2 * WPA Supplicant - Client mode MLME
3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
4 * Copyright (c) 2004, Instant802 Networks, Inc.
5 * Copyright (c) 2005-2006, Devicescape Software, Inc.
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
11 * Alternatively, this software may be distributed under the terms of BSD
14 * See README and COPYING for more details.
21 #include "config_ssid.h"
22 #include "wpa_supplicant_i.h"
25 #include "rsn_supp/wpa.h"
26 #include "common/ieee802_11_defs.h"
27 #include "common/ieee802_11_common.h"
31 /* Timeouts and intervals in milliseconds */
32 #define IEEE80211_AUTH_TIMEOUT (200)
33 #define IEEE80211_AUTH_MAX_TRIES 3
34 #define IEEE80211_ASSOC_TIMEOUT (200)
35 #define IEEE80211_ASSOC_MAX_TRIES 3
36 #define IEEE80211_MONITORING_INTERVAL (2000)
37 #define IEEE80211_PROBE_INTERVAL (60000)
38 #define IEEE80211_RETRY_AUTH_INTERVAL (1000)
39 #define IEEE80211_SCAN_INTERVAL (2000)
40 #define IEEE80211_SCAN_INTERVAL_SLOW (15000)
41 #define IEEE80211_IBSS_JOIN_TIMEOUT (20000)
43 #define IEEE80211_PROBE_DELAY (33)
44 #define IEEE80211_CHANNEL_TIME (33)
45 #define IEEE80211_PASSIVE_CHANNEL_TIME (200)
46 #define IEEE80211_SCAN_RESULT_EXPIRE (10000)
47 #define IEEE80211_IBSS_MERGE_INTERVAL (30000)
48 #define IEEE80211_IBSS_INACTIVITY_LIMIT (60000)
50 #define IEEE80211_IBSS_MAX_STA_ENTRIES 128
53 #define IEEE80211_FC(type, stype) host_to_le16((type << 2) | (stype << 4))
56 struct ieee80211_sta_bss {
57 struct ieee80211_sta_bss *next;
58 struct ieee80211_sta_bss *hnext;
61 u8 ssid[MAX_SSID_LEN];
63 u16 capability; /* host byte order */
78 #define IEEE80211_MAX_SUPP_RATES 32
79 u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
80 size_t supp_rates_len;
85 struct os_time last_update;
89 static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s,
91 const u8 *ssid, size_t ssid_len);
92 static struct ieee80211_sta_bss *
93 ieee80211_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid);
94 static int ieee80211_sta_find_ibss(struct wpa_supplicant *wpa_s);
95 static int ieee80211_sta_wep_configured(struct wpa_supplicant *wpa_s);
96 static void ieee80211_sta_timer(void *eloop_ctx, void *timeout_ctx);
97 static void ieee80211_sta_scan_timer(void *eloop_ctx, void *timeout_ctx);
98 static void ieee80211_build_tspec(struct wpabuf *buf);
101 static int ieee80211_sta_set_channel(struct wpa_supplicant *wpa_s,
102 hostapd_hw_mode phymode, int chan,
106 struct hostapd_hw_modes *mode;
108 for (i = 0; i < wpa_s->mlme.num_modes; i++) {
109 mode = &wpa_s->mlme.modes[i];
110 if (mode->mode == phymode) {
111 wpa_s->mlme.curr_rates = mode->rates;
112 wpa_s->mlme.num_curr_rates = mode->num_rates;
117 return wpa_drv_set_channel(wpa_s, phymode, chan, freq);
121 static int ecw2cw(int ecw)
132 static void ieee80211_sta_wmm_params(struct wpa_supplicant *wpa_s,
133 u8 *wmm_param, size_t wmm_param_len)
140 if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
142 count = wmm_param[6] & 0x0f;
143 if (count == wpa_s->mlme.wmm_last_param_set)
145 wpa_s->mlme.wmm_last_param_set = count;
148 left = wmm_param_len - 8;
151 for (; left >= 4; left -= 4, pos += 4) {
152 int aci = (pos[0] >> 5) & 0x03;
153 int acm = (pos[0] >> 4) & 0x01;
154 int aifs, cw_max, cw_min, burst_time;
159 wmm_acm |= BIT(1) | BIT(2); /* BK/- */
163 wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
167 wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
172 wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
176 aifs = pos[0] & 0x0f;
177 cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
178 cw_min = ecw2cw(pos[1] & 0x0f);
179 /* TXOP is in units of 32 usec; burst_time in 0.1 ms */
180 burst_time = (pos[2] | (pos[3] << 8)) * 32 / 100;
181 wpa_printf(MSG_DEBUG, "MLME: WMM aci=%d acm=%d aifs=%d "
182 "cWmin=%d cWmax=%d burst=%d",
183 aci, acm, aifs, cw_min, cw_max, burst_time);
184 /* TODO: driver configuration */
189 static void ieee80211_set_associated(struct wpa_supplicant *wpa_s, int assoc)
191 if (wpa_s->mlme.associated == assoc && !assoc)
194 wpa_s->mlme.associated = assoc;
197 union wpa_event_data data;
198 os_memset(&data, 0, sizeof(data));
199 wpa_s->mlme.prev_bssid_set = 1;
200 os_memcpy(wpa_s->mlme.prev_bssid, wpa_s->bssid, ETH_ALEN);
201 data.assoc_info.req_ies = wpa_s->mlme.assocreq_ies;
202 data.assoc_info.req_ies_len = wpa_s->mlme.assocreq_ies_len;
203 data.assoc_info.resp_ies = wpa_s->mlme.assocresp_ies;
204 data.assoc_info.resp_ies_len = wpa_s->mlme.assocresp_ies_len;
205 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
207 wpa_supplicant_event(wpa_s, EVENT_DISASSOC, NULL);
209 os_get_time(&wpa_s->mlme.last_probe);
213 static int ieee80211_sta_tx(struct wpa_supplicant *wpa_s, const u8 *buf,
216 return wpa_drv_send_mlme(wpa_s, buf, len);
220 static void ieee80211_send_auth(struct wpa_supplicant *wpa_s,
221 int transaction, u8 *extra, size_t extra_len,
226 struct ieee80211_mgmt *mgmt;
228 buf = os_malloc(sizeof(*mgmt) + 6 + extra_len);
230 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
235 mgmt = (struct ieee80211_mgmt *) buf;
237 os_memset(mgmt, 0, 24 + 6);
238 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
241 mgmt->frame_control |= host_to_le16(WLAN_FC_ISWEP);
242 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
243 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
244 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
245 mgmt->u.auth.auth_alg = host_to_le16(wpa_s->mlme.auth_alg);
246 mgmt->u.auth.auth_transaction = host_to_le16(transaction);
247 wpa_s->mlme.auth_transaction = transaction + 1;
248 mgmt->u.auth.status_code = host_to_le16(0);
250 os_memcpy(buf + len, extra, extra_len);
254 ieee80211_sta_tx(wpa_s, buf, len);
259 static void ieee80211_reschedule_timer(struct wpa_supplicant *wpa_s, int ms)
261 eloop_cancel_timeout(ieee80211_sta_timer, wpa_s, NULL);
262 eloop_register_timeout(ms / 1000, 1000 * (ms % 1000),
263 ieee80211_sta_timer, wpa_s, NULL);
267 static void ieee80211_authenticate(struct wpa_supplicant *wpa_s)
272 wpa_s->mlme.auth_tries++;
273 if (wpa_s->mlme.auth_tries > IEEE80211_AUTH_MAX_TRIES) {
274 wpa_printf(MSG_DEBUG, "MLME: authentication with AP " MACSTR
275 " timed out", MAC2STR(wpa_s->bssid));
279 wpa_s->mlme.state = IEEE80211_AUTHENTICATE;
280 wpa_printf(MSG_DEBUG, "MLME: authenticate with AP " MACSTR,
281 MAC2STR(wpa_s->bssid));
286 #ifdef CONFIG_IEEE80211R
287 if ((wpa_s->mlme.key_mgmt == KEY_MGMT_FT_802_1X ||
288 wpa_s->mlme.key_mgmt == KEY_MGMT_FT_PSK) &&
289 wpa_s->mlme.ft_ies) {
290 struct ieee80211_sta_bss *bss;
291 struct rsn_mdie *mdie = NULL;
292 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
293 if (bss && bss->mdie_len >= 2 + sizeof(*mdie))
294 mdie = (struct rsn_mdie *) (bss->mdie + 2);
296 os_memcmp(mdie->mobility_domain, wpa_s->mlme.current_md,
297 MOBILITY_DOMAIN_ID_LEN) == 0) {
298 wpa_printf(MSG_DEBUG, "MLME: Trying to use FT "
300 wpa_s->mlme.auth_alg = WLAN_AUTH_FT;
301 extra = wpa_s->mlme.ft_ies;
302 extra_len = wpa_s->mlme.ft_ies_len;
305 #endif /* CONFIG_IEEE80211R */
307 ieee80211_send_auth(wpa_s, 1, extra, extra_len, 0);
309 ieee80211_reschedule_timer(wpa_s, IEEE80211_AUTH_TIMEOUT);
313 static void ieee80211_send_assoc(struct wpa_supplicant *wpa_s)
315 struct ieee80211_mgmt *mgmt;
319 struct ieee80211_sta_bss *bss;
323 if (wpa_s->mlme.curr_rates == NULL) {
324 wpa_printf(MSG_DEBUG, "MLME: curr_rates not set for assoc");
328 buflen = sizeof(*mgmt) + 200 + wpa_s->mlme.extra_ie_len +
329 wpa_s->mlme.ssid_len;
330 #ifdef CONFIG_IEEE80211R
331 if (wpa_s->mlme.ft_ies)
332 buflen += wpa_s->mlme.ft_ies_len;
333 #endif /* CONFIG_IEEE80211R */
334 buf = os_malloc(buflen);
336 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
342 capab = wpa_s->mlme.capab;
343 if (wpa_s->mlme.phymode == HOSTAPD_MODE_IEEE80211G) {
344 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME |
345 WLAN_CAPABILITY_SHORT_PREAMBLE;
347 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
349 if (bss->capability & WLAN_CAPABILITY_PRIVACY)
350 capab |= WLAN_CAPABILITY_PRIVACY;
356 mgmt = (struct ieee80211_mgmt *) buf;
358 os_memset(mgmt, 0, 24);
359 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
360 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
361 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
363 if (wpa_s->mlme.prev_bssid_set) {
365 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
366 WLAN_FC_STYPE_REASSOC_REQ);
367 mgmt->u.reassoc_req.capab_info = host_to_le16(capab);
368 mgmt->u.reassoc_req.listen_interval = host_to_le16(1);
369 os_memcpy(mgmt->u.reassoc_req.current_ap,
370 wpa_s->mlme.prev_bssid,
374 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
375 WLAN_FC_STYPE_ASSOC_REQ);
376 mgmt->u.assoc_req.capab_info = host_to_le16(capab);
377 mgmt->u.assoc_req.listen_interval = host_to_le16(1);
381 ies = pos = buf + blen;
382 blen += 2 + wpa_s->mlme.ssid_len;
383 *pos++ = WLAN_EID_SSID;
384 *pos++ = wpa_s->mlme.ssid_len;
385 os_memcpy(pos, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
387 len = wpa_s->mlme.num_curr_rates;
392 *pos++ = WLAN_EID_SUPP_RATES;
394 for (i = 0; i < len; i++)
395 *pos++ = (u8) (wpa_s->mlme.curr_rates[i] / 5);
397 if (wpa_s->mlme.num_curr_rates > len) {
399 blen += wpa_s->mlme.num_curr_rates - len + 2;
400 *pos++ = WLAN_EID_EXT_SUPP_RATES;
