xref: /freebsd/contrib/wpa/src/ap/sta_info.c (revision 190cef3d52236565eb22e18b33e9e865ec634aa3)
1 /*
2  * hostapd / Station table
3  * Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "common/wpa_ctrl.h"
15 #include "common/sae.h"
16 #include "radius/radius.h"
17 #include "radius/radius_client.h"
18 #include "p2p/p2p.h"
19 #include "fst/fst.h"
20 #include "hostapd.h"
21 #include "accounting.h"
22 #include "ieee802_1x.h"
23 #include "ieee802_11.h"
24 #include "ieee802_11_auth.h"
25 #include "wpa_auth.h"
26 #include "preauth_auth.h"
27 #include "ap_config.h"
28 #include "beacon.h"
29 #include "ap_mlme.h"
30 #include "vlan_init.h"
31 #include "p2p_hostapd.h"
32 #include "ap_drv_ops.h"
33 #include "gas_serv.h"
34 #include "wnm_ap.h"
35 #include "mbo_ap.h"
36 #include "ndisc_snoop.h"
37 #include "sta_info.h"
38 #include "vlan.h"
39 
40 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
41 				       struct sta_info *sta);
42 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
43 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx);
44 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx);
45 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
46 #ifdef CONFIG_IEEE80211W
47 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
48 #endif /* CONFIG_IEEE80211W */
49 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
50 
51 int ap_for_each_sta(struct hostapd_data *hapd,
52 		    int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
53 			      void *ctx),
54 		    void *ctx)
55 {
56 	struct sta_info *sta;
57 
58 	for (sta = hapd->sta_list; sta; sta = sta->next) {
59 		if (cb(hapd, sta, ctx))
60 			return 1;
61 	}
62 
63 	return 0;
64 }
65 
66 
67 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
68 {
69 	struct sta_info *s;
70 
71 	s = hapd->sta_hash[STA_HASH(sta)];
72 	while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
73 		s = s->hnext;
74 	return s;
75 }
76 
77 
78 #ifdef CONFIG_P2P
79 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr)
80 {
81 	struct sta_info *sta;
82 
83 	for (sta = hapd->sta_list; sta; sta = sta->next) {
84 		const u8 *p2p_dev_addr;
85 
86 		if (sta->p2p_ie == NULL)
87 			continue;
88 
89 		p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
90 		if (p2p_dev_addr == NULL)
91 			continue;
92 
93 		if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0)
94 			return sta;
95 	}
96 
97 	return NULL;
98 }
99 #endif /* CONFIG_P2P */
100 
101 
102 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
103 {
104 	struct sta_info *tmp;
105 
106 	if (hapd->sta_list == sta) {
107 		hapd->sta_list = sta->next;
108 		return;
109 	}
110 
111 	tmp = hapd->sta_list;
112 	while (tmp != NULL && tmp->next != sta)
113 		tmp = tmp->next;
114 	if (tmp == NULL) {
115 		wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
116 			   "list.", MAC2STR(sta->addr));
117 	} else
118 		tmp->next = sta->next;
119 }
120 
121 
122 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
123 {
124 	sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
125 	hapd->sta_hash[STA_HASH(sta->addr)] = sta;
126 }
127 
128 
129 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
130 {
131 	struct sta_info *s;
132 
133 	s = hapd->sta_hash[STA_HASH(sta->addr)];
134 	if (s == NULL) return;
135 	if (os_memcmp(s->addr, sta->addr, 6) == 0) {
136 		hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
137 		return;
138 	}
139 
140 	while (s->hnext != NULL &&
141 	       os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
142 		s = s->hnext;
143 	if (s->hnext != NULL)
144 		s->hnext = s->hnext->hnext;
145 	else
146 		wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
147 			   " from hash table", MAC2STR(sta->addr));
148 }
149 
150 
151 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta)
152 {
153 	sta_ip6addr_del(hapd, sta);
154 }
155 
156 
157 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
158 {
159 	int set_beacon = 0;
160 
161 	accounting_sta_stop(hapd, sta);
162 
163 	/* just in case */
164 	ap_sta_set_authorized(hapd, sta, 0);
165 
166 	if (sta->flags & WLAN_STA_WDS)
167 		hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
168 
169 	if (sta->ipaddr)
170 		hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
171 	ap_sta_ip6addr_del(hapd, sta);
172 
173 	if (!hapd->iface->driver_ap_teardown &&
174 	    !(sta->flags & WLAN_STA_PREAUTH)) {
175 		hostapd_drv_sta_remove(hapd, sta->addr);
176 		sta->added_unassoc = 0;
177 	}
178 
179 	ap_sta_hash_del(hapd, sta);
180 	ap_sta_list_del(hapd, sta);
181 
182 	if (sta->aid > 0)
183 		hapd->sta_aid[(sta->aid - 1) / 32] &=
184 			~BIT((sta->aid - 1) % 32);
185 
186 	hapd->num_sta--;
187 	if (sta->nonerp_set) {
188 		sta->nonerp_set = 0;
189 		hapd->iface->num_sta_non_erp--;
190 		if (hapd->iface->num_sta_non_erp == 0)
191 			set_beacon++;
192 	}
193 
194 	if (sta->no_short_slot_time_set) {
195 		sta->no_short_slot_time_set = 0;
196 		hapd->iface->num_sta_no_short_slot_time--;
197 		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
