static void hostapd_deauth_all_stas(hostapd *hapd)
{
u8 addr[ETH_ALEN];
memset(addr, 0xff, ETH_ALEN);
ieee802_11_send_deauth(hapd, addr, WLAN_REASON_PREV_AUTH_NOT_VALID);
}
static void ieee80211_tkip_countermeasures_start(struct hostapd_data *hapd)
{
struct sta_info *sta;
hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO, "TKIP countermeasures initiated");
hapd->tkip_countermeasures = 1;
wpa_gtk_rekey(hapd);
eloop_cancel_timeout(ieee80211_tkip_countermeasures_stop, hapd, NULL);
eloop_register_timeout(60, 0, ieee80211_tkip_countermeasures_stop,
hapd, NULL);
for (sta = hapd->sta_list; sta != NULL; sta = sta->next) {
ieee802_11_send_deauth(hapd, sta->addr,
WLAN_REASON_MICHAEL_MIC_FAILURE);
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
WLAN_STA_AUTHORIZED);
remove_sta(hapd->driver.data, sta->addr);
}
}
static void handle_data(hostapd *hapd, char *buf, size_t len, u16 stype)
{
struct ieee80211_hdr *hdr;
u16 fc, ethertype;
u8 *pos, *sa;
size_t left;
struct sta_info *sta;
if (len < sizeof(struct ieee80211_hdr))
return;
hdr = (struct ieee80211_hdr *) buf;
fc = le_to_host16(hdr->frame_control);
if ((fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) != WLAN_FC_TODS) {
printf("Not ToDS data frame (fc=0x%04x)\n", fc);
return;
}
sa = hdr->addr2;
sta = ap_get_sta(hapd, sa);
if (!sta || !(sta->flags & WLAN_STA_ASSOC)) {
printf("Data frame from not associated STA " MACSTR "\n",
MAC2STR(sa));
if (sta && (sta->flags & WLAN_STA_AUTH))
ieee802_11_send_disassoc(
hapd, sa,
WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
else
ieee802_11_send_deauth(
hapd, sa,
WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
return;
}
pos = (u8 *) (hdr + 1);
left = len - sizeof(*hdr);
if (left < sizeof(rfc1042_header)) {
printf("Too short data frame\n");
return;
}
if (memcmp(pos, rfc1042_header, sizeof(rfc1042_header)) != 0) {
printf("Data frame with no RFC1042 header\n");
return;
}
pos += sizeof(rfc1042_header);
left -= sizeof(rfc1042_header);
if (left < 2) {
printf("No ethertype in data frame\n");
return;
}
ethertype = *pos++ << 8;
ethertype |= *pos++;
left -= 2;
switch (ethertype) {
case ETH_P_PAE:
if (hapd->conf->ieee802_1x)
ieee802_1x_receive(hapd, sa, pos, left);
else
printf("IEEE 802.1X is not configured to be used - "
"dropping packet\n");
break;
default:
printf("Unknown ethertype 0x%04x in data frame\n", ethertype);
break;
}
}
static int hostapd_config_reload_sta(struct hostapd_data *hapd,
struct sta_info *sta, void *data)
{
struct hostapd_config_change *change = data;
struct hostapd_bss_config *newbss, *oldbss;
int deauth = 0;
u8 reason = WLAN_REASON_PREV_AUTH_NOT_VALID;
newbss = change->newbss;
oldbss = change->oldbss;
hapd = change->hapd;
if (sta->ssid == &oldbss->ssid) {
sta->ssid = &newbss->ssid;
if (newbss->ssid.ssid_len != oldbss->ssid.ssid_len ||
memcmp(newbss->ssid.ssid, oldbss->ssid.ssid,
newbss->ssid.ssid_len) != 0) {
/* main SSID was changed - kick STA out */
deauth++;
}
}
sta->ssid_probe = sta->ssid;
/*
* If MAC ACL configuration has changed, deauthenticate stations that
* have been removed from accepted list or have been added to denied
* list. If external RADIUS server is used for ACL, all stations are
* deauthenticated and they will need to authenticate again. This
* limits sudden load on the RADIUS server since the verification will
* be done over the time needed for the STAs to reauthenticate
* themselves.
*/
if (change->mac_acl_changed &&
(newbss->macaddr_acl == USE_EXTERNAL_RADIUS_AUTH ||
!hostapd_allowed_address(hapd, sta->addr, NULL, 0, NULL, NULL,
NULL)))
deauth++;
if (newbss->ieee802_1x != oldbss->ieee802_1x &&
sta->ssid == &hapd->conf->ssid)
deauth++;
if (newbss->wpa != oldbss->wpa)
deauth++;
if (!newbss->wme_enabled && (sta->flags & WLAN_STA_WME))
deauth++;
if (newbss->auth_algs != oldbss->auth_algs &&
((sta->auth_alg == WLAN_AUTH_OPEN &&
!(newbss->auth_algs & HOSTAPD_AUTH_OPEN)) ||
(sta->auth_alg == WLAN_AUTH_SHARED_KEY &&
!(newbss->auth_algs & HOSTAPD_AUTH_SHARED_KEY))))
deauth++;
if (change->num_sta_remove > 0) {
deauth++;
reason = WLAN_REASON_DISASSOC_AP_BUSY;
}
if (deauth) {
HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "STA " MACSTR
" deauthenticated during config reloading "
"(reason=%d)\n", MAC2STR(sta->addr), reason);
ieee802_11_send_deauth(hapd, sta->addr, reason);
ap_sta_deauthenticate(hapd, sta, reason);
change->num_sta_remove--;
}
return 0;
}
