void
ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni,
int resp)
{
int newassoc;
if (ni->ni_associd == 0) {
u_int16_t aid;
/*
* It would be clever to search the bitmap
* more efficiently, but this will do for now.
*/
for (aid = 1; aid < ic->ic_max_aid; aid++) {
if (!IEEE80211_AID_ISSET(aid,
ic->ic_aid_bitmap))
break;
}
if (aid >= ic->ic_max_aid) {
IEEE80211_SEND_MGMT(ic, ni, resp,
IEEE80211_REASON_ASSOC_TOOMANY);
ieee80211_node_leave(ic, ni);
return;
}
ni->ni_associd = aid | 0xc000;
IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap);
newassoc = 1;
if (ic->ic_curmode == IEEE80211_MODE_11G)
ieee80211_node_join_11g(ic, ni);
} else
newassoc = 0;
IEEE80211_DPRINTF(("station %s %s associated at aid %d\n",
ether_sprintf(ni->ni_macaddr),
(newassoc ? "newly" : "already"),
ni->ni_associd & ~0xc000));
/* give driver a chance to setup state like ni_txrate */
if (ic->ic_newassoc)
(*ic->ic_newassoc)(ic, ni, newassoc);
IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS);
ieee80211_node_newstate(ni, IEEE80211_STA_ASSOC);
#if NBRIDGE > 0
/*
* If the parent interface belongs to a bridge, learn
* the node's address dynamically on this interface.
*/
if (ic->ic_if.if_bridge != NULL)
bridge_update(&ic->ic_if,
(struct ether_addr *)ni->ni_macaddr, 0);
#endif
}
/*
* Timeout inactive nodes. Note that we cannot hold the node
* lock while sending a frame as this would lead to a LOR.
* Instead we use a generation number to mark nodes that we've
* scanned and drop the lock and restart a scan if we have to
* time out a node. Since we are single-threaded by virtue of
* controlling the inactivity timer we can be sure this will
* process each node only once.
*/
void
ieee80211_clean_nodes(struct ieee80211com *ic)
{
struct ieee80211_node *ni, *next_ni;
u_int gen = ic->ic_scangen++; /* NB: ok 'cuz single-threaded*/
IEEE80211_NODE_LOCK(ic);
for (ni = RB_MIN(ieee80211_tree, &ic->ic_tree);
ni != NULL; ni = next_ni) {
next_ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni);
if (ic->ic_nnodes <= ic->ic_max_nnodes)
break;
if (ni->ni_scangen == gen) /* previously handled */
continue;
ni->ni_scangen = gen;
if (ni->ni_refcnt > 0)
continue;
IEEE80211_DPRINTF(("station %s purged from LRU cache\n",
ether_sprintf(ni->ni_macaddr)));
/*
* Send a deauthenticate frame.
*/
if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
IEEE80211_NODE_UNLOCK(ic);
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_AUTH_EXPIRE);
IEEE80211_NODE_LOCK(ic);
ieee80211_node_leave(ic, ni);
} else
ieee80211_free_node(ic, ni);
ic->ic_stats.is_node_timeout++;
}
IEEE80211_NODE_UNLOCK(ic);
}
/*
* Send 4-Way Handshake Message 1 to the supplicant.
