1 1.1 christos /* 2 1.1 christos * wpa_supplicant - MBO 3 1.1 christos * 4 1.1 christos * Copyright(c) 2015 Intel Deutschland GmbH 5 1.1 christos * Contact Information: 6 1.1 christos * Intel Linux Wireless <ilw (at) linux.intel.com> 7 1.1 christos * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 8 1.1 christos * 9 1.1 christos * This software may be distributed under the terms of the BSD license. 10 1.1 christos * See README for more details. 11 1.1 christos */ 12 1.1 christos 13 1.1 christos #include "utils/includes.h" 14 1.1 christos 15 1.1 christos #include "utils/common.h" 16 1.1 christos #include "common/ieee802_11_defs.h" 17 1.1 christos #include "common/gas.h" 18 1.1.1.4 christos #include "rsn_supp/wpa.h" 19 1.1 christos #include "config.h" 20 1.1 christos #include "wpa_supplicant_i.h" 21 1.1 christos #include "driver_i.h" 22 1.1 christos #include "bss.h" 23 1.1 christos #include "scan.h" 24 1.1 christos 25 1.1 christos /* type + length + oui + oui type */ 26 1.1 christos #define MBO_IE_HEADER 6 27 1.1 christos 28 1.1 christos 29 1.1 christos static int wpas_mbo_validate_non_pref_chan(u8 oper_class, u8 chan, u8 reason) 30 1.1 christos { 31 1.1 christos if (reason > MBO_NON_PREF_CHAN_REASON_INT_INTERFERENCE) 32 1.1 christos return -1; 33 1.1 christos 34 1.1 christos /* Only checking the validity of the channel and oper_class */ 35 1.1 christos if (ieee80211_chan_to_freq(NULL, oper_class, chan) == -1) 36 1.1 christos return -1; 37 1.1 christos 38 1.1 christos return 0; 39 1.1 christos } 40 1.1 christos 41 1.1 christos 42 1.1.1.2 christos const u8 * mbo_attr_from_mbo_ie(const u8 *mbo_ie, enum mbo_attr_id attr) 43 1.1.1.2 christos { 44 1.1.1.2 christos const u8 *mbo; 45 1.1.1.2 christos u8 ie_len = mbo_ie[1]; 46 1.1.1.2 christos 47 1.1.1.2 christos if (ie_len < MBO_IE_HEADER - 2) 48 1.1.1.2 christos return NULL; 49 1.1.1.2 christos mbo = mbo_ie + MBO_IE_HEADER; 50 1.1.1.2 christos 51 1.1.1.2 christos return get_ie(mbo, 2 + ie_len - MBO_IE_HEADER, attr); 52 1.1.1.2 christos } 53 1.1.1.2 christos 54 1.1.1.2 christos 55 1.1.1.3 christos const u8 * mbo_get_attr_from_ies(const u8 *ies, size_t ies_len, 56 1.1.1.3 christos enum mbo_attr_id attr) 57 1.1.1.3 christos { 58 1.1.1.3 christos const u8 *mbo_ie; 59 1.1.1.3 christos 60 1.1.1.3 christos mbo_ie = get_vendor_ie(ies, ies_len, MBO_IE_VENDOR_TYPE); 61 1.1.1.3 christos if (!mbo_ie) 62 1.1.1.3 christos return NULL; 63 1.1.1.3 christos 64 1.1.1.3 christos return mbo_attr_from_mbo_ie(mbo_ie, attr); 65 1.1.1.3 christos } 66 1.1.1.3 christos 67 1.1.1.3 christos 68 1.1.1.4 christos static const u8 * wpas_mbo_get_bss_attr(struct wpa_bss *bss, 69 1.1.1.4 christos enum mbo_attr_id attr, bool beacon) 70 1.1 christos { 71 1.1 christos const u8 *mbo, *end; 72 1.1 christos 73 1.1 christos if (!bss) 74 1.1 christos return NULL; 75 1.1 christos 76 1.1.1.4 christos if (beacon) 77 1.1.1.4 christos mbo = wpa_bss_get_vendor_ie_beacon(bss, MBO_IE_VENDOR_TYPE); 78 1.1.1.4 christos else 79 1.1.1.4 christos mbo = wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE); 80 1.1 christos if (!mbo) 81 1.1 christos return NULL; 82 1.1 christos 83 1.1 christos end = mbo + 2 + mbo[1]; 84 1.1 christos mbo += MBO_IE_HEADER; 85 1.1 christos 86 1.1 christos return get_ie(mbo, end - mbo, attr); 87 1.1 christos } 88 1.1 christos 89 1.1 christos 90 1.1.1.4 christos const u8 * wpas_mbo_check_assoc_disallow(struct wpa_bss *bss) 91 1.1.1.4 christos { 92 1.1.1.4 christos const u8 *assoc_disallow; 