jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
hostap/src/ap/sta_info.h

367 lines
12 KiB
C
Raw Normal View History

Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/*
* hostapd / Station table
OWE: Process Diffie-Hellman Parameter element in AP mode This adds AP side processing for OWE Diffie-Hellman Parameter element in (Re)Association Request frame and adding it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 00:26:43 +01:00
* Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
*
Remove the GPL notification from files contributed by Jouni Malinen Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 15:46:35 +01:00
* This software may be distributed under the terms of the BSD license.
* See README for more details.
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
*/
#ifndef STA_INFO_H
#define STA_INFO_H
mesh: Add mesh peering manager The mesh peering manager establishes and maintains links among mesh peers, tracking each peer link via a finite state machine. This implementation supports open mesh peerings. [assorted fixes from Yu Niiro <yu.niiro@gmail.com>] [more fixes from Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-hostap: Bob Copeland <me@bobcopeland.com>
2014-03-11 05:07:01 +01:00
#include "common/defs.h"
AP: Add Neighbor Discovery snooping mechanism for Proxy ARP This commit establishes the infrastructure, and handles the Neighbor Solicitation and Neighbor Advertisement frames. This will be extended in the future to handle other frames. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-01 07:33:41 +01:00
#include "list.h"
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
#include "vlan.h"
FILS: ERP-based PMKSA cache addition on AP hostapd did not add a new PMKSA cache entry when FILS shared key authentication was used, i.e., only the initial full authentication resulted in a PMKSA cache entry being created. Derive the PMKID for the ERP case as well and add a PMKSA cache entry if the ERP exchange succeeds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-05 16:52:23 +02:00
#include "common/wpa_common.h"
FILS: Process FILS Authentication frame (AP) This implements processing of FILS Authentication frame for FILS shared key authentication with ERP and PMKSA caching. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-04 23:04:21 +02:00
#include "common/ieee802_11_defs.h"
AP: Add Neighbor Discovery snooping mechanism for Proxy ARP This commit establishes the infrastructure, and handles the Neighbor Solicitation and Neighbor Advertisement frames. This will be extended in the future to handle other frames. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-01 07:33:41 +01:00
Merge hostapd/sta_flags.h into sta_info.h The separate header file is not needed since none of the driver wrappers include it anymore. Move the WLAN_STA_* definitions back to be together with struct sta_info definition.
2009-12-13 10:41:46 +01:00
/* STA flags */
#define WLAN_STA_AUTH BIT(0)
#define WLAN_STA_ASSOC BIT(1)
#define WLAN_STA_AUTHORIZED BIT(5)
#define WLAN_STA_PENDING_POLL BIT(6) /* pending activity poll not ACKed */
#define WLAN_STA_SHORT_PREAMBLE BIT(7)
#define WLAN_STA_PREAUTH BIT(8)
#define WLAN_STA_WMM BIT(9)
#define WLAN_STA_MFP BIT(10)
#define WLAN_STA_HT BIT(11)
#define WLAN_STA_WPS BIT(12)
#define WLAN_STA_MAYBE_WPS BIT(13)
hostapd: Add WDS (4-address frame) mode with per-station interfaces This mode allows associated stations to use 4-address frames to allow layer 2 bridging to be used. At least for the time being, this is only supported with driver=nl80211.
2009-12-24 10:46:22 +01:00
#define WLAN_STA_WDS BIT(14)
Add workaround for race condition with AssocResp TX status It may take some time for the TX status to be delivered for a (Re)Association Response frame and if any Data frames are received during that time, they may end up getting dropped as Class 3 frames in not-associated state. This results in a Disassociation frame being sent to the station and it assuming that the association has been lost. Work around the issue by remembering that the (Re)Association Request has already been accepted and skip the Deauth/Disassoc sending because of the possible Class 3 frames before the TX status callback is received.
2011-04-15 18:26:28 +02:00
#define WLAN_STA_ASSOC_REQ_OK BIT(15)
WPS: Wait for EAPOL-Start unless WPS 2.0 station as workaround Extend the code that waits for the station to send EAPOL-Start before initiating EAPOL authenticator operations to cover the case where the station includes WPS IE in (Re)Association Request frame if that IE does not include support for WPS 2.0. While this should not really be needed, this may help with some deployed WPS 1.0 stations that do not support EAPOL operations correctly and may get confused of the EAP-Request/Identity packets that would show up twice if EAPOL-Start is transmitted.
2011-08-28 18:16:59 +02:00
#define WLAN_STA_WPS2 BIT(16)
Interworking: Add GAS server support for AP mode This adds GAS/ANQP implementation into hostapd. This commit brings in the basic GAS/ANQP functionality, but only the ANQP Capability List element is supported. For testing purposes, hostapd control interface SET command can be used to set the gas_frag_limit parameter dynamically. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 21:34:19 +01:00
#define WLAN_STA_GAS BIT(17)
VHT: Store VHT capabilities and manage VHT flag for STAs Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 18:49:18 +02:00
#define WLAN_STA_VHT BIT(18)
WNM: Add STA flag to indicate the current WNM-Sleep-Mode state This can be useful for displaying the current STA state and also for determining whether some operations are likely to fail or need additional delay. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:06:52 +01:00
#define WLAN_STA_WNM_SLEEP_MODE BIT(19)
hostapd: Add Operating Mode Notification support Handle Operating Mode Notification received in (Re)Association Request frames. Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
2014-02-10 13:43:05 +01:00
#define WLAN_STA_VHT_OPMODE_ENABLED BIT(20)
hostapd: Add vendor specific VHT extension for the 2.4 GHz band This allows vendor specific information element to be used to advertise support for VHT on 2.4 GHz band. In practice, this is used to enable use of 256 QAM rates (VHT-MCS 8 and 9) on 2.4 GHz band. This functionality is disabled by default, but can be enabled with vendor_vht=1 parameter in hostapd.conf if the driver advertises support for VHT on either 2.4 or 5 GHz bands. Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
2014-11-10 16:12:29 +01:00
#define WLAN_STA_VENDOR_VHT BIT(21)
FILS: Process FILS Authentication frame (AP) This implements processing of FILS Authentication frame for FILS shared key authentication with ERP and PMKSA caching. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-04 23:04:21 +02:00
#define WLAN_STA_PENDING_FILS_ERP BIT(22)
hostapd: Add Multi-AP protocol support The purpose of Multi-AP specification is to enable inter-operability across Wi-Fi access points (APs) from different vendors. This patch introduces one new configuration parameter 'multi_ap' to enable Multi-AP functionality and to configure the BSS as a backhaul and/or fronthaul BSS. Advertise vendor specific Multi-AP capabilities in (Re)Association Response frame, if Multi-AP functionality is enabled through the configuration parameter. A backhaul AP must support receiving both 3addr and 4addr frames from a backhaul STA, so create a VLAN for it just like is done for WDS, i.e., by calling hostapd_set_wds_sta(). Since Multi-AP requires WPA2 (never WEP), we can safely call hostapd_set_wds_encryption() as well and we can reuse the entire WDS condition. To parse the Multi-AP Extension subelement, we use get_ie(): even though that function is meant for parsing IEs, it works for subelements. Signed-off-by: Venkateswara Naralasetty <vnaralas@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-12-05 11:23:51 +01:00
#define WLAN_STA_MULTI_AP BIT(23)
HE: Add AP mode MLME/SME handling for HE stations Process HE information in (Re)Association Request frames and add HE elements into (Re)Association Response frames when HE is enabled in the BSS. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
2019-05-20 09:55:05 +02:00
#define WLAN_STA_HE BIT(24)
HE: Process HE 6 GHz band capab from associating HE STA Process HE 6 GHz band capabilities in (Re)Association Request frames and pass the information to the driver. Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-04-25 00:45:41 +02:00
#define WLAN_STA_6GHZ BIT(25)
Fix Deauth/Disassoc callback handling with test frames The Deauth/Disassoc TX status callbacks were ending up kicking the station entry from kernel driver when test functionality was used to inject Deauth/Disassoc frames from the AP with the purpose of leaving the local association in place. Fix this by using STA flags to figure out whether there was a pending callback for the frame that we need to act on. In addition, add forgotten functionality for the Disassoc TX status callback to match the behavior with Deauth.