*/
int
ieee80211_send_4way_msg1(struct ieee80211com *ic, struct ieee80211_node *ni)
{
struct ieee80211_eapol_key *key;
struct mbuf *m;
u_int16_t info, keylen;
u_int8_t *frm;
ni->ni_rsn_state = RSNA_PTKSTART;
if (++ni->ni_rsn_retries > 3) {
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_4WAY_TIMEOUT);
ieee80211_node_leave(ic, ni);
return 0;
}
m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA,
(ni->ni_rsnprotos == IEEE80211_PROTO_RSN) ? 2 + 20 : 0);
if (m == NULL)
return ENOMEM;
key = mtod(m, struct ieee80211_eapol_key *);
memset(key, 0, sizeof(*key));
info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYACK;
BE_WRITE_2(key->info, info);
/* copy the authenticator's nonce (ANonce) */
memcpy(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN);
keylen = ieee80211_cipher_keylen(ni->ni_rsncipher);
BE_WRITE_2(key->keylen, keylen);
frm = (u_int8_t *)&key[1];
/* NB: WPA does not have PMKID KDE */
if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN &&
ieee80211_is_8021x_akm(ni->ni_rsnakms))
frm = ieee80211_add_pmkid_kde(frm, ni->ni_pmkid);
m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key;
if (ic->ic_if.if_flags & IFF_DEBUG)
printf("%s: sending msg %d/%d of the %s handshake to %s\n",
ic->ic_if.if_xname, 1, 4, "4-way",
ether_sprintf(ni->ni_macaddr));
ni->ni_replaycnt++;
BE_WRITE_8(key->replaycnt, ni->ni_replaycnt);
return ieee80211_send_eapol_key(ic, m, ni, NULL);
}
int
ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
{
struct ieee80211com *ic = (void *)ifp;
struct ifreq *ifr = (struct ifreq *)data;
int i, error = 0;
struct ieee80211_nwid nwid;
struct ieee80211_wpapsk *psk;
struct ieee80211_wmmparams *wmm;
struct ieee80211_power *power;
struct ieee80211_bssid *bssid;
struct ieee80211chanreq *chanreq;
struct ieee80211_channel *chan;
struct ieee80211_txpower *txpower;
static const u_int8_t empty_macaddr[IEEE80211_ADDR_LEN] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
struct ieee80211_nodereq *nr, nrbuf;
struct ieee80211_nodereq_all *na;
struct ieee80211_node *ni;
u_int32_t flags;
switch (cmd) {
case SIOCSIFADDR:
case SIOCGIFADDR:
error = ether_ioctl(ifp, &ic->ic_ac, cmd, data);
break;
case SIOCSIFMEDIA:
case SIOCGIFMEDIA:
error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
break;
case SIOCS80211NWID:
if ((error = suser(curproc, 0)) != 0)
break;
if ((error = copyin(ifr->ifr_data, &nwid, sizeof(nwid))) != 0)
break;
if (nwid.i_len > IEEE80211_NWID_LEN) {
error = EINVAL;
break;
}
memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN);
ic->ic_des_esslen = nwid.i_len;
memcpy(ic->ic_des_essid, nwid.i_nwid, nwid.i_len);
error = ENETRESET;
break;
case SIOCG80211NWID:
memset(&nwid, 0, sizeof(nwid));
switch (ic->ic_state) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
nwid.i_len = ic->ic_des_esslen;
memcpy(nwid.i_nwid, ic->ic_des_essid, nwid.i_len);
break;
default:
nwid.i_len = ic->ic_bss->ni_esslen;
memcpy(nwid.i_nwid, ic->ic_bss->ni_essid, nwid.i_len);
break;
}
