1 /* 2 * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP) 3 * Copyright (c) 2002-2007, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 * 8 * Note: IEEE 802.11F-2003 was a experimental use specification. It has expired 9 * and IEEE has withdrawn it. In other words, it is likely better to look at 10 * using some other mechanism for AP-to-AP communication than extending the 11 * implementation here. 12 */ 13 14 /* TODO: 15 * Level 1: no administrative or security support 16 * (e.g., static BSSID to IP address mapping in each AP) 17 * Level 2: support for dynamic mapping of BSSID to IP address 18 * Level 3: support for encryption and authentication of IAPP messages 19 * - add support for MOVE-notify and MOVE-response (this requires support for 20 * finding out IP address for previous AP using RADIUS) 21 * - add support for Send- and ACK-Security-Block to speedup IEEE 802.1X during 22 * reassociation to another AP 23 * - implement counters etc. for IAPP MIB 24 * - verify endianness of fields in IAPP messages; are they big-endian as 25 * used here? 26 * - RADIUS connection for AP registration and BSSID to IP address mapping 27 * - TCP connection for IAPP MOVE, CACHE 28 * - broadcast ESP for IAPP ADD-notify 29 * - ESP for IAPP MOVE messages 30 * - security block sending/processing 31 * - IEEE 802.11 context transfer 32 */ 33 34 #include "utils/includes.h" 35 #include <net/if.h> 36 #include <sys/ioctl.h> 37 #ifdef USE_KERNEL_HEADERS 38 #include <linux/if_packet.h> 39 #else /* USE_KERNEL_HEADERS */ 40 #include <netpacket/packet.h> 41 #endif /* USE_KERNEL_HEADERS */ 42 43 #include "utils/common.h" 44 #include "utils/eloop.h" 45 #include "common/ieee802_11_defs.h" 46 #include "hostapd.h" 47 #include "ap_config.h" 48 #include "ieee802_11.h" 49 #include "sta_info.h" 50 #include "iapp.h" 51 52 53 #define IAPP_MULTICAST "224.0.1.178" 54 #define IAPP_UDP_PORT 3517 55 #define IAPP_TCP_PORT 3517 56 57 struct iapp_hdr { 58 u8 version; 59 u8 command; 60 be16 identifier; 61 be16 length; 62 /* followed by length-6 octets of data */ 63 } __attribute__ ((packed)); 64 65 #define IAPP_VERSION 0 66 67 enum IAPP_COMMAND { 68 IAPP_CMD_ADD_notify = 0, 69 IAPP_CMD_MOVE_notify = 1, 70 IAPP_CMD_MOVE_response = 2, 71 IAPP_CMD_Send_Security_Block = 3, 72 IAPP_CMD_ACK_Security_Block = 4, 73 IAPP_CMD_CACHE_notify = 5, 74 IAPP_CMD_CACHE_response = 6, 75 }; 76 77 78 /* ADD-notify - multicast UDP on the local LAN */ 79 struct iapp_add_notify { 80 u8 addr_len; /* ETH_ALEN */ 81 u8 reserved; 82 u8 mac_addr[ETH_ALEN]; 83 be16 seq_num; 84 } __attribute__ ((packed)); 85 86 87 /* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */ 88 struct iapp_layer2_update { 89 u8 da[ETH_ALEN]; /* broadcast */ 90 u8 sa[ETH_ALEN]; /* STA addr */ 91 be16 len; /* 6 */ 92 u8 dsap; /* null DSAP address */ 93 u8 ssap; /* null SSAP address, CR=Response */ 94 u8 control; 95 u8 xid_info[3]; 96 } __attribute__ ((packed)); 97 98 99 /* MOVE-notify - unicast TCP */ 100 struct iapp_move_notify { 101 u8 addr_len; /* ETH_ALEN */ 102 u8 reserved; 103 u8 mac_addr[ETH_ALEN]; 104 u16 seq_num; 105 u16 ctx_block_len; 106 /* followed by ctx_block_len bytes */ 107 } __attribute__ ((packed)); 108 109 110 /* MOVE-response - unicast TCP */ 111 struct iapp_move_response { 112 u8 addr_len; /* ETH_ALEN */ 113 u8 status; 114 u8 mac_addr[ETH_ALEN]; 115 u16 seq_num; 116 u16 ctx_block_len; 117 /* followed by ctx_block_len bytes */ 118 } __attribute__ ((packed)); 119 120 enum { 121 IAPP_MOVE_SUCCESSFUL = 0, 122 IAPP_MOVE_DENIED = 1, 123 IAPP_MOVE_STALE_MOVE = 2, 124 }; 125 126 127 /* CACHE-notify */ 128 struct iapp_cache_notify { 129 u8 addr_len; /* ETH_ALEN */ 130 u8 reserved; 131 u8 mac_addr[ETH_ALEN]; 132 u16 seq_num; 133 u8 current_ap[ETH_ALEN]; 134 u16 ctx_block_len; 135 /* ctx_block_len bytes of context block followed by 16-bit context 136 * timeout */ 137 } __attribute__ ((packed)); 138 139 140 /* CACHE-response - unicast TCP */ 141 struct iapp_cache_response { 142 u8 addr_len; /* ETH_ALEN */ 143 u8 status; 144 u8 mac_addr[ETH_ALEN]; 145 u16 seq_num; 146 } __attribute__ ((packed)); 147 148 enum { 149 IAPP_CACHE_SUCCESSFUL = 0, 150 IAPP_CACHE_STALE_CACHE = 1, 151 }; 152 153 154 /* Send-Security-Block - unicast TCP */ 155 struct iapp_send_security_block { 156 u8 iv[8]; 157 u16 sec_block_len; 158 /* followed by sec_block_len bytes of security block */ 159 } __attribute__ ((packed)); 160 161 162 /* ACK-Security-Block - unicast TCP */ 163 struct iapp_ack_security_block { 164 u8 iv[8]; 165 u8 new_ap_ack_authenticator[48]; 166 } __attribute__ ((packed)); 167 168 169 struct iapp_data { 170 struct hostapd_data *hapd; 171 u16 identifier; /* next IAPP identifier */ 172 struct in_addr own, multicast; 173 int udp_sock; 174 int packet_sock; 175 }; 176 177 178 static void iapp_send_add(struct iapp_data *iapp, u8 *mac_addr, u16 seq_num) 179 { 180 char buf[128]; 181 struct iapp_hdr *hdr; 182 struct iapp_add_notify *add; 183 struct sockaddr_in addr; 184 185 /* Send IAPP ADD-notify to remove possible association from other APs 186 */ 187 188 hdr = (struct iapp_hdr *) buf; 189 hdr->version = IAPP_VERSION; 190 hdr->command = IAPP_CMD_ADD_notify; 191 hdr->identifier = host_to_be16(iapp->identifier++); 192 hdr->length = host_to_be16(sizeof(*hdr) + sizeof(*add)); 193 194 add = (struct iapp_add_notify *) (hdr + 1); 195 add->addr_len = ETH_ALEN; 196 add->reserved = 0; 197 os_memcpy(add->mac_addr, mac_addr, ETH_ALEN); 198 199 add->seq_num = host_to_be16(seq_num); 200 201 os_memset(&addr, 0, sizeof(addr)); 202 addr.sin_family = AF_INET; 203 addr.sin_addr.s_addr = iapp->multicast.s_addr; 204 addr.sin_port = htons(IAPP_UDP_PORT); 205 if (sendto(iapp->udp_sock, buf, (char *) (add + 1) - buf, 0, 206 (struct sockaddr *) &addr, sizeof(addr)) < 0) 207 wpa_printf(MSG_INFO, "sendto[IAPP-ADD]: %s", strerror(errno)); 208 } 209 210 211 static void iapp_send_layer2_update(struct iapp_data *iapp, u8 *addr) 212 { 213 struct iapp_layer2_update msg; 214 215 /* Send Level 2 Update Frame to update forwarding tables in layer 2 216 * bridge devices */ 217 218 /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID) 219 * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */ 220 221 os_memset(msg.da, 0xff, ETH_ALEN); 222 os_memcpy(msg.sa, addr, ETH_ALEN); 223 msg.len = host_to_be16(6); 224 msg.dsap = 0; /* NULL DSAP address */ 225 msg.ssap = 0x01; /* NULL SSAP address, CR Bit: Response */ 226 msg.control = 0xaf; /* XID response lsb.1111F101. 