1 /*
2 * hostapd / IEEE 802.11 Management: Beacon and Probe Request/Response
3 * Copyright (c) 2002-2004, Instant802 Networks, Inc.
4 * Copyright (c) 2005-2006, Devicescape Software, Inc.
5 * Copyright (c) 2008-2012, Jouni Malinen <j@w1.fi>
6 *
7 * This software may be distributed under the terms of the BSD license.
8 * See README for more details.
9 */
10
11 #include "utils/includes.h"
12
13 #ifndef CONFIG_NATIVE_WINDOWS
14
15 #include "utils/common.h"
16 #include "common/ieee802_11_defs.h"
17 #include "common/ieee802_11_common.h"
18 #include "common/hw_features_common.h"
19 #include "common/wpa_ctrl.h"
20 #include "crypto/sha1.h"
21 #include "wps/wps_defs.h"
22 #include "p2p/p2p.h"
23 #include "hostapd.h"
24 #include "ieee802_11.h"
25 #include "wpa_auth.h"
26 #include "wmm.h"
27 #include "ap_config.h"
28 #include "sta_info.h"
29 #include "p2p_hostapd.h"
30 #include "ap_drv_ops.h"
31 #include "beacon.h"
32 #include "hs20.h"
33 #include "dfs.h"
34 #include "taxonomy.h"
35 #include "ieee802_11_auth.h"
36
37
38 #ifdef NEED_AP_MLME
39
hostapd_eid_bss_load(struct hostapd_data * hapd,u8 * eid,size_t len)40 static u8 * hostapd_eid_bss_load(struct hostapd_data *hapd, u8 *eid, size_t len)
41 {
42 if (len < 2 + 5)
43 return eid;
44
45 #ifdef CONFIG_TESTING_OPTIONS
46 if (hapd->conf->bss_load_test_set) {
47 *eid++ = WLAN_EID_BSS_LOAD;
48 *eid++ = 5;
49 os_memcpy(eid, hapd->conf->bss_load_test, 5);
50 eid += 5;
51 return eid;
52 }
53 #endif /* CONFIG_TESTING_OPTIONS */
54 if (hapd->conf->bss_load_update_period) {
55 *eid++ = WLAN_EID_BSS_LOAD;
56 *eid++ = 5;
57 WPA_PUT_LE16(eid, hapd->num_sta);
58 eid += 2;
59 *eid++ = hapd->iface->channel_utilization;
60 WPA_PUT_LE16(eid, 0); /* no available admission capabity */
61 eid += 2;
62 }
63 return eid;
64 }
65
66
ieee802_11_erp_info(struct hostapd_data * hapd)67 static u8 ieee802_11_erp_info(struct hostapd_data *hapd)
68 {
69 u8 erp = 0;
70
71 if (hapd->iface->current_mode == NULL ||
72 hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
73 return 0;
74
75 if (hapd->iface->olbc)
76 erp |= ERP_INFO_USE_PROTECTION;
77 if (hapd->iface->num_sta_non_erp > 0) {
78 erp |= ERP_INFO_NON_ERP_PRESENT |
79 ERP_INFO_USE_PROTECTION;
80 }
81 if (hapd->iface->num_sta_no_short_preamble > 0 ||
82 hapd->iconf->preamble == LONG_PREAMBLE)
83 erp |= ERP_INFO_BARKER_PREAMBLE_MODE;
84
85 return erp;
86 }
87
88
hostapd_eid_ds_params(struct hostapd_data * hapd,u8 * eid)89 static u8 * hostapd_eid_ds_params(struct hostapd_data *hapd, u8 *eid)
90 {
91 enum hostapd_hw_mode hw_mode = hapd->iconf->hw_mode;
92
93 if (hw_mode != HOSTAPD_MODE_IEEE80211G &&
94 hw_mode != HOSTAPD_MODE_IEEE80211B)
95 return eid;
96
97 *eid++ = WLAN_EID_DS_PARAMS;
98 *eid++ = 1;
99 *eid++ = hapd->iconf->channel;
100 return eid;
101 }
102
103
hostapd_eid_erp_info(struct hostapd_data * hapd,u8 * eid)104 static u8 * hostapd_eid_erp_info(struct hostapd_data *hapd, u8 *eid)
105 {
106 if (hapd->iface->current_mode == NULL ||
107 hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
108 return eid;
109
110 /* Set NonERP_present and use_protection bits if there
111 * are any associated NonERP stations. */
112 /* TODO: use_protection bit can be set to zero even if
113 * there are NonERP stations present. This optimization
114 * might be useful if NonERP stations are "quiet".
115 * See 802.11g/D6 E-1 for recommended practice.
116 * In addition, Non ERP present might be set, if AP detects Non ERP
117 * operation on other APs. */
118
119 /* Add ERP Information element */
120 *eid++ = WLAN_EID_ERP_INFO;
121 *eid++ = 1;
122 *eid++ = ieee802_11_erp_info(hapd);
123
124 return eid;
125 }
126
127
hostapd_eid_pwr_constraint(struct hostapd_data * hapd,u8 * eid)128 static u8 * hostapd_eid_pwr_constraint(struct hostapd_data *hapd, u8 *eid)
129 {
130 u8 *pos = eid;
131 u8 local_pwr_constraint = 0;
132 int dfs;
133
134 if (hapd->iface->current_mode == NULL ||
135 hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211A)
136 return eid;
137
138 /* Let host drivers add this IE if DFS support is offloaded */
139 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD)
140 return eid;
141
142 /*
143 * There is no DFS support and power constraint was not directly
144 * requested by config option.
145 */
146 if (!hapd->iconf->ieee80211h &&
147 hapd->iconf->local_pwr_constraint == -1)
148 return eid;
149
150 /* Check if DFS is required by regulatory. */
151 dfs = hostapd_is_dfs_required(hapd->iface);
152 if (dfs < 0) {
153 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d",
154 dfs);
155 dfs = 0;
156 }
157
158 if (dfs == 0 && hapd->iconf->local_pwr_constraint == -1)
159 return eid;
160
161 /*
162 * ieee80211h (DFS) is enabled so Power Constraint element shall
163 * be added when running on DFS channel whenever local_pwr_constraint
164 * is configured or not. In order to meet regulations when TPC is not
165 * implemented using a transmit power that is below the legal maximum
166 * (including any mitigation factor) should help. In this case,
167 * indicate 3 dB below maximum allowed transmit power.
168 */
169 if (hapd->iconf->local_pwr_constraint == -1)
170 local_pwr_constraint = 3;
171
172 /*
173 * A STA that is not an AP shall use a transmit power less than or
174 * equal to the local maximum transmit power level for the channel.
175 * The local maximum transmit power can be calculated from the formula:
176 * local max TX pwr = max TX pwr - local pwr constraint
177 * Where max TX pwr is maximum transmit power level specified for
178 * channel in Country element and local pwr constraint is specified
179 * for channel in this Power Constraint element.
180 */
181
182 /* Element ID */
183 *pos++ = WLAN_EID_PWR_CONSTRAINT;
184 /* Length */
185 *pos++ = 1;
186 /* Local Power Constraint */
187 if (local_pwr_constraint)
188 *pos++ = local_pwr_constraint;
189 else
190 *pos++ = hapd->iconf->local_pwr_constraint;
191
192 return pos;
193 }
194
195
hostapd_eid_country_add(struct hostapd_data * hapd,u8 * pos,u8 * end,int chan_spacing,struct hostapd_channel_data * start,struct hostapd_channel_data * prev)196 static u8 * hostapd_eid_country_add(struct hostapd_data *hapd, u8 *pos,
197 u8 *end, int chan_spacing,
198 struct hostapd_channel_data *start,
199 struct hostapd_channel_data *prev)
200 {
201 if (end - pos < 3)
202 return pos;
203
204 /* first channel number */
205 *pos++ = start->chan;
206 /* number of channels */
207 *pos++ = (prev->chan - start->chan) / chan_spacing + 1;
208 /* maximum transmit power level */
209 if (!is_6ghz_op_class(hapd->iconf->op_class))
210 *pos++ = start->max_tx_power;
211 else
212 *pos++ = 0; /* Reserved when operating on the 6 GHz band */
213
214 return pos;
215 }
216
217
hostapd_fill_subband_triplets(struct hostapd_data * hapd,u8 * pos,u8 * end)218 static u8 * hostapd_fill_subband_triplets(struct hostapd_data *hapd, u8 *pos,
219 u8 *end)
220 {
221 int i;
222 struct hostapd_hw_modes *mode;
223 struct hostapd_channel_data *start, *prev;
224 int chan_spacing = 1;
225
226 mode = hapd->iface->current_mode;
227 if (mode->mode == HOSTAPD_MODE_IEEE80211A)
228 chan_spacing = 4;
229
230 start = prev = NULL;
231 for (i = 0; i < mode->num_channels; i++) {
232 struct hostapd_channel_data *chan = &mode->channels[i];
233 if (chan->flag & HOSTAPD_CHAN_DISABLED)
234 continue;
235 if (start && prev &&
236 prev->chan + chan_spacing == chan->chan &&
237 start->max_tx_power == chan->max_tx_power) {
238 prev = chan;
239 continue; /* can use same entry */
240 }
241
242 if (start && prev)
243 pos = hostapd_eid_country_add(hapd, pos, end,
244 chan_spacing,
245 start, prev);
246
247 /* Start new group */
248 start = prev = chan;
249 }
250
251 if (start) {
252 pos = hostapd_eid_country_add(hapd, pos, end, chan_spacing,
253 start, prev);
254 }
255
256 return pos;
257 }
258
259
hostapd_eid_country(struct hostapd_data * hapd,u8 * eid,int max_len)260 static u8 * hostapd_eid_country(struct hostapd_data *hapd, u8 *eid,
261 int max_len)
262 {
263 u8 *pos = eid;
264 u8 *end = eid + max_len;
265 bool force_global;
266
267 if (!hapd->iconf->ieee80211d || max_len < 6 ||
268 hapd->iface->current_mode == NULL)
269 return eid;
270
271 *pos++ = WLAN_EID_COUNTRY;
272 pos++; /* length will be set later */
273 os_memcpy(pos, hapd->iconf->country, 3); /* e.g., 'US ' */
274 pos += 3;
275
276 /* The 6 GHz band uses global operating classes */
277 force_global = is_6ghz_op_class(hapd->iconf->op_class);
278
279 #ifdef CONFIG_MBO
280 /* Wi-Fi Agile Muiltiband AP is required to use a global operating
281 * class. */
282 if (hapd->conf->mbo_enabled)
283 force_global = true;
284 #endif /* CONFIG_MBO */
285
286 if (force_global) {
287 /* Force the third octet of the country string to indicate
288 * Global Operating Class (Table E-4) */
289 eid[4] = 0x04;
290 }
291
292 if (is_6ghz_op_class(hapd->iconf->op_class)) {
293 /* Operating Triplet field */
294 /* Operating Extension Identifier (>= 201 to indicate this is
295 * not a Subband Triplet field) */
296 *pos++ = 201;
297 /* Operating Class */
298 *pos++ = hapd->iconf->op_class;
299 /* Coverage Class */
300 *pos++ = 0;
301 /* Subband Triplets are required only for the 20 MHz case */
302 if (hapd->iconf->op_class == 131 ||
303 hapd->iconf->op_class == 136)
304 pos = hostapd_fill_subband_triplets(hapd, pos, end);
305 } else {
306 pos = hostapd_fill_subband_triplets(hapd, pos, end);
307 }
308
309 if ((pos - eid) & 1) {
310 if (end - pos < 1)
311 return eid;
312 *pos++ = 0; /* pad for 16-bit alignment */
313 }
314
315 eid[1] = (pos - eid) - 2;
316
317 return pos;
318 }
319
320
hostapd_wpa_ie(struct hostapd_data * hapd,u8 eid)321 const u8 * hostapd_wpa_ie(struct hostapd_data *hapd, u8 eid)
322 {
323 const u8 *ies;
324 size_t ies_len;
325
326 ies = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ies_len);
327 if (!ies)
328 return NULL;
329
330 return get_ie(ies, ies_len, eid);
331 }
332
333
hostapd_vendor_wpa_ie(struct hostapd_data * hapd,u32 vendor_type)334 static const u8 * hostapd_vendor_wpa_ie(struct hostapd_data *hapd,
335 u32 vendor_type)
336 {
337 const u8 *ies;
338 size_t ies_len;
339
340 ies = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ies_len);
341 if (!ies)
342 return NULL;
343
344 return get_vendor_ie(ies, ies_len, vendor_type);
345 }
346
347
hostapd_get_rsne(struct hostapd_data * hapd,u8 * pos,size_t len)348 static u8 * hostapd_get_rsne(struct hostapd_data *hapd, u8 *pos, size_t len)
349 {
350 const u8 *ie;
351
352 ie = hostapd_wpa_ie(hapd, WLAN_EID_RSN);
353 if (!ie || 2U + ie[1] > len)
354 return pos;
355
356 os_memcpy(pos, ie, 2 + ie[1]);
357 return pos + 2 + ie[1];
358 }
359
360
hostapd_get_mde(struct hostapd_data * hapd,u8 * pos,size_t len)361 static u8 * hostapd_get_mde(struct hostapd_data *hapd, u8 *pos, size_t len)
362 {
363 const u8 *ie;
364
365 ie = hostapd_wpa_ie(hapd, WLAN_EID_MOBILITY_DOMAIN);
366 if (!ie || 2U + ie[1] > len)
367 return pos;
368
369 os_memcpy(pos, ie, 2 + ie[1]);
370 return pos + 2 + ie[1];
371 }
372
373
hostapd_get_rsnxe(struct hostapd_data * hapd,u8 * pos,size_t len)374 static u8 * hostapd_get_rsnxe(struct hostapd_data *hapd, u8 *pos, size_t len)
375 {
376 const u8 *ie;
377
378 #ifdef CONFIG_TESTING_OPTIONS
379 if (hapd->conf->no_beacon_rsnxe) {
380 wpa_printf(MSG_INFO, "TESTING: Do not add RSNXE into Beacon");
381 return pos;
382 }
383 #endif /* CONFIG_TESTING_OPTIONS */
384 ie = hostapd_wpa_ie(hapd, WLAN_EID_RSNX);
385 if (!ie || 2U + ie[1] > len)
386 return pos;
387
388 os_memcpy(pos, ie, 2 + ie[1]);
389 return pos + 2 + ie[1];
390 }
391
392
hostapd_get_wpa_ie(struct hostapd_data * hapd,u8 * pos,size_t len)393 static u8 * hostapd_get_wpa_ie(struct hostapd_data *hapd, u8 *pos, size_t len)
394 {
395 const u8 *ie;
396
397 ie = hostapd_vendor_wpa_ie(hapd, WPA_IE_VENDOR_TYPE);
398 if (!ie || 2U + ie[1] > len)
399 return pos;
400
401 os_memcpy(pos, ie, 2 + ie[1]);
402 return pos + 2 + ie[1];
403 }
404
405
hostapd_get_rsne_override(struct hostapd_data * hapd,u8 * pos,size_t len)406 static u8 * hostapd_get_rsne_override(struct hostapd_data *hapd, u8 *pos,
407 size_t len)
408 {
409 const u8 *ie;
410
411 ie = hostapd_vendor_wpa_ie(hapd, RSNE_OVERRIDE_IE_VENDOR_TYPE);
412 if (!ie || 2U + ie[1] > len)
413 return pos;
414
415 os_memcpy(pos, ie, 2 + ie[1]);
416 return pos + 2 + ie[1];
417 }
418
419
hostapd_get_rsne_override_2(struct hostapd_data * hapd,u8 * pos,size_t len)420 static u8 * hostapd_get_rsne_override_2(struct hostapd_data *hapd, u8 *pos,
421 size_t len)
422 {
423 const u8 *ie;
424
425 ie = hostapd_vendor_wpa_ie(hapd, RSNE_OVERRIDE_2_IE_VENDOR_TYPE);
426 if (!ie || 2U + ie[1] > len)
427 return pos;
428
429 os_memcpy(pos, ie, 2 + ie[1]);
430 return pos + 2 + ie[1];
431 }
432
433
hostapd_get_rsnxe_override(struct hostapd_data * hapd,u8 * pos,size_t len)434 static u8 * hostapd_get_rsnxe_override(struct hostapd_data *hapd, u8 *pos,
435 size_t len)
436 {
437 const u8 *ie;
438
439 ie = hostapd_vendor_wpa_ie(hapd, RSNXE_OVERRIDE_IE_VENDOR_TYPE);
440 if (!ie || 2U + ie[1] > len)
441 return pos;
442
443 os_memcpy(pos, ie, 2 + ie[1]);
444 return pos + 2 + ie[1];
445 }
446
447
hostapd_get_rsne_override_len(struct hostapd_data * hapd)448 static size_t hostapd_get_rsne_override_len(struct hostapd_data *hapd)
449 {
450 const u8 *ie;
451
452 ie = hostapd_vendor_wpa_ie(hapd, RSNE_OVERRIDE_IE_VENDOR_TYPE);
453 if (!ie)
454 return 0;
455 return 2 + ie[1];
456 }
457
458
hostapd_get_rsne_override_2_len(struct hostapd_data * hapd)459 static size_t hostapd_get_rsne_override_2_len(struct hostapd_data *hapd)
460 {
461 const u8 *ie;
462
463 ie = hostapd_vendor_wpa_ie(hapd, RSNE_OVERRIDE_2_IE_VENDOR_TYPE);
464 if (!ie)
465 return 0;
466 return 2 + ie[1];
467 }
468
469
hostapd_get_rsnxe_override_len(struct hostapd_data * hapd)470 static size_t hostapd_get_rsnxe_override_len(struct hostapd_data *hapd)
471 {
472 const u8 *ie;
473
474 ie = hostapd_vendor_wpa_ie(hapd, RSNXE_OVERRIDE_IE_VENDOR_TYPE);
475 if (!ie)
476 return 0;
477 return 2 + ie[1];
478 }
479
480
hostapd_eid_csa(struct hostapd_data * hapd,u8 * eid)481 static u8 * hostapd_eid_csa(struct hostapd_data *hapd, u8 *eid)
482 {
483 #ifdef CONFIG_TESTING_OPTIONS
484 if (hapd->iface->cs_oper_class && hapd->iconf->ecsa_ie_only)
485 return eid;
486 #endif /* CONFIG_TESTING_OPTIONS */
487
488 if (!hapd->cs_freq_params.channel)
489 return eid;
490
491 *eid++ = WLAN_EID_CHANNEL_SWITCH;
492 *eid++ = 3;
493 *eid++ = hapd->cs_block_tx;
494 *eid++ = hapd->cs_freq_params.channel;
495 *eid++ = hapd->cs_count;
496
497 return eid;
498 }
499
500
hostapd_eid_ecsa(struct hostapd_data * hapd,u8 * eid)501 static u8 * hostapd_eid_ecsa(struct hostapd_data *hapd, u8 *eid)
502 {
503 if (!hapd->cs_freq_params.channel || !hapd->iface->cs_oper_class)
504 return eid;
505
506 #ifdef CONFIG_TESTING_OPTIONS
507 if (hapd->iconf->csa_ie_only)
508 return eid;
509 #endif /* CONFIG_TESTING_OPTIONS */
510
511 *eid++ = WLAN_EID_EXT_CHANSWITCH_ANN;
512 *eid++ = 4;
513 *eid++ = hapd->cs_block_tx;
514 *eid++ = hapd->iface->cs_oper_class;
515 *eid++ = hapd->cs_freq_params.channel;
516 *eid++ = hapd->cs_count;
517
518 return eid;
519 }
520
521
hostapd_eid_max_cs_time(struct hostapd_data * hapd,u8 * eid)522 static u8 * hostapd_eid_max_cs_time(struct hostapd_data *hapd, u8 *eid)
523 {
524 #ifdef CONFIG_IEEE80211BE
525 u32 switch_time;
526
527 /* Add Max Channel Switch Time element only if this AP is affiliated
528 * with an AP MLD and channel switch is in process. */
529 if (!hapd->conf->mld_ap || !hapd->cs_freq_params.channel)
530 return eid;
531
532 /* Switch time is basically time between CSA count 1 and CSA count
533 * 0 (1 beacon interval) + time for interface restart + time to
534 * send a Beacon frame in the new channel (1 beacon interval).
