void ieee80211_node_join(struct ieee80211com *ic, struct ieee80211_node *ni, int resp) { int newassoc; if (ni->ni_associd == 0) { u_int16_t aid; /* * It would be clever to search the bitmap * more efficiently, but this will do for now. */ for (aid = 1; aid < ic->ic_max_aid; aid++) { if (!IEEE80211_AID_ISSET(aid, ic->ic_aid_bitmap)) break; } if (aid >= ic->ic_max_aid) { IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_REASON_ASSOC_TOOMANY); ieee80211_node_leave(ic, ni); return; } ni->ni_associd = aid | 0xc000; IEEE80211_AID_SET(ni->ni_associd, ic->ic_aid_bitmap); newassoc = 1; if (ic->ic_curmode == IEEE80211_MODE_11G) ieee80211_node_join_11g(ic, ni); } else newassoc = 0; IEEE80211_DPRINTF(("station %s %s associated at aid %d\n", ether_sprintf(ni->ni_macaddr), (newassoc ? "newly" : "already"), ni->ni_associd & ~0xc000)); /* give driver a chance to setup state like ni_txrate */ if (ic->ic_newassoc) (*ic->ic_newassoc)(ic, ni, newassoc); IEEE80211_SEND_MGMT(ic, ni, resp, IEEE80211_STATUS_SUCCESS); ieee80211_node_newstate(ni, IEEE80211_STA_ASSOC); #if NBRIDGE > 0 /* * If the parent interface belongs to a bridge, learn * the node's address dynamically on this interface. */ if (ic->ic_if.if_bridge != NULL) bridge_update(&ic->ic_if, (struct ether_addr *)ni->ni_macaddr, 0); #endif }
/* * Timeout inactive nodes. Note that we cannot hold the node * lock while sending a frame as this would lead to a LOR. * Instead we use a generation number to mark nodes that we've * scanned and drop the lock and restart a scan if we have to * time out a node. Since we are single-threaded by virtue of * controlling the inactivity timer we can be sure this will * process each node only once. */ void ieee80211_clean_nodes(struct ieee80211com *ic) { struct ieee80211_node *ni, *next_ni; u_int gen = ic->ic_scangen++; /* NB: ok 'cuz single-threaded*/ IEEE80211_NODE_LOCK(ic); for (ni = RB_MIN(ieee80211_tree, &ic->ic_tree); ni != NULL; ni = next_ni) { next_ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); if (ic->ic_nnodes <= ic->ic_max_nnodes) break; if (ni->ni_scangen == gen) /* previously handled */ continue; ni->ni_scangen = gen; if (ni->ni_refcnt > 0) continue; IEEE80211_DPRINTF(("station %s purged from LRU cache\n", ether_sprintf(ni->ni_macaddr))); /* * Send a deauthenticate frame. */ if (ic->ic_opmode == IEEE80211_M_HOSTAP) { IEEE80211_NODE_UNLOCK(ic); IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, IEEE80211_REASON_AUTH_EXPIRE); IEEE80211_NODE_LOCK(ic); ieee80211_node_leave(ic, ni); } else ieee80211_free_node(ic, ni); ic->ic_stats.is_node_timeout++; } IEEE80211_NODE_UNLOCK(ic); }