401 *pos++ = wpa_s->mlme.num_curr_rates - len;
402 for (i = len; i < wpa_s->mlme.num_curr_rates; i++)
403 *pos++ = (u8) (wpa_s->mlme.curr_rates[i] / 5);
406 if (wpa_s->mlme.extra_ie && wpa_s->mlme.auth_alg != WLAN_AUTH_FT) {
408 blen += wpa_s->mlme.extra_ie_len;
409 os_memcpy(pos, wpa_s->mlme.extra_ie, wpa_s->mlme.extra_ie_len);
412 #ifdef CONFIG_IEEE80211R
413 if ((wpa_s->mlme.key_mgmt == KEY_MGMT_FT_802_1X ||
414 wpa_s->mlme.key_mgmt == KEY_MGMT_FT_PSK) &&
415 wpa_s->mlme.auth_alg != WLAN_AUTH_FT &&
417 bss->mdie_len >= 2 + sizeof(struct rsn_mdie) &&
418 bss->mdie[1] >= sizeof(struct rsn_mdie)) {
420 blen += 2 + sizeof(struct rsn_mdie);
421 *pos++ = WLAN_EID_MOBILITY_DOMAIN;
422 *pos++ = sizeof(struct rsn_mdie);
423 os_memcpy(pos, bss->mdie + 2, MOBILITY_DOMAIN_ID_LEN);
424 pos += MOBILITY_DOMAIN_ID_LEN;
425 *pos++ = 0; /* FIX: copy from the target AP's MDIE */
428 if ((wpa_s->mlme.key_mgmt == KEY_MGMT_FT_802_1X ||
429 wpa_s->mlme.key_mgmt == KEY_MGMT_FT_PSK) &&
430 wpa_s->mlme.auth_alg == WLAN_AUTH_FT && wpa_s->mlme.ft_ies) {
432 os_memcpy(pos, wpa_s->mlme.ft_ies, wpa_s->mlme.ft_ies_len);
433 pos += wpa_s->mlme.ft_ies_len;
434 blen += wpa_s->mlme.ft_ies_len;
436 #endif /* CONFIG_IEEE80211R */
438 if (wmm && wpa_s->mlme.wmm_enabled) {
441 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
442 *pos++ = 7; /* len */
443 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
446 *pos++ = 2; /* WMM */
447 *pos++ = 0; /* WMM info */
448 *pos++ = 1; /* WMM ver */
452 os_free(wpa_s->mlme.assocreq_ies);
453 wpa_s->mlme.assocreq_ies_len = (buf + blen) - ies;
454 wpa_s->mlme.assocreq_ies = os_malloc(wpa_s->mlme.assocreq_ies_len);
455 if (wpa_s->mlme.assocreq_ies) {
456 os_memcpy(wpa_s->mlme.assocreq_ies, ies,
457 wpa_s->mlme.assocreq_ies_len);
460 ieee80211_sta_tx(wpa_s, buf, blen);
465 static void ieee80211_send_deauth(struct wpa_supplicant *wpa_s, u16 reason)
469 struct ieee80211_mgmt *mgmt;
471 buf = os_zalloc(sizeof(*mgmt));
473 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
478 mgmt = (struct ieee80211_mgmt *) buf;
480 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
481 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
482 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
483 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
484 WLAN_FC_STYPE_DEAUTH);
486 mgmt->u.deauth.reason_code = host_to_le16(reason);
488 ieee80211_sta_tx(wpa_s, buf, len);
493 static void ieee80211_send_disassoc(struct wpa_supplicant *wpa_s, u16 reason)
497 struct ieee80211_mgmt *mgmt;
499 buf = os_zalloc(sizeof(*mgmt));
501 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
506 mgmt = (struct ieee80211_mgmt *) buf;
508 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
509 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
510 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
511 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
512 WLAN_FC_STYPE_DISASSOC);
514 mgmt->u.disassoc.reason_code = host_to_le16(reason);
516 ieee80211_sta_tx(wpa_s, buf, len);
521 static int ieee80211_privacy_mismatch(struct wpa_supplicant *wpa_s)
523 struct ieee80211_sta_bss *bss;
526 if (wpa_s->mlme.mixed_cell ||
527 wpa_s->mlme.key_mgmt != KEY_MGMT_NONE)
530 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
534 if (ieee80211_sta_wep_configured(wpa_s) !=
535 !!(bss->capability & WLAN_CAPABILITY_PRIVACY))
542 static void ieee80211_associate(struct wpa_supplicant *wpa_s)
544 wpa_s->mlme.assoc_tries++;
545 if (wpa_s->mlme.assoc_tries > IEEE80211_ASSOC_MAX_TRIES) {
546 wpa_printf(MSG_DEBUG, "MLME: association with AP " MACSTR
547 " timed out", MAC2STR(wpa_s->bssid));
551 wpa_s->mlme.state = IEEE80211_ASSOCIATE;
552 wpa_printf(MSG_DEBUG, "MLME: associate with AP " MACSTR,
553 MAC2STR(wpa_s->bssid));
554 if (ieee80211_privacy_mismatch(wpa_s)) {
555 wpa_printf(MSG_DEBUG, "MLME: mismatch in privacy "
556 "configuration and mixed-cell disabled - abort "
561 ieee80211_send_assoc(wpa_s);
563 ieee80211_reschedule_timer(wpa_s, IEEE80211_ASSOC_TIMEOUT);
567 static void ieee80211_associated(struct wpa_supplicant *wpa_s)
571 /* TODO: start monitoring current AP signal quality and number of
572 * missed beacons. Scan other channels every now and then and search
574 /* TODO: remove expired BSSes */
576 wpa_s->mlme.state = IEEE80211_ASSOCIATED;
579 sta = sta_info_get(local, wpa_s->bssid);
581 wpa_printf(MSG_DEBUG "MLME: No STA entry for own AP " MACSTR,
582 MAC2STR(wpa_s->bssid));
586 if (time_after(jiffies,
587 sta->last_rx + IEEE80211_MONITORING_INTERVAL)) {
588 if (wpa_s->mlme.probereq_poll) {
589 wpa_printf(MSG_DEBUG "MLME: No ProbeResp from "
590 "current AP " MACSTR " - assume "
592 MAC2STR(wpa_s->bssid));
595 ieee80211_send_probe_req(
597 wpa_s->mlme.scan_ssid,
598 wpa_s->mlme.scan_ssid_len);
599 wpa_s->mlme.probereq_poll = 1;
602 wpa_s->mlme.probereq_poll = 0;
603 if (time_after(jiffies, wpa_s->mlme.last_probe +
604 IEEE80211_PROBE_INTERVAL)) {
605 wpa_s->mlme.last_probe = jiffies;
606 ieee80211_send_probe_req(wpa_s->bssid,
608 wpa_s->mlme.ssid_len);
611 sta_info_release(local, sta);
617 wpa_supplicant_event(wpa_s, EVENT_DISASSOC, NULL);
618 ieee80211_reschedule_timer(wpa_s,
619 IEEE80211_MONITORING_INTERVAL +
622 ieee80211_reschedule_timer(wpa_s,
623 IEEE80211_MONITORING_INTERVAL);
628 static void ieee80211_send_probe_req(struct wpa_supplicant *wpa_s,
630 const u8 *ssid, size_t ssid_len)
634 struct ieee80211_mgmt *mgmt;
635 u8 *pos, *supp_rates;
636 u8 *esupp_rates = NULL;
639 buf = os_malloc(sizeof(*mgmt) + 200 + wpa_s->mlme.extra_probe_ie_len);
641 wpa_printf(MSG_DEBUG, "MLME: failed to allocate buffer for "
646 mgmt = (struct ieee80211_mgmt *) buf;
648 os_memset(mgmt, 0, 24);
649 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
650 WLAN_FC_STYPE_PROBE_REQ);
651 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
653 os_memcpy(mgmt->da, dst, ETH_ALEN);
654 os_memcpy(mgmt->bssid, dst, ETH_ALEN);
656 os_memset(mgmt->da, 0xff, ETH_ALEN);
657 os_memset(mgmt->bssid, 0xff, ETH_ALEN);
661 *pos++ = WLAN_EID_SSID;
663 os_memcpy(pos, ssid, ssid_len);
665 supp_rates = buf + len;
667 supp_rates[0] = WLAN_EID_SUPP_RATES;
669 for (i = 0; i < wpa_s->mlme.num_curr_rates; i++) {
674 } else if (supp_rates[1] == 8) {
676 esupp_rates[0] = WLAN_EID_EXT_SUPP_RATES;
678 pos = &esupp_rates[2];
685 *pos++ = wpa_s->mlme.curr_rates[i] / 5;
688 if (wpa_s->mlme.extra_probe_ie) {
689 os_memcpy(pos, wpa_s->mlme.extra_probe_ie,
690 wpa_s->mlme.extra_probe_ie_len);
691 len += wpa_s->mlme.extra_probe_ie_len;
694 ieee80211_sta_tx(wpa_s, buf, len);
699 static int ieee80211_sta_wep_configured(struct wpa_supplicant *wpa_s)
702 if (sdata == NULL || sdata->default_key == NULL ||
703 sdata->default_key->alg != ALG_WEP)
712 static void ieee80211_auth_completed(struct wpa_supplicant *wpa_s)
714 wpa_printf(MSG_DEBUG, "MLME: authenticated");
715 wpa_s->mlme.authenticated = 1;
716 ieee80211_associate(wpa_s);
720 static void ieee80211_auth_challenge(struct wpa_supplicant *wpa_s,
721 struct ieee80211_mgmt *mgmt,
723 struct ieee80211_rx_status *rx_status)
726 struct ieee802_11_elems elems;
728 wpa_printf(MSG_DEBUG, "MLME: replying to auth challenge");
729 pos = mgmt->u.auth.variable;
730 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems, 0)
732 wpa_printf(MSG_DEBUG, "MLME: failed to parse Auth(challenge)");
735 if (elems.challenge == NULL) {
736 wpa_printf(MSG_DEBUG, "MLME: no challenge IE in shared key "
740 ieee80211_send_auth(wpa_s, 3, elems.challenge - 2,
741 elems.challenge_len + 2, 1);
745 static void ieee80211_rx_mgmt_auth(struct wpa_supplicant *wpa_s,
746 struct ieee80211_mgmt *mgmt,
748 struct ieee80211_rx_status *rx_status)
750 struct wpa_ssid *ssid = wpa_s->current_ssid;
751 u16 auth_alg, auth_transaction, status_code;
754 adhoc = ssid && ssid->mode == 1;
756 if (wpa_s->mlme.state != IEEE80211_AUTHENTICATE && !adhoc) {
757 wpa_printf(MSG_DEBUG, "MLME: authentication frame received "
758 "from " MACSTR ", but not in authenticate state - "
759 "ignored", MAC2STR(mgmt->sa));
764 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) authentication "
765 "frame received from " MACSTR " - ignored",
766 (unsigned long) len, MAC2STR(mgmt->sa));
770 if (!adhoc && os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
771 wpa_printf(MSG_DEBUG, "MLME: authentication frame received "
772 "from unknown AP (SA=" MACSTR " BSSID=" MACSTR
774 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
778 if (adhoc && os_memcmp(wpa_s->bssid, mgmt->bssid, ETH_ALEN) != 0) {
779 wpa_printf(MSG_DEBUG, "MLME: authentication frame received "
780 "from unknown BSSID (SA=" MACSTR " BSSID=" MACSTR
782 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
786 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
787 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
788 status_code = le_to_host16(mgmt->u.auth.status_code);
790 wpa_printf(MSG_DEBUG, "MLME: RX authentication from " MACSTR
791 " (alg=%d transaction=%d status=%d)",
792 MAC2STR(mgmt->sa), auth_alg, auth_transaction, status_code);
795 /* IEEE 802.11 standard does not require authentication in IBSS
796 * networks and most implementations do not seem to use it.
797 * However, try to reply to authentication attempts if someone
798 * has actually implemented this.
