Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d6c9d4740b
Branches Tags
krackattacks
/
hostapd
/
sta_info.c

sta_info.c 19 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688 
  1. /*
    2. 

  2.  * hostapd / Station table
    3. 

  3.  * Copyright (c) 2002-2008, Jouni Malinen <j@w1.fi>
    4. 

  4.  * Copyright (c) 2007-2008, Intel Corporation
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License version 2 as
    8. 

  8.  * published by the Free Software Foundation.
    9. 

  9.  *
    10. 

  10.  * Alternatively, this software may be distributed under the terms of BSD
    11. 

  11.  * license.
    12. 

  12.  *
    13. 

  13.  * See README and COPYING for more details.
    14. 

  14.  */
    15. 

  15. 

  16. #include "includes.h"
    17. 

  17. 

  18. #include "hostapd.h"
    19. 

  19. #include "sta_info.h"
    20. 

  20. #include "eloop.h"
    21. 

  21. #include "accounting.h"
    22. 

  22. #include "ieee802_1x.h"
    23. 

  23. #include "ieee802_11.h"
    24. 

  24. #include "radius/radius.h"
    25. 

  25. #include "wpa.h"
    26. 

  26. #include "preauth.h"
    27. 

  27. #include "radius/radius_client.h"
    28. 

  28. #include "driver.h"
    29. 

  29. #include "beacon.h"
    30. 

  30. #include "hw_features.h"
    31. 

  31. #include "mlme.h"
    32. 

  32. #include "vlan_init.h"
    33. 

  33. 

  34. static int ap_sta_in_other_bss(struct hostapd_data *hapd,
    35. 

  35. 			       struct sta_info *sta, u32 flags);
    36. 

  36. static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
    37. 

  37. #ifdef CONFIG_IEEE80211W
    38. 

  38. static void ap_ping_timer(void *eloop_ctx, void *timeout_ctx);
    39. 

  39. #endif /* CONFIG_IEEE80211W */
    40. 

  40. 

  41. int ap_for_each_sta(struct hostapd_data *hapd,
    42. 

  42. 		    int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
    43. 

  43. 			      void *ctx),
    44. 

  44. 		    void *ctx)
    45. 

  45. {
    46. 

  46. 	struct sta_info *sta;
    47. 

  47. 

  48. 	for (sta = hapd->sta_list; sta; sta = sta->next) {
    49. 

  49. 		if (cb(hapd, sta, ctx))
    50. 

  50. 			return 1;
    51. 

  51. 	}
    52. 

  52. 

  53. 	return 0;
    54. 

  54. }
    55. 

  55. 

  56. 

  57. struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
    58. 

  58. {
    59. 

  59. 	struct sta_info *s;
    60. 

  60. 

  61. 	s = hapd->sta_hash[STA_HASH(sta)];
    62. 

  62. 	while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
    63. 

  63. 		s = s->hnext;
    64. 

  64. 	return s;
    65. 

  65. }
    66. 

  66. 

  67. 

  68. static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
    69. 

  69. {
    70. 

  70. 	struct sta_info *tmp;
    71. 

  71. 

  72. 	if (hapd->sta_list == sta) {
    73. 

  73. 		hapd->sta_list = sta->next;
    74. 

  74. 		return;
    75. 

  75. 	}
    76. 

  76. 

  77. 	tmp = hapd->sta_list;
    78. 

  78. 	while (tmp != NULL && tmp->next != sta)
    79. 

  79. 		tmp = tmp->next;
    80. 

  80. 	if (tmp == NULL) {
    81. 

  81. 		wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
    82. 

  82. 			   "list.", MAC2STR(sta->addr));
    83. 

  83. 	} else
    84. 

  84. 		tmp->next = sta->next;
    85. 

  85. }
    86. 

  86. 

  87. 

  88. void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
    89. 

  89. {
    90. 

  90. 	sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
    91. 

  91. 	hapd->sta_hash[STA_HASH(sta->addr)] = sta;
    92. 

  92. }
    93. 

  93. 

  94. 

  95. static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
    96. 

  96. {
    97. 

  97. 	struct sta_info *s;
    98. 

  98. 

  99. 	s = hapd->sta_hash[STA_HASH(sta->addr)];
    100. 

  100. 	if (s == NULL) return;
    101. 

  101. 	if (os_memcmp(s->addr, sta->addr, 6) == 0) {
    102. 

  102. 		hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
    103. 

  103. 		return;
    104. 

  104. 	}
    105. 