error = copyout(&nwid, ifr->ifr_data, sizeof(nwid));
break;
case SIOCS80211NWKEY:
if ((error = suser(curproc, 0)) != 0)
break;
error = ieee80211_ioctl_setnwkeys(ic, (void *)data);
break;
case SIOCG80211NWKEY:
error = ieee80211_ioctl_getnwkeys(ic, (void *)data);
break;
case SIOCS80211WMMPARMS:
if ((error = suser(curproc, 0)) != 0)
break;
if (!(ic->ic_flags & IEEE80211_C_QOS)) {
error = ENODEV;
break;
}
wmm = (struct ieee80211_wmmparams *)data;
if (wmm->i_enabled)
ic->ic_flags |= IEEE80211_F_QOS;
else
ic->ic_flags &= ~IEEE80211_F_QOS;
error = ENETRESET;
break;
case SIOCG80211WMMPARMS:
wmm = (struct ieee80211_wmmparams *)data;
wmm->i_enabled = (ic->ic_flags & IEEE80211_F_QOS) ? 1 : 0;
break;
case SIOCS80211WPAPARMS:
if ((error = suser(curproc, 0)) != 0)
break;
error = ieee80211_ioctl_setwpaparms(ic, (void *)data);
break;
case SIOCG80211WPAPARMS:
error = ieee80211_ioctl_getwpaparms(ic, (void *)data);
break;
case SIOCS80211WPAPSK:
if ((error = suser(curproc, 0)) != 0)
break;
psk = (struct ieee80211_wpapsk *)data;
if (psk->i_enabled) {
ic->ic_flags |= IEEE80211_F_PSK;
memcpy(ic->ic_psk, psk->i_psk, sizeof(ic->ic_psk));
} else {
ic->ic_flags &= ~IEEE80211_F_PSK;
memset(ic->ic_psk, 0, sizeof(ic->ic_psk));
}
error = ENETRESET;
break;
case SIOCG80211WPAPSK:
psk = (struct ieee80211_wpapsk *)data;
if (ic->ic_flags & IEEE80211_F_PSK) {
psk->i_enabled = 1;
/* do not show any keys to non-root user */
if (suser(curproc, 0) != 0) {
psk->i_enabled = 2;
memset(psk->i_psk, 0, sizeof(psk->i_psk));
break; /* return ok but w/o key */
}
memcpy(psk->i_psk, ic->ic_psk, sizeof(psk->i_psk));
} else
psk->i_enabled = 0;
break;
case SIOCS80211POWER:
if ((error = suser(curproc, 0)) != 0)
break;
power = (struct ieee80211_power *)data;
ic->ic_lintval = power->i_maxsleep;
if (power->i_enabled != 0) {
if ((ic->ic_caps & IEEE80211_C_PMGT) == 0)
error = EINVAL;
else if ((ic->ic_flags & IEEE80211_F_PMGTON) == 0) {
ic->ic_flags |= IEEE80211_F_PMGTON;
error = ENETRESET;
}
} else {
if (ic->ic_flags & IEEE80211_F_PMGTON) {
ic->ic_flags &= ~IEEE80211_F_PMGTON;
error = ENETRESET;
}
}
break;
case SIOCG80211POWER:
power = (struct ieee80211_power *)data;
power->i_enabled = (ic->ic_flags & IEEE80211_F_PMGTON) ? 1 : 0;
power->i_maxsleep = ic->ic_lintval;
break;
case SIOCS80211BSSID:
if ((error = suser(curproc, 0)) != 0)
break;
bssid = (struct ieee80211_bssid *)data;
if (IEEE80211_ADDR_EQ(bssid->i_bssid, empty_macaddr))
ic->ic_flags &= ~IEEE80211_F_DESBSSID;
else {
ic->ic_flags |= IEEE80211_F_DESBSSID;
IEEE80211_ADDR_COPY(ic->ic_des_bssid, bssid->i_bssid);
}
if (ic->ic_opmode == IEEE80211_M_HOSTAP)
break;
switch (ic->ic_state) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
error = ENETRESET;
break;
default:
if ((ic->ic_flags & IEEE80211_F_DESBSSID) &&
!IEEE80211_ADDR_EQ(ic->ic_des_bssid,
ic->ic_bss->ni_bssid))
error = ENETRESET;
break;
}
break;
case SIOCG80211BSSID:
bssid = (struct ieee80211_bssid *)data;
switch (ic->ic_state) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
