hostapd/ieee802_11.c

   1 /*
   2  * hostapd / IEEE 802.11 Management
   3  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  *
   9  * Alternatively, this software may be distributed under the terms of BSD
  10  * license.
  11  *
  12  * See README and COPYING for more details.
  13  */
  14
  15 #include "includes.h"
  16
  17 #ifndef CONFIG_NATIVE_WINDOWS
  18
  19 #include <net/if.h>
  20
  21 #include "common.h"
  22 #include "eloop.h"
  23 #include "crypto/crypto.h"
  24 #include "common/wpa_ctrl.h"
  25 #include "radius/radius.h"
  26 #include "radius/radius_client.h"
  27 #include "hostapd.h"
  28 #include "ieee802_11.h"
  29 #include "beacon.h"
  30 #include "hw_features.h"
  31 #include "ieee802_11_auth.h"
  32 #include "sta_flags.h"
  33 #include "sta_info.h"
  34 #include "ieee802_1x.h"
  35 #include "wpa.h"
  36 #include "wme.h"
  37 #include "ap_list.h"
  38 #include "accounting.h"
  39 #include "driver_i.h"
  40 #include "mlme.h"
  41
  42
  43 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
  44 {
  45         u8 *pos = eid;
  46         int i, num, count;
  47
  48         if (hapd->iface->current_rates == NULL)
  49                 return eid;
  50
  51         *pos++ = WLAN_EID_SUPP_RATES;
  52         num = hapd->iface->num_rates;
  53         if (num > 8) {
  54                 /* rest of the rates are encoded in Extended supported
  55                  * rates element */
  56                 num = 8;
  57         }
  58
  59         *pos++ = num;
  60         count = 0;
  61         for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
  62              i++) {
  63                 count++;
  64                 *pos = hapd->iface->current_rates[i].rate / 5;
  65                 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
  66                         *pos |= 0x80;
  67                 pos++;
  68         }
  69
  70         return pos;
  71 }
  72
  73
  74 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
  75 {
  76         u8 *pos = eid;
  77         int i, num, count;
  78
  79         if (hapd->iface->current_rates == NULL)
  80                 return eid;
  81
  82         num = hapd->iface->num_rates;
  83         if (num <= 8)
  84                 return eid;
  85         num -= 8;
  86
  87         *pos++ = WLAN_EID_EXT_SUPP_RATES;
  88         *pos++ = num;
  89         count = 0;
  90         for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
  91              i++) {
  92                 count++;
  93                 if (count <= 8)
  94                         continue; /* already in SuppRates IE */
  95                 *pos = hapd->iface->current_rates[i].rate / 5;
  96                 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
  97                         *pos |= 0x80;
  98                 pos++;
  99         }
 100
 101         return pos;
 102 }
 103
 104
 105 u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta,
 106                            int probe)
 107 {
 108         int capab = WLAN_CAPABILITY_ESS;
 109         int privacy;
 110
 111         if (hapd->iface->num_sta_no_short_preamble == 0 &&
 112             hapd->iconf->preamble == SHORT_PREAMBLE)
 113                 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
 114
 115         privacy = hapd->conf->ssid.wep.keys_set;
 116
 117         if (hapd->conf->ieee802_1x &&
 118             (hapd->conf->default_wep_key_len ||
 119              hapd->conf->individual_wep_key_len))
 120                 privacy = 1;
 121
 122         if (hapd->conf->wpa)
 123                 privacy = 1;
 124
 125         if (sta) {
 126                 int policy, def_klen;
 127                 if (probe && sta->ssid_probe) {
 128                         policy = sta->ssid_probe->security_policy;
 129                         def_klen = sta->ssid_probe->wep.default_len;
 130                 } else {
 131                         policy = sta->ssid->security_policy;
 132                         def_klen = sta->ssid->wep.default_len;
 133                 }
 134                 privacy = policy != SECURITY_PLAINTEXT;
 135                 if (policy == SECURITY_IEEE_802_1X && def_klen == 0)
 136                         privacy = 0;
 137         }
 138
 139         if (privacy)
 140                 capab |= WLAN_CAPABILITY_PRIVACY;
 141
 142         if (hapd->iface->current_mode &&
 143             hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
 144             hapd->iface->num_sta_no_short_slot_time == 0)
 145                 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
 146
 147         return capab;
 148 }
 149
 150
 151 #ifdef CONFIG_IEEE80211W
 152 static u8 * hostapd_eid_assoc_comeback_time(struct hostapd_data *hapd,
 153                                             struct sta_info *sta, u8 *eid)
 154 {
 155         u8 *pos = eid;
 156         u32 timeout, tu;
 157         struct os_time now, passed;
 158
 159         *pos++ = WLAN_EID_TIMEOUT_INTERVAL;
 160         *pos++ = 5;
 161         *pos++ = WLAN_TIMEOUT_ASSOC_COMEBACK;
 162         os_get_time(&now);
 163         os_time_sub(&now, &sta->sa_query_start, &passed);
 164         tu = (passed.sec * 1000000 + passed.usec) / 1024;
 165         if (hapd->conf->assoc_sa_query_max_timeout > tu)
 166                 timeout = hapd->conf->assoc_sa_query_max_timeout - tu;
 167         else
 168                 timeout = 0;
 169         if (timeout < hapd->conf->assoc_sa_query_max_timeout)
 170                 timeout++; /* add some extra time for local timers */
 171         WPA_PUT_LE32(pos, timeout);
 172         pos += 4;
 173
 174         return pos;
 175 }
 176 #endif /* CONFIG_IEEE80211W */
 177
 178
 179 void ieee802_11_print_ssid(char *buf, const u8 *ssid, u8 len)
 180 {
 181         int i;
 182         if (len > HOSTAPD_MAX_SSID_LEN)
 183                 len = HOSTAPD_MAX_SSID_LEN;
 184         for (i = 0; i < len; i++) {
 185                 if (ssid[i] >= 32 && ssid[i] < 127)
 186                         buf[i] = ssid[i];
 187                 else
 188                         buf[i] = '.';
 189         }
 190         buf[len] = '\0';
 191 }
 192
 193
 194 /**
 195  * ieee802_11_send_deauth - Send Deauthentication frame
 196  * @hapd: hostapd BSS data
 197  * @addr: Address of the destination STA
 198  * @reason: Reason code for Deauthentication
 199  */
 200 void ieee802_11_send_deauth(struct hostapd_data *hapd, u8 *addr, u16 reason)
 201 {
 202         struct ieee80211_mgmt mgmt;
 203
 204         hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
 205                        HOSTAPD_LEVEL_DEBUG,
 206                        "deauthenticate - reason %d", reason);
 207         os_memset(&mgmt, 0, sizeof(mgmt));
 208         mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
 209                                           WLAN_FC_STYPE_DEAUTH);
 210         os_memcpy(mgmt.da, addr, ETH_ALEN);
 211         os_memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN);
 212         os_memcpy(mgmt.bssid, hapd->own_addr, ETH_ALEN);
 213         mgmt.u.deauth.reason_code = host_to_le16(reason);
 214         if (hostapd_send_mgmt_frame(hapd, &mgmt, IEEE80211_HDRLEN +
 215                                     sizeof(mgmt.u.deauth)) < 0)
 216                 perror("ieee802_11_send_deauth: send");
 217 }
 218
 219
 220 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
 221                            u16 auth_transaction, u8 *challenge, int iswep)
 222 {
 223         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 224                        HOSTAPD_LEVEL_DEBUG,
 225                        "authentication (shared key, transaction %d)",
 226                        auth_transaction);
 227
 228         if (auth_transaction == 1) {
 229                 if (!sta->challenge) {
 230                         /* Generate a pseudo-random challenge */
 231                         u8 key[8];
 232                         time_t now;
 233                         int r;
 234                         sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
 235                         if (sta->challenge == NULL)
 236                                 return WLAN_STATUS_UNSPECIFIED_FAILURE;
 237
 238                         now = time(NULL);
 239                         r = random();
 240                         os_memcpy(key, &now, 4);
 241                         os_memcpy(key + 4, &r, 4);
 242                         rc4_skip(key, sizeof(key), 0,
 243                                  sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
 244                 }
 245                 return 0;
 246         }
 247
 248         if (auth_transaction != 3)
 249                 return WLAN_STATUS_UNSPECIFIED_FAILURE;
 250
 251         /* Transaction 3 */
 252         if (!iswep || !sta->challenge || !challenge ||
 253             os_memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) {
 254                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 255                                HOSTAPD_LEVEL_INFO,
 256                                "shared key authentication - invalid "
