2 * WPA Supplicant - Basic mesh peer management
3 * Copyright (c) 2013-2014, cozybit, Inc. All rights reserved.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "ap/hostapd.h"
15 #include "ap/sta_info.h"
16 #include "ap/ieee802_11.h"
17 #include "ap/wpa_auth.h"
18 #include "wpa_supplicant_i.h"
23 struct mesh_peer_mgmt_ie {
24 const u8 *proto_id; /* Mesh Peering Protocol Identifier (2 octets) */
25 const u8 *llid; /* Local Link ID (2 octets) */
26 const u8 *plid; /* Peer Link ID (conditional, 2 octets) */
27 const u8 *reason; /* Reason Code (conditional, 2 octets) */
28 const u8 *chosen_pmk; /* Chosen PMK (optional, 16 octets) */
31 static void plink_timer(void *eloop_ctx, void *user_data);
44 static const char * const mplstate[] = {
45 [0] = "UNINITIALIZED",
46 [PLINK_IDLE] = "IDLE",
47 [PLINK_OPN_SNT] = "OPN_SNT",
48 [PLINK_OPN_RCVD] = "OPN_RCVD",
49 [PLINK_CNF_RCVD] = "CNF_RCVD",
50 [PLINK_ESTAB] = "ESTAB",
51 [PLINK_HOLDING] = "HOLDING",
52 [PLINK_BLOCKED] = "BLOCKED"
55 static const char * const mplevent[] = {
56 [PLINK_UNDEFINED] = "UNDEFINED",
57 [OPN_ACPT] = "OPN_ACPT",
58 [OPN_RJCT] = "OPN_RJCT",
59 [CNF_ACPT] = "CNF_ACPT",
60 [CNF_RJCT] = "CNF_RJCT",
61 [CLS_ACPT] = "CLS_ACPT",
62 [REQ_RJCT] = "REQ_RJCT",
66 static int mesh_mpm_parse_peer_mgmt(struct wpa_supplicant *wpa_s,
68 const u8 *ie, size_t len,
69 struct mesh_peer_mgmt_ie *mpm_ie)
71 os_memset(mpm_ie, 0, sizeof(*mpm_ie));
73 /* Remove optional Chosen PMK field at end */
74 if (len >= SAE_PMKID_LEN) {
75 mpm_ie->chosen_pmk = ie + len - SAE_PMKID_LEN;
79 if ((action_field == PLINK_OPEN && len != 4) ||
80 (action_field == PLINK_CONFIRM && len != 6) ||
81 (action_field == PLINK_CLOSE && len != 6 && len != 8)) {
82 wpa_msg(wpa_s, MSG_DEBUG, "MPM: Invalid peer mgmt ie");
89 mpm_ie->proto_id = ie;
90 mpm_ie->llid = ie + 2;
94 /* close reason is always present at end for close */
95 if (action_field == PLINK_CLOSE) {
98 mpm_ie->reason = ie + len - 2;
102 /* Peer Link ID, present for confirm, and possibly close */
110 static int plink_free_count(struct hostapd_data *hapd)
112 if (hapd->max_plinks > hapd->num_plinks)
113 return hapd->max_plinks - hapd->num_plinks;
118 static u16 copy_supp_rates(struct wpa_supplicant *wpa_s,
119 struct sta_info *sta,
120 struct ieee802_11_elems *elems)
122 if (!elems->supp_rates) {
123 wpa_msg(wpa_s, MSG_ERROR, "no supported rates from " MACSTR,
125 return WLAN_STATUS_UNSPECIFIED_FAILURE;
128 if (elems->supp_rates_len + elems->ext_supp_rates_len >
129 sizeof(sta->supported_rates)) {
130 wpa_msg(wpa_s, MSG_ERROR,
131 "Invalid supported rates element length " MACSTR
132 " %d+%d", MAC2STR(sta->addr), elems->supp_rates_len,
133 elems->ext_supp_rates_len);
134 return WLAN_STATUS_UNSPECIFIED_FAILURE;
137 sta->supported_rates_len = merge_byte_arrays(
138 sta->supported_rates, sizeof(sta->supported_rates),
139 elems->supp_rates, elems->supp_rates_len,
140 elems->ext_supp_rates, elems->ext_supp_rates_len);
142 return WLAN_STATUS_SUCCESS;
146 /* return true if elems from a neighbor match this MBSS */
147 static Boolean matches_local(struct wpa_supplicant *wpa_s,
148 struct ieee802_11_elems *elems)
150 struct mesh_conf *mconf = wpa_s->ifmsh->mconf;
152 if (elems->mesh_config_len < 5)
155 return (mconf->meshid_len == elems->mesh_id_len &&
156 os_memcmp(mconf->meshid, elems->mesh_id,
157 elems->mesh_id_len) == 0 &&
158 mconf->mesh_pp_id == elems->mesh_config[0] &&
159 mconf->mesh_pm_id == elems->mesh_config[1] &&
160 mconf->mesh_cc_id == elems->mesh_config[2] &&
161 mconf->mesh_sp_id == elems->mesh_config[3] &&
162 mconf->mesh_auth_id == elems->mesh_config[4]);
166 /* check if local link id is already used with another peer */
167 static Boolean llid_in_use(struct wpa_supplicant *wpa_s, u16 llid)
169 struct sta_info *sta;
170 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
172 for (sta = hapd->sta_list; sta; sta = sta->next) {
173 if (sta->my_lid == llid)
181 /* generate an llid for a link and set to initial state */
182 static void mesh_mpm_init_link(struct wpa_supplicant *wpa_s,
183 struct sta_info *sta)
188 if (os_get_random((u8 *) &llid, sizeof(llid)) < 0)
190 } while (!llid || llid_in_use(wpa_s, llid));
196 * We do not use wpa_mesh_set_plink_state() here because there is no
197 * entry in kernel yet.
