Andrew Geissler | 32b1199 | 2021-03-31 13:37:05 -0500 | [diff] [blame] | 1 | From 018edec9b2bd3db20605117c32ff79c1e625c432 Mon Sep 17 00:00:00 2001 |
| 2 | From: Jouni Malinen <j@w1.fi> |
| 3 | Date: Wed, 11 Sep 2019 12:34:28 +0300 |
| 4 | Subject: [PATCH] Remove IAPP functionality from hostapd |
| 5 | |
| 6 | IEEE Std 802.11F-2003 was withdrawn in 2006 and as such it has not been |
| 7 | maintained nor is there any expectation of the withdrawn trial-use |
| 8 | recommended practice to be maintained in the future. Furthermore, |
| 9 | implementation of IAPP in hostapd was not complete, i.e., only parts of |
| 10 | the recommended practice were included. The main item of some real use |
| 11 | long time ago was the Layer 2 Update frame to update bridges when a STA |
| 12 | roams within an ESS, but that functionality has, in practice, been moved |
| 13 | to kernel drivers to provide better integration with the networking |
| 14 | stack. |
| 15 | |
| 16 | CVE: CVE-2019-5061 |
| 17 | |
| 18 | Upstream-Status: Backport |
| 19 | |
| 20 | Signed-off-by: Jouni Malinen <j@w1.fi> |
| 21 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> |
| 22 | --- |
| 23 | hostapd/Android.mk | 5 - |
| 24 | hostapd/Makefile | 5 - |
| 25 | hostapd/android.config | 3 - |
| 26 | hostapd/config_file.c | 3 +- |
| 27 | hostapd/defconfig | 3 - |
| 28 | hostapd/hostapd.conf | 6 - |
| 29 | hostapd/main.c | 3 - |
| 30 | src/ap/Makefile | 2 - |
| 31 | src/ap/ap_config.h | 4 - |
| 32 | src/ap/hostapd.c | 14 - |
| 33 | src/ap/hostapd.h | 2 - |
| 34 | src/ap/iapp.c | 542 ---------------------- |
| 35 | src/ap/iapp.h | 39 -- |
| 36 | src/utils/wpa_debug.h | 1 - |
| 37 | 14 files changed, 1 insertion(+), 633 deletions(-) |
| 38 | delete mode 100644 src/ap/iapp.c |
| 39 | delete mode 100644 src/ap/iapp.h |
| 40 | |
| 41 | diff --git a/hostapd/Android.mk b/hostapd/Android.mk |
| 42 | index 3183323ef..a87ac8144 100644 |
| 43 | --- a/hostapd/Android.mk |
| 44 | +++ b/hostapd/Android.mk |
| 45 | @@ -205,11 +205,6 @@ endif |
| 46 | |
| 47 | L_CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX |
| 48 | |
| 49 | -ifdef CONFIG_IAPP |
| 50 | -L_CFLAGS += -DCONFIG_IAPP |
| 51 | -OBJS += src/ap/iapp.c |
| 52 | -endif |
| 53 | - |
| 54 | ifdef CONFIG_RSN_PREAUTH |
| 55 | L_CFLAGS += -DCONFIG_RSN_PREAUTH |
| 56 | CONFIG_L2_PACKET=y |
| 57 | diff --git a/hostapd/Makefile b/hostapd/Makefile |
| 58 | index f7f4c785b..42bb9e4c8 100644 |
| 59 | --- a/hostapd/Makefile |
| 60 | +++ b/hostapd/Makefile |
| 61 | @@ -248,11 +248,6 @@ ifndef CONFIG_NO_CTRL_IFACE |
| 62 | CFLAGS += -DCONFIG_CTRL_IFACE |
| 63 | endif |
| 64 | |
| 65 | -ifdef CONFIG_IAPP |
| 66 | -CFLAGS += -DCONFIG_IAPP |
| 67 | -OBJS += ../src/ap/iapp.o |
| 68 | -endif |
| 69 | - |
| 70 | ifdef CONFIG_RSN_PREAUTH |
| 71 | CFLAGS += -DCONFIG_RSN_PREAUTH |
| 72 | CONFIG_L2_PACKET=y |
| 73 | diff --git a/hostapd/android.config b/hostapd/android.config |
| 74 | index efe252332..e2e6c7821 100644 |
| 75 | --- a/hostapd/android.config |
| 76 | +++ b/hostapd/android.config |
| 77 | @@ -38,9 +38,6 @@ CONFIG_DRIVER_NL80211_QCA=y |
| 78 | # Driver interface for no driver (e.g., RADIUS server only) |
| 79 | #CONFIG_DRIVER_NONE=y |
| 80 | |
| 81 | -# IEEE 802.11F/IAPP |
| 82 | -#CONFIG_IAPP=y |
| 83 | - |
| 84 | # WPA2/IEEE 802.11i RSN pre-authentication |
| 85 | #CONFIG_RSN_PREAUTH=y |
| 86 | |
| 87 | diff --git a/hostapd/config_file.c b/hostapd/config_file.c |
| 88 | index 680f17ee0..0d340d252 100644 |
| 89 | --- a/hostapd/config_file.c |
| 90 | +++ b/hostapd/config_file.c |
| 91 | @@ -2712,8 +2712,7 @@ static int hostapd_config_fill(struct hostapd_config *conf, |
| 92 | bss->eapol_key_index_workaround = atoi(pos); |
| 93 | #ifdef CONFIG_IAPP |
| 94 | } else if (os_strcmp(buf, "iapp_interface") == 0) { |
| 95 | - bss->ieee802_11f = 1; |
| 96 | - os_strlcpy(bss->iapp_iface, pos, sizeof(bss->iapp_iface)); |
| 97 | + wpa_printf(MSG_INFO, "DEPRECATED: iapp_interface not used"); |
| 98 | #endif /* CONFIG_IAPP */ |
| 99 | } else if (os_strcmp(buf, "own_ip_addr") == 0) { |
