1 /* 2 * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP) 3 * Copyright (c) 2002-2007, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * Note: IEEE 802.11F-2003 was a experimental use specification. It has expired 9 * and IEEE has withdrawn it. In other words, it is likely better to look at 10 * using some other mechanism for AP-to-AP communication than extending the 11 * implementation here. 12 */ 13 14 /* TODO: 15 * Level 1: no administrative or security support 16 * (e.g., static BSSID to IP address mapping in each AP) 17 * Level 2: support for dynamic mapping of BSSID to IP address 18 * Level 3: support for encryption and authentication of IAPP messages 19 * - add support for MOVE-notify and MOVE-response (this requires support for 20 * finding out IP address for previous AP using RADIUS) 21 * - add support for Send- and ACK-Security-Block to speedup IEEE 802.1X during 22 * reassociation to another AP 23 * - implement counters etc. for IAPP MIB 24 * - verify endianness of fields in IAPP messages; are they big-endian as 25 * used here? 26 * - RADIUS connection for AP registration and BSSID to IP address mapping 27 * - TCP connection for IAPP MOVE, CACHE 28 * - broadcast ESP for IAPP ADD-notify 29 * - ESP for IAPP MOVE messages 30 * - security block sending/processing 31 * - IEEE 802.11 context transfer 32 */ 33 34 #include "utils/includes.h" 35 #include <net/if.h> 36 #include <sys/ioctl.h> 37 #ifdef USE_KERNEL_HEADERS 38 #include <linux/if_packet.h> 39 #else /* USE_KERNEL_HEADERS */ 40 #include <netpacket/packet.h> 41 #endif /* USE_KERNEL_HEADERS */ 42 43 #include "utils/common.h" 44 #include "utils/eloop.h" 45 #include "common/ieee802_11_defs.h" 46 #include "hostapd.h" 47 #include "ap_config.h" 48 #include "ieee802_11.h" 49 #include "sta_info.h" 50 #include "iapp.h" 51 52 53 #define IAPP_MULTICAST "224.0.1.178" 54 #define IAPP_UDP_PORT 3517 55 #define IAPP_TCP_PORT 3517 56 57 struct iapp_hdr { 58 u8 version; 59 u8 command; 60 be16 identifier; 61 be16 length; 62 /* followed by length-6 octets of data */ 63 } __attribute__ ((packed)); 64 65 #define IAPP_VERSION 0 66 67 enum IAPP_COMMAND { 68 IAPP_CMD_ADD_notify = 0, 69 IAPP_CMD_MOVE_notify = 1, 70 IAPP_CMD_MOVE_response = 2, 71 IAPP_CMD_Send_Security_Block = 3, 72 IAPP_CMD_ACK_Security_Block = 4, 73 IAPP_CMD_CACHE_notify = 5, 74 IAPP_CMD_CACHE_response = 6, 75 }; 76 77 78 /* ADD-notify - multicast UDP on the local LAN */ 79 struct iapp_add_notify { 80 u8 addr_len; /* ETH_ALEN */ 81 u8 reserved; 82 u8 mac_addr[ETH_ALEN]; 83 be16 seq_num; 84 } __attribute__ ((packed)); 85 86 87 /* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */ 88 struct iapp_layer2_update { 89 u8 da[ETH_ALEN]; /* broadcast */ 90 u8 sa[ETH_ALEN]; /* STA addr */ 91 be16 len; /* 6 */ 92 u8 dsap; /* null DSAP address */ 93 u8 ssap; /* null SSAP address, CR=Response */ 94 u8 control; 95 u8 xid_info[3]; 96 } __attribute__ ((packed)); 97 98 99 /* MOVE-notify - unicast TCP */ 100 struct iapp_move_notify { 101 u8 addr_len; /* ETH_ALEN */ 102 u8 reserved; 103 u8 