/* * Send 4-Way Handshake Message 1 to the supplicant. */ int ieee80211_send_4way_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) { struct ieee80211_eapol_key *key; struct mbuf *m; u_int16_t info, keylen; u_int8_t *frm; ni->ni_rsn_state = RSNA_PTKSTART; if (++ni->ni_rsn_retries > 3) { IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, IEEE80211_REASON_4WAY_TIMEOUT); ieee80211_node_leave(ic, ni); return 0; } m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) ? 2 + 20 : 0); if (m == NULL) return ENOMEM; key = mtod(m, struct ieee80211_eapol_key *); memset(key, 0, sizeof(*key)); info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYACK; BE_WRITE_2(key->info, info); /* copy the authenticator's nonce (ANonce) */ memcpy(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN); keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); BE_WRITE_2(key->keylen, keylen); frm = (u_int8_t *)&key[1]; /* NB: WPA does not have PMKID KDE */ if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN && ieee80211_is_8021x_akm(ni->ni_rsnakms)) frm = ieee80211_add_pmkid_kde(frm, ni->ni_pmkid); m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; if (ic->ic_if.if_flags & IFF_DEBUG) printf("%s: sending msg %d/%d of the %s handshake to %s\n", ic->ic_if.if_xname, 1, 4, "4-way", ether_sprintf(ni->ni_macaddr)); ni->ni_replaycnt++; BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); return ieee80211_send_eapol_key(ic, m, ni, NULL); }
int ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) { struct ieee80211com *ic = (void *)ifp; struct ifreq *ifr = (struct ifreq *)data; int i, error = 0; struct ieee80211_nwid nwid; struct ieee80211_wpapsk *psk; struct ieee80211_wmmparams *wmm; struct ieee80211_power *power; struct ieee80211_bssid *bssid; struct ieee80211chanreq *chanreq; struct ieee80211_channel *chan; struct ieee80211_txpower *txpower; static const u_int8_t empty_macaddr[IEEE80211_ADDR_LEN] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; struct ieee80211_nodereq *nr, nrbuf; struct ieee80211_nodereq_all *na; struct ieee80211_node *ni; u_int32_t flags; switch (cmd) { case SIOCSIFADDR: case SIOCGIFADDR: error = ether_ioctl(ifp, &ic->ic_ac, cmd, data); break; case SIOCSIFMEDIA: case SIOCGIFMEDIA: error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd); break; case SIOCS80211NWID: if ((error = suser(curproc, 0)) != 0) break; if ((error = copyin(ifr->ifr_data, &nwid, sizeof(nwid))) != 0) break; if (nwid.i_len > IEEE80211_NWID_LEN) { error = EINVAL; break; } memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN); ic->ic_des_esslen = nwid.i_len; memcpy(ic->ic_des_essid, nwid.i_nwid, nwid.i_len); error = ENETRESET; break; case SIOCG80211NWID: memset(&nwid, 0, sizeof(nwid)); switch (ic->ic_state) { case IEEE80211_S_INIT: case IEEE80211_S_SCAN: nwid.i_len = ic->ic_des_esslen; memcpy(nwid.i_nwid, ic->ic_des_essid, nwid.i_len); break; default: nwid.i_len = ic->ic_bss->ni_esslen; memcpy(nwid.i_nwid, ic->ic_bss->ni_essid, nwid.i_len); break; } error = copyout(&nwid, ifr->ifr_data, sizeof(nwid)); break; case SIOCS80211NWKEY: if ((error = suser(curproc, 0)) != 0) break; error = ieee80211_ioctl_setnwkeys(ic, (void *)data); break; case SIOCG80211NWKEY: error = ieee80211_ioctl_getnwkeys(ic, (void *)data); break; case SIOCS80211WMMPARMS: if ((error = suser(curproc, 0)) != 0) break; if (!