| 100 | if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) { |
| 101 | diff --git a/hostapd/defconfig b/hostapd/defconfig |
| 102 | index b1fb56c3b..1a3d9f9ba 100644 |
| 103 | --- a/hostapd/defconfig |
| 104 | +++ b/hostapd/defconfig |
| 105 | @@ -44,9 +44,6 @@ CONFIG_LIBNL32=y |
| 106 | # Driver interface for no driver (e.g., RADIUS server only) |
| 107 | #CONFIG_DRIVER_NONE=y |
| 108 | |
| 109 | -# IEEE 802.11F/IAPP |
| 110 | -CONFIG_IAPP=y |
| 111 | - |
| 112 | # WPA2/IEEE 802.11i RSN pre-authentication |
| 113 | CONFIG_RSN_PREAUTH=y |
| 114 | |
| 115 | diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf |
| 116 | index 6c96a760a..a3c698480 100644 |
| 117 | --- a/hostapd/hostapd.conf |
| 118 | +++ b/hostapd/hostapd.conf |
| 119 | @@ -41,7 +41,6 @@ interface=wlan0 |
| 120 | # bit 2 (4) = RADIUS |
| 121 | # bit 3 (8) = WPA |
| 122 | # bit 4 (16) = driver interface |
| 123 | -# bit 5 (32) = IAPP |
| 124 | # bit 6 (64) = MLME |
| 125 | # |
| 126 | # Levels (minimum value for logged events): |
| 127 | @@ -1243,11 +1242,6 @@ eap_server=0 |
| 128 | # Whether to enable ERP on the EAP server. |
| 129 | #eap_server_erp=1 |
| 130 | |
| 131 | -##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) ####################### |
| 132 | - |
| 133 | -# Interface to be used for IAPP broadcast packets |
| 134 | -#iapp_interface=eth0 |
| 135 | - |
| 136 | |
| 137 | ##### RADIUS client configuration ############################################# |
| 138 | # for IEEE 802.1X with external Authentication Server, IEEE 802.11 |
| 139 | diff --git a/hostapd/main.c b/hostapd/main.c |
| 140 | index 08896ffe2..8bfe24281 100644 |
| 141 | --- a/hostapd/main.c |
| 142 | +++ b/hostapd/main.c |
| 143 | @@ -81,9 +81,6 @@ static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module, |
| 144 | case HOSTAPD_MODULE_DRIVER: |
| 145 | module_str = "DRIVER"; |
| 146 | break; |
| 147 | - case HOSTAPD_MODULE_IAPP: |
| 148 | - module_str = "IAPP"; |
| 149 | - break; |
| 150 | case HOSTAPD_MODULE_MLME: |
| 151 | module_str = "MLME"; |
| 152 | break; |
| 153 | diff --git a/src/ap/Makefile b/src/ap/Makefile |
| 154 | index bd3f33b77..54e48a0dd 100644 |
| 155 | --- a/src/ap/Makefile |
| 156 | +++ b/src/ap/Makefile |
| 157 | @@ -18,7 +18,6 @@ CFLAGS += -DCONFIG_IEEE80211R_AP |
| 158 | CFLAGS += -DCONFIG_WPS |
| 159 | CFLAGS += -DCONFIG_PROXYARP |
| 160 | CFLAGS += -DCONFIG_IPV6 |
| 161 | -CFLAGS += -DCONFIG_IAPP |
| 162 | CFLAGS += -DCONFIG_AIRTIME_POLICY |
| 163 | |
| 164 | LIB_OBJS= \ |
| 165 | @@ -41,7 +40,6 @@ LIB_OBJS= \ |
| 166 | hostapd.o \ |
| 167 | hs20.o \ |
| 168 | hw_features.o \ |
| 169 | - iapp.o \ |
| 170 | ieee802_11_auth.o \ |
| 171 | ieee802_11.o \ |
| 172 | ieee802_11_ht.o \ |
| 173 | diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h |
| 174 | index e219160b0..17eb0682b 100644 |
| 175 | --- a/src/ap/ap_config.h |
| 176 | +++ b/src/ap/ap_config.h |
| 177 | @@ -325,10 +325,6 @@ struct hostapd_bss_config { |
| 178 | int erp_send_reauth_start; |
| 179 | char *erp_domain; |
| 180 | |
| 181 | - int ieee802_11f; /* use IEEE 802.11f (IAPP) */ |
| 182 | - char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast |
| 183 | - * frames */ |
| 184 | - |
| 185 | enum macaddr_acl { |
| 186 | ACCEPT_UNLESS_DENIED = 0, |
| 187 | DENY_UNLESS_ACCEPTED = 1, |
| 188 | diff --git a/src/ap/hostapd.c b/src/ap/hostapd.c |
| 189 | index ef988b634..bf7b1f89e 100644 |
| 190 | --- a/src/ap/hostapd.c |
| 191 | +++ b/src/ap/hostapd.c |
| 192 | @@ -28,7 +28,6 @@ |
| 193 | #include "accounting.h" |
| 194 | #include "ap_list.h" |
| 195 | #include "beacon.h" |
| 196 | -#include "iapp.h" |
| 197 | #include "ieee802_1x.h" |
| 198 | #include "ieee802_11_auth.h" |
| 199 | #include "vlan_init.h" |
| 200 | @@ -361,8 +360,6 @@ static void hostapd_free_hapd_data(struct hostapd_data *hapd) |
| 201 | hapd->beacon_set_done = 0; |
| 202 | |
| 203 | wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); |
| 204 | - iapp_deinit(hapd->iapp); |
| 205 | - hapd->iapp = NULL; |
| 206 | accounting_deinit(hapd); |