 257                                "challenge-response");
 258                 return WLAN_STATUS_CHALLENGE_FAIL;
 259         }
 260
 261         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 262                        HOSTAPD_LEVEL_DEBUG,
 263                        "authentication OK (shared key)");
 264 #ifdef IEEE80211_REQUIRE_AUTH_ACK
 265         /* Station will be marked authenticated if it ACKs the
 266          * authentication reply. */
 267 #else
 268         sta->flags |= WLAN_STA_AUTH;
 269         wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
 270 #endif
 271         os_free(sta->challenge);
 272         sta->challenge = NULL;
 273
 274         return 0;
 275 }
 276
 277
 278 static void send_auth_reply(struct hostapd_data *hapd,
 279                             const u8 *dst, const u8 *bssid,
 280                             u16 auth_alg, u16 auth_transaction, u16 resp,
 281                             const u8 *ies, size_t ies_len)
 282 {
 283         struct ieee80211_mgmt *reply;
 284         u8 *buf;
 285         size_t rlen;
 286
 287         rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
 288         buf = os_zalloc(rlen);
 289         if (buf == NULL)
 290                 return;
 291
 292         reply = (struct ieee80211_mgmt *) buf;
 293         reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
 294                                             WLAN_FC_STYPE_AUTH);
 295         os_memcpy(reply->da, dst, ETH_ALEN);
 296         os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
 297         os_memcpy(reply->bssid, bssid, ETH_ALEN);
 298
 299         reply->u.auth.auth_alg = host_to_le16(auth_alg);
 300         reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
 301         reply->u.auth.status_code = host_to_le16(resp);
 302
 303         if (ies && ies_len)
 304                 os_memcpy(reply->u.auth.variable, ies, ies_len);
 305
 306         wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR
 307                    " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)",
 308                    MAC2STR(dst), auth_alg, auth_transaction,
 309                    resp, (unsigned long) ies_len);
 310         if (hostapd_send_mgmt_frame(hapd, reply, rlen) < 0)
 311                 perror("send_auth_reply: send");
 312
 313         os_free(buf);
 314 }
 315
 316
 317 #ifdef CONFIG_IEEE80211R
 318 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
 319                                   u16 auth_transaction, u16 status,
 320                                   const u8 *ies, size_t ies_len)
 321 {
 322         struct hostapd_data *hapd = ctx;
 323         struct sta_info *sta;
 324
 325         send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, auth_transaction,
 326                         status, ies, ies_len);
 327
 328         if (status != WLAN_STATUS_SUCCESS)
 329                 return;
 330
 331         sta = ap_get_sta(hapd, dst);
 332         if (sta == NULL)
 333                 return;
 334
 335         hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
 336                        HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
 337         sta->flags |= WLAN_STA_AUTH;
 338         mlme_authenticate_indication(hapd, sta);
 339 }
 340 #endif /* CONFIG_IEEE80211R */
 341
 342
 343 static void handle_auth(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt,
 344                         size_t len)
 345 {
 346         u16 auth_alg, auth_transaction, status_code;
 347         u16 resp = WLAN_STATUS_SUCCESS;
 348         struct sta_info *sta = NULL;
 349         int res;
 350         u16 fc;
 351         u8 *challenge = NULL;
 352         u32 session_timeout, acct_interim_interval;
 353         int vlan_id = 0;
 354         u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
 355         size_t resp_ies_len = 0;
 356
 357         if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
 358                 printf("handle_auth - too short payload (len=%lu)\n",
 359                        (unsigned long) len);
 360                 return;
 361         }
 362
 363         auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
 364         auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
 365         status_code = le_to_host16(mgmt->u.auth.status_code);
 366         fc = le_to_host16(mgmt->frame_control);
 367
 368         if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
 369             2 + WLAN_AUTH_CHALLENGE_LEN &&
 370             mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
 371             mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
 372                 challenge = &mgmt->u.auth.variable[2];
 373
 374         wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d "
 375                    "auth_transaction=%d status_code=%d wep=%d%s",
 376                    MAC2STR(mgmt->sa), auth_alg, auth_transaction,
 377                    status_code, !!(fc & WLAN_FC_ISWEP),
 378                    challenge ? " challenge" : "");
 379
 380         if (hapd->tkip_countermeasures) {
 381                 resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
 382                 goto fail;
 383         }
 384
 385         if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
 386                auth_alg == WLAN_AUTH_OPEN) ||
 387 #ifdef CONFIG_IEEE80211R
 388               (hapd->conf->wpa &&
 389                (hapd->conf->wpa_key_mgmt &
 390                 (WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK)) &&
 391                auth_alg == WLAN_AUTH_FT) ||
 392 #endif /* CONFIG_IEEE80211R */
 393               ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
 394                auth_alg == WLAN_AUTH_SHARED_KEY))) {
 395                 printf("Unsupported authentication algorithm (%d)\n",
 396                        auth_alg);
 397                 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
 398                 goto fail;
 399         }
 400
 401         if (!(auth_transaction == 1 ||
 402               (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
 403                 printf("Unknown authentication transaction number (%d)\n",
 404                        auth_transaction);
 405                 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
 406                 goto fail;
 407         }
 408
 409         if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
 410                 printf("Station " MACSTR " not allowed to authenticate.\n",
 411                        MAC2STR(mgmt->sa));
 412                 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 413                 goto fail;
 414         }
 415
 416         res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len,
 417                                       &session_timeout,
 418                                       &acct_interim_interval, &vlan_id);
 419         if (res == HOSTAPD_ACL_REJECT) {
 420                 printf("Station " MACSTR " not allowed to authenticate.\n",
 421                        MAC2STR(mgmt->sa));
 422                 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 423                 goto fail;
 424         }
 425         if (res == HOSTAPD_ACL_PENDING) {
 426                 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
 427                            " waiting for an external authentication",
 428                            MAC2STR(mgmt->sa));
 429                 /* Authentication code will re-send the authentication frame
 430                  * after it has received (and cached) information from the
 431                  * external source. */
 432                 return;
 433         }
 434
 435         sta = ap_sta_add(hapd, mgmt->sa);
 436         if (!sta) {
 437                 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 438                 goto fail;
 439         }
 440
 441         if (vlan_id > 0) {
 442                 if (hostapd_get_vlan_id_ifname(hapd->conf->vlan,
 443                                                vlan_id) == NULL) {
 444                         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
 445                                        HOSTAPD_LEVEL_INFO, "Invalid VLAN ID "
 446                                        "%d received from RADIUS server",
 447                                        vlan_id);
 448                         resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 449                         goto fail;
 450                 }
 451                 sta->vlan_id = vlan_id;
 452                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
 453                                HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
 454         }
 455
 456         sta->flags &= ~WLAN_STA_PREAUTH;
 457         ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
 458
 459         if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval)
 460                 sta->acct_interim_interval = acct_interim_interval;
 461         if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT)