(ic->ic_flags & IEEE80211_C_QOS)) { error = ENODEV; break; } wmm = (struct ieee80211_wmmparams *)data; if (wmm->i_enabled) ic->ic_flags |= IEEE80211_F_QOS; else ic->ic_flags &= ~IEEE80211_F_QOS; error = ENETRESET; break; case SIOCG80211WMMPARMS: wmm = (struct ieee80211_wmmparams *)data; wmm->i_enabled = (ic->ic_flags & IEEE80211_F_QOS) ? 1 : 0; break; case SIOCS80211WPAPARMS: if ((error = suser(curproc, 0)) != 0) break; error = ieee80211_ioctl_setwpaparms(ic, (void *)data); break; case SIOCG80211WPAPARMS: error = ieee80211_ioctl_getwpaparms(ic, (void *)data); break; case SIOCS80211WPAPSK: if ((error = suser(curproc, 0)) != 0) break; psk = (struct ieee80211_wpapsk *)data; if (psk->i_enabled) { ic->ic_flags |= IEEE80211_F_PSK; memcpy(ic->ic_psk, psk->i_psk, sizeof(ic->ic_psk)); } else { ic->ic_flags &= ~IEEE80211_F_PSK; memset(ic->ic_psk, 0, sizeof(ic->ic_psk)); } error = ENETRESET; break; case SIOCG80211WPAPSK: psk = (struct ieee80211_wpapsk *)data; if (ic->ic_flags & IEEE80211_F_PSK) { psk->i_enabled = 1; /* do not show any keys to non-root user */ if (suser(curproc, 0) != 0) { psk->i_enabled = 2; memset(psk->i_psk, 0, sizeof(psk->i_psk)); break; /* return ok but w/o key */ } memcpy(psk->i_psk, ic->ic_psk, sizeof(psk->i_psk)); } else psk->i_enabled = 0; break; case SIOCS80211POWER: if ((error = suser(curproc, 0)) != 0) break; power = (struct ieee80211_power *)data; ic->ic_lintval = power->i_maxsleep; if (power->i_enabled != 0) { if ((ic->ic_caps & IEEE80211_C_PMGT) == 0) error = EINVAL; else if ((ic->ic_flags & IEEE80211_F_PMGTON) == 0) { ic->ic_flags |= IEEE80211_F_PMGTON; error = ENETRESET; } } else { if (ic->ic_flags & IEEE80211_F_PMGTON) { ic->ic_flags &= ~IEEE80211_F_PMGTON; error = ENETRESET; } } break; case SIOCG80211POWER: power = (struct ieee80211_power *)data; power->i_enabled = (ic->ic_flags & IEEE80211_F_PMGTON) ? 1 : 0; power->i_maxsleep = ic->ic_lintval; break; case SIOCS80211BSSID: if ((error = suser(curproc, 0)) != 0) break; bssid = (struct ieee80211_bssid *)data; if (IEEE80211_ADDR_EQ(bssid->i_bssid, empty_macaddr)) ic->ic_flags &= ~IEEE80211_F_DESBSSID; else { ic->ic_flags |= IEEE80211_F_DESBSSID; IEEE80211_ADDR_COPY(ic->ic_des_bssid, bssid->i_bssid); } if (ic->ic_opmode == IEEE80211_M_HOSTAP) break; switch (ic->ic_state) { case IEEE80211_S_INIT: case IEEE80211_S_SCAN: error = ENETRESET; break; default: if ((ic->ic_flags & IEEE80211_F_DESBSSID) && !IEEE80211_ADDR_EQ(ic->ic_des_bssid, ic->ic_bss->ni_bssid)) error = ENETRESET; break; } break; case SIOCG80211BSSID: bssid = (struct ieee80211_bssid *)data; switch (ic->ic_state) { case IEEE80211_S_INIT: case IEEE80211_S_SCAN: if (ic->ic_opmode == IEEE80211_M_HOSTAP) IEEE80211_ADDR_COPY(bssid->i_bssid, ic->ic_myaddr); else if (ic->ic_flags & IEEE80211_F_DESBSSID) IEEE80211_ADDR_COPY(bssid->i_bssid, ic->ic_des_bssid); else memset(bssid->i_bssid, 0, IEEE80211_ADDR_LEN); break; default: IEEE80211_ADDR_COPY(bssid->i_bssid, ic->ic_bss->ni_bssid); break; } break; case SIOCS80211CHANNEL: if ((error = suser(curproc, 0)) != 0) break; chanreq = (struct ieee80211chanreq *)data; if (chanreq->i_channel == IEEE80211_CHAN_ANY) ic->ic_des_chan = IEEE80211_CHAN_ANYC; else if (chanreq->i_channel > IEEE80211_CHAN_MAX || isclr(ic->ic_chan_active, chanreq->i_channel)) { error = EINVAL; break; } else ic->ic_ibss_chan = ic->ic_des_chan = &ic->ic_channels[chanreq->i_channel]; switch (ic->ic_state) { case IEEE80211_S_INIT: case IEEE80211_S_SCAN: error = ENETRESET; break; default: if (ic->ic_opmode == IEEE80211_M_STA) { if (ic->ic_des_chan != IEEE80211_CHAN_ANYC && ic->ic_bss->ni_chan != ic->ic_des_chan) error = ENETRESET; } else { if (ic->ic_bss->ni_chan != ic->ic_ibss_chan) error = ENETRESET; } break; } break; case SIOCG80211CHANNEL: chanreq = (struct ieee80211chanreq *)data; switch (ic->ic_state) { case IEEE80211_S_INIT: case IEEE80211_S_SCAN: if (ic->ic_opmode == IEEE80211_M_STA) chan = ic->ic_des_chan; else chan = ic->ic_ibss_chan; break; default: chan = ic->ic_bss->ni_chan; break; } chanreq->i_channel = ieee80211_chan2ieee(ic, chan); break; #if 0 case SIOCG80211ZSTATS: #endif case SIOCG80211STATS: ifr = (struct ifreq *)data; copyout(&ic->ic_stats, ifr->ifr_data, sizeof (ic->ic_stats)); #if 0 if (cmd == SIOCG80211ZSTATS) memset(&ic->ic_stats, 0, sizeof(ic->ic_stats)); #endif break; case SIOCS80211TXPOWER: if ((error = suser(curproc, 0)) != 0) break; txpower = (struct ieee80211_txpower *)data; if ((ic->ic_caps & IEEE80211_C_TXPMGT) == 0) { error = EINVAL; break; } if (IEEE80211_TXPOWER_MIN > txpower->i_val || txpower->i_val > IEEE80211_TXPOWER_MAX) { error = EINVAL; break; } ic->ic_txpower = txpower->i_val; error = ENETRESET; break; case SIOCG80211TXPOWER: txpower = (struct ieee80211_txpower *)data; if ((ic->ic_caps & IEEE80211_C_TXPMGT) == 0) error = EINVAL; else txpower->i_val = ic->ic_txpower; break; case SIOCSIFMTU: ifr = (struct ifreq *)data; if (!(IEEE80211_MTU_MIN <= ifr->ifr_mtu && ifr->ifr_mtu <= IEEE80211_MTU_MAX)) error = EINVAL; else ifp->if_mtu = ifr->ifr_mtu; break; case SIOCS80211SCAN: if ((error = suser(curproc, 0)) != 0) break; if (ic->ic_opmode == IEEE80211_M_HOSTAP) break; if ((ifp->if_flags & IFF_UP) == 0) { error = ENETDOWN; break; } if ((ic->ic_scan_lock & IEEE80211_SCAN_REQUEST) == 0) { if (ic->ic_scan_lock & IEEE80211_SCAN_LOCKED) ic->ic_scan_lock |= IEEE80211_SCAN_RESUME; ic->ic_scan_lock |= IEEE80211_SCAN_REQUEST; if (ic->ic_state != IEEE80211_S_SCAN) ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); } /* Let the userspace process wait for completion */ error = tsleep(&ic->ic_scan_lock, PCATCH, "80211scan", hz * IEEE80211_SCAN_TIMEOUT); break; case SIOCG80211NODE: nr = (struct ieee80211_nodereq *)data; ni = ieee80211_find_node(ic, nr->nr_macaddr); if (ni == NULL) { error = ENOENT; break; } ieee80211_node2req(ic, ni, nr); break; case SIOCS80211NODE: if ((error = suser(curproc, 0)) != 0) break; if (ic->ic_opmode == IEEE80211_M_HOSTAP) { error = EINVAL; break; } nr = (struct ieee80211_nodereq *)data; ni = ieee80211_find_node(ic, nr->nr_macaddr); if (ni == NULL) ni = ieee80211_alloc_node(ic, nr->nr_macaddr); if (ni == NULL) { error = ENOENT; break; } if (nr->nr_flags & IEEE80211_NODEREQ_COPY) ieee80211_req2node(ic, nr, ni); break; case