2011-09-06 20:03:02 +02:00
#define WLAN_STA_PENDING_DISASSOC_CB BIT(29)
#define WLAN_STA_PENDING_DEAUTH_CB BIT(30)
Merge hostapd/sta_flags.h into sta_info.h The separate header file is not needed since none of the driver wrappers include it anymore. Move the WLAN_STA_* definitions back to be together with struct sta_info definition.
2009-12-13 10:41:46 +01:00
#define WLAN_STA_NONERP BIT(31)
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
/* Maximum number of supported rates (from both Supported Rates and Extended
* Supported Rates IEs). */
#define WLAN_SUPP_RATES_MAX 32
FILS: Make handle_auth_fils() re-usable for driver-based AP SME Allow this function to be called from outside ieee802_11.c and with the final steps replaced through a callback function. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-21 17:42:00 +02:00
struct hostapd_data;
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
MBO: Parse non-preferred channel list on the AP This adds parsing of non-preferred channel list on an MBO AP. The information in (Re)Association Request and WNM Notification Request frames is parsed to get the initial value and updates from each associated MBO STA. The parsed information is available through the STA control interface command non_pref_chan[i] rows. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 19:37:21 +01:00
struct mbo_non_pref_chan_info {
struct mbo_non_pref_chan_info *next;
u8 op_class;
u8 pref;
u8 reason_code;
u8 num_channels;
u8 channels[];
};
AP: Save EAPOL received before Association Response ACK There is a race condition in which AP might receive the EAPOL-Start frame (from the just-associated station) before the TX completion of the Association Response frame. This in turn will cause the EAPOL-Start frame to get dropped, and potentially failing the connection. Solve this by saving EAPOL frames from authenticated-but-not-associated stations, and handling them during the Association Response frame TX completion processing. Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 10:29:16 +01:00
struct pending_eapol_rx {
struct wpabuf *buf;
struct os_reltime rx_time;
};
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
struct sta_info {
struct sta_info *next; /* next entry in sta list */
struct sta_info *hnext; /* next entry in hash table list */
u8 addr[6];
AP: Add support for Proxy ARP, DHCP snooping mechanism Proxy ARP allows the AP devices to keep track of the hardware address to IP address mapping of the STA devices within the BSS. When a request for such information is made (i.e., ARP request, Neighbor Solicitation), the AP will respond on behalf of the STA device within the BSS. Such requests could originate from a device within the BSS or also from the bridge. In the process of the AP replying to the request (i.e., ARP reply, Neighbor Advertisement), the AP will drop the original request frame. The relevant STA will not even know that such information was ever requested. This feature is a requirement for Hotspot 2.0, and is defined in IEEE Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly resides in the kernel bridge code, in order to optimize the performance and simplify kernel implementation, the DHCP snooping code was added to the hostapd. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
be32 ipaddr;
AP: Add Neighbor Discovery snooping mechanism for Proxy ARP This commit establishes the infrastructure, and handles the Neighbor Solicitation and Neighbor Advertisement frames. This will be extended in the future to handle other frames. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-01 07:33:41 +01:00
struct dl_list ip6addr; /* list head for struct ip6addr */
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */
Copy WLAN-Reason-Code value from Access-Reject to Deauthentication This makes hostapd use the WLAN-Reason-Code value from Access-Reject when disconnecting a station due to IEEE 802.1X authentication failure. If the RADIUS server does not include this attribute, the default value 23 (IEEE 802.1X authentication failed) is used. That value was the previously hardcoded reason code. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-01-12 19:55:33 +01:00
u16 disconnect_reason_code; /* RADIUS server override */
Merge hostapd/sta_flags.h into sta_info.h The separate header file is not needed since none of the driver wrappers include it anymore. Move the WLAN_STA_* definitions back to be together with struct sta_info definition.
2009-12-13 10:41:46 +01:00
u32 flags; /* Bitfield of WLAN_STA_* */
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
u16 capability;
u16 listen_interval; /* or beacon_int for APs */
u8 supported_rates[WLAN_SUPP_RATES_MAX];
int supported_rates_len;
AP: Pass station's WMM configuration to driver wrappers This updates a previous patch did more or less the same thing by providing the qosinfo as a single variable to the driver wrappers. Signed-hostap: Jason Young <jason.young@dspg.com>
2011-12-17 11:38:06 +01:00
u8 qosinfo; /* Valid when WLAN_STA_WMM is set */
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
mesh: Add mesh peering manager The mesh peering manager establishes and maintains links among mesh peers, tracking each peer link via a finite state machine. This implementation supports open mesh peerings. [assorted fixes from Yu Niiro <yu.niiro@gmail.com>] [more fixes from Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-hostap: Bob Copeland <me@bobcopeland.com>
2014-03-11 05:07:01 +01:00
#ifdef CONFIG_MESH
enum mesh_plink_state plink_state;
u16 peer_lid;
u16 my_lid;
mesh: Report mesh peer AID to kernel Previously, mesh power management functionality works only with kernel MPM. Because user space MPM did not report mesh peer AID to kernel, the kernel could not identify the bit in TIM element. So this patch reports mesh peer AID to kernel. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-01 03:22:39 +02:00
u16 peer_aid;
mesh: Add mesh peering manager The mesh peering manager establishes and maintains links among mesh peers, tracking each peer link via a finite state machine. This implementation supports open mesh peerings. [assorted fixes from Yu Niiro <yu.niiro@gmail.com>] [more fixes from Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-hostap: Bob Copeland <me@bobcopeland.com>
2014-03-11 05:07:01 +01:00
u16 mpm_close_reason;
int mpm_retries;
mesh: Use WPA_NONCE_LEN macro No need to use the magic value 32 here since there is a generic define for the RSN-related nonce values. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 13:01:47 +02:00
u8 my_nonce[WPA_NONCE_LEN];
u8 peer_nonce[WPA_NONCE_LEN];
mesh: Add mesh robust security network This implementation provides: - Mesh SAE authentication mechanism - Key management (set/get PSK) - Cryptographic key establishment - Enhanced protection mechanisms for robust management frames Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
2014-09-01 06:23:29 +02:00
u8 aek[32]; /* SHA256 digest length */
mesh: Add variable length MTK support This is needed as a part in enabling support for different pairwise ciphers in mesh. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 13:35:35 +02:00
u8 mtk[WPA_TK_MAX_LEN];
size_t mtk_len;
mesh: Clean up AMPE element encoding and parsing The AMPE element includes number of optional and variable length fields and those cannot really be represented by a fixed struct ieee80211_ampe_ie. Remove the optional fields from the struct and build/parse these fields separately. This is also adding support for IGTKdata that was completely missing from the previous implementation. In addition, Key RSC for MGTK is now filled in and used when configuring the RX MGTK for a peer. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 13:11:23 +02:00
u8 mgtk_rsc[6];
mesh: Avoid use of hardcoded cipher This moves pairwise, group, and management group ciphers to various mesh data structures to avoid having to hardcode cipher in number of places through the code. While CCMP and BIP are still the hardcoded ciphers, these are now set only in one location. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 21:14:37 +02:00
u8 mgtk_key_id;
mesh: Use variable length MGTK for RX This extends the data structures to allow variable length MGTK to be stored for RX. This is needed as an initial step towards supporting different cipher suites. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 13:45:35 +02:00
u8 mgtk[WPA_TK_MAX_LEN];
size_t mgtk_len;
mesh: Clean up AMPE element encoding and parsing The AMPE element includes number of optional and variable length fields and those cannot really be represented by a fixed struct ieee80211_ampe_ie. Remove the optional fields from the struct and build/parse these fields separately. This is also adding support for IGTKdata that was completely missing from the previous implementation. In addition, Key RSC for MGTK is now filled in and used when configuring the RX MGTK for a peer. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 13:11:23 +02:00
u8 igtk_rsc[6];
mesh: Do not use RX MGTK as RX IGTK The previous implementation was incorrect in forcing the MGTK to be used as the IGTK as well. Define new variable for storing IGTK and use that, if set, to configure IGTK to the driver. This commit does not yet fix AMPE element parsing to fill in this information. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 14:50:14 +02:00
u8 igtk[WPA_TK_MAX_LEN];
size_t igtk_len;
mesh: Clean up AMPE element encoding and parsing The AMPE element includes number of optional and variable length fields and those cannot really be represented by a fixed struct ieee80211_ampe_ie. Remove the optional fields from the struct and build/parse these fields separately. This is also adding support for IGTKdata that was completely missing from the previous implementation. In addition, Key RSC for MGTK is now filled in and used when configuring the RX MGTK for a peer. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 13:11:23 +02:00
u16 igtk_key_id;
mesh: Add timer for SAE authentication in RSN mesh Add timer to do SAE re-authentication with number of tries defined by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT. Ignoring the sending of reply message on "SAE confirm before commit" to avoid "ping-pong" issues with other mesh nodes. This is obvious when number of mesh nodes in MBSS reaching 6. Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: Bob Copeland <me@bobcopeland.com>
2014-09-01 06:23:31 +02:00
u8 sae_auth_retry;
mesh: Add mesh peering manager The mesh peering manager establishes and maintains links among mesh peers, tracking each peer link via a finite state machine. This implementation supports open mesh peerings. [assorted fixes from Yu Niiro <yu.niiro@gmail.com>] [more fixes from Masashi Honma <masashi.honma@gmail.com>] Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Ashok Nagarajan <ashok.dragon@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-hostap: Bob Copeland <me@bobcopeland.com>
2014-03-11 05:07:01 +01:00
#endif /* CONFIG_MESH */
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
unsigned int nonerp_set:1;
unsigned int no_short_slot_time_set:1;
unsigned int no_short_preamble_set:1;
unsigned int no_ht_gf_set:1;
unsigned int no_ht_set:1;
hostapd: Extend support for HT 20/40 coexistence feature Extend the minimal HT 20/40 co-ex support to include dynamic changes during the lifetime of the BSS. If any STA connects to a 2.4 GHz AP with 40 MHz intolerant bit set then the AP will switch to 20 MHz operating mode. If for a period of time specified by OBSS delay factor and OBSS scan interval AP does not have any information about 40 MHz intolerant STAs, the BSS is switched from HT20 to HT40 mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-14 19:40:56 +02:00
unsigned int ht40_intolerant_set:1;
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
unsigned int ht_20mhz_set:1;
P2P: Disable periodic NoA when non-P2P STA is connected For now, this applies to the test command that can be used to set periodic NoA (p2p_set noa). The value are stored and periodic NoA is enabled whenever there are no non-P2P STAs connected to the GO.