198 		    && hapd->iface->num_sta_no_short_slot_time == 0)
199 			set_beacon++;
200 	}
201 
202 	if (sta->no_short_preamble_set) {
203 		sta->no_short_preamble_set = 0;
204 		hapd->iface->num_sta_no_short_preamble--;
205 		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
206 		    && hapd->iface->num_sta_no_short_preamble == 0)
207 			set_beacon++;
208 	}
209 
210 	if (sta->no_ht_gf_set) {
211 		sta->no_ht_gf_set = 0;
212 		hapd->iface->num_sta_ht_no_gf--;
213 	}
214 
215 	if (sta->no_ht_set) {
216 		sta->no_ht_set = 0;
217 		hapd->iface->num_sta_no_ht--;
218 	}
219 
220 	if (sta->ht_20mhz_set) {
221 		sta->ht_20mhz_set = 0;
222 		hapd->iface->num_sta_ht_20mhz--;
223 	}
224 
225 #ifdef CONFIG_TAXONOMY
226 	wpabuf_free(sta->probe_ie_taxonomy);
227 	sta->probe_ie_taxonomy = NULL;
228 	wpabuf_free(sta->assoc_ie_taxonomy);
229 	sta->assoc_ie_taxonomy = NULL;
230 #endif /* CONFIG_TAXONOMY */
231 
232 #ifdef CONFIG_IEEE80211N
233 	ht40_intolerant_remove(hapd->iface, sta);
234 #endif /* CONFIG_IEEE80211N */
235 
236 #ifdef CONFIG_P2P
237 	if (sta->no_p2p_set) {
238 		sta->no_p2p_set = 0;
239 		hapd->num_sta_no_p2p--;
240 		if (hapd->num_sta_no_p2p == 0)
241 			hostapd_p2p_non_p2p_sta_disconnected(hapd);
242 	}
243 #endif /* CONFIG_P2P */
244 
245 #if defined(NEED_AP_MLME) && defined(CONFIG_IEEE80211N)
246 	if (hostapd_ht_operation_update(hapd->iface) > 0)
247 		set_beacon++;
248 #endif /* NEED_AP_MLME && CONFIG_IEEE80211N */
249 
250 #ifdef CONFIG_MESH
251 	if (hapd->mesh_sta_free_cb)
252 		hapd->mesh_sta_free_cb(hapd, sta);
253 #endif /* CONFIG_MESH */
254 
255 	if (set_beacon)
256 		ieee802_11_set_beacons(hapd->iface);
257 
258 	wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR,
259 		   __func__, MAC2STR(sta->addr));
260 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
261 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
262 	eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
263 	ap_sta_clear_disconnect_timeouts(hapd, sta);
264 	sae_clear_retransmit_timer(hapd, sta);
265 
266 	ieee802_1x_free_station(hapd, sta);
267 	wpa_auth_sta_deinit(sta->wpa_sm);
268 	rsn_preauth_free_station(hapd, sta);
269 #ifndef CONFIG_NO_RADIUS
270 	if (hapd->radius)
271 		radius_client_flush_auth(hapd->radius, sta->addr);
272 #endif /* CONFIG_NO_RADIUS */
273 
274 #ifndef CONFIG_NO_VLAN
275 	/*
276 	 * sta->wpa_sm->group needs to be released before so that
277 	 * vlan_remove_dynamic() can check that no stations are left on the
278 	 * AP_VLAN netdev.
279 	 */
280 	if (sta->vlan_id)
281 		vlan_remove_dynamic(hapd, sta->vlan_id);
282 	if (sta->vlan_id_bound) {
283 		/*
284 		 * Need to remove the STA entry before potentially removing the
285 		 * VLAN.
286 		 */
287 		if (hapd->iface->driver_ap_teardown &&
288 		    !(sta->flags & WLAN_STA_PREAUTH)) {
289 			hostapd_drv_sta_remove(hapd, sta->addr);
290 			sta->added_unassoc = 0;
291 		}
292 		vlan_remove_dynamic(hapd, sta->vlan_id_bound);
293 	}
294 #endif /* CONFIG_NO_VLAN */
295 
296 	os_free(sta->challenge);
297 
298 #ifdef CONFIG_IEEE80211W
299 	os_free(sta->sa_query_trans_id);
300 	eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
301 #endif /* CONFIG_IEEE80211W */
302 
303 #ifdef CONFIG_P2P
304 	p2p_group_notif_disassoc(hapd->p2p_group, sta->addr);
305 #endif /* CONFIG_P2P */
306 
307 #ifdef CONFIG_INTERWORKING
308 	if (sta->gas_dialog) {
309 		int i;
310 		for (i = 0; i < GAS_DIALOG_MAX; i++)
311 			gas_serv_dialog_clear(&sta->gas_dialog[i]);
312 		os_free(sta->gas_dialog);
313 	}
314 #endif /* CONFIG_INTERWORKING */
315 
316 	wpabuf_free(sta->wps_ie);
317 	wpabuf_free(sta->p2p_ie);
318 	wpabuf_free(sta->hs20_ie);
319 #ifdef CONFIG_FST
320 	wpabuf_free(sta->mb_ies);
321 #endif /* CONFIG_FST */
322 
323 	os_free(sta->ht_capabilities);
324 	os_free(sta->vht_capabilities);
325 	hostapd_free_psk_list(sta->psk);
326 	os_free(sta->identity);
327 	os_free(sta->radius_cui);
328 	os_free(sta->remediation_url);
329 	wpabuf_free(sta->hs20_deauth_req);
330 	os_free(sta->hs20_session_info_url);
331 
332 #ifdef CONFIG_SAE
333 	sae_clear_data(sta->sae);
334 	os_free(sta->sae);
335 #endif /* CONFIG_SAE */
336 
337 	mbo_ap_sta_free(sta);
338 	os_free(sta->supp_op_classes);
339 
340 	os_free(sta);
341 }
342 
343 
344 void hostapd_free_stas(struct hostapd_data *hapd)
345 {
346 	struct sta_info *sta, *prev;
347 
348 	sta = hapd->sta_list;
349 
350 	while (sta) {
351 		prev = sta;
352 		if (sta->flags & WLAN_STA_AUTH) {
353 			mlme_deauthenticate_indication(
354 				hapd, sta, WLAN_REASON_UNSPECIFIED);
355 		}
356 		sta = sta->next;
357 		wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
358 			   MAC2STR(prev->addr));
359 		ap_free_sta(hapd, prev);
360 	}
361 }
362 
363 
364 /**
365  * ap_handle_timer - Per STA timer handler
366  * @eloop_ctx: struct hostapd_data *
367  * @timeout_ctx: struct sta_info *
368  *
369  * This function is called to check station activity and to remove inactive
370  * stations.
