Home | History | Annotate | Download | only in ap
      1 /*
      2  * hostapd / Station table
      3  * Copyright (c) 2002-2011, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "utils/includes.h"
     10 
     11 #include "utils/common.h"
     12 #include "utils/eloop.h"
     13 #include "common/ieee802_11_defs.h"
     14 #include "common/wpa_ctrl.h"
     15 #include "common/sae.h"
     16 #include "radius/radius.h"
     17 #include "radius/radius_client.h"
     18 #include "drivers/driver.h"
     19 #include "p2p/p2p.h"
     20 #include "hostapd.h"
     21 #include "accounting.h"
     22 #include "ieee802_1x.h"
     23 #include "ieee802_11.h"
     24 #include "ieee802_11_auth.h"
     25 #include "wpa_auth.h"
     26 #include "preauth_auth.h"
     27 #include "ap_config.h"
     28 #include "beacon.h"
     29 #include "ap_mlme.h"
     30 #include "vlan_init.h"
     31 #include "p2p_hostapd.h"
     32 #include "ap_drv_ops.h"
     33 #include "gas_serv.h"
     34 #include "sta_info.h"
     35 
     36 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
     37 				       struct sta_info *sta);
     38 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
     39 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx);
     40 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
     41 #ifdef CONFIG_IEEE80211W
     42 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
     43 #endif /* CONFIG_IEEE80211W */
     44 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
     45 
     46 int ap_for_each_sta(struct hostapd_data *hapd,
     47 		    int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
     48 			      void *ctx),
     49 		    void *ctx)
     50 {
     51 	struct sta_info *sta;
     52 
     53 	for (sta = hapd->sta_list; sta; sta = sta->next) {
     54 		if (cb(hapd, sta, ctx))
     55 			return 1;
     56 	}
     57 
     58 	return 0;
     59 }
     60 
     61 
     62 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
     63 {
     64 	struct sta_info *s;
     65 
     66 	s = hapd->sta_hash[STA_HASH(sta)];
     67 	while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
     68 		s = s->hnext;
     69 	return s;
     70 }
     71 
     72 
     73 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
     74 {
     75 	struct sta_info *tmp;
     76 
     77 	if (hapd->sta_list == sta) {
     78 		hapd->sta_list = sta->next;
     79 		return;
     80 	}
     81 
     82 	tmp = hapd->sta_list;
     83 	while (tmp != NULL && tmp->next != sta)
     84 		tmp = tmp->next;
     85 	if (tmp == NULL) {
     86 		wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
     87 			   "list.", MAC2STR(sta->addr));
     88 	} else
     89 		tmp->next = sta->next;
     90 }
     91 
     92 
     93 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
     94 {
     95 	sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
     96 	hapd->sta_hash[STA_HASH(sta->addr)] = sta;
     97 }
     98 
     99 
    100 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
    101 {
    102 	struct sta_info *s;
    103 
    104 	s = hapd->sta_hash[STA_HASH(sta->addr)];
    105 	if (s == NULL) return;
    106 	if (os_memcmp(s->addr, sta->addr, 6) == 0) {
    107 		hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
    108 		return;
    109 	}
    110 
    111 	while (s->hnext != NULL &&
    112 	       os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
    113 		s = s->hnext;
    114 	if (s->hnext != NULL)
    115 		s->hnext = s->hnext->hnext;
    116 	else
    117 		wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
    118 			   " from hash table", MAC2STR(sta->addr));
    119 }
    120 
    121 
    122 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
    123 {
    124 	int set_beacon = 0;
    125 
    126 	accounting_sta_stop(hapd, sta);
    127 
    128 	/* just in case */
    129 	ap_sta_set_authorized(hapd, sta, 0);
    130 
    131 	if (sta->flags & WLAN_STA_WDS)
    132 		hostapd_set_wds_sta(hapd, sta->addr, sta->aid, 0);
    133 
    134 	if (!(sta->flags & WLAN_STA_PREAUTH))
    135 		hostapd_drv_sta_remove(hapd, sta->addr);
    136 
    137 	ap_sta_hash_del(hapd, sta);
    138 	ap_sta_list_del(hapd, sta);
    139 
    140 	if (sta->aid > 0)
    141 		hapd->sta_aid[(sta->aid - 1) / 32] &=
    142 			~BIT((sta->aid - 1) % 32);
    143 
