d33cb35e71594f63bbc2fc683fc4d5250d70ef7d
1 /*
2 * WPA Supplicant - Driver event processing
3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
9 #include "includes.h"
11 #include "common.h"
12 #include "eapol_supp/eapol_supp_sm.h"
13 #include "rsn_supp/wpa.h"
14 #include "eloop.h"
15 #include "config.h"
16 #include "l2_packet/l2_packet.h"
17 #include "wpa_supplicant_i.h"
18 #include "driver_i.h"
19 #include "pcsc_funcs.h"
20 #include "rsn_supp/preauth.h"
21 #include "rsn_supp/pmksa_cache.h"
22 #include "common/wpa_ctrl.h"
23 #include "eap_peer/eap.h"
24 #include "ap/hostapd.h"
25 #include "p2p/p2p.h"
26 #include "notify.h"
27 #include "common/ieee802_11_defs.h"
28 #include "common/ieee802_11_common.h"
29 #include "crypto/random.h"
30 #include "blacklist.h"
31 #include "wpas_glue.h"
32 #include "wps_supplicant.h"
33 #include "ibss_rsn.h"
34 #include "sme.h"
35 #include "gas_query.h"
36 #include "p2p_supplicant.h"
37 #include "bgscan.h"
38 #include "ap.h"
39 #include "bss.h"
40 #include "scan.h"
41 #include "offchannel.h"
44 static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s)
45 {
46 struct wpa_ssid *ssid, *old_ssid;
48 if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid)
49 return 0;
51 wpa_dbg(wpa_s, MSG_DEBUG, "Select network based on association "
52 "information");
53 ssid = wpa_supplicant_get_ssid(wpa_s);
54 if (ssid == NULL) {
55 wpa_msg(wpa_s, MSG_INFO,
56 "No network configuration found for the current AP");
57 return -1;
58 }
60 if (ssid->disabled) {
61 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is disabled");
62 return -1;
63 }
65 wpa_dbg(wpa_s, MSG_DEBUG, "Network configuration found for the "
66 "current AP");
67 if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
68 u8 wpa_ie[80];
69 size_t wpa_ie_len = sizeof(wpa_ie);
70 wpa_supplicant_set_suites(wpa_s, NULL, ssid,
71 wpa_ie, &wpa_ie_len);
72 } else {
73 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
74 }
76 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid)
77 eapol_sm_invalidate_cached_session(wpa_s->eapol);
78 old_ssid = wpa_s->current_ssid;
79 wpa_s->current_ssid = ssid;
80 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
81 wpa_supplicant_initiate_eapol(wpa_s);
82 if (old_ssid != wpa_s->current_ssid)
83 wpas_notify_network_changed(wpa_s);
85 return 0;
86 }
89 void wpa_supplicant_stop_countermeasures(void *eloop_ctx, void *sock_ctx)
90 {
91 struct wpa_supplicant *wpa_s = eloop_ctx;
93 if (wpa_s->countermeasures) {
94 wpa_s->countermeasures = 0;
95 wpa_drv_set_countermeasures(wpa_s, 0);
96 wpa_msg(wpa_s, MSG_INFO, "WPA: TKIP countermeasures stopped");
97 wpa_supplicant_req_scan(wpa_s, 0, 0);
98 }
99 }
101 void wpa_supplicant_mark_roaming(struct wpa_supplicant *wpa_s)
102 {
103 wpa_s->roaming_in_progress = 1;
104 os_memcpy(wpa_s->prev_bssid, wpa_s->bssid, ETH_ALEN);
105 wpa_s->prev_ssid = wpa_s->current_ssid;
106 wpa_dbg(wpa_s, MSG_DEBUG, "Saving prev AP info for roaming recovery - "
107 "SSID ID: %d BSSID: " MACSTR,
108 wpa_s->prev_ssid->id, MAC2STR(wpa_s->prev_bssid));
109 }
111 void wpa_supplicant_clear_roaming(struct wpa_supplicant *wpa_s,
112 int ignore_deauth_event)
113 {
114 wpa_s->roaming_in_progress = 0;
115 wpa_s->ignore_deauth_event = ignore_deauth_event;
116 wpa_s->prev_ssid = NULL;
117 os_memset(wpa_s->prev_bssid, 0, ETH_ALEN);
118 }
120 void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
121 {
122 int bssid_changed;
124 #ifdef CONFIG_IBSS_RSN
125 ibss_rsn_deinit(wpa_s->ibss_rsn);
126 wpa_s->ibss_rsn = NULL;
127 #endif /* CONFIG_IBSS_RSN */
129 #ifdef CONFIG_AP
130 wpa_supplicant_ap_deinit(wpa_s);
131 #endif /* CONFIG_AP */
133 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
134 return;
136 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
137 wpa_s->conf->ap_scan = DEFAULT_AP_SCAN;
138 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
139 os_memset(wpa_s->bssid, 0, ETH_ALEN);
140 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
141 #ifdef CONFIG_P2P
142 os_memset(wpa_s->go_dev_addr, 0, ETH_ALEN);
143 #endif /* CONFIG_P2P */
144 wpa_s->current_bss = NULL;
145 wpa_s->assoc_freq = 0;
146 #ifdef CONFIG_IEEE80211R
147 #ifdef CONFIG_SME
148 if (wpa_s->sme.ft_ies)
149 sme_update_ft_ies(wpa_s, NULL, NULL, 0);
150 #endif /* CONFIG_SME */
151 #endif /* CONFIG_IEEE80211R */
153 if (bssid_changed)
154 wpas_notify_bssid_changed(wpa_s);
156 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
157 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
158 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt))
159 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
160 wpa_s->ap_ies_from_associnfo = 0;
161 }
164 static void wpa_find_assoc_pmkid(struct wpa_supplicant *wpa_s)
165 {
166 struct wpa_ie_data ie;
167 int pmksa_set = -1;
168 size_t i;
170 if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 ||
171 ie.pmkid == NULL)
172 return;
174 for (i = 0; i < ie.num_pmkid; i++) {
175 pmksa_set = pmksa_cache_set_current(wpa_s->wpa,
176 ie.pmkid + i * PMKID_LEN,
177 NULL, NULL, 0);
178 if (pmksa_set == 0) {
179 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
180 break;
181 }
182 }
184 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID from assoc IE %sfound from "
185 "PMKSA cache", pmksa_set == 0 ? "" : "not ");
186 }
189 static void wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant *wpa_s,
190 union wpa_event_data *data)
191 {
192 if (data == NULL) {
193 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: No data in PMKID candidate "
194 "event");
195 return;
196 }
197 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: PMKID candidate event - bssid=" MACSTR
198 " index=%d preauth=%d",
199 MAC2STR(data->pmkid_candidate.bssid),
200 data->pmkid_candidate.index,
201 data->pmkid_candidate.preauth);
203 pmksa_candidate_add(wpa_s->wpa, data->pmkid_candidate.bssid,
204 data->pmkid_candidate.index,
205 data->pmkid_candidate.preauth);
206 }
209 static int wpa_supplicant_dynamic_keys(struct wpa_supplicant *wpa_s)
210 {
211 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
212 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
213 return 0;
215 #ifdef IEEE8021X_EAPOL
216 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
217 wpa_s->current_ssid &&
218 !(wpa_s->current_ssid->eapol_flags &
219 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
220 EAPOL_FLAG_REQUIRE_KEY_BROADCAST))) {
221 /* IEEE 802.1X, but not using dynamic WEP keys (i.e., either
222 * plaintext or static WEP keys). */
223 return 0;
224 }
225 #endif /* IEEE8021X_EAPOL */
227 return 1;
228 }
231 /**
232 * wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC
233 * @wpa_s: pointer to wpa_supplicant data
234 * @ssid: Configuration data for the network
235 * Returns: 0 on success, -1 on failure
236 *
237 * This function is called when starting authentication with a network that is
238 * configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA).
239 */
240 int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
241 struct wpa_ssid *ssid)
242 {
243 #ifdef IEEE8021X_EAPOL
244 #ifdef PCSC_FUNCS
245 int aka = 0, sim = 0, type;
247 if (ssid->eap.pcsc == NULL || wpa_s->scard != NULL)
248 return 0;
250 if (ssid->eap.eap_methods == NULL) {
251 sim = 1;
252 aka = 1;
253 } else {
254 struct eap_method_type *eap = ssid->eap.eap_methods;
255 while (eap->vendor != EAP_VENDOR_IETF ||
256 eap->method != EAP_TYPE_NONE) {
257 if (eap->vendor == EAP_VENDOR_IETF) {
258 if (eap->method == EAP_TYPE_SIM)
259 sim = 1;
260 else if (eap->method == EAP_TYPE_AKA)
261 aka = 1;
262 }
263 eap++;
264 }
265 }
267 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL)
268 sim = 0;
269 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL)
270 aka = 0;
272 if (!sim && !aka) {
273 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to "
274 "use SIM, but neither EAP-SIM nor EAP-AKA are "
275 "enabled");
276 return 0;
277 }
279 wpa_dbg(wpa_s, MSG_DEBUG, "Selected network is configured to use SIM "
280 "(sim=%d aka=%d) - initialize PCSC", sim, aka);
281 if (sim && aka)
282 type = SCARD_TRY_BOTH;
283 else if (aka)
284 type = SCARD_USIM_ONLY;
285 else
286 type = SCARD_GSM_SIM_ONLY;
288 wpa_s->scard = scard_init(type, NULL);
289 if (wpa_s->scard == NULL) {
290 wpa_msg(wpa_s, MSG_WARNING, "Failed to initialize SIM "
291 "(pcsc-lite)");
292 return -1;
293 }
294 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
295 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
296 #endif /* PCSC_FUNCS */
297 #endif /* IEEE8021X_EAPOL */
299 return 0;
300 }
303 #ifndef CONFIG_NO_SCAN_PROCESSING
304 static int wpa_supplicant_match_privacy(struct wpa_scan_res *bss,
305 struct wpa_ssid *ssid)
306 {
307 int i, privacy = 0;
309 if (ssid->mixed_cell)
310 return 1;
312 #ifdef CONFIG_WPS
313 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
314 return 1;
315 #endif /* CONFIG_WPS */
317 for (i = 0; i < NUM_WEP_KEYS; i++) {
318 if (ssid->wep_key_len[i]) {
319 privacy = 1;
320 break;
321 }
322 }
323 #ifdef IEEE8021X_EAPOL
324 if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
325 ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
326 EAPOL_FLAG_REQUIRE_KEY_BROADCAST))
327 privacy = 1;
328 #endif /* IEEE8021X_EAPOL */
330 if (wpa_key_mgmt_wpa(ssid->key_mgmt))
331 privacy = 1;
333 if (bss->caps & IEEE80211_CAP_PRIVACY)
334 return privacy;
335 return !privacy;
336 }
339 static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
340 struct wpa_ssid *ssid,
341 struct wpa_scan_res *bss)
342 {
343 struct wpa_ie_data ie;
344 int proto_match = 0;
345 const u8 *rsn_ie, *wpa_ie;
346 int ret;
347 int wep_ok;
349 ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss);
350 if (ret >= 0)
351 return ret;
353 /* Allow TSN if local configuration accepts WEP use without WPA/WPA2 */
354 wep_ok = !wpa_key_mgmt_wpa(ssid->key_mgmt) &&
355 (((ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
356 ssid->wep_key_len[ssid->wep_tx_keyidx] > 0) ||
357 (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA));
359 rsn_ie = wpa_scan_get_ie(bss, WLAN_EID_RSN);
360 while ((ssid->proto & WPA_PROTO_RSN) && rsn_ie) {
361 proto_match++;
363 if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) {
364 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - parse "
365 "failed");
366 break;
367 }
369 if (wep_ok &&
370 (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)))
371 {
372 wpa_dbg(wpa_s, MSG_DEBUG, " selected based on TSN "
373 "in RSN IE");
374 return 1;
375 }
377 if (!(ie.proto & ssid->proto)) {
378 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - proto "
379 "mismatch");
380 break;
381 }
383 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
384 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - PTK "
385 "cipher mismatch");
386 break;
387 }
389 if (!(ie.group_cipher & ssid->group_cipher)) {
390 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - GTK "
391 "cipher mismatch");
392 break;
393 }
395 if (!(ie.key_mgmt & ssid->key_mgmt)) {
396 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - key mgmt "
397 "mismatch");
398 break;
399 }
401 #ifdef CONFIG_IEEE80211W
402 if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
403 ssid->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
404 wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - no mgmt "
405 "frame protection");
406 break;
407 }
408 #endif /* CONFIG_IEEE80211W */
410 wpa_dbg(wpa_s, MSG_DEBUG, " selected based on RSN IE");
411 return 1;
412 }
414 wpa_ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
415 while ((ssid->proto & WPA_PROTO_WPA) && wpa_ie) {
416 proto_match++;
418 if (wpa_parse_wpa_ie(wpa_ie, 2 + wpa_ie[1], &ie)) {
419 wpa_dbg(wpa_s, MSG_DEBUG, " skip WPA IE - parse "
420 "failed");
421 break;
422 }
424 if (wep_ok &&
425 (ie.group_cipher & (WPA_CIPHER_WEP40 | WPA_CIPHER_WEP104)))
426 {
427 wpa_dbg(wpa_s, MSG_DEBUG, " selected based on TSN "
428 "in WPA IE");
429 return 1;
430 }
432 if (!(ie.proto & ssid->proto)) {
433 wpa_dbg(wpa_s, MSG_DEBUG, " skip WPA IE - proto "
434 "mismatch");
435 break;
436 }
438 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
439 wpa_dbg(wpa_s, MSG_DEBUG, " skip WPA IE - PTK "
440 "cipher mismatch");
441 break;
442 }
444 if (!(ie.group_cipher & ssid->group_cipher)) {
445 wpa_dbg(wpa_s, MSG_DEBUG, " skip WPA IE - GTK "
446 "cipher mismatch");
447 break;
448 }
450 if (!(ie.key_mgmt & ssid->key_mgmt)) {
451 wpa_dbg(wpa_s, MSG_DEBUG, " skip WPA IE - key mgmt "
452 "mismatch");
453 break;
454 }
456 wpa_dbg(wpa_s, MSG_DEBUG, " selected based on WPA IE");
457 return 1;
458 }
460 if ((ssid->proto & (WPA_PROTO_WPA | WPA_PROTO_RSN)) &&
461 wpa_key_mgmt_wpa(ssid->key_mgmt) && proto_match == 0) {
462 wpa_dbg(wpa_s, MSG_DEBUG, " skip - no WPA/RSN proto match");
463 return 0;
464 }
466 if (!wpa_key_mgmt_wpa(ssid->key_mgmt)) {
467 wpa_dbg(wpa_s, MSG_DEBUG, " allow in non-WPA/WPA2");
468 return 1;
469 }
471 wpa_dbg(wpa_s, MSG_DEBUG, " reject due to mismatch with "
472 "WPA/WPA2");
474 return 0;
475 }
478 static int freq_allowed(int *freqs, int freq)
479 {
480 int i;
482 if (freqs == NULL)
483 return 1;
485 for (i = 0; freqs[i]; i++)
486 if (freqs[i] == freq)
487 return 1;
488 return 0;
489 }
492 static int ht_supported(const struct hostapd_hw_modes *mode)
493 {
494 if (!(mode->flags & HOSTAPD_MODE_FLAG_HT_INFO_KNOWN)) {
495 /*
496 * The driver did not indicate whether it supports HT. Assume
497 * it does to avoid connection issues.