799 * TODO: Could implement shared key authentication. */
800 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) {
801 wpa_printf(MSG_DEBUG, "MLME: unexpected IBSS "
802 "authentication frame (alg=%d "
804 auth_alg, auth_transaction);
807 ieee80211_send_auth(wpa_s, 2, NULL, 0, 0);
810 if (auth_alg != wpa_s->mlme.auth_alg ||
811 auth_transaction != wpa_s->mlme.auth_transaction) {
812 wpa_printf(MSG_DEBUG, "MLME: unexpected authentication frame "
813 "(alg=%d transaction=%d)",
814 auth_alg, auth_transaction);
818 if (status_code != WLAN_STATUS_SUCCESS) {
819 wpa_printf(MSG_DEBUG, "MLME: AP denied authentication "
820 "(auth_alg=%d code=%d)", wpa_s->mlme.auth_alg,
822 if (status_code == WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG) {
823 const int num_algs = 3;
826 algs[0] = algs[1] = algs[2] = 0xff;
827 if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_OPEN)
828 algs[0] = WLAN_AUTH_OPEN;
829 if (wpa_s->mlme.auth_algs &
830 IEEE80211_AUTH_ALG_SHARED_KEY)
831 algs[1] = WLAN_AUTH_SHARED_KEY;
832 if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_LEAP)
833 algs[2] = WLAN_AUTH_LEAP;
834 if (wpa_s->mlme.auth_alg == WLAN_AUTH_OPEN)
836 else if (wpa_s->mlme.auth_alg == WLAN_AUTH_SHARED_KEY)
840 for (i = 0; i < num_algs; i++) {
844 if (algs[pos] == wpa_s->mlme.auth_alg ||
847 if (algs[pos] == WLAN_AUTH_SHARED_KEY &&
848 !ieee80211_sta_wep_configured(wpa_s))
850 wpa_s->mlme.auth_alg = algs[pos];
851 wpa_printf(MSG_DEBUG, "MLME: set auth_alg=%d "
853 wpa_s->mlme.auth_alg);
860 switch (wpa_s->mlme.auth_alg) {
863 ieee80211_auth_completed(wpa_s);
865 case WLAN_AUTH_SHARED_KEY:
866 if (wpa_s->mlme.auth_transaction == 4)
867 ieee80211_auth_completed(wpa_s);
869 ieee80211_auth_challenge(wpa_s, mgmt, len,
872 #ifdef CONFIG_IEEE80211R
875 union wpa_event_data data;
876 struct wpabuf *ric = NULL;
877 os_memset(&data, 0, sizeof(data));
878 data.ft_ies.ies = mgmt->u.auth.variable;
879 data.ft_ies.ies_len = len -
880 (mgmt->u.auth.variable - (u8 *) mgmt);
881 os_memcpy(data.ft_ies.target_ap, wpa_s->bssid, ETH_ALEN);
882 if (os_strcmp(wpa_s->driver->name, "test") == 0 &&
883 wpa_s->mlme.wmm_enabled) {
884 ric = wpabuf_alloc(200);
886 /* Build simple RIC-Request: RDIE | TSPEC */
888 /* RIC Data (RDIE) */
889 wpabuf_put_u8(ric, WLAN_EID_RIC_DATA);
890 wpabuf_put_u8(ric, 4);
891 wpabuf_put_u8(ric, 0); /* RDIE Identifier */
892 wpabuf_put_u8(ric, 1); /* Resource Descriptor
894 wpabuf_put_le16(ric, 0); /* Status Code */
897 ieee80211_build_tspec(ric);
899 data.ft_ies.ric_ies = wpabuf_head(ric);
900 data.ft_ies.ric_ies_len = wpabuf_len(ric);
904 wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &data);
906 ieee80211_auth_completed(wpa_s);
909 #endif /* CONFIG_IEEE80211R */
914 static void ieee80211_rx_mgmt_deauth(struct wpa_supplicant *wpa_s,
915 struct ieee80211_mgmt *mgmt,
917 struct ieee80211_rx_status *rx_status)
922 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) deauthentication "
923 "frame received from " MACSTR " - ignored",
924 (unsigned long) len, MAC2STR(mgmt->sa));
928 if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
929 wpa_printf(MSG_DEBUG, "MLME: deauthentication frame received "
930 "from unknown AP (SA=" MACSTR " BSSID=" MACSTR
932 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
936 reason_code = le_to_host16(mgmt->u.deauth.reason_code);
938 wpa_printf(MSG_DEBUG, "MLME: RX deauthentication from " MACSTR
939 " (reason=%d)", MAC2STR(mgmt->sa), reason_code);
941 if (wpa_s->mlme.authenticated)
942 wpa_printf(MSG_DEBUG, "MLME: deauthenticated");
944 if (wpa_s->mlme.state == IEEE80211_AUTHENTICATE ||
945 wpa_s->mlme.state == IEEE80211_ASSOCIATE ||
946 wpa_s->mlme.state == IEEE80211_ASSOCIATED) {
947 wpa_s->mlme.state = IEEE80211_AUTHENTICATE;
948 ieee80211_reschedule_timer(wpa_s,
949 IEEE80211_RETRY_AUTH_INTERVAL);
952 ieee80211_set_associated(wpa_s, 0);
953 wpa_s->mlme.authenticated = 0;
957 static void ieee80211_rx_mgmt_disassoc(struct wpa_supplicant *wpa_s,
958 struct ieee80211_mgmt *mgmt,
960 struct ieee80211_rx_status *rx_status)
965 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) disassociation "
966 "frame received from " MACSTR " - ignored",
967 (unsigned long) len, MAC2STR(mgmt->sa));
971 if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
972 wpa_printf(MSG_DEBUG, "MLME: disassociation frame received "
973 "from unknown AP (SA=" MACSTR " BSSID=" MACSTR
975 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
979 reason_code = le_to_host16(mgmt->u.disassoc.reason_code);
981 wpa_printf(MSG_DEBUG, "MLME: RX disassociation from " MACSTR
982 " (reason=%d)", MAC2STR(mgmt->sa), reason_code);
984 if (wpa_s->mlme.associated)
985 wpa_printf(MSG_DEBUG, "MLME: disassociated");
987 if (wpa_s->mlme.state == IEEE80211_ASSOCIATED) {
988 wpa_s->mlme.state = IEEE80211_ASSOCIATE;
989 ieee80211_reschedule_timer(wpa_s,
990 IEEE80211_RETRY_AUTH_INTERVAL);
993 ieee80211_set_associated(wpa_s, 0);
997 static int ieee80211_ft_assoc_resp(struct wpa_supplicant *wpa_s,
998 struct ieee802_11_elems *elems)
1000 #ifdef CONFIG_IEEE80211R
1001 const u8 *mobility_domain = NULL;
1002 const u8 *r0kh_id = NULL;
1003 size_t r0kh_id_len = 0;
1004 const u8 *r1kh_id = NULL;
1005 struct rsn_ftie *hdr;
1006 const u8 *pos, *end;
1008 if (elems->mdie && elems->mdie_len >= MOBILITY_DOMAIN_ID_LEN)
1009 mobility_domain = elems->mdie;
1010 if (elems->ftie && elems->ftie_len >= sizeof(struct rsn_ftie)) {
1011 end = elems->ftie + elems->ftie_len;
1012 hdr = (struct rsn_ftie *) elems->ftie;
1013 pos = (const u8 *) (hdr + 1);
1014 while (pos + 1 < end) {
1015 if (pos + 2 + pos[1] > end)
1017 if (pos[0] == FTIE_SUBELEM_R1KH_ID &&
1018 pos[1] == FT_R1KH_ID_LEN)
1020 else if (pos[0] == FTIE_SUBELEM_R0KH_ID &&
1021 pos[1] >= 1 && pos[1] <= FT_R0KH_ID_MAX_LEN) {
1023 r0kh_id_len = pos[1];
1028 return wpa_sm_set_ft_params(wpa_s->wpa, mobility_domain, r0kh_id,
1029 r0kh_id_len, r1kh_id);
1030 #else /* CONFIG_IEEE80211R */
1032 #endif /* CONFIG_IEEE80211R */
1036 static void ieee80211_build_tspec(struct wpabuf *buf)
1038 struct wmm_tspec_element *tspec;
1041 tspec = wpabuf_put(buf, sizeof(*tspec));
1042 tspec->eid = WLAN_EID_VENDOR_SPECIFIC;
1043 tspec->length = sizeof(*tspec) - 2;
1044 tspec->oui[0] = 0x00;
1045 tspec->oui[1] = 0x50;
1046 tspec->oui[2] = 0xf2;
1047 tspec->oui_type = 2;
1048 tspec->oui_subtype = 2;
1053 tspec->ts_info[0] = (tid << 1) |
1054 (WMM_TSPEC_DIRECTION_BI_DIRECTIONAL << 5) |
1056 tspec->ts_info[1] = up << 3;
1057 tspec->nominal_msdu_size = host_to_le16(1530);
1058 tspec->mean_data_rate = host_to_le32(128000); /* bits per second */
1059 tspec->minimum_phy_rate = host_to_le32(6000000);
1060 tspec->surplus_bandwidth_allowance = host_to_le16(0x3000); /* 150% */
1064 static void ieee80211_tx_addts(struct wpa_supplicant *wpa_s)
1067 struct ieee80211_mgmt *mgmt;
1070 wpa_printf(MSG_DEBUG, "MLME: Send ADDTS Request for Voice TSPEC");
1072 alen = mgmt->u.action.u.wmm_action.variable - (u8 *) mgmt;
1074 buf = wpabuf_alloc(alen + sizeof(struct wmm_tspec_element));
1078 mgmt = wpabuf_put(buf, alen);
1079 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
1080 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
1081 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
1082 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
1083 WLAN_FC_STYPE_ACTION);
1084 mgmt->u.action.category = WLAN_ACTION_WMM;
1085 mgmt->u.action.u.wmm_action.action_code = WMM_ACTION_CODE_ADDTS_REQ;
1086 mgmt->u.action.u.wmm_action.dialog_token = 1;
1087 mgmt->u.action.u.wmm_action.status_code = 0;
1089 ieee80211_build_tspec(buf);
1091 ieee80211_sta_tx(wpa_s, wpabuf_head(buf), wpabuf_len(buf));
1096 static void ieee80211_rx_mgmt_assoc_resp(struct wpa_supplicant *wpa_s,
1097 struct ieee80211_mgmt *mgmt,
1099 struct ieee80211_rx_status *rx_status,
1104 u16 capab_info, status_code, aid;
1105 struct ieee802_11_elems elems;
1108 /* AssocResp and ReassocResp have identical structure, so process both
1109 * of them in this function. */
1111 if (wpa_s->mlme.state != IEEE80211_ASSOCIATE) {
1112 wpa_printf(MSG_DEBUG, "MLME: association frame received from "
1113 MACSTR ", but not in associate state - ignored",
1119 wpa_printf(MSG_DEBUG, "MLME: too short (%lu) association "
1120 "frame received from " MACSTR " - ignored",
1121 (unsigned long) len, MAC2STR(mgmt->sa));
1125 if (os_memcmp(wpa_s->bssid, mgmt->sa, ETH_ALEN) != 0) {
1126 wpa_printf(MSG_DEBUG, "MLME: association frame received from "
1127 "unknown AP (SA=" MACSTR " BSSID=" MACSTR ") - "
1128 "ignored", MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid));
1132 capab_info = le_to_host16(mgmt->u.assoc_resp.capab_info);
1133 status_code = le_to_host16(mgmt->u.assoc_resp.status_code);
1134 aid = le_to_host16(mgmt->u.assoc_resp.aid);
1135 if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
1136 wpa_printf(MSG_DEBUG, "MLME: invalid aid value %d; bits 15:14 "
1138 aid &= ~(BIT(15) | BIT(14));
1140 wpa_printf(MSG_DEBUG, "MLME: RX %sssocResp from " MACSTR
1141 " (capab=0x%x status=%d aid=%d)",
1142 reassoc ? "Rea" : "A", MAC2STR(mgmt->sa),
1143 capab_info, status_code, aid);
1145 pos = mgmt->u.assoc_resp.variable;
1146 if (ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems, 0)
1148 wpa_printf(MSG_DEBUG, "MLME: failed to parse AssocResp");
1152 if (status_code != WLAN_STATUS_SUCCESS) {
1153 wpa_printf(MSG_DEBUG, "MLME: AP denied association (code=%d)",
1155 #ifdef CONFIG_IEEE80211W
1156 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
1157 elems.timeout_int && elems.timeout_int_len == 5 &&
1158 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
1160 tu = WPA_GET_LE32(elems.timeout_int + 1);
1161 ms = tu * 1024 / 1000;
1162 wpa_printf(MSG_DEBUG, "MLME: AP rejected association "
1163 "temporarily; comeback duration %u TU "
1165 if (ms > IEEE80211_ASSOC_TIMEOUT) {
1166 wpa_printf(MSG_DEBUG, "MLME: Update timer "
1167 "based on comeback duration");
1168 ieee80211_reschedule_timer(wpa_s, ms);
1171 #endif /* CONFIG_IEEE80211W */
1175 if (elems.supp_rates == NULL) {
1176 wpa_printf(MSG_DEBUG, "MLME: no SuppRates element in "
1181 if (wpa_s->mlme.auth_alg == WLAN_AUTH_FT) {
1183 wpa_printf(MSG_DEBUG, "MLME: AP tried to use "
1184 "association, not reassociation, response "
1188 if (wpa_ft_validate_reassoc_resp(
1189 wpa_s->wpa, pos, len - (pos - (u8 *) mgmt),
1191 wpa_printf(MSG_DEBUG, "MLME: FT validation of Reassoc"
1195 } else if (ieee80211_ft_assoc_resp(wpa_s, &elems) < 0)
1198 wpa_printf(MSG_DEBUG, "MLME: associated");
1199 wpa_s->mlme.aid = aid;
1200 wpa_s->mlme.ap_capab = capab_info;
1202 os_free(wpa_s->mlme.assocresp_ies);
1203 wpa_s->mlme.assocresp_ies_len = len - (pos - (u8 *) mgmt);
1204 wpa_s->mlme.assocresp_ies = os_malloc(wpa_s->mlme.assocresp_ies_len);
1205 if (wpa_s->mlme.assocresp_ies) {
1206 os_memcpy(wpa_s->mlme.assocresp_ies, pos,
1207 wpa_s->mlme.assocresp_ies_len);
1210 ieee80211_set_associated(wpa_s, 1);
1212 rates_len = elems.supp_rates_len;
1213 if (rates_len > sizeof(rates))
1214 rates_len = sizeof(rates);
1215 os_memcpy(rates, elems.supp_rates, rates_len);
1216 if (elems.ext_supp_rates) {
1217 size_t _len = elems.ext_supp_rates_len;
1218 if (_len > sizeof(rates) - rates_len)
1219 _len = sizeof(rates) - rates_len;
1220 os_memcpy(rates + rates_len, elems.ext_supp_rates, _len);
1224 if (wpa_drv_set_bssid(wpa_s, wpa_s->bssid) < 0) {
1225 wpa_printf(MSG_DEBUG, "MLME: failed to set BSSID for the "
1228 if (wpa_drv_set_ssid(wpa_s, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len) <
1230 wpa_printf(MSG_DEBUG, "MLME: failed to set SSID for the "
1234 /* Remove STA entry before adding a new one just in case to avoid
1235 * problems with existing configuration (e.g., keys). */
1236 wpa_drv_mlme_remove_sta(wpa_s, wpa_s->bssid);
1237 if (wpa_drv_mlme_add_sta(wpa_s, wpa_s->bssid, rates, rates_len) < 0) {
1238 wpa_printf(MSG_DEBUG, "MLME: failed to add STA entry to the "
1242 if (elems.wmm && wpa_s->mlme.wmm_enabled)
1243 ieee80211_sta_wmm_params(wpa_s, elems.wmm, elems.wmm_len);
1245 ieee80211_associated(wpa_s);
1247 if (wpa_s->mlme.auth_alg != WLAN_AUTH_FT &&
1248 os_strcmp(wpa_s->driver->name, "test") == 0 &&
1249 elems.wmm && wpa_s->mlme.wmm_enabled) {
1250 /* Test WMM-AC - send ADDTS for WMM TSPEC */
1251 ieee80211_tx_addts(wpa_s);
1256 /* Caller must hold local->sta_bss_lock */