535 *
536 * TODO: Use dynamic interface restart time. For now, assume 1 sec.
537 */
538 switch_time = USEC_TO_TU(1000 * 1000) + 2 * hapd->iconf->beacon_int;
539
540 *eid++ = WLAN_EID_EXTENSION;
541 *eid++ = 4;
542 *eid++ = WLAN_EID_EXT_MAX_CHANNEL_SWITCH_TIME;
543 WPA_PUT_LE24(eid, switch_time);
544 eid += 3;
545 #endif /* CONFIG_IEEE80211BE */
546
547 return eid;
548 }
549
550
hostapd_eid_supported_op_classes(struct hostapd_data * hapd,u8 * eid)551 static u8 * hostapd_eid_supported_op_classes(struct hostapd_data *hapd, u8 *eid)
552 {
553 u8 op_class, channel;
554
555 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_CSA) ||
556 !hapd->iface->freq)
557 return eid;
558
559 if (ieee80211_freq_to_channel_ext(hapd->iface->freq,
560 hapd->iconf->secondary_channel,
561 hostapd_get_oper_chwidth(hapd->iconf),
562 &op_class, &channel) ==
563 NUM_HOSTAPD_MODES)
564 return eid;
565
566 *eid++ = WLAN_EID_SUPPORTED_OPERATING_CLASSES;
567 *eid++ = 2;
568
569 /* Current Operating Class */
570 *eid++ = op_class;
571
572 /* TODO: Advertise all the supported operating classes */
573 *eid++ = 0;
574
575 return eid;
576 }
577
578
579 static int
ieee802_11_build_ap_params_mbssid(struct hostapd_data * hapd,struct wpa_driver_ap_params * params)580 ieee802_11_build_ap_params_mbssid(struct hostapd_data *hapd,
581 struct wpa_driver_ap_params *params)
582 {
583 struct hostapd_iface *iface = hapd->iface;
584 struct hostapd_data *tx_bss;
585 size_t len, rnr_len = 0;
586 u8 elem_count = 0, *elem = NULL, **elem_offset = NULL, *end;
587 u8 rnr_elem_count = 0, *rnr_elem = NULL, **rnr_elem_offset = NULL;
588
589 if (!iface->mbssid_max_interfaces ||
590 iface->num_bss > iface->mbssid_max_interfaces ||
591 (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED &&
592 !iface->ema_max_periodicity))
593 goto fail;
594
595 tx_bss = hostapd_mbssid_get_tx_bss(hapd);
596 len = hostapd_eid_mbssid_len(tx_bss, WLAN_FC_STYPE_BEACON, &elem_count,
597 NULL, 0, &rnr_len);
598 if (!len || (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED &&
599 elem_count > iface->ema_max_periodicity))
600 goto fail;
601
602 elem = os_zalloc(len);
603 if (!elem)
604 goto fail;
605
606 elem_offset = os_zalloc(elem_count * sizeof(u8 *));
607 if (!elem_offset)
608 goto fail;
609
610 if (rnr_len) {
611 rnr_elem = os_zalloc(rnr_len);
612 if (!rnr_elem)
613 goto fail;
614
615 rnr_elem_offset = os_calloc(elem_count + 1, sizeof(u8 *));
616 if (!rnr_elem_offset)
617 goto fail;
618 }
619
620 end = hostapd_eid_mbssid(tx_bss, elem, elem + len, WLAN_FC_STYPE_BEACON,
621 elem_count, elem_offset, NULL, 0, rnr_elem,
622 &rnr_elem_count, rnr_elem_offset, rnr_len);
623
624 params->mbssid_tx_iface = tx_bss->conf->iface;
625 params->mbssid_index = hostapd_mbssid_get_bss_index(hapd);
626 params->mbssid_elem = elem;
627 params->mbssid_elem_len = end - elem;
628 params->mbssid_elem_count = elem_count;
629 params->mbssid_elem_offset = elem_offset;
630 params->rnr_elem = rnr_elem;
631 params->rnr_elem_len = rnr_len;
632 params->rnr_elem_count = rnr_elem_count;
633 params->rnr_elem_offset = rnr_elem_offset;
634 if (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED)
635 params->ema = true;
636
637 return 0;
638
639 fail:
640 os_free(rnr_elem);
641 os_free(rnr_elem_offset);
642 os_free(elem_offset);
643 os_free(elem);
644 wpa_printf(MSG_ERROR, "MBSSID: Configuration failed");
645 return -1;
646 }
647
648
hostapd_eid_mbssid_config(struct hostapd_data * hapd,u8 * eid,u8 mbssid_elem_count)649 static u8 * hostapd_eid_mbssid_config(struct hostapd_data *hapd, u8 *eid,
650 u8 mbssid_elem_count)
651 {
652 struct hostapd_iface *iface = hapd->iface;
653
654 if (iface->conf->mbssid == ENHANCED_MBSSID_ENABLED) {
655 *eid++ = WLAN_EID_EXTENSION;
656 *eid++ = 3;
657 *eid++ = WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION;
658 *eid++ = iface->num_bss;
659 *eid++ = mbssid_elem_count;
660 }
661
662 return eid;
663 }
664
665
he_elem_len(struct hostapd_data * hapd)666 static size_t he_elem_len(struct hostapd_data *hapd)
667 {
668 size_t len = 0;
669
670 #ifdef CONFIG_IEEE80211AX
671 if (!hapd->iconf->ieee80211ax || hapd->conf->disable_11ax)
672 return len;
673
674 len += 3 + sizeof(struct ieee80211_he_capabilities) +
675 3 + sizeof(struct ieee80211_he_operation) +
676 3 + sizeof(struct ieee80211_he_mu_edca_parameter_set) +
677 3 + sizeof(struct ieee80211_spatial_reuse);
678 if (is_6ghz_op_class(hapd->iconf->op_class)) {
679 len += sizeof(struct ieee80211_he_6ghz_oper_info) +
680 3 + sizeof(struct ieee80211_he_6ghz_band_cap);
681 /* An additional Transmit Power Envelope element for
682 * subordinate client */
683 if (he_reg_is_indoor(hapd->iconf->he_6ghz_reg_pwr_type))
684 len += 4;
685
686 /* An additional Transmit Power Envelope element for
687 * default client with unit interpretation of regulatory
688 * client EIRP */
689 if (hapd->iconf->reg_def_cli_eirp != -1 &&
690 he_reg_is_sp(hapd->iconf->he_6ghz_reg_pwr_type))
691 len += 4;
692 }
693 #endif /* CONFIG_IEEE80211AX */
694
695 return len;
696 }
697
698
699 struct probe_resp_params {
700 const struct ieee80211_mgmt *req;
701 bool is_p2p;
702
703 /* Generated IEs will be included inside an ML element */
704 struct hostapd_data *mld_ap;
705 struct mld_info *mld_info;
706
707 struct ieee80211_mgmt *resp;
708 size_t resp_len;
709 u8 *csa_pos;
710 u8 *ecsa_pos;
711 const u8 *known_bss;
712 u8 known_bss_len;
713
714 #ifdef CONFIG_IEEE80211AX
715 u8 *cca_pos;
716 #endif /* CONFIG_IEEE80211AX */
717 };
718
719
hostapd_free_probe_resp_params(struct probe_resp_params * params)720 static void hostapd_free_probe_resp_params(struct probe_resp_params *params)
721 {
722 #ifdef CONFIG_IEEE80211BE
723 if (!params)
724 return;
725
726 os_free(params->mld_info);
727 params->mld_info = NULL;
728 #endif /* CONFIG_IEEE80211BE */
729 }
730
731
hostapd_probe_resp_elems_len(struct hostapd_data * hapd,struct probe_resp_params * params)732 static size_t hostapd_probe_resp_elems_len(struct hostapd_data *hapd,
733 struct probe_resp_params *params)
734 {
735 size_t buflen = 0;
736
737 #ifdef CONFIG_WPS
738 if (hapd->wps_probe_resp_ie)
739 buflen += wpabuf_len(hapd->wps_probe_resp_ie);
740 #endif /* CONFIG_WPS */
741 #ifdef CONFIG_P2P
742 if (hapd->p2p_probe_resp_ie)
743 buflen += wpabuf_len(hapd->p2p_probe_resp_ie);
744 #endif /* CONFIG_P2P */
745 #ifdef CONFIG_FST
746 if (hapd->iface->fst_ies)
747 buflen += wpabuf_len(hapd->iface->fst_ies);
748 #endif /* CONFIG_FST */
749 if (hapd->conf->vendor_elements)
750 buflen += wpabuf_len(hapd->conf->vendor_elements);
751 #ifdef CONFIG_TESTING_OPTIONS
752 if (hapd->conf->presp_elements)
753 buflen += wpabuf_len(hapd->conf->presp_elements);
754 #endif /* CONFIG_TESTING_OPTIONS */
755 if (hapd->conf->vendor_vht) {
756 buflen += 5 + 2 + sizeof(struct ieee80211_vht_capabilities) +
757 2 + sizeof(struct ieee80211_vht_operation);
758 }
759
760 buflen += he_elem_len(hapd);
761
762 #ifdef CONFIG_IEEE80211BE
763 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
764 struct hostapd_data *ml_elem_ap =
765 params->mld_ap ? params->mld_ap : hapd;
766
767 buflen += hostapd_eid_eht_capab_len(hapd, IEEE80211_MODE_AP);
768 buflen += 3 + sizeof(struct ieee80211_eht_operation);
769 if (hapd->iconf->punct_bitmap)
770 buflen += EHT_OPER_DISABLED_SUBCHAN_BITMAP_SIZE;
771
772 if (ml_elem_ap->conf->mld_ap) {
773 buflen += hostapd_eid_eht_ml_beacon_len(
774 ml_elem_ap, params->mld_info, !!params->mld_ap);
775
776 /* For Max Channel Switch Time element during channel
777 * switch */
778 buflen += 6;
779 }
780 }
781 #endif /* CONFIG_IEEE80211BE */
782
783 buflen += hostapd_eid_mbssid_len(hapd, WLAN_FC_STYPE_PROBE_RESP, NULL,
784 params->known_bss,
785 params->known_bss_len, NULL);
786 buflen += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_PROBE_RESP, true);
787 buflen += hostapd_mbo_ie_len(hapd);
788 buflen += hostapd_eid_owe_trans_len(hapd);
789 buflen += hostapd_eid_dpp_cc_len(hapd);
790 buflen += hostapd_get_rsne_override_len(hapd);
791 buflen += hostapd_get_rsne_override_2_len(hapd);
792 buflen += hostapd_get_rsnxe_override_len(hapd);
793
794 return buflen;
795 }
796
797
hostapd_probe_resp_fill_elems(struct hostapd_data * hapd,struct probe_resp_params * params,u8 * pos,size_t len)798 static u8 * hostapd_probe_resp_fill_elems(struct hostapd_data *hapd,
799 struct probe_resp_params *params,
800 u8 *pos, size_t len)
801 {
802 u8 *csa_pos;
803 u8 *epos;
804
805 epos = pos + len;
806
807 *pos++ = WLAN_EID_SSID;
808 *pos++ = hapd->conf->ssid.ssid_len;
809 os_memcpy(pos, hapd->conf->ssid.ssid,
810 hapd->conf->ssid.ssid_len);
811 pos += hapd->conf->ssid.ssid_len;
812
813 /* Supported rates */
814 pos = hostapd_eid_supp_rates(hapd, pos);
815
816 /* DS Params */
817 pos = hostapd_eid_ds_params(hapd, pos);
818
819 pos = hostapd_eid_country(hapd, pos, epos - pos);
820
821 /* Power Constraint element */
822 pos = hostapd_eid_pwr_constraint(hapd, pos);
823
824 /* CSA element */
825 csa_pos = hostapd_eid_csa(hapd, pos);
826 if (csa_pos != pos)
827 params->csa_pos = csa_pos - 1;
828 else
829 params->csa_pos = NULL;
830 pos = csa_pos;
831
832 /* ERP Information element */
833 pos = hostapd_eid_erp_info(hapd, pos);
834
835 /* Extended supported rates */
836 pos = hostapd_eid_ext_supp_rates(hapd, pos);
837
838 pos = hostapd_get_rsne(hapd, pos, epos - pos);
839 pos = hostapd_eid_bss_load(hapd, pos, epos - pos);
840 pos = hostapd_eid_mbssid(hapd, pos, epos, WLAN_FC_STYPE_PROBE_RESP, 0,
841 NULL, params->known_bss, params->known_bss_len,
842 NULL, NULL, NULL, 0);
843 pos = hostapd_eid_rm_enabled_capab(hapd, pos, epos - pos);
844 pos = hostapd_get_mde(hapd, pos, epos - pos);
845
846 /* eCSA element */
847 csa_pos = hostapd_eid_ecsa(hapd, pos);
848 if (csa_pos != pos)
849 params->ecsa_pos = csa_pos - 1;
850 else
851 params->ecsa_pos = NULL;
852 pos = csa_pos;
853
854 pos = hostapd_eid_supported_op_classes(hapd, pos);
855 pos = hostapd_eid_ht_capabilities(hapd, pos);
856 pos = hostapd_eid_ht_operation(hapd, pos);
857
858 /* Probe Response frames always include all non-TX profiles except
859 * when a list of known BSSes is included in the Probe Request frame. */
860 pos = hostapd_eid_ext_capab(hapd, pos,
861 hapd->iconf->mbssid >= MBSSID_ENABLED &&
862 !params->known_bss_len);
863
864 pos = hostapd_eid_time_adv(hapd, pos);
865 pos = hostapd_eid_time_zone(hapd, pos);
866
867 pos = hostapd_eid_interworking(hapd, pos);
868 pos = hostapd_eid_adv_proto(hapd, pos);
869 pos = hostapd_eid_roaming_consortium(hapd, pos);
870
871 #ifdef CONFIG_FST
872 if (hapd->iface->fst_ies) {
873 os_memcpy(pos, wpabuf_head(hapd->iface->fst_ies),
874 wpabuf_len(hapd->iface->fst_ies));
875 pos += wpabuf_len(hapd->iface->fst_ies);
876 }
877 #endif /* CONFIG_FST */
878
879 #ifdef CONFIG_IEEE80211AC
880 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac &&
881 !is_6ghz_op_class(hapd->iconf->op_class)) {
882 pos = hostapd_eid_vht_capabilities(hapd, pos, 0);
883 pos = hostapd_eid_vht_operation(hapd, pos);
884 pos = hostapd_eid_txpower_envelope(hapd, pos);
885 }
886 #endif /* CONFIG_IEEE80211AC */
887
888 #ifdef CONFIG_IEEE80211AX
889 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax &&
890 is_6ghz_op_class(hapd->iconf->op_class))
891 pos = hostapd_eid_txpower_envelope(hapd, pos);
892 #endif /* CONFIG_IEEE80211AX */
893
894 pos = hostapd_eid_chsw_wrapper(hapd, pos);
895
896 pos = hostapd_eid_rnr(hapd, pos, WLAN_FC_STYPE_PROBE_RESP, true);
897 pos = hostapd_eid_fils_indic(hapd, pos, 0);
898
899 /* Max Channel Switch Time element */
900 pos = hostapd_eid_max_cs_time(hapd, pos);
901
902 pos = hostapd_get_rsnxe(hapd, pos, epos - pos);
903
904 #ifdef CONFIG_IEEE80211AX
905 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
906 u8 *cca_pos;
907
908 pos = hostapd_eid_he_capab(hapd, pos, IEEE80211_MODE_AP);
909 pos = hostapd_eid_he_operation(hapd, pos);
910
911 /* BSS Color Change Announcement element */
912 cca_pos = hostapd_eid_cca(hapd, pos);
913 if (cca_pos != pos)
914 params->cca_pos = cca_pos - 2;
915 else
916 params->cca_pos = NULL;
917 pos = cca_pos;
918
919 pos = hostapd_eid_spatial_reuse(hapd, pos);
920 pos = hostapd_eid_he_mu_edca_parameter_set(hapd, pos);
921 pos = hostapd_eid_he_6ghz_band_cap(hapd, pos);
922 }
923 #endif /* CONFIG_IEEE80211AX */
924
925 #ifdef CONFIG_IEEE80211BE
926 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
927 struct hostapd_data *ml_elem_ap =
928 params->mld_ap ? params->mld_ap : hapd;
929
930 if (ml_elem_ap->conf->mld_ap)
931 pos = hostapd_eid_eht_ml_beacon(
932 ml_elem_ap, params->mld_info,
933 pos, !!params->mld_ap);
934
935 pos = hostapd_eid_eht_capab(hapd, pos, IEEE80211_MODE_AP);
936 pos = hostapd_eid_eht_operation(hapd, pos);
937 }
938 #endif /* CONFIG_IEEE80211BE */
939
940 #ifdef CONFIG_IEEE80211AC
941 if (hapd->conf->vendor_vht)
942 pos = hostapd_eid_vendor_vht(hapd, pos);
943 #endif /* CONFIG_IEEE80211AC */
944
945 /* WPA */
946 pos = hostapd_get_wpa_ie(hapd, pos, epos - pos);
947
948 /* Wi-Fi Alliance WMM */
949 pos = hostapd_eid_wmm(hapd, pos);
950
951 #ifdef CONFIG_WPS
952 if (hapd->conf->wps_state && hapd->wps_probe_resp_ie) {
953 os_memcpy(pos, wpabuf_head(hapd->wps_probe_resp_ie),
954 wpabuf_len(hapd->wps_probe_resp_ie));
