Lines Matching +full:mic +full:- +full:max +full:- +full:freq
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
95 if (!hapd->conf->multi_ap)
98 if (hapd->conf->multi_ap & BACKHAUL_BSS)
100 if (hapd->conf->multi_ap & FRONTHAUL_BSS)
103 if (hapd->conf->multi_ap_client_disallow &
107 if (hapd->conf->multi_ap_client_disallow &
112 multi_ap.profile = hapd->conf->multi_ap_profile;
113 multi_ap.vlanid = hapd->conf->multi_ap_vlanid;
125 if (hapd->iface->current_rates == NULL)
129 num = hapd->iface->num_rates;
130 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
132 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
135 if (hapd->iconf->ieee80211ax && hapd->iconf->require_he)
138 h2e_required = (hapd->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
139 hostapd_sae_pw_id_in_use(hapd->conf) == 2) &&
140 hapd->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
141 wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt);
151 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
154 *pos = hapd->iface->current_rates[i].rate / 5;
155 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
160 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) {
165 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) {
171 if (hapd->iconf->ieee80211ax && hapd->iconf->require_he && count < 8) {
192 hapd->conf->xrates_supported = false;
193 if (hapd->iface->current_rates == NULL)
196 num = hapd->iface->num_rates;
197 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
199 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
202 if (hapd->iconf->ieee80211ax && hapd->iconf->require_he)
205 h2e_required = (hapd->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
206 hostapd_sae_pw_id_in_use(hapd->conf) == 2) &&
207 hapd->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
208 wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt);
213 num -= 8;
217 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
222 *pos = hapd->iface->current_rates[i].rate / 5;
223 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
228 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) {
234 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) {
241 if (hapd->iconf->ieee80211ax && hapd->iconf->require_he) {
254 hapd->conf->xrates_supported = true;
265 if (hapd->conf->radio_measurements[i])
274 os_memcpy(eid, hapd->conf->radio_measurements, RRM_CAPABILITIES_IE_LEN);
288 dfs = hostapd_is_dfs_required(hapd->iface);
295 if (hapd->iface->num_sta_no_short_preamble == 0 &&
296 hapd->iconf->preamble == SHORT_PREAMBLE)
300 privacy = hapd->conf->ssid.wep.keys_set;
302 if (hapd->conf->ieee802_1x &&
303 (hapd->conf->default_wep_key_len ||
304 hapd->conf->individual_wep_key_len))
308 if (hapd->conf->wpa)
312 if (hapd->conf->osen)
319 if (hapd->iface->current_mode &&
320 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
321 hapd->iface->num_sta_no_short_slot_time == 0)
330 if (hapd->iface->current_mode &&
331 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
332 (hapd->iconf->spectrum_mgmt_required || dfs))
336 if (hapd->conf->radio_measurements[i]) {
352 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
358 if (!sta->challenge) {
359 /* Generate a pseudo-random challenge */
362 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
363 if (sta->challenge == NULL)
367 os_free(sta->challenge);
368 sta->challenge = NULL;
373 sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
382 if (!iswep || !sta->challenge || !challenge ||
383 os_memcmp_const(sta->challenge, challenge,
385 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
387 "shared key authentication - invalid "
388 "challenge-response");
392 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
395 sta->flags |= WLAN_STA_AUTH;
396 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
397 os_free(sta->challenge);
398 sta->challenge = NULL;
415 const u8 *sa = hapd->own_addr;
422 return -1;
426 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
432 return -1;
436 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
438 os_memcpy(reply->da, dst, ETH_ALEN);
439 os_memcpy(reply->sa, sa, ETH_ALEN);
440 os_memcpy(reply->bssid, sa, ETH_ALEN);
442 reply->u.auth.auth_alg = host_to_le16(auth_alg);
443 reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
444 reply->u.auth.status_code = host_to_le16(resp);
447 os_memcpy(reply->u.auth.variable, ies, ies_len);
451 os_memcpy(reply->u.auth.variable + ies_len,
463 if (hapd->conf->sae_confirm_immediate == 2 &&
471 os_free(sta->sae_postponed_commit);
472 sta->sae_postponed_commit = buf;
473 sta->sae_postponed_commit_len = rlen;
477 if (auth_transaction == 2 && sta && sta->sae_postponed_commit) {
481 sta->sae_postponed_commit,
482 sta->sae_postponed_commit_len,
485 os_free(sta->sae_postponed_commit);
486 sta->sae_postponed_commit = NULL;
487 sta->sae_postponed_commit_len = 0;
514 "auth-ft-finish");
520 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS ||
522 hostapd_drv_sta_remove(hapd, sta->addr);
523 sta->added_unassoc = 0;
532 sta->flags |= WLAN_STA_AUTH;
543 wpa_printf(MSG_DEBUG, "SAE: State %s -> %s for peer " MACSTR " (%s)",
544 sae_state_txt(sta->sae->state), sae_state_txt(state),
545 MAC2STR(sta->addr), reason);
546 sta->sae->state = state;
563 for (pw = hapd->conf->sae_passwords; pw; pw = pw->next) {
564 if (!is_broadcast_ether_addr(pw->peer_addr) &&
566 !ether_addr_equal(pw->peer_addr, sta->addr)))
568 if ((rx_id && !pw->identifier) || (!rx_id && pw->identifier))
570 if (rx_id && pw->identifier &&
571 os_strcmp(rx_id, pw->identifier) != 0)
573 password = pw->password;
574 pt = pw->pt;
575 if (!(hapd->conf->mesh & MESH_ENABLED))
576 pk = pw->pk;
580 password = hapd->conf->ssid.wpa_passphrase;
581 pt = hapd->conf->ssid.pt;
585 for (psk = sta->psk; psk; psk = psk->next) {
586 if (psk->is_passphrase) {
587 password = psk->passphrase;
615 const u8 *own_addr = hapd->own_addr;
619 own_addr = hapd->mld->mld_addr;
622 if (sta->sae->tmp) {
623 rx_id = sta->sae->tmp->pw_id;
624 use_pt = sta->sae->h2e;
626 os_memcpy(sta->sae->tmp->own_addr, own_addr, ETH_ALEN);
627 os_memcpy(sta->sae->tmp->peer_addr, sta->addr, ETH_ALEN);
631 if (rx_id && hapd->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
646 sae_prepare_commit_pt(sta->sae, pt, own_addr, sta->addr,
651 sae_prepare_commit(own_addr, sta->addr,
653 sta->sae) < 0) {
658 if (pw && pw->vlan_id) {
659 if (!sta->sae->tmp) {
661 "SAE: No temporary data allocated - cannot store VLAN ID");
664 sta->sae->tmp->vlan_id = pw->vlan_id;
670 sae_write_commit(sta->sae, buf, sta->sae->tmp ?
671 sta->sae->tmp->anti_clogging_token : NULL,
692 if (sta->sae->tmp)
693 sta->sae->tmp->omit_pk_elem = hapd->conf->sae_pk_omit;
697 if (sae_write_confirm(sta->sae, buf) < 0) {
715 if (!data && sta->sae->tmp && sta->sae->tmp->pw_id)
720 if (sta->sae->tmp && sta->sae->pk)
722 else if (sta->sae->tmp && sta->sae->h2e)
727 if (hapd->conf->sae_commit_status >= 0 &&
728 hapd->conf->sae_commit_status != status) {
730 "TESTING: Override SAE commit status code %u --> %d",
731 status, hapd->conf->sae_commit_status);
732 status = hapd->conf->sae_commit_status;
735 reply_res = send_auth_reply(hapd, sta, sta->addr,
738 wpabuf_len(data), "sae-send-commit");
756 reply_res = send_auth_reply(hapd, sta, sta->addr,
759 wpabuf_len(data), "sae-send-confirm");
776 if (hapd->conf->anti_clogging_threshold == 0)
779 for (sta = hapd->sta_list; sta; sta = sta->next) {
781 if (sta->sae &&
782 (sta->sae->state == SAE_COMMITTED ||
783 sta->sae->state == SAE_CONFIRMED))
787 if (sta->pasn && sta->pasn->ecdh)
790 if (open >= hapd->conf->anti_clogging_threshold)
798 if (open + dl_list_len(&hapd->sae_commit_queue) >=
799 hapd->conf->anti_clogging_threshold)
813 if (sta->sae->sync > hapd->conf->sae_sync) {
815 sta->sae->sync = 0;
816 if (sta->sae->tmp) {
820 if (os_get_reltime(&sta->sae->tmp->disabled_until) == 0)
821 sta->sae->tmp->disabled_until.sec += 10;
823 return -1;
833 if (!sta->sae)
835 tmp = sta->sae->tmp;
839 if (os_reltime_initialized(&tmp->disabled_until)) {
843 if (os_reltime_before(&now, &tmp->disabled_until))
859 sta->sae->sync++;
862 MAC2STR(sta->addr), sta->sae->sync,
863 sae_state_txt(sta->sae->state));
865 switch (sta->sae->state) {
867 ret = auth_sae_send_commit(hapd, sta, 0, -1);
869 hapd->dot11RSNASAERetransPeriod * 1000,
875 hapd->dot11RSNASAERetransPeriod * 1000,
879 ret = -1;
897 if (!(hapd->conf->mesh & MESH_ENABLED))
901 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000,
917 sta->mld_info.links[sta->mld_assoc_link_id].peer_addr;
920 params.bssid = sta->addr;
922 if (status == WLAN_STATUS_SUCCESS && sta->sae &&
923 !hapd->conf->disable_pmksa_caching)
924 params.pmkid = sta->sae->pmkid;
935 if (sta->sae->tmp && sta->sae->tmp->vlan_id > 0) {
938 MAC2STR(sta->addr), sta->sae->tmp->vlan_id);
940 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
943 vlan_desc.untagged = sta->sae->tmp->vlan_id;
944 if (!hostapd_vlan_valid(hapd->conf->vlan, &vlan_desc)) {
947 sta->sae->tmp->vlan_id);
955 MACSTR, sta->sae->tmp->vlan_id,
956 MAC2STR(sta->addr));
960 sta->vlan_id = sta->sae->tmp->vlan_id;
965 sta->flags |= WLAN_STA_AUTH;
966 sta->auth_alg = WLAN_AUTH_SAE;
968 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
970 crypto_bignum_deinit(sta->sae->peer_commit_scalar_accepted, 0);
971 sta->sae->peer_commit_scalar_accepted = sta->sae->peer_commit_scalar;
972 sta->sae->peer_commit_scalar = NULL;
973 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
974 sta->sae->pmk, sta->sae->pmk_len,
975 sta->sae->pmkid, sta->sae->akmp);
992 MAC2STR(sta->addr), sae_state_txt(sta->sae->state),
997 "SAE: Protocol instance temporarily disabled - discard received SAE commit");
1001 switch (sta->sae->state) {
1004 if (sta->sae->tmp) {
1005 sta->sae->h2e =
1009 sta->sae->pk =
1018 if (sae_process_commit(sta->sae) < 0)
1031 if ((hapd->conf->mesh & MESH_ENABLED) ||
1032 hapd->conf->sae_confirm_immediate) {
1036 * Nothing -> Confirm transition.
1049 * Committed -> Confirmed/Accepted transition
1053 sta->sae->sync = 0;
1056 hostapd_logger(hapd, sta->addr,
1065 if (sae_process_commit(sta->sae) < 0)
1072 sta->sae->sync = 0;
1074 } else if (hapd->conf->mesh & MESH_ENABLED) {
1081 sta->sae->sync++;
1091 * Nothing -> Confirmed transition that was reduced to
1092 * Nothing -> Committed above.
