1 /* 2 * WPA Supplicant - Driver event processing 3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "utils/crc32.h" 13 #include "eapol_supp/eapol_supp_sm.h" 14 #include "rsn_supp/wpa.h" 15 #include "eloop.h" 16 #include "config.h" 17 #include "l2_packet/l2_packet.h" 18 #include "wpa_supplicant_i.h" 19 #include "driver_i.h" 20 #include "pcsc_funcs.h" 21 #include "rsn_supp/preauth.h" 22 #include "rsn_supp/pmksa_cache.h" 23 #include "common/wpa_ctrl.h" 24 #include "eap_peer/eap.h" 25 #include "ap/hostapd.h" 26 #include "ap/sta_info.h" 27 #include "p2p/p2p.h" 28 #include "fst/fst.h" 29 #include "wnm_sta.h" 30 #include "notify.h" 31 #include "common/ieee802_11_defs.h" 32 #include "common/ieee802_11_common.h" 33 #include "common/gas_server.h" 34 #include "common/dpp.h" 35 #include "common/ptksa_cache.h" 36 #include "crypto/random.h" 37 #include "bssid_ignore.h" 38 #include "wpas_glue.h" 39 #include "wps_supplicant.h" 40 #include "ibss_rsn.h" 41 #include "sme.h" 42 #include "gas_query.h" 43 #include "p2p_supplicant.h" 44 #include "bgscan.h" 45 #include "autoscan.h" 46 #include "ap.h" 47 #include "bss.h" 48 #include "scan.h" 49 #include "offchannel.h" 50 #include "interworking.h" 51 #include "mesh.h" 52 #include "mesh_mpm.h" 53 #include "wmm_ac.h" 54 #include "nan_usd.h" 55 #include "dpp_supplicant.h" 56 57 58 #define MAX_OWE_TRANSITION_BSS_SELECT_COUNT 5 59 60 61 #ifndef CONFIG_NO_SCAN_PROCESSING 62 static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s, 63 int new_scan, int own_request, 64 bool trigger_6ghz_scan, 65 union wpa_event_data *data); 66 #endif /* CONFIG_NO_SCAN_PROCESSING */ 67 68 wpas_temp_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)69 int wpas_temp_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) 70 { 71 struct os_reltime now; 72 73 if (ssid == NULL || ssid->disabled_until.sec == 0) 74 return 0; 75 76 os_get_reltime(&now); 77 if (ssid->disabled_until.sec > now.sec) 78 return ssid->disabled_until.sec - now.sec; 79 80 wpas_clear_temp_disabled(wpa_s, ssid, 0); 81 82 return 0; 83 } 84 85 86 #ifndef CONFIG_NO_SCAN_PROCESSING 87 /** 88 * wpas_reenabled_network_time - Time until first network is re-enabled 89 * @wpa_s: Pointer to wpa_supplicant data 90 * Returns: If all enabled networks are temporarily disabled, returns the time 91 * (in sec) until the first network is re-enabled. Otherwise returns 0. 92 * 93 * This function is used in case all enabled networks are temporarily disabled, 94 * in which case it returns the time (in sec) that the first network will be 95 * re-enabled. The function assumes that at least one network is enabled. 96 */ wpas_reenabled_network_time(struct wpa_supplicant * wpa_s)97 static int wpas_reenabled_network_time(struct wpa_supplicant *wpa_s) 98 { 99 struct wpa_ssid *ssid; 100 int disabled_for, res = 0; 101 102 #ifdef CONFIG_INTERWORKING 103 if (wpa_s->conf->auto_interworking && wpa_s->conf->interworking && 104 wpa_s->conf->cred) 105 return 0; 106 #endif /* CONFIG_INTERWORKING */ 107 108 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 109 if (ssid->disabled) 110 continue; 111 112 disabled_for = wpas_temp_disabled(wpa_s, ssid); 113 if (!disabled_for) 114 return 0; 115 116 if (!res || disabled_for < res) 117 res = disabled_for; 118 } 119 120 return res; 121 } 122 #endif /* CONFIG_NO_SCAN_PROCESSING */ 123 124 wpas_network_reenabled(void * eloop_ctx,void * timeout_ctx)125 void wpas_network_reenabled(void *eloop_ctx, void *timeout_ctx) 126 { 127 struct wpa_supplicant *wpa_s = eloop_ctx; 128 129 if (wpa_s->disconnected || wpa_s->wpa_state != WPA_SCANNING) 130 return; 131 132 wpa_dbg(wpa_s, MSG_DEBUG, 133 "Try to associate due to network getting re-enabled"); 134 if (wpa_supplicant_fast_associate(wpa_s) != 1) { 135 wpa_supplicant_cancel_sched_scan(wpa_s); 136 wpa_supplicant_req_scan(wpa_s, 0, 0); 137 } 138 } 139 140 __wpa_supplicant_get_new_bss(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 * ssid,size_t ssid_len)141 static struct wpa_bss * __wpa_supplicant_get_new_bss( 142 struct wpa_supplicant *wpa_s, const u8 *bssid, const u8 *ssid, 143 size_t ssid_len) 144 { 145 if (ssid && ssid_len > 0) 146 return wpa_bss_get(wpa_s, bssid, ssid, ssid_len); 147 else 148 return wpa_bss_get_bssid(wpa_s, bssid); 149 } 150 151 _wpa_supplicant_get_new_bss(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 * ssid,size_t ssid_len,bool try_update_scan_results)152 static struct wpa_bss * _wpa_supplicant_get_new_bss( 153 struct wpa_supplicant *wpa_s, const u8 *bssid, const u8 *ssid, 154 size_t ssid_len, bool try_update_scan_results) 155 { 156 struct wpa_bss *bss = __wpa_supplicant_get_new_bss(wpa_s, bssid, ssid, 157 ssid_len); 158 159 if (bss || !try_update_scan_results) 160 return bss; 161 162 wpa_supplicant_update_scan_results(wpa_s, bssid); 163 164 return __wpa_supplicant_get_new_bss(wpa_s, bssid, ssid, ssid_len); 165 } 166 167 wpa_supplicant_get_new_bss(struct wpa_supplicant * wpa_s,const u8 * bssid)168 static struct wpa_bss * wpa_supplicant_get_new_bss( 169 struct wpa_supplicant *wpa_s, const u8 *bssid) 170 { 171 struct wpa_bss *bss = NULL; 172 struct wpa_ssid *ssid = wpa_s->current_ssid; 173 u8 drv_ssid[SSID_MAX_LEN]; 174 int res; 175 bool try_update_scan_results = true; 176 177 res = wpa_drv_get_ssid(wpa_s, drv_ssid); 178 if (res > 0) { 179 bss = _wpa_supplicant_get_new_bss(wpa_s, bssid, drv_ssid, res, 180 try_update_scan_results); 181 try_update_scan_results = false; 182 } 183 if (!bss && ssid && ssid->ssid_len > 0) { 184 bss = _wpa_supplicant_get_new_bss(wpa_s, bssid, ssid->ssid, 185 ssid->ssid_len, 186 try_update_scan_results); 187 try_update_scan_results = false; 188 } 189 if (!bss) 190 bss = _wpa_supplicant_get_new_bss(wpa_s, bssid, NULL, 0, 191 try_update_scan_results); 192 193 return bss; 194 } 195 196 197 static struct wpa_bss * wpa_supplicant_update_current_bss(struct wpa_supplicant * wpa_s,const u8 * bssid)198 wpa_supplicant_update_current_bss(struct wpa_supplicant *wpa_s, const u8 *bssid) 199 { 200 struct wpa_bss *bss = wpa_supplicant_get_new_bss(wpa_s, bssid); 201 202 if (bss) 203 wpa_s->current_bss = bss; 204 205 return bss; 206 } 207 208 wpa_supplicant_update_link_bss(struct wpa_supplicant * wpa_s,u8 link_id,const u8 * bssid)209 static void wpa_supplicant_update_link_bss(struct wpa_supplicant *wpa_s, 210 u8 link_id, const u8 *bssid) 211 { 212 struct wpa_bss *bss = wpa_supplicant_get_new_bss(wpa_s, bssid); 213 214 if (bss) 215 wpa_s->links[link_id].bss = bss; 216 } 217 218 wpa_supplicant_select_config(struct wpa_supplicant * wpa_s,union wpa_event_data * data)219 static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s, 220 union wpa_event_data *data) 221 { 222 struct wpa_ssid *ssid, *old_ssid; 223 struct wpa_bss *bss; 224 u8 drv_ssid[SSID_MAX_LEN]; 225 size_t drv_ssid_len; 226 int res; 227 228 if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid) { 229 wpa_supplicant_update_current_bss(wpa_s, wpa_s->bssid); 230 231 if (wpa_s->current_ssid->ssid_len == 0) 232 return 0; /* current profile still in use */ 233 res = wpa_drv_get_ssid(wpa_s, drv_ssid); 234 if (res < 0) { 235 wpa_msg(wpa_s, MSG_INFO, 236 "Failed to read SSID from driver"); 237 return 0; /* try to use current profile */ 238 } 239 drv_ssid_len = res; 240 241 if (drv_ssid_len == wpa_s->current_ssid->ssid_len && 242 os_memcmp(drv_ssid, wpa_s->current_ssid->ssid, 243 drv_ssid_len) == 0) 244 return 0; /* current profile still in use */ 245 246 #ifdef CONFIG_OWE 247 if ((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_OWE) && 248 wpa_s->current_bss && 249 (wpa_s->current_bss->flags & WPA_BSS_OWE_TRANSITION) && 250 drv_ssid_len == wpa_s->current_bss->ssid_len && 251 os_memcmp(drv_ssid, wpa_s->current_bss->ssid, 252 drv_ssid_len) == 0) 253 return 0; /* current profile still in use */ 254 #endif /* CONFIG_OWE */ 255 256 wpa_msg(wpa_s, MSG_DEBUG, 257 "Driver-initiated BSS selection changed the SSID to %s", 258 wpa_ssid_txt(drv_ssid, drv_ssid_len)); 259 /* continue selecting a new network profile */ 260 } 261 262 wpa_dbg(wpa_s, MSG_DEBUG, "Select network based on association " 263 "information"); 264 ssid = wpa_supplicant_get_ssid(wpa_s); 265 if (ssid == NULL) { 266 wpa_msg(wpa_s, MSG_INFO, 267 "No network configuration found for the current AP"); 268 return -1; 269 } 270 271 if (wpas_network_disabled(wpa_s, ssid)) { 272 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is disabled"); 273 return -1; 274 } 275 276 if (disallowed_bssid(wpa_s, wpa_s->bssid) || 277 disallowed_ssid(wpa_s, ssid->ssid, ssid->ssid_len)) { 278 wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS is disallowed"); 279 return -1; 280 } 281 282 res = wpas_temp_disabled(wpa_s, ssid); 283 if (res > 0) { 284 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is temporarily " 285 "disabled for %d second(s)", res); 286 return -1; 287 } 288 289 wpa_dbg(wpa_s, MSG_DEBUG, "Network configuration found for the " 290 "current AP"); 291 bss = wpa_supplicant_update_current_bss(wpa_s, wpa_s->bssid); 292 if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) { 293 u8 wpa_ie[80]; 294 size_t wpa_ie_len = sizeof(wpa_ie); 295 bool skip_default_rsne; 296 297 /* Do not override RSNE/RSNXE with the default values if the 298 * driver indicated the actual values used in the 299 * (Re)Association Request frame. */ 300 skip_default_rsne = data && data->assoc_info.req_ies; 301 if (wpa_supplicant_set_suites(wpa_s, bss, ssid, 302 wpa_ie, &wpa_ie_len, 303 skip_default_rsne) < 0) 304 wpa_dbg(wpa_s, MSG_DEBUG, "Could not set WPA suites"); 305 } else { 306 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 307 } 308 309 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) 310 eapol_sm_invalidate_cached_session(wpa_s->eapol); 311 old_ssid = wpa_s->current_ssid; 312 wpa_s->current_ssid = ssid; 313 314 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid); 315 wpa_supplicant_initiate_eapol(wpa_s); 316 if (old_ssid != wpa_s->current_ssid) 317 wpas_notify_network_changed(wpa_s); 318 319 return 0; 320 } 321 322 wpa_supplicant_stop_countermeasures(void * eloop_ctx,void * sock_ctx)323 void wpa_supplicant_stop_countermeasures(void *eloop_ctx, void *sock_ctx) 324 { 325 struct wpa_supplicant *wpa_s = eloop_ctx; 326 327 if (wpa_s->countermeasures) { 328 wpa_s->countermeasures = 0; 329 wpa_drv_set_countermeasures(wpa_s, 0); 330 wpa_msg(wpa_s, MSG_INFO, "WPA: TKIP countermeasures stopped"); 331 332 /* 333 * It is possible that the device is sched scanning, which means 334 * that a connection attempt will be done only when we receive 335 * scan results. However, in this case, it would be preferable 336 * to scan and connect immediately, so cancel the sched_scan and 337 * issue a regular scan flow. 338 */ 339 wpa_supplicant_cancel_sched_scan(wpa_s); 340 wpa_supplicant_req_scan(wpa_s, 0, 0); 341 } 342 } 343 344 wpas_reset_mlo_info(struct wpa_supplicant * wpa_s)345 void wpas_reset_mlo_info(struct wpa_supplicant *wpa_s) 346 { 347 if (!wpa_s->valid_links) 348 return; 349 350 wpa_s->valid_links = 0; 351 wpa_s->mlo_assoc_link_id = 0; 352 os_memset(wpa_s->ap_mld_addr, 0, ETH_ALEN); 353 os_memset(wpa_s->links, 0, sizeof(wpa_s->links)); 354 } 355 356 wpa_supplicant_mark_disassoc(struct wpa_supplicant * wpa_s)357 void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s) 358 { 359 int bssid_changed; 360 361 wnm_bss_keep_alive_deinit(wpa_s); 362 363 #ifdef CONFIG_IBSS_RSN 364 ibss_rsn_deinit(wpa_s->ibss_rsn); 365 wpa_s->ibss_rsn = NULL; 366 #endif /* CONFIG_IBSS_RSN */ 367 368 #ifdef CONFIG_AP 369 wpa_supplicant_ap_deinit(wpa_s); 370 #endif /* CONFIG_AP */ 371 372 #ifdef CONFIG_HS20 373 /* Clear possibly configured frame filters */ 374 wpa_drv_configure_frame_filters(wpa_s, 0); 375 #endif /* CONFIG_HS20 */ 376 377 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) 378 return; 379 380 if (os_reltime_initialized(&wpa_s->session_start)) { 381 os_reltime_age(&wpa_s->session_start, &wpa_s->session_length); 382 wpa_s->session_start.sec = 0; 383 wpa_s->session_start.usec = 0; 384 wpas_notify_session_length(wpa_s); 385 } 386 387 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 388 bssid_changed = !is_zero_ether_addr(wpa_s->bssid); 389 os_memset(wpa_s->bssid, 0, ETH_ALEN); 390 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 391 sme_clear_on_disassoc(wpa_s); 392 wpa_s->current_bss = NULL; 393 wpa_s->assoc_freq = 0; 394 395 if (bssid_changed) 396 wpas_notify_bssid_changed(wpa_s); 397 398 eapol_sm_notify_portEnabled(wpa_s->eapol, false); 399 eapol_sm_notify_portValid(wpa_s->eapol, false); 400 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || 401 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || 402 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || wpa_s->drv_authorized_port) 403 eapol_sm_notify_eap_success(wpa_s->eapol, false); 404 wpa_s->drv_authorized_port = 0; 405 wpa_s->ap_ies_from_associnfo = 0; 406 wpa_s->current_ssid = NULL; 407 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL); 408 wpa_s->key_mgmt = 0; 409 wpa_s->allowed_key_mgmts = 0; 410 411 #ifndef CONFIG_NO_RRM 412 wpas_rrm_reset(wpa_s); 413 #endif /* CONFIG_NO_RRM */ 414 wpa_s->wnmsleep_used = 0; 415 #ifdef CONFIG_WNM 416 wpa_s->wnm_mode = 0; 417 #endif /* CONFIG_WNM */ 418 wnm_clear_coloc_intf_reporting(wpa_s); 419 wpa_s->disable_mbo_oce = 0; 420 421 #ifdef CONFIG_TESTING_OPTIONS 422 wpa_s->last_tk_alg = WPA_ALG_NONE; 423 os_memset(wpa_s->last_tk, 0, sizeof(wpa_s->last_tk)); 424 #endif /* CONFIG_TESTING_OPTIONS */ 425 wpa_s->ieee80211ac = 0; 426 427 if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0) 428 wpa_s->enabled_4addr_mode = 0; 429 430 wpa_s->wps_scan_done = false; 431 wpas_reset_mlo_info(wpa_s); 432 433 #ifdef CONFIG_SME 434 wpa_s->sme.bss_max_idle_period = 0; 435 #endif /* CONFIG_SME */ 436 437 wpa_s->ssid_verified = false; 438 wpa_s->bigtk_set = false; 439 440 wpabuf_free(wpa_s->pending_eapol_rx); 441 wpa_s->pending_eapol_rx = NULL; 442 } 443 444 wpa_find_assoc_pmkid(struct wpa_supplicant * wpa_s)445 static void wpa_find_assoc_pmkid(struct wpa_supplicant *wpa_s) 446 { 447 struct wpa_ie_data ie; 448 int pmksa_set = -1; 449 size_t i; 450 struct rsn_pmksa_cache_entry *cur_pmksa; 451 452 /* Start with assumption of no PMKSA cache entry match for cases other 453 * than SAE. In particular, this is needed to generate the PMKSA cache 454 * entries for Suite B cases with driver-based roaming indication. */ 455 cur_pmksa = pmksa_cache_get_current(wpa_s->wpa); 456 if (cur_pmksa && !wpa_key_mgmt_sae(cur_pmksa->akmp)) 457 pmksa_cache_clear_current(wpa_s->wpa); 458 459 if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 || 460 ie.pmkid == NULL) 461 return; 462 463 for (i = 0; i < ie.num_pmkid; i++) { 464 pmksa_set = pmksa_cache_set_current(wpa_s->wpa, 465 ie.pmkid + i * PMKID_LEN, 466 NULL, NULL, 0, NULL, 0, 467 true); 468 if (pmksa_set == 0) { 469 eapol_sm_notify_pmkid_attempt(wpa_s->eapol); 470 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa); 471 break; 472 } 473 } 474 475 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID from assoc IE %sfound from " 476 "PMKSA cache", pmksa_set == 0 ? "" : "not "); 477 } 478 479 wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant * wpa_s,union wpa_event_data * data)480 static void wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant *wpa_s, 481 union wpa_event_data *data) 482 { 483 if (data == NULL) { 484 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: No data in PMKID candidate " 485 "event"); 486 return; 487 } 488 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID candidate event - bssid=" MACSTR 489 " index=%d preauth=%d", 490 MAC2STR(data->pmkid_candidate.bssid), 491 data->pmkid_candidate.index, 492 data->pmkid_candidate.preauth); 493 494 pmksa_candidate_add(wpa_s->wpa, data->pmkid_candidate.bssid, 495 data->pmkid_candidate.index, 496 data->pmkid_candidate.preauth); 497 } 498 499 wpa_supplicant_dynamic_keys(struct wpa_supplicant * wpa_s)500 static int wpa_supplicant_dynamic_keys(struct wpa_supplicant *wpa_s) 501 { 502 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 503 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) 504 return 0; 505 506 #ifdef IEEE8021X_EAPOL 507 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA && 508 wpa_s->current_ssid && 509 !(wpa_s->current_ssid->eapol_flags & 510 (EAPOL_FLAG_REQUIRE_KEY_UNICAST | 511 EAPOL_FLAG_REQUIRE_KEY_BROADCAST))) { 512 /* IEEE 802.1X, but not using dynamic WEP keys (i.e., either 513 * plaintext or static WEP keys). */ 514 return 0; 515 } 516 #endif /* IEEE8021X_EAPOL */ 517 518 return 1; 519 } 520 521 522 /** 523 * wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC 524 * @wpa_s: pointer to wpa_supplicant data 525 * @ssid: Configuration data for the network 526 * Returns: 0 on success, -1 on failure 527 * 528 * This function is called when starting authentication with a network that is 529 * configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA). 530 */ wpa_supplicant_scard_init(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)531 int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s, 532 struct wpa_ssid *ssid) 533 { 534 #ifdef IEEE8021X_EAPOL 535 #ifdef PCSC_FUNCS 536 int aka = 0, sim = 0; 537 538 if ((ssid != NULL && ssid->eap.pcsc == NULL) || 539 wpa_s->scard != NULL || wpa_s->conf->external_sim) 540 return 0; 541 542 if (ssid == NULL || ssid->eap.eap_methods == NULL) { 543 sim = 1; 544 aka = 1; 545 } else { 546 struct eap_method_type *eap = ssid->eap.eap_methods; 547 while (eap->vendor != EAP_VENDOR_IETF || 548 eap->method != EAP_TYPE_NONE) { 549 if (eap->vendor == EAP_VENDOR_IETF) { 550 if (eap->method == EAP_TYPE_SIM) 551 sim = 1; 552 else if (eap->method == EAP_TYPE_AKA || 553 eap->method == EAP_TYPE_AKA_PRIME) 554 aka = 1; 555 } 556 eap++; 557 } 558 } 559 560 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL) 561 sim = 0; 562 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL && 563 eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME) == 564 NULL) 565 aka = 0; 566 567 if (!sim && !aka) { 568 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to " 569 "use SIM, but neither EAP-SIM nor EAP-AKA are " 570 "enabled"); 571 return 0; 572 } 573 574 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to use SIM " 575 "(sim=%d aka=%d) - initialize PCSC", sim, aka); 576 577 wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader); 578 if (wpa_s->scard == NULL) { 579 wpa_msg(wpa_s, MSG_WARNING, "Failed to initialize SIM " 580 "(pcsc-lite)"); 581 return -1; 582 } 583 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard); 584 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); 585 #endif /* PCSC_FUNCS */ 586 #endif /* IEEE8021X_EAPOL */ 587 588 return 0; 589 } 590 591 592 #ifndef CONFIG_NO_SCAN_PROCESSING 593 594 #ifdef CONFIG_WEP has_wep_key(struct wpa_ssid * ssid)595 static int has_wep_key(struct wpa_ssid *ssid) 596 { 597 int i; 598 599 for (i = 0; i < NUM_WEP_KEYS; i++) { 600 if (ssid->wep_key_len[i]) 601 return 1; 602 } 603 604 return 0; 605 } 606 #endif /* CONFIG_WEP */ 607 608 wpa_supplicant_match_privacy(struct wpa_bss * bss,struct wpa_ssid * ssid)609 static int wpa_supplicant_match_privacy(struct wpa_bss *bss, 610 struct wpa_ssid *ssid) 611 { 612 int privacy = 0; 613 614 if (ssid->mixed_cell) 615 return 1; 616 617 #ifdef CONFIG_WPS 618 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) 619 return 1; 620 #endif /* CONFIG_WPS */ 621 622 #ifdef CONFIG_OWE 623 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) && !ssid->owe_only) 624 return 1; 625 #endif /* CONFIG_OWE */ 626 627 #ifdef CONFIG_WEP 628 if (has_wep_key(ssid)) 629 privacy = 1; 630 #endif /* CONFIG_WEP */ 631 632 #ifdef IEEE8021X_EAPOL 633 if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && 634 ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST | 635 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) 636 privacy = 1; 637 #endif /* IEEE8021X_EAPOL */ 638 639 if (wpa_key_mgmt_wpa(ssid->key_mgmt)) 640 privacy = 1; 641 642 if (bss->caps & IEEE80211_CAP_PRIVACY) 643 return privacy; 644 return !privacy; 645 } 646 647 wpa_supplicant_ssid_bss_match(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss,int debug_print)648 static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, 649 struct wpa_ssid *ssid, 650 struct wpa_bss *bss, int debug_print) 651 { 652 struct wpa_ie_data ie; 653 int proto_match = 0; 654 const u8 *rsn_ie, *wpa_ie; 655 int ret; 656 #ifdef CONFIG_WEP 657 int wep_ok; 658 #endif /* CONFIG_WEP */ 659 bool is_6ghz_bss = is_6ghz_freq(bss->freq); 660 661 ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss); 662 if (ret >= 0) 663 return ret; 664 665 #ifdef CONFIG_WEP 666 /* Allow TSN if local configuration accepts WEP use without WPA/WPA2 */ 667 wep_ok = !wpa_key_mgmt_wpa(ssid->key_mgmt) && 668 (((ssid->key_mgmt & WPA_KEY_MGMT_NONE) && 669 ssid->wep_key_len[ssid->wep_tx_keyidx] > 0) || 670 (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)); 671 #endif /* CONFIG_WEP */ 672 673 rsn_ie = wpa_bss_get_rsne(wpa_s, bss, ssid, false); 674 if (is_6ghz_bss && !rsn_ie) { 675 if (debug_print) 676 wpa_dbg(wpa_s, MSG_DEBUG, 677 " skip - 6 GHz BSS without RSNE"); 678 return 0; 679 } 680 681 while ((ssid->proto & WPA_PROTO_RSN) && rsn_ie) { 682 proto_match++; 683 684 if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) { 685 if (debug_print) 686 wpa_dbg(wpa_s, MSG_DEBUG, 687 " skip RSN IE - parse failed"); 688 break; 689 } 690 if (!ie.has_pairwise) 691 ie.pairwise_cipher = wpa_default_rsn_cipher(bss->freq); 692 if (!ie.has_group) 693 ie.group_cipher = wpa_default_rsn_cipher(bss->freq); 694 695 if (is_6ghz_bss || !is_zero_ether_addr(bss->mld_addr)) { 696 /* WEP and TKIP are not allowed on 6 GHz/MLD */ 697 ie.pairwise_cipher &= ~(WPA_CIPHER_WEP40 | 698 WPA_CIPHER_WEP104 | 699 WPA_CIPHER_TKIP); 700 ie.group_cipher &= ~(WPA_CIPHER_WEP40 | 701 WPA_CIPHER_WEP104 | 702 WPA_CIPHER_TKIP); 703 } 704 705 #ifdef CONFIG_WEP 706 if (wep_ok && 707 (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104))) 708 { 709 if (debug_print) 710 wpa_dbg(wpa_s, MSG_DEBUG, 711 " selected based on TSN in RSN IE"); 712 return 1; 713 } 714 #endif /* CONFIG_WEP */ 715 716 if (!(ie.proto & ssid->proto)) { 717 if (debug_print) 718 wpa_dbg(wpa_s, MSG_DEBUG, 719 " skip RSN IE - proto mismatch"); 720 break; 721 } 722 723 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) { 724 if (debug_print) 725 wpa_dbg(wpa_s, MSG_DEBUG, 726 " skip RSN IE - PTK cipher mismatch"); 727 break; 728 } 729 730 if (!(ie.group_cipher & ssid->group_cipher)) { 731 if (debug_print) 732 wpa_dbg(wpa_s, MSG_DEBUG, 733 " skip RSN IE - GTK cipher mismatch"); 734 break; 735 } 736 737 if (ssid->group_mgmt_cipher && 738 !(ie.mgmt_group_cipher & ssid->group_mgmt_cipher)) { 739 if (debug_print) 740 wpa_dbg(wpa_s, MSG_DEBUG, 741 " skip RSN IE - group mgmt cipher mismatch"); 742 break; 743 } 744 745 if (is_6ghz_bss) { 746 /* MFPC must be supported on 6 GHz */ 747 if (!(ie.capabilities & WPA_CAPABILITY_MFPC)) { 748 if (debug_print) 749 wpa_dbg(wpa_s, MSG_DEBUG, 750 " skip RSNE - 6 GHz without MFPC"); 751 break; 752 } 753 754 /* WPA PSK is not allowed on the 6 GHz band */ 755 ie.key_mgmt &= ~(WPA_KEY_MGMT_PSK | 756 WPA_KEY_MGMT_FT_PSK | 757 WPA_KEY_MGMT_PSK_SHA256); 758 } 759 760 if (!(ie.key_mgmt & ssid->key_mgmt)) { 761 if (debug_print) 762 wpa_dbg(wpa_s, MSG_DEBUG, 763 " skip RSN IE - key mgmt mismatch"); 764 break; 765 } 766 767 if (!(ie.capabilities & WPA_CAPABILITY_MFPC) && 768 wpas_get_ssid_pmf(wpa_s, ssid) == 769 MGMT_FRAME_PROTECTION_REQUIRED) { 770 if (debug_print) 771 wpa_dbg(wpa_s, MSG_DEBUG, 772 " skip RSN IE - no mgmt frame protection"); 773 break; 774 } 775 if ((ie.capabilities & WPA_CAPABILITY_MFPR) && 776 wpas_get_ssid_pmf(wpa_s, ssid) == 777 NO_MGMT_FRAME_PROTECTION) { 778 if (debug_print) 779 wpa_dbg(wpa_s, MSG_DEBUG, 780 " skip RSN IE - no mgmt frame protection enabled but AP requires it"); 781 break; 782 } 783 784 if (debug_print) 785 wpa_dbg(wpa_s, MSG_DEBUG, 786 " selected based on RSN IE"); 787 return 1; 788 } 789 790 if (is_6ghz_bss) { 791 if (debug_print) 792 wpa_dbg(wpa_s, MSG_DEBUG, 793 " skip - 6 GHz BSS without matching RSNE"); 794 return 0; 795 } 796 797 wpa_ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 798 799 if (wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED && 800 (!(ssid->key_mgmt & WPA_KEY_MGMT_OWE) || ssid->owe_only)) { 801 #ifdef CONFIG_OWE 802 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) && ssid->owe_only && 803 !wpa_ie && !rsn_ie && 804 wpa_s->owe_transition_select && 805 wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE) && 806 ssid->owe_transition_bss_select_count + 1 <= 807 MAX_OWE_TRANSITION_BSS_SELECT_COUNT) { 808 ssid->owe_transition_bss_select_count++; 809 if (debug_print) 810 wpa_dbg(wpa_s, MSG_DEBUG, 811 " skip OWE open BSS (selection count %d does not exceed %d)", 812 ssid->owe_transition_bss_select_count, 813 MAX_OWE_TRANSITION_BSS_SELECT_COUNT); 814 wpa_s->owe_transition_search = 1; 815 return 0; 816 } 817 #endif /* CONFIG_OWE */ 818 if (debug_print) 819 wpa_dbg(wpa_s, MSG_DEBUG, 820 " skip - MFP Required but network not MFP Capable"); 821 return 0; 822 } 823 824 while ((ssid->proto & WPA_PROTO_WPA) && wpa_ie) { 825 proto_match++; 826 827 if (wpa_parse_wpa_ie(wpa_ie, 2 + wpa_ie[1], &ie)) { 828 if (debug_print) 829 wpa_dbg(wpa_s, MSG_DEBUG, 830 " skip WPA IE - parse failed"); 831 break; 832 } 833 834 #ifdef CONFIG_WEP 835 if (wep_ok && 836 (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104))) 837 { 838 if (debug_print) 839 wpa_dbg(wpa_s, MSG_DEBUG, 840 " selected based on TSN in WPA IE"); 841 return 1; 842 } 843 #endif /* CONFIG_WEP */ 844 845 if (!(ie.proto & ssid->proto)) { 846 if (debug_print) 847 wpa_dbg(wpa_s, MSG_DEBUG, 848 " skip WPA IE - proto mismatch"); 849 break; 850 } 851 852 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) { 853 if (debug_print) 854 wpa_dbg(wpa_s, MSG_DEBUG, 855 " skip WPA IE - PTK cipher mismatch"); 856 break; 857 } 858 859 if (!(ie.group_cipher & ssid->group_cipher)) { 860 if (debug_print) 861 wpa_dbg(wpa_s, MSG_DEBUG, 862 " skip WPA IE - GTK cipher mismatch"); 863 break; 864 } 865 866 if (!(ie.key_mgmt & ssid->key_mgmt)) { 867 if (debug_print) 868 wpa_dbg(wpa_s, MSG_DEBUG, 869 " skip WPA IE - key mgmt mismatch"); 870 break; 871 } 872 873 if (debug_print) 874 wpa_dbg(wpa_s, MSG_DEBUG, 875 " selected based on WPA IE"); 876 return 1; 877 } 878 879 if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && !wpa_ie && 880 !rsn_ie) { 881 if (debug_print) 882 wpa_dbg(wpa_s, MSG_DEBUG, 883 " allow for non-WPA IEEE 802.1X"); 884 return 1; 885 } 886 887 #ifdef CONFIG_OWE 888 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) && !ssid->owe_only && 889 !wpa_ie && !rsn_ie) { 890 if (wpa_s->owe_transition_select && 891 wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE) && 892 ssid->owe_transition_bss_select_count + 1 <= 893 MAX_OWE_TRANSITION_BSS_SELECT_COUNT) { 894 ssid->owe_transition_bss_select_count++; 895 if (debug_print) 896 wpa_dbg(wpa_s, MSG_DEBUG, 897 " skip OWE transition BSS (selection count %d does not exceed %d)", 898 ssid->owe_transition_bss_select_count, 899 MAX_OWE_TRANSITION_BSS_SELECT_COUNT); 900 wpa_s->owe_transition_search = 1; 901 return 0; 902 } 903 if (debug_print) 904 wpa_dbg(wpa_s, MSG_DEBUG, 905 " allow in OWE transition mode"); 906 return 1; 907 } 908 #endif /* CONFIG_OWE */ 909 910 if ((ssid->proto & (WPA_PROTO_WPA | WPA_PROTO_RSN)) && 911 wpa_key_mgmt_wpa(ssid->key_mgmt) && proto_match == 0) { 912 if (debug_print) 913 wpa_dbg(wpa_s, MSG_DEBUG, 914 " skip - no WPA/RSN proto match"); 915 return 0; 916 } 917 918 if (!wpa_key_mgmt_wpa(ssid->key_mgmt)) { 919 if (debug_print) 920 wpa_dbg(wpa_s, MSG_DEBUG, " allow in non-WPA/WPA2"); 921 return 1; 922 } 923 924 if (debug_print) 925 wpa_dbg(wpa_s, MSG_DEBUG, 926 " reject due to mismatch with WPA/WPA2"); 927 928 return 0; 929 } 930 931 freq_allowed(int * freqs,int freq)932 static int freq_allowed(int *freqs, int freq) 933 { 934 int i; 935 936 if (freqs == NULL) 937 return 1; 938 939 for (i = 0; freqs[i]; i++) 940 if (freqs[i] == freq) 941 return 1; 942 return 0; 943 } 944 945 rate_match(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss,int debug_print)946 static int rate_match(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, 947 struct wpa_bss *bss, int debug_print) 948 { 949 const struct hostapd_hw_modes *mode = NULL, *modes; 950 const u8 scan_ie[2] = { WLAN_EID_SUPP_RATES, WLAN_EID_EXT_SUPP_RATES }; 951 const u8 *rate_ie; 952 int i, j, k; 953 954 if (bss->freq == 0) 955 return 1; /* Cannot do matching without knowing band */ 956 957 modes = wpa_s->hw.modes; 958 if (modes == NULL) { 959 /* 960 * The driver does not provide any additional information 961 * about the utilized hardware, so allow the connection attempt 962 * to continue. 