events.c revision 7db4ef75f0190d98dbc84f8968ede3ac0ae29571
1/* 2 * WPA Supplicant - Driver event processing 3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#include "common.h" 12#include "eapol_supp/eapol_supp_sm.h" 13#include "rsn_supp/wpa.h" 14#include "eloop.h" 15#include "config.h" 16#include "l2_packet/l2_packet.h" 17#include "wpa_supplicant_i.h" 18#include "driver_i.h" 19#include "pcsc_funcs.h" 20#include "rsn_supp/preauth.h" 21#include "rsn_supp/pmksa_cache.h" 22#include "common/wpa_ctrl.h" 23#include "eap_peer/eap.h" 24#include "ap/hostapd.h" 25#include "p2p/p2p.h" 26#include "notify.h" 27#include "common/ieee802_11_defs.h" 28#include "common/ieee802_11_common.h" 29#include "crypto/random.h" 30#include "blacklist.h" 31#include "wpas_glue.h" 32#include "wps_supplicant.h" 33#include "ibss_rsn.h" 34#include "sme.h" 35#include "gas_query.h" 36#include "p2p_supplicant.h" 37#include "bgscan.h" 38#include "ap.h" 39#include "bss.h" 40#include "scan.h" 41#include "offchannel.h" 42 43 44static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s) 45{ 46 struct wpa_ssid *ssid, *old_ssid; 47 48 if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid) 49 return 0; 50 51 wpa_dbg(wpa_s, MSG_DEBUG, "Select network based on association " 52 "information"); 53 ssid = wpa_supplicant_get_ssid(wpa_s); 54 if (ssid == NULL) { 55 wpa_msg(wpa_s, MSG_INFO, 56 "No network configuration found for the current AP"); 57 return -1; 58 } 59 60 if (ssid->disabled) { 61 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is disabled"); 62 return -1; 63 } 64 65 wpa_dbg(wpa_s, MSG_DEBUG, "Network configuration found for the " 66 "current AP"); 67 if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) { 68 u8 wpa_ie[80]; 69 size_t wpa_ie_len = sizeof(wpa_ie); 70 wpa_supplicant_set_suites(wpa_s, NULL, ssid, 71 wpa_ie, &wpa_ie_len); 72 } else { 73 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 74 } 75 76 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) 77 eapol_sm_invalidate_cached_session(wpa_s->eapol); 78 old_ssid = wpa_s->current_ssid; 79 wpa_s->current_ssid = ssid; 80 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid); 81 wpa_supplicant_initiate_eapol(wpa_s); 82 if (old_ssid != wpa_s->current_ssid) 83 wpas_notify_network_changed(wpa_s); 84 85 return 0; 86} 87 88 89void wpa_supplicant_stop_countermeasures(void *eloop_ctx, void *sock_ctx) 90{ 91 struct wpa_supplicant *wpa_s = eloop_ctx; 92 93 if (wpa_s->countermeasures) { 94 wpa_s->countermeasures = 0; 95 wpa_drv_set_countermeasures(wpa_s, 0); 96 wpa_msg(wpa_s, MSG_INFO, "WPA: TKIP countermeasures stopped"); 97 wpa_supplicant_req_scan(wpa_s, 0, 0); 98 } 99} 100 101 102void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s) 103{ 104 int bssid_changed; 105 106#ifdef CONFIG_IBSS_RSN 107 ibss_rsn_deinit(wpa_s->ibss_rsn); 108 wpa_s->ibss_rsn = NULL; 109#endif /* CONFIG_IBSS_RSN */ 110 111#ifdef CONFIG_AP 112 wpa_supplicant_ap_deinit(wpa_s); 113#endif /* CONFIG_AP */ 114 115 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) 116 return; 117 118 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 119#ifdef ANDROID 120 wpa_s->conf->ap_scan = DEFAULT_AP_SCAN; 121#endif 122 bssid_changed = !is_zero_ether_addr(wpa_s->bssid); 123 os_memset(wpa_s->bssid, 0, ETH_ALEN); 124 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 125#ifdef CONFIG_P2P 126 os_memset(wpa_s->go_dev_addr, 0, ETH_ALEN); 127#endif /* CONFIG_P2P */ 128 wpa_s->current_bss = NULL; 129 wpa_s->assoc_freq = 0; 130#ifdef CONFIG_IEEE80211R 131#ifdef CONFIG_SME 132 if (wpa_s->sme.ft_ies) 133 sme_update_ft_ies(wpa_s, NULL, NULL, 0); 134#endif /* CONFIG_SME */ 135#endif /* CONFIG_IEEE80211R */ 136 137 if (bssid_changed) 138 wpas_notify_bssid_changed(wpa_s); 139 140 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); 141 eapol_sm_notify_portValid(wpa_s->eapol, FALSE); 142 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) 143 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); 144 wpa_s->ap_ies_from_associnfo = 0; 145} 146 147 148static void wpa_find_assoc_pmkid(struct wpa_supplicant *wpa_s) 149{ 150 struct wpa_ie_data ie; 151 int pmksa_set = -1; 152 size_t i; 153 154 if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 || 155 ie.pmkid == NULL) 156 return; 157 158 for (i = 0; i < ie.num_pmkid; i++) { 159 pmksa_set = pmksa_cache_set_current(wpa_s->wpa, 160 ie.pmkid + i * PMKID_LEN, 161 NULL, NULL, 0); 162 if (pmksa_set == 0) { 163 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1); 164 break; 165 } 166 } 167 168 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID from assoc IE %sfound from " 169 "PMKSA cache", pmksa_set == 0 ? "" : "not "); 170} 171 172 173static void wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant *wpa_s, 174 union wpa_event_data *data) 175{ 176 if (data == NULL) { 177 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: No data in PMKID candidate " 178 "event"); 179 return; 180 } 181 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID candidate event - bssid=" MACSTR 182 " index=%d preauth=%d", 183 MAC2STR(data->pmkid_candidate.bssid), 184 data->pmkid_candidate.index, 185 data->pmkid_candidate.preauth); 186 187 pmksa_candidate_add(wpa_s->wpa, data->pmkid_candidate.bssid, 188 data->pmkid_candidate.index, 189 data->pmkid_candidate.preauth); 190} 191 192 193static int wpa_supplicant_dynamic_keys(struct wpa_supplicant *wpa_s) 194{ 195 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 196 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) 197 return 0; 198 199#ifdef IEEE8021X_EAPOL 200 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA && 201 wpa_s->current_ssid && 202 !(wpa_s->current_ssid->eapol_flags & 203 (EAPOL_FLAG_REQUIRE_KEY_UNICAST | 204 EAPOL_FLAG_REQUIRE_KEY_BROADCAST))) { 205 /* IEEE 802.1X, but not using dynamic WEP keys (i.e., either 206 * plaintext or static WEP keys). */ 207 return 0; 208 } 209#endif /* IEEE8021X_EAPOL */ 210 211 return 1; 212} 213 214 215/** 216 * wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC 217 * @wpa_s: pointer to wpa_supplicant data 218 * @ssid: Configuration data for the network 219 * Returns: 0 on success, -1 on failure 220 * 221 * This function is called when starting authentication with a network that is 222 * configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA). 223 */ 224int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s, 225 struct wpa_ssid *ssid) 226{ 227#ifdef IEEE8021X_EAPOL 228#ifdef PCSC_FUNCS 229 int aka = 0, sim = 0, type; 230 231 if (ssid->eap.pcsc == NULL || wpa_s->scard != NULL) 232 return 0; 233 234 if (ssid->eap.eap_methods == NULL) { 235 sim = 1; 236 aka = 1; 237 } else { 238 struct eap_method_type *eap = ssid->eap.eap_methods; 239 while (eap->vendor != EAP_VENDOR_IETF || 240 eap->method != EAP_TYPE_NONE) { 241 if (eap->vendor == EAP_VENDOR_IETF) { 242 if (eap->method == EAP_TYPE_SIM) 243 sim = 1; 244 else if (eap->method == EAP_TYPE_AKA) 245 aka = 1; 246 } 247 eap++; 248 } 249 } 250 251 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL) 252 sim = 0; 253 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL) 254 aka = 0; 255 256 if (!sim && !aka) { 257 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to " 258 "use SIM, but neither EAP-SIM nor EAP-AKA are " 259 "enabled"); 260 return 0; 261 } 262 263 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to use SIM " 264 "(sim=%d aka=%d) - initialize PCSC", sim, aka); 265 if (sim && aka) 266 type = SCARD_TRY_BOTH; 267 else if (aka) 268 type = SCARD_USIM_ONLY; 269 else 270 type = SCARD_GSM_SIM_ONLY; 271 272 wpa_s->scard = scard_init(type); 273 if (wpa_s->scard == NULL) { 274 wpa_msg(wpa_s, MSG_WARNING, "Failed to initialize SIM " 275 "(pcsc-lite)"); 276 return -1; 277 } 278 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard); 279 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); 280#endif /* PCSC_FUNCS */ 281#endif /* IEEE8021X_EAPOL */ 282 283 return 0; 284} 285 286 287#ifndef CONFIG_NO_SCAN_PROCESSING 288static int wpa_supplicant_match_privacy(struct wpa_scan_res *bss, 289 struct wpa_ssid *ssid) 290{ 291 int i, privacy = 0; 292 293 if (ssid->mixed_cell) 294 return 1; 295 296#ifdef CONFIG_WPS 297 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) 298 return 1; 299#endif /* CONFIG_WPS */ 300 301 for (i = 0; i < NUM_WEP_KEYS; i++) { 302 if (ssid->wep_key_len[i]) { 303 privacy = 1; 304 break; 305 } 306 } 307#ifdef IEEE8021X_EAPOL 308 if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && 309 ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST | 310 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) 311 privacy = 1; 312#endif /* IEEE8021X_EAPOL */ 313 314 if (wpa_key_mgmt_wpa(ssid->key_mgmt)) 315 privacy = 1; 316 317 if (bss->caps & IEEE80211_CAP_PRIVACY) 318 return privacy; 319 return !privacy; 320} 321 322 323static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, 324 struct wpa_ssid *ssid, 325 struct wpa_scan_res *bss) 326{ 327 struct wpa_ie_data ie; 328 int proto_match = 0; 329 const u8 *rsn_ie, *wpa_ie; 330 int ret; 331 int wep_ok; 332 333 ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss); 334 if (ret >= 0) 335 return ret; 336 337 /* Allow TSN if local configuration accepts WEP use without WPA/WPA2 */ 338 wep_ok = !wpa_key_mgmt_wpa(ssid->key_mgmt) && 339 (((ssid->key_mgmt & WPA_KEY_MGMT_NONE) && 340 ssid->wep_key_len[ssid->wep_tx_keyidx] > 0) || 341 (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)); 342 343 rsn_ie = wpa_scan_get_ie(bss, WLAN_EID_RSN); 344 while ((ssid->proto & WPA_PROTO_RSN) && rsn_ie) { 345 proto_match++; 346 347 if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) { 348 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - parse " 349 "failed"); 350 break; 351 } 352 353 if (wep_ok && 354 (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104))) 355 { 356 wpa_dbg(wpa_s, MSG_DEBUG, " selected based on TSN " 357 "in RSN IE"); 358 return 1; 359 } 360 361 if (!(ie.proto & ssid->proto)) { 362 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - proto " 363 "mismatch"); 364 break; 365 } 366 367 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) { 368 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - PTK " 369 "cipher mismatch"); 370 break; 371 } 372 373 if (!