2 * hostapd / Station table
3 * Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "common/wpa_ctrl.h"
15 #include "common/sae.h"
16 #include "radius/radius.h"
17 #include "radius/radius_client.h"
21 #include "accounting.h"
22 #include "ieee802_1x.h"
23 #include "ieee802_11.h"
24 #include "ieee802_11_auth.h"
26 #include "preauth_auth.h"
27 #include "ap_config.h"
30 #include "vlan_init.h"
31 #include "p2p_hostapd.h"
32 #include "ap_drv_ops.h"
35 #include "ndisc_snoop.h"
39 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
40 struct sta_info *sta);
41 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
42 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx);
43 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx);
44 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
45 #ifdef CONFIG_IEEE80211W
46 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
47 #endif /* CONFIG_IEEE80211W */
48 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
50 int ap_for_each_sta(struct hostapd_data *hapd,
51 int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
57 for (sta = hapd->sta_list; sta; sta = sta->next) {
58 if (cb(hapd, sta, ctx))
66 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
70 s = hapd->sta_hash[STA_HASH(sta)];
71 while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
78 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr)
82 for (sta = hapd->sta_list; sta; sta = sta->next) {
83 const u8 *p2p_dev_addr;
85 if (sta->p2p_ie == NULL)
88 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
89 if (p2p_dev_addr == NULL)
92 if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0)
98 #endif /* CONFIG_P2P */
101 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
103 struct sta_info *tmp;
105 if (hapd->sta_list == sta) {
106 hapd->sta_list = sta->next;
110 tmp = hapd->sta_list;
111 while (tmp != NULL && tmp->next != sta)
114 wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
115 "list.", MAC2STR(sta->addr));
117 tmp->next = sta->next;
121 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
123 sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
124 hapd->sta_hash[STA_HASH(sta->addr)] = sta;
128 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
132 s = hapd->sta_hash[STA_HASH(sta->addr)];
133 if (s == NULL) return;
134 if (os_memcmp(s->addr, sta->addr, 6) == 0) {
135 hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
139 while (s->hnext != NULL &&
140 os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
142 if (s->hnext != NULL)
143 s->hnext = s->hnext->hnext;
145 wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
146 " from hash table", MAC2STR(sta->addr));
150 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta)
152 sta_ip6addr_del(hapd, sta);
156 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
160 accounting_sta_stop(hapd, sta);
163 ap_sta_set_authorized(hapd, sta, 0);
165 if (sta->flags & WLAN_STA_WDS)
166 hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
169 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
170 ap_sta_ip6addr_del(hapd, sta);
172 if (!hapd->iface->driver_ap_teardown &&
173 !(sta->flags & WLAN_STA_PREAUTH)) {
174 hostapd_drv_sta_remove(hapd, sta->addr);
175 sta->added_unassoc = 0;
178 ap_sta_hash_del(hapd, sta);
179 ap_sta_list_del(hapd, sta);
182 hapd->sta_aid[(sta->aid - 1) / 32] &=
183 ~BIT((sta->aid - 1) % 32);
186 if (sta->nonerp_set) {
188 hapd->iface->num_sta_non_erp--;
189 if (hapd->iface->num_sta_non_erp == 0)
193 if (sta->no_short_slot_time_set) {
194 sta->no_short_slot_time_set = 0;
195 hapd->iface->num_sta_no_short_slot_time--;
196 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
197 && hapd->iface->num_sta_no_short_slot_time == 0)
201 if (sta->no_short_preamble_set) {
202 sta->no_short_preamble_set = 0;
203 hapd->iface->num_sta_no_short_preamble--;
204 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
205 && hapd->iface->num_sta_no_short_preamble == 0)
209 if (sta->no_ht_gf_set) {
210 sta->no_ht_gf_set = 0;
211 hapd->iface->num_sta_ht_no_gf--;
214 if (sta->no_ht_set) {
216 hapd->iface->num_sta_no_ht--;
219 if (sta->ht_20mhz_set) {