    144 	hapd->num_sta--;
    145 	if (sta->nonerp_set) {
    146 		sta->nonerp_set = 0;
    147 		hapd->iface->num_sta_non_erp--;
    148 		if (hapd->iface->num_sta_non_erp == 0)
    149 			set_beacon++;
    150 	}
    151 
    152 	if (sta->no_short_slot_time_set) {
    153 		sta->no_short_slot_time_set = 0;
    154 		hapd->iface->num_sta_no_short_slot_time--;
    155 		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
    156 		    && hapd->iface->num_sta_no_short_slot_time == 0)
    157 			set_beacon++;
    158 	}
    159 
    160 	if (sta->no_short_preamble_set) {
    161 		sta->no_short_preamble_set = 0;
    162 		hapd->iface->num_sta_no_short_preamble--;
    163 		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
    164 		    && hapd->iface->num_sta_no_short_preamble == 0)
    165 			set_beacon++;
    166 	}
    167 
    168 	if (sta->no_ht_gf_set) {
    169 		sta->no_ht_gf_set = 0;
    170 		hapd->iface->num_sta_ht_no_gf--;
    171 	}
    172 
    173 	if (sta->no_ht_set) {
    174 		sta->no_ht_set = 0;
    175 		hapd->iface->num_sta_no_ht--;
    176 	}
    177 
    178 	if (sta->ht_20mhz_set) {
    179 		sta->ht_20mhz_set = 0;
    180 		hapd->iface->num_sta_ht_20mhz--;
    181 	}
    182 
    183 #ifdef CONFIG_P2P
    184 	if (sta->no_p2p_set) {
    185 		sta->no_p2p_set = 0;
    186 		hapd->num_sta_no_p2p--;
    187 		if (hapd->num_sta_no_p2p == 0)
    188 			hostapd_p2p_non_p2p_sta_disconnected(hapd);
    189 	}
    190 #endif /* CONFIG_P2P */
    191 
    192 #if defined(NEED_AP_MLME) && defined(CONFIG_IEEE80211N)
    193 	if (hostapd_ht_operation_update(hapd->iface) > 0)
    194 		set_beacon++;
    195 #endif /* NEED_AP_MLME && CONFIG_IEEE80211N */
    196 
    197 	if (set_beacon)
    198 		ieee802_11_set_beacons(hapd->iface);
    199 
    200 	wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR,
    201 		   __func__, MAC2STR(sta->addr));
    202 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
    203 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
    204 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
    205 	eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
    206 
    207 	ieee802_1x_free_station(sta);
    208 	wpa_auth_sta_deinit(sta->wpa_sm);
    209 	rsn_preauth_free_station(hapd, sta);
    210 #ifndef CONFIG_NO_RADIUS
    211 	radius_client_flush_auth(hapd->radius, sta->addr);
    212 #endif /* CONFIG_NO_RADIUS */
    213 
    214 	os_free(sta->last_assoc_req);
    215 	os_free(sta->challenge);
    216 
    217 #ifdef CONFIG_IEEE80211W
    218 	os_free(sta->sa_query_trans_id);
    219 	eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
    220 #endif /* CONFIG_IEEE80211W */
    221 
    222 #ifdef CONFIG_P2P
    223 	p2p_group_notif_disassoc(hapd->p2p_group, sta->addr);
    224 #endif /* CONFIG_P2P */
    225 
    226 #ifdef CONFIG_INTERWORKING
    227 	if (sta->gas_dialog) {
    228 		int i;
    229 		for (i = 0; i < GAS_DIALOG_MAX; i++)
    230 			gas_serv_dialog_clear(&sta->gas_dialog[i]);
    231 		os_free(sta->gas_dialog);
    232 	}
    233 #endif /* CONFIG_INTERWORKING */
    234 
    235 	wpabuf_free(sta->wps_ie);
    236 	wpabuf_free(sta->p2p_ie);
    237 	wpabuf_free(sta->hs20_ie);
    238 
    239 	os_free(sta->ht_capabilities);
    240 	hostapd_free_psk_list(sta->psk);
    241 	os_free(sta->identity);
    242 	os_free(sta->radius_cui);
    243 
    244 #ifdef CONFIG_SAE
    245 	sae_clear_data(sta->sae);
    246 	os_free(sta->sae);
    247 #endif /* CONFIG_SAE */
    248 
    249 	os_free(sta);
    250 }
    251 
    252 
    253 void hostapd_free_stas(struct hostapd_data *hapd)
    254 {
    255 	struct sta_info *sta, *prev;
    256 
    257 	sta = hapd->sta_list;
    258 
    259 	while (sta) {
    260 		prev = sta;
    261 		if (sta->flags & WLAN_STA_AUTH) {
    262 			mlme_deauthenticate_indication(
    263 				hapd, sta, WLAN_REASON_UNSPECIFIED);
    264 		}
    265 		sta = sta->next;
    266 		wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
    267 			   MAC2STR(prev->addr));
    268 		ap_free_sta(hapd, prev);
    269 	}
    270 }
    271 
    272 
    273 /**
    274  * ap_handle_timer - Per STA timer handler
    275  * @eloop_ctx: struct hostapd_data *
    276  * @timeout_ctx: struct sta_info *
    277  *
    278  * This function is called to check station activity and to remove inactive
    279  * stations.