| 207 | hostapd_deinit_wpa(hapd); |
| 208 | vlan_deinit(hapd); |
| 209 | @@ -1296,13 +1293,6 @@ static int hostapd_setup_bss(struct hostapd_data *hapd, int first) |
| 210 | return -1; |
| 211 | } |
| 212 | |
| 213 | - if (conf->ieee802_11f && |
| 214 | - (hapd->iapp = iapp_init(hapd, conf->iapp_iface)) == NULL) { |
| 215 | - wpa_printf(MSG_ERROR, "IEEE 802.11F (IAPP) initialization " |
| 216 | - "failed."); |
| 217 | - return -1; |
| 218 | - } |
| 219 | - |
| 220 | #ifdef CONFIG_INTERWORKING |
| 221 | if (gas_serv_init(hapd)) { |
| 222 | wpa_printf(MSG_ERROR, "GAS server initialization failed"); |
| 223 | @@ -3056,10 +3046,6 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta, |
| 224 | hostapd_prune_associations(hapd, sta->addr); |
| 225 | ap_sta_clear_disconnect_timeouts(hapd, sta); |
| 226 | |
| 227 | - /* IEEE 802.11F (IAPP) */ |
| 228 | - if (hapd->conf->ieee802_11f) |
| 229 | - iapp_new_station(hapd->iapp, sta); |
| 230 | - |
| 231 | #ifdef CONFIG_P2P |
| 232 | if (sta->p2p_ie == NULL && !sta->no_p2p_set) { |
| 233 | sta->no_p2p_set = 1; |
| 234 | diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h |
| 235 | index 5b859b8a9..2358d1664 100644 |
| 236 | --- a/src/ap/hostapd.h |
| 237 | +++ b/src/ap/hostapd.h |
| 238 | @@ -179,8 +179,6 @@ struct hostapd_data { |
| 239 | u64 acct_session_id; |
| 240 | struct radius_das_data *radius_das; |
| 241 | |
| 242 | - struct iapp_data *iapp; |
| 243 | - |
| 244 | struct hostapd_cached_radius_acl *acl_cache; |
| 245 | struct hostapd_acl_query_data *acl_queries; |
| 246 | |
| 247 | diff --git a/src/ap/iapp.c b/src/ap/iapp.c |
| 248 | deleted file mode 100644 |
| 249 | index 2556da30c..000000000 |
| 250 | --- a/src/ap/iapp.c |
| 251 | +++ /dev/null |
| 252 | @@ -1,542 +0,0 @@ |
| 253 | -/* |
| 254 | - * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP) |
| 255 | - * Copyright (c) 2002-2007, Jouni Malinen <j@w1.fi> |
| 256 | - * |
| 257 | - * This software may be distributed under the terms of the BSD license. |
| 258 | - * See README for more details. |
| 259 | - * |
| 260 | - * Note: IEEE 802.11F-2003 was a experimental use specification. It has expired |
| 261 | - * and IEEE has withdrawn it. In other words, it is likely better to look at |
| 262 | - * using some other mechanism for AP-to-AP communication than extending the |
| 263 | - * implementation here. |
| 264 | - */ |
| 265 | - |
| 266 | -/* TODO: |
| 267 | - * Level 1: no administrative or security support |
| 268 | - * (e.g., static BSSID to IP address mapping in each AP) |
| 269 | - * Level 2: support for dynamic mapping of BSSID to IP address |
| 270 | - * Level 3: support for encryption and authentication of IAPP messages |
| 271 | - * - add support for MOVE-notify and MOVE-response (this requires support for |
| 272 | - * finding out IP address for previous AP using RADIUS) |
| 273 | - * - add support for Send- and ACK-Security-Block to speedup IEEE 802.1X during |
| 274 | - * reassociation to another AP |
| 275 | - * - implement counters etc. for IAPP MIB |
| 276 | - * - verify endianness of fields in IAPP messages; are they big-endian as |
| 277 | - * used here? |
| 278 | - * - RADIUS connection for AP registration and BSSID to IP address mapping |
| 279 | - * - TCP connection for IAPP MOVE, CACHE |
| 280 | - * - broadcast ESP for IAPP ADD-notify |
| 281 | - * - ESP for IAPP MOVE messages |
| 282 | - * - security block sending/processing |
| 283 | - * - IEEE 802.11 context transfer |
| 284 | - */ |
| 285 | - |
| 286 | -#include "utils/includes.h" |
| 287 | -#include <net/if.h> |
| 288 | -#include <sys/ioctl.h> |
| 289 | -#include <netpacket/packet.h> |
| 290 | - |
| 291 | -#include "utils/common.h" |
| 292 | -#include "utils/eloop.h" |
| 293 | -#include "common/ieee802_11_defs.h" |
| 294 | -#include "hostapd.h" |
| 295 | -#include "ap_config.h" |
| 296 | -#include "ieee802_11.h" |
| 297 | -#include "sta_info.h" |
| 298 | -#include "iapp.h" |
| 299 | - |
| 300 | - |
| 301 | -#define IAPP_MULTICAST "224.0.1.178" |
| 302 | -#define IAPP_UDP_PORT 3517 |
