2 * Interworking (IEEE 802.11u)
3 * Copyright (c) 2011-2013, Qualcomm Atheros, Inc.
4 * Copyright (c) 2011-2014, Jouni Malinen <j@w1.fi>
6 * This software may be distributed under the terms of the BSD license.
7 * See README for more details.
13 #include "common/ieee802_11_defs.h"
14 #include "common/gas.h"
15 #include "common/wpa_ctrl.h"
16 #include "utils/pcsc_funcs.h"
17 #include "utils/eloop.h"
18 #include "drivers/driver.h"
19 #include "eap_common/eap_defs.h"
20 #include "eap_peer/eap.h"
21 #include "eap_peer/eap_methods.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "rsn_supp/wpa.h"
24 #include "wpa_supplicant_i.h"
26 #include "config_ssid.h"
30 #include "gas_query.h"
31 #include "hs20_supplicant.h"
32 #include "interworking.h"
35 #if defined(EAP_SIM) | defined(EAP_SIM_DYNAMIC)
36 #define INTERWORKING_3GPP
38 #if defined(EAP_AKA) | defined(EAP_AKA_DYNAMIC)
39 #define INTERWORKING_3GPP
41 #if defined(EAP_AKA_PRIME) | defined(EAP_AKA_PRIME_DYNAMIC)
42 #define INTERWORKING_3GPP
47 static void interworking_next_anqp_fetch(struct wpa_supplicant *wpa_s);
48 static struct wpa_cred * interworking_credentials_available_realm(
49 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw);
50 static struct wpa_cred * interworking_credentials_available_3gpp(
51 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw);
54 static void interworking_reconnect(struct wpa_supplicant *wpa_s)
56 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
57 wpa_supplicant_cancel_sched_scan(wpa_s);
58 wpa_supplicant_deauthenticate(wpa_s,
59 WLAN_REASON_DEAUTH_LEAVING);
61 wpa_s->disconnected = 0;
62 wpa_s->reassociate = 1;
64 if (wpa_supplicant_fast_associate(wpa_s) >= 0)
67 wpa_supplicant_req_scan(wpa_s, 0, 0);
71 static struct wpabuf * anqp_build_req(u16 info_ids[], size_t num_ids,
78 buf = gas_anqp_build_initial_req(0, 4 + num_ids * 2 +
79 (extra ? wpabuf_len(extra) : 0));
83 len_pos = gas_anqp_add_element(buf, ANQP_QUERY_LIST);
84 for (i = 0; i < num_ids; i++)
85 wpabuf_put_le16(buf, info_ids[i]);
86 gas_anqp_set_element_len(buf, len_pos);
88 wpabuf_put_buf(buf, extra);
90 gas_anqp_set_len(buf);
96 static void interworking_anqp_resp_cb(void *ctx, const u8 *dst,
98 enum gas_query_result result,
99 const struct wpabuf *adv_proto,
100 const struct wpabuf *resp,
103 struct wpa_supplicant *wpa_s = ctx;
105 wpa_printf(MSG_DEBUG, "ANQP: Response callback dst=" MACSTR
106 " dialog_token=%u result=%d status_code=%u",
107 MAC2STR(dst), dialog_token, result, status_code);
108 anqp_resp_cb(wpa_s, dst, dialog_token, result, adv_proto, resp,
110 interworking_next_anqp_fetch(wpa_s);
114 static int cred_with_roaming_consortium(struct wpa_supplicant *wpa_s)
116 struct wpa_cred *cred;
118 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
119 if (cred->roaming_consortium_len)
121 if (cred->required_roaming_consortium_len)
128 static int cred_with_3gpp(struct wpa_supplicant *wpa_s)
130 struct wpa_cred *cred;
132 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
133 if (cred->pcsc || cred->imsi)
140 static int cred_with_nai_realm(struct wpa_supplicant *wpa_s)
142 struct wpa_cred *cred;
144 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
145 if (cred->pcsc || cred->imsi)
147 if (!cred->eap_method)
149 if (cred->realm && cred->roaming_consortium_len == 0)
156 static int cred_with_domain(struct wpa_supplicant *wpa_s)
158 struct wpa_cred *cred;
160 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
161 if (cred->domain || cred->pcsc || cred->imsi ||
162 cred->roaming_partner)
170 static int cred_with_min_backhaul(struct wpa_supplicant *wpa_s)
172 struct wpa_cred *cred;
174 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
175 if (cred->min_dl_bandwidth_home ||
176 cred->min_ul_bandwidth_home ||
177 cred->min_dl_bandwidth_roaming ||
178 cred->min_ul_bandwidth_roaming)
183 #endif /* CONFIG_HS20 */
186 static int additional_roaming_consortiums(struct wpa_bss *bss)
189 ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
190 if (ie == NULL || ie[1] == 0)
192 return ie[2]; /* Number of ANQP OIs */
196 static void interworking_continue_anqp(void *eloop_ctx, void *sock_ctx)
198 struct wpa_supplicant *wpa_s = eloop_ctx;
199 interworking_next_anqp_fetch(wpa_s);
203 static int interworking_anqp_send_req(struct wpa_supplicant *wpa_s,
210 size_t num_info_ids = 0;
211 struct wpabuf *extra = NULL;
212 int all = wpa_s->fetch_all_anqp;
214 wpa_printf(MSG_DEBUG, "Interworking: ANQP Query Request to " MACSTR,
215 MAC2STR(bss->bssid));
216 wpa_s->interworking_gas_bss = bss;
218 info_ids[num_info_ids++] = ANQP_CAPABILITY_LIST;
220 info_ids[num_info_ids++] = ANQP_VENUE_NAME;
221 info_ids[num_info_ids++] = ANQP_NETWORK_AUTH_TYPE;
223 if (all || (cred_with_roaming_consortium(wpa_s) &&
224 additional_roaming_consortiums(bss)))
225 info_ids[num_info_ids++] = ANQP_ROAMING_CONSORTIUM;
227 info_ids[num_info_ids++] = ANQP_IP_ADDR_TYPE_AVAILABILITY;
228 if (all || cred_with_nai_realm(wpa_s))
229 info_ids[num_info_ids++] = ANQP_NAI_REALM;
230 if (all || cred_with_3gpp(wpa_s))
231 info_ids[num_info_ids++] = ANQP_3GPP_CELLULAR_NETWORK;
232 if (all || cred_with_domain(wpa_s))
233 info_ids[num_info_ids++] = ANQP_DOMAIN_NAME;
234 wpa_hexdump(MSG_DEBUG, "Interworking: ANQP Query info",
235 (u8 *) info_ids, num_info_ids * 2);
238 if (wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) {
241 extra = wpabuf_alloc(100);
245 len_pos = gas_anqp_add_element(extra, ANQP_VENDOR_SPECIFIC);
246 wpabuf_put_be24(extra, OUI_WFA);
247 wpabuf_put_u8(extra, HS20_ANQP_OUI_TYPE);
248 wpabuf_put_u8(extra, HS20_STYPE_QUERY_LIST);
249 wpabuf_put_u8(extra, 0); /* Reserved */
250 wpabuf_put_u8(extra, HS20_STYPE_CAPABILITY_LIST);
253 HS20_STYPE_OPERATOR_FRIENDLY_NAME);
254 if (all || cred_with_min_backhaul(wpa_s))
255 wpabuf_put_u8(extra, HS20_STYPE_WAN_METRICS);
257 wpabuf_put_u8(extra, HS20_STYPE_CONNECTION_CAPABILITY);
259 wpabuf_put_u8(extra, HS20_STYPE_OPERATING_CLASS);
261 wpabuf_put_u8(extra, HS20_STYPE_OSU_PROVIDERS_LIST);
262 gas_anqp_set_element_len(extra, len_pos);
264 #endif /* CONFIG_HS20 */
266 buf = anqp_build_req(info_ids, num_info_ids, extra);
271 res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, buf,
272 interworking_anqp_resp_cb, wpa_s);
274 wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
277 eloop_register_timeout(0, 0, interworking_continue_anqp, wpa_s,
280 wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
287 struct nai_realm_eap {
290 enum nai_realm_eap_auth_inner_non_eap inner_non_eap;
292 u8 tunneled_cred_type;
299 struct nai_realm_eap *eap;
303 static void nai_realm_free(struct nai_realm *realms, u16 count)
309 for (i = 0; i < count; i++) {
