jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
hostap/src/ap/sta_info.c

1486 lines
41 KiB
C
Raw Normal View History

Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/*
* hostapd / Station table
OWE: Process Diffie-Hellman Parameter element in AP mode This adds AP side processing for OWE Diffie-Hellman Parameter element in (Re)Association Request frame and adding it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 00:26:43 +01:00
* Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
*
Remove the GPL notification from files contributed by Jouni Malinen Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 15:46:35 +01:00
* This software may be distributed under the terms of the BSD license.
* See README for more details.
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
*/
Rename some src/ap files to avoid duplicate file names Doxygen and some build tools may get a bit confused about same file name being used in different directories. Clean this up a bit by renaming some of the duplicated file names in src/ap.
2009-12-25 23:05:40 +01:00
#include "utils/includes.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
Rename some src/ap files to avoid duplicate file names Doxygen and some build tools may get a bit confused about same file name being used in different directories. Clean this up a bit by renaming some of the duplicated file names in src/ap.
2009-12-25 23:05:40 +01:00
#include "utils/common.h"
#include "utils/eloop.h"
Include header files explicitly in *.c, not via header files
2009-12-25 23:31:51 +01:00
#include "common/ieee802_11_defs.h"
hostapd: Send an event when an inactive station is removed Currently, there is no events over the control interface when a AP disconnects a station due to inactivity. With this patch, an "AP-STA-DISCONNECTED" event will be sent. Signed-hostap: Nicolas Cavallari <nicolas.cavallari@lri.fr>
2011-11-03 20:58:22 +01:00
#include "common/wpa_ctrl.h"
SAE: Maintain EC group context in struct sae_data This can be used to share same EC group context through the SAE exchange. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-01 10:29:53 +01:00
#include "common/sae.h"
DPP2: PFS for PTK derivation Use Diffie-Hellman key exchange to derivate additional material for PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element (defined in OWE RFC 8110) is used in association frames to exchange the DH public keys. For backwards compatibility, ignore missing request/response DH parameter and fall back to no PFS in such cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-17 22:51:53 +01:00
#include "common/dpp.h"
Remove direct driver calls from sta_info.c
2009-12-24 23:30:16 +01:00
#include "radius/radius.h"
#include "radius/radius_client.h"
P2P: Add group notifications
2010-07-18 23:30:25 +02:00
#include "p2p/p2p.h"
FST: Integration into hostapd This commit integrates the FST into the hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-21 14:30:48 +01:00
#include "fst/fst.h"
OWE: Process Diffie-Hellman Parameter element in AP mode This adds AP side processing for OWE Diffie-Hellman Parameter element in (Re)Association Request frame and adding it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 00:26:43 +01:00
#include "crypto/crypto.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#include "hostapd.h"
#include "accounting.h"
#include "ieee802_1x.h"
#include "ieee802_11.h"
Use a shared function for freeing PSK list There is no need to duplicate this code in multiple locations. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 17:01:55 +01:00
#include "ieee802_11_auth.h"
Rename some src/ap files to avoid duplicate file names Doxygen and some build tools may get a bit confused about same file name being used in different directories. Clean this up a bit by renaming some of the duplicated file names in src/ap.
2009-12-25 23:05:40 +01:00
#include "wpa_auth.h"
#include "preauth_auth.h"
#include "ap_config.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#include "beacon.h"
Rename some src/ap files to avoid duplicate file names Doxygen and some build tools may get a bit confused about same file name being used in different directories. Clean this up a bit by renaming some of the duplicated file names in src/ap.
2009-12-25 23:05:40 +01:00
#include "ap_mlme.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#include "vlan_init.h"
P2P: Disable periodic NoA when non-P2P STA is connected For now, this applies to the test command that can be used to set periodic NoA (p2p_set noa). The value are stored and periodic NoA is enabled whenever there are no non-P2P STAs connected to the GO.
2010-07-09 02:14:24 +02:00
#include "p2p_hostapd.h"
hostapd: Start removing struct hostapd_driver_ops abstraction Commit bf65bc638fe438b96f2986580ad167d5e276ef4c started the path to add this new abstraction for driver operations in AP mode to allow wpa_supplicant to control AP mode operations. At that point, the extra abstraction was needed, but it is not needed anymore since hostapd and wpa_supplicant share the same struct wpa_driver_ops. Start removing the unneeded abstraction by converting send_mgmt_frame() to an inline function, hostapd_drv_send_mlme(). This is similar to the design that is used in wpa_supplicant and that was used in hostapd in the past (hostapd_send_mgmt_frame() inline function).
2010-11-24 14:19:50 +01:00
#include "ap_drv_ops.h"
Interworking: Add GAS server support for AP mode This adds GAS/ANQP implementation into hostapd. This commit brings in the basic GAS/ANQP functionality, but only the ANQP Capability List element is supported. For testing purposes, hostapd control interface SET command can be used to set the gas_frag_limit parameter dynamically. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 21:34:19 +01:00
#include "gas_serv.h"
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP If the authentication server includes the WFA HS 2.0 Session Info URL AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be transmitted specified warning time prior to session timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 23:39:30 +02:00
#include "wnm_ap.h"
MBO: Parse non-preferred channel list on the AP This adds parsing of non-preferred channel list on an MBO AP. The information in (Re)Association Request and WNM Notification Request frames is parsed to get the initial value and updates from each associated MBO STA. The parsed information is available through the STA control interface command non_pref_chan[i] rows. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 19:37:21 +01:00
#include "mbo_ap.h"
AP: Add Neighbor Discovery snooping mechanism for Proxy ARP This commit establishes the infrastructure, and handles the Neighbor Solicitation and Neighbor Advertisement frames. This will be extended in the future to handle other frames. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-01 07:33:41 +01:00
#include "ndisc_snoop.h"
Rename some src/ap files to avoid duplicate file names Doxygen and some build tools may get a bit confused about same file name being used in different directories. Clean this up a bit by renaming some of the duplicated file names in src/ap.
2009-12-25 23:05:40 +01:00
#include "sta_info.h"
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
#include "vlan.h"
Use eloop timeout for post-EAP-Failure wait before disconnection Previously, os_sleep() was used to block the hostapd (or wpa_supplicant AP/P2P GO mode) processing between sending out EAP-Failure and disconnecting the STA. This is not ideal for couple of reasons: it blocks all other parallel operations in the process and it leaves a window during which the station might deauthenticate and the AP would have no option for reacting to that before forcing out its own Deauthentication frame which could go out after the STA has already started new connection attempt. Improve this design by scheduling an eloop timeout of 10 ms instead of the os_sleep() call and perform the delayed operations from the eloop callback function. This eloop timeout is cancelled if the STA disconnects or initiates a new connection attempt before the 10 ms time is reached. This gets rid of the confusing extra Deauthentication frame in cases where the STA reacts to EAP-Failure by an immediate deauthentication. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-06 17:12:11 +01:00
#include "wps_hostapd.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
hostapd: allow stations to move between different bss interfaces With this patch, a client gets kicked out of the last BSS it was attached to, when it is associating to a different one. While mac80211 does allow a station to be present on multiple bss interfaces, this does seem to cause problems both for the stack and for hostapd.
2010-03-06 21:30:25 +01:00
static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
struct sta_info *sta);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP If the authentication server includes the WFA HS 2.0 Session Info URL AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be transmitted specified warning time prior to session timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 23:39:30 +02:00
static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx);
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx);
static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
Use eloop timeout for post-EAP-Failure wait before disconnection Previously, os_sleep() was used to block the hostapd (or wpa_supplicant AP/P2P GO mode) processing between sending out EAP-Failure and disconnecting the STA. This is not ideal for couple of reasons: it blocks all other parallel operations in the process and it leaves a window during which the station might deauthenticate and the AP would have no option for reacting to that before forcing out its own Deauthentication frame which could go out after the STA has already started new connection attempt. Improve this design by scheduling an eloop timeout of 10 ms instead of the os_sleep() call and perform the delayed operations from the eloop callback function. This eloop timeout is cancelled if the STA disconnects or initiates a new connection attempt before the 10 ms time is reached. This gets rid of the confusing extra Deauthentication frame in cases where the STA reacts to EAP-Failure by an immediate deauthentication. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-06 17:12:11 +01:00
static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
int ap_for_each_sta(struct hostapd_data *hapd,
int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
void *ctx),
void *ctx)
{
struct sta_info *sta;
for (sta = hapd->sta_list; sta; sta = sta->next) {
if (cb(hapd, sta, ctx))
return 1;
}
return 0;
}
struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
{
struct sta_info *s;
s = hapd->sta_hash[STA_HASH(sta)];
while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
s = s->hnext;
return s;
}
P2P: Add a command for removing a client from all groups The new control interface command P2P_REMOVE_CLIENT <P2P Device Address|iface=Address> can now be used to remove the specified client from all groups (ongoing and persistent) in which the local device is a GO. This will remove any per-client PSK entries and deauthenticate the device. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 16:37:22 +02:00
#ifdef CONFIG_P2P
struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr)
{
struct sta_info *sta;
for (sta = hapd->sta_list; sta; sta = sta->next) {
const u8 *p2p_dev_addr;
if (sta->p2p_ie == NULL)
continue;
p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
if (p2p_dev_addr == NULL)
continue;
if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0)
return sta;
}
return NULL;
}
#endif /* CONFIG_P2P */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
{
struct sta_info *tmp;
if (hapd->sta_list == sta) {
hapd->sta_list = sta->next;
return;
}
tmp = hapd->sta_list;
while (tmp != NULL && tmp->next != sta)
tmp = tmp->next;
if (tmp == NULL) {
wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
"list.", MAC2STR(sta->addr));
} else
tmp->next = sta->next;
}
void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
{
sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
hapd->sta_hash[STA_HASH(sta->addr)] = sta;
}
static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
{
struct sta_info *s;
s = hapd->sta_hash[STA_HASH(sta->addr)];
if (s == NULL) return;
if (os_memcmp(s->addr, sta->addr, 6) == 0) {
hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
return;
}
while (s->hnext != NULL &&
os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
s = s->hnext;
if (s->hnext != NULL)
s->hnext = s->hnext->hnext;
else
wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
" from hash table", MAC2STR(sta->addr));
}
AP: Add Neighbor Discovery snooping mechanism for Proxy ARP This commit establishes the infrastructure, and handles the Neighbor Solicitation and Neighbor Advertisement frames. This will be extended in the future to handle other frames. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-01 07:33:41 +01:00
void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta)
{
sta_ip6addr_del(hapd, sta);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
{
int set_beacon = 0;
accounting_sta_stop(hapd, sta);
AP: Introduce sta authorized wrappers To enable making state change notifications on the WLAN_STA_AUTHORIZED flag, introduce ap_sta_set_authorized(), and to reduce use of the flag itself also add a wrapper for testing the flag: ap_sta_is_authorized(). Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 15:52:32 +01:00
/* just in case */
ap_sta_set_authorized(hapd, sta, 0);
hostapd: Add Multi-AP protocol support The purpose of Multi-AP specification is to enable inter-operability across Wi-Fi access points (APs) from different vendors. This patch introduces one new configuration parameter 'multi_ap' to enable Multi-AP functionality and to configure the BSS as a backhaul and/or fronthaul BSS. Advertise vendor specific Multi-AP capabilities in (Re)Association Response frame, if Multi-AP functionality is enabled through the configuration parameter. A backhaul AP must support receiving both 3addr and 4addr frames from a backhaul STA, so create a VLAN for it just like is done for WDS, i.e., by calling hostapd_set_wds_sta(). Since Multi-AP requires WPA2 (never WEP), we can safely call hostapd_set_wds_encryption() as well and we can reuse the entire WDS condition. To parse the Multi-AP Extension subelement, we use get_ie(): even though that function is meant for parsing IEs, it works for subelements. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-05 11:23:51 +01:00
if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP))
WDS: Fix WEP usage with nl80211 wds_sta=1 The static WEP keys have to be configured for the new VLAN interface that is created for a 4addr WDS peer, not doing so breaks WEP functionality in nl80211/4addr based WDS links. Signed-hostap: Sujith Manoharan <c_manoha@qca.qualcomm.com>
2013-07-20 16:41:22 +02:00
hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
hostapd: allow stations to move between different bss interfaces With this patch, a client gets kicked out of the last BSS it was attached to, when it is associating to a different one. While mac80211 does allow a station to be present on multiple bss interfaces, this does seem to cause problems both for the stack and for hostapd.
2010-03-06 21:30:25 +01:00
AP: Add support for Proxy ARP, DHCP snooping mechanism Proxy ARP allows the AP devices to keep track of the hardware address to IP address mapping of the STA devices within the BSS. When a request for such information is made (i.e., ARP request, Neighbor Solicitation), the AP will respond on behalf of the STA device within the BSS. Such requests could originate from a device within the BSS or also from the bridge. In the process of the AP replying to the request (i.e., ARP reply, Neighbor Advertisement), the AP will drop the original request frame. The relevant STA will not even know that such information was ever requested. This feature is a requirement for Hotspot 2.0, and is defined in IEEE Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly resides in the kernel bridge code, in order to optimize the performance and simplify kernel implementation, the DHCP snooping code was added to the hostapd. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
if (sta->ipaddr)
AP: Extend the BSS bridge neighbor entry management to support IPv6 This allows adding/deleting an IPv6 neighbor entry to/from the bridge, to which the BSS belongs. This commit adds the needed functionality in driver_nl80211.c for the Linux bridge implementation. In theory, this could be shared with multiple Linux driver interfaces, but for now, only the main nl80211 interface is supported. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-06 01:15:46 +01:00
hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
AP: Add Neighbor Discovery snooping mechanism for Proxy ARP This commit establishes the infrastructure, and handles the Neighbor Solicitation and Neighbor Advertisement frames. This will be extended in the future to handle other frames. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-01 07:33:41 +01:00
ap_sta_ip6addr_del(hapd, sta);
AP: Add support for Proxy ARP, DHCP snooping mechanism Proxy ARP allows the AP devices to keep track of the hardware address to IP address mapping of the STA devices within the BSS. When a request for such information is made (i.e., ARP request, Neighbor Solicitation), the AP will respond on behalf of the STA device within the BSS. Such requests could originate from a device within the BSS or also from the bridge. In the process of the AP replying to the request (i.e., ARP reply, Neighbor Advertisement), the AP will drop the original request frame. The relevant STA will not even know that such information was ever requested. This feature is a requirement for Hotspot 2.0, and is defined in IEEE Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly resides in the kernel bridge code, in order to optimize the performance and simplify kernel implementation, the DHCP snooping code was added to the hostapd. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
AP/GO interface teardown optimization This commit adds an option to optimize AP teardown by leaving the deletion of keys (including group keys) and stations to the driver. This optimization option should be used if the driver supports stations and keys removal when stopping an AP. For example, the optimization option will always be used for cfg80211 drivers since cfg80211 shall always remove stations and keys when stopping an AP (in order to support cases where the AP is disabled without the knowledge of wpa_supplicant/hostapd). Signed-off-by: Moshe Benji <moshe.benji@intel.com>
2014-03-05 13:55:29 +01:00
if (!hapd->iface->driver_ap_teardown &&
AP: Add support for full station state Add support for drivers that support full AP client state, i.e., can handle adding stations that are not associated yet. For such drivers, add a station after processing the authentication request, instead of adding it in the association response callback. Doing so is beneficial in cases where the driver cannot handle the add station request, in which case it is useless to perform the complete connection establishment. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-02-16 10:54:32 +01:00
!(sta->flags & WLAN_STA_PREAUTH)) {
hostapd_driver_ops reduction set_sta_vlan, get_inact_sec, sta_deauth, sta_disassoc, and sta_remove to use inline functions instead of extra abstraction.
2010-11-24 14:36:02 +01:00
hostapd_drv_sta_remove(hapd, sta->addr);
AP: Add support for full station state Add support for drivers that support full AP client state, i.e., can handle adding stations that are not associated yet. For such drivers, add a station after processing the authentication request, instead of adding it in the association response callback. Doing so is beneficial in cases where the driver cannot handle the add station request, in which case it is useless to perform the complete connection establishment. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-02-16 10:54:32 +01:00
sta->added_unassoc = 0;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
ap_sta_hash_del(hapd, sta);
ap_sta_list_del(hapd, sta);
if (sta->aid > 0)
Replace sta_aid array with bitfield The actual pointer to struct sta_info was not really used and it is enough to use a single bit to indicate whether an AID is allocated. This makes the BSS data take less memory while making the allocation routine faster and removing the arbitrary MAX_AID_TABLE_SIZE limit of 128 STAs.
2009-03-25 14:54:25 +01:00
hapd->sta_aid[(sta->aid - 1) / 32] &=
~BIT((sta->aid - 1) % 32);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
hapd->num_sta--;
if (sta->nonerp_set) {
sta->nonerp_set = 0;
hapd->iface->num_sta_non_erp--;
if (hapd->iface->num_sta_non_erp == 0)
set_beacon++;
}
if (sta->no_short_slot_time_set) {
sta->no_short_slot_time_set = 0;
hapd->iface->num_sta_no_short_slot_time--;
Check hostapd current_mode before dereferencing it in additional places While most places using this should be for cases where the hw_features functionality is required, there seem to be some paths that are getting exposed in new OWE related operations where that might not be the case. Add explicit NULL pointer checks to avoid dereferencing the pointer if it is not set when operating with driver wrappers that do not provide sufficient information. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-30 22:17:05 +01:00
if (hapd->iface->current_mode &&
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
&& hapd->iface->num_sta_no_short_slot_time == 0)
set_beacon++;
}
if (sta->no_short_preamble_set) {
sta->no_short_preamble_set = 0;
hapd->iface->num_sta_no_short_preamble--;
Check hostapd current_mode before dereferencing it in additional places While most places using this should be for cases where the hw_features functionality is required, there seem to be some paths that are getting exposed in new OWE related operations where that might not be the case. Add explicit NULL pointer checks to avoid dereferencing the pointer if it is not set when operating with driver wrappers that do not provide sufficient information. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-30 22:17:05 +01:00
if (hapd->iface->current_mode &&
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
&& hapd->iface->num_sta_no_short_preamble == 0)
set_beacon++;
}
Fixed non-HT (and GF, 20 MHz) counting Must not count the same STA multiple times if it reassociates back to the same AP without the old STA entry being removed.