1257 static void __ieee80211_bss_hash_add(struct wpa_supplicant *wpa_s,
1258 struct ieee80211_sta_bss *bss)
1260 bss->hnext = wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)];
1261 wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)] = bss;
1265 /* Caller must hold local->sta_bss_lock */
1266 static void __ieee80211_bss_hash_del(struct wpa_supplicant *wpa_s,
1267 struct ieee80211_sta_bss *bss)
1269 struct ieee80211_sta_bss *b, *prev = NULL;
1270 b = wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)];
1274 wpa_s->mlme.sta_bss_hash[STA_HASH(bss->bssid)]
1277 prev->hnext = bss->hnext;
1287 static struct ieee80211_sta_bss *
1288 ieee80211_bss_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
1290 struct ieee80211_sta_bss *bss;
1292 bss = os_zalloc(sizeof(*bss));
1295 os_memcpy(bss->bssid, bssid, ETH_ALEN);
1297 /* TODO: order by RSSI? */
1298 bss->next = wpa_s->mlme.sta_bss_list;
1299 wpa_s->mlme.sta_bss_list = bss;
1300 __ieee80211_bss_hash_add(wpa_s, bss);
1305 static struct ieee80211_sta_bss *
1306 ieee80211_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid)
1308 struct ieee80211_sta_bss *bss;
1310 bss = wpa_s->mlme.sta_bss_hash[STA_HASH(bssid)];
1312 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
1320 static void ieee80211_bss_free(struct wpa_supplicant *wpa_s,
1321 struct ieee80211_sta_bss *bss)
1323 __ieee80211_bss_hash_del(wpa_s, bss);
1325 os_free(bss->wpa_ie);
1326 os_free(bss->rsn_ie);
1327 os_free(bss->wmm_ie);
1333 static void ieee80211_bss_list_deinit(struct wpa_supplicant *wpa_s)
1335 struct ieee80211_sta_bss *bss, *prev;
1337 bss = wpa_s->mlme.sta_bss_list;
1338 wpa_s->mlme.sta_bss_list = NULL;
1342 ieee80211_bss_free(wpa_s, prev);
1347 static void ieee80211_bss_info(struct wpa_supplicant *wpa_s,
1348 struct ieee80211_mgmt *mgmt,
1350 struct ieee80211_rx_status *rx_status,
1353 struct ieee802_11_elems elems;
1355 int channel, invalid = 0, clen;
1356 struct ieee80211_sta_bss *bss;
1361 if (!beacon && os_memcmp(mgmt->da, wpa_s->own_addr, ETH_ALEN))
1362 return; /* ignore ProbeResp to foreign address */
1365 wpa_printf(MSG_MSGDUMP, "MLME: RX %s from " MACSTR " to " MACSTR,
1366 beacon ? "Beacon" : "Probe Response",
1367 MAC2STR(mgmt->sa), MAC2STR(mgmt->da));
1370 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1374 pos = mgmt->u.beacon.timestamp;
1375 timestamp = WPA_GET_LE64(pos);
1378 if (local->conf.mode == IW_MODE_ADHOC && beacon &&
1379 os_memcmp(mgmt->bssid, local->bssid, ETH_ALEN) == 0) {
1380 #ifdef IEEE80211_IBSS_DEBUG
1381 static unsigned long last_tsf_debug = 0;
1383 if (local->hw->get_tsf)
1384 tsf = local->hw->get_tsf(local->mdev);
1387 if (time_after(jiffies, last_tsf_debug + 5 * HZ)) {
1388 wpa_printf(MSG_DEBUG, "RX beacon SA=" MACSTR " BSSID="
1389 MACSTR " TSF=0x%llx BCN=0x%llx diff=%lld "
1391 MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid),
1392 tsf, timestamp, tsf - timestamp, jiffies);
1393 last_tsf_debug = jiffies;
1395 #endif /* IEEE80211_IBSS_DEBUG */
1399 ie_pos = mgmt->u.beacon.variable;
1400 ie_len = len - baselen;
1401 if (ieee802_11_parse_elems(ie_pos, ie_len, &elems, 0) == ParseFailed)
1405 if (local->conf.mode == IW_MODE_ADHOC && elems.supp_rates &&
1406 os_memcmp(mgmt->bssid, local->bssid, ETH_ALEN) == 0 &&
1407 (sta = sta_info_get(local, mgmt->sa))) {
1408 struct ieee80211_rate *rates;
1410 u32 supp_rates, prev_rates;
1411 int i, j, oper_mode;
1413 rates = local->curr_rates;
1414 num_rates = local->num_curr_rates;
1415 oper_mode = wpa_s->mlme.sta_scanning ?
1416 local->scan_oper_phymode : local->conf.phymode;
1417 for (i = 0; i < local->hw->num_modes; i++) {
1418 struct ieee80211_hw_modes *mode = &local->hw->modes[i];
1419 if (oper_mode == mode->mode) {
1420 rates = mode->rates;
1421 num_rates = mode->num_rates;
1427 for (i = 0; i < elems.supp_rates_len +
1428 elems.ext_supp_rates_len; i++) {
1431 if (i < elems.supp_rates_len)
1432 rate = elems.supp_rates[i];
1433 else if (elems.ext_supp_rates)
1434 rate = elems.ext_supp_rates
1435 [i - elems.supp_rates_len];
1436 own_rate = 5 * (rate & 0x7f);
1437 if (oper_mode == MODE_ATHEROS_TURBO)
1439 for (j = 0; j < num_rates; j++)
1440 if (rates[j].rate == own_rate)
1441 supp_rates |= BIT(j);
1444 prev_rates = sta->supp_rates;
1445 sta->supp_rates &= supp_rates;
1446 if (sta->supp_rates == 0) {
1447 /* No matching rates - this should not really happen.
1448 * Make sure that at least one rate is marked
1449 * supported to avoid issues with TX rate ctrl. */
1450 sta->supp_rates = wpa_s->mlme.supp_rates_bits;
1452 if (sta->supp_rates != prev_rates) {
1453 wpa_printf(MSG_DEBUG, "MLME: updated supp_rates set "
1454 "for " MACSTR " based on beacon info "
1455 "(0x%x & 0x%x -> 0x%x)",
1456 MAC2STR(sta->addr), prev_rates,
1457 supp_rates, sta->supp_rates);
1459 sta_info_release(local, sta);
1463 if (elems.ssid == NULL)
1466 if (elems.ds_params && elems.ds_params_len == 1)
1467 channel = elems.ds_params[0];
1469 channel = rx_status->channel;
1471 bss = ieee80211_bss_get(wpa_s, mgmt->bssid);
1473 bss = ieee80211_bss_add(wpa_s, mgmt->bssid);
1478 /* TODO: order by RSSI? */
1479 spin_lock_bh(&local->sta_bss_lock);
1480 list_move_tail(&bss->list, &local->sta_bss_list);
1481 spin_unlock_bh(&local->sta_bss_lock);
1485 if (bss->probe_resp && beacon) {
1486 /* Do not allow beacon to override data from Probe Response. */
1490 bss->beacon_int = le_to_host16(mgmt->u.beacon.beacon_int);
1491 bss->capability = le_to_host16(mgmt->u.beacon.capab_info);
1493 if (bss->ie == NULL || bss->ie_len < ie_len) {
1495 bss->ie = os_malloc(ie_len);
1498 os_memcpy(bss->ie, ie_pos, ie_len);
1499 bss->ie_len = ie_len;
1502 if (elems.ssid && elems.ssid_len <= MAX_SSID_LEN) {
1503 os_memcpy(bss->ssid, elems.ssid, elems.ssid_len);
1504 bss->ssid_len = elems.ssid_len;
1507 bss->supp_rates_len = 0;
1508 if (elems.supp_rates) {
1509 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1510 if (clen > elems.supp_rates_len)
1511 clen = elems.supp_rates_len;
1512 os_memcpy(&bss->supp_rates[bss->supp_rates_len],
1513 elems.supp_rates, clen);
1514 bss->supp_rates_len += clen;
1516 if (elems.ext_supp_rates) {
1517 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
1518 if (clen > elems.ext_supp_rates_len)
1519 clen = elems.ext_supp_rates_len;
1520 os_memcpy(&bss->supp_rates[bss->supp_rates_len],
1521 elems.ext_supp_rates, clen);
1522 bss->supp_rates_len += clen;
1526 (bss->wpa_ie == NULL || bss->wpa_ie_len != elems.wpa_ie_len ||
1527 os_memcmp(bss->wpa_ie, elems.wpa_ie, elems.wpa_ie_len))) {
1528 os_free(bss->wpa_ie);
1529 bss->wpa_ie = os_malloc(elems.wpa_ie_len + 2);
1531 os_memcpy(bss->wpa_ie, elems.wpa_ie - 2,
1532 elems.wpa_ie_len + 2);
1533 bss->wpa_ie_len = elems.wpa_ie_len + 2;
1535 bss->wpa_ie_len = 0;
1536 } else if (!elems.wpa_ie && bss->wpa_ie) {
1537 os_free(bss->wpa_ie);
1539 bss->wpa_ie_len = 0;
1543 (bss->rsn_ie == NULL || bss->rsn_ie_len != elems.rsn_ie_len ||
1544 os_memcmp(bss->rsn_ie, elems.rsn_ie, elems.rsn_ie_len))) {
1545 os_free(bss->rsn_ie);
1546 bss->rsn_ie = os_malloc(elems.rsn_ie_len + 2);
1548 os_memcpy(bss->rsn_ie, elems.rsn_ie - 2,
1549 elems.rsn_ie_len + 2);
1550 bss->rsn_ie_len = elems.rsn_ie_len + 2;
1552 bss->rsn_ie_len = 0;
1553 } else if (!elems.rsn_ie && bss->rsn_ie) {
1554 os_free(bss->rsn_ie);
1556 bss->rsn_ie_len = 0;
1560 (bss->wmm_ie == NULL || bss->wmm_ie_len != elems.wmm_len ||
1561 os_memcmp(bss->wmm_ie, elems.wmm, elems.wmm_len))) {
1562 os_free(bss->wmm_ie);
1563 bss->wmm_ie = os_malloc(elems.wmm_len + 2);
1565 os_memcpy(bss->wmm_ie, elems.wmm - 2,
1567 bss->wmm_ie_len = elems.wmm_len + 2;
1569 bss->wmm_ie_len = 0;
1570 } else if (!elems.wmm && bss->wmm_ie) {
1571 os_free(bss->wmm_ie);
1573 bss->wmm_ie_len = 0;
1576 #ifdef CONFIG_IEEE80211R
1578 (bss->mdie == NULL || bss->mdie_len != elems.mdie_len ||
1579 os_memcmp(bss->mdie, elems.mdie, elems.mdie_len))) {
1581 bss->mdie = os_malloc(elems.mdie_len + 2);
1583 os_memcpy(bss->mdie, elems.mdie - 2,
1584 elems.mdie_len + 2);
1585 bss->mdie_len = elems.mdie_len + 2;
1588 } else if (!elems.mdie && bss->mdie) {
1593 #endif /* CONFIG_IEEE80211R */
1595 bss->hw_mode = wpa_s->mlme.phymode;
1596 bss->channel = channel;
1597 bss->freq = wpa_s->mlme.freq;
1598 if (channel != wpa_s->mlme.channel &&
1599 (wpa_s->mlme.phymode == HOSTAPD_MODE_IEEE80211G ||
1600 wpa_s->mlme.phymode == HOSTAPD_MODE_IEEE80211B) &&
1601 channel >= 1 && channel <= 14) {
1602 static const int freq_list[] = {
1603 2412, 2417, 2422, 2427, 2432, 2437, 2442,
1604 2447, 2452, 2457, 2462, 2467, 2472, 2484
1606 /* IEEE 802.11g/b mode can receive packets from neighboring
1607 * channels, so map the channel into frequency. */
1608 bss->freq = freq_list[channel - 1];
1610 bss->timestamp = timestamp;
1611 os_get_time(&bss->last_update);
1612 bss->rssi = rx_status->ssi;
1618 static void ieee80211_rx_mgmt_probe_resp(struct wpa_supplicant *wpa_s,
1619 struct ieee80211_mgmt *mgmt,
1621 struct ieee80211_rx_status *rx_status)
1623 ieee80211_bss_info(wpa_s, mgmt, len, rx_status, 0);
1627 static void ieee80211_rx_mgmt_beacon(struct wpa_supplicant *wpa_s,
1628 struct ieee80211_mgmt *mgmt,
1630 struct ieee80211_rx_status *rx_status)
1634 struct ieee802_11_elems elems;
1636 ieee80211_bss_info(wpa_s, mgmt, len, rx_status, 1);
1638 if (!wpa_s->mlme.associated ||
1639 os_memcmp(wpa_s->bssid, mgmt->bssid, ETH_ALEN) != 0)
1642 /* Process beacon from the current BSS */
1643 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
1647 if (ieee802_11_parse_elems(mgmt->u.beacon.variable, len - baselen,
1648 &elems, 0) == ParseFailed)
1652 if (elems.erp_info && elems.erp_info_len >= 1) {
1654 (elems.erp_info[0] & ERP_INFO_USE_PROTECTION) != 0;
1657 if (use_protection != !!wpa_s->mlme.use_protection) {
1658 wpa_printf(MSG_DEBUG, "MLME: CTS protection %s (BSSID=" MACSTR
1660 use_protection ? "enabled" : "disabled",
1661 MAC2STR(wpa_s->bssid));
1662 wpa_s->mlme.use_protection = use_protection ? 1 : 0;
1663 wpa_s->mlme.cts_protect_erp_frames = use_protection;
1666 if (elems.wmm && wpa_s->mlme.wmm_enabled) {
1667 ieee80211_sta_wmm_params(wpa_s, elems.wmm,
1673 static void ieee80211_rx_mgmt_probe_req(struct wpa_supplicant *wpa_s,
1674 struct ieee80211_mgmt *mgmt,
1676 struct ieee80211_rx_status *rx_status)
1678 int tx_last_beacon, adhoc;
1680 struct ieee80211_mgmt *resp;
1683 struct wpa_ssid *ssid = wpa_s->current_ssid;
1685 adhoc = ssid && ssid->mode == 1;
1687 if (!adhoc || wpa_s->mlme.state != IEEE80211_IBSS_JOINED ||
1688 len < 24 + 2 || wpa_s->mlme.probe_resp == NULL)
1692 if (local->hw->tx_last_beacon)
1693 tx_last_beacon = local->hw->tx_last_beacon(local->mdev);
1698 #ifdef IEEE80211_IBSS_DEBUG
1699 wpa_printf(MSG_DEBUG, "MLME: RX ProbeReq SA=" MACSTR " DA=" MACSTR
1700 " BSSID=" MACSTR " (tx_last_beacon=%d)",
1701 MAC2STR(mgmt->sa), MAC2STR(mgmt->da),
1702 MAC2STR(mgmt->bssid), tx_last_beacon);
1703 #endif /* IEEE80211_IBSS_DEBUG */
1705 if (!tx_last_beacon)
1708 if (os_memcmp(mgmt->bssid, wpa_s->bssid, ETH_ALEN) != 0 &&
1709 os_memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
1712 end = ((u8 *) mgmt) + len;
1713 pos = mgmt->u.probe_req.variable;
1714 if (pos[0] != WLAN_EID_SSID ||
1715 pos + 2 + pos[1] > end) {
1716 wpa_printf(MSG_DEBUG, "MLME: Invalid SSID IE in ProbeReq from "
1717 MACSTR, MAC2STR(mgmt->sa));
1721 (pos[1] != wpa_s->mlme.ssid_len ||
1722 os_memcmp(pos + 2, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len) != 0))
1724 /* Ignore ProbeReq for foreign SSID */
1729 /* Reply with ProbeResp */
1730 skb = skb_copy(wpa_s->mlme.probe_resp, GFP_ATOMIC);
1734 resp = (struct ieee80211_mgmt *) skb->data;
1735 os_memcpy(resp->da, mgmt->sa, ETH_ALEN);
1736 #ifdef IEEE80211_IBSS_DEBUG
1737 wpa_printf(MSG_DEBUG, "MLME: Sending ProbeResp to " MACSTR,
1739 #endif /* IEEE80211_IBSS_DEBUG */
1740 ieee80211_sta_tx(wpa_s, skb, 0, 1);
1745 #ifdef CONFIG_IEEE80211R
1746 static void ieee80211_rx_mgmt_ft_action(struct wpa_supplicant *wpa_s,
1747 struct ieee80211_mgmt *mgmt,
1749 struct ieee80211_rx_status *rx_status)
1751 union wpa_event_data data;
1753 u8 *sta_addr, *target_ap_addr;
1755 if (len < 24 + 1 + sizeof(mgmt->u.action.u.ft_action_resp)) {
1756 wpa_printf(MSG_DEBUG, "MLME: Too short FT Action frame");
1761 * Only FT Action Response is needed for now since reservation
1762 * protocol is not supported.