963 */ 964 return 1; 965 } 966 967 for (i = 0; i < wpa_s->hw.num_modes; i++) { 968 for (j = 0; j < modes[i].num_channels; j++) { 969 int freq = modes[i].channels[j].freq; 970 if (freq == bss->freq) { 971 if (mode && 972 mode->mode == HOSTAPD_MODE_IEEE80211G) 973 break; /* do not allow 802.11b replace 974 * 802.11g */ 975 mode = &modes[i]; 976 break; 977 } 978 } 979 } 980 981 if (mode == NULL) 982 return 0; 983 984 for (i = 0; i < (int) sizeof(scan_ie); i++) { 985 rate_ie = wpa_bss_get_ie(bss, scan_ie[i]); 986 if (rate_ie == NULL) 987 continue; 988 989 for (j = 2; j < rate_ie[1] + 2; j++) { 990 int flagged = !!(rate_ie[j] & 0x80); 991 int r = (rate_ie[j] & 0x7f) * 5; 992 993 /* 994 * IEEE Std 802.11n-2009 7.3.2.2: 995 * The new BSS Membership selector value is encoded 996 * like a legacy basic rate, but it is not a rate and 997 * only indicates if the BSS members are required to 998 * support the mandatory features of Clause 20 [HT PHY] 999 * in order to join the BSS. 1000 */ 1001 if (flagged && ((rate_ie[j] & 0x7f) == 1002 BSS_MEMBERSHIP_SELECTOR_HT_PHY)) { 1003 if (!ht_supported(mode)) { 1004 if (debug_print) 1005 wpa_dbg(wpa_s, MSG_DEBUG, 1006 " hardware does not support HT PHY"); 1007 return 0; 1008 } 1009 continue; 1010 } 1011 1012 /* There's also a VHT selector for 802.11ac */ 1013 if (flagged && ((rate_ie[j] & 0x7f) == 1014 BSS_MEMBERSHIP_SELECTOR_VHT_PHY)) { 1015 if (!vht_supported(mode)) { 1016 if (debug_print) 1017 wpa_dbg(wpa_s, MSG_DEBUG, 1018 " hardware does not support VHT PHY"); 1019 return 0; 1020 } 1021 continue; 1022 } 1023 1024 if (flagged && ((rate_ie[j] & 0x7f) == 1025 BSS_MEMBERSHIP_SELECTOR_HE_PHY)) { 1026 if (!he_supported(mode, IEEE80211_MODE_INFRA)) { 1027 if (debug_print) 1028 wpa_dbg(wpa_s, MSG_DEBUG, 1029 " hardware does not support HE PHY"); 1030 return 0; 1031 } 1032 continue; 1033 } 1034 1035 #ifdef CONFIG_SAE 1036 if (flagged && ((rate_ie[j] & 0x7f) == 1037 BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY)) { 1038 if (wpas_get_ssid_sae_pwe(wpa_s, ssid) == 1039 SAE_PWE_HUNT_AND_PECK && 1040 !ssid->sae_password_id && 1041 !is_6ghz_freq(bss->freq) && 1042 wpa_key_mgmt_sae(ssid->key_mgmt)) { 1043 if (debug_print) 1044 wpa_dbg(wpa_s, MSG_DEBUG, 1045 " SAE H2E disabled"); 1046 #ifdef CONFIG_TESTING_OPTIONS 1047 if (wpa_s->ignore_sae_h2e_only) { 1048 wpa_dbg(wpa_s, MSG_DEBUG, 1049 "TESTING: Ignore SAE H2E requirement mismatch"); 1050 continue; 1051 } 1052 #endif /* CONFIG_TESTING_OPTIONS */ 1053 return 0; 1054 } 1055 continue; 1056 } 1057 #endif /* CONFIG_SAE */ 1058 1059 if (!flagged) 1060 continue; 1061 1062 /* check for legacy basic rates */ 1063 for (k = 0; k < mode->num_rates; k++) { 1064 if (mode->rates[k] == r) 1065 break; 1066 } 1067 if (k == mode->num_rates) { 1068 /* 1069 * IEEE Std 802.11-2007 7.3.2.2 demands that in 1070 * order to join a BSS all required rates 1071 * have to be supported by the hardware. 1072 */ 1073 if (debug_print) 1074 wpa_dbg(wpa_s, MSG_DEBUG, 1075 " hardware does not support required rate %d.%d Mbps (freq=%d mode==%d num_rates=%d)", 1076 r / 10, r % 10, 1077 bss->freq, mode->mode, mode->num_rates); 1078 return 0; 1079 } 1080 } 1081 } 1082 1083 return 1; 1084 } 1085 1086 1087 /* 1088 * Test whether BSS is in an ESS. 1089 * This is done differently in DMG (60 GHz) and non-DMG bands 1090 */ bss_is_ess(struct wpa_bss * bss)1091 static int bss_is_ess(struct wpa_bss *bss) 1092 { 1093 if (bss_is_dmg(bss)) { 1094 return (bss->caps & IEEE80211_CAP_DMG_MASK) == 1095 IEEE80211_CAP_DMG_AP; 1096 } 1097 1098 return ((bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) == 1099 IEEE80211_CAP_ESS); 1100 } 1101 1102 match_mac_mask(const u8 * addr_a,const u8 * addr_b,const u8 * mask)1103 static int match_mac_mask(const u8 *addr_a, const u8 *addr_b, const u8 *mask) 1104 { 1105 size_t i; 1106 1107 for (i = 0; i < ETH_ALEN; i++) { 1108 if ((addr_a[i] & mask[i]) != (addr_b[i] & mask[i])) 1109 return 0; 1110 } 1111 return 1; 1112 } 1113 1114 addr_in_list(const u8 * addr,const u8 * list,size_t num)1115 static int addr_in_list(const u8 *addr, const u8 *list, size_t num) 1116 { 1117 size_t i; 1118 1119 for (i = 0; i < num; i++) { 1120 const u8 *a = list + i * ETH_ALEN * 2; 1121 const u8 *m = a + ETH_ALEN; 1122 1123 if (match_mac_mask(a, addr, m)) 1124 return 1; 1125 } 1126 return 0; 1127 } 1128 1129 owe_trans_ssid(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,const u8 ** ret_ssid,size_t * ret_ssid_len)1130 static void owe_trans_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, 1131 const u8 **ret_ssid, size_t *ret_ssid_len) 1132 { 1133 #ifdef CONFIG_OWE 1134 const u8 *owe, *bssid; 1135 1136 owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE); 1137 if (!owe || !wpa_bss_get_rsne(wpa_s, bss, NULL, false)) 1138 return; 1139 1140 if (wpas_get_owe_trans_network(owe, &bssid, ret_ssid, ret_ssid_len)) 1141 return; 1142 1143 /* Match the profile SSID against the OWE transition mode SSID on the 1144 * open network. */ 1145 wpa_dbg(wpa_s, MSG_DEBUG, "OWE: transition mode BSSID: " MACSTR 1146 " SSID: %s", MAC2STR(bssid), 1147 wpa_ssid_txt(*ret_ssid, *ret_ssid_len)); 1148 1149 if (!(bss->flags & WPA_BSS_OWE_TRANSITION)) { 1150 struct wpa_ssid *ssid; 1151 1152 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1153 if (wpas_network_disabled(wpa_s, ssid)) 1154 continue; 1155 if (ssid->ssid_len == *ret_ssid_len && 1156 os_memcmp(ssid->ssid, *ret_ssid, *ret_ssid_len) == 1157 0) { 1158 /* OWE BSS in transition mode for a currently 1159 * enabled OWE network. */ 1160 wpa_dbg(wpa_s, MSG_DEBUG, 1161 "OWE: transition mode OWE SSID for active OWE profile"); 1162 bss->flags |= WPA_BSS_OWE_TRANSITION; 1163 break; 1164 } 1165 } 1166 } 1167 #endif /* CONFIG_OWE */ 1168 } 1169 1170 wpas_valid_ml_bss(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)1171 static bool wpas_valid_ml_bss(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) 1172 { 1173 u16 removed_links; 1174 1175 if (wpa_bss_parse_basic_ml_element(wpa_s, bss, NULL, NULL, NULL, NULL)) 1176 return true; 1177 1178 if (!bss->valid_links) 1179 return true; 1180 1181 /* Check if the current BSS is going to be removed */ 1182 removed_links = wpa_bss_parse_reconf_ml_element(wpa_s, bss); 1183 if (BIT(bss->mld_link_id) & removed_links) 1184 return false; 1185 1186 return true; 1187 } 1188 1189 disabled_freq(struct wpa_supplicant * wpa_s,int freq)1190 int disabled_freq(struct wpa_supplicant *wpa_s, int freq) 1191 { 1192 int i, j; 1193 1194 if (!wpa_s->hw.modes || !wpa_s->hw.num_modes) 1195 return 0; 1196 1197 for (j = 0; j < wpa_s->hw.num_modes; j++) { 1198 struct hostapd_hw_modes *mode = &wpa_s->hw.modes[j]; 1199 1200 for (i = 0; i < mode->num_channels; i++) { 1201 struct hostapd_channel_data *chan = &mode->channels[i]; 1202 1203 if (chan->freq == freq) 1204 return !!(chan->flag & HOSTAPD_CHAN_DISABLED); 1205 } 1206 } 1207 1208 return 1; 1209 } 1210 1211 1212 static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, 1213 const u8 *match_ssid, size_t match_ssid_len, 1214 struct wpa_bss *bss, int bssid_ignore_count, 1215 bool debug_print, bool link); 1216 1217 1218 #ifdef CONFIG_SAE_PK sae_pk_acceptable_bss_with_pk(struct wpa_supplicant * wpa_s,struct wpa_bss * orig_bss,struct wpa_ssid * ssid,const u8 * match_ssid,size_t match_ssid_len)1219 static bool sae_pk_acceptable_bss_with_pk(struct wpa_supplicant *wpa_s, 1220 struct wpa_bss *orig_bss, 1221 struct wpa_ssid *ssid, 1222 const u8 *match_ssid, 1223 size_t match_ssid_len) 1224 { 1225 struct wpa_bss *bss; 1226 1227 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 1228 int count; 1229 const u8 *ie; 1230 1231 if (bss == orig_bss) 1232 continue; 1233 ie = wpa_bss_get_rsnxe(wpa_s, bss, ssid, false); 1234 if (!(ieee802_11_rsnx_capab(ie, WLAN_RSNX_CAPAB_SAE_PK))) 1235 continue; 1236 1237 /* TODO: Could be more thorough in checking what kind of 1238 * signal strength or throughput estimate would be acceptable 1239 * compared to the originally selected BSS. */ 1240 if (bss->est_throughput < 2000) 1241 return false; 1242 1243 count = wpa_bssid_ignore_is_listed(wpa_s, bss->bssid); 1244 if (wpa_scan_res_ok(wpa_s, ssid, match_ssid, match_ssid_len, 1245 bss, count, false, false)) 1246 return true; 1247 } 1248 1249 return false; 1250 } 1251 #endif /* CONFIG_SAE_PK */ 1252 1253 wpa_scan_res_ok(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const u8 * match_ssid,size_t match_ssid_len,struct wpa_bss * bss,int bssid_ignore_count,bool debug_print,bool link)1254 static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, 1255 const u8 *match_ssid, size_t match_ssid_len, 1256 struct wpa_bss *bss, int bssid_ignore_count, 1257 bool debug_print, bool link) 1258 { 1259 int res; 1260 bool wpa, check_ssid = false; 1261 #ifdef CONFIG_MBO 1262 const u8 *assoc_disallow; 1263 #endif /* CONFIG_MBO */ 1264 #ifdef CONFIG_SAE 1265 u8 rsnxe_capa = 0; 1266 enum sae_pwe sae_pwe; 1267 #endif /* CONFIG_SAE */ 1268 const u8 *ie; 1269 1270 ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 1271 wpa = ie && ie[1]; 1272 ie = wpa_bss_get_rsne(wpa_s, bss, ssid, false); 1273 wpa |= ie && ie[1]; 1274 1275 #ifdef CONFIG_SAE 1276 ie = wpa_bss_get_rsnxe(wpa_s, bss, ssid, false); 1277 if (ie && ie[0] == WLAN_EID_VENDOR_SPECIFIC && ie[1] >= 4 + 1) 1278 rsnxe_capa = ie[4 + 2]; 1279 else if (ie && ie[1] >= 1) 1280 rsnxe_capa = ie[2]; 1281 #endif /* CONFIG_SAE */ 1282 1283 check_ssid = wpa || ssid->ssid_len > 0; 1284 1285 if (wpas_network_disabled(wpa_s, ssid)) { 1286 if (debug_print) 1287 wpa_dbg(wpa_s, MSG_DEBUG, " skip - disabled"); 1288 return false; 1289 } 1290 1291 res = wpas_temp_disabled(wpa_s, ssid); 1292 if (res > 0) { 1293 if (debug_print) 1294 wpa_dbg(wpa_s, MSG_DEBUG, 1295 " skip - disabled temporarily for %d second(s)", 1296 res); 1297 return false; 1298 } 1299 1300 #ifdef CONFIG_WPS 1301 if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && bssid_ignore_count) { 1302 if (debug_print) 1303 wpa_dbg(wpa_s, MSG_DEBUG, 1304 " skip - BSSID ignored (WPS)"); 1305 return false; 1306 } 1307 1308 if (wpa && ssid->ssid_len == 0 && 1309 wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss)) 1310 check_ssid = false; 1311 1312 if (!wpa && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) { 1313 /* Only allow wildcard SSID match if an AP advertises active 1314 * WPS operation that matches our mode. */ 1315 check_ssid = ssid->ssid_len > 0 || 1316 !wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss); 1317 } 1318 #endif /* CONFIG_WPS */ 1319 1320 if (ssid->bssid_set && ssid->ssid_len == 0 && 1321 ether_addr_equal(bss->bssid, ssid->bssid)) 1322 check_ssid = false; 1323 1324 if (check_ssid && 1325 (match_ssid_len != ssid->ssid_len || 1326 os_memcmp(match_ssid, ssid->ssid, match_ssid_len) != 0)) { 1327 if (debug_print) 1328 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID mismatch"); 1329 return false; 1330 } 1331 1332 if (!link && ssid->bssid_set && 1333 !ether_addr_equal(bss->bssid, ssid->bssid)) { 1334 if (debug_print) 1335 wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID mismatch"); 1336 return false; 1337 } 1338 1339 /* check the list of BSSIDs to ignore */ 1340 if (ssid->num_bssid_ignore && 1341 addr_in_list(bss->bssid, ssid->bssid_ignore, 1342 ssid->num_bssid_ignore)) { 1343 if (debug_print) 1344 wpa_dbg(wpa_s, MSG_DEBUG, 1345 " skip - BSSID configured to be ignored"); 1346 return false; 1347 } 1348 1349 /* if there is a list of accepted BSSIDs, only accept those APs */ 1350 if (ssid->num_bssid_accept && 1351 !addr_in_list(bss->bssid, ssid->bssid_accept, 1352 ssid->num_bssid_accept)) { 1353 if (debug_print) 1354 wpa_dbg(wpa_s, MSG_DEBUG, 1355 " skip - BSSID not in list of accepted values"); 1356 return false; 1357 } 1358 1359 if (!wpa_supplicant_ssid_bss_match(wpa_s, ssid, bss, debug_print)) 1360 return false; 1361 1362 if (!wpa && 1363 !(ssid->key_mgmt & WPA_KEY_MGMT_NONE) && 1364 !(ssid->key_mgmt & WPA_KEY_MGMT_WPS) && 1365 !(ssid->key_mgmt & WPA_KEY_MGMT_OWE) && 1366 !(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) { 1367 if (debug_print) 1368 wpa_dbg(wpa_s, MSG_DEBUG, 1369 " skip - non-WPA network not allowed"); 1370 return false; 1371 } 1372 1373 #ifdef CONFIG_WEP 1374 if (wpa && !wpa_key_mgmt_wpa(ssid->key_mgmt) && has_wep_key(ssid)) { 1375 if (debug_print) 1376 wpa_dbg(wpa_s, MSG_DEBUG, 1377 " skip - ignore WPA/WPA2 AP for WEP network block"); 1378 return false; 1379 } 1380 #endif /* CONFIG_WEP */ 1381 1382 if (!wpa_supplicant_match_privacy(bss, ssid)) { 1383 if (debug_print) 1384 wpa_dbg(wpa_s, MSG_DEBUG, " skip - privacy mismatch"); 1385 return false; 1386 } 1387 1388 if (ssid->mode != WPAS_MODE_MESH && !bss_is_ess(bss) && 1389 !bss_is_pbss(bss)) { 1390 if (debug_print) 1391 wpa_dbg(wpa_s, MSG_DEBUG, 1392 " skip - not ESS, PBSS, or MBSS"); 1393 return false; 1394 } 1395 1396 if (ssid->pbss != 2 && ssid->pbss != bss_is_pbss(bss)) { 1397 if (debug_print) 1398 wpa_dbg(wpa_s, MSG_DEBUG, 1399 " skip - PBSS mismatch (ssid %d bss %d)", 1400 ssid->pbss, bss_is_pbss(bss)); 1401 return false; 1402 } 1403 1404 if (!freq_allowed(ssid->freq_list, bss->freq)) { 1405 if (debug_print) 1406 wpa_dbg(wpa_s, MSG_DEBUG, 1407 " skip - frequency not allowed"); 1408 return false; 1409 } 1410 1411 #ifdef CONFIG_MESH 1412 if (ssid->mode == WPAS_MODE_MESH && ssid->frequency > 0 && 1413 ssid->frequency != bss->freq) { 1414 if (debug_print) 1415 wpa_dbg(wpa_s, MSG_DEBUG, 1416 " skip - frequency not allowed (mesh)"); 1417 return false; 1418 } 1419 #endif /* CONFIG_MESH */ 1420 1421 if (!rate_match(wpa_s, ssid, bss, debug_print)) { 1422 if (debug_print) 1423 wpa_dbg(wpa_s, MSG_DEBUG, 1424 " skip - rate sets do not match"); 1425 return false; 1426 } 1427 1428 #ifdef CONFIG_SAE 1429 /* When using SAE Password Identifier and when operationg on the 6 GHz 1430 * band, only H2E is allowed. */ 1431 sae_pwe = wpas_get_ssid_sae_pwe(wpa_s, ssid); 1432 if ((sae_pwe == SAE_PWE_HASH_TO_ELEMENT || 1433 is_6ghz_freq(bss->freq) || ssid->sae_password_id) && 1434 sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK && 1435 wpa_key_mgmt_sae(ssid->key_mgmt) && 1436 !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) { 1437 if (debug_print) 1438 wpa_dbg(wpa_s, MSG_DEBUG, 1439 " skip - SAE H2E required, but not supported by the AP"); 1440 return false; 1441 } 1442 #endif /* CONFIG_SAE */ 1443 1444 #ifdef CONFIG_SAE_PK 1445 if (ssid->sae_pk == SAE_PK_MODE_ONLY && 1446 !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK))) { 1447 if (debug_print) 1448 wpa_dbg(wpa_s, MSG_DEBUG, 1449 " skip - SAE-PK required, but not supported by the AP"); 1450 return false; 1451 } 1452 #endif /* CONFIG_SAE_PK */ 1453 1454 #ifndef CONFIG_IBSS_RSN 1455 if (ssid->mode == WPAS_MODE_IBSS && 1456 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) { 1457 if (debug_print) 1458 wpa_dbg(wpa_s, MSG_DEBUG, 1459 " skip - IBSS RSN not supported in the build"); 1460 return false; 1461 } 1462 #endif /* !CONFIG_IBSS_RSN */ 1463 1464 #ifdef CONFIG_P2P 1465 if (ssid->p2p_group && 1466 !wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) && 1467 !wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE)) { 1468 if (debug_print) 1469 wpa_dbg(wpa_s, MSG_DEBUG, " skip - no P2P IE seen"); 1470 return false; 1471 } 1472 1473 if (!is_zero_ether_addr(ssid->go_p2p_dev_addr)) { 1474 struct wpabuf *p2p_ie; 1475 u8 dev_addr[ETH_ALEN]; 1476 1477 ie = wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE); 1478 if (!ie) { 1479 if (debug_print) 1480 wpa_dbg(wpa_s, MSG_DEBUG, 1481 " skip - no P2P element"); 1482 return false; 1483 } 1484 p2p_ie = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE); 1485 if (!p2p_ie) { 1486 if (debug_print) 1487 wpa_dbg(wpa_s, MSG_DEBUG, 1488 " skip - could not fetch P2P element"); 1489 return false; 1490 } 1491 1492 if (p2p_parse_dev_addr_in_p2p_ie(p2p_ie, dev_addr) < 0 || 1493 !ether_addr_equal(dev_addr, ssid->go_p2p_dev_addr)) { 1494 if (debug_print) 1495 wpa_dbg(wpa_s, MSG_DEBUG, 1496 " skip - no matching GO P2P Device Address in P2P element"); 1497 wpabuf_free(p2p_ie); 1498 return false; 1499 } 1500 wpabuf_free(p2p_ie); 1501 } 1502 1503 /* 1504 * TODO: skip the AP if its P2P IE has Group Formation bit set in the 1505 * P2P Group Capability Bitmap and we are not in Group Formation with 1506 * that device. 1507 */ 1508 #endif /* CONFIG_P2P */ 1509 1510 if (os_reltime_before(&bss->last_update, &wpa_s->scan_min_time)) { 1511 struct os_reltime diff; 1512 1513 os_reltime_sub(&wpa_s->scan_min_time, &bss->last_update, &diff); 1514 if (debug_print) 1515 wpa_dbg(wpa_s, MSG_DEBUG, 1516 " skip - scan result not recent enough (%u.%06u seconds too old)", 1517 (unsigned int) diff.sec, 1518 (unsigned int) diff.usec); 1519 return false; 1520 } 1521 #ifdef CONFIG_MBO 1522 #ifdef CONFIG_TESTING_OPTIONS 1523 if (wpa_s->ignore_assoc_disallow) 1524 goto skip_assoc_disallow; 1525 #endif /* CONFIG_TESTING_OPTIONS */ 1526 assoc_disallow = wpas_mbo_check_assoc_disallow(bss); 1527 if (assoc_disallow && assoc_disallow[1] >= 1) { 1528 if (debug_print) 1529 wpa_dbg(wpa_s, MSG_DEBUG, 1530 " skip - MBO association disallowed (reason %u)", 1531 assoc_disallow[2]); 1532 return false; 1533 } 1534 1535 if (wpa_is_bss_tmp_disallowed(wpa_s, bss)) { 1536 if (debug_print) 1537 wpa_dbg(wpa_s, MSG_DEBUG, 1538 " skip - AP temporarily disallowed"); 1539 return false; 1540 } 1541 #ifdef CONFIG_TESTING_OPTIONS 1542 skip_assoc_disallow: 1543 #endif /* CONFIG_TESTING_OPTIONS */ 1544 #endif /* CONFIG_MBO */ 1545 1546 #ifdef CONFIG_DPP 1547 if ((ssid->key_mgmt & WPA_KEY_MGMT_DPP) && 1548 !wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, wpa_s->own_addr, 1549 ssid) && 1550 (!ssid->dpp_connector || !ssid->dpp_netaccesskey || 1551 !ssid->dpp_csign)) { 1552 if (debug_print) 1553 wpa_dbg(wpa_s, MSG_DEBUG, 1554 " skip - no PMKSA entry for DPP"); 1555 return false; 1556 } 1557 #endif /* CONFIG_DPP */ 1558 1559 #ifdef CONFIG_SAE_PK 1560 if (ssid->sae_pk == SAE_PK_MODE_AUTOMATIC && 1561 wpa_key_mgmt_sae(ssid->key_mgmt) && 1562 ((ssid->sae_password && 1563 sae_pk_valid_password(ssid->sae_password)) || 1564 (!ssid->sae_password && ssid->passphrase && 1565 sae_pk_valid_password(ssid->passphrase))) && 1566 !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) && 1567 sae_pk_acceptable_bss_with_pk(wpa_s, bss, ssid, match_ssid, 1568 match_ssid_len)) { 1569 if (debug_print) 1570 wpa_dbg(wpa_s, MSG_DEBUG, 1571 " skip - another acceptable BSS with SAE-PK in the same ESS"); 1572 return false; 1573 } 1574 #endif /* CONFIG_SAE_PK */ 1575 1576 if (bss->ssid_len == 0) { 1577 #ifdef CONFIG_OWE 1578 const u8 *owe_ssid = NULL; 1579 size_t owe_ssid_len = 0; 1580 1581 owe_trans_ssid(wpa_s, bss, &owe_ssid, &owe_ssid_len); 1582 if (owe_ssid && owe_ssid_len && 1583 owe_ssid_len == ssid->ssid_len && 1584 os_memcmp(owe_ssid, ssid->ssid, owe_ssid_len) == 0) { 1585 if (debug_print) 1586 wpa_dbg(wpa_s, MSG_DEBUG, 1587 " skip - no SSID in BSS entry for a possible OWE transition mode BSS"); 1588 int_array_add_unique(&wpa_s->owe_trans_scan_freq, 1589 bss->freq); 1590 return false; 1591 } 1592 #endif /* CONFIG_OWE */ 1593 if (debug_print) 1594 wpa_dbg(wpa_s, MSG_DEBUG, 1595 " skip - no SSID known for the BSS"); 1596 return false; 1597 } 1598 1599 if (!link && !wpas_valid_ml_bss(wpa_s, bss)) { 1600 if (debug_print) 1601 wpa_dbg(wpa_s, MSG_DEBUG, 1602 " skip - ML BSS going to be removed"); 1603 return false; 1604 } 1605 1606 /* Matching configuration found */ 1607 return true; 1608 } 1609 1610 wpa_scan_res_match(struct wpa_supplicant * wpa_s,int i,struct wpa_bss * bss,struct wpa_ssid * group,int only_first_ssid,int debug_print,bool link)1611 struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s, 1612 int i, struct wpa_bss *bss, 1613 struct wpa_ssid *group, 1614 int only_first_ssid, int debug_print, 1615 bool link) 1616 { 1617 u8 wpa_ie_len, rsn_ie_len; 1618 const u8 *ie; 1619 struct wpa_ssid *ssid; 1620 const u8 *match_ssid; 1621 size_t match_ssid_len; 1622 int bssid_ignore_count; 1623 1624 ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 1625 wpa_ie_len = ie ? ie[1] : 0; 1626 1627 ie = wpa_bss_get_rsne(wpa_s, bss, NULL, false); 1628 rsn_ie_len = ie ? ie[1] : 0; 1629 1630 if (debug_print) { 1631 wpa_dbg(wpa_s, MSG_DEBUG, "%d: " MACSTR 1632 " ssid='%s' wpa_ie_len=%u rsn_ie_len=%u caps=0x%x level=%d freq=%d %s%s", 1633 i, MAC2STR(bss->bssid), 1634 wpa_ssid_txt(bss->ssid, bss->ssid_len), 1635 wpa_ie_len, rsn_ie_len, bss->caps, bss->level, 1636 bss->freq, 1637 wpa_bss_get_vendor_ie(bss, WPS_IE_VENDOR_TYPE) ? 1638 " wps" : "", 1639 (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) || 1640 wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE)) 1641 ? " p2p" : ""); 1642 } 1643 1644 bssid_ignore_count = wpa_bssid_ignore_is_listed(wpa_s, bss->bssid); 1645 if (bssid_ignore_count) { 1646 int limit = 1; 1647 if (wpa_supplicant_enabled_networks(wpa_s) == 1) { 1648 /* 1649 * When only a single network is enabled, we can 1650 * trigger BSSID ignoring on the first failure. This 1651 * should not be done with multiple enabled networks to 1652 * avoid getting forced to move into a worse ESS on 1653 * single error if there are no other BSSes of the 1654 * current ESS. 1655 */ 1656 limit = 0; 1657 } 1658 if (bssid_ignore_count > limit) { 1659 if (debug_print) { 1660 wpa_dbg(wpa_s, MSG_DEBUG, 1661 " skip - BSSID ignored (count=%d limit=%d)", 1662 bssid_ignore_count, limit); 1663 } 1664 return NULL; 1665 } 1666 } 1667 1668 match_ssid = bss->ssid; 1669 match_ssid_len = bss->ssid_len; 1670 owe_trans_ssid(wpa_s, bss, &match_ssid, &match_ssid_len); 1671 1672 if (match_ssid_len == 0) { 1673 if (debug_print) 1674 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID not known"); 1675 return NULL; 1676 } 1677 1678 if (disallowed_bssid(wpa_s, bss->bssid)) { 1679 if (debug_print) 1680 wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID disallowed"); 1681 return NULL; 1682 } 1683 1684 if (disallowed_ssid(wpa_s, match_ssid, match_ssid_len)) { 1685 if (debug_print) 1686 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID disallowed"); 1687 return NULL; 1688 } 1689 1690 if (disabled_freq(wpa_s, bss->freq)) { 1691 if (debug_print) 1692 wpa_dbg(wpa_s, MSG_DEBUG, " skip - channel disabled"); 1693 return NULL; 1694 } 1695 1696 if (wnm_is_bss_excluded(wpa_s, bss)) { 1697 if (debug_print) 1698 wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID excluded"); 1699 return NULL; 1700 } 1701 1702 for (ssid = group; ssid; ssid = only_first_ssid ? NULL : ssid->pnext) { 1703 if (wpa_scan_res_ok(wpa_s, ssid, match_ssid, match_ssid_len, 1704 bss, bssid_ignore_count, debug_print, link)) 1705 return ssid; 1706 } 1707 1708 /* No matching configuration found */ 1709 return NULL; 1710 } 1711 1712 1713 struct wpa_bss * wpa_supplicant_select_bss(struct wpa_supplicant * wpa_s,struct wpa_ssid * group,struct wpa_ssid ** selected_ssid,int only_first_ssid)1714 wpa_supplicant_select_bss(struct wpa_supplicant *wpa_s, 1715 struct wpa_ssid *group, 1716 struct wpa_ssid **selected_ssid, 1717 int only_first_ssid) 1718 { 1719 unsigned int i; 1720 1721 if (wpa_s->current_ssid) { 1722 struct wpa_ssid *ssid; 1723 1724 wpa_dbg(wpa_s, MSG_DEBUG, 1725 "Scan results matching the currently selected network"); 1726 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 1727 struct wpa_bss *bss = wpa_s->last_scan_res[i]; 1728 1729 ssid = wpa_scan_res_match(wpa_s, i, bss, group, 1730 only_first_ssid, 0, false); 1731 if (ssid != wpa_s->current_ssid) 1732 continue; 1733 wpa_dbg(wpa_s, MSG_DEBUG, "%u: " MACSTR 1734 " freq=%d level=%d snr=%d est_throughput=%u", 1735 i, MAC2STR(bss->bssid), bss->freq, bss->level, 1736 bss->snr, bss->est_throughput); 1737 } 1738 } 1739 1740 if (only_first_ssid) 1741 wpa_dbg(wpa_s, MSG_DEBUG, "Try to find BSS matching pre-selected network id=%d", 1742 group->id); 1743 else 1744 wpa_dbg(wpa_s, MSG_DEBUG, "Selecting BSS from priority group %d", 1745 group->priority); 1746 1747 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 1748 struct wpa_bss *bss = wpa_s->last_scan_res[i]; 1749 1750 wpa_s->owe_transition_select = 1; 1751 *selected_ssid = wpa_scan_res_match(wpa_s, i, bss, group, 1752 only_first_ssid, 1, false); 1753 wpa_s->owe_transition_select = 0; 1754 if (!*selected_ssid) 1755 continue; 1756 wpa_dbg(wpa_s, MSG_DEBUG, " selected %sBSS " MACSTR 1757 " ssid='%s'", 1758 bss == wpa_s->current_bss ? "current ": "", 1759 MAC2STR(bss->bssid), 1760 wpa_ssid_txt(bss->ssid, bss->ssid_len)); 1761 return bss; 1762 } 1763 1764 return NULL; 1765 } 1766 1767 wpa_supplicant_pick_network(struct wpa_supplicant * wpa_s,struct wpa_ssid ** selected_ssid)1768 struct wpa_bss * wpa_supplicant_pick_network(struct wpa_supplicant *wpa_s, 1769 struct wpa_ssid **selected_ssid) 1770 { 1771 struct wpa_bss *selected = NULL; 1772 size_t prio; 1773 struct wpa_ssid *next_ssid = NULL; 1774 struct wpa_ssid *ssid; 1775 1776 if (wpa_s->last_scan_res == NULL || 1777 wpa_s->last_scan_res_used == 0) 1778 return NULL; /* no scan results from last update */ 1779 1780 if (wpa_s->next_ssid) { 1781 /* check that next_ssid is still valid */ 1782 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1783 if (ssid == wpa_s->next_ssid) 1784 break; 1785 } 1786 next_ssid = ssid; 1787 wpa_s->next_ssid = NULL; 1788 } 1789 1790 while (selected == NULL) { 1791 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) { 1792 if (next_ssid && next_ssid->priority == 1793 wpa_s->conf->pssid[prio]->priority) { 1794 selected = wpa_supplicant_select_bss( 1795 wpa_s, next_ssid, selected_ssid, 1); 1796 if (selected) 1797 break; 1798 } 1799 selected = wpa_supplicant_select_bss( 1800 wpa_s, wpa_s->conf->pssid[prio], 1801 selected_ssid, 0); 1802 if (selected) 1803 break; 1804 } 1805 1806 if (!selected && 1807 (wpa_s->bssid_ignore || wnm_active_bss_trans_mgmt(wpa_s)) && 1808 !wpa_s->countermeasures) { 1809 wpa_dbg(wpa_s, MSG_DEBUG, 1810 "No APs found - clear BSSID ignore list and try again"); 1811 wnm_btm_reset(wpa_s); 1812 wpa_bssid_ignore_clear(wpa_s); 1813 wpa_s->bssid_ignore_cleared = true; 1814 } else if (selected == NULL) 1815 break; 1816 } 1817 1818 ssid = *selected_ssid; 1819 if (selected && ssid && ssid->mem_only_psk && !ssid->psk_set && 1820 !ssid->passphrase && !ssid->ext_psk) { 1821 const char *field_name, *txt = NULL; 1822 1823 wpa_dbg(wpa_s, MSG_DEBUG, 1824 "PSK/passphrase not yet available for the selected network"); 1825 1826 wpas_notify_network_request(wpa_s, ssid, 1827 WPA_CTRL_REQ_PSK_PASSPHRASE, NULL); 1828 1829 field_name = wpa_supplicant_ctrl_req_to_string( 1830 WPA_CTRL_REQ_PSK_PASSPHRASE, NULL, &txt); 1831 if (field_name == NULL) 1832 return NULL; 1833 1834 wpas_send_ctrl_req(wpa_s, ssid, field_name, txt); 1835 1836 selected = NULL; 1837 } 1838 1839 return selected; 1840 } 1841 1842 wpa_supplicant_req_new_scan(struct wpa_supplicant * wpa_s,int timeout_sec,int timeout_usec)1843 static void wpa_supplicant_req_new_scan(struct wpa_supplicant *wpa_s, 1844 int timeout_sec, int timeout_usec) 1845 { 1846 if (!wpa_supplicant_enabled_networks(wpa_s)) { 1847 /* 1848 * No networks are enabled; short-circuit request so 1849 * we don't wait timeout seconds before transitioning 1850 * to INACTIVE state. 1851 */ 1852 wpa_dbg(wpa_s, MSG_DEBUG, "Short-circuit new scan request " 1853 "since there are no enabled networks"); 1854 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 1855 return; 1856 } 1857 1858 wpa_s->scan_for_connection = 1; 1859 wpa_supplicant_req_scan(wpa_s, timeout_sec, timeout_usec); 1860 } 1861 1862 ml_link_probe_scan(struct wpa_supplicant * wpa_s)1863 static bool ml_link_probe_scan(struct wpa_supplicant *wpa_s) 1864 { 1865 if (!wpa_s->ml_connect_probe_ssid || !wpa_s->ml_connect_probe_bss) 1866 return false; 1867 1868 wpa_msg(wpa_s, MSG_DEBUG, 1869 "Request association with " MACSTR " after ML probe", 1870 MAC2STR(wpa_s->ml_connect_probe_bss->bssid)); 1871 1872 wpa_supplicant_associate(wpa_s, wpa_s->ml_connect_probe_bss, 1873 wpa_s->ml_connect_probe_ssid); 1874 1875 wpa_s->ml_connect_probe_ssid = NULL; 1876 wpa_s->ml_connect_probe_bss = NULL; 1877 1878 return true; 1879 } 1880 1881 wpa_supplicant_connect_ml_missing(struct wpa_supplicant * wpa_s,struct wpa_bss * selected,struct wpa_ssid * ssid)1882 static int wpa_supplicant_connect_ml_missing(struct wpa_supplicant *wpa_s, 1883 struct wpa_bss *selected, 1884 struct wpa_ssid *ssid) 1885 { 1886 int *freqs; 1887 u16 missing_links = 0, removed_links; 1888 u8 ap_mld_id; 1889 1890 if (!((wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_MLO) && 1891 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))) 1892 return 0; 1893 1894 if (wpa_bss_parse_basic_ml_element(wpa_s, selected, NULL, 1895 &missing_links, ssid, 1896 &ap_mld_id) || 1897 !missing_links) 1898 return 0; 1899 1900 removed_links = wpa_bss_parse_reconf_ml_element(wpa_s, selected); 1901 missing_links &= ~removed_links; 1902 1903 if (!missing_links) 1904 return 0; 1905 1906 wpa_dbg(wpa_s, MSG_DEBUG, 1907 "MLD: Doing an ML probe for missing links 0x%04x", 1908 missing_links); 1909 1910 freqs = os_malloc(sizeof(int) * 2); 1911 if (!freqs) 1912 return 0; 1913 1914 wpa_s->ml_connect_probe_ssid = ssid; 1915 wpa_s->ml_connect_probe_bss = selected; 1916 1917 freqs[0] = selected->freq; 1918 freqs[1] = 0; 1919 1920 wpa_s->manual_scan_passive = 0; 1921 wpa_s->manual_scan_use_id = 0; 1922 wpa_s->manual_scan_only_new = 0; 1923 wpa_s->scan_id_count = 0; 1924 os_free(wpa_s->manual_scan_freqs); 1925 wpa_s->manual_scan_freqs = freqs; 1926 1927 os_memcpy(wpa_s->ml_probe_bssid, selected->bssid, ETH_ALEN); 1928 1929 /* 1930 * In case the ML probe request is intended to retrieve information from 1931 * the transmitted BSS, the AP MLD ID should be included and should be 1932 * set to zero. 1933 * In case the ML probe requested is intended to retrieve information 1934 * from a non-transmitted BSS, the AP MLD ID should not be included. 1935 */ 1936 if (ap_mld_id) 1937 wpa_s->ml_probe_mld_id = -1; 1938 else 1939 wpa_s->ml_probe_mld_id = 0; 1940 1941 if (ssid && ssid->ssid_len) { 1942 os_free(wpa_s->ssids_from_scan_req); 1943 wpa_s->num_ssids_from_scan_req = 0; 1944 1945 wpa_s->ssids_from_scan_req = 1946 os_zalloc(sizeof(struct wpa_ssid_value)); 1947 if (wpa_s->ssids_from_scan_req) { 1948 wpa_printf(MSG_DEBUG, 1949 "MLD: ML probe: With direct SSID"); 1950 1951 wpa_s->num_ssids_from_scan_req = 1; 1952 wpa_s->ssids_from_scan_req[0].ssid_len = ssid->ssid_len; 1953 os_memcpy(wpa_s->ssids_from_scan_req[0].ssid, 1954 ssid->ssid, ssid->ssid_len); 1955 } 1956 } 1957 1958 wpa_s->ml_probe_links = missing_links; 1959 1960 wpa_s->normal_scans = 0; 1961 wpa_s->scan_req = MANUAL_SCAN_REQ; 1962 wpa_s->after_wps = 0; 1963 wpa_s->known_wps_freq = 0; 1964 wpa_supplicant_req_scan(wpa_s, 0, 0); 1965 1966 return 1; 1967 } 1968 1969 wpa_supplicant_connect(struct wpa_supplicant * wpa_s,struct wpa_bss * selected,struct wpa_ssid * ssid)1970 int wpa_supplicant_connect(struct wpa_supplicant *wpa_s, 1971 struct wpa_bss *selected, 1972 struct wpa_ssid *ssid) 1973 { 1974 #ifdef IEEE8021X_EAPOL 1975 if ((eap_is_wps_pbc_enrollee(&ssid->eap) && 1976 wpas_wps_partner_link_overlap_detect(wpa_s)) || 1977 wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) { 1978 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP 1979 "PBC session overlap"); 1980 wpas_notify_wps_event_pbc_overlap(wpa_s); 1981 wpa_s->wps_overlap = true; 1982 #ifdef CONFIG_P2P 1983 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT || 1984 wpa_s->p2p_in_provisioning) { 1985 eloop_register_timeout(0, 0, wpas_p2p_pbc_overlap_cb, 1986 wpa_s, NULL); 1987 return -1; 1988 } 1989 #endif /* CONFIG_P2P */ 1990 1991 #ifdef CONFIG_WPS 1992 wpas_wps_pbc_overlap(wpa_s); 1993 wpas_wps_cancel(wpa_s); 1994 #endif /* CONFIG_WPS */ 1995 return -1; 1996 } 1997 #endif /* IEEE8021X_EAPOL */ 1998 1999 wpa_msg(wpa_s, MSG_DEBUG, 2000 "Considering connect request: reassociate: %d selected: " 2001 MACSTR " bssid: " MACSTR " pending: " MACSTR 2002 " wpa_state: %s ssid=%p current_ssid=%p", 2003 wpa_s->reassociate, MAC2STR(selected->bssid), 2004 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid), 2005 wpa_supplicant_state_txt(wpa_s->wpa_state), 2006 ssid, wpa_s->current_ssid); 2007 2008 /* 2009 * Do not trigger new association unless the BSSID has changed or if 2010 * reassociation is requested. If we are in process of associating with 2011 * the selected BSSID, do not trigger new attempt. 2012 */ 2013 if (wpa_s->reassociate || 2014 (!ether_addr_equal(selected->bssid, wpa_s->bssid) && 2015 ((wpa_s->wpa_state != WPA_ASSOCIATING && 2016 wpa_s->wpa_state != WPA_AUTHENTICATING) || 2017 (!is_zero_ether_addr(wpa_s->pending_bssid) && 2018 !ether_addr_equal(selected->bssid, wpa_s->pending_bssid)) || 2019 (is_zero_ether_addr(wpa_s->pending_bssid) && 2020 ssid != wpa_s->current_ssid)))) { 2021 if (wpa_supplicant_scard_init(wpa_s, ssid)) { 2022 wpa_supplicant_req_new_scan(wpa_s, 10, 0); 2023 return 0; 2024 } 2025 2026 if (wpa_supplicant_connect_ml_missing(wpa_s, selected, ssid)) 2027 return 0; 2028 2029 wpa_msg(wpa_s, MSG_DEBUG, "Request association with " MACSTR, 2030 MAC2STR(selected->bssid)); 2031 wpa_supplicant_associate(wpa_s, selected, ssid); 2032 } else { 2033 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated or trying to " 2034 "connect with the selected AP"); 2035 } 2036 2037 return 0; 2038 } 2039 2040 2041 static struct wpa_ssid * wpa_supplicant_pick_new_network(struct wpa_supplicant * wpa_s)2042 wpa_supplicant_pick_new_network(struct wpa_supplicant *wpa_s) 2043 { 2044 size_t prio; 2045 struct wpa_ssid *ssid; 2046 2047 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) { 2048 for (ssid = wpa_s->conf->pssid[prio]; ssid; ssid = ssid->pnext) 2049 { 2050 if (wpas_network_disabled(wpa_s, ssid)) 2051 continue; 2052 #ifndef CONFIG_IBSS_RSN 2053 if (ssid->mode == WPAS_MODE_IBSS && 2054 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | 2055 WPA_KEY_MGMT_WPA_NONE))) { 2056 wpa_msg(wpa_s, MSG_INFO, 2057 "IBSS RSN not supported in the build - cannot use the profile for SSID '%s'", 2058 wpa_ssid_txt(ssid->ssid, 2059 ssid->ssid_len)); 2060 continue; 2061 } 2062 #endif /* !CONFIG_IBSS_RSN */ 2063 if (ssid->mode == WPAS_MODE_IBSS || 2064 ssid->mode == WPAS_MODE_AP || 2065 ssid->mode == WPAS_MODE_MESH) 2066 return ssid; 2067 } 2068 } 2069 return NULL; 2070 } 2071 2072 2073 /* TODO: move the rsn_preauth_scan_result*() to be called from notify.c based 2074 * on BSS added and BSS changed events */ wpa_supplicant_rsn_preauth_scan_results(struct wpa_supplicant * wpa_s)2075 static void wpa_supplicant_rsn_preauth_scan_results( 2076 struct wpa_supplicant *wpa_s) 2077 { 2078 struct wpa_bss *bss; 2079 2080 if (rsn_preauth_scan_results(wpa_s->wpa) < 0) 2081 return; 2082 2083 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 2084 const u8 *ssid, *rsn; 2085 2086 ssid = wpa_bss_get_ie(bss, WLAN_EID_SSID); 2087 if (ssid == NULL) 2088 continue; 2089 2090 rsn = wpa_bss_get_rsne(wpa_s, bss, NULL, false); 2091 if (rsn == NULL) 2092 continue; 2093 2094 rsn_preauth_scan_result(wpa_s->wpa, bss->bssid, ssid, rsn); 2095 } 2096 2097 } 2098 2099 2100 #ifndef CONFIG_NO_ROAMING 2101 wpas_get_snr_signal_info(u32 frequency,int avg_signal,int noise)2102 static int wpas_get_snr_signal_info(u32 frequency, int avg_signal, int noise) 2103 { 2104 if (noise == WPA_INVALID_NOISE) { 2105 if (IS_5GHZ(frequency)) { 2106 noise = DEFAULT_NOISE_FLOOR_5GHZ; 2107 } else if (is_6ghz_freq(frequency)) { 2108 noise = DEFAULT_NOISE_FLOOR_6GHZ; 2109 } else { 2110 noise = DEFAULT_NOISE_FLOOR_2GHZ; 2111 } 2112 } 2113 return avg_signal - noise; 2114 } 2115 2116 2117 static unsigned int wpas_get_est_throughput_from_bss_snr(const struct wpa_supplicant * wpa_s,const struct wpa_bss * bss,int snr)2118 wpas_get_est_throughput_from_bss_snr(const struct wpa_supplicant *wpa_s, 2119 const struct wpa_bss *bss, int snr) 2120 { 2121 int rate = wpa_bss_get_max_rate(bss); 2122 const u8 *ies = wpa_bss_ie_ptr(bss); 2123 size_t ie_len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len; 2124 enum chan_width max_cw = CHAN_WIDTH_UNKNOWN; 2125 2126 return wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, bss->freq, 2127 &max_cw); 2128 } 2129 2130 wpas_evaluate_band_score(int frequency)2131 static int wpas_evaluate_band_score(int frequency) 2132 { 2133 if (is_6ghz_freq(frequency)) 2134 return 2; 2135 if (IS_5GHZ(frequency)) 2136 return 1; 2137 return 0; 2138 } 2139 2140 wpa_supplicant_need_to_roam_within_ess(struct wpa_supplicant * wpa_s,struct wpa_bss * current_bss,struct wpa_bss * selected,bool poll_current)2141 int wpa_supplicant_need_to_roam_within_ess(struct wpa_supplicant *wpa_s, 2142 struct wpa_bss *current_bss, 2143 struct wpa_bss *selected, 2144 bool poll_current) 2145 { 2146 int min_diff, diff; 2147 int cur_band_score, sel_band_score; 2148 int to_5ghz, to_6ghz; 2149 int cur_level, sel_level; 2150 unsigned int cur_est, sel_est; 2151 struct wpa_signal_info si; 2152 int cur_snr = 0; 2153 int ret = 0; 2154 const u8 *cur_ies = wpa_bss_ie_ptr(current_bss); 2155 const u8 *sel_ies = wpa_bss_ie_ptr(selected); 2156 size_t cur_ie_len = current_bss->ie_len ? current_bss->ie_len : 2157 current_bss->beacon_ie_len; 2158 size_t sel_ie_len = selected->ie_len ? selected->ie_len : 2159 selected->beacon_ie_len; 2160 2161 wpa_dbg(wpa_s, MSG_DEBUG, "Considering within-ESS reassociation"); 2162 wpa_dbg(wpa_s, MSG_DEBUG, "Current BSS: " MACSTR 2163 " freq=%d level=%d snr=%d est_throughput=%u", 2164 MAC2STR(current_bss->bssid), 2165 current_bss->freq, current_bss->level, 2166 current_bss->snr, current_bss->est_throughput); 2167 wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS: " MACSTR 2168 " freq=%d level=%d snr=%d est_throughput=%u", 2169 MAC2STR(selected->bssid), selected->freq, selected->level, 2170 selected->snr, selected->est_throughput); 2171 2172 if (wpas_ap_link_address(wpa_s, selected->bssid)) { 2173 wpa_dbg(wpa_s, MSG_DEBUG, "MLD: associated to selected BSS"); 2174 return 0; 2175 } 2176 2177 if (wpa_s->current_ssid->bssid_set && 2178 ether_addr_equal(selected->bssid, wpa_s->current_ssid->bssid)) { 2179 wpa_dbg(wpa_s, MSG_DEBUG, "Allow reassociation - selected BSS " 2180 "has preferred BSSID"); 2181 return 1; 2182 } 2183 2184 /* 2185 * Try to poll the signal from the driver since this will allow to get 2186 * more accurate values. In some cases, there can be big differences 2187 * between the RSSI of the Probe Response frames of the AP we are 2188 * associated with and the Beacon frames we hear from the same AP after 2189 * association. This can happen, e.g., when there are two antennas that 2190 * hear the AP very differently. If the driver chooses to hear the 2191 * Probe Response frames during the scan on the "bad" antenna because 2192 * it wants to save power, but knows to choose the other antenna after 2193 * association, we will hear our AP with a low RSSI as part of the 2194 * scan even when we can hear it decently on the other antenna. To cope 2195 * with this, ask the driver to teach us how it hears the AP. Also, the 2196 * scan results may be a bit old, since we can very quickly get fresh 2197 * information about our currently associated AP. 2198 */ 2199 if (poll_current && wpa_drv_signal_poll(wpa_s, &si) == 0 && 2200 (si.data.avg_beacon_signal || si.data.avg_signal)) { 2201 /* 2202 * Normalize avg_signal to the RSSI over 20 MHz, as the 2203 * throughput is estimated based on the RSSI over 20 MHz 2204 */ 2205 cur_level = si.data.avg_beacon_signal ? 2206 si.data.avg_beacon_signal : 2207 (si.data.avg_signal - 2208 wpas_channel_width_rssi_bump(cur_ies, cur_ie_len, 2209 si.chanwidth)); 2210 cur_snr = wpas_get_snr_signal_info(si.frequency, cur_level, 2211 si.current_noise); 2212 2213 cur_est = wpas_get_est_throughput_from_bss_snr(wpa_s, 2214 current_bss, 2215 cur_snr); 2216 wpa_dbg(wpa_s, MSG_DEBUG, 2217 "Using signal poll values for the current BSS: level=%d snr=%d est_throughput=%u", 2218 cur_level, cur_snr, cur_est); 2219 } else { 2220 /* Level and SNR are measured over 20 MHz channel */ 2221 cur_level = current_bss->level; 2222 cur_snr = current_bss->snr; 2223 cur_est = current_bss->est_throughput; 2224 } 2225 2226 /* Adjust the SNR of BSSes based on the channel width. */ 2227 cur_level += wpas_channel_width_rssi_bump(cur_ies, cur_ie_len, 2228 current_bss->max_cw); 2229 cur_snr = wpas_adjust_snr_by_chanwidth(cur_ies, cur_ie_len, 2230 current_bss->max_cw, cur_snr); 2231 2232 sel_est = selected->est_throughput; 2233 sel_level = selected->level + 2234 wpas_channel_width_rssi_bump(sel_ies, sel_ie_len, 2235 selected->max_cw); 2236 2237 if (sel_est > cur_est + 5000) { 2238 wpa_dbg(wpa_s, MSG_DEBUG, 2239 "Allow reassociation - selected BSS has better estimated throughput"); 2240 return 1; 2241 } 2242 2243 to_5ghz = selected->freq > 4000 && current_bss->freq < 4000; 2244 to_6ghz = is_6ghz_freq(selected->freq) && 2245 !is_6ghz_freq(current_bss->freq); 2246 2247 if (cur_level < 0 && 2248 cur_level > sel_level + to_5ghz * 2 + to_6ghz * 2 && 2249 sel_est < cur_est * 1.2) { 2250 wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - Current BSS has better " 2251 "signal level"); 2252 return 0; 2253 } 2254 2255 if (cur_est > sel_est + 5000) { 2256 wpa_dbg(wpa_s, MSG_DEBUG, 2257 "Skip roam - Current BSS has better estimated throughput"); 2258 return 0; 2259 } 2260 2261 if (cur_snr > GREAT_SNR) { 2262 wpa_dbg(wpa_s, MSG_DEBUG, 2263 "Skip roam - Current BSS has good SNR (%u > %u)", 2264 cur_snr, GREAT_SNR); 2265 return 0; 2266 } 2267 2268 if (cur_level < -85) /* ..-86 dBm */ 2269 min_diff = 1; 2270 else if (cur_level < -80) /* -85..-81 dBm */ 2271 min_diff = 2; 2272 else if (cur_level < -75) /* -80..-76 dBm */ 2273 min_diff = 3; 2274 else if (cur_level < -70) /* -75..-71 dBm */ 2275 min_diff = 4; 2276 else if (cur_level < 0) /* -70..-1 dBm */ 2277 min_diff = 5; 2278 else /* unspecified units (not in dBm) */ 2279 min_diff = 2; 2280 2281 if (cur_est > sel_est * 1.5) 2282 min_diff += 10; 2283 else if (cur_est > sel_est * 1.2) 2284 min_diff += 5; 2285 else if (cur_est > sel_est * 1.1) 2286 min_diff += 2; 2287 else if (cur_est > sel_est) 2288 min_diff++; 2289 else if (sel_est > cur_est * 1.5) 2290 min_diff -= 10; 2291 else if (sel_est > cur_est * 1.2) 2292 min_diff -= 5; 2293 else if (sel_est > cur_est * 1.1) 2294 min_diff -= 2; 2295 else if (sel_est > cur_est) 2296 min_diff--; 2297 2298 cur_band_score = wpas_evaluate_band_score(current_bss->freq); 2299 sel_band_score = wpas_evaluate_band_score(selected->freq); 2300 min_diff += (cur_band_score - sel_band_score) * 2; 2301 if (wpa_s->signal_threshold && cur_level <= wpa_s->signal_threshold && 2302 sel_level > wpa_s->signal_threshold) 2303 min_diff -= 2; 2304 diff = sel_level - cur_level; 2305 if (diff < min_diff) { 2306 wpa_dbg(wpa_s, MSG_DEBUG, 2307 "Skip roam - too small difference in signal level (%d < %d)", 2308 diff, min_diff); 2309 ret = 0; 2310 } else { 2311 wpa_dbg(wpa_s, MSG_DEBUG, 2312 "Allow reassociation due to difference in signal level (%d >= %d)", 2313 diff, min_diff); 2314 ret = 1; 2315 } 2316 wpa_msg_ctrl(wpa_s, MSG_INFO, "%scur_bssid=" MACSTR 2317 " cur_freq=%d cur_level=%d cur_est=%d sel_bssid=" MACSTR 2318 " sel_freq=%d sel_level=%d sel_est=%d", 2319 ret ? WPA_EVENT_DO_ROAM : WPA_EVENT_SKIP_ROAM, 2320 MAC2STR(current_bss->bssid), 2321 current_bss->freq, cur_level, cur_est, 2322 MAC2STR(selected->bssid), 2323 selected->freq, sel_level, sel_est); 2324 return ret; 2325 } 2326 2327 #endif /* CONFIG_NO_ROAMING */ 2328 2329 wpa_supplicant_need_to_roam(struct wpa_supplicant * wpa_s,struct wpa_bss * selected,struct wpa_ssid * ssid)2330 static int wpa_supplicant_need_to_roam(struct wpa_supplicant *wpa_s, 2331 struct wpa_bss *selected, 2332 struct wpa_ssid *ssid) 2333 { 2334 struct wpa_bss *current_bss = NULL; 2335 const u8 *bssid; 2336 2337 if (wpa_s->reassociate) 2338 return 1; /* explicit request to reassociate */ 2339 if (wpa_s->wpa_state < WPA_ASSOCIATED) 2340 return 1; /* we are not associated; continue */ 2341 if (wpa_s->current_ssid == NULL) 2342 return 1; /* unknown current SSID */ 2343 if (wpa_s->current_ssid != ssid) 2344 return 1; /* different network block */ 2345 2346 if (wpas_driver_bss_selection(wpa_s)) 2347 return 0; /* Driver-based roaming */ 2348 2349 if (wpa_s->valid_links) 2350 bssid = wpa_s->links[wpa_s->mlo_assoc_link_id].bssid; 2351 else 2352 bssid = wpa_s->bssid; 2353 2354 if (wpa_s->current_ssid->ssid) 2355 current_bss = wpa_bss_get(wpa_s, bssid, 2356 wpa_s->current_ssid->ssid, 2357 wpa_s->current_ssid->ssid_len); 2358 if (!current_bss) 2359 current_bss = wpa_bss_get_bssid(wpa_s, bssid); 2360 2361 if (!current_bss) 2362 return 1; /* current BSS not seen in scan results */ 2363 2364 if (current_bss == selected) 2365 return 0; 2366 2367 if (selected->last_update_idx > current_bss->last_update_idx) 2368 return 1; /* current BSS not seen in the last scan */ 2369 2370 #ifndef CONFIG_NO_ROAMING 2371 return wpa_supplicant_need_to_roam_within_ess(wpa_s, current_bss, 2372 selected, true); 2373 #else /* CONFIG_NO_ROAMING */ 2374 return 0; 2375 #endif /* CONFIG_NO_ROAMING */ 2376 } 2377 2378 wpas_trigger_6ghz_scan(struct wpa_supplicant * wpa_s,union wpa_event_data * data)2379 static int wpas_trigger_6ghz_scan(struct wpa_supplicant *wpa_s, 2380 union wpa_event_data *data) 2381 { 2382 struct wpa_driver_scan_params params; 2383 unsigned int j; 2384 2385 wpa_dbg(wpa_s, MSG_INFO, "Triggering 6GHz-only scan"); 2386 os_memset(¶ms, 0, sizeof(params)); 2387 params.non_coloc_6ghz = wpa_s->last_scan_non_coloc_6ghz; 2388 for (j = 0; j < data->scan_info.num_ssids; j++) 2389 params.ssids[j] = data->scan_info.ssids[j]; 2390 params.num_ssids = data->scan_info.num_ssids; 2391 wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, ¶ms, 2392 true, false, false); 2393 if (!wpa_supplicant_trigger_scan(wpa_s, ¶ms, true, true)) { 2394 wpa_s->scan_in_progress_6ghz = true; 2395 wpas_notify_scan_in_progress_6ghz(wpa_s); 2396 os_free(params.freqs); 2397 return 1; 2398 } 2399 wpa_dbg(wpa_s, MSG_INFO, "Failed to trigger 6GHz-only scan"); 2400 os_free(params.freqs); 2401 return 0; 2402 } 2403 2404 wpas_short_ssid_match(struct wpa_supplicant * wpa_s,struct wpa_scan_results * scan_res)2405 static bool wpas_short_ssid_match(struct wpa_supplicant *wpa_s, 2406 struct wpa_scan_results *scan_res) 2407 { 2408 size_t i; 2409 struct wpa_ssid *ssid = wpa_s->current_ssid; 2410 u32 current_ssid_short = ieee80211_crc32(ssid->ssid, ssid->ssid_len); 2411 2412 for (i = 0; i < scan_res->num; i++) { 2413 struct wpa_scan_res *res = scan_res->res[i]; 2414 const u8 *rnr_ie, *ie_end; 2415 const struct ieee80211_neighbor_ap_info *info; 2416 size_t left; 2417 2418 rnr_ie = wpa_scan_get_ie(res, WLAN_EID_REDUCED_NEIGHBOR_REPORT); 2419 if (!rnr_ie) 2420 continue; 2421 2422 ie_end = rnr_ie + 2 + rnr_ie[1]; 2423 rnr_ie += 2; 2424 2425 left = ie_end - rnr_ie; 2426 if (left < sizeof(struct ieee80211_neighbor_ap_info)) 2427 continue; 2428 2429 info = (const struct ieee80211_neighbor_ap_info *) rnr_ie; 2430 if (info->tbtt_info_len < 11) 2431 continue; /* short SSID not included */ 2432 left -= sizeof(struct ieee80211_neighbor_ap_info); 2433 rnr_ie += sizeof(struct ieee80211_neighbor_ap_info); 2434 2435 while (left >= info->tbtt_info_len && rnr_ie + 11 <= ie_end) { 2436 /* Skip TBTT offset and BSSID */ 2437 u32 short_ssid = WPA_GET_LE32(rnr_ie + 1 + ETH_ALEN); 2438 2439 if (short_ssid == current_ssid_short) 2440 return true; 2441 2442 left -= info->tbtt_info_len; 2443 rnr_ie += info->tbtt_info_len; 2444 } 2445 } 2446 2447 return false; 2448 } 2449 2450 2451 /* 2452 * Return a negative value if no scan results could be fetched or if scan 2453 * results should not be shared with other virtual interfaces. 2454 * Return 0 if scan results were fetched and may be shared with other 2455 * interfaces. 2456 * Return 1 if scan results may be shared with other virtual interfaces but may 2457 * not trigger any operations. 2458 * Return 2 if the interface was removed and cannot be used. 2459 */ _wpa_supplicant_event_scan_results(struct wpa_supplicant * wpa_s,union wpa_event_data * data,int own_request,int update_only)2460 static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, 2461 union wpa_event_data *data, 2462 int own_request, int update_only) 2463 { 2464 struct wpa_scan_results *scan_res = NULL; 2465 int ret = 0; 2466 int ap = 0; 2467 bool trigger_6ghz_scan; 2468 bool short_ssid_match_found = false; 2469 #ifndef CONFIG_NO_RANDOM_POOL 2470 size_t i, num; 2471 #endif /* CONFIG_NO_RANDOM_POOL */ 2472 2473 #ifdef CONFIG_AP 2474 if (wpa_s->ap_iface) 2475 ap = 1; 2476 #endif /* CONFIG_AP */ 2477 2478 trigger_6ghz_scan = wpa_s->crossed_6ghz_dom && 2479 wpa_s->last_scan_all_chan; 2480 wpa_s->crossed_6ghz_dom = false; 2481 wpa_s->last_scan_all_chan = false; 2482 2483 wpa_supplicant_notify_scanning(wpa_s, 0); 2484 2485 scan_res = wpa_supplicant_get_scan_results(wpa_s, 2486 data ? &data->scan_info : 2487 NULL, 1, NULL); 2488 2489 if (wpa_s->scan_in_progress_6ghz) { 2490 wpa_s->scan_in_progress_6ghz = false; 2491 wpas_notify_scan_in_progress_6ghz(wpa_s); 2492 } 2493 2494 if (scan_res == NULL) { 2495 if (wpa_s->conf->ap_scan == 2 || ap || 2496 wpa_s->scan_res_handler == scan_only_handler) 2497 return -1; 2498 if (!own_request) 2499 return -1; 2500 if (data && data->scan_info.external_scan) 2501 return -1; 2502 if (wpa_s->scan_res_fail_handler) { 2503 void (*handler)(struct wpa_supplicant *wpa_s); 2504 2505 handler = wpa_s->scan_res_fail_handler; 2506 wpa_s->scan_res_fail_handler = NULL; 2507 handler(wpa_s); 2508 } else { 2509 wpa_dbg(wpa_s, MSG_DEBUG, 2510 "Failed to get scan results - try scanning again"); 2511 wpa_supplicant_req_new_scan(wpa_s, 1, 0); 2512 } 2513 2514 ret = -1; 2515 goto scan_work_done; 2516 } 2517 2518 #ifndef CONFIG_NO_RANDOM_POOL 2519 num = scan_res->num; 2520 if (num > 10) 2521 num = 10; 2522 for (i = 0; i < num; i++) { 2523 u8 buf[5]; 2524 struct wpa_scan_res *res = scan_res->res[i]; 2525 buf[0] = res->bssid[5]; 2526 buf[1] = res->qual & 0xff; 2527 buf[2] = res->noise & 0xff; 2528 buf[3] = res->level & 0xff; 2529 buf[4] = res->tsf & 0xff; 2530 random_add_randomness(buf, sizeof(buf)); 2531 } 2532 #endif /* CONFIG_NO_RANDOM_POOL */ 2533 2534 if (data) { 2535 size_t idx; 2536 2537 wpa_s->last_scan_external = data->scan_info.external_scan; 2538 wpa_s->last_scan_num_ssids = data->scan_info.num_ssids; 2539 for (idx = 0; idx < wpa_s->last_scan_num_ssids; idx++) { 2540 /* Copy the SSID and its length */ 2541 if (idx >= WPAS_MAX_SCAN_SSIDS || 2542 data->scan_info.ssids[idx].ssid_len > SSID_MAX_LEN) 2543 continue; 2544 2545 os_memcpy(wpa_s->last_scan_ssids[idx].ssid, 2546 data->scan_info.ssids[idx].ssid, 2547 data->scan_info.ssids[idx].ssid_len); 2548 wpa_s->last_scan_ssids[idx].ssid_len = 2549 data->scan_info.ssids[idx].ssid_len; 2550 } 2551 } else { 2552 wpa_s->last_scan_external = false; 2553 wpa_s->last_scan_num_ssids = 0; 2554 } 2555 2556 if (update_only) { 2557 ret = 1; 2558 goto scan_work_done; 2559 } 2560 2561 if (own_request && wpa_s->scan_res_handler && 2562 !(data && data->scan_info.external_scan)) { 2563 void (*scan_res_handler)(struct wpa_supplicant *wpa_s, 2564 struct wpa_scan_results *scan_res); 2565 2566 scan_res_handler = wpa_s->scan_res_handler; 2567 wpa_s->scan_res_handler = NULL; 2568 scan_res_handler(wpa_s, scan_res); 2569 ret = 1; 2570 goto scan_work_done; 2571 } 2572 2573 wpa_dbg(wpa_s, MSG_DEBUG, "New scan results available (own=%u ext=%u)", 2574 wpa_s->own_scan_running, 2575 data ? data->scan_info.external_scan : 0); 2576 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 2577 wpa_s->manual_scan_use_id && wpa_s->own_scan_running && 2578 own_request && !(data && data->scan_info.external_scan)) { 2579 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 2580 wpa_s->manual_scan_id); 2581 wpa_s->manual_scan_use_id = 0; 2582 } else { 2583 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 2584 } 2585 wpas_notify_scan_results(wpa_s); 2586 2587 wpas_notify_scan_done(wpa_s, 1); 2588 2589 if (ap) { 2590 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore scan results in AP mode"); 2591 #ifdef CONFIG_AP 2592 if (wpa_s->ap_iface->scan_cb) 2593 wpa_s->ap_iface->scan_cb(wpa_s->ap_iface); 2594 #endif /* CONFIG_AP */ 2595 goto scan_work_done; 2596 } 2597 2598 if (data && data->scan_info.external_scan) { 2599 wpa_dbg(wpa_s, MSG_DEBUG, "Do not use results from externally requested scan operation for network selection"); 2600 wpa_scan_results_free(scan_res); 2601 return 0; 2602 } 2603 2604 if (sme_proc_obss_scan(wpa_s) > 0) 2605 goto scan_work_done; 2606 2607 #ifndef CONFIG_NO_RRM 2608 if (own_request && data && 2609 wpas_beacon_rep_scan_process(wpa_s, scan_res, &data->scan_info) > 0) 2610 goto scan_work_done; 2611 #endif /* CONFIG_NO_RRM */ 2612 2613 if (ml_link_probe_scan(wpa_s)) 2614 goto scan_work_done; 2615 2616 if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s))) 2617 goto scan_work_done; 2618 2619 if (autoscan_notify_scan(wpa_s, scan_res)) 2620 goto scan_work_done; 2621 2622 if (wpa_s->disconnected) { 2623 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 2624 goto scan_work_done; 2625 } 2626 2627 if (!wpas_driver_bss_selection(wpa_s) && 2628 bgscan_notify_scan(wpa_s, scan_res) == 1) 2629 goto scan_work_done; 2630 2631 wpas_wps_update_ap_info(wpa_s, scan_res); 2632 2633 if (wnm_scan_process(wpa_s, false) > 0) 2634 goto scan_work_done; 2635 2636 if (wpa_s->wpa_state >= WPA_AUTHENTICATING && 2637 wpa_s->wpa_state < WPA_COMPLETED) 2638 goto scan_work_done; 2639 2640 if (wpa_s->current_ssid && trigger_6ghz_scan && own_request && data && 2641 wpas_short_ssid_match(wpa_s, scan_res)) { 2642 wpa_dbg(wpa_s, MSG_INFO, "Short SSID match in scan results"); 2643 short_ssid_match_found = true; 2644 } 2645 2646 wpa_scan_results_free(scan_res); 2647 2648 if (own_request && wpa_s->scan_work) { 2649 struct wpa_radio_work *work = wpa_s->scan_work; 2650 wpa_s->scan_work = NULL; 2651 radio_work_done(work); 2652 } 2653 2654 os_free(wpa_s->last_scan_freqs); 2655 wpa_s->last_scan_freqs = NULL; 2656 wpa_s->num_last_scan_freqs = 0; 2657 if (own_request && data && 2658 data->scan_info.freqs && data->scan_info.num_freqs) { 2659 wpa_s->last_scan_freqs = os_malloc(sizeof(int) * 2660 data->scan_info.num_freqs); 2661 if (wpa_s->last_scan_freqs) { 2662 os_memcpy(wpa_s->last_scan_freqs, 2663 data->scan_info.freqs, 2664 sizeof(int) * data->scan_info.num_freqs); 2665 wpa_s->num_last_scan_freqs = data->scan_info.num_freqs; 2666 } 2667 } 2668 2669 if (wpa_s->supp_pbc_active && !wpas_wps_partner_link_scan_done(wpa_s)) 2670 return ret; 2671 2672 if (short_ssid_match_found && wpas_trigger_6ghz_scan(wpa_s, data) > 0) 2673 return 1; 2674 2675 return wpas_select_network_from_last_scan(wpa_s, 1, own_request, 2676 trigger_6ghz_scan, data); 2677 2678 scan_work_done: 2679 wpa_scan_results_free(scan_res); 2680 if (own_request && wpa_s->scan_work) { 2681 struct wpa_radio_work *work = wpa_s->scan_work; 2682 wpa_s->scan_work = NULL; 2683 radio_work_done(work); 2684 } 2685 return ret; 2686 } 2687 2688 2689 /** 2690 * Select a network from the last scan 2691 * @wpa_s: Pointer to wpa_supplicant data 2692 * @new_scan: Whether this function was called right after a scan has finished 2693 * @own_request: Whether the scan was requested by this interface 2694 * @trigger_6ghz_scan: Whether to trigger a 6ghz-only scan when applicable 2695 * @data: Scan data from scan that finished if applicable 2696 * 2697 * See _wpa_supplicant_event_scan_results() for return values. 2698 */ wpas_select_network_from_last_scan(struct wpa_supplicant * wpa_s,int new_scan,int own_request,bool trigger_6ghz_scan,union wpa_event_data * data)2699 static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s, 2700 int new_scan, int own_request, 2701 bool trigger_6ghz_scan, 2702 union wpa_event_data *data) 2703 { 2704 struct wpa_bss *selected; 2705 struct wpa_ssid *ssid = NULL; 2706 int time_to_reenable = wpas_reenabled_network_time(wpa_s); 2707 2708 if (time_to_reenable > 0) { 2709 wpa_dbg(wpa_s, MSG_DEBUG, 2710 "Postpone network selection by %d seconds since all networks are disabled", 2711 time_to_reenable); 2712 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL); 2713 eloop_register_timeout(time_to_reenable, 0, 2714 wpas_network_reenabled, wpa_s, NULL); 2715 return 0; 2716 } 2717 2718 if (wpa_s->p2p_mgmt) 2719 return 0; /* no normal connection on p2p_mgmt interface */ 2720 2721 wpa_s->owe_transition_search = 0; 2722 #ifdef CONFIG_OWE 2723 os_free(wpa_s->owe_trans_scan_freq); 2724 wpa_s->owe_trans_scan_freq = NULL; 2725 #endif /* CONFIG_OWE */ 2726 selected = wpa_supplicant_pick_network(wpa_s, &ssid); 2727 2728 #ifdef CONFIG_MESH 2729 if (wpa_s->ifmsh) { 2730 wpa_msg(wpa_s, MSG_INFO, 2731 "Avoiding join because we already joined a mesh group"); 2732 return 0; 2733 } 2734 #endif /* CONFIG_MESH */ 2735 2736 if (selected) { 2737 int skip; 2738 skip = !wpa_supplicant_need_to_roam(wpa_s, selected, ssid); 2739 if (skip) { 2740 if (new_scan) 2741 wpa_supplicant_rsn_preauth_scan_results(wpa_s); 2742 return 0; 2743 } 2744 2745 wpa_s->suitable_network++; 2746 2747 if (ssid != wpa_s->current_ssid && 2748 wpa_s->wpa_state >= WPA_AUTHENTICATING) { 2749 wpa_s->own_disconnect_req = 1; 2750 wpa_supplicant_deauthenticate( 2751 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 2752 } 2753 2754 if (wpa_supplicant_connect(wpa_s, selected, ssid) < 0) { 2755 wpa_dbg(wpa_s, MSG_DEBUG, "Connect failed"); 2756 return -1; 2757 } 2758 wpa_s->supp_pbc_active = false; 2759 2760 if (new_scan) 2761 wpa_supplicant_rsn_preauth_scan_results(wpa_s); 2762 /* 2763 * Do not allow other virtual radios to trigger operations based 2764 * on these scan results since we do not want them to start 2765 * other associations at the same time. 2766 */ 2767 return 1; 2768 } else { 2769 wpa_s->no_suitable_network++; 2770 wpa_dbg(wpa_s, MSG_DEBUG, "No suitable network found"); 2771 ssid = wpa_supplicant_pick_new_network(wpa_s); 2772 if (ssid) { 2773 wpa_dbg(wpa_s, MSG_DEBUG, "Setup a new network"); 2774 wpa_supplicant_associate(wpa_s, NULL, ssid); 2775 if (new_scan) 2776 wpa_supplicant_rsn_preauth_scan_results(wpa_s); 2777 } else if (own_request) { 2778 if (wpa_s->support_6ghz && trigger_6ghz_scan && data && 2779 wpas_trigger_6ghz_scan(wpa_s, data) > 0) 2780 return 1; 2781 2782 /* 2783 * No SSID found. If SCAN results are as a result of 2784 * own scan request and not due to a scan request on 2785 * another shared interface, try another scan. 2786 */ 2787 int timeout_sec = wpa_s->scan_interval; 2788 int timeout_usec = 0; 2789 #ifdef CONFIG_P2P 2790 int res; 2791 2792 res = wpas_p2p_scan_no_go_seen(wpa_s); 2793 if (res == 2) 2794 return 2; 2795 if (res == 1) 2796 return 0; 2797 2798 if (wpas_p2p_retry_limit_exceeded(wpa_s)) 2799 return 0; 2800 2801 if (wpa_s->p2p_in_provisioning || 2802 wpa_s->show_group_started || 2803 wpa_s->p2p_in_invitation) { 2804 /* 2805 * Use shorter wait during P2P Provisioning 2806 * state and during P2P join-a-group operation 2807 * to speed up group formation. 