2008-12-02 13:32:05 +01:00
if (sta->no_ht_gf_set) {
sta->no_ht_gf_set = 0;
hapd->iface->num_sta_ht_no_gf--;
}
if (sta->no_ht_set) {
sta->no_ht_set = 0;
Add preliminary IEEE 802.11n support into hostapd This commit brings in cleaned up version of IEEE 802.11n implementation from Intel (1). The Intel tarball includes number of other changes, too, and only the changes specific to IEEE 802.11n are brought in here. In addition, this does not include all the changes (e.g., some of the configuration parameters are still missing and driver wrapper changes for mac80211 were not included). (1) http://www.kernel.org/pub/linux/kernel/people/chuyee/wireless/iwl4965_ap/hostap_0_6_0_intel_0.0.13.1.tgz
2008-08-21 17:18:38 +02:00
hapd->iface->num_sta_no_ht--;
Fixed non-HT (and GF, 20 MHz) counting Must not count the same STA multiple times if it reassociates back to the same AP without the old STA entry being removed.
2008-12-02 13:32:05 +01:00
}
if (sta->ht_20mhz_set) {
sta->ht_20mhz_set = 0;
hapd->iface->num_sta_ht_20mhz--;
}
Add preliminary IEEE 802.11n support into hostapd This commit brings in cleaned up version of IEEE 802.11n implementation from Intel (1). The Intel tarball includes number of other changes, too, and only the changes specific to IEEE 802.11n are brought in here. In addition, this does not include all the changes (e.g., some of the configuration parameters are still missing and driver wrapper changes for mac80211 were not included). (1) http://www.kernel.org/pub/linux/kernel/people/chuyee/wireless/iwl4965_ap/hostap_0_6_0_intel_0.0.13.1.tgz
2008-08-21 17:18:38 +02:00
Passive Client Taxonomy Implement the signature mechanism described in the paper "Passive Taxonomy of Wifi Clients using MLME Frame Contents" published by Denton Gentry and Avery Pennarun. http://research.google.com/pubs/pub45429.html https://arxiv.org/abs/1608.01725 This involves: 1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs a memory overhead of up to several kilobytes per associated station. 2. If enabled, store the Probe Request and (Re)Associate Request frame in struct sta_info. 3. Implement code to extract the ID of each Information Element, plus selected fields and bitmasks from certain IEs, into a descriptive text string. This is done in a new source file, src/ap/taxonomy.c. 4. Implement a "signature qq:rr:ss:tt:uu:vv" command in hostapd_cli to retrieve the signature. Signatures take the form of a text string. For example, a signature for the Nexus 5X is: wifi4|probe:0,1,127,45,191,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:338061b2, vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:00000a0201000040|assoc:0,1,48,45, 221(0050f2,2),191,127,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:339071b2, vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:0000000000000040 Signed-off-by: dgentry@google.com (Denton Gentry) Signed-off-by: denny@geekhold.com (Denton Gentry) Signed-off-by: rofrankel@google.com (Richard Frankel) Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-08-15 06:42:48 +02:00
#ifdef CONFIG_TAXONOMY
wpabuf_free(sta->probe_ie_taxonomy);
sta->probe_ie_taxonomy = NULL;
wpabuf_free(sta->assoc_ie_taxonomy);
sta->assoc_ie_taxonomy = NULL;
#endif /* CONFIG_TAXONOMY */
hostapd: Extend support for HT 20/40 coexistence feature Extend the minimal HT 20/40 co-ex support to include dynamic changes during the lifetime of the BSS. If any STA connects to a 2.4 GHz AP with 40 MHz intolerant bit set then the AP will switch to 20 MHz operating mode. If for a period of time specified by OBSS delay factor and OBSS scan interval AP does not have any information about 40 MHz intolerant STAs, the BSS is switched from HT20 to HT40 mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-14 19:40:56 +02:00
ht40_intolerant_remove(hapd->iface, sta);
P2P: Disable periodic NoA when non-P2P STA is connected For now, this applies to the test command that can be used to set periodic NoA (p2p_set noa). The value are stored and periodic NoA is enabled whenever there are no non-P2P STAs connected to the GO.
2010-07-09 02:14:24 +02:00
#ifdef CONFIG_P2P
if (sta->no_p2p_set) {
sta->no_p2p_set = 0;
hapd->num_sta_no_p2p--;
if (hapd->num_sta_no_p2p == 0)
hostapd_p2p_non_p2p_sta_disconnected(hapd);
}
#endif /* CONFIG_P2P */
Remove CONFIG_IEEE80211N build option Hardcoded CONFIG_IEEE80211N to be included to clean up implementation. More or less all new devices support IEEE 802.11n (HT) and there is not much need for being able to remove that functionality from the build. Included this unconditionally to get rid of one more build options and to keep things simpler. Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 15:22:18 +01:00
#ifdef NEED_AP_MLME
Add preliminary IEEE 802.11n support into hostapd This commit brings in cleaned up version of IEEE 802.11n implementation from Intel (1). The Intel tarball includes number of other changes, too, and only the changes specific to IEEE 802.11n are brought in here. In addition, this does not include all the changes (e.g., some of the configuration parameters are still missing and driver wrapper changes for mac80211 were not included). (1) http://www.kernel.org/pub/linux/kernel/people/chuyee/wireless/iwl4965_ap/hostap_0_6_0_intel_0.0.13.1.tgz
2008-08-21 17:18:38 +02:00
if (hostapd_ht_operation_update(hapd->iface) > 0)
set_beacon++;
Remove CONFIG_IEEE80211N build option Hardcoded CONFIG_IEEE80211N to be included to clean up implementation. More or less all new devices support IEEE 802.11n (HT) and there is not much need for being able to remove that functionality from the build. Included this unconditionally to get rid of one more build options and to keep things simpler. Signed-off-by: Jouni Malinen <j@w1.fi>
2020-02-22 15:22:18 +01:00
#endif /* NEED_AP_MLME */
Add preliminary IEEE 802.11n support into hostapd This commit brings in cleaned up version of IEEE 802.11n implementation from Intel (1). The Intel tarball includes number of other changes, too, and only the changes specific to IEEE 802.11n are brought in here. In addition, this does not include all the changes (e.g., some of the configuration parameters are still missing and driver wrapper changes for mac80211 were not included). (1) http://www.kernel.org/pub/linux/kernel/people/chuyee/wireless/iwl4965_ap/hostap_0_6_0_intel_0.0.13.1.tgz
2008-08-21 17:18:38 +02:00
mesh: Add timer for SAE authentication in RSN mesh Add timer to do SAE re-authentication with number of tries defined by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT. Ignoring the sending of reply message on "SAE confirm before commit" to avoid "ping-pong" issues with other mesh nodes. This is obvious when number of mesh nodes in MBSS reaching 6. Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-09-01 06:23:31 +02:00
#ifdef CONFIG_MESH
if (hapd->mesh_sta_free_cb)
mesh: Fix peer link counting when a mesh peer reconnects When a mesh point reconnects by starting from Authentication frame sequence, the plink count was not decremented from its last connection. This resulted in leaking peer link count and causing wpa_supplicant to reject the connection after max_peer_links (default: 99) reconnects. This was reproduced by pre-configuring 2 mesh points with mesh credentials. Boot both mesh points and make sure they connect to each other. Then in a loop reboot one of the mesh points after it successfully connects while leaving the other mesh point up and running. After 99 iterations the supplicant on mesh point that is not rebooting will reject the connection request from the other mesh point. Fix this by decrementing num_plinks when freeing a STA entry that is still in PLINK_ESTAB state. Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>
2016-01-31 03:45:30 +01:00
hapd->mesh_sta_free_cb(hapd, sta);
mesh: Add timer for SAE authentication in RSN mesh Add timer to do SAE re-authentication with number of tries defined by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT. Ignoring the sending of reply message on "SAE confirm before commit" to avoid "ping-pong" issues with other mesh nodes. This is obvious when number of mesh nodes in MBSS reaching 6. Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-09-01 06:23:31 +02:00
#endif /* CONFIG_MESH */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
if (set_beacon)
ieee802_11_set_beacons(hapd->iface);
AP: Add debug information for ap_handle_timer operations This makes it easier to figure out what exactly was done with the ap_handle_timer registration/cancellation based on a debug log. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 13:09:40 +02:00
wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR,
__func__, MAC2STR(sta->addr));
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
eloop_cancel_timeout(ap_handle_timer, hapd, sta);
eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP If the authentication server includes the WFA HS 2.0 Session Info URL AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be transmitted specified warning time prior to session timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 23:39:30 +02:00
eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
AP: Fix Deauth/Disassoc TX status timeout handling The ap_sta_deauth_cb and ap_sta_disassoc_cb eloop timeouts are used to clear a disconnecting STA from the kernel driver if the STA did not ACK the Deauthentication/Disassociation frame from the AP within two seconds. However, it was possible for a STA to not ACK such a frame, e.g., when the disconnection happened due to hostapd pruning old associations from other BSSes and the STA was not on the old channel anymore. If that same STA then started a new authentication/association with the BSS, the two second timeout could trigger during this new association and result in the STA entry getting removed from the kernel. Fix this by canceling these eloop timeouts when receiving an indication of a new authentication or association. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:28:58 +01:00
ap_sta_clear_disconnect_timeouts(hapd, sta);
SAE: Implement retransmission timer Add the t0 retransmission timer as specified by IEEE Std 802.11-2012, 11.3.8.4. This makes SAE much more likely to succeed in the case of lost frames. Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-01-07 07:10:57 +01:00
sae_clear_retransmit_timer(hapd, sta);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
HS 2.0: Postpone WNM-Notification sending by 100 ms This makes it somewhat easier for the station to be able to receive and process the encrypted WNM-Notification frames that the AP previously sentt immediately after receiving EAPOL-Key msg 4/4. While the station is supposed to have the TK configured for receive before sending out EAPOL-Key msg 4/4, not many actual implementations do that. As such, there is a race condition in being able to configure the key at the station and the AP sending out the first encrypted frame after EAPOL-Key 4/4. The extra 100 ms time here makes it more likely for the station to have managed to configure the key in time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 20:46:08 +01:00
ieee802_1x_free_station(hapd, sta);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
wpa_auth_sta_deinit(sta->wpa_sm);
rsn_preauth_free_station(hapd, sta);
Remove conditional no-RADIUS build from src/radius Make it responsibility of the src/radius user to handle conditional build rules.
2009-12-06 16:53:59 +01:00
#ifndef CONFIG_NO_RADIUS
hostapd: Fix segfault after ACS when flushing STAs When hostapd receives an auth frame during ACS the transmission of the according auth response will always fail: ACS: Automatic channel selection started, this may take a bit [..] send_auth_reply: send: Resource temporarily unavailable [..] However, a station info entry was created. Once ACS is finished it will flush all stations even though hapd was not yet fully initialized. This results in a segfault when trying to access hapd->radius: 0 0x0042c1c0 in radius_client_flush_auth () 1 0x00416a94 in ap_free_sta () 2 0x00416cc0 in hostapd_free_stas () 3 0x0040bce8 in hostapd_flush_old_stations () 4 0x0040c790 in hostapd_setup_interface_complete () 5 0x0046347c in acs_scan_complete () 6 0x0040f834 in hostapd_wpa_event () 7 0x0043af08 in send_scan_event.part.46 () 8 0x00443a64 in send_scan_event () 9 0x00443c24 in do_process_drv_event () 10 0x004449e8 in process_global_event () 11 0x7767d7d0 in ?? () Fix this by not presuming anything about the initialization state of hapd and checking ->radius before accessing. Signed-off-hostapd: Helmut Schaa <helmut.schaa@googlemail.com>
2013-10-14 19:44:31 +02:00
if (hapd->radius)
radius_client_flush_auth(hapd->radius, sta->addr);
Remove conditional no-RADIUS build from src/radius Make it responsibility of the src/radius user to handle conditional build rules.
2009-12-06 16:53:59 +01:00
#endif /* CONFIG_NO_RADIUS */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
Fix init of group state machine for static VLANs This ensures that group key is set as long as the interface exists. Additionally, ifconfig_up is needed as wpa_group will enter FATAL_FAILURE if the interface is still down. Also vlan_remove_dynamic() is moved after wpa_auth_sta_deinit() so vlan_remove_dynamic() can check it was the last user of the wpa_group. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-10-05 16:14:26 +02:00
#ifndef CONFIG_NO_VLAN
/*
* sta->wpa_sm->group needs to be released before so that
* vlan_remove_dynamic() can check that no stations are left on the
* AP_VLAN netdev.
*/
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
if (sta->vlan_id)
vlan_remove_dynamic(hapd, sta->vlan_id);
Fix init of group state machine for static VLANs This ensures that group key is set as long as the interface exists. Additionally, ifconfig_up is needed as wpa_group will enter FATAL_FAILURE if the interface is still down. Also vlan_remove_dynamic() is moved after wpa_auth_sta_deinit() so vlan_remove_dynamic() can check it was the last user of the wpa_group. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-10-05 16:14:26 +02:00
if (sta->vlan_id_bound) {
/*
* Need to remove the STA entry before potentially removing the
* VLAN.
*/
if (hapd->iface->driver_ap_teardown &&
AP: Add support for full station state Add support for drivers that support full AP client state, i.e., can handle adding stations that are not associated yet. For such drivers, add a station after processing the authentication request, instead of adding it in the association response callback. Doing so is beneficial in cases where the driver cannot handle the add station request, in which case it is useless to perform the complete connection establishment. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-02-16 10:54:32 +01:00
!(sta->flags & WLAN_STA_PREAUTH)) {
Fix init of group state machine for static VLANs This ensures that group key is set as long as the interface exists. Additionally, ifconfig_up is needed as wpa_group will enter FATAL_FAILURE if the interface is still down. Also vlan_remove_dynamic() is moved after wpa_auth_sta_deinit() so vlan_remove_dynamic() can check it was the last user of the wpa_group. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-10-05 16:14:26 +02:00
hostapd_drv_sta_remove(hapd, sta->addr);
AP: Add support for full station state Add support for drivers that support full AP client state, i.e., can handle adding stations that are not associated yet. For such drivers, add a station after processing the authentication request, instead of adding it in the association response callback. Doing so is beneficial in cases where the driver cannot handle the add station request, in which case it is useless to perform the complete connection establishment. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-02-16 10:54:32 +01:00
sta->added_unassoc = 0;
}
Fix init of group state machine for static VLANs This ensures that group key is set as long as the interface exists. Additionally, ifconfig_up is needed as wpa_group will enter FATAL_FAILURE if the interface is still down. Also vlan_remove_dynamic() is moved after wpa_auth_sta_deinit() so vlan_remove_dynamic() can check it was the last user of the wpa_group. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-10-05 16:14:26 +02:00
vlan_remove_dynamic(hapd, sta->vlan_id_bound);
}
#endif /* CONFIG_NO_VLAN */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
os_free(sta->challenge);
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
os_free(sta->sa_query_trans_id);
eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
P2P: Add group notifications
2010-07-18 23:30:25 +02:00
#ifdef CONFIG_P2P
p2p_group_notif_disassoc(hapd->p2p_group, sta->addr);
#endif /* CONFIG_P2P */
Interworking: Add GAS server support for AP mode This adds GAS/ANQP implementation into hostapd. This commit brings in the basic GAS/ANQP functionality, but only the ANQP Capability List element is supported. For testing purposes, hostapd control interface SET command can be used to set the gas_frag_limit parameter dynamically. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 21:34:19 +01:00
#ifdef CONFIG_INTERWORKING
if (sta->gas_dialog) {
int i;
for (i = 0; i < GAS_DIALOG_MAX; i++)
gas_serv_dialog_clear(&sta->gas_dialog[i]);
os_free(sta->gas_dialog);
}
#endif /* CONFIG_INTERWORKING */
WPS: Parse Request Type from WPS IE in (Re)AssocReq and derive mgmt keys WPS IE is now passed from hostapd association processing into EAP-WSC and WPS processing. Request Type attribute is parsed from this information and if the request is for a WLAN Manager Registrar, additional management keys are derived (to be used with UPnP).
2008-11-29 11:11:56 +01:00
wpabuf_free(sta->wps_ie);
P2P: Save a copy of P2P IE(s) data from (Re)Association Request
2010-07-18 23:30:25 +02:00
wpabuf_free(sta->p2p_ie);
HS 2.0: Maintain a copy of HS 2.0 Indication from Association Request This allows the AP to figure out whether a station is a HS 2.0 STA during the association and access any information that the STA may have included in this element. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-21 23:19:17 +01:00
wpabuf_free(sta->hs20_ie);
HS 2.0: Copy Roaming Consortium OI from (Re)AssocReq to Access-Request This extends hostapd processing of (Re)Association Request frames to store a local copy of the Consortium OI within the Roaming Consortium Selection element, if present, and then add that in HS 2.0 Roaming Consortium attribute into RADIUS Access-Request messages. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 12:08:31 +02:00
wpabuf_free(sta->roaming_consortium);
FST: Store MB IEs from (Re)Association Request Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-21 14:30:48 +01:00
#ifdef CONFIG_FST
wpabuf_free(sta->mb_ies);
#endif /* CONFIG_FST */
WPS: Parse Request Type from WPS IE in (Re)AssocReq and derive mgmt keys WPS IE is now passed from hostapd association processing into EAP-WSC and WPS processing. Request Type attribute is parsed from this information and if the request is for a WLAN Manager Registrar, additional management keys are derived (to be used with UPnP).