1764 if (mgmt->u.action.u.ft_action_resp.action != 2) {
1765 wpa_printf(MSG_DEBUG, "MLME: Unexpected FT Action %d",
1766 mgmt->u.action.u.ft_action_resp.action);
1770 status = le_to_host16(mgmt->u.action.u.ft_action_resp.status_code);
1771 sta_addr = mgmt->u.action.u.ft_action_resp.sta_addr;
1772 target_ap_addr = mgmt->u.action.u.ft_action_resp.target_ap_addr;
1773 wpa_printf(MSG_DEBUG, "MLME: Received FT Action Response: STA " MACSTR
1774 " TargetAP " MACSTR " Status Code %d",
1775 MAC2STR(sta_addr), MAC2STR(target_ap_addr), status);
1776 if (os_memcmp(sta_addr, wpa_s->own_addr, ETH_ALEN) != 0) {
1777 wpa_printf(MSG_DEBUG, "MLME: Foreign STA Address " MACSTR
1778 " in FT Action Response", MAC2STR(sta_addr));
1783 wpa_printf(MSG_DEBUG, "MLME: FT Action Response indicates "
1784 "failure (status code %d)", status);
1785 /* TODO: report error to FT code(?) */
1789 os_memset(&data, 0, sizeof(data));
1790 data.ft_ies.ies = mgmt->u.action.u.ft_action_resp.variable;
1791 data.ft_ies.ies_len = len - (mgmt->u.action.u.ft_action_resp.variable -
1793 data.ft_ies.ft_action = 1;
1794 os_memcpy(data.ft_ies.target_ap, target_ap_addr, ETH_ALEN);
1795 wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &data);
1796 /* TODO: should only re-associate, if EVENT_FT_RESPONSE was processed
1798 wpa_s->mlme.prev_bssid_set = 1;
1799 wpa_s->mlme.auth_alg = WLAN_AUTH_FT;
1800 os_memcpy(wpa_s->mlme.prev_bssid, wpa_s->bssid, ETH_ALEN);
1801 os_memcpy(wpa_s->bssid, target_ap_addr, ETH_ALEN);
1802 ieee80211_associate(wpa_s);
1804 #endif /* CONFIG_IEEE80211R */
1807 #ifdef CONFIG_IEEE80211W
1809 /* MLME-SAQuery.response */
1810 static int ieee80211_sta_send_sa_query_resp(struct wpa_supplicant *wpa_s,
1811 const u8 *addr, const u8 *trans_id)
1813 struct ieee80211_mgmt *mgmt;
1817 mgmt = os_zalloc(sizeof(*mgmt));
1819 wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for "
1820 "SA Query action frame");
1825 os_memcpy(mgmt->da, addr, ETH_ALEN);
1826 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
1827 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
1828 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
1829 WLAN_FC_STYPE_ACTION);
1830 mgmt->u.action.category = WLAN_ACTION_SA_QUERY;
1831 mgmt->u.action.u.sa_query_resp.action = WLAN_SA_QUERY_RESPONSE;
1832 os_memcpy(mgmt->u.action.u.sa_query_resp.trans_id, trans_id,
1833 WLAN_SA_QUERY_TR_ID_LEN);
1834 len += 1 + sizeof(mgmt->u.action.u.sa_query_resp);
1836 res = ieee80211_sta_tx(wpa_s, (u8 *) mgmt, len);
1843 static void ieee80211_rx_mgmt_sa_query_action(
1844 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len,
1845 struct ieee80211_rx_status *rx_status)
1847 if (len < 24 + 1 + sizeof(mgmt->u.action.u.sa_query_req)) {
1848 wpa_printf(MSG_DEBUG, "MLME: Too short SA Query Action frame");
1852 if (mgmt->u.action.u.sa_query_req.action != WLAN_SA_QUERY_REQUEST) {
1853 wpa_printf(MSG_DEBUG, "MLME: Unexpected SA Query Action %d",
1854 mgmt->u.action.u.sa_query_req.action);
1858 if (os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) != 0) {
1859 wpa_printf(MSG_DEBUG, "MLME: Ignore SA Query from unknown "
1860 "source " MACSTR, MAC2STR(mgmt->sa));
1864 if (wpa_s->mlme.state == IEEE80211_ASSOCIATE) {
1865 wpa_printf(MSG_DEBUG, "MLME: Ignore SA query request during "
1866 "association process");
1870 wpa_printf(MSG_DEBUG, "MLME: Replying to SA Query request");
1871 ieee80211_sta_send_sa_query_resp(wpa_s, mgmt->sa, mgmt->u.action.u.
1872 sa_query_req.trans_id);
1875 #endif /* CONFIG_IEEE80211W */
1878 static void dump_tspec(struct wmm_tspec_element *tspec)
1880 int up, psb, dir, tid;
1883 up = (tspec->ts_info[1] >> 3) & 0x07;
1884 psb = (tspec->ts_info[1] >> 2) & 0x01;
1885 dir = (tspec->ts_info[0] >> 5) & 0x03;
1886 tid = (tspec->ts_info[0] >> 1) & 0x0f;
1887 wpa_printf(MSG_DEBUG, "WMM: TS Info: UP=%d PSB=%d Direction=%d TID=%d",
1889 val = le_to_host16(tspec->nominal_msdu_size);
1890 wpa_printf(MSG_DEBUG, "WMM: Nominal MSDU Size: %d%s",
1891 val & 0x7fff, val & 0x8000 ? " (fixed)" : "");
1892 wpa_printf(MSG_DEBUG, "WMM: Mean Data Rate: %u bps",
1893 le_to_host32(tspec->mean_data_rate));
1894 wpa_printf(MSG_DEBUG, "WMM: Minimum PHY Rate: %u bps",
1895 le_to_host32(tspec->minimum_phy_rate));
1896 val = le_to_host16(tspec->surplus_bandwidth_allowance);
1897 wpa_printf(MSG_DEBUG, "WMM: Surplus Bandwidth Allowance: %u.%04u",
1898 val >> 13, 10000 * (val & 0x1fff) / 0x2000);
1899 val = le_to_host16(tspec->medium_time);
1900 wpa_printf(MSG_DEBUG, "WMM: Medium Time: %u (= %u usec/sec)",
1905 static int is_wmm_tspec(const u8 *ie, size_t len)
1907 const struct wmm_tspec_element *tspec;
1909 if (len < sizeof(*tspec))
1912 tspec = (const struct wmm_tspec_element *) ie;
1913 if (tspec->eid != WLAN_EID_VENDOR_SPECIFIC ||
1914 tspec->length < sizeof(*tspec) - 2 ||
1915 tspec->oui[0] != 0x00 || tspec->oui[1] != 0x50 ||
1916 tspec->oui[2] != 0xf2 || tspec->oui_type != 2 ||
1917 tspec->oui_subtype != 2 || tspec->version != 1)
1924 static void ieee80211_rx_addts_resp(
1925 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len,
1928 struct wmm_tspec_element *tspec;
1930 wpa_printf(MSG_DEBUG, "WMM: Received ADDTS Response");
1931 wpa_hexdump(MSG_MSGDUMP, "WMM: ADDTS Response IE(s)",
1932 mgmt->u.action.u.wmm_action.variable, var_len);
1933 if (!is_wmm_tspec(mgmt->u.action.u.wmm_action.variable, var_len))
1935 tspec = (struct wmm_tspec_element *)
1936 mgmt->u.action.u.wmm_action.variable;
1941 static void ieee80211_rx_delts(
1942 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len,
1945 struct wmm_tspec_element *tspec;
1947 wpa_printf(MSG_DEBUG, "WMM: Received DELTS");
1948 wpa_hexdump(MSG_MSGDUMP, "WMM: DELTS IE(s)",
1949 mgmt->u.action.u.wmm_action.variable, var_len);
1950 if (!is_wmm_tspec(mgmt->u.action.u.wmm_action.variable, var_len))
1952 tspec = (struct wmm_tspec_element *)
1953 mgmt->u.action.u.wmm_action.variable;
1958 static void ieee80211_rx_mgmt_wmm_action(
1959 struct wpa_supplicant *wpa_s, struct ieee80211_mgmt *mgmt, size_t len,
1960 struct ieee80211_rx_status *rx_status)
1964 alen = mgmt->u.action.u.wmm_action.variable - (u8 *) mgmt;
1966 wpa_printf(MSG_DEBUG, "WMM: Received Action frame too short");
1970 wpa_printf(MSG_DEBUG, "WMM: Received Action frame: Action Code %d, "
1971 "Dialog Token %d, Status Code %d",
1972 mgmt->u.action.u.wmm_action.action_code,
1973 mgmt->u.action.u.wmm_action.dialog_token,
1974 mgmt->u.action.u.wmm_action.status_code);
1976 switch (mgmt->u.action.u.wmm_action.action_code) {
1977 case WMM_ACTION_CODE_ADDTS_RESP:
1978 ieee80211_rx_addts_resp(wpa_s, mgmt, len, len - alen);
1980 case WMM_ACTION_CODE_DELTS:
1981 ieee80211_rx_delts(wpa_s, mgmt, len, len - alen);
1984 wpa_printf(MSG_DEBUG, "WMM: Unsupported Action Code %d",
1985 mgmt->u.action.u.wmm_action.action_code);
1991 static void ieee80211_rx_mgmt_action(struct wpa_supplicant *wpa_s,
1992 struct ieee80211_mgmt *mgmt,
1994 struct ieee80211_rx_status *rx_status)
1996 wpa_printf(MSG_DEBUG, "MLME: received Action frame");
2001 switch (mgmt->u.action.category) {
2002 #ifdef CONFIG_IEEE80211R
2003 case WLAN_ACTION_FT:
2004 ieee80211_rx_mgmt_ft_action(wpa_s, mgmt, len, rx_status);
2006 #endif /* CONFIG_IEEE80211R */
2007 #ifdef CONFIG_IEEE80211W
2008 case WLAN_ACTION_SA_QUERY:
2009 ieee80211_rx_mgmt_sa_query_action(wpa_s, mgmt, len, rx_status);
2011 #endif /* CONFIG_IEEE80211W */
2012 case WLAN_ACTION_WMM:
2013 ieee80211_rx_mgmt_wmm_action(wpa_s, mgmt, len, rx_status);
2016 wpa_printf(MSG_DEBUG, "MLME: unknown Action Category %d",
2017 mgmt->u.action.category);
2023 static void ieee80211_sta_rx_mgmt(struct wpa_supplicant *wpa_s,
2024 const u8 *buf, size_t len,
2025 struct ieee80211_rx_status *rx_status)
2027 struct ieee80211_mgmt *mgmt;
2033 mgmt = (struct ieee80211_mgmt *) buf;
2034 fc = le_to_host16(mgmt->frame_control);