if (ic->ic_opmode == IEEE80211_M_HOSTAP)
IEEE80211_ADDR_COPY(bssid->i_bssid,
ic->ic_myaddr);
else if (ic->ic_flags & IEEE80211_F_DESBSSID)
IEEE80211_ADDR_COPY(bssid->i_bssid,
ic->ic_des_bssid);
else
memset(bssid->i_bssid, 0, IEEE80211_ADDR_LEN);
break;
default:
IEEE80211_ADDR_COPY(bssid->i_bssid,
ic->ic_bss->ni_bssid);
break;
}
break;
case SIOCS80211CHANNEL:
if ((error = suser(curproc, 0)) != 0)
break;
chanreq = (struct ieee80211chanreq *)data;
if (chanreq->i_channel == IEEE80211_CHAN_ANY)
ic->ic_des_chan = IEEE80211_CHAN_ANYC;
else if (chanreq->i_channel > IEEE80211_CHAN_MAX ||
isclr(ic->ic_chan_active, chanreq->i_channel)) {
error = EINVAL;
break;
} else
ic->ic_ibss_chan = ic->ic_des_chan =
&ic->ic_channels[chanreq->i_channel];
switch (ic->ic_state) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
error = ENETRESET;
break;
default:
if (ic->ic_opmode == IEEE80211_M_STA) {
if (ic->ic_des_chan != IEEE80211_CHAN_ANYC &&
ic->ic_bss->ni_chan != ic->ic_des_chan)
error = ENETRESET;
} else {
if (ic->ic_bss->ni_chan != ic->ic_ibss_chan)
error = ENETRESET;
}
break;
}
break;
case SIOCG80211CHANNEL:
chanreq = (struct ieee80211chanreq *)data;
switch (ic->ic_state) {
case IEEE80211_S_INIT:
case IEEE80211_S_SCAN:
if (ic->ic_opmode == IEEE80211_M_STA)
chan = ic->ic_des_chan;
else
chan = ic->ic_ibss_chan;
break;
default:
chan = ic->ic_bss->ni_chan;
break;
}
chanreq->i_channel = ieee80211_chan2ieee(ic, chan);
break;
#if 0
case SIOCG80211ZSTATS:
#endif
case SIOCG80211STATS:
ifr = (struct ifreq *)data;
copyout(&ic->ic_stats, ifr->ifr_data, sizeof (ic->ic_stats));
#if 0
if (cmd == SIOCG80211ZSTATS)
memset(&ic->ic_stats, 0, sizeof(ic->ic_stats));
#endif
break;
case SIOCS80211TXPOWER:
if ((error = suser(curproc, 0)) != 0)
break;
txpower = (struct ieee80211_txpower *)data;
if ((ic->ic_caps & IEEE80211_C_TXPMGT) == 0) {
error = EINVAL;
break;
}
if (IEEE80211_TXPOWER_MIN > txpower->i_val ||
txpower->i_val > IEEE80211_TXPOWER_MAX) {
error = EINVAL;
break;
}
ic->ic_txpower = txpower->i_val;
error = ENETRESET;
break;
case SIOCG80211TXPOWER:
txpower = (struct ieee80211_txpower *)data;
if ((ic->ic_caps & IEEE80211_C_TXPMGT) == 0)
error = EINVAL;
else
txpower->i_val = ic->ic_txpower;
break;
case SIOCSIFMTU:
ifr = (struct ifreq *)data;
if (!(IEEE80211_MTU_MIN <= ifr->ifr_mtu &&
ifr->ifr_mtu <= IEEE80211_MTU_MAX))
error = EINVAL;
else
ifp->if_mtu = ifr->ifr_mtu;
break;
case SIOCS80211SCAN:
if ((error = suser(curproc, 0)) != 0)
break;
if (ic->ic_opmode == IEEE80211_M_HOSTAP)
break;
if ((ifp->if_flags & IFF_UP) == 0) {
error = ENETDOWN;
break;
}
if ((ic->ic_scan_lock & IEEE80211_SCAN_REQUEST) == 0) {
if (ic->ic_scan_lock & IEEE80211_SCAN_LOCKED)
ic->ic_scan_lock |= IEEE80211_SCAN_RESUME;
ic->ic_scan_lock |= IEEE80211_SCAN_REQUEST;
if (ic->ic_state != IEEE80211_S_SCAN)
ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
}
/* Let the userspace process wait for completion */
error = tsleep(&ic->ic_scan_lock, PCATCH, "80211scan",
