialog_token = *buf++;
626 len--;
627
628 wpa_printf(MSG_DEBUG,
629 "WNM: Received Collocated Interference Report frame from "
630 MACSTR " (dialog_token=%u)",
631 MAC2STR(addr), dialog_token);
632 wpa_hexdump(MSG_MSGDUMP, "WNM: Collocated Interference Report Elements",
633 buf, len);
634
635 hex_len = 2 * len + 1;
636 hex = os_malloc(hex_len);
637 if (!hex)
638 return;
639 wpa_snprintf_hex(hex, hex_len, buf, len);
640 wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, COLOC_INTF_REPORT MACSTR " %d %s",
641 MAC2STR(addr), dialog_token, hex);
642 os_free(hex);
643}
644
645
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]646int ieee802_11_rx_wnm_action_ap(struct hostapd_data *hapd,
647 const struct ieee80211_mgmt *mgmt, size_t len)
648{
649 u8 action;
650 const u8 *payload;
651 size_t plen;
652
653 if (len < IEEE80211_HDRLEN + 2)
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]654 return -1;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]655
Dmitry Shmidt623d63a2014-06-13 11:05:14 -0700[diff] [blame]656 payload = ((const u8 *) mgmt) + IEEE80211_HDRLEN + 1;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]657 action = *payload++;
Dmitry Shmidt623d63a2014-06-13 11:05:14 -0700[diff] [blame]658 plen = len - IEEE80211_HDRLEN - 2;
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]659
660 switch (action) {
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]661 case WNM_BSS_TRANS_MGMT_QUERY:
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]662 ieee802_11_rx_bss_trans_mgmt_query(hapd, mgmt->sa, payload,
663 plen);
664 return 0;
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]665 case WNM_BSS_TRANS_MGMT_RESP:
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]666 ieee802_11_rx_bss_trans_mgmt_resp(hapd, mgmt->sa, payload,
667 plen);
668 return 0;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]669 case WNM_SLEEP_MODE_REQ:
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]670 ieee802_11_rx_wnmsleep_req(hapd, mgmt->sa, payload, plen);
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]671 return 0;
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]672 case WNM_NOTIFICATION_REQ:
673 ieee802_11_rx_wnm_notification_req(hapd, mgmt->sa, payload,
674 plen);
675 return 0;
Hai Shalom39ba6fc2019-01-22 12:40:38 -0800[diff] [blame]676 case WNM_COLLOCATED_INTERFERENCE_REPORT:
677 ieee802_11_rx_wnm_coloc_intf_report(hapd, mgmt->sa, payload,
678 plen);
679 return 0;
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]680 }
Dmitry Shmidt61d9df32012-08-29 16:22:06 -0700[diff] [blame]681
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]682 wpa_printf(MSG_DEBUG, "WNM: Unsupported WNM Action %u from " MACSTR,
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]683 action, MAC2STR(mgmt->sa));
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]684 return -1;
685}
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]686
687
688int wnm_send_disassoc_imminent(struct hostapd_data *hapd,
689 struct sta_info *sta, int disassoc_timer)
690{
691 u8 buf[1000], *pos;
692 struct ieee80211_mgmt *mgmt;
693
694 os_memset(buf, 0, sizeof(buf));
695 mgmt = (struct ieee80211_mgmt *) buf;
696 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
697 WLAN_FC_STYPE_ACTION);
698 os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
699 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
700 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
701 mgmt->u.action.category = WLAN_ACTION_WNM;
702 mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
703 mgmt->u.action.u.bss_tm_req.dialog_token = 1;
704 mgmt->u.action.u.bss_tm_req.req_mode =
705 WNM_BSS_TM_REQ_DISASSOC_IMMINENT;
706 mgmt->u.action.u.bss_tm_req.disassoc_timer =
707 host_to_le16(disassoc_timer);
708 mgmt->u.action.u.bss_tm_req.validity_interval = 0;
709
710 pos = mgmt->u.action.u.bss_tm_req.variable;
711
712 wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request frame to indicate imminent disassociation (disassoc_timer=%d) to "
713 MACSTR, disassoc_timer, MAC2STR(sta->addr));
