1 /* 2 * hostapd / IEEE 802.11 Management: Beacon and Probe Request/Response 3 * Copyright (c) 2002-2004, Instant802 Networks, Inc. 4 * Copyright (c) 2005-2006, Devicescape Software, Inc. 5 * Copyright (c) 2008-2012, Jouni Malinen <j@w1.fi> 6 * 7 * This software may be distributed under the terms of the BSD license. 8 * See README for more details. 9 */ 10 11 #include "utils/includes.h" 12 13 #ifndef CONFIG_NATIVE_WINDOWS 14 15 #include "utils/common.h" 16 #include "common/ieee802_11_defs.h" 17 #include "common/ieee802_11_common.h" 18 #include "common/hw_features_common.h" 19 #include "common/wpa_ctrl.h" 20 #include "crypto/sha1.h" 21 #include "wps/wps_defs.h" 22 #include "p2p/p2p.h" 23 #include "hostapd.h" 24 #include "ieee802_11.h" 25 #include "wpa_auth.h" 26 #include "wmm.h" 27 #include "ap_config.h" 28 #include "sta_info.h" 29 #include "p2p_hostapd.h" 30 #include "ap_drv_ops.h" 31 #include "beacon.h" 32 #include "hs20.h" 33 #include "dfs.h" 34 #include "taxonomy.h" 35 #include "ieee802_11_auth.h" 36 37 38 #ifdef NEED_AP_MLME 39 40 static u8 * hostapd_eid_bss_load(struct hostapd_data *hapd, u8 *eid, size_t len) 41 { 42 if (len < 2 + 5) 43 return eid; 44 45 #ifdef CONFIG_TESTING_OPTIONS 46 if (hapd->conf->bss_load_test_set) { 47 *eid++ = WLAN_EID_BSS_LOAD; 48 *eid++ = 5; 49 os_memcpy(eid, hapd->conf->bss_load_test, 5); 50 eid += 5; 51 return eid; 52 } 53 #endif /* CONFIG_TESTING_OPTIONS */ 54 if (hapd->conf->bss_load_update_period) { 55 *eid++ = WLAN_EID_BSS_LOAD; 56 *eid++ = 5; 57 WPA_PUT_LE16(eid, hapd->num_sta); 58 eid += 2; 59 *eid++ = hapd->iface->channel_utilization; 60 WPA_PUT_LE16(eid, 0); /* no available admission capabity */ 61 eid += 2; 62 } 63 return eid; 64 } 65 66 67 static u8 ieee802_11_erp_info(struct hostapd_data *hapd) 68 { 69 u8 erp = 0; 70 71 if (hapd->iface->current_mode == NULL || 72 hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) 73 return 0; 74 75 if (hapd->iface->olbc) 76 erp |= ERP_INFO_USE_PROTECTION; 77 if (hapd->iface->num_sta_non_erp > 0) { 78 erp |= ERP_INFO_NON_ERP_PRESENT | 79 ERP_INFO_USE_PROTECTION; 80 } 81 if (hapd->iface->num_sta_no_short_preamble > 0 || 82 hapd->iconf->preamble == LONG_PREAMBLE) 83 erp |= ERP_INFO_BARKER_PREAMBLE_MODE; 84 85 return erp; 86 } 87 88 89 static u8 * hostapd_eid_ds_params(struct hostapd_data *hapd, u8 *eid) 90 { 91 enum hostapd_hw_mode hw_mode = hapd->iconf->hw_mode; 92 93 if (hw_mode != HOSTAPD_MODE_IEEE80211G && 94 hw_mode != HOSTAPD_MODE_IEEE80211B) 95 return eid; 96 97 *eid++ = WLAN_EID_DS_PARAMS; 98 *eid++ = 1; 99 *eid++ = hapd->iconf->channel; 100 return eid; 101 } 102 103 104 static u8 * hostapd_eid_erp_info(struct hostapd_data *hapd, u8 *eid) 105 { 106 if (hapd->iface->current_mode == NULL || 107 hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) 108 return eid; 109 110 /* Set NonERP_present and use_protection bits if there 111 * are any associated NonERP stations. */ 112 /* TODO: use_protection bit can be set to zero even if 113 * there are NonERP stations present. This optimization 114 * might be useful if NonERP stations are "quiet". 115 * See 802.11g/D6 E-1 for recommended practice. 116 * In addition, Non ERP present might be set, if AP detects Non ERP 117 * operation on other APs. */ 118 119 /* Add ERP Information element */ 120 *eid++ = WLAN_EID_ERP_INFO; 121 *eid++ = 1; 122 *eid++ = ieee802_11_erp_info(hapd); 123 124 return eid; 125 } 126 127 128 static u8 * hostapd_eid_pwr_constraint(struct hostapd_data *hapd, u8 *eid) 129 { 130 u8 *pos = eid; 131 u8 local_pwr_constraint = 0; 132 int dfs; 133 134 if (hapd->iface->current_mode == NULL || 135 hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211A) 136 return eid; 137 138 /* Let host drivers add this IE if DFS support is offloaded */ 139 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD) 140 return eid; 141 142 /* 143 * There is no DFS support and power constraint was not directly 144 * requested by config option. 145 */ 146 if (!hapd->iconf->ieee80211h && 147 hapd->iconf->local_pwr_constraint == -1) 148 return eid; 149 150 /* Check if DFS is required by regulatory. */ 151 dfs = hostapd_is_dfs_required(hapd->iface); 152 if (dfs < 0) { 153 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d", 154 dfs); 155 dfs = 0; 156 } 157 158 if (dfs == 0 && hapd->iconf->local_pwr_constraint == -1) 159 return eid; 160 161 /* 162 * ieee80211h (DFS) is enabled so Power Constraint element shall 163 * be added when running on DFS channel whenever local_pwr_constraint 164 * is configured or not. In order to meet regulations when TPC is not 165 * implemented using a transmit power that is below the legal maximum 166 * (including any mitigation factor) should help. In this case, 167 * indicate 3 dB below maximum allowed transmit power. 168 */ 169 if (hapd->iconf->local_pwr_constraint == -1) 170 local_pwr_constraint = 3; 171 172 /* 173 * A STA that is not an AP shall use a transmit power less than or 174 * equal to the local maximum transmit power level for the channel. 175 * The local maximum transmit power can be calculated from the formula: 176 * local max TX pwr = max TX pwr - local pwr constraint 177 * Where max TX pwr is maximum transmit power level specified for 178 * channel in Country element and local pwr constraint is specified 179 * for channel in this Power Constraint element. 180 */ 181 182 /* Element ID */ 183 *pos++ = WLAN_EID_PWR_CONSTRAINT; 184 /* Length */ 185 *pos++ = 1; 186 /* Local Power Constraint */ 187 if (local_pwr_constraint) 188 *pos++ = local_pwr_constraint; 189 else 190 *pos++ = hapd->iconf->local_pwr_constraint; 191 192 return pos; 193 } 194 195 196 static u8 * hostapd_eid_country_add(struct hostapd_data *hapd, u8 *pos, 197 u8 *end, int chan_spacing, 198 struct hostapd_channel_data *start, 199 struct hostapd_channel_data *prev) 200 { 201 if (end - pos < 3) 202 return pos; 203 204 /* first channel number */ 205 *pos++ = start->chan; 206 /* number of channels */ 207 *pos++ = (prev->chan - start->chan) / chan_spacing + 1; 208 /* maximum transmit power level */ 209 if (!is_6ghz_op_class(hapd->iconf->op_class)) 210 *pos++ = start->max_tx_power; 211 else 212 *pos++ = 0; /* Reserved when operating on the 6 GHz band */ 213 214 return pos; 215 } 216 217 218 static u8 * hostapd_fill_subband_triplets(struct hostapd_data *hapd, u8 *pos, 219 u8 *end) 220 { 221 int i; 222 struct hostapd_hw_modes *mode; 223 struct hostapd_channel_data *start, *prev; 224 int chan_spacing = 1; 225 226 mode = hapd->iface->current_mode; 227 if (mode->mode == HOSTAPD_MODE_IEEE80211A) 228 chan_spacing = 4; 229 230 start = prev = NULL; 231 for (i = 0; i < mode->num_channels; i++) { 232 struct hostapd_channel_data *chan = &mode->channels[i]; 233 if (chan->flag & HOSTAPD_CHAN_DISABLED) 234 continue; 235 if (start && prev && 236 prev->chan + chan_spacing == chan->chan && 237 start->max_tx_power == chan->max_tx_power) { 238 prev = chan; 239 continue; /* can use same entry */ 240 } 241 242 if (start && prev) 243 pos = hostapd_eid_country_add(hapd, pos, end, 244 chan_spacing, 245 start, prev); 246 247 /* Start new group */ 248 start = prev = chan; 249 } 250 251 if (start) { 252 pos = hostapd_eid_country_add(hapd, pos, end, chan_spacing, 253 start, prev); 254 } 255 256 return pos; 257 } 258 259 260 static u8 * hostapd_eid_country(struct hostapd_data *hapd, u8 *eid, 261 int max_len) 262 { 263 u8 *pos = eid; 264 u8 *end = eid + max_len; 265 266 if (!hapd->iconf->ieee80211d || max_len < 6 || 267 hapd->iface->current_mode == NULL) 268 return eid; 269 270 *pos++ = WLAN_EID_COUNTRY; 271 pos++; /* length will be set later */ 272 os_memcpy(pos, hapd->iconf->country, 3); /* e.g., 'US ' */ 273 pos += 3; 274 275 if (is_6ghz_op_class(hapd->iconf->op_class)) { 276 /* Force the third octet of the country string to indicate 277 * Global Operating Class (Table E-4) */ 278 eid[4] = 0x04; 279 280 /* Operating Triplet field */ 281 /* Operating Extension Identifier (>= 201 to indicate this is 282 * not a Subband Triplet field) */ 283 *pos++ = 201; 284 /* Operating Class */ 285 *pos++ = hapd->iconf->op_class; 286 /* Coverage Class */ 287 *pos++ = 0; 288 /* Subband Triplets are required only for the 20 MHz case */ 289 if (hapd->iconf->op_class == 131 || 290 hapd->iconf->op_class == 136) 291 pos = hostapd_fill_subband_triplets(hapd, pos, end); 292 } else { 293 pos = hostapd_fill_subband_triplets(hapd, pos, end); 294 } 295 296 if ((pos - eid) & 1) { 297 if (end - pos < 1) 298 return eid; 299 *pos++ = 0; /* pad for 16-bit alignment */ 300 } 301 302 eid[1] = (pos - eid) - 2; 303 304 return pos; 305 } 306 307 308 const u8 * hostapd_wpa_ie(struct hostapd_data *hapd, u8 eid) 309 { 310 const u8 *ies; 311 size_t ies_len; 312 313 ies = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ies_len); 314 if (!ies) 315 return NULL; 316 317 return get_ie(ies, ies_len, eid); 318 } 319 320 321 static const u8 * hostapd_vendor_wpa_ie(struct hostapd_data *hapd, 322 u32 vendor_type) 323 { 324 const u8 *ies; 325 size_t ies_len; 326 327 ies = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ies_len); 328 if (!ies) 329 return NULL; 330 331 return get_vendor_ie(ies, ies_len, vendor_type); 332 } 333 334 335 static u8 * hostapd_get_rsne(struct hostapd_data *hapd, u8 *pos, size_t len) 336 { 337 const u8 *ie; 338 339 ie = hostapd_wpa_ie(hapd, WLAN_EID_RSN); 340 if (!ie || 2U + ie[1] > len) 341 return pos; 342 343 os_memcpy(pos, ie, 2 + ie[1]); 344 return pos + 2 + ie[1]; 345 } 346 347 348 static u8 * hostapd_get_mde(struct hostapd_data *hapd, u8 *pos, size_t len) 349 { 350 const u8 *ie; 351 352 ie = hostapd_wpa_ie(hapd, WLAN_EID_MOBILITY_DOMAIN); 353 if (!ie || 2U + ie[1] > len) 354 return pos; 355 356 os_memcpy(pos, ie, 2 + ie[1]); 357 return pos + 2 + ie[1]; 358 } 359 360 361 static u8 * hostapd_get_rsnxe(struct hostapd_data *hapd, u8 *pos, size_t len) 362 { 363 const u8 *ie; 364 365 #ifdef CONFIG_TESTING_OPTIONS 366 if (hapd->conf->no_beacon_rsnxe) { 367 wpa_printf(MSG_INFO, "TESTING: Do not add RSNXE into Beacon"); 368 return pos; 369 } 370 #endif /* CONFIG_TESTING_OPTIONS */ 371 ie = hostapd_wpa_ie(hapd, WLAN_EID_RSNX); 372 if (!ie || 2U + ie[1] > len) 373 return pos; 374 375 os_memcpy(pos, ie, 2 + ie[1]); 376 return pos + 2 + ie[1]; 377 } 378 379 380 static u8 * hostapd_get_wpa_ie(struct hostapd_data *hapd, u8 *pos, size_t len) 381 { 382 const u8 *ie; 383 384 ie = hostapd_vendor_wpa_ie(hapd, WPA_IE_VENDOR_TYPE); 385 if (!ie || 2U + ie[1] > len) 386 return pos; 387 388 os_memcpy(pos, ie, 2 + ie[1]); 389 return pos + 2 + ie[1]; 390 } 391 392 393 