220 sta->ht_20mhz_set = 0;
221 hapd->iface->num_sta_ht_20mhz--;
224 #ifdef CONFIG_IEEE80211N
225 ht40_intolerant_remove(hapd->iface, sta);
226 #endif /* CONFIG_IEEE80211N */
229 if (sta->no_p2p_set) {
231 hapd->num_sta_no_p2p--;
232 if (hapd->num_sta_no_p2p == 0)
233 hostapd_p2p_non_p2p_sta_disconnected(hapd);
235 #endif /* CONFIG_P2P */
237 #if defined(NEED_AP_MLME) && defined(CONFIG_IEEE80211N)
238 if (hostapd_ht_operation_update(hapd->iface) > 0)
240 #endif /* NEED_AP_MLME && CONFIG_IEEE80211N */
243 if (hapd->mesh_sta_free_cb)
244 hapd->mesh_sta_free_cb(hapd, sta);
245 #endif /* CONFIG_MESH */
248 ieee802_11_set_beacons(hapd->iface);
250 wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR,
251 __func__, MAC2STR(sta->addr));
252 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
253 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
254 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
255 ap_sta_clear_disconnect_timeouts(hapd, sta);
256 sae_clear_retransmit_timer(hapd, sta);
258 ieee802_1x_free_station(hapd, sta);
259 wpa_auth_sta_deinit(sta->wpa_sm);
260 rsn_preauth_free_station(hapd, sta);
261 #ifndef CONFIG_NO_RADIUS
263 radius_client_flush_auth(hapd->radius, sta->addr);
264 #endif /* CONFIG_NO_RADIUS */
266 #ifndef CONFIG_NO_VLAN
268 * sta->wpa_sm->group needs to be released before so that
269 * vlan_remove_dynamic() can check that no stations are left on the
273 vlan_remove_dynamic(hapd, sta->vlan_id);
274 if (sta->vlan_id_bound) {
276 * Need to remove the STA entry before potentially removing the
279 if (hapd->iface->driver_ap_teardown &&
280 !(sta->flags & WLAN_STA_PREAUTH)) {
281 hostapd_drv_sta_remove(hapd, sta->addr);
282 sta->added_unassoc = 0;
284 vlan_remove_dynamic(hapd, sta->vlan_id_bound);
286 #endif /* CONFIG_NO_VLAN */
288 os_free(sta->challenge);
290 #ifdef CONFIG_IEEE80211W
291 os_free(sta->sa_query_trans_id);
292 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
293 #endif /* CONFIG_IEEE80211W */
296 p2p_group_notif_disassoc(hapd->p2p_group, sta->addr);
297 #endif /* CONFIG_P2P */
299 #ifdef CONFIG_INTERWORKING
300 if (sta->gas_dialog) {
302 for (i = 0; i < GAS_DIALOG_MAX; i++)
303 gas_serv_dialog_clear(&sta->gas_dialog[i]);
304 os_free(sta->gas_dialog);
306 #endif /* CONFIG_INTERWORKING */
308 wpabuf_free(sta->wps_ie);
309 wpabuf_free(sta->p2p_ie);
310 wpabuf_free(sta->hs20_ie);
312 wpabuf_free(sta->mb_ies);
313 #endif /* CONFIG_FST */
315 os_free(sta->ht_capabilities);
316 os_free(sta->vht_capabilities);
317 hostapd_free_psk_list(sta->psk);
318 os_free(sta->identity);
319 os_free(sta->radius_cui);
320 os_free(sta->remediation_url);
321 wpabuf_free(sta->hs20_deauth_req);
322 os_free(sta->hs20_session_info_url);
325 sae_clear_data(sta->sae);
327 #endif /* CONFIG_SAE */
333 void hostapd_free_stas(struct hostapd_data *hapd)
335 struct sta_info *sta, *prev;
337 sta = hapd->sta_list;
341 if (sta->flags & WLAN_STA_AUTH) {
342 mlme_deauthenticate_indication(
343 hapd, sta, WLAN_REASON_UNSPECIFIED);
346 wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
347 MAC2STR(prev->addr));
348 ap_free_sta(hapd, prev);
354 * ap_handle_timer - Per STA timer handler
355 * @eloop_ctx: struct hostapd_data *
356 * @timeout_ctx: struct sta_info *
358 * This function is called to check station activity and to remove inactive
361 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
363 struct hostapd_data *hapd = eloop_ctx;
364 struct sta_info *sta = timeout_ctx;
365 unsigned long next_time = 0;
368 wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d",
369 hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags,
371 if (sta->timeout_next == STA_REMOVE) {
372 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
373 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
374 "local deauth request");
375 ap_free_sta(hapd, sta);
379 if ((sta->flags & WLAN_STA_ASSOC) &&
380 (sta->timeout_next == STA_NULLFUNC ||
381 sta->timeout_next == STA_DISASSOC)) {
384 * Add random value to timeout so that we don't end up bouncing
385 * all stations at the same time if we have lots of associated
386 * stations that are idle (but keep re-associating).