955 pos += wpabuf_len(hapd->wps_probe_resp_ie);
956 }
957 #endif /* CONFIG_WPS */
958
959 #ifdef CONFIG_P2P
960 if ((hapd->conf->p2p & P2P_ENABLED) && params->is_p2p &&
961 hapd->p2p_probe_resp_ie) {
962 os_memcpy(pos, wpabuf_head(hapd->p2p_probe_resp_ie),
963 wpabuf_len(hapd->p2p_probe_resp_ie));
964 pos += wpabuf_len(hapd->p2p_probe_resp_ie);
965 }
966 #endif /* CONFIG_P2P */
967 #ifdef CONFIG_P2P_MANAGER
968 if ((hapd->conf->p2p & (P2P_MANAGE | P2P_ENABLED | P2P_GROUP_OWNER)) ==
969 P2P_MANAGE)
970 pos = hostapd_eid_p2p_manage(hapd, pos);
971 #endif /* CONFIG_P2P_MANAGER */
972
973 #ifdef CONFIG_HS20
974 pos = hostapd_eid_hs20_indication(hapd, pos);
975 #endif /* CONFIG_HS20 */
976
977 pos = hostapd_eid_mbo(hapd, pos, epos - pos);
978 pos = hostapd_eid_owe_trans(hapd, pos, epos - pos);
979 pos = hostapd_eid_dpp_cc(hapd, pos, epos - pos);
980
981 pos = hostapd_get_rsne_override(hapd, pos, epos - pos);
982 pos = hostapd_get_rsne_override_2(hapd, pos, epos - pos);
983 pos = hostapd_get_rsnxe_override(hapd, pos, epos - pos);
984
985 if (hapd->conf->vendor_elements) {
986 os_memcpy(pos, wpabuf_head(hapd->conf->vendor_elements),
987 wpabuf_len(hapd->conf->vendor_elements));
988 pos += wpabuf_len(hapd->conf->vendor_elements);
989 }
990
991 #ifdef CONFIG_TESTING_OPTIONS
992 if (hapd->conf->presp_elements) {
993 os_memcpy(pos, wpabuf_head(hapd->conf->presp_elements),
994 wpabuf_len(hapd->conf->presp_elements));
995 pos += wpabuf_len(hapd->conf->presp_elements);
996 }
997 #endif /* CONFIG_TESTING_OPTIONS */
998
999 return pos;
1000 }
1001
1002
hostapd_gen_probe_resp(struct hostapd_data * hapd,struct probe_resp_params * params)1003 static void hostapd_gen_probe_resp(struct hostapd_data *hapd,
1004 struct probe_resp_params *params)
1005 {
1006 u8 *pos;
1007 size_t buflen;
1008
1009 hapd = hostapd_mbssid_get_tx_bss(hapd);
1010
1011 #define MAX_PROBERESP_LEN 768
1012 buflen = MAX_PROBERESP_LEN;
1013 buflen += hostapd_probe_resp_elems_len(hapd, params);
1014 params->resp = os_zalloc(buflen);
1015 if (!params->resp) {
1016 params->resp_len = 0;
1017 return;
1018 }
1019
1020 params->resp->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
1021 WLAN_FC_STYPE_PROBE_RESP);
1022 /* Unicast the response to all requests on bands other than 6 GHz. For
1023 * the 6 GHz, unicast is used only if the actual SSID is not included in
1024 * the Beacon frames. Otherwise, broadcast response is used per IEEE
1025 * Std 802.11ax-2021, 26.17.2.3.2. Broadcast address is also used for
1026 * the Probe Response frame template for the unsolicited (i.e., not as
1027 * a response to a specific request) case. */
1028 if (params->req && (!is_6ghz_op_class(hapd->iconf->op_class) ||
1029 hapd->conf->ignore_broadcast_ssid))
1030 os_memcpy(params->resp->da, params->req->sa, ETH_ALEN);
1031 else
1032 os_memset(params->resp->da, 0xff, ETH_ALEN);
1033 os_memcpy(params->resp->sa, hapd->own_addr, ETH_ALEN);
1034
1035 os_memcpy(params->resp->bssid, hapd->own_addr, ETH_ALEN);
1036 params->resp->u.probe_resp.beacon_int =
1037 host_to_le16(hapd->iconf->beacon_int);
1038
1039 /* hardware or low-level driver will setup seq_ctrl and timestamp */
1040 params->resp->u.probe_resp.capab_info =
1041 host_to_le16(hostapd_own_capab_info(hapd));
1042
1043 pos = hostapd_probe_resp_fill_elems(hapd, params,
1044 params->resp->u.probe_resp.variable,
1045 buflen);
1046
1047 params->resp_len = pos - (u8 *) params->resp;
1048 }
1049
1050
1051 #ifdef CONFIG_IEEE80211BE
hostapd_fill_probe_resp_ml_params(struct hostapd_data * hapd,struct probe_resp_params * params,const struct ieee80211_mgmt * mgmt,int mld_id,u16 links)1052 static void hostapd_fill_probe_resp_ml_params(struct hostapd_data *hapd,
1053 struct probe_resp_params *params,
1054 const struct ieee80211_mgmt *mgmt,
1055 int mld_id, u16 links)
1056 {
1057 struct hostapd_data *link;
1058
1059 params->mld_ap = NULL;
1060 params->mld_info = os_zalloc(sizeof(*params->mld_info));
1061 if (!params->mld_info)
1062 return;
1063
1064 wpa_printf(MSG_DEBUG,
1065 "MLD: Got ML probe request with AP MLD ID %d for links %04x",
1066 mld_id, links);
1067
1068 for_each_mld_link(link, hapd) {
1069 struct mld_link_info *link_info;
1070 u8 mld_link_id = link->mld_link_id;
1071
1072 /*
1073 * Set mld_ap iff the ML probe request explicitly
1074 * requested a specific MLD ID. In that case, the targeted
1075 * AP may have been a nontransmitted BSSID on the same
1076 * interface.
1077 */
1078 if (mld_id != -1 && link->iface == hapd->iface)
1079 params->mld_ap = link;
1080
1081 /* Never duplicate main Probe Response frame body */
1082 if (link == hapd)
1083 continue;
1084
1085 /* Only include requested links */
1086 if (!(BIT(mld_link_id) & links))
1087 continue;
1088
1089 link_info = ¶ms->mld_info->links[mld_link_id];
1090 os_memcpy(link_info, &hapd->partner_links[mld_link_id],
1091 sizeof(hapd->partner_links[mld_link_id]));
1092
1093 wpa_printf(MSG_DEBUG,
1094 "MLD: ML probe response includes link STA info for %d: %u bytes",
1095 mld_link_id, link_info->resp_sta_profile_len);
1096 }
1097
1098 if (mld_id != -1 && !params->mld_ap) {
1099 wpa_printf(MSG_DEBUG,
1100 "MLD: No nontransmitted BSSID for MLD ID %d",
1101 mld_id);
1102 goto fail;
1103 }
1104
1105 return;
1106
1107 fail:
1108 hostapd_free_probe_resp_params(params);
1109 params->mld_ap = NULL;
1110 params->mld_info = NULL;
1111 }
1112 #endif /* CONFIG_IEEE80211BE */
1113
1114
1115 enum ssid_match_result {
1116 NO_SSID_MATCH,
1117 EXACT_SSID_MATCH,
1118 WILDCARD_SSID_MATCH,
1119 CO_LOCATED_SSID_MATCH,
1120 };
1121
ssid_match(struct hostapd_data * hapd,const u8 * ssid,size_t ssid_len,const u8 * ssid_list,size_t ssid_list_len,const u8 * short_ssid_list,size_t short_ssid_list_len)1122 static enum ssid_match_result ssid_match(struct hostapd_data *hapd,
1123 const u8 *ssid, size_t ssid_len,
1124 const u8 *ssid_list,
1125 size_t ssid_list_len,
1126 const u8 *short_ssid_list,
1127 size_t short_ssid_list_len)
1128 {
1129 const u8 *pos, *end;
1130 struct hostapd_iface *iface = hapd->iface;
1131 int wildcard = 0;
1132 size_t i, j;
1133
1134 if (ssid_len == 0)
1135 wildcard = 1;
1136 if (ssid_len == hapd->conf->ssid.ssid_len &&
1137 os_memcmp(ssid, hapd->conf->ssid.ssid, ssid_len) == 0)
1138 return EXACT_SSID_MATCH;
1139
1140 if (ssid_list) {
1141 pos = ssid_list;
1142 end = ssid_list + ssid_list_len;
1143 while (end - pos >= 2) {
1144 if (2 + pos[1] > end - pos)
1145 break;
1146 if (pos[1] == 0)
1147 wildcard = 1;
1148 if (pos[1] == hapd->conf->ssid.ssid_len &&
1149 os_memcmp(pos + 2, hapd->conf->ssid.ssid,
1150 pos[1]) == 0)
1151 return EXACT_SSID_MATCH;
1152 pos += 2 + pos[1];
1153 }
1154 }
1155
1156 if (short_ssid_list) {
1157 pos = short_ssid_list;
1158 end = short_ssid_list + short_ssid_list_len;
1159 while (end - pos >= 4) {
1160 if (hapd->conf->ssid.short_ssid == WPA_GET_LE32(pos))
1161 return EXACT_SSID_MATCH;
1162 pos += 4;
1163 }
1164 }
1165
1166 if (wildcard)
1167 return WILDCARD_SSID_MATCH;
1168
1169 if (!iface->interfaces || iface->interfaces->count <= 1 ||
1170 is_6ghz_op_class(hapd->iconf->op_class))
1171 return NO_SSID_MATCH;
1172
1173 for (i = 0; i < iface->interfaces->count; i++) {
1174 struct hostapd_iface *colocated;
1175
1176 colocated = iface->interfaces->iface[i];
1177
1178 if (colocated == iface ||
1179 !is_6ghz_op_class(colocated->conf->op_class))
1180 continue;
1181
1182 for (j = 0; j < colocated->num_bss; j++) {
1183 struct hostapd_bss_config *conf;
1184
1185 conf = colocated->bss[j]->conf;
1186 if (ssid_len == conf->ssid.ssid_len &&
1187 os_memcmp(ssid, conf->ssid.ssid, ssid_len) == 0)
1188 return CO_LOCATED_SSID_MATCH;
1189 }
1190 }
1191
1192 return NO_SSID_MATCH;
1193 }
1194
1195
sta_track_expire(struct hostapd_iface * iface,int force)1196 void sta_track_expire(struct hostapd_iface *iface, int force)
1197 {
1198 struct os_reltime now;
1199 struct hostapd_sta_info *info;
1200
1201 if (!iface->num_sta_seen)
1202 return;
1203
1204 os_get_reltime(&now);
1205 while ((info = dl_list_first(&iface->sta_seen, struct hostapd_sta_info,
1206 list))) {
1207 if (!force &&
1208 !os_reltime_expired(&now, &info->last_seen,
1209 iface->conf->track_sta_max_age))
1210 break;
1211 force = 0;
1212
1213 wpa_printf(MSG_MSGDUMP, "%s: Expire STA tracking entry for "
1214 MACSTR, iface->bss[0]->conf->iface,
1215 MAC2STR(info->addr));
1216 dl_list_del(&info->list);
1217 iface->num_sta_seen--;
1218 sta_track_del(info);
1219 }
1220 }
1221
1222
sta_track_get(struct hostapd_iface * iface,const u8 * addr)1223 static struct hostapd_sta_info * sta_track_get(struct hostapd_iface *iface,
1224 const u8 *addr)
1225 {
1226 struct hostapd_sta_info *info;
1227
1228 dl_list_for_each(info, &iface->sta_seen, struct hostapd_sta_info, list)
1229 if (ether_addr_equal(addr, info->addr))
1230 return info;
1231
1232 return NULL;
1233 }
1234
1235
sta_track_add(struct hostapd_iface * iface,const u8 * addr,int ssi_signal)1236 void sta_track_add(struct hostapd_iface *iface, const u8 *addr, int ssi_signal)
1237 {
1238 struct hostapd_sta_info *info;
1239
1240 info = sta_track_get(iface, addr);
1241 if (info) {
1242 /* Move the most recent entry to the end of the list */
1243 dl_list_del(&info->list);
1244 dl_list_add_tail(&iface->sta_seen, &info->list);
1245 os_get_reltime(&info->last_seen);
1246 info->ssi_signal = ssi_signal;
1247 return;
1248 }
1249
1250 /* Add a new entry */
1251 info = os_zalloc(sizeof(*info));
1252 if (info == NULL)
1253 return;
1254 os_memcpy(info->addr, addr, ETH_ALEN);
1255 os_get_reltime(&info->last_seen);
1256 info->ssi_signal = ssi_signal;
1257
1258 if (iface->num_sta_seen >= iface->conf->track_sta_max_num) {
1259 /* Expire oldest entry to make room for a new one */
1260 sta_track_expire(iface, 1);
1261 }
1262
1263 wpa_printf(MSG_MSGDUMP, "%s: Add STA tracking entry for "
1264 MACSTR, iface->bss[0]->conf->iface, MAC2STR(addr));
1265 dl_list_add_tail(&iface->sta_seen, &info->list);
1266 iface->num_sta_seen++;
1267 }
1268
1269
1270 struct hostapd_data *
sta_track_seen_on(struct hostapd_iface * iface,const u8 * addr,const char * ifname)1271 sta_track_seen_on(struct hostapd_iface *iface, const u8 *addr,
1272 const char *ifname)
1273 {
1274 struct hapd_interfaces *interfaces = iface->interfaces;
1275 size_t i, j;
1276
1277 for (i = 0; i < interfaces->count; i++) {
1278 struct hostapd_data *hapd = NULL;
1279
1280 iface = interfaces->iface[i];
1281 for (j = 0; j < iface->num_bss; j++) {
1282 hapd = iface->bss[j];
1283 if (os_strcmp(ifname, hapd->conf->iface) == 0)
1284 break;
1285 hapd = NULL;
1286 }
1287
1288 if (hapd && sta_track_get(iface, addr))
1289 return hapd;
1290 }
1291
1292 return NULL;
1293 }
1294
1295
1296 #ifdef CONFIG_TAXONOMY
sta_track_claim_taxonomy_info(struct hostapd_iface * iface,const u8 * addr,struct wpabuf ** probe_ie_taxonomy)1297 void sta_track_claim_taxonomy_info(struct hostapd_iface *iface, const u8 *addr,
1298 struct wpabuf **probe_ie_taxonomy)
1299 {
1300 struct hostapd_sta_info *info;
1301
1302 info = sta_track_get(iface, addr);
1303 if (!info)
1304 return;
1305
1306 wpabuf_free(*probe_ie_taxonomy);
1307 *probe_ie_taxonomy = info->probe_ie_taxonomy;
1308 info->probe_ie_taxonomy = NULL;
1309 }
1310 #endif /* CONFIG_TAXONOMY */
1311
1312
1313 #ifdef CONFIG_IEEE80211BE
parse_ml_probe_req(const struct ieee80211_eht_ml * ml,size_t ml_len,int * mld_id,u16 * links)1314 static bool parse_ml_probe_req(const struct ieee80211_eht_ml *ml, size_t ml_len,
1315 int *mld_id, u16 *links)
1316 {
1317 u16 ml_control;
1318 const struct element *sub;
1319 const u8 *pos;
1320 size_t len;
1321
1322 *mld_id = -1;
1323 *links = 0xffff;
1324
1325 if (ml_len < sizeof(struct ieee80211_eht_ml))
1326 return false;
1327
1328 ml_control = le_to_host16(ml->ml_control);
1329 if ((ml_control & MULTI_LINK_CONTROL_TYPE_MASK) !=
1330 MULTI_LINK_CONTROL_TYPE_PROBE_REQ) {
1331 wpa_printf(MSG_DEBUG, "MLD: Not an ML probe req");
1332 return false;
1333 }
1334
1335 if (sizeof(struct ieee80211_eht_ml) + 1 > ml_len) {
1336 wpa_printf(MSG_DEBUG, "MLD: ML probe req too short");
1337 return false;
1338 }
1339
1340 pos = ml->variable;
1341 len = pos[0];
1342 if (len < 1 || sizeof(struct ieee80211_eht_ml) + len > ml_len) {
1343 wpa_printf(MSG_DEBUG,
1344 "MLD: ML probe request with invalid length");
1345 return false;
1346 }
1347
1348 if (ml_control & EHT_ML_PRES_BM_PROBE_REQ_AP_MLD_ID) {
1349 if (len < 2) {
1350 wpa_printf(MSG_DEBUG,
1351 "MLD: ML probe req too short for MLD ID");
1352 return false;
1353 }
1354
1355 *mld_id = pos[1];
1356 }
1357 pos += len;
1358
1359 /* Parse subelements (if there are any) */
1360 len = ml_len - len - sizeof(struct ieee80211_eht_ml);
1361 for_each_element_id(sub, 0, pos, len) {
1362 const struct ieee80211_eht_per_sta_profile *sta;
1363 u16 sta_control;
1364
1365 if (*links == 0xffff)
1366 *links = 0;
1367
1368 if (sub->datalen <
1369 sizeof(struct ieee80211_eht_per_sta_profile)) {
1370 wpa_printf(MSG_DEBUG,
1371 "MLD: ML probe req %d too short for sta profile",
1372 sub->datalen);
1373 return false;
1374 }
1375
1376 sta = (struct ieee80211_eht_per_sta_profile *) sub->data;
1377
1378 /*
1379 * Extract the link ID, do not return whether a complete or
1380 * partial profile was requested.