  105. 

  106. 	while (s->hnext != NULL &&
    107. 

  107. 	       os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
    108. 

  108. 		s = s->hnext;
    109. 

  109. 	if (s->hnext != NULL)
    110. 

  110. 		s->hnext = s->hnext->hnext;
    111. 

  111. 	else
    112. 

  112. 		wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
    113. 

  113. 			   " from hash table", MAC2STR(sta->addr));
    114. 

  114. }
    115. 

  115. 

  116. 

  117. void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
    118. 

  118. {
    119. 

  119. 	int set_beacon = 0;
    120. 

  120. 

  121. 	accounting_sta_stop(hapd, sta);
    122. 

  122. 

  123. 	if (!ap_sta_in_other_bss(hapd, sta, WLAN_STA_ASSOC) &&
    124. 

  124. 	    !(sta->flags & WLAN_STA_PREAUTH))
    125. 

  125. 		hostapd_sta_remove(hapd, sta->addr);
    126. 

  126. 

  127. 	ap_sta_hash_del(hapd, sta);
    128. 

  128. 	ap_sta_list_del(hapd, sta);
    129. 

  129. 

  130. 	if (sta->aid > 0)
    131. 

  131. 		hapd->sta_aid[sta->aid - 1] = NULL;
    132. 

  132. 

  133. 	hapd->num_sta--;
    134. 

  134. 	if (sta->nonerp_set) {
    135. 

  135. 		sta->nonerp_set = 0;
    136. 

  136. 		hapd->iface->num_sta_non_erp--;
    137. 

  137. 		if (hapd->iface->num_sta_non_erp == 0)
    138. 

  138. 			set_beacon++;
    139. 

  139. 	}
    140. 

  140. 

  141. 	if (sta->no_short_slot_time_set) {
    142. 

  142. 		sta->no_short_slot_time_set = 0;
    143. 

  143. 		hapd->iface->num_sta_no_short_slot_time--;
    144. 

  144. 		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
    145. 

  145. 		    && hapd->iface->num_sta_no_short_slot_time == 0)
    146. 

  146. 			set_beacon++;
    147. 

  147. 	}
    148. 

  148. 

  149. 	if (sta->no_short_preamble_set) {
    150. 

  150. 		sta->no_short_preamble_set = 0;
    151. 

  151. 		hapd->iface->num_sta_no_short_preamble--;
    152. 

  152. 		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
    153. 

  153. 		    && hapd->iface->num_sta_no_short_preamble == 0)
    154. 

  154. 			set_beacon++;
    155. 

  155. 	}
    156. 

  156. 

  157. #ifdef CONFIG_IEEE80211N
    158. 

  158. 	if (sta->flags & WLAN_STA_HT) {
    159. 

  159. 		u16 ht_capab = le_to_host16(
    160. 

  160. 			sta->ht_capabilities.data.capabilities_info);
    161. 

  161. 		if ((ht_capab & HT_CAP_INFO_GREEN_FIELD) == 0)
    162. 

  162. 			hapd->iface->num_sta_ht_no_gf--;
    163. 

  163. 		if ((ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET) == 0)
    164. 

  164. 			hapd->iface->num_sta_ht_20mhz--;
    165. 

  165. 	} else
    166. 

  166. 		hapd->iface->num_sta_no_ht--;
    167. 

  167. 

  168. 	if (hostapd_ht_operation_update(hapd->iface) > 0)
    169. 

  169. 		set_beacon++;
    170. 

  170. #endif /* CONFIG_IEEE80211N */
    171. 

  171. 

  172. 	if (set_beacon)
    173. 

  173. 		ieee802_11_set_beacons(hapd->iface);
    174. 

  174. 

  175. 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
    176. 

  176. 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
    177. 

  177. 

  178. 	ieee802_1x_free_station(sta);
    179. 

  179. 	wpa_auth_sta_deinit(sta->wpa_sm);
    180. 

  180. 	rsn_preauth_free_station(hapd, sta);
    181. 

  181. 	radius_client_flush_auth(hapd->radius, sta->addr);
    182. 

  182. 

  183. 	os_free(sta->last_assoc_req);
    184. 

  184. 	os_free(sta->challenge);
    185. 

  185. 

  186. #ifdef CONFIG_IEEE80211W
    187. 

  187. 	os_free(sta->ping_trans_id);
    188. 

  188. 	eloop_cancel_timeout(ap_ping_timer, hapd, sta);
    189. 

  189. #endif /* CONFIG_IEEE80211W */
    190. 