(ie.group_cipher & ssid->group_cipher)) { 374 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - GTK " 375 "cipher mismatch"); 376 break; 377 } 378 379 if (!(ie.key_mgmt & ssid->key_mgmt)) { 380 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - key mgmt " 381 "mismatch"); 382 break; 383 } 384 385#ifdef CONFIG_IEEE80211W 386 if (!(ie.capabilities & WPA_CAPABILITY_MFPC) && 387 ssid->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) { 388 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - no mgmt " 389 "frame protection"); 390 break; 391 } 392#endif /* CONFIG_IEEE80211W */ 393 394 wpa_dbg(wpa_s, MSG_DEBUG, " selected based on RSN IE"); 395 return 1; 396 } 397 398 wpa_ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 399 while ((ssid->proto & WPA_PROTO_WPA) && wpa_ie) { 400 proto_match++; 401 402 if (wpa_parse_wpa_ie(wpa_ie, 2 + wpa_ie[1], &ie)) { 403 wpa_dbg(wpa_s, MSG_DEBUG, " skip WPA IE - parse " 404 "failed"); 405 break; 406 } 407 408 if (wep_ok && 409 (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104))) 410 { 411 wpa_dbg(wpa_s, MSG_DEBUG, " selected based on TSN " 412 "in WPA IE"); 413 return 1; 414 } 415 416 if (!(ie.proto & ssid->proto)) { 417 wpa_dbg(wpa_s, MSG_DEBUG, " skip WPA IE - proto " 418 "mismatch"); 419 break; 420 } 421 422 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) { 423 wpa_dbg(wpa_s, MSG_DEBUG, " skip WPA IE - PTK " 424 "cipher mismatch"); 425 break; 426 } 427 428 if (!(ie.group_cipher & ssid->group_cipher)) { 429 wpa_dbg(wpa_s, MSG_DEBUG, " skip WPA IE - GTK " 430 "cipher mismatch"); 431 break; 432 } 433 434 if (!(ie.key_mgmt & ssid->key_mgmt)) { 435 wpa_dbg(wpa_s, MSG_DEBUG, " skip WPA IE - key mgmt " 436 "mismatch"); 437 break; 438 } 439 440 wpa_dbg(wpa_s, MSG_DEBUG, " selected based on WPA IE"); 441 return 1; 442 } 443 444 if ((ssid->proto & (WPA_PROTO_WPA | WPA_PROTO_RSN)) && 445 wpa_key_mgmt_wpa(ssid->key_mgmt) && proto_match == 0) { 446 wpa_dbg(wpa_s, MSG_DEBUG, " skip - no WPA/RSN proto match"); 447 return 0; 448 } 449 450 if (!wpa_key_mgmt_wpa(ssid->key_mgmt)) { 451 wpa_dbg(wpa_s, MSG_DEBUG, " allow in non-WPA/WPA2"); 452 return 1; 453 } 454 455 wpa_dbg(wpa_s, MSG_DEBUG, " reject due to mismatch with " 456 "WPA/WPA2"); 457 458 return 0; 459} 460 461 462static int freq_allowed(int *freqs, int freq) 463{ 464 int i; 465 466 if (freqs == NULL) 467 return 1; 468 469 for (i = 0; freqs[i]; i++) 470 if (freqs[i] == freq) 471 return 1; 472 return 0; 473} 474 475 476static int ht_supported(const struct hostapd_hw_modes *mode) 477{ 478 if (!(mode->flags & HOSTAPD_MODE_FLAG_HT_INFO_KNOWN)) { 479 /* 480 * The driver did not indicate whether it supports HT. Assume 481 * it does to avoid connection issues. 482 */ 483 return 1; 484 } 485 486 /* 487 * IEEE Std 802.11n-2009 20.1.1: 488 * An HT non-AP STA shall support all EQM rates for one spatial stream. 489 */ 490 return mode->mcs_set[0] == 0xff; 491} 492 493 494static int rate_match(struct wpa_supplicant *wpa_s, struct wpa_scan_res *bss) 495{ 496 const struct hostapd_hw_modes *mode = NULL, *modes; 497 const u8 scan_ie[2] = { WLAN_EID_SUPP_RATES, WLAN_EID_EXT_SUPP_RATES }; 498 const u8 *rate_ie; 499 int i, j, k; 500 501 if (bss->freq == 0) 502 return 1; /* Cannot do matching without knowing band */ 503 504 modes = wpa_s->hw.modes; 505 if (modes == NULL) { 506 /* 507 * The driver does not provide any additional information 508 * about the utilized hardware, so allow the connection attempt 509 * to continue. 510 */ 511 return 1; 512 } 513 514 for (i = 0; i < wpa_s->hw.num_modes; i++) { 515 for (j = 0; j < modes[i].num_channels; j++) { 516 int freq = modes[i].channels[j].freq; 517 if (freq == bss->freq) { 518 if (mode && 519 mode->mode == HOSTAPD_MODE_IEEE80211G) 520 break; /* do not allow 802.11b replace 521 * 802.11g */ 522 mode = &modes[i]; 523 break; 524 } 525 } 526 } 527 528 if (mode == NULL) 529 return 0; 530 531 for (i = 0; i < (int) sizeof(scan_ie); i++) { 532 rate_ie = wpa_scan_get_ie(bss, scan_ie[i]); 533 if (rate_ie == NULL) 534 continue; 535 536 for (j = 2; j < rate_ie[1] + 2; j++) { 537 int flagged = !!(rate_ie[j] & 0x80); 538 int r = (rate_ie[j] & 0x7f) * 5; 539 540 /* 541 * IEEE Std 802.11n-2009 7.3.2.2: 542 * The new BSS Membership selector value is encoded 543 * like a legacy basic rate, but it is not a rate and 544 * only indicates if the BSS members are required to 545 * support the mandatory features of Clause 20 [HT PHY] 546 * in order to join the BSS. 547 */ 548 if (flagged && ((rate_ie[j] & 0x7f) == 549 BSS_MEMBERSHIP_SELECTOR_HT_PHY)) { 550 if (!ht_supported(mode)) { 551 wpa_dbg(wpa_s, MSG_DEBUG, 552 " hardware does not support " 553 "HT PHY"); 554 return 0; 555 } 556 continue; 557 } 558 559 if (!flagged) 560 continue; 561 562 /* check for legacy basic rates */ 563 for (k = 0; k < mode->num_rates; k++) { 564 if (mode->rates[k] == r) 565 break; 566 } 567 if (k == mode->num_rates) { 568 /* 569 * IEEE Std 802.11-2007 7.3.2.2 demands that in 570 * order to join a BSS all required rates 571 * have to be supported by the hardware. 572 */ 573 wpa_dbg(wpa_s, MSG_DEBUG, " hardware does " 574 "not support required rate %d.%d Mbps", 575 r / 10, r % 10); 576 return 0; 577 } 578 } 579 } 580 581 return 1; 582} 583 584 585static struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s, 586 int i, struct wpa_scan_res *bss, 587 struct wpa_ssid *group) 588{ 589 const u8 *ssid_; 590 u8 wpa_ie_len, rsn_ie_len, ssid_len; 591 int wpa; 592 struct wpa_blacklist *e; 593 const u8 *ie; 594 struct wpa_ssid *ssid; 595 596 ie = wpa_scan_get_ie(bss, WLAN_EID_SSID); 597 ssid_ = ie ? ie + 2 : (u8 *) ""; 598 ssid_len = ie ? ie[1] : 0; 599 600 ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 601 wpa_ie_len = ie ? ie[1] : 0; 602 603 ie = wpa_scan_get_ie(bss, WLAN_EID_RSN); 604 rsn_ie_len = ie ? ie[1] : 0; 605 606 wpa_dbg(wpa_s, MSG_DEBUG, "%d: " MACSTR " ssid='%s' " 607 "wpa_ie_len=%u rsn_ie_len=%u caps=0x%x level=%d%s", 608 i, MAC2STR(bss->bssid), wpa_ssid_txt(ssid_, ssid_len), 609 wpa_ie_len, rsn_ie_len, bss->caps, bss->level, 610 wpa_scan_get_vendor_ie(bss, WPS_IE_VENDOR_TYPE) ? " wps" : ""); 611 612 e = wpa_blacklist_get(wpa_s, bss->bssid); 613 if (e) { 614 int limit = 1; 615 if (wpa_supplicant_enabled_networks(wpa_s->conf) == 1) { 616 /* 617 * When only a single network is enabled, we can 618 * trigger blacklisting on the first failure. This 619 * should not be done with multiple enabled networks to 620 * avoid getting forced to move into a worse ESS on 621 * single error if there are no other BSSes of the 622 * current ESS. 623 */ 624 limit = 0; 625 } 626 if (e->count > limit) { 627 wpa_dbg(wpa_s, MSG_DEBUG, " skip - blacklisted " 628 "(count=%d limit=%d)", e->count, limit); 629 return NULL; 630 } 631 } 632 633 if (ssid_len == 0) { 634 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID not known"); 635 return NULL; 636 } 637 638 wpa = wpa_ie_len > 0 || rsn_ie_len > 0; 639 640 for (ssid = group; ssid; ssid = ssid->pnext) { 641 int check_ssid = wpa ? 1 : (ssid->ssid_len != 0); 642 643 if (ssid->disabled) { 644 wpa_dbg(wpa_s, MSG_DEBUG, " skip - disabled"); 645 continue; 646 } 647 648#ifdef CONFIG_WPS 649 if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && e && e->count > 0) { 650 wpa_dbg(wpa_s, MSG_DEBUG, " skip - blacklisted " 651 "(WPS)"); 652 continue; 653 } 654 655 if (wpa && ssid->ssid_len == 0 && 656 wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss)) 657 check_ssid = 0; 658 659 if (!wpa && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { 660 /* Only allow wildcard SSID match if an AP 661 * advertises active WPS operation that matches 662 * with our mode. */ 663 check_ssid = 1; 664 if (ssid->ssid_len == 0 && 665 wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss)) 666 check_ssid = 0; 667 } 668#endif /* CONFIG_WPS */ 669 670 if (ssid->bssid_set && ssid->ssid_len == 0 && 671 os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) == 0) 672 check_ssid = 0; 673 674 if (check_ssid && 675 (ssid_len != ssid->ssid_len || 676 os_memcmp(ssid_, ssid->ssid, ssid_len) != 0)) { 677 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID mismatch"); 678 continue; 679 } 680 681 if (ssid->bssid_set && 682 os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0) { 683 wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID mismatch"); 684 continue; 685 } 686 687 if (!wpa_supplicant_ssid_bss_match(wpa_s, ssid, bss)) 688 continue; 689 690 if (!wpa && 691 !(ssid->key_mgmt & WPA_KEY_MGMT_NONE) && 692 !(ssid->key_mgmt & WPA_KEY_MGMT_WPS) && 693 !(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) { 694 wpa_dbg(wpa_s, MSG_DEBUG, " skip - non-WPA network " 695 "not allowed"); 696 continue; 697 } 698 699 if (!wpa_supplicant_match_privacy(bss, ssid)) { 700 wpa_dbg(wpa_s, MSG_DEBUG, " skip - privacy " 701 "mismatch"); 702 continue; 703 } 704 705 if (bss->caps & IEEE80211_CAP_IBSS) { 706 wpa_dbg(wpa_s, MSG_DEBUG, " skip - IBSS (adhoc) " 707 "network"); 708 continue; 709 } 710 711 if (!freq_allowed(ssid->freq_list, bss->freq)) { 712 wpa_dbg(wpa_s, MSG_DEBUG, " skip - frequency not " 713 "allowed"); 714 continue; 715 } 716 717 if (!rate_match(wpa_s, bss)) { 718 wpa_dbg(wpa_s, MSG_DEBUG, " skip - rate sets do " 719 "not match"); 720 continue; 721 } 722 723#ifdef CONFIG_P2P 724 /* 725 * TODO: skip the AP if its P2P IE has Group Formation 726 * bit set in the P2P Group Capability Bitmap and we 727 * are not in Group Formation with that device. 728 */ 729#endif /* CONFIG_P2P */ 730 731 /* Matching configuration found */ 732 return ssid; 733 } 734 735 /* No matching configuration found */ 736 return NULL; 737} 738 739 740static struct wpa_bss * 741wpa_supplicant_select_bss(struct wpa_supplicant *wpa_s, 742 struct wpa_scan_results *scan_res, 743 struct wpa_ssid *group, 744 struct wpa_ssid **selected_ssid) 745{ 746 size_t i; 747 748 wpa_dbg(wpa_s, MSG_DEBUG, "Selecting BSS from priority group %d", 749 group->priority); 750 751 for (i = 0; i < scan_res->num; i++) { 752 struct wpa_scan_res *bss = scan_res->res[i]; 753 const u8 *ie, *ssid; 754 u8 ssid_len; 755 756 *selected_ssid = wpa_scan_res_match(wpa_s, i, bss, group); 757 if (!