371  */
372 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
373 {
374 	struct hostapd_data *hapd = eloop_ctx;
375 	struct sta_info *sta = timeout_ctx;
376 	unsigned long next_time = 0;
377 	int reason;
378 
379 	wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d",
380 		   hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags,
381 		   sta->timeout_next);
382 	if (sta->timeout_next == STA_REMOVE) {
383 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
384 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
385 			       "local deauth request");
386 		ap_free_sta(hapd, sta);
387 		return;
388 	}
389 
390 	if ((sta->flags & WLAN_STA_ASSOC) &&
391 	    (sta->timeout_next == STA_NULLFUNC ||
392 	     sta->timeout_next == STA_DISASSOC)) {
393 		int inactive_sec;
394 		/*
395 		 * Add random value to timeout so that we don't end up bouncing
396 		 * all stations at the same time if we have lots of associated
397 		 * stations that are idle (but keep re-associating).
398 		 */
399 		int fuzz = os_random() % 20;
400 		inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr);
401 		if (inactive_sec == -1) {
402 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
403 				"Check inactivity: Could not "
404 				"get station info from kernel driver for "
405 				MACSTR, MAC2STR(sta->addr));
406 			/*
407 			 * The driver may not support this functionality.
408 			 * Anyway, try again after the next inactivity timeout,
409 			 * but do not disconnect the station now.
410 			 */
411 			next_time = hapd->conf->ap_max_inactivity + fuzz;
412 		} else if (inactive_sec == -ENOENT) {
413 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
414 				"Station " MACSTR " has lost its driver entry",
415 				MAC2STR(sta->addr));
416 
417 			/* Avoid sending client probe on removed client */
418 			sta->timeout_next = STA_DISASSOC;
419 			goto skip_poll;
420 		} else if (inactive_sec < hapd->conf->ap_max_inactivity) {
421 			/* station activity detected; reset timeout state */
422 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
423 				"Station " MACSTR " has been active %is ago",
424 				MAC2STR(sta->addr), inactive_sec);
425 			sta->timeout_next = STA_NULLFUNC;
426 			next_time = hapd->conf->ap_max_inactivity + fuzz -
427 				inactive_sec;
428 		} else {
429 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
430 				"Station " MACSTR " has been "
431 				"inactive too long: %d sec, max allowed: %d",
432 				MAC2STR(sta->addr), inactive_sec,
433 				hapd->conf->ap_max_inactivity);
434 
435 			if (hapd->conf->skip_inactivity_poll)
436 				sta->timeout_next = STA_DISASSOC;
437 		}
438 	}
439 
440 	if ((sta->flags & WLAN_STA_ASSOC) &&
441 	    sta->timeout_next == STA_DISASSOC &&
442 	    !(sta->flags & WLAN_STA_PENDING_POLL) &&
443 	    !hapd->conf->skip_inactivity_poll) {
444 		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
445 			" has ACKed data poll", MAC2STR(sta->addr));
446 		/* data nullfunc frame poll did not produce TX errors; assume
447 		 * station ACKed it */
448 		sta->timeout_next = STA_NULLFUNC;
449 		next_time = hapd->conf->ap_max_inactivity;
450 	}
451 
452 skip_poll:
453 	if (next_time) {
454 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
455 			   "for " MACSTR " (%lu seconds)",
456 			   __func__, MAC2STR(sta->addr), next_time);
457 		eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
458 				       sta);
459 		return;
460 	}
461 
462 	if (sta->timeout_next == STA_NULLFUNC &&
463 	    (sta->flags & WLAN_STA_ASSOC)) {
464 		wpa_printf(MSG_DEBUG, "  Polling STA");
465 		sta->flags |= WLAN_STA_PENDING_POLL;
466 		hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr,
467 					sta->flags & WLAN_STA_WMM);
468 	} else if (sta->timeout_next != STA_REMOVE) {
469 		int deauth = sta->timeout_next == STA_DEAUTH;
470 
471 		wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
472 			"Timeout, sending %s info to STA " MACSTR,
473 			deauth ? "deauthentication" : "disassociation",
474 			MAC2STR(sta->addr));
475 
476 		if (deauth) {
477 			hostapd_drv_sta_deauth(
478 				hapd, sta->addr,
479 				WLAN_REASON_PREV_AUTH_NOT_VALID);
480 		} else {
481 			reason = (sta->timeout_next == STA_DISASSOC) ?