1114 sta->sae->sync++;
1120 if (sae_process_commit(sta->sae) < 0)
1129 sta->sae->send_confirm = 0xffff;
1135 (hapd->conf->mesh & MESH_ENABLED)) {
1138 MAC2STR(sta->addr));
1139 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
1149 if (sae_process_commit(sta->sae) < 0)
1151 sta->sae->sync = 0;
1156 sta->sae->sync++;
1159 sae_clear_temp_data(sta->sae);
1166 sta->sae->state);
1175 struct sae_data *sae = sta->sae;
1176 int i, *groups = hapd->conf->sae_groups;
1179 if (sae->state != SAE_COMMITTED)
1182 wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group);
1187 if (sae->group == groups[i])
1216 enum sae_pwe sae_pwe = hapd->conf->sae_pwe;
1220 id_in_use = hostapd_sae_pw_id_in_use(hapd->conf);
1226 sae_pk = hostapd_sae_pk_in_use(hapd->conf);
1231 (hapd->conf->wpa_key_mgmt &
1250 int *groups = hapd->conf->sae_groups;
1273 if (!sae->tmp)
1275 groups = sae->tmp->peer_rejected_groups;
1312 int *groups = hapd->conf->sae_groups;
1322 if (hapd->conf->sae_reflection_attack && auth_transaction == 1) {
1323 wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack");
1324 pos = mgmt->u.auth.variable;
1327 send_auth_reply(hapd, sta, sta->addr,
1329 auth_transaction, resp, pos, end - pos,
1330 "auth-sae-reflection-attack");
1334 if (hapd->conf->sae_commit_override && auth_transaction == 1) {
1335 wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
1336 send_auth_reply(hapd, sta, sta->addr,
1339 wpabuf_head(hapd->conf->sae_commit_override),
1340 wpabuf_len(hapd->conf->sae_commit_override),
1341 "sae-commit-override");
1345 if (!sta->sae) {
1353 sta->sae = os_zalloc(sizeof(*sta->sae));
1354 if (!sta->sae) {
1355 resp = -1;
1359 sta->sae->sync = 0;
1362 if (sta->mesh_sae_pmksa_caching) {
1365 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
1366 sta->mesh_sae_pmksa_caching = 0;
1374 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1379 if ((hapd->conf->mesh & MESH_ENABLED) &&
1381 sta->sae->tmp) {
1382 pos = mgmt->u.auth.variable;
1386 "SAE: Too short anti-clogging token request");
1390 resp = sae_group_allowed(sta->sae, groups,
1394 "SAE: Invalid group in anti-clogging token request");
1399 wpabuf_free(sta->sae->tmp->anti_clogging_token);
1400 sta->sae->tmp->anti_clogging_token =
1401 wpabuf_alloc_copy(pos, end - pos);
1402 if (sta->sae->tmp->anti_clogging_token == NULL) {
1404 "SAE: Failed to alloc for anti-clogging token");
1410 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code
1412 * with the Anti-Clogging Token from the received
1413 * Authentication frame, and the commit-scalar and
1414 * COMMIT-ELEMENT previously sent.
1423 "Sent Commit (anti-clogging token case in mesh)");
1424 sta->sae->sync = 0;
1429 if ((hapd->conf->mesh & MESH_ENABLED) &&
1432 sta->sae->tmp) {
1444 "SAE: Protocol instance temporarily disabled - discard received SAE commit");
1448 if (!(hapd->conf->mesh & MESH_ENABLED) &&
1449 sta->sae->state == SAE_COMMITTED) {
1457 pos = mgmt->u.auth.variable;
1459 if (end - pos >= (int) sizeof(le16) &&
1460 sae_group_allowed(sta->sae, groups,
1471 sae_clear_data(sta->sae);
1475 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
1476 ((const u8 *) mgmt) + len -
1477 mgmt->u.auth.variable, &token,
1485 MAC2STR(sta->addr));
1490 wpa_msg(hapd->msg_ctx, MSG_INFO,
1492 MACSTR, MAC2STR(sta->addr));
1500 check_comeback_token(hapd->comeback_key,
1501 hapd->comeback_pending_idx, sta->addr,
1506 MAC2STR(sta->addr));
1514 if (check_sae_rejected_groups(hapd, sta->sae)) {
1523 "SAE: Request anti-clogging token from "
1524 MACSTR, MAC2STR(sta->addr));
1525 if (sta->sae->tmp)
1526 h2e = sta->sae->h2e;
1531 &hapd->last_comeback_key_update,
1532 hapd->comeback_key,
1533 hapd->comeback_idx,
1534 hapd->comeback_pending_idx,
1535 sizeof(hapd->comeback_pending_idx),
1536 sta->sae->group,
1537 sta->addr, h2e);
1539 if (hapd->conf->mesh & MESH_ENABLED)
1541 "Request anti-clogging token case in mesh");
1548 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1554 if (sta->sae->state >= SAE_CONFIRMED ||
1555 !(hapd->conf->mesh & MESH_ENABLED)) {
1560 var = mgmt->u.auth.variable;
1561 var_len = ((u8 *) mgmt) + len - mgmt->u.auth.variable;
1569 if (sta->sae->state == SAE_ACCEPTED &&
1570 (peer_send_confirm <= sta->sae->rc ||
1575 " (peer-send-confirm=%u Rc=%u)",
1576 MAC2STR(sta->addr),
1577 peer_send_confirm, sta->sae->rc);
1581 if (sae_check_confirm(sta->sae, var, var_len,
1586 sta->sae->rc = peer_send_confirm;
1591 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1603 pos = mgmt->u.auth.variable;
1609 !data && end - pos >= 2)
1613 send_auth_reply(hapd, sta, sta->addr,
1617 data ? wpabuf_len(data) : 0, "auth-sae");
1618 if (sta->sae && sta->sae->tmp && sta->sae->tmp->pw_id &&
1623 os_free(sta->sae->tmp->pw_id);
1624 sta->sae->tmp->pw_id = NULL;
1633 if (!sta_removed && sta->added_unassoc &&
1635 hostapd_drv_sta_remove(hapd, sta->addr);
1636 sta->added_unassoc = 0;
1643 * auth_sae_init_committed - Send COMMIT and start SAE in committed state
1647 * This function implements Init event handling (IEEE Std 802.11-2012,
1649 * sta->sae structure should be initialized appropriately via a call to
1656 if (!sta->sae || !sta->sae->tmp)
1657 return -1;
1659 if (sta->sae->state != SAE_NOTHING)
1660 return -1;
1662 ret = auth_sae_send_commit(hapd, sta, 0, -1);
1664 return -1;
1667 sta->sae->sync = 0;
1680 q = dl_list_first(&hapd->sae_commit_queue,
1686 dl_list_del(&q->list);
1687 handle_auth(hapd, (const struct ieee80211_mgmt *) q->msg, q->len,
1688 q->rssi, 1);
1693 queue_len = dl_list_len(&hapd->sae_commit_queue);
1707 queue_len = dl_list_len(&hapd->sae_commit_queue);
1710 "SAE: No more room in message queue - drop the new frame from "
1711 MACSTR, MAC2STR(mgmt->sa));
1716 MACSTR " for processing (queue_len %u)", MAC2STR(mgmt->sa),
1721 q->rssi = rssi;
1722 q->len = len;
1723 os_memcpy(q->msg, mgmt, len);
1731 dl_list_for_each(q2, &hapd->sae_commit_queue,
1733 mgmt2 = (const struct ieee80211_mgmt *) q2->msg;
1734 if (ether_addr_equal(mgmt->sa, mgmt2->sa) &&
1735 mgmt->u.auth.auth_transaction ==
1736 mgmt2->u.auth.auth_transaction) {
1739 dl_list_add(&q2->list, &q->list);
1740 dl_list_del(&q2->list);
1747 dl_list_add_tail(&hapd->sae_commit_queue, &q->list);
1762 dl_list_for_each(q, &hapd->sae_commit_queue,
1764 mgmt = (const struct ieee80211_mgmt *) q->msg;
1765 if (ether_addr_equal(addr, mgmt->sa))
1835 pos, end - pos);
1847 if (end - pos < 2) {
1855 if (group != hapd->conf->fils_dh_group) {
1858 group, hapd->conf->fils_dh_group);
1863 crypto_ecdh_deinit(sta->fils_ecdh);
1864 sta->fils_ecdh = crypto_ecdh_init(group);
1865 if (!sta->fils_ecdh) {
1873 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
1884 if ((size_t) (end - pos) < elem_len) {
1890 wpabuf_free(sta->fils_g_sta);
1891 sta->fils_g_sta = wpabuf_alloc_copy(pos, elem_len);
1892 wpabuf_clear_free(sta->fils_dh_ss);
1893 sta->fils_dh_ss = crypto_ecdh_set_peerkey(sta->fils_ecdh, 1,
1895 if (!sta->fils_dh_ss) {
1900 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", sta->fils_dh_ss);
1903 crypto_ecdh_deinit(sta->fils_ecdh);
1904 sta->fils_ecdh = NULL;
1905 wpabuf_clear_free(sta->fils_dh_ss);
1906 sta->fils_dh_ss = NULL;
1910 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
1911 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
1921 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1928 if (!sta->wpa_sm)
1929 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr,
1931 if (!sta->wpa_sm) {
1938 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
1939 hapd->iface->freq,
1940 elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1941 elems.rsnxe ? elems.rsnxe - 2 : NULL,
1955 os_memcpy(sta->fils_snonce, elems.fils_nonce, FILS_NONCE_LEN);
1969 pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr,
1973 pmksa = wpa_auth_pmksa_get_fils_cache_id(hapd->wpa_auth,
1974 sta->addr,
1979 num--;
1982 if (pmksa && wpa_auth_sta_key_mgmt(sta->wpa_sm) != pmksa->akmp) {
1984 "FILS: Matching PMKSA cache entry has different AKMP (0x%x != 0x%x) - ignore",
1985 wpa_auth_sta_key_mgmt(sta->wpa_sm), pmksa->akmp);
1999 os_memcpy(sta->fils_session, elems.fils_session, FILS_SESSION_LEN);
2008 if (!sta->eapol_sm) {
2009 sta->eapol_sm =
2013 "FILS: Forward EAP-Initiate/Re-auth to authentication server");
2017 sta->fils_pending_cb = cb;
2020 sta->flags |= WLAN_STA_PENDING_FILS_ERP;
2022 * to maintain a copy of the EAP-Initiate/Reauth
2024 if (fils_pmkid_erp(wpa_auth_sta_key_mgmt(sta->wpa_sm),
2027 sta->fils_erp_pmkid) == 0)
2028 sta->fils_erp_pmkid_set = 1;
2076 ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
2091 if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid, true) < 0) {
2106 if (sta->fils_dh_ss && sta->fils_ecdh) {
2107 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
2125 wpabuf_put_le16(data, hapd->conf->fils_dh_group);
2138 if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) {
2139 /* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */
2142 res = wpa_auth_write_fte(hapd->wpa_auth, sta->wpa_sm,
2165 wpabuf_put_data(data, sta->fils_session, FILS_SESSION_LEN);
2175 if (fils_rmsk_to_pmk(wpa_auth_sta_key_mgmt(sta->wpa_sm),
2176 msk, msk_len, sta->fils_snonce, fils_nonce,
2177 sta->fils_dh_ss ?
2178 wpabuf_head(sta->fils_dh_ss) : NULL,
2179 sta->fils_dh_ss ?
2180 wpabuf_len(sta->fils_dh_ss) : 0,
2192 wpabuf_clear_free(sta->fils_dh_ss);
2193 sta->fils_dh_ss = NULL;
2195 if (sta->fils_erp_pmkid_set) {
2201 if (sta->session_timeout_set) {
2205 os_reltime_sub(&sta->session_timeout, &now,
2210 sta->fils_erp_pmkid_set = 0;
2211 wpa_auth_add_fils_pmk_pmkid(sta->wpa_sm, pmk, pmk_len,
2212 sta->fils_erp_pmkid);
2213 if (!hapd->conf->disable_pmksa_caching &&
2215 hapd->wpa_auth, sta->addr,
2217 sta->fils_erp_pmkid,
2219 wpa_auth_sta_key_mgmt(sta->wpa_sm),
2226 pmk = pmksa->pmk;
2227 pmk_len = pmksa->pmk_len;
2238 if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len,
2239 sta->fils_snonce, fils_nonce,
2240 sta->fils_dh_ss ?
2241 wpabuf_head(sta->fils_dh_ss) : NULL,
2242 sta->fils_dh_ss ?