310 os_free(realms[i].eap);
311 os_free(realms[i].realm);
317 static const u8 * nai_realm_parse_eap(struct nai_realm_eap *e, const u8 *pos,
320 u8 elen, auth_count, a;
324 wpa_printf(MSG_DEBUG, "No room for EAP Method fixed fields");
329 if (pos + elen > end || elen < 2) {
330 wpa_printf(MSG_DEBUG, "No room for EAP Method subfield");
336 wpa_printf(MSG_DEBUG, "EAP Method: len=%u method=%u auth_count=%u",
337 elen, e->method, auth_count);
339 for (a = 0; a < auth_count; a++) {
342 if (pos + 2 > end || pos + 2 + pos[1] > end) {
343 wpa_printf(MSG_DEBUG, "No room for Authentication "
344 "Parameter subfield");
352 case NAI_REALM_EAP_AUTH_NON_EAP_INNER_AUTH:
355 e->inner_non_eap = *pos;
356 if (e->method != EAP_TYPE_TTLS)
359 case NAI_REALM_INNER_NON_EAP_PAP:
360 wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP");
362 case NAI_REALM_INNER_NON_EAP_CHAP:
363 wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP");
365 case NAI_REALM_INNER_NON_EAP_MSCHAP:
366 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP");
368 case NAI_REALM_INNER_NON_EAP_MSCHAPV2:
369 wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2");
373 case NAI_REALM_EAP_AUTH_INNER_AUTH_EAP_METHOD:
376 e->inner_method = *pos;
377 wpa_printf(MSG_DEBUG, "Inner EAP method: %u",
380 case NAI_REALM_EAP_AUTH_CRED_TYPE:
384 wpa_printf(MSG_DEBUG, "Credential Type: %u",
387 case NAI_REALM_EAP_AUTH_TUNNELED_CRED_TYPE:
390 e->tunneled_cred_type = *pos;
391 wpa_printf(MSG_DEBUG, "Tunneled EAP Method Credential "
392 "Type: %u", e->tunneled_cred_type);
395 wpa_printf(MSG_DEBUG, "Unsupported Authentication "
396 "Parameter: id=%u len=%u", id, len);
397 wpa_hexdump(MSG_DEBUG, "Authentication Parameter "
409 static const u8 * nai_realm_parse_realm(struct nai_realm *r, const u8 *pos,
417 wpa_printf(MSG_DEBUG, "No room for NAI Realm Data "
422 len = WPA_GET_LE16(pos); /* NAI Realm Data field Length */
424 if (pos + len > end || len < 3) {
425 wpa_printf(MSG_DEBUG, "No room for NAI Realm Data "
427 len, (unsigned int) (end - pos));
432 r->encoding = *pos++;
434 if (pos + realm_len > f_end) {
435 wpa_printf(MSG_DEBUG, "No room for NAI Realm "
437 realm_len, (unsigned int) (f_end - pos));
440 wpa_hexdump_ascii(MSG_DEBUG, "NAI Realm", pos, realm_len);
441 r->realm = dup_binstr(pos, realm_len);
442 if (r->realm == NULL)
446 if (pos + 1 > f_end) {
447 wpa_printf(MSG_DEBUG, "No room for EAP Method Count");
450 r->eap_count = *pos++;
451 wpa_printf(MSG_DEBUG, "EAP Count: %u", r->eap_count);
452 if (pos + r->eap_count * 3 > f_end) {
453 wpa_printf(MSG_DEBUG, "No room for EAP Methods");
456 r->eap = os_calloc(r->eap_count, sizeof(struct nai_realm_eap));
460 for (e = 0; e < r->eap_count; e++) {
461 pos = nai_realm_parse_eap(&r->eap[e], pos, f_end);
470 static struct nai_realm * nai_realm_parse(struct wpabuf *anqp, u16 *count)
472 struct nai_realm *realm;
476 if (anqp == NULL || wpabuf_len(anqp) < 2)
479 pos = wpabuf_head_u8(anqp);
480 end = pos + wpabuf_len(anqp);
481 num = WPA_GET_LE16(pos);
482 wpa_printf(MSG_DEBUG, "NAI Realm Count: %u", num);
485 if (num * 5 > end - pos) {
486 wpa_printf(MSG_DEBUG, "Invalid NAI Realm Count %u - not "
487 "enough data (%u octets) for that many realms",
488 num, (unsigned int) (end - pos));
492 realm = os_calloc(num, sizeof(struct nai_realm));
496 for (i = 0; i < num; i++) {
497 pos = nai_realm_parse_realm(&realm[i], pos, end);
499 nai_realm_free(realm, num);
509 static int nai_realm_match(struct nai_realm *realm, const char *home_realm)
511 char *tmp, *pos, *end;
514 if (realm->realm == NULL || home_realm == NULL)
517 if (os_strchr(realm->realm, ';') == NULL)
518 return os_strcasecmp(realm->realm, home_realm) == 0;
520 tmp = os_strdup(realm->realm);
526 end = os_strchr(pos, ';');
529 if (os_strcasecmp(pos, home_realm) == 0) {
544 static int nai_realm_cred_username(struct nai_realm_eap *eap)
546 if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL)
547 return 0; /* method not supported */
549 if (eap->method != EAP_TYPE_TTLS && eap->method != EAP_TYPE_PEAP &&
550 eap->method != EAP_TYPE_FAST) {
551 /* Only tunneled methods with username/password supported */
555 if (eap->method == EAP_TYPE_PEAP || eap->method == EAP_TYPE_FAST) {
556 if (eap->inner_method &&
557 eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL)
559 if (!eap->inner_method &&
560 eap_get_name(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2) == NULL)
564 if (eap->method == EAP_TYPE_TTLS) {
565 if (eap->inner_method == 0 && eap->inner_non_eap == 0)
566 return 1; /* Assume TTLS/MSCHAPv2 is used */
567 if (eap->inner_method &&
568 eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL)
570 if (eap->inner_non_eap &&
571 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_PAP &&
572 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_CHAP &&
573 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAP &&
574 eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAPV2)
578 if (eap->inner_method &&
579 eap->inner_method != EAP_TYPE_GTC &&
580 eap->inner_method != EAP_TYPE_MSCHAPV2)
587 static int nai_realm_cred_cert(struct nai_realm_eap *eap)
589 if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL)
590 return 0; /* method not supported */
592 if (eap->method != EAP_TYPE_TLS) {
593 /* Only EAP-TLS supported for credential authentication */
601 static struct nai_realm_eap * nai_realm_find_eap(struct wpa_cred *cred,
602 struct nai_realm *realm)
607 cred->username == NULL ||
608 cred->username[0] == '\0' ||
609 ((cred->password == NULL ||
610 cred->password[0] == '\0') &&
611 (cred->private_key == NULL ||
612 cred->private_key[0] == '\0')))
615 for (e = 0; e < realm->eap_count; e++) {
616 struct nai_realm_eap *eap = &realm->eap[e];
617 if (cred->password && cred->password[0] &&
618 nai_realm_cred_username(eap))
620 if (cred->private_key && cred->private_key[0] &&
621 nai_realm_cred_cert(eap))
629 #ifdef INTERWORKING_3GPP
631 static int plmn_id_match(struct wpabuf *anqp, const char *imsi, int mnc_len)
633 u8 plmn[3], plmn2[3];
638 * See Annex A of 3GPP TS 24.234 v8.1.0 for description. The network
639 * operator is allowed to include only two digits of the MNC, so allow
640 * matches based on both two and three digit MNC assumptions. Since some
641 * SIM/USIM cards may not expose MNC length conveniently, we may be
642 * provided the default MNC length 3 here and as such, checking with MNC
643 * length 2 is justifiable even though 3GPP TS 24.234 does not mention
644 * that case. Anyway, MCC/MNC pair where both 2 and 3 digit MNC is used
645 * with otherwise matching values would not be good idea in general, so
646 * this should not result in selecting incorrect networks.
