1/* 2 * WPA Supplicant - Driver event processing 3 * Copyright (c) 2003-2017, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#include "common.h" 12#include "eapol_supp/eapol_supp_sm.h" 13#include "rsn_supp/wpa.h" 14#include "eloop.h" 15#include "config.h" 16#include "l2_packet/l2_packet.h" 17#include "wpa_supplicant_i.h" 18#include "driver_i.h" 19#include "pcsc_funcs.h" 20#include "rsn_supp/preauth.h" 21#include "rsn_supp/pmksa_cache.h" 22#include "common/wpa_ctrl.h" 23#include "eap_peer/eap.h" 24#include "ap/hostapd.h" 25#include "p2p/p2p.h" 26#include "fst/fst.h" 27#include "wnm_sta.h" 28#include "notify.h" 29#include "common/ieee802_11_defs.h" 30#include "common/ieee802_11_common.h" 31#include "common/gas_server.h" 32#include "crypto/random.h" 33#include "blacklist.h" 34#include "wpas_glue.h" 35#include "wps_supplicant.h" 36#include "ibss_rsn.h" 37#include "sme.h" 38#include "gas_query.h" 39#include "p2p_supplicant.h" 40#include "bgscan.h" 41#include "autoscan.h" 42#include "ap.h" 43#include "bss.h" 44#include "scan.h" 45#include "offchannel.h" 46#include "interworking.h" 47#include "mesh.h" 48#include "mesh_mpm.h" 49#include "wmm_ac.h" 50#include "dpp_supplicant.h" 51 52 53#ifndef CONFIG_NO_SCAN_PROCESSING 54static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s, 55 int new_scan, int own_request); 56#endif /* CONFIG_NO_SCAN_PROCESSING */ 57 58 59int wpas_temp_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) 60{ 61 struct os_reltime now; 62 63 if (ssid == NULL || ssid->disabled_until.sec == 0) 64 return 0; 65 66 os_get_reltime(&now); 67 if (ssid->disabled_until.sec > now.sec) 68 return ssid->disabled_until.sec - now.sec; 69 70 wpas_clear_temp_disabled(wpa_s, ssid, 0); 71 72 return 0; 73} 74 75 76#ifndef CONFIG_NO_SCAN_PROCESSING 77/** 78 * wpas_reenabled_network_time - Time until first network is re-enabled 79 * @wpa_s: Pointer to wpa_supplicant data 80 * Returns: If all enabled networks are temporarily disabled, returns the time 81 * (in sec) until the first network is re-enabled. Otherwise returns 0. 82 * 83 * This function is used in case all enabled networks are temporarily disabled, 84 * in which case it returns the time (in sec) that the first network will be 85 * re-enabled. The function assumes that at least one network is enabled. 86 */ 87static int wpas_reenabled_network_time(struct wpa_supplicant *wpa_s) 88{ 89 struct wpa_ssid *ssid; 90 int disabled_for, res = 0; 91 92#ifdef CONFIG_INTERWORKING 93 if (wpa_s->conf->auto_interworking && wpa_s->conf->interworking && 94 wpa_s->conf->cred) 95 return 0; 96#endif /* CONFIG_INTERWORKING */ 97 98 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 99 if (ssid->disabled) 100 continue; 101 102 disabled_for = wpas_temp_disabled(wpa_s, ssid); 103 if (!disabled_for) 104 return 0; 105 106 if (!res || disabled_for < res) 107 res = disabled_for; 108 } 109 110 return res; 111} 112#endif /* CONFIG_NO_SCAN_PROCESSING */ 113 114 115void wpas_network_reenabled(void *eloop_ctx, void *timeout_ctx) 116{ 117 struct wpa_supplicant *wpa_s = eloop_ctx; 118 119 if (wpa_s->disconnected || wpa_s->wpa_state != WPA_SCANNING) 120 return; 121 122 wpa_dbg(wpa_s, MSG_DEBUG, 123 "Try to associate due to network getting re-enabled"); 124 if (wpa_supplicant_fast_associate(wpa_s) != 1) { 125 wpa_supplicant_cancel_sched_scan(wpa_s); 126 wpa_supplicant_req_scan(wpa_s, 0, 0); 127 } 128} 129 130 131static struct wpa_bss * wpa_supplicant_get_new_bss( 132 struct wpa_supplicant *wpa_s, const u8 *bssid) 133{ 134 struct wpa_bss *bss = NULL; 135 struct wpa_ssid *ssid = wpa_s->current_ssid; 136 137 if (ssid->ssid_len > 0) 138 bss = wpa_bss_get(wpa_s, bssid, ssid->ssid, ssid->ssid_len); 139 if (!bss) 140 bss = wpa_bss_get_bssid(wpa_s, bssid); 141 142 return bss; 143} 144 145 146static void wpa_supplicant_update_current_bss(struct wpa_supplicant *wpa_s) 147{ 148 struct wpa_bss *bss = wpa_supplicant_get_new_bss(wpa_s, wpa_s->bssid); 149 150 if (!bss) { 151 wpa_supplicant_update_scan_results(wpa_s); 152 153 /* Get the BSS from the new scan results */ 154 bss = wpa_supplicant_get_new_bss(wpa_s, wpa_s->bssid); 155 } 156 157 if (bss) 158 wpa_s->current_bss = bss; 159} 160 161 162static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s) 163{ 164 struct wpa_ssid *ssid, *old_ssid; 165 u8 drv_ssid[SSID_MAX_LEN]; 166 size_t drv_ssid_len; 167 int res; 168 169 if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid) { 170 wpa_supplicant_update_current_bss(wpa_s); 171 172 if (wpa_s->current_ssid->ssid_len == 0) 173 return 0; /* current profile still in use */ 174 res = wpa_drv_get_ssid(wpa_s, drv_ssid); 175 if (res < 0) { 176 wpa_msg(wpa_s, MSG_INFO, 177 "Failed to read SSID from driver"); 178 return 0; /* try to use current profile */ 179 } 180 drv_ssid_len = res; 181 182 if (drv_ssid_len == wpa_s->current_ssid->ssid_len && 183 os_memcmp(drv_ssid, wpa_s->current_ssid->ssid, 184 drv_ssid_len) == 0) 185 return 0; /* current profile still in use */ 186 187 wpa_msg(wpa_s, MSG_DEBUG, 188 "Driver-initiated BSS selection changed the SSID to %s", 189 wpa_ssid_txt(drv_ssid, drv_ssid_len)); 190 /* continue selecting a new network profile */ 191 } 192 193 wpa_dbg(wpa_s, MSG_DEBUG, "Select network based on association " 194 "information"); 195 ssid = wpa_supplicant_get_ssid(wpa_s); 196 if (ssid == NULL) { 197 wpa_msg(wpa_s, MSG_INFO, 198 "No network configuration found for the current AP"); 199 return -1; 200 } 201 202 if (wpas_network_disabled(wpa_s, ssid)) { 203 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is disabled"); 204 return -1; 205 } 206 207 if (disallowed_bssid(wpa_s, wpa_s->bssid) || 208 disallowed_ssid(wpa_s, ssid->ssid, ssid->ssid_len)) { 209 wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS is disallowed"); 210 return -1; 211 } 212 213 res = wpas_temp_disabled(wpa_s, ssid); 214 if (res > 0) { 215 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is temporarily " 216 "disabled for %d second(s)", res); 217 return -1; 218 } 219 220 wpa_dbg(wpa_s, MSG_DEBUG, "Network configuration found for the " 221 "current AP"); 222 if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) { 223 u8 wpa_ie[80]; 224 size_t wpa_ie_len = sizeof(wpa_ie); 225 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid, 226 wpa_ie, &wpa_ie_len) < 0) 227 wpa_dbg(wpa_s, MSG_DEBUG, "Could not set WPA suites"); 228 } else { 229 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 230 } 231 232 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) 233 eapol_sm_invalidate_cached_session(wpa_s->eapol); 234 old_ssid = wpa_s->current_ssid; 235 wpa_s->current_ssid = ssid; 236 237 wpa_supplicant_update_current_bss(wpa_s); 238 239 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid); 240 wpa_supplicant_initiate_eapol(wpa_s); 241 if (old_ssid != wpa_s->current_ssid) 242 wpas_notify_network_changed(wpa_s); 243 244 return 0; 245} 246 247 248void wpa_supplicant_stop_countermeasures(void *eloop_ctx, void *sock_ctx) 249{ 250 struct wpa_supplicant *wpa_s = eloop_ctx; 251 252 if (wpa_s->countermeasures) { 253 wpa_s->countermeasures = 0; 254 wpa_drv_set_countermeasures(wpa_s, 0); 255 wpa_msg(wpa_s, MSG_INFO, "WPA: TKIP countermeasures stopped"); 256 257 /* 258 * It is possible that the device is sched scanning, which means 259 * that a connection attempt will be done only when we receive 260 * scan results. However, in this case, it would be preferable 261 * to scan and connect immediately, so cancel the sched_scan and 262 * issue a regular scan flow. 263 */ 264 wpa_supplicant_cancel_sched_scan(wpa_s); 265 wpa_supplicant_req_scan(wpa_s, 0, 0); 266 } 267} 268 269 270void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s) 271{ 272 int bssid_changed; 273 274 wnm_bss_keep_alive_deinit(wpa_s); 275 276#ifdef CONFIG_IBSS_RSN 277 ibss_rsn_deinit(wpa_s->ibss_rsn); 278 wpa_s->ibss_rsn = NULL; 279#endif /* CONFIG_IBSS_RSN */ 280 281#ifdef CONFIG_AP 282 wpa_supplicant_ap_deinit(wpa_s); 283#endif /* CONFIG_AP */ 284 285#ifdef CONFIG_HS20 286 /* Clear possibly configured frame filters */ 287 wpa_drv_configure_frame_filters(wpa_s, 0); 288#endif /* CONFIG_HS20 */ 289 290 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) 291 return; 292 293 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 294 bssid_changed = !is_zero_ether_addr(wpa_s->bssid); 295 os_memset(wpa_s->bssid, 0, ETH_ALEN); 296 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 297 sme_clear_on_disassoc(wpa_s); 298 wpa_s->current_bss = NULL; 299 wpa_s->assoc_freq = 0; 300 301 if (bssid_changed) 302 wpas_notify_bssid_changed(wpa_s); 303 304 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); 305 eapol_sm_notify_portValid(wpa_s->eapol, FALSE); 306 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || 307 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || 308 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) 309 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); 310 wpa_s->ap_ies_from_associnfo = 0; 311 wpa_s->current_ssid = NULL; 312 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); 313 wpa_s->key_mgmt = 0; 314 315 wpas_rrm_reset(wpa_s); 316 wpa_s->wnmsleep_used = 0; 317 318#ifdef CONFIG_TESTING_OPTIONS 319 wpa_s->last_tk_alg = WPA_ALG_NONE; 320 os_memset(wpa_s->last_tk, 0, sizeof(wpa_s->last_tk)); 321#endif /* CONFIG_TESTING_OPTIONS */ 322} 323 324 325static void wpa_find_assoc_pmkid(struct wpa_supplicant *wpa_s) 326{ 327 struct wpa_ie_data ie; 328 int pmksa_set = -1; 329 size_t i; 330 331 if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 || 332 ie.pmkid == NULL) 333 return; 334 335 for (i = 0; i < ie.num_pmkid; i++) { 336 pmksa_set = pmksa_cache_set_current(wpa_s->wpa, 337 ie.pmkid + i * PMKID_LEN, 338 NULL, NULL, 0, NULL); 339 if (pmksa_set == 0) { 340 eapol_sm_notify_pmkid_attempt(wpa_s->eapol); 341 break; 342 } 343 } 344 345 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID from assoc IE %sfound from " 346 "PMKSA cache", pmksa_set == 0 ? "" : "not "); 347} 348 349 350static void wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant *wpa_s, 351 union wpa_event_data *data) 352{ 353 if (data == NULL) { 354 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: No data in PMKID candidate " 355 "event"); 356 return; 357 } 358 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID candidate event - bssid=" MACSTR 359 " index=%d preauth=%d", 360 MAC2STR(data->pmkid_candidate.bssid), 361 data->pmkid_candidate.index, 362 data->pmkid_candidate.preauth); 363 364 pmksa_candidate_add(wpa_s->wpa, data->pmkid_candidate.bssid, 365 data->pmkid_candidate.index, 366 data->pmkid_candidate.preauth); 367} 368 369 370static int wpa_supplicant_dynamic_keys(struct wpa_supplicant *wpa_s) 371{ 372 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 373 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) 374 return 0; 375 376#ifdef IEEE8021X_EAPOL 377 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA && 378 wpa_s->current_ssid && 379 !(wpa_s->current_ssid->eapol_flags & 380 (EAPOL_FLAG_REQUIRE_KEY_UNICAST | 381 EAPOL_FLAG_REQUIRE_KEY_BROADCAST))) { 382 /* IEEE 802.1X, but not using dynamic WEP keys (i.e., either 383 * plaintext or static WEP keys). */ 384 return 0; 385 } 386#endif /* IEEE8021X_EAPOL */ 387 388 return 1; 389} 390 391 392/** 393 * wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC 394 * @wpa_s: pointer to wpa_supplicant data 395 * @ssid: Configuration data for the network 396 * Returns: 0 on success, -1 on failure 397 * 398 * This function is called when starting authentication with a network that is 399 * configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA). 400 */ 401int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s, 402 struct wpa_ssid *ssid) 403{ 404#ifdef IEEE8021X_EAPOL 405#ifdef PCSC_FUNCS 406 int aka = 0, sim = 0; 407 408 if ((ssid != NULL && ssid->eap.pcsc == NULL) || 409 wpa_s->scard != NULL || wpa_s->conf->external_sim) 410 return 0; 411 412 if (ssid == NULL || ssid->eap.eap_methods == NULL) { 413 sim = 1; 414 aka = 1; 415 } else { 416 struct eap_method_type *eap = ssid->eap.eap_methods; 417 while (eap->vendor != EAP_VENDOR_IETF || 418 eap->method != EAP_TYPE_NONE) { 419 if (eap->vendor == EAP_VENDOR_IETF) { 420 if (eap->method == EAP_TYPE_SIM) 421 sim = 1; 422 else if (eap->method == EAP_TYPE_AKA || 423 eap->method == EAP_TYPE_AKA_PRIME) 424 aka = 1; 425 } 426 eap++; 427 } 428 } 429 430 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL) 431 sim = 0; 432 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL && 433 eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME) == 434 NULL) 435 aka = 0; 436 437 if (!sim && !aka) { 438 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to " 439 "use SIM, but neither EAP-SIM nor EAP-AKA are " 440 "enabled"); 441 return 0; 442 } 443 444 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to use SIM " 445 "(sim=%d aka=%d) - initialize PCSC", sim, aka); 446 447 wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader); 448 if (wpa_s->scard == NULL) { 449 wpa_msg(wpa_s, MSG_WARNING, "Failed to initialize SIM " 450 "(pcsc-lite)"); 451 return -1; 452 } 453 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard); 454 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); 455#endif /* PCSC_FUNCS */ 456#endif /* IEEE8021X_EAPOL */ 457 458 return 0; 459} 460 461 462#ifndef CONFIG_NO_SCAN_PROCESSING 463 464static int has_wep_key(struct wpa_ssid *ssid) 465{ 466 int i; 467 468 for (i = 0; i < NUM_WEP_KEYS; i++) { 469 if (ssid->wep_key_len[i]) 470 return 1; 471 } 472 473 return 0; 474} 475 476 477static int wpa_supplicant_match_privacy(struct wpa_bss *bss, 478 struct wpa_ssid *ssid) 479{ 480 int privacy = 0; 481 482 if (ssid->mixed_cell) 483 return 1; 484 485#ifdef CONFIG_WPS 486 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) 487 return 1; 488#endif /* CONFIG_WPS */ 489 490 if (has_wep_key(ssid)) 491 privacy = 1; 492 493#ifdef IEEE8021X_EAPOL 494 if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && 495 ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST | 496 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) 497 privacy = 1; 498#endif /* IEEE8021X_EAPOL */ 499 500 if (wpa_key_mgmt_wpa(ssid->key_mgmt)) 501 privacy = 1; 502 503 if (ssid->key_mgmt & WPA_KEY_MGMT_OSEN) 504 privacy = 1; 505 506 if (bss->caps & IEEE80211_CAP_PRIVACY) 507 return privacy; 508 return !privacy; 509} 510 511 512static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, 513 struct wpa_ssid *ssid, 514 struct wpa_bss *bss, int debug_print) 515{ 516 struct wpa_ie_data ie; 517 int proto_match = 0; 518 const u8 *rsn_ie, *wpa_ie; 519 int ret; 520 int wep_ok; 521 522 ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss); 523 if (ret >= 0) 524 return ret; 525 526 /* Allow TSN if local configuration accepts WEP use without WPA/WPA2 */ 527 wep_ok = !wpa_key_mgmt_wpa(ssid->key_mgmt) && 528 (((ssid->key_mgmt & WPA_KEY_MGMT_NONE) && 529 ssid->wep_key_len[ssid->wep_tx_keyidx] > 0) || 530 (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)); 531 532 rsn_ie = wpa_bss_get_ie(bss, WLAN_EID_RSN); 533 while ((ssid->proto & WPA_PROTO_RSN) && rsn_ie) { 534 proto_match++; 535 536 if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) { 537 if (debug_print) 538 wpa_dbg(wpa_s, MSG_DEBUG, 539 " skip RSN IE - parse failed"); 540 break; 541 } 542 543 if (wep_ok && 544 (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104))) 545 { 546 if (debug_print) 547 wpa_dbg(wpa_s, MSG_DEBUG, 548 " selected based on TSN in RSN IE"); 549 return 1; 550 } 551 552 if (!(ie.proto & ssid->proto)) { 553 if (debug_print) 554 wpa_dbg(wpa_s, MSG_DEBUG, 555 " skip RSN IE - proto mismatch"); 556 break; 557 } 558 559 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) { 560 if (debug_print) 561 wpa_dbg(wpa_s, MSG_DEBUG, 562 " skip RSN IE - PTK cipher mismatch"); 563 break; 564 } 565 566 if (!(ie.group_cipher & ssid->group_cipher)) { 567 if (debug_print) 568 wpa_dbg(wpa_s, MSG_DEBUG, 569 " skip RSN IE - GTK cipher mismatch"); 570 break; 571 } 572 573 if (ssid->group_mgmt_cipher && 574 !(ie.mgmt_group_cipher & ssid->group_mgmt_cipher)) { 575 if (debug_print) 576 wpa_dbg(wpa_s, MSG_DEBUG, 577 " skip RSN IE - group mgmt cipher mismatch"); 578 break; 579 } 580 581 if (!(ie.key_mgmt & ssid->key_mgmt)) { 582 if (debug_print) 583 wpa_dbg(wpa_s, MSG_DEBUG, 584 " skip RSN IE - key mgmt mismatch"); 585 break; 586 } 587 588#ifdef CONFIG_IEEE80211W 589 if (!(ie.capabilities & WPA_CAPABILITY_MFPC) && 590 wpas_get_ssid_pmf(wpa_s, ssid) == 591 MGMT_FRAME_PROTECTION_REQUIRED) { 592 if (debug_print) 593 wpa_dbg(wpa_s, MSG_DEBUG, 594 " skip RSN IE - no mgmt frame protection"); 595 break; 596 } 597#endif /* CONFIG_IEEE80211W */ 598 if ((ie.capabilities & WPA_CAPABILITY_MFPR) && 599 wpas_get_ssid_pmf(wpa_s, ssid) == 600 NO_MGMT_FRAME_PROTECTION) { 601 if (debug_print) 602 wpa_dbg(wpa_s, MSG_DEBUG, 603 " skip RSN IE - no mgmt frame protection enabled but AP requires it"); 604 break; 605 } 606#ifdef CONFIG_MBO 607 if (!