    280  */
    281 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
    282 {
    283 	struct hostapd_data *hapd = eloop_ctx;
    284 	struct sta_info *sta = timeout_ctx;
    285 	unsigned long next_time = 0;
    286 
    287 	wpa_printf(MSG_DEBUG, "%s: " MACSTR " flags=0x%x timeout_next=%d",
    288 		   __func__, MAC2STR(sta->addr), sta->flags,
    289 		   sta->timeout_next);
    290 	if (sta->timeout_next == STA_REMOVE) {
    291 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    292 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
    293 			       "local deauth request");
    294 		ap_free_sta(hapd, sta);
    295 		return;
    296 	}
    297 
    298 	if ((sta->flags & WLAN_STA_ASSOC) &&
    299 	    (sta->timeout_next == STA_NULLFUNC ||
    300 	     sta->timeout_next == STA_DISASSOC)) {
    301 		int inactive_sec;
    302 		/*
    303 		 * Add random value to timeout so that we don't end up bouncing
    304 		 * all stations at the same time if we have lots of associated
    305 		 * stations that are idle (but keep re-associating).
    306 		 */
    307 		int fuzz = os_random() % 20;
    308 		inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr);
    309 		if (inactive_sec == -1) {
    310 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
    311 				"Check inactivity: Could not "
    312 				"get station info from kernel driver for "
    313 				MACSTR, MAC2STR(sta->addr));
    314 			/*
    315 			 * The driver may not support this functionality.
    316 			 * Anyway, try again after the next inactivity timeout,
    317 			 * but do not disconnect the station now.
    318 			 */
    319 			next_time = hapd->conf->ap_max_inactivity + fuzz;
    320 		} else if (inactive_sec < hapd->conf->ap_max_inactivity &&
    321 			   sta->flags & WLAN_STA_ASSOC) {
    322 			/* station activity detected; reset timeout state */
    323 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
    324 				"Station " MACSTR " has been active %is ago",
    325 				MAC2STR(sta->addr), inactive_sec);
    326 			sta->timeout_next = STA_NULLFUNC;
    327 			next_time = hapd->conf->ap_max_inactivity + fuzz -
    328 				inactive_sec;
    329 		} else {
    330 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
    331 				"Station " MACSTR " has been "
    332 				"inactive too long: %d sec, max allowed: %d",
    333 				MAC2STR(sta->addr), inactive_sec,
    334 				hapd->conf->ap_max_inactivity);
    335 
    336 			if (hapd->conf->skip_inactivity_poll)
    337 				sta->timeout_next = STA_DISASSOC;
    338 		}
    339 	}
    340 
    341 	if ((sta->flags & WLAN_STA_ASSOC) &&
    342 	    sta->timeout_next == STA_DISASSOC &&
    343 	    !(sta->flags & WLAN_STA_PENDING_POLL) &&
    344 	    !hapd->conf->skip_inactivity_poll) {
    345 		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
    346 			" has ACKed data poll", MAC2STR(sta->addr));
    347 		/* data nullfunc frame poll did not produce TX errors; assume
    348 		 * station ACKed it */
    349 		sta->timeout_next = STA_NULLFUNC;
    350 		next_time = hapd->conf->ap_max_inactivity;
    351 	}
    352 
    353 	if (next_time) {
    354 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
    355 			   "for " MACSTR " (%lu seconds)",
    356 			   __func__, MAC2STR(sta->addr), next_time);
    357 		eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
    358 				       sta);
    359 		return;
    360 	}
    361 
    362 	if (sta->timeout_next == STA_NULLFUNC &&
    363 	    (sta->flags & WLAN_STA_ASSOC)) {
    364 		wpa_printf(MSG_DEBUG, "  Polling STA");
    365 		sta->flags |= WLAN_STA_PENDING_POLL;
    366 		hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr,
    367 					sta->flags & WLAN_STA_WMM);
    368 	} else if (sta->timeout_next != STA_REMOVE) {
    369 		int deauth = sta->timeout_next == STA_DEAUTH;
    370 
    371 		wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
    372 			"Timeout, sending %s info to STA " MACSTR,
    373 			deauth ? "deauthentication" : "disassociation",
    374 			MAC2STR(sta->addr));
    375 
    376 		if (deauth) {
    377 			hostapd_drv_sta_deauth(
    378 				hapd, sta->addr,
    379 				WLAN_REASON_PREV_AUTH_NOT_VALID);
    380 		} else {
    381 			hostapd_drv_sta_disassoc(
    382 				hapd, sta->addr,
    383 				WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
    384 		}
    385 	}
    386 
    387 	switch (sta->timeout_next) {
    388 	case STA_NULLFUNC:
    389 		sta->timeout_next = STA_DISASSOC;
    390 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
    391 			   "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)",
    392 			   __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY);
    393 		eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
    394 				       hapd, sta);
    395 		break;
    396 	case STA_DISASSOC:
    397 		ap_sta_set_authorized(hapd, sta, 0);
    398 		sta->flags &= ~WLAN_STA_ASSOC;
    399 		ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
    400 		if (!sta->acct_terminate_cause)
    401 			sta->acct_terminate_cause =
    402 				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
    403 		accounting_sta_stop(hapd, sta);
    404 		ieee802_1x_free_station(sta);
    405 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    406 			       HOSTAPD_LEVEL_INFO, "disassociated due to "
    407 			       "inactivity");
    408 		sta->timeout_next = STA_DEAUTH;
    409 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
    410 			   "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)",
    411 			   __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY);
    412 		eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
    413 				       hapd, sta);
    414 		mlme_disassociate_indication(
    415 			hapd, sta, WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
    416 		break;
    417 	case STA_DEAUTH:
    418 	case STA_REMOVE:
    419 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    420 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
    421 			       "inactivity (timer DEAUTH/REMOVE)");
    422 		if (!sta->acct_terminate_cause)
    423 			sta->acct_terminate_cause =
    424 				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
    425 		mlme_deauthenticate_indication(
    426 			hapd, sta,
    427 			WLAN_REASON_PREV_AUTH_NOT_VALID);
    428 		ap_free_sta(hapd, sta);
    429 		break;
    430 	}
    431 }
    432 
    433 
    434 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
    435 {
    436 	struct hostapd_data *hapd = eloop_ctx;
    437 	struct sta_info *sta = timeout_ctx;
    438 	u8 addr[ETH_ALEN];
    439 
    440 	if (!(sta->flags & WLAN_STA_AUTH)) {
    441 		if (sta->flags & WLAN_STA_GAS) {
    442 			wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
    443 				   "entry " MACSTR, MAC2STR(sta->addr));
    444 			ap_free_sta(hapd, sta);
    445 		}
    446 		return;
    447 	}
    448 
    449 	mlme_deauthenticate_indication(hapd, sta,
    450 				       WLAN_REASON_PREV_AUTH_NOT_VALID);
    451 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    452 		       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
    453 		       "session timeout");
    454 	sta->acct_terminate_cause =
    455 		RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
    456 	os_memcpy(addr, sta->addr, ETH_ALEN);
    457 	ap_free_sta(hapd, sta);
    458 	hostapd_drv_sta_deauth(hapd, addr, WLAN_REASON_PREV_AUTH_NOT_VALID);
    459 }
    460 
    461 
    462 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
    463 			    u32 session_timeout)
    464 {
    465 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    466 		       HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
    467 		       "seconds", session_timeout);
    468 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
    469 	eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
    470 			       hapd, sta);
    471 }
    472 
    473 
    474 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
    475 {
    476 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
    477 }
    478 
    479 
    480 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
    481 {
    482 	struct sta_info *sta;
    483 
    484 	sta = ap_get_sta(hapd, addr);
    485 	if (sta)
    486 		return sta;
    487 
    488 	wpa_printf(MSG_DEBUG, "  New STA");
    489 	if (hapd->num_sta >= hapd->conf->max_num_sta) {
    490 		/* FIX: might try to remove some old STAs first? */
    491 		wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
    492 			   hapd->num_sta, hapd->conf->max_num_sta);
    493 		return NULL;
    494 	}
    495 
    496 	sta = os_zalloc(sizeof(struct sta_info));
    497 	if (sta == NULL) {
    498 		wpa_printf(MSG_ERROR, "malloc failed");
    499 		return NULL;
    500 	}
    501 	sta->acct_interim_interval = hapd->conf->acct_interim_interval;
    502 	accounting_sta_get_id(hapd, sta);