1381 */
1382 sta_control = le_to_host16(sta->sta_control);
1383 *links |= BIT(sta_control & EHT_PER_STA_CTRL_LINK_ID_MSK);
1384 }
1385
1386 if (!for_each_element_completed(sub, pos, len)) {
1387 wpa_printf(MSG_DEBUG,
1388 "MLD: ML probe req sub-elements parsing error");
1389 return false;
1390 }
1391
1392 return true;
1393 }
1394 #endif /* CONFIG_IEEE80211BE */
1395
1396
handle_probe_req(struct hostapd_data * hapd,const struct ieee80211_mgmt * mgmt,size_t len,int ssi_signal)1397 void handle_probe_req(struct hostapd_data *hapd,
1398 const struct ieee80211_mgmt *mgmt, size_t len,
1399 int ssi_signal)
1400 {
1401 struct ieee802_11_elems elems;
1402 const u8 *ie;
1403 size_t ie_len;
1404 size_t i;
1405 int noack;
1406 enum ssid_match_result res;
1407 int ret;
1408 u16 csa_offs[2];
1409 size_t csa_offs_len;
1410 struct radius_sta rad_info;
1411 struct probe_resp_params params;
1412 char *hex = NULL;
1413 #ifdef CONFIG_IEEE80211BE
1414 int mld_id;
1415 u16 links;
1416 #endif /* CONFIG_IEEE80211BE */
1417
1418 if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
1419 ssi_signal < hapd->iconf->rssi_ignore_probe_request)
1420 return;
1421
1422 if (len < IEEE80211_HDRLEN)
1423 return;
1424 ie = ((const u8 *) mgmt) + IEEE80211_HDRLEN;
1425 if (hapd->iconf->track_sta_max_num)
1426 sta_track_add(hapd->iface, mgmt->sa, ssi_signal);
1427 ie_len = len - IEEE80211_HDRLEN;
1428
1429 ret = hostapd_allowed_address(hapd, mgmt->sa, (const u8 *) mgmt, len,
1430 &rad_info, 1);
1431 if (ret == HOSTAPD_ACL_REJECT) {
1432 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
1433 "Ignore Probe Request frame from " MACSTR
1434 " due to ACL reject ", MAC2STR(mgmt->sa));
1435 return;
1436 }
1437
1438 for (i = 0; hapd->probereq_cb && i < hapd->num_probereq_cb; i++)
1439 if (hapd->probereq_cb[i].cb(hapd->probereq_cb[i].ctx,
1440 mgmt->sa, mgmt->da, mgmt->bssid,
1441 ie, ie_len, ssi_signal) > 0)
1442 return;
1443
1444 if (!hapd->conf->send_probe_response)
1445 return;
1446
1447 if (ieee802_11_parse_elems(ie, ie_len, &elems, 0) == ParseFailed) {
1448 wpa_printf(MSG_DEBUG, "Could not parse ProbeReq from " MACSTR,
1449 MAC2STR(mgmt->sa));
1450 return;
1451 }
1452
1453 if ((!elems.ssid || !elems.supp_rates)) {
1454 wpa_printf(MSG_DEBUG, "STA " MACSTR " sent probe request "
1455 "without SSID or supported rates element",
1456 MAC2STR(mgmt->sa));
1457 return;
1458 }
1459
1460 /*
1461 * No need to reply if the Probe Request frame was sent on an adjacent
1462 * channel. IEEE Std 802.11-2012 describes this as a requirement for an
1463 * AP with dot11RadioMeasurementActivated set to true, but strictly
1464 * speaking does not allow such ignoring of Probe Request frames if
1465 * dot11RadioMeasurementActivated is false. Anyway, this can help reduce
1466 * number of unnecessary Probe Response frames for cases where the STA
1467 * is less likely to see them (Probe Request frame sent on a
1468 * neighboring, but partially overlapping, channel).
1469 */
1470 if (elems.ds_params &&
1471 hapd->iface->current_mode &&
1472 (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G ||
1473 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211B) &&
1474 hapd->iconf->channel != elems.ds_params[0]) {
1475 wpa_printf(MSG_DEBUG,
1476 "Ignore Probe Request due to DS Params mismatch: chan=%u != ds.chan=%u",
1477 hapd->iconf->channel, elems.ds_params[0]);
1478 return;
1479 }
1480
1481 #ifdef CONFIG_P2P
1482 if (hapd->p2p && hapd->p2p_group && elems.wps_ie) {
1483 struct wpabuf *wps;
1484 wps = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA);
1485 if (wps && !p2p_group_match_dev_type(hapd->p2p_group, wps)) {
1486 wpa_printf(MSG_MSGDUMP, "P2P: Ignore Probe Request "
1487 "due to mismatch with Requested Device "
1488 "Type");
1489 wpabuf_free(wps);
1490 return;
1491 }
1492 wpabuf_free(wps);
1493 }
1494
1495 if (hapd->p2p && hapd->p2p_group && elems.p2p) {
1496 struct wpabuf *p2p;
1497 p2p = ieee802_11_vendor_ie_concat(ie, ie_len, P2P_IE_VENDOR_TYPE);
1498 if (p2p && !p2p_group_match_dev_id(hapd->p2p_group, p2p)) {
1499 wpa_printf(MSG_MSGDUMP, "P2P: Ignore Probe Request "
1500 "due to mismatch with Device ID");
1501 wpabuf_free(p2p);
1502 return;
1503 }
1504 wpabuf_free(p2p);
1505 }
1506 #endif /* CONFIG_P2P */
1507
1508 if (hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0 &&
1509 elems.ssid_list_len == 0 && elems.short_ssid_list_len == 0) {
1510 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for "
1511 "broadcast SSID ignored", MAC2STR(mgmt->sa));
1512 return;
1513 }
1514
1515 #ifdef CONFIG_P2P
1516 if ((hapd->conf->p2p & P2P_GROUP_OWNER) &&
1517 elems.ssid_len == P2P_WILDCARD_SSID_LEN &&
1518 os_memcmp(elems.ssid, P2P_WILDCARD_SSID,
1519 P2P_WILDCARD_SSID_LEN) == 0) {
1520 /* Process P2P Wildcard SSID like Wildcard SSID */
1521 elems.ssid_len = 0;
1522 }
1523 #endif /* CONFIG_P2P */
1524
1525 #ifdef CONFIG_TAXONOMY
1526 {
1527 struct sta_info *sta;
1528 struct hostapd_sta_info *info;
1529
1530 if ((sta = ap_get_sta(hapd, mgmt->sa)) != NULL) {
1531 taxonomy_sta_info_probe_req(hapd, sta, ie, ie_len);
1532 } else if ((info = sta_track_get(hapd->iface,
1533 mgmt->sa)) != NULL) {
1534 taxonomy_hostapd_sta_info_probe_req(hapd, info,
1535 ie, ie_len);
1536 }
1537 }
1538 #endif /* CONFIG_TAXONOMY */
1539
1540 res = ssid_match(hapd, elems.ssid, elems.ssid_len,
1541 elems.ssid_list, elems.ssid_list_len,
1542 elems.short_ssid_list, elems.short_ssid_list_len);
1543 if (res == NO_SSID_MATCH) {
1544 if (!(mgmt->da[0] & 0x01)) {
1545 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR
1546 " for foreign SSID '%s' (DA " MACSTR ")%s",
1547 MAC2STR(mgmt->sa),
1548 wpa_ssid_txt(elems.ssid, elems.ssid_len),
1549 MAC2STR(mgmt->da),
1550 elems.ssid_list ? " (SSID list)" : "");
1551 }
1552 return;
1553 }
1554
1555 if (hapd->conf->ignore_broadcast_ssid && res == WILDCARD_SSID_MATCH) {
1556 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " for "
1557 "broadcast SSID ignored", MAC2STR(mgmt->sa));
1558 return;
1559 }
1560
1561 #ifdef CONFIG_INTERWORKING
1562 if (hapd->conf->interworking &&
1563 elems.interworking && elems.interworking_len >= 1) {
1564 u8 ant = elems.interworking[0] & 0x0f;
1565 if (ant != INTERWORKING_ANT_WILDCARD &&
1566 ant != hapd->conf->access_network_type) {
1567 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR
1568 " for mismatching ANT %u ignored",
1569 MAC2STR(mgmt->sa), ant);
1570 return;
1571 }
1572 }
1573
1574 if (hapd->conf->interworking && elems.interworking &&
1575 (elems.interworking_len == 7 || elems.interworking_len == 9)) {
1576 const u8 *hessid;
1577 if (elems.interworking_len == 7)
1578 hessid = elems.interworking + 1;
1579 else
1580 hessid = elems.interworking + 1 + 2;
1581 if (!is_broadcast_ether_addr(hessid) &&
1582 !ether_addr_equal(hessid, hapd->conf->hessid)) {
1583 wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR
1584 " for mismatching HESSID " MACSTR
1585 " ignored",
1586 MAC2STR(mgmt->sa), MAC2STR(hessid));
1587 return;
1588 }
1589 }
1590 #endif /* CONFIG_INTERWORKING */
1591
1592 #ifdef CONFIG_P2P
1593 if ((hapd->conf->p2p & P2P_GROUP_OWNER) &&
1594 supp_rates_11b_only(&elems)) {
1595 /* Indicates support for 11b rates only */
1596 wpa_printf(MSG_EXCESSIVE, "P2P: Ignore Probe Request from "
1597 MACSTR " with only 802.11b rates",
1598 MAC2STR(mgmt->sa));
1599 return;
1600 }
1601 #endif /* CONFIG_P2P */
1602
1603 /* TODO: verify that supp_rates contains at least one matching rate
1604 * with AP configuration */
1605
1606 if (hapd->conf->no_probe_resp_if_seen_on &&
1607 is_multicast_ether_addr(mgmt->da) &&
1608 is_multicast_ether_addr(mgmt->bssid) &&
1609 sta_track_seen_on(hapd->iface, mgmt->sa,
1610 hapd->conf->no_probe_resp_if_seen_on)) {
1611 wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR
1612 " since STA has been seen on %s",
1613 hapd->conf->iface, MAC2STR(mgmt->sa),
1614 hapd->conf->no_probe_resp_if_seen_on);
1615 return;
1616 }
1617
1618 if (hapd->conf->no_probe_resp_if_max_sta &&
1619 is_multicast_ether_addr(mgmt->da) &&
1620 is_multicast_ether_addr(mgmt->bssid) &&
1621 hapd->num_sta >= hapd->conf->max_num_sta &&
1622 !ap_get_sta(hapd, mgmt->sa)) {
1623 wpa_printf(MSG_MSGDUMP, "%s: Ignore Probe Request from " MACSTR
1624 " since no room for additional STA",
1625 hapd->conf->iface, MAC2STR(mgmt->sa));
1626 return;
1627 }
1628
1629 #ifdef CONFIG_TESTING_OPTIONS
1630 if (hapd->iconf->ignore_probe_probability > 0.0 &&
1631 drand48() < hapd->iconf->ignore_probe_probability) {
1632 wpa_printf(MSG_INFO,
1633 "TESTING: ignoring probe request from " MACSTR,
1634 MAC2STR(mgmt->sa));
1635 return;
1636 }
1637 #endif /* CONFIG_TESTING_OPTIONS */
1638
1639 /* Do not send Probe Response frame from a non-transmitting multiple
1640 * BSSID profile unless the Probe Request frame is directed at that
1641 * particular BSS. */
1642 if (hapd != hostapd_mbssid_get_tx_bss(hapd) && res != EXACT_SSID_MATCH)
1643 return;
1644
1645 if (hapd->conf->notify_mgmt_frames) {
1646 size_t hex_len;
1647
1648 hex_len = len * 2 + 1;
1649 hex = os_malloc(hex_len);
1650 if (hex)
1651 wpa_snprintf_hex(hex, hex_len, (const u8 *) mgmt, len);
1652 }
1653
1654 wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO, RX_PROBE_REQUEST "sa=" MACSTR
1655 " signal=%d%s%s", MAC2STR(mgmt->sa), ssi_signal,
1656 hex ? " buf=" : "", hex ? hex : "");
1657
1658 os_free(hex);
1659
1660 os_memset(¶ms, 0, sizeof(params));
1661
1662 #ifdef CONFIG_IEEE80211BE
1663 if (hapd->conf->mld_ap && elems.probe_req_mle &&
1664 parse_ml_probe_req((struct ieee80211_eht_ml *) elems.probe_req_mle,
1665 elems.probe_req_mle_len, &mld_id, &links)) {
1666 hostapd_fill_probe_resp_ml_params(hapd, ¶ms, mgmt,
1667 mld_id, links);
1668 }
1669 #endif /* CONFIG_IEEE80211BE */
1670
1671 params.req = mgmt;
1672 params.is_p2p = !!elems.p2p;
1673 params.known_bss = elems.mbssid_known_bss;
1674 params.known_bss_len = elems.mbssid_known_bss_len;
1675
1676 hostapd_gen_probe_resp(hapd, ¶ms);
1677
1678 hostapd_free_probe_resp_params(¶ms);
1679
1680 if (!params.resp)
1681 return;
1682
1683 /*
1684 * If this is a broadcast probe request, apply no ack policy to avoid
1685 * excessive retries.