498 */
499 return 1;
500 }
502 /*
503 * IEEE Std 802.11n-2009 20.1.1:
504 * An HT non-AP STA shall support all EQM rates for one spatial stream.
505 */
506 return mode->mcs_set[0] == 0xff;
507 }
510 static int rate_match(struct wpa_supplicant *wpa_s, struct wpa_scan_res *bss)
511 {
512 const struct hostapd_hw_modes *mode = NULL, *modes;
513 const u8 scan_ie[2] = { WLAN_EID_SUPP_RATES, WLAN_EID_EXT_SUPP_RATES };
514 const u8 *rate_ie;
515 int i, j, k;
517 if (bss->freq == 0)
518 return 1; /* Cannot do matching without knowing band */
520 modes = wpa_s->hw.modes;
521 if (modes == NULL) {
522 /*
523 * The driver does not provide any additional information
524 * about the utilized hardware, so allow the connection attempt
525 * to continue.
526 */
527 return 1;
528 }
530 for (i = 0; i < wpa_s->hw.num_modes; i++) {
531 for (j = 0; j < modes[i].num_channels; j++) {
532 int freq = modes[i].channels[j].freq;
533 if (freq == bss->freq) {
534 if (mode &&
535 mode->mode == HOSTAPD_MODE_IEEE80211G)
536 break; /* do not allow 802.11b replace
537 * 802.11g */
538 mode = &modes[i];
539 break;
540 }
541 }
542 }
544 if (mode == NULL)
545 return 0;
547 for (i = 0; i < (int) sizeof(scan_ie); i++) {
548 rate_ie = wpa_scan_get_ie(bss, scan_ie[i]);
549 if (rate_ie == NULL)
550 continue;
552 for (j = 2; j < rate_ie[1] + 2; j++) {
553 int flagged = !!(rate_ie[j] & 0x80);
554 int r = (rate_ie[j] & 0x7f) * 5;
556 /*
557 * IEEE Std 802.11n-2009 7.3.2.2:
558 * The new BSS Membership selector value is encoded
559 * like a legacy basic rate, but it is not a rate and
560 * only indicates if the BSS members are required to
561 * support the mandatory features of Clause 20 [HT PHY]
562 * in order to join the BSS.
563 */
564 if (flagged && ((rate_ie[j] & 0x7f) ==
565 BSS_MEMBERSHIP_SELECTOR_HT_PHY)) {
566 if (!ht_supported(mode)) {
567 wpa_dbg(wpa_s, MSG_DEBUG,
568 " hardware does not support "
569 "HT PHY");
570 return 0;
571 }
572 continue;
573 }
575 if (!flagged)
576 continue;
578 /* check for legacy basic rates */
579 for (k = 0; k < mode->num_rates; k++) {
580 if (mode->rates[k] == r)
581 break;
582 }
583 if (k == mode->num_rates) {
584 /*
585 * IEEE Std 802.11-2007 7.3.2.2 demands that in
586 * order to join a BSS all required rates
587 * have to be supported by the hardware.
588 */
589 wpa_dbg(wpa_s, MSG_DEBUG, " hardware does "
590 "not support required rate %d.%d Mbps",
591 r / 10, r % 10);
592 return 0;
593 }
594 }
595 }
597 return 1;
598 }
601 static struct wpa_ssid * wpa_scan_res_match(struct wpa_supplicant *wpa_s,
602 int i, struct wpa_scan_res *bss,
603 struct wpa_ssid *group)
604 {
605 const u8 *ssid_;
606 u8 wpa_ie_len, rsn_ie_len, ssid_len;
607 int wpa;
608 struct wpa_blacklist *e;
609 const u8 *ie;
610 struct wpa_ssid *ssid;
612 ie = wpa_scan_get_ie(bss, WLAN_EID_SSID);
613 ssid_ = ie ? ie + 2 : (u8 *) "";
614 ssid_len = ie ? ie[1] : 0;
616 ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
617 wpa_ie_len = ie ? ie[1] : 0;
619 ie = wpa_scan_get_ie(bss, WLAN_EID_RSN);
620 rsn_ie_len = ie ? ie[1] : 0;
622 wpa_dbg(wpa_s, MSG_DEBUG, "%d: " MACSTR " ssid='%s' "
623 "wpa_ie_len=%u rsn_ie_len=%u caps=0x%x level=%d%s",
624 i, MAC2STR(bss->bssid), wpa_ssid_txt(ssid_, ssid_len),
625 wpa_ie_len, rsn_ie_len, bss->caps, bss->level,
626 wpa_scan_get_vendor_ie(bss, WPS_IE_VENDOR_TYPE) ? " wps" : "");
628 e = wpa_blacklist_get(wpa_s, bss->bssid);
629 if (e) {
630 int limit = 1;
631 if (wpa_supplicant_enabled_networks(wpa_s->conf) == 1) {
632 /*
633 * When only a single network is enabled, we can
634 * trigger blacklisting on the first failure. This
635 * should not be done with multiple enabled networks to
636 * avoid getting forced to move into a worse ESS on
637 * single error if there are no other BSSes of the
638 * current ESS.
639 */
640 limit = 0;
641 }
642 if (e->count > limit) {
643 wpa_dbg(wpa_s, MSG_DEBUG, " skip - blacklisted "
644 "(count=%d limit=%d)", e->count, limit);
645 return NULL;
646 }
647 }
649 if (wpa_s->roaming &&
650 os_memcmp(wpa_s->bssid, bss->bssid, ETH_ALEN) == 0) {
651 wpa_dbg(wpa_s, MSG_DEBUG, " skip - current bssid (roaming)");
652 return NULL;
653 }
655 if (ssid_len == 0) {
656 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID not known");
657 return NULL;
658 }
660 if (wpa_s->wpa_state >= WPA_AUTHENTICATING &&
661 wpa_s->current_ssid &&
662 os_memcmp(wpa_s->current_ssid->ssid, ssid_, ssid_len) != 0) {
663 wpa_dbg(wpa_s, MSG_DEBUG, " skip - block roaming to "
664 "a different SSID while connected");
665 return NULL;
666 }
668 wpa = wpa_ie_len > 0 || rsn_ie_len > 0;
670 for (ssid = group; ssid; ssid = ssid->pnext) {
671 int check_ssid = wpa ? 1 : (ssid->ssid_len != 0);
673 if (ssid->disabled) {
674 wpa_dbg(wpa_s, MSG_DEBUG, " skip - disabled");
675 continue;
676 }
678 #ifdef CONFIG_WPS
679 if ((ssid->key_mgmt & WPA_KEY_MGMT_WPS) && e && e->count > 0) {
680 wpa_dbg(wpa_s, MSG_DEBUG, " skip - blacklisted "
681 "(WPS)");
682 continue;
683 }
685 if (wpa && ssid->ssid_len == 0 &&
686 wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss))
687 check_ssid = 0;
689 if (!wpa && (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
690 /* Only allow wildcard SSID match if an AP
691 * advertises active WPS operation that matches
692 * with our mode. */
693 check_ssid = 1;
694 if (ssid->ssid_len == 0 &&
695 wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss))
696 check_ssid = 0;
697 }
698 #endif /* CONFIG_WPS */
700 if (ssid->bssid_set && ssid->ssid_len == 0 &&
701 os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) == 0)
702 check_ssid = 0;
704 if (check_ssid &&
705 (ssid_len != ssid->ssid_len ||
706 os_memcmp(ssid_, ssid->ssid, ssid_len) != 0)) {
707 wpa_dbg(wpa_s, MSG_DEBUG, " skip - SSID mismatch");
708 continue;
709 }
711 if (ssid->bssid_set &&
712 os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0) {
713 wpa_dbg(wpa_s, MSG_DEBUG, " skip - BSSID mismatch");
714 continue;
715 }
717 if (!wpa_supplicant_ssid_bss_match(wpa_s, ssid, bss))
718 continue;
720 if (!wpa &&
721 !(ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
722 !(ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
723 !(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) {
724 wpa_dbg(wpa_s, MSG_DEBUG, " skip - non-WPA network "
725 "not allowed");
726 continue;
727 }
729 if (!wpa_supplicant_match_privacy(bss, ssid)) {
730 wpa_dbg(wpa_s, MSG_DEBUG, " skip - privacy "
731 "mismatch");
732 continue;
733 }
735 if (bss->caps & IEEE80211_CAP_IBSS) {
736 wpa_dbg(wpa_s, MSG_DEBUG, " skip - IBSS (adhoc) "
737 "network");
738 continue;
739 }
741 if (!freq_allowed(ssid->freq_list, bss->freq)) {
742 wpa_dbg(wpa_s, MSG_DEBUG, " skip - frequency not "
743 "allowed");
744 continue;
745 }
747 if (!rate_match(wpa_s, bss)) {
748 wpa_dbg(wpa_s, MSG_DEBUG, " skip - rate sets do "
749 "not match");
750 continue;
751 }
753 #ifdef CONFIG_P2P
754 /*
755 * TODO: skip the AP if its P2P IE has Group Formation
756 * bit set in the P2P Group Capability Bitmap and we
757 * are not in Group Formation with that device.
