2 * hostapd / Initialization and configuration
3 * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
19 #include "common/ieee802_11_defs.h"
20 #include "eapol_auth/eapol_auth_sm.h"
21 #include "eapol_auth/eapol_auth_sm_i.h"
22 #include "radius/radius_client.h"
23 #include "eap_server/eap.h"
24 #include "l2_packet/l2_packet.h"
25 #include "ap/hostapd.h"
26 #include "ap/authsrv.h"
27 #include "ap/sta_info.h"
28 #include "ap/accounting.h"
29 #include "ap/ap_list.h"
30 #include "ap/beacon.h"
32 #include "ap/ieee802_1x.h"
33 #include "ap/ieee802_11_auth.h"
34 #include "ap/preauth.h"
35 #include "ap/tkip_countermeasures.h"
36 #include "ap/vlan_init.h"
38 #include "ap/wps_hostapd.h"
39 #include "hw_features.h"
41 #include "ctrl_iface.h"
44 static int hostapd_flush_old_stations(struct hostapd_data *hapd);
45 static int hostapd_setup_wpa(struct hostapd_data *hapd);
46 static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd);
48 extern int wpa_debug_level;
51 static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
52 struct wpa_auth_config *wconf)
54 wconf->wpa = conf->wpa;
55 wconf->wpa_key_mgmt = conf->wpa_key_mgmt;
56 wconf->wpa_pairwise = conf->wpa_pairwise;
57 wconf->wpa_group = conf->wpa_group;
58 wconf->wpa_group_rekey = conf->wpa_group_rekey;
59 wconf->wpa_strict_rekey = conf->wpa_strict_rekey;
60 wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
61 wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
62 wconf->rsn_pairwise = conf->rsn_pairwise;
63 wconf->rsn_preauth = conf->rsn_preauth;
64 wconf->eapol_version = conf->eapol_version;
65 wconf->peerkey = conf->peerkey;
66 wconf->wmm_enabled = conf->wmm_enabled;
67 wconf->okc = conf->okc;
68 #ifdef CONFIG_IEEE80211W
69 wconf->ieee80211w = conf->ieee80211w;
70 #endif /* CONFIG_IEEE80211W */
71 #ifdef CONFIG_IEEE80211R
72 wconf->ssid_len = conf->ssid.ssid_len;
73 if (wconf->ssid_len > SSID_LEN)
74 wconf->ssid_len = SSID_LEN;
75 os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
76 os_memcpy(wconf->mobility_domain, conf->mobility_domain,
77 MOBILITY_DOMAIN_ID_LEN);
78 if (conf->nas_identifier &&
79 os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
80 wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
81 os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
82 wconf->r0_key_holder_len);
84 os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN);
85 wconf->r0_key_lifetime = conf->r0_key_lifetime;
86 wconf->reassociation_deadline = conf->reassociation_deadline;
87 wconf->r0kh_list = conf->r0kh_list;
88 wconf->r1kh_list = conf->r1kh_list;
89 wconf->pmk_r1_push = conf->pmk_r1_push;
90 #endif /* CONFIG_IEEE80211R */
94 int hostapd_reload_config(struct hostapd_iface *iface)
96 struct hostapd_data *hapd = iface->bss[0];
97 struct hostapd_config *newconf, *oldconf;
98 struct wpa_auth_config wpa_auth_conf;
101 if (iface->config_read_cb == NULL)
103 newconf = iface->config_read_cb(iface->config_fname);
108 * Deauthenticate all stations since the new configuration may not
109 * allow them to use the BSS anymore.
