1 /* 2 * WPA Supplicant - Basic mesh peer management 3 * Copyright (c) 2013-2014, cozybit, Inc. All rights reserved. 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/hw_features_common.h" 15 #include "ap/hostapd.h" 16 #include "ap/sta_info.h" 17 #include "ap/ieee802_11.h" 18 #include "ap/wpa_auth.h" 19 #include "wpa_supplicant_i.h" 20 #include "driver_i.h" 21 #include "mesh_mpm.h" 22 #include "mesh_rsn.h" 23 #include "notify.h" 24 25 struct mesh_peer_mgmt_ie { 26 const u8 *proto_id; /* Mesh Peering Protocol Identifier (2 octets) */ 27 const u8 *llid; /* Local Link ID (2 octets) */ 28 const u8 *plid; /* Peer Link ID (conditional, 2 octets) */ 29 const u8 *reason; /* Reason Code (conditional, 2 octets) */ 30 const u8 *chosen_pmk; /* Chosen PMK (optional, 16 octets) */ 31 }; 32 33 static void plink_timer(void *eloop_ctx, void *user_data); 34 35 36 enum plink_event { 37 PLINK_UNDEFINED, 38 OPN_ACPT, 39 OPN_RJCT, 40 CNF_ACPT, 41 CNF_RJCT, 42 CLS_ACPT, 43 REQ_RJCT 44 }; 45 46 static const char * const mplstate[] = { 47 [0] = "UNINITIALIZED", 48 [PLINK_IDLE] = "IDLE", 49 [PLINK_OPN_SNT] = "OPN_SNT", 50 [PLINK_OPN_RCVD] = "OPN_RCVD", 51 [PLINK_CNF_RCVD] = "CNF_RCVD", 52 [PLINK_ESTAB] = "ESTAB", 53 [PLINK_HOLDING] = "HOLDING", 54 [PLINK_BLOCKED] = "BLOCKED" 55 }; 56 57 static const char * const mplevent[] = { 58 [PLINK_UNDEFINED] = "UNDEFINED", 59 [OPN_ACPT] = "OPN_ACPT", 60 [OPN_RJCT] = "OPN_RJCT", 61 [CNF_ACPT] = "CNF_ACPT", 62 [CNF_RJCT] = "CNF_RJCT", 63 [CLS_ACPT] = "CLS_ACPT", 64 [REQ_RJCT] = "REQ_RJCT", 65 }; 66 67 68 static int mesh_mpm_parse_peer_mgmt(struct wpa_supplicant *wpa_s, 69 u8 action_field, 70 const u8 *ie, size_t len, 71 struct mesh_peer_mgmt_ie *mpm_ie) 72 { 73 os_memset(mpm_ie, 0, sizeof(*mpm_ie)); 74 75 /* Remove optional Chosen PMK field at end */ 76 if (len >= SAE_PMKID_LEN) { 77 mpm_ie->chosen_pmk = ie + len - SAE_PMKID_LEN; 78 len -= SAE_PMKID_LEN; 79 } 80 81 if ((action_field == PLINK_OPEN && len != 4) || 82 (action_field == PLINK_CONFIRM && len != 6) || 83 (action_field == PLINK_CLOSE && len != 6 && len != 8)) { 84 wpa_msg(wpa_s, MSG_DEBUG, "MPM: Invalid peer mgmt ie"); 85 return -1; 86 } 87 88 /* required fields */ 89 if (len < 4) 90 return -1; 91 mpm_ie->proto_id = ie; 92 mpm_ie->llid = ie + 2; 93 ie += 4; 94 len -= 4; 95 96 /* close reason is always present at end for close */ 97 if (action_field == PLINK_CLOSE) { 98 if (len < 2) 99 return -1; 100 mpm_ie->reason = ie + len - 2; 101 len -= 2; 102 } 103 104 /* Peer Link ID, present for confirm, and possibly close */ 105 if (len >= 2) 106 mpm_ie->plid = ie; 107 108 return 0; 109 } 110 111 112 static int plink_free_count(struct hostapd_data *hapd) 113 { 114 if (hapd->max_plinks > hapd->num_plinks) 115 return hapd->max_plinks - hapd->num_plinks; 116 return 0; 117 } 118 119 120 static u16 copy_supp_rates(struct wpa_supplicant *wpa_s, 121 struct sta_info *sta, 122 struct ieee802_11_elems *elems) 123 { 124 if (!elems->supp_rates) { 125 wpa_msg(wpa_s, MSG_ERROR, "no supported rates from " MACSTR, 126 MAC2STR(sta->addr)); 127 return WLAN_STATUS_UNSPECIFIED_FAILURE; 128 } 129 130 if (elems->supp_rates_len + elems->ext_supp_rates_len > 131 sizeof(sta->supported_rates)) { 132 wpa_msg(wpa_s, MSG_ERROR, 133 "Invalid supported rates element length " MACSTR 134 " %d+%d", MAC2STR(sta->addr), elems->supp_rates_len, 135 elems->ext_supp_rates_len); 136 return WLAN_STATUS_UNSPECIFIED_FAILURE; 137 } 138 139 sta->supported_rates_len = merge_byte_arrays( 140 sta->supported_rates, sizeof(sta->supported_rates), 141 elems->supp_rates, elems->supp_rates_len, 142 elems->ext_supp_rates, elems->ext_supp_rates_len); 143 144 return WLAN_STATUS_SUCCESS; 145 } 146 147 148 /* return true if elems from a neighbor match this MBSS */ 149 static Boolean matches_local(struct wpa_supplicant *wpa_s, 150 struct ieee802_11_elems *elems) 151 { 152 struct mesh_conf *mconf = wpa_s->ifmsh->mconf; 153 154 if (elems->mesh_config_len < 5) 155 return FALSE; 156 157 return (mconf->meshid_len == elems->mesh_id_len && 158 os_memcmp(mconf->meshid, elems->mesh_id, 159 elems->mesh_id_len) == 0 && 160 mconf->mesh_pp_id == elems->mesh_config[0] && 161 mconf->mesh_pm_id == elems->mesh_config[1] && 162 mconf->mesh_cc_id == elems->mesh_config[2] && 163 mconf->mesh_sp_id == elems->mesh_config[3] && 164 mconf->mesh_auth_id == elems->mesh_config[4]); 165 } 166 167 168 /* check if local link id is already used with another peer */ 169 static Boolean llid_in_use(struct wpa_supplicant *wpa_s, u16 llid) 170 { 171 struct sta_info *sta; 172 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 173 174 for (sta = hapd->sta_list; sta; sta = sta->next) { 175 if (sta->my_lid == llid) 176 return TRUE; 177 } 178 179 return FALSE; 180 } 181 182 183 /* generate an llid for a link and set to initial state */ 184 static void mesh_mpm_init_link(struct wpa_supplicant *wpa_s, 185 struct sta_info *sta) 186 { 187 u16 llid; 188 189 do { 190 if (os_get_random((u8 *) &llid, sizeof(llid)) < 0) 191 continue; 192 } while (!llid || llid_in_use(wpa_s, llid)); 193 194 sta->my_lid = llid; 195 sta->peer_lid = 0; 196 sta->peer_aid = 0; 197 198 /* 199 * We do not use wpa_mesh_set_plink_state() here because there is no 200 * entry in kernel yet. 201 */ 202 sta->plink_state = PLINK_IDLE; 203 } 204 205 206 static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s, 207 struct sta_info *sta, 208 enum plink_action_field type, 209 u16 close_reason) 210 { 211 struct wpabuf *buf; 212 struct hostapd_iface *ifmsh = wpa_s->ifmsh; 213 struct hostapd_data *bss = ifmsh->bss[0]; 214 struct mesh_conf *conf = ifmsh->mconf; 215 u8 supp_rates[2 + 2 + 32]; 216 u8 *pos, *cat; 217 u8 ie_len, add_plid = 0; 218 int ret; 219 int ampe = conf->security & MESH_CONF_SEC_AMPE; 220 size_t buf_len; 221 222 if (!sta) 223 return; 224 225 buf_len = 2 + /* Category and Action */ 226 2 + /* capability info */ 227 2 + /* AID */ 228 2 + 8 + /* supported rates */ 229 2 + (32 - 8) + 230 2 + 32 + /* mesh ID */ 231 2 + 7 + /* mesh config */ 232 2 + 24 + /* peering management */ 233 2 + 96 + /* AMPE */ 234 2 + 16; /* MIC */ 235 #ifdef CONFIG_IEEE80211N 236 if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) { 237 buf_len += 2 + 26 + /* HT capabilities */ 238 2 + 22; /* HT operation */ 239 } 240 #endif /* CONFIG_IEEE80211N */ 241 #ifdef CONFIG_IEEE80211AC 242 if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) { 243 buf_len += 2 + 12 + /* VHT Capabilities */ 244 2 + 5; /* VHT Operation */ 245 } 246 #endif /* CONFIG_IEEE80211AC */ 247 if (type != PLINK_CLOSE) 248 buf_len += conf->rsn_ie_len; /* RSN IE */ 249 250 buf = wpabuf_alloc(buf_len); 251 if (!buf) 252 return; 253 254 cat = wpabuf_mhead_u8(buf); 255 wpabuf_put_u8(buf, WLAN_ACTION_SELF_PROTECTED); 256 wpabuf_put_u8(buf, type); 257 258 if (type != PLINK_CLOSE) { 259 u8 info; 260 261 /* capability info */ 262 wpabuf_put_le16(buf, ampe ? IEEE80211_CAP_PRIVACY : 0); 263 264 /* aid */ 265 if (type == PLINK_CONFIRM) 266 wpabuf_put_le16(buf, sta->aid); 267 268 /* IE: supp + ext. supp rates */ 269 pos = hostapd_eid_supp_rates(bss, supp_rates); 270 pos = hostapd_eid_ext_supp_rates(bss, pos); 271 wpabuf_put_data(buf, supp_rates, pos - supp_rates); 272 273 /* IE: RSN IE */ 274 wpabuf_put_data(buf, conf->rsn_ie, conf->rsn_ie_len); 275 276 /* IE: Mesh ID */ 277 wpabuf_put_u8(buf, WLAN_EID_MESH_ID); 278 wpabuf_put_u8(buf, conf->meshid_len); 279 wpabuf_put_data(buf, conf->meshid, conf->meshid_len); 280 281 /* IE: mesh conf */ 282 wpabuf_put_u8(buf, WLAN_EID_MESH_CONFIG); 283 wpabuf_put_u8(buf, 7); 284 wpabuf_put_u8(buf, conf->mesh_pp_id); 285 wpabuf_put_u8(buf, conf->mesh_pm_id); 286 wpabuf_put_u8(buf, conf->mesh_cc_id); 287 wpabuf_put_u8(buf, conf->mesh_sp_id); 288 wpabuf_put_u8(buf, conf->mesh_auth_id); 289 info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1; 290 /* TODO: Add Connected to Mesh Gate/AS subfields */ 291 wpabuf_put_u8(buf, info); 292 /* always forwarding & accepting plinks for now */ 293 wpabuf_put_u8(buf, MESH_CAP_ACCEPT_ADDITIONAL_PEER | 294 MESH_CAP_FORWARDING); 295 } else { /* Peer closing frame */ 296 /* IE: Mesh ID */ 297 wpabuf_put_u8(buf, WLAN_EID_MESH_ID); 298 wpabuf_put_u8(buf, conf->meshid_len); 299 wpabuf_put_data(buf, conf->meshid, conf->meshid_len); 300 } 301 302 /* IE: Mesh Peering Management element */ 303 ie_len = 4; 304 if (ampe) 305 ie_len += PMKID_LEN; 306 switch (type) { 307 case PLINK_OPEN: 308 break; 309 case PLINK_CONFIRM: 310 ie_len += 2; 311 add_plid = 1; 312 break; 313 case PLINK_CLOSE: 314 ie_len += 2; 315 add_plid = 1; 316 ie_len += 2; /* reason code */ 317 break; 318 } 319 320 wpabuf_put_u8(buf, WLAN_EID_PEER_MGMT); 321 wpabuf_put_u8(buf, ie_len); 322 /* peering protocol */ 323 if (ampe) 324 wpabuf_put_le16(buf, 1); 325 else 326 wpabuf_put_le16(buf, 0); 327 wpabuf_put_le16(buf, sta->my_lid); 328 if (add_plid) 329 wpabuf_put_le16(buf, sta->peer_lid); 330 if (type == PLINK_CLOSE) 331 wpabuf_put_le16(buf, close_reason); 332 if (ampe) { 333 if (sta->sae == NULL) { 334 wpa_msg(wpa_s, MSG_INFO, "Mesh MPM: no SAE session"); 335 goto fail; 336 } 337 mesh_rsn_get_pmkid(wpa_s->mesh_rsn, sta, 338 wpabuf_put(buf, PMKID_LEN)); 339 } 340 341 #ifdef CONFIG_IEEE80211N 342 if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) { 343 u8 ht_capa_oper[2 + 26 + 2 + 22]; 344 345 pos = hostapd_eid_ht_capabilities(bss, ht_capa_oper); 