758 */
759 #endif /* CONFIG_P2P */
761 /* Matching configuration found */
762 return ssid;
763 }
765 /* No matching configuration found */
766 return NULL;
767 }
770 static struct wpa_bss *
771 wpa_supplicant_select_bss(struct wpa_supplicant *wpa_s,
772 struct wpa_scan_results *scan_res,
773 struct wpa_ssid *group,
774 struct wpa_ssid **selected_ssid)
775 {
776 size_t i;
778 wpa_dbg(wpa_s, MSG_DEBUG, "Selecting BSS from priority group %d",
779 group->priority);
781 for (i = 0; i < scan_res->num; i++) {
782 struct wpa_scan_res *bss = scan_res->res[i];
783 const u8 *ie, *ssid;
784 u8 ssid_len;
786 *selected_ssid = wpa_scan_res_match(wpa_s, i, bss, group);
787 if (!*selected_ssid)
788 continue;
790 ie = wpa_scan_get_ie(bss, WLAN_EID_SSID);
791 ssid = ie ? ie + 2 : (u8 *) "";
792 ssid_len = ie ? ie[1] : 0;
794 wpa_dbg(wpa_s, MSG_DEBUG, " selected BSS " MACSTR
795 " ssid='%s'",
796 MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len));
797 return wpa_bss_get(wpa_s, bss->bssid, ssid, ssid_len);
798 }
800 return NULL;
801 }
804 static struct wpa_bss *
805 wpa_supplicant_pick_network(struct wpa_supplicant *wpa_s,
806 struct wpa_scan_results *scan_res,
807 struct wpa_ssid **selected_ssid)
808 {
809 struct wpa_bss *selected = NULL;
810 int prio;
812 while (selected == NULL) {
813 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
814 selected = wpa_supplicant_select_bss(
815 wpa_s, scan_res, wpa_s->conf->pssid[prio],
816 selected_ssid);
817 if (selected)
818 break;
819 }
821 if (selected == NULL && wpa_s->blacklist &&
822 !wpa_s->countermeasures) {
823 wpa_dbg(wpa_s, MSG_DEBUG, "No APs found - clear "
824 "blacklist and try again");
825 wpa_blacklist_clear(wpa_s);
826 wpa_s->blacklist_cleared++;
827 } else if (selected == NULL)
828 break;
829 }
831 return selected;
832 }
835 static void wpa_supplicant_req_new_scan(struct wpa_supplicant *wpa_s,
836 int timeout_sec, int timeout_usec)
837 {
838 if (!wpa_supplicant_enabled_networks(wpa_s->conf)) {
839 /*
840 * No networks are enabled; short-circuit request so
841 * we don't wait timeout seconds before transitioning
842 * to INACTIVE state.
843 */
844 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
845 return;
846 }
847 wpa_supplicant_req_scan(wpa_s, timeout_sec, timeout_usec);
848 }
851 int wpa_supplicant_connect(struct wpa_supplicant *wpa_s,
852 struct wpa_bss *selected,
853 struct wpa_ssid *ssid)
854 {
855 if (wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) {
856 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP
857 "PBC session overlap");
858 #ifdef CONFIG_P2P
859 if (wpas_p2p_notif_pbc_overlap(wpa_s) == 1) {
860 wpa_supplicant_clear_roaming(wpa_s, 0);
861 return -1;
862 }
863 #endif /* CONFIG_P2P */
865 #ifdef CONFIG_WPS
866 wpas_wps_cancel(wpa_s);
867 #endif /* CONFIG_WPS */
868 wpa_supplicant_clear_roaming(wpa_s, 0);
869 return -1;
870 }
872 /*
873 * Do not trigger new association unless the BSSID has changed or if
874 * reassociation is requested. If we are in process of associating with
875 * the selected BSSID, do not trigger new attempt.
876 */
877 if (wpa_s->reassociate ||
878 (os_memcmp(selected->bssid, wpa_s->bssid, ETH_ALEN) != 0 &&
879 ((wpa_s->wpa_state != WPA_ASSOCIATING &&
880 wpa_s->wpa_state != WPA_AUTHENTICATING) ||
881 os_memcmp(selected->bssid, wpa_s->pending_bssid, ETH_ALEN) !=
882 0))) {
883 if (wpa_supplicant_scard_init(wpa_s, ssid)) {
884 wpa_supplicant_req_new_scan(wpa_s, 10, 0);
885 wpa_supplicant_clear_roaming(wpa_s, 0);
886 }
887 wpa_msg(wpa_s, MSG_DEBUG, "Request association: "
888 "reassociate: %d selected: "MACSTR " bssid: " MACSTR
889 " pending: " MACSTR " wpa_state: %s",
890 wpa_s->reassociate, MAC2STR(selected->bssid),
891 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
892 wpa_supplicant_state_txt(wpa_s->wpa_state));
893 wpa_supplicant_associate(wpa_s, selected, ssid);
894 } else {
895 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with the "
896 "selected AP");
897 wpa_supplicant_clear_roaming(wpa_s, 0);
898 }
900 return 0;
901 }
904 static struct wpa_ssid *
905 wpa_supplicant_pick_new_network(struct wpa_supplicant *wpa_s)
906 {
907 int prio;
908 struct wpa_ssid *ssid;
910 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
911 for (ssid = wpa_s->conf->pssid[prio]; ssid; ssid = ssid->pnext)
912 {
913 if (ssid->disabled)
914 continue;
915 if (ssid->mode == IEEE80211_MODE_IBSS ||
916 ssid->mode == IEEE80211_MODE_AP)
917 return ssid;
918 }
919 }
920 return NULL;
921 }
924 /* TODO: move the rsn_preauth_scan_result*() to be called from notify.c based
925 * on BSS added and BSS changed events */
926 static void wpa_supplicant_rsn_preauth_scan_results(
927 struct wpa_supplicant *wpa_s)
928 {
929 struct wpa_bss *bss;
931 if (rsn_preauth_scan_results(wpa_s->wpa) < 0)
932 return;
934 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
935 const u8 *ssid, *rsn;
937 ssid = wpa_bss_get_ie(bss, WLAN_EID_SSID);
938 if (ssid == NULL)
939 continue;
941 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
942 if (rsn == NULL)
943 continue;
945 rsn_preauth_scan_result(wpa_s->wpa, bss->bssid, ssid, rsn);
946 }
948 }
951 static int wpa_supplicant_need_to_roam(struct wpa_supplicant *wpa_s,
952 struct wpa_bss *selected,
953 struct wpa_ssid *ssid,
954 struct wpa_scan_results *scan_res)
955 {
956 size_t i;
957 struct wpa_scan_res *current_bss = NULL;
958 int min_diff;
960 if (wpa_s->reassociate)
961 return 1; /* explicit request to reassociate */
962 if (wpa_s->roaming)
963 return 1; /* explicit request to roam */
964 if (wpa_s->wpa_state < WPA_ASSOCIATED)
965 return 1; /* we are not associated; continue */
966 if (wpa_s->current_ssid == NULL)
967 return 1; /* unknown current SSID */
968 if (wpa_s->roaming_disabled) {
969 wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - "
970 "driver doesn't allow roaming now");
971 return 0;
972 }
973 if (wpa_s->current_ssid != ssid)
974 return 1; /* different network block */
976 if (wpas_driver_bss_selection(wpa_s))
977 return 0; /* Driver-based roaming */
979 for (i = 0; i < scan_res->num; i++) {
980 struct wpa_scan_res *res = scan_res->res[i];
981 const u8 *ie;
982 if (os_memcmp(res->bssid, wpa_s->bssid, ETH_ALEN) != 0)
983 continue;
985 ie = wpa_scan_get_ie(res, WLAN_EID_SSID);
986 if (ie == NULL)
987 continue;
988 if (ie[1] != wpa_s->current_ssid->ssid_len ||
989 os_memcmp(ie + 2, wpa_s->current_ssid->ssid, ie[1]) != 0)
990 continue;
991 current_bss = res;
992 break;
993 }
995 if (!current_bss)
996 return 1; /* current BSS not seen in scan results */
998 #ifndef CONFIG_NO_ROAMING
999 wpa_dbg(wpa_s, MSG_DEBUG, "Considering within-ESS reassociation");
1000 wpa_dbg(wpa_s, MSG_DEBUG, "Current BSS: " MACSTR " level=%d",
1001 MAC2STR(current_bss->bssid), current_bss->level);
1002 wpa_dbg(wpa_s, MSG_DEBUG, "Selected BSS: " MACSTR " level=%d",
1003 MAC2STR(selected->bssid), selected->level);
1005 if (wpa_s->current_ssid->bssid_set &&
1006 os_memcmp(selected->bssid, wpa_s->current_ssid->bssid, ETH_ALEN) ==
1007 0) {
1008 wpa_dbg(wpa_s, MSG_DEBUG, "Allow reassociation - selected BSS "
1009 "has preferred BSSID");
1010 return 1;
1011 }
1013 min_diff = 2;
1014 if (current_bss->level < 0) {
1015 if (current_bss->level < -85)
1016 min_diff = 1;
1017 else if (current_bss->level < -80)
1018 min_diff = 2;
1019 else if (current_bss->level < -75)
1020 min_diff = 3;
1021 else if (current_bss->level < -70)
1022 min_diff = 4;
1023 else
1024 min_diff = 5;
1025 }
1026 if (abs(current_bss->level - selected->level) < min_diff) {
1027 wpa_dbg(wpa_s, MSG_DEBUG, "Skip roam - too small difference "
1028 "in signal level");
1029 return 0;
1030 }
1032 wpa_supplicant_mark_roaming(wpa_s);
1033 return 1;
1034 #else /* CONFIG_NO_ROAMING */
1035 return 0;
1036 #endif /* CONFIG_NO_ROAMING */
1037 }
1040 /* Return < 0 if no scan results could be fetched. */
1041 static int _wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
1042 union wpa_event_data *data)
1043 {
1044 struct wpa_bss *selected;
1045 struct wpa_ssid *ssid = NULL;
1046 struct wpa_scan_results *scan_res;
1047 int ap = 0;
1049 #ifdef CONFIG_AP
1050 if (wpa_s->ap_iface)
1051 ap = 1;
1052 #endif /* CONFIG_AP */
1054 wpa_supplicant_notify_scanning(wpa_s, 0);
1056 #ifdef CONFIG_P2P
1057 if (wpa_s->p2p_cb_on_scan_complete && !wpa_s->global->p2p_disabled &&
1058 wpa_s->global->p2p != NULL) {
1059 wpa_s->p2p_cb_on_scan_complete = 0;
1060 if (p2p_other_scan_completed(wpa_s->global->p2p) == 1) {
1061 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Pending P2P operation "
1062 "stopped scan processing");
1063 return -1;
1064 }
1065 }
1066 #endif /* CONFIG_P2P */
1068 scan_res = wpa_supplicant_get_scan_results(wpa_s,
1069 data ? &data->scan_info :
1070 NULL, 1);
1071 if (scan_res == NULL) {
1072 if (wpa_s->conf->ap_scan == 2 || ap)
1073 return -1;
1074 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results - try "
1075 "scanning again");
1076 wpa_supplicant_req_new_scan(wpa_s, 1, 0);
1077 return -1;
1078 }
1080 #ifndef CONFIG_NO_RANDOM_POOL
1081 size_t i, num;
1082 num = scan_res->num;
1083 if (num > 10)
1084 num = 10;
1085 for (i = 0; i < num; i++) {
1086 u8 buf[5];
1087 struct wpa_scan_res *res = scan_res->res[i];
1088 buf[0] = res->bssid[5];
1089 buf[1] = res->qual & 0xff;
1090 buf[2] = res->noise & 0xff;
1091 buf[3] = res->level & 0xff;
1092 buf[4] = res->tsf & 0xff;
1093 random_add_randomness(buf, sizeof(buf));
1094 }
1095 #endif /* CONFIG_NO_RANDOM_POOL */
1097 if (wpa_s->scan_res_handler) {
1098 void (*scan_res_handler)(struct wpa_supplicant *wpa_s,
1099 struct wpa_scan_results *scan_res);
1101 scan_res_handler = wpa_s->scan_res_handler;
1102 wpa_s->scan_res_handler = NULL;
1103 scan_res_handler(wpa_s, scan_res);
1105 wpa_scan_results_free(scan_res);
1106 return 0;
1107 }
1109 if (ap) {
1110 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore scan results in AP mode");
1111 #ifdef CONFIG_AP
1112 if (wpa_s->ap_iface->scan_cb)
1113 wpa_s->ap_iface->scan_cb(wpa_s->ap_iface);
1114 #endif /* CONFIG_AP */
1115 wpa_scan_results_free(scan_res);
1116 return 0;
1117 }
1119 wpa_dbg(wpa_s, MSG_DEBUG, "New scan results available");
1120 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
1121 wpas_notify_scan_results(wpa_s);
1123 wpas_notify_scan_done(wpa_s, 1);
1125 if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s))) {
1126 wpa_scan_results_free(scan_res);
1127 return 0;
1128 }
1130 if (wpa_s->disconnected) {
1131 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1132 wpa_scan_results_free(scan_res);
1133 return 0;
1134 }
1136 if (!wpas_driver_bss_selection(wpa_s) &&
1137 bgscan_notify_scan(wpa_s, scan_res) == 1) {
1138 wpa_scan_results_free(scan_res);
1139 return 0;
1140 }
1142 selected = wpa_supplicant_pick_network(wpa_s, scan_res, &ssid);
1144 if (selected) {
1145 int skip;
1146 skip = !wpa_supplicant_need_to_roam(wpa_s, selected, ssid,
1147 scan_res);
1148 wpa_scan_results_free(scan_res);
1149 if (skip) {
1150 wpa_supplicant_rsn_preauth_scan_results(wpa_s);
1151 return 0;
1152 }
1154 if (wpa_supplicant_connect(wpa_s, selected, ssid) < 0) {
1155 wpa_dbg(wpa_s, MSG_DEBUG, "Connect failed");
1156 return -1;
1157 }
1158 wpa_supplicant_rsn_preauth_scan_results(wpa_s);
1159 } else {
1160 wpa_scan_results_free(scan_res);
1161 wpa_dbg(wpa_s, MSG_DEBUG, "No suitable network found");
1162 ssid = wpa_supplicant_pick_new_network(wpa_s);
1163 if (ssid) {
1164 wpa_dbg(wpa_s, MSG_DEBUG, "Setup a new network");
1165 wpa_supplicant_associate(wpa_s, NULL, ssid);
1166 wpa_supplicant_rsn_preauth_scan_results(wpa_s);
1167 } else {
1168 int timeout_sec = wpa_s->scan_interval;
1169 int timeout_usec = 0;
1170 #ifdef CONFIG_P2P
1171 if (wpa_s->p2p_in_provisioning) {
1172 /*
1173 * Use shorter wait during P2P Provisioning
1174 * state to speed up group formation.