    503 
    504 	/* initialize STA info data */
    505 	wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
    506 		   "for " MACSTR " (%d seconds - ap_max_inactivity)",
    507 		   __func__, MAC2STR(addr),
    508 		   hapd->conf->ap_max_inactivity);
    509 	eloop_register_timeout(hapd->conf->ap_max_inactivity, 0,
    510 			       ap_handle_timer, hapd, sta);
    511 	os_memcpy(sta->addr, addr, ETH_ALEN);
    512 	sta->next = hapd->sta_list;
    513 	hapd->sta_list = sta;
    514 	hapd->num_sta++;
    515 	ap_sta_hash_add(hapd, sta);
    516 	sta->ssid = &hapd->conf->ssid;
    517 	ap_sta_remove_in_other_bss(hapd, sta);
    518 
    519 	return sta;
    520 }
    521 
    522 
    523 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
    524 {
    525 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
    526 
    527 	wpa_printf(MSG_DEBUG, "Removing STA " MACSTR " from kernel driver",
    528 		   MAC2STR(sta->addr));
    529 	if (hostapd_drv_sta_remove(hapd, sta->addr) &&
    530 	    sta->flags & WLAN_STA_ASSOC) {
    531 		wpa_printf(MSG_DEBUG, "Could not remove station " MACSTR
    532 			   " from kernel driver.", MAC2STR(sta->addr));
    533 		return -1;
    534 	}
    535 	return 0;
    536 }
    537 
    538 
    539 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
    540 				       struct sta_info *sta)
    541 {
    542 	struct hostapd_iface *iface = hapd->iface;
    543 	size_t i;
    544 
    545 	for (i = 0; i < iface->num_bss; i++) {
    546 		struct hostapd_data *bss = iface->bss[i];
    547 		struct sta_info *sta2;
    548 		/* bss should always be set during operation, but it may be
    549 		 * NULL during reconfiguration. Assume the STA is not
    550 		 * associated to another BSS in that case to avoid NULL pointer
    551 		 * dereferences. */
    552 		if (bss == hapd || bss == NULL)
    553 			continue;
    554 		sta2 = ap_get_sta(bss, sta->addr);
    555 		if (!sta2)
    556 			continue;
    557 
    558 		ap_sta_disconnect(bss, sta2, sta2->addr,
    559 				  WLAN_REASON_PREV_AUTH_NOT_VALID);
    560 	}
    561 }
    562 
    563 
    564 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx)
    565 {
    566 	struct hostapd_data *hapd = eloop_ctx;
    567 	struct sta_info *sta = timeout_ctx;
    568 
    569 	ap_sta_remove(hapd, sta);
    570 	mlme_disassociate_indication(hapd, sta, sta->disassoc_reason);
    571 }
    572 
    573 
    574 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
    575 			 u16 reason)
    576 {
    577 	wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
    578 		   hapd->conf->iface, MAC2STR(sta->addr));
    579 	sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
    580 	ap_sta_set_authorized(hapd, sta, 0);
    581 	sta->timeout_next = STA_DEAUTH;
    582 	wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
    583 		   "for " MACSTR " (%d seconds - "
    584 		   "AP_MAX_INACTIVITY_AFTER_DISASSOC)",
    585 		   __func__, MAC2STR(sta->addr),
    586 		   AP_MAX_INACTIVITY_AFTER_DISASSOC);
    587 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
    588 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
    589 			       ap_handle_timer, hapd, sta);
    590 	accounting_sta_stop(hapd, sta);
    591 	ieee802_1x_free_station(sta);
    592 
    593 	sta->disassoc_reason = reason;
    594 	sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
    595 	eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
    596 	eloop_register_timeout(hapd->iface->drv_flags &
    597 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
    598 			       ap_sta_disassoc_cb_timeout, hapd, sta);
    599 }
    600 
    601 
    602 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx)
    603 {
    604 	struct hostapd_data *hapd = eloop_ctx;
    605 	struct sta_info *sta = timeout_ctx;
    606 
    607 	ap_sta_remove(hapd, sta);
    608 	mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason);
    609 }
    610 
    611 
    612 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
    613 			   u16 reason)
    614 {
    615 	wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
    616 		   hapd->conf->iface, MAC2STR(sta->addr));
    617 	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
    618 	ap_sta_set_authorized(hapd, sta, 0);
    619 	sta->timeout_next = STA_REMOVE;
    620 	wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
    621 		   "for " MACSTR " (%d seconds - "