 462                 ap_sta_session_timeout(hapd, sta, session_timeout);
 463         else
 464                 ap_sta_no_session_timeout(hapd, sta);
 465
 466         switch (auth_alg) {
 467         case WLAN_AUTH_OPEN:
 468                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 469                                HOSTAPD_LEVEL_DEBUG,
 470                                "authentication OK (open system)");
 471 #ifdef IEEE80211_REQUIRE_AUTH_ACK
 472                 /* Station will be marked authenticated if it ACKs the
 473                  * authentication reply. */
 474 #else
 475                 sta->flags |= WLAN_STA_AUTH;
 476                 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
 477                 sta->auth_alg = WLAN_AUTH_OPEN;
 478                 mlme_authenticate_indication(hapd, sta);
 479 #endif
 480                 break;
 481         case WLAN_AUTH_SHARED_KEY:
 482                 resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
 483                                        fc & WLAN_FC_ISWEP);
 484                 sta->auth_alg = WLAN_AUTH_SHARED_KEY;
 485                 mlme_authenticate_indication(hapd, sta);
 486                 if (sta->challenge && auth_transaction == 1) {
 487                         resp_ies[0] = WLAN_EID_CHALLENGE;
 488                         resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN;
 489                         os_memcpy(resp_ies + 2, sta->challenge,
 490                                   WLAN_AUTH_CHALLENGE_LEN);
 491                         resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
 492                 }
 493                 break;
 494 #ifdef CONFIG_IEEE80211R
 495         case WLAN_AUTH_FT:
 496                 sta->auth_alg = WLAN_AUTH_FT;
 497                 if (sta->wpa_sm == NULL)
 498                         sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
 499                                                         sta->addr);
 500                 if (sta->wpa_sm == NULL) {
 501                         wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
 502                                    "state machine");
 503                         resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 504                         goto fail;
 505                 }
 506                 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid,
 507                                     auth_transaction, mgmt->u.auth.variable,
 508                                     len - IEEE80211_HDRLEN -
 509                                     sizeof(mgmt->u.auth),
 510                                     handle_auth_ft_finish, hapd);
 511                 /* handle_auth_ft_finish() callback will complete auth. */
 512                 return;
 513 #endif /* CONFIG_IEEE80211R */
 514         }
 515
 516  fail:
 517         send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg,
 518                         auth_transaction + 1, resp, resp_ies, resp_ies_len);
 519 }
 520
 521
 522 static int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
 523 {
 524         int i, j = 32, aid;
 525
 526         /* get a unique AID */
 527         if (sta->aid > 0) {
 528                 wpa_printf(MSG_DEBUG, "  old AID %d", sta->aid);
 529                 return 0;
 530         }
 531
 532         for (i = 0; i < AID_WORDS; i++) {
 533                 if (hapd->sta_aid[i] == (u32) -1)
 534                         continue;
 535                 for (j = 0; j < 32; j++) {
 536                         if (!(hapd->sta_aid[i] & BIT(j)))
 537                                 break;
 538                 }
 539                 if (j < 32)
 540                         break;
 541         }
 542         if (j == 32)
 543                 return -1;
 544         aid = i * 32 + j + 1;
 545         if (aid > 2007)
 546                 return -1;
 547
 548         sta->aid = aid;
 549         hapd->sta_aid[i] |= BIT(j);
 550         wpa_printf(MSG_DEBUG, "  new AID %d", sta->aid);
 551         return 0;
 552 }
 553
 554
 555 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta,
 556                       const u8 *ssid_ie, size_t ssid_ie_len)
 557 {
 558         if (ssid_ie == NULL)
 559                 return WLAN_STATUS_UNSPECIFIED_FAILURE;
 560
 561         if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
 562             os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
 563                 char ssid_txt[33];
 564                 ieee802_11_print_ssid(ssid_txt, ssid_ie, ssid_ie_len);
 565                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 566                                HOSTAPD_LEVEL_INFO,
 567                                "Station tried to associate with unknown SSID "
 568                                "'%s'", ssid_txt);
 569                 return WLAN_STATUS_UNSPECIFIED_FAILURE;
 570         }
 571
 572         return WLAN_STATUS_SUCCESS;
 573 }
 574
 575
 576 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta,
 577                      const u8 *wmm_ie, size_t wmm_ie_len)
 578 {
 579         sta->flags &= ~WLAN_STA_WMM;
 580         if (wmm_ie && hapd->conf->wmm_enabled) {
 581                 if (hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len))
 582                         hostapd_logger(hapd, sta->addr,
 583                                        HOSTAPD_MODULE_WPA,
 584                                        HOSTAPD_LEVEL_DEBUG,
 585                                        "invalid WMM element in association "
 586                                        "request");
 587                 else
 588                         sta->flags |= WLAN_STA_WMM;
 589         }
 590         return WLAN_STATUS_SUCCESS;
 591 }
 592
 593
 594 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
 595                            struct ieee802_11_elems *elems)
 596 {
 597         if (!elems->supp_rates) {
 598                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 599                                HOSTAPD_LEVEL_DEBUG,
 600                                "No supported rates element in AssocReq");
 601                 return WLAN_STATUS_UNSPECIFIED_FAILURE;
 602         }
 603
 604         if (elems->supp_rates_len > sizeof(sta->supported_rates)) {
 605                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 606                                HOSTAPD_LEVEL_DEBUG,
 607                                "Invalid supported rates element length %d",
 608                                elems->supp_rates_len);
 609                 return WLAN_STATUS_UNSPECIFIED_FAILURE;
 610         }
 611
 612         os_memset(sta->supported_rates, 0, sizeof(sta->supported_rates));
 613         os_memcpy(sta->supported_rates, elems->supp_rates,
 614                   elems->supp_rates_len);
 615         sta->supported_rates_len = elems->supp_rates_len;
 616
 617         if (elems->ext_supp_rates) {
 618                 if (elems->supp_rates_len + elems->ext_supp_rates_len >
 619                     sizeof(sta->supported_rates)) {
 620                         hostapd_logger(hapd, sta->addr,
 621                                        HOSTAPD_MODULE_IEEE80211,
 622                                        HOSTAPD_LEVEL_DEBUG,
 623                                        "Invalid supported rates element length"
 624                                        " %d+%d", elems->supp_rates_len,
 625                                        elems->ext_supp_rates_len);
 626                         return WLAN_STATUS_UNSPECIFIED_FAILURE;
 627                 }
 628
 629                 os_memcpy(sta->supported_rates + elems->supp_rates_len,
 630                           elems->ext_supp_rates, elems->ext_supp_rates_len);
 631                 sta->supported_rates_len += elems->ext_supp_rates_len;
 632         }
 633
 634         return WLAN_STATUS_SUCCESS;
 635 }
 636
 637
 638 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
 639                            u8 *ies, size_t ies_len, int reassoc)
 640 {
 641         struct ieee802_11_elems elems;
 642         u16 resp;
 643         u8 *wpa_ie;
 644         size_t wpa_ie_len;
 645
 646         if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
 647                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 648                                HOSTAPD_LEVEL_INFO, "Station sent an invalid "
 649                                "association request");
 650                 return WLAN_STATUS_UNSPECIFIED_FAILURE;
 651         }
 652
 653         resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len);
 654         if (resp != WLAN_STATUS_SUCCESS)
 655                 return resp;
 656         resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len);
 657         if (resp != WLAN_STATUS_SUCCESS)
 658                 return resp;
 659         resp = copy_supp_rates(hapd, sta, &elems);
 660         if (resp != WLAN_STATUS_SUCCESS)
 661                 return resp;
 662 #ifdef CONFIG_IEEE80211N
 663         resp = copy_sta_ht_capab(sta, elems.ht_capabilities,