2243 wpabuf_len(sta->fils_dh_ss) : 0,
2244 sta->fils_g_sta, pub) < 0) {
2256 wpabuf_clear_free(sta->fils_dh_ss);
2257 sta->fils_dh_ss = NULL;
2259 crypto_ecdh_deinit(sta->fils_ecdh);
2260 sta->fils_ecdh = NULL;
2275 send_auth_reply(hapd, sta, sta->addr, auth_alg, 2, resp,
2277 data ? wpabuf_len(data) : 0, "auth-fils-finish");
2281 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2284 sta->flags |= WLAN_STA_AUTH;
2285 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
2286 sta->auth_alg = pub ? WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
2298 u32 flags = sta->flags;
2300 sta->flags &= ~(WLAN_STA_PENDING_FILS_ERP |
2309 if (!sta->fils_pending_cb)
2319 sta->fils_pending_cb(hapd, sta, resp, data, pub);
2350 /* Authentication code will re-send the authentication frame
2363 u32 session_timeout = info->session_timeout;
2364 u32 acct_interim_interval = info->acct_interim_interval;
2365 struct vlan_description *vlan_id = &info->vlan_id;
2366 struct hostapd_sta_wpa_psk_short *psk = info->psk;
2367 char *identity = info->identity;
2368 char *radius_cui = info->radius_cui;
2370 if (vlan_id->notempty &&
2371 !hostapd_vlan_valid(hapd->conf->vlan, vlan_id)) {
2372 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
2375 vlan_id->untagged,
2376 vlan_id->tagged[0] ? "+" : "");
2377 return -1;
2380 return -1;
2381 if (sta->vlan_id)
2382 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
2383 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
2385 hostapd_free_psk_list(sta->psk);
2386 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED)
2387 hostapd_copy_psk_list(&sta->psk, psk);
2389 sta->psk = NULL;
2391 os_free(sta->identity);
2393 sta->identity = os_strdup(identity);
2395 sta->identity = NULL;
2397 os_free(sta->radius_cui);
2399 sta->radius_cui = os_strdup(radius_cui);
2401 sta->radius_cui = NULL;
2403 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval)
2404 sta->acct_interim_interval = acct_interim_interval;
2406 sta->session_timeout_set = 1;
2407 os_get_reltime(&sta->session_timeout);
2408 sta->session_timeout.sec += session_timeout;
2411 sta->session_timeout_set = 0;
2427 struct pasn_data *pasn = sta->pasn;
2428 struct pasn_fils *fils = &pasn->fils;
2433 wpa_printf(MSG_DEBUG, "PASN: FILS: Handle AS response - status=%u",
2439 if (!pasn->secret) {
2444 if (random_get_bytes(fils->anonce, FILS_NONCE_LEN) < 0) {
2450 fils->anonce, FILS_NONCE_LEN);
2452 ret = fils_rmsk_to_pmk(pasn_get_akmp(pasn), msk, msk_len, fils->nonce,
2453 fils->anonce, NULL, 0, pmk, &pmk_len);
2459 ret = pasn_pmk_to_ptk(pmk, pmk_len, sta->addr, hapd->own_addr,
2460 wpabuf_head(pasn->secret),
2461 wpabuf_len(pasn->secret),
2462 pasn_get_ptk(sta->pasn), pasn_get_akmp(sta->pasn),
2463 pasn_get_cipher(sta->pasn), sta->pasn->kdk_len);
2469 if (pasn->secure_ltf) {
2481 wpabuf_free(pasn->secret);
2482 pasn->secret = NULL;
2484 fils->erp_resp = erp_resp;
2485 ret = handle_auth_pasn_resp(sta->pasn, hapd->own_addr, sta->addr, NULL,
2487 fils->erp_resp = NULL;
2494 fils->state = PASN_FILS_STATE_COMPLETE;
2506 return -1;
2508 struct pasn_data *pasn = sta->pasn;
2509 struct pasn_fils *fils = &pasn->fils;
2518 if (fils->state != PASN_FILS_STATE_NONE) {
2520 return -1;
2525 return -1;
2534 return -1;
2548 return -1;
2552 buf_len -= 6;
2556 return -1;
2562 return -1;
2565 ret = wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
2569 return -1;
2575 return -1;
2581 return -1;
2586 os_memcpy(fils->nonce, elems.fils_nonce, FILS_NONCE_LEN);
2590 os_memcpy(fils->session, elems.fils_session, FILS_SESSION_LEN);
2597 return -1;
2600 if (!sta->eapol_sm)
2601 sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
2604 "PASN: FILS: Forward EAP-Initiate/Re-auth to AS");
2609 sta->flags |= WLAN_STA_PENDING_PASN_FILS_ERP;
2611 fils->state = PASN_FILS_STATE_PENDING_AS;
2615 * copy of the EAP-Initiate/Reautt message.
2619 fils->erp_pmkid);
2630 int noack, unsigned int freq, unsigned int wait)
2641 struct pasn_data *pasn = sta->pasn;
2644 pasn_set_bssid(pasn, hapd->own_addr);
2645 pasn_set_own_addr(pasn, hapd->own_addr);
2646 pasn_set_peer_addr(pasn, sta->addr);
2647 pasn_set_wpa_key_mgmt(pasn, hapd->conf->wpa_key_mgmt);
2648 pasn_set_rsn_pairwise(pasn, hapd->conf->rsn_pairwise);
2649 pasn->pasn_groups = hapd->conf->pasn_groups;
2650 pasn->noauth = hapd->conf->pasn_noauth;
2651 if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF_AP)
2655 pasn->corrupt_mic = hapd->conf->pasn_corrupt_mic;
2656 if (hapd->conf->force_kdk_derivation)
2659 pasn->use_anti_clogging = use_anti_clogging(hapd);
2661 &pasn->pt, NULL));
2662 pasn->rsn_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &pasn->rsn_ie_len);
2664 pasn->disable_pmksa_caching = hapd->conf->disable_pmksa_caching;
2666 wpa_auth_get_pmksa_cache(hapd->wpa_auth));
2668 pasn->comeback_after = hapd->conf->pasn_comeback_after;
2669 pasn->comeback_idx = hapd->comeback_idx;
2670 pasn->comeback_key = hapd->comeback_key;
2671 pasn->comeback_pending_idx = hapd->comeback_pending_idx;
2681 entry = ptksa_cache_get(hapd->ptksa, sta_addr, cipher);
2685 return -1;
2688 if (!ether_addr_equal(entry->own_addr, own_addr)) {
2692 MAC2STR(own_addr), MAC2STR(entry->own_addr));
2693 return -1;
2699 entry->ptk.tk_len, entry->ptk.tk,
2700 entry->ptk.ltf_keyseed_len,
2701 entry->ptk.ltf_keyseed, 0);
2712 struct pasn_data *pasn = sta->pasn;
2721 if (ieee802_11_parse_elems(mgmt->u.auth.variable,
2722 len - offsetof(struct ieee80211_mgmt,
2731 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
2737 if (!(rsn_data.key_mgmt & pasn->wpa_key_mgmt) ||
2738 !(rsn_data.pairwise_cipher & pasn->rsn_pairwise)) {
2746 if (pasn->derive_kdk &&
2751 if (hapd->conf->force_kdk_derivation)
2758 pasn->pmk_r1_len = 0;
2759 wpa_ft_fetch_pmk_r1(hapd->wpa_auth, sta->addr,
2761 pasn->pmk_r1, &pasn->pmk_r1_len, NULL,
2771 wpa_pasn_parse_parameter_ie(elems.pasn_params - 3,
2789 pasn->fils_wd_valid = true;
2800 if (hapd->conf->wpa != WPA_PROTO_RSN) {
2806 MAC2STR(sta->addr));
2809 if (sta->pasn) {
2821 sta->pasn = pasn_data_init();
2822 if (!sta->pasn) {
2831 if (handle_auth_pasn_1(sta->pasn, hapd->own_addr,
2832 sta->addr, mgmt, len) < 0)
2835 if (!sta->pasn) {
2848 if (handle_auth_pasn_3(sta->pasn, hapd->own_addr,
2849 sta->addr, mgmt, len) == 0) {
2850 ptksa_cache_add(hapd->ptksa, hapd->own_addr, sta->addr,
2851 pasn_get_cipher(sta->pasn), 43200,
2852 pasn_get_ptk(sta->pasn), NULL, NULL,
2853 pasn_get_akmp(sta->pasn));
2855 pasn_set_keys_from_cache(hapd, hapd->own_addr,
2856 sta->addr,
2857 pasn_get_cipher(sta->pasn),
2858 pasn_get_akmp(sta->pasn));
2863 "PASN: Invalid transaction %u - ignore", trans_seq);
2889 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
2890 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
2896 if (hapd->iconf->ignore_auth_probability > 0.0 &&
2897 drand48() < hapd->iconf->ignore_auth_probability) {
2900 MAC2STR(mgmt->sa));
2905 sa = mgmt->sa;
2916 sa = mgmt->sa;
2919 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
2920 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
2921 status_code = le_to_host16(mgmt->u.auth.status_code);
2922 fc = le_to_host16(mgmt->frame_control);
2923 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
2925 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
2927 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
2928 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
2929 challenge = &mgmt->u.auth.variable[2];
2950 if (hapd->tkip_countermeasures) {
2952 "Ongoing TKIP countermeasures (Michael MIC failure) - reject authentication");
2957 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
2960 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
2964 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
2968 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
2970 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
2971 hapd->conf->fils_dh_group &&
2975 (hapd->conf->wpa &&
2976 (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PASN) &&
2979 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
2998 if (ether_addr_equal(mgmt->sa, hapd->own_addr)) {
3007 (ether_addr_equal(sa, hapd->own_addr) ||
3008 ether_addr_equal(sa, hapd->mld->mld_addr))) {
3017 if (hapd->conf->no_auth_if_seen_on) {
3020 other = sta_track_seen_on(hapd->iface, sa,
3021 hapd->conf->no_auth_if_seen_on);
3029 hapd->conf->iface, MAC2STR(sa),
3030 hapd->conf->no_auth_if_seen_on);
3036 os_memcpy(pos, other->own_addr, ETH_ALEN);
3041 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
3043 else if (other->iconf->ieee80211ac)
3045 else if (other->iconf->ieee80211n)
3047 else if (other->iconf->hw_mode ==
3050 else if (other->iconf->hw_mode ==
3057 other->iconf->channel),
3058 other->iconf->secondary_channel,
3059 other->iconf->ieee80211ac,
3062 channel = other->iconf->channel;
3067 resp_ies_len = pos - &resp_ies[0];
3075 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
3102 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
3103 sta->ft_over_ds = 0;
3105 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
3106 sta->last_seq_ctrl == seq_ctrl &&
3107 sta->last_subtype == WLAN_FC_STYPE_AUTH) {
3108 hostapd_logger(hapd, sta->addr,
3117 (sta->flags & WLAN_STA_ASSOC)) {
3120 MAC2STR(sta->addr));
3126 if (hapd->conf->mesh & MESH_ENABLED) {
3130 " not yet known - drop Authentication frame",
3136 wpabuf_free(hapd->mesh_pending_auth);
3137 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len);
3138 os_get_reltime(&hapd->mesh_pending_auth_time);
3152 /* Set the non-AP MLD information based on the initial Authentication
3155 * peer_addr based on mgmt->sa which would have been translated to the
3157 if (!sta->added_unassoc && auth_transaction == 1) {
3158 ap_sta_free_sta_profile(&sta->mld_info);
3159 os_memset(&sta->mld_info, 0, sizeof(sta->mld_info));
3162 u8 link_id = hapd->mld_link_id;
3165 sta->mld_assoc_link_id = link_id;
3171 os_memcpy(sta->mld_info.common_info.mld_addr, sa,
3173 os_memcpy(sta->mld_info.links[link_id].peer_addr,
3174 mgmt->sa, ETH_ALEN);
3175 os_memcpy(sta->mld_info.links[link_id].local_addr,
3176 hapd->own_addr, ETH_ALEN);
3181 sta->last_seq_ctrl = seq_ctrl;
3182 sta->last_subtype = WLAN_FC_STYPE_AUTH;
3184 sta->auth_rssi = rssi;
3194 sta->flags &= ~WLAN_STA_PREAUTH;
3195 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
3203 * If this is not the first transaction, in a multi-step authentication
3205 * (sta->added_unassoc = 1) so skip it.