SIOCS80211DELNODE: if ((error = suser(curproc, 0)) != 0) break; nr = (struct ieee80211_nodereq *)data; ni = ieee80211_find_node(ic, nr->nr_macaddr); if (ni == NULL) error = ENOENT; else if (ni == ic->ic_bss) error = EPERM; else { if (ni->ni_state == IEEE80211_STA_COLLECT) break; /* Disassociate station. */ if (ni->ni_state == IEEE80211_STA_ASSOC) IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DISASSOC, IEEE80211_REASON_ASSOC_LEAVE); /* Deauth station. */ if (ni->ni_state >= IEEE80211_STA_AUTH) IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, IEEE80211_REASON_AUTH_LEAVE); ieee80211_release_node(ic, ni); } break; case SIOCG80211ALLNODES: na = (struct ieee80211_nodereq_all *)data; na->na_nodes = i = 0; ni = RB_MIN(ieee80211_tree, &ic->ic_tree); while (ni && na->na_size >= i + sizeof(struct ieee80211_nodereq)) { ieee80211_node2req(ic, ni, &nrbuf); error = copyout(&nrbuf, (caddr_t)na->na_node + i, sizeof(struct ieee80211_nodereq)); if (error) break; i += sizeof(struct ieee80211_nodereq); na->na_nodes++; ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); } break; case SIOCG80211FLAGS: flags = ic->ic_flags; if (ic->ic_opmode != IEEE80211_M_HOSTAP) flags &= ~IEEE80211_F_HOSTAPMASK; ifr->ifr_flags = flags >> IEEE80211_F_USERSHIFT; break; case SIOCS80211FLAGS: if ((error = suser(curproc, 0)) != 0) break; flags = (u_int32_t)ifr->ifr_flags << IEEE80211_F_USERSHIFT; if (ic->ic_opmode != IEEE80211_M_HOSTAP && (flags & IEEE80211_F_HOSTAPMASK)) { error = EINVAL; break; } ic->ic_flags = (ic->ic_flags & ~IEEE80211_F_USERMASK) | flags; error = ENETRESET; break; default: error = ENOTTY; break; } return error; }
/* * Send Group Key Handshake Message 1 to the supplicant. */ int ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) { struct ieee80211_eapol_key *key; const struct ieee80211_key *k; struct mbuf *m; u_int16_t info; u_int8_t *frm; u_int8_t kid; ni->ni_rsn_gstate = RSNA_REKEYNEGOTIATING; if (++ni->ni_rsn_retries > 3) { IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, IEEE80211_REASON_GROUP_TIMEOUT); ieee80211_node_leave(ic, ni); return 0; } if (ni->ni_flags & IEEE80211_NODE_REKEY) kid = (ic->ic_def_txkey == 1) ? 2 : 1; else kid = ic->ic_def_txkey; k = &ic->ic_nw_keys[kid]; m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, ((ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ? k->k_len : 2 + 6 + k->k_len) + ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0) + 15); if (m == NULL) return ENOMEM; key = mtod(m, struct ieee80211_eapol_key *); memset(key, 0, sizeof(*key)); info = EAPOL_KEY_KEYACK | EAPOL_KEY_KEYMIC | EAPOL_KEY_SECURE | EAPOL_KEY_ENCRYPTED; ni->ni_replaycnt++; BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); frm = (u_int8_t *)&key[1]; if (ni->ni_rsnprotos == IEEE80211_PROTO_WPA) { /* WPA does not have GTK KDE */ BE_WRITE_2(key->keylen, k->k_len); memcpy(frm, k->k_key, k->k_len); frm += k->k_len; info |= (k->k_id & 0x3) << EAPOL_KEY_WPA_KID_SHIFT; if (ni->ni_rsncipher == IEEE80211_CIPHER_USEGROUP) info |= EAPOL_KEY_WPA_TX; } else { /* RSN */ frm = ieee80211_add_gtk_kde(frm, ni, k); if (ni->ni_flags & IEEE80211_NODE_MFP) { if (ni->ni_flags & IEEE80211_NODE_REKEY) kid = (ic->ic_igtk_kid == 4) ? 