xref: /freebsd/contrib/wpa/src/ap/drv_callbacks.c (revision ec0ea6efa1ad229d75c394c1a9b9cac33af2b1d3)
1 /*
2  * hostapd / Callback functions for driver wrappers
3  * Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "radius/radius.h"
14 #include "drivers/driver.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_11_common.h"
17 #include "common/wpa_ctrl.h"
18 #include "common/dpp.h"
19 #include "common/sae.h"
20 #include "common/hw_features_common.h"
21 #include "crypto/random.h"
22 #include "p2p/p2p.h"
23 #include "wps/wps.h"
24 #include "fst/fst.h"
25 #include "wnm_ap.h"
26 #include "hostapd.h"
27 #include "ieee802_11.h"
28 #include "ieee802_11_auth.h"
29 #include "sta_info.h"
30 #include "accounting.h"
31 #include "tkip_countermeasures.h"
32 #include "ieee802_1x.h"
33 #include "wpa_auth.h"
34 #include "wps_hostapd.h"
35 #include "ap_drv_ops.h"
36 #include "ap_config.h"
37 #include "ap_mlme.h"
38 #include "hw_features.h"
39 #include "dfs.h"
40 #include "beacon.h"
41 #include "mbo_ap.h"
42 #include "dpp_hostapd.h"
43 #include "fils_hlp.h"
44 #include "neighbor_db.h"
45 
46 
47 #ifdef CONFIG_FILS
48 void hostapd_notify_assoc_fils_finish(struct hostapd_data *hapd,
49 				      struct sta_info *sta)
50 {
51 	u16 reply_res = WLAN_STATUS_SUCCESS;
52 	struct ieee802_11_elems elems;
53 	u8 buf[IEEE80211_MAX_MMPDU_SIZE], *p = buf;
54 	int new_assoc;
55 
56 	wpa_printf(MSG_DEBUG, "%s FILS: Finish association with " MACSTR,
57 		   __func__, MAC2STR(sta->addr));
58 	eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
59 	if (!sta->fils_pending_assoc_req)
60 		return;
61 
62 	ieee802_11_parse_elems(sta->fils_pending_assoc_req,
63 			       sta->fils_pending_assoc_req_len, &elems, 0);
64 	if (!elems.fils_session) {
65 		wpa_printf(MSG_DEBUG, "%s failed to find FILS Session element",
66 			   __func__);
67 		return;
68 	}
69 
70 	p = hostapd_eid_assoc_fils_session(sta->wpa_sm, p,
71 					   elems.fils_session,
72 					   sta->fils_hlp_resp);
73 
74 	reply_res = hostapd_sta_assoc(hapd, sta->addr,
75 				      sta->fils_pending_assoc_is_reassoc,
76 				      WLAN_STATUS_SUCCESS,
77 				      buf, p - buf);
78 	ap_sta_set_authorized(hapd, sta, 1);
79 	new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
80 	sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
81 	sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
82 	hostapd_set_sta_flags(hapd, sta);
83 	wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FILS);
84 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
85 	hostapd_new_assoc_sta(hapd, sta, !new_assoc);
86 	os_free(sta->fils_pending_assoc_req);
87 	sta->fils_pending_assoc_req = NULL;
88 	sta->fils_pending_assoc_req_len = 0;
89 	wpabuf_free(sta->fils_hlp_resp);
90 	sta->fils_hlp_resp = NULL;
91 	wpabuf_free(sta->hlp_dhcp_discover);
92 	sta->hlp_dhcp_discover = NULL;
93 	fils_hlp_deinit(hapd);
94 
95 	/*
96 	 * Remove the station in case transmission of a success response fails
97 	 * (the STA was added associated to the driver) or if the station was
98 	 * previously added unassociated.
99 	 */
100 	if (reply_res != WLAN_STATUS_SUCCESS || sta->added_unassoc) {
101 		hostapd_drv_sta_remove(hapd, sta->addr);
102 		sta->added_unassoc = 0;
103 	}
104 }
105 #endif /* CONFIG_FILS */
106 
107 
108 static bool check_sa_query_need(struct hostapd_data *hapd, struct sta_info *sta)
109 {
110 	if ((sta->flags &
111 	     (WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED)) !=
112 	    (WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED))
113 		return false;
114 
115 	if (!sta->sa_query_timed_out && sta->sa_query_count > 0)
116 		ap_check_sa_query_timeout(hapd, sta);
117 
118 	if (!sta->sa_query_timed_out && (sta->auth_alg != WLAN_AUTH_FT)) {
119 		/*
120 		 * STA has already been associated with MFP and SA Query timeout
121 		 * has not been reached. Reject the association attempt
122 		 * temporarily and start SA Query, if one is not pending.
123 		 */
124 		if (sta->sa_query_count == 0)
125 			ap_sta_start_sa_query(hapd, sta);
126 
127 		return true;
128 	}
129 
130 	return false;
131 }
132 
133 
134 int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
135 			const u8 *req_ies, size_t req_ies_len, int reassoc)
136 {
137 	struct sta_info *sta;
138 	int new_assoc;
139 	enum wpa_validate_result res;
140 	struct ieee802_11_elems elems;
141 	const u8 *ie;
142 	size_t ielen;
143 	u8 buf[sizeof(struct ieee80211_mgmt) + 1024];
144 	u8 *p = buf;
145 	u16 reason = WLAN_REASON_UNSPECIFIED;
146 	int status = WLAN_STATUS_SUCCESS;
147 	const u8 *p2p_dev_addr = NULL;
148 
149 	if (addr == NULL) {
150 		/*
151 		 * This could potentially happen with unexpected event from the
152 		 * driver wrapper. This was seen at least in one case where the
153 		 * driver ended up being set to station mode while hostapd was
154 		 * running, so better make sure we stop processing such an
155 		 * event here.
156 		 */
157 		wpa_printf(MSG_DEBUG,
158 			   "hostapd_notif_assoc: Skip event with no address");
159 		return -1;
160 	}
161 
162 	if (is_multicast_ether_addr(addr) ||
163 	    is_zero_ether_addr(addr) ||
164 	    os_memcmp(addr, hapd->own_addr, ETH_ALEN) == 0) {
165 		/* Do not process any frames with unexpected/invalid SA so that
166 		 * we do not add any state for unexpected STA addresses or end
167 		 * up sending out frames to unexpected destination. */
168 		wpa_printf(MSG_DEBUG, "%s: Invalid SA=" MACSTR
169 			   " in received indication - ignore this indication silently",
170 			   __func__, MAC2STR(addr));
171 		return 0;
172 	}
173 
174 	random_add_randomness(addr, ETH_ALEN);
175 
176 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
177 		       HOSTAPD_LEVEL_INFO, "associated");
178 
179 	ieee802_11_parse_elems(req_ies, req_ies_len, &elems, 0);
180 	if (elems.wps_ie) {
181 		ie = elems.wps_ie - 2;
182 		ielen = elems.wps_ie_len + 2;
183 		wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)AssocReq");
184 	} else if (elems.rsn_ie) {
185 		ie = elems.rsn_ie - 2;
186 		ielen = elems.rsn_ie_len + 2;
187 		wpa_printf(MSG_DEBUG, "STA included RSN IE in (Re)AssocReq");
188 	} else if (elems.wpa_ie) {
189 		ie = elems.wpa_ie - 2;
190 		ielen = elems.wpa_ie_len + 2;
191 		wpa_printf(MSG_DEBUG, "STA included WPA IE in (Re)AssocReq");
192 #ifdef CONFIG_HS20
193 	} else if (elems.osen) {
194 		ie = elems.osen - 2;
195 		ielen = elems.osen_len + 2;
196 		wpa_printf(MSG_DEBUG, "STA included OSEN IE in (Re)AssocReq");
197 #endif /* CONFIG_HS20 */
198 	} else {
199 		ie = NULL;
200 		ielen = 0;
201 		wpa_printf(MSG_DEBUG,
202 			   "STA did not include WPS/RSN/WPA IE in (Re)AssocReq");
203 	}
204 
205 	sta = ap_get_sta(hapd, addr);
206 	if (sta) {
207 		ap_sta_no_session_timeout(hapd, sta);
208 		accounting_sta_stop(hapd, sta);
209 
210 		/*
211 		 * Make sure that the previously registered inactivity timer
212 		 * will not remove the STA immediately.
213 		 */
214 		sta->timeout_next = STA_NULLFUNC;
215 	} else {
216 		sta = ap_sta_add(hapd, addr);
217 		if (sta == NULL) {
218 			hostapd_drv_sta_disassoc(hapd, addr,
219 						 WLAN_REASON_DISASSOC_AP_BUSY);
220 			return -1;
221 		}
222 	}
223 	sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
224 
225 	/*
226 	 * ACL configurations to the drivers (implementing AP SME and ACL
227 	 * offload) without hostapd's knowledge, can result in a disconnection
228 	 * though the driver accepts the connection. Skip the hostapd check for
229 	 * ACL if the driver supports ACL offload to avoid potentially
230 	 * conflicting ACL rules.