static u8 * hostapd_get_osen_ie(struct hostapd_data *hapd, u8 *pos, size_t len) 394 { 395 const u8 *ie; 396 397 ie = hostapd_vendor_wpa_ie(hapd, OSEN_IE_VENDOR_TYPE); 398 if (!ie || 2U + ie[1] > len) 399 return pos; 400 401 os_memcpy(pos, ie, 2 + ie[1]); 402 return pos + 2 + ie[1]; 403 } 404 405 406 static u8 * hostapd_eid_csa(struct hostapd_data *hapd, u8 *eid) 407 { 408 #ifdef CONFIG_TESTING_OPTIONS 409 if (hapd->iface->cs_oper_class && hapd->iconf->ecsa_ie_only) 410 return eid; 411 #endif /* CONFIG_TESTING_OPTIONS */ 412 413 if (!hapd->cs_freq_params.channel) 414 return eid; 415 416 *eid++ = WLAN_EID_CHANNEL_SWITCH; 417 *eid++ = 3; 418 *eid++ = hapd->cs_block_tx; 419 *eid++ = hapd->cs_freq_params.channel; 420 *eid++ = hapd->cs_count; 421 422 return eid; 423 } 424 425 426 static u8 * hostapd_eid_ecsa(struct hostapd_data *hapd, u8 *eid) 427 { 428 if (!hapd->cs_freq_params.channel || !hapd->iface->cs_oper_class) 429 return eid; 430 431 *eid++ = WLAN_EID_EXT_CHANSWITCH_ANN; 432 *eid++ = 4; 433 *eid++ = hapd->cs_block_tx; 434 *eid++ = hapd->iface->cs_oper_class; 435 *eid++ = hapd->cs_freq_params.channel; 436 *eid++ = hapd->cs_count; 437 438 return eid; 439 } 440 441 442 static u8 * hostapd_eid_supported_op_classes(struct hostapd_data *hapd, u8 *eid) 443 { 444 u8 op_class, channel; 445 446 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_CSA) || 447 !hapd->iface->freq) 448 return eid; 449 450 if (ieee80211_freq_to_channel_ext(hapd->iface->freq, 451 hapd->iconf->secondary_channel, 452 hostapd_get_oper_chwidth(hapd->iconf), 453 &op_class, &channel) == 454 NUM_HOSTAPD_MODES) 455 return eid; 456 457 *eid++ = WLAN_EID_SUPPORTED_OPERATING_CLASSES; 458 *eid++ = 2; 459 460 /* Current Operating Class */ 461 *eid++ = op_class; 462 463 /* TODO: Advertise all the supported operating classes */ 464 *eid++ = 0; 465 466 return eid; 467 } 468 469 470 static int 471 ieee802_11_build_ap_params_mbssid(struct hostapd_data *hapd, 472 struct wpa_driver_ap_params *params) 473 { 474 struct hostapd_iface *iface = hapd->iface; 475 struct hostapd_data *tx_bss; 476 size_t len, rnr_len = 0; 477 u8 elem_count = 0, *elem = NULL, **elem_offset = NULL, *end; 478 u8 rnr_elem_count = 0, *rnr_elem = NULL, **rnr_elem_offset = NULL; 479 size_t i; 480 481 if (!iface->mbssid_max_interfaces || 482 iface->num_bss > iface->mbssid_max_interfaces || 483 (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED && 484 !iface->ema_max_periodicity)) 485 goto fail; 486 487 /* Make sure bss->xrates_supported is set for all BSSs to know whether 488 * it need to be non-inherited. */ 489 for (i = 0; i < iface->num_bss; i++) { 490 u8 buf[100]; 491 492 hostapd_eid_ext_supp_rates(iface->bss[i], buf); 493 } 494 495 tx_bss = hostapd_mbssid_get_tx_bss(hapd); 496 len = hostapd_eid_mbssid_len(tx_bss, WLAN_FC_STYPE_BEACON, &elem_count, 497 NULL, 0, &rnr_len); 498 if (!len || (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED && 499 elem_count > iface->ema_max_periodicity)) 500 goto fail; 501 502 elem = os_zalloc(len); 503 if (!elem) 504 goto fail; 505 506 elem_offset = os_zalloc(elem_count * sizeof(u8 *)); 507 if (!elem_offset) 508 goto fail; 509 510 if (rnr_len) { 511 rnr_elem = os_zalloc(rnr_len); 512 if (!rnr_elem) 513 goto fail; 514 515 rnr_elem_offset = os_calloc(elem_count + 1, sizeof(u8 *)); 516 if (!rnr_elem_offset) 517 goto fail; 518 } 519 520 end = hostapd_eid_mbssid(tx_bss, elem, elem + len, WLAN_FC_STYPE_BEACON, 521 elem_count, elem_offset, NULL, 0, rnr_elem, 522 &rnr_elem_count, rnr_elem_offset, rnr_len); 523 524 params->mbssid_tx_iface = tx_bss->conf->iface; 525 params->mbssid_index = hostapd_mbssid_get_bss_index(hapd); 526 params->mbssid_elem = elem; 527 params->mbssid_elem_len = end - elem; 528 params->mbssid_elem_count = elem_count; 529 params->mbssid_elem_offset = elem_offset; 530 params->rnr_elem = rnr_elem; 531 params->rnr_elem_len = rnr_len; 532 params->rnr_elem_count = rnr_elem_count; 533 params->rnr_elem_offset = rnr_elem_offset; 534 if (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED) 535 params->ema = true; 536 537 return 0; 538 539 fail: 540 os_free(rnr_elem); 541 os_free(rnr_elem_offset); 542 os_free(elem_offset); 543 os_free(elem); 544 wpa_printf(MSG_ERROR, "MBSSID: Configuration failed"); 545 return -1; 546 } 547 548 549 static u8 * hostapd_eid_mbssid_config(struct hostapd_data *hapd, u8 *eid, 550 u8 mbssid_elem_count) 551 { 552 struct hostapd_iface *iface = hapd->iface; 553 554 if (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED) { 555 *eid++ = WLAN_EID_EXTENSION; 556 *eid++ = 3; 557 *eid++ = WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION; 558 *eid++ = iface->num_bss; 559 *eid++ = mbssid_elem_count; 560 } 561 562 return eid; 563 } 564 565 566 static size_t he_elem_len(struct hostapd_data *hapd) 567 { 568 size_t len = 0; 569 570 #ifdef CONFIG_IEEE80211AX 571 if (!hapd->iconf->ieee80211ax || hapd->conf->disable_11ax) 572 return len; 573 574 len += 3 + sizeof(struct ieee80211_he_capabilities) + 575 3 + sizeof(struct ieee80211_he_operation) + 576 3 + sizeof(struct ieee80211_he_mu_edca_parameter_set) + 577 3 + sizeof(struct ieee80211_spatial_reuse); 578 if (is_6ghz_op_class(hapd->iconf->op_class)) { 579 len += sizeof(struct ieee80211_he_6ghz_oper_info) + 580 3 + sizeof(struct ieee80211_he_6ghz_band_cap); 581 /* An additional Transmit Power Envelope element for 582 * subordinate client */ 583 if (he_reg_is_indoor(hapd->iconf->he_6ghz_reg_pwr_type)) 584 len += 4; 585 586 /* An additional Transmit Power Envelope element for 587 * default client with unit interpretation of regulatory 588 * client EIRP */ 589 if (hapd->iconf->reg_def_cli_eirp != -1 && 590 he_reg_is_sp(hapd->iconf->he_6ghz_reg_pwr_type)) 591 len += 4; 592 } 593 #endif /* CONFIG_IEEE80211AX */ 594 595 return len; 596 } 597 598 599 struct probe_resp_params { 600 const struct ieee80211_mgmt *req; 601 bool is_p2p; 602 603 /* Generated IEs will be included inside an ML element */ 604 bool is_ml_sta_info; 605 struct hostapd_data *mld_ap; 606 struct mld_info *mld_info; 607 608 struct ieee80211_mgmt *resp; 609 size_t resp_len; 610 u8 *csa_pos; 611 u8 *ecsa_pos; 612 const u8 *known_bss; 613 u8 known_bss_len; 614 615 #ifdef CONFIG_IEEE80211AX 616 u8 *cca_pos; 617 #endif /* CONFIG_IEEE80211AX */ 618 }; 619 620 621 static void hostapd_free_probe_resp_params(struct probe_resp_params *params) 622 { 623 #ifdef CONFIG_IEEE80211BE 624 if (!params) 625 return; 626 ap_sta_free_sta_profile(params->mld_info); 627 os_free(params->mld_info); 628 params->mld_info = NULL; 629 #endif /* CONFIG_IEEE80211BE */ 630 } 631 632 633 static size_t hostapd_probe_resp_elems_len(struct hostapd_data *hapd, 634 struct probe_resp_params *params) 635 { 636 size_t buflen = 0; 637 638 #ifdef CONFIG_WPS 639 if (hapd->wps_probe_resp_ie) 640 buflen += wpabuf_len(hapd->wps_probe_resp_ie); 641 #endif /* CONFIG_WPS */ 642 #ifdef CONFIG_P2P 643 if (hapd->p2p_probe_resp_ie) 644 buflen += wpabuf_len(hapd->p2p_probe_resp_ie); 645 #endif /* CONFIG_P2P */ 646 #ifdef CONFIG_FST 647 if (hapd->iface->fst_ies) 648 buflen += wpabuf_len(hapd->iface->fst_ies); 649 #endif /* CONFIG_FST */ 650 if (hapd->conf->vendor_elements) 651 buflen += wpabuf_len(hapd->conf->vendor_elements); 652 #ifdef CONFIG_TESTING_OPTIONS 653 if (hapd->conf->presp_elements) 654 buflen += wpabuf_len(hapd->conf->presp_elements); 655 #endif /* CONFIG_TESTING_OPTIONS */ 656 if (hapd->conf->vendor_vht) { 657 buflen += 5 + 2 + sizeof(struct ieee80211_vht_capabilities) + 658 2 + sizeof(struct ieee80211_vht_operation); 659 } 660 661 buflen += he_elem_len(hapd); 662 663 #ifdef CONFIG_IEEE80211BE 664 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) { 665 buflen += hostapd_eid_eht_capab_len(hapd, IEEE80211_MODE_AP); 666 buflen += 3 + sizeof(struct ieee80211_eht_operation); 667 if (hapd->iconf->punct_bitmap) 668 buflen += EHT_OPER_DISABLED_SUBCHAN_BITMAP_SIZE; 669 670 if (!params->is_ml_sta_info && hapd->conf->mld_ap) { 671 struct hostapd_data *ml_elem_ap = 672 params->mld_ap ? params->mld_ap : hapd; 673 674 buflen += hostapd_eid_eht_ml_beacon_len( 675 ml_elem_ap, params->mld_info, !!params->mld_ap); 676 } 677 } 678 #endif /* CONFIG_IEEE80211BE */ 679 680 buflen += hostapd_eid_mbssid_len(hapd, WLAN_FC_STYPE_PROBE_RESP, NULL, 681 params->known_bss, 682 params->known_bss_len, NULL); 683 if (!params->is_ml_sta_info) 684 buflen += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_PROBE_RESP, 685 true); 686 buflen += hostapd_mbo_ie_len(hapd); 687 buflen += hostapd_eid_owe_trans_len(hapd); 688 buflen += hostapd_eid_dpp_cc_len(hapd); 689 690 return buflen; 691 } 692 693 694 static u8 * hostapd_probe_resp_fill_elems(struct hostapd_data *hapd, 695 struct probe_resp_params *params, 696 u8 *pos, size_t len) 697 { 698 u8 *csa_pos; 699 u8 *epos; 700 701 epos = pos + len; 702 703 if (!params->is_ml_sta_info) { 704 *pos++ = WLAN_EID_SSID; 705 *pos++ = hapd->conf->ssid.ssid_len; 706 os_memcpy(pos, hapd->conf->ssid.ssid, 707 hapd->conf->ssid.ssid_len); 708 pos += hapd->conf->ssid.ssid_len; 709 } 710 711 /* Supported rates */ 712 pos = hostapd_eid_supp_rates(hapd, pos); 713 714 /* DS Params */ 715 pos = hostapd_eid_ds_params(hapd, pos); 716 717 pos = hostapd_eid_country(hapd, pos, epos - pos); 718 719 /* Power Constraint element */ 720 pos = hostapd_eid_pwr_constraint(hapd, pos); 721 722 /* 723 * CSA IE 724 * TODO: This should be included inside the ML sta profile 725 */ 726 if (!params->is_ml_sta_info) { 727 csa_pos = hostapd_eid_csa(hapd, pos); 728 if (csa_pos != pos) 729 params->csa_pos = csa_pos - 1; 730 else 731 params->csa_pos = NULL; 732 pos = csa_pos; 733 } 734 735 /* ERP Information element */ 736 pos = hostapd_eid_erp_info(hapd, pos); 737 738 /* Extended supported rates */ 739 pos = hostapd_eid_ext_supp_rates(hapd, pos); 740 741 pos = hostapd_get_rsne(hapd, pos, epos - pos); 742 pos = hostapd_eid_bss_load(hapd, pos, epos - pos); 743 pos = hostapd_eid_mbssid(hapd, pos, epos, WLAN_FC_STYPE_PROBE_RESP, 0, 744 NULL, params->known_bss, params->known_bss_len, 745 NULL, NULL, NULL, 0); 746 pos = hostapd_eid_rm_enabled_capab(hapd, pos, epos - pos); 747 pos = hostapd_get_mde(hapd, pos, epos - pos); 748 749 /* 750 * eCSA IE 751 * TODO: This should be included inside the ML sta profile 752 */ 753 if (!params->is_ml_sta_info) { 754 csa_pos = hostapd_eid_ecsa(hapd, pos); 755 if (csa_pos != pos) 756 params->ecsa_pos = csa_pos - 1; 757 else 758 params->ecsa_pos = NULL; 759 pos = csa_pos; 760 } 761 762 pos = hostapd_eid_supported_op_classes(hapd, pos); 763 pos = hostapd_eid_ht_capabilities(hapd, pos); 764 pos = hostapd_eid_ht_operation(hapd, pos); 765 766 /* Probe Response frames always include all non-TX profiles except 767 * when a list of known BSSes is included in the Probe Request frame. */ 768 pos = hostapd_eid_ext_capab(hapd, pos, 769 hapd->iconf->mbssid >= MBSSID_ENABLED && 770 !params->known_bss_len); 771 772 pos = hostapd_eid_time_adv(hapd, pos); 773 pos = hostapd_eid_time_zone(hapd, pos); 774 775 pos = hostapd_eid_interworking(hapd, pos); 776 pos = hostapd_eid_adv_proto(hapd, pos); 777 pos = hostapd_eid_roaming_consortium(hapd, pos); 778 779 #ifdef CONFIG_FST 780 if (hapd->iface->fst_ies) { 781 os_memcpy(pos, wpabuf_head(hapd->iface->fst_ies), 782 wpabuf_len(hapd->iface->fst_ies)); 783 pos += wpabuf_len(hapd->iface->fst_ies); 784 } 785 #endif /* CONFIG_FST */ 786 787 #ifdef CONFIG_IEEE80211AC 788 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac && 789 !is_6ghz_op_class(hapd->iconf->op_class)) { 790 pos = hostapd_eid_vht_capabilities(hapd, pos, 0); 791 pos = hostapd_eid_vht_operation(hapd, pos); 792 pos = hostapd_eid_txpower_envelope(hapd, pos); 793 } 794 #endif /* CONFIG_IEEE80211AC */ 795 796 #ifdef CONFIG_IEEE80211AX 797 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax && 798 is_6ghz_op_class(hapd->iconf->op_class)) 799 pos = hostapd_eid_txpower_envelope(hapd, pos); 800 #endif /* CONFIG_IEEE80211AX */ 801 802 pos = hostapd_eid_wb_chsw_wrapper(hapd, pos); 803 804 if (!params->is_ml_sta_info) 805 pos = hostapd_eid_rnr(hapd, pos, WLAN_FC_STYPE_PROBE_RESP, 806 true); 807 pos = hostapd_eid_fils_indic(hapd, pos, 0); 808 pos = hostapd_get_rsnxe(hapd, pos, epos - pos); 809 810 #ifdef CONFIG_IEEE80211AX 811 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) { 812 u8 *cca_pos; 813 814 pos = hostapd_eid_he_capab(hapd, pos, IEEE80211_MODE_AP); 815 pos = hostapd_eid_he_operation(hapd, pos); 816 817 /* BSS Color Change Announcement element */ 818 cca_pos = hostapd_eid_cca(hapd, pos); 819 if (cca_pos != pos) 820 params->cca_pos = cca_pos - 2; 821 else 822 params->cca_pos = NULL; 823 pos = cca_pos; 824 825 pos = hostapd_eid_spatial_reuse(hapd, pos); 826 pos = hostapd_eid_he_mu_edca_parameter_set(hapd, pos); 827 pos = hostapd_eid_he_6ghz_band_cap(hapd, pos); 828 } 829 #endif /* CONFIG_IEEE80211AX */ 830 831 #ifdef CONFIG_IEEE80211BE 832 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) { 833 struct hostapd_data *ml_elem_ap = 834 params->mld_ap ? params->mld_ap : hapd; 835 836 if (ml_elem_ap->conf->mld_ap) 837 pos = hostapd_eid_eht_ml_beacon( 838 ml_elem_ap, params->mld_info, 839 pos, !!params->mld_ap); 840 841 pos = hostapd_eid_eht_capab(hapd, pos, IEEE80211_MODE_AP); 842 pos = hostapd_eid_eht_operation(hapd, pos); 843 } 844 #endif /* CONFIG_IEEE80211BE */ 845 846 #ifdef CONFIG_IEEE80211AC 847 if (hapd->conf->vendor_vht) 848 pos = hostapd_eid_vendor_vht(hapd, pos); 849 #endif /* CONFIG_IEEE80211AC */ 850 851 /* WPA / OSEN */ 852 pos = hostapd_get_wpa_ie(hapd, pos, epos - pos); 853 pos = hostapd_get_osen_ie(hapd, pos, epos - pos); 854 855 /* Wi-Fi Alliance WMM */ 856 pos = hostapd_eid_wmm(hapd, pos); 857 858 #ifdef CONFIG_WPS 859 if (hapd->conf->wps_state && hapd->wps_probe_resp_ie) { 860 os_memcpy(pos, wpabuf_head(hapd->wps_probe_resp_ie), 861 wpabuf_len(hapd->wps_probe_resp_ie)); 862 pos += wpabuf_len(hapd->wps_probe_resp_ie); 863 } 864 #endif /* CONFIG_WPS */ 865 866 #ifdef CONFIG_P2P 867 if ((hapd->conf->p2p & P2P_ENABLED) && params->is_p2p && 868 hapd->p2p_probe_resp_ie) { 869 os_memcpy(pos, wpabuf_head(hapd->p2p_probe_resp_ie), 870 wpabuf_len(hapd->p2p_probe_resp_ie)); 871 pos += wpabuf_len(hapd->p2p_probe_resp_ie); 872 } 873 #endif /* CONFIG_P2P */ 874 #ifdef CONFIG_P2P_MANAGER 875 if ((hapd->conf->p2p & (P2P_MANAGE | P2P_ENABLED | P2P_GROUP_OWNER)) == 876 P2P_MANAGE) 877 pos = hostapd_eid_p2p_manage(hapd, pos); 878 #endif /* CONFIG_P2P_MANAGER */ 879 880 #ifdef CONFIG_HS20 881 pos = hostapd_eid_hs20_indication(hapd, pos); 882 #endif /* CONFIG_HS20 */ 883 884 pos = hostapd_eid_mbo(hapd, pos, epos - pos); 885 pos = hostapd_eid_owe_trans(hapd, pos, epos - pos); 886 pos = hostapd_eid_dpp_cc(hapd, pos, epos - pos); 887 888 if (hapd->conf->vendor_elements) { 889 os_memcpy(pos, wpabuf_head(hapd->conf->vendor_elements), 890 wpabuf_len(hapd->conf->vendor_elements)); 891 pos += wpabuf_len(hapd->conf->vendor_elements); 892 } 893 894 #ifdef CONFIG_TESTING_OPTIONS 895 if (hapd->conf->presp_elements) { 896 os_memcpy(pos, wpabuf_head(hapd->conf->presp_elements), 897 wpabuf_len(hapd->conf->presp_elements)); 898 pos += wpabuf_len(hapd->conf->presp_elements); 899 } 900 #endif /* CONFIG_TESTING_OPTIONS */ 901 902 return pos; 903 } 904 905 906 static void hostapd_gen_probe_resp(struct hostapd_data *hapd, 907 struct probe_resp_params *params) 908 { 909 u8 *pos; 910 size_t buflen; 911 912 hapd = hostapd_mbssid_get_tx_bss(hapd); 913 914 #define MAX_PROBERESP_LEN 768 915 buflen = MAX_PROBERESP_LEN; 916 buflen += hostapd_probe_resp_elems_len(hapd, params); 917 params->resp = os_zalloc(buflen); 918 if (!params->resp) { 919 params->resp_len = 0; 920 return; 921 } 922 923 params->resp->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 924 WLAN_FC_STYPE_PROBE_RESP); 925 /* Unicast the response to all requests on bands other than 6 GHz. For 926 * the 6 GHz, unicast is used only if the actual SSID is not included in 927 * the Beacon frames. Otherwise, broadcast response is used per IEEE 928 * Std 802.11ax-2021, 26.17.2.3.2. Broadcast address is also used for 929 * the Probe Response frame template for the unsolicited (i.e., not as 930 * a response to a specific request) case. */ 931 if (params->req && (!is_6ghz_op_class(hapd->iconf->op_class) || 932 hapd->conf->ignore_broadcast_ssid)) 933 os_memcpy(params->resp->da, params->req->sa, ETH_ALEN); 934 else 935 os_memset(params->resp->da, 0xff, ETH_ALEN); 936 os_memcpy(params->resp->sa, hapd->own_addr, ETH_ALEN); 937 938 os_memcpy(params->resp->bssid, hapd->own_addr, ETH_ALEN); 939 params->resp->u.probe_resp.beacon_int = 940 host_to_le16(hapd->iconf->beacon_int); 941 942 /* hardware or low-level driver will setup seq_ctrl and timestamp */ 943 params->resp->u.probe_resp.capab_info = 944 host_to_le16(hostapd_own_capab_info(hapd)); 945 946 pos = hostapd_probe_resp_fill_elems(hapd, params, 947 params->resp->u.probe_resp.variable, 948 buflen); 949 950 params->resp_len = pos - (u8 *) params->resp; 951 } 952 953 954 #ifdef CONFIG_IEEE80211BE 955 static void hostapd_fill_probe_resp_ml_params(struct hostapd_data *hapd, 956 struct probe_resp_params *params, 957 const struct ieee80211_mgmt *mgmt, 958 int mld_id, u16 links) 959 { 960 struct probe_resp_params sta_info_params; 961 struct hostapd_data *link; 962 963 params->mld_ap = NULL; 964 params->mld_info = os_zalloc(sizeof(*params->mld_info)); 965 if (!params->mld_info) 966 return; 967 968 wpa_printf(MSG_DEBUG, 969 "MLD: Got ML probe request with AP MLD ID %d for links %04x", 970 mld_id, links); 971 972 for_each_mld_link(link, hapd) { 973 struct mld_link_info *link_info; 974 size_t buflen; 975 u8 mld_link_id = link->mld_link_id; 976 u8 *epos; 977 u8 buf[EHT_ML_MAX_STA_PROF_LEN]; 978 979 /* 980 * Set mld_ap iff the ML probe request explicitly 981 * requested a specific MLD ID. In that case, the targeted 982 * AP may have been a nontransmitted BSSID on the same 983 * interface. 984 */ 985 if (mld_id != -1 && link->iface == hapd->iface) 986 params->mld_ap = link; 987 988 /* Never duplicate main Probe Response frame body */ 989 if (link == hapd) 990 continue; 991 992 /* Only include requested links */ 993 if (!(BIT(mld_link_id) & links)) 994 continue; 995 996 link_info = ¶ms->mld_info->links[mld_link_id]; 997 998 sta_info_params.req = params->req; 999 sta_info_params.is_p2p = false; 1000 sta_info_params.is_ml_sta_info = true; 1001 sta_info_params.mld_ap = NULL; 1002 sta_info_params.mld_info = NULL; 1003 1004 buflen = MAX_PROBERESP_LEN; 1005 buflen += hostapd_probe_resp_elems_len(link, &sta_info_params); 1006 1007 if (buflen > EHT_ML_MAX_STA_PROF_LEN) { 1008 wpa_printf(MSG_DEBUG, 1009 "MLD: Not including link %d in ML probe response (%zu bytes is too long)", 1010 mld_link_id, buflen); 1011 goto fail; 1012 } 1013 1014 /* 1015 * NOTE: This does not properly handle inheritance and 1016 * various other things. 1017 */ 1018 link_info->valid = true; 1019 epos = buf; 1020 1021 /* Capabilities is the only fixed parameter */ 1022 WPA_PUT_LE16(epos, hostapd_own_capab_info(hapd)); 1023 epos += 2; 1024 1025 epos = hostapd_probe_resp_fill_elems( 1026 link, &sta_info_params, epos, 1027 EHT_ML_MAX_STA_PROF_LEN - 2); 1028 link_info->resp_sta_profile_len = epos - buf; 1029 os_free(link_info->resp_sta_profile); 1030 link_info->resp_sta_profile = os_memdup( 1031 buf, link_info->resp_sta_profile_len); 1032 if (!link_info->resp_sta_profile) 1033 link_info->resp_sta_profile_len = 0; 1034 os_memcpy(link_info->local_addr, link->own_addr, ETH_ALEN); 1035 1036 wpa_printf(MSG_DEBUG, 1037 "MLD: ML probe response includes link sta info for %d: %u bytes (estimate %zu)", 1038 mld_link_id, link_info->resp_sta_profile_len, 1039 buflen); 1040 } 1041 1042 if (mld_id != -1 && !params->mld_ap) { 1043 wpa_printf(MSG_DEBUG, 1044 "MLD: No nontransmitted BSSID for MLD ID %d", 1045 mld_id); 1046 goto fail; 1047 } 1048 1049 return; 1050 1051 fail: 1052 hostapd_free_probe_resp_params(params); 1053 params->mld_ap = NULL; 1054 params->mld_info = NULL; 1055 } 1056 #endif /* CONFIG_IEEE80211BE */ 1057 1058 1059 enum ssid_match_result { 1060 NO_SSID_MATCH, 1061 EXACT_SSID_MATCH, 1062 WILDCARD_SSID_MATCH, 1063 CO_LOCATED_SSID_MATCH, 1064 }; 1065 1066 static enum ssid_match_result ssid_match(struct hostapd_data *hapd, 1067 const u8 *ssid, size_t ssid_len, 1068 const u8 *ssid_list, 1069 size_t ssid_list_len, 1070 const u8 *short_ssid_list, 1071 size_t short_ssid_list_len) 1072 { 1073 const u8 *pos, *end; 1074 struct hostapd_iface *iface = hapd->iface; 1075 int wildcard = 0; 1076 size_t i, j; 1077 1078 if (ssid_len == 0) 1079 wildcard = 1; 1080 if (ssid_len == hapd->conf->ssid.ssid_len && 1081 os_memcmp(ssid, hapd->conf->ssid.ssid, ssid_len) == 0) 1082 return EXACT_SSID_MATCH; 1083 1084 if (ssid_list) { 1085 pos = ssid_list; 1086 end = ssid_list + ssid_list_len; 1087 while (end - pos >= 2) { 1088 if (2 + pos[1] > end - pos) 1089 break; 1090 if (pos[1] == 0) 1091 wildcard = 1; 1092 if (pos[1] == hapd->conf->ssid.ssid_len && 1093 os_memcmp(pos + 2, hapd->conf->ssid.ssid, 1094 pos[1]) == 0) 1095 return EXACT_SSID_MATCH; 1096 pos += 2 + pos[1]; 1097 } 1098 } 1099 1100 if (short_ssid_list) { 1101 pos = short_ssid_list; 1102 end = short_ssid_list + short_ssid_list_len; 1103 while (end - pos >= 4) { 1104 if (hapd->conf->ssid.short_ssid == WPA_GET_LE32(pos)) 1105 return EXACT_SSID_MATCH; 1106 pos += 4; 1107 } 1108 } 1109 1110 if (wildcard) 1111 return WILDCARD_SSID_MATCH; 1112 1113 if (!iface->interfaces || iface->interfaces->count <= 1 || 1114 is_6ghz_op_class(hapd->iconf->op_class)) 1115 return NO_SSID_MATCH; 1116 1117 for (i = 0; i < iface->interfaces->count; i++) { 1118 struct hostapd_iface *colocated; 1119 1120 colocated = iface->interfaces->iface[i]; 1121 1122 if (colocated == iface || 1123 !is_6ghz_op_class(colocated->conf->op_class)) 1124 continue; 1125 1126 for (j = 0; j < colocated->num_bss; j++) { 1127 struct hostapd_bss_config *conf; 1128 1129 conf = colocated->bss[j]->conf; 1130 if (ssid_len == conf->ssid.ssid_len && 1131 os_memcmp(ssid, conf->ssid.ssid, ssid_len) == 0) 1132 return CO_LOCATED_SSID_MATCH; 1133 } 1134 } 1135 1136 return NO_SSID_MATCH; 1137 } 1138 1139 1140 void sta_track_expire(struct hostapd_iface *iface, int force) 1141 { 1142 struct os_reltime now; 1143 struct hostapd_sta_info *info; 1144 1145 if (!iface->num_sta_seen) 1146 return; 1147 1148 os_get_reltime(&now); 1149 while ((info = dl_list_first(&iface->sta_seen, struct hostapd_sta_info, 1150 list))) { 1151 if (!force && 1152 !os_reltime_expired(&now, &info->last_seen, 1153 iface->conf->track_sta_max_age)) 1154 break; 1155 force = 0; 1156 1157 wpa_printf(MSG_MSGDUMP, "%s: Expire STA tracking entry for " 1158 MACSTR, iface->bss[0]->conf->iface, 1159 MAC2STR(info->addr)); 1160 dl_list_del(&info->list); 1161 iface->num_sta_seen--; 1162 sta_track_del(info); 1163 } 1164 } 1165 1166 1167 static struct hostapd_sta_info * sta_track_get(struct hostapd_iface *iface, 1168 const u8 *addr) 1169 { 1170 struct hostapd_sta_info *info; 1171 1172 dl_list_for_each(info, &iface->sta_seen, struct hostapd_sta_info, list) 1173 if (ether_addr_equal(addr, info->addr)) 1174 return info; 1175 1176 return NULL; 1177 } 1178 1179 1180 void sta_track_add(struct hostapd_iface *iface, const u8 *addr, int ssi_signal) 1181 { 1182 struct hostapd_sta_info *info; 1183 1184 info = sta_track_get(iface, addr); 1185 if (info) { 1186 /* Move the most recent entry to the end of the list */ 1187 dl_list_del(&info->list); 1188 dl_list_add_tail(&iface->sta_seen, &info->list); 1189 os_get_reltime(&info->last_seen); 1190 info->ssi_signal = ssi_signal; 1191 return; 1192 } 1193 1194 /* Add a new entry */ 1195 info = os_zalloc(sizeof(*info)); 1196 if (info == NULL) 1197 return; 1198 os_memcpy(info->addr, addr, ETH_ALEN); 1199 os_get_reltime(&info->last_seen); 1200 info->ssi_signal = ssi_signal; 1201 1202 if (iface->num_sta_seen >= iface->conf->track_sta_max_num) { 1203 /* Expire oldest entry to make room for a new one */ 1204 sta_track_expire(iface, 1); 1205 } 1206 1207 wpa_printf(MSG_MSGDUMP, "%s: Add STA tracking entry for " 1208 MACSTR, iface->bss[0]->conf->iface, MAC2STR(addr)); 1209 dl_list_add_tail(&iface->sta_seen, &info->list); 1210 iface->num_sta_seen++; 1211 } 1212 1213 1214 struct hostapd_data * 1215 sta_track_seen_on(struct hostapd_iface *iface, const u8 *addr, 1216 const char *ifname) 1217 { 1218 struct hapd_interfaces *interfaces = iface->interfaces; 1219 size_t i, j; 1220 1221 for (i = 0; i < interfaces->count; i++) { 1222 struct hostapd_data *hapd = NULL; 1223 1224 iface = interfaces->iface[i]; 1225 for (j = 0; j < iface->num_bss; j++) { 1226 hapd = iface->bss[j]; 1227 if (os_strcmp(ifname, hapd->conf->iface) == 0) 1228 break; 1229 hapd = NULL; 1230 } 1231 1232 if (hapd && sta_track_get(iface, addr)) 1233 return hapd; 1234 } 1235 1236 return NULL; 1237 } 1238 1239 1240 #ifdef CONFIG_TAXONOMY 1241 void sta_track_claim_taxonomy_info(struct hostapd_iface *iface, const u8 *addr, 1242 struct wpabuf **probe_ie_taxonomy) 1243 { 1244 struct hostapd_sta_info *info; 1245 1246 info = sta_track_get(iface, addr); 1247 if (!info) 1248 return; 1249 1250 wpabuf_free(*probe_ie_taxonomy); 1251 *probe_ie_taxonomy = info->probe_ie_taxonomy; 1252 info->probe_ie_taxonomy = NULL; 1253 } 1254 #endif /* CONFIG_TAXONOMY */ 1255 1256 1257 #ifdef CONFIG_IEEE80211BE 1258 static bool parse_ml_probe_req(const struct ieee80211_eht_ml *ml, size_t ml_len, 1259 int *mld_id, u16 *links) 1260 { 1261 u16 ml_control; 1262 const struct element *sub; 1263 const u8 *pos; 1264 size_t len; 1265 1266 *mld_id = -1; 1267 *links = 0xffff; 1268 1269 if (ml_len < sizeof(struct ieee80211_eht_ml)) 1270 return false; 1271 1272 ml_control = le_to_host16(ml->ml_control); 1273 if ((ml_control & MULTI_LINK_CONTROL_TYPE_MASK) != 1274 MULTI_LINK_CONTROL_TYPE_PROBE_REQ) { 1275 wpa_printf(MSG_DEBUG, "MLD: Not an ML probe req"); 1276 return false; 1277 } 1278 1279 if (sizeof(struct ieee80211_eht_ml) + 1 > ml_len) { 1280 wpa_printf(MSG_DEBUG, "MLD: ML probe req too short"); 1281 return false; 1282 } 1283 1284 pos = ml->variable; 1285 len = pos[0]; 1286 if (len < 1 || sizeof(struct ieee80211_eht_ml) + len > ml_len) { 1287 wpa_printf(MSG_DEBUG, 1288 "MLD: ML probe request with invalid length"); 1289 return false; 1290 } 1291 1292 if (ml_control & EHT_ML_PRES_BM_PROBE_REQ_AP_MLD_ID) { 1293 if (len < 2) { 1294 wpa_printf(MSG_DEBUG, 1295 "MLD: ML probe req too short for MLD ID"); 1296 return false; 1297 } 1298 1299 *mld_id = pos[1]; 1300 } 1301 pos += len; 1302 1303 /* Parse subelements (if there are any) */ 1304 len = ml_len - len - sizeof(struct ieee80211_eht_ml); 1305 for_each_element_id(sub, 0, pos, len) { 1306 const struct ieee80211_eht_per_sta_profile *sta; 1307 u16 sta_control; 1308 1309 if (*links == 0xffff) 1310 *links = 0; 1311 1312 if (sub->datalen < 1313 sizeof(struct ieee80211_eht_per_sta_profile)) { 1314 wpa_printf(MSG_DEBUG, 1315 "MLD: ML probe req %d too short for sta profile", 1316 sub->datalen); 1317 return false; 1318 } 1319 1320 sta = (struct ieee80211_eht_per_sta_profile *) sub->data; 1321 1322 /* 1323 * Extract the link ID, do not return whether a complete or 1324 * partial profile was requested. 1325 */ 1326 sta_control = le_to_host16(sta->sta_control); 1327 *links |= BIT(sta_control & EHT_PER_STA_CTRL_LINK_ID_MSK); 1328 } 1329 1330 if (!for_each_element_completed(sub, pos, len)) { 1331 wpa_printf(MSG_DEBUG, 1332 "MLD: ML probe req sub-elements parsing error"); 1333 return false; 1334 } 1335 1336 return true; 1337 } 1338 #endif /* CONFIG_IEEE80211BE */ 1339 1340 1341 void handle_probe_req(struct hostapd_data *hapd, 1342 const struct ieee80211_mgmt *mgmt, size_t len, 1343 int ssi_signal) 1344 { 1345 struct ieee802_11_elems elems; 1346 const u8 *ie; 1347 size_t ie_len; 1348 size_t i; 1349 int noack; 1350 enum ssid_match_result res; 1351 int ret; 1352 u16 csa_offs[2]; 1353 size_t csa_offs_len; 1354 struct radius_sta rad_info; 1355 struct probe_resp_params params; 1356 #ifdef CONFIG_IEEE80211BE 1357 int mld_id; 1358 u16 links; 1359 #endif /* CONFIG_IEEE80211BE */ 1360 1361 if (hapd->iconf->rssi_ignore_probe_request && ssi_signal && 1362 ssi_signal < hapd->iconf->rssi_ignore_probe_request) 1363 return; 1364 1365 if (len < IEEE80211_HDRLEN) 1366 return; 1367 ie = ((const u8 *) mgmt) + IEEE80211_HDRLEN; 1368 if (hapd->iconf->track_sta_max_num) 1369 sta_track_add(hapd->iface, mgmt->sa, ssi_signal); 1370 ie_len = len - IEEE80211_HDRLEN; 1371 1372 ret = hostapd_allowed_address(hapd, mgmt->sa, (const u8 *) mgmt, len, 1373 &rad_info, 1); 1374 if (ret == HOSTAPD_ACL_REJECT) { 1375 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 1376 "Ignore Probe Request frame from " MACSTR 1377 " due to ACL reject ", MAC2STR(mgmt->sa)); 1378 return; 1379 } 1380 1381 for (i = 0; hapd->probereq_cb && i < hapd->num_probereq_cb; i++) 1382 if (hapd->probereq_cb[i].cb(hapd->probereq_cb[i].ctx, 1383 mgmt->sa, mgmt->da, mgmt->bssid, 1384 ie, ie_len, ssi_signal) > 0) 1385 return; 1386 1387 if (!hapd->conf->send_probe_response) 1388 return; 1389 1390 if (ieee802_11_parse_elems(ie, ie_len, &elems, 0) == ParseFailed) { 1391 wpa_printf(MSG_DEBUG, "Could not parse ProbeReq from " MACSTR, 1392 MAC2STR(mgmt->sa)); 1393 return; 1394 } 1395 1396 if ((!elems.ssid || !elems.supp_rates)) { 1397 wpa_printf(MSG_DEBUG, "STA " MACSTR " sent probe request " 1398 "without SSID or supported rates element", 1399 MAC2STR(mgmt->sa)); 1400 return; 1401 } 1402 1403 /* 1404 * No need to reply if the Probe Request frame was sent on an adjacent 1405 * channel. IEEE Std 802.11-2012 describes this as a requirement for an 1406 * AP with dot11RadioMeasurementActivated set to true, but strictly 1407 * speaking does not allow such ignoring of Probe Request frames if 1408 * dot11RadioMeasurementActivated is false. Anyway, this can help reduce 1409 * number of unnecessary Probe Response frames for cases where the STA 1410 * is less likely to see them (Probe Request frame sent on a 1411 * neighboring, but partially overlapping, channel). 1412 */ 1413 if (elems.ds_params && 1414 hapd->iface->current_mode && 1415 (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G || 1416 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211B) && 1417 hapd->iconf->channel != elems.ds_params[0]) { 1418 wpa_printf(MSG_DEBUG, 1419 "Ignore Probe Request due to DS Params mismatch: chan=%u != ds.chan=%u", 1420 hapd->iconf->channel, elems.ds_params[0]); 1421 return; 1422 } 1423 1424 #ifdef CONFIG_P2P 1425 if (hapd->p2p && hapd->p2p_group && elems.wps_ie) { 1426 struct wpabuf *wps; 1427 wps = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA); 1428 if (wps && !p2p_group_match_dev_type(hapd->p2p_group, wps)) { 1429 wpa_printf(MSG_MSGDUMP, "P2P: Ignore Probe Request " 1430 "due to mismatch with Requested Device " 1431 "Type"); 1432 wpabuf_free(wps); 1433 return; 1434 } 1435 wpabuf_free(wps); 1436 } 1437 1438 if (hapd->p2p && hapd->p2p_group && elems.p2p) { 1439 struct wpabuf *p2p; 1440 p2p = ieee802_11_vendor_ie_concat(ie, ie_len, P2P_IE_VENDOR_TYPE); 1441 if (p2p && !p2p_group_match_dev_id(hapd->p2p_group, p2p)) { 1442 wpa_printf(MSG_MSGDUMP, "P2P: Ignore Probe Request " 1443 "due to mismatch with Device ID"); 1444 wpabuf_free(p2p); 1445 return; 1446 } 1447 wpabuf_free(p2p); 1448 } 1449 #endif /* CONFIG_P2P */ 1450 1451 if (hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0 && 1452 elems.ssid_list_len == 0 && elems.short_ssid_list_len == 0) { 1453 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for " 1454 "broadcast SSID ignored", MAC2STR(mgmt->sa)); 1455 return; 1456 } 1457 1458 #ifdef CONFIG_P2P 1459 if ((hapd->conf->p2p & P2P_GROUP_OWNER) && 1460 elems.ssid_len == P2P_WILDCARD_SSID_LEN && 1461 os_memcmp(elems.ssid, P2P_WILDCARD_SSID, 1462 P2P_WILDCARD_SSID_LEN) == 0) { 1463 /* Process P2P Wildcard SSID like Wildcard SSID */ 1464 elems.ssid_len = 0; 1465 } 1466 #endif /* CONFIG_P2P */ 1467 1468 #ifdef CONFIG_TAXONOMY 1469 { 1470 struct sta_info *sta; 1471 struct hostapd_sta_info *info; 1472 1473 if ((sta = ap_get_sta(hapd, mgmt->sa)) != NULL) { 1474 taxonomy_sta_info_probe_req(hapd, sta, ie, ie_len); 1475 } else if ((info = sta_track_get(hapd->iface, 1476 mgmt->sa)) != NULL) { 1477 taxonomy_hostapd_sta_info_probe_req(hapd, info, 1478 ie, ie_len); 1479 } 1480 } 1481 #endif /* CONFIG_TAXONOMY */ 1482 1483 res = ssid_match(hapd, elems.ssid, elems.ssid_len, 1484 elems.ssid_list, elems.ssid_list_len, 1485 elems.short_ssid_list, elems.short_ssid_list_len); 1486 if (res == NO_SSID_MATCH) { 1487 if (!