| 303 | -#define IAPP_TCP_PORT 3517 |
| 304 | - |
| 305 | -struct iapp_hdr { |
| 306 | - u8 version; |
| 307 | - u8 command; |
| 308 | - be16 identifier; |
| 309 | - be16 length; |
| 310 | - /* followed by length-6 octets of data */ |
| 311 | -} __attribute__ ((packed)); |
| 312 | - |
| 313 | -#define IAPP_VERSION 0 |
| 314 | - |
| 315 | -enum IAPP_COMMAND { |
| 316 | - IAPP_CMD_ADD_notify = 0, |
| 317 | - IAPP_CMD_MOVE_notify = 1, |
| 318 | - IAPP_CMD_MOVE_response = 2, |
| 319 | - IAPP_CMD_Send_Security_Block = 3, |
| 320 | - IAPP_CMD_ACK_Security_Block = 4, |
| 321 | - IAPP_CMD_CACHE_notify = 5, |
| 322 | - IAPP_CMD_CACHE_response = 6, |
| 323 | -}; |
| 324 | - |
| 325 | - |
| 326 | -/* ADD-notify - multicast UDP on the local LAN */ |
| 327 | -struct iapp_add_notify { |
| 328 | - u8 addr_len; /* ETH_ALEN */ |
| 329 | - u8 reserved; |
| 330 | - u8 mac_addr[ETH_ALEN]; |
| 331 | - be16 seq_num; |
| 332 | -} __attribute__ ((packed)); |
| 333 | - |
| 334 | - |
| 335 | -/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */ |
| 336 | -struct iapp_layer2_update { |
| 337 | - u8 da[ETH_ALEN]; /* broadcast */ |
| 338 | - u8 sa[ETH_ALEN]; /* STA addr */ |
| 339 | - be16 len; /* 6 */ |
| 340 | - u8 dsap; /* null DSAP address */ |
| 341 | - u8 ssap; /* null SSAP address, CR=Response */ |
| 342 | - u8 control; |
| 343 | - u8 xid_info[3]; |
| 344 | -} __attribute__ ((packed)); |
| 345 | - |
| 346 | - |
| 347 | -/* MOVE-notify - unicast TCP */ |
| 348 | -struct iapp_move_notify { |
| 349 | - u8 addr_len; /* ETH_ALEN */ |
| 350 | - u8 reserved; |
| 351 | - u8 mac_addr[ETH_ALEN]; |
| 352 | - u16 seq_num; |
| 353 | - u16 ctx_block_len; |
| 354 | - /* followed by ctx_block_len bytes */ |
| 355 | -} __attribute__ ((packed)); |
| 356 | - |
| 357 | - |
| 358 | -/* MOVE-response - unicast TCP */ |
| 359 | -struct iapp_move_response { |
| 360 | - u8 addr_len; /* ETH_ALEN */ |
| 361 | - u8 status; |
| 362 | - u8 mac_addr[ETH_ALEN]; |
| 363 | - u16 seq_num; |
| 364 | - u16 ctx_block_len; |
| 365 | - /* followed by ctx_block_len bytes */ |
| 366 | -} __attribute__ ((packed)); |
| 367 | - |
| 368 | -enum { |
| 369 | - IAPP_MOVE_SUCCESSFUL = 0, |
| 370 | - IAPP_MOVE_DENIED = 1, |
| 371 | - IAPP_MOVE_STALE_MOVE = 2, |
| 372 | -}; |
| 373 | - |
| 374 | - |
| 375 | -/* CACHE-notify */ |
| 376 | -struct iapp_cache_notify { |
| 377 | - u8 addr_len; /* ETH_ALEN */ |
| 378 | - u8 reserved; |
| 379 | - u8 mac_addr[ETH_ALEN]; |
| 380 | - u16 seq_num; |
| 381 | - u8 current_ap[ETH_ALEN]; |
| 382 | - u16 ctx_block_len; |
| 383 | - /* ctx_block_len bytes of context block followed by 16-bit context |
| 384 | - * timeout */ |
| 385 | -} __attribute__ ((packed)); |
| 386 | - |
| 387 | - |
| 388 | -/* CACHE-response - unicast TCP */ |
| 389 | -struct iapp_cache_response { |
| 390 | - u8 addr_len; /* ETH_ALEN */ |
| 391 | - u8 status; |
| 392 | - u8 mac_addr[ETH_ALEN]; |
| 393 | - u16 seq_num; |
| 394 | -} __attribute__ ((packed)); |
| 395 | - |
| 396 | -enum { |
| 397 | - IAPP_CACHE_SUCCESSFUL = 0, |
| 398 | - IAPP_CACHE_STALE_CACHE = 1, |
| 399 | -}; |
| 400 | - |
| 401 | - |
| 402 | -/* Send-Security-Block - unicast TCP */ |
| 403 | -struct iapp_send_security_block { |
| 404 | - u8 iv[8]; |
| 405 | - u16 sec_block_len; |
| 406 | - /* followed by sec_block_len bytes of security block */ |
| 407 | -} __attribute__ ((packed)); |
| 408 | - |
| 409 | - |
| 410 | -/* ACK-Security-Block - unicast TCP */ |
| 411 | -struct iapp_ack_security_block { |
| 412 | - u8 iv[8]; |
| 413 | - u8 new_ap_ack_authenticator[48]; |
| 414 | -} __attribute__ ((packed)); |
| 415 | - |
| 416 | - |
| 417 | -struct iapp_data { |
| 418 | - struct hostapd_data *hapd; |
| 419 | - u16 identifier; /* next IAPP identifier */ |
| 420 | - struct in_addr own, multicast; |
| 421 | - int udp_sock; |
| 422 | - int packet_sock; |
| 423 | -}; |
| 424 | - |
| 425 | - |
| 426 | -static void iapp_send_add(struct iapp_data *iapp, u8 *mac_addr, u16 seq_num) |
| 427 | -{ |
| 428 | - char buf[128]; |
| 429 | - struct iapp_hdr *hdr; |
| 430 | - struct iapp_add_notify *add; |