hz * IEEE80211_SCAN_TIMEOUT);
break;
case SIOCG80211NODE:
nr = (struct ieee80211_nodereq *)data;
ni = ieee80211_find_node(ic, nr->nr_macaddr);
if (ni == NULL) {
error = ENOENT;
break;
}
ieee80211_node2req(ic, ni, nr);
break;
case SIOCS80211NODE:
if ((error = suser(curproc, 0)) != 0)
break;
if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
error = EINVAL;
break;
}
nr = (struct ieee80211_nodereq *)data;
ni = ieee80211_find_node(ic, nr->nr_macaddr);
if (ni == NULL)
ni = ieee80211_alloc_node(ic, nr->nr_macaddr);
if (ni == NULL) {
error = ENOENT;
break;
}
if (nr->nr_flags & IEEE80211_NODEREQ_COPY)
ieee80211_req2node(ic, nr, ni);
break;
case SIOCS80211DELNODE:
if ((error = suser(curproc, 0)) != 0)
break;
nr = (struct ieee80211_nodereq *)data;
ni = ieee80211_find_node(ic, nr->nr_macaddr);
if (ni == NULL)
error = ENOENT;
else if (ni == ic->ic_bss)
error = EPERM;
else {
if (ni->ni_state == IEEE80211_STA_COLLECT)
break;
/* Disassociate station. */
if (ni->ni_state == IEEE80211_STA_ASSOC)
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DISASSOC,
IEEE80211_REASON_ASSOC_LEAVE);
/* Deauth station. */
if (ni->ni_state >= IEEE80211_STA_AUTH)
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_AUTH_LEAVE);
ieee80211_release_node(ic, ni);
}
break;
case SIOCG80211ALLNODES:
na = (struct ieee80211_nodereq_all *)data;
na->na_nodes = i = 0;
ni = RB_MIN(ieee80211_tree, &ic->ic_tree);
while (ni && na->na_size >=
i + sizeof(struct ieee80211_nodereq)) {
ieee80211_node2req(ic, ni, &nrbuf);
error = copyout(&nrbuf, (caddr_t)na->na_node + i,
sizeof(struct ieee80211_nodereq));
if (error)
break;
i += sizeof(struct ieee80211_nodereq);
na->na_nodes++;
ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni);
}
break;
case SIOCG80211FLAGS:
flags = ic->ic_flags;
if (ic->ic_opmode != IEEE80211_M_HOSTAP)
flags &= ~IEEE80211_F_HOSTAPMASK;
ifr->ifr_flags = flags >> IEEE80211_F_USERSHIFT;
break;
case SIOCS80211FLAGS:
if ((error = suser(curproc, 0)) != 0)
break;
flags = (u_int32_t)ifr->ifr_flags << IEEE80211_F_USERSHIFT;
if (ic->ic_opmode != IEEE80211_M_HOSTAP &&
(flags & IEEE80211_F_HOSTAPMASK)) {
error = EINVAL;
break;
}
ic->ic_flags = (ic->ic_flags & ~IEEE80211_F_USERMASK) | flags;
error = ENETRESET;
break;
default:
error = ENOTTY;
break;
}
return error;
}
/*
* Send Group Key Handshake Message 1 to the supplicant.
*/
int
ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni)
{
struct ieee80211_eapol_key *key;
const struct ieee80211_key *k;
struct mbuf *m;
u_int16_t info;
u_int8_t *frm;
u_int8_t kid;
ni->ni_rsn_gstate = RSNA_REKEYNEGOTIATING;
if (++ni->ni_rsn_retries > 3) {
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_GROUP_TIMEOUT);
ieee80211_node_leave(ic, ni);
return 0;
}
if (ni->ni_flags & IEEE80211_NODE_REKEY)
kid = (ic->ic_def_txkey == 1) ? 2 : 1;
else
kid = ic->ic_def_txkey;
k = &ic->ic_nw_keys[kid];
m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA,
((ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ?
