1 /*
2 * WPA Supplicant - Driver event processing
3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10
11 #include "common.h"
12 #include "utils/crc32.h"
13 #include "eapol_supp/eapol_supp_sm.h"
14 #include "rsn_supp/wpa.h"
15 #include "eloop.h"
16 #include "config.h"
17 #include "l2_packet/l2_packet.h"
18 #include "wpa_supplicant_i.h"
19 #include "driver_i.h"
20 #include "pcsc_funcs.h"
21 #include "rsn_supp/preauth.h"
22 #include "rsn_supp/pmksa_cache.h"
23 #include "common/wpa_ctrl.h"
24 #include "eap_peer/eap.h"
25 #include "ap/hostapd.h"
26 #include "ap/sta_info.h"
27 #include "p2p/p2p.h"
28 #include "fst/fst.h"
29 #include "wnm_sta.h"
30 #include "notify.h"
31 #include "common/ieee802_11_defs.h"
32 #include "common/ieee802_11_common.h"
33 #include "common/gas_server.h"
34 #include "common/dpp.h"
35 #include "common/ptksa_cache.h"
36 #include "crypto/random.h"
37 #include "bssid_ignore.h"
38 #include "wpas_glue.h"
39 #include "wps_supplicant.h"
40 #include "ibss_rsn.h"
41 #include "sme.h"
42 #include "gas_query.h"
43 #include "p2p_supplicant.h"
44 #include "bgscan.h"
45 #include "autoscan.h"
46 #include "ap.h"
47 #include "bss.h"
48 #include "scan.h"
49 #include "offchannel.h"
50 #include "interworking.h"
51 #include "mesh.h"
52 #include "mesh_mpm.h"
53 #include "wmm_ac.h"
54 #include "nan_usd.h"
55 #include "dpp_supplicant.h"
56
57
58 #define MAX_OWE_TRANSITION_BSS_SELECT_COUNT 5
59
60
61 #ifndef CONFIG_NO_SCAN_PROCESSING
62 static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s,
63 int new_scan, int own_request,
64 bool trigger_6ghz_scan,
65 union wpa_event_data *data);
66 #endif /* CONFIG_NO_SCAN_PROCESSING */
67
68
wpas_temp_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)69 int wpas_temp_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
70 {
71 struct os_reltime now;
72
73 if (ssid == NULL || ssid->disabled_until.sec == 0)
74 return 0;
75
76 os_get_reltime(&now);
77 if (ssid->disabled_until.sec > now.sec)
78 return ssid->disabled_until.sec - now.sec;
79
80 wpas_clear_temp_disabled(wpa_s, ssid, 0);
81
82 return 0;
83 }
84
85
86 #ifndef CONFIG_NO_SCAN_PROCESSING
87 /**
88 * wpas_reenabled_network_time - Time until first network is re-enabled
89 * @wpa_s: Pointer to wpa_supplicant data
90 * Returns: If all enabled networks are temporarily disabled, returns the time
91 * (in sec) until the first network is re-enabled. Otherwise returns 0.
92 *
93 * This function is used in case all enabled networks are temporarily disabled,
94 * in which case it returns the time (in sec) that the first network will be
95 * re-enabled. The function assumes that at least one network is enabled.
96 */
wpas_reenabled_network_time(struct wpa_supplicant * wpa_s)97 static int wpas_reenabled_network_time(struct wpa_supplicant *wpa_s)
98 {
99 struct wpa_ssid *ssid;
100 int disabled_for, res = 0;
101
102 #ifdef CONFIG_INTERWORKING
103 if (wpa_s->conf->auto_interworking && wpa_s->conf->interworking &&
104 wpa_s->conf->cred)
105 return 0;
106 #endif /* CONFIG_INTERWORKING */
107
108 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
109 if (ssid->disabled)
110 continue;
111
112 disabled_for = wpas_temp_disabled(wpa_s, ssid);
113 if (!disabled_for)
114 return 0;
115
116 if (!res || disabled_for < res)
117 res = disabled_for;
118 }
119
120 return res;
121 }
122 #endif /* CONFIG_NO_SCAN_PROCESSING */
123
124
wpas_network_reenabled(void * eloop_ctx,void * timeout_ctx)125 void wpas_network_reenabled(void *eloop_ctx, void *timeout_ctx)
126 {
127 struct wpa_supplicant *wpa_s = eloop_ctx;
128
129 if (wpa_s->disconnected || wpa_s->wpa_state != WPA_SCANNING)
130 return;
131
132 wpa_dbg(wpa_s, MSG_DEBUG,
133 "Try to associate due to network getting re-enabled");
134 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
135 wpa_supplicant_cancel_sched_scan(wpa_s);
136 wpa_supplicant_req_scan(wpa_s, 0, 0);
137 }
138 }
139
140
__wpa_supplicant_get_new_bss(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 * ssid,size_t ssid_len)141 static struct wpa_bss * __wpa_supplicant_get_new_bss(
142 struct wpa_supplicant *wpa_s, const u8 *bssid, const u8 *ssid,
143 size_t ssid_len)
144 {
145 if (ssid && ssid_len > 0)
146 return wpa_bss_get(wpa_s, bssid, ssid, ssid_len);
147 else
148 return wpa_bss_get_bssid(wpa_s, bssid);
149 }
150
151
_wpa_supplicant_get_new_bss(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 * ssid,size_t ssid_len,bool try_update_scan_results)152 static struct wpa_bss * _wpa_supplicant_get_new_bss(
153 struct wpa_supplicant *wpa_s, const u8 *bssid, const u8 *ssid,
154 size_t ssid_len, bool try_update_scan_results)
155 {
156 struct wpa_bss *bss = __wpa_supplicant_get_new_bss(wpa_s, bssid, ssid,
157 ssid_len);
158
159 if (bss || !try_update_scan_results)
160 return bss;
161
162 wpa_supplicant_update_scan_results(wpa_s, bssid);
163
164 return __wpa_supplicant_get_new_bss(wpa_s, bssid, ssid, ssid_len);
165 }
166
167
wpa_supplicant_get_new_bss(struct wpa_supplicant * wpa_s,const u8 * bssid)168 static struct wpa_bss * wpa_supplicant_get_new_bss(
169 struct wpa_supplicant *wpa_s, const u8 *bssid)
170 {
171 struct wpa_bss *bss = NULL;
172 struct wpa_ssid *ssid = wpa_s->current_ssid;
173 u8 drv_ssid[SSID_MAX_LEN];
174 int res;
175 bool try_update_scan_results = true;
176
177 res = wpa_drv_get_ssid(wpa_s, drv_ssid);
178 if (res > 0) {
179 bss = _wpa_supplicant_get_new_bss(wpa_s, bssid, drv_ssid, res,
180 try_update_scan_results);
181 try_update_scan_results = false;
182 }
183 if (!bss && ssid && ssid->ssid_len > 0) {
184 bss = _wpa_supplicant_get_new_bss(wpa_s, bssid, ssid->ssid,
185 ssid->ssid_len,
186 try_update_scan_results);
187 try_update_scan_results = false;
188 }
189 if (!bss)
190 bss = _wpa_supplicant_get_new_bss(wpa_s, bssid, NULL, 0,
191 try_update_scan_results);
192
193 return bss;
194 }
195
196
197 static struct wpa_bss *
wpa_supplicant_update_current_bss(struct wpa_supplicant * wpa_s,const u8 * bssid)198 wpa_supplicant_update_current_bss(struct wpa_supplicant *wpa_s, const u8 *bssid)
199 {
200 struct wpa_bss *bss = wpa_supplicant_get_new_bss(wpa_s, bssid);
201
202 if (bss)
203 wpa_s->current_bss = bss;
204
205 return bss;
206 }
207
208
wpa_supplicant_update_link_bss(struct wpa_supplicant * wpa_s,u8 link_id,const u8 * bssid)209 static void wpa_supplicant_update_link_bss(struct wpa_supplicant *wpa_s,
210 u8 link_id, const u8 *bssid)
211 {
212 struct wpa_bss *bss = wpa_supplicant_get_new_bss(wpa_s, bssid);
213
214 if (bss)
215 wpa_s->links[link_id].bss = bss;
216 }
217
218
wpa_supplicant_select_config(struct wpa_supplicant * wpa_s,union wpa_event_data * data)219 static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s,
220 union wpa_event_data *data)
221 {
222 struct wpa_ssid *ssid, *old_ssid;
223 struct wpa_bss *bss;
224 u8 drv_ssid[SSID_MAX_LEN];
225 size_t drv_ssid_len;
226 int res;
227
228 if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid) {
229 wpa_supplicant_update_current_bss(wpa_s, wpa_s->bssid);
230
231 if (wpa_s->current_ssid->ssid_len == 0)
232 return 0; /* current profile still in use */
233 res = wpa_drv_get_ssid(wpa_s, drv_ssid);
234 if (res < 0) {
235 wpa_msg(wpa_s, MSG_INFO,
236 "Failed to read SSID from driver");
237 return 0; /* try to use current profile */
238 }
239 drv_ssid_len = res;
240
241 if (drv_ssid_len == wpa_s->current_ssid->ssid_len &&
242 os_memcmp(drv_ssid, wpa_s->current_ssid->ssid,
243 drv_ssid_len) == 0)
244 return 0; /* current profile still in use */
245
246 #ifdef CONFIG_OWE
247 if ((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
248 wpa_s->current_bss &&
249 (wpa_s->current_bss->flags & WPA_BSS_OWE_TRANSITION) &&
250 drv_ssid_len == wpa_s->current_bss->ssid_len &&
251 os_memcmp(drv_ssid, wpa_s->current_bss->ssid,
252 drv_ssid_len) == 0)
253 return 0; /* current profile still in use */
254 #endif /* CONFIG_OWE */
255
256 wpa_msg(wpa_s, MSG_DEBUG,
257 "Driver-initiated BSS selection changed the SSID to %s",
258 wpa_ssid_txt(drv_ssid, drv_ssid_len));
259 /* continue selecting a new network profile */
260 }
261
262 wpa_dbg(wpa_s, MSG_DEBUG, "Select network based on association "
263 "information");
264 ssid = wpa_supplicant_get_ssid(wpa_s);
265 if (ssid == NULL) {
266 wpa_msg(wpa_s, MSG_INFO,
267 "No network configuration found for the current AP");
268 return -1;
269 }
270
271 if (wpas_network_disabled(wpa_s, ssid)) {
272 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is disabled");
273 return -1;
274 }
275
276 if (disallowed_bssid(wpa_s, wpa_s->bssid) ||
277 disallowed_ssid(wpa_s, ssid->ssid, ssid->ssid_len)) {
278 wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS is disallowed");
279 return -1;
280 }
281
282 res = wpas_temp_disabled(wpa_s, ssid);
283 if (res > 0) {
284 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is temporarily "
285 "disabled for %d second(s)", res);
286 return -1;
287 }
288
289 wpa_dbg(wpa_s, MSG_DEBUG, "Network configuration found for the "
290 "current AP");
291 bss = wpa_supplicant_update_current_bss(wpa_s, wpa_s->bssid);
292 if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
293 u8 wpa_ie[80];
294 size_t wpa_ie_len = sizeof(wpa_ie);
295 bool skip_default_rsne;
296
297 /* Do not override RSNE/RSNXE with the default values if the
298 * driver indicated the actual values used in the
299 * (Re)Association Request frame. */
300 skip_default_rsne = data && data->assoc_info.req_ies;
301 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
302 wpa_ie, &wpa_ie_len,
303 skip_default_rsne) < 0)
304 wpa_dbg(wpa_s, MSG_DEBUG, "Could not set WPA suites");
305 } else {
306 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
307 }
308
309 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid)
310 eapol_sm_invalidate_cached_session(wpa_s->eapol);
311 old_ssid = wpa_s->current_ssid;
312 wpa_s->current_ssid = ssid;
313
314 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
315 wpa_supplicant_initiate_eapol(wpa_s);
316 if (old_ssid != wpa_s->current_ssid)
317 wpas_notify_network_changed(wpa_s);
318
319 return 0;
320 }
321
322
wpa_supplicant_stop_countermeasures(void * eloop_ctx,void * sock_ctx)323 void wpa_supplicant_stop_countermeasures(void *eloop_ctx, void *sock_ctx)
324 {
325 struct wpa_supplicant *wpa_s = eloop_ctx;
326
327 if (wpa_s->countermeasures) {
328 wpa_s->countermeasures = 0;
329 wpa_drv_set_countermeasures(wpa_s, 0);
330 wpa_msg(wpa_s, MSG_INFO, "WPA: TKIP countermeasures stopped");
331
332 /*
333 * It is possible that the device is sched scanning, which means
334 * that a connection attempt will be done only when we receive
335 * scan results. However, in this case, it would be preferable
336 * to scan and connect immediately, so cancel the sched_scan and
337 * issue a regular scan flow.
338 */
339 wpa_supplicant_cancel_sched_scan(wpa_s);
340 wpa_supplicant_req_scan(wpa_s, 0, 0);
341 }
342 }
343
344
wpas_reset_mlo_info(struct wpa_supplicant * wpa_s)345 void wpas_reset_mlo_info(struct wpa_supplicant *wpa_s)
346 {
347 if (!wpa_s->valid_links)
348 return;
349
350 wpa_s->valid_links = 0;
351 wpa_s->mlo_assoc_link_id = 0;
352 os_memset(wpa_s->ap_mld_addr, 0, ETH_ALEN);
353 os_memset(wpa_s->links, 0, sizeof(wpa_s->links));
354 }
355
356
wpa_supplicant_mark_disassoc(struct wpa_supplicant * wpa_s)357 void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
358 {
359 int bssid_changed;
360
361 wnm_bss_keep_alive_deinit(wpa_s);
362
363 #ifdef CONFIG_IBSS_RSN
364 ibss_rsn_deinit(wpa_s->ibss_rsn);
365 wpa_s->ibss_rsn = NULL;
366 #endif /* CONFIG_IBSS_RSN */
367
368 #ifdef CONFIG_AP
369 wpa_supplicant_ap_deinit(wpa_s);
370 #endif /* CONFIG_AP */
371
372 #ifdef CONFIG_HS20
373 /* Clear possibly configured frame filters */
374 wpa_drv_configure_frame_filters(wpa_s, 0);
375 #endif /* CONFIG_HS20 */
376
377 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
378 return;
379
380 if (os_reltime_initialized(&wpa_s->session_start)) {
381 os_reltime_age(&wpa_s->session_start, &wpa_s->session_length);
382 wpa_s->session_start.sec = 0;
383 wpa_s->session_start.usec = 0;
384 wpas_notify_session_length(wpa_s);
385 }
386
387 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
388 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
389 os_memset(wpa_s->bssid, 0, ETH_ALEN);
390 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
391 sme_clear_on_disassoc(wpa_s);
392 wpa_s->current_bss = NULL;
393 wpa_s->assoc_freq = 0;
394
395 if (bssid_changed)
396 wpas_notify_bssid_changed(wpa_s);
397
398 eapol_sm_notify_portEnabled(wpa_s->eapol, false);
399 eapol_sm_notify_portValid(wpa_s->eapol, false);
400 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
401 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
402 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || wpa_s->drv_authorized_port)
403 eapol_sm_notify_eap_success(wpa_s->eapol, false);
404 wpa_s->drv_authorized_port = 0;
405 wpa_s->ap_ies_from_associnfo = 0;
406 wpa_s->current_ssid = NULL;
407 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
408 wpa_s->key_mgmt = 0;
409 wpa_s->allowed_key_mgmts = 0;
410
411 #ifndef CONFIG_NO_RRM
412 wpas_rrm_reset(wpa_s);
413 #endif /* CONFIG_NO_RRM */
414 wpa_s->wnmsleep_used = 0;
415 #ifdef CONFIG_WNM
416 wpa_s->wnm_mode = 0;
417 #endif /* CONFIG_WNM */
418 wnm_clear_coloc_intf_reporting(wpa_s);
419 wpa_s->disable_mbo_oce = 0;
420
421 #ifdef CONFIG_TESTING_OPTIONS
422 wpa_s->last_tk_alg = WPA_ALG_NONE;
423 os_memset(wpa_s->last_tk, 0, sizeof(wpa_s->last_tk));
424 #endif /* CONFIG_TESTING_OPTIONS */
425 wpa_s->ieee80211ac = 0;
426
427 if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
428 wpa_s->enabled_4addr_mode = 0;
429
430 wpa_s->wps_scan_done = false;
431 wpas_reset_mlo_info(wpa_s);
432
433 #ifdef CONFIG_SME
434 wpa_s->sme.bss_max_idle_period = 0;
435 #endif /* CONFIG_SME */
436
437 wpa_s->ssid_verified = false;
438 wpa_s->bigtk_set = false;
439
440 wpabuf_free(wpa_s->pending_eapol_rx);
441 wpa_s->pending_eapol_rx = NULL;
442 }
443
444
wpa_find_assoc_pmkid(struct wpa_supplicant * wpa_s)445 static void wpa_find_assoc_pmkid(struct wpa_supplicant *wpa_s)
446 {
447 struct wpa_ie_data ie;
448 int pmksa_set = -1;
449 size_t i;
450 struct rsn_pmksa_cache_entry *cur_pmksa;
451
452 /* Start with assumption of no PMKSA cache entry match for cases other
453 * than SAE. In particular, this is needed to generate the PMKSA cache
454 * entries for Suite B cases with driver-based roaming indication. */
455 cur_pmksa = pmksa_cache_get_current(wpa_s->wpa);
456 if (cur_pmksa && !wpa_key_mgmt_sae(cur_pmksa->akmp))
457 pmksa_cache_clear_current(wpa_s->wpa);
458
459 if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 ||
460 ie.pmkid == NULL)
461 return;
462
463 for (i = 0; i < ie.num_pmkid; i++) {
464 pmksa_set = pmksa_cache_set_current(wpa_s->wpa,
465 ie.pmkid + i * PMKID_LEN,
466 NULL, NULL, 0, NULL, 0,
467 true);
468 if (pmksa_set == 0) {
469 eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
470 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
471 break;
472 }
473 }
474
475 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID from assoc IE %sfound from "
476 "PMKSA cache", pmksa_set == 0 ? "" : "not ");
477 }
478
479
wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant * wpa_s,union wpa_event_data * data)480 static void wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant *wpa_s,
481 union wpa_event_data *data)
482 {
483 if (data == NULL) {
484 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: No data in PMKID candidate "
485 "event");
486 return;
487 }
488 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID candidate event - bssid=" MACSTR
489 " index=%d preauth=%d",
490 MAC2STR(data->pmkid_candidate.bssid),
491 data->pmkid_candidate.index,
492 data->pmkid_candidate.preauth);
493
494 pmksa_candidate_add(wpa_s->wpa, data->pmkid_candidate.bssid,
495 data->pmkid_candidate.index,
496 data->pmkid_candidate.preauth);
497 }
498
499
wpa_supplicant_dynamic_keys(struct wpa_supplicant * wpa_s)500 static int wpa_supplicant_dynamic_keys(struct wpa_supplicant *wpa_s)
501 {
502 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
503 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
504 return 0;
505
506 #ifdef IEEE8021X_EAPOL
507 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
508 wpa_s->current_ssid &&
509 !(wpa_s->current_ssid->eapol_flags &
510 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
511 EAPOL_FLAG_REQUIRE_KEY_BROADCAST))) {
512 /* IEEE 802.1X, but not using dynamic WEP keys (i.e., either
513 * plaintext or static WEP keys). */
514 return 0;
515 }
516 #endif /* IEEE8021X_EAPOL */
517
518 return 1;
519 }
520
521
522 /**
523 * wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC
524 * @wpa_s: pointer to wpa_supplicant data
525 * @ssid: Configuration data for the network
526 * Returns: 0 on success, -1 on failure
527 *
528 * This function is called when starting authentication with a network that is
529 * configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA).
530 */
wpa_supplicant_scard_init(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)531 int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
532 struct wpa_ssid *ssid)
533 {
534 #ifdef IEEE8021X_EAPOL
535 #ifdef PCSC_FUNCS
536 int aka = 0, sim = 0;
537
538 if ((ssid != NULL && ssid->eap.pcsc == NULL) ||
539 wpa_s->scard != NULL || wpa_s->conf->external_sim)
540 return 0;
541
542 if (ssid == NULL || ssid->eap.eap_methods == NULL) {
543 sim = 1;
544 aka = 1;
545 } else {
546 struct eap_method_type *eap = ssid->eap.eap_methods;
547 while (eap->vendor != EAP_VENDOR_IETF ||
548 eap->method != EAP_TYPE_NONE) {
549 if (eap->vendor == EAP_VENDOR_IETF) {
550 if (eap->method == EAP_TYPE_SIM)
551 sim = 1;
552 else if (eap->method == EAP_TYPE_AKA ||
553 eap->method == EAP_TYPE_AKA_PRIME)
554 aka = 1;
555 }
556 eap++;
557 }
558 }
559
560 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL)
561 sim = 0;
562 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL &&
563 eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME) ==
564 NULL)
565 aka = 0;
566
567 if (!sim && !aka) {
568 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to "
569 "use SIM, but neither EAP-SIM nor EAP-AKA are "
570 "enabled");
571 return 0;
572 }
573
574 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to use SIM "
575 "(sim=%d aka=%d) - initialize PCSC", sim, aka);
576
577 wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
578 if (wpa_s->scard == NULL) {
579 wpa_msg(wpa_s, MSG_WARNING, "Failed to initialize SIM "
580 "(pcsc-lite)");
581 return -1;
582 }
583 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
584 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
585 #endif /* PCSC_FUNCS */
586 #endif /* IEEE8021X_EAPOL */
587
588 return 0;
589 }
590
591
592 #ifndef CONFIG_NO_SCAN_PROCESSING
593
594 #ifdef CONFIG_WEP
has_wep_key(struct wpa_ssid * ssid)595 static int has_wep_key(struct wpa_ssid *ssid)
596 {
597 int i;
598
599 for (i = 0; i < NUM_WEP_KEYS; i++) {
600 if (ssid->wep_key_len[i])
601 return 1;
602 }
603
604 return 0;
605 }
606 #endif /* CONFIG_WEP */
607
608
wpa_supplicant_match_privacy(struct wpa_bss * bss,struct wpa_ssid * ssid)609 static int wpa_supplicant_match_privacy(struct wpa_bss *bss,
610 struct wpa_ssid *ssid)
611 {
612 int privacy = 0;
613
614 if (ssid->mixed_cell)
615 return 1;
616
617 #ifdef CONFIG_WPS
618 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
619 return 1;
620 #endif /* CONFIG_WPS */
621
622 #ifdef CONFIG_OWE
623 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) && !ssid->owe_only)
624 return 1;
625 #endif /* CONFIG_OWE */
626
627 #ifdef CONFIG_WEP
628 if (has_wep_key(ssid))
629 privacy = 1;
630 #endif /* CONFIG_WEP */
631
632 #ifdef IEEE8021X_EAPOL
633 if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
634 ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
635 EAPOL_FLAG_REQUIRE_KEY_BROADCAST))
636 privacy = 1;
637 #endif /* IEEE8021X_EAPOL */
638
639 if (wpa_key_mgmt_wpa(ssid->key_mgmt))
640 privacy = 1;
641
642 if (bss->caps & IEEE80211_CAP_PRIVACY)
643 return privacy;
644 return !privacy;
645 }
646
647
wpa_supplicant_ssid_bss_match(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss,int debug_print)648 static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
649 struct wpa_ssid *ssid,
650 struct wpa_bss *bss, int debug_print)
651 {
652 struct wpa_ie_data ie;
653 int proto_match = 0;
654 const u8 *rsn_ie, *wpa_ie;
655 int ret;
656 #ifdef CONFIG_WEP
657 int wep_ok;
658 #endif /* CONFIG_WEP */
659 bool is_6ghz_bss = is_6ghz_freq(bss->freq);
660
661 ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss);
662 if (ret >= 0)
663 return ret;
664
665 #ifdef CONFIG_WEP
666 /* Allow TSN if local configuration accepts WEP use without WPA/WPA2 */
667 wep_ok = !wpa_key_mgmt_wpa(ssid->key_mgmt) &&
668 (((ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
669 ssid->wep_key_len[ssid->wep_tx_keyidx] > 0) ||
670 (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA));
671 #endif /* CONFIG_WEP */
672
673 rsn_ie = wpa_bss_get_rsne(wpa_s, bss, ssid, false);
674 if (is_6ghz_bss && !rsn_ie) {
675 if (debug_print)
676 wpa_dbg(wpa_s, MSG_DEBUG,
677 " skip - 6 GHz BSS without RSNE");
678 return 0;
679 }
680
681 while ((ssid->proto & WPA_PROTO_RSN) && rsn_ie) {
682 proto_match++;
683
684 if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) {
685 if (debug_print)
686 wpa_dbg(wpa_s, MSG_DEBUG,
687 " skip RSN IE - parse failed");
688 break;
689 }
690 if (!ie.has_pairwise)
691 ie.pairwise_cipher = wpa_default_rsn_cipher(bss->freq);
692 if (!ie.has_group)
693 ie.group_cipher = wpa_default_rsn_cipher(bss->freq);
694
695 if (is_6ghz_bss || !is_zero_ether_addr(bss->mld_addr)) {
696 /* WEP and TKIP are not allowed on 6 GHz/MLD */
697 ie.pairwise_cipher &= ~(WPA_CIPHER_WEP40 |
698 WPA_CIPHER_WEP104 |
699 WPA_CIPHER_TKIP);
700 ie.group_cipher &= ~(WPA_CIPHER_WEP40 |
701 WPA_CIPHER_WEP104 |
702 WPA_CIPHER_TKIP);
703 }
704
705 #ifdef CONFIG_WEP
706 if (wep_ok &&
707 (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)))
708 {
709 if (debug_print)
710 wpa_dbg(wpa_s, MSG_DEBUG,
711 " selected based on TSN in RSN IE");
712 return 1;
713 }
714 #endif /* CONFIG_WEP */
715
716 if (!(ie.proto & ssid->proto)) {
717 if (debug_print)
718 wpa_dbg(wpa_s, MSG_DEBUG,
719 " skip RSN IE - proto mismatch");
720 break;
721 }
722
723 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
724 if (debug_print)
725 wpa_dbg(wpa_s, MSG_DEBUG,
726 " skip RSN IE - PTK cipher mismatch");
727 break;
728 }
729
730 if (!(ie.group_cipher & ssid->group_cipher)) {
731 if (debug_print)
732 wpa_dbg(wpa_s, MSG_DEBUG,
733 " skip RSN IE - GTK cipher mismatch");
734 break;
735 }
736
737 if (ssid->group_mgmt_cipher &&
738 !(ie.mgmt_group_cipher & ssid->group_mgmt_cipher)) {
739 if (debug_print)
740 wpa_dbg(wpa_s, MSG_DEBUG,
741 " skip RSN IE - group mgmt cipher mismatch");
742 break;
743 }
744
745 if (is_6ghz_bss) {
746 /* MFPC must be supported on 6 GHz */
747 if (!(ie.capabilities & WPA_CAPABILITY_MFPC)) {
748 if (debug_print)
749 wpa_dbg(wpa_s, MSG_DEBUG,
750 " skip RSNE - 6 GHz without MFPC");
751 break;
752 }
753
754 /* WPA PSK is not allowed on the 6 GHz band */
755 ie.key_mgmt &= ~(WPA_KEY_MGMT_PSK |
756 WPA_KEY_MGMT_FT_PSK |
757 WPA_KEY_MGMT_PSK_SHA256);
758 }
759
760 if (!(ie.key_mgmt & ssid->key_mgmt)) {
761 if (debug_print)
762 wpa_dbg(wpa_s, MSG_DEBUG,
763 " skip RSN IE - key mgmt mismatch");
764 break;
765 }
766
767 if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
768 wpas_get_ssid_pmf(wpa_s, ssid) ==
769 MGMT_FRAME_PROTECTION_REQUIRED) {
770 if (debug_print)
771 wpa_dbg(wpa_s, MSG_DEBUG,
772 " skip RSN IE - no mgmt frame protection");
773 break;
774 }
775 if ((ie.capabilities & WPA_CAPABILITY_MFPR) &&
776 wpas_get_ssid_pmf(wpa_s, ssid) ==
777 NO_MGMT_FRAME_PROTECTION) {
778 if (debug_print)
779 wpa_dbg(wpa_s, MSG_DEBUG,
780 " skip RSN IE - no mgmt frame protection enabled but AP requires it");
781 break;
782 }
783
784 if (debug_print)
785 wpa_dbg(wpa_s, MSG_DEBUG,
786 " selected based on RSN IE");
787 return 1;
788 }
789
790 if (is_6ghz_bss) {
791 if (debug_print)
792 wpa_dbg(wpa_s, MSG_DEBUG,
793 " skip - 6 GHz BSS without matching RSNE");
794 return 0;
795 }
796
797 wpa_ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
798
799 if (wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED &&
800 (!(ssid->key_mgmt & WPA_KEY_MGMT_OWE) || ssid->owe_only)) {
801 #ifdef CONFIG_OWE
802 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) && ssid->owe_only &&
803 !wpa_ie && !rsn_ie &&
804 wpa_s->owe_transition_select &&
805 wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE) &&
806 ssid->owe_transition_bss_select_count + 1 <=
807 MAX_OWE_TRANSITION_BSS_SELECT_COUNT) {
808 ssid->owe_transition_bss_select_count++;
809 if (debug_print)
810 wpa_dbg(wpa_s, MSG_DEBUG,
811 " skip OWE open BSS (selection count %d does not exceed %d)",
812 ssid->owe_transition_bss_select_count,
813 MAX_OWE_TRANSITION_BSS_SELECT_COUNT);
814 wpa_s->owe_transition_search = 1;
815 return 0;
816 }
817 #endif /* CONFIG_OWE */
818 if (debug_print)
819 wpa_dbg(wpa_s, MSG_DEBUG,
820 " skip - MFP Required but network not MFP Capable");
821 return 0;
822 }
823
824 while ((ssid->proto & WPA_PROTO_WPA) && wpa_ie) {
825 proto_match++;
826
827 if (wpa_parse_wpa_ie(wpa_ie, 2 + wpa_ie[1], &ie)) {
828 if (debug_print)
829 wpa_dbg(wpa_s, MSG_DEBUG,
830 " skip WPA IE - parse failed");
831 break;
832 }
833
834 #ifdef CONFIG_WEP
835 if (wep_ok &&
836 (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)))
837 {
838 if (debug_print)
839 wpa_dbg(wpa_s, MSG_DEBUG,
840 " selected based on TSN in WPA IE");
841 return 1;
842 }
843 #endif /* CONFIG_WEP */
844
845 if (!(ie.proto & ssid->proto)) {
846 if (debug_print)
847 wpa_dbg(wpa_s, MSG_DEBUG,
848 " skip WPA IE - proto mismatch");
849 break;
850 }
851
852 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
853 if (debug_print)
854 wpa_dbg(wpa_s, MSG_DEBUG,
855 " skip WPA IE - PTK cipher mismatch");
856 break;
857 }
858
859 if (!(ie.group_cipher & ssid->group_cipher)) {
860 if (debug_print)
861 wpa_dbg(wpa_s, MSG_DEBUG,
862 " skip WPA IE - GTK cipher mismatch");
863 break;
864 }
865
866 if (!(ie.key_mgmt & ssid->key_mgmt)) {
867 if (debug_print)
868 wpa_dbg(wpa_s, MSG_DEBUG,
869 " skip WPA IE - key mgmt mismatch");
870 break;
871 }
872
873 if (debug_print)
874 wpa_dbg(wpa_s, MSG_DEBUG,
875 " selected based on WPA IE");
876 return 1;
877 }
878
879 if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && !wpa_ie &&
880 !rsn_ie) {
881 if (debug_print)
882 wpa_dbg(wpa_s, MSG_DEBUG,
883 " allow for non-WPA IEEE 802.1X");
884 return 1;
885 }
886
887 #ifdef CONFIG_OWE
888 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) && !ssid->owe_only &&
889 !wpa_ie && !rsn_ie) {
890 if (wpa_s->owe_transition_select &&
891 wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE) &&
892 ssid->owe_transition_bss_select_count + 1 <=
893 MAX_OWE_TRANSITION_BSS_SELECT_COUNT) {
894 ssid->owe_transition_bss_select_count++;
895 if (debug_print)
896 wpa_dbg(wpa_s, MSG_DEBUG,
897 " skip OWE transition BSS (selection count %d does not exceed %d)",
898 ssid->owe_transition_bss_select_count,
899 MAX_OWE_TRANSITION_BSS_SELECT_COUNT);
900 wpa_s->owe_transition_search = 1;
901 return 0;
902 }
903 if (debug_print)
904 wpa_dbg(wpa_s, MSG_DEBUG,
905 " allow in OWE transition mode");
906 return 1;
907 }
908 #endif /* CONFIG_OWE */
909
910 if ((ssid->proto & (WPA_PROTO_WPA | WPA_PROTO_RSN)) &&
911 wpa_key_mgmt_wpa(ssid->key_mgmt) && proto_match == 0) {
912 if (debug_print)
913 wpa_dbg(wpa_s, MSG_DEBUG,
914 " skip - no WPA/RSN proto match");
915 return 0;
916 }
917
918 if (!wpa_key_mgmt_wpa(ssid->key_mgmt)) {
919 if (debug_print)
920 wpa_dbg(wpa_s, MSG_DEBUG, " allow in non-WPA/WPA2");
921 return 1;
922 }
923
924 if (debug_print)
925 wpa_dbg(wpa_s, MSG_DEBUG,
926 " reject due to mismatch with WPA/WPA2");
927
928 return 0;
929 }
930
931
freq_allowed(int * freqs,int freq)932 static int freq_allowed(int *freqs, int freq)
933 {
934 int i;
935
936 if (freqs == NULL)
937 return 1;
938
939 for (i = 0; freqs[i]; i++)
940 if (freqs[i] == freq)
941 return 1;
942 return 0;
943 }
944
945
rate_match(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_bss * bss,int debug_print)946 static int rate_match(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
947 struct wpa_bss *bss, int debug_print)
948 {
949 const struct hostapd_hw_modes *mode = NULL, *modes;
950 const u8 scan_ie[2] = { WLAN_EID_SUPP_RATES, WLAN_EID_EXT_SUPP_RATES };
951 const u8 *rate_ie;
952 int i, j, k;
953
954 if (bss->freq == 0)
955 return 1; /* Cannot do matching without knowing band */
956
957 modes = wpa_s->hw.modes;
958 if (modes == NULL) {
959 /*
960 * The driver does not provide any additional information
961 * about the utilized hardware, so allow the connection attempt
962 * to continue.
963 */
964 return 1;
965 }
966
967 for (i = 0; i < wpa_s->hw.num_modes; i++) {
968 for (j = 0; j < modes[i].num_channels; j++) {
969 int freq = modes[i].channels[j].freq;
970 if (freq == bss->freq) {
971 if (mode &&
972 mode->mode == HOSTAPD_MODE_IEEE80211G)
973 break; /* do not allow 802.11b replace
974 * 802.11g */
975 mode = &modes[i];
976 break;
977 }
978 }
979 }
980
981 if (mode == NULL)
982 return 0;
983
984 for (i = 0; i < (int) sizeof(scan_ie); i++) {
985 rate_ie = wpa_bss_get_ie(bss, scan_ie[i]);
986 if (rate_ie == NULL)
987 continue;
988
989 for (j = 2; j < rate_ie[1] + 2; j++) {
990 int flagged = !!(rate_ie[j] & 0x80);
991 int r = (rate_ie[j] & 0x7f) * 5;
992
993 /*
994 * IEEE Std 802.11n-2009 7.3.2.2:
995 * The new BSS Membership selector value is encoded
996 * like a legacy basic rate, but it is not a rate and
997 * only indicates if the BSS members are required to
998 * support the mandatory features of Clause 20 [HT PHY]
999 * in order to join the BSS.