346 pos = hostapd_eid_ht_operation(bss, pos); 347 wpabuf_put_data(buf, ht_capa_oper, pos - ht_capa_oper); 348 } 349 #endif /* CONFIG_IEEE80211N */ 350 #ifdef CONFIG_IEEE80211AC 351 if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) { 352 u8 vht_capa_oper[2 + 12 + 2 + 5]; 353 354 pos = hostapd_eid_vht_capabilities(bss, vht_capa_oper, 0); 355 pos = hostapd_eid_vht_operation(bss, pos); 356 wpabuf_put_data(buf, vht_capa_oper, pos - vht_capa_oper); 357 } 358 #endif /* CONFIG_IEEE80211AC */ 359 360 if (ampe && mesh_rsn_protect_frame(wpa_s->mesh_rsn, sta, cat, buf)) { 361 wpa_msg(wpa_s, MSG_INFO, 362 "Mesh MPM: failed to add AMPE and MIC IE"); 363 goto fail; 364 } 365 366 wpa_msg(wpa_s, MSG_DEBUG, "Mesh MPM: Sending peering frame type %d to " 367 MACSTR " (my_lid=0x%x peer_lid=0x%x)", 368 type, MAC2STR(sta->addr), sta->my_lid, sta->peer_lid); 369 ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, 370 sta->addr, wpa_s->own_addr, wpa_s->own_addr, 371 wpabuf_head(buf), wpabuf_len(buf), 0); 372 if (ret < 0) 373 wpa_msg(wpa_s, MSG_INFO, 374 "Mesh MPM: failed to send peering frame"); 375 376 fail: 377 wpabuf_free(buf); 378 } 379 380 381 /* configure peering state in ours and driver's station entry */ 382 void wpa_mesh_set_plink_state(struct wpa_supplicant *wpa_s, 383 struct sta_info *sta, 384 enum mesh_plink_state state) 385 { 386 struct hostapd_sta_add_params params; 387 int ret; 388 389 wpa_msg(wpa_s, MSG_DEBUG, "MPM set " MACSTR " from %s into %s", 390 MAC2STR(sta->addr), mplstate[sta->plink_state], 391 mplstate[state]); 392 sta->plink_state = state; 393 394 os_memset(¶ms, 0, sizeof(params)); 395 params.addr = sta->addr; 396 params.plink_state = state; 397 params.peer_aid = sta->peer_aid; 398 params.set = 1; 399 400 ret = wpa_drv_sta_add(wpa_s, ¶ms); 401 if (ret) { 402 wpa_msg(wpa_s, MSG_ERROR, "Driver failed to set " MACSTR 403 ": %d", MAC2STR(sta->addr), ret); 404 } 405 } 406 407 408 static void mesh_mpm_fsm_restart(struct wpa_supplicant *wpa_s, 409 struct sta_info *sta) 410 { 411 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 412 413 eloop_cancel_timeout(plink_timer, wpa_s, sta); 414 415 ap_free_sta(hapd, sta); 416 } 417 418 419 static void plink_timer(void *eloop_ctx, void *user_data) 420 { 421 struct wpa_supplicant *wpa_s = eloop_ctx; 422 struct sta_info *sta = user_data; 423 u16 reason = 0; 424 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 425 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 426 427 switch (sta->plink_state) { 428 case PLINK_OPN_RCVD: 429 case PLINK_OPN_SNT: 430 /* retry timer */ 431 if (sta->mpm_retries < conf->dot11MeshMaxRetries) { 432 eloop_register_timeout( 433 conf->dot11MeshRetryTimeout / 1000, 434 (conf->dot11MeshRetryTimeout % 1000) * 1000, 435 plink_timer, wpa_s, sta); 436 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0); 437 sta->mpm_retries++; 438 break; 439 } 440 reason = WLAN_REASON_MESH_MAX_RETRIES; 441 /* fall through */ 442 443 case PLINK_CNF_RCVD: 444 /* confirm timer */ 445 if (!reason) 446 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; 447 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 448 eloop_register_timeout(conf->dot11MeshHoldingTimeout / 1000, 449 (conf->dot11MeshHoldingTimeout % 1000) * 1000, 450 plink_timer, wpa_s, sta); 451 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason); 452 break; 453 case PLINK_HOLDING: 454 /* holding timer */ 455 456 if (sta->mesh_sae_pmksa_caching) { 457 wpa_printf(MSG_DEBUG, "MPM: Peer " MACSTR 458 " looks like it does not support mesh SAE PMKSA caching, so remove the cached entry for it", 459 MAC2STR(sta->addr)); 460 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); 461 } 462 mesh_mpm_fsm_restart(wpa_s, sta); 463 break; 464 default: 465 break; 466 } 467 } 468 469 470 /* initiate peering with station */ 471 static void 472 mesh_mpm_plink_open(struct wpa_supplicant *wpa_s, struct sta_info *sta, 473 enum mesh_plink_state next_state) 474 { 475 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 476 477 eloop_cancel_timeout(plink_timer, wpa_s, sta); 478 eloop_register_timeout(conf->dot11MeshRetryTimeout / 1000, 479 (conf->dot11MeshRetryTimeout % 1000) * 1000, 480 plink_timer, wpa_s, sta); 481 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0); 482 wpa_mesh_set_plink_state(wpa_s, sta, next_state); 483 } 484 485 486 static int mesh_mpm_plink_close(struct hostapd_data *hapd, struct sta_info *sta, 487 void *ctx) 488 { 489 struct wpa_supplicant *wpa_s = ctx; 490 int reason = WLAN_REASON_MESH_PEERING_CANCELLED; 491 492 if (sta) { 493 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 494 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason); 495 wpa_printf(MSG_DEBUG, "MPM closing plink sta=" MACSTR, 496 MAC2STR(sta->addr)); 497 eloop_cancel_timeout(plink_timer, wpa_s, sta); 498 return 0; 499 } 500 501 return 1; 502 } 503 504 505 int mesh_mpm_close_peer(struct wpa_supplicant *wpa_s, const u8 *addr) 506 { 507 struct hostapd_data *hapd; 508 struct sta_info *sta; 509 510 if (!wpa_s->ifmsh) { 511 wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet"); 512 return -1; 513 } 514 515 hapd = wpa_s->ifmsh->bss[0]; 516 sta = ap_get_sta(hapd, addr); 517 if (!sta) { 518 wpa_msg(wpa_s, MSG_INFO, "No such mesh peer"); 519 return -1; 520 } 521 522 return mesh_mpm_plink_close(hapd, sta, wpa_s) == 0 ? 