648 /* Match with 3 digit MNC */
649 plmn[0] = (imsi[0] - '0') | ((imsi[1] - '0') << 4);
650 plmn[1] = (imsi[2] - '0') | ((imsi[5] - '0') << 4);
651 plmn[2] = (imsi[3] - '0') | ((imsi[4] - '0') << 4);
652 /* Match with 2 digit MNC */
653 plmn2[0] = (imsi[0] - '0') | ((imsi[1] - '0') << 4);
654 plmn2[1] = (imsi[2] - '0') | 0xf0;
655 plmn2[2] = (imsi[3] - '0') | ((imsi[4] - '0') << 4);
659 pos = wpabuf_head_u8(anqp);
660 end = pos + wpabuf_len(anqp);
664 wpa_printf(MSG_DEBUG, "Unsupported GUD version 0x%x", *pos);
669 if (pos + udhl > end) {
670 wpa_printf(MSG_DEBUG, "Invalid UDHL");
675 wpa_printf(MSG_DEBUG, "Interworking: Matching against MCC/MNC alternatives: %02x:%02x:%02x or %02x:%02x:%02x (IMSI %s, MNC length %d)",
676 plmn[0], plmn[1], plmn[2], plmn2[0], plmn2[1], plmn2[2],
679 while (pos + 2 <= end) {
688 if (iei == 0 && len > 0) {
691 wpa_hexdump(MSG_DEBUG, "Interworking: PLMN List information element",
694 for (i = 0; i < num; i++) {
697 if (os_memcmp(pos, plmn, 3) == 0 ||
698 os_memcmp(pos, plmn2, 3) == 0)
699 return 1; /* Found matching PLMN */
703 wpa_hexdump(MSG_DEBUG, "Interworking: Unrecognized 3GPP information element",
714 static int build_root_nai(char *nai, size_t nai_len, const char *imsi,
715 size_t mnc_len, char prefix)
717 const char *sep, *msin;
719 size_t msin_len, plmn_len;
722 * TS 23.003, Clause 14 (3GPP to WLAN Interworking)
724 * <aka:0|sim:1><IMSI>@wlan.mnc<MNC>.mcc<MCC>.3gppnetwork.org
725 * <MNC> is zero-padded to three digits in case two-digit MNC is used
728 if (imsi == NULL || os_strlen(imsi) > 16) {
729 wpa_printf(MSG_DEBUG, "No valid IMSI available");
732 sep = os_strchr(imsi, '-');
734 plmn_len = sep - imsi;
736 } else if (mnc_len && os_strlen(imsi) >= 3 + mnc_len) {
737 plmn_len = 3 + mnc_len;
738 msin = imsi + plmn_len;
741 if (plmn_len != 5 && plmn_len != 6)
743 msin_len = os_strlen(msin);
749 os_memcpy(pos, imsi, plmn_len);
751 os_memcpy(pos, msin, msin_len);
753 pos += os_snprintf(pos, end - pos, "@wlan.mnc");
763 pos += os_snprintf(pos, end - pos, ".mcc%c%c%c.3gppnetwork.org",
764 imsi[0], imsi[1], imsi[2]);
770 static int set_root_nai(struct wpa_ssid *ssid, const char *imsi, char prefix)
773 if (build_root_nai(nai, sizeof(nai), imsi, 0, prefix) < 0)
775 return wpa_config_set_quoted(ssid, "identity", nai);
778 #endif /* INTERWORKING_3GPP */
781 static int already_connected(struct wpa_supplicant *wpa_s,
782 struct wpa_cred *cred, struct wpa_bss *bss)
784 struct wpa_ssid *ssid;
786 if (wpa_s->wpa_state < WPA_ASSOCIATED || wpa_s->current_ssid == NULL)
789 ssid = wpa_s->current_ssid;
790 if (ssid->parent_cred != cred)
793 if (ssid->ssid_len != bss->ssid_len ||
794 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) != 0)
801 static void remove_duplicate_network(struct wpa_supplicant *wpa_s,
802 struct wpa_cred *cred,
805 struct wpa_ssid *ssid;
807 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
808 if (ssid->parent_cred != cred)
810 if (ssid->ssid_len != bss->ssid_len ||
811 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) != 0)
820 wpa_printf(MSG_DEBUG, "Interworking: Remove duplicate network entry for the same credential");
822 if (ssid == wpa_s->current_ssid) {
823 wpa_sm_set_config(wpa_s->wpa, NULL);
824 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
825 wpa_supplicant_deauthenticate(wpa_s,
826 WLAN_REASON_DEAUTH_LEAVING);
829 wpas_notify_network_removed(wpa_s, ssid);
830 wpa_config_remove_network(wpa_s->conf, ssid->id);
834 static int interworking_set_hs20_params(struct wpa_supplicant *wpa_s,
835 struct wpa_ssid *ssid)
837 if (wpa_config_set(ssid, "key_mgmt",
838 wpa_s->conf->pmf != NO_MGMT_FRAME_PROTECTION ?
839 "WPA-EAP WPA-EAP-SHA256" : "WPA-EAP", 0) < 0)
841 if (wpa_config_set(ssid, "proto", "RSN", 0) < 0)
843 if (wpa_config_set(ssid, "pairwise", "CCMP", 0) < 0)
849 static int interworking_connect_3gpp(struct wpa_supplicant *wpa_s,
850 struct wpa_cred *cred,
853 #ifdef INTERWORKING_3GPP
854 struct wpa_ssid *ssid;
859 if (bss->anqp == NULL || bss->anqp->anqp_3gpp == NULL)
862 wpa_printf(MSG_DEBUG, "Interworking: Connect with " MACSTR " (3GPP)",
863 MAC2STR(bss->bssid));
865 if (already_connected(wpa_s, cred, bss)) {
866 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
867 MAC2STR(bss->bssid));
871 remove_duplicate_network(wpa_s, cred, bss);
873 ssid = wpa_config_add_network(wpa_s->conf);
876 ssid->parent_cred = cred;
878 wpas_notify_network_added(wpa_s, ssid);
879 wpa_config_set_network_defaults(ssid);
880 ssid->priority = cred->priority;
882 ssid->ssid = os_zalloc(bss->ssid_len + 1);
883 if (ssid->ssid == NULL)
885 os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
886 ssid->ssid_len = bss->ssid_len;
888 if (interworking_set_hs20_params(wpa_s, ssid) < 0)
891 eap_type = EAP_TYPE_SIM;
892 if (cred->pcsc && wpa_s->scard && scard_supports_umts(wpa_s->scard))
893 eap_type = EAP_TYPE_AKA;
894 if (cred->eap_method && cred->eap_method[0].vendor == EAP_VENDOR_IETF) {
895 if (cred->eap_method[0].method == EAP_TYPE_SIM ||
896 cred->eap_method[0].method == EAP_TYPE_AKA ||
897 cred->eap_method[0].method == EAP_TYPE_AKA_PRIME)
898 eap_type = cred->eap_method[0].method;
904 res = wpa_config_set(ssid, "eap", "SIM", 0);
908 res = wpa_config_set(ssid, "eap", "AKA", 0);
910 case EAP_TYPE_AKA_PRIME:
912 res = wpa_config_set(ssid, "eap", "AKA'", 0);
919 wpa_printf(MSG_DEBUG, "Selected EAP method (%d) not supported",
924 if (!cred->pcsc && set_root_nai(ssid, cred->imsi, prefix) < 0) {
925 wpa_printf(MSG_DEBUG, "Failed to set Root NAI");
929 if (cred->milenage && cred->milenage[0]) {
930 if (wpa_config_set_quoted(ssid, "password",
933 } else if (cred->pcsc) {
934 if (wpa_config_set_quoted(ssid, "pcsc", "") < 0)
936 if (wpa_s->conf->pcsc_pin &&
937 wpa_config_set_quoted(ssid, "pin", wpa_s->conf->pcsc_pin)
942 if (cred->password && cred->password[0] &&
943 wpa_config_set_quoted(ssid, "password", cred->password) < 0)
946 wpa_s->next_ssid = ssid;
947 wpa_config_update_prio_list(wpa_s->conf);
948 interworking_reconnect(wpa_s);
953 wpas_notify_network_removed(wpa_s, ssid);
954 wpa_config_remove_network(wpa_s->conf, ssid->id);
955 #endif /* INTERWORKING_3GPP */
960 static int roaming_consortium_element_match(const u8 *ie, const u8 *rc_id,
970 end = ie + 2 + ie[1];
972 /* Roaming Consortium element:
974 * OI #1 and #2 lengths
975 * OI #1, [OI #2], [OI #3]
981 pos++; /* skip Number of ANQP OIs */
983 if (pos + (lens & 0x0f) + (lens >> 4) > end)
986 if ((lens & 0x0f) == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
990 if ((lens >> 4) == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
994 if (pos < end && (size_t) (end - pos) == rc_len &&
995 os_memcmp(pos, rc_id, rc_len) == 0)
1002 static int roaming_consortium_anqp_match(const struct wpabuf *anqp,
1003 const u8 *rc_id, size_t rc_len)
1005 const u8 *pos, *end;
1011 pos = wpabuf_head(anqp);
1012 end = pos + wpabuf_len(anqp);
1014 /* Set of <OI Length, OI> duples */
1017 if (pos + len > end)
1019 if (len == rc_len && os_memcmp(pos, rc_id, rc_len) == 0)
1028 static int roaming_consortium_match(const u8 *ie, const struct wpabuf *anqp,
1029 const u8 *rc_id, size_t rc_len)
1031 return roaming_consortium_element_match(ie, rc_id, rc_len) ||
1032 roaming_consortium_anqp_match(anqp, rc_id, rc_len);
1036 static int cred_no_required_oi_match(struct wpa_cred *cred, struct wpa_bss *bss)
1040 if (cred->required_roaming_consortium_len == 0)
1043 ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
1046 (bss->anqp == NULL || bss->anqp->roaming_consortium == NULL))
1049 return !roaming_consortium_match(ie,
1051 bss->anqp->roaming_consortium : NULL,
1052 cred->required_roaming_consortium,
1053 cred->required_roaming_consortium_len);
1057 static int cred_excluded_ssid(struct wpa_cred *cred, struct wpa_bss *bss)
1061 if (!cred->excluded_ssid)
1064 for (i = 0; i < cred->num_excluded_ssid; i++) {
1065 struct excluded_ssid *e = &cred->excluded_ssid[i];
1066 if (bss->ssid_len == e->ssid_len &&
1067 os_memcmp(bss->ssid, e->ssid, e->ssid_len) == 0)
1075 static int cred_below_min_backhaul(struct wpa_supplicant *wpa_s,
1076 struct wpa_cred *cred, struct wpa_bss *bss)
1079 unsigned int dl_bandwidth, ul_bandwidth;
1081 u8 wan_info, dl_load, ul_load;
1083 u32 ul_speed, dl_speed;
1085 if (!cred->min_dl_bandwidth_home &&
1086 !cred->min_ul_bandwidth_home &&
1087 !cred->min_dl_bandwidth_roaming &&
1088 !cred->min_ul_bandwidth_roaming)
1089 return 0; /* No bandwidth constraint specified */
1091 if (bss->anqp == NULL || bss->anqp->hs20_wan_metrics == NULL)
1092 return 0; /* No WAN Metrics known - ignore constraint */
1094 wan = wpabuf_head(bss->anqp->hs20_wan_metrics);
1096 if (wan_info & BIT(3))
1097 return 1; /* WAN link at capacity */
1098 lmd = WPA_GET_LE16(wan + 11);
1100 return 0; /* Downlink/Uplink Load was not measured */
1101 dl_speed = WPA_GET_LE32(wan + 1);
1102 ul_speed = WPA_GET_LE32(wan + 5);
1106 if (dl_speed >= 0xffffff)
1107 dl_bandwidth = dl_speed / 255 * (255 - dl_load);
1109 dl_bandwidth = dl_speed * (255 - dl_load) / 255;
1111 if (ul_speed >= 0xffffff)
1112 ul_bandwidth = ul_speed / 255 * (255 - ul_load);
1114 ul_bandwidth = ul_speed * (255 - ul_load) / 255;
1116 res = interworking_home_sp_cred(wpa_s, cred, bss->anqp ?