2008-11-29 11:11:56 +01:00
Allocate sta->ht_capabilities dynamically This avoids need for conditional inclusion of header file into sta_info.h and cleans up the code a bit.
2009-11-29 20:07:52 +01:00
os_free(sta->ht_capabilities);
VHT: Fix memory leak in STA entry Commit de3cdf354a30256ece16866ff5a283b66e1471ae adding copying of the STA's VHT capabilities into the STA entry on the AP. This was done in allocated memory, but that new memory allocation was not freed anywhere. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-22 12:48:02 +01:00
os_free(sta->vht_capabilities);
Store the VHT Operation element of an associated STA APs and mesh peers use the VHT Operation element to advertise certain channel properties (e.g., the bandwidth of the channel). Save this information element so we can later access this information. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:24 +02:00
os_free(sta->vht_operation);
HE: Add AP mode MLME/SME handling for HE stations Process HE information in (Re)Association Request frames and add HE elements into (Re)Association Response frames when HE is enabled in the BSS. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
2019-05-20 09:55:05 +02:00
os_free(sta->he_capab);
Use a shared function for freeing PSK list There is no need to duplicate this code in multiple locations. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 17:01:55 +01:00
hostapd_free_psk_list(sta->psk);
Copy User-Name/CUI from RADIUS ACL to STA entry Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2012-08-19 13:20:10 +02:00
os_free(sta->identity);
os_free(sta->radius_cui);
HS 2.0R2 AP: Use Subscr Remediation request from RADIUS server If the RADIUS server includes the WFA RADIUS VSA in Access-Accept to indicate need for subscription remediation, copy the server URL from the message and send it to the station after successfully completed 4-way handshake (i.e., after PTK is set to allow PMF to work) in a WNM-Notification. AP must not allow PMKSA caching to be used after subscription remediation association, so do not add the PMKSA cache entry whenever the authentication server is indicating need for subscription remediation. This allows station reassociation to use EAP authentication to move to non-remediation connection. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-21 23:48:48 +01:00
os_free(sta->remediation_url);
HS 2.0: Move Terms and Conditions Server URL generation from AP to AS This makes it more convenient to generate the URL in a way that interoperates between different vendors. The AP is simply copying the already constructed URL as-is from Access-Accept to WNM-Notification. This means that the HO AAA can generate the URL in a manner that works for the associated T&C Server without having to coordinate with each AP. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-21 19:50:54 +02:00
os_free(sta->t_c_url);
HS 2.0R2 AP: Add support for deauthentication request If the RADIUS server includes deauthentication request in Access-Accept, send a WNM-Notification frame to the station after 4-way handshake and disconnect the station after configurable timeout. A new control interface command, WNM_DEAUTH_REQ, is added for testing purposes to allow the notification frame to sent based on local request. This case does not disconnect the station automatically, i.e., a separate control interface command would be needed for that. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-26 21:13:58 +02:00
wpabuf_free(sta->hs20_deauth_req);
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP If the authentication server includes the WFA HS 2.0 Session Info URL AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be transmitted specified warning time prior to session timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 23:39:30 +02:00
os_free(sta->hs20_session_info_url);
Allocate sta->ht_capabilities dynamically This avoids need for conditional inclusion of header file into sta_info.h and cleans up the code a bit.
2009-11-29 20:07:52 +01:00
SAE: Use a shared data structure for AP and station This makes it easier to share common functions for both roles. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-30 20:48:19 +01:00
#ifdef CONFIG_SAE
SAE: Maintain EC group context in struct sae_data This can be used to share same EC group context through the SAE exchange. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-01 10:29:53 +01:00
sae_clear_data(sta->sae);
SAE: Use a shared data structure for AP and station This makes it easier to share common functions for both roles. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-30 20:48:19 +01:00
os_free(sta->sae);
#endif /* CONFIG_SAE */
MBO: Parse non-preferred channel list on the AP This adds parsing of non-preferred channel list on an MBO AP. The information in (Re)Association Request and WNM Notification Request frames is parsed to get the initial value and updates from each associated MBO STA. The parsed information is available through the STA control interface command non_pref_chan[i] rows. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 19:37:21 +01:00
mbo_ap_sta_free(sta);
AP: Store STA supported operating classes information This makes hostapd track Supported Operating Classes information from the associated STAs. The stored information is available through the STA control interface command (supp_op_classes row) as a hexdump of the Supported Operating Classes element starting from the Length field. This information can be used as input to BSS transition management and channel switching decisions. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-24 11:20:31 +01:00
os_free(sta->supp_op_classes);
MBO: Parse non-preferred channel list on the AP This adds parsing of non-preferred channel list on an MBO AP. The information in (Re)Association Request and WNM Notification Request frames is parsed to get the initial value and updates from each associated MBO STA. The parsed information is available through the STA control interface command non_pref_chan[i] rows. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 19:37:21 +01:00
FILS: DHCP relay for HLP requests The new dhcp_server configuration parameter can now be used to configure hostapd to act as a DHCP relay for DHCPDISCOVER messages received as FILS HLP requests. The dhcp_rapid_commit_proxy=1 parameter can be used to configure hostapd to convert 4 message DHCP exchange into a 2 message exchange in case the DHCP server does not support DHCP rapid commit option. The fils_hlp_wait_time parameter can be used to set the time hostapd waits for an HLP response. This matches the dot11HLPWaitTime in IEEE Std 802.11ai-2016. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-31 13:38:44 +01:00
#ifdef CONFIG_FILS
os_free(sta->fils_pending_assoc_req);
wpabuf_free(sta->fils_hlp_resp);
wpabuf_free(sta->hlp_dhcp_discover);
eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
FILS: Add FILS SK auth PFS support in AP mode This adds an option to configure hostapd to enable use of perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime configuration parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would allow FILS SK PFS to be used with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 21:40:56 +01:00
#ifdef CONFIG_FILS_SK_PFS
crypto_ecdh_deinit(sta->fils_ecdh);
wpabuf_clear_free(sta->fils_dh_ss);
FILS: Fix Key-Auth derivation for SK+PFS for authenticator side The conditional gSTA and gAP (DH public keys) were not previously included in Key-Auth derivation, but they are needed for the PFS case. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-07 16:04:08 +02:00
wpabuf_free(sta->fils_g_sta);
FILS: Add FILS SK auth PFS support in AP mode This adds an option to configure hostapd to enable use of perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime configuration parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would allow FILS SK PFS to be used with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 21:40:56 +01:00
#endif /* CONFIG_FILS_SK_PFS */
FILS: DHCP relay for HLP requests The new dhcp_server configuration parameter can now be used to configure hostapd to act as a DHCP relay for DHCPDISCOVER messages received as FILS HLP requests. The dhcp_rapid_commit_proxy=1 parameter can be used to configure hostapd to convert 4 message DHCP exchange into a 2 message exchange in case the DHCP server does not support DHCP rapid commit option. The fils_hlp_wait_time parameter can be used to set the time hostapd waits for an HLP response. This matches the dot11HLPWaitTime in IEEE Std 802.11ai-2016. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-31 13:38:44 +01:00
#endif /* CONFIG_FILS */
OWE: Process Diffie-Hellman Parameter element in AP mode This adds AP side processing for OWE Diffie-Hellman Parameter element in (Re)Association Request frame and adding it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 00:26:43 +01:00
#ifdef CONFIG_OWE
OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in AP mode This extends OWE support in hostapd to allow DH groups 20 and 21 to be used in addition to the mandatory group 19 (NIST P-256). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 15:37:32 +02:00
bin_clear_free(sta->owe_pmk, sta->owe_pmk_len);
OWE: Process Diffie-Hellman Parameter element in AP mode This adds AP side processing for OWE Diffie-Hellman Parameter element in (Re)Association Request frame and adding it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 00:26:43 +01:00
crypto_ecdh_deinit(sta->owe_ecdh);
#endif /* CONFIG_OWE */
DPP2: PFS for PTK derivation Use Diffie-Hellman key exchange to derivate additional material for PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element (defined in OWE RFC 8110) is used in association frames to exchange the DH public keys. For backwards compatibility, ignore missing request/response DH parameter and fall back to no PFS in such cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-17 22:51:53 +01:00
#ifdef CONFIG_DPP2
dpp_pfs_free(sta->dpp_pfs);
sta->dpp_pfs = NULL;
#endif /* CONFIG_DPP2 */
hostapd: Add extended capabilities into STA command Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-06 17:03:25 +02:00
os_free(sta->ext_capability);
hostapd: Ignore LOW_ACK event for co-operative steering clients Ignore hostapd_event_sta_low_ack for a station which has agreed to steering by checking the agreed_to_steer flag. This flag will be set whenever a station accepts the BSS transition request from the AP. Without this ignoring of the LOW_ACK event, the steering in-progress might be affected due to disassociation. In this way AP will allow some time (two seconds) for the station to move away and reset the flag after the timeout. Co-Developed-by: Tamizh Chelvam <tamizhr@codeaurora.org> Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org> Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
2018-03-13 04:20:28 +01:00
#ifdef CONFIG_WNM_AP
eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
#endif /* CONFIG_WNM_AP */
hostapd: Add ctrl iface indications for WDS STA interface This allows user to get event indication when a new interface is added/removed for 4addr WDS STA and also WDS STA ifname is informed through the STA command. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-04-20 11:05:36 +02:00
os_free(sta->ifname_wds);
SAE: A bit optimized sae_confirm_immediate=2 for testing purposes sae_confirm_immediate=2 can now be used in CONFIG_TESTING_OPTIONS=y builds to minimize the latency between SAE Commit and SAE Confirm by postponing transmission of SAE Commit until the SAE Confirm frame is generated. This does not have significant impact, but can get the frames tiny bit closer to each other over the air to increase testing coverage. The only difference between sae_confirm_immediate 1 and 2 is in the former deriving KCK, PMK, PMKID, and CN between transmission of the frames (i.e., a small number of hash operations). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-08 19:52:26 +01:00
#ifdef CONFIG_TESTING_OPTIONS
os_free(sta->sae_postponed_commit);
#endif /* CONFIG_TESTING_OPTIONS */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
os_free(sta);
}
void hostapd_free_stas(struct hostapd_data *hapd)
{
struct sta_info *sta, *prev;
sta = hapd->sta_list;
while (sta) {
prev = sta;
if (sta->flags & WLAN_STA_AUTH) {
mlme_deauthenticate_indication(
hapd, sta, WLAN_REASON_UNSPECIFIED);
}
sta = sta->next;
wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
MAC2STR(prev->addr));
ap_free_sta(hapd, prev);
}
}
Moved documentation from developer.txt into source code files Use Doxygen comments for functions to replace the old text file that was not up-to-date anymore.
2009-01-08 15:33:00 +01:00
/**
* ap_handle_timer - Per STA timer handler
* @eloop_ctx: struct hostapd_data *
* @timeout_ctx: struct sta_info *
*
* This function is called to check station activity and to remove inactive
* stations.
*/
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
{
struct hostapd_data *hapd = eloop_ctx;
struct sta_info *sta = timeout_ctx;
unsigned long next_time = 0;
WNM: Add disassociation timeout processing for ESS_DISASSOC The hostapd_cli ess_disassoc command now takes three arguments (STA MAC address, timeout in ms, URL) and the STA is disconnected after the specified timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-05 17:41:26 +02:00
int reason;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d",
hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags,
AP: Add debug information for ap_handle_timer operations This makes it easier to figure out what exactly was done with the ap_handle_timer registration/cancellation based on a debug log. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 13:09:40 +02:00
sta->timeout_next);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
if (sta->timeout_next == STA_REMOVE) {
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
"local deauth request");
ap_free_sta(hapd, sta);
return;
}
if ((sta->flags & WLAN_STA_ASSOC) &&
(sta->timeout_next == STA_NULLFUNC ||
sta->timeout_next == STA_DISASSOC)) {
int inactive_sec;
AP: Add fuzz to idle-timer calculations This should keep us from getting into a state where we bounce large numbers of stations all at once. Spreading out the bounce should cause less stress on the network as the idle stations won't all be trying to reconnect at once. Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-04-06 10:47:29 +02:00
/*
* Add random value to timeout so that we don't end up bouncing
* all stations at the same time if we have lots of associated
* stations that are idle (but keep re-associating).
*/
int fuzz = os_random() % 20;
hostapd_driver_ops reduction set_sta_vlan, get_inact_sec, sta_deauth, sta_disassoc, and sta_remove to use inline functions instead of extra abstraction.
2010-11-24 14:36:02 +01:00
inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
if (inactive_sec == -1) {
Fix some recent wpa_msg() calls in hostapd use correct context wpa_msg() has to use hapd->msg_ctx instead of hapd as the context pointer to work properly in wpa_supplicant AP mode. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 21:04:17 +01:00
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
"Check inactivity: Could not "
Do not disconnect STA based on inactivity on driver failure Now that we can use driver_nl80211.c with non-mac80211 drivers that implement SME/MLME internally, we may not get inactivity time from the driver. If that is the case, we need to skip disconnection based on maximum inactivity timeout. This fixes some unexpected disconnection cases with ath6kl in AP mode. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-02 20:27:06 +01:00
"get station info from kernel driver for "
AP: Update logging related to inactivity and disassociation Add MAC addresses for stations and use wpa_msg instead of printf methods to make it easier to grep logs and find messages for the station in question. Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-24 16:44:45 +01:00
MACSTR, MAC2STR(sta->addr));
Do not disconnect STA based on inactivity on driver failure Now that we can use driver_nl80211.c with non-mac80211 drivers that implement SME/MLME internally, we may not get inactivity time from the driver. If that is the case, we need to skip disconnection based on maximum inactivity timeout. This fixes some unexpected disconnection cases with ath6kl in AP mode. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-02 20:27:06 +01:00
/*
* The driver may not support this functionality.
* Anyway, try again after the next inactivity timeout,
* but do not disconnect the station now.
*/
AP: Add fuzz to idle-timer calculations This should keep us from getting into a state where we bounce large numbers of stations all at once. Spreading out the bounce should cause less stress on the network as the idle stations won't all be trying to reconnect at once. Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-04-06 10:47:29 +02:00
next_time = hapd->conf->ap_max_inactivity + fuzz;
AP: Expire STA without entry in kernel If the inactivity check returns that there is no entry remaining for the STA in the kernel, drop the STA in hostapd as well. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-01-16 12:19:23 +01:00
} else if (inactive_sec == -ENOENT) {
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
"Station " MACSTR " has lost its driver entry",
MAC2STR(sta->addr));
hostapd: Avoid sending client probe on removed client Sending client probe on already removed client from kernel driver does not have any benefit and may lead unintended behavior among variable drivers (mac80211 has a WARN_ON() that could have been triggered after ifconfig down+up earlier when hostapd did not re-enable beaconing on ifup). Skip this step in discussion when the kernel driver reports that client entry is removed. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2015-02-09 22:23:53 +01:00
/* Avoid sending client probe on removed client */
sta->timeout_next = STA_DISASSOC;
goto skip_poll;
AP: Remove redundant condition for STA expiration This condition is always true because of surrounding if. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-01-16 12:00:57 +01:00
} else if (inactive_sec < hapd->conf->ap_max_inactivity) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/* station activity detected; reset timeout state */
Fix some recent wpa_msg() calls in hostapd use correct context wpa_msg() has to use hapd->msg_ctx instead of hapd as the context pointer to work properly in wpa_supplicant AP mode. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 21:04:17 +01:00
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
"Station " MACSTR " has been active %is ago",
AP: Update logging related to inactivity and disassociation Add MAC addresses for stations and use wpa_msg instead of printf methods to make it easier to grep logs and find messages for the station in question. Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-24 16:44:45 +01:00
MAC2STR(sta->addr), inactive_sec);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
sta->timeout_next = STA_NULLFUNC;
AP: Add fuzz to idle-timer calculations This should keep us from getting into a state where we bounce large numbers of stations all at once. Spreading out the bounce should cause less stress on the network as the idle stations won't all be trying to reconnect at once. Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-04-06 10:47:29 +02:00
next_time = hapd->conf->ap_max_inactivity + fuzz -
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
inactive_sec;
AP: Update logging related to inactivity and disassociation Add MAC addresses for stations and use wpa_msg instead of printf methods to make it easier to grep logs and find messages for the station in question. Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-24 16:44:45 +01:00
} else {
Fix some recent wpa_msg() calls in hostapd use correct context wpa_msg() has to use hapd->msg_ctx instead of hapd as the context pointer to work properly in wpa_supplicant AP mode. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 21:04:17 +01:00
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
"Station " MACSTR " has been "
AP: Update logging related to inactivity and disassociation Add MAC addresses for stations and use wpa_msg instead of printf methods to make it easier to grep logs and find messages for the station in question. Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-24 16:44:45 +01:00
"inactive too long: %d sec, max allowed: %d",
MAC2STR(sta->addr), inactive_sec,
hapd->conf->ap_max_inactivity);
hostapd: Make inactivity polling configurable hostapd uses the poll method to check if the station is alive after the station has been inactive for ap_max_inactivity seconds. Make the poll mechanism configurable so that user can choose to disconnect idle clients. This can be especially useful when some devices/firmwares have restrictions on the number of clients that can connect to the AP and that limit is smaller than the total number of stations trying to use the AP. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-12-25 19:57:01 +01:00
if (hapd->conf->skip_inactivity_poll)
sta->timeout_next = STA_DISASSOC;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
}
if ((sta->flags & WLAN_STA_ASSOC) &&
sta->timeout_next == STA_DISASSOC &&
hostapd: Make inactivity polling configurable hostapd uses the poll method to check if the station is alive after the station has been inactive for ap_max_inactivity seconds. Make the poll mechanism configurable so that user can choose to disconnect idle clients. This can be especially useful when some devices/firmwares have restrictions on the number of clients that can connect to the AP and that limit is smaller than the total number of stations trying to use the AP. Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com> Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
2011-12-25 19:57:01 +01:00
!(sta->flags & WLAN_STA_PENDING_POLL) &&
!hapd->conf->skip_inactivity_poll) {
Fix some recent wpa_msg() calls in hostapd use correct context wpa_msg() has to use hapd->msg_ctx instead of hapd as the context pointer to work properly in wpa_supplicant AP mode. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 21:04:17 +01:00
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
" has ACKed data poll", MAC2STR(sta->addr));
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/* data nullfunc frame poll did not produce TX errors; assume
* station ACKed it */
sta->timeout_next = STA_NULLFUNC;
next_time = hapd->conf->ap_max_inactivity;
}
hostapd: Avoid sending client probe on removed client Sending client probe on already removed client from kernel driver does not have any benefit and may lead unintended behavior among variable drivers (mac80211 has a WARN_ON() that could have been triggered after ifconfig down+up earlier when hostapd did not re-enable beaconing on ifup). Skip this step in discussion when the kernel driver reports that client entry is removed. Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2015-02-09 22:23:53 +01:00
skip_poll:
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
if (next_time) {
AP: Add debug information for ap_handle_timer operations This makes it easier to figure out what exactly was done with the ap_handle_timer registration/cancellation based on a debug log. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 13:09:40 +02:00
wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
"for " MACSTR " (%lu seconds)",
__func__, MAC2STR(sta->addr), next_time);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
sta);
return;
}
if (sta->timeout_next == STA_NULLFUNC &&
(sta->flags & WLAN_STA_ASSOC)) {
AP: Do station poll in driver wrapper This offloads the station polling to driver wrappers, which may offload it again to the driver. The hostap driver wrapper uses "real" data frames while nl80211 uses null data frames. Also add a specific event to indicate that a poll was successful for future use with the nl80211 driver.