mac_addr[ETH_ALEN]; 104 u16 seq_num; 105 u16 ctx_block_len; 106 /* followed by ctx_block_len bytes */ 107 } __attribute__ ((packed)); 108 109 110 /* MOVE-response - unicast TCP */ 111 struct iapp_move_response { 112 u8 addr_len; /* ETH_ALEN */ 113 u8 status; 114 u8 mac_addr[ETH_ALEN]; 115 u16 seq_num; 116 u16 ctx_block_len; 117 /* followed by ctx_block_len bytes */ 118 } __attribute__ ((packed)); 119 120 enum { 121 IAPP_MOVE_SUCCESSFUL = 0, 122 IAPP_MOVE_DENIED = 1, 123 IAPP_MOVE_STALE_MOVE = 2, 124 }; 125 126 127 /* CACHE-notify */ 128 struct iapp_cache_notify { 129 u8 addr_len; /* ETH_ALEN */ 130 u8 reserved; 131 u8 mac_addr[ETH_ALEN]; 132 u16 seq_num; 133 u8 current_ap[ETH_ALEN]; 134 u16 ctx_block_len; 135 /* ctx_block_len bytes of context block followed by 16-bit context 136 * timeout */ 137 } __attribute__ ((packed)); 138 139 140 /* CACHE-response - unicast TCP */ 141 struct iapp_cache_response { 142 u8 addr_len; /* ETH_ALEN */ 143 u8 status; 144 u8 mac_addr[ETH_ALEN]; 145 u16 seq_num; 146 } __attribute__ ((packed)); 147 148 enum { 149 IAPP_CACHE_SUCCESSFUL = 0, 150 IAPP_CACHE_STALE_CACHE = 1, 151 }; 152 153 154 /* Send-Security-Block - unicast TCP */ 155 struct iapp_send_security_block { 156 u8 iv[8]; 157 u16 sec_block_len; 158 /* followed by sec_block_len bytes of security block */ 159 } __attribute__ ((packed)); 160 161 162 /* ACK-Security-Block - unicast TCP */ 163 struct iapp_ack_security_block { 164 u8 iv[8]; 165 u8 new_ap_ack_authenticator[48]; 166 } __attribute__ ((packed)); 167 168 169 struct iapp_data { 170 struct hostapd_data *hapd; 171 u16 identifier; /* next IAPP identifier */ 172 struct in_addr own, multicast; 173 int udp_sock; 174 int packet_sock; 175 }; 176 177 178 static void iapp_send_add(struct iapp_data *iapp, u8 *mac_addr, u16 seq_num) 179 { 180 char buf[128]; 181 struct iapp_hdr *hdr; 182 struct iapp_add_notify *add; 183 struct sockaddr_in addr; 184 185 /* Send IAPP ADD-notify to remove possible association from other APs 186 */ 187 188 hdr = (struct iapp_hdr *) buf; 189 hdr->version = IAPP_VERSION; 190 hdr->command = IAPP_CMD_ADD_notify; 191 hdr->identifier = host_to_be16(iapp->identifier++); 192 hdr->length = host_to_be16(sizeof(*hdr) + sizeof(*add)); 193 194 add = (struct iapp_add_notify *) (hdr + 1); 195 add->addr_len = ETH_ALEN; 196 add->reserved = 0; 197 os_memcpy(add->mac_addr, mac_addr, ETH_ALEN); 198 199 add->seq_num = host_to_be16(seq_num); 200 201 os_memset(&addr, 0, sizeof(addr)); 202 addr.sin_family = AF_INET; 203 addr.sin_addr.s_addr = iapp->multicast.s_addr; 204 addr.sin_port = htons(IAPP_UDP_PORT); 205 if (sendto(iapp->udp_sock, buf, (char *) (add + 1) - buf, 0, 206 (struct sockaddr *) &addr, sizeof(addr)) < 0) 207 perror("sendto[IAPP-ADD]"); 208 } 209 210 211 static void iapp_send_layer2_update(struct iapp_data *iapp, u8 *addr) 212 { 213 struct iapp_layer2_update msg; 214 215 /* Send Level 2 Update Frame to update forwarding tables in layer 2 216 * bridge devices */ 217 218 /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID) 219 * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */ 220 221 os_memset(msg.da, 0xff, ETH_ALEN); 222 os_memcpy(msg.sa, addr, ETH_ALEN); 223 msg.len = host_to_be16(6); 224 msg.dsap = 0; /* NULL DSAP address */ 225 msg.ssap = 0x01; /* NULL SSAP address, CR Bit: Response */ 226 msg.control = 0xaf; /* XID response lsb.1111F101. 