231 	 */
232 	if (hapd->iface->drv_max_acl_mac_addrs == 0 &&
233 	    hostapd_check_acl(hapd, addr, NULL) != HOSTAPD_ACL_ACCEPT) {
234 		wpa_printf(MSG_INFO, "STA " MACSTR " not allowed to connect",
235 			   MAC2STR(addr));
236 		reason = WLAN_REASON_UNSPECIFIED;
237 		goto fail;
238 	}
239 
240 #ifdef CONFIG_P2P
241 	if (elems.p2p) {
242 		wpabuf_free(sta->p2p_ie);
243 		sta->p2p_ie = ieee802_11_vendor_ie_concat(req_ies, req_ies_len,
244 							  P2P_IE_VENDOR_TYPE);
245 		if (sta->p2p_ie)
246 			p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
247 	}
248 #endif /* CONFIG_P2P */
249 
250 #ifdef NEED_AP_MLME
251 	if (elems.ht_capabilities &&
252 	    (hapd->iface->conf->ht_capab &
253 	     HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) {
254 		struct ieee80211_ht_capabilities *ht_cap =
255 			(struct ieee80211_ht_capabilities *)
256 			elems.ht_capabilities;
257 
258 		if (le_to_host16(ht_cap->ht_capabilities_info) &
259 		    HT_CAP_INFO_40MHZ_INTOLERANT)
260 			ht40_intolerant_add(hapd->iface, sta);
261 	}
262 #endif /* NEED_AP_MLME */
263 
264 #ifdef CONFIG_INTERWORKING
265 	if (elems.ext_capab && elems.ext_capab_len > 4) {
266 		if (elems.ext_capab[4] & 0x01)
267 			sta->qos_map_enabled = 1;
268 	}
269 #endif /* CONFIG_INTERWORKING */
270 
271 #ifdef CONFIG_HS20
272 	wpabuf_free(sta->hs20_ie);
273 	if (elems.hs20 && elems.hs20_len > 4) {
274 		sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
275 						 elems.hs20_len - 4);
276 	} else
277 		sta->hs20_ie = NULL;
278 
279 	wpabuf_free(sta->roaming_consortium);
280 	if (elems.roaming_cons_sel)
281 		sta->roaming_consortium = wpabuf_alloc_copy(
282 			elems.roaming_cons_sel + 4,
283 			elems.roaming_cons_sel_len - 4);
284 	else
285 		sta->roaming_consortium = NULL;
286 #endif /* CONFIG_HS20 */
287 
288 #ifdef CONFIG_FST
289 	wpabuf_free(sta->mb_ies);
290 	if (hapd->iface->fst)
291 		sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
292 	else
293 		sta->mb_ies = NULL;
294 #endif /* CONFIG_FST */
295 
296 	mbo_ap_check_sta_assoc(hapd, sta, &elems);
297 
298 	ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes,
299 				    elems.supp_op_classes_len);
300 
301 	if (hapd->conf->wpa) {
302 		if (ie == NULL || ielen == 0) {
303 #ifdef CONFIG_WPS
304 			if (hapd->conf->wps_state) {
305 				wpa_printf(MSG_DEBUG,
306 					   "STA did not include WPA/RSN IE in (Re)Association Request - possible WPS use");
307 				sta->flags |= WLAN_STA_MAYBE_WPS;
308 				goto skip_wpa_check;
309 			}
310 #endif /* CONFIG_WPS */
311 
312 			wpa_printf(MSG_DEBUG, "No WPA/RSN IE from STA");
313 			reason = WLAN_REASON_INVALID_IE;
314 			status = WLAN_STATUS_INVALID_IE;
315 			goto fail;
316 		}
317 #ifdef CONFIG_WPS
318 		if (hapd->conf->wps_state && ie[0] == 0xdd && ie[1] >= 4 &&
319 		    os_memcmp(ie + 2, "\x00\x50\xf2\x04", 4) == 0) {
320 			struct wpabuf *wps;
321 
322 			if (check_sa_query_need(hapd, sta)) {
323 				status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
324 
325 				p = hostapd_eid_assoc_comeback_time(hapd, sta,
326 								    p);
327 
328 				hostapd_sta_assoc(hapd, addr, reassoc, status,
329 						  buf, p - buf);
330 				return 0;
331 			}
332 
333 			sta->flags |= WLAN_STA_WPS;
334 			wps = ieee802_11_vendor_ie_concat(ie, ielen,
335 							  WPS_IE_VENDOR_TYPE);
336 			if (wps) {
337 				if (wps_is_20(wps)) {
338 					wpa_printf(MSG_DEBUG,
339 						   "WPS: STA supports WPS 2.0");
340 					sta->flags |= WLAN_STA_WPS2;
341 				}
342 				wpabuf_free(wps);
343 			}
344 			goto skip_wpa_check;
345 		}
346 #endif /* CONFIG_WPS */
347 
348 		if (sta->wpa_sm == NULL)
349 			sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
350 							sta->addr,
351 							p2p_dev_addr);
352 		if (sta->wpa_sm == NULL) {
353 			wpa_printf(MSG_ERROR,
354 				   "Failed to initialize WPA state machine");
355 			return -1;
356 		}
357 		res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
358 					  hapd->iface->freq,
359 					  ie, ielen,
360 					  elems.rsnxe ? elems.rsnxe - 2 : NULL,
361 					  elems.rsnxe ? elems.rsnxe_len + 2 : 0,
362 					  elems.mdie, elems.mdie_len,
363 					  elems.owe_dh, elems.owe_dh_len);
364 		reason = WLAN_REASON_INVALID_IE;
365 		status = WLAN_STATUS_INVALID_IE;
366 		switch (res) {
367 		case WPA_IE_OK:
368 			reason = WLAN_REASON_UNSPECIFIED;
369 			status = WLAN_STATUS_SUCCESS;
370 			break;
371 		case WPA_INVALID_IE:
372 			reason = WLAN_REASON_INVALID_IE;
373 			status = WLAN_STATUS_INVALID_IE;
374 			break;
375 		case WPA_INVALID_GROUP:
376 			reason = WLAN_REASON_GROUP_CIPHER_NOT_VALID;
377 			status = WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
378 			break;
379 		case WPA_INVALID_PAIRWISE:
380 			reason = WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID;
381 			status = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
382 			break;
383 		case WPA_INVALID_AKMP:
384 			reason = WLAN_REASON_AKMP_NOT_VALID;
385 			status = WLAN_STATUS_AKMP_NOT_VALID;
386 			break;
387 		case WPA_NOT_ENABLED:
388 			reason = WLAN_REASON_INVALID_IE;
389 			status = WLAN_STATUS_INVALID_IE;
390 			break;
391 		case WPA_ALLOC_FAIL:
392 			reason = WLAN_REASON_UNSPECIFIED;
393 			status = WLAN_STATUS_UNSPECIFIED_FAILURE;
394 			break;
395 		case WPA_MGMT_FRAME_PROTECTION_VIOLATION:
396 			reason = WLAN_REASON_INVALID_IE;
397 			status = WLAN_STATUS_INVALID_IE;
398 			break;
399 		case WPA_INVALID_MGMT_GROUP_CIPHER:
400 			reason = WLAN_REASON_CIPHER_SUITE_REJECTED;
401 			status = WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
402 			break;
403 		case WPA_INVALID_MDIE:
404 			reason = WLAN_REASON_INVALID_MDE;
405 			status = WLAN_STATUS_INVALID_MDIE;
406 			break;
407 		case WPA_INVALID_PROTO:
408 			reason = WLAN_REASON_INVALID_IE;
409 			status = WLAN_STATUS_INVALID_IE;
410 			break;
411 		case WPA_INVALID_PMKID:
412 			reason = WLAN_REASON_INVALID_PMKID;
413 			status = WLAN_STATUS_INVALID_PMKID;
414 			break;
415 		case WPA_DENIED_OTHER_REASON:
416 			reason = WLAN_REASON_UNSPECIFIED;
417 			status = WLAN_STATUS_ASSOC_DENIED_UNSPEC;
418 			break;
419 		}
420 		if (status != WLAN_STATUS_SUCCESS) {
421 			wpa_printf(MSG_DEBUG,
422 				   "WPA/RSN information element rejected? (res %u)",
423 				   res);
424 			wpa_hexdump(MSG_DEBUG, "IE", ie, ielen);
425 			goto fail;
426 		}
427 
428 		if (check_sa_query_need(hapd, sta)) {
429 			status = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
430 
431 			p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
432 
433 			hostapd_sta_assoc(hapd, addr, reassoc, status, buf,
434 					  p - buf);
435 			return 0;
436 		}
437 
438 		if (wpa_auth_uses_mfp(sta->wpa_sm))
439 			sta->flags |= WLAN_STA_MFP;
440 		else
441 			sta->flags &= ~WLAN_STA_MFP;
442 
443 #ifdef CONFIG_IEEE80211R_AP
444 		if (sta->auth_alg == WLAN_AUTH_FT) {
445 			status = wpa_ft_validate_reassoc(sta->wpa_sm, req_ies,
446 							 req_ies_len);
447 			if (status != WLAN_STATUS_SUCCESS) {
448 				if (status == WLAN_STATUS_INVALID_PMKID)
449 					reason = WLAN_REASON_INVALID_IE;
450 				if (status == WLAN_STATUS_INVALID_MDIE)
451 					reason = WLAN_REASON_INVALID_IE;
452 				if (status == WLAN_STATUS_INVALID_FTIE)
453 					reason = WLAN_REASON_INVALID_IE;
454 				goto fail;
455 			}
456 		}
457 #endif /* CONFIG_IEEE80211R_AP */
458 #ifdef CONFIG_SAE
459 		if (hapd->conf->sae_pwe == 2 &&
460 		    sta->auth_alg == WLAN_AUTH_SAE &&
461 		    sta->sae && !sta->sae->h2e &&
462 		    ieee802_11_rsnx_capab_len(elems.rsnxe, elems.rsnxe_len,
463 					      WLAN_RSNX_CAPAB_SAE_H2E)) {
464 			wpa_printf(MSG_INFO, "SAE: " MACSTR
465 				   " indicates support for SAE H2E, but did not use it",
466 				   MAC2STR(sta->addr));
467 			status = WLAN_STATUS_UNSPECIFIED_FAILURE;
468 			reason = WLAN_REASON_UNSPECIFIED;
469 			goto fail;
470 		}
471 #endif /* CONFIG_SAE */
472 	} else if (hapd->conf->wps_state) {
473 #ifdef CONFIG_WPS
474 		struct wpabuf *wps;
475 
476 		if (req_ies)
477 			wps = ieee802_11_vendor_ie_concat(req_ies, req_ies_len,
478 							  WPS_IE_VENDOR_TYPE);
479 		else
480 			wps = NULL;
481 #ifdef CONFIG_WPS_STRICT
482 		if (wps && wps_validate_assoc_req(wps) < 0) {
483 			reason = WLAN_REASON_INVALID_IE;
484 			status = WLAN_STATUS_INVALID_IE;
485 			wpabuf_free(wps);
486 			goto fail;
487 		}
488 #endif /* CONFIG_WPS_STRICT */
489 		if (wps) {
490 			sta->flags |= WLAN_STA_WPS;
491 			if (wps_is_20(wps)) {
492 				wpa_printf(MSG_DEBUG,
493 					   "WPS: STA supports WPS 2.0");
494 				sta->flags |= WLAN_STA_WPS2;
495 			}
496 		} else
497 			sta->flags |= WLAN_STA_MAYBE_WPS;
498 		wpabuf_free(wps);
499 #endif /* CONFIG_WPS */
