Home | History | Annotate | Download | only in ap
      1 /*
      2  * hostapd / Station table
      3  * Copyright (c) 2002-2013, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "utils/includes.h"
     10 
     11 #include "utils/common.h"
     12 #include "utils/eloop.h"
     13 #include "common/ieee802_11_defs.h"
     14 #include "common/wpa_ctrl.h"
     15 #include "common/sae.h"
     16 #include "radius/radius.h"
     17 #include "radius/radius_client.h"
     18 #include "p2p/p2p.h"
     19 #include "fst/fst.h"
     20 #include "hostapd.h"
     21 #include "accounting.h"
     22 #include "ieee802_1x.h"
     23 #include "ieee802_11.h"
     24 #include "ieee802_11_auth.h"
     25 #include "wpa_auth.h"
     26 #include "preauth_auth.h"
     27 #include "ap_config.h"
     28 #include "beacon.h"
     29 #include "ap_mlme.h"
     30 #include "vlan_init.h"
     31 #include "p2p_hostapd.h"
     32 #include "ap_drv_ops.h"
     33 #include "gas_serv.h"
     34 #include "wnm_ap.h"
     35 #include "mbo_ap.h"
     36 #include "ndisc_snoop.h"
     37 #include "sta_info.h"
     38 #include "vlan.h"
     39 
     40 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
     41 				       struct sta_info *sta);
     42 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx);
     43 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx);
     44 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx);
     45 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx);
     46 #ifdef CONFIG_IEEE80211W
     47 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx);
     48 #endif /* CONFIG_IEEE80211W */
     49 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta);
     50 
     51 int ap_for_each_sta(struct hostapd_data *hapd,
     52 		    int (*cb)(struct hostapd_data *hapd, struct sta_info *sta,
     53 			      void *ctx),
     54 		    void *ctx)
     55 {
     56 	struct sta_info *sta;
     57 
     58 	for (sta = hapd->sta_list; sta; sta = sta->next) {
     59 		if (cb(hapd, sta, ctx))
     60 			return 1;
     61 	}
     62 
     63 	return 0;
     64 }
     65 
     66 
     67 struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta)
     68 {
     69 	struct sta_info *s;
     70 
     71 	s = hapd->sta_hash[STA_HASH(sta)];
     72 	while (s != NULL && os_memcmp(s->addr, sta, 6) != 0)
     73 		s = s->hnext;
     74 	return s;
     75 }
     76 
     77 
     78 #ifdef CONFIG_P2P
     79 struct sta_info * ap_get_sta_p2p(struct hostapd_data *hapd, const u8 *addr)
     80 {
     81 	struct sta_info *sta;
     82 
     83 	for (sta = hapd->sta_list; sta; sta = sta->next) {
     84 		const u8 *p2p_dev_addr;
     85 
     86 		if (sta->p2p_ie == NULL)
     87 			continue;
     88 
     89 		p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
     90 		if (p2p_dev_addr == NULL)
     91 			continue;
     92 
     93 		if (os_memcmp(p2p_dev_addr, addr, ETH_ALEN) == 0)
     94 			return sta;
     95 	}
     96 
     97 	return NULL;
     98 }
     99 #endif /* CONFIG_P2P */
    100 
    101 
    102 static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta)
    103 {
    104 	struct sta_info *tmp;
    105 
    106 	if (hapd->sta_list == sta) {
    107 		hapd->sta_list = sta->next;
    108 		return;
    109 	}
    110 
    111 	tmp = hapd->sta_list;