1000 */
1001 if (flagged && ((rate_ie[j] & 0x7f) ==
1002 BSS_MEMBERSHIP_SELECTOR_HT_PHY)) {
1003 if (!ht_supported(mode)) {
1004 if (debug_print)
1005 wpa_dbg(wpa_s, MSG_DEBUG,
1006 " hardware does not support HT PHY");
1007 return 0;
1008 }
1009 continue;
1010 }
1011
1012 /* There's also a VHT selector for 802.11ac */
1013 if (flagged && ((rate_ie[j] & 0x7f) ==
1014 BSS_MEMBERSHIP_SELECTOR_VHT_PHY)) {
1015 if (!vht_supported(mode)) {
1016 if (debug_print)
1017 wpa_dbg(wpa_s, MSG_DEBUG,
1018 " hardware does not support VHT PHY");
1019 return 0;
1020 }
1021 continue;
1022 }
1023
1024 if (flagged && ((rate_ie[j] & 0x7f) ==
1025 BSS_MEMBERSHIP_SELECTOR_HE_PHY)) {
1026 if (!he_supported(mode, IEEE80211_MODE_INFRA)) {
1027 if (debug_print)
1028 wpa_dbg(wpa_s, MSG_DEBUG,
1029 " hardware does not support HE PHY");
1030 return 0;
1031 }
1032 continue;
1033 }
1034
1035 #ifdef CONFIG_SAE
1036 if (flagged && ((rate_ie[j] & 0x7f) ==
1037 BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY)) {
1038 if (wpas_get_ssid_sae_pwe(wpa_s, ssid) ==
1039 SAE_PWE_HUNT_AND_PECK &&
1040 !ssid->sae_password_id &&
1041 !is_6ghz_freq(bss->freq) &&
1042 wpa_key_mgmt_sae(ssid->key_mgmt)) {
1043 if (debug_print)
1044 wpa_dbg(wpa_s, MSG_DEBUG,
1045 " SAE H2E disabled");
1046 #ifdef CONFIG_TESTING_OPTIONS
1047 if (wpa_s->ignore_sae_h2e_only) {
1048 wpa_dbg(wpa_s, MSG_DEBUG,
1049 "TESTING: Ignore SAE H2E requirement mismatch");
1050 continue;
1051 }
1052 #endif /* CONFIG_TESTING_OPTIONS */
1053 return 0;
1054 }
1055 continue;
1056 }
1057 #endif /* CONFIG_SAE */
1058
1059 if (!flagged)
1060 continue;
1061
1062 /* check for legacy basic rates */
1063 for (k = 0; k < mode->num_rates; k++) {
1064 if (mode->rates[k] == r)
1065 break;
1066 }
1067 if (k == mode->num_rates) {
1068 /*
1069 * IEEE Std 802.11-2007 7.3.2.2 demands that in
1070 * order to join a BSS all required rates
1071 * have to be supported by the hardware.
1072 */
1073 if (debug_print)
1074 wpa_dbg(wpa_s, MSG_DEBUG,
1075 " hardware does not support required rate %d.%d Mbps (freq=%d mode==%d num_rates=%d)",
1076 r / 10, r % 10,
1077 bss->freq, mode->mode, mode->num_rates);
1078 return 0;
1079 }
1080 }
1081 }
1082
1083 return 1;
1084 }
1085
1086
1087 /*
1088 * Test whether BSS is in an ESS.
1089 * This is done differently in DMG (60 GHz) and non-DMG bands
1090 */
bss_is_ess(struct wpa_bss * bss)1091 static int bss_is_ess(struct wpa_bss *bss)
1092 {
1093 if (bss_is_dmg(bss)) {
1094 return (bss->caps & IEEE80211_CAP_DMG_MASK) ==
1095 IEEE80211_CAP_DMG_AP;
1096 }
1097
1098 return ((bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
1099 IEEE80211_CAP_ESS);
1100 }
1101
1102
match_mac_mask(const u8 * addr_a,const u8 * addr_b,const u8 * mask)1103 static int match_mac_mask(const u8 *addr_a, const u8 *addr_b, const u8 *mask)
1104 {
1105 size_t i;
1106
1107 for (i = 0; i < ETH_ALEN; i++) {
1108 if ((addr_a[i] & mask[i]) != (addr_b[i] & mask[i]))
1109 return 0;
1110 }
1111 return 1;
1112 }
1113
1114
addr_in_list(const u8 * addr,const u8 * list,size_t num)1115 static int addr_in_list(const u8 *addr, const u8 *list, size_t num)
1116 {
1117 size_t i;
1118
1119 for (i = 0; i < num; i++) {
1120 const u8 *a = list + i * ETH_ALEN * 2;
1121 const u8 *m = a + ETH_ALEN;
1122
1123 if (match_mac_mask(a, addr, m))
1124 return 1;
1125 }
1126 return 0;
1127 }
1128
1129
owe_trans_ssid(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,const u8 ** ret_ssid,size_t * ret_ssid_len)1130 static void owe_trans_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
1131 const u8 **ret_ssid, size_t *ret_ssid_len)
1132 {
1133 #ifdef CONFIG_OWE
1134 const u8 *owe, *bssid;
1135
1136 owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
1137 if (!owe || !wpa_bss_get_rsne(wpa_s, bss, NULL, false))
1138 return;
1139
1140 if (wpas_get_owe_trans_network(owe, &bssid, ret_ssid, ret_ssid_len))
1141 return;
1142
1143 /* Match the profile SSID against the OWE transition mode SSID on the
1144 * open network. */
1145 wpa_dbg(wpa_s, MSG_DEBUG, "OWE: transition mode BSSID: " MACSTR
1146 " SSID: %s", MAC2STR(bssid),
1147 wpa_ssid_txt(*ret_ssid, *ret_ssid_len));
1148
1149 if (!(bss->flags & WPA_BSS_OWE_TRANSITION)) {
1150 struct wpa_ssid *ssid;
1151
1152 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1153 if (wpas_network_disabled(wpa_s, ssid))
1154 continue;
1155 if (ssid->ssid_len == *ret_ssid_len &&
1156 os_memcmp(ssid->ssid, *ret_ssid, *ret_ssid_len) ==
1157 0) {
1158 /* OWE BSS in transition mode for a currently
1159 * enabled OWE network. */
1160 wpa_dbg(wpa_s, MSG_DEBUG,
1161 "OWE: transition mode OWE SSID for active OWE profile");
1162 bss->flags |= WPA_BSS_OWE_TRANSITION;
1163 break;
1164 }
1165 }
1166 }
1167 #endif /* CONFIG_OWE */
1168 }
1169
1170
wpas_valid_ml_bss(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)1171 static bool wpas_valid_ml_bss(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
1172 {
1173 u16 removed_links;
1174
1175 if (wpa_bss_parse_basic_ml_element(wpa_s, bss, NULL, NULL, NULL, NULL))
1176 return true;
1177
1178 if (!bss->valid_links)
1179 return true;
1180
1181 /* Check if the current BSS is going to be removed */
1182 removed_links = wpa_bss_parse_reconf_ml_element(wpa_s, bss);
1183 if (BIT(bss->mld_link_id) & removed_links)
1184 return false;
1185
1186 return true;
1187 }
1188
1189
disabled_freq(struct wpa_supplicant * wpa_s,int freq)1190 int disabled_freq(struct wpa_supplicant *wpa_s, int freq)
1191 {
1192 int i, j;
1193
1194 if (!wpa_s->hw.modes || !wpa_s->hw.num_modes)
1195 return 0;
1196
1197 for (j = 0; j < wpa_s->hw.num_modes; j++) {
1198 struct hostapd_hw_modes *mode = &wpa_s->hw.modes[j];
1199
1200 for (i = 0; i < mode->num_channels; i++) {
1201 struct hostapd_channel_data *chan = &mode->channels[i];
1202
1203 if (chan->freq == freq)
1204 return !!(chan->flag & HOSTAPD_CHAN_DISABLED);
1205 }
1206 }
1207
1208 return 1;
1209 }
1210
1211
1212 static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
1213 const u8 *match_ssid, size_t match_ssid_len,
1214 struct wpa_bss *bss, int bssid_ignore_count,
1215 bool debug_print, bool link);
1216
1217
1218 #ifdef CONFIG_SAE_PK
sae_pk_acceptable_bss_with_pk(struct wpa_supplicant * wpa_s,struct wpa_bss * orig_bss,struct wpa_ssid * ssid,const u8 * match_ssid,size_t match_ssid_len)1219 static bool sae_pk_acceptable_bss_with_pk(struct wpa_supplicant *wpa_s,
1220 struct wpa_bss *orig_bss,
1221 struct wpa_ssid *ssid,
1222 const u8 *match_ssid,
1223 size_t match_ssid_len)
1224 {
1225 struct wpa_bss *bss;
1226
1227 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1228 int count;
1229 const u8 *ie;
1230
1231 if (bss == orig_bss)
1232 continue;
1233 ie = wpa_bss_get_rsnxe(wpa_s, bss, ssid, false);
1234 if (!(ieee802_11_rsnx_capab(ie, WLAN_RSNX_CAPAB_SAE_PK)))
1235 continue;
1236
1237 /* TODO: Could be more thorough in checking what kind of
1238 * signal strength or throughput estimate would be acceptable
1239 * compared to the originally selected BSS. */
1240 if (bss->est_throughput < 2000)
1241 return false;
1242
1243 count = wpa_bssid_ignore_is_listed(wpa_s, bss->bssid);
1244 if (wpa_scan_res_ok(wpa_s, ssid, match_ssid, match_ssid_len,
1245 bss, count, false, false))
1246 return true;
1247 }
1248
1249 return false;
1250 }
1251 #endif /* CONFIG_SAE_PK */
1252
1253
wpa_scan_res_ok(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const u8 * match_ssid,size_t match_ssid_len,struct wpa_bss * bss,int bssid_ignore_count,bool debug_print,bool link)1254 static bool wpa_scan_res_ok(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
1255 const u8 *match_ssid, size_t match_ssid_len,
1256 struct wpa_bss *bss, int bssid_ignore_count,
1257 bool debug_print, bool link)
1258 {
1259 int res;
1260 bool wpa, check_ssid = false;
1261 #ifdef CONFIG_MBO
1262 const u8 *assoc_disallow;
1263 #endif /* CONFIG_MBO */
1264 #ifdef CONFIG_SAE
1265 u8 rsnxe_capa = 0;
1266 enum sae_pwe sae_pwe;
1267 #endif /* CONFIG_SAE */
1268 const u8 *ie;
1269
1270 ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1271 wpa = ie && ie[1];
1272 ie = wpa_bss_get_rsne(wpa_s, bss, ssid, false);
1273 wpa |= ie && ie[1];
1274
1275 #ifdef CONFIG_SAE
1276 ie = wpa_bss_get_rsnxe(wpa_s, bss, ssid, false);
1277 if (ie && ie[0] == WLAN_EID_VENDOR_SPECIFIC && ie[1] >= 4 + 1)
1278 rsnxe_capa = ie[4 + 2];
1279 else if (ie && ie[1] >= 1)
1280 rsnxe_capa = ie[2];
1281 #endif /* CONFIG_SAE */
1282
1283 check_ssid = wpa || ssid->ssid_len > 0;
1284
1285 if (wpas_network_disabled(wpa_s, ssid)) {
1286 if (debug_print)
1287 wpa_dbg(wpa_s, MSG_DEBUG, " skip - disabled");
1288 return false;
1289 }
1290
1291 res = wpas_temp_disabled(wpa_s, ssid);
1292 if (res > 0) {
1293 if (debug_print)
1294 wpa_dbg(wpa_s, MSG_DEBUG,
1295 " skip - disabled temporarily for %d second(s)",
1296 res);
1297 return false;
1298 }
1299
1300 #ifdef CONFIG_WPS
1301 if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && bssid_ignore_count) {
1302 if (debug_print)
1303 wpa_dbg(wpa_s, MSG_DEBUG,
1304 " skip - BSSID ignored (WPS)");
1305 return false;
1306 }
1307
1308 if (wpa && ssid->ssid_len == 0 &&
1309 wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss))
1310 check_ssid = false;
1311
1312 if (!wpa && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
1313 /* Only allow wildcard SSID match if an AP advertises active
1314 * WPS operation that matches our mode. */
1315 check_ssid = ssid->ssid_len > 0 ||
1316 !wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss);
1317 }
1318 #endif /* CONFIG_WPS */
1319
1320 if (ssid->bssid_set && ssid->ssid_len == 0 &&
1321 ether_addr_equal(bss->bssid, ssid->bssid))
1322 check_ssid = false;
1323
1324 if (check_ssid &&
1325 (match_ssid_len != ssid->ssid_len ||
1326 os_memcmp(match_ssid, ssid->ssid, match_ssid_len) != 0)) {
1327 if (debug_print)
1328 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID mismatch");
1329 return false;
1330 }
1331
1332 if (!link && ssid->bssid_set &&
1333 !ether_addr_equal(bss->bssid, ssid->bssid)) {
1334 if (debug_print)
1335 wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID mismatch");
1336 return false;
1337 }
1338
1339 /* check the list of BSSIDs to ignore */
1340 if (ssid->num_bssid_ignore &&
1341 addr_in_list(bss->bssid, ssid->bssid_ignore,
1342 ssid->num_bssid_ignore)) {
1343 if (debug_print)
1344 wpa_dbg(wpa_s, MSG_DEBUG,
1345 " skip - BSSID configured to be ignored");
1346 return false;
1347 }
1348
1349 /* if there is a list of accepted BSSIDs, only accept those APs */
1350 if (ssid->num_bssid_accept &&
1351 !addr_in_list(bss->bssid, ssid->bssid_accept,
1352 ssid->num_bssid_accept)) {
1353 if (debug_print)
1354 wpa_dbg(wpa_s, MSG_DEBUG,
1355 " skip - BSSID not in list of accepted values");
1356 return false;
1357 }
1358
1359 if (!wpa_supplicant_ssid_bss_match(wpa_s, ssid, bss, debug_print))
1360 return false;
1361
1362 if (!wpa &&
1363 !(ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
1364 !(ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
1365 !(ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1366 !(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) {
1367 if (debug_print)
1368 wpa_dbg(wpa_s, MSG_DEBUG,
1369 " skip - non-WPA network not allowed");
1370 return false;
1371 }
1372
1373 #ifdef CONFIG_WEP
1374 if (wpa && !wpa_key_mgmt_wpa(ssid->key_mgmt) && has_wep_key(ssid)) {
1375 if (debug_print)
1376 wpa_dbg(wpa_s, MSG_DEBUG,
1377 " skip - ignore WPA/WPA2 AP for WEP network block");
1378 return false;
1379 }
1380 #endif /* CONFIG_WEP */
1381
1382 if (!wpa_supplicant_match_privacy(bss, ssid)) {
1383 if (debug_print)
1384 wpa_dbg(wpa_s, MSG_DEBUG, " skip - privacy mismatch");
1385 return false;
1386 }
1387
1388 if (ssid->mode != WPAS_MODE_MESH && !bss_is_ess(bss) &&
1389 !bss_is_pbss(bss)) {
1390 if (debug_print)
1391 wpa_dbg(wpa_s, MSG_DEBUG,
1392 " skip - not ESS, PBSS, or MBSS");
1393 return false;
1394 }
1395
1396 if (ssid->pbss != 2 && ssid->pbss != bss_is_pbss(bss)) {
1397 if (debug_print)
1398 wpa_dbg(wpa_s, MSG_DEBUG,
1399 " skip - PBSS mismatch (ssid %d bss %d)",
1400 ssid->pbss, bss_is_pbss(bss));
1401 return false;
1402 }
1403
1404 if (!freq_allowed(ssid->freq_list, bss->freq)) {
1405 if (debug_print)
1406 wpa_dbg(wpa_s, MSG_DEBUG,
1407 " skip - frequency not allowed");
1408 return false;
1409 }
1410
1411 #ifdef CONFIG_MESH
1412 if (ssid->mode == WPAS_MODE_MESH && ssid->frequency > 0 &&
1413 ssid->frequency != bss->freq) {
1414 if (debug_print)
1415 wpa_dbg(wpa_s, MSG_DEBUG,
1416 " skip - frequency not allowed (mesh)");
1417 return false;
1418 }
1419 #endif /* CONFIG_MESH */
1420
1421 if (!rate_match(wpa_s, ssid, bss, debug_print)) {
1422 if (debug_print)
1423 wpa_dbg(wpa_s, MSG_DEBUG,
1424 " skip - rate sets do not match");
1425 return false;
1426 }
1427
1428 #ifdef CONFIG_SAE
1429 /* When using SAE Password Identifier and when operationg on the 6 GHz
1430 * band, only H2E is allowed. */
1431 sae_pwe = wpas_get_ssid_sae_pwe(wpa_s, ssid);
1432 if ((sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
1433 is_6ghz_freq(bss->freq) || ssid->sae_password_id) &&
1434 sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
1435 wpa_key_mgmt_sae(ssid->key_mgmt) &&
1436 !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E))) {
1437 if (debug_print)
1438 wpa_dbg(wpa_s, MSG_DEBUG,
1439 " skip - SAE H2E required, but not supported by the AP");
1440 return false;
1441 }
1442 #endif /* CONFIG_SAE */
1443
1444 #ifdef CONFIG_SAE_PK
1445 if (ssid->sae_pk == SAE_PK_MODE_ONLY &&
1446 !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK))) {
1447 if (debug_print)
1448 wpa_dbg(wpa_s, MSG_DEBUG,
1449 " skip - SAE-PK required, but not supported by the AP");
1450 return false;
1451 }
1452 #endif /* CONFIG_SAE_PK */
1453
1454 #ifndef CONFIG_IBSS_RSN
1455 if (ssid->mode == WPAS_MODE_IBSS &&
1456 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
1457 if (debug_print)
1458 wpa_dbg(wpa_s, MSG_DEBUG,
1459 " skip - IBSS RSN not supported in the build");
1460 return false;
1461 }
1462 #endif /* !CONFIG_IBSS_RSN */
1463
1464 #ifdef CONFIG_P2P
1465 if (ssid->p2p_group &&
1466 !wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
1467 !wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE)) {
1468 if (debug_print)
1469 wpa_dbg(wpa_s, MSG_DEBUG, " skip - no P2P IE seen");
1470 return false;
1471 }
1472
1473 if (!is_zero_ether_addr(ssid->go_p2p_dev_addr)) {
1474 struct wpabuf *p2p_ie;
1475 u8 dev_addr[ETH_ALEN];
1476
1477 ie = wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE);
1478 if (!ie) {
1479 if (debug_print)
1480 wpa_dbg(wpa_s, MSG_DEBUG,
1481 " skip - no P2P element");
1482 return false;
1483 }
1484 p2p_ie = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
1485 if (!p2p_ie) {
1486 if (debug_print)
1487 wpa_dbg(wpa_s, MSG_DEBUG,
1488 " skip - could not fetch P2P element");
1489 return false;
1490 }
1491
1492 if (p2p_parse_dev_addr_in_p2p_ie(p2p_ie, dev_addr) < 0 ||
1493 !ether_addr_equal(dev_addr, ssid->go_p2p_dev_addr)) {
1494 if (debug_print)
1495 wpa_dbg(wpa_s, MSG_DEBUG,
1496 " skip - no matching GO P2P Device Address in P2P element");
1497 wpabuf_free(p2p_ie);
1498 return false;
1499 }
1500 wpabuf_free(p2p_ie);
1501 }
1502
1503 /*
1504 * TODO: skip the AP if its P2P IE has Group Formation bit set in the
1505 * P2P Group Capability Bitmap and we are not in Group Formation with
1506 * that device.
1507 */
1508 #endif /* CONFIG_P2P */
1509
1510 if (os_reltime_before(&bss->last_update, &wpa_s->scan_min_time)) {
1511 struct os_reltime diff;
1512
1513 os_reltime_sub(&wpa_s->scan_min_time, &bss->last_update, &diff);
1514 if (debug_print)
1515 wpa_dbg(wpa_s, MSG_DEBUG,
1516 " skip - scan result not recent enough (%u.%06u seconds too old)",
1517 (unsigned int) diff.sec,
1518 (unsigned int) diff.usec);
1519 return false;
1520 }
1521 #ifdef CONFIG_MBO
1522 #ifdef CONFIG_TESTING_OPTIONS
1523 if (wpa_s->ignore_assoc_disallow)
1524 goto skip_assoc_disallow;
1525 #endif /* CONFIG_TESTING_OPTIONS */
1526 assoc_disallow = wpas_mbo_check_assoc_disallow(bss);
1527 if (assoc_disallow && assoc_disallow[1] >= 1) {
1528 if (debug_print)
1529 wpa_dbg(wpa_s, MSG_DEBUG,
1530 " skip - MBO association disallowed (reason %u)",
1531 assoc_disallow[2]);
1532 return false;
1533 }
1534
1535 if (wpa_is_bss_tmp_disallowed(wpa_s, bss)) {
1536 if (debug_print)
1537 wpa_dbg(wpa_s, MSG_DEBUG,
1538 " skip - AP temporarily disallowed");
1539 return false;
1540 }
1541 #ifdef CONFIG_TESTING_OPTIONS
1542 skip_assoc_disallow:
1543 #endif /* CONFIG_TESTING_OPTIONS */
1544 #endif /* CONFIG_MBO */
1545
1546 #ifdef CONFIG_DPP
1547 if ((ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
1548 !wpa_sm_pmksa_exists(wpa_s->wpa, bss->bssid, wpa_s->own_addr,
1549 ssid) &&
1550 (!ssid->dpp_connector || !ssid->dpp_netaccesskey ||
1551 !ssid->dpp_csign)) {
1552 if (debug_print)
1553 wpa_dbg(wpa_s, MSG_DEBUG,
1554 " skip - no PMKSA entry for DPP");
1555 return false;
1556 }
1557 #endif /* CONFIG_DPP */
1558
1559 #ifdef CONFIG_SAE_PK
1560 if (ssid->sae_pk == SAE_PK_MODE_AUTOMATIC &&
1561 wpa_key_mgmt_sae(ssid->key_mgmt) &&
1562 ((ssid->sae_password &&
1563 sae_pk_valid_password(ssid->sae_password)) ||
1564 (!ssid->sae_password && ssid->passphrase &&
1565 sae_pk_valid_password(ssid->passphrase))) &&
1566 !(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) &&
1567 sae_pk_acceptable_bss_with_pk(wpa_s, bss, ssid, match_ssid,
1568 match_ssid_len)) {
1569 if (debug_print)
1570 wpa_dbg(wpa_s, MSG_DEBUG,
1571 " skip - another acceptable BSS with SAE-PK in the same ESS");
1572 return false;
1573 }
1574 #endif /* CONFIG_SAE_PK */
1575
1576 if (bss->ssid_len == 0) {
1577 #ifdef CONFIG_OWE
1578 const u8 *owe_ssid = NULL;
1579 size_t owe_ssid_len = 0;
1580
1581 owe_trans_ssid(wpa_s, bss, &owe_ssid, &owe_ssid_len);
1582 if (owe_ssid && owe_ssid_len &&
1583 owe_ssid_len == ssid->ssid_len &&
1584 os_memcmp(owe_ssid, ssid->ssid, owe_ssid_len) == 0) {
1585 if (debug_print)
1586 wpa_dbg(wpa_s, MSG_DEBUG,
1587 " skip - no SSID in BSS entry for a possible OWE transition mode BSS");
1588 int_array_add_unique(&wpa_s->owe_trans_scan_freq,
1589 bss->freq);
1590 return false;
1591 }
1592 #endif /* CONFIG_OWE */
1593 if (debug_print)
1594 wpa_dbg(wpa_s, MSG_DEBUG,
1595 " skip - no SSID known for the BSS");
1596 return false;
1597 }
1598
1599 if (!link && !wpas_valid_ml_bss(wpa_s, bss)) {
1600 if (debug_print)
1601 wpa_dbg(wpa_s, MSG_DEBUG,
1602 " skip - ML BSS going to be removed");
1603 return false;
1604 }
1605
1606 /* Matching configuration found */
1607 return true;
1608 }
1609
1610
wpa_scan_res_match(struct wpa_supplicant * wpa_s,int i,struct wpa_bss * bss,struct wpa_ssid * group,int only_first_ssid,int debug_print,bool link)1611 struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
1612 int i, struct wpa_bss *bss,
1613 struct wpa_ssid *group,
1614 int only_first_ssid, int debug_print,
1615 bool link)
1616 {
1617 u8 wpa_ie_len, rsn_ie_len;
1618 const u8 *ie;
1619 struct wpa_ssid *ssid;
1620 const u8 *match_ssid;
1621 size_t match_ssid_len;
1622 int bssid_ignore_count;
1623
1624 ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1625 wpa_ie_len = ie ? ie[1] : 0;
1626
1627 ie = wpa_bss_get_rsne(wpa_s, bss, NULL, false);
1628 rsn_ie_len = ie ? ie[1] : 0;
1629
1630 if (debug_print) {
1631 wpa_dbg(wpa_s, MSG_DEBUG, "%d: " MACSTR
1632 " ssid='%s' wpa_ie_len=%u rsn_ie_len=%u caps=0x%x level=%d freq=%d %s%s",
1633 i, MAC2STR(bss->bssid),
1634 wpa_ssid_txt(bss->ssid, bss->ssid_len),
1635 wpa_ie_len, rsn_ie_len, bss->caps, bss->level,
1636 bss->freq,
1637 wpa_bss_get_vendor_ie(bss, WPS_IE_VENDOR_TYPE) ?
1638 " wps" : "",
1639 (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) ||
1640 wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE))
1641 ? " p2p" : "");
1642 }
1643
1644 bssid_ignore_count = wpa_bssid_ignore_is_listed(wpa_s, bss->bssid);
1645 if (bssid_ignore_count) {
1646 int limit = 1;
1647 if (wpa_supplicant_enabled_networks(wpa_s) == 1) {
1648 /*
1649 * When only a single network is enabled, we can
1650 * trigger BSSID ignoring on the first failure. This
1651 * should not be done with multiple enabled networks to
1652 * avoid getting forced to move into a worse ESS on
1653 * single error if there are no other BSSes of the
1654 * current ESS.
1655 */
1656 limit = 0;
1657 }
1658 if (bssid_ignore_count > limit) {
1659 if (debug_print) {
1660 wpa_dbg(wpa_s, MSG_DEBUG,
1661 " skip - BSSID ignored (count=%d limit=%d)",
1662 bssid_ignore_count, limit);
1663 }
1664 return NULL;
1665 }
1666 }
1667
1668 match_ssid = bss->ssid;
1669 match_ssid_len = bss->ssid_len;
1670 owe_trans_ssid(wpa_s, bss, &match_ssid, &match_ssid_len);
1671
1672 if (match_ssid_len == 0) {
1673 if (debug_print)
1674 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID not known");
1675 return NULL;
1676 }
1677
1678 if (disallowed_bssid(wpa_s, bss->bssid)) {
1679 if (debug_print)
1680 wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID disallowed");
1681 return NULL;
1682 }
1683
1684 if (disallowed_ssid(wpa_s, match_ssid, match_ssid_len)) {
1685 if (debug_print)
1686 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID disallowed");
1687 return NULL;
1688 }
1689
1690 if (disabled_freq(wpa_s, bss->freq)) {
1691 if (debug_print)
1692 wpa_dbg(wpa_s, MSG_DEBUG, " skip - channel disabled");
1693 return NULL;
1694 }
1695
1696 if (wnm_is_bss_excluded(wpa_s, bss)) {
1697 if (debug_print)
1698 wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID excluded");
1699 return NULL;
1700 }
1701
1702 for (ssid = group; ssid; ssid = only_first_ssid ? NULL : ssid->pnext) {
1703 if (wpa_scan_res_ok(wpa_s, ssid, match_ssid, match_ssid_len,
1704 bss, bssid_ignore_count, debug_print, link))
1705 return ssid;
1706 }
1707
1708 /* No matching configuration found */
1709 return NULL;
1710 }
1711
1712
1713 struct wpa_bss *
wpa_supplicant_select_bss(struct wpa_supplicant * wpa_s,struct wpa_ssid * group,struct wpa_ssid ** selected_ssid,int only_first_ssid)1714 wpa_supplicant_select_bss(struct wpa_supplicant *wpa_s,
1715 struct wpa_ssid *group,
1716 struct wpa_ssid **selected_ssid,
1717 int only_first_ssid)
1718 {
1719 unsigned int i;
1720
1721 if (wpa_s->current_ssid) {
1722 struct wpa_ssid *ssid;
1723
1724 wpa_dbg(wpa_s, MSG_DEBUG,
1725 "Scan results matching the currently selected network");
1726 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
1727 struct wpa_bss *bss = wpa_s->last_scan_res[i];
1728
1729 ssid = wpa_scan_res_match(wpa_s, i, bss, group,
1730 only_first_ssid, 0, false);
1731 if (ssid != wpa_s->current_ssid)
1732 continue;
1733 wpa_dbg(wpa_s, MSG_DEBUG, "%u: " MACSTR
1734 " freq=%d level=%d snr=%d est_throughput=%u",
1735 i, MAC2STR(bss->bssid), bss->freq, bss->level,
1736 bss->snr, bss->est_throughput);
1737 }
1738 }
1739
1740 if (only_first_ssid)
1741 wpa_dbg(wpa_s, MSG_DEBUG, "Try to find BSS matching pre-selected network id=%d",
1742 group->id);
1743 else
1744 wpa_dbg(wpa_s, MSG_DEBUG, "Selecting BSS from priority group %d",
1745 group->priority);
1746
1747 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
1748 struct wpa_bss *bss = wpa_s->last_scan_res[i];
1749
1750 wpa_s->owe_transition_select = 1;
1751 *selected_ssid = wpa_scan_res_match(wpa_s, i, bss, group,
1752 only_first_ssid, 1, false);
1753 wpa_s->owe_transition_select = 0;
1754 if (!*selected_ssid)
1755 continue;
1756 wpa_dbg(wpa_s, MSG_DEBUG, " selected %sBSS " MACSTR
1757 " ssid='%s'",
1758 bss == wpa_s->current_bss ? "current ": "",
1759 MAC2STR(bss->bssid),
1760 wpa_ssid_txt(bss->ssid, bss->ssid_len));
1761 return bss;
1762 }
1763
1764 return NULL;
1765 }
1766
1767
wpa_supplicant_pick_network(struct wpa_supplicant * wpa_s,struct wpa_ssid ** selected_ssid)1768 struct wpa_bss * wpa_supplicant_pick_network(struct wpa_supplicant *wpa_s,
1769 struct wpa_ssid **selected_ssid)
1770 {
1771 struct wpa_bss *selected = NULL;
1772 size_t prio;
1773 struct wpa_ssid *next_ssid = NULL;
1774 struct wpa_ssid *ssid;
1775
1776 if (wpa_s->last_scan_res == NULL ||
1777 wpa_s->last_scan_res_used == 0)
1778 return NULL; /* no scan results from last update */
1779
1780 if (wpa_s->next_ssid) {
1781 /* check that next_ssid is still valid */
1782 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1783 if (ssid == wpa_s->next_ssid)
1784 break;
1785 }
1786 next_ssid = ssid;
1787 wpa_s->next_ssid = NULL;
1788 }
1789
1790 while (selected == NULL) {
1791 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
1792 if (next_ssid && next_ssid->priority ==
1793 wpa_s->conf->pssid[prio]->priority) {
1794 selected = wpa_supplicant_select_bss(
1795 wpa_s, next_ssid, selected_ssid, 1);
1796 if (selected)
1797 break;
1798 }
1799 selected = wpa_supplicant_select_bss(
1800 wpa_s, wpa_s->conf->pssid[prio],
1801 selected_ssid, 0);
1802 if (selected)
1803 break;
1804 }
1805
1806 if (!selected &&
1807 (wpa_s->bssid_ignore || wnm_active_bss_trans_mgmt(wpa_s)) &&
1808 !wpa_s->countermeasures) {
1809 wpa_dbg(wpa_s, MSG_DEBUG,
1810 "No APs found - clear BSSID ignore list and try again");
1811 wnm_btm_reset(wpa_s);
1812 wpa_bssid_ignore_clear(wpa_s);
1813 wpa_s->bssid_ignore_cleared = true;
1814 } else if (selected == NULL)
1815 break;
1816 }
1817
1818 ssid = *selected_ssid;
1819 if (selected && ssid && ssid->mem_only_psk && !ssid->psk_set &&
1820 !ssid->passphrase && !ssid->ext_psk) {
1821 const char *field_name, *txt = NULL;
1822
1823 wpa_dbg(wpa_s, MSG_DEBUG,
1824 "PSK/passphrase not yet available for the selected network");
1825
1826 wpas_notify_network_request(wpa_s, ssid,
1827 WPA_CTRL_REQ_PSK_PASSPHRASE, NULL);
1828
1829 field_name = wpa_supplicant_ctrl_req_to_string(
1830 WPA_CTRL_REQ_PSK_PASSPHRASE, NULL, &txt);
1831 if (field_name == NULL)
1832 return NULL;
1833
1834 wpas_send_ctrl_req(wpa_s, ssid, field_name, txt);
1835
1836 selected = NULL;
1837 }
1838
1839 return selected;
1840 }
1841
1842
wpa_supplicant_req_new_scan(struct wpa_supplicant * wpa_s,int timeout_sec,int timeout_usec)1843 static void wpa_supplicant_req_new_scan(struct wpa_supplicant *wpa_s,
1844 int timeout_sec, int timeout_usec)
1845 {
1846 if (!wpa_supplicant_enabled_networks(wpa_s)) {
1847 /*
1848 * No networks are enabled; short-circuit request so
1849 * we don't wait timeout seconds before transitioning
1850 * to INACTIVE state.
1851 */
1852 wpa_dbg(wpa_s, MSG_DEBUG, "Short-circuit new scan request "
1853 "since there are no enabled networks");
1854 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
1855 return;
1856 }
1857
1858 wpa_s->scan_for_connection = 1;
1859 wpa_supplicant_req_scan(wpa_s, timeout_sec, timeout_usec);
1860 }
1861
1862
ml_link_probe_scan(struct wpa_supplicant * wpa_s)1863 static bool ml_link_probe_scan(struct wpa_supplicant *wpa_s)
1864 {
1865 if (!wpa_s->ml_connect_probe_ssid || !wpa_s->ml_connect_probe_bss)
1866 return false;
1867
1868 wpa_msg(wpa_s, MSG_DEBUG,
1869 "Request association with " MACSTR " after ML probe",
1870 MAC2STR(wpa_s->ml_connect_probe_bss->bssid));
1871
1872 wpa_supplicant_associate(wpa_s, wpa_s->ml_connect_probe_bss,
1873 wpa_s->ml_connect_probe_ssid);
1874
1875 wpa_s->ml_connect_probe_ssid = NULL;
1876 wpa_s->ml_connect_probe_bss = NULL;
1877
1878 return true;
1879 }
1880
1881
wpa_supplicant_connect_ml_missing(struct wpa_supplicant * wpa_s,struct wpa_bss * selected,struct wpa_ssid * ssid)1882 static int wpa_supplicant_connect_ml_missing(struct wpa_supplicant *wpa_s,
1883 struct wpa_bss *selected,
1884 struct wpa_ssid *ssid)
1885 {
1886 int *freqs;
1887 u16 missing_links = 0, removed_links;
1888 u8 ap_mld_id;
1889
1890 if (!((wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_MLO) &&
1891 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)))
1892 return 0;
1893
1894 if (wpa_bss_parse_basic_ml_element(wpa_s, selected, NULL,
1895 &missing_links, ssid,
1896 &ap_mld_id) ||
1897 !missing_links)
1898 return 0;
1899
1900 removed_links = wpa_bss_parse_reconf_ml_element(wpa_s, selected);
1901 missing_links &= ~removed_links;
1902
1903 if (!missing_links)
1904 return 0;
1905
1906 wpa_dbg(wpa_s, MSG_DEBUG,
1907 "MLD: Doing an ML probe for missing links 0x%04x",
1908 missing_links);
1909
1910 freqs = os_malloc(sizeof(int) * 2);
1911 if (!freqs)
1912 return 0;
1913
1914 wpa_s->ml_connect_probe_ssid = ssid;
1915 wpa_s->ml_connect_probe_bss = selected;
1916
1917 freqs[0] = selected->freq;
1918 freqs[1] = 0;
1919
1920 wpa_s->manual_scan_passive = 0;
1921 wpa_s->manual_scan_use_id = 0;
1922 wpa_s->manual_scan_only_new = 0;
1923 wpa_s->scan_id_count = 0;
1924 os_free(wpa_s->manual_scan_freqs);
1925 wpa_s->manual_scan_freqs = freqs;
1926
1927 os_memcpy(wpa_s->ml_probe_bssid, selected->bssid, ETH_ALEN);
1928
1929 /*
1930 * In case the ML probe request is intended to retrieve information from
1931 * the transmitted BSS, the AP MLD ID should be included and should be
1932 * set to zero.
1933 * In case the ML probe requested is intended to retrieve information
1934 * from a non-transmitted BSS, the AP MLD ID should not be included.