1117 bss->anqp->domain_name : NULL);
1119 if (cred->min_dl_bandwidth_home > dl_bandwidth)
1121 if (cred->min_ul_bandwidth_home > ul_bandwidth)
1124 if (cred->min_dl_bandwidth_roaming > dl_bandwidth)
1126 if (cred->min_ul_bandwidth_roaming > ul_bandwidth)
1134 static struct wpa_cred * interworking_credentials_available_roaming_consortium(
1135 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw)
1137 struct wpa_cred *cred, *selected = NULL;
1140 ie = wpa_bss_get_ie(bss, WLAN_EID_ROAMING_CONSORTIUM);
1143 (bss->anqp == NULL || bss->anqp->roaming_consortium == NULL))
1146 if (wpa_s->conf->cred == NULL)
1149 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1150 if (cred->roaming_consortium_len == 0)
1153 if (!roaming_consortium_match(ie,
1155 bss->anqp->roaming_consortium :
1157 cred->roaming_consortium,
1158 cred->roaming_consortium_len))
1161 if (cred_excluded_ssid(cred, bss))
1163 if (cred_no_required_oi_match(cred, bss))
1165 if (!ignore_bw && cred_below_min_backhaul(wpa_s, cred, bss))
1168 if (selected == NULL ||
1169 selected->priority < cred->priority)
1177 static int interworking_set_eap_params(struct wpa_ssid *ssid,
1178 struct wpa_cred *cred, int ttls)
1180 if (cred->eap_method) {
1181 ttls = cred->eap_method->vendor == EAP_VENDOR_IETF &&
1182 cred->eap_method->method == EAP_TYPE_TTLS;
1184 os_free(ssid->eap.eap_methods);
1185 ssid->eap.eap_methods =
1186 os_malloc(sizeof(struct eap_method_type) * 2);
1187 if (ssid->eap.eap_methods == NULL)
1189 os_memcpy(ssid->eap.eap_methods, cred->eap_method,
1190 sizeof(*cred->eap_method));
1191 ssid->eap.eap_methods[1].vendor = EAP_VENDOR_IETF;
1192 ssid->eap.eap_methods[1].method = EAP_TYPE_NONE;
1195 if (ttls && cred->username && cred->username[0]) {
1198 /* Use anonymous NAI in Phase 1 */
1199 pos = os_strchr(cred->username, '@');
1201 size_t buflen = 9 + os_strlen(pos) + 1;
1202 anon = os_malloc(buflen);
1205 os_snprintf(anon, buflen, "anonymous%s", pos);
1206 } else if (cred->realm) {
1207 size_t buflen = 10 + os_strlen(cred->realm) + 1;
1208 anon = os_malloc(buflen);
1211 os_snprintf(anon, buflen, "anonymous@%s", cred->realm);
1213 anon = os_strdup("anonymous");
1217 if (wpa_config_set_quoted(ssid, "anonymous_identity", anon) <
1225 if (cred->username && cred->username[0] &&
1226 wpa_config_set_quoted(ssid, "identity", cred->username) < 0)
1229 if (cred->password && cred->password[0]) {
1230 if (cred->ext_password &&
1231 wpa_config_set(ssid, "password", cred->password, 0) < 0)
1233 if (!cred->ext_password &&
1234 wpa_config_set_quoted(ssid, "password", cred->password) <
1239 if (cred->client_cert && cred->client_cert[0] &&
1240 wpa_config_set_quoted(ssid, "client_cert", cred->client_cert) < 0)
1244 if (cred->private_key &&
1245 os_strncmp(cred->private_key, "keystore://", 11) == 0) {
1246 /* Use OpenSSL engine configuration for Android keystore */
1247 if (wpa_config_set_quoted(ssid, "engine_id", "keystore") < 0 ||
1248 wpa_config_set_quoted(ssid, "key_id",
1249 cred->private_key + 11) < 0 ||
1250 wpa_config_set(ssid, "engine", "1", 0) < 0)
1253 #endif /* ANDROID */
1254 if (cred->private_key && cred->private_key[0] &&
1255 wpa_config_set_quoted(ssid, "private_key", cred->private_key) < 0)
1258 if (cred->private_key_passwd && cred->private_key_passwd[0] &&
1259 wpa_config_set_quoted(ssid, "private_key_passwd",
1260 cred->private_key_passwd) < 0)
1264 os_free(ssid->eap.phase1);
1265 ssid->eap.phase1 = os_strdup(cred->phase1);
1268 os_free(ssid->eap.phase2);
1269 ssid->eap.phase2 = os_strdup(cred->phase2);
1272 if (cred->ca_cert && cred->ca_cert[0] &&
1273 wpa_config_set_quoted(ssid, "ca_cert", cred->ca_cert) < 0)
1276 if (cred->domain_suffix_match && cred->domain_suffix_match[0] &&
1277 wpa_config_set_quoted(ssid, "domain_suffix_match",
1278 cred->domain_suffix_match) < 0)
1285 static int interworking_connect_roaming_consortium(
1286 struct wpa_supplicant *wpa_s, struct wpa_cred *cred,
1287 struct wpa_bss *bss)
1289 struct wpa_ssid *ssid;
1291 wpa_printf(MSG_DEBUG, "Interworking: Connect with " MACSTR " based on "
1292 "roaming consortium match", MAC2STR(bss->bssid));
1294 if (already_connected(wpa_s, cred, bss)) {
1295 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
1296 MAC2STR(bss->bssid));
1300 remove_duplicate_network(wpa_s, cred, bss);
1302 ssid = wpa_config_add_network(wpa_s->conf);
1305 ssid->parent_cred = cred;
1306 wpas_notify_network_added(wpa_s, ssid);
1307 wpa_config_set_network_defaults(ssid);
1308 ssid->priority = cred->priority;
1309 ssid->temporary = 1;
1310 ssid->ssid = os_zalloc(bss->ssid_len + 1);
1311 if (ssid->ssid == NULL)
1313 os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
1314 ssid->ssid_len = bss->ssid_len;
1316 if (interworking_set_hs20_params(wpa_s, ssid) < 0)
1319 if (cred->eap_method == NULL) {
1320 wpa_printf(MSG_DEBUG, "Interworking: No EAP method set for "
1321 "credential using roaming consortium");
1325 if (interworking_set_eap_params(
1327 cred->eap_method->vendor == EAP_VENDOR_IETF &&
1328 cred->eap_method->method == EAP_TYPE_TTLS) < 0)
1331 wpa_s->next_ssid = ssid;
1332 wpa_config_update_prio_list(wpa_s->conf);
1333 interworking_reconnect(wpa_s);
1338 wpas_notify_network_removed(wpa_s, ssid);
1339 wpa_config_remove_network(wpa_s->conf, ssid->id);
1344 int interworking_connect(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
1346 struct wpa_cred *cred, *cred_rc, *cred_3gpp;
1347 struct wpa_ssid *ssid;
1348 struct nai_realm *realm;
1349 struct nai_realm_eap *eap = NULL;
1353 if (wpa_s->conf->cred == NULL || bss == NULL)
1355 if (disallowed_bssid(wpa_s, bss->bssid) ||
1356 disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len)) {
1357 wpa_printf(MSG_DEBUG, "Interworking: Reject connection to disallowed BSS "
1358 MACSTR, MAC2STR(bss->bssid));
1362 if (!wpa_bss_get_ie(bss, WLAN_EID_RSN)) {
1364 * We currently support only HS 2.0 networks and those are
1365 * required to use WPA2-Enterprise.