1686 */
1687 noack = !!(res == WILDCARD_SSID_MATCH &&
1688 is_broadcast_ether_addr(mgmt->da));
1689
1690 csa_offs_len = 0;
1691 if (hapd->csa_in_progress) {
1692 if (params.csa_pos)
1693 csa_offs[csa_offs_len++] =
1694 params.csa_pos - (u8 *) params.resp;
1695
1696 if (params.ecsa_pos)
1697 csa_offs[csa_offs_len++] =
1698 params.ecsa_pos - (u8 *) params.resp;
1699 }
1700
1701 ret = hostapd_drv_send_mlme(hapd, params.resp, params.resp_len, noack,
1702 csa_offs_len ? csa_offs : NULL,
1703 csa_offs_len, 0);
1704
1705 if (ret < 0)
1706 wpa_printf(MSG_INFO, "handle_probe_req: send failed");
1707
1708 os_free(params.resp);
1709
1710 wpa_printf(MSG_EXCESSIVE, "STA " MACSTR " sent probe request for %s "
1711 "SSID", MAC2STR(mgmt->sa),
1712 elems.ssid_len == 0 ? "broadcast" : "our");
1713 }
1714
1715
hostapd_probe_resp_offloads(struct hostapd_data * hapd,size_t * resp_len)1716 static u8 * hostapd_probe_resp_offloads(struct hostapd_data *hapd,
1717 size_t *resp_len)
1718 {
1719 struct probe_resp_params params;
1720
1721 /* check probe response offloading caps and print warnings */
1722 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_PROBE_RESP_OFFLOAD))
1723 return NULL;
1724
1725 #ifdef CONFIG_WPS
1726 if (hapd->conf->wps_state && hapd->wps_probe_resp_ie &&
1727 (!(hapd->iface->probe_resp_offloads &
1728 (WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS |
1729 WPA_DRIVER_PROBE_RESP_OFFLOAD_WPS2))))
1730 wpa_printf(MSG_WARNING, "Device is trying to offload WPS "
1731 "Probe Response while not supporting this");
1732 #endif /* CONFIG_WPS */
1733
1734 #ifdef CONFIG_P2P
1735 if ((hapd->conf->p2p & P2P_ENABLED) && hapd->p2p_probe_resp_ie &&
1736 !(hapd->iface->probe_resp_offloads &
1737 WPA_DRIVER_PROBE_RESP_OFFLOAD_P2P))
1738 wpa_printf(MSG_WARNING, "Device is trying to offload P2P "
1739 "Probe Response while not supporting this");
1740 #endif /* CONFIG_P2P */
1741
1742 if (hapd->conf->interworking &&
1743 !(hapd->iface->probe_resp_offloads &
1744 WPA_DRIVER_PROBE_RESP_OFFLOAD_INTERWORKING))
1745 wpa_printf(MSG_WARNING, "Device is trying to offload "
1746 "Interworking Probe Response while not supporting "
1747 "this");
1748
1749 /* Generate a Probe Response template for the non-P2P case */
1750 os_memset(¶ms, 0, sizeof(params));
1751 params.req = NULL;
1752 params.is_p2p = false;
1753 params.known_bss = NULL;
1754 params.known_bss_len = 0;
1755 params.mld_ap = NULL;
1756 params.mld_info = NULL;
1757
1758 hostapd_gen_probe_resp(hapd, ¶ms);
1759 *resp_len = params.resp_len;
1760 if (!params.resp)
1761 return NULL;
1762
1763 /* TODO: Avoid passing these through struct hostapd_data */
1764 if (params.csa_pos)
1765 hapd->cs_c_off_proberesp = params.csa_pos - (u8 *) params.resp;
1766 if (params.ecsa_pos)
1767 hapd->cs_c_off_ecsa_proberesp = params.ecsa_pos -
1768 (u8 *) params.resp;
1769 #ifdef CONFIG_IEEE80211AX
1770 if (params.cca_pos)
1771 hapd->cca_c_off_proberesp = params.cca_pos - (u8 *) params.resp;
1772 #endif /* CONFIG_IEEE80211AX */
1773
1774 return (u8 *) params.resp;
1775 }
1776
1777 #endif /* NEED_AP_MLME */
1778
1779
1780 #ifdef CONFIG_IEEE80211AX
1781 /* Unsolicited broadcast Probe Response transmission, 6 GHz only */
hostapd_unsol_bcast_probe_resp(struct hostapd_data * hapd,struct unsol_bcast_probe_resp * ubpr)1782 u8 * hostapd_unsol_bcast_probe_resp(struct hostapd_data *hapd,
1783 struct unsol_bcast_probe_resp *ubpr)
1784 {
1785 struct probe_resp_params probe_params;
1786
1787 if (!is_6ghz_op_class(hapd->iconf->op_class))
1788 return NULL;
1789
1790 ubpr->unsol_bcast_probe_resp_interval =
1791 hapd->conf->unsol_bcast_probe_resp_interval;
1792
1793 os_memset(&probe_params, 0, sizeof(probe_params));
1794 probe_params.req = NULL;
1795 probe_params.is_p2p = false;
1796 probe_params.known_bss = NULL;
1797 probe_params.known_bss_len = 0;
1798 probe_params.mld_ap = NULL;
1799 probe_params.mld_info = NULL;
1800
1801 hostapd_gen_probe_resp(hapd, &probe_params);
1802 ubpr->unsol_bcast_probe_resp_tmpl_len = probe_params.resp_len;
1803 return (u8 *) probe_params.resp;
1804 }
1805 #endif /* CONFIG_IEEE80211AX */
1806
1807
sta_track_del(struct hostapd_sta_info * info)1808 void sta_track_del(struct hostapd_sta_info *info)
1809 {
1810 #ifdef CONFIG_TAXONOMY
1811 wpabuf_free(info->probe_ie_taxonomy);
1812 info->probe_ie_taxonomy = NULL;
1813 #endif /* CONFIG_TAXONOMY */
1814 os_free(info);
1815 }
1816
1817
1818 #ifdef CONFIG_FILS
1819
hostapd_gen_fils_discovery_phy_index(struct hostapd_data * hapd)1820 static u16 hostapd_gen_fils_discovery_phy_index(struct hostapd_data *hapd)
1821 {
1822 #ifdef CONFIG_IEEE80211BE
1823 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be)
1824 return FD_CAP_PHY_INDEX_EHT;
1825 #endif /* CONFIG_IEEE80211BE */
1826
1827 #ifdef CONFIG_IEEE80211AX
1828 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax)
1829 return FD_CAP_PHY_INDEX_HE;
1830 #endif /* CONFIG_IEEE80211AX */
1831
1832 #ifdef CONFIG_IEEE80211AC
1833 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac)
1834 return FD_CAP_PHY_INDEX_VHT;
1835 #endif /* CONFIG_IEEE80211AC */
1836
1837 if (hapd->iconf->ieee80211n && !hapd->conf->disable_11n)
1838 return FD_CAP_PHY_INDEX_HT;
1839
1840 return 0;
1841 }
1842
1843
hostapd_gen_fils_discovery_nss(struct hostapd_hw_modes * mode,u16 phy_index,u8 he_mcs_nss_size)1844 static u16 hostapd_gen_fils_discovery_nss(struct hostapd_hw_modes *mode,
1845 u16 phy_index, u8 he_mcs_nss_size)
1846 {
1847 u16 nss = 0;
1848
1849 if (!mode)
1850 return 0;
1851
1852 if (phy_index == FD_CAP_PHY_INDEX_HE) {
1853 const u8 *he_mcs = mode->he_capab[IEEE80211_MODE_AP].mcs;
1854 int i;
1855 u16 mcs[6];
1856
1857 os_memset(mcs, 0xff, 6 * sizeof(u16));
1858
1859 if (he_mcs_nss_size == 4) {
1860 mcs[0] = WPA_GET_LE16(&he_mcs[0]);
1861 mcs[1] = WPA_GET_LE16(&he_mcs[2]);
1862 }
1863
1864 if (he_mcs_nss_size == 8) {
1865 mcs[2] = WPA_GET_LE16(&he_mcs[4]);
1866 mcs[3] = WPA_GET_LE16(&he_mcs[6]);
1867 }
1868
1869 if (he_mcs_nss_size == 12) {
1870 mcs[4] = WPA_GET_LE16(&he_mcs[8]);
1871 mcs[5] = WPA_GET_LE16(&he_mcs[10]);
1872 }
1873
1874 for (i = 0; i < HE_NSS_MAX_STREAMS; i++) {
1875 u16 nss_mask = 0x3 << (i * 2);
1876
1877 /*
1878 * If Tx and/or Rx indicate support for a given NSS,
1879 * count it towards the maximum NSS.
1880 */
1881 if (he_mcs_nss_size == 4 &&
1882 (((mcs[0] & nss_mask) != nss_mask) ||
1883 ((mcs[1] & nss_mask) != nss_mask))) {
1884 nss++;
1885 continue;
1886 }
1887
1888 if (he_mcs_nss_size == 8 &&
1889 (((mcs[2] & nss_mask) != nss_mask) ||
1890 ((mcs[3] & nss_mask) != nss_mask))) {
1891 nss++;
1892 continue;
1893 }
1894
1895 if (he_mcs_nss_size == 12 &&
1896 (((mcs[4] & nss_mask) != nss_mask) ||
1897 ((mcs[5] & nss_mask) != nss_mask))) {
1898 nss++;
1899 continue;
1900 }
1901 }
1902 } else if (phy_index == FD_CAP_PHY_INDEX_EHT) {
1903 u8 rx_nss, tx_nss, max_nss = 0, i;
1904 u8 *mcs = mode->eht_capab[IEEE80211_MODE_AP].mcs;
1905
1906 /*
1907 * The Supported EHT-MCS And NSS Set field for the AP contains
1908 * one to three EHT-MCS Map fields based on the supported
1909 * bandwidth. Check the first byte (max NSS for Rx/Tx that
1910 * supports EHT-MCS 0-9) for each bandwidth (<= 80,
1911 * 160, 320) to find the maximum NSS. This assumes that
1912 * the lowest MCS rates support the largest number of spatial
1913 * streams. If values are different between Tx, Rx or the
1914 * bandwidths, choose the highest value.
1915 */
1916 for (i = 0; i < 3; i++) {
1917 rx_nss = mcs[3 * i] & 0x0F;
1918 if (rx_nss > max_nss)
1919 max_nss = rx_nss;
1920
1921 tx_nss = (mcs[3 * i] & 0xF0) >> 4;
1922 if (tx_nss > max_nss)
1923 max_nss = tx_nss;
1924 }
1925
1926 nss = max_nss;
1927 }
1928
1929 if (nss > 4)
1930 return FD_CAP_NSS_5_8 << FD_CAP_NSS_SHIFT;
1931 if (nss)
1932 return (nss - 1) << FD_CAP_NSS_SHIFT;
1933
1934 return 0;
1935 }
1936
1937
hostapd_fils_discovery_cap(struct hostapd_data * hapd)1938 static u16 hostapd_fils_discovery_cap(struct hostapd_data *hapd)
1939 {
1940 u16 cap_info, phy_index;
1941 u8 chwidth = FD_CAP_BSS_CHWIDTH_20, he_mcs_nss_size = 4;
1942 struct hostapd_hw_modes *mode = hapd->iface->current_mode;
1943
1944 cap_info = FD_CAP_ESS;
1945 if (hapd->conf->wpa)
1946 cap_info |= FD_CAP_PRIVACY;
1947
1948 if (is_6ghz_op_class(hapd->iconf->op_class)) {
1949 switch (hapd->iconf->op_class) {
1950 case 137:
1951 chwidth = FD_CAP_BSS_CHWIDTH_320;
1952 break;
1953 case 135:
1954 he_mcs_nss_size += 4;
1955 /* fallthrough */
1956 case 134:
1957 he_mcs_nss_size += 4;
1958 chwidth = FD_CAP_BSS_CHWIDTH_160_80_80;
1959 break;
1960 case 133:
1961 chwidth = FD_CAP_BSS_CHWIDTH_80;
1962 break;
1963 case 132:
1964 chwidth = FD_CAP_BSS_CHWIDTH_40;
1965 break;
1966 }
1967 } else {
1968 switch (hostapd_get_oper_chwidth(hapd->iconf)) {
1969 case CONF_OPER_CHWIDTH_80P80MHZ:
1970 he_mcs_nss_size += 4;
1971 /* fallthrough */
1972 case CONF_OPER_CHWIDTH_160MHZ:
1973 he_mcs_nss_size += 4;
1974 chwidth = FD_CAP_BSS_CHWIDTH_160_80_80;
1975 break;
1976 case CONF_OPER_CHWIDTH_80MHZ:
1977 chwidth = FD_CAP_BSS_CHWIDTH_80;
1978 break;
1979 case CONF_OPER_CHWIDTH_USE_HT:
1980 if (hapd->iconf->secondary_channel)
1981 chwidth = FD_CAP_BSS_CHWIDTH_40;
1982 else
1983 chwidth = FD_CAP_BSS_CHWIDTH_20;
1984 break;
1985 default:
1986 break;
1987 }
1988 }
1989
1990 phy_index = hostapd_gen_fils_discovery_phy_index(hapd);
1991 cap_info |= phy_index << FD_CAP_PHY_INDEX_SHIFT;
1992 cap_info |= chwidth << FD_CAP_BSS_CHWIDTH_SHIFT;
1993 cap_info |= hostapd_gen_fils_discovery_nss(mode, phy_index,
1994 he_mcs_nss_size);
1995 return cap_info;
1996 }
1997
1998
hostapd_gen_fils_discovery(struct hostapd_data * hapd,size_t * len)1999 static u8 * hostapd_gen_fils_discovery(struct hostapd_data *hapd, size_t *len)
2000 {
2001 struct ieee80211_mgmt *head;
2002 const u8 *mobility_domain;
2003 u8 *pos, *length_pos, buf[200];
2004 u16 ctl = 0;
2005 u8 fd_rsn_info[5];
2006 size_t total_len, buf_len;
2007
2008 total_len = 24 + 2 + 12;
2009
2010 /* FILS Discovery Frame Control */
2011 ctl = (sizeof(hapd->conf->ssid.short_ssid) - 1) |
2012 FD_FRAME_CTL_SHORT_SSID_PRESENT |
2013 FD_FRAME_CTL_LENGTH_PRESENT |
2014 FD_FRAME_CTL_CAP_PRESENT;
2015 total_len += 4 + 1 + 2;
2016
2017 /* Fill primary channel information for 6 GHz channels with over 20 MHz
2018 * bandwidth, if the primary channel is not a PSC */
2019 if (is_6ghz_op_class(hapd->iconf->op_class) &&
2020 !is_6ghz_psc_frequency(ieee80211_chan_to_freq(
2021 NULL, hapd->iconf->op_class,
2022 hapd->iconf->channel)) &&
2023 op_class_to_bandwidth(hapd->iconf->op_class) > 20) {
2024 ctl |= FD_FRAME_CTL_PRI_CHAN_PRESENT;
2025 total_len += 2;
2026 }
2027
2028 /* Check for optional subfields and calculate length */
2029 if (wpa_auth_write_fd_rsn_info(hapd->wpa_auth, fd_rsn_info)) {
2030 ctl |= FD_FRAME_CTL_RSN_INFO_PRESENT;
2031 total_len += sizeof(fd_rsn_info);
2032 }
2033
2034 mobility_domain = hostapd_wpa_ie(hapd, WLAN_EID_MOBILITY_DOMAIN);
2035 if (mobility_domain) {
2036 ctl |= FD_FRAME_CTL_MD_PRESENT;
2037 total_len += 3;
2038 }
2039
2040 total_len += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_ACTION, true);
2041
2042 pos = hostapd_eid_fils_indic(hapd, buf, 0);
2043 buf_len = pos - buf;
2044 total_len += buf_len;
2045
2046 /* he_elem_len() may return too large a value for FD frame, but that is
2047 * fine here since this is used as the maximum length of the buffer. */
2048 total_len += he_elem_len(hapd);
2049
2050 head = os_zalloc(total_len);
2051 if (!head)
2052 return NULL;
2053
2054 head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2055 WLAN_FC_STYPE_ACTION);
2056 os_memset(head->da, 0xff, ETH_ALEN);
2057 os_memcpy(head->sa, hapd->own_addr, ETH_ALEN);
2058 os_memcpy(head->bssid, hapd->own_addr, ETH_ALEN);
2059
2060 head->u.action.category = WLAN_ACTION_PUBLIC;
2061 head->u.action.u.public_action.action = WLAN_PA_FILS_DISCOVERY;
2062
2063 pos = &head->u.action.u.public_action.variable[0];
2064
2065 /* FILS Discovery Information field */
2066
2067 /* FILS Discovery Frame Control */
2068 WPA_PUT_LE16(pos, ctl);
2069 pos += 2;
2070
2071 /* Hardware or low-level driver will fill in the Timestamp value */
2072 pos += 8;
2073
2074 /* Beacon Interval */
2075 WPA_PUT_LE16(pos, hapd->iconf->beacon_int);
2076 pos += 2;
2077
2078 /* Short SSID */
2079 WPA_PUT_LE32(pos, hapd->conf->ssid.short_ssid);
2080 pos += sizeof(hapd->conf->ssid.short_ssid);
2081
2082 /* Store position of FILS discovery information element Length field */
2083 length_pos = pos++;
2084
2085 /* FD Capability */
2086 WPA_PUT_LE16(pos, hostapd_fils_discovery_cap(hapd));
2087 pos += 2;
2088
2089 /* Operating Class and Primary Channel - if a 6 GHz chan is non PSC */
2090 if (ctl & FD_FRAME_CTL_PRI_CHAN_PRESENT) {
2091 *pos++ = hapd->iconf->op_class;
2092 *pos++ = hapd->iconf->channel;
2093 }
2094
2095 /* AP Configuration Sequence Number - not present */
2096
2097 /* Access Network Options - not present */
2098
2099 /* FD RSN Information */
2100 if (ctl & FD_FRAME_CTL_RSN_INFO_PRESENT) {
2101 os_memcpy(pos, fd_rsn_info, sizeof(fd_rsn_info));
2102 pos += sizeof(fd_rsn_info);
2103 }
2104
2105 /* Channel Center Frequency Segment 1 - not present */
2106
2107 /* Mobility Domain */
2108 if (ctl & FD_FRAME_CTL_MD_PRESENT) {
2109 os_memcpy(pos, &mobility_domain[2], 3);
2110 pos += 3;
2111 }
2112
2113 /* Fill in the Length field value */
2114 *length_pos = pos - (length_pos + 1);
2115
2116 pos = hostapd_eid_rnr(hapd, pos, WLAN_FC_STYPE_ACTION, true);
2117
2118 /* FILS Indication element */
2119 if (buf_len) {
2120 os_memcpy(pos, buf, buf_len);
2121 pos += buf_len;
2122 }
2123
2124 if (is_6ghz_op_class(hapd->iconf->op_class))
2125 pos = hostapd_eid_txpower_envelope(hapd, pos);
2126
2127 *len = pos - (u8 *) head;
2128 wpa_hexdump(MSG_DEBUG, "FILS Discovery frame template",
2129 head, pos - (u8 *) head);
2130 return (u8 *) head;
2131 }
2132
2133
2134 /* Configure FILS Discovery frame transmission parameters */
hostapd_fils_discovery(struct hostapd_data * hapd,struct wpa_driver_ap_params * params)2135 static u8 * hostapd_fils_discovery(struct hostapd_data *hapd,
2136 struct wpa_driver_ap_params *params)
2137 {
2138 params->fd_max_int = hapd->conf->fils_discovery_max_int;
2139 if (is_6ghz_op_class(hapd->iconf->op_class) &&
2140 params->fd_max_int > FD_MAX_INTERVAL_6GHZ)
2141 params->fd_max_int = FD_MAX_INTERVAL_6GHZ;
2142
2143 params->fd_min_int = hapd->conf->fils_discovery_min_int;
2144 if (params->fd_min_int > params->fd_max_int)
2145 params->fd_min_int = params->fd_max_int;
2146
2147 if (params->fd_max_int)
2148 return hostapd_gen_fils_discovery(hapd,
2149 ¶ms->fd_frame_tmpl_len);
2150
2151 return NULL;
2152 }
2153
2154 #endif /* CONFIG_FILS */
2155
2156
ieee802_11_build_ap_params(struct hostapd_data * hapd,struct wpa_driver_ap_params * params)2157 int ieee802_11_build_ap_params(struct hostapd_data *hapd,
2158 struct wpa_driver_ap_params *params)
2159 {
2160 struct ieee80211_mgmt *head = NULL;
2161 u8 *tail = NULL;
2162 size_t head_len = 0, tail_len = 0;
2163 u8 *resp = NULL;
2164 size_t resp_len = 0;
2165 #ifdef NEED_AP_MLME
2166 u16 capab_info;
2167 u8 *pos, *tailpos, *tailend, *csa_pos;
2168 bool complete = false;
2169 #endif /* NEED_AP_MLME */
2170
2171 os_memset(params, 0, sizeof(*params));
2172
2173 #ifdef NEED_AP_MLME
2174 #define BEACON_HEAD_BUF_SIZE 256
2175 #define BEACON_TAIL_BUF_SIZE 1500
2176 head = os_zalloc(BEACON_HEAD_BUF_SIZE);
2177 tail_len = BEACON_TAIL_BUF_SIZE;
2178 #ifdef CONFIG_WPS
2179 if (hapd->conf->wps_state && hapd->wps_beacon_ie)
2180 tail_len += wpabuf_len(hapd->wps_beacon_ie);
2181 #endif /* CONFIG_WPS */
2182 #ifdef CONFIG_P2P
2183 if (hapd->p2p_beacon_ie)
2184 tail_len += wpabuf_len(hapd->p2p_beacon_ie);
2185 #endif /* CONFIG_P2P */
2186 #ifdef CONFIG_FST
2187 if (hapd->iface->fst_ies)
2188 tail_len += wpabuf_len(hapd->iface->fst_ies);
2189 #endif /* CONFIG_FST */
2190 if (hapd->conf->vendor_elements)
2191 tail_len += wpabuf_len(hapd->conf->vendor_elements);
2192
2193 #ifdef CONFIG_IEEE80211AC
2194 if (hapd->conf->vendor_vht) {
2195 tail_len += 5 + 2 + sizeof(struct ieee80211_vht_capabilities) +
2196 2 + sizeof(struct ieee80211_vht_operation);
2197 }
2198 #endif /* CONFIG_IEEE80211AC */
2199
2200 tail_len += he_elem_len(hapd);
2201
2202 #ifdef CONFIG_IEEE80211BE
2203 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
2204 tail_len += hostapd_eid_eht_capab_len(hapd, IEEE80211_MODE_AP);
2205 tail_len += 3 + sizeof(struct ieee80211_eht_operation);
2206 if (hapd->iconf->punct_bitmap)
2207 tail_len += EHT_OPER_DISABLED_SUBCHAN_BITMAP_SIZE;
2208
2209 /*
2210 * TODO: Multi-Link element has variable length and can be
2211 * long based on the common info and number of per
2212 * station profiles. For now use 256.