  190. 

  191. 	os_free(sta);
    192. 

  192. }
    193. 

  193. 

  194. 

  195. void hostapd_free_stas(struct hostapd_data *hapd)
    196. 

  196. {
    197. 

  197. 	struct sta_info *sta, *prev;
    198. 

  198. 

  199. 	sta = hapd->sta_list;
    200. 

  200. 

  201. 	while (sta) {
    202. 

  202. 		prev = sta;
    203. 

  203. 		if (sta->flags & WLAN_STA_AUTH) {
    204. 

  204. 			mlme_deauthenticate_indication(
    205. 

  205. 				hapd, sta, WLAN_REASON_UNSPECIFIED);
    206. 

  206. 		}
    207. 

  207. 		sta = sta->next;
    208. 

  208. 		wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
    209. 

  209. 			   MAC2STR(prev->addr));
    210. 

  210. 		ap_free_sta(hapd, prev);
    211. 

  211. 	}
    212. 

  212. }
    213. 

  213. 

  214. 

  215. void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
    216. 

  216. {
    217. 

  217. 	struct hostapd_data *hapd = eloop_ctx;
    218. 

  218. 	struct sta_info *sta = timeout_ctx;
    219. 

  219. 	unsigned long next_time = 0;
    220. 

  220. 

  221. 	if (sta->timeout_next == STA_REMOVE) {
    222. 

  222. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    223. 

  223. 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
    224. 

  224. 			       "local deauth request");
    225. 

  225. 		ap_free_sta(hapd, sta);
    226. 

  226. 		return;
    227. 

  227. 	}
    228. 

  228. 

  229. 	if ((sta->flags & WLAN_STA_ASSOC) &&
    230. 

  230. 	    (sta->timeout_next == STA_NULLFUNC ||
    231. 

  231. 	     sta->timeout_next == STA_DISASSOC)) {
    232. 

  232. 		int inactive_sec;
    233. 

  233. 		wpa_printf(MSG_DEBUG, "Checking STA " MACSTR " inactivity:",
    234. 

  234. 			   MAC2STR(sta->addr));
    235. 

  235. 		inactive_sec = hostapd_get_inact_sec(hapd, sta->addr);
    236. 

  236. 		if (inactive_sec == -1) {
    237. 

  237. 			wpa_printf(MSG_DEBUG, "Could not get station info "
    238. 

  238. 				   "from kernel driver for " MACSTR ".",
    239. 

  239. 				   MAC2STR(sta->addr));
    240. 

  240. 		} else if (inactive_sec < hapd->conf->ap_max_inactivity &&
    241. 

  241. 			   sta->flags & WLAN_STA_ASSOC) {
    242. 

  242. 			/* station activity detected; reset timeout state */
    243. 

  243. 			wpa_printf(MSG_DEBUG, "  Station has been active");
    244. 

  244. 			sta->timeout_next = STA_NULLFUNC;
    245. 

  245. 			next_time = hapd->conf->ap_max_inactivity -
    246. 

  246. 				inactive_sec;
    247. 

  247. 		}
    248. 

  248. 	}
    249. 

  249. 

  250. 	if ((sta->flags & WLAN_STA_ASSOC) &&
    251. 

  251. 	    sta->timeout_next == STA_DISASSOC &&
    252. 

  252. 	    !(sta->flags & WLAN_STA_PENDING_POLL)) {
    253. 

  253. 		wpa_printf(MSG_DEBUG, "  Station has ACKed data poll");
    254. 

  254. 		/* data nullfunc frame poll did not produce TX errors; assume
    255. 

  255. 		 * station ACKed it */
    256. 

  256. 		sta->timeout_next = STA_NULLFUNC;
    257. 

  257. 		next_time = hapd->conf->ap_max_inactivity;
    258. 

  258. 	}
    259. 

  259. 

  260. 	if (next_time) {
    261. 

  261. 		eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
    262. 

  262. 				       sta);
    263. 

  263. 		return;
    264. 

  264. 	}
    265. 

  265. 

  266. 	if (sta->timeout_next == STA_NULLFUNC &&
    267. 

  267. 	    (sta->flags & WLAN_STA_ASSOC)) {
    268. 

  268. 		/* send data frame to poll STA and check whether this frame
    269. 

  269. 		 * is ACKed */
    270. 

  270. 		struct ieee80211_hdr hdr;
    271. 

  271. 

  272. 		wpa_printf(MSG_DEBUG, "  Polling STA with data frame");
    273. 