 664                                  elems.ht_capabilities_len);
 665         if (resp != WLAN_STATUS_SUCCESS)
 666                 return resp;
 667 #endif /* CONFIG_IEEE80211N */
 668
 669         if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) {
 670                 wpa_ie = elems.rsn_ie;
 671                 wpa_ie_len = elems.rsn_ie_len;
 672         } else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
 673                    elems.wpa_ie) {
 674                 wpa_ie = elems.wpa_ie;
 675                 wpa_ie_len = elems.wpa_ie_len;
 676         } else {
 677                 wpa_ie = NULL;
 678                 wpa_ie_len = 0;
 679         }
 680
 681 #ifdef CONFIG_WPS
 682         sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS);
 683         if (hapd->conf->wps_state && wpa_ie == NULL) {
 684                 if (elems.wps_ie) {
 685                         wpa_printf(MSG_DEBUG, "STA included WPS IE in "
 686                                    "(Re)Association Request - assume WPS is "
 687                                    "used");
 688                         sta->flags |= WLAN_STA_WPS;
 689                         wpabuf_free(sta->wps_ie);
 690                         sta->wps_ie = wpabuf_alloc_copy(elems.wps_ie + 4,
 691                                                         elems.wps_ie_len - 4);
 692                 } else {
 693                         wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE "
 694                                    "in (Re)Association Request - possible WPS "
 695                                    "use");
 696                         sta->flags |= WLAN_STA_MAYBE_WPS;
 697                 }
 698         } else
 699 #endif /* CONFIG_WPS */
 700         if (hapd->conf->wpa && wpa_ie == NULL) {
 701                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
 702                                HOSTAPD_LEVEL_INFO,
 703                                "No WPA/RSN IE in association request");
 704                 return WLAN_STATUS_INVALID_IE;
 705         }
 706
 707         if (hapd->conf->wpa && wpa_ie) {
 708                 int res;
 709                 wpa_ie -= 2;
 710                 wpa_ie_len += 2;
 711                 if (sta->wpa_sm == NULL)
 712                         sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
 713                                                         sta->addr);
 714                 if (sta->wpa_sm == NULL) {
 715                         wpa_printf(MSG_WARNING, "Failed to initialize WPA "
 716                                    "state machine");
 717                         return WLAN_STATUS_UNSPECIFIED_FAILURE;
 718                 }
 719                 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
 720                                           wpa_ie, wpa_ie_len,
 721                                           elems.mdie, elems.mdie_len);
 722                 if (res == WPA_INVALID_GROUP)
 723                         resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
 724                 else if (res == WPA_INVALID_PAIRWISE)
 725                         resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
 726                 else if (res == WPA_INVALID_AKMP)
 727                         resp = WLAN_STATUS_AKMP_NOT_VALID;
 728                 else if (res == WPA_ALLOC_FAIL)
 729                         resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
 730 #ifdef CONFIG_IEEE80211W
 731                 else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
 732                         resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
 733                 else if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
 734                         resp = WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
 735 #endif /* CONFIG_IEEE80211W */
 736                 else if (res == WPA_INVALID_MDIE)
 737                         resp = WLAN_STATUS_INVALID_MDIE;
 738                 else if (res != WPA_IE_OK)
 739                         resp = WLAN_STATUS_INVALID_IE;
 740                 if (resp != WLAN_STATUS_SUCCESS)
 741                         return resp;
 742 #ifdef CONFIG_IEEE80211W
 743                 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
 744                     sta->sa_query_count > 0)
 745                         ap_check_sa_query_timeout(hapd, sta);
 746                 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
 747                     (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
 748                         /*
 749                          * STA has already been associated with MFP and SA
 750                          * Query timeout has not been reached. Reject the
 751                          * association attempt temporarily and start SA Query,
 752                          * if one is not pending.
 753                          */
 754
 755                         if (sta->sa_query_count == 0)
 756                                 ap_sta_start_sa_query(hapd, sta);
 757
 758                         return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
 759                 }
 760
 761                 if (wpa_auth_uses_mfp(sta->wpa_sm))
 762                         sta->flags |= WLAN_STA_MFP;
 763                 else
 764                         sta->flags &= ~WLAN_STA_MFP;
 765 #endif /* CONFIG_IEEE80211W */
 766
 767 #ifdef CONFIG_IEEE80211R
 768                 if (sta->auth_alg == WLAN_AUTH_FT) {
 769                         if (!reassoc) {
 770                                 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried "
 771                                            "to use association (not "
 772                                            "re-association) with FT auth_alg",
 773                                            MAC2STR(sta->addr));
 774                                 return WLAN_STATUS_UNSPECIFIED_FAILURE;
 775                         }
 776
 777                         resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies,
 778                                                        ies_len);
 779                         if (resp != WLAN_STATUS_SUCCESS)
 780                                 return resp;
 781                 }
 782 #endif /* CONFIG_IEEE80211R */
 783
 784 #ifdef CONFIG_IEEE80211N
 785                 if ((sta->flags & WLAN_STA_HT) &&
 786                     wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
 787                         hostapd_logger(hapd, sta->addr,
 788                                        HOSTAPD_MODULE_IEEE80211,
 789                                        HOSTAPD_LEVEL_INFO,
 790                                        "Station tried to use TKIP with HT "
 791                                        "association");
 792                         return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
 793                 }
 794 #endif /* CONFIG_IEEE80211N */
 795         } else
 796                 wpa_auth_sta_no_wpa(sta->wpa_sm);
 797
 798         return WLAN_STATUS_SUCCESS;
 799 }
 800
 801
 802 static void send_deauth(struct hostapd_data *hapd, const u8 *addr,
 803                         u16 reason_code)
 804 {
 805         int send_len;
 806         struct ieee80211_mgmt reply;
 807
 808         os_memset(&reply, 0, sizeof(reply));
 809         reply.frame_control =
 810                 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH);
 811         os_memcpy(reply.da, addr, ETH_ALEN);
 812         os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN);
 813         os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN);
 814
 815         send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth);
 816         reply.u.deauth.reason_code = host_to_le16(reason_code);
 817
 818         if (hostapd_send_mgmt_frame(hapd, &reply, send_len) < 0)
 819                 wpa_printf(MSG_INFO, "Failed to send deauth: %s",
 820                            strerror(errno));
 821 }
 822
 823
 824 static void send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
 825                             u16 status_code, int reassoc, u8 *ies,
 826                             size_t ies_len)
 827 {
 828         int send_len;
 829         u8 buf[sizeof(struct ieee80211_mgmt) + 1024];
 830         struct ieee80211_mgmt *reply;
 831         u8 *p;
 832
 833         os_memset(buf, 0, sizeof(buf));
 834         reply = (struct ieee80211_mgmt *) buf;
 835         reply->frame_control =
 836                 IEEE80211_FC(WLAN_FC_TYPE_MGMT,
 837                              (reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
 838                               WLAN_FC_STYPE_ASSOC_RESP));
 839         os_memcpy(reply->da, sta->addr, ETH_ALEN);
 840         os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
 841         os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN);
 842
 843         send_len = IEEE80211_HDRLEN;
 844         send_len += sizeof(reply->u.assoc_resp);
 845         reply->u.assoc_resp.capab_info =