(ie.capabilities & WPA_CAPABILITY_MFPC) && 608 wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_AP_CAPA_IND) && 609 wpas_get_ssid_pmf(wpa_s, ssid) != 610 NO_MGMT_FRAME_PROTECTION) { 611 if (debug_print) 612 wpa_dbg(wpa_s, MSG_DEBUG, 613 " skip RSN IE - no mgmt frame protection enabled on MBO AP"); 614 break; 615 } 616#endif /* CONFIG_MBO */ 617 618 if (debug_print) 619 wpa_dbg(wpa_s, MSG_DEBUG, 620 " selected based on RSN IE"); 621 return 1; 622 } 623 624#ifdef CONFIG_IEEE80211W 625 if (wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) { 626 if (debug_print) 627 wpa_dbg(wpa_s, MSG_DEBUG, 628 " skip - MFP Required but network not MFP Capable"); 629 return 0; 630 } 631#endif /* CONFIG_IEEE80211W */ 632 633 wpa_ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 634 while ((ssid->proto & WPA_PROTO_WPA) && wpa_ie) { 635 proto_match++; 636 637 if (wpa_parse_wpa_ie(wpa_ie, 2 + wpa_ie[1], &ie)) { 638 if (debug_print) 639 wpa_dbg(wpa_s, MSG_DEBUG, 640 " skip WPA IE - parse failed"); 641 break; 642 } 643 644 if (wep_ok && 645 (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104))) 646 { 647 if (debug_print) 648 wpa_dbg(wpa_s, MSG_DEBUG, 649 " selected based on TSN in WPA IE"); 650 return 1; 651 } 652 653 if (!(ie.proto & ssid->proto)) { 654 if (debug_print) 655 wpa_dbg(wpa_s, MSG_DEBUG, 656 " skip WPA IE - proto mismatch"); 657 break; 658 } 659 660 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) { 661 if (debug_print) 662 wpa_dbg(wpa_s, MSG_DEBUG, 663 " skip WPA IE - PTK cipher mismatch"); 664 break; 665 } 666 667 if (!(ie.group_cipher & ssid->group_cipher)) { 668 if (debug_print) 669 wpa_dbg(wpa_s, MSG_DEBUG, 670 " skip WPA IE - GTK cipher mismatch"); 671 break; 672 } 673 674 if (!(ie.key_mgmt & ssid->key_mgmt)) { 675 if (debug_print) 676 wpa_dbg(wpa_s, MSG_DEBUG, 677 " skip WPA IE - key mgmt mismatch"); 678 break; 679 } 680 681 if (debug_print) 682 wpa_dbg(wpa_s, MSG_DEBUG, 683 " selected based on WPA IE"); 684 return 1; 685 } 686 687 if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && !wpa_ie && 688 !rsn_ie) { 689 if (debug_print) 690 wpa_dbg(wpa_s, MSG_DEBUG, 691 " allow for non-WPA IEEE 802.1X"); 692 return 1; 693 } 694 695 if ((ssid->proto & (WPA_PROTO_WPA | WPA_PROTO_RSN)) && 696 wpa_key_mgmt_wpa(ssid->key_mgmt) && proto_match == 0) { 697 if (debug_print) 698 wpa_dbg(wpa_s, MSG_DEBUG, 699 " skip - no WPA/RSN proto match"); 700 return 0; 701 } 702 703 if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) && 704 wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE)) { 705 if (debug_print) 706 wpa_dbg(wpa_s, MSG_DEBUG, " allow in OSEN"); 707 return 1; 708 } 709 710 if (!wpa_key_mgmt_wpa(ssid->key_mgmt)) { 711 if (debug_print) 712 wpa_dbg(wpa_s, MSG_DEBUG, " allow in non-WPA/WPA2"); 713 return 1; 714 } 715 716 if (debug_print) 717 wpa_dbg(wpa_s, MSG_DEBUG, 718 " reject due to mismatch with WPA/WPA2"); 719 720 return 0; 721} 722 723 724static int freq_allowed(int *freqs, int freq) 725{ 726 int i; 727 728 if (freqs == NULL) 729 return 1; 730 731 for (i = 0; freqs[i]; i++) 732 if (freqs[i] == freq) 733 return 1; 734 return 0; 735} 736 737 738static int rate_match(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, 739 int debug_print) 740{ 741 const struct hostapd_hw_modes *mode = NULL, *modes; 742 const u8 scan_ie[2] = { WLAN_EID_SUPP_RATES, WLAN_EID_EXT_SUPP_RATES }; 743 const u8 *rate_ie; 744 int i, j, k; 745 746 if (bss->freq == 0) 747 return 1; /* Cannot do matching without knowing band */ 748 749 modes = wpa_s->hw.modes; 750 if (modes == NULL) { 751 /* 752 * The driver does not provide any additional information 753 * about the utilized hardware, so allow the connection attempt 754 * to continue. 755 */ 756 return 1; 757 } 758 759 for (i = 0; i < wpa_s->hw.num_modes; i++) { 760 for (j = 0; j < modes[i].num_channels; j++) { 761 int freq = modes[i].channels[j].freq; 762 if (freq == bss->freq) { 763 if (mode && 764 mode->mode == HOSTAPD_MODE_IEEE80211G) 765 break; /* do not allow 802.11b replace 766 * 802.11g */ 767 mode = &modes[i]; 768 break; 769 } 770 } 771 } 772 773 if (mode == NULL) 774 return 0; 775 776 for (i = 0; i < (int) sizeof(scan_ie); i++) { 777 rate_ie = wpa_bss_get_ie(bss, scan_ie[i]); 778 if (rate_ie == NULL) 779 continue; 780 781 for (j = 2; j < rate_ie[1] + 2; j++) { 782 int flagged = !!(rate_ie[j] & 0x80); 783 int r = (rate_ie[j] & 0x7f) * 5; 784 785 /* 786 * IEEE Std 802.11n-2009 7.3.2.2: 787 * The new BSS Membership selector value is encoded 788 * like a legacy basic rate, but it is not a rate and 789 * only indicates if the BSS members are required to 790 * support the mandatory features of Clause 20 [HT PHY] 791 * in order to join the BSS. 792 */ 793 if (flagged && ((rate_ie[j] & 0x7f) == 794 BSS_MEMBERSHIP_SELECTOR_HT_PHY)) { 795 if (!ht_supported(mode)) { 796 if (debug_print) 797 wpa_dbg(wpa_s, MSG_DEBUG, 798 " hardware does not support HT PHY"); 799 return 0; 800 } 801 continue; 802 } 803 804 /* There's also a VHT selector for 802.11ac */ 805 if (flagged && ((rate_ie[j] & 0x7f) == 806 BSS_MEMBERSHIP_SELECTOR_VHT_PHY)) { 807 if (!vht_supported(mode)) { 808 if (debug_print) 809 wpa_dbg(wpa_s, MSG_DEBUG, 810 " hardware does not support VHT PHY"); 811 return 0; 812 } 813 continue; 814 } 815 816 if (!flagged) 817 continue; 818 819 /* check for legacy basic rates */ 820 for (k = 0; k < mode->num_rates; k++) { 821 if (mode->rates[k] == r) 822 break; 823 } 824 if (k == mode->num_rates) { 825 /* 826 * IEEE Std 802.11-2007 7.3.2.2 demands that in 827 * order to join a BSS all required rates 828 * have to be supported by the hardware. 829 */ 830 if (debug_print) 831 wpa_dbg(wpa_s, MSG_DEBUG, 832 " hardware does not support required rate %d.%d Mbps (freq=%d mode==%d num_rates=%d)", 833 r / 10, r % 10, 834 bss->freq, mode->mode, mode->num_rates); 835 return 0; 836 } 837 } 838 } 839 840 return 1; 841} 842 843 844/* 845 * Test whether BSS is in an ESS. 846 * This is done differently in DMG (60 GHz) and non-DMG bands 847 */ 848static int bss_is_ess(struct wpa_bss *bss) 849{ 850 if (bss_is_dmg(bss)) { 851 return (bss->caps & IEEE80211_CAP_DMG_MASK) == 852 IEEE80211_CAP_DMG_AP; 853 } 854 855 return ((bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) == 856 IEEE80211_CAP_ESS); 857} 858 859 860static int match_mac_mask(const u8 *addr_a, const u8 *addr_b, const u8 *mask) 861{ 862 size_t i; 863 864 for (i = 0; i < ETH_ALEN; i++) { 865 if ((addr_a[i] & mask[i]) != (addr_b[i] & mask[i])) 866 return 0; 867 } 868 return 1; 869} 870 871 872static int addr_in_list(const u8 *addr, const u8 *list, size_t num) 873{ 874 size_t i; 875 876 for (i = 0; i < num; i++) { 877 const u8 *a = list + i * ETH_ALEN * 2; 878 const u8 *m = a + ETH_ALEN; 879 880 if (match_mac_mask(a, addr, m)) 881 return 1; 882 } 883 return 0; 884} 885 886 887static void owe_trans_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, 888 const u8 **ret_ssid, size_t *ret_ssid_len) 889{ 890#ifdef CONFIG_OWE 891 const u8 *owe, *pos, *end, *bssid; 892 u8 ssid_len; 893 struct wpa_bss *open_bss; 894 895 owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE); 896 if (!owe || !wpa_bss_get_ie(bss, WLAN_EID_RSN)) 897 return; 898 899 pos = owe + 6; 900 end = owe + 2 + owe[1]; 901 902 if (end - pos < ETH_ALEN + 1) 903 return; 904 bssid = pos; 905 pos += ETH_ALEN; 906 ssid_len = *pos++; 907 if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN) 908 return; 909 910 /* Match the profile SSID against the OWE transition mode SSID on the 911 * open network. */ 912 wpa_dbg(wpa_s, MSG_DEBUG, "OWE: transition mode BSSID: " MACSTR 913 " SSID: %s", MAC2STR(bssid), wpa_ssid_txt(pos, ssid_len)); 914 *ret_ssid = pos; 915 *ret_ssid_len = ssid_len; 916 917 if (bss->ssid_len > 0) 918 return; 919 920 open_bss = wpa_bss_get_bssid_latest(wpa_s, bssid); 921 if (!open_bss) 922 return; 923 if (ssid_len != open_bss->ssid_len || 924 os_memcmp(pos, open_bss->ssid, ssid_len) != 0) { 925 wpa_dbg(wpa_s, MSG_DEBUG, 926 "OWE: transition mode SSID mismatch: %s", 927 wpa_ssid_txt(open_bss->ssid, open_bss->ssid_len)); 928 return; 929 } 930 931 owe = wpa_bss_get_vendor_ie(open_bss, OWE_IE_VENDOR_TYPE); 932 if (!owe || wpa_bss_get_ie(open_bss, WLAN_EID_RSN)) { 933 wpa_dbg(wpa_s, MSG_DEBUG, 934 "OWE: transition mode open BSS unexpected info"); 935 return; 936 } 937 938 pos = owe + 6; 939 end = owe + 2 + owe[1]; 940 941 if (end - pos < ETH_ALEN + 1) 942 return; 943 if (os_memcmp(pos, bss->bssid, ETH_ALEN) != 0) { 944 wpa_dbg(wpa_s, MSG_DEBUG, 945 "OWE: transition mode BSSID mismatch: " MACSTR, 946 MAC2STR(pos)); 947 return; 948 } 949 pos += ETH_ALEN; 950 ssid_len = *pos++; 951 if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN) 952 return; 953 wpa_dbg(wpa_s, MSG_DEBUG, "OWE: learned transition mode OWE SSID: %s", 954 wpa_ssid_txt(pos, ssid_len)); 955 os_memcpy(bss->ssid, pos, ssid_len); 956 bss->ssid_len = ssid_len; 957#endif /* CONFIG_OWE */ 958} 959 960 961struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s, 962 int i, struct wpa_bss *bss, 963 struct wpa_ssid *group, 964 int only_first_ssid, int debug_print) 965{ 966 u8 wpa_ie_len, rsn_ie_len; 967 int wpa; 968 struct wpa_blacklist *e; 969 const u8 *ie; 970 struct wpa_ssid *ssid; 971 int osen; 972#ifdef CONFIG_MBO 973 const u8 *assoc_disallow; 974#endif /* CONFIG_MBO */ 975 const u8 *match_ssid; 976 size_t match_ssid_len; 977 978 ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 979 wpa_ie_len = ie ? ie[1] : 0; 980 981 ie = wpa_bss_get_ie(bss, WLAN_EID_RSN); 982 rsn_ie_len = ie ? ie[1] : 0; 983 984 ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE); 985 osen = ie != NULL; 986 987 if (debug_print) { 988 wpa_dbg(wpa_s, MSG_DEBUG, "%d: " MACSTR 989 " ssid='%s' wpa_ie_len=%u rsn_ie_len=%u caps=0x%x level=%d freq=%d %s%s%s", 990 i, MAC2STR(bss->bssid), 991 wpa_ssid_txt(bss->ssid, bss->ssid_len), 992 wpa_ie_len, rsn_ie_len, bss->caps, bss->level, 993 bss->freq, 994 wpa_bss_get_vendor_ie(bss, WPS_IE_VENDOR_TYPE) ? 995 " wps" : "", 996 (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) || 997 wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE)) 998 ? " p2p" : "", 999 osen ? " osen=1" : ""); 1000 } 1001 1002 e = wpa_blacklist_get(wpa_s, bss->bssid); 1003 if (e) { 1004 int limit = 1; 1005 if (wpa_supplicant_enabled_networks(wpa_s) == 1) { 1006 /* 1007 * When only a single network is enabled, we can 1008 * trigger blacklisting on the first failure. This 1009 * should not be done with multiple enabled networks to 1010 * avoid getting forced to move into a worse ESS on 1011 * single error if there are no other BSSes of the 1012 * current ESS. 1013 */ 1014 limit = 0; 1015 } 1016 if (e->count > limit) { 1017 if (debug_print) { 1018 wpa_dbg(wpa_s, MSG_DEBUG, 1019 " skip - blacklisted (count=%d limit=%d)", 1020 e->count, limit); 1021 } 1022 return NULL; 1023 } 1024 } 1025 1026 match_ssid = bss->ssid; 1027 match_ssid_len = bss->ssid_len; 1028 owe_trans_ssid(wpa_s, bss, &match_ssid, &match_ssid_len); 1029 1030 if (match_ssid_len == 0) { 1031 if (debug_print) 1032 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID not known"); 1033 return NULL; 1034 } 1035 1036 if (disallowed_bssid(wpa_s, bss->bssid)) { 1037 if (debug_print) 1038 wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID disallowed"); 1039 return NULL; 1040 } 1041 1042 if (disallowed_ssid(wpa_s, match_ssid, match_ssid_len)) { 1043 if (debug_print) 1044 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID disallowed"); 1045 return NULL; 1046 } 1047 1048 wpa = wpa_ie_len > 0 || rsn_ie_len > 0; 1049 1050 for (ssid = group; ssid; ssid = only_first_ssid ? NULL : ssid->pnext) { 1051 int check_ssid = wpa ? 1 : (ssid->ssid_len != 0); 1052 int res; 1053 1054 if (wpas_network_disabled(wpa_s, ssid)) { 1055 if (debug_print) 1056 wpa_dbg(wpa_s, MSG_DEBUG, " skip - disabled"); 1057 continue; 1058 } 1059 1060 res = wpas_temp_disabled(wpa_s, ssid); 1061 if (res > 0) { 1062 if (debug_print) 1063 wpa_dbg(wpa_s, MSG_DEBUG, 1064 " skip - disabled temporarily for %d second(s)", 1065 res); 1066 continue; 1067 } 1068 1069#ifdef CONFIG_WPS 1070 if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && e && e->count > 0) { 1071 if (debug_print) 1072 wpa_dbg(wpa_s, MSG_DEBUG, 1073 " skip - blacklisted (WPS)"); 1074 continue; 1075 } 1076 1077 if (wpa && ssid->ssid_len == 0 && 1078 wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss)) 1079 check_ssid = 0; 1080 1081 if (!wpa && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { 1082 /* Only allow wildcard SSID match if an AP 1083 * advertises active WPS operation that matches 1084 * with our mode. */ 1085 check_ssid = 1; 1086 if (ssid->ssid_len == 0 && 1087 wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss)) 1088 check_ssid = 0; 1089 } 1090#endif /* CONFIG_WPS */ 1091 1092 if (ssid->bssid_set && ssid->ssid_len == 0 && 1093 os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) == 0) 1094 check_ssid = 0; 1095 1096 if (check_ssid && 1097 (match_ssid_len != ssid->ssid_len || 1098 os_memcmp(match_ssid, ssid->ssid, match_ssid_len) != 0)) { 1099 if (debug_print) 1100 wpa_dbg(wpa_s, MSG_DEBUG, 1101 " skip - SSID mismatch"); 1102 continue; 1103 } 1104 1105 if (ssid->bssid_set && 1106 os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0) { 1107 if (debug_print) 1108 wpa_dbg(wpa_s, MSG_DEBUG, 1109 " skip - BSSID mismatch"); 1110 continue; 1111 } 1112 1113 /* check blacklist */ 1114 if (ssid->num_bssid_blacklist && 1115 addr_in_list(bss->bssid, ssid->bssid_blacklist, 1116 ssid->num_bssid_blacklist)) { 1117 if (debug_print) 1118 wpa_dbg(wpa_s, MSG_DEBUG, 1119 " skip - BSSID blacklisted"); 1120 continue; 1121 } 1122 1123 /* if there is a whitelist, only accept those APs */ 1124 if (ssid->num_bssid_whitelist && 1125 !addr_in_list(bss->bssid, ssid->bssid_whitelist, 1126 ssid->num_bssid_whitelist)) { 1127 if (debug_print) 1128 wpa_dbg(wpa_s, MSG_DEBUG, 1129 " skip - BSSID not in whitelist"); 1130 continue; 1131 } 1132 1133 if (!wpa_supplicant_ssid_bss_match(wpa_s, ssid, bss, 1134 debug_print)) 1135 continue; 1136 1137 if (!osen && !wpa && 1138 !(ssid->key_mgmt & WPA_KEY_MGMT_NONE) && 1139 !(ssid->key_mgmt & WPA_KEY_MGMT_WPS) && 1140 !(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) { 1141 if (debug_print) 1142 wpa_dbg(wpa_s, MSG_DEBUG, 1143 " skip - non-WPA network not allowed"); 1144 continue; 1145 } 1146 1147 if (wpa && !wpa_key_mgmt_wpa(ssid->key_mgmt) && 1148 has_wep_key(ssid)) { 1149 if (debug_print) 1150 wpa_dbg(wpa_s, MSG_DEBUG, 1151 " skip - ignore WPA/WPA2 AP for WEP network block"); 1152 continue; 1153 } 1154 1155 if ((ssid->key_mgmt & WPA_KEY_MGMT_OSEN) && !osen) { 1156 if (debug_print) 1157 wpa_dbg(wpa_s, MSG_DEBUG, 1158 " skip - non-OSEN network not allowed"); 1159 continue; 1160 } 1161 1162 if (!wpa_supplicant_match_privacy(bss, ssid)) { 1163 if (debug_print) 1164 wpa_dbg(wpa_s, MSG_DEBUG, 1165 " skip - privacy mismatch"); 1166 continue; 1167 } 1168 1169 if (ssid->mode != IEEE80211_MODE_MESH && !bss_is_ess(bss) && 1170 !bss_is_pbss(bss)) { 1171 if (debug_print) 1172 wpa_dbg(wpa_s, MSG_DEBUG, 1173 " skip - not ESS, PBSS, or MBSS"); 1174 continue; 1175 } 1176 1177 if (ssid->pbss != 2 && ssid->pbss != bss_is_pbss(bss)) { 1178 if (debug_print) 1179 wpa_dbg(wpa_s, MSG_DEBUG, 1180 " skip - PBSS mismatch (ssid %d bss %d)", 1181 ssid->pbss, bss_is_pbss(bss)); 1182 continue; 1183 } 1184 1185 if (!freq_allowed(ssid->freq_list, bss->freq)) { 1186 if (debug_print) 1187 wpa_dbg(wpa_s, MSG_DEBUG, 1188 " skip - frequency not allowed"); 1189 continue; 1190 } 1191 1192#ifdef CONFIG_MESH 1193 if (ssid->mode == IEEE80211_MODE_MESH && ssid->frequency > 0 && 1194 ssid->frequency != bss->freq) { 1195 if (debug_print) 1196 wpa_dbg(wpa_s, MSG_DEBUG, 1197 " skip - frequency not allowed (mesh)"); 1198 continue; 1199 } 1200#endif /* CONFIG_MESH */ 1201 1202 if (!rate_match(wpa_s, bss, debug_print)) { 1203 if (debug_print) 1204 wpa_dbg(wpa_s, MSG_DEBUG, 1205 " skip - rate sets do not match"); 1206 continue; 1207 } 1208 1209#ifndef CONFIG_IBSS_RSN 1210 if (ssid->mode == WPAS_MODE_IBSS && 1211 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | 1212 WPA_KEY_MGMT_WPA_NONE))) { 1213 if (debug_print) 1214 wpa_dbg(wpa_s, MSG_DEBUG, 1215 " skip - IBSS RSN not supported in the build"); 1216 continue; 1217 } 1218#endif /* !CONFIG_IBSS_RSN */ 1219 1220#ifdef CONFIG_P2P 1221 if (ssid->p2p_group && 1222 !wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) && 1223 !wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE)) { 1224 if (debug_print) 1225 wpa_dbg(wpa_s, MSG_DEBUG, 1226 " skip - no P2P IE seen"); 1227 continue; 1228 } 1229 1230 if (!is_zero_ether_addr(ssid->go_p2p_dev_addr)) { 1231 struct wpabuf *p2p_ie; 1232 u8 dev_addr[ETH_ALEN]; 1233 1234 ie = wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE); 1235 if (ie == NULL) { 1236 if (debug_print) 1237 wpa_dbg(wpa_s, MSG_DEBUG, 1238 " skip - no P2P element"); 1239 continue; 1240 } 1241 p2p_ie = wpa_bss_get_vendor_ie_multi( 1242 bss, P2P_IE_VENDOR_TYPE); 1243 if (p2p_ie == NULL) { 1244 if (debug_print) 1245 wpa_dbg(wpa_s, MSG_DEBUG, 1246 " skip - could not fetch P2P element"); 1247 continue; 1248 } 1249 1250 if (p2p_parse_dev_addr_in_p2p_ie(p2p_ie, dev_addr) < 0 1251 || os_memcmp(dev_addr, ssid->go_p2p_dev_addr, 1252 ETH_ALEN) != 0) { 1253 if (debug_print) 1254 wpa_dbg(wpa_s, MSG_DEBUG, 1255 " skip - no matching GO P2P Device Address in P2P element"); 1256 wpabuf_free(p2p_ie); 1257 continue; 1258 } 1259 wpabuf_free(p2p_ie); 1260 } 1261 1262 /* 1263 * TODO: skip the AP if its P2P IE has Group Formation 1264 * bit set in the P2P Group Capability Bitmap and we 1265 * are not in Group Formation with that device. 1266 */ 1267#endif /* CONFIG_P2P */ 1268 1269 if (os_reltime_before(&bss->last_update, &wpa_s->scan_min_time)) 1270 { 1271 struct os_reltime diff; 1272 1273 os_reltime_sub(&wpa_s->scan_min_time, 1274 &bss->last_update, &diff); 1275 if (debug_print) 1276 wpa_dbg(wpa_s, MSG_DEBUG, 1277 " skip - scan result not recent enough (%u.