1935 */
1936 if (ap_mld_id)
1937 wpa_s->ml_probe_mld_id = -1;
1938 else
1939 wpa_s->ml_probe_mld_id = 0;
1940
1941 if (ssid && ssid->ssid_len) {
1942 os_free(wpa_s->ssids_from_scan_req);
1943 wpa_s->num_ssids_from_scan_req = 0;
1944
1945 wpa_s->ssids_from_scan_req =
1946 os_zalloc(sizeof(struct wpa_ssid_value));
1947 if (wpa_s->ssids_from_scan_req) {
1948 wpa_printf(MSG_DEBUG,
1949 "MLD: ML probe: With direct SSID");
1950
1951 wpa_s->num_ssids_from_scan_req = 1;
1952 wpa_s->ssids_from_scan_req[0].ssid_len = ssid->ssid_len;
1953 os_memcpy(wpa_s->ssids_from_scan_req[0].ssid,
1954 ssid->ssid, ssid->ssid_len);
1955 }
1956 }
1957
1958 wpa_s->ml_probe_links = missing_links;
1959
1960 wpa_s->normal_scans = 0;
1961 wpa_s->scan_req = MANUAL_SCAN_REQ;
1962 wpa_s->after_wps = 0;
1963 wpa_s->known_wps_freq = 0;
1964 wpa_supplicant_req_scan(wpa_s, 0, 0);
1965
1966 return 1;
1967 }
1968
1969
wpa_supplicant_connect(struct wpa_supplicant * wpa_s,struct wpa_bss * selected,struct wpa_ssid * ssid)1970 int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
1971 struct wpa_bss *selected,
1972 struct wpa_ssid *ssid)
1973 {
1974 #ifdef IEEE8021X_EAPOL
1975 if ((eap_is_wps_pbc_enrollee(&ssid->eap) &&
1976 wpas_wps_partner_link_overlap_detect(wpa_s)) ||
1977 wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) {
1978 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP
1979 "PBC session overlap");
1980 wpas_notify_wps_event_pbc_overlap(wpa_s);
1981 wpa_s->wps_overlap = true;
1982 #ifdef CONFIG_P2P
1983 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT ||
1984 wpa_s->p2p_in_provisioning) {
1985 eloop_register_timeout(0, 0, wpas_p2p_pbc_overlap_cb,
1986 wpa_s, NULL);
1987 return -1;
1988 }
1989 #endif /* CONFIG_P2P */
1990
1991 #ifdef CONFIG_WPS
1992 wpas_wps_pbc_overlap(wpa_s);
1993 wpas_wps_cancel(wpa_s);
1994 #endif /* CONFIG_WPS */
1995 return -1;
1996 }
1997 #endif /* IEEE8021X_EAPOL */
1998
1999 wpa_msg(wpa_s, MSG_DEBUG,
2000 "Considering connect request: reassociate: %d selected: "
2001 MACSTR " bssid: " MACSTR " pending: " MACSTR
2002 " wpa_state: %s ssid=%p current_ssid=%p",
2003 wpa_s->reassociate, MAC2STR(selected->bssid),
2004 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
2005 wpa_supplicant_state_txt(wpa_s->wpa_state),
2006 ssid, wpa_s->current_ssid);
2007
2008 /*
2009 * Do not trigger new association unless the BSSID has changed or if
2010 * reassociation is requested. If we are in process of associating with
2011 * the selected BSSID, do not trigger new attempt.
2012 */
2013 if (wpa_s->reassociate ||
2014 (!ether_addr_equal(selected->bssid, wpa_s->bssid) &&
2015 ((wpa_s->wpa_state != WPA_ASSOCIATING &&
2016 wpa_s->wpa_state != WPA_AUTHENTICATING) ||
2017 (!is_zero_ether_addr(wpa_s->pending_bssid) &&
2018 !ether_addr_equal(selected->bssid, wpa_s->pending_bssid)) ||
2019 (is_zero_ether_addr(wpa_s->pending_bssid) &&
2020 ssid != wpa_s->current_ssid)))) {
2021 if (wpa_supplicant_scard_init(wpa_s, ssid)) {
2022 wpa_supplicant_req_new_scan(wpa_s, 10, 0);
2023 return 0;
2024 }
2025
2026 if (wpa_supplicant_connect_ml_missing(wpa_s, selected, ssid))
2027 return 0;
2028
2029 wpa_msg(wpa_s, MSG_DEBUG, "Request association with " MACSTR,
2030 MAC2STR(selected->bssid));
2031 wpa_supplicant_associate(wpa_s, selected, ssid);
2032 } else {
2033 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated or trying to "
2034 "connect with the selected AP");
2035 }
2036
2037 return 0;
2038 }
2039
2040
2041 static struct wpa_ssid *
wpa_supplicant_pick_new_network(struct wpa_supplicant * wpa_s)2042 wpa_supplicant_pick_new_network(struct wpa_supplicant *wpa_s)
2043 {
2044 size_t prio;
2045 struct wpa_ssid *ssid;
2046
2047 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
2048 for (ssid = wpa_s->conf->pssid[prio]; ssid; ssid = ssid->pnext)
2049 {
2050 if (wpas_network_disabled(wpa_s, ssid))
2051 continue;
2052 #ifndef CONFIG_IBSS_RSN
2053 if (ssid->mode == WPAS_MODE_IBSS &&
2054 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE |
2055 WPA_KEY_MGMT_WPA_NONE))) {
2056 wpa_msg(wpa_s, MSG_INFO,
2057 "IBSS RSN not supported in the build - cannot use the profile for SSID '%s'",
2058 wpa_ssid_txt(ssid->ssid,
2059 ssid->ssid_len));
2060 continue;
2061 }
2062 #endif /* !CONFIG_IBSS_RSN */
2063 if (ssid->mode == WPAS_MODE_IBSS ||
2064 ssid->mode == WPAS_MODE_AP ||
2065 ssid->mode == WPAS_MODE_MESH)
2066 return ssid;
2067 }
2068 }
2069 return NULL;
2070 }
2071
2072
2073 /* TODO: move the rsn_preauth_scan_result*() to be called from notify.c based
2074 * on BSS added and BSS changed events */
wpa_supplicant_rsn_preauth_scan_results(struct wpa_supplicant * wpa_s)2075 static void wpa_supplicant_rsn_preauth_scan_results(
2076 struct wpa_supplicant *wpa_s)
2077 {
2078 struct wpa_bss *bss;
2079
2080 if (rsn_preauth_scan_results(wpa_s->wpa) < 0)
2081 return;
2082
2083 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2084 const u8 *ssid, *rsn;
2085
2086 ssid = wpa_bss_get_ie(bss, WLAN_EID_SSID);
2087 if (ssid == NULL)
2088 continue;
2089
2090 rsn = wpa_bss_get_rsne(wpa_s, bss, NULL, false);
2091 if (rsn == NULL)
2092 continue;
2093
2094 rsn_preauth_scan_result(wpa_s->wpa, bss->bssid, ssid, rsn);
2095 }
2096
2097 }
2098
2099
2100 #ifndef CONFIG_NO_ROAMING
2101
wpas_get_snr_signal_info(u32 frequency,int avg_signal,int noise)2102 static int wpas_get_snr_signal_info(u32 frequency, int avg_signal, int noise)
2103 {
2104 if (noise == WPA_INVALID_NOISE) {
2105 if (IS_5GHZ(frequency)) {
2106 noise = DEFAULT_NOISE_FLOOR_5GHZ;
2107 } else if (is_6ghz_freq(frequency)) {
2108 noise = DEFAULT_NOISE_FLOOR_6GHZ;
2109 } else {
2110 noise = DEFAULT_NOISE_FLOOR_2GHZ;
2111 }
2112 }
2113 return avg_signal - noise;
2114 }
2115
2116
2117 static unsigned int
wpas_get_est_throughput_from_bss_snr(const struct wpa_supplicant * wpa_s,const struct wpa_bss * bss,int snr)2118 wpas_get_est_throughput_from_bss_snr(const struct wpa_supplicant *wpa_s,
2119 const struct wpa_bss *bss, int snr)
2120 {
2121 int rate = wpa_bss_get_max_rate(bss);
2122 const u8 *ies = wpa_bss_ie_ptr(bss);
2123 size_t ie_len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len;
2124 enum chan_width max_cw = CHAN_WIDTH_UNKNOWN;
2125
2126 return wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, bss->freq,
2127 &max_cw);
2128 }
2129
2130
wpas_evaluate_band_score(int frequency)2131 static int wpas_evaluate_band_score(int frequency)
2132 {
2133 if (is_6ghz_freq(frequency))
2134 return 2;
2135 if (IS_5GHZ(frequency))
2136 return 1;
2137 return 0;
2138 }
2139
2140
wpa_supplicant_need_to_roam_within_ess(struct wpa_supplicant * wpa_s,struct wpa_bss * current_bss,struct wpa_bss * selected,bool poll_current)2141 int wpa_supplicant_need_to_roam_within_ess(struct wpa_supplicant *wpa_s,
2142 struct wpa_bss *current_bss,
2143 struct wpa_bss *selected,
2144 bool poll_current)
2145 {
2146 int min_diff, diff;
2147 int cur_band_score, sel_band_score;
2148 int to_5ghz, to_6ghz;
2149 int cur_level, sel_level;
2150 unsigned int cur_est, sel_est;
2151 struct wpa_signal_info si;
2152 int cur_snr = 0;
2153 int ret = 0;
2154 const u8 *cur_ies = wpa_bss_ie_ptr(current_bss);
2155 const u8 *sel_ies = wpa_bss_ie_ptr(selected);
2156 size_t cur_ie_len = current_bss->ie_len ? current_bss->ie_len :
2157 current_bss->beacon_ie_len;
2158 size_t sel_ie_len = selected->ie_len ? selected->ie_len :
2159 selected->beacon_ie_len;
2160
2161 wpa_dbg(wpa_s, MSG_DEBUG, "Considering within-ESS reassociation");
2162 wpa_dbg(wpa_s, MSG_DEBUG, "Current BSS: " MACSTR
2163 " freq=%d level=%d snr=%d est_throughput=%u",
2164 MAC2STR(current_bss->bssid),
2165 current_bss->freq, current_bss->level,
2166 current_bss->snr, current_bss->est_throughput);
2167 wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS: " MACSTR
2168 " freq=%d level=%d snr=%d est_throughput=%u",
2169 MAC2STR(selected->bssid), selected->freq, selected->level,
2170 selected->snr, selected->est_throughput);
2171
2172 if (wpas_ap_link_address(wpa_s, selected->bssid)) {
2173 wpa_dbg(wpa_s, MSG_DEBUG, "MLD: associated to selected BSS");
2174 return 0;
2175 }
2176
2177 if (wpa_s->current_ssid->bssid_set &&
2178 ether_addr_equal(selected->bssid, wpa_s->current_ssid->bssid)) {
2179 wpa_dbg(wpa_s, MSG_DEBUG, "Allow reassociation - selected BSS "
2180 "has preferred BSSID");
2181 return 1;
2182 }
2183
2184 /*
2185 * Try to poll the signal from the driver since this will allow to get
2186 * more accurate values. In some cases, there can be big differences
2187 * between the RSSI of the Probe Response frames of the AP we are
2188 * associated with and the Beacon frames we hear from the same AP after
2189 * association. This can happen, e.g., when there are two antennas that
2190 * hear the AP very differently. If the driver chooses to hear the
2191 * Probe Response frames during the scan on the "bad" antenna because
2192 * it wants to save power, but knows to choose the other antenna after
2193 * association, we will hear our AP with a low RSSI as part of the
2194 * scan even when we can hear it decently on the other antenna. To cope
2195 * with this, ask the driver to teach us how it hears the AP. Also, the
2196 * scan results may be a bit old, since we can very quickly get fresh
2197 * information about our currently associated AP.
2198 */
2199 if (poll_current && wpa_drv_signal_poll(wpa_s, &si) == 0 &&
2200 (si.data.avg_beacon_signal || si.data.avg_signal)) {
2201 /*
2202 * Normalize avg_signal to the RSSI over 20 MHz, as the
2203 * throughput is estimated based on the RSSI over 20 MHz
2204 */
2205 cur_level = si.data.avg_beacon_signal ?
2206 si.data.avg_beacon_signal :
2207 (si.data.avg_signal -
2208 wpas_channel_width_rssi_bump(cur_ies, cur_ie_len,
2209 si.chanwidth));
2210 cur_snr = wpas_get_snr_signal_info(si.frequency, cur_level,
2211 si.current_noise);
2212
2213 cur_est = wpas_get_est_throughput_from_bss_snr(wpa_s,
2214 current_bss,
2215 cur_snr);
2216 wpa_dbg(wpa_s, MSG_DEBUG,
2217 "Using signal poll values for the current BSS: level=%d snr=%d est_throughput=%u",
2218 cur_level, cur_snr, cur_est);
2219 } else {
2220 /* Level and SNR are measured over 20 MHz channel */
2221 cur_level = current_bss->level;
2222 cur_snr = current_bss->snr;
2223 cur_est = current_bss->est_throughput;
2224 }
2225
2226 /* Adjust the SNR of BSSes based on the channel width. */
2227 cur_level += wpas_channel_width_rssi_bump(cur_ies, cur_ie_len,
2228 current_bss->max_cw);
2229 cur_snr = wpas_adjust_snr_by_chanwidth(cur_ies, cur_ie_len,
2230 current_bss->max_cw, cur_snr);
2231
2232 sel_est = selected->est_throughput;
2233 sel_level = selected->level +
2234 wpas_channel_width_rssi_bump(sel_ies, sel_ie_len,
2235 selected->max_cw);
2236
2237 if (sel_est > cur_est + 5000) {
2238 wpa_dbg(wpa_s, MSG_DEBUG,
2239 "Allow reassociation - selected BSS has better estimated throughput");
2240 return 1;
2241 }
2242
2243 to_5ghz = selected->freq > 4000 && current_bss->freq < 4000;
2244 to_6ghz = is_6ghz_freq(selected->freq) &&
2245 !is_6ghz_freq(current_bss->freq);
2246
2247 if (cur_level < 0 &&
2248 cur_level > sel_level + to_5ghz * 2 + to_6ghz * 2 &&
2249 sel_est < cur_est * 1.2) {
2250 wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - Current BSS has better "
2251 "signal level");
2252 return 0;
2253 }
2254
2255 if (cur_est > sel_est + 5000) {
2256 wpa_dbg(wpa_s, MSG_DEBUG,
2257 "Skip roam - Current BSS has better estimated throughput");
2258 return 0;
2259 }
2260
2261 if (cur_snr > GREAT_SNR) {
2262 wpa_dbg(wpa_s, MSG_DEBUG,
2263 "Skip roam - Current BSS has good SNR (%u > %u)",
2264 cur_snr, GREAT_SNR);
2265 return 0;
2266 }
2267
2268 if (cur_level < -85) /* ..-86 dBm */
2269 min_diff = 1;
2270 else if (cur_level < -80) /* -85..-81 dBm */
2271 min_diff = 2;
2272 else if (cur_level < -75) /* -80..-76 dBm */
2273 min_diff = 3;
2274 else if (cur_level < -70) /* -75..-71 dBm */
2275 min_diff = 4;
2276 else if (cur_level < 0) /* -70..-1 dBm */
2277 min_diff = 5;
2278 else /* unspecified units (not in dBm) */
2279 min_diff = 2;
2280
2281 if (cur_est > sel_est * 1.5)
2282 min_diff += 10;
2283 else if (cur_est > sel_est * 1.2)
2284 min_diff += 5;
2285 else if (cur_est > sel_est * 1.1)
2286 min_diff += 2;
2287 else if (cur_est > sel_est)
2288 min_diff++;
2289 else if (sel_est > cur_est * 1.5)
2290 min_diff -= 10;
2291 else if (sel_est > cur_est * 1.2)
2292 min_diff -= 5;
2293 else if (sel_est > cur_est * 1.1)
2294 min_diff -= 2;
2295 else if (sel_est > cur_est)
2296 min_diff--;
2297
2298 cur_band_score = wpas_evaluate_band_score(current_bss->freq);
2299 sel_band_score = wpas_evaluate_band_score(selected->freq);
2300 min_diff += (cur_band_score - sel_band_score) * 2;
2301 if (wpa_s->signal_threshold && cur_level <= wpa_s->signal_threshold &&
2302 sel_level > wpa_s->signal_threshold)
2303 min_diff -= 2;
2304 diff = sel_level - cur_level;
2305 if (diff < min_diff) {
2306 wpa_dbg(wpa_s, MSG_DEBUG,
2307 "Skip roam - too small difference in signal level (%d < %d)",
2308 diff, min_diff);
2309 ret = 0;
2310 } else {
2311 wpa_dbg(wpa_s, MSG_DEBUG,
2312 "Allow reassociation due to difference in signal level (%d >= %d)",
2313 diff, min_diff);
2314 ret = 1;
2315 }
2316 wpa_msg_ctrl(wpa_s, MSG_INFO, "%scur_bssid=" MACSTR
2317 " cur_freq=%d cur_level=%d cur_est=%d sel_bssid=" MACSTR
2318 " sel_freq=%d sel_level=%d sel_est=%d",
2319 ret ? WPA_EVENT_DO_ROAM : WPA_EVENT_SKIP_ROAM,
2320 MAC2STR(current_bss->bssid),
2321 current_bss->freq, cur_level, cur_est,
2322 MAC2STR(selected->bssid),
2323 selected->freq, sel_level, sel_est);
2324 return ret;
2325 }
2326
2327 #endif /* CONFIG_NO_ROAMING */
2328
2329
wpa_supplicant_need_to_roam(struct wpa_supplicant * wpa_s,struct wpa_bss * selected,struct wpa_ssid * ssid)2330 static int wpa_supplicant_need_to_roam(struct wpa_supplicant *wpa_s,
2331 struct wpa_bss *selected,
2332 struct wpa_ssid *ssid)
2333 {
2334 struct wpa_bss *current_bss = NULL;
2335 const u8 *bssid;
2336
2337 if (wpa_s->reassociate)
2338 return 1; /* explicit request to reassociate */
2339 if (wpa_s->wpa_state < WPA_ASSOCIATED)
2340 return 1; /* we are not associated; continue */
2341 if (wpa_s->current_ssid == NULL)
2342 return 1; /* unknown current SSID */
2343 if (wpa_s->current_ssid != ssid)
2344 return 1; /* different network block */
2345
2346 if (wpas_driver_bss_selection(wpa_s))
2347 return 0; /* Driver-based roaming */
2348
2349 if (wpa_s->valid_links)
2350 bssid = wpa_s->links[wpa_s->mlo_assoc_link_id].bssid;
2351 else
2352 bssid = wpa_s->bssid;
2353
2354 if (wpa_s->current_ssid->ssid)
2355 current_bss = wpa_bss_get(wpa_s, bssid,
2356 wpa_s->current_ssid->ssid,
2357 wpa_s->current_ssid->ssid_len);
2358 if (!current_bss)
2359 current_bss = wpa_bss_get_bssid(wpa_s, bssid);
2360
2361 if (!current_bss)
2362 return 1; /* current BSS not seen in scan results */
2363
2364 if (current_bss == selected)
2365 return 0;
2366
2367 if (selected->last_update_idx > current_bss->last_update_idx)
2368 return 1; /* current BSS not seen in the last scan */
2369
2370 #ifndef CONFIG_NO_ROAMING
2371 return wpa_supplicant_need_to_roam_within_ess(wpa_s, current_bss,
2372 selected, true);
2373 #else /* CONFIG_NO_ROAMING */
2374 return 0;
2375 #endif /* CONFIG_NO_ROAMING */
2376 }
2377
2378
wpas_trigger_6ghz_scan(struct wpa_supplicant * wpa_s,union wpa_event_data * data)2379 static int wpas_trigger_6ghz_scan(struct wpa_supplicant *wpa_s,
2380 union wpa_event_data *data)
2381 {
2382 struct wpa_driver_scan_params params;
2383 unsigned int j;
2384
2385 wpa_dbg(wpa_s, MSG_INFO, "Triggering 6GHz-only scan");
2386 os_memset(¶ms, 0, sizeof(params));
2387 params.non_coloc_6ghz = wpa_s->last_scan_non_coloc_6ghz;
2388 for (j = 0; j < data->scan_info.num_ssids; j++)
2389 params.ssids[j] = data->scan_info.ssids[j];
2390 params.num_ssids = data->scan_info.num_ssids;
2391 wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, ¶ms,
2392 true, false, false);
2393 if (!wpa_supplicant_trigger_scan(wpa_s, ¶ms, true, true)) {
2394 wpa_s->scan_in_progress_6ghz = true;
2395 wpas_notify_scan_in_progress_6ghz(wpa_s);
2396 os_free(params.freqs);
2397 return 1;
2398 }
2399 wpa_dbg(wpa_s, MSG_INFO, "Failed to trigger 6GHz-only scan");
2400 os_free(params.freqs);
2401 return 0;
2402 }
2403
2404
wpas_short_ssid_match(struct wpa_supplicant * wpa_s,struct wpa_scan_results * scan_res)2405 static bool wpas_short_ssid_match(struct wpa_supplicant *wpa_s,
2406 struct wpa_scan_results *scan_res)
2407 {
2408 size_t i;
2409 struct wpa_ssid *ssid = wpa_s->current_ssid;
2410 u32 current_ssid_short = ieee80211_crc32(ssid->ssid, ssid->ssid_len);
2411
2412 for (i = 0; i < scan_res->num; i++) {
2413 struct wpa_scan_res *res = scan_res->res[i];
2414 const u8 *rnr_ie, *ie_end;
2415 const struct ieee80211_neighbor_ap_info *info;
2416 size_t left;
2417
2418 rnr_ie = wpa_scan_get_ie(res, WLAN_EID_REDUCED_NEIGHBOR_REPORT);
2419 if (!rnr_ie)
2420 continue;
2421
2422 ie_end = rnr_ie + 2 + rnr_ie[1];
2423 rnr_ie += 2;
2424
2425 left = ie_end - rnr_ie;
2426 if (left < sizeof(struct ieee80211_neighbor_ap_info))
2427 continue;
2428
2429 info = (const struct ieee80211_neighbor_ap_info *) rnr_ie;
2430 if (info->tbtt_info_len < 11)
2431 continue; /* short SSID not included */
2432 left -= sizeof(struct ieee80211_neighbor_ap_info);
2433 rnr_ie += sizeof(struct ieee80211_neighbor_ap_info);
2434
2435 while (left >= info->tbtt_info_len && rnr_ie + 11 <= ie_end) {
2436 /* Skip TBTT offset and BSSID */
2437 u32 short_ssid = WPA_GET_LE32(rnr_ie + 1 + ETH_ALEN);
2438
2439 if (short_ssid == current_ssid_short)
2440 return true;
2441
2442 left -= info->tbtt_info_len;
2443 rnr_ie += info->tbtt_info_len;
2444 }
2445 }
2446
2447 return false;
2448 }
2449
2450
2451 /*
2452 * Return a negative value if no scan results could be fetched or if scan
2453 * results should not be shared with other virtual interfaces.
2454 * Return 0 if scan results were fetched and may be shared with other
2455 * interfaces.
2456 * Return 1 if scan results may be shared with other virtual interfaces but may
2457 * not trigger any operations.
2458 * Return 2 if the interface was removed and cannot be used.
2459 */
_wpa_supplicant_event_scan_results(struct wpa_supplicant * wpa_s,union wpa_event_data * data,int own_request,int update_only)2460 static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
2461 union wpa_event_data *data,
2462 int own_request, int update_only)
2463 {
2464 struct wpa_scan_results *scan_res = NULL;
2465 int ret = 0;
2466 int ap = 0;
2467 bool trigger_6ghz_scan;
2468 bool short_ssid_match_found = false;
2469 #ifndef CONFIG_NO_RANDOM_POOL
2470 size_t i, num;
2471 #endif /* CONFIG_NO_RANDOM_POOL */
2472
2473 #ifdef CONFIG_AP
2474 if (wpa_s->ap_iface)
2475 ap = 1;
2476 #endif /* CONFIG_AP */
2477
2478 trigger_6ghz_scan = wpa_s->crossed_6ghz_dom &&
2479 wpa_s->last_scan_all_chan;
2480 wpa_s->crossed_6ghz_dom = false;
2481 wpa_s->last_scan_all_chan = false;
2482
2483 wpa_supplicant_notify_scanning(wpa_s, 0);
2484
2485 scan_res = wpa_supplicant_get_scan_results(wpa_s,
2486 data ? &data->scan_info :
2487 NULL, 1, NULL);
2488
2489 if (wpa_s->scan_in_progress_6ghz) {
2490 wpa_s->scan_in_progress_6ghz = false;
2491 wpas_notify_scan_in_progress_6ghz(wpa_s);
2492 }
2493
2494 if (scan_res == NULL) {
2495 if (wpa_s->conf->ap_scan == 2 || ap ||
2496 wpa_s->scan_res_handler == scan_only_handler)
2497 return -1;
2498 if (!own_request)
2499 return -1;
2500 if (data && data->scan_info.external_scan)
2501 return -1;
2502 if (wpa_s->scan_res_fail_handler) {
2503 void (*handler)(struct wpa_supplicant *wpa_s);
2504
2505 handler = wpa_s->scan_res_fail_handler;
2506 wpa_s->scan_res_fail_handler = NULL;
2507 handler(wpa_s);
2508 } else {
2509 wpa_dbg(wpa_s, MSG_DEBUG,
2510 "Failed to get scan results - try scanning again");
2511 wpa_supplicant_req_new_scan(wpa_s, 1, 0);
2512 }
2513
2514 ret = -1;
2515 goto scan_work_done;
2516 }
2517
2518 #ifndef CONFIG_NO_RANDOM_POOL
2519 num = scan_res->num;
2520 if (num > 10)
2521 num = 10;
2522 for (i = 0; i < num; i++) {
2523 u8 buf[5];
2524 struct wpa_scan_res *res = scan_res->res[i];
2525 buf[0] = res->bssid[5];
2526 buf[1] = res->qual & 0xff;
2527 buf[2] = res->noise & 0xff;
2528 buf[3] = res->level & 0xff;
2529 buf[4] = res->tsf & 0xff;
2530 random_add_randomness(buf, sizeof(buf));
2531 }
2532 #endif /* CONFIG_NO_RANDOM_POOL */
2533
2534 if (data) {
2535 size_t idx;
2536
2537 wpa_s->last_scan_external = data->scan_info.external_scan;
2538 wpa_s->last_scan_num_ssids = data->scan_info.num_ssids;
2539 for (idx = 0; idx < wpa_s->last_scan_num_ssids; idx++) {
2540 /* Copy the SSID and its length */
2541 if (idx >= WPAS_MAX_SCAN_SSIDS ||
2542 data->scan_info.ssids[idx].ssid_len > SSID_MAX_LEN)
2543 continue;
2544
2545 os_memcpy(wpa_s->last_scan_ssids[idx].ssid,
2546 data->scan_info.ssids[idx].ssid,
2547 data->scan_info.ssids[idx].ssid_len);
2548 wpa_s->last_scan_ssids[idx].ssid_len =
2549 data->scan_info.ssids[idx].ssid_len;
2550 }
2551 } else {
2552 wpa_s->last_scan_external = false;
2553 wpa_s->last_scan_num_ssids = 0;
2554 }
2555
2556 if (update_only) {
2557 ret = 1;
2558 goto scan_work_done;
2559 }
2560
2561 if (own_request && wpa_s->scan_res_handler &&
2562 !(data && data->scan_info.external_scan)) {
2563 void (*scan_res_handler)(struct wpa_supplicant *wpa_s,
2564 struct wpa_scan_results *scan_res);
2565
2566 scan_res_handler = wpa_s->scan_res_handler;
2567 wpa_s->scan_res_handler = NULL;
2568 scan_res_handler(wpa_s, scan_res);
2569 ret = 1;
2570 goto scan_work_done;
2571 }
2572
2573 wpa_dbg(wpa_s, MSG_DEBUG, "New scan results available (own=%u ext=%u)",
2574 wpa_s->own_scan_running,
2575 data ? data->scan_info.external_scan : 0);
2576 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
2577 wpa_s->manual_scan_use_id && wpa_s->own_scan_running &&
2578 own_request && !(data && data->scan_info.external_scan)) {
2579 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
2580 wpa_s->manual_scan_id);
2581 wpa_s->manual_scan_use_id = 0;
2582 } else {
2583 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
2584 }
2585 wpas_notify_scan_results(wpa_s);
2586
2587 wpas_notify_scan_done(wpa_s, 1);
2588
2589 if (ap) {
2590 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore scan results in AP mode");
2591 #ifdef CONFIG_AP
2592 if (wpa_s->ap_iface->scan_cb)
2593 wpa_s->ap_iface->scan_cb(wpa_s->ap_iface);
2594 #endif /* CONFIG_AP */
2595 goto scan_work_done;
2596 }
2597
2598 if (data && data->scan_info.external_scan) {
2599 wpa_dbg(wpa_s, MSG_DEBUG, "Do not use results from externally requested scan operation for network selection");
2600 wpa_scan_results_free(scan_res);
2601 return 0;
2602 }
2603
2604 if (sme_proc_obss_scan(wpa_s) > 0)
2605 goto scan_work_done;
2606
2607 #ifndef CONFIG_NO_RRM
2608 if (own_request && data &&
2609 wpas_beacon_rep_scan_process(wpa_s, scan_res, &data->scan_info) > 0)
2610 goto scan_work_done;
2611 #endif /* CONFIG_NO_RRM */
2612
2613 if (ml_link_probe_scan(wpa_s))
2614 goto scan_work_done;
2615
2616 if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s)))
2617 goto scan_work_done;
2618
2619 if (autoscan_notify_scan(wpa_s, scan_res))
2620 goto scan_work_done;
2621
2622 if (wpa_s->disconnected) {
2623 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2624 goto scan_work_done;
2625 }
2626
2627 if (!wpas_driver_bss_selection(wpa_s) &&
2628 bgscan_notify_scan(wpa_s, scan_res) == 1)
2629 goto scan_work_done;
2630
2631 wpas_wps_update_ap_info(wpa_s, scan_res);
2632
2633 if (wnm_scan_process(wpa_s, false) > 0)
2634 goto scan_work_done;
2635
2636 if (wpa_s->wpa_state >= WPA_AUTHENTICATING &&
2637 wpa_s->wpa_state < WPA_COMPLETED)
2638 goto scan_work_done;
2639
2640 if (wpa_s->current_ssid && trigger_6ghz_scan && own_request && data &&
2641 wpas_short_ssid_match(wpa_s, scan_res)) {
2642 wpa_dbg(wpa_s, MSG_INFO, "Short SSID match in scan results");
2643 short_ssid_match_found = true;
2644 }
2645
2646 wpa_scan_results_free(scan_res);
2647
2648 if (own_request && wpa_s->scan_work) {
2649 struct wpa_radio_work *work = wpa_s->scan_work;
2650 wpa_s->scan_work = NULL;
2651 radio_work_done(work);
2652 }
2653
2654 os_free(wpa_s->last_scan_freqs);
2655 wpa_s->last_scan_freqs = NULL;
2656 wpa_s->num_last_scan_freqs = 0;
2657 if (own_request && data &&
2658 data->scan_info.freqs && data->scan_info.num_freqs) {
2659 wpa_s->last_scan_freqs = os_malloc(sizeof(int) *
2660 data->scan_info.num_freqs);
2661 if (wpa_s->last_scan_freqs) {
2662 os_memcpy(wpa_s->last_scan_freqs,
2663 data->scan_info.freqs,
2664 sizeof(int) * data->scan_info.num_freqs);
2665 wpa_s->num_last_scan_freqs = data->scan_info.num_freqs;
2666 }
2667 }
2668
2669 if (wpa_s->supp_pbc_active && !wpas_wps_partner_link_scan_done(wpa_s))
2670 return ret;
2671
2672 if (short_ssid_match_found && wpas_trigger_6ghz_scan(wpa_s, data) > 0)
2673 return 1;
2674
2675 return wpas_select_network_from_last_scan(wpa_s, 1, own_request,
2676 trigger_6ghz_scan, data);
2677
2678 scan_work_done:
2679 wpa_scan_results_free(scan_res);
2680 if (own_request && wpa_s->scan_work) {
2681 struct wpa_radio_work *work = wpa_s->scan_work;
2682 wpa_s->scan_work = NULL;
2683 radio_work_done(work);
2684 }
2685 return ret;
2686 }
2687
2688
2689 /**
2690 * Select a network from the last scan
2691 * @wpa_s: Pointer to wpa_supplicant data
2692 * @new_scan: Whether this function was called right after a scan has finished
2693 * @own_request: Whether the scan was requested by this interface
2694 * @trigger_6ghz_scan: Whether to trigger a 6ghz-only scan when applicable
2695 * @data: Scan data from scan that finished if applicable
2696 *
2697 * See _wpa_supplicant_event_scan_results() for return values.
2698 */
wpas_select_network_from_last_scan(struct wpa_supplicant * wpa_s,int new_scan,int own_request,bool trigger_6ghz_scan,union wpa_event_data * data)2699 static int wpas_select_network_from_last_scan(struct wpa_supplicant *wpa_s,
2700 int new_scan, int own_request,
2701 bool trigger_6ghz_scan,
2702 union wpa_event_data *data)
2703 {
2704 struct wpa_bss *selected;
2705 struct wpa_ssid *ssid = NULL;
2706 int time_to_reenable = wpas_reenabled_network_time(wpa_s);
2707
2708 if (time_to_reenable > 0) {
2709 wpa_dbg(wpa_s, MSG_DEBUG,
2710 "Postpone network selection by %d seconds since all networks are disabled",
2711 time_to_reenable);
2712 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
2713 eloop_register_timeout(time_to_reenable, 0,
2714 wpas_network_reenabled, wpa_s, NULL);
2715 return 0;
2716 }
2717
2718 if (wpa_s->p2p_mgmt)
2719 return 0; /* no normal connection on p2p_mgmt interface */
2720
2721 wpa_s->owe_transition_search = 0;
2722 #ifdef CONFIG_OWE
2723 os_free(wpa_s->owe_trans_scan_freq);
2724 wpa_s->owe_trans_scan_freq = NULL;
2725 #endif /* CONFIG_OWE */
2726 selected = wpa_supplicant_pick_network(wpa_s, &ssid);
2727
2728 #ifdef CONFIG_MESH
2729 if (wpa_s->ifmsh) {
2730 wpa_msg(wpa_s, MSG_INFO,
2731 "Avoiding join because we already joined a mesh group");
2732 return 0;
2733 }
2734 #endif /* CONFIG_MESH */
2735
2736 if (selected) {
2737 int skip;
2738 skip = !wpa_supplicant_need_to_roam(wpa_s, selected, ssid);
2739 if (skip) {
2740 if (new_scan)
2741 wpa_supplicant_rsn_preauth_scan_results(wpa_s);
2742 return 0;
2743 }
2744
2745 wpa_s->suitable_network++;
2746
2747 if (ssid != wpa_s->current_ssid &&
2748 wpa_s->wpa_state >= WPA_AUTHENTICATING) {
2749 wpa_s->own_disconnect_req = 1;
2750 wpa_supplicant_deauthenticate(
2751 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
2752 }
2753
2754 if (wpa_supplicant_connect(wpa_s, selected, ssid) < 0) {
2755 wpa_dbg(wpa_s, MSG_DEBUG, "Connect failed");
2756 return -1;
2757 }
2758 wpa_s->supp_pbc_active = false;
2759
2760 if (new_scan)
2761 wpa_supplicant_rsn_preauth_scan_results(wpa_s);
2762 /*
2763 * Do not allow other virtual radios to trigger operations based
2764 * on these scan results since we do not want them to start
2765 * other associations at the same time.
2766 */
2767 return 1;
2768 } else {
2769 wpa_s->no_suitable_network++;
2770 wpa_dbg(wpa_s, MSG_DEBUG, "No suitable network found");
2771 ssid = wpa_supplicant_pick_new_network(wpa_s);
2772 if (ssid) {
2773 wpa_dbg(wpa_s, MSG_DEBUG, "Setup a new network");
2774 wpa_supplicant_associate(wpa_s, NULL, ssid);
2775 if (new_scan)
2776 wpa_supplicant_rsn_preauth_scan_results(wpa_s);
2777 } else if (own_request) {
2778 if (wpa_s->support_6ghz && trigger_6ghz_scan && data &&
2779 wpas_trigger_6ghz_scan(wpa_s, data) > 0)
2780 return 1;
2781
2782 /*
2783 * No SSID found. If SCAN results are as a result of
2784 * own scan request and not due to a scan request on
2785 * another shared interface, try another scan.
2786 */
2787 int timeout_sec = wpa_s->scan_interval;
2788 int timeout_usec = 0;
2789 #ifdef CONFIG_P2P
2790 int res;
2791
2792 res = wpas_p2p_scan_no_go_seen(wpa_s);
2793 if (res == 2)
2794 return 2;
2795 if (res == 1)
2796 return 0;
2797
2798 if (wpas_p2p_retry_limit_exceeded(wpa_s))
2799 return 0;
2800
2801 if (wpa_s->p2p_in_provisioning ||
2802 wpa_s->show_group_started ||
2803 wpa_s->p2p_in_invitation) {
2804 /*
2805 * Use shorter wait during P2P Provisioning
2806 * state and during P2P join-a-group operation
2807 * to speed up group formation.