3219 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
3220 (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
3221 !(hapd->conf->mesh & MESH_ENABLED) &&
3222 !(sta->added_unassoc) && auth_alg != WLAN_AUTH_PASN) {
3231 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3234 sta->flags |= WLAN_STA_AUTH;
3235 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
3236 sta->auth_alg = WLAN_AUTH_OPEN;
3247 sta->auth_alg = WLAN_AUTH_SHARED_KEY;
3249 if (sta->challenge && auth_transaction == 1) {
3252 os_memcpy(resp_ies + 2, sta->challenge,
3261 sta->auth_alg = WLAN_AUTH_FT;
3262 if (sta->wpa_sm == NULL)
3263 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
3264 sta->addr, NULL);
3265 if (sta->wpa_sm == NULL) {
3271 wpa_ft_process_auth(sta->wpa_sm,
3272 auth_transaction, mgmt->u.auth.variable,
3273 len - IEEE80211_HDRLEN -
3274 sizeof(mgmt->u.auth),
3283 hapd->conf->mesh & MESH_ENABLED) {
3284 if (sta->wpa_sm == NULL)
3285 sta->wpa_sm =
3286 wpa_auth_sta_init(hapd->wpa_auth,
3287 sta->addr, NULL);
3288 if (sta->wpa_sm == NULL) {
3303 handle_auth_fils(hapd, sta, mgmt->u.auth.variable,
3304 len - IEEE80211_HDRLEN - sizeof(mgmt->u.auth),
3318 dst = mgmt->sa;
3322 dst = sta->addr;
3329 "handle-auth");
3331 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
3333 hostapd_drv_sta_remove(hapd, sta->addr);
3334 sta->added_unassoc = 0;
3344 if (!hapd->iconf->mbssid || hapd->iface->num_bss <= 1)
3347 num_bss_nontx = hapd->iface->num_bss - 1;
3363 * when finding an AID for a non-AP MLD. */
3364 if (hapd->conf->mld_ap && sta->mld_info.mld_sta) {
3370 if (!sta->mld_info.links[j].valid)
3381 aid_word |= link_bss->sta_aid[i];
3388 return hapd->sta_aid[i];
3396 /* Transmitted and non-transmitted BSSIDs share the same AID pool, so
3402 if (sta->aid > 0) {
3403 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid);
3408 return -1;
3413 if (aid_word == (u32) -1)
3423 return -1;
3426 return -1;
3428 sta->aid = aid;
3429 hapd->sta_aid[i] |= BIT(j);
3430 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid);
3441 if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
3442 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
3443 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3457 sta->flags &= ~WLAN_STA_WMM;
3458 sta->qosinfo = 0;
3459 if (wmm_ie && hapd->conf->wmm_enabled) {
3463 hostapd_logger(hapd, sta->addr,
3471 sta->flags |= WLAN_STA_WMM;
3473 sta->qosinfo = wmm->qos_info;
3484 sta->flags &= ~WLAN_STA_MULTI_AP;
3486 if (!hapd->conf->multi_ap)
3490 if (!(hapd->conf->multi_ap & FRONTHAUL_BSS)) {
3491 hostapd_logger(hapd, sta->addr,
3494 "Non-Multi-AP STA tries to associate with backhaul-only BSS");
3501 status = check_multi_ap_ie(multi_ap_ie + 4, multi_ap_len - 4,
3507 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3509 "Multi-AP IE with unexpected value 0x%02x",
3513 (hapd->conf->multi_ap_client_disallow &
3515 hostapd_logger(hapd, sta->addr,
3518 "Multi-AP Profile-1 clients not allowed");
3523 (hapd->conf->multi_ap_client_disallow &
3525 hostapd_logger(hapd, sta->addr,
3528 "Multi-AP Profile-2 clients not allowed");
3533 if (hapd->conf->multi_ap & FRONTHAUL_BSS)
3536 hostapd_logger(hapd, sta->addr,
3539 "Non-Multi-AP STA tries to associate with backhaul-only BSS");
3543 if (!(hapd->conf->multi_ap & BACKHAUL_BSS))
3544 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3546 "Backhaul STA tries to associate with fronthaul-only BSS");
3548 sta->flags |= WLAN_STA_MULTI_AP;
3557 if (hapd->iface->current_mode &&
3558 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD)
3561 if (!elems->supp_rates) {
3562 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3568 if (elems->supp_rates_len + elems->ext_supp_rates_len >
3569 sizeof(sta->supported_rates)) {
3570 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3573 elems->supp_rates_len,
3574 elems->ext_supp_rates_len);
3578 sta->supported_rates_len = merge_byte_arrays(
3579 sta->supported_rates, sizeof(sta->supported_rates),
3580 elems->supp_rates, elems->supp_rates_len,
3581 elems->ext_supp_rates, elems->ext_supp_rates_len);
3592 int *groups = hapd->conf->owe_groups;
3622 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
3641 if (sta->owe_group == group && sta->owe_ecdh) {
3653 crypto_ecdh_deinit(sta->owe_ecdh);
3654 sta->owe_ecdh = crypto_ecdh_init(group);
3656 if (!sta->owe_ecdh)
3658 sta->owe_group = group;
3660 secret = crypto_ecdh_set_peerkey(sta->owe_ecdh, 0, owe_dh + 2,
3661 owe_dh_len - 2);
3669 /* prk = HKDF-extract(C | A | group, z) */
3671 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
3677 /* PMKID = Truncate-128(Hash(C | A)) */
3679 len[0] = owe_dh_len - 2;
3703 hkey = wpabuf_alloc(owe_dh_len - 2 + wpabuf_len(pub) + 2);
3710 wpabuf_put_data(hkey, owe_dh + 2, owe_dh_len - 2); /* C */
3730 /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */
3732 os_free(sta->owe_pmk);
3733 sta->owe_pmk = os_malloc(hash_len);
3734 if (!sta->owe_pmk) {
3741 os_strlen(info), sta->owe_pmk, hash_len);
3744 os_strlen(info), sta->owe_pmk, hash_len);
3747 os_strlen(info), sta->owe_pmk, hash_len);
3750 os_free(sta->owe_pmk);
3751 sta->owe_pmk = NULL;
3754 sta->owe_pmk_len = hash_len;
3756 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sta->owe_pmk, sta->owe_pmk_len);
3758 wpa_auth_pmksa_add2(hapd->wpa_auth, sta->addr, sta->owe_pmk,
3759 sta->owe_pmk_len, pmkid, 0, WPA_KEY_MGMT_OWE, NULL);
3777 rsn_ie -= 2;
3795 "OWE: No Diffie-Hellman Parameter element from "
3821 if (!sta->wpa_sm)
3822 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr,
3824 if (!sta->wpa_sm) {
3832 wpa_auth_set_ml_info(sta->wpa_sm,
3833 sta->mld_assoc_link_id, &sta->mld_info);
3835 rsn_ie -= 2;
3837 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
3838 hapd->iface->freq, rsn_ie, rsn_ie_len,
3846 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, ie, sizeof(ie),
3853 if (sta->owe_ecdh) {
3856 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
3862 /* OWE Diffie-Hellman Parameter element */
3867 WPA_PUT_LE16(owe_buf, sta->owe_group);
3872 sta->external_dh_updated = 1;
3874 ie_len = owe_buf - ie;
3879 MAC2STR(link_addr ? link_addr : sta->addr));
3880 hostapd_drv_update_dh_ie(hapd, link_addr ? link_addr : sta->addr,
3894 if ((sta->flags &
3899 if (!sta->sa_query_timed_out && sta->sa_query_count > 0)
3902 if (!sta->sa_query_timed_out &&
3903 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
3909 if (sta->sa_query_count == 0)
3931 resp = check_ssid(hapd, sta, elems->ssid, elems->ssid_len);
3934 resp = check_wmm(hapd, sta, elems->wmm, elems->wmm_len);
3937 resp = check_ext_capab(hapd, sta, elems->ext_capab,
3938 elems->ext_capab_len);
3945 resp = check_multi_ap(hapd, sta, elems->multi_ap, elems->multi_ap_len);
3949 resp = copy_sta_ht_capab(hapd, sta, elems->ht_capabilities);
3952 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
3953 !(sta->flags & WLAN_STA_HT)) {
3954 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3956 "mandatory HT PHY - reject association");
3961 if (hapd->iconf->ieee80211ac) {
3962 resp = copy_sta_vht_capab(hapd, sta, elems->vht_capabilities);
3966 resp = set_sta_vht_opmode(hapd, sta, elems->opmode_notif);
3971 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht &&
3972 !(sta->flags & WLAN_STA_VHT)) {
3973 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3975 "mandatory VHT PHY - reject association");
3979 if (hapd->conf->vendor_vht && !elems->vht_capabilities) {
3980 resp = copy_sta_vendor_vht(hapd, sta, elems->vendor_vht,
3981 elems->vendor_vht_len);
3987 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
3989 elems->he_capabilities,
3990 elems->he_capabilities_len);
3994 if (hapd->iconf->require_he && !(sta->flags & WLAN_STA_HE)) {
3995 hostapd_logger(hapd, sta->addr,
3998 "Station does not support mandatory HE PHY - reject association");
4002 if (is_6ghz_op_class(hapd->iconf->op_class)) {
4003 if (!(sta->flags & WLAN_STA_HE)) {
4004 hostapd_logger(hapd, sta->addr,
4007 "Station does not support mandatory HE PHY - reject association");
4011 elems->he_6ghz_band_cap);
4018 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
4020 elems->he_capabilities,
4021 elems->he_capabilities_len,
4022 elems->eht_capabilities,
4023 elems->eht_capabilities_len);
4036 if (elems->p2p && ies && ies_len) {
4037 wpabuf_free(sta->p2p_ie);
4038 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
4040 if (sta->p2p_ie)
4041 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
4043 wpabuf_free(sta->p2p_ie);
4044 sta->p2p_ie = NULL;
4048 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems->rsn_ie) {
4049 wpa_ie = elems->rsn_ie;
4050 wpa_ie_len = elems->rsn_ie_len;
4051 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
4052 elems->wpa_ie) {
4053 wpa_ie = elems->wpa_ie;
4054 wpa_ie_len = elems->wpa_ie_len;
4061 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
4062 if (hapd->conf->wps_state && elems->wps_ie && ies && ies_len) {
4064 "Request - assume WPS is used");
4065 sta->flags |= WLAN_STA_WPS;
4066 wpabuf_free(sta->wps_ie);
4067 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
4069 if (sta->wps_ie && wps_is_20(sta->wps_ie)) {
4071 sta->flags |= WLAN_STA_WPS2;
4075 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) {
4077 "(Re)Association Request - reject");
4080 } else if (hapd->conf->wps_state && wpa_ie == NULL) {
4082 "(Re)Association Request - possible WPS use");
4083 sta->flags |= WLAN_STA_MAYBE_WPS;
4086 if (hapd->conf->wpa && wpa_ie == NULL) {
4087 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4093 if (hapd->conf->wpa && wpa_ie) {
4096 struct mld_info *info = &sta->mld_info;
4097 bool init = !sta->wpa_sm;
4100 wpa_ie -= 2;
4103 if (!sta->wpa_sm) {
4108 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
4109 sta->addr,
4112 if (!sta->wpa_sm) {
4124 wpa_auth_set_ml_info(sta->wpa_sm,
4125 sta->mld_assoc_link_id,
4130 wpa_auth_set_auth_alg(sta->wpa_sm, sta->auth_alg);
4131 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
4132 hapd->iface->freq,
4134 elems->rsnxe ? elems->rsnxe - 2 :
4136 elems->rsnxe ? elems->rsnxe_len + 2 :
4138 elems->mdie, elems->mdie_len,
4139 elems->owe_dh, elems->owe_dh_len,
4140 assoc_sta ? assoc_sta->wpa_sm : NULL);
4145 if (wpa_auth_uses_mfp(sta->wpa_sm))
4146 sta->flags |= WLAN_STA_MFP;
4148 sta->flags &= ~WLAN_STA_MFP;
4151 if (sta->auth_alg == WLAN_AUTH_FT) {
4155 "re-association) with FT auth_alg",
4156 MAC2STR(sta->addr));
4160 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies,
4170 if (wpa_auth_uses_sae(sta->wpa_sm) && sta->sae &&
4171 sta->sae->state == SAE_ACCEPTED)
4172 wpa_auth_add_sae_pmkid(sta->wpa_sm, sta->sae->pmkid);
4174 if (wpa_auth_uses_sae(sta->wpa_sm) &&
4175 sta->auth_alg == WLAN_AUTH_OPEN) {
4177 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
4178 if (!sa || !wpa_key_mgmt_sae(sa->akmp)) {
4181 MACSTR, MAC2STR(sta->addr));
4185 " using PMKSA caching", MAC2STR(sta->addr));
4186 } else if (wpa_auth_uses_sae(sta->wpa_sm) &&
4187 sta->auth_alg != WLAN_AUTH_SAE &&
4188 !(sta->auth_alg == WLAN_AUTH_FT &&
4189 wpa_auth_uses_ft_sae(sta->wpa_sm))) {
4191 "SAE AKM after non-SAE auth_alg %u",
4192 MAC2STR(sta->addr), sta->auth_alg);
4196 if (hapd->conf->sae_pwe == SAE_PWE_BOTH &&
4197 sta->auth_alg == WLAN_AUTH_SAE &&
4198 sta->sae && !sta->sae->h2e &&
4199 ieee802_11_rsnx_capab_len(elems->rsnxe, elems->rsnxe_len,
4203 MAC2STR(sta->addr));
4209 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
4210 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
4211 elems->owe_dh) {
4212 resp = owe_process_assoc_req(hapd, sta, elems->owe_dh,
4213 elems->owe_dh_len);
4221 dpp_pfs_free(sta->dpp_pfs);
4222 sta->dpp_pfs = NULL;
4225 (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
4226 hapd->conf->dpp_netaccesskey && sta->wpa_sm &&
4227 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_DPP &&
4228 elems->owe_dh) {
4229 sta->dpp_pfs = dpp_pfs_init(
4230 wpabuf_head(hapd->conf->dpp_netaccesskey),
4231 wpabuf_len(hapd->conf->dpp_netaccesskey));
4232 if (!sta->dpp_pfs) {
4239 if (dpp_pfs_process(sta->dpp_pfs, elems->owe_dh,
4240 elems->owe_dh_len) < 0) {
4241 dpp_pfs_free(sta->dpp_pfs);
4242 sta->dpp_pfs = NULL;
4247 wpa_auth_set_dpp_z(sta->wpa_sm, sta->dpp_pfs ?