k->k_len : 2 + 6 + k->k_len) +
((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0) +
15);
if (m == NULL)
return ENOMEM;
key = mtod(m, struct ieee80211_eapol_key *);
memset(key, 0, sizeof(*key));
info = EAPOL_KEY_KEYACK | EAPOL_KEY_KEYMIC | EAPOL_KEY_SECURE |
EAPOL_KEY_ENCRYPTED;
ni->ni_replaycnt++;
BE_WRITE_8(key->replaycnt, ni->ni_replaycnt);
frm = (u_int8_t *)&key[1];
if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) {
/* WPA does not have GTK KDE */
BE_WRITE_2(key->keylen, k->k_len);
memcpy(frm, k->k_key, k->k_len);
frm += k->k_len;
info |= (k->k_id & 0x3) << EAPOL_KEY_WPA_KID_SHIFT;
if (ni->ni_rsncipher == IEEE80211_CIPHER_USEGROUP)
info |= EAPOL_KEY_WPA_TX;
} else { /* RSN */
frm = ieee80211_add_gtk_kde(frm, ni, k);
if (ni->ni_flags & IEEE80211_NODE_MFP) {
if (ni->ni_flags & IEEE80211_NODE_REKEY)
kid = (ic->ic_igtk_kid == 4) ? 5 : 4;
else
kid = ic->ic_igtk_kid;
frm = ieee80211_add_igtk_kde(frm,
&ic->ic_nw_keys[kid]);
}
}
/* RSC = last transmit sequence number for the GTK */
LE_WRITE_6(key->rsc, k->k_tsc);
/* write the key info field */
BE_WRITE_2(key->info, info);
m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key;
if (ic->ic_if.if_flags & IFF_DEBUG)
printf("%s: sending msg %d/%d of the %s handshake to %s\n",
ic->ic_if.if_xname, 1, 2, "group key",
ether_sprintf(ni->ni_macaddr));
return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk);
}
/*
* Send 4-Way Handshake Message 3 to the supplicant.
*/
int
ieee80211_send_4way_msg3(struct ieee80211com *ic, struct ieee80211_node *ni)
{
struct ieee80211_eapol_key *key;
struct ieee80211_key *k = NULL;
struct mbuf *m;
u_int16_t info, keylen;
u_int8_t *frm;
ni->ni_rsn_state = RSNA_PTKINITNEGOTIATING;
if (++ni->ni_rsn_retries > 3) {
IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_4WAY_TIMEOUT);
ieee80211_node_leave(ic, ni);
return 0;
}
if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) {
k = &ic->ic_nw_keys[ic->ic_def_txkey];
m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA,
2 + IEEE80211_RSNIE_MAXLEN + 2 + 6 + k->k_len + 15 +
((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0));
} else { /* WPA */
m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA,
2 + IEEE80211_WPAIE_MAXLEN +
((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0));
}
if (m == NULL)
return ENOMEM;
key = mtod(m, struct ieee80211_eapol_key *);
memset(key, 0, sizeof(*key));
info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYACK | EAPOL_KEY_KEYMIC;
if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP)
info |= EAPOL_KEY_INSTALL;
/* use same nonce as in Message 1 */
memcpy(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN);
ni->ni_replaycnt++;
BE_WRITE_8(key->replaycnt, ni->ni_replaycnt);
keylen = ieee80211_cipher_keylen(ni->ni_rsncipher);
BE_WRITE_2(key->keylen, keylen);
frm = (u_int8_t *)&key[1];
/* add the WPA/RSN IE included in Beacon/Probe Response */
if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) {
frm = ieee80211_add_rsn(frm, ic, ic->ic_bss);
/* encapsulate the GTK */
frm = ieee80211_add_gtk_kde(frm, ni, k);
LE_WRITE_6(key->rsc, k->k_tsc);
/* encapsulate the IGTK if MFP was negotiated */
if (ni->ni_flags & IEEE80211_NODE_MFP) {
frm = ieee80211_add_igtk_kde(frm,
&ic->ic_nw_keys[ic->ic_igtk_kid]);
}
/* ask that the EAPOL-Key frame be encrypted */
info |= EAPOL_KEY_ENCRYPTED | EAPOL_KEY_SECURE;
} else /* WPA */
frm = ieee80211_add_wpa(frm, ic, ic->ic_bss);
/* write the key info field */
BE_WRITE_2(key->info, info);
m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key;
if (ic->ic_if.if_flags & IFF_DEBUG)
printf("%s: sending msg %d/%d of the %s handshake to %s\n",
ic->ic_if.if_xname, 3, 4, "4-way",
ether_sprintf(ni->ni_macaddr));
return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk);
}
/*
* Timeout inactive nodes.