2036 switch (WLAN_FC_GET_STYPE(fc)) {
2037 case WLAN_FC_STYPE_PROBE_REQ:
2038 ieee80211_rx_mgmt_probe_req(wpa_s, mgmt, len, rx_status);
2040 case WLAN_FC_STYPE_PROBE_RESP:
2041 ieee80211_rx_mgmt_probe_resp(wpa_s, mgmt, len, rx_status);
2043 case WLAN_FC_STYPE_BEACON:
2044 ieee80211_rx_mgmt_beacon(wpa_s, mgmt, len, rx_status);
2046 case WLAN_FC_STYPE_AUTH:
2047 ieee80211_rx_mgmt_auth(wpa_s, mgmt, len, rx_status);
2049 case WLAN_FC_STYPE_ASSOC_RESP:
2050 ieee80211_rx_mgmt_assoc_resp(wpa_s, mgmt, len, rx_status, 0);
2052 case WLAN_FC_STYPE_REASSOC_RESP:
2053 ieee80211_rx_mgmt_assoc_resp(wpa_s, mgmt, len, rx_status, 1);
2055 case WLAN_FC_STYPE_DEAUTH:
2056 ieee80211_rx_mgmt_deauth(wpa_s, mgmt, len, rx_status);
2058 case WLAN_FC_STYPE_DISASSOC:
2059 ieee80211_rx_mgmt_disassoc(wpa_s, mgmt, len, rx_status);
2061 case WLAN_FC_STYPE_ACTION:
2062 ieee80211_rx_mgmt_action(wpa_s, mgmt, len, rx_status);
2065 wpa_printf(MSG_DEBUG, "MLME: received unknown management "
2066 "frame - stype=%d", WLAN_FC_GET_STYPE(fc));
2072 static void ieee80211_sta_rx_scan(struct wpa_supplicant *wpa_s,
2073 const u8 *buf, size_t len,
2074 struct ieee80211_rx_status *rx_status)
2076 struct ieee80211_mgmt *mgmt;
2082 mgmt = (struct ieee80211_mgmt *) buf;
2083 fc = le_to_host16(mgmt->frame_control);
2085 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT) {
2086 if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
2087 ieee80211_rx_mgmt_probe_resp(wpa_s, mgmt,
2089 } else if (WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) {
2090 ieee80211_rx_mgmt_beacon(wpa_s, mgmt, len, rx_status);
2096 static int ieee80211_sta_active_ibss(struct wpa_supplicant *wpa_s)
2101 list_for_each(ptr, &local->sta_list) {
2102 sta = list_entry(ptr, struct sta_info, list);
2103 if (sta->dev == dev &&
2104 time_after(sta->last_rx + IEEE80211_IBSS_MERGE_INTERVAL,
2116 static void ieee80211_sta_expire(struct wpa_supplicant *wpa_s)
2119 list_for_each_safe(ptr, n, &local->sta_list) {
2120 sta = list_entry(ptr, struct sta_info, list);
2121 if (time_after(jiffies, sta->last_rx +
2122 IEEE80211_IBSS_INACTIVITY_LIMIT)) {
2123 wpa_printf(MSG_DEBUG, "MLME: expiring inactive STA "
2124 MACSTR, MAC2STR(sta->addr));
2125 sta_info_free(local, sta, 1);
2132 static void ieee80211_sta_merge_ibss(struct wpa_supplicant *wpa_s)
2134 ieee80211_reschedule_timer(wpa_s, IEEE80211_IBSS_MERGE_INTERVAL);
2136 ieee80211_sta_expire(wpa_s);
2137 if (ieee80211_sta_active_ibss(wpa_s))
2140 wpa_printf(MSG_DEBUG, "MLME: No active IBSS STAs - trying to scan for "
2141 "other IBSS networks with same SSID (merge)");
2142 ieee80211_sta_req_scan(wpa_s, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
2146 static void ieee80211_sta_timer(void *eloop_ctx, void *timeout_ctx)
2148 struct wpa_supplicant *wpa_s = eloop_ctx;
2150 switch (wpa_s->mlme.state) {
2151 case IEEE80211_DISABLED:
2153 case IEEE80211_AUTHENTICATE:
2154 ieee80211_authenticate(wpa_s);
2156 case IEEE80211_ASSOCIATE:
2157 ieee80211_associate(wpa_s);
2159 case IEEE80211_ASSOCIATED:
2160 ieee80211_associated(wpa_s);
2162 case IEEE80211_IBSS_SEARCH:
2163 ieee80211_sta_find_ibss(wpa_s);
2165 case IEEE80211_IBSS_JOINED:
2166 ieee80211_sta_merge_ibss(wpa_s);
2169 wpa_printf(MSG_DEBUG, "ieee80211_sta_timer: Unknown state %d",
2174 if (ieee80211_privacy_mismatch(wpa_s)) {
2175 wpa_printf(MSG_DEBUG, "MLME: privacy configuration mismatch "
2176 "and mixed-cell disabled - disassociate");
2178 ieee80211_send_disassoc(wpa_s, WLAN_REASON_UNSPECIFIED);
2179 ieee80211_set_associated(wpa_s, 0);
2184 static void ieee80211_sta_new_auth(struct wpa_supplicant *wpa_s)
2186 struct wpa_ssid *ssid = wpa_s->current_ssid;
2187 if (ssid && ssid->mode != 0)
2191 if (local->hw->reset_tsf) {
2192 /* Reset own TSF to allow time synchronization work. */
2193 local->hw->reset_tsf(local->mdev);
2197 wpa_s->mlme.wmm_last_param_set = -1; /* allow any WMM update */
2200 if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_OPEN)
2201 wpa_s->mlme.auth_alg = WLAN_AUTH_OPEN;
2202 else if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_SHARED_KEY)
2203 wpa_s->mlme.auth_alg = WLAN_AUTH_SHARED_KEY;
2204 else if (wpa_s->mlme.auth_algs & IEEE80211_AUTH_ALG_LEAP)
2205 wpa_s->mlme.auth_alg = WLAN_AUTH_LEAP;
2207 wpa_s->mlme.auth_alg = WLAN_AUTH_OPEN;
2208 wpa_printf(MSG_DEBUG, "MLME: Initial auth_alg=%d",
2209 wpa_s->mlme.auth_alg);
2210 wpa_s->mlme.auth_transaction = -1;
2211 wpa_s->mlme.auth_tries = wpa_s->mlme.assoc_tries = 0;
2212 ieee80211_authenticate(wpa_s);
2216 static int ieee80211_ibss_allowed(struct wpa_supplicant *wpa_s)
2221 for (m = 0; m < local->hw->num_modes; m++) {
2222 struct ieee80211_hw_modes *mode = &local->hw->modes[m];
2223 if (mode->mode != local->conf.phymode)
2225 for (c = 0; c < mode->num_channels; c++) {
2226 struct ieee80211_channel *chan = &mode->channels[c];
2227 if (chan->flag & IEEE80211_CHAN_W_SCAN &&
2228 chan->chan == local->conf.channel) {
2229 if (chan->flag & IEEE80211_CHAN_W_IBSS)
2241 static int ieee80211_sta_join_ibss(struct wpa_supplicant *wpa_s,
2242 struct ieee80211_sta_bss *bss)
2244 int res = 0, rates, done = 0, bssid_changed;
2245 struct ieee80211_mgmt *mgmt;
2247 struct ieee80211_tx_control control;
2248 struct ieee80211_rate *rate;
2249 struct rate_control_extra extra;
2254 /* Remove possible STA entries from other IBSS networks. */
2256 sta_info_flush(local, NULL);
2258 if (local->hw->reset_tsf) {
2259 /* Reset own TSF to allow time synchronization work. */
2260 local->hw->reset_tsf(local->mdev);
2263 bssid_changed = os_memcmp(wpa_s->bssid, bss->bssid, ETH_ALEN);
2264 os_memcpy(wpa_s->bssid, bss->bssid, ETH_ALEN);
2266 wpas_notify_bssid_changed(wpa_s);
2269 local->conf.beacon_int = bss->beacon_int >= 10 ? bss->beacon_int : 10;
2271 sdata->drop_unencrypted = bss->capability &
2272 host_to_le16(WLAN_CAPABILITY_PRIVACY) ? 1 : 0;
2276 os_memset(&rq, 0, sizeof(rq));
2277 rq.m = bss->freq * 100000;
2279 res = ieee80211_ioctl_siwfreq(wpa_s, NULL, &rq, NULL);
2282 if (!ieee80211_ibss_allowed(wpa_s)) {
2284 wpa_printf(MSG_DEBUG, "MLME: IBSS not allowed on channel %d "
2285 "(%d MHz)", local->conf.channel,
2291 /* Set beacon template based on scan results */
2292 buf = os_malloc(400);
2298 mgmt = (struct ieee80211_mgmt *) buf;
2299 len += 24 + sizeof(mgmt->u.beacon);
2300 os_memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon));
2301 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2302 WLAN_FC_STYPE_BEACON);
2303 os_memset(mgmt->da, 0xff, ETH_ALEN);
2304 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
2305 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
2307 mgmt->u.beacon.beacon_int =
2308 host_to_le16(local->conf.beacon_int);
2310 mgmt->u.beacon.capab_info = host_to_le16(bss->capability);
2313 len += 2 + wpa_s->mlme.ssid_len;
2314 *pos++ = WLAN_EID_SSID;
2315 *pos++ = wpa_s->mlme.ssid_len;
2316 os_memcpy(pos, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
2318 rates = bss->supp_rates_len;
2323 *pos++ = WLAN_EID_SUPP_RATES;
2325 os_memcpy(pos, bss->supp_rates, rates);
2329 *pos++ = WLAN_EID_DS_PARAMS;
2331 *pos++ = bss->channel;
2335 *pos++ = WLAN_EID_IBSS_PARAMS;
2337 /* FIX: set ATIM window based on scan results */
2341 if (bss->supp_rates_len > 8) {
2342 rates = bss->supp_rates_len - 8;
2345 *pos++ = WLAN_EID_EXT_SUPP_RATES;
2347 os_memcpy(pos, &bss->supp_rates[8], rates);
2351 os_memset(&control, 0, sizeof(control));
2352 control.pkt_type = PKT_PROBE_RESP;
2353 os_memset(&extra, 0, sizeof(extra));
2354 extra.endidx = local->num_curr_rates;
2355 rate = rate_control_get_rate(wpa_s, skb, &extra);
2357 wpa_printf(MSG_DEBUG, "MLME: Failed to determine TX "
2358 "rate for IBSS beacon");
2361 control.tx_rate = (wpa_s->mlme.short_preamble &&
2362 (rate->flags & IEEE80211_RATE_PREAMBLE2)) ?