4248 sta->dpp_pfs->secret : NULL);
4252 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) &&
4253 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
4254 hostapd_logger(hapd, sta->addr,
4263 sta->wpa_sm,
4264 hapd->conf->ssid_protection &&
4266 elems->rsnxe, elems->rsnxe_len,
4269 } else if (hapd->conf->osen) {
4270 if (!elems->osen) {
4272 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4279 if (sta->wpa_sm == NULL)
4280 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
4281 sta->addr, NULL);
4282 if (sta->wpa_sm == NULL) {
4287 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
4288 elems->osen - 2, elems->osen_len + 2) < 0)
4292 wpa_auth_sta_no_wpa(sta->wpa_sm);
4295 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len);
4299 wpabuf_free(sta->hs20_ie);
4300 if (elems->hs20 && elems->hs20_len > 4) {
4303 sta->hs20_ie = wpabuf_alloc_copy(elems->hs20 + 4,
4304 elems->hs20_len - 4);
4305 release = ((elems->hs20[4] >> 4) & 0x0f) + 1;
4306 if (release >= 2 && !wpa_auth_uses_mfp(sta->wpa_sm) &&
4307 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
4310 MACSTR, release, MAC2STR(sta->addr));
4314 sta->hs20_ie = NULL;
4317 wpabuf_free(sta->roaming_consortium);
4318 if (elems->roaming_cons_sel)
4319 sta->roaming_consortium = wpabuf_alloc_copy(
4320 elems->roaming_cons_sel + 4,
4321 elems->roaming_cons_sel_len - 4);
4323 sta->roaming_consortium = NULL;
4327 wpabuf_free(sta->mb_ies);
4328 if (hapd->iface->fst)
4329 sta->mb_ies = mb_ies_by_info(&elems->mb_ies);
4331 sta->mb_ies = NULL;
4337 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
4338 elems->mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
4339 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
4347 if (wpa_auth_uses_ocv(sta->wpa_sm) &&
4348 (sta->auth_alg == WLAN_AUTH_FILS_SK ||
4349 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
4350 sta->auth_alg == WLAN_AUTH_FILS_PK)) {
4362 if (get_sta_tx_parameters(sta->wpa_sm,
4368 res = ocv_verify_tx_params(elems->oci, elems->oci_len, &ci,
4370 if (wpa_auth_uses_ocv(sta->wpa_sm) == 2 &&
4375 wpa_auth_set_ocv(sta->wpa_sm, 0);
4379 wpa_msg(hapd->msg_ctx, MSG_INFO, OCV_FAILURE "addr="
4380 MACSTR " frame=fils-reassoc-req error=%s",
4381 MAC2STR(sta->addr), ocv_errorstr);
4387 ap_copy_sta_supp_op_classes(sta, elems->supp_op_classes,
4388 elems->supp_op_classes_len);
4390 if ((sta->capability & WLAN_CAPABILITY_RADIO_MEASUREMENT) &&
4391 elems->rrm_enabled &&
4392 elems->rrm_enabled_len >= sizeof(sta->rrm_enabled_capa))
4393 os_memcpy(sta->rrm_enabled_capa, elems->rrm_enabled,
4394 sizeof(sta->rrm_enabled_capa));
4396 if (elems->power_capab) {
4397 sta->min_tx_power = elems->power_capab[0];
4398 sta->max_tx_power = elems->power_capab[1];
4399 sta->power_capab = 1;
4401 sta->power_capab = 0;
4404 if (elems->bss_max_idle_period &&
4405 hapd->conf->max_acceptable_idle_period) {
4408 req = WPA_GET_LE16(elems->bss_max_idle_period);
4409 if (req <= hapd->conf->max_acceptable_idle_period)
4410 sta->max_idle_period = req;
4411 else if (hapd->conf->max_acceptable_idle_period >
4412 hapd->conf->ap_max_inactivity)
4413 sta->max_idle_period =
4414 hapd->conf->max_acceptable_idle_period;
4427 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4452 WPA_PUT_LE16(p, link->status);
4455 if (link->status != WLAN_STATUS_SUCCESS)
4461 p = hostapd_eid_rm_enabled_capab(hapd, p, buf + buflen - p);
4465 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
4470 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
4476 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
4483 p = hostapd_eid_mbo(hapd, p, buf + buflen - p);
4486 if (hapd->conf->assocresp_elements &&
4487 (size_t) (buf + buflen - p) >=
4488 wpabuf_len(hapd->conf->assocresp_elements)) {
4489 os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements),
4490 wpabuf_len(hapd->conf->assocresp_elements));
4491 p += wpabuf_len(hapd->conf->assocresp_elements);
4495 os_free(link->resp_sta_profile);
4496 link->resp_sta_profile = os_memdup(buf, p - buf);
4497 link->resp_sta_profile_len = link->resp_sta_profile ? p - buf : 0;
4514 hapd->mld_link_id, MAC2STR(link->peer_addr));
4522 sta = ap_get_sta(hapd, origin_sta->addr);
4530 sta = ap_sta_add(hapd, origin_sta->addr);
4542 hapd->mld_link_id, true) ==
4545 "MLD: link: Failed to parse association request Multi-Link element");
4550 sta->flags |= origin_sta->flags | WLAN_STA_ASSOC_REQ_OK;
4551 sta->mld_assoc_link_id = origin_sta->mld_assoc_link_id;
4561 os_memcpy(&sta->mld_info, &origin_sta->mld_info, sizeof(sta->mld_info));
4563 struct mld_link_info *li = &sta->mld_info.links[i];
4565 li->resp_sta_profile = NULL;
4566 li->resp_sta_profile_len = 0;
4574 sta->aid = origin_sta->aid;
4575 if (sta->aid == 0) {
4580 hapd->sta_aid[(sta->aid - 1) / 32] |= BIT((sta->aid - 1) % 32);
4581 sta->listen_interval = origin_sta->listen_interval;
4583 ieee802_11_update_beacons(hapd->iface);
4589 wpa_auth_sta_deinit(sta->wpa_sm);
4590 sta->wpa_sm = origin_sta->wpa_sm;
4596 sta->eapol_sm = NULL;
4599 hapd->mld_link_id, sta->aid);
4601 sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC_REQ_OK;
4609 link->status = status;
4618 return -1;
4627 if (!hapd->conf->mld_ap)
4630 if (!hapd->iface || !hapd->iface->interfaces ||
4631 hapd->iface->interfaces->count <= 1)
4654 struct mld_link_info *link = &sta->mld_info.links[i];
4657 if (!link->valid || i == sta->mld_assoc_link_id)
4664 if (bss->mld_link_id != i)
4675 link->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
4680 link->status = WLAN_STATUS_DENIED_TX_LINK_NOT_ACCEPTED;
4687 return -1;
4706 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN);
4707 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN);
4731 u8 mld_link_id = hapd->mld_link_id;
4733 mld_link_sta = sta->mld_assoc_link_id != mld_link_id;
4734 mld_link_addr = sta->mld_info.links[mld_link_id].peer_addr;
4736 if (hapd->mld_link_id != sta->mld_assoc_link_id)
4744 * FT-over-the-DS, where a station re-associates back to the same AP but
4752 * FT-over-the-DS has a special case where the STA entry (and as such,
4754 * driver interface is used. For that case, allow add-STA operation to
4755 * be used (instead of set-STA). This is needed to allow mac80211-based
4757 * after a new FT-over-DS exchange, a new TK has been derived, so key
4762 MAC2STR(sta->addr), sta->added_unassoc, sta->auth_alg,
4763 sta->ft_over_ds, reassoc,
4764 !!(sta->flags & WLAN_STA_AUTHORIZED),
4765 wpa_auth_sta_ft_tk_already_set(sta->wpa_sm),
4766 wpa_auth_sta_fils_tk_already_set(sta->wpa_sm));
4768 if (!mld_link_sta && !sta->added_unassoc &&
4769 (!(sta->flags & WLAN_STA_AUTHORIZED) ||
4770 (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
4771 (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
4772 !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
4773 hostapd_drv_sta_remove(hapd, sta->addr);
4774 wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
4777 /* Do not allow the FT-over-DS exception to be used more than
4780 sta->ft_over_ds = 0;
4783 if (sta->flags & WLAN_STA_HT)
4784 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
4786 if (sta->flags & WLAN_STA_VHT)
4787 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap);
4790 if (sta->flags & WLAN_STA_HE) {
4791 hostapd_get_he_capab(hapd, sta->he_capab, &he_cap,
4792 sta->he_capab_len);
4796 if (sta->flags & WLAN_STA_EHT)
4797 hostapd_get_eht_capab(hapd, sta->eht_capab, &eht_cap,
4798 sta->eht_capab_len);
4802 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags
4806 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability,
4807 sta->supported_rates, sta->supported_rates_len,
4808 sta->listen_interval,
4809 sta->flags & WLAN_STA_HT ? &ht_cap : NULL,
4810 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
4811 sta->flags & WLAN_STA_HE ? &he_cap : NULL,
4812 sta->flags & WLAN_STA_HE ? sta->he_capab_len : 0,
4813 sta->flags & WLAN_STA_EHT ? &eht_cap : NULL,
4814 sta->flags & WLAN_STA_EHT ? sta->eht_capab_len : 0,
4815 sta->he_6ghz_capab,
4816 sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
4817 sta->vht_opmode, sta->p2p_ie ? 1 : 0,
4819 hostapd_logger(hapd, sta->addr,
4824 if (sta->added_unassoc) {
4825 hostapd_drv_sta_remove(hapd, sta->addr);
4826 sta->added_unassoc = 0;
4829 return -1;
4832 sta->added_unassoc = 0;
4852 if (sta && sta->fils_hlp_resp)
4853 buflen += wpabuf_len(sta->fils_hlp_resp);
4858 if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
4862 if (sta && sta->dpp_pfs)
4863 buflen += 5 + sta->dpp_pfs->curve->prime_len;
4866 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
4869 if (hapd->iconf->punct_bitmap)
4880 reply->frame_control =
4885 os_memcpy(reply->da, addr, ETH_ALEN);
4886 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
4887 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN);
4890 send_len += sizeof(reply->u.assoc_resp);
4891 reply->u.assoc_resp.capab_info =
4893 reply->u.assoc_resp.status_code = host_to_le16(status_code);
4895 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) |
4898 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
4903 p = hostapd_eid_rm_enabled_capab(hapd, p, buf + buflen - p);
4908 int delta = hapd->iconf->rssi_reject_assoc_rssi - rssi;
4910 p = hostapd_eid_mbo_rssi_assoc_rej(hapd, p, buf + buflen - p,
4919 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
4920 buf + buflen - p,
4921 sta->auth_alg, ies, ies_len,
4933 (sta->auth_alg == WLAN_AUTH_FILS_SK ||
4934 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
4935 sta->auth_alg == WLAN_AUTH_FILS_PK))
4936 p = wpa_auth_write_assoc_resp_fils(sta->wpa_sm, p,
4937 buf + buflen - p,
4943 (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
4944 p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p,
4945 buf + buflen - p,
4956 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac &&
4957 !is_6ghz_op_class(hapd->iconf->op_class)) {
4960 if (sta && hapd->conf->use_sta_nsts && sta->vht_capabilities) {
4963 nsts = (hapd->iface->conf->vht_capab >>
4965 capa = sta->vht_capabilities;
4966 sta_nsts = (le_to_host32(capa->vht_capabilities_info) >>
4980 if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
4991 p = hostapd_eid_bss_max_idle_period(hapd, p, sta->max_idle_period);
4992 if (sta && sta->qos_map_enabled)
4996 if (hapd->iface->fst_ies) {
4997 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies),
4998 wpabuf_len(hapd->iface->fst_ies));
4999 p += wpabuf_len(hapd->iface->fst_ies);
5004 if (hapd->conf->rsnxe_override_ft &&
5005 buf + buflen - p >=
5006 (long int) wpabuf_len(hapd->conf->rsnxe_override_ft) &&
5007 sta && sta->auth_alg == WLAN_AUTH_FT) {
5009 os_memcpy(p, wpabuf_head(hapd->conf->rsnxe_override_ft),
5010 wpabuf_len(hapd->conf->rsnxe_override_ft));
5011 p += wpabuf_len(hapd->conf->rsnxe_override_ft);
5016 p = hostapd_eid_rsnxe(hapd, p, buf + buflen - p);
5022 if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
5023 if (hapd->conf->mld_ap)
5031 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
5032 sta && sta->owe_ecdh && status_code == WLAN_STATUS_SUCCESS &&
5033 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
5034 !wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
5037 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
5042 /* OWE Diffie-Hellman Parameter element */
5046 WPA_PUT_LE16(p, sta->owe_group);
5055 if (DPP_VERSION > 1 && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
5056 sta && sta->dpp_pfs && status_code == WLAN_STATUS_SUCCESS &&
5057 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_DPP) {
5058 os_memcpy(p, wpabuf_head(sta->dpp_pfs->ie),
5059 wpabuf_len(sta->dpp_pfs->ie));
5060 p += wpabuf_len(sta->dpp_pfs->ie);
5065 if (sta && hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT))
5069 if (sta && (sta->flags & WLAN_STA_WMM))
5074 ((sta->flags & WLAN_STA_WPS) ||
5075 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa))) {
5085 if (sta && (sta->flags & WLAN_STA_MULTI_AP))
5086 p = hostapd_eid_multi_ap(hapd, p, buf + buflen - p);
5089 if (sta && sta->p2p_ie && hapd->p2p_group) {
5103 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status);
5114 if (hapd->conf->p2p & P2P_MANAGE)
5118 p = hostapd_eid_mbo(hapd, p, buf + buflen - p);
5120 if (hapd->conf->assocresp_elements &&
5121 (size_t) (buf + buflen - p) >=
5122 wpabuf_len(hapd->conf->assocresp_elements)) {
5123 os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements),
5124 wpabuf_len(hapd->conf->assocresp_elements));
5125 p += wpabuf_len(hapd->conf->assocresp_elements);
5128 send_len += p - reply->u.assoc_resp.variable;
5132 (sta->auth_alg == WLAN_AUTH_FILS_SK ||
5133 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
5134 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
5151 send_len = fils_encrypt_assoc(sta->wpa_sm, buf, send_len,