| 431 | - struct sockaddr_in addr; |
| 432 | - |
| 433 | - /* Send IAPP ADD-notify to remove possible association from other APs |
| 434 | - */ |
| 435 | - |
| 436 | - hdr = (struct iapp_hdr *) buf; |
| 437 | - hdr->version = IAPP_VERSION; |
| 438 | - hdr->command = IAPP_CMD_ADD_notify; |
| 439 | - hdr->identifier = host_to_be16(iapp->identifier++); |
| 440 | - hdr->length = host_to_be16(sizeof(*hdr) + sizeof(*add)); |
| 441 | - |
| 442 | - add = (struct iapp_add_notify *) (hdr + 1); |
| 443 | - add->addr_len = ETH_ALEN; |
| 444 | - add->reserved = 0; |
| 445 | - os_memcpy(add->mac_addr, mac_addr, ETH_ALEN); |
| 446 | - |
| 447 | - add->seq_num = host_to_be16(seq_num); |
| 448 | - |
| 449 | - os_memset(&addr, 0, sizeof(addr)); |
| 450 | - addr.sin_family = AF_INET; |
| 451 | - addr.sin_addr.s_addr = iapp->multicast.s_addr; |
| 452 | - addr.sin_port = htons(IAPP_UDP_PORT); |
| 453 | - if (sendto(iapp->udp_sock, buf, (char *) (add + 1) - buf, 0, |
| 454 | - (struct sockaddr *) &addr, sizeof(addr)) < 0) |
| 455 | - wpa_printf(MSG_INFO, "sendto[IAPP-ADD]: %s", strerror(errno)); |
| 456 | -} |
| 457 | - |
| 458 | - |
| 459 | -static void iapp_send_layer2_update(struct iapp_data *iapp, u8 *addr) |
| 460 | -{ |
| 461 | - struct iapp_layer2_update msg; |
| 462 | - |
| 463 | - /* Send Level 2 Update Frame to update forwarding tables in layer 2 |
| 464 | - * bridge devices */ |
| 465 | - |
| 466 | - /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID) |
| 467 | - * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */ |
| 468 | - |
| 469 | - os_memset(msg.da, 0xff, ETH_ALEN); |
| 470 | - os_memcpy(msg.sa, addr, ETH_ALEN); |
| 471 | - msg.len = host_to_be16(6); |
| 472 | - msg.dsap = 0; /* NULL DSAP address */ |
| 473 | - msg.ssap = 0x01; /* NULL SSAP address, CR Bit: Response */ |
| 474 | - msg.control = 0xaf; /* XID response lsb.1111F101. |
| 475 | - * F=0 (no poll command; unsolicited frame) */ |
| 476 | - msg.xid_info[0] = 0x81; /* XID format identifier */ |
| 477 | - msg.xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */ |
| 478 | - msg.xid_info[2] = 1 << 1; /* XID sender's receive window size (RW) |
| 479 | - * FIX: what is correct RW with 802.11? */ |
| 480 | - |
| 481 | - if (send(iapp->packet_sock, &msg, sizeof(msg), 0) < 0) |
| 482 | - wpa_printf(MSG_INFO, "send[L2 Update]: %s", strerror(errno)); |
| 483 | -} |
| 484 | - |
| 485 | - |
| 486 | -/** |
| 487 | - * iapp_new_station - IAPP processing for a new STA |
| 488 | - * @iapp: IAPP data |
| 489 | - * @sta: The associated station |
| 490 | - */ |
| 491 | -void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta) |
| 492 | -{ |
| 493 | - u16 seq = 0; /* TODO */ |
| 494 | - |
| 495 | - if (iapp == NULL) |
| 496 | - return; |
| 497 | - |
| 498 | - /* IAPP-ADD.request(MAC Address, Sequence Number, Timeout) */ |
| 499 | - hostapd_logger(iapp->hapd, sta->addr, HOSTAPD_MODULE_IAPP, |
| 500 | - HOSTAPD_LEVEL_DEBUG, "IAPP-ADD.request(seq=%d)", seq); |
| 501 | - iapp_send_layer2_update(iapp, sta->addr); |
| 502 | - iapp_send_add(iapp, sta->addr, seq); |
| 503 | - |
| 504 | - /* TODO: If this was reassociation: |
| 505 | - * IAPP-MOVE.request(MAC Address, Sequence Number, Old AP, |
| 506 | - * Context Block, Timeout) |
| 507 | - * TODO: Send IAPP-MOVE to the old AP; Map Old AP BSSID to |
| 508 | - * IP address */ |
| 509 | -} |
| 510 | - |
| 511 | - |
| 512 | -static void iapp_process_add_notify(struct iapp_data *iapp, |
| 513 | - struct sockaddr_in *from, |
| 514 | - struct iapp_hdr *hdr, int len) |
| 515 | -{ |
| 516 | - struct iapp_add_notify *add = (struct iapp_add_notify *) (hdr + 1); |
| 517 | - struct sta_info *sta; |
| 518 | - |
| 519 | - if (len != sizeof(*add)) { |
| 520 | - wpa_printf(MSG_INFO, "Invalid IAPP-ADD packet length %d (expected %lu)", |
| 521 | - len, (unsigned long) sizeof(*add)); |
| 522 | - return; |
| 523 | - } |
| 524 | - |
| 525 | - sta = ap_get_sta(iapp->hapd, add->mac_addr); |
| 526 | - |
| 527 | - /* IAPP-ADD.indication(MAC Address, Sequence Number) */ |