*selected_ssid) 758 continue; 759 760 ie = wpa_scan_get_ie(bss, WLAN_EID_SSID); 761 ssid = ie ? ie + 2 : (u8 *) ""; 762 ssid_len = ie ? ie[1] : 0; 763 764 wpa_dbg(wpa_s, MSG_DEBUG, " selected BSS " MACSTR 765 " ssid='%s'", 766 MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len)); 767 return wpa_bss_get(wpa_s, bss->bssid, ssid, ssid_len); 768 } 769 770 return NULL; 771} 772 773 774static struct wpa_bss * 775wpa_supplicant_pick_network(struct wpa_supplicant *wpa_s, 776 struct wpa_scan_results *scan_res, 777 struct wpa_ssid **selected_ssid) 778{ 779 struct wpa_bss *selected = NULL; 780 int prio; 781 782 while (selected == NULL) { 783 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) { 784 selected = wpa_supplicant_select_bss( 785 wpa_s, scan_res, wpa_s->conf->pssid[prio], 786 selected_ssid); 787 if (selected) 788 break; 789 } 790 791 if (selected == NULL && wpa_s->blacklist && 792 !wpa_s->countermeasures) { 793 wpa_dbg(wpa_s, MSG_DEBUG, "No APs found - clear " 794 "blacklist and try again"); 795 wpa_blacklist_clear(wpa_s); 796 wpa_s->blacklist_cleared++; 797 } else if (selected == NULL) 798 break; 799 } 800 801 return selected; 802} 803 804 805static void wpa_supplicant_req_new_scan(struct wpa_supplicant *wpa_s, 806 int timeout_sec, int timeout_usec) 807{ 808 if (!wpa_supplicant_enabled_networks(wpa_s->conf)) { 809 /* 810 * No networks are enabled; short-circuit request so 811 * we don't wait timeout seconds before transitioning 812 * to INACTIVE state. 813 */ 814 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 815 return; 816 } 817 wpa_supplicant_req_scan(wpa_s, timeout_sec, timeout_usec); 818} 819 820 821int wpa_supplicant_connect(struct wpa_supplicant *wpa_s, 822 struct wpa_bss *selected, 823 struct wpa_ssid *ssid) 824{ 825 if (wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) { 826 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP 827 "PBC session overlap"); 828#ifdef CONFIG_P2P 829 if (wpas_p2p_notif_pbc_overlap(wpa_s) == 1) 830 return -1; 831#endif /* CONFIG_P2P */ 832 833#ifdef CONFIG_WPS 834 wpas_wps_cancel(wpa_s); 835#endif /* CONFIG_WPS */ 836 return -1; 837 } 838 839 /* 840 * Do not trigger new association unless the BSSID has changed or if 841 * reassociation is requested. If we are in process of associating with 842 * the selected BSSID, do not trigger new attempt. 843 */ 844 if (wpa_s->reassociate || 845 (os_memcmp(selected->bssid, wpa_s->bssid, ETH_ALEN) != 0 && 846 ((wpa_s->wpa_state != WPA_ASSOCIATING && 847 wpa_s->wpa_state != WPA_AUTHENTICATING) || 848 os_memcmp(selected->bssid, wpa_s->pending_bssid, ETH_ALEN) != 849 0))) { 850 if (wpa_supplicant_scard_init(wpa_s, ssid)) { 851 wpa_supplicant_req_new_scan(wpa_s, 10, 0); 852 return 0; 853 } 854 wpa_msg(wpa_s, MSG_DEBUG, "Request association: " 855 "reassociate: %d selected: "MACSTR " bssid: " MACSTR 856 " pending: " MACSTR " wpa_state: %s", 857 wpa_s->reassociate, MAC2STR(selected->bssid), 858 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid), 859 wpa_supplicant_state_txt(wpa_s->wpa_state)); 860 wpa_supplicant_associate(wpa_s, selected, ssid); 861 } else { 862 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with the " 863 "selected AP"); 864 } 865 866 return 0; 867} 868 869 870static struct wpa_ssid * 871wpa_supplicant_pick_new_network(struct wpa_supplicant *wpa_s) 872{ 873 int prio; 874 struct wpa_ssid *ssid; 875 876 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) { 877 for (ssid = wpa_s->conf->pssid[prio]; ssid; ssid = ssid->pnext) 878 { 879 if (ssid->disabled) 880 continue; 881 if (ssid->mode == IEEE80211_MODE_IBSS || 882 ssid->mode == IEEE80211_MODE_AP) 883 return ssid; 884 } 885 } 886 return NULL; 887} 888 889 890/* TODO: move the rsn_preauth_scan_result*() to be called from notify.c based 891 * on BSS added and BSS changed events */ 892static void wpa_supplicant_rsn_preauth_scan_results( 893 struct wpa_supplicant *wpa_s) 894{ 895 struct wpa_bss *bss; 896 897 if (rsn_preauth_scan_results(wpa_s->wpa) < 0) 898 return; 899 900 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 901 const u8 *ssid, *rsn; 902 903 ssid = wpa_bss_get_ie(bss, WLAN_EID_SSID); 904 if (ssid == NULL) 905 continue; 906 907 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); 908 if (rsn == NULL) 909 continue; 910 911 rsn_preauth_scan_result(wpa_s->wpa, bss->bssid, ssid, rsn); 912 } 913 914} 915 916 917static int wpa_supplicant_need_to_roam(struct wpa_supplicant *wpa_s, 918 struct wpa_bss *selected, 919 struct wpa_ssid *ssid, 920 struct wpa_scan_results *scan_res) 921{ 922 size_t i; 923 struct wpa_scan_res *current_bss = NULL; 924 int min_diff; 925 926 if (wpa_s->reassociate) 927 return 1; /* explicit request to reassociate */ 928 if (wpa_s->wpa_state < WPA_ASSOCIATED) 929 return 1; /* we are not associated; continue */ 930 if (wpa_s->current_ssid == NULL) 931 return 1; /* unknown current SSID */ 932 if (wpa_s->current_ssid != ssid) 933 return 1; /* different network block */ 934 935 if (wpas_driver_bss_selection(wpa_s)) 936 return 0; /* Driver-based roaming */ 937 938 for (i = 0; i < scan_res->num; i++) { 939 struct wpa_scan_res *res = scan_res->res[i]; 940 const u8 *ie; 941 if (os_memcmp(res->bssid, wpa_s->bssid, ETH_ALEN) != 0) 942 continue; 943 944 ie = wpa_scan_get_ie(res, WLAN_EID_SSID); 945 if (ie == NULL) 946 continue; 947 if (ie[1] != wpa_s->current_ssid->ssid_len || 948 os_memcmp(ie + 2, wpa_s->current_ssid->ssid, ie[1]) != 0) 949 continue; 950 current_bss = res; 951 break; 952 } 953 954 if (!current_bss) 955 return 1; /* current BSS not seen in scan results */ 956 957#ifndef CONFIG_NO_ROAMING 958 wpa_dbg(wpa_s, MSG_DEBUG, "Considering within-ESS reassociation"); 959 wpa_dbg(wpa_s, MSG_DEBUG, "Current BSS: " MACSTR " level=%d", 960 MAC2STR(current_bss->bssid), current_bss->level); 961 wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS: " MACSTR " level=%d", 962 MAC2STR(selected->bssid), selected->level); 963 964 if (wpa_s->current_ssid->bssid_set && 965 os_memcmp(selected->bssid, wpa_s->current_ssid->bssid, ETH_ALEN) == 966 0) { 967 wpa_dbg(wpa_s, MSG_DEBUG, "Allow reassociation - selected BSS " 968 "has preferred BSSID"); 969 return 1; 970 } 971 972 min_diff = 2; 973 if (current_bss->level < 0) { 974 if (current_bss->level < -85) 975 min_diff = 1; 976 else if (current_bss->level < -80) 977 min_diff = 2; 978 else if (current_bss->level < -75) 979 min_diff = 3; 980 else if (current_bss->level < -70) 981 min_diff = 4; 982 else 983 min_diff = 5; 984 } 985 if (abs(current_bss->level - selected->level) < min_diff) { 986 wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - too small difference " 987 "in signal level"); 988 return 0; 989 } 990 991 return 1; 992#else 993 return 0; 994#endif 995} 996 997 998/* Return < 0 if no scan results could be fetched. */ 999#ifdef ANDROID_P2P 1000static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, 1001 union wpa_event_data *data, int suppress_event) 1002#else 1003static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, 1004 union wpa_event_data *data) 1005#endif 1006{ 1007 struct wpa_bss *selected; 1008 struct wpa_ssid *ssid = NULL; 1009 struct wpa_scan_results *scan_res; 1010 int ap = 0; 1011 1012#ifdef CONFIG_AP 1013 if (wpa_s->ap_iface) 1014 ap = 1; 1015#endif /* CONFIG_AP */ 1016 1017 wpa_supplicant_notify_scanning(wpa_s, 0); 1018 1019#ifdef CONFIG_P2P 1020#ifdef ANDROID_P2P 1021 if (p2p_search_pending(wpa_s->global->p2p) && !wpa_s->global->p2p_disabled && 1022#else 1023 if (wpa_s->p2p_cb_on_scan_complete && !wpa_s->global->p2p_disabled && 1024#endif 1025 wpa_s->global->p2p != NULL) { 1026 wpa_s->p2p_cb_on_scan_complete = 0; 1027 if (p2p_other_scan_completed(wpa_s->global->p2p) == 1) { 1028 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Pending P2P operation " 1029 "stopped scan processing"); 1030 return -1; 1031 } 1032 } 1033#endif /* CONFIG_P2P */ 1034 1035 scan_res = wpa_supplicant_get_scan_results(wpa_s, 1036 data ? &data->scan_info : 1037 NULL, 1); 1038 if (scan_res == NULL) { 1039 if (wpa_s->conf->ap_scan == 2 || ap) 1040 return -1; 1041 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results - try " 1042 "scanning again"); 1043 wpa_supplicant_req_new_scan(wpa_s, 1, 0); 1044 return -1; 1045 } 1046 1047#ifndef CONFIG_NO_RANDOM_POOL 1048 size_t i, num; 1049 num = scan_res->num; 1050 if (num > 10) 1051 num = 10; 1052 for (i = 0; i < num; i++) { 1053 u8 buf[5]; 1054 struct wpa_scan_res *res = scan_res->res[i]; 1055 buf[0] = res->bssid[5]; 1056 buf[1] = res->qual & 0xff; 1057 buf[2] = res->noise & 0xff; 1058 buf[3] = res->level & 0xff; 1059 buf[4] = res->tsf & 0xff; 1060 random_add_randomness(buf, sizeof(buf)); 1061 } 1062#endif /* CONFIG_NO_RANDOM_POOL */ 1063 1064 if (wpa_s->scan_res_handler) { 1065 void (*scan_res_handler)(struct wpa_supplicant *wpa_s, 1066 struct wpa_scan_results *scan_res); 1067 1068 scan_res_handler = wpa_s->scan_res_handler; 1069 wpa_s->scan_res_handler = NULL; 1070 scan_res_handler(wpa_s, scan_res); 1071 1072 wpa_scan_results_free(scan_res); 1073 return 0; 1074 } 1075 1076 if (ap) { 1077 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore scan results in AP mode"); 1078#ifdef CONFIG_AP 1079 if (wpa_s->ap_iface->scan_cb) 1080 wpa_s->ap_iface->scan_cb(wpa_s->ap_iface); 1081#endif /* CONFIG_AP */ 1082 wpa_scan_results_free(scan_res); 1083 return 0; 1084 } 1085#ifdef ANDROID_P2P 1086 if(!suppress_event) 1087#endif 1088 { 1089 wpa_dbg(wpa_s, MSG_DEBUG, "New scan results available"); 1090 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 1091 wpas_notify_scan_results(wpa_s); 1092 } 1093 1094 wpas_notify_scan_done(wpa_s, 1); 1095 1096 if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s))) { 1097 wpa_scan_results_free(scan_res); 1098 return 0; 1099 } 1100 1101 if (wpa_s->disconnected) { 1102 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 1103 wpa_scan_results_free(scan_res); 1104 return 0; 1105 } 1106 1107 if (!wpas_driver_bss_selection(wpa_s) && 1108 bgscan_notify_scan(wpa_s, scan_res) == 1) { 1109 wpa_scan_results_free(scan_res); 1110 return 0; 1111 } 1112 1113 selected = wpa_supplicant_pick_network(wpa_s, scan_res, &ssid); 1114 1115 if (selected) { 1116 int skip; 1117 skip = !wpa_supplicant_need_to_roam(wpa_s, selected, ssid, 1118 scan_res); 1119 wpa_scan_results_free(scan_res); 1120 if (skip) { 1121 wpa_supplicant_rsn_preauth_scan_results(wpa_s); 1122 return 0; 1123 } 1124 1125 if (wpa_supplicant_connect(wpa_s, selected, ssid) < 0) { 1126 wpa_dbg(wpa_s, MSG_DEBUG, "Connect failed"); 1127 return -1; 1128 } 1129 wpa_supplicant_rsn_preauth_scan_results(wpa_s); 1130 } else { 1131 wpa_scan_results_free(scan_res); 1132 wpa_dbg(wpa_s, MSG_DEBUG, "No suitable network found"); 1133 ssid = wpa_supplicant_pick_new_network(wpa_s); 1134 if (ssid) { 1135 wpa_dbg(wpa_s, MSG_DEBUG, "Setup a new network"); 1136 wpa_supplicant_associate(wpa_s, NULL, ssid); 1137 wpa_supplicant_rsn_preauth_scan_results(wpa_s); 1138 } else { 1139 int timeout_sec = wpa_s->scan_interval; 1140 int timeout_usec = 0; 1141#ifdef CONFIG_P2P 1142 if (wpa_s->p2p_in_provisioning) { 1143 /* 1144 * Use shorter wait during P2P Provisioning 1145 * state to speed up group formation. 