  273. 		sta->flags |= WLAN_STA_PENDING_POLL;
    274. 

  274. 

  275. #ifndef CONFIG_NATIVE_WINDOWS
    276. 

  276. 		/* FIX: WLAN_FC_STYPE_NULLFUNC would be more appropriate, but
    277. 

  277. 		 * it is apparently not retried so TX Exc events are not
    278. 

  278. 		 * received for it */
    279. 

  279. 		os_memset(&hdr, 0, sizeof(hdr));
    280. 

  280. 		hdr.frame_control =
    281. 

  281. 			IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
    282. 

  282. 		hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
    283. 

  283. 		os_memcpy(hdr.IEEE80211_DA_FROMDS, sta->addr, ETH_ALEN);
    284. 

  284. 		os_memcpy(hdr.IEEE80211_BSSID_FROMDS, hapd->own_addr,
    285. 

  285. 			  ETH_ALEN);
    286. 

  286. 		os_memcpy(hdr.IEEE80211_SA_FROMDS, hapd->own_addr, ETH_ALEN);
    287. 

  287. 

  288. 		if (hostapd_send_mgmt_frame(hapd, &hdr, sizeof(hdr), 0) < 0)
    289. 

  289. 			perror("ap_handle_timer: send");
    290. 

  290. #endif /* CONFIG_NATIVE_WINDOWS */
    291. 

  291. 	} else if (sta->timeout_next != STA_REMOVE) {
    292. 

  292. 		int deauth = sta->timeout_next == STA_DEAUTH;
    293. 

  293. 

  294. 		wpa_printf(MSG_DEBUG, "Sending %s info to STA " MACSTR,
    295. 

  295. 			   deauth ? "deauthentication" : "disassociation",
    296. 

  296. 			   MAC2STR(sta->addr));
    297. 

  297. 

  298. 		if (deauth) {
    299. 

  299. 			hostapd_sta_deauth(hapd, sta->addr,
    300. 

  300. 					   WLAN_REASON_PREV_AUTH_NOT_VALID);
    301. 

  301. 		} else {
    302. 

  302. 			hostapd_sta_disassoc(
    303. 

  303. 				hapd, sta->addr,
    304. 

  304. 				WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
    305. 

  305. 		}
    306. 

  306. 	}
    307. 

  307. 

  308. 	switch (sta->timeout_next) {
    309. 

  309. 	case STA_NULLFUNC:
    310. 

  310. 		sta->timeout_next = STA_DISASSOC;
    311. 

  311. 		eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
    312. 

  312. 				       hapd, sta);
    313. 

  313. 		break;
    314. 

  314. 	case STA_DISASSOC:
    315. 

  315. 		sta->flags &= ~WLAN_STA_ASSOC;
    316. 

  316. 		ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
    317. 

  317. 		if (!sta->acct_terminate_cause)
    318. 

  318. 			sta->acct_terminate_cause =
    319. 

  319. 				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
    320. 

  320. 		accounting_sta_stop(hapd, sta);
    321. 

  321. 		ieee802_1x_free_station(sta);
    322. 

  322. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    323. 

  323. 			       HOSTAPD_LEVEL_INFO, "disassociated due to "
    324. 

  324. 			       "inactivity");
    325. 

  325. 		sta->timeout_next = STA_DEAUTH;
    326. 

  326. 		eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
    327. 

  327. 				       hapd, sta);
    328. 

  328. 		mlme_disassociate_indication(
    329. 

  329. 			hapd, sta, WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
    330. 

  330. 		break;
    331. 

  331. 	case STA_DEAUTH:
    332. 

  332. 	case STA_REMOVE:
    333. 

  333. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    334. 

  334. 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
    335. 

  335. 			       "inactivity");
    336. 

  336. 		if (!sta->acct_terminate_cause)
    337. 

  337. 			sta->acct_terminate_cause =
    338. 

  338. 				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
    339. 

  339. 		mlme_deauthenticate_indication(
    340. 

  340. 			hapd, sta,
    341. 

  341. 			WLAN_REASON_PREV_AUTH_NOT_VALID);
    342. 

  342. 		ap_free_sta(hapd, sta);
    343. 

  343. 		break;
    344. 

  344. 	}
    345. 

  345. }
    346. 

  346. 

  347. 

  348. static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
    349. 

  349. {
    350. 

  350. 	struct hostapd_data *hapd = eloop_ctx;
    351. 

  351. 	struct sta_info *sta = timeout_ctx;
    352. 