111 for (j = 0; j < iface->num_bss; j++)
112 hostapd_flush_old_stations(iface->bss[j]);
114 #ifndef CONFIG_NO_RADIUS
115 /* TODO: update dynamic data based on changed configuration
116 * items (e.g., open/close sockets, etc.) */
117 radius_client_flush(hapd->radius, 0);
118 #endif /* CONFIG_NO_RADIUS */
120 oldconf = hapd->iconf;
121 hapd->iconf = newconf;
122 hapd->conf = &newconf->bss[0];
123 iface->conf = newconf;
125 if (hostapd_setup_wpa_psk(hapd->conf)) {
126 wpa_printf(MSG_ERROR, "Failed to re-configure WPA PSK "
127 "after reloading configuration");
130 if (hapd->conf->wpa && hapd->wpa_auth == NULL)
131 hostapd_setup_wpa(hapd);
132 else if (hapd->conf->wpa) {
133 hostapd_wpa_auth_conf(&newconf->bss[0], &wpa_auth_conf);
134 wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
135 } else if (hapd->wpa_auth) {
136 wpa_deinit(hapd->wpa_auth);
137 hapd->wpa_auth = NULL;
138 hostapd_set_privacy(hapd, 0);
139 hostapd_setup_encryption(hapd->conf->iface, hapd);
142 ieee802_11_set_beacon(hapd);
144 if (hapd->conf->ssid.ssid_set &&
145 hostapd_set_ssid(hapd, (u8 *) hapd->conf->ssid.ssid,
146 hapd->conf->ssid.ssid_len)) {
147 wpa_printf(MSG_ERROR, "Could not set SSID for kernel driver");
148 /* try to continue */
151 if (hapd->conf->ieee802_1x || hapd->conf->wpa)
152 hapd->drv.set_drv_ieee8021x(hapd, hapd->conf->iface, 1);
154 hapd->drv.set_drv_ieee8021x(hapd, hapd->conf->iface, 0);
156 hostapd_config_free(oldconf);
158 wpa_printf(MSG_DEBUG, "Reconfigured interface %s", hapd->conf->iface);
164 int handle_reload_iface(struct hostapd_iface *iface, void *ctx)
166 if (hostapd_reload_config(iface) < 0) {
167 wpa_printf(MSG_WARNING, "Failed to read new configuration "
168 "file - continuing with old.");
174 static void hostapd_broadcast_key_clear_iface(struct hostapd_data *hapd,
179 for (i = 0; i < NUM_WEP_KEYS; i++) {
180 if (hapd->drv.set_key(ifname, hapd, WPA_ALG_NONE, NULL, i,
181 i == 0 ? 1 : 0, NULL, 0, NULL, 0)) {
182 wpa_printf(MSG_DEBUG, "Failed to clear default "
183 "encryption keys (ifname=%s keyidx=%d)",
187 #ifdef CONFIG_IEEE80211W
188 if (hapd->conf->ieee80211w) {
189 for (i = NUM_WEP_KEYS; i < NUM_WEP_KEYS + 2; i++) {
190 if (hapd->drv.set_key(ifname, hapd, WPA_ALG_NONE, NULL,
191 i, i == 0 ? 1 : 0, NULL, 0,
193 wpa_printf(MSG_DEBUG, "Failed to clear "
194 "default mgmt encryption keys "
195 "(ifname=%s keyidx=%d)", ifname, i);
199 #endif /* CONFIG_IEEE80211W */
203 static int hostapd_broadcast_wep_clear(struct hostapd_data *hapd)
205 hostapd_broadcast_key_clear_iface(hapd, hapd->conf->iface);
210 static int hostapd_broadcast_wep_set(struct hostapd_data *hapd)
213 struct hostapd_ssid *ssid = &hapd->conf->ssid;
216 if (ssid->wep.default_len &&
217 hapd->drv.set_key(hapd->conf->iface,
218 hapd, WPA_ALG_WEP, NULL, idx,
219 idx == ssid->wep.idx,
220 NULL, 0, ssid->wep.key[idx],
221 ssid->wep.len[idx])) {
222 wpa_printf(MSG_WARNING, "Could not set WEP encryption.");
226 if (ssid->dyn_vlan_keys) {
228 for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) {
230 struct hostapd_wep_keys *key = ssid->dyn_vlan_keys[i];
233 ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan,
239 if (hapd->drv.set_key(ifname, hapd, WPA_ALG_WEP, NULL,
240 idx, idx == key->idx, NULL, 0,
241 key->key[idx], key->len[idx])) {
242 wpa_printf(MSG_WARNING, "Could not set "
243 "dynamic VLAN WEP encryption.");
253 * hostapd_cleanup - Per-BSS cleanup (deinitialization)
254 * @hapd: Pointer to BSS data
256 * This function is used to free all per-BSS data structures and resources.
257 * This gets called in a loop for each BSS between calls to
258 * hostapd_cleanup_iface_pre() and hostapd_cleanup_iface() when an interface
259 * is deinitialized. Most of the modules that are initialized in
260 * hostapd_setup_bss() are deinitialized here.
262 static void hostapd_cleanup(struct hostapd_data *hapd)
264 hostapd_ctrl_iface_deinit(hapd);
266 iapp_deinit(hapd->iapp);
268 accounting_deinit(hapd);
269 rsn_preauth_iface_deinit(hapd);
270 if (hapd->wpa_auth) {
271 wpa_deinit(hapd->wpa_auth);
272 hapd->wpa_auth = NULL;
274 if (hostapd_set_privacy(hapd, 0)) {
275 wpa_printf(MSG_DEBUG, "Could not disable "
276 "PrivacyInvoked for interface %s",
280 if (hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
281 wpa_printf(MSG_DEBUG, "Could not remove generic "
282 "information element from interface %s",
286 ieee802_1x_deinit(hapd);
288 hostapd_acl_deinit(hapd);
289 #ifndef CONFIG_NO_RADIUS
290 radius_client_deinit(hapd->radius);
292 #endif /* CONFIG_NO_RADIUS */
294 #ifdef CONFIG_IEEE80211R
295 l2_packet_deinit(hapd->l2);
296 #endif /* CONFIG_IEEE80211R */
298 hostapd_deinit_wps(hapd);
300 authsrv_deinit(hapd);
302 if (hapd->interface_added &&
303 hostapd_if_remove(hapd, WPA_IF_AP_BSS, hapd->conf->iface)) {
304 wpa_printf(MSG_WARNING, "Failed to remove BSS interface %s",
308 os_free(hapd->probereq_cb);
309 hapd->probereq_cb = NULL;
314 * hostapd_cleanup_iface_pre - Preliminary per-interface cleanup
315 * @iface: Pointer to interface data
317 * This function is called before per-BSS data structures are deinitialized
318 * with hostapd_cleanup().