(mgmt->da[0] & 0x01)) { 1488 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR 1489 " for foreign SSID '%s' (DA " MACSTR ")%s", 1490 MAC2STR(mgmt->sa), 1491 wpa_ssid_txt(elems.ssid, elems.ssid_len), 1492 MAC2STR(mgmt->da), 1493 elems.ssid_list ? " (SSID list)" : ""); 1494 } 1495 return; 1496 } 1497 1498 if (hapd->conf->ignore_broadcast_ssid && res == WILDCARD_SSID_MATCH) { 1499 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for " 1500 "broadcast SSID ignored", MAC2STR(mgmt->sa)); 1501 return; 1502 } 1503 1504 #ifdef CONFIG_INTERWORKING 1505 if (hapd->conf->interworking && 1506 elems.interworking && elems.interworking_len >= 1) { 1507 u8 ant = elems.interworking[0] & 0x0f; 1508 if (ant != INTERWORKING_ANT_WILDCARD && 1509 ant != hapd->conf->access_network_type) { 1510 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR 1511 " for mismatching ANT %u ignored", 1512 MAC2STR(mgmt->sa), ant); 1513 return; 1514 } 1515 } 1516 1517 if (hapd->conf->interworking && elems.interworking && 1518 (elems.interworking_len == 7 || elems.interworking_len == 9)) { 1519 const u8 *hessid; 1520 if (elems.interworking_len == 7) 1521 hessid = elems.interworking + 1; 1522 else 1523 hessid = elems.interworking + 1 + 2; 1524 if (!is_broadcast_ether_addr(hessid) && 1525 !ether_addr_equal(hessid, hapd->conf->hessid)) { 1526 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR 1527 " for mismatching HESSID " MACSTR 1528 " ignored", 1529 MAC2STR(mgmt->sa), MAC2STR(hessid)); 1530 return; 1531 } 1532 } 1533 #endif /* CONFIG_INTERWORKING */ 1534 1535 #ifdef CONFIG_P2P 1536 if ((hapd->conf->p2p & P2P_GROUP_OWNER) && 1537 supp_rates_11b_only(&elems)) { 1538 /* Indicates support for 11b rates only */ 1539 wpa_printf(MSG_EXCESSIVE, "P2P: Ignore Probe Request from " 1540 MACSTR " with only 802.11b rates", 1541 MAC2STR(mgmt->sa)); 1542 return; 1543 } 1544 #endif /* CONFIG_P2P */ 1545 1546 /* TODO: verify that supp_rates contains at least one matching rate 1547 * with AP configuration */ 1548 1549 if (hapd->conf->no_probe_resp_if_seen_on && 1550 is_multicast_ether_addr(mgmt->da) && 1551 is_multicast_ether_addr(mgmt->bssid) && 1552 sta_track_seen_on(hapd->iface, mgmt->sa, 1553 hapd->conf->no_probe_resp_if_seen_on)) { 1554 wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR 1555 " since STA has been seen on %s", 1556 hapd->conf->iface, MAC2STR(mgmt->sa), 1557 hapd->conf->no_probe_resp_if_seen_on); 1558 return; 1559 } 1560 1561 if (hapd->conf->no_probe_resp_if_max_sta && 1562 is_multicast_ether_addr(mgmt->da) && 1563 is_multicast_ether_addr(mgmt->bssid) && 1564 hapd->num_sta >= hapd->conf->max_num_sta && 1565 !ap_get_sta(hapd, mgmt->sa)) { 1566 wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR 1567 " since no room for additional STA", 1568 hapd->conf->iface, MAC2STR(mgmt->sa)); 1569 return; 1570 } 1571 1572 #ifdef CONFIG_TESTING_OPTIONS 1573 if (hapd->iconf->ignore_probe_probability > 0.0 && 1574 drand48() < hapd->iconf->ignore_probe_probability) { 1575 wpa_printf(MSG_INFO, 1576 "TESTING: ignoring probe request from " MACSTR, 1577 MAC2STR(mgmt->sa)); 1578 return; 1579 } 1580 #endif /* CONFIG_TESTING_OPTIONS */ 1581 1582 /* Do not send Probe Response frame from a non-transmitting multiple 1583 * BSSID profile unless the Probe Request frame is directed at that 1584 * particular BSS. */ 1585 if (hapd != hostapd_mbssid_get_tx_bss(hapd) && res != EXACT_SSID_MATCH) 1586 return; 1587 1588 wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, RX_PROBE_REQUEST "sa=" MACSTR 1589 " signal=%d", MAC2STR(mgmt->sa), ssi_signal); 1590 1591 os_memset(¶ms, 0, sizeof(params)); 1592 1593 #ifdef CONFIG_IEEE80211BE 1594 if (hapd->conf->mld_ap && elems.probe_req_mle && 1595 parse_ml_probe_req((struct ieee80211_eht_ml *) elems.probe_req_mle, 1596 elems.probe_req_mle_len, &mld_id, &links)) { 1597 hostapd_fill_probe_resp_ml_params(hapd, ¶ms, mgmt, 1598 mld_id, links); 1599 } 1600 #endif /* CONFIG_IEEE80211BE */ 1601 1602 params.req = mgmt; 1603 params.is_p2p = !!elems.p2p; 1604 params.known_bss = elems.mbssid_known_bss; 1605 params.known_bss_len = elems.mbssid_known_bss_len; 1606 params.is_ml_sta_info = false; 1607 1608 hostapd_gen_probe_resp(hapd, ¶ms); 1609 1610 hostapd_free_probe_resp_params(¶ms); 1611 1612 if (!params.resp) 1613 return; 1614 1615 /* 1616 * If this is a broadcast probe request, apply no ack policy to avoid 1617 * excessive retries. 1618 */ 1619 noack = !!(res == WILDCARD_SSID_MATCH && 1620 is_broadcast_ether_addr(mgmt->da)); 1621 1622 csa_offs_len = 0; 1623 if (hapd->csa_in_progress) { 1624 if (params.csa_pos) 1625 csa_offs[csa_offs_len++] = 1626 params.csa_pos - (u8 *) params.resp; 1627 1628 if (params.ecsa_pos) 1629 csa_offs[csa_offs_len++] = 1630 params.ecsa_pos - (u8 *) params.resp; 1631 } 1632 1633 ret = hostapd_drv_send_mlme(hapd, params.resp, params.resp_len, noack, 1634 csa_offs_len ? csa_offs : NULL, 1635 csa_offs_len, 0); 1636 1637 if (ret < 0) 1638 wpa_printf(MSG_INFO, "handle_probe_req: send failed"); 1639 1640 os_free(params.resp); 1641 1642 wpa_printf(MSG_EXCESSIVE, "STA " MACSTR " sent probe request for %s " 1643 "SSID", MAC2STR(mgmt->sa), 1644 elems.ssid_len == 0 ? "broadcast" : "our"); 1645 } 1646 1647 1648 static u8 * hostapd_probe_resp_offloads(struct hostapd_data *hapd, 1649 size_t *resp_len) 1650 { 1651 struct probe_resp_params params; 1652 1653 /* check probe response offloading caps and print warnings */ 1654 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD)) 1655 return NULL; 1656 1657 #ifdef CONFIG_WPS 1658 if (hapd->conf->wps_state && hapd->wps_probe_resp_ie && 1659 (!(hapd->iface->probe_resp_offloads & 1660 (WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS | 1661 WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2)))) 1662 wpa_printf(MSG_WARNING, "Device is trying to offload WPS " 1663 "Probe Response while not supporting this"); 1664 #endif /* CONFIG_WPS */ 1665 1666 #ifdef CONFIG_P2P 1667 if ((hapd->conf->p2p & P2P_ENABLED) && hapd->p2p_probe_resp_ie && 1668 !(hapd->iface->probe_resp_offloads & 1669 WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P)) 1670 wpa_printf(MSG_WARNING, "Device is trying to offload P2P " 1671 "Probe Response while not supporting this"); 1672 #endif /* CONFIG_P2P */ 1673 1674 if (hapd->conf->interworking && 1675 !(hapd->iface->probe_resp_offloads & 1676 WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING)) 1677 wpa_printf(MSG_WARNING, "Device is trying to offload " 1678 "Interworking Probe Response while not supporting " 1679 "this"); 1680 1681 /* Generate a Probe Response template for the non-P2P case */ 1682 os_memset(¶ms, 0, sizeof(params)); 1683 params.req = NULL; 1684 params.is_p2p = false; 1685 params.known_bss = NULL; 1686 params.known_bss_len = 0; 1687 params.is_ml_sta_info = false; 1688 params.mld_ap = NULL; 1689 params.mld_info = NULL; 1690 1691 hostapd_gen_probe_resp(hapd, ¶ms); 1692 *resp_len = params.resp_len; 1693 if (!params.resp) 1694 return NULL; 1695 1696 /* TODO: Avoid passing these through struct hostapd_data */ 1697 if (params.csa_pos) 1698 hapd->cs_c_off_proberesp = params.csa_pos - (u8 *) params.resp; 1699 if (params.ecsa_pos) 1700 hapd->cs_c_off_ecsa_proberesp = params.ecsa_pos - 1701 (u8 *) params.resp; 1702 #ifdef CONFIG_IEEE80211AX 1703 if (params.cca_pos) 1704 hapd->cca_c_off_proberesp = params.cca_pos - (u8 *) params.resp; 1705 #endif /* CONFIG_IEEE80211AX */ 1706 1707 return (u8 *) params.resp; 1708 } 1709 1710 #endif /* NEED_AP_MLME */ 1711 1712 1713 #ifdef CONFIG_IEEE80211AX 1714 /* Unsolicited broadcast Probe Response transmission, 6 GHz only */ 1715 u8 * hostapd_unsol_bcast_probe_resp(struct hostapd_data *hapd, 1716 struct unsol_bcast_probe_resp *ubpr) 1717 { 1718 struct probe_resp_params probe_params; 1719 1720 if (!is_6ghz_op_class(hapd->iconf->op_class)) 1721 return NULL; 1722 1723 ubpr->unsol_bcast_probe_resp_interval = 1724 hapd->conf->unsol_bcast_probe_resp_interval; 1725 1726 os_memset(&probe_params, 0, sizeof(probe_params)); 1727 probe_params.req = NULL; 1728 probe_params.is_p2p = false; 1729 probe_params.known_bss = NULL; 1730 probe_params.known_bss_len = 0; 1731 probe_params.is_ml_sta_info = false; 1732 probe_params.mld_ap = NULL; 1733 probe_params.mld_info = NULL; 1734 1735 hostapd_gen_probe_resp(hapd, &probe_params); 1736 ubpr->unsol_bcast_probe_resp_tmpl_len = probe_params.resp_len; 1737 return (u8 *) probe_params.resp; 1738 } 1739 #endif /* CONFIG_IEEE80211AX */ 1740 1741 1742 void sta_track_del(struct hostapd_sta_info *info) 1743 { 1744 #ifdef CONFIG_TAXONOMY 1745 wpabuf_free(info->probe_ie_taxonomy); 1746 info->probe_ie_taxonomy = NULL; 1747 #endif /* CONFIG_TAXONOMY */ 1748 os_free(info); 1749 } 1750 1751 1752 #ifdef CONFIG_FILS 1753 1754 static u16 hostapd_gen_fils_discovery_phy_index(struct hostapd_data *hapd) 1755 { 1756 #ifdef CONFIG_IEEE80211BE 1757 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) 1758 return FD_CAP_PHY_INDEX_EHT; 1759 #endif /* CONFIG_IEEE80211BE */ 1760 1761 #ifdef CONFIG_IEEE80211AX 1762 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) 1763 return FD_CAP_PHY_INDEX_HE; 1764 #endif /* CONFIG_IEEE80211AX */ 1765 1766 #ifdef CONFIG_IEEE80211AC 1767 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) 1768 return FD_CAP_PHY_INDEX_VHT; 1769 #endif /* CONFIG_IEEE80211AC */ 1770 1771 if (hapd->iconf->ieee80211n && !hapd->conf->disable_11n) 1772 return FD_CAP_PHY_INDEX_HT; 1773 1774 return 0; 1775 } 1776 1777 1778 static u16 hostapd_gen_fils_discovery_nss(struct hostapd_hw_modes *mode, 1779 u16 phy_index, u8 he_mcs_nss_size) 1780 { 1781 u16 nss = 0; 1782 1783 if (!mode) 1784 return 0; 1785 1786 if (phy_index == FD_CAP_PHY_INDEX_HE) { 1787 const u8 *he_mcs = mode->he_capab[IEEE80211_MODE_AP].mcs; 1788 int i; 1789 u16 mcs[6]; 1790 1791 os_memset(mcs, 0xff, 6 * sizeof(u16)); 1792 1793 if (he_mcs_nss_size == 4) { 1794 mcs[0] = WPA_GET_LE16(&he_mcs[0]); 1795 mcs[1] = WPA_GET_LE16(&he_mcs[2]); 1796 } 1797 1798 if (he_mcs_nss_size == 8) { 1799 mcs[2] = WPA_GET_LE16(&he_mcs[4]); 1800 mcs[3] = WPA_GET_LE16(&he_mcs[6]); 1801 } 1802 1803 if (he_mcs_nss_size == 12) { 1804 mcs[4] = WPA_GET_LE16(&he_mcs[8]); 1805 mcs[5] = WPA_GET_LE16(&he_mcs[10]); 1806 } 1807 1808 for (i = 0; i < HE_NSS_MAX_STREAMS; i++) { 1809 u16 nss_mask = 0x3 << (i * 2); 1810 1811 /* 1812 * If Tx and/or Rx indicate support for a given NSS, 1813 * count it towards the maximum NSS. 1814 */ 1815 if (he_mcs_nss_size == 4 && 1816 (((mcs[0] & nss_mask) != nss_mask) || 1817 ((mcs[1] & nss_mask) != nss_mask))) { 1818 nss++; 1819 continue; 1820 } 1821 1822 if (he_mcs_nss_size == 8 && 1823 (((mcs[2] & nss_mask) != nss_mask) || 1824 ((mcs[3] & nss_mask) != nss_mask))) { 1825 nss++; 1826 continue; 1827 } 1828 1829 if (he_mcs_nss_size == 12 && 1830 (((mcs[4] & nss_mask) != nss_mask) || 1831 ((mcs[5] & nss_mask) != nss_mask))) { 1832 nss++; 1833 continue; 1834 } 1835 } 1836 } else if (phy_index == FD_CAP_PHY_INDEX_EHT) { 1837 u8 rx_nss, tx_nss, max_nss = 0, i; 1838 u8 *mcs = mode->eht_capab[IEEE80211_MODE_AP].mcs; 1839 1840 /* 1841 * The Supported EHT-MCS And NSS Set field for the AP contains 1842 * one to three EHT-MCS Map fields based on the supported 1843 * bandwidth. Check the first byte (max NSS for Rx/Tx that 1844 * supports EHT-MCS 0-9) for each bandwidth (<= 80, 1845 * 160, 320) to find the maximum NSS. This assumes that 1846 * the lowest MCS rates support the largest number of spatial 1847 * streams. If values are different between Tx, Rx or the 1848 * bandwidths, choose the highest value. 1849 */ 1850 for (i = 0; i < 3; i++) { 1851 rx_nss = mcs[3 * i] & 0x0F; 1852 if (rx_nss > max_nss) 1853 max_nss = rx_nss; 1854 1855 tx_nss = (mcs[3 * i] & 0xF0) >> 4; 1856 if (tx_nss > max_nss) 1857 max_nss = tx_nss; 1858 } 1859 1860 nss = max_nss; 1861 } 1862 1863 if (nss > 4) 1864 return FD_CAP_NSS_5_8 << FD_CAP_NSS_SHIFT; 1865 if (nss) 1866 return (nss - 1) << FD_CAP_NSS_SHIFT; 1867 1868 return 0; 1869 } 1870 1871 1872 static u16 hostapd_fils_discovery_cap(struct hostapd_data *hapd) 1873 { 1874 u16 cap_info, phy_index; 1875 u8 chwidth = FD_CAP_BSS_CHWIDTH_20, he_mcs_nss_size = 4; 1876 struct hostapd_hw_modes *mode = hapd->iface->current_mode; 1877 1878 cap_info = FD_CAP_ESS; 1879 if (hapd->conf->wpa) 1880 cap_info |= FD_CAP_PRIVACY; 1881 1882 if (is_6ghz_op_class(hapd->iconf->op_class)) { 1883 switch (hapd->iconf->op_class) { 1884 case 137: 1885 chwidth = FD_CAP_BSS_CHWIDTH_320; 1886 break; 1887 case 135: 1888 he_mcs_nss_size += 4; 1889 /* fallthrough */ 1890 case 134: 1891 he_mcs_nss_size += 4; 1892 chwidth = FD_CAP_BSS_CHWIDTH_160_80_80; 1893 break; 1894 case 133: 1895 chwidth = FD_CAP_BSS_CHWIDTH_80; 1896 break; 1897 case 132: 1898 chwidth = FD_CAP_BSS_CHWIDTH_40; 1899 break; 1900 } 1901 } else { 1902 switch (hostapd_get_oper_chwidth(hapd->iconf)) { 1903 case CONF_OPER_CHWIDTH_80P80MHZ: 1904 he_mcs_nss_size += 4; 1905 /* fallthrough */ 1906 case CONF_OPER_CHWIDTH_160MHZ: 1907 he_mcs_nss_size += 4; 1908 chwidth = FD_CAP_BSS_CHWIDTH_160_80_80; 1909 break; 1910 case CONF_OPER_CHWIDTH_80MHZ: 1911 chwidth = FD_CAP_BSS_CHWIDTH_80; 1912 break; 1913 case CONF_OPER_CHWIDTH_USE_HT: 1914 if (hapd->iconf->secondary_channel) 1915 chwidth = FD_CAP_BSS_CHWIDTH_40; 1916 else 1917 chwidth = FD_CAP_BSS_CHWIDTH_20; 1918 break; 1919 default: 1920 break; 1921 } 1922 } 1923 1924 phy_index = hostapd_gen_fils_discovery_phy_index(hapd); 1925 cap_info |= phy_index << FD_CAP_PHY_INDEX_SHIFT; 1926 cap_info |= chwidth << FD_CAP_BSS_CHWIDTH_SHIFT; 1927 cap_info |= hostapd_gen_fils_discovery_nss(mode, phy_index, 1928 he_mcs_nss_size); 1929 return cap_info; 1930 } 1931 1932 1933 static u8 * hostapd_gen_fils_discovery(struct hostapd_data *hapd, size_t *len) 1934 { 1935 struct ieee80211_mgmt *head; 1936 const u8 *mobility_domain; 1937 u8 *pos, *length_pos, buf[200]; 1938 u16 ctl = 0; 1939 u8 fd_rsn_info[5]; 1940 size_t total_len, buf_len; 1941 1942 total_len = 24 + 2 + 12; 1943 1944 /* FILS Discovery Frame Control */ 1945 ctl = (sizeof(hapd->conf->ssid.short_ssid) - 1) | 1946 FD_FRAME_CTL_SHORT_SSID_PRESENT | 1947 FD_FRAME_CTL_LENGTH_PRESENT | 1948 FD_FRAME_CTL_CAP_PRESENT; 1949 total_len += 4 + 1 + 2; 1950 1951 /* Fill primary channel information for 6 GHz channels with over 20 MHz 1952 * bandwidth, if the primary channel is not a PSC */ 1953 if (is_6ghz_op_class(hapd->iconf->op_class) && 1954 !is_6ghz_psc_frequency(ieee80211_chan_to_freq( 1955 NULL, hapd->iconf->op_class, 1956 hapd->iconf->channel)) && 1957 op_class_to_bandwidth(hapd->iconf->op_class) > 20) { 1958 ctl |= FD_FRAME_CTL_PRI_CHAN_PRESENT; 1959 total_len += 2; 1960 } 1961 1962 /* Check for optional subfields and calculate length */ 1963 if (wpa_auth_write_fd_rsn_info(hapd->wpa_auth, fd_rsn_info)) { 1964 ctl |= FD_FRAME_CTL_RSN_INFO_PRESENT; 1965 total_len += sizeof(fd_rsn_info); 1966 } 1967 1968 mobility_domain = hostapd_wpa_ie(hapd, WLAN_EID_MOBILITY_DOMAIN); 1969 if (mobility_domain) { 1970 ctl |= FD_FRAME_CTL_MD_PRESENT; 1971 total_len += 3; 1972 } 1973 1974 total_len += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_ACTION, true); 1975 1976 pos = hostapd_eid_fils_indic(hapd, buf, 0); 1977 buf_len = pos - buf; 1978 total_len += buf_len; 1979 1980 /* he_elem_len() may return too large a value for FD frame, but that is 1981 * fine here since this is used as the maximum length of the buffer. */ 1982 total_len += he_elem_len(hapd); 1983 1984 head = os_zalloc(total_len); 1985 if (!head) 1986 return NULL; 1987 1988 head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1989 WLAN_FC_STYPE_ACTION); 1990 os_memset(head->da, 0xff, ETH_ALEN); 1991 os_memcpy(head->sa, hapd->own_addr, ETH_ALEN); 1992 os_memcpy(head->bssid, hapd->own_addr, ETH_ALEN); 1993 1994 head->u.action.category = WLAN_ACTION_PUBLIC; 1995 head->u.action.u.public_action.action = WLAN_PA_FILS_DISCOVERY; 1996 1997 pos = &head->u.action.u.public_action.variable[0]; 1998 1999 /* FILS Discovery Information field */ 2000 2001 /* FILS Discovery Frame Control */ 2002 WPA_PUT_LE16(pos, ctl); 2003 pos += 2; 2004 2005 /* Hardware or low-level driver will fill in the Timestamp value */ 2006 pos += 8; 2007 2008 /* Beacon Interval */ 2009 WPA_PUT_LE16(pos, hapd->iconf->beacon_int); 2010 pos += 2; 2011 2012 /* Short SSID */ 2013 WPA_PUT_LE32(pos, hapd->conf->ssid.short_ssid); 2014 pos += sizeof(hapd->conf->ssid.short_ssid); 2015 2016 /* Store position of FILS discovery information element Length field */ 2017 length_pos = pos++; 2018 2019 /* FD Capability */ 2020 WPA_PUT_LE16(pos, hostapd_fils_discovery_cap(hapd)); 2021 pos += 2; 2022 2023 /* Operating Class and Primary Channel - if a 6 GHz chan is non PSC */ 2024 if (ctl & FD_FRAME_CTL_PRI_CHAN_PRESENT) { 2025 *pos++ = hapd->iconf->op_class; 2026 *pos++ = hapd->iconf->channel; 2027 } 2028 2029 /* AP Configuration Sequence Number - not present */ 2030 2031 /* Access Network Options - not present */ 2032 2033 /* FD RSN Information */ 2034 if (ctl & FD_FRAME_CTL_RSN_INFO_PRESENT) { 2035 os_memcpy(pos, fd_rsn_info, sizeof(fd_rsn_info)); 2036 pos += sizeof(fd_rsn_info); 2037 } 2038 2039 /* Channel Center Frequency Segment 1 - not present */ 2040 2041 /* Mobility Domain */ 2042 if (ctl & FD_FRAME_CTL_MD_PRESENT) { 2043 os_memcpy(pos, &mobility_domain[2], 3); 2044 pos += 3; 2045 } 2046 2047 /* Fill in the Length field value */ 2048 *length_pos = pos - (length_pos + 1); 2049 2050 pos = hostapd_eid_rnr(hapd, pos, WLAN_FC_STYPE_ACTION, true); 2051 2052 /* FILS Indication element */ 2053 if (buf_len) { 2054 os_memcpy(pos, buf, buf_len); 2055 pos += buf_len; 2056 } 2057 2058 if (is_6ghz_op_class(hapd->iconf->op_class)) 2059 pos = hostapd_eid_txpower_envelope(hapd, pos); 2060 2061 *len = pos - (u8 *) head; 2062 wpa_hexdump(MSG_DEBUG, "FILS Discovery frame template", 2063 head, pos - (u8 *) head); 2064 return (u8 *) head; 2065 } 2066 2067 2068 /* Configure FILS Discovery frame transmission parameters */ 2069 static u8 * hostapd_fils_discovery(struct hostapd_data *hapd, 2070 struct wpa_driver_ap_params *params) 2071 { 2072 params->fd_max_int = hapd->conf->fils_discovery_max_int; 2073 if (is_6ghz_op_class(hapd->iconf->op_class) && 2074 params->fd_max_int > FD_MAX_INTERVAL_6GHZ) 2075 params->fd_max_int = FD_MAX_INTERVAL_6GHZ; 2076 2077 params->fd_min_int = hapd->conf->fils_discovery_min_int; 2078 if (params->fd_min_int > params->fd_max_int) 2079 params->fd_min_int = params->fd_max_int; 2080 2081 if (params->fd_max_int) 2082 return hostapd_gen_fils_discovery(hapd, 2083 ¶ms->fd_frame_tmpl_len); 2084 2085 return NULL; 2086 } 2087 2088 #endif /* CONFIG_FILS */ 2089 2090 2091 int ieee802_11_build_ap_params(struct hostapd_data *hapd, 2092 struct wpa_driver_ap_params *params) 2093 { 2094 struct ieee80211_mgmt *head = NULL; 2095 u8 *tail = NULL; 2096 size_t head_len = 0, tail_len = 0; 2097 u8 *resp = NULL; 2098 size_t resp_len = 0; 2099 #ifdef NEED_AP_MLME 2100 u16 capab_info; 2101 u8 *pos, *tailpos, *tailend, *csa_pos; 2102 bool complete = false; 2103 #endif /* NEED_AP_MLME */ 2104 2105 os_memset(params, 0, sizeof(*params)); 2106 2107 #ifdef NEED_AP_MLME 2108 #define BEACON_HEAD_BUF_SIZE 256 2109 #define BEACON_TAIL_BUF_SIZE 512 2110 head = os_zalloc(BEACON_HEAD_BUF_SIZE); 2111 tail_len = BEACON_TAIL_BUF_SIZE; 2112 #ifdef CONFIG_WPS 2113 if (hapd->conf->wps_state && hapd->wps_beacon_ie) 2114 tail_len += wpabuf_len(hapd->wps_beacon_ie); 2115 #endif /* CONFIG_WPS */ 2116 #ifdef CONFIG_P2P 2117 if (hapd->p2p_beacon_ie) 2118 tail_len += wpabuf_len(hapd->p2p_beacon_ie); 2119 #endif /* CONFIG_P2P */ 2120 #ifdef CONFIG_FST 2121 if (hapd->iface->fst_ies) 2122 tail_len += wpabuf_len(hapd->iface->fst_ies); 2123 #endif /* CONFIG_FST */ 2124 if (hapd->conf->vendor_elements) 2125 tail_len += wpabuf_len(hapd->conf->vendor_elements); 2126 2127 #ifdef CONFIG_IEEE80211AC 2128 if (hapd->conf->vendor_vht) { 2129 tail_len += 5 + 2 + sizeof(struct ieee80211_vht_capabilities) + 2130 2 + sizeof(struct ieee80211_vht_operation); 2131 } 2132 #endif /* CONFIG_IEEE80211AC */ 2133 2134 tail_len += he_elem_len(hapd); 2135 2136 #ifdef CONFIG_IEEE80211BE 2137 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) { 2138 tail_len += hostapd_eid_eht_capab_len(hapd, IEEE80211_MODE_AP); 2139 tail_len += 3 + sizeof(struct ieee80211_eht_operation); 2140 if (hapd->iconf->punct_bitmap) 2141 tail_len += EHT_OPER_DISABLED_SUBCHAN_BITMAP_SIZE; 2142 2143 /* 2144 * TODO: Multi-Link element has variable length and can be 2145 * long based on the common info and number of per 2146 * station profiles. For now use 256. 