  352. 	u8 addr[ETH_ALEN];
    353. 

  353. 

  354. 	if (!(sta->flags & WLAN_STA_AUTH))
    355. 

  355. 		return;
    356. 

  356. 

  357. 	mlme_deauthenticate_indication(hapd, sta,
    358. 

  358. 				       WLAN_REASON_PREV_AUTH_NOT_VALID);
    359. 

  359. 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    360. 

  360. 		       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
    361. 

  361. 		       "session timeout");
    362. 

  362. 	sta->acct_terminate_cause =
    363. 

  363. 		RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
    364. 

  364. 	os_memcpy(addr, sta->addr, ETH_ALEN);
    365. 

  365. 	ap_free_sta(hapd, sta);
    366. 

  366. 	hostapd_sta_deauth(hapd, addr, WLAN_REASON_PREV_AUTH_NOT_VALID);
    367. 

  367. }
    368. 

  368. 

  369. 

  370. void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
    371. 

  371. 			    u32 session_timeout)
    372. 

  372. {
    373. 

  373. 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    374. 

  374. 		       HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
    375. 

  375. 		       "seconds", session_timeout);
    376. 

  376. 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
    377. 

  377. 	eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
    378. 

  378. 			       hapd, sta);
    379. 

  379. }
    380. 

  380. 

  381. 

  382. void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
    383. 

  383. {
    384. 

  384. 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
    385. 

  385. }
    386. 

  386. 

  387. 

  388. struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
    389. 

  389. {
    390. 

  390. 	struct sta_info *sta;
    391. 

  391. 

  392. 	sta = ap_get_sta(hapd, addr);
    393. 

  393. 	if (sta)
    394. 

  394. 		return sta;
    395. 

  395. 

  396. 	wpa_printf(MSG_DEBUG, "  New STA");
    397. 

  397. 	if (hapd->num_sta >= hapd->conf->max_num_sta) {
    398. 

  398. 		/* FIX: might try to remove some old STAs first? */
    399. 

  399. 		wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
    400. 

  400. 			   hapd->num_sta, hapd->conf->max_num_sta);
    401. 

  401. 		return NULL;
    402. 

  402. 	}
    403. 

  403. 

  404. 	sta = os_zalloc(sizeof(struct sta_info));
    405. 

  405. 	if (sta == NULL) {
    406. 

  406. 		wpa_printf(MSG_ERROR, "malloc failed");
    407. 

  407. 		return NULL;
    408. 

  408. 	}
    409. 

  409. 	sta->acct_interim_interval = hapd->conf->radius->acct_interim_interval;
    410. 

  410. 

  411. 	/* initialize STA info data */
    412. 

  412. 	eloop_register_timeout(hapd->conf->ap_max_inactivity, 0,
    413. 

  413. 			       ap_handle_timer, hapd, sta);
    414. 

  414. 	os_memcpy(sta->addr, addr, ETH_ALEN);
    415. 

  415. 	sta->next = hapd->sta_list;
    416. 

  416. 	hapd->sta_list = sta;
    417. 

  417. 	hapd->num_sta++;
    418. 

  418. 	ap_sta_hash_add(hapd, sta);
    419. 

  419. 	sta->ssid = &hapd->conf->ssid;
    420. 

  420. 

  421. 	return sta;
    422. 

  422. }
    423. 

  423. 

  424. 

  425. static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
    426. 

  426. {
    427. 

  427. 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
    428. 

  428. 

  429. 	wpa_printf(MSG_DEBUG, "Removing STA " MACSTR " from kernel driver",
    430. 

  430. 		   MAC2STR(sta->addr));
    431. 

  431. 	if (hostapd_sta_remove(hapd, sta->addr) &&
    432. 

  432. 	    sta->flags & WLAN_STA_ASSOC) {
    433. 

  433. 		wpa_printf(MSG_DEBUG, "Could not remove station " MACSTR
    434. 

  434. 			   " from kernel driver.", MAC2STR(sta->addr));
    435. 

  435. 		return -1;
    436. 

  436. 	}
    437. 

  437. 	return 0;
    438. 

  438. }
    439. 

  439. 

  440. 

  441. static int ap_sta_in_other_bss(struct hostapd_data *hapd,
    442. 

  442. 			       struct sta_info *sta, u32 flags)
    443. 

  443. {
    444. 

  444. 	struct hostapd_iface *iface = hapd->iface;
    445. 

  445. 	size_t i;
    446. 

  446. 