93 1.1.1.4 christos 94 1.1.1.4 christos assoc_disallow = wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_ASSOC_DISALLOW, 95 1.1.1.4 christos bss->beacon_newer); 96 1.1.1.4 christos if (assoc_disallow && assoc_disallow[1] >= 1) 97 1.1.1.4 christos return assoc_disallow; 98 1.1.1.4 christos 99 1.1.1.4 christos return NULL; 100 1.1.1.4 christos } 101 1.1.1.4 christos 102 1.1.1.4 christos 103 1.1.1.4 christos void wpas_mbo_check_pmf(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, 104 1.1.1.4 christos struct wpa_ssid *ssid) 105 1.1.1.4 christos { 106 1.1.1.4 christos const u8 *rsne, *mbo, *oce; 107 1.1.1.4 christos struct wpa_ie_data ie; 108 1.1.1.4 christos 109 1.1.1.4 christos wpa_s->disable_mbo_oce = 0; 110 1.1.1.4 christos if (!bss) 111 1.1.1.4 christos return; 112 1.1.1.4 christos mbo = wpas_mbo_get_bss_attr(bss, MBO_ATTR_ID_AP_CAPA_IND, false); 113 1.1.1.4 christos oce = wpas_mbo_get_bss_attr(bss, OCE_ATTR_ID_CAPA_IND, false); 114 1.1.1.4 christos if (!mbo && !oce) 115 1.1.1.4 christos return; 116 1.1.1.4 christos if (oce && oce[1] >= 1 && (oce[2] & OCE_IS_STA_CFON)) 117 1.1.1.4 christos return; /* STA-CFON is not required to enable PMF */ 118 1.1.1.4 christos rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN); 119 1.1.1.4 christos if (!rsne || wpa_parse_wpa_ie(rsne, 2 + rsne[1], &ie) < 0) 120 1.1.1.4 christos return; /* AP is not using RSN */ 121 1.1.1.4 christos 122 1.1.1.4 christos if (!(ie.capabilities & WPA_CAPABILITY_MFPC)) 123 1.1.1.4 christos wpa_s->disable_mbo_oce = 1; /* AP uses RSN without PMF */ 124 1.1.1.4 christos if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION) 125 1.1.1.4 christos wpa_s->disable_mbo_oce = 1; /* STA uses RSN without PMF */ 126 1.1.1.4 christos if (wpa_s->disable_mbo_oce) 127 1.1.1.4 christos wpa_printf(MSG_INFO, 128 1.1.1.4 christos "MBO: Disable MBO/OCE due to misbehaving AP not having enabled PMF"); 129 1.1.1.4 christos } 130 1.1.1.4 christos 131 1.1.1.4 christos 132 1.1 christos static void wpas_mbo_non_pref_chan_attr_body(struct wpa_supplicant *wpa_s, 133 1.1 christos struct wpabuf *mbo, 134 1.1 christos u8 start, u8 end) 135 1.1 christos { 136 1.1 christos u8 i; 137 1.1 christos 138 1.1 christos wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].oper_class); 139 1.1 christos 140 1.1 christos for (i = start; i < end; i++) 141 1.1 christos wpabuf_put_u8(mbo, wpa_s->non_pref_chan[i].chan); 142 1.1 christos 143 1.1 christos wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].preference); 144 1.1 christos wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].reason); 145 1.1 christos } 146 1.1 christos 147 1.1 christos 148 1.1.1.3 christos static void wpas_mbo_non_pref_chan_attr_hdr(struct wpabuf *mbo, size_t size) 149 1.1.1.3 christos { 150 1.1.1.3 christos wpabuf_put_u8(mbo, MBO_ATTR_ID_NON_PREF_CHAN_REPORT); 151 1.1.1.3 christos wpabuf_put_u8(mbo, size); /* Length */ 152 1.1.1.3 christos } 153 1.1.1.3 christos 154 1.1.1.3 christos 155 1.1 christos static void wpas_mbo_non_pref_chan_attr(struct wpa_supplicant *wpa_s, 156 1.1 christos struct wpabuf *mbo, u8 start, u8 end) 157 1.1 christos { 158 1.1 christos size_t size = end - start + 3; 159 1.1 christos 160 1.1 christos if (size + 2 > wpabuf_tailroom(mbo)) 161 1.1 christos return; 162 1.1 christos 163 1.1.1.3 christos wpas_mbo_non_pref_chan_attr_hdr(mbo, size); 164 1.1 christos wpas_mbo_non_pref_chan_attr_body(wpa_s, mbo, start, end); 165 1.1 christos } 166 1.1 christos 167 