482 				WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
483 				WLAN_REASON_PREV_AUTH_NOT_VALID;
484 
485 			hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
486 		}
487 	}
488 
489 	switch (sta->timeout_next) {
490 	case STA_NULLFUNC:
491 		sta->timeout_next = STA_DISASSOC;
492 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
493 			   "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)",
494 			   __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY);
495 		eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
496 				       hapd, sta);
497 		break;
498 	case STA_DISASSOC:
499 	case STA_DISASSOC_FROM_CLI:
500 		ap_sta_set_authorized(hapd, sta, 0);
501 		sta->flags &= ~WLAN_STA_ASSOC;
502 		ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
503 		if (!sta->acct_terminate_cause)
504 			sta->acct_terminate_cause =
505 				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
506 		accounting_sta_stop(hapd, sta);
507 		ieee802_1x_free_station(hapd, sta);
508 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
509 			       HOSTAPD_LEVEL_INFO, "disassociated due to "
510 			       "inactivity");
511 		reason = (sta->timeout_next == STA_DISASSOC) ?
512 			WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
513 			WLAN_REASON_PREV_AUTH_NOT_VALID;
514 		sta->timeout_next = STA_DEAUTH;
515 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
516 			   "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)",
517 			   __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY);
518 		eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
519 				       hapd, sta);
520 		mlme_disassociate_indication(hapd, sta, reason);
521 		break;
522 	case STA_DEAUTH:
523 	case STA_REMOVE:
524 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
525 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
526 			       "inactivity (timer DEAUTH/REMOVE)");
527 		if (!sta->acct_terminate_cause)
528 			sta->acct_terminate_cause =
529 				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
530 		mlme_deauthenticate_indication(
531 			hapd, sta,
532 			WLAN_REASON_PREV_AUTH_NOT_VALID);
533 		ap_free_sta(hapd, sta);
534 		break;
535 	}
536 }
537 
538 
539 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
540 {
541 	struct hostapd_data *hapd = eloop_ctx;
542 	struct sta_info *sta = timeout_ctx;
543 
544 	wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
545 		   hapd->conf->iface, MAC2STR(sta->addr));
546 	if (!(sta->flags & WLAN_STA_AUTH)) {
547 		if (sta->flags & WLAN_STA_GAS) {
548 			wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
549 				   "entry " MACSTR, MAC2STR(sta->addr));
550 			ap_free_sta(hapd, sta);
551 		}
552 		return;
553 	}
554 
555 	hostapd_drv_sta_deauth(hapd, sta->addr,
556 			       WLAN_REASON_PREV_AUTH_NOT_VALID);
557 	mlme_deauthenticate_indication(hapd, sta,
558 				       WLAN_REASON_PREV_AUTH_NOT_VALID);
559 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
560 		       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
561 		       "session timeout");
562 	sta->acct_terminate_cause =
563 		RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
564 	ap_free_sta(hapd, sta);
565 }
566 
567 
568 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta,
569 			      u32 session_timeout)
570 {
571 	if (eloop_replenish_timeout(session_timeout, 0,
572 				    ap_handle_session_timer, hapd, sta) == 1) {
573 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
574 			       HOSTAPD_LEVEL_DEBUG, "setting session timeout "
575 			       "to %d seconds", session_timeout);
576 	}
577 }
578 
579 
580 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
581 			    u32 session_timeout)
582 {
583 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
584 		       HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
585 		       "seconds", session_timeout);
586 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
587 	eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
588 			       hapd, sta);
589 }
590 
591 
592 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
593 {
594 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
595 }
596 
597 
598 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx)
599 {
600 #ifdef CONFIG_WNM
601 	struct hostapd_data *hapd = eloop_ctx;
602 	struct sta_info *sta = timeout_ctx;
603 
604 	wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for "
605 		   MACSTR, hapd->conf->iface, MAC2STR(sta->addr));
606 	if (sta->hs20_session_info_url == NULL)
607 		return;
608 
609 	wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url,
610 				       sta->hs20_disassoc_timer);
611 #endif /* CONFIG_WNM */
612 }
613 
614 
615 void ap_sta_session_warning_timeout(struct hostapd_data *hapd,
616 				    struct sta_info *sta, int warning_time)
617 {
618 	eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
619 	eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer,
620 			       hapd, sta);
621 }
622 
623 
624 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
625 {
626 	struct sta_info *sta;
627 
628 	sta = ap_get_sta(hapd, addr);
629 	if (sta)
630 		return sta;
631 
632 	wpa_printf(MSG_DEBUG, "  New STA");
633 	if (hapd->num_sta >= hapd->conf->max_num_sta) {
634 		/* FIX: might try to remove some old STAs first? */
635 		wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
636 			   hapd->num_sta, hapd->conf->max_num_sta);
637 		return NULL;
638 	}
639 
640 	sta = os_zalloc(sizeof(struct sta_info));
641 	if (sta == NULL) {