1146 */ 1147 timeout_sec = 0; 1148 timeout_usec = 250000; 1149 wpa_supplicant_req_new_scan(wpa_s, timeout_sec, 1150 timeout_usec); 1151 return 0; 1152 } 1153#endif /* CONFIG_P2P */ 1154 if (wpa_supplicant_req_sched_scan(wpa_s)) 1155 wpa_supplicant_req_new_scan(wpa_s, timeout_sec, 1156 timeout_usec); 1157 } 1158 } 1159 return 0; 1160} 1161 1162 1163static void wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, 1164 union wpa_event_data *data) 1165{ 1166 const char *rn, *rn2; 1167 struct wpa_supplicant *ifs; 1168#ifdef ANDROID_P2P 1169 if (_wpa_supplicant_event_scan_results(wpa_s, data, 0) < 0) { 1170#else 1171 if (_wpa_supplicant_event_scan_results(wpa_s, data) < 0) { 1172#endif 1173 /* 1174 * If no scan results could be fetched, then no need to 1175 * notify those interfaces that did not actually request 1176 * this scan. 1177 */ 1178 return; 1179 } 1180 1181 /* 1182 * Check other interfaces to see if they have the same radio-name. If 1183 * so, they get updated with this same scan info. 1184 */ 1185 if (!wpa_s->driver->get_radio_name) 1186 return; 1187 1188 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv); 1189 if (rn == NULL || rn[0] == '\0') 1190 return; 1191 1192 wpa_dbg(wpa_s, MSG_DEBUG, "Checking for other virtual interfaces " 1193 "sharing same radio (%s) in event_scan_results", rn); 1194 1195 for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) { 1196 if (ifs == wpa_s || !ifs->driver->get_radio_name) 1197 continue; 1198 1199 rn2 = ifs->driver->get_radio_name(ifs->drv_priv); 1200 if (rn2 && os_strcmp(rn, rn2) == 0) { 1201 wpa_printf(MSG_DEBUG, "%s: Updating scan results from " 1202 "sibling", ifs->ifname); 1203#ifdef ANDROID_P2P 1204 if ( (ifs->drv_flags & WPA_DRIVER_FLAGS_P2P_CAPABLE) || (ifs->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)) { 1205 /* Do not update the scan results from STA interface to p2p interfaces */ 1206 wpa_printf(MSG_DEBUG, "Not Updating scan results on interface %s from " 1207 "sibling %s", ifs->ifname, wpa_s->ifname); 1208 continue; 1209 } 1210 else { 1211 /* P2P_FIND will result in too many SCAN_RESULT_EVENTS within 1212 * no time. Avoid announcing it to application as it may not 1213 * be that useful (since results will be that of only 1,6,11). 1214 * over to any other interface as it 1215 */ 1216 if(p2p_search_in_progress(wpa_s->global->p2p)) 1217 _wpa_supplicant_event_scan_results(ifs, data, 1); 1218 else 1219 _wpa_supplicant_event_scan_results(ifs, data, 0); 1220 } 1221#else 1222 _wpa_supplicant_event_scan_results(ifs, data); 1223#endif 1224 } 1225 } 1226} 1227 1228#endif /* CONFIG_NO_SCAN_PROCESSING */ 1229 1230 1231static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s, 1232 union wpa_event_data *data) 1233{ 1234 int l, len, found = 0, wpa_found, rsn_found; 1235 const u8 *p; 1236 1237 wpa_dbg(wpa_s, MSG_DEBUG, "Association info event"); 1238 if (data->assoc_info.req_ies) 1239 wpa_hexdump(MSG_DEBUG, "req_ies", data->assoc_info.req_ies, 1240 data->assoc_info.req_ies_len); 1241 if (data->assoc_info.resp_ies) { 1242 wpa_hexdump(MSG_DEBUG, "resp_ies", data->assoc_info.resp_ies, 1243 data->assoc_info.resp_ies_len); 1244#ifdef CONFIG_TDLS 1245 wpa_tdls_assoc_resp_ies(wpa_s->wpa, data->assoc_info.resp_ies, 1246 data->assoc_info.resp_ies_len); 1247#endif /* CONFIG_TDLS */ 1248 } 1249 if (data->assoc_info.beacon_ies) 1250 wpa_hexdump(MSG_DEBUG, "beacon_ies", 1251 data->assoc_info.beacon_ies, 1252 data->assoc_info.beacon_ies_len); 1253 if (data->assoc_info.freq) 1254 wpa_dbg(wpa_s, MSG_DEBUG, "freq=%u MHz", 1255 data->assoc_info.freq); 1256 1257 p = data->assoc_info.req_ies; 1258 l = data->assoc_info.req_ies_len; 1259 1260 /* Go through the IEs and make a copy of the WPA/RSN IE, if present. */ 1261 while (p && l >= 2) { 1262 len = p[1] + 2; 1263 if (len > l) { 1264 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info", 1265 p, l); 1266 break; 1267 } 1268 if ((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 1269 (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) || 1270 (p[0] == WLAN_EID_RSN && p[1] >= 2)) { 1271 if (wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, p, len)) 1272 break; 1273 found = 1; 1274 wpa_find_assoc_pmkid(wpa_s); 1275 break; 1276 } 1277 l -= len; 1278 p += len; 1279 } 1280 if (!found && data->assoc_info.req_ies) 1281 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); 1282 1283#ifdef CONFIG_IEEE80211R 1284#ifdef CONFIG_SME 1285 if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FT) { 1286 u8 bssid[ETH_ALEN]; 1287 if (wpa_drv_get_bssid(wpa_s, bssid) < 0 || 1288 wpa_ft_validate_reassoc_resp(wpa_s->wpa, 1289 data->assoc_info.resp_ies, 1290 data->assoc_info.resp_ies_len, 1291 bssid) < 0) { 1292 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of " 1293 "Reassociation Response failed"); 1294 wpa_supplicant_deauthenticate( 1295 wpa_s, WLAN_REASON_INVALID_IE); 1296 return -1; 1297 } 1298 } 1299 1300 p = data->assoc_info.resp_ies; 1301 l = data->assoc_info.resp_ies_len; 1302 1303#ifdef CONFIG_WPS_STRICT 1304 if (p && wpa_s->current_ssid && 1305 wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1306 struct wpabuf *wps; 1307 wps = ieee802_11_vendor_ie_concat(p, l, WPS_IE_VENDOR_TYPE); 1308 if (wps == NULL) { 1309 wpa_msg(wpa_s, MSG_INFO, "WPS-STRICT: AP did not " 1310 "include WPS IE in (Re)Association Response"); 1311 return -1; 1312 } 1313 1314 if (wps_validate_assoc_resp(wps) < 0) { 1315 wpabuf_free(wps); 1316 wpa_supplicant_deauthenticate( 1317 wpa_s, WLAN_REASON_INVALID_IE); 1318 return -1; 1319 } 1320 wpabuf_free(wps); 1321 } 1322#endif /* CONFIG_WPS_STRICT */ 1323 1324 /* Go through the IEs and make a copy of the MDIE, if present. */ 1325 while (p && l >= 2) { 1326 len = p[1] + 2; 1327 if (len > l) { 1328 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info", 1329 p, l); 1330 break; 1331 } 1332 if (p[0] == WLAN_EID_MOBILITY_DOMAIN && 1333 p[1] >= MOBILITY_DOMAIN_ID_LEN) { 1334 wpa_s->sme.ft_used = 1; 1335 os_memcpy(wpa_s->sme.mobility_domain, p + 2, 1336 MOBILITY_DOMAIN_ID_LEN); 1337 break; 1338 } 1339 l -= len; 1340 p += len; 1341 } 1342#endif /* CONFIG_SME */ 1343 1344 wpa_sm_set_ft_params(wpa_s->wpa, data->assoc_info.resp_ies, 1345 data->assoc_info.resp_ies_len); 1346#endif /* CONFIG_IEEE80211R */ 1347 1348 /* WPA/RSN IE from Beacon/ProbeResp */ 1349 p = data->assoc_info.beacon_ies; 1350 l = data->assoc_info.beacon_ies_len; 1351 1352 /* Go through the IEs and make a copy of the WPA/RSN IEs, if present. 1353 */ 1354 wpa_found = rsn_found = 0; 1355 while (p && l >= 2) { 1356 len = p[1] + 2; 1357 if (len > l) { 1358 wpa_hexdump(MSG_DEBUG, "Truncated IE in beacon_ies", 1359 p, l); 1360 break; 1361 } 1362 if (!wpa_found && 1363 p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 1364 os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) { 1365 wpa_found = 1; 1366 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len); 1367 } 1368 1369 if (!rsn_found && 1370 p[0] == WLAN_EID_RSN && p[1] >= 2) { 1371 rsn_found = 1; 1372 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len); 1373 } 1374 1375 l -= len; 1376 p += len; 1377 } 1378 1379 if (!wpa_found && data->assoc_info.beacon_ies) 1380 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0); 1381 if (!rsn_found && data->assoc_info.beacon_ies) 1382 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0); 1383 if (wpa_found || rsn_found) 1384 wpa_s->ap_ies_from_associnfo = 1; 1385 1386 if (wpa_s->assoc_freq && data->assoc_info.freq && 1387 wpa_s->assoc_freq != data->assoc_info.freq) { 1388 wpa_printf(MSG_DEBUG, "Operating frequency changed from " 1389 "%u to %u MHz", 1390 wpa_s->assoc_freq, data->assoc_info.freq); 1391 wpa_supplicant_update_scan_results(wpa_s); 1392 } 1393 1394 wpa_s->assoc_freq = data->assoc_info.freq; 1395 1396 return 0; 1397} 1398 1399 1400static struct wpa_bss * wpa_supplicant_get_new_bss( 1401 struct wpa_supplicant *wpa_s, const u8 *bssid) 1402{ 1403 struct wpa_bss *bss = NULL; 1404 struct wpa_ssid *ssid = wpa_s->current_ssid; 1405 1406 if (ssid->ssid_len > 0) 1407 bss = wpa_bss_get(wpa_s, bssid, ssid->ssid, ssid->ssid_len); 1408 if (!bss) 1409 bss = wpa_bss_get_bssid(wpa_s, bssid); 1410 1411 return bss; 1412} 1413 1414 1415static int wpa_supplicant_assoc_update_ie(struct wpa_supplicant *wpa_s) 1416{ 1417 const u8 *bss_wpa = NULL, *bss_rsn = NULL; 1418 1419 if (!wpa_s->current_bss || !wpa_s->current_ssid) 1420 return -1; 1421 1422 if (!wpa_key_mgmt_wpa_any(wpa_s->current_ssid->key_mgmt)) 1423 return 0; 1424 1425 bss_wpa = wpa_bss_get_vendor_ie(wpa_s->current_bss, 1426 WPA_IE_VENDOR_TYPE); 1427 bss_rsn = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSN); 1428 1429 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa, 1430 bss_wpa ? 2 + bss_wpa[1] : 0) || 1431 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn, 1432 bss_rsn ? 