1.1 christos 168 1.1 christos static void wpas_mbo_non_pref_chan_subelem_hdr(struct wpabuf *mbo, u8 len) 169 1.1 christos { 170 1.1 christos wpabuf_put_u8(mbo, WLAN_EID_VENDOR_SPECIFIC); 171 1.1 christos wpabuf_put_u8(mbo, len); /* Length */ 172 1.1 christos wpabuf_put_be24(mbo, OUI_WFA); 173 1.1 christos wpabuf_put_u8(mbo, MBO_ATTR_ID_NON_PREF_CHAN_REPORT); 174 1.1 christos } 175 1.1 christos 176 1.1 christos 177 1.1 christos static void wpas_mbo_non_pref_chan_subelement(struct wpa_supplicant *wpa_s, 178 1.1 christos struct wpabuf *mbo, u8 start, 179 1.1 christos u8 end) 180 1.1 christos { 181 1.1 christos size_t size = end - start + 7; 182 1.1 christos 183 1.1 christos if (size + 2 > wpabuf_tailroom(mbo)) 184 1.1 christos return; 185 1.1 christos 186 1.1 christos wpas_mbo_non_pref_chan_subelem_hdr(mbo, size); 187 1.1 christos wpas_mbo_non_pref_chan_attr_body(wpa_s, mbo, start, end); 188 1.1 christos } 189 1.1 christos 190 1.1 christos 191 1.1 christos static void wpas_mbo_non_pref_chan_attrs(struct wpa_supplicant *wpa_s, 192 1.1 christos struct wpabuf *mbo, int subelement) 193 1.1 christos { 194 1.1 christos u8 i, start = 0; 195 1.1 christos struct wpa_mbo_non_pref_channel *start_pref; 196 1.1 christos 197 1.1 christos if (!wpa_s->non_pref_chan || !wpa_s->non_pref_chan_num) { 198 1.1 christos if (subelement) 199 1.1 christos wpas_mbo_non_pref_chan_subelem_hdr(mbo, 4); 200 1.1.1.3 christos else 201 1.1.1.3 christos wpas_mbo_non_pref_chan_attr_hdr(mbo, 0); 202 1.1 christos return; 203 1.1 christos } 204 1.1 christos start_pref = &wpa_s->non_pref_chan[0]; 205 1.1 christos 206 1.1 christos for (i = 1; i <= wpa_s->non_pref_chan_num; i++) { 207 1.1 christos struct wpa_mbo_non_pref_channel *non_pref = NULL; 208 1.1 christos 209 1.1 christos if (i < wpa_s->non_pref_chan_num) 210 1.1 christos non_pref = &wpa_s->non_pref_chan[i]; 211 1.1 christos if (!non_pref || 212 1.1 christos non_pref->oper_class != start_pref->oper_class || 213 1.1 christos non_pref->reason != start_pref->reason || 214 1.1 christos non_pref->preference != start_pref->preference) { 215 1.1 christos if (subelement) 216 1.1 christos wpas_mbo_non_pref_chan_subelement(wpa_s, mbo, 217 1.1 christos start, i); 218 1.1 christos else 219 1.1 christos wpas_mbo_non_pref_chan_attr(wpa_s, mbo, start, 220 1.1 christos i); 221 1.1 christos 222 1.1 christos if (!non_pref) 223 1.1 christos return; 224 1.1 christos 225 1.1 christos start = i; 226 1.1 christos start_pref = non_pref; 227 1.1 christos } 228 1.1 christos } 229 1.1 christos } 230 1.1 christos 231 1.1 christos 232 1.1.1.2 christos int wpas_mbo_ie(struct wpa_supplicant *wpa_s, u8 *buf, size_t len, 233 1.1.1.2 christos int add_oce_capa) 234 1.1 christos { 235 1.1 christos struct wpabuf *mbo; 236 1.1 christos int res; 237 1.1 christos 238 1.1.1.2 christos if (len < MBO_IE_HEADER + 3 + 7 + 239 1.1.1.2 christos ((wpa_s->enable_oce & OCE_STA) ? 3 : 0)) 240 1.1 christos return 0; 241 1.1 christos 242 1.1 christos /* Leave room for the MBO IE header */ 243 1.1 christos mbo = wpabuf_alloc(len - MBO_IE_HEADER); 244 1.1 christos if (!mbo) 245 1.1 christos return 0; 246 1.1 christos 247 1.1 christos /* Add non-preferred channels attribute */ 248 1.1 christos wpas_mbo_non_pref_chan_attrs(wpa_s, mbo, 0); 249 1.1 christos 250 1.1 christos /* 251 1.1 christos * Send cellular capabilities attribute even if AP does not advertise 252 1.1 christos * cellular capabilities. 