320 static void hostapd_cleanup_iface_pre(struct hostapd_iface *iface)
326 * hostapd_cleanup_iface - Complete per-interface cleanup
327 * @iface: Pointer to interface data
329 * This function is called after per-BSS data structures are deinitialized
330 * with hostapd_cleanup().
332 static void hostapd_cleanup_iface(struct hostapd_iface *iface)
334 hostapd_free_hw_features(iface->hw_features, iface->num_hw_features);
335 iface->hw_features = NULL;
336 os_free(iface->current_rates);
337 iface->current_rates = NULL;
338 ap_list_deinit(iface);
339 hostapd_config_free(iface->conf);
342 os_free(iface->config_fname);
348 static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd)
352 hostapd_broadcast_wep_set(hapd);
354 if (hapd->conf->ssid.wep.default_len) {
355 hostapd_set_privacy(hapd, 1);
359 for (i = 0; i < 4; i++) {
360 if (hapd->conf->ssid.wep.key[i] &&
361 hapd->drv.set_key(iface, hapd, WPA_ALG_WEP, NULL, i,
362 i == hapd->conf->ssid.wep.idx, NULL, 0,
363 hapd->conf->ssid.wep.key[i],
364 hapd->conf->ssid.wep.len[i])) {
365 wpa_printf(MSG_WARNING, "Could not set WEP "
369 if (hapd->conf->ssid.wep.key[i] &&
370 i == hapd->conf->ssid.wep.idx)
371 hostapd_set_privacy(hapd, 1);
378 static int hostapd_flush_old_stations(struct hostapd_data *hapd)
382 if (hostapd_drv_none(hapd))
385 wpa_printf(MSG_DEBUG, "Flushing old station entries");
386 if (hostapd_flush(hapd)) {
387 wpa_printf(MSG_WARNING, "Could not connect to kernel driver.");
390 wpa_printf(MSG_DEBUG, "Deauthenticate all stations");
392 /* New Prism2.5/3 STA firmware versions seem to have issues with this
393 * broadcast deauth frame. This gets the firmware in odd state where
394 * nothing works correctly, so let's skip sending this for the hostap
396 if (hapd->driver && os_strcmp(hapd->driver->name, "hostap") != 0) {
398 os_memset(addr, 0xff, ETH_ALEN);
399 hapd->drv.sta_deauth(hapd, addr,
400 WLAN_REASON_PREV_AUTH_NOT_VALID);
407 static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr,
408 logger_level level, const char *txt)
410 #ifndef CONFIG_NO_HOSTAPD_LOGGER
411 struct hostapd_data *hapd = ctx;
416 hlevel = HOSTAPD_LEVEL_WARNING;
419 hlevel = HOSTAPD_LEVEL_INFO;
423 hlevel = HOSTAPD_LEVEL_DEBUG;
427 hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt);
428 #endif /* CONFIG_NO_HOSTAPD_LOGGER */
432 static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr,
435 struct hostapd_data *hapd = ctx;
436 wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: "
437 "STA " MACSTR " reason %d",
438 __func__, MAC2STR(addr), reason);
439 ap_sta_disconnect(hapd, NULL, addr, reason);
443 static void hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
445 struct hostapd_data *hapd = ctx;
446 michael_mic_failure(hapd, addr, 0);
450 static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr,
451 wpa_eapol_variable var, int value)
453 struct hostapd_data *hapd = ctx;
454 struct sta_info *sta = ap_get_sta(hapd, addr);
458 case WPA_EAPOL_portEnabled:
459 ieee802_1x_notify_port_enabled(sta->eapol_sm, value);
461 case WPA_EAPOL_portValid:
462 ieee802_1x_notify_port_valid(sta->eapol_sm, value);
464 case WPA_EAPOL_authorized:
465 ieee802_1x_set_sta_authorized(hapd, sta, value);
467 case WPA_EAPOL_portControl_Auto:
469 sta->eapol_sm->portControl = Auto;
471 case WPA_EAPOL_keyRun:
473 sta->eapol_sm->keyRun = value ? TRUE : FALSE;
475 case WPA_EAPOL_keyAvailable:
477 sta->eapol_sm->eap_if->eapKeyAvailable =
478 value ? TRUE : FALSE;
480 case WPA_EAPOL_keyDone:
482 sta->eapol_sm->keyDone = value ? TRUE : FALSE;
484 case WPA_EAPOL_inc_EapolFramesTx:
486 sta->eapol_sm->dot1xAuthEapolFramesTx++;
492 static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
493 wpa_eapol_variable var)
495 struct hostapd_data *hapd = ctx;
496 struct sta_info *sta = ap_get_sta(hapd, addr);
497 if (sta == NULL || sta->eapol_sm == NULL)
500 case WPA_EAPOL_keyRun:
501 return sta->eapol_sm->keyRun;
502 case WPA_EAPOL_keyAvailable:
503 return sta->eapol_sm->eap_if->eapKeyAvailable;
510 static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
513 struct hostapd_data *hapd = ctx;
514 return hostapd_get_psk(hapd->conf, addr, prev_psk);
518 static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
521 struct hostapd_data *hapd = ctx;
524 struct sta_info *sta;
526 sta = ap_get_sta(hapd, addr);
530 key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
536 os_memcpy(msk, key, keylen);
543 static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, wpa_alg alg,
544 const u8 *addr, int idx, u8 *key,
547 struct hostapd_data *hapd = ctx;
548 const char *ifname = hapd->conf->iface;
551 ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
556 return hapd->drv.set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0,
561 static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx,
564 struct hostapd_data *hapd = ctx;
565 return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq);
569 static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
570 const u8 *data, size_t data_len,
573 struct hostapd_data *hapd = ctx;
574 return hapd->drv.send_eapol(hapd, addr, data, data_len, encrypt);
578 static int hostapd_wpa_auth_for_each_sta(
579 void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx),
582 struct hostapd_data *hapd = ctx;
583 struct sta_info *sta;
585 for (sta = hapd->sta_list; sta; sta = sta->next) {
586 if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
593 struct wpa_auth_iface_iter_data {
594 int (*cb)(struct wpa_authenticator *sm, void *ctx);
598 static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx)
600 struct wpa_auth_iface_iter_data *data = ctx;
602 for (i = 0; i < iface->num_bss; i++) {
603 if (data->cb(iface->bss[i]->wpa_auth, data->cb_ctx))
610 static int hostapd_wpa_auth_for_each_auth(
611 void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx),
614 struct hostapd_data *hapd = ctx;
615 struct wpa_auth_iface_iter_data data;
617 data.cb_ctx = cb_ctx;
618 return hostapd_for_each_interface(hapd->iface->interfaces,
619 wpa_auth_iface_iter, &data);
623 static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto,
624 const u8 *data, size_t data_len)
626 struct hostapd_data *hapd = ctx;
628 if (hapd->driver && hapd->driver->send_ether)
629 return hapd->driver->send_ether(hapd->drv_priv, dst,
630 hapd->own_addr, proto,
632 if (hapd->l2 == NULL)
634 return l2_packet_send(hapd->l2, dst, proto, data, data_len);
638 #ifdef CONFIG_IEEE80211R
640 static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst,
641 const u8 *data, size_t data_len)
643 struct hostapd_data *hapd = ctx;
645 struct ieee80211_mgmt *m;
647 struct sta_info *sta;
649 sta = ap_get_sta(hapd, dst);
650 if (sta == NULL || sta->wpa_sm == NULL)
653 m = os_zalloc(sizeof(*m) + data_len);
656 mlen = ((u8 *) &m->u - (u8 *) m) + data_len;
657 m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
658 WLAN_FC_STYPE_ACTION);
659 os_memcpy(m->da, dst, ETH_ALEN);
660 os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
661 os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
662 os_memcpy(&m->u, data, data_len);
664 res = hapd->drv.send_mgmt_frame(hapd, (u8 *) m, mlen);
670 static struct wpa_state_machine *
671 hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr)
673 struct hostapd_data *hapd = ctx;
674 struct sta_info *sta;
676 sta = ap_sta_add(hapd, sta_addr);
682 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr);
683 if (sta->wpa_sm == NULL) {
684 ap_free_sta(hapd, sta);
687 sta->auth_alg = WLAN_AUTH_FT;
693 static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf,
696 struct hostapd_data *hapd = ctx;
697 wpa_ft_rrb_rx(hapd->wpa_auth, src_addr, buf, len);
700 #endif /* CONFIG_IEEE80211R */
704 * hostapd_validate_bssid_configuration - Validate BSSID configuration
705 * @iface: Pointer to interface data
706 * Returns: 0 on success, -1 on failure
708 * This function is used to validate that the configured BSSIDs are valid.