1175 */
1176 timeout_sec = 0;
1177 timeout_usec = 250000;
1178 wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
1179 timeout_usec);
1180 return 0;
1181 }
1182 #endif /* CONFIG_P2P */
1183 wpa_supplicant_req_sched_scan(wpa_s);
1184 wpa_supplicant_req_new_scan(wpa_s, timeout_sec,
1185 timeout_usec);
1186 }
1187 }
1188 return 0;
1189 }
1192 static void wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s,
1193 union wpa_event_data *data)
1194 {
1195 const char *rn, *rn2;
1196 struct wpa_supplicant *ifs;
1198 if (_wpa_supplicant_event_scan_results(wpa_s, data) < 0) {
1199 /*
1200 * If no scan results could be fetched, then no need to
1201 * notify those interfaces that did not actually request
1202 * this scan.
1203 */
1204 return;
1205 }
1207 /*
1208 * Check other interfaces to see if they have the same radio-name. If
1209 * so, they get updated with this same scan info.
1210 */
1211 if (!wpa_s->driver->get_radio_name)
1212 return;
1214 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv);
1215 if (rn == NULL || rn[0] == '\0')
1216 return;
1218 wpa_dbg(wpa_s, MSG_DEBUG, "Checking for other virtual interfaces "
1219 "sharing same radio (%s) in event_scan_results", rn);
1221 for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) {
1222 if (ifs == wpa_s || !ifs->driver->get_radio_name)
1223 continue;
1225 rn2 = ifs->driver->get_radio_name(ifs->drv_priv);
1226 if (rn2 && os_strcmp(rn, rn2) == 0) {
1227 wpa_printf(MSG_DEBUG, "%s: Updating scan results from "
1228 "sibling", ifs->ifname);
1229 _wpa_supplicant_event_scan_results(ifs, data);
1230 }
1231 }
1232 }
1234 #endif /* CONFIG_NO_SCAN_PROCESSING */
1237 static int wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
1238 union wpa_event_data *data)
1239 {
1240 int l, len, found = 0, wpa_found, rsn_found;
1241 const u8 *p;
1243 wpa_dbg(wpa_s, MSG_DEBUG, "Association info event");
1244 if (data->assoc_info.req_ies)
1245 wpa_hexdump(MSG_DEBUG, "req_ies", data->assoc_info.req_ies,
1246 data->assoc_info.req_ies_len);
1247 if (data->assoc_info.resp_ies) {
1248 wpa_hexdump(MSG_DEBUG, "resp_ies", data->assoc_info.resp_ies,
1249 data->assoc_info.resp_ies_len);
1250 #ifdef CONFIG_TDLS
1251 wpa_tdls_assoc_resp_ies(wpa_s->wpa, data->assoc_info.resp_ies,
1252 data->assoc_info.resp_ies_len);
1253 #endif /* CONFIG_TDLS */
1254 }
1255 if (data->assoc_info.beacon_ies)
1256 wpa_hexdump(MSG_DEBUG, "beacon_ies",
1257 data->assoc_info.beacon_ies,
1258 data->assoc_info.beacon_ies_len);
1259 if (data->assoc_info.freq)
1260 wpa_dbg(wpa_s, MSG_DEBUG, "freq=%u MHz",
1261 data->assoc_info.freq);
1263 p = data->assoc_info.req_ies;
1264 l = data->assoc_info.req_ies_len;
1266 /* Go through the IEs and make a copy of the WPA/RSN IE, if present. */
1267 while (p && l >= 2) {
1268 len = p[1] + 2;
1269 if (len > l) {
1270 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
1271 p, l);
1272 break;
1273 }
1274 if ((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
1275 (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) ||
1276 (p[0] == WLAN_EID_RSN && p[1] >= 2)) {
1277 if (wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, p, len))
1278 break;
1279 found = 1;
1280 wpa_find_assoc_pmkid(wpa_s);
1281 break;
1282 }
1283 l -= len;
1284 p += len;
1285 }
1286 if (!found && data->assoc_info.req_ies)
1287 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1289 #ifdef CONFIG_IEEE80211R
1290 #ifdef CONFIG_SME
1291 if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FT) {
1292 u8 bssid[ETH_ALEN];
1293 if (wpa_drv_get_bssid(wpa_s, bssid) < 0 ||
1294 wpa_ft_validate_reassoc_resp(wpa_s->wpa,
1295 data->assoc_info.resp_ies,
1296 data->assoc_info.resp_ies_len,
1297 bssid) < 0) {
1298 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Validation of "
1299 "Reassociation Response failed");
1300 wpa_supplicant_deauthenticate(
1301 wpa_s, WLAN_REASON_INVALID_IE);
1302 return -1;
1303 }
1304 }
1306 p = data->assoc_info.resp_ies;
1307 l = data->assoc_info.resp_ies_len;
1309 #ifdef CONFIG_WPS_STRICT
1310 if (p && wpa_s->current_ssid &&
1311 wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_WPS) {
1312 struct wpabuf *wps;
1313 wps = ieee802_11_vendor_ie_concat(p, l, WPS_IE_VENDOR_TYPE);
1314 if (wps == NULL) {
1315 wpa_msg(wpa_s, MSG_INFO, "WPS-STRICT: AP did not "
1316 "include WPS IE in (Re)Association Response");
1317 return -1;
1318 }
1320 if (wps_validate_assoc_resp(wps) < 0) {
1321 wpabuf_free(wps);
1322 wpa_supplicant_deauthenticate(
1323 wpa_s, WLAN_REASON_INVALID_IE);
1324 return -1;
1325 }
1326 wpabuf_free(wps);
1327 }
1328 #endif /* CONFIG_WPS_STRICT */
1330 /* Go through the IEs and make a copy of the MDIE, if present. */
1331 while (p && l >= 2) {
1332 len = p[1] + 2;
1333 if (len > l) {
1334 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
1335 p, l);
1336 break;
1337 }
1338 if (p[0] == WLAN_EID_MOBILITY_DOMAIN &&
1339 p[1] >= MOBILITY_DOMAIN_ID_LEN) {
1340 wpa_s->sme.ft_used = 1;
1341 os_memcpy(wpa_s->sme.mobility_domain, p + 2,
1342 MOBILITY_DOMAIN_ID_LEN);
1343 break;
1344 }
1345 l -= len;
1346 p += len;
1347 }
1348 #endif /* CONFIG_SME */
1350 wpa_sm_set_ft_params(wpa_s->wpa, data->assoc_info.resp_ies,
1351 data->assoc_info.resp_ies_len);
1352 #endif /* CONFIG_IEEE80211R */
1354 /* WPA/RSN IE from Beacon/ProbeResp */
1355 p = data->assoc_info.beacon_ies;
1356 l = data->assoc_info.beacon_ies_len;
1358 /* Go through the IEs and make a copy of the WPA/RSN IEs, if present.
1359 */
1360 wpa_found = rsn_found = 0;
1361 while (p && l >= 2) {
1362 len = p[1] + 2;
1363 if (len > l) {
1364 wpa_hexdump(MSG_DEBUG, "Truncated IE in beacon_ies",
1365 p, l);
1366 break;
1367 }
1368 if (!wpa_found &&
1369 p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
1370 os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) {
1371 wpa_found = 1;
1372 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len);
1373 }
1375 if (!rsn_found &&
1376 p[0] == WLAN_EID_RSN && p[1] >= 2) {
1377 rsn_found = 1;
1378 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len);
1379 }
1381 l -= len;
1382 p += len;
1383 }
1385 if (!wpa_found && data->assoc_info.beacon_ies)
1386 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
1387 if (!rsn_found && data->assoc_info.beacon_ies)
1388 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
1389 if (wpa_found || rsn_found)
1390 wpa_s->ap_ies_from_associnfo = 1;
1392 if (wpa_s->assoc_freq && data->assoc_info.freq &&
1393 wpa_s->assoc_freq != data->assoc_info.freq) {
1394 wpa_printf(MSG_DEBUG, "Operating frequency changed from "
1395 "%u to %u MHz",
1396 wpa_s->assoc_freq, data->assoc_info.freq);
1397 wpa_supplicant_update_scan_results(wpa_s);
1398 }
1400 wpa_s->assoc_freq = data->assoc_info.freq;
1402 return 0;
1403 }
1406 static struct wpa_bss * wpa_supplicant_get_new_bss(
1407 struct wpa_supplicant *wpa_s, const u8 *bssid)
1408 {
1409 struct wpa_bss *bss = NULL;
1410 struct wpa_ssid *ssid = wpa_s->current_ssid;
1412 if (ssid->ssid_len > 0)
1413 bss = wpa_bss_get(wpa_s, bssid, ssid->ssid, ssid->ssid_len);
1414 if (!bss)
1415 bss = wpa_bss_get_bssid(wpa_s, bssid);
1417 return bss;
1418 }
1421 static int wpa_supplicant_assoc_update_ie(struct wpa_supplicant *wpa_s)
1422 {
1423 const u8 *bss_wpa = NULL, *bss_rsn = NULL;
1425 if (!wpa_s->current_bss || !wpa_s->current_ssid)
1426 return -1;
1428 if (!wpa_key_mgmt_wpa_any(wpa_s->current_ssid->key_mgmt))
1429 return 0;
1431 bss_wpa = wpa_bss_get_vendor_ie(wpa_s->current_bss,
1432 WPA_IE_VENDOR_TYPE);
1433 bss_rsn = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_RSN);
1435 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1436 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1437 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1438 bss_rsn ? 2 + bss_rsn[1] : 0))
1439 return -1;
1441 return 0;
1442 }
1445 static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
1446 union wpa_event_data *data)
1447 {
1448 u8 bssid[ETH_ALEN];
1449 int ft_completed;
1450 int bssid_changed;
1451 struct wpa_driver_capa capa;
1453 #ifdef CONFIG_AP
1454 if (wpa_s->ap_iface) {
1455 hostapd_notif_assoc(wpa_s->ap_iface->bss[0],
1456 data->assoc_info.addr,
1457 data->assoc_info.req_ies,
1458 data->assoc_info.req_ies_len,
1459 data->assoc_info.reassoc);
1460 return;
1461 }
1462 #endif /* CONFIG_AP */
1464 ft_completed = wpa_ft_is_completed(wpa_s->wpa);
1465 if (data && wpa_supplicant_event_associnfo(wpa_s, data) < 0)
1466 return;
1468 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED);
1469 if (wpa_drv_get_bssid(wpa_s, bssid) >= 0 &&
1470 os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0) {
1471 wpa_dbg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID="
1472 MACSTR, MAC2STR(bssid));
1473 random_add_randomness(bssid, ETH_ALEN);
1474 bssid_changed = os_memcmp(wpa_s->bssid, bssid, ETH_ALEN);
1475 os_memcpy(wpa_s->bssid, bssid, ETH_ALEN);
1476 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1477 if (bssid_changed)
1478 wpas_notify_bssid_changed(wpa_s);
1480 if (wpa_supplicant_dynamic_keys(wpa_s) && !ft_completed) {
1481 wpa_clear_keys(wpa_s, bssid);
1482 }
1483 if (wpa_supplicant_select_config(wpa_s) < 0) {
1484 wpa_supplicant_disassociate(
1485 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1486 return;
1487 }
1488 if (wpa_s->current_ssid) {
1489 struct wpa_bss *bss = NULL;
1491 bss = wpa_supplicant_get_new_bss(wpa_s, bssid);
1492 if (!bss) {
1493 wpa_supplicant_update_scan_results(wpa_s);
1495 /* Get the BSS from the new scan results */
1496 bss = wpa_supplicant_get_new_bss(wpa_s, bssid);
1497 }
1499 if (bss)
1500 wpa_s->current_bss = bss;
1501 }
1503 if (wpa_s->conf->ap_scan == 1 &&
1504 wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION) {
1505 if (wpa_supplicant_assoc_update_ie(wpa_s) < 0)
1506 wpa_msg(wpa_s, MSG_WARNING,
1507 "WPA/RSN IEs not updated");
1508 }
1509 }
1511 #ifdef CONFIG_SME
1512 os_memcpy(wpa_s->sme.prev_bssid, bssid, ETH_ALEN);
1513 wpa_s->sme.prev_bssid_set = 1;
1514 #endif /* CONFIG_SME */
1516 wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid));
1517 if (wpa_s->current_ssid) {
1518 /* When using scanning (ap_scan=1), SIM PC/SC interface can be
1519 * initialized before association, but for other modes,
1520 * initialize PC/SC here, if the current configuration needs
1521 * smartcard or SIM/USIM. */
1522 wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid);
1523 }
1524 wpa_sm_notify_assoc(wpa_s->wpa, bssid);
1525 if (wpa_s->l2)
1526 l2_packet_notify_auth_start(wpa_s->l2);
1528 /*
1529 * Set portEnabled first to FALSE in order to get EAP state machine out
1530 * of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
1531 * state machine may transit to AUTHENTICATING state based on obsolete
1532 * eapSuccess and then trigger BE_AUTH to SUCCESS and PAE to
1533 * AUTHENTICATED without ever giving chance to EAP state machine to
1534 * reset the state.