1367 wpa_printf(MSG_DEBUG, "Interworking: Network does not use "
1372 cred_rc = interworking_credentials_available_roaming_consortium(wpa_s,
1375 wpa_printf(MSG_DEBUG, "Interworking: Highest roaming "
1376 "consortium matching credential priority %d",
1380 cred = interworking_credentials_available_realm(wpa_s, bss, 0);
1382 wpa_printf(MSG_DEBUG, "Interworking: Highest NAI Realm list "
1383 "matching credential priority %d",
1387 cred_3gpp = interworking_credentials_available_3gpp(wpa_s, bss, 0);
1389 wpa_printf(MSG_DEBUG, "Interworking: Highest 3GPP matching "
1390 "credential priority %d", cred_3gpp->priority);
1393 if (!cred_rc && !cred && !cred_3gpp) {
1394 cred_rc = interworking_credentials_available_roaming_consortium(
1397 wpa_printf(MSG_DEBUG, "Interworking: Highest roaming "
1398 "consortium matching credential priority %d "
1403 cred = interworking_credentials_available_realm(wpa_s, bss, 1);
1405 wpa_printf(MSG_DEBUG, "Interworking: Highest NAI Realm "
1406 "list matching credential priority %d "
1407 "(ignore BW)", cred->priority);
1410 cred_3gpp = interworking_credentials_available_3gpp(wpa_s, bss,
1413 wpa_printf(MSG_DEBUG, "Interworking: Highest 3GPP "
1414 "matching credential priority %d (ignore BW)",
1415 cred_3gpp->priority);
1420 (cred == NULL || cred_rc->priority >= cred->priority) &&
1421 (cred_3gpp == NULL || cred_rc->priority >= cred_3gpp->priority))
1422 return interworking_connect_roaming_consortium(wpa_s, cred_rc,
1426 (cred == NULL || cred_3gpp->priority >= cred->priority)) {
1427 return interworking_connect_3gpp(wpa_s, cred_3gpp, bss);
1431 wpa_printf(MSG_DEBUG, "Interworking: No matching credentials "
1432 "found for " MACSTR, MAC2STR(bss->bssid));
1436 realm = nai_realm_parse(bss->anqp ? bss->anqp->nai_realm : NULL,
1438 if (realm == NULL) {
1439 wpa_printf(MSG_DEBUG, "Interworking: Could not parse NAI "
1440 "Realm list from " MACSTR, MAC2STR(bss->bssid));
1444 for (i = 0; i < count; i++) {
1445 if (!nai_realm_match(&realm[i], cred->realm))
1447 eap = nai_realm_find_eap(cred, &realm[i]);
1453 wpa_printf(MSG_DEBUG, "Interworking: No matching credentials "
1454 "and EAP method found for " MACSTR,
1455 MAC2STR(bss->bssid));
1456 nai_realm_free(realm, count);
1460 wpa_printf(MSG_DEBUG, "Interworking: Connect with " MACSTR,
1461 MAC2STR(bss->bssid));
1463 if (already_connected(wpa_s, cred, bss)) {
1464 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_ALREADY_CONNECTED MACSTR,
1465 MAC2STR(bss->bssid));
1466 nai_realm_free(realm, count);
1470 remove_duplicate_network(wpa_s, cred, bss);
1472 ssid = wpa_config_add_network(wpa_s->conf);
1474 nai_realm_free(realm, count);
1477 ssid->parent_cred = cred;
1478 wpas_notify_network_added(wpa_s, ssid);
1479 wpa_config_set_network_defaults(ssid);
1480 ssid->priority = cred->priority;
1481 ssid->temporary = 1;
1482 ssid->ssid = os_zalloc(bss->ssid_len + 1);
1483 if (ssid->ssid == NULL)
1485 os_memcpy(ssid->ssid, bss->ssid, bss->ssid_len);
1486 ssid->ssid_len = bss->ssid_len;
1488 if (interworking_set_hs20_params(wpa_s, ssid) < 0)
1491 if (wpa_config_set(ssid, "eap", eap_get_name(EAP_VENDOR_IETF,
1492 eap->method), 0) < 0)
1495 switch (eap->method) {
1497 if (eap->inner_method) {
1498 os_snprintf(buf, sizeof(buf), "\"autheap=%s\"",
1499 eap_get_name(EAP_VENDOR_IETF,
1500 eap->inner_method));
1501 if (wpa_config_set(ssid, "phase2", buf, 0) < 0)
1505 switch (eap->inner_non_eap) {
1506 case NAI_REALM_INNER_NON_EAP_PAP:
1507 if (wpa_config_set(ssid, "phase2", "\"auth=PAP\"", 0) <
1511 case NAI_REALM_INNER_NON_EAP_CHAP:
1512 if (wpa_config_set(ssid, "phase2", "\"auth=CHAP\"", 0)
1516 case NAI_REALM_INNER_NON_EAP_MSCHAP:
1517 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAP\"",
1521 case NAI_REALM_INNER_NON_EAP_MSCHAPV2:
1522 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAPV2\"",
1527 /* EAP params were not set - assume TTLS/MSCHAPv2 */
1528 if (wpa_config_set(ssid, "phase2", "\"auth=MSCHAPV2\"",
1536 if (wpa_config_set(ssid, "phase1", "\"fast_provisioning=2\"",
1539 if (wpa_config_set(ssid, "pac_file",
1540 "\"blob://pac_interworking\"", 0) < 0)
1542 os_snprintf(buf, sizeof(buf), "\"auth=%s\"",
1543 eap_get_name(EAP_VENDOR_IETF,
1546 EAP_TYPE_MSCHAPV2));
1547 if (wpa_config_set(ssid, "phase2", buf, 0) < 0)
1554 if (interworking_set_eap_params(ssid, cred,
1555 eap->method == EAP_TYPE_TTLS) < 0)
1558 nai_realm_free(realm, count);
1560 wpa_s->next_ssid = ssid;
1561 wpa_config_update_prio_list(wpa_s->conf);
1562 interworking_reconnect(wpa_s);
1567 wpas_notify_network_removed(wpa_s, ssid);
1568 wpa_config_remove_network(wpa_s->conf, ssid->id);
1569 nai_realm_free(realm, count);
1574 static struct wpa_cred * interworking_credentials_available_3gpp(
1575 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw)
1577 struct wpa_cred *selected = NULL;
1578 #ifdef INTERWORKING_3GPP
1579 struct wpa_cred *cred;
1582 if (bss->anqp == NULL || bss->anqp->anqp_3gpp == NULL)
1585 #ifdef CONFIG_EAP_PROXY
1586 if (!wpa_s->imsi[0]) {
1588 wpa_printf(MSG_DEBUG, "Interworking: IMSI not available - try to read again through eap_proxy");
1589 wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol,
1592 if (wpa_s->mnc_len > 0) {
1593 wpa_s->imsi[len] = '\0';
1594 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
1595 wpa_s->imsi, wpa_s->mnc_len);
1597 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
1600 #endif /* CONFIG_EAP_PROXY */
1602 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1610 if (cred->pcsc && wpa_s->conf->pcsc_reader && wpa_s->scard &&
1613 mnc_len = wpa_s->mnc_len;
1616 #endif /* PCSC_FUNCS */
1617 #ifdef CONFIG_EAP_PROXY
1618 if (cred->pcsc && wpa_s->mnc_len > 0 && wpa_s->imsi[0]) {
1620 mnc_len = wpa_s->mnc_len;
1623 #endif /* CONFIG_EAP_PROXY */
1625 if (cred->imsi == NULL || !cred->imsi[0] ||
1626 (!wpa_s->conf->external_sim &&
1627 (cred->milenage == NULL || !cred->milenage[0])))
1630 sep = os_strchr(cred->imsi, '-');
1632 (sep - cred->imsi != 5 && sep - cred->imsi != 6))
1634 mnc_len = sep - cred->imsi - 3;
1635 os_memcpy(imsi_buf, cred->imsi, 3 + mnc_len);
1637 msin_len = os_strlen(cred->imsi);
1638 if (3 + mnc_len + msin_len >= sizeof(imsi_buf) - 1)
1639 msin_len = sizeof(imsi_buf) - 3 - mnc_len - 1;
1640 os_memcpy(&imsi_buf[3 + mnc_len], sep, msin_len);
1641 imsi_buf[3 + mnc_len + msin_len] = '\0';
1644 #if defined(PCSC_FUNCS) || defined(CONFIG_EAP_PROXY)
1646 #endif /* PCSC_FUNCS || CONFIG_EAP_PROXY */
1647 wpa_printf(MSG_DEBUG, "Interworking: Parsing 3GPP info from "
1648 MACSTR, MAC2STR(bss->bssid));
1649 ret = plmn_id_match(bss->anqp->anqp_3gpp, imsi, mnc_len);
1650 wpa_printf(MSG_DEBUG, "PLMN match %sfound", ret ? "" : "not ");
1652 if (cred_excluded_ssid(cred, bss))
1654 if (cred_no_required_oi_match(cred, bss))
1657 cred_below_min_backhaul(wpa_s, cred, bss))
1659 if (selected == NULL ||