%06u seconds too old)", 1278 (unsigned int) diff.sec, 1279 (unsigned int) diff.usec); 1280 continue; 1281 } 1282#ifdef CONFIG_MBO 1283#ifdef CONFIG_TESTING_OPTIONS 1284 if (wpa_s->ignore_assoc_disallow) 1285 goto skip_assoc_disallow; 1286#endif /* CONFIG_TESTING_OPTIONS */ 1287 assoc_disallow = wpas_mbo_get_bss_attr( 1288 bss, MBO_ATTR_ID_ASSOC_DISALLOW); 1289 if (assoc_disallow && assoc_disallow[1] >= 1) { 1290 if (debug_print) 1291 wpa_dbg(wpa_s, MSG_DEBUG, 1292 " skip - MBO association disallowed (reason %u)", 1293 assoc_disallow[2]); 1294 continue; 1295 } 1296 1297 if (wpa_is_bss_tmp_disallowed(wpa_s, bss->bssid)) { 1298 if (debug_print) 1299 wpa_dbg(wpa_s, MSG_DEBUG, 1300 " skip - MBO retry delay has not passed yet"); 1301 continue; 1302 } 1303#ifdef CONFIG_TESTING_OPTIONS 1304 skip_assoc_disallow: 1305#endif /* CONFIG_TESTING_OPTIONS */ 1306#endif /* CONFIG_MBO */ 1307 1308#ifdef CONFIG_DPP 1309 if ((ssid->key_mgmt & WPA_KEY_MGMT_DPP) && 1310 !wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, ssid) && 1311 (!ssid->dpp_connector || 1312 !ssid->dpp_netaccesskey || 1313 !ssid->dpp_csign)) { 1314 if (debug_print) 1315 wpa_dbg(wpa_s, MSG_DEBUG, 1316 " skip - no PMKSA entry for DPP"); 1317 continue; 1318 } 1319#endif /* CONFIG_DPP */ 1320 1321 /* Matching configuration found */ 1322 return ssid; 1323 } 1324 1325 /* No matching configuration found */ 1326 return NULL; 1327} 1328 1329 1330static struct wpa_bss * 1331wpa_supplicant_select_bss(struct wpa_supplicant *wpa_s, 1332 struct wpa_ssid *group, 1333 struct wpa_ssid **selected_ssid, 1334 int only_first_ssid) 1335{ 1336 unsigned int i; 1337 1338 if (wpa_s->current_ssid) { 1339 struct wpa_ssid *ssid; 1340 1341 wpa_dbg(wpa_s, MSG_DEBUG, 1342 "Scan results matching the currently selected network"); 1343 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 1344 struct wpa_bss *bss = wpa_s->last_scan_res[i]; 1345 1346 ssid = wpa_scan_res_match(wpa_s, i, bss, group, 1347 only_first_ssid, 0); 1348 if (ssid != wpa_s->current_ssid) 1349 continue; 1350 wpa_dbg(wpa_s, MSG_DEBUG, "%u: " MACSTR 1351 " freq=%d level=%d snr=%d est_throughput=%u", 1352 i, MAC2STR(bss->bssid), bss->freq, bss->level, 1353 bss->snr, bss->est_throughput); 1354 } 1355 } 1356 1357 if (only_first_ssid) 1358 wpa_dbg(wpa_s, MSG_DEBUG, "Try to find BSS matching pre-selected network id=%d", 1359 group->id); 1360 else 1361 wpa_dbg(wpa_s, MSG_DEBUG, "Selecting BSS from priority group %d", 1362 group->priority); 1363 1364 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 1365 struct wpa_bss *bss = wpa_s->last_scan_res[i]; 1366 *selected_ssid = wpa_scan_res_match(wpa_s, i, bss, group, 1367 only_first_ssid, 1); 1368 if (!*selected_ssid) 1369 continue; 1370 wpa_dbg(wpa_s, MSG_DEBUG, " selected BSS " MACSTR 1371 " ssid='%s'", 1372 MAC2STR(bss->bssid), 1373 wpa_ssid_txt(bss->ssid, bss->ssid_len)); 1374 return bss; 1375 } 1376 1377 return NULL; 1378} 1379 1380 1381struct wpa_bss * wpa_supplicant_pick_network(struct wpa_supplicant *wpa_s, 1382 struct wpa_ssid **selected_ssid) 1383{ 1384 struct wpa_bss *selected = NULL; 1385 int prio; 1386 struct wpa_ssid *next_ssid = NULL; 1387 struct wpa_ssid *ssid; 1388 1389 if (wpa_s->last_scan_res == NULL || 1390 wpa_s->last_scan_res_used == 0) 1391 return NULL; /* no scan results from last update */ 1392 1393 if (wpa_s->next_ssid) { 1394 /* check that next_ssid is still valid */ 1395 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1396 if (ssid == wpa_s->next_ssid) 1397 break; 1398 } 1399 next_ssid = ssid; 1400 wpa_s->next_ssid = NULL; 1401 } 1402 1403 while (selected == NULL) { 1404 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) { 1405 if (next_ssid && next_ssid->priority == 1406 wpa_s->conf->pssid[prio]->priority) { 1407 selected = wpa_supplicant_select_bss( 1408 wpa_s, next_ssid, selected_ssid, 1); 1409 if (selected) 1410 break; 1411 } 1412 selected = wpa_supplicant_select_bss( 1413 wpa_s, wpa_s->conf->pssid[prio], 1414 selected_ssid, 0); 1415 if (selected) 1416 break; 1417 } 1418 1419 if (selected == NULL && wpa_s->blacklist && 1420 !wpa_s->countermeasures) { 1421 wpa_dbg(wpa_s, MSG_DEBUG, "No APs found - clear " 1422 "blacklist and try again"); 1423 wpa_blacklist_clear(wpa_s); 1424 wpa_s->blacklist_cleared++; 1425 } else if (selected == NULL) 1426 break; 1427 } 1428 1429 ssid = *selected_ssid; 1430 if (selected && ssid && ssid->mem_only_psk && !ssid->psk_set && 1431 !ssid->passphrase && !ssid->ext_psk) { 1432 const char *field_name, *txt = NULL; 1433 1434 wpa_dbg(wpa_s, MSG_DEBUG, 1435 "PSK/passphrase not yet available for the selected network"); 1436 1437 wpas_notify_network_request(wpa_s, ssid, 1438 WPA_CTRL_REQ_PSK_PASSPHRASE, NULL); 1439 1440 field_name = wpa_supplicant_ctrl_req_to_string( 1441 WPA_CTRL_REQ_PSK_PASSPHRASE, NULL, &txt); 1442 if (field_name == NULL) 1443 return NULL; 1444 1445 wpas_send_ctrl_req(wpa_s, ssid, field_name, txt); 1446 1447 selected = NULL; 1448 } 1449 1450 return selected; 1451} 1452 1453 1454static void wpa_supplicant_req_new_scan(struct wpa_supplicant *wpa_s, 1455 int timeout_sec, int timeout_usec) 1456{ 1457 if (!wpa_supplicant_enabled_networks(wpa_s)) { 1458 /* 1459 * No networks are enabled; short-circuit request so 1460 * we don't wait timeout seconds before transitioning 1461 * to INACTIVE state. 1462 */ 1463 wpa_dbg(wpa_s, MSG_DEBUG, "Short-circuit new scan request " 1464 "since there are no enabled networks"); 1465 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 1466 return; 1467 } 1468 1469 wpa_s->scan_for_connection = 1; 1470 wpa_supplicant_req_scan(wpa_s, timeout_sec, timeout_usec); 1471} 1472 1473 1474int wpa_supplicant_connect(struct wpa_supplicant *wpa_s, 1475 struct wpa_bss *selected, 1476 struct wpa_ssid *ssid) 1477{ 1478 if (wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) { 1479 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP 1480 "PBC session overlap"); 1481 wpas_notify_wps_event_pbc_overlap(wpa_s); 1482#ifdef CONFIG_P2P 1483 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT || 1484 wpa_s->p2p_in_provisioning) { 1485 eloop_register_timeout(0, 0, wpas_p2p_pbc_overlap_cb, 1486 wpa_s, NULL); 1487 return -1; 1488 } 1489#endif /* CONFIG_P2P */ 1490 1491#ifdef CONFIG_WPS 1492 wpas_wps_pbc_overlap(wpa_s); 1493 wpas_wps_cancel(wpa_s); 1494#endif /* CONFIG_WPS */ 1495 return -1; 1496 } 1497 1498 wpa_msg(wpa_s, MSG_DEBUG, 1499 "Considering connect request: reassociate: %d selected: " 1500 MACSTR " bssid: " MACSTR " pending: " MACSTR 1501 " wpa_state: %s ssid=%p current_ssid=%p", 1502 wpa_s->reassociate, MAC2STR(selected->bssid), 1503 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid), 1504 wpa_supplicant_state_txt(wpa_s->wpa_state), 1505 ssid, wpa_s->current_ssid); 1506 1507 /* 1508 * Do not trigger new association unless the BSSID has changed or if 1509 * reassociation is requested. If we are in process of associating with 1510 * the selected BSSID, do not trigger new attempt. 1511 */ 1512 if (wpa_s->reassociate || 1513 (os_memcmp(selected->bssid, wpa_s->bssid, ETH_ALEN) != 0 && 1514 ((wpa_s->wpa_state != WPA_ASSOCIATING && 1515 wpa_s->wpa_state != WPA_AUTHENTICATING) || 1516 (!is_zero_ether_addr(wpa_s->pending_bssid) && 1517 os_memcmp(selected->bssid, wpa_s->pending_bssid, ETH_ALEN) != 1518 0) || 1519 (is_zero_ether_addr(wpa_s->pending_bssid) && 1520 ssid != wpa_s->current_ssid)))) { 1521 if (wpa_supplicant_scard_init(wpa_s, ssid)) { 1522 wpa_supplicant_req_new_scan(wpa_s, 10, 0); 1523 return 0; 1524 } 1525 wpa_msg(wpa_s, MSG_DEBUG, "Request association with " MACSTR, 1526 MAC2STR(selected->bssid)); 1527 wpa_supplicant_associate(wpa_s, selected, ssid); 1528 } else { 1529 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated or trying to " 1530 "connect with the selected AP"); 1531 } 1532 1533 return 0; 1534} 1535 1536 1537static struct wpa_ssid * 1538wpa_supplicant_pick_new_network(struct wpa_supplicant *wpa_s) 1539{ 1540 int prio; 1541 struct wpa_ssid *ssid; 1542 1543 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) { 1544 for (ssid = wpa_s->conf->pssid[prio]; ssid; ssid = ssid->pnext) 1545 { 1546 if (wpas_network_disabled(wpa_s, ssid)) 1547 continue; 1548#ifndef CONFIG_IBSS_RSN 1549 if (ssid->mode == WPAS_MODE_IBSS && 1550 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | 1551 WPA_KEY_MGMT_WPA_NONE))) { 1552 wpa_msg(wpa_s, MSG_INFO, 1553 "IBSS RSN not supported in the build - cannot use the profile for SSID '%s'", 1554 wpa_ssid_txt(ssid->ssid, 1555 ssid->ssid_len)); 1556 continue; 1557 } 1558#endif /* !CONFIG_IBSS_RSN */ 1559 if (ssid->mode == IEEE80211_MODE_IBSS || 1560 ssid->mode == IEEE80211_MODE_AP || 1561 ssid->mode == IEEE80211_MODE_MESH) 1562 return ssid; 1563 } 1564 } 1565 return NULL; 1566} 1567 1568 1569/* TODO: move the rsn_preauth_scan_result*() to be called from notify.c based 1570 * on BSS added and BSS changed events */ 1571static void wpa_supplicant_rsn_preauth_scan_results( 1572 struct wpa_supplicant *wpa_s) 1573{ 1574 struct wpa_bss *bss; 1575 1576 if (rsn_preauth_scan_results(wpa_s->wpa) < 0) 1577 return; 1578 1579 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 1580 const u8 *ssid, *rsn; 1581 1582 ssid = wpa_bss_get_ie(bss, WLAN_EID_SSID); 1583 if (ssid == NULL) 1584 continue; 1585 1586 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); 1587 if (rsn == NULL) 1588 continue; 1589 1590 rsn_preauth_scan_result(wpa_s->wpa, bss->bssid, ssid, rsn); 1591 } 1592 1593} 1594 1595 1596static int wpa_supplicant_need_to_roam(struct wpa_supplicant *wpa_s, 1597 struct wpa_bss *selected, 1598 struct wpa_ssid *ssid) 1599{ 1600 struct wpa_bss *current_bss = NULL; 1601#ifndef CONFIG_NO_ROAMING 1602 int min_diff, diff; 1603 int to_5ghz; 1604 int cur_est, sel_est; 1605#endif /* CONFIG_NO_ROAMING */ 1606 1607 if (wpa_s->reassociate) 1608 return 1; /* explicit request to reassociate */ 1609 if (wpa_s->wpa_state < WPA_ASSOCIATED) 1610 return 1; /* we are not associated; continue */ 1611 if (wpa_s->current_ssid == NULL) 1612 return 1; /* unknown current SSID */ 1613 if (wpa_s->current_ssid != ssid) 1614 return 1; /* different network block */ 1615 1616 if (wpas_driver_bss_selection(wpa_s)) 1617 return 0; /* Driver-based roaming */ 1618 1619 if (wpa_s->current_ssid->ssid) 1620 current_bss = wpa_bss_get(wpa_s, wpa_s->bssid, 1621 wpa_s->current_ssid->ssid, 1622 wpa_s->current_ssid->ssid_len); 1623 if (!current_bss) 1624 current_bss = wpa_bss_get_bssid(wpa_s, wpa_s->bssid); 1625 1626 if (!current_bss) 1627 return 1; /* current BSS not seen in scan results */ 1628 1629 if (current_bss == selected) 1630 return 0; 1631 1632 if (selected->last_update_idx > current_bss->last_update_idx) 1633 return 1; /* current BSS not seen in the last scan */ 1634 1635#ifndef CONFIG_NO_ROAMING 1636 wpa_dbg(wpa_s, MSG_DEBUG, "Considering within-ESS reassociation"); 1637 wpa_dbg(wpa_s, MSG_DEBUG, "Current BSS: " MACSTR 1638 " freq=%d level=%d snr=%d est_throughput=%u", 1639 MAC2STR(current_bss->bssid), 1640 current_bss->freq, current_bss->level, 1641 current_bss->snr, current_bss->est_throughput); 1642 wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS: " MACSTR 1643 " freq=%d level=%d snr=%d est_throughput=%u", 1644 MAC2STR(selected->bssid), selected->freq, selected->level, 1645 selected->snr, selected->est_throughput); 1646 1647 if (wpa_s->current_ssid->bssid_set && 1648 os_memcmp(selected->bssid, wpa_s->current_ssid->bssid, ETH_ALEN) == 1649 0) { 1650 wpa_dbg(wpa_s, MSG_DEBUG, "Allow reassociation - selected BSS " 1651 "has preferred BSSID"); 1652 return 1; 1653 } 1654 1655 if (selected->est_throughput > current_bss->est_throughput + 5000) { 1656 wpa_dbg(wpa_s, MSG_DEBUG, 1657 "Allow reassociation - selected BSS has better estimated throughput"); 1658 return 1; 1659 } 1660 1661 to_5ghz = selected->freq > 4000 && current_bss->freq < 4000; 1662 1663 if (current_bss->level < 0 && 1664 current_bss->level > selected->level + to_5ghz * 2) { 1665 wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - Current BSS has better " 1666 "signal level"); 1667 return 0; 1668 } 1669 1670 if (current_bss->est_throughput > selected->est_throughput + 5000) { 1671 wpa_dbg(wpa_s, MSG_DEBUG, 1672 "Skip roam - Current BSS has better estimated throughput"); 1673 return 0; 1674 } 1675 1676 cur_est = current_bss->est_throughput; 1677 sel_est = selected->est_throughput; 1678 min_diff = 2; 1679 if (current_bss->level < 0) { 1680 if (current_bss->level < -85) 1681 min_diff = 1; 1682 else if (current_bss->level < -80) 1683 min_diff = 2; 1684 else if (current_bss->level < -75) 1685 min_diff = 3; 1686 else if (current_bss->level < -70) 1687 min_diff = 4; 1688 else 1689 min_diff = 5; 1690 if (cur_est > sel_est * 1.5) 1691 min_diff += 10; 1692 else if (cur_est > sel_est * 1.2) 1693 min_diff += 5; 1694 else if (cur_est > sel_est * 1.1) 1695 min_diff += 2; 1696 else if (cur_est > sel_est) 1697 min_diff++; 1698 } 1699 if (to_5ghz) { 1700 int reduce = 2; 1701 1702 /* Make it easier to move to 5 GHz band */ 1703 if (sel_est > cur_est * 1.5) 1704 reduce = 5; 1705 else if (sel_est > cur_est * 1.2) 1706 reduce = 4; 1707 else if (sel_est > cur_est * 1.1) 1708 reduce = 3; 1709 1710 if (min_diff > reduce) 1711 min_diff -= reduce; 1712 else 1713 min_diff = 0; 1714 } 1715 diff = abs(current_bss->level - selected->level); 1716 if (diff < min_diff) { 1717 wpa_dbg(wpa_s, MSG_DEBUG, 1718 "Skip roam - too small difference in signal level (%d < %d)", 1719 diff, min_diff); 1720 return 0; 1721 } 1722 1723 wpa_dbg(wpa_s, MSG_DEBUG, 1724 "Allow reassociation due to difference in signal level (%d >= %d)", 1725 diff, min_diff); 1726 return 1; 1727#else /* CONFIG_NO_ROAMING */ 1728 return 0; 1729#endif /* CONFIG_NO_ROAMING */ 1730} 1731 1732 1733/* 1734 * Return a negative value if no scan results could be fetched or if scan 1735 * results should not be shared with other virtual interfaces. 1736 * Return 0 if scan results were fetched and may be shared with other 1737 * interfaces. 1738 * Return 1 if scan results may be shared with other virtual interfaces but may 1739 * not trigger any operations. 1740 * Return 2 if the interface was removed and cannot be used. 1741 */ 1742static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, 1743 union wpa_event_data *data, 1744 int own_request, int update_only) 1745{ 1746 struct wpa_scan_results *scan_res = NULL; 1747 int ret = 0; 1748 int ap = 0; 1749#ifndef CONFIG_NO_RANDOM_POOL 1750 size_t i, num; 1751#endif /* CONFIG_NO_RANDOM_POOL */ 1752 1753#ifdef CONFIG_AP 1754 if (wpa_s->ap_iface) 1755 ap = 1; 1756#endif /* CONFIG_AP */ 1757 1758 wpa_supplicant_notify_scanning(wpa_s, 0); 1759 1760 scan_res = wpa_supplicant_get_scan_results(wpa_s, 1761 data ? &data->scan_info : 1762 NULL, 1); 1763 if (scan_res == NULL) { 1764 if (wpa_s->conf->ap_scan == 2 || ap || 1765 wpa_s->scan_res_handler == scan_only_handler) 1766 return -1; 1767 if (!own_request) 1768 return -1; 1769 if (data && data->scan_info.external_scan) 1770 return -1; 1771 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results - try " 1772 "scanning again"); 1773 wpa_supplicant_req_new_scan(wpa_s, 1, 0); 1774 ret = -1; 1775 goto scan_work_done; 1776 } 1777 1778#ifndef CONFIG_NO_RANDOM_POOL 1779 num = scan_res->num; 1780 if (num > 10) 1781 num = 10; 1782 for (i = 0; i < num; i++) { 1783 u8 buf[5]; 1784 struct wpa_scan_res *res = scan_res->res[i]; 1785 buf[0] = res->bssid[5]; 1786 buf[1] = res->qual & 0xff; 1787 buf[2] = res->noise & 0xff; 1788 buf[3] = res->level & 0xff; 1789 buf[4] = res->tsf & 0xff; 1790 random_add_randomness(buf, sizeof(buf)); 1791 } 1792#endif /* CONFIG_NO_RANDOM_POOL */ 1793 1794 if (update_only) { 1795 ret = 1; 1796 goto scan_work_done; 1797 } 1798 1799 if (own_request && wpa_s->scan_res_handler && 1800 !(data && data->scan_info.external_scan)) { 1801 void (*scan_res_handler)(struct wpa_supplicant *wpa_s, 1802 struct wpa_scan_results *scan_res); 1803 1804 scan_res_handler = wpa_s->scan_res_handler; 1805 wpa_s->scan_res_handler = NULL; 1806 scan_res_handler(wpa_s, scan_res); 1807 ret = 1; 1808 goto scan_work_done; 1809 } 1810 1811 if (ap) { 1812 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore scan results in AP mode"); 1813#ifdef CONFIG_AP 1814 if (wpa_s->ap_iface->scan_cb) 1815 wpa_s->ap_iface->scan_cb(wpa_s->ap_iface); 1816#endif /* CONFIG_AP */ 1817 goto scan_work_done; 1818 } 1819 1820 wpa_dbg(wpa_s, MSG_DEBUG, "New scan results available (own=%u ext=%u)", 1821 wpa_s->own_scan_running, 1822 data ? data->scan_info.external_scan : 0); 1823 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1824 wpa_s->manual_scan_use_id && wpa_s->own_scan_running && 1825 own_request && !