 846                 host_to_le16(hostapd_own_capab_info(hapd, sta, 0));
 847         reply->u.assoc_resp.status_code = host_to_le16(status_code);
 848         reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0)
 849                                                | BIT(14) | BIT(15));
 850         /* Supported rates */
 851         p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
 852         /* Extended supported rates */
 853         p = hostapd_eid_ext_supp_rates(hapd, p);
 854         if (sta->flags & WLAN_STA_WMM)
 855                 p = hostapd_eid_wmm(hapd, p);
 856
 857 #ifdef CONFIG_IEEE80211N
 858         p = hostapd_eid_ht_capabilities(hapd, p);
 859         p = hostapd_eid_ht_operation(hapd, p);
 860 #endif /* CONFIG_IEEE80211N */
 861
 862 #ifdef CONFIG_IEEE80211R
 863         if (status_code == WLAN_STATUS_SUCCESS) {
 864                 /* IEEE 802.11r: Mobility Domain Information, Fast BSS
 865                  * Transition Information, RSN, [RIC Response] */
 866                 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
 867                                                 buf + sizeof(buf) - p,
 868                                                 sta->auth_alg, ies, ies_len);
 869         }
 870 #endif /* CONFIG_IEEE80211R */
 871
 872 #ifdef CONFIG_IEEE80211W
 873         if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY)
 874                 p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
 875 #endif /* CONFIG_IEEE80211W */
 876
 877         send_len += p - reply->u.assoc_resp.variable;
 878
 879         if (hostapd_send_mgmt_frame(hapd, reply, send_len) < 0)
 880                 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",
 881                            strerror(errno));
 882 }
 883
 884
 885 static void handle_assoc(struct hostapd_data *hapd,
 886                          struct ieee80211_mgmt *mgmt, size_t len, int reassoc)
 887 {
 888         u16 capab_info, listen_interval;
 889         u16 resp = WLAN_STATUS_SUCCESS;
 890         u8 *pos;
 891         int left, i;
 892         struct sta_info *sta;
 893
 894         if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
 895                                       sizeof(mgmt->u.assoc_req))) {
 896                 printf("handle_assoc(reassoc=%d) - too short payload (len=%lu)"
 897                        "\n", reassoc, (unsigned long) len);
 898                 return;
 899         }
 900
 901         if (reassoc) {
 902                 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
 903                 listen_interval = le_to_host16(
 904                         mgmt->u.reassoc_req.listen_interval);
 905                 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR
 906                            " capab_info=0x%02x listen_interval=%d current_ap="
 907                            MACSTR,
 908                            MAC2STR(mgmt->sa), capab_info, listen_interval,
 909                            MAC2STR(mgmt->u.reassoc_req.current_ap));
 910                 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
 911                 pos = mgmt->u.reassoc_req.variable;
 912         } else {
 913                 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
 914                 listen_interval = le_to_host16(
 915                         mgmt->u.assoc_req.listen_interval);
 916                 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR
 917                            " capab_info=0x%02x listen_interval=%d",
 918                            MAC2STR(mgmt->sa), capab_info, listen_interval);
 919                 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
 920                 pos = mgmt->u.assoc_req.variable;
 921         }
 922
 923         sta = ap_get_sta(hapd, mgmt->sa);
 924 #ifdef CONFIG_IEEE80211R
 925         if (sta && sta->auth_alg == WLAN_AUTH_FT &&
 926             (sta->flags & WLAN_STA_AUTH) == 0) {
 927                 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate "
 928                            "prior to authentication since it is using "
 929                            "over-the-DS FT", MAC2STR(mgmt->sa));
 930         } else
 931 #endif /* CONFIG_IEEE80211R */
 932         if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
 933                 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
 934                                HOSTAPD_LEVEL_INFO, "Station tried to "
 935                                "associate before authentication "
 936                                "(aid=%d flags=0x%x)",
 937                                sta ? sta->aid : -1,
 938                                sta ? sta->flags : 0);
 939                 send_deauth(hapd, mgmt->sa,
 940                             WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
 941                 return;
 942         }
 943
 944         if (hapd->tkip_countermeasures) {
 945                 resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
 946                 goto fail;
 947         }
 948
 949         if (listen_interval > hapd->conf->max_listen_interval) {
 950                 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
 951                                HOSTAPD_LEVEL_DEBUG,
 952                                "Too large Listen Interval (%d)",
 953                                listen_interval);
 954                 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE;
 955                 goto fail;
 956         }
 957
 958         /* followed by SSID and Supported rates; and HT capabilities if 802.11n
 959          * is used */
 960         resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
 961         if (resp != WLAN_STATUS_SUCCESS)
 962                 goto fail;
 963
 964         if (hostapd_get_aid(hapd, sta) < 0) {
 965                 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
 966                                HOSTAPD_LEVEL_INFO, "No room for more AIDs");
 967                 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
 968                 goto fail;
 969         }
 970
 971         sta->capability = capab_info;
 972         sta->listen_interval = listen_interval;
 973
 974         if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
 975                 sta->flags |= WLAN_STA_NONERP;
 976         for (i = 0; i < sta->supported_rates_len; i++) {
 977                 if ((sta->supported_rates[i] & 0x7f) > 22) {
 978                         sta->flags &= ~WLAN_STA_NONERP;
 979                         break;
 980                 }
 981         }
 982         if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
 983                 sta->nonerp_set = 1;
 984                 hapd->iface->num_sta_non_erp++;
 985                 if (hapd->iface->num_sta_non_erp == 1)
 986                         ieee802_11_set_beacons(hapd->iface);
 987         }
 988
 989         if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
 990             !sta->no_short_slot_time_set) {
 991                 sta->no_short_slot_time_set = 1;
 992                 hapd->iface->num_sta_no_short_slot_time++;
 993                 if (hapd->iface->current_mode->mode ==
 994                     HOSTAPD_MODE_IEEE80211G &&
 995                     hapd->iface->num_sta_no_short_slot_time == 1)
 996                         ieee802_11_set_beacons(hapd->iface);
 997         }
 998
 999         if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
1000                 sta->flags |= WLAN_STA_SHORT_PREAMBLE;
1001         else
1002                 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
1003
1004         if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
1005             !sta->no_short_preamble_set) {
1006                 sta->no_short_preamble_set = 1;
1007                 hapd->iface->num_sta_no_short_preamble++;
1008                 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
1009                     && hapd->iface->num_sta_no_short_preamble == 1)
1010                         ieee802_11_set_beacons(hapd->iface);
1011         }
1012
1013 #ifdef CONFIG_IEEE80211N
1014         update_ht_state(hapd, sta);
1015 #endif /* CONFIG_IEEE80211N */
1016
1017         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1018                        HOSTAPD_LEVEL_DEBUG,
1019                        "association OK (aid %d)", sta->aid);
1020         /* Station will be marked associated, after it acknowledges AssocResp
1021          */
1022
1023 #ifdef CONFIG_IEEE80211W
1024         if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
1025                 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out "
1026                            "SA Query procedure", reassoc ? "re" : "");
1027                 /* TODO: Send a protected Disassociate frame to the STA using
1028                  * the old key and Reason Code "Previous Authentication no
1029                  * longer valid". Make sure this is only sent protected since
1030                  * unprotected frame would be received by the STA that is now
1031                  * trying to associate.
