1 /* 2 * hostapd / Station table 3 * Copyright (c) 2002-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "common/sae.h" 16 #include "radius/radius.h" 17 #include "radius/radius_client.h" 18 #include "p2p/p2p.h" 19 #include "hostapd.h" 20 #include "accounting.h" 21 #include "ieee802_1x.h" 22 #include "ieee802_11.h" 23 #include "ieee802_11_auth.h" 24 #include "wpa_auth.h" 25 #include "preauth_auth.h" 26 #include "ap_config.h" 27 #include "beacon.h" 28 #include "ap_mlme.h" 29 #include "vlan_init.h" 30 #include "p2p_hostapd.h" 31 #include "ap_drv_ops.h" 32 #include "gas_serv.h" 33 #include "wnm_ap.h" 34 #include "ndisc_snoop.h" 35 #include "sta_info.h" 36 37 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd, 38 struct sta_info *sta); 39 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx); 40 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx); 41 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx); 42 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx); 43 #ifdef CONFIG_IEEE80211W 44 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx); 45 #endif /* CONFIG_IEEE80211W */ 46 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta); 47 48 int ap_for_each_sta(struct hostapd_data *hapd, 49 int (*cb)(struct hostapd_data *hapd, struct sta_info *sta, 50 void *ctx), 51 void *ctx) 52 { 53 struct sta_info *sta; 54 55 for (sta = hapd->sta_list; sta; sta = sta->next) { 56 if (cb(hapd, sta, ctx)) 57 return 1; 58 } 59 60 return 0; 61 } 62 63 64 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta) 65 { 66 struct sta_info *s; 67 68 s = hapd->sta_hash[STA_HASH(sta)]; 69 while (s != NULL && os_memcmp(s->addr, sta, 6) != 0) 70 s = s->hnext; 71 return s; 72 } 73 74 75 #ifdef CONFIG_P2P 76 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr) 77 { 78 struct sta_info *sta; 79 80 for (sta = hapd->sta_list; sta; sta = sta->next) { 81 const u8 *p2p_dev_addr; 82 83 if (sta->p2p_ie == NULL) 84 continue; 85 86 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 87 if (p2p_dev_addr == NULL) 88 continue; 89 90 if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0) 91 return sta; 92 } 93 94 return NULL; 95 } 96 #endif /* CONFIG_P2P */ 97 98 99 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta) 100 { 101 struct sta_info *tmp; 102 103 if (hapd->sta_list == sta) { 104 hapd->sta_list = sta->next; 105 return; 106 } 107 108 tmp = hapd->sta_list; 109 while (tmp != NULL && tmp->next != sta) 110 tmp = tmp->next; 111 if (tmp == NULL) { 112 wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from " 113 "list.", MAC2STR(sta->addr)); 114 } else 115 tmp->next = sta->next; 116 } 117 118 119 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta) 120 { 121 sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)]; 122 hapd->sta_hash[STA_HASH(sta->addr)] = sta; 123 } 124 125 126 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta) 127 { 128 struct sta_info *s; 129 130 s = hapd->sta_hash[STA_HASH(sta->addr)]; 131 if (s == NULL) return; 132 if (os_memcmp(s->addr, sta->addr, 6) == 0) { 133 hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext; 134 return; 135 } 136 137 while (s->hnext != NULL && 138 os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0) 139 s = s->hnext; 140 if (s->hnext != NULL) 141 s->hnext = s->hnext->hnext; 142 else 143 wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR 144 " from hash table", MAC2STR(sta->addr)); 145 } 146 147 148 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta) 149 { 150 sta_ip6addr_del(hapd, sta); 151 } 152 153 154 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta) 155 { 156 int set_beacon = 0; 157 158 accounting_sta_stop(hapd, sta); 159 160 /* just in case */ 161 ap_sta_set_authorized(hapd, sta, 0); 162 163 if (sta->flags & WLAN_STA_WDS) 164 hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0); 165 166 if (sta->ipaddr) 167 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 168 ap_sta_ip6addr_del(hapd, sta); 169 170 if (!hapd->iface->driver_ap_teardown && 171 !