388 int fuzz = os_random() % 20;
389 inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr);
390 if (inactive_sec == -1) {
391 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
392 "Check inactivity: Could not "
393 "get station info from kernel driver for "
394 MACSTR, MAC2STR(sta->addr));
396 * The driver may not support this functionality.
397 * Anyway, try again after the next inactivity timeout,
398 * but do not disconnect the station now.
400 next_time = hapd->conf->ap_max_inactivity + fuzz;
401 } else if (inactive_sec == -ENOENT) {
402 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
403 "Station " MACSTR " has lost its driver entry",
406 /* Avoid sending client probe on removed client */
407 sta->timeout_next = STA_DISASSOC;
409 } else if (inactive_sec < hapd->conf->ap_max_inactivity) {
410 /* station activity detected; reset timeout state */
411 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
412 "Station " MACSTR " has been active %is ago",
413 MAC2STR(sta->addr), inactive_sec);
414 sta->timeout_next = STA_NULLFUNC;
415 next_time = hapd->conf->ap_max_inactivity + fuzz -
418 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
419 "Station " MACSTR " has been "
420 "inactive too long: %d sec, max allowed: %d",
421 MAC2STR(sta->addr), inactive_sec,
422 hapd->conf->ap_max_inactivity);
424 if (hapd->conf->skip_inactivity_poll)
425 sta->timeout_next = STA_DISASSOC;
429 if ((sta->flags & WLAN_STA_ASSOC) &&
430 sta->timeout_next == STA_DISASSOC &&
431 !(sta->flags & WLAN_STA_PENDING_POLL) &&
432 !hapd->conf->skip_inactivity_poll) {
433 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
434 " has ACKed data poll", MAC2STR(sta->addr));
435 /* data nullfunc frame poll did not produce TX errors; assume
436 * station ACKed it */
437 sta->timeout_next = STA_NULLFUNC;
438 next_time = hapd->conf->ap_max_inactivity;
443 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
444 "for " MACSTR " (%lu seconds)",
445 __func__, MAC2STR(sta->addr), next_time);
446 eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
451 if (sta->timeout_next == STA_NULLFUNC &&
452 (sta->flags & WLAN_STA_ASSOC)) {
453 wpa_printf(MSG_DEBUG, " Polling STA");
454 sta->flags |= WLAN_STA_PENDING_POLL;
455 hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr,
456 sta->flags & WLAN_STA_WMM);
457 } else if (sta->timeout_next != STA_REMOVE) {
458 int deauth = sta->timeout_next == STA_DEAUTH;
460 wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
461 "Timeout, sending %s info to STA " MACSTR,
462 deauth ? "deauthentication" : "disassociation",
466 hostapd_drv_sta_deauth(
468 WLAN_REASON_PREV_AUTH_NOT_VALID);
470 reason = (sta->timeout_next == STA_DISASSOC) ?