642 		wpa_printf(MSG_ERROR, "malloc failed");
643 		return NULL;
644 	}
645 	sta->acct_interim_interval = hapd->conf->acct_interim_interval;
646 	if (accounting_sta_get_id(hapd, sta) < 0) {
647 		os_free(sta);
648 		return NULL;
649 	}
650 
651 	if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) {
652 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
653 			   "for " MACSTR " (%d seconds - ap_max_inactivity)",
654 			   __func__, MAC2STR(addr),
655 			   hapd->conf->ap_max_inactivity);
656 		eloop_register_timeout(hapd->conf->ap_max_inactivity, 0,
657 				       ap_handle_timer, hapd, sta);
658 	}
659 
660 	/* initialize STA info data */
661 	os_memcpy(sta->addr, addr, ETH_ALEN);
662 	sta->next = hapd->sta_list;
663 	hapd->sta_list = sta;
664 	hapd->num_sta++;
665 	ap_sta_hash_add(hapd, sta);
666 	ap_sta_remove_in_other_bss(hapd, sta);
667 	sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
668 	dl_list_init(&sta->ip6addr);
669 
670 #ifdef CONFIG_TAXONOMY
671 	sta_track_claim_taxonomy_info(hapd->iface, addr,
672 				      &sta->probe_ie_taxonomy);
673 #endif /* CONFIG_TAXONOMY */
674 
675 	return sta;
676 }
677 
678 
679 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
680 {
681 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
682 
683 	if (sta->ipaddr)
684 		hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
685 	ap_sta_ip6addr_del(hapd, sta);
686 
687 	wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver",
688 		   hapd->conf->iface, MAC2STR(sta->addr));
689 	if (hostapd_drv_sta_remove(hapd, sta->addr) &&
690 	    sta->flags & WLAN_STA_ASSOC) {
691 		wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR
692 			   " from kernel driver",
693 			   hapd->conf->iface, MAC2STR(sta->addr));
694 		return -1;
695 	}
696 	sta->added_unassoc = 0;
697 	return 0;
698 }
699 
700 
701 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
702 				       struct sta_info *sta)
703 {
704 	struct hostapd_iface *iface = hapd->iface;
705 	size_t i;
706 
707 	for (i = 0; i < iface->num_bss; i++) {
708 		struct hostapd_data *bss = iface->bss[i];
709 		struct sta_info *sta2;
710 		/* bss should always be set during operation, but it may be
711 		 * NULL during reconfiguration. Assume the STA is not
712 		 * associated to another BSS in that case to avoid NULL pointer
713 		 * dereferences. */
714 		if (bss == hapd || bss == NULL)
715 			continue;
716 		sta2 = ap_get_sta(bss, sta->addr);
717 		if (!sta2)
718 			continue;
719 
720 		wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR
721 			   " association from another BSS %s",
722 			   hapd->conf->iface, MAC2STR(sta2->addr),
723 			   bss->conf->iface);
724 		ap_sta_disconnect(bss, sta2, sta2->addr,
725 				  WLAN_REASON_PREV_AUTH_NOT_VALID);
726 	}
727 }
728 
729 
730 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx)
731 {
732 	struct hostapd_data *hapd = eloop_ctx;
733 	struct sta_info *sta = timeout_ctx;
734 
735 	wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR,
736 		   hapd->conf->iface, MAC2STR(sta->addr));
737 	ap_sta_remove(hapd, sta);
738 	mlme_disassociate_indication(hapd, sta, sta->disassoc_reason);
739 }
740 
741 
742 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
743 			 u16 reason)
744 {
745 	wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
746 		   hapd->conf->iface, MAC2STR(sta->addr));
747 	sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
748 	sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
749 	ap_sta_set_authorized(hapd, sta, 0);
750 	sta->timeout_next = STA_DEAUTH;
751 	wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
752 		   "for " MACSTR " (%d seconds - "
753 		   "AP_MAX_INACTIVITY_AFTER_DISASSOC)",
754 		   __func__, MAC2STR(sta->addr),
755 		   AP_MAX_INACTIVITY_AFTER_DISASSOC);
756 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
757 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
758 			       ap_handle_timer, hapd, sta);
759 	accounting_sta_stop(hapd, sta);
760 	ieee802_1x_free_station(hapd, sta);
761 
762 	sta->disassoc_reason = reason;
763 	sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
764 	eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
765 	eloop_register_timeout(hapd->iface->drv_flags &
766 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
767 			       ap_sta_disassoc_cb_timeout, hapd, sta);
768 }
769 
770 
771 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx)
772 {
773 	struct hostapd_data *hapd = eloop_ctx;
774 	struct sta_info *sta = timeout_ctx;
775 
776 	wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR,
777 		   hapd->conf->iface, MAC2STR(sta->addr));
778 	ap_sta_remove(hapd, sta);
779 	mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason);
780 }
781 
782 
783 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
784 			   u16 reason)
785 {
786 	wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
787 		   hapd->conf->iface, MAC2STR(sta->addr));
788 	sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
789 	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
790 	ap_sta_set_authorized(hapd, sta, 0);
791 	sta->timeout_next = STA_REMOVE;
792 	wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
793 		   "for " MACSTR " (%d seconds - "
794 		   "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
795 		   __func__, MAC2STR(sta->addr),
796 		   AP_MAX_INACTIVITY_AFTER_DEAUTH);
797 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
798 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
799 			       ap_handle_timer, hapd, sta);