(sta->flags & WLAN_STA_PREAUTH)) 172 hostapd_drv_sta_remove(hapd, sta->addr); 173 174 ap_sta_hash_del(hapd, sta); 175 ap_sta_list_del(hapd, sta); 176 177 if (sta->aid > 0) 178 hapd->sta_aid[(sta->aid - 1) / 32] &= 179 ~BIT((sta->aid - 1) % 32); 180 181 hapd->num_sta--; 182 if (sta->nonerp_set) { 183 sta->nonerp_set = 0; 184 hapd->iface->num_sta_non_erp--; 185 if (hapd->iface->num_sta_non_erp == 0) 186 set_beacon++; 187 } 188 189 if (sta->no_short_slot_time_set) { 190 sta->no_short_slot_time_set = 0; 191 hapd->iface->num_sta_no_short_slot_time--; 192 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 193 && hapd->iface->num_sta_no_short_slot_time == 0) 194 set_beacon++; 195 } 196 197 if (sta->no_short_preamble_set) { 198 sta->no_short_preamble_set = 0; 199 hapd->iface->num_sta_no_short_preamble--; 200 if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 201 && hapd->iface->num_sta_no_short_preamble == 0) 202 set_beacon++; 203 } 204 205 if (sta->no_ht_gf_set) { 206 sta->no_ht_gf_set = 0; 207 hapd->iface->num_sta_ht_no_gf--; 208 } 209 210 if (sta->no_ht_set) { 211 sta->no_ht_set = 0; 212 hapd->iface->num_sta_no_ht--; 213 } 214 215 if (sta->ht_20mhz_set) { 216 sta->ht_20mhz_set = 0; 217 hapd->iface->num_sta_ht_20mhz--; 218 } 219 220 #ifdef CONFIG_IEEE80211N 221 ht40_intolerant_remove(hapd->iface, sta); 222 #endif /* CONFIG_IEEE80211N */ 223 224 #ifdef CONFIG_P2P 225 if (sta->no_p2p_set) { 226 sta->no_p2p_set = 0; 227 hapd->num_sta_no_p2p--; 228 if (hapd->num_sta_no_p2p == 0) 229 hostapd_p2p_non_p2p_sta_disconnected(hapd); 230 } 231 #endif /* CONFIG_P2P */ 232 233 #if defined(NEED_AP_MLME) && defined(CONFIG_IEEE80211N) 234 if (hostapd_ht_operation_update(hapd->iface) > 0) 235 set_beacon++; 236 #endif /* NEED_AP_MLME && CONFIG_IEEE80211N */ 237 238 #ifdef CONFIG_MESH 239 if (hapd->mesh_sta_free_cb) 240 hapd->mesh_sta_free_cb(sta); 241 #endif /* CONFIG_MESH */ 242 243 if (set_beacon) 244 ieee802_11_set_beacons(hapd->iface); 245 246 wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR, 247 __func__, MAC2STR(sta->addr)); 248 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 249 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 250 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta); 251 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 252 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 253 sae_clear_retransmit_timer(hapd, sta); 254 255 ieee802_1x_free_station(sta); 256 wpa_auth_sta_deinit(sta->wpa_sm); 257 rsn_preauth_free_station(hapd, sta); 258 #ifndef CONFIG_NO_RADIUS 259 if (hapd->radius) 260 radius_client_flush_auth(hapd->radius, sta->addr); 261 #endif /* CONFIG_NO_RADIUS */ 262 263 os_free(sta->challenge); 264 265 #ifdef CONFIG_IEEE80211W 266 os_free(sta->sa_query_trans_id); 267 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 268 #endif /* CONFIG_IEEE80211W */ 269 270 #ifdef CONFIG_P2P 271 p2p_group_notif_disassoc(hapd->p2p_group, sta->addr); 272 #endif /* CONFIG_P2P */ 273 274 #ifdef CONFIG_INTERWORKING 275 if (sta->gas_dialog) { 276 int i; 277 for (i = 0; i < GAS_DIALOG_MAX; i++) 278 gas_serv_dialog_clear(&sta->gas_dialog[i]); 279 os_free(sta->gas_dialog); 280 } 281 #endif /* CONFIG_INTERWORKING */ 282 283 wpabuf_free(sta->wps_ie); 284 wpabuf_free(sta->p2p_ie); 285 wpabuf_free(sta->hs20_ie); 286 287 os_free(sta->ht_capabilities); 288 os_free(sta->vht_capabilities); 289 hostapd_free_psk_list(sta->psk); 290 os_free(sta->identity); 291 os_free(sta->radius_cui); 292 os_free(sta->remediation_url); 293 wpabuf_free(sta->hs20_deauth_req); 294 os_free(sta->hs20_session_info_url); 295 296 #ifdef CONFIG_SAE 297 sae_clear_data(sta->sae); 298 os_free(sta->sae); 299 #endif /* CONFIG_SAE */ 300 301 os_free(sta); 302 } 303 304 305 void hostapd_free_stas(struct hostapd_data *hapd) 306 { 307 struct sta_info *sta, *prev; 308 309 sta = hapd->sta_list; 310 311 while (sta) { 312 prev = sta; 313 if (sta->flags & WLAN_STA_AUTH) { 314 mlme_deauthenticate_indication( 315 hapd, sta, WLAN_REASON_UNSPECIFIED); 316 } 317 sta = sta->next; 318 wpa_printf(MSG_DEBUG, "Removing station " MACSTR, 319 MAC2STR(prev->addr)); 320 ap_free_sta(hapd, prev); 321 } 322 } 323 324 325 /** 326 * ap_handle_timer - Per STA timer handler 327 * @eloop_ctx: struct hostapd_data * 328 * @timeout_ctx: struct sta_info * 329 * 330 * This function is called to check station activity and to remove inactive 331 * stations. 