199 sta->plink_state = PLINK_IDLE;
203 static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s,
204 struct sta_info *sta,
205 enum plink_action_field type,
209 struct hostapd_iface *ifmsh = wpa_s->ifmsh;
210 struct hostapd_data *bss = ifmsh->bss[0];
211 struct mesh_conf *conf = ifmsh->mconf;
212 u8 supp_rates[2 + 2 + 32];
214 u8 ie_len, add_plid = 0;
216 int ampe = conf->security & MESH_CONF_SEC_AMPE;
222 buf_len = 2 + /* capability info */
224 2 + 8 + /* supported rates */
226 2 + 32 + /* mesh ID */
227 2 + 7 + /* mesh config */
228 2 + 23 + /* peering management */
231 #ifdef CONFIG_IEEE80211N
232 if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) {
233 buf_len += 2 + 26 + /* HT capabilities */
234 2 + 22; /* HT operation */
236 #endif /* CONFIG_IEEE80211N */
237 #ifdef CONFIG_IEEE80211AC
238 if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) {
239 buf_len += 2 + 12 + /* VHT Capabilities */
240 2 + 5; /* VHT Operation */
242 #endif /* CONFIG_IEEE80211AC */
243 if (type != PLINK_CLOSE)
244 buf_len += conf->rsn_ie_len; /* RSN IE */
246 buf = wpabuf_alloc(buf_len);
250 cat = wpabuf_mhead_u8(buf);
251 wpabuf_put_u8(buf, WLAN_ACTION_SELF_PROTECTED);
252 wpabuf_put_u8(buf, type);
254 if (type != PLINK_CLOSE) {
257 /* capability info */
258 wpabuf_put_le16(buf, ampe ? IEEE80211_CAP_PRIVACY : 0);
261 if (type == PLINK_CONFIRM)
262 wpabuf_put_le16(buf, sta->aid);
264 /* IE: supp + ext. supp rates */
265 pos = hostapd_eid_supp_rates(bss, supp_rates);
266 pos = hostapd_eid_ext_supp_rates(bss, pos);
267 wpabuf_put_data(buf, supp_rates, pos - supp_rates);
270 wpabuf_put_data(buf, conf->rsn_ie, conf->rsn_ie_len);
273 wpabuf_put_u8(buf, WLAN_EID_MESH_ID);
274 wpabuf_put_u8(buf, conf->meshid_len);
275 wpabuf_put_data(buf, conf->meshid, conf->meshid_len);
278 wpabuf_put_u8(buf, WLAN_EID_MESH_CONFIG);
279 wpabuf_put_u8(buf, 7);
280 wpabuf_put_u8(buf, conf->mesh_pp_id);
281 wpabuf_put_u8(buf, conf->mesh_pm_id);
282 wpabuf_put_u8(buf, conf->mesh_cc_id);
283 wpabuf_put_u8(buf, conf->mesh_sp_id);
284 wpabuf_put_u8(buf, conf->mesh_auth_id);
285 info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1;
286 /* TODO: Add Connected to Mesh Gate/AS subfields */
287 wpabuf_put_u8(buf, info);
288 /* always forwarding & accepting plinks for now */
289 wpabuf_put_u8(buf, MESH_CAP_ACCEPT_ADDITIONAL_PEER |
290 MESH_CAP_FORWARDING);
291 } else { /* Peer closing frame */
293 wpabuf_put_u8(buf, WLAN_EID_MESH_ID);
294 wpabuf_put_u8(buf, conf->meshid_len);
295 wpabuf_put_data(buf, conf->meshid, conf->meshid_len);
298 /* IE: Mesh Peering Management element */
312 ie_len += 2; /* reason code */
316 wpabuf_put_u8(buf, WLAN_EID_PEER_MGMT);
317 wpabuf_put_u8(buf, ie_len);
318 /* peering protocol */
320 wpabuf_put_le16(buf, 1);
322 wpabuf_put_le16(buf, 0);
323 wpabuf_put_le16(buf, sta->my_lid);
325 wpabuf_put_le16(buf, sta->peer_lid);
326 if (type == PLINK_CLOSE)
327 wpabuf_put_le16(buf, close_reason);
329 if (sta->sae == NULL) {
330 wpa_msg(wpa_s, MSG_INFO, "Mesh MPM: no SAE session");
333 mesh_rsn_get_pmkid(wpa_s->mesh_rsn, sta,
334 wpabuf_put(buf, PMKID_LEN));
337 #ifdef CONFIG_IEEE80211N
338 if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) {
339 u8 ht_capa_oper[2 + 26 + 2 + 22];
341 pos = hostapd_eid_ht_capabilities(bss, ht_capa_oper);
342 pos = hostapd_eid_ht_operation(bss, pos);
343 wpabuf_put_data(buf, ht_capa_oper, pos - ht_capa_oper);
345 #endif /* CONFIG_IEEE80211N */
346 #ifdef CONFIG_IEEE80211AC
347 if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) {
348 u8 vht_capa_oper[2 + 12 + 2 + 5];