1660 selected->priority < cred->priority)
1664 #endif /* INTERWORKING_3GPP */
1669 static struct wpa_cred * interworking_credentials_available_realm(
1670 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw)
1672 struct wpa_cred *cred, *selected = NULL;
1673 struct nai_realm *realm;
1676 if (bss->anqp == NULL || bss->anqp->nai_realm == NULL)
1679 if (wpa_s->conf->cred == NULL)
1682 wpa_printf(MSG_DEBUG, "Interworking: Parsing NAI Realm list from "
1683 MACSTR, MAC2STR(bss->bssid));
1684 realm = nai_realm_parse(bss->anqp->nai_realm, &count);
1685 if (realm == NULL) {
1686 wpa_printf(MSG_DEBUG, "Interworking: Could not parse NAI "
1687 "Realm list from " MACSTR, MAC2STR(bss->bssid));
1691 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1692 if (cred->realm == NULL)
1695 for (i = 0; i < count; i++) {
1696 if (!nai_realm_match(&realm[i], cred->realm))
1698 if (nai_realm_find_eap(cred, &realm[i])) {
1699 if (cred_excluded_ssid(cred, bss))
1701 if (cred_no_required_oi_match(cred, bss))
1704 cred_below_min_backhaul(wpa_s, cred, bss))
1706 if (selected == NULL ||
1707 selected->priority < cred->priority)
1714 nai_realm_free(realm, count);
1720 static struct wpa_cred * interworking_credentials_available_helper(
1721 struct wpa_supplicant *wpa_s, struct wpa_bss *bss, int ignore_bw)
1723 struct wpa_cred *cred, *cred2;
1725 if (disallowed_bssid(wpa_s, bss->bssid) ||
1726 disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len)) {
1727 wpa_printf(MSG_DEBUG, "Interworking: Ignore disallowed BSS "
1728 MACSTR, MAC2STR(bss->bssid));
1732 cred = interworking_credentials_available_realm(wpa_s, bss, ignore_bw);
1733 cred2 = interworking_credentials_available_3gpp(wpa_s, bss, ignore_bw);
1734 if (cred && cred2 && cred2->priority >= cred->priority)
1739 cred2 = interworking_credentials_available_roaming_consortium(wpa_s,
1742 if (cred && cred2 && cred2->priority >= cred->priority)
1751 static struct wpa_cred * interworking_credentials_available(
1752 struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
1754 struct wpa_cred *cred;
1756 cred = interworking_credentials_available_helper(wpa_s, bss, 0);
1759 return interworking_credentials_available_helper(wpa_s, bss, 1);
1763 int domain_name_list_contains(struct wpabuf *domain_names,
1764 const char *domain, int exact_match)
1766 const u8 *pos, *end;
1769 len = os_strlen(domain);
1770 pos = wpabuf_head(domain_names);
1771 end = pos + wpabuf_len(domain_names);
1773 while (pos + 1 < end) {
1774 if (pos + 1 + pos[0] > end)
1777 wpa_hexdump_ascii(MSG_DEBUG, "Interworking: AP domain name",
1779 if (pos[0] == len &&
1780 os_strncasecmp(domain, (const char *) (pos + 1), len) == 0)
1782 if (!exact_match && pos[0] > len && pos[pos[0] - len] == '.') {
1783 const char *ap = (const char *) (pos + 1);
1784 int offset = pos[0] - len;
1785 if (os_strncasecmp(domain, ap + offset, len) == 0)
1796 int interworking_home_sp_cred(struct wpa_supplicant *wpa_s,
1797 struct wpa_cred *cred,
1798 struct wpabuf *domain_names)
1802 #ifdef INTERWORKING_3GPP
1803 char nai[100], *realm;
1810 else if (cred->pcsc && wpa_s->conf->pcsc_reader &&
1811 wpa_s->scard && wpa_s->imsi[0]) {
1813 mnc_len = wpa_s->mnc_len;
1815 #endif /* CONFIG_PCSC */
1816 #ifdef CONFIG_EAP_PROXY
1817 else if (cred->pcsc && wpa_s->mnc_len > 0 && wpa_s->imsi[0]) {
1819 mnc_len = wpa_s->mnc_len;
1821 #endif /* CONFIG_EAP_PROXY */
1823 imsi && build_root_nai(nai, sizeof(nai), imsi, mnc_len, 0) == 0) {
1824 realm = os_strchr(nai, '@');
1827 wpa_printf(MSG_DEBUG, "Interworking: Search for match "
1828 "with SIM/USIM domain %s", realm);
1830 domain_name_list_contains(domain_names, realm, 1))
1835 #endif /* INTERWORKING_3GPP */
1837 if (domain_names == NULL || cred->domain == NULL)
1840 for (i = 0; i < cred->num_domain; i++) {
1841 wpa_printf(MSG_DEBUG, "Interworking: Search for match with "
1842 "home SP FQDN %s", cred->domain[i]);
1843 if (domain_name_list_contains(domain_names, cred->domain[i], 1))
1851 static int interworking_home_sp(struct wpa_supplicant *wpa_s,
1852 struct wpabuf *domain_names)
1854 struct wpa_cred *cred;
1856 if (domain_names == NULL || wpa_s->conf->cred == NULL)
1859 for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
1860 int res = interworking_home_sp_cred(wpa_s, cred, domain_names);
1869 static int interworking_find_network_match(struct wpa_supplicant *wpa_s)
1871 struct wpa_bss *bss;
1872 struct wpa_ssid *ssid;
1874 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1875 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1876 if (wpas_network_disabled(wpa_s, ssid) ||
1877 ssid->mode != WPAS_MODE_INFRA)
1879 if (ssid->ssid_len != bss->ssid_len ||
1880 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) !=
1884 * TODO: Consider more accurate matching of security
1885 * configuration similarly to what is done in events.c
1895 static int roaming_partner_match(struct wpa_supplicant *wpa_s,
1896 struct roaming_partner *partner,
1897 struct wpabuf *domain_names)
1899 if (!domain_name_list_contains(domain_names, partner->fqdn,
1900 partner->exact_match))
1902 /* TODO: match Country */
1907 static u8 roaming_prio(struct wpa_supplicant *wpa_s, struct wpa_cred *cred,
1908 struct wpa_bss *bss)
1912 if (bss->anqp == NULL || bss->anqp->domain_name == NULL)
1913 return 128; /* cannot check preference with domain name */
1915 if (interworking_home_sp_cred(wpa_s, cred, bss->anqp->domain_name) > 0)
1916 return 0; /* max preference for home SP network */
1918 for (i = 0; i < cred->num_roaming_partner; i++) {
1919 if (roaming_partner_match(wpa_s, &cred->roaming_partner[i],
1920 bss->anqp->domain_name))
1921 return cred->roaming_partner[i].priority;
1928 static struct wpa_bss * pick_best_roaming_partner(struct wpa_supplicant *wpa_s,
1929 struct wpa_bss *selected,
1930 struct wpa_cred *cred)
1932 struct wpa_bss *bss;
1936 * Check if any other BSS is operated by a more preferred roaming
1940 best_prio = roaming_prio(wpa_s, cred, selected);
1942 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1943 if (bss == selected)
1945 cred = interworking_credentials_available(wpa_s, bss);
1948 if (!wpa_bss_get_ie(bss, WLAN_EID_RSN))
1950 prio = roaming_prio(wpa_s, cred, bss);
1951 if (prio < best_prio) {
1962 static void interworking_select_network(struct wpa_supplicant *wpa_s)
1964 struct wpa_bss *bss, *selected = NULL, *selected_home = NULL;
1965 int selected_prio = -999999, selected_home_prio = -999999;
1966 unsigned int count = 0;
1969 struct wpa_cred *cred, *selected_cred = NULL;
1970 struct wpa_cred *selected_home_cred = NULL;
1972 wpa_s->network_select = 0;
1974 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1975 cred = interworking_credentials_available(wpa_s, bss);
1978 if (!wpa_bss_get_ie(bss, WLAN_EID_RSN)) {
1980 * We currently support only HS 2.0 networks and those
1981 * are required to use WPA2-Enterprise.