5152 buflen, sta->fils_hlp_resp);
5178 if (hapd->conf->own_ie_override) {
5181 return wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
5186 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
5188 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
5194 if (sta->owe_pmk && sta->external_dh_updated) {
5204 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
5207 if (sta->owe_ecdh && owe_buf) {
5210 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
5216 /* OWE Diffie-Hellman Parameter element */
5221 WPA_PUT_LE16(owe_buf, sta->owe_group);
5240 MAC2STR(sta->addr));
5242 if (!sta->fils_pending_assoc_req)
5244 reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
5245 sta->fils_pending_assoc_is_reassoc,
5246 sta->fils_pending_assoc_req,
5247 sta->fils_pending_assoc_req_len, 0, 0,
5249 os_free(sta->fils_pending_assoc_req);
5250 sta->fils_pending_assoc_req = NULL;
5251 sta->fils_pending_assoc_req_len = 0;
5252 wpabuf_free(sta->fils_hlp_resp);
5253 sta->fils_hlp_resp = NULL;
5254 wpabuf_free(sta->hlp_dhcp_discover);
5255 sta->hlp_dhcp_discover = NULL;
5262 hostapd_drv_sta_remove(hapd, sta->addr);
5272 "FILS: HLP response timeout - continue with association response for "
5273 MACSTR, MAC2STR(sta->addr));
5274 if (sta->fils_drv_assoc_finish)
5294 if (!hapd->iconf->ieee80211be || hapd->conf->disable_11be)
5298 len -= IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req);
5299 pos = mgmt->u.reassoc_req.variable;
5301 len -= IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req);
5302 pos = mgmt->u.assoc_req.variable;
5318 MAC2STR(mld_addr), MAC2STR(mgmt->sa));
5343 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
5344 sizeof(mgmt->u.assoc_req))) {
5345 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)",
5352 if (hapd->iconf->ignore_reassoc_probability > 0.0 &&
5353 drand48() < hapd->iconf->ignore_reassoc_probability) {
5356 MACSTR, MAC2STR(mgmt->sa));
5360 if (hapd->iconf->ignore_assoc_probability > 0.0 &&
5361 drand48() < hapd->iconf->ignore_assoc_probability) {
5364 MACSTR, MAC2STR(mgmt->sa));
5370 fc = le_to_host16(mgmt->frame_control);
5371 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
5374 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
5376 mgmt->u.reassoc_req.listen_interval);
5380 MAC2STR(mgmt->sa), capab_info, listen_interval,
5381 MAC2STR(mgmt->u.reassoc_req.current_ap),
5383 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
5384 pos = mgmt->u.reassoc_req.variable;
5386 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
5388 mgmt->u.assoc_req.listen_interval);
5392 MAC2STR(mgmt->sa), capab_info, listen_interval,
5394 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
5395 pos = mgmt->u.assoc_req.variable;
5398 sta = ap_get_sta(hapd, mgmt->sa);
5403 * non-AP MLD station, that tries to re-associate using different link
5422 if (sta && sta->auth_alg == WLAN_AUTH_FT &&
5423 (sta->flags & WLAN_STA_AUTH) == 0) {
5426 "over-the-DS FT", MAC2STR(mgmt->sa));
5432 sta->flags |= WLAN_STA_AUTH;
5435 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
5436 if (hapd->iface->current_mode &&
5437 hapd->iface->current_mode->mode ==
5442 acl_res = ieee802_11_allowed_address(hapd, mgmt->sa,
5446 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
5449 MAC2STR(mgmt->sa));
5458 sta = ap_sta_add(hapd, mgmt->sa);
5460 hostapd_logger(hapd, mgmt->sa,
5475 hostapd_logger(hapd, sta->addr,
5479 sta->flags |= WLAN_STA_AUTH;
5480 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
5481 sta->auth_alg = WLAN_AUTH_OPEN;
5483 hostapd_logger(hapd, mgmt->sa,
5487 sta ? sta->aid : -1,
5488 sta ? sta->flags : 0);
5489 send_deauth(hapd, mgmt->sa,
5496 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
5497 sta->last_seq_ctrl == seq_ctrl &&
5498 sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
5500 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
5506 sta->last_seq_ctrl = seq_ctrl;
5507 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
5510 if (hapd->tkip_countermeasures) {
5515 if (listen_interval > hapd->conf->max_listen_interval) {
5516 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
5525 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) {
5530 if (hapd->iconf->rssi_reject_assoc_rssi && rssi &&
5531 rssi < hapd->iconf->rssi_reject_assoc_rssi &&
5532 (sta->auth_rssi == 0 ||
5533 sta->auth_rssi < hapd->iconf->rssi_reject_assoc_rssi)) {
5539 if (hapd->conf->wpa && check_sa_query(hapd, sta, reassoc)) {
5545 * sta->capability is used in check_assoc_ies() for RRM enabled
5548 sta->capability = capab_info;
5551 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
5552 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
5553 sta->auth_alg == WLAN_AUTH_FILS_PK) {
5565 res = fils_decrypt_assoc(sta->wpa_sm, sta->fils_session, mgmt,
5584 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
5590 sta->listen_interval = listen_interval;
5592 if (hapd->iface->current_mode &&
5593 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
5594 sta->flags |= WLAN_STA_NONERP;
5595 for (i = 0; i < sta->supported_rates_len; i++) {
5596 if ((sta->supported_rates[i] & 0x7f) > 22) {
5597 sta->flags &= ~WLAN_STA_NONERP;
5601 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
5602 sta->nonerp_set = 1;
5603 hapd->iface->num_sta_non_erp++;
5604 if (hapd->iface->num_sta_non_erp == 1)
5608 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
5609 !sta->no_short_slot_time_set) {
5610 sta->no_short_slot_time_set = 1;
5611 hapd->iface->num_sta_no_short_slot_time++;
5612 if (hapd->iface->current_mode &&
5613 hapd->iface->current_mode->mode ==
5615 hapd->iface->num_sta_no_short_slot_time == 1)
5619 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
5620 sta->flags |= WLAN_STA_SHORT_PREAMBLE;
5622 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
5624 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
5625 !sta->no_short_preamble_set) {
5626 sta->no_short_preamble_set = 1;
5627 hapd->iface->num_sta_no_short_preamble++;
5628 if (hapd->iface->current_mode &&
5629 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
5630 && hapd->iface->num_sta_no_short_preamble == 1)
5637 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
5639 "association OK (aid %d)", sta->aid);
5642 sta->flags |= WLAN_STA_ASSOC_REQ_OK;
5644 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
5657 sta->timeout_next = STA_NULLFUNC;
5663 sta->pending_wds_enable = 0;
5666 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
5667 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
5668 sta->auth_alg == WLAN_AUTH_FILS_PK) {
5675 ieee802_11_update_beacons(hapd->iface);
5686 * states that a non-AP station should transition into the
5694 * issues with processing other non-Data Class 3 frames during this
5708 sta->fils_pending_assoc_req) {
5715 MACSTR, MAC2STR(sta->addr));
5721 os_free(sta->fils_pending_assoc_req);
5722 sta->fils_pending_assoc_req = NULL;
5723 sta->fils_pending_assoc_req_len = 0;
5724 wpabuf_free(sta->fils_hlp_resp);
5725 sta->fils_hlp_resp = NULL;
5728 sta->fils_pending_assoc_req = tmp;
5729 sta->fils_pending_assoc_req_len = left;
5730 sta->fils_pending_assoc_is_reassoc = reassoc;
5731 sta->fils_drv_assoc_finish = 0;
5734 MACSTR, MAC2STR(sta->addr));
5736 eloop_register_timeout(0, hapd->conf->fils_hlp_wait_time * 1024,
5746 mgmt->sa, resp, reassoc,
5757 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc)) {
5758 hostapd_drv_sta_remove(hapd, sta->addr);
5759 sta->added_unassoc = 0;
5768 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
5770 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
5773 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
5774 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
5777 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
5778 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
5781 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
5782 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
5783 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
5792 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
5794 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.disassoc.reason_code));
5797 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
5798 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
5800 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
5801 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
5803 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
5804 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
5809 if (sta->ipaddr)
5810 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
5812 hostapd_drv_sta_remove(hapd, sta->addr);
5813 sta->added_unassoc = 0;
5815 if (sta->timeout_next == STA_NULLFUNC ||
5816 sta->timeout_next == STA_DISASSOC) {
5817 sta->timeout_next = STA_DEAUTH;
5824 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
5828 if (hapd->iface->current_mode &&
5829 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
5830 sta->flags &= ~WLAN_STA_AUTH;
5831 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
5832 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
5864 if (!assoc_sta->mld_info.links[tmp_hapd->mld_link_id].valid)
5867 for (tmp_sta = tmp_hapd->sta_list; tmp_sta;
5868 tmp_sta = tmp_sta->next) {
5869 if (tmp_sta->mld_assoc_link_id !=
5870 assoc_sta->mld_assoc_link_id ||
5871 tmp_sta->aid != assoc_sta->aid)
5900 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
5901 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
5902 "handle_disassoc - too short payload (len=%lu)",
5907 sta = ap_get_sta(hapd, mgmt->sa);
5909 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
5911 MAC2STR(mgmt->sa));
5927 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
5928 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
5929 "handle_deauth - too short payload (len=%lu)",
5935 ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
5937 sta = ap_get_sta(hapd, mgmt->sa);
5939 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
5941 MAC2STR(mgmt->sa));
5958 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
5959 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)",
5964 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable,
5965 len - (IEEE80211_HDRLEN +
5966 sizeof(mgmt->u.beacon)), &elems,
5969 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
5982 unsigned int freq)
5988 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
5990 "handle_action - too short payload (len=%lu)",
5995 action = (u8 *) &mgmt->u.action.u;
5997 " da " MACSTR " len %d freq %u",
5998 mgmt->u.action.category, *action,
5999 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), (int) len, freq);
6001 sta = ap_get_sta(hapd, mgmt->sa);
6003 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
6004 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
6007 mgmt->u.action.category, MAC2STR(mgmt->sa));
6011 if (sta && (sta->flags & WLAN_STA_MFP) &&
6012 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) &&
6013 robust_action_frame(mgmt->u.action.category)) {
6014 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
6022 u16 fc = le_to_host16(mgmt->frame_control);
6023 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
6026 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
6027 sta->last_seq_ctrl == seq_ctrl &&
6028 sta->last_subtype == WLAN_FC_STYPE_ACTION) {
6029 hostapd_logger(hapd, sta->addr,
6037 sta->last_seq_ctrl = seq_ctrl;
6038 sta->last_subtype = WLAN_FC_STYPE_ACTION;
6041 switch (mgmt->u.action.category) {
6045 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
6046 len - IEEE80211_HDRLEN))
6063 if (hapd->iface->fst)
6064 fst_rx_action(hapd->iface->fst, mgmt, len);
6067 "FST: Ignore FST Action frame - no FST attached");
6073 mgmt->u.action.u.public_action.action ==
6080 mgmt->u.action.u.vs_public_action.action ==
6082 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
6084 mgmt->u.action.u.vs_public_action.variable[0] ==
6088 pos = mgmt->u.action.u.vs_public_action.oui;
6090 hostapd_dpp_rx_action(hapd, mgmt->sa, pos, end - pos,
6091 freq);
6095 (mgmt->u.action.u.public_action.action ==
6097 mgmt->u.action.u.public_action.action ==
6101 pos = &mgmt->u.action.u.public_action.action;
6103 if (gas_query_ap_rx(hapd->gas, mgmt->sa,
6104 mgmt->u.action.category,
6105 pos, end - pos, freq) == 0)
6110 if (mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
6112 mgmt->u.action.u.vs_public_action.action ==
6114 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
6116 mgmt->u.action.u.vs_public_action.variable[0] ==
6120 pos = mgmt->u.action.u.vs_public_action.variable;
6123 hostapd_nan_usd_rx_sdf(hapd, mgmt->sa, freq,
6124 pos, end - pos);
6128 if (hapd->public_action_cb) {
6129 hapd->public_action_cb(hapd->public_action_cb_ctx,
6130 (u8 *) mgmt, len, freq);