2011-10-20 20:03:08 +02:00
wpa_printf(MSG_DEBUG, " Polling STA");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
sta->flags |= WLAN_STA_PENDING_POLL;
AP: Do station poll in driver wrapper This offloads the station polling to driver wrappers, which may offload it again to the driver. The hostap driver wrapper uses "real" data frames while nl80211 uses null data frames. Also add a specific event to indicate that a poll was successful for future use with the nl80211 driver.
2011-10-20 20:03:08 +02:00
hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr,
sta->flags & WLAN_STA_WMM);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
} else if (sta->timeout_next != STA_REMOVE) {
int deauth = sta->timeout_next == STA_DEAUTH;
Do not disassociate not-associated STA on timeout If the ap_handle_timer() timeout is reached for a not-associated STA, do not default to disassociating that STA first since Disassociation frame is not really appropriate to send to a STA that is not in associated state. Instead, skip directly to deauthentication and STA entry removal. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-02-11 16:37:08 +01:00
if (!deauth && !(sta->flags & WLAN_STA_ASSOC)) {
/* Cannot disassociate not-associated STA, so move
* directly to deauthentication. */
sta->timeout_next = STA_DEAUTH;
deauth = 1;
}
AP: Improve disconnect and timeout related logging This previously helped when debugging some auth issues when hitting the AP with 128 association attempts all at once. Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-12-10 15:34:52 +01:00
wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
"Timeout, sending %s info to STA " MACSTR,
deauth ? "deauthentication" : "disassociation",
MAC2STR(sta->addr));
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
if (deauth) {
hostapd_driver_ops reduction set_sta_vlan, get_inact_sec, sta_deauth, sta_disassoc, and sta_remove to use inline functions instead of extra abstraction.
2010-11-24 14:36:02 +01:00
hostapd_drv_sta_deauth(
hapd, sta->addr,
WLAN_REASON_PREV_AUTH_NOT_VALID);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
} else {
WNM: Add disassociation timeout processing for ESS_DISASSOC The hostapd_cli ess_disassoc command now takes three arguments (STA MAC address, timeout in ms, URL) and the STA is disconnected after the specified timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-05 17:41:26 +02:00
reason = (sta->timeout_next == STA_DISASSOC) ?
WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
WLAN_REASON_PREV_AUTH_NOT_VALID;
hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
}
switch (sta->timeout_next) {
case STA_NULLFUNC:
sta->timeout_next = STA_DISASSOC;
AP: Add debug information for ap_handle_timer operations This makes it easier to figure out what exactly was done with the ap_handle_timer registration/cancellation based on a debug log. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 13:09:40 +02:00
wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
"for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)",
__func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
hapd, sta);
break;
case STA_DISASSOC:
WNM: Add disassociation timeout processing for ESS_DISASSOC The hostapd_cli ess_disassoc command now takes three arguments (STA MAC address, timeout in ms, URL) and the STA is disconnected after the specified timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-05 17:41:26 +02:00
case STA_DISASSOC_FROM_CLI:
Move AP events for STA connected/disconnected into one function Instead of trying to remember to add wpa_msg() calls for every possible path where a STA becomes authorized or unauthorized, use ap_sta_set_authorized() to send these events more consistently. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 21:17:41 +01:00
ap_sta_set_authorized(hapd, sta, 0);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
sta->flags &= ~WLAN_STA_ASSOC;
ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
if (!sta->acct_terminate_cause)
sta->acct_terminate_cause =
RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
accounting_sta_stop(hapd, sta);
HS 2.0: Postpone WNM-Notification sending by 100 ms This makes it somewhat easier for the station to be able to receive and process the encrypted WNM-Notification frames that the AP previously sentt immediately after receiving EAPOL-Key msg 4/4. While the station is supposed to have the TK configured for receive before sending out EAPOL-Key msg 4/4, not many actual implementations do that. As such, there is a race condition in being able to configure the key at the station and the AP sending out the first encrypted frame after EAPOL-Key 4/4. The extra 100 ms time here makes it more likely for the station to have managed to configure the key in time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 20:46:08 +01:00
ieee802_1x_free_station(hapd, sta);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO, "disassociated due to "
"inactivity");
WNM: Add disassociation timeout processing for ESS_DISASSOC The hostapd_cli ess_disassoc command now takes three arguments (STA MAC address, timeout in ms, URL) and the STA is disconnected after the specified timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-05 17:41:26 +02:00
reason = (sta->timeout_next == STA_DISASSOC) ?
WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
WLAN_REASON_PREV_AUTH_NOT_VALID;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
sta->timeout_next = STA_DEAUTH;
AP: Add debug information for ap_handle_timer operations This makes it easier to figure out what exactly was done with the ap_handle_timer registration/cancellation based on a debug log. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 13:09:40 +02:00
wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
"for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)",
__func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
hapd, sta);
WNM: Add disassociation timeout processing for ESS_DISASSOC The hostapd_cli ess_disassoc command now takes three arguments (STA MAC address, timeout in ms, URL) and the STA is disconnected after the specified timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-05 17:41:26 +02:00
mlme_disassociate_indication(hapd, sta, reason);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
break;
case STA_DEAUTH:
case STA_REMOVE:
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
AP: Improve disconnect and timeout related logging This previously helped when debugging some auth issues when hitting the AP with 128 association attempts all at once. Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-12-10 15:34:52 +01:00
"inactivity (timer DEAUTH/REMOVE)");
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
if (!sta->acct_terminate_cause)
sta->acct_terminate_cause =
RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
mlme_deauthenticate_indication(
hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
ap_free_sta(hapd, sta);
break;
}
}
static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
{
struct hostapd_data *hapd = eloop_ctx;
struct sta_info *sta = timeout_ctx;
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
hapd->conf->iface, MAC2STR(sta->addr));
Ensure authenticator session timer is applied with wired driver We use the wired driver for wired port authentication with a slight extension to add the port into a bridge upon successful authentication and to remove it from the bridge when the session terminates. Our expectation was that the Session-Timeout configuration at the RADIUS server is respected, i.e. the session is terminated and would need re-authentication - like it is working for WLAN sessions over the nl80211 driver. Alas, it turned out the session is not terminated with the wired driver. It turned out that when ap_handle_session_timer() is executed, the sta->flags of the wired port has only the WLAN_STA_AUTHORIZED bit set. The WLAN_STA_AUTH bit, which is used to check whether the STA needs to be de-authenticated, is missing. Extend the check for any of the WLAN_STA_(AUTH | ASSOC | AUTHORIZED) bits to solve this issue with the wired driver. That should not have any side-effect for the WLAN cases since WLAN_STA_AUTH is expected to always be set for those when there is an ongoing session and separate checks for ASSOC and AUTHORIZED don't change this. Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
2019-04-29 11:00:02 +02:00
if (!(sta->flags & (WLAN_STA_AUTH | WLAN_STA_ASSOC |
WLAN_STA_AUTHORIZED))) {
Interworking: Add GAS server support for AP mode This adds GAS/ANQP implementation into hostapd. This commit brings in the basic GAS/ANQP functionality, but only the ANQP Capability List element is supported. For testing purposes, hostapd control interface SET command can be used to set the gas_frag_limit parameter dynamically. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 21:34:19 +01:00
if (sta->flags & WLAN_STA_GAS) {
wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
"entry " MACSTR, MAC2STR(sta->addr));
ap_free_sta(hapd, sta);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
return;
Interworking: Add GAS server support for AP mode This adds GAS/ANQP implementation into hostapd. This commit brings in the basic GAS/ANQP functionality, but only the ANQP Capability List element is supported. For testing purposes, hostapd control interface SET command can be used to set the gas_frag_limit parameter dynamically. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 21:34:19 +01:00
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
Fix PMF protect disconnection on session timeout Request the driver to send a Deauthentication frame before doing any other disconnection steps on the session timeout path. This is needed when PMF is negotiated for the association since the driver will need to find the STA entry and the PTK for it to be able to protect the robust Deauthentication frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-07 22:23:41 +01:00
hostapd_drv_sta_deauth(hapd, sta->addr,
WLAN_REASON_PREV_AUTH_NOT_VALID);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
mlme_deauthenticate_indication(hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
"session timeout");
sta->acct_terminate_cause =
RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
ap_free_sta(hapd, sta);
}
GAS: Replenish AP station session timer to 5 seconds If remaining AP session timeout is less than 5 seconds for an existing station, replenish the timeout to 5 seconds. This allows stations to be able to recycle a dialog token value beyond 5 seconds for GAS exchange. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 22:20:28 +01:00
void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta,
u32 session_timeout)
{
if (eloop_replenish_timeout(session_timeout, 0,
Fix req_scan-deplete-timeout and update eloop API for this Commit e2f5a9889a3a2bb8f1eed0cf274c7fbbabe3e9de was supposed to prevent new scan request from pushing out the old one. However, it did not really do that since eloop_deplete_timeout() returned 0 both for the case where the old timeout existed (and was sooner) and if the old timeout did not exist. It returned 1 only for the case where an old timeout did exist and was larger than the new requested value. That case used to result in wpa_supplicant_req_scan() rescheduling the timeout, but hew code in eloop_deplete_timeout() did the exact same thing and as such, did not really change anything apart from the debug log message. Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for that matter since it is very similar) to return three different values based on whether the timeout existed or not and if yes, whether it was modified. This allows wpa_supplicant_req_scan() to schedule a new timeout only in the case there was no old timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 08:59:38 +01:00
ap_handle_session_timer, hapd, sta) == 1) {
GAS: Replenish AP station session timer to 5 seconds If remaining AP session timeout is less than 5 seconds for an existing station, replenish the timeout to 5 seconds. This allows stations to be able to recycle a dialog token value beyond 5 seconds for GAS exchange. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 22:20:28 +01:00
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG, "setting session timeout "
"to %d seconds", session_timeout);
}
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
u32 session_timeout)
{
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
"seconds", session_timeout);
eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
hapd, sta);
}
void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
{
eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
}
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP If the authentication server includes the WFA HS 2.0 Session Info URL AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be transmitted specified warning time prior to session timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 23:39:30 +02:00
static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx)
{
WNM: Differentiate between WNM for station and for AP in build Previously, CONFIG_WNM enabled build that supports WNM for both station mode and AP mode. However, in most wpa_supplicant cases only station mode WNM is required and there is no need for AP mode WNM. Add support to differentiate between station mode WNM and AP mode WNM in wpa_supplicant builds by adding CONFIG_WNM_AP that should be used when AP mode WNM support is required in addition to station mode WNM. This allows binary size to be reduced for builds that require only the station side WNM functionality. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-06-12 08:29:27 +02:00
#ifdef CONFIG_WNM_AP
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP If the authentication server includes the WFA HS 2.0 Session Info URL AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be transmitted specified warning time prior to session timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 23:39:30 +02:00
struct hostapd_data *hapd = eloop_ctx;
struct sta_info *sta = timeout_ctx;
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for "
MACSTR, hapd->conf->iface, MAC2STR(sta->addr));
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP If the authentication server includes the WFA HS 2.0 Session Info URL AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be transmitted specified warning time prior to session timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 23:39:30 +02:00
if (sta->hs20_session_info_url == NULL)
return;
wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url,
sta->hs20_disassoc_timer);
WNM: Differentiate between WNM for station and for AP in build Previously, CONFIG_WNM enabled build that supports WNM for both station mode and AP mode. However, in most wpa_supplicant cases only station mode WNM is required and there is no need for AP mode WNM. Add support to differentiate between station mode WNM and AP mode WNM in wpa_supplicant builds by adding CONFIG_WNM_AP that should be used when AP mode WNM support is required in addition to station mode WNM. This allows binary size to be reduced for builds that require only the station side WNM functionality. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-06-12 08:29:27 +02:00
#endif /* CONFIG_WNM_AP */
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP If the authentication server includes the WFA HS 2.0 Session Info URL AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be transmitted specified warning time prior to session timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 23:39:30 +02:00
}
void ap_sta_session_warning_timeout(struct hostapd_data *hapd,
struct sta_info *sta, int warning_time)
{
eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer,
hapd, sta);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
{
struct sta_info *sta;
AP: add station with basic rates configuration When a new station is added, let it have some supported rates (they're empty without this change), using the basic rates that it must support to connect. This, together with the kernel-side changes for client-side, lets us finish the complete auth/assoc handshake with higher rates than the mandatory ones, without any further config. However, the downside to this is that a broken station that doesn't check the basic rates are supported before it tries to connect will possibly not get any response to its auth frame. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 11:14:07 +02:00
int i;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
sta = ap_get_sta(hapd, addr);
if (sta)
return sta;
wpa_printf(MSG_DEBUG, " New STA");
if (hapd->num_sta >= hapd->conf->max_num_sta) {
/* FIX: might try to remove some old STAs first? */
wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
hapd->num_sta, hapd->conf->max_num_sta);
return NULL;
}
sta = os_zalloc(sizeof(struct sta_info));
if (sta == NULL) {
wpa_printf(MSG_ERROR, "malloc failed");
return NULL;
}
Move acct_interim_interval away from RADIUS client configuration This is not used at all inside RADIUS client and as such, it belongs into hostapd configuration.
2009-11-28 22:03:20 +01:00
sta->acct_interim_interval = hapd->conf->acct_interim_interval;
RADIUS: Use more likely unique accounting Acct-{,Multi-}Session-Id Rework the Acct-Session-Id and Acct-Multi-Session-Id implementation to give better global and temporal uniqueness. Previously, only 32-bits of the Acct-Session-Id would contain random data, the other 32-bits would be incremented. Previously, the Acct-Multi-Session-Id would not use random data. Switch from two u32 variables to a single u64 for the Acct-Session-Id and Acct-Multi-Session-Id. Do not increment, this serves no legitimate purpose. Exclusively use os_get_random() to get quality random numbers, do not use or mix in the time. Inherently take a dependency on /dev/urandom working properly therefore. Remove the global Acct-Session-Id and Acct-Multi-Session-Id values that serve no legitimate purpose. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-01-24 12:37:46 +01:00
if (accounting_sta_get_id(hapd, sta) < 0) {
os_free(sta);
return NULL;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
AP: add station with basic rates configuration When a new station is added, let it have some supported rates (they're empty without this change), using the basic rates that it must support to connect. This, together with the kernel-side changes for client-side, lets us finish the complete auth/assoc handshake with higher rates than the mandatory ones, without any further config. However, the downside to this is that a broken station that doesn't check the basic rates are supported before it tries to connect will possibly not get any response to its auth frame. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2019-05-28 11:14:07 +02:00
for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) {
if (!hapd->iface->basic_rates)
break;
if (hapd->iface->basic_rates[i] < 0)
break;
sta->supported_rates[i] = hapd->iface->basic_rates[i] / 5;
}
sta->supported_rates_len = i;
AP: Fix inactivity STA timer trigger for driver offload case Some non-mac80211 drivers, such as ath6kl, support STA inactivity timer in firmware and may not provide connected stations' idle time to the userspace. If the driver indicates support for offloaded operation, do not start the inactivity timer in the hostapd. Signed-hostap: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
2013-05-16 16:44:31 +02:00
if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) {
wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
"for " MACSTR " (%d seconds - ap_max_inactivity)",
__func__, MAC2STR(addr),
hapd->conf->ap_max_inactivity);
eloop_register_timeout(hapd->conf->ap_max_inactivity, 0,
ap_handle_timer, hapd, sta);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/* initialize STA info data */
os_memcpy(sta->addr, addr, ETH_ALEN);
sta->next = hapd->sta_list;
hapd->sta_list = sta;
hapd->num_sta++;
ap_sta_hash_add(hapd, sta);
hostapd: allow stations to move between different bss interfaces With this patch, a client gets kicked out of the last BSS it was attached to, when it is associating to a different one. While mac80211 does allow a station to be present on multiple bss interfaces, this does seem to cause problems both for the stack and for hostapd.