1032                  */
1033         }
1034 #endif /* CONFIG_IEEE80211W */
1035
1036         if (reassoc) {
1037                 os_memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap,
1038                           ETH_ALEN);
1039         }
1040
1041         if (sta->last_assoc_req)
1042                 os_free(sta->last_assoc_req);
1043         sta->last_assoc_req = os_malloc(len);
1044         if (sta->last_assoc_req)
1045                 os_memcpy(sta->last_assoc_req, mgmt, len);
1046
1047         /* Make sure that the previously registered inactivity timer will not
1048          * remove the STA immediately. */
1049         sta->timeout_next = STA_NULLFUNC;
1050
1051  fail:
1052         send_assoc_resp(hapd, sta, resp, reassoc, pos, left);
1053 }
1054
1055
1056 static void handle_disassoc(struct hostapd_data *hapd,
1057                             struct ieee80211_mgmt *mgmt, size_t len)
1058 {
1059         struct sta_info *sta;
1060
1061         if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
1062                 printf("handle_disassoc - too short payload (len=%lu)\n",
1063                        (unsigned long) len);
1064                 return;
1065         }
1066
1067         wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
1068                    MAC2STR(mgmt->sa),
1069                    le_to_host16(mgmt->u.disassoc.reason_code));
1070
1071         sta = ap_get_sta(hapd, mgmt->sa);
1072         if (sta == NULL) {
1073                 printf("Station " MACSTR " trying to disassociate, but it "
1074                        "is not associated.\n", MAC2STR(mgmt->sa));
1075                 return;
1076         }
1077
1078         sta->flags &= ~WLAN_STA_ASSOC;
1079         wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED MACSTR,
1080                 MAC2STR(sta->addr));
1081         wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
1082         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1083                        HOSTAPD_LEVEL_INFO, "disassociated");
1084         sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
1085         ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
1086         /* Stop Accounting and IEEE 802.1X sessions, but leave the STA
1087          * authenticated. */
1088         accounting_sta_stop(hapd, sta);
1089         ieee802_1x_free_station(sta);
1090         hostapd_sta_remove(hapd, sta->addr);
1091
1092         if (sta->timeout_next == STA_NULLFUNC ||
1093             sta->timeout_next == STA_DISASSOC) {
1094                 sta->timeout_next = STA_DEAUTH;
1095                 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
1096                 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
1097                                        hapd, sta);
1098         }
1099
1100         mlme_disassociate_indication(
1101                 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
1102 }
1103
1104
1105 static void handle_deauth(struct hostapd_data *hapd,
1106                           struct ieee80211_mgmt *mgmt, size_t len)
1107 {
1108         struct sta_info *sta;
1109
1110         if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
1111                 printf("handle_deauth - too short payload (len=%lu)\n",
1112                        (unsigned long) len);
1113                 return;
1114         }
1115
1116         wpa_printf(MSG_DEBUG, "deauthentication: STA=" MACSTR
1117                    " reason_code=%d",
1118                    MAC2STR(mgmt->sa),
1119                    le_to_host16(mgmt->u.deauth.reason_code));
1120
1121         sta = ap_get_sta(hapd, mgmt->sa);
1122         if (sta == NULL) {
1123                 printf("Station " MACSTR " trying to deauthenticate, but it "
1124                        "is not authenticated.\n", MAC2STR(mgmt->sa));
1125                 return;
1126         }
1127
1128         sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1129         wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED MACSTR,
1130                 MAC2STR(sta->addr));
1131         wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
1132         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1133                        HOSTAPD_LEVEL_DEBUG, "deauthenticated");
1134         mlme_deauthenticate_indication(
1135                 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
1136         sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
1137         ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
1138         ap_free_sta(hapd, sta);
1139 }
1140
1141
1142 static void handle_beacon(struct hostapd_data *hapd,
1143                           struct ieee80211_mgmt *mgmt, size_t len,
1144                           struct hostapd_frame_info *fi)
1145 {
1146         struct ieee802_11_elems elems;
1147
1148         if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
1149                 printf("handle_beacon - too short payload (len=%lu)\n",
1150                        (unsigned long) len);
1151                 return;
1152         }
1153
1154         (void) ieee802_11_parse_elems(mgmt->u.beacon.variable,
1155                                       len - (IEEE80211_HDRLEN +
1156                                              sizeof(mgmt->u.beacon)), &elems,
1157                                       0);
1158
1159         ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
1160 }
1161
1162
1163 #ifdef CONFIG_IEEE80211W
1164
1165 /* MLME-SAQuery.request */
1166 void ieee802_11_send_sa_query_req(struct hostapd_data *hapd,
1167                                   const u8 *addr, const u8 *trans_id)
1168 {
1169         struct ieee80211_mgmt mgmt;
1170         u8 *end;
1171
1172         wpa_printf(MSG_DEBUG, "IEEE 802.11: Sending SA Query Request to "
1173                    MACSTR, MAC2STR(addr));
1174         wpa_hexdump(MSG_DEBUG, "IEEE 802.11: SA Query Transaction ID",
1175                     trans_id, WLAN_SA_QUERY_TR_ID_LEN);
1176
1177         os_memset(&mgmt, 0, sizeof(mgmt));
1178         mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
1179                                           WLAN_FC_STYPE_ACTION);
1180         os_memcpy(mgmt.da, addr, ETH_ALEN);
1181         os_memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN);
1182         os_memcpy(mgmt.bssid, hapd->own_addr, ETH_ALEN);
1183         mgmt.u.action.category = WLAN_ACTION_SA_QUERY;
1184         mgmt.u.action.u.sa_query_req.action = WLAN_SA_QUERY_REQUEST;
1185         os_memcpy(mgmt.u.action.u.sa_query_req.trans_id, trans_id,
1186                   WLAN_SA_QUERY_TR_ID_LEN);
1187         end = mgmt.u.action.u.sa_query_req.trans_id + WLAN_SA_QUERY_TR_ID_LEN;
1188         if (hostapd_send_mgmt_frame(hapd, &mgmt, end - (u8 *) &mgmt) < 0)
1189                 perror("ieee802_11_send_sa_query_req: send");
1190 }
1191
1192
1193 static void hostapd_sa_query_action(struct hostapd_data *hapd,
1194                                     struct ieee80211_mgmt *mgmt, size_t len)
1195 {
1196         struct sta_info *sta;
1197         u8 *end;
1198         int i;
1199
1200         end = mgmt->u.action.u.sa_query_resp.trans_id +
1201                 WLAN_SA_QUERY_TR_ID_LEN;
1202         if (((u8 *) mgmt) + len < end) {
1203                 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action "
1204                            "frame (len=%lu)", (unsigned long) len);
1205                 return;
1206         }
1207
1208         if (mgmt->u.action.u.sa_query_resp.action != WLAN_SA_QUERY_RESPONSE) {
1209                 wpa_printf(MSG_DEBUG, "IEEE 802.11: Unexpected SA Query "
1210                            "Action %d", mgmt->u.action.u.sa_query_resp.action);
1211                 return;
1212         }
1213
1214         wpa_printf(MSG_DEBUG, "IEEE 802.11: Received SA Query Response from "
1215                    MACSTR, MAC2STR(mgmt->sa));
1216         wpa_hexdump(MSG_DEBUG, "IEEE 802.11: SA Query Transaction ID",
1217                     mgmt->u.action.u.sa_query_resp.trans_id,
1218                     WLAN_SA_QUERY_TR_ID_LEN);
1219
1220         /* MLME-SAQuery.confirm */
1221
1222         sta = ap_get_sta(hapd, mgmt->sa);
1223         if (sta == NULL || sta->sa_query_trans_id == NULL) {
1224                 wpa_printf(MSG_DEBUG, "IEEE 802.11: No matching STA with "
1225                            "pending SA Query request found");
1226                 return;
1227         }
1228
1229         for (i = 0; i < sta->sa_query_count; i++) {
1230                 if (os_memcmp(sta->sa_query_trans_id +
1231                               i * WLAN_SA_QUERY_TR_ID_LEN,