5 : 4; else kid = ic->ic_igtk_kid; frm = ieee80211_add_igtk_kde(frm, &ic->ic_nw_keys[kid]); } } /* RSC = last transmit sequence number for the GTK */ LE_WRITE_6(key->rsc, k->k_tsc); /* write the key info field */ BE_WRITE_2(key->info, info); m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; if (ic->ic_if.if_flags & IFF_DEBUG) printf("%s: sending msg %d/%d of the %s handshake to %s\n", ic->ic_if.if_xname, 1, 2, "group key", ether_sprintf(ni->ni_macaddr)); return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); }
/* * Send 4-Way Handshake Message 3 to the supplicant. */ int ieee80211_send_4way_msg3(struct ieee80211com *ic, struct ieee80211_node *ni) { struct ieee80211_eapol_key *key; struct ieee80211_key *k = NULL; struct mbuf *m; u_int16_t info, keylen; u_int8_t *frm; ni->ni_rsn_state = RSNA_PTKINITNEGOTIATING; if (++ni->ni_rsn_retries > 3) { IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, IEEE80211_REASON_4WAY_TIMEOUT); ieee80211_node_leave(ic, ni); return 0; } if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) { k = &ic->ic_nw_keys[ic->ic_def_txkey]; m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 2 + IEEE80211_RSNIE_MAXLEN + 2 + 6 + k->k_len + 15 + ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0)); } else { /* WPA */ m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, 2 + IEEE80211_WPAIE_MAXLEN + ((ni->ni_flags & IEEE80211_NODE_MFP) ? 2 + 28 : 0)); } if (m == NULL) return ENOMEM; key = mtod(m, struct ieee80211_eapol_key *); memset(key, 0, sizeof(*key)); info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYACK | EAPOL_KEY_KEYMIC; if (ni->ni_rsncipher != IEEE80211_CIPHER_USEGROUP) info |= EAPOL_KEY_INSTALL; /* use same nonce as in Message 1 */ memcpy(key->nonce, ni->ni_nonce, EAPOL_KEY_NONCE_LEN); ni->ni_replaycnt++; BE_WRITE_8(key->replaycnt, ni->ni_replaycnt); keylen = ieee80211_cipher_keylen(ni->ni_rsncipher); BE_WRITE_2(key->keylen, keylen); frm = (u_int8_t *)&key[1]; /* add the WPA/RSN IE included in Beacon/Probe Response */ if (ni->ni_rsnprotos == IEEE80211_PROTO_RSN) { frm = ieee80211_add_rsn(frm, ic, ic->ic_bss); /* encapsulate the GTK */ frm = ieee80211_add_gtk_kde(frm, ni, k); LE_WRITE_6(key->rsc, k->k_tsc); /* encapsulate the IGTK if MFP was negotiated */ if (ni->ni_flags & IEEE80211_NODE_MFP) { frm = ieee80211_add_igtk_kde(frm, &ic->ic_nw_keys[ic->ic_igtk_kid]); } /* ask that the EAPOL-Key frame be encrypted */ info |= EAPOL_KEY_ENCRYPTED | EAPOL_KEY_SECURE; } else /* WPA */ frm = ieee80211_add_wpa(frm, ic, ic->ic_bss); /* write the key info field */ BE_WRITE_2(key->info, info); m->m_pkthdr.len = m->m_len = frm - (u_int8_t *)key; if (ic->ic_if.if_flags & IFF_DEBUG) printf("%s: sending msg %d/%d of the %s handshake to %s\n", ic->ic_if.if_xname, 3, 4, "4-way", ether_sprintf(ni->ni_macaddr)); return ieee80211_send_eapol_key(ic, m, ni, &ni->ni_ptk); }