    622 		   "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
    623 		   __func__, MAC2STR(sta->addr),
    624 		   AP_MAX_INACTIVITY_AFTER_DEAUTH);
    625 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
    626 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
    627 			       ap_handle_timer, hapd, sta);
    628 	accounting_sta_stop(hapd, sta);
    629 	ieee802_1x_free_station(sta);
    630 
    631 	sta->deauth_reason = reason;
    632 	sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
    633 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
    634 	eloop_register_timeout(hapd->iface->drv_flags &
    635 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
    636 			       ap_sta_deauth_cb_timeout, hapd, sta);
    637 }
    638 
    639 
    640 #ifdef CONFIG_WPS
    641 int ap_sta_wps_cancel(struct hostapd_data *hapd,
    642 		      struct sta_info *sta, void *ctx)
    643 {
    644 	if (sta && (sta->flags & WLAN_STA_WPS)) {
    645 		ap_sta_deauthenticate(hapd, sta,
    646 				      WLAN_REASON_PREV_AUTH_NOT_VALID);
    647 		wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR,
    648 			   __func__, MAC2STR(sta->addr));
    649 		return 1;
    650 	}
    651 
    652 	return 0;
    653 }
    654 #endif /* CONFIG_WPS */
    655 
    656 
    657 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta,
    658 		     int old_vlanid)
    659 {
    660 #ifndef CONFIG_NO_VLAN
    661 	const char *iface;
    662 	struct hostapd_vlan *vlan = NULL;
    663 	int ret;
    664 
    665 	/*
    666 	 * Do not proceed furthur if the vlan id remains same. We do not want
    667 	 * duplicate dynamic vlan entries.
    668 	 */
    669 	if (sta->vlan_id == old_vlanid)
    670 		return 0;
    671 
    672 	/*
    673 	 * During 1x reauth, if the vlan id changes, then remove the old id and
    674 	 * proceed furthur to add the new one.
    675 	 */
    676 	if (old_vlanid > 0)
    677 		vlan_remove_dynamic(hapd, old_vlanid);
    678 
    679 	iface = hapd->conf->iface;
    680 	if (sta->ssid->vlan[0])
    681 		iface = sta->ssid->vlan;
    682 
    683 	if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED)
    684 		sta->vlan_id = 0;
    685 	else if (sta->vlan_id > 0) {
    686 		vlan = hapd->conf->vlan;
    687 		while (vlan) {
    688 			if (vlan->vlan_id == sta->vlan_id ||
    689 			    vlan->vlan_id == VLAN_ID_WILDCARD) {
    690 				iface = vlan->ifname;
    691 				break;
    692 			}
    693 			vlan = vlan->next;
    694 		}
    695 	}
    696 
    697 	if (sta->vlan_id > 0 && vlan == NULL) {
    698 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    699 			       HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
    700 			       "binding station to (vlan_id=%d)",
    701 			       sta->vlan_id);
    702 		return -1;
    703 	} else if (sta->vlan_id > 0 && vlan->vlan_id == VLAN_ID_WILDCARD) {
    704 		vlan = vlan_add_dynamic(hapd, vlan, sta->vlan_id);
    705 		if (vlan == NULL) {
    706 			hostapd_logger(hapd, sta->addr,
    707 				       HOSTAPD_MODULE_IEEE80211,
    708 				       HOSTAPD_LEVEL_DEBUG, "could not add "
    709 				       "dynamic VLAN interface for vlan_id=%d",
    710 				       sta->vlan_id);
    711 			return -1;
    712 		}
    713 
    714 		iface = vlan->ifname;
    715 		if (vlan_setup_encryption_dyn(hapd, sta->ssid, iface) != 0) {
    716 			hostapd_logger(hapd, sta->addr,
    717 				       HOSTAPD_MODULE_IEEE80211,
    718 				       HOSTAPD_LEVEL_DEBUG, "could not "
    719 				       "configure encryption for dynamic VLAN "
    720 				       "interface for vlan_id=%d",
    721 				       sta->vlan_id);
    722 		}
    723 
    724 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    725 			       HOSTAPD_LEVEL_DEBUG, "added new dynamic VLAN "
    726 			       "interface '%s'", iface);
    727 	} else if (vlan && vlan->vlan_id == sta->vlan_id) {
    728 		if (sta->vlan_id > 0) {
    729 			vlan->dynamic_vlan++;
    730 			hostapd_logger(hapd, sta->addr,
    731 				       HOSTAPD_MODULE_IEEE80211,
    732 				       HOSTAPD_LEVEL_DEBUG, "updated existing "
    733 				       "dynamic VLAN interface '%s'", iface);
    734 		}
    735 
    736 		/*
    737 		 * Update encryption configuration for statically generated
    738 		 * VLAN interface. This is only used for static WEP
    739 		 * configuration for the case where hostapd did not yet know
    740 		 * which keys are to be used when the interface was added.