1232                               mgmt->u.action.u.sa_query_resp.trans_id,
1233                               WLAN_SA_QUERY_TR_ID_LEN) == 0)
1234                         break;
1235         }
1236
1237         if (i >= sta->sa_query_count) {
1238                 wpa_printf(MSG_DEBUG, "IEEE 802.11: No matching SA Query "
1239                            "transaction identifier found");
1240                 return;
1241         }
1242
1243         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1244                        HOSTAPD_LEVEL_DEBUG,
1245                        "Reply to pending SA Query received");
1246         ap_sta_stop_sa_query(hapd, sta);
1247 }
1248
1249
1250 static int robust_action_frame(u8 category)
1251 {
1252         return category != WLAN_ACTION_PUBLIC &&
1253                 category != WLAN_ACTION_HT;
1254 }
1255 #endif /* CONFIG_IEEE80211W */
1256
1257
1258 static void handle_action(struct hostapd_data *hapd,
1259                           struct ieee80211_mgmt *mgmt, size_t len)
1260 {
1261         struct sta_info *sta;
1262
1263         if (len < IEEE80211_HDRLEN + 1) {
1264                 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
1265                                HOSTAPD_LEVEL_DEBUG,
1266                                "handle_action - too short payload (len=%lu)",
1267                                (unsigned long) len);
1268                 return;
1269         }
1270
1271         sta = ap_get_sta(hapd, mgmt->sa);
1272 #ifdef CONFIG_IEEE80211W
1273         if (sta && (sta->flags & WLAN_STA_MFP) &&
1274             !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP) &&
1275               robust_action_frame(mgmt->u.action.category))) {
1276                 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
1277                                HOSTAPD_LEVEL_DEBUG,
1278                                "Dropped unprotected Robust Action frame from "
1279                                "an MFP STA");
1280                 return;
1281         }
1282 #endif /* CONFIG_IEEE80211W */
1283
1284         switch (mgmt->u.action.category) {
1285 #ifdef CONFIG_IEEE80211R
1286         case WLAN_ACTION_FT:
1287         {
1288                 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
1289                         wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored FT Action "
1290                                    "frame from unassociated STA " MACSTR,
1291                                    MAC2STR(mgmt->sa));
1292                         return;
1293                 }
1294
1295                 if (wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
1296                                      len - IEEE80211_HDRLEN))
1297                         break;
1298
1299                 return;
1300         }
1301 #endif /* CONFIG_IEEE80211R */
1302         case WLAN_ACTION_WMM:
1303                 hostapd_wmm_action(hapd, mgmt, len);
1304                 return;
1305 #ifdef CONFIG_IEEE80211W
1306         case WLAN_ACTION_SA_QUERY:
1307                 hostapd_sa_query_action(hapd, mgmt, len);
1308                 return;
1309 #endif /* CONFIG_IEEE80211W */
1310         }
1311
1312         hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
1313                        HOSTAPD_LEVEL_DEBUG,
1314                        "handle_action - unknown action category %d or invalid "
1315                        "frame",
1316                        mgmt->u.action.category);
1317         if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) &&
1318             !(mgmt->sa[0] & 0x01)) {
1319                 /*
1320                  * IEEE 802.11-REVma/D9.0 - 7.3.1.11
1321                  * Return the Action frame to the source without change
1322                  * except that MSB of the Category set to 1.
1323                  */
1324                 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action "
1325                            "frame back to sender");
1326                 os_memcpy(mgmt->da, mgmt->sa, ETH_ALEN);
1327                 os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
1328                 os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
1329                 mgmt->u.action.category |= 0x80;
1330
1331                 hostapd_send_mgmt_frame(hapd, mgmt, len);
1332         }
1333 }
1334
1335
1336 /**
1337  * ieee802_11_mgmt - process incoming IEEE 802.11 management frames
1338  * @hapd: hostapd BSS data structure (the BSS to which the management frame was
1339  * sent to)
1340  * @buf: management frame data (starting from IEEE 802.11 header)
1341  * @len: length of frame data in octets
1342  * @stype: management frame subtype from frame control field
1343  * @fi: meta data about received frame (signal level, etc.)
1344  *
1345  * Process all incoming IEEE 802.11 management frames. This will be called for
1346  * each frame received from the kernel driver through wlan#ap interface. In
1347  * addition, it can be called to re-inserted pending frames (e.g., when using
1348  * external RADIUS server as an MAC ACL).
1349  */
1350 void ieee802_11_mgmt(struct hostapd_data *hapd, u8 *buf, size_t len, u16 stype,
1351                      struct hostapd_frame_info *fi)
1352 {
1353         struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) buf;
1354         int broadcast;
1355
1356         if (stype == WLAN_FC_STYPE_BEACON) {
1357                 handle_beacon(hapd, mgmt, len, fi);
1358                 return;
1359         }
1360
1361         broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff &&
1362                 mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff &&
1363                 mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff;
1364
1365         if (!broadcast &&
1366             os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) {
1367                 printf("MGMT: BSSID=" MACSTR " not our address\n",
1368                        MAC2STR(mgmt->bssid));
1369                 return;
1370         }
1371
1372
1373         if (stype == WLAN_FC_STYPE_PROBE_REQ) {
1374                 handle_probe_req(hapd, mgmt, len);
1375                 return;
1376         }
1377
1378         if (os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) {
1379                 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
1380                                HOSTAPD_LEVEL_DEBUG,
1381                                "MGMT: DA=" MACSTR " not our address",
1382                                MAC2STR(mgmt->da));
1383                 return;
1384         }
1385
1386         switch (stype) {
1387         case WLAN_FC_STYPE_AUTH:
1388                 wpa_printf(MSG_DEBUG, "mgmt::auth");
1389                 handle_auth(hapd, mgmt, len);
1390                 break;
1391         case WLAN_FC_STYPE_ASSOC_REQ:
1392                 wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
1393                 handle_assoc(hapd, mgmt, len, 0);
1394                 break;
1395         case WLAN_FC_STYPE_REASSOC_REQ:
1396                 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
1397                 handle_assoc(hapd, mgmt, len, 1);
1398                 break;
1399         case WLAN_FC_STYPE_DISASSOC:
1400                 wpa_printf(MSG_DEBUG, "mgmt::disassoc");
1401                 handle_disassoc(hapd, mgmt, len);
1402                 break;
1403         case WLAN_FC_STYPE_DEAUTH:
1404                 wpa_printf(MSG_DEBUG, "mgmt::deauth");
1405                 handle_deauth(hapd, mgmt, len);
1406                 break;
1407         case WLAN_FC_STYPE_ACTION:
1408                 wpa_printf(MSG_DEBUG, "mgmt::action");
1409                 handle_action(hapd, mgmt, len);
1410                 break;
1411         default:
1412                 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
1413                                HOSTAPD_LEVEL_DEBUG,
1414                                "unknown mgmt frame subtype %d", stype);
1415                 break;
1416         }
1417 }
1418
1419
1420 static void handle_auth_cb(struct hostapd_data *hapd,
1421                            struct ieee80211_mgmt *mgmt,
1422                            size_t len, int ok)
1423 {
1424         u16 auth_alg, auth_transaction, status_code;
1425         struct sta_info *sta;
1426
1427         if (!ok) {
1428                 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
1429                                HOSTAPD_LEVEL_NOTICE,
1430                                "did not acknowledge authentication response");
1431                 return;
1432         }
1433
1434         if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