471 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
472 WLAN_REASON_PREV_AUTH_NOT_VALID;
474 hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
478 switch (sta->timeout_next) {
480 sta->timeout_next = STA_DISASSOC;
481 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
482 "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)",
483 __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY);
484 eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
488 case STA_DISASSOC_FROM_CLI:
489 ap_sta_set_authorized(hapd, sta, 0);
490 sta->flags &= ~WLAN_STA_ASSOC;
491 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
492 if (!sta->acct_terminate_cause)
493 sta->acct_terminate_cause =
494 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
495 accounting_sta_stop(hapd, sta);
496 ieee802_1x_free_station(hapd, sta);
497 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
498 HOSTAPD_LEVEL_INFO, "disassociated due to "
500 reason = (sta->timeout_next == STA_DISASSOC) ?
501 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
502 WLAN_REASON_PREV_AUTH_NOT_VALID;
503 sta->timeout_next = STA_DEAUTH;
504 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
505 "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)",
506 __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY);
507 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
509 mlme_disassociate_indication(hapd, sta, reason);
513 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
514 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
515 "inactivity (timer DEAUTH/REMOVE)");
516 if (!sta->acct_terminate_cause)
517 sta->acct_terminate_cause =
518 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
519 mlme_deauthenticate_indication(
521 WLAN_REASON_PREV_AUTH_NOT_VALID);
522 ap_free_sta(hapd, sta);
528 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
530 struct hostapd_data *hapd = eloop_ctx;
531 struct sta_info *sta = timeout_ctx;
533 wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
534 hapd->conf->iface, MAC2STR(sta->addr));
535 if (!(sta->flags & WLAN_STA_AUTH)) {
536 if (sta->flags & WLAN_STA_GAS) {
537 wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
538 "entry " MACSTR, MAC2STR(sta->addr));
539 ap_free_sta(hapd, sta);
544 hostapd_drv_sta_deauth(hapd, sta->addr,
545 WLAN_REASON_PREV_AUTH_NOT_VALID);
546 mlme_deauthenticate_indication(hapd, sta,
547 WLAN_REASON_PREV_AUTH_NOT_VALID);
548 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
549 HOSTAPD_LEVEL_INFO, "deauthenticated due to "
551 sta->acct_terminate_cause =
552 RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
553 ap_free_sta(hapd, sta);
557 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta,
560 if (eloop_replenish_timeout(session_timeout, 0,
561 ap_handle_session_timer, hapd, sta) == 1) {
562 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
563 HOSTAPD_LEVEL_DEBUG, "setting session timeout "
564 "to %d seconds", session_timeout);
569 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
572 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
573 HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
574 "seconds", session_timeout);
575 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
576 eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
581 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
583 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
587 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx)
590 struct hostapd_data *hapd = eloop_ctx;
591 struct sta_info *sta = timeout_ctx;
593 wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for "
594 MACSTR, hapd->conf->iface, MAC2STR(sta->addr));
595 if (sta->hs20_session_info_url == NULL)
598 wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url,
599 sta->hs20_disassoc_timer);
600 #endif /* CONFIG_WNM */
604 void ap_sta_session_warning_timeout(struct hostapd_data *hapd,
605 struct sta_info *sta, int warning_time)
607 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
608 eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer,
613 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
615 struct sta_info *sta;
617 sta = ap_get_sta(hapd, addr);
621 wpa_printf(MSG_DEBUG, " New STA");
622 if (hapd->num_sta >= hapd->conf->max_num_sta) {
623 /* FIX: might try to remove some old STAs first? */
624 wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