2808 */ 2809 timeout_sec = 0; 2810 timeout_usec = 250000; 2811 wpa_supplicant_req_new_scan(wpa_s, timeout_sec, 2812 timeout_usec); 2813 return 0; 2814 } 2815 #endif /* CONFIG_P2P */ 2816 #ifdef CONFIG_INTERWORKING 2817 if (wpa_s->conf->auto_interworking && 2818 wpa_s->conf->interworking && 2819 wpa_s->conf->cred) { 2820 wpa_dbg(wpa_s, MSG_DEBUG, "Interworking: " 2821 "start ANQP fetch since no matching " 2822 "networks found"); 2823 wpa_s->network_select = 1; 2824 wpa_s->auto_network_select = 1; 2825 interworking_start_fetch_anqp(wpa_s); 2826 return 1; 2827 } 2828 #endif /* CONFIG_INTERWORKING */ 2829 #ifdef CONFIG_WPS 2830 if (wpa_s->after_wps > 0 || wpas_wps_searching(wpa_s)) { 2831 wpa_dbg(wpa_s, MSG_DEBUG, "Use shorter wait during WPS processing"); 2832 timeout_sec = 0; 2833 timeout_usec = 500000; 2834 wpa_supplicant_req_new_scan(wpa_s, timeout_sec, 2835 timeout_usec); 2836 return 0; 2837 } 2838 #endif /* CONFIG_WPS */ 2839 #ifdef CONFIG_OWE 2840 if (wpa_s->owe_transition_search) { 2841 wpa_dbg(wpa_s, MSG_DEBUG, 2842 "OWE: Use shorter wait during transition mode search"); 2843 timeout_sec = 0; 2844 timeout_usec = 500000; 2845 if (wpa_s->owe_trans_scan_freq) { 2846 os_free(wpa_s->next_scan_freqs); 2847 wpa_s->next_scan_freqs = 2848 wpa_s->owe_trans_scan_freq; 2849 wpa_s->owe_trans_scan_freq = NULL; 2850 timeout_usec = 100000; 2851 } 2852 wpa_supplicant_req_new_scan(wpa_s, timeout_sec, 2853 timeout_usec); 2854 return 0; 2855 } 2856 #endif /* CONFIG_OWE */ 2857 if (wpa_supplicant_req_sched_scan(wpa_s)) 2858 wpa_supplicant_req_new_scan(wpa_s, timeout_sec, 2859 timeout_usec); 2860 2861 wpa_msg_ctrl(wpa_s, MSG_INFO, 2862 WPA_EVENT_NETWORK_NOT_FOUND); 2863 } 2864 } 2865 return 0; 2866 } 2867 2868 wpa_supplicant_event_scan_results(struct wpa_supplicant * wpa_s,union wpa_event_data * data)2869 static int wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s, 2870 union wpa_event_data *data) 2871 { 2872 struct wpa_supplicant *ifs; 2873 int res; 2874 2875 res = _wpa_supplicant_event_scan_results(wpa_s, data, 1, 0); 2876 if (res == 2) { 2877 /* 2878 * Interface may have been removed, so must not dereference 2879 * wpa_s after this. 2880 */ 2881 return 1; 2882 } 2883 2884 if (res < 0) { 2885 /* 2886 * If no scan results could be fetched, then no need to 2887 * notify those interfaces that did not actually request 2888 * this scan. Similarly, if scan results started a new operation on this 2889 * interface, do not notify other interfaces to avoid concurrent 2890 * operations during a connection attempt. 2891 */ 2892 return 0; 2893 } 2894 2895 /* 2896 * Check other interfaces to see if they share the same radio. If 2897 * so, they get updated with this same scan info. 2898 */ 2899 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant, 2900 radio_list) { 2901 if (ifs != wpa_s) { 2902 wpa_printf(MSG_DEBUG, "%s: Updating scan results from " 2903 "sibling", ifs->ifname); 2904 res = _wpa_supplicant_event_scan_results(ifs, data, 0, 2905 res > 0); 2906 if (res < 0) 2907 return 0; 2908 } 2909 } 2910 2911 return 0; 2912 } 2913 2914 #endif /* CONFIG_NO_SCAN_PROCESSING */ 2915 2916 wpa_supplicant_fast_associate(struct wpa_supplicant * wpa_s)2917 int wpa_supplicant_fast_associate(struct wpa_supplicant *wpa_s) 2918 { 2919 #ifdef CONFIG_NO_SCAN_PROCESSING 2920 return -1; 2921 #else /* CONFIG_NO_SCAN_PROCESSING */ 2922 struct os_reltime now; 2923 2924 wpa_s->ignore_post_flush_scan_res = 0; 2925 2926 if (wpa_s->last_scan_res_used == 0) 2927 return -1; 2928 2929 os_get_reltime(&now); 2930 if (os_reltime_expired(&now, &wpa_s->last_scan, 2931 wpa_s->conf->scan_res_valid_for_connect)) { 2932 wpa_printf(MSG_DEBUG, "Fast associate: Old scan results"); 2933 return -1; 2934 } else if (wpa_s->crossed_6ghz_dom) { 2935 wpa_printf(MSG_DEBUG, "Fast associate: Crossed 6 GHz domain"); 2936 return -1; 2937 } 2938 2939 return wpas_select_network_from_last_scan(wpa_s, 0, 1, false, NULL); 2940 #endif /* CONFIG_NO_SCAN_PROCESSING */ 2941 } 2942 2943 wpa_wps_supplicant_fast_associate(struct wpa_supplicant * wpa_s)2944 int wpa_wps_supplicant_fast_associate(struct wpa_supplicant *wpa_s) 2945 { 2946 #ifdef CONFIG_NO_SCAN_PROCESSING 2947 return -1; 2948 #else /* CONFIG_NO_SCAN_PROCESSING */ 2949 return wpas_select_network_from_last_scan(wpa_s, 1, 1, false, NULL); 2950 #endif /* CONFIG_NO_SCAN_PROCESSING */ 2951 } 2952 2953 2954 #ifdef CONFIG_WNM 2955 wnm_bss_keep_alive(void * eloop_ctx,void * sock_ctx)2956 static void wnm_bss_keep_alive(void *eloop_ctx, void *sock_ctx) 2957 { 2958 struct wpa_supplicant *wpa_s = eloop_ctx; 2959 2960 if (wpa_s->wpa_state < WPA_ASSOCIATED) 2961 return; 2962 2963 if (!wpa_s->no_keep_alive) { 2964 wpa_printf(MSG_DEBUG, "WNM: Send keep-alive to AP " MACSTR, 2965 MAC2STR(wpa_s->bssid)); 2966 /* TODO: could skip this if normal data traffic has been sent */ 2967 /* TODO: Consider using some more appropriate data frame for 2968 * this */ 2969 if (wpa_s->l2) 2970 l2_packet_send(wpa_s->l2, wpa_s->bssid, 0x0800, 2971 (u8 *) "", 0); 2972 } 2973 2974 #ifdef CONFIG_SME 2975 if (wpa_s->sme.bss_max_idle_period) { 2976 unsigned int msec; 2977 msec = wpa_s->sme.bss_max_idle_period * 1024; /* times 1000 */ 2978 if (msec > 100) 2979 msec -= 100; 2980 eloop_register_timeout(msec / 1000, msec % 1000 * 1000, 2981 wnm_bss_keep_alive, wpa_s, NULL); 2982 } 2983 #endif /* CONFIG_SME */ 2984 } 2985 2986 wnm_process_assoc_resp(struct wpa_supplicant * wpa_s,const u8 * ies,size_t ies_len)2987 static void wnm_process_assoc_resp(struct wpa_supplicant *wpa_s, 2988 const u8 *ies, size_t ies_len) 2989 { 2990 struct ieee802_11_elems elems; 2991 2992 if (ies == NULL) 2993 return; 2994 2995 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) 2996 return; 2997 2998 #ifdef CONFIG_SME 2999 if (elems.bss_max_idle_period) { 3000 unsigned int msec; 3001 wpa_s->sme.bss_max_idle_period = 3002 WPA_GET_LE16(elems.bss_max_idle_period); 3003 wpa_printf(MSG_DEBUG, "WNM: BSS Max Idle Period: %u (* 1000 " 3004 "TU)%s", wpa_s->sme.bss_max_idle_period, 3005 (elems.bss_max_idle_period[2] & 0x01) ? 3006 " (protected keep-live required)" : ""); 3007 if (wpa_s->sme.bss_max_idle_period == 0) 3008 wpa_s->sme.bss_max_idle_period = 1; 3009 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) { 3010 eloop_cancel_timeout(wnm_bss_keep_alive, wpa_s, NULL); 3011 /* msec times 1000 */ 3012 msec = wpa_s->sme.bss_max_idle_period * 1024; 3013 if (msec > 100) 3014 msec -= 100; 3015 eloop_register_timeout(msec / 1000, msec % 1000 * 1000, 3016 wnm_bss_keep_alive, wpa_s, 3017 NULL); 3018 } 3019 } else { 3020 wpa_s->sme.bss_max_idle_period = 0; 3021 } 3022 #endif /* CONFIG_SME */ 3023 } 3024 3025 #endif /* CONFIG_WNM */ 3026 3027 wnm_bss_keep_alive_deinit(struct wpa_supplicant * wpa_s)3028 void wnm_bss_keep_alive_deinit(struct wpa_supplicant *wpa_s) 3029 { 3030 #ifdef CONFIG_WNM 3031 eloop_cancel_timeout(wnm_bss_keep_alive, wpa_s, NULL); 3032 #endif /* CONFIG_WNM */ 3033 } 3034 3035 wpas_qos_map_set(struct wpa_supplicant * wpa_s,const u8 * qos_map,size_t len)3036 static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map, 3037 size_t len) 3038 { 3039 int res; 3040 3041 wpa_hexdump(MSG_DEBUG, "Interworking: QoS Map Set", qos_map, len); 3042 res = wpa_drv_set_qos_map(wpa_s, qos_map, len); 3043 if (res) { 3044 wpa_printf(MSG_DEBUG, "Interworking: Failed to configure QoS Map Set to the driver"); 3045 } 3046 3047 return res; 3048 } 3049 3050 interworking_process_assoc_resp(struct wpa_supplicant * wpa_s,const u8 * ies,size_t ies_len)3051 static void interworking_process_assoc_resp(struct wpa_supplicant *wpa_s, 3052 const u8 *ies, size_t ies_len) 3053 { 3054 struct ieee802_11_elems elems; 3055 3056 if (ies == NULL) 3057 return; 3058 3059 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) 3060 return; 3061 3062 if (elems.qos_map_set) { 3063 wpas_qos_map_set(wpa_s, elems.qos_map_set, 3064 elems.qos_map_set_len); 3065 } 3066 } 3067 3068 wpa_supplicant_set_4addr_mode(struct wpa_supplicant * wpa_s)3069 static void wpa_supplicant_set_4addr_mode(struct wpa_supplicant *wpa_s) 3070 { 3071 if (wpa_s->enabled_4addr_mode) { 3072 wpa_printf(MSG_DEBUG, "4addr mode already set"); 3073 return; 3074 } 3075 3076 if (wpa_drv_set_4addr_mode(wpa_s, 1) < 0) { 3077 wpa_msg(wpa_s, MSG_ERROR, "Failed to set 4addr mode"); 3078 goto fail; 3079 } 3080 wpa_s->enabled_4addr_mode = 1; 3081 wpa_dbg(wpa_s, MSG_DEBUG, "Successfully set 4addr mode"); 3082 return; 3083 3084 fail: 3085 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING); 3086 } 3087 3088 multi_ap_process_assoc_resp(struct wpa_supplicant * wpa_s,const u8 * ies,size_t ies_len)3089 static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s, 3090 const u8 *ies, size_t ies_len) 3091 { 3092 struct ieee802_11_elems elems; 3093 struct multi_ap_params multi_ap; 3094 u16 status; 3095 3096 wpa_s->multi_ap_ie = 0; 3097 3098 if (!ies || 3099 ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed || 3100 !elems.multi_ap) 3101 return; 3102 3103 status = check_multi_ap_ie(elems.multi_ap + 4, elems.multi_ap_len - 4, 3104 &multi_ap); 3105 if (status != WLAN_STATUS_SUCCESS) 3106 return; 3107 3108 wpa_s->multi_ap_backhaul = !!(multi_ap.capability & 3109 MULTI_AP_BACKHAUL_BSS); 3110 wpa_s->multi_ap_fronthaul = !!(multi_ap.capability & 3111 MULTI_AP_FRONTHAUL_BSS); 3112 wpa_s->multi_ap_ie = 1; 3113 } 3114 3115 multi_ap_set_4addr_mode(struct wpa_supplicant * wpa_s)3116 static void multi_ap_set_4addr_mode(struct wpa_supplicant *wpa_s) 3117 { 3118 if (!wpa_s->current_ssid || 3119 !wpa_s->current_ssid->multi_ap_backhaul_sta) 3120 return; 3121 3122 if (!wpa_s->multi_ap_ie) { 3123 wpa_printf(MSG_INFO, 3124 "AP does not include valid Multi-AP element"); 3125 goto fail; 3126 } 3127 3128 if (!wpa_s->multi_ap_backhaul) { 3129 if (wpa_s->multi_ap_fronthaul && 3130 wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) { 3131 wpa_printf(MSG_INFO, 3132 "WPS active, accepting fronthaul-only BSS"); 3133 /* Don't set 4addr mode in this case, so just return */ 3134 return; 3135 } 3136 wpa_printf(MSG_INFO, "AP doesn't support backhaul BSS"); 3137 goto fail; 3138 } 3139 3140 wpa_supplicant_set_4addr_mode(wpa_s); 3141 return; 3142 3143 fail: 3144 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING); 3145 } 3146 3147 3148 #ifdef CONFIG_FST wpas_fst_update_mbie(struct wpa_supplicant * wpa_s,const u8 * ie,size_t ie_len)3149 static int wpas_fst_update_mbie(struct wpa_supplicant *wpa_s, 3150 const u8 *ie, size_t ie_len) 3151 { 3152 struct mb_ies_info mb_ies; 3153 3154 if (!ie || !ie_len || !wpa_s->fst) 3155 return -ENOENT; 3156 3157 os_memset(&mb_ies, 0, sizeof(mb_ies)); 3158 3159 while (ie_len >= 2 && mb_ies.nof_ies < MAX_NOF_MB_IES_SUPPORTED) { 3160 size_t len; 3161 3162 len = 2 + ie[1]; 3163 if (len > ie_len) { 3164 wpa_hexdump(MSG_DEBUG, "FST: Truncated IE found", 3165 ie, ie_len); 3166 break; 3167 } 3168 3169 if (ie[0] == WLAN_EID_MULTI_BAND) { 3170 wpa_printf(MSG_DEBUG, "MB IE of %u bytes found", 3171 (unsigned int) len); 3172 mb_ies.ies[mb_ies.nof_ies].ie = ie + 2; 3173 mb_ies.ies[mb_ies.nof_ies].ie_len = len - 2; 3174 mb_ies.nof_ies++; 3175 } 3176 3177 ie_len -= len; 3178 ie += len; 3179 } 3180 3181 if (mb_ies.nof_ies > 0) { 3182 wpabuf_free(wpa_s->received_mb_ies); 3183 wpa_s->received_mb_ies = mb_ies_by_info(&mb_ies); 3184 return 0; 3185 } 3186 3187 return -ENOENT; 3188 } 3189 #endif /* CONFIG_FST */ 3190 3191 wpa_supplicant_use_own_rsne_params(struct wpa_supplicant * wpa_s,union wpa_event_data * data)3192 static int wpa_supplicant_use_own_rsne_params(struct wpa_supplicant *wpa_s, 3193 union wpa_event_data *data) 3194 { 3195 int sel; 3196 const u8 *p; 3197 int l, len; 3198 bool found = false; 3199 struct wpa_ie_data ie; 3200 struct wpa_ssid *ssid = wpa_s->current_ssid; 3201 struct wpa_bss *bss = wpa_s->current_bss; 3202 int pmf; 3203 3204 if (!ssid) 3205 return 0; 3206 3207 p = data->assoc_info.req_ies; 3208 l = data->assoc_info.req_ies_len; 3209 3210 while (p && l >= 2) { 3211 len = p[1] + 2; 3212 if (len > l) { 3213 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info", 3214 p, l); 3215 break; 3216 } 3217 if (((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 3218 (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) || 3219 (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 4 && 3220 (os_memcmp(&p[2], "\x50\x6F\x9A\x12", 4) == 0)) || 3221 (p[0] == WLAN_EID_RSN && p[1] >= 2))) { 3222 found = true; 3223 break; 3224 } 3225 l -= len; 3226 p += len; 3227 } 3228 3229 if (!found || wpa_parse_wpa_ie(p, len, &ie) < 0) { 3230 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, 0); 3231 return 0; 3232 } 3233 3234 wpa_hexdump(MSG_DEBUG, 3235 "WPA: Update cipher suite selection based on IEs in driver-generated WPA/RSNE in AssocReq", 3236 p, l); 3237 3238 /* Update proto from (Re)Association Request frame info */ 3239 wpa_s->wpa_proto = ie.proto; 3240 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, wpa_s->wpa_proto); 3241 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 3242 !!(wpa_s->wpa_proto & WPA_PROTO_RSN)); 3243 3244 /* Update AKMP suite from (Re)Association Request frame info */ 3245 sel = ie.key_mgmt; 3246 if (ssid->key_mgmt) 3247 sel &= ssid->key_mgmt; 3248 3249 wpa_dbg(wpa_s, MSG_DEBUG, 3250 "WPA: AP key_mgmt 0x%x network key_mgmt 0x%x; available key_mgmt 0x%x", 3251 ie.key_mgmt, ssid->key_mgmt, sel); 3252 if (ie.key_mgmt && !sel) { 3253 wpa_supplicant_deauthenticate( 3254 wpa_s, WLAN_REASON_AKMP_NOT_VALID); 3255 return -1; 3256 } 3257 3258 #ifdef CONFIG_OCV 3259 if (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) || 3260 (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV)) && ssid->ocv) 3261 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, 3262 !!(ie.capabilities & WPA_CAPABILITY_OCVC)); 3263 #endif /* CONFIG_OCV */ 3264 3265 /* 3266 * Update PMK in wpa_sm and the driver if roamed to WPA/WPA2 PSK from a 3267 * different AKM. 3268 */ 3269 if (wpa_s->key_mgmt != ie.key_mgmt && 3270 wpa_key_mgmt_wpa_psk_no_sae(ie.key_mgmt)) { 3271 if (!ssid->psk_set) { 3272 wpa_dbg(wpa_s, MSG_INFO, 3273 "No PSK available for association"); 3274 wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE", NULL); 3275 return -1; 3276 } 3277 3278 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL, NULL); 3279 if (wpa_s->conf->key_mgmt_offload && 3280 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD) && 3281 wpa_drv_set_key(wpa_s, -1, 0, NULL, 0, 0, NULL, 0, 3282 ssid->psk, PMK_LEN, KEY_FLAG_PMK)) 3283 wpa_dbg(wpa_s, MSG_ERROR, 3284 "WPA: Cannot set PMK for key management offload"); 3285 } 3286 3287 wpa_s->key_mgmt = ie.key_mgmt; 3288 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt); 3289 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT %s and proto %d", 3290 wpa_key_mgmt_txt(wpa_s->key_mgmt, wpa_s->wpa_proto), 3291 wpa_s->wpa_proto); 3292 3293 /* Update pairwise cipher from (Re)Association Request frame info */ 3294 sel = ie.pairwise_cipher; 3295 if (ssid->pairwise_cipher) 3296 sel &= ssid->pairwise_cipher; 3297 3298 wpa_dbg(wpa_s, MSG_DEBUG, 3299 "WPA: AP pairwise cipher 0x%x network pairwise cipher 0x%x; available pairwise cipher 0x%x", 3300 ie.pairwise_cipher, ssid->pairwise_cipher, sel); 3301 if (ie.pairwise_cipher && !sel) { 3302 wpa_supplicant_deauthenticate( 3303 wpa_s, WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID); 3304 return -1; 3305 } 3306 3307 wpa_s->pairwise_cipher = ie.pairwise_cipher; 3308 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE, 3309 wpa_s->pairwise_cipher); 3310 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s", 3311 wpa_cipher_txt(wpa_s->pairwise_cipher)); 3312 3313 /* Update other parameters based on AP's WPA IE/RSNE, if available */ 3314 if (!bss) { 3315 wpa_dbg(wpa_s, MSG_DEBUG, 3316 "WPA: current_bss == NULL - skip AP IE check"); 3317 return 0; 3318 } 3319 3320 /* Update GTK and IGTK from AP's RSNE */ 3321 found = false; 3322 3323 if (wpa_s->wpa_proto & WPA_PROTO_RSN) { 3324 const u8 *bss_rsn; 3325 3326 bss_rsn = wpa_bss_get_rsne(wpa_s, bss, ssid, 3327 wpa_s->valid_links); 3328 if (bss_rsn) { 3329 p = bss_rsn; 3330 len = 2 + bss_rsn[1]; 3331 found = true; 3332 } 3333 } else if (wpa_s->wpa_proto & WPA_PROTO_WPA) { 3334 const u8 *bss_wpa; 3335 3336 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 3337 if (bss_wpa) { 3338 p = bss_wpa; 3339 len = 2 + bss_wpa[1]; 3340 found = true; 3341 } 3342 } 3343 3344 if (!found || wpa_parse_wpa_ie(p, len, &ie) < 0) 3345 return 0; 3346 3347 pmf = wpas_get_ssid_pmf(wpa_s, ssid); 3348 if (!(ie.capabilities & WPA_CAPABILITY_MFPC) && 3349 pmf == MGMT_FRAME_PROTECTION_REQUIRED) { 3350 /* AP does not support MFP, local configuration requires it */ 3351 wpa_supplicant_deauthenticate( 3352 wpa_s, WLAN_REASON_INVALID_RSN_IE_CAPAB); 3353 return -1; 3354 } 3355 if ((ie.capabilities & WPA_CAPABILITY_MFPR) && 3356 pmf == NO_MGMT_FRAME_PROTECTION) { 3357 /* AP requires MFP, local configuration disables it */ 3358 wpa_supplicant_deauthenticate( 3359 wpa_s, WLAN_REASON_INVALID_RSN_IE_CAPAB); 3360 return -1; 3361 } 3362 3363 /* Update PMF from local configuration now that MFP validation was done 3364 * above */ 3365 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, pmf); 3366 3367 /* Update GTK from AP's RSNE */ 3368 sel = ie.group_cipher; 3369 if (ssid->group_cipher) 3370 sel &= ssid->group_cipher; 3371 3372 wpa_dbg(wpa_s, MSG_DEBUG, 3373 "WPA: AP group cipher 0x%x network group cipher 0x%x; available group cipher 0x%x", 3374 ie.group_cipher, ssid->group_cipher, sel); 3375 if (ie.group_cipher && !sel) { 3376 wpa_supplicant_deauthenticate( 3377 wpa_s, WLAN_REASON_GROUP_CIPHER_NOT_VALID); 3378 return -1; 3379 } 3380 3381 wpa_s->group_cipher = ie.group_cipher; 3382 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher); 3383 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s", 3384 wpa_cipher_txt(wpa_s->group_cipher)); 3385 3386 /* Update IGTK from AP RSN IE */ 3387 sel = ie.mgmt_group_cipher; 3388 if (ssid->group_mgmt_cipher) 3389 sel &= ssid->group_mgmt_cipher; 3390 3391 wpa_dbg(wpa_s, MSG_DEBUG, 3392 "WPA: AP mgmt_group_cipher 0x%x network mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x", 3393 ie.mgmt_group_cipher, ssid->group_mgmt_cipher, sel); 3394 3395 if (pmf == NO_MGMT_FRAME_PROTECTION || 3396 !(ie.capabilities & WPA_CAPABILITY_MFPC)) { 3397 wpa_dbg(wpa_s, MSG_DEBUG, 3398 "WPA: STA/AP is not MFP capable; AP RSNE caps 0x%x", 3399 ie.capabilities); 3400 ie.mgmt_group_cipher = 0; 3401 } 3402 3403 if (ie.mgmt_group_cipher && !sel) { 3404 wpa_supplicant_deauthenticate( 3405 wpa_s, WLAN_REASON_CIPHER_SUITE_REJECTED); 3406 return -1; 3407 } 3408 3409 wpa_s->mgmt_group_cipher = ie.mgmt_group_cipher; 3410 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP, 3411 wpa_s->mgmt_group_cipher); 3412 if (wpa_s->mgmt_group_cipher) 3413 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher %s", 3414 wpa_cipher_txt(wpa_s->mgmt_group_cipher)); 3415 else 3416 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher"); 3417 3418 return 0; 3419 } 3420 3421 wpa_supplicant_event_associnfo(struct wpa_supplicant * wpa_s,union wpa_event_data * data)3422 static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s, 3423 union wpa_event_data *data) 3424 { 3425 int l, len, found = 0, wpa_found, rsn_found; 3426 #ifndef CONFIG_NO_WPA 3427 int found_x = 0; 3428 #endif /* CONFIG_NO_WPA */ 3429 const u8 *p, *ie; 3430 u8 bssid[ETH_ALEN]; 3431 bool bssid_known; 3432 enum wpa_rsn_override rsn_override; 3433 3434 wpa_dbg(wpa_s, MSG_DEBUG, "Association info event"); 3435 wpa_s->ssid_verified = false; 3436 wpa_s->bigtk_set = false; 3437 #ifdef CONFIG_SAE 3438 #ifdef CONFIG_SME 3439 /* SAE H2E binds the SSID into PT and that verifies the SSID 3440 * implicitly. */ 3441 if (wpa_s->sme.sae.state == SAE_ACCEPTED && wpa_s->sme.sae.h2e) 3442 wpa_s->ssid_verified = true; 3443 #endif /* CONFIG_SME */ 3444 #endif /* CONFIG_SAE */ 3445 bssid_known = wpa_drv_get_bssid(wpa_s, bssid) == 0; 3446 if (data->assoc_info.req_ies) 3447 wpa_hexdump(MSG_DEBUG, "req_ies", data->assoc_info.req_ies, 3448 data->assoc_info.req_ies_len); 3449 if (data->assoc_info.resp_ies) { 3450 wpa_hexdump(MSG_DEBUG, "resp_ies", data->assoc_info.resp_ies, 3451 data->assoc_info.resp_ies_len); 3452 #ifdef CONFIG_TDLS 3453 wpa_tdls_assoc_resp_ies(wpa_s->wpa, data->assoc_info.resp_ies, 3454 data->assoc_info.resp_ies_len); 3455 #endif /* CONFIG_TDLS */ 3456 #ifdef CONFIG_WNM 3457 wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies, 3458 data->assoc_info.resp_ies_len); 3459 #endif /* CONFIG_WNM */ 3460 interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies, 3461 data->assoc_info.resp_ies_len); 3462 if ((wpa_s->hw_capab & BIT(CAPAB_VHT)) && 3463 get_ie(data->assoc_info.resp_ies, 3464 data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP)) 3465 wpa_s->ieee80211ac = 1; 3466 3467 multi_ap_process_assoc_resp(wpa_s, data->assoc_info.resp_ies, 3468 data->assoc_info.resp_ies_len); 3469 } 3470 if (data->assoc_info.beacon_ies) 3471 wpa_hexdump(MSG_DEBUG, "beacon_ies", 3472 data->assoc_info.beacon_ies, 3473 data->assoc_info.beacon_ies_len); 3474 if (data->assoc_info.freq) 3475 wpa_dbg(wpa_s, MSG_DEBUG, "freq=%u MHz", 3476 data->assoc_info.freq); 3477 3478 wpa_s->connection_set = 0; 3479 if (data->assoc_info.req_ies && data->assoc_info.resp_ies) { 3480 struct ieee802_11_elems req_elems, resp_elems; 3481 3482 if (ieee802_11_parse_elems(data->assoc_info.req_ies, 3483 data->assoc_info.req_ies_len, 3484 &req_elems, 0) != ParseFailed && 3485 ieee802_11_parse_elems(data->assoc_info.resp_ies, 3486 data->assoc_info.resp_ies_len, 3487 &resp_elems, 0) != ParseFailed) { 3488 wpa_s->connection_set = 1; 3489 wpa_s->connection_ht = req_elems.ht_capabilities && 3490 resp_elems.ht_capabilities; 3491 /* Do not include subset of VHT on 2.4 GHz vendor 3492 * extension in consideration for reporting VHT 3493 * association. */ 3494 wpa_s->connection_vht = req_elems.vht_capabilities && 3495 resp_elems.vht_capabilities && 3496 (!data->assoc_info.freq || 3497 wpas_freq_to_band(data->assoc_info.freq) != 3498 BAND_2_4_GHZ); 3499 wpa_s->connection_he = req_elems.he_capabilities && 3500 resp_elems.he_capabilities; 3501 wpa_s->connection_eht = req_elems.eht_capabilities && 3502 resp_elems.eht_capabilities; 3503 if (req_elems.rrm_enabled) 3504 wpa_s->rrm.rrm_used = 1; 3505 } 3506 } 3507 3508 p = data->assoc_info.req_ies; 3509 l = data->assoc_info.req_ies_len; 3510 3511 /* Go through the IEs and make a copy of the WPA/RSN IE, if present. */ 3512 while (p && l >= 2) { 3513 len = p[1] + 2; 3514 if (len > l) { 3515 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info", 3516 p, l); 3517 break; 3518 } 3519 if (!found && 3520 ((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 3521 (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) || 3522 (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 4 && 3523 (os_memcmp(&p[2], "\x50\x6F\x9A\x12", 4) == 0)) || 3524 (p[0] == WLAN_EID_RSN && p[1] >= 2))) { 3525 if (wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, p, len)) 3526 break; 3527 found = 1; 3528 wpa_find_assoc_pmkid(wpa_s); 3529 } 3530 #ifndef CONFIG_NO_WPA 3531 if (!found_x && p[0] == WLAN_EID_RSNX) { 3532 if (wpa_sm_set_assoc_rsnxe(wpa_s->wpa, p, len)) 3533 break; 3534 found_x = 1; 3535 } 3536 #endif /* CONFIG_NO_WPA */ 3537 l -= len; 3538 p += len; 3539 } 3540 if (!found && data->assoc_info.req_ies) 3541 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); 3542 #ifndef CONFIG_NO_WPA 3543 if (!found_x && data->assoc_info.req_ies) 3544 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0); 3545 #endif /* CONFIG_NO_WPA */ 3546 3547 rsn_override = RSN_OVERRIDE_NOT_USED; 3548 ie = get_vendor_ie(data->assoc_info.req_ies, 3549 data->assoc_info.req_ies_len, 3550 RSN_SELECTION_IE_VENDOR_TYPE); 3551 if (ie && ie[1] >= 4 + 1) { 3552 switch (ie[2 + 4]) { 3553 case RSN_SELECTION_RSNE: 3554 rsn_override = RSN_OVERRIDE_RSNE; 3555 break; 3556 case RSN_SELECTION_RSNE_OVERRIDE: 3557 rsn_override = RSN_OVERRIDE_RSNE_OVERRIDE; 3558 break; 3559 case RSN_SELECTION_RSNE_OVERRIDE_2: 3560 rsn_override = RSN_OVERRIDE_RSNE_OVERRIDE_2; 3561 break; 3562 } 3563 } 3564 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE, rsn_override); 3565 3566 #ifdef CONFIG_FILS 3567 #ifdef CONFIG_SME 3568 if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS || 3569 wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS_SK_PFS) { 3570 if (!data->assoc_info.resp_frame || 3571 fils_process_assoc_resp(wpa_s->wpa, 3572 data->assoc_info.resp_frame, 3573 data->assoc_info.resp_frame_len) < 3574 0) { 3575 wpa_supplicant_deauthenticate(wpa_s, 3576 WLAN_REASON_UNSPECIFIED); 3577 return -1; 3578 } 3579 3580 /* FILS use of an AEAD cipher include the SSID element in 3581 * (Re)Association Request frame in the AAD and since the AP 3582 * accepted that, the SSID was verified. */ 3583 wpa_s->ssid_verified = true; 3584 } 3585 #endif /* CONFIG_SME */ 3586 3587 /* Additional processing for FILS when SME is in driver */ 3588 if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS && 3589 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) 3590 wpa_sm_set_reset_fils_completed(wpa_s->wpa, 1); 3591 #endif /* CONFIG_FILS */ 3592 3593 #ifdef CONFIG_OWE 3594 if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE && 3595 !(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_STA) && 3596 (!bssid_known || 3597 owe_process_assoc_resp(wpa_s->wpa, 3598 wpa_s->valid_links ? 3599 wpa_s->ap_mld_addr : bssid, 3600 data->assoc_info.resp_ies, 3601 data->assoc_info.resp_ies_len) < 0)) { 3602 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED); 3603 return -1; 3604 } 3605 #endif /* CONFIG_OWE */ 3606 3607 #ifdef CONFIG_DPP2 3608 wpa_sm_set_dpp_z(wpa_s->wpa, NULL); 3609 if (DPP_VERSION > 1 && wpa_s->key_mgmt == WPA_KEY_MGMT_DPP && 3610 wpa_s->dpp_pfs) { 3611 struct ieee802_11_elems elems; 3612 3613 if (ieee802_11_parse_elems(data->assoc_info.resp_ies, 3614 data->assoc_info.resp_ies_len, 3615 &elems, 0) == ParseFailed || 3616 !elems.owe_dh) 3617 goto no_pfs; 3618 if (dpp_pfs_process(wpa_s->dpp_pfs, elems.owe_dh, 3619 elems.owe_dh_len) < 0) { 3620 wpa_supplicant_deauthenticate(wpa_s, 3621 WLAN_REASON_UNSPECIFIED); 3622 return -1; 3623 } 3624 3625 wpa_sm_set_dpp_z(wpa_s->wpa, wpa_s->dpp_pfs->secret); 3626 } 3627 no_pfs: 3628 #endif /* CONFIG_DPP2 */ 3629 3630 #ifdef CONFIG_IEEE80211R 3631 #ifdef CONFIG_SME 3632 if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FT) { 3633 if (!bssid_known || 3634 wpa_ft_validate_reassoc_resp(wpa_s->wpa, 3635 data->assoc_info.resp_ies, 3636 data->assoc_info.resp_ies_len, 3637 bssid) < 0) { 3638 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of " 3639 "Reassociation Response failed"); 3640 wpa_supplicant_deauthenticate( 3641 wpa_s, WLAN_REASON_INVALID_IE); 3642 return -1; 3643 } 3644 /* SSID is included in PMK-R0 derivation, so it is verified 3645 * implicitly. */ 3646 wpa_s->ssid_verified = true; 3647 } 3648 3649 p = data->assoc_info.resp_ies; 3650 l = data->assoc_info.resp_ies_len; 3651 3652 #ifdef CONFIG_WPS_STRICT 3653 if (p && wpa_s->current_ssid && 3654 wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 3655 struct wpabuf *wps; 3656 wps = ieee802_11_vendor_ie_concat(p, l, WPS_IE_VENDOR_TYPE); 3657 if (wps == NULL) { 3658 wpa_msg(wpa_s, MSG_INFO, "WPS-STRICT: AP did not " 3659 "include WPS IE in (Re)Association Response"); 3660 return -1; 3661 } 3662 3663 if (wps_validate_assoc_resp(wps) < 0) { 3664 wpabuf_free(wps); 3665 wpa_supplicant_deauthenticate( 3666 wpa_s, WLAN_REASON_INVALID_IE); 3667 return -1; 3668 } 3669 wpabuf_free(wps); 3670 } 3671 #endif /* CONFIG_WPS_STRICT */ 3672 3673 /* Go through the IEs and make a copy of the MDIE, if present. */ 3674 while (p && l >= 2) { 3675 len = p[1] + 2; 3676 if (len > l) { 3677 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info", 3678 p, l); 3679 break; 3680 } 3681 if (p[0] == WLAN_EID_MOBILITY_DOMAIN && 3682 p[1] >= MOBILITY_DOMAIN_ID_LEN) { 3683 wpa_s->sme.ft_used = 1; 3684 os_memcpy(wpa_s->sme.mobility_domain, p + 2, 3685 MOBILITY_DOMAIN_ID_LEN); 3686 break; 3687 } 3688 l -= len; 3689 p += len; 3690 } 3691 #endif /* CONFIG_SME */ 3692 3693 /* Process FT when SME is in the driver */ 3694 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) && 3695 wpa_ft_is_completed(wpa_s->wpa)) { 3696 if (!bssid_known || 3697 wpa_ft_validate_reassoc_resp(wpa_s->wpa, 3698 data->assoc_info.resp_ies, 3699 data->assoc_info.resp_ies_len, 3700 bssid) < 0) { 3701 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of " 3702 "Reassociation Response failed"); 3703 wpa_supplicant_deauthenticate( 3704 wpa_s, WLAN_REASON_INVALID_IE); 3705 return -1; 3706 } 3707 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Reassociation Response done"); 3708 /* SSID is included in PMK-R0 derivation, so it is verified 3709 * implicitly. */ 3710 wpa_s->ssid_verified = true; 3711 } 3712 3713 wpa_sm_set_ft_params(wpa_s->wpa, data->assoc_info.resp_ies, 3714 data->assoc_info.resp_ies_len); 3715 #endif /* CONFIG_IEEE80211R */ 3716 3717 #ifndef CONFIG_NO_ROBUST_AV 3718 if (bssid_known) 3719 wpas_handle_assoc_resp_mscs(wpa_s, bssid, 3720 data->assoc_info.resp_ies, 3721 data->assoc_info.resp_ies_len); 3722 #endif /* CONFIG_NO_ROBUST_AV */ 3723 3724 /* WPA/RSN IE from Beacon/ProbeResp */ 3725 p = data->assoc_info.beacon_ies; 3726 l = data->assoc_info.beacon_ies_len; 3727 3728 /* Go through the IEs and make a copy of the WPA/RSN IEs, if present. 