2010-07-09 02:14:24 +02:00
unsigned int no_p2p_set:1;
Interworking: Add support for QoS Mapping functionality for the AP This allows QoS Map Set element to be added to (Re)Association Response frames and in QoS Map Configure frame. The QoS Mapping parameters are also made available for the driver interface. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-24 11:28:20 +02:00
unsigned int qos_map_enabled:1;
HS 2.0R2 AP: Use Subscr Remediation request from RADIUS server If the RADIUS server includes the WFA RADIUS VSA in Access-Accept to indicate need for subscription remediation, copy the server URL from the message and send it to the station after successfully completed 4-way handshake (i.e., after PTK is set to allow PMF to work) in a WNM-Notification. AP must not allow PMKSA caching to be used after subscription remediation association, so do not add the PMKSA cache entry whenever the authentication server is indicating need for subscription remediation. This allows station reassociation to use EAP authentication to move to non-remediation connection. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-21 23:48:48 +01:00
unsigned int remediation:1;
HS 2.0R2 AP: Add support for deauthentication request If the RADIUS server includes deauthentication request in Access-Accept, send a WNM-Notification frame to the station after 4-way handshake and disconnect the station after configurable timeout. A new control interface command, WNM_DEAUTH_REQ, is added for testing purposes to allow the notification frame to sent based on local request. This case does not disconnect the station automatically, i.e., a separate control interface command would be needed for that. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-26 21:13:58 +02:00
unsigned int hs20_deauth_requested:1;
Fix PMKSA cache timeout from Session-Timeout in WPA/WPA2 cases Previously, WPA/WPA2 case ended up using the hardcoded dot11RSNAConfigPMKLifetime (43200 seconds) for PMKSA cache entries instead of using the Session-Timeout value from the RADIUS server (if included in Access-Accept). Store a copy of the Session-Timeout value and use it instead of the default value so that WPA/WPA2 cases get the proper timeout similarly to non-WPA/WPA2 cases. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-04 18:36:48 +02:00
unsigned int session_timeout_set:1;
RADIUS DAS: Check for single session match for Disconnect-Request Previously, the first matching STA was picked. That is not really the design in RFC 5176, so extend this matching code to go through all specified session identification attributes and verify that all of them match. In addition, check for a possible case of multiple sessions matching. If such a case is detected, return with Disconnect-NAK and Error-Code 508 (multiple session selection not supported). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-16 11:10:52 +01:00
unsigned int radius_das_match:1;
P2P: Implement P2P_GO_FREQ_MOVE_SCM_ECSA policy Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers SCM if all the clients advertise eCSA support and the candidate frequency is one of the group common frequencies. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-09-08 11:46:20 +02:00
unsigned int ecsa_supported:1;
AP: Add support for full station state Add support for drivers that support full AP client state, i.e., can handle adding stations that are not associated yet. For such drivers, add a station after processing the authentication request, instead of adding it in the association response callback. Doing so is beneficial in cases where the driver cannot handle the add station request, in which case it is useless to perform the complete connection establishment. Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-02-16 10:54:32 +01:00
unsigned int added_unassoc:1;
Fix race condition between AssocResp callback and 4addr event It is apparently possible for the NL80211_CMD_UNEXPECTED_4ADDR_FRAME event to be delivered to hostapd before the NL80211_CMD_FRAME_TX_STATUS event for (Re)Association Response frame. This resulted in the 4-address WDS mode not getting enabled for a STA. This could occur in particular when operating under heavy load and the STA is reconnecting to the same AP in a sequence where Deauthentication frame is followed immediately by Authentication frame and the driver event processing gets delayed due to removal of the previous netdev taking time in the middle of this sequence. Fix this by recording a pending item for 4-address WDS enabling if the NL80211_CMD_UNEXPECTED_4ADDR_FRAME event would have been dropped due to incompleted association and then process this pending item if the TX status for the (Re)Association Response frame is received and it shows that the frame was acknowledged. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-20 00:30:09 +01:00
unsigned int pending_wds_enable:1;
hostapd: Add Min/Max Transmit Power Capability into STA command This provides access to the Minimum/Maximum Transmit Power Capabilitie fileds (the nominal minimum/maximum transmit power with which the STA is capable of transmitting in the current channel; signed integer in units of decibels relative to 1 mW). Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-06 17:03:25 +02:00
unsigned int power_capab:1;
hostapd: Ignore LOW_ACK event for co-operative steering clients Ignore hostapd_event_sta_low_ack for a station which has agreed to steering by checking the agreed_to_steer flag. This flag will be set whenever a station accepts the BSS transition request from the AP. Without this ignoring of the LOW_ACK event, the steering in-progress might be affected due to disassociation. In this way AP will allow some time (two seconds) for the station to move away and reset the flag after the timeout. Co-Developed-by: Tamizh Chelvam <tamizhr@codeaurora.org> Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org> Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
2018-03-13 04:20:28 +01:00
unsigned int agreed_to_steer:1;
HS 2.0: Send Terms and Conditions Acceptance notification This extends hostapd Access-Accept processing to check if the RADIUS server indicated that Terms and Conditions Acceptance is required. The new hs20_t_c_server_url parameter is used to specify the server URL template that the STA is requested to visit. This commit does not enable any kind of filtering, i.e., only the part of forwarding a request from Access-Accept to the STA using WNM-Notification is covered. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-23 23:05:44 +02:00
unsigned int hs20_t_c_filtering:1;
FT: Allow STA entry to be removed/re-added with FT-over-the-DS FT-over-the-DS has a special case where the STA entry (and as such, the TK) has not yet been configured to the driver depending on which driver interface is used. For that case, allow add-STA operation to be used (instead of set-STA). This is needed to allow mac80211-based drivers to accept the STA parameter configuration. Since this is after a new FT-over-DS exchange, a new TK has been derived after the last STA entry was added to the driver, so key reinstallation is not a concern for this case. Fixes: 0e3bd7ac684a ("hostapd: Avoid key reinstallation in FT handshake") Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-04 21:58:56 +01:00
unsigned int ft_over_ds:1;