500 #ifdef CONFIG_HS20
501 	} else if (hapd->conf->osen) {
502 		if (elems.osen == NULL) {
503 			hostapd_logger(
504 				hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
505 				HOSTAPD_LEVEL_INFO,
506 				"No HS 2.0 OSEN element in association request");
507 			return WLAN_STATUS_INVALID_IE;
508 		}
509 
510 		wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
511 		if (sta->wpa_sm == NULL)
512 			sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
513 							sta->addr, NULL);
514 		if (sta->wpa_sm == NULL) {
515 			wpa_printf(MSG_WARNING,
516 				   "Failed to initialize WPA state machine");
517 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
518 		}
519 		if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
520 				      elems.osen - 2, elems.osen_len + 2) < 0)
521 			return WLAN_STATUS_INVALID_IE;
522 #endif /* CONFIG_HS20 */
523 	}
524 #ifdef CONFIG_WPS
525 skip_wpa_check:
526 #endif /* CONFIG_WPS */
527 
528 #ifdef CONFIG_MBO
529 	if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
530 	    elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
531 	    hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
532 		wpa_printf(MSG_INFO,
533 			   "MBO: Reject WPA2 association without PMF");
534 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
535 	}
536 #endif /* CONFIG_MBO */
537 
538 #ifdef CONFIG_IEEE80211R_AP
539 	p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, buf, sizeof(buf),
540 					sta->auth_alg, req_ies, req_ies_len,
541 					!elems.rsnxe);
542 	if (!p) {
543 		wpa_printf(MSG_DEBUG, "FT: Failed to write AssocResp IEs");
544 		return WLAN_STATUS_UNSPECIFIED_FAILURE;
545 	}
546 #endif /* CONFIG_IEEE80211R_AP */
547 
548 #ifdef CONFIG_FILS
549 	if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
550 	    sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
551 	    sta->auth_alg == WLAN_AUTH_FILS_PK) {
552 		int delay_assoc = 0;
553 
554 		if (!req_ies)
555 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
556 
557 		if (!wpa_fils_validate_fils_session(sta->wpa_sm, req_ies,
558 						    req_ies_len,
559 						    sta->fils_session)) {
560 			wpa_printf(MSG_DEBUG,
561 				   "FILS: Session validation failed");
562 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
563 		}
564 
565 		res = wpa_fils_validate_key_confirm(sta->wpa_sm, req_ies,
566 						    req_ies_len);
567 		if (res < 0) {
568 			wpa_printf(MSG_DEBUG,
569 				   "FILS: Key Confirm validation failed");
570 			return WLAN_STATUS_UNSPECIFIED_FAILURE;
571 		}
572 
573 		if (fils_process_hlp(hapd, sta, req_ies, req_ies_len) > 0) {
574 			wpa_printf(MSG_DEBUG,
575 				   "FILS: Delaying Assoc Response (HLP)");
576 			delay_assoc = 1;
577 		} else {
578 			wpa_printf(MSG_DEBUG,
579 				   "FILS: Going ahead with Assoc Response (no HLP)");
580 		}
581 
582 		if (sta) {
583 			wpa_printf(MSG_DEBUG, "FILS: HLP callback cleanup");
584 			eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
585 			os_free(sta->fils_pending_assoc_req);
586 			sta->fils_pending_assoc_req = NULL;
587 			sta->fils_pending_assoc_req_len = 0;
588 			wpabuf_free(sta->fils_hlp_resp);
589 			sta->fils_hlp_resp = NULL;
590 			sta->fils_drv_assoc_finish = 0;
591 		}
592 
593 		if (sta && delay_assoc && status == WLAN_STATUS_SUCCESS) {
594 			u8 *req_tmp;
595 
596 			req_tmp = os_malloc(req_ies_len);
597 			if (!req_tmp) {
598 				wpa_printf(MSG_DEBUG,
599 					   "FILS: buffer allocation failed for assoc req");
600 				goto fail;
601 			}
602 			os_memcpy(req_tmp, req_ies, req_ies_len);
603 			sta->fils_pending_assoc_req = req_tmp;
604 			sta->fils_pending_assoc_req_len = req_ies_len;
605 			sta->fils_pending_assoc_is_reassoc = reassoc;
606 			sta->fils_drv_assoc_finish = 1;
607 			wpa_printf(MSG_DEBUG,
608 				   "FILS: Waiting for HLP processing before sending (Re)Association Response frame to "
609 				   MACSTR, MAC2STR(sta->addr));
610 			eloop_register_timeout(
611 				0, hapd->conf->fils_hlp_wait_time * 1024,
612 				fils_hlp_timeout, hapd, sta);
613 			return 0;
614 		}
615 		p = hostapd_eid_assoc_fils_session(sta->wpa_sm, p,
616 						   elems.fils_session,
617 						   sta->fils_hlp_resp);
618 		wpa_hexdump(MSG_DEBUG, "FILS Assoc Resp BUF (IEs)",
619 			    buf, p - buf);
620 	}
621 #endif /* CONFIG_FILS */
622 
623 #ifdef CONFIG_OWE
624 	if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
625 	    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
626 	    elems.owe_dh) {
627 		u8 *npos;
628 		u16 ret_status;
629 
630 		npos = owe_assoc_req_process(hapd, sta,
631 					     elems.owe_dh, elems.owe_dh_len,
632 					     p, sizeof(buf) - (p - buf),
633 					     &ret_status);
634 		status = ret_status;
635 		if (npos)
636 			p = npos;
637 
638 		if (!npos &&
639 		    status == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
640 			hostapd_sta_assoc(hapd, addr, reassoc, ret_status, buf,
641 					  p - buf);
642 			return 0;
643 		}
644 
645 		if (!npos || status != WLAN_STATUS_SUCCESS)
646 			goto fail;
647 	}
648 #endif /* CONFIG_OWE */
649 
650 #ifdef CONFIG_DPP2
651 		dpp_pfs_free(sta->dpp_pfs);
652 		sta->dpp_pfs = NULL;
653 
654 		if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
655 		    hapd->conf->dpp_netaccesskey && sta->wpa_sm &&
656 		    wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_DPP &&
657 		    elems.owe_dh) {
658 			sta->dpp_pfs = dpp_pfs_init(
659 				wpabuf_head(hapd->conf->dpp_netaccesskey),
660 				wpabuf_len(hapd->conf->dpp_netaccesskey));
661 			if (!sta->dpp_pfs) {
662 				wpa_printf(MSG_DEBUG,
663 					   "DPP: Could not initialize PFS");
664 				/* Try to continue without PFS */
665 				goto pfs_fail;
666 			}
667 
668 			if (dpp_pfs_process(sta->dpp_pfs, elems.owe_dh,
669 					    elems.owe_dh_len) < 0) {
670 				dpp_pfs_free(sta->dpp_pfs);
671 				sta->dpp_pfs = NULL;
672 				reason = WLAN_REASON_UNSPECIFIED;
673 				goto fail;
674 			}
675 		}
676 
677 		wpa_auth_set_dpp_z(sta->wpa_sm, sta->dpp_pfs ?
678 				   sta->dpp_pfs->secret : NULL);
679 	pfs_fail:
680 #endif /* CONFIG_DPP2 */
681 
682 	if (elems.rrm_enabled &&
683 	    elems.rrm_enabled_len >= sizeof(sta->rrm_enabled_capa))
684 	    os_memcpy(sta->rrm_enabled_capa, elems.rrm_enabled,
685 		      sizeof(sta->rrm_enabled_capa));
686 
687 #if defined(CONFIG_IEEE80211R_AP) || defined(CONFIG_FILS) || defined(CONFIG_OWE)
688 	hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
689 
690 	if (sta->auth_alg == WLAN_AUTH_FT ||
691 	    sta->auth_alg == WLAN_AUTH_FILS_SK ||
692 	    sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
693 	    sta->auth_alg == WLAN_AUTH_FILS_PK)
694 		ap_sta_set_authorized(hapd, sta, 1);
695 #else /* CONFIG_IEEE80211R_AP || CONFIG_FILS */
696 	/* Keep compiler silent about unused variables */
697 	if (status) {
698 	}
699 #endif /* CONFIG_IEEE80211R_AP || CONFIG_FILS */
700 
701 	new_assoc = (sta->flags & WLAN_STA_ASSOC) == 0;
702 	sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC;
703 	sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
704 
705 	hostapd_set_sta_flags(hapd, sta);
706 
707 	if (reassoc && (sta->auth_alg == WLAN_AUTH_FT))
708 		wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
709 #ifdef CONFIG_FILS
710 	else if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
711 		 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
712 		 sta->auth_alg == WLAN_AUTH_FILS_PK)
713 		wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FILS);
714 #endif /* CONFIG_FILS */
715 	else
716 		wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
717 
718 	hostapd_new_assoc_sta(hapd, sta, !new_assoc);
719 
720 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
721 
722 #ifdef CONFIG_P2P
723 	if (req_ies) {
724 		p2p_group_notif_assoc(hapd->p2p_group, sta->addr,
725 				      req_ies, req_ies_len);
726 	}
727 #endif /* CONFIG_P2P */
728 
729 	return 0;
730 
731 fail:
732 #ifdef CONFIG_IEEE80211R_AP
733 	if (status >= 0)
734 		hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf);
735 #endif /* CONFIG_IEEE80211R_AP */
736 	hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
737 	ap_free_sta(hapd, sta);
738 	return -1;
739 }
740 
741 
742 void hostapd_notif_disassoc(struct hostapd_data *hapd, const u8 *addr)
743 {
744 	struct sta_info *sta;
745 
746 	if (addr == NULL) {
747 		/*
748 		 * This could potentially happen with unexpected event from the
749 		 * driver wrapper. This was seen at least in one case where the
750 		 * driver ended up reporting a station mode event while hostapd
751 		 * was running, so better make sure we stop processing such an
752 		 * event here.
