1/* 2 * WPA Supplicant - Basic mesh peer management 3 * Copyright (c) 2013-2014, cozybit, Inc. All rights reserved. 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#include "utils/common.h" 12#include "utils/eloop.h" 13#include "common/ieee802_11_defs.h" 14#include "common/hw_features_common.h" 15#include "common/ocv.h" 16#include "ap/hostapd.h" 17#include "ap/sta_info.h" 18#include "ap/ieee802_11.h" 19#include "ap/wpa_auth.h" 20#include "wpa_supplicant_i.h" 21#include "driver_i.h" 22#include "mesh_mpm.h" 23#include "mesh_rsn.h" 24#include "notify.h" 25 26struct mesh_peer_mgmt_ie { 27 const u8 *proto_id; /* Mesh Peering Protocol Identifier (2 octets) */ 28 const u8 *llid; /* Local Link ID (2 octets) */ 29 const u8 *plid; /* Peer Link ID (conditional, 2 octets) */ 30 const u8 *reason; /* Reason Code (conditional, 2 octets) */ 31 const u8 *chosen_pmk; /* Chosen PMK (optional, 16 octets) */ 32}; 33 34static void plink_timer(void *eloop_ctx, void *user_data); 35 36 37enum plink_event { 38 PLINK_UNDEFINED, 39 OPN_ACPT, 40 OPN_RJCT, 41 CNF_ACPT, 42 CNF_RJCT, 43 CLS_ACPT, 44 REQ_RJCT 45}; 46 47static const char * const mplstate[] = { 48 [0] = "UNINITIALIZED", 49 [PLINK_IDLE] = "IDLE", 50 [PLINK_OPN_SNT] = "OPN_SNT", 51 [PLINK_OPN_RCVD] = "OPN_RCVD", 52 [PLINK_CNF_RCVD] = "CNF_RCVD", 53 [PLINK_ESTAB] = "ESTAB", 54 [PLINK_HOLDING] = "HOLDING", 55 [PLINK_BLOCKED] = "BLOCKED" 56}; 57 58static const char * const mplevent[] = { 59 [PLINK_UNDEFINED] = "UNDEFINED", 60 [OPN_ACPT] = "OPN_ACPT", 61 [OPN_RJCT] = "OPN_RJCT", 62 [CNF_ACPT] = "CNF_ACPT", 63 [CNF_RJCT] = "CNF_RJCT", 64 [CLS_ACPT] = "CLS_ACPT", 65 [REQ_RJCT] = "REQ_RJCT", 66}; 67 68 69static int mesh_mpm_parse_peer_mgmt(struct wpa_supplicant *wpa_s, 70 u8 action_field, 71 const u8 *ie, size_t len, 72 struct mesh_peer_mgmt_ie *mpm_ie) 73{ 74 os_memset(mpm_ie, 0, sizeof(*mpm_ie)); 75 76 /* Remove optional Chosen PMK field at end */ 77 if (len >= SAE_PMKID_LEN) { 78 mpm_ie->chosen_pmk = ie + len - SAE_PMKID_LEN; 79 len -= SAE_PMKID_LEN; 80 } 81 82 if ((action_field == PLINK_OPEN && len != 4) || 83 (action_field == PLINK_CONFIRM && len != 6) || 84 (action_field == PLINK_CLOSE && len != 6 && len != 8)) { 85 wpa_msg(wpa_s, MSG_DEBUG, "MPM: Invalid peer mgmt ie"); 86 return -1; 87 } 88 89 /* required fields */ 90 if (len < 4) 91 return -1; 92 mpm_ie->proto_id = ie; 93 mpm_ie->llid = ie + 2; 94 ie += 4; 95 len -= 4; 96 97 /* close reason is always present at end for close */ 98 if (action_field == PLINK_CLOSE) { 99 if (len < 2) 100 return -1; 101 mpm_ie->reason = ie + len - 2; 102 len -= 2; 103 } 104 105 /* Peer Link ID, present for confirm, and possibly close */ 106 if (len >= 2) 107 mpm_ie->plid = ie; 108 109 return 0; 110} 111 112 113static int plink_free_count(struct hostapd_data *hapd) 114{ 115 if (hapd->max_plinks > hapd->num_plinks) 116 return hapd->max_plinks - hapd->num_plinks; 117 return 0; 118} 119 120 121static u16 copy_supp_rates(struct wpa_supplicant *wpa_s, 122 struct sta_info *sta, 123 struct ieee802_11_elems *elems) 124{ 125 if (!elems->supp_rates) { 126 wpa_msg(wpa_s, MSG_ERROR, "no supported rates from " MACSTR, 127 MAC2STR(sta->addr)); 128 return WLAN_STATUS_UNSPECIFIED_FAILURE; 129 } 130 131 if (elems->supp_rates_len + elems->ext_supp_rates_len > 132 sizeof(sta->supported_rates)) { 133 wpa_msg(wpa_s, MSG_ERROR, 134 "Invalid supported rates element length " MACSTR 135 " %d+%d", MAC2STR(sta->addr), elems->supp_rates_len, 136 elems->ext_supp_rates_len); 137 return WLAN_STATUS_UNSPECIFIED_FAILURE; 138 } 139 140 sta->supported_rates_len = merge_byte_arrays( 141 sta->supported_rates, sizeof(sta->supported_rates), 142 elems->supp_rates, elems->supp_rates_len, 143 elems->ext_supp_rates, elems->ext_supp_rates_len); 144 145 return WLAN_STATUS_SUCCESS; 146} 147 148 149/* return true if elems from a neighbor match this MBSS */ 150static bool matches_local(struct wpa_supplicant *wpa_s, 151 struct ieee802_11_elems *elems) 152{ 153 struct mesh_conf *mconf = wpa_s->ifmsh->mconf; 154 155 if (elems->mesh_config_len < 5) 156 return false; 157 158 return (mconf->meshid_len == elems->mesh_id_len && 159 os_memcmp(mconf->meshid, elems->mesh_id, 160 elems->mesh_id_len) == 0 && 161 mconf->mesh_pp_id == elems->mesh_config[0] && 162 mconf->mesh_pm_id == elems->mesh_config[1] && 163 mconf->mesh_cc_id == elems->mesh_config[2] && 164 mconf->mesh_sp_id == elems->mesh_config[3] && 165 mconf->mesh_auth_id == elems->mesh_config[4]); 166} 167 168 169/* check if local link id is already used with another peer */ 170static bool llid_in_use(struct wpa_supplicant *wpa_s, u16 llid) 171{ 172 struct sta_info *sta; 173 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 174 175 for (sta = hapd->sta_list; sta; sta = sta->next) { 176 if (sta->my_lid == llid) 177 return true; 178 } 179 180 return false; 181} 182 183 184/* generate an llid for a link and set to initial state */ 185static void mesh_mpm_init_link(struct wpa_supplicant *wpa_s, 186 struct sta_info *sta) 187{ 188 u16 llid; 189 190 do { 191 if (os_get_random((u8 *) &llid, sizeof(llid)) < 0) 192 llid = 0; /* continue */ 193 } while (!llid || llid_in_use(wpa_s, llid)); 194 195 sta->my_lid = llid; 196 sta->peer_lid = 0; 197 sta->peer_aid = 0; 198 199 /* 200 * We do not use wpa_mesh_set_plink_state() here because there is no 201 * entry in kernel yet. 202 */ 203 sta->plink_state = PLINK_IDLE; 204} 205 206 207static void mesh_mpm_send_plink_action(struct wpa_supplicant *wpa_s, 208 struct sta_info *sta, 209 enum plink_action_field type, 210 u16 close_reason) 211{ 212 struct wpabuf *buf; 213 struct hostapd_iface *ifmsh = wpa_s->ifmsh; 214 struct hostapd_data *bss = ifmsh->bss[0]; 215 struct mesh_conf *conf = ifmsh->mconf; 216 u8 supp_rates[2 + 2 + 32]; 217 u8 *pos, *cat; 218 u8 ie_len, add_plid = 0; 219 int ret; 220 int ampe = conf->security & MESH_CONF_SEC_AMPE; 221 size_t buf_len; 222 223 if (!sta) 224 return; 225 226 buf_len = 2 + /* Category and Action */ 227 2 + /* capability info */ 228 2 + /* AID */ 229 2 + 8 + /* supported rates */ 230 2 + (32 - 8) + 231 2 + 32 + /* mesh ID */ 232 2 + 7 + /* mesh config */ 233 2 + 24 + /* peering management */ 234 2 + 96 + 32 + 32 + /* AMPE (96 + max GTKlen + max IGTKlen) */ 235 2 + 16; /* MIC */ 236 if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) { 237 buf_len += 2 + 26 + /* HT capabilities */ 238 2 + 22; /* HT operation */ 239 } 240#ifdef CONFIG_IEEE80211AC 241 if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) { 242 buf_len += 2 + 12 + /* VHT Capabilities */ 243 2 + 5; /* VHT Operation */ 244 } 245#endif /* CONFIG_IEEE80211AC */ 246#ifdef CONFIG_IEEE80211AX 247 if (type != PLINK_CLOSE && wpa_s->mesh_he_enabled) { 248 buf_len += 3 + 249 HE_MAX_MAC_CAPAB_SIZE + 250 HE_MAX_PHY_CAPAB_SIZE + 251 HE_MAX_MCS_CAPAB_SIZE + 252 HE_MAX_PPET_CAPAB_SIZE; 253 buf_len += 3 + sizeof(struct ieee80211_he_operation); 254 if (is_6ghz_op_class(bss->iconf->op_class)) 255 buf_len += sizeof(struct ieee80211_he_6ghz_oper_info) + 256 3 + sizeof(struct ieee80211_he_6ghz_band_cap); 257 } 258#endif /* CONFIG_IEEE80211AX */ 259 if (type != PLINK_CLOSE) 260 buf_len += conf->rsn_ie_len; /* RSN IE */ 261#ifdef CONFIG_OCV 262 /* OCI is included even when the other STA doesn't support OCV */ 263 if (type != PLINK_CLOSE && conf->ocv) 264 buf_len += OCV_OCI_EXTENDED_LEN; 265#endif /* CONFIG_OCV */ 266 267 buf = wpabuf_alloc(buf_len); 268 if (!buf) 269 return; 270 271 cat = wpabuf_mhead_u8(buf); 272 wpabuf_put_u8(buf, WLAN_ACTION_SELF_PROTECTED); 273 wpabuf_put_u8(buf, type); 274 275 if (type != PLINK_CLOSE) { 276 u8 info; 277 278 /* capability info */ 279 wpabuf_put_le16(buf, ampe ? IEEE80211_CAP_PRIVACY : 0); 280 281 /* aid */ 282 if (type == PLINK_CONFIRM) 283 wpabuf_put_le16(buf, sta->aid); 284 285 /* IE: supp + ext. supp rates */ 286 pos = hostapd_eid_supp_rates(bss, supp_rates); 287 pos = hostapd_eid_ext_supp_rates(bss, pos); 288 wpabuf_put_data(buf, supp_rates, pos - supp_rates); 289 290 /* IE: RSN IE */ 291 wpabuf_put_data(buf, conf->rsn_ie, conf->rsn_ie_len); 292 293 /* IE: Mesh ID */ 294 wpabuf_put_u8(buf, WLAN_EID_MESH_ID); 295 wpabuf_put_u8(buf, conf->meshid_len); 296 wpabuf_put_data(buf, conf->meshid, conf->meshid_len); 297 298 /* IE: mesh conf */ 299 wpabuf_put_u8(buf, WLAN_EID_MESH_CONFIG); 300 wpabuf_put_u8(buf, 7); 301 wpabuf_put_u8(buf, conf->mesh_pp_id); 302 wpabuf_put_u8(buf, conf->mesh_pm_id); 303 wpabuf_put_u8(buf, conf->mesh_cc_id); 304 wpabuf_put_u8(buf, conf->mesh_sp_id); 305 wpabuf_put_u8(buf, conf->mesh_auth_id); 306 info = (bss->num_plinks > 63 ? 63 : bss->num_plinks) << 1; 307 /* TODO: Add Connected to Mesh Gate/AS subfields */ 308 wpabuf_put_u8(buf, info); 309 /* Set forwarding based on configuration and always accept 310 * plinks for now */ 311 wpabuf_put_u8(buf, MESH_CAP_ACCEPT_ADDITIONAL_PEER | 312 (conf->mesh_fwding ? MESH_CAP_FORWARDING : 0)); 313 } else { /* Peer closing frame */ 314 /* IE: Mesh ID */ 315 wpabuf_put_u8(buf, WLAN_EID_MESH_ID); 316 wpabuf_put_u8(buf, conf->meshid_len); 317 wpabuf_put_data(buf, conf->meshid, conf->meshid_len); 318 } 319 320 /* IE: Mesh Peering Management element */ 321 ie_len = 4; 322 if (ampe) 323 ie_len += PMKID_LEN; 324 switch (type) { 325 case PLINK_OPEN: 326 break; 327 case PLINK_CONFIRM: 328 ie_len += 2; 329 add_plid = 1; 330 break; 331 case PLINK_CLOSE: 332 ie_len += 2; 333 add_plid = 1; 334 ie_len += 2; /* reason code */ 335 break; 336 } 337 338 wpabuf_put_u8(buf, WLAN_EID_PEER_MGMT); 339 wpabuf_put_u8(buf, ie_len); 340 /* peering protocol */ 341 if (ampe) 342 wpabuf_put_le16(buf, 1); 343 else 344 wpabuf_put_le16(buf, 0); 345 wpabuf_put_le16(buf, sta->my_lid); 346 if (add_plid) 347 wpabuf_put_le16(buf, sta->peer_lid); 348 if (type == PLINK_CLOSE) 349 wpabuf_put_le16(buf, close_reason); 350 if (ampe) { 351 if (sta->sae == NULL) { 352 wpa_msg(wpa_s, MSG_INFO, "Mesh MPM: no SAE session"); 353 goto fail; 354 } 355 mesh_rsn_get_pmkid(wpa_s->mesh_rsn, sta, 356 wpabuf_put(buf, PMKID_LEN)); 357 } 358 359 if (type != PLINK_CLOSE && wpa_s->mesh_ht_enabled) { 360 u8 ht_capa_oper[2 + 26 + 2 + 22]; 361 362 pos = hostapd_eid_ht_capabilities(bss, ht_capa_oper); 363 pos = hostapd_eid_ht_operation(bss, pos); 364 wpabuf_put_data(buf, ht_capa_oper, pos - ht_capa_oper); 365 } 366#ifdef CONFIG_IEEE80211AC 367 if (type != PLINK_CLOSE && wpa_s->mesh_vht_enabled) { 368 u8 vht_capa_oper[2 + 12 + 2 + 5]; 369 370 pos = hostapd_eid_vht_capabilities(bss, vht_capa_oper, 0); 371 pos = hostapd_eid_vht_operation(bss, pos); 372 wpabuf_put_data(buf, vht_capa_oper, pos - vht_capa_oper); 373 } 374#endif /* CONFIG_IEEE80211AC */ 375#ifdef CONFIG_IEEE80211AX 376 if (type != PLINK_CLOSE && wpa_s->mesh_he_enabled) { 377 u8 he_capa_oper[3 + 378 HE_MAX_MAC_CAPAB_SIZE + 379 HE_MAX_PHY_CAPAB_SIZE + 380 HE_MAX_MCS_CAPAB_SIZE + 381 HE_MAX_PPET_CAPAB_SIZE + 382 3 + sizeof(struct ieee80211_he_operation) + 383 sizeof(struct ieee80211_he_6ghz_oper_info) + 384 3 + sizeof(struct ieee80211_he_6ghz_band_cap)]; 385 386 pos = hostapd_eid_he_capab(bss, he_capa_oper, 387 IEEE80211_MODE_MESH); 388 pos = hostapd_eid_he_operation(bss, pos); 389 pos = hostapd_eid_he_6ghz_band_cap(bss, pos); 390 wpabuf_put_data(buf, he_capa_oper, pos - he_capa_oper); 391 } 392#endif /* CONFIG_IEEE80211AX */ 393 394#ifdef CONFIG_OCV 395 if (type != PLINK_CLOSE && conf->ocv) { 396 struct wpa_channel_info ci; 397 398 if (wpa_drv_channel_info(wpa_s, &ci) != 0) { 399 wpa_printf(MSG_WARNING, 400 "Mesh MPM: Failed to get channel info for OCI element"); 401 goto fail; 402 } 403 404 pos = wpabuf_put(buf, OCV_OCI_EXTENDED_LEN); 405 if (ocv_insert_extended_oci(&ci, pos) < 0) 406 goto fail; 407 } 408#endif /* CONFIG_OCV */ 409 410 if (ampe && mesh_rsn_protect_frame(wpa_s->mesh_rsn, sta, cat, buf)) { 411 wpa_msg(wpa_s, MSG_INFO, 412 "Mesh MPM: failed to add AMPE and MIC IE"); 413 goto fail; 414 } 415 416 wpa_msg(wpa_s, MSG_DEBUG, "Mesh MPM: Sending peering frame type %d to " 417 MACSTR " (my_lid=0x%x peer_lid=0x%x)", 418 type, MAC2STR(sta->addr), sta->my_lid, sta->peer_lid); 419 ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, 420 sta->addr, wpa_s->own_addr, wpa_s->own_addr, 421 wpabuf_head(buf), wpabuf_len(buf), 0); 422 if (ret < 0) 423 wpa_msg(wpa_s, MSG_INFO, 424 "Mesh MPM: failed to send peering frame"); 425 426fail: 427 wpabuf_free(buf); 428} 429 430 431/* configure peering state in ours and driver's station entry */ 432void wpa_mesh_set_plink_state(struct wpa_supplicant *wpa_s, 433 struct sta_info *sta, 434 enum mesh_plink_state state) 435{ 436 struct hostapd_sta_add_params params; 437 int ret; 438 439 wpa_msg(wpa_s, MSG_DEBUG, "MPM set " MACSTR " from %s into %s", 440 MAC2STR(sta->addr), mplstate[sta->plink_state], 441 mplstate[state]); 442 sta->plink_state = state; 443 444 os_memset(¶ms, 0, sizeof(params)); 445 params.addr = sta->addr; 446 params.plink_state = state; 447 params.peer_aid = sta->peer_aid; 448 params.set = 1; 449 450 ret = wpa_drv_sta_add(wpa_s, ¶ms); 451 if (ret) { 452 wpa_msg(wpa_s, MSG_ERROR, "Driver failed to set " MACSTR 453 ": %d", MAC2STR(sta->addr), ret); 454 } 455} 456 457 458static void mesh_mpm_fsm_restart(struct wpa_supplicant *wpa_s, 459 struct sta_info *sta) 460{ 461 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 462 463 eloop_cancel_timeout(plink_timer, wpa_s, sta); 464 465 ap_free_sta(hapd, sta); 466} 467 468 469static void plink_timer(void *eloop_ctx, void *user_data) 470{ 471 struct wpa_supplicant *wpa_s = eloop_ctx; 472 struct sta_info *sta = user_data; 473 u16 reason = 0; 474 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 475 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 476 477 switch (sta->plink_state) { 478 case PLINK_OPN_RCVD: 479 case PLINK_OPN_SNT: 480 /* retry timer */ 481 if (sta->mpm_retries < conf->dot11MeshMaxRetries) { 482 eloop_register_timeout( 483 conf->dot11MeshRetryTimeout / 1000, 484 (conf->dot11MeshRetryTimeout % 1000) * 1000, 485 plink_timer, wpa_s, sta); 486 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0); 487 sta->mpm_retries++; 488 break; 489 } 490 reason = WLAN_REASON_MESH_MAX_RETRIES; 491 /* fall through */ 492 493 case PLINK_CNF_RCVD: 494 /* confirm timer */ 495 if (!reason) 496 reason = WLAN_REASON_MESH_CONFIRM_TIMEOUT; 497 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 498 eloop_register_timeout(conf->dot11MeshHoldingTimeout / 1000, 499 (conf->dot11MeshHoldingTimeout % 1000) * 1000, 500 plink_timer, wpa_s, sta); 501 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason); 502 break; 503 case PLINK_HOLDING: 504 /* holding timer */ 505 506 if (sta->mesh_sae_pmksa_caching) { 507 wpa_printf(MSG_DEBUG, "MPM: Peer " MACSTR 508 " looks like it does not support mesh SAE PMKSA caching, so remove the cached entry for it", 509 MAC2STR(sta->addr)); 510 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); 511 } 512 mesh_mpm_fsm_restart(wpa_s, sta); 513 break; 514 default: 515 break; 516 } 517} 518 519 520/* initiate peering with station */ 521static void 522mesh_mpm_plink_open(struct wpa_supplicant *wpa_s, struct sta_info *sta, 523 enum mesh_plink_state next_state) 524{ 525 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 526 527 eloop_cancel_timeout(plink_timer, wpa_s, sta); 528 eloop_register_timeout(conf->dot11MeshRetryTimeout / 1000, 529 (conf->dot11MeshRetryTimeout % 1000) * 1000, 530 plink_timer, wpa_s, sta); 