(data && data->scan_info.external_scan)) { 1826 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 1827 wpa_s->manual_scan_id); 1828 wpa_s->manual_scan_use_id = 0; 1829 } else { 1830 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 1831 } 1832 wpas_notify_scan_results(wpa_s); 1833 1834 wpas_notify_scan_done(wpa_s, 1); 1835 1836 if (data && data->scan_info.external_scan) { 1837 wpa_dbg(wpa_s, MSG_DEBUG, "Do not use results from externally requested scan operation for network selection"); 1838 wpa_scan_results_free(scan_res); 1839 return 0; 1840 } 1841 1842 if (wnm_scan_process(wpa_s, 1) > 0) 1843 goto scan_work_done; 1844 1845 if (sme_proc_obss_scan(wpa_s) > 0) 1846 goto scan_work_done; 1847 1848 if (own_request && 1849 wpas_beacon_rep_scan_process(wpa_s, scan_res, &data->scan_info) > 0) 1850 goto scan_work_done; 1851 1852 if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s))) 1853 goto scan_work_done; 1854 1855 if (autoscan_notify_scan(wpa_s, scan_res)) 1856 goto scan_work_done; 1857 1858 if (wpa_s->disconnected) { 1859 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 1860 goto scan_work_done; 1861 } 1862 1863 if (!wpas_driver_bss_selection(wpa_s) && 1864 bgscan_notify_scan(wpa_s, scan_res) == 1) 1865 goto scan_work_done; 1866 1867 wpas_wps_update_ap_info(wpa_s, scan_res); 1868 1869 if (wpa_s->wpa_state >= WPA_AUTHENTICATING && 1870 wpa_s->wpa_state < WPA_COMPLETED) 1871 goto scan_work_done; 1872 1873 wpa_scan_results_free(scan_res); 1874 1875 if (own_request && wpa_s->scan_work) { 1876 struct wpa_radio_work *work = wpa_s->scan_work; 1877 wpa_s->scan_work = NULL; 1878 radio_work_done(work); 1879 } 1880 1881 return wpas_select_network_from_last_scan(wpa_s, 1, own_request); 1882 1883scan_work_done: 1884 wpa_scan_results_free(scan_res); 1885 if (own_request && wpa_s->scan_work) { 1886 struct wpa_radio_work *work = wpa_s->scan_work; 1887 wpa_s->scan_work = NULL; 1888 radio_work_done(work); 1889 } 1890 return ret; 1891} 1892 1893 1894static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s, 1895 int new_scan, int own_request) 1896{ 1897 struct wpa_bss *selected; 1898 struct wpa_ssid *ssid = NULL; 1899 int time_to_reenable = wpas_reenabled_network_time(wpa_s); 1900 1901 if (time_to_reenable > 0) { 1902 wpa_dbg(wpa_s, MSG_DEBUG, 1903 "Postpone network selection by %d seconds since all networks are disabled", 1904 time_to_reenable); 1905 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL); 1906 eloop_register_timeout(time_to_reenable, 0, 1907 wpas_network_reenabled, wpa_s, NULL); 1908 return 0; 1909 } 1910 1911 if (wpa_s->p2p_mgmt) 1912 return 0; /* no normal connection on p2p_mgmt interface */ 1913 1914 selected = wpa_supplicant_pick_network(wpa_s, &ssid); 1915 1916#ifdef CONFIG_MESH 1917 if (wpa_s->ifmsh) { 1918 wpa_msg(wpa_s, MSG_INFO, 1919 "Avoiding join because we already joined a mesh group"); 1920 return 0; 1921 } 1922#endif /* CONFIG_MESH */ 1923 1924 if (selected) { 1925 int skip; 1926 skip = !wpa_supplicant_need_to_roam(wpa_s, selected, ssid); 1927 if (skip) { 1928 if (new_scan) 1929 wpa_supplicant_rsn_preauth_scan_results(wpa_s); 1930 return 0; 1931 } 1932 1933 if (ssid != wpa_s->current_ssid && 1934 wpa_s->wpa_state >= WPA_AUTHENTICATING) { 1935 wpa_s->own_disconnect_req = 1; 1936 wpa_supplicant_deauthenticate( 1937 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 1938 } 1939 1940 if (wpa_supplicant_connect(wpa_s, selected, ssid) < 0) { 1941 wpa_dbg(wpa_s, MSG_DEBUG, "Connect failed"); 1942 return -1; 1943 } 1944 if (new_scan) 1945 wpa_supplicant_rsn_preauth_scan_results(wpa_s); 1946 /* 1947 * Do not allow other virtual radios to trigger operations based 1948 * on these scan results since we do not want them to start 1949 * other associations at the same time. 1950 */ 1951 return 1; 1952 } else { 1953 wpa_dbg(wpa_s, MSG_DEBUG, "No suitable network found"); 1954 ssid = wpa_supplicant_pick_new_network(wpa_s); 1955 if (ssid) { 1956 wpa_dbg(wpa_s, MSG_DEBUG, "Setup a new network"); 1957 wpa_supplicant_associate(wpa_s, NULL, ssid); 1958 if (new_scan) 1959 wpa_supplicant_rsn_preauth_scan_results(wpa_s); 1960 } else if (own_request) { 1961 /* 1962 * No SSID found. If SCAN results are as a result of 1963 * own scan request and not due to a scan request on 1964 * another shared interface, try another scan. 1965 */ 1966 int timeout_sec = wpa_s->scan_interval; 1967 int timeout_usec = 0; 1968#ifdef CONFIG_P2P 1969 int res; 1970 1971 res = wpas_p2p_scan_no_go_seen(wpa_s); 1972 if (res == 2) 1973 return 2; 1974 if (res == 1) 1975 return 0; 1976 1977 if (wpa_s->p2p_in_provisioning || 1978 wpa_s->show_group_started || 1979 wpa_s->p2p_in_invitation) { 1980 /* 1981 * Use shorter wait during P2P Provisioning 1982 * state and during P2P join-a-group operation 1983 * to speed up group formation. 1984 */ 1985 timeout_sec = 0; 1986 timeout_usec = 250000; 1987 wpa_supplicant_req_new_scan(wpa_s, timeout_sec, 1988 timeout_usec); 1989 return 0; 1990 } 1991#endif /* CONFIG_P2P */ 1992#ifdef CONFIG_INTERWORKING 1993 if (wpa_s->conf->auto_interworking && 1994 wpa_s->conf->interworking && 1995 wpa_s->conf->cred) { 1996 wpa_dbg(wpa_s, MSG_DEBUG, "Interworking: " 1997 "start ANQP fetch since no matching " 1998 "networks found"); 1999 wpa_s->network_select = 1; 2000 wpa_s->auto_network_select = 1; 2001 interworking_start_fetch_anqp(wpa_s); 2002 return 1; 2003 } 2004#endif /* CONFIG_INTERWORKING */ 2005#ifdef CONFIG_WPS 2006 if (wpa_s->after_wps > 0 || wpas_wps_searching(wpa_s)) { 2007 wpa_dbg(wpa_s, MSG_DEBUG, "Use shorter wait during WPS processing"); 2008 timeout_sec = 0; 2009 timeout_usec = 500000; 2010 wpa_supplicant_req_new_scan(wpa_s, timeout_sec, 2011 timeout_usec); 2012 return 0; 2013 } 2014#endif /* CONFIG_WPS */ 2015 if (wpa_supplicant_req_sched_scan(wpa_s)) 2016 wpa_supplicant_req_new_scan(wpa_s, timeout_sec, 2017 timeout_usec); 2018 2019 wpa_msg_ctrl(wpa_s, MSG_INFO, 2020 WPA_EVENT_NETWORK_NOT_FOUND); 2021 } 2022 } 2023 return 0; 2024} 2025 2026 2027static int wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, 2028 union wpa_event_data *data) 2029{ 2030 struct wpa_supplicant *ifs; 2031 int res; 2032 2033 res = _wpa_supplicant_event_scan_results(wpa_s, data, 1, 0); 2034 if (res == 2) { 2035 /* 2036 * Interface may have been removed, so must not dereference 2037 * wpa_s after this. 2038 */ 2039 return 1; 2040 } 2041 2042 if (res < 0) { 2043 /* 2044 * If no scan results could be fetched, then no need to 2045 * notify those interfaces that did not actually request 2046 * this scan. Similarly, if scan results started a new operation on this 2047 * interface, do not notify other interfaces to avoid concurrent 2048 * operations during a connection attempt. 2049 */ 2050 return 0; 2051 } 2052 2053 /* 2054 * Check other interfaces to see if they share the same radio. If 2055 * so, they get updated with this same scan info. 2056 */ 2057 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant, 2058 radio_list) { 2059 if (ifs != wpa_s) { 2060 wpa_printf(MSG_DEBUG, "%s: Updating scan results from " 2061 "sibling", ifs->ifname); 2062 res = _wpa_supplicant_event_scan_results(ifs, data, 0, 2063 res > 0); 2064 if (res < 0) 2065 return 0; 2066 } 2067 } 2068 2069 return 0; 2070} 2071 2072#endif /* CONFIG_NO_SCAN_PROCESSING */ 2073 2074 2075int wpa_supplicant_fast_associate(struct wpa_supplicant *wpa_s) 2076{ 2077#ifdef CONFIG_NO_SCAN_PROCESSING 2078 return -1; 2079#else /* CONFIG_NO_SCAN_PROCESSING */ 2080 struct os_reltime now; 2081 2082 wpa_s->ignore_post_flush_scan_res = 0; 2083 2084 if (wpa_s->last_scan_res_used == 0) 2085 return -1; 2086 2087 os_get_reltime(&now); 2088 if (os_reltime_expired(&now, &wpa_s->last_scan, 5)) { 2089 wpa_printf(MSG_DEBUG, "Fast associate: Old scan results"); 2090 return -1; 2091 } 2092 2093 return wpas_select_network_from_last_scan(wpa_s, 0, 1); 2094#endif /* CONFIG_NO_SCAN_PROCESSING */ 2095} 2096 2097#ifdef CONFIG_WNM 2098 2099static void wnm_bss_keep_alive(void *eloop_ctx, void *sock_ctx) 2100{ 2101 struct wpa_supplicant *wpa_s = eloop_ctx; 2102 2103 if (wpa_s->wpa_state < WPA_ASSOCIATED) 2104 return; 2105 2106 if (!wpa_s->no_keep_alive) { 2107 wpa_printf(MSG_DEBUG, "WNM: Send keep-alive to AP " MACSTR, 2108 MAC2STR(wpa_s->bssid)); 2109 /* TODO: could skip this if normal data traffic has been sent */ 2110 /* TODO: Consider using some more appropriate data frame for 2111 * this */ 2112 if (wpa_s->l2) 2113 l2_packet_send(wpa_s->l2, wpa_s->bssid, 0x0800, 2114 (u8 *) "", 0); 2115 } 2116 2117#ifdef CONFIG_SME 2118 if (wpa_s->sme.bss_max_idle_period) { 2119 unsigned int msec; 2120 msec = wpa_s->sme.bss_max_idle_period * 1024; /* times 1000 */ 2121 if (msec > 100) 2122 msec -= 100; 2123 eloop_register_timeout(msec / 1000, msec % 1000 * 1000, 2124 wnm_bss_keep_alive, wpa_s, NULL); 2125 } 2126#endif /* CONFIG_SME */ 2127} 2128 2129 2130static void wnm_process_assoc_resp(struct wpa_supplicant *wpa_s, 2131 const u8 *ies, size_t ies_len) 2132{ 2133 struct ieee802_11_elems elems; 2134 2135 if (ies == NULL) 2136 return; 2137 2138 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) 2139 return; 2140 2141#ifdef CONFIG_SME 2142 if (elems.bss_max_idle_period) { 2143 unsigned int msec; 2144 wpa_s->sme.bss_max_idle_period = 2145 WPA_GET_LE16(elems.bss_max_idle_period); 2146 wpa_printf(MSG_DEBUG, "WNM: BSS Max Idle Period: %u (* 1000 " 2147 "TU)%s", wpa_s->sme.bss_max_idle_period, 2148 (elems.bss_max_idle_period[2] & 0x01) ? 2149 " (protected keep-live required)" : ""); 2150 if (wpa_s->sme.bss_max_idle_period == 0) 2151 wpa_s->sme.bss_max_idle_period = 1; 2152 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) { 2153 eloop_cancel_timeout(wnm_bss_keep_alive, wpa_s, NULL); 2154 /* msec times 1000 */ 2155 msec = wpa_s->sme.bss_max_idle_period * 1024; 2156 if (msec > 100) 2157 msec -= 100; 2158 eloop_register_timeout(msec / 1000, msec % 1000 * 1000, 2159 wnm_bss_keep_alive, wpa_s, 2160 NULL); 2161 } 2162 } 2163#endif /* CONFIG_SME */ 2164} 2165 2166#endif /* CONFIG_WNM */ 2167 2168 2169void wnm_bss_keep_alive_deinit(struct wpa_supplicant *wpa_s) 2170{ 2171#ifdef CONFIG_WNM 2172 eloop_cancel_timeout(wnm_bss_keep_alive, wpa_s, NULL); 2173#endif /* CONFIG_WNM */ 2174} 2175 2176 2177#ifdef CONFIG_INTERWORKING 2178 2179static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map, 2180 size_t len) 2181{ 2182 int res; 2183 2184 wpa_hexdump(MSG_DEBUG, "Interworking: QoS Map Set", qos_map, len); 2185 res = wpa_drv_set_qos_map(wpa_s, qos_map, len); 2186 if (res) { 2187 wpa_printf(MSG_DEBUG, "Interworking: Failed to configure QoS Map Set to the driver"); 2188 } 2189 2190 return res; 2191} 2192 2193 2194static void interworking_process_assoc_resp(struct wpa_supplicant *wpa_s, 2195 const u8 *ies, size_t ies_len) 2196{ 2197 struct ieee802_11_elems elems; 2198 2199 if (ies == NULL) 2200 return; 2201 2202 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) 2203 return; 2204 2205 if (elems.qos_map_set) { 2206 wpas_qos_map_set(wpa_s, elems.qos_map_set, 2207 elems.qos_map_set_len); 2208 } 2209} 2210 2211#endif /* CONFIG_INTERWORKING */ 2212 2213 2214#ifdef CONFIG_FST 2215static int wpas_fst_update_mbie(struct wpa_supplicant *wpa_s, 2216 const u8 *ie, size_t ie_len) 2217{ 2218 struct mb_ies_info mb_ies; 2219 2220 if (!ie || !ie_len || !wpa_s->fst) 2221 return -ENOENT; 2222 2223 os_memset(&mb_ies, 0, sizeof(mb_ies)); 2224 2225 while (ie_len >= 2 && mb_ies.nof_ies < MAX_NOF_MB_IES_SUPPORTED) { 2226 size_t len; 2227 2228 len = 2 + ie[1]; 2229 if (len > ie_len) { 2230 wpa_hexdump(MSG_DEBUG, "FST: Truncated IE found", 2231 ie, ie_len); 2232 break; 2233 } 2234 2235 if (ie[0] == WLAN_EID_MULTI_BAND) { 2236 wpa_printf(MSG_DEBUG, "MB IE of %u bytes found", 2237 (unsigned int) len); 2238 mb_ies.ies[mb_ies.nof_ies].ie = ie + 2; 2239 mb_ies.ies[mb_ies.nof_ies].ie_len = len - 2; 2240 mb_ies.nof_ies++; 2241 } 2242 2243 ie_len -= len; 2244 ie += len; 2245 } 2246 2247 if (mb_ies.nof_ies > 0) { 2248 wpabuf_free(wpa_s->received_mb_ies); 2249 wpa_s->received_mb_ies = mb_ies_by_info(&mb_ies); 2250 return 0; 2251 } 2252 2253 return -ENOENT; 2254} 2255#endif /* CONFIG_FST */ 2256 2257 2258static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s, 2259 union wpa_event_data *data) 2260{ 2261 int l, len, found = 0, wpa_found, rsn_found; 2262 const u8 *p; 2263#ifdef CONFIG_IEEE80211R 2264 u8 bssid[ETH_ALEN]; 2265#endif /* CONFIG_IEEE80211R */ 2266 2267 wpa_dbg(wpa_s, MSG_DEBUG, "Association info event"); 2268 if (data->assoc_info.req_ies) 2269 wpa_hexdump(MSG_DEBUG, "req_ies", data->assoc_info.req_ies, 2270 data->assoc_info.req_ies_len); 2271 if (data->assoc_info.resp_ies) { 2272 wpa_hexdump(MSG_DEBUG, "resp_ies", data->assoc_info.resp_ies, 2273 data->assoc_info.resp_ies_len); 2274#ifdef CONFIG_TDLS 2275 wpa_tdls_assoc_resp_ies(wpa_s->wpa, data->assoc_info.resp_ies, 2276 data->assoc_info.resp_ies_len); 2277#endif /* CONFIG_TDLS */ 2278#ifdef CONFIG_WNM 2279 wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies, 2280 data->assoc_info.resp_ies_len); 2281#endif /* CONFIG_WNM */ 2282#ifdef CONFIG_INTERWORKING 2283 interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies, 2284 data->assoc_info.resp_ies_len); 2285#endif /* CONFIG_INTERWORKING */ 2286 } 2287 if (data->assoc_info.beacon_ies) 2288 wpa_hexdump(MSG_DEBUG, "beacon_ies", 2289 data->assoc_info.beacon_ies, 2290 data->assoc_info.beacon_ies_len); 2291 if (data->assoc_info.freq) 2292 wpa_dbg(wpa_s, MSG_DEBUG, "freq=%u MHz", 2293 data->assoc_info.freq); 2294 2295 p = data->assoc_info.req_ies; 2296 l = data->assoc_info.req_ies_len; 2297 2298 /* Go through the IEs and make a copy of the WPA/RSN IE, if present. */ 2299 while (p && l >= 2) { 2300 len = p[1] + 2; 2301 if (len > l) { 2302 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info", 2303 p, l); 2304 break; 2305 } 2306 if ((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 2307 (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) || 2308 (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 4 && 2309 (os_memcmp(&p[2], "\x50\x6F\x9A\x12", 4) == 0)) || 2310 (p[0] == WLAN_EID_RSN && p[1] >= 2)) { 2311 if (wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, p, len)) 2312 break; 2313 found = 1; 2314 wpa_find_assoc_pmkid(wpa_s); 2315 break; 2316 } 2317 l -= len; 2318 p += len; 2319 } 2320 if (!found && data->assoc_info.req_ies) 2321 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); 2322 2323#ifdef CONFIG_FILS 2324#ifdef CONFIG_SME 2325 if ((wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS || 2326 wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS_SK_PFS) && 2327 (!data->assoc_info.resp_frame || 2328 fils_process_assoc_resp(wpa_s->wpa, 2329 data->assoc_info.resp_frame, 2330 data->assoc_info.resp_frame_len) < 0)) { 2331 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED); 2332 return -1; 2333 } 2334#endif /* CONFIG_SME */ 2335 2336 /* Additional processing for FILS when SME is in driver */ 2337 if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS && 2338 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) 2339 wpa_sm_set_reset_fils_completed(wpa_s->wpa, 1); 2340#endif /* CONFIG_FILS */ 2341 2342#ifdef CONFIG_OWE 2343 if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE && 2344 (wpa_drv_get_bssid(wpa_s, bssid) < 0 || 2345 owe_process_assoc_resp(wpa_s->wpa, bssid, 2346 data->assoc_info.resp_ies, 2347 data->assoc_info.resp_ies_len) < 0)) { 2348 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED); 2349 return -1; 2350 } 2351#endif /* CONFIG_OWE */ 2352 2353#ifdef CONFIG_IEEE80211R 2354#ifdef CONFIG_SME 2355 if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FT) { 2356 if (wpa_drv_get_bssid(wpa_s, bssid) < 0 || 2357 wpa_ft_validate_reassoc_resp(wpa_s->wpa, 2358 data->assoc_info.resp_ies, 2359 data->assoc_info.resp_ies_len, 2360 bssid) < 0) { 2361 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of " 2362 "Reassociation Response failed"); 2363 wpa_supplicant_deauthenticate( 2364 wpa_s, WLAN_REASON_INVALID_IE); 2365 return -1; 2366 } 2367 } 2368 2369 p = data->assoc_info.resp_ies; 2370 l = data->assoc_info.resp_ies_len; 2371 2372#ifdef CONFIG_WPS_STRICT 2373 if (p && wpa_s->current_ssid && 2374 wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 2375 struct wpabuf *wps; 2376 wps = ieee802_11_vendor_ie_concat(p, l, WPS_IE_VENDOR_TYPE); 2377 if (wps == NULL) { 2378 wpa_msg(wpa_s, MSG_INFO, "WPS-STRICT: AP did not " 2379 "include WPS IE in (Re)Association Response"); 2380 return -1; 2381 } 2382 2383 if (wps_validate_assoc_resp(wps) < 0) { 2384 wpabuf_free(wps); 2385 wpa_supplicant_deauthenticate( 2386 wpa_s, WLAN_REASON_INVALID_IE); 2387 return -1; 2388 } 2389 wpabuf_free(wps); 2390 } 2391#endif /* CONFIG_WPS_STRICT */ 2392 2393 /* Go through the IEs and make a copy of the MDIE, if present. */ 2394 while (p && l >= 2) { 2395 len = p[1] + 2; 2396 if (len > l) { 2397 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info", 2398 p, l); 2399 break; 2400 } 2401 if (p[0] == WLAN_EID_MOBILITY_DOMAIN && 2402 p[1] >= MOBILITY_DOMAIN_ID_LEN) { 2403 wpa_s->sme.ft_used = 1; 2404 os_memcpy(wpa_s->sme.mobility_domain, p + 2, 2405 MOBILITY_DOMAIN_ID_LEN); 2406 break; 2407 } 2408 l -= len; 2409 p += len; 2410 } 2411#endif /* CONFIG_SME */ 2412 2413 /* Process FT when SME is in the driver */ 2414 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) && 2415 wpa_ft_is_completed(wpa_s->wpa)) { 2416 if (wpa_drv_get_bssid(wpa_s, bssid) < 0 || 2417 wpa_ft_validate_reassoc_resp(wpa_s->wpa, 2418 data->assoc_info.resp_ies, 2419 data->assoc_info.resp_ies_len, 2420 bssid) < 0) { 2421 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of " 2422 "Reassociation Response failed"); 2423 wpa_supplicant_deauthenticate( 2424 wpa_s, WLAN_REASON_INVALID_IE); 2425 return -1; 2426 } 2427 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Reassociation Response done"); 2428 } 2429 2430 wpa_sm_set_ft_params(wpa_s->wpa, data->assoc_info.resp_ies, 2431 data->assoc_info.resp_ies_len); 2432#endif /* CONFIG_IEEE80211R */ 2433 2434 /* WPA/RSN IE from Beacon/ProbeResp */ 2435 p = data->assoc_info.beacon_ies; 2436 l = data->assoc_info.beacon_ies_len; 2437 2438 /* Go through the IEs and make a copy of the WPA/RSN IEs, if present. 