  447. 	for (i = 0; i < iface->num_bss; i++) {
    448. 

  448. 		struct hostapd_data *bss = iface->bss[i];
    449. 

  449. 		struct sta_info *sta2;
    450. 

  450. 		/* bss should always be set during operation, but it may be
    451. 

  451. 		 * NULL during reconfiguration. Assume the STA is not
    452. 

  452. 		 * associated to another BSS in that case to avoid NULL pointer
    453. 

  453. 		 * dereferences. */
    454. 

  454. 		if (bss == hapd || bss == NULL)
    455. 

  455. 			continue;
    456. 

  456. 		sta2 = ap_get_sta(bss, sta->addr);
    457. 

  457. 		if (sta2 && ((sta2->flags & flags) == flags))
    458. 

  458. 			return 1;
    459. 

  459. 	}
    460. 

  460. 

  461. 	return 0;
    462. 

  462. }
    463. 

  463. 

  464. 

  465. void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
    466. 

  466. 			 u16 reason)
    467. 

  467. {
    468. 

  468. 	wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
    469. 

  469. 		   hapd->conf->iface, MAC2STR(sta->addr));
    470. 

  470. 	sta->flags &= ~WLAN_STA_ASSOC;
    471. 

  471. 	if (!ap_sta_in_other_bss(hapd, sta, WLAN_STA_ASSOC))
    472. 

  472. 		ap_sta_remove(hapd, sta);
    473. 

  473. 	sta->timeout_next = STA_DEAUTH;
    474. 

  474. 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
    475. 

  475. 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
    476. 

  476. 			       ap_handle_timer, hapd, sta);
    477. 

  477. 	accounting_sta_stop(hapd, sta);
    478. 

  478. 	ieee802_1x_free_station(sta);
    479. 

  479. 

  480. 	mlme_disassociate_indication(hapd, sta, reason);
    481. 

  481. }
    482. 

  482. 

  483. 

  484. void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
    485. 

  485. 			   u16 reason)
    486. 

  486. {
    487. 

  487. 	wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
    488. 

  488. 		   hapd->conf->iface, MAC2STR(sta->addr));
    489. 

  489. 	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
    490. 

  490. 	if (!ap_sta_in_other_bss(hapd, sta, WLAN_STA_ASSOC))
    491. 

  491. 		ap_sta_remove(hapd, sta);
    492. 

  492. 	sta->timeout_next = STA_REMOVE;
    493. 

  493. 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
    494. 

  494. 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
    495. 

  495. 			       ap_handle_timer, hapd, sta);
    496. 

  496. 	accounting_sta_stop(hapd, sta);
    497. 

  497. 	ieee802_1x_free_station(sta);
    498. 

  498. 

  499. 	mlme_deauthenticate_indication(hapd, sta, reason);
    500. 

  500. }
    501. 

  501. 

  502. 

  503. int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
    504. 

  504. 		     int old_vlanid)
    505. 

  505. {
    506. 

  506. 	const char *iface;
    507. 

  507. 	struct hostapd_vlan *vlan = NULL;
    508. 

  508. 

  509. 	/*
    510. 

  510. 	 * Do not proceed furthur if the vlan id remains same. We do not want
    511. 

  511. 	 * duplicate dynamic vlan entries.
    512. 

  512. 	 */
    513. 

  513. 	if (sta->vlan_id == old_vlanid)
    514. 

  514. 		return 0;
    515. 

  515. 

  516. 	/*
    517. 

  517. 	 * During 1x reauth, if the vlan id changes, then remove the old id and
    518. 

  518. 	 * proceed furthur to add the new one.
    519. 

  519. 	 */
    520. 

  520. 	if (old_vlanid > 0)
    521. 

  521. 		vlan_remove_dynamic(hapd, old_vlanid);
    522. 

  522. 

  523. 	iface = hapd->conf->iface;
    524. 

  524. 	if (sta->ssid->vlan[0])
    525. 

  525. 		iface = sta->ssid->vlan;
    526. 

  526. 

  527. 	if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
    528. 

  528. 		sta->vlan_id = 0;
    529. 

  529. 	else if (sta->vlan_id > 0) {
    530. 

  530. 		vlan = hapd->conf->vlan;
    531. 

  531. 		while (vlan) {
    532. 

  532. 			if (vlan->vlan_id == sta->vlan_id ||
    533. 

  533. 			    vlan->vlan_id == VLAN_ID_WILDCARD) {
    534. 

  534. 				iface = vlan->ifname;
    535. 