2213 */
2214 if (hapd->conf->mld_ap) {
2215 tail_len += 256;
2216
2217 /* for Max Channel Switch Time element during channel
2218 * switch */
2219 tail_len += 6;
2220 }
2221 }
2222 #endif /* CONFIG_IEEE80211BE */
2223
2224 if (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED &&
2225 hapd == hostapd_mbssid_get_tx_bss(hapd))
2226 tail_len += 5; /* Multiple BSSID Configuration element */
2227 tail_len += hostapd_eid_rnr_len(hapd, WLAN_FC_STYPE_BEACON, true);
2228 tail_len += hostapd_mbo_ie_len(hapd);
2229 tail_len += hostapd_eid_owe_trans_len(hapd);
2230 tail_len += hostapd_eid_dpp_cc_len(hapd);
2231 tail_len += hostapd_get_rsne_override_len(hapd);
2232 tail_len += hostapd_get_rsne_override_2_len(hapd);
2233 tail_len += hostapd_get_rsnxe_override_len(hapd);
2234
2235 tailpos = tail = os_malloc(tail_len);
2236 if (head == NULL || tail == NULL) {
2237 wpa_printf(MSG_ERROR, "Failed to set beacon data");
2238 os_free(head);
2239 os_free(tail);
2240 return -1;
2241 }
2242 tailend = tail + tail_len;
2243
2244 head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2245 WLAN_FC_STYPE_BEACON);
2246 head->duration = host_to_le16(0);
2247 os_memset(head->da, 0xff, ETH_ALEN);
2248
2249 os_memcpy(head->sa, hapd->own_addr, ETH_ALEN);
2250 os_memcpy(head->bssid, hapd->own_addr, ETH_ALEN);
2251 head->u.beacon.beacon_int =
2252 host_to_le16(hapd->iconf->beacon_int);
2253
2254 /* hardware or low-level driver will setup seq_ctrl and timestamp */
2255 capab_info = hostapd_own_capab_info(hapd);
2256 head->u.beacon.capab_info = host_to_le16(capab_info);
2257 pos = &head->u.beacon.variable[0];
2258
2259 /* SSID */
2260 *pos++ = WLAN_EID_SSID;
2261 if (hapd->conf->ignore_broadcast_ssid == 2) {
2262 /* clear the data, but keep the correct length of the SSID */
2263 *pos++ = hapd->conf->ssid.ssid_len;
2264 os_memset(pos, 0, hapd->conf->ssid.ssid_len);
2265 pos += hapd->conf->ssid.ssid_len;
2266 } else if (hapd->conf->ignore_broadcast_ssid) {
2267 *pos++ = 0; /* empty SSID */
2268 } else {
2269 *pos++ = hapd->conf->ssid.ssid_len;
2270 os_memcpy(pos, hapd->conf->ssid.ssid,
2271 hapd->conf->ssid.ssid_len);
2272 pos += hapd->conf->ssid.ssid_len;
2273 }
2274
2275 /* Supported rates */
2276 pos = hostapd_eid_supp_rates(hapd, pos);
2277
2278 /* DS Params */
2279 pos = hostapd_eid_ds_params(hapd, pos);
2280
2281 head_len = pos - (u8 *) head;
2282
2283 tailpos = hostapd_eid_country(hapd, tailpos, tailend - tailpos);
2284
2285 /* Power Constraint element */
2286 tailpos = hostapd_eid_pwr_constraint(hapd, tailpos);
2287
2288 /* CSA IE */
2289 csa_pos = hostapd_eid_csa(hapd, tailpos);
2290 if (csa_pos != tailpos)
2291 hapd->cs_c_off_beacon = csa_pos - tail - 1;
2292 tailpos = csa_pos;
2293
2294 /* ERP Information element */
2295 tailpos = hostapd_eid_erp_info(hapd, tailpos);
2296
2297 /* Extended supported rates */
2298 tailpos = hostapd_eid_ext_supp_rates(hapd, tailpos);
2299
2300 tailpos = hostapd_get_rsne(hapd, tailpos, tailend - tailpos);
2301 tailpos = hostapd_eid_bss_load(hapd, tailpos, tailend - tailpos);
2302 tailpos = hostapd_eid_rm_enabled_capab(hapd, tailpos,
2303 tailend - tailpos);
2304 tailpos = hostapd_get_mde(hapd, tailpos, tailend - tailpos);
2305
2306 /* eCSA IE */
2307 csa_pos = hostapd_eid_ecsa(hapd, tailpos);
2308 if (csa_pos != tailpos)
2309 hapd->cs_c_off_ecsa_beacon = csa_pos - tail - 1;
2310 tailpos = csa_pos;
2311
2312 tailpos = hostapd_eid_supported_op_classes(hapd, tailpos);
2313 tailpos = hostapd_eid_ht_capabilities(hapd, tailpos);
2314 tailpos = hostapd_eid_ht_operation(hapd, tailpos);
2315
2316 if (hapd->iconf->mbssid && hapd->iconf->num_bss > 1) {
2317 if (ieee802_11_build_ap_params_mbssid(hapd, params)) {
2318 os_free(head);
2319 os_free(tail);
2320 wpa_printf(MSG_ERROR,
2321 "MBSSID: Failed to set beacon data");
2322 return -1;
2323 }
2324 complete = hapd->iconf->mbssid == MBSSID_ENABLED ||
2325 (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED &&
2326 params->mbssid_elem_count == 1);
2327 }
2328
2329 tailpos = hostapd_eid_ext_capab(hapd, tailpos, complete);
2330
2331 /*
2332 * TODO: Time Advertisement element should only be included in some
2333 * DTIM Beacon frames.
2334 */
2335 tailpos = hostapd_eid_time_adv(hapd, tailpos);
2336
2337 tailpos = hostapd_eid_interworking(hapd, tailpos);
2338 tailpos = hostapd_eid_adv_proto(hapd, tailpos);
2339 tailpos = hostapd_eid_roaming_consortium(hapd, tailpos);
2340
2341 #ifdef CONFIG_FST
2342 if (hapd->iface->fst_ies) {
2343 os_memcpy(tailpos, wpabuf_head(hapd->iface->fst_ies),
2344 wpabuf_len(hapd->iface->fst_ies));
2345 tailpos += wpabuf_len(hapd->iface->fst_ies);
2346 }
2347 #endif /* CONFIG_FST */
2348
2349 #ifdef CONFIG_IEEE80211AC
2350 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac &&
2351 !is_6ghz_op_class(hapd->iconf->op_class)) {
2352 tailpos = hostapd_eid_vht_capabilities(hapd, tailpos, 0);
2353 tailpos = hostapd_eid_vht_operation(hapd, tailpos);
2354 tailpos = hostapd_eid_txpower_envelope(hapd, tailpos);
2355 }
2356 #endif /* CONFIG_IEEE80211AC */
2357
2358 #ifdef CONFIG_IEEE80211AX
2359 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax &&
2360 is_6ghz_op_class(hapd->iconf->op_class))
2361 tailpos = hostapd_eid_txpower_envelope(hapd, tailpos);
2362 #endif /* CONFIG_IEEE80211AX */
2363
2364 tailpos = hostapd_eid_chsw_wrapper(hapd, tailpos);
2365
2366 tailpos = hostapd_eid_rnr(hapd, tailpos, WLAN_FC_STYPE_BEACON, true);
2367 tailpos = hostapd_eid_fils_indic(hapd, tailpos, 0);
2368
2369 /* Max Channel Switch Time element */
2370 tailpos = hostapd_eid_max_cs_time(hapd, tailpos);
2371
2372 tailpos = hostapd_get_rsnxe(hapd, tailpos, tailend - tailpos);
2373 tailpos = hostapd_eid_mbssid_config(hapd, tailpos,
2374 params->mbssid_elem_count);
2375
2376 #ifdef CONFIG_IEEE80211AX
2377 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
2378 u8 *cca_pos;
2379
2380 tailpos = hostapd_eid_he_capab(hapd, tailpos,
2381 IEEE80211_MODE_AP);
2382 tailpos = hostapd_eid_he_operation(hapd, tailpos);
2383
2384 /* BSS Color Change Announcement element */
2385 cca_pos = hostapd_eid_cca(hapd, tailpos);
2386 if (cca_pos != tailpos)
2387 hapd->cca_c_off_beacon = cca_pos - tail - 2;
2388 tailpos = cca_pos;
2389
2390 tailpos = hostapd_eid_spatial_reuse(hapd, tailpos);
2391 tailpos = hostapd_eid_he_mu_edca_parameter_set(hapd, tailpos);
2392 tailpos = hostapd_eid_he_6ghz_band_cap(hapd, tailpos);
2393 }
2394 #endif /* CONFIG_IEEE80211AX */
2395
2396 #ifdef CONFIG_IEEE80211BE
2397 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
2398 if (hapd->conf->mld_ap)
2399 tailpos = hostapd_eid_eht_ml_beacon(hapd, NULL,
2400 tailpos, false);
2401 tailpos = hostapd_eid_eht_capab(hapd, tailpos,
2402 IEEE80211_MODE_AP);
2403 tailpos = hostapd_eid_eht_operation(hapd, tailpos);
2404 }
2405 #endif /* CONFIG_IEEE80211BE */
2406
2407 #ifdef CONFIG_IEEE80211AC
2408 if (hapd->conf->vendor_vht)
2409 tailpos = hostapd_eid_vendor_vht(hapd, tailpos);
2410 #endif /* CONFIG_IEEE80211AC */
2411
2412 /* WPA */
2413 tailpos = hostapd_get_wpa_ie(hapd, tailpos, tailend - tailpos);
2414
2415 /* Wi-Fi Alliance WMM */
2416 tailpos = hostapd_eid_wmm(hapd, tailpos);
2417
2418 #ifdef CONFIG_WPS
2419 if (hapd->conf->wps_state && hapd->wps_beacon_ie) {
2420 os_memcpy(tailpos, wpabuf_head(hapd->wps_beacon_ie),
2421 wpabuf_len(hapd->wps_beacon_ie));
2422 tailpos += wpabuf_len(hapd->wps_beacon_ie);
2423 }
2424 #endif /* CONFIG_WPS */
2425
2426 #ifdef CONFIG_P2P
2427 if ((hapd->conf->p2p & P2P_ENABLED) && hapd->p2p_beacon_ie) {
2428 os_memcpy(tailpos, wpabuf_head(hapd->p2p_beacon_ie),
2429 wpabuf_len(hapd->p2p_beacon_ie));
2430 tailpos += wpabuf_len(hapd->p2p_beacon_ie);
2431 }
2432 #endif /* CONFIG_P2P */
2433 #ifdef CONFIG_P2P_MANAGER
2434 if ((hapd->conf->p2p & (P2P_MANAGE | P2P_ENABLED | P2P_GROUP_OWNER)) ==
2435 P2P_MANAGE)
2436 tailpos = hostapd_eid_p2p_manage(hapd, tailpos);
2437 #endif /* CONFIG_P2P_MANAGER */
2438
2439 #ifdef CONFIG_HS20
2440 tailpos = hostapd_eid_hs20_indication(hapd, tailpos);
2441 #endif /* CONFIG_HS20 */
2442
2443 tailpos = hostapd_eid_mbo(hapd, tailpos, tail + tail_len - tailpos);
2444 tailpos = hostapd_eid_owe_trans(hapd, tailpos,
2445 tail + tail_len - tailpos);
2446 tailpos = hostapd_eid_dpp_cc(hapd, tailpos, tail + tail_len - tailpos);
2447
2448 tailpos = hostapd_get_rsne_override(hapd, tailpos,
2449 tail + tail_len - tailpos);
2450 tailpos = hostapd_get_rsne_override_2(hapd, tailpos,
2451 tail + tail_len - tailpos);
2452 tailpos = hostapd_get_rsnxe_override(hapd, tailpos,
2453 tail + tail_len - tailpos);
2454
2455 if (hapd->conf->vendor_elements) {
2456 os_memcpy(tailpos, wpabuf_head(hapd->conf->vendor_elements),
2457 wpabuf_len(hapd->conf->vendor_elements));
2458 tailpos += wpabuf_len(hapd->conf->vendor_elements);
2459 }
2460
2461 tail_len = tailpos > tail ? tailpos - tail : 0;
2462
2463 resp = hostapd_probe_resp_offloads(hapd, &resp_len);
2464 #endif /* NEED_AP_MLME */
2465
2466 /* If key management offload is enabled, configure PSK to the driver. */
2467 if (wpa_key_mgmt_wpa_psk_no_sae(hapd->conf->wpa_key_mgmt) &&
2468 (hapd->iface->drv_flags2 &
2469 WPA_DRIVER_FLAGS2_4WAY_HANDSHAKE_AP_PSK)) {
2470 if (hapd->conf->ssid.wpa_psk && hapd->conf->ssid.wpa_psk_set) {
2471 os_memcpy(params->psk, hapd->conf->ssid.wpa_psk->psk,
2472 PMK_LEN);
2473 params->psk_len = PMK_LEN;
2474 } else if (hapd->conf->ssid.wpa_passphrase &&
2475 pbkdf2_sha1(hapd->conf->ssid.wpa_passphrase,
2476 hapd->conf->ssid.ssid,
2477 hapd->conf->ssid.ssid_len, 4096,
2478 params->psk, PMK_LEN) == 0) {
2479 params->psk_len = PMK_LEN;
2480 }
2481 }
2482
2483 #ifdef CONFIG_SAE
2484 /* If SAE offload is enabled, provide password to lower layer for
2485 * SAE authentication and PMK generation.