3729 */ 3730 wpa_found = rsn_found = 0; 3731 while (p && l >= 2) { 3732 len = p[1] + 2; 3733 if (len > l) { 3734 wpa_hexdump(MSG_DEBUG, "Truncated IE in beacon_ies", 3735 p, l); 3736 break; 3737 } 3738 if (!wpa_found && 3739 p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 3740 os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) { 3741 wpa_found = 1; 3742 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len); 3743 } 3744 3745 if (!rsn_found && 3746 p[0] == WLAN_EID_RSN && p[1] >= 2) { 3747 rsn_found = 1; 3748 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len); 3749 } 3750 3751 if (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 3752 WPA_GET_BE32(&p[2]) == RSNE_OVERRIDE_2_IE_VENDOR_TYPE) 3753 wpa_sm_set_ap_rsne_override_2(wpa_s->wpa, p, len); 3754 3755 if (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 3756 WPA_GET_BE32(&p[2]) == RSNE_OVERRIDE_IE_VENDOR_TYPE) 3757 wpa_sm_set_ap_rsne_override(wpa_s->wpa, p, len); 3758 3759 if (p[0] == WLAN_EID_RSNX && p[1] >= 1) 3760 wpa_sm_set_ap_rsnxe(wpa_s->wpa, p, len); 3761 3762 if (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 3763 WPA_GET_BE32(&p[2]) == RSNXE_OVERRIDE_IE_VENDOR_TYPE) 3764 wpa_sm_set_ap_rsnxe_override(wpa_s->wpa, p, len); 3765 3766 l -= len; 3767 p += len; 3768 } 3769 3770 if (!wpa_found && data->assoc_info.beacon_ies) 3771 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0); 3772 if (!rsn_found && data->assoc_info.beacon_ies) { 3773 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0); 3774 wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0); 3775 wpa_sm_set_ap_rsne_override(wpa_s->wpa, NULL, 0); 3776 wpa_sm_set_ap_rsne_override_2(wpa_s->wpa, NULL, 0); 3777 wpa_sm_set_ap_rsnxe_override(wpa_s->wpa, NULL, 0); 3778 } 3779 if (wpa_found || rsn_found) 3780 wpa_s->ap_ies_from_associnfo = 1; 3781 3782 if (wpa_s->assoc_freq && data->assoc_info.freq) { 3783 struct wpa_bss *bss; 3784 unsigned int freq = 0; 3785 3786 if (bssid_known) { 3787 bss = wpa_bss_get_bssid_latest(wpa_s, bssid); 3788 if (bss) 3789 freq = bss->freq; 3790 } 3791 if (freq != data->assoc_info.freq) { 3792 wpa_printf(MSG_DEBUG, 3793 "Operating frequency changed from %u to %u MHz", 3794 wpa_s->assoc_freq, data->assoc_info.freq); 3795 wpa_supplicant_update_scan_results(wpa_s, bssid); 3796 } 3797 } 3798 3799 wpa_s->assoc_freq = data->assoc_info.freq; 3800 3801 #ifndef CONFIG_NO_ROBUST_AV 3802 wpas_handle_assoc_resp_qos_mgmt(wpa_s, data->assoc_info.resp_ies, 3803 data->assoc_info.resp_ies_len); 3804 #endif /* CONFIG_NO_ROBUST_AV */ 3805 3806 return 0; 3807 } 3808 3809 wpa_supplicant_assoc_update_ie(struct wpa_supplicant * wpa_s)3810 static int wpa_supplicant_assoc_update_ie(struct wpa_supplicant *wpa_s) 3811 { 3812 const u8 *bss_wpa = NULL, *bss_rsn = NULL, *bss_rsnx = NULL; 3813 const u8 *rsnoe, *rsno2e, *rsnxoe; 3814 3815 if (!wpa_s->current_bss || !wpa_s->current_ssid) 3816 return -1; 3817 3818 if (!wpa_key_mgmt_wpa_any(wpa_s->current_ssid->key_mgmt)) 3819 return 0; 3820 3821 bss_wpa = wpa_bss_get_vendor_ie(wpa_s->current_bss, 3822 WPA_IE_VENDOR_TYPE); 3823 bss_rsn = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSN); 3824 bss_rsnx = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSNX); 3825 rsnoe = wpa_bss_get_vendor_ie(wpa_s->current_bss, 3826 RSNE_OVERRIDE_IE_VENDOR_TYPE); 3827 rsno2e = wpa_bss_get_vendor_ie(wpa_s->current_bss, 3828 RSNE_OVERRIDE_2_IE_VENDOR_TYPE); 3829 rsnxoe = wpa_bss_get_vendor_ie(wpa_s->current_bss, 3830 RSNXE_OVERRIDE_IE_VENDOR_TYPE); 3831 3832 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa, 3833 bss_wpa ? 2 + bss_wpa[1] : 0) || 3834 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn, 3835 bss_rsn ? 2 + bss_rsn[1] : 0) || 3836 wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx, 3837 bss_rsnx ? 2 + bss_rsnx[1] : 0) || 3838 wpa_sm_set_ap_rsne_override(wpa_s->wpa, rsnoe, 3839 rsnoe ? 2 + rsnoe[1] : 0) || 3840 wpa_sm_set_ap_rsne_override_2(wpa_s->wpa, rsno2e, 3841 rsno2e ? 2 + rsno2e[1] : 0) || 3842 wpa_sm_set_ap_rsnxe_override(wpa_s->wpa, rsnxoe, 3843 rsnxoe ? 2 + rsnxoe[1] : 0)) 3844 return -1; 3845 3846 return 0; 3847 } 3848 3849 wpas_fst_update_mb_assoc(struct wpa_supplicant * wpa_s,union wpa_event_data * data)3850 static void wpas_fst_update_mb_assoc(struct wpa_supplicant *wpa_s, 3851 union wpa_event_data *data) 3852 { 3853 #ifdef CONFIG_FST 3854 struct assoc_info *ai = data ? &data->assoc_info : NULL; 3855 struct wpa_bss *bss = wpa_s->current_bss; 3856 const u8 *ieprb, *iebcn; 3857 3858 wpabuf_free(wpa_s->received_mb_ies); 3859 wpa_s->received_mb_ies = NULL; 3860 3861 if (ai && 3862 !wpas_fst_update_mbie(wpa_s, ai->resp_ies, ai->resp_ies_len)) { 3863 wpa_printf(MSG_DEBUG, 3864 "FST: MB IEs updated from Association Response frame"); 3865 return; 3866 } 3867 3868 if (ai && 3869 !wpas_fst_update_mbie(wpa_s, ai->beacon_ies, ai->beacon_ies_len)) { 3870 wpa_printf(MSG_DEBUG, 3871 "FST: MB IEs updated from association event Beacon IEs"); 3872 return; 3873 } 3874 3875 if (!bss) 3876 return; 3877 3878 ieprb = wpa_bss_ie_ptr(bss); 3879 iebcn = ieprb + bss->ie_len; 3880 3881 if (!wpas_fst_update_mbie(wpa_s, ieprb, bss->ie_len)) 3882 wpa_printf(MSG_DEBUG, "FST: MB IEs updated from bss IE"); 3883 else if (!wpas_fst_update_mbie(wpa_s, iebcn, bss->beacon_ie_len)) 3884 wpa_printf(MSG_DEBUG, "FST: MB IEs updated from bss beacon IE"); 3885 #endif /* CONFIG_FST */ 3886 } 3887 3888 wpas_ml_parse_assoc(struct wpa_supplicant * wpa_s,struct ieee802_11_elems * elems,struct ml_sta_link_info * ml_info)3889 static unsigned int wpas_ml_parse_assoc(struct wpa_supplicant *wpa_s, 3890 struct ieee802_11_elems *elems, 3891 struct ml_sta_link_info *ml_info) 3892 { 3893 struct wpabuf *mlbuf; 3894 struct ieee80211_eht_ml *ml; 3895 size_t ml_len; 3896 struct eht_ml_basic_common_info *common_info; 3897 const u8 *pos; 3898 u16 eml_capa = 0, mld_capa = 0; 3899 const u16 control = MULTI_LINK_CONTROL_TYPE_BASIC | 3900 BASIC_MULTI_LINK_CTRL_PRES_LINK_ID | 3901 BASIC_MULTI_LINK_CTRL_PRES_BSS_PARAM_CH_COUNT; 3902 u8 expected_common_info_len = 9; 3903 unsigned int i = 0; 3904 u16 ml_control; 3905 3906 if (!wpa_s->valid_links || !elems->basic_mle || !elems->basic_mle_len) 3907 return 0; 3908 3909 mlbuf = ieee802_11_defrag(elems->basic_mle, elems->basic_mle_len, true); 3910 if (!mlbuf) 3911 return 0; 3912 3913 ml = (struct ieee80211_eht_ml *) wpabuf_head(mlbuf); 3914 ml_len = wpabuf_len(mlbuf); 3915 if (ml_len < sizeof(*ml)) 3916 goto out; 3917 3918 os_memset(ml_info, 0, sizeof(*ml_info) * MAX_NUM_MLD_LINKS); 3919 3920 ml_control = le_to_host16(ml->ml_control); 3921 3922 if ((ml_control & control) != control) { 3923 wpa_printf(MSG_DEBUG, "MLD: Invalid presence BM=0x%x", 3924 ml_control); 3925 goto out; 3926 } 3927 3928 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_EML_CAPA) { 3929 wpa_printf(MSG_DEBUG, "MLD: EML capabilities included"); 3930 expected_common_info_len += 2; 3931 } 3932 3933 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MLD_CAPA) { 3934 wpa_printf(MSG_DEBUG, "MLD: MLD capabilities included"); 3935 expected_common_info_len += 2; 3936 } 3937 3938 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MSD_INFO) { 3939 wpa_printf(MSG_DEBUG, 3940 "MLD: Unexpected: medium sync delay info present"); 3941 expected_common_info_len += 2; 3942 } 3943 3944 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_AP_MLD_ID) { 3945 wpa_printf(MSG_DEBUG, 3946 "MLD: Unexpected: MLD ID present"); 3947 expected_common_info_len++; 3948 } 3949 3950 if (sizeof(*ml) + expected_common_info_len > ml_len) { 3951 wpa_printf(MSG_DEBUG, 3952 "MLD: Not enough bytes for common info. ml_len=%zu", 3953 ml_len); 3954 goto out; 3955 } 3956 3957 common_info = (struct eht_ml_basic_common_info *) ml->variable; 3958 if (common_info->len < expected_common_info_len) { 3959 wpa_printf(MSG_DEBUG, 3960 "MLD: Invalid common info len=%u. expected=%u", 3961 common_info->len, expected_common_info_len); 3962 goto out; 3963 } 3964 3965 wpa_printf(MSG_DEBUG, "MLD: address: " MACSTR, 3966 MAC2STR(common_info->mld_addr)); 3967 3968 if (!ether_addr_equal(wpa_s->ap_mld_addr, common_info->mld_addr)) { 3969 wpa_printf(MSG_DEBUG, "MLD: Mismatching MLD address (expected " 3970 MACSTR ")", MAC2STR(wpa_s->ap_mld_addr)); 3971 goto out; 3972 } 3973 3974 pos = common_info->variable; 3975 3976 /* Store the information for the association link */ 3977 ml_info[i].link_id = *pos; 3978 pos++; 3979 3980 /* Skip the BSS Parameters Change Count */ 3981 pos++; 3982 3983 /* Skip the Medium Synchronization Delay Information if present */ 3984 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MSD_INFO) 3985 pos += 2; 3986 3987 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_EML_CAPA) { 3988 eml_capa = WPA_GET_LE16(pos); 3989 pos += 2; 3990 } 3991 3992 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MLD_CAPA) { 3993 mld_capa = WPA_GET_LE16(pos); 3994 pos += 2; 3995 } 3996 3997 wpa_printf(MSG_DEBUG, 3998 "MLD: link_id=%u, eml=0x%x, mld=0x%x", 3999 ml_info[i].link_id, eml_capa, mld_capa); 4000 4001 i++; 4002 4003 pos = ((u8 *) common_info) + common_info->len; 4004 ml_len -= sizeof(*ml) + common_info->len; 4005 while (ml_len > 2 && i < MAX_NUM_MLD_LINKS) { 4006 u8 sub_elem_len = pos[1]; 4007 u8 sta_info_len, sta_info_len_min; 4008 u8 nstr_bitmap_len = 0; 4009 u16 ctrl; 4010 const u8 *end; 4011 4012 wpa_printf(MSG_DEBUG, "MLD: Subelement len=%u", sub_elem_len); 4013 4014 if (sub_elem_len > ml_len - 2) { 4015 wpa_printf(MSG_DEBUG, 4016 "MLD: Invalid link info len: %u > %zu", 4017 2 + sub_elem_len, ml_len); 4018 goto out; 4019 } 4020 4021 switch (*pos) { 4022 case EHT_ML_SUB_ELEM_PER_STA_PROFILE: 4023 break; 4024 case EHT_ML_SUB_ELEM_FRAGMENT: 4025 case EHT_ML_SUB_ELEM_VENDOR: 4026 wpa_printf(MSG_DEBUG, 4027 "MLD: Skip subelement id=%u, len=%u", 4028 *pos, sub_elem_len); 4029 pos += 2 + sub_elem_len; 4030 ml_len -= 2 + sub_elem_len; 4031 continue; 4032 default: 4033 wpa_printf(MSG_DEBUG, "MLD: Unknown subelement ID=%u", 4034 *pos); 4035 goto out; 4036 } 4037 4038 end = pos + 2 + sub_elem_len; 4039 4040 /* Skip the subelement ID and the length */ 4041 pos += 2; 4042 ml_len -= 2; 4043 4044 if (end - pos < 2) 4045 goto out; 4046 4047 /* Get the station control field */ 4048 ctrl = WPA_GET_LE16(pos); 4049 4050 pos += 2; 4051 ml_len -= 2; 4052 4053 if (!(ctrl & EHT_PER_STA_CTRL_COMPLETE_PROFILE_MSK)) { 4054 wpa_printf(MSG_DEBUG, 4055 "MLD: Per STA complete profile expected"); 4056 goto out; 4057 } 4058 4059 if (!(ctrl & EHT_PER_STA_CTRL_MAC_ADDR_PRESENT_MSK)) { 4060 wpa_printf(MSG_DEBUG, 4061 "MLD: Per STA MAC address not present"); 4062 goto out; 4063 } 4064 4065 if (!(ctrl & EHT_PER_STA_CTRL_TSF_OFFSET_PRESENT_MSK)) { 4066 wpa_printf(MSG_DEBUG, 4067 "MLD: Per STA TSF offset not present"); 4068 goto out; 4069 } 4070 4071 if (!(ctrl & EHT_PER_STA_CTRL_BEACON_INTERVAL_PRESENT_MSK)) { 4072 wpa_printf(MSG_DEBUG, 4073 "MLD: Beacon interval not present"); 4074 goto out; 4075 } 4076 4077 if (!(ctrl & EHT_PER_STA_CTRL_DTIM_INFO_PRESENT_MSK)) { 4078 wpa_printf(MSG_DEBUG, 4079 "MLD: DTIM information not present"); 4080 goto out; 4081 } 4082 4083 if (ctrl & EHT_PER_STA_CTRL_NSTR_LINK_PAIR_PRESENT_MSK) { 4084 if (ctrl & EHT_PER_STA_CTRL_NSTR_BM_SIZE_MSK) 4085 nstr_bitmap_len = 2; 4086 else 4087 nstr_bitmap_len = 1; 4088 } 4089 4090 if (!(ctrl & EHT_PER_STA_CTRL_BSS_PARAM_CNT_PRESENT_MSK)) { 4091 wpa_printf(MSG_DEBUG, 4092 "MLD: BSS params change count not present"); 4093 goto out; 4094 } 4095 4096 sta_info_len_min = 1 + ETH_ALEN + 8 + 2 + 2 + 1 + 4097 nstr_bitmap_len; 4098 if (sta_info_len_min > ml_len || sta_info_len_min > end - pos || 4099 sta_info_len_min + 2 > sub_elem_len || 4100 sta_info_len_min > *pos) { 4101 wpa_printf(MSG_DEBUG, 4102 "MLD: Invalid STA info min len=%u, len=%u", 4103 sta_info_len_min, *pos); 4104 goto out; 4105 } 4106 sta_info_len = *pos; 4107 /* Make static analyzers happier with an explicit check even 4108 * though this was already checked above with *pos.. */ 4109 if (sta_info_len < sta_info_len_min) 4110 goto out; 4111 4112 /* Get the link address */ 4113 wpa_printf(MSG_DEBUG, 4114 "MLD: link addr: " MACSTR " nstr BM len=%u", 4115 MAC2STR(pos + 1), nstr_bitmap_len); 4116 4117 ml_info[i].link_id = ctrl & EHT_PER_STA_CTRL_LINK_ID_MSK; 4118 os_memcpy(ml_info[i].bssid, pos + 1, ETH_ALEN); 4119 4120 pos += sta_info_len; 4121 ml_len -= sta_info_len; 4122 4123 wpa_printf(MSG_DEBUG, "MLD: sub_elem_len=%u, sta_info_len=%u", 4124 sub_elem_len, sta_info_len); 4125 4126 sub_elem_len -= sta_info_len + 2; 4127 if (sub_elem_len < 4) { 4128 wpa_printf(MSG_DEBUG, "MLD: Per STA profile too short"); 4129 goto out; 4130 } 4131 4132 wpa_hexdump(MSG_MSGDUMP, "MLD: STA profile", pos, sub_elem_len); 4133 ml_info[i].status = WPA_GET_LE16(pos + 2); 4134 4135 pos += sub_elem_len; 4136 ml_len -= sub_elem_len; 4137 4138 i++; 4139 } 4140 4141 wpabuf_free(mlbuf); 4142 return i; 4143 out: 4144 wpabuf_free(mlbuf); 4145 return 0; 4146 } 4147 4148 wpa_drv_get_mlo_info(struct wpa_supplicant * wpa_s)4149 static int wpa_drv_get_mlo_info(struct wpa_supplicant *wpa_s) 4150 { 4151 struct driver_sta_mlo_info mlo; 4152 int i; 4153 4154 os_memset(&mlo, 0, sizeof(mlo)); 4155 if (wpas_drv_get_sta_mlo_info(wpa_s, &mlo)) { 4156 wpa_dbg(wpa_s, MSG_ERROR, "Failed to get MLO link info"); 4157 wpa_supplicant_deauthenticate(wpa_s, 4158 WLAN_REASON_DEAUTH_LEAVING); 4159 return -1; 4160 } 4161 4162 if (wpa_s->valid_links == mlo.valid_links) { 4163 bool match = true; 4164 4165 if (!mlo.valid_links) 4166 return 0; 4167 4168 for_each_link(mlo.valid_links, i) { 4169 if (!ether_addr_equal(wpa_s->links[i].addr, 4170 mlo.links[i].addr) || 4171 !ether_addr_equal(wpa_s->links[i].bssid, 4172 mlo.links[i].bssid)) { 4173 match = false; 4174 break; 4175 } 4176 } 4177 4178 if (match && wpa_s->mlo_assoc_link_id == mlo.assoc_link_id && 4179 ether_addr_equal(wpa_s->ap_mld_addr, mlo.ap_mld_addr)) 4180 return 0; 4181 } 4182 4183 wpa_s->valid_links = mlo.valid_links; 4184 wpa_s->mlo_assoc_link_id = mlo.assoc_link_id; 4185 os_memcpy(wpa_s->ap_mld_addr, mlo.ap_mld_addr, ETH_ALEN); 4186 for_each_link(wpa_s->valid_links, i) { 4187 os_memcpy(wpa_s->links[i].addr, mlo.links[i].addr, ETH_ALEN); 4188 os_memcpy(wpa_s->links[i].bssid, mlo.links[i].bssid, ETH_ALEN); 4189 wpa_s->links[i].freq = mlo.links[i].freq; 4190 wpa_supplicant_update_link_bss(wpa_s, i, mlo.links[i].bssid); 4191 } 4192 4193 return 0; 4194 } 4195 4196 wpa_sm_set_ml_info(struct wpa_supplicant * wpa_s)4197 static int wpa_sm_set_ml_info(struct wpa_supplicant *wpa_s) 4198 { 4199 struct driver_sta_mlo_info drv_mlo; 4200 struct wpa_sm_mlo wpa_mlo; 4201 int i; 4202 4203 os_memset(&drv_mlo, 0, sizeof(drv_mlo)); 4204 if (wpas_drv_get_sta_mlo_info(wpa_s, &drv_mlo)) { 4205 wpa_dbg(wpa_s, MSG_INFO, "Failed to get MLO link info"); 4206 return -1; 4207 } 4208 4209 os_memset(&wpa_mlo, 0, sizeof(wpa_mlo)); 4210 if (!drv_mlo.valid_links) 4211 goto out; 4212 4213 os_memcpy(wpa_mlo.ap_mld_addr, drv_mlo.ap_mld_addr, ETH_ALEN); 4214 wpa_mlo.assoc_link_id = drv_mlo.assoc_link_id; 4215 wpa_mlo.valid_links = drv_mlo.valid_links; 4216 wpa_mlo.req_links = drv_mlo.req_links; 4217 4218 for_each_link(drv_mlo.req_links, i) { 4219 struct wpa_bss *bss; 4220 const u8 *rsne, *rsnxe, *rsnoe, *rsno2e, *rsnxoe; 4221 4222 bss = wpa_supplicant_get_new_bss(wpa_s, drv_mlo.links[i].bssid); 4223 if (!bss) { 4224 wpa_dbg(wpa_s, MSG_INFO, 4225 "Failed to get MLO link %d BSS", i); 4226 return -1; 4227 } 4228 4229 rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN); 4230 rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX); 4231 rsnoe = wpa_bss_get_vendor_ie(bss, 4232 RSNE_OVERRIDE_IE_VENDOR_TYPE); 4233 rsno2e = wpa_bss_get_vendor_ie(bss, 4234 RSNE_OVERRIDE_2_IE_VENDOR_TYPE); 4235 rsnxoe = wpa_bss_get_vendor_ie(bss, 4236 RSNXE_OVERRIDE_IE_VENDOR_TYPE); 4237 4238 wpa_mlo.links[i].ap_rsne = rsne ? (u8 *) rsne : NULL; 4239 wpa_mlo.links[i].ap_rsne_len = rsne ? 2 + rsne[1] : 0; 4240 wpa_mlo.links[i].ap_rsnxe = rsnxe ? (u8 *) rsnxe : NULL; 4241 wpa_mlo.links[i].ap_rsnxe_len = rsnxe ? 2 + rsnxe[1] : 0; 4242 wpa_mlo.links[i].ap_rsnoe = rsnoe ? (u8 *) rsnoe : NULL; 4243 wpa_mlo.links[i].ap_rsnoe_len = rsnoe ? 2 + rsnoe[1] : 0; 4244 wpa_mlo.links[i].ap_rsno2e = rsno2e ? (u8 *) rsno2e : NULL; 4245 wpa_mlo.links[i].ap_rsno2e_len = rsno2e ? 2 + rsno2e[1] : 0; 4246 wpa_mlo.links[i].ap_rsnxoe = rsnxoe ? (u8 *) rsnxoe : NULL; 4247 wpa_mlo.links[i].ap_rsnxoe_len = rsnxoe ? 2 + rsnxoe[1] : 0; 4248 4249 os_memcpy(wpa_mlo.links[i].bssid, drv_mlo.links[i].bssid, 4250 ETH_ALEN); 4251 os_memcpy(wpa_mlo.links[i].addr, drv_mlo.links[i].addr, 4252 ETH_ALEN); 4253 } 4254 4255 out: 4256 return wpa_sm_set_mlo_params(wpa_s->wpa, &wpa_mlo); 4257 } 4258 4259 wpa_supplicant_event_assoc(struct wpa_supplicant * wpa_s,union wpa_event_data * data)4260 static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, 4261 union wpa_event_data *data) 4262 { 4263 u8 bssid[ETH_ALEN]; 4264 int ft_completed, already_authorized; 4265 int new_bss = 0; 4266 #if defined(CONFIG_FILS) || defined(CONFIG_MBO) 4267 struct wpa_bss *bss; 4268 #endif /* CONFIG_FILS || CONFIG_MBO */ 4269 4270 #ifdef CONFIG_AP 4271 if (wpa_s->ap_iface) { 4272 if (!data) 4273 return; 4274 hostapd_notif_assoc(wpa_s->ap_iface->bss[0], 4275 data->assoc_info.addr, 4276 data->assoc_info.req_ies, 4277 data->assoc_info.req_ies_len, NULL, 0, 4278 NULL, data->assoc_info.reassoc); 4279 return; 4280 } 4281 #endif /* CONFIG_AP */ 4282 4283 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL); 4284 wpa_s->own_reconnect_req = 0; 4285 4286 ft_completed = wpa_ft_is_completed(wpa_s->wpa); 4287 4288 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) { 4289 wpa_dbg(wpa_s, MSG_ERROR, "Failed to get BSSID"); 4290 wpa_supplicant_deauthenticate( 4291 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 4292 return; 4293 } 4294 4295 if (wpa_drv_get_mlo_info(wpa_s) < 0) { 4296 wpa_dbg(wpa_s, MSG_ERROR, "Failed to get MLO connection info"); 4297 wpa_supplicant_deauthenticate(wpa_s, 4298 WLAN_REASON_DEAUTH_LEAVING); 4299 return; 4300 } 4301 4302 if (ft_completed && 4303 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION)) { 4304 wpa_msg(wpa_s, MSG_INFO, "Attempt to roam to " MACSTR, 4305 MAC2STR(bssid)); 4306 if (!wpa_supplicant_update_current_bss(wpa_s, bssid)) { 4307 wpa_printf(MSG_ERROR, 4308 "Can't find target AP's information!"); 4309 return; 4310 } 4311 wpa_supplicant_assoc_update_ie(wpa_s); 4312 } 4313 4314 if (data && wpa_supplicant_event_associnfo(wpa_s, data) < 0) 4315 return; 4316 /* 4317 * FILS authentication can share the same mechanism to mark the 4318 * connection fully authenticated, so set ft_completed also based on 4319 * FILS result. 4320 */ 4321 if (!ft_completed) 4322 ft_completed = wpa_fils_is_completed(wpa_s->wpa); 4323 4324 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED); 4325 if (!ether_addr_equal(bssid, wpa_s->bssid)) { 4326 if (os_reltime_initialized(&wpa_s->session_start)) { 4327 os_reltime_age(&wpa_s->session_start, 4328 &wpa_s->session_length); 4329 wpa_s->session_start.sec = 0; 4330 wpa_s->session_start.usec = 0; 4331 wpas_notify_session_length(wpa_s); 4332 } else { 4333 wpas_notify_auth_changed(wpa_s); 4334 os_get_reltime(&wpa_s->session_start); 4335 } 4336 wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID=" 4337 MACSTR, MAC2STR(bssid)); 4338 new_bss = 1; 4339 random_add_randomness(bssid, ETH_ALEN); 4340 os_memcpy(wpa_s->bssid, bssid, ETH_ALEN); 4341 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 4342 wpas_notify_bssid_changed(wpa_s); 4343 4344 if (wpa_supplicant_dynamic_keys(wpa_s) && !ft_completed) { 4345 wpa_clear_keys(wpa_s, bssid); 4346 } 4347 if (wpa_supplicant_select_config(wpa_s, data) < 0) { 4348 wpa_supplicant_deauthenticate( 4349 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 4350 return; 4351 } 4352 } 4353 4354 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) && 4355 data && wpa_supplicant_use_own_rsne_params(wpa_s, data) < 0) 4356 return; 4357 4358 multi_ap_set_4addr_mode(wpa_s); 4359 4360 if (wpa_s->conf->ap_scan == 1 && 4361 wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION) { 4362 if (wpa_supplicant_assoc_update_ie(wpa_s) < 0 && new_bss) 4363 wpa_msg(wpa_s, MSG_WARNING, 4364 "WPA/RSN IEs not updated"); 4365 } 4366 4367 wpas_fst_update_mb_assoc(wpa_s, data); 4368 4369 #ifdef CONFIG_SME 4370 /* 4371 * Cache the current AP's BSSID (for non-MLO connection) or MLD address 4372 * (for MLO connection) as the previous BSSID for subsequent 4373 * reassociation requests handled by SME-in-wpa_supplicant. 4374 */ 4375 os_memcpy(wpa_s->sme.prev_bssid, 4376 wpa_s->valid_links ? wpa_s->ap_mld_addr : bssid, ETH_ALEN); 4377 wpa_s->sme.prev_bssid_set = 1; 4378 wpa_s->sme.last_unprot_disconnect.sec = 0; 4379 #endif /* CONFIG_SME */ 4380 4381 wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid)); 4382 if (wpa_s->current_ssid) { 4383 /* When using scanning (ap_scan=1), SIM PC/SC interface can be 4384 * initialized before association, but for other modes, 4385 * initialize PC/SC here, if the current configuration needs 4386 * smartcard or SIM/USIM. */ 4387 wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid); 4388 } 4389 wpa_sm_notify_assoc(wpa_s->wpa, bssid); 4390 4391 if (wpa_sm_set_ml_info(wpa_s)) { 4392 wpa_dbg(wpa_s, MSG_INFO, 4393 "Failed to set MLO connection info to wpa_sm"); 4394 wpa_supplicant_deauthenticate(wpa_s, 4395 WLAN_REASON_DEAUTH_LEAVING); 4396 return; 4397 } 4398 4399 if (wpa_s->l2) 4400 l2_packet_notify_auth_start(wpa_s->l2); 4401 4402 already_authorized = data && data->assoc_info.authorized; 4403 4404 /* 4405 * Set portEnabled first to false in order to get EAP state machine out 4406 * of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE 4407 * state machine may transit to AUTHENTICATING state based on obsolete 4408 * eapSuccess and then trigger BE_AUTH to SUCCESS and PAE to 4409 * AUTHENTICATED without ever giving chance to EAP state machine to 4410 * reset the state. 4411 */ 4412 if (!ft_completed && !already_authorized) { 4413 eapol_sm_notify_portEnabled(wpa_s->eapol, false); 4414 eapol_sm_notify_portValid(wpa_s->eapol, false); 4415 } 4416 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || 4417 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || 4418 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || ft_completed || 4419 already_authorized || wpa_s->drv_authorized_port) 4420 eapol_sm_notify_eap_success(wpa_s->eapol, false); 4421 /* 802.1X::portControl = Auto */ 4422 eapol_sm_notify_portEnabled(wpa_s->eapol, true); 4423 wpa_s->eapol_received = 0; 4424 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 4425 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE || 4426 (wpa_s->current_ssid && 4427 wpa_s->current_ssid->mode == WPAS_MODE_IBSS)) { 4428 if (wpa_s->current_ssid && 4429 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE && 4430 (wpa_s->drv_flags & 4431 WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE)) { 4432 /* 4433 * Set the key after having received joined-IBSS event 4434 * from the driver. 4435 */ 4436 wpa_supplicant_set_wpa_none_key(wpa_s, 4437 wpa_s->current_ssid); 4438 } 4439 wpa_supplicant_cancel_auth_timeout(wpa_s); 4440 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 4441 } else if (!ft_completed) { 4442 /* Timeout for receiving the first EAPOL packet */ 4443 wpa_supplicant_req_auth_timeout(wpa_s, 10, 0); 4444 } 4445 wpa_supplicant_cancel_scan(wpa_s); 4446 4447 if (ft_completed) { 4448 /* 4449 * FT protocol completed - make sure EAPOL state machine ends 4450 * up in authenticated. 4451 */ 4452 wpa_supplicant_cancel_auth_timeout(wpa_s); 4453 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 4454 eapol_sm_notify_portValid(wpa_s->eapol, true); 4455 eapol_sm_notify_eap_success(wpa_s->eapol, true); 4456 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) && 4457 wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { 4458 if (already_authorized) { 4459 /* 4460 * We are done; the driver will take care of RSN 4-way 4461 * handshake. 4462 */ 4463 wpa_supplicant_cancel_auth_timeout(wpa_s); 4464 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 4465 eapol_sm_notify_portValid(wpa_s->eapol, true); 4466 eapol_sm_notify_eap_success(wpa_s->eapol, true); 4467 } else { 4468 /* Update port, WPA_COMPLETED state from the 4469 * EVENT_PORT_AUTHORIZED handler when the driver is done 4470 * with the 4-way handshake. 4471 */ 4472 wpa_msg(wpa_s, MSG_DEBUG, 4473 "ASSOC INFO: wait for driver port authorized indication"); 4474 } 4475 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) && 4476 wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { 4477 /* 4478 * The driver will take care of RSN 4-way handshake, so we need 4479 * to allow EAPOL supplicant to complete its work without 4480 * waiting for WPA supplicant. 