2 + bss_rsn[1] : 0)) 1433 return -1; 1434 1435 return 0; 1436} 1437 1438 1439static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, 1440 union wpa_event_data *data) 1441{ 1442 u8 bssid[ETH_ALEN]; 1443 int ft_completed; 1444 int bssid_changed; 1445 struct wpa_driver_capa capa; 1446 1447#ifdef CONFIG_AP 1448 if (wpa_s->ap_iface) { 1449 hostapd_notif_assoc(wpa_s->ap_iface->bss[0], 1450 data->assoc_info.addr, 1451 data->assoc_info.req_ies, 1452 data->assoc_info.req_ies_len, 1453 data->assoc_info.reassoc); 1454 return; 1455 } 1456#endif /* CONFIG_AP */ 1457 1458 ft_completed = wpa_ft_is_completed(wpa_s->wpa); 1459 if (data && wpa_supplicant_event_associnfo(wpa_s, data) < 0) 1460 return; 1461 1462 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED); 1463 if (wpa_drv_get_bssid(wpa_s, bssid) >= 0 && 1464 os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) { 1465 wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID=" 1466 MACSTR, MAC2STR(bssid)); 1467 random_add_randomness(bssid, ETH_ALEN); 1468 bssid_changed = os_memcmp(wpa_s->bssid, bssid, ETH_ALEN); 1469 os_memcpy(wpa_s->bssid, bssid, ETH_ALEN); 1470 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 1471 if (bssid_changed) 1472 wpas_notify_bssid_changed(wpa_s); 1473 1474 if (wpa_supplicant_dynamic_keys(wpa_s) && !ft_completed) { 1475 wpa_clear_keys(wpa_s, bssid); 1476 } 1477 if (wpa_supplicant_select_config(wpa_s) < 0) { 1478 wpa_supplicant_disassociate( 1479 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 1480 return; 1481 } 1482 if (wpa_s->current_ssid) { 1483 struct wpa_bss *bss = NULL; 1484 1485 bss = wpa_supplicant_get_new_bss(wpa_s, bssid); 1486 if (!bss) { 1487 wpa_supplicant_update_scan_results(wpa_s); 1488 1489 /* Get the BSS from the new scan results */ 1490 bss = wpa_supplicant_get_new_bss(wpa_s, bssid); 1491 } 1492 1493 if (bss) 1494 wpa_s->current_bss = bss; 1495 } 1496 1497 if (wpa_s->conf->ap_scan == 1 && 1498 wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION) { 1499 if (wpa_supplicant_assoc_update_ie(wpa_s) < 0) 1500 wpa_msg(wpa_s, MSG_WARNING, 1501 "WPA/RSN IEs not updated"); 1502 } 1503 } 1504 1505#ifdef CONFIG_SME 1506 os_memcpy(wpa_s->sme.prev_bssid, bssid, ETH_ALEN); 1507 wpa_s->sme.prev_bssid_set = 1; 1508#endif /* CONFIG_SME */ 1509 1510 wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid)); 1511 if (wpa_s->current_ssid) { 1512 /* When using scanning (ap_scan=1), SIM PC/SC interface can be 1513 * initialized before association, but for other modes, 1514 * initialize PC/SC here, if the current configuration needs 1515 * smartcard or SIM/USIM. */ 1516 wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid); 1517 } 1518 wpa_sm_notify_assoc(wpa_s->wpa, bssid); 1519 if (wpa_s->l2) 1520 l2_packet_notify_auth_start(wpa_s->l2); 1521 1522 /* 1523 * Set portEnabled first to FALSE in order to get EAP state machine out 1524 * of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE 1525 * state machine may transit to AUTHENTICATING state based on obsolete 1526 * eapSuccess and then trigger BE_AUTH to SUCCESS and PAE to 1527 * AUTHENTICATED without ever giving chance to EAP state machine to 1528 * reset the state. 1529 */ 1530 if (!ft_completed) { 1531 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); 1532 eapol_sm_notify_portValid(wpa_s->eapol, FALSE); 1533 } 1534 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed) 1535 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); 1536 /* 802.1X::portControl = Auto */ 1537 eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); 1538 wpa_s->eapol_received = 0; 1539 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 1540 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE || 1541 (wpa_s->current_ssid && 1542 wpa_s->current_ssid->mode == IEEE80211_MODE_IBSS)) { 1543 wpa_supplicant_cancel_auth_timeout(wpa_s); 1544 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 1545 } else if (!ft_completed) { 1546 /* Timeout for receiving the first EAPOL packet */ 1547 wpa_supplicant_req_auth_timeout(wpa_s, 10, 0); 1548 } 1549 wpa_supplicant_cancel_scan(wpa_s); 1550 1551 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) && 1552 wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { 1553 /* 1554 * We are done; the driver will take care of RSN 4-way 1555 * handshake. 1556 */ 1557 wpa_supplicant_cancel_auth_timeout(wpa_s); 1558 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 1559 eapol_sm_notify_portValid(wpa_s->eapol, TRUE); 1560 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); 1561 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) && 1562 wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { 1563 /* 1564 * The driver will take care of RSN 4-way handshake, so we need 1565 * to allow EAPOL supplicant to complete its work without 1566 * waiting for WPA supplicant. 1567 */ 1568 eapol_sm_notify_portValid(wpa_s->eapol, TRUE); 1569 } else if (ft_completed) { 1570 /* 1571 * FT protocol completed - make sure EAPOL state machine ends 1572 * up in authenticated. 1573 */ 1574 wpa_supplicant_cancel_auth_timeout(wpa_s); 1575 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 1576 eapol_sm_notify_portValid(wpa_s->eapol, TRUE); 1577 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); 1578 } 1579 1580 if (wpa_s->pending_eapol_rx) { 1581 struct os_time now, age; 1582 os_get_time(&now); 1583 os_time_sub(&now, &wpa_s->pending_eapol_rx_time, &age); 1584 if (age.sec == 0 && age.usec < 100000 && 1585 os_memcmp(wpa_s->pending_eapol_rx_src, bssid, ETH_ALEN) == 1586 0) { 1587 wpa_dbg(wpa_s, MSG_DEBUG, "Process pending EAPOL " 1588 "frame that was received just before " 1589 "association notification"); 1590 wpa_supplicant_rx_eapol( 1591 wpa_s, wpa_s->pending_eapol_rx_src, 1592 wpabuf_head(wpa_s->pending_eapol_rx), 1593 wpabuf_len(wpa_s->pending_eapol_rx)); 1594 } 1595 wpabuf_free(wpa_s->pending_eapol_rx); 1596 wpa_s->pending_eapol_rx = NULL; 1597 } 1598 1599 if ((wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 1600 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) && 1601 wpa_s->current_ssid && wpa_drv_get_capa(wpa_s, &capa) == 0 && 1602 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE) { 1603 /* Set static WEP keys again */ 1604 wpa_set_wep_keys(wpa_s, wpa_s->current_ssid); 1605 } 1606 1607#ifdef CONFIG_IBSS_RSN 1608 if (wpa_s->current_ssid && 1609 wpa_s->current_ssid->mode == WPAS_MODE_IBSS && 1610 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE && 1611 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE && 1612 wpa_s->ibss_rsn == NULL) { 1613 wpa_s->ibss_rsn = ibss_rsn_init(wpa_s); 1614 if (!wpa_s->ibss_rsn) { 1615 wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN"); 1616 wpa_supplicant_deauthenticate( 1617 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 1618 return; 1619 } 1620 1621 ibss_rsn_set_psk(wpa_s->ibss_rsn, wpa_s->current_ssid->psk); 1622 } 1623#endif /* CONFIG_IBSS_RSN */ 1624} 1625 1626 1627static int disconnect_reason_recoverable(u16 reason_code) 1628{ 1629 return reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY || 1630 reason_code == WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA || 1631 reason_code == WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA; 1632} 1633 1634 1635static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s, 1636 u16 reason_code, 1637 int locally_generated) 1638{ 1639 const u8 *bssid; 1640 int authenticating; 1641 u8 prev_pending_bssid[ETH_ALEN]; 1642 struct wpa_bss *fast_reconnect = NULL; 1643 struct wpa_ssid *fast_reconnect_ssid = NULL; 1644 1645 authenticating = wpa_s->wpa_state == WPA_AUTHENTICATING; 1646 os_memcpy(prev_pending_bssid, wpa_s->pending_bssid, ETH_ALEN); 1647 1648 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 1649 /* 1650 * At least Host AP driver and a Prism3 card seemed to be 1651 * generating streams of disconnected events when configuring 1652 * IBSS for WPA-None. Ignore them for now. 1653 */ 1654 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - ignore in " 1655 "IBSS/WPA-None mode"); 1656 return; 1657 } 1658 1659 if (wpa_s->wpa_state == WPA_4WAY_HANDSHAKE && 1660 wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { 1661 wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - " 1662 "pre-shared key may be incorrect"); 1663 } 1664 if (!wpa_s->auto_reconnect_disabled || 1665 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) { 1666 wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect enabled: try to " 1667 "reconnect (wps=%d wpa_state=%d)", 1668 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS, 1669 wpa_s->wpa_state); 1670 if (wpa_s->wpa_state == WPA_COMPLETED && 1671 wpa_s->current_ssid && 1672 wpa_s->current_ssid->mode == WPAS_MODE_INFRA && 1673 !locally_generated && 1674 disconnect_reason_recoverable(reason_code)) { 1675 /* 1676 * It looks like the AP has dropped association with 1677 * us, but could allow us to get back in. Try to 1678 * reconnect to the same BSS without full scan to save 1679 * time for some common cases. 1680 */ 1681 fast_reconnect = wpa_s->current_bss; 1682 fast_reconnect_ssid = wpa_s->current_ssid; 1683 } else if (wpa_s->wpa_state >= WPA_ASSOCIATING) 1684#ifdef ANDROID 1685 wpa_supplicant_req_scan(wpa_s, 0, 500000); 1686#else 1687 wpa_supplicant_req_scan(wpa_s, 0, 100000); 1688#endif 1689 else 1690 wpa_dbg(wpa_s, MSG_DEBUG, "Do not request new " 1691 "immediate scan"); 1692 } else { 1693 wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect disabled: do not " 1694 "try to re-connect"); 1695 wpa_s->reassociate = 0; 1696 wpa_s->disconnected = 1; 1697 wpa_supplicant_cancel_sched_scan(wpa_s); 1698 } 1699 bssid = wpa_s->bssid; 1700 if (is_zero_ether_addr(bssid)) 1701 bssid = wpa_s->pending_bssid; 1702 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) 1703 wpas_connection_failed(wpa_s, bssid); 1704 wpa_sm_notify_disassoc(wpa_s->wpa); 1705 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR 1706 " reason=%d", 1707 MAC2STR(bssid), reason_code); 1708 if (wpa_supplicant_dynamic_keys(wpa_s)) { 1709 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - remove keys"); 1710 wpa_s->keys_cleared = 0; 1711 wpa_clear_keys(wpa_s, wpa_s->bssid); 1712 } 1713 wpa_supplicant_mark_disassoc(wpa_s); 1714 1715 if (authenticating && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) 1716 sme_disassoc_while_authenticating(wpa_s, prev_pending_bssid); 1717 1718 if (fast_reconnect) { 1719#ifndef CONFIG_NO_SCAN_PROCESSING 1720 wpa_dbg(wpa_s, MSG_DEBUG, "Try to reconnect to the same BSS"); 1721 if (wpa_supplicant_connect(wpa_s, fast_reconnect, 1722 fast_reconnect_ssid) < 0) { 1723 /* Recover through full scan */ 1724 wpa_supplicant_req_scan(wpa_s, 0, 100000); 1725 } 1726#endif /* CONFIG_NO_SCAN_PROCESSING */ 1727 } 1728} 1729 1730 1731#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT 1732void wpa_supplicant_delayed_mic_error_report(void *eloop_ctx, void *sock_ctx) 1733{ 1734 struct wpa_supplicant *wpa_s = eloop_ctx; 1735 1736 if (!wpa_s->pending_mic_error_report) 