2439 */ 2440 wpa_found = rsn_found = 0; 2441 while (p && l >= 2) { 2442 len = p[1] + 2; 2443 if (len > l) { 2444 wpa_hexdump(MSG_DEBUG, "Truncated IE in beacon_ies", 2445 p, l); 2446 break; 2447 } 2448 if (!wpa_found && 2449 p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 2450 os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) { 2451 wpa_found = 1; 2452 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len); 2453 } 2454 2455 if (!rsn_found && 2456 p[0] == WLAN_EID_RSN && p[1] >= 2) { 2457 rsn_found = 1; 2458 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len); 2459 } 2460 2461 l -= len; 2462 p += len; 2463 } 2464 2465 if (!wpa_found && data->assoc_info.beacon_ies) 2466 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0); 2467 if (!rsn_found && data->assoc_info.beacon_ies) 2468 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0); 2469 if (wpa_found || rsn_found) 2470 wpa_s->ap_ies_from_associnfo = 1; 2471 2472 if (wpa_s->assoc_freq && data->assoc_info.freq && 2473 wpa_s->assoc_freq != data->assoc_info.freq) { 2474 wpa_printf(MSG_DEBUG, "Operating frequency changed from " 2475 "%u to %u MHz", 2476 wpa_s->assoc_freq, data->assoc_info.freq); 2477 wpa_supplicant_update_scan_results(wpa_s); 2478 } 2479 2480 wpa_s->assoc_freq = data->assoc_info.freq; 2481 2482 return 0; 2483} 2484 2485 2486static int wpa_supplicant_assoc_update_ie(struct wpa_supplicant *wpa_s) 2487{ 2488 const u8 *bss_wpa = NULL, *bss_rsn = NULL; 2489 2490 if (!wpa_s->current_bss || !wpa_s->current_ssid) 2491 return -1; 2492 2493 if (!wpa_key_mgmt_wpa_any(wpa_s->current_ssid->key_mgmt)) 2494 return 0; 2495 2496 bss_wpa = wpa_bss_get_vendor_ie(wpa_s->current_bss, 2497 WPA_IE_VENDOR_TYPE); 2498 bss_rsn = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSN); 2499 2500 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa, 2501 bss_wpa ? 2 + bss_wpa[1] : 0) || 2502 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn, 2503 bss_rsn ? 2 + bss_rsn[1] : 0)) 2504 return -1; 2505 2506 return 0; 2507} 2508 2509 2510static void wpas_fst_update_mb_assoc(struct wpa_supplicant *wpa_s, 2511 union wpa_event_data *data) 2512{ 2513#ifdef CONFIG_FST 2514 struct assoc_info *ai = data ? &data->assoc_info : NULL; 2515 struct wpa_bss *bss = wpa_s->current_bss; 2516 const u8 *ieprb, *iebcn; 2517 2518 wpabuf_free(wpa_s->received_mb_ies); 2519 wpa_s->received_mb_ies = NULL; 2520 2521 if (ai && 2522 !wpas_fst_update_mbie(wpa_s, ai->resp_ies, ai->resp_ies_len)) { 2523 wpa_printf(MSG_DEBUG, 2524 "FST: MB IEs updated from Association Response frame"); 2525 return; 2526 } 2527 2528 if (ai && 2529 !wpas_fst_update_mbie(wpa_s, ai->beacon_ies, ai->beacon_ies_len)) { 2530 wpa_printf(MSG_DEBUG, 2531 "FST: MB IEs updated from association event Beacon IEs"); 2532 return; 2533 } 2534 2535 if (!bss) 2536 return; 2537 2538 ieprb = (const u8 *) (bss + 1); 2539 iebcn = ieprb + bss->ie_len; 2540 2541 if (!wpas_fst_update_mbie(wpa_s, ieprb, bss->ie_len)) 2542 wpa_printf(MSG_DEBUG, "FST: MB IEs updated from bss IE"); 2543 else if (!wpas_fst_update_mbie(wpa_s, iebcn, bss->beacon_ie_len)) 2544 wpa_printf(MSG_DEBUG, "FST: MB IEs updated from bss beacon IE"); 2545#endif /* CONFIG_FST */ 2546} 2547 2548 2549static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, 2550 union wpa_event_data *data) 2551{ 2552 u8 bssid[ETH_ALEN]; 2553 int ft_completed, already_authorized; 2554 int new_bss = 0; 2555 2556#ifdef CONFIG_AP 2557 if (wpa_s->ap_iface) { 2558 if (!data) 2559 return; 2560 hostapd_notif_assoc(wpa_s->ap_iface->bss[0], 2561 data->assoc_info.addr, 2562 data->assoc_info.req_ies, 2563 data->assoc_info.req_ies_len, 2564 data->assoc_info.reassoc); 2565 return; 2566 } 2567#endif /* CONFIG_AP */ 2568 2569 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL); 2570 2571 ft_completed = wpa_ft_is_completed(wpa_s->wpa); 2572 if (data && wpa_supplicant_event_associnfo(wpa_s, data) < 0) 2573 return; 2574 /* 2575 * FILS authentication can share the same mechanism to mark the 2576 * connection fully authenticated, so set ft_completed also based on 2577 * FILS result. 2578 */ 2579 if (!ft_completed) 2580 ft_completed = wpa_fils_is_completed(wpa_s->wpa); 2581 2582 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) { 2583 wpa_dbg(wpa_s, MSG_ERROR, "Failed to get BSSID"); 2584 wpa_supplicant_deauthenticate( 2585 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 2586 return; 2587 } 2588 2589 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED); 2590 if (os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) { 2591 wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID=" 2592 MACSTR, MAC2STR(bssid)); 2593 new_bss = 1; 2594 random_add_randomness(bssid, ETH_ALEN); 2595 os_memcpy(wpa_s->bssid, bssid, ETH_ALEN); 2596 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 2597 wpas_notify_bssid_changed(wpa_s); 2598 2599 if (wpa_supplicant_dynamic_keys(wpa_s) && !ft_completed) { 2600 wpa_clear_keys(wpa_s, bssid); 2601 } 2602 if (wpa_supplicant_select_config(wpa_s) < 0) { 2603 wpa_supplicant_deauthenticate( 2604 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 2605 return; 2606 } 2607 } 2608 2609 if (wpa_s->conf->ap_scan == 1 && 2610 wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION) { 2611 if (wpa_supplicant_assoc_update_ie(wpa_s) < 0 && new_bss) 2612 wpa_msg(wpa_s, MSG_WARNING, 2613 "WPA/RSN IEs not updated"); 2614 } 2615 2616 wpas_fst_update_mb_assoc(wpa_s, data); 2617 2618#ifdef CONFIG_SME 2619 os_memcpy(wpa_s->sme.prev_bssid, bssid, ETH_ALEN); 2620 wpa_s->sme.prev_bssid_set = 1; 2621 wpa_s->sme.last_unprot_disconnect.sec = 0; 2622#endif /* CONFIG_SME */ 2623 2624 wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid)); 2625 if (wpa_s->current_ssid) { 2626 /* When using scanning (ap_scan=1), SIM PC/SC interface can be 2627 * initialized before association, but for other modes, 2628 * initialize PC/SC here, if the current configuration needs 2629 * smartcard or SIM/USIM. */ 2630 wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid); 2631 } 2632 wpa_sm_notify_assoc(wpa_s->wpa, bssid); 2633 if (wpa_s->l2) 2634 l2_packet_notify_auth_start(wpa_s->l2); 2635 2636 already_authorized = data && data->assoc_info.authorized; 2637 2638 /* 2639 * Set portEnabled first to FALSE in order to get EAP state machine out 2640 * of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE 2641 * state machine may transit to AUTHENTICATING state based on obsolete 2642 * eapSuccess and then trigger BE_AUTH to SUCCESS and PAE to 2643 * AUTHENTICATED without ever giving chance to EAP state machine to 2644 * reset the state. 2645 */ 2646 if (!ft_completed && !already_authorized) { 2647 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); 2648 eapol_sm_notify_portValid(wpa_s->eapol, FALSE); 2649 } 2650 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || 2651 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || 2652 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || ft_completed || 2653 already_authorized) 2654 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); 2655 /* 802.1X::portControl = Auto */ 2656 eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); 2657 wpa_s->eapol_received = 0; 2658 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 2659 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE || 2660 (wpa_s->current_ssid && 2661 wpa_s->current_ssid->mode == IEEE80211_MODE_IBSS)) { 2662 if (wpa_s->current_ssid && 2663 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE && 2664 (wpa_s->drv_flags & 2665 WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE)) { 2666 /* 2667 * Set the key after having received joined-IBSS event 2668 * from the driver. 2669 */ 2670 wpa_supplicant_set_wpa_none_key(wpa_s, 2671 wpa_s->current_ssid); 2672 } 2673 wpa_supplicant_cancel_auth_timeout(wpa_s); 2674 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 2675 } else if (!ft_completed) { 2676 /* Timeout for receiving the first EAPOL packet */ 2677 wpa_supplicant_req_auth_timeout(wpa_s, 10, 0); 2678 } 2679 wpa_supplicant_cancel_scan(wpa_s); 2680 2681 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) && 2682 wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { 2683 /* 2684 * We are done; the driver will take care of RSN 4-way 2685 * handshake. 2686 */ 2687 wpa_supplicant_cancel_auth_timeout(wpa_s); 2688 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 2689 eapol_sm_notify_portValid(wpa_s->eapol, TRUE); 2690 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); 2691 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) && 2692 wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { 2693 /* 2694 * The driver will take care of RSN 4-way handshake, so we need 2695 * to allow EAPOL supplicant to complete its work without 2696 * waiting for WPA supplicant. 2697 */ 2698 eapol_sm_notify_portValid(wpa_s->eapol, TRUE); 2699 } else if (ft_completed) { 2700 /* 2701 * FT protocol completed - make sure EAPOL state machine ends 2702 * up in authenticated. 2703 */ 2704 wpa_supplicant_cancel_auth_timeout(wpa_s); 2705 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 2706 eapol_sm_notify_portValid(wpa_s->eapol, TRUE); 2707 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); 2708 } 2709 2710 wpa_s->last_eapol_matches_bssid = 0; 2711 2712 if (wpa_s->pending_eapol_rx) { 2713 struct os_reltime now, age; 2714 os_get_reltime(&now); 2715 os_reltime_sub(&now, &wpa_s->pending_eapol_rx_time, &age); 2716 if (age.sec == 0 && age.usec < 200000 && 2717 os_memcmp(wpa_s->pending_eapol_rx_src, bssid, ETH_ALEN) == 2718 0) { 2719 wpa_dbg(wpa_s, MSG_DEBUG, "Process pending EAPOL " 2720 "frame that was received just before " 2721 "association notification"); 2722 wpa_supplicant_rx_eapol( 2723 wpa_s, wpa_s->pending_eapol_rx_src, 2724 wpabuf_head(wpa_s->pending_eapol_rx), 2725 wpabuf_len(wpa_s->pending_eapol_rx)); 2726 } 2727 wpabuf_free(wpa_s->pending_eapol_rx); 2728 wpa_s->pending_eapol_rx = NULL; 2729 } 2730 2731 if ((wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 2732 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) && 2733 wpa_s->current_ssid && 2734 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE)) { 2735 /* Set static WEP keys again */ 2736 wpa_set_wep_keys(wpa_s, wpa_s->current_ssid); 2737 } 2738 2739#ifdef CONFIG_IBSS_RSN 2740 if (wpa_s->current_ssid && 2741 wpa_s->current_ssid->mode == WPAS_MODE_IBSS && 2742 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE && 2743 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE && 2744 wpa_s->ibss_rsn == NULL) { 2745 wpa_s->ibss_rsn = ibss_rsn_init(wpa_s, wpa_s->current_ssid); 2746 if (!wpa_s->ibss_rsn) { 2747 wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN"); 2748 wpa_supplicant_deauthenticate( 2749 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 2750 return; 2751 } 2752 2753 ibss_rsn_set_psk(wpa_s->ibss_rsn, wpa_s->current_ssid->psk); 2754 } 2755#endif /* CONFIG_IBSS_RSN */ 2756 2757 wpas_wps_notify_assoc(wpa_s, bssid); 2758 2759 if (data) { 2760 wmm_ac_notify_assoc(wpa_s, data->assoc_info.resp_ies, 2761 data->assoc_info.resp_ies_len, 2762 &data->assoc_info.wmm_params); 2763 2764 if (wpa_s->reassoc_same_bss) 2765 wmm_ac_restore_tspecs(wpa_s); 2766 } 2767 2768#ifdef CONFIG_FILS 2769 if (wpa_key_mgmt_fils(wpa_s->key_mgmt)) { 2770 struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, bssid); 2771 const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss); 2772 2773 if (fils_cache_id) 2774 wpa_sm_set_fils_cache_id(wpa_s->wpa, fils_cache_id); 2775 } 2776#endif /* CONFIG_FILS */ 2777} 2778 2779 2780static int disconnect_reason_recoverable(u16 reason_code) 2781{ 2782 return reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY || 2783 reason_code == WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA || 2784 reason_code == WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA; 2785} 2786 2787 2788static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s, 2789 u16 reason_code, 2790 int locally_generated) 2791{ 2792 const u8 *bssid; 2793 2794 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 2795 /* 2796 * At least Host AP driver and a Prism3 card seemed to be 2797 * generating streams of disconnected events when configuring 2798 * IBSS for WPA-None. Ignore them for now. 2799 */ 2800 return; 2801 } 2802 2803 bssid = wpa_s->bssid; 2804 if (is_zero_ether_addr(bssid)) 2805 bssid = wpa_s->pending_bssid; 2806 2807 if (!is_zero_ether_addr(bssid) || 2808 wpa_s->wpa_state >= WPA_AUTHENTICATING) { 2809 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR 2810 " reason=%d%s", 2811 MAC2STR(bssid), reason_code, 2812 locally_generated ? " locally_generated=1" : ""); 2813 } 2814} 2815 2816 2817static int could_be_psk_mismatch(struct wpa_supplicant *wpa_s, u16 reason_code, 2818 int locally_generated) 2819{ 2820 if (wpa_s->wpa_state != WPA_4WAY_HANDSHAKE || 2821 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) 2822 return 0; /* Not in 4-way handshake with PSK */ 2823 2824 /* 2825 * It looks like connection was lost while trying to go through PSK 2826 * 4-way handshake. Filter out known disconnection cases that are caused 2827 * by something else than PSK mismatch to avoid confusing reports. 2828 */ 2829 2830 if (locally_generated) { 2831 if (reason_code == WLAN_REASON_IE_IN_4WAY_DIFFERS) 2832 return 0; 2833 } 2834 2835 return 1; 2836} 2837 2838 2839static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s, 2840 u16 reason_code, 2841 int locally_generated) 2842{ 2843 const u8 *bssid; 2844 int authenticating; 2845 u8 prev_pending_bssid[ETH_ALEN]; 2846 struct wpa_bss *fast_reconnect = NULL; 2847 struct wpa_ssid *fast_reconnect_ssid = NULL; 2848 struct wpa_ssid *last_ssid; 2849 struct wpa_bss *curr = NULL; 2850 2851 authenticating = wpa_s->wpa_state == WPA_AUTHENTICATING; 2852 os_memcpy(prev_pending_bssid, wpa_s->pending_bssid, ETH_ALEN); 2853 2854 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 2855 /* 2856 * At least Host AP driver and a Prism3 card seemed to be 2857 * generating streams of disconnected events when configuring 2858 * IBSS for WPA-None. Ignore them for now. 2859 */ 2860 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - ignore in " 2861 "IBSS/WPA-None mode"); 2862 return; 2863 } 2864 2865 if (!wpa_s->disconnected && wpa_s->wpa_state >= WPA_AUTHENTICATING && 2866 reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY && 2867 locally_generated) 2868 /* 2869 * Remove the inactive AP (which is probably out of range) from 2870 * the BSS list after marking disassociation. In particular 2871 * mac80211-based drivers use the 2872 * WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in 2873 * locally generated disconnection events for cases where the 2874 * AP does not reply anymore. 2875 */ 2876 curr = wpa_s->current_bss; 2877 2878 if (could_be_psk_mismatch(wpa_s, reason_code, locally_generated)) { 2879 wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - " 2880 "pre-shared key may be incorrect"); 2881 if (wpas_p2p_4way_hs_failed(wpa_s) > 0) 2882 return; /* P2P group removed */ 2883 wpas_auth_failed(wpa_s, "WRONG_KEY"); 2884 } 2885 if (!wpa_s->disconnected && 2886 (!wpa_s->auto_reconnect_disabled || 2887 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS || 2888 wpas_wps_searching(wpa_s) || 2889 wpas_wps_reenable_networks_pending(wpa_s))) { 2890 wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect enabled: try to " 2891 "reconnect (wps=%d/%d wpa_state=%d)", 2892 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS, 2893 wpas_wps_searching(wpa_s), 2894 wpa_s->wpa_state); 2895 if (wpa_s->wpa_state == WPA_COMPLETED && 2896 wpa_s->current_ssid && 2897 wpa_s->current_ssid->mode == WPAS_MODE_INFRA && 2898 !locally_generated && 2899 disconnect_reason_recoverable(reason_code)) { 2900 /* 2901 * It looks like the AP has dropped association with 2902 * us, but could allow us to get back in. Try to 2903 * reconnect to the same BSS without full scan to save 2904 * time for some common cases. 2905 */ 2906 fast_reconnect = wpa_s->current_bss; 2907 fast_reconnect_ssid = wpa_s->current_ssid; 2908 } else if (wpa_s->wpa_state >= WPA_ASSOCIATING) 2909 wpa_supplicant_req_scan(wpa_s, 0, 100000); 2910 else 2911 wpa_dbg(wpa_s, MSG_DEBUG, "Do not request new " 2912 "immediate scan"); 2913 } else { 2914 wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect disabled: do not " 2915 "try to re-connect"); 2916 wpa_s->reassociate = 0; 2917 wpa_s->disconnected = 1; 2918 if (!wpa_s->pno) 2919 wpa_supplicant_cancel_sched_scan(wpa_s); 2920 } 2921 bssid = wpa_s->bssid; 2922 if (is_zero_ether_addr(bssid)) 2923 bssid = wpa_s->pending_bssid; 2924 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) 2925 wpas_connection_failed(wpa_s, bssid); 2926 wpa_sm_notify_disassoc(wpa_s->wpa); 2927 if (locally_generated) 2928 wpa_s->disconnect_reason = -reason_code; 2929 else 2930 wpa_s->disconnect_reason = reason_code; 2931 wpas_notify_disconnect_reason(wpa_s); 2932 if (wpa_supplicant_dynamic_keys(wpa_s)) { 2933 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - remove keys"); 2934 wpa_clear_keys(wpa_s, wpa_s->bssid); 2935 } 2936 last_ssid = wpa_s->current_ssid; 2937 wpa_supplicant_mark_disassoc(wpa_s); 2938 2939 if (curr) 2940 wpa_bss_remove(wpa_s, curr, "Connection to AP lost"); 2941 2942 if (authenticating && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) { 2943 sme_disassoc_while_authenticating(wpa_s, prev_pending_bssid); 2944 wpa_s->current_ssid = last_ssid; 2945 } 2946 2947 if (fast_reconnect && 2948 !wpas_network_disabled(wpa_s, fast_reconnect_ssid) && 2949 !disallowed_bssid(wpa_s, fast_reconnect->bssid) && 2950 !disallowed_ssid(wpa_s, fast_reconnect->ssid, 2951 fast_reconnect->ssid_len) && 2952 !wpas_temp_disabled(wpa_s, fast_reconnect_ssid) && 2953 !wpa_is_bss_tmp_disallowed(wpa_s, fast_reconnect->bssid)) { 2954#ifndef CONFIG_NO_SCAN_PROCESSING 2955 wpa_dbg(wpa_s, MSG_DEBUG, "Try to reconnect to the same BSS"); 2956 if (wpa_supplicant_connect(wpa_s, fast_reconnect, 2957 fast_reconnect_ssid) < 0) { 2958 /* Recover through full scan */ 2959 wpa_supplicant_req_scan(wpa_s, 0, 100000); 2960 } 2961#endif /* CONFIG_NO_SCAN_PROCESSING */ 2962 } else if (fast_reconnect) { 2963 /* 2964 * Could not reconnect to the same BSS due to network being 2965 * disabled. Use a new scan to match the alternative behavior 2966 * above, i.e., to continue automatic reconnection attempt in a 2967 * way that enforces disabled network rules. 