4481 */ 4482 eapol_sm_notify_portValid(wpa_s->eapol, true); 4483 } 4484 4485 wpa_s->last_eapol_matches_bssid = 0; 4486 4487 #ifdef CONFIG_TESTING_OPTIONS 4488 if (wpa_s->rsne_override_eapol) { 4489 wpa_printf(MSG_DEBUG, 4490 "TESTING: RSNE EAPOL-Key msg 2/4 override"); 4491 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, 4492 wpabuf_head(wpa_s->rsne_override_eapol), 4493 wpabuf_len(wpa_s->rsne_override_eapol)); 4494 } 4495 if (wpa_s->rsnxe_override_eapol) { 4496 wpa_printf(MSG_DEBUG, 4497 "TESTING: RSNXE EAPOL-Key msg 2/4 override"); 4498 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, 4499 wpabuf_head(wpa_s->rsnxe_override_eapol), 4500 wpabuf_len(wpa_s->rsnxe_override_eapol)); 4501 } 4502 #endif /* CONFIG_TESTING_OPTIONS */ 4503 4504 if (wpa_s->pending_eapol_rx) { 4505 struct os_reltime now, age; 4506 os_get_reltime(&now); 4507 os_reltime_sub(&now, &wpa_s->pending_eapol_rx_time, &age); 4508 if (age.sec == 0 && age.usec < 200000 && 4509 ether_addr_equal(wpa_s->pending_eapol_rx_src, 4510 wpa_s->valid_links ? wpa_s->ap_mld_addr : 4511 bssid)) { 4512 wpa_dbg(wpa_s, MSG_DEBUG, "Process pending EAPOL " 4513 "frame that was received just before " 4514 "association notification"); 4515 wpa_supplicant_rx_eapol( 4516 wpa_s, wpa_s->pending_eapol_rx_src, 4517 wpabuf_head(wpa_s->pending_eapol_rx), 4518 wpabuf_len(wpa_s->pending_eapol_rx), 4519 wpa_s->pending_eapol_encrypted); 4520 } 4521 wpabuf_free(wpa_s->pending_eapol_rx); 4522 wpa_s->pending_eapol_rx = NULL; 4523 } 4524 4525 #ifdef CONFIG_WEP 4526 if ((wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 4527 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) && 4528 wpa_s->current_ssid && 4529 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE)) { 4530 /* Set static WEP keys again */ 4531 wpa_set_wep_keys(wpa_s, wpa_s->current_ssid); 4532 } 4533 #endif /* CONFIG_WEP */ 4534 4535 #ifdef CONFIG_IBSS_RSN 4536 if (wpa_s->current_ssid && 4537 wpa_s->current_ssid->mode == WPAS_MODE_IBSS && 4538 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE && 4539 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE && 4540 wpa_s->ibss_rsn == NULL) { 4541 wpa_s->ibss_rsn = ibss_rsn_init(wpa_s, wpa_s->current_ssid); 4542 if (!wpa_s->ibss_rsn) { 4543 wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN"); 4544 wpa_supplicant_deauthenticate( 4545 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 4546 return; 4547 } 4548 4549 ibss_rsn_set_psk(wpa_s->ibss_rsn, wpa_s->current_ssid->psk); 4550 } 4551 #endif /* CONFIG_IBSS_RSN */ 4552 4553 wpas_wps_notify_assoc(wpa_s, bssid); 4554 4555 #ifndef CONFIG_NO_WMM_AC 4556 if (data) { 4557 wmm_ac_notify_assoc(wpa_s, data->assoc_info.resp_ies, 4558 data->assoc_info.resp_ies_len, 4559 &data->assoc_info.wmm_params); 4560 4561 if (wpa_s->reassoc_same_bss) 4562 wmm_ac_restore_tspecs(wpa_s); 4563 } 4564 #endif /* CONFIG_NO_WMM_AC */ 4565 4566 #if defined(CONFIG_FILS) || defined(CONFIG_MBO) 4567 bss = wpa_bss_get_bssid(wpa_s, bssid); 4568 #endif /* CONFIG_FILS || CONFIG_MBO */ 4569 #ifdef CONFIG_FILS 4570 if (wpa_key_mgmt_fils(wpa_s->key_mgmt)) { 4571 const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss); 4572 4573 if (fils_cache_id) 4574 wpa_sm_set_fils_cache_id(wpa_s->wpa, fils_cache_id); 4575 } 4576 #endif /* CONFIG_FILS */ 4577 4578 #ifdef CONFIG_MBO 4579 wpas_mbo_check_pmf(wpa_s, bss, wpa_s->current_ssid); 4580 #endif /* CONFIG_MBO */ 4581 4582 #ifdef CONFIG_DPP2 4583 wpa_s->dpp_pfs_fallback = 0; 4584 #endif /* CONFIG_DPP2 */ 4585 4586 if (wpa_s->current_ssid && wpa_s->current_ssid->enable_4addr_mode) 4587 wpa_supplicant_set_4addr_mode(wpa_s); 4588 } 4589 4590 disconnect_reason_recoverable(u16 reason_code)4591 static int disconnect_reason_recoverable(u16 reason_code) 4592 { 4593 return reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY || 4594 reason_code == WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA || 4595 reason_code == WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA; 4596 } 4597 4598 wpa_supplicant_event_disassoc(struct wpa_supplicant * wpa_s,u16 reason_code,int locally_generated)4599 static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s, 4600 u16 reason_code, 4601 int locally_generated) 4602 { 4603 const u8 *bssid; 4604 4605 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 4606 /* 4607 * At least Host AP driver and a Prism3 card seemed to be 4608 * generating streams of disconnected events when configuring 4609 * IBSS for WPA-None. Ignore them for now. 4610 */ 4611 return; 4612 } 4613 4614 bssid = wpa_s->bssid; 4615 if (is_zero_ether_addr(bssid)) 4616 bssid = wpa_s->pending_bssid; 4617 4618 if (!is_zero_ether_addr(bssid) || 4619 wpa_s->wpa_state >= WPA_AUTHENTICATING) { 4620 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR 4621 " reason=%d%s", 4622 MAC2STR(bssid), reason_code, 4623 locally_generated ? " locally_generated=1" : ""); 4624 } 4625 } 4626 4627 could_be_psk_mismatch(struct wpa_supplicant * wpa_s,u16 reason_code,int locally_generated)4628 static int could_be_psk_mismatch(struct wpa_supplicant *wpa_s, u16 reason_code, 4629 int locally_generated) 4630 { 4631 if (wpa_s->wpa_state != WPA_4WAY_HANDSHAKE || 4632 !wpa_s->new_connection || 4633 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || 4634 wpa_key_mgmt_sae(wpa_s->key_mgmt)) 4635 return 0; /* Not in initial 4-way handshake with PSK */ 4636 4637 /* 4638 * It looks like connection was lost while trying to go through PSK 4639 * 4-way handshake. Filter out known disconnection cases that are caused 4640 * by something else than PSK mismatch to avoid confusing reports. 4641 */ 4642 4643 if (locally_generated) { 4644 if (reason_code == WLAN_REASON_IE_IN_4WAY_DIFFERS) 4645 return 0; 4646 } 4647 4648 return 1; 4649 } 4650 4651 wpa_supplicant_event_disassoc_finish(struct wpa_supplicant * wpa_s,u16 reason_code,int locally_generated)4652 static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s, 4653 u16 reason_code, 4654 int locally_generated) 4655 { 4656 const u8 *bssid; 4657 struct wpa_bss *fast_reconnect = NULL; 4658 struct wpa_ssid *fast_reconnect_ssid = NULL; 4659 struct wpa_bss *curr = NULL; 4660 4661 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 4662 /* 4663 * At least Host AP driver and a Prism3 card seemed to be 4664 * generating streams of disconnected events when configuring 4665 * IBSS for WPA-None. Ignore them for now. 4666 */ 4667 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - ignore in " 4668 "IBSS/WPA-None mode"); 4669 return; 4670 } 4671 4672 if (!wpa_s->disconnected && wpa_s->wpa_state >= WPA_AUTHENTICATING && 4673 reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY && 4674 locally_generated) 4675 /* 4676 * Remove the inactive AP (which is probably out of range) from 4677 * the BSS list after marking disassociation. In particular 4678 * mac80211-based drivers use the 4679 * WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in 4680 * locally generated disconnection events for cases where the 4681 * AP does not reply anymore. 4682 */ 4683 curr = wpa_s->current_bss; 4684 4685 if (could_be_psk_mismatch(wpa_s, reason_code, locally_generated)) { 4686 wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - " 4687 "pre-shared key may be incorrect"); 4688 if (wpas_p2p_4way_hs_failed(wpa_s) > 0) 4689 return; /* P2P group removed */ 4690 wpas_auth_failed(wpa_s, "WRONG_KEY", wpa_s->pending_bssid); 4691 wpas_notify_psk_mismatch(wpa_s); 4692 } 4693 if (!wpa_s->disconnected && 4694 (!wpa_s->auto_reconnect_disabled || 4695 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS || 4696 wpas_wps_searching(wpa_s) || 4697 wpas_wps_reenable_networks_pending(wpa_s))) { 4698 wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect enabled: try to " 4699 "reconnect (wps=%d/%d wpa_state=%d)", 4700 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS, 4701 wpas_wps_searching(wpa_s), 4702 wpa_s->wpa_state); 4703 if (wpa_s->wpa_state == WPA_COMPLETED && 4704 wpa_s->current_ssid && 4705 wpa_s->current_ssid->mode == WPAS_MODE_INFRA && 4706 (wpa_s->own_reconnect_req || 4707 (!locally_generated && 4708 disconnect_reason_recoverable(reason_code)))) { 4709 /* 4710 * It looks like the AP has dropped association with 4711 * us, but could allow us to get back in. This is also 4712 * triggered for cases where local reconnection request 4713 * is used to force reassociation with the same BSS. 4714 * Try to reconnect to the same BSS without a full scan 4715 * to save time for some common cases. 4716 */ 4717 fast_reconnect = wpa_s->current_bss; 4718 fast_reconnect_ssid = wpa_s->current_ssid; 4719 } else if (wpa_s->wpa_state >= WPA_ASSOCIATING) { 4720 wpa_supplicant_req_scan(wpa_s, 0, 100000); 4721 } else { 4722 wpa_dbg(wpa_s, MSG_DEBUG, "Do not request new " 4723 "immediate scan"); 4724 } 4725 } else { 4726 wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect disabled: do not " 4727 "try to re-connect"); 4728 wpa_s->reassociate = 0; 4729 wpa_s->disconnected = 1; 4730 if (!wpa_s->pno) 4731 wpa_supplicant_cancel_sched_scan(wpa_s); 4732 } 4733 bssid = wpa_s->bssid; 4734 if (is_zero_ether_addr(bssid)) 4735 bssid = wpa_s->pending_bssid; 4736 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) 4737 wpas_connection_failed(wpa_s, bssid, NULL); 4738 wpa_sm_notify_disassoc(wpa_s->wpa); 4739 ptksa_cache_flush(wpa_s->ptksa, wpa_s->bssid, WPA_CIPHER_NONE); 4740 4741 if (locally_generated) 4742 wpa_s->disconnect_reason = -reason_code; 4743 else 4744 wpa_s->disconnect_reason = reason_code; 4745 wpas_notify_disconnect_reason(wpa_s); 4746 #ifdef CONFIG_DPP2 4747 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_AUTH_FAILURE); 4748 #endif /* CONFIG_DPP2 */ 4749 if (wpa_supplicant_dynamic_keys(wpa_s)) { 4750 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - remove keys"); 4751 wpa_clear_keys(wpa_s, wpa_s->bssid); 4752 } 4753 wpa_supplicant_mark_disassoc(wpa_s); 4754 4755 if (curr) 4756 wpa_bss_remove(wpa_s, curr, "Connection to AP lost"); 4757 4758 if (fast_reconnect && 4759 !wpas_network_disabled(wpa_s, fast_reconnect_ssid) && 4760 !disallowed_bssid(wpa_s, fast_reconnect->bssid) && 4761 !disallowed_ssid(wpa_s, fast_reconnect->ssid, 4762 fast_reconnect->ssid_len) && 4763 !wpas_temp_disabled(wpa_s, fast_reconnect_ssid) && 4764 !wpa_is_bss_tmp_disallowed(wpa_s, fast_reconnect)) { 4765 #ifndef CONFIG_NO_SCAN_PROCESSING 4766 wpa_dbg(wpa_s, MSG_DEBUG, "Try to reconnect to the same BSS"); 4767 if (wpa_supplicant_connect(wpa_s, fast_reconnect, 4768 fast_reconnect_ssid) < 0) { 4769 /* Recover through full scan */ 4770 wpa_supplicant_req_scan(wpa_s, 0, 100000); 4771 } 4772 #endif /* CONFIG_NO_SCAN_PROCESSING */ 4773 } else if (fast_reconnect) { 4774 /* 4775 * Could not reconnect to the same BSS due to network being 4776 * disabled. Use a new scan to match the alternative behavior 4777 * above, i.e., to continue automatic reconnection attempt in a 4778 * way that enforces disabled network rules. 4779 */ 4780 wpa_supplicant_req_scan(wpa_s, 0, 100000); 4781 } 4782 } 4783 4784 4785 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT wpa_supplicant_delayed_mic_error_report(void * eloop_ctx,void * sock_ctx)4786 void wpa_supplicant_delayed_mic_error_report(void *eloop_ctx, void *sock_ctx) 4787 { 4788 struct wpa_supplicant *wpa_s = eloop_ctx; 4789 4790 if (!wpa_s->pending_mic_error_report) 4791 return; 4792 4793 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Sending pending MIC error report"); 4794 wpa_sm_key_request(wpa_s->wpa, 1, wpa_s->pending_mic_error_pairwise); 4795 wpa_s->pending_mic_error_report = 0; 4796 } 4797 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 4798 4799 4800 static void wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant * wpa_s,union wpa_event_data * data)4801 wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant *wpa_s, 4802 union wpa_event_data *data) 4803 { 4804 int pairwise; 4805 struct os_reltime t; 4806 4807 wpa_msg(wpa_s, MSG_WARNING, "Michael MIC failure detected"); 4808 pairwise = (data && data->michael_mic_failure.unicast); 4809 os_get_reltime(&t); 4810 if ((os_reltime_initialized(&wpa_s->last_michael_mic_error) && 4811 !os_reltime_expired(&t, &wpa_s->last_michael_mic_error, 60)) || 4812 wpa_s->pending_mic_error_report) { 4813 if (wpa_s->pending_mic_error_report) { 4814 /* 4815 * Send the pending MIC error report immediately since 4816 * we are going to start countermeasures and AP better 4817 * do the same. 4818 */ 4819 wpa_sm_key_request(wpa_s->wpa, 1, 4820 wpa_s->pending_mic_error_pairwise); 4821 } 4822 4823 /* Send the new MIC error report immediately since we are going 4824 * to start countermeasures and AP better do the same. 4825 */ 4826 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 4827 4828 /* initialize countermeasures */ 4829 wpa_s->countermeasures = 1; 4830 4831 wpa_bssid_ignore_add(wpa_s, wpa_s->bssid); 4832 4833 wpa_msg(wpa_s, MSG_WARNING, "TKIP countermeasures started"); 4834 4835 /* 4836 * Need to wait for completion of request frame. We do not get 4837 * any callback for the message completion, so just wait a 4838 * short while and hope for the best. */ 4839 os_sleep(0, 10000); 4840 4841 wpa_drv_set_countermeasures(wpa_s, 1); 4842 wpa_supplicant_deauthenticate(wpa_s, 4843 WLAN_REASON_MICHAEL_MIC_FAILURE); 4844 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, 4845 wpa_s, NULL); 4846 eloop_register_timeout(60, 0, 4847 wpa_supplicant_stop_countermeasures, 4848 wpa_s, NULL); 4849 /* TODO: mark the AP rejected for 60 second. STA is 4850 * allowed to associate with another AP.. */ 4851 } else { 4852 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT 4853 if (wpa_s->mic_errors_seen) { 4854 /* 4855 * Reduce the effectiveness of Michael MIC error 4856 * reports as a means for attacking against TKIP if 4857 * more than one MIC failure is noticed with the same 4858 * PTK. We delay the transmission of the reports by a 4859 * random time between 0 and 60 seconds in order to 4860 * force the attacker wait 60 seconds before getting 4861 * the information on whether a frame resulted in a MIC 4862 * failure. 4863 */ 4864 u8 rval[4]; 4865 int sec; 4866 4867 if (os_get_random(rval, sizeof(rval)) < 0) 4868 sec = os_random() % 60; 4869 else 4870 sec = WPA_GET_BE32(rval) % 60; 4871 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Delay MIC error " 4872 "report %d seconds", sec); 4873 wpa_s->pending_mic_error_report = 1; 4874 wpa_s->pending_mic_error_pairwise = pairwise; 4875 eloop_cancel_timeout( 4876 wpa_supplicant_delayed_mic_error_report, 4877 wpa_s, NULL); 4878 eloop_register_timeout( 4879 sec, os_random() % 1000000, 4880 wpa_supplicant_delayed_mic_error_report, 4881 wpa_s, NULL); 4882 } else { 4883 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 4884 } 4885 #else /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 4886 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 4887 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 4888 } 4889 wpa_s->last_michael_mic_error = t; 4890 wpa_s->mic_errors_seen++; 4891 } 4892 4893 4894 #ifdef CONFIG_TERMINATE_ONLASTIF any_interfaces(struct wpa_supplicant * head)4895 static int any_interfaces(struct wpa_supplicant *head) 4896 { 4897 struct wpa_supplicant *wpa_s; 4898 4899 for (wpa_s = head; wpa_s != NULL; wpa_s = wpa_s->next) 4900 if (!wpa_s->interface_removed) 4901 return 1; 4902 return 0; 4903 } 4904 #endif /* CONFIG_TERMINATE_ONLASTIF */ 4905 4906 4907 static void wpa_supplicant_event_interface_status(struct wpa_supplicant * wpa_s,union wpa_event_data * data)4908 wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s, 4909 union wpa_event_data *data) 4910 { 4911 if (os_strcmp(wpa_s->ifname, data->interface_status.ifname) != 0) 4912 return; 4913 4914 switch (data->interface_status.ievent) { 4915 case EVENT_INTERFACE_ADDED: 4916 if (!wpa_s->interface_removed) 4917 break; 4918 wpa_s->interface_removed = 0; 4919 wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was added"); 4920 if (wpa_supplicant_driver_init(wpa_s) < 0) { 4921 wpa_msg(wpa_s, MSG_INFO, "Failed to initialize the " 4922 "driver after interface was added"); 4923 } 4924 4925 #ifdef CONFIG_P2P 4926 if (!wpa_s->global->p2p && 4927 !wpa_s->global->p2p_disabled && 4928 !wpa_s->conf->p2p_disabled && 4929 (wpa_s->drv_flags & 4930 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) && 4931 wpas_p2p_add_p2pdev_interface( 4932 wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) { 4933 wpa_printf(MSG_INFO, 4934 "P2P: Failed to enable P2P Device interface"); 4935 /* Try to continue without. P2P will be disabled. */ 4936 } 4937 #endif /* CONFIG_P2P */ 4938 4939 break; 4940 case EVENT_INTERFACE_REMOVED: 4941 wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was removed"); 4942 wpa_s->interface_removed = 1; 4943 wpa_supplicant_mark_disassoc(wpa_s); 4944 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED); 4945 l2_packet_deinit(wpa_s->l2); 4946 wpa_s->l2 = NULL; 4947 4948 #ifdef CONFIG_P2P 4949 if (wpa_s->global->p2p && 4950 wpa_s->global->p2p_init_wpa_s->parent == wpa_s && 4951 (wpa_s->drv_flags & 4952 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) { 4953 wpa_dbg(wpa_s, MSG_DEBUG, 4954 "Removing P2P Device interface"); 4955 wpa_supplicant_remove_iface( 4956 wpa_s->global, wpa_s->global->p2p_init_wpa_s, 4957 0); 4958 wpa_s->global->p2p_init_wpa_s = NULL; 4959 } 4960 #endif /* CONFIG_P2P */ 4961 4962 #ifdef CONFIG_MATCH_IFACE 4963 if (wpa_s->matched) { 4964 wpa_supplicant_remove_iface(wpa_s->global, wpa_s, 0); 4965 break; 4966 } 4967 #endif /* CONFIG_MATCH_IFACE */ 4968 4969 #ifdef CONFIG_TERMINATE_ONLASTIF 4970 /* check if last interface */ 4971 if (!any_interfaces(wpa_s->global->ifaces)) 4972 eloop_terminate(); 4973 #endif /* CONFIG_TERMINATE_ONLASTIF */ 4974 break; 4975 } 4976 } 4977 4978 4979 #ifdef CONFIG_TDLS wpa_supplicant_event_tdls(struct wpa_supplicant * wpa_s,union wpa_event_data * data)4980 static void wpa_supplicant_event_tdls(struct wpa_supplicant *wpa_s, 4981 union wpa_event_data *data) 4982 { 4983 if (data == NULL) 4984 return; 4985 switch (data->tdls.oper) { 4986 case TDLS_REQUEST_SETUP: 4987 wpa_tdls_remove(wpa_s->wpa, data->tdls.peer); 4988 if (wpa_tdls_is_external_setup(wpa_s->wpa)) 4989 wpa_tdls_start(wpa_s->wpa, data->tdls.peer); 4990 else 4991 wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, data->tdls.peer); 4992 break; 4993 case TDLS_REQUEST_TEARDOWN: 4994 if (wpa_tdls_is_external_setup(wpa_s->wpa)) 4995 wpa_tdls_teardown_link(wpa_s->wpa, data->tdls.peer, 4996 data->tdls.reason_code); 4997 else 4998 wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN, 4999 data->tdls.peer); 5000 break; 5001 case TDLS_REQUEST_DISCOVER: 5002 wpa_tdls_send_discovery_request(wpa_s->wpa, 5003 data->tdls.peer); 5004 break; 5005 } 5006 } 5007 #endif /* CONFIG_TDLS */ 5008 5009 5010 #ifdef CONFIG_WNM wpa_supplicant_event_wnm(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5011 static void wpa_supplicant_event_wnm(struct wpa_supplicant *wpa_s, 5012 union wpa_event_data *data) 5013 { 5014 if (data == NULL) 5015 return; 5016 switch (data->wnm.oper) { 5017 case WNM_OPER_SLEEP: 5018 wpa_printf(MSG_DEBUG, "Start sending WNM-Sleep Request " 5019 "(action=%d, intval=%d)", 5020 data->wnm.sleep_action, data->wnm.sleep_intval); 5021 ieee802_11_send_wnmsleep_req(wpa_s, data->wnm.sleep_action, 5022 data->wnm.sleep_intval, NULL); 5023 break; 5024 } 5025 } 5026 #endif /* CONFIG_WNM */ 5027 5028 5029 #ifdef CONFIG_IEEE80211R 5030 static void wpa_supplicant_event_ft_response(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5031 wpa_supplicant_event_ft_response(struct wpa_supplicant *wpa_s, 5032 union wpa_event_data *data) 5033 { 5034 if (data == NULL) 5035 return; 5036 5037 if (wpa_ft_process_response(wpa_s->wpa, data->ft_ies.ies, 5038 data->ft_ies.ies_len, 5039 data->ft_ies.ft_action, 5040 data->ft_ies.target_ap, 5041 data->ft_ies.ric_ies, 5042 data->ft_ies.ric_ies_len) < 0) { 5043 /* TODO: prevent MLME/driver from trying to associate? */ 5044 } 5045 } 5046 #endif /* CONFIG_IEEE80211R */ 5047 5048 5049 #ifdef CONFIG_IBSS_RSN wpa_supplicant_event_ibss_rsn_start(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5050 static void wpa_supplicant_event_ibss_rsn_start(struct wpa_supplicant *wpa_s, 5051 union wpa_event_data *data) 5052 { 5053 struct wpa_ssid *ssid; 5054 if (wpa_s->wpa_state < WPA_ASSOCIATED) 5055 return; 5056 if (data == NULL) 5057 return; 5058 ssid = wpa_s->current_ssid; 5059 if (ssid == NULL) 5060 return; 5061 if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt)) 5062 return; 5063 5064 ibss_rsn_start(wpa_s->ibss_rsn, data->ibss_rsn_start.peer); 5065 } 5066 5067 wpa_supplicant_event_ibss_auth(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5068 static void wpa_supplicant_event_ibss_auth(struct wpa_supplicant *wpa_s, 5069 union wpa_event_data *data) 5070 { 5071 struct wpa_ssid *ssid = wpa_s->current_ssid; 5072 5073 if (ssid == NULL) 5074 return; 5075 5076 /* check if the ssid is correctly configured as IBSS/RSN */ 5077 if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt)) 5078 return; 5079 5080 ibss_rsn_handle_auth(wpa_s->ibss_rsn, data->rx_mgmt.frame, 5081 data->rx_mgmt.frame_len); 5082 } 5083 #endif /* CONFIG_IBSS_RSN */ 5084 5085 5086 #ifdef CONFIG_IEEE80211R ft_rx_action(struct wpa_supplicant * wpa_s,const u8 * data,size_t len)5087 static void ft_rx_action(struct wpa_supplicant *wpa_s, const u8 *data, 5088 size_t len) 5089 { 5090 const u8 *sta_addr, *target_ap_addr; 5091 u16 status; 5092 5093 wpa_hexdump(MSG_MSGDUMP, "FT: RX Action", data, len); 5094 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) 5095 return; /* only SME case supported for now */ 5096 if (len < 1 + 2 * ETH_ALEN + 2) 5097 return; 5098 if (data[0] != 2) 5099 return; /* Only FT Action Response is supported for now */ 5100 sta_addr = data + 1; 5101 target_ap_addr = data + 1 + ETH_ALEN; 5102 status = WPA_GET_LE16(data + 1 + 2 * ETH_ALEN); 5103 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Received FT Action Response: STA " 5104 MACSTR " TargetAP " MACSTR " status %u", 5105 MAC2STR(sta_addr), MAC2STR(target_ap_addr), status); 5106 5107 if (!ether_addr_equal(sta_addr, wpa_s->own_addr)) { 5108 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Foreign STA Address " MACSTR 5109 " in FT Action Response", MAC2STR(sta_addr)); 5110 return; 5111 } 5112 5113 if (status) { 5114 wpa_dbg(wpa_s, MSG_DEBUG, "FT: FT Action Response indicates " 5115 "failure (status code %d)", status); 5116 /* TODO: report error to FT code(?) */ 5117 return; 5118 } 5119 5120 if (wpa_ft_process_response(wpa_s->wpa, data + 1 + 2 * ETH_ALEN + 2, 5121 len - (1 + 2 * ETH_ALEN + 2), 1, 5122 target_ap_addr, NULL, 0) < 0) 5123 return; 5124 5125 #ifdef CONFIG_SME 5126 { 5127 struct wpa_bss *bss; 5128 bss = wpa_bss_get_bssid(wpa_s, target_ap_addr); 5129 if (bss) 5130 wpa_s->sme.freq = bss->freq; 5131 wpa_s->sme.auth_alg = WPA_AUTH_ALG_FT; 5132 sme_associate(wpa_s, WPAS_MODE_INFRA, target_ap_addr, 5133 WLAN_AUTH_FT); 5134 } 5135 #endif /* CONFIG_SME */ 5136 } 5137 #endif /* CONFIG_IEEE80211R */ 5138 5139 wpa_supplicant_event_unprot_deauth(struct wpa_supplicant * wpa_s,struct unprot_deauth * e)5140 static void wpa_supplicant_event_unprot_deauth(struct wpa_supplicant *wpa_s, 5141 struct unprot_deauth *e) 5142 { 5143 wpa_printf(MSG_DEBUG, "Unprotected Deauthentication frame " 5144 "dropped: " MACSTR " -> " MACSTR 5145 " (reason code %u)", 5146 MAC2STR(e->sa), MAC2STR(e->da), e->reason_code); 5147 sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code); 5148 } 5149 5150 wpa_supplicant_event_unprot_disassoc(struct wpa_supplicant * wpa_s,struct unprot_disassoc * e)5151 static void wpa_supplicant_event_unprot_disassoc(struct wpa_supplicant *wpa_s, 5152 struct unprot_disassoc *e) 5153 { 5154 wpa_printf(MSG_DEBUG, "Unprotected Disassociation frame " 5155 "dropped: " MACSTR " -> " MACSTR 5156 " (reason code %u)", 5157 MAC2STR(e->sa), MAC2STR(e->da), e->reason_code); 5158 sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code); 5159 } 5160 5161 wpas_event_disconnect(struct wpa_supplicant * wpa_s,const u8 * addr,u16 reason_code,int locally_generated,const u8 * ie,size_t ie_len,int deauth)5162 static void wpas_event_disconnect(struct wpa_supplicant *wpa_s, const u8 *addr, 5163 u16 reason_code, int locally_generated, 5164 const u8 *ie, size_t ie_len, int deauth) 5165 { 5166 #ifdef CONFIG_AP 5167 if (wpa_s->ap_iface && addr) { 5168 hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], addr); 5169 return; 5170 } 5171 5172 if (wpa_s->ap_iface) { 5173 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore deauth event in AP mode"); 5174 return; 5175 } 5176 #endif /* CONFIG_AP */ 5177 5178 if (!locally_generated) 5179 wpa_s->own_disconnect_req = 0; 5180 5181 wpa_supplicant_event_disassoc(wpa_s, reason_code, locally_generated); 5182 5183 if (((reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED || 5184 ((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) || 5185 (wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) && 5186 eapol_sm_failed(wpa_s->eapol))) && 5187 !wpa_s->eap_expected_failure)) 5188 wpas_auth_failed(wpa_s, "AUTH_FAILED", addr); 5189 5190 #ifdef CONFIG_P2P 5191 if (deauth && reason_code > 0) { 5192 if (wpas_p2p_deauth_notif(wpa_s, addr, reason_code, ie, ie_len, 5193 locally_generated) > 0) { 5194 /* 5195 * The interface was removed, so cannot continue 5196 * processing any additional operations after this. 5197 */ 5198 return; 5199 } 5200 } 5201 #endif /* CONFIG_P2P */ 5202 5203 wpa_supplicant_event_disassoc_finish(wpa_s, reason_code, 5204 locally_generated); 5205 } 5206 5207 wpas_event_disassoc(struct wpa_supplicant * wpa_s,struct disassoc_info * info)5208 static void wpas_event_disassoc(struct wpa_supplicant *wpa_s, 5209 struct disassoc_info *info) 5210 { 5211 u16 reason_code = 0; 5212 int locally_generated = 0; 5213 const u8 *addr = NULL; 5214 const u8 *ie = NULL; 5215 size_t ie_len = 0; 5216 5217 wpa_dbg(wpa_s, MSG_DEBUG, "Disassociation notification"); 5218 5219 if (info) { 5220 addr = info->addr; 5221 ie = info->ie; 5222 ie_len = info->ie_len; 5223 reason_code = info->reason_code; 5224 locally_generated = info->locally_generated; 5225 wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u (%s)%s", reason_code, 5226 reason2str(reason_code), 5227 locally_generated ? " locally_generated=1" : ""); 5228 if (addr) 5229 wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR, 5230 MAC2STR(addr)); 5231 wpa_hexdump(MSG_DEBUG, "Disassociation frame IE(s)", 5232 ie, ie_len); 5233 } 5234 5235 #ifdef CONFIG_AP 5236 if (wpa_s->ap_iface && info && info->addr) { 5237 hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], info->addr); 5238 return; 5239 } 5240 5241 if (wpa_s->ap_iface) { 5242 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore disassoc event in AP mode"); 5243 return; 5244 } 5245 #endif /* CONFIG_AP */ 5246 5247 #ifdef CONFIG_P2P 5248 if (info) { 5249 wpas_p2p_disassoc_notif( 5250 wpa_s, info->addr, reason_code, info->ie, info->ie_len, 5251 locally_generated); 5252 } 5253 #endif /* CONFIG_P2P */ 5254 5255 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 5256 sme_event_disassoc(wpa_s, info); 5257 5258 wpas_event_disconnect(wpa_s, addr, reason_code, locally_generated, 5259 ie, ie_len, 0); 5260 } 5261 5262 wpas_event_deauth(struct wpa_supplicant * wpa_s,struct deauth_info * info)5263 static void wpas_event_deauth(struct wpa_supplicant *wpa_s, 5264 struct deauth_info *info) 5265 { 5266 u16 reason_code = 0; 5267 int locally_generated = 0; 5268 const u8 *addr = NULL; 5269 const u8 *ie = NULL; 5270 size_t ie_len = 0; 5271 5272 wpa_dbg(wpa_s, MSG_DEBUG, "Deauthentication notification"); 5273 5274 if (info) { 5275 addr = info->addr; 5276 ie = info->ie; 5277 ie_len = info->ie_len; 5278 reason_code = info->reason_code; 5279 locally_generated = info->locally_generated; 5280 wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u (%s)%s", 5281 reason_code, reason2str(reason_code), 5282 locally_generated ? " locally_generated=1" : ""); 5283 if (addr) { 5284 wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR, 5285 MAC2STR(addr)); 5286 } 5287 wpa_hexdump(MSG_DEBUG, "Deauthentication frame IE(s)", 5288 ie, ie_len); 5289 } 5290 5291 wpa_reset_ft_completed(wpa_s->wpa); 5292 5293 wpas_event_disconnect(wpa_s, addr, reason_code, 5294 locally_generated, ie, ie_len, 1); 5295 } 5296 5297 reg_init_str(enum reg_change_initiator init)5298 static const char * reg_init_str(enum reg_change_initiator init) 5299 { 5300 switch (init) { 5301 case REGDOM_SET_BY_CORE: 5302 return "CORE"; 5303 case REGDOM_SET_BY_USER: 5304 return "USER"; 5305 case REGDOM_SET_BY_DRIVER: 5306 return "DRIVER"; 5307 case REGDOM_SET_BY_COUNTRY_IE: 5308 return "COUNTRY_IE"; 5309 case REGDOM_BEACON_HINT: 5310 return "BEACON_HINT"; 5311 } 5312 return "?"; 5313 } 5314 5315 reg_type_str(enum reg_type type)5316 static const char * reg_type_str(enum reg_type type) 5317 { 5318 switch (type) { 5319 case REGDOM_TYPE_UNKNOWN: 5320 return "UNKNOWN"; 5321 case REGDOM_TYPE_COUNTRY: 5322 return "COUNTRY"; 5323 case REGDOM_TYPE_WORLD: 5324 return "WORLD"; 5325 case REGDOM_TYPE_CUSTOM_WORLD: 5326 return "CUSTOM_WORLD"; 5327 case REGDOM_TYPE_INTERSECTION: 5328 return "INTERSECTION"; 5329 } 5330 return "?"; 5331 } 5332 5333 wpas_beacon_hint(struct wpa_supplicant * wpa_s,const char * title,struct frequency_attrs * attrs)5334 static void wpas_beacon_hint(struct wpa_supplicant *wpa_s, const char *title, 5335 struct frequency_attrs *attrs) 5336 { 5337 if (!attrs->freq) 5338 return; 5339 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REGDOM_BEACON_HINT 5340 "%s freq=%u max_tx_power=%u%s%s%s", 5341 title, attrs->freq, attrs->max_tx_power, 5342 attrs->disabled ? " disabled=1" : "", 5343 attrs->no_ir ? " no_ir=1" : "", 5344 attrs->radar ? " radar=1" : ""); 5345 } 5346 5347 wpa_supplicant_update_channel_list(struct wpa_supplicant * wpa_s,struct channel_list_changed * info)5348 void wpa_supplicant_update_channel_list(struct wpa_supplicant *wpa_s, 5349 struct channel_list_changed *info) 5350 { 5351 struct wpa_supplicant *ifs; 5352 u8 dfs_domain; 5353 5354 /* 5355 * To allow backwards compatibility with higher level layers that 5356 * assumed the REGDOM_CHANGE event is sent over the initially added 5357 * interface. Find the highest parent of this interface and use it to 5358 * send the event. 