2486 */
2487 if (wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt |
2488 hapd->conf->rsn_override_key_mgmt |
2489 hapd->conf->rsn_override_key_mgmt_2) &&
2490 (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP)) {
2491 if (hostapd_sae_pk_in_use(hapd->conf)) {
2492 wpa_printf(MSG_ERROR,
2493 "SAE PK not supported with SAE offload");
2494 return -1;
2495 }
2496
2497 if (hostapd_sae_pw_id_in_use(hapd->conf)) {
2498 wpa_printf(MSG_ERROR,
2499 "SAE Password Identifiers not supported with SAE offload");
2500 return -1;
2501 }
2502
2503 params->sae_password = sae_get_password(hapd, NULL, NULL, NULL,
2504 NULL, NULL);
2505 if (!params->sae_password) {
2506 wpa_printf(MSG_ERROR, "SAE password not configured for offload");
2507 return -1;
2508 }
2509 }
2510 #endif /* CONFIG_SAE */
2511
2512 params->head = (u8 *) head;
2513 params->head_len = head_len;
2514 params->tail = tail;
2515 params->tail_len = tail_len;
2516 params->proberesp = resp;
2517 params->proberesp_len = resp_len;
2518 params->dtim_period = hapd->conf->dtim_period;
2519 params->beacon_int = hapd->iconf->beacon_int;
2520 params->basic_rates = hapd->iface->basic_rates;
2521 params->beacon_rate = hapd->iconf->beacon_rate;
2522 params->rate_type = hapd->iconf->rate_type;
2523 params->ssid = hapd->conf->ssid.ssid;
2524 params->ssid_len = hapd->conf->ssid.ssid_len;
2525 if ((hapd->conf->wpa & (WPA_PROTO_WPA | WPA_PROTO_RSN)) ==
2526 (WPA_PROTO_WPA | WPA_PROTO_RSN))
2527 params->pairwise_ciphers = hapd->conf->wpa_pairwise |
2528 hapd->conf->rsn_pairwise;
2529 else if (hapd->conf->wpa & WPA_PROTO_RSN)
2530 params->pairwise_ciphers = hapd->conf->rsn_pairwise;
2531 else if (hapd->conf->wpa & WPA_PROTO_WPA)
2532 params->pairwise_ciphers = hapd->conf->wpa_pairwise;
2533 params->group_cipher = hapd->conf->wpa_group;
2534 params->key_mgmt_suites = hapd->conf->wpa_key_mgmt |
2535 hapd->conf->rsn_override_key_mgmt |
2536 hapd->conf->rsn_override_key_mgmt_2;
2537 params->auth_algs = hapd->conf->auth_algs;
2538 params->wpa_version = hapd->conf->wpa;
2539 params->privacy = hapd->conf->wpa;
2540 #ifdef CONFIG_WEP
2541 params->privacy |= hapd->conf->ssid.wep.keys_set ||
2542 (hapd->conf->ieee802_1x &&
2543 (hapd->conf->default_wep_key_len ||
2544 hapd->conf->individual_wep_key_len));
2545 #endif /* CONFIG_WEP */
2546 switch (hapd->conf->ignore_broadcast_ssid) {
2547 case 0:
2548 params->hide_ssid = NO_SSID_HIDING;
2549 break;
2550 case 1:
2551 params->hide_ssid = HIDDEN_SSID_ZERO_LEN;
2552 break;
2553 case 2:
2554 params->hide_ssid = HIDDEN_SSID_ZERO_CONTENTS;
2555 break;
2556 }
2557 params->isolate = hapd->conf->isolate;
2558 #ifdef NEED_AP_MLME
2559 params->cts_protect = !!(ieee802_11_erp_info(hapd) &
2560 ERP_INFO_USE_PROTECTION);
2561 params->preamble = hapd->iface->num_sta_no_short_preamble == 0 &&
2562 hapd->iconf->preamble == SHORT_PREAMBLE;
2563 if (hapd->iface->current_mode &&
2564 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
2565 params->short_slot_time =
2566 hapd->iface->num_sta_no_short_slot_time > 0 ? 0 : 1;
2567 else
2568 params->short_slot_time = -1;
2569 if (!hapd->iconf->ieee80211n || hapd->conf->disable_11n)
2570 params->ht_opmode = -1;
2571 else
2572 params->ht_opmode = hapd->iface->ht_op_mode;
2573 #endif /* NEED_AP_MLME */
2574 params->interworking = hapd->conf->interworking;
2575 if (hapd->conf->interworking &&
2576 !is_zero_ether_addr(hapd->conf->hessid))
2577 params->hessid = hapd->conf->hessid;
2578 params->access_network_type = hapd->conf->access_network_type;
2579 params->ap_max_inactivity = hapd->conf->ap_max_inactivity;
2580 #ifdef CONFIG_P2P
2581 params->p2p_go_ctwindow = hapd->iconf->p2p_go_ctwindow;
2582 #endif /* CONFIG_P2P */
2583 #ifdef CONFIG_HS20
2584 params->disable_dgaf = hapd->conf->disable_dgaf;
2585 #endif /* CONFIG_HS20 */
2586 params->multicast_to_unicast = hapd->conf->multicast_to_unicast;
2587 params->pbss = hapd->conf->pbss;
2588
2589 if (hapd->conf->ftm_responder) {
2590 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_FTM_RESPONDER) {
2591 params->ftm_responder = 1;
2592 params->lci = hapd->iface->conf->lci;
2593 params->civic = hapd->iface->conf->civic;
2594 } else {
2595 wpa_printf(MSG_WARNING,
2596 "Not configuring FTM responder as the driver doesn't advertise support for it");
2597 }
2598 }
2599
2600 #ifdef CONFIG_IEEE80211BE
2601 if (hapd->conf->mld_ap && hapd->iconf->ieee80211be &&
2602 !hapd->conf->disable_11be) {
2603 params->mld_ap = true;
2604 params->mld_link_id = hapd->mld_link_id;
2605 }
2606 #endif /* CONFIG_IEEE80211BE */
2607
2608 return 0;
2609 }
2610
2611
ieee802_11_free_ap_params(struct wpa_driver_ap_params * params)2612 void ieee802_11_free_ap_params(struct wpa_driver_ap_params *params)
2613 {
2614 os_free(params->tail);
2615 params->tail = NULL;
2616 os_free(params->head);
2617 params->head = NULL;
2618 os_free(params->proberesp);
2619 params->proberesp = NULL;
2620 os_free(params->mbssid_elem);
2621 params->mbssid_elem = NULL;
2622 os_free(params->mbssid_elem_offset);
2623 params->mbssid_elem_offset = NULL;
2624 os_free(params->rnr_elem);
2625 params->rnr_elem = NULL;
2626 os_free(params->rnr_elem_offset);
2627 params->rnr_elem_offset = NULL;
2628 #ifdef CONFIG_FILS
2629 os_free(params->fd_frame_tmpl);
2630 params->fd_frame_tmpl = NULL;
2631 #endif /* CONFIG_FILS */
2632 #ifdef CONFIG_IEEE80211AX
2633 os_free(params->ubpr.unsol_bcast_probe_resp_tmpl);
2634 params->ubpr.unsol_bcast_probe_resp_tmpl = NULL;
2635 #endif /* CONFIG_IEEE80211AX */
2636 os_free(params->allowed_freqs);
2637 params->allowed_freqs = NULL;
2638 }
2639
2640
__ieee802_11_set_beacon(struct hostapd_data * hapd)2641 static int __ieee802_11_set_beacon(struct hostapd_data *hapd)
2642 {
2643 struct wpa_driver_ap_params params;
2644 struct hostapd_freq_params freq;
2645 struct hostapd_iface *iface = hapd->iface;
2646 struct hostapd_config *iconf = iface->conf;
2647 struct hostapd_hw_modes *cmode = iface->current_mode;
2648 struct wpabuf *beacon, *proberesp, *assocresp;
2649 bool twt_he_responder = false;
2650 int res, ret = -1, i;
2651 struct hostapd_hw_modes *mode;
2652
2653 if (!hapd->drv_priv) {
2654 wpa_printf(MSG_ERROR, "Interface is disabled");
2655 return -1;
2656 }
2657
2658 if (hapd->csa_in_progress) {
2659 wpa_printf(MSG_ERROR, "Cannot set beacons during CSA period");
2660 return -1;
2661 }
2662
2663 hapd->beacon_set_done = 1;
2664
2665 if (ieee802_11_build_ap_params(hapd, ¶ms) < 0)
2666 return -1;
2667
2668 if (hostapd_build_ap_extra_ies(hapd, &beacon, &proberesp, &assocresp) <
2669 0)
2670 goto fail;
2671
2672 params.beacon_ies = beacon;
2673 params.proberesp_ies = proberesp;
2674 params.assocresp_ies = assocresp;
2675 params.reenable = hapd->reenable_beacon;
2676 #ifdef CONFIG_IEEE80211AX
2677 params.he_spr_ctrl = hapd->iface->conf->spr.sr_control;
2678 params.he_spr_non_srg_obss_pd_max_offset =
2679 hapd->iface->conf->spr.non_srg_obss_pd_max_offset;
2680 params.he_spr_srg_obss_pd_min_offset =
2681 hapd->iface->conf->spr.srg_obss_pd_min_offset;
2682 params.he_spr_srg_obss_pd_max_offset =
2683 hapd->iface->conf->spr.srg_obss_pd_max_offset;
2684 os_memcpy(params.he_spr_bss_color_bitmap,
2685 hapd->iface->conf->spr.srg_bss_color_bitmap, 8);
2686 os_memcpy(params.he_spr_partial_bssid_bitmap,
2687 hapd->iface->conf->spr.srg_partial_bssid_bitmap, 8);
2688 params.he_bss_color_disabled =
2689 hapd->iface->conf->he_op.he_bss_color_disabled;
2690 params.he_bss_color_partial =
2691 hapd->iface->conf->he_op.he_bss_color_partial;
2692 params.he_bss_color = hapd->iface->conf->he_op.he_bss_color;
2693 twt_he_responder = hostapd_get_he_twt_responder(hapd,
2694 IEEE80211_MODE_AP);
2695 params.ubpr.unsol_bcast_probe_resp_tmpl =
2696 hostapd_unsol_bcast_probe_resp(hapd, ¶ms.ubpr);
2697 #endif /* CONFIG_IEEE80211AX */
2698 params.twt_responder =
2699 twt_he_responder || hostapd_get_ht_vht_twt_responder(hapd);
2700 hapd->reenable_beacon = 0;
2701 #ifdef CONFIG_SAE
2702 params.sae_pwe = hapd->conf->sae_pwe;
2703 #endif /* CONFIG_SAE */
2704
2705 #ifdef CONFIG_FILS
2706 params.fd_frame_tmpl = hostapd_fils_discovery(hapd, ¶ms);
2707 #endif /* CONFIG_FILS */
2708
2709 #ifdef CONFIG_IEEE80211BE
2710 params.punct_bitmap = iconf->punct_bitmap;
2711 #endif /* CONFIG_IEEE80211BE */
2712
2713 if (cmode &&
2714 hostapd_set_freq_params(&freq, iconf->hw_mode, iface->freq,
2715 iconf->channel, iconf->enable_edmg,
2716 iconf->edmg_channel, iconf->ieee80211n,
2717 iconf->ieee80211ac, iconf->ieee80211ax,
2718 iconf->ieee80211be,
2719 iconf->secondary_channel,
2720 hostapd_get_oper_chwidth(iconf),
2721 hostapd_get_oper_centr_freq_seg0_idx(iconf),
2722 hostapd_get_oper_centr_freq_seg1_idx(iconf),
2723 cmode->vht_capab,
2724 &cmode->he_capab[IEEE80211_MODE_AP],
2725 &cmode->eht_capab[IEEE80211_MODE_AP],
2726 hostapd_get_punct_bitmap(hapd)) == 0) {
2727 freq.link_id = -1;
2728 #ifdef CONFIG_IEEE80211BE
2729 if (hapd->conf->mld_ap)
2730 freq.link_id = hapd->mld_link_id;
2731 #endif /* CONFIG_IEEE80211BE */
2732 params.freq = &freq;
2733 }
2734
2735 for (i = 0; i < hapd->iface->num_hw_features; i++) {
2736 mode = &hapd->iface->hw_features[i];
2737
2738 if (iconf->hw_mode != HOSTAPD_MODE_IEEE80211ANY &&
2739 iconf->hw_mode != mode->mode)
2740 continue;
2741
2742 hostapd_get_hw_mode_any_channels(hapd, mode,
2743 !(iconf->acs_freq_list.num ||
2744 iconf->acs_ch_list.num),
2745 true, ¶ms.allowed_freqs);
2746 }
2747
2748 res = hostapd_drv_set_ap(hapd, ¶ms);
2749 hostapd_free_ap_extra_ies(hapd, beacon, proberesp, assocresp);
2750 if (res)
2751 wpa_printf(MSG_ERROR, "Failed to set beacon parameters");
2752 else
2753 ret = 0;
2754 fail:
2755 ieee802_11_free_ap_params(¶ms);
2756 return ret;
2757 }
2758
2759
ieee802_11_set_beacon_per_bss_only(struct hostapd_data * hapd)2760 void ieee802_11_set_beacon_per_bss_only(struct hostapd_data *hapd)
2761 {
2762 __ieee802_11_set_beacon(hapd);
2763 }
2764
2765
2766 #ifdef CONFIG_IEEE80211BE
2767
hostapd_get_probe_resp_tmpl(struct hostapd_data * hapd,struct probe_resp_params * params,bool is_ml_sta_info)2768 static int hostapd_get_probe_resp_tmpl(struct hostapd_data *hapd,
2769 struct probe_resp_params *params,
2770 bool is_ml_sta_info)
2771 {
2772 os_memset(params, 0, sizeof(*params));
2773 hostapd_gen_probe_resp(hapd, params);
2774 if (!params->resp)
2775 return -1;
2776
2777 /* The caller takes care of freeing params->resp. */
2778 return 0;
2779 }
2780
2781
is_restricted_eid_in_sta_profile(u8 eid,bool tx_vap)2782 static bool is_restricted_eid_in_sta_profile(u8 eid, bool tx_vap)
2783 {
2784 switch (eid) {
2785 case WLAN_EID_TIM:
2786 case WLAN_EID_BSS_MAX_IDLE_PERIOD:
2787 case WLAN_EID_MULTIPLE_BSSID:
2788 case WLAN_EID_REDUCED_NEIGHBOR_REPORT:
2789 case WLAN_EID_NEIGHBOR_REPORT:
2790 return true;
2791 case WLAN_EID_SSID:
2792 /* SSID is not restricted for non-transmitted BSSID */
2793 return tx_vap;
2794 default:
2795 return false;
2796 }
2797 }
2798
2799
is_restricted_ext_eid_in_sta_profile(u8 ext_id)2800 static bool is_restricted_ext_eid_in_sta_profile(u8 ext_id)
2801 {
2802 switch (ext_id) {
2803 case WLAN_EID_EXT_MULTI_LINK:
2804 return true;
2805 default:
2806 return false;
2807 }
2808 }
2809
2810
2811 /* Create the link STA profiles based on inheritance from the reporting
2812 * profile.
2813 *
2814 * NOTE: The same function is used for length calculation as well as filling
2815 * data in the given buffer. This avoids risk of not updating the length
2816 * function but filling function or vice versa.