2968 */ 2969 wpa_supplicant_req_scan(wpa_s, 0, 100000); 2970 } 2971} 2972 2973 2974#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT 2975void wpa_supplicant_delayed_mic_error_report(void *eloop_ctx, void *sock_ctx) 2976{ 2977 struct wpa_supplicant *wpa_s = eloop_ctx; 2978 2979 if (!wpa_s->pending_mic_error_report) 2980 return; 2981 2982 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Sending pending MIC error report"); 2983 wpa_sm_key_request(wpa_s->wpa, 1, wpa_s->pending_mic_error_pairwise); 2984 wpa_s->pending_mic_error_report = 0; 2985} 2986#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 2987 2988 2989static void 2990wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant *wpa_s, 2991 union wpa_event_data *data) 2992{ 2993 int pairwise; 2994 struct os_reltime t; 2995 2996 wpa_msg(wpa_s, MSG_WARNING, "Michael MIC failure detected"); 2997 pairwise = (data && data->michael_mic_failure.unicast); 2998 os_get_reltime(&t); 2999 if ((wpa_s->last_michael_mic_error.sec && 3000 !os_reltime_expired(&t, &wpa_s->last_michael_mic_error, 60)) || 3001 wpa_s->pending_mic_error_report) { 3002 if (wpa_s->pending_mic_error_report) { 3003 /* 3004 * Send the pending MIC error report immediately since 3005 * we are going to start countermeasures and AP better 3006 * do the same. 3007 */ 3008 wpa_sm_key_request(wpa_s->wpa, 1, 3009 wpa_s->pending_mic_error_pairwise); 3010 } 3011 3012 /* Send the new MIC error report immediately since we are going 3013 * to start countermeasures and AP better do the same. 3014 */ 3015 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 3016 3017 /* initialize countermeasures */ 3018 wpa_s->countermeasures = 1; 3019 3020 wpa_blacklist_add(wpa_s, wpa_s->bssid); 3021 3022 wpa_msg(wpa_s, MSG_WARNING, "TKIP countermeasures started"); 3023 3024 /* 3025 * Need to wait for completion of request frame. We do not get 3026 * any callback for the message completion, so just wait a 3027 * short while and hope for the best. */ 3028 os_sleep(0, 10000); 3029 3030 wpa_drv_set_countermeasures(wpa_s, 1); 3031 wpa_supplicant_deauthenticate(wpa_s, 3032 WLAN_REASON_MICHAEL_MIC_FAILURE); 3033 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, 3034 wpa_s, NULL); 3035 eloop_register_timeout(60, 0, 3036 wpa_supplicant_stop_countermeasures, 3037 wpa_s, NULL); 3038 /* TODO: mark the AP rejected for 60 second. STA is 3039 * allowed to associate with another AP.. */ 3040 } else { 3041#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT 3042 if (wpa_s->mic_errors_seen) { 3043 /* 3044 * Reduce the effectiveness of Michael MIC error 3045 * reports as a means for attacking against TKIP if 3046 * more than one MIC failure is noticed with the same 3047 * PTK. We delay the transmission of the reports by a 3048 * random time between 0 and 60 seconds in order to 3049 * force the attacker wait 60 seconds before getting 3050 * the information on whether a frame resulted in a MIC 3051 * failure. 3052 */ 3053 u8 rval[4]; 3054 int sec; 3055 3056 if (os_get_random(rval, sizeof(rval)) < 0) 3057 sec = os_random() % 60; 3058 else 3059 sec = WPA_GET_BE32(rval) % 60; 3060 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Delay MIC error " 3061 "report %d seconds", sec); 3062 wpa_s->pending_mic_error_report = 1; 3063 wpa_s->pending_mic_error_pairwise = pairwise; 3064 eloop_cancel_timeout( 3065 wpa_supplicant_delayed_mic_error_report, 3066 wpa_s, NULL); 3067 eloop_register_timeout( 3068 sec, os_random() % 1000000, 3069 wpa_supplicant_delayed_mic_error_report, 3070 wpa_s, NULL); 3071 } else { 3072 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 3073 } 3074#else /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 3075 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 3076#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 3077 } 3078 wpa_s->last_michael_mic_error = t; 3079 wpa_s->mic_errors_seen++; 3080} 3081 3082 3083#ifdef CONFIG_TERMINATE_ONLASTIF 3084static int any_interfaces(struct wpa_supplicant *head) 3085{ 3086 struct wpa_supplicant *wpa_s; 3087 3088 for (wpa_s = head; wpa_s != NULL; wpa_s = wpa_s->next) 3089 if (!wpa_s->interface_removed) 3090 return 1; 3091 return 0; 3092} 3093#endif /* CONFIG_TERMINATE_ONLASTIF */ 3094 3095 3096static void 3097wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s, 3098 union wpa_event_data *data) 3099{ 3100 if (os_strcmp(wpa_s->ifname, data->interface_status.ifname) != 0) 3101 return; 3102 3103 switch (data->interface_status.ievent) { 3104 case EVENT_INTERFACE_ADDED: 3105 if (!wpa_s->interface_removed) 3106 break; 3107 wpa_s->interface_removed = 0; 3108 wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was added"); 3109 if (wpa_supplicant_driver_init(wpa_s) < 0) { 3110 wpa_msg(wpa_s, MSG_INFO, "Failed to initialize the " 3111 "driver after interface was added"); 3112 } 3113 3114#ifdef CONFIG_P2P 3115 if (!wpa_s->global->p2p && 3116 !wpa_s->global->p2p_disabled && 3117 !wpa_s->conf->p2p_disabled && 3118 (wpa_s->drv_flags & 3119 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) && 3120 wpas_p2p_add_p2pdev_interface( 3121 wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) { 3122 wpa_printf(MSG_INFO, 3123 "P2P: Failed to enable P2P Device interface"); 3124 /* Try to continue without. P2P will be disabled. */ 3125 } 3126#endif /* CONFIG_P2P */ 3127 3128 break; 3129 case EVENT_INTERFACE_REMOVED: 3130 wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was removed"); 3131 wpa_s->interface_removed = 1; 3132 wpa_supplicant_mark_disassoc(wpa_s); 3133 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED); 3134 l2_packet_deinit(wpa_s->l2); 3135 wpa_s->l2 = NULL; 3136 3137#ifdef CONFIG_P2P 3138 if (wpa_s->global->p2p && 3139 wpa_s->global->p2p_init_wpa_s->parent == wpa_s && 3140 (wpa_s->drv_flags & 3141 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) { 3142 wpa_dbg(wpa_s, MSG_DEBUG, 3143 "Removing P2P Device interface"); 3144 wpa_supplicant_remove_iface( 3145 wpa_s->global, wpa_s->global->p2p_init_wpa_s, 3146 0); 3147 wpa_s->global->p2p_init_wpa_s = NULL; 3148 } 3149#endif /* CONFIG_P2P */ 3150 3151#ifdef CONFIG_MATCH_IFACE 3152 if (wpa_s->matched) { 3153 wpa_supplicant_remove_iface(wpa_s->global, wpa_s, 0); 3154 break; 3155 } 3156#endif /* CONFIG_MATCH_IFACE */ 3157 3158#ifdef CONFIG_TERMINATE_ONLASTIF 3159 /* check if last interface */ 3160 if (!any_interfaces(wpa_s->global->ifaces)) 3161 eloop_terminate(); 3162#endif /* CONFIG_TERMINATE_ONLASTIF */ 3163 break; 3164 } 3165} 3166 3167 3168#ifdef CONFIG_TDLS 3169static void wpa_supplicant_event_tdls(struct wpa_supplicant *wpa_s, 3170 union wpa_event_data *data) 3171{ 3172 if (data == NULL) 3173 return; 3174 switch (data->tdls.oper) { 3175 case TDLS_REQUEST_SETUP: 3176 wpa_tdls_remove(wpa_s->wpa, data->tdls.peer); 3177 if (wpa_tdls_is_external_setup(wpa_s->wpa)) 3178 wpa_tdls_start(wpa_s->wpa, data->tdls.peer); 3179 else 3180 wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, data->tdls.peer); 3181 break; 3182 case TDLS_REQUEST_TEARDOWN: 3183 if (wpa_tdls_is_external_setup(wpa_s->wpa)) 3184 wpa_tdls_teardown_link(wpa_s->wpa, data->tdls.peer, 3185 data->tdls.reason_code); 3186 else 3187 wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN, 3188 data->tdls.peer); 3189 break; 3190 case TDLS_REQUEST_DISCOVER: 3191 wpa_tdls_send_discovery_request(wpa_s->wpa, 3192 data->tdls.peer); 3193 break; 3194 } 3195} 3196#endif /* CONFIG_TDLS */ 3197 3198 3199#ifdef CONFIG_WNM 3200static void wpa_supplicant_event_wnm(struct wpa_supplicant *wpa_s, 3201 union wpa_event_data *data) 3202{ 3203 if (data == NULL) 3204 return; 3205 switch (data->wnm.oper) { 3206 case WNM_OPER_SLEEP: 3207 wpa_printf(MSG_DEBUG, "Start sending WNM-Sleep Request " 3208 "(action=%d, intval=%d)", 3209 data->wnm.sleep_action, data->wnm.sleep_intval); 3210 ieee802_11_send_wnmsleep_req(wpa_s, data->wnm.sleep_action, 3211 data->wnm.sleep_intval, NULL); 3212 break; 3213 } 3214} 3215#endif /* CONFIG_WNM */ 3216 3217 3218#ifdef CONFIG_IEEE80211R 3219static void 3220wpa_supplicant_event_ft_response(struct wpa_supplicant *wpa_s, 3221 union wpa_event_data *data) 3222{ 3223 if (data == NULL) 3224 return; 3225 3226 if (wpa_ft_process_response(wpa_s->wpa, data->ft_ies.ies, 3227 data->ft_ies.ies_len, 3228 data->ft_ies.ft_action, 3229 data->ft_ies.target_ap, 3230 data->ft_ies.ric_ies, 3231 data->ft_ies.ric_ies_len) < 0) { 3232 /* TODO: prevent MLME/driver from trying to associate? */ 3233 } 3234} 3235#endif /* CONFIG_IEEE80211R */ 3236 3237 3238#ifdef CONFIG_IBSS_RSN 3239static void wpa_supplicant_event_ibss_rsn_start(struct wpa_supplicant *wpa_s, 3240 union wpa_event_data *data) 3241{ 3242 struct wpa_ssid *ssid; 3243 if (wpa_s->wpa_state < WPA_ASSOCIATED) 3244 return; 3245 if (data == NULL) 3246 return; 3247 ssid = wpa_s->current_ssid; 3248 if (ssid == NULL) 3249 return; 3250 if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt)) 3251 return; 3252 3253 ibss_rsn_start(wpa_s->ibss_rsn, data->ibss_rsn_start.peer); 3254} 3255 3256 3257static void wpa_supplicant_event_ibss_auth(struct wpa_supplicant *wpa_s, 3258 union wpa_event_data *data) 3259{ 3260 struct wpa_ssid *ssid = wpa_s->current_ssid; 3261 3262 if (ssid == NULL) 3263 return; 3264 3265 /* check if the ssid is correctly configured as IBSS/RSN */ 3266 if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt)) 3267 return; 3268 3269 ibss_rsn_handle_auth(wpa_s->ibss_rsn, data->rx_mgmt.frame, 3270 data->rx_mgmt.frame_len); 3271} 3272#endif /* CONFIG_IBSS_RSN */ 3273 3274 3275#ifdef CONFIG_IEEE80211R 3276static void ft_rx_action(struct wpa_supplicant *wpa_s, const u8 *data, 3277 size_t len) 3278{ 3279 const u8 *sta_addr, *target_ap_addr; 3280 u16 status; 3281 3282 wpa_hexdump(MSG_MSGDUMP, "FT: RX Action", data, len); 3283 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) 3284 return; /* only SME case supported for now */ 3285 if (len < 1 + 2 * ETH_ALEN + 2) 3286 return; 3287 if (data[0] != 2) 3288 return; /* Only FT Action Response is supported for now */ 3289 sta_addr = data + 1; 3290 target_ap_addr = data + 1 + ETH_ALEN; 3291 status = WPA_GET_LE16(data + 1 + 2 * ETH_ALEN); 3292 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Received FT Action Response: STA " 3293 MACSTR " TargetAP " MACSTR " status %u", 3294 MAC2STR(sta_addr), MAC2STR(target_ap_addr), status); 3295 3296 if (os_memcmp(sta_addr, wpa_s->own_addr, ETH_ALEN) != 0) { 3297 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Foreign STA Address " MACSTR 3298 " in FT Action Response", MAC2STR(sta_addr)); 3299 return; 3300 } 3301 3302 if (status) { 3303 wpa_dbg(wpa_s, MSG_DEBUG, "FT: FT Action Response indicates " 3304 "failure (status code %d)", status); 3305 /* TODO: report error to FT code(?) */ 3306 return; 3307 } 3308 3309 if (wpa_ft_process_response(wpa_s->wpa, data + 1 + 2 * ETH_ALEN + 2, 3310 len - (1 + 2 * ETH_ALEN + 2), 1, 3311 target_ap_addr, NULL, 0) < 0) 3312 return; 3313 3314#ifdef CONFIG_SME 3315 { 3316 struct wpa_bss *bss; 3317 bss = wpa_bss_get_bssid(wpa_s, target_ap_addr); 3318 if (bss) 3319 wpa_s->sme.freq = bss->freq; 3320 wpa_s->sme.auth_alg = WPA_AUTH_ALG_FT; 3321 sme_associate(wpa_s, WPAS_MODE_INFRA, target_ap_addr, 3322 WLAN_AUTH_FT); 3323 } 3324#endif /* CONFIG_SME */ 3325} 3326#endif /* CONFIG_IEEE80211R */ 3327 3328 3329static void wpa_supplicant_event_unprot_deauth(struct wpa_supplicant *wpa_s, 3330 struct unprot_deauth *e) 3331{ 3332#ifdef CONFIG_IEEE80211W 3333 wpa_printf(MSG_DEBUG, "Unprotected Deauthentication frame " 3334 "dropped: " MACSTR " -> " MACSTR 3335 " (reason code %u)", 3336 MAC2STR(e->sa), MAC2STR(e->da), e->reason_code); 3337 sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code); 3338#endif /* CONFIG_IEEE80211W */ 3339} 3340 3341 3342static void wpa_supplicant_event_unprot_disassoc(struct wpa_supplicant *wpa_s, 3343 struct unprot_disassoc *e) 3344{ 3345#ifdef CONFIG_IEEE80211W 3346 wpa_printf(MSG_DEBUG, "Unprotected Disassociation frame " 3347 "dropped: " MACSTR " -> " MACSTR 3348 " (reason code %u)", 3349 MAC2STR(e->sa), MAC2STR(e->da), e->reason_code); 3350 sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code); 3351#endif /* CONFIG_IEEE80211W */ 3352} 3353 3354 3355static void wpas_event_disconnect(struct wpa_supplicant *wpa_s, const u8 *addr, 3356 u16 reason_code, int locally_generated, 3357 const u8 *ie, size_t ie_len, int deauth) 3358{ 3359#ifdef CONFIG_AP 3360 if (wpa_s->ap_iface && addr) { 3361 hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], addr); 3362 return; 3363 } 3364 3365 if (wpa_s->ap_iface) { 3366 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore deauth event in AP mode"); 3367 return; 3368 } 3369#endif /* CONFIG_AP */ 3370 3371 if (!locally_generated) 3372 wpa_s->own_disconnect_req = 0; 3373 3374 wpa_supplicant_event_disassoc(wpa_s, reason_code, locally_generated); 3375 3376 if (((reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED || 3377 ((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) || 3378 (wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) && 3379 eapol_sm_failed(wpa_s->eapol))) && 3380 !wpa_s->eap_expected_failure)) 3381 wpas_auth_failed(wpa_s, "AUTH_FAILED"); 3382 3383#ifdef CONFIG_P2P 3384 if (deauth && reason_code > 0) { 3385 if (wpas_p2p_deauth_notif(wpa_s, addr, reason_code, ie, ie_len, 3386 locally_generated) > 0) { 3387 /* 3388 * The interface was removed, so cannot continue 3389 * processing any additional operations after this. 3390 */ 3391 return; 3392 } 3393 } 3394#endif /* CONFIG_P2P */ 3395 3396 wpa_supplicant_event_disassoc_finish(wpa_s, reason_code, 3397 locally_generated); 3398} 3399 3400 3401static void wpas_event_disassoc(struct wpa_supplicant *wpa_s, 3402 struct disassoc_info *info) 3403{ 3404 u16 reason_code = 0; 3405 int locally_generated = 0; 3406 const u8 *addr = NULL; 3407 const u8 *ie = NULL; 3408 size_t ie_len = 0; 3409 3410 wpa_dbg(wpa_s, MSG_DEBUG, "Disassociation notification"); 3411 3412 if (info) { 3413 addr = info->addr; 3414 ie = info->ie; 3415 ie_len = info->ie_len; 3416 reason_code = info->reason_code; 3417 locally_generated = info->locally_generated; 3418 wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u%s", reason_code, 3419 locally_generated ? " (locally generated)" : ""); 3420 if (addr) 3421 wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR, 3422 MAC2STR(addr)); 3423 wpa_hexdump(MSG_DEBUG, "Disassociation frame IE(s)", 3424 ie, ie_len); 3425 } 3426 3427#ifdef CONFIG_AP 3428 if (wpa_s->ap_iface && info && info->addr) { 3429 hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], info->addr); 3430 return; 3431 } 3432 3433 if (wpa_s->ap_iface) { 3434 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore disassoc event in AP mode"); 3435 return; 3436 } 3437#endif /* CONFIG_AP */ 3438 3439#ifdef CONFIG_P2P 3440 if (info) { 3441 wpas_p2p_disassoc_notif( 3442 wpa_s, info->addr, reason_code, info->ie, info->ie_len, 3443 locally_generated); 3444 } 3445#endif /* CONFIG_P2P */ 3446 3447 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 3448 sme_event_disassoc(wpa_s, info); 3449 3450 wpas_event_disconnect(wpa_s, addr, reason_code, locally_generated, 3451 ie, ie_len, 0); 3452} 3453 3454 3455static void wpas_event_deauth(struct wpa_supplicant *wpa_s, 3456 struct deauth_info *info) 3457{ 3458 u16 reason_code = 0; 3459 int locally_generated = 0; 3460 const u8 *addr = NULL; 3461 const u8 *ie = NULL; 3462 size_t ie_len = 0; 3463 3464 wpa_dbg(wpa_s, MSG_DEBUG, "Deauthentication notification"); 3465 3466 if (info) { 3467 addr = info->addr; 3468 ie = info->ie; 3469 ie_len = info->ie_len; 3470 reason_code = info->reason_code; 3471 locally_generated = info->locally_generated; 3472 wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u%s", 3473 reason_code, 3474 locally_generated ? " (locally generated)" : ""); 3475 if (addr) { 3476 wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR, 3477 MAC2STR(addr)); 3478 } 3479 wpa_hexdump(MSG_DEBUG, "Deauthentication frame IE(s)", 3480 ie, ie_len); 3481 } 3482 3483 wpa_reset_ft_completed(wpa_s->wpa); 3484 3485 wpas_event_disconnect(wpa_s, addr, reason_code, 3486 locally_generated, ie, ie_len, 1); 3487} 3488 3489 3490static const char * reg_init_str(enum reg_change_initiator init) 3491{ 3492 switch (init) { 3493 case REGDOM_SET_BY_CORE: 3494 return "CORE"; 3495 case REGDOM_SET_BY_USER: 3496 return "USER"; 3497 case REGDOM_SET_BY_DRIVER: 3498 return "DRIVER"; 3499 case REGDOM_SET_BY_COUNTRY_IE: 3500 return "COUNTRY_IE"; 3501 case REGDOM_BEACON_HINT: 3502 return "BEACON_HINT"; 3503 } 3504 return "?"; 3505} 3506 3507 3508static const char * reg_type_str(enum reg_type type) 3509{ 3510 switch (type) { 3511 case REGDOM_TYPE_UNKNOWN: 3512 return "UNKNOWN"; 3513 case REGDOM_TYPE_COUNTRY: 3514 return "COUNTRY"; 3515 case REGDOM_TYPE_WORLD: 3516 return "WORLD"; 3517 case REGDOM_TYPE_CUSTOM_WORLD: 3518 return "CUSTOM_WORLD"; 3519 case REGDOM_TYPE_INTERSECTION: 3520 return "INTERSECTION"; 3521 } 3522 return "?"; 3523} 3524 3525 3526static void wpa_supplicant_update_channel_list( 3527 struct wpa_supplicant *wpa_s, struct channel_list_changed *info) 3528{ 3529 struct wpa_supplicant *ifs; 3530 u8 dfs_domain; 3531 3532 /* 3533 * To allow backwards compatibility with higher level layers that 3534 * assumed the REGDOM_CHANGE event is sent over the initially added 3535 * interface. Find the highest parent of this interface and use it to 3536 * send the event. 