350 pos = hostapd_eid_vht_capabilities(bss, vht_capa_oper);
351 pos = hostapd_eid_vht_operation(bss, pos);
352 wpabuf_put_data(buf, vht_capa_oper, pos - vht_capa_oper);
354 #endif /* CONFIG_IEEE80211AC */
356 if (ampe && mesh_rsn_protect_frame(wpa_s->mesh_rsn, sta, cat, buf)) {
357 wpa_msg(wpa_s, MSG_INFO,
358 "Mesh MPM: failed to add AMPE and MIC IE");
362 wpa_msg(wpa_s, MSG_DEBUG, "Mesh MPM: Sending peering frame type %d to "
363 MACSTR " (my_lid=0x%x peer_lid=0x%x)",
364 type, MAC2STR(sta->addr), sta->my_lid, sta->peer_lid);
365 ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0,
366 sta->addr, wpa_s->own_addr, wpa_s->own_addr,
367 wpabuf_head(buf), wpabuf_len(buf), 0);
369 wpa_msg(wpa_s, MSG_INFO,
370 "Mesh MPM: failed to send peering frame");
377 /* configure peering state in ours and driver's station entry */
378 void wpa_mesh_set_plink_state(struct wpa_supplicant *wpa_s,
379 struct sta_info *sta,
380 enum mesh_plink_state state)
382 struct hostapd_sta_add_params params;
385 wpa_msg(wpa_s, MSG_DEBUG, "MPM set " MACSTR " from %s into %s",
386 MAC2STR(sta->addr), mplstate[sta->plink_state],
388 sta->plink_state = state;
390 os_memset(¶ms, 0, sizeof(params));
391 params.addr = sta->addr;
392 params.plink_state = state;
395 ret = wpa_drv_sta_add(wpa_s, ¶ms);
397 wpa_msg(wpa_s, MSG_ERROR, "Driver failed to set " MACSTR
398 ": %d", MAC2STR(sta->addr), ret);
403 static void mesh_mpm_fsm_restart(struct wpa_supplicant *wpa_s,
404 struct sta_info *sta)
406 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
408 eloop_cancel_timeout(plink_timer, wpa_s, sta);
410 ap_free_sta(hapd, sta);
414 static void plink_timer(void *eloop_ctx, void *user_data)
416 struct wpa_supplicant *wpa_s = eloop_ctx;
417 struct sta_info *sta = user_data;
419 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
420 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
422 switch (sta->plink_state) {
426 if (sta->mpm_retries < conf->dot11MeshMaxRetries) {
427 eloop_register_timeout(
428 conf->dot11MeshRetryTimeout / 1000,
429 (conf->dot11MeshRetryTimeout % 1000) * 1000,
430 plink_timer, wpa_s, sta);
431 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0);
435 reason = WLAN_REASON_MESH_MAX_RETRIES;
436 /* fall through on else */
441 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT;
442 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
443 eloop_register_timeout(conf->dot11MeshHoldingTimeout / 1000,
444 (conf->dot11MeshHoldingTimeout % 1000) * 1000,
445 plink_timer, wpa_s, sta);
446 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason);
451 if (sta->mesh_sae_pmksa_caching) {
452 wpa_printf(MSG_DEBUG, "MPM: Peer " MACSTR
453 " looks like it does not support mesh SAE PMKSA caching, so remove the cached entry for it",
455 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
457 mesh_mpm_fsm_restart(wpa_s, sta);
465 /* initiate peering with station */
467 mesh_mpm_plink_open(struct wpa_supplicant *wpa_s, struct sta_info *sta,
468 enum mesh_plink_state next_state)
470 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
472 eloop_cancel_timeout(plink_timer, wpa_s, sta);
473 eloop_register_timeout(conf->dot11MeshRetryTimeout / 1000,
474 (conf->dot11MeshRetryTimeout % 1000) * 1000,
475 plink_timer, wpa_s, sta);
476 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0);
477 wpa_mesh_set_plink_state(wpa_s, sta, next_state);
481 static int mesh_mpm_plink_close(struct hostapd_data *hapd, struct sta_info *sta,
484 struct wpa_supplicant *wpa_s = ctx;
485 int reason = WLAN_REASON_MESH_PEERING_CANCELLED;