1535 */
1536 if (!ft_completed) {
1537 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1538 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1539 }
1540 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed)
1541 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
1542 /* 802.1X::portControl = Auto */
1543 eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
1544 wpa_s->eapol_received = 0;
1545 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1546 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE ||
1547 (wpa_s->current_ssid &&
1548 wpa_s->current_ssid->mode == IEEE80211_MODE_IBSS)) {
1549 wpa_supplicant_cancel_auth_timeout(wpa_s);
1550 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1551 } else if (!ft_completed) {
1552 /* Timeout for receiving the first EAPOL packet */
1553 wpa_supplicant_req_auth_timeout(wpa_s, 10, 0);
1554 }
1556 wpa_supplicant_cancel_sched_scan(wpa_s);
1557 wpa_supplicant_cancel_scan(wpa_s);
1559 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1560 wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
1561 /*
1562 * We are done; the driver will take care of RSN 4-way
1563 * handshake.
1564 */
1565 wpa_supplicant_cancel_auth_timeout(wpa_s);
1566 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1567 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1568 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
1569 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
1570 wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
1571 /*
1572 * The driver will take care of RSN 4-way handshake, so we need
1573 * to allow EAPOL supplicant to complete its work without
1574 * waiting for WPA supplicant.
1575 */
1576 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1577 } else if (ft_completed) {
1578 /*
1579 * FT protocol completed - make sure EAPOL state machine ends
1580 * up in authenticated.
1581 */
1582 wpa_supplicant_cancel_auth_timeout(wpa_s);
1583 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1584 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
1585 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
1586 }
1588 if (wpa_s->pending_eapol_rx) {
1589 struct os_time now, age;
1590 os_get_time(&now);
1591 os_time_sub(&now, &wpa_s->pending_eapol_rx_time, &age);
1592 if (age.sec == 0 && age.usec < 500000 &&
1593 os_memcmp(wpa_s->pending_eapol_rx_src, bssid, ETH_ALEN) ==
1594 0) {
1595 wpa_dbg(wpa_s, MSG_DEBUG, "Process pending EAPOL "
1596 "frame that was received just before "
1597 "association notification");
1598 wpa_supplicant_rx_eapol(
1599 wpa_s, wpa_s->pending_eapol_rx_src,
1600 wpabuf_head(wpa_s->pending_eapol_rx),
1601 wpabuf_len(wpa_s->pending_eapol_rx));
1602 }
1603 wpabuf_free(wpa_s->pending_eapol_rx);
1604 wpa_s->pending_eapol_rx = NULL;
1605 }
1607 if ((wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1608 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
1609 wpa_s->current_ssid && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1610 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE) {
1611 /* Set static WEP keys again */
1612 wpa_set_wep_keys(wpa_s, wpa_s->current_ssid);
1613 }
1615 #ifdef CONFIG_IBSS_RSN
1616 if (wpa_s->current_ssid &&
1617 wpa_s->current_ssid->mode == WPAS_MODE_IBSS &&
1618 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
1619 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE &&
1620 wpa_s->ibss_rsn == NULL) {
1621 wpa_s->ibss_rsn = ibss_rsn_init(wpa_s);
1622 if (!wpa_s->ibss_rsn) {
1623 wpa_msg(wpa_s, MSG_INFO, "Failed to init IBSS RSN");
1624 wpa_supplicant_deauthenticate(
1625 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
1626 return;
1627 }
1629 ibss_rsn_set_psk(wpa_s->ibss_rsn, wpa_s->current_ssid->psk);
1630 }
1631 #endif /* CONFIG_IBSS_RSN */
1632 }
1635 static int disconnect_reason_recoverable(u16 reason_code)
1636 {
1637 return reason_code == WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY ||
1638 reason_code == WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA ||
1639 reason_code == WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA;
1640 }
1643 static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s,
1644 u16 reason_code,
1645 int locally_generated,
1646 const u8 *addr)
1647 {
1648 const u8 *bssid;
1649 int authenticating;
1650 u8 prev_pending_bssid[ETH_ALEN];
1651 struct wpa_bss *fast_reconnect = NULL;
1652 struct wpa_ssid *fast_reconnect_ssid = NULL;
1654 authenticating = wpa_s->wpa_state == WPA_AUTHENTICATING;
1655 os_memcpy(prev_pending_bssid, wpa_s->pending_bssid, ETH_ALEN);
1657 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1658 /*
1659 * At least Host AP driver and a Prism3 card seemed to be
1660 * generating streams of disconnected events when configuring
1661 * IBSS for WPA-None. Ignore them for now.
1662 */
1663 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - ignore in "
1664 "IBSS/WPA-None mode");
1665 return;
1666 }
1668 if (os_memcmp(wpa_s->bssid, addr, ETH_ALEN)) {
1669 /* This may occur during roaming */
1670 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore disconnect from"
1671 " a BSS which is not the current one");
1672 return;
1673 }
1675 if (wpa_s->wpa_state == WPA_4WAY_HANDSHAKE &&
1676 wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
1677 wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - "
1678 "pre-shared key may be incorrect");
1679 }
1680 if (!wpa_s->auto_reconnect_disabled ||
1681 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
1682 wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect enabled: try to "
1683 "reconnect (wps=%d wpa_state=%d)",
1684 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS,
1685 wpa_s->wpa_state);
1686 if (wpa_s->wpa_state == WPA_COMPLETED &&
1687 wpa_s->current_ssid &&
1688 wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
1689 !locally_generated &&
1690 disconnect_reason_recoverable(reason_code)) {
1691 /*
1692 * It looks like the AP has dropped association with
1693 * us, but could allow us to get back in. Try to
1694 * reconnect to the same BSS without full scan to save
1695 * time for some common cases.
1696 */
1697 fast_reconnect = wpa_s->current_bss;
1698 fast_reconnect_ssid = wpa_s->current_ssid;
1699 } else if (wpa_s->wpa_state >= WPA_ASSOCIATING)
1700 wpa_supplicant_req_scan(wpa_s, 0, 500000);
1701 else
1702 wpa_dbg(wpa_s, MSG_DEBUG, "Do not request new "
1703 "immediate scan");
1704 } else {
1705 wpa_dbg(wpa_s, MSG_DEBUG, "Auto connect disabled: do not "
1706 "try to re-connect");
1707 wpa_s->reassociate = 0;
1708 wpa_s->disconnected = 1;
1709 wpa_supplicant_cancel_sched_scan(wpa_s);
1710 }
1711 bssid = wpa_s->bssid;
1712 if (is_zero_ether_addr(bssid))
1713 bssid = wpa_s->pending_bssid;
1714 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1715 wpas_connection_failed(wpa_s, bssid);
1716 wpa_sm_notify_disassoc(wpa_s->wpa);
1717 if (!is_zero_ether_addr(bssid) ||
1718 wpa_s->wpa_state >= WPA_AUTHENTICATING) {
1719 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR
1720 " reason=%d%s",
1721 MAC2STR(bssid), reason_code,
1722 locally_generated ? " locally_generated=1" : "");
1723 }
1724 if (wpa_supplicant_dynamic_keys(wpa_s)) {
1725 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnect event - remove keys");
1726 wpa_s->keys_cleared = 0;
1727 wpa_clear_keys(wpa_s, wpa_s->bssid);
1728 }
1729 wpa_supplicant_mark_disassoc(wpa_s);
1731 if (authenticating && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
1732 sme_disassoc_while_authenticating(wpa_s, prev_pending_bssid);
1734 if (fast_reconnect) {
1735 #ifndef CONFIG_NO_SCAN_PROCESSING
1736 wpa_dbg(wpa_s, MSG_DEBUG, "Try to reconnect to the same BSS");
1737 if (wpa_supplicant_connect(wpa_s, fast_reconnect,
1738 fast_reconnect_ssid) < 0) {
1739 /* Recover through full scan */
1740 wpa_supplicant_req_scan(wpa_s, 0, 100000);
1741 }
1742 #endif /* CONFIG_NO_SCAN_PROCESSING */
1743 }
1744 }
1747 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
1748 void wpa_supplicant_delayed_mic_error_report(void *eloop_ctx, void *sock_ctx)
1749 {
1750 struct wpa_supplicant *wpa_s = eloop_ctx;
1752 if (!wpa_s->pending_mic_error_report)
1753 return;
1755 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Sending pending MIC error report");
1756 wpa_sm_key_request(wpa_s->wpa, 1, wpa_s->pending_mic_error_pairwise);
1757 wpa_s->pending_mic_error_report = 0;
1758 }
1759 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
1762 static void
1763 wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant *wpa_s,
1764 union wpa_event_data *data)
1765 {
1766 int pairwise;
1767 struct os_time t;
1769 wpa_msg(wpa_s, MSG_WARNING, "Michael MIC failure detected");
1770 pairwise = (data && data->michael_mic_failure.unicast);
1771 os_get_time(&t);
1772 if ((wpa_s->last_michael_mic_error &&
1773 t.sec - wpa_s->last_michael_mic_error <= 60) ||
1774 wpa_s->pending_mic_error_report) {
1775 if (wpa_s->pending_mic_error_report) {
1776 /*
1777 * Send the pending MIC error report immediately since
1778 * we are going to start countermeasures and AP better
1779 * do the same.
1780 */
1781 wpa_sm_key_request(wpa_s->wpa, 1,
1782 wpa_s->pending_mic_error_pairwise);
1783 }
1785 /* Send the new MIC error report immediately since we are going
1786 * to start countermeasures and AP better do the same.
1787 */
1788 wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
1790 /* initialize countermeasures */
1791 wpa_s->countermeasures = 1;
1793 wpa_blacklist_add(wpa_s, wpa_s->bssid);
1795 wpa_msg(wpa_s, MSG_WARNING, "TKIP countermeasures started");
1797 /*
1798 * Need to wait for completion of request frame. We do not get
1799 * any callback for the message completion, so just wait a
1800 * short while and hope for the best. */
1801 os_sleep(0, 10000);
1803 wpa_drv_set_countermeasures(wpa_s, 1);
1804 wpa_supplicant_deauthenticate(wpa_s,
1805 WLAN_REASON_MICHAEL_MIC_FAILURE);
1806 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures,
1807 wpa_s, NULL);
1808 eloop_register_timeout(60, 0,
1809 wpa_supplicant_stop_countermeasures,
1810 wpa_s, NULL);
1811 /* TODO: mark the AP rejected for 60 second. STA is
1812 * allowed to associate with another AP.. */
1813 } else {
1814 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
1815 if (wpa_s->mic_errors_seen) {
1816 /*
1817 * Reduce the effectiveness of Michael MIC error
1818 * reports as a means for attacking against TKIP if
1819 * more than one MIC failure is noticed with the same
1820 * PTK. We delay the transmission of the reports by a
1821 * random time between 0 and 60 seconds in order to
1822 * force the attacker wait 60 seconds before getting
1823 * the information on whether a frame resulted in a MIC
1824 * failure.