5359 */ 5360 for (ifs = wpa_s; ifs->parent && ifs != ifs->parent; ifs = ifs->parent) 5361 ; 5362 5363 if (info) { 5364 wpa_msg(ifs, MSG_INFO, 5365 WPA_EVENT_REGDOM_CHANGE "init=%s type=%s%s%s", 5366 reg_init_str(info->initiator), reg_type_str(info->type), 5367 info->alpha2[0] ? " alpha2=" : "", 5368 info->alpha2[0] ? info->alpha2 : ""); 5369 5370 if (info->initiator == REGDOM_BEACON_HINT) { 5371 wpas_beacon_hint(ifs, "before", 5372 &info->beacon_hint_before); 5373 wpas_beacon_hint(ifs, "after", 5374 &info->beacon_hint_after); 5375 } 5376 } 5377 5378 if (wpa_s->drv_priv == NULL) 5379 return; /* Ignore event during drv initialization */ 5380 5381 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant, 5382 radio_list) { 5383 bool was_6ghz_enabled; 5384 5385 wpa_printf(MSG_DEBUG, "%s: Updating hw mode", 5386 ifs->ifname); 5387 free_hw_features(ifs); 5388 ifs->hw.modes = wpa_drv_get_hw_feature_data( 5389 ifs, &ifs->hw.num_modes, &ifs->hw.flags, &dfs_domain); 5390 5391 was_6ghz_enabled = ifs->is_6ghz_enabled; 5392 ifs->is_6ghz_enabled = wpas_is_6ghz_supported(ifs, true); 5393 5394 /* Restart PNO/sched_scan with updated channel list */ 5395 if (ifs->pno) { 5396 wpas_stop_pno(ifs); 5397 wpas_start_pno(ifs); 5398 } else if (ifs->sched_scanning && !ifs->pno_sched_pending) { 5399 wpa_dbg(ifs, MSG_DEBUG, 5400 "Channel list changed - restart sched_scan"); 5401 wpas_scan_restart_sched_scan(ifs); 5402 } else if (!was_6ghz_enabled && ifs->is_6ghz_enabled) { 5403 wpa_dbg(ifs, MSG_INFO, 5404 "Channel list changed: 6 GHz was enabled"); 5405 5406 ifs->crossed_6ghz_dom = true; 5407 } 5408 } 5409 5410 wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_DRIVER); 5411 } 5412 5413 wpas_event_rx_mgmt_action(struct wpa_supplicant * wpa_s,const u8 * frame,size_t len,int freq,int rssi)5414 static void wpas_event_rx_mgmt_action(struct wpa_supplicant *wpa_s, 5415 const u8 *frame, size_t len, int freq, 5416 int rssi) 5417 { 5418 const struct ieee80211_mgmt *mgmt; 5419 const u8 *payload; 5420 size_t plen; 5421 u8 category; 5422 5423 if (len < IEEE80211_HDRLEN + 2) 5424 return; 5425 5426 mgmt = (const struct ieee80211_mgmt *) frame; 5427 payload = frame + IEEE80211_HDRLEN; 5428 category = *payload++; 5429 plen = len - IEEE80211_HDRLEN - 1; 5430 5431 wpa_dbg(wpa_s, MSG_DEBUG, "Received Action frame: SA=" MACSTR 5432 " Category=%u DataLen=%d freq=%d MHz", 5433 MAC2STR(mgmt->sa), category, (int) plen, freq); 5434 5435 #ifndef CONFIG_NO_WMM_AC 5436 if (category == WLAN_ACTION_WMM) { 5437 wmm_ac_rx_action(wpa_s, mgmt->da, mgmt->sa, payload, plen); 5438 return; 5439 } 5440 #endif /* CONFIG_NO_WMM_AC */ 5441 5442 #ifdef CONFIG_IEEE80211R 5443 if (category == WLAN_ACTION_FT) { 5444 ft_rx_action(wpa_s, payload, plen); 5445 return; 5446 } 5447 #endif /* CONFIG_IEEE80211R */ 5448 5449 #ifdef CONFIG_SME 5450 if (category == WLAN_ACTION_SA_QUERY) { 5451 sme_sa_query_rx(wpa_s, mgmt->da, mgmt->sa, payload, plen); 5452 return; 5453 } 5454 #endif /* CONFIG_SME */ 5455 5456 #ifdef CONFIG_WNM 5457 if (mgmt->u.action.category == WLAN_ACTION_WNM) { 5458 ieee802_11_rx_wnm_action(wpa_s, mgmt, len); 5459 return; 5460 } 5461 #endif /* CONFIG_WNM */ 5462 5463 #ifdef CONFIG_GAS 5464 if ((mgmt->u.action.category == WLAN_ACTION_PUBLIC || 5465 mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) && 5466 gas_query_rx(wpa_s->gas, mgmt->da, mgmt->sa, mgmt->bssid, 5467 mgmt->u.action.category, 5468 payload, plen, freq) == 0) 5469 return; 5470 #endif /* CONFIG_GAS */ 5471 5472 #ifdef CONFIG_GAS_SERVER 5473 if ((mgmt->u.action.category == WLAN_ACTION_PUBLIC || 5474 mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) && 5475 gas_server_rx(wpa_s->gas_server, mgmt->da, mgmt->sa, mgmt->bssid, 5476 mgmt->u.action.category, 5477 payload, plen, freq) == 0) 5478 return; 5479 #endif /* CONFIG_GAS_SERVER */ 5480 5481 #ifdef CONFIG_TDLS 5482 if (category == WLAN_ACTION_PUBLIC && plen >= 4 && 5483 payload[0] == WLAN_TDLS_DISCOVERY_RESPONSE) { 5484 wpa_dbg(wpa_s, MSG_DEBUG, 5485 "TDLS: Received Discovery Response from " MACSTR, 5486 MAC2STR(mgmt->sa)); 5487 if (wpa_s->valid_links && 5488 wpa_tdls_process_discovery_response(wpa_s->wpa, mgmt->sa, 5489 &payload[1], plen - 1)) 5490 wpa_dbg(wpa_s, MSG_ERROR, 5491 "TDLS: Discovery Response process failed for " 5492 MACSTR, MAC2STR(mgmt->sa)); 5493 return; 5494 } 5495 #endif /* CONFIG_TDLS */ 5496 5497 #ifdef CONFIG_INTERWORKING 5498 if (category == WLAN_ACTION_QOS && plen >= 1 && 5499 payload[0] == QOS_QOS_MAP_CONFIG) { 5500 const u8 *pos = payload + 1; 5501 size_t qlen = plen - 1; 5502 wpa_dbg(wpa_s, MSG_DEBUG, "Interworking: Received QoS Map Configure frame from " 5503 MACSTR, MAC2STR(mgmt->sa)); 5504 if (ether_addr_equal(mgmt->sa, wpa_s->bssid) && 5505 qlen > 2 && pos[0] == WLAN_EID_QOS_MAP_SET && 5506 pos[1] <= qlen - 2 && pos[1] >= 16) 5507 wpas_qos_map_set(wpa_s, pos + 2, pos[1]); 5508 return; 5509 } 5510 #endif /* CONFIG_INTERWORKING */ 5511 5512 #ifndef CONFIG_NO_RRM 5513 if (category == WLAN_ACTION_RADIO_MEASUREMENT && 5514 payload[0] == WLAN_RRM_RADIO_MEASUREMENT_REQUEST) { 5515 wpas_rrm_handle_radio_measurement_request(wpa_s, mgmt->sa, 5516 mgmt->da, 5517 payload + 1, 5518 plen - 1); 5519 return; 5520 } 5521 5522 if (category == WLAN_ACTION_RADIO_MEASUREMENT && 5523 payload[0] == WLAN_RRM_NEIGHBOR_REPORT_RESPONSE) { 5524 wpas_rrm_process_neighbor_rep(wpa_s, payload + 1, plen - 1); 5525 return; 5526 } 5527 5528 if (category == WLAN_ACTION_RADIO_MEASUREMENT && 5529 payload[0] == WLAN_RRM_LINK_MEASUREMENT_REQUEST) { 5530 wpas_rrm_handle_link_measurement_request(wpa_s, mgmt->sa, 5531 payload + 1, plen - 1, 5532 rssi); 5533 return; 5534 } 5535 #endif /* CONFIG_NO_RRM */ 5536 5537 #ifdef CONFIG_FST 5538 if (mgmt->u.action.category == WLAN_ACTION_FST && wpa_s->fst) { 5539 fst_rx_action(wpa_s->fst, mgmt, len); 5540 return; 5541 } 5542 #endif /* CONFIG_FST */ 5543 5544 #ifdef CONFIG_NAN_USD 5545 if (category == WLAN_ACTION_PUBLIC && plen >= 5 && 5546 payload[0] == WLAN_PA_VENDOR_SPECIFIC && 5547 WPA_GET_BE32(&payload[1]) == NAN_SDF_VENDOR_TYPE) { 5548 payload += 5; 5549 plen -= 5; 5550 wpas_nan_usd_rx_sdf(wpa_s, mgmt->sa, mgmt->bssid, freq, 5551 payload, plen); 5552 return; 5553 } 5554 #endif /* CONFIG_NAN_USD */ 5555 5556 #ifdef CONFIG_DPP 5557 if (category == WLAN_ACTION_PUBLIC && plen >= 5 && 5558 payload[0] == WLAN_PA_VENDOR_SPECIFIC && 5559 WPA_GET_BE24(&payload[1]) == OUI_WFA && 5560 payload[4] == DPP_OUI_TYPE) { 5561 payload++; 5562 plen--; 5563 wpas_dpp_rx_action(wpa_s, mgmt->sa, payload, plen, freq); 5564 return; 5565 } 5566 #endif /* CONFIG_DPP */ 5567 5568 #ifndef CONFIG_NO_ROBUST_AV 5569 if (category == WLAN_ACTION_ROBUST_AV_STREAMING && 5570 payload[0] == ROBUST_AV_SCS_RESP) { 5571 wpas_handle_robust_av_scs_recv_action(wpa_s, mgmt->sa, 5572 payload + 1, plen - 1); 5573 return; 5574 } 5575 5576 if (category == WLAN_ACTION_ROBUST_AV_STREAMING && 5577 payload[0] == ROBUST_AV_MSCS_RESP) { 5578 wpas_handle_robust_av_recv_action(wpa_s, mgmt->sa, 5579 payload + 1, plen - 1); 5580 return; 5581 } 5582 5583 if (category == WLAN_ACTION_VENDOR_SPECIFIC_PROTECTED && plen > 4 && 5584 WPA_GET_BE32(payload) == QM_ACTION_VENDOR_TYPE) { 5585 wpas_handle_qos_mgmt_recv_action(wpa_s, mgmt->sa, 5586 payload + 4, plen - 4); 5587 return; 5588 } 5589 #endif /* CONFIG_NO_ROBUST_AV */ 5590 5591 wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid, 5592 category, payload, plen, freq); 5593 if (wpa_s->ifmsh) 5594 mesh_mpm_action_rx(wpa_s, mgmt, len); 5595 } 5596 5597 wpa_supplicant_notify_avoid_freq(struct wpa_supplicant * wpa_s,union wpa_event_data * event)5598 static void wpa_supplicant_notify_avoid_freq(struct wpa_supplicant *wpa_s, 5599 union wpa_event_data *event) 5600 { 5601 struct wpa_freq_range_list *list; 5602 char *str = NULL; 5603 5604 list = &event->freq_range; 5605 5606 if (list->num) 5607 str = freq_range_list_str(list); 5608 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AVOID_FREQ "ranges=%s", 5609 str ? str : ""); 5610 5611 #ifdef CONFIG_P2P 5612 if (freq_range_list_parse(&wpa_s->global->p2p_go_avoid_freq, str)) { 5613 wpa_dbg(wpa_s, MSG_ERROR, "%s: Failed to parse freq range", 5614 __func__); 5615 } else { 5616 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Update channel list based on frequency avoid event"); 5617 5618 /* 5619 * The update channel flow will also take care of moving a GO 5620 * from the unsafe frequency if needed. 5621 */ 5622 wpas_p2p_update_channel_list(wpa_s, 5623 WPAS_P2P_CHANNEL_UPDATE_AVOID); 5624 } 5625 #endif /* CONFIG_P2P */ 5626 5627 os_free(str); 5628 } 5629 5630 wpa_supplicant_event_port_authorized(struct wpa_supplicant * wpa_s)5631 static void wpa_supplicant_event_port_authorized(struct wpa_supplicant *wpa_s) 5632 { 5633 if (wpa_s->wpa_state == WPA_ASSOCIATED) { 5634 wpa_supplicant_cancel_auth_timeout(wpa_s); 5635 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 5636 eapol_sm_notify_portValid(wpa_s->eapol, true); 5637 eapol_sm_notify_eap_success(wpa_s->eapol, true); 5638 wpa_s->drv_authorized_port = 1; 5639 } 5640 } 5641 5642 wpas_event_cac_ms(const struct wpa_supplicant * wpa_s,int freq)5643 static unsigned int wpas_event_cac_ms(const struct wpa_supplicant *wpa_s, 5644 int freq) 5645 { 5646 size_t i; 5647 int j; 5648 5649 for (i = 0; i < wpa_s->hw.num_modes; i++) { 5650 const struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i]; 5651 5652 for (j = 0; j < mode->num_channels; j++) { 5653 const struct hostapd_channel_data *chan; 5654 5655 chan = &mode->channels[j]; 5656 if (chan->freq == freq) 5657 return chan->dfs_cac_ms; 5658 } 5659 } 5660 5661 return 0; 5662 } 5663 5664 wpas_event_dfs_cac_started(struct wpa_supplicant * wpa_s,struct dfs_event * radar)5665 static void wpas_event_dfs_cac_started(struct wpa_supplicant *wpa_s, 5666 struct dfs_event *radar) 5667 { 5668 #if defined(NEED_AP_MLME) && defined(CONFIG_AP) 5669 if (wpa_s->ap_iface || wpa_s->ifmsh) { 5670 wpas_ap_event_dfs_cac_started(wpa_s, radar); 5671 } else 5672 #endif /* NEED_AP_MLME && CONFIG_AP */ 5673 { 5674 unsigned int cac_time = wpas_event_cac_ms(wpa_s, radar->freq); 5675 5676 cac_time /= 1000; /* convert from ms to sec */ 5677 if (!cac_time) 5678 cac_time = 10 * 60; /* max timeout: 10 minutes */ 5679 5680 /* Restart auth timeout: CAC time added to initial timeout */ 5681 wpas_auth_timeout_restart(wpa_s, cac_time); 5682 } 5683 } 5684 5685 wpas_event_dfs_cac_finished(struct wpa_supplicant * wpa_s,struct dfs_event * radar)5686 static void wpas_event_dfs_cac_finished(struct wpa_supplicant *wpa_s, 5687 struct dfs_event *radar) 5688 { 5689 #if defined(NEED_AP_MLME) && defined(CONFIG_AP) 5690 if (wpa_s->ap_iface || wpa_s->ifmsh) { 5691 wpas_ap_event_dfs_cac_finished(wpa_s, radar); 5692 } else 5693 #endif /* NEED_AP_MLME && CONFIG_AP */ 5694 { 5695 /* Restart auth timeout with original value after CAC is 5696 * finished */ 5697 wpas_auth_timeout_restart(wpa_s, 0); 5698 } 5699 } 5700 5701 wpas_event_dfs_cac_aborted(struct wpa_supplicant * wpa_s,struct dfs_event * radar)5702 static void wpas_event_dfs_cac_aborted(struct wpa_supplicant *wpa_s, 5703 struct dfs_event *radar) 5704 { 5705 #if defined(NEED_AP_MLME) && defined(CONFIG_AP) 5706 if (wpa_s->ap_iface || wpa_s->ifmsh) { 5707 wpas_ap_event_dfs_cac_aborted(wpa_s, radar); 5708 } else 5709 #endif /* NEED_AP_MLME && CONFIG_AP */ 5710 { 5711 /* Restart auth timeout with original value after CAC is 5712 * aborted */ 5713 wpas_auth_timeout_restart(wpa_s, 0); 5714 } 5715 } 5716 5717 wpa_supplicant_event_assoc_auth(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5718 static void wpa_supplicant_event_assoc_auth(struct wpa_supplicant *wpa_s, 5719 union wpa_event_data *data) 5720 { 5721 wpa_dbg(wpa_s, MSG_DEBUG, 5722 "Connection authorized by device, previous state %d", 5723 wpa_s->wpa_state); 5724 5725 wpa_supplicant_event_port_authorized(wpa_s); 5726 5727 wpa_s->last_eapol_matches_bssid = 1; 5728 5729 wpa_sm_set_rx_replay_ctr(wpa_s->wpa, data->assoc_info.key_replay_ctr); 5730 wpa_sm_set_ptk_kck_kek(wpa_s->wpa, data->assoc_info.ptk_kck, 5731 data->assoc_info.ptk_kck_len, 5732 data->assoc_info.ptk_kek, 5733 data->assoc_info.ptk_kek_len); 5734 #ifdef CONFIG_FILS 5735 if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) { 5736 struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, wpa_s->bssid); 5737 const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss); 5738 5739 /* Update ERP next sequence number */ 5740 eapol_sm_update_erp_next_seq_num( 5741 wpa_s->eapol, data->assoc_info.fils_erp_next_seq_num); 5742 5743 if (data->assoc_info.fils_pmk && data->assoc_info.fils_pmkid) { 5744 /* Add the new PMK and PMKID to the PMKSA cache */ 5745 wpa_sm_pmksa_cache_add(wpa_s->wpa, 5746 data->assoc_info.fils_pmk, 5747 data->assoc_info.fils_pmk_len, 5748 data->assoc_info.fils_pmkid, 5749 wpa_s->valid_links ? 5750 wpa_s->ap_mld_addr : 5751 wpa_s->bssid, 5752 fils_cache_id); 5753 } else if (data->assoc_info.fils_pmkid) { 5754 /* Update the current PMKSA used for this connection */ 5755 pmksa_cache_set_current(wpa_s->wpa, 5756 data->assoc_info.fils_pmkid, 5757 NULL, NULL, 0, NULL, 0, true); 5758 } 5759 } 5760 #endif /* CONFIG_FILS */ 5761 } 5762 5763 connect_fail_reason(enum sta_connect_fail_reason_codes code)5764 static const char * connect_fail_reason(enum sta_connect_fail_reason_codes code) 5765 { 5766 switch (code) { 5767 case STA_CONNECT_FAIL_REASON_UNSPECIFIED: 5768 return ""; 5769 case STA_CONNECT_FAIL_REASON_NO_BSS_FOUND: 5770 return "no_bss_found"; 5771 case STA_CONNECT_FAIL_REASON_AUTH_TX_FAIL: 5772 return "auth_tx_fail"; 5773 case STA_CONNECT_FAIL_REASON_AUTH_NO_ACK_RECEIVED: 5774 return "auth_no_ack_received"; 5775 case STA_CONNECT_FAIL_REASON_AUTH_NO_RESP_RECEIVED: 5776 return "auth_no_resp_received"; 5777 case STA_CONNECT_FAIL_REASON_ASSOC_REQ_TX_FAIL: 5778 return "assoc_req_tx_fail"; 5779 case STA_CONNECT_FAIL_REASON_ASSOC_NO_ACK_RECEIVED: 5780 return "assoc_no_ack_received"; 5781 case STA_CONNECT_FAIL_REASON_ASSOC_NO_RESP_RECEIVED: 5782 return "assoc_no_resp_received"; 5783 default: 5784 return "unknown_reason"; 5785 } 5786 } 5787 5788 wpas_event_assoc_reject(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5789 static void wpas_event_assoc_reject(struct wpa_supplicant *wpa_s, 5790 union wpa_event_data *data) 5791 { 5792 const u8 *bssid = data->assoc_reject.bssid; 5793 struct ieee802_11_elems elems; 5794 struct ml_sta_link_info ml_info[MAX_NUM_MLD_LINKS]; 5795 const u8 *link_bssids[MAX_NUM_MLD_LINKS + 1]; 5796 #ifdef CONFIG_MBO 5797 struct wpa_bss *reject_bss; 5798 #endif /* CONFIG_MBO */ 5799 5800 if (!bssid || is_zero_ether_addr(bssid)) 5801 bssid = wpa_s->pending_bssid; 5802 #ifdef CONFIG_MBO 5803 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 5804 reject_bss = wpa_s->current_bss; 5805 else 5806 reject_bss = wpa_bss_get_bssid(wpa_s, bssid); 5807 #endif /* CONFIG_MBO */ 5808 5809 if (data->assoc_reject.bssid) 5810 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT 5811 "bssid=" MACSTR " status_code=%u%s%s%s%s%s", 5812 MAC2STR(data->assoc_reject.bssid), 5813 data->assoc_reject.status_code, 5814 data->assoc_reject.timed_out ? " timeout" : "", 5815 data->assoc_reject.timeout_reason ? "=" : "", 5816 data->assoc_reject.timeout_reason ? 5817 data->assoc_reject.timeout_reason : "", 5818 data->assoc_reject.reason_code != 5819 STA_CONNECT_FAIL_REASON_UNSPECIFIED ? 5820 " qca_driver_reason=" : "", 5821 connect_fail_reason(data->assoc_reject.reason_code)); 5822 else 5823 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT 5824 "status_code=%u%s%s%s%s%s", 5825 data->assoc_reject.status_code, 5826 data->assoc_reject.timed_out ? " timeout" : "", 5827 data->assoc_reject.timeout_reason ? "=" : "", 5828 data->assoc_reject.timeout_reason ? 5829 data->assoc_reject.timeout_reason : "", 5830 data->assoc_reject.reason_code != 5831 STA_CONNECT_FAIL_REASON_UNSPECIFIED ? 5832 " qca_driver_reason=" : "", 5833 connect_fail_reason(data->assoc_reject.reason_code)); 5834 wpa_s->assoc_status_code = data->assoc_reject.status_code; 5835 wpas_notify_assoc_status_code(wpa_s); 5836 5837 #ifdef CONFIG_OWE 5838 if (data->assoc_reject.status_code == 5839 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED && 5840 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE && 5841 wpa_s->current_ssid && 5842 wpa_s->current_ssid->owe_group == 0 && 5843 wpa_s->last_owe_group != 21) { 5844 struct wpa_ssid *ssid = wpa_s->current_ssid; 5845 struct wpa_bss *bss = wpa_s->current_bss; 5846 5847 if (!bss) { 5848 bss = wpa_supplicant_get_new_bss(wpa_s, bssid); 5849 if (!bss) { 5850 wpas_connection_failed(wpa_s, bssid, NULL); 5851 wpa_supplicant_mark_disassoc(wpa_s); 5852 return; 5853 } 5854 } 5855 wpa_printf(MSG_DEBUG, "OWE: Try next supported DH group"); 5856 wpas_connect_work_done(wpa_s); 5857 wpa_supplicant_mark_disassoc(wpa_s); 5858 wpa_supplicant_connect(wpa_s, bss, ssid); 5859 return; 5860 } 5861 #endif /* CONFIG_OWE */ 5862 5863 #ifdef CONFIG_DPP2 5864 /* Try to follow AP's PFS policy. WLAN_STATUS_ASSOC_DENIED_UNSPEC is 5865 * the status code defined in the DPP R2 tech spec. 5866 * WLAN_STATUS_AKMP_NOT_VALID is addressed in the same manner as an 5867 * interoperability workaround with older hostapd implementation. */ 5868 if (DPP_VERSION > 1 && wpa_s->current_ssid && 5869 (wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP || 5870 ((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_DPP) && 5871 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP)) && 5872 wpa_s->current_ssid->dpp_pfs == 0 && 5873 (data->assoc_reject.status_code == 5874 WLAN_STATUS_ASSOC_DENIED_UNSPEC || 5875 data->assoc_reject.status_code == WLAN_STATUS_AKMP_NOT_VALID)) { 5876 struct wpa_ssid *ssid = wpa_s->current_ssid; 5877 struct wpa_bss *bss = wpa_s->current_bss; 5878 5879 wpa_s->current_ssid->dpp_pfs_fallback ^= 1; 5880 if (!bss) 5881 bss = wpa_supplicant_get_new_bss(wpa_s, bssid); 5882 if (!bss || wpa_s->dpp_pfs_fallback) { 5883 wpa_printf(MSG_DEBUG, 5884 "DPP: Updated PFS policy for next try"); 5885 wpas_connection_failed(wpa_s, bssid, NULL); 5886 wpa_supplicant_mark_disassoc(wpa_s); 5887 return; 5888 } 5889 wpa_printf(MSG_DEBUG, "DPP: Try again with updated PFS policy"); 5890 wpa_s->dpp_pfs_fallback = 1; 5891 wpas_connect_work_done(wpa_s); 5892 wpa_supplicant_mark_disassoc(wpa_s); 5893 wpa_supplicant_connect(wpa_s, bss, ssid); 5894 return; 5895 } 5896 #endif /* CONFIG_DPP2 */ 5897 5898 #ifdef CONFIG_MBO 5899 if (data->assoc_reject.status_code == 5900 WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS && 5901 reject_bss && data->assoc_reject.resp_ies) { 5902 const u8 *rssi_rej; 5903 5904 rssi_rej = mbo_get_attr_from_ies( 5905 data->assoc_reject.resp_ies, 5906 data->assoc_reject.resp_ies_len, 5907 OCE_ATTR_ID_RSSI_BASED_ASSOC_REJECT); 5908 if (rssi_rej && rssi_rej[1] == 2) { 5909 wpa_printf(MSG_DEBUG, 5910 "OCE: RSSI-based association rejection from " 5911 MACSTR " (Delta RSSI: %u, Retry Delay: %u)", 5912 MAC2STR(reject_bss->bssid), 5913 rssi_rej[2], rssi_rej[3]); 5914 wpa_bss_tmp_disallow(wpa_s, 5915 reject_bss->bssid, 5916 rssi_rej[3], 5917 rssi_rej[2] + reject_bss->level); 5918 } 5919 } 5920 #endif /* CONFIG_MBO */ 5921 5922 /* Check for other failed links in the response */ 5923 os_memset(link_bssids, 0, sizeof(link_bssids)); 5924 if (ieee802_11_parse_elems(data->assoc_reject.resp_ies, 5925 data->assoc_reject.resp_ies_len, 5926 &elems, 1) != ParseFailed) { 5927 unsigned int n_links, i, idx; 5928 5929 idx = 0; 5930 n_links = wpas_ml_parse_assoc(wpa_s, &elems, ml_info); 5931 5932 for (i = 1; i < n_links; i++) { 5933 /* The status cannot be success here. 5934 * Add the link to the failed list if it is reporting 5935 * an error. The only valid "non-error" status is 5936 * TX_LINK_NOT_ACCEPTED as that means this link may 5937 * still accept an association from us. 5938 */ 5939 if (ml_info[i].status != 5940 WLAN_STATUS_DENIED_TX_LINK_NOT_ACCEPTED) { 5941 link_bssids[idx] = ml_info[i].bssid; 5942 idx++; 5943 } 5944 } 5945 } 5946 5947 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) { 5948 sme_event_assoc_reject(wpa_s, data, link_bssids); 5949 return; 5950 } 5951 5952 /* Driver-based SME cases */ 5953 5954 #ifdef CONFIG_SAE 5955 if (wpa_s->current_ssid && 5956 wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt) && 5957 !data->assoc_reject.timed_out) { 5958 wpa_dbg(wpa_s, MSG_DEBUG, "SAE: Drop PMKSA cache entry"); 5959 wpa_sm_aborted_cached(wpa_s->wpa); 5960 wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid); 5961 } 5962 #endif /* CONFIG_SAE */ 5963 5964 #ifdef CONFIG_DPP 5965 if (wpa_s->current_ssid && 5966 wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP && 5967 !data->assoc_reject.timed_out) { 5968 wpa_dbg(wpa_s, MSG_DEBUG, "DPP: Drop PMKSA cache entry"); 5969 wpa_sm_aborted_cached(wpa_s->wpa); 5970 wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid); 5971 } 5972 #endif /* CONFIG_DPP */ 5973 5974 #ifdef CONFIG_FILS 5975 /* Update ERP next sequence number */ 5976 if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) { 5977 fils_pmksa_cache_flush(wpa_s); 5978 eapol_sm_update_erp_next_seq_num( 5979 wpa_s->eapol, 5980 data->assoc_reject.fils_erp_next_seq_num); 5981 fils_connection_failure(wpa_s); 5982 } 5983 #endif /* CONFIG_FILS */ 5984 5985 wpas_connection_failed(wpa_s, bssid, link_bssids); 5986 wpa_supplicant_mark_disassoc(wpa_s); 5987 } 5988 5989 wpas_event_unprot_beacon(struct wpa_supplicant * wpa_s,struct unprot_beacon * data)5990 static void wpas_event_unprot_beacon(struct wpa_supplicant *wpa_s, 5991 struct unprot_beacon *data) 5992 { 5993 struct wpabuf *buf; 5994 int res; 5995 5996 if (!data || wpa_s->wpa_state != WPA_COMPLETED || 5997 !ether_addr_equal(data->sa, wpa_s->bssid)) 5998 return; 5999 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_UNPROT_BEACON MACSTR, 6000 MAC2STR(data->sa)); 6001 6002 buf = wpabuf_alloc(4); 6003 if (!buf) 6004 return; 6005 6006 wpabuf_put_u8(buf, WLAN_ACTION_WNM); 6007 wpabuf_put_u8(buf, WNM_NOTIFICATION_REQ); 6008 wpabuf_put_u8(buf, 1); /* Dialog Token */ 6009 wpabuf_put_u8(buf, WNM_NOTIF_TYPE_BEACON_PROTECTION_FAILURE); 6010 6011 res = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid, 6012 wpa_s->own_addr, wpa_s->bssid, 6013 wpabuf_head(buf), wpabuf_len(buf), 0); 6014 if (res < 0) 6015 wpa_printf(MSG_DEBUG, 6016 "Failed to send WNM-Notification Request frame"); 6017 6018 wpabuf_free(buf); 6019 } 6020 6021 bitmap_to_str(u8 value,char * buf)6022 static const char * bitmap_to_str(u8 value, char *buf) 6023 { 6024 char *pos = buf; 6025 int i, k = 0; 6026 6027 for (i = 7; i >= 0; i--) 6028 pos[k++] = (value & BIT(i)) ? '1' : '0'; 6029 6030 pos[8] = '\0'; 6031 return pos; 6032 } 6033 6034 wpas_tid_link_map(struct wpa_supplicant * wpa_s,struct tid_link_map_info * info)6035 static void wpas_tid_link_map(struct wpa_supplicant *wpa_s, 6036 struct tid_link_map_info *info) 6037 { 6038 char map_info[1000], *pos, *end; 6039 int res, i; 6040 6041 pos = map_info; 6042 end = pos + sizeof(map_info); 6043 res = os_snprintf(map_info, sizeof(map_info), "default=%d", 6044 info->default_map); 6045 if (os_snprintf_error(end - pos, res)) 6046 return; 6047 pos += res; 6048 6049 if (!info->default_map) { 6050 for_each_link(info->valid_links, i) { 6051 char uplink_map_str[9]; 6052 char downlink_map_str[9]; 6053 6054 bitmap_to_str(info->t2lmap[i].uplink, uplink_map_str); 6055 bitmap_to_str(info->t2lmap[i].downlink, 6056 downlink_map_str); 6057 6058 res = os_snprintf(pos, end - pos, 6059 " link_id=%d up_link=%s down_link=%s", 6060 i, uplink_map_str, 6061 downlink_map_str); 6062 if (os_snprintf_error(end - pos, res)) 6063 return; 6064 pos += res; 6065 } 6066 } 6067 6068 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_T2LM_UPDATE "%s", map_info); 6069 } 6070 6071 wpas_link_reconfig(struct wpa_supplicant * wpa_s)6072 static void wpas_link_reconfig(struct wpa_supplicant *wpa_s) 6073 { 6074 u8 bssid[ETH_ALEN]; 6075 6076 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) { 6077 wpa_printf(MSG_ERROR, "LINK_RECONFIG: Failed to get BSSID"); 6078 wpa_supplicant_deauthenticate(wpa_s, 6079 WLAN_REASON_DEAUTH_LEAVING); 6080 return; 6081 } 6082 6083 if (!ether_addr_equal(bssid, wpa_s->bssid)) { 6084 os_memcpy(wpa_s->bssid, bssid, ETH_ALEN); 6085 wpa_supplicant_update_current_bss(wpa_s, wpa_s->bssid); 6086 wpas_notify_bssid_changed(wpa_s); 6087 } 6088 6089 if (wpa_drv_get_mlo_info(wpa_s) < 0) { 6090 wpa_printf(MSG_ERROR, 6091 "LINK_RECONFIG: Failed to get MLO connection info"); 6092 wpa_supplicant_deauthenticate(wpa_s, 6093 WLAN_REASON_DEAUTH_LEAVING); 6094 return; 6095 } 6096 6097 if (wpa_sm_set_ml_info(wpa_s)) { 6098 wpa_printf(MSG_ERROR, 6099 "LINK_RECONFIG: Failed to set MLO connection info to wpa_sm"); 6100 wpa_supplicant_deauthenticate(wpa_s, 6101 WLAN_REASON_DEAUTH_LEAVING); 6102 return; 6103 } 6104 6105 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_LINK_RECONFIG "valid_links=0x%x", 6106 wpa_s->valid_links); 6107 } 6108 6109 6110 #ifdef CONFIG_PASN wpas_pasn_auth(struct wpa_supplicant * wpa_s,const struct ieee80211_mgmt * mgmt,size_t len,int freq)6111 static int wpas_pasn_auth(struct wpa_supplicant *wpa_s, 6112 const struct ieee80211_mgmt *mgmt, size_t len, 6113 int freq) 6114 { 6115 #ifdef CONFIG_P2P 6116 struct ieee802_11_elems elems; 6117 6118 if (len < 24) { 6119 wpa_printf(MSG_DEBUG, "nl80211: Too short Management frame"); 6120 return -2; 6121 } 6122 6123 if (ieee802_11_parse_elems(mgmt->u.auth.variable, 6124 len - offsetof(struct ieee80211_mgmt, 6125 u.auth.variable), 6126 &elems, 1) == ParseFailed) { 6127 wpa_printf(MSG_DEBUG, 6128 "PASN: Failed parsing Authentication frame"); 6129 return -2; 6130 } 6131 6132 if (elems.p2p2_ie && elems.p2p2_ie_len) 6133 return wpas_p2p_pasn_auth_rx(wpa_s, mgmt, len, freq); 6134 #endif /* CONFIG_P2P */ 6135 6136 return wpas_pasn_auth_rx(wpa_s, mgmt, len); 6137 } 6138 #endif /* CONFIG_PASN */ 6139 6140 wpa_supplicant_event(void * ctx,enum wpa_event_type event,union wpa_event_data * data)6141 void wpa_supplicant_event(void *ctx, enum wpa_event_type event, 6142 union wpa_event_data *data) 6143 { 6144 struct wpa_supplicant *wpa_s = ctx; 6145 int resched; 6146 struct os_reltime age, clear_at; 6147 #ifndef CONFIG_NO_STDOUT_DEBUG 6148 int level = MSG_DEBUG; 6149 #endif /* CONFIG_NO_STDOUT_DEBUG */ 6150 6151 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED && 6152 event != EVENT_INTERFACE_ENABLED && 6153 event != EVENT_INTERFACE_STATUS && 6154 event != EVENT_SCAN_RESULTS && 6155 event != EVENT_SCHED_SCAN_STOPPED) { 6156 wpa_dbg(wpa_s, MSG_DEBUG, 6157 "Ignore event %s (%d) while interface is disabled", 6158 event_to_string(event), event); 6159 return; 6160 } 6161 6162 #ifndef CONFIG_NO_STDOUT_DEBUG 6163 if (event == EVENT_RX_MGMT && data->rx_mgmt.frame_len >= 24) { 6164 const struct ieee80211_hdr *hdr; 6165 u16 fc; 6166 hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame; 6167 fc = le_to_host16(hdr->frame_control); 6168 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT && 6169 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON) 6170 level = MSG_EXCESSIVE; 6171 } 6172 6173 wpa_dbg(wpa_s, level, "Event %s (%d) received", 6174 event_to_string(event), event); 6175 #endif /* CONFIG_NO_STDOUT_DEBUG */ 6176 6177 switch (event) { 6178 case EVENT_AUTH: 6179 #ifdef CONFIG_FST 6180 if (!wpas_fst_update_mbie(wpa_s, data->auth.ies, 6181 data->auth.ies_len)) 6182 wpa_printf(MSG_DEBUG, 6183 "FST: MB IEs updated from auth IE"); 6184 #endif /* CONFIG_FST */ 6185 sme_event_auth(wpa_s, data); 6186 wpa_s->auth_status_code = data->auth.status_code; 6187 wpas_notify_auth_status_code(wpa_s); 6188 break; 6189 case EVENT_ASSOC: 6190 #ifdef CONFIG_TESTING_OPTIONS 6191 if (wpa_s->ignore_auth_resp) { 6192 wpa_printf(MSG_INFO, 6193 "EVENT_ASSOC - ignore_auth_resp active!"); 6194 break; 6195 } 6196 if (wpa_s->testing_resend_assoc) { 6197 wpa_printf(MSG_INFO, 6198 "EVENT_DEAUTH - testing_resend_assoc"); 6199 break; 6200 } 6201 #endif /* CONFIG_TESTING_OPTIONS */ 6202 if (wpa_s->disconnected) { 6203 wpa_printf(MSG_INFO, 6204 "Ignore unexpected EVENT_ASSOC in disconnected state"); 6205 break; 6206 } 6207 wpa_supplicant_event_assoc(wpa_s, data); 6208 wpa_s->assoc_status_code = WLAN_STATUS_SUCCESS; 6209 if (data && 6210 (data->assoc_info.authorized || 6211 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) && 6212 wpa_fils_is_completed(wpa_s->wpa)))) 6213 wpa_supplicant_event_assoc_auth(wpa_s, data); 6214 if (data) { 6215 wpa_msg(wpa_s, MSG_INFO, 6216 WPA_EVENT_SUBNET_STATUS_UPDATE "status=%u", 6217 data->assoc_info.subnet_status); 6218 } 6219 break; 6220 case EVENT_DISASSOC: 6221 wpas_event_disassoc(wpa_s, 6222 data ? &data->disassoc_info : NULL); 6223 break; 6224 case EVENT_DEAUTH: 6225 #ifdef CONFIG_TESTING_OPTIONS 6226 if (wpa_s->ignore_auth_resp) { 6227 wpa_printf(MSG_INFO, 6228 "EVENT_DEAUTH - ignore_auth_resp active!"); 6229 break; 6230 } 6231 if (wpa_s->testing_resend_assoc) { 6232 wpa_printf(MSG_INFO, 6233 "EVENT_DEAUTH - testing_resend_assoc"); 6234 break; 6235 } 6236 #endif /* CONFIG_TESTING_OPTIONS */ 6237 wpas_event_deauth(wpa_s, 6238 data ? &data->deauth_info : NULL); 6239 break; 6240 case EVENT_LINK_RECONFIG: 6241 wpas_link_reconfig(wpa_s); 6242 break; 6243 case EVENT_MICHAEL_MIC_FAILURE: 6244 wpa_supplicant_event_michael_mic_failure(wpa_s, data); 6245 break; 6246 #ifndef CONFIG_NO_SCAN_PROCESSING 6247 case EVENT_SCAN_STARTED: 6248 if (wpa_s->own_scan_requested || 6249 (data && !data->scan_info.external_scan)) { 6250 struct os_reltime diff; 6251 6252 os_get_reltime(&wpa_s->scan_start_time); 6253 os_reltime_sub(&wpa_s->scan_start_time, 6254 &wpa_s->scan_trigger_time, &diff); 6255 wpa_dbg(wpa_s, MSG_DEBUG, "Own scan request started a scan in %ld.