488 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
489 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason);
490 wpa_printf(MSG_DEBUG, "MPM closing plink sta=" MACSTR,
492 eloop_cancel_timeout(plink_timer, wpa_s, sta);
500 int mesh_mpm_close_peer(struct wpa_supplicant *wpa_s, const u8 *addr)
502 struct hostapd_data *hapd;
503 struct sta_info *sta;
506 wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet");
510 hapd = wpa_s->ifmsh->bss[0];
511 sta = ap_get_sta(hapd, addr);
513 wpa_msg(wpa_s, MSG_INFO, "No such mesh peer");
517 return mesh_mpm_plink_close(hapd, sta, wpa_s) == 0 ? 0 : -1;
521 static void peer_add_timer(void *eloop_ctx, void *user_data)
523 struct wpa_supplicant *wpa_s = eloop_ctx;
524 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
526 os_memset(hapd->mesh_required_peer, 0, ETH_ALEN);
530 int mesh_mpm_connect_peer(struct wpa_supplicant *wpa_s, const u8 *addr,
533 struct wpa_ssid *ssid = wpa_s->current_ssid;
534 struct hostapd_data *hapd;
535 struct sta_info *sta;
536 struct mesh_conf *conf;
539 wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet");
543 if (!ssid || !ssid->no_auto_peer) {
544 wpa_msg(wpa_s, MSG_INFO,
545 "This command is available only with no_auto_peer mesh network");
549 hapd = wpa_s->ifmsh->bss[0];
550 conf = wpa_s->ifmsh->mconf;
552 sta = ap_get_sta(hapd, addr);
554 wpa_msg(wpa_s, MSG_INFO, "No such mesh peer");
558 if ((PLINK_OPN_SNT <= sta->plink_state &&
559 sta->plink_state <= PLINK_ESTAB) ||
560 (sta->sae && sta->sae->state > SAE_NOTHING)) {
561 wpa_msg(wpa_s, MSG_INFO,
562 "Specified peer is connecting/connected");
566 if (conf->security == MESH_CONF_SEC_NONE) {
567 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT);
569 mesh_rsn_auth_sae_sta(wpa_s, sta);
570 os_memcpy(hapd->mesh_required_peer, addr, ETH_ALEN);
571 eloop_register_timeout(duration == -1 ? 10 : duration, 0,
572 peer_add_timer, wpa_s, NULL);
579 void mesh_mpm_deinit(struct wpa_supplicant *wpa_s, struct hostapd_iface *ifmsh)
581 struct hostapd_data *hapd = ifmsh->bss[0];
583 /* notify peers we're leaving */
584 ap_for_each_sta(hapd, mesh_mpm_plink_close, wpa_s);
586 hapd->num_plinks = 0;
587 hostapd_free_stas(hapd);
588 eloop_cancel_timeout(peer_add_timer, wpa_s, NULL);
592 /* for mesh_rsn to indicate this peer has completed authentication, and we're
593 * ready to start AMPE */
594 void mesh_mpm_auth_peer(struct wpa_supplicant *wpa_s, const u8 *addr)
596 struct hostapd_data *data = wpa_s->ifmsh->bss[0];
597 struct hostapd_sta_add_params params;
598 struct sta_info *sta;
601 sta = ap_get_sta(data, addr);
603 wpa_msg(wpa_s, MSG_DEBUG, "no such mesh peer");
607 /* TODO: Should do nothing if this STA is already authenticated, but
608 * the AP code already sets this flag. */
609 sta->flags |= WLAN_STA_AUTH;
611 mesh_rsn_init_ampe_sta(wpa_s, sta);
613 os_memset(¶ms, 0, sizeof(params));
614 params.addr = sta->addr;
615 params.flags = WPA_STA_AUTHENTICATED | WPA_STA_AUTHORIZED;
618 wpa_msg(wpa_s, MSG_DEBUG, "MPM authenticating " MACSTR,
620 ret = wpa_drv_sta_add(wpa_s, ¶ms);
622 wpa_msg(wpa_s, MSG_ERROR,
623 "Driver failed to set " MACSTR ": %d",
624 MAC2STR(sta->addr), ret);
628 mesh_mpm_init_link(wpa_s, sta);
630 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT);
634 * Initialize a sta_info structure for a peer and upload it into the driver
635 * in preparation for beginning authentication or peering. This is done when a
636 * Beacon (secure or open mesh) or a peering open frame (for open mesh) is
637 * received from the peer for the first time.