2363 rate->val2 : rate->val;
2364 control.antenna_sel = local->conf.antenna_sel;
2365 control.power_level = local->conf.power_level;
2367 control.retry_limit = 1;
2368 control.rts_cts_duration = 0;
2372 wpa_s->mlme.probe_resp = skb_copy(skb, GFP_ATOMIC);
2373 if (wpa_s->mlme.probe_resp) {
2374 mgmt = (struct ieee80211_mgmt *)
2375 wpa_s->mlme.probe_resp->data;
2376 mgmt->frame_control =
2377 IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2378 WLAN_FC_STYPE_PROBE_RESP);
2380 wpa_printf(MSG_DEBUG, "MLME: Could not allocate "
2381 "ProbeResp template for IBSS");
2384 if (local->hw->beacon_update &&
2385 local->hw->beacon_update(wpa_s, skb, &control) == 0) {
2386 wpa_printf(MSG_DEBUG, "MLME: Configured IBSS beacon "
2387 "template based on scan results");
2392 for (i = 0; i < bss->supp_rates_len; i++) {
2393 int rate = (bss->supp_rates[i] & 0x7f) * 5;
2394 if (local->conf.phymode == MODE_ATHEROS_TURBO)
2396 for (j = 0; j < local->num_curr_rates; j++)
2397 if (local->curr_rates[j] == rate)
2400 wpa_s->mlme.supp_rates_bits = rates;
2407 wpa_printf(MSG_DEBUG, "MLME: Failed to configure IBSS beacon "
2411 wpa_s->mlme.state = IEEE80211_IBSS_JOINED;
2412 ieee80211_reschedule_timer(wpa_s, IEEE80211_IBSS_MERGE_INTERVAL);
2419 static int ieee80211_sta_create_ibss(struct wpa_supplicant *wpa_s)
2421 struct ieee80211_sta_bss *bss;
2422 u8 bssid[ETH_ALEN], *pos;
2426 /* Easier testing, use fixed BSSID. */
2427 os_memset(bssid, 0xfe, ETH_ALEN);
2429 /* Generate random, not broadcast, locally administered BSSID. Mix in
2430 * own MAC address to make sure that devices that do not have proper
2431 * random number generator get different BSSID. */
2432 os_get_random(bssid, ETH_ALEN);
2433 for (i = 0; i < ETH_ALEN; i++)
2434 bssid[i] ^= wpa_s->own_addr[i];
2439 wpa_printf(MSG_DEBUG, "MLME: Creating new IBSS network, BSSID "
2440 MACSTR "", MAC2STR(bssid));
2442 bss = ieee80211_bss_add(wpa_s, bssid);
2447 if (local->conf.beacon_int == 0)
2448 local->conf.beacon_int = 100;
2449 bss->beacon_int = local->conf.beacon_int;
2450 bss->hw_mode = local->conf.phymode;
2451 bss->channel = local->conf.channel;
2452 bss->freq = local->conf.freq;
2454 os_get_time(&bss->last_update);
2455 bss->capability = host_to_le16(WLAN_CAPABILITY_IBSS);
2457 if (sdata->default_key) {
2458 bss->capability |= host_to_le16(WLAN_CAPABILITY_PRIVACY);
2460 sdata->drop_unencrypted = 0;
2461 bss->supp_rates_len = local->num_curr_rates;
2463 pos = bss->supp_rates;
2465 for (i = 0; i < local->num_curr_rates; i++) {
2466 int rate = local->curr_rates[i];
2467 if (local->conf.phymode == MODE_ATHEROS_TURBO)
2469 *pos++ = (u8) (rate / 5);
2473 return ieee80211_sta_join_ibss(wpa_s, bss);
2478 static int ieee80211_sta_find_ibss(struct wpa_supplicant *wpa_s)
2480 struct ieee80211_sta_bss *bss;
2486 if (wpa_s->mlme.ssid_len == 0)
2489 active_ibss = ieee80211_sta_active_ibss(wpa_s);
2490 #ifdef IEEE80211_IBSS_DEBUG
2491 wpa_printf(MSG_DEBUG, "MLME: sta_find_ibss (active_ibss=%d)",
2493 #endif /* IEEE80211_IBSS_DEBUG */
2494 for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next) {
2495 if (wpa_s->mlme.ssid_len != bss->ssid_len ||
2496 os_memcmp(wpa_s->mlme.ssid, bss->ssid, bss->ssid_len) != 0
2497 || !(bss->capability & WLAN_CAPABILITY_IBSS))
2499 #ifdef IEEE80211_IBSS_DEBUG
2500 wpa_printf(MSG_DEBUG, " bssid=" MACSTR " found",
2501 MAC2STR(bss->bssid));
2502 #endif /* IEEE80211_IBSS_DEBUG */
2503 os_memcpy(bssid, bss->bssid, ETH_ALEN);
2506 os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0)
2510 #ifdef IEEE80211_IBSS_DEBUG
2511 wpa_printf(MSG_DEBUG, " sta_find_ibss: selected " MACSTR " current "
2512 MACSTR, MAC2STR(bssid), MAC2STR(wpa_s->bssid));
2513 #endif /* IEEE80211_IBSS_DEBUG */
2514 if (found && os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) != 0 &&
2515 (bss = ieee80211_bss_get(wpa_s, bssid))) {
2516 wpa_printf(MSG_DEBUG, "MLME: Selected IBSS BSSID " MACSTR
2517 " based on configured SSID",
2519 return ieee80211_sta_join_ibss(wpa_s, bss);
2521 #ifdef IEEE80211_IBSS_DEBUG
2522 wpa_printf(MSG_DEBUG, " did not try to join ibss");
2523 #endif /* IEEE80211_IBSS_DEBUG */
2525 /* Selected IBSS not found in current scan results - try to scan */
2528 if (wpa_s->mlme.state == IEEE80211_IBSS_JOINED &&
2529 !ieee80211_sta_active_ibss(wpa_s)) {
2530 ieee80211_reschedule_timer(wpa_s,
2531 IEEE80211_IBSS_MERGE_INTERVAL);
2532 } else if (time_after(jiffies, wpa_s->mlme.last_scan_completed +
2533 IEEE80211_SCAN_INTERVAL)) {
2534 wpa_printf(MSG_DEBUG, "MLME: Trigger new scan to find an IBSS "
2536 return ieee80211_sta_req_scan(wpa_s->mlme.ssid,
2537 wpa_s->mlme.ssid_len);
2538 } else if (wpa_s->mlme.state != IEEE80211_IBSS_JOINED) {
2539 int interval = IEEE80211_SCAN_INTERVAL;
2541 if (time_after(jiffies, wpa_s->mlme.ibss_join_req +
2542 IEEE80211_IBSS_JOIN_TIMEOUT)) {
2543 if (wpa_s->mlme.create_ibss &&
2544 ieee80211_ibss_allowed(wpa_s))
2545 return ieee80211_sta_create_ibss(wpa_s);
2546 if (wpa_s->mlme.create_ibss) {
2547 wpa_printf(MSG_DEBUG, "MLME: IBSS not allowed "
2548 "on the configured channel %d "
2550 local->conf.channel,
2554 /* No IBSS found - decrease scan interval and continue
2556 interval = IEEE80211_SCAN_INTERVAL_SLOW;
2559 wpa_s->mlme.state = IEEE80211_IBSS_SEARCH;
2560 ieee80211_reschedule_timer(wpa_s, interval);
2569 int ieee80211_sta_get_ssid(struct wpa_supplicant *wpa_s, u8 *ssid,
2572 os_memcpy(ssid, wpa_s->mlme.ssid, wpa_s->mlme.ssid_len);
2573 *len = wpa_s->mlme.ssid_len;
2578 int ieee80211_sta_associate(struct wpa_supplicant *wpa_s,
2579 struct wpa_driver_associate_params *params)
2581 struct ieee80211_sta_bss *bss;
2584 wpa_s->mlme.bssid_set = 0;
2585 wpa_s->mlme.freq = params->freq;
2586 if (params->bssid) {
2587 bssid_changed = os_memcmp(wpa_s->bssid, params->bssid,
2589 os_memcpy(wpa_s->bssid, params->bssid, ETH_ALEN);
2591 wpas_notify_bssid_changed(wpa_s);
2593 if (!is_zero_ether_addr(params->bssid))
2594 wpa_s->mlme.bssid_set = 1;
2595 bss = ieee80211_bss_get(wpa_s, wpa_s->bssid);
2597 wpa_s->mlme.phymode = bss->hw_mode;
2598 wpa_s->mlme.channel = bss->channel;
2599 wpa_s->mlme.freq = bss->freq;
2604 /* TODO: This should always be done for IBSS, even if IEEE80211_QOS is
2606 if (local->hw->conf_tx) {
2607 struct ieee80211_tx_queue_params qparam;
2610 os_memset(&qparam, 0, sizeof(qparam));
2611 /* TODO: are these ok defaults for all hw_modes? */
2614 local->conf.phymode == MODE_IEEE80211B ? 31 : 15;
2615 qparam.cw_max = 1023;
2616 qparam.burst_time = 0;
2617 for (i = IEEE80211_TX_QUEUE_DATA0; i < NUM_TX_DATA_QUEUES; i++)
2619 local->hw->conf_tx(wpa_s, i + IEEE80211_TX_QUEUE_DATA0,
2622 /* IBSS uses different parameters for Beacon sending */
2626 local->hw->conf_tx(wpa_s, IEEE80211_TX_QUEUE_BEACON, &qparam);
2630 if (wpa_s->mlme.ssid_len != params->ssid_len ||
2631 os_memcmp(wpa_s->mlme.ssid, params->ssid, params->ssid_len) != 0)
2632 wpa_s->mlme.prev_bssid_set = 0;
2633 os_memcpy(wpa_s->mlme.ssid, params->ssid, params->ssid_len);
2634 os_memset(wpa_s->mlme.ssid + params->ssid_len, 0,
2635 MAX_SSID_LEN - params->ssid_len);
2636 wpa_s->mlme.ssid_len = params->ssid_len;
2637 wpa_s->mlme.ssid_set = 1;
2639 os_free(wpa_s->mlme.extra_ie);
2640 if (params->wpa_ie == NULL || params->wpa_ie_len == 0) {
2641 wpa_s->mlme.extra_ie = NULL;
2642 wpa_s->mlme.extra_ie_len = 0;
2644 wpa_s->mlme.extra_ie = os_malloc(params->wpa_ie_len);
2645 if (wpa_s->mlme.extra_ie == NULL) {
2646 wpa_s->mlme.extra_ie_len = 0;
2649 os_memcpy(wpa_s->mlme.extra_ie, params->wpa_ie,
2650 params->wpa_ie_len);
2651 wpa_s->mlme.extra_ie_len = params->wpa_ie_len;
2654 wpa_s->mlme.key_mgmt = params->key_mgmt_suite;
2656 ieee80211_sta_set_channel(wpa_s, wpa_s->mlme.phymode,
2657 wpa_s->mlme.channel, wpa_s->mlme.freq);
2659 if (params->mode == 1 && !wpa_s->mlme.bssid_set) {
2660 os_get_time(&wpa_s->mlme.ibss_join_req);
2661 wpa_s->mlme.state = IEEE80211_IBSS_SEARCH;
2662 return ieee80211_sta_find_ibss(wpa_s);
2665 if (wpa_s->mlme.bssid_set)
2666 ieee80211_sta_new_auth(wpa_s);
2672 static void ieee80211_sta_save_oper_chan(struct wpa_supplicant *wpa_s)
2674 wpa_s->mlme.scan_oper_channel = wpa_s->mlme.channel;
2675 wpa_s->mlme.scan_oper_freq = wpa_s->mlme.freq;
2676 wpa_s->mlme.scan_oper_phymode = wpa_s->mlme.phymode;
2680 static int ieee80211_sta_restore_oper_chan(struct wpa_supplicant *wpa_s)
2682 wpa_s->mlme.channel = wpa_s->mlme.scan_oper_channel;
2683 wpa_s->mlme.freq = wpa_s->mlme.scan_oper_freq;
2684 wpa_s->mlme.phymode = wpa_s->mlme.scan_oper_phymode;
2685 if (wpa_s->mlme.freq == 0)
2687 return ieee80211_sta_set_channel(wpa_s, wpa_s->mlme.phymode,
2688 wpa_s->mlme.channel,
2693 static int ieee80211_active_scan(struct wpa_supplicant *wpa_s)
2698 for (m = 0; m < wpa_s->mlme.num_modes; m++) {
2699 struct hostapd_hw_modes *mode = &wpa_s->mlme.modes[m];
2700 if ((int) mode->mode != (int) wpa_s->mlme.phymode)
2702 for (c = 0; c < mode->num_channels; c++) {
2703 struct hostapd_channel_data *chan = &mode->channels[c];
2704 if (!(chan->flag & HOSTAPD_CHAN_DISABLED) &&
2705 chan->chan == wpa_s->mlme.channel) {
2706 if (!(chan->flag & HOSTAPD_CHAN_PASSIVE_SCAN))
2717 static void ieee80211_sta_scan_timer(void *eloop_ctx, void *timeout_ctx)
2719 struct wpa_supplicant *wpa_s = eloop_ctx;
2720 struct hostapd_hw_modes *mode;
2721 struct hostapd_channel_data *chan;
2724 struct wpa_ssid *ssid = wpa_s->current_ssid;
2727 if (!wpa_s->mlme.sta_scanning || wpa_s->mlme.modes == NULL)
2730 adhoc = ssid && ssid->mode == 1;
2732 switch (wpa_s->mlme.scan_state) {
2733 case SCAN_SET_CHANNEL:
2734 mode = &wpa_s->mlme.modes[wpa_s->mlme.scan_hw_mode_idx];
2735 if (wpa_s->mlme.scan_hw_mode_idx >=
2736 (int) wpa_s->mlme.num_modes ||
2737 (wpa_s->mlme.scan_hw_mode_idx + 1 ==
2738 (int) wpa_s->mlme.num_modes
2739 && wpa_s->mlme.scan_channel_idx >= mode->num_channels)) {
2740 if (ieee80211_sta_restore_oper_chan(wpa_s)) {
2741 wpa_printf(MSG_DEBUG, "MLME: failed to "
2742 "restore operational channel after "
2745 wpa_printf(MSG_DEBUG, "MLME: scan completed");
2746 wpa_s->mlme.sta_scanning = 0;
2747 os_get_time(&wpa_s->mlme.last_scan_completed);
2748 wpa_supplicant_event(wpa_s, EVENT_SCAN_RESULTS, NULL);
2750 if (!wpa_s->mlme.bssid_set ||
2751 (wpa_s->mlme.state ==
2752 IEEE80211_IBSS_JOINED &&
2753 !ieee80211_sta_active_ibss(wpa_s)))
2754 ieee80211_sta_find_ibss(wpa_s);
2758 skip = !(wpa_s->mlme.hw_modes & (1 << mode->mode));
2759 chan = &mode->channels[wpa_s->mlme.scan_channel_idx];
2760 if ((chan->flag & HOSTAPD_CHAN_DISABLED) ||
2761 (adhoc && (chan->flag & HOSTAPD_CHAN_NO_IBSS)) ||
2762 (wpa_s->mlme.hw_modes & (1 << HOSTAPD_MODE_IEEE80211G) &&
2763 mode->mode == HOSTAPD_MODE_IEEE80211B &&
2764 wpa_s->mlme.scan_skip_11b))
2768 wpa_printf(MSG_MSGDUMP,
2769 "MLME: scan channel %d (%d MHz)",
2770 chan->chan, chan->freq);
2772 wpa_s->mlme.channel = chan->chan;
2773 wpa_s->mlme.freq = chan->freq;
2774 wpa_s->mlme.phymode = mode->mode;
2775 if (ieee80211_sta_set_channel(wpa_s, mode->mode,
2776 chan->chan, chan->freq))
2778 wpa_printf(MSG_DEBUG, "MLME: failed to set "
2779 "channel %d (%d MHz) for scan",
2780 chan->chan, chan->freq);
2785 wpa_s->mlme.scan_channel_idx++;
2786 if (wpa_s->mlme.scan_channel_idx >=
2787 wpa_s->mlme.modes[wpa_s->mlme.scan_hw_mode_idx].