2817 */
hostapd_add_sta_profile(struct ieee80211_mgmt * link_fdata,size_t link_data_len,struct ieee80211_mgmt * own_fdata,size_t own_data_len,u8 * sta_profile,bool tx_vap)2818 static size_t hostapd_add_sta_profile(struct ieee80211_mgmt *link_fdata,
2819 size_t link_data_len,
2820 struct ieee80211_mgmt *own_fdata,
2821 size_t own_data_len,
2822 u8 *sta_profile, bool tx_vap)
2823 {
2824 const struct element *link_elem;
2825 size_t sta_profile_len = 0;
2826 const u8 *link_elem_data;
2827 u8 link_ele_len;
2828 u8 *link_data;
2829 const struct element *own_elem;
2830 u8 link_eid, own_eid, own_ele_len;
2831 const u8 *own_elem_data;
2832 u8 *own_data;
2833 bool is_ext;
2834 bool ie_found;
2835 u8 non_inherit_ele_ext_list[256] = { 0 };
2836 u8 non_inherit_ele_ext_list_len = 0;
2837 u8 non_inherit_ele_list[256] = { 0 };
2838 u8 non_inherit_ele_list_len = 0;
2839 u8 num_link_elem_vendor_ies = 0, num_own_elem_vendor_ies = 0;
2840 bool add_vendor_ies = false, is_identical_vendor_ies = true;
2841 /* The bitmap of parsed EIDs. There are 256 EIDs and ext EIDs, so 32
2842 * bytes to store the bitmaps. */
2843 u8 parsed_eid_bmap[32] = { 0 }, parsed_ext_eid_bmap[32] = { 0 };
2844 /* extra len used in the logic includes the element id and len */
2845 u8 extra_len = 2;
2846
2847 /* Include len for capab info */
2848 sta_profile_len += sizeof(le16);
2849 if (sta_profile) {
2850 os_memcpy(sta_profile, &link_fdata->u.probe_resp.capab_info,
2851 sizeof(le16));
2852 sta_profile += sizeof(le16);
2853 }
2854
2855 own_data = own_fdata->u.probe_resp.variable;
2856 link_data = link_fdata->u.probe_resp.variable;
2857
2858 /* The below logic takes the reporting BSS data and reported BSS data
2859 * and performs intersection to build the STA profile of the reported
2860 * BSS. Certain elements are not added to the STA profile as
2861 * recommended in standard. Matching element information in the
2862 * reporting BSS profile are ignored in the STA profile. Remaining
2863 * elements pertaining to the STA profile are appended at the end. */
2864 for_each_element(own_elem, own_data, own_data_len) {
2865 is_ext = false;
2866 ie_found = false;
2867
2868 /* Pick one of own elements and get its EID and length */
2869 own_elem_data = own_elem->data;
2870 own_ele_len = own_elem->datalen;
2871
2872 if (own_elem->id == WLAN_EID_EXTENSION) {
2873 is_ext = true;
2874 own_eid = *(own_elem_data);
2875 if (is_restricted_ext_eid_in_sta_profile(own_eid))
2876 continue;
2877 } else {
2878 own_eid = own_elem->id;
2879 if (is_restricted_eid_in_sta_profile(own_eid, tx_vap))
2880 continue;
2881 }
2882
2883 for_each_element(link_elem, link_data, link_data_len) {
2884 /* If the element type mismatches, do not consider
2885 * this link element for comparison. */
2886 if ((link_elem->id == WLAN_EID_EXTENSION &&
2887 !is_ext) ||
2888 (is_ext && link_elem->id != WLAN_EID_EXTENSION))
2889 continue;
2890
2891 /* Comparison can be done so get the link element and
2892 * its EID and length. */
2893 link_elem_data = link_elem->data;
2894 link_ele_len = link_elem->datalen;
2895
2896 if (link_elem->id == WLAN_EID_EXTENSION)
2897 link_eid = *(link_elem_data);
2898 else
2899 link_eid = link_elem->id;
2900
2901 /* Ignore if EID does not match */
2902 if (own_eid != link_eid)
2903 continue;
2904
2905 ie_found = true;
2906
2907 /* Ignore if the contents is identical. */
2908 if (own_ele_len == link_ele_len &&
2909 os_memcmp(own_elem->data, link_elem->data,
2910 own_ele_len) == 0) {
2911 if (own_eid == WLAN_EID_VENDOR_SPECIFIC) {
2912 is_identical_vendor_ies = true;
2913 num_own_elem_vendor_ies++;
2914 }
2915
2916 /* Update the parsed EIDs bitmap */
2917 if (is_ext)
2918 parsed_ext_eid_bmap[own_eid / 8] |=
2919 BIT(own_eid % 8);
2920 else
2921 parsed_eid_bmap[own_eid / 8] |=
2922 BIT(own_eid % 8);
2923 break;
2924 }
2925
2926 /* No need to include this non-matching Vendor Specific
2927 * element explicitly at this point. */
2928 if (own_eid == WLAN_EID_VENDOR_SPECIFIC) {
2929 is_identical_vendor_ies = false;
2930 continue;
2931 }
2932
2933 /* This element is present in the reported profile
2934 * as well as present in the reporting profile.
2935 * However, there is a mismatch in the contents and
2936 * hence, include this in the per STA profile. */
2937 sta_profile_len += link_ele_len + extra_len;
2938 if (sta_profile) {
2939 os_memcpy(sta_profile,
2940 link_elem->data - extra_len,
2941 link_ele_len + extra_len);
2942 sta_profile += link_ele_len + extra_len;
2943 }
2944
2945 /* Update the parsed EIDs bitmap */
2946 if (is_ext)
2947 parsed_ext_eid_bmap[own_eid / 8] |=
2948 BIT(own_eid % 8);
2949 else
2950 parsed_eid_bmap[own_eid / 8] |=
2951 BIT(own_eid % 8);
2952 break;
2953 }
2954
2955 /* We found at least one Vendor Specific element in reporting
2956 * link which is not same (or present) in the reported link. We
2957 * need to include all Vendor Specific elements from the
2958 * reported link. */
2959 if (!is_identical_vendor_ies)
2960 add_vendor_ies = true;
2961
2962 /* This is a unique element in the reporting profile which is
2963 * not present in the reported profile. Update the
2964 * non-inheritance list. */
2965 if (!ie_found) {
2966 u8 idx;
2967
2968 if (is_ext) {
2969 idx = non_inherit_ele_ext_list_len++;
2970 non_inherit_ele_ext_list[idx] = own_eid;
2971 } else {
2972 idx = non_inherit_ele_list_len++;
2973 non_inherit_ele_list[idx] = own_eid;
2974 }
2975 }
2976 }
2977
2978 /* Parse the remaining elements in the reported profile */
2979 for_each_element(link_elem, link_data, link_data_len) {
2980 link_elem_data = link_elem->data;
2981 link_ele_len = link_elem->datalen;
2982
2983 /* No need to check this Vendor Specific element at this point.
2984 * Just take the count and continue. */
2985 if (link_elem->id == WLAN_EID_VENDOR_SPECIFIC) {
2986 num_link_elem_vendor_ies++;
2987 continue;
2988 }
2989
2990 if (link_elem->id == WLAN_EID_EXTENSION) {
2991 link_eid = *(link_elem_data);
2992
2993 if ((parsed_ext_eid_bmap[link_eid / 8] &
2994 BIT(link_eid % 8)) ||
2995 is_restricted_ext_eid_in_sta_profile(link_eid))
2996 continue;
2997 } else {
2998 link_eid = link_elem->id;
2999
3000 if ((parsed_eid_bmap[link_eid / 8] &
3001 BIT(link_eid % 8)) ||
3002 is_restricted_eid_in_sta_profile(link_eid, tx_vap))
3003 continue;
3004 }
3005
3006 sta_profile_len += link_ele_len + extra_len;
3007 if (sta_profile) {
3008 os_memcpy(sta_profile, link_elem_data - extra_len,
3009 link_ele_len + extra_len);
3010 sta_profile += link_ele_len + extra_len;
3011 }
3012 }
3013
3014 /* Handle Vendor Specific elements
3015 * Add all the Vendor Specific elements of the reported link if
3016 * a. There is at least one non-matching Vendor Specific element, or
3017 * b. The number of Vendor Specific elements in reporting and reported
3018 * link is not same. */
3019 if (add_vendor_ies ||
3020 num_own_elem_vendor_ies != num_link_elem_vendor_ies) {
3021 for_each_element(link_elem, link_data, link_data_len) {
3022 link_elem_data = link_elem->data;
3023 link_ele_len = link_elem->datalen;
3024
3025 if (link_elem->id != WLAN_EID_VENDOR_SPECIFIC)
3026 continue;
3027
3028 sta_profile_len += link_ele_len + extra_len;
3029 if (sta_profile) {
3030 os_memcpy(sta_profile,
3031 link_elem_data - extra_len,
3032 link_ele_len + extra_len);
3033 sta_profile += link_ele_len + extra_len;
3034 }
3035 }
3036 }
3037
3038 /* Handle non-inheritance
3039 * Non-Inheritance element:
3040 * Element ID Ext: 1 octet
3041 * Length: 1 octet
3042 * Ext tag number: 1 octet
3043 * Length of Elements ID list: 1 octet
3044 * Elements ID list: variable
3045 * Length of Elements ID Extension list: 1 octet
3046 * Elements ID extensions list: variable
3047 */
3048 if (non_inherit_ele_list_len || non_inherit_ele_ext_list_len)
3049 sta_profile_len += 3 + 2 + non_inherit_ele_list_len +
3050 non_inherit_ele_ext_list_len;
3051
3052 if (sta_profile &&
3053 (non_inherit_ele_list_len || non_inherit_ele_ext_list_len)) {
3054 *sta_profile++ = WLAN_EID_EXTENSION;
3055 *sta_profile++ = non_inherit_ele_list_len +
3056 non_inherit_ele_ext_list_len + 3;
3057 *sta_profile++ = WLAN_EID_EXT_NON_INHERITANCE;
3058 *sta_profile++ = non_inherit_ele_list_len;
3059 os_memcpy(sta_profile, non_inherit_ele_list,
3060 non_inherit_ele_list_len);
3061 sta_profile += non_inherit_ele_list_len;
3062 *sta_profile++ = non_inherit_ele_ext_list_len;
3063 os_memcpy(sta_profile, non_inherit_ele_ext_list,
3064 non_inherit_ele_ext_list_len);
3065 sta_profile += non_inherit_ele_ext_list_len;
3066 }
3067
3068 return sta_profile_len;
3069 }
3070
3071
hostapd_gen_sta_profile(struct ieee80211_mgmt * link_data,size_t link_data_len,struct ieee80211_mgmt * own_data,size_t own_data_len,size_t * sta_profile_len,bool tx_vap)3072 static u8 * hostapd_gen_sta_profile(struct ieee80211_mgmt *link_data,
3073 size_t link_data_len,
3074 struct ieee80211_mgmt *own_data,
3075 size_t own_data_len,
3076 size_t *sta_profile_len, bool tx_vap)
3077 {
3078 u8 *sta_profile;
3079
3080 /* Get the length first */
3081 *sta_profile_len = hostapd_add_sta_profile(link_data, link_data_len,
3082 own_data, own_data_len,
3083 NULL, tx_vap);
3084 if (!(*sta_profile_len) || *sta_profile_len > EHT_ML_MAX_STA_PROF_LEN)
3085 return NULL;
3086
3087 sta_profile = os_zalloc(*sta_profile_len);
3088 if (!sta_profile)
3089 return NULL;
3090
3091 /* Now fill in the data */
3092 hostapd_add_sta_profile(link_data, link_data_len, own_data,
3093 own_data_len, sta_profile, tx_vap);
3094
3095 /* The caller takes care of freeing the returned sta_profile */
3096 return sta_profile;
3097 }
3098
3099
hostapd_gen_per_sta_profiles(struct hostapd_data * hapd)3100 static void hostapd_gen_per_sta_profiles(struct hostapd_data *hapd)
3101 {
3102 bool tx_vap = hapd == hostapd_mbssid_get_tx_bss(hapd);
3103 size_t link_data_len, sta_profile_len;
3104 size_t own_data_len, fixed;
3105 struct probe_resp_params link_params;
3106 struct probe_resp_params own_params;
3107 struct ieee80211_mgmt *link_data;
3108 struct ieee80211_mgmt *own_data;
3109 struct mld_link_info *link_info;
3110 struct hostapd_data *link_bss;
3111 u8 link_id, *sta_profile;
3112
3113 if (!hapd->conf->mld_ap)
3114 return;
3115
3116 wpa_printf(MSG_DEBUG, "MLD: Generating per STA profiles for MLD %s",
3117 hapd->conf->iface);
3118
3119 wpa_printf(MSG_DEBUG, "MLD: Reporting link %d", hapd->mld_link_id);
3120
3121 /* Generate a Probe Response template for self */
3122 if (hostapd_get_probe_resp_tmpl(hapd, &own_params, false)) {
3123 wpa_printf(MSG_ERROR,
3124 "MLD: Error in building per STA profiles");
3125 return;
3126 }
3127
3128 own_data = own_params.resp;
3129 own_data_len = own_params.resp_len;
3130
3131 /* Consider the length of the variable fields */
3132 fixed = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
3133 if (own_data_len < fixed)
3134 goto fail;
3135 own_data_len -= fixed;
3136
3137 for_each_mld_link(link_bss, hapd) {
3138 if (link_bss == hapd || !link_bss->started)
3139 continue;
3140
3141 link_id = link_bss->mld_link_id;
3142 if (link_id >= MAX_NUM_MLD_LINKS)
3143 continue;
3144
3145 sta_profile = NULL;
3146 sta_profile_len = 0;
3147
3148 /* Generate a Probe Response frame template for partner link */
3149 if (hostapd_get_probe_resp_tmpl(link_bss, &link_params, true)) {
3150 wpa_printf(MSG_ERROR,
3151 "MLD: Could not get link STA probe response template for link %d",
3152 link_id);
3153 continue;
3154 }
3155
3156 link_data = link_params.resp;
3157 link_data_len = link_params.resp_len;
3158
3159 /* Consider length of the variable fields */
3160 fixed = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
3161 if (link_data_len < fixed)
3162 continue;
3163 link_data_len -= fixed;
3164
3165 sta_profile = hostapd_gen_sta_profile(link_data, link_data_len,
3166 own_data, own_data_len,
3167 &sta_profile_len, tx_vap);
3168 if (!sta_profile) {
3169 wpa_printf(MSG_ERROR,
3170 "MLD: Could not generate link STA profile for link %d",
3171 link_id);
3172 continue;
3173 }
3174
3175 link_info = &hapd->partner_links[link_id];
3176 link_info->valid = true;
3177
3178 os_free(link_info->resp_sta_profile);
3179 link_info->resp_sta_profile_len = sta_profile_len;
3180
3181 link_info->resp_sta_profile = os_memdup(sta_profile,
3182 sta_profile_len);
3183 if (!link_info->resp_sta_profile)
3184 link_info->resp_sta_profile_len = 0;
3185
3186 os_memcpy(link_info->local_addr, link_bss->own_addr, ETH_ALEN);
3187
3188 wpa_printf(MSG_DEBUG,
3189 "MLD: Reported link STA info for %d: %u bytes",
3190 link_id, link_info->resp_sta_profile_len);
3191
3192 os_free(sta_profile);
3193 os_free(link_params.resp);
3194 }
3195
3196 fail:
3197 os_free(own_params.resp);
3198 }
3199
3200 #endif /* CONFIG_IEEE80211BE */
3201
3202
ieee802_11_set_beacon(struct hostapd_data * hapd)3203 int ieee802_11_set_beacon(struct hostapd_data *hapd)
3204 {
3205 struct hostapd_iface *iface = hapd->iface;
3206 int ret;
3207 size_t i, j;
3208 bool is_6g, hapd_mld = false;
3209 #ifdef CONFIG_IEEE80211BE
3210 struct hostapd_data *link_bss;
3211 #endif /* CONFIG_IEEE80211BE */
3212
3213 ret = __ieee802_11_set_beacon(hapd);
3214 if (ret != 0)
3215 return ret;
3216
3217 if (!iface->interfaces || iface->interfaces->count <= 1)
3218 return 0;
3219
3220 #ifdef CONFIG_IEEE80211BE
3221 hapd_mld = hapd->conf->mld_ap;
3222 #endif /* CONFIG_IEEE80211BE */
3223
3224 /* Update Beacon frames in case of 6 GHz colocation or AP MLD */
3225 is_6g = is_6ghz_op_class(iface->conf->op_class);
3226 for (j = 0; j < iface->interfaces->count; j++) {
3227 struct hostapd_iface *other;
3228 bool other_iface_6g;
3229
3230 other = iface->interfaces->iface[j];
3231 if (other == iface || !other || !other->conf)
3232 continue;
3233
3234 other_iface_6g = is_6ghz_op_class(other->conf->op_class);
3235
3236 if (is_6g == other_iface_6g && !hapd_mld)
3237 continue;
3238
3239 for (i = 0; i < other->num_bss; i++) {
3240 #ifdef CONFIG_IEEE80211BE
3241 if (is_6g == other_iface_6g &&
3242 !(hapd_mld && other->bss[i]->conf->mld_ap &&
3243 hostapd_is_ml_partner(hapd, other->bss[i])))
3244 continue;
3245 #endif /* CONFIG_IEEE80211BE */
3246
3247 if (other->bss[i] && other->bss[i]->started &&
3248 other->bss[i]->beacon_set_done)
3249 __ieee802_11_set_beacon(other->bss[i]);
3250 }
3251 }
3252
3253 #ifdef CONFIG_IEEE80211BE
3254 if (!hapd_mld)
3255 return 0;
3256
3257 /* Generate per STA profiles for each affiliated APs */
3258 for_each_mld_link(link_bss, hapd)
3259 hostapd_gen_per_sta_profiles(link_bss);
3260 #endif /* CONFIG_IEEE80211BE */
3261
3262 return 0;
3263 }
3264
3265
ieee802_11_set_beacons(struct hostapd_iface * iface)3266 int ieee802_11_set_beacons(struct hostapd_iface *iface)
3267 {
3268 size_t i;
3269 int ret = 0;
3270
3271 for (i = 0; i < iface->num_bss; i++) {
3272 if (iface->bss[i]->started &&
3273 ieee802_11_set_beacon(iface->bss[i]) < 0)
3274 ret = -1;
3275 }
3276
3277 return ret;
3278 }
3279
3280
3281 /* only update beacons if started */
ieee802_11_update_beacons(struct hostapd_iface * iface)3282 int ieee802_11_update_beacons(struct hostapd_iface *iface)
3283 {
3284 size_t i;
3285 int ret = 0;
3286
3287 for (i = 0; i < iface->num_bss; i++) {
3288 if (iface->bss[i]->beacon_set_done && iface->bss[i]->started &&
3289 ieee802_11_set_beacon(iface->bss[i]) < 0)
3290 ret = -1;
3291 }
3292
3293 return ret;
3294 }
3295
3296 #endif /* CONFIG_NATIVE_WINDOWS */
3297