%06ld seconds", 6256 diff.sec, diff.usec); 6257 wpa_s->own_scan_requested = 0; 6258 wpa_s->own_scan_running = 1; 6259 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 6260 wpa_s->manual_scan_use_id) { 6261 wpa_msg_ctrl(wpa_s, MSG_INFO, 6262 WPA_EVENT_SCAN_STARTED "id=%u", 6263 wpa_s->manual_scan_id); 6264 } else { 6265 wpa_msg_ctrl(wpa_s, MSG_INFO, 6266 WPA_EVENT_SCAN_STARTED); 6267 } 6268 } else { 6269 wpa_dbg(wpa_s, MSG_DEBUG, "External program started a scan"); 6270 wpa_s->radio->external_scan_req_interface = wpa_s; 6271 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_STARTED); 6272 } 6273 break; 6274 case EVENT_SCAN_RESULTS: 6275 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 6276 wpa_s->scan_res_handler = NULL; 6277 wpa_s->own_scan_running = 0; 6278 wpa_s->radio->external_scan_req_interface = NULL; 6279 wpa_s->last_scan_req = NORMAL_SCAN_REQ; 6280 break; 6281 } 6282 6283 if (!(data && data->scan_info.external_scan) && 6284 os_reltime_initialized(&wpa_s->scan_start_time)) { 6285 struct os_reltime now, diff; 6286 os_get_reltime(&now); 6287 os_reltime_sub(&now, &wpa_s->scan_start_time, &diff); 6288 wpa_s->scan_start_time.sec = 0; 6289 wpa_s->scan_start_time.usec = 0; 6290 wpa_s->wps_scan_done = true; 6291 wpa_dbg(wpa_s, MSG_DEBUG, "Scan completed in %ld.%06ld seconds", 6292 diff.sec, diff.usec); 6293 } 6294 if (wpa_supplicant_event_scan_results(wpa_s, data)) 6295 break; /* interface may have been removed */ 6296 if (!(data && data->scan_info.external_scan)) 6297 wpa_s->own_scan_running = 0; 6298 if (data && data->scan_info.nl_scan_event) 6299 wpa_s->radio->external_scan_req_interface = NULL; 6300 radio_work_check_next(wpa_s); 6301 break; 6302 #endif /* CONFIG_NO_SCAN_PROCESSING */ 6303 case EVENT_ASSOCINFO: 6304 wpa_supplicant_event_associnfo(wpa_s, data); 6305 break; 6306 case EVENT_INTERFACE_STATUS: 6307 wpa_supplicant_event_interface_status(wpa_s, data); 6308 break; 6309 case EVENT_PMKID_CANDIDATE: 6310 wpa_supplicant_event_pmkid_candidate(wpa_s, data); 6311 break; 6312 #ifdef CONFIG_TDLS 6313 case EVENT_TDLS: 6314 wpa_supplicant_event_tdls(wpa_s, data); 6315 break; 6316 #endif /* CONFIG_TDLS */ 6317 #ifdef CONFIG_WNM 6318 case EVENT_WNM: 6319 wpa_supplicant_event_wnm(wpa_s, data); 6320 break; 6321 #endif /* CONFIG_WNM */ 6322 #ifdef CONFIG_IEEE80211R 6323 case EVENT_FT_RESPONSE: 6324 wpa_supplicant_event_ft_response(wpa_s, data); 6325 break; 6326 #endif /* CONFIG_IEEE80211R */ 6327 #ifdef CONFIG_IBSS_RSN 6328 case EVENT_IBSS_RSN_START: 6329 wpa_supplicant_event_ibss_rsn_start(wpa_s, data); 6330 break; 6331 #endif /* CONFIG_IBSS_RSN */ 6332 case EVENT_ASSOC_REJECT: 6333 wpas_event_assoc_reject(wpa_s, data); 6334 break; 6335 case EVENT_AUTH_TIMED_OUT: 6336 /* It is possible to get this event from earlier connection */ 6337 if (wpa_s->current_ssid && 6338 wpa_s->current_ssid->mode == WPAS_MODE_MESH) { 6339 wpa_dbg(wpa_s, MSG_DEBUG, 6340 "Ignore AUTH_TIMED_OUT in mesh configuration"); 6341 break; 6342 } 6343 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 6344 sme_event_auth_timed_out(wpa_s, data); 6345 break; 6346 case EVENT_ASSOC_TIMED_OUT: 6347 /* It is possible to get this event from earlier connection */ 6348 if (wpa_s->current_ssid && 6349 wpa_s->current_ssid->mode == WPAS_MODE_MESH) { 6350 wpa_dbg(wpa_s, MSG_DEBUG, 6351 "Ignore ASSOC_TIMED_OUT in mesh configuration"); 6352 break; 6353 } 6354 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 6355 sme_event_assoc_timed_out(wpa_s, data); 6356 break; 6357 case EVENT_TX_STATUS: 6358 wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS dst=" MACSTR 6359 " type=%d stype=%d", 6360 MAC2STR(data->tx_status.dst), 6361 data->tx_status.type, data->tx_status.stype); 6362 #ifdef CONFIG_WNM 6363 if (data->tx_status.type == WLAN_FC_TYPE_MGMT && 6364 data->tx_status.stype == WLAN_FC_STYPE_ACTION && 6365 wnm_btm_resp_tx_status(wpa_s, data->tx_status.data, 6366 data->tx_status.data_len) == 0) 6367 break; 6368 #endif /* CONFIG_WNM */ 6369 #ifdef CONFIG_PASN 6370 #ifdef CONFIG_P2P 6371 if (data->tx_status.type == WLAN_FC_TYPE_MGMT && 6372 data->tx_status.stype == WLAN_FC_STYPE_AUTH && 6373 !wpa_s->pasn_auth_work && 6374 wpa_s->p2p_pasn_auth_work && 6375 wpas_p2p_pasn_auth_tx_status(wpa_s, 6376 data->tx_status.data, 6377 data->tx_status.data_len, 6378 data->tx_status.ack) == 0) 6379 break; 6380 #endif /* CONFIG_P2P */ 6381 if (data->tx_status.type == WLAN_FC_TYPE_MGMT && 6382 data->tx_status.stype == WLAN_FC_STYPE_AUTH && 6383 wpas_pasn_auth_tx_status(wpa_s, data->tx_status.data, 6384 data->tx_status.data_len, 6385 data->tx_status.ack) == 0) 6386 break; 6387 #endif /* CONFIG_PASN */ 6388 #ifdef CONFIG_AP 6389 if (wpa_s->ap_iface == NULL) { 6390 #ifdef CONFIG_OFFCHANNEL 6391 if (data->tx_status.type == WLAN_FC_TYPE_MGMT && 6392 data->tx_status.stype == WLAN_FC_STYPE_ACTION) 6393 offchannel_send_action_tx_status( 6394 wpa_s, data->tx_status.dst, 6395 data->tx_status.data, 6396 data->tx_status.data_len, 6397 data->tx_status.ack ? 6398 OFFCHANNEL_SEND_ACTION_SUCCESS : 6399 OFFCHANNEL_SEND_ACTION_NO_ACK); 6400 #endif /* CONFIG_OFFCHANNEL */ 6401 break; 6402 } 6403 #endif /* CONFIG_AP */ 6404 #ifdef CONFIG_OFFCHANNEL 6405 wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS pending_dst=" 6406 MACSTR, MAC2STR(wpa_s->p2pdev->pending_action_dst)); 6407 /* 6408 * Catch TX status events for Action frames we sent via group 6409 * interface in GO mode, or via standalone AP interface. 6410 * Note, wpa_s->p2pdev will be the same as wpa_s->parent, 6411 * except when the primary interface is used as a GO interface 6412 * (for drivers which do not have group interface concurrency) 6413 */ 6414 if (data->tx_status.type == WLAN_FC_TYPE_MGMT && 6415 data->tx_status.stype == WLAN_FC_STYPE_ACTION && 6416 ether_addr_equal(wpa_s->p2pdev->pending_action_dst, 6417 data->tx_status.dst)) { 6418 offchannel_send_action_tx_status( 6419 wpa_s->p2pdev, data->tx_status.dst, 6420 data->tx_status.data, 6421 data->tx_status.data_len, 6422 data->tx_status.ack ? 6423 OFFCHANNEL_SEND_ACTION_SUCCESS : 6424 OFFCHANNEL_SEND_ACTION_NO_ACK); 6425 break; 6426 } 6427 #endif /* CONFIG_OFFCHANNEL */ 6428 #ifdef CONFIG_AP 6429 switch (data->tx_status.type) { 6430 case WLAN_FC_TYPE_MGMT: 6431 ap_mgmt_tx_cb(wpa_s, data->tx_status.data, 6432 data->tx_status.data_len, 6433 data->tx_status.stype, 6434 data->tx_status.ack); 6435 break; 6436 case WLAN_FC_TYPE_DATA: 6437 ap_tx_status(wpa_s, data->tx_status.dst, 6438 data->tx_status.data, 6439 data->tx_status.data_len, 6440 data->tx_status.ack); 6441 break; 6442 } 6443 #endif /* CONFIG_AP */ 6444 break; 6445 #ifdef CONFIG_AP 6446 case EVENT_EAPOL_TX_STATUS: 6447 ap_eapol_tx_status(wpa_s, data->eapol_tx_status.dst, 6448 data->eapol_tx_status.data, 6449 data->eapol_tx_status.data_len, 6450 data->eapol_tx_status.ack); 6451 break; 6452 case EVENT_DRIVER_CLIENT_POLL_OK: 6453 ap_client_poll_ok(wpa_s, data->client_poll.addr); 6454 break; 6455 case EVENT_RX_FROM_UNKNOWN: 6456 if (wpa_s->ap_iface == NULL) 6457 break; 6458 ap_rx_from_unknown_sta(wpa_s, data->rx_from_unknown.addr, 6459 data->rx_from_unknown.wds); 6460 break; 6461 #endif /* CONFIG_AP */ 6462 6463 case EVENT_LINK_CH_SWITCH_STARTED: 6464 case EVENT_LINK_CH_SWITCH: 6465 if (!data || !wpa_s->current_ssid || 6466 !(wpa_s->valid_links & BIT(data->ch_switch.link_id))) 6467 break; 6468 6469 wpa_msg(wpa_s, MSG_INFO, 6470 "%sfreq=%d link_id=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d", 6471 event == EVENT_LINK_CH_SWITCH ? 6472 WPA_EVENT_LINK_CHANNEL_SWITCH : 6473 WPA_EVENT_LINK_CHANNEL_SWITCH_STARTED, 6474 data->ch_switch.freq, 6475 data->ch_switch.link_id, 6476 data->ch_switch.ht_enabled, 6477 data->ch_switch.ch_offset, 6478 channel_width_to_string(data->ch_switch.ch_width), 6479 data->ch_switch.cf1, 6480 data->ch_switch.cf2); 6481 if (event == EVENT_LINK_CH_SWITCH_STARTED) 6482 break; 6483 6484 wpa_s->links[data->ch_switch.link_id].freq = 6485 data->ch_switch.freq; 6486 if (wpa_s->links[data->ch_switch.link_id].bss && 6487 wpa_s->links[data->ch_switch.link_id].bss->freq != 6488 data->ch_switch.freq) { 6489 wpa_s->links[data->ch_switch.link_id].bss->freq = 6490 data->ch_switch.freq; 6491 notify_bss_changes( 6492 wpa_s, WPA_BSS_FREQ_CHANGED_FLAG, 6493 wpa_s->links[data->ch_switch.link_id].bss); 6494 } 6495 break; 6496 case EVENT_CH_SWITCH_STARTED: 6497 case EVENT_CH_SWITCH: 6498 if (!data || !wpa_s->current_ssid) 6499 break; 6500 6501 wpa_msg(wpa_s, MSG_INFO, 6502 "%sfreq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d", 6503 event == EVENT_CH_SWITCH ? WPA_EVENT_CHANNEL_SWITCH : 6504 WPA_EVENT_CHANNEL_SWITCH_STARTED, 6505 data->ch_switch.freq, 6506 data->ch_switch.ht_enabled, 6507 data->ch_switch.ch_offset, 6508 channel_width_to_string(data->ch_switch.ch_width), 6509 data->ch_switch.cf1, 6510 data->ch_switch.cf2); 6511 if (event == EVENT_CH_SWITCH_STARTED) 6512 break; 6513 6514 wpa_s->assoc_freq = data->ch_switch.freq; 6515 wpa_s->current_ssid->frequency = data->ch_switch.freq; 6516 if (wpa_s->current_bss && 6517 wpa_s->current_bss->freq != data->ch_switch.freq) { 6518 wpa_s->current_bss->freq = data->ch_switch.freq; 6519 notify_bss_changes(wpa_s, WPA_BSS_FREQ_CHANGED_FLAG, 6520 wpa_s->current_bss); 6521 } 6522 6523 #ifdef CONFIG_SME 6524 switch (data->ch_switch.ch_offset) { 6525 case 1: 6526 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_ABOVE; 6527 break; 6528 case -1: 6529 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_BELOW; 6530 break; 6531 default: 6532 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_UNKNOWN; 6533 break; 6534 } 6535 #endif /* CONFIG_SME */ 6536 6537 #ifdef CONFIG_AP 6538 if (wpa_s->current_ssid->mode == WPAS_MODE_AP || 6539 wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO || 6540 wpa_s->current_ssid->mode == WPAS_MODE_MESH || 6541 wpa_s->current_ssid->mode == 6542 WPAS_MODE_P2P_GROUP_FORMATION) { 6543 wpas_ap_ch_switch(wpa_s, data->ch_switch.freq, 6544 data->ch_switch.ht_enabled, 6545 data->ch_switch.ch_offset, 6546 data->ch_switch.ch_width, 6547 data->ch_switch.cf1, 6548 data->ch_switch.cf2, 6549 data->ch_switch.punct_bitmap, 6550 1); 6551 } 6552 #endif /* CONFIG_AP */ 6553 6554 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 6555 sme_event_ch_switch(wpa_s); 6556 6557 wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_CS); 6558 wnm_clear_coloc_intf_reporting(wpa_s); 6559 break; 6560 #ifdef CONFIG_AP 6561 #ifdef NEED_AP_MLME 6562 case EVENT_DFS_RADAR_DETECTED: 6563 if (data) 6564 wpas_ap_event_dfs_radar_detected(wpa_s, 6565 &data->dfs_event); 6566 break; 6567 case EVENT_DFS_NOP_FINISHED: 6568 if (data) 6569 wpas_ap_event_dfs_cac_nop_finished(wpa_s, 6570 &data->dfs_event); 6571 break; 6572 #endif /* NEED_AP_MLME */ 6573 #endif /* CONFIG_AP */ 6574 case EVENT_DFS_CAC_STARTED: 6575 if (data) 6576 wpas_event_dfs_cac_started(wpa_s, &data->dfs_event); 6577 break; 6578 case EVENT_DFS_CAC_FINISHED: 6579 if (data) 6580 wpas_event_dfs_cac_finished(wpa_s, &data->dfs_event); 6581 break; 6582 case EVENT_DFS_CAC_ABORTED: 6583 if (data) 6584 wpas_event_dfs_cac_aborted(wpa_s, &data->dfs_event); 6585 break; 6586 case EVENT_RX_MGMT: { 6587 u16 fc, stype; 6588 const struct ieee80211_mgmt *mgmt; 6589 6590 #ifdef CONFIG_TESTING_OPTIONS 6591 if (wpa_s->ext_mgmt_frame_handling) { 6592 struct rx_mgmt *rx = &data->rx_mgmt; 6593 size_t hex_len = 2 * rx->frame_len + 1; 6594 char *hex = os_malloc(hex_len); 6595 if (hex) { 6596 wpa_snprintf_hex(hex, hex_len, 6597 rx->frame, rx->frame_len); 6598 wpa_msg(wpa_s, MSG_INFO, "MGMT-RX freq=%d datarate=%u ssi_signal=%d %s", 6599 rx->freq, rx->datarate, rx->ssi_signal, 6600 hex); 6601 os_free(hex); 6602 } 6603 break; 6604 } 6605 #endif /* CONFIG_TESTING_OPTIONS */ 6606 6607 mgmt = (const struct ieee80211_mgmt *) 6608 data->rx_mgmt.frame; 6609 fc = le_to_host16(mgmt->frame_control); 6610 stype = WLAN_FC_GET_STYPE(fc); 6611 6612 #ifdef CONFIG_AP 6613 if (wpa_s->ap_iface == NULL) { 6614 #endif /* CONFIG_AP */ 6615 #ifdef CONFIG_P2P 6616 if (stype == WLAN_FC_STYPE_PROBE_REQ && 6617 data->rx_mgmt.frame_len > IEEE80211_HDRLEN) { 6618 const u8 *src = mgmt->sa; 6619 const u8 *ie; 6620 size_t ie_len; 6621 6622 ie = data->rx_mgmt.frame + IEEE80211_HDRLEN; 6623 ie_len = data->rx_mgmt.frame_len - 6624 IEEE80211_HDRLEN; 6625 wpas_p2p_probe_req_rx( 6626 wpa_s, src, mgmt->da, 6627 mgmt->bssid, ie, ie_len, 6628 data->rx_mgmt.freq, 6629 data->rx_mgmt.ssi_signal); 6630 break; 6631 } 6632 #endif /* CONFIG_P2P */ 6633 #ifdef CONFIG_IBSS_RSN 6634 if (wpa_s->current_ssid && 6635 wpa_s->current_ssid->mode == WPAS_MODE_IBSS && 6636 stype == WLAN_FC_STYPE_AUTH && 6637 data->rx_mgmt.frame_len >= 30) { 6638 wpa_supplicant_event_ibss_auth(wpa_s, data); 6639 break; 6640 } 6641 #endif /* CONFIG_IBSS_RSN */ 6642 6643 if (stype == WLAN_FC_STYPE_ACTION) { 6644 wpas_event_rx_mgmt_action( 6645 wpa_s, data->rx_mgmt.frame, 6646 data->rx_mgmt.frame_len, 6647 data->rx_mgmt.freq, 6648 data->rx_mgmt.ssi_signal); 6649 break; 6650 } 6651 6652 if (wpa_s->ifmsh) { 6653 mesh_mpm_mgmt_rx(wpa_s, &data->rx_mgmt); 6654 break; 6655 } 6656 #ifdef CONFIG_PASN 6657 if (stype == WLAN_FC_STYPE_AUTH && 6658 wpas_pasn_auth(wpa_s, mgmt, data->rx_mgmt.frame_len, 6659 data->rx_mgmt.freq) != -2) 6660 break; 6661 #endif /* CONFIG_PASN */ 6662 6663 #ifdef CONFIG_SAE 6664 if (stype == WLAN_FC_STYPE_AUTH && 6665 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) && 6666 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) { 6667 sme_external_auth_mgmt_rx( 6668 wpa_s, data->rx_mgmt.frame, 6669 data->rx_mgmt.frame_len); 6670 break; 6671 } 6672 #endif /* CONFIG_SAE */ 6673 wpa_dbg(wpa_s, MSG_DEBUG, "AP: ignore received " 6674 "management frame in non-AP mode"); 6675 break; 6676 #ifdef CONFIG_AP 6677 } 6678 6679 if (stype == WLAN_FC_STYPE_PROBE_REQ && 6680 data->rx_mgmt.frame_len > IEEE80211_HDRLEN) { 6681 const u8 *ie; 6682 size_t ie_len; 6683 6684 ie = data->rx_mgmt.frame + IEEE80211_HDRLEN; 6685 ie_len = data->rx_mgmt.frame_len - IEEE80211_HDRLEN; 6686 6687 wpas_notify_preq(wpa_s, mgmt->sa, mgmt->da, 6688 mgmt->bssid, ie, ie_len, 6689 data->rx_mgmt.ssi_signal); 6690 } 6691 6692 ap_mgmt_rx(wpa_s, &data->rx_mgmt); 6693 #endif /* CONFIG_AP */ 6694 break; 6695 } 6696 case EVENT_RX_PROBE_REQ: 6697 if (data->rx_probe_req.sa == NULL || 6698 data->rx_probe_req.ie == NULL) 6699 break; 6700 #ifdef CONFIG_AP 6701 if (wpa_s->ap_iface) { 6702 hostapd_probe_req_rx(wpa_s->ap_iface->bss[0], 6703 data->rx_probe_req.sa, 6704 data->rx_probe_req.da, 6705 data->rx_probe_req.bssid, 6706 data->rx_probe_req.ie, 6707 data->rx_probe_req.ie_len, 6708 data->rx_probe_req.ssi_signal); 6709 break; 6710 } 6711 #endif /* CONFIG_AP */ 6712 wpas_p2p_probe_req_rx(wpa_s, data->rx_probe_req.sa, 6713 data->rx_probe_req.da, 6714 data->rx_probe_req.bssid, 6715 data->rx_probe_req.ie, 6716 data->rx_probe_req.ie_len, 6717 0, 6718 data->rx_probe_req.ssi_signal); 6719 break; 6720 case EVENT_REMAIN_ON_CHANNEL: 6721 #ifdef CONFIG_OFFCHANNEL 6722 offchannel_remain_on_channel_cb( 6723 wpa_s, data->remain_on_channel.freq, 6724 data->remain_on_channel.duration); 6725 #endif /* CONFIG_OFFCHANNEL */ 6726 wpas_p2p_remain_on_channel_cb( 6727 wpa_s, data->remain_on_channel.freq, 6728 data->remain_on_channel.duration); 6729 #ifdef CONFIG_DPP 6730 wpas_dpp_remain_on_channel_cb( 6731 wpa_s, data->remain_on_channel.freq, 6732 data->remain_on_channel.duration); 6733 #endif /* CONFIG_DPP */ 6734 #ifdef CONFIG_NAN_USD 6735 wpas_nan_usd_remain_on_channel_cb( 6736 wpa_s, data->remain_on_channel.freq, 6737 data->remain_on_channel.duration); 6738 #endif /* CONFIG_NAN_USD */ 6739 break; 6740 case EVENT_CANCEL_REMAIN_ON_CHANNEL: 6741 #ifdef CONFIG_OFFCHANNEL 6742 offchannel_cancel_remain_on_channel_cb( 6743 wpa_s, data->remain_on_channel.freq); 6744 #endif /* CONFIG_OFFCHANNEL */ 6745 wpas_p2p_cancel_remain_on_channel_cb( 6746 wpa_s, data->remain_on_channel.freq); 6747 #ifdef CONFIG_DPP 6748 wpas_dpp_cancel_remain_on_channel_cb( 6749 wpa_s, data->remain_on_channel.freq); 6750 #endif /* CONFIG_DPP */ 6751 #ifdef CONFIG_NAN_USD 6752 wpas_nan_usd_cancel_remain_on_channel_cb( 6753 wpa_s, data->remain_on_channel.freq); 6754 #endif /* CONFIG_NAN_USD */ 6755 break; 6756 case EVENT_EAPOL_RX: 6757 wpa_supplicant_rx_eapol(wpa_s, data->eapol_rx.src, 6758 data->eapol_rx.data, 6759 data->eapol_rx.data_len, 6760 data->eapol_rx.encrypted); 6761 break; 6762 case EVENT_SIGNAL_CHANGE: 6763 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SIGNAL_CHANGE 6764 "above=%d signal=%d noise=%d txrate=%lu", 6765 data->signal_change.above_threshold, 6766 data->signal_change.data.signal, 6767 data->signal_change.current_noise, 6768 data->signal_change.data.current_tx_rate); 6769 wpa_bss_update_level(wpa_s->current_bss, 6770 data->signal_change.data.signal); 6771 bgscan_notify_signal_change( 6772 wpa_s, data->signal_change.above_threshold, 6773 data->signal_change.data.signal, 6774 data->signal_change.current_noise, 6775 data->signal_change.data.current_tx_rate); 6776 os_memcpy(&wpa_s->last_signal_info, data, 6777 sizeof(struct wpa_signal_info)); 6778 wpas_notify_signal_change(wpa_s); 6779 break; 6780 case EVENT_INTERFACE_MAC_CHANGED: 6781 wpa_supplicant_update_mac_addr(wpa_s); 6782 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL); 6783 break; 6784 case EVENT_INTERFACE_ENABLED: 6785 wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled"); 6786 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 6787 u8 addr[ETH_ALEN]; 6788 6789 eloop_cancel_timeout(wpas_clear_disabled_interface, 6790 wpa_s, NULL); 6791 os_memcpy(addr, wpa_s->own_addr, ETH_ALEN); 6792 wpa_supplicant_update_mac_addr(wpa_s); 6793 if (!ether_addr_equal(addr, wpa_s->own_addr)) 6794 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL); 6795 else 6796 wpa_sm_pmksa_cache_reconfig(wpa_s->wpa); 6797 wpa_supplicant_set_default_scan_ies(wpa_s); 6798 if (wpa_s->p2p_mgmt) { 6799 wpa_supplicant_set_state(wpa_s, 6800 WPA_DISCONNECTED); 6801 break; 6802 } 6803 6804 #ifdef CONFIG_AP 6805 if (!wpa_s->ap_iface) { 6806 wpa_supplicant_set_state(wpa_s, 6807 WPA_DISCONNECTED); 6808 wpa_s->scan_req = NORMAL_SCAN_REQ; 6809 wpa_supplicant_req_scan(wpa_s, 0, 0); 6810 } else 6811 wpa_supplicant_set_state(wpa_s, 6812 WPA_COMPLETED); 6813 #else /* CONFIG_AP */ 6814 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 6815 wpa_supplicant_req_scan(wpa_s, 0, 0); 6816 #endif /* CONFIG_AP */ 6817 } 6818 break; 6819 case EVENT_INTERFACE_DISABLED: 6820 wpa_dbg(wpa_s, MSG_DEBUG, "Interface was disabled"); 6821 #ifdef CONFIG_P2P 6822 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_GO || 6823 (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group && 6824 wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO)) { 6825 /* 6826 * Mark interface disabled if this happens to end up not 6827 * being removed as a separate P2P group interface. 6828 */ 6829 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED); 6830 /* 6831 * The interface was externally disabled. Remove 6832 * it assuming an external entity will start a 6833 * new session if needed. 6834 */ 6835 if (wpa_s->current_ssid && 6836 wpa_s->current_ssid->p2p_group) 6837 wpas_p2p_interface_unavailable(wpa_s); 6838 else 6839 wpas_p2p_disconnect(wpa_s); 6840 /* 6841 * wpa_s instance may have been freed, so must not use 6842 * it here anymore. 6843 */ 6844 break; 6845 } 6846 if (wpa_s->p2p_scan_work && wpa_s->global->p2p && 6847 p2p_in_progress(wpa_s->global->p2p) > 1) { 6848 /* This radio work will be cancelled, so clear P2P 6849 * state as well. 6850 */ 6851 p2p_stop_find(wpa_s->global->p2p); 6852 } 6853 #endif /* CONFIG_P2P */ 6854 6855 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) { 6856 /* 6857 * Indicate disconnection to keep ctrl_iface events 6858 * consistent. 6859 */ 6860 wpa_supplicant_event_disassoc( 6861 wpa_s, WLAN_REASON_DEAUTH_LEAVING, 1); 6862 } 6863 wpa_supplicant_mark_disassoc(wpa_s); 6864 os_reltime_age(&wpa_s->last_scan, &age); 6865 if (age.sec >= wpa_s->conf->scan_res_valid_for_connect) { 6866 clear_at.sec = wpa_s->conf->scan_res_valid_for_connect; 6867 clear_at.usec = 0; 6868 } else { 6869 struct os_reltime tmp; 6870 6871 tmp.sec = wpa_s->conf->scan_res_valid_for_connect; 6872 tmp.usec = 0; 6873 os_reltime_sub(&tmp, &age, &clear_at); 6874 } 6875 eloop_register_timeout(clear_at.sec, clear_at.usec, 6876 wpas_clear_disabled_interface, 6877 wpa_s, NULL); 6878 radio_remove_works(wpa_s, NULL, 0); 6879 6880 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED); 6881 break; 6882 case EVENT_CHANNEL_LIST_CHANGED: 6883 wpa_supplicant_update_channel_list( 6884 wpa_s, &data->channel_list_changed); 6885 break; 6886 case EVENT_INTERFACE_UNAVAILABLE: 6887 wpas_p2p_interface_unavailable(wpa_s); 6888 break; 6889 case EVENT_BEST_CHANNEL: 6890 wpa_dbg(wpa_s, MSG_DEBUG, "Best channel event received " 6891 "(%d %d %d)", 6892 data->best_chan.freq_24, data->best_chan.freq_5, 6893 data->best_chan.freq_overall); 6894 wpa_s->best_24_freq = data->best_chan.freq_24; 6895 wpa_s->best_5_freq = data->best_chan.freq_5; 6896 wpa_s->best_overall_freq = data->best_chan.freq_overall; 6897 wpas_p2p_update_best_channels(wpa_s, data->best_chan.freq_24, 6898 data->best_chan.freq_5, 6899 data->best_chan.freq_overall); 6900 break; 6901 case EVENT_UNPROT_DEAUTH: 6902 wpa_supplicant_event_unprot_deauth(wpa_s, 6903 &data->unprot_deauth); 6904 break; 6905 case EVENT_UNPROT_DISASSOC: 6906 wpa_supplicant_event_unprot_disassoc(wpa_s, 6907 &data->unprot_disassoc); 6908 break; 6909 case EVENT_STATION_LOW_ACK: 6910 #ifdef CONFIG_AP 6911 if (wpa_s->ap_iface && data) 6912 hostapd_event_sta_low_ack(wpa_s->ap_iface->bss[0], 6913 data->low_ack.addr); 6914 #endif /* CONFIG_AP */ 6915 #ifdef CONFIG_TDLS 6916 if (data) 6917 wpa_tdls_disable_unreachable_link(wpa_s->wpa, 6918 data->low_ack.addr); 6919 #endif /* CONFIG_TDLS */ 6920 break; 6921 case EVENT_IBSS_PEER_LOST: 6922 #ifdef CONFIG_IBSS_RSN 6923 ibss_rsn_stop(wpa_s->ibss_rsn, data->ibss_peer_lost.peer); 6924 #endif /* CONFIG_IBSS_RSN */ 6925 break; 6926 case EVENT_DRIVER_GTK_REKEY: 6927 if (!ether_addr_equal(data->driver_gtk_rekey.bssid, 6928 wpa_s->bssid)) 6929 break; 6930 if (!wpa_s->wpa) 6931 break; 6932 wpa_sm_update_replay_ctr(wpa_s->wpa, 6933 data->driver_gtk_rekey.replay_ctr); 6934 break; 6935 case EVENT_SCHED_SCAN_STOPPED: 6936 wpa_s->sched_scanning = 0; 6937 resched = wpa_s->scanning && wpas_scan_scheduled(wpa_s); 6938 wpa_supplicant_notify_scanning(wpa_s, 0); 6939 6940 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) 6941 break; 6942 6943 /* 6944 * If the driver stopped scanning without being requested to, 6945 * request a new scan to continue scanning for networks. 6946 */ 6947 if (!wpa_s->sched_scan_stop_req && 6948 wpa_s->wpa_state == WPA_SCANNING) { 6949 wpa_dbg(wpa_s, MSG_DEBUG, 6950 "Restart scanning after unexpected sched_scan stop event"); 6951 wpa_supplicant_req_scan(wpa_s, 1, 0); 6952 break; 6953 } 6954 6955 wpa_s->sched_scan_stop_req = 0; 6956 6957 /* 6958 * Start a new sched scan to continue searching for more SSIDs 6959 * either if timed out or PNO schedule scan is pending. 6960 */ 6961 if (wpa_s->sched_scan_timed_out) { 6962 wpa_supplicant_req_sched_scan(wpa_s); 6963 } else if (wpa_s->pno_sched_pending) { 6964 wpa_s->pno_sched_pending = 0; 6965 wpas_start_pno(wpa_s); 6966 } else if (resched) { 6967 wpa_supplicant_req_scan(wpa_s, 0, 0); 6968 } 6969 6970 break; 6971 case EVENT_WPS_BUTTON_PUSHED: 6972 #ifdef CONFIG_WPS 6973 wpas_wps_start_pbc(wpa_s, NULL, 0, 0); 6974 #endif /* CONFIG_WPS */ 6975 break; 6976 case EVENT_AVOID_FREQUENCIES: 6977 wpa_supplicant_notify_avoid_freq(wpa_s, data); 6978 break; 6979 case EVENT_CONNECT_FAILED_REASON: 6980 #ifdef CONFIG_AP 6981 if (!wpa_s->ap_iface || !data) 6982 break; 6983 hostapd_event_connect_failed_reason( 6984 wpa_s->ap_iface->bss[0], 6985 data->connect_failed_reason.addr, 6986 data->connect_failed_reason.code); 6987 #endif /* CONFIG_AP */ 6988 break; 6989 case EVENT_NEW_PEER_CANDIDATE: 6990 #ifdef CONFIG_MESH 6991 if (!wpa_s->ifmsh || !data) 6992 break; 6993 wpa_mesh_notify_peer(wpa_s, data->mesh_peer.peer, 6994 data->mesh_peer.ies, 6995 data->mesh_peer.ie_len); 6996 #endif /* CONFIG_MESH */ 6997 break; 6998 case EVENT_SURVEY: 6999 #ifdef CONFIG_AP 7000 if (!wpa_s->ap_iface) 7001 break; 7002 hostapd_event_get_survey(wpa_s->ap_iface, 7003 &data->survey_results); 7004 #endif /* CONFIG_AP */ 7005 break; 7006 case EVENT_ACS_CHANNEL_SELECTED: 7007 #ifdef CONFIG_AP 7008 #ifdef CONFIG_ACS 7009 if (!wpa_s->ap_iface) 7010 break; 7011 hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0], 7012 &data->acs_selected_channels); 7013 #endif /* CONFIG_ACS */ 7014 #endif /* CONFIG_AP */ 7015 break; 7016 case EVENT_P2P_LO_STOP: 7017 #ifdef CONFIG_P2P 7018 wpa_s->p2p_lo_started = 0; 7019 wpa_msg(wpa_s, MSG_INFO, P2P_EVENT_LISTEN_OFFLOAD_STOP 7020 P2P_LISTEN_OFFLOAD_STOP_REASON "reason=%d", 7021 data->p2p_lo_stop.reason_code); 7022 #endif /* CONFIG_P2P */ 7023 break; 7024 case EVENT_BEACON_LOSS: 7025 if (!wpa_s->current_bss || !wpa_s->current_ssid) 7026 break; 7027 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_BEACON_LOSS); 7028 bgscan_notify_beacon_loss(wpa_s); 7029 break; 7030 case EVENT_EXTERNAL_AUTH: 7031 #ifdef CONFIG_SAE 7032 if (!wpa_s->current_ssid) { 7033 wpa_printf(MSG_DEBUG, "SAE: current_ssid is NULL"); 7034 break; 7035 } 7036 sme_external_auth_trigger(wpa_s, data); 7037 #endif /* CONFIG_SAE */ 7038 break; 7039 #ifdef CONFIG_PASN 7040 case EVENT_PASN_AUTH: 7041 wpas_pasn_auth_trigger(wpa_s, &data->pasn_auth); 7042 break; 7043 #endif /* CONFIG_PASN */ 7044 case EVENT_PORT_AUTHORIZED: 7045 #ifdef CONFIG_AP 7046 if (wpa_s->ap_iface && wpa_s->ap_iface->bss[0]) { 7047 struct sta_info *sta; 7048 7049 sta = ap_get_sta(wpa_s->ap_iface->bss[0], 7050 data->port_authorized.sta_addr); 7051 if (sta) 7052 ap_sta_set_authorized(wpa_s->ap_iface->bss[0], 7053 sta, 1); 7054 else 7055 wpa_printf(MSG_DEBUG, 7056 "No STA info matching port authorized event found"); 7057 break; 7058 } 7059 #endif /* CONFIG_AP */ 7060 #ifndef CONFIG_NO_WPA 7061 if (data->port_authorized.td_bitmap_len) { 7062 wpa_printf(MSG_DEBUG, 7063 "WPA3: Transition Disable bitmap from the driver event: 0x%x", 7064 data->port_authorized.td_bitmap[0]); 7065 wpas_transition_disable( 7066 wpa_s, data->port_authorized.td_bitmap[0]); 7067 } 7068 #endif /* CONFIG_NO_WPA */ 7069 wpa_supplicant_event_port_authorized(wpa_s); 7070 break; 7071 case EVENT_STATION_OPMODE_CHANGED: 7072 #ifdef CONFIG_AP 7073 if (!wpa_s->ap_iface || !data) 7074 break; 7075 7076 hostapd_event_sta_opmode_changed(wpa_s->ap_iface->bss[0], 7077 data->sta_opmode.addr, 7078 data->sta_opmode.smps_mode, 7079 data->sta_opmode.chan_width, 7080 data->sta_opmode.rx_nss); 7081 #endif /* CONFIG_AP */ 7082 break; 7083 case EVENT_UNPROT_BEACON: 7084 wpas_event_unprot_beacon(wpa_s, &data->unprot_beacon); 7085 break; 7086 case EVENT_TX_WAIT_EXPIRE: 7087 #ifdef CONFIG_DPP 7088 wpas_dpp_tx_wait_expire(wpa_s); 7089 #endif /* CONFIG_DPP */ 7090 #ifdef CONFIG_NAN_USD 7091 wpas_nan_usd_tx_wait_expire(wpa_s); 7092 #endif /* CONFIG_NAN_USD */ 7093 break; 7094 case EVENT_TID_LINK_MAP: 7095 if (data) 7096 wpas_tid_link_map(wpa_s, &data->t2l_map_info); 7097 break; 7098 default: 7099 wpa_msg(wpa_s, MSG_INFO, "Unknown event %d", event); 7100 break; 7101 } 7102 } 7103 7104 wpa_supplicant_event_global(void * ctx,enum wpa_event_type event,union wpa_event_data * data)7105 void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event, 7106 union wpa_event_data *data) 7107 { 7108 struct wpa_supplicant *wpa_s; 7109 7110 if (event != EVENT_INTERFACE_STATUS) 7111 return; 7112 7113 wpa_s = wpa_supplicant_get_iface(ctx, data->interface_status.ifname); 7114 if (wpa_s && wpa_s->driver->get_ifindex) { 7115 unsigned int ifindex; 7116 7117 ifindex = wpa_s->driver->get_ifindex(wpa_s->drv_priv); 7118 if (ifindex != data->interface_status.ifindex) { 7119 wpa_dbg(wpa_s, MSG_DEBUG, 7120 "interface status ifindex %d mismatch (%d)", 7121 ifindex, data->interface_status.ifindex); 7122 return; 7123 } 7124 } 7125 #ifdef CONFIG_MATCH_IFACE 7126 else if (data->interface_status.ievent == EVENT_INTERFACE_ADDED) { 7127 struct wpa_interface *wpa_i; 7128 7129 wpa_i = wpa_supplicant_match_iface( 7130 ctx, data->interface_status.ifname); 7131 if (!wpa_i) 7132 return; 7133 wpa_s = wpa_supplicant_add_iface(ctx, wpa_i, NULL); 7134 os_free(wpa_i); 7135 } 7136 #endif /* CONFIG_MATCH_IFACE */ 7137 7138 if (wpa_s) 7139 wpa_supplicant_event(wpa_s, event, data); 7140 } 7141