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]714 if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]715 wpa_printf(MSG_DEBUG, "Failed to send BSS Transition "
716 "Management Request frame");
717 return -1;
718 }
719
720 return 0;
721}
722
723
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]724static void set_disassoc_timer(struct hostapd_data *hapd, struct sta_info *sta,
725 int disassoc_timer)
726{
727 int timeout, beacon_int;
728
729 /*
730 * Prevent STA from reconnecting using cached PMKSA to force
731 * full authentication with the authentication server (which may
732 * decide to reject the connection),
733 */
734 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
735
736 beacon_int = hapd->iconf->beacon_int;
737 if (beacon_int < 1)
738 beacon_int = 100; /* best guess */
739 /* Calculate timeout in ms based on beacon_int in TU */
740 timeout = disassoc_timer * beacon_int * 128 / 125;
741 wpa_printf(MSG_DEBUG, "Disassociation timer for " MACSTR
742 " set to %d ms", MAC2STR(sta->addr), timeout);
743
744 sta->timeout_next = STA_DISASSOC_FROM_CLI;
745 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
746 eloop_register_timeout(timeout / 1000,
747 timeout % 1000 * 1000,
748 ap_handle_timer, hapd, sta);
749}
750
751
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]752int wnm_send_ess_disassoc_imminent(struct hostapd_data *hapd,
753 struct sta_info *sta, const char *url,
754 int disassoc_timer)
755{
756 u8 buf[1000], *pos;
757 struct ieee80211_mgmt *mgmt;
758 size_t url_len;
759
760 os_memset(buf, 0, sizeof(buf));
761 mgmt = (struct ieee80211_mgmt *) buf;
762 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
763 WLAN_FC_STYPE_ACTION);
764 os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
765 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
766 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
767 mgmt->u.action.category = WLAN_ACTION_WNM;
768 mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
769 mgmt->u.action.u.bss_tm_req.dialog_token = 1;
770 mgmt->u.action.u.bss_tm_req.req_mode =
771 WNM_BSS_TM_REQ_DISASSOC_IMMINENT |
772 WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT;
773 mgmt->u.action.u.bss_tm_req.disassoc_timer =
774 host_to_le16(disassoc_timer);
775 mgmt->u.action.u.bss_tm_req.validity_interval = 0x01;
776
777 pos = mgmt->u.action.u.bss_tm_req.variable;
778
779 /* Session Information URL */
780 url_len = os_strlen(url);
781 if (url_len > 255)
782 return -1;
783 *pos++ = url_len;
784 os_memcpy(pos, url, url_len);
785 pos += url_len;
786
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]787 if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]788 wpa_printf(MSG_DEBUG, "Failed to send BSS Transition "
789 "Management Request frame");
790 return -1;
791 }
792
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]793 if (disassoc_timer) {
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]794 /* send disassociation frame after time-out */
795 set_disassoc_timer(hapd, sta, disassoc_timer);
796 }
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]797
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]798 return 0;
799}
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]800
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]801
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]802int wnm_send_bss_tm_req(struct hostapd_data *hapd, struct sta_info *sta,
803 u8 req_mode, int disassoc_timer, u8 valid_int,
Hai Shaloma20dcd72022-02-04 13:43:00 -0800[diff] [blame]804 const u8 *bss_term_dur, u8 dialog_token,
805 const char *url, const u8 *nei_rep, size_t nei_rep_len,
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]806 const u8 *mbo_attrs, size_t mbo_len)
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]807{
808 u8 *buf, *pos;
809 struct ieee80211_mgmt *mgmt;
810 size_t url_len;
811
812 wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
Hai Shaloma20dcd72022-02-04 13:43:00 -0800[diff] [blame]813 MACSTR
814 " req_mode=0x%x disassoc_timer=%d valid_int=0x%x dialog_token=%u",