332 */ 333 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx) 334 { 335 struct hostapd_data *hapd = eloop_ctx; 336 struct sta_info *sta = timeout_ctx; 337 unsigned long next_time = 0; 338 int reason; 339 340 wpa_printf(MSG_DEBUG, "%s: " MACSTR " flags=0x%x timeout_next=%d", 341 __func__, MAC2STR(sta->addr), sta->flags, 342 sta->timeout_next); 343 if (sta->timeout_next == STA_REMOVE) { 344 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 345 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 346 "local deauth request"); 347 ap_free_sta(hapd, sta); 348 return; 349 } 350 351 if ((sta->flags & WLAN_STA_ASSOC) && 352 (sta->timeout_next == STA_NULLFUNC || 353 sta->timeout_next == STA_DISASSOC)) { 354 int inactive_sec; 355 /* 356 * Add random value to timeout so that we don't end up bouncing 357 * all stations at the same time if we have lots of associated 358 * stations that are idle (but keep re-associating). 359 */ 360 int fuzz = os_random() % 20; 361 inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr); 362 if (inactive_sec == -1) { 363 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 364 "Check inactivity: Could not " 365 "get station info from kernel driver for " 366 MACSTR, MAC2STR(sta->addr)); 367 /* 368 * The driver may not support this functionality. 369 * Anyway, try again after the next inactivity timeout, 370 * but do not disconnect the station now. 371 */ 372 next_time = hapd->conf->ap_max_inactivity + fuzz; 373 } else if (inactive_sec == -ENOENT) { 374 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 375 "Station " MACSTR " has lost its driver entry", 376 MAC2STR(sta->addr)); 377 378 /* Avoid sending client probe on removed client */ 379 sta->timeout_next = STA_DISASSOC; 380 goto skip_poll; 381 } else if (inactive_sec < hapd->conf->ap_max_inactivity) { 382 /* station activity detected; reset timeout state */ 383 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 384 "Station " MACSTR " has been active %is ago", 385 MAC2STR(sta->addr), inactive_sec); 386 sta->timeout_next = STA_NULLFUNC; 387 next_time = hapd->conf->ap_max_inactivity + fuzz - 388 inactive_sec; 389 } else { 390 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 391 "Station " MACSTR " has been " 392 "inactive too long: %d sec, max allowed: %d", 393 MAC2STR(sta->addr), inactive_sec, 394 hapd->conf->ap_max_inactivity); 395 396 if (hapd->conf->skip_inactivity_poll) 397 sta->timeout_next = STA_DISASSOC; 398 } 399 } 400 401 if ((sta->flags & WLAN_STA_ASSOC) && 402 sta->timeout_next == STA_DISASSOC && 403 !(sta->flags & WLAN_STA_PENDING_POLL) && 404 !hapd->conf->skip_inactivity_poll) { 405 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR 406 " has ACKed data poll", MAC2STR(sta->addr)); 407 /* data nullfunc frame poll did not produce TX errors; assume 408 * station ACKed it */ 409 sta->timeout_next = STA_NULLFUNC; 410 next_time = hapd->conf->ap_max_inactivity; 411 } 412 413 skip_poll: 414 if (next_time) { 415 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 416 "for " MACSTR " (%lu seconds)", 417 __func__, MAC2STR(sta->addr), next_time); 418 eloop_register_timeout(next_time, 0, ap_handle_timer, hapd, 419 sta); 420 return; 421 } 422 423 if (sta->timeout_next == STA_NULLFUNC && 424 (sta->flags & WLAN_STA_ASSOC)) { 425 wpa_printf(MSG_DEBUG, " Polling STA"); 426 sta->flags |= WLAN_STA_PENDING_POLL; 427 hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr, 428 sta->flags & WLAN_STA_WMM); 429 } else if (sta->timeout_next != STA_REMOVE) { 430 int deauth = sta->timeout_next == STA_DEAUTH; 431 432 wpa_dbg(hapd->msg_ctx, MSG_DEBUG, 433 "Timeout, sending %s info to STA " MACSTR, 434 deauth ? "deauthentication" : "disassociation", 435 MAC2STR(sta->addr)); 436 437 if (deauth) { 438 hostapd_drv_sta_deauth( 439 hapd, sta->addr, 440 WLAN_REASON_PREV_AUTH_NOT_VALID); 441 } else { 442 reason = (sta->timeout_next == STA_DISASSOC) ? 