0 : -1; 523 } 524 525 526 static void peer_add_timer(void *eloop_ctx, void *user_data) 527 { 528 struct wpa_supplicant *wpa_s = eloop_ctx; 529 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 530 531 os_memset(hapd->mesh_required_peer, 0, ETH_ALEN); 532 } 533 534 535 int mesh_mpm_connect_peer(struct wpa_supplicant *wpa_s, const u8 *addr, 536 int duration) 537 { 538 struct wpa_ssid *ssid = wpa_s->current_ssid; 539 struct hostapd_data *hapd; 540 struct sta_info *sta; 541 struct mesh_conf *conf; 542 543 if (!wpa_s->ifmsh) { 544 wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet"); 545 return -1; 546 } 547 548 if (!ssid || !ssid->no_auto_peer) { 549 wpa_msg(wpa_s, MSG_INFO, 550 "This command is available only with no_auto_peer mesh network"); 551 return -1; 552 } 553 554 hapd = wpa_s->ifmsh->bss[0]; 555 conf = wpa_s->ifmsh->mconf; 556 557 sta = ap_get_sta(hapd, addr); 558 if (!sta) { 559 wpa_msg(wpa_s, MSG_INFO, "No such mesh peer"); 560 return -1; 561 } 562 563 if ((PLINK_OPN_SNT <= sta->plink_state && 564 sta->plink_state <= PLINK_ESTAB) || 565 (sta->sae && sta->sae->state > SAE_NOTHING)) { 566 wpa_msg(wpa_s, MSG_INFO, 567 "Specified peer is connecting/connected"); 568 return -1; 569 } 570 571 if (conf->security == MESH_CONF_SEC_NONE) { 572 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); 573 } else { 574 mesh_rsn_auth_sae_sta(wpa_s, sta); 575 os_memcpy(hapd->mesh_required_peer, addr, ETH_ALEN); 576 eloop_register_timeout(duration == -1 ? 10 : duration, 0, 577 peer_add_timer, wpa_s, NULL); 578 } 579 580 return 0; 581 } 582 583 584 void mesh_mpm_deinit(struct wpa_supplicant *wpa_s, struct hostapd_iface *ifmsh) 585 { 586 struct hostapd_data *hapd = ifmsh->bss[0]; 587 588 /* notify peers we're leaving */ 589 ap_for_each_sta(hapd, mesh_mpm_plink_close, wpa_s); 590 591 hapd->num_plinks = 0; 592 hostapd_free_stas(hapd); 593 eloop_cancel_timeout(peer_add_timer, wpa_s, NULL); 594 } 595 596 597 /* for mesh_rsn to indicate this peer has completed authentication, and we're 598 * ready to start AMPE */ 599 void mesh_mpm_auth_peer(struct wpa_supplicant *wpa_s, const u8 *addr) 600 { 601 struct hostapd_data *data = wpa_s->ifmsh->bss[0]; 602 struct hostapd_sta_add_params params; 603 struct sta_info *sta; 604 int ret; 605 606 sta = ap_get_sta(data, addr); 607 if (!sta) { 608 wpa_msg(wpa_s, MSG_DEBUG, "no such mesh peer"); 609 return; 610 } 611 612 /* TODO: Should do nothing if this STA is already authenticated, but 613 * the AP code already sets this flag. */ 614 sta->flags |= WLAN_STA_AUTH; 615 616 mesh_rsn_init_ampe_sta(wpa_s, sta); 617 618 os_memset(¶ms, 0, sizeof(params)); 619 params.addr = sta->addr; 620 params.flags = WPA_STA_AUTHENTICATED | WPA_STA_AUTHORIZED; 621 params.set = 1; 622 623 wpa_msg(wpa_s, MSG_DEBUG, "MPM authenticating " MACSTR, 624 MAC2STR(sta->addr)); 625 ret = wpa_drv_sta_add(wpa_s, ¶ms); 626 if (ret) { 627 wpa_msg(wpa_s, MSG_ERROR, 628 "Driver failed to set " MACSTR ": %d", 629 MAC2STR(sta->addr), ret); 630 } 631 632 if (!sta->my_lid) 633 mesh_mpm_init_link(wpa_s, sta); 634 635 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); 636 } 637 638 /* 639 * Initialize a sta_info structure for a peer and upload it into the driver 640 * in preparation for beginning authentication or peering. This is done when a 641 * Beacon (secure or open mesh) or a peering open frame (for open mesh) is 642 * received from the peer for the first time. 643 */ 644 static struct sta_info * mesh_mpm_add_peer(struct wpa_supplicant *wpa_s, 645 const u8 *addr, 646 struct ieee802_11_elems *elems) 647 { 648 struct hostapd_sta_add_params params; 649 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 650 struct hostapd_data *data = wpa_s->ifmsh->bss[0]; 651 struct sta_info *sta; 652 #ifdef CONFIG_IEEE80211N 653 struct ieee80211_ht_operation *oper; 654 #endif /* CONFIG_IEEE80211N */ 655 int ret; 656 657 if (elems->mesh_config_len >= 7 && 658 !