    112 	while (tmp != NULL && tmp->next != sta)
    113 		tmp = tmp->next;
    114 	if (tmp == NULL) {
    115 		wpa_printf(MSG_DEBUG, "Could not remove STA " MACSTR " from "
    116 			   "list.", MAC2STR(sta->addr));
    117 	} else
    118 		tmp->next = sta->next;
    119 }
    120 
    121 
    122 void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta)
    123 {
    124 	sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)];
    125 	hapd->sta_hash[STA_HASH(sta->addr)] = sta;
    126 }
    127 
    128 
    129 static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta)
    130 {
    131 	struct sta_info *s;
    132 
    133 	s = hapd->sta_hash[STA_HASH(sta->addr)];
    134 	if (s == NULL) return;
    135 	if (os_memcmp(s->addr, sta->addr, 6) == 0) {
    136 		hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext;
    137 		return;
    138 	}
    139 
    140 	while (s->hnext != NULL &&
    141 	       os_memcmp(s->hnext->addr, sta->addr, ETH_ALEN) != 0)
    142 		s = s->hnext;
    143 	if (s->hnext != NULL)
    144 		s->hnext = s->hnext->hnext;
    145 	else
    146 		wpa_printf(MSG_DEBUG, "AP: could not remove STA " MACSTR
    147 			   " from hash table", MAC2STR(sta->addr));
    148 }
    149 
    150 
    151 void ap_sta_ip6addr_del(struct hostapd_data *hapd, struct sta_info *sta)
    152 {
    153 	sta_ip6addr_del(hapd, sta);
    154 }
    155 
    156 
    157 void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta)
    158 {
    159 	int set_beacon = 0;
    160 
    161 	accounting_sta_stop(hapd, sta);
    162 
    163 	/* just in case */
    164 	ap_sta_set_authorized(hapd, sta, 0);
    165 
    166 	if (sta->flags & WLAN_STA_WDS)
    167 		hostapd_set_wds_sta(hapd, NULL, sta->addr, sta->aid, 0);
    168 
    169 	if (sta->ipaddr)
    170 		hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
    171 	ap_sta_ip6addr_del(hapd, sta);
    172 
    173 	if (!hapd->iface->driver_ap_teardown &&
    174 	    !(sta->flags & WLAN_STA_PREAUTH)) {
    175 		hostapd_drv_sta_remove(hapd, sta->addr);
    176 		sta->added_unassoc = 0;
    177 	}
    178 
    179 	ap_sta_hash_del(hapd, sta);
    180 	ap_sta_list_del(hapd, sta);
    181 
    182 	if (sta->aid > 0)
    183 		hapd->sta_aid[(sta->aid - 1) / 32] &=
    184 			~BIT((sta->aid - 1) % 32);
    185 
    186 	hapd->num_sta--;
    187 	if (sta->nonerp_set) {
    188 		sta->nonerp_set = 0;
    189 		hapd->iface->num_sta_non_erp--;
    190 		if (hapd->iface->num_sta_non_erp == 0)
    191 			set_beacon++;
    192 	}
    193 
    194 	if (sta->no_short_slot_time_set) {
    195 		sta->no_short_slot_time_set = 0;
    196 		hapd->iface->num_sta_no_short_slot_time--;
    197 		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
    198 		    && hapd->iface->num_sta_no_short_slot_time == 0)
    199 			set_beacon++;
    200 	}
    201 
    202 	if (sta->no_short_preamble_set) {
    203 		sta->no_short_preamble_set = 0;
    204 		hapd->iface->num_sta_no_short_preamble--;
    205 		if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
    206 		    && hapd->iface->num_sta_no_short_preamble == 0)
    207 			set_beacon++;
    208 	}
    209 
    210 	if (sta->no_ht_gf_set) {
    211 		sta->no_ht_gf_set = 0;
    212 		hapd->iface->num_sta_ht_no_gf--;
    213 	}
    214 
    215 	if (sta->no_ht_set) {