1435                 printf("handle_auth_cb - too short payload (len=%lu)\n",
1436                        (unsigned long) len);
1437                 return;
1438         }
1439
1440         auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
1441         auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
1442         status_code = le_to_host16(mgmt->u.auth.status_code);
1443
1444         sta = ap_get_sta(hapd, mgmt->da);
1445         if (!sta) {
1446                 printf("handle_auth_cb: STA " MACSTR " not found\n",
1447                        MAC2STR(mgmt->da));
1448                 return;
1449         }
1450
1451         if (status_code == WLAN_STATUS_SUCCESS &&
1452             ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
1453              (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
1454                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1455                                HOSTAPD_LEVEL_INFO, "authenticated");
1456                 sta->flags |= WLAN_STA_AUTH;
1457         }
1458 }
1459
1460
1461 static void handle_assoc_cb(struct hostapd_data *hapd,
1462                             struct ieee80211_mgmt *mgmt,
1463                             size_t len, int reassoc, int ok)
1464 {
1465         u16 status;
1466         struct sta_info *sta;
1467         int new_assoc = 1;
1468         struct ieee80211_ht_capabilities ht_cap;
1469         int set_flags, total_flags, flags_and, flags_or;
1470
1471         if (!ok) {
1472                 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
1473                                HOSTAPD_LEVEL_DEBUG,
1474                                "did not acknowledge association response");
1475                 return;
1476         }
1477
1478         if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
1479                                       sizeof(mgmt->u.assoc_resp))) {
1480                 printf("handle_assoc_cb(reassoc=%d) - too short payload "
1481                        "(len=%lu)\n", reassoc, (unsigned long) len);
1482                 return;
1483         }
1484
1485         if (reassoc)
1486                 status = le_to_host16(mgmt->u.reassoc_resp.status_code);
1487         else
1488                 status = le_to_host16(mgmt->u.assoc_resp.status_code);
1489
1490         sta = ap_get_sta(hapd, mgmt->da);
1491         if (!sta) {
1492                 printf("handle_assoc_cb: STA " MACSTR " not found\n",
1493                        MAC2STR(mgmt->da));
1494                 return;
1495         }
1496
1497         if (status != WLAN_STATUS_SUCCESS)
1498                 goto fail;
1499
1500         /* Stop previous accounting session, if one is started, and allocate
1501          * new session id for the new session. */
1502         accounting_sta_stop(hapd, sta);
1503
1504         hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1505                        HOSTAPD_LEVEL_INFO,
1506                        "associated (aid %d)",
1507                        sta->aid);
1508
1509         if (sta->flags & WLAN_STA_ASSOC)
1510                 new_assoc = 0;
1511         sta->flags |= WLAN_STA_ASSOC;
1512         if (!hapd->conf->ieee802_1x && !hapd->conf->wpa) {
1513                 /* Open or static WEP; no separate authorization */
1514                 sta->flags |= WLAN_STA_AUTHORIZED;
1515                 wpa_msg(hapd->msg_ctx, MSG_INFO,
1516                         AP_STA_CONNECTED MACSTR, MAC2STR(sta->addr));
1517         }
1518
1519         if (reassoc)
1520                 mlme_reassociate_indication(hapd, sta);
1521         else
1522                 mlme_associate_indication(hapd, sta);
1523
1524 #ifdef CONFIG_IEEE80211W
1525         sta->sa_query_timed_out = 0;
1526 #endif /* CONFIG_IEEE80211W */
1527
1528         /*
1529          * Remove the STA entry in order to make sure the STA PS state gets
1530          * cleared and configuration gets updated in case of reassociation back
1531          * to the same AP.
1532          */
1533         hostapd_sta_remove(hapd, sta->addr);
1534
1535 #ifdef CONFIG_IEEE80211N
1536         if (sta->flags & WLAN_STA_HT)
1537                 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
1538 #endif /* CONFIG_IEEE80211N */
1539
1540         if (hostapd_sta_add(hapd->conf->iface, hapd, sta->addr, sta->aid,
1541                             sta->capability, sta->supported_rates,
1542                             sta->supported_rates_len, sta->listen_interval,
1543                             sta->flags & WLAN_STA_HT ? &ht_cap : NULL))
1544         {
1545                 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1546                                HOSTAPD_LEVEL_NOTICE,
1547                                "Could not add STA to kernel driver");
1548         }
1549
1550         if (sta->eapol_sm == NULL) {
1551                 /*
1552                  * This STA does not use RADIUS server for EAP authentication,
1553                  * so bind it to the selected VLAN interface now, since the
1554                  * interface selection is not going to change anymore.
1555                  */
1556                 ap_sta_bind_vlan(hapd, sta, 0);
1557         } else if (sta->vlan_id) {
1558                 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
1559                 ap_sta_bind_vlan(hapd, sta, 0);
1560         }
1561
1562         total_flags = hostapd_sta_flags_to_drv(sta->flags);
1563         set_flags = WPA_STA_SHORT_PREAMBLE | WPA_STA_WMM | WPA_STA_MFP;
1564         if (!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
1565             sta->flags & WLAN_STA_AUTHORIZED)
1566                 set_flags |= WPA_STA_AUTHORIZED;
1567         flags_or = total_flags & set_flags;
1568         flags_and = total_flags | ~set_flags;
1569         hostapd_sta_set_flags(hapd, sta->addr, total_flags,
1570                               flags_or, flags_and);
1571
1572         if (sta->auth_alg == WLAN_AUTH_FT)
1573                 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
1574         else
1575                 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
1576         hostapd_new_assoc_sta(hapd, sta, !new_assoc);
1577
1578         ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
1579
1580  fail:
1581         /* Copy of the association request is not needed anymore */
1582         if (sta->last_assoc_req) {
1583                 os_free(sta->last_assoc_req);
1584                 sta->last_assoc_req = NULL;
1585         }
1586 }
1587
1588
1589 /**
1590  * ieee802_11_mgmt_cb - Process management frame TX status callback
1591  * @hapd: hostapd BSS data structure (the BSS from which the management frame
1592  * was sent from)
1593  * @buf: management frame data (starting from IEEE 802.11 header)
1594  * @len: length of frame data in octets
1595  * @stype: management frame subtype from frame control field
1596  * @ok: Whether the frame was ACK'ed
1597  */
1598 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, u8 *buf, size_t len,
1599                         u16 stype, int ok)
1600 {
1601         struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) buf;
1602
1603         switch (stype) {
1604         case WLAN_FC_STYPE_AUTH:
1605                 wpa_printf(MSG_DEBUG, "mgmt::auth cb");
1606                 handle_auth_cb(hapd, mgmt, len, ok);
1607                 break;
1608         case WLAN_FC_STYPE_ASSOC_RESP:
1609                 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
1610                 handle_assoc_cb(hapd, mgmt, len, 0, ok);
1611                 break;
1612         case WLAN_FC_STYPE_REASSOC_RESP:
1613                 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");
1614                 handle_assoc_cb(hapd, mgmt, len, 1, ok);
1615                 break;
1616         case WLAN_FC_STYPE_PROBE_RESP:
1617                 wpa_printf(MSG_DEBUG, "mgmt::proberesp cb");
1618                 break;
1619         case WLAN_FC_STYPE_DEAUTH:
1620                 /* ignore */
1621                 break;
1622         case WLAN_FC_STYPE_ACTION:
1623                 wpa_printf(MSG_DEBUG, "mgmt::action cb");
1624                 break;
1625         default:
1626                 printf("unknown mgmt cb frame subtype %d\n", stype);
1627                 break;
1628         }
1629 }
1630
1631
1632 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
1633 {
1634         /* TODO */
1635         return 0;
1636 }
1637
1638
1639 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
1640                            char *buf, size_t buflen)
1641 {
1642         /* TODO */
1643         return 0;
1644 }
1645
1646 #endif /* CONFIG_NATIVE_WINDOWS */