2808 */
2809 timeout_sec = 0;
2810 timeout_usec = 250000;
2811 wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
2812 timeout_usec);
2813 return 0;
2814 }
2815 #endif /* CONFIG_P2P */
2816 #ifdef CONFIG_INTERWORKING
2817 if (wpa_s->conf->auto_interworking &&
2818 wpa_s->conf->interworking &&
2819 wpa_s->conf->cred) {
2820 wpa_dbg(wpa_s, MSG_DEBUG, "Interworking: "
2821 "start ANQP fetch since no matching "
2822 "networks found");
2823 wpa_s->network_select = 1;
2824 wpa_s->auto_network_select = 1;
2825 interworking_start_fetch_anqp(wpa_s);
2826 return 1;
2827 }
2828 #endif /* CONFIG_INTERWORKING */
2829 #ifdef CONFIG_WPS
2830 if (wpa_s->after_wps > 0 || wpas_wps_searching(wpa_s)) {
2831 wpa_dbg(wpa_s, MSG_DEBUG, "Use shorter wait during WPS processing");
2832 timeout_sec = 0;
2833 timeout_usec = 500000;
2834 wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
2835 timeout_usec);
2836 return 0;
2837 }
2838 #endif /* CONFIG_WPS */
2839 #ifdef CONFIG_OWE
2840 if (wpa_s->owe_transition_search) {
2841 wpa_dbg(wpa_s, MSG_DEBUG,
2842 "OWE: Use shorter wait during transition mode search");
2843 timeout_sec = 0;
2844 timeout_usec = 500000;
2845 if (wpa_s->owe_trans_scan_freq) {
2846 os_free(wpa_s->next_scan_freqs);
2847 wpa_s->next_scan_freqs =
2848 wpa_s->owe_trans_scan_freq;
2849 wpa_s->owe_trans_scan_freq = NULL;
2850 timeout_usec = 100000;
2851 }
2852 wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
2853 timeout_usec);
2854 return 0;
2855 }
2856 #endif /* CONFIG_OWE */
2857 if (wpa_supplicant_req_sched_scan(wpa_s))
2858 wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
2859 timeout_usec);
2860
2861 wpa_msg_ctrl(wpa_s, MSG_INFO,
2862 WPA_EVENT_NETWORK_NOT_FOUND);
2863 }
2864 }
2865 return 0;
2866 }
2867
2868
wpa_supplicant_event_scan_results(struct wpa_supplicant * wpa_s,union wpa_event_data * data)2869 static int wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
2870 union wpa_event_data *data)
2871 {
2872 struct wpa_supplicant *ifs;
2873 int res;
2874
2875 res = _wpa_supplicant_event_scan_results(wpa_s, data, 1, 0);
2876 if (res == 2) {
2877 /*
2878 * Interface may have been removed, so must not dereference
2879 * wpa_s after this.
2880 */
2881 return 1;
2882 }
2883
2884 if (res < 0) {
2885 /*
2886 * If no scan results could be fetched, then no need to
2887 * notify those interfaces that did not actually request
2888 * this scan. Similarly, if scan results started a new operation on this
2889 * interface, do not notify other interfaces to avoid concurrent
2890 * operations during a connection attempt.
2891 */
2892 return 0;
2893 }
2894
2895 /*
2896 * Check other interfaces to see if they share the same radio. If
2897 * so, they get updated with this same scan info.
2898 */
2899 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
2900 radio_list) {
2901 if (ifs != wpa_s) {
2902 wpa_printf(MSG_DEBUG, "%s: Updating scan results from "
2903 "sibling", ifs->ifname);
2904 res = _wpa_supplicant_event_scan_results(ifs, data, 0,
2905 res > 0);
2906 if (res < 0)
2907 return 0;
2908 }
2909 }
2910
2911 return 0;
2912 }
2913
2914 #endif /* CONFIG_NO_SCAN_PROCESSING */
2915
2916
wpa_supplicant_fast_associate(struct wpa_supplicant * wpa_s)2917 int wpa_supplicant_fast_associate(struct wpa_supplicant *wpa_s)
2918 {
2919 #ifdef CONFIG_NO_SCAN_PROCESSING
2920 return -1;
2921 #else /* CONFIG_NO_SCAN_PROCESSING */
2922 struct os_reltime now;
2923
2924 wpa_s->ignore_post_flush_scan_res = 0;
2925
2926 if (wpa_s->last_scan_res_used == 0)
2927 return -1;
2928
2929 os_get_reltime(&now);
2930 if (os_reltime_expired(&now, &wpa_s->last_scan,
2931 wpa_s->conf->scan_res_valid_for_connect)) {
2932 wpa_printf(MSG_DEBUG, "Fast associate: Old scan results");
2933 return -1;
2934 } else if (wpa_s->crossed_6ghz_dom) {
2935 wpa_printf(MSG_DEBUG, "Fast associate: Crossed 6 GHz domain");
2936 return -1;
2937 }
2938
2939 return wpas_select_network_from_last_scan(wpa_s, 0, 1, false, NULL);
2940 #endif /* CONFIG_NO_SCAN_PROCESSING */
2941 }
2942
2943
wpa_wps_supplicant_fast_associate(struct wpa_supplicant * wpa_s)2944 int wpa_wps_supplicant_fast_associate(struct wpa_supplicant *wpa_s)
2945 {
2946 #ifdef CONFIG_NO_SCAN_PROCESSING
2947 return -1;
2948 #else /* CONFIG_NO_SCAN_PROCESSING */
2949 return wpas_select_network_from_last_scan(wpa_s, 1, 1, false, NULL);
2950 #endif /* CONFIG_NO_SCAN_PROCESSING */
2951 }
2952
2953
2954 #ifdef CONFIG_WNM
2955
wnm_bss_keep_alive(void * eloop_ctx,void * sock_ctx)2956 static void wnm_bss_keep_alive(void *eloop_ctx, void *sock_ctx)
2957 {
2958 struct wpa_supplicant *wpa_s = eloop_ctx;
2959
2960 if (wpa_s->wpa_state < WPA_ASSOCIATED)
2961 return;
2962
2963 if (!wpa_s->no_keep_alive) {
2964 wpa_printf(MSG_DEBUG, "WNM: Send keep-alive to AP " MACSTR,
2965 MAC2STR(wpa_s->bssid));
2966 /* TODO: could skip this if normal data traffic has been sent */
2967 /* TODO: Consider using some more appropriate data frame for
2968 * this */
2969 if (wpa_s->l2)
2970 l2_packet_send(wpa_s->l2, wpa_s->bssid, 0x0800,
2971 (u8 *) "", 0);
2972 }
2973
2974 #ifdef CONFIG_SME
2975 if (wpa_s->sme.bss_max_idle_period) {
2976 unsigned int msec;
2977 msec = wpa_s->sme.bss_max_idle_period * 1024; /* times 1000 */
2978 if (msec > 100)
2979 msec -= 100;
2980 eloop_register_timeout(msec / 1000, msec % 1000 * 1000,
2981 wnm_bss_keep_alive, wpa_s, NULL);
2982 }
2983 #endif /* CONFIG_SME */
2984 }
2985
2986
wnm_process_assoc_resp(struct wpa_supplicant * wpa_s,const u8 * ies,size_t ies_len)2987 static void wnm_process_assoc_resp(struct wpa_supplicant *wpa_s,
2988 const u8 *ies, size_t ies_len)
2989 {
2990 struct ieee802_11_elems elems;
2991
2992 if (ies == NULL)
2993 return;
2994
2995 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed)
2996 return;
2997
2998 #ifdef CONFIG_SME
2999 if (elems.bss_max_idle_period) {
3000 unsigned int msec;
3001 wpa_s->sme.bss_max_idle_period =
3002 WPA_GET_LE16(elems.bss_max_idle_period);
3003 wpa_printf(MSG_DEBUG, "WNM: BSS Max Idle Period: %u (* 1000 "
3004 "TU)%s", wpa_s->sme.bss_max_idle_period,
3005 (elems.bss_max_idle_period[2] & 0x01) ?
3006 " (protected keep-live required)" : "");
3007 if (wpa_s->sme.bss_max_idle_period == 0)
3008 wpa_s->sme.bss_max_idle_period = 1;
3009 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) {
3010 eloop_cancel_timeout(wnm_bss_keep_alive, wpa_s, NULL);
3011 /* msec times 1000 */
3012 msec = wpa_s->sme.bss_max_idle_period * 1024;
3013 if (msec > 100)
3014 msec -= 100;
3015 eloop_register_timeout(msec / 1000, msec % 1000 * 1000,
3016 wnm_bss_keep_alive, wpa_s,
3017 NULL);
3018 }
3019 } else {
3020 wpa_s->sme.bss_max_idle_period = 0;
3021 }
3022 #endif /* CONFIG_SME */
3023 }
3024
3025 #endif /* CONFIG_WNM */
3026
3027
wnm_bss_keep_alive_deinit(struct wpa_supplicant * wpa_s)3028 void wnm_bss_keep_alive_deinit(struct wpa_supplicant *wpa_s)
3029 {
3030 #ifdef CONFIG_WNM
3031 eloop_cancel_timeout(wnm_bss_keep_alive, wpa_s, NULL);
3032 #endif /* CONFIG_WNM */
3033 }
3034
3035
wpas_qos_map_set(struct wpa_supplicant * wpa_s,const u8 * qos_map,size_t len)3036 static int wpas_qos_map_set(struct wpa_supplicant *wpa_s, const u8 *qos_map,
3037 size_t len)
3038 {
3039 int res;
3040
3041 wpa_hexdump(MSG_DEBUG, "Interworking: QoS Map Set", qos_map, len);
3042 res = wpa_drv_set_qos_map(wpa_s, qos_map, len);
3043 if (res) {
3044 wpa_printf(MSG_DEBUG, "Interworking: Failed to configure QoS Map Set to the driver");
3045 }
3046
3047 return res;
3048 }
3049
3050
interworking_process_assoc_resp(struct wpa_supplicant * wpa_s,const u8 * ies,size_t ies_len)3051 static void interworking_process_assoc_resp(struct wpa_supplicant *wpa_s,
3052 const u8 *ies, size_t ies_len)
3053 {
3054 struct ieee802_11_elems elems;
3055
3056 if (ies == NULL)
3057 return;
3058
3059 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed)
3060 return;
3061
3062 if (elems.qos_map_set) {
3063 wpas_qos_map_set(wpa_s, elems.qos_map_set,
3064 elems.qos_map_set_len);
3065 }
3066 }
3067
3068
wpa_supplicant_set_4addr_mode(struct wpa_supplicant * wpa_s)3069 static void wpa_supplicant_set_4addr_mode(struct wpa_supplicant *wpa_s)
3070 {
3071 if (wpa_s->enabled_4addr_mode) {
3072 wpa_printf(MSG_DEBUG, "4addr mode already set");
3073 return;
3074 }
3075
3076 if (wpa_drv_set_4addr_mode(wpa_s, 1) < 0) {
3077 wpa_msg(wpa_s, MSG_ERROR, "Failed to set 4addr mode");
3078 goto fail;
3079 }
3080 wpa_s->enabled_4addr_mode = 1;
3081 wpa_dbg(wpa_s, MSG_DEBUG, "Successfully set 4addr mode");
3082 return;
3083
3084 fail:
3085 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3086 }
3087
3088
multi_ap_process_assoc_resp(struct wpa_supplicant * wpa_s,const u8 * ies,size_t ies_len)3089 static void multi_ap_process_assoc_resp(struct wpa_supplicant *wpa_s,
3090 const u8 *ies, size_t ies_len)
3091 {
3092 struct ieee802_11_elems elems;
3093 struct multi_ap_params multi_ap;
3094 u16 status;
3095
3096 wpa_s->multi_ap_ie = 0;
3097
3098 if (!ies ||
3099 ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed ||
3100 !elems.multi_ap)
3101 return;
3102
3103 status = check_multi_ap_ie(elems.multi_ap + 4, elems.multi_ap_len - 4,
3104 &multi_ap);
3105 if (status != WLAN_STATUS_SUCCESS)
3106 return;
3107
3108 wpa_s->multi_ap_backhaul = !!(multi_ap.capability &
3109 MULTI_AP_BACKHAUL_BSS);
3110 wpa_s->multi_ap_fronthaul = !!(multi_ap.capability &
3111 MULTI_AP_FRONTHAUL_BSS);
3112 wpa_s->multi_ap_ie = 1;
3113 }
3114
3115
multi_ap_set_4addr_mode(struct wpa_supplicant * wpa_s)3116 static void multi_ap_set_4addr_mode(struct wpa_supplicant *wpa_s)
3117 {
3118 if (!wpa_s->current_ssid ||
3119 !wpa_s->current_ssid->multi_ap_backhaul_sta)
3120 return;
3121
3122 if (!wpa_s->multi_ap_ie) {
3123 wpa_printf(MSG_INFO,
3124 "AP does not include valid Multi-AP element");
3125 goto fail;
3126 }
3127
3128 if (!wpa_s->multi_ap_backhaul) {
3129 if (wpa_s->multi_ap_fronthaul &&
3130 wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
3131 wpa_printf(MSG_INFO,
3132 "WPS active, accepting fronthaul-only BSS");
3133 /* Don't set 4addr mode in this case, so just return */
3134 return;
3135 }
3136 wpa_printf(MSG_INFO, "AP doesn't support backhaul BSS");
3137 goto fail;
3138 }
3139
3140 wpa_supplicant_set_4addr_mode(wpa_s);
3141 return;
3142
3143 fail:
3144 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3145 }
3146
3147
3148 #ifdef CONFIG_FST
wpas_fst_update_mbie(struct wpa_supplicant * wpa_s,const u8 * ie,size_t ie_len)3149 static int wpas_fst_update_mbie(struct wpa_supplicant *wpa_s,
3150 const u8 *ie, size_t ie_len)
3151 {
3152 struct mb_ies_info mb_ies;
3153
3154 if (!ie || !ie_len || !wpa_s->fst)
3155 return -ENOENT;
3156
3157 os_memset(&mb_ies, 0, sizeof(mb_ies));
3158
3159 while (ie_len >= 2 && mb_ies.nof_ies < MAX_NOF_MB_IES_SUPPORTED) {
3160 size_t len;
3161
3162 len = 2 + ie[1];
3163 if (len > ie_len) {
3164 wpa_hexdump(MSG_DEBUG, "FST: Truncated IE found",
3165 ie, ie_len);
3166 break;
3167 }
3168
3169 if (ie[0] == WLAN_EID_MULTI_BAND) {
3170 wpa_printf(MSG_DEBUG, "MB IE of %u bytes found",
3171 (unsigned int) len);
3172 mb_ies.ies[mb_ies.nof_ies].ie = ie + 2;
3173 mb_ies.ies[mb_ies.nof_ies].ie_len = len - 2;
3174 mb_ies.nof_ies++;
3175 }
3176
3177 ie_len -= len;
3178 ie += len;
3179 }
3180
3181 if (mb_ies.nof_ies > 0) {
3182 wpabuf_free(wpa_s->received_mb_ies);
3183 wpa_s->received_mb_ies = mb_ies_by_info(&mb_ies);
3184 return 0;
3185 }
3186
3187 return -ENOENT;
3188 }
3189 #endif /* CONFIG_FST */
3190
3191
wpa_supplicant_use_own_rsne_params(struct wpa_supplicant * wpa_s,union wpa_event_data * data)3192 static int wpa_supplicant_use_own_rsne_params(struct wpa_supplicant *wpa_s,
3193 union wpa_event_data *data)
3194 {
3195 int sel;
3196 const u8 *p;
3197 int l, len;
3198 bool found = false;
3199 struct wpa_ie_data ie;
3200 struct wpa_ssid *ssid = wpa_s->current_ssid;
3201 struct wpa_bss *bss = wpa_s->current_bss;
3202 int pmf;
3203
3204 if (!ssid)
3205 return 0;
3206
3207 p = data->assoc_info.req_ies;
3208 l = data->assoc_info.req_ies_len;
3209
3210 while (p && l >= 2) {
3211 len = p[1] + 2;
3212 if (len > l) {
3213 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
3214 p, l);
3215 break;
3216 }
3217 if (((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
3218 (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) ||
3219 (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 4 &&
3220 (os_memcmp(&p[2], "\x50\x6F\x9A\x12", 4) == 0)) ||
3221 (p[0] == WLAN_EID_RSN && p[1] >= 2))) {
3222 found = true;
3223 break;
3224 }
3225 l -= len;
3226 p += len;
3227 }
3228
3229 if (!found || wpa_parse_wpa_ie(p, len, &ie) < 0) {
3230 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, 0);
3231 return 0;
3232 }
3233
3234 wpa_hexdump(MSG_DEBUG,
3235 "WPA: Update cipher suite selection based on IEs in driver-generated WPA/RSNE in AssocReq",
3236 p, l);
3237
3238 /* Update proto from (Re)Association Request frame info */
3239 wpa_s->wpa_proto = ie.proto;
3240 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, wpa_s->wpa_proto);
3241 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
3242 !!(wpa_s->wpa_proto & WPA_PROTO_RSN));
3243
3244 /* Update AKMP suite from (Re)Association Request frame info */
3245 sel = ie.key_mgmt;
3246 if (ssid->key_mgmt)
3247 sel &= ssid->key_mgmt;
3248
3249 wpa_dbg(wpa_s, MSG_DEBUG,
3250 "WPA: AP key_mgmt 0x%x network key_mgmt 0x%x; available key_mgmt 0x%x",
3251 ie.key_mgmt, ssid->key_mgmt, sel);
3252 if (ie.key_mgmt && !sel) {
3253 wpa_supplicant_deauthenticate(
3254 wpa_s, WLAN_REASON_AKMP_NOT_VALID);
3255 return -1;
3256 }
3257
3258 #ifdef CONFIG_OCV
3259 if (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
3260 (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV)) && ssid->ocv)
3261 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV,
3262 !!(ie.capabilities & WPA_CAPABILITY_OCVC));
3263 #endif /* CONFIG_OCV */
3264
3265 /*
3266 * Update PMK in wpa_sm and the driver if roamed to WPA/WPA2 PSK from a
3267 * different AKM.
3268 */
3269 if (wpa_s->key_mgmt != ie.key_mgmt &&
3270 wpa_key_mgmt_wpa_psk_no_sae(ie.key_mgmt)) {
3271 if (!ssid->psk_set) {
3272 wpa_dbg(wpa_s, MSG_INFO,
3273 "No PSK available for association");
3274 wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE", NULL);
3275 return -1;
3276 }
3277
3278 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL, NULL);
3279 if (wpa_s->conf->key_mgmt_offload &&
3280 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD) &&
3281 wpa_drv_set_key(wpa_s, -1, 0, NULL, 0, 0, NULL, 0,
3282 ssid->psk, PMK_LEN, KEY_FLAG_PMK))
3283 wpa_dbg(wpa_s, MSG_ERROR,
3284 "WPA: Cannot set PMK for key management offload");
3285 }
3286
3287 wpa_s->key_mgmt = ie.key_mgmt;
3288 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
3289 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT %s and proto %d",
3290 wpa_key_mgmt_txt(wpa_s->key_mgmt, wpa_s->wpa_proto),
3291 wpa_s->wpa_proto);
3292
3293 /* Update pairwise cipher from (Re)Association Request frame info */
3294 sel = ie.pairwise_cipher;
3295 if (ssid->pairwise_cipher)
3296 sel &= ssid->pairwise_cipher;
3297
3298 wpa_dbg(wpa_s, MSG_DEBUG,
3299 "WPA: AP pairwise cipher 0x%x network pairwise cipher 0x%x; available pairwise cipher 0x%x",
3300 ie.pairwise_cipher, ssid->pairwise_cipher, sel);
3301 if (ie.pairwise_cipher && !sel) {
3302 wpa_supplicant_deauthenticate(
3303 wpa_s, WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID);
3304 return -1;
3305 }
3306
3307 wpa_s->pairwise_cipher = ie.pairwise_cipher;
3308 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
3309 wpa_s->pairwise_cipher);
3310 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
3311 wpa_cipher_txt(wpa_s->pairwise_cipher));
3312
3313 /* Update other parameters based on AP's WPA IE/RSNE, if available */
3314 if (!bss) {
3315 wpa_dbg(wpa_s, MSG_DEBUG,
3316 "WPA: current_bss == NULL - skip AP IE check");
3317 return 0;
3318 }
3319
3320 /* Update GTK and IGTK from AP's RSNE */
3321 found = false;
3322
3323 if (wpa_s->wpa_proto & WPA_PROTO_RSN) {
3324 const u8 *bss_rsn;
3325
3326 bss_rsn = wpa_bss_get_rsne(wpa_s, bss, ssid,
3327 wpa_s->valid_links);
3328 if (bss_rsn) {
3329 p = bss_rsn;
3330 len = 2 + bss_rsn[1];
3331 found = true;
3332 }
3333 } else if (wpa_s->wpa_proto & WPA_PROTO_WPA) {
3334 const u8 *bss_wpa;
3335
3336 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
3337 if (bss_wpa) {
3338 p = bss_wpa;
3339 len = 2 + bss_wpa[1];
3340 found = true;
3341 }
3342 }
3343
3344 if (!found || wpa_parse_wpa_ie(p, len, &ie) < 0)
3345 return 0;
3346
3347 pmf = wpas_get_ssid_pmf(wpa_s, ssid);
3348 if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
3349 pmf == MGMT_FRAME_PROTECTION_REQUIRED) {
3350 /* AP does not support MFP, local configuration requires it */
3351 wpa_supplicant_deauthenticate(
3352 wpa_s, WLAN_REASON_INVALID_RSN_IE_CAPAB);
3353 return -1;
3354 }
3355 if ((ie.capabilities & WPA_CAPABILITY_MFPR) &&
3356 pmf == NO_MGMT_FRAME_PROTECTION) {
3357 /* AP requires MFP, local configuration disables it */
3358 wpa_supplicant_deauthenticate(
3359 wpa_s, WLAN_REASON_INVALID_RSN_IE_CAPAB);
3360 return -1;
3361 }
3362
3363 /* Update PMF from local configuration now that MFP validation was done
3364 * above */
3365 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP, pmf);
3366
3367 /* Update GTK from AP's RSNE */
3368 sel = ie.group_cipher;
3369 if (ssid->group_cipher)
3370 sel &= ssid->group_cipher;
3371
3372 wpa_dbg(wpa_s, MSG_DEBUG,
3373 "WPA: AP group cipher 0x%x network group cipher 0x%x; available group cipher 0x%x",
3374 ie.group_cipher, ssid->group_cipher, sel);
3375 if (ie.group_cipher && !sel) {
3376 wpa_supplicant_deauthenticate(
3377 wpa_s, WLAN_REASON_GROUP_CIPHER_NOT_VALID);
3378 return -1;
3379 }
3380
3381 wpa_s->group_cipher = ie.group_cipher;
3382 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
3383 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
3384 wpa_cipher_txt(wpa_s->group_cipher));
3385
3386 /* Update IGTK from AP RSN IE */
3387 sel = ie.mgmt_group_cipher;
3388 if (ssid->group_mgmt_cipher)
3389 sel &= ssid->group_mgmt_cipher;
3390
3391 wpa_dbg(wpa_s, MSG_DEBUG,
3392 "WPA: AP mgmt_group_cipher 0x%x network mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
3393 ie.mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
3394
3395 if (pmf == NO_MGMT_FRAME_PROTECTION ||
3396 !(ie.capabilities & WPA_CAPABILITY_MFPC)) {
3397 wpa_dbg(wpa_s, MSG_DEBUG,
3398 "WPA: STA/AP is not MFP capable; AP RSNE caps 0x%x",
3399 ie.capabilities);
3400 ie.mgmt_group_cipher = 0;
3401 }
3402
3403 if (ie.mgmt_group_cipher && !sel) {
3404 wpa_supplicant_deauthenticate(
3405 wpa_s, WLAN_REASON_CIPHER_SUITE_REJECTED);
3406 return -1;
3407 }
3408
3409 wpa_s->mgmt_group_cipher = ie.mgmt_group_cipher;
3410 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
3411 wpa_s->mgmt_group_cipher);
3412 if (wpa_s->mgmt_group_cipher)
3413 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher %s",
3414 wpa_cipher_txt(wpa_s->mgmt_group_cipher));
3415 else
3416 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
3417
3418 return 0;
3419 }
3420
3421
wpa_supplicant_event_associnfo(struct wpa_supplicant * wpa_s,union wpa_event_data * data)3422 static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
3423 union wpa_event_data *data)
3424 {
3425 int l, len, found = 0, wpa_found, rsn_found;
3426 #ifndef CONFIG_NO_WPA
3427 int found_x = 0;
3428 #endif /* CONFIG_NO_WPA */
3429 const u8 *p, *ie;
3430 u8 bssid[ETH_ALEN];
3431 bool bssid_known;
3432 enum wpa_rsn_override rsn_override;
3433
3434 wpa_dbg(wpa_s, MSG_DEBUG, "Association info event");
3435 wpa_s->ssid_verified = false;
3436 wpa_s->bigtk_set = false;
3437 #ifdef CONFIG_SAE
3438 #ifdef CONFIG_SME
3439 /* SAE H2E binds the SSID into PT and that verifies the SSID
3440 * implicitly. */
3441 if (wpa_s->sme.sae.state == SAE_ACCEPTED && wpa_s->sme.sae.h2e)
3442 wpa_s->ssid_verified = true;
3443 #endif /* CONFIG_SME */
3444 #endif /* CONFIG_SAE */
3445 bssid_known = wpa_drv_get_bssid(wpa_s, bssid) == 0;
3446 if (data->assoc_info.req_ies)
3447 wpa_hexdump(MSG_DEBUG, "req_ies", data->assoc_info.req_ies,
3448 data->assoc_info.req_ies_len);
3449 if (data->assoc_info.resp_ies) {
3450 wpa_hexdump(MSG_DEBUG, "resp_ies", data->assoc_info.resp_ies,
3451 data->assoc_info.resp_ies_len);
3452 #ifdef CONFIG_TDLS
3453 wpa_tdls_assoc_resp_ies(wpa_s->wpa, data->assoc_info.resp_ies,
3454 data->assoc_info.resp_ies_len);
3455 #endif /* CONFIG_TDLS */
3456 #ifdef CONFIG_WNM
3457 wnm_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
3458 data->assoc_info.resp_ies_len);
3459 #endif /* CONFIG_WNM */
3460 interworking_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
3461 data->assoc_info.resp_ies_len);
3462 if ((wpa_s->hw_capab & BIT(CAPAB_VHT)) &&
3463 get_ie(data->assoc_info.resp_ies,
3464 data->assoc_info.resp_ies_len, WLAN_EID_VHT_CAP))
3465 wpa_s->ieee80211ac = 1;
3466
3467 multi_ap_process_assoc_resp(wpa_s, data->assoc_info.resp_ies,
3468 data->assoc_info.resp_ies_len);
3469 }
3470 if (data->assoc_info.beacon_ies)
3471 wpa_hexdump(MSG_DEBUG, "beacon_ies",
3472 data->assoc_info.beacon_ies,
3473 data->assoc_info.beacon_ies_len);
3474 if (data->assoc_info.freq)
3475 wpa_dbg(wpa_s, MSG_DEBUG, "freq=%u MHz",
3476 data->assoc_info.freq);
3477
3478 wpa_s->connection_set = 0;
3479 if (data->assoc_info.req_ies && data->assoc_info.resp_ies) {
3480 struct ieee802_11_elems req_elems, resp_elems;
3481
3482 if (ieee802_11_parse_elems(data->assoc_info.req_ies,
3483 data->assoc_info.req_ies_len,
3484 &req_elems, 0) != ParseFailed &&
3485 ieee802_11_parse_elems(data->assoc_info.resp_ies,
3486 data->assoc_info.resp_ies_len,
3487 &resp_elems, 0) != ParseFailed) {
3488 wpa_s->connection_set = 1;
3489 wpa_s->connection_ht = req_elems.ht_capabilities &&
3490 resp_elems.ht_capabilities;
3491 /* Do not include subset of VHT on 2.4 GHz vendor
3492 * extension in consideration for reporting VHT
3493 * association. */
3494 wpa_s->connection_vht = req_elems.vht_capabilities &&
3495 resp_elems.vht_capabilities &&
3496 (!data->assoc_info.freq ||
3497 wpas_freq_to_band(data->assoc_info.freq) !=
3498 BAND_2_4_GHZ);
3499 wpa_s->connection_he = req_elems.he_capabilities &&
3500 resp_elems.he_capabilities;
3501 wpa_s->connection_eht = req_elems.eht_capabilities &&
3502 resp_elems.eht_capabilities;
3503 if (req_elems.rrm_enabled)
3504 wpa_s->rrm.rrm_used = 1;
3505 }
3506 }
3507
3508 p = data->assoc_info.req_ies;
3509 l = data->assoc_info.req_ies_len;
3510
3511 /* Go through the IEs and make a copy of the WPA/RSN IE, if present. */
3512 while (p && l >= 2) {
3513 len = p[1] + 2;
3514 if (len > l) {
3515 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
3516 p, l);
3517 break;
3518 }
3519 if (!found &&
3520 ((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
3521 (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) ||
3522 (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 4 &&
3523 (os_memcmp(&p[2], "\x50\x6F\x9A\x12", 4) == 0)) ||
3524 (p[0] == WLAN_EID_RSN && p[1] >= 2))) {
3525 if (wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, p, len))
3526 break;
3527 found = 1;
3528 wpa_find_assoc_pmkid(wpa_s);
3529 }
3530 #ifndef CONFIG_NO_WPA
3531 if (!found_x && p[0] == WLAN_EID_RSNX) {
3532 if (wpa_sm_set_assoc_rsnxe(wpa_s->wpa, p, len))
3533 break;
3534 found_x = 1;
3535 }
3536 #endif /* CONFIG_NO_WPA */
3537 l -= len;
3538 p += len;
3539 }
3540 if (!found && data->assoc_info.req_ies)
3541 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
3542 #ifndef CONFIG_NO_WPA
3543 if (!found_x && data->assoc_info.req_ies)
3544 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
3545 #endif /* CONFIG_NO_WPA */
3546
3547 rsn_override = RSN_OVERRIDE_NOT_USED;
3548 ie = get_vendor_ie(data->assoc_info.req_ies,
3549 data->assoc_info.req_ies_len,
3550 RSN_SELECTION_IE_VENDOR_TYPE);
3551 if (ie && ie[1] >= 4 + 1) {
3552 switch (ie[2 + 4]) {
3553 case RSN_SELECTION_RSNE:
3554 rsn_override = RSN_OVERRIDE_RSNE;
3555 break;
3556 case RSN_SELECTION_RSNE_OVERRIDE:
3557 rsn_override = RSN_OVERRIDE_RSNE_OVERRIDE;
3558 break;
3559 case RSN_SELECTION_RSNE_OVERRIDE_2:
3560 rsn_override = RSN_OVERRIDE_RSNE_OVERRIDE_2;
3561 break;
3562 }
3563 }
3564 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE, rsn_override);
3565
3566 #ifdef CONFIG_FILS
3567 #ifdef CONFIG_SME
3568 if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS ||
3569 wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS_SK_PFS) {
3570 if (!data->assoc_info.resp_frame ||
3571 fils_process_assoc_resp(wpa_s->wpa,
3572 data->assoc_info.resp_frame,
3573 data->assoc_info.resp_frame_len) <
3574 0) {
3575 wpa_supplicant_deauthenticate(wpa_s,
3576 WLAN_REASON_UNSPECIFIED);
3577 return -1;
3578 }
3579
3580 /* FILS use of an AEAD cipher include the SSID element in
3581 * (Re)Association Request frame in the AAD and since the AP
3582 * accepted that, the SSID was verified. */
3583 wpa_s->ssid_verified = true;
3584 }
3585 #endif /* CONFIG_SME */
3586
3587 /* Additional processing for FILS when SME is in driver */
3588 if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS &&
3589 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
3590 wpa_sm_set_reset_fils_completed(wpa_s->wpa, 1);
3591 #endif /* CONFIG_FILS */
3592
3593 #ifdef CONFIG_OWE
3594 if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
3595 !(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OWE_OFFLOAD_STA) &&
3596 (!bssid_known ||
3597 owe_process_assoc_resp(wpa_s->wpa,
3598 wpa_s->valid_links ?
3599 wpa_s->ap_mld_addr : bssid,
3600 data->assoc_info.resp_ies,
3601 data->assoc_info.resp_ies_len) < 0)) {
3602 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
3603 return -1;
3604 }
3605 #endif /* CONFIG_OWE */
3606
3607 #ifdef CONFIG_DPP2
3608 wpa_sm_set_dpp_z(wpa_s->wpa, NULL);
3609 if (DPP_VERSION > 1 && wpa_s->key_mgmt == WPA_KEY_MGMT_DPP &&
3610 wpa_s->dpp_pfs) {
3611 struct ieee802_11_elems elems;
3612
3613 if (ieee802_11_parse_elems(data->assoc_info.resp_ies,
3614 data->assoc_info.resp_ies_len,
3615 &elems, 0) == ParseFailed ||
3616 !elems.owe_dh)
3617 goto no_pfs;
3618 if (dpp_pfs_process(wpa_s->dpp_pfs, elems.owe_dh,
3619 elems.owe_dh_len) < 0) {
3620 wpa_supplicant_deauthenticate(wpa_s,
3621 WLAN_REASON_UNSPECIFIED);
3622 return -1;
3623 }
3624
3625 wpa_sm_set_dpp_z(wpa_s->wpa, wpa_s->dpp_pfs->secret);
3626 }
3627 no_pfs:
3628 #endif /* CONFIG_DPP2 */
3629
3630 #ifdef CONFIG_IEEE80211R
3631 #ifdef CONFIG_SME
3632 if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FT) {
3633 if (!bssid_known ||
3634 wpa_ft_validate_reassoc_resp(wpa_s->wpa,
3635 data->assoc_info.resp_ies,
3636 data->assoc_info.resp_ies_len,
3637 bssid) < 0) {
3638 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of "
3639 "Reassociation Response failed");
3640 wpa_supplicant_deauthenticate(
3641 wpa_s, WLAN_REASON_INVALID_IE);
3642 return -1;
3643 }
3644 /* SSID is included in PMK-R0 derivation, so it is verified
3645 * implicitly. */
3646 wpa_s->ssid_verified = true;
3647 }
3648
3649 p = data->assoc_info.resp_ies;
3650 l = data->assoc_info.resp_ies_len;
3651
3652 #ifdef CONFIG_WPS_STRICT
3653 if (p && wpa_s->current_ssid &&
3654 wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_WPS) {
3655 struct wpabuf *wps;
3656 wps = ieee802_11_vendor_ie_concat(p, l, WPS_IE_VENDOR_TYPE);
3657 if (wps == NULL) {
3658 wpa_msg(wpa_s, MSG_INFO, "WPS-STRICT: AP did not "
3659 "include WPS IE in (Re)Association Response");
3660 return -1;
3661 }
3662
3663 if (wps_validate_assoc_resp(wps) < 0) {
3664 wpabuf_free(wps);
3665 wpa_supplicant_deauthenticate(
3666 wpa_s, WLAN_REASON_INVALID_IE);
3667 return -1;
3668 }
3669 wpabuf_free(wps);
3670 }
3671 #endif /* CONFIG_WPS_STRICT */
3672
3673 /* Go through the IEs and make a copy of the MDIE, if present. */
3674 while (p && l >= 2) {
3675 len = p[1] + 2;
3676 if (len > l) {
3677 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
3678 p, l);
3679 break;
3680 }
3681 if (p[0] == WLAN_EID_MOBILITY_DOMAIN &&
3682 p[1] >= MOBILITY_DOMAIN_ID_LEN) {
3683 wpa_s->sme.ft_used = 1;
3684 os_memcpy(wpa_s->sme.mobility_domain, p + 2,
3685 MOBILITY_DOMAIN_ID_LEN);
3686 break;
3687 }
3688 l -= len;
3689 p += len;
3690 }
3691 #endif /* CONFIG_SME */
3692
3693 /* Process FT when SME is in the driver */
3694 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
3695 wpa_ft_is_completed(wpa_s->wpa)) {
3696 if (!bssid_known ||
3697 wpa_ft_validate_reassoc_resp(wpa_s->wpa,
3698 data->assoc_info.resp_ies,
3699 data->assoc_info.resp_ies_len,
3700 bssid) < 0) {
3701 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of "
3702 "Reassociation Response failed");
3703 wpa_supplicant_deauthenticate(
3704 wpa_s, WLAN_REASON_INVALID_IE);
3705 return -1;
3706 }
3707 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Reassociation Response done");
3708 /* SSID is included in PMK-R0 derivation, so it is verified
3709 * implicitly. */
3710 wpa_s->ssid_verified = true;
3711 }
3712
3713 wpa_sm_set_ft_params(wpa_s->wpa, data->assoc_info.resp_ies,
3714 data->assoc_info.resp_ies_len);
3715 #endif /* CONFIG_IEEE80211R */
3716
3717 #ifndef CONFIG_NO_ROBUST_AV
3718 if (bssid_known)
3719 wpas_handle_assoc_resp_mscs(wpa_s, bssid,
3720 data->assoc_info.resp_ies,
3721 data->assoc_info.resp_ies_len);
3722 #endif /* CONFIG_NO_ROBUST_AV */
3723
3724 /* WPA/RSN IE from Beacon/ProbeResp */
3725 p = data->assoc_info.beacon_ies;
3726 l = data->assoc_info.beacon_ies_len;
3727
3728 /* Go through the IEs and make a copy of the WPA/RSN IEs, if present.