1983 wpa_printf(MSG_DEBUG, "Interworking: Credential match "
1984 "with " MACSTR " but network does not use "
1985 "RSN", MAC2STR(bss->bssid));
1989 res = interworking_home_sp(wpa_s, bss->anqp ?
1990 bss->anqp->domain_name : NULL);
1997 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_AP MACSTR " type=%s%s",
1998 MAC2STR(bss->bssid), type,
1999 cred_below_min_backhaul(wpa_s, cred, bss) ?
2000 " below_min_backhaul=1" : "");
2001 if (wpa_s->auto_select ||
2002 (wpa_s->conf->auto_interworking &&
2003 wpa_s->auto_network_select)) {
2004 if (selected == NULL ||
2005 cred->priority > selected_prio) {
2007 selected_prio = cred->priority;
2008 selected_cred = cred;
2011 (selected_home == NULL ||
2012 cred->priority > selected_home_prio)) {
2013 selected_home = bss;
2014 selected_home_prio = cred->priority;
2015 selected_home_cred = cred;
2020 if (selected_home && selected_home != selected &&
2021 selected_home_prio >= selected_prio) {
2022 /* Prefer network operated by the Home SP */
2023 selected = selected_home;
2024 selected_cred = selected_home_cred;
2029 * No matching network was found based on configured
2030 * credentials. Check whether any of the enabled network blocks
2031 * have matching APs.
2033 if (interworking_find_network_match(wpa_s)) {
2034 wpa_printf(MSG_DEBUG, "Interworking: Possible BSS "
2035 "match for enabled network configurations");
2036 if (wpa_s->auto_select)
2037 interworking_reconnect(wpa_s);
2041 if (wpa_s->auto_network_select) {
2042 wpa_printf(MSG_DEBUG, "Interworking: Continue "
2043 "scanning after ANQP fetch");
2044 wpa_supplicant_req_scan(wpa_s, wpa_s->scan_interval,
2049 wpa_msg(wpa_s, MSG_INFO, INTERWORKING_NO_MATCH "No network "
2050 "with matching credentials found");
2054 selected = pick_best_roaming_partner(wpa_s, selected,
2056 interworking_connect(wpa_s, selected);
2061 static struct wpa_bss_anqp *
2062 interworking_match_anqp_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
2064 struct wpa_bss *other;
2066 if (is_zero_ether_addr(bss->hessid))
2067 return NULL; /* Cannot be in the same homegenous ESS */
2069 dl_list_for_each(other, &wpa_s->bss, struct wpa_bss, list) {
2072 if (other->anqp == NULL)
2074 if (other->anqp->roaming_consortium == NULL &&
2075 other->anqp->nai_realm == NULL &&
2076 other->anqp->anqp_3gpp == NULL &&
2077 other->anqp->domain_name == NULL)
2079 if (!(other->flags & WPA_BSS_ANQP_FETCH_TRIED))
2081 if (os_memcmp(bss->hessid, other->hessid, ETH_ALEN) != 0)
2083 if (bss->ssid_len != other->ssid_len ||
2084 os_memcmp(bss->ssid, other->ssid, bss->ssid_len) != 0)
2087 wpa_printf(MSG_DEBUG, "Interworking: Share ANQP data with "
2088 "already fetched BSSID " MACSTR " and " MACSTR,
2089 MAC2STR(other->bssid), MAC2STR(bss->bssid));
2090 other->anqp->users++;
2098 static void interworking_next_anqp_fetch(struct wpa_supplicant *wpa_s)
2100 struct wpa_bss *bss;
2104 wpa_printf(MSG_DEBUG, "Interworking: next_anqp_fetch - "
2105 "fetch_anqp_in_progress=%d fetch_osu_icon_in_progress=%d",
2106 wpa_s->fetch_anqp_in_progress,
2107 wpa_s->fetch_osu_icon_in_progress);
2109 if (eloop_terminated() || !wpa_s->fetch_anqp_in_progress) {
2110 wpa_printf(MSG_DEBUG, "Interworking: Stop next-ANQP-fetch");
2114 if (wpa_s->fetch_osu_icon_in_progress) {
2115 wpa_printf(MSG_DEBUG, "Interworking: Next icon (in progress)");
2116 hs20_next_osu_icon(wpa_s);
2120 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2121 if (!(bss->caps & IEEE80211_CAP_ESS))
2123 ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB);
2124 if (ie == NULL || ie[1] < 4 || !(ie[5] & 0x80))
2125 continue; /* AP does not support Interworking */
2126 if (disallowed_bssid(wpa_s, bss->bssid) ||
2127 disallowed_ssid(wpa_s, bss->ssid, bss->ssid_len))
2128 continue; /* Disallowed BSS */
2130 if (!(bss->flags & WPA_BSS_ANQP_FETCH_TRIED)) {
2131 if (bss->anqp == NULL) {
2132 bss->anqp = interworking_match_anqp_info(wpa_s,
2135 /* Shared data already fetched */
2138 bss->anqp = wpa_bss_anqp_alloc();
2139 if (bss->anqp == NULL)
2143 bss->flags |= WPA_BSS_ANQP_FETCH_TRIED;
2144 wpa_msg(wpa_s, MSG_INFO, "Starting ANQP fetch for "
2145 MACSTR, MAC2STR(bss->bssid));
2146 interworking_anqp_send_req(wpa_s, bss);
2152 if (wpa_s->fetch_osu_info) {
2153 wpa_printf(MSG_DEBUG, "Interworking: Next icon");
2154 hs20_osu_icon_fetch(wpa_s);
2157 wpa_msg(wpa_s, MSG_INFO, "ANQP fetch completed");
2158 wpa_s->fetch_anqp_in_progress = 0;
2159 if (wpa_s->network_select)
2160 interworking_select_network(wpa_s);
2165 void interworking_start_fetch_anqp(struct wpa_supplicant *wpa_s)
2167 struct wpa_bss *bss;
2169 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list)
2170 bss->flags &= ~WPA_BSS_ANQP_FETCH_TRIED;
2172 wpa_s->fetch_anqp_in_progress = 1;
2173 interworking_next_anqp_fetch(wpa_s);
2177 int interworking_fetch_anqp(struct wpa_supplicant *wpa_s)
2179 if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select)
2182 wpa_s->network_select = 0;
2183 wpa_s->fetch_all_anqp = 1;
2184 wpa_s->fetch_osu_info = 0;
2186 interworking_start_fetch_anqp(wpa_s);
2192 void interworking_stop_fetch_anqp(struct wpa_supplicant *wpa_s)
2194 if (!wpa_s->fetch_anqp_in_progress)
2197 wpa_s->fetch_anqp_in_progress = 0;
2201 int anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst,
2202 u16 info_ids[], size_t num_ids)
2207 struct wpa_bss *bss;
2210 freq = wpa_s->assoc_freq;
2211 bss = wpa_bss_get_bssid(wpa_s, dst);
2213 wpa_bss_anqp_unshare_alloc(bss);
2219 wpa_printf(MSG_DEBUG, "ANQP: Query Request to " MACSTR " for %u id(s)",
2220 MAC2STR(dst), (unsigned int) num_ids);
2222 buf = anqp_build_req(info_ids, num_ids, NULL);
2226 res = gas_query_req(wpa_s->gas, dst, freq, buf, anqp_resp_cb, wpa_s);
2228 wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request");
2232 wpa_printf(MSG_DEBUG, "ANQP: Query started with dialog token "
2239 static void interworking_parse_rx_anqp_resp(struct wpa_supplicant *wpa_s,
2240 struct wpa_bss *bss, const u8 *sa,
2242 const u8 *data, size_t slen)
2244 const u8 *pos = data;
2245 struct wpa_bss_anqp *anqp = NULL;
2248 #endif /* CONFIG_HS20 */
2254 case ANQP_CAPABILITY_LIST:
2255 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2256 " ANQP Capability list", MAC2STR(sa));
2258 case ANQP_VENUE_NAME:
2259 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2260 " Venue Name", MAC2STR(sa));
2261 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Venue Name", pos, slen);
2263 wpabuf_free(anqp->venue_name);
2264 anqp->venue_name = wpabuf_alloc_copy(pos, slen);
2267 case ANQP_NETWORK_AUTH_TYPE:
2268 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2269 " Network Authentication Type information",
2271 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Network Authentication "
2274 wpabuf_free(anqp->network_auth_type);