2010-03-06 21:30:25 +01:00
ap_sta_remove_in_other_bss(hapd, sta);
AP: Drop retransmitted auth/assoc/action frames It is possible that a station device might miss an ACK for an authentication, association, or action frame, and thus retransmit the same frame although the frame is already being processed in the stack. While the duplicated frame should really be dropped in the kernel or firmware code where duplicate detection is implemented for data frames, it is possible that pre-association cases are not fully addressed (which is the case at least with mac80211 today) and the frame may be delivered to upper layer stack. In such a case, the local AP will process the retransmitted frame although it has already handled the request, which might cause the station to get confused and as a result disconnect from the AP, blacklist it, etc. To avoid such a case, save the sequence control of the last processed management frame and in case of retransmissions drop them. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-11-05 09:50:34 +01:00
sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
AP: Add Neighbor Discovery snooping mechanism for Proxy ARP This commit establishes the infrastructure, and handles the Neighbor Solicitation and Neighbor Advertisement frames. This will be extended in the future to handle other frames. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-01 07:33:41 +01:00
dl_list_init(&sta->ip6addr);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
taxonomy: Store Probe Request frames in hostapd_sta_info A weakness in the initial client taxonomy mechanism is from storing both the Probe and Associate in struct sta_info. struct sta_info is created after a client associates (or starts authentication frame exchange), which means that any Probe Request frames sent prior to association are not retained. The Associate Request frame has to be seen, and then another Probe Request frame after association, before we have a signature for the client. Most clients send lots of Probe Request frames (lots and lots and lots of Probes, actually), but a few do not. ChromeOS is notably sparing in sending Probe Request frames, it can take a long time before a signature for a ChromeOS device is available. Store the most recent Probe Request frame in struct hostapd_sta_info tracking list. When a struct sta_info is created, move the Probe Request frame information from struct hostapd_sta_info to struct sta_info. Signed-off-by: dgentry@google.com (Denton Gentry) Signed-off-by: denny@geekhold.com (Denton Gentry) Signed-off-by: rofrankel@google.com (Richard Frankel) Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-08-15 06:42:49 +02:00
#ifdef CONFIG_TAXONOMY
sta_track_claim_taxonomy_info(hapd->iface, addr,
&sta->probe_ie_taxonomy);
#endif /* CONFIG_TAXONOMY */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
return sta;
}
static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
{
ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
AP: Add support for Proxy ARP, DHCP snooping mechanism Proxy ARP allows the AP devices to keep track of the hardware address to IP address mapping of the STA devices within the BSS. When a request for such information is made (i.e., ARP request, Neighbor Solicitation), the AP will respond on behalf of the STA device within the BSS. Such requests could originate from a device within the BSS or also from the bridge. In the process of the AP replying to the request (i.e., ARP reply, Neighbor Advertisement), the AP will drop the original request frame. The relevant STA will not even know that such information was ever requested. This feature is a requirement for Hotspot 2.0, and is defined in IEEE Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly resides in the kernel bridge code, in order to optimize the performance and simplify kernel implementation, the DHCP snooping code was added to the hostapd. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
if (sta->ipaddr)
AP: Extend the BSS bridge neighbor entry management to support IPv6 This allows adding/deleting an IPv6 neighbor entry to/from the bridge, to which the BSS belongs. This commit adds the needed functionality in driver_nl80211.c for the Linux bridge implementation. In theory, this could be shared with multiple Linux driver interfaces, but for now, only the main nl80211 interface is supported. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-06 01:15:46 +01:00
hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
AP: Add Neighbor Discovery snooping mechanism for Proxy ARP This commit establishes the infrastructure, and handles the Neighbor Solicitation and Neighbor Advertisement frames. This will be extended in the future to handle other frames. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-01 07:33:41 +01:00
ap_sta_ip6addr_del(hapd, sta);
AP: Add support for Proxy ARP, DHCP snooping mechanism Proxy ARP allows the AP devices to keep track of the hardware address to IP address mapping of the STA devices within the BSS. When a request for such information is made (i.e., ARP request, Neighbor Solicitation), the AP will respond on behalf of the STA device within the BSS. Such requests could originate from a device within the BSS or also from the bridge. In the process of the AP replying to the request (i.e., ARP reply, Neighbor Advertisement), the AP will drop the original request frame. The relevant STA will not even know that such information was ever requested. This feature is a requirement for Hotspot 2.0, and is defined in IEEE Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly resides in the kernel bridge code, in order to optimize the performance and simplify kernel implementation, the DHCP snooping code was added to the hostapd. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver",
hapd->conf->iface, MAC2STR(sta->addr));
hostapd_driver_ops reduction set_sta_vlan, get_inact_sec, sta_deauth, sta_disassoc, and sta_remove to use inline functions instead of extra abstraction.
2010-11-24 14:36:02 +01:00
if (hostapd_drv_sta_remove(hapd, sta->addr) &&
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
sta->flags & WLAN_STA_ASSOC) {
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR
" from kernel driver",
hapd->conf->iface, MAC2STR(sta->addr));
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
return -1;
}
AP: Add support for full station state Add support for drivers that support full AP client state, i.e., can handle adding stations that are not associated yet. For such drivers, add a station after processing the authentication request, instead of adding it in the association response callback. Doing so is beneficial in cases where the driver cannot handle the add station request, in which case it is useless to perform the complete connection establishment. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-02-16 10:54:32 +01:00
sta->added_unassoc = 0;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
return 0;
}
hostapd: allow stations to move between different bss interfaces With this patch, a client gets kicked out of the last BSS it was attached to, when it is associating to a different one. While mac80211 does allow a station to be present on multiple bss interfaces, this does seem to cause problems both for the stack and for hostapd.
2010-03-06 21:30:25 +01:00
static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
struct sta_info *sta)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
{
struct hostapd_iface *iface = hapd->iface;
size_t i;
for (i = 0; i < iface->num_bss; i++) {
struct hostapd_data *bss = iface->bss[i];
struct sta_info *sta2;
/* bss should always be set during operation, but it may be
* NULL during reconfiguration. Assume the STA is not
* associated to another BSS in that case to avoid NULL pointer
* dereferences. */
if (bss == hapd || bss == NULL)
continue;
sta2 = ap_get_sta(bss, sta->addr);
hostapd: allow stations to move between different bss interfaces With this patch, a client gets kicked out of the last BSS it was attached to, when it is associating to a different one. While mac80211 does allow a station to be present on multiple bss interfaces, this does seem to cause problems both for the stack and for hostapd.
2010-03-06 21:30:25 +01:00
if (!sta2)
continue;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR
" association from another BSS %s",
hapd->conf->iface, MAC2STR(sta2->addr),
bss->conf->iface);
hostapd: allow stations to move between different bss interfaces With this patch, a client gets kicked out of the last BSS it was attached to, when it is associating to a different one. While mac80211 does allow a station to be present on multiple bss interfaces, this does seem to cause problems both for the stack and for hostapd.
2010-03-06 21:30:25 +01:00
ap_sta_disconnect(bss, sta2, sta2->addr,
WLAN_REASON_PREV_AUTH_NOT_VALID);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx)
{
struct hostapd_data *hapd = eloop_ctx;
struct sta_info *sta = timeout_ctx;
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR,
hapd->conf->iface, MAC2STR(sta->addr));
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
ap_sta_remove(hapd, sta);
mlme_disassociate_indication(hapd, sta, sta->disassoc_reason);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
u16 reason)
{
wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
hapd->conf->iface, MAC2STR(sta->addr));
AP: Drop retransmitted auth/assoc/action frames It is possible that a station device might miss an ACK for an authentication, association, or action frame, and thus retransmit the same frame although the frame is already being processed in the stack. While the duplicated frame should really be dropped in the kernel or firmware code where duplicate detection is implemented for data frames, it is possible that pre-association cases are not fully addressed (which is the case at least with mac80211 today) and the frame may be delivered to upper layer stack. In such a case, the local AP will process the retransmitted frame although it has already handled the request, which might cause the station to get confused and as a result disconnect from the AP, blacklist it, etc. To avoid such a case, save the sequence control of the last processed management frame and in case of retransmissions drop them. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-11-05 09:50:34 +01:00
sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
AP: Skip authentication/deauthentication phase for DMG/IEEE 802.11ad Authentication and Deauthentication frames are not used in DMG/IEEE 802.11ad networks. For DMG/IEEE 802.11ad the following was implemented: Upon receiving association request, allocate the sta object and initialize it as if authentication took place. Upon receiving disassociation, deallocate the sta object. ap_sta_disassociate/ap_sta_deauthenticate/ap_sta_disconnect all use disassociation instead of deauthentication. In driver_nl80211, i802_sta_deauth() is routed to i802_sta_disassoc(). Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-12-26 20:00:51 +01:00
if (hapd->iface->current_mode &&
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
/* Skip deauthentication in DMG/IEEE 802.11ad */
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
WLAN_STA_ASSOC_REQ_OK);
sta->timeout_next = STA_REMOVE;
} else {
sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
sta->timeout_next = STA_DEAUTH;
}
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
ap_sta_set_authorized(hapd, sta, 0);
AP: Add debug information for ap_handle_timer operations This makes it easier to figure out what exactly was done with the ap_handle_timer registration/cancellation based on a debug log. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 13:09:40 +02:00
wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
"for " MACSTR " (%d seconds - "
"AP_MAX_INACTIVITY_AFTER_DISASSOC)",
__func__, MAC2STR(sta->addr),
AP_MAX_INACTIVITY_AFTER_DISASSOC);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
eloop_cancel_timeout(ap_handle_timer, hapd, sta);
eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
ap_handle_timer, hapd, sta);
accounting_sta_stop(hapd, sta);
HS 2.0: Postpone WNM-Notification sending by 100 ms This makes it somewhat easier for the station to be able to receive and process the encrypted WNM-Notification frames that the AP previously sentt immediately after receiving EAPOL-Key msg 4/4. While the station is supposed to have the TK configured for receive before sending out EAPOL-Key msg 4/4, not many actual implementations do that. As such, there is a race condition in being able to configure the key at the station and the AP sending out the first encrypted frame after EAPOL-Key 4/4. The extra 100 ms time here makes it more likely for the station to have managed to configure the key in time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 20:46:08 +01:00
ieee802_1x_free_station(hapd, sta);
WPA: Stop WPA statement on STA disassociation This is needed to avoid leaving some timers (e.g., for PTK rekeying) running afrer a STA has disassociated. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-04-18 17:17:07 +02:00
wpa_auth_sta_deinit(sta->wpa_sm);
sta->wpa_sm = NULL;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
sta->disassoc_reason = reason;
Fix Deauth/Disassoc callback handling with test frames The Deauth/Disassoc TX status callbacks were ending up kicking the station entry from kernel driver when test functionality was used to inject Deauth/Disassoc frames from the AP with the purpose of leaving the local association in place. Fix this by using STA flags to figure out whether there was a pending callback for the frame that we need to act on. In addition, add forgotten functionality for the Disassoc TX status callback to match the behavior with Deauth.
2011-09-06 20:03:02 +02:00
sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
eloop_register_timeout(hapd->iface->drv_flags &
WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
ap_sta_disassoc_cb_timeout, hapd, sta);
}
static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx)
{
struct hostapd_data *hapd = eloop_ctx;
struct sta_info *sta = timeout_ctx;
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR,
hapd->conf->iface, MAC2STR(sta->addr));
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
ap_sta_remove(hapd, sta);
mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
u16 reason)
{
AP: Skip authentication/deauthentication phase for DMG/IEEE 802.11ad Authentication and Deauthentication frames are not used in DMG/IEEE 802.11ad networks. For DMG/IEEE 802.11ad the following was implemented: Upon receiving association request, allocate the sta object and initialize it as if authentication took place. Upon receiving disassociation, deallocate the sta object. ap_sta_disassociate/ap_sta_deauthenticate/ap_sta_disconnect all use disassociation instead of deauthentication. In driver_nl80211, i802_sta_deauth() is routed to i802_sta_disassoc(). Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-12-26 20:00:51 +01:00
if (hapd->iface->current_mode &&
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
/* Deauthentication is not used in DMG/IEEE 802.11ad;
* disassociate the STA instead. */
ap_sta_disassociate(hapd, sta, reason);
return;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
hapd->conf->iface, MAC2STR(sta->addr));
AP: Drop retransmitted auth/assoc/action frames It is possible that a station device might miss an ACK for an authentication, association, or action frame, and thus retransmit the same frame although the frame is already being processed in the stack. While the duplicated frame should really be dropped in the kernel or firmware code where duplicate detection is implemented for data frames, it is possible that pre-association cases are not fully addressed (which is the case at least with mac80211 today) and the frame may be delivered to upper layer stack. In such a case, the local AP will process the retransmitted frame although it has already handled the request, which might cause the station to get confused and as a result disconnect from the AP, blacklist it, etc. To avoid such a case, save the sequence control of the last processed management frame and in case of retransmissions drop them. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-11-05 09:50:34 +01:00
sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
Clear WLAN_STA_ASSOC_REQ_OK on AP-initiated deauthentication This flag was left in the STA entry for the short duration after the STA gets deauthenticated. If the STA sends a Class 2 or 3 frame during that short time, the AP would not have replied with Deauthentication frame indicating no association is present. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-29 12:31:54 +01:00
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
ap_sta_set_authorized(hapd, sta, 0);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
sta->timeout_next = STA_REMOVE;
AP: Add debug information for ap_handle_timer operations This makes it easier to figure out what exactly was done with the ap_handle_timer registration/cancellation based on a debug log. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 13:09:40 +02:00
wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
"for " MACSTR " (%d seconds - "
"AP_MAX_INACTIVITY_AFTER_DEAUTH)",
__func__, MAC2STR(sta->addr),
AP_MAX_INACTIVITY_AFTER_DEAUTH);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
eloop_cancel_timeout(ap_handle_timer, hapd, sta);
eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
ap_handle_timer, hapd, sta);
accounting_sta_stop(hapd, sta);
HS 2.0: Postpone WNM-Notification sending by 100 ms This makes it somewhat easier for the station to be able to receive and process the encrypted WNM-Notification frames that the AP previously sentt immediately after receiving EAPOL-Key msg 4/4. While the station is supposed to have the TK configured for receive before sending out EAPOL-Key msg 4/4, not many actual implementations do that. As such, there is a race condition in being able to configure the key at the station and the AP sending out the first encrypted frame after EAPOL-Key 4/4. The extra 100 ms time here makes it more likely for the station to have managed to configure the key in time. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 20:46:08 +01:00
ieee802_1x_free_station(hapd, sta);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
sta->deauth_reason = reason;
Fix Deauth/Disassoc callback handling with test frames The Deauth/Disassoc TX status callbacks were ending up kicking the station entry from kernel driver when test functionality was used to inject Deauth/Disassoc frames from the AP with the purpose of leaving the local association in place. Fix this by using STA flags to figure out whether there was a pending callback for the frame that we need to act on. In addition, add forgotten functionality for the Disassoc TX status callback to match the behavior with Deauth.