253 1.1 christos */ 254 1.1 christos wpabuf_put_u8(mbo, MBO_ATTR_ID_CELL_DATA_CAPA); 255 1.1 christos wpabuf_put_u8(mbo, 1); 256 1.1 christos wpabuf_put_u8(mbo, wpa_s->conf->mbo_cell_capa); 257 1.1 christos 258 1.1.1.2 christos /* Add OCE capability indication attribute if OCE is enabled */ 259 1.1.1.2 christos if ((wpa_s->enable_oce & OCE_STA) && add_oce_capa) { 260 1.1.1.2 christos wpabuf_put_u8(mbo, OCE_ATTR_ID_CAPA_IND); 261 1.1.1.2 christos wpabuf_put_u8(mbo, 1); 262 1.1.1.2 christos wpabuf_put_u8(mbo, OCE_RELEASE); 263 1.1.1.2 christos } 264 1.1.1.2 christos 265 1.1 christos res = mbo_add_ie(buf, len, wpabuf_head_u8(mbo), wpabuf_len(mbo)); 266 1.1 christos if (!res) 267 1.1.1.2 christos wpa_printf(MSG_ERROR, "Failed to add MBO/OCE IE"); 268 1.1 christos 269 1.1 christos wpabuf_free(mbo); 270 1.1 christos return res; 271 1.1 christos } 272 1.1 christos 273 1.1 christos 274 1.1 christos static void wpas_mbo_send_wnm_notification(struct wpa_supplicant *wpa_s, 275 1.1 christos const u8 *data, size_t len) 276 1.1 christos { 277 1.1 christos struct wpabuf *buf; 278 1.1 christos int res; 279 1.1 christos 280 1.1 christos /* 281 1.1 christos * Send WNM-Notification Request frame only in case of a change in 282 1.1 christos * non-preferred channels list during association, if the AP supports 283 1.1 christos * MBO. 284 1.1 christos */ 285 1.1 christos if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_bss || 286 1.1 christos !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE)) 287 1.1 christos return; 288 1.1 christos 289 1.1 christos buf = wpabuf_alloc(4 + len); 290 1.1 christos if (!buf) 291 1.1 christos return; 292 1.1 christos 293 1.1 christos wpabuf_put_u8(buf, WLAN_ACTION_WNM); 294 1.1 christos wpabuf_put_u8(buf, WNM_NOTIFICATION_REQ); 295 1.1 christos wpa_s->mbo_wnm_token++; 296 1.1 christos if (wpa_s->mbo_wnm_token == 0) 297 1.1 christos wpa_s->mbo_wnm_token++; 298 1.1 christos wpabuf_put_u8(buf, wpa_s->mbo_wnm_token); 299 1.1 christos wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); /* Type */ 300 1.1 christos 301 1.1 christos wpabuf_put_data(buf, data, len); 302 1.1 christos 303 1.1 christos res = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid, 304 1.1 christos wpa_s->own_addr, wpa_s->bssid, 305 1.1 christos wpabuf_head(buf), wpabuf_len(buf), 0); 306 1.1 christos if (res < 0) 307 1.1 christos wpa_printf(MSG_DEBUG, 308 1.1 christos "Failed to send WNM-Notification Request frame with non-preferred channel list"); 309 1.1 christos 310 1.1 christos wpabuf_free(buf); 311 1.1 christos } 312 1.1 christos 313 1.1 christos 314 1.1 christos static void wpas_mbo_non_pref_chan_changed(struct wpa_supplicant *wpa_s) 315 1.1 christos { 316 1.1 christos struct wpabuf *buf; 317 1.1 christos 318 1.1 christos buf = wpabuf_alloc(512); 319 1.1 christos if (!buf) 320 1.1 christos return; 321 1.1 christos 322 1.1 christos wpas_mbo_non_pref_chan_attrs(wpa_s, buf, 1); 323 1.1 christos wpas_mbo_send_wnm_notification(wpa_s, wpabuf_head_u8(buf), 324 1.1 christos wpabuf_len(buf)); 325 1.1.1.3 christos wpas_update_mbo_connect_params(wpa_s); 326 1.1 christos wpabuf_free(buf); 327 1.1 christos } 328 1.1 christos 329 1.1 christos 330 1.1 christos static int wpa_non_pref_chan_is_eq(struct wpa_mbo_non_pref_channel *a, 331 1.1 christos struct wpa_mbo_non_pref_channel *b) 332 1.1 christos { 333 1.1 christos return a->oper_class == b->oper_class && a->chan == b->chan; 334 1.1 christos } 335 1.1 christos 336 1.1 christos 337 1.1 christos /* 338 1.1 christos * wpa_non_pref_chan_cmp - Compare two channels for sorting 339 1.1 christos * 340 1.1 christos * In MBO IE non-preferred channel subelement we can put many channels in an 341 1.1 christos * attribute if they are in the same operating class and have the same 342 1.1 christos * preference and reason. To make it easy for the functions that build 343 1.1 christos * the IE attributes and WNM Request subelements, save the channels sorted 344 1.1 christos * by their oper_class and reason. 