1 /* 2 * hostapd / IEEE 802.11 Management: Beacon and Probe Request/Response 3 * Copyright (c) 2002-2004, Instant802 Networks, Inc. 4 * Copyright (c) 2005-2006, Devicescape Software, Inc. 5 * Copyright (c) 2008-2012, Jouni Malinen <j@w1.fi> 6 * 7 * This software may be distributed under the terms of the BSD license. 8 * See README for more details. 9 */ 10 11 #include "utils/includes.h" 12 13 #ifndef CONFIG_NATIVE_WINDOWS 14 15 #include "utils/common.h" 16 #include "common/ieee802_11_defs.h" 17 #include "common/ieee802_11_common.h" 18 #include "common/hw_features_common.h" 19 #include "common/wpa_ctrl.h" 20 #include "crypto/sha1.h" 21 #include "wps/wps_defs.h" 22 #include "p2p/p2p.h" 23 #include "hostapd.h" 24 #include "ieee802_11.h" 25 #include "wpa_auth.h" 26 #include "wmm.h" 27 #include "ap_config.h" 28 #include "sta_info.h" 29 #include "p2p_hostapd.h" 30 #include "ap_drv_ops.h" 31 #include "beacon.h" 32 #include "hs20.h" 33 #include "dfs.h" 34 #include "taxonomy.h" 35 #include "ieee802_11_auth.h" 36 37 38 #ifdef NEED_AP_MLME 39 hostapd_eid_bss_load(struct hostapd_data * hapd,u8 * eid,size_t len)40 static u8 * hostapd_eid_bss_load(struct hostapd_data *hapd, u8 *eid, size_t len) 41 { 42 if (len < 2 + 5) 43 return eid; 44 45 #ifdef CONFIG_TESTING_OPTIONS 46 if (hapd->conf->bss_load_test_set) { 47 *eid++ = WLAN_EID_BSS_LOAD; 48 *eid++ = 5; 49 os_memcpy(eid, hapd->conf->bss_load_test, 5); 50 eid += 5; 51 return eid; 52 } 53 #endif /* CONFIG_TESTING_OPTIONS */ 54 if (hapd->conf->bss_load_update_period) { 55 *eid++ = WLAN_EID_BSS_LOAD; 56 *eid++ = 5; 57 WPA_PUT_LE16(eid, hapd->num_sta); 58 eid += 2; 59 *eid++ = hapd->iface->channel_utilization; 60 WPA_PUT_LE16(eid, 0); /* no available admission capabity */ 61 eid += 2; 62 } 63 return eid; 64 } 65 66 ieee802_11_erp_info(struct hostapd_data * hapd)67 static u8 ieee802_11_erp_info(struct hostapd_data *hapd) 68 { 69 u8 erp = 0; 70 71 if (hapd->iface->current_mode == NULL || 72 hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) 73 return 0; 74 75 if (hapd->iface->olbc) 76 erp |= ERP_INFO_USE_PROTECTION; 77 if (hapd->iface->num_sta_non_erp > 0) { 78 erp |= ERP_INFO_NON_ERP_PRESENT | 79 ERP_INFO_USE_PROTECTION; 80 } 81 if (hapd->iface->num_sta_no_short_preamble > 0 || 82 hapd->iconf->preamble == LONG_PREAMBLE) 83 erp |= ERP_INFO_BARKER_PREAMBLE_MODE; 84 85 return erp; 86 } 87 88 hostapd_eid_ds_params(struct hostapd_data * hapd,u8 * eid)89 static u8 * hostapd_eid_ds_params(struct hostapd_data *hapd, u8 *eid) 90 { 91 enum hostapd_hw_mode hw_mode = hapd->iconf->hw_mode; 92 93 if (hw_mode != HOSTAPD_MODE_IEEE80211G && 94 hw_mode != HOSTAPD_MODE_IEEE80211B) 95 return eid; 96 97 *eid++ = WLAN_EID_DS_PARAMS; 98 *eid++ = 1; 99 *eid++ = hapd->iconf->channel; 100 return eid; 101 } 102 103 hostapd_eid_erp_info(struct hostapd_data * hapd,u8 * eid)104 static u8 * hostapd_eid_erp_info(struct hostapd_data *hapd, u8 *eid) 105 { 106 if (hapd->iface->current_mode == NULL || 107 hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) 108 return eid; 109 110 /* Set NonERP_present and use_protection bits if there 111 * are any associated NonERP stations. */ 112 /* TODO: use_protection bit can be set to zero even if 113 * there are NonERP stations present. This optimization 114 * might be useful if NonERP stations are "quiet". 115 * See 802.11g/D6 E-1 for recommended practice. 116 * In addition, Non ERP present might be set, if AP detects Non ERP 117 * operation on other APs. */ 118 119 /* Add ERP Information element */ 120 *eid++ = WLAN_EID_ERP_INFO; 121 *eid++ = 1; 122 *eid++ = ieee802_11_erp_info(hapd); 123 124 return eid; 125 } 126 127 hostapd_eid_pwr_constraint(struct hostapd_data * hapd,u8 * eid)128 static u8 * hostapd_eid_pwr_constraint(struct hostapd_data *hapd, u8 *eid) 129 { 130 u8 *pos = eid; 131 u8 local_pwr_constraint = 0; 132 int dfs; 133 134 if (hapd->iface->current_mode == NULL || 135 hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211A) 136 return eid; 137 138 /* Let host drivers add this IE if DFS support is offloaded */ 139 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD) 140 return eid; 141 142 /* 143 * There is no DFS support and power constraint was not directly 144 * requested by config option. 145 */ 146 if (!hapd->iconf->ieee80211h && 147 hapd->iconf->local_pwr_constraint == -1) 148 return eid; 149 150 /* Check if DFS is required by regulatory. */ 151 dfs = hostapd_is_dfs_required(hapd->iface); 152 if (dfs < 0) { 153 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d", 154 dfs); 155 dfs = 0; 156 } 157 158 if (dfs == 0 && hapd->iconf->local_pwr_constraint == -1) 159 return eid; 160 161 /* 162 * ieee80211h (DFS) is enabled so Power Constraint element shall 163 * be added when running on DFS channel whenever local_pwr_constraint 164 * is configured or not. In order to meet regulations when TPC is not 165 * implemented using a transmit power that is below the legal maximum 166 * (including any mitigation factor) should help. In this case, 167 * indicate 3 dB below maximum allowed transmit power. 168 */ 169 if (hapd->iconf->local_pwr_constraint == -1) 170 local_pwr_constraint = 3; 171 172 /* 173 * A STA that is not an AP shall use a transmit power less than or 174 * equal to the local maximum transmit power level for the channel. 175 * The local maximum transmit power can be calculated from the formula: 176 * local max TX pwr = max TX pwr - local pwr constraint 177 * Where max TX pwr is maximum transmit power level specified for 178 * channel in Country element and local pwr constraint is specified 179 * for channel in this Power Constraint element. 180 */ 181 182 /* Element ID */ 183 *pos++ = WLAN_EID_PWR_CONSTRAINT; 184 /* Length */ 185 *pos++ = 1; 186 /* Local Power Constraint */ 187 if (local_pwr_constraint) 188 *pos++ = local_pwr_constraint; 189 else 190 *pos++ = hapd->iconf->local_pwr_constraint; 191 192 return pos; 193 } 194 195 hostapd_eid_country_add(struct hostapd_data * hapd,u8 * pos,u8 * end,int chan_spacing,struct hostapd_channel_data * start,struct hostapd_channel_data * prev)196 static u8 * hostapd_eid_country_add(struct hostapd_data *hapd, u8 *pos, 197 u8 *end, int chan_spacing, 198 struct hostapd_channel_data *start, 199 struct hostapd_channel_data *prev) 200 { 201 if (end - pos < 3) 202 return pos; 203 204 /* first channel number */ 205 *pos++ = start->chan; 206 /* number of channels */ 207 *pos++ = (prev->chan - start->chan) / chan_spacing + 1; 208 /* maximum transmit power level */ 209 if (!is_6ghz_op_class(hapd->iconf->op_class)) 210 *pos++ = start->max_tx_power; 211 else 212 *pos++ = 0; /* Reserved when operating on the 6 GHz band */ 213 214 return pos; 215 } 216 217 hostapd_fill_subband_triplets(struct hostapd_data * hapd,u8 * pos,u8 * end)218 static u8 * hostapd_fill_subband_triplets(struct hostapd_data *hapd, u8 *pos, 219 u8 *end) 220 { 221 int i; 222 struct hostapd_hw_modes *mode; 223 struct hostapd_channel_data *start, *prev; 224 int chan_spacing = 1; 225 226 mode = hapd->iface->current_mode; 227 if (mode->mode == HOSTAPD_MODE_IEEE80211A) 228 chan_spacing = 4; 229 230 start = prev = NULL; 231 for (i = 0; i < mode->num_channels; i++) { 232 struct hostapd_channel_data *chan = &mode->channels[i]; 233 if (chan->flag & HOSTAPD_CHAN_DISABLED) 234 continue; 235 if (start && prev && 236 prev->chan + chan_spacing == chan->chan && 237 start->max_tx_power == chan->max_tx_power) { 238 prev = chan; 239 continue; /* can use same entry */ 240 } 241 242 if (start && prev) 243 pos = hostapd_eid_country_add(hapd, pos, end, 244 chan_spacing, 245 start, prev); 246 247 /* Start new group */ 248 start = prev = chan; 249 } 250 251 if (start) { 252 pos = hostapd_eid_country_add(hapd, pos, end, chan_spacing, 253 start, prev); 254 } 255 256 return pos; 257 } 258 259 hostapd_eid_country(struct hostapd_data * hapd,u8 * eid,int max_len)260 static u8 * hostapd_eid_country(struct hostapd_data *hapd, u8 *eid, 261 int max_len) 262 { 263 u8 *pos = eid; 264 u8 *end = eid + max_len; 265 bool force_global; 266 267 if (!hapd->iconf->ieee80211d || max_len < 6 || 268 hapd->iface->current_mode == NULL) 269 return eid; 270 271 *pos++ = WLAN_EID_COUNTRY; 272 pos++; /* length will be set later */ 273 os_memcpy(pos, hapd->iconf->country, 3); /* e.g., 'US ' */ 274 pos += 3; 275 276 /* The 6 GHz band uses global operating classes */ 277 force_global = is_6ghz_op_class(hapd->iconf->op_class); 278 279 #ifdef CONFIG_MBO 280 /* Wi-Fi Agile Muiltiband AP is required to use a global operating 281 * class. */ 282 if (hapd->conf->mbo_enabled) 283 force_global = true; 284 #endif /* CONFIG_MBO */ 285 286 if (force_global) { 287 /* Force the third octet of the country string to indicate 288 * Global Operating Class (Table E-4) */ 289 eid[4] = 0x04; 290 } 291 292 if (is_6ghz_op_class(hapd->iconf->op_class)) { 293 /* Operating Triplet field */ 294 /* Operating Extension Identifier (>= 201 to indicate this is 295 * not a Subband Triplet field) */ 296 *pos++ = 201; 297 /* Operating Class */ 298 *pos++ = hapd->iconf->op_class; 299 /* Coverage Class */ 300 *pos++ = 0; 301 /* Subband Triplets are required only for the 20 MHz case */ 302 if (hapd->iconf->op_class == 131 || 303 hapd->iconf->op_class == 136) 304 pos = hostapd_fill_subband_triplets(hapd, pos, end); 305 } else { 306 pos = hostapd_fill_subband_triplets(hapd, pos, end); 307 } 308 309 if ((pos - eid) & 1) { 310 if (end - pos < 1) 311 return eid; 312 *pos++ = 0; /* pad for 16-bit alignment */ 313 } 314 315 eid[1] = (pos - eid) - 2; 316 317 return pos; 318 } 319 320 hostapd_wpa_ie(struct hostapd_data * hapd,u8 eid)321 const u8 * hostapd_wpa_ie(struct hostapd_data *hapd, u8 eid) 322 { 323 const u8 *ies; 324 size_t ies_len; 325 326 ies = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ies_len); 327 if (!ies) 328 return NULL; 329 330 return get_ie(ies, ies_len, eid); 331 } 332 333 hostapd_vendor_wpa_ie(struct hostapd_data * hapd,u32 vendor_type)334 static const u8 * hostapd_vendor_wpa_ie(struct hostapd_data *hapd, 335 u32 vendor_type) 336 { 337 const u8 *ies; 338 size_t ies_len; 339 340 ies = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ies_len); 341 if (!ies) 342 return NULL; 343 344 return get_vendor_ie(ies, ies_len, vendor_type); 345 } 346 347 hostapd_get_rsne(struct hostapd_data * hapd,u8 * pos,size_t len)348 static u8 * hostapd_get_rsne(struct hostapd_data *hapd, u8 *pos, size_t len) 349 { 350 const u8 *ie; 351 352 ie = hostapd_wpa_ie(hapd, WLAN_EID_RSN); 353 if (!ie || 2U + ie[1] > len) 354 return pos; 355 356 os_memcpy(pos, ie, 2 + ie[1]); 357 return pos + 2 + ie[1]; 358 } 359 360 hostapd_get_mde(struct hostapd_data * hapd,u8 * pos,size_t len)361 static u8 * hostapd_get_mde(struct hostapd_data *hapd, u8 *pos, size_t len) 362 { 363 const u8 *ie; 364 365 ie = hostapd_wpa_ie(hapd, WLAN_EID_MOBILITY_DOMAIN); 366 if (!ie || 2U + ie[1] > len) 367 return pos; 368 369 os_memcpy(pos, ie, 2 + ie[1]); 370 return pos + 2 + ie[1]; 371 } 372 373 hostapd_get_rsnxe(struct hostapd_data * hapd,u8 * pos,size_t len)374 static u8 * hostapd_get_rsnxe(struct hostapd_data *hapd, u8 *pos, size_t len) 375 { 376 const u8 *ie; 377 378 #ifdef CONFIG_TESTING_OPTIONS 379 if (hapd->conf->no_beacon_rsnxe) { 380 wpa_printf(MSG_INFO, "TESTING: Do not add RSNXE into Beacon"); 381 return pos; 382 } 383 #endif /* CONFIG_TESTING_OPTIONS */ 384 ie = hostapd_wpa_ie(hapd, WLAN_EID_RSNX); 385 if (!ie || 2U + ie[1] > len) 386 return pos; 387 388 os_memcpy(pos, ie, 2 + ie[1]); 389 return pos + 2 + ie[1]; 390 } 391 392 hostapd_get_wpa_ie(struct hostapd_data * hapd,u8 * pos,size_t len)393 static u8 * hostapd_get_wpa_ie(struct hostapd_data *hapd, u8 *pos, size_t len) 394 { 395 const u8 *ie; 396 397 ie = hostapd_vendor_wpa_ie(hapd, WPA_IE_VENDOR_TYPE); 398 if (!ie || 2U + ie[1] > len) 399 return pos; 400 401 os_memcpy(pos, ie, 2 + ie[1]); 402 return pos + 2 + ie[1]; 403 } 404 405 hostapd_get_rsne_override(struct hostapd_data * hapd,u8 * pos,size_t len)406 static u8 * hostapd_get_rsne_override(struct hostapd_data *hapd, u8 *pos, 407 size_t len) 408 { 409 const u8 *ie; 410 411 ie = hostapd_vendor_wpa_ie(hapd, RSNE_OVERRIDE_IE_VENDOR_TYPE); 412 if (!ie || 2U + ie[1] > len) 413 return pos; 414 415 os_memcpy(pos, ie, 2 + ie[1]); 416 return pos + 2 + ie[1]; 417 } 418 419 hostapd_get_rsne_override_2(struct hostapd_data * hapd,u8 * pos,size_t len)420 static u8 * hostapd_get_rsne_override_2(struct hostapd_data *hapd, u8 *pos, 421 size_t len) 422 { 423 const u8 *ie; 424 425 ie = hostapd_vendor_wpa_ie(hapd, RSNE_OVERRIDE_2_IE_VENDOR_TYPE); 426 if (!ie || 2U + ie[1] > len) 427 return pos; 428 429 os_memcpy(pos, ie, 2 + ie[1]); 430 return pos + 2 + ie[1]; 431 } 432 433 hostapd_get_rsnxe_override(struct hostapd_data * hapd,u8 * pos,size_t len)434 static u8 * hostapd_get_rsnxe_override(struct hostapd_data *hapd, u8 *pos, 435 size_t len) 436 { 437 const u8 *ie; 438 439 ie = hostapd_vendor_wpa_ie(hapd, RSNXE_OVERRIDE_IE_VENDOR_TYPE); 440 if (!ie || 2U + ie[1] > len) 441 return pos; 442 443 os_memcpy(pos, ie, 2 + ie[1]); 444 return pos + 2 + ie[1]; 445 } 446 447 hostapd_get_rsne_override_len(struct hostapd_data * hapd)448 static size_t hostapd_get_rsne_override_len(struct