2789 wpa_s->mlme.scan_hw_mode_idx++;
2790 wpa_s->mlme.scan_channel_idx = 0;
2798 timeout = IEEE80211_PROBE_DELAY;
2799 wpa_s->mlme.scan_state = SCAN_SEND_PROBE;
2801 case SCAN_SEND_PROBE:
2802 if (ieee80211_active_scan(wpa_s)) {
2803 ieee80211_send_probe_req(wpa_s, NULL,
2804 wpa_s->mlme.scan_ssid,
2805 wpa_s->mlme.scan_ssid_len);
2806 timeout = IEEE80211_CHANNEL_TIME;
2808 timeout = IEEE80211_PASSIVE_CHANNEL_TIME;
2810 wpa_s->mlme.scan_state = SCAN_SET_CHANNEL;
2814 eloop_register_timeout(timeout / 1000, 1000 * (timeout % 1000),
2815 ieee80211_sta_scan_timer, wpa_s, NULL);
2819 int ieee80211_sta_req_scan(struct wpa_supplicant *wpa_s, const u8 *ssid,
2822 if (ssid_len > MAX_SSID_LEN)
2825 /* MLME-SCAN.request (page 118) page 144 (11.1.3.1)
2826 * BSSType: INFRASTRUCTURE, INDEPENDENT, ANY_BSS
2829 * ScanType: ACTIVE, PASSIVE
2830 * ProbeDelay: delay (in microseconds) to be used prior to transmitting
2831 * a Probe frame during active scanning
2833 * MinChannelTime (>= ProbeDelay), in TU
2834 * MaxChannelTime: (>= MinChannelTime), in TU
2837 /* MLME-SCAN.confirm
2839 * ResultCode: SUCCESS, INVALID_PARAMETERS
2842 /* TODO: if assoc, move to power save mode for the duration of the
2845 if (wpa_s->mlme.sta_scanning)
2848 wpa_printf(MSG_DEBUG, "MLME: starting scan");
2850 ieee80211_sta_save_oper_chan(wpa_s);
2852 wpa_s->mlme.sta_scanning = 1;
2853 /* TODO: stop TX queue? */
2856 wpa_s->mlme.scan_ssid_len = ssid_len;
2857 os_memcpy(wpa_s->mlme.scan_ssid, ssid, ssid_len);
2859 wpa_s->mlme.scan_ssid_len = 0;
2860 wpa_s->mlme.scan_skip_11b = 1; /* FIX: clear this is 11g is not
2862 wpa_s->mlme.scan_state = SCAN_SET_CHANNEL;
2863 wpa_s->mlme.scan_hw_mode_idx = 0;
2864 wpa_s->mlme.scan_channel_idx = 0;
2865 eloop_register_timeout(0, 1, ieee80211_sta_scan_timer, wpa_s, NULL);
2871 struct wpa_scan_results *
2872 ieee80211_sta_get_scan_results(struct wpa_supplicant *wpa_s)
2875 struct wpa_scan_results *res;
2876 struct wpa_scan_res *r;
2877 struct ieee80211_sta_bss *bss;
2879 res = os_zalloc(sizeof(*res));
2880 for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next)
2882 res->res = os_zalloc(ap_num * sizeof(struct wpa_scan_res *));
2883 if (res->res == NULL) {
2888 for (bss = wpa_s->mlme.sta_bss_list; bss; bss = bss->next) {
2889 r = os_zalloc(sizeof(*r) + bss->ie_len);
2892 os_memcpy(r->bssid, bss->bssid, ETH_ALEN);
2893 r->freq = bss->freq;
2894 r->beacon_int = bss->beacon_int;
2895 r->caps = bss->capability;
2896 r->level = bss->rssi;
2897 r->tsf = bss->timestamp;
2899 r->ie_len = bss->ie_len;
2900 os_memcpy(r + 1, bss->ie, bss->ie_len);
2903 res->res[res->num++] = r;
2911 struct sta_info * ieee80211_ibss_add_sta(struct wpa_supplicant *wpa_s,
2912 struct sk_buff *skb, u8 *bssid,
2915 struct ieee80211_local *local = dev->priv;
2916 struct list_head *ptr;
2917 struct sta_info *sta;
2918 struct wpa_supplicant *sta_dev = NULL;
2920 /* TODO: Could consider removing the least recently used entry and
2921 * allow new one to be added. */
2922 if (local->num_sta >= IEEE80211_IBSS_MAX_STA_ENTRIES) {
2923 if (net_ratelimit()) {
2924 wpa_printf(MSG_DEBUG, "MLME: No room for a new IBSS "
2925 "STA entry " MACSTR, MAC2STR(addr));
2930 spin_lock_bh(&local->sub_if_lock);
2931 list_for_each(ptr, &local->sub_if_list) {
2932 sdata = list_entry(ptr, struct ieee80211_sub_if_data, list);
2933 if (sdata->type == IEEE80211_SUB_IF_TYPE_STA &&
2934 os_memcmp(bssid, sdata->u.sta.bssid, ETH_ALEN) == 0) {
2935 sta_dev = sdata->dev;
2939 spin_unlock_bh(&local->sub_if_lock);
2941 if (sta_dev == NULL)
2944 wpa_printf(MSG_DEBUG, "MLME: Adding new IBSS station " MACSTR
2945 " (dev=%s)", MAC2STR(addr), sta_dev->name);
2947 sta = sta_info_add(wpa_s, addr);
2953 sta->supp_rates = wpa_s->mlme.supp_rates_bits;
2955 rate_control_rate_init(local, sta);
2957 return sta; /* caller will call sta_info_release() */
2962 int ieee80211_sta_deauthenticate(struct wpa_supplicant *wpa_s, u16 reason)
2964 wpa_printf(MSG_DEBUG, "MLME: deauthenticate(reason=%d)", reason);
2966 ieee80211_send_deauth(wpa_s, reason);
2967 ieee80211_set_associated(wpa_s, 0);
2972 int ieee80211_sta_disassociate(struct wpa_supplicant *wpa_s, u16 reason)
2974 wpa_printf(MSG_DEBUG, "MLME: disassociate(reason=%d)", reason);
2976 if (!wpa_s->mlme.associated)
2979 ieee80211_send_disassoc(wpa_s, reason);
2980 ieee80211_set_associated(wpa_s, 0);
2985 void ieee80211_sta_rx(struct wpa_supplicant *wpa_s, const u8 *buf, size_t len,
2986 struct ieee80211_rx_status *rx_status)
2988 struct ieee80211_mgmt *mgmt;
2992 /* wpa_hexdump(MSG_MSGDUMP, "MLME: Received frame", buf, len); */
2994 if (wpa_s->mlme.sta_scanning) {
2995 ieee80211_sta_rx_scan(wpa_s, buf, len, rx_status);
3002 mgmt = (struct ieee80211_mgmt *) buf;
3003 fc = le_to_host16(mgmt->frame_control);
3005 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
3006 ieee80211_sta_rx_mgmt(wpa_s, buf, len, rx_status);
3007 else if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_DATA) {
3008 if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) !=
3011 /* mgmt->sa is actually BSSID for FromDS data frames */
3012 if (os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) != 0)
3014 /* Skip IEEE 802.11 and LLC headers */
3016 if (WPA_GET_BE16(pos) != ETH_P_EAPOL)
3019 /* mgmt->bssid is actually BSSID for SA data frames */
3020 wpa_supplicant_rx_eapol(wpa_s, mgmt->bssid,
3021 pos, buf + len - pos);
3026 void ieee80211_sta_free_hw_features(struct hostapd_hw_modes *hw_features,
3027 size_t num_hw_features)
3031 if (hw_features == NULL)
3034 for (i = 0; i < num_hw_features; i++) {
3035 os_free(hw_features[i].channels);
3036 os_free(hw_features[i].rates);
3039 os_free(hw_features);
3043 int ieee80211_sta_init(struct wpa_supplicant *wpa_s)
3045 u16 num_modes, flags;
3047 wpa_s->mlme.modes = wpa_drv_get_hw_feature_data(wpa_s, &num_modes,
3049 if (wpa_s->mlme.modes == NULL) {
3050 wpa_printf(MSG_ERROR, "MLME: Failed to read supported "
3051 "channels and rates from the driver");
3055 wpa_s->mlme.num_modes = num_modes;
3057 wpa_s->mlme.hw_modes = 1 << HOSTAPD_MODE_IEEE80211A;
3058 wpa_s->mlme.hw_modes |= 1 << HOSTAPD_MODE_IEEE80211B;
3059 wpa_s->mlme.hw_modes |= 1 << HOSTAPD_MODE_IEEE80211G;
3061 wpa_s->mlme.wmm_enabled = 1;
3067 void ieee80211_sta_deinit(struct wpa_supplicant *wpa_s)
3069 eloop_cancel_timeout(ieee80211_sta_timer, wpa_s, NULL);
3070 eloop_cancel_timeout(ieee80211_sta_scan_timer, wpa_s, NULL);
3071 os_free(wpa_s->mlme.extra_ie);
3072 wpa_s->mlme.extra_ie = NULL;
3073 os_free(wpa_s->mlme.extra_probe_ie);
3074 wpa_s->mlme.extra_probe_ie = NULL;
3075 os_free(wpa_s->mlme.assocreq_ies);
3076 wpa_s->mlme.assocreq_ies = NULL;
3077 os_free(wpa_s->mlme.assocresp_ies);
3078 wpa_s->mlme.assocresp_ies = NULL;
3079 ieee80211_bss_list_deinit(wpa_s);
3080 ieee80211_sta_free_hw_features(wpa_s->mlme.modes,
3081 wpa_s->mlme.num_modes);
3082 #ifdef CONFIG_IEEE80211R
3083 os_free(wpa_s->mlme.ft_ies);
3084 wpa_s->mlme.ft_ies = NULL;
3085 wpa_s->mlme.ft_ies_len = 0;
3086 #endif /* CONFIG_IEEE80211R */
3090 #ifdef CONFIG_IEEE80211R
3092 int ieee80211_sta_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
3093 const u8 *ies, size_t ies_len)
3096 wpa_printf(MSG_DEBUG, "MLME: Clear FT mobility domain");
3097 os_memset(wpa_s->mlme.current_md, 0, MOBILITY_DOMAIN_ID_LEN);
3099 wpa_printf(MSG_DEBUG, "MLME: Update FT IEs for MD " MACSTR,
3101 os_memcpy(wpa_s->mlme.current_md, md, MOBILITY_DOMAIN_ID_LEN);
3104 wpa_hexdump(MSG_DEBUG, "MLME: FT IEs", ies, ies_len);
3105 os_free(wpa_s->mlme.ft_ies);
3106 wpa_s->mlme.ft_ies = os_malloc(ies_len);
3107 if (wpa_s->mlme.ft_ies == NULL)
3109 os_memcpy(wpa_s->mlme.ft_ies, ies, ies_len);
3110 wpa_s->mlme.ft_ies_len = ies_len;
3116 int ieee80211_sta_send_ft_action(struct wpa_supplicant *wpa_s, u8 action,
3117 const u8 *target_ap,
3118 const u8 *ies, size_t ies_len)
3122 struct ieee80211_mgmt *mgmt;
3126 * Action frame payload:
3127 * Category[1] = 6 (Fast BSS Transition)
3128 * Action[1] = 1 (Fast BSS Transition Request)
3134 buf = os_zalloc(sizeof(*mgmt) + ies_len);
3136 wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for "
3141 mgmt = (struct ieee80211_mgmt *) buf;
3143 os_memcpy(mgmt->da, wpa_s->bssid, ETH_ALEN);
3144 os_memcpy(mgmt->sa, wpa_s->own_addr, ETH_ALEN);
3145 os_memcpy(mgmt->bssid, wpa_s->bssid, ETH_ALEN);
3146 mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
3147 WLAN_FC_STYPE_ACTION);
3148 mgmt->u.action.category = WLAN_ACTION_FT;
3149 mgmt->u.action.u.ft_action_req.action = action;
3150 os_memcpy(mgmt->u.action.u.ft_action_req.sta_addr, wpa_s->own_addr,
3152 os_memcpy(mgmt->u.action.u.ft_action_req.target_ap_addr, target_ap,
3154 os_memcpy(mgmt->u.action.u.ft_action_req.variable, ies, ies_len);
3155 len += 1 + sizeof(mgmt->u.action.u.ft_action_req) + ies_len;
3157 wpa_printf(MSG_DEBUG, "MLME: Send FT Action Frame: Action=%d "
3158 "Target AP=" MACSTR " body_len=%lu",
3159 action, MAC2STR(target_ap), (unsigned long) ies_len);
3161 res = ieee80211_sta_tx(wpa_s, buf, len);
3167 #endif /* CONFIG_IEEE80211R */
3170 int ieee80211_sta_set_probe_req_ie(struct wpa_supplicant *wpa_s, const u8 *ies,
3173 os_free(wpa_s->mlme.extra_probe_ie);
3174 wpa_s->mlme.extra_probe_ie = NULL;
3175 wpa_s->mlme.extra_probe_ie_len = 0;
3180 wpa_s->mlme.extra_probe_ie = os_malloc(ies_len);
3181 if (wpa_s->mlme.extra_probe_ie == NULL)
3184 os_memcpy(wpa_s->mlme.extra_probe_ie, ies, ies_len);
3185 wpa_s->mlme.extra_probe_ie_len = ies_len;
projects / libeap.git / blob