1825 */
1826 u8 rval[4];
1827 int sec;
1829 if (os_get_random(rval, sizeof(rval)) < 0)
1830 sec = os_random() % 60;
1831 else
1832 sec = WPA_GET_BE32(rval) % 60;
1833 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Delay MIC error "
1834 "report %d seconds", sec);
1835 wpa_s->pending_mic_error_report = 1;
1836 wpa_s->pending_mic_error_pairwise = pairwise;
1837 eloop_cancel_timeout(
1838 wpa_supplicant_delayed_mic_error_report,
1839 wpa_s, NULL);
1840 eloop_register_timeout(
1841 sec, os_random() % 1000000,
1842 wpa_supplicant_delayed_mic_error_report,
1843 wpa_s, NULL);
1844 } else {
1845 wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
1846 }
1847 #else /* CONFIG_DELAYED_MIC_ERROR_REPORT */
1848 wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
1849 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
1850 }
1851 wpa_s->last_michael_mic_error = t.sec;
1852 wpa_s->mic_errors_seen++;
1853 }
1856 #ifdef CONFIG_TERMINATE_ONLASTIF
1857 static int any_interfaces(struct wpa_supplicant *head)
1858 {
1859 struct wpa_supplicant *wpa_s;
1861 for (wpa_s = head; wpa_s != NULL; wpa_s = wpa_s->next)
1862 if (!wpa_s->interface_removed)
1863 return 1;
1864 return 0;
1865 }
1866 #endif /* CONFIG_TERMINATE_ONLASTIF */
1869 static void
1870 wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s,
1871 union wpa_event_data *data)
1872 {
1873 if (os_strcmp(wpa_s->ifname, data->interface_status.ifname) != 0)
1874 return;
1876 switch (data->interface_status.ievent) {
1877 case EVENT_INTERFACE_ADDED:
1878 if (!wpa_s->interface_removed)
1879 break;
1880 wpa_s->interface_removed = 0;
1881 wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was added");
1882 if (wpa_supplicant_driver_init(wpa_s) < 0) {
1883 wpa_msg(wpa_s, MSG_INFO, "Failed to initialize the "
1884 "driver after interface was added");
1885 }
1886 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1887 break;
1888 case EVENT_INTERFACE_REMOVED:
1889 wpa_dbg(wpa_s, MSG_DEBUG, "Configured interface was removed");
1890 wpa_s->interface_removed = 1;
1891 wpa_supplicant_mark_disassoc(wpa_s);
1892 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
1893 l2_packet_deinit(wpa_s->l2);
1894 wpa_s->l2 = NULL;
1895 #ifdef CONFIG_IBSS_RSN
1896 ibss_rsn_deinit(wpa_s->ibss_rsn);
1897 wpa_s->ibss_rsn = NULL;
1898 #endif /* CONFIG_IBSS_RSN */
1899 #ifdef CONFIG_TERMINATE_ONLASTIF
1900 /* check if last interface */
1901 if (!any_interfaces(wpa_s->global->ifaces))
1902 eloop_terminate();
1903 #endif /* CONFIG_TERMINATE_ONLASTIF */
1904 break;
1905 }
1906 }
1909 #ifdef CONFIG_PEERKEY
1910 static void
1911 wpa_supplicant_event_stkstart(struct wpa_supplicant *wpa_s,
1912 union wpa_event_data *data)
1913 {
1914 if (data == NULL)
1915 return;
1916 wpa_sm_stkstart(wpa_s->wpa, data->stkstart.peer);
1917 }
1918 #endif /* CONFIG_PEERKEY */
1921 #ifdef CONFIG_TDLS
1922 static void wpa_supplicant_event_tdls(struct wpa_supplicant *wpa_s,
1923 union wpa_event_data *data)
1924 {
1925 if (data == NULL)
1926 return;
1927 switch (data->tdls.oper) {
1928 case TDLS_REQUEST_SETUP:
1929 wpa_tdls_start(wpa_s->wpa, data->tdls.peer);
1930 break;
1931 case TDLS_REQUEST_TEARDOWN:
1932 wpa_tdls_send_teardown(wpa_s->wpa, data->tdls.peer,
1933 data->tdls.reason_code);
1934 break;
1935 }
1936 }
1937 #endif /* CONFIG_TDLS */
1940 #ifdef CONFIG_IEEE80211R
1941 static void
1942 wpa_supplicant_event_ft_response(struct wpa_supplicant *wpa_s,
1943 union wpa_event_data *data)
1944 {
1945 if (data == NULL)
1946 return;
1948 if (wpa_ft_process_response(wpa_s->wpa, data->ft_ies.ies,
1949 data->ft_ies.ies_len,
1950 data->ft_ies.ft_action,
1951 data->ft_ies.target_ap,
1952 data->ft_ies.ric_ies,
1953 data->ft_ies.ric_ies_len) < 0) {
1954 /* TODO: prevent MLME/driver from trying to associate? */
1955 }
1956 }
1957 #endif /* CONFIG_IEEE80211R */
1960 #ifdef CONFIG_IBSS_RSN
1961 static void wpa_supplicant_event_ibss_rsn_start(struct wpa_supplicant *wpa_s,
1962 union wpa_event_data *data)
1963 {
1964 struct wpa_ssid *ssid;
1965 if (wpa_s->wpa_state < WPA_ASSOCIATED)
1966 return;
1967 if (data == NULL)
1968 return;
1969 ssid = wpa_s->current_ssid;
1970 if (ssid == NULL)
1971 return;
1972 if (ssid->mode != WPAS_MODE_IBSS || !wpa_key_mgmt_wpa(ssid->key_mgmt))
1973 return;
1975 ibss_rsn_start(wpa_s->ibss_rsn, data->ibss_rsn_start.peer);
1976 }
1977 #endif /* CONFIG_IBSS_RSN */
1980 #ifdef CONFIG_IEEE80211R
1981 static void ft_rx_action(struct wpa_supplicant *wpa_s, const u8 *data,
1982 size_t len)
1983 {
1984 const u8 *sta_addr, *target_ap_addr;
1985 u16 status;
1987 wpa_hexdump(MSG_MSGDUMP, "FT: RX Action", data, len);
1988 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
1989 return; /* only SME case supported for now */
1990 if (len < 1 + 2 * ETH_ALEN + 2)
1991 return;
1992 if (data[0] != 2)
1993 return; /* Only FT Action Response is supported for now */
1994 sta_addr = data + 1;
1995 target_ap_addr = data + 1 + ETH_ALEN;
1996 status = WPA_GET_LE16(data + 1 + 2 * ETH_ALEN);
1997 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Received FT Action Response: STA "
1998 MACSTR " TargetAP " MACSTR " status %u",
1999 MAC2STR(sta_addr), MAC2STR(target_ap_addr), status);
2001 if (os_memcmp(sta_addr, wpa_s->own_addr, ETH_ALEN) != 0) {
2002 wpa_dbg(wpa_s, MSG_DEBUG, "FT: Foreign STA Address " MACSTR
2003 " in FT Action Response", MAC2STR(sta_addr));
2004 return;
2005 }
2007 if (status) {
2008 wpa_dbg(wpa_s, MSG_DEBUG, "FT: FT Action Response indicates "
2009 "failure (status code %d)", status);
2010 /* TODO: report error to FT code(?) */
2011 return;
2012 }
2014 if (wpa_ft_process_response(wpa_s->wpa, data + 1 + 2 * ETH_ALEN + 2,
2015 len - (1 + 2 * ETH_ALEN + 2), 1,
2016 target_ap_addr, NULL, 0) < 0)
2017 return;
2019 #ifdef CONFIG_SME
2020 {
2021 struct wpa_bss *bss;
2022 bss = wpa_bss_get_bssid(wpa_s, target_ap_addr);
2023 if (bss)
2024 wpa_s->sme.freq = bss->freq;
2025 wpa_s->sme.auth_alg = WPA_AUTH_ALG_FT;
2026 sme_associate(wpa_s, WPAS_MODE_INFRA, target_ap_addr,
2027 WLAN_AUTH_FT);
2028 }
2029 #endif /* CONFIG_SME */
2030 }
2031 #endif /* CONFIG_IEEE80211R */
2034 static void wpa_supplicant_event_unprot_deauth(struct wpa_supplicant *wpa_s,
2035 struct unprot_deauth *e)
2036 {
2037 #ifdef CONFIG_IEEE80211W
2038 wpa_printf(MSG_DEBUG, "Unprotected Deauthentication frame "
2039 "dropped: " MACSTR " -> " MACSTR
2040 " (reason code %u)",
2041 MAC2STR(e->sa), MAC2STR(e->da), e->reason_code);
2042 sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code);
2043 #endif /* CONFIG_IEEE80211W */
2044 }
2047 static void wpa_supplicant_event_unprot_disassoc(struct wpa_supplicant *wpa_s,
2048 struct unprot_disassoc *e)
2049 {
2050 #ifdef CONFIG_IEEE80211W
2051 wpa_printf(MSG_DEBUG, "Unprotected Disassociation frame "
2052 "dropped: " MACSTR " -> " MACSTR
2053 " (reason code %u)",
2054 MAC2STR(e->sa), MAC2STR(e->da), e->reason_code);
2055 sme_event_unprot_disconnect(wpa_s, e->sa, e->da, e->reason_code);
2056 #endif /* CONFIG_IEEE80211W */
2057 }
2060 static void wnm_action_rx(struct wpa_supplicant *wpa_s, struct rx_action *rx)
2061 {
2062 u8 action, mode;
2063 const u8 *pos, *end;
2065 if (rx->data == NULL || rx->len == 0)
2066 return;
2068 pos = rx->data;
2069 end = pos + rx->len;
2070 action = *pos++;
2072 wpa_printf(MSG_DEBUG, "WNM: RX action %u from " MACSTR,
2073 action, MAC2STR(rx->sa));
2074 switch (action) {
2075 case WNM_BSS_TRANS_MGMT_REQ:
2076 if (pos + 5 > end)
2077 break;
2078 wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management "
2079 "Request: dialog_token=%u request_mode=0x%x "
2080 "disassoc_timer=%u validity_interval=%u",
2081 pos[0], pos[1], WPA_GET_LE16(pos + 2), pos[4]);
2082 mode = pos[1];
2083 pos += 5;
2084 if (mode & 0x08)
2085 pos += 12; /* BSS Termination Duration */
2086 if (mode & 0x10) {
2087 char url[256];
2088 if (pos + 1 > end || pos + 1 + pos[0] > end) {
2089 wpa_printf(MSG_DEBUG, "WNM: Invalid BSS "
2090 "Transition Management Request "
2091 "(URL)");
2092 break;
2093 }
2094 os_memcpy(url, pos + 1, pos[0]);
2095 url[pos[0]] = '\0';
2096 wpa_msg(wpa_s, MSG_INFO, "WNM: ESS Disassociation "
2097 "Imminent - session_info_url=%s", url);
2098 }
2099 break;
2100 }
2101 }
2104 void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
2105 union wpa_event_data *data)
2106 {
2107 struct wpa_supplicant *wpa_s = ctx;
2108 u16 reason_code = 0;
2109 int locally_generated = 0;
2111 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED &&
2112 event != EVENT_INTERFACE_ENABLED &&
2113 event != EVENT_INTERFACE_STATUS &&
2114 event != EVENT_SCHED_SCAN_STOPPED) {
2115 wpa_dbg(wpa_s, MSG_DEBUG,
2116 "Ignore event %s (%d) while interface is disabled",
2117 event_to_string(event), event);
2118 return;
2119 }
2121 #ifndef CONFIG_NO_STDOUT_DEBUG
2122 {
2123 int level = MSG_DEBUG;
2125 if (event == EVENT_RX_MGMT && data && data->rx_mgmt.frame &&
2126 data->rx_mgmt.frame_len >= 24) {
2127 const struct ieee80211_hdr *hdr;
2128 u16 fc;
2129 hdr = (const struct ieee80211_hdr *) data->rx_mgmt.frame;
2130 fc = le_to_host16(hdr->frame_control);
2131 if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
2132 WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_BEACON)
2133 level = MSG_EXCESSIVE;
2134 }
2136 wpa_dbg(wpa_s, level, "Event %s (%d) received",
2137 event_to_string(event), event);
2138 }
2139 #endif /* CONFIG_NO_STDOUT_DEBUG */
2141 switch (event) {
2142 case EVENT_AUTH:
2143 sme_event_auth(wpa_s, data);
2144 break;
2145 case EVENT_ASSOC:
2146 wpa_supplicant_event_assoc(wpa_s, data);
2147 break;
2148 case EVENT_DISASSOC:
2149 wpa_dbg(wpa_s, MSG_DEBUG, "Disassociation notification");
2150 if (data) {
2151 wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u%s",
2152 data->disassoc_info.reason_code,
2153 data->disassoc_info.locally_generated ?