531 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_OPEN, 0); 532 wpa_mesh_set_plink_state(wpa_s, sta, next_state); 533} 534 535 536static int mesh_mpm_plink_close(struct hostapd_data *hapd, struct sta_info *sta, 537 void *ctx) 538{ 539 struct wpa_supplicant *wpa_s = ctx; 540 int reason = WLAN_REASON_MESH_PEERING_CANCELLED; 541 542 if (sta) { 543 if (sta->plink_state == PLINK_ESTAB) 544 hapd->num_plinks--; 545 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 546 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CLOSE, reason); 547 wpa_printf(MSG_DEBUG, "MPM closing plink sta=" MACSTR, 548 MAC2STR(sta->addr)); 549 eloop_cancel_timeout(plink_timer, wpa_s, sta); 550 eloop_cancel_timeout(mesh_auth_timer, wpa_s, sta); 551 return 0; 552 } 553 554 return 1; 555} 556 557 558int mesh_mpm_close_peer(struct wpa_supplicant *wpa_s, const u8 *addr) 559{ 560 struct hostapd_data *hapd; 561 struct sta_info *sta; 562 563 if (!wpa_s->ifmsh) { 564 wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet"); 565 return -1; 566 } 567 568 hapd = wpa_s->ifmsh->bss[0]; 569 sta = ap_get_sta(hapd, addr); 570 if (!sta) { 571 wpa_msg(wpa_s, MSG_INFO, "No such mesh peer"); 572 return -1; 573 } 574 575 return mesh_mpm_plink_close(hapd, sta, wpa_s) == 0 ? 0 : -1; 576} 577 578 579static void peer_add_timer(void *eloop_ctx, void *user_data) 580{ 581 struct wpa_supplicant *wpa_s = eloop_ctx; 582 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 583 584 os_memset(hapd->mesh_required_peer, 0, ETH_ALEN); 585} 586 587 588int mesh_mpm_connect_peer(struct wpa_supplicant *wpa_s, const u8 *addr, 589 int duration) 590{ 591 struct wpa_ssid *ssid = wpa_s->current_ssid; 592 struct hostapd_data *hapd; 593 struct sta_info *sta; 594 struct mesh_conf *conf; 595 596 if (!wpa_s->ifmsh) { 597 wpa_msg(wpa_s, MSG_INFO, "Mesh is not prepared yet"); 598 return -1; 599 } 600 601 if (!ssid || !ssid->no_auto_peer) { 602 wpa_msg(wpa_s, MSG_INFO, 603 "This command is available only with no_auto_peer mesh network"); 604 return -1; 605 } 606 607 hapd = wpa_s->ifmsh->bss[0]; 608 conf = wpa_s->ifmsh->mconf; 609 610 sta = ap_get_sta(hapd, addr); 611 if (!sta) { 612 wpa_msg(wpa_s, MSG_INFO, "No such mesh peer"); 613 return -1; 614 } 615 616 if ((PLINK_OPN_SNT <= sta->plink_state && 617 sta->plink_state <= PLINK_ESTAB) || 618 (sta->sae && sta->sae->state > SAE_NOTHING)) { 619 wpa_msg(wpa_s, MSG_INFO, 620 "Specified peer is connecting/connected"); 621 return -1; 622 } 623 624 if (conf->security == MESH_CONF_SEC_NONE) { 625 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); 626 } else { 627 mesh_rsn_auth_sae_sta(wpa_s, sta); 628 os_memcpy(hapd->mesh_required_peer, addr, ETH_ALEN); 629 eloop_register_timeout(duration == -1 ? 10 : duration, 0, 630 peer_add_timer, wpa_s, NULL); 631 } 632 633 return 0; 634} 635 636 637void mesh_mpm_deinit(struct wpa_supplicant *wpa_s, struct hostapd_iface *ifmsh) 638{ 639 struct hostapd_data *hapd = ifmsh->bss[0]; 640 641 /* notify peers we're leaving */ 642 ap_for_each_sta(hapd, mesh_mpm_plink_close, wpa_s); 643 644 hapd->num_plinks = 0; 645 hostapd_free_stas(hapd); 646 eloop_cancel_timeout(peer_add_timer, wpa_s, NULL); 647} 648 649 650/* for mesh_rsn to indicate this peer has completed authentication, and we're 651 * ready to start AMPE */ 652void mesh_mpm_auth_peer(struct wpa_supplicant *wpa_s, const u8 *addr) 653{ 654 struct hostapd_data *data = wpa_s->ifmsh->bss[0]; 655 struct hostapd_sta_add_params params; 656 struct sta_info *sta; 657 int ret; 658 659 sta = ap_get_sta(data, addr); 660 if (!sta) { 661 wpa_msg(wpa_s, MSG_DEBUG, "no such mesh peer"); 662 return; 663 } 664 665 /* TODO: Should do nothing if this STA is already authenticated, but 666 * the AP code already sets this flag. */ 667 sta->flags |= WLAN_STA_AUTH; 668 669 mesh_rsn_init_ampe_sta(wpa_s, sta); 670 671 os_memset(¶ms, 0, sizeof(params)); 672 params.addr = sta->addr; 673 params.flags = WPA_STA_AUTHENTICATED | WPA_STA_AUTHORIZED; 674 params.set = 1; 675 676 wpa_msg(wpa_s, MSG_DEBUG, "MPM authenticating " MACSTR, 677 MAC2STR(sta->addr)); 678 ret = wpa_drv_sta_add(wpa_s, ¶ms); 679 if (ret) { 680 wpa_msg(wpa_s, MSG_ERROR, 681 "Driver failed to set " MACSTR ": %d", 682 MAC2STR(sta->addr), ret); 683 } 684 685 if (!sta->my_lid) 686 mesh_mpm_init_link(wpa_s, sta); 687 688 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); 689} 690 691/* 692 * Initialize a sta_info structure for a peer and upload it into the driver 693 * in preparation for beginning authentication or peering. This is done when a 694 * Beacon (secure or open mesh) or a peering open frame (for open mesh) is 695 * received from the peer for the first time. 696 */ 697static struct sta_info * mesh_mpm_add_peer(struct wpa_supplicant *wpa_s, 698 const u8 *addr, 699 struct ieee802_11_elems *elems) 700{ 701 struct hostapd_sta_add_params params; 702 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 703 struct hostapd_data *data = wpa_s->ifmsh->bss[0]; 704 struct sta_info *sta; 705 struct ieee80211_ht_operation *oper; 706 int ret; 707 708 if (elems->mesh_config_len >= 7 && 709 !