    216 		sta->no_ht_set = 0;
    217 		hapd->iface->num_sta_no_ht--;
    218 	}
    219 
    220 	if (sta->ht_20mhz_set) {
    221 		sta->ht_20mhz_set = 0;
    222 		hapd->iface->num_sta_ht_20mhz--;
    223 	}
    224 
    225 #ifdef CONFIG_IEEE80211N
    226 	ht40_intolerant_remove(hapd->iface, sta);
    227 #endif /* CONFIG_IEEE80211N */
    228 
    229 #ifdef CONFIG_P2P
    230 	if (sta->no_p2p_set) {
    231 		sta->no_p2p_set = 0;
    232 		hapd->num_sta_no_p2p--;
    233 		if (hapd->num_sta_no_p2p == 0)
    234 			hostapd_p2p_non_p2p_sta_disconnected(hapd);
    235 	}
    236 #endif /* CONFIG_P2P */
    237 
    238 #if defined(NEED_AP_MLME) && defined(CONFIG_IEEE80211N)
    239 	if (hostapd_ht_operation_update(hapd->iface) > 0)
    240 		set_beacon++;
    241 #endif /* NEED_AP_MLME && CONFIG_IEEE80211N */
    242 
    243 #ifdef CONFIG_MESH
    244 	if (hapd->mesh_sta_free_cb)
    245 		hapd->mesh_sta_free_cb(hapd, sta);
    246 #endif /* CONFIG_MESH */
    247 
    248 	if (set_beacon)
    249 		ieee802_11_set_beacons(hapd->iface);
    250 
    251 	wpa_printf(MSG_DEBUG, "%s: cancel ap_handle_timer for " MACSTR,
    252 		   __func__, MAC2STR(sta->addr));
    253 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
    254 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
    255 	eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
    256 	ap_sta_clear_disconnect_timeouts(hapd, sta);
    257 	sae_clear_retransmit_timer(hapd, sta);
    258 
    259 	ieee802_1x_free_station(hapd, sta);
    260 	wpa_auth_sta_deinit(sta->wpa_sm);
    261 	rsn_preauth_free_station(hapd, sta);
    262 #ifndef CONFIG_NO_RADIUS
    263 	if (hapd->radius)
    264 		radius_client_flush_auth(hapd->radius, sta->addr);
    265 #endif /* CONFIG_NO_RADIUS */
    266 
    267 #ifndef CONFIG_NO_VLAN
    268 	/*
    269 	 * sta->wpa_sm->group needs to be released before so that
    270 	 * vlan_remove_dynamic() can check that no stations are left on the
    271 	 * AP_VLAN netdev.
    272 	 */
    273 	if (sta->vlan_id)
    274 		vlan_remove_dynamic(hapd, sta->vlan_id);
    275 	if (sta->vlan_id_bound) {
    276 		/*
    277 		 * Need to remove the STA entry before potentially removing the
    278 		 * VLAN.
    279 		 */
    280 		if (hapd->iface->driver_ap_teardown &&
    281 		    !(sta->flags & WLAN_STA_PREAUTH)) {
    282 			hostapd_drv_sta_remove(hapd, sta->addr);
    283 			sta->added_unassoc = 0;
    284 		}
    285 		vlan_remove_dynamic(hapd, sta->vlan_id_bound);
    286 	}
    287 #endif /* CONFIG_NO_VLAN */
    288 
    289 	os_free(sta->challenge);
    290 
    291 #ifdef CONFIG_IEEE80211W
    292 	os_free(sta->sa_query_trans_id);
    293 	eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
    294 #endif /* CONFIG_IEEE80211W */
    295 
    296 #ifdef CONFIG_P2P
    297 	p2p_group_notif_disassoc(hapd->p2p_group, sta->addr);
    298 #endif /* CONFIG_P2P */
    299 
    300 #ifdef CONFIG_INTERWORKING
    301 	if (sta->gas_dialog) {
    302 		int i;
    303 		for (i = 0; i < GAS_DIALOG_MAX; i++)
    304 			gas_serv_dialog_clear(&sta->gas_dialog[i]);
    305 		os_free(sta->gas_dialog);
    306 	}
    307 #endif /* CONFIG_INTERWORKING */
    308 
    309 	wpabuf_free(sta->wps_ie);
    310 	wpabuf_free(sta->p2p_ie);
    311 	wpabuf_free(sta->hs20_ie);
    312 #ifdef CONFIG_FST
    313