*
* If called because of a cache timeout, which happens only in hostap and ibss
* modes, clean all inactive cached or authenticated nodes but don't de-auth
* any associated nodes.
*
* Else, this function is called because a new node must be allocated but the
* node cache is full. In this case, return as soon as a free slot was made
* available. If acting as hostap, clean cached nodes regardless of their
* recent activity and also allow de-authing of authenticated nodes older
* than one cache wait interval, and de-authing of inactive associated nodes.
*/
void
ieee80211_clean_nodes(struct ieee80211com *ic, int cache_timeout)
{
struct ieee80211_node *ni, *next_ni;
u_int gen = ic->ic_scangen++; /* NB: ok 'cuz single-threaded*/
int s;
#ifndef IEEE80211_STA_ONLY
int nnodes = 0;
struct ifnet *ifp = &ic->ic_if;
#endif
s = splnet();
for (ni = RB_MIN(ieee80211_tree, &ic->ic_tree);
ni != NULL; ni = next_ni) {
next_ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni);
if (!cache_timeout && ic->ic_nnodes < ic->ic_max_nnodes)
break;
if (ni->ni_scangen == gen) /* previously handled */
continue;
#ifndef IEEE80211_STA_ONLY
nnodes++;
#endif
ni->ni_scangen = gen;
if (ni->ni_refcnt > 0)
continue;
#ifndef IEEE80211_STA_ONLY
if ((ic->ic_opmode == IEEE80211_M_HOSTAP ||
ic->ic_opmode == IEEE80211_M_IBSS) &&
ic->ic_state == IEEE80211_S_RUN) {
if (cache_timeout) {
if (ni->ni_state != IEEE80211_STA_COLLECT &&
(ni->ni_state == IEEE80211_STA_ASSOC ||
ni->ni_inact < IEEE80211_INACT_MAX))
continue;
} else {
if (ic->ic_opmode == IEEE80211_M_HOSTAP &&
((ni->ni_state == IEEE80211_STA_ASSOC &&
ni->ni_inact < IEEE80211_INACT_MAX) ||
(ni->ni_state == IEEE80211_STA_AUTH &&
ni->ni_inact == 0)))
continue;
if (ic->ic_opmode == IEEE80211_M_IBSS &&
ni->ni_state != IEEE80211_STA_COLLECT &&
ni->ni_state != IEEE80211_STA_CACHE &&
ni->ni_inact < IEEE80211_INACT_MAX)
continue;
}
}
if (ifp->if_flags & IFF_DEBUG)
printf("%s: station %s purged from node cache\n",
ifp->if_xname, ether_sprintf(ni->ni_macaddr));
#endif
/*
* If we're hostap and the node is authenticated, send
* a deauthentication frame. The node will be freed when
* the driver calls ieee80211_release_node().
*/
#ifndef IEEE80211_STA_ONLY
nnodes--;
if (ic->ic_opmode == IEEE80211_M_HOSTAP &&
ni->ni_state >= IEEE80211_STA_AUTH &&
ni->ni_state != IEEE80211_STA_COLLECT) {
splx(s);
IEEE80211_SEND_MGMT(ic, ni,
IEEE80211_FC0_SUBTYPE_DEAUTH,
IEEE80211_REASON_AUTH_EXPIRE);
s = splnet();
ieee80211_node_leave(ic, ni);
} else
#endif
ieee80211_free_node(ic, ni);
ic->ic_stats.is_node_timeout++;
}
#ifndef IEEE80211_STA_ONLY
/*
* During a cache timeout we iterate over all nodes.
* Check for node leaks by comparing the actual number of cached
* nodes with the ic_nnodes count, which is maintained while adding
* and removing nodes from the cache.
*/
if ((ifp->if_flags & IFF_DEBUG) && cache_timeout &&
nnodes != ic->ic_nnodes)
printf("%s: number of cached nodes is %d, expected %d,"
"possible nodes leak\n", ifp->if_xname, nnodes,
ic->ic_nnodes);
#endif
splx(s);
}