753 		 */
754 		wpa_printf(MSG_DEBUG,
755 			   "hostapd_notif_disassoc: Skip event with no address");
756 		return;
757 	}
758 
759 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
760 		       HOSTAPD_LEVEL_INFO, "disassociated");
761 
762 	sta = ap_get_sta(hapd, addr);
763 	if (sta == NULL) {
764 		wpa_printf(MSG_DEBUG,
765 			   "Disassociation notification for unknown STA "
766 			   MACSTR, MAC2STR(addr));
767 		return;
768 	}
769 
770 	ap_sta_set_authorized(hapd, sta, 0);
771 	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
772 	hostapd_set_sta_flags(hapd, sta);
773 	wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
774 	sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
775 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
776 	ap_free_sta(hapd, sta);
777 }
778 
779 
780 void hostapd_event_sta_low_ack(struct hostapd_data *hapd, const u8 *addr)
781 {
782 	struct sta_info *sta = ap_get_sta(hapd, addr);
783 
784 	if (!sta || !hapd->conf->disassoc_low_ack || sta->agreed_to_steer)
785 		return;
786 
787 	hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
788 		       HOSTAPD_LEVEL_INFO,
789 		       "disconnected due to excessive missing ACKs");
790 	hostapd_drv_sta_disassoc(hapd, addr, WLAN_REASON_DISASSOC_LOW_ACK);
791 	ap_sta_disassociate(hapd, sta, WLAN_REASON_DISASSOC_LOW_ACK);
792 }
793 
794 
795 void hostapd_event_sta_opmode_changed(struct hostapd_data *hapd, const u8 *addr,
796 				      enum smps_mode smps_mode,
797 				      enum chan_width chan_width, u8 rx_nss)
798 {
799 	struct sta_info *sta = ap_get_sta(hapd, addr);
800 	const char *txt;
801 
802 	if (!sta)
803 		return;
804 
805 	switch (smps_mode) {
806 	case SMPS_AUTOMATIC:
807 		txt = "automatic";
808 		break;
809 	case SMPS_OFF:
810 		txt = "off";
811 		break;
812 	case SMPS_DYNAMIC:
813 		txt = "dynamic";
814 		break;
815 	case SMPS_STATIC:
816 		txt = "static";
817 		break;
818 	default:
819 		txt = NULL;
820 		break;
821 	}
822 	if (txt) {
823 		wpa_msg(hapd->msg_ctx, MSG_INFO, STA_OPMODE_SMPS_MODE_CHANGED
824 			MACSTR " %s", MAC2STR(addr), txt);
825 	}
826 
827 	switch (chan_width) {
828 	case CHAN_WIDTH_20_NOHT:
829 		txt = "20(no-HT)";
830 		break;
831 	case CHAN_WIDTH_20:
832 		txt = "20";
833 		break;
834 	case CHAN_WIDTH_40:
835 		txt = "40";
836 		break;
837 	case CHAN_WIDTH_80:
838 		txt = "80";
839 		break;
840 	case CHAN_WIDTH_80P80:
841 		txt = "80+80";
842 		break;
843 	case CHAN_WIDTH_160:
844 		txt = "160";
845 		break;
846 	default:
847 		txt = NULL;
848 		break;
849 	}
850 	if (txt) {
851 		wpa_msg(hapd->msg_ctx, MSG_INFO, STA_OPMODE_MAX_BW_CHANGED
852 			MACSTR " %s", MAC2STR(addr), txt);
853 	}
854 
855 	if (rx_nss != 0xff) {
856 		wpa_msg(hapd->msg_ctx, MSG_INFO, STA_OPMODE_N_SS_CHANGED
857 			MACSTR " %d", MAC2STR(addr), rx_nss);
858 	}
859 }
860 
861 
862 void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht,
863 			     int offset, int width, int cf1, int cf2,
864 			     int finished)
865 {
866 #ifdef NEED_AP_MLME
867 	int channel, chwidth, is_dfs;
868 	u8 seg0_idx = 0, seg1_idx = 0;
869 	size_t i;
870 
871 	hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
872 		       HOSTAPD_LEVEL_INFO,
873 		       "driver %s channel switch: freq=%d, ht=%d, vht_ch=0x%x, he_ch=0x%x, offset=%d, width=%d (%s), cf1=%d, cf2=%d",
874 		       finished ? "had" : "starting",
875 		       freq, ht, hapd->iconf->ch_switch_vht_config,
876 		       hapd->iconf->ch_switch_he_config, offset,
877 		       width, channel_width_to_string(width), cf1, cf2);
878 
879 	if (!hapd->iface->current_mode) {
880 		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
881 			       HOSTAPD_LEVEL_WARNING,
882 			       "ignore channel switch since the interface is not yet ready");
883 		return;
884 	}
885 
886 	hapd->iface->freq = freq;
887 
888 	channel = hostapd_hw_get_channel(hapd, freq);
889 	if (!channel) {
890 		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
891 			       HOSTAPD_LEVEL_WARNING,
892 			       "driver switched to bad channel!");
893 		return;
894 	}
895 
896 	switch (width) {
897 	case CHAN_WIDTH_80:
898 		chwidth = CHANWIDTH_80MHZ;
899 		break;
900 	case CHAN_WIDTH_80P80:
901 		chwidth = CHANWIDTH_80P80MHZ;
902 		break;
903 	case CHAN_WIDTH_160:
904 		chwidth = CHANWIDTH_160MHZ;
905 		break;
906 	case CHAN_WIDTH_20_NOHT:
907 	case CHAN_WIDTH_20:
908 	case CHAN_WIDTH_40:
909 	default:
910 		chwidth = CHANWIDTH_USE_HT;
911 		break;
912 	}
913 
914 	switch (hapd->iface->current_mode->mode) {
915 	case HOSTAPD_MODE_IEEE80211A:
916 		if (cf1 == 5935)
917 			seg0_idx = (cf1 - 5925) / 5;
918 		else if (cf1 > 5950)
919 			seg0_idx = (cf1 - 5950) / 5;
920 		else if (cf1 > 5000)
921 			seg0_idx = (cf1 - 5000) / 5;
922 
923 		if (cf2 == 5935)
924 			seg1_idx = (cf2 - 5925) / 5;
925 		else if (cf2 > 5950)
926 			seg1_idx = (cf2 - 5950) / 5;
927 		else if (cf2 > 5000)
928 			seg1_idx = (cf2 - 5000) / 5;
929 		break;
930 	default:
931 		ieee80211_freq_to_chan(cf1, &seg0_idx);
932 		ieee80211_freq_to_chan(cf2, &seg1_idx);
933 		break;
934 	}
935 
936 	hapd->iconf->channel = channel;
937 	hapd->iconf->ieee80211n = ht;
938 	if (!ht) {
939 		hapd->iconf->ieee80211ac = 0;
940 	} else if (hapd->iconf->ch_switch_vht_config) {
941 		/* CHAN_SWITCH VHT config */
942 		if (hapd->iconf->ch_switch_vht_config &
943 		    CH_SWITCH_VHT_ENABLED)
944 			hapd->iconf->ieee80211ac = 1;
945 		else if (hapd->iconf->ch_switch_vht_config &
946 			 CH_SWITCH_VHT_DISABLED)
947 			hapd->iconf->ieee80211ac = 0;
948 	} else if (hapd->iconf->ch_switch_he_config) {
949 		/* CHAN_SWITCH HE config */
950 		if (hapd->iconf->ch_switch_he_config &
951 		    CH_SWITCH_HE_ENABLED)
952 			hapd->iconf->ieee80211ax = 1;
953 		else if (hapd->iconf->ch_switch_he_config &
954 			 CH_SWITCH_HE_DISABLED)
955 			hapd->iconf->ieee80211ax = 0;
956 	}
957 	hapd->iconf->ch_switch_vht_config = 0;
958 	hapd->iconf->ch_switch_he_config = 0;
959 
960 	hapd->iconf->secondary_channel = offset;
961 	hostapd_set_oper_chwidth(hapd->iconf, chwidth);
962 	hostapd_set_oper_centr_freq_seg0_idx(hapd->iconf, seg0_idx);
963 	hostapd_set_oper_centr_freq_seg1_idx(hapd->iconf, seg1_idx);
964 	if (hapd->iconf->ieee80211ac) {
965 		hapd->iconf->vht_capab &= ~VHT_CAP_SUPP_CHAN_WIDTH_MASK;
966 		if (chwidth == CHANWIDTH_160MHZ)
967 			hapd->iconf->vht_capab |=
968 				VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
969 		else if (chwidth == CHANWIDTH_80P80MHZ)
970 			hapd->iconf->vht_capab |=
971 				VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
972 	}
973 
974 	is_dfs = ieee80211_is_dfs(freq, hapd->iface->hw_features,
975 				  hapd->iface->num_hw_features);
976 
977 	wpa_msg(hapd->msg_ctx, MSG_INFO,
978 		"%sfreq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d dfs=%d",
979 		finished ? WPA_EVENT_CHANNEL_SWITCH :
980 		WPA_EVENT_CHANNEL_SWITCH_STARTED,
981 		freq, ht, offset, channel_width_to_string(width),
982 		cf1, cf2, is_dfs);
983 	if (!finished)
984 		return;
985 
986 	if (hapd->csa_in_progress &&
987 	    freq == hapd->cs_freq_params.freq) {
988 		hostapd_cleanup_cs_params(hapd);
989 		ieee802_11_set_beacon(hapd);
990 
991 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_CSA_FINISHED
992 			"freq=%d dfs=%d", freq, is_dfs);
993 	} else if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD) {
994 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_CSA_FINISHED
995 			"freq=%d dfs=%d", freq, is_dfs);
996 	} else if (is_dfs &&
997 		   hostapd_is_dfs_required(hapd->iface) &&
998 		   !hostapd_is_dfs_chan_available(hapd->iface) &&
999 		   !hapd->iface->cac_started) {
1000 		hostapd_disable_iface(hapd->iface);
1001 		hostapd_enable_iface(hapd->iface);
1002 	}
1003 
1004 	for (i = 0; i < hapd->iface->num_bss; i++)
1005 		hostapd_neighbor_set_own_report(hapd->iface->bss[i]);
1006 
1007 #ifdef CONFIG_OCV
1008 	if (hapd->conf->ocv) {
1009 		struct sta_info *sta;
1010 		bool check_sa_query = false;
1011 
1012 		for (sta = hapd->sta_list; sta; sta = sta->next) {
1013 			if (wpa_auth_uses_ocv(sta->wpa_sm) &&
1014 			    !(sta->flags & WLAN_STA_WNM_SLEEP_MODE)) {
1015 				sta->post_csa_sa_query = 1;
1016 				check_sa_query = true;
1017 			}
1018 		}
1019 
1020 		if (check_sa_query) {
1021 			wpa_printf(MSG_DEBUG,
1022 				   "OCV: Check post-CSA SA Query initiation in 15 seconds");