227 * F=0 (no poll command; unsolicited frame) */ 228 msg.xid_info[0] = 0x81; /* XID format identifier */ 229 msg.xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */ 230 msg.xid_info[2] = 1 << 1; /* XID sender's receive window size (RW) 231 * FIX: what is correct RW with 802.11? */ 232 233 if (send(iapp->packet_sock, &msg, sizeof(msg), 0) < 0) 234 wpa_printf(MSG_INFO, "send[L2 Update]: %s", strerror(errno)); 235 } 236 237 238 /** 239 * iapp_new_station - IAPP processing for a new STA 240 * @iapp: IAPP data 241 * @sta: The associated station 242 */ 243 void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta) 244 { 245 u16 seq = 0; /* TODO */ 246 247 if (iapp == NULL) 248 return; 249 250 /* IAPP-ADD.request(MAC Address, Sequence Number, Timeout) */ 251 hostapd_logger(iapp->hapd, sta->addr, HOSTAPD_MODULE_IAPP, 252 HOSTAPD_LEVEL_DEBUG, "IAPP-ADD.request(seq=%d)", seq); 253 iapp_send_layer2_update(iapp, sta->addr); 254 iapp_send_add(iapp, sta->addr, seq); 255 256 /* TODO: If this was reassociation: 257 * IAPP-MOVE.request(MAC Address, Sequence Number, Old AP, 258 * Context Block, Timeout) 259 * TODO: Send IAPP-MOVE to the old AP; Map Old AP BSSID to 260 * IP address */ 261 } 262 263 264 static void iapp_process_add_notify(struct iapp_data *iapp, 265 struct sockaddr_in *from, 266 struct iapp_hdr *hdr, int len) 267 { 268 struct iapp_add_notify *add = (struct iapp_add_notify *) (hdr + 1); 269 struct sta_info *sta; 270 271 if (len != sizeof(*add)) { 272 wpa_printf(MSG_INFO, "Invalid IAPP-ADD packet length %d (expected %lu)", 273 len, (unsigned long) sizeof(*add)); 274 return; 275 } 276 277 sta = ap_get_sta(iapp->hapd, add->mac_addr); 278 279 /* IAPP-ADD.indication(MAC Address, Sequence Number) */ 280 hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, 281 HOSTAPD_LEVEL_INFO, 282 "Received IAPP ADD-notify (seq# %d) from %s:%d%s", 283 be_to_host16(add->seq_num), 284 inet_ntoa(from->sin_addr), ntohs(from->sin_port), 285 sta ? "" : " (STA not found)"); 286 287 if (!sta) 288 return; 289 290 /* TODO: could use seq_num to try to determine whether last association 291 * to this AP is newer than the one advertised in IAPP-ADD. Although, 292 * this is not really a reliable verification. */ 293 294 hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, 295 HOSTAPD_LEVEL_DEBUG, 296 "Removing STA due to IAPP ADD-notify"); 297 ap_sta_disconnect(iapp->hapd, sta, NULL, 0); 298 } 299 300 301 /** 302 * iapp_receive_udp - Process IAPP UDP frames 303 * @sock: File descriptor for the socket 304 * @eloop_ctx: IAPP data (struct iapp_data *) 305 * @sock_ctx: Not used 306 */ 307 static void iapp_receive_udp(int sock, void *eloop_ctx, void *sock_ctx) 308 { 309 struct iapp_data *iapp = eloop_ctx; 310 int len, hlen; 311 unsigned char buf[128]; 312 struct sockaddr_in from; 313 socklen_t fromlen; 314 struct iapp_hdr *hdr; 315 316 /* Handle incoming IAPP frames (over UDP/IP) */ 317 318 fromlen = sizeof(from); 319 len = recvfrom(iapp->udp_sock, buf, sizeof(buf), 0, 320 (struct sockaddr *) &from, &fromlen); 321 if (len < 0) { 322 wpa_printf(MSG_INFO, "iapp_receive_udp - recvfrom: %s", 323 strerror(errno)); 324 return; 325 } 326 327 if (from.sin_addr.s_addr == iapp->own.s_addr) 328 return; /* ignore own IAPP messages */ 329 330 hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, 331 HOSTAPD_LEVEL_DEBUG, 332 "Received %d byte IAPP frame from %s%s\n", 333 len, inet_ntoa(from.sin_addr), 334 len < (int) sizeof(*hdr) ? " (too short)" : ""); 335 336 if (len < (int) sizeof(*hdr)) 337 return; 338 339 hdr = (struct iapp_hdr *) buf; 340 hlen = be_to_host16(hdr->length); 341 hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, 342 HOSTAPD_LEVEL_DEBUG, 343 "RX: version=%d command=%d id=%d len=%d\n", 344 hdr->version, hdr->command, 345 be_to_host16(hdr->identifier), hlen); 346 if (hdr->version != IAPP_VERSION) { 347 wpa_printf(MSG_INFO, "Dropping IAPP frame with unknown version %d", 348 hdr->version); 349 return; 350 } 351 if (hlen > len) { 352 wpa_printf(MSG_INFO, "Underflow IAPP frame (hlen=%d len=%d)", 353 hlen, len); 354 return; 355 } 356 if (hlen < len) { 357 wpa_printf(MSG_INFO, "Ignoring %d extra bytes from IAPP frame", 358 len - hlen); 359 len = hlen; 360 } 361 362 switch (hdr->command) { 363 case IAPP_CMD_ADD_notify: 364 iapp_process_add_notify(iapp, &from, hdr, hlen - sizeof(*hdr)); 365 break; 366 case IAPP_CMD_MOVE_notify: 367 /* TODO: MOVE is using TCP; so move this to TCP handler once it 368 * is implemented.. */ 369 /* IAPP-MOVE.indication(MAC Address, New BSSID, 370 * Sequence Number, AP Address, Context Block) */ 371 /* TODO: process */ 372 break; 373 default: 374 wpa_printf(MSG_INFO, "Unknown IAPP command %d", hdr->command); 375 break; 376 } 377 } 378 379 380 struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface) 381 { 382 struct ifreq ifr; 383 struct sockaddr_ll addr; 384 int ifindex; 385 struct sockaddr_in *paddr, uaddr; 386 struct iapp_data *iapp; 387 struct ip_mreqn mreq; 388 389 iapp = os_zalloc(sizeof(*iapp)); 390 if (iapp == NULL) 391 return NULL; 392 iapp->hapd = hapd; 393 iapp->udp_sock = iapp->packet_sock = -1; 394 395 /* TODO: 396 * open socket for sending and receiving IAPP frames over TCP 397 */ 398 399 iapp->udp_sock = socket(PF_INET, SOCK_DGRAM, 0); 400 if (iapp->udp_sock < 0) { 401 wpa_printf(MSG_INFO, "iapp_init - socket[PF_INET,SOCK_DGRAM]: %s", 402 strerror(errno)); 403 iapp_deinit(iapp); 404 return NULL; 405 } 406 407 os_memset(&ifr, 0, sizeof(ifr)); 408 os_strlcpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); 409 if (ioctl(iapp->udp_sock, SIOCGIFINDEX, &ifr) != 0) { 410 wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFINDEX): %s", 411 strerror(errno)); 412 iapp_deinit(iapp); 413 return NULL; 414 } 415 ifindex = ifr.ifr_ifindex; 416 417 if (ioctl(iapp->udp_sock, SIOCGIFADDR, &ifr) != 0) { 418 wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFADDR): %s", 419 strerror(errno)); 420 iapp_deinit(iapp); 421 return NULL; 422 } 423 paddr = (struct sockaddr_in *) &ifr.ifr_addr; 424 if (paddr->sin_family != AF_INET) { 425 wpa_printf(MSG_INFO, "IAPP: Invalid address family %i (SIOCGIFADDR)", 426 paddr->sin_family); 427 iapp_deinit(iapp); 