(elems->mesh_config[6] & MESH_CAP_ACCEPT_ADDITIONAL_PEER)) { 710 wpa_msg(wpa_s, MSG_DEBUG, 711 "mesh: Ignore a crowded peer " MACSTR, 712 MAC2STR(addr)); 713 return NULL; 714 } 715 716 sta = ap_get_sta(data, addr); 717 if (sta) 718 return NULL; 719 720 sta = ap_sta_add(data, addr); 721 if (!sta) 722 return NULL; 723 724 /* Set WMM by default since Mesh STAs are QoS STAs */ 725 sta->flags |= WLAN_STA_WMM; 726 727 /* initialize sta */ 728 if (copy_supp_rates(wpa_s, sta, elems)) { 729 ap_free_sta(data, sta); 730 return NULL; 731 } 732 733 if (!sta->my_lid) 734 mesh_mpm_init_link(wpa_s, sta); 735 736 copy_sta_ht_capab(data, sta, elems->ht_capabilities); 737 738 oper = (struct ieee80211_ht_operation *) elems->ht_operation; 739 if (oper && 740 !(oper->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) && 741 sta->ht_capabilities) { 742 wpa_msg(wpa_s, MSG_DEBUG, MACSTR 743 " does not support 40 MHz bandwidth", 744 MAC2STR(sta->addr)); 745 set_disable_ht40(sta->ht_capabilities, 1); 746 } 747 748 update_ht_state(data, sta); 749 750#ifdef CONFIG_IEEE80211AC 751 copy_sta_vht_capab(data, sta, elems->vht_capabilities); 752 copy_sta_vht_oper(data, sta, elems->vht_operation); 753 set_sta_vht_opmode(data, sta, elems->vht_opmode_notif); 754#endif /* CONFIG_IEEE80211AC */ 755 756#ifdef CONFIG_IEEE80211AX 757 copy_sta_he_capab(data, sta, IEEE80211_MODE_MESH, 758 elems->he_capabilities, elems->he_capabilities_len); 759 copy_sta_he_6ghz_capab(data, sta, elems->he_6ghz_band_cap); 760#endif /* CONFIG_IEEE80211AX */ 761 762 if (hostapd_get_aid(data, sta) < 0) { 763 wpa_msg(wpa_s, MSG_ERROR, "No AIDs available"); 764 ap_free_sta(data, sta); 765 return NULL; 766 } 767 768 /* insert into driver */ 769 os_memset(¶ms, 0, sizeof(params)); 770 params.supp_rates = sta->supported_rates; 771 params.supp_rates_len = sta->supported_rates_len; 772 params.addr = addr; 773 params.plink_state = sta->plink_state; 774 params.aid = sta->aid; 775 params.peer_aid = sta->peer_aid; 776 params.listen_interval = 100; 777 params.ht_capabilities = sta->ht_capabilities; 778 params.vht_capabilities = sta->vht_capabilities; 779 params.he_capab = sta->he_capab; 780 params.he_capab_len = sta->he_capab_len; 781 params.he_6ghz_capab = sta->he_6ghz_capab; 782 params.flags |= WPA_STA_WMM; 783 params.flags_mask |= WPA_STA_AUTHENTICATED; 784 if (conf->security == MESH_CONF_SEC_NONE) { 785 params.flags |= WPA_STA_AUTHORIZED; 786 params.flags |= WPA_STA_AUTHENTICATED; 787 } else { 788 sta->flags |= WLAN_STA_MFP; 789 params.flags |= WPA_STA_MFP; 790 } 791 792 ret = wpa_drv_sta_add(wpa_s, ¶ms); 793 if (ret) { 794 wpa_msg(wpa_s, MSG_ERROR, 795 "Driver failed to insert " MACSTR ": %d", 796 MAC2STR(addr), ret); 797 ap_free_sta(data, sta); 798 return NULL; 799 } 800 801 return sta; 802} 803 804 805void wpa_mesh_new_mesh_peer(struct wpa_supplicant *wpa_s, const u8 *addr, 806 struct ieee802_11_elems *elems) 807{ 808 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 809 struct hostapd_data *data = wpa_s->ifmsh->bss[0]; 810 struct sta_info *sta; 811 struct wpa_ssid *ssid = wpa_s->current_ssid; 812 813 sta = mesh_mpm_add_peer(wpa_s, addr, elems); 814 if (!sta) 815 return; 816 817 if (ssid && ssid->no_auto_peer && 818 (is_zero_ether_addr(data->mesh_required_peer) || 819 os_memcmp(data->mesh_required_peer, addr, ETH_ALEN) != 0)) { 820 wpa_msg(wpa_s, MSG_INFO, "will not initiate new peer link with " 821 MACSTR " because of no_auto_peer", MAC2STR(addr)); 822 if (data->mesh_pending_auth) { 823 struct os_reltime age; 824 const struct ieee80211_mgmt *mgmt; 825 struct hostapd_frame_info fi; 826 827 mgmt = wpabuf_head(data->mesh_pending_auth); 828 os_reltime_age(&data->mesh_pending_auth_time, &age); 829 if (age.sec < 2 && 830 os_memcmp(mgmt->sa, addr, ETH_ALEN) == 0) { 831 wpa_printf(MSG_DEBUG, 832 "mesh: Process pending Authentication frame from %u.%06u seconds ago", 833 (unsigned int) age.sec, 834 (unsigned int) age.usec); 835 os_memset(&fi, 0, sizeof(fi)); 836 ieee802_11_mgmt( 837 data, 838 wpabuf_head(data->mesh_pending_auth), 839 wpabuf_len(data->mesh_pending_auth), 840 &fi); 841 } 842 wpabuf_free(data->mesh_pending_auth); 843 data->mesh_pending_auth = NULL; 844 } 845 return; 846 } 847 848 if (conf->security == MESH_CONF_SEC_NONE) { 849 if (sta->plink_state < PLINK_OPN_SNT || 850 sta->plink_state > PLINK_ESTAB) 851 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_SNT); 852 } else { 853 mesh_rsn_auth_sae_sta(wpa_s, sta); 854 } 855} 856 857 858void mesh_mpm_mgmt_rx(struct wpa_supplicant *wpa_s, struct rx_mgmt *rx_mgmt) 859{ 860 struct hostapd_frame_info fi; 861 862 os_memset(&fi, 0, sizeof(fi)); 863 fi.datarate = rx_mgmt->datarate; 864 fi.ssi_signal = rx_mgmt->ssi_signal; 865 ieee802_11_mgmt(wpa_s->ifmsh->bss[0], rx_mgmt->frame, 866 rx_mgmt->frame_len, &fi); 867} 868 869 870static void mesh_mpm_plink_estab(struct wpa_supplicant *wpa_s, 871 struct sta_info *sta) 872{ 873 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 874 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 875 u8 seq[6] = {}; 876 877 wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR " established", 878 