710 static int hostapd_validate_bssid_configuration(struct hostapd_iface *iface)
712 u8 mask[ETH_ALEN] = { 0 };
713 struct hostapd_data *hapd = iface->bss[0];
714 unsigned int i = iface->conf->num_bss, bits = 0, j;
718 if (hostapd_drv_none(hapd))
721 /* Generate BSSID mask that is large enough to cover the BSSIDs. */
723 /* Determine the bits necessary to cover the number of BSSIDs. */
724 for (i--; i; i >>= 1)
727 /* Determine the bits necessary to any configured BSSIDs,
728 if they are higher than the number of BSSIDs. */
729 for (j = 0; j < iface->conf->num_bss; j++) {
730 if (hostapd_mac_comp_empty(iface->conf->bss[j].bssid) == 0) {
736 for (i = 0; i < ETH_ALEN; i++) {
738 iface->conf->bss[j].bssid[i] ^
746 for (i = 0; i < ETH_ALEN && mask[i] == 0; i++)
752 while (mask[i] != 0) {
762 wpa_printf(MSG_ERROR, "Too many bits in the BSSID mask (%u)",
767 os_memset(mask, 0xff, ETH_ALEN);
769 for (i = 5; i > 5 - j; i--)
776 wpa_printf(MSG_DEBUG, "BSS count %lu, BSSID mask " MACSTR " (%d bits)",
777 (unsigned long) iface->conf->num_bss, MAC2STR(mask), bits);
779 res = hostapd_valid_bss_mask(hapd, hapd->own_addr, mask);
784 wpa_printf(MSG_ERROR, "Driver did not accept BSSID mask "
785 MACSTR " for start address " MACSTR ".",
786 MAC2STR(mask), MAC2STR(hapd->own_addr));
793 for (i = 0; i < ETH_ALEN; i++) {
794 if ((hapd->own_addr[i] & mask[i]) != hapd->own_addr[i]) {
795 wpa_printf(MSG_ERROR, "Invalid BSSID mask " MACSTR
796 " for start address " MACSTR ".",
797 MAC2STR(mask), MAC2STR(hapd->own_addr));
798 wpa_printf(MSG_ERROR, "Start address must be the "
799 "first address in the block (i.e., addr "
800 "AND mask == addr).");
809 static int mac_in_conf(struct hostapd_config *conf, const void *a)
813 for (i = 0; i < conf->num_bss; i++) {
814 if (hostapd_mac_comp(conf->bss[i].bssid, a) == 0) {
823 static int hostapd_setup_wpa(struct hostapd_data *hapd)
825 struct wpa_auth_config _conf;
826 struct wpa_auth_callbacks cb;
830 hostapd_wpa_auth_conf(hapd->conf, &_conf);
831 os_memset(&cb, 0, sizeof(cb));
833 cb.logger = hostapd_wpa_auth_logger;
834 cb.disconnect = hostapd_wpa_auth_disconnect;
835 cb.mic_failure_report = hostapd_wpa_auth_mic_failure_report;
836 cb.set_eapol = hostapd_wpa_auth_set_eapol;
837 cb.get_eapol = hostapd_wpa_auth_get_eapol;
838 cb.get_psk = hostapd_wpa_auth_get_psk;
839 cb.get_msk = hostapd_wpa_auth_get_msk;
840 cb.set_key = hostapd_wpa_auth_set_key;
841 cb.get_seqnum = hostapd_wpa_auth_get_seqnum;
842 cb.send_eapol = hostapd_wpa_auth_send_eapol;
843 cb.for_each_sta = hostapd_wpa_auth_for_each_sta;
844 cb.for_each_auth = hostapd_wpa_auth_for_each_auth;
845 cb.send_ether = hostapd_wpa_auth_send_ether;
846 #ifdef CONFIG_IEEE80211R
847 cb.send_ft_action = hostapd_wpa_auth_send_ft_action;
848 cb.add_sta = hostapd_wpa_auth_add_sta;
849 #endif /* CONFIG_IEEE80211R */
850 hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb);
851 if (hapd->wpa_auth == NULL) {
852 wpa_printf(MSG_ERROR, "WPA initialization failed.");
856 if (hostapd_set_privacy(hapd, 1)) {
857 wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked "
858 "for interface %s", hapd->conf->iface);
862 wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len);
863 if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) {
864 wpa_printf(MSG_ERROR, "Failed to configure WPA IE for "
865 "the kernel driver.");
869 if (rsn_preauth_iface_init(hapd)) {
870 wpa_printf(MSG_ERROR, "Initialization of RSN "
871 "pre-authentication failed.");
881 * hostapd_setup_bss - Per-BSS setup (initialization)
882 * @hapd: Pointer to BSS data
883 * @first: Whether this BSS is the first BSS of an interface
885 * This function is used to initialize all per-BSS data structures and
886 * resources. This gets called in a loop for each BSS when an interface is
887 * initialized. Most of the modules that are initialized here will be
888 * deinitialized in hostapd_cleanup().