1023 			eloop_register_timeout(15, 0,
1024 					       hostapd_ocv_check_csa_sa_query,
1025 					       hapd, NULL);
1026 		}
1027 	}
1028 #endif /* CONFIG_OCV */
1029 #endif /* NEED_AP_MLME */
1030 }
1031 
1032 
1033 void hostapd_event_connect_failed_reason(struct hostapd_data *hapd,
1034 					 const u8 *addr, int reason_code)
1035 {
1036 	switch (reason_code) {
1037 	case MAX_CLIENT_REACHED:
1038 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_REJECTED_MAX_STA MACSTR,
1039 			MAC2STR(addr));
1040 		break;
1041 	case BLOCKED_CLIENT:
1042 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_REJECTED_BLOCKED_STA MACSTR,
1043 			MAC2STR(addr));
1044 		break;
1045 	}
1046 }
1047 
1048 
1049 #ifdef CONFIG_ACS
1050 void hostapd_acs_channel_selected(struct hostapd_data *hapd,
1051 				  struct acs_selected_channels *acs_res)
1052 {
1053 	int ret, i;
1054 	int err = 0;
1055 	struct hostapd_channel_data *pri_chan;
1056 
1057 	if (hapd->iconf->channel) {
1058 		wpa_printf(MSG_INFO, "ACS: Channel was already set to %d",
1059 			   hapd->iconf->channel);
1060 		return;
1061 	}
1062 
1063 	hapd->iface->freq = acs_res->pri_freq;
1064 
1065 	if (!hapd->iface->current_mode) {
1066 		for (i = 0; i < hapd->iface->num_hw_features; i++) {
1067 			struct hostapd_hw_modes *mode =
1068 				&hapd->iface->hw_features[i];
1069 
1070 			if (mode->mode == acs_res->hw_mode) {
1071 				if (hapd->iface->freq > 0 &&
1072 				    !hw_get_chan(mode->mode,
1073 						 hapd->iface->freq,
1074 						 hapd->iface->hw_features,
1075 						 hapd->iface->num_hw_features))
1076 					continue;
1077 				hapd->iface->current_mode = mode;
1078 				break;
1079 			}
1080 		}
1081 		if (!hapd->iface->current_mode) {
1082 			hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
1083 				       HOSTAPD_LEVEL_WARNING,
1084 				       "driver selected to bad hw_mode");
1085 			err = 1;
1086 			goto out;
1087 		}
1088 	}
1089 
1090 	if (!acs_res->pri_freq) {
1091 		hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
1092 			       HOSTAPD_LEVEL_WARNING,
1093 			       "driver switched to bad channel");
1094 		err = 1;
1095 		goto out;
1096 	}
1097 	pri_chan = hw_get_channel_freq(hapd->iface->current_mode->mode,
1098 				       acs_res->pri_freq, NULL,
1099 				       hapd->iface->hw_features,
1100 				       hapd->iface->num_hw_features);
1101 	if (!pri_chan) {
1102 		wpa_printf(MSG_ERROR,
1103 			   "ACS: Could not determine primary channel number from pri_freq %u",
1104 			   acs_res->pri_freq);
1105 		err = 1;
1106 		goto out;
1107 	}
1108 
1109 	hapd->iconf->channel = pri_chan->chan;
1110 	hapd->iconf->acs = 1;
1111 
1112 	if (acs_res->sec_freq == 0)
1113 		hapd->iconf->secondary_channel = 0;
1114 	else if (acs_res->sec_freq < acs_res->pri_freq)
1115 		hapd->iconf->secondary_channel = -1;
1116 	else if (acs_res->sec_freq > acs_res->pri_freq)
1117 		hapd->iconf->secondary_channel = 1;
1118 	else {
1119 		wpa_printf(MSG_ERROR, "Invalid secondary channel!");
1120 		err = 1;
1121 		goto out;
1122 	}
1123 
1124 	hapd->iconf->edmg_channel = acs_res->edmg_channel;
1125 
1126 	if (hapd->iface->conf->ieee80211ac || hapd->iface->conf->ieee80211ax) {
1127 		/* set defaults for backwards compatibility */
1128 		hostapd_set_oper_centr_freq_seg1_idx(hapd->iconf, 0);
1129 		hostapd_set_oper_centr_freq_seg0_idx(hapd->iconf, 0);
1130 		hostapd_set_oper_chwidth(hapd->iconf, CHANWIDTH_USE_HT);
1131 		if (acs_res->ch_width == 40) {
1132 			if (is_6ghz_freq(acs_res->pri_freq))
1133 				hostapd_set_oper_centr_freq_seg0_idx(
1134 					hapd->iconf,
1135 					acs_res->vht_seg0_center_ch);
1136 		} else if (acs_res->ch_width == 80) {
1137 			hostapd_set_oper_centr_freq_seg0_idx(
1138 				hapd->iconf, acs_res->vht_seg0_center_ch);
1139 			if (acs_res->vht_seg1_center_ch == 0) {
1140 				hostapd_set_oper_chwidth(hapd->iconf,
1141 							 CHANWIDTH_80MHZ);
1142 			} else {
1143 				hostapd_set_oper_chwidth(hapd->iconf,
1144 							 CHANWIDTH_80P80MHZ);
1145 				hostapd_set_oper_centr_freq_seg1_idx(
1146 					hapd->iconf,
1147 					acs_res->vht_seg1_center_ch);
1148 			}
1149 		} else if (acs_res->ch_width == 160) {
1150 			hostapd_set_oper_chwidth(hapd->iconf, CHANWIDTH_160MHZ);
1151 			hostapd_set_oper_centr_freq_seg0_idx(
1152 				hapd->iconf, acs_res->vht_seg1_center_ch);
1153 		}
1154 	}
1155 
1156 out:
1157 	ret = hostapd_acs_completed(hapd->iface, err);
1158 	if (ret) {
1159 		wpa_printf(MSG_ERROR,
1160 			   "ACS: Possibly channel configuration is invalid");
1161 	}
1162 }
1163 #endif /* CONFIG_ACS */
1164 
1165 
1166 int hostapd_probe_req_rx(struct hostapd_data *hapd, const u8 *sa, const u8 *da,
1167 			 const u8 *bssid, const u8 *ie, size_t ie_len,
1168 			 int ssi_signal)
1169 {
1170 	size_t i;
1171 	int ret = 0;
1172 
1173 	if (sa == NULL || ie == NULL)
1174 		return -1;
1175 
1176 	random_add_randomness(sa, ETH_ALEN);
1177 	for (i = 0; hapd->probereq_cb && i < hapd->num_probereq_cb; i++) {
1178 		if (hapd->probereq_cb[i].cb(hapd->probereq_cb[i].ctx,
1179 					    sa, da, bssid, ie, ie_len,
1180 					    ssi_signal) > 0) {
1181 			ret = 1;
1182 			break;
1183 		}
1184 	}
1185 	return ret;
1186 }
1187 
1188 
1189 #ifdef HOSTAPD
1190 
1191 #ifdef CONFIG_IEEE80211R_AP
1192 static void hostapd_notify_auth_ft_finish(void *ctx, const u8 *dst,
1193 					  const u8 *bssid,
1194 					  u16 auth_transaction, u16 status,
1195 					  const u8 *ies, size_t ies_len)
1196 {
1197 	struct hostapd_data *hapd = ctx;
1198 	struct sta_info *sta;
1199 
1200 	sta = ap_get_sta(hapd, dst);
1201 	if (sta == NULL)
1202 		return;
1203 
1204 	hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
1205 		       HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
1206 	sta->flags |= WLAN_STA_AUTH;
1207 
1208 	hostapd_sta_auth(hapd, dst, auth_transaction, status, ies, ies_len);
1209 }
1210 #endif /* CONFIG_IEEE80211R_AP */
1211 
1212 
1213 #ifdef CONFIG_FILS
1214 static void hostapd_notify_auth_fils_finish(struct hostapd_data *hapd,
1215 					    struct sta_info *sta, u16 resp,
1216 					    struct wpabuf *data, int pub)
1217 {
1218 	if (resp == WLAN_STATUS_SUCCESS) {
1219 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1220 			       HOSTAPD_LEVEL_DEBUG, "authentication OK (FILS)");
1221 		sta->flags |= WLAN_STA_AUTH;
1222 		wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1223 		sta->auth_alg = WLAN_AUTH_FILS_SK;
1224 		mlme_authenticate_indication(hapd, sta);
1225 	} else {
1226 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1227 			       HOSTAPD_LEVEL_DEBUG,
1228 			       "authentication failed (FILS)");
1229 	}
1230 
1231 	hostapd_sta_auth(hapd, sta->addr, 2, resp,
1232 			 data ? wpabuf_head(data) : NULL,
1233 			 data ? wpabuf_len(data) : 0);
1234 	wpabuf_free(data);
1235 }
1236 #endif /* CONFIG_FILS */
1237 
1238 
1239 static void hostapd_notif_auth(struct hostapd_data *hapd,
1240 			       struct auth_info *rx_auth)
1241 {
1242 	struct sta_info *sta;
1243 	u16 status = WLAN_STATUS_SUCCESS;
1244 	u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
1245 	size_t resp_ies_len = 0;
1246 
1247 	sta = ap_get_sta(hapd, rx_auth->peer);
1248 	if (!sta) {
1249 		sta = ap_sta_add(hapd, rx_auth->peer);
1250 		if (sta == NULL) {
1251 			status = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1252 			goto fail;
1253 		}
1254 	}
1255 	sta->flags &= ~WLAN_STA_PREAUTH;
1256 	ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
1257 #ifdef CONFIG_IEEE80211R_AP
1258 	if (rx_auth->auth_type == WLAN_AUTH_FT && hapd->wpa_auth) {
1259 		sta->auth_alg = WLAN_AUTH_FT;
1260 		if (sta->wpa_sm == NULL)
1261 			sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
1262 							sta->addr, NULL);
1263 		if (sta->wpa_sm == NULL) {
1264 			wpa_printf(MSG_DEBUG,
1265 				   "FT: Failed to initialize WPA state machine");
1266 			status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1267 			goto fail;
1268 		}
1269 		wpa_ft_process_auth(sta->wpa_sm, rx_auth->bssid,
1270 				    rx_auth->auth_transaction, rx_auth->ies,
1271 				    rx_auth->ies_len,
1272 				    hostapd_notify_auth_ft_finish, hapd);
1273 		return;
1274 	}
1275 #endif /* CONFIG_IEEE80211R_AP */
1276 
1277 #ifdef CONFIG_FILS
1278 	if (rx_auth->auth_type == WLAN_AUTH_FILS_SK) {
1279 		sta->auth_alg = WLAN_AUTH_FILS_SK;
1280 		handle_auth_fils(hapd, sta, rx_auth->ies, rx_auth->ies_len,