443 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY : 444 WLAN_REASON_PREV_AUTH_NOT_VALID; 445 446 hostapd_drv_sta_disassoc(hapd, sta->addr, reason); 447 } 448 } 449 450 switch (sta->timeout_next) { 451 case STA_NULLFUNC: 452 sta->timeout_next = STA_DISASSOC; 453 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 454 "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)", 455 __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY); 456 eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer, 457 hapd, sta); 458 break; 459 case STA_DISASSOC: 460 case STA_DISASSOC_FROM_CLI: 461 ap_sta_set_authorized(hapd, sta, 0); 462 sta->flags &= ~WLAN_STA_ASSOC; 463 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 464 if (!sta->acct_terminate_cause) 465 sta->acct_terminate_cause = 466 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; 467 accounting_sta_stop(hapd, sta); 468 ieee802_1x_free_station(sta); 469 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 470 HOSTAPD_LEVEL_INFO, "disassociated due to " 471 "inactivity"); 472 reason = (sta->timeout_next == STA_DISASSOC) ? 473 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY : 474 WLAN_REASON_PREV_AUTH_NOT_VALID; 475 sta->timeout_next = STA_DEAUTH; 476 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 477 "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)", 478 __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY); 479 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 480 hapd, sta); 481 mlme_disassociate_indication(hapd, sta, reason); 482 break; 483 case STA_DEAUTH: 484 case STA_REMOVE: 485 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 486 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 487 "inactivity (timer DEAUTH/REMOVE)"); 488 if (!sta->acct_terminate_cause) 489 sta->acct_terminate_cause = 490 RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; 491 mlme_deauthenticate_indication( 492 hapd, sta, 493 WLAN_REASON_PREV_AUTH_NOT_VALID); 494 ap_free_sta(hapd, sta); 495 break; 496 } 497 } 498 499 500 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx) 501 { 502 struct hostapd_data *hapd = eloop_ctx; 503 struct sta_info *sta = timeout_ctx; 504 505 if (!(sta->flags & WLAN_STA_AUTH)) { 506 if (sta->flags & WLAN_STA_GAS) { 507 wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA " 508 "entry " MACSTR, MAC2STR(sta->addr)); 509 ap_free_sta(hapd, sta); 510 } 511 return; 512 } 513 514 hostapd_drv_sta_deauth(hapd, sta->addr, 515 WLAN_REASON_PREV_AUTH_NOT_VALID); 516 mlme_deauthenticate_indication(hapd, sta, 517 WLAN_REASON_PREV_AUTH_NOT_VALID); 518 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 519 HOSTAPD_LEVEL_INFO, "deauthenticated due to " 520 "session timeout"); 521 sta->acct_terminate_cause = 522 RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT; 523 ap_free_sta(hapd, sta); 524 } 525 526 527 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta, 528 u32 session_timeout) 529 { 530 if (eloop_replenish_timeout(session_timeout, 0, 531 ap_handle_session_timer, hapd, sta) == 1) { 532 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 533 HOSTAPD_LEVEL_DEBUG, "setting session timeout " 534 "to %d seconds", session_timeout); 535 } 536 } 537 538 539 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta, 540 u32 session_timeout) 541 { 542 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 543 HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d " 544 "seconds", session_timeout); 545 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 546 eloop_register_timeout(session_timeout, 0, ap_handle_session_timer, 547 hapd, sta); 548 } 549 550 551 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta) 552 { 553 eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); 554 } 555 556 557 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx) 558 { 559 #ifdef CONFIG_WNM 560 struct hostapd_data *hapd = eloop_ctx; 561 struct sta_info *sta = timeout_ctx; 562 563 wpa_printf(MSG_DEBUG, "WNM: Session warning time reached for " MACSTR, 564 MAC2STR(sta->addr)); 565 if (sta->hs20_session_info_url == NULL) 566 return; 567 568 wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url, 569 sta->hs20_disassoc_timer); 570 #endif /* CONFIG_WNM */ 571 } 572 573 574 void ap_sta_session_warning_timeout(struct hostapd_data *hapd, 575 struct sta_info *sta, int warning_time) 576 { 577 eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta); 578 eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer, 579 hapd, sta); 580 } 581 582 583 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr) 584 { 585 struct sta_info *sta; 586 587 sta = ap_get_sta(hapd, addr); 588 if (sta) 589 return sta; 590 591 wpa_printf(MSG_DEBUG, " New STA"); 592 if (hapd->num_sta >= hapd->conf->max_num_sta) { 593 /* FIX: might try to remove some old STAs first? */ 594 wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)", 595 hapd->num_sta, hapd->conf->max_num_sta); 596 return NULL; 597 } 598 599 sta = os_zalloc(sizeof(struct sta_info)); 600 if (sta == NULL) { 601 wpa_printf(MSG_ERROR, "malloc failed"); 602 return NULL; 603 } 604 sta->acct_interim_interval = hapd->conf->acct_interim_interval; 605 accounting_sta_get_id(hapd, sta); 606 607 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) { 608 wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout " 609 "for " MACSTR " (%d seconds - ap_max_inactivity)", 610 __func__, MAC2STR(addr), 611 hapd->conf->ap_max_inactivity); 612 eloop_register_timeout(hapd->conf->ap_max_inactivity, 0, 613 ap_handle_timer, hapd, sta); 614 } 615 616 /* initialize STA info data */ 617 os_memcpy(sta->addr, addr, ETH_ALEN); 618 sta->next = hapd->sta_list; 619 hapd->sta_list = sta; 620 hapd->num_sta++; 621 ap_sta_hash_add(hapd, sta); 622 sta->ssid = &hapd->conf->ssid; 623 ap_sta_remove_in_other_bss(hapd, sta); 624 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 625 dl_list_init(&sta->ip6addr); 626 627 return sta; 628 } 629 630 631 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta) 632 { 633 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 634 635 if (sta->ipaddr) 636 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 637 ap_sta_ip6addr_del(hapd, sta); 638 639 wpa_printf(MSG_DEBUG, "Removing STA " MACSTR " from kernel driver", 640 MAC2STR(sta->addr)); 641 if (hostapd_drv_sta_remove(hapd, sta->addr) && 642 sta->flags & WLAN_STA_ASSOC) { 643 wpa_printf(MSG_DEBUG, "Could not remove station " MACSTR 644 " from kernel driver.", MAC2STR(sta->addr)); 645 return -1; 646 } 647 return 0; 648 } 649 650 651 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd, 652 struct sta_info *sta) 653 { 654 struct hostapd_iface *iface = hapd->iface; 655 size_t i; 656 657 for (i = 0; i < iface->num_bss; i++) { 658 struct hostapd_data *bss = iface->bss[i]; 659 struct sta_info *sta2; 660 /* bss should always be set during operation, but it may be 661 * NULL during reconfiguration. Assume the STA is not 662 * associated to another BSS in that case to avoid NULL pointer 663 * dereferences. */ 664 if (bss == hapd || bss == NULL) 665 continue; 666 sta2 = ap_get_sta(bss, sta->addr); 667 if (!sta2) 668 continue; 669 670 ap_sta_disconnect(bss, sta2, sta2->addr, 671 WLAN_REASON_PREV_AUTH_NOT_VALID); 672 } 673 } 674 675 676 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx) 677 { 678 struct hostapd_data *hapd = eloop_ctx; 679 struct sta_info *sta = timeout_ctx; 680 681 ap_sta_remove(hapd, sta); 682 mlme_disassociate_indication(hapd, sta, sta->disassoc_reason); 683 } 684 685 686 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta, 687 u16 reason) 688 { 689 wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR, 690 hapd->conf->iface, MAC2STR(sta->addr)); 691 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 692 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 693 ap_sta_set_authorized(hapd, sta, 0); 694 sta->timeout_next = STA_DEAUTH; 695 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 696 "for " MACSTR " (%d seconds - " 697 "AP_MAX_INACTIVITY_AFTER_DISASSOC)", 698 __func__, MAC2STR(sta->addr), 699 AP_MAX_INACTIVITY_AFTER_DISASSOC); 700 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 701 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0, 702 ap_handle_timer, hapd, sta); 703 accounting_sta_stop(hapd, sta); 704 ieee802_1x_free_station(sta); 705 706 sta->disassoc_reason = reason; 707 sta->flags |= WLAN_STA_PENDING_DISASSOC_CB; 708 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 709 eloop_register_timeout(hapd->iface->drv_flags & 710 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 711 ap_sta_disassoc_cb_timeout, hapd, sta); 712 } 713 714 715 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx) 716 { 717 struct hostapd_data *hapd = eloop_ctx; 718 struct sta_info *sta = timeout_ctx; 719 720 ap_sta_remove(hapd, sta); 721 mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason); 722 } 723 724 725 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta, 726 u16 reason) 727 { 728 wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR, 729 hapd->conf->iface, MAC2STR(sta->addr)); 730 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 731 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 732 ap_sta_set_authorized(hapd, sta, 0); 733 sta->timeout_next = STA_REMOVE; 734 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 735 "for " MACSTR " (%d seconds - " 736 "AP_MAX_INACTIVITY_AFTER_DEAUTH)", 737 __func__, MAC2STR(sta->addr), 738 AP_MAX_INACTIVITY_AFTER_DEAUTH); 739 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 740 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, 741 ap_handle_timer, hapd, sta); 742 accounting_sta_stop(hapd, sta); 743 ieee802_1x_free_station(sta); 744 745 sta->deauth_reason = reason; 746 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB; 747 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 748 eloop_register_timeout(hapd->iface->drv_flags & 749 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 750 ap_sta_deauth_cb_timeout, hapd, sta); 751 } 752 753 754 #ifdef CONFIG_WPS 755 int ap_sta_wps_cancel(struct hostapd_data *hapd, 756 struct sta_info *sta, void *ctx) 757 { 758 if (sta && (sta->flags & WLAN_STA_WPS)) { 759 ap_sta_deauthenticate(hapd, sta, 760 WLAN_REASON_PREV_AUTH_NOT_VALID); 761 wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR, 762 __func__, MAC2STR(sta->addr)); 763 return 1; 764 } 765 766 return 0; 767 } 768 #endif /* CONFIG_WPS */ 769 770 771 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta, 772 int old_vlanid) 773 { 774 #ifndef CONFIG_NO_VLAN 775 const char *iface; 776 struct hostapd_vlan *vlan = NULL; 777 int ret; 778 779 /* 780 * Do not proceed furthur if the vlan id remains same. We do not want 781 * duplicate dynamic vlan entries. 782 */ 783 if (sta->vlan_id == old_vlanid) 784 return 0; 785 786 iface = hapd->conf->iface; 787 if (sta->ssid->vlan[0]) 788 iface = sta->ssid->vlan; 789 790 if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED) 791 sta->vlan_id = 0; 792 else if (sta->vlan_id > 0) { 793 struct hostapd_vlan *wildcard_vlan = NULL; 794 vlan = hapd->conf->vlan; 795 while (vlan) { 796 if (vlan->vlan_id == sta->vlan_id) 797 break; 798 if (vlan->vlan_id == VLAN_ID_WILDCARD) 799 wildcard_vlan = vlan; 800 vlan = vlan->next; 801 } 802 if (!vlan) 803 vlan = wildcard_vlan; 804 if (vlan) 805 iface = vlan->ifname; 806 } 807 808 if (sta->vlan_id > 0 && vlan == NULL) { 809 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 810 HOSTAPD_LEVEL_DEBUG, "could not find VLAN for " 811 "binding station to (vlan_id=%d)", 812 sta->vlan_id); 813 ret = -1; 814 goto done; 815 } else if (sta->vlan_id > 0 && vlan->vlan_id == VLAN_ID_WILDCARD) { 816 vlan = vlan_add_dynamic(hapd, vlan, sta->vlan_id); 817 if (vlan == NULL) { 818 hostapd_logger(hapd, sta->addr, 819 HOSTAPD_MODULE_IEEE80211, 820 HOSTAPD_LEVEL_DEBUG, "could not add " 821 "dynamic VLAN interface for vlan_id=%d", 822 sta->vlan_id); 823 ret = -1; 824 goto done; 825 } 826 827 iface = vlan->ifname; 828 if (vlan_setup_encryption_dyn(hapd, sta->ssid, iface) != 0) { 829 hostapd_logger(hapd, sta->addr, 830 HOSTAPD_MODULE_IEEE80211, 831 HOSTAPD_LEVEL_DEBUG, "could not " 832 "configure encryption for dynamic VLAN " 833 "interface for vlan_id=%d", 834 sta->vlan_id); 835 } 836 837 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 838 HOSTAPD_LEVEL_DEBUG, "added new dynamic VLAN " 839 "interface '%s'", iface); 840 } else if (vlan && vlan->vlan_id == sta->vlan_id) { 841 if (sta->vlan_id > 0) { 842 vlan->dynamic_vlan++; 843 hostapd_logger(hapd, sta->addr, 844 HOSTAPD_MODULE_IEEE80211, 845 HOSTAPD_LEVEL_DEBUG, "updated existing " 846 "dynamic VLAN interface '%s'", iface); 847 } 848 849 /* 850 * Update encryption configuration for statically generated 851 * VLAN interface. This is only used for static WEP 852 * configuration for the case where hostapd did not yet know 853 * which keys are to be used when the interface was added. 