890 static int hostapd_setup_bss(struct hostapd_data *hapd, int first)
892 struct hostapd_bss_config *conf = hapd->conf;
893 u8 ssid[HOSTAPD_MAX_SSID_LEN + 1];
894 int ssid_len, set_ssid;
897 if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0) {
898 /* Allocate the next available BSSID. */
900 inc_byte_array(hapd->own_addr, ETH_ALEN);
901 } while (mac_in_conf(hapd->iconf, hapd->own_addr));
903 /* Allocate the configured BSSID. */
904 os_memcpy(hapd->own_addr, hapd->conf->bssid, ETH_ALEN);
906 if (hostapd_mac_comp(hapd->own_addr,
907 hapd->iface->bss[0]->own_addr) ==
909 wpa_printf(MSG_ERROR, "BSS '%s' may not have "
910 "BSSID set to the MAC address of "
911 "the radio", hapd->conf->iface);
916 hapd->interface_added = 1;
917 if (hostapd_if_add(hapd->iface->bss[0], WPA_IF_AP_BSS,
918 hapd->conf->iface, hapd->own_addr, hapd)) {
919 wpa_printf(MSG_ERROR, "Failed to add BSS (BSSID="
920 MACSTR ")", MAC2STR(hapd->own_addr));
925 hostapd_flush_old_stations(hapd);
926 hostapd_set_privacy(hapd, 0);
928 hostapd_broadcast_wep_clear(hapd);
929 if (hostapd_setup_encryption(hapd->conf->iface, hapd))
933 * Fetch the SSID from the system and use it or,
934 * if one was specified in the config file, verify they
937 ssid_len = hostapd_get_ssid(hapd, ssid, sizeof(ssid));
939 wpa_printf(MSG_ERROR, "Could not read SSID from system");
942 if (conf->ssid.ssid_set) {
944 * If SSID is specified in the config file and it differs
945 * from what is being used then force installation of the
948 set_ssid = (conf->ssid.ssid_len != (size_t) ssid_len ||
949 os_memcmp(conf->ssid.ssid, ssid, ssid_len) != 0);
952 * No SSID in the config file; just use the one we got
956 conf->ssid.ssid_len = ssid_len;
957 os_memcpy(conf->ssid.ssid, ssid, conf->ssid.ssid_len);
958 conf->ssid.ssid[conf->ssid.ssid_len] = '\0';
961 if (!hostapd_drv_none(hapd)) {
962 wpa_printf(MSG_ERROR, "Using interface %s with hwaddr " MACSTR
964 hapd->conf->iface, MAC2STR(hapd->own_addr),
965 hapd->conf->ssid.ssid);
968 if (hostapd_setup_wpa_psk(conf)) {
969 wpa_printf(MSG_ERROR, "WPA-PSK setup failed.");
973 /* Set SSID for the kernel driver (to be used in beacon and probe
974 * response frames) */
975 if (set_ssid && hostapd_set_ssid(hapd, (u8 *) conf->ssid.ssid,
976 conf->ssid.ssid_len)) {
977 wpa_printf(MSG_ERROR, "Could not set SSID for kernel driver");
981 if (wpa_debug_level == MSG_MSGDUMP)
982 conf->radius->msg_dumps = 1;
983 #ifndef CONFIG_NO_RADIUS
984 hapd->radius = radius_client_init(hapd, conf->radius);
985 if (hapd->radius == NULL) {
986 wpa_printf(MSG_ERROR, "RADIUS client initialization failed.");
989 #endif /* CONFIG_NO_RADIUS */
991 if (hostapd_acl_init(hapd)) {
992 wpa_printf(MSG_ERROR, "ACL initialization failed.");
995 if (hostapd_init_wps(hapd, conf))
998 if (ieee802_1x_init(hapd)) {
999 wpa_printf(MSG_ERROR, "IEEE 802.1X initialization failed.");
1003 if (hapd->conf->wpa && hostapd_setup_wpa(hapd))
1006 if (accounting_init(hapd)) {
1007 wpa_printf(MSG_ERROR, "Accounting initialization failed.");
1011 if (hapd->conf->ieee802_11f &&
1012 (hapd->iapp = iapp_init(hapd, hapd->conf->iapp_iface)) == NULL) {
1013 wpa_printf(MSG_ERROR, "IEEE 802.11F (IAPP) initialization "
1018 if (hostapd_ctrl_iface_init(hapd)) {
1019 wpa_printf(MSG_ERROR, "Failed to setup control interface");
1023 if (!hostapd_drv_none(hapd) && vlan_init(hapd)) {
1024 wpa_printf(MSG_ERROR, "VLAN initialization failed.");
1028 #ifdef CONFIG_IEEE80211R
1029 if (!hostapd_drv_none(hapd)) {
1030 hapd->l2 = l2_packet_init(hapd->conf->iface, NULL, ETH_P_RRB,
1031 hostapd_rrb_receive, hapd, 0);
1032 if (hapd->l2 == NULL &&
1033 (hapd->driver == NULL ||