625 hapd->num_sta, hapd->conf->max_num_sta);
629 sta = os_zalloc(sizeof(struct sta_info));
631 wpa_printf(MSG_ERROR, "malloc failed");
634 sta->acct_interim_interval = hapd->conf->acct_interim_interval;
635 if (accounting_sta_get_id(hapd, sta) < 0) {
640 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) {
641 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
642 "for " MACSTR " (%d seconds - ap_max_inactivity)",
643 __func__, MAC2STR(addr),
644 hapd->conf->ap_max_inactivity);
645 eloop_register_timeout(hapd->conf->ap_max_inactivity, 0,
646 ap_handle_timer, hapd, sta);
649 /* initialize STA info data */
650 os_memcpy(sta->addr, addr, ETH_ALEN);
651 sta->next = hapd->sta_list;
652 hapd->sta_list = sta;
654 ap_sta_hash_add(hapd, sta);
655 ap_sta_remove_in_other_bss(hapd, sta);
656 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
657 dl_list_init(&sta->ip6addr);
663 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
665 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
668 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
669 ap_sta_ip6addr_del(hapd, sta);
671 wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver",
672 hapd->conf->iface, MAC2STR(sta->addr));
673 if (hostapd_drv_sta_remove(hapd, sta->addr) &&
674 sta->flags & WLAN_STA_ASSOC) {
675 wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR
676 " from kernel driver",
677 hapd->conf->iface, MAC2STR(sta->addr));
680 sta->added_unassoc = 0;
685 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
686 struct sta_info *sta)
688 struct hostapd_iface *iface = hapd->iface;
691 for (i = 0; i < iface->num_bss; i++) {
692 struct hostapd_data *bss = iface->bss[i];
693 struct sta_info *sta2;
694 /* bss should always be set during operation, but it may be
695 * NULL during reconfiguration. Assume the STA is not
696 * associated to another BSS in that case to avoid NULL pointer
698 if (bss == hapd || bss == NULL)
700 sta2 = ap_get_sta(bss, sta->addr);
704 wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR
705 " association from another BSS %s",
706 hapd->conf->iface, MAC2STR(sta2->addr),
708 ap_sta_disconnect(bss, sta2, sta2->addr,
709 WLAN_REASON_PREV_AUTH_NOT_VALID);
714 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx)
716 struct hostapd_data *hapd = eloop_ctx;
717 struct sta_info *sta = timeout_ctx;
719 wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR,
720 hapd->conf->iface, MAC2STR(sta->addr));
721 ap_sta_remove(hapd, sta);
722 mlme_disassociate_indication(hapd, sta, sta->disassoc_reason);
726 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
729 wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
730 hapd->conf->iface, MAC2STR(sta->addr));
731 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
732 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
733 ap_sta_set_authorized(hapd, sta, 0);
734 sta->timeout_next = STA_DEAUTH;
735 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
736 "for " MACSTR " (%d seconds - "
737 "AP_MAX_INACTIVITY_AFTER_DISASSOC)",
738 __func__, MAC2STR(sta->addr),
739 AP_MAX_INACTIVITY_AFTER_DISASSOC);
740 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
741 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
742 ap_handle_timer, hapd, sta);
743 accounting_sta_stop(hapd, sta);
744 ieee802_1x_free_station(hapd, sta);
746 sta->disassoc_reason = reason;
747 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
748 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
749 eloop_register_timeout(hapd->iface->drv_flags &
750 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
751 ap_sta_disassoc_cb_timeout, hapd, sta);
755 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx)
757 struct hostapd_data *hapd = eloop_ctx;
758 struct sta_info *sta = timeout_ctx;
760 wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR,
761 hapd->conf->iface, MAC2STR(sta->addr));
762 ap_sta_remove(hapd, sta);
763 mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason);
767 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
770 wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
771 hapd->conf->iface, MAC2STR(sta->addr));
772 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
773 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
774 ap_sta_set_authorized(hapd, sta, 0);
775 sta->timeout_next = STA_REMOVE;
776 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