800 	accounting_sta_stop(hapd, sta);
801 	ieee802_1x_free_station(hapd, sta);
802 
803 	sta->deauth_reason = reason;
804 	sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
805 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
806 	eloop_register_timeout(hapd->iface->drv_flags &
807 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
808 			       ap_sta_deauth_cb_timeout, hapd, sta);
809 }
810 
811 
812 #ifdef CONFIG_WPS
813 int ap_sta_wps_cancel(struct hostapd_data *hapd,
814 		      struct sta_info *sta, void *ctx)
815 {
816 	if (sta && (sta->flags & WLAN_STA_WPS)) {
817 		ap_sta_deauthenticate(hapd, sta,
818 				      WLAN_REASON_PREV_AUTH_NOT_VALID);
819 		wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR,
820 			   __func__, MAC2STR(sta->addr));
821 		return 1;
822 	}
823 
824 	return 0;
825 }
826 #endif /* CONFIG_WPS */
827 
828 
829 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd)
830 {
831 	struct hostapd_vlan *vlan;
832 	int vlan_id = MAX_VLAN_ID + 2;
833 
834 retry:
835 	for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
836 		if (vlan->vlan_id == vlan_id) {
837 			vlan_id++;
838 			goto retry;
839 		}
840 	}
841 	return vlan_id;
842 }
843 
844 
845 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta,
846 		    struct vlan_description *vlan_desc)
847 {
848 	struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL;
849 	int old_vlan_id, vlan_id = 0, ret = 0;
850 
851 	if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED)
852 		vlan_desc = NULL;
853 
854 	/* Check if there is something to do */
855 	if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) {
856 		/* This sta is lacking its own vif */
857 	} else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED &&
858 		   !hapd->conf->ssid.per_sta_vif && sta->vlan_id) {
859 		/* sta->vlan_id needs to be reset */
860 	} else if (!vlan_compare(vlan_desc, sta->vlan_desc)) {
861 		return 0; /* nothing to change */
862 	}
863 
864 	/* Now the real VLAN changed or the STA just needs its own vif */
865 	if (hapd->conf->ssid.per_sta_vif) {
866 		/* Assign a new vif, always */
867 		/* find a free vlan_id sufficiently big */
868 		vlan_id = ap_sta_get_free_vlan_id(hapd);
869 		/* Get wildcard VLAN */
870 		for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
871 			if (vlan->vlan_id == VLAN_ID_WILDCARD)
872 				break;
873 		}
874 		if (!vlan) {
875 			hostapd_logger(hapd, sta->addr,
876 				       HOSTAPD_MODULE_IEEE80211,
877 				       HOSTAPD_LEVEL_DEBUG,
878 				       "per_sta_vif missing wildcard");
879 			vlan_id = 0;
880 			ret = -1;
881 			goto done;
882 		}
883 	} else if (vlan_desc && vlan_desc->notempty) {
884 		for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
885 			if (!vlan_compare(&vlan->vlan_desc, vlan_desc))
886 				break;
887 			if (vlan->vlan_id == VLAN_ID_WILDCARD)
888 				wildcard_vlan = vlan;
889 		}
890 		if (vlan) {
891 			vlan_id = vlan->vlan_id;
892 		} else if (wildcard_vlan) {
893 			vlan = wildcard_vlan;
894 			vlan_id = vlan_desc->untagged;
895 			if (vlan_desc->tagged[0]) {
896 				/* Tagged VLAN configuration */
897 				vlan_id = ap_sta_get_free_vlan_id(hapd);
898 			}
899 		} else {
900 			hostapd_logger(hapd, sta->addr,
901 				       HOSTAPD_MODULE_IEEE80211,
902 				       HOSTAPD_LEVEL_DEBUG,
903 				       "missing vlan and wildcard for vlan=%d%s",
904 				       vlan_desc->untagged,
905 				       vlan_desc->tagged[0] ? "+" : "");
906 			vlan_id = 0;
907 			ret = -1;
908 			goto done;
909 		}
910 	}
911 
912 	if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) {
913 		vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc);
914 		if (vlan == NULL) {
915 			hostapd_logger(hapd, sta->addr,
916 				       HOSTAPD_MODULE_IEEE80211,
917 				       HOSTAPD_LEVEL_DEBUG,
918 				       "could not add dynamic VLAN interface for vlan=%d%s",
919 				       vlan_desc ? vlan_desc->untagged : -1,
920 				       (vlan_desc && vlan_desc->tagged[0]) ?
921 				       "+" : "");
922 			vlan_id = 0;
923 			ret = -1;
924 			goto done;
925 		}
926 
927 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
928 			       HOSTAPD_LEVEL_DEBUG,
929 			       "added new dynamic VLAN interface '%s'",
930 			       vlan->ifname);
931 	} else if (vlan && vlan->dynamic_vlan > 0) {
932 		vlan->dynamic_vlan++;
933 		hostapd_logger(hapd, sta->addr,
934 			       HOSTAPD_MODULE_IEEE80211,
935 			       HOSTAPD_LEVEL_DEBUG,
936 			       "updated existing dynamic VLAN interface '%s'",
937 			       vlan->ifname);
938 	}
939 done:
940 	old_vlan_id = sta->vlan_id;
941 	sta->vlan_id = vlan_id;
942 	sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL;
943 
944 	if (vlan_id != old_vlan_id && old_vlan_id)
945 		vlan_remove_dynamic(hapd, old_vlan_id);
946 
947 	return ret;
948 }
949 
950 
951 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta)
952 {
953 #ifndef CONFIG_NO_VLAN
954 	const char *iface;
955 	struct hostapd_vlan *vlan = NULL;
956 	int ret;
957 	int old_vlanid = sta->vlan_id_bound;
958 
959 	iface = hapd->conf->iface;
960 	if (hapd->conf->ssid.vlan[0])
961 		iface = hapd->conf->ssid.vlan;
962 
963 	if (sta->vlan_id > 0) {
964 		for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
965 			if (vlan->vlan_id == sta->vlan_id)
966 				break;
967 		}
968 		if (vlan)
969 			iface = vlan->ifname;
970 	}
971 
972 	/*
973 	 * Do not increment ref counters if the VLAN ID remains same, but do
974 	 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might
975 	 * have been called before.