2154 " (locally generated)" : "");
2155 if (data->disassoc_info.addr)
2156 wpa_dbg(wpa_s, MSG_DEBUG, " * address " MACSTR,
2157 MAC2STR(data->disassoc_info.addr));
2158 }
2159 #ifdef CONFIG_AP
2160 if (wpa_s->ap_iface && data && data->disassoc_info.addr) {
2161 hostapd_notif_disassoc(wpa_s->ap_iface->bss[0],
2162 data->disassoc_info.addr);
2163 break;
2164 }
2165 if (wpa_s->ap_iface) {
2166 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore disassoc event in "
2167 "AP mode");
2168 break;
2169 }
2170 #endif /* CONFIG_AP */
2171 if (data) {
2172 reason_code = data->disassoc_info.reason_code;
2173 locally_generated =
2174 data->disassoc_info.locally_generated;
2175 wpa_hexdump(MSG_DEBUG, "Disassociation frame IE(s)",
2176 data->disassoc_info.ie,
2177 data->disassoc_info.ie_len);
2178 #ifdef CONFIG_P2P
2179 wpas_p2p_disassoc_notif(
2180 wpa_s, data->disassoc_info.addr, reason_code,
2181 data->disassoc_info.ie,
2182 data->disassoc_info.ie_len);
2183 #endif /* CONFIG_P2P */
2184 }
2185 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
2186 sme_event_disassoc(wpa_s, data);
2187 /* fall through */
2188 case EVENT_DEAUTH:
2189 if (event == EVENT_DEAUTH) {
2190 wpa_dbg(wpa_s, MSG_DEBUG,
2191 "Deauthentication notification");
2192 if (data) {
2193 reason_code = data->deauth_info.reason_code;
2194 locally_generated =
2195 data->deauth_info.locally_generated;
2196 wpa_dbg(wpa_s, MSG_DEBUG, " * reason %u%s",
2197 data->deauth_info.reason_code,
2198 data->deauth_info.locally_generated ?
2199 " (locally generated)" : "");
2200 if (data->deauth_info.addr) {
2201 wpa_dbg(wpa_s, MSG_DEBUG, " * address "
2202 MACSTR,
2203 MAC2STR(data->deauth_info.
2204 addr));
2205 }
2206 wpa_hexdump(MSG_DEBUG,
2207 "Deauthentication frame IE(s)",
2208 data->deauth_info.ie,
2209 data->deauth_info.ie_len);
2210 #ifdef CONFIG_P2P
2211 wpas_p2p_deauth_notif(
2212 wpa_s, data->deauth_info.addr,
2213 reason_code,
2214 data->deauth_info.ie,
2215 data->deauth_info.ie_len);
2216 #endif /* CONFIG_P2P */
2217 }
2218 }
2219 #ifdef CONFIG_AP
2220 if (wpa_s->ap_iface && data && data->deauth_info.addr) {
2221 hostapd_notif_disassoc(wpa_s->ap_iface->bss[0],
2222 data->deauth_info.addr);
2223 break;
2224 }
2225 if (wpa_s->ap_iface) {
2226 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore deauth event in "
2227 "AP mode");
2228 break;
2229 }
2230 #endif /* CONFIG_AP */
2232 if (data->deauth_info.reason_code
2233 == WLAN_REASON_PREV_AUTH_NOT_VALID &&
2234 wpa_s->ignore_deauth_event) {
2235 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore deauth event"
2236 " with reason=2");
2237 wpa_s->ignore_deauth_event = 0;
2238 } else {
2239 wpa_supplicant_event_disassoc(wpa_s,
2240 reason_code,
2241 locally_generated,
2242 data->deauth_info.addr);
2243 }
2244 break;
2245 case EVENT_MICHAEL_MIC_FAILURE:
2246 wpa_supplicant_event_michael_mic_failure(wpa_s, data);
2247 break;
2248 #ifndef CONFIG_NO_SCAN_PROCESSING
2249 case EVENT_SCAN_RESULTS:
2250 wpa_supplicant_event_scan_results(wpa_s, data);
2251 break;
2252 #endif /* CONFIG_NO_SCAN_PROCESSING */
2253 case EVENT_ASSOCINFO:
2254 wpa_supplicant_event_associnfo(wpa_s, data);
2255 break;
2256 case EVENT_INTERFACE_STATUS:
2257 wpa_supplicant_event_interface_status(wpa_s, data);
2258 break;
2259 case EVENT_PMKID_CANDIDATE:
2260 wpa_supplicant_event_pmkid_candidate(wpa_s, data);
2261 break;
2262 #ifdef CONFIG_PEERKEY
2263 case EVENT_STKSTART:
2264 wpa_supplicant_event_stkstart(wpa_s, data);
2265 break;
2266 #endif /* CONFIG_PEERKEY */
2267 #ifdef CONFIG_TDLS
2268 case EVENT_TDLS:
2269 wpa_supplicant_event_tdls(wpa_s, data);
2270 break;
2271 #endif /* CONFIG_TDLS */
2272 #ifdef CONFIG_IEEE80211R
2273 case EVENT_FT_RESPONSE:
2274 wpa_supplicant_event_ft_response(wpa_s, data);
2275 break;
2276 #endif /* CONFIG_IEEE80211R */
2277 #ifdef CONFIG_IBSS_RSN
2278 case EVENT_IBSS_RSN_START:
2279 wpa_supplicant_event_ibss_rsn_start(wpa_s, data);
2280 break;
2281 #endif /* CONFIG_IBSS_RSN */
2282 case EVENT_ASSOC_REJECT:
2283 if (data->assoc_reject.bssid)
2284 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT
2285 "bssid=" MACSTR " status_code=%u",
2286 MAC2STR(data->assoc_reject.bssid),
2287 data->assoc_reject.status_code);
2288 else
2289 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_ASSOC_REJECT
2290 "status_code=%u",
2291 data->assoc_reject.status_code);
2292 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
2293 sme_event_assoc_reject(wpa_s, data);
2294 break;
2295 case EVENT_AUTH_TIMED_OUT:
2296 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
2297 sme_event_auth_timed_out(wpa_s, data);
2298 break;
2299 case EVENT_ASSOC_TIMED_OUT:
2300 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
2301 sme_event_assoc_timed_out(wpa_s, data);
2302 break;
2303 case EVENT_TX_STATUS:
2304 wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS dst=" MACSTR
2305 " type=%d stype=%d",
2306 MAC2STR(data->tx_status.dst),
2307 data->tx_status.type, data->tx_status.stype);
2308 #ifdef CONFIG_AP
2309 if (wpa_s->ap_iface == NULL) {
2310 #ifdef CONFIG_OFFCHANNEL
2311 if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
2312 data->tx_status.stype == WLAN_FC_STYPE_ACTION)
2313 offchannel_send_action_tx_status(
2314 wpa_s, data->tx_status.dst,
2315 data->tx_status.data,
2316 data->tx_status.data_len,
2317 data->tx_status.ack ?
2318 OFFCHANNEL_SEND_ACTION_SUCCESS :
2319 OFFCHANNEL_SEND_ACTION_NO_ACK);
2320 #endif /* CONFIG_OFFCHANNEL */
2321 break;
2322 }
2323 #endif /* CONFIG_AP */
2324 #ifdef CONFIG_OFFCHANNEL
2325 wpa_dbg(wpa_s, MSG_DEBUG, "EVENT_TX_STATUS pending_dst="
2326 MACSTR, MAC2STR(wpa_s->parent->pending_action_dst));
2327 /*
2328 * Catch TX status events for Action frames we sent via group
2329 * interface in GO mode.
2330 */
2331 if (data->tx_status.type == WLAN_FC_TYPE_MGMT &&
2332 data->tx_status.stype == WLAN_FC_STYPE_ACTION &&
2333 os_memcmp(wpa_s->parent->pending_action_dst,
2334 data->tx_status.dst, ETH_ALEN) == 0) {
2335 offchannel_send_action_tx_status(
2336 wpa_s->parent, data->tx_status.dst,
2337 data->tx_status.data,
2338 data->tx_status.data_len,
2339 data->tx_status.ack ?
2340 OFFCHANNEL_SEND_ACTION_SUCCESS :
2341 OFFCHANNEL_SEND_ACTION_NO_ACK);
2342 break;
2343 }
2344 #endif /* CONFIG_OFFCHANNEL */
2345 #ifdef CONFIG_AP
2346 switch (data->tx_status.type) {
2347 case WLAN_FC_TYPE_MGMT:
2348 ap_mgmt_tx_cb(wpa_s, data->tx_status.data,
2349 data->tx_status.data_len,
2350 data->tx_status.stype,
2351 data->tx_status.ack);
2352 break;
2353 case WLAN_FC_TYPE_DATA:
2354 ap_tx_status(wpa_s, data->tx_status.dst,
2355 data->tx_status.data,
2356 data->tx_status.data_len,
2357 data->tx_status.ack);
2358 break;
2359 }
2360 #endif /* CONFIG_AP */
2361 break;
2362 #ifdef CONFIG_AP
2363 case EVENT_EAPOL_TX_STATUS:
2364 ap_eapol_tx_status(wpa_s, data->eapol_tx_status.dst,
2365 data->eapol_tx_status.data,
2366 data->eapol_tx_status.data_len,
2367 data->eapol_tx_status.ack);
2368 break;
2369 case EVENT_DRIVER_CLIENT_POLL_OK:
2370 ap_client_poll_ok(wpa_s, data->client_poll.addr);
2371 break;
2372 case EVENT_RX_FROM_UNKNOWN:
2373 if (wpa_s->ap_iface == NULL)
2374 break;
2375 ap_rx_from_unknown_sta(wpa_s, data->rx_from_unknown.addr,
2376 data->rx_from_unknown.wds);
2377 break;
2378 case EVENT_RX_MGMT:
2379 if (wpa_s->ap_iface == NULL) {
2380 #ifdef CONFIG_P2P
2381 u16 fc, stype;
2382 const struct ieee80211_mgmt *mgmt;
2383 mgmt = (const struct ieee80211_mgmt *)
2384 data->rx_mgmt.frame;
2385 fc = le_to_host16(mgmt->frame_control);
2386 stype = WLAN_FC_GET_STYPE(fc);
2387 if (stype == WLAN_FC_STYPE_PROBE_REQ &&
2388 data->rx_mgmt.frame_len > 24) {
2389 const u8 *src = mgmt->sa;
2390 const u8 *ie = mgmt->u.probe_req.variable;
2391 size_t ie_len = data->rx_mgmt.frame_len -
2392 (mgmt->u.probe_req.variable -
2393 data->rx_mgmt.frame);
2394 wpas_p2p_probe_req_rx(wpa_s, src, mgmt->da,
2395 mgmt->bssid, ie, ie_len);
2396 break;
2397 }
2398 #endif /* CONFIG_P2P */
2399 wpa_dbg(wpa_s, MSG_DEBUG, "AP: ignore received "
2400 "management frame in non-AP mode");
2401 break;
2402 }
2403 ap_mgmt_rx(wpa_s, &data->rx_mgmt);
2404 break;
2405 #endif /* CONFIG_AP */
2406 case EVENT_RX_ACTION:
2407 wpa_dbg(wpa_s, MSG_DEBUG, "Received Action frame: SA=" MACSTR
2408 " Category=%u DataLen=%d freq=%d MHz",
2409 MAC2STR(data->rx_action.sa),
2410 data->rx_action.category, (int) data->rx_action.len,
2411 data->rx_action.freq);
2412 #ifdef CONFIG_IEEE80211R
2413 if (data->rx_action.category == WLAN_ACTION_FT) {
2414 ft_rx_action(wpa_s, data->rx_action.data,
2415 data->rx_action.len);
2416 break;
2417 }
2418 #endif /* CONFIG_IEEE80211R */
2419 #ifdef CONFIG_IEEE80211W
2420 #ifdef CONFIG_SME
2421 if (data->rx_action.category == WLAN_ACTION_SA_QUERY) {
2422 sme_sa_query_rx(wpa_s, data->rx_action.sa,
2423 data->rx_action.data,
2424 data->rx_action.len);
2425 break;
2426 }
2427 #endif /* CONFIG_SME */
2428 #endif /* CONFIG_IEEE80211W */
2429 #ifdef CONFIG_GAS
2430 if (data->rx_action.category == WLAN_ACTION_PUBLIC &&
2431 gas_query_rx(wpa_s->gas, data->rx_action.da,