hostapd_data *hapd) 449 { 450 const u8 *ie; 451 452 ie = hostapd_vendor_wpa_ie(hapd, RSNE_OVERRIDE_IE_VENDOR_TYPE); 453 if (!ie) 454 return 0; 455 return 2 + ie[1]; 456 } 457 458 hostapd_get_rsne_override_2_len(struct hostapd_data * hapd)459 static size_t hostapd_get_rsne_override_2_len(struct hostapd_data *hapd) 460 { 461 const u8 *ie; 462 463 ie = hostapd_vendor_wpa_ie(hapd, RSNE_OVERRIDE_2_IE_VENDOR_TYPE); 464 if (!ie) 465 return 0; 466 return 2 + ie[1]; 467 } 468 469 hostapd_get_rsnxe_override_len(struct hostapd_data * hapd)470 static size_t hostapd_get_rsnxe_override_len(struct hostapd_data *hapd) 471 { 472 const u8 *ie; 473 474 ie = hostapd_vendor_wpa_ie(hapd, RSNXE_OVERRIDE_IE_VENDOR_TYPE); 475 if (!ie) 476 return 0; 477 return 2 + ie[1]; 478 } 479 480 hostapd_eid_csa(struct hostapd_data * hapd,u8 * eid)481 static u8 * hostapd_eid_csa(struct hostapd_data *hapd, u8 *eid) 482 { 483 #ifdef CONFIG_TESTING_OPTIONS 484 if (hapd->iface->cs_oper_class && hapd->iconf->ecsa_ie_only) 485 return eid; 486 #endif /* CONFIG_TESTING_OPTIONS */ 487 488 if (!hapd->cs_freq_params.channel) 489 return eid; 490 491 *eid++ = WLAN_EID_CHANNEL_SWITCH; 492 *eid++ = 3; 493 *eid++ = hapd->cs_block_tx; 494 *eid++ = hapd->cs_freq_params.channel; 495 *eid++ = hapd->cs_count; 496 497 return eid; 498 } 499 500 hostapd_eid_ecsa(struct hostapd_data * hapd,u8 * eid)501 static u8 * hostapd_eid_ecsa(struct hostapd_data *hapd, u8 *eid) 502 { 503 if (!hapd->cs_freq_params.channel || !hapd->iface->cs_oper_class) 504 return eid; 505 506 #ifdef CONFIG_TESTING_OPTIONS 507 if (hapd->iconf->csa_ie_only) 508 return eid; 509 #endif /* CONFIG_TESTING_OPTIONS */ 510 511 *eid++ = WLAN_EID_EXT_CHANSWITCH_ANN; 512 *eid++ = 4; 513 *eid++ = hapd->cs_block_tx; 514 *eid++ = hapd->iface->cs_oper_class; 515 *eid++ = hapd->cs_freq_params.channel; 516 *eid++ = hapd->cs_count; 517 518 return eid; 519 } 520 521 hostapd_eid_max_cs_time(struct hostapd_data * hapd,u8 * eid)522 static u8 * hostapd_eid_max_cs_time(struct hostapd_data *hapd, u8 *eid) 523 { 524 #ifdef CONFIG_IEEE80211BE 525 u32 switch_time; 526 527 /* Add Max Channel Switch Time element only if this AP is affiliated 528 * with an AP MLD and channel switch is in process. */ 529 if (!hapd->conf->mld_ap || !hapd->cs_freq_params.channel) 530 return eid; 531 532 /* Switch time is basically time between CSA count 1 and CSA count 533 * 0 (1 beacon interval) + time for interface restart + time to 534 * send a Beacon frame in the new channel (1 beacon interval). 535 * 536 * TODO: Use dynamic interface restart time. For now, assume 1 sec. 537 */ 538 switch_time = USEC_TO_TU(1000 * 1000) + 2 * hapd->iconf->beacon_int; 539 540 *eid++ = WLAN_EID_EXTENSION; 541 *eid++ = 4; 542 *eid++ = WLAN_EID_EXT_MAX_CHANNEL_SWITCH_TIME; 543 WPA_PUT_LE24(eid, switch_time); 544 eid += 3; 545 #endif /* CONFIG_IEEE80211BE */ 546 547 return eid; 548 } 549 550 hostapd_eid_supported_op_classes(struct hostapd_data * hapd,u8 * eid)551 static u8 * hostapd_eid_supported_op_classes(struct hostapd_data *hapd, u8 *eid) 552 { 553 u8 op_class, channel; 554 555 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_CSA) || 556 !hapd->iface->freq) 557 return eid; 558 559 if (ieee80211_freq_to_channel_ext(hapd->iface->freq, 560 hapd->iconf->secondary_channel, 561 hostapd_get_oper_chwidth(hapd->iconf), 562 &op_class, &channel) == 563 NUM_HOSTAPD_MODES) 564 return eid; 565 566 *eid++ = WLAN_EID_SUPPORTED_OPERATING_CLASSES; 567 *eid++ = 2; 568 569 /* Current Operating Class */ 570 *eid++ = op_class; 571 572 /* TODO: Advertise all the supported operating classes */ 573 *eid++ = 0; 574 575 return eid; 576 } 577 578 579 static int ieee802_11_build_ap_params_mbssid(struct hostapd_data * hapd,struct wpa_driver_ap_params * params)580 ieee802_11_build_ap_params_mbssid(struct hostapd_data *hapd, 581 struct wpa_driver_ap_params *params) 582 { 583 struct hostapd_iface *iface = hapd->iface; 584 struct hostapd_data *tx_bss; 585 size_t len, rnr_len = 0; 586 u8 elem_count = 0, *elem = NULL, **elem_offset = NULL, *end; 587 u8 rnr_elem_count = 0, *rnr_elem = NULL, **rnr_elem_offset = NULL; 588 589 if (!iface->mbssid_max_interfaces || 590 iface->num_bss > iface->mbssid_max_interfaces || 591 (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED && 592 !iface->ema_max_periodicity)) 593 goto fail; 594 595 tx_bss = hostapd_mbssid_get_tx_bss(hapd); 596 len = hostapd_eid_mbssid_len(tx_bss, WLAN_FC_STYPE_BEACON, &elem_count, 597 NULL, 0, &rnr_len); 598 if (!len || (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED && 599 elem_count > iface->ema_max_periodicity)) 600 goto fail; 601 602 elem = os_zalloc(len); 603 if (!elem) 604 goto fail; 605 606 elem_offset = os_zalloc(elem_count * sizeof(u8 *)); 607 if (!elem_offset) 608 goto fail; 609 610 if (rnr_len) { 611 rnr_elem = os_zalloc(rnr_len); 612 if (!rnr_elem) 613 goto fail; 614 615 rnr_elem_offset = os_calloc(elem_count + 1, sizeof(u8 *)); 616 if (!rnr_elem_offset) 617 goto fail; 618 } 619 620 end = hostapd_eid_mbssid(tx_bss, elem, elem + len, WLAN_FC_STYPE_BEACON, 621 elem_count, elem_offset, NULL, 0, rnr_elem, 622 &rnr_elem_count, rnr_elem_offset, rnr_len); 623 624 params->mbssid_tx_iface = tx_bss->conf->iface; 625 params->mbssid_index = hostapd_mbssid_get_bss_index(hapd); 626 params->mbssid_elem = elem; 627 params->mbssid_elem_len = end - elem; 628 params->mbssid_elem_count = elem_count; 629 params->mbssid_elem_offset = elem_offset; 630 params->rnr_elem = rnr_elem; 631 params->rnr_elem_len = rnr_len; 632 params->rnr_elem_count = rnr_elem_count; 633 params->rnr_elem_offset = rnr_elem_offset; 634 if (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED) 635 params->ema = true; 636 637 return 0; 638 639 fail: 640 os_free(rnr_elem); 641 os_free(rnr_elem_offset); 642 os_free(elem_offset); 643 os_free(elem); 644 wpa_printf(MSG_ERROR, "MBSSID: Configuration failed"); 645 return -1; 646 } 647 648 hostapd_eid_mbssid_config(struct hostapd_data * hapd,u8 * eid,u8 mbssid_elem_count)649 static u8 * hostapd_eid_mbssid_config(struct hostapd_data *hapd, u8 *eid, 650 u8 mbssid_elem_count) 651 { 652 struct hostapd_iface *iface = hapd->iface; 653 654 if (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED) { 655 *eid++ = WLAN_EID_EXTENSION; 656 *eid++ = 3; 657 *eid++ = WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION; 658 *eid++ = iface->num_bss; 659 *eid++ = mbssid_elem_count; 660 } 661 662 return eid; 663 } 664 665 he_elem_len(struct hostapd_data * hapd)666 static size_t he_elem_len(struct hostapd_data *hapd) 667 { 668 size_t len = 0; 669 670 #ifdef CONFIG_IEEE80211AX 671 if (!hapd->iconf->ieee80211ax || hapd->conf->disable_11ax) 672 return len; 673 674 len += 3 + sizeof(struct ieee80211_he_capabilities) + 675 3 + sizeof(struct ieee80211_he_operation) + 676 3 + sizeof(struct ieee80211_he_mu_edca_parameter_set) + 677 3 + sizeof(struct ieee80211_spatial_reuse); 678 if (is_6ghz_op_class(hapd->iconf->op_class)) { 679 len += sizeof(struct ieee80211_he_6ghz_oper_info) + 680 3 + sizeof(struct ieee80211_he_6ghz_band_cap); 681 /* An additional Transmit Power Envelope element for 682 * subordinate client */ 683 if (he_reg_is_indoor(hapd->iconf->he_6ghz_reg_pwr_type)) 684 len += 4; 685 686 /* An additional Transmit Power Envelope element for 687 * default client with unit interpretation of regulatory 688 * client EIRP */ 689 if (hapd->iconf->reg_def_cli_eirp != -1 && 690 he_reg_is_sp(hapd->iconf->he_6ghz_reg_pwr_type)) 691 len += 4; 692 } 693 #endif /* CONFIG_IEEE80211AX */ 694 695 return len; 696 } 697 698 699 struct probe_resp_params { 700 const struct ieee80211_mgmt *req; 701 bool is_p2p; 702 703 /* Generated IEs will be included inside an ML element */ 704 struct hostapd_data *mld_ap; 705 struct mld_info *mld_info; 706 707 struct ieee80211_mgmt *resp; 708 size_t resp_len; 709 u8 *csa_pos; 710 u8 *ecsa_pos; 711 const u8 *known_bss; 712 u8 known_bss_len; 713 714 #ifdef CONFIG_IEEE80211AX 715 u8 *cca_pos; 716 #endif /* CONFIG_IEEE80211AX */ 717 }; 718 719 hostapd_free_probe_resp_params(struct probe_resp_params * params)720 static void hostapd_free_probe_resp_params(struct probe_resp_params *params) 721 { 722 #ifdef CONFIG_IEEE80211BE 723 if (!params) 724 return; 725 726 os_free(params->mld_info); 727 params->mld_info = NULL; 728 #endif /* CONFIG_IEEE80211BE */ 729 } 730 731 hostapd_probe_resp_elems_len(struct hostapd_data * hapd,struct probe_resp_params * params)732 static size_t hostapd_probe_resp_elems_len(struct hostapd_data *hapd, 733 struct probe_resp_params *params) 734 { 735 size_t buflen = 0; 736 737 #ifdef CONFIG_WPS 738 if (hapd->wps_probe_resp_ie) 739 buflen += wpabuf_len(hapd->wps_probe_resp_ie); 740 #endif /* CONFIG_WPS */ 741 #ifdef CONFIG_P2P 742 if (hapd->p2p_probe_resp_ie) 743 buflen += wpabuf_len(hapd->p2p_probe_resp_ie); 744 #endif /* CONFIG_P2P */ 745 #ifdef CONFIG_FST 746 if (hapd->iface->fst_ies) 747 buflen += wpabuf_len(hapd->iface->fst_ies); 748 #endif /* CONFIG_FST */ 749 if (hapd->conf->vendor_elements) 750 buflen += wpabuf_len(hapd->conf->vendor_elements); 751 #ifdef CONFIG_TESTING_OPTIONS 752 if (hapd->conf->presp_elements) 753 buflen += wpabuf_len(hapd->conf->presp_elements); 754 #endif /* CONFIG_TESTING_OPTIONS */ 755 if (hapd->conf->vendor_vht) { 756 buflen += 5 + 2 + sizeof(struct ieee80211_vht_capabilities) + 757 2 + sizeof(struct ieee80211_vht_operation); 758 } 759 760 buflen += he_elem_len(hapd); 761 762 #ifdef CONFIG_IEEE80211BE 763 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) { 764 struct hostapd_data *ml_elem_ap = 765 params->mld_ap ? params->mld_ap : hapd; 766 767 buflen += hostapd_eid_eht_capab_len(hapd, IEEE80211_MODE_AP); 768 buflen += 3 + sizeof(struct ieee80211_eht_operation); 769 if (hapd->iconf->punct_bitmap) 770 buflen += EHT_OPER_DISABLED_SUBCHAN_BITMAP_SIZE; 771 772 if (ml_elem_ap->conf->mld_ap) { 773 buflen += hostapd_eid_eht_ml_beacon_len( 774 ml_elem_ap, params->mld_info, !!params->mld_ap); 775 776 /* For Max Channel Switch Time element during channel 777 * switch */ 778 buflen += 6; 779 } 780 } 781 #endif /* CONFIG_IEEE80211BE */ 782 783 buflen += hostapd_eid_mbssid_len(hapd, WLAN_FC_STYPE_PROBE_RESP, NULL, 784 params->known_bss, 785 params->known_bss_len, NULL); 786 buflen += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_PROBE_RESP, true); 787 buflen += hostapd_mbo_ie_len(hapd); 788 buflen += hostapd_eid_owe_trans_len(hapd); 789 buflen += hostapd_eid_dpp_cc_len(hapd); 790 buflen += hostapd_get_rsne_override_len(hapd); 791 buflen += hostapd_get_rsne_override_2_len(hapd); 792 buflen += hostapd_get_rsnxe_override_len(hapd); 793 794 return buflen; 795 } 796 797 hostapd_probe_resp_fill_elems(struct hostapd_data * hapd,struct probe_resp_params * params,u8 * pos,size_t len)798 static u8 * hostapd_probe_resp_fill_elems(struct hostapd_data *hapd, 799 struct probe_resp_params *params, 800 u8 *pos, size_t len) 801 { 802 u8 *csa_pos; 803 u8 *epos; 804 805 epos = pos + len; 806 807 *pos++ = WLAN_EID_SSID; 808 *pos++ = hapd->conf->ssid.ssid_len; 809 os_memcpy(pos, hapd->conf->ssid.ssid, 810 hapd->conf->ssid.ssid_len); 811 pos += hapd->conf->ssid.ssid_len; 812 813 /* Supported rates */ 814 pos = hostapd_eid_supp_rates(hapd, pos); 815 816 /* DS Params */ 817 pos = hostapd_eid_ds_params(hapd, pos); 818 819 pos = hostapd_eid_country(hapd, pos, epos - pos); 820 821 /* Power Constraint element */ 822 pos = hostapd_eid_pwr_constraint(hapd, pos); 823 824 /* CSA element */ 825 csa_pos = hostapd_eid_csa(hapd, pos); 826 if (csa_pos != pos) 827 params->csa_pos = csa_pos - 1; 828 else 829 params->csa_pos = NULL; 830 pos = csa_pos; 831 832 /* ERP Information element */ 833 pos = hostapd_eid_erp_info(hapd, pos); 834 835 /* Extended supported rates */ 836 pos = hostapd_eid_ext_supp_rates(hapd, pos); 837 838 pos = hostapd_get_rsne(hapd, pos, epos - pos); 839 pos = hostapd_eid_bss_load(hapd, pos, epos - pos); 840 pos = hostapd_eid_mbssid(hapd, pos, epos, WLAN_FC_STYPE_PROBE_RESP, 0, 841 NULL, params->known_bss, params->known_bss_len, 842 NULL, NULL, NULL, 0); 843 pos = hostapd_eid_rm_enabled_capab(hapd, pos, epos - pos); 844 pos = hostapd_get_mde(hapd, pos, epos - pos); 845 846 /* eCSA element */ 847 csa_pos = hostapd_eid_ecsa(hapd, pos); 848 if (csa_pos != pos) 849 params->ecsa_pos = csa_pos - 1; 850 else 851 params->ecsa_pos = NULL; 852 pos = csa_pos; 853 854 pos = hostapd_eid_supported_op_classes(hapd, pos); 855 pos = hostapd_eid_ht_capabilities(hapd, pos); 856 pos = hostapd_eid_ht_operation(hapd, pos); 857 858 /* Probe Response frames always include all non-TX profiles except 859 * when a list of known BSSes is included in the Probe Request frame. */ 860 pos = hostapd_eid_ext_capab(hapd, pos, 861 hapd->iconf->mbssid >= MBSSID_ENABLED && 862 !params->known_bss_len); 863 864 pos = hostapd_eid_time_adv(hapd, pos); 865 pos = hostapd_eid_time_zone(hapd, pos); 866 867 pos = hostapd_eid_interworking(hapd, pos); 868 pos = hostapd_eid_adv_proto(hapd, pos); 869 pos = hostapd_eid_roaming_consortium(hapd, pos); 870 871 #ifdef CONFIG_FST 872 if (hapd->iface->fst_ies) { 873 os_memcpy(pos, wpabuf_head(hapd->iface->fst_ies), 874 wpabuf_len(hapd->iface->fst_ies)); 875 pos += wpabuf_len(hapd->iface->fst_ies); 876 } 877 #endif /* CONFIG_FST */ 878 879 #ifdef CONFIG_IEEE80211AC 880 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac && 881 !is_6ghz_op_class(hapd->iconf->op_class)) { 882 pos = hostapd_eid_vht_capabilities(hapd, pos, 0); 883 pos = hostapd_eid_vht_operation(hapd, pos); 884 pos = hostapd_eid_txpower_envelope(hapd, pos); 885 } 886 #endif /* CONFIG_IEEE80211AC */ 887 888 #ifdef CONFIG_IEEE80211AX 889 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax && 890 is_6ghz_op_class(hapd->iconf->op_class)) 891 pos = hostapd_eid_txpower_envelope(hapd, pos); 892 #endif /* CONFIG_IEEE80211AX */ 893 894 pos = hostapd_eid_chsw_wrapper(hapd, pos); 895 896 pos = hostapd_eid_rnr(hapd, pos, WLAN_FC_STYPE_PROBE_RESP, true); 897 pos = hostapd_eid_fils_indic(hapd, pos, 0); 898 899 /* Max Channel Switch Time element */ 900 pos = hostapd_eid_max_cs_time(hapd, pos); 901 902 pos = hostapd_get_rsnxe(hapd, pos, epos - pos); 903 904 #ifdef CONFIG_IEEE80211AX 905 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) { 906 u8 *cca_pos; 907 908 pos = hostapd_eid_he_capab(hapd, pos, IEEE80211_MODE_AP); 909 pos = hostapd_eid_he_operation(hapd, pos); 910 911 /* BSS Color Change Announcement element */ 912 cca_pos = hostapd_eid_cca(hapd, pos); 913 if (cca_pos != pos) 914 params->cca_pos = cca_pos - 2; 915 else 916 params->cca_pos = NULL; 917 pos = cca_pos; 918 919 pos = hostapd_eid_spatial_reuse(hapd, pos); 920 pos = hostapd_eid_he_mu_edca_parameter_set(hapd, pos); 921 pos = hostapd_eid_he_6ghz_band_cap(hapd, pos); 922 } 923 #endif /* CONFIG_IEEE80211AX */ 924 925 #ifdef CONFIG_IEEE80211BE 926 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) { 927 struct hostapd_data *ml_elem_ap = 928 params->mld_ap ? params->mld_ap : hapd; 929 930 if (ml_elem_ap->conf->mld_ap) 931 pos = hostapd_eid_eht_ml_beacon( 932 ml_elem_ap, params->mld_info, 933 pos, !!params->mld_ap); 934 935 pos = hostapd_eid_eht_capab(hapd, pos, IEEE80211_MODE_AP); 936 pos = hostapd_eid_eht_operation(hapd, pos); 937 } 938 #endif /* CONFIG_IEEE80211BE */ 939 940 #ifdef CONFIG_IEEE80211AC 941 if (hapd->conf->vendor_vht) 942 pos = hostapd_eid_vendor_vht(hapd, pos); 943 #endif /* CONFIG_IEEE80211AC */ 944 945 /* WPA */ 946 pos = hostapd_get_wpa_ie(hapd, pos, epos - pos); 947 948 /* Wi-Fi Alliance WMM */ 949 pos = hostapd_eid_wmm(hapd, pos); 950 951 #ifdef CONFIG_WPS 952 if (hapd->conf->wps_state && hapd->wps_probe_resp_ie) { 953 os_memcpy(pos, wpabuf_head(hapd->wps_probe_resp_ie), 954 wpabuf_len(hapd->wps_probe_resp_ie)); 955 pos += wpabuf_len(hapd->wps_probe_resp_ie); 956 } 957 #endif /* CONFIG_WPS */ 958 959 #ifdef CONFIG_P2P 960 if ((hapd->conf->p2p & P2P_ENABLED) && params->is_p2p && 961 hapd->p2p_probe_resp_ie) { 962 os_memcpy(pos, wpabuf_head(hapd->p2p_probe_resp_ie), 963 wpabuf_len(hapd->p2p_probe_resp_ie)); 964 pos += wpabuf_len(hapd->p2p_probe_resp_ie); 965 } 966 #endif /* CONFIG_P2P */ 967 #ifdef CONFIG_P2P_MANAGER 968 if ((hapd->conf->p2p & (P2P_MANAGE | P2P_ENABLED | P2P_GROUP_OWNER)) == 969 P2P_MANAGE) 970 pos = hostapd_eid_p2p_manage(hapd, pos); 971 #endif /* CONFIG_P2P_MANAGER */ 972 973 #ifdef CONFIG_HS20 974 pos = hostapd_eid_hs20_indication(hapd, pos); 975 #endif /* CONFIG_HS20 */ 976 977 pos = hostapd_eid_mbo(hapd, pos, epos - pos); 978 pos = hostapd_eid_owe_trans(hapd, pos, epos - pos); 979 pos = hostapd_eid_dpp_cc(hapd, pos, epos - pos); 980 981 pos = hostapd_get_rsne_override(hapd, pos, epos - pos); 982 pos = hostapd_get_rsne_override_2(hapd, pos, epos - pos); 983 pos = hostapd_get_rsnxe_override(hapd, pos, epos - pos); 984 985 if (hapd->conf->vendor_elements) { 986 os_memcpy(pos, wpabuf_head(hapd->conf->vendor_elements), 987 wpabuf_len(hapd->conf->vendor_elements)); 988 pos += wpabuf_len(hapd->conf->vendor_elements); 989 } 990 991 #ifdef CONFIG_TESTING_OPTIONS 992 if (hapd->conf->presp_elements) { 993 os_memcpy(pos, wpabuf_head(hapd->conf->presp_elements), 994 wpabuf_len(hapd->conf->presp_elements)); 995 pos += wpabuf_len(hapd->conf->presp_elements); 996 } 997 #endif /* CONFIG_TESTING_OPTIONS */ 998 999 return pos; 1000 } 1001 1002 hostapd_gen_probe_resp(struct hostapd_data * hapd,struct probe_resp_params * params)1003 static void hostapd_gen_probe_resp(struct hostapd_data *hapd, 1004 struct probe_resp_params *params) 1005 { 1006 u8 *pos; 1007 size_t buflen; 1008 1009 hapd = hostapd_mbssid_get_tx_bss(hapd); 1010 1011 #define MAX_PROBERESP_LEN 768 1012 buflen = MAX_PROBERESP_LEN; 1013 buflen += hostapd_probe_resp_elems_len(hapd, params); 1014 params->resp = os_zalloc(buflen); 1015 if (!params->resp) { 1016 params->resp_len = 0; 1017 return; 1018 } 1019 1020 params->resp->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 1021 WLAN_FC_STYPE_PROBE_RESP); 1022 /* Unicast the response to all requests on bands other than 6 GHz. For 1023 * the 6 GHz, unicast is used only if the actual SSID is not included in 1024 * the Beacon frames. Otherwise, broadcast response is used per IEEE 1025 * Std 802.11ax-2021, 26.17.2.3.2. Broadcast address is also used for 1026 * the Probe Response frame template for the unsolicited (i.e., not as 1027 * a response to a specific request) case. */ 1028 if (params->req && (!is_6ghz_op_class(hapd->iconf->op_class) || 1029 hapd->conf->ignore_broadcast_ssid)) 1030 os_memcpy(params->resp->da, params->req->sa, ETH_ALEN); 1031 else 1032 os_memset(params->resp->da, 0xff, ETH_ALEN); 1033 os_memcpy(params->resp->sa, hapd->own_addr, ETH_ALEN); 1034 1035 os_memcpy(params->resp->bssid, hapd->own_addr, ETH_ALEN); 1036 params->resp->u.probe_resp.beacon_int = 1037 host_to_le16(hapd->iconf->beacon_int); 1038 1039 /* hardware or low-level driver will setup seq_ctrl and timestamp */ 1040 params->resp->u.probe_resp.capab_info = 1041 host_to_le16(hostapd_own_capab_info(hapd)); 1042 1043 pos = hostapd_probe_resp_fill_elems(hapd, params, 1044 params->resp->u.probe_resp.variable, 1045 buflen); 1046 1047 params->resp_len = pos - (u8 *) params->resp; 1048 } 1049 1050 1051 #ifdef CONFIG_IEEE80211BE hostapd_fill_probe_resp_ml_params(struct hostapd_data * hapd,struct probe_resp_params * params,const struct ieee80211_mgmt * mgmt,int mld_id,u16 links)1052 static void hostapd_fill_probe_resp_ml_params(struct hostapd_data *hapd, 1053 struct probe_resp_params *params, 1054 const struct ieee80211_mgmt *mgmt, 1055 int mld_id, u16 links) 1056 { 1057 struct hostapd_data *link; 1058 1059 params->mld_ap = NULL; 1060 params->mld_info = os_zalloc(sizeof(*params->mld_info)); 1061 if (!params->mld_info) 1062 return; 1063 1064 wpa_printf(MSG_DEBUG, 1065 "MLD: Got ML probe request with AP MLD ID %d for links %04x", 1066 mld_id, links); 1067 1068 for_each_mld_link(link, hapd) { 1069 struct mld_link_info *link_info; 1070 u8 mld_link_id = link->mld_link_id; 1071 1072 /* 1073 * Set mld_ap iff the ML probe request explicitly 1074 * requested a specific MLD ID. In that case, the targeted 1075 * AP may have been a nontransmitted BSSID on the same 1076 * interface. 1077 */ 1078 if (mld_id != -1 && link->iface == hapd->iface) 1079 params->mld_ap = link; 1080 1081 /* Never duplicate main Probe Response frame body */ 1082 if (link == hapd) 1083 continue; 1084 1085 /* Only include requested links */ 1086 if (!(BIT(mld_link_id) & links)) 1087 continue; 1088 1089 link_info = ¶ms->mld_info->links[mld_link_id]; 1090 os_memcpy(link_info, &hapd->partner_links[mld_link_id], 1091 sizeof(hapd->partner_links[mld_link_id])); 1092 1093 wpa_printf(MSG_DEBUG, 1094 "MLD: ML probe response includes link STA info for %d: %u bytes", 1095 mld_link_id, link_info->resp_sta_profile_len); 1096 } 1097 1098 if (mld_id != -1 && !params->mld_ap) { 1099 wpa_printf(MSG_DEBUG, 1100 "MLD: No nontransmitted BSSID for MLD ID %d", 1101 mld_id); 1102 goto fail; 1103 } 1104 1105 return; 1106 1107 fail: 1108 hostapd_free_probe_resp_params(params); 1109 params->mld_ap = NULL; 1110 params->mld_info = NULL; 1111 } 1112 #endif /* CONFIG_IEEE80211BE */ 1113 1114 1115 enum ssid_match_result { 1116 NO_SSID_MATCH, 1117 EXACT_SSID_MATCH, 1118 WILDCARD_SSID_MATCH, 1119 CO_LOCATED_SSID_MATCH, 1120 }; 1121 ssid_match(struct hostapd_data * hapd,const u8 * ssid,size_t ssid_len,const u8 * ssid_list,size_t ssid_list_len,const u8 * short_ssid_list,size_t short_ssid_list_len)1122 static enum ssid_match_result ssid_match(struct hostapd_data *hapd, 1123 const u8 *ssid, size_t ssid_len, 1124 const u8 *ssid_list, 1125 size_t ssid_list_len, 1126 const u8 *short_ssid_list, 1127 size_t short_ssid_list_len) 1128 { 1129 const u8 *pos, *end; 1130 struct hostapd_iface *iface = hapd->iface; 1131 int wildcard = 0; 1132 size_t i, j; 1133 1134 if (ssid_len == 0) 1135 wildcard = 1; 1136 if (ssid_len == hapd->conf->ssid.ssid_len && 1137 os_memcmp(ssid, hapd->conf->ssid.ssid, ssid_len) == 0) 1138 return EXACT_SSID_MATCH; 1139 1140 if (ssid_list) { 1141 pos = ssid_list; 1142 end = ssid_list + ssid_list_len; 1143 while (end - pos >= 2) { 1144 if (2 + pos[1] > end - pos) 1145 break; 1146 if (pos[1] == 0) 1147 wildcard = 1; 1148 if (pos[1] == hapd->conf->ssid.ssid_len && 1149 os_memcmp(pos + 2, hapd->conf->ssid.ssid, 1150 pos[1]) == 0) 1151 return EXACT_SSID_MATCH; 1152 pos += 2 + pos[1]; 1153 } 1154 } 1155 1156 if (short_ssid_list) { 1157 pos = short_ssid_list; 1158 end = short_ssid_list + short_ssid_list_len; 1159 while (end - pos >= 4) { 1160 if (hapd->conf->ssid.short_ssid == WPA_GET_LE32(pos)) 1161 return EXACT_SSID_MATCH; 1162 pos += 4; 1163 } 1164 } 1165 1166 if (wildcard) 1167 return WILDCARD_SSID_MATCH; 1168 1169 if (!iface->interfaces || iface->interfaces->count <= 1 || 1170 is_6ghz_op_class(hapd->iconf->op_class)) 1171 return NO_SSID_MATCH; 1172 1173 for (i = 0; i < iface->interfaces->count; i++) { 1174 struct hostapd_iface *colocated; 1175 1176 colocated = iface->interfaces->iface[i]; 1177 1178 if (colocated == iface || 1179 !is_6ghz_op_class(colocated->conf->op_class)) 1180 continue; 1181 1182 for (j = 0; j < colocated->num_bss; j++) { 1183 struct hostapd_bss_config *conf; 1184 1185 conf = colocated->bss[j]->conf; 1186 if (ssid_len == conf->ssid.ssid_len && 1187 os_memcmp(ssid, conf->ssid.ssid, ssid_len) == 0) 1188 return CO_LOCATED_SSID_MATCH; 1189 } 1190 } 1191 1192 return NO_SSID_MATCH; 1193 } 1194 1195 sta_track_expire(struct hostapd_iface * iface,int force)1196 void sta_track_expire(struct hostapd_iface *iface, int force) 1197 { 1198 struct os_reltime now; 1199 struct hostapd_sta_info *info; 1200 1201 if (!iface->num_sta_seen) 1202 return; 1203 1204 os_get_reltime(&now); 1205 while ((info = dl_list_first(&iface->sta_seen, struct hostapd_sta_info, 1206 list))) { 1207 if (!force && 1208 !os_reltime_expired(&now, &info->last_seen, 1209 iface->conf->track_sta_max_age)) 1210 break; 1211 force = 0; 1212 1213 wpa_printf(MSG_MSGDUMP, "%s: Expire STA tracking entry for " 1214 MACSTR, iface->bss[0]->conf->iface, 1215 MAC2STR(info->addr)); 1216 dl_list_del(&info->list); 1217 iface->num_sta_seen--; 1218 sta_track_del(info); 1219 } 1220 } 1221 1222 sta_track_get(struct hostapd_iface * iface,const u8 * addr)1223 static struct hostapd_sta_info * sta_track_get(struct hostapd_iface *iface, 1224 const u8 *addr) 1225 { 1226 struct hostapd_sta_info *info; 1227 1228 dl_list_for_each(info, &iface->sta_seen, struct hostapd_sta_info, list) 1229 if (ether_addr_equal(addr, info->addr)) 1230 return info; 1231 1232 return NULL; 1233 } 1234 1235 sta_track_add(struct hostapd_iface * iface,const u8 * addr,int ssi_signal)1236 void sta_track_add(struct hostapd_iface *iface, const u8 *addr, int ssi_signal) 1237 { 1238 struct hostapd_sta_info *info; 1239 1240 info = sta_track_get(iface, addr); 1241 if (info) { 1242 /* Move the most recent entry to the end of the list */ 1243 dl_list_del(&info->list); 1244 dl_list_add_tail(&iface->sta_seen, &info->list); 1245 os_get_reltime(&info->last_seen); 1246 info->ssi_signal = ssi_signal; 1247 return; 1248 } 1249 1250 /* Add a new entry */ 1251 info = os_zalloc(sizeof(*info)); 1252 if (info == NULL) 1253 return; 1254 os_memcpy(info->addr, addr, ETH_ALEN); 1255 os_get_reltime(&info->last_seen); 1256 info->ssi_signal = ssi_signal; 1257 1258 if (iface->num_sta_seen >= iface->conf->track_sta_max_num) { 1259 /* Expire oldest entry to make room for a new one */ 1260 sta_track_expire(iface, 1); 1261 } 1262 1263 wpa_printf(MSG_MSGDUMP, "%s: Add STA tracking entry for " 1264 MACSTR, iface->bss[0]->conf->iface, MAC2STR(addr)); 1265 dl_list_add_tail(&iface->sta_seen, &info->list); 1266 iface->num_sta_seen++; 1267 } 1268 1269 1270 struct hostapd_data * sta_track_seen_on(struct hostapd_iface * iface,const u8 * addr,const char * ifname)1271 sta_track_seen_on(struct hostapd_iface *iface, const u8 *addr, 1272 const char *ifname) 1273 { 1274 struct hapd_interfaces *interfaces = iface->interfaces; 1275 size_t i, j; 1276 1277 for (i = 0; i < interfaces->count; i++) { 1278 struct hostapd_data *hapd = NULL; 1279 1280 iface = interfaces->iface[i]; 1281 for (j = 0; j < iface->num_bss; j++) { 1282 hapd = iface->bss[j]; 1283 if (os_strcmp(ifname, hapd->conf->iface) == 0) 1284 break; 1285 hapd = NULL; 1286 } 1287 1288 if (hapd && sta_track_get(iface, addr)) 1289 return hapd; 1290 } 1291 1292 return NULL; 