2011-09-06 20:03:02 +02:00
sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
eloop_register_timeout(hapd->iface->drv_flags &
WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
ap_sta_deauth_cb_timeout, hapd, sta);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
Add wps_cancel for hostapd_cli Implement wps_cancel for hostapd similarly to how it was already supported in wpa_supplicant AP mode. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-19 07:23:31 +01:00
#ifdef CONFIG_WPS
int ap_sta_wps_cancel(struct hostapd_data *hapd,
struct sta_info *sta, void *ctx)
{
if (sta && (sta->flags & WLAN_STA_WPS)) {
ap_sta_deauthenticate(hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR,
__func__, MAC2STR(sta->addr));
return 1;
}
return 0;
}
#endif /* CONFIG_WPS */
radius: Add tagged VLAN parsing 1. Add tagged VLAN to struct vlan_description (compile limited number of tagged VLANs per description) For k tagged VLANs, the first k entries in vlan_description.tagged are used. They are sorted in ascending order. All other entries are zero. This way os_memcmp() can find identical configurations. 2. Let tagged VLANs be parsed from RADIUS Access-Accept 3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set 4. Select an unused vlan_id > 4096 for new tagged VLAN configurations 5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:57 +01:00
static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd)
{
struct hostapd_vlan *vlan;
int vlan_id = MAX_VLAN_ID + 2;
retry:
for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
if (vlan->vlan_id == vlan_id) {
vlan_id++;
goto retry;
}
}
return vlan_id;
}
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta,
struct vlan_description *vlan_desc)
{
struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL;
int old_vlan_id, vlan_id = 0, ret = 0;
radius: Add tagged VLAN parsing 1. Add tagged VLAN to struct vlan_description (compile limited number of tagged VLANs per description) For k tagged VLANs, the first k entries in vlan_description.tagged are used. They are sorted in ascending order. All other entries are zero. This way os_memcmp() can find identical configurations. 2. Let tagged VLANs be parsed from RADIUS Access-Accept 3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set 4. Select an unused vlan_id > 4096 for new tagged VLAN configurations 5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:57 +01:00
/* Check if there is something to do */
VLAN: Add per-STA vif option This allows the stations to be assigned to their own vif. It does not need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if !vlan_desc.notempty, so vlan_id can be assigned regardless. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:52:00 +01:00
if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) {
/* This sta is lacking its own vif */
} else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED &&
!hapd->conf->ssid.per_sta_vif && sta->vlan_id) {
/* sta->vlan_id needs to be reset */
} else if (!vlan_compare(vlan_desc, sta->vlan_desc)) {
radius: Add tagged VLAN parsing 1. Add tagged VLAN to struct vlan_description (compile limited number of tagged VLANs per description) For k tagged VLANs, the first k entries in vlan_description.tagged are used. They are sorted in ascending order. All other entries are zero. This way os_memcmp() can find identical configurations. 2. Let tagged VLANs be parsed from RADIUS Access-Accept 3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set 4. Select an unused vlan_id > 4096 for new tagged VLAN configurations 5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:57 +01:00
return 0; /* nothing to change */
VLAN: Add per-STA vif option This allows the stations to be assigned to their own vif. It does not need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if !vlan_desc.notempty, so vlan_id can be assigned regardless. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:52:00 +01:00
}
radius: Add tagged VLAN parsing 1. Add tagged VLAN to struct vlan_description (compile limited number of tagged VLANs per description) For k tagged VLANs, the first k entries in vlan_description.tagged are used. They are sorted in ascending order. All other entries are zero. This way os_memcmp() can find identical configurations. 2. Let tagged VLANs be parsed from RADIUS Access-Accept 3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set 4. Select an unused vlan_id > 4096 for new tagged VLAN configurations 5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:57 +01:00
/* Now the real VLAN changed or the STA just needs its own vif */
VLAN: Add per-STA vif option This allows the stations to be assigned to their own vif. It does not need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if !vlan_desc.notempty, so vlan_id can be assigned regardless. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:52:00 +01:00
if (hapd->conf->ssid.per_sta_vif) {
/* Assign a new vif, always */
/* find a free vlan_id sufficiently big */
vlan_id = ap_sta_get_free_vlan_id(hapd);
/* Get wildcard VLAN */
for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
if (vlan->vlan_id == VLAN_ID_WILDCARD)
break;
}
if (!vlan) {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
"per_sta_vif missing wildcard");
vlan_id = 0;
ret = -1;
goto done;
}
} else if (vlan_desc && vlan_desc->notempty) {
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
if (!vlan_compare(&vlan->vlan_desc, vlan_desc))
break;
if (vlan->vlan_id == VLAN_ID_WILDCARD)
wildcard_vlan = vlan;
}
if (vlan) {
vlan_id = vlan->vlan_id;
} else if (wildcard_vlan) {
vlan = wildcard_vlan;
vlan_id = vlan_desc->untagged;
radius: Add tagged VLAN parsing 1. Add tagged VLAN to struct vlan_description (compile limited number of tagged VLANs per description) For k tagged VLANs, the first k entries in vlan_description.tagged are used. They are sorted in ascending order. All other entries are zero. This way os_memcmp() can find identical configurations. 2. Let tagged VLANs be parsed from RADIUS Access-Accept 3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set 4. Select an unused vlan_id > 4096 for new tagged VLAN configurations 5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:57 +01:00
if (vlan_desc->tagged[0]) {
/* Tagged VLAN configuration */
vlan_id = ap_sta_get_free_vlan_id(hapd);
}
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
} else {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
radius: Add tagged VLAN parsing 1. Add tagged VLAN to struct vlan_description (compile limited number of tagged VLANs per description) For k tagged VLANs, the first k entries in vlan_description.tagged are used. They are sorted in ascending order. All other entries are zero. This way os_memcmp() can find identical configurations. 2. Let tagged VLANs be parsed from RADIUS Access-Accept 3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set 4. Select an unused vlan_id > 4096 for new tagged VLAN configurations 5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:57 +01:00
"missing vlan and wildcard for vlan=%d%s",
vlan_desc->untagged,
vlan_desc->tagged[0] ? "+" : "");
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
vlan_id = 0;
ret = -1;
goto done;
}
}
if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) {
vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc);
if (vlan == NULL) {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
radius: Add tagged VLAN parsing 1. Add tagged VLAN to struct vlan_description (compile limited number of tagged VLANs per description) For k tagged VLANs, the first k entries in vlan_description.tagged are used. They are sorted in ascending order. All other entries are zero. This way os_memcmp() can find identical configurations. 2. Let tagged VLANs be parsed from RADIUS Access-Accept 3. Print VLAN %d+ with %d=untagged VID if tagged VLANs are set 4. Select an unused vlan_id > 4096 for new tagged VLAN configurations 5. Add EGRESS_VLAN RADIUS attribute parsing also for untagged VLANs Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:57 +01:00
"could not add dynamic VLAN interface for vlan=%d%s",
VLAN: Check vlan_desc validity in a failure debug print The recent VLAN changes added an explicit code path that sets vlan_desc = NULL within ap_sta_set_vlan(). This makes some code analyzers warn about the debug print that could potentially dereference this pointer. Silence that warning by verifying the pointer more consistently within this function. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-20 18:22:43 +01:00
vlan_desc ? vlan_desc->untagged : -1,
(vlan_desc && vlan_desc->tagged[0]) ?
"+" : "");
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
vlan_id = 0;
ret = -1;
goto done;
}
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
"added new dynamic VLAN interface '%s'",
vlan->ifname);
} else if (vlan && vlan->dynamic_vlan > 0) {
vlan->dynamic_vlan++;
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
"updated existing dynamic VLAN interface '%s'",
vlan->ifname);
}
done:
old_vlan_id = sta->vlan_id;
sta->vlan_id = vlan_id;
sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL;
if (vlan_id != old_vlan_id && old_vlan_id)
vlan_remove_dynamic(hapd, old_vlan_id);
return ret;
}
Remove VLAN interface on STA free Currently, vlan_remove_dynamic() is only called when the station VLAN ID is changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic VLAN interfaces are not removed actually except within 1x reauthentification VLAN ID change, although most of the code is already there. This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta(). It cannot just use sta->vlan_id for this, as this might have been changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth fetches from RADIUS cache for WPA-PSK), thus reference counting might not have been updated. Additionally, reference counting might get wrong due to old_vlanid = 0 being passed unconditionally, thus increasing the reference counter multiple times. So tracking the currently assigned (i.e., dynamic_vlan counter increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and setting the VLAN for the sta in driver happens unconditionally. Additionally, vlan->dynamic_vlan is only incremented when it actually is a dynamic VLAN. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
{
Added build option for removing VLAN support (CONFIG_NO_VLAN)
2009-01-12 20:39:19 +01:00
#ifndef CONFIG_NO_VLAN
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
const char *iface;
struct hostapd_vlan *vlan = NULL;
Stop processing if STA VLAN bind fails
2010-04-15 22:44:10 +02:00
int ret;
Remove VLAN interface on STA free Currently, vlan_remove_dynamic() is only called when the station VLAN ID is changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic VLAN interfaces are not removed actually except within 1x reauthentification VLAN ID change, although most of the code is already there. This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta(). It cannot just use sta->vlan_id for this, as this might have been changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth fetches from RADIUS cache for WPA-PSK), thus reference counting might not have been updated. Additionally, reference counting might get wrong due to old_vlanid = 0 being passed unconditionally, thus increasing the reference counter multiple times. So tracking the currently assigned (i.e., dynamic_vlan counter increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and setting the VLAN for the sta in driver happens unconditionally. Additionally, vlan->dynamic_vlan is only incremented when it actually is a dynamic VLAN. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
int old_vlanid = sta->vlan_id_bound;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
iface = hapd->conf->iface;
Remove unused leftover from multi-SSID design The multi-SSID design that used a single beaconing BSSID with multiple SSIDs was never completed in this repository, so there is no need to maintain the per-STA ssid/ssid_probe pointers that could only point to &hapd->conf->ssid. Save some memory and reduce code complexity by removing this unused partial capability. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-20 23:33:25 +02:00
if (hapd->conf->ssid.vlan[0])
iface = hapd->conf->ssid.vlan;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
if (sta->vlan_id > 0) {
for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
VLAN: Remove vlan_tail Everything in hostapd can be implemented efficiently without vlan_tail. Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-08-04 20:45:50 +02:00
if (vlan->vlan_id == sta->vlan_id)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
break;
}
VLAN: Remove vlan_tail Everything in hostapd can be implemented efficiently without vlan_tail. Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-08-04 20:45:50 +02:00
if (vlan)
iface = vlan->ifname;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
Remove VLAN interface on STA free Currently, vlan_remove_dynamic() is only called when the station VLAN ID is changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic VLAN interfaces are not removed actually except within 1x reauthentification VLAN ID change, although most of the code is already there. This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta(). It cannot just use sta->vlan_id for this, as this might have been changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth fetches from RADIUS cache for WPA-PSK), thus reference counting might not have been updated. Additionally, reference counting might get wrong due to old_vlanid = 0 being passed unconditionally, thus increasing the reference counter multiple times. So tracking the currently assigned (i.e., dynamic_vlan counter increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and setting the VLAN for the sta in driver happens unconditionally. Additionally, vlan->dynamic_vlan is only incremented when it actually is a dynamic VLAN. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
/*
* Do not increment ref counters if the VLAN ID remains same, but do
* not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might
* have been called before.
*/
if (sta->vlan_id == old_vlanid)
goto skip_counting;
hostapd: Support VLAN offload to the driver If the driver supports VLAN offload mechanism with a single netdev, use that instead of separate per-VLAN netdevs. Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
2019-12-05 11:38:47 +01:00
if (sta->vlan_id > 0 && !vlan &&
!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
"binding station to (vlan_id=%d)",
sta->vlan_id);
Fix STA re-bind to another VLAN on reauthentication Previously, the old VLAN ID could have been deleted before the STA was bound to the new VLAN in case the RADIUS server changed the VLAN ID during an association. This did not exactly work well with mac80211, so reorder the operations in a way that first binds the STA to the new VLAN ID and only after that, removes the old VLAN interface if no STAs remain in it. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-30 00:09:51 +01:00
ret = -1;
goto done;
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
} else if (vlan && vlan->dynamic_vlan > 0) {
Remove WEP support from VLAN Commit d66dcb0d0b584afdbaba00adcfe661741703094d ('WEP: Remove VLAN support from hostapd') already removed VLAN support for WEP encryption, so vlan_setup_encryption_dyn() is no longer needed. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-10-05 16:14:27 +02:00
vlan->dynamic_vlan++;
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
"updated existing dynamic VLAN interface '%s'",
iface);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
Remove VLAN interface on STA free Currently, vlan_remove_dynamic() is only called when the station VLAN ID is changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic VLAN interfaces are not removed actually except within 1x reauthentification VLAN ID change, although most of the code is already there. This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta(). It cannot just use sta->vlan_id for this, as this might have been changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth fetches from RADIUS cache for WPA-PSK), thus reference counting might not have been updated. Additionally, reference counting might get wrong due to old_vlanid = 0 being passed unconditionally, thus increasing the reference counter multiple times. So tracking the currently assigned (i.e., dynamic_vlan counter increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and setting the VLAN for the sta in driver happens unconditionally. Additionally, vlan->dynamic_vlan is only incremented when it actually is a dynamic VLAN. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
/* ref counters have been increased, so mark the station */
sta->vlan_id_bound = sta->vlan_id;
skip_counting:
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG, "binding station to interface "
"'%s'", iface);
if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
hostapd_driver_ops reduction set_sta_vlan, get_inact_sec, sta_deauth, sta_disassoc, and sta_remove to use inline functions instead of extra abstraction.
2010-11-24 14:36:02 +01:00
ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id);
Stop processing if STA VLAN bind fails
2010-04-15 22:44:10 +02:00
if (ret < 0) {
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
"entry to vlan_id=%d", sta->vlan_id);
}
Fix STA re-bind to another VLAN on reauthentication Previously, the old VLAN ID could have been deleted before the STA was bound to the new VLAN in case the RADIUS server changed the VLAN ID during an association. This did not exactly work well with mac80211, so reorder the operations in a way that first binds the STA to the new VLAN ID and only after that, removes the old VLAN interface if no STAs remain in it. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-30 00:09:51 +01:00
/* During 1x reauth, if the vlan id changes, then remove the old id. */
Remove VLAN interface on STA free Currently, vlan_remove_dynamic() is only called when the station VLAN ID is changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic VLAN interfaces are not removed actually except within 1x reauthentification VLAN ID change, although most of the code is already there. This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta(). It cannot just use sta->vlan_id for this, as this might have been changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth fetches from RADIUS cache for WPA-PSK), thus reference counting might not have been updated. Additionally, reference counting might get wrong due to old_vlanid = 0 being passed unconditionally, thus increasing the reference counter multiple times. So tracking the currently assigned (i.e., dynamic_vlan counter increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and setting the VLAN for the sta in driver happens unconditionally. Additionally, vlan->dynamic_vlan is only incremented when it actually is a dynamic VLAN. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
if (old_vlanid > 0 && old_vlanid != sta->vlan_id)
Fix STA re-bind to another VLAN on reauthentication Previously, the old VLAN ID could have been deleted before the STA was bound to the new VLAN in case the RADIUS server changed the VLAN ID during an association. This did not exactly work well with mac80211, so reorder the operations in a way that first binds the STA to the new VLAN ID and only after that, removes the old VLAN interface if no STAs remain in it. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-30 00:09:51 +01:00
vlan_remove_dynamic(hapd, old_vlanid);
Remove VLAN interface on STA free Currently, vlan_remove_dynamic() is only called when the station VLAN ID is changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic VLAN interfaces are not removed actually except within 1x reauthentification VLAN ID change, although most of the code is already there. This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta(). It cannot just use sta->vlan_id for this, as this might have been changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth fetches from RADIUS cache for WPA-PSK), thus reference counting might not have been updated. Additionally, reference counting might get wrong due to old_vlanid = 0 being passed unconditionally, thus increasing the reference counter multiple times. So tracking the currently assigned (i.e., dynamic_vlan counter increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and setting the VLAN for the sta in driver happens unconditionally. Additionally, vlan->dynamic_vlan is only incremented when it actually is a dynamic VLAN. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
done:
Fix STA re-bind to another VLAN on reauthentication Previously, the old VLAN ID could have been deleted before the STA was bound to the new VLAN in case the RADIUS server changed the VLAN ID during an association. This did not exactly work well with mac80211, so reorder the operations in a way that first binds the STA to the new VLAN ID and only after that, removes the old VLAN interface if no STAs remain in it. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-30 00:09:51 +01:00
Stop processing if STA VLAN bind fails
2010-04-15 22:44:10 +02:00
return ret;
Added build option for removing VLAN support (CONFIG_NO_VLAN)
2009-01-12 20:39:19 +01:00
#else /* CONFIG_NO_VLAN */
return 0;
#endif /* CONFIG_NO_VLAN */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
Updated SA Query procedure to use timeouts per 802.11w/D7.0 The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
2008-12-26 11:30:34 +01:00
int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
{
Updated SA Query procedure to use timeouts per 802.11w/D7.0 The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
2008-12-26 11:30:34 +01:00
u32 tu;
AP: Use monotonic clock for SA query timeout The usual, any timeouts should be using monotonic time. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-11-25 21:56:09 +01:00
struct os_reltime now, passed;
os_get_reltime(&now);
os_reltime_sub(&now, &sta->sa_query_start, &passed);
Updated SA Query procedure to use timeouts per 802.11w/D7.0 The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
2008-12-26 11:30:34 +01:00
tu = (passed.sec * 1000000 + passed.usec) / 1024;
if (hapd->conf->assoc_sa_query_max_timeout < tu) {
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE80211,
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
HOSTAPD_LEVEL_DEBUG,
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
"association SA Query timed out");
sta->sa_query_timed_out = 1;
os_free(sta->sa_query_trans_id);
sta->sa_query_trans_id = NULL;
sta->sa_query_count = 0;
Updated SA Query procedure to use timeouts per 802.11w/D7.0 The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
2008-12-26 11:30:34 +01:00
eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
return 1;
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
}
Updated SA Query procedure to use timeouts per 802.11w/D7.0 The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
2008-12-26 11:30:34 +01:00
return 0;
}
static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
{
struct hostapd_data *hapd = eloop_ctx;
struct sta_info *sta = timeout_ctx;
unsigned int timeout, sec, usec;
u8 *trans_id, *nbuf;
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR
" (count=%d)",
hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count);
Updated SA Query procedure to use timeouts per 802.11w/D7.0 The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
2008-12-26 11:30:34 +01:00
if (sta->sa_query_count > 0 &&
ap_check_sa_query_timeout(hapd, sta))
return;
Convert os_realloc() for an array to use os_realloc_array() Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 20:21:23 +02:00
nbuf = os_realloc_array(sta->sa_query_trans_id,
sta->sa_query_count + 1,
WLAN_SA_QUERY_TR_ID_LEN);
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
if (nbuf == NULL)
return;
Updated SA Query procedure to use timeouts per 802.11w/D7.0 The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
2008-12-26 11:30:34 +01:00
if (sta->sa_query_count == 0) {
/* Starting a new SA Query procedure */
AP: Use monotonic clock for SA query timeout The usual, any timeouts should be using monotonic time. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-11-25 21:56:09 +01:00
os_get_reltime(&sta->sa_query_start);
Updated SA Query procedure to use timeouts per 802.11w/D7.0 The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
2008-12-26 11:30:34 +01:00
}
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
sta->sa_query_trans_id = nbuf;
sta->sa_query_count++;
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
AP: Check os_get_random() return value more consistently While this specific case does not really care what value is used, the the theoretical error case can be handled more consistently. (CID 72684) Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-11 18:38:45 +02:00
if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
/*
* We don't really care which ID is used here, so simply
* hardcode this if the mostly theoretical os_get_random()
* failure happens.