| 528 | - hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, |
| 529 | - HOSTAPD_LEVEL_INFO, |
| 530 | - "Received IAPP ADD-notify (seq# %d) from %s:%d%s", |
| 531 | - be_to_host16(add->seq_num), |
| 532 | - inet_ntoa(from->sin_addr), ntohs(from->sin_port), |
| 533 | - sta ? "" : " (STA not found)"); |
| 534 | - |
| 535 | - if (!sta) |
| 536 | - return; |
| 537 | - |
| 538 | - /* TODO: could use seq_num to try to determine whether last association |
| 539 | - * to this AP is newer than the one advertised in IAPP-ADD. Although, |
| 540 | - * this is not really a reliable verification. */ |
| 541 | - |
| 542 | - hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, |
| 543 | - HOSTAPD_LEVEL_DEBUG, |
| 544 | - "Removing STA due to IAPP ADD-notify"); |
| 545 | - ap_sta_disconnect(iapp->hapd, sta, NULL, 0); |
| 546 | -} |
| 547 | - |
| 548 | - |
| 549 | -/** |
| 550 | - * iapp_receive_udp - Process IAPP UDP frames |
| 551 | - * @sock: File descriptor for the socket |
| 552 | - * @eloop_ctx: IAPP data (struct iapp_data *) |
| 553 | - * @sock_ctx: Not used |
| 554 | - */ |
| 555 | -static void iapp_receive_udp(int sock, void *eloop_ctx, void *sock_ctx) |
| 556 | -{ |
| 557 | - struct iapp_data *iapp = eloop_ctx; |
| 558 | - int len, hlen; |
| 559 | - unsigned char buf[128]; |
| 560 | - struct sockaddr_in from; |
| 561 | - socklen_t fromlen; |
| 562 | - struct iapp_hdr *hdr; |
| 563 | - |
| 564 | - /* Handle incoming IAPP frames (over UDP/IP) */ |
| 565 | - |
| 566 | - fromlen = sizeof(from); |
| 567 | - len = recvfrom(iapp->udp_sock, buf, sizeof(buf), 0, |
| 568 | - (struct sockaddr *) &from, &fromlen); |
| 569 | - if (len < 0) { |
| 570 | - wpa_printf(MSG_INFO, "iapp_receive_udp - recvfrom: %s", |
| 571 | - strerror(errno)); |
| 572 | - return; |
| 573 | - } |
| 574 | - |
| 575 | - if (from.sin_addr.s_addr == iapp->own.s_addr) |
| 576 | - return; /* ignore own IAPP messages */ |
| 577 | - |
| 578 | - hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, |
| 579 | - HOSTAPD_LEVEL_DEBUG, |
| 580 | - "Received %d byte IAPP frame from %s%s\n", |
| 581 | - len, inet_ntoa(from.sin_addr), |
| 582 | - len < (int) sizeof(*hdr) ? " (too short)" : ""); |
| 583 | - |
| 584 | - if (len < (int) sizeof(*hdr)) |
| 585 | - return; |
| 586 | - |
| 587 | - hdr = (struct iapp_hdr *) buf; |
| 588 | - hlen = be_to_host16(hdr->length); |
| 589 | - hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, |
| 590 | - HOSTAPD_LEVEL_DEBUG, |
| 591 | - "RX: version=%d command=%d id=%d len=%d\n", |
| 592 | - hdr->version, hdr->command, |
| 593 | - be_to_host16(hdr->identifier), hlen); |
| 594 | - if (hdr->version != IAPP_VERSION) { |
| 595 | - wpa_printf(MSG_INFO, "Dropping IAPP frame with unknown version %d", |
| 596 | - hdr->version); |
| 597 | - return; |
| 598 | - } |
| 599 | - if (hlen > len) { |
| 600 | - wpa_printf(MSG_INFO, "Underflow IAPP frame (hlen=%d len=%d)", |
| 601 | - hlen, len); |
| 602 | - return; |
| 603 | - } |
| 604 | - if (hlen < len) { |
| 605 | - wpa_printf(MSG_INFO, "Ignoring %d extra bytes from IAPP frame", |
| 606 | - len - hlen); |
| 607 | - len = hlen; |
| 608 | - } |
| 609 | - |
| 610 | - switch (hdr->command) { |
| 611 | - case IAPP_CMD_ADD_notify: |
| 612 | - iapp_process_add_notify(iapp, &from, hdr, len - sizeof(*hdr)); |
| 613 | - break; |
| 614 | - case IAPP_CMD_MOVE_notify: |
| 615 | - /* TODO: MOVE is using TCP; so move this to TCP handler once it |
| 616 | - * is implemented.. */ |
| 617 | - /* IAPP-MOVE.indication(MAC Address, New BSSID, |
| 618 | - * Sequence Number, AP Address, Context Block) */ |
| 619 | - /* TODO: process */ |
| 620 | - break; |
| 621 | - default: |
| 622 | - wpa_printf(MSG_INFO, "Unknown IAPP command %d", hdr->command); |
| 623 | - break; |
| 624 | - } |
| 625 | -} |
| 626 | - |
| 627 | - |
| 628 | -struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface) |
| 629 | -{ |
| 630 | - struct ifreq ifr; |
| 631 | - struct sockaddr_ll addr; |
| 632 | - int ifindex; |
| 633 | - struct sockaddr_in *paddr, uaddr; |
| 634 | - struct iapp_data *iapp; |