815 MAC2STR(sta->addr), req_mode, disassoc_timer, valid_int,
816 dialog_token);
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]817 buf = os_zalloc(1000 + nei_rep_len + mbo_len);
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]818 if (buf == NULL)
819 return -1;
820 mgmt = (struct ieee80211_mgmt *) buf;
821 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
822 WLAN_FC_STYPE_ACTION);
823 os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
824 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
825 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
826 mgmt->u.action.category = WLAN_ACTION_WNM;
827 mgmt->u.action.u.bss_tm_req.action = WNM_BSS_TRANS_MGMT_REQ;
Hai Shaloma20dcd72022-02-04 13:43:00 -0800[diff] [blame]828 mgmt->u.action.u.bss_tm_req.dialog_token = dialog_token;
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]829 mgmt->u.action.u.bss_tm_req.req_mode = req_mode;
830 mgmt->u.action.u.bss_tm_req.disassoc_timer =
831 host_to_le16(disassoc_timer);
832 mgmt->u.action.u.bss_tm_req.validity_interval = valid_int;
833
834 pos = mgmt->u.action.u.bss_tm_req.variable;
835
836 if ((req_mode & WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED) &&
837 bss_term_dur) {
838 os_memcpy(pos, bss_term_dur, 12);
839 pos += 12;
840 }
841
842 if (url) {
843 /* Session Information URL */
844 url_len = os_strlen(url);
Dmitry Shmidt432d6032015-01-21 13:19:05 -0800[diff] [blame]845 if (url_len > 255) {
846 os_free(buf);
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]847 return -1;
Dmitry Shmidt432d6032015-01-21 13:19:05 -0800[diff] [blame]848 }
849
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]850 *pos++ = url_len;
851 os_memcpy(pos, url, url_len);
852 pos += url_len;
853 }
854
855 if (nei_rep) {
856 os_memcpy(pos, nei_rep, nei_rep_len);
857 pos += nei_rep_len;
858 }
859
Dmitry Shmidt57c2d392016-02-23 13:40:19 -0800[diff] [blame]860 if (mbo_len > 0) {
861 pos += mbo_add_ie(pos, buf + sizeof(buf) - pos, mbo_attrs,
862 mbo_len);
863 }
864
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]865 if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
Dmitry Shmidtfb45fd52015-01-05 13:08:17 -0800[diff] [blame]866 wpa_printf(MSG_DEBUG,
867 "Failed to send BSS Transition Management Request frame");
868 os_free(buf);
869 return -1;
870 }
871 os_free(buf);
872
873 if (disassoc_timer) {
874 /* send disassociation frame after time-out */
875 set_disassoc_timer(hapd, sta, disassoc_timer);
Dmitry Shmidtfb79edc2014-01-10 10:45:54 -0800[diff] [blame]876 }
877
878 return 0;
879}
Hai Shalom39ba6fc2019-01-22 12:40:38 -0800[diff] [blame]880
881
882int wnm_send_coloc_intf_req(struct hostapd_data *hapd, struct sta_info *sta,
883 unsigned int auto_report, unsigned int timeout)
884{
885 u8 buf[100], *pos;
886 struct ieee80211_mgmt *mgmt;
887 u8 dialog_token = 1;
888
889 if (auto_report > 3 || timeout > 63)
890 return -1;
891 os_memset(buf, 0, sizeof(buf));
892 mgmt = (struct ieee80211_mgmt *) buf;
893 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
894 WLAN_FC_STYPE_ACTION);
895 os_memcpy(mgmt->da, sta->addr, ETH_ALEN);
896 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
897 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
898 mgmt->u.action.category = WLAN_ACTION_WNM;
899 mgmt->u.action.u.coloc_intf_req.action =
900 WNM_COLLOCATED_INTERFERENCE_REQ;
901 mgmt->u.action.u.coloc_intf_req.dialog_token = dialog_token;
902 mgmt->u.action.u.coloc_intf_req.req_info = auto_report | (timeout << 2);
903 pos = &mgmt->u.action.u.coloc_intf_req.req_info;
904 pos++;
905
906 wpa_printf(MSG_DEBUG, "WNM: Sending Collocated Interference Request to "
907 MACSTR " (dialog_token=%u auto_report=%u timeout=%u)",
908 MAC2STR(sta->addr), dialog_token, auto_report, timeout);
Hai Shalomfdcde762020-04-02 11:19:20 -0700[diff] [blame]909 if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
Hai Shalom39ba6fc2019-01-22 12:40:38 -0800[diff] [blame]910 wpa_printf(MSG_DEBUG,
911 "WNM: Failed to send Collocated Interference Request frame");
912 return -1;
913 }
914
915 return 0;
916}