3537 */ 3538 for (ifs = wpa_s; ifs->parent && ifs != ifs->parent; ifs = ifs->parent) 3539 ; 3540 3541 wpa_msg(ifs, MSG_INFO, WPA_EVENT_REGDOM_CHANGE "init=%s type=%s%s%s", 3542 reg_init_str(info->initiator), reg_type_str(info->type), 3543 info->alpha2[0] ? " alpha2=" : "", 3544 info->alpha2[0] ? info->alpha2 : ""); 3545 3546 if (wpa_s->drv_priv == NULL) 3547 return; /* Ignore event during drv initialization */ 3548 3549 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant, 3550 radio_list) { 3551 wpa_printf(MSG_DEBUG, "%s: Updating hw mode", 3552 ifs->ifname); 3553 free_hw_features(ifs); 3554 ifs->hw.modes = wpa_drv_get_hw_feature_data( 3555 ifs, &ifs->hw.num_modes, &ifs->hw.flags, &dfs_domain); 3556 3557 /* Restart PNO/sched_scan with updated channel list */ 3558 if (ifs->pno) { 3559 wpas_stop_pno(ifs); 3560 wpas_start_pno(ifs); 3561 } else if (ifs->sched_scanning && !ifs->pno_sched_pending) { 3562 wpa_dbg(ifs, MSG_DEBUG, 3563 "Channel list changed - restart sched_scan"); 3564 wpas_scan_restart_sched_scan(ifs); 3565 } 3566 } 3567 3568 wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_DRIVER); 3569} 3570 3571 3572static void wpas_event_rx_mgmt_action(struct wpa_supplicant *wpa_s, 3573 const u8 *frame, size_t len, int freq, 3574 int rssi) 3575{ 3576 const struct ieee80211_mgmt *mgmt; 3577 const u8 *payload; 3578 size_t plen; 3579 u8 category; 3580 3581 if (len < IEEE80211_HDRLEN + 2) 3582 return; 3583 3584 mgmt = (const struct ieee80211_mgmt *) frame; 3585 payload = frame + IEEE80211_HDRLEN; 3586 category = *payload++; 3587 plen = len - IEEE80211_HDRLEN - 1; 3588 3589 wpa_dbg(wpa_s, MSG_DEBUG, "Received Action frame: SA=" MACSTR 3590 " Category=%u DataLen=%d freq=%d MHz", 3591 MAC2STR(mgmt->sa), category, (int) plen, freq); 3592 3593 if (category == WLAN_ACTION_WMM) { 3594 wmm_ac_rx_action(wpa_s, mgmt->da, mgmt->sa, payload, plen); 3595 return; 3596 } 3597 3598#ifdef CONFIG_IEEE80211R 3599 if (category == WLAN_ACTION_FT) { 3600 ft_rx_action(wpa_s, payload, plen); 3601 return; 3602 } 3603#endif /* CONFIG_IEEE80211R */ 3604 3605#ifdef CONFIG_IEEE80211W 3606#ifdef CONFIG_SME 3607 if (category == WLAN_ACTION_SA_QUERY) { 3608 sme_sa_query_rx(wpa_s, mgmt->sa, payload, plen); 3609 return; 3610 } 3611#endif /* CONFIG_SME */ 3612#endif /* CONFIG_IEEE80211W */ 3613 3614#ifdef CONFIG_WNM 3615 if (mgmt->u.action.category == WLAN_ACTION_WNM) { 3616 ieee802_11_rx_wnm_action(wpa_s, mgmt, len); 3617 return; 3618 } 3619#endif /* CONFIG_WNM */ 3620 3621#ifdef CONFIG_GAS 3622 if ((mgmt->u.action.category == WLAN_ACTION_PUBLIC || 3623 mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) && 3624 gas_query_rx(wpa_s->gas, mgmt->da, mgmt->sa, mgmt->bssid, 3625 mgmt->u.action.category, 3626 payload, plen, freq) == 0) 3627 return; 3628#endif /* CONFIG_GAS */ 3629 3630#ifdef CONFIG_GAS_SERVER 3631 if ((mgmt->u.action.category == WLAN_ACTION_PUBLIC || 3632 mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) && 3633 gas_server_rx(wpa_s->gas_server, mgmt->da, mgmt->sa, mgmt->bssid, 3634 mgmt->u.action.category, 3635 payload, plen, freq) == 0) 3636 return; 3637#endif /* CONFIG_GAS_SERVER */ 3638 3639#ifdef CONFIG_TDLS 3640 if (category == WLAN_ACTION_PUBLIC && plen >= 4 && 3641 payload[0] == WLAN_TDLS_DISCOVERY_RESPONSE) { 3642 wpa_dbg(wpa_s, MSG_DEBUG, 3643 "TDLS: Received Discovery Response from " MACSTR, 3644 MAC2STR(mgmt->sa)); 3645 return; 3646 } 3647#endif /* CONFIG_TDLS */ 3648 3649#ifdef CONFIG_INTERWORKING 3650 if (category == WLAN_ACTION_QOS && plen >= 1 && 3651 payload[0] == QOS_QOS_MAP_CONFIG) { 3652 const u8 *pos = payload + 1; 3653 size_t qlen = plen - 1; 3654 wpa_dbg(wpa_s, MSG_DEBUG, "Interworking: Received QoS Map Configure frame from " 3655 MACSTR, MAC2STR(mgmt->sa)); 3656 if (os_memcmp(mgmt->sa, wpa_s->bssid, ETH_ALEN) == 0 && 3657 qlen > 2 && pos[0] == WLAN_EID_QOS_MAP_SET && 3658 pos[1] <= qlen - 2 && pos[1] >= 16) 3659 wpas_qos_map_set(wpa_s, pos + 2, pos[1]); 3660 return; 3661 } 3662#endif /* CONFIG_INTERWORKING */ 3663 3664 if (category == WLAN_ACTION_RADIO_MEASUREMENT && 3665 payload[0] == WLAN_RRM_RADIO_MEASUREMENT_REQUEST) { 3666 wpas_rrm_handle_radio_measurement_request(wpa_s, mgmt->sa, 3667 mgmt->da, 3668 payload + 1, 3669 plen - 1); 3670 return; 3671 } 3672 3673 if (category == WLAN_ACTION_RADIO_MEASUREMENT && 3674 payload[0] == WLAN_RRM_NEIGHBOR_REPORT_RESPONSE) { 3675 wpas_rrm_process_neighbor_rep(wpa_s, payload + 1, plen - 1); 3676 return; 3677 } 3678 3679 if (category == WLAN_ACTION_RADIO_MEASUREMENT && 3680 payload[0] == WLAN_RRM_LINK_MEASUREMENT_REQUEST) { 3681 wpas_rrm_handle_link_measurement_request(wpa_s, mgmt->sa, 3682 payload + 1, plen - 1, 3683 rssi); 3684 return; 3685 } 3686 3687#ifdef CONFIG_FST 3688 if (mgmt->u.action.category == WLAN_ACTION_FST && wpa_s->fst) { 3689 fst_rx_action(wpa_s->fst, mgmt, len); 3690 return; 3691 } 3692#endif /* CONFIG_FST */ 3693 3694#ifdef CONFIG_DPP 3695 if (category == WLAN_ACTION_PUBLIC && plen >= 5 && 3696 payload[0] == WLAN_PA_VENDOR_SPECIFIC && 3697 WPA_GET_BE24(&payload[1]) == OUI_WFA && 3698 payload[4] == DPP_OUI_TYPE) { 3699 payload++; 3700 plen--; 3701 wpas_dpp_rx_action(wpa_s, mgmt->sa, payload, plen, freq); 3702 return; 3703 } 3704#endif /* CONFIG_DPP */ 3705 3706 wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid, 3707 category, payload, plen, freq); 3708 if (wpa_s->ifmsh) 3709 mesh_mpm_action_rx(wpa_s, mgmt, len); 3710} 3711 3712 3713static void wpa_supplicant_notify_avoid_freq(struct wpa_supplicant *wpa_s, 3714 union wpa_event_data *event) 3715{ 3716 struct wpa_freq_range_list *list; 3717 char *str = NULL; 3718 3719 list = &event->freq_range; 3720 3721 if (list->num) 3722 str = freq_range_list_str(list); 3723 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AVOID_FREQ "ranges=%s", 3724 str ? str : ""); 3725 3726#ifdef CONFIG_P2P 3727 if (freq_range_list_parse(&wpa_s->global->p2p_go_avoid_freq, str)) { 3728 wpa_dbg(wpa_s, MSG_ERROR, "%s: Failed to parse freq range", 3729 __func__); 3730 } else { 3731 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Update channel list based on frequency avoid event"); 3732 3733 /* 3734 * The update channel flow will also take care of moving a GO 3735 * from the unsafe frequency if needed. 3736 */ 3737 wpas_p2p_update_channel_list(wpa_s, 3738 WPAS_P2P_CHANNEL_UPDATE_AVOID); 3739 } 3740#endif /* CONFIG_P2P */ 3741 3742 os_free(str); 3743} 3744 3745 3746static void wpa_supplicant_event_assoc_auth(struct wpa_supplicant *wpa_s, 3747 union wpa_event_data *data) 3748{ 3749 wpa_dbg(wpa_s, MSG_DEBUG, 3750 "Connection authorized by device, previous state %d", 3751 wpa_s->wpa_state); 3752 if (wpa_s->wpa_state == WPA_ASSOCIATED) { 3753 wpa_supplicant_cancel_auth_timeout(wpa_s); 3754 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 3755 eapol_sm_notify_portValid(wpa_s->eapol, TRUE); 3756 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); 3757 } 3758 wpa_sm_set_rx_replay_ctr(wpa_s->wpa, data->assoc_info.key_replay_ctr); 3759 wpa_sm_set_ptk_kck_kek(wpa_s->wpa, data->assoc_info.ptk_kck, 3760 data->assoc_info.ptk_kck_len, 3761 data->assoc_info.ptk_kek, 3762 data->assoc_info.ptk_kek_len); 3763#ifdef CONFIG_FILS 3764 if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) { 3765 struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, wpa_s->bssid); 3766 const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss); 3767 3768 /* Update ERP next sequence number */ 3769 eapol_sm_update_erp_next_seq_num( 3770 wpa_s->eapol, data->assoc_info.fils_erp_next_seq_num); 3771 3772 if (data->assoc_info.fils_pmk && data->assoc_info.fils_pmkid) { 3773 /* Add the new PMK and PMKID to the PMKSA cache */ 3774 wpa_sm_pmksa_cache_add(wpa_s->wpa, 3775 data->assoc_info.fils_pmk, 3776 data->assoc_info.fils_pmk_len, 3777 data->assoc_info.fils_pmkid, 3778 wpa_s->bssid, fils_cache_id); 3779 } else if (data->assoc_info.fils_pmkid) { 3780 /* Update the current PMKSA used for this connection */ 3781 pmksa_cache_set_current(wpa_s->wpa, 3782 data->assoc_info.fils_pmkid, 3783 NULL, NULL, 0, NULL); 3784 } 3785 } 3786#endif /* CONFIG_FILS */ 3787} 3788 3789 3790void wpa_supplicant_event(void *ctx, enum wpa_event_type event, 3791 union wpa_event_data *data) 3792{ 3793 struct wpa_supplicant *wpa_s = ctx; 3794 int resched; 3795 3796 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED && 3797 event != EVENT_INTERFACE_ENABLED && 3798 event != EVENT_INTERFACE_STATUS && 3799 event != EVENT_SCAN_RESULTS && 3800 event != EVENT_SCHED_SCAN_STOPPED) { 3801 wpa_dbg(wpa_s, MSG_DEBUG, 3802 "Ignore event %s (%d) while interface is disabled", 3803 event_to_string(event), event); 3804 return; 3805 } 3806 3807#ifndef CONFIG_NO_STDOUT_DEBUG 3808{ 3809 int level = MSG_DEBUG; 3810 3811 if (event == EVENT_RX_MGMT && data->rx_mgmt.frame_len >= 24) { 3812 const struct ieee80211_hdr *hdr; 3813 u16 fc; 3814 hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame; 3815 fc = le_to_host16(hdr->frame_control); 3816 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 3817 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) 3818 level = MSG_EXCESSIVE; 3819 } 3820 3821 wpa_dbg(wpa_s, level, "Event %s (%d) received", 3822 event_to_string(event), event); 3823} 3824#endif /* CONFIG_NO_STDOUT_DEBUG */ 3825 3826 switch (event) { 3827 case EVENT_AUTH: 3828#ifdef CONFIG_FST 3829 if (!wpas_fst_update_mbie(wpa_s, data->auth.ies, 3830 data->auth.ies_len)) 3831 wpa_printf(MSG_DEBUG, 3832 "FST: MB IEs updated from auth IE"); 3833#endif /* CONFIG_FST */ 3834 sme_event_auth(wpa_s, data); 3835 break; 3836 case EVENT_ASSOC: 3837#ifdef CONFIG_TESTING_OPTIONS 3838 if (wpa_s->ignore_auth_resp) { 3839 wpa_printf(MSG_INFO, 3840 "EVENT_ASSOC - ignore_auth_resp active!"); 3841 break; 3842 } 3843 if (wpa_s->testing_resend_assoc) { 3844 wpa_printf(MSG_INFO, 3845 "EVENT_DEAUTH - testing_resend_assoc"); 3846 break; 3847 } 3848#endif /* CONFIG_TESTING_OPTIONS */ 3849 wpa_supplicant_event_assoc(wpa_s, data); 3850 if (data && 3851 (data->assoc_info.authorized || 3852 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) && 3853 wpa_fils_is_completed(wpa_s->wpa)))) 3854 wpa_supplicant_event_assoc_auth(wpa_s, data); 3855 if (data) { 3856 wpa_msg(wpa_s, MSG_INFO, 3857 WPA_EVENT_SUBNET_STATUS_UPDATE "status=%u", 3858 data->assoc_info.subnet_status); 3859 } 3860 break; 3861 case EVENT_DISASSOC: 3862 wpas_event_disassoc(wpa_s, 3863 data ? &data->disassoc_info : NULL); 3864 break; 3865 case EVENT_DEAUTH: 3866#ifdef CONFIG_TESTING_OPTIONS 3867 if (wpa_s->ignore_auth_resp) { 3868 wpa_printf(MSG_INFO, 3869 "EVENT_DEAUTH - ignore_auth_resp active!"); 3870 break; 3871 } 3872 if (wpa_s->testing_resend_assoc) { 3873 wpa_printf(MSG_INFO, 3874 "EVENT_DEAUTH - testing_resend_assoc"); 3875 break; 3876 } 3877#endif /* CONFIG_TESTING_OPTIONS */ 3878 wpas_event_deauth(wpa_s, 3879 data ? &data->deauth_info : NULL); 3880 break; 3881 case EVENT_MICHAEL_MIC_FAILURE: 3882 wpa_supplicant_event_michael_mic_failure(wpa_s, data); 3883 break; 3884#ifndef CONFIG_NO_SCAN_PROCESSING 3885 case EVENT_SCAN_STARTED: 3886 if (wpa_s->own_scan_requested || 3887 (data && !data->scan_info.external_scan)) { 3888 struct os_reltime diff; 3889 3890 os_get_reltime(&wpa_s->scan_start_time); 3891 os_reltime_sub(&wpa_s->scan_start_time, 3892 &wpa_s->scan_trigger_time, &diff); 3893 wpa_dbg(wpa_s, MSG_DEBUG, "Own scan request started a scan in %ld.%06ld seconds", 3894 diff.sec, diff.usec); 3895 wpa_s->own_scan_requested = 0; 3896 wpa_s->own_scan_running = 1; 3897 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 3898 wpa_s->manual_scan_use_id) { 3899 wpa_msg_ctrl(wpa_s, MSG_INFO, 3900 WPA_EVENT_SCAN_STARTED "id=%u", 3901 wpa_s->manual_scan_id); 3902 } else { 3903 wpa_msg_ctrl(wpa_s, MSG_INFO, 3904 WPA_EVENT_SCAN_STARTED); 3905 } 3906 } else { 3907 wpa_dbg(wpa_s, MSG_DEBUG, "External program started a scan"); 3908 wpa_s->radio->external_scan_running = 1; 3909 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_STARTED); 3910 } 3911 break; 3912 case EVENT_SCAN_RESULTS: 3913 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 3914 wpa_s->scan_res_handler = NULL; 3915 wpa_s->own_scan_running = 0; 3916 wpa_s->radio->external_scan_running = 0; 3917 wpa_s->last_scan_req = NORMAL_SCAN_REQ; 3918 break; 3919 } 3920 3921 if (!(data && data->scan_info.external_scan) && 3922 os_reltime_initialized(&wpa_s->scan_start_time)) { 3923 struct os_reltime now, diff; 3924 os_get_reltime(&now); 3925 os_reltime_sub(&now, &wpa_s->scan_start_time, &diff); 3926 wpa_s->scan_start_time.sec = 0; 3927 wpa_s->scan_start_time.usec = 0; 3928 wpa_dbg(wpa_s, MSG_DEBUG, "Scan completed in %ld.%06ld seconds", 3929 diff.sec, diff.usec); 3930 } 3931 if (wpa_supplicant_event_scan_results(wpa_s, data)) 3932 break; /* interface may have been removed */ 3933 if (!(data && data->scan_info.external_scan)) 3934 wpa_s->own_scan_running = 0; 3935 if (data && data->scan_info.nl_scan_event) 3936 wpa_s->radio->external_scan_running = 0; 3937 radio_work_check_next(wpa_s); 3938 break; 3939#endif /* CONFIG_NO_SCAN_PROCESSING */ 3940 case EVENT_ASSOCINFO: 3941 wpa_supplicant_event_associnfo(wpa_s, data); 3942 break; 3943 case EVENT_INTERFACE_STATUS: 3944 wpa_supplicant_event_interface_status(wpa_s, data); 3945 break; 3946 case EVENT_PMKID_CANDIDATE: 3947 wpa_supplicant_event_pmkid_candidate(wpa_s, data); 3948 break; 3949#ifdef CONFIG_TDLS 3950 case EVENT_TDLS: 3951 wpa_supplicant_event_tdls(wpa_s, data); 3952 break; 3953#endif /* CONFIG_TDLS */ 3954#ifdef CONFIG_WNM 3955 case EVENT_WNM: 3956 wpa_supplicant_event_wnm(wpa_s, data); 3957 break; 3958#endif /* CONFIG_WNM */ 3959#ifdef CONFIG_IEEE80211R 3960 case EVENT_FT_RESPONSE: 3961 wpa_supplicant_event_ft_response(wpa_s, data); 3962 break; 3963#endif /* CONFIG_IEEE80211R */ 3964#ifdef CONFIG_IBSS_RSN 3965 case EVENT_IBSS_RSN_START: 3966 wpa_supplicant_event_ibss_rsn_start(wpa_s, data); 3967 break; 3968#endif /* CONFIG_IBSS_RSN */ 3969 case EVENT_ASSOC_REJECT: 3970 if (data->assoc_reject.bssid) 3971 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT 3972 "bssid=" MACSTR " status_code=%u%s%s%s", 3973 MAC2STR(data->assoc_reject.bssid), 3974 data->assoc_reject.status_code, 3975 data->assoc_reject.timed_out ? " timeout" : "", 3976 data->assoc_reject.timeout_reason ? "=" : "", 3977 data->assoc_reject.timeout_reason ? 3978 data->assoc_reject.timeout_reason : ""); 3979 else 3980 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT 3981 "status_code=%u%s%s%s", 3982 data->assoc_reject.status_code, 3983 data->assoc_reject.timed_out ? " timeout" : "", 3984 data->assoc_reject.timeout_reason ? "=" : "", 3985 data->assoc_reject.timeout_reason ? 3986 data->assoc_reject.timeout_reason : ""); 3987 wpa_s->assoc_status_code = data->assoc_reject.status_code; 3988 wpa_s->assoc_timed_out = data->assoc_reject.timed_out; 3989 wpas_notify_assoc_status_code(wpa_s); 3990 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 3991 sme_event_assoc_reject(wpa_s, data); 3992 else { 3993 const u8 *bssid = data->assoc_reject.bssid; 3994 3995#ifdef CONFIG_FILS 3996 /* Update ERP next sequence number */ 3997 if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) 3998 eapol_sm_update_erp_next_seq_num( 3999 wpa_s->eapol, 4000 data->assoc_reject.fils_erp_next_seq_num); 4001#endif /* CONFIG_FILS */ 4002 4003 if (bssid == NULL || is_zero_ether_addr(bssid)) 4004 bssid = wpa_s->pending_bssid; 4005 wpas_connection_failed(wpa_s, bssid); 4006 wpa_supplicant_mark_disassoc(wpa_s); 4007 } 4008 break; 4009 case EVENT_AUTH_TIMED_OUT: 4010 /* It is possible to get this event from earlier connection */ 4011 if (wpa_s->current_ssid && 4012 wpa_s->current_ssid->mode == WPAS_MODE_MESH) { 4013 wpa_dbg(wpa_s, MSG_DEBUG, 4014 "Ignore AUTH_TIMED_OUT in mesh configuration"); 4015 break; 4016 } 4017 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 4018 sme_event_auth_timed_out(wpa_s, data); 4019 break; 4020 case EVENT_ASSOC_TIMED_OUT: 4021 /* It is possible to get this event from earlier connection */ 4022 if (wpa_s->current_ssid && 4023 wpa_s->current_ssid->mode == WPAS_MODE_MESH) { 4024 wpa_dbg(wpa_s, MSG_DEBUG, 4025 "Ignore ASSOC_TIMED_OUT in mesh configuration"); 4026 break; 4027 } 4028 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 4029 sme_event_assoc_timed_out(wpa_s, data); 4030 break; 4031 case EVENT_TX_STATUS: 4032 wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS dst=" MACSTR 4033 " type=%d stype=%d", 4034 MAC2STR(data->tx_status.dst), 4035 data->tx_status.type, data->tx_status.stype); 4036#ifdef CONFIG_AP 4037 if (wpa_s->ap_iface == NULL) { 4038#ifdef CONFIG_OFFCHANNEL 4039 if (data->tx_status.type == WLAN_FC_TYPE_MGMT && 4040 data->tx_status.stype == WLAN_FC_STYPE_ACTION) 4041 offchannel_send_action_tx_status( 4042 wpa_s, data->tx_status.dst, 4043 data->tx_status.data, 4044 data->tx_status.data_len, 4045 data->tx_status.ack ? 