3729 */
3730 wpa_found = rsn_found = 0;
3731 while (p && l >= 2) {
3732 len = p[1] + 2;
3733 if (len > l) {
3734 wpa_hexdump(MSG_DEBUG, "Truncated IE in beacon_ies",
3735 p, l);
3736 break;
3737 }
3738 if (!wpa_found &&
3739 p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
3740 os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) {
3741 wpa_found = 1;
3742 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len);
3743 }
3744
3745 if (!rsn_found &&
3746 p[0] == WLAN_EID_RSN && p[1] >= 2) {
3747 rsn_found = 1;
3748 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len);
3749 }
3750
3751 if (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
3752 WPA_GET_BE32(&p[2]) == RSNE_OVERRIDE_2_IE_VENDOR_TYPE)
3753 wpa_sm_set_ap_rsne_override_2(wpa_s->wpa, p, len);
3754
3755 if (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
3756 WPA_GET_BE32(&p[2]) == RSNE_OVERRIDE_IE_VENDOR_TYPE)
3757 wpa_sm_set_ap_rsne_override(wpa_s->wpa, p, len);
3758
3759 if (p[0] == WLAN_EID_RSNX && p[1] >= 1)
3760 wpa_sm_set_ap_rsnxe(wpa_s->wpa, p, len);
3761
3762 if (p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
3763 WPA_GET_BE32(&p[2]) == RSNXE_OVERRIDE_IE_VENDOR_TYPE)
3764 wpa_sm_set_ap_rsnxe_override(wpa_s->wpa, p, len);
3765
3766 l -= len;
3767 p += len;
3768 }
3769
3770 if (!wpa_found && data->assoc_info.beacon_ies)
3771 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
3772 if (!rsn_found && data->assoc_info.beacon_ies) {
3773 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
3774 wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0);
3775 wpa_sm_set_ap_rsne_override(wpa_s->wpa, NULL, 0);
3776 wpa_sm_set_ap_rsne_override_2(wpa_s->wpa, NULL, 0);
3777 wpa_sm_set_ap_rsnxe_override(wpa_s->wpa, NULL, 0);
3778 }
3779 if (wpa_found || rsn_found)
3780 wpa_s->ap_ies_from_associnfo = 1;
3781
3782 if (wpa_s->assoc_freq && data->assoc_info.freq) {
3783 struct wpa_bss *bss;
3784 unsigned int freq = 0;
3785
3786 if (bssid_known) {
3787 bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
3788 if (bss)
3789 freq = bss->freq;
3790 }
3791 if (freq != data->assoc_info.freq) {
3792 wpa_printf(MSG_DEBUG,
3793 "Operating frequency changed from %u to %u MHz",
3794 wpa_s->assoc_freq, data->assoc_info.freq);
3795 wpa_supplicant_update_scan_results(wpa_s, bssid);
3796 }
3797 }
3798
3799 wpa_s->assoc_freq = data->assoc_info.freq;
3800
3801 #ifndef CONFIG_NO_ROBUST_AV
3802 wpas_handle_assoc_resp_qos_mgmt(wpa_s, data->assoc_info.resp_ies,
3803 data->assoc_info.resp_ies_len);
3804 #endif /* CONFIG_NO_ROBUST_AV */
3805
3806 return 0;
3807 }
3808
3809
wpa_supplicant_assoc_update_ie(struct wpa_supplicant * wpa_s)3810 static int wpa_supplicant_assoc_update_ie(struct wpa_supplicant *wpa_s)
3811 {
3812 const u8 *bss_wpa = NULL, *bss_rsn = NULL, *bss_rsnx = NULL;
3813 const u8 *rsnoe, *rsno2e, *rsnxoe;
3814
3815 if (!wpa_s->current_bss || !wpa_s->current_ssid)
3816 return -1;
3817
3818 if (!wpa_key_mgmt_wpa_any(wpa_s->current_ssid->key_mgmt))
3819 return 0;
3820
3821 bss_wpa = wpa_bss_get_vendor_ie(wpa_s->current_bss,
3822 WPA_IE_VENDOR_TYPE);
3823 bss_rsn = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSN);
3824 bss_rsnx = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSNX);
3825 rsnoe = wpa_bss_get_vendor_ie(wpa_s->current_bss,
3826 RSNE_OVERRIDE_IE_VENDOR_TYPE);
3827 rsno2e = wpa_bss_get_vendor_ie(wpa_s->current_bss,
3828 RSNE_OVERRIDE_2_IE_VENDOR_TYPE);
3829 rsnxoe = wpa_bss_get_vendor_ie(wpa_s->current_bss,
3830 RSNXE_OVERRIDE_IE_VENDOR_TYPE);
3831
3832 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
3833 bss_wpa ? 2 + bss_wpa[1] : 0) ||
3834 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
3835 bss_rsn ? 2 + bss_rsn[1] : 0) ||
3836 wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx,
3837 bss_rsnx ? 2 + bss_rsnx[1] : 0) ||
3838 wpa_sm_set_ap_rsne_override(wpa_s->wpa, rsnoe,
3839 rsnoe ? 2 + rsnoe[1] : 0) ||
3840 wpa_sm_set_ap_rsne_override_2(wpa_s->wpa, rsno2e,
3841 rsno2e ? 2 + rsno2e[1] : 0) ||
3842 wpa_sm_set_ap_rsnxe_override(wpa_s->wpa, rsnxoe,
3843 rsnxoe ? 2 + rsnxoe[1] : 0))
3844 return -1;
3845
3846 return 0;
3847 }
3848
3849
wpas_fst_update_mb_assoc(struct wpa_supplicant * wpa_s,union wpa_event_data * data)3850 static void wpas_fst_update_mb_assoc(struct wpa_supplicant *wpa_s,
3851 union wpa_event_data *data)
3852 {
3853 #ifdef CONFIG_FST
3854 struct assoc_info *ai = data ? &data->assoc_info : NULL;
3855 struct wpa_bss *bss = wpa_s->current_bss;
3856 const u8 *ieprb, *iebcn;
3857
3858 wpabuf_free(wpa_s->received_mb_ies);
3859 wpa_s->received_mb_ies = NULL;
3860
3861 if (ai &&
3862 !wpas_fst_update_mbie(wpa_s, ai->resp_ies, ai->resp_ies_len)) {
3863 wpa_printf(MSG_DEBUG,
3864 "FST: MB IEs updated from Association Response frame");
3865 return;
3866 }
3867
3868 if (ai &&
3869 !wpas_fst_update_mbie(wpa_s, ai->beacon_ies, ai->beacon_ies_len)) {
3870 wpa_printf(MSG_DEBUG,
3871 "FST: MB IEs updated from association event Beacon IEs");
3872 return;
3873 }
3874
3875 if (!bss)
3876 return;
3877
3878 ieprb = wpa_bss_ie_ptr(bss);
3879 iebcn = ieprb + bss->ie_len;
3880
3881 if (!wpas_fst_update_mbie(wpa_s, ieprb, bss->ie_len))
3882 wpa_printf(MSG_DEBUG, "FST: MB IEs updated from bss IE");
3883 else if (!wpas_fst_update_mbie(wpa_s, iebcn, bss->beacon_ie_len))
3884 wpa_printf(MSG_DEBUG, "FST: MB IEs updated from bss beacon IE");
3885 #endif /* CONFIG_FST */
3886 }
3887
3888
wpas_ml_parse_assoc(struct wpa_supplicant * wpa_s,struct ieee802_11_elems * elems,struct ml_sta_link_info * ml_info)3889 static unsigned int wpas_ml_parse_assoc(struct wpa_supplicant *wpa_s,
3890 struct ieee802_11_elems *elems,
3891 struct ml_sta_link_info *ml_info)
3892 {
3893 struct wpabuf *mlbuf;
3894 struct ieee80211_eht_ml *ml;
3895 size_t ml_len;
3896 struct eht_ml_basic_common_info *common_info;
3897 const u8 *pos;
3898 u16 eml_capa = 0, mld_capa = 0;
3899 const u16 control = MULTI_LINK_CONTROL_TYPE_BASIC |
3900 BASIC_MULTI_LINK_CTRL_PRES_LINK_ID |
3901 BASIC_MULTI_LINK_CTRL_PRES_BSS_PARAM_CH_COUNT;
3902 u8 expected_common_info_len = 9;
3903 unsigned int i = 0;
3904 u16 ml_control;
3905
3906 if (!wpa_s->valid_links || !elems->basic_mle || !elems->basic_mle_len)
3907 return 0;
3908
3909 mlbuf = ieee802_11_defrag(elems->basic_mle, elems->basic_mle_len, true);
3910 if (!mlbuf)
3911 return 0;
3912
3913 ml = (struct ieee80211_eht_ml *) wpabuf_head(mlbuf);
3914 ml_len = wpabuf_len(mlbuf);
3915 if (ml_len < sizeof(*ml))
3916 goto out;
3917
3918 os_memset(ml_info, 0, sizeof(*ml_info) * MAX_NUM_MLD_LINKS);
3919
3920 ml_control = le_to_host16(ml->ml_control);
3921
3922 if ((ml_control & control) != control) {
3923 wpa_printf(MSG_DEBUG, "MLD: Invalid presence BM=0x%x",
3924 ml_control);
3925 goto out;
3926 }
3927
3928 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_EML_CAPA) {
3929 wpa_printf(MSG_DEBUG, "MLD: EML capabilities included");
3930 expected_common_info_len += 2;
3931 }
3932
3933 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MLD_CAPA) {
3934 wpa_printf(MSG_DEBUG, "MLD: MLD capabilities included");
3935 expected_common_info_len += 2;
3936 }
3937
3938 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MSD_INFO) {
3939 wpa_printf(MSG_DEBUG,
3940 "MLD: Unexpected: medium sync delay info present");
3941 expected_common_info_len += 2;
3942 }
3943
3944 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_AP_MLD_ID) {
3945 wpa_printf(MSG_DEBUG,
3946 "MLD: Unexpected: MLD ID present");
3947 expected_common_info_len++;
3948 }
3949
3950 if (sizeof(*ml) + expected_common_info_len > ml_len) {
3951 wpa_printf(MSG_DEBUG,
3952 "MLD: Not enough bytes for common info. ml_len=%zu",
3953 ml_len);
3954 goto out;
3955 }
3956
3957 common_info = (struct eht_ml_basic_common_info *) ml->variable;
3958 if (common_info->len < expected_common_info_len) {
3959 wpa_printf(MSG_DEBUG,
3960 "MLD: Invalid common info len=%u. expected=%u",
3961 common_info->len, expected_common_info_len);
3962 goto out;
3963 }
3964
3965 wpa_printf(MSG_DEBUG, "MLD: address: " MACSTR,
3966 MAC2STR(common_info->mld_addr));
3967
3968 if (!ether_addr_equal(wpa_s->ap_mld_addr, common_info->mld_addr)) {
3969 wpa_printf(MSG_DEBUG, "MLD: Mismatching MLD address (expected "
3970 MACSTR ")", MAC2STR(wpa_s->ap_mld_addr));
3971 goto out;
3972 }
3973
3974 pos = common_info->variable;
3975
3976 /* Store the information for the association link */
3977 ml_info[i].link_id = *pos;
3978 pos++;
3979
3980 /* Skip the BSS Parameters Change Count */
3981 pos++;
3982
3983 /* Skip the Medium Synchronization Delay Information if present */
3984 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MSD_INFO)
3985 pos += 2;
3986
3987 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_EML_CAPA) {
3988 eml_capa = WPA_GET_LE16(pos);
3989 pos += 2;
3990 }
3991
3992 if (ml_control & BASIC_MULTI_LINK_CTRL_PRES_MLD_CAPA) {
3993 mld_capa = WPA_GET_LE16(pos);
3994 pos += 2;
3995 }
3996
3997 wpa_printf(MSG_DEBUG,
3998 "MLD: link_id=%u, eml=0x%x, mld=0x%x",
3999 ml_info[i].link_id, eml_capa, mld_capa);
4000
4001 i++;
4002
4003 pos = ((u8 *) common_info) + common_info->len;
4004 ml_len -= sizeof(*ml) + common_info->len;
4005 while (ml_len > 2 && i < MAX_NUM_MLD_LINKS) {
4006 u8 sub_elem_len = pos[1];
4007 u8 sta_info_len, sta_info_len_min;
4008 u8 nstr_bitmap_len = 0;
4009 u16 ctrl;
4010 const u8 *end;
4011
4012 wpa_printf(MSG_DEBUG, "MLD: Subelement len=%u", sub_elem_len);
4013
4014 if (sub_elem_len > ml_len - 2) {
4015 wpa_printf(MSG_DEBUG,
4016 "MLD: Invalid link info len: %u > %zu",
4017 2 + sub_elem_len, ml_len);
4018 goto out;
4019 }
4020
4021 switch (*pos) {
4022 case EHT_ML_SUB_ELEM_PER_STA_PROFILE:
4023 break;
4024 case EHT_ML_SUB_ELEM_FRAGMENT:
4025 case EHT_ML_SUB_ELEM_VENDOR:
4026 wpa_printf(MSG_DEBUG,
4027 "MLD: Skip subelement id=%u, len=%u",
4028 *pos, sub_elem_len);
4029 pos += 2 + sub_elem_len;
4030 ml_len -= 2 + sub_elem_len;
4031 continue;
4032 default:
4033 wpa_printf(MSG_DEBUG, "MLD: Unknown subelement ID=%u",
4034 *pos);
4035 goto out;
4036 }
4037
4038 end = pos + 2 + sub_elem_len;
4039
4040 /* Skip the subelement ID and the length */
4041 pos += 2;
4042 ml_len -= 2;
4043
4044 if (end - pos < 2)
4045 goto out;
4046
4047 /* Get the station control field */
4048 ctrl = WPA_GET_LE16(pos);
4049
4050 pos += 2;
4051 ml_len -= 2;
4052
4053 if (!(ctrl & EHT_PER_STA_CTRL_COMPLETE_PROFILE_MSK)) {
4054 wpa_printf(MSG_DEBUG,
4055 "MLD: Per STA complete profile expected");
4056 goto out;
4057 }
4058
4059 if (!(ctrl & EHT_PER_STA_CTRL_MAC_ADDR_PRESENT_MSK)) {
4060 wpa_printf(MSG_DEBUG,
4061 "MLD: Per STA MAC address not present");
4062 goto out;
4063 }
4064
4065 if (!(ctrl & EHT_PER_STA_CTRL_TSF_OFFSET_PRESENT_MSK)) {
4066 wpa_printf(MSG_DEBUG,
4067 "MLD: Per STA TSF offset not present");
4068 goto out;
4069 }
4070
4071 if (!(ctrl & EHT_PER_STA_CTRL_BEACON_INTERVAL_PRESENT_MSK)) {
4072 wpa_printf(MSG_DEBUG,
4073 "MLD: Beacon interval not present");
4074 goto out;
4075 }
4076
4077 if (!(ctrl & EHT_PER_STA_CTRL_DTIM_INFO_PRESENT_MSK)) {
4078 wpa_printf(MSG_DEBUG,
4079 "MLD: DTIM information not present");
4080 goto out;
4081 }
4082
4083 if (ctrl & EHT_PER_STA_CTRL_NSTR_LINK_PAIR_PRESENT_MSK) {
4084 if (ctrl & EHT_PER_STA_CTRL_NSTR_BM_SIZE_MSK)
4085 nstr_bitmap_len = 2;
4086 else
4087 nstr_bitmap_len = 1;
4088 }
4089
4090 if (!(ctrl & EHT_PER_STA_CTRL_BSS_PARAM_CNT_PRESENT_MSK)) {
4091 wpa_printf(MSG_DEBUG,
4092 "MLD: BSS params change count not present");
4093 goto out;
4094 }
4095
4096 sta_info_len_min = 1 + ETH_ALEN + 8 + 2 + 2 + 1 +
4097 nstr_bitmap_len;
4098 if (sta_info_len_min > ml_len || sta_info_len_min > end - pos ||
4099 sta_info_len_min + 2 > sub_elem_len ||
4100 sta_info_len_min > *pos) {
4101 wpa_printf(MSG_DEBUG,
4102 "MLD: Invalid STA info min len=%u, len=%u",
4103 sta_info_len_min, *pos);
4104 goto out;
4105 }
4106 sta_info_len = *pos;
4107 /* Make static analyzers happier with an explicit check even
4108 * though this was already checked above with *pos.. */
4109 if (sta_info_len < sta_info_len_min)
4110 goto out;
4111
4112 /* Get the link address */
4113 wpa_printf(MSG_DEBUG,
4114 "MLD: link addr: " MACSTR " nstr BM len=%u",
4115 MAC2STR(pos + 1), nstr_bitmap_len);
4116
4117 ml_info[i].link_id = ctrl & EHT_PER_STA_CTRL_LINK_ID_MSK;
4118 os_memcpy(ml_info[i].bssid, pos + 1, ETH_ALEN);
4119
4120 pos += sta_info_len;
4121 ml_len -= sta_info_len;
4122
4123 wpa_printf(MSG_DEBUG, "MLD: sub_elem_len=%u, sta_info_len=%u",
4124 sub_elem_len, sta_info_len);
4125
4126 sub_elem_len -= sta_info_len + 2;
4127 if (sub_elem_len < 4) {
4128 wpa_printf(MSG_DEBUG, "MLD: Per STA profile too short");
4129 goto out;
4130 }
4131
4132 wpa_hexdump(MSG_MSGDUMP, "MLD: STA profile", pos, sub_elem_len);
4133 ml_info[i].status = WPA_GET_LE16(pos + 2);
4134
4135 pos += sub_elem_len;
4136 ml_len -= sub_elem_len;
4137
4138 i++;
4139 }
4140
4141 wpabuf_free(mlbuf);
4142 return i;
4143 out:
4144 wpabuf_free(mlbuf);
4145 return 0;
4146 }
4147
4148
wpa_drv_get_mlo_info(struct wpa_supplicant * wpa_s)4149 static int wpa_drv_get_mlo_info(struct wpa_supplicant *wpa_s)
4150 {
4151 struct driver_sta_mlo_info mlo;
4152 int i;
4153
4154 os_memset(&mlo, 0, sizeof(mlo));
4155 if (wpas_drv_get_sta_mlo_info(wpa_s, &mlo)) {
4156 wpa_dbg(wpa_s, MSG_ERROR, "Failed to get MLO link info");
4157 wpa_supplicant_deauthenticate(wpa_s,
4158 WLAN_REASON_DEAUTH_LEAVING);
4159 return -1;
4160 }
4161
4162 if (wpa_s->valid_links == mlo.valid_links) {
4163 bool match = true;
4164
4165 if (!mlo.valid_links)
4166 return 0;
4167
4168 for_each_link(mlo.valid_links, i) {
4169 if (!ether_addr_equal(wpa_s->links[i].addr,
4170 mlo.links[i].addr) ||
4171 !ether_addr_equal(wpa_s->links[i].bssid,
4172 mlo.links[i].bssid)) {
4173 match = false;
4174 break;
4175 }
4176 }
4177
4178 if (match && wpa_s->mlo_assoc_link_id == mlo.assoc_link_id &&
4179 ether_addr_equal(wpa_s->ap_mld_addr, mlo.ap_mld_addr))
4180 return 0;
4181 }
4182
4183 wpa_s->valid_links = mlo.valid_links;
4184 wpa_s->mlo_assoc_link_id = mlo.assoc_link_id;
4185 os_memcpy(wpa_s->ap_mld_addr, mlo.ap_mld_addr, ETH_ALEN);
4186 for_each_link(wpa_s->valid_links, i) {
4187 os_memcpy(wpa_s->links[i].addr, mlo.links[i].addr, ETH_ALEN);
4188 os_memcpy(wpa_s->links[i].bssid, mlo.links[i].bssid, ETH_ALEN);
4189 wpa_s->links[i].freq = mlo.links[i].freq;
4190 wpa_supplicant_update_link_bss(wpa_s, i, mlo.links[i].bssid);
4191 }
4192
4193 return 0;
4194 }
4195
4196
wpa_sm_set_ml_info(struct wpa_supplicant * wpa_s)4197 static int wpa_sm_set_ml_info(struct wpa_supplicant *wpa_s)
4198 {
4199 struct driver_sta_mlo_info drv_mlo;
4200 struct wpa_sm_mlo wpa_mlo;
4201 int i;
4202
4203 os_memset(&drv_mlo, 0, sizeof(drv_mlo));
4204 if (wpas_drv_get_sta_mlo_info(wpa_s, &drv_mlo)) {
4205 wpa_dbg(wpa_s, MSG_INFO, "Failed to get MLO link info");
4206 return -1;
4207 }
4208
4209 os_memset(&wpa_mlo, 0, sizeof(wpa_mlo));
4210 if (!drv_mlo.valid_links)
4211 goto out;
4212
4213 os_memcpy(wpa_mlo.ap_mld_addr, drv_mlo.ap_mld_addr, ETH_ALEN);
4214 wpa_mlo.assoc_link_id = drv_mlo.assoc_link_id;
4215 wpa_mlo.valid_links = drv_mlo.valid_links;
4216 wpa_mlo.req_links = drv_mlo.req_links;
4217
4218 for_each_link(drv_mlo.req_links, i) {
4219 struct wpa_bss *bss;
4220 const u8 *rsne, *rsnxe, *rsnoe, *rsno2e, *rsnxoe;
4221
4222 bss = wpa_supplicant_get_new_bss(wpa_s, drv_mlo.links[i].bssid);
4223 if (!bss) {
4224 wpa_dbg(wpa_s, MSG_INFO,
4225 "Failed to get MLO link %d BSS", i);
4226 return -1;
4227 }
4228
4229 rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN);
4230 rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
4231 rsnoe = wpa_bss_get_vendor_ie(bss,
4232 RSNE_OVERRIDE_IE_VENDOR_TYPE);
4233 rsno2e = wpa_bss_get_vendor_ie(bss,
4234 RSNE_OVERRIDE_2_IE_VENDOR_TYPE);
4235 rsnxoe = wpa_bss_get_vendor_ie(bss,
4236 RSNXE_OVERRIDE_IE_VENDOR_TYPE);
4237
4238 wpa_mlo.links[i].ap_rsne = rsne ? (u8 *) rsne : NULL;
4239 wpa_mlo.links[i].ap_rsne_len = rsne ? 2 + rsne[1] : 0;
4240 wpa_mlo.links[i].ap_rsnxe = rsnxe ? (u8 *) rsnxe : NULL;
4241 wpa_mlo.links[i].ap_rsnxe_len = rsnxe ? 2 + rsnxe[1] : 0;
4242 wpa_mlo.links[i].ap_rsnoe = rsnoe ? (u8 *) rsnoe : NULL;
4243 wpa_mlo.links[i].ap_rsnoe_len = rsnoe ? 2 + rsnoe[1] : 0;
4244 wpa_mlo.links[i].ap_rsno2e = rsno2e ? (u8 *) rsno2e : NULL;
4245 wpa_mlo.links[i].ap_rsno2e_len = rsno2e ? 2 + rsno2e[1] : 0;
4246 wpa_mlo.links[i].ap_rsnxoe = rsnxoe ? (u8 *) rsnxoe : NULL;
4247 wpa_mlo.links[i].ap_rsnxoe_len = rsnxoe ? 2 + rsnxoe[1] : 0;
4248
4249 os_memcpy(wpa_mlo.links[i].bssid, drv_mlo.links[i].bssid,
4250 ETH_ALEN);
4251 os_memcpy(wpa_mlo.links[i].addr, drv_mlo.links[i].addr,
4252 ETH_ALEN);
4253 }
4254
4255 out:
4256 return wpa_sm_set_mlo_params(wpa_s->wpa, &wpa_mlo);
4257 }
4258
4259
wpa_supplicant_event_assoc(struct wpa_supplicant * wpa_s,union wpa_event_data * data)4260 static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
4261 union wpa_event_data *data)
4262 {
4263 u8 bssid[ETH_ALEN];
4264 int ft_completed, already_authorized;
4265 int new_bss = 0;
4266 #if defined(CONFIG_FILS) || defined(CONFIG_MBO)
4267 struct wpa_bss *bss;
4268 #endif /* CONFIG_FILS || CONFIG_MBO */
4269
4270 #ifdef CONFIG_AP
4271 if (wpa_s->ap_iface) {
4272 if (!data)
4273 return;
4274 hostapd_notif_assoc(wpa_s->ap_iface->bss[0],
4275 data->assoc_info.addr,
4276 data->assoc_info.req_ies,
4277 data->assoc_info.req_ies_len, NULL, 0,
4278 NULL, data->assoc_info.reassoc);
4279 return;
4280 }
4281 #endif /* CONFIG_AP */
4282
4283 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
4284 wpa_s->own_reconnect_req = 0;
4285
4286 ft_completed = wpa_ft_is_completed(wpa_s->wpa);
4287
4288 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
4289 wpa_dbg(wpa_s, MSG_ERROR, "Failed to get BSSID");
4290 wpa_supplicant_deauthenticate(
4291 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4292 return;
4293 }
4294
4295 if (wpa_drv_get_mlo_info(wpa_s) < 0) {
4296 wpa_dbg(wpa_s, MSG_ERROR, "Failed to get MLO connection info");
4297 wpa_supplicant_deauthenticate(wpa_s,
4298 WLAN_REASON_DEAUTH_LEAVING);
4299 return;
4300 }
4301
4302 if (ft_completed &&
4303 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION)) {
4304 wpa_msg(wpa_s, MSG_INFO, "Attempt to roam to " MACSTR,
4305 MAC2STR(bssid));
4306 if (!wpa_supplicant_update_current_bss(wpa_s, bssid)) {
4307 wpa_printf(MSG_ERROR,
4308 "Can't find target AP's information!");
4309 return;
4310 }
4311 wpa_supplicant_assoc_update_ie(wpa_s);
4312 }
4313
4314 if (data && wpa_supplicant_event_associnfo(wpa_s, data) < 0)
4315 return;
4316 /*
4317 * FILS authentication can share the same mechanism to mark the
4318 * connection fully authenticated, so set ft_completed also based on
4319 * FILS result.
4320 */
4321 if (!ft_completed)
4322 ft_completed = wpa_fils_is_completed(wpa_s->wpa);
4323
4324 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED);
4325 if (!ether_addr_equal(bssid, wpa_s->bssid)) {
4326 if (os_reltime_initialized(&wpa_s->session_start)) {
4327 os_reltime_age(&wpa_s->session_start,
4328 &wpa_s->session_length);
4329 wpa_s->session_start.sec = 0;
4330 wpa_s->session_start.usec = 0;
4331 wpas_notify_session_length(wpa_s);
4332 } else {
4333 wpas_notify_auth_changed(wpa_s);
4334 os_get_reltime(&wpa_s->session_start);
4335 }
4336 wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID="
4337 MACSTR, MAC2STR(bssid));
4338 new_bss = 1;
4339 random_add_randomness(bssid, ETH_ALEN);
4340 os_memcpy(wpa_s->bssid, bssid, ETH_ALEN);
4341 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
4342 wpas_notify_bssid_changed(wpa_s);
4343
4344 if (wpa_supplicant_dynamic_keys(wpa_s) && !ft_completed) {
4345 wpa_clear_keys(wpa_s, bssid);
4346 }
4347 if (wpa_supplicant_select_config(wpa_s, data) < 0) {
4348 wpa_supplicant_deauthenticate(
4349 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4350 return;
4351 }
4352 }
4353
4354 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
4355 data && wpa_supplicant_use_own_rsne_params(wpa_s, data) < 0)
4356 return;
4357
4358 multi_ap_set_4addr_mode(wpa_s);
4359
4360 if (wpa_s->conf->ap_scan == 1 &&
4361 wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION) {
4362 if (wpa_supplicant_assoc_update_ie(wpa_s) < 0 && new_bss)
4363 wpa_msg(wpa_s, MSG_WARNING,
4364 "WPA/RSN IEs not updated");
4365 }
4366
4367 wpas_fst_update_mb_assoc(wpa_s, data);
4368
4369 #ifdef CONFIG_SME
4370 /*
4371 * Cache the current AP's BSSID (for non-MLO connection) or MLD address
4372 * (for MLO connection) as the previous BSSID for subsequent
4373 * reassociation requests handled by SME-in-wpa_supplicant.
4374 */
4375 os_memcpy(wpa_s->sme.prev_bssid,
4376 wpa_s->valid_links ? wpa_s->ap_mld_addr : bssid, ETH_ALEN);
4377 wpa_s->sme.prev_bssid_set = 1;
4378 wpa_s->sme.last_unprot_disconnect.sec = 0;
4379 #endif /* CONFIG_SME */
4380
4381 wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid));
4382 if (wpa_s->current_ssid) {
4383 /* When using scanning (ap_scan=1), SIM PC/SC interface can be
4384 * initialized before association, but for other modes,
4385 * initialize PC/SC here, if the current configuration needs
4386 * smartcard or SIM/USIM. */
4387 wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid);
4388 }
4389 wpa_sm_notify_assoc(wpa_s->wpa, bssid);
4390
4391 if (wpa_sm_set_ml_info(wpa_s)) {
4392 wpa_dbg(wpa_s, MSG_INFO,
4393 "Failed to set MLO connection info to wpa_sm");
4394 wpa_supplicant_deauthenticate(wpa_s,
4395 WLAN_REASON_DEAUTH_LEAVING);
4396 return;
4397 }
4398
4399 if (wpa_s->l2)
4400 l2_packet_notify_auth_start(wpa_s->l2);
4401
4402 already_authorized = data && data->assoc_info.authorized;
4403
4404 /*
4405 * Set portEnabled first to false in order to get EAP state machine out
4406 * of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
4407 * state machine may transit to AUTHENTICATING state based on obsolete
4408 * eapSuccess and then trigger BE_AUTH to SUCCESS and PAE to
4409 * AUTHENTICATED without ever giving chance to EAP state machine to
4410 * reset the state.
4411 */
4412 if (!ft_completed && !already_authorized) {
4413 eapol_sm_notify_portEnabled(wpa_s->eapol, false);
4414 eapol_sm_notify_portValid(wpa_s->eapol, false);
4415 }
4416 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
4417 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP ||
4418 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || ft_completed ||
4419 already_authorized || wpa_s->drv_authorized_port)
4420 eapol_sm_notify_eap_success(wpa_s->eapol, false);
4421 /* 802.1X::portControl = Auto */
4422 eapol_sm_notify_portEnabled(wpa_s->eapol, true);
4423 wpa_s->eapol_received = 0;
4424 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
4425 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE ||
4426 (wpa_s->current_ssid &&
4427 wpa_s->current_ssid->mode == WPAS_MODE_IBSS)) {
4428 if (wpa_s->current_ssid &&
4429 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE &&
4430 (wpa_s->drv_flags &
4431 WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE)) {
4432 /*
4433 * Set the key after having received joined-IBSS event
4434 * from the driver.
4435 */
4436 wpa_supplicant_set_wpa_none_key(wpa_s,
4437 wpa_s->current_ssid);
4438 }
4439 wpa_supplicant_cancel_auth_timeout(wpa_s);
4440 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
4441 } else if (!ft_completed) {
4442 /* Timeout for receiving the first EAPOL packet */
4443 wpa_supplicant_req_auth_timeout(wpa_s, 10, 0);
4444 }
4445 wpa_supplicant_cancel_scan(wpa_s);
4446
4447 if (ft_completed) {
4448 /*
4449 * FT protocol completed - make sure EAPOL state machine ends
4450 * up in authenticated.
4451 */
4452 wpa_supplicant_cancel_auth_timeout(wpa_s);
4453 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
4454 eapol_sm_notify_portValid(wpa_s->eapol, true);
4455 eapol_sm_notify_eap_success(wpa_s->eapol, true);
4456 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
4457 wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
4458 if (already_authorized) {
4459 /*
4460 * We are done; the driver will take care of RSN 4-way
4461 * handshake.
4462 */
4463 wpa_supplicant_cancel_auth_timeout(wpa_s);
4464 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
4465 eapol_sm_notify_portValid(wpa_s->eapol, true);
4466 eapol_sm_notify_eap_success(wpa_s->eapol, true);
4467 } else {
4468 /* Update port, WPA_COMPLETED state from the
4469 * EVENT_PORT_AUTHORIZED handler when the driver is done
4470 * with the 4-way handshake.
4471 */
4472 wpa_msg(wpa_s, MSG_DEBUG,
4473 "ASSOC INFO: wait for driver port authorized indication");
4474 }
4475 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
4476 wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
4477 /*
4478 * The driver will take care of RSN 4-way handshake, so we need
4479 * to allow EAPOL supplicant to complete its work without
4480 * waiting for WPA supplicant.
4481 */
4482 eapol_sm_notify_portValid(wpa_s->eapol, true);
4483 }
4484
4485 wpa_s->last_eapol_matches_bssid = 0;
4486
4487 #ifdef CONFIG_TESTING_OPTIONS
4488 if (wpa_s->rsne_override_eapol) {
4489 wpa_printf(MSG_DEBUG,
4490 "TESTING: RSNE EAPOL-Key msg 2/4 override");
4491 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa,
4492 wpabuf_head(wpa_s->rsne_override_eapol),
4493 wpabuf_len(wpa_s->rsne_override_eapol));
4494 }
4495 if (wpa_s->rsnxe_override_eapol) {
4496 wpa_printf(MSG_DEBUG,
4497 "TESTING: RSNXE EAPOL-Key msg 2/4 override");
4498 wpa_sm_set_assoc_rsnxe(wpa_s->wpa,
4499 wpabuf_head(wpa_s->rsnxe_override_eapol),
4500 wpabuf_len(wpa_s->rsnxe_override_eapol));
4501 }
4502 #endif /* CONFIG_TESTING_OPTIONS */
4503
4504 if (wpa_s->pending_eapol_rx) {
4505 struct os_reltime now, age;
4506 os_get_reltime(&now);
4507 os_reltime_sub(&now, &wpa_s->pending_eapol_rx_time, &age);
4508 if (age.sec == 0 && age.usec < 200000 &&
4509 ether_addr_equal(wpa_s->pending_eapol_rx_src,
4510 wpa_s->valid_links ? wpa_s->ap_mld_addr :
4511 bssid)) {
4512 wpa_dbg(wpa_s, MSG_DEBUG, "Process pending EAPOL "
4513 "frame that was received just before "
4514 "association notification");
4515 wpa_supplicant_rx_eapol(
4516 wpa_s, wpa_s->pending_eapol_rx_src,
4517 wpabuf_head(wpa_s->pending_eapol_rx),
4518 wpabuf_len(wpa_s->pending_eapol_rx),
4519 wpa_s->pending_eapol_encrypted);
4520 }
4521 wpabuf_free(wpa_s->pending_eapol_rx);
4522 wpa_s->pending_eapol_rx = NULL;
4523 }
4524
4525 #ifdef CONFIG_WEP
4526 if ((wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
4527 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
4528 wpa_s->current_ssid &&
4529 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE)) {
4530 /* Set static WEP keys again */
4531 wpa_set_wep_keys(wpa_s, wpa_s->current_ssid);
4532 }
4533 #endif /* CONFIG_WEP */
4534
4535 #ifdef CONFIG_IBSS_RSN
4536 if (wpa_s->current_ssid &&
4537 wpa_s->current_ssid->mode == WPAS_MODE_IBSS &&
4538 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
4539 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE &&
4540 wpa_s->ibss_rsn == NULL) {
4541 wpa_s->ibss_rsn = ibss_rsn_init(wpa_s, wpa_s->current_ssid);
4542 if (!wpa_s->ibss_rsn) {
4543 wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN");
4544 wpa_supplicant_deauthenticate(
4545 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4546 return;
4547 }
4548
4549 ibss_rsn_set_psk(wpa_s->ibss_rsn, wpa_s->current_ssid->psk);
4550 }
4551 #endif /* CONFIG_IBSS_RSN */
4552
4553 wpas_wps_notify_assoc(wpa_s, bssid);
4554
4555 #ifndef CONFIG_NO_WMM_AC
4556 if (data) {
4557 wmm_ac_notify_assoc(wpa_s, data->assoc_info.resp_ies,
4558 data->assoc_info.resp_ies_len,
4559 &data->assoc_info.wmm_params);
4560
4561 if (wpa_s->reassoc_same_bss)
4562 wmm_ac_restore_tspecs(wpa_s);
4563 }
4564 #endif /* CONFIG_NO_WMM_AC */
4565
4566 #if defined(CONFIG_FILS) || defined(CONFIG_MBO)
4567 bss = wpa_bss_get_bssid(wpa_s, bssid);
4568 #endif /* CONFIG_FILS || CONFIG_MBO */
4569 #ifdef CONFIG_FILS
4570 if (wpa_key_mgmt_fils(wpa_s->key_mgmt)) {
4571 const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss);
4572
4573 if (fils_cache_id)
4574 wpa_sm_set_fils_cache_id(wpa_s->wpa, fils_cache_id);
4575 }
4576 #endif /* CONFIG_FILS */
4577
4578 #ifdef CONFIG_MBO
4579 wpas_mbo_check_pmf(wpa_s, bss, wpa_s->current_ssid);
4580 #endif /* CONFIG_MBO */
4581
4582 #ifdef CONFIG_DPP2
4583 wpa_s->dpp_pfs_fallback = 0;
4584 #endif /* CONFIG_DPP2 */
4585
4586 if (wpa_s->current_ssid && wpa_s->current_ssid->enable_4addr_mode)
4587 wpa_supplicant_set_4addr_mode(wpa_s);
4588 }
4589
4590
disconnect_reason_recoverable(u16 reason_code)4591 static int disconnect_reason_recoverable(u16 reason_code)
4592 {
4593 return reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY ||
4594 reason_code == WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA ||
4595 reason_code == WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA;
4596 }
4597
4598
wpa_supplicant_event_disassoc(struct wpa_supplicant * wpa_s,u16 reason_code,int locally_generated)4599 static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s,
4600 u16 reason_code,
4601 int locally_generated)
4602 {
4603 const u8 *bssid;
4604
4605 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
4606 /*
4607 * At least Host AP driver and a Prism3 card seemed to be
4608 * generating streams of disconnected events when configuring
4609 * IBSS for WPA-None. Ignore them for now.