MAC2STR(sta->addr)); 879 880 if (conf->security & MESH_CONF_SEC_AMPE) { 881 wpa_hexdump_key(MSG_DEBUG, "mesh: MTK", sta->mtk, sta->mtk_len); 882 wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->pairwise_cipher), 883 sta->addr, 0, 0, seq, sizeof(seq), 884 sta->mtk, sta->mtk_len, 885 KEY_FLAG_PAIRWISE_RX_TX); 886 887 wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK Key RSC", 888 sta->mgtk_rsc, sizeof(sta->mgtk_rsc)); 889 wpa_hexdump_key(MSG_DEBUG, "mesh: RX MGTK", 890 sta->mgtk, sta->mgtk_len); 891 wpa_drv_set_key(wpa_s, wpa_cipher_to_alg(conf->group_cipher), 892 sta->addr, sta->mgtk_key_id, 0, 893 sta->mgtk_rsc, sizeof(sta->mgtk_rsc), 894 sta->mgtk, sta->mgtk_len, 895 KEY_FLAG_GROUP_RX); 896 897 if (sta->igtk_len) { 898 wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK Key RSC", 899 sta->igtk_rsc, sizeof(sta->igtk_rsc)); 900 wpa_hexdump_key(MSG_DEBUG, "mesh: RX IGTK", 901 sta->igtk, sta->igtk_len); 902 wpa_drv_set_key( 903 wpa_s, 904 wpa_cipher_to_alg(conf->mgmt_group_cipher), 905 sta->addr, sta->igtk_key_id, 0, 906 sta->igtk_rsc, sizeof(sta->igtk_rsc), 907 sta->igtk, sta->igtk_len, 908 KEY_FLAG_GROUP_RX); 909 } 910 } 911 912 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_ESTAB); 913 hapd->num_plinks++; 914 915 sta->flags |= WLAN_STA_ASSOC; 916 sta->mesh_sae_pmksa_caching = 0; 917 918 eloop_cancel_timeout(peer_add_timer, wpa_s, NULL); 919 peer_add_timer(wpa_s, NULL); 920 eloop_cancel_timeout(plink_timer, wpa_s, sta); 921 922 /* Send ctrl event */ 923 wpa_msg(wpa_s, MSG_INFO, MESH_PEER_CONNECTED MACSTR, 924 MAC2STR(sta->addr)); 925 926 /* Send D-Bus event */ 927 wpas_notify_mesh_peer_connected(wpa_s, sta->addr); 928} 929 930 931static void mesh_mpm_fsm(struct wpa_supplicant *wpa_s, struct sta_info *sta, 932 enum plink_event event, u16 reason) 933{ 934 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 935 struct mesh_conf *conf = wpa_s->ifmsh->mconf; 936 937 wpa_msg(wpa_s, MSG_DEBUG, "MPM " MACSTR " state %s event %s", 938 MAC2STR(sta->addr), mplstate[sta->plink_state], 939 mplevent[event]); 940 941 switch (sta->plink_state) { 942 case PLINK_IDLE: 943 switch (event) { 944 case CLS_ACPT: 945 mesh_mpm_fsm_restart(wpa_s, sta); 946 break; 947 case OPN_ACPT: 948 mesh_mpm_plink_open(wpa_s, sta, PLINK_OPN_RCVD); 949 mesh_mpm_send_plink_action(wpa_s, sta, PLINK_CONFIRM, 950 0); 951 break; 952 case REQ_RJCT: 953 mesh_mpm_send_plink_action(wpa_s, sta, 954 PLINK_CLOSE, reason); 955 break; 956 default: 957 break; 958 } 959 break; 960 case PLINK_OPN_SNT: 961 switch (event) { 962 case OPN_RJCT: 963 case CNF_RJCT: 964 if (!reason) 965 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; 966 /* fall-through */ 967 case CLS_ACPT: 968 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 969 if (!reason) 970 reason = WLAN_REASON_MESH_CLOSE_RCVD; 971 eloop_register_timeout( 972 conf->dot11MeshHoldingTimeout / 1000, 973 (conf->dot11MeshHoldingTimeout % 1000) * 1000, 974 plink_timer, wpa_s, sta); 975 mesh_mpm_send_plink_action(wpa_s, sta, 976 PLINK_CLOSE, reason); 977 break; 978 case OPN_ACPT: 979 /* retry timer is left untouched */ 980 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_OPN_RCVD); 981 mesh_mpm_send_plink_action(wpa_s, sta, 982 PLINK_CONFIRM, 0); 983 break; 984 case CNF_ACPT: 985 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_CNF_RCVD); 986 eloop_cancel_timeout(plink_timer, wpa_s, sta); 987 eloop_register_timeout( 988 conf->dot11MeshConfirmTimeout / 1000, 989 (conf->dot11MeshConfirmTimeout % 1000) * 1000, 990 plink_timer, wpa_s, sta); 991 break; 992 default: 993 break; 994 } 995 break; 996 case PLINK_OPN_RCVD: 997 switch (event) { 998 case OPN_RJCT: 999 case CNF_RJCT: 1000 if (!reason) 1001 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; 1002 /* fall-through */ 1003 case CLS_ACPT: 1004 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 1005 if (!reason) 1006 reason = WLAN_REASON_MESH_CLOSE_RCVD; 1007 eloop_register_timeout( 1008 conf->dot11MeshHoldingTimeout / 1000, 1009 (conf->dot11MeshHoldingTimeout % 1000) * 1000, 1010 plink_timer, wpa_s, sta); 1011 sta->mpm_close_reason = reason; 1012 mesh_mpm_send_plink_action(wpa_s, sta, 1013 PLINK_CLOSE, reason); 1014 break; 1015 case OPN_ACPT: 1016 mesh_mpm_send_plink_action(wpa_s, sta, 1017 PLINK_CONFIRM, 0); 1018 break; 1019 case CNF_ACPT: 1020 if (conf->security & MESH_CONF_SEC_AMPE) 1021 mesh_rsn_derive_mtk(wpa_s, sta); 1022 mesh_mpm_plink_estab(wpa_s, sta); 1023 break; 1024 default: 1025 break; 1026 } 1027 break; 1028 case PLINK_CNF_RCVD: 1029 switch (event) { 1030 case OPN_RJCT: 1031 case CNF_RJCT: 1032 if (!reason) 1033 reason = WLAN_REASON_MESH_CONFIG_POLICY_VIOLATION; 1034 /* fall-through */ 1035 case CLS_ACPT: 1036 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 1037 if (!reason) 1038 reason = WLAN_REASON_MESH_CLOSE_RCVD; 1039 eloop_register_timeout( 1040 conf->dot11MeshHoldingTimeout / 1000, 1041 (conf->dot11MeshHoldingTimeout % 1000) * 1000, 1042 plink_timer, wpa_s, sta); 1043 sta->mpm_close_reason = reason; 1044 mesh_mpm_send_plink_action(wpa_s, sta, 1045 PLINK_CLOSE, reason); 1046 break; 1047 