1293 } 1294 1295 1296 #ifdef CONFIG_TAXONOMY sta_track_claim_taxonomy_info(struct hostapd_iface * iface,const u8 * addr,struct wpabuf ** probe_ie_taxonomy)1297 void sta_track_claim_taxonomy_info(struct hostapd_iface *iface, const u8 *addr, 1298 struct wpabuf **probe_ie_taxonomy) 1299 { 1300 struct hostapd_sta_info *info; 1301 1302 info = sta_track_get(iface, addr); 1303 if (!info) 1304 return; 1305 1306 wpabuf_free(*probe_ie_taxonomy); 1307 *probe_ie_taxonomy = info->probe_ie_taxonomy; 1308 info->probe_ie_taxonomy = NULL; 1309 } 1310 #endif /* CONFIG_TAXONOMY */ 1311 1312 1313 #ifdef CONFIG_IEEE80211BE parse_ml_probe_req(const struct ieee80211_eht_ml * ml,size_t ml_len,int * mld_id,u16 * links)1314 static bool parse_ml_probe_req(const struct ieee80211_eht_ml *ml, size_t ml_len, 1315 int *mld_id, u16 *links) 1316 { 1317 u16 ml_control; 1318 const struct element *sub; 1319 const u8 *pos; 1320 size_t len; 1321 1322 *mld_id = -1; 1323 *links = 0xffff; 1324 1325 if (ml_len < sizeof(struct ieee80211_eht_ml)) 1326 return false; 1327 1328 ml_control = le_to_host16(ml->ml_control); 1329 if ((ml_control & MULTI_LINK_CONTROL_TYPE_MASK) != 1330 MULTI_LINK_CONTROL_TYPE_PROBE_REQ) { 1331 wpa_printf(MSG_DEBUG, "MLD: Not an ML probe req"); 1332 return false; 1333 } 1334 1335 if (sizeof(struct ieee80211_eht_ml) + 1 > ml_len) { 1336 wpa_printf(MSG_DEBUG, "MLD: ML probe req too short"); 1337 return false; 1338 } 1339 1340 pos = ml->variable; 1341 len = pos[0]; 1342 if (len < 1 || sizeof(struct ieee80211_eht_ml) + len > ml_len) { 1343 wpa_printf(MSG_DEBUG, 1344 "MLD: ML probe request with invalid length"); 1345 return false; 1346 } 1347 1348 if (ml_control & EHT_ML_PRES_BM_PROBE_REQ_AP_MLD_ID) { 1349 if (len < 2) { 1350 wpa_printf(MSG_DEBUG, 1351 "MLD: ML probe req too short for MLD ID"); 1352 return false; 1353 } 1354 1355 *mld_id = pos[1]; 1356 } 1357 pos += len; 1358 1359 /* Parse subelements (if there are any) */ 1360 len = ml_len - len - sizeof(struct ieee80211_eht_ml); 1361 for_each_element_id(sub, 0, pos, len) { 1362 const struct ieee80211_eht_per_sta_profile *sta; 1363 u16 sta_control; 1364 1365 if (*links == 0xffff) 1366 *links = 0; 1367 1368 if (sub->datalen < 1369 sizeof(struct ieee80211_eht_per_sta_profile)) { 1370 wpa_printf(MSG_DEBUG, 1371 "MLD: ML probe req %d too short for sta profile", 1372 sub->datalen); 1373 return false; 1374 } 1375 1376 sta = (struct ieee80211_eht_per_sta_profile *) sub->data; 1377 1378 /* 1379 * Extract the link ID, do not return whether a complete or 1380 * partial profile was requested. 1381 */ 1382 sta_control = le_to_host16(sta->sta_control); 1383 *links |= BIT(sta_control & EHT_PER_STA_CTRL_LINK_ID_MSK); 1384 } 1385 1386 if (!for_each_element_completed(sub, pos, len)) { 1387 wpa_printf(MSG_DEBUG, 1388 "MLD: ML probe req sub-elements parsing error"); 1389 return false; 1390 } 1391 1392 return true; 1393 } 1394 #endif /* CONFIG_IEEE80211BE */ 1395 1396 handle_probe_req(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len,int ssi_signal)1397 void handle_probe_req(struct hostapd_data *hapd, 1398 const struct ieee80211_mgmt *mgmt, size_t len, 1399 int ssi_signal) 1400 { 1401 struct ieee802_11_elems elems; 1402 const u8 *ie; 1403 size_t ie_len; 1404 size_t i; 1405 int noack; 1406 enum ssid_match_result res; 1407 int ret; 1408 u16 csa_offs[2]; 1409 size_t csa_offs_len; 1410 struct radius_sta rad_info; 1411 struct probe_resp_params params; 1412 char *hex = NULL; 1413 #ifdef CONFIG_IEEE80211BE 1414 int mld_id; 1415 u16 links; 1416 #endif /* CONFIG_IEEE80211BE */ 1417 1418 if (hapd->iconf->rssi_ignore_probe_request && ssi_signal && 1419 ssi_signal < hapd->iconf->rssi_ignore_probe_request) 1420 return; 1421 1422 if (len < IEEE80211_HDRLEN) 1423 return; 1424 ie = ((const u8 *) mgmt) + IEEE80211_HDRLEN; 1425 if (hapd->iconf->track_sta_max_num) 1426 sta_track_add(hapd->iface, mgmt->sa, ssi_signal); 1427 ie_len = len - IEEE80211_HDRLEN; 1428 1429 ret = hostapd_allowed_address(hapd, mgmt->sa, (const u8 *) mgmt, len, 1430 &rad_info, 1); 1431 if (ret == HOSTAPD_ACL_REJECT) { 1432 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 1433 "Ignore Probe Request frame from " MACSTR 1434 " due to ACL reject ", MAC2STR(mgmt->sa)); 1435 return; 1436 } 1437 1438 for (i = 0; hapd->probereq_cb && i < hapd->num_probereq_cb; i++) 1439 if (hapd->probereq_cb[i].cb(hapd->probereq_cb[i].ctx, 1440 mgmt->sa, mgmt->da, mgmt->bssid, 1441 ie, ie_len, ssi_signal) > 0) 1442 return; 1443 1444 if (!hapd->conf->send_probe_response) 1445 return; 1446 1447 if (ieee802_11_parse_elems(ie, ie_len, &elems, 0) == ParseFailed) { 1448 wpa_printf(MSG_DEBUG, "Could not parse ProbeReq from " MACSTR, 1449 MAC2STR(mgmt->sa)); 1450 return; 1451 } 1452 1453 if ((!elems.ssid || !elems.supp_rates)) { 1454 wpa_printf(MSG_DEBUG, "STA " MACSTR " sent probe request " 1455 "without SSID or supported rates element", 1456 MAC2STR(mgmt->sa)); 1457 return; 1458 } 1459 1460 /* 1461 * No need to reply if the Probe Request frame was sent on an adjacent 1462 * channel. IEEE Std 802.11-2012 describes this as a requirement for an 1463 * AP with dot11RadioMeasurementActivated set to true, but strictly 1464 * speaking does not allow such ignoring of Probe Request frames if 1465 * dot11RadioMeasurementActivated is false. Anyway, this can help reduce 1466 * number of unnecessary Probe Response frames for cases where the STA 1467 * is less likely to see them (Probe Request frame sent on a 1468 * neighboring, but partially overlapping, channel). 1469 */ 1470 if (elems.ds_params && 1471 hapd->iface->current_mode && 1472 (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G || 1473 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211B) && 1474 hapd->iconf->channel != elems.ds_params[0]) { 1475 wpa_printf(MSG_DEBUG, 1476 "Ignore Probe Request due to DS Params mismatch: chan=%u != ds.chan=%u", 1477 hapd->iconf->channel, elems.ds_params[0]); 1478 return; 1479 } 1480 1481 #ifdef CONFIG_P2P 1482 if (hapd->p2p && hapd->p2p_group && elems.wps_ie) { 1483 struct wpabuf *wps; 1484 wps = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA); 1485 if (wps && !p2p_group_match_dev_type(hapd->p2p_group, wps)) { 1486 wpa_printf(MSG_MSGDUMP, "P2P: Ignore Probe Request " 1487 "due to mismatch with Requested Device " 1488 "Type"); 1489 wpabuf_free(wps); 1490 return; 1491 } 1492 wpabuf_free(wps); 1493 } 1494 1495 if (hapd->p2p && hapd->p2p_group && elems.p2p) { 1496 struct wpabuf *p2p; 1497 p2p = ieee802_11_vendor_ie_concat(ie, ie_len, P2P_IE_VENDOR_TYPE); 1498 if (p2p && !p2p_group_match_dev_id(hapd->p2p_group, p2p)) { 1499 wpa_printf(MSG_MSGDUMP, "P2P: Ignore Probe Request " 1500 "due to mismatch with Device ID"); 1501 wpabuf_free(p2p); 1502 return; 1503 } 1504 wpabuf_free(p2p); 1505 } 1506 #endif /* CONFIG_P2P */ 1507 1508 if (hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0 && 1509 elems.ssid_list_len == 0 && elems.short_ssid_list_len == 0) { 1510 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for " 1511 "broadcast SSID ignored", MAC2STR(mgmt->sa)); 1512 return; 1513 } 1514 1515 #ifdef CONFIG_P2P 1516 if ((hapd->conf->p2p & P2P_GROUP_OWNER) && 1517 elems.ssid_len == P2P_WILDCARD_SSID_LEN && 1518 os_memcmp(elems.ssid, P2P_WILDCARD_SSID, 1519 P2P_WILDCARD_SSID_LEN) == 0) { 1520 /* Process P2P Wildcard SSID like Wildcard SSID */ 1521 elems.ssid_len = 0; 1522 } 1523 #endif /* CONFIG_P2P */ 1524 1525 #ifdef CONFIG_TAXONOMY 1526 { 1527 struct sta_info *sta; 1528 struct hostapd_sta_info *info; 1529 1530 if ((sta = ap_get_sta(hapd, mgmt->sa)) != NULL) { 1531 taxonomy_sta_info_probe_req(hapd, sta, ie, ie_len); 1532 } else if ((info = sta_track_get(hapd->iface, 1533 mgmt->sa)) != NULL) { 1534 taxonomy_hostapd_sta_info_probe_req(hapd, info, 1535 ie, ie_len); 1536 } 1537 } 1538 #endif /* CONFIG_TAXONOMY */ 1539 1540 res = ssid_match(hapd, elems.ssid, elems.ssid_len, 1541 elems.ssid_list, elems.ssid_list_len, 1542 elems.short_ssid_list, elems.short_ssid_list_len); 1543 if (res == NO_SSID_MATCH) { 1544 if (!(mgmt->da[0] & 0x01)) { 1545 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR 1546 " for foreign SSID '%s' (DA " MACSTR ")%s", 1547 MAC2STR(mgmt->sa), 1548 wpa_ssid_txt(elems.ssid, elems.ssid_len), 1549 MAC2STR(mgmt->da), 1550 elems.ssid_list ? " (SSID list)" : ""); 1551 } 1552 return; 1553 } 1554 1555 if (hapd->conf->ignore_broadcast_ssid && res == WILDCARD_SSID_MATCH) { 1556 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for " 1557 "broadcast SSID ignored", MAC2STR(mgmt->sa)); 1558 return; 1559 } 1560 1561 #ifdef CONFIG_INTERWORKING 1562 if (hapd->conf->interworking && 1563 elems.interworking && elems.interworking_len >= 1) { 1564 u8 ant = elems.interworking[0] & 0x0f; 1565 if (ant != INTERWORKING_ANT_WILDCARD && 1566 ant != hapd->conf->access_network_type) { 1567 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR 1568 " for mismatching ANT %u ignored", 1569 MAC2STR(mgmt->sa), ant); 1570 return; 1571 } 1572 } 1573 1574 if (hapd->conf->interworking && elems.interworking && 1575 (elems.interworking_len == 7 || elems.interworking_len == 9)) { 1576 const u8 *hessid; 1577 if (elems.interworking_len == 7) 1578 hessid = elems.interworking + 1; 1579 else 1580 hessid = elems.interworking + 1 + 2; 1581 if (!is_broadcast_ether_addr(hessid) && 1582 !ether_addr_equal(hessid, hapd->conf->hessid)) { 1583 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR 1584 " for mismatching HESSID " MACSTR 1585 " ignored", 1586 MAC2STR(mgmt->sa), MAC2STR(hessid)); 1587 return; 1588 } 1589 } 1590 #endif /* CONFIG_INTERWORKING */ 1591 1592 #ifdef CONFIG_P2P 1593 if ((hapd->conf->p2p & P2P_GROUP_OWNER) && 1594 supp_rates_11b_only(&elems)) { 1595 /* Indicates support for 11b rates only */ 1596 wpa_printf(MSG_EXCESSIVE, "P2P: Ignore Probe Request from " 1597 MACSTR " with only 802.11b rates", 1598 MAC2STR(mgmt->sa)); 1599 return; 1600 } 1601 #endif /* CONFIG_P2P */ 1602 1603 /* TODO: verify that supp_rates contains at least one matching rate 1604 * with AP configuration */ 1605 1606 if (hapd->conf->no_probe_resp_if_seen_on && 1607 is_multicast_ether_addr(mgmt->da) && 1608 is_multicast_ether_addr(mgmt->bssid) && 1609 sta_track_seen_on(hapd->iface, mgmt->sa, 1610 hapd->conf->no_probe_resp_if_seen_on)) { 1611 wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR 1612 " since STA has been seen on %s", 1613 hapd->conf->iface, MAC2STR(mgmt->sa), 1614 hapd->conf->no_probe_resp_if_seen_on); 1615 return; 1616 } 1617 1618 if (hapd->conf->no_probe_resp_if_max_sta && 1619 is_multicast_ether_addr(mgmt->da) && 1620 is_multicast_ether_addr(mgmt->bssid) && 1621 hapd->num_sta >= hapd->conf->max_num_sta && 1622 !ap_get_sta(hapd, mgmt->sa)) { 1623 wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR 1624 " since no room for additional STA", 1625 hapd->conf->iface, MAC2STR(mgmt->sa)); 1626 return; 1627 } 1628 1629 #ifdef CONFIG_TESTING_OPTIONS 1630 if (hapd->iconf->ignore_probe_probability > 0.0 && 1631 drand48() < hapd->iconf->ignore_probe_probability) { 1632 wpa_printf(MSG_INFO, 1633 "TESTING: ignoring probe request from " MACSTR, 1634 MAC2STR(mgmt->sa)); 1635 return; 1636 } 1637 #endif /* CONFIG_TESTING_OPTIONS */ 1638 1639 /* Do not send Probe Response frame from a non-transmitting multiple 1640 * BSSID profile unless the Probe Request frame is directed at that 1641 * particular BSS. */ 1642 if (hapd != hostapd_mbssid_get_tx_bss(hapd) && res != EXACT_SSID_MATCH) 1643 return; 1644 1645 if (hapd->conf->notify_mgmt_frames) { 1646 size_t hex_len; 1647 1648 hex_len = len * 2 + 1; 1649 hex = os_malloc(hex_len); 1650 if (hex) 1651 wpa_snprintf_hex(hex, hex_len, (const u8 *) mgmt, len); 1652 } 1653 1654 wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, RX_PROBE_REQUEST "sa=" MACSTR 1655 " signal=%d%s%s", MAC2STR(mgmt->sa), ssi_signal, 1656 hex ? " buf=" : "", hex ? hex : ""); 1657 1658 os_free(hex); 1659 1660 os_memset(¶ms, 0, sizeof(params)); 1661 1662 #ifdef CONFIG_IEEE80211BE 1663 if (hapd->conf->mld_ap && elems.probe_req_mle && 1664 parse_ml_probe_req((struct ieee80211_eht_ml *) elems.probe_req_mle, 1665 elems.probe_req_mle_len, &mld_id, &links)) { 1666 hostapd_fill_probe_resp_ml_params(hapd, ¶ms, mgmt, 1667 mld_id, links); 1668 } 1669 #endif /* CONFIG_IEEE80211BE */ 1670 1671 params.req = mgmt; 1672 params.is_p2p = !!elems.p2p; 1673 params.known_bss = elems.mbssid_known_bss; 1674 params.known_bss_len = elems.mbssid_known_bss_len; 1675 1676 hostapd_gen_probe_resp(hapd, ¶ms); 1677 1678 hostapd_free_probe_resp_params(¶ms); 1679 1680 if (!params.resp) 1681 return; 1682 1683 /* 1684 * If this is a broadcast probe request, apply no ack policy to avoid 1685 * excessive retries. 1686 */ 1687 noack = !!