1034 hapd->driver->send_ether == NULL)) {
1035 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1040 #endif /* CONFIG_IEEE80211R */
1042 ieee802_11_set_beacon(hapd);
1044 if (authsrv_init(hapd) < 0)
1051 static void hostapd_tx_queue_params(struct hostapd_iface *iface)
1053 struct hostapd_data *hapd = iface->bss[0];
1055 struct hostapd_tx_queue_params *p;
1057 for (i = 0; i < NUM_TX_QUEUES; i++) {
1058 p = &iface->conf->tx_queue[i];
1063 if (hostapd_set_tx_queue_params(hapd, i, p->aifs, p->cwmin,
1064 p->cwmax, p->burst)) {
1065 wpa_printf(MSG_DEBUG, "Failed to set TX queue "
1066 "parameters for queue %d.", i);
1067 /* Continue anyway */
1073 static int setup_interface(struct hostapd_iface *iface)
1075 struct hostapd_data *hapd = iface->bss[0];
1080 * Make sure that all BSSes get configured with a pointer to the same
1083 for (i = 1; i < iface->num_bss; i++) {
1084 iface->bss[i]->driver = hapd->driver;
1085 iface->bss[i]->drv_priv = hapd->drv_priv;
1088 if (hostapd_validate_bssid_configuration(iface))
1091 if (hapd->iconf->country[0] && hapd->iconf->country[1]) {
1092 os_memcpy(country, hapd->iconf->country, 3);
1094 if (hostapd_set_country(hapd, country) < 0) {
1095 wpa_printf(MSG_ERROR, "Failed to set country code");
1100 if (hostapd_get_hw_features(iface)) {
1101 /* Not all drivers support this yet, so continue without hw
1104 int ret = hostapd_select_hw_mode(iface);
1106 wpa_printf(MSG_ERROR, "Could not select hw_mode and "
1107 "channel. (%d)", ret);
1110 ret = hostapd_check_ht_capab(iface);
1114 wpa_printf(MSG_DEBUG, "Interface initialization will "
1115 "be completed in a callback");
1119 return hostapd_setup_interface_complete(iface, 0);
1123 int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err)
1125 struct hostapd_data *hapd = iface->bss[0];
1131 wpa_printf(MSG_ERROR, "Interface initialization failed");
1136 wpa_printf(MSG_DEBUG, "Completing interface initialization");
1137 if (hapd->iconf->channel) {
1138 freq = hostapd_hw_get_freq(hapd, hapd->iconf->channel);
1139 wpa_printf(MSG_DEBUG, "Mode: %s Channel: %d "
1140 "Frequency: %d MHz",
1141 hostapd_hw_mode_txt(hapd->iconf->hw_mode),
1142 hapd->iconf->channel, freq);
1144 if (hostapd_set_freq(hapd, hapd->iconf->hw_mode, freq,
1145 hapd->iconf->channel,
1146 hapd->iconf->ieee80211n,
1147 hapd->iconf->secondary_channel)) {
1148 wpa_printf(MSG_ERROR, "Could not set channel for "
1154 if (hapd->iconf->rts_threshold > -1 &&
1155 hostapd_set_rts(hapd, hapd->iconf->rts_threshold)) {
1156 wpa_printf(MSG_ERROR, "Could not set RTS threshold for "
1161 if (hapd->iconf->fragm_threshold > -1 &&
1162 hostapd_set_frag(hapd, hapd->iconf->fragm_threshold)) {
1163 wpa_printf(MSG_ERROR, "Could not set fragmentation threshold "
1164 "for kernel driver");
1168 prev_addr = hapd->own_addr;
1170 for (j = 0; j < iface->num_bss; j++) {
1171 hapd = iface->bss[j];
1173 os_memcpy(hapd->own_addr, prev_addr, ETH_ALEN);
1174 if (hostapd_setup_bss(hapd, j == 0))
1176 if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0)
1177 prev_addr = hapd->own_addr;
1180 hostapd_tx_queue_params(iface);
1182 ap_list_init(iface);
1184 if (hostapd_driver_commit(hapd) < 0) {
1185 wpa_printf(MSG_ERROR, "%s: Failed to commit driver "
1186 "configuration", __func__);
1190 wpa_printf(MSG_DEBUG, "%s: Setup of interface done.",
1191 iface->bss[0]->conf->iface);
1198 * hostapd_setup_interface - Setup of an interface
1199 * @iface: Pointer to interface data.
1200 * Returns: 0 on success, -1 on failure
1202 * Initializes the driver interface, validates the configuration,
1203 * and sets driver parameters based on the configuration.