6132 if (hapd->public_action_cb2) {
6133 hapd->public_action_cb2(hapd->public_action_cb2_ctx,
6134 (u8 *) mgmt, len, freq);
6136 if (hapd->public_action_cb || hapd->public_action_cb2)
6140 if (hapd->vendor_action_cb) {
6141 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx,
6142 (u8 *) mgmt, len, freq) == 0)
6153 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
6155 "handle_action - unknown action category %d or invalid "
6157 mgmt->u.action.category);
6158 if (!is_multicast_ether_addr(mgmt->da) &&
6159 !(mgmt->u.action.category & 0x80) &&
6160 !is_multicast_ether_addr(mgmt->sa)) {
6164 * IEEE 802.11-REVma/D9.0 - 7.3.1.11
6173 os_memcpy(resp->da, resp->sa, ETH_ALEN);
6174 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
6175 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
6176 resp->u.action.category |= 0x80;
6190 * notify_mgmt_frame - Notify of Management frames on the control interface
6207 wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO,
6215 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames
6224 * addition, it can be called to re-inserted pending frames (e.g., when using
6233 unsigned int freq;
6234 int ssi_signal = fi ? fi->ssi_signal : 0;
6243 if (fi && fi->freq)
6244 freq = fi->freq;
6246 freq = hapd->iface->freq;
6249 fc = le_to_host16(mgmt->frame_control);
6252 if (is_multicast_ether_addr(mgmt->sa) ||
6253 is_zero_ether_addr(mgmt->sa) ||
6254 ether_addr_equal(mgmt->sa, hapd->own_addr)) {
6259 " in received frame - ignore this frame silently",
6260 MAC2STR(mgmt->sa));
6269 if (!is_broadcast_ether_addr(mgmt->bssid) &&
6272 !((hapd->conf->p2p & P2P_GROUP_OWNER) &&
6276 !(hapd->conf->mesh & MESH_ENABLED) &&
6279 !(hapd->conf->mld_ap &&
6280 ether_addr_equal(hapd->mld->mld_addr, mgmt->bssid)) &&
6282 !ether_addr_equal(mgmt->bssid, hapd->own_addr)) {
6284 MAC2STR(mgmt->bssid));
6288 if (hapd->iface->state != HAPD_IFACE_ENABLED) {
6290 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), stype);
6299 if ((!is_broadcast_ether_addr(mgmt->da) ||
6302 !(hapd->conf->mld_ap &&
6303 ether_addr_equal(hapd->mld->mld_addr, mgmt->bssid)) &&
6306 !ether_addr_equal(mgmt->da, nan_network_id) &&
6308 !ether_addr_equal(mgmt->da, hapd->own_addr)) {
6309 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
6312 MAC2STR(mgmt->da));
6316 if (hapd->iconf->track_sta_max_num)
6317 sta_track_add(hapd->iface, mgmt->sa, ssi_signal);
6319 if (hapd->conf->notify_mgmt_frames)
6344 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth");
6350 ret = handle_action(hapd, mgmt, len, freq);
6353 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
6371 sta = ap_get_sta(hapd, mgmt->da);
6375 MAC2STR(mgmt->da));
6379 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
6380 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
6388 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
6389 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
6390 status_code = le_to_host16(mgmt->u.auth.status_code);
6393 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
6402 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
6404 sta->flags |= WLAN_STA_AUTH;
6405 if (sta->added_unassoc)
6416 if (!success_status && sta->added_unassoc) {
6417 hostapd_drv_sta_remove(hapd, sta->addr);
6418 sta->added_unassoc = 0;
6429 struct hostapd_ssid *ssid = &hapd->conf->ssid;
6431 if (hapd->conf->ieee802_1x || hapd->conf->wpa)
6435 if (ssid->wep.key[i] &&
6437 0, i == ssid->wep.idx, NULL, 0,
6438 ssid->wep.key[i], ssid->wep.len[i],
6439 i == ssid->wep.idx ?
6461 hostapd_logger(hapd, link->peer_addr, HOSTAPD_MODULE_IEEE80211,
6464 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
6467 if (link->status == WLAN_STATUS_SUCCESS)
6468 hostapd_drv_sta_remove(hapd, sta->addr);
6473 if (link->status != WLAN_STATUS_SUCCESS)
6476 sta->flags |= WLAN_STA_ASSOC;
6477 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
6479 if (!hapd->conf->ieee802_1x && !hapd->conf->wpa)
6488 * - IEEE 802.1X port enablement is not needed as done on the station
6490 * - Not handling accounting
6491 * - Need to handle VLAN configuration
6513 link = &sta->mld_info.links[tmp_hapd->mld_link_id];
6514 if (!link->valid)
6517 for (tmp_sta = tmp_hapd->sta_list; tmp_sta;
6518 tmp_sta = tmp_sta->next) {
6520 tmp_sta->mld_assoc_link_id !=
6521 sta->mld_assoc_link_id ||
6522 tmp_sta->aid != sta->aid)
6542 sta = ap_get_sta(hapd, mgmt->da);
6545 MAC2STR(mgmt->da));
6551 hapd->mld_link_id != sta->mld_assoc_link_id) {
6555 __func__, hapd->mld_link_id, sta->mld_assoc_link_id);
6560 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
6561 sizeof(mgmt->u.assoc_resp))) {
6563 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)",
6565 hostapd_drv_sta_remove(hapd, sta->addr);
6570 status = le_to_host16(mgmt->u.reassoc_resp.status_code);
6572 status = le_to_host16(mgmt->u.assoc_resp.status_code);
6575 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
6578 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
6581 hostapd_drv_sta_remove(hapd, sta->addr);
6593 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
6596 sta->aid);
6598 if (sta->flags & WLAN_STA_ASSOC)
6600 sta->flags |= WLAN_STA_ASSOC;
6601 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
6602 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
6603 !hapd->conf->osen) ||
6604 sta->auth_alg == WLAN_AUTH_FILS_SK ||
6605 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
6606 sta->auth_alg == WLAN_AUTH_FILS_PK ||
6607 sta->auth_alg == WLAN_AUTH_FT) {
6620 sta->sa_query_timed_out = 0;
6622 if (sta->eapol_sm == NULL) {
6630 } else if (sta->vlan_id) {
6638 if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
6639 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
6641 MAC2STR(sta->addr));
6642 sta->pending_wds_enable = 0;
6643 sta->flags |= WLAN_STA_WDS;
6647 if ((sta->flags & WLAN_STA_WDS) ||
6648 (sta->flags & WLAN_STA_MULTI_AP &&
6649 (hapd->conf->multi_ap & BACKHAUL_BSS) &&
6650 hapd->conf->wds_sta &&
6651 !(sta->flags & WLAN_STA_WPS))) {
6655 wpa_printf(MSG_DEBUG, "Reenable 4-address WDS mode for STA "
6657 MAC2STR(sta->addr), sta->aid);
6658 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr,
6659 sta->aid, 1);
6664 if (sta->auth_alg == WLAN_AUTH_FT)
6665 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
6667 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
6668 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc);
6669 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
6672 if ((sta->auth_alg == WLAN_AUTH_FILS_SK ||
6673 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
6674 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
6675 fils_set_tk(sta->wpa_sm) < 0) {
6677 ap_sta_disconnect(hapd, sta, sta->addr,
6683 if (sta->pending_eapol_rx) {
6687 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age);
6691 MAC2STR(sta->addr));
6693 hapd, mgmt->da,
6694 wpabuf_head(sta->pending_eapol_rx->buf),
6695 wpabuf_len(sta->pending_eapol_rx->buf),
6696 sta->pending_eapol_rx->encrypted);
6698 wpabuf_free(sta->pending_eapol_rx->buf);
6699 os_free(sta->pending_eapol_rx);
6700 sta->pending_eapol_rx = NULL;
6713 if (is_multicast_ether_addr(mgmt->da))
6715 sta = ap_get_sta(hapd, mgmt->da);
6718 " not found", MAC2STR(mgmt->da));
6723 MAC2STR(sta->addr));
6726 "deauth", MAC2STR(sta->addr));
6737 if (is_multicast_ether_addr(mgmt->da))
6739 sta = ap_get_sta(hapd, mgmt->da);
6742 " not found", MAC2STR(mgmt->da));
6747 MAC2STR(sta->addr));
6750 "disassoc", MAC2STR(sta->addr));
6767 mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
6768 mgmt->u.action.u.vs_public_action.action ==
6770 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
6772 mgmt->u.action.u.vs_public_action.variable[0] ==
6776 pos = &mgmt->u.action.u.vs_public_action.variable[1];
6778 hostapd_dpp_tx_status(hapd, mgmt->da, pos, end - pos, ok);
6782 mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
6783 (mgmt->u.action.u.public_action.action ==
6785 mgmt->u.action.u.public_action.action ==
6789 pos = mgmt->u.action.u.public_action.variable;
6791 gas_query_ap_tx_status(hapd->gas, mgmt->da, pos, end - pos, ok);
6795 if (is_multicast_ether_addr(mgmt->da))
6797 sta = ap_get_sta(hapd, mgmt->da);
6800 " not found", MAC2STR(mgmt->da));
6806 mgmt->u.action.category == WLAN_ACTION_WNM &&
6807 mgmt->u.action.u.vs_public_action.action == WNM_NOTIFICATION_REQ &&
6808 sta->hs20_deauth_on_ack) {
6810 " on acknowledging the WNM-Notification",
6811 MAC2STR(sta->addr));
6821 &mgmt->u.action.u.rrm.variable[2];
6822 if (mgmt->u.action.category == WLAN_ACTION_RADIO_MEASUREMENT &&
6823 mgmt->u.action.u.rrm.action == WLAN_RRM_RADIO_MEASUREMENT_REQUEST &&
6824 report->eid == WLAN_EID_MEASURE_REQUEST &&
6825 report->len >= 3 &&
6826 report->type == MEASURE_TYPE_BEACON)
6833 * ieee802_11_mgmt_cb - Process management frame TX status callback
6848 if (hapd->ext_mgmt_frame_handling) {
6854 wpa_msg(hapd->msg_ctx, MSG_INFO,
6855 "MGMT-TX-STATUS stype=%u ok=%d buf=%s",
6917 struct hostapd_iface *iface = hapd->iface;
6920 if (sta == NULL && iface->num_bss > 1) {
6922 for (j = 0; j < iface->num_bss; j++) {
6923 hapd = iface->bss[j];
6929 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))
6931 if (sta->flags & WLAN_STA_PENDING_POLL) {
6933 "activity poll", MAC2STR(sta->addr),
6936 sta->flags &= ~WLAN_STA_PENDING_POLL;
6946 struct hostapd_iface *iface = hapd->iface;
6949 if (sta == NULL && iface->num_bss > 1) {
6951 for (j = 0; j < iface->num_bss; j++) {
6952 hapd = iface->bss[j];
6960 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POLL_OK MACSTR,
6961 MAC2STR(sta->addr));
6962 if (!(sta->flags & WLAN_STA_PENDING_POLL))
6966 "activity poll", MAC2STR(sta->addr));
6967 sta->flags &= ~WLAN_STA_PENDING_POLL;
6978 ((sta->flags & WLAN_STA_ASSOC) ||
6979 ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
6980 if (!hapd->conf->wds_sta)
6983 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
6986 "Postpone 4-address WDS mode enabling for STA "
6988 MAC2STR(sta->addr));
6989 sta->pending_wds_enable = 1;
6993 if (wds && !(sta->flags & WLAN_STA_WDS)) {
6997 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for "
6999 MAC2STR(sta->addr), sta->aid);
7000 sta->flags |= WLAN_STA_WDS;
7002 sta->addr, sta->aid, 1);
7010 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA "
7013 ether_addr_equal(src, hapd->own_addr)) {
7019 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) {
7021 "already been sent, but no TX status yet known - "
7027 if (sta && (sta->flags & WLAN_STA_AUTH))
7049 * bits 0-2 : Maximum Transmit Power Count
7050 * bits 3-5 : Maximum Transmit Power Interpretation
7051 * bits 6-7 : Maximum Transmit Power Category
7067 #define REG_PSD_MAX_TXPOWER_FOR_DEFAULT_CLIENT (-1) /* dBm/MHz */
7072 struct hostapd_iface *iface = hapd->iface;
7073 struct hostapd_config *iconf = iface->conf;
7074 struct hostapd_hw_modes *mode = iface->current_mode;
7084 if (ieee80211_freq_to_chan(iface->freq, &channel) == NUM_HOSTAPD_MODES)
7087 for (i = 0; i < mode->num_channels; i++) {
7088 if (mode->channels[i].freq == iface->freq)
7091 if (i == mode->num_channels)
7095 /* IEEE Std 802.11ax-2021, Annex E.2.7 (6 GHz band in the United
7099 * - Maximum Transmit Power Category subfield = Default;
7101 * - Maximum Transmit Power Category subfield = Subordinate Device;
7104 if (is_6ghz_op_class(iconf->op_class)) {
7112 if (hapd->iconf->reg_def_cli_eirp_psd != -1)
7113 tx_pwr = hapd->iconf->reg_def_cli_eirp_psd;
7122 if (he_reg_is_indoor(iconf->he_6ghz_reg_pwr_type)) {
7124 if (hapd->iconf->reg_sub_cli_eirp_psd != -1)
7125 tx_pwr = hapd->iconf->reg_sub_cli_eirp_psd;
7134 if (iconf->reg_def_cli_eirp != -1 &&
7135 he_reg_is_sp(iconf->he_6ghz_reg_pwr_type))
7139 hapd->iconf->reg_def_cli_eirp);
7147 if (iconf->secondary_channel == 0) {
7148 /* Max Transmit Power count = 0 (20 MHz) */
7151 /* Max Transmit Power count = 1 (20, 40 MHz) */
7156 /* Max Transmit Power count = 2 (20, 40, and 80 MHz) */
7161 /* Max Transmit Power count = 3 (20, 40, 80, 160/80+80 MHz) */
7174 dfs = hostapd_is_dfs_required(hapd->iface);
7184 if (hapd->iconf->local_pwr_constraint == -1)
7187 local_pwr_constraint = hapd->iconf->local_pwr_constraint;
7193 * local max TX pwr = max TX pwr - local pwr constraint
7194 * Where max TX pwr is maximum transmit power level specified for
7198 chan = &mode->channels[i];
7199 max_tx_power = chan->max_tx_power - local_pwr_constraint;
7210 if (max_tx_power < -128)
7211 max_tx_power = -128;
7228 if (!hapd->cs_freq_params.channel ||
7229 (!hapd->cs_freq_params.vht_enabled &&
7230 !hapd->cs_freq_params.he_enabled &&
7231 !hapd->cs_freq_params.eht_enabled))
7235 * IEEE P802.11-REVme/D4.0, 9.4.2.159 and Table 9-314. */
7236 switch (hapd->cs_freq_params.bandwidth) {
7254 freq1 = hapd->cs_freq_params.center_freq1 ?