976 	 */
977 	if (sta->vlan_id == old_vlanid)
978 		goto skip_counting;
979 
980 	if (sta->vlan_id > 0 && vlan == NULL) {
981 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
982 			       HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
983 			       "binding station to (vlan_id=%d)",
984 			       sta->vlan_id);
985 		ret = -1;
986 		goto done;
987 	} else if (vlan && vlan->dynamic_vlan > 0) {
988 		vlan->dynamic_vlan++;
989 		hostapd_logger(hapd, sta->addr,
990 			       HOSTAPD_MODULE_IEEE80211,
991 			       HOSTAPD_LEVEL_DEBUG,
992 			       "updated existing dynamic VLAN interface '%s'",
993 			       iface);
994 	}
995 
996 	/* ref counters have been increased, so mark the station */
997 	sta->vlan_id_bound = sta->vlan_id;
998 
999 skip_counting:
1000 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1001 		       HOSTAPD_LEVEL_DEBUG, "binding station to interface "
1002 		       "'%s'", iface);
1003 
1004 	if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
1005 		wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
1006 
1007 	ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id);
1008 	if (ret < 0) {
1009 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1010 			       HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
1011 			       "entry to vlan_id=%d", sta->vlan_id);
1012 	}
1013 
1014 	/* During 1x reauth, if the vlan id changes, then remove the old id. */
1015 	if (old_vlanid > 0 && old_vlanid != sta->vlan_id)
1016 		vlan_remove_dynamic(hapd, old_vlanid);
1017 done:
1018 
1019 	return ret;
1020 #else /* CONFIG_NO_VLAN */
1021 	return 0;
1022 #endif /* CONFIG_NO_VLAN */
1023 }
1024 
1025 
1026 #ifdef CONFIG_IEEE80211W
1027 
1028 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
1029 {
1030 	u32 tu;
1031 	struct os_reltime now, passed;
1032 	os_get_reltime(&now);
1033 	os_reltime_sub(&now, &sta->sa_query_start, &passed);
1034 	tu = (passed.sec * 1000000 + passed.usec) / 1024;
1035 	if (hapd->conf->assoc_sa_query_max_timeout < tu) {
1036 		hostapd_logger(hapd, sta->addr,
1037 			       HOSTAPD_MODULE_IEEE80211,
1038 			       HOSTAPD_LEVEL_DEBUG,
1039 			       "association SA Query timed out");
1040 		sta->sa_query_timed_out = 1;
1041 		os_free(sta->sa_query_trans_id);
1042 		sta->sa_query_trans_id = NULL;
1043 		sta->sa_query_count = 0;
1044 		eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1045 		return 1;
1046 	}
1047 
1048 	return 0;
1049 }
1050 
1051 
1052 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
1053 {
1054 	struct hostapd_data *hapd = eloop_ctx;
1055 	struct sta_info *sta = timeout_ctx;
1056 	unsigned int timeout, sec, usec;
1057 	u8 *trans_id, *nbuf;
1058 
1059 	wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR
1060 		   " (count=%d)",
1061 		   hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count);
1062 
1063 	if (sta->sa_query_count > 0 &&
1064 	    ap_check_sa_query_timeout(hapd, sta))
1065 		return;
1066 
1067 	nbuf = os_realloc_array(sta->sa_query_trans_id,
1068 				sta->sa_query_count + 1,
1069 				WLAN_SA_QUERY_TR_ID_LEN);
1070 	if (nbuf == NULL)
1071 		return;
1072 	if (sta->sa_query_count == 0) {
1073 		/* Starting a new SA Query procedure */
1074 		os_get_reltime(&sta->sa_query_start);
1075 	}
1076 	trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
1077 	sta->sa_query_trans_id = nbuf;
1078 	sta->sa_query_count++;
1079 
1080 	if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
1081 		/*
1082 		 * We don't really care which ID is used here, so simply
1083 		 * hardcode this if the mostly theoretical os_get_random()
1084 		 * failure happens.
1085 		 */
1086 		trans_id[0] = 0x12;
1087 		trans_id[1] = 0x34;
1088 	}
1089 
1090 	timeout = hapd->conf->assoc_sa_query_retry_timeout;
1091 	sec = ((timeout / 1000) * 1024) / 1000;
1092 	usec = (timeout % 1000) * 1024;
1093 	eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta);
1094 
1095 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1096 		       HOSTAPD_LEVEL_DEBUG,
1097 		       "association SA Query attempt %d", sta->sa_query_count);
1098 
1099 	ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id);
1100 }
1101 
1102 
1103 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1104 {
1105 	ap_sa_query_timer(hapd, sta);
1106 }
1107 
1108 
1109 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
1110 {
1111 	eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
1112 	os_free(sta->sa_query_trans_id);
1113 	sta->sa_query_trans_id = NULL;
1114 	sta->sa_query_count = 0;
1115 }
1116 
1117 #endif /* CONFIG_IEEE80211W */
1118 
1119 
1120 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
1121 			   int authorized)
1122 {
1123 	const u8 *dev_addr = NULL;
1124 	char buf[100];
1125 #ifdef CONFIG_P2P
1126 	u8 addr[ETH_ALEN];
1127 	u8 ip_addr_buf[4];
1128 #endif /* CONFIG_P2P */
1129 
1130 	if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
1131 		return;
1132 
1133 	if (authorized)
1134 		sta->flags |= WLAN_STA_AUTHORIZED;
1135 	else
1136 		sta->flags &= ~WLAN_STA_AUTHORIZED;
1137 
1138 #ifdef CONFIG_P2P
1139 	if (hapd->p2p_group == NULL) {
1140 		if (sta->p2p_ie != NULL &&
1141 		    p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0)
1142 			dev_addr = addr;
1143 	} else
1144 		dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr);
1145 
1146 	if (dev_addr)
1147 		os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR,
1148 			    MAC2STR(sta->addr), MAC2STR(dev_addr));
1149 	else
1150 #endif /* CONFIG_P2P */
1151 		os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
1152 
1153 	if (hapd->sta_authorized_cb)
1154 		hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
1155 					sta->addr, authorized, dev_addr);