639 static struct sta_info * mesh_mpm_add_peer(struct wpa_supplicant *wpa_s,
641 struct ieee802_11_elems *elems)
643 struct hostapd_sta_add_params params;
644 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
645 struct hostapd_data *data = wpa_s->ifmsh->bss[0];
646 struct sta_info *sta;
649 if (elems->mesh_config_len >= 7 &&
650 !(elems->mesh_config[6] & MESH_CAP_ACCEPT_ADDITIONAL_PEER)) {
651 wpa_msg(wpa_s, MSG_DEBUG,
652 "mesh: Ignore a crowded peer " MACSTR,
657 sta = ap_get_sta(data, addr);
659 sta = ap_sta_add(data, addr);
664 /* Set WMM by default since Mesh STAs are QoS STAs */
665 sta->flags |= WLAN_STA_WMM;
668 if (copy_supp_rates(wpa_s, sta, elems)) {
669 ap_free_sta(data, sta);
674 mesh_mpm_init_link(wpa_s, sta);
676 #ifdef CONFIG_IEEE80211N
677 copy_sta_ht_capab(data, sta, elems->ht_capabilities);
678 update_ht_state(data, sta);
679 #endif /* CONFIG_IEEE80211N */
681 #ifdef CONFIG_IEEE80211AC
682 copy_sta_vht_capab(data, sta, elems->vht_capabilities);
683 set_sta_vht_opmode(data, sta, elems->vht_opmode_notif);
684 #endif /* CONFIG_IEEE80211AC */
686 if (hostapd_get_aid(data, sta) < 0) {
687 wpa_msg(wpa_s, MSG_ERROR, "No AIDs available");
688 ap_free_sta(data, sta);
692 /* insert into driver */
693 os_memset(¶ms, 0, sizeof(params));
694 params.supp_rates = sta->supported_rates;
695 params.supp_rates_len = sta->supported_rates_len;
697 params.plink_state = sta->plink_state;
698 params.aid = sta->aid;
699 params.listen_interval = 100;
700 params.ht_capabilities = sta->ht_capabilities;
701 params.vht_capabilities = sta->vht_capabilities;
702 params.flags |= WPA_STA_WMM;
703 params.flags_mask |= WPA_STA_AUTHENTICATED;
704 if (conf->security == MESH_CONF_SEC_NONE) {
705 params.flags |= WPA_STA_AUTHORIZED;
706 params.flags |= WPA_STA_AUTHENTICATED;
708 sta->flags |= WLAN_STA_MFP;
709 params.flags |= WPA_STA_MFP;
712 ret = wpa_drv_sta_add(wpa_s, ¶ms);
714 wpa_msg(wpa_s, MSG_ERROR,
715 "Driver failed to insert " MACSTR ": %d",
717 ap_free_sta(data, sta);
725 void wpa_mesh_new_mesh_peer(struct wpa_supplicant *wpa_s, const u8 *addr,
726 struct ieee802_11_elems *elems)
728 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
729 struct hostapd_data *data = wpa_s->ifmsh->bss[0];
730 struct sta_info *sta;
731 struct wpa_ssid *ssid = wpa_s->current_ssid;
733 sta = mesh_mpm_add_peer(wpa_s, addr, elems);
737 if (ssid && ssid->no_auto_peer &&
738 (is_zero_ether_addr(data->mesh_required_peer) ||
739 os_memcmp(data->mesh_required_peer, addr, ETH_ALEN) != 0)) {
740 wpa_msg(wpa_s, MSG_INFO, "will not initiate new peer link with "
741 MACSTR " because of no_auto_peer", MAC2STR(addr));
742 if (data->mesh_pending_auth) {
743 struct os_reltime age;
744 const struct ieee80211_mgmt *mgmt;
745 struct hostapd_frame_info fi;
747 mgmt = wpabuf_head(data->mesh_pending_auth);
748 os_reltime_age(&data->mesh_pending_auth_time, &age);
750 os_memcmp(mgmt->sa, addr, ETH_ALEN) == 0) {
751 wpa_printf(MSG_DEBUG,
752 "mesh: Process pending Authentication frame from %u.%06u seconds ago",
753 (unsigned int) age.sec,
754 (unsigned int) age.usec);
755 os_memset(&fi, 0, sizeof(fi));
758 wpabuf_head(data->mesh_pending_auth),
759 wpabuf_len(data->mesh_pending_auth),
762 wpabuf_free(data->mesh_pending_auth);
763 data->mesh_pending_auth = NULL;
768 if (conf->security == MESH_CONF_SEC_NONE) {
769 if (sta->plink_state < PLINK_OPN_SNT ||
770 sta->plink_state > PLINK_ESTAB)
771 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT);
773 mesh_rsn_auth_sae_sta(wpa_s, sta);
778 void mesh_mpm_mgmt_rx(struct wpa_supplicant *wpa_s, struct rx_mgmt *rx_mgmt)
780 struct hostapd_frame_info fi;
782 os_memset(&fi, 0, sizeof(fi));
783 fi.datarate = rx_mgmt->datarate;
784 fi.ssi_signal = rx_mgmt->ssi_signal;
785 ieee802_11_mgmt(wpa_s->ifmsh->bss[0], rx_mgmt->frame,
786 rx_mgmt->frame_len, &fi);
790 static void mesh_mpm_plink_estab(struct wpa_supplicant *wpa_s,