2432 data->rx_action.sa, data->rx_action.bssid,
2433 data->rx_action.data, data->rx_action.len,
2434 data->rx_action.freq) == 0)
2435 break;
2436 #endif /* CONFIG_GAS */
2437 if (data->rx_action.category == WLAN_ACTION_WNM) {
2438 wnm_action_rx(wpa_s, &data->rx_action);
2439 break;
2440 }
2441 #ifdef CONFIG_TDLS
2442 if (data->rx_action.category == WLAN_ACTION_PUBLIC &&
2443 data->rx_action.len >= 4 &&
2444 data->rx_action.data[0] == WLAN_TDLS_DISCOVERY_RESPONSE) {
2445 wpa_dbg(wpa_s, MSG_DEBUG, "TDLS: Received Discovery "
2446 "Response from " MACSTR,
2447 MAC2STR(data->rx_action.sa));
2448 break;
2449 }
2450 #endif /* CONFIG_TDLS */
2451 #ifdef CONFIG_P2P
2452 wpas_p2p_rx_action(wpa_s, data->rx_action.da,
2453 data->rx_action.sa,
2454 data->rx_action.bssid,
2455 data->rx_action.category,
2456 data->rx_action.data,
2457 data->rx_action.len, data->rx_action.freq);
2458 #endif /* CONFIG_P2P */
2459 break;
2460 case EVENT_RX_PROBE_REQ:
2461 if (data->rx_probe_req.sa == NULL ||
2462 data->rx_probe_req.ie == NULL)
2463 break;
2464 #ifdef CONFIG_AP
2465 if (wpa_s->ap_iface) {
2466 hostapd_probe_req_rx(wpa_s->ap_iface->bss[0],
2467 data->rx_probe_req.sa,
2468 data->rx_probe_req.da,
2469 data->rx_probe_req.bssid,
2470 data->rx_probe_req.ie,
2471 data->rx_probe_req.ie_len);
2472 break;
2473 }
2474 #endif /* CONFIG_AP */
2475 #ifdef CONFIG_P2P
2476 wpas_p2p_probe_req_rx(wpa_s, data->rx_probe_req.sa,
2477 data->rx_probe_req.da,
2478 data->rx_probe_req.bssid,
2479 data->rx_probe_req.ie,
2480 data->rx_probe_req.ie_len);
2481 #endif /* CONFIG_P2P */
2482 break;
2483 case EVENT_REMAIN_ON_CHANNEL:
2484 #ifdef CONFIG_OFFCHANNEL
2485 offchannel_remain_on_channel_cb(
2486 wpa_s, data->remain_on_channel.freq,
2487 data->remain_on_channel.duration);
2488 #endif /* CONFIG_OFFCHANNEL */
2489 #ifdef CONFIG_P2P
2490 wpas_p2p_remain_on_channel_cb(
2491 wpa_s, data->remain_on_channel.freq,
2492 data->remain_on_channel.duration);
2493 #endif /* CONFIG_P2P */
2494 break;
2495 case EVENT_CANCEL_REMAIN_ON_CHANNEL:
2496 #ifdef CONFIG_OFFCHANNEL
2497 offchannel_cancel_remain_on_channel_cb(
2498 wpa_s, data->remain_on_channel.freq);
2499 #endif /* CONFIG_OFFCHANNEL */
2500 #ifdef CONFIG_P2P
2501 wpas_p2p_cancel_remain_on_channel_cb(
2502 wpa_s, data->remain_on_channel.freq);
2503 #endif /* CONFIG_P2P */
2504 break;
2505 #ifdef CONFIG_P2P
2506 case EVENT_P2P_DEV_FOUND: {
2507 struct p2p_peer_info peer_info;
2509 os_memset(&peer_info, 0, sizeof(peer_info));
2510 if (data->p2p_dev_found.dev_addr)
2511 os_memcpy(peer_info.p2p_device_addr,
2512 data->p2p_dev_found.dev_addr, ETH_ALEN);
2513 if (data->p2p_dev_found.pri_dev_type)
2514 os_memcpy(peer_info.pri_dev_type,
2515 data->p2p_dev_found.pri_dev_type,
2516 sizeof(peer_info.pri_dev_type));
2517 if (data->p2p_dev_found.dev_name)
2518 os_strlcpy(peer_info.device_name,
2519 data->p2p_dev_found.dev_name,
2520 sizeof(peer_info.device_name));
2521 peer_info.config_methods = data->p2p_dev_found.config_methods;
2522 peer_info.dev_capab = data->p2p_dev_found.dev_capab;
2523 peer_info.group_capab = data->p2p_dev_found.group_capab;
2525 /*
2526 * FIX: new_device=1 is not necessarily correct. We should
2527 * maintain a P2P peer database in wpa_supplicant and update
2528 * this information based on whether the peer is truly new.
2529 */
2530 wpas_dev_found(wpa_s, data->p2p_dev_found.addr, &peer_info, 1);
2531 break;
2532 }
2533 case EVENT_P2P_GO_NEG_REQ_RX:
2534 wpas_go_neg_req_rx(wpa_s, data->p2p_go_neg_req_rx.src,
2535 data->p2p_go_neg_req_rx.dev_passwd_id);
2536 break;
2537 case EVENT_P2P_GO_NEG_COMPLETED:
2538 wpas_go_neg_completed(wpa_s, data->p2p_go_neg_completed.res);
2539 break;
2540 case EVENT_P2P_PROV_DISC_REQUEST:
2541 wpas_prov_disc_req(wpa_s, data->p2p_prov_disc_req.peer,
2542 data->p2p_prov_disc_req.config_methods,
2543 data->p2p_prov_disc_req.dev_addr,
2544 data->p2p_prov_disc_req.pri_dev_type,
2545 data->p2p_prov_disc_req.dev_name,
2546 data->p2p_prov_disc_req.supp_config_methods,
2547 data->p2p_prov_disc_req.dev_capab,
2548 data->p2p_prov_disc_req.group_capab,
2549 NULL, 0);
2550 break;
2551 case EVENT_P2P_PROV_DISC_RESPONSE:
2552 wpas_prov_disc_resp(wpa_s, data->p2p_prov_disc_resp.peer,
2553 data->p2p_prov_disc_resp.config_methods);
2554 break;
2555 case EVENT_P2P_SD_REQUEST:
2556 wpas_sd_request(wpa_s, data->p2p_sd_req.freq,
2557 data->p2p_sd_req.sa,
2558 data->p2p_sd_req.dialog_token,
2559 data->p2p_sd_req.update_indic,
2560 data->p2p_sd_req.tlvs,
2561 data->p2p_sd_req.tlvs_len);
2562 break;
2563 case EVENT_P2P_SD_RESPONSE:
2564 wpas_sd_response(wpa_s, data->p2p_sd_resp.sa,
2565 data->p2p_sd_resp.update_indic,
2566 data->p2p_sd_resp.tlvs,
2567 data->p2p_sd_resp.tlvs_len);
2568 break;
2569 #endif /* CONFIG_P2P */
2570 case EVENT_EAPOL_RX:
2571 wpa_supplicant_rx_eapol(wpa_s, data->eapol_rx.src,
2572 data->eapol_rx.data,
2573 data->eapol_rx.data_len);
2574 break;
2575 case EVENT_SIGNAL_CHANGE:
2576 bgscan_notify_signal_change(
2577 wpa_s, data->signal_change.above_threshold,
2578 data->signal_change.current_signal,
2579 data->signal_change.current_noise,
2580 data->signal_change.current_txrate);
2581 break;
2582 case EVENT_ROAMING_ENABLED:
2583 wpa_supplicant_enable_roaming(wpa_s);
2584 break;
2585 case EVENT_ROAMING_DISABLED:
2586 wpa_supplicant_disable_roaming(wpa_s);
2587 break;
2589 case EVENT_START_ROAMING:
2590 if (!is_zero_ether_addr(wpa_s->bssid)) {
2591 wpa_s->roaming = 1;
2592 bgscan_notify_beacon_loss(wpa_s);
2593 }
2594 break;
2596 case EVENT_INTERFACE_ENABLED:
2597 wpa_dbg(wpa_s, MSG_DEBUG, "Interface was enabled");
2598 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
2599 wpa_supplicant_update_mac_addr(wpa_s);
2600 #ifdef CONFIG_AP
2601 if (!wpa_s->ap_iface) {
2602 wpa_supplicant_set_state(wpa_s,
2603 WPA_DISCONNECTED);
2604 wpa_supplicant_req_scan(wpa_s, 0, 0);
2605 } else
2606 wpa_supplicant_set_state(wpa_s,
2607 WPA_COMPLETED);
2608 #else /* CONFIG_AP */
2609 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2610 wpa_supplicant_req_scan(wpa_s, 0, 0);
2611 #endif /* CONFIG_AP */
2612 }
2613 break;
2614 case EVENT_INTERFACE_DISABLED:
2615 wpa_dbg(wpa_s, MSG_DEBUG, "Interface was disabled");
2616 wpa_supplicant_mark_disassoc(wpa_s);
2617 wpa_supplicant_set_state(wpa_s, WPA_INTERFACE_DISABLED);
2618 break;
2619 case EVENT_CHANNEL_LIST_CHANGED:
2620 if (wpa_s->drv_priv == NULL)
2621 break; /* Ignore event during drv initialization */
2623 free_hw_features(wpa_s);
2624 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(
2625 wpa_s, &wpa_s->hw.num_modes, &wpa_s->hw.flags);
2627 #ifdef CONFIG_P2P
2628 wpas_p2p_update_channel_list(wpa_s);
2629 #endif /* CONFIG_P2P */
2630 break;
2631 case EVENT_INTERFACE_UNAVAILABLE:
2632 #ifdef CONFIG_P2P
2633 wpas_p2p_interface_unavailable(wpa_s);
2634 #endif /* CONFIG_P2P */
2635 break;
2636 case EVENT_BEST_CHANNEL:
2637 wpa_dbg(wpa_s, MSG_DEBUG, "Best channel event received "
2638 "(%d %d %d)",
2639 data->best_chan.freq_24, data->best_chan.freq_5,
2640 data->best_chan.freq_overall);
2641 wpa_s->best_24_freq = data->best_chan.freq_24;
2642 wpa_s->best_5_freq = data->best_chan.freq_5;
2643 wpa_s->best_overall_freq = data->best_chan.freq_overall;
2644 #ifdef CONFIG_P2P
2645 wpas_p2p_update_best_channels(wpa_s, data->best_chan.freq_24,
2646 data->best_chan.freq_5,
2647 data->best_chan.freq_overall);
2648 #endif /* CONFIG_P2P */
2649 break;
2650 case EVENT_UNPROT_DEAUTH:
2651 wpa_supplicant_event_unprot_deauth(wpa_s,
2652 &data->unprot_deauth);
2653 break;
2654 case EVENT_UNPROT_DISASSOC:
2655 wpa_supplicant_event_unprot_disassoc(wpa_s,
2656 &data->unprot_disassoc);
2657 break;
2658 case EVENT_STATION_LOW_ACK:
2659 #ifdef CONFIG_AP
2660 if (wpa_s->ap_iface && data)
2661 hostapd_event_sta_low_ack(wpa_s->ap_iface->bss[0],
2662 data->low_ack.addr);
2663 #endif /* CONFIG_AP */
2664 #ifdef CONFIG_TDLS
2665 if (data)
2666 wpa_tdls_disable_link(wpa_s->wpa, data->low_ack.addr);
2667 #endif /* CONFIG_TDLS */
2668 break;
2669 case EVENT_IBSS_PEER_LOST:
2670 #ifdef CONFIG_IBSS_RSN
2671 ibss_rsn_stop(wpa_s->ibss_rsn, data->ibss_peer_lost.peer);
2672 #endif /* CONFIG_IBSS_RSN */
2673 break;
2674 case EVENT_DRIVER_GTK_REKEY:
2675 if (os_memcmp(data->driver_gtk_rekey.bssid,
2676 wpa_s->bssid, ETH_ALEN))
2677 break;
2678 if (!wpa_s->wpa)
2679 break;
2680 wpa_sm_update_replay_ctr(wpa_s->wpa,
2681 data->driver_gtk_rekey.replay_ctr);
2682 break;
2683 case EVENT_SCHED_SCAN_STOPPED:
2684 wpa_s->sched_scanning = 0;
2686 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
2687 break;
2689 /*
2690 * If we timed out, start a new sched scan to continue
2691 * searching for more SSIDs.
2692 */
2693 if (wpa_s->override_sched_scan) {
2694 if (wpa_supplicant_req_sched_scan(wpa_s))
2695 wpa_supplicant_req_new_scan(wpa_s,
2696 wpa_s->scan_interval, 0);
2697 }
2698 break;
2699 case EVENT_WPS_BUTTON_PUSHED:
2700 #ifdef CONFIG_WPS
2701 wpas_wps_start_pbc(wpa_s, NULL, 0);
2702 #endif /* CONFIG_WPS */
2703 break;
2704 default:
2705 wpa_msg(wpa_s, MSG_INFO, "Unknown event %d", event);
2706 break;
2707 }
2708 }