1156 
1157 	if (authorized) {
1158 		char ip_addr[100];
1159 		ip_addr[0] = '\0';
1160 #ifdef CONFIG_P2P
1161 		if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
1162 			os_snprintf(ip_addr, sizeof(ip_addr),
1163 				    " ip_addr=%u.%u.%u.%u",
1164 				    ip_addr_buf[0], ip_addr_buf[1],
1165 				    ip_addr_buf[2], ip_addr_buf[3]);
1166 		}
1167 #endif /* CONFIG_P2P */
1168 
1169 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s",
1170 			buf, ip_addr);
1171 
1172 		if (hapd->msg_ctx_parent &&
1173 		    hapd->msg_ctx_parent != hapd->msg_ctx)
1174 			wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1175 					  AP_STA_CONNECTED "%s%s",
1176 					  buf, ip_addr);
1177 	} else {
1178 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
1179 
1180 		if (hapd->msg_ctx_parent &&
1181 		    hapd->msg_ctx_parent != hapd->msg_ctx)
1182 			wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
1183 					  AP_STA_DISCONNECTED "%s", buf);
1184 	}
1185 
1186 #ifdef CONFIG_FST
1187 	if (hapd->iface->fst) {
1188 		if (authorized)
1189 			fst_notify_peer_connected(hapd->iface->fst, sta->addr);
1190 		else
1191 			fst_notify_peer_disconnected(hapd->iface->fst,
1192 						     sta->addr);
1193 	}
1194 #endif /* CONFIG_FST */
1195 }
1196 
1197 
1198 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
1199 		       const u8 *addr, u16 reason)
1200 {
1201 	if (sta)
1202 		wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u",
1203 			   hapd->conf->iface, __func__, MAC2STR(sta->addr),
1204 			   reason);
1205 	else if (addr)
1206 		wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u",
1207 			   hapd->conf->iface, __func__, MAC2STR(addr),
1208 			   reason);
1209 
1210 	if (sta == NULL && addr)
1211 		sta = ap_get_sta(hapd, addr);
1212 
1213 	if (addr)
1214 		hostapd_drv_sta_deauth(hapd, addr, reason);
1215 
1216 	if (sta == NULL)
1217 		return;
1218 	ap_sta_set_authorized(hapd, sta, 0);
1219 	wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
1220 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
1221 	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
1222 	wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout "
1223 		   "for " MACSTR " (%d seconds - "
1224 		   "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
1225 		   hapd->conf->iface, __func__, MAC2STR(sta->addr),
1226 		   AP_MAX_INACTIVITY_AFTER_DEAUTH);
1227 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
1228 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
1229 			       ap_handle_timer, hapd, sta);
1230 	sta->timeout_next = STA_REMOVE;
1231 
1232 	sta->deauth_reason = reason;
1233 	sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
1234 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1235 	eloop_register_timeout(hapd->iface->drv_flags &
1236 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
1237 			       ap_sta_deauth_cb_timeout, hapd, sta);
1238 }
1239 
1240 
1241 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
1242 {
1243 	if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
1244 		wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
1245 		return;
1246 	}
1247 	sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
1248 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
1249 	ap_sta_deauth_cb_timeout(hapd, sta);
1250 }
1251 
1252 
1253 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
1254 {
1255 	if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
1256 		wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
1257 		return;
1258 	}
1259 	sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
1260 	eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
1261 	ap_sta_disassoc_cb_timeout(hapd, sta);
1262 }
1263 
1264 
1265 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
1266 				      struct sta_info *sta)
1267 {
1268 	if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0)
1269 		wpa_printf(MSG_DEBUG,
1270 			   "%s: Removed ap_sta_deauth_cb_timeout timeout for "
1271 			   MACSTR,
1272 			   hapd->conf->iface, MAC2STR(sta->addr));
1273 	if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0)
1274 		wpa_printf(MSG_DEBUG,
1275 			   "%s: Removed ap_sta_disassoc_cb_timeout timeout for "
1276 			   MACSTR,
1277 			   hapd->conf->iface, MAC2STR(sta->addr));
1278 }
1279 
1280 
1281 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen)
1282 {
1283 	int res;
1284 
1285 	buf[0] = '\0';
1286 	res = os_snprintf(buf, buflen, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
1287 			  (flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
1288 			  (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
1289 			  (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""),
1290 			  (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
1291 			   ""),
1292 			  (flags & WLAN_STA_SHORT_PREAMBLE ?
1293 			   "[SHORT_PREAMBLE]" : ""),
1294 			  (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
1295 			  (flags & WLAN_STA_WMM ? "[WMM]" : ""),
1296 			  (flags & WLAN_STA_MFP ? "[MFP]" : ""),
1297 			  (flags & WLAN_STA_WPS ? "[WPS]" : ""),
1298 			  (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
1299 			  (flags & WLAN_STA_WDS ? "[WDS]" : ""),
1300 			  (flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
1301 			  (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""),
1302 			  (flags & WLAN_STA_GAS ? "[GAS]" : ""),
1303 			  (flags & WLAN_STA_VHT ? "[VHT]" : ""),
1304 			  (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""),
1305 			  (flags & WLAN_STA_WNM_SLEEP_MODE ?
1306 			   "[WNM_SLEEP_MODE]" : ""));
1307 	if (os_snprintf_error(buflen, res))
1308 		res = -1;
1309 
1310 	return res;
1311 }
1312