2147 */ 2148 if (hapd->conf->mld_ap) 2149 tail_len += 256; 2150 } 2151 #endif /* CONFIG_IEEE80211BE */ 2152 2153 if (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED && 2154 hapd == hostapd_mbssid_get_tx_bss(hapd)) 2155 tail_len += 5; /* Multiple BSSID Configuration element */ 2156 tail_len += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_BEACON, true); 2157 tail_len += hostapd_mbo_ie_len(hapd); 2158 tail_len += hostapd_eid_owe_trans_len(hapd); 2159 tail_len += hostapd_eid_dpp_cc_len(hapd); 2160 2161 tailpos = tail = os_malloc(tail_len); 2162 if (head == NULL || tail == NULL) { 2163 wpa_printf(MSG_ERROR, "Failed to set beacon data"); 2164 os_free(head); 2165 os_free(tail); 2166 return -1; 2167 } 2168 tailend = tail + tail_len; 2169 2170 head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 2171 WLAN_FC_STYPE_BEACON); 2172 head->duration = host_to_le16(0); 2173 os_memset(head->da, 0xff, ETH_ALEN); 2174 2175 os_memcpy(head->sa, hapd->own_addr, ETH_ALEN); 2176 os_memcpy(head->bssid, hapd->own_addr, ETH_ALEN); 2177 head->u.beacon.beacon_int = 2178 host_to_le16(hapd->iconf->beacon_int); 2179 2180 /* hardware or low-level driver will setup seq_ctrl and timestamp */ 2181 capab_info = hostapd_own_capab_info(hapd); 2182 head->u.beacon.capab_info = host_to_le16(capab_info); 2183 pos = &head->u.beacon.variable[0]; 2184 2185 /* SSID */ 2186 *pos++ = WLAN_EID_SSID; 2187 if (hapd->conf->ignore_broadcast_ssid == 2) { 2188 /* clear the data, but keep the correct length of the SSID */ 2189 *pos++ = hapd->conf->ssid.ssid_len; 2190 os_memset(pos, 0, hapd->conf->ssid.ssid_len); 2191 pos += hapd->conf->ssid.ssid_len; 2192 } else if (hapd->conf->ignore_broadcast_ssid) { 2193 *pos++ = 0; /* empty SSID */ 2194 } else { 2195 *pos++ = hapd->conf->ssid.ssid_len; 2196 os_memcpy(pos, hapd->conf->ssid.ssid, 2197 hapd->conf->ssid.ssid_len); 2198 pos += hapd->conf->ssid.ssid_len; 2199 } 2200 2201 /* Supported rates */ 2202 pos = hostapd_eid_supp_rates(hapd, pos); 2203 2204 /* DS Params */ 2205 pos = hostapd_eid_ds_params(hapd, pos); 2206 2207 head_len = pos - (u8 *) head; 2208 2209 tailpos = hostapd_eid_country(hapd, tailpos, tailend - tailpos); 2210 2211 /* Power Constraint element */ 2212 tailpos = hostapd_eid_pwr_constraint(hapd, tailpos); 2213 2214 /* CSA IE */ 2215 csa_pos = hostapd_eid_csa(hapd, tailpos); 2216 if (csa_pos != tailpos) 2217 hapd->cs_c_off_beacon = csa_pos - tail - 1; 2218 tailpos = csa_pos; 2219 2220 /* ERP Information element */ 2221 tailpos = hostapd_eid_erp_info(hapd, tailpos); 2222 2223 /* Extended supported rates */ 2224 tailpos = hostapd_eid_ext_supp_rates(hapd, tailpos); 2225 2226 tailpos = hostapd_get_rsne(hapd, tailpos, tailend - tailpos); 2227 tailpos = hostapd_eid_bss_load(hapd, tailpos, tailend - tailpos); 2228 tailpos = hostapd_eid_rm_enabled_capab(hapd, tailpos, 2229 tailend - tailpos); 2230 tailpos = hostapd_get_mde(hapd, tailpos, tailend - tailpos); 2231 2232 /* eCSA IE */ 2233 csa_pos = hostapd_eid_ecsa(hapd, tailpos); 2234 if (csa_pos != tailpos) 2235 hapd->cs_c_off_ecsa_beacon = csa_pos - tail - 1; 2236 tailpos = csa_pos; 2237 2238 tailpos = hostapd_eid_supported_op_classes(hapd, tailpos); 2239 tailpos = hostapd_eid_ht_capabilities(hapd, tailpos); 2240 tailpos = hostapd_eid_ht_operation(hapd, tailpos); 2241 2242 if (hapd->iconf->mbssid && hapd->iconf->num_bss > 1) { 2243 if (ieee802_11_build_ap_params_mbssid(hapd, params)) { 2244 os_free(head); 2245 os_free(tail); 2246 wpa_printf(MSG_ERROR, 2247 "MBSSID: Failed to set beacon data"); 2248 return -1; 2249 } 2250 complete = hapd->iconf->mbssid == MBSSID_ENABLED || 2251 (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED && 2252 params->mbssid_elem_count == 1); 2253 } 2254 2255 tailpos = hostapd_eid_ext_capab(hapd, tailpos, complete); 2256 2257 /* 2258 * TODO: Time Advertisement element should only be included in some 2259 * DTIM Beacon frames. 2260 */ 2261 tailpos = hostapd_eid_time_adv(hapd, tailpos); 2262 2263 tailpos = hostapd_eid_interworking(hapd, tailpos); 2264 tailpos = hostapd_eid_adv_proto(hapd, tailpos); 2265 tailpos = hostapd_eid_roaming_consortium(hapd, tailpos); 2266 2267 #ifdef CONFIG_FST 2268 if (hapd->iface->fst_ies) { 2269 os_memcpy(tailpos, wpabuf_head(hapd->iface->fst_ies), 2270 wpabuf_len(hapd->iface->fst_ies)); 2271 tailpos += wpabuf_len(hapd->iface->fst_ies); 2272 } 2273 #endif /* CONFIG_FST */ 2274 2275 #ifdef CONFIG_IEEE80211AC 2276 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac && 2277 !is_6ghz_op_class(hapd->iconf->op_class)) { 2278 tailpos = hostapd_eid_vht_capabilities(hapd, tailpos, 0); 2279 tailpos = hostapd_eid_vht_operation(hapd, tailpos); 2280 tailpos = hostapd_eid_txpower_envelope(hapd, tailpos); 2281 } 2282 #endif /* CONFIG_IEEE80211AC */ 2283 2284 #ifdef CONFIG_IEEE80211AX 2285 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax && 2286 is_6ghz_op_class(hapd->iconf->op_class)) 2287 tailpos = hostapd_eid_txpower_envelope(hapd, tailpos); 2288 #endif /* CONFIG_IEEE80211AX */ 2289 2290 tailpos = hostapd_eid_wb_chsw_wrapper(hapd, tailpos); 2291 2292 tailpos = hostapd_eid_rnr(hapd, tailpos, WLAN_FC_STYPE_BEACON, true); 2293 tailpos = hostapd_eid_fils_indic(hapd, tailpos, 0); 2294 tailpos = hostapd_get_rsnxe(hapd, tailpos, tailend - tailpos); 2295 tailpos = hostapd_eid_mbssid_config(hapd, tailpos, 2296 params->mbssid_elem_count); 2297 2298 #ifdef CONFIG_IEEE80211AX 2299 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) { 2300 u8 *cca_pos; 2301 2302 tailpos = hostapd_eid_he_capab(hapd, tailpos, 2303 IEEE80211_MODE_AP); 2304 tailpos = hostapd_eid_he_operation(hapd, tailpos); 2305 2306 /* BSS Color Change Announcement element */ 2307 cca_pos = hostapd_eid_cca(hapd, tailpos); 2308 if (cca_pos != tailpos) 2309 hapd->cca_c_off_beacon = cca_pos - tail - 2; 2310 tailpos = cca_pos; 2311 2312 tailpos = hostapd_eid_spatial_reuse(hapd, tailpos); 2313 tailpos = hostapd_eid_he_mu_edca_parameter_set(hapd, tailpos); 2314 tailpos = hostapd_eid_he_6ghz_band_cap(hapd, tailpos); 2315 } 2316 #endif /* CONFIG_IEEE80211AX */ 2317 2318 #ifdef CONFIG_IEEE80211BE 2319 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) { 2320 if (hapd->conf->mld_ap) 2321 tailpos = hostapd_eid_eht_ml_beacon(hapd, NULL, 2322 tailpos, false); 2323 tailpos = hostapd_eid_eht_capab(hapd, tailpos, 2324 IEEE80211_MODE_AP); 2325 tailpos = hostapd_eid_eht_operation(hapd, tailpos); 2326 } 2327 #endif /* CONFIG_IEEE80211BE */ 2328 2329 #ifdef CONFIG_IEEE80211AC 2330 if (hapd->conf->vendor_vht) 2331 tailpos = hostapd_eid_vendor_vht(hapd, tailpos); 2332 #endif /* CONFIG_IEEE80211AC */ 2333 2334 /* WPA / OSEN */ 2335 tailpos = hostapd_get_wpa_ie(hapd, tailpos, tailend - tailpos); 2336 tailpos = hostapd_get_osen_ie(hapd, tailpos, tailend - tailpos); 2337 2338 /* Wi-Fi Alliance WMM */ 2339 tailpos = hostapd_eid_wmm(hapd, tailpos); 2340 2341 #ifdef CONFIG_WPS 2342 if (hapd->conf->wps_state && hapd->wps_beacon_ie) { 2343 os_memcpy(tailpos, wpabuf_head(hapd->wps_beacon_ie), 2344 wpabuf_len(hapd->wps_beacon_ie)); 2345 tailpos += wpabuf_len(hapd->wps_beacon_ie); 2346 } 2347 #endif /* CONFIG_WPS */ 2348 2349 #ifdef CONFIG_P2P 2350 if ((hapd->conf->p2p & P2P_ENABLED) && hapd->p2p_beacon_ie) { 2351 os_memcpy(tailpos, wpabuf_head(hapd->p2p_beacon_ie), 2352 wpabuf_len(hapd->p2p_beacon_ie)); 2353 tailpos += wpabuf_len(hapd->p2p_beacon_ie); 2354 } 2355 #endif /* CONFIG_P2P */ 2356 #ifdef CONFIG_P2P_MANAGER 2357 if ((hapd->conf->p2p & (P2P_MANAGE | P2P_ENABLED | P2P_GROUP_OWNER)) == 2358 P2P_MANAGE) 2359 tailpos = hostapd_eid_p2p_manage(hapd, tailpos); 2360 #endif /* CONFIG_P2P_MANAGER */ 2361 2362 #ifdef CONFIG_HS20 2363 tailpos = hostapd_eid_hs20_indication(hapd, tailpos); 2364 #endif /* CONFIG_HS20 */ 2365 2366 tailpos = hostapd_eid_mbo(hapd, tailpos, tail + tail_len - tailpos); 2367 tailpos = hostapd_eid_owe_trans(hapd, tailpos, 2368 tail + tail_len - tailpos); 2369 tailpos = hostapd_eid_dpp_cc(hapd, tailpos, tail + tail_len - tailpos); 2370 2371 if (hapd->conf->vendor_elements) { 2372 os_memcpy(tailpos, wpabuf_head(hapd->conf->vendor_elements), 2373 wpabuf_len(hapd->conf->vendor_elements)); 2374 tailpos += wpabuf_len(hapd->conf->vendor_elements); 2375 } 2376 2377 tail_len = tailpos > tail ? tailpos - tail : 0; 2378 2379 resp = hostapd_probe_resp_offloads(hapd, &resp_len); 2380 #endif /* NEED_AP_MLME */ 2381 2382 /* If key management offload is enabled, configure PSK to the driver. */ 2383 if (wpa_key_mgmt_wpa_psk_no_sae(hapd->conf->wpa_key_mgmt) && 2384 (hapd->iface->drv_flags2 & 2385 WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK)) { 2386 if (hapd->conf->ssid.wpa_psk && hapd->conf->ssid.wpa_psk_set) { 2387 os_memcpy(params->psk, hapd->conf->ssid.wpa_psk->psk, 2388 PMK_LEN); 2389 params->psk_len = PMK_LEN; 2390 } else if (hapd->conf->ssid.wpa_passphrase && 2391 pbkdf2_sha1(hapd->conf->ssid.wpa_passphrase, 2392 hapd->conf->ssid.ssid, 2393 hapd->conf->ssid.ssid_len, 4096, 2394 params->psk, PMK_LEN) == 0) { 2395 params->psk_len = PMK_LEN; 2396 } 2397 } 2398 2399 #ifdef CONFIG_SAE 2400 /* If SAE offload is enabled, provide password to lower layer for 2401 * SAE authentication and PMK generation. 