777 "for " MACSTR " (%d seconds - "
778 "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
779 __func__, MAC2STR(sta->addr),
780 AP_MAX_INACTIVITY_AFTER_DEAUTH);
781 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
782 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
783 ap_handle_timer, hapd, sta);
784 accounting_sta_stop(hapd, sta);
785 ieee802_1x_free_station(hapd, sta);
787 sta->deauth_reason = reason;
788 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
789 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
790 eloop_register_timeout(hapd->iface->drv_flags &
791 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
792 ap_sta_deauth_cb_timeout, hapd, sta);
797 int ap_sta_wps_cancel(struct hostapd_data *hapd,
798 struct sta_info *sta, void *ctx)
800 if (sta && (sta->flags & WLAN_STA_WPS)) {
801 ap_sta_deauthenticate(hapd, sta,
802 WLAN_REASON_PREV_AUTH_NOT_VALID);
803 wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR,
804 __func__, MAC2STR(sta->addr));
810 #endif /* CONFIG_WPS */
813 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd)
815 struct hostapd_vlan *vlan;
816 int vlan_id = MAX_VLAN_ID + 2;
819 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
820 if (vlan->vlan_id == vlan_id) {
829 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta,
830 struct vlan_description *vlan_desc)
832 struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL;
833 int old_vlan_id, vlan_id = 0, ret = 0;
835 if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED)
838 /* Check if there is something to do */
839 if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) {
840 /* This sta is lacking its own vif */
841 } else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED &&
842 !hapd->conf->ssid.per_sta_vif && sta->vlan_id) {
843 /* sta->vlan_id needs to be reset */
844 } else if (!vlan_compare(vlan_desc, sta->vlan_desc)) {
845 return 0; /* nothing to change */
848 /* Now the real VLAN changed or the STA just needs its own vif */
849 if (hapd->conf->ssid.per_sta_vif) {
850 /* Assign a new vif, always */
851 /* find a free vlan_id sufficiently big */
852 vlan_id = ap_sta_get_free_vlan_id(hapd);
853 /* Get wildcard VLAN */
854 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
855 if (vlan->vlan_id == VLAN_ID_WILDCARD)
859 hostapd_logger(hapd, sta->addr,
860 HOSTAPD_MODULE_IEEE80211,
862 "per_sta_vif missing wildcard");
867 } else if (vlan_desc && vlan_desc->notempty) {
868 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
869 if (!vlan_compare(&vlan->vlan_desc, vlan_desc))
871 if (vlan->vlan_id == VLAN_ID_WILDCARD)
872 wildcard_vlan = vlan;
875 vlan_id = vlan->vlan_id;
876 } else if (wildcard_vlan) {
877 vlan = wildcard_vlan;
878 vlan_id = vlan_desc->untagged;
879 if (vlan_desc->tagged[0]) {
880 /* Tagged VLAN configuration */
881 vlan_id = ap_sta_get_free_vlan_id(hapd);
884 hostapd_logger(hapd, sta->addr,
885 HOSTAPD_MODULE_IEEE80211,
887 "missing vlan and wildcard for vlan=%d%s",
889 vlan_desc->tagged[0] ? "+" : "");
896 if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) {
897 vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc);
899 hostapd_logger(hapd, sta->addr,
900 HOSTAPD_MODULE_IEEE80211,
902 "could not add dynamic VLAN interface for vlan=%d%s",
904 vlan_desc->tagged[0] ? "+" : "");
910 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
912 "added new dynamic VLAN interface '%s'",
914 } else if (vlan && vlan->dynamic_vlan > 0) {
915 vlan->dynamic_vlan++;
916 hostapd_logger(hapd, sta->addr,
917 HOSTAPD_MODULE_IEEE80211,
919 "updated existing dynamic VLAN interface '%s'",
923 old_vlan_id = sta->vlan_id;
924 sta->vlan_id = vlan_id;
925 sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL;
927 if (vlan_id != old_vlan_id && old_vlan_id)
928 vlan_remove_dynamic(hapd, old_vlan_id);
934 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta)
936 #ifndef CONFIG_NO_VLAN
938 struct hostapd_vlan *vlan = NULL;
940 int old_vlanid = sta->vlan_id_bound;
942 iface = hapd->conf->iface;
943 if (hapd->conf->ssid.vlan[0])
944 iface = hapd->conf->ssid.vlan;
946 if (sta->vlan_id > 0) {
947 for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
948 if (vlan->vlan_id == sta->vlan_id)
952 iface = vlan->ifname;
956 * Do not increment ref counters if the VLAN ID remains same, but do
957 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might
958 * have been called before.