1737 return; 1738 1739 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Sending pending MIC error report"); 1740 wpa_sm_key_request(wpa_s->wpa, 1, wpa_s->pending_mic_error_pairwise); 1741 wpa_s->pending_mic_error_report = 0; 1742} 1743#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 1744 1745 1746static void 1747wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant *wpa_s, 1748 union wpa_event_data *data) 1749{ 1750 int pairwise; 1751 struct os_time t; 1752 1753 wpa_msg(wpa_s, MSG_WARNING, "Michael MIC failure detected"); 1754 pairwise = (data && data->michael_mic_failure.unicast); 1755 os_get_time(&t); 1756 if ((wpa_s->last_michael_mic_error && 1757 t.sec - wpa_s->last_michael_mic_error <= 60) || 1758 wpa_s->pending_mic_error_report) { 1759 if (wpa_s->pending_mic_error_report) { 1760 /* 1761 * Send the pending MIC error report immediately since 1762 * we are going to start countermeasures and AP better 1763 * do the same. 1764 */ 1765 wpa_sm_key_request(wpa_s->wpa, 1, 1766 wpa_s->pending_mic_error_pairwise); 1767 } 1768 1769 /* Send the new MIC error report immediately since we are going 1770 * to start countermeasures and AP better do the same. 1771 */ 1772 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 1773 1774 /* initialize countermeasures */ 1775 wpa_s->countermeasures = 1; 1776 1777 wpa_blacklist_add(wpa_s, wpa_s->bssid); 1778 1779 wpa_msg(wpa_s, MSG_WARNING, "TKIP countermeasures started"); 1780 1781 /* 1782 * Need to wait for completion of request frame. We do not get 1783 * any callback for the message completion, so just wait a 1784 * short while and hope for the best. */ 1785 os_sleep(0, 10000); 1786 1787 wpa_drv_set_countermeasures(wpa_s, 1); 1788 wpa_supplicant_deauthenticate(wpa_s, 1789 WLAN_REASON_MICHAEL_MIC_FAILURE); 1790 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, 1791 wpa_s, NULL); 1792 eloop_register_timeout(60, 0, 1793 wpa_supplicant_stop_countermeasures, 1794 wpa_s, NULL); 1795 /* TODO: mark the AP rejected for 60 second. STA is 1796 * allowed to associate with another AP.. */ 1797 } else { 1798#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT 1799 if (wpa_s->mic_errors_seen) { 1800 /* 1801 * Reduce the effectiveness of Michael MIC error 1802 * reports as a means for attacking against TKIP if 1803 * more than one MIC failure is noticed with the same 1804 * PTK. We delay the transmission of the reports by a 1805 * random time between 0 and 60 seconds in order to 1806 * force the attacker wait 60 seconds before getting 1807 * the information on whether a frame resulted in a MIC 1808 * failure. 1809 */ 1810 u8 rval[4]; 1811 int sec; 1812 1813 if (os_get_random(rval, sizeof(rval)) < 0) 1814 sec = os_random() % 60; 1815 else 1816 sec = WPA_GET_BE32(rval) % 60; 1817 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Delay MIC error " 1818 "report %d seconds", sec); 1819 wpa_s->pending_mic_error_report = 1; 1820 wpa_s->pending_mic_error_pairwise = pairwise; 1821 eloop_cancel_timeout( 1822 wpa_supplicant_delayed_mic_error_report, 1823 wpa_s, NULL); 1824 eloop_register_timeout( 1825 sec, os_random() % 1000000, 1826 wpa_supplicant_delayed_mic_error_report, 1827 wpa_s, NULL); 1828 } else { 1829 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 1830 } 1831#else /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 1832 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 1833#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 1834 } 1835 wpa_s->last_michael_mic_error = t.sec; 1836 wpa_s->mic_errors_seen++; 1837} 1838 1839 1840#ifdef CONFIG_TERMINATE_ONLASTIF 1841static int any_interfaces(struct wpa_supplicant *head) 1842{ 1843 struct wpa_supplicant *wpa_s; 1844 1845 for (wpa_s = head; wpa_s != NULL; wpa_s = wpa_s->next) 1846 if (!wpa_s->interface_removed) 1847 return 1; 1848 return 0; 1849} 1850#endif /* CONFIG_TERMINATE_ONLASTIF */ 1851 1852 1853static void 1854wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s, 1855 union wpa_event_data *data) 1856{ 1857 if (os_strcmp(wpa_s->ifname, data->interface_status.ifname) != 0) 1858 return; 1859 1860 switch (data->interface_status.ievent) { 1861 case EVENT_INTERFACE_ADDED: 1862 if (!wpa_s->interface_removed) 1863 break; 1864 wpa_s->interface_removed = 0; 1865 wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was added"); 1866 if (wpa_supplicant_driver_init(wpa_s) < 0) { 1867 wpa_msg(wpa_s, MSG_INFO, "Failed to initialize the " 1868 "driver after interface was added"); 1869 } 1870 break; 1871 case EVENT_INTERFACE_REMOVED: 1872 wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was removed"); 1873 wpa_s->interface_removed = 1; 1874 wpa_supplicant_mark_disassoc(wpa_s); 1875 l2_packet_deinit(wpa_s->l2); 1876 wpa_s->l2 = NULL; 1877#ifdef CONFIG_IBSS_RSN 1878 ibss_rsn_deinit(wpa_s->ibss_rsn); 1879 wpa_s->ibss_rsn = NULL; 1880#endif /* CONFIG_IBSS_RSN */ 1881#ifdef CONFIG_TERMINATE_ONLASTIF 1882 /* check if last interface */ 1883 if (!any_interfaces(wpa_s->global->ifaces)) 1884 eloop_terminate(); 1885#endif /* CONFIG_TERMINATE_ONLASTIF */ 1886 break; 1887 } 1888} 1889 1890 1891#ifdef CONFIG_PEERKEY 1892static void 1893wpa_supplicant_event_stkstart(struct wpa_supplicant *wpa_s, 1894 union wpa_event_data *data) 1895{ 1896 if (data == NULL) 1897 return; 1898 wpa_sm_stkstart(wpa_s->wpa, data->stkstart.peer); 1899} 1900#endif /* CONFIG_PEERKEY */ 1901 1902 1903#ifdef CONFIG_TDLS 1904static void wpa_supplicant_event_tdls(struct wpa_supplicant *wpa_s, 1905 union wpa_event_data *data) 1906{ 1907 if (data == NULL) 1908 return; 1909 switch (data->tdls.oper) { 1910 case TDLS_REQUEST_SETUP: 1911 wpa_tdls_start(wpa_s->wpa, data->tdls.peer); 1912 break; 1913 case TDLS_REQUEST_TEARDOWN: 1914 wpa_tdls_send_teardown(wpa_s->wpa, data->tdls.peer, 1915 data->tdls.reason_code); 1916 break; 1917 } 1918} 1919#endif /* CONFIG_TDLS */ 1920 1921 1922#ifdef CONFIG_IEEE80211R 1923static void 1924wpa_supplicant_event_ft_response(struct wpa_supplicant *wpa_s, 1925 union wpa_event_data *data) 1926{ 1927 if (data == NULL) 1928 return; 1929 1930 if (wpa_ft_process_response(wpa_s->wpa, data->ft_ies.ies, 1931 data->ft_ies.ies_len, 1932 data->ft_ies.ft_action, 1933 data->ft_ies.target_ap, 1934 data->ft_ies.ric_ies, 1935 data->ft_ies.ric_ies_len) < 0) { 1936 /* TODO: prevent MLME/driver from trying to associate? */ 1937 } 1938} 1939#endif /* CONFIG_IEEE80211R */ 1940 1941 1942#ifdef CONFIG_IBSS_RSN 1943static void wpa_supplicant_event_ibss_rsn_start(struct wpa_supplicant *wpa_s, 1944 union wpa_event_data *data) 1945{ 1946 struct wpa_ssid *ssid; 1947 if (wpa_s->wpa_state < WPA_ASSOCIATED) 1948 return; 1949 if (data == NULL) 1950 return; 1951 ssid = wpa_s->current_ssid; 1952 if (ssid == NULL) 1953 return; 1954 if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt)) 1955 return; 1956 1957 ibss_rsn_start(wpa_s->ibss_rsn, data->ibss_rsn_start.peer); 1958} 1959#endif /* CONFIG_IBSS_RSN */ 1960 1961 1962#ifdef CONFIG_IEEE80211R 1963static void ft_rx_action(struct wpa_supplicant *wpa_s, const u8 *data, 1964 size_t len) 1965{ 1966 const u8 *sta_addr, *target_ap_addr; 1967 u16 status; 1968 1969 wpa_hexdump(MSG_MSGDUMP, "FT: RX Action", data, len); 1970 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) 1971 return; /* only SME case supported for now */ 1972 if (len < 1 + 2 * ETH_ALEN + 2) 1973 return; 1974 if (data[0] != 2) 1975 return; /* Only FT Action Response is supported for now */ 1976 sta_addr = data + 1; 1977 target_ap_addr = data + 1 + ETH_ALEN; 1978 status = WPA_GET_LE16(data + 1 + 2 * ETH_ALEN); 1979 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Received FT Action Response: STA " 1980 MACSTR " TargetAP " MACSTR " status %u", 1981 MAC2STR(sta_addr), MAC2STR(target_ap_addr), status); 1982 1983 if (os_memcmp(sta_addr, wpa_s->own_addr, ETH_ALEN) != 0) { 1984 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Foreign STA Address " MACSTR 1985 " in FT Action Response", MAC2STR(sta_addr)); 1986 return; 1987 } 1988 1989 if (status) { 1990 wpa_dbg(wpa_s, MSG_DEBUG, "FT: FT Action Response indicates " 1991 "failure (status code %d)", status); 1992 /* TODO: report error to FT code(?) */ 1993 return; 1994 } 1995 1996 if (wpa_ft_process_response(wpa_s->wpa, data + 1 + 2 * ETH_ALEN + 2, 1997 len - (1 + 2 * ETH_ALEN + 2), 1, 1998 target_ap_addr, NULL, 0) < 0) 1999 return; 2000 2001#ifdef CONFIG_SME 2002 { 2003 struct wpa_bss *bss; 2004 bss = wpa_bss_get_bssid(wpa_s, target_ap_addr); 2005 if (bss) 2006 wpa_s->sme.freq = bss->freq; 2007 wpa_s->sme.auth_alg = WPA_AUTH_ALG_FT; 2008 sme_associate(wpa_s, WPAS_MODE_INFRA, target_ap_addr, 2009 WLAN_AUTH_FT); 2010 } 2011#endif /* CONFIG_SME */ 2012} 2013#endif /* CONFIG_IEEE80211R */ 2014 2015 2016static void wpa_supplicant_event_unprot_deauth(struct wpa_supplicant *wpa_s, 2017 struct unprot_deauth *e) 2018{ 2019#ifdef CONFIG_IEEE80211W 2020 wpa_printf(MSG_DEBUG, "Unprotected Deauthentication frame " 2021 "dropped: " MACSTR " -> " MACSTR 2022 " (reason code %u)", 2023 MAC2STR(e->sa), MAC2STR(e->da), e->reason_code); 2024 sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code); 2025#endif /* CONFIG_IEEE80211W */ 2026} 2027 2028 2029static void wpa_supplicant_event_unprot_disassoc(struct wpa_supplicant *wpa_s, 2030 struct unprot_disassoc *e) 2031{ 2032#ifdef CONFIG_IEEE80211W 2033 wpa_printf(MSG_DEBUG, "Unprotected Disassociation frame " 2034 "dropped: " MACSTR " -> " MACSTR 2035 " (reason code %u)", 2036 MAC2STR(e->sa), MAC2STR(e->da), e->reason_code); 2037 sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code); 2038#endif /* CONFIG_IEEE80211W */ 2039} 2040 2041 2042static void wnm_action_rx(struct wpa_supplicant *wpa_s, struct rx_action *rx) 2043{ 2044 u8 action, mode; 2045 const u8 *pos, *end; 2046 2047 if (rx->data == NULL || rx->len == 0) 2048 return; 2049 2050 pos = rx->data; 2051 end = pos + rx->len; 2052 action = *pos++; 2053 2054 wpa_printf(MSG_DEBUG, "WNM: RX action %u from " MACSTR, 2055 action, MAC2STR(rx->sa)); 2056 switch (action) { 2057 case WNM_BSS_TRANS_MGMT_REQ: 2058 if (pos + 5 > end) 2059 break; 2060 wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management " 2061 "Request: dialog_token=%u request_mode=0x%x " 2062 "disassoc_timer=%u validity_interval=%u", 2063 pos[0], pos[1], WPA_GET_LE16(pos + 2), pos[4]); 2064 mode = pos[1]; 2065 pos += 5; 2066 if (mode & 0x08) 2067 pos += 12; /* BSS Termination Duration */ 2068 if (mode & 0x10) { 2069 char url[256]; 2070 if (pos + 1 > end || pos + 1 + pos[0] > end) { 2071 wpa_printf(MSG_DEBUG, "WNM: Invalid BSS " 2072 "Transition Management Request " 2073 "(URL)"); 2074 break; 2075 } 2076 os_memcpy(url, pos + 1, pos[0]); 2077 url[pos[0]] = '\0'; 2078 wpa_msg(wpa_s, MSG_INFO, "WNM: ESS Disassociation " 2079 "Imminent - session_info_url=%s", url); 2080 } 2081 break; 2082 } 2083} 2084 2085 2086void wpa_supplicant_event(void *ctx, enum wpa_event_type event, 2087 union wpa_event_data *data) 2088{ 2089 struct wpa_supplicant *wpa_s = ctx; 2090 u16 reason_code = 0; 2091 int locally_generated = 0; 2092 2093 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED && 2094 event != EVENT_INTERFACE_ENABLED && 2095 event != EVENT_INTERFACE_STATUS && 2096 event != EVENT_SCHED_SCAN_STOPPED) { 2097 wpa_dbg(wpa_s, MSG_DEBUG, 2098 "Ignore event %s (%d) while interface is disabled", 2099 event_to_string(event), event); 2100 return; 2101 } 2102 2103#ifndef CONFIG_NO_STDOUT_DEBUG 2104{ 2105 int level = MSG_DEBUG; 2106 2107 if (event == EVENT_RX_MGMT && data && data->rx_mgmt.frame && 2108 data->rx_mgmt.frame_len >= 24) { 2109 const struct ieee80211_hdr *hdr; 2110 u16 fc; 2111 hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame; 2112 fc = le_to_host16(hdr->frame_control); 2113 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 2114 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) 2115 level = MSG_EXCESSIVE; 2116 } 2117 2118 wpa_dbg(wpa_s, level, "Event %s (%d) received", 2119 event_to_string(event), event); 2120} 2121#endif /* CONFIG_NO_STDOUT_DEBUG */ 2122 2123 switch (event) { 2124 case EVENT_AUTH: 2125 sme_event_auth(wpa_s, data); 2126 break; 2127 case EVENT_ASSOC: 2128 wpa_supplicant_event_assoc(wpa_s, data); 2129 break; 2130 case EVENT_DISASSOC: 2131 wpa_dbg(wpa_s, MSG_DEBUG, "Disassociation notification"); 2132 if (data) { 2133 wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u%s", 2134 data->disassoc_info.reason_code, 2135 data->disassoc_info.locally_generated ? 2136 " (locally generated)" : ""); 2137 if (data->disassoc_info.addr) 2138 wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR, 2139 MAC2STR(data->disassoc_info.addr)); 2140 } 2141#ifdef CONFIG_AP 2142 if (wpa_s->ap_iface && data && data->disassoc_info.addr) { 2143 hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], 2144 data->disassoc_info.addr); 2145 break; 2146 } 2147 if (wpa_s->ap_iface) { 2148 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore disassoc event in " 2149 "AP mode"); 2150 break; 2151 } 2152#endif /* CONFIG_AP */ 2153 if (data) { 2154 reason_code = data->disassoc_info.reason_code; 2155 locally_generated = 2156 data->disassoc_info.locally_generated; 2157 wpa_hexdump(MSG_DEBUG, "Disassociation frame IE(s)", 2158 data->disassoc_info.ie, 2159 data->disassoc_info.ie_len); 2160#ifdef CONFIG_P2P 2161 wpas_p2p_disassoc_notif( 2162 wpa_s, data->disassoc_info.addr, reason_code, 2163 data->disassoc_info.ie, 2164 data->disassoc_info.ie_len); 2165#endif /* CONFIG_P2P */ 2166 } 2167 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 2168 sme_event_disassoc(wpa_s, data); 2169 /* fall through */ 2170 case EVENT_DEAUTH: 2171 if (event == EVENT_DEAUTH) { 2172 wpa_dbg(wpa_s, MSG_DEBUG, 2173 "Deauthentication notification"); 2174 if (data) { 2175 reason_code = data->deauth_info.reason_code; 2176 locally_generated = 2177 data->deauth_info.locally_generated; 2178 wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u%s", 2179 data->deauth_info.reason_code, 2180 data->deauth_info.locally_generated ? 2181 " (locally generated)" : ""); 2182 if (data->deauth_info.addr) { 2183 wpa_dbg(wpa_s, MSG_DEBUG, " * address " 2184 MACSTR, 2185 MAC2STR(data->deauth_info. 2186 addr)); 2187 } 2188 wpa_hexdump(MSG_DEBUG, 2189 "Deauthentication frame IE(s)", 2190 data->deauth_info.ie, 2191 data->deauth_info.ie_len); 2192#ifdef CONFIG_P2P 2193 wpas_p2p_deauth_notif( 2194 wpa_s, data->deauth_info.addr, 2195 reason_code, 2196 data->deauth_info.ie, 2197 data->deauth_info.ie_len); 2198#endif /* CONFIG_P2P */ 2199 } 2200 } 2201#ifdef CONFIG_AP 2202 if (wpa_s->ap_iface && data && data->deauth_info.addr) { 2203 hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], 2204 data->deauth_info.addr); 2205 break; 2206 } 2207 if (wpa_s->ap_iface) { 2208 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore deauth event in " 2209 "AP mode"); 2210 break; 2211 } 2212#endif /* CONFIG_AP */ 2213 wpa_supplicant_event_disassoc(wpa_s, reason_code, 2214 locally_generated); 2215 break; 2216 case EVENT_MICHAEL_MIC_FAILURE: 2217 wpa_supplicant_event_michael_mic_failure(wpa_s, data); 2218 break; 2219#ifndef CONFIG_NO_SCAN_PROCESSING 2220 case EVENT_SCAN_RESULTS: 2221 wpa_supplicant_event_scan_results(wpa_s, data); 2222 break; 2223#endif /* CONFIG_NO_SCAN_PROCESSING */ 2224 case EVENT_ASSOCINFO: 2225 wpa_supplicant_event_associnfo(wpa_s, data); 2226 break; 2227 case EVENT_INTERFACE_STATUS: 2228 wpa_supplicant_event_interface_status(wpa_s, data); 2229 break; 2230 case EVENT_PMKID_CANDIDATE: 2231 wpa_supplicant_event_pmkid_candidate(wpa_s, data); 2232 break; 2233#ifdef CONFIG_PEERKEY 2234 case EVENT_STKSTART: 2235 wpa_supplicant_event_stkstart(wpa_s, data); 2236 break; 2237#endif /* CONFIG_PEERKEY */ 2238#ifdef CONFIG_TDLS 2239 case EVENT_TDLS: 2240 wpa_supplicant_event_tdls(wpa_s, data); 2241 break; 2242#endif /* CONFIG_TDLS */ 2243#ifdef CONFIG_IEEE80211R 2244 case EVENT_FT_RESPONSE: 2245 wpa_supplicant_event_ft_response(wpa_s, data); 2246 break; 2247#endif /* CONFIG_IEEE80211R */ 2248#ifdef CONFIG_IBSS_RSN 2249 case EVENT_IBSS_RSN_START: 2250 wpa_supplicant_event_ibss_rsn_start(wpa_s, data); 2251 break; 2252#endif /* CONFIG_IBSS_RSN */ 2253 case EVENT_ASSOC_REJECT: 2254 if (data->assoc_reject.bssid) 2255 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT 2256 "bssid=" MACSTR " status_code=%u", 2257 MAC2STR(data->assoc_reject.bssid), 2258 data->assoc_reject.status_code); 2259 else 2260 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT 2261 "status_code=%u", 2262 data->assoc_reject.status_code); 2263 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 2264 sme_event_assoc_reject(wpa_s, data); 2265#ifdef ANDROID_P2P 2266#ifdef CONFIG_P2P 2267 else if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) { 2268 2269 if(!wpa_s->current_ssid) { 2270 wpa_printf(MSG_ERROR, "current_ssid == NULL"); 2271 break; 2272 } 2273 /* If assoc reject is reported by the driver, then avoid 2274 * waiting for the authentication timeout. Cancel the 2275 * authentication timeout and retry the assoc. 2276 */ 2277 if(wpa_s->current_ssid->assoc_retry++ < 5) { 2278 wpa_printf(MSG_ERROR, "Retrying assoc: %d ", 2279 wpa_s->current_ssid->assoc_retry); 2280 wpa_supplicant_cancel_auth_timeout(wpa_s); 2281 2282 /* Clear the states */ 2283 wpa_sm_notify_disassoc(wpa_s->wpa); 2284 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING); 2285 2286 wpa_s->reassociate = 1; 2287 wpa_supplicant_req_scan(wpa_s, 1, 0); 2288 } else { 2289 /* If we ASSOC_REJECT's hits threshold, disable the 2290 * network 2291 */ 2292 wpa_printf(MSG_ERROR, "Assoc retry threshold reached. " 2293 "Disabling the network"); 2294 wpa_s->current_ssid->assoc_retry = 0; 2295 wpa_supplicant_disable_network(wpa_s, wpa_s->current_ssid); 2296 wpas_p2p_group_remove(wpa_s, wpa_s->ifname); 2297 } 2298 } 2299#endif 2300#endif /* ANDROID_P2P */ 2301 break; 2302 case EVENT_AUTH_TIMED_OUT: 2303 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 2304 sme_event_auth_timed_out(wpa_s, data); 2305 break; 2306 case EVENT_ASSOC_TIMED_OUT: 2307 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 2308 sme_event_assoc_timed_out(wpa_s, data); 2309 break; 2310 case EVENT_TX_STATUS: 2311 wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS dst=" MACSTR 2312 " type=%d stype=%d", 2313 MAC2STR(data->tx_status.dst), 2314 data->tx_status.type, data->tx_status.stype); 2315#ifdef CONFIG_AP 2316 if (wpa_s->ap_iface == NULL) { 2317#ifdef CONFIG_OFFCHANNEL 2318 if (data->tx_status.type == WLAN_FC_TYPE_MGMT && 2319 data->tx_status.stype == WLAN_FC_STYPE_ACTION) 2320 offchannel_send_action_tx_status( 2321 wpa_s, data->tx_status.dst, 2322 data->tx_status.data, 2323 data->tx_status.data_len, 2324 data->tx_status.ack ? 2325 OFFCHANNEL_SEND_ACTION_SUCCESS : 2326 OFFCHANNEL_SEND_ACTION_NO_ACK); 2327#endif /* CONFIG_OFFCHANNEL */ 2328 break; 2329 } 2330#endif /* CONFIG_AP */ 2331#ifdef CONFIG_OFFCHANNEL 2332 wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS pending_dst=" 2333 MACSTR, MAC2STR(wpa_s->parent->pending_action_dst)); 2334 /* 2335 * Catch TX status events for Action frames we sent via group 2336 * interface in GO mode. 2337 */ 2338 if (data->tx_status.type == WLAN_FC_TYPE_MGMT && 2339 data->tx_status.stype == WLAN_FC_STYPE_ACTION && 2340 os_memcmp(wpa_s->parent->pending_action_dst, 2341 data->tx_status.dst, ETH_ALEN) == 0) { 2342 offchannel_send_action_tx_status( 2343 wpa_s->parent, data->tx_status.dst, 2344 data->tx_status.data, 2345 data->tx_status.data_len, 2346 data->tx_status.ack ? 