1281 				 rx_auth->auth_type, rx_auth->auth_transaction,
1282 				 rx_auth->status_code,
1283 				 hostapd_notify_auth_fils_finish);
1284 		return;
1285 	}
1286 #endif /* CONFIG_FILS */
1287 
1288 fail:
1289 	hostapd_sta_auth(hapd, rx_auth->peer, rx_auth->auth_transaction + 1,
1290 			 status, resp_ies, resp_ies_len);
1291 }
1292 
1293 
1294 #ifndef NEED_AP_MLME
1295 static void hostapd_action_rx(struct hostapd_data *hapd,
1296 			      struct rx_mgmt *drv_mgmt)
1297 {
1298 	struct ieee80211_mgmt *mgmt;
1299 	struct sta_info *sta;
1300 	size_t plen __maybe_unused;
1301 	u16 fc;
1302 	u8 *action __maybe_unused;
1303 
1304 	if (drv_mgmt->frame_len < IEEE80211_HDRLEN + 2 + 1)
1305 		return;
1306 
1307 	plen = drv_mgmt->frame_len - IEEE80211_HDRLEN;
1308 
1309 	mgmt = (struct ieee80211_mgmt *) drv_mgmt->frame;
1310 	fc = le_to_host16(mgmt->frame_control);
1311 	if (WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION)
1312 		return; /* handled by the driver */
1313 
1314 	action = (u8 *) &mgmt->u.action.u;
1315 	wpa_printf(MSG_DEBUG, "RX_ACTION category %u action %u sa " MACSTR
1316 		   " da " MACSTR " plen %d",
1317 		   mgmt->u.action.category, *action,
1318 		   MAC2STR(mgmt->sa), MAC2STR(mgmt->da), (int) plen);
1319 
1320 	sta = ap_get_sta(hapd, mgmt->sa);
1321 	if (sta == NULL) {
1322 		wpa_printf(MSG_DEBUG, "%s: station not found", __func__);
1323 		return;
1324 	}
1325 #ifdef CONFIG_IEEE80211R_AP
1326 	if (mgmt->u.action.category == WLAN_ACTION_FT) {
1327 		wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, plen);
1328 		return;
1329 	}
1330 #endif /* CONFIG_IEEE80211R_AP */
1331 	if (mgmt->u.action.category == WLAN_ACTION_SA_QUERY) {
1332 		ieee802_11_sa_query_action(hapd, mgmt, drv_mgmt->frame_len);
1333 		return;
1334 	}
1335 #ifdef CONFIG_WNM_AP
1336 	if (mgmt->u.action.category == WLAN_ACTION_WNM) {
1337 		ieee802_11_rx_wnm_action_ap(hapd, mgmt, drv_mgmt->frame_len);
1338 		return;
1339 	}
1340 #endif /* CONFIG_WNM_AP */
1341 #ifdef CONFIG_FST
1342 	if (mgmt->u.action.category == WLAN_ACTION_FST && hapd->iface->fst) {
1343 		fst_rx_action(hapd->iface->fst, mgmt, drv_mgmt->frame_len);
1344 		return;
1345 	}
1346 #endif /* CONFIG_FST */
1347 #ifdef CONFIG_DPP
1348 	if (plen >= 2 + 4 &&
1349 	    mgmt->u.action.u.vs_public_action.action ==
1350 	    WLAN_PA_VENDOR_SPECIFIC &&
1351 	    WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
1352 	    OUI_WFA &&
1353 	    mgmt->u.action.u.vs_public_action.variable[0] ==
1354 	    DPP_OUI_TYPE) {
1355 		const u8 *pos, *end;
1356 
1357 		pos = mgmt->u.action.u.vs_public_action.oui;
1358 		end = drv_mgmt->frame + drv_mgmt->frame_len;
1359 		hostapd_dpp_rx_action(hapd, mgmt->sa, pos, end - pos,
1360 				      drv_mgmt->freq);
1361 		return;
1362 	}
1363 #endif /* CONFIG_DPP */
1364 }
1365 #endif /* NEED_AP_MLME */
1366 
1367 
1368 #ifdef NEED_AP_MLME
1369 
1370 #define HAPD_BROADCAST ((struct hostapd_data *) -1)
1371 
1372 static struct hostapd_data * get_hapd_bssid(struct hostapd_iface *iface,
1373 					    const u8 *bssid)
1374 {
1375 	size_t i;
1376 
1377 	if (bssid == NULL)
1378 		return NULL;
1379 	if (bssid[0] == 0xff && bssid[1] == 0xff && bssid[2] == 0xff &&
1380 	    bssid[3] == 0xff && bssid[4] == 0xff && bssid[5] == 0xff)
1381 		return HAPD_BROADCAST;
1382 
1383 	for (i = 0; i < iface->num_bss; i++) {
1384 		if (os_memcmp(bssid, iface->bss[i]->own_addr, ETH_ALEN) == 0)
1385 			return iface->bss[i];
1386 	}
1387 
1388 	return NULL;
1389 }
1390 
1391 
1392 static void hostapd_rx_from_unknown_sta(struct hostapd_data *hapd,
1393 					const u8 *bssid, const u8 *addr,
1394 					int wds)
1395 {
1396 	hapd = get_hapd_bssid(hapd->iface, bssid);
1397 	if (hapd == NULL || hapd == HAPD_BROADCAST)
1398 		return;
1399 
1400 	ieee802_11_rx_from_unknown(hapd, addr, wds);
1401 }
1402 
1403 
1404 static int hostapd_mgmt_rx(struct hostapd_data *hapd, struct rx_mgmt *rx_mgmt)
1405 {
1406 	struct hostapd_iface *iface = hapd->iface;
1407 	const struct ieee80211_hdr *hdr;
1408 	const u8 *bssid;
1409 	struct hostapd_frame_info fi;
1410 	int ret;
1411 
1412 #ifdef CONFIG_TESTING_OPTIONS
1413 	if (hapd->ext_mgmt_frame_handling) {
1414 		size_t hex_len = 2 * rx_mgmt->frame_len + 1;
1415 		char *hex = os_malloc(hex_len);
1416 
1417 		if (hex) {
1418 			wpa_snprintf_hex(hex, hex_len, rx_mgmt->frame,
1419 					 rx_mgmt->frame_len);
1420 			wpa_msg(hapd->msg_ctx, MSG_INFO, "MGMT-RX %s", hex);
1421 			os_free(hex);
1422 		}
1423 		return 1;
1424 	}
1425 #endif /* CONFIG_TESTING_OPTIONS */
1426 
1427 	hdr = (const struct ieee80211_hdr *) rx_mgmt->frame;
1428 	bssid = get_hdr_bssid(hdr, rx_mgmt->frame_len);
1429 	if (bssid == NULL)
1430 		return 0;
1431 
1432 	hapd = get_hapd_bssid(iface, bssid);
1433 	if (hapd == NULL) {
1434 		u16 fc = le_to_host16(hdr->frame_control);
1435 
1436 		/*
1437 		 * Drop frames to unknown BSSIDs except for Beacon frames which
1438 		 * could be used to update neighbor information.
1439 		 */
1440 		if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
1441 		    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON)
1442 			hapd = iface->bss[0];
1443 		else
1444 			return 0;
1445 	}
1446 
1447 	os_memset(&fi, 0, sizeof(fi));
1448 	fi.freq = rx_mgmt->freq;
1449 	fi.datarate = rx_mgmt->datarate;
1450 	fi.ssi_signal = rx_mgmt->ssi_signal;
1451 
1452 	if (hapd == HAPD_BROADCAST) {
1453 		size_t i;
1454 
1455 		ret = 0;
1456 		for (i = 0; i < iface->num_bss; i++) {
1457 			/* if bss is set, driver will call this function for
1458 			 * each bss individually. */
1459 			if (rx_mgmt->drv_priv &&
1460 			    (iface->bss[i]->drv_priv != rx_mgmt->drv_priv))
1461 				continue;
1462 
1463 			if (ieee802_11_mgmt(iface->bss[i], rx_mgmt->frame,
1464 					    rx_mgmt->frame_len, &fi) > 0)
1465 				ret = 1;
1466 		}
1467 	} else
1468 		ret = ieee802_11_mgmt(hapd, rx_mgmt->frame, rx_mgmt->frame_len,
1469 				      &fi);
1470 
1471 	random_add_randomness(&fi, sizeof(fi));
1472 
1473 	return ret;
1474 }
1475 
1476 
1477 static void hostapd_mgmt_tx_cb(struct hostapd_data *hapd, const u8 *buf,
1478 			       size_t len, u16 stype, int ok)
1479 {
1480 	struct ieee80211_hdr *hdr;
1481 	struct hostapd_data *orig_hapd = hapd;
1482 
1483 	hdr = (struct ieee80211_hdr *) buf;
1484 	hapd = get_hapd_bssid(hapd->iface, get_hdr_bssid(hdr, len));
1485 	if (!hapd)
1486 		return;
1487 	if (hapd == HAPD_BROADCAST) {
1488 		if (stype != WLAN_FC_STYPE_ACTION || len <= 25 ||
1489 		    buf[24] != WLAN_ACTION_PUBLIC)
1490 			return;
1491 		hapd = get_hapd_bssid(orig_hapd->iface, hdr->addr2);
1492 		if (!hapd || hapd == HAPD_BROADCAST)
1493 			return;
1494 		/*
1495 		 * Allow processing of TX status for a Public Action frame that
1496 		 * used wildcard BBSID.
1497 		 */
1498 	}
1499 	ieee802_11_mgmt_cb(hapd, buf, len, stype, ok);
1500 }
1501 
1502 #endif /* NEED_AP_MLME */
1503 
1504 
1505 static int hostapd_event_new_sta(struct hostapd_data *hapd, const u8 *addr)
1506 {
1507 	struct sta_info *sta = ap_get_sta(hapd, addr);
1508 
1509 	if (sta)
1510 		return 0;
1511 
1512 	wpa_printf(MSG_DEBUG, "Data frame from unknown STA " MACSTR
1513 		   " - adding a new STA", MAC2STR(addr));
1514 	sta = ap_sta_add(hapd, addr);
1515 	if (sta) {
1516 		hostapd_new_assoc_sta(hapd, sta, 0);
1517 	} else {
1518 		wpa_printf(MSG_DEBUG, "Failed to add STA entry for " MACSTR,
1519 			   MAC2STR(addr));
1520 		return -1;
1521 	}
1522 
1523 	return 0;
1524 }
1525 
1526 
1527 static void hostapd_event_eapol_rx(struct hostapd_data *hapd, const u8 *src,
1528 				   const u8 *data, size_t data_len)
1529 {
1530 	struct hostapd_iface *iface = hapd->iface;
1531 	struct sta_info *sta;
1532 	size_t j;
1533 
1534 	for (j = 0; j < iface->num_bss; j++) {
1535 		sta = ap_get_sta(iface->bss[j], src);
1536 		if (sta && sta->flags & WLAN_STA_ASSOC) {
1537 			hapd = iface->bss[j];
1538 			break;
1539 		}
1540 	}
1541 
1542 	ieee802_1x_receive(hapd, src, data, data_len);
1543 }
1544 
1545 #endif /* HOSTAPD */
1546 
1547 
1548 static struct hostapd_channel_data *
1549 hostapd_get_mode_chan(struct hostapd_hw_modes *mode, unsigned int freq)
1550 {
1551 	int i;
1552 	struct hostapd_channel_data *chan;
1553 
1554 	for (i = 0; i < mode->num_channels; i++) {
1555 		chan = &mode->channels[i];
1556 		if ((unsigned int) chan->freq == freq)
1557 			return chan;