4610 */
4611 return;
4612 }
4613
4614 bssid = wpa_s->bssid;
4615 if (is_zero_ether_addr(bssid))
4616 bssid = wpa_s->pending_bssid;
4617
4618 if (!is_zero_ether_addr(bssid) ||
4619 wpa_s->wpa_state >= WPA_AUTHENTICATING) {
4620 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR
4621 " reason=%d%s",
4622 MAC2STR(bssid), reason_code,
4623 locally_generated ? " locally_generated=1" : "");
4624 }
4625 }
4626
4627
could_be_psk_mismatch(struct wpa_supplicant * wpa_s,u16 reason_code,int locally_generated)4628 static int could_be_psk_mismatch(struct wpa_supplicant *wpa_s, u16 reason_code,
4629 int locally_generated)
4630 {
4631 if (wpa_s->wpa_state != WPA_4WAY_HANDSHAKE ||
4632 !wpa_s->new_connection ||
4633 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
4634 wpa_key_mgmt_sae(wpa_s->key_mgmt))
4635 return 0; /* Not in initial 4-way handshake with PSK */
4636
4637 /*
4638 * It looks like connection was lost while trying to go through PSK
4639 * 4-way handshake. Filter out known disconnection cases that are caused
4640 * by something else than PSK mismatch to avoid confusing reports.
4641 */
4642
4643 if (locally_generated) {
4644 if (reason_code == WLAN_REASON_IE_IN_4WAY_DIFFERS)
4645 return 0;
4646 }
4647
4648 return 1;
4649 }
4650
4651
wpa_supplicant_event_disassoc_finish(struct wpa_supplicant * wpa_s,u16 reason_code,int locally_generated)4652 static void wpa_supplicant_event_disassoc_finish(struct wpa_supplicant *wpa_s,
4653 u16 reason_code,
4654 int locally_generated)
4655 {
4656 const u8 *bssid;
4657 struct wpa_bss *fast_reconnect = NULL;
4658 struct wpa_ssid *fast_reconnect_ssid = NULL;
4659 struct wpa_bss *curr = NULL;
4660
4661 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
4662 /*
4663 * At least Host AP driver and a Prism3 card seemed to be
4664 * generating streams of disconnected events when configuring
4665 * IBSS for WPA-None. Ignore them for now.
4666 */
4667 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - ignore in "
4668 "IBSS/WPA-None mode");
4669 return;
4670 }
4671
4672 if (!wpa_s->disconnected && wpa_s->wpa_state >= WPA_AUTHENTICATING &&
4673 reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY &&
4674 locally_generated)
4675 /*
4676 * Remove the inactive AP (which is probably out of range) from
4677 * the BSS list after marking disassociation. In particular
4678 * mac80211-based drivers use the
4679 * WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in
4680 * locally generated disconnection events for cases where the
4681 * AP does not reply anymore.
4682 */
4683 curr = wpa_s->current_bss;
4684
4685 if (could_be_psk_mismatch(wpa_s, reason_code, locally_generated)) {
4686 wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - "
4687 "pre-shared key may be incorrect");
4688 if (wpas_p2p_4way_hs_failed(wpa_s) > 0)
4689 return; /* P2P group removed */
4690 wpas_auth_failed(wpa_s, "WRONG_KEY", wpa_s->pending_bssid);
4691 wpas_notify_psk_mismatch(wpa_s);
4692 }
4693 if (!wpa_s->disconnected &&
4694 (!wpa_s->auto_reconnect_disabled ||
4695 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS ||
4696 wpas_wps_searching(wpa_s) ||
4697 wpas_wps_reenable_networks_pending(wpa_s))) {
4698 wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect enabled: try to "
4699 "reconnect (wps=%d/%d wpa_state=%d)",
4700 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS,
4701 wpas_wps_searching(wpa_s),
4702 wpa_s->wpa_state);
4703 if (wpa_s->wpa_state == WPA_COMPLETED &&
4704 wpa_s->current_ssid &&
4705 wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
4706 (wpa_s->own_reconnect_req ||
4707 (!locally_generated &&
4708 disconnect_reason_recoverable(reason_code)))) {
4709 /*
4710 * It looks like the AP has dropped association with
4711 * us, but could allow us to get back in. This is also
4712 * triggered for cases where local reconnection request
4713 * is used to force reassociation with the same BSS.
4714 * Try to reconnect to the same BSS without a full scan
4715 * to save time for some common cases.
4716 */
4717 fast_reconnect = wpa_s->current_bss;
4718 fast_reconnect_ssid = wpa_s->current_ssid;
4719 } else if (wpa_s->wpa_state >= WPA_ASSOCIATING) {
4720 wpa_supplicant_req_scan(wpa_s, 0, 100000);
4721 } else {
4722 wpa_dbg(wpa_s, MSG_DEBUG, "Do not request new "
4723 "immediate scan");
4724 }
4725 } else {
4726 wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect disabled: do not "
4727 "try to re-connect");
4728 wpa_s->reassociate = 0;
4729 wpa_s->disconnected = 1;
4730 if (!wpa_s->pno)
4731 wpa_supplicant_cancel_sched_scan(wpa_s);
4732 }
4733 bssid = wpa_s->bssid;
4734 if (is_zero_ether_addr(bssid))
4735 bssid = wpa_s->pending_bssid;
4736 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4737 wpas_connection_failed(wpa_s, bssid, NULL);
4738 wpa_sm_notify_disassoc(wpa_s->wpa);
4739 ptksa_cache_flush(wpa_s->ptksa, wpa_s->bssid, WPA_CIPHER_NONE);
4740
4741 if (locally_generated)
4742 wpa_s->disconnect_reason = -reason_code;
4743 else
4744 wpa_s->disconnect_reason = reason_code;
4745 wpas_notify_disconnect_reason(wpa_s);
4746 #ifdef CONFIG_DPP2
4747 wpas_dpp_send_conn_status_result(wpa_s, DPP_STATUS_AUTH_FAILURE);
4748 #endif /* CONFIG_DPP2 */
4749 if (wpa_supplicant_dynamic_keys(wpa_s)) {
4750 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - remove keys");
4751 wpa_clear_keys(wpa_s, wpa_s->bssid);
4752 }
4753 wpa_supplicant_mark_disassoc(wpa_s);
4754
4755 if (curr)
4756 wpa_bss_remove(wpa_s, curr, "Connection to AP lost");
4757
4758 if (fast_reconnect &&
4759 !wpas_network_disabled(wpa_s, fast_reconnect_ssid) &&
4760 !disallowed_bssid(wpa_s, fast_reconnect->bssid) &&
4761 !disallowed_ssid(wpa_s, fast_reconnect->ssid,
4762 fast_reconnect->ssid_len) &&
4763 !wpas_temp_disabled(wpa_s, fast_reconnect_ssid) &&
4764 !wpa_is_bss_tmp_disallowed(wpa_s, fast_reconnect)) {
4765 #ifndef CONFIG_NO_SCAN_PROCESSING
4766 wpa_dbg(wpa_s, MSG_DEBUG, "Try to reconnect to the same BSS");
4767 if (wpa_supplicant_connect(wpa_s, fast_reconnect,
4768 fast_reconnect_ssid) < 0) {
4769 /* Recover through full scan */
4770 wpa_supplicant_req_scan(wpa_s, 0, 100000);
4771 }
4772 #endif /* CONFIG_NO_SCAN_PROCESSING */
4773 } else if (fast_reconnect) {
4774 /*
4775 * Could not reconnect to the same BSS due to network being
4776 * disabled. Use a new scan to match the alternative behavior
4777 * above, i.e., to continue automatic reconnection attempt in a
4778 * way that enforces disabled network rules.
4779 */
4780 wpa_supplicant_req_scan(wpa_s, 0, 100000);
4781 }
4782 }
4783
4784
4785 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
wpa_supplicant_delayed_mic_error_report(void * eloop_ctx,void * sock_ctx)4786 void wpa_supplicant_delayed_mic_error_report(void *eloop_ctx, void *sock_ctx)
4787 {
4788 struct wpa_supplicant *wpa_s = eloop_ctx;
4789
4790 if (!wpa_s->pending_mic_error_report)
4791 return;
4792
4793 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Sending pending MIC error report");
4794 wpa_sm_key_request(wpa_s->wpa, 1, wpa_s->pending_mic_error_pairwise);
4795 wpa_s->pending_mic_error_report = 0;
4796 }
4797 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
4798
4799
4800 static void
wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant * wpa_s,union wpa_event_data * data)4801 wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant *wpa_s,
4802 union wpa_event_data *data)
4803 {
4804 int pairwise;
4805 struct os_reltime t;
4806
4807 wpa_msg(wpa_s, MSG_WARNING, "Michael MIC failure detected");
4808 pairwise = (data && data->michael_mic_failure.unicast);
4809 os_get_reltime(&t);
4810 if ((os_reltime_initialized(&wpa_s->last_michael_mic_error) &&
4811 !os_reltime_expired(&t, &wpa_s->last_michael_mic_error, 60)) ||
4812 wpa_s->pending_mic_error_report) {
4813 if (wpa_s->pending_mic_error_report) {
4814 /*
4815 * Send the pending MIC error report immediately since
4816 * we are going to start countermeasures and AP better
4817 * do the same.
4818 */
4819 wpa_sm_key_request(wpa_s->wpa, 1,
4820 wpa_s->pending_mic_error_pairwise);
4821 }
4822
4823 /* Send the new MIC error report immediately since we are going
4824 * to start countermeasures and AP better do the same.
4825 */
4826 wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
4827
4828 /* initialize countermeasures */
4829 wpa_s->countermeasures = 1;
4830
4831 wpa_bssid_ignore_add(wpa_s, wpa_s->bssid);
4832
4833 wpa_msg(wpa_s, MSG_WARNING, "TKIP countermeasures started");
4834
4835 /*
4836 * Need to wait for completion of request frame. We do not get
4837 * any callback for the message completion, so just wait a
4838 * short while and hope for the best. */
4839 os_sleep(0, 10000);
4840
4841 wpa_drv_set_countermeasures(wpa_s, 1);
4842 wpa_supplicant_deauthenticate(wpa_s,
4843 WLAN_REASON_MICHAEL_MIC_FAILURE);
4844 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures,
4845 wpa_s, NULL);
4846 eloop_register_timeout(60, 0,
4847 wpa_supplicant_stop_countermeasures,
4848 wpa_s, NULL);
4849 /* TODO: mark the AP rejected for 60 second. STA is
4850 * allowed to associate with another AP.. */
4851 } else {
4852 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
4853 if (wpa_s->mic_errors_seen) {
4854 /*
4855 * Reduce the effectiveness of Michael MIC error
4856 * reports as a means for attacking against TKIP if
4857 * more than one MIC failure is noticed with the same
4858 * PTK. We delay the transmission of the reports by a
4859 * random time between 0 and 60 seconds in order to
4860 * force the attacker wait 60 seconds before getting
4861 * the information on whether a frame resulted in a MIC
4862 * failure.
4863 */
4864 u8 rval[4];
4865 int sec;
4866
4867 if (os_get_random(rval, sizeof(rval)) < 0)
4868 sec = os_random() % 60;
4869 else
4870 sec = WPA_GET_BE32(rval) % 60;
4871 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Delay MIC error "
4872 "report %d seconds", sec);
4873 wpa_s->pending_mic_error_report = 1;
4874 wpa_s->pending_mic_error_pairwise = pairwise;
4875 eloop_cancel_timeout(
4876 wpa_supplicant_delayed_mic_error_report,
4877 wpa_s, NULL);
4878 eloop_register_timeout(
4879 sec, os_random() % 1000000,
4880 wpa_supplicant_delayed_mic_error_report,
4881 wpa_s, NULL);
4882 } else {
4883 wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
4884 }
4885 #else /* CONFIG_DELAYED_MIC_ERROR_REPORT */
4886 wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
4887 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
4888 }
4889 wpa_s->last_michael_mic_error = t;
4890 wpa_s->mic_errors_seen++;
4891 }
4892
4893
4894 #ifdef CONFIG_TERMINATE_ONLASTIF
any_interfaces(struct wpa_supplicant * head)4895 static int any_interfaces(struct wpa_supplicant *head)
4896 {
4897 struct wpa_supplicant *wpa_s;
4898
4899 for (wpa_s = head; wpa_s != NULL; wpa_s = wpa_s->next)
4900 if (!wpa_s->interface_removed)
4901 return 1;
4902 return 0;
4903 }
4904 #endif /* CONFIG_TERMINATE_ONLASTIF */
4905
4906
4907 static void
wpa_supplicant_event_interface_status(struct wpa_supplicant * wpa_s,union wpa_event_data * data)4908 wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s,
4909 union wpa_event_data *data)
4910 {
4911 if (os_strcmp(wpa_s->ifname, data->interface_status.ifname) != 0)
4912 return;
4913
4914 switch (data->interface_status.ievent) {
4915 case EVENT_INTERFACE_ADDED:
4916 if (!wpa_s->interface_removed)
4917 break;
4918 wpa_s->interface_removed = 0;
4919 wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was added");
4920 if (wpa_supplicant_driver_init(wpa_s) < 0) {
4921 wpa_msg(wpa_s, MSG_INFO, "Failed to initialize the "
4922 "driver after interface was added");
4923 }
4924
4925 #ifdef CONFIG_P2P
4926 if (!wpa_s->global->p2p &&
4927 !wpa_s->global->p2p_disabled &&
4928 !wpa_s->conf->p2p_disabled &&
4929 (wpa_s->drv_flags &
4930 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
4931 wpas_p2p_add_p2pdev_interface(
4932 wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
4933 wpa_printf(MSG_INFO,
4934 "P2P: Failed to enable P2P Device interface");
4935 /* Try to continue without. P2P will be disabled. */
4936 }
4937 #endif /* CONFIG_P2P */
4938
4939 break;
4940 case EVENT_INTERFACE_REMOVED:
4941 wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was removed");
4942 wpa_s->interface_removed = 1;
4943 wpa_supplicant_mark_disassoc(wpa_s);
4944 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
4945 l2_packet_deinit(wpa_s->l2);
4946 wpa_s->l2 = NULL;
4947
4948 #ifdef CONFIG_P2P
4949 if (wpa_s->global->p2p &&
4950 wpa_s->global->p2p_init_wpa_s->parent == wpa_s &&
4951 (wpa_s->drv_flags &
4952 WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) {
4953 wpa_dbg(wpa_s, MSG_DEBUG,
4954 "Removing P2P Device interface");
4955 wpa_supplicant_remove_iface(
4956 wpa_s->global, wpa_s->global->p2p_init_wpa_s,
4957 0);
4958 wpa_s->global->p2p_init_wpa_s = NULL;
4959 }
4960 #endif /* CONFIG_P2P */
4961
4962 #ifdef CONFIG_MATCH_IFACE
4963 if (wpa_s->matched) {
4964 wpa_supplicant_remove_iface(wpa_s->global, wpa_s, 0);
4965 break;
4966 }
4967 #endif /* CONFIG_MATCH_IFACE */
4968
4969 #ifdef CONFIG_TERMINATE_ONLASTIF
4970 /* check if last interface */
4971 if (!any_interfaces(wpa_s->global->ifaces))
4972 eloop_terminate();
4973 #endif /* CONFIG_TERMINATE_ONLASTIF */
4974 break;
4975 }
4976 }
4977
4978
4979 #ifdef CONFIG_TDLS
wpa_supplicant_event_tdls(struct wpa_supplicant * wpa_s,union wpa_event_data * data)4980 static void wpa_supplicant_event_tdls(struct wpa_supplicant *wpa_s,
4981 union wpa_event_data *data)
4982 {
4983 if (data == NULL)
4984 return;
4985 switch (data->tdls.oper) {
4986 case TDLS_REQUEST_SETUP:
4987 wpa_tdls_remove(wpa_s->wpa, data->tdls.peer);
4988 if (wpa_tdls_is_external_setup(wpa_s->wpa))
4989 wpa_tdls_start(wpa_s->wpa, data->tdls.peer);
4990 else
4991 wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, data->tdls.peer);
4992 break;
4993 case TDLS_REQUEST_TEARDOWN:
4994 if (wpa_tdls_is_external_setup(wpa_s->wpa))
4995 wpa_tdls_teardown_link(wpa_s->wpa, data->tdls.peer,
4996 data->tdls.reason_code);
4997 else
4998 wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN,
4999 data->tdls.peer);
5000 break;
5001 case TDLS_REQUEST_DISCOVER:
5002 wpa_tdls_send_discovery_request(wpa_s->wpa,
5003 data->tdls.peer);
5004 break;
5005 }
5006 }
5007 #endif /* CONFIG_TDLS */
5008
5009
5010 #ifdef CONFIG_WNM
wpa_supplicant_event_wnm(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5011 static void wpa_supplicant_event_wnm(struct wpa_supplicant *wpa_s,
5012 union wpa_event_data *data)
5013 {
5014 if (data == NULL)
5015 return;
5016 switch (data->wnm.oper) {
5017 case WNM_OPER_SLEEP:
5018 wpa_printf(MSG_DEBUG, "Start sending WNM-Sleep Request "
5019 "(action=%d, intval=%d)",
5020 data->wnm.sleep_action, data->wnm.sleep_intval);
5021 ieee802_11_send_wnmsleep_req(wpa_s, data->wnm.sleep_action,
5022 data->wnm.sleep_intval, NULL);
5023 break;
5024 }
5025 }
5026 #endif /* CONFIG_WNM */
5027
5028
5029 #ifdef CONFIG_IEEE80211R
5030 static void
wpa_supplicant_event_ft_response(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5031 wpa_supplicant_event_ft_response(struct wpa_supplicant *wpa_s,
5032 union wpa_event_data *data)
5033 {
5034 if (data == NULL)
5035 return;
5036
5037 if (wpa_ft_process_response(wpa_s->wpa, data->ft_ies.ies,
5038 data->ft_ies.ies_len,
5039 data->ft_ies.ft_action,
5040 data->ft_ies.target_ap,
5041 data->ft_ies.ric_ies,
5042 data->ft_ies.ric_ies_len) < 0) {
5043 /* TODO: prevent MLME/driver from trying to associate? */
5044 }
5045 }
5046 #endif /* CONFIG_IEEE80211R */
5047
5048
5049 #ifdef CONFIG_IBSS_RSN
wpa_supplicant_event_ibss_rsn_start(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5050 static void wpa_supplicant_event_ibss_rsn_start(struct wpa_supplicant *wpa_s,
5051 union wpa_event_data *data)
5052 {
5053 struct wpa_ssid *ssid;
5054 if (wpa_s->wpa_state < WPA_ASSOCIATED)
5055 return;
5056 if (data == NULL)
5057 return;
5058 ssid = wpa_s->current_ssid;
5059 if (ssid == NULL)
5060 return;
5061 if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt))
5062 return;
5063
5064 ibss_rsn_start(wpa_s->ibss_rsn, data->ibss_rsn_start.peer);
5065 }
5066
5067
wpa_supplicant_event_ibss_auth(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5068 static void wpa_supplicant_event_ibss_auth(struct wpa_supplicant *wpa_s,
5069 union wpa_event_data *data)
5070 {
5071 struct wpa_ssid *ssid = wpa_s->current_ssid;
5072
5073 if (ssid == NULL)
5074 return;
5075
5076 /* check if the ssid is correctly configured as IBSS/RSN */
5077 if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt))
5078 return;
5079
5080 ibss_rsn_handle_auth(wpa_s->ibss_rsn, data->rx_mgmt.frame,
5081 data->rx_mgmt.frame_len);
5082 }
5083 #endif /* CONFIG_IBSS_RSN */
5084
5085
5086 #ifdef CONFIG_IEEE80211R
ft_rx_action(struct wpa_supplicant * wpa_s,const u8 * data,size_t len)5087 static void ft_rx_action(struct wpa_supplicant *wpa_s, const u8 *data,
5088 size_t len)
5089 {
5090 const u8 *sta_addr, *target_ap_addr;
5091 u16 status;
5092
5093 wpa_hexdump(MSG_MSGDUMP, "FT: RX Action", data, len);
5094 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
5095 return; /* only SME case supported for now */
5096 if (len < 1 + 2 * ETH_ALEN + 2)
5097 return;
5098 if (data[0] != 2)
5099 return; /* Only FT Action Response is supported for now */
5100 sta_addr = data + 1;
5101 target_ap_addr = data + 1 + ETH_ALEN;
5102 status = WPA_GET_LE16(data + 1 + 2 * ETH_ALEN);
5103 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Received FT Action Response: STA "
5104 MACSTR " TargetAP " MACSTR " status %u",
5105 MAC2STR(sta_addr), MAC2STR(target_ap_addr), status);
5106
5107 if (!ether_addr_equal(sta_addr, wpa_s->own_addr)) {
5108 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Foreign STA Address " MACSTR
5109 " in FT Action Response", MAC2STR(sta_addr));
5110 return;
5111 }
5112
5113 if (status) {
5114 wpa_dbg(wpa_s, MSG_DEBUG, "FT: FT Action Response indicates "
5115 "failure (status code %d)", status);
5116 /* TODO: report error to FT code(?) */
5117 return;
5118 }
5119
5120 if (wpa_ft_process_response(wpa_s->wpa, data + 1 + 2 * ETH_ALEN + 2,
5121 len - (1 + 2 * ETH_ALEN + 2), 1,
5122 target_ap_addr, NULL, 0) < 0)
5123 return;
5124
5125 #ifdef CONFIG_SME
5126 {
5127 struct wpa_bss *bss;
5128 bss = wpa_bss_get_bssid(wpa_s, target_ap_addr);
5129 if (bss)
5130 wpa_s->sme.freq = bss->freq;
5131 wpa_s->sme.auth_alg = WPA_AUTH_ALG_FT;
5132 sme_associate(wpa_s, WPAS_MODE_INFRA, target_ap_addr,
5133 WLAN_AUTH_FT);
5134 }
5135 #endif /* CONFIG_SME */
5136 }
5137 #endif /* CONFIG_IEEE80211R */
5138
5139
wpa_supplicant_event_unprot_deauth(struct wpa_supplicant * wpa_s,struct unprot_deauth * e)5140 static void wpa_supplicant_event_unprot_deauth(struct wpa_supplicant *wpa_s,
5141 struct unprot_deauth *e)
5142 {
5143 wpa_printf(MSG_DEBUG, "Unprotected Deauthentication frame "
5144 "dropped: " MACSTR " -> " MACSTR
5145 " (reason code %u)",
5146 MAC2STR(e->sa), MAC2STR(e->da), e->reason_code);
5147 sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code);
5148 }
5149
5150
wpa_supplicant_event_unprot_disassoc(struct wpa_supplicant * wpa_s,struct unprot_disassoc * e)5151 static void wpa_supplicant_event_unprot_disassoc(struct wpa_supplicant *wpa_s,
5152 struct unprot_disassoc *e)
5153 {
5154 wpa_printf(MSG_DEBUG, "Unprotected Disassociation frame "
5155 "dropped: " MACSTR " -> " MACSTR
5156 " (reason code %u)",
5157 MAC2STR(e->sa), MAC2STR(e->da), e->reason_code);
5158 sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code);
5159 }
5160
5161
wpas_event_disconnect(struct wpa_supplicant * wpa_s,const u8 * addr,u16 reason_code,int locally_generated,const u8 * ie,size_t ie_len,int deauth)5162 static void wpas_event_disconnect(struct wpa_supplicant *wpa_s, const u8 *addr,
5163 u16 reason_code, int locally_generated,
5164 const u8 *ie, size_t ie_len, int deauth)
5165 {
5166 #ifdef CONFIG_AP
5167 if (wpa_s->ap_iface && addr) {
5168 hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], addr);
5169 return;
5170 }
5171
5172 if (wpa_s->ap_iface) {
5173 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore deauth event in AP mode");
5174 return;
5175 }
5176 #endif /* CONFIG_AP */
5177
5178 if (!locally_generated)
5179 wpa_s->own_disconnect_req = 0;
5180
5181 wpa_supplicant_event_disassoc(wpa_s, reason_code, locally_generated);
5182
5183 if (((reason_code == WLAN_REASON_IEEE_802_1X_AUTH_FAILED ||
5184 ((wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
5185 (wpa_s->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) &&
5186 eapol_sm_failed(wpa_s->eapol))) &&
5187 !wpa_s->eap_expected_failure))
5188 wpas_auth_failed(wpa_s, "AUTH_FAILED", addr);
5189
5190 #ifdef CONFIG_P2P
5191 if (deauth && reason_code > 0) {
5192 if (wpas_p2p_deauth_notif(wpa_s, addr, reason_code, ie, ie_len,
5193 locally_generated) > 0) {
5194 /*
5195 * The interface was removed, so cannot continue
5196 * processing any additional operations after this.
5197 */
5198 return;
5199 }
5200 }
5201 #endif /* CONFIG_P2P */
5202
5203 wpa_supplicant_event_disassoc_finish(wpa_s, reason_code,
5204 locally_generated);
5205 }
5206
5207
wpas_event_disassoc(struct wpa_supplicant * wpa_s,struct disassoc_info * info)5208 static void wpas_event_disassoc(struct wpa_supplicant *wpa_s,
5209 struct disassoc_info *info)
5210 {
5211 u16 reason_code = 0;
5212 int locally_generated = 0;
5213 const u8 *addr = NULL;
5214 const u8 *ie = NULL;
5215 size_t ie_len = 0;
5216
5217 wpa_dbg(wpa_s, MSG_DEBUG, "Disassociation notification");
5218
5219 if (info) {
5220 addr = info->addr;
5221 ie = info->ie;
5222 ie_len = info->ie_len;
5223 reason_code = info->reason_code;
5224 locally_generated = info->locally_generated;
5225 wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u (%s)%s", reason_code,
5226 reason2str(reason_code),
5227 locally_generated ? " locally_generated=1" : "");
5228 if (addr)
5229 wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR,
5230 MAC2STR(addr));
5231 wpa_hexdump(MSG_DEBUG, "Disassociation frame IE(s)",
5232 ie, ie_len);
5233 }
5234
5235 #ifdef CONFIG_AP
5236 if (wpa_s->ap_iface && info && info->addr) {
5237 hostapd_notif_disassoc(wpa_s->ap_iface->bss[0], info->addr);
5238 return;
5239 }
5240
5241 if (wpa_s->ap_iface) {
5242 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore disassoc event in AP mode");
5243 return;
5244 }
5245 #endif /* CONFIG_AP */
5246
5247 #ifdef CONFIG_P2P
5248 if (info) {
5249 wpas_p2p_disassoc_notif(
5250 wpa_s, info->addr, reason_code, info->ie, info->ie_len,
5251 locally_generated);
5252 }
5253 #endif /* CONFIG_P2P */
5254
5255 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
5256 sme_event_disassoc(wpa_s, info);
5257
5258 wpas_event_disconnect(wpa_s, addr, reason_code, locally_generated,
5259 ie, ie_len, 0);
5260 }
5261
5262
wpas_event_deauth(struct wpa_supplicant * wpa_s,struct deauth_info * info)5263 static void wpas_event_deauth(struct wpa_supplicant *wpa_s,
5264 struct deauth_info *info)
5265 {
5266 u16 reason_code = 0;
5267 int locally_generated = 0;
5268 const u8 *addr = NULL;
5269 const u8 *ie = NULL;
5270 size_t ie_len = 0;
5271
5272 wpa_dbg(wpa_s, MSG_DEBUG, "Deauthentication notification");
5273
5274 if (info) {
5275 addr = info->addr;
5276 ie = info->ie;
5277 ie_len = info->ie_len;
5278 reason_code = info->reason_code;
5279 locally_generated = info->locally_generated;
5280 wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u (%s)%s",
5281 reason_code, reason2str(reason_code),
5282 locally_generated ? " locally_generated=1" : "");
5283 if (addr) {
5284 wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR,
5285 MAC2STR(addr));
5286 }
5287 wpa_hexdump(MSG_DEBUG, "Deauthentication frame IE(s)",
5288 ie, ie_len);
5289 }
5290
5291 wpa_reset_ft_completed(wpa_s->wpa);
5292
5293 wpas_event_disconnect(wpa_s, addr, reason_code,
5294 locally_generated, ie, ie_len, 1);
5295 }
5296
5297
reg_init_str(enum reg_change_initiator init)5298 static const char * reg_init_str(enum reg_change_initiator init)
5299 {
5300 switch (init) {
5301 case REGDOM_SET_BY_CORE:
5302 return "CORE";
5303 case REGDOM_SET_BY_USER:
5304 return "USER";
5305 case REGDOM_SET_BY_DRIVER:
5306 return "DRIVER";
5307 case REGDOM_SET_BY_COUNTRY_IE:
5308 return "COUNTRY_IE";
5309 case REGDOM_BEACON_HINT:
5310 return "BEACON_HINT";
5311 }
5312 return "?";
5313 }
5314
5315
reg_type_str(enum reg_type type)5316 static const char * reg_type_str(enum reg_type type)
5317 {
5318 switch (type) {
5319 case REGDOM_TYPE_UNKNOWN:
5320 return "UNKNOWN";
5321 case REGDOM_TYPE_COUNTRY:
5322 return "COUNTRY";
5323 case REGDOM_TYPE_WORLD:
5324 return "WORLD";
5325 case REGDOM_TYPE_CUSTOM_WORLD:
5326 return "CUSTOM_WORLD";
5327 case REGDOM_TYPE_INTERSECTION:
5328 return "INTERSECTION";
5329 }
5330 return "?";
5331 }
5332
5333
wpas_beacon_hint(struct wpa_supplicant * wpa_s,const char * title,struct frequency_attrs * attrs)5334 static void wpas_beacon_hint(struct wpa_supplicant *wpa_s, const char *title,
5335 struct frequency_attrs *attrs)
5336 {
5337 if (!attrs->freq)
5338 return;
5339 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REGDOM_BEACON_HINT
5340 "%s freq=%u max_tx_power=%u%s%s%s",
5341 title, attrs->freq, attrs->max_tx_power,
5342 attrs->disabled ? " disabled=1" : "",
5343 attrs->no_ir ? " no_ir=1" : "",
5344 attrs->radar ? " radar=1" : "");
5345 }
5346
5347
wpa_supplicant_update_channel_list(struct wpa_supplicant * wpa_s,struct channel_list_changed * info)5348 void wpa_supplicant_update_channel_list(struct wpa_supplicant *wpa_s,
5349 struct channel_list_changed *info)
5350 {
5351 struct wpa_supplicant *ifs;
5352 u8 dfs_domain;
5353
5354 /*
5355 * To allow backwards compatibility with higher level layers that
5356 * assumed the REGDOM_CHANGE event is sent over the initially added
5357 * interface. Find the highest parent of this interface and use it to
5358 * send the event.