(res == WILDCARD_SSID_MATCH && 1688 is_broadcast_ether_addr(mgmt->da)); 1689 1690 csa_offs_len = 0; 1691 if (hapd->csa_in_progress) { 1692 if (params.csa_pos) 1693 csa_offs[csa_offs_len++] = 1694 params.csa_pos - (u8 *) params.resp; 1695 1696 if (params.ecsa_pos) 1697 csa_offs[csa_offs_len++] = 1698 params.ecsa_pos - (u8 *) params.resp; 1699 } 1700 1701 ret = hostapd_drv_send_mlme(hapd, params.resp, params.resp_len, noack, 1702 csa_offs_len ? csa_offs : NULL, 1703 csa_offs_len, 0); 1704 1705 if (ret < 0) 1706 wpa_printf(MSG_INFO, "handle_probe_req: send failed"); 1707 1708 os_free(params.resp); 1709 1710 wpa_printf(MSG_EXCESSIVE, "STA " MACSTR " sent probe request for %s " 1711 "SSID", MAC2STR(mgmt->sa), 1712 elems.ssid_len == 0 ? "broadcast" : "our"); 1713 } 1714 1715 hostapd_probe_resp_offloads(struct hostapd_data * hapd,size_t * resp_len)1716 static u8 * hostapd_probe_resp_offloads(struct hostapd_data *hapd, 1717 size_t *resp_len) 1718 { 1719 struct probe_resp_params params; 1720 1721 /* check probe response offloading caps and print warnings */ 1722 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD)) 1723 return NULL; 1724 1725 #ifdef CONFIG_WPS 1726 if (hapd->conf->wps_state && hapd->wps_probe_resp_ie && 1727 (!(hapd->iface->probe_resp_offloads & 1728 (WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS | 1729 WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2)))) 1730 wpa_printf(MSG_WARNING, "Device is trying to offload WPS " 1731 "Probe Response while not supporting this"); 1732 #endif /* CONFIG_WPS */ 1733 1734 #ifdef CONFIG_P2P 1735 if ((hapd->conf->p2p & P2P_ENABLED) && hapd->p2p_probe_resp_ie && 1736 !(hapd->iface->probe_resp_offloads & 1737 WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P)) 1738 wpa_printf(MSG_WARNING, "Device is trying to offload P2P " 1739 "Probe Response while not supporting this"); 1740 #endif /* CONFIG_P2P */ 1741 1742 if (hapd->conf->interworking && 1743 !(hapd->iface->probe_resp_offloads & 1744 WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING)) 1745 wpa_printf(MSG_WARNING, "Device is trying to offload " 1746 "Interworking Probe Response while not supporting " 1747 "this"); 1748 1749 /* Generate a Probe Response template for the non-P2P case */ 1750 os_memset(¶ms, 0, sizeof(params)); 1751 params.req = NULL; 1752 params.is_p2p = false; 1753 params.known_bss = NULL; 1754 params.known_bss_len = 0; 1755 params.mld_ap = NULL; 1756 params.mld_info = NULL; 1757 1758 hostapd_gen_probe_resp(hapd, ¶ms); 1759 *resp_len = params.resp_len; 1760 if (!params.resp) 1761 return NULL; 1762 1763 /* TODO: Avoid passing these through struct hostapd_data */ 1764 if (params.csa_pos) 1765 hapd->cs_c_off_proberesp = params.csa_pos - (u8 *) params.resp; 1766 if (params.ecsa_pos) 1767 hapd->cs_c_off_ecsa_proberesp = params.ecsa_pos - 1768 (u8 *) params.resp; 1769 #ifdef CONFIG_IEEE80211AX 1770 if (params.cca_pos) 1771 hapd->cca_c_off_proberesp = params.cca_pos - (u8 *) params.resp; 1772 #endif /* CONFIG_IEEE80211AX */ 1773 1774 return (u8 *) params.resp; 1775 } 1776 1777 #endif /* NEED_AP_MLME */ 1778 1779 1780 #ifdef CONFIG_IEEE80211AX 1781 /* Unsolicited broadcast Probe Response transmission, 6 GHz only */ hostapd_unsol_bcast_probe_resp(struct hostapd_data * hapd,struct unsol_bcast_probe_resp * ubpr)1782 u8 * hostapd_unsol_bcast_probe_resp(struct hostapd_data *hapd, 1783 struct unsol_bcast_probe_resp *ubpr) 1784 { 1785 struct probe_resp_params probe_params; 1786 1787 if (!is_6ghz_op_class(hapd->iconf->op_class)) 1788 return NULL; 1789 1790 ubpr->unsol_bcast_probe_resp_interval = 1791 hapd->conf->unsol_bcast_probe_resp_interval; 1792 1793 os_memset(&probe_params, 0, sizeof(probe_params)); 1794 probe_params.req = NULL; 1795 probe_params.is_p2p = false; 1796 probe_params.known_bss = NULL; 1797 probe_params.known_bss_len = 0; 1798 probe_params.mld_ap = NULL; 1799 probe_params.mld_info = NULL; 1800 1801 hostapd_gen_probe_resp(hapd, &probe_params); 1802 ubpr->unsol_bcast_probe_resp_tmpl_len = probe_params.resp_len; 1803 return (u8 *) probe_params.resp; 1804 } 1805 #endif /* CONFIG_IEEE80211AX */ 1806 1807 sta_track_del(struct hostapd_sta_info * info)1808 void sta_track_del(struct hostapd_sta_info *info) 1809 { 1810 #ifdef CONFIG_TAXONOMY 1811 wpabuf_free(info->probe_ie_taxonomy); 1812 info->probe_ie_taxonomy = NULL; 1813 #endif /* CONFIG_TAXONOMY */ 1814 os_free(info); 1815 } 1816 1817 1818 #ifdef CONFIG_FILS 1819 hostapd_gen_fils_discovery_phy_index(struct hostapd_data * hapd)1820 static u16 hostapd_gen_fils_discovery_phy_index(struct hostapd_data *hapd) 1821 { 1822 #ifdef CONFIG_IEEE80211BE 1823 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) 1824 return FD_CAP_PHY_INDEX_EHT; 1825 #endif /* CONFIG_IEEE80211BE */ 1826 1827 #ifdef CONFIG_IEEE80211AX 1828 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) 1829 return FD_CAP_PHY_INDEX_HE; 1830 #endif /* CONFIG_IEEE80211AX */ 1831 1832 #ifdef CONFIG_IEEE80211AC 1833 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) 1834 return FD_CAP_PHY_INDEX_VHT; 1835 #endif /* CONFIG_IEEE80211AC */ 1836 1837 if (hapd->iconf->ieee80211n && !hapd->conf->disable_11n) 1838 return FD_CAP_PHY_INDEX_HT; 1839 1840 return 0; 1841 } 1842 1843 hostapd_gen_fils_discovery_nss(struct hostapd_hw_modes * mode,u16 phy_index,u8 he_mcs_nss_size)1844 static u16 hostapd_gen_fils_discovery_nss(struct hostapd_hw_modes *mode, 1845 u16 phy_index, u8 he_mcs_nss_size) 1846 { 1847 u16 nss = 0; 1848 1849 if (!mode) 1850 return 0; 1851 1852 if (phy_index == FD_CAP_PHY_INDEX_HE) { 1853 const u8 *he_mcs = mode->he_capab[IEEE80211_MODE_AP].mcs; 1854 int i; 1855 u16 mcs[6]; 1856 1857 os_memset(mcs, 0xff, 6 * sizeof(u16)); 1858 1859 if (he_mcs_nss_size == 4) { 1860 mcs[0] = WPA_GET_LE16(&he_mcs[0]); 1861 mcs[1] = WPA_GET_LE16(&he_mcs[2]); 1862 } 1863 1864 if (he_mcs_nss_size == 8) { 1865 mcs[2] = WPA_GET_LE16(&he_mcs[4]); 1866 mcs[3] = WPA_GET_LE16(&he_mcs[6]); 1867 } 1868 1869 if (he_mcs_nss_size == 12) { 1870 mcs[4] = WPA_GET_LE16(&he_mcs[8]); 1871 mcs[5] = WPA_GET_LE16(&he_mcs[10]); 1872 } 1873 1874 for (i = 0; i < HE_NSS_MAX_STREAMS; i++) { 1875 u16 nss_mask = 0x3 << (i * 2); 1876 1877 /* 1878 * If Tx and/or Rx indicate support for a given NSS, 1879 * count it towards the maximum NSS. 1880 */ 1881 if (he_mcs_nss_size == 4 && 1882 (((mcs[0] & nss_mask) != nss_mask) || 1883 ((mcs[1] & nss_mask) != nss_mask))) { 1884 nss++; 1885 continue; 1886 } 1887 1888 if (he_mcs_nss_size == 8 && 1889 (((mcs[2] & nss_mask) != nss_mask) || 1890 ((mcs[3] & nss_mask) != nss_mask))) { 1891 nss++; 1892 continue; 1893 } 1894 1895 if (he_mcs_nss_size == 12 && 1896 (((mcs[4] & nss_mask) != nss_mask) || 1897 ((mcs[5] & nss_mask) != nss_mask))) { 1898 nss++; 1899 continue; 1900 } 1901 } 1902 } else if (phy_index == FD_CAP_PHY_INDEX_EHT) { 1903 u8 rx_nss, tx_nss, max_nss = 0, i; 1904 u8 *mcs = mode->eht_capab[IEEE80211_MODE_AP].mcs; 1905 1906 /* 1907 * The Supported EHT-MCS And NSS Set field for the AP contains 1908 * one to three EHT-MCS Map fields based on the supported 1909 * bandwidth. Check the first byte (max NSS for Rx/Tx that 1910 * supports EHT-MCS 0-9) for each bandwidth (<= 80, 1911 * 160, 320) to find the maximum NSS. This assumes that 1912 * the lowest MCS rates support the largest number of spatial 1913 * streams. If values are different between Tx, Rx or the 1914 * bandwidths, choose the highest value. 1915 */ 1916 for (i = 0; i < 3; i++) { 1917 rx_nss = mcs[3 * i] & 0x0F; 1918 if (rx_nss > max_nss) 1919 max_nss = rx_nss; 1920 1921 tx_nss = (mcs[3 * i] & 0xF0) >> 4; 1922 if (tx_nss > max_nss) 1923 max_nss = tx_nss; 1924 } 1925 1926 nss = max_nss; 1927 } 1928 1929 if (nss > 4) 1930 return FD_CAP_NSS_5_8 << FD_CAP_NSS_SHIFT; 1931 if (nss) 1932 return (nss - 1) << FD_CAP_NSS_SHIFT; 1933 1934 return 0; 1935 } 1936 1937 hostapd_fils_discovery_cap(struct hostapd_data * hapd)1938 static u16 hostapd_fils_discovery_cap(struct hostapd_data *hapd) 1939 { 1940 u16 cap_info, phy_index; 1941 u8 chwidth = FD_CAP_BSS_CHWIDTH_20, he_mcs_nss_size = 4; 1942 struct hostapd_hw_modes *mode = hapd->iface->current_mode; 1943 1944 cap_info = FD_CAP_ESS; 1945 if (hapd->conf->wpa) 1946 cap_info |= FD_CAP_PRIVACY; 1947 1948 if (is_6ghz_op_class(hapd->iconf->op_class)) { 1949 switch (hapd->iconf->op_class) { 1950 case 137: 1951 chwidth = FD_CAP_BSS_CHWIDTH_320; 1952 break; 1953 case 135: 1954 he_mcs_nss_size += 4; 1955 /* fallthrough */ 1956 case 134: 1957 he_mcs_nss_size += 4; 1958 chwidth = FD_CAP_BSS_CHWIDTH_160_80_80; 1959 break; 1960 case 133: 1961 chwidth = FD_CAP_BSS_CHWIDTH_80; 1962 break; 1963 case 132: 1964 chwidth = FD_CAP_BSS_CHWIDTH_40; 1965 break; 1966 } 1967 } else { 1968 switch (hostapd_get_oper_chwidth(hapd->iconf)) { 1969 case CONF_OPER_CHWIDTH_80P80MHZ: 1970 he_mcs_nss_size += 4; 1971 /* fallthrough */ 1972 case CONF_OPER_CHWIDTH_160MHZ: 1973 he_mcs_nss_size += 4; 1974 chwidth = FD_CAP_BSS_CHWIDTH_160_80_80; 1975 break; 1976 case CONF_OPER_CHWIDTH_80MHZ: 1977 chwidth = FD_CAP_BSS_CHWIDTH_80; 1978 break; 1979 case CONF_OPER_CHWIDTH_USE_HT: 1980 if (hapd->iconf->secondary_channel) 1981 chwidth = FD_CAP_BSS_CHWIDTH_40; 1982 else 1983 chwidth = FD_CAP_BSS_CHWIDTH_20; 1984 break; 1985 default: 1986 break; 1987 } 1988 } 1989 1990 phy_index = hostapd_gen_fils_discovery_phy_index(hapd); 1991 cap_info |= phy_index << FD_CAP_PHY_INDEX_SHIFT; 1992 cap_info |= chwidth << FD_CAP_BSS_CHWIDTH_SHIFT; 1993 cap_info |= hostapd_gen_fils_discovery_nss(mode, phy_index, 1994 he_mcs_nss_size); 1995 return cap_info; 1996 } 1997 1998 hostapd_gen_fils_discovery(struct hostapd_data * hapd,size_t * len)1999 static u8 * hostapd_gen_fils_discovery(struct hostapd_data *hapd, size_t *len) 2000 { 2001 struct ieee80211_mgmt *head; 2002 const u8 *mobility_domain; 2003 u8 *pos, *length_pos, buf[200]; 2004 u16 ctl = 0; 2005 u8 fd_rsn_info[5]; 2006 size_t total_len, buf_len; 2007 2008 total_len = 24 + 2 + 12; 2009 2010 /* FILS Discovery Frame Control */ 2011 ctl = (sizeof(hapd->conf->ssid.short_ssid) - 1) | 2012 FD_FRAME_CTL_SHORT_SSID_PRESENT | 2013 FD_FRAME_CTL_LENGTH_PRESENT | 2014 FD_FRAME_CTL_CAP_PRESENT; 2015 total_len += 4 + 1 + 2; 2016 2017 /* Fill primary channel information for 6 GHz channels with over 20 MHz 2018 * bandwidth, if the primary channel is not a PSC */ 2019 if (is_6ghz_op_class(hapd->iconf->op_class) && 2020 !is_6ghz_psc_frequency(ieee80211_chan_to_freq( 2021 NULL, hapd->iconf->op_class, 2022 hapd->iconf->channel)) && 2023 op_class_to_bandwidth(hapd->iconf->op_class) > 20) { 2024 ctl |= FD_FRAME_CTL_PRI_CHAN_PRESENT; 2025 total_len += 2; 2026 } 2027 2028 /* Check for optional subfields and calculate length */ 2029 if (wpa_auth_write_fd_rsn_info(hapd->wpa_auth, fd_rsn_info)) { 2030 ctl |= FD_FRAME_CTL_RSN_INFO_PRESENT; 2031 total_len += sizeof(fd_rsn_info); 2032 } 2033 2034 mobility_domain = hostapd_wpa_ie(hapd, WLAN_EID_MOBILITY_DOMAIN); 2035 if (mobility_domain) { 2036 ctl |= FD_FRAME_CTL_MD_PRESENT; 2037 total_len += 3; 2038 } 2039 2040 total_len += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_ACTION, true); 2041 2042 pos = hostapd_eid_fils_indic(hapd, buf, 0); 2043 buf_len = pos - buf; 2044 total_len += buf_len; 2045 2046 /* he_elem_len() may return too large a value for FD frame, but that is 2047 * fine here since this is used as the maximum length of the buffer. */ 2048 total_len += he_elem_len(hapd); 2049 2050 head = os_zalloc(total_len); 2051 if (!head) 2052 return NULL; 2053 2054 head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 2055 WLAN_FC_STYPE_ACTION); 2056 os_memset(head->da, 0xff, ETH_ALEN); 2057 os_memcpy(head->sa, hapd->own_addr, ETH_ALEN); 2058 os_memcpy(head->bssid, hapd->own_addr, ETH_ALEN); 2059 2060 head->u.action.category = WLAN_ACTION_PUBLIC; 2061 head->u.action.u.public_action.action = WLAN_PA_FILS_DISCOVERY; 2062 2063 pos = &head->u.action.u.public_action.variable[0]; 2064 2065 /* FILS Discovery Information field */ 2066 2067 /* FILS Discovery Frame Control */ 2068 WPA_PUT_LE16(pos, ctl); 2069 pos += 2; 2070 2071 /* Hardware or low-level driver will fill in the Timestamp value */ 2072 pos += 8; 2073 2074 /* Beacon Interval */ 2075 WPA_PUT_LE16(pos, hapd->iconf->beacon_int); 2076 pos += 2; 2077 2078 /* Short SSID */ 2079 WPA_PUT_LE32(pos, hapd->conf->ssid.short_ssid); 2080 pos += sizeof(hapd->conf->ssid.short_ssid); 2081 2082 /* Store position of FILS discovery information element Length field */ 2083 length_pos = pos++; 2084 2085 /* FD Capability */ 2086 WPA_PUT_LE16(pos, hostapd_fils_discovery_cap(hapd)); 2087 pos += 2; 2088 2089 /* Operating Class and Primary Channel - if a 6 GHz chan is non PSC */ 2090 if (ctl & FD_FRAME_CTL_PRI_CHAN_PRESENT) { 2091 *pos++ = hapd->iconf->op_class; 2092 *pos++ = hapd->iconf->channel; 2093 } 2094 2095 /* AP Configuration Sequence Number - not present */ 2096 2097 /* Access Network Options - not present */ 2098 2099 /* FD RSN Information */ 2100 if (ctl & FD_FRAME_CTL_RSN_INFO_PRESENT) { 2101 os_memcpy(pos, fd_rsn_info, sizeof(fd_rsn_info)); 2102 pos += sizeof(fd_rsn_info); 2103 } 2104 2105 /* Channel Center Frequency Segment 1 - not present */ 2106 2107 /* Mobility Domain */ 2108 if (ctl & FD_FRAME_CTL_MD_PRESENT) { 2109 os_memcpy(pos, &mobility_domain[2], 3); 2110 pos += 3; 2111 } 2112 2113 /* Fill in the Length field value */ 2114 *length_pos = pos - (length_pos + 1); 2115 2116 pos = hostapd_eid_rnr(hapd, pos, WLAN_FC_STYPE_ACTION, true); 2117 2118 /* FILS Indication element */ 2119 if (buf_len) { 2120 os_memcpy(pos, buf, buf_len); 2121 pos += buf_len; 2122 } 2123 2124 if (is_6ghz_op_class(hapd->iconf->op_class)) 2125 pos = hostapd_eid_txpower_envelope(hapd, pos); 2126 2127 *len = pos - (u8 *) head; 2128 wpa_hexdump(MSG_DEBUG, "FILS Discovery frame template", 2129 head, pos - (u8 *) head); 2130 return (u8 *) head; 2131 } 2132 2133 2134 /* Configure FILS Discovery frame transmission parameters */ hostapd_fils_discovery(struct hostapd_data * hapd,struct wpa_driver_ap_params * params)2135 static u8 * hostapd_fils_discovery(struct hostapd_data *hapd, 2136 struct wpa_driver_ap_params *params) 2137 { 2138 params->fd_max_int = hapd->conf->fils_discovery_max_int; 2139 if (is_6ghz_op_class(hapd->iconf->op_class) && 2140 params->fd_max_int > FD_MAX_INTERVAL_6GHZ) 2141 params->fd_max_int = FD_MAX_INTERVAL_6GHZ; 2142 2143 params->fd_min_int = hapd->conf->fils_discovery_min_int; 2144 if (params->fd_min_int > params->fd_max_int) 2145 params->fd_min_int = params->fd_max_int; 2146 2147 if (params->fd_max_int) 2148 return hostapd_gen_fils_discovery(hapd, 2149 ¶ms->fd_frame_tmpl_len); 2150 2151 return NULL; 2152 } 2153 2154 #endif /* CONFIG_FILS */ 2155 2156 ieee802_11_build_ap_params(struct hostapd_data * hapd,struct wpa_driver_ap_params * params)2157 int ieee802_11_build_ap_params(struct hostapd_data *hapd, 2158 struct wpa_driver_ap_params *params) 2159 { 2160 struct ieee80211_mgmt *head = NULL; 2161 u8 *tail = NULL; 2162 size_t head_len = 0, tail_len = 0; 2163 u8 *resp = NULL; 2164 size_t resp_len = 0; 2165 #ifdef NEED_AP_MLME 2166 u16 capab_info; 2167 u8 *pos, *tailpos, *tailend, *csa_pos; 2168 bool complete = false; 2169 #endif /* NEED_AP_MLME */ 2170 2171 os_memset(params, 0, sizeof(*params)); 2172 2173 #ifdef NEED_AP_MLME 2174 #define BEACON_HEAD_BUF_SIZE 256 2175 #define BEACON_TAIL_BUF_SIZE 1500 2176 head = os_zalloc(BEACON_HEAD_BUF_SIZE); 2177 tail_len = BEACON_TAIL_BUF_SIZE; 2178 #ifdef CONFIG_WPS 2179 if (hapd->conf->wps_state && hapd->wps_beacon_ie) 2180 tail_len += wpabuf_len(hapd->wps_beacon_ie); 2181 #endif /* CONFIG_WPS */ 2182 #ifdef CONFIG_P2P 2183 if (hapd->p2p_beacon_ie) 2184 tail_len += wpabuf_len(hapd->p2p_beacon_ie); 2185 #endif /* CONFIG_P2P */ 2186 #ifdef CONFIG_FST 2187 if (hapd->iface->fst_ies) 2188 tail_len += wpabuf_len(hapd->iface->fst_ies); 2189 #endif /* CONFIG_FST */ 2190 if (hapd->conf->vendor_elements) 2191 tail_len += wpabuf_len(hapd->conf->vendor_elements); 2192 2193 #ifdef CONFIG_IEEE80211AC 2194 if (hapd->conf->vendor_vht) { 2195 tail_len += 5 + 2 + sizeof(struct ieee80211_vht_capabilities) + 2196 2 + sizeof(struct ieee80211_vht_operation); 2197 } 2198 #endif /* CONFIG_IEEE80211AC */ 2199 2200 tail_len += he_elem_len(hapd); 2201 2202 #ifdef CONFIG_IEEE80211BE 2203 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) { 2204 tail_len += hostapd_eid_eht_capab_len(hapd, IEEE80211_MODE_AP); 2205 tail_len += 3 + sizeof(struct ieee80211_eht_operation); 2206 if (hapd->iconf->punct_bitmap) 2207 tail_len += EHT_OPER_DISABLED_SUBCHAN_BITMAP_SIZE; 2208 2209 /* 2210 * TODO: Multi-Link element has variable length and can be 2211 * long based on the common info and number of per 2212 * station profiles. For now use 256. 2213 */ 2214 if (hapd->conf->mld_ap) { 2215 tail_len += 256; 2216 2217 /* for Max Channel Switch Time element during channel 2218 * switch */ 2219 tail_len += 6; 2220 } 2221 } 2222 #endif /* CONFIG_IEEE80211BE */ 2223 2224 if (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED && 2225 hapd == hostapd_mbssid_get_tx_bss(hapd)) 2226 tail_len += 5; /* Multiple BSSID Configuration element */ 2227 tail_len += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_BEACON, true); 2228 tail_len += hostapd_mbo_ie_len(hapd); 2229 tail_len += hostapd_eid_owe_trans_len(hapd); 2230 tail_len += hostapd_eid_dpp_cc_len(hapd); 2231 tail_len += hostapd_get_rsne_override_len(hapd); 2232 tail_len += hostapd_get_rsne_override_2_len(hapd); 2233 tail_len += hostapd_get_rsnxe_override_len(hapd); 2234 2235 tailpos = tail = os_malloc(tail_len); 2236 if (head == NULL || tail == NULL) { 2237 wpa_printf(MSG_ERROR, "Failed to set beacon data"); 2238 os_free(head); 2239 os_free(tail); 2240 return -1; 2241 } 2242 tailend = tail + tail_len; 2243 2244 head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 2245 WLAN_FC_STYPE_BEACON); 2246 head->duration = host_to_le16(0); 2247 os_memset(head->da, 0xff, ETH_ALEN); 2248 2249 os_memcpy(head->sa, hapd->own_addr, ETH_ALEN); 2250 os_memcpy(head->bssid, hapd->own_addr, ETH_ALEN); 2251 head->u.beacon.beacon_int = 2252 host_to_le16(hapd->iconf->beacon_int); 2253 2254 /* hardware or low-level driver will setup seq_ctrl and timestamp */ 2255 capab_info = hostapd_own_capab_info(hapd); 2256 head->u.beacon.capab_info = host_to_le16(capab_info); 2257 pos = &head->u.beacon.variable[0]; 2258 2259 /* SSID */ 2260 *pos++ = WLAN_EID_SSID; 2261 if (hapd->conf->ignore_broadcast_ssid == 2) { 2262 /* clear the data, but keep the correct length of the SSID */ 2263 *pos++ = hapd->conf->ssid.ssid_len; 2264 os_memset(pos, 0, hapd->conf->ssid.ssid_len); 2265 pos += hapd->conf->ssid.ssid_len; 2266 } else if (hapd->conf->ignore_broadcast_ssid) { 2267 *pos++ = 0; /* empty SSID */ 2268 } else { 2269 *pos++ = hapd->conf->ssid.ssid_len; 2270 os_memcpy(pos, hapd->conf->ssid.ssid, 2271 hapd->conf->ssid.ssid_len); 2272 pos += hapd->conf->ssid.ssid_len; 2273 } 2274 2275 /* Supported rates */ 2276 pos = hostapd_eid_supp_rates(hapd, pos); 2277 2278 /* DS Params */ 2279 pos = hostapd_eid_ds_params(hapd, pos); 2280 2281 head_len = pos - (u8 *) head; 2282 2283 tailpos = hostapd_eid_country(hapd, tailpos, tailend - tailpos); 2284 2285 /* Power Constraint element */ 2286 tailpos = hostapd_eid_pwr_constraint(hapd, tailpos); 2287 2288 /* CSA IE */ 2289 csa_pos = hostapd_eid_csa(hapd, tailpos); 2290 if (csa_pos != tailpos) 2291 hapd->cs_c_off_beacon = csa_pos - tail - 1; 2292 tailpos = csa_pos; 2293 2294 /* ERP Information element */ 2295 tailpos = hostapd_eid_erp_info(hapd, tailpos); 2296 2297 /* Extended supported rates */ 2298 tailpos = hostapd_eid_ext_supp_rates(hapd, tailpos); 2299 2300 tailpos = hostapd_get_rsne(hapd, tailpos, tailend - tailpos); 2301 tailpos = hostapd_eid_bss_load(hapd, tailpos, tailend - tailpos); 2302 tailpos = hostapd_eid_rm_enabled_capab(hapd, tailpos, 2303 tailend - tailpos); 2304 tailpos = hostapd_get_mde(hapd, tailpos, tailend - tailpos); 2305 2306 /* eCSA IE */ 2307 csa_pos = hostapd_eid_ecsa(hapd, tailpos); 2308 if (csa_pos != tailpos) 2309 hapd->cs_c_off_ecsa_beacon = csa_pos - tail - 1; 2310 tailpos = csa_pos; 2311 2312 tailpos = hostapd_eid_supported_op_classes(hapd, tailpos); 2313 tailpos = hostapd_eid_ht_capabilities(hapd, tailpos); 2314 tailpos = hostapd_eid_ht_operation(hapd, tailpos); 2315 2316 if (hapd->iconf->mbssid && hapd->iconf->num_bss > 1) { 2317 if (ieee802_11_build_ap_params_mbssid(hapd, params)) { 2318 os_free(head); 2319 os_free(tail); 2320 wpa_printf(MSG_ERROR, 2321 "MBSSID: Failed to set beacon data"); 2322 return -1; 2323 } 2324 complete = hapd->iconf->mbssid == MBSSID_ENABLED || 2325 (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED && 2326 params->mbssid_elem_count == 1); 2327 } 2328 2329 tailpos = hostapd_eid_ext_capab(hapd, tailpos, complete); 2330 2331 /* 2332 * TODO: Time Advertisement element should only be included in some 2333 * DTIM Beacon frames. 2334 */ 2335 tailpos = hostapd_eid_time_adv(hapd, tailpos); 2336 2337 tailpos = hostapd_eid_interworking(hapd, tailpos); 2338 tailpos = hostapd_eid_adv_proto(hapd, tailpos); 2339 tailpos = hostapd_eid_roaming_consortium(hapd, tailpos); 2340 2341 #ifdef CONFIG_FST 2342 if (hapd->iface->fst_ies) { 2343 os_memcpy(tailpos, wpabuf_head(hapd->iface->fst_ies), 2344 wpabuf_len(hapd->iface->fst_ies)); 2345 tailpos += wpabuf_len(hapd->iface->fst_ies); 2346 } 2347 #endif /* CONFIG_FST */ 2348 2349 #ifdef CONFIG_IEEE80211AC 2350 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac && 2351 !is_6ghz_op_class(hapd->iconf->op_class)) { 2352 tailpos = hostapd_eid_vht_capabilities(hapd, tailpos, 0); 2353 tailpos = hostapd_eid_vht_operation(hapd, tailpos); 2354 tailpos = hostapd_eid_txpower_envelope(hapd, tailpos); 2355 } 2356 #endif /* CONFIG_IEEE80211AC */ 2357 2358 #ifdef CONFIG_IEEE80211AX 2359 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax && 2360 is_6ghz_op_class(hapd->iconf->op_class)) 2361 tailpos = hostapd_eid_txpower_envelope(hapd, tailpos); 2362 #endif /* CONFIG_IEEE80211AX */ 2363 2364 tailpos = hostapd_eid_chsw_wrapper(hapd, tailpos); 2365 2366 tailpos = hostapd_eid_rnr(hapd, tailpos, WLAN_FC_STYPE_BEACON, true); 2367 tailpos = hostapd_eid_fils_indic(hapd, tailpos, 0); 2368 2369 /* Max Channel Switch Time element */ 2370 tailpos = hostapd_eid_max_cs_time(hapd, tailpos); 2371 2372 tailpos = hostapd_get_rsnxe(hapd, tailpos, tailend - tailpos); 2373 tailpos = hostapd_eid_mbssid_config(hapd, tailpos, 2374 params->mbssid_elem_count); 2375 2376 #ifdef CONFIG_IEEE80211AX 2377 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) { 2378 u8 *cca_pos; 2379 2380 tailpos = hostapd_eid_he_capab(hapd, tailpos, 2381 IEEE80211_MODE_AP); 2382 tailpos = hostapd_eid_he_operation(hapd, tailpos); 2383 2384 /* BSS Color Change Announcement element */ 2385 cca_pos = hostapd_eid_cca(hapd, tailpos); 2386 if (cca_pos != tailpos) 2387 hapd->cca_c_off_beacon = cca_pos - tail - 2; 2388 tailpos = cca_pos; 2389 2390 tailpos = hostapd_eid_spatial_reuse(hapd, tailpos); 2391 tailpos = hostapd_eid_he_mu_edca_parameter_set(hapd, tailpos); 2392 tailpos = hostapd_eid_he_6ghz_band_cap(hapd, tailpos); 2393 } 2394 #endif /* CONFIG_IEEE80211AX */ 2395 2396 #ifdef CONFIG_IEEE80211BE 2397 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) { 2398 if (hapd->conf->mld_ap) 2399 tailpos = hostapd_eid_eht_ml_beacon(hapd, NULL, 2400 tailpos, false); 2401 tailpos = hostapd_eid_eht_capab(hapd, tailpos, 2402 IEEE80211_MODE_AP); 2403 tailpos = hostapd_eid_eht_operation(hapd, tailpos); 2404 } 2405 #endif /* CONFIG_IEEE80211BE */ 2406 2407 #ifdef CONFIG_IEEE80211AC 2408 if (hapd->conf->vendor_vht) 2409 tailpos = hostapd_eid_vendor_vht(hapd, tailpos); 2410 #endif /* CONFIG_IEEE80211AC */ 2411 2412 /* WPA */ 2413 tailpos = hostapd_get_wpa_ie(hapd, tailpos, tailend - tailpos); 2414 2415 /* Wi-Fi Alliance WMM */ 2416 tailpos = hostapd_eid_wmm(hapd, tailpos); 2417 2418 #ifdef CONFIG_WPS 2419 if (hapd->conf->wps_state && hapd->wps_beacon_ie) { 2420 os_memcpy(tailpos, wpabuf_head(hapd->wps_beacon_ie), 2421 wpabuf_len(hapd->wps_beacon_ie)); 2422 tailpos += wpabuf_len(hapd->wps_beacon_ie); 2423 } 2424 #endif /* CONFIG_WPS */ 2425 2426 #ifdef CONFIG_P2P 2427 if ((hapd->conf->p2p & P2P_ENABLED) && hapd->p2p_beacon_ie) { 2428 os_memcpy(tailpos, wpabuf_head(hapd->p2p_beacon_ie), 2429 wpabuf_len(hapd->p2p_beacon_ie)); 2430 tailpos += wpabuf_len(hapd->p2p_beacon_ie); 2431 } 2432 #endif /* CONFIG_P2P */ 2433 #ifdef CONFIG_P2P_MANAGER 2434 if ((hapd->conf->p2p & (P2P_MANAGE | P2P_ENABLED | P2P_GROUP_OWNER)) == 2435 P2P_MANAGE) 2436 tailpos = hostapd_eid_p2p_manage(hapd, tailpos); 2437 #endif /* CONFIG_P2P_MANAGER */ 2438 2439 #ifdef CONFIG_HS20 2440 tailpos = hostapd_eid_hs20_indication(hapd, tailpos); 2441 #endif /* CONFIG_HS20 */ 2442 2443 tailpos = hostapd_eid_mbo(hapd, tailpos, tail + tail_len - tailpos); 2444 tailpos = hostapd_eid_owe_trans(hapd, tailpos, 2445 tail + tail_len - tailpos); 2446 tailpos = hostapd_eid_dpp_cc(hapd, tailpos, tail + tail_len - tailpos); 2447 2448 tailpos = hostapd_get_rsne_override(hapd, tailpos, 2449 tail + tail_len - tailpos); 2450 tailpos = hostapd_get_rsne_override_2(hapd, tailpos, 2451 tail + tail_len - tailpos); 2452 tailpos = hostapd_get_rsnxe_override(hapd, tailpos, 2453 tail + tail_len - tailpos); 2454 2455 if (hapd->conf->vendor_elements) { 2456 os_memcpy(tailpos, wpabuf_head(hapd->conf->vendor_elements), 2457 wpabuf_len(hapd->conf->vendor_elements)); 2458 tailpos += wpabuf_len(hapd->conf->vendor_elements); 2459 } 2460 2461 tail_len = tailpos > tail ? tailpos - tail : 0; 2462 2463 resp = hostapd_probe_resp_offloads(hapd, &resp_len); 2464 #endif /* NEED_AP_MLME */ 2465 2466 /* If key management offload is enabled, configure PSK to the driver. */ 2467 if (wpa_key_mgmt_wpa_psk_no_sae(hapd->conf->wpa_key_mgmt) && 2468 (hapd->iface->drv_flags2 & 2469 WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK)) { 2470 if (hapd->conf->ssid.wpa_psk && hapd->conf->ssid.wpa_psk_set) { 2471 os_memcpy(params->psk, hapd->conf->ssid.wpa_psk->psk, 2472 PMK_LEN); 2473 params->psk_len = PMK_LEN; 2474 } else if (hapd->conf->ssid.wpa_passphrase && 2475 pbkdf2_sha1(hapd->conf->ssid.wpa_passphrase, 2476 hapd->conf->ssid.ssid, 2477 hapd->conf->ssid.ssid_len, 4096, 2478 params->psk, PMK_LEN) == 0) { 2479 params->psk_len = PMK_LEN; 2480 } 2481 } 2482 2483 #ifdef CONFIG_SAE 2484 /* If SAE offload is enabled, provide password to lower layer for 2485 * SAE authentication and PMK generation. 