791 struct sta_info *sta)
793 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
794 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
797 wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR " established",
800 if (conf->security & MESH_CONF_SEC_AMPE) {
801 wpa_hexdump_key(MSG_DEBUG, "mesh: MTK", sta->mtk, sta->mtk_len);
802 wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->pairwise_cipher),
803 sta->addr, 0, 0, seq, sizeof(seq),
804 sta->mtk, sta->mtk_len);
806 wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK Key RSC",
807 sta->mgtk_rsc, sizeof(sta->mgtk_rsc));
808 wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK",
809 sta->mgtk, sta->mgtk_len);
810 wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->group_cipher),
811 sta->addr, sta->mgtk_key_id, 0,
812 sta->mgtk_rsc, sizeof(sta->mgtk_rsc),
813 sta->mgtk, sta->mgtk_len);
816 wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK Key RSC",
817 sta->igtk_rsc, sizeof(sta->igtk_rsc));
818 wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK",
819 sta->igtk, sta->igtk_len);
822 wpa_cipher_to_alg(conf->mgmt_group_cipher),
823 sta->addr, sta->igtk_key_id, 0,
824 sta->igtk_rsc, sizeof(sta->igtk_rsc),
825 sta->igtk, sta->igtk_len);
829 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_ESTAB);
832 sta->flags |= WLAN_STA_ASSOC;
833 sta->mesh_sae_pmksa_caching = 0;
835 eloop_cancel_timeout(peer_add_timer, wpa_s, NULL);
836 peer_add_timer(wpa_s, NULL);
837 eloop_cancel_timeout(plink_timer, wpa_s, sta);
839 /* Send ctrl event */
840 wpa_msg(wpa_s, MSG_INFO, MESH_PEER_CONNECTED MACSTR,
845 static void mesh_mpm_fsm(struct wpa_supplicant *wpa_s, struct sta_info *sta,
846 enum plink_event event, u16 reason)
848 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
849 struct mesh_conf *conf = wpa_s->ifmsh->mconf;
851 wpa_msg(wpa_s, MSG_DEBUG, "MPM " MACSTR " state %s event %s",
852 MAC2STR(sta->addr), mplstate[sta->plink_state],
855 switch (sta->plink_state) {
859 mesh_mpm_fsm_restart(wpa_s, sta);
862 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_RCVD);
863 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CONFIRM,
867 mesh_mpm_send_plink_action(wpa_s, sta,
868 PLINK_CLOSE, reason);
879 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION;
882 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
884 reason = WLAN_REASON_MESH_CLOSE_RCVD;
885 eloop_register_timeout(
886 conf->dot11MeshHoldingTimeout / 1000,
887 (conf->dot11MeshHoldingTimeout % 1000) * 1000,
888 plink_timer, wpa_s, sta);
889 mesh_mpm_send_plink_action(wpa_s, sta,
890 PLINK_CLOSE, reason);
893 /* retry timer is left untouched */
894 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_OPN_RCVD);
895 mesh_mpm_send_plink_action(wpa_s, sta,
899 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_CNF_RCVD);
900 eloop_cancel_timeout(plink_timer, wpa_s, sta);
901 eloop_register_timeout(
902 conf->dot11MeshConfirmTimeout / 1000,
903 (conf->dot11MeshConfirmTimeout % 1000) * 1000,
904 plink_timer, wpa_s, sta);
915 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION;
918 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
920 reason = WLAN_REASON_MESH_CLOSE_RCVD;
921 eloop_register_timeout(
922 conf->dot11MeshHoldingTimeout / 1000,
923 (conf->dot11MeshHoldingTimeout % 1000) * 1000,
924 plink_timer, wpa_s, sta);
925 sta->mpm_close_reason = reason;
926 mesh_mpm_send_plink_action(wpa_s, sta,
927 PLINK_CLOSE, reason);
930 mesh_mpm_send_plink_action(wpa_s, sta,
934 if (conf->security & MESH_CONF_SEC_AMPE)
935 mesh_rsn_derive_mtk(wpa_s, sta);
936 mesh_mpm_plink_estab(wpa_s, sta);
947 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION;
950 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
952 reason = WLAN_REASON_MESH_CLOSE_RCVD;
953 eloop_register_timeout(
954 conf->dot11MeshHoldingTimeout / 1000,