5359 */
5360 for (ifs = wpa_s; ifs->parent && ifs != ifs->parent; ifs = ifs->parent)
5361 ;
5362
5363 if (info) {
5364 wpa_msg(ifs, MSG_INFO,
5365 WPA_EVENT_REGDOM_CHANGE "init=%s type=%s%s%s",
5366 reg_init_str(info->initiator), reg_type_str(info->type),
5367 info->alpha2[0] ? " alpha2=" : "",
5368 info->alpha2[0] ? info->alpha2 : "");
5369
5370 if (info->initiator == REGDOM_BEACON_HINT) {
5371 wpas_beacon_hint(ifs, "before",
5372 &info->beacon_hint_before);
5373 wpas_beacon_hint(ifs, "after",
5374 &info->beacon_hint_after);
5375 }
5376 }
5377
5378 if (wpa_s->drv_priv == NULL)
5379 return; /* Ignore event during drv initialization */
5380
5381 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
5382 radio_list) {
5383 bool was_6ghz_enabled;
5384
5385 wpa_printf(MSG_DEBUG, "%s: Updating hw mode",
5386 ifs->ifname);
5387 free_hw_features(ifs);
5388 ifs->hw.modes = wpa_drv_get_hw_feature_data(
5389 ifs, &ifs->hw.num_modes, &ifs->hw.flags, &dfs_domain);
5390
5391 was_6ghz_enabled = ifs->is_6ghz_enabled;
5392 ifs->is_6ghz_enabled = wpas_is_6ghz_supported(ifs, true);
5393
5394 /* Restart PNO/sched_scan with updated channel list */
5395 if (ifs->pno) {
5396 wpas_stop_pno(ifs);
5397 wpas_start_pno(ifs);
5398 } else if (ifs->sched_scanning && !ifs->pno_sched_pending) {
5399 wpa_dbg(ifs, MSG_DEBUG,
5400 "Channel list changed - restart sched_scan");
5401 wpas_scan_restart_sched_scan(ifs);
5402 } else if (!was_6ghz_enabled && ifs->is_6ghz_enabled) {
5403 wpa_dbg(ifs, MSG_INFO,
5404 "Channel list changed: 6 GHz was enabled");
5405
5406 ifs->crossed_6ghz_dom = true;
5407 }
5408 }
5409
5410 wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_DRIVER);
5411 }
5412
5413
wpas_event_rx_mgmt_action(struct wpa_supplicant * wpa_s,const u8 * frame,size_t len,int freq,int rssi)5414 static void wpas_event_rx_mgmt_action(struct wpa_supplicant *wpa_s,
5415 const u8 *frame, size_t len, int freq,
5416 int rssi)
5417 {
5418 const struct ieee80211_mgmt *mgmt;
5419 const u8 *payload;
5420 size_t plen;
5421 u8 category;
5422
5423 if (len < IEEE80211_HDRLEN + 2)
5424 return;
5425
5426 mgmt = (const struct ieee80211_mgmt *) frame;
5427 payload = frame + IEEE80211_HDRLEN;
5428 category = *payload++;
5429 plen = len - IEEE80211_HDRLEN - 1;
5430
5431 wpa_dbg(wpa_s, MSG_DEBUG, "Received Action frame: SA=" MACSTR
5432 " Category=%u DataLen=%d freq=%d MHz",
5433 MAC2STR(mgmt->sa), category, (int) plen, freq);
5434
5435 #ifndef CONFIG_NO_WMM_AC
5436 if (category == WLAN_ACTION_WMM) {
5437 wmm_ac_rx_action(wpa_s, mgmt->da, mgmt->sa, payload, plen);
5438 return;
5439 }
5440 #endif /* CONFIG_NO_WMM_AC */
5441
5442 #ifdef CONFIG_IEEE80211R
5443 if (category == WLAN_ACTION_FT) {
5444 ft_rx_action(wpa_s, payload, plen);
5445 return;
5446 }
5447 #endif /* CONFIG_IEEE80211R */
5448
5449 #ifdef CONFIG_SME
5450 if (category == WLAN_ACTION_SA_QUERY) {
5451 sme_sa_query_rx(wpa_s, mgmt->da, mgmt->sa, payload, plen);
5452 return;
5453 }
5454 #endif /* CONFIG_SME */
5455
5456 #ifdef CONFIG_WNM
5457 if (mgmt->u.action.category == WLAN_ACTION_WNM) {
5458 ieee802_11_rx_wnm_action(wpa_s, mgmt, len);
5459 return;
5460 }
5461 #endif /* CONFIG_WNM */
5462
5463 #ifdef CONFIG_GAS
5464 if ((mgmt->u.action.category == WLAN_ACTION_PUBLIC ||
5465 mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) &&
5466 gas_query_rx(wpa_s->gas, mgmt->da, mgmt->sa, mgmt->bssid,
5467 mgmt->u.action.category,
5468 payload, plen, freq) == 0)
5469 return;
5470 #endif /* CONFIG_GAS */
5471
5472 #ifdef CONFIG_GAS_SERVER
5473 if ((mgmt->u.action.category == WLAN_ACTION_PUBLIC ||
5474 mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) &&
5475 gas_server_rx(wpa_s->gas_server, mgmt->da, mgmt->sa, mgmt->bssid,
5476 mgmt->u.action.category,
5477 payload, plen, freq) == 0)
5478 return;
5479 #endif /* CONFIG_GAS_SERVER */
5480
5481 #ifdef CONFIG_TDLS
5482 if (category == WLAN_ACTION_PUBLIC && plen >= 4 &&
5483 payload[0] == WLAN_TDLS_DISCOVERY_RESPONSE) {
5484 wpa_dbg(wpa_s, MSG_DEBUG,
5485 "TDLS: Received Discovery Response from " MACSTR,
5486 MAC2STR(mgmt->sa));
5487 if (wpa_s->valid_links &&
5488 wpa_tdls_process_discovery_response(wpa_s->wpa, mgmt->sa,
5489 &payload[1], plen - 1))
5490 wpa_dbg(wpa_s, MSG_ERROR,
5491 "TDLS: Discovery Response process failed for "
5492 MACSTR, MAC2STR(mgmt->sa));
5493 return;
5494 }
5495 #endif /* CONFIG_TDLS */
5496
5497 #ifdef CONFIG_INTERWORKING
5498 if (category == WLAN_ACTION_QOS && plen >= 1 &&
5499 payload[0] == QOS_QOS_MAP_CONFIG) {
5500 const u8 *pos = payload + 1;
5501 size_t qlen = plen - 1;
5502 wpa_dbg(wpa_s, MSG_DEBUG, "Interworking: Received QoS Map Configure frame from "
5503 MACSTR, MAC2STR(mgmt->sa));
5504 if (ether_addr_equal(mgmt->sa, wpa_s->bssid) &&
5505 qlen > 2 && pos[0] == WLAN_EID_QOS_MAP_SET &&
5506 pos[1] <= qlen - 2 && pos[1] >= 16)
5507 wpas_qos_map_set(wpa_s, pos + 2, pos[1]);
5508 return;
5509 }
5510 #endif /* CONFIG_INTERWORKING */
5511
5512 #ifndef CONFIG_NO_RRM
5513 if (category == WLAN_ACTION_RADIO_MEASUREMENT &&
5514 payload[0] == WLAN_RRM_RADIO_MEASUREMENT_REQUEST) {
5515 wpas_rrm_handle_radio_measurement_request(wpa_s, mgmt->sa,
5516 mgmt->da,
5517 payload + 1,
5518 plen - 1);
5519 return;
5520 }
5521
5522 if (category == WLAN_ACTION_RADIO_MEASUREMENT &&
5523 payload[0] == WLAN_RRM_NEIGHBOR_REPORT_RESPONSE) {
5524 wpas_rrm_process_neighbor_rep(wpa_s, payload + 1, plen - 1);
5525 return;
5526 }
5527
5528 if (category == WLAN_ACTION_RADIO_MEASUREMENT &&
5529 payload[0] == WLAN_RRM_LINK_MEASUREMENT_REQUEST) {
5530 wpas_rrm_handle_link_measurement_request(wpa_s, mgmt->sa,
5531 payload + 1, plen - 1,
5532 rssi);
5533 return;
5534 }
5535 #endif /* CONFIG_NO_RRM */
5536
5537 #ifdef CONFIG_FST
5538 if (mgmt->u.action.category == WLAN_ACTION_FST && wpa_s->fst) {
5539 fst_rx_action(wpa_s->fst, mgmt, len);
5540 return;
5541 }
5542 #endif /* CONFIG_FST */
5543
5544 #ifdef CONFIG_NAN_USD
5545 if (category == WLAN_ACTION_PUBLIC && plen >= 5 &&
5546 payload[0] == WLAN_PA_VENDOR_SPECIFIC &&
5547 WPA_GET_BE32(&payload[1]) == NAN_SDF_VENDOR_TYPE) {
5548 payload += 5;
5549 plen -= 5;
5550 wpas_nan_usd_rx_sdf(wpa_s, mgmt->sa, mgmt->bssid, freq,
5551 payload, plen);
5552 return;
5553 }
5554 #endif /* CONFIG_NAN_USD */
5555
5556 #ifdef CONFIG_DPP
5557 if (category == WLAN_ACTION_PUBLIC && plen >= 5 &&
5558 payload[0] == WLAN_PA_VENDOR_SPECIFIC &&
5559 WPA_GET_BE24(&payload[1]) == OUI_WFA &&
5560 payload[4] == DPP_OUI_TYPE) {
5561 payload++;
5562 plen--;
5563 wpas_dpp_rx_action(wpa_s, mgmt->sa, payload, plen, freq);
5564 return;
5565 }
5566 #endif /* CONFIG_DPP */
5567
5568 #ifndef CONFIG_NO_ROBUST_AV
5569 if (category == WLAN_ACTION_ROBUST_AV_STREAMING &&
5570 payload[0] == ROBUST_AV_SCS_RESP) {
5571 wpas_handle_robust_av_scs_recv_action(wpa_s, mgmt->sa,
5572 payload + 1, plen - 1);
5573 return;
5574 }
5575
5576 if (category == WLAN_ACTION_ROBUST_AV_STREAMING &&
5577 payload[0] == ROBUST_AV_MSCS_RESP) {
5578 wpas_handle_robust_av_recv_action(wpa_s, mgmt->sa,
5579 payload + 1, plen - 1);
5580 return;
5581 }
5582
5583 if (category == WLAN_ACTION_VENDOR_SPECIFIC_PROTECTED && plen > 4 &&
5584 WPA_GET_BE32(payload) == QM_ACTION_VENDOR_TYPE) {
5585 wpas_handle_qos_mgmt_recv_action(wpa_s, mgmt->sa,
5586 payload + 4, plen - 4);
5587 return;
5588 }
5589 #endif /* CONFIG_NO_ROBUST_AV */
5590
5591 wpas_p2p_rx_action(wpa_s, mgmt->da, mgmt->sa, mgmt->bssid,
5592 category, payload, plen, freq);
5593 if (wpa_s->ifmsh)
5594 mesh_mpm_action_rx(wpa_s, mgmt, len);
5595 }
5596
5597
wpa_supplicant_notify_avoid_freq(struct wpa_supplicant * wpa_s,union wpa_event_data * event)5598 static void wpa_supplicant_notify_avoid_freq(struct wpa_supplicant *wpa_s,
5599 union wpa_event_data *event)
5600 {
5601 struct wpa_freq_range_list *list;
5602 char *str = NULL;
5603
5604 list = &event->freq_range;
5605
5606 if (list->num)
5607 str = freq_range_list_str(list);
5608 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AVOID_FREQ "ranges=%s",
5609 str ? str : "");
5610
5611 #ifdef CONFIG_P2P
5612 if (freq_range_list_parse(&wpa_s->global->p2p_go_avoid_freq, str)) {
5613 wpa_dbg(wpa_s, MSG_ERROR, "%s: Failed to parse freq range",
5614 __func__);
5615 } else {
5616 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Update channel list based on frequency avoid event");
5617
5618 /*
5619 * The update channel flow will also take care of moving a GO
5620 * from the unsafe frequency if needed.
5621 */
5622 wpas_p2p_update_channel_list(wpa_s,
5623 WPAS_P2P_CHANNEL_UPDATE_AVOID);
5624 }
5625 #endif /* CONFIG_P2P */
5626
5627 os_free(str);
5628 }
5629
5630
wpa_supplicant_event_port_authorized(struct wpa_supplicant * wpa_s)5631 static void wpa_supplicant_event_port_authorized(struct wpa_supplicant *wpa_s)
5632 {
5633 if (wpa_s->wpa_state == WPA_ASSOCIATED) {
5634 wpa_supplicant_cancel_auth_timeout(wpa_s);
5635 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
5636 eapol_sm_notify_portValid(wpa_s->eapol, true);
5637 eapol_sm_notify_eap_success(wpa_s->eapol, true);
5638 wpa_s->drv_authorized_port = 1;
5639 }
5640 }
5641
5642
wpas_event_cac_ms(const struct wpa_supplicant * wpa_s,int freq)5643 static unsigned int wpas_event_cac_ms(const struct wpa_supplicant *wpa_s,
5644 int freq)
5645 {
5646 size_t i;
5647 int j;
5648
5649 for (i = 0; i < wpa_s->hw.num_modes; i++) {
5650 const struct hostapd_hw_modes *mode = &wpa_s->hw.modes[i];
5651
5652 for (j = 0; j < mode->num_channels; j++) {
5653 const struct hostapd_channel_data *chan;
5654
5655 chan = &mode->channels[j];
5656 if (chan->freq == freq)
5657 return chan->dfs_cac_ms;
5658 }
5659 }
5660
5661 return 0;
5662 }
5663
5664
wpas_event_dfs_cac_started(struct wpa_supplicant * wpa_s,struct dfs_event * radar)5665 static void wpas_event_dfs_cac_started(struct wpa_supplicant *wpa_s,
5666 struct dfs_event *radar)
5667 {
5668 #if defined(NEED_AP_MLME) && defined(CONFIG_AP)
5669 if (wpa_s->ap_iface || wpa_s->ifmsh) {
5670 wpas_ap_event_dfs_cac_started(wpa_s, radar);
5671 } else
5672 #endif /* NEED_AP_MLME && CONFIG_AP */
5673 {
5674 unsigned int cac_time = wpas_event_cac_ms(wpa_s, radar->freq);
5675
5676 cac_time /= 1000; /* convert from ms to sec */
5677 if (!cac_time)
5678 cac_time = 10 * 60; /* max timeout: 10 minutes */
5679
5680 /* Restart auth timeout: CAC time added to initial timeout */
5681 wpas_auth_timeout_restart(wpa_s, cac_time);
5682 }
5683 }
5684
5685
wpas_event_dfs_cac_finished(struct wpa_supplicant * wpa_s,struct dfs_event * radar)5686 static void wpas_event_dfs_cac_finished(struct wpa_supplicant *wpa_s,
5687 struct dfs_event *radar)
5688 {
5689 #if defined(NEED_AP_MLME) && defined(CONFIG_AP)
5690 if (wpa_s->ap_iface || wpa_s->ifmsh) {
5691 wpas_ap_event_dfs_cac_finished(wpa_s, radar);
5692 } else
5693 #endif /* NEED_AP_MLME && CONFIG_AP */
5694 {
5695 /* Restart auth timeout with original value after CAC is
5696 * finished */
5697 wpas_auth_timeout_restart(wpa_s, 0);
5698 }
5699 }
5700
5701
wpas_event_dfs_cac_aborted(struct wpa_supplicant * wpa_s,struct dfs_event * radar)5702 static void wpas_event_dfs_cac_aborted(struct wpa_supplicant *wpa_s,
5703 struct dfs_event *radar)
5704 {
5705 #if defined(NEED_AP_MLME) && defined(CONFIG_AP)
5706 if (wpa_s->ap_iface || wpa_s->ifmsh) {
5707 wpas_ap_event_dfs_cac_aborted(wpa_s, radar);
5708 } else
5709 #endif /* NEED_AP_MLME && CONFIG_AP */
5710 {
5711 /* Restart auth timeout with original value after CAC is
5712 * aborted */
5713 wpas_auth_timeout_restart(wpa_s, 0);
5714 }
5715 }
5716
5717
wpa_supplicant_event_assoc_auth(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5718 static void wpa_supplicant_event_assoc_auth(struct wpa_supplicant *wpa_s,
5719 union wpa_event_data *data)
5720 {
5721 wpa_dbg(wpa_s, MSG_DEBUG,
5722 "Connection authorized by device, previous state %d",
5723 wpa_s->wpa_state);
5724
5725 wpa_supplicant_event_port_authorized(wpa_s);
5726
5727 wpa_s->last_eapol_matches_bssid = 1;
5728
5729 wpa_sm_set_rx_replay_ctr(wpa_s->wpa, data->assoc_info.key_replay_ctr);
5730 wpa_sm_set_ptk_kck_kek(wpa_s->wpa, data->assoc_info.ptk_kck,
5731 data->assoc_info.ptk_kck_len,
5732 data->assoc_info.ptk_kek,
5733 data->assoc_info.ptk_kek_len);
5734 #ifdef CONFIG_FILS
5735 if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {
5736 struct wpa_bss *bss = wpa_bss_get_bssid(wpa_s, wpa_s->bssid);
5737 const u8 *fils_cache_id = wpa_bss_get_fils_cache_id(bss);
5738
5739 /* Update ERP next sequence number */
5740 eapol_sm_update_erp_next_seq_num(
5741 wpa_s->eapol, data->assoc_info.fils_erp_next_seq_num);
5742
5743 if (data->assoc_info.fils_pmk && data->assoc_info.fils_pmkid) {
5744 /* Add the new PMK and PMKID to the PMKSA cache */
5745 wpa_sm_pmksa_cache_add(wpa_s->wpa,
5746 data->assoc_info.fils_pmk,
5747 data->assoc_info.fils_pmk_len,
5748 data->assoc_info.fils_pmkid,
5749 wpa_s->valid_links ?
5750 wpa_s->ap_mld_addr :
5751 wpa_s->bssid,
5752 fils_cache_id);
5753 } else if (data->assoc_info.fils_pmkid) {
5754 /* Update the current PMKSA used for this connection */
5755 pmksa_cache_set_current(wpa_s->wpa,
5756 data->assoc_info.fils_pmkid,
5757 NULL, NULL, 0, NULL, 0, true);
5758 }
5759 }
5760 #endif /* CONFIG_FILS */
5761 }
5762
5763
connect_fail_reason(enum sta_connect_fail_reason_codes code)5764 static const char * connect_fail_reason(enum sta_connect_fail_reason_codes code)
5765 {
5766 switch (code) {
5767 case STA_CONNECT_FAIL_REASON_UNSPECIFIED:
5768 return "";
5769 case STA_CONNECT_FAIL_REASON_NO_BSS_FOUND:
5770 return "no_bss_found";
5771 case STA_CONNECT_FAIL_REASON_AUTH_TX_FAIL:
5772 return "auth_tx_fail";
5773 case STA_CONNECT_FAIL_REASON_AUTH_NO_ACK_RECEIVED:
5774 return "auth_no_ack_received";
5775 case STA_CONNECT_FAIL_REASON_AUTH_NO_RESP_RECEIVED:
5776 return "auth_no_resp_received";
5777 case STA_CONNECT_FAIL_REASON_ASSOC_REQ_TX_FAIL:
5778 return "assoc_req_tx_fail";
5779 case STA_CONNECT_FAIL_REASON_ASSOC_NO_ACK_RECEIVED:
5780 return "assoc_no_ack_received";
5781 case STA_CONNECT_FAIL_REASON_ASSOC_NO_RESP_RECEIVED:
5782 return "assoc_no_resp_received";
5783 default:
5784 return "unknown_reason";
5785 }
5786 }
5787
5788
wpas_event_assoc_reject(struct wpa_supplicant * wpa_s,union wpa_event_data * data)5789 static void wpas_event_assoc_reject(struct wpa_supplicant *wpa_s,
5790 union wpa_event_data *data)
5791 {
5792 const u8 *bssid = data->assoc_reject.bssid;
5793 struct ieee802_11_elems elems;
5794 struct ml_sta_link_info ml_info[MAX_NUM_MLD_LINKS];
5795 const u8 *link_bssids[MAX_NUM_MLD_LINKS + 1];
5796 #ifdef CONFIG_MBO
5797 struct wpa_bss *reject_bss;
5798 #endif /* CONFIG_MBO */
5799
5800 if (!bssid || is_zero_ether_addr(bssid))
5801 bssid = wpa_s->pending_bssid;
5802 #ifdef CONFIG_MBO
5803 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
5804 reject_bss = wpa_s->current_bss;
5805 else
5806 reject_bss = wpa_bss_get_bssid(wpa_s, bssid);
5807 #endif /* CONFIG_MBO */
5808
5809 if (data->assoc_reject.bssid)
5810 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT
5811 "bssid=" MACSTR " status_code=%u%s%s%s%s%s",
5812 MAC2STR(data->assoc_reject.bssid),
5813 data->assoc_reject.status_code,
5814 data->assoc_reject.timed_out ? " timeout" : "",
5815 data->assoc_reject.timeout_reason ? "=" : "",
5816 data->assoc_reject.timeout_reason ?
5817 data->assoc_reject.timeout_reason : "",
5818 data->assoc_reject.reason_code !=
5819 STA_CONNECT_FAIL_REASON_UNSPECIFIED ?
5820 " qca_driver_reason=" : "",
5821 connect_fail_reason(data->assoc_reject.reason_code));
5822 else
5823 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT
5824 "status_code=%u%s%s%s%s%s",
5825 data->assoc_reject.status_code,
5826 data->assoc_reject.timed_out ? " timeout" : "",
5827 data->assoc_reject.timeout_reason ? "=" : "",
5828 data->assoc_reject.timeout_reason ?
5829 data->assoc_reject.timeout_reason : "",
5830 data->assoc_reject.reason_code !=
5831 STA_CONNECT_FAIL_REASON_UNSPECIFIED ?
5832 " qca_driver_reason=" : "",
5833 connect_fail_reason(data->assoc_reject.reason_code));
5834 wpa_s->assoc_status_code = data->assoc_reject.status_code;
5835 wpas_notify_assoc_status_code(wpa_s);
5836
5837 #ifdef CONFIG_OWE
5838 if (data->assoc_reject.status_code ==
5839 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
5840 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE &&
5841 wpa_s->current_ssid &&
5842 wpa_s->current_ssid->owe_group == 0 &&
5843 wpa_s->last_owe_group != 21) {
5844 struct wpa_ssid *ssid = wpa_s->current_ssid;
5845 struct wpa_bss *bss = wpa_s->current_bss;
5846
5847 if (!bss) {
5848 bss = wpa_supplicant_get_new_bss(wpa_s, bssid);
5849 if (!bss) {
5850 wpas_connection_failed(wpa_s, bssid, NULL);
5851 wpa_supplicant_mark_disassoc(wpa_s);
5852 return;
5853 }
5854 }
5855 wpa_printf(MSG_DEBUG, "OWE: Try next supported DH group");
5856 wpas_connect_work_done(wpa_s);
5857 wpa_supplicant_mark_disassoc(wpa_s);
5858 wpa_supplicant_connect(wpa_s, bss, ssid);
5859 return;
5860 }
5861 #endif /* CONFIG_OWE */
5862
5863 #ifdef CONFIG_DPP2
5864 /* Try to follow AP's PFS policy. WLAN_STATUS_ASSOC_DENIED_UNSPEC is
5865 * the status code defined in the DPP R2 tech spec.
5866 * WLAN_STATUS_AKMP_NOT_VALID is addressed in the same manner as an
5867 * interoperability workaround with older hostapd implementation. */
5868 if (DPP_VERSION > 1 && wpa_s->current_ssid &&
5869 (wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP ||
5870 ((wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
5871 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP)) &&
5872 wpa_s->current_ssid->dpp_pfs == 0 &&
5873 (data->assoc_reject.status_code ==
5874 WLAN_STATUS_ASSOC_DENIED_UNSPEC ||
5875 data->assoc_reject.status_code == WLAN_STATUS_AKMP_NOT_VALID)) {
5876 struct wpa_ssid *ssid = wpa_s->current_ssid;
5877 struct wpa_bss *bss = wpa_s->current_bss;
5878
5879 wpa_s->current_ssid->dpp_pfs_fallback ^= 1;
5880 if (!bss)
5881 bss = wpa_supplicant_get_new_bss(wpa_s, bssid);
5882 if (!bss || wpa_s->dpp_pfs_fallback) {
5883 wpa_printf(MSG_DEBUG,
5884 "DPP: Updated PFS policy for next try");
5885 wpas_connection_failed(wpa_s, bssid, NULL);
5886 wpa_supplicant_mark_disassoc(wpa_s);
5887 return;
5888 }
5889 wpa_printf(MSG_DEBUG, "DPP: Try again with updated PFS policy");
5890 wpa_s->dpp_pfs_fallback = 1;
5891 wpas_connect_work_done(wpa_s);
5892 wpa_supplicant_mark_disassoc(wpa_s);
5893 wpa_supplicant_connect(wpa_s, bss, ssid);
5894 return;
5895 }
5896 #endif /* CONFIG_DPP2 */
5897
5898 #ifdef CONFIG_MBO
5899 if (data->assoc_reject.status_code ==
5900 WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS &&
5901 reject_bss && data->assoc_reject.resp_ies) {
5902 const u8 *rssi_rej;
5903
5904 rssi_rej = mbo_get_attr_from_ies(
5905 data->assoc_reject.resp_ies,
5906 data->assoc_reject.resp_ies_len,
5907 OCE_ATTR_ID_RSSI_BASED_ASSOC_REJECT);
5908 if (rssi_rej && rssi_rej[1] == 2) {
5909 wpa_printf(MSG_DEBUG,
5910 "OCE: RSSI-based association rejection from "
5911 MACSTR " (Delta RSSI: %u, Retry Delay: %u)",
5912 MAC2STR(reject_bss->bssid),
5913 rssi_rej[2], rssi_rej[3]);
5914 wpa_bss_tmp_disallow(wpa_s,
5915 reject_bss->bssid,
5916 rssi_rej[3],
5917 rssi_rej[2] + reject_bss->level);
5918 }
5919 }
5920 #endif /* CONFIG_MBO */
5921
5922 /* Check for other failed links in the response */
5923 os_memset(link_bssids, 0, sizeof(link_bssids));
5924 if (ieee802_11_parse_elems(data->assoc_reject.resp_ies,
5925 data->assoc_reject.resp_ies_len,
5926 &elems, 1) != ParseFailed) {
5927 unsigned int n_links, i, idx;
5928
5929 idx = 0;
5930 n_links = wpas_ml_parse_assoc(wpa_s, &elems, ml_info);
5931
5932 for (i = 1; i < n_links; i++) {
5933 /* The status cannot be success here.
5934 * Add the link to the failed list if it is reporting
5935 * an error. The only valid "non-error" status is
5936 * TX_LINK_NOT_ACCEPTED as that means this link may
5937 * still accept an association from us.
5938 */
5939 if (ml_info[i].status !=
5940 WLAN_STATUS_DENIED_TX_LINK_NOT_ACCEPTED) {
5941 link_bssids[idx] = ml_info[i].bssid;
5942 idx++;
5943 }
5944 }
5945 }
5946
5947 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) {
5948 sme_event_assoc_reject(wpa_s, data, link_bssids);
5949 return;
5950 }
5951
5952 /* Driver-based SME cases */
5953
5954 #ifdef CONFIG_SAE
5955 if (wpa_s->current_ssid &&
5956 wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt) &&
5957 !data->assoc_reject.timed_out) {
5958 wpa_dbg(wpa_s, MSG_DEBUG, "SAE: Drop PMKSA cache entry");
5959 wpa_sm_aborted_cached(wpa_s->wpa);
5960 wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
5961 }
5962 #endif /* CONFIG_SAE */
5963
5964 #ifdef CONFIG_DPP
5965 if (wpa_s->current_ssid &&
5966 wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
5967 !data->assoc_reject.timed_out) {
5968 wpa_dbg(wpa_s, MSG_DEBUG, "DPP: Drop PMKSA cache entry");
5969 wpa_sm_aborted_cached(wpa_s->wpa);
5970 wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
5971 }
5972 #endif /* CONFIG_DPP */
5973
5974 #ifdef CONFIG_FILS
5975 /* Update ERP next sequence number */
5976 if (wpa_s->auth_alg == WPA_AUTH_ALG_FILS) {
5977 fils_pmksa_cache_flush(wpa_s);
5978 eapol_sm_update_erp_next_seq_num(
5979 wpa_s->eapol,
5980 data->assoc_reject.fils_erp_next_seq_num);
5981 fils_connection_failure(wpa_s);
5982 }
5983 #endif /* CONFIG_FILS */
5984
5985 wpas_connection_failed(wpa_s, bssid, link_bssids);
5986 wpa_supplicant_mark_disassoc(wpa_s);
5987 }
5988
5989
wpas_event_unprot_beacon(struct wpa_supplicant * wpa_s,struct unprot_beacon * data)5990 static void wpas_event_unprot_beacon(struct wpa_supplicant *wpa_s,
5991 struct unprot_beacon *data)
5992 {
5993 struct wpabuf *buf;
5994 int res;
5995
5996 if (!data || wpa_s->wpa_state != WPA_COMPLETED ||
5997 !ether_addr_equal(data->sa, wpa_s->bssid))
5998 return;
5999 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_UNPROT_BEACON MACSTR,
6000 MAC2STR(data->sa));
6001
6002 buf = wpabuf_alloc(4);
6003 if (!buf)
6004 return;
6005
6006 wpabuf_put_u8(buf, WLAN_ACTION_WNM);
6007 wpabuf_put_u8(buf, WNM_NOTIFICATION_REQ);
6008 wpabuf_put_u8(buf, 1); /* Dialog Token */
6009 wpabuf_put_u8(buf, WNM_NOTIF_TYPE_BEACON_PROTECTION_FAILURE);
6010
6011 res = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
6012 wpa_s->own_addr, wpa_s->bssid,
6013 wpabuf_head(buf), wpabuf_len(buf), 0);
6014 if (res < 0)
6015 wpa_printf(MSG_DEBUG,
6016 "Failed to send WNM-Notification Request frame");
6017
6018 wpabuf_free(buf);
6019 }
6020
6021
bitmap_to_str(u8 value,char * buf)6022 static const char * bitmap_to_str(u8 value, char *buf)
6023 {
6024 char *pos = buf;
6025 int i, k = 0;
6026
6027 for (i = 7; i >= 0; i--)
6028 pos[k++] = (value & BIT(i)) ? '1' : '0';
6029
6030 pos[8] = '\0';
6031 return pos;
6032 }
6033
6034
wpas_tid_link_map(struct wpa_supplicant * wpa_s,struct tid_link_map_info * info)6035 static void wpas_tid_link_map(struct wpa_supplicant *wpa_s,
6036 struct tid_link_map_info *info)
6037 {
6038 char map_info[1000], *pos, *end;
6039 int res, i;
6040
6041 pos = map_info;
6042 end = pos + sizeof(map_info);
6043 res = os_snprintf(map_info, sizeof(map_info), "default=%d",
6044 info->default_map);
6045 if (os_snprintf_error(end - pos, res))
6046 return;
6047 pos += res;
6048
6049 if (!info->default_map) {
6050 for_each_link(info->valid_links, i) {
6051 char uplink_map_str[9];
6052 char downlink_map_str[9];
6053
6054 bitmap_to_str(info->t2lmap[i].uplink, uplink_map_str);
6055 bitmap_to_str(info->t2lmap[i].downlink,
6056 downlink_map_str);
6057
6058 res = os_snprintf(pos, end - pos,
6059 " link_id=%d up_link=%s down_link=%s",
6060 i, uplink_map_str,
6061 downlink_map_str);
6062 if (os_snprintf_error(end - pos, res))
6063 return;
6064 pos += res;
6065 }
6066 }
6067
6068 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_T2LM_UPDATE "%s", map_info);
6069 }
6070
6071
wpas_link_reconfig(struct wpa_supplicant * wpa_s)6072 static void wpas_link_reconfig(struct wpa_supplicant *wpa_s)
6073 {
6074 u8 bssid[ETH_ALEN];
6075
6076 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
6077 wpa_printf(MSG_ERROR, "LINK_RECONFIG: Failed to get BSSID");
6078 wpa_supplicant_deauthenticate(wpa_s,
6079 WLAN_REASON_DEAUTH_LEAVING);
6080 return;
6081 }
6082
6083 if (!ether_addr_equal(bssid, wpa_s->bssid)) {
6084 os_memcpy(wpa_s->bssid, bssid, ETH_ALEN);
6085 wpa_supplicant_update_current_bss(wpa_s, wpa_s->bssid);
6086 wpas_notify_bssid_changed(wpa_s);
6087 }
6088
6089 if (wpa_drv_get_mlo_info(wpa_s) < 0) {
6090 wpa_printf(MSG_ERROR,
6091 "LINK_RECONFIG: Failed to get MLO connection info");
6092 wpa_supplicant_deauthenticate(wpa_s,
6093 WLAN_REASON_DEAUTH_LEAVING);
6094 return;
6095 }
6096
6097 if (wpa_sm_set_ml_info(wpa_s)) {
6098 wpa_printf(MSG_ERROR,
6099 "LINK_RECONFIG: Failed to set MLO connection info to wpa_sm");
6100 wpa_supplicant_deauthenticate(wpa_s,
6101 WLAN_REASON_DEAUTH_LEAVING);
6102 return;
6103 }
6104
6105 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_LINK_RECONFIG "valid_links=0x%x",
6106 wpa_s->valid_links);
6107 }
6108
6109
6110 #ifdef CONFIG_PASN
wpas_pasn_auth(struct wpa_supplicant * wpa_s,const struct ieee80211_mgmt * mgmt,size_t len,int freq)6111 static int wpas_pasn_auth(struct wpa_supplicant *wpa_s,
6112 const struct ieee80211_mgmt *mgmt, size_t len,
6113 int freq)
6114 {
6115 #ifdef CONFIG_P2P
6116 struct ieee802_11_elems elems;
6117
6118 if (len < 24) {
6119 wpa_printf(MSG_DEBUG, "nl80211: Too short Management frame");
6120 return -2;
6121 }
6122
6123 if (ieee802_11_parse_elems(mgmt->u.auth.variable,
6124 len - offsetof(struct ieee80211_mgmt,
6125 u.auth.variable),
6126 &elems, 1) == ParseFailed) {
6127 wpa_printf(MSG_DEBUG,
6128 "PASN: Failed parsing Authentication frame");
6129 return -2;
6130 }
6131
6132 if (elems.p2p2_ie && elems.p2p2_ie_len)
6133 return wpas_p2p_pasn_auth_rx(wpa_s, mgmt, len, freq);
6134 #endif /* CONFIG_P2P */
6135
6136 return wpas_pasn_auth_rx(wpa_s, mgmt, len);
6137 }
6138 #endif /* CONFIG_PASN */
6139
6140
wpa_supplicant_event(void * ctx,enum wpa_event_type event,union wpa_event_data * data)6141 void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
6142 union wpa_event_data *data)
6143 {
6144 struct wpa_supplicant *wpa_s = ctx;
6145 int resched;
6146 struct os_reltime age, clear_at;
6147 #ifndef CONFIG_NO_STDOUT_DEBUG
6148 int level = MSG_DEBUG;
6149 #endif /* CONFIG_NO_STDOUT_DEBUG */
6150
6151 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED &&
6152 event != EVENT_INTERFACE_ENABLED &&
6153 event != EVENT_INTERFACE_STATUS &&
6154 event != EVENT_SCAN_RESULTS &&
6155 event != EVENT_SCHED_SCAN_STOPPED) {
6156 wpa_dbg(wpa_s, MSG_DEBUG,
6157 "Ignore event %s (%d) while interface is disabled",
6158 event_to_string(event), event);
6159 return;
6160 }
6161
6162 #ifndef CONFIG_NO_STDOUT_DEBUG
6163 if (event == EVENT_RX_MGMT && data->rx_mgmt.frame_len >= 24) {
6164 const struct ieee80211_hdr *hdr;
6165 u16 fc;
6166 hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame;
6167 fc = le_to_host16(hdr->frame_control);
6168 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
6169 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON)
6170 level = MSG_EXCESSIVE;
6171 }
6172
6173 wpa_dbg(wpa_s, level, "Event %s (%d) received",
6174 event_to_string(event), event);
6175 #endif /* CONFIG_NO_STDOUT_DEBUG */
6176
6177 switch (event) {
6178 case EVENT_AUTH:
6179 #ifdef CONFIG_FST
6180 if (!wpas_fst_update_mbie(wpa_s, data->auth.ies,
6181 data->auth.ies_len))
6182 wpa_printf(MSG_DEBUG,
6183 "FST: MB IEs updated from auth IE");
6184 #endif /* CONFIG_FST */
6185 sme_event_auth(wpa_s, data);
6186 wpa_s->auth_status_code = data->auth.status_code;
6187 wpas_notify_auth_status_code(wpa_s);
6188 break;
6189 case EVENT_ASSOC:
6190 #ifdef CONFIG_TESTING_OPTIONS
6191 if (wpa_s->ignore_auth_resp) {
6192 wpa_printf(MSG_INFO,
6193 "EVENT_ASSOC - ignore_auth_resp active!");
6194 break;
6195 }
6196 if (wpa_s->testing_resend_assoc) {
6197 wpa_printf(MSG_INFO,
6198 "EVENT_DEAUTH - testing_resend_assoc");
6199 break;
6200 }
6201 #endif /* CONFIG_TESTING_OPTIONS */
6202 if (wpa_s->disconnected) {
6203 wpa_printf(MSG_INFO,
6204 "Ignore unexpected EVENT_ASSOC in disconnected state");
6205 break;
6206 }
6207 wpa_supplicant_event_assoc(wpa_s, data);
6208 wpa_s->assoc_status_code = WLAN_STATUS_SUCCESS;
6209 if (data &&
6210 (data->assoc_info.authorized ||
6211 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
6212 wpa_fils_is_completed(wpa_s->wpa))))
6213 wpa_supplicant_event_assoc_auth(wpa_s, data);
6214 if (data) {
6215 wpa_msg(wpa_s, MSG_INFO,
6216 WPA_EVENT_SUBNET_STATUS_UPDATE "status=%u",
6217 data->assoc_info.subnet_status);
6218 }
6219 break;
6220 case EVENT_DISASSOC:
6221 wpas_event_disassoc(wpa_s,
6222 data ? &data->disassoc_info : NULL);
6223 break;
6224 case EVENT_DEAUTH:
6225 #ifdef CONFIG_TESTING_OPTIONS
6226 if (wpa_s->ignore_auth_resp) {
6227 wpa_printf(MSG_INFO,
6228 "EVENT_DEAUTH - ignore_auth_resp active!");
6229 break;
6230 }
6231 if (wpa_s->testing_resend_assoc) {
6232 wpa_printf(MSG_INFO,
6233 "EVENT_DEAUTH - testing_resend_assoc");
6234 break;
6235 }
6236 #endif /* CONFIG_TESTING_OPTIONS */
6237 wpas_event_deauth(wpa_s,
6238 data ? &data->deauth_info : NULL);
6239 break;
6240 case EVENT_LINK_RECONFIG:
6241 wpas_link_reconfig(wpa_s);
6242 break;
6243 case EVENT_MICHAEL_MIC_FAILURE:
6244 wpa_supplicant_event_michael_mic_failure(wpa_s, data);
6245 break;
6246 #ifndef CONFIG_NO_SCAN_PROCESSING
6247 case EVENT_SCAN_STARTED:
6248 if (wpa_s->own_scan_requested ||
6249 (data && !data->scan_info.external_scan)) {
6250 struct os_reltime diff;
6251
6252 os_get_reltime(&wpa_s->scan_start_time);
6253 os_reltime_sub(&wpa_s->scan_start_time,
6254 &wpa_s->scan_trigger_time, &diff);
6255 wpa_dbg(wpa_s, MSG_DEBUG, "Own scan request started a scan in %ld.%06ld seconds",
6256 diff.sec, diff.usec);
6257 wpa_s->own_scan_requested = 0;
6258 wpa_s->own_scan_running = 1;
6259 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
6260 wpa_s->manual_scan_use_id) {
6261 wpa_msg_ctrl(wpa_s, MSG_INFO,
6262 WPA_EVENT_SCAN_STARTED "id=%u",
6263 wpa_s->manual_scan_id);
6264 } else {
6265 wpa_msg_ctrl(wpa_s, MSG_INFO,
6266 WPA_EVENT_SCAN_STARTED);
6267 }
6268 } else {
6269 wpa_dbg(wpa_s, MSG_DEBUG, "External program started a scan");
6270 wpa_s->radio->external_scan_req_interface = wpa_s;
6271 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_STARTED);
6272 }
6273 break;
6274 case EVENT_SCAN_RESULTS:
6275 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
6276 wpa_s->scan_res_handler = NULL;
6277 wpa_s->own_scan_running = 0;
6278 wpa_s->radio->external_scan_req_interface = NULL;
6279 wpa_s->last_scan_req = NORMAL_SCAN_REQ;
6280 break;
6281 }
6282
6283 if (!(data && data->scan_info.external_scan) &&
6284 os_reltime_initialized(&wpa_s->scan_start_time)) {
6285 struct os_reltime now, diff;
6286 os_get_reltime(&now);
6287 os_reltime_sub(&now, &wpa_s->scan_start_time, &diff);
6288 wpa_s->scan_start_time.sec = 0;
6289 wpa_s->scan_start_time.usec = 0;
6290 wpa_s->wps_scan_done = true;
6291 wpa_dbg(wpa_s, MSG_DEBUG, "Scan completed in %ld.%06ld seconds",
6292 diff.sec, diff.usec);
6293 }
6294 if (wpa_supplicant_event_scan_results(wpa_s, data))
6295 break; /* interface may have been removed */
6296 if (!(data && data->scan_info.external_scan))
6297 wpa_s->own_scan_running = 0;
6298 if (data && data->scan_info.nl_scan_event)
6299 wpa_s->radio->external_scan_req_interface = NULL;
6300 radio_work_check_next(wpa_s);
6301 break;
6302 #endif /* CONFIG_NO_SCAN_PROCESSING */
6303 case EVENT_ASSOCINFO:
6304 wpa_supplicant_event_associnfo(wpa_s, data);
6305 break;
6306 case EVENT_INTERFACE_STATUS:
6307 wpa_supplicant_event_interface_status(wpa_s, data);
6308 break;
6309 case EVENT_PMKID_CANDIDATE:
6310 wpa_supplicant_event_pmkid_candidate(wpa_s, data);
6311 break;
6312 #ifdef CONFIG_TDLS
6313 case EVENT_TDLS:
6314 wpa_supplicant_event_tdls(wpa_s, data);
6315 break;
6316 #endif /* CONFIG_TDLS */
6317 #ifdef CONFIG_WNM
6318 case EVENT_WNM:
6319 wpa_supplicant_event_wnm(wpa_s, data);
6320 break;
6321 #endif /* CONFIG_WNM */
6322 #ifdef CONFIG_IEEE80211R
6323 case EVENT_FT_RESPONSE:
6324 wpa_supplicant_event_ft_response(wpa_s, data);
6325 break;
6326 #endif /* CONFIG_IEEE80211R */
6327 #ifdef CONFIG_IBSS_RSN
6328 case EVENT_IBSS_RSN_START:
6329 wpa_supplicant_event_ibss_rsn_start(wpa_s, data);
6330 break;
6331 #endif /* CONFIG_IBSS_RSN */
6332 case EVENT_ASSOC_REJECT:
6333 wpas_event_assoc_reject(wpa_s, data);
6334 break;
6335 case EVENT_AUTH_TIMED_OUT:
6336 /* It is possible to get this event from earlier connection */
6337 if (wpa_s->current_ssid &&
6338 wpa_s->current_ssid->mode == WPAS_MODE_MESH) {
6339 wpa_dbg(wpa_s, MSG_DEBUG,
6340 "Ignore AUTH_TIMED_OUT in mesh configuration");
6341 break;
6342 }
6343 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
6344 sme_event_auth_timed_out(wpa_s, data);
6345 break;
6346 case EVENT_ASSOC_TIMED_OUT:
6347 /* It is possible to get this event from earlier connection */
6348 if (wpa_s->current_ssid &&
6349 wpa_s->current_ssid->mode == WPAS_MODE_MESH) {
6350 wpa_dbg(wpa_s, MSG_DEBUG,
6351 "Ignore ASSOC_TIMED_OUT in mesh configuration");
6352 break;
6353 }
6354 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
6355 sme_event_assoc_timed_out(wpa_s, data);
6356 break;
6357 case EVENT_TX_STATUS:
6358 wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS dst=" MACSTR
6359 " type=%d stype=%d",
6360 MAC2STR(data->tx_status.dst),
6361 data->tx_status.type, data->tx_status.stype);
6362 #ifdef CONFIG_WNM
6363 if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
6364 data->tx_status.stype == WLAN_FC_STYPE_ACTION &&
6365 wnm_btm_resp_tx_status(wpa_s, data->tx_status.data,
6366 data->tx_status.data_len) == 0)
6367 break;
6368 #endif /* CONFIG_WNM */
6369 #ifdef CONFIG_PASN
6370 #ifdef CONFIG_P2P
6371 if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
6372 data->tx_status.stype == WLAN_FC_STYPE_AUTH &&
6373 !wpa_s->pasn_auth_work &&
6374 wpa_s->p2p_pasn_auth_work &&
6375 wpas_p2p_pasn_auth_tx_status(wpa_s,
6376 data->tx_status.data,
6377 data->tx_status.data_len,
6378 data->tx_status.ack) == 0)
6379 break;
6380 #endif /* CONFIG_P2P */
6381 if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
6382 data->tx_status.stype == WLAN_FC_STYPE_AUTH &&
6383 wpas_pasn_auth_tx_status(wpa_s, data->tx_status.data,
6384 data->tx_status.data_len,
6385 data->tx_status.ack) == 0)
6386 break;
6387 #endif /* CONFIG_PASN */
6388 #ifdef CONFIG_AP
6389 if (wpa_s->ap_iface == NULL) {
6390 #ifdef CONFIG_OFFCHANNEL
6391 if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
6392 data->tx_status.stype == WLAN_FC_STYPE_ACTION)
6393 offchannel_send_action_tx_status(
6394 wpa_s, data->tx_status.dst,
6395 data->tx_status.data,
6396 data->tx_status.data_len,
6397 data->tx_status.ack ?