hostapd: Process OWE IE and update DH IE to the driver if needed This implements the required functionality in hostapd to facilitate OWE connection with the AP SME-in-driver cases. Stations can either send DH IE or PMKID (in RSNE) (or both) in Association Request frame during the OWE handshake. The drivers that use this offload mechanism do not interpret this information and instead, pass the same to hostapd for further processing. hostapd will either validate the PMKID obtained from the STA or generate DH IE and further indicate the same to the driver. The driver further sends this information in the Association Response frame. Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org> Signed-off-by: Liangwei Dong <liangwei@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-05-29 11:11:48 +02:00
unsigned int external_dh_updated:1;
OCV: Disconnect STAs that do not use SA Query after CSA Verify that all associated STAs that claim support for OCV initiate an SA Query after CSA. If no SA Query is seen within 15 seconds, deauthenticate the STA. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-05-25 20:55:49 +02:00
unsigned int post_csa_sa_query:1;
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
u16 auth_alg;
enum {
WNM: Add disassociation timeout processing for ESS_DISASSOC The hostapd_cli ess_disassoc command now takes three arguments (STA MAC address, timeout in ms, URL) and the STA is disconnected after the specified timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-05 17:41:26 +02:00
STA_NULLFUNC = 0, STA_DISASSOC, STA_DEAUTH, STA_REMOVE,
STA_DISASSOC_FROM_CLI
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
} timeout_next;
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
u16 deauth_reason;
u16 disassoc_reason;
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
/* IEEE 802.1X related data */
struct eapol_state_machine *eapol_sm;
AP: Save EAPOL received before Association Response ACK There is a race condition in which AP might receive the EAPOL-Start frame (from the just-associated station) before the TX completion of the Association Response frame. This in turn will cause the EAPOL-Start frame to get dropped, and potentially failing the connection. Solve this by saving EAPOL frames from authenticated-but-not-associated stations, and handling them during the Association Response frame TX completion processing. Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 10:29:16 +01:00
struct pending_eapol_rx *pending_eapol_rx;
RADIUS: Use more likely unique accounting Acct-{,Multi-}Session-Id Rework the Acct-Session-Id and Acct-Multi-Session-Id implementation to give better global and temporal uniqueness. Previously, only 32-bits of the Acct-Session-Id would contain random data, the other 32-bits would be incremented. Previously, the Acct-Multi-Session-Id would not use random data. Switch from two u32 variables to a single u64 for the Acct-Session-Id and Acct-Multi-Session-Id. Do not increment, this serves no legitimate purpose. Exclusively use os_get_random() to get quality random numbers, do not use or mix in the time. Inherently take a dependency on /dev/urandom working properly therefore. Remove the global Acct-Session-Id and Acct-Multi-Session-Id values that serve no legitimate purpose. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-01-24 12:37:46 +01:00
u64 acct_session_id;
AP: Use monotonic time for STA accounting For type-safety, make sta->acct_session_start a struct os_reltime and then use monotonic time for accounting. For RADIUS reporting, continue to use wall clock time as specified by RFC 2869, but for the session time use monotonic time. Interestingly, RFC 2869 doesn't specify a timezone, so the value is somewhat arbitrary. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-16 21:08:22 +01:00
struct os_reltime acct_session_start;
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
int acct_session_started;
int acct_terminate_cause; /* Acct-Terminate-Cause */
int acct_interim_interval; /* Acct-Interim-Interval */
RADIUS: Update full message for interim accounting updates Instead of using the RADIUS client retransmission design with the old RADIUS message contents for each retry, trigger a completely new interim accounting update instance more quickly (using the same schedule as RADIUS message retransmissions) to improve accounting updates in cases where RADIUS message delivery fails. This allows the server to get up to date information from the time the "retry" message was sent instead of the old information from the time the first failed attempt was sent. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-29 10:44:43 +01:00
unsigned int acct_interim_errors;
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
Use 64-bit TX/RX byte counters for statistics If the driver supports 64-bit TX/RX byte counters, use them directly. The old 32-bit counter extension is maintained for backwards compatibility with older drivers. For nl80211 driver interface, the newer NL80211_STA_INFO_RX_BYTES64 and NL80211_STA_INFO_TX_BYTES64 attributes are used when available. This resolves the race vulnerable 32-bit value wrap/overflow. Rework RADIUS accounting to use these for Acct-Input-Octets, Acct-Input-Gigawords, Acct-Output-Octets, and Acct-Output-Gigawords, these values are often used for billing purposes. Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-19 16:22:25 +01:00
/* For extending 32-bit driver counters to 64-bit counters */
u32 last_rx_bytes_hi;
u32 last_rx_bytes_lo;
u32 last_tx_bytes_hi;
u32 last_tx_bytes_lo;
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
u8 *challenge; /* IEEE 802.11 Shared Key Authentication Challenge */
struct wpa_state_machine *wpa_sm;
struct rsn_preauth_interface *preauth_iface;
Fix RSN preauthentication with dynamic_vlan enabled but unused sta->vlan_id == -1 means no VLAN, as does vlan_id = 0. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:46 +02:00
int vlan_id; /* 0: none, >0: VID */
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
struct vlan_description *vlan_desc;
Remove VLAN interface on STA free Currently, vlan_remove_dynamic() is only called when the station VLAN ID is changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic VLAN interfaces are not removed actually except within 1x reauthentification VLAN ID change, although most of the code is already there. This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta(). It cannot just use sta->vlan_id for this, as this might have been changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth fetches from RADIUS cache for WPA-PSK), thus reference counting might not have been updated. Additionally, reference counting might get wrong due to old_vlanid = 0 being passed unconditionally, thus increasing the reference counter multiple times. So tracking the currently assigned (i.e., dynamic_vlan counter increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and setting the VLAN for the sta in driver happens unconditionally. Additionally, vlan->dynamic_vlan is only incremented when it actually is a dynamic VLAN. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
int vlan_id_bound; /* updated by ap_sta_bind_vlan() */
Keep and use list of PSKs per station for RADIUS-based PSK This adds support for multiple PSKs per station when using a RADIUS authentication server to fetch the PSKs during MAC address authentication step. This can be useful if multiple users share a device but each user has his or her own private passphrase. Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2012-11-25 16:49:25 +01:00
/* PSKs from RADIUS authentication server */
struct hostapd_sta_wpa_psk_short *psk;
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
Copy User-Name/CUI from RADIUS ACL to STA entry Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2012-08-19 13:20:10 +02:00
char *identity; /* User-Name from RADIUS */
char *radius_cui; /* Chargeable-User-Identity from RADIUS */
Allocate sta->ht_capabilities dynamically This avoids need for conditional inclusion of header file into sta_info.h and cleans up the code a bit.