  535. 				break;
    536. 

  536. 			}
    537. 

  537. 			vlan = vlan->next;
    538. 

  538. 		}
    539. 

  539. 	}
    540. 

  540. 

  541. 	if (sta->vlan_id > 0 && vlan == NULL) {
    542. 

  542. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    543. 

  543. 			       HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
    544. 

  544. 			       "binding station to (vlan_id=%d)",
    545. 

  545. 			       sta->vlan_id);
    546. 

  546. 		return -1;
    547. 

  547. 	} else if (sta->vlan_id > 0 && vlan->vlan_id == VLAN_ID_WILDCARD) {
    548. 

  548. 		vlan = vlan_add_dynamic(hapd, vlan, sta->vlan_id);
    549. 

  549. 		if (vlan == NULL) {
    550. 

  550. 			hostapd_logger(hapd, sta->addr,
    551. 

  551. 				       HOSTAPD_MODULE_IEEE80211,
    552. 

  552. 				       HOSTAPD_LEVEL_DEBUG, "could not add "
    553. 

  553. 				       "dynamic VLAN interface for vlan_id=%d",
    554. 

  554. 				       sta->vlan_id);
    555. 

  555. 			return -1;
    556. 

  556. 		}
    557. 

  557. 

  558. 		iface = vlan->ifname;
    559. 

  559. 		if (vlan_setup_encryption_dyn(hapd, sta->ssid, iface) != 0) {
    560. 

  560. 			hostapd_logger(hapd, sta->addr,
    561. 

  561. 				       HOSTAPD_MODULE_IEEE80211,
    562. 

  562. 				       HOSTAPD_LEVEL_DEBUG, "could not "
    563. 

  563. 				       "configure encryption for dynamic VLAN "
    564. 

  564. 				       "interface for vlan_id=%d",
    565. 

  565. 				       sta->vlan_id);
    566. 

  566. 		}
    567. 

  567. 

  568. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    569. 

  569. 			       HOSTAPD_LEVEL_DEBUG, "added new dynamic VLAN "
    570. 

  570. 			       "interface '%s'", iface);
    571. 

  571. 	} else if (vlan && vlan->vlan_id == sta->vlan_id) {
    572. 

  572. 		if (sta->vlan_id > 0) {
    573. 

  573. 			vlan->dynamic_vlan++;
    574. 

  574. 			hostapd_logger(hapd, sta->addr,
    575. 

  575. 				       HOSTAPD_MODULE_IEEE80211,
    576. 

  576. 				       HOSTAPD_LEVEL_DEBUG, "updated existing "
    577. 

  577. 				       "dynamic VLAN interface '%s'", iface);
    578. 

  578. 		}
    579. 

  579. 

  580. 		/*
    581. 

  581. 		 * Update encryption configuration for statically generated
    582. 

  582. 		 * VLAN interface. This is only used for static WEP
    583. 

  583. 		 * configuration for the case where hostapd did not yet know
    584. 

  584. 		 * which keys are to be used when the interface was added.
    585. 

  585. 		 */
    586. 

  586. 		if (vlan_setup_encryption_dyn(hapd, sta->ssid, iface) != 0) {
    587. 

  587. 			hostapd_logger(hapd, sta->addr,
    588. 

  588. 				       HOSTAPD_MODULE_IEEE80211,
    589. 

  589. 				       HOSTAPD_LEVEL_DEBUG, "could not "
    590. 

  590. 				       "configure encryption for VLAN "
    591. 

  591. 				       "interface for vlan_id=%d",
    592. 

  592. 				       sta->vlan_id);
    593. 

  593. 		}
    594. 

  594. 	}
    595. 

  595. 

  596. 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    597. 

  597. 		       HOSTAPD_LEVEL_DEBUG, "binding station to interface "
    598. 

  598. 		       "'%s'", iface);
    599. 

  599. 

  600. 	if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
    601. 

  601. 		wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
    602. 

  602. 

  603. 	return hostapd_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id);
    604. 

  604. }
    605. 

  605. 

  606. 

  607. #ifdef CONFIG_IEEE80211W
    608. 

  608. 

  609. /* MLME-PING.request */
    610. 

  610. static void ieee802_11_send_ping_req(struct hostapd_data *hapd, const u8 *addr,
    611. 

  611. 				     const u8 *trans_id)
    612. 

  612. {
    613. 

  613. 	struct ieee80211_mgmt mgmt;
    614. 

  614. 	u8 *end;
    615. 