*/
trans_id[0] = 0x12;
trans_id[1] = 0x34;
}
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
Updated SA Query procedure to use timeouts per 802.11w/D7.0 The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
2008-12-26 11:30:34 +01:00
timeout = hapd->conf->assoc_sa_query_retry_timeout;
sec = ((timeout / 1000) * 1024) / 1000;
usec = (timeout % 1000) * 1024;
eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta);
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_DEBUG,
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
"association SA Query attempt %d", sta->sa_query_count);
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id);
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
}
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
{
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
ap_sa_query_timer(hapd, sta);
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
}
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
{
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
os_free(sta->sa_query_trans_id);
sta->sa_query_trans_id = NULL;
sta->sa_query_count = 0;
IEEE 802.11w: Added association ping This updates management frame protection to use the assocition ping process from the latest draft (D6.0) to protect against unauthenticated authenticate or (re)associate frames dropping association.
2008-08-31 10:04:47 +02:00
}
Move more driver ops into struct hostapd_driver_ops This removes need to include driver_i.h into ieee802_1x.c.
2009-12-24 19:41:30 +01:00
AP: Allow identifying which passphrase station used with wpa_psk_file It is now possible to optionally specify keyid for each wpa_psk_file entry: keyid=something 00:00:00:00:00:00 secretpassphrase When station connects and the passphrase it used has an associated keyid it will be appended to the AP-STA-CONNECTED event string: wlan0: AP-STA-CONNECTED 00:36:76:21:dc:7b keyid=something It's also possible to retrieve it through the control interface: $ hostapd_cli all_sta Selected interface 'ap0' 00:36:76:21:dc:7b ... keyid=something New hostapd is able to read old wpa_psk_file. However, old hostapd will not be able to read the new wpa_psk_file if it includes keyids. Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-16 13:35:19 +01:00
const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd,
struct sta_info *sta)
{
struct hostapd_wpa_psk *psk;
struct hostapd_ssid *ssid;
const u8 *pmk;
int pmk_len;
ssid = &hapd->conf->ssid;
pmk = wpa_auth_get_pmk(sta->wpa_sm, &pmk_len);
if (!pmk || pmk_len != PMK_LEN)
return NULL;
for (psk = ssid->wpa_psk; psk; psk = psk->next)
if (os_memcmp(pmk, psk->psk, PMK_LEN) == 0)
break;
if (!psk)
return NULL;
if (!psk || !psk->keyid[0])
return NULL;
return psk->keyid;
}
AP: Introduce sta authorized wrappers To enable making state change notifications on the WLAN_STA_AUTHORIZED flag, introduce ap_sta_set_authorized(), and to reduce use of the flag itself also add a wrapper for testing the flag: ap_sta_is_authorized(). Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 15:52:32 +01:00
void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
int authorized)
{
P2P: Append P2P Device Address to AP-STA-DISCONNECTED event Append "p2p_dev_addr" parameter to AP-STA-DISCONNECTED event for P2P connections. In addition, for AP-STA-CONNECTED event during P2P connection, the "dev_addr=" print is replaced with "p2p_dev_addr=" to be more consistent with other events. Signed-hostap: Jithu Jance <jithu@broadcom.com>
2011-12-10 11:26:00 +01:00
const u8 *dev_addr = NULL;
Clean up AP-STA-CONNECTED/DISCONNECTED prints Use shared code to print the parameters so that they do not need to be generated four times separately. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:09:41 +02:00
char buf[100];
P2P: Add p2p_client_list support for FullMAC Persistent GO Currently, FullMAC Persistent GO can't use p2p_client_list because its own hapd->p2p_group is NULL at ap_sta_set_authorized(). This patch changes the processing to use sta->p2p_ie instead of p2p_group_get_dev_addr() on FullMAC GO. Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-17 10:58:46 +02:00
#ifdef CONFIG_P2P
u8 addr[ETH_ALEN];
P2P: Add support for IP address assignment in 4-way handshake This new mechanism allows P2P Client to request an IPv4 address from the GO as part of the 4-way handshake to avoid use of DHCP exchange after 4-way handshake. If the new mechanism is used, the assigned IP address is shown in the P2P-GROUP-STARTED event on the client side with following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP address is included in the AP-STA-CONNECTED event on the GO side as a new ip_addr parameter. The IP address is valid for the duration of the association. The IP address pool for this new mechanism is configured as global wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask, ip_addr_star, ip_addr_end. For example: ip_addr_go=192.168.42.1 ip_addr_mask=255.255.255.0 ip_addr_start=192.168.42.2 ip_addr_end=192.168.42.100 DHCP mechanism is expected to be enabled at the same time to support P2P Devices that do not use the new mechanism. The easiest way of managing the IP addresses is by splitting the IP address range into two parts and assign a separate range for wpa_supplicant and DHCP server. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-16 18:13:31 +01:00
u8 ip_addr_buf[4];
P2P: Add p2p_client_list support for FullMAC Persistent GO Currently, FullMAC Persistent GO can't use p2p_client_list because its own hapd->p2p_group is NULL at ap_sta_set_authorized(). This patch changes the processing to use sta->p2p_ie instead of p2p_group_get_dev_addr() on FullMAC GO. Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-17 10:58:46 +02:00
#endif /* CONFIG_P2P */
AP: Introduce sta authorized wrappers To enable making state change notifications on the WLAN_STA_AUTHORIZED flag, introduce ap_sta_set_authorized(), and to reduce use of the flag itself also add a wrapper for testing the flag: ap_sta_is_authorized(). Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 15:52:32 +01:00
if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
return;
P2P: Handle improper WPS termination on GO during group formation A P2P Client may be able to connect to the GO even if the WPS provisioning step has not terminated cleanly (e.g., P2P Client does not send WSC_Done). Such group formation attempt missed the event notification about started group on the GO and also did not set the internal state corresponding to the successful group formation. This commit addresses the missing part by completing GO side group formation on a successful first data connection if WPS does not complete cleanly. Also, this commit reorders the STA authorization indications to ensure that the group formation success notification is given prior to the first STA connection to handle such scenarios. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-01 14:36:53 +02:00
if (authorized)
sta->flags |= WLAN_STA_AUTHORIZED;
else
sta->flags &= ~WLAN_STA_AUTHORIZED;
Move AP events for STA connected/disconnected into one function Instead of trying to remember to add wpa_msg() calls for every possible path where a STA becomes authorized or unauthorized, use ap_sta_set_authorized() to send these events more consistently. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 21:17:41 +01:00
#ifdef CONFIG_P2P
P2P: Add p2p_client_list support for FullMAC Persistent GO Currently, FullMAC Persistent GO can't use p2p_client_list because its own hapd->p2p_group is NULL at ap_sta_set_authorized(). This patch changes the processing to use sta->p2p_ie instead of p2p_group_get_dev_addr() on FullMAC GO. Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-17 10:58:46 +02:00
if (hapd->p2p_group == NULL) {
if (sta->p2p_ie != NULL &&
p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0)
dev_addr = addr;
} else
dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr);
P2P: Append P2P Device Address to AP-STA-DISCONNECTED event Append "p2p_dev_addr" parameter to AP-STA-DISCONNECTED event for P2P connections. In addition, for AP-STA-CONNECTED event during P2P connection, the "dev_addr=" print is replaced with "p2p_dev_addr=" to be more consistent with other events. Signed-hostap: Jithu Jance <jithu@broadcom.com>
2011-12-10 11:26:00 +01:00
Clean up AP-STA-CONNECTED/DISCONNECTED prints Use shared code to print the parameters so that they do not need to be generated four times separately. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:09:41 +02:00
if (dev_addr)
os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR,
MAC2STR(sta->addr), MAC2STR(dev_addr));
else
hostapd: Avoid dead code with P2P not enabled In case P2P is not enabled the if (dev_addr) is always ignored as dev_addr will be NULL. As this code is relevant only to P2P, it can be moved to be the ifdef to avoid static analyzer warnings. (CID 72907) Signed-off-by: Philippe De Swert <philippe.deswert@jollamobile.com>
2014-09-23 09:08:30 +02:00
#endif /* CONFIG_P2P */
Clean up AP-STA-CONNECTED/DISCONNECTED prints Use shared code to print the parameters so that they do not need to be generated four times separately. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:09:41 +02:00
os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
P2P: Handle improper WPS termination on GO during group formation A P2P Client may be able to connect to the GO even if the WPS provisioning step has not terminated cleanly (e.g., P2P Client does not send WSC_Done). Such group formation attempt missed the event notification about started group on the GO and also did not set the internal state corresponding to the successful group formation. This commit addresses the missing part by completing GO side group formation on a successful first data connection if WPS does not complete cleanly. Also, this commit reorders the STA authorization indications to ensure that the group formation success notification is given prior to the first STA connection to handle such scenarios. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-01 14:36:53 +02:00
if (hapd->sta_authorized_cb)
hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
sta->addr, authorized, dev_addr);
P2P: Append P2P Device Address to AP-STA-DISCONNECTED event Append "p2p_dev_addr" parameter to AP-STA-DISCONNECTED event for P2P connections. In addition, for AP-STA-CONNECTED event during P2P connection, the "dev_addr=" print is replaced with "p2p_dev_addr=" to be more consistent with other events. Signed-hostap: Jithu Jance <jithu@broadcom.com>
2011-12-10 11:26:00 +01:00
if (authorized) {
AP: Allow identifying which passphrase station used with wpa_psk_file It is now possible to optionally specify keyid for each wpa_psk_file entry: keyid=something 00:00:00:00:00:00 secretpassphrase When station connects and the passphrase it used has an associated keyid it will be appended to the AP-STA-CONNECTED event string: wlan0: AP-STA-CONNECTED 00:36:76:21:dc:7b keyid=something It's also possible to retrieve it through the control interface: $ hostapd_cli all_sta Selected interface 'ap0' 00:36:76:21:dc:7b ... keyid=something New hostapd is able to read old wpa_psk_file. However, old hostapd will not be able to read the new wpa_psk_file if it includes keyids. Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-16 13:35:19 +01:00
const char *keyid;
char keyid_buf[100];
P2P: Add support for IP address assignment in 4-way handshake This new mechanism allows P2P Client to request an IPv4 address from the GO as part of the 4-way handshake to avoid use of DHCP exchange after 4-way handshake. If the new mechanism is used, the assigned IP address is shown in the P2P-GROUP-STARTED event on the client side with following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP address is included in the AP-STA-CONNECTED event on the GO side as a new ip_addr parameter. The IP address is valid for the duration of the association. The IP address pool for this new mechanism is configured as global wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask, ip_addr_star, ip_addr_end. For example: ip_addr_go=192.168.42.1 ip_addr_mask=255.255.255.0 ip_addr_start=192.168.42.2 ip_addr_end=192.168.42.100 DHCP mechanism is expected to be enabled at the same time to support P2P Devices that do not use the new mechanism. The easiest way of managing the IP addresses is by splitting the IP address range into two parts and assign a separate range for wpa_supplicant and DHCP server. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-16 18:13:31 +01:00
char ip_addr[100];
AP: Allow identifying which passphrase station used with wpa_psk_file It is now possible to optionally specify keyid for each wpa_psk_file entry: keyid=something 00:00:00:00:00:00 secretpassphrase When station connects and the passphrase it used has an associated keyid it will be appended to the AP-STA-CONNECTED event string: wlan0: AP-STA-CONNECTED 00:36:76:21:dc:7b keyid=something It's also possible to retrieve it through the control interface: $ hostapd_cli all_sta Selected interface 'ap0' 00:36:76:21:dc:7b ... keyid=something New hostapd is able to read old wpa_psk_file. However, old hostapd will not be able to read the new wpa_psk_file if it includes keyids. Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-16 13:35:19 +01:00
keyid_buf[0] = '\0';
P2P: Add support for IP address assignment in 4-way handshake This new mechanism allows P2P Client to request an IPv4 address from the GO as part of the 4-way handshake to avoid use of DHCP exchange after 4-way handshake. If the new mechanism is used, the assigned IP address is shown in the P2P-GROUP-STARTED event on the client side with following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP address is included in the AP-STA-CONNECTED event on the GO side as a new ip_addr parameter. The IP address is valid for the duration of the association. The IP address pool for this new mechanism is configured as global wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask, ip_addr_star, ip_addr_end. For example: ip_addr_go=192.168.42.1 ip_addr_mask=255.255.255.0 ip_addr_start=192.168.42.2 ip_addr_end=192.168.42.100 DHCP mechanism is expected to be enabled at the same time to support P2P Devices that do not use the new mechanism. The easiest way of managing the IP addresses is by splitting the IP address range into two parts and assign a separate range for wpa_supplicant and DHCP server. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-16 18:13:31 +01:00
ip_addr[0] = '\0';
#ifdef CONFIG_P2P
if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
os_snprintf(ip_addr, sizeof(ip_addr),
" ip_addr=%u.%u.%u.%u",
ip_addr_buf[0], ip_addr_buf[1],
ip_addr_buf[2], ip_addr_buf[3]);
}
#endif /* CONFIG_P2P */
AP: Allow identifying which passphrase station used with wpa_psk_file It is now possible to optionally specify keyid for each wpa_psk_file entry: keyid=something 00:00:00:00:00:00 secretpassphrase When station connects and the passphrase it used has an associated keyid it will be appended to the AP-STA-CONNECTED event string: wlan0: AP-STA-CONNECTED 00:36:76:21:dc:7b keyid=something It's also possible to retrieve it through the control interface: $ hostapd_cli all_sta Selected interface 'ap0' 00:36:76:21:dc:7b ... keyid=something New hostapd is able to read old wpa_psk_file. However, old hostapd will not be able to read the new wpa_psk_file if it includes keyids. Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-16 13:35:19 +01:00
keyid = ap_sta_wpa_get_keyid(hapd, sta);
if (keyid) {
os_snprintf(keyid_buf, sizeof(keyid_buf),
" keyid=%s", keyid);
}
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s",
buf, ip_addr, keyid_buf);
Clean up AP-STA-CONNECTED/DISCONNECTED prints Use shared code to print the parameters so that they do not need to be generated four times separately. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:09:41 +02:00
P2P: Send STA connected/disconnected events to parent ctrl_iface Send the connection events from P2P group to both the group interface and parent interface ctrl_ifaces to make it easier for external monitor programs to see these events without having to listen to all group interfaces when virtual group interfaces are used. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-07-22 00:19:46 +02:00
if (hapd->msg_ctx_parent &&
Clean up AP-STA-CONNECTED/DISCONNECTED prints Use shared code to print the parameters so that they do not need to be generated four times separately. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:09:41 +02:00
hapd->msg_ctx_parent != hapd->msg_ctx)
P2P: No duplicate AP-STA-CONNECTED/DISCONNECTED as global event These events are sent as a special case to both the group interface and "parent interface" (i.e., the interface that was used for managing P2P negotiation). The latter is not really correct event, so get rid of it with the new global control interface design where there is no need to support legacy upper layer implementations. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:18:31 +02:00
wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
AP: Allow identifying which passphrase station used with wpa_psk_file It is now possible to optionally specify keyid for each wpa_psk_file entry: keyid=something 00:00:00:00:00:00 secretpassphrase When station connects and the passphrase it used has an associated keyid it will be appended to the AP-STA-CONNECTED event string: wlan0: AP-STA-CONNECTED 00:36:76:21:dc:7b keyid=something It's also possible to retrieve it through the control interface: $ hostapd_cli all_sta Selected interface 'ap0' 00:36:76:21:dc:7b ... keyid=something New hostapd is able to read old wpa_psk_file. However, old hostapd will not be able to read the new wpa_psk_file if it includes keyids. Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-16 13:35:19 +01:00
AP_STA_CONNECTED "%s%s%s",
buf, ip_addr, keyid_buf);
Move AP events for STA connected/disconnected into one function Instead of trying to remember to add wpa_msg() calls for every possible path where a STA becomes authorized or unauthorized, use ap_sta_set_authorized() to send these events more consistently. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 21:17:41 +01:00
} else {
Clean up AP-STA-CONNECTED/DISCONNECTED prints Use shared code to print the parameters so that they do not need to be generated four times separately. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:09:41 +02:00
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
P2P: Send STA connected/disconnected events to parent ctrl_iface Send the connection events from P2P group to both the group interface and parent interface ctrl_ifaces to make it easier for external monitor programs to see these events without having to listen to all group interfaces when virtual group interfaces are used. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-07-22 00:19:46 +02:00
if (hapd->msg_ctx_parent &&
Clean up AP-STA-CONNECTED/DISCONNECTED prints Use shared code to print the parameters so that they do not need to be generated four times separately. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:09:41 +02:00
hapd->msg_ctx_parent != hapd->msg_ctx)
P2P: No duplicate AP-STA-CONNECTED/DISCONNECTED as global event These events are sent as a special case to both the group interface and "parent interface" (i.e., the interface that was used for managing P2P negotiation). The latter is not really correct event, so get rid of it with the new global control interface design where there is no need to support legacy upper layer implementations. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-18 18:18:31 +02:00
wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
AP_STA_DISCONNECTED "%s", buf);
Move AP events for STA connected/disconnected into one function Instead of trying to remember to add wpa_msg() calls for every possible path where a STA becomes authorized or unauthorized, use ap_sta_set_authorized() to send these events more consistently. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 21:17:41 +01:00
}
FST: Integration into hostapd This commit integrates the FST into the hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-21 14:30:48 +01:00
#ifdef CONFIG_FST
if (hapd->iface->fst) {
if (authorized)
fst_notify_peer_connected(hapd->iface->fst, sta->addr);
else
fst_notify_peer_disconnected(hapd->iface->fst,
sta->addr);
}
#endif /* CONFIG_FST */
AP: Introduce sta authorized wrappers To enable making state change notifications on the WLAN_STA_AUTHORIZED flag, introduce ap_sta_set_authorized(), and to reduce use of the flag itself also add a wrapper for testing the flag: ap_sta_is_authorized(). Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 15:52:32 +01:00
}
Move more driver ops into struct hostapd_driver_ops This removes need to include driver_i.h into ieee802_1x.c.