2009-11-29 20:07:52 +01:00
struct ieee80211_ht_capabilities *ht_capabilities;
VHT: Store VHT capabilities and manage VHT flag for STAs Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 18:49:18 +02:00
struct ieee80211_vht_capabilities *vht_capabilities;
Store the VHT Operation element of an associated STA APs and mesh peers use the VHT Operation element to advertise certain channel properties (e.g., the bandwidth of the channel). Save this information element so we can later access this information. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:24 +02:00
struct ieee80211_vht_operation *vht_operation;
hostapd: Add Operating Mode Notification support Handle Operating Mode Notification received in (Re)Association Request frames. Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
2014-02-10 13:43:05 +01:00
u8 vht_opmode;
HE: Add AP mode MLME/SME handling for HE stations Process HE information in (Re)Association Request frames and add HE elements into (Re)Association Response frames when HE is enabled in the BSS. Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com> Signed-off-by: John Crispin <john@phrozen.org>
2019-05-20 09:55:05 +02:00
struct ieee80211_he_capabilities *he_capab;
size_t he_capab_len;
HE: Process HE 6 GHz band capab from associating HE STA Process HE 6 GHz band capabilities in (Re)Association Request frames and pass the information to the driver. Signed-off-by: Rajkumar Manoharan <rmanohar@codeaurora.org>
2020-04-25 00:45:41 +02:00
struct ieee80211_he_6ghz_band_cap *he_6ghz_capab;
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
int sa_query_count; /* number of pending SA Query requests;
* 0 = no SA Query in progress */
int sa_query_timed_out;
u8 *sa_query_trans_id; /* buffer of WLAN_SA_QUERY_TR_ID_LEN *
* sa_query_count octets of pending SA Query
* transaction identifiers */
AP: Use monotonic clock for SA query timeout The usual, any timeouts should be using monotonic time. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-11-25 21:56:09 +01:00
struct os_reltime sa_query_start;
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
DPP: Integration for hostapd This adds DPP bootstrapping, authentication, and configuration into hostapd similarly to how the design was integrated in wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 21:16:45 +02:00
#if defined(CONFIG_INTERWORKING) || defined(CONFIG_DPP)
Interworking: Add GAS server support for AP mode This adds GAS/ANQP implementation into hostapd. This commit brings in the basic GAS/ANQP functionality, but only the ANQP Capability List element is supported. For testing purposes, hostapd control interface SET command can be used to set the gas_frag_limit parameter dynamically. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 21:34:19 +01:00
#define GAS_DIALOG_MAX 8 /* Max concurrent dialog number */
struct gas_dialog_info *gas_dialog;
u8 gas_dialog_next;
DPP: Integration for hostapd This adds DPP bootstrapping, authentication, and configuration into hostapd similarly to how the design was integrated in wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-06-15 21:16:45 +02:00
#endif /* CONFIG_INTERWORKING || CONFIG_DPP */
Interworking: Add GAS server support for AP mode This adds GAS/ANQP implementation into hostapd. This commit brings in the basic GAS/ANQP functionality, but only the ANQP Capability List element is supported. For testing purposes, hostapd control interface SET command can be used to set the gas_frag_limit parameter dynamically. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-26 21:34:19 +01:00
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
struct wpabuf *wps_ie; /* WPS IE from (Re)Association Request */
P2P: Save a copy of P2P IE(s) data from (Re)Association Request
2010-07-18 23:30:25 +02:00
struct wpabuf *p2p_ie; /* P2P IE from (Re)Association Request */
HS 2.0: Maintain a copy of HS 2.0 Indication from Association Request This allows the AP to figure out whether a station is a HS 2.0 STA during the association and access any information that the STA may have included in this element. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-21 23:19:17 +01:00
struct wpabuf *hs20_ie; /* HS 2.0 IE from (Re)Association Request */
HS 2.0: Copy Roaming Consortium OI from (Re)AssocReq to Access-Request This extends hostapd processing of (Re)Association Request frames to store a local copy of the Consortium OI within the Roaming Consortium Selection element, if present, and then add that in HS 2.0 Roaming Consortium attribute into RADIUS Access-Request messages. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-04-17 12:08:31 +02:00
/* Hotspot 2.0 Roaming Consortium from (Re)Association Request */
struct wpabuf *roaming_consortium;
HS 2.0R2 AP: Use Subscr Remediation request from RADIUS server If the RADIUS server includes the WFA RADIUS VSA in Access-Accept to indicate need for subscription remediation, copy the server URL from the message and send it to the station after successfully completed 4-way handshake (i.e., after PTK is set to allow PMF to work) in a WNM-Notification. AP must not allow PMKSA caching to be used after subscription remediation association, so do not add the PMKSA cache entry whenever the authentication server is indicating need for subscription remediation. This allows station reassociation to use EAP authentication to move to non-remediation connection. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-21 23:48:48 +01:00
u8 remediation_method;
char *remediation_url; /* HS 2.0 Subscription Remediation Server URL */
HS 2.0: Move Terms and Conditions Server URL generation from AP to AS This makes it more convenient to generate the URL in a way that interoperates between different vendors. The AP is simply copying the already constructed URL as-is from Access-Accept to WNM-Notification. This means that the HO AAA can generate the URL in a manner that works for the associated T&C Server without having to coordinate with each AP. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2018-06-21 19:50:54 +02:00
char *t_c_url; /* HS 2.0 Terms and Conditions Server URL */
HS 2.0R2 AP: Add support for deauthentication request If the RADIUS server includes deauthentication request in Access-Accept, send a WNM-Notification frame to the station after 4-way handshake and disconnect the station after configurable timeout. A new control interface command, WNM_DEAUTH_REQ, is added for testing purposes to allow the notification frame to sent based on local request. This case does not disconnect the station automatically, i.e., a separate control interface command would be needed for that. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-26 21:13:58 +02:00
struct wpabuf *hs20_deauth_req;
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP If the authentication server includes the WFA HS 2.0 Session Info URL AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be transmitted specified warning time prior to session timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 23:39:30 +02:00
char *hs20_session_info_url;
int hs20_disassoc_timer;
FST: Store MB IEs from (Re)Association Request Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-21 14:30:48 +01:00
#ifdef CONFIG_FST
struct wpabuf *mb_ies; /* MB IEs from (Re)Association Request */
#endif /* CONFIG_FST */
Include connected time in AP mode STA-* commands This allows hostapd_cli and wpa_cli all_sta command to be used to display connected time (in seconds) of each station in AP mode. Signed-hostap: Raja Mani <rmani@qca.qualcomm.com>
2012-09-26 12:52:19 +02:00
AP: Use monotonic time for STA connected time Connected time is relative, so should be using monotonic time rather than time of day. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-11-25 21:56:04 +01:00
struct os_reltime connected_time;
Add initial parts for SAE This introduces new AKM for SAE and FT-SAE and adds the initial parts for going through the SAE Authentication frame exchange. The actual SAE algorithm and new fields in Authentication frames are not yet included in this commit and will be added separately. This version is able to complete a dummy authentication with the correct authentication algorithm and transaction values to allow cfg80211/mac80211 drivers to be tested (all the missing parts can be handled with hostapd/wpa_supplicant changes). Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 18:51:07 +02:00
#ifdef CONFIG_SAE
SAE: Use a shared data structure for AP and station This makes it easier to share common functions for both roles. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-30 20:48:19 +01:00
struct sae_data *sae;
mesh: Add support for PMKSA caching This patch add functionality of mesh SAE PMKSA caching. If the local STA already has peer's PMKSA entry in the cache, skip SAE authentication and start AMPE with the cached value. If the peer does not support PMKSA caching or does not have the local STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry of the peer will be removed. Then STA retries with ordinary SAE authentication. If the peer does not support PMKSA caching and the local STA uses no_auto_peer=1, the local STA can not retry SAE authentication because NEW_PEER_CANDIDATE event cannot start SAE authentication when no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use duration(sec). Throughout the duration, the local STA can start SAE authentication triggered by NEW_PEER_CANDIDATE even though no_auto_peer=1. This commit requires commit 70c93963edefa37ef84b73efb9d04ea10268341c ('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit, chosen PMK comparison will fail. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-09 10:16:14 +01:00
unsigned int mesh_sae_pmksa_caching:1;