1558 	}
1559 
1560 	return NULL;
1561 }
1562 
1563 
1564 static struct hostapd_channel_data * hostapd_get_mode_channel(
1565 	struct hostapd_iface *iface, unsigned int freq)
1566 {
1567 	int i;
1568 	struct hostapd_channel_data *chan;
1569 
1570 	for (i = 0; i < iface->num_hw_features; i++) {
1571 		if (hostapd_hw_skip_mode(iface, &iface->hw_features[i]))
1572 			continue;
1573 		chan = hostapd_get_mode_chan(&iface->hw_features[i], freq);
1574 		if (chan)
1575 			return chan;
1576 	}
1577 
1578 	return NULL;
1579 }
1580 
1581 
1582 static void hostapd_update_nf(struct hostapd_iface *iface,
1583 			      struct hostapd_channel_data *chan,
1584 			      struct freq_survey *survey)
1585 {
1586 	if (!iface->chans_surveyed) {
1587 		chan->min_nf = survey->nf;
1588 		iface->lowest_nf = survey->nf;
1589 	} else {
1590 		if (dl_list_empty(&chan->survey_list))
1591 			chan->min_nf = survey->nf;
1592 		else if (survey->nf < chan->min_nf)
1593 			chan->min_nf = survey->nf;
1594 		if (survey->nf < iface->lowest_nf)
1595 			iface->lowest_nf = survey->nf;
1596 	}
1597 }
1598 
1599 
1600 static void hostapd_single_channel_get_survey(struct hostapd_iface *iface,
1601 					      struct survey_results *survey_res)
1602 {
1603 	struct hostapd_channel_data *chan;
1604 	struct freq_survey *survey;
1605 	u64 divisor, dividend;
1606 
1607 	survey = dl_list_first(&survey_res->survey_list, struct freq_survey,
1608 			       list);
1609 	if (!survey || !survey->freq)
1610 		return;
1611 
1612 	chan = hostapd_get_mode_channel(iface, survey->freq);
1613 	if (!chan || chan->flag & HOSTAPD_CHAN_DISABLED)
1614 		return;
1615 
1616 	wpa_printf(MSG_DEBUG,
1617 		   "Single Channel Survey: (freq=%d channel_time=%ld channel_time_busy=%ld)",
1618 		   survey->freq,
1619 		   (unsigned long int) survey->channel_time,
1620 		   (unsigned long int) survey->channel_time_busy);
1621 
1622 	if (survey->channel_time > iface->last_channel_time &&
1623 	    survey->channel_time > survey->channel_time_busy) {
1624 		dividend = survey->channel_time_busy -
1625 			iface->last_channel_time_busy;
1626 		divisor = survey->channel_time - iface->last_channel_time;
1627 
1628 		iface->channel_utilization = dividend * 255 / divisor;
1629 		wpa_printf(MSG_DEBUG, "Channel Utilization: %d",
1630 			   iface->channel_utilization);
1631 	}
1632 	iface->last_channel_time = survey->channel_time;
1633 	iface->last_channel_time_busy = survey->channel_time_busy;
1634 }
1635 
1636 
1637 void hostapd_event_get_survey(struct hostapd_iface *iface,
1638 			      struct survey_results *survey_results)
1639 {
1640 	struct freq_survey *survey, *tmp;
1641 	struct hostapd_channel_data *chan;
1642 
1643 	if (dl_list_empty(&survey_results->survey_list)) {
1644 		wpa_printf(MSG_DEBUG, "No survey data received");
1645 		return;
1646 	}
1647 
1648 	if (survey_results->freq_filter) {
1649 		hostapd_single_channel_get_survey(iface, survey_results);
1650 		return;
1651 	}
1652 
1653 	dl_list_for_each_safe(survey, tmp, &survey_results->survey_list,
1654 			      struct freq_survey, list) {
1655 		chan = hostapd_get_mode_channel(iface, survey->freq);
1656 		if (!chan)
1657 			continue;
1658 		if (chan->flag & HOSTAPD_CHAN_DISABLED)
1659 			continue;
1660 
1661 		dl_list_del(&survey->list);
1662 		dl_list_add_tail(&chan->survey_list, &survey->list);
1663 
1664 		hostapd_update_nf(iface, chan, survey);
1665 
1666 		iface->chans_surveyed++;
1667 	}
1668 }
1669 
1670 
1671 #ifdef HOSTAPD
1672 #ifdef NEED_AP_MLME
1673 
1674 static void hostapd_event_iface_unavailable(struct hostapd_data *hapd)
1675 {
1676 	wpa_printf(MSG_DEBUG, "Interface %s is unavailable -- stopped",
1677 		   hapd->conf->iface);
1678 
1679 	if (hapd->csa_in_progress) {
1680 		wpa_printf(MSG_INFO, "CSA failed (%s was stopped)",
1681 			   hapd->conf->iface);
1682 		hostapd_switch_channel_fallback(hapd->iface,
1683 						&hapd->cs_freq_params);
1684 	}
1685 }
1686 
1687 
1688 static void hostapd_event_dfs_radar_detected(struct hostapd_data *hapd,
1689 					     struct dfs_event *radar)
1690 {
1691 	wpa_printf(MSG_DEBUG, "DFS radar detected on %d MHz", radar->freq);
1692 	hostapd_dfs_radar_detected(hapd->iface, radar->freq, radar->ht_enabled,
1693 				   radar->chan_offset, radar->chan_width,
1694 				   radar->cf1, radar->cf2);
1695 }
1696 
1697 
1698 static void hostapd_event_dfs_pre_cac_expired(struct hostapd_data *hapd,
1699 					      struct dfs_event *radar)
1700 {
1701 	wpa_printf(MSG_DEBUG, "DFS Pre-CAC expired on %d MHz", radar->freq);
1702 	hostapd_dfs_pre_cac_expired(hapd->iface, radar->freq, radar->ht_enabled,
1703 				    radar->chan_offset, radar->chan_width,
1704 				    radar->cf1, radar->cf2);
1705 }
1706 
1707 
1708 static void hostapd_event_dfs_cac_finished(struct hostapd_data *hapd,
1709 					   struct dfs_event *radar)
1710 {
1711 	wpa_printf(MSG_DEBUG, "DFS CAC finished on %d MHz", radar->freq);
1712 	hostapd_dfs_complete_cac(hapd->iface, 1, radar->freq, radar->ht_enabled,
1713 				 radar->chan_offset, radar->chan_width,
1714 				 radar->cf1, radar->cf2);
1715 }
1716 
1717 
1718 static void hostapd_event_dfs_cac_aborted(struct hostapd_data *hapd,
1719 					  struct dfs_event *radar)
1720 {
1721 	wpa_printf(MSG_DEBUG, "DFS CAC aborted on %d MHz", radar->freq);
1722 	hostapd_dfs_complete_cac(hapd->iface, 0, radar->freq, radar->ht_enabled,
1723 				 radar->chan_offset, radar->chan_width,
1724 				 radar->cf1, radar->cf2);
1725 }
1726 
1727 
1728 static void hostapd_event_dfs_nop_finished(struct hostapd_data *hapd,
1729 					   struct dfs_event *radar)
1730 {
1731 	wpa_printf(MSG_DEBUG, "DFS NOP finished on %d MHz", radar->freq);
1732 	hostapd_dfs_nop_finished(hapd->iface, radar->freq, radar->ht_enabled,
1733 				 radar->chan_offset, radar->chan_width,
1734 				 radar->cf1, radar->cf2);
1735 }
1736 
1737 
1738 static void hostapd_event_dfs_cac_started(struct hostapd_data *hapd,
1739 					  struct dfs_event *radar)
1740 {
1741 	wpa_printf(MSG_DEBUG, "DFS offload CAC started on %d MHz", radar->freq);
1742 	hostapd_dfs_start_cac(hapd->iface, radar->freq, radar->ht_enabled,
1743 			      radar->chan_offset, radar->chan_width,
1744 			      radar->cf1, radar->cf2);
1745 }
1746 
1747 #endif /* NEED_AP_MLME */
1748 
1749 
1750 static void hostapd_event_wds_sta_interface_status(struct hostapd_data *hapd,
1751 						   int istatus,
1752 						   const char *ifname,
1753 						   const u8 *addr)
1754 {
1755 	struct sta_info *sta = ap_get_sta(hapd, addr);
1756 
1757 	if (sta) {
1758 		os_free(sta->ifname_wds);
1759 		if (istatus == INTERFACE_ADDED)
1760 			sta->ifname_wds = os_strdup(ifname);
1761 		else
1762 			sta->ifname_wds = NULL;
1763 	}
1764 
1765 	wpa_msg(hapd->msg_ctx, MSG_INFO, "%sifname=%s sta_addr=" MACSTR,
1766 		istatus == INTERFACE_ADDED ?
1767 		WDS_STA_INTERFACE_ADDED : WDS_STA_INTERFACE_REMOVED,
1768 		ifname, MAC2STR(addr));
1769 }
1770 
1771 
1772 #ifdef CONFIG_OWE
1773 static int hostapd_notif_update_dh_ie(struct hostapd_data *hapd,
1774 				      const u8 *peer, const u8 *ie,
1775 				      size_t ie_len)
1776 {
1777 	u16 status;
1778 	struct sta_info *sta;
1779 	struct ieee802_11_elems elems;
1780 
1781 	if (!hapd || !hapd->wpa_auth) {
1782 		wpa_printf(MSG_DEBUG, "OWE: Invalid hapd context");
1783 		return -1;
1784 	}
1785 	if (!peer) {
1786 		wpa_printf(MSG_DEBUG, "OWE: Peer unknown");
1787 		return -1;
1788 	}
1789 	if (!(hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE)) {
1790 		wpa_printf(MSG_DEBUG, "OWE: No OWE AKM configured");
1791 		status = WLAN_STATUS_AKMP_NOT_VALID;
1792 		goto err;
1793 	}
1794 	if (ieee802_11_parse_elems(ie, ie_len, &elems, 1) == ParseFailed) {
1795 		wpa_printf(MSG_DEBUG, "OWE: Failed to parse OWE IE for "
1796 			   MACSTR, MAC2STR(peer));
1797 		status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1798 		goto err;
1799 	}
1800 	status = owe_validate_request(hapd, peer, elems.rsn_ie,
1801 				      elems.rsn_ie_len,
1802 				      elems.owe_dh, elems.owe_dh_len);
1803 	if (status != WLAN_STATUS_SUCCESS)
1804 		goto err;
1805 
1806 	sta = ap_get_sta(hapd, peer);
1807 	if (sta) {
1808 		ap_sta_no_session_timeout(hapd, sta);
1809 		accounting_sta_stop(hapd, sta);
1810 
1811 		/*
1812 		 * Make sure that the previously registered inactivity timer
1813 		 * will not remove the STA immediately.