960 if (sta->vlan_id == old_vlanid)
963 if (sta->vlan_id > 0 && vlan == NULL) {
964 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
965 HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
966 "binding station to (vlan_id=%d)",
970 } else if (vlan && vlan->dynamic_vlan > 0) {
971 vlan->dynamic_vlan++;
972 hostapd_logger(hapd, sta->addr,
973 HOSTAPD_MODULE_IEEE80211,
975 "updated existing dynamic VLAN interface '%s'",
979 /* ref counters have been increased, so mark the station */
980 sta->vlan_id_bound = sta->vlan_id;
983 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
984 HOSTAPD_LEVEL_DEBUG, "binding station to interface "
987 if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
988 wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
990 ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id);
992 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
993 HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
994 "entry to vlan_id=%d", sta->vlan_id);
997 /* During 1x reauth, if the vlan id changes, then remove the old id. */
998 if (old_vlanid > 0 && old_vlanid != sta->vlan_id)
999 vlan_remove_dynamic(hapd, old_vlanid);
1003 #else /* CONFIG_NO_VLAN */
1005 #endif /* CONFIG_NO_VLAN */
1009 #ifdef CONFIG_IEEE80211W
1011 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
1014 struct os_reltime now, passed;
1015 os_get_reltime(&now);
1016 os_reltime_sub(&now, &sta->sa_query_start, &passed);
1017 tu = (passed.sec * 1000000 + passed.usec) / 1024;
1018 if (hapd->conf->assoc_sa_query_max_timeout < tu) {
1019 hostapd_logger(hapd, sta->addr,
1020 HOSTAPD_MODULE_IEEE80211,
1021 HOSTAPD_LEVEL_DEBUG,
1022 "association SA Query timed out");
1023 sta->sa_query_timed_out = 1;
1024 os_free(sta->sa_query_trans_id);
1025 sta->sa_query_trans_id = NULL;
1026 sta->sa_query_count = 0;
1027 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1035 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
1037 struct hostapd_data *hapd = eloop_ctx;
1038 struct sta_info *sta = timeout_ctx;
1039 unsigned int timeout, sec, usec;
1040 u8 *trans_id, *nbuf;
1042 wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR
1044 hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count);
1046 if (sta->sa_query_count > 0 &&
1047 ap_check_sa_query_timeout(hapd, sta))
1050 nbuf = os_realloc_array(sta->sa_query_trans_id,
1051 sta->sa_query_count + 1,
1052 WLAN_SA_QUERY_TR_ID_LEN);
1055 if (sta->sa_query_count == 0) {
1056 /* Starting a new SA Query procedure */
1057 os_get_reltime(&sta->sa_query_start);
1059 trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
1060 sta->sa_query_trans_id = nbuf;
1061 sta->sa_query_count++;
1063 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
1065 * We don't really care which ID is used here, so simply
1066 * hardcode this if the mostly theoretical os_get_random()
1073 timeout = hapd->conf->assoc_sa_query_retry_timeout;
1074 sec = ((timeout / 1000) * 1024) / 1000;
1075 usec = (timeout % 1000) * 1024;
1076 eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta);
1078 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1079 HOSTAPD_LEVEL_DEBUG,
1080 "association SA Query attempt %d", sta->sa_query_count);
1082 ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id);
1086 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1088 ap_sa_query_timer(hapd, sta);
1092 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1094 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1095 os_free(sta->sa_query_trans_id);
1096 sta->sa_query_trans_id = NULL;
1097 sta->sa_query_count = 0;
1100 #endif /* CONFIG_IEEE80211W */
1103 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
1106 const u8 *dev_addr = NULL;
1111 #endif /* CONFIG_P2P */
1113 if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
1117 sta->flags |= WLAN_STA_AUTHORIZED;
1119 sta->flags &= ~WLAN_STA_AUTHORIZED;
1122 if (hapd->p2p_group == NULL) {
1123 if (sta->p2p_ie != NULL &&
1124 p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0)
1127 dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr);
1130 os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR,
1131 MAC2STR(sta->addr), MAC2STR(dev_addr));
1133 #endif /* CONFIG_P2P */
1134 os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
1136 if (hapd->sta_authorized_cb)
1137 hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
1138 sta->addr, authorized, dev_addr);
1144 if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
1145 os_snprintf(ip_addr, sizeof(ip_addr),