    741 		 */
    742 		if (vlan_setup_encryption_dyn(hapd, sta->ssid, iface) != 0) {
    743 			hostapd_logger(hapd, sta->addr,
    744 				       HOSTAPD_MODULE_IEEE80211,
    745 				       HOSTAPD_LEVEL_DEBUG, "could not "
    746 				       "configure encryption for VLAN "
    747 				       "interface for vlan_id=%d",
    748 				       sta->vlan_id);
    749 		}
    750 	}
    751 
    752 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    753 		       HOSTAPD_LEVEL_DEBUG, "binding station to interface "
    754 		       "'%s'", iface);
    755 
    756 	if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
    757 		wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
    758 
    759 	ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id);
    760 	if (ret < 0) {
    761 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    762 			       HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
    763 			       "entry to vlan_id=%d", sta->vlan_id);
    764 	}
    765 	return ret;
    766 #else /* CONFIG_NO_VLAN */
    767 	return 0;
    768 #endif /* CONFIG_NO_VLAN */
    769 }
    770 
    771 
    772 #ifdef CONFIG_IEEE80211W
    773 
    774 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
    775 {
    776 	u32 tu;
    777 	struct os_time now, passed;
    778 	os_get_time(&now);
    779 	os_time_sub(&now, &sta->sa_query_start, &passed);
    780 	tu = (passed.sec * 1000000 + passed.usec) / 1024;
    781 	if (hapd->conf->assoc_sa_query_max_timeout < tu) {
    782 		hostapd_logger(hapd, sta->addr,
    783 			       HOSTAPD_MODULE_IEEE80211,
    784 			       HOSTAPD_LEVEL_DEBUG,
    785 			       "association SA Query timed out");
    786 		sta->sa_query_timed_out = 1;
    787 		os_free(sta->sa_query_trans_id);
    788 		sta->sa_query_trans_id = NULL;
    789 		sta->sa_query_count = 0;
    790 		eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
    791 		return 1;
    792 	}
    793 
    794 	return 0;
    795 }
    796 
    797 
    798 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
    799 {
    800 	struct hostapd_data *hapd = eloop_ctx;
    801 	struct sta_info *sta = timeout_ctx;
    802 	unsigned int timeout, sec, usec;
    803 	u8 *trans_id, *nbuf;
    804 
    805 	if (sta->sa_query_count > 0 &&
    806 	    ap_check_sa_query_timeout(hapd, sta))
    807 		return;
    808 
    809 	nbuf = os_realloc_array(sta->sa_query_trans_id,
    810 				sta->sa_query_count + 1,
    811 				WLAN_SA_QUERY_TR_ID_LEN);
    812 	if (nbuf == NULL)
    813 		return;
    814 	if (sta->sa_query_count == 0) {
    815 		/* Starting a new SA Query procedure */
    816 		os_get_time(&sta->sa_query_start);
    817 	}
    818 	trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
    819 	sta->sa_query_trans_id = nbuf;
    820 	sta->sa_query_count++;
    821 
    822 	os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN);
    823 
    824 	timeout = hapd->conf->assoc_sa_query_retry_timeout;
    825 	sec = ((timeout / 1000) * 1024) / 1000;
    826 	usec = (timeout % 1000) * 1024;
    827 	eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta);
    828 
    829 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    830 		       HOSTAPD_LEVEL_DEBUG,
    831 		       "association SA Query attempt %d", sta->sa_query_count);
    832 
    833 	ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id);
    834 }
    835 
    836 
    837 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
    838 {
    839 	ap_sa_query_timer(hapd, sta);
    840 }
    841 
    842 
    843 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
    844 {
    845 	eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
    846 	os_free(sta->sa_query_trans_id);
    847 	sta->sa_query_trans_id = NULL;
    848 	sta->sa_query_count = 0;
    849 }
    850 
    851 #endif /* CONFIG_IEEE80211W */
    852 
    853 
    854 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
    855 			   int authorized)
    856 {
    857 	const u8 *dev_addr = NULL;
    858 #ifdef CONFIG_P2P
    859 	u8 addr[ETH_ALEN];
    860 #endif /* CONFIG_P2P */
    861 
    862 	if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
    863 		return;
    864 
    865 #ifdef CONFIG_P2P
    866 	if (hapd->p2p_group == NULL) {
    867 		if (sta->p2p_ie != NULL &&
    868 		    p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0)