854 */ 855 if (vlan_setup_encryption_dyn(hapd, sta->ssid, iface) != 0) { 856 hostapd_logger(hapd, sta->addr, 857 HOSTAPD_MODULE_IEEE80211, 858 HOSTAPD_LEVEL_DEBUG, "could not " 859 "configure encryption for VLAN " 860 "interface for vlan_id=%d", 861 sta->vlan_id); 862 } 863 } 864 865 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 866 HOSTAPD_LEVEL_DEBUG, "binding station to interface " 867 "'%s'", iface); 868 869 if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0) 870 wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA"); 871 872 ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id); 873 if (ret < 0) { 874 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 875 HOSTAPD_LEVEL_DEBUG, "could not bind the STA " 876 "entry to vlan_id=%d", sta->vlan_id); 877 } 878 879 done: 880 /* During 1x reauth, if the vlan id changes, then remove the old id. */ 881 if (old_vlanid > 0) 882 vlan_remove_dynamic(hapd, old_vlanid); 883 884 return ret; 885 #else /* CONFIG_NO_VLAN */ 886 return 0; 887 #endif /* CONFIG_NO_VLAN */ 888 } 889 890 891 #ifdef CONFIG_IEEE80211W 892 893 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta) 894 { 895 u32 tu; 896 struct os_reltime now, passed; 897 os_get_reltime(&now); 898 os_reltime_sub(&now, &sta->sa_query_start, &passed); 899 tu = (passed.sec * 1000000 + passed.usec) / 1024; 900 if (hapd->conf->assoc_sa_query_max_timeout < tu) { 901 hostapd_logger(hapd, sta->addr, 902 HOSTAPD_MODULE_IEEE80211, 903 HOSTAPD_LEVEL_DEBUG, 904 "association SA Query timed out"); 905 sta->sa_query_timed_out = 1; 906 os_free(sta->sa_query_trans_id); 907 sta->sa_query_trans_id = NULL; 908 sta->sa_query_count = 0; 909 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 910 return 1; 911 } 912 913 return 0; 914 } 915 916 917 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx) 918 { 919 struct hostapd_data *hapd = eloop_ctx; 920 struct sta_info *sta = timeout_ctx; 921 unsigned int timeout, sec, usec; 922 u8 *trans_id, *nbuf; 923 924 if (sta->sa_query_count > 0 && 925 ap_check_sa_query_timeout(hapd, sta)) 926 return; 927 928 nbuf = os_realloc_array(sta->sa_query_trans_id, 929 sta->sa_query_count + 1, 930 WLAN_SA_QUERY_TR_ID_LEN); 931 if (nbuf == NULL) 932 return; 933 if (sta->sa_query_count == 0) { 934 /* Starting a new SA Query procedure */ 935 os_get_reltime(&sta->sa_query_start); 936 } 937 trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN; 938 sta->sa_query_trans_id = nbuf; 939 sta->sa_query_count++; 940 941 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) { 942 /* 943 * We don't really care which ID is used here, so simply 944 * hardcode this if the mostly theoretical os_get_random() 945 * failure happens. 946 */ 947 trans_id[0] = 0x12; 948 trans_id[1] = 0x34; 949 } 950 951 timeout = hapd->conf->assoc_sa_query_retry_timeout; 952 sec = ((timeout / 1000) * 1024) / 1000; 953 usec = (timeout % 1000) * 1024; 954 eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta); 955 956 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 957 HOSTAPD_LEVEL_DEBUG, 958 "association SA Query attempt %d", sta->sa_query_count); 959 960 ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id); 961 } 962 963 964 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta) 965 { 966 ap_sa_query_timer(hapd, sta); 967 } 968 969 970 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta) 971 { 972 eloop_cancel_timeout(ap_sa_query_timer, hapd, sta); 973 os_free(sta->sa_query_trans_id); 974 sta->sa_query_trans_id = NULL; 975 sta->sa_query_count = 0; 976 } 977 978 #endif /* CONFIG_IEEE80211W */ 979 980 981 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta, 982 int authorized) 983 { 984 const u8 *dev_addr = NULL; 985 char buf[100]; 986 #ifdef CONFIG_P2P 987 u8 addr[ETH_ALEN]; 988 u8 ip_addr_buf[4]; 989 #endif /* CONFIG_P2P */ 990 991 if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED)) 992 return; 993 994 if (authorized) 995 sta->flags |= WLAN_STA_AUTHORIZED; 996 else 997 sta->flags &= ~WLAN_STA_AUTHORIZED; 998 999 #ifdef CONFIG_P2P 1000 if (hapd->p2p_group == NULL) { 1001 if (sta->p2p_ie != NULL && 1002 p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0) 1003 dev_addr = addr; 1004 } else 1005 dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr); 1006 1007 if (dev_addr) 1008 os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR, 1009 MAC2STR(sta->addr), MAC2STR(dev_addr)); 1010 else 1011 #endif /* CONFIG_P2P */ 1012 os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr)); 1013 1014 if (hapd->sta_authorized_cb) 1015 hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx, 1016 sta->addr, authorized, dev_addr); 1017 1018 if (authorized) { 1019 char ip_addr[100]; 1020 ip_addr[0] = '\0'; 1021 #ifdef CONFIG_P2P 1022 if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) { 1023 os_snprintf(ip_addr, sizeof(ip_addr), 1024 " ip_addr=%u.