6398 OFFCHANNEL_SEND_ACTION_SUCCESS :
6399 OFFCHANNEL_SEND_ACTION_NO_ACK);
6400 #endif /* CONFIG_OFFCHANNEL */
6401 break;
6402 }
6403 #endif /* CONFIG_AP */
6404 #ifdef CONFIG_OFFCHANNEL
6405 wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS pending_dst="
6406 MACSTR, MAC2STR(wpa_s->p2pdev->pending_action_dst));
6407 /*
6408 * Catch TX status events for Action frames we sent via group
6409 * interface in GO mode, or via standalone AP interface.
6410 * Note, wpa_s->p2pdev will be the same as wpa_s->parent,
6411 * except when the primary interface is used as a GO interface
6412 * (for drivers which do not have group interface concurrency)
6413 */
6414 if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
6415 data->tx_status.stype == WLAN_FC_STYPE_ACTION &&
6416 ether_addr_equal(wpa_s->p2pdev->pending_action_dst,
6417 data->tx_status.dst)) {
6418 offchannel_send_action_tx_status(
6419 wpa_s->p2pdev, data->tx_status.dst,
6420 data->tx_status.data,
6421 data->tx_status.data_len,
6422 data->tx_status.ack ?
6423 OFFCHANNEL_SEND_ACTION_SUCCESS :
6424 OFFCHANNEL_SEND_ACTION_NO_ACK);
6425 break;
6426 }
6427 #endif /* CONFIG_OFFCHANNEL */
6428 #ifdef CONFIG_AP
6429 switch (data->tx_status.type) {
6430 case WLAN_FC_TYPE_MGMT:
6431 ap_mgmt_tx_cb(wpa_s, data->tx_status.data,
6432 data->tx_status.data_len,
6433 data->tx_status.stype,
6434 data->tx_status.ack);
6435 break;
6436 case WLAN_FC_TYPE_DATA:
6437 ap_tx_status(wpa_s, data->tx_status.dst,
6438 data->tx_status.data,
6439 data->tx_status.data_len,
6440 data->tx_status.ack);
6441 break;
6442 }
6443 #endif /* CONFIG_AP */
6444 break;
6445 #ifdef CONFIG_AP
6446 case EVENT_EAPOL_TX_STATUS:
6447 ap_eapol_tx_status(wpa_s, data->eapol_tx_status.dst,
6448 data->eapol_tx_status.data,
6449 data->eapol_tx_status.data_len,
6450 data->eapol_tx_status.ack);
6451 break;
6452 case EVENT_DRIVER_CLIENT_POLL_OK:
6453 ap_client_poll_ok(wpa_s, data->client_poll.addr);
6454 break;
6455 case EVENT_RX_FROM_UNKNOWN:
6456 if (wpa_s->ap_iface == NULL)
6457 break;
6458 ap_rx_from_unknown_sta(wpa_s, data->rx_from_unknown.addr,
6459 data->rx_from_unknown.wds);
6460 break;
6461 #endif /* CONFIG_AP */
6462
6463 case EVENT_LINK_CH_SWITCH_STARTED:
6464 case EVENT_LINK_CH_SWITCH:
6465 if (!data || !wpa_s->current_ssid ||
6466 !(wpa_s->valid_links & BIT(data->ch_switch.link_id)))
6467 break;
6468
6469 wpa_msg(wpa_s, MSG_INFO,
6470 "%sfreq=%d link_id=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d",
6471 event == EVENT_LINK_CH_SWITCH ?
6472 WPA_EVENT_LINK_CHANNEL_SWITCH :
6473 WPA_EVENT_LINK_CHANNEL_SWITCH_STARTED,
6474 data->ch_switch.freq,
6475 data->ch_switch.link_id,
6476 data->ch_switch.ht_enabled,
6477 data->ch_switch.ch_offset,
6478 channel_width_to_string(data->ch_switch.ch_width),
6479 data->ch_switch.cf1,
6480 data->ch_switch.cf2);
6481 if (event == EVENT_LINK_CH_SWITCH_STARTED)
6482 break;
6483
6484 wpa_s->links[data->ch_switch.link_id].freq =
6485 data->ch_switch.freq;
6486 if (wpa_s->links[data->ch_switch.link_id].bss &&
6487 wpa_s->links[data->ch_switch.link_id].bss->freq !=
6488 data->ch_switch.freq) {
6489 wpa_s->links[data->ch_switch.link_id].bss->freq =
6490 data->ch_switch.freq;
6491 notify_bss_changes(
6492 wpa_s, WPA_BSS_FREQ_CHANGED_FLAG,
6493 wpa_s->links[data->ch_switch.link_id].bss);
6494 }
6495 break;
6496 case EVENT_CH_SWITCH_STARTED:
6497 case EVENT_CH_SWITCH:
6498 if (!data || !wpa_s->current_ssid)
6499 break;
6500
6501 wpa_msg(wpa_s, MSG_INFO,
6502 "%sfreq=%d ht_enabled=%d ch_offset=%d ch_width=%s cf1=%d cf2=%d",
6503 event == EVENT_CH_SWITCH ? WPA_EVENT_CHANNEL_SWITCH :
6504 WPA_EVENT_CHANNEL_SWITCH_STARTED,
6505 data->ch_switch.freq,
6506 data->ch_switch.ht_enabled,
6507 data->ch_switch.ch_offset,
6508 channel_width_to_string(data->ch_switch.ch_width),
6509 data->ch_switch.cf1,
6510 data->ch_switch.cf2);
6511 if (event == EVENT_CH_SWITCH_STARTED)
6512 break;
6513
6514 wpa_s->assoc_freq = data->ch_switch.freq;
6515 wpa_s->current_ssid->frequency = data->ch_switch.freq;
6516 if (wpa_s->current_bss &&
6517 wpa_s->current_bss->freq != data->ch_switch.freq) {
6518 wpa_s->current_bss->freq = data->ch_switch.freq;
6519 notify_bss_changes(wpa_s, WPA_BSS_FREQ_CHANGED_FLAG,
6520 wpa_s->current_bss);
6521 }
6522
6523 #ifdef CONFIG_SME
6524 switch (data->ch_switch.ch_offset) {
6525 case 1:
6526 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_ABOVE;
6527 break;
6528 case -1:
6529 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_BELOW;
6530 break;
6531 default:
6532 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_UNKNOWN;
6533 break;
6534 }
6535 #endif /* CONFIG_SME */
6536
6537 #ifdef CONFIG_AP
6538 if (wpa_s->current_ssid->mode == WPAS_MODE_AP ||
6539 wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO ||
6540 wpa_s->current_ssid->mode == WPAS_MODE_MESH ||
6541 wpa_s->current_ssid->mode ==
6542 WPAS_MODE_P2P_GROUP_FORMATION) {
6543 wpas_ap_ch_switch(wpa_s, data->ch_switch.freq,
6544 data->ch_switch.ht_enabled,
6545 data->ch_switch.ch_offset,
6546 data->ch_switch.ch_width,
6547 data->ch_switch.cf1,
6548 data->ch_switch.cf2,
6549 data->ch_switch.punct_bitmap,
6550 1);
6551 }
6552 #endif /* CONFIG_AP */
6553
6554 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
6555 sme_event_ch_switch(wpa_s);
6556
6557 wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_CS);
6558 wnm_clear_coloc_intf_reporting(wpa_s);
6559 break;
6560 #ifdef CONFIG_AP
6561 #ifdef NEED_AP_MLME
6562 case EVENT_DFS_RADAR_DETECTED:
6563 if (data)
6564 wpas_ap_event_dfs_radar_detected(wpa_s,
6565 &data->dfs_event);
6566 break;
6567 case EVENT_DFS_NOP_FINISHED:
6568 if (data)
6569 wpas_ap_event_dfs_cac_nop_finished(wpa_s,
6570 &data->dfs_event);
6571 break;
6572 #endif /* NEED_AP_MLME */
6573 #endif /* CONFIG_AP */
6574 case EVENT_DFS_CAC_STARTED:
6575 if (data)
6576 wpas_event_dfs_cac_started(wpa_s, &data->dfs_event);
6577 break;
6578 case EVENT_DFS_CAC_FINISHED:
6579 if (data)
6580 wpas_event_dfs_cac_finished(wpa_s, &data->dfs_event);
6581 break;
6582 case EVENT_DFS_CAC_ABORTED:
6583 if (data)
6584 wpas_event_dfs_cac_aborted(wpa_s, &data->dfs_event);
6585 break;
6586 case EVENT_RX_MGMT: {
6587 u16 fc, stype;
6588 const struct ieee80211_mgmt *mgmt;
6589
6590 #ifdef CONFIG_TESTING_OPTIONS
6591 if (wpa_s->ext_mgmt_frame_handling) {
6592 struct rx_mgmt *rx = &data->rx_mgmt;
6593 size_t hex_len = 2 * rx->frame_len + 1;
6594 char *hex = os_malloc(hex_len);
6595 if (hex) {
6596 wpa_snprintf_hex(hex, hex_len,
6597 rx->frame, rx->frame_len);
6598 wpa_msg(wpa_s, MSG_INFO, "MGMT-RX freq=%d datarate=%u ssi_signal=%d %s",
6599 rx->freq, rx->datarate, rx->ssi_signal,
6600 hex);
6601 os_free(hex);
6602 }
6603 break;
6604 }
6605 #endif /* CONFIG_TESTING_OPTIONS */
6606
6607 mgmt = (const struct ieee80211_mgmt *)
6608 data->rx_mgmt.frame;
6609 fc = le_to_host16(mgmt->frame_control);
6610 stype = WLAN_FC_GET_STYPE(fc);
6611
6612 #ifdef CONFIG_AP
6613 if (wpa_s->ap_iface == NULL) {
6614 #endif /* CONFIG_AP */
6615 #ifdef CONFIG_P2P
6616 if (stype == WLAN_FC_STYPE_PROBE_REQ &&
6617 data->rx_mgmt.frame_len > IEEE80211_HDRLEN) {
6618 const u8 *src = mgmt->sa;
6619 const u8 *ie;
6620 size_t ie_len;
6621
6622 ie = data->rx_mgmt.frame + IEEE80211_HDRLEN;
6623 ie_len = data->rx_mgmt.frame_len -
6624 IEEE80211_HDRLEN;
6625 wpas_p2p_probe_req_rx(
6626 wpa_s, src, mgmt->da,
6627 mgmt->bssid, ie, ie_len,
6628 data->rx_mgmt.freq,
6629 data->rx_mgmt.ssi_signal);
6630 break;
6631 }
6632 #endif /* CONFIG_P2P */
6633 #ifdef CONFIG_IBSS_RSN
6634 if (wpa_s->current_ssid &&
6635 wpa_s->current_ssid->mode == WPAS_MODE_IBSS &&
6636 stype == WLAN_FC_STYPE_AUTH &&
6637 data->rx_mgmt.frame_len >= 30) {
6638 wpa_supplicant_event_ibss_auth(wpa_s, data);
6639 break;
6640 }
6641 #endif /* CONFIG_IBSS_RSN */
6642
6643 if (stype == WLAN_FC_STYPE_ACTION) {
6644 wpas_event_rx_mgmt_action(
6645 wpa_s, data->rx_mgmt.frame,
6646 data->rx_mgmt.frame_len,
6647 data->rx_mgmt.freq,
6648 data->rx_mgmt.ssi_signal);
6649 break;
6650 }
6651
6652 if (wpa_s->ifmsh) {
6653 mesh_mpm_mgmt_rx(wpa_s, &data->rx_mgmt);
6654 break;
6655 }
6656 #ifdef CONFIG_PASN
6657 if (stype == WLAN_FC_STYPE_AUTH &&
6658 wpas_pasn_auth(wpa_s, mgmt, data->rx_mgmt.frame_len,
6659 data->rx_mgmt.freq) != -2)
6660 break;
6661 #endif /* CONFIG_PASN */
6662
6663 #ifdef CONFIG_SAE
6664 if (stype == WLAN_FC_STYPE_AUTH &&
6665 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
6666 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
6667 sme_external_auth_mgmt_rx(
6668 wpa_s, data->rx_mgmt.frame,
6669 data->rx_mgmt.frame_len);
6670 break;
6671 }
6672 #endif /* CONFIG_SAE */
6673 wpa_dbg(wpa_s, MSG_DEBUG, "AP: ignore received "
6674 "management frame in non-AP mode");
6675 break;
6676 #ifdef CONFIG_AP
6677 }
6678
6679 if (stype == WLAN_FC_STYPE_PROBE_REQ &&
6680 data->rx_mgmt.frame_len > IEEE80211_HDRLEN) {
6681 const u8 *ie;
6682 size_t ie_len;
6683
6684 ie = data->rx_mgmt.frame + IEEE80211_HDRLEN;
6685 ie_len = data->rx_mgmt.frame_len - IEEE80211_HDRLEN;
6686
6687 wpas_notify_preq(wpa_s, mgmt->sa, mgmt->da,
6688 mgmt->bssid, ie, ie_len,
6689 data->rx_mgmt.ssi_signal);
6690 }
6691
6692 ap_mgmt_rx(wpa_s, &data->rx_mgmt);
6693 #endif /* CONFIG_AP */
6694 break;
6695 }
6696 case EVENT_RX_PROBE_REQ:
6697 if (data->rx_probe_req.sa == NULL ||
6698 data->rx_probe_req.ie == NULL)
6699 break;
6700 #ifdef CONFIG_AP
6701 if (wpa_s->ap_iface) {
6702 hostapd_probe_req_rx(wpa_s->ap_iface->bss[0],
6703 data->rx_probe_req.sa,
6704 data->rx_probe_req.da,
6705 data->rx_probe_req.bssid,
6706 data->rx_probe_req.ie,
6707 data->rx_probe_req.ie_len,
6708 data->rx_probe_req.ssi_signal);
6709 break;
6710 }
6711 #endif /* CONFIG_AP */
6712 wpas_p2p_probe_req_rx(wpa_s, data->rx_probe_req.sa,
6713 data->rx_probe_req.da,
6714 data->rx_probe_req.bssid,
6715 data->rx_probe_req.ie,
6716 data->rx_probe_req.ie_len,
6717 0,
6718 data->rx_probe_req.ssi_signal);
6719 break;
6720 case EVENT_REMAIN_ON_CHANNEL:
6721 #ifdef CONFIG_OFFCHANNEL
6722 offchannel_remain_on_channel_cb(
6723 wpa_s, data->remain_on_channel.freq,
6724 data->remain_on_channel.duration);
6725 #endif /* CONFIG_OFFCHANNEL */
6726 wpas_p2p_remain_on_channel_cb(
6727 wpa_s, data->remain_on_channel.freq,
6728 data->remain_on_channel.duration);
6729 #ifdef CONFIG_DPP
6730 wpas_dpp_remain_on_channel_cb(
6731 wpa_s, data->remain_on_channel.freq,
6732 data->remain_on_channel.duration);
6733 #endif /* CONFIG_DPP */
6734 #ifdef CONFIG_NAN_USD
6735 wpas_nan_usd_remain_on_channel_cb(
6736 wpa_s, data->remain_on_channel.freq,
6737 data->remain_on_channel.duration);
6738 #endif /* CONFIG_NAN_USD */
6739 break;
6740 case EVENT_CANCEL_REMAIN_ON_CHANNEL:
6741 #ifdef CONFIG_OFFCHANNEL
6742 offchannel_cancel_remain_on_channel_cb(
6743 wpa_s, data->remain_on_channel.freq);
6744 #endif /* CONFIG_OFFCHANNEL */
6745 wpas_p2p_cancel_remain_on_channel_cb(
6746 wpa_s, data->remain_on_channel.freq);
6747 #ifdef CONFIG_DPP
6748 wpas_dpp_cancel_remain_on_channel_cb(
6749 wpa_s, data->remain_on_channel.freq);
6750 #endif /* CONFIG_DPP */
6751 #ifdef CONFIG_NAN_USD
6752 wpas_nan_usd_cancel_remain_on_channel_cb(
6753 wpa_s, data->remain_on_channel.freq);
6754 #endif /* CONFIG_NAN_USD */
6755 break;
6756 case EVENT_EAPOL_RX:
6757 wpa_supplicant_rx_eapol(wpa_s, data->eapol_rx.src,
6758 data->eapol_rx.data,
6759 data->eapol_rx.data_len,
6760 data->eapol_rx.encrypted);
6761 break;
6762 case EVENT_SIGNAL_CHANGE:
6763 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SIGNAL_CHANGE
6764 "above=%d signal=%d noise=%d txrate=%lu",
6765 data->signal_change.above_threshold,
6766 data->signal_change.data.signal,
6767 data->signal_change.current_noise,
6768 data->signal_change.data.current_tx_rate);
6769 wpa_bss_update_level(wpa_s->current_bss,
6770 data->signal_change.data.signal);
6771 bgscan_notify_signal_change(
6772 wpa_s, data->signal_change.above_threshold,
6773 data->signal_change.data.signal,
6774 data->signal_change.current_noise,
6775 data->signal_change.data.current_tx_rate);
6776 os_memcpy(&wpa_s->last_signal_info, data,
6777 sizeof(struct wpa_signal_info));
6778 wpas_notify_signal_change(wpa_s);
6779 break;
6780 case EVENT_INTERFACE_MAC_CHANGED:
6781 wpa_supplicant_update_mac_addr(wpa_s);
6782 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
6783 break;
6784 case EVENT_INTERFACE_ENABLED:
6785 wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled");
6786 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
6787 u8 addr[ETH_ALEN];
6788
6789 eloop_cancel_timeout(wpas_clear_disabled_interface,
6790 wpa_s, NULL);
6791 os_memcpy(addr, wpa_s->own_addr, ETH_ALEN);
6792 wpa_supplicant_update_mac_addr(wpa_s);
6793 if (!ether_addr_equal(addr, wpa_s->own_addr))
6794 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
6795 else
6796 wpa_sm_pmksa_cache_reconfig(wpa_s->wpa);
6797 wpa_supplicant_set_default_scan_ies(wpa_s);
6798 if (wpa_s->p2p_mgmt) {
6799 wpa_supplicant_set_state(wpa_s,
6800 WPA_DISCONNECTED);
6801 break;
6802 }
6803
6804 #ifdef CONFIG_AP
6805 if (!wpa_s->ap_iface) {
6806 wpa_supplicant_set_state(wpa_s,
6807 WPA_DISCONNECTED);
6808 wpa_s->scan_req = NORMAL_SCAN_REQ;
6809 wpa_supplicant_req_scan(wpa_s, 0, 0);
6810 } else
6811 wpa_supplicant_set_state(wpa_s,
6812 WPA_COMPLETED);
6813 #else /* CONFIG_AP */
6814 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
6815 wpa_supplicant_req_scan(wpa_s, 0, 0);
6816 #endif /* CONFIG_AP */
6817 }
6818 break;
6819 case EVENT_INTERFACE_DISABLED:
6820 wpa_dbg(wpa_s, MSG_DEBUG, "Interface was disabled");
6821 #ifdef CONFIG_P2P
6822 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_GO ||
6823 (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group &&
6824 wpa_s->current_ssid->mode == WPAS_MODE_P2P_GO)) {
6825 /*
6826 * Mark interface disabled if this happens to end up not
6827 * being removed as a separate P2P group interface.
6828 */
6829 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
6830 /*
6831 * The interface was externally disabled. Remove
6832 * it assuming an external entity will start a
6833 * new session if needed.
6834 */
6835 if (wpa_s->current_ssid &&
6836 wpa_s->current_ssid->p2p_group)
6837 wpas_p2p_interface_unavailable(wpa_s);
6838 else
6839 wpas_p2p_disconnect(wpa_s);
6840 /*
6841 * wpa_s instance may have been freed, so must not use
6842 * it here anymore.
6843 */
6844 break;
6845 }
6846 if (wpa_s->p2p_scan_work && wpa_s->global->p2p &&
6847 p2p_in_progress(wpa_s->global->p2p) > 1) {
6848 /* This radio work will be cancelled, so clear P2P
6849 * state as well.
6850 */
6851 p2p_stop_find(wpa_s->global->p2p);
6852 }
6853 #endif /* CONFIG_P2P */
6854
6855 if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
6856 /*
6857 * Indicate disconnection to keep ctrl_iface events
6858 * consistent.
6859 */
6860 wpa_supplicant_event_disassoc(
6861 wpa_s, WLAN_REASON_DEAUTH_LEAVING, 1);
6862 }
6863 wpa_supplicant_mark_disassoc(wpa_s);
6864 os_reltime_age(&wpa_s->last_scan, &age);
6865 if (age.sec >= wpa_s->conf->scan_res_valid_for_connect) {
6866 clear_at.sec = wpa_s->conf->scan_res_valid_for_connect;
6867 clear_at.usec = 0;
6868 } else {
6869 struct os_reltime tmp;
6870
6871 tmp.sec = wpa_s->conf->scan_res_valid_for_connect;
6872 tmp.usec = 0;
6873 os_reltime_sub(&tmp, &age, &clear_at);
6874 }
6875 eloop_register_timeout(clear_at.sec, clear_at.usec,
6876 wpas_clear_disabled_interface,
6877 wpa_s, NULL);
6878 radio_remove_works(wpa_s, NULL, 0);
6879
6880 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
6881 break;
6882 case EVENT_CHANNEL_LIST_CHANGED:
6883 wpa_supplicant_update_channel_list(
6884 wpa_s, &data->channel_list_changed);
6885 break;
6886 case EVENT_INTERFACE_UNAVAILABLE:
6887 wpas_p2p_interface_unavailable(wpa_s);
6888 break;
6889 case EVENT_BEST_CHANNEL:
6890 wpa_dbg(wpa_s, MSG_DEBUG, "Best channel event received "
6891 "(%d %d %d)",
6892 data->best_chan.freq_24, data->best_chan.freq_5,
6893 data->best_chan.freq_overall);
6894 wpa_s->best_24_freq = data->best_chan.freq_24;
6895 wpa_s->best_5_freq = data->best_chan.freq_5;
6896 wpa_s->best_overall_freq = data->best_chan.freq_overall;
6897 wpas_p2p_update_best_channels(wpa_s, data->best_chan.freq_24,
6898 data->best_chan.freq_5,
6899 data->best_chan.freq_overall);
6900 break;
6901 case EVENT_UNPROT_DEAUTH:
6902 wpa_supplicant_event_unprot_deauth(wpa_s,
6903 &data->unprot_deauth);
6904 break;
6905 case EVENT_UNPROT_DISASSOC:
6906 wpa_supplicant_event_unprot_disassoc(wpa_s,
6907 &data->unprot_disassoc);
6908 break;
6909 case EVENT_STATION_LOW_ACK:
6910 #ifdef CONFIG_AP
6911 if (wpa_s->ap_iface && data)
6912 hostapd_event_sta_low_ack(wpa_s->ap_iface->bss[0],
6913 data->low_ack.addr);
6914 #endif /* CONFIG_AP */
6915 #ifdef CONFIG_TDLS
6916 if (data)
6917 wpa_tdls_disable_unreachable_link(wpa_s->wpa,
6918 data->low_ack.addr);
6919 #endif /* CONFIG_TDLS */
6920 break;
6921 case EVENT_IBSS_PEER_LOST:
6922 #ifdef CONFIG_IBSS_RSN
6923 ibss_rsn_stop(wpa_s->ibss_rsn, data->ibss_peer_lost.peer);
6924 #endif /* CONFIG_IBSS_RSN */
6925 break;
6926 case EVENT_DRIVER_GTK_REKEY:
6927 if (!ether_addr_equal(data->driver_gtk_rekey.bssid,
6928 wpa_s->bssid))
6929 break;
6930 if (!wpa_s->wpa)
6931 break;
6932 wpa_sm_update_replay_ctr(wpa_s->wpa,
6933 data->driver_gtk_rekey.replay_ctr);
6934 break;
6935 case EVENT_SCHED_SCAN_STOPPED:
6936 wpa_s->sched_scanning = 0;
6937 resched = wpa_s->scanning && wpas_scan_scheduled(wpa_s);
6938 wpa_supplicant_notify_scanning(wpa_s, 0);
6939
6940 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
6941 break;
6942
6943 /*
6944 * If the driver stopped scanning without being requested to,
6945 * request a new scan to continue scanning for networks.
6946 */
6947 if (!wpa_s->sched_scan_stop_req &&
6948 wpa_s->wpa_state == WPA_SCANNING) {
6949 wpa_dbg(wpa_s, MSG_DEBUG,
6950 "Restart scanning after unexpected sched_scan stop event");
6951 wpa_supplicant_req_scan(wpa_s, 1, 0);
6952 break;
6953 }
6954
6955 wpa_s->sched_scan_stop_req = 0;
6956
6957 /*
6958 * Start a new sched scan to continue searching for more SSIDs
6959 * either if timed out or PNO schedule scan is pending.
6960 */
6961 if (wpa_s->sched_scan_timed_out) {
6962 wpa_supplicant_req_sched_scan(wpa_s);
6963 } else if (wpa_s->pno_sched_pending) {
6964 wpa_s->pno_sched_pending = 0;
6965 wpas_start_pno(wpa_s);
6966 } else if (resched) {
6967 wpa_supplicant_req_scan(wpa_s, 0, 0);
6968 }
6969
6970 break;
6971 case EVENT_WPS_BUTTON_PUSHED:
6972 #ifdef CONFIG_WPS
6973 wpas_wps_start_pbc(wpa_s, NULL, 0, 0);
6974 #endif /* CONFIG_WPS */
6975 break;
6976 case EVENT_AVOID_FREQUENCIES:
6977 wpa_supplicant_notify_avoid_freq(wpa_s, data);
6978 break;
6979 case EVENT_CONNECT_FAILED_REASON:
6980 #ifdef CONFIG_AP
6981 if (!wpa_s->ap_iface || !data)
6982 break;
6983 hostapd_event_connect_failed_reason(
6984 wpa_s->ap_iface->bss[0],
6985 data->connect_failed_reason.addr,
6986 data->connect_failed_reason.code);
6987 #endif /* CONFIG_AP */
6988 break;
6989 case EVENT_NEW_PEER_CANDIDATE:
6990 #ifdef CONFIG_MESH
6991 if (!wpa_s->ifmsh || !data)
6992 break;
6993 wpa_mesh_notify_peer(wpa_s, data->mesh_peer.peer,
6994 data->mesh_peer.ies,
6995 data->mesh_peer.ie_len);
6996 #endif /* CONFIG_MESH */
6997 break;
6998 case EVENT_SURVEY:
6999 #ifdef CONFIG_AP
7000 if (!wpa_s->ap_iface)
7001 break;
7002 hostapd_event_get_survey(wpa_s->ap_iface,
7003 &data->survey_results);
7004 #endif /* CONFIG_AP */
7005 break;
7006 case EVENT_ACS_CHANNEL_SELECTED:
7007 #ifdef CONFIG_AP
7008 #ifdef CONFIG_ACS
7009 if (!wpa_s->ap_iface)
7010 break;
7011 hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0],
7012 &data->acs_selected_channels);
7013 #endif /* CONFIG_ACS */
7014 #endif /* CONFIG_AP */
7015 break;
7016 case EVENT_P2P_LO_STOP:
7017 #ifdef CONFIG_P2P
7018 wpa_s->p2p_lo_started = 0;
7019 wpa_msg(wpa_s, MSG_INFO, P2P_EVENT_LISTEN_OFFLOAD_STOP
7020 P2P_LISTEN_OFFLOAD_STOP_REASON "reason=%d",
7021 data->p2p_lo_stop.reason_code);
7022 #endif /* CONFIG_P2P */
7023 break;
7024 case EVENT_BEACON_LOSS:
7025 if (!wpa_s->current_bss || !wpa_s->current_ssid)
7026 break;
7027 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_BEACON_LOSS);
7028 bgscan_notify_beacon_loss(wpa_s);
7029 break;
7030 case EVENT_EXTERNAL_AUTH:
7031 #ifdef CONFIG_SAE
7032 if (!wpa_s->current_ssid) {
7033 wpa_printf(MSG_DEBUG, "SAE: current_ssid is NULL");
7034 break;
7035 }
7036 sme_external_auth_trigger(wpa_s, data);
7037 #endif /* CONFIG_SAE */
7038 break;
7039 #ifdef CONFIG_PASN
7040 case EVENT_PASN_AUTH:
7041 wpas_pasn_auth_trigger(wpa_s, &data->pasn_auth);
7042 break;
7043 #endif /* CONFIG_PASN */
7044 case EVENT_PORT_AUTHORIZED:
7045 #ifdef CONFIG_AP
7046 if (wpa_s->ap_iface && wpa_s->ap_iface->bss[0]) {
7047 struct sta_info *sta;
7048
7049 sta = ap_get_sta(wpa_s->ap_iface->bss[0],
7050 data->port_authorized.sta_addr);
7051 if (sta)
7052 ap_sta_set_authorized(wpa_s->ap_iface->bss[0],
7053 sta, 1);
7054 else
7055 wpa_printf(MSG_DEBUG,
7056 "No STA info matching port authorized event found");
7057 break;
7058 }
7059 #endif /* CONFIG_AP */
7060 #ifndef CONFIG_NO_WPA
7061 if (data->port_authorized.td_bitmap_len) {
7062 wpa_printf(MSG_DEBUG,
7063 "WPA3: Transition Disable bitmap from the driver event: 0x%x",
7064 data->port_authorized.td_bitmap[0]);
7065 wpas_transition_disable(
7066 wpa_s, data->port_authorized.td_bitmap[0]);
7067 }
7068 #endif /* CONFIG_NO_WPA */
7069 wpa_supplicant_event_port_authorized(wpa_s);
7070 break;
7071 case EVENT_STATION_OPMODE_CHANGED:
7072 #ifdef CONFIG_AP
7073 if (!wpa_s->ap_iface || !data)
7074 break;
7075
7076 hostapd_event_sta_opmode_changed(wpa_s->ap_iface->bss[0],
7077 data->sta_opmode.addr,
7078 data->sta_opmode.smps_mode,
7079 data->sta_opmode.chan_width,
7080 data->sta_opmode.rx_nss);
7081 #endif /* CONFIG_AP */
7082 break;
7083 case EVENT_UNPROT_BEACON:
7084 wpas_event_unprot_beacon(wpa_s, &data->unprot_beacon);
7085 break;
7086 case EVENT_TX_WAIT_EXPIRE:
7087 #ifdef CONFIG_DPP
7088 wpas_dpp_tx_wait_expire(wpa_s);
7089 #endif /* CONFIG_DPP */
7090 #ifdef CONFIG_NAN_USD
7091 wpas_nan_usd_tx_wait_expire(wpa_s);
7092 #endif /* CONFIG_NAN_USD */
7093 break;
7094 case EVENT_TID_LINK_MAP:
7095 if (data)
7096 wpas_tid_link_map(wpa_s, &data->t2l_map_info);
7097 break;
7098 default:
7099 wpa_msg(wpa_s, MSG_INFO, "Unknown event %d", event);
7100 break;
7101 }
7102 }
7103
7104
wpa_supplicant_event_global(void * ctx,enum wpa_event_type event,union wpa_event_data * data)7105 void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
7106 union wpa_event_data *data)
7107 {
7108 struct wpa_supplicant *wpa_s;
7109
7110 if (event != EVENT_INTERFACE_STATUS)
7111 return;
7112
7113 wpa_s = wpa_supplicant_get_iface(ctx, data->interface_status.ifname);
7114 if (wpa_s && wpa_s->driver->get_ifindex) {
7115 unsigned int ifindex;
7116
7117 ifindex = wpa_s->driver->get_ifindex(wpa_s->drv_priv);
7118 if (ifindex != data->interface_status.ifindex) {
7119 wpa_dbg(wpa_s, MSG_DEBUG,
7120 "interface status ifindex %d mismatch (%d)",
7121 ifindex, data->interface_status.ifindex);
7122 return;
7123 }
7124 }
7125 #ifdef CONFIG_MATCH_IFACE
7126 else if (data->interface_status.ievent == EVENT_INTERFACE_ADDED) {
7127 struct wpa_interface *wpa_i;
7128
7129 wpa_i = wpa_supplicant_match_iface(
7130 ctx, data->interface_status.ifname);
7131 if (!wpa_i)
7132 return;
7133 wpa_s = wpa_supplicant_add_iface(ctx, wpa_i, NULL);
7134 os_free(wpa_i);
7135 }
7136 #endif /* CONFIG_MATCH_IFACE */
7137
7138 if (wpa_s)
7139 wpa_supplicant_event(wpa_s, event, data);
7140 }
7141