345 1.1 christos */ 346 1.1 christos static int wpa_non_pref_chan_cmp(const void *_a, const void *_b) 347 1.1 christos { 348 1.1 christos const struct wpa_mbo_non_pref_channel *a = _a, *b = _b; 349 1.1 christos 350 1.1 christos if (a->oper_class != b->oper_class) 351 1.1.1.3 christos return (int) a->oper_class - (int) b->oper_class; 352 1.1 christos if (a->reason != b->reason) 353 1.1.1.3 christos return (int) a->reason - (int) b->reason; 354 1.1.1.3 christos return (int) a->preference - (int) b->preference; 355 1.1 christos } 356 1.1 christos 357 1.1 christos 358 1.1 christos int wpas_mbo_update_non_pref_chan(struct wpa_supplicant *wpa_s, 359 1.1 christos const char *non_pref_chan) 360 1.1 christos { 361 1.1 christos char *cmd, *token, *context = NULL; 362 1.1 christos struct wpa_mbo_non_pref_channel *chans = NULL, *tmp_chans; 363 1.1 christos size_t num = 0, size = 0; 364 1.1 christos unsigned i; 365 1.1 christos 366 1.1 christos wpa_printf(MSG_DEBUG, "MBO: Update non-preferred channels, non_pref_chan=%s", 367 1.1 christos non_pref_chan ? non_pref_chan : "N/A"); 368 1.1 christos 369 1.1 christos /* 370 1.1.1.2 christos * The shortest channel configuration is 7 characters - 3 colons and 371 1.1.1.2 christos * 4 values. 372 1.1 christos */ 373 1.1.1.2 christos if (!non_pref_chan || os_strlen(non_pref_chan) < 7) 374 1.1 christos goto update; 375 1.1 christos 376 1.1 christos cmd = os_strdup(non_pref_chan); 377 1.1 christos if (!cmd) 378 1.1 christos return -1; 379 1.1 christos 380 1.1 christos while ((token = str_token(cmd, " ", &context))) { 381 1.1 christos struct wpa_mbo_non_pref_channel *chan; 382 1.1 christos int ret; 383 1.1 christos unsigned int _oper_class; 384 1.1 christos unsigned int _chan; 385 1.1 christos unsigned int _preference; 386 1.1 christos unsigned int _reason; 387 1.1 christos 388 1.1 christos if (num == size) { 389 1.1 christos size = size ? size * 2 : 1; 390 1.1 christos tmp_chans = os_realloc_array(chans, size, 391 1.1 christos sizeof(*chans)); 392 1.1 christos if (!tmp_chans) { 393 1.1 christos wpa_printf(MSG_ERROR, 394 1.1 christos "Couldn't reallocate non_pref_chan"); 395 1.1 christos goto fail; 396 1.1 christos } 397 1.1 christos chans = tmp_chans; 398 1.1 christos } 399 1.1 christos 400 1.1 christos chan = &chans[num]; 401 1.1 christos 402 1.1 christos ret = sscanf(token, "%u:%u:%u:%u", &_oper_class, 403 1.1 christos &_chan, &_preference, &_reason); 404 1.1 christos if (ret != 4 || 405 1.1 christos _oper_class > 255 || _chan > 255 || 406 1.1 christos _preference > 255 || _reason > 65535 ) { 407 1.1 christos wpa_printf(MSG_ERROR, "Invalid non-pref chan input %s", 408 1.1 christos token); 409 1.1 christos goto fail; 410 1.1 christos } 411 1.1 christos chan->oper_class = _oper_class; 412 1.1 christos chan->chan = _chan; 413 1.1 christos chan->preference = _preference; 414 1.1 christos chan->reason = _reason; 415 1.1 christos 416 1.1 christos if (wpas_mbo_validate_non_pref_chan(chan->oper_class, 417 1.1 