2402 */ 2403 if (wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 2404 (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP)) { 2405 if (hostapd_sae_pk_in_use(hapd->conf)) { 2406 wpa_printf(MSG_ERROR, 2407 "SAE PK not supported with SAE offload"); 2408 return -1; 2409 } 2410 2411 if (hostapd_sae_pw_id_in_use(hapd->conf)) { 2412 wpa_printf(MSG_ERROR, 2413 "SAE Password Identifiers not supported with SAE offload"); 2414 return -1; 2415 } 2416 2417 params->sae_password = sae_get_password(hapd, NULL, NULL, NULL, 2418 NULL, NULL); 2419 if (!params->sae_password) { 2420 wpa_printf(MSG_ERROR, "SAE password not configured for offload"); 2421 return -1; 2422 } 2423 } 2424 #endif /* CONFIG_SAE */ 2425 2426 params->head = (u8 *) head; 2427 params->head_len = head_len; 2428 params->tail = tail; 2429 params->tail_len = tail_len; 2430 params->proberesp = resp; 2431 params->proberesp_len = resp_len; 2432 params->dtim_period = hapd->conf->dtim_period; 2433 params->beacon_int = hapd->iconf->beacon_int; 2434 params->basic_rates = hapd->iface->basic_rates; 2435 params->beacon_rate = hapd->iconf->beacon_rate; 2436 params->rate_type = hapd->iconf->rate_type; 2437 params->ssid = hapd->conf->ssid.ssid; 2438 params->ssid_len = hapd->conf->ssid.ssid_len; 2439 if ((hapd->conf->wpa & (WPA_PROTO_WPA | WPA_PROTO_RSN)) == 2440 (WPA_PROTO_WPA | WPA_PROTO_RSN)) 2441 params->pairwise_ciphers = hapd->conf->wpa_pairwise | 2442 hapd->conf->rsn_pairwise; 2443 else if (hapd->conf->wpa & WPA_PROTO_RSN) 2444 params->pairwise_ciphers = hapd->conf->rsn_pairwise; 2445 else if (hapd->conf->wpa & WPA_PROTO_WPA) 2446 params->pairwise_ciphers = hapd->conf->wpa_pairwise; 2447 params->group_cipher = hapd->conf->wpa_group; 2448 params->key_mgmt_suites = hapd->conf->wpa_key_mgmt; 2449 params->auth_algs = hapd->conf->auth_algs; 2450 params->wpa_version = hapd->conf->wpa; 2451 params->privacy = hapd->conf->wpa; 2452 #ifdef CONFIG_WEP 2453 params->privacy |= hapd->conf->ssid.wep.keys_set || 2454 (hapd->conf->ieee802_1x && 2455 (hapd->conf->default_wep_key_len || 2456 hapd->conf->individual_wep_key_len)); 2457 #endif /* CONFIG_WEP */ 2458 switch (hapd->conf->ignore_broadcast_ssid) { 2459 case 0: 2460 params->hide_ssid = NO_SSID_HIDING; 2461 break; 2462 case 1: 2463 params->hide_ssid = HIDDEN_SSID_ZERO_LEN; 2464 break; 2465 case 2: 2466 params->hide_ssid = HIDDEN_SSID_ZERO_CONTENTS; 2467 break; 2468 } 2469 params->isolate = hapd->conf->isolate; 2470 #ifdef NEED_AP_MLME 2471 params->cts_protect = !!(ieee802_11_erp_info(hapd) & 2472 ERP_INFO_USE_PROTECTION); 2473 params->preamble = hapd->iface->num_sta_no_short_preamble == 0 && 2474 hapd->iconf->preamble == SHORT_PREAMBLE; 2475 if (hapd->iface->current_mode && 2476 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 2477 params->short_slot_time = 2478 hapd->iface->num_sta_no_short_slot_time > 0 ? 0 : 1; 2479 else 2480 params->short_slot_time = -1; 2481 if (!hapd->iconf->ieee80211n || hapd->conf->disable_11n) 2482 params->ht_opmode = -1; 2483 else 2484 params->ht_opmode = hapd->iface->ht_op_mode; 2485 #endif /* NEED_AP_MLME */ 2486 params->interworking = hapd->conf->interworking; 2487 if (hapd->conf->interworking && 2488 !is_zero_ether_addr(hapd->conf->hessid)) 2489 params->hessid = hapd->conf->hessid; 2490 params->access_network_type = hapd->conf->access_network_type; 2491 params->ap_max_inactivity = hapd->conf->ap_max_inactivity; 2492 #ifdef CONFIG_P2P 2493 params->p2p_go_ctwindow = hapd->iconf->p2p_go_ctwindow; 2494 #endif /* CONFIG_P2P */ 2495 #ifdef CONFIG_HS20 2496 params->disable_dgaf = hapd->conf->disable_dgaf; 2497 if (hapd->conf->osen) { 2498 params->privacy = 1; 2499 params->osen = 1; 2500 } 2501 #endif /* CONFIG_HS20 */ 2502 params->multicast_to_unicast = hapd->conf->multicast_to_unicast; 2503 params->pbss = hapd->conf->pbss; 2504 2505 if (hapd->conf->ftm_responder) { 2506 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_FTM_RESPONDER) { 2507 params->ftm_responder = 1; 2508 params->lci = hapd->iface->conf->lci; 2509 params->civic = hapd->iface->conf->civic; 2510 } else { 2511 wpa_printf(MSG_WARNING, 2512 "Not configuring FTM responder as the driver doesn't advertise support for it"); 2513 } 2514 } 2515 2516 #ifdef CONFIG_IEEE80211BE 2517 if (hapd->conf->mld_ap && hapd->iconf->ieee80211be && 2518 !hapd->conf->disable_11be) { 2519 params->mld_ap = true; 2520 params->mld_link_id = hapd->mld_link_id; 2521 } 2522 #endif /* CONFIG_IEEE80211BE */ 2523 2524 return 0; 2525 } 2526 2527 2528 void ieee802_11_free_ap_params(struct wpa_driver_ap_params *params) 2529 { 2530 os_free(params->tail); 2531 params->tail = NULL; 2532 os_free(params->head); 2533 params->head = NULL; 2534 os_free(params->proberesp); 2535 params->proberesp = NULL; 2536 os_free(params->mbssid_elem); 2537 params->mbssid_elem = NULL; 2538 os_free(params->mbssid_elem_offset); 2539 params->mbssid_elem_offset = NULL; 2540 os_free(params->rnr_elem); 2541 params->rnr_elem = NULL; 2542 os_free(params->rnr_elem_offset); 2543 params->rnr_elem_offset = NULL; 2544 #ifdef CONFIG_FILS 2545 os_free(params->fd_frame_tmpl); 2546 params->fd_frame_tmpl = NULL; 2547 #endif /* CONFIG_FILS */ 2548 #ifdef CONFIG_IEEE80211AX 2549 os_free(params->ubpr.unsol_bcast_probe_resp_tmpl); 2550 params->ubpr.unsol_bcast_probe_resp_tmpl = NULL; 2551 #endif /* CONFIG_IEEE80211AX */ 2552 os_free(params->allowed_freqs); 2553 params->allowed_freqs = NULL; 2554 } 2555 2556 2557 static int __ieee802_11_set_beacon(struct hostapd_data *hapd) 2558 { 2559 struct wpa_driver_ap_params params; 2560 struct hostapd_freq_params freq; 2561 struct hostapd_iface *iface = hapd->iface; 2562 struct hostapd_config *iconf = iface->conf; 2563 struct hostapd_hw_modes *cmode = iface->current_mode; 2564 struct wpabuf *beacon, *proberesp, *assocresp; 2565 bool twt_he_responder = false; 2566 int res, ret = -1, i; 2567 struct hostapd_hw_modes *mode; 2568 2569 if (!hapd->drv_priv) { 2570 wpa_printf(MSG_ERROR, "Interface is disabled"); 2571 return -1; 2572 } 2573 2574 if (hapd->csa_in_progress) { 2575 wpa_printf(MSG_ERROR, "Cannot set beacons during CSA period"); 2576 return -1; 2577 } 2578 2579 hapd->beacon_set_done = 1; 2580 2581 if (ieee802_11_build_ap_params(hapd, ¶ms) < 0) 2582 return -1; 2583 2584 if (hostapd_build_ap_extra_ies(hapd, &beacon, &proberesp, &assocresp) < 2585 0) 2586 goto fail; 2587 2588 params.beacon_ies = beacon; 2589 params.proberesp_ies = proberesp; 2590 params.assocresp_ies = assocresp; 2591 params.reenable = hapd->reenable_beacon; 2592 #ifdef CONFIG_IEEE80211AX 2593 params.he_spr_ctrl = hapd->iface->conf->spr.sr_control; 2594 params.he_spr_non_srg_obss_pd_max_offset = 2595 hapd->iface->conf->spr.non_srg_obss_pd_max_offset; 2596 params.he_spr_srg_obss_pd_min_offset = 2597 hapd->iface->conf->spr.srg_obss_pd_min_offset; 2598 params.he_spr_srg_obss_pd_max_offset = 2599 hapd->iface->conf->spr.srg_obss_pd_max_offset; 2600 os_memcpy(params.he_spr_bss_color_bitmap, 2601 hapd->iface->conf->spr.srg_bss_color_bitmap, 8); 2602 os_memcpy(params.he_spr_partial_bssid_bitmap, 2603 hapd->iface->conf->spr.srg_partial_bssid_bitmap, 8); 2604 params.he_bss_color_disabled = 2605 hapd->iface->conf->he_op.he_bss_color_disabled; 2606 params.he_bss_color_partial = 2607 hapd->iface->conf->he_op.he_bss_color_partial; 2608 params.he_bss_color = hapd->iface->conf->he_op.he_bss_color; 2609 twt_he_responder = hostapd_get_he_twt_responder(hapd, 2610 IEEE80211_MODE_AP); 2611 params.ubpr.unsol_bcast_probe_resp_tmpl = 2612 hostapd_unsol_bcast_probe_resp(hapd, ¶ms.ubpr); 2613 #endif /* CONFIG_IEEE80211AX */ 2614 params.twt_responder = 2615 twt_he_responder || hostapd_get_ht_vht_twt_responder(hapd); 2616 hapd->reenable_beacon = 0; 2617 #ifdef CONFIG_SAE 2618 params.sae_pwe = hapd->conf->sae_pwe; 2619 #endif /* CONFIG_SAE */ 2620 2621 #ifdef CONFIG_FILS 2622 params.fd_frame_tmpl = hostapd_fils_discovery(hapd, ¶ms); 2623 #endif /* CONFIG_FILS */ 2624 2625 #ifdef CONFIG_IEEE80211BE 2626 params.punct_bitmap = iconf->punct_bitmap; 2627 #endif /* CONFIG_IEEE80211BE */ 2628 2629 if (cmode && 2630 hostapd_set_freq_params(&freq, iconf->hw_mode, iface->freq, 2631 iconf->channel, iconf->enable_edmg, 2632 iconf->edmg_channel, iconf->ieee80211n, 2633 iconf->ieee80211ac, iconf->ieee80211ax, 2634 iconf->ieee80211be, 2635 iconf->secondary_channel, 2636 hostapd_get_oper_chwidth(iconf), 2637 hostapd_get_oper_centr_freq_seg0_idx(iconf), 2638 hostapd_get_oper_centr_freq_seg1_idx(iconf), 2639 cmode->vht_capab, 2640 &cmode->he_capab[IEEE80211_MODE_AP], 2641 &cmode->eht_capab[IEEE80211_MODE_AP], 2642 hostapd_get_punct_bitmap(hapd)) == 0) { 2643 freq.link_id = -1; 2644 #ifdef CONFIG_IEEE80211BE 2645 if (hapd->conf->mld_ap) 2646 freq.link_id = hapd->mld_link_id; 2647 #endif /* CONFIG_IEEE80211BE */ 2648 params.freq = &freq; 2649 } 2650 2651 for (i = 0; i < hapd->iface->num_hw_features; i++) { 2652 mode = &hapd->iface->hw_features[i]; 2653 2654 if (iconf->hw_mode != HOSTAPD_MODE_IEEE80211ANY && 2655 iconf->hw_mode != mode->mode) 2656 continue; 2657 2658 hostapd_get_hw_mode_any_channels(hapd, mode, 2659 !(iconf->acs_freq_list.num || 2660 iconf->acs_ch_list.num), 2661 true, ¶ms.allowed_freqs); 2662 } 2663 2664 res = hostapd_drv_set_ap(hapd, ¶ms); 2665 hostapd_free_ap_extra_ies(hapd, beacon, proberesp, assocresp); 2666 if (res) 2667 wpa_printf(MSG_ERROR, "Failed to set beacon parameters"); 2668 else 2669 ret = 0; 2670 fail: 2671 ieee802_11_free_ap_params(¶ms); 2672 return ret; 2673 } 2674 2675 2676 void ieee802_11_set_beacon_per_bss_only(struct hostapd_data *hapd) 2677 { 2678 __ieee802_11_set_beacon(hapd); 2679 } 2680 2681 2682 int ieee802_11_set_beacon(struct hostapd_data *hapd) 2683 { 2684 struct hostapd_iface *iface = hapd->iface; 2685 int ret; 2686 size_t i, j; 2687 bool is_6g, hapd_mld = false; 2688 2689 ret = __ieee802_11_set_beacon(hapd); 2690 if (ret != 0) 2691 return ret; 2692 2693 if (!iface->interfaces || iface->interfaces->count <= 1) 2694 return 0; 2695 2696 #ifdef CONFIG_IEEE80211BE 2697 hapd_mld = hapd->conf->mld_ap; 2698 #endif /* CONFIG_IEEE80211BE */ 2699 2700 /* Update Beacon frames in case of 6 GHz colocation or AP MLD */ 2701 is_6g = is_6ghz_op_class(iface->conf->op_class); 2702 for (j = 0; j < iface->interfaces->count; j++) { 2703 struct hostapd_iface *other; 2704 bool other_iface_6g; 2705 2706 other = iface->interfaces->iface[j]; 2707 if (other == iface || !other || !other->conf) 2708 continue; 2709 2710 other_iface_6g = is_6ghz_op_class(other->conf->op_class); 2711 2712 if (is_6g == other_iface_6g && !hapd_mld) 2713 continue; 2714 2715 for (i = 0; i < other->num_bss; i++) { 2716 #ifdef CONFIG_IEEE80211BE 2717 if (is_6g == other_iface_6g && 2718 !(hapd_mld && other->bss[i]->conf->mld_ap && 2719 hostapd_is_ml_partner(hapd, other->bss[i]))) 2720 continue; 2721 #endif /* CONFIG_IEEE80211BE */ 2722 2723 if (other->bss[i] && other->bss[i]->started) 2724 __ieee802_11_set_beacon(other->bss[i]); 2725 } 2726 } 2727 2728 return 0; 2729 } 2730 2731 2732 int ieee802_11_set_beacons(struct hostapd_iface *iface) 2733 { 2734 size_t i; 2735 int ret = 0; 2736 2737 for (i = 0; i < iface->num_bss; i++) { 2738 if (iface->bss[i]->started && 2739 ieee802_11_set_beacon(iface->bss[i]) < 0) 2740 ret = -1; 2741 } 2742 2743 return ret; 2744 } 2745 2746 2747 /* only update beacons if started */ 2748 int ieee802_11_update_beacons(struct hostapd_iface *iface) 2749 { 2750 size_t i; 2751 int ret = 0; 2752 2753 for (i = 0; i < iface->num_bss; i++) { 2754 if (iface->bss[i]->beacon_set_done && iface->bss[i]->started && 2755 ieee802_11_set_beacon(iface->bss[i]) < 0) 2756 ret = -1; 2757 } 2758 2759 return ret; 2760 } 2761 2762 #endif /* CONFIG_NATIVE_WINDOWS */ 2763