(elems->mesh_config[6] & MESH_CAP_ACCEPT_ADDITIONAL_PEER)) { 659 wpa_msg(wpa_s, MSG_DEBUG, 660 "mesh: Ignore a crowded peer " MACSTR, 661 MAC2STR(addr)); 662 return NULL; 663 } 664 665 sta = ap_get_sta(data, addr); 666 if (!sta) { 667 sta = ap_sta_add(data, addr); 668 if (!sta) 669 return NULL; 670 } 671 672 /* Set WMM by default since Mesh STAs are QoS STAs */ 673 sta->flags |= WLAN_STA_WMM; 674 675 /* initialize sta */ 676 if (copy_supp_rates(wpa_s, sta, elems)) { 677 ap_free_sta(data, sta); 678 return NULL; 679 } 680 681 if (!sta->my_lid) 682 mesh_mpm_init_link(wpa_s, sta); 683 684 #ifdef CONFIG_IEEE80211N 685 copy_sta_ht_capab(data, sta, elems->ht_capabilities); 686 687 oper = (struct ieee80211_ht_operation *) elems->ht_operation; 688 if (oper && 689 !(oper->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) && 690 sta->ht_capabilities) { 691 wpa_msg(wpa_s, MSG_DEBUG, MACSTR 692 " does not support 40 MHz bandwidth", 693 MAC2STR(sta->addr)); 694 set_disable_ht40(sta->ht_capabilities, 1); 695 } 696 697 update_ht_state(data, sta); 698 #endif /* CONFIG_IEEE80211N */ 699 700 #ifdef CONFIG_IEEE80211AC 701 copy_sta_vht_capab(data, sta, elems->vht_capabilities); 702 set_sta_vht_opmode(data, sta, elems->vht_opmode_notif); 703 #endif /* CONFIG_IEEE80211AC */ 704 705 if (hostapd_get_aid(data, sta) < 0) { 706 wpa_msg(wpa_s, MSG_ERROR, "No AIDs available"); 707 ap_free_sta(data, sta); 708 return NULL; 709 } 710 711 /* insert into driver */ 712 os_memset(¶ms, 0, sizeof(params)); 713 params.supp_rates = sta->supported_rates; 714 params.supp_rates_len = sta->supported_rates_len; 715 params.addr = addr; 716 params.plink_state = sta->plink_state; 717 params.aid = sta->aid; 718 params.peer_aid = sta->peer_aid; 719 params.listen_interval = 100; 720 params.ht_capabilities = sta->ht_capabilities; 721 params.vht_capabilities = sta->vht_capabilities; 722 params.flags |= WPA_STA_WMM; 723 params.flags_mask |= WPA_STA_AUTHENTICATED; 724 if (conf->security == MESH_CONF_SEC_NONE) { 725 params.flags |= WPA_STA_AUTHORIZED; 726 params.flags |= WPA_STA_AUTHENTICATED; 727 } else { 728 sta->flags |= WLAN_STA_MFP; 729 params.flags |= WPA_STA_MFP; 730 } 731 732 ret = wpa_drv_sta_add(wpa_s, ¶ms); 733 if (ret) { 734 wpa_msg(wpa_s, MSG_ERROR, 735 "Driver failed to insert " MACSTR ": %d", 736 MAC2STR(addr), ret); 737 ap_free_sta(data, sta); 738 return NULL; 739 } 740 741 return sta; 742 } 743 744 745 void wpa_mesh_new_mesh_peer(struct wpa_supplicant *wpa_s, const u8 *addr, 746 struct ieee802_11_elems *elems) 747 { 748 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 749 struct hostapd_data *data = wpa_s->ifmsh->bss[0]; 750 struct sta_info *sta; 751 struct wpa_ssid *ssid = wpa_s->current_ssid; 752 753 sta = mesh_mpm_add_peer(wpa_s, addr, elems); 754 if (!sta) 755 return; 756 757 if (ssid && ssid->no_auto_peer && 758 (is_zero_ether_addr(data->mesh_required_peer) || 759 os_memcmp(data->mesh_required_peer, addr, ETH_ALEN) != 0)) { 760 wpa_msg(wpa_s, MSG_INFO, "will not initiate new peer link with " 761 MACSTR " because of no_auto_peer", MAC2STR(addr)); 762 if (data->mesh_pending_auth) { 763 struct os_reltime age; 764 const struct ieee80211_mgmt *mgmt; 765 struct hostapd_frame_info fi; 766 767 mgmt = wpabuf_head(data->mesh_pending_auth); 768 os_reltime_age(&data->mesh_pending_auth_time, &age); 769 if (age.sec < 2 && 770 os_memcmp(mgmt->sa, addr, ETH_ALEN) == 0) { 771 wpa_printf(MSG_DEBUG, 772 "mesh: Process pending Authentication frame from %u.%06u seconds ago", 773 (unsigned int) age.sec, 774 (unsigned int) age.usec); 775 os_memset(&fi, 0, sizeof(fi)); 776 ieee802_11_mgmt( 777 data, 778 wpabuf_head(data->mesh_pending_auth), 779 wpabuf_len(data->mesh_pending_auth), 780 &fi); 781 } 782 wpabuf_free(data->mesh_pending_auth); 783 data->mesh_pending_auth = NULL; 784 } 785 return; 786 } 787 788 if (conf->security == MESH_CONF_SEC_NONE) { 789 if (sta->plink_state < PLINK_OPN_SNT || 790 sta->plink_state > PLINK_ESTAB) 791 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); 792 } else { 793 mesh_rsn_auth_sae_sta(wpa_s, sta); 794 } 795 } 796 797 798 void mesh_mpm_mgmt_rx(struct wpa_supplicant *wpa_s, struct rx_mgmt *rx_mgmt) 799 { 800 struct hostapd_frame_info fi; 801 802 os_memset(&fi, 0, sizeof(fi)); 803 fi.datarate = rx_mgmt->datarate; 804 fi.ssi_signal = rx_mgmt->ssi_signal; 805 ieee802_11_mgmt(wpa_s->ifmsh->bss[0], rx_mgmt->frame, 806 rx_mgmt->frame_len, &fi); 807 } 808 809 810 static void mesh_mpm_plink_estab(struct wpa_supplicant *wpa_s, 811 struct sta_info *sta) 812 { 813 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 814 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 815 u8 seq[6] = {}; 816 817 wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR " established", 818 MAC2STR(sta->addr)); 819 820 if (conf->security & MESH_CONF_SEC_AMPE) { 821 wpa_hexdump_key(MSG_DEBUG, "mesh: MTK", sta->mtk, sta->mtk_len); 822 wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->pairwise_cipher), 823 sta->addr, 0, 0, seq, sizeof(seq), 824 sta->mtk, sta->mtk_len); 825 826 wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK Key RSC", 827 sta->mgtk_rsc, sizeof(sta->mgtk_rsc)); 828 wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK", 829 sta->mgtk, sta->mgtk_len); 830 wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->group_cipher), 831 sta->addr, sta->mgtk_key_id, 0, 832 sta->mgtk_rsc, sizeof(sta->mgtk_rsc), 833 sta->mgtk, sta->mgtk_len); 834 835 if (sta->igtk_len) { 836 wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK Key RSC", 837 sta->igtk_rsc, sizeof(sta->igtk_rsc)); 838 wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK", 839 sta->igtk, sta->igtk_len); 840 wpa_drv_set_key( 841 wpa_s, 842 wpa_cipher_to_alg(conf->mgmt_group_cipher), 843 sta->addr, sta->igtk_key_id, 0, 844 sta->igtk_rsc, sizeof(sta->igtk_rsc), 845 sta->igtk, sta->igtk_len); 846 } 847 } 848 849 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_ESTAB); 850 hapd->num_plinks++; 851 852 sta->flags |= WLAN_STA_ASSOC; 853 sta->mesh_sae_pmksa_caching = 0; 854 855 eloop_cancel_timeout(peer_add_timer, wpa_s, NULL); 856 peer_add_timer(wpa_s, NULL); 857 eloop_cancel_timeout(plink_timer, wpa_s, sta); 858 859 /* Send ctrl event */ 860 wpa_msg(wpa_s, MSG_INFO, MESH_PEER_CONNECTED MACSTR, 861 MAC2STR(sta->addr)); 862 863 /* Send D-Bus event */ 864 wpas_notify_mesh_peer_connected(wpa_s, sta->addr); 865 } 866 867 868 static void mesh_mpm_fsm(struct wpa_supplicant *wpa_s, struct sta_info *sta, 869 enum plink_event event, u16 reason) 870 { 871 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 872 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 873 874 wpa_msg(wpa_s, MSG_DEBUG, "MPM " MACSTR " state %s event %s", 875 MAC2STR(sta->addr), mplstate[sta->plink_state], 876 mplevent[event]); 877 878 switch (sta->plink_state) { 879 case PLINK_IDLE: 880 switch (event) { 881 case CLS_ACPT: 882 mesh_mpm_fsm_restart(wpa_s, sta); 883 break; 884 case OPN_ACPT: 885 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_RCVD); 886 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CONFIRM, 887 0); 888 break; 889 case REQ_RJCT: 890 mesh_mpm_send_plink_action(wpa_s, sta, 891 PLINK_CLOSE, reason); 892 break; 893 default: 894 break; 895 } 896 break; 897 case PLINK_OPN_SNT: 898 switch (event) { 899 case OPN_RJCT: 900 case CNF_RJCT: 901 if (!reason) 902 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; 903 /* fall-through */ 904 case CLS_ACPT: 905 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 906 if (!reason) 907 reason = WLAN_REASON_MESH_CLOSE_RCVD; 908 eloop_register_timeout( 909 conf->dot11MeshHoldingTimeout / 1000, 910 (conf->dot11MeshHoldingTimeout % 1000) * 1000, 911 plink_timer, wpa_s, sta); 912 mesh_mpm_send_plink_action(wpa_s, sta, 913 PLINK_CLOSE, reason); 914 break; 915 case OPN_ACPT: 916 /* retry timer is left untouched */ 917 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_OPN_RCVD); 918 mesh_mpm_send_plink_action(wpa_s, sta, 919 PLINK_CONFIRM, 0); 920 break; 921 case CNF_ACPT: 922 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_CNF_RCVD); 923 eloop_cancel_timeout(plink_timer, wpa_s, sta); 924 eloop_register_timeout( 925 conf->dot11MeshConfirmTimeout / 1000, 926 (conf->dot11MeshConfirmTimeout % 1000) * 1000, 927 plink_timer, wpa_s, sta); 928 break; 929 default: 930 break; 931 } 932 break; 933 case PLINK_OPN_RCVD: 934 switch (event) { 935 case OPN_RJCT: 936 case CNF_RJCT: 937 if (!reason) 938 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; 939 /* fall-through */ 940 case CLS_ACPT: 941 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 942 if (!reason) 943 reason = WLAN_REASON_MESH_CLOSE_RCVD; 944 eloop_register_timeout( 945 conf->dot11MeshHoldingTimeout / 1000, 946 (conf->dot11MeshHoldingTimeout % 1000) * 1000, 947 plink_timer, wpa_s, sta); 948 sta->mpm_close_reason = reason; 949 mesh_mpm_send_plink_action(wpa_s, sta, 950 PLINK_CLOSE, reason); 951 break; 952 case OPN_ACPT: 953 mesh_mpm_send_plink_action(wpa_s, sta, 954 PLINK_CONFIRM, 0); 955 break; 956 case CNF_ACPT: 957 if (conf->security & MESH_CONF_SEC_AMPE) 958 mesh_rsn_derive_mtk(wpa_s, sta); 959 mesh_mpm_plink_estab(wpa_s, sta); 960 break; 961 default: 962 break; 963 } 964 break; 965 case PLINK_CNF_RCVD: 966 switch (event) { 967 case OPN_RJCT: 968 case CNF_RJCT: 969 if (!reason) 970 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; 971 /* fall-through */ 972 case CLS_ACPT: 973 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 974 if (!reason) 975 reason = WLAN_REASON_MESH_CLOSE_RCVD; 976 eloop_register_timeout( 977 conf->dot11MeshHoldingTimeout / 1000, 978 (conf->dot11MeshHoldingTimeout % 1000) * 1000, 979 plink_timer, wpa_s, sta); 980 sta->mpm_close_reason = reason; 981 mesh_mpm_send_plink_action(wpa_s, sta, 982 PLINK_CLOSE, reason); 983 break; 984 case OPN_ACPT: 985 if (conf->security & MESH_CONF_SEC_AMPE) 986 mesh_rsn_derive_mtk(wpa_s, sta); 987 mesh_mpm_plink_estab(wpa_s, sta); 988 mesh_mpm_send_plink_action(wpa_s, sta, 989 PLINK_CONFIRM, 0); 990 break; 991 default: 992 break; 993 } 994 break; 995 case PLINK_ESTAB: 996 switch (event) { 997 case OPN_RJCT: 998 case CNF_RJCT: 999 case CLS_ACPT: 1000 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 1001 if (!reason) 1002 reason = WLAN_REASON_MESH_CLOSE_RCVD; 1003 1004 eloop_register_timeout( 1005 conf->dot11MeshHoldingTimeout / 1000, 1006 (conf->dot11MeshHoldingTimeout % 1000) * 1000, 1007 plink_timer, wpa_s, sta); 1008 sta->mpm_close_reason = reason; 1009 1010 wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR 1011 " closed with reason %d", 1012 MAC2STR(sta->addr), reason); 1013 1014 wpa_msg(wpa_s, MSG_INFO, MESH_PEER_DISCONNECTED MACSTR, 1015 MAC2STR(sta->addr)); 1016 1017 /* Send D-Bus event */ 1018 wpas_notify_mesh_peer_disconnected(wpa_s, sta->addr, 1019 reason); 1020 1021 hapd->num_plinks--; 1022 1023 mesh_mpm_send_plink_action(wpa_s, sta, 1024 PLINK_CLOSE, reason); 1025 break; 1026 case OPN_ACPT: 1027 mesh_mpm_send_plink_action(wpa_s, sta, 1028 PLINK_CONFIRM, 0); 1029 break; 1030 default: 1031 break; 1032 } 1033 break; 1034 case PLINK_HOLDING: 1035 switch (event) { 1036 case CLS_ACPT: 1037 mesh_mpm_fsm_restart(wpa_s, sta); 1038 break; 1039 case OPN_ACPT: 1040 case CNF_ACPT: 1041 case OPN_RJCT: 1042 case CNF_RJCT: 1043 reason = sta->mpm_close_reason; 1044 mesh_mpm_send_plink_action(wpa_s, sta, 1045 PLINK_CLOSE, reason); 1046 break; 1047 default: 1048 break; 1049 } 1050 break; 1051 default: 1052 wpa_msg(wpa_s, MSG_DEBUG, 1053 "Unsupported MPM event %s for state %s", 1054 mplevent[event], mplstate[sta->plink_state]); 1055 break; 1056 } 1057 } 1058 1059 1060 void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s, 1061 const struct ieee80211_mgmt *mgmt, size_t len) 1062 { 1063 u8 action_field; 1064 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 1065 struct mesh_conf *mconf = wpa_s->ifmsh->mconf; 1066 struct sta_info *sta; 1067 u16 plid = 0, llid = 0, aid = 0; 1068 enum plink_event event; 1069 struct ieee802_11_elems elems; 1070 struct mesh_peer_mgmt_ie peer_mgmt_ie; 1071 const u8 *ies; 1072 size_t ie_len; 1073 int ret; 1074 u16 reason = 0; 1075 1076 if (mgmt->u.action.category != WLAN_ACTION_SELF_PROTECTED) 1077 return; 1078 1079 action_field = mgmt->u.action.u.slf_prot_action.action; 1080 if (action_field != PLINK_OPEN && 1081 action_field != PLINK_CONFIRM && 1082 action_field != PLINK_CLOSE) 1083 return; 1084 1085 ies = mgmt->u.action.u.slf_prot_action.variable; 1086 ie_len = (const u8 *) mgmt + len - 1087 mgmt->u.action.u.slf_prot_action.variable; 1088 1089 /* at least expect mesh id and peering mgmt */ 1090 if (ie_len < 2 + 2) { 1091 wpa_printf(MSG_DEBUG, 1092 "MPM: Ignore too short action frame %u ie_len %u", 1093 action_field, (unsigned int) ie_len); 1094 return; 1095 } 1096 wpa_printf(MSG_DEBUG, "MPM: Received PLINK action %u", action_field); 1097 1098 if (action_field == PLINK_OPEN || action_field == PLINK_CONFIRM) { 1099 wpa_printf(MSG_DEBUG, "MPM: Capability 0x%x", 1100 WPA_GET_LE16(ies)); 1101 ies += 2; /* capability */ 1102 ie_len -= 2; 1103 } 1104 if (action_field == PLINK_CONFIRM) { 1105 aid = WPA_GET_LE16(ies); 1106 wpa_printf(MSG_DEBUG, "MPM: AID 0x%x", aid); 1107 ies += 2; /* aid */ 1108 ie_len -= 2; 1109 } 1110 1111 /* check for mesh peering, mesh id and mesh config IEs */ 1112 if (ieee802_11_parse_elems(ies, ie_len, &elems, 0) == ParseFailed) { 1113 wpa_printf(MSG_DEBUG, "MPM: Failed to parse PLINK IEs"); 1114 return; 1115 } 1116 if (!elems.peer_mgmt) { 1117 wpa_printf(MSG_DEBUG, 1118 "MPM: No Mesh Peering Management element"); 1119 return; 1120 } 1121 if (action_field != PLINK_CLOSE) { 1122 if (!elems.mesh_id || !elems.mesh_config) { 1123 wpa_printf(MSG_DEBUG, 1124 "MPM: No Mesh ID or Mesh Configuration element"); 1125 return; 1126 } 1127 1128 if (!matches_local(wpa_s, &elems)) { 1129 wpa_printf(MSG_DEBUG, 1130 "MPM: Mesh ID or Mesh Configuration element do not match local MBSS"); 1131 return; 1132 } 1133 } 1134 1135 ret = mesh_mpm_parse_peer_mgmt(wpa_s, action_field, 1136 elems.peer_mgmt, 1137 elems.peer_mgmt_len, 