2486 */ 2487 if (wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt | 2488 hapd->conf->rsn_override_key_mgmt | 2489 hapd->conf->rsn_override_key_mgmt_2) && 2490 (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP)) { 2491 if (hostapd_sae_pk_in_use(hapd->conf)) { 2492 wpa_printf(MSG_ERROR, 2493 "SAE PK not supported with SAE offload"); 2494 return -1; 2495 } 2496 2497 if (hostapd_sae_pw_id_in_use(hapd->conf)) { 2498 wpa_printf(MSG_ERROR, 2499 "SAE Password Identifiers not supported with SAE offload"); 2500 return -1; 2501 } 2502 2503 params->sae_password = sae_get_password(hapd, NULL, NULL, NULL, 2504 NULL, NULL); 2505 if (!params->sae_password) { 2506 wpa_printf(MSG_ERROR, "SAE password not configured for offload"); 2507 return -1; 2508 } 2509 } 2510 #endif /* CONFIG_SAE */ 2511 2512 params->head = (u8 *) head; 2513 params->head_len = head_len; 2514 params->tail = tail; 2515 params->tail_len = tail_len; 2516 params->proberesp = resp; 2517 params->proberesp_len = resp_len; 2518 params->dtim_period = hapd->conf->dtim_period; 2519 params->beacon_int = hapd->iconf->beacon_int; 2520 params->basic_rates = hapd->iface->basic_rates; 2521 params->beacon_rate = hapd->iconf->beacon_rate; 2522 params->rate_type = hapd->iconf->rate_type; 2523 params->ssid = hapd->conf->ssid.ssid; 2524 params->ssid_len = hapd->conf->ssid.ssid_len; 2525 if ((hapd->conf->wpa & (WPA_PROTO_WPA | WPA_PROTO_RSN)) == 2526 (WPA_PROTO_WPA | WPA_PROTO_RSN)) 2527 params->pairwise_ciphers = hapd->conf->wpa_pairwise | 2528 hapd->conf->rsn_pairwise; 2529 else if (hapd->conf->wpa & WPA_PROTO_RSN) 2530 params->pairwise_ciphers = hapd->conf->rsn_pairwise; 2531 else if (hapd->conf->wpa & WPA_PROTO_WPA) 2532 params->pairwise_ciphers = hapd->conf->wpa_pairwise; 2533 params->group_cipher = hapd->conf->wpa_group; 2534 params->key_mgmt_suites = hapd->conf->wpa_key_mgmt | 2535 hapd->conf->rsn_override_key_mgmt | 2536 hapd->conf->rsn_override_key_mgmt_2; 2537 params->auth_algs = hapd->conf->auth_algs; 2538 params->wpa_version = hapd->conf->wpa; 2539 params->privacy = hapd->conf->wpa; 2540 #ifdef CONFIG_WEP 2541 params->privacy |= hapd->conf->ssid.wep.keys_set || 2542 (hapd->conf->ieee802_1x && 2543 (hapd->conf->default_wep_key_len || 2544 hapd->conf->individual_wep_key_len)); 2545 #endif /* CONFIG_WEP */ 2546 switch (hapd->conf->ignore_broadcast_ssid) { 2547 case 0: 2548 params->hide_ssid = NO_SSID_HIDING; 2549 break; 2550 case 1: 2551 params->hide_ssid = HIDDEN_SSID_ZERO_LEN; 2552 break; 2553 case 2: 2554 params->hide_ssid = HIDDEN_SSID_ZERO_CONTENTS; 2555 break; 2556 } 2557 params->isolate = hapd->conf->isolate; 2558 #ifdef NEED_AP_MLME 2559 params->cts_protect = !!(ieee802_11_erp_info(hapd) & 2560 ERP_INFO_USE_PROTECTION); 2561 params->preamble = hapd->iface->num_sta_no_short_preamble == 0 && 2562 hapd->iconf->preamble == SHORT_PREAMBLE; 2563 if (hapd->iface->current_mode && 2564 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 2565 params->short_slot_time = 2566 hapd->iface->num_sta_no_short_slot_time > 0 ? 0 : 1; 2567 else 2568 params->short_slot_time = -1; 2569 if (!hapd->iconf->ieee80211n || hapd->conf->disable_11n) 2570 params->ht_opmode = -1; 2571 else 2572 params->ht_opmode = hapd->iface->ht_op_mode; 2573 #endif /* NEED_AP_MLME */ 2574 params->interworking = hapd->conf->interworking; 2575 if (hapd->conf->interworking && 2576 !is_zero_ether_addr(hapd->conf->hessid)) 2577 params->hessid = hapd->conf->hessid; 2578 params->access_network_type = hapd->conf->access_network_type; 2579 params->ap_max_inactivity = hapd->conf->ap_max_inactivity; 2580 #ifdef CONFIG_P2P 2581 params->p2p_go_ctwindow = hapd->iconf->p2p_go_ctwindow; 2582 #endif /* CONFIG_P2P */ 2583 #ifdef CONFIG_HS20 2584 params->disable_dgaf = hapd->conf->disable_dgaf; 2585 #endif /* CONFIG_HS20 */ 2586 params->multicast_to_unicast = hapd->conf->multicast_to_unicast; 2587 params->pbss = hapd->conf->pbss; 2588 2589 if (hapd->conf->ftm_responder) { 2590 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_FTM_RESPONDER) { 2591 params->ftm_responder = 1; 2592 params->lci = hapd->iface->conf->lci; 2593 params->civic = hapd->iface->conf->civic; 2594 } else { 2595 wpa_printf(MSG_WARNING, 2596 "Not configuring FTM responder as the driver doesn't advertise support for it"); 2597 } 2598 } 2599 2600 #ifdef CONFIG_IEEE80211BE 2601 if (hapd->conf->mld_ap && hapd->iconf->ieee80211be && 2602 !hapd->conf->disable_11be) { 2603 params->mld_ap = true; 2604 params->mld_link_id = hapd->mld_link_id; 2605 } 2606 #endif /* CONFIG_IEEE80211BE */ 2607 2608 return 0; 2609 } 2610 2611 ieee802_11_free_ap_params(struct wpa_driver_ap_params * params)2612 void ieee802_11_free_ap_params(struct wpa_driver_ap_params *params) 2613 { 2614 os_free(params->tail); 2615 params->tail = NULL; 2616 os_free(params->head); 2617 params->head = NULL; 2618 os_free(params->proberesp); 2619 params->proberesp = NULL; 2620 os_free(params->mbssid_elem); 2621 params->mbssid_elem = NULL; 2622 os_free(params->mbssid_elem_offset); 2623 params->mbssid_elem_offset = NULL; 2624 os_free(params->rnr_elem); 2625 params->rnr_elem = NULL; 2626 os_free(params->rnr_elem_offset); 2627 params->rnr_elem_offset = NULL; 2628 #ifdef CONFIG_FILS 2629 os_free(params->fd_frame_tmpl); 2630 params->fd_frame_tmpl = NULL; 2631 #endif /* CONFIG_FILS */ 2632 #ifdef CONFIG_IEEE80211AX 2633 os_free(params->ubpr.unsol_bcast_probe_resp_tmpl); 2634 params->ubpr.unsol_bcast_probe_resp_tmpl = NULL; 2635 #endif /* CONFIG_IEEE80211AX */ 2636 os_free(params->allowed_freqs); 2637 params->allowed_freqs = NULL; 2638 } 2639 2640 __ieee802_11_set_beacon(struct hostapd_data * hapd)2641 static int __ieee802_11_set_beacon(struct hostapd_data *hapd) 2642 { 2643 struct wpa_driver_ap_params params; 2644 struct hostapd_freq_params freq; 2645 struct hostapd_iface *iface = hapd->iface; 2646 struct hostapd_config *iconf = iface->conf; 2647 struct hostapd_hw_modes *cmode = iface->current_mode; 2648 struct wpabuf *beacon, *proberesp, *assocresp; 2649 bool twt_he_responder = false; 2650 int res, ret = -1, i; 2651 struct hostapd_hw_modes *mode; 2652 2653 if (!hapd->drv_priv) { 2654 wpa_printf(MSG_ERROR, "Interface is disabled"); 2655 return -1; 2656 } 2657 2658 if (hapd->csa_in_progress) { 2659 wpa_printf(MSG_ERROR, "Cannot set beacons during CSA period"); 2660 return -1; 2661 } 2662 2663 hapd->beacon_set_done = 1; 2664 2665 if (ieee802_11_build_ap_params(hapd, ¶ms) < 0) 2666 return -1; 2667 2668 if (hostapd_build_ap_extra_ies(hapd, &beacon, &proberesp, &assocresp) < 2669 0) 2670 goto fail; 2671 2672 params.beacon_ies = beacon; 2673 params.proberesp_ies = proberesp; 2674 params.assocresp_ies = assocresp; 2675 params.reenable = hapd->reenable_beacon; 2676 #ifdef CONFIG_IEEE80211AX 2677 params.he_spr_ctrl = hapd->iface->conf->spr.sr_control; 2678 params.he_spr_non_srg_obss_pd_max_offset = 2679 hapd->iface->conf->spr.non_srg_obss_pd_max_offset; 2680 params.he_spr_srg_obss_pd_min_offset = 2681 hapd->iface->conf->spr.srg_obss_pd_min_offset; 2682 params.he_spr_srg_obss_pd_max_offset = 2683 hapd->iface->conf->spr.srg_obss_pd_max_offset; 2684 os_memcpy(params.he_spr_bss_color_bitmap, 2685 hapd->iface->conf->spr.srg_bss_color_bitmap, 8); 2686 os_memcpy(params.he_spr_partial_bssid_bitmap, 2687 hapd->iface->conf->spr.srg_partial_bssid_bitmap, 8); 2688 params.he_bss_color_disabled = 2689 hapd->iface->conf->he_op.he_bss_color_disabled; 2690 params.he_bss_color_partial = 2691 hapd->iface->conf->he_op.he_bss_color_partial; 2692 params.he_bss_color = hapd->iface->conf->he_op.he_bss_color; 2693 twt_he_responder = hostapd_get_he_twt_responder(hapd, 2694 IEEE80211_MODE_AP); 2695 params.ubpr.unsol_bcast_probe_resp_tmpl = 2696 hostapd_unsol_bcast_probe_resp(hapd, ¶ms.ubpr); 2697 #endif /* CONFIG_IEEE80211AX */ 2698 params.twt_responder = 2699 twt_he_responder || hostapd_get_ht_vht_twt_responder(hapd); 2700 hapd->reenable_beacon = 0; 2701 #ifdef CONFIG_SAE 2702 params.sae_pwe = hapd->conf->sae_pwe; 2703 #endif /* CONFIG_SAE */ 2704 2705 #ifdef CONFIG_FILS 2706 params.fd_frame_tmpl = hostapd_fils_discovery(hapd, ¶ms); 2707 #endif /* CONFIG_FILS */ 2708 2709 #ifdef CONFIG_IEEE80211BE 2710 params.punct_bitmap = iconf->punct_bitmap; 2711 #endif /* CONFIG_IEEE80211BE */ 2712 2713 if (cmode && 2714 hostapd_set_freq_params(&freq, iconf->hw_mode, iface->freq, 2715 iconf->channel, iconf->enable_edmg, 2716 iconf->edmg_channel, iconf->ieee80211n, 2717 iconf->ieee80211ac, iconf->ieee80211ax, 2718 iconf->ieee80211be, 2719 iconf->secondary_channel, 2720 hostapd_get_oper_chwidth(iconf), 2721 hostapd_get_oper_centr_freq_seg0_idx(iconf), 2722 hostapd_get_oper_centr_freq_seg1_idx(iconf), 2723 cmode->vht_capab, 2724 &cmode->he_capab[IEEE80211_MODE_AP], 2725 &cmode->eht_capab[IEEE80211_MODE_AP], 2726 hostapd_get_punct_bitmap(hapd)) == 0) { 2727 freq.link_id = -1; 2728 #ifdef CONFIG_IEEE80211BE 2729 if (hapd->conf->mld_ap) 2730 freq.link_id = hapd->mld_link_id; 2731 #endif /* CONFIG_IEEE80211BE */ 2732 params.freq = &freq; 2733 } 2734 2735 for (i = 0; i < hapd->iface->num_hw_features; i++) { 2736 mode = &hapd->iface->hw_features[i]; 2737 2738 if (iconf->hw_mode != HOSTAPD_MODE_IEEE80211ANY && 2739 iconf->hw_mode != mode->mode) 2740 continue; 2741 2742 hostapd_get_hw_mode_any_channels(hapd, mode, 2743 !(iconf->acs_freq_list.num || 2744 iconf->acs_ch_list.num), 2745 true, ¶ms.allowed_freqs); 2746 } 2747 2748 res = hostapd_drv_set_ap(hapd, ¶ms); 2749 hostapd_free_ap_extra_ies(hapd, beacon, proberesp, assocresp); 2750 if (res) 2751 wpa_printf(MSG_ERROR, "Failed to set beacon parameters"); 2752 else 2753 ret = 0; 2754 fail: 2755 ieee802_11_free_ap_params(¶ms); 2756 return ret; 2757 } 2758 2759 ieee802_11_set_beacon_per_bss_only(struct hostapd_data * hapd)2760 void ieee802_11_set_beacon_per_bss_only(struct hostapd_data *hapd) 2761 { 2762 __ieee802_11_set_beacon(hapd); 2763 } 2764 2765 2766 #ifdef CONFIG_IEEE80211BE 2767 hostapd_get_probe_resp_tmpl(struct hostapd_data * hapd,struct probe_resp_params * params,bool is_ml_sta_info)2768 static int hostapd_get_probe_resp_tmpl(struct hostapd_data *hapd, 2769 struct probe_resp_params *params, 2770 bool is_ml_sta_info) 2771 { 2772 os_memset(params, 0, sizeof(*params)); 2773 hostapd_gen_probe_resp(hapd, params); 2774 if (!params->resp) 2775 return -1; 2776 2777 /* The caller takes care of freeing params->resp. */ 2778 return 0; 2779 } 2780 2781 is_restricted_eid_in_sta_profile(u8 eid,bool tx_vap)2782 static bool is_restricted_eid_in_sta_profile(u8 eid, bool tx_vap) 2783 { 2784 switch (eid) { 2785 case WLAN_EID_TIM: 2786 case WLAN_EID_BSS_MAX_IDLE_PERIOD: 2787 case WLAN_EID_MULTIPLE_BSSID: 2788 case WLAN_EID_REDUCED_NEIGHBOR_REPORT: 2789 case WLAN_EID_NEIGHBOR_REPORT: 2790 return true; 2791 case WLAN_EID_SSID: 2792 /* SSID is not restricted for non-transmitted BSSID */ 2793 return tx_vap; 2794 default: 2795 return false; 2796 } 2797 } 2798 2799 is_restricted_ext_eid_in_sta_profile(u8 ext_id)2800 static bool is_restricted_ext_eid_in_sta_profile(u8 ext_id) 2801 { 2802 switch (ext_id) { 2803 case WLAN_EID_EXT_MULTI_LINK: 2804 return true; 2805 default: 2806 return false; 2807 } 2808 } 2809 2810 2811 /* Create the link STA profiles based on inheritance from the reporting 2812 * profile. 2813 * 2814 * NOTE: The same function is used for length calculation as well as filling 2815 * data in the given buffer. This avoids risk of not updating the length 2816 * function but filling function or vice versa. 2817 */ hostapd_add_sta_profile(struct ieee80211_mgmt * link_fdata,size_t link_data_len,struct ieee80211_mgmt * own_fdata,size_t own_data_len,u8 * sta_profile,bool tx_vap)2818 static size_t hostapd_add_sta_profile(struct ieee80211_mgmt *link_fdata, 2819 size_t link_data_len, 2820 struct ieee80211_mgmt *own_fdata, 2821 size_t own_data_len, 2822 u8 *sta_profile, bool tx_vap) 2823 { 2824 const struct element *link_elem; 2825 size_t sta_profile_len = 0; 2826 const u8 *link_elem_data; 2827 u8 link_ele_len; 2828 u8 *link_data; 2829 const struct element *own_elem; 2830 u8 link_eid, own_eid, own_ele_len; 2831 const u8 *own_elem_data; 2832 u8 *own_data; 2833 bool is_ext; 2834 bool ie_found; 2835 u8 non_inherit_ele_ext_list[256] = { 0 }; 2836 u8 non_inherit_ele_ext_list_len = 0; 2837 u8 non_inherit_ele_list[256] = { 0 }; 2838 u8 non_inherit_ele_list_len = 0; 2839 u8 num_link_elem_vendor_ies = 0, num_own_elem_vendor_ies = 0; 2840 bool add_vendor_ies = false, is_identical_vendor_ies = true; 2841 /* The bitmap of parsed EIDs. There are 256 EIDs and ext EIDs, so 32 2842 * bytes to store the bitmaps. */ 2843 u8 parsed_eid_bmap[32] = { 0 }, parsed_ext_eid_bmap[32] = { 0 }; 2844 /* extra len used in the logic includes the element id and len */ 2845 u8 extra_len = 2; 2846 2847 /* Include len for capab info */ 2848 sta_profile_len += sizeof(le16); 2849 if (sta_profile) { 2850 os_memcpy(sta_profile, &link_fdata->u.probe_resp.capab_info, 2851 sizeof(le16)); 2852 sta_profile += sizeof(le16); 2853 } 2854 2855 own_data = own_fdata->u.probe_resp.variable; 2856 link_data = link_fdata->u.probe_resp.variable; 2857 2858 /* The below logic takes the reporting BSS data and reported BSS data 2859 * and performs intersection to build the STA profile of the reported 2860 * BSS. Certain elements are not added to the STA profile as 2861 * recommended in standard. Matching element information in the 2862 * reporting BSS profile are ignored in the STA profile. Remaining 2863 * elements pertaining to the STA profile are appended at the end. */ 2864 for_each_element(own_elem, own_data, own_data_len) { 2865 is_ext = false; 2866 ie_found = false; 