christos chan->chan, chan->reason)) { 418 1.1 christos wpa_printf(MSG_ERROR, 419 1.1 christos "Invalid non_pref_chan: oper class %d chan %d reason %d", 420 1.1 christos chan->oper_class, chan->chan, chan->reason); 421 1.1 christos goto fail; 422 1.1 christos } 423 1.1 christos 424 1.1 christos for (i = 0; i < num; i++) 425 1.1 christos if (wpa_non_pref_chan_is_eq(chan, &chans[i])) 426 1.1 christos break; 427 1.1 christos if (i != num) { 428 1.1 christos wpa_printf(MSG_ERROR, 429 1.1 christos "oper class %d chan %d is duplicated", 430 1.1 christos chan->oper_class, chan->chan); 431 1.1 christos goto fail; 432 1.1 christos } 433 1.1 christos 434 1.1 christos num++; 435 1.1 christos } 436 1.1 christos 437 1.1 christos os_free(cmd); 438 1.1 christos 439 1.1 christos if (chans) { 440 1.1 christos qsort(chans, num, sizeof(struct wpa_mbo_non_pref_channel), 441 1.1 christos wpa_non_pref_chan_cmp); 442 1.1 christos } 443 1.1 christos 444 1.1 christos update: 445 1.1 christos os_free(wpa_s->non_pref_chan); 446 1.1 christos wpa_s->non_pref_chan = chans; 447 1.1 christos wpa_s->non_pref_chan_num = num; 448 1.1 christos wpas_mbo_non_pref_chan_changed(wpa_s); 449 1.1 christos 450 1.1 christos return 0; 451 1.1 christos 452 1.1 christos fail: 453 1.1 christos os_free(chans); 454 1.1 christos os_free(cmd); 455 1.1 christos return -1; 456 1.1 christos } 457 1.1 christos 458 1.1 christos 459 1.1 christos void wpas_mbo_scan_ie(struct wpa_supplicant *wpa_s, struct wpabuf *ie) 460 1.1 christos { 461 1.1.1.2 christos u8 *len; 462 1.1.1.2 christos 463 1.1 christos wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC); 464 1.1.1.2 christos len = wpabuf_put(ie, 1); 465 1.1.1.2 christos 466 1.1 christos wpabuf_put_be24(ie, OUI_WFA); 467 1.1 christos wpabuf_put_u8(ie, MBO_OUI_TYPE); 468 1.1 christos 469 1.1 christos wpabuf_put_u8(ie, MBO_ATTR_ID_CELL_DATA_CAPA); 470 1.1 christos wpabuf_put_u8(ie, 1); 471 1.1 christos wpabuf_put_u8(ie, wpa_s->conf->mbo_cell_capa); 472 1.1.1.2 christos if (wpa_s->enable_oce & OCE_STA) { 473 1.1.1.2 christos wpabuf_put_u8(ie, OCE_ATTR_ID_CAPA_IND); 474 1.1.1.2 christos wpabuf_put_u8(ie, 1); 475 1.1.1.2 christos wpabuf_put_u8(ie, OCE_RELEASE); 476 1.1 christos } 477 1.1.1.2 christos *len = (u8 *) wpabuf_put(ie, 0) - len - 1; 478 1.1 christos } 479 1.1 christos 480 1.1 christos 481 1.1 christos void wpas_mbo_ie_trans_req(struct wpa_supplicant *wpa_s, const u8 *mbo_ie, 482 1.1 christos size_t len) 483 1.1 christos { 484 1.1.1.2 christos const u8 *pos, *cell_pref = NULL; 485 1.1 christos u8 id, elen; 486 1.1 christos u16 disallowed_sec = 0; 487 1.1 christos 488 1.1 christos if (len <= 4 || WPA_GET_BE24(mbo_ie) != OUI_WFA || 489 1.1 christos mbo_ie[3] != MBO_OUI_TYPE) 490 1.1 christos return; 491 1.1 christos 492 1.1 christos pos = mbo_ie + 4; 493 1.1 christos len -= 4; 494 1.1 christos 495 1.1 christos while (len >= 2) { 496 1.1 christos id = *pos++; 497 1.1 christos elen = *pos++; 498 1.1 christos len -= 2; 499 1.1 christos 500 1.1 christos if (elen > len) 501 1.1 christos goto fail; 502 1.1 christos 503 1.1 christos switch (id) { 504 1.1 christos case MBO_ATTR_ID_CELL_DATA_PREF: 505 1.1 christos if (elen != 1) 506 1.1 christos goto fail; 507 1.1 christos 508 1.1 christos if (wpa_s->conf->mbo_cell_capa == 509 1.1 christos MBO_CELL_CAPA_AVAILABLE) 510 1.1 christos cell_pref = pos; 511 1.1 christos else 512 1.1 christos wpa_printf(MSG_DEBUG, 513 1.1 christos "MBO: Station does not support Cellular data