7255 hapd->cs_freq_params.center_freq1 :
7256 hapd->cs_freq_params.freq;
7261 if (hapd->cs_freq_params.center_freq2 &&
7262 ieee80211_freq_to_chan(hapd->cs_freq_params.center_freq2,
7271 if (hapd->cs_freq_params.bandwidth == 160) {
7273 * IEEE P802.11-REVme/D4.0, Table 9-314 */
7275 /* CCFS1 - The channel center frequency index of the 160 MHz
7279 /* CCFS0 - The channel center frequency index of the 80 MHz
7281 if (hapd->cs_freq_params.channel < chan1)
7282 chan1 -= 8;
7299 dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry,
7301 if (!nr->nr || wpabuf_len(nr->nr) < 12)
7304 if (nr->short_ssid == hapd->conf->ssid.short_ssid)
7334 i >= skip_profiles->start && i < skip_profiles->end)
7348 /* If building for co-location and they are ML partners, no need to
7380 while (start < hapd->iface->num_bss) {
7392 for (i = start; i < hapd->iface->num_bss; i++) {
7393 struct hostapd_data *bss = hapd->iface->bss[i];
7396 if (!bss || !bss->conf || !bss->started)
7400 ap_mld = bss->conf->mld_ap;
7404 bss->conf->ignore_broadcast_ssid)
7425 /* If building for co-location, re-build again but this time include
7434 len -= RNR_TBTT_HEADER_LEN;
7435 total_len -= RNR_TBTT_HEADER_LEN;
7441 /* This is possible when in the re-built case and no suitable TBTT was
7444 len -= RNR_TBTT_HEADER_LEN;
7445 total_len -= RNR_TBTT_HEADER_LEN;
7467 bool is_6ghz = is_6ghz_op_class(hapd->iconf->op_class);
7469 if (!hapd->iface || !hapd->iface->interfaces)
7472 if (is_6ghz && hapd->iface->interfaces->count == 1)
7475 for (i = 0; i < hapd->iface->interfaces->count; i++) {
7479 iface = hapd->iface->interfaces->iface[i];
7480 if (iface == hapd->iface || !iface || !iface->conf)
7483 is_colocated_6ghz = is_6ghz_op_class(iface->conf->op_class);
7504 if (!hapd->iface || !hapd->iface->interfaces)
7507 for (i = 0; i < hapd->iface->interfaces->count; i++) {
7508 iface = hapd->iface->interfaces->iface[i];
7510 if (!iface || iface == hapd->iface ||
7511 iface->state != HAPD_IFACE_ENABLED ||
7512 !is_6ghz_op_class(iface->conf->op_class))
7515 len += hostapd_eid_rnr_iface_len(iface->bss[0], hapd,
7531 if (!hapd->iface || !hapd->iface->interfaces || !hapd->conf->mld_ap)
7538 for (i = 0; i < hapd->iface->interfaces->count; i++) {
7539 iface = hapd->iface->interfaces->iface[i];
7541 if (!iface || iface == hapd->iface ||
7542 hapd->iface->freq == iface->freq)
7545 len += hostapd_eid_rnr_iface_len(iface->bss[0], hapd,
7562 if (hapd->conf->rnr)
7571 if (hapd->conf->rnr && hapd->iface->num_bss > 1 &&
7572 !hapd->iconf->mbssid)
7578 if (hapd->iface->num_bss > 1 && mode == STANDALONE_6GHZ)
7589 hapd->iconf->mbssid != ENHANCED_MBSSID_ENABLED))
7601 u8 *size_offset = (eid - len) + 1;
7603 dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry,
7605 if (!nr->nr || wpabuf_len(nr->nr) < 12)
7608 if (nr->short_ssid == hapd->conf->ssid.short_ssid)
7624 *eid++ = wpabuf_head_u8(nr->nr)[10];
7626 *eid++ = wpabuf_head_u8(nr->nr)[11];
7633 os_memcpy(eid, nr->bssid, ETH_ALEN);
7636 os_memcpy(eid, &nr->short_ssid, 4);
7639 *eid++ = nr->bss_parameters;
7643 *size_offset = (eid - size_offset) - 1;
7658 struct hostapd_iface *iface = hapd->iface;
7659 struct hostapd_data *bss = iface->bss[i];
7665 ap_mld = !!hapd->conf->mld_ap;
7668 if (!bss || !bss->conf || !bss->started ||
7669 bss == reporting_hapd || bss->conf->ignore_broadcast_ssid)
7686 *eid++ = bss->iconf->channel;
7691 os_memcpy(eid, bss->own_addr, ETH_ALEN);
7693 os_memcpy(eid, &bss->conf->ssid.short_ssid, 4);
7695 if (bss->conf->ssid.short_ssid == reporting_hapd->conf->ssid.short_ssid)
7698 if (iface->conf->mbssid != MBSSID_DISABLED && iface->num_bss > 1) {
7704 if (is_6ghz_op_class(hapd->iconf->op_class) &&
7705 bss->conf->unsol_bcast_probe_resp_interval)
7715 u8 param_ch = bss->eht_mld_bss_param_change;
7728 bss->mld_link_id | ((param_ch & 0xF) << 4) :
7733 if (bss->conf->mld_indicate_disabled)
7754 struct hostapd_iface *iface = hapd->iface;
7757 u8 *eid_start = eid, *size_offset = (eid - len) + 1;
7763 if (!(iface->drv_flags & WPA_DRIVER_FLAGS_AP_CSA) || !iface->freq)
7766 if (ieee80211_freq_to_channel_ext(iface->freq,
7767 hapd->iconf->secondary_channel,
7768 hostapd_get_oper_chwidth(hapd->iconf),
7776 while (start < iface->num_bss) {
7787 for (i = start; i < iface->num_bss; i++) {
7799 *tbtt_count_pos = RNR_TBTT_INFO_COUNT(tbtt_count - 1);
7800 *size_offset = (eid - size_offset) - 1;
7806 /* If building for co-location, re-build again but this time include
7828 if (!hapd->iface || !hapd->iface->interfaces)
7831 for (i = 0; i < hapd->iface->interfaces->count; i++) {
7832 iface = hapd->iface->interfaces->iface[i];
7834 if (!iface || iface == hapd->iface ||
7835 iface->state != HAPD_IFACE_ENABLED ||
7836 !is_6ghz_op_class(iface->conf->op_class))
7839 eid = hostapd_eid_rnr_iface(iface->bss[0], hapd, eid,
7854 if (!hapd->iface || !hapd->iface->interfaces || !hapd->conf->mld_ap)
7861 for (i = 0; i < hapd->iface->interfaces->count; i++) {
7862 iface = hapd->iface->interfaces->iface[i];
7864 if (!iface || iface == hapd->iface ||
7865 hapd->iface->freq == iface->freq)
7868 eid = hostapd_eid_rnr_iface(iface->bss[0], hapd, eid,
7886 if (hapd->conf->rnr)
7894 if (hapd->conf->rnr && hapd->iface->num_bss > 1 &&
7895 !hapd->iconf->mbssid)
7900 if (hapd->iface->num_bss > 1 && mode == STANDALONE_6GHZ)
7912 hapd->iconf->mbssid != ENHANCED_MBSSID_ENABLED))
7940 ext_capa_tx_len = ext_capa_tx_end - ext_capa_tx;
7942 ext_capa_len = ext_capa_end - ext_capa;
7973 for (i = *bss_index; i < hapd->iface->num_bss; i++) {
7974 struct hostapd_data *bss = hapd->iface->bss[i];
7979 if (!bss || !bss->conf || !bss->started ||
7991 nontx_profile_len = 11 + bss->conf->ssid.ssid_len;
7996 auth = wpa_auth_get_wpa_ie(bss->wpa_auth, &auth_len);
8014 if (bss->conf->xrates_supported)
8016 else if (hapd->conf->xrates_supported)
8042 ap_mld = hapd->conf->mld_ap;
8045 if (!hapd->iconf->mbssid || hapd->iface->num_bss <= 1 ||
8059 while (bss_index < hapd->iface->num_bss) {
8068 if (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED && rnr_len) {
8080 if (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED && rnr_len)
8100 for (i = *bss_index; i < hapd->iface->num_bss; i++) {
8101 struct hostapd_data *bss = hapd->iface->bss[i];
8109 if (!bss || !bss->conf || !bss->started ||
8112 conf = bss->conf;
8124 *eid++ = conf->ssid.ssid_len;
8125 os_memcpy(eid, conf->ssid.ssid, conf->ssid.ssid_len);
8126 eid += conf->ssid.ssid_len;
8132 if (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED &&
8133 (conf->dtim_period % elem_count))
8134 conf->dtim_period = elem_count;
8135 *eid++ = conf->dtim_period;
8150 auth = wpa_auth_get_wpa_ie(bss->wpa_auth, &auth_len);
8170 if (hapd->conf->xrates_supported &&
8171 !bss->conf->xrates_supported)
8185 *eid_len_pos = (eid - eid_len_pos) - 1;
8187 if (((eid - eid_len_offset) - 1) > 255) {
8197 *eid_len_offset = (eid - eid_len_offset) - 1;
8213 ap_mld = hapd->conf->mld_ap;
8216 if (!hapd->iconf->mbssid || hapd->iface->num_bss <= 1 ||
8227 add_rnr = hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED &&
8231 while (bss_index < hapd->iface->num_bss) {
8263 if (add_rnr && (size_t) (rnr_eid - rnr_start_eid) < rnr_len) {
8268 if (hapd->conf->rnr)