4046 OFFCHANNEL_SEND_ACTION_SUCCESS : 4047 OFFCHANNEL_SEND_ACTION_NO_ACK); 4048#endif /* CONFIG_OFFCHANNEL */ 4049 break; 4050 } 4051#endif /* CONFIG_AP */ 4052#ifdef CONFIG_OFFCHANNEL 4053 wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS pending_dst=" 4054 MACSTR, MAC2STR(wpa_s->p2pdev->pending_action_dst)); 4055 /* 4056 * Catch TX status events for Action frames we sent via group 4057 * interface in GO mode, or via standalone AP interface. 4058 * Note, wpa_s->p2pdev will be the same as wpa_s->parent, 4059 * except when the primary interface is used as a GO interface 4060 * (for drivers which do not have group interface concurrency) 4061 */ 4062 if (data->tx_status.type == WLAN_FC_TYPE_MGMT && 4063 data->tx_status.stype == WLAN_FC_STYPE_ACTION && 4064 os_memcmp(wpa_s->p2pdev->pending_action_dst, 4065 data->tx_status.dst, ETH_ALEN) == 0) { 4066 offchannel_send_action_tx_status( 4067 wpa_s->p2pdev, data->tx_status.dst, 4068 data->tx_status.data, 4069 data->tx_status.data_len, 4070 data->tx_status.ack ? 4071 OFFCHANNEL_SEND_ACTION_SUCCESS : 4072 OFFCHANNEL_SEND_ACTION_NO_ACK); 4073 break; 4074 } 4075#endif /* CONFIG_OFFCHANNEL */ 4076#ifdef CONFIG_AP 4077 switch (data->tx_status.type) { 4078 case WLAN_FC_TYPE_MGMT: 4079 ap_mgmt_tx_cb(wpa_s, data->tx_status.data, 4080 data->tx_status.data_len, 4081 data->tx_status.stype, 4082 data->tx_status.ack); 4083 break; 4084 case WLAN_FC_TYPE_DATA: 4085 ap_tx_status(wpa_s, data->tx_status.dst, 4086 data->tx_status.data, 4087 data->tx_status.data_len, 4088 data->tx_status.ack); 4089 break; 4090 } 4091#endif /* CONFIG_AP */ 4092 break; 4093#ifdef CONFIG_AP 4094 case EVENT_EAPOL_TX_STATUS: 4095 ap_eapol_tx_status(wpa_s, data->eapol_tx_status.dst, 4096 data->eapol_tx_status.data, 4097 data->eapol_tx_status.data_len, 4098 data->eapol_tx_status.ack); 4099 break; 4100 case EVENT_DRIVER_CLIENT_POLL_OK: 4101 ap_client_poll_ok(wpa_s, data->client_poll.addr); 4102 break; 4103 case EVENT_RX_FROM_UNKNOWN: 4104 if (wpa_s->ap_iface == NULL) 4105 break; 4106 ap_rx_from_unknown_sta(wpa_s, data->rx_from_unknown.addr, 4107 data->rx_from_unknown.wds); 4108 break; 4109 case EVENT_CH_SWITCH: 4110 if (!data || !wpa_s->current_ssid) 4111 break; 4112 4113 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CHANNEL_SWITCH 4114 "freq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d", 4115 data->ch_switch.freq, 4116 data->ch_switch.ht_enabled, 4117 data->ch_switch.ch_offset, 4118 channel_width_to_string(data->ch_switch.ch_width), 4119 data->ch_switch.cf1, 4120 data->ch_switch.cf2); 4121 4122 wpa_s->assoc_freq = data->ch_switch.freq; 4123 wpa_s->current_ssid->frequency = data->ch_switch.freq; 4124 4125 if (wpa_s->current_ssid->mode == WPAS_MODE_AP || 4126 wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO || 4127 wpa_s->current_ssid->mode == 4128 WPAS_MODE_P2P_GROUP_FORMATION) { 4129 wpas_ap_ch_switch(wpa_s, data->ch_switch.freq, 4130 data->ch_switch.ht_enabled, 4131 data->ch_switch.ch_offset, 4132 data->ch_switch.ch_width, 4133 data->ch_switch.cf1, 4134 data->ch_switch.cf2); 4135 } 4136 4137 wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_CS); 4138 break; 4139#ifdef NEED_AP_MLME 4140 case EVENT_DFS_RADAR_DETECTED: 4141 if (data) 4142 wpas_event_dfs_radar_detected(wpa_s, &data->dfs_event); 4143 break; 4144 case EVENT_DFS_CAC_STARTED: 4145 if (data) 4146 wpas_event_dfs_cac_started(wpa_s, &data->dfs_event); 4147 break; 4148 case EVENT_DFS_CAC_FINISHED: 4149 if (data) 4150 wpas_event_dfs_cac_finished(wpa_s, &data->dfs_event); 4151 break; 4152 case EVENT_DFS_CAC_ABORTED: 4153 if (data) 4154 wpas_event_dfs_cac_aborted(wpa_s, &data->dfs_event); 4155 break; 4156 case EVENT_DFS_NOP_FINISHED: 4157 if (data) 4158 wpas_event_dfs_cac_nop_finished(wpa_s, 4159 &data->dfs_event); 4160 break; 4161#endif /* NEED_AP_MLME */ 4162#endif /* CONFIG_AP */ 4163 case EVENT_RX_MGMT: { 4164 u16 fc, stype; 4165 const struct ieee80211_mgmt *mgmt; 4166 4167#ifdef CONFIG_TESTING_OPTIONS 4168 if (wpa_s->ext_mgmt_frame_handling) { 4169 struct rx_mgmt *rx = &data->rx_mgmt; 4170 size_t hex_len = 2 * rx->frame_len + 1; 4171 char *hex = os_malloc(hex_len); 4172 if (hex) { 4173 wpa_snprintf_hex(hex, hex_len, 4174 rx->frame, rx->frame_len); 4175 wpa_msg(wpa_s, MSG_INFO, "MGMT-RX freq=%d datarate=%u ssi_signal=%d %s", 4176 rx->freq, rx->datarate, rx->ssi_signal, 4177 hex); 4178 os_free(hex); 4179 } 4180 break; 4181 } 4182#endif /* CONFIG_TESTING_OPTIONS */ 4183 4184 mgmt = (const struct ieee80211_mgmt *) 4185 data->rx_mgmt.frame; 4186 fc = le_to_host16(mgmt->frame_control); 4187 stype = WLAN_FC_GET_STYPE(fc); 4188 4189#ifdef CONFIG_AP 4190 if (wpa_s->ap_iface == NULL) { 4191#endif /* CONFIG_AP */ 4192#ifdef CONFIG_P2P 4193 if (stype == WLAN_FC_STYPE_PROBE_REQ && 4194 data->rx_mgmt.frame_len > IEEE80211_HDRLEN) { 4195 const u8 *src = mgmt->sa; 4196 const u8 *ie; 4197 size_t ie_len; 4198 4199 ie = data->rx_mgmt.frame + IEEE80211_HDRLEN; 4200 ie_len = data->rx_mgmt.frame_len - 4201 IEEE80211_HDRLEN; 4202 wpas_p2p_probe_req_rx( 4203 wpa_s, src, mgmt->da, 4204 mgmt->bssid, ie, ie_len, 4205 data->rx_mgmt.freq, 4206 data->rx_mgmt.ssi_signal); 4207 break; 4208 } 4209#endif /* CONFIG_P2P */ 4210#ifdef CONFIG_IBSS_RSN 4211 if (wpa_s->current_ssid && 4212 wpa_s->current_ssid->mode == WPAS_MODE_IBSS && 4213 stype == WLAN_FC_STYPE_AUTH && 4214 data->rx_mgmt.frame_len >= 30) { 4215 wpa_supplicant_event_ibss_auth(wpa_s, data); 4216 break; 4217 } 4218#endif /* CONFIG_IBSS_RSN */ 4219 4220 if (stype == WLAN_FC_STYPE_ACTION) { 4221 wpas_event_rx_mgmt_action( 4222 wpa_s, data->rx_mgmt.frame, 4223 data->rx_mgmt.frame_len, 4224 data->rx_mgmt.freq, 4225 data->rx_mgmt.ssi_signal); 4226 break; 4227 } 4228 4229 if (wpa_s->ifmsh) { 4230 mesh_mpm_mgmt_rx(wpa_s, &data->rx_mgmt); 4231 break; 4232 } 4233 4234 wpa_dbg(wpa_s, MSG_DEBUG, "AP: ignore received " 4235 "management frame in non-AP mode"); 4236 break; 4237#ifdef CONFIG_AP 4238 } 4239 4240 if (stype == WLAN_FC_STYPE_PROBE_REQ && 4241 data->rx_mgmt.frame_len > IEEE80211_HDRLEN) { 4242 const u8 *ie; 4243 size_t ie_len; 4244 4245 ie = data->rx_mgmt.frame + IEEE80211_HDRLEN; 4246 ie_len = data->rx_mgmt.frame_len - IEEE80211_HDRLEN; 4247 4248 wpas_notify_preq(wpa_s, mgmt->sa, mgmt->da, 4249 mgmt->bssid, ie, ie_len, 4250 data->rx_mgmt.ssi_signal); 4251 } 4252 4253 ap_mgmt_rx(wpa_s, &data->rx_mgmt); 4254#endif /* CONFIG_AP */ 4255 break; 4256 } 4257 case EVENT_RX_PROBE_REQ: 4258 if (data->rx_probe_req.sa == NULL || 4259 data->rx_probe_req.ie == NULL) 4260 break; 4261#ifdef CONFIG_AP 4262 if (wpa_s->ap_iface) { 4263 hostapd_probe_req_rx(wpa_s->ap_iface->bss[0], 4264 data->rx_probe_req.sa, 4265 data->rx_probe_req.da, 4266 data->rx_probe_req.bssid, 4267 data->rx_probe_req.ie, 4268 data->rx_probe_req.ie_len, 4269 data->rx_probe_req.ssi_signal); 4270 break; 4271 } 4272#endif /* CONFIG_AP */ 4273 wpas_p2p_probe_req_rx(wpa_s, data->rx_probe_req.sa, 4274 data->rx_probe_req.da, 4275 data->rx_probe_req.bssid, 4276 data->rx_probe_req.ie, 4277 data->rx_probe_req.ie_len, 4278 0, 4279 data->rx_probe_req.ssi_signal); 4280 break; 4281 case EVENT_REMAIN_ON_CHANNEL: 4282#ifdef CONFIG_OFFCHANNEL 4283 offchannel_remain_on_channel_cb( 4284 wpa_s, data->remain_on_channel.freq, 4285 data->remain_on_channel.duration); 4286#endif /* CONFIG_OFFCHANNEL */ 4287 wpas_p2p_remain_on_channel_cb( 4288 wpa_s, data->remain_on_channel.freq, 4289 data->remain_on_channel.duration); 4290 break; 4291 case EVENT_CANCEL_REMAIN_ON_CHANNEL: 4292#ifdef CONFIG_OFFCHANNEL 4293 offchannel_cancel_remain_on_channel_cb( 4294 wpa_s, data->remain_on_channel.freq); 4295#endif /* CONFIG_OFFCHANNEL */ 4296 wpas_p2p_cancel_remain_on_channel_cb( 4297 wpa_s, data->remain_on_channel.freq); 4298#ifdef CONFIG_DPP 4299 wpas_dpp_cancel_remain_on_channel_cb( 4300 wpa_s, data->remain_on_channel.freq); 4301#endif /* CONFIG_DPP */ 4302 break; 4303 case EVENT_EAPOL_RX: 4304 wpa_supplicant_rx_eapol(wpa_s, data->eapol_rx.src, 4305 data->eapol_rx.data, 4306 data->eapol_rx.data_len); 4307 break; 4308 case EVENT_SIGNAL_CHANGE: 4309 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SIGNAL_CHANGE 4310 "above=%d signal=%d noise=%d txrate=%d", 4311 data->signal_change.above_threshold, 4312 data->signal_change.current_signal, 4313 data->signal_change.current_noise, 4314 data->signal_change.current_txrate); 4315 wpa_bss_update_level(wpa_s->current_bss, 4316 data->signal_change.current_signal); 4317 bgscan_notify_signal_change( 4318 wpa_s, data->signal_change.above_threshold, 4319 data->signal_change.current_signal, 4320 data->signal_change.current_noise, 4321 data->signal_change.current_txrate); 4322 break; 4323 case EVENT_INTERFACE_ENABLED: 4324 wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled"); 4325 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 4326 wpa_supplicant_update_mac_addr(wpa_s); 4327 if (wpa_s->p2p_mgmt) { 4328 wpa_supplicant_set_state(wpa_s, 4329 WPA_DISCONNECTED); 4330 break; 4331 } 4332 4333#ifdef CONFIG_AP 4334 if (!wpa_s->ap_iface) { 4335 wpa_supplicant_set_state(wpa_s, 4336 WPA_DISCONNECTED); 4337 wpa_s->scan_req = NORMAL_SCAN_REQ; 4338 wpa_supplicant_req_scan(wpa_s, 0, 0); 4339 } else 4340 wpa_supplicant_set_state(wpa_s, 4341 WPA_COMPLETED); 4342#else /* CONFIG_AP */ 4343 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 4344 wpa_supplicant_req_scan(wpa_s, 0, 0); 4345#endif /* CONFIG_AP */ 4346 } 4347 break; 4348 case EVENT_INTERFACE_DISABLED: 4349 wpa_dbg(wpa_s, MSG_DEBUG, "Interface was disabled"); 4350#ifdef CONFIG_P2P 4351 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_GO || 4352 (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group && 4353 wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO)) { 4354 /* 4355 * Mark interface disabled if this happens to end up not 4356 * being removed as a separate P2P group interface. 4357 */ 4358 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED); 4359 /* 4360 * The interface was externally disabled. Remove 4361 * it assuming an external entity will start a 4362 * new session if needed. 4363 */ 4364 if (wpa_s->current_ssid && 4365 wpa_s->current_ssid->p2p_group) 4366 wpas_p2p_interface_unavailable(wpa_s); 4367 else 4368 wpas_p2p_disconnect(wpa_s); 4369 /* 4370 * wpa_s instance may have been freed, so must not use 4371 * it here anymore. 4372 */ 4373 break; 4374 } 4375 if (wpa_s->p2p_scan_work && wpa_s->global->p2p && 4376 p2p_in_progress(wpa_s->global->p2p) > 1) { 4377 /* This radio work will be cancelled, so clear P2P 4378 * state as well. 4379 */ 4380 p2p_stop_find(wpa_s->global->p2p); 4381 } 4382#endif /* CONFIG_P2P */ 4383 4384 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) { 4385 /* 4386 * Indicate disconnection to keep ctrl_iface events 4387 * consistent. 4388 */ 4389 wpa_supplicant_event_disassoc( 4390 wpa_s, WLAN_REASON_DEAUTH_LEAVING, 1); 4391 } 4392 wpa_supplicant_mark_disassoc(wpa_s); 4393 wpa_bss_flush(wpa_s); 4394 radio_remove_works(wpa_s, NULL, 0); 4395 4396 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED); 4397 break; 4398 case EVENT_CHANNEL_LIST_CHANGED: 4399 wpa_supplicant_update_channel_list( 4400 wpa_s, &data->channel_list_changed); 4401 break; 4402 case EVENT_INTERFACE_UNAVAILABLE: 4403 wpas_p2p_interface_unavailable(wpa_s); 4404 break; 4405 case EVENT_BEST_CHANNEL: 4406 wpa_dbg(wpa_s, MSG_DEBUG, "Best channel event received " 4407 "(%d %d %d)", 4408 data->best_chan.freq_24, data->best_chan.freq_5, 4409 data->best_chan.freq_overall); 4410 wpa_s->best_24_freq = data->best_chan.freq_24; 4411 wpa_s->best_5_freq = data->best_chan.freq_5; 4412 wpa_s->best_overall_freq = data->best_chan.freq_overall; 4413 wpas_p2p_update_best_channels(wpa_s, data->best_chan.freq_24, 4414 data->best_chan.freq_5, 4415 data->best_chan.freq_overall); 4416 break; 4417 case EVENT_UNPROT_DEAUTH: 4418 wpa_supplicant_event_unprot_deauth(wpa_s, 4419 &data->unprot_deauth); 4420 break; 4421 case EVENT_UNPROT_DISASSOC: 4422 wpa_supplicant_event_unprot_disassoc(wpa_s, 4423 &data->unprot_disassoc); 4424 break; 4425 case EVENT_STATION_LOW_ACK: 4426#ifdef CONFIG_AP 4427 if (wpa_s->ap_iface && data) 4428 hostapd_event_sta_low_ack(wpa_s->ap_iface->bss[0], 4429 data->low_ack.addr); 4430#endif /* CONFIG_AP */ 4431#ifdef CONFIG_TDLS 4432 if (data) 4433 wpa_tdls_disable_unreachable_link(wpa_s->wpa, 4434 data->low_ack.addr); 4435#endif /* CONFIG_TDLS */ 4436 break; 4437 case EVENT_IBSS_PEER_LOST: 4438#ifdef CONFIG_IBSS_RSN 4439 ibss_rsn_stop(wpa_s->ibss_rsn, data->ibss_peer_lost.peer); 4440#endif /* CONFIG_IBSS_RSN */ 4441 break; 4442 case EVENT_DRIVER_GTK_REKEY: 4443 if (os_memcmp(data->driver_gtk_rekey.bssid, 4444 wpa_s->bssid, ETH_ALEN)) 4445 break; 4446 if (!wpa_s->wpa) 4447 break; 4448 wpa_sm_update_replay_ctr(wpa_s->wpa, 4449 data->driver_gtk_rekey.replay_ctr); 4450 break; 4451 case EVENT_SCHED_SCAN_STOPPED: 4452 wpa_s->sched_scanning = 0; 4453 resched = wpa_s->scanning && wpas_scan_scheduled(wpa_s); 4454 wpa_supplicant_notify_scanning(wpa_s, 0); 4455 4456 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) 4457 break; 4458 4459 /* 4460 * If the driver stopped scanning without being requested to, 4461 * request a new scan to continue scanning for networks. 4462 */ 4463 if (!wpa_s->sched_scan_stop_req && 4464 wpa_s->wpa_state == WPA_SCANNING) { 4465 wpa_dbg(wpa_s, MSG_DEBUG, 4466 "Restart scanning after unexpected sched_scan stop event"); 4467 wpa_supplicant_req_scan(wpa_s, 1, 0); 4468 break; 4469 } 4470 4471 wpa_s->sched_scan_stop_req = 0; 4472 4473 /* 4474 * Start a new sched scan to continue searching for more SSIDs 4475 * either if timed out or PNO schedule scan is pending. 4476 */ 4477 if (wpa_s->sched_scan_timed_out) { 4478 wpa_supplicant_req_sched_scan(wpa_s); 4479 } else if (wpa_s->pno_sched_pending) { 4480 wpa_s->pno_sched_pending = 0; 4481 wpas_start_pno(wpa_s); 4482 } else if (resched) { 4483 wpa_supplicant_req_scan(wpa_s, 0, 0); 4484 } 4485 4486 break; 4487 case EVENT_WPS_BUTTON_PUSHED: 4488#ifdef CONFIG_WPS 4489 wpas_wps_start_pbc(wpa_s, NULL, 0); 4490#endif /* CONFIG_WPS */ 4491 break; 4492 case EVENT_AVOID_FREQUENCIES: 4493 wpa_supplicant_notify_avoid_freq(wpa_s, data); 4494 break; 4495 case EVENT_CONNECT_FAILED_REASON: 4496#ifdef CONFIG_AP 4497 if (!wpa_s->ap_iface || !data) 4498 break; 4499 hostapd_event_connect_failed_reason( 4500 wpa_s->ap_iface->bss[0], 4501 data->connect_failed_reason.addr, 4502 data->connect_failed_reason.code); 4503#endif /* CONFIG_AP */ 4504 break; 4505 case EVENT_NEW_PEER_CANDIDATE: 4506#ifdef CONFIG_MESH 4507 if (!wpa_s->ifmsh || !data) 4508 break; 4509 wpa_mesh_notify_peer(wpa_s, data->mesh_peer.peer, 4510 data->mesh_peer.ies, 4511 data->mesh_peer.ie_len); 4512#endif /* CONFIG_MESH */ 4513 break; 4514 case EVENT_SURVEY: 4515#ifdef CONFIG_AP 4516 if (!wpa_s->ap_iface) 4517 break; 4518 hostapd_event_get_survey(wpa_s->ap_iface, 4519 &data->survey_results); 4520#endif /* CONFIG_AP */ 4521 break; 4522 case EVENT_ACS_CHANNEL_SELECTED: 4523#ifdef CONFIG_AP 4524#ifdef CONFIG_ACS 4525 if (!wpa_s->ap_iface) 4526 break; 4527 hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0], 4528 &data->acs_selected_channels); 4529#endif /* CONFIG_ACS */ 4530#endif /* CONFIG_AP */ 4531 break; 4532 case EVENT_P2P_LO_STOP: 4533#ifdef CONFIG_P2P 4534 wpa_s->p2p_lo_started = 0; 4535 wpa_msg(wpa_s, MSG_INFO, P2P_EVENT_LISTEN_OFFLOAD_STOP 4536 P2P_LISTEN_OFFLOAD_STOP_REASON "reason=%d", 4537 data->p2p_lo_stop.reason_code); 4538#endif /* CONFIG_P2P */ 4539 break; 4540 case EVENT_BEACON_LOSS: 4541 if (!wpa_s->current_bss || !wpa_s->current_ssid) 4542 break; 4543 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_BEACON_LOSS); 4544 bgscan_notify_beacon_loss(wpa_s); 4545 break; 4546 default: 4547 wpa_msg(wpa_s, MSG_INFO, "Unknown event %d", event); 4548 break; 4549 } 4550} 4551 4552 4553void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, 4554 union wpa_event_data *data) 4555{ 4556 struct wpa_supplicant *wpa_s; 4557 4558 if (event != EVENT_INTERFACE_STATUS) 4559 return; 4560 4561 wpa_s = wpa_supplicant_get_iface(ctx, data->interface_status.ifname); 4562 if (wpa_s && wpa_s->driver->get_ifindex) { 4563 unsigned int ifindex; 4564 4565 ifindex = wpa_s->driver->get_ifindex(wpa_s->drv_priv); 4566 if (ifindex != data->interface_status.ifindex) { 4567 wpa_dbg(wpa_s, MSG_DEBUG, 4568 "interface status ifindex %d mismatch (%d)", 4569 ifindex, data->interface_status.ifindex); 4570 return; 4571 } 4572 } 4573#ifdef CONFIG_MATCH_IFACE 4574 else if (data->interface_status.ievent == EVENT_INTERFACE_ADDED) { 4575 struct wpa_interface *wpa_i; 4576 4577 wpa_i = wpa_supplicant_match_iface( 4578 ctx, data->interface_status.ifname); 4579 if (!wpa_i) 4580 return; 4581 wpa_s = wpa_supplicant_add_iface(ctx, wpa_i, NULL); 4582 os_free(wpa_i); 4583 if (wpa_s) 4584 wpa_s->matched = 1; 4585 } 4586#endif /* CONFIG_MATCH_IFACE */ 4587 4588 if (wpa_s) 4589 wpa_supplicant_event(wpa_s, event, data); 4590} 4591