1814 		 */
1815 		sta->timeout_next = STA_NULLFUNC;
1816 	} else {
1817 		sta = ap_sta_add(hapd, peer);
1818 		if (!sta) {
1819 			status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1820 			goto err;
1821 		}
1822 	}
1823 	sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
1824 
1825 	status = owe_process_rsn_ie(hapd, sta, elems.rsn_ie,
1826 				    elems.rsn_ie_len, elems.owe_dh,
1827 				    elems.owe_dh_len);
1828 	if (status != WLAN_STATUS_SUCCESS)
1829 		ap_free_sta(hapd, sta);
1830 
1831 	return 0;
1832 err:
1833 	hostapd_drv_update_dh_ie(hapd, peer, status, NULL, 0);
1834 	return 0;
1835 }
1836 #endif /* CONFIG_OWE */
1837 
1838 
1839 void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
1840 			  union wpa_event_data *data)
1841 {
1842 	struct hostapd_data *hapd = ctx;
1843 #ifndef CONFIG_NO_STDOUT_DEBUG
1844 	int level = MSG_DEBUG;
1845 
1846 	if (event == EVENT_RX_MGMT && data->rx_mgmt.frame &&
1847 	    data->rx_mgmt.frame_len >= 24) {
1848 		const struct ieee80211_hdr *hdr;
1849 		u16 fc;
1850 
1851 		hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame;
1852 		fc = le_to_host16(hdr->frame_control);
1853 		if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
1854 		    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON)
1855 			level = MSG_EXCESSIVE;
1856 		if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
1857 		    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_REQ)
1858 			level = MSG_EXCESSIVE;
1859 	}
1860 
1861 	wpa_dbg(hapd->msg_ctx, level, "Event %s (%d) received",
1862 		event_to_string(event), event);
1863 #endif /* CONFIG_NO_STDOUT_DEBUG */
1864 
1865 	switch (event) {
1866 	case EVENT_MICHAEL_MIC_FAILURE:
1867 		michael_mic_failure(hapd, data->michael_mic_failure.src, 1);
1868 		break;
1869 	case EVENT_SCAN_RESULTS:
1870 		if (hapd->iface->scan_cb)
1871 			hapd->iface->scan_cb(hapd->iface);
1872 		break;
1873 	case EVENT_WPS_BUTTON_PUSHED:
1874 		hostapd_wps_button_pushed(hapd, NULL);
1875 		break;
1876 #ifdef NEED_AP_MLME
1877 	case EVENT_TX_STATUS:
1878 		switch (data->tx_status.type) {
1879 		case WLAN_FC_TYPE_MGMT:
1880 			hostapd_mgmt_tx_cb(hapd, data->tx_status.data,
1881 					   data->tx_status.data_len,
1882 					   data->tx_status.stype,
1883 					   data->tx_status.ack);
1884 			break;
1885 		case WLAN_FC_TYPE_DATA:
1886 			hostapd_tx_status(hapd, data->tx_status.dst,
1887 					  data->tx_status.data,
1888 					  data->tx_status.data_len,
1889 					  data->tx_status.ack);
1890 			break;
1891 		}
1892 		break;
1893 	case EVENT_EAPOL_TX_STATUS:
1894 		hostapd_eapol_tx_status(hapd, data->eapol_tx_status.dst,
1895 					data->eapol_tx_status.data,
1896 					data->eapol_tx_status.data_len,
1897 					data->eapol_tx_status.ack);
1898 		break;
1899 	case EVENT_DRIVER_CLIENT_POLL_OK:
1900 		hostapd_client_poll_ok(hapd, data->client_poll.addr);
1901 		break;
1902 	case EVENT_RX_FROM_UNKNOWN:
1903 		hostapd_rx_from_unknown_sta(hapd, data->rx_from_unknown.bssid,
1904 					    data->rx_from_unknown.addr,
1905 					    data->rx_from_unknown.wds);
1906 		break;
1907 #endif /* NEED_AP_MLME */
1908 	case EVENT_RX_MGMT:
1909 		if (!data->rx_mgmt.frame)
1910 			break;
1911 #ifdef NEED_AP_MLME
1912 		hostapd_mgmt_rx(hapd, &data->rx_mgmt);
1913 #else /* NEED_AP_MLME */
1914 		hostapd_action_rx(hapd, &data->rx_mgmt);
1915 #endif /* NEED_AP_MLME */
1916 		break;
1917 	case EVENT_RX_PROBE_REQ:
1918 		if (data->rx_probe_req.sa == NULL ||
1919 		    data->rx_probe_req.ie == NULL)
1920 			break;
1921 		hostapd_probe_req_rx(hapd, data->rx_probe_req.sa,
1922 				     data->rx_probe_req.da,
1923 				     data->rx_probe_req.bssid,
1924 				     data->rx_probe_req.ie,
1925 				     data->rx_probe_req.ie_len,
1926 				     data->rx_probe_req.ssi_signal);
1927 		break;
1928 	case EVENT_NEW_STA:
1929 		hostapd_event_new_sta(hapd, data->new_sta.addr);
1930 		break;
1931 	case EVENT_EAPOL_RX:
1932 		hostapd_event_eapol_rx(hapd, data->eapol_rx.src,
1933 				       data->eapol_rx.data,
1934 				       data->eapol_rx.data_len);
1935 		break;
1936 	case EVENT_ASSOC:
1937 		if (!data)
1938 			return;
1939 		hostapd_notif_assoc(hapd, data->assoc_info.addr,
1940 				    data->assoc_info.req_ies,
1941 				    data->assoc_info.req_ies_len,
1942 				    data->assoc_info.reassoc);
1943 		break;
1944 #ifdef CONFIG_OWE
1945 	case EVENT_UPDATE_DH:
1946 		if (!data)
1947 			return;
1948 		hostapd_notif_update_dh_ie(hapd, data->update_dh.peer,
1949 					   data->update_dh.ie,
1950 					   data->update_dh.ie_len);
1951 		break;
1952 #endif /* CONFIG_OWE */
1953 	case EVENT_DISASSOC:
1954 		if (data)
1955 			hostapd_notif_disassoc(hapd, data->disassoc_info.addr);
1956 		break;
1957 	case EVENT_DEAUTH:
1958 		if (data)
1959 			hostapd_notif_disassoc(hapd, data->deauth_info.addr);
1960 		break;
1961 	case EVENT_STATION_LOW_ACK:
1962 		if (!data)
1963 			break;
1964 		hostapd_event_sta_low_ack(hapd, data->low_ack.addr);
1965 		break;
1966 	case EVENT_AUTH:
1967 		hostapd_notif_auth(hapd, &data->auth);
1968 		break;
1969 	case EVENT_CH_SWITCH_STARTED:
1970 	case EVENT_CH_SWITCH:
1971 		if (!data)
1972 			break;
1973 		hostapd_event_ch_switch(hapd, data->ch_switch.freq,
1974 					data->ch_switch.ht_enabled,
1975 					data->ch_switch.ch_offset,
1976 					data->ch_switch.ch_width,
1977 					data->ch_switch.cf1,
1978 					data->ch_switch.cf2,
1979 					event == EVENT_CH_SWITCH);
1980 		break;
1981 	case EVENT_CONNECT_FAILED_REASON:
1982 		if (!data)
1983 			break;
1984 		hostapd_event_connect_failed_reason(
1985 			hapd, data->connect_failed_reason.addr,
1986 			data->connect_failed_reason.code);
1987 		break;
1988 	case EVENT_SURVEY:
1989 		hostapd_event_get_survey(hapd->iface, &data->survey_results);
1990 		break;
1991 #ifdef NEED_AP_MLME
1992 	case EVENT_INTERFACE_UNAVAILABLE:
1993 		hostapd_event_iface_unavailable(hapd);
1994 		break;
1995 	case EVENT_DFS_RADAR_DETECTED:
1996 		if (!data)
1997 			break;
1998 		hostapd_event_dfs_radar_detected(hapd, &data->dfs_event);
1999 		break;
2000 	case EVENT_DFS_PRE_CAC_EXPIRED:
2001 		if (!data)
2002 			break;
2003 		hostapd_event_dfs_pre_cac_expired(hapd, &data->dfs_event);
2004 		break;
2005 	case EVENT_DFS_CAC_FINISHED:
2006 		if (!data)
2007 			break;
2008 		hostapd_event_dfs_cac_finished(hapd, &data->dfs_event);
2009 		break;
2010 	case EVENT_DFS_CAC_ABORTED:
2011 		if (!data)
2012 			break;
2013 		hostapd_event_dfs_cac_aborted(hapd, &data->dfs_event);
2014 		break;
2015 	case EVENT_DFS_NOP_FINISHED:
2016 		if (!data)
2017 			break;
2018 		hostapd_event_dfs_nop_finished(hapd, &data->dfs_event);
2019 		break;
2020 	case EVENT_CHANNEL_LIST_CHANGED:
2021 		/* channel list changed (regulatory?), update channel list */
2022 		/* TODO: check this. hostapd_get_hw_features() initializes
2023 		 * too much stuff. */
2024 		/* hostapd_get_hw_features(hapd->iface); */
2025 		hostapd_channel_list_updated(
2026 			hapd->iface, data->channel_list_changed.initiator);
2027 		break;
2028 	case EVENT_DFS_CAC_STARTED:
2029 		if (!data)
2030 			break;
2031 		hostapd_event_dfs_cac_started(hapd, &data->dfs_event);
2032 		break;
2033 #endif /* NEED_AP_MLME */
2034 	case EVENT_INTERFACE_ENABLED:
2035 		wpa_msg(hapd->msg_ctx, MSG_INFO, INTERFACE_ENABLED);
2036 		if (hapd->disabled && hapd->started) {
2037 			hapd->disabled = 0;
2038 			/*
2039 			 * Try to re-enable interface if the driver stopped it
2040 			 * when the interface got disabled.
2041 			 */
2042 			if (hapd->wpa_auth)
2043 				wpa_auth_reconfig_group_keys(hapd->wpa_auth);
2044 			else
2045 				hostapd_reconfig_encryption(hapd);
2046 			hapd->reenable_beacon = 1;
2047 			ieee802_11_set_beacon(hapd);
2048 #ifdef NEED_AP_MLME
2049 		} else if (hapd->disabled && hapd->iface->cac_started) {
2050 			wpa_printf(MSG_DEBUG, "DFS: restarting pending CAC");
2051 			hostapd_handle_dfs(hapd->iface);
2052 #endif /* NEED_AP_MLME */
2053 		}
2054 		break;
2055 	case EVENT_INTERFACE_DISABLED:
2056 		hostapd_free_stas(hapd);
2057 		wpa_msg(hapd->msg_ctx, MSG_INFO, INTERFACE_DISABLED);
2058 		hapd->disabled = 1;
2059 		break;
2060 #ifdef CONFIG_ACS
2061 	case EVENT_ACS_CHANNEL_SELECTED:
2062 		hostapd_acs_channel_selected(hapd,
2063 					     &data->acs_selected_channels);
2064 		break;
2065 #endif /* CONFIG_ACS */
2066 	case EVENT_STATION_OPMODE_CHANGED:
2067 		hostapd_event_sta_opmode_changed(hapd, data->sta_opmode.addr,
2068 						 data->sta_opmode.smps_mode,
2069 						 data->sta_opmode.chan_width,
2070 						 data->sta_opmode.rx_nss);
2071 		break;
2072 	case EVENT_WDS_STA_INTERFACE_STATUS:
2073 		hostapd_event_wds_sta_interface_status(
2074 			hapd, data->wds_sta_interface.istatus,
2075 			data->wds_sta_interface.ifname,
2076 			data->wds_sta_interface.sta_addr);
2077 		break;
2078 	default:
2079 		wpa_printf(MSG_DEBUG, "Unknown event %d", event);
2080 		break;
2081 	}
2082 }
2083 
2084 
2085 void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
2086 				 union wpa_event_data *data)
2087 {
2088 	struct hapd_interfaces *interfaces = ctx;
2089 	struct hostapd_data *hapd;
2090 
2091 	if (event != EVENT_INTERFACE_STATUS)
2092 		return;
2093 
2094 	hapd = hostapd_get_iface(interfaces, data->interface_status.ifname);
2095 	if (hapd && hapd->driver && hapd->driver->get_ifindex &&
2096 	    hapd->drv_priv) {
2097 		unsigned int ifindex;
2098 
2099 		ifindex = hapd->driver->get_ifindex(hapd->drv_priv);
2100 		if (ifindex != data->interface_status.ifindex) {
2101 			wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
2102 				"interface status ifindex %d mismatch (%d)",
2103 				ifindex, data->interface_status.ifindex);
2104 			return;
2105 		}
2106 	}
2107 	if (hapd)
2108 		wpa_supplicant_event(hapd, event, data);
2109 }
2110 
2111 #endif /* HOSTAPD */
2112