1138 &peer_mgmt_ie); 1139 if (ret) { 1140 wpa_printf(MSG_DEBUG, "MPM: Mesh parsing rejected frame"); 1141 return; 1142 } 1143 1144 /* the sender's llid is our plid and vice-versa */ 1145 plid = WPA_GET_LE16(peer_mgmt_ie.llid); 1146 if (peer_mgmt_ie.plid) 1147 llid = WPA_GET_LE16(peer_mgmt_ie.plid); 1148 wpa_printf(MSG_DEBUG, "MPM: plid=0x%x llid=0x%x", plid, llid); 1149 1150 if (action_field == PLINK_CLOSE) 1151 wpa_printf(MSG_DEBUG, "MPM: close reason=%u", 1152 WPA_GET_LE16(peer_mgmt_ie.reason)); 1153 1154 sta = ap_get_sta(hapd, mgmt->sa); 1155 1156 /* 1157 * If this is an open frame from an unknown STA, and this is an 1158 * open mesh, then go ahead and add the peer before proceeding. 1159 */ 1160 if (!sta && action_field == PLINK_OPEN && 1161 (!(mconf->security & MESH_CONF_SEC_AMPE) || 1162 wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa, NULL))) 1163 sta = mesh_mpm_add_peer(wpa_s, mgmt->sa, &elems); 1164 1165 if (!sta) { 1166 wpa_printf(MSG_DEBUG, "MPM: No STA entry for peer"); 1167 return; 1168 } 1169 1170 #ifdef CONFIG_SAE 1171 /* peer is in sae_accepted? */ 1172 if (sta->sae && sta->sae->state != SAE_ACCEPTED) { 1173 wpa_printf(MSG_DEBUG, "MPM: SAE not yet accepted for peer"); 1174 return; 1175 } 1176 #endif /* CONFIG_SAE */ 1177 1178 if (!sta->my_lid) 1179 mesh_mpm_init_link(wpa_s, sta); 1180 1181 if (mconf->security & MESH_CONF_SEC_AMPE) { 1182 int res; 1183 1184 res = mesh_rsn_process_ampe(wpa_s, sta, &elems, 1185 &mgmt->u.action.category, 1186 peer_mgmt_ie.chosen_pmk, 1187 ies, ie_len); 1188 if (res) { 1189 wpa_printf(MSG_DEBUG, 1190 "MPM: RSN process rejected frame (res=%d)", 1191 res); 1192 if (action_field == PLINK_OPEN && res == -2) { 1193 /* AES-SIV decryption failed */ 1194 mesh_mpm_fsm(wpa_s, sta, OPN_RJCT, 1195 WLAN_REASON_MESH_INVALID_GTK); 1196 } 1197 return; 1198 } 1199 } 1200 1201 if (sta->plink_state == PLINK_BLOCKED) { 1202 wpa_printf(MSG_DEBUG, "MPM: PLINK_BLOCKED"); 1203 return; 1204 } 1205 1206 /* Now we will figure out the appropriate event... */ 1207 switch (action_field) { 1208 case PLINK_OPEN: 1209 if (plink_free_count(hapd) == 0) { 1210 event = REQ_RJCT; 1211 reason = WLAN_REASON_MESH_MAX_PEERS; 1212 wpa_printf(MSG_INFO, 1213 "MPM: Peer link num over quota(%d)", 1214 hapd->max_plinks); 1215 } else if (sta->peer_lid && sta->peer_lid != plid) { 1216 wpa_printf(MSG_DEBUG, 1217 "MPM: peer_lid mismatch: 0x%x != 0x%x", 1218 sta->peer_lid, plid); 1219 return; /* no FSM event */ 1220 } else { 1221 sta->peer_lid = plid; 1222 event = OPN_ACPT; 1223 } 1224 break; 1225 case PLINK_CONFIRM: 1226 if (plink_free_count(hapd) == 0) { 1227 event = REQ_RJCT; 1228 reason = WLAN_REASON_MESH_MAX_PEERS; 1229 wpa_printf(MSG_INFO, 1230 "MPM: Peer link num over quota(%d)", 1231 hapd->max_plinks); 1232 } else if (sta->my_lid != llid || 1233 (sta->peer_lid && sta->peer_lid != plid)) { 1234 wpa_printf(MSG_DEBUG, 1235 "MPM: lid mismatch: my_lid: 0x%x != 0x%x or peer_lid: 0x%x != 0x%x", 1236 sta->my_lid, llid, sta->peer_lid, plid); 1237 return; /* no FSM event */ 1238 } else { 1239 if (!sta->peer_lid) 1240 sta->peer_lid = plid; 1241 sta->peer_aid = aid; 1242 event = CNF_ACPT; 1243 } 1244 break; 1245 case PLINK_CLOSE: 1246 if (sta->plink_state == PLINK_ESTAB) 1247 /* Do not check for llid or plid. This does not 1248 * follow the standard but since multiple plinks 1249 * per cand are not supported, it is necessary in 1250 * order to avoid a livelock when MP A sees an 1251 * establish peer link to MP B but MP B does not 1252 * see it. This can be caused by a timeout in 1253 * B's peer link establishment or B being 1254 * restarted. 1255 */ 1256 event = CLS_ACPT; 1257 else if (sta->peer_lid != plid) { 1258 wpa_printf(MSG_DEBUG, 1259 "MPM: peer_lid mismatch: 0x%x != 0x%x", 1260 sta->peer_lid, plid); 1261 return; /* no FSM event */ 1262 } else if (peer_mgmt_ie.plid && sta->my_lid != llid) { 1263 wpa_printf(MSG_DEBUG, 1264 "MPM: my_lid mismatch: 0x%x != 0x%x", 1265 sta->my_lid, llid); 1266 return; /* no FSM event */ 1267 } else { 1268 event = CLS_ACPT; 1269 } 1270 break; 1271 default: 1272 /* 1273 * This cannot be hit due to the action_field check above, but 1274 * compilers may not be able to figure that out and can warn 1275 * about uninitialized event below. 1276 */ 1277 return; 1278 } 1279 mesh_mpm_fsm(wpa_s, sta, event, reason); 1280 } 1281 1282 1283 /* called by ap_free_sta */ 1284 void mesh_mpm_free_sta(struct hostapd_data *hapd, struct sta_info *sta) 1285 { 1286 if (sta->plink_state == PLINK_ESTAB) 1287 hapd->num_plinks--; 1288 eloop_cancel_timeout(plink_timer, ELOOP_ALL_CTX, sta); 1289 eloop_cancel_timeout(mesh_auth_timer, ELOOP_ALL_CTX, sta); 1290 } 1291