/* * Timeout inactive nodes. * * If called because of a cache timeout, which happens only in hostap and ibss * modes, clean all inactive cached or authenticated nodes but don't de-auth * any associated nodes. * * Else, this function is called because a new node must be allocated but the * node cache is full. In this case, return as soon as a free slot was made * available. If acting as hostap, clean cached nodes regardless of their * recent activity and also allow de-authing of authenticated nodes older * than one cache wait interval, and de-authing of inactive associated nodes. */ void ieee80211_clean_nodes(struct ieee80211com *ic, int cache_timeout) { struct ieee80211_node *ni, *next_ni; u_int gen = ic->ic_scangen++; /* NB: ok 'cuz single-threaded*/ int s; #ifndef IEEE80211_STA_ONLY int nnodes = 0; struct ifnet *ifp = &ic->ic_if; #endif s = splnet(); for (ni = RB_MIN(ieee80211_tree, &ic->ic_tree); ni != NULL; ni = next_ni) { next_ni = RB_NEXT(ieee80211_tree, &ic->ic_tree, ni); if (!cache_timeout && ic->ic_nnodes < ic->ic_max_nnodes) break; if (ni->ni_scangen == gen) /* previously handled */ continue; #ifndef IEEE80211_STA_ONLY nnodes++; #endif ni->ni_scangen = gen; if (ni->ni_refcnt > 0) continue; #ifndef IEEE80211_STA_ONLY if ((ic->ic_opmode == IEEE80211_M_HOSTAP || ic->ic_opmode == IEEE80211_M_IBSS) && ic->ic_state == IEEE80211_S_RUN) { if (cache_timeout) { if (ni->ni_state != IEEE80211_STA_COLLECT && (ni->ni_state == IEEE80211_STA_ASSOC || ni->ni_inact < IEEE80211_INACT_MAX)) continue; } else { if (ic->ic_opmode == IEEE80211_M_HOSTAP && ((ni->ni_state == IEEE80211_STA_ASSOC && ni->ni_inact < IEEE80211_INACT_MAX) || (ni->ni_state == IEEE80211_STA_AUTH && ni->ni_inact == 0))) continue; if (ic->ic_opmode == IEEE80211_M_IBSS && ni->ni_state != IEEE80211_STA_COLLECT && ni->ni_state != IEEE80211_STA_CACHE && ni->ni_inact < IEEE80211_INACT_MAX) continue; } } if (ifp->if_flags & IFF_DEBUG) printf("%s: station %s purged from node cache\n", ifp->if_xname, ether_sprintf(ni->ni_macaddr)); #endif /* * If we're hostap and the node is authenticated, send * a deauthentication frame. The node will be freed when * the driver calls ieee80211_release_node(). */ #ifndef IEEE80211_STA_ONLY nnodes--; if (ic->ic_opmode == IEEE80211_M_HOSTAP && ni->ni_state >= IEEE80211_STA_AUTH && ni->ni_state != IEEE80211_STA_COLLECT) { splx(s); IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH, IEEE80211_REASON_AUTH_EXPIRE); s = splnet(); ieee80211_node_leave(ic, ni); } else #endif ieee80211_free_node(ic, ni); ic->ic_stats.is_node_timeout++; } #ifndef IEEE80211_STA_ONLY /* * During a cache timeout we iterate over all nodes. * Check for node leaks by comparing the actual number of cached * nodes with the ic_nnodes count, which is maintained while adding * and removing nodes from the cache. */ if ((ifp->if_flags & IFF_DEBUG) && cache_timeout && nnodes != ic->ic_nnodes) printf("%s: number of cached nodes is %d, expected %d," "possible nodes leak\n", ifp->if_xname, nnodes, ic->ic_nnodes); #endif splx(s); }