  615. 

  616. 	os_memset(&mgmt, 0, sizeof(mgmt));
    617. 

  617. 	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
    618. 

  618. 					  WLAN_FC_STYPE_ACTION);
    619. 

  619. 	os_memcpy(mgmt.da, addr, ETH_ALEN);
    620. 

  620. 	os_memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN);
    621. 

  621. 	os_memcpy(mgmt.bssid, hapd->own_addr, ETH_ALEN);
    622. 

  622. 	mgmt.u.action.category = WLAN_ACTION_PING;
    623. 

  623. 	mgmt.u.action.u.ping_req.action = WLAN_PING_REQUEST;
    624. 

  624. 	os_memcpy(mgmt.u.action.u.ping_req.trans_id, trans_id,
    625. 

  625. 		  WLAN_PING_TRANS_ID_LEN);
    626. 

  626. 	end = mgmt.u.action.u.ping_req.trans_id + WLAN_PING_TRANS_ID_LEN;
    627. 

  627. 	if (hostapd_send_mgmt_frame(hapd, &mgmt, IEEE80211_HDRLEN +
    628. 

  628. 				    end - (u8 *) &mgmt, 0) < 0)
    629. 

  629. 		perror("ieee802_11_send_ping_req: send");
    630. 

  630. }
    631. 

  631. 

  632. 

  633. static void ap_ping_timer(void *eloop_ctx, void *timeout_ctx)
    634. 

  634. {
    635. 

  635. 	struct hostapd_data *hapd = eloop_ctx;
    636. 

  636. 	struct sta_info *sta = timeout_ctx;
    637. 

  637. 	unsigned int timeout, sec, usec;
    638. 

  638. 	u8 *trans_id, *nbuf;
    639. 

  639. 

  640. 	if (sta->ping_count >= hapd->conf->assoc_ping_attempts) {
    641. 

  641. 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    642. 

  642. 			       HOSTAPD_LEVEL_DEBUG,
    643. 

  643. 			       "association ping timed out");
    644. 

  644. 		sta->ping_timed_out = 1;
    645. 

  645. 		os_free(sta->ping_trans_id);
    646. 

  646. 		sta->ping_trans_id = NULL;
    647. 

  647. 		sta->ping_count = 0;
    648. 

  648. 		return;
    649. 

  649. 	}
    650. 

  650. 

  651. 	nbuf = os_realloc(sta->ping_trans_id,
    652. 

  652. 			  (sta->ping_count + 1) * WLAN_PING_TRANS_ID_LEN);
    653. 

  653. 	if (nbuf == NULL)
    654. 

  654. 		return;
    655. 

  655. 	trans_id = nbuf + sta->ping_count * WLAN_PING_TRANS_ID_LEN;
    656. 

  656. 	sta->ping_trans_id = nbuf;
    657. 

  657. 	sta->ping_count++;
    658. 

  658. 

  659. 	os_get_random(trans_id, WLAN_PING_TRANS_ID_LEN);
    660. 

  660. 

  661. 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    662. 

  662. 		       HOSTAPD_LEVEL_DEBUG,
    663. 

  663. 		       "association ping attempt %d", sta->ping_count);
    664. 

  664. 

  665. 	ieee802_11_send_ping_req(hapd, sta->addr, trans_id);
    666. 

  666. 

  667. 	timeout = hapd->conf->assoc_ping_timeout;
    668. 

  668. 	sec = ((timeout / 1000) * 1024) / 1000;
    669. 

  669. 	usec = (timeout % 1000) * 1024;
    670. 

  670. 	eloop_register_timeout(sec, usec, ap_ping_timer, hapd, sta);
    671. 

  671. }
    672. 

  672. 

  673. 

  674. void ap_sta_start_ping(struct hostapd_data *hapd, struct sta_info *sta)
    675. 

  675. {
    676. 

  676. 	ap_ping_timer(hapd, sta);
    677. 

  677. }
    678. 

  678. 

  679. 

  680. void ap_sta_stop_ping(struct hostapd_data *hapd, struct sta_info *sta)
    681. 

  681. {
    682. 

  682. 	eloop_cancel_timeout(ap_ping_timer, hapd, sta);
    683. 

  683. 	os_free(sta->ping_trans_id);
    684. 

  684. 	sta->ping_trans_id = NULL;
    685. 

  685. 	sta->ping_count = 0;
    686. 

  686. }
    687. 

  687. 

  688. #endif /* CONFIG_IEEE80211W */
    689.