2347 OFFCHANNEL_SEND_ACTION_SUCCESS : 2348 OFFCHANNEL_SEND_ACTION_NO_ACK); 2349 break; 2350 } 2351#endif /* CONFIG_OFFCHANNEL */ 2352#ifdef CONFIG_AP 2353 switch (data->tx_status.type) { 2354 case WLAN_FC_TYPE_MGMT: 2355 ap_mgmt_tx_cb(wpa_s, data->tx_status.data, 2356 data->tx_status.data_len, 2357 data->tx_status.stype, 2358 data->tx_status.ack); 2359 break; 2360 case WLAN_FC_TYPE_DATA: 2361 ap_tx_status(wpa_s, data->tx_status.dst, 2362 data->tx_status.data, 2363 data->tx_status.data_len, 2364 data->tx_status.ack); 2365 break; 2366 } 2367#endif /* CONFIG_AP */ 2368 break; 2369#ifdef CONFIG_AP 2370 case EVENT_EAPOL_TX_STATUS: 2371 ap_eapol_tx_status(wpa_s, data->eapol_tx_status.dst, 2372 data->eapol_tx_status.data, 2373 data->eapol_tx_status.data_len, 2374 data->eapol_tx_status.ack); 2375 break; 2376 case EVENT_DRIVER_CLIENT_POLL_OK: 2377 ap_client_poll_ok(wpa_s, data->client_poll.addr); 2378 break; 2379 case EVENT_RX_FROM_UNKNOWN: 2380 if (wpa_s->ap_iface == NULL) 2381 break; 2382 ap_rx_from_unknown_sta(wpa_s, data->rx_from_unknown.addr, 2383 data->rx_from_unknown.wds); 2384 break; 2385 case EVENT_RX_MGMT: 2386 if (wpa_s->ap_iface == NULL) { 2387#ifdef CONFIG_P2P 2388 u16 fc, stype; 2389 const struct ieee80211_mgmt *mgmt; 2390 mgmt = (const struct ieee80211_mgmt *) 2391 data->rx_mgmt.frame; 2392 fc = le_to_host16(mgmt->frame_control); 2393 stype = WLAN_FC_GET_STYPE(fc); 2394 if (stype == WLAN_FC_STYPE_PROBE_REQ && 2395 data->rx_mgmt.frame_len > 24) { 2396 const u8 *src = mgmt->sa; 2397 const u8 *ie = mgmt->u.probe_req.variable; 2398 size_t ie_len = data->rx_mgmt.frame_len - 2399 (mgmt->u.probe_req.variable - 2400 data->rx_mgmt.frame); 2401 wpas_p2p_probe_req_rx(wpa_s, src, mgmt->da, 2402 mgmt->bssid, ie, ie_len); 2403 break; 2404 } 2405#endif /* CONFIG_P2P */ 2406 wpa_dbg(wpa_s, MSG_DEBUG, "AP: ignore received " 2407 "management frame in non-AP mode"); 2408 break; 2409 } 2410 ap_mgmt_rx(wpa_s, &data->rx_mgmt); 2411 break; 2412#endif /* CONFIG_AP */ 2413 case EVENT_RX_ACTION: 2414 wpa_dbg(wpa_s, MSG_DEBUG, "Received Action frame: SA=" MACSTR 2415 " Category=%u DataLen=%d freq=%d MHz", 2416 MAC2STR(data->rx_action.sa), 2417 data->rx_action.category, (int) data->rx_action.len, 2418 data->rx_action.freq); 2419#ifdef CONFIG_IEEE80211R 2420 if (data->rx_action.category == WLAN_ACTION_FT) { 2421 ft_rx_action(wpa_s, data->rx_action.data, 2422 data->rx_action.len); 2423 break; 2424 } 2425#endif /* CONFIG_IEEE80211R */ 2426#ifdef CONFIG_IEEE80211W 2427#ifdef CONFIG_SME 2428 if (data->rx_action.category == WLAN_ACTION_SA_QUERY) { 2429 sme_sa_query_rx(wpa_s, data->rx_action.sa, 2430 data->rx_action.data, 2431 data->rx_action.len); 2432 break; 2433 } 2434#endif /* CONFIG_SME */ 2435#endif /* CONFIG_IEEE80211W */ 2436#ifdef CONFIG_GAS 2437 if (data->rx_action.category == WLAN_ACTION_PUBLIC && 2438 gas_query_rx(wpa_s->gas, data->rx_action.da, 2439 data->rx_action.sa, data->rx_action.bssid, 2440 data->rx_action.data, data->rx_action.len, 2441 data->rx_action.freq) == 0) 2442 break; 2443#endif /* CONFIG_GAS */ 2444 if (data->rx_action.category == WLAN_ACTION_WNM) { 2445 wnm_action_rx(wpa_s, &data->rx_action); 2446 break; 2447 } 2448#ifdef CONFIG_TDLS 2449 if (data->rx_action.category == WLAN_ACTION_PUBLIC && 2450 data->rx_action.len >= 4 && 2451 data->rx_action.data[0] == WLAN_TDLS_DISCOVERY_RESPONSE) { 2452 wpa_dbg(wpa_s, MSG_DEBUG, "TDLS: Received Discovery " 2453 "Response from " MACSTR, 2454 MAC2STR(data->rx_action.sa)); 2455 break; 2456 } 2457#endif /* CONFIG_TDLS */ 2458#ifdef CONFIG_P2P 2459 wpas_p2p_rx_action(wpa_s, data->rx_action.da, 2460 data->rx_action.sa, 2461 data->rx_action.bssid, 2462 data->rx_action.category, 2463 data->rx_action.data, 2464 data->rx_action.len, data->rx_action.freq); 2465#endif /* CONFIG_P2P */ 2466 break; 2467 case EVENT_RX_PROBE_REQ: 2468 if (data->rx_probe_req.sa == NULL || 2469 data->rx_probe_req.ie == NULL) 2470 break; 2471#ifdef CONFIG_AP 2472 if (wpa_s->ap_iface) { 2473 hostapd_probe_req_rx(wpa_s->ap_iface->bss[0], 2474 data->rx_probe_req.sa, 2475 data->rx_probe_req.da, 2476 data->rx_probe_req.bssid, 2477 data->rx_probe_req.ie, 2478 data->rx_probe_req.ie_len); 2479 break; 2480 } 2481#endif /* CONFIG_AP */ 2482#ifdef CONFIG_P2P 2483 wpas_p2p_probe_req_rx(wpa_s, data->rx_probe_req.sa, 2484 data->rx_probe_req.da, 2485 data->rx_probe_req.bssid, 2486 data->rx_probe_req.ie, 2487 data->rx_probe_req.ie_len); 2488#endif /* CONFIG_P2P */ 2489 break; 2490 case EVENT_REMAIN_ON_CHANNEL: 2491#ifdef CONFIG_OFFCHANNEL 2492 offchannel_remain_on_channel_cb( 2493 wpa_s, data->remain_on_channel.freq, 2494 data->remain_on_channel.duration); 2495#endif /* CONFIG_OFFCHANNEL */ 2496#ifdef CONFIG_P2P 2497 wpas_p2p_remain_on_channel_cb( 2498 wpa_s, data->remain_on_channel.freq, 2499 data->remain_on_channel.duration); 2500#endif /* CONFIG_P2P */ 2501 break; 2502 case EVENT_CANCEL_REMAIN_ON_CHANNEL: 2503#ifdef CONFIG_OFFCHANNEL 2504 offchannel_cancel_remain_on_channel_cb( 2505 wpa_s, data->remain_on_channel.freq); 2506#endif /* CONFIG_OFFCHANNEL */ 2507#ifdef CONFIG_P2P 2508 wpas_p2p_cancel_remain_on_channel_cb( 2509 wpa_s, data->remain_on_channel.freq); 2510#endif /* CONFIG_P2P */ 2511 break; 2512#ifdef CONFIG_P2P 2513 case EVENT_P2P_DEV_FOUND: { 2514 struct p2p_peer_info peer_info; 2515 2516 os_memset(&peer_info, 0, sizeof(peer_info)); 2517 if (data->p2p_dev_found.dev_addr) 2518 os_memcpy(peer_info.p2p_device_addr, 2519 data->p2p_dev_found.dev_addr, ETH_ALEN); 2520 if (data->p2p_dev_found.pri_dev_type) 2521 os_memcpy(peer_info.pri_dev_type, 2522 data->p2p_dev_found.pri_dev_type, 2523 sizeof(peer_info.pri_dev_type)); 2524 if (data->p2p_dev_found.dev_name) 2525 os_strlcpy(peer_info.device_name, 2526 data->p2p_dev_found.dev_name, 2527 sizeof(peer_info.device_name)); 2528 peer_info.config_methods = data->p2p_dev_found.config_methods; 2529 peer_info.dev_capab = data->p2p_dev_found.dev_capab; 2530 peer_info.group_capab = data->p2p_dev_found.group_capab; 2531 2532 /* 2533 * FIX: new_device=1 is not necessarily correct. We should 2534 * maintain a P2P peer database in wpa_supplicant and update 2535 * this information based on whether the peer is truly new. 2536 */ 2537 wpas_dev_found(wpa_s, data->p2p_dev_found.addr, &peer_info, 1); 2538 break; 2539 } 2540 case EVENT_P2P_GO_NEG_REQ_RX: 2541 wpas_go_neg_req_rx(wpa_s, data->p2p_go_neg_req_rx.src, 2542 data->p2p_go_neg_req_rx.dev_passwd_id); 2543 break; 2544 case EVENT_P2P_GO_NEG_COMPLETED: 2545 wpas_go_neg_completed(wpa_s, data->p2p_go_neg_completed.res); 2546 break; 2547 case EVENT_P2P_PROV_DISC_REQUEST: 2548 wpas_prov_disc_req(wpa_s, data->p2p_prov_disc_req.peer, 2549 data->p2p_prov_disc_req.config_methods, 2550 data->p2p_prov_disc_req.dev_addr, 2551 data->p2p_prov_disc_req.pri_dev_type, 2552 data->p2p_prov_disc_req.dev_name, 2553 data->p2p_prov_disc_req.supp_config_methods, 2554 data->p2p_prov_disc_req.dev_capab, 2555 data->p2p_prov_disc_req.group_capab, 2556 NULL, 0); 2557 break; 2558 case EVENT_P2P_PROV_DISC_RESPONSE: 2559 wpas_prov_disc_resp(wpa_s, data->p2p_prov_disc_resp.peer, 2560 data->p2p_prov_disc_resp.config_methods); 2561 break; 2562 case EVENT_P2P_SD_REQUEST: 2563 wpas_sd_request(wpa_s, data->p2p_sd_req.freq, 2564 data->p2p_sd_req.sa, 2565 data->p2p_sd_req.dialog_token, 2566 data->p2p_sd_req.update_indic, 2567 data->p2p_sd_req.tlvs, 2568 data->p2p_sd_req.tlvs_len); 2569 break; 2570 case EVENT_P2P_SD_RESPONSE: 2571 wpas_sd_response(wpa_s, data->p2p_sd_resp.sa, 2572 data->p2p_sd_resp.update_indic, 2573 data->p2p_sd_resp.tlvs, 2574 data->p2p_sd_resp.tlvs_len); 2575 break; 2576#endif /* CONFIG_P2P */ 2577 case EVENT_EAPOL_RX: 2578 wpa_supplicant_rx_eapol(wpa_s, data->eapol_rx.src, 2579 data->eapol_rx.data, 2580 data->eapol_rx.data_len); 2581 break; 2582 case EVENT_SIGNAL_CHANGE: 2583 bgscan_notify_signal_change( 2584 wpa_s, data->signal_change.above_threshold, 2585 data->signal_change.current_signal, 2586 data->signal_change.current_noise, 2587 data->signal_change.current_txrate); 2588 break; 2589 case EVENT_INTERFACE_ENABLED: 2590 wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled"); 2591 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 2592 wpa_supplicant_update_mac_addr(wpa_s); 2593#ifdef CONFIG_AP 2594 if (!wpa_s->ap_iface) { 2595 wpa_supplicant_set_state(wpa_s, 2596 WPA_DISCONNECTED); 2597 wpa_supplicant_req_scan(wpa_s, 0, 0); 2598 } else 2599 wpa_supplicant_set_state(wpa_s, 2600 WPA_COMPLETED); 2601#else /* CONFIG_AP */ 2602 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 2603 wpa_supplicant_req_scan(wpa_s, 0, 0); 2604#endif /* CONFIG_AP */ 2605 } 2606 break; 2607 case EVENT_INTERFACE_DISABLED: 2608 wpa_dbg(wpa_s, MSG_DEBUG, "Interface was disabled"); 2609 wpa_supplicant_mark_disassoc(wpa_s); 2610 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED); 2611 break; 2612 case EVENT_CHANNEL_LIST_CHANGED: 2613 if (wpa_s->drv_priv == NULL) 2614 break; /* Ignore event during drv initialization */ 2615#ifdef CONFIG_P2P 2616 wpas_p2p_update_channel_list(wpa_s); 2617#endif /* CONFIG_P2P */ 2618 break; 2619 case EVENT_INTERFACE_UNAVAILABLE: 2620#ifdef CONFIG_P2P 2621 wpas_p2p_interface_unavailable(wpa_s); 2622#endif /* CONFIG_P2P */ 2623 break; 2624 case EVENT_BEST_CHANNEL: 2625 wpa_dbg(wpa_s, MSG_DEBUG, "Best channel event received " 2626 "(%d %d %d)", 2627 data->best_chan.freq_24, data->best_chan.freq_5, 2628 data->best_chan.freq_overall); 2629 wpa_s->best_24_freq = data->best_chan.freq_24; 2630 wpa_s->best_5_freq = data->best_chan.freq_5; 2631 wpa_s->best_overall_freq = data->best_chan.freq_overall; 2632#ifdef CONFIG_P2P 2633 wpas_p2p_update_best_channels(wpa_s, data->best_chan.freq_24, 2634 data->best_chan.freq_5, 2635 data->best_chan.freq_overall); 2636#endif /* CONFIG_P2P */ 2637 break; 2638 case EVENT_UNPROT_DEAUTH: 2639 wpa_supplicant_event_unprot_deauth(wpa_s, 2640 &data->unprot_deauth); 2641 break; 2642 case EVENT_UNPROT_DISASSOC: 2643 wpa_supplicant_event_unprot_disassoc(wpa_s, 2644 &data->unprot_disassoc); 2645 break; 2646 case EVENT_STATION_LOW_ACK: 2647#ifdef CONFIG_AP 2648 if (wpa_s->ap_iface && data) 2649 hostapd_event_sta_low_ack(wpa_s->ap_iface->bss[0], 2650 data->low_ack.addr); 2651#endif /* CONFIG_AP */ 2652#ifdef CONFIG_TDLS 2653 if (data) 2654 wpa_tdls_disable_link(wpa_s->wpa, data->low_ack.addr); 2655#endif /* CONFIG_TDLS */ 2656 break; 2657 case EVENT_IBSS_PEER_LOST: 2658#ifdef CONFIG_IBSS_RSN 2659 ibss_rsn_stop(wpa_s->ibss_rsn, data->ibss_peer_lost.peer); 2660#endif /* CONFIG_IBSS_RSN */ 2661 break; 2662 case EVENT_DRIVER_GTK_REKEY: 2663 if (os_memcmp(data->driver_gtk_rekey.bssid, 2664 wpa_s->bssid, ETH_ALEN)) 2665 break; 2666 if (!wpa_s->wpa) 2667 break; 2668 wpa_sm_update_replay_ctr(wpa_s->wpa, 2669 data->driver_gtk_rekey.replay_ctr); 2670 break; 2671 case EVENT_SCHED_SCAN_STOPPED: 2672 wpa_s->sched_scanning = 0; 2673 wpa_supplicant_notify_scanning(wpa_s, 0); 2674 2675 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) 2676 break; 2677 2678 /* 2679 * If we timed out, start a new sched scan to continue 2680 * searching for more SSIDs. 2681 */ 2682 if (wpa_s->sched_scan_timed_out) 2683 wpa_supplicant_req_sched_scan(wpa_s); 2684 break; 2685 case EVENT_WPS_BUTTON_PUSHED: 2686#ifdef CONFIG_WPS 2687 wpas_wps_start_pbc(wpa_s, NULL, 0); 2688#endif /* CONFIG_WPS */ 2689 break; 2690 default: 2691 wpa_msg(wpa_s, MSG_INFO, "Unknown event %d", event); 2692 break; 2693 } 2694} 2695