Add initial parts for SAE This introduces new AKM for SAE and FT-SAE and adds the initial parts for going through the SAE Authentication frame exchange. The actual SAE algorithm and new fields in Authentication frames are not yet included in this commit and will be added separately. This version is able to complete a dummy authentication with the correct authentication algorithm and transaction values to allow cfg80211/mac80211 drivers to be tested (all the missing parts can be handled with hostapd/wpa_supplicant changes). Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 18:51:07 +02:00
#endif /* CONFIG_SAE */
Fix PMKSA cache timeout from Session-Timeout in WPA/WPA2 cases Previously, WPA/WPA2 case ended up using the hardcoded dot11RSNAConfigPMKLifetime (43200 seconds) for PMKSA cache entries instead of using the Session-Timeout value from the RADIUS server (if included in Access-Accept). Store a copy of the Session-Timeout value and use it instead of the default value so that WPA/WPA2 cases get the proper timeout similarly to non-WPA/WPA2 cases. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-04 18:36:48 +02:00
Convert STA session_timeout to os_reltime This is needed to allow the remaining session time to be computed for FT (when sending PMK-R1 to another AP). Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2017-05-18 15:21:56 +02:00
/* valid only if session_timeout_set == 1 */
struct os_reltime session_timeout;
AP: Drop retransmitted auth/assoc/action frames It is possible that a station device might miss an ACK for an authentication, association, or action frame, and thus retransmit the same frame although the frame is already being processed in the stack. While the duplicated frame should really be dropped in the kernel or firmware code where duplicate detection is implemented for data frames, it is possible that pre-association cases are not fully addressed (which is the case at least with mac80211 today) and the frame may be delivered to upper layer stack. In such a case, the local AP will process the retransmitted frame although it has already handled the request, which might cause the station to get confused and as a result disconnect from the AP, blacklist it, etc. To avoid such a case, save the sequence control of the last processed management frame and in case of retransmissions drop them. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-11-05 09:50:34 +01:00
/* Last Authentication/(Re)Association Request/Action frame sequence
* control */
u16 last_seq_ctrl;
/* Last Authentication/(Re)Association Request/Action frame subtype */
u8 last_subtype;
MBO: Track STA cellular data capability from association request This makes hostapd parse the MBO attribute in (Re)Association Request frame and track the cellular data capability (mbo_cell_capa=<val> in STA control interface command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 12:03:28 +01:00
#ifdef CONFIG_MBO
u8 cell_capa; /* 0 = unknown (not an MBO STA); otherwise,
* enum mbo_cellular_capa values */
MBO: Parse non-preferred channel list on the AP This adds parsing of non-preferred channel list on an MBO AP. The information in (Re)Association Request and WNM Notification Request frames is parsed to get the initial value and updates from each associated MBO STA. The parsed information is available through the STA control interface command non_pref_chan[i] rows. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 19:37:21 +01:00
struct mbo_non_pref_chan_info *non_pref_chan;
OCE: RSSI-based rejection to consider Authentication frames (AP) Try to make RSSI-based rejection of associating stations a bit less likely to trigger false rejections by considering RSSI from the last received Authentication frame. Association is rejected only if both the Authentication and (Re)Association Request frames are below the RSSI threshold. Signed-off-by: Jouni Malinen <j@w1.fi>
2019-01-01 17:17:02 +01:00
int auth_rssi; /* Last Authentication frame RSSI */
MBO: Track STA cellular data capability from association request This makes hostapd parse the MBO attribute in (Re)Association Request frame and track the cellular data capability (mbo_cell_capa=<val> in STA control interface command). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 12:03:28 +01:00
#endif /* CONFIG_MBO */
AP: Store STA supported operating classes information This makes hostapd track Supported Operating Classes information from the associated STAs. The stored information is available through the STA control interface command (supp_op_classes row) as a hexdump of the Supported Operating Classes element starting from the Length field. This information can be used as input to BSS transition management and channel switching decisions. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-24 11:20:31 +01:00
u8 *supp_op_classes; /* Supported Operating Classes element, if
* received, starting from the Length field */
hostapd: Save RM enabled capability of station Save RM enabled capability element of an associating station if radio measurement is supported in its capability field. Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-06 18:42:10 +02:00
u8 rrm_enabled_capa[5];
Passive Client Taxonomy Implement the signature mechanism described in the paper "Passive Taxonomy of Wifi Clients using MLME Frame Contents" published by Denton Gentry and Avery Pennarun. http://research.google.com/pubs/pub45429.html https://arxiv.org/abs/1608.01725 This involves: 1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs a memory overhead of up to several kilobytes per associated station. 2. If enabled, store the Probe Request and (Re)Associate Request frame in struct sta_info. 3. Implement code to extract the ID of each Information Element, plus selected fields and bitmasks from certain IEs, into a descriptive text string. This is done in a new source file, src/ap/taxonomy.c. 4. Implement a "signature qq:rr:ss:tt:uu:vv" command in hostapd_cli to retrieve the signature. Signatures take the form of a text string. For example, a signature for the Nexus 5X is: wifi4|probe:0,1,127,45,191,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:338061b2, vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:00000a0201000040|assoc:0,1,48,45, 221(0050f2,2),191,127,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:339071b2, vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:0000000000000040 Signed-off-by: dgentry@google.com (Denton Gentry) Signed-off-by: denny@geekhold.com (Denton Gentry) Signed-off-by: rofrankel@google.com (Richard Frankel) Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-08-15 06:42:48 +02:00
hostapd: Add Min/Max Transmit Power Capability into STA command This provides access to the Minimum/Maximum Transmit Power Capabilitie fileds (the nominal minimum/maximum transmit power with which the STA is capable of transmitting in the current channel; signed integer in units of decibels relative to 1 mW). Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-06 17:03:25 +02:00
s8 min_tx_power;
s8 max_tx_power;
Passive Client Taxonomy Implement the signature mechanism described in the paper "Passive Taxonomy of Wifi Clients using MLME Frame Contents" published by Denton Gentry and Avery Pennarun. http://research.google.com/pubs/pub45429.html https://arxiv.org/abs/1608.01725 This involves: 1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs a memory overhead of up to several kilobytes per associated station. 2. If enabled, store the Probe Request and (Re)Associate Request frame in struct sta_info. 3. Implement code to extract the ID of each Information Element, plus selected fields and bitmasks from certain IEs, into a descriptive text string. This is done in a new source file, src/ap/taxonomy.c. 4. Implement a "signature qq:rr:ss:tt:uu:vv" command in hostapd_cli to retrieve the signature. Signatures take the form of a text string. For example, a signature for the Nexus 5X is: wifi4|probe:0,1,127,45,191,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:338061b2, vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:00000a0201000040|assoc:0,1,48,45, 221(0050f2,2),191,127,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:339071b2, vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:0000000000000040 Signed-off-by: dgentry@google.com (Denton Gentry) Signed-off-by: denny@geekhold.com (Denton Gentry) Signed-off-by: rofrankel@google.com (Richard Frankel) Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-08-15 06:42:48 +02:00
#ifdef CONFIG_TAXONOMY
struct wpabuf *probe_ie_taxonomy;
struct wpabuf *assoc_ie_taxonomy;
#endif /* CONFIG_TAXONOMY */
FILS: Process FILS Authentication frame (AP) This implements processing of FILS Authentication frame for FILS shared key authentication with ERP and PMKSA caching. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-04 23:04:21 +02:00
#ifdef CONFIG_FILS
u8 fils_snonce[FILS_NONCE_LEN];
u8 fils_session[FILS_SESSION_LEN];
FILS: ERP-based PMKSA cache addition on AP hostapd did not add a new PMKSA cache entry when FILS shared key authentication was used, i.e., only the initial full authentication resulted in a PMKSA cache entry being created. Derive the PMKID for the ERP case as well and add a PMKSA cache entry if the ERP exchange succeeds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-05 16:52:23 +02:00
u8 fils_erp_pmkid[PMKID_LEN];
FILS: DHCP relay for HLP requests The new dhcp_server configuration parameter can now be used to configure hostapd to act as a DHCP relay for DHCPDISCOVER messages received as FILS HLP requests. The dhcp_rapid_commit_proxy=1 parameter can be used to configure hostapd to convert 4 message DHCP exchange into a 2 message exchange in case the DHCP server does not support DHCP rapid commit option. The fils_hlp_wait_time parameter can be used to set the time hostapd waits for an HLP response. This matches the dot11HLPWaitTime in IEEE Std 802.11ai-2016. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-31 13:38:44 +01:00
u8 *fils_pending_assoc_req;
size_t fils_pending_assoc_req_len;
unsigned int fils_pending_assoc_is_reassoc:1;
unsigned int fils_dhcp_rapid_commit_proxy:1;