%u.%u.%u", 1025 ip_addr_buf[0], ip_addr_buf[1], 1026 ip_addr_buf[2], ip_addr_buf[3]); 1027 } 1028 #endif /* CONFIG_P2P */ 1029 1030 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s", 1031 buf, ip_addr); 1032 1033 if (hapd->msg_ctx_parent && 1034 hapd->msg_ctx_parent != hapd->msg_ctx) 1035 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, 1036 AP_STA_CONNECTED "%s%s", 1037 buf, ip_addr); 1038 } else { 1039 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf); 1040 1041 if (hapd->msg_ctx_parent && 1042 hapd->msg_ctx_parent != hapd->msg_ctx) 1043 wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO, 1044 AP_STA_DISCONNECTED "%s", buf); 1045 } 1046 } 1047 1048 1049 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta, 1050 const u8 *addr, u16 reason) 1051 { 1052 1053 if (sta == NULL && addr) 1054 sta = ap_get_sta(hapd, addr); 1055 1056 if (addr) 1057 hostapd_drv_sta_deauth(hapd, addr, reason); 1058 1059 if (sta == NULL) 1060 return; 1061 ap_sta_set_authorized(hapd, sta, 0); 1062 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 1063 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 1064 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 1065 wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout " 1066 "for " MACSTR " (%d seconds - " 1067 "AP_MAX_INACTIVITY_AFTER_DEAUTH)", 1068 __func__, MAC2STR(sta->addr), 1069 AP_MAX_INACTIVITY_AFTER_DEAUTH); 1070 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 1071 eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, 1072 ap_handle_timer, hapd, sta); 1073 sta->timeout_next = STA_REMOVE; 1074 1075 sta->deauth_reason = reason; 1076 sta->flags |= WLAN_STA_PENDING_DEAUTH_CB; 1077 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 1078 eloop_register_timeout(hapd->iface->drv_flags & 1079 WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0, 1080 ap_sta_deauth_cb_timeout, hapd, sta); 1081 } 1082 1083 1084 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta) 1085 { 1086 if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) { 1087 wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame"); 1088 return; 1089 } 1090 sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB; 1091 eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta); 1092 ap_sta_deauth_cb_timeout(hapd, sta); 1093 } 1094 1095 1096 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta) 1097 { 1098 if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) { 1099 wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame"); 1100 return; 1101 } 1102 sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB; 1103 eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta); 1104 ap_sta_disassoc_cb_timeout(hapd, sta); 1105 } 1106 1107 1108 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen) 1109 { 1110 int res; 1111 1112 buf[0] = '\0'; 1113 res = os_snprintf(buf, buflen, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", 1114 (flags & WLAN_STA_AUTH ? "[AUTH]" : ""), 1115 (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""), 1116 (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""), 1117 (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" : 1118 ""), 1119 (flags & WLAN_STA_SHORT_PREAMBLE ? 1120 "[SHORT_PREAMBLE]" : ""), 1121 (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""), 1122 (flags & WLAN_STA_WMM ? "[WMM]" : ""), 1123 (flags & WLAN_STA_MFP ? "[MFP]" : ""), 1124 (flags & WLAN_STA_WPS ? "[WPS]" : ""), 1125 (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""), 1126 (flags & WLAN_STA_WDS ? "[WDS]" : ""), 1127 (flags & WLAN_STA_NONERP ? "[NonERP]" : ""), 1128 (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""), 1129 (flags & WLAN_STA_GAS ? "[GAS]" : ""), 1130 (flags & WLAN_STA_VHT ? "[VHT]" : ""), 1131 (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""), 1132 (flags & WLAN_STA_WNM_SLEEP_MODE ? 1133 "[WNM_SLEEP_MODE]" : "")); 1134 if (os_snprintf_error(buflen, res)) 1135 res = -1; 1136 1137 return res; 1138 } 1139