2275 anqp->network_auth_type = wpabuf_alloc_copy(pos, slen);
2278 case ANQP_ROAMING_CONSORTIUM:
2279 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2280 " Roaming Consortium list", MAC2STR(sa));
2281 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: Roaming Consortium",
2284 wpabuf_free(anqp->roaming_consortium);
2285 anqp->roaming_consortium = wpabuf_alloc_copy(pos, slen);
2288 case ANQP_IP_ADDR_TYPE_AVAILABILITY:
2289 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2290 " IP Address Type Availability information",
2292 wpa_hexdump(MSG_MSGDUMP, "ANQP: IP Address Availability",
2295 wpabuf_free(anqp->ip_addr_type_availability);
2296 anqp->ip_addr_type_availability =
2297 wpabuf_alloc_copy(pos, slen);
2300 case ANQP_NAI_REALM:
2301 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2302 " NAI Realm list", MAC2STR(sa));
2303 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: NAI Realm", pos, slen);
2305 wpabuf_free(anqp->nai_realm);
2306 anqp->nai_realm = wpabuf_alloc_copy(pos, slen);
2309 case ANQP_3GPP_CELLULAR_NETWORK:
2310 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2311 " 3GPP Cellular Network information", MAC2STR(sa));
2312 wpa_hexdump_ascii(MSG_DEBUG, "ANQP: 3GPP Cellular Network",
2315 wpabuf_free(anqp->anqp_3gpp);
2316 anqp->anqp_3gpp = wpabuf_alloc_copy(pos, slen);
2319 case ANQP_DOMAIN_NAME:
2320 wpa_msg(wpa_s, MSG_INFO, "RX-ANQP " MACSTR
2321 " Domain Name list", MAC2STR(sa));
2322 wpa_hexdump_ascii(MSG_MSGDUMP, "ANQP: Domain Name", pos, slen);
2324 wpabuf_free(anqp->domain_name);
2325 anqp->domain_name = wpabuf_alloc_copy(pos, slen);
2328 case ANQP_VENDOR_SPECIFIC:
2332 switch (WPA_GET_BE24(pos)) {
2344 case HS20_ANQP_OUI_TYPE:
2345 hs20_parse_rx_hs20_anqp_resp(wpa_s, sa, pos,
2349 wpa_printf(MSG_DEBUG, "HS20: Unsupported ANQP "
2350 "vendor type %u", type);
2354 #endif /* CONFIG_HS20 */
2356 wpa_printf(MSG_DEBUG, "Interworking: Unsupported "
2357 "vendor-specific ANQP OUI %06x",
2363 wpa_printf(MSG_DEBUG, "Interworking: Unsupported ANQP Info ID "
2370 void anqp_resp_cb(void *ctx, const u8 *dst, u8 dialog_token,
2371 enum gas_query_result result,
2372 const struct wpabuf *adv_proto,
2373 const struct wpabuf *resp, u16 status_code)
2375 struct wpa_supplicant *wpa_s = ctx;
2380 struct wpa_bss *bss = NULL, *tmp;
2382 wpa_printf(MSG_DEBUG, "Interworking: anqp_resp_cb dst=" MACSTR
2383 " dialog_token=%u result=%d status_code=%u",
2384 MAC2STR(dst), dialog_token, result, status_code);
2385 if (result != GAS_QUERY_SUCCESS) {
2386 if (wpa_s->fetch_osu_icon_in_progress)
2387 hs20_icon_fetch_failed(wpa_s);
2391 pos = wpabuf_head(adv_proto);
2392 if (wpabuf_len(adv_proto) < 4 || pos[0] != WLAN_EID_ADV_PROTO ||
2393 pos[1] < 2 || pos[3] != ACCESS_NETWORK_QUERY_PROTOCOL) {
2394 wpa_printf(MSG_DEBUG, "ANQP: Unexpected Advertisement "
2395 "Protocol in response");
2396 if (wpa_s->fetch_osu_icon_in_progress)
2397 hs20_icon_fetch_failed(wpa_s);
2402 * If possible, select the BSS entry based on which BSS entry was used
2403 * for the request. This can help in cases where multiple BSS entries
2404 * may exist for the same AP.
2406 dl_list_for_each_reverse(tmp, &wpa_s->bss, struct wpa_bss, list) {
2407 if (tmp == wpa_s->interworking_gas_bss &&
2408 os_memcmp(tmp->bssid, dst, ETH_ALEN) == 0) {
2414 bss = wpa_bss_get_bssid(wpa_s, dst);
2416 pos = wpabuf_head(resp);
2417 end = pos + wpabuf_len(resp);
2420 if (pos + 4 > end) {
2421 wpa_printf(MSG_DEBUG, "ANQP: Invalid element");
2424 info_id = WPA_GET_LE16(pos);
2426 slen = WPA_GET_LE16(pos);
2428 if (pos + slen > end) {
2429 wpa_printf(MSG_DEBUG, "ANQP: Invalid element length "
2430 "for Info ID %u", info_id);
2433 interworking_parse_rx_anqp_resp(wpa_s, bss, dst, info_id, pos,
2438 hs20_notify_parse_done(wpa_s);
2442 static void interworking_scan_res_handler(struct wpa_supplicant *wpa_s,
2443 struct wpa_scan_results *scan_res)
2445 wpa_printf(MSG_DEBUG, "Interworking: Scan results available - start "
2447 interworking_start_fetch_anqp(wpa_s);
2451 int interworking_select(struct wpa_supplicant *wpa_s, int auto_select,
2454 interworking_stop_fetch_anqp(wpa_s);
2455 wpa_s->network_select = 1;
2456 wpa_s->auto_network_select = 0;
2457 wpa_s->auto_select = !!auto_select;
2458 wpa_s->fetch_all_anqp = 0;
2459 wpa_s->fetch_osu_info = 0;
2460 wpa_printf(MSG_DEBUG, "Interworking: Start scan for network "
2462 wpa_s->scan_res_handler = interworking_scan_res_handler;
2463 wpa_s->normal_scans = 0;
2464 wpa_s->scan_req = MANUAL_SCAN_REQ;
2465 os_free(wpa_s->manual_scan_freqs);
2466 wpa_s->manual_scan_freqs = freqs;
2467 wpa_s->after_wps = 0;
2468 wpa_s->known_wps_freq = 0;
2469 wpa_supplicant_req_scan(wpa_s, 0, 0);
2475 static void gas_resp_cb(void *ctx, const u8 *addr, u8 dialog_token,
2476 enum gas_query_result result,
2477 const struct wpabuf *adv_proto,
2478 const struct wpabuf *resp, u16 status_code)
2480 struct wpa_supplicant *wpa_s = ctx;
2483 wpa_msg(wpa_s, MSG_INFO, GAS_RESPONSE_INFO "addr=" MACSTR
2484 " dialog_token=%d status_code=%d resp_len=%d",
2485 MAC2STR(addr), dialog_token, status_code,
2486 resp ? (int) wpabuf_len(resp) : -1);
2490 n = wpabuf_dup(resp);
2493 wpabuf_free(wpa_s->prev_gas_resp);
2494 wpa_s->prev_gas_resp = wpa_s->last_gas_resp;
2495 os_memcpy(wpa_s->prev_gas_addr, wpa_s->last_gas_addr, ETH_ALEN);
2496 wpa_s->prev_gas_dialog_token = wpa_s->last_gas_dialog_token;
2497 wpa_s->last_gas_resp = n;
2498 os_memcpy(wpa_s->last_gas_addr, addr, ETH_ALEN);
2499 wpa_s->last_gas_dialog_token = dialog_token;
2503 int gas_send_request(struct wpa_supplicant *wpa_s, const u8 *dst,
2504 const struct wpabuf *adv_proto,
2505 const struct wpabuf *query)
2510 struct wpa_bss *bss;
2513 u8 query_resp_len_limit = 0, pame_bi = 0;
2515 freq = wpa_s->assoc_freq;
2516 bss = wpa_bss_get_bssid(wpa_s, dst);
2522 wpa_printf(MSG_DEBUG, "GAS request to " MACSTR " (freq %d MHz)",
2523 MAC2STR(dst), freq);
2524 wpa_hexdump_buf(MSG_DEBUG, "Advertisement Protocol ID", adv_proto);
2525 wpa_hexdump_buf(MSG_DEBUG, "GAS Query", query);
2527 len = 3 + wpabuf_len(adv_proto) + 2;
2529 len += wpabuf_len(query);
2530 buf = gas_build_initial_req(0, len);
2534 /* Advertisement Protocol IE */
2535 wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO);
2536 wpabuf_put_u8(buf, 1 + wpabuf_len(adv_proto)); /* Length */
2537 wpabuf_put_u8(buf, (query_resp_len_limit & 0x7f) |
2538 (pame_bi ? 0x80 : 0));
2539 wpabuf_put_buf(buf, adv_proto);
2543 wpabuf_put_le16(buf, wpabuf_len(query));
2544 wpabuf_put_buf(buf, query);
2546 wpabuf_put_le16(buf, 0);
2548 res = gas_query_req(wpa_s->gas, dst, freq, buf, gas_resp_cb, wpa_s);
2550 wpa_printf(MSG_DEBUG, "GAS: Failed to send Query Request");
2554 wpa_printf(MSG_DEBUG, "GAS: Query started with dialog token "