case OPN_ACPT: 1048 if (conf->security & MESH_CONF_SEC_AMPE) 1049 mesh_rsn_derive_mtk(wpa_s, sta); 1050 mesh_mpm_plink_estab(wpa_s, sta); 1051 mesh_mpm_send_plink_action(wpa_s, sta, 1052 PLINK_CONFIRM, 0); 1053 break; 1054 default: 1055 break; 1056 } 1057 break; 1058 case PLINK_ESTAB: 1059 switch (event) { 1060 case OPN_RJCT: 1061 case CNF_RJCT: 1062 case CLS_ACPT: 1063 wpa_mesh_set_plink_state(wpa_s, sta, PLINK_HOLDING); 1064 if (!reason) 1065 reason = WLAN_REASON_MESH_CLOSE_RCVD; 1066 1067 eloop_register_timeout( 1068 conf->dot11MeshHoldingTimeout / 1000, 1069 (conf->dot11MeshHoldingTimeout % 1000) * 1000, 1070 plink_timer, wpa_s, sta); 1071 sta->mpm_close_reason = reason; 1072 1073 wpa_msg(wpa_s, MSG_INFO, "mesh plink with " MACSTR 1074 " closed with reason %d", 1075 MAC2STR(sta->addr), reason); 1076 1077 wpa_msg(wpa_s, MSG_INFO, MESH_PEER_DISCONNECTED MACSTR, 1078 MAC2STR(sta->addr)); 1079 1080 /* Send D-Bus event */ 1081 wpas_notify_mesh_peer_disconnected(wpa_s, sta->addr, 1082 reason); 1083 1084 hapd->num_plinks--; 1085 1086 mesh_mpm_send_plink_action(wpa_s, sta, 1087 PLINK_CLOSE, reason); 1088 break; 1089 case OPN_ACPT: 1090 mesh_mpm_send_plink_action(wpa_s, sta, 1091 PLINK_CONFIRM, 0); 1092 break; 1093 default: 1094 break; 1095 } 1096 break; 1097 case PLINK_HOLDING: 1098 switch (event) { 1099 case CLS_ACPT: 1100 mesh_mpm_fsm_restart(wpa_s, sta); 1101 break; 1102 case OPN_ACPT: 1103 case CNF_ACPT: 1104 case OPN_RJCT: 1105 case CNF_RJCT: 1106 reason = sta->mpm_close_reason; 1107 mesh_mpm_send_plink_action(wpa_s, sta, 1108 PLINK_CLOSE, reason); 1109 break; 1110 default: 1111 break; 1112 } 1113 break; 1114 default: 1115 wpa_msg(wpa_s, MSG_DEBUG, 1116 "Unsupported MPM event %s for state %s", 1117 mplevent[event], mplstate[sta->plink_state]); 1118 break; 1119 } 1120} 1121 1122 1123void mesh_mpm_action_rx(struct wpa_supplicant *wpa_s, 1124 const struct ieee80211_mgmt *mgmt, size_t len) 1125{ 1126 u8 action_field; 1127 struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; 1128 struct mesh_conf *mconf = wpa_s->ifmsh->mconf; 1129 struct sta_info *sta; 1130 u16 plid = 0, llid = 0, aid = 0; 1131 enum plink_event event; 1132 struct ieee802_11_elems elems; 1133 struct mesh_peer_mgmt_ie peer_mgmt_ie; 1134 const u8 *ies; 1135 size_t ie_len; 1136 int ret; 1137 u16 reason = 0; 1138 1139 if (mgmt->u.action.category != WLAN_ACTION_SELF_PROTECTED) 1140 return; 1141 1142 action_field = mgmt->u.action.u.slf_prot_action.action; 1143 if (action_field != PLINK_OPEN && 1144 action_field != PLINK_CONFIRM && 1145 action_field != PLINK_CLOSE) 1146 return; 1147 1148 ies = mgmt->u.action.u.slf_prot_action.variable; 1149 ie_len = (const u8 *) mgmt + len - 1150 mgmt->u.action.u.slf_prot_action.variable; 1151 1152 /* at least expect mesh id and peering mgmt */ 1153 if (ie_len < 2 + 2) { 1154 wpa_printf(MSG_DEBUG, 1155 "MPM: Ignore too short action frame %u ie_len %u", 1156 action_field, (unsigned int) ie_len); 1157 return; 1158 } 1159 wpa_printf(MSG_DEBUG, "MPM: Received PLINK action %u", action_field); 1160 1161 if (action_field == PLINK_OPEN || action_field == PLINK_CONFIRM) { 1162 wpa_printf(MSG_DEBUG, "MPM: Capability 0x%x", 1163 WPA_GET_LE16(ies)); 1164 ies += 2; /* capability */ 1165 ie_len -= 2; 1166 } 1167 if (action_field == PLINK_CONFIRM) { 1168 aid = WPA_GET_LE16(ies); 1169 wpa_printf(MSG_DEBUG, "MPM: AID 0x%x", aid); 1170 ies += 2; /* aid */ 1171 ie_len -= 2; 1172 } 1173 1174 /* check for mesh peering, mesh id and mesh config IEs */ 1175 if (ieee802_11_parse_elems(ies, ie_len, &elems, 0) == ParseFailed) { 1176 wpa_printf(MSG_DEBUG, "MPM: Failed to parse PLINK IEs"); 1177 return; 1178 } 1179 if (!elems.peer_mgmt) { 1180 wpa_printf(MSG_DEBUG, 1181 "MPM: No Mesh Peering Management element"); 1182 return; 1183 } 1184 if (action_field != PLINK_CLOSE) { 1185 if (!elems.mesh_id || !elems.mesh_config) { 1186 wpa_printf(MSG_DEBUG, 1187 "MPM: No Mesh ID or Mesh Configuration element"); 1188 return; 1189 } 1190 1191 if (!matches_local(wpa_s, &elems)) { 1192 wpa_printf(MSG_DEBUG, 1193 "MPM: Mesh ID or Mesh Configuration element do not match local MBSS"); 1194 return; 1195 } 1196 } 1197 1198 ret = mesh_mpm_parse_peer_mgmt(wpa_s, action_field, 1199 elems.peer_mgmt, 1200 elems.peer_mgmt_len, 1201 &peer_mgmt_ie); 1202 if (ret) { 1203 wpa_printf(MSG_DEBUG, "MPM: Mesh parsing rejected frame"); 1204 return; 1205 } 1206 1207 /* the sender's llid is our plid and vice-versa */ 1208 plid = WPA_GET_LE16(peer_mgmt_ie.llid); 1209 if (peer_mgmt_ie.plid) 1210 llid = WPA_GET_LE16(peer_mgmt_ie.plid); 1211 wpa_printf(MSG_DEBUG, "MPM: plid=0x%x llid=0x%x", plid, llid); 1212 1213 if (action_field == PLINK_CLOSE) 1214 wpa_printf(MSG_DEBUG, "MPM: close reason=%u", 1215 WPA_GET_LE16(peer_mgmt_ie.reason)); 1216 1217 sta = ap_get_sta(hapd, mgmt->sa); 1218 1219 /* 1220 * If this is an open frame from an unknown STA, and this is an 1221 * open mesh, then go ahead and add the peer before proceeding. 1222 */ 1223 if (!sta && action_field == PLINK_OPEN && 1224 (!