2009-12-24 19:41:30 +01:00
void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *addr, u16 reason)
{
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
if (sta)
wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u",
hapd->conf->iface, __func__, MAC2STR(sta->addr),
reason);
else if (addr)
wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u",
hapd->conf->iface, __func__, MAC2STR(addr),
reason);
Move more driver ops into struct hostapd_driver_ops This removes need to include driver_i.h into ieee802_1x.c.
2009-12-24 19:41:30 +01:00
if (sta == NULL && addr)
sta = ap_get_sta(hapd, addr);
if (addr)
hostapd_driver_ops reduction set_sta_vlan, get_inact_sec, sta_deauth, sta_disassoc, and sta_remove to use inline functions instead of extra abstraction.
2010-11-24 14:36:02 +01:00
hostapd_drv_sta_deauth(hapd, addr, reason);
Move more driver ops into struct hostapd_driver_ops This removes need to include driver_i.h into ieee802_1x.c.
2009-12-24 19:41:30 +01:00
if (sta == NULL)
return;
AP: Introduce sta authorized wrappers To enable making state change notifications on the WLAN_STA_AUTHORIZED flag, introduce ap_sta_set_authorized(), and to reduce use of the flag itself also add a wrapper for testing the flag: ap_sta_is_authorized(). Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 15:52:32 +01:00
ap_sta_set_authorized(hapd, sta, 0);
Fix ap_sta_disconnect() to clear EAPOL/WPA authenticator state Number of places in hostapd use ap_sta_disconnect() instead of ap_sta_disassociate() or ap_sta_deauthenticate(). There are some differences between these functions, e.g., in the area how quickly the EAPOL state machines get deinitialized. This can result in somewhat unexpected events since the EAPOL/WPA authenticator state machines could remain running after deauthentication. Address this by forcing EAPOL/WPA authenticator state machines to disabled state whenever ap_sta_disconnect() is called instead of waiting for the deauthentication callback or other timeout to clear the STA. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-25 21:32:58 +01:00
wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
AP: Introduce sta authorized wrappers To enable making state change notifications on the WLAN_STA_AUTHORIZED flag, introduce ap_sta_set_authorized(), and to reduce use of the flag itself also add a wrapper for testing the flag: ap_sta_is_authorized(). Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 15:52:32 +01:00
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout "
AP: Add debug information for ap_handle_timer operations This makes it easier to figure out what exactly was done with the ap_handle_timer registration/cancellation based on a debug log. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 13:09:40 +02:00
"for " MACSTR " (%d seconds - "
"AP_MAX_INACTIVITY_AFTER_DEAUTH)",
AP: Print interface name in more STA events This makes it easier to follow a debug log from a hostapd process that manages multiple interfaces. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:17:40 +01:00
hapd->conf->iface, __func__, MAC2STR(sta->addr),
AP: Add debug information for ap_handle_timer operations This makes it easier to figure out what exactly was done with the ap_handle_timer registration/cancellation based on a debug log. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-11 13:09:40 +02:00
AP_MAX_INACTIVITY_AFTER_DEAUTH);
Move more driver ops into struct hostapd_driver_ops This removes need to include driver_i.h into ieee802_1x.c.
2009-12-24 19:41:30 +01:00
eloop_cancel_timeout(ap_handle_timer, hapd, sta);
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
ap_handle_timer, hapd, sta);
Move more driver ops into struct hostapd_driver_ops This removes need to include driver_i.h into ieee802_1x.c.
2009-12-24 19:41:30 +01:00
sta->timeout_next = STA_REMOVE;
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
AP: Skip authentication/deauthentication phase for DMG/IEEE 802.11ad Authentication and Deauthentication frames are not used in DMG/IEEE 802.11ad networks. For DMG/IEEE 802.11ad the following was implemented: Upon receiving association request, allocate the sta object and initialize it as if authentication took place. Upon receiving disassociation, deallocate the sta object. ap_sta_disassociate/ap_sta_deauthenticate/ap_sta_disconnect all use disassociation instead of deauthentication. In driver_nl80211, i802_sta_deauth() is routed to i802_sta_disassoc(). Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-12-26 20:00:51 +01:00
if (hapd->iface->current_mode &&
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
/* Deauthentication is not used in DMG/IEEE 802.11ad;
* disassociate the STA instead. */
sta->disassoc_reason = reason;
sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
eloop_register_timeout(hapd->iface->drv_flags &
WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ?
2 : 0, 0, ap_sta_disassoc_cb_timeout,
hapd, sta);
return;
}
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
sta->deauth_reason = reason;
Fix Deauth/Disassoc callback handling with test frames The Deauth/Disassoc TX status callbacks were ending up kicking the station entry from kernel driver when test functionality was used to inject Deauth/Disassoc frames from the AP with the purpose of leaving the local association in place. Fix this by using STA flags to figure out whether there was a pending callback for the frame that we need to act on. In addition, add forgotten functionality for the Disassoc TX status callback to match the behavior with Deauth.
2011-09-06 20:03:02 +02:00
sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
eloop_register_timeout(hapd->iface->drv_flags &
WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
ap_sta_deauth_cb_timeout, hapd, sta);
}
void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
{
Fix Deauth/Disassoc callback handling with test frames The Deauth/Disassoc TX status callbacks were ending up kicking the station entry from kernel driver when test functionality was used to inject Deauth/Disassoc frames from the AP with the purpose of leaving the local association in place. Fix this by using STA flags to figure out whether there was a pending callback for the frame that we need to act on. In addition, add forgotten functionality for the Disassoc TX status callback to match the behavior with Deauth.
2011-09-06 20:03:02 +02:00
if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
return;
}
sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
ap_sta_deauth_cb_timeout(hapd, sta);
}
void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
{
Fix Deauth/Disassoc callback handling with test frames The Deauth/Disassoc TX status callbacks were ending up kicking the station entry from kernel driver when test functionality was used to inject Deauth/Disassoc frames from the AP with the purpose of leaving the local association in place. Fix this by using STA flags to figure out whether there was a pending callback for the frame that we need to act on. In addition, add forgotten functionality for the Disassoc TX status callback to match the behavior with Deauth.
2011-09-06 20:03:02 +02:00
if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
return;
}
sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
ap_sta_disassoc_cb_timeout(hapd, sta);
Move more driver ops into struct hostapd_driver_ops This removes need to include driver_i.h into ieee802_1x.c.
2009-12-24 19:41:30 +01:00
}
hostapd: Make STA flags available through ctrl_iface STA command Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:24:24 +01:00
AP: Fix Deauth/Disassoc TX status timeout handling The ap_sta_deauth_cb and ap_sta_disassoc_cb eloop timeouts are used to clear a disconnecting STA from the kernel driver if the STA did not ACK the Deauthentication/Disassociation frame from the AP within two seconds. However, it was possible for a STA to not ACK such a frame, e.g., when the disconnection happened due to hostapd pruning old associations from other BSSes and the STA was not on the old channel anymore. If that same STA then started a new authentication/association with the BSS, the two second timeout could trigger during this new association and result in the STA entry getting removed from the kernel. Fix this by canceling these eloop timeouts when receiving an indication of a new authentication or association. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:28:58 +01:00
void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
struct sta_info *sta)
{
if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0)
wpa_printf(MSG_DEBUG,
"%s: Removed ap_sta_deauth_cb_timeout timeout for "
MACSTR,
hapd->conf->iface, MAC2STR(sta->addr));
if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0)
wpa_printf(MSG_DEBUG,
"%s: Removed ap_sta_disassoc_cb_timeout timeout for "
MACSTR,
hapd->conf->iface, MAC2STR(sta->addr));
Use eloop timeout for post-EAP-Failure wait before disconnection Previously, os_sleep() was used to block the hostapd (or wpa_supplicant AP/P2P GO mode) processing between sending out EAP-Failure and disconnecting the STA. This is not ideal for couple of reasons: it blocks all other parallel operations in the process and it leaves a window during which the station might deauthenticate and the AP would have no option for reacting to that before forcing out its own Deauthentication frame which could go out after the STA has already started new connection attempt. Improve this design by scheduling an eloop timeout of 10 ms instead of the os_sleep() call and perform the delayed operations from the eloop callback function. This eloop timeout is cancelled if the STA disconnects or initiates a new connection attempt before the 10 ms time is reached. This gets rid of the confusing extra Deauthentication frame in cases where the STA reacts to EAP-Failure by an immediate deauthentication. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-06 17:12:11 +01:00
if (eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta) > 0)
{
wpa_printf(MSG_DEBUG,
"%s: Removed ap_sta_delayed_1x_auth_fail_cb timeout for "
MACSTR,
hapd->conf->iface, MAC2STR(sta->addr));
if (sta->flags & WLAN_STA_WPS)
hostapd_wps_eap_completed(hapd);
}
AP: Fix Deauth/Disassoc TX status timeout handling The ap_sta_deauth_cb and ap_sta_disassoc_cb eloop timeouts are used to clear a disconnecting STA from the kernel driver if the STA did not ACK the Deauthentication/Disassociation frame from the AP within two seconds. However, it was possible for a STA to not ACK such a frame, e.g., when the disconnection happened due to hostapd pruning old associations from other BSSes and the STA was not on the old channel anymore. If that same STA then started a new authentication/association with the BSS, the two second timeout could trigger during this new association and result in the STA entry getting removed from the kernel. Fix this by canceling these eloop timeouts when receiving an indication of a new authentication or association. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:28:58 +01:00
}
hostapd: Make STA flags available through ctrl_iface STA command Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:24:24 +01:00
int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen)
{
int res;
buf[0] = '\0';
HE: Add 11ax info to ap mode ctrl iface STATUS command Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2019-10-16 20:57:38 +02:00
res = os_snprintf(buf, buflen, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
hostapd: Make STA flags available through ctrl_iface STA command Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:24:24 +01:00
(flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
(flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
(flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""),
(flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
""),
(flags & WLAN_STA_SHORT_PREAMBLE ?
"[SHORT_PREAMBLE]" : ""),
(flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
(flags & WLAN_STA_WMM ? "[WMM]" : ""),
(flags & WLAN_STA_MFP ? "[MFP]" : ""),
(flags & WLAN_STA_WPS ? "[WPS]" : ""),
(flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
(flags & WLAN_STA_WDS ? "[WDS]" : ""),
(flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
(flags & WLAN_STA_WPS2 ? "[WPS2]" : ""),
(flags & WLAN_STA_GAS ? "[GAS]" : ""),
hostapd: Add [HT] flag into STA command Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-06 17:03:25 +02:00
(flags & WLAN_STA_HT ? "[HT]" : ""),
hostapd: Make STA flags available through ctrl_iface STA command Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:24:24 +01:00
(flags & WLAN_STA_VHT ? "[VHT]" : ""),
HE: Add 11ax info to ap mode ctrl iface STATUS command Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
2019-10-16 20:57:38 +02:00
(flags & WLAN_STA_HE ? "[HE]" : ""),
hostapd: Add vendor specific VHT extension for the 2.4 GHz band This allows vendor specific information element to be used to advertise support for VHT on 2.4 GHz band. In practice, this is used to enable use of 256 QAM rates (VHT-MCS 8 and 9) on 2.4 GHz band. This functionality is disabled by default, but can be enabled with vendor_vht=1 parameter in hostapd.conf if the driver advertises support for VHT on either 2.4 or 5 GHz bands. Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
2014-11-10 16:12:29 +01:00
(flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""),
hostapd: Make STA flags available through ctrl_iface STA command Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:24:24 +01:00
(flags & WLAN_STA_WNM_SLEEP_MODE ?
"[WNM_SLEEP_MODE]" : ""));
Check os_snprintf() result more consistently - more checks Add more os_snprintf() result validation checks. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-07 14:45:02 +01:00
if (os_snprintf_error(buflen, res))
res = -1;
hostapd: Make STA flags available through ctrl_iface STA command Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:24:24 +01:00
return res;
}
Use eloop timeout for post-EAP-Failure wait before disconnection Previously, os_sleep() was used to block the hostapd (or wpa_supplicant AP/P2P GO mode) processing between sending out EAP-Failure and disconnecting the STA. This is not ideal for couple of reasons: it blocks all other parallel operations in the process and it leaves a window during which the station might deauthenticate and the AP would have no option for reacting to that before forcing out its own Deauthentication frame which could go out after the STA has already started new connection attempt. Improve this design by scheduling an eloop timeout of 10 ms instead of the os_sleep() call and perform the delayed operations from the eloop callback function. This eloop timeout is cancelled if the STA disconnects or initiates a new connection attempt before the 10 ms time is reached. This gets rid of the confusing extra Deauthentication frame in cases where the STA reacts to EAP-Failure by an immediate deauthentication. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-06 17:12:11 +01:00
static void ap_sta_delayed_1x_auth_fail_cb(void *eloop_ctx, void *timeout_ctx)
{
struct hostapd_data *hapd = eloop_ctx;
struct sta_info *sta = timeout_ctx;
Copy WLAN-Reason-Code value from Access-Reject to Deauthentication This makes hostapd use the WLAN-Reason-Code value from Access-Reject when disconnecting a station due to IEEE 802.1X authentication failure. If the RADIUS server does not include this attribute, the default value 23 (IEEE 802.1X authentication failed) is used. That value was the previously hardcoded reason code. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 19:55:33 +01:00
u16 reason;
Use eloop timeout for post-EAP-Failure wait before disconnection Previously, os_sleep() was used to block the hostapd (or wpa_supplicant AP/P2P GO mode) processing between sending out EAP-Failure and disconnecting the STA. This is not ideal for couple of reasons: it blocks all other parallel operations in the process and it leaves a window during which the station might deauthenticate and the AP would have no option for reacting to that before forcing out its own Deauthentication frame which could go out after the STA has already started new connection attempt. Improve this design by scheduling an eloop timeout of 10 ms instead of the os_sleep() call and perform the delayed operations from the eloop callback function. This eloop timeout is cancelled if the STA disconnects or initiates a new connection attempt before the 10 ms time is reached. This gets rid of the confusing extra Deauthentication frame in cases where the STA reacts to EAP-Failure by an immediate deauthentication. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-06 17:12:11 +01:00
wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
"IEEE 802.1X: Scheduled disconnection of " MACSTR
" after EAP-Failure", MAC2STR(sta->addr));
Copy WLAN-Reason-Code value from Access-Reject to Deauthentication This makes hostapd use the WLAN-Reason-Code value from Access-Reject when disconnecting a station due to IEEE 802.1X authentication failure. If the RADIUS server does not include this attribute, the default value 23 (IEEE 802.1X authentication failed) is used. That value was the previously hardcoded reason code. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 19:55:33 +01:00
reason = sta->disconnect_reason_code;
if (!reason)
reason = WLAN_REASON_IEEE_802_1X_AUTH_FAILED;
ap_sta_disconnect(hapd, sta, sta->addr, reason);
Use eloop timeout for post-EAP-Failure wait before disconnection Previously, os_sleep() was used to block the hostapd (or wpa_supplicant AP/P2P GO mode) processing between sending out EAP-Failure and disconnecting the STA. This is not ideal for couple of reasons: it blocks all other parallel operations in the process and it leaves a window during which the station might deauthenticate and the AP would have no option for reacting to that before forcing out its own Deauthentication frame which could go out after the STA has already started new connection attempt. Improve this design by scheduling an eloop timeout of 10 ms instead of the os_sleep() call and perform the delayed operations from the eloop callback function. This eloop timeout is cancelled if the STA disconnects or initiates a new connection attempt before the 10 ms time is reached. This gets rid of the confusing extra Deauthentication frame in cases where the STA reacts to EAP-Failure by an immediate deauthentication. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-06 17:12:11 +01:00
if (sta->flags & WLAN_STA_WPS)
hostapd_wps_eap_completed(hapd);
}
void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
struct sta_info *sta)
{
wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
"IEEE 802.1X: Force disconnection of " MACSTR
" after EAP-Failure in 10 ms", MAC2STR(sta->addr));
/*
* Add a small sleep to increase likelihood of previously requested
* EAP-Failure TX getting out before this should the driver reorder
* operations.
*/
eloop_cancel_timeout(ap_sta_delayed_1x_auth_fail_cb, hapd, sta);
eloop_register_timeout(0, 10000, ap_sta_delayed_1x_auth_fail_cb,
hapd, sta);
}
int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
struct sta_info *sta)
{
return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb,
hapd, sta);
}
Reference in a new issue Copy permalink