1204 * Flushes old stations, sets the channel, encryption,
1205 * beacons, and WDS links based on the configuration.
1207 int hostapd_setup_interface(struct hostapd_iface *iface)
1211 ret = setup_interface(iface);
1213 wpa_printf(MSG_ERROR, "%s: Unable to setup interface.",
1214 iface->bss[0]->conf->iface);
1223 * hostapd_alloc_bss_data - Allocate and initialize per-BSS data
1224 * @hapd_iface: Pointer to interface data
1225 * @conf: Pointer to per-interface configuration
1226 * @bss: Pointer to per-BSS configuration for this BSS
1227 * Returns: Pointer to allocated BSS data
1229 * This function is used to allocate per-BSS data structure. This data will be
1230 * freed after hostapd_cleanup() is called for it during interface
1233 struct hostapd_data *
1234 hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
1235 struct hostapd_config *conf,
1236 struct hostapd_bss_config *bss)
1238 struct hostapd_data *hapd;
1240 hapd = os_zalloc(sizeof(*hapd));
1244 hostapd_set_driver_ops(&hapd->drv);
1245 hapd->new_assoc_sta_cb = hostapd_new_assoc_sta;
1248 hapd->iface = hapd_iface;
1249 hapd->driver = hapd->iconf->driver;
1255 void hostapd_interface_deinit(struct hostapd_iface *iface)
1262 hostapd_cleanup_iface_pre(iface);
1263 for (j = 0; j < iface->num_bss; j++) {
1264 struct hostapd_data *hapd = iface->bss[j];
1265 hostapd_free_stas(hapd);
1266 hostapd_flush_old_stations(hapd);
1267 hostapd_cleanup(hapd);
1268 if (j == iface->num_bss - 1 && hapd->driver)
1269 hostapd_driver_deinit(hapd);
1271 for (j = 0; j < iface->num_bss; j++)
1272 os_free(iface->bss[j]);
1273 hostapd_cleanup_iface(iface);
1278 struct hostapd_data *hapd;
1282 static int prune_associations(struct hostapd_iface *iface, void *ctx)
1284 struct prune_data *data = ctx;
1285 struct sta_info *osta;
1286 struct hostapd_data *ohapd;
1289 for (j = 0; j < iface->num_bss; j++) {
1290 ohapd = iface->bss[j];
1291 if (ohapd == data->hapd)
1293 osta = ap_get_sta(ohapd, data->addr);
1297 ap_sta_disassociate(ohapd, osta, WLAN_REASON_UNSPECIFIED);
1304 * hostapd_prune_associations - Remove extraneous associations
1305 * @hapd: Pointer to BSS data for the most recent association
1306 * @sta: Pointer to the associated STA data
1308 * This function looks through all radios and BSS's for previous
1309 * (stale) associations of STA. If any are found they are removed.
1311 static void hostapd_prune_associations(struct hostapd_data *hapd,
1312 struct sta_info *sta)
1314 struct prune_data data;
1316 data.addr = sta->addr;
1317 hostapd_for_each_interface(hapd->iface->interfaces,
1318 prune_associations, &data);
1323 * hostapd_new_assoc_sta - Notify that a new station associated with the AP
1324 * @hapd: Pointer to BSS data
1325 * @sta: Pointer to the associated STA data
1326 * @reassoc: 1 to indicate this was a re-association; 0 = first association
1328 * This function will be called whenever a station associates with the AP. It
1329 * can be called from ieee802_11.c for drivers that export MLME to hostapd and
1330 * from drv_callbacks.c based on driver events for drivers that take care of
1331 * management frames (IEEE 802.11 authentication and association) internally.
1333 void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
1336 if (hapd->tkip_countermeasures) {
1337 hapd->drv.sta_deauth(hapd, sta->addr,
1338 WLAN_REASON_MICHAEL_MIC_FAILURE);
1342 hostapd_prune_associations(hapd, sta);
1344 /* IEEE 802.11F (IAPP) */
1345 if (hapd->conf->ieee802_11f)
1346 iapp_new_station(hapd->iapp, sta);
1348 /* Start accounting here, if IEEE 802.1X and WPA are not used.
1349 * IEEE 802.1X/WPA code will start accounting after the station has
1350 * been authorized. */
1351 if (!hapd->conf->ieee802_1x && !hapd->conf->wpa)
1352 accounting_sta_start(hapd, sta);
1354 /* Start IEEE 802.1X authentication process for new stations */
1355 ieee802_1x_new_station(hapd, sta);
1357 if (sta->auth_alg != WLAN_AUTH_FT &&
1358 !(sta->flags & (WLAN_STA_WPS | WLAN_STA_MAYBE_WPS)))
1359 wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH);
1361 wpa_auth_sta_associated(hapd->wpa_auth, sta->wpa_sm);