955 (conf->dot11MeshHoldingTimeout % 1000) * 1000,
956 plink_timer, wpa_s, sta);
957 sta->mpm_close_reason = reason;
958 mesh_mpm_send_plink_action(wpa_s, sta,
959 PLINK_CLOSE, reason);
962 if (conf->security & MESH_CONF_SEC_AMPE)
963 mesh_rsn_derive_mtk(wpa_s, sta);
964 mesh_mpm_plink_estab(wpa_s, sta);
965 mesh_mpm_send_plink_action(wpa_s, sta,
977 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING);
979 reason = WLAN_REASON_MESH_CLOSE_RCVD;
981 eloop_register_timeout(
982 conf->dot11MeshHoldingTimeout / 1000,
983 (conf->dot11MeshHoldingTimeout % 1000) * 1000,
984 plink_timer, wpa_s, sta);
985 sta->mpm_close_reason = reason;
987 wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR
988 " closed with reason %d",
989 MAC2STR(sta->addr), reason);
991 wpa_msg(wpa_s, MSG_INFO, MESH_PEER_DISCONNECTED MACSTR,
996 mesh_mpm_send_plink_action(wpa_s, sta,
997 PLINK_CLOSE, reason);
1000 mesh_mpm_send_plink_action(wpa_s, sta,
1010 mesh_mpm_fsm_restart(wpa_s, sta);
1016 reason = sta->mpm_close_reason;
1017 mesh_mpm_send_plink_action(wpa_s, sta,
1018 PLINK_CLOSE, reason);
1025 wpa_msg(wpa_s, MSG_DEBUG,
1026 "Unsupported MPM event %s for state %s",
1027 mplevent[event], mplstate[sta->plink_state]);
1033 void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s,
1034 const struct ieee80211_mgmt *mgmt, size_t len)
1037 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
1038 struct mesh_conf *mconf = wpa_s->ifmsh->mconf;
1039 struct sta_info *sta;
1040 u16 plid = 0, llid = 0;
1041 enum plink_event event;
1042 struct ieee802_11_elems elems;
1043 struct mesh_peer_mgmt_ie peer_mgmt_ie;
1049 if (mgmt->u.action.category != WLAN_ACTION_SELF_PROTECTED)
1052 action_field = mgmt->u.action.u.slf_prot_action.action;
1053 if (action_field != PLINK_OPEN &&
1054 action_field != PLINK_CONFIRM &&
1055 action_field != PLINK_CLOSE)
1058 ies = mgmt->u.action.u.slf_prot_action.variable;
1059 ie_len = (const u8 *) mgmt + len -
1060 mgmt->u.action.u.slf_prot_action.variable;
1062 /* at least expect mesh id and peering mgmt */
1063 if (ie_len < 2 + 2) {
1064 wpa_printf(MSG_DEBUG,
1065 "MPM: Ignore too short action frame %u ie_len %u",
1066 action_field, (unsigned int) ie_len);
1069 wpa_printf(MSG_DEBUG, "MPM: Received PLINK action %u", action_field);
1071 if (action_field == PLINK_OPEN || action_field == PLINK_CONFIRM) {
1072 wpa_printf(MSG_DEBUG, "MPM: Capability 0x%x",
1074 ies += 2; /* capability */
1077 if (action_field == PLINK_CONFIRM) {
1078 wpa_printf(MSG_DEBUG, "MPM: AID 0x%x", WPA_GET_LE16(ies));
1083 /* check for mesh peering, mesh id and mesh config IEs */
1084 if (ieee802_11_parse_elems(ies, ie_len, &elems, 0) == ParseFailed) {
1085 wpa_printf(MSG_DEBUG, "MPM: Failed to parse PLINK IEs");
1088 if (!elems.peer_mgmt) {
1089 wpa_printf(MSG_DEBUG,
1090 "MPM: No Mesh Peering Management element");
1093 if (action_field != PLINK_CLOSE) {
1094 if (!elems.mesh_id || !elems.mesh_config) {
1095 wpa_printf(MSG_DEBUG,
1096 "MPM: No Mesh ID or Mesh Configuration element");
1100 if (!matches_local(wpa_s, &elems)) {
1101 wpa_printf(MSG_DEBUG,
1102 "MPM: Mesh ID or Mesh Configuration element do not match local MBSS");
1107 ret = mesh_mpm_parse_peer_mgmt(wpa_s, action_field,
1109 elems.peer_mgmt_len,
1112 wpa_printf(MSG_DEBUG, "MPM: Mesh parsing rejected frame");
1116 /* the sender's llid is our plid and vice-versa */
1117 plid = WPA_GET_LE16(peer_mgmt_ie.llid);
1118 if (peer_mgmt_ie.plid)
1119 llid = WPA_GET_LE16(peer_mgmt_ie.plid);
1120 wpa_printf(MSG_DEBUG, "MPM: plid=0x%x llid=0x%x", plid, llid);
1122 if (action_field == PLINK_CLOSE)
1123 wpa_printf(MSG_DEBUG, "MPM: close reason=%u",
1124 WPA_GET_LE16(peer_mgmt_ie.reason));
1126 sta = ap_get_sta(hapd, mgmt->sa);
1129 * If this is an open frame from an unknown STA, and this is an
1130 * open mesh, then go ahead and add the peer before proceeding.