1146 " ip_addr=%u.%u.%u.%u",
1147 ip_addr_buf[0], ip_addr_buf[1],
1148 ip_addr_buf[2], ip_addr_buf[3]);
1150 #endif /* CONFIG_P2P */
1152 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s",
1155 if (hapd->msg_ctx_parent &&
1156 hapd->msg_ctx_parent != hapd->msg_ctx)
1157 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1158 AP_STA_CONNECTED "%s%s",
1161 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
1163 if (hapd->msg_ctx_parent &&
1164 hapd->msg_ctx_parent != hapd->msg_ctx)
1165 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1166 AP_STA_DISCONNECTED "%s", buf);
1170 if (hapd->iface->fst) {
1172 fst_notify_peer_connected(hapd->iface->fst, sta->addr);
1174 fst_notify_peer_disconnected(hapd->iface->fst,
1177 #endif /* CONFIG_FST */
1181 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
1182 const u8 *addr, u16 reason)
1185 wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u",
1186 hapd->conf->iface, __func__, MAC2STR(sta->addr),
1189 wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u",
1190 hapd->conf->iface, __func__, MAC2STR(addr),
1193 if (sta == NULL && addr)
1194 sta = ap_get_sta(hapd, addr);
1197 hostapd_drv_sta_deauth(hapd, addr, reason);
1201 ap_sta_set_authorized(hapd, sta, 0);
1202 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
1203 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
1204 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1205 wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout "
1206 "for " MACSTR " (%d seconds - "
1207 "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
1208 hapd->conf->iface, __func__, MAC2STR(sta->addr),
1209 AP_MAX_INACTIVITY_AFTER_DEAUTH);
1210 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
1211 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
1212 ap_handle_timer, hapd, sta);
1213 sta->timeout_next = STA_REMOVE;
1215 sta->deauth_reason = reason;
1216 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
1217 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1218 eloop_register_timeout(hapd->iface->drv_flags &
1219 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
1220 ap_sta_deauth_cb_timeout, hapd, sta);
1224 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
1226 if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
1227 wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
1230 sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
1231 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1232 ap_sta_deauth_cb_timeout(hapd, sta);
1236 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
1238 if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
1239 wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
1242 sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
1243 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1244 ap_sta_disassoc_cb_timeout(hapd, sta);
1248 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
1249 struct sta_info *sta)
1251 if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0)
1252 wpa_printf(MSG_DEBUG,
1253 "%s: Removed ap_sta_deauth_cb_timeout timeout for "
1255 hapd->conf->iface, MAC2STR(sta->addr));
1256 if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0)
1257 wpa_printf(MSG_DEBUG,
1258 "%s: Removed ap_sta_disassoc_cb_timeout timeout for "
1260 hapd->conf->iface, MAC2STR(sta->addr));
1264 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen)
1269 res = os_snprintf(buf, buflen, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
1270 (flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
1271 (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
1272 (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""),
1273 (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
1275 (flags & WLAN_STA_SHORT_PREAMBLE ?
1276 "[SHORT_PREAMBLE]" : ""),
1277 (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
1278 (flags & WLAN_STA_WMM ? "[WMM]" : ""),
1279 (flags & WLAN_STA_MFP ? "[MFP]" : ""),
1280 (flags & WLAN_STA_WPS ? "[WPS]" : ""),
1281 (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
1282 (flags & WLAN_STA_WDS ? "[WDS]" : ""),
1283 (flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
1284 (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""),
1285 (flags & WLAN_STA_GAS ? "[GAS]" : ""),
1286 (flags & WLAN_STA_VHT ? "[VHT]" : ""),
1287 (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""),
1288 (flags & WLAN_STA_WNM_SLEEP_MODE ?
1289 "[WNM_SLEEP_MODE]" : ""));
1290 if (os_snprintf_error(buflen, res))