| 635 | - struct ip_mreqn mreq; |
| 636 | - int reuseaddr = 1; |
| 637 | - |
| 638 | - iapp = os_zalloc(sizeof(*iapp)); |
| 639 | - if (iapp == NULL) |
| 640 | - return NULL; |
| 641 | - iapp->hapd = hapd; |
| 642 | - iapp->udp_sock = iapp->packet_sock = -1; |
| 643 | - |
| 644 | - /* TODO: |
| 645 | - * open socket for sending and receiving IAPP frames over TCP |
| 646 | - */ |
| 647 | - |
| 648 | - iapp->udp_sock = socket(PF_INET, SOCK_DGRAM, 0); |
| 649 | - if (iapp->udp_sock < 0) { |
| 650 | - wpa_printf(MSG_INFO, "iapp_init - socket[PF_INET,SOCK_DGRAM]: %s", |
| 651 | - strerror(errno)); |
| 652 | - iapp_deinit(iapp); |
| 653 | - return NULL; |
| 654 | - } |
| 655 | - |
| 656 | - os_memset(&ifr, 0, sizeof(ifr)); |
| 657 | - os_strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); |
| 658 | - if (ioctl(iapp->udp_sock, SIOCGIFINDEX, &ifr) != 0) { |
| 659 | - wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFINDEX): %s", |
| 660 | - strerror(errno)); |
| 661 | - iapp_deinit(iapp); |
| 662 | - return NULL; |
| 663 | - } |
| 664 | - ifindex = ifr.ifr_ifindex; |
| 665 | - |
| 666 | - if (ioctl(iapp->udp_sock, SIOCGIFADDR, &ifr) != 0) { |
| 667 | - wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFADDR): %s", |
| 668 | - strerror(errno)); |
| 669 | - iapp_deinit(iapp); |
| 670 | - return NULL; |
| 671 | - } |
| 672 | - paddr = (struct sockaddr_in *) &ifr.ifr_addr; |
| 673 | - if (paddr->sin_family != AF_INET) { |
| 674 | - wpa_printf(MSG_INFO, "IAPP: Invalid address family %i (SIOCGIFADDR)", |
| 675 | - paddr->sin_family); |
| 676 | - iapp_deinit(iapp); |
| 677 | - return NULL; |
| 678 | - } |
| 679 | - iapp->own.s_addr = paddr->sin_addr.s_addr; |
| 680 | - |
| 681 | - if (ioctl(iapp->udp_sock, SIOCGIFBRDADDR, &ifr) != 0) { |
| 682 | - wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFBRDADDR): %s", |
| 683 | - strerror(errno)); |
| 684 | - iapp_deinit(iapp); |
| 685 | - return NULL; |
| 686 | - } |
| 687 | - paddr = (struct sockaddr_in *) &ifr.ifr_addr; |
| 688 | - if (paddr->sin_family != AF_INET) { |
| 689 | - wpa_printf(MSG_INFO, "Invalid address family %i (SIOCGIFBRDADDR)", |
| 690 | - paddr->sin_family); |
| 691 | - iapp_deinit(iapp); |
| 692 | - return NULL; |
| 693 | - } |
| 694 | - inet_aton(IAPP_MULTICAST, &iapp->multicast); |
| 695 | - |
| 696 | - os_memset(&uaddr, 0, sizeof(uaddr)); |
| 697 | - uaddr.sin_family = AF_INET; |
| 698 | - uaddr.sin_port = htons(IAPP_UDP_PORT); |
| 699 | - |
| 700 | - if (setsockopt(iapp->udp_sock, SOL_SOCKET, SO_REUSEADDR, &reuseaddr, |
| 701 | - sizeof(reuseaddr)) < 0) { |
| 702 | - wpa_printf(MSG_INFO, |
| 703 | - "iapp_init - setsockopt[UDP,SO_REUSEADDR]: %s", |
| 704 | - strerror(errno)); |
| 705 | - /* |
| 706 | - * Ignore this and try to continue. This is fine for single |
| 707 | - * BSS cases, but may fail if multiple BSSes enable IAPP. |
| 708 | - */ |
| 709 | - } |
| 710 | - |
| 711 | - if (bind(iapp->udp_sock, (struct sockaddr *) &uaddr, |
| 712 | - sizeof(uaddr)) < 0) { |
| 713 | - wpa_printf(MSG_INFO, "iapp_init - bind[UDP]: %s", |
| 714 | - strerror(errno)); |
| 715 | - iapp_deinit(iapp); |
| 716 | - return NULL; |
| 717 | - } |
| 718 | - |
| 719 | - os_memset(&mreq, 0, sizeof(mreq)); |
| 720 | - mreq.imr_multiaddr = iapp->multicast; |
| 721 | - mreq.imr_address.s_addr = INADDR_ANY; |
| 722 | - mreq.imr_ifindex = 0; |
| 723 | - if (setsockopt(iapp->udp_sock, SOL_IP, IP_ADD_MEMBERSHIP, &mreq, |
| 724 | - sizeof(mreq)) < 0) { |
| 725 | - wpa_printf(MSG_INFO, "iapp_init - setsockopt[UDP,IP_ADD_MEMBERSHIP]: %s", |
| 726 | - strerror(errno)); |
| 727 | - iapp_deinit(iapp); |
| 728 | - return NULL; |
| 729 | - } |
| 730 | - |
| 731 | - iapp->packet_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); |
| 732 | - if (iapp->packet_sock < 0) { |
| 733 | - wpa_printf(MSG_INFO, "iapp_init - socket[PF_PACKET,SOCK_RAW]: %s", |
| 734 | - strerror(errno)); |
| 735 | - iapp_deinit(iapp); |
| 736 | - return NULL; |
| 737 | - } |
| 738 | - |
| 739 | - os_memset(&addr, 0, sizeof(addr)); |
| 740 | - addr.sll_family = AF_PACKET; |