428 return NULL; 429 } 430 iapp->own.s_addr = paddr->sin_addr.s_addr; 431 432 if (ioctl(iapp->udp_sock, SIOCGIFBRDADDR, &ifr) != 0) { 433 wpa_printf(MSG_INFO, "iapp_init - ioctl(SIOCGIFBRDADDR): %s", 434 strerror(errno)); 435 iapp_deinit(iapp); 436 return NULL; 437 } 438 paddr = (struct sockaddr_in *) &ifr.ifr_addr; 439 if (paddr->sin_family != AF_INET) { 440 wpa_printf(MSG_INFO, "Invalid address family %i (SIOCGIFBRDADDR)", 441 paddr->sin_family); 442 iapp_deinit(iapp); 443 return NULL; 444 } 445 inet_aton(IAPP_MULTICAST, &iapp->multicast); 446 447 os_memset(&uaddr, 0, sizeof(uaddr)); 448 uaddr.sin_family = AF_INET; 449 uaddr.sin_port = htons(IAPP_UDP_PORT); 450 if (bind(iapp->udp_sock, (struct sockaddr *) &uaddr, 451 sizeof(uaddr)) < 0) { 452 wpa_printf(MSG_INFO, "iapp_init - bind[UDP]: %s", 453 strerror(errno)); 454 iapp_deinit(iapp); 455 return NULL; 456 } 457 458 os_memset(&mreq, 0, sizeof(mreq)); 459 mreq.imr_multiaddr = iapp->multicast; 460 mreq.imr_address.s_addr = INADDR_ANY; 461 mreq.imr_ifindex = 0; 462 if (setsockopt(iapp->udp_sock, SOL_IP, IP_ADD_MEMBERSHIP, &mreq, 463 sizeof(mreq)) < 0) { 464 wpa_printf(MSG_INFO, "iapp_init - setsockopt[UDP,IP_ADD_MEMBERSHIP]: %s", 465 strerror(errno)); 466 iapp_deinit(iapp); 467 return NULL; 468 } 469 470 iapp->packet_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 471 if (iapp->packet_sock < 0) { 472 wpa_printf(MSG_INFO, "iapp_init - socket[PF_PACKET,SOCK_RAW]: %s", 473 strerror(errno)); 474 iapp_deinit(iapp); 475 return NULL; 476 } 477 478 os_memset(&addr, 0, sizeof(addr)); 479 addr.sll_family = AF_PACKET; 480 addr.sll_ifindex = ifindex; 481 if (bind(iapp->packet_sock, (struct sockaddr *) &addr, 482 sizeof(addr)) < 0) { 483 wpa_printf(MSG_INFO, "iapp_init - bind[PACKET]: %s", 484 strerror(errno)); 485 iapp_deinit(iapp); 486 return NULL; 487 } 488 489 if (eloop_register_read_sock(iapp->udp_sock, iapp_receive_udp, 490 iapp, NULL)) { 491 wpa_printf(MSG_INFO, "Could not register read socket for IAPP"); 492 iapp_deinit(iapp); 493 return NULL; 494 } 495 496 wpa_printf(MSG_INFO, "IEEE 802.11F (IAPP) using interface %s", iface); 497 498 /* TODO: For levels 2 and 3: send RADIUS Initiate-Request, receive 499 * RADIUS Initiate-Accept or Initiate-Reject. IAPP port should actually 500 * be openned only after receiving Initiate-Accept. If Initiate-Reject 501 * is received, IAPP is not started. */ 502 503 return iapp; 504 } 505 506 507 void iapp_deinit(struct iapp_data *iapp) 508 { 509 struct ip_mreqn mreq; 510 511 if (iapp == NULL) 512 return; 513 514 if (iapp->udp_sock >= 0) { 515 os_memset(&mreq, 0, sizeof(mreq)); 516 mreq.imr_multiaddr = iapp->multicast; 517 mreq.imr_address.s_addr = INADDR_ANY; 518 mreq.imr_ifindex = 0; 519 if (setsockopt(iapp->udp_sock, SOL_IP, IP_DROP_MEMBERSHIP, 520 &mreq, sizeof(mreq)) < 0) { 521 wpa_printf(MSG_INFO, "iapp_deinit - setsockopt[UDP,IP_DEL_MEMBERSHIP]: %s", 522 strerror(errno)); 523 } 524 525 eloop_unregister_read_sock(iapp->udp_sock); 526 close(iapp->udp_sock); 527 } 528 if (iapp->packet_sock >= 0) { 529 eloop_unregister_read_sock(iapp->packet_sock); 530 close(iapp->packet_sock); 531 } 532 os_free(iapp); 533 } 534