(mconf->security & MESH_CONF_SEC_AMPE) || 1225 wpa_auth_pmksa_get(hapd->wpa_auth, mgmt->sa, NULL))) 1226 sta = mesh_mpm_add_peer(wpa_s, mgmt->sa, &elems); 1227 1228 if (!sta) { 1229 wpa_printf(MSG_DEBUG, "MPM: No STA entry for peer"); 1230 return; 1231 } 1232 1233#ifdef CONFIG_SAE 1234 /* peer is in sae_accepted? */ 1235 if (sta->sae && sta->sae->state != SAE_ACCEPTED) { 1236 wpa_printf(MSG_DEBUG, "MPM: SAE not yet accepted for peer"); 1237 return; 1238 } 1239#endif /* CONFIG_SAE */ 1240 1241 if (!sta->my_lid) 1242 mesh_mpm_init_link(wpa_s, sta); 1243 1244 if (mconf->security & MESH_CONF_SEC_AMPE) { 1245 int res; 1246 1247 res = mesh_rsn_process_ampe(wpa_s, sta, &elems, 1248 &mgmt->u.action.category, 1249 peer_mgmt_ie.chosen_pmk, 1250 ies, ie_len); 1251 if (res) { 1252 wpa_printf(MSG_DEBUG, 1253 "MPM: RSN process rejected frame (res=%d)", 1254 res); 1255 if (action_field == PLINK_OPEN && res == -2) { 1256 /* AES-SIV decryption failed */ 1257 mesh_mpm_fsm(wpa_s, sta, OPN_RJCT, 1258 WLAN_REASON_MESH_INVALID_GTK); 1259 } 1260 return; 1261 } 1262 1263#ifdef CONFIG_OCV 1264 if (action_field == PLINK_OPEN && elems.rsn_ie) { 1265 struct wpa_state_machine *sm = sta->wpa_sm; 1266 struct wpa_ie_data data; 1267 1268 res = wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, 1269 elems.rsn_ie_len + 2, 1270 &data); 1271 if (res) { 1272 wpa_printf(MSG_DEBUG, 1273 "Failed to parse RSN IE (res=%d)", 1274 res); 1275 wpa_hexdump(MSG_DEBUG, "RSN IE", elems.rsn_ie, 1276 elems.rsn_ie_len); 1277 return; 1278 } 1279 1280 wpa_auth_set_ocv(sm, mconf->ocv && 1281 (data.capabilities & 1282 WPA_CAPABILITY_OCVC)); 1283 } 1284 1285 if (action_field != PLINK_CLOSE && 1286 wpa_auth_uses_ocv(sta->wpa_sm)) { 1287 struct wpa_channel_info ci; 1288 int tx_chanwidth; 1289 int tx_seg1_idx; 1290 1291 if (wpa_drv_channel_info(wpa_s, &ci) != 0) { 1292 wpa_printf(MSG_WARNING, 1293 "MPM: Failed to get channel info to validate received OCI in MPM Confirm"); 1294 return; 1295 } 1296 1297 if (get_tx_parameters( 1298 sta, channel_width_to_int(ci.chanwidth), 1299 ci.seg1_idx, &tx_chanwidth, 1300 &tx_seg1_idx) < 0) 1301 return; 1302 1303 if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci, 1304 tx_chanwidth, tx_seg1_idx) != 1305 OCI_SUCCESS) { 1306 wpa_printf(MSG_WARNING, "MPM: OCV failed: %s", 1307 ocv_errorstr); 1308 return; 1309 } 1310 } 1311#endif /* CONFIG_OCV */ 1312 } 1313 1314 if (sta->plink_state == PLINK_BLOCKED) { 1315 wpa_printf(MSG_DEBUG, "MPM: PLINK_BLOCKED"); 1316 return; 1317 } 1318 1319 /* Now we will figure out the appropriate event... */ 1320 switch (action_field) { 1321 case PLINK_OPEN: 1322 if (plink_free_count(hapd) == 0) { 1323 event = REQ_RJCT; 1324 reason = WLAN_REASON_MESH_MAX_PEERS; 1325 wpa_printf(MSG_INFO, 1326 "MPM: Peer link num over quota(%d)", 1327 hapd->max_plinks); 1328 } else if (sta->peer_lid && sta->peer_lid != plid) { 1329 wpa_printf(MSG_DEBUG, 1330 "MPM: peer_lid mismatch: 0x%x != 0x%x", 1331 sta->peer_lid, plid); 1332 return; /* no FSM event */ 1333 } else { 1334 sta->peer_lid = plid; 1335 event = OPN_ACPT; 1336 } 1337 break; 1338 case PLINK_CONFIRM: 1339 if (plink_free_count(hapd) == 0) { 1340 event = REQ_RJCT; 1341 reason = WLAN_REASON_MESH_MAX_PEERS; 1342 wpa_printf(MSG_INFO, 1343 "MPM: Peer link num over quota(%d)", 1344 hapd->max_plinks); 1345 } else if (sta->my_lid != llid || 1346 (sta->peer_lid && sta->peer_lid != plid)) { 1347 wpa_printf(MSG_DEBUG, 1348 "MPM: lid mismatch: my_lid: 0x%x != 0x%x or peer_lid: 0x%x != 0x%x", 1349 sta->my_lid, llid, sta->peer_lid, plid); 1350 return; /* no FSM event */ 1351 } else { 1352 if (!sta->peer_lid) 1353 sta->peer_lid = plid; 1354 sta->peer_aid = aid; 1355 event = CNF_ACPT; 1356 } 1357 break; 1358 case PLINK_CLOSE: 1359 if (sta->plink_state == PLINK_ESTAB) 1360 /* Do not check for llid or plid. This does not 1361 * follow the standard but since multiple plinks 1362 * per cand are not supported, it is necessary in 1363 * order to avoid a livelock when MP A sees an 1364 * establish peer link to MP B but MP B does not 1365 * see it. This can be caused by a timeout in 1366 * B's peer link establishment or B being 1367 * restarted. 1368 */ 1369 event = CLS_ACPT; 1370 else if (sta->peer_lid != plid) { 1371 wpa_printf(MSG_DEBUG, 1372 "MPM: peer_lid mismatch: 0x%x != 0x%x", 1373 sta->peer_lid, plid); 1374 return; /* no FSM event */ 1375 } else if (peer_mgmt_ie.plid && sta->my_lid != llid) { 1376 wpa_printf(MSG_DEBUG, 1377 "MPM: my_lid mismatch: 0x%x != 0x%x", 1378 sta->my_lid, llid); 1379 return; /* no FSM event */ 1380 } else { 1381 event = CLS_ACPT; 1382 } 1383 break; 1384 default: 1385 /* 1386 * This cannot be hit due to the action_field check above, but 1387 * compilers may not be able to figure that out and can warn 1388 * about uninitialized event below. 1389 */ 1390 return; 1391 } 1392 mesh_mpm_fsm(wpa_s, sta, event, reason); 1393} 1394 1395 1396/* called by ap_free_sta */ 1397void mesh_mpm_free_sta(struct hostapd_data *hapd, struct sta_info *sta) 1398{ 1399 if (sta->plink_state == PLINK_ESTAB) 1400 hapd->num_plinks--; 1401 eloop_cancel_timeout(plink_timer, ELOOP_ALL_CTX, sta); 1402 eloop_cancel_timeout(mesh_auth_timer, ELOOP_ALL_CTX, sta); 1403} 1404