| 741 | - addr.sll_ifindex = ifindex; |
| 742 | - if (bind(iapp->packet_sock, (struct sockaddr *) &addr, |
| 743 | - sizeof(addr)) < 0) { |
| 744 | - wpa_printf(MSG_INFO, "iapp_init - bind[PACKET]: %s", |
| 745 | - strerror(errno)); |
| 746 | - iapp_deinit(iapp); |
| 747 | - return NULL; |
| 748 | - } |
| 749 | - |
| 750 | - if (eloop_register_read_sock(iapp->udp_sock, iapp_receive_udp, |
| 751 | - iapp, NULL)) { |
| 752 | - wpa_printf(MSG_INFO, "Could not register read socket for IAPP"); |
| 753 | - iapp_deinit(iapp); |
| 754 | - return NULL; |
| 755 | - } |
| 756 | - |
| 757 | - wpa_printf(MSG_INFO, "IEEE 802.11F (IAPP) using interface %s", iface); |
| 758 | - |
| 759 | - /* TODO: For levels 2 and 3: send RADIUS Initiate-Request, receive |
| 760 | - * RADIUS Initiate-Accept or Initiate-Reject. IAPP port should actually |
| 761 | - * be openned only after receiving Initiate-Accept. If Initiate-Reject |
| 762 | - * is received, IAPP is not started. */ |
| 763 | - |
| 764 | - return iapp; |
| 765 | -} |
| 766 | - |
| 767 | - |
| 768 | -void iapp_deinit(struct iapp_data *iapp) |
| 769 | -{ |
| 770 | - struct ip_mreqn mreq; |
| 771 | - |
| 772 | - if (iapp == NULL) |
| 773 | - return; |
| 774 | - |
| 775 | - if (iapp->udp_sock >= 0) { |
| 776 | - os_memset(&mreq, 0, sizeof(mreq)); |
| 777 | - mreq.imr_multiaddr = iapp->multicast; |
| 778 | - mreq.imr_address.s_addr = INADDR_ANY; |
| 779 | - mreq.imr_ifindex = 0; |
| 780 | - if (setsockopt(iapp->udp_sock, SOL_IP, IP_DROP_MEMBERSHIP, |
| 781 | - &mreq, sizeof(mreq)) < 0) { |
| 782 | - wpa_printf(MSG_INFO, "iapp_deinit - setsockopt[UDP,IP_DEL_MEMBERSHIP]: %s", |
| 783 | - strerror(errno)); |
| 784 | - } |
| 785 | - |
| 786 | - eloop_unregister_read_sock(iapp->udp_sock); |
| 787 | - close(iapp->udp_sock); |
| 788 | - } |
| 789 | - if (iapp->packet_sock >= 0) { |
| 790 | - eloop_unregister_read_sock(iapp->packet_sock); |
| 791 | - close(iapp->packet_sock); |
| 792 | - } |
| 793 | - os_free(iapp); |
| 794 | -} |
| 795 | diff --git a/src/ap/iapp.h b/src/ap/iapp.h |
| 796 | deleted file mode 100644 |
| 797 | index c22118342..000000000 |
| 798 | --- a/src/ap/iapp.h |
| 799 | +++ /dev/null |
| 800 | @@ -1,39 +0,0 @@ |
| 801 | -/* |
| 802 | - * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP) |
| 803 | - * Copyright (c) 2002-2005, Jouni Malinen <j@w1.fi> |
| 804 | - * |
| 805 | - * This software may be distributed under the terms of the BSD license. |
| 806 | - * See README for more details. |
| 807 | - */ |
| 808 | - |
| 809 | -#ifndef IAPP_H |
| 810 | -#define IAPP_H |
| 811 | - |
| 812 | -struct iapp_data; |
| 813 | - |
| 814 | -#ifdef CONFIG_IAPP |
| 815 | - |
| 816 | -void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta); |
| 817 | -struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface); |
| 818 | -void iapp_deinit(struct iapp_data *iapp); |
| 819 | - |
| 820 | -#else /* CONFIG_IAPP */ |
| 821 | - |
| 822 | -static inline void iapp_new_station(struct iapp_data *iapp, |
| 823 | - struct sta_info *sta) |
| 824 | -{ |
| 825 | -} |
| 826 | - |
| 827 | -static inline struct iapp_data * iapp_init(struct hostapd_data *hapd, |
| 828 | - const char *iface) |
| 829 | -{ |
| 830 | - return NULL; |
| 831 | -} |
| 832 | - |
| 833 | -static inline void iapp_deinit(struct iapp_data *iapp) |
| 834 | -{ |
| 835 | -} |
| 836 | - |
| 837 | -#endif /* CONFIG_IAPP */ |
| 838 | - |
| 839 | -#endif /* IAPP_H */ |
| 840 | diff --git a/src/utils/wpa_debug.h b/src/utils/wpa_debug.h |
| 841 | index 1fe0b7db7..c94c4391f 100644 |
| 842 | --- a/src/utils/wpa_debug.h |
| 843 | +++ b/src/utils/wpa_debug.h |
| 844 | @@ -305,7 +305,6 @@ void hostapd_logger_register_cb(hostapd_logger_cb_func func); |
| 845 | #define HOSTAPD_MODULE_RADIUS 0x00000004 |
| 846 | #define HOSTAPD_MODULE_WPA 0x00000008 |
| 847 | #define HOSTAPD_MODULE_DRIVER 0x00000010 |
| 848 | -#define HOSTAPD_MODULE_IAPP 0x00000020 |
| 849 | #define HOSTAPD_MODULE_MLME 0x00000040 |
| 850 | |
| 851 | enum hostapd_logger_level { |
| 852 | -- |
| 853 | 2.17.1 |
| 854 | |