    869 			dev_addr = addr;
    870 	} else
    871 		dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr);
    872 #endif /* CONFIG_P2P */
    873 
    874 	if (authorized) {
    875 		if (dev_addr)
    876 			wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED
    877 				MACSTR " p2p_dev_addr=" MACSTR,
    878 				MAC2STR(sta->addr), MAC2STR(dev_addr));
    879 		else
    880 			wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED
    881 				MACSTR, MAC2STR(sta->addr));
    882 		if (hapd->msg_ctx_parent &&
    883 		    hapd->msg_ctx_parent != hapd->msg_ctx && dev_addr)
    884 			wpa_msg(hapd->msg_ctx_parent, MSG_INFO,
    885 				AP_STA_CONNECTED MACSTR " p2p_dev_addr="
    886 				MACSTR,
    887 				MAC2STR(sta->addr), MAC2STR(dev_addr));
    888 		else if (hapd->msg_ctx_parent &&
    889 			 hapd->msg_ctx_parent != hapd->msg_ctx)
    890 			wpa_msg(hapd->msg_ctx_parent, MSG_INFO,
    891 				AP_STA_CONNECTED MACSTR, MAC2STR(sta->addr));
    892 
    893 		sta->flags |= WLAN_STA_AUTHORIZED;
    894 	} else {
    895 		if (dev_addr)
    896 			wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED
    897 				MACSTR " p2p_dev_addr=" MACSTR,
    898 				MAC2STR(sta->addr), MAC2STR(dev_addr));
    899 		else
    900 			wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED
    901 				MACSTR, MAC2STR(sta->addr));
    902 		if (hapd->msg_ctx_parent &&
    903 		    hapd->msg_ctx_parent != hapd->msg_ctx && dev_addr)
    904 			wpa_msg(hapd->msg_ctx_parent, MSG_INFO,
    905 				AP_STA_DISCONNECTED MACSTR " p2p_dev_addr="
    906 				MACSTR, MAC2STR(sta->addr), MAC2STR(dev_addr));
    907 		else if (hapd->msg_ctx_parent &&
    908 			 hapd->msg_ctx_parent != hapd->msg_ctx)
    909 			wpa_msg(hapd->msg_ctx_parent, MSG_INFO,
    910 				AP_STA_DISCONNECTED MACSTR,
    911 				MAC2STR(sta->addr));
    912 		sta->flags &= ~WLAN_STA_AUTHORIZED;
    913 	}
    914 
    915 	if (hapd->sta_authorized_cb)
    916 		hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
    917 					sta->addr, authorized, dev_addr);
    918 }
    919 
    920 
    921 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
    922 		       const u8 *addr, u16 reason)
    923 {
    924 
    925 	if (sta == NULL && addr)
    926 		sta = ap_get_sta(hapd, addr);
    927 
    928 	if (addr)
    929 		hostapd_drv_sta_deauth(hapd, addr, reason);
    930 
    931 	if (sta == NULL)
    932 		return;
    933 	ap_sta_set_authorized(hapd, sta, 0);
    934 	wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
    935 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
    936 	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
    937 	wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
    938 		   "for " MACSTR " (%d seconds - "
    939 		   "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
    940 		   __func__, MAC2STR(sta->addr),
    941 		   AP_MAX_INACTIVITY_AFTER_DEAUTH);
    942 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
    943 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
    944 			       ap_handle_timer, hapd, sta);
    945 	sta->timeout_next = STA_REMOVE;
    946 
    947 	sta->deauth_reason = reason;
    948 	sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
    949 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
    950 	eloop_register_timeout(hapd->iface->drv_flags &
    951 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
    952 			       ap_sta_deauth_cb_timeout, hapd, sta);
    953 }
    954 
    955 
    956 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
    957 {
    958 	if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
    959 		wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
    960 		return;
    961 	}
    962 	sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
    963 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
    964 	ap_sta_deauth_cb_timeout(hapd, sta);
    965 }
    966 
    967 
    968 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
    969 {
    970 	if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
    971 		wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
    972 		return;
    973 	}
    974 	sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
    975 	eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
    976 	ap_sta_disassoc_cb_timeout(hapd, sta);
    977 }
    978