2867 2868 /* Pick one of own elements and get its EID and length */ 2869 own_elem_data = own_elem->data; 2870 own_ele_len = own_elem->datalen; 2871 2872 if (own_elem->id == WLAN_EID_EXTENSION) { 2873 is_ext = true; 2874 own_eid = *(own_elem_data); 2875 if (is_restricted_ext_eid_in_sta_profile(own_eid)) 2876 continue; 2877 } else { 2878 own_eid = own_elem->id; 2879 if (is_restricted_eid_in_sta_profile(own_eid, tx_vap)) 2880 continue; 2881 } 2882 2883 for_each_element(link_elem, link_data, link_data_len) { 2884 /* If the element type mismatches, do not consider 2885 * this link element for comparison. */ 2886 if ((link_elem->id == WLAN_EID_EXTENSION && 2887 !is_ext) || 2888 (is_ext && link_elem->id != WLAN_EID_EXTENSION)) 2889 continue; 2890 2891 /* Comparison can be done so get the link element and 2892 * its EID and length. */ 2893 link_elem_data = link_elem->data; 2894 link_ele_len = link_elem->datalen; 2895 2896 if (link_elem->id == WLAN_EID_EXTENSION) 2897 link_eid = *(link_elem_data); 2898 else 2899 link_eid = link_elem->id; 2900 2901 /* Ignore if EID does not match */ 2902 if (own_eid != link_eid) 2903 continue; 2904 2905 ie_found = true; 2906 2907 /* Ignore if the contents is identical. */ 2908 if (own_ele_len == link_ele_len && 2909 os_memcmp(own_elem->data, link_elem->data, 2910 own_ele_len) == 0) { 2911 if (own_eid == WLAN_EID_VENDOR_SPECIFIC) { 2912 is_identical_vendor_ies = true; 2913 num_own_elem_vendor_ies++; 2914 } 2915 2916 /* Update the parsed EIDs bitmap */ 2917 if (is_ext) 2918 parsed_ext_eid_bmap[own_eid / 8] |= 2919 BIT(own_eid % 8); 2920 else 2921 parsed_eid_bmap[own_eid / 8] |= 2922 BIT(own_eid % 8); 2923 break; 2924 } 2925 2926 /* No need to include this non-matching Vendor Specific 2927 * element explicitly at this point. */ 2928 if (own_eid == WLAN_EID_VENDOR_SPECIFIC) { 2929 is_identical_vendor_ies = false; 2930 continue; 2931 } 2932 2933 /* This element is present in the reported profile 2934 * as well as present in the reporting profile. 2935 * However, there is a mismatch in the contents and 2936 * hence, include this in the per STA profile. */ 2937 sta_profile_len += link_ele_len + extra_len; 2938 if (sta_profile) { 2939 os_memcpy(sta_profile, 2940 link_elem->data - extra_len, 2941 link_ele_len + extra_len); 2942 sta_profile += link_ele_len + extra_len; 2943 } 2944 2945 /* Update the parsed EIDs bitmap */ 2946 if (is_ext) 2947 parsed_ext_eid_bmap[own_eid / 8] |= 2948 BIT(own_eid % 8); 2949 else 2950 parsed_eid_bmap[own_eid / 8] |= 2951 BIT(own_eid % 8); 2952 break; 2953 } 2954 2955 /* We found at least one Vendor Specific element in reporting 2956 * link which is not same (or present) in the reported link. We 2957 * need to include all Vendor Specific elements from the 2958 * reported link. */ 2959 if (!is_identical_vendor_ies) 2960 add_vendor_ies = true; 2961 2962 /* This is a unique element in the reporting profile which is 2963 * not present in the reported profile. Update the 2964 * non-inheritance list. */ 2965 if (!ie_found) { 2966 u8 idx; 2967 2968 if (is_ext) { 2969 idx = non_inherit_ele_ext_list_len++; 2970 non_inherit_ele_ext_list[idx] = own_eid; 2971 } else { 2972 idx = non_inherit_ele_list_len++; 2973 non_inherit_ele_list[idx] = own_eid; 2974 } 2975 } 2976 } 2977 2978 /* Parse the remaining elements in the reported profile */ 2979 for_each_element(link_elem, link_data, link_data_len) { 2980 link_elem_data = link_elem->data; 2981 link_ele_len = link_elem->datalen; 2982 2983 /* No need to check this Vendor Specific element at this point. 2984 * Just take the count and continue. */ 2985 if (link_elem->id == WLAN_EID_VENDOR_SPECIFIC) { 2986 num_link_elem_vendor_ies++; 2987 continue; 2988 } 2989 2990 if (link_elem->id == WLAN_EID_EXTENSION) { 2991 link_eid = *(link_elem_data); 2992 2993 if ((parsed_ext_eid_bmap[link_eid / 8] & 2994 BIT(link_eid % 8)) || 2995 is_restricted_ext_eid_in_sta_profile(link_eid)) 2996 continue; 2997 } else { 2998 link_eid = link_elem->id; 2999 3000 if ((parsed_eid_bmap[link_eid / 8] & 3001 BIT(link_eid % 8)) || 3002 is_restricted_eid_in_sta_profile(link_eid, tx_vap)) 3003 continue; 3004 } 3005 3006 sta_profile_len += link_ele_len + extra_len; 3007 if (sta_profile) { 3008 os_memcpy(sta_profile, link_elem_data - extra_len, 3009 link_ele_len + extra_len); 3010 sta_profile += link_ele_len + extra_len; 3011 } 3012 } 3013 3014 /* Handle Vendor Specific elements 3015 * Add all the Vendor Specific elements of the reported link if 3016 * a. There is at least one non-matching Vendor Specific element, or 3017 * b. The number of Vendor Specific elements in reporting and reported 3018 * link is not same. */ 3019 if (add_vendor_ies || 3020 num_own_elem_vendor_ies != num_link_elem_vendor_ies) { 3021 for_each_element(link_elem, link_data, link_data_len) { 3022 link_elem_data = link_elem->data; 3023 link_ele_len = link_elem->datalen; 3024 3025 if (link_elem->id != WLAN_EID_VENDOR_SPECIFIC) 3026 continue; 3027 3028 sta_profile_len += link_ele_len + extra_len; 3029 if (sta_profile) { 3030 os_memcpy(sta_profile, 3031 link_elem_data - extra_len, 3032 link_ele_len + extra_len); 3033 sta_profile += link_ele_len + extra_len; 3034 } 3035 } 3036 } 3037 3038 /* Handle non-inheritance 3039 * Non-Inheritance element: 3040 * Element ID Ext: 1 octet 3041 * Length: 1 octet 3042 * Ext tag number: 1 octet 3043 * Length of Elements ID list: 1 octet 3044 * Elements ID list: variable 3045 * Length of Elements ID Extension list: 1 octet 3046 * Elements ID extensions list: variable 3047 */ 3048 if (non_inherit_ele_list_len || non_inherit_ele_ext_list_len) 3049 sta_profile_len += 3 + 2 + non_inherit_ele_list_len + 3050 non_inherit_ele_ext_list_len; 3051 3052 if (sta_profile && 3053 (non_inherit_ele_list_len || non_inherit_ele_ext_list_len)) { 3054 *sta_profile++ = WLAN_EID_EXTENSION; 3055 *sta_profile++ = non_inherit_ele_list_len + 3056 non_inherit_ele_ext_list_len + 3; 3057 *sta_profile++ = WLAN_EID_EXT_NON_INHERITANCE; 3058 *sta_profile++ = non_inherit_ele_list_len; 3059 os_memcpy(sta_profile, non_inherit_ele_list, 3060 non_inherit_ele_list_len); 3061 sta_profile += non_inherit_ele_list_len; 3062 *sta_profile++ = non_inherit_ele_ext_list_len; 3063 os_memcpy(sta_profile, non_inherit_ele_ext_list, 3064 non_inherit_ele_ext_list_len); 3065 sta_profile += non_inherit_ele_ext_list_len; 3066 } 3067 3068 return sta_profile_len; 3069 } 3070 3071 hostapd_gen_sta_profile(struct ieee80211_mgmt * link_data,size_t link_data_len,struct ieee80211_mgmt * own_data,size_t own_data_len,size_t * sta_profile_len,bool tx_vap)3072 static u8 * hostapd_gen_sta_profile(struct ieee80211_mgmt *link_data, 3073 size_t link_data_len, 3074 struct ieee80211_mgmt *own_data, 3075 size_t own_data_len, 3076 size_t *sta_profile_len, bool tx_vap) 3077 { 3078 u8 *sta_profile; 3079 3080 /* Get the length first */ 3081 *sta_profile_len = hostapd_add_sta_profile(link_data, link_data_len, 3082 own_data, own_data_len, 3083 NULL, tx_vap); 3084 if (!(*sta_profile_len) || *sta_profile_len > EHT_ML_MAX_STA_PROF_LEN) 3085 return NULL; 3086 3087 sta_profile = os_zalloc(*sta_profile_len); 3088 if (!sta_profile) 3089 return NULL; 3090 3091 /* Now fill in the data */ 3092 hostapd_add_sta_profile(link_data, link_data_len, own_data, 3093 own_data_len, sta_profile, tx_vap); 3094 3095 /* The caller takes care of freeing the returned sta_profile */ 3096 return sta_profile; 3097 } 3098 3099 hostapd_gen_per_sta_profiles(struct hostapd_data * hapd)3100 static void hostapd_gen_per_sta_profiles(struct hostapd_data *hapd) 3101 { 3102 bool tx_vap = hapd == hostapd_mbssid_get_tx_bss(hapd); 3103 size_t link_data_len, sta_profile_len; 3104 size_t own_data_len, fixed; 3105 struct probe_resp_params link_params; 3106 struct probe_resp_params own_params; 3107 struct ieee80211_mgmt *link_data; 3108 struct ieee80211_mgmt *own_data; 3109 struct mld_link_info *link_info; 3110 struct hostapd_data *link_bss; 3111 u8 link_id, *sta_profile; 3112 3113 if (!hapd->conf->mld_ap) 3114 return; 3115 3116 wpa_printf(MSG_DEBUG, "MLD: Generating per STA profiles for MLD %s", 3117 hapd->conf->iface); 3118 3119 wpa_printf(MSG_DEBUG, "MLD: Reporting link %d", hapd->mld_link_id); 3120 3121 /* Generate a Probe Response template for self */ 3122 if (hostapd_get_probe_resp_tmpl(hapd, &own_params, false)) { 3123 wpa_printf(MSG_ERROR, 3124 "MLD: Error in building per STA profiles"); 3125 return; 3126 } 3127 3128 own_data = own_params.resp; 3129 own_data_len = own_params.resp_len; 3130 3131 /* Consider the length of the variable fields */ 3132 fixed = offsetof(struct ieee80211_mgmt, u.probe_resp.variable); 3133 if (own_data_len < fixed) 3134 goto fail; 3135 own_data_len -= fixed; 3136 3137 for_each_mld_link(link_bss, hapd) { 3138 if (link_bss == hapd || !link_bss->started) 3139 continue; 3140 3141 link_id = link_bss->mld_link_id; 3142 if (link_id >= MAX_NUM_MLD_LINKS) 3143 continue; 3144 3145 sta_profile = NULL; 3146 sta_profile_len = 0; 3147 3148 /* Generate a Probe Response frame template for partner link */ 3149 if (hostapd_get_probe_resp_tmpl(link_bss, &link_params, true)) { 3150 wpa_printf(MSG_ERROR, 3151 "MLD: Could not get link STA probe response template for link %d", 3152 link_id); 3153 continue; 3154 } 3155 3156 link_data = link_params.resp; 3157 link_data_len = link_params.resp_len; 3158 3159 /* Consider length of the variable fields */ 3160 fixed = offsetof(struct ieee80211_mgmt, u.probe_resp.variable); 3161 if (link_data_len < fixed) 3162 continue; 3163 link_data_len -= fixed; 3164 3165 sta_profile = hostapd_gen_sta_profile(link_data, link_data_len, 3166 own_data, own_data_len, 3167 &sta_profile_len, tx_vap); 3168 if (!sta_profile) { 3169 wpa_printf(MSG_ERROR, 3170 "MLD: Could not generate link STA profile for link %d", 3171 link_id); 3172 continue; 3173 } 3174 3175 link_info = &hapd->partner_links[link_id]; 3176 link_info->valid = true; 3177 3178 os_free(link_info->resp_sta_profile); 3179 link_info->resp_sta_profile_len = sta_profile_len; 3180 3181 link_info->resp_sta_profile = os_memdup(sta_profile, 3182 sta_profile_len); 3183 if (!link_info->resp_sta_profile) 3184 link_info->resp_sta_profile_len = 0; 3185 3186 os_memcpy(link_info->local_addr, link_bss->own_addr, ETH_ALEN); 3187 3188 wpa_printf(MSG_DEBUG, 3189 "MLD: Reported link STA info for %d: %u bytes", 3190 link_id, link_info->resp_sta_profile_len); 3191 3192 os_free(sta_profile); 3193 os_free(link_params.resp); 3194 } 3195 3196 fail: 3197 os_free(own_params.resp); 3198 } 3199 3200 #endif /* CONFIG_IEEE80211BE */ 3201 3202 ieee802_11_set_beacon(struct hostapd_data * hapd)3203 int ieee802_11_set_beacon(struct hostapd_data *hapd) 3204 { 3205 struct hostapd_iface *iface = hapd->iface; 3206 int ret; 3207 size_t i, j; 3208 bool is_6g, hapd_mld = false; 3209 #ifdef CONFIG_IEEE80211BE 3210 struct hostapd_data *link_bss; 3211 #endif /* CONFIG_IEEE80211BE */ 3212 3213 ret = __ieee802_11_set_beacon(hapd); 3214 if (ret != 0) 3215 return ret; 3216 3217 if (!iface->interfaces || iface->interfaces->count <= 1) 3218 return 0; 3219 3220 #ifdef CONFIG_IEEE80211BE 3221 hapd_mld = hapd->conf->mld_ap; 3222 #endif /* CONFIG_IEEE80211BE */ 3223 3224 /* Update Beacon frames in case of 6 GHz colocation or AP MLD */ 3225 is_6g = is_6ghz_op_class(iface->conf->op_class); 3226 for (j = 0; j < iface->interfaces->count; j++) { 3227 struct hostapd_iface *other; 3228 bool other_iface_6g; 3229 3230 other = iface->interfaces->iface[j]; 3231 if (other == iface || !other || !other->conf) 3232 continue; 3233 3234 other_iface_6g = is_6ghz_op_class(other->conf->op_class); 3235 3236 if (is_6g == other_iface_6g && !hapd_mld) 3237 continue; 3238 3239 for (i = 0; i < other->num_bss; i++) { 3240 #ifdef CONFIG_IEEE80211BE 3241 if (is_6g == other_iface_6g && 3242 !(hapd_mld && other->bss[i]->conf->mld_ap && 3243 hostapd_is_ml_partner(hapd, other->bss[i]))) 3244 continue; 3245 #endif /* CONFIG_IEEE80211BE */ 3246 3247 if (other->bss[i] && other->bss[i]->started && 3248 other->bss[i]->beacon_set_done) 3249 __ieee802_11_set_beacon(other->bss[i]); 3250 } 3251 } 3252 3253 #ifdef CONFIG_IEEE80211BE 3254 if (!hapd_mld) 3255 return 0; 3256 3257 /* Generate per STA profiles for each affiliated APs */ 3258 for_each_mld_link(link_bss, hapd) 3259 hostapd_gen_per_sta_profiles(link_bss); 3260 #endif /* CONFIG_IEEE80211BE */ 3261 3262 return 0; 3263 } 3264 3265 ieee802_11_set_beacons(struct hostapd_iface * iface)3266 int ieee802_11_set_beacons(struct hostapd_iface *iface) 3267 { 3268 size_t i; 3269 int ret = 0; 3270 3271 for (i = 0; i < iface->num_bss; i++) { 3272 if (iface->bss[i]->started && 3273 ieee802_11_set_beacon(iface->bss[i]) < 0) 3274 ret = -1; 3275 } 3276 3277 return ret; 3278 } 3279 3280 3281 /* only update beacons if started */ ieee802_11_update_beacons(struct hostapd_iface * iface)3282 int ieee802_11_update_beacons(struct hostapd_iface *iface) 3283 { 3284 size_t i; 3285 int ret = 0; 3286 3287 for (i = 0; i < iface->num_bss; i++) { 3288 if (iface->bss[i]->beacon_set_done && iface->bss[i]->started && 3289 ieee802_11_set_beacon(iface->bss[i]) < 0) 3290 ret = -1; 3291 } 3292 3293 return ret; 3294 } 3295 3296 #endif /* CONFIG_NATIVE_WINDOWS */ 3297