connection"); 514 1.1 christos break; 515 1.1 christos case MBO_ATTR_ID_TRANSITION_REASON: 516 1.1 christos if (elen != 1) 517 1.1 christos goto fail; 518 1.1 christos 519 1.1.1.2 christos wpa_s->wnm_mbo_trans_reason_present = 1; 520 1.1.1.2 christos wpa_s->wnm_mbo_transition_reason = *pos; 521 1.1 christos break; 522 1.1 christos case MBO_ATTR_ID_ASSOC_RETRY_DELAY: 523 1.1 christos if (elen != 2) 524 1.1 christos goto fail; 525 1.1 christos 526 1.1 christos if (wpa_s->wnm_mode & 527 1.1 christos WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED) { 528 1.1 christos wpa_printf(MSG_DEBUG, 529 1.1 christos "MBO: Unexpected association retry delay, BSS is terminating"); 530 1.1 christos goto fail; 531 1.1 christos } else if (wpa_s->wnm_mode & 532 1.1 christos WNM_BSS_TM_REQ_DISASSOC_IMMINENT) { 533 1.1 christos disallowed_sec = WPA_GET_LE16(pos); 534 1.1.1.2 christos wpa_printf(MSG_DEBUG, 535 1.1.1.2 christos "MBO: Association retry delay: %u", 536 1.1.1.2 christos disallowed_sec); 537 1.1 christos } else { 538 1.1 christos wpa_printf(MSG_DEBUG, 539 1.1 christos "MBO: Association retry delay attribute not in disassoc imminent mode"); 540 1.1 christos } 541 1.1 christos 542 1.1 christos break; 543 1.1 christos case MBO_ATTR_ID_AP_CAPA_IND: 544 1.1 christos case MBO_ATTR_ID_NON_PREF_CHAN_REPORT: 545 1.1 christos case MBO_ATTR_ID_CELL_DATA_CAPA: 546 1.1 christos case MBO_ATTR_ID_ASSOC_DISALLOW: 547 1.1 christos case MBO_ATTR_ID_TRANSITION_REJECT_REASON: 548 1.1 christos wpa_printf(MSG_DEBUG, 549 1.1 christos "MBO: Attribute %d should not be included in BTM Request frame", 550 1.1 christos id); 551 1.1 christos break; 552 1.1 christos default: 553 1.1 christos wpa_printf(MSG_DEBUG, "MBO: Unknown attribute id %u", 554 1.1 christos id); 555 1.1 christos return; 556 1.1 christos } 557 1.1 christos 558 1.1 christos pos += elen; 559 1.1 christos len -= elen; 560 1.1 christos } 561 1.1 christos 562 1.1 christos if (cell_pref) 563 1.1 christos wpa_msg(wpa_s, MSG_INFO, MBO_CELL_PREFERENCE "preference=%u", 564 1.1 christos *cell_pref); 565 1.1 christos 566 1.1.1.2 christos if (wpa_s->wnm_mbo_trans_reason_present) 567 1.1 christos wpa_msg(wpa_s, MSG_INFO, MBO_TRANSITION_REASON "reason=%u", 568 1.1.1.2 christos wpa_s->wnm_mbo_transition_reason); 569 1.1 christos 570 1.1 christos if (disallowed_sec && wpa_s->current_bss) 571 1.1 christos wpa_bss_tmp_disallow(wpa_s, wpa_s->current_bss->bssid, 572 1.1.1.3 christos disallowed_sec, 0); 573 1.1 christos 574 1.1 christos return; 575 1.1 christos fail: 576 1.1 christos wpa_printf(MSG_DEBUG, "MBO IE parsing failed (id=%u len=%u left=%zu)", 577 1.1 christos id, elen, len); 578 1.1 christos } 579 1.1 christos 580 1.1 christos 581 1.1 christos size_t wpas_mbo_ie_bss_trans_reject(struct wpa_supplicant *wpa_s, u8 *pos, 582 1.1 christos size_t len, 583 1.1 christos enum mbo_transition_reject_reason reason) 584 1.1 christos { 585 1.1 christos u8 reject_attr[3]; 586 1.1 christos 587 1.1 christos reject_attr[0] = MBO_ATTR_ID_TRANSITION_REJECT_REASON; 588 1.1 christos reject_attr[1] = 1; 589 1.1 christos reject_attr[2] = reason; 590 1.1 christos 591 1.1 christos return mbo_add_ie(pos, len, reject_attr, sizeof(reject_attr)); 592 1.1 christos } 593 1.1 christos 594 1.1 christos 595 1.1 christos void wpas_mbo_update_cell_capa(struct wpa_supplicant *wpa_s, u8 mbo_cell_capa) 596 1.1 christos { 597 1.1 christos u8 cell_capa[7]; 598 1.1 christos 599 1.1 christos if (wpa_s->conf->mbo_cell_capa == mbo_cell_capa) { 600 1.1 christos wpa_printf(MSG_DEBUG, 601 1.1 christos "MBO: Cellular capability already set to %u", 602 1.1 christos mbo_cell_capa); 603 1.1 christos return; 604 1.1 christos } 605 1.1 christos 606 1.1 christos wpa_s->conf->mbo_cell_capa = mbo_cell_capa; 607 1.1 christos 608 1.1 christos cell_capa[0] = WLAN_EID_VENDOR_SPECIFIC; 609 1.1 christos cell_capa[1] = 5; /* Length */ 610 1.1 christos WPA_PUT_BE24(cell_capa + 2, OUI_WFA); 611 1.1 christos cell_capa[5] = MBO_ATTR_ID_CELL_DATA_CAPA; 612 1.1 christos cell_capa[6] = mbo_cell_capa; 613 1.1 christos 614 1.1 christos wpas_mbo_send_wnm_notification(wpa_s, cell_capa, 7); 615 1.1 christos wpa_supplicant_set_default_scan_ies(wpa_s); 616 1.1.1.3 christos wpas_update_mbo_connect_params(wpa_s); 617 1.1 christos } 618 1.1 christos 619 1.1 christos 620 1.1 christos struct wpabuf * mbo_build_anqp_buf(struct wpa_supplicant *wpa_s, 621 1.1.1.2 christos struct wpa_bss *bss, u32 mbo_subtypes) 622 1.1 christos { 623 1.1 christos struct wpabuf *anqp_buf; 624 1.1 christos u8 *len_pos; 625 1.1.1.2 christos u8 i; 626 1.1 christos 627 1.1 christos if (!wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE)) { 628 1.1 christos wpa_printf(MSG_INFO, "MBO: " MACSTR 629 1.1 christos " does not support MBO - cannot request MBO ANQP elements from it", 630 1.1 christos MAC2STR(bss->bssid)); 631 1.1 christos return NULL; 632 1.1 christos } 633 1.1 christos 634 1.1.1.2 christos /* Allocate size for the maximum case - all MBO subtypes are set */ 635 1.1.1.2 christos anqp_buf = wpabuf_alloc(9 + MAX_MBO_ANQP_SUBTYPE); 636 1.1 christos if (!anqp_buf) 637 1.1 christos return NULL; 638 1.1 christos 639 1.1 christos len_pos = gas_anqp_add_element(anqp_buf, ANQP_VENDOR_SPECIFIC); 640 1.1 christos wpabuf_put_be24(anqp_buf, OUI_WFA); 641 1.1 christos wpabuf_put_u8(anqp_buf, MBO_ANQP_OUI_TYPE); 642 1.1 christos 643 1.1.1.2 christos wpabuf_put_u8(anqp_buf, MBO_ANQP_SUBTYPE_QUERY_LIST); 644 1.1.1.2 christos 645 1.1.1.2 christos /* The first valid MBO subtype is 1 */ 646 1.1.1.2 christos for (i = 1; i <= MAX_MBO_ANQP_SUBTYPE; i++) { 647 1.1.1.2 christos if (mbo_subtypes & BIT(i)) 648 1.1.1.2 christos wpabuf_put_u8(anqp_buf, i); 649 1.1.1.2 christos } 650 1.1.1.2 christos 651 1.1 christos gas_anqp_set_element_len(anqp_buf, len_pos); 652 1.1 christos 653 1.1 christos return anqp_buf; 654 1.1 christos } 655 1.1.1.2 christos 656 1.1.1.2 christos 657 1.1.1.2 christos void mbo_parse_rx_anqp_resp(struct wpa_supplicant *wpa_s, 658 1.1.1.2 christos struct wpa_bss *bss, const u8 *sa, 659 1.1.1.2 christos const u8 *data, size_t slen) 660 1.1.1.2 christos { 661 1.1.1.2 christos const u8 *pos = data; 662 1.1.1.2 christos u8 subtype; 663 1.1.1.2 christos 664 1.1.1.2 christos if (slen < 1) 665 1.1.1.2 christos return; 666 1.1.1.2 christos 667 1.1.1.2 christos subtype = *pos++; 668 1.1.1.2 christos slen--; 669 1.1.1.2 christos 670 1.1.1.2 christos switch (subtype) { 671 1.1.1.2 christos case MBO_ANQP_SUBTYPE_CELL_CONN_PREF: 672 1.1.1.2 christos if (slen < 1) 673 1.1.1.2 christos break; 674 1.1.1.2 christos wpa_msg(wpa_s, MSG_INFO, RX_MBO_ANQP MACSTR 675 1.1.1.2 christos " cell_conn_pref=%u", MAC2STR(sa), *pos); 676 1.1.1.2 christos break; 677 1.1.1.2 christos default: 678 1.1.1.2 christos wpa_printf(MSG_DEBUG, "MBO: Unsupported ANQP subtype %u", 679 1.1.1.2 christos subtype); 680 1.1.1.2 christos break; 681 1.1.1.2 christos } 682 1.1.1.2 christos } 683
Indexes created Tue Apr 07 00:22:49 UTC 2026