227 * F=0 (no poll command; unsolicited frame) */ 228 msg.xid_info[0] = 0x81; /* XID format identifier */ 229 msg.xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */ 230 msg.xid_info[2] = 1 << 1; /* XID sender's receive window size (RW) 231 * FIX: what is correct RW with 802.11? */ 232 233 if (send(iapp->packet_sock, &msg, sizeof(msg), 0) < 0) 234 perror("send[L2 Update]"); 235 } 236 237 238 /** 239 * iapp_new_station - IAPP processing for a new STA 240 * @iapp: IAPP data 241 * @sta: The associated station 242 */ 243 void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta) 244 { 245 struct ieee80211_mgmt *assoc; 246 u16 seq; 247 248 if (iapp == NULL) 249 return; 250 251 assoc = sta->last_assoc_req; 252 seq = assoc ? WLAN_GET_SEQ_SEQ(le_to_host16(assoc->seq_ctrl)) : 0; 253 254 /* IAPP-ADD.request(MAC Address, Sequence Number, Timeout) */ 255 hostapd_logger(iapp->hapd, sta->addr, HOSTAPD_MODULE_IAPP, 256 HOSTAPD_LEVEL_DEBUG, "IAPP-ADD.request(seq=%d)", seq); 257 iapp_send_layer2_update(iapp, sta->addr); 258 iapp_send_add(iapp, sta->addr, seq); 259 260 if (assoc && WLAN_FC_GET_STYPE(le_to_host16(assoc->frame_control)) == 261 WLAN_FC_STYPE_REASSOC_REQ) { 262 /* IAPP-MOVE.request(MAC Address, Sequence Number, Old AP, 263 * Context Block, Timeout) 264 */ 265 /* TODO: Send IAPP-MOVE to the old AP; Map Old AP BSSID to 266 * IP address */ 267 } 268 } 269 270 271 static void iapp_process_add_notify(struct iapp_data *iapp, 272 struct sockaddr_in *from, 273 struct iapp_hdr *hdr, int len) 274 { 275 struct iapp_add_notify *add = (struct iapp_add_notify *) (hdr + 1); 276 struct sta_info *sta; 277 278 if (len != sizeof(*add)) { 279 printf("Invalid IAPP-ADD packet length %d (expected %lu)\n", 280 len, (unsigned long) sizeof(*add)); 281 return; 282 } 283 284 sta = ap_get_sta(iapp->hapd, add->mac_addr); 285 286 /* IAPP-ADD.indication(MAC Address, Sequence Number) */ 287 hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, 288 HOSTAPD_LEVEL_INFO, 289 "Received IAPP ADD-notify (seq# %d) from %s:%d%s", 290 be_to_host16(add->seq_num), 291 inet_ntoa(from->sin_addr), ntohs(from->sin_port), 292 sta ? "" : " (STA not found)"); 293 294 if (!sta) 295 return; 296 297 /* TODO: could use seq_num to try to determine whether last association 298 * to this AP is newer than the one advertised in IAPP-ADD. Although, 299 * this is not really a reliable verification. */ 300 301 hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, 302 HOSTAPD_LEVEL_DEBUG, 303 "Removing STA due to IAPP ADD-notify"); 304 ap_sta_disconnect(iapp->hapd, sta, NULL, 0); 305 } 306 307 308 /** 309 * iapp_receive_udp - Process IAPP UDP frames 310 * @sock: File descriptor for the socket 311 * @eloop_ctx: IAPP data (struct iapp_data *) 312 * @sock_ctx: Not used 313 */ 314 static void iapp_receive_udp(int sock, void *eloop_ctx, void *sock_ctx) 315 { 316 struct iapp_data *iapp = eloop_ctx; 317 int len, hlen; 318 unsigned char buf[128]; 319 struct sockaddr_in from; 320 socklen_t fromlen; 321 struct iapp_hdr *hdr; 322 323 /* Handle incoming IAPP frames (over UDP/IP) */ 324 325 fromlen = sizeof(from); 326 len = recvfrom(iapp->udp_sock, buf, sizeof(buf), 0, 327 (struct sockaddr *) &from, &fromlen); 328 if (len < 0) { 329 perror("recvfrom"); 330 return; 331 } 332 333 if (from.sin_addr.s_addr == iapp->own.s_addr) 334 return; /* ignore own IAPP messages */ 335 336 hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, 337 HOSTAPD_LEVEL_DEBUG, 338 "Received %d byte IAPP frame from %s%s\n", 339 len, inet_ntoa(from.sin_addr), 340 len < (int) sizeof(*hdr) ? " (too short)" : ""); 341 342 if (len < (int) sizeof(*hdr)) 343 return; 344 345 hdr = (struct iapp_hdr *) buf; 346 hlen = be_to_host16(hdr->length); 347 hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, 348 HOSTAPD_LEVEL_DEBUG, 349 "RX: version=%d command=%d id=%d len=%d\n", 350 hdr->version, hdr->command, 351 be_to_host16(hdr->identifier), hlen); 352 if (hdr->version != IAPP_VERSION) { 353 printf("Dropping IAPP frame with unknown version %d\n", 354 hdr->version); 355 return; 356 } 357 if (hlen > len) { 358 printf("Underflow IAPP frame (hlen=%d len=%d)\n", hlen, len); 359 return; 360 } 361 if (hlen < len) { 362 printf("Ignoring %d extra bytes from IAPP frame\n", 363 len - hlen); 364 len = hlen; 365 } 366 367 switch (hdr->command) { 368 case IAPP_CMD_ADD_notify: 369 iapp_process_add_notify(iapp, &from, hdr, hlen - sizeof(*hdr)); 370 break; 371 case IAPP_CMD_MOVE_notify: 372 /* TODO: MOVE is using TCP; so move this to TCP handler once it 373 * is implemented.. */ 374 /* IAPP-MOVE.indication(MAC Address, New BSSID, 375 * Sequence Number, AP Address, Context Block) */ 376 /* TODO: process */ 377 break; 378 default: 379 printf("Unknown IAPP command %d\n", hdr->command); 380 break; 381 } 382 } 383 384 385 struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface) 386 { 387 struct ifreq ifr; 388 struct sockaddr_ll addr; 389 int ifindex; 390 struct sockaddr_in *paddr, uaddr; 391 struct iapp_data *iapp; 392 struct ip_mreqn mreq; 393 394 iapp = os_zalloc(sizeof(*iapp)); 395 if (iapp == NULL) 396 return NULL; 397 iapp->hapd = hapd; 398 iapp->udp_sock = iapp->packet_sock = -1; 399 400 /* TODO: 401 * open socket for sending and receiving IAPP frames over TCP 402 */ 403 404 iapp->udp_sock = socket(PF_INET, SOCK_DGRAM, 0); 405 if (iapp->udp_sock < 0) { 406 perror("socket[PF_INET,SOCK_DGRAM]"); 407 iapp_deinit(iapp); 408 return NULL; 409 } 410 411 os_memset(&ifr, 0, sizeof(ifr)); 412 os_strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); 413 if (ioctl(iapp->udp_sock, SIOCGIFINDEX, &ifr) != 0) { 414 perror("ioctl(SIOCGIFINDEX)"); 415 iapp_deinit(iapp); 416 return NULL; 417 } 418 ifindex = ifr.ifr_ifindex; 419 420 if (ioctl(iapp->udp_sock, SIOCGIFADDR, &ifr) != 0) { 421 perror("ioctl(SIOCGIFADDR)"); 