1132 if (!sta && action_field == PLINK_OPEN &&
1133 (!(mconf->security & MESH_CONF_SEC_AMPE) ||
1134 wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa)))
1135 sta = mesh_mpm_add_peer(wpa_s, mgmt->sa, &elems);
1138 wpa_printf(MSG_DEBUG, "MPM: No STA entry for peer");
1143 /* peer is in sae_accepted? */
1144 if (sta->sae && sta->sae->state != SAE_ACCEPTED) {
1145 wpa_printf(MSG_DEBUG, "MPM: SAE not yet accepted for peer");
1148 #endif /* CONFIG_SAE */
1151 mesh_mpm_init_link(wpa_s, sta);
1153 if (mconf->security & MESH_CONF_SEC_AMPE) {
1156 res = mesh_rsn_process_ampe(wpa_s, sta, &elems,
1157 &mgmt->u.action.category,
1158 peer_mgmt_ie.chosen_pmk,
1161 wpa_printf(MSG_DEBUG,
1162 "MPM: RSN process rejected frame (res=%d)",
1164 if (action_field == PLINK_OPEN && res == -2) {
1165 /* AES-SIV decryption failed */
1166 mesh_mpm_fsm(wpa_s, sta, OPN_RJCT,
1167 WLAN_REASON_MESH_INVALID_GTK);
1173 if (sta->plink_state == PLINK_BLOCKED) {
1174 wpa_printf(MSG_DEBUG, "MPM: PLINK_BLOCKED");
1178 /* Now we will figure out the appropriate event... */
1179 switch (action_field) {
1181 if (plink_free_count(hapd) == 0) {
1183 reason = WLAN_REASON_MESH_MAX_PEERS;
1184 wpa_printf(MSG_INFO,
1185 "MPM: Peer link num over quota(%d)",
1187 } else if (sta->peer_lid && sta->peer_lid != plid) {
1188 return; /* no FSM event */
1190 sta->peer_lid = plid;
1195 if (plink_free_count(hapd) == 0) {
1197 reason = WLAN_REASON_MESH_MAX_PEERS;
1198 wpa_printf(MSG_INFO,
1199 "MPM: Peer link num over quota(%d)",
1201 } else if (sta->my_lid != llid ||
1202 (sta->peer_lid && sta->peer_lid != plid)) {
1203 return; /* no FSM event */
1206 sta->peer_lid = plid;
1211 if (sta->plink_state == PLINK_ESTAB)
1212 /* Do not check for llid or plid. This does not
1213 * follow the standard but since multiple plinks
1214 * per cand are not supported, it is necessary in
1215 * order to avoid a livelock when MP A sees an
1216 * establish peer link to MP B but MP B does not
1217 * see it. This can be caused by a timeout in
1218 * B's peer link establishment or B being
1222 else if (sta->peer_lid != plid)
1223 return; /* no FSM event */
1224 else if (peer_mgmt_ie.plid && sta->my_lid != llid)
1225 return; /* no FSM event */
1231 * This cannot be hit due to the action_field check above, but
1232 * compilers may not be able to figure that out and can warn
1233 * about uninitialized event below.
1237 mesh_mpm_fsm(wpa_s, sta, event, reason);
1241 /* called by ap_free_sta */
1242 void mesh_mpm_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
1244 if (sta->plink_state == PLINK_ESTAB)
1246 eloop_cancel_timeout(plink_timer, ELOOP_ALL_CTX, sta);
1247 eloop_cancel_timeout(mesh_auth_timer, ELOOP_ALL_CTX, sta);