FILS: ERP-based PMKSA cache addition on AP hostapd did not add a new PMKSA cache entry when FILS shared key authentication was used, i.e., only the initial full authentication resulted in a PMKSA cache entry being created. Derive the PMKID for the ERP case as well and add a PMKSA cache entry if the ERP exchange succeeds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-05 16:52:23 +02:00
unsigned int fils_erp_pmkid_set:1;
FILS: Add HLP support with driver-based AP SME This allows HLP processing to postpone association processing in hostapd_notify_assoc(). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-07-06 12:57:54 +02:00
unsigned int fils_drv_assoc_finish:1;
FILS: DHCP relay for HLP requests The new dhcp_server configuration parameter can now be used to configure hostapd to act as a DHCP relay for DHCPDISCOVER messages received as FILS HLP requests. The dhcp_rapid_commit_proxy=1 parameter can be used to configure hostapd to convert 4 message DHCP exchange into a 2 message exchange in case the DHCP server does not support DHCP rapid commit option. The fils_hlp_wait_time parameter can be used to set the time hostapd waits for an HLP response. This matches the dot11HLPWaitTime in IEEE Std 802.11ai-2016. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-31 13:38:44 +01:00
struct wpabuf *fils_hlp_resp;
struct wpabuf *hlp_dhcp_discover;
FILS: Make handle_auth_fils() re-usable for driver-based AP SME Allow this function to be called from outside ieee802_11.c and with the final steps replaced through a callback function. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-04-21 17:42:00 +02:00
void (*fils_pending_cb)(struct hostapd_data *hapd, struct sta_info *sta,
u16 resp, struct wpabuf *data, int pub);
FILS: Add FILS SK auth PFS support in AP mode This adds an option to configure hostapd to enable use of perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime configuration parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would allow FILS SK PFS to be used with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 21:40:56 +01:00
#ifdef CONFIG_FILS_SK_PFS
struct crypto_ecdh *fils_ecdh;
#endif /* CONFIG_FILS_SK_PFS */
struct wpabuf *fils_dh_ss;
FILS: Fix Key-Auth derivation for SK+PFS for authenticator side The conditional gSTA and gAP (DH public keys) were not previously included in Key-Auth derivation, but they are needed for the PFS case. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-05-07 16:04:08 +02:00
struct wpabuf *fils_g_sta;
FILS: Process FILS Authentication frame (AP) This implements processing of FILS Authentication frame for FILS shared key authentication with ERP and PMKSA caching. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-04 23:04:21 +02:00
#endif /* CONFIG_FILS */
OWE: Process Diffie-Hellman Parameter element in AP mode This adds AP side processing for OWE Diffie-Hellman Parameter element in (Re)Association Request frame and adding it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 00:26:43 +01:00
#ifdef CONFIG_OWE
u8 *owe_pmk;
OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in AP mode This extends OWE support in hostapd to allow DH groups 20 and 21 to be used in addition to the mandatory group 19 (NIST P-256). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 15:37:32 +02:00
size_t owe_pmk_len;
OWE: Process Diffie-Hellman Parameter element in AP mode This adds AP side processing for OWE Diffie-Hellman Parameter element in (Re)Association Request frame and adding it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 00:26:43 +01:00
struct crypto_ecdh *owe_ecdh;
OWE: Support DH groups 20 (NIST P-384) and 21 (NIST P-521) in AP mode This extends OWE support in hostapd to allow DH groups 20 and 21 to be used in addition to the mandatory group 19 (NIST P-256). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-10-08 15:37:32 +02:00
u16 owe_group;
OWE: Process Diffie-Hellman Parameter element in AP mode This adds AP side processing for OWE Diffie-Hellman Parameter element in (Re)Association Request frame and adding it in (Re)Association Response frame. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-03-12 00:26:43 +01:00
#endif /* CONFIG_OWE */
Add testing functionality for resetting PN/IPN for configured keys This can be used to test replay protection. The "RESET_PN" command in wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local counters to zero for the last configured key. For hostapd, the address parameter specifies which STA this operation is for or selects GTK ("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK"). This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-14 12:41:08 +02:00
hostapd: Add extended capabilities into STA command Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-06 17:03:25 +02:00
u8 *ext_capability;
hostapd: Add ctrl iface indications for WDS STA interface This allows user to get event indication when a new interface is added/removed for 4addr WDS STA and also WDS STA ifname is informed through the STA command. Signed-off-by: Bhagavathi Perumal S <bperumal@codeaurora.org>
2018-04-20 11:05:36 +02:00
char *ifname_wds; /* WDS ifname, if in use */
hostapd: Add extended capabilities into STA command Signed-off-by: bhagavathi perumal s <bperumal@qti.qualcomm.com>
2017-10-06 17:03:25 +02:00
DPP2: PFS for PTK derivation Use Diffie-Hellman key exchange to derivate additional material for PMK-to-PTK derivation to get PFS. The Diffie-Hellman Parameter element (defined in OWE RFC 8110) is used in association frames to exchange the DH public keys. For backwards compatibility, ignore missing request/response DH parameter and fall back to no PFS in such cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2019-03-17 22:51:53 +01:00
#ifdef CONFIG_DPP2
struct dpp_pfs *dpp_pfs;
#endif /* CONFIG_DPP2 */
Add testing functionality for resetting PN/IPN for configured keys This can be used to test replay protection. The "RESET_PN" command in wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local counters to zero for the last configured key. For hostapd, the address parameter specifies which STA this operation is for or selects GTK ("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK"). This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-14 12:41:08 +02:00
#ifdef CONFIG_TESTING_OPTIONS
enum wpa_alg last_tk_alg;
int last_tk_key_idx;
u8 last_tk[WPA_TK_MAX_LEN];
size_t last_tk_len;
SAE: A bit optimized sae_confirm_immediate=2 for testing purposes sae_confirm_immediate=2 can now be used in CONFIG_TESTING_OPTIONS=y builds to minimize the latency between SAE Commit and SAE Confirm by postponing transmission of SAE Commit until the SAE Confirm frame is generated. This does not have significant impact, but can get the frames tiny bit closer to each other over the air to increase testing coverage. The only difference between sae_confirm_immediate 1 and 2 is in the former deriving KCK, PMK, PMKID, and CN between transmission of the frames (i.e., a small number of hash operations). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
2020-01-08 19:52:26 +01:00
u8 *sae_postponed_commit;
size_t sae_postponed_commit_len;
Add testing functionality for resetting PN/IPN for configured keys This can be used to test replay protection. The "RESET_PN" command in wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local counters to zero for the last configured key. For hostapd, the address parameter specifies which STA this operation is for or selects GTK ("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK"). This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
2017-10-14 12:41:08 +02:00
#endif /* CONFIG_TESTING_OPTIONS */
hostapd: Add airtime policy configuration support This adds support to hostapd for configuring airtime policy settings for stations as they connect to the access point. This is the userspace component of the airtime policy enforcement system PoliFi described in this paper: https://arxiv.org/abs/1902.03439 The Linux kernel part has been merged into mac80211 for the 5.1 dev cycle. The configuration mechanism has three modes: Static, dynamic and limit. In static mode, weights can be set in the configuration file for individual MAC addresses, which will be applied when the configured stations connect. In dynamic mode, weights are instead set per BSS, which will be scaled by the number of active stations on that BSS, achieving the desired aggregate weighing between the configured BSSes. Limit mode works like dynamic mode, except that any BSS *not* marked as 'limited' is allowed to exceed its configured share if a per-station fairness share would assign more airtime to that BSS. See the paper for details on these modes. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2019-03-20 15:58:52 +01:00
#ifdef CONFIG_AIRTIME_POLICY
unsigned int airtime_weight;
struct os_reltime backlogged_until;
#endif /* CONFIG_AIRTIME_POLICY */
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
};
/* Default value for maximum station inactivity. After AP_MAX_INACTIVITY has
* passed since last received frame from the station, a nullfunc data frame is
* sent to the station. If this frame is not acknowledged and no other frames
* have been received, the station will be disassociated after
Fix typos found by codespell Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-21 23:43:59 +02:00
* AP_DISASSOC_DELAY seconds. Similarly, the station will be deauthenticated
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
* after AP_DEAUTH_DELAY seconds has passed after disassociation. */
#define AP_MAX_INACTIVITY (5 * 60)
Wait longer for inactive client probe (empty data frame) Some devices cannot respond to inactive client probe (empty data frame) within one second. For example, iPhone may take up to 3 secs. This becomes a significant problem when ap_max_inactivity is set to lower value such as 10 secs. iPhone can lose Wi-Fi connection after ~1 min of user inactivity. Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
2015-10-06 15:26:58 +02:00
#define AP_DISASSOC_DELAY (3)
Move STA entry structure into sta_info.h and remove ap.h This cleans up some of the hostapd include file usage and only includes the needed STA flags into driver wrappers.
2009-03-25 15:13:35 +01:00
#define AP_DEAUTH_DELAY (1)
/* Number of seconds to keep STA entry with Authenticated flag after it has
* been disassociated. */
#define AP_MAX_INACTIVITY_AFTER_DISASSOC (1 * 30)
/* Number of seconds to keep STA entry after it has been deauthenticated. */
#define AP_MAX_INACTIVITY_AFTER_DEAUTH (1 * 5)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
int ap_for_each_sta(struct hostapd_data *hapd,
int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
void *ctx),
void *ctx);
struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta);
P2P: Add a command for removing a client from all groups The new control interface command P2P_REMOVE_CLIENT <P2P Device Address|iface=Address> can now be used to remove the specified client from all groups (ongoing and persistent) in which the local device is a GO. This will remove any per-client PSK entries and deauthenticate the device. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 16:37:22 +02:00
struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta);
void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta);
AP: Add Neighbor Discovery snooping mechanism for Proxy ARP This commit establishes the infrastructure, and handles the Neighbor Solicitation and Neighbor Advertisement frames. This will be extended in the future to handle other frames. Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-11-01 07:33:41 +01:00
void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
void hostapd_free_stas(struct hostapd_data *hapd);
void ap_handle_timer(void *eloop_ctx, void *timeout_ctx);
GAS: Replenish AP station session timer to 5 seconds If remaining AP session timeout is less than 5 seconds for an existing station, replenish the timeout to 5 seconds. This allows stations to be able to recycle a dialog token value beyond 5 seconds for GAS exchange. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 22:20:28 +01:00
void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta,
u32 session_timeout);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
u32 session_timeout);
void ap_sta_no_session_timeout(struct hostapd_data *hapd,
struct sta_info *sta);
HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP If the authentication server includes the WFA HS 2.0 Session Info URL AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be transmitted specified warning time prior to session timeout. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-01 23:39:30 +02:00
void ap_sta_session_warning_timeout(struct hostapd_data *hapd,
struct sta_info *sta, int warning_time);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr);
void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
u16 reason);
void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
u16 reason);
Add wps_cancel for hostapd_cli Implement wps_cancel for hostapd similarly to how it was already supported in wpa_supplicant AP mode. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-19 07:23:31 +01:00
#ifdef CONFIG_WPS
int ap_sta_wps_cancel(struct hostapd_data *hapd,
struct sta_info *sta, void *ctx);
#endif /* CONFIG_WPS */
Remove VLAN interface on STA free Currently, vlan_remove_dynamic() is only called when the station VLAN ID is changed (ap_sta_bind_vlan), but not when the station is freed. So dynamic VLAN interfaces are not removed actually except within 1x reauthentification VLAN ID change, although most of the code is already there. This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta(). It cannot just use sta->vlan_id for this, as this might have been changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth fetches from RADIUS cache for WPA-PSK), thus reference counting might not have been updated. Additionally, reference counting might get wrong due to old_vlanid = 0 being passed unconditionally, thus increasing the reference counter multiple times. So tracking the currently assigned (i.e., dynamic_vlan counter increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore, the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and setting the VLAN for the sta in driver happens unconditionally. Additionally, vlan->dynamic_vlan is only incremented when it actually is a dynamic VLAN. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta);
VLAN: Separate station grouping and uplink configuration Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-01-21 14:51:56 +01:00
int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta,
struct vlan_description *vlan_desc);
Renamed Ping procedure into SA Query procedure per 802.11w/D7.0 This commit changes just the name and Action category per D7.0. The retransmit/timeout processing in the AP is not yet updated with the changes in D7.0.
2008-12-26 10:46:21 +01:00
void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta);
void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta);
Updated SA Query procedure to use timeouts per 802.11w/D7.0 The previous max_attempts * timeout is now replaced with two timeouts (one for each retry, the other one for maximum wait).
2008-12-26 11:30:34 +01:00
int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta);
AP: Allow identifying which passphrase station used with wpa_psk_file It is now possible to optionally specify keyid for each wpa_psk_file entry: keyid=something 00:00:00:00:00:00 secretpassphrase When station connects and the passphrase it used has an associated keyid it will be appended to the AP-STA-CONNECTED event string: wlan0: AP-STA-CONNECTED 00:36:76:21:dc:7b keyid=something It's also possible to retrieve it through the control interface: $ hostapd_cli all_sta Selected interface 'ap0' 00:36:76:21:dc:7b ... keyid=something New hostapd is able to read old wpa_psk_file. However, old hostapd will not be able to read the new wpa_psk_file if it includes keyids. Signed-off-by: Michal Kazior <michal@plume.com>
2019-01-16 13:35:19 +01:00
const char * ap_sta_wpa_get_keyid(struct hostapd_data *hapd,
struct sta_info *sta);
Move more driver ops into struct hostapd_driver_ops This removes need to include driver_i.h into ieee802_1x.c.
2009-12-24 19:41:30 +01:00
void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
const u8 *addr, u16 reason);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
AP: Introduce sta authorized wrappers To enable making state change notifications on the WLAN_STA_AUTHORIZED flag, introduce ap_sta_set_authorized(), and to reduce use of the flag itself also add a wrapper for testing the flag: ap_sta_is_authorized(). Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-02-02 15:52:32 +01:00
void ap_sta_set_authorized(struct hostapd_data *hapd,
struct sta_info *sta, int authorized);
static inline int ap_sta_is_authorized(struct sta_info *sta)
{
return sta->flags & WLAN_STA_AUTHORIZED;
}
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta);
void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta);
AP: Fix Deauth/Disassoc TX status timeout handling The ap_sta_deauth_cb and ap_sta_disassoc_cb eloop timeouts are used to clear a disconnecting STA from the kernel driver if the STA did not ACK the Deauthentication/Disassociation frame from the AP within two seconds. However, it was possible for a STA to not ACK such a frame, e.g., when the disconnection happened due to hostapd pruning old associations from other BSSes and the STA was not on the old channel anymore. If that same STA then started a new authentication/association with the BSS, the two second timeout could trigger during this new association and result in the STA entry getting removed from the kernel. Fix this by canceling these eloop timeouts when receiving an indication of a new authentication or association. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-15 18:28:58 +01:00
void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
struct sta_info *sta);
Delay STA entry removal until Deauth/Disassoc TX status in AP mode This allows the driver to use PS buffering of Deauthentication and Disassociation frames when the STA is in power save sleep. The STA entry (and PTK) will be removed from the kernel only after the Deauth/Disassoc has been transmitted (e.g., when the STA wakes up). A hardcoded two second timeout is used to limit the length of this window should the driver fail to deliver the frame (e.g., the STA is out of range and does not wake up). The kernel STA entry is marked unauthorized during the wait to avoid accepting Data frames from the STA that we have decided to disconnect. This behavior is available only with drivers that provide TX status events for Deauth/Disassoc frames (nl80211 at this point). Other drivers continue to use the previous behavior where the STA entry is removed immediately.
2011-08-28 22:07:02 +02:00
hostapd: Make STA flags available through ctrl_iface STA command Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:24:24 +01:00
int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen);
Use eloop timeout for post-EAP-Failure wait before disconnection Previously, os_sleep() was used to block the hostapd (or wpa_supplicant AP/P2P GO mode) processing between sending out EAP-Failure and disconnecting the STA. This is not ideal for couple of reasons: it blocks all other parallel operations in the process and it leaves a window during which the station might deauthenticate and the AP would have no option for reacting to that before forcing out its own Deauthentication frame which could go out after the STA has already started new connection attempt. Improve this design by scheduling an eloop timeout of 10 ms instead of the os_sleep() call and perform the delayed operations from the eloop callback function. This eloop timeout is cancelled if the STA disconnects or initiates a new connection attempt before the 10 ms time is reached. This gets rid of the confusing extra Deauthentication frame in cases where the STA reacts to EAP-Failure by an immediate deauthentication. Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-06 17:12:11 +01:00
void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
struct sta_info *sta);
int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd,
struct sta_info *sta);
FT: Remove and re-add STA entry after FT protocol success with PMF Allow STA entry to be removed and re-added to the driver with PMF is used with FT. Previously, this case resulted in cfg80211 rejecting STA entry update after successful FT protocol use if the association had not been dropped and it could not be dropped for the PMF case in handle_auth(). Signed-off-by: Jouni Malinen <j@w1.fi>
2020-04-04 20:50:37 +02:00
int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta);
hostapd: Make STA flags available through ctrl_iface STA command Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:24:24 +01:00
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#endif /* STA_INFO_H */
Reference in a new issue Copy permalink