422 iapp_deinit(iapp); 423 return NULL; 424 } 425 paddr = (struct sockaddr_in *) &ifr.ifr_addr; 426 if (paddr->sin_family != AF_INET) { 427 printf("Invalid address family %i (SIOCGIFADDR)\n", 428 paddr->sin_family); 429 iapp_deinit(iapp); 430 return NULL; 431 } 432 iapp->own.s_addr = paddr->sin_addr.s_addr; 433 434 if (ioctl(iapp->udp_sock, SIOCGIFBRDADDR, &ifr) != 0) { 435 perror("ioctl(SIOCGIFBRDADDR)"); 436 iapp_deinit(iapp); 437 return NULL; 438 } 439 paddr = (struct sockaddr_in *) &ifr.ifr_addr; 440 if (paddr->sin_family != AF_INET) { 441 printf("Invalid address family %i (SIOCGIFBRDADDR)\n", 442 paddr->sin_family); 443 iapp_deinit(iapp); 444 return NULL; 445 } 446 inet_aton(IAPP_MULTICAST, &iapp->multicast); 447 448 os_memset(&uaddr, 0, sizeof(uaddr)); 449 uaddr.sin_family = AF_INET; 450 uaddr.sin_port = htons(IAPP_UDP_PORT); 451 if (bind(iapp->udp_sock, (struct sockaddr *) &uaddr, 452 sizeof(uaddr)) < 0) { 453 perror("bind[UDP]"); 454 iapp_deinit(iapp); 455 return NULL; 456 } 457 458 os_memset(&mreq, 0, sizeof(mreq)); 459 mreq.imr_multiaddr = iapp->multicast; 460 mreq.imr_address.s_addr = INADDR_ANY; 461 mreq.imr_ifindex = 0; 462 if (setsockopt(iapp->udp_sock, SOL_IP, IP_ADD_MEMBERSHIP, &mreq, 463 sizeof(mreq)) < 0) { 464 perror("setsockopt[UDP,IP_ADD_MEMBERSHIP]"); 465 iapp_deinit(iapp); 466 return NULL; 467 } 468 469 iapp->packet_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 470 if (iapp->packet_sock < 0) { 471 perror("socket[PF_PACKET,SOCK_RAW]"); 472 iapp_deinit(iapp); 473 return NULL; 474 } 475 476 os_memset(&addr, 0, sizeof(addr)); 477 addr.sll_family = AF_PACKET; 478 addr.sll_ifindex = ifindex; 479 if (bind(iapp->packet_sock, (struct sockaddr *) &addr, 480 sizeof(addr)) < 0) { 481 perror("bind[PACKET]"); 482 iapp_deinit(iapp); 483 return NULL; 484 } 485 486 if (eloop_register_read_sock(iapp->udp_sock, iapp_receive_udp, 487 iapp, NULL)) { 488 printf("Could not register read socket for IAPP.\n"); 489 iapp_deinit(iapp); 490 return NULL; 491 } 492 493 printf("IEEE 802.11F (IAPP) using interface %s\n", iface); 494 495 /* TODO: For levels 2 and 3: send RADIUS Initiate-Request, receive 496 * RADIUS Initiate-Accept or Initiate-Reject. IAPP port should actually 497 * be openned only after receiving Initiate-Accept. If Initiate-Reject 498 * is received, IAPP is not started. */ 499 500 return iapp; 501 } 502 503 504 void iapp_deinit(struct iapp_data *iapp) 505 { 506 struct ip_mreqn mreq; 507 508 if (iapp == NULL) 509 return; 510 511 if (iapp->udp_sock >= 0) { 512 os_memset(&mreq, 0, sizeof(mreq)); 513 mreq.imr_multiaddr = iapp->multicast; 514 mreq.imr_address.s_addr = INADDR_ANY; 515 mreq.imr_ifindex = 0; 516 if (setsockopt(iapp->udp_sock, SOL_IP, IP_DROP_MEMBERSHIP, 517 &mreq, sizeof(mreq)) < 0) { 518 perror("setsockopt[UDP,IP_DEL_MEMBERSHIP]"); 519 } 520 521 eloop_unregister_read_sock(iapp->udp_sock); 522 close(iapp->udp_sock); 523 } 524 if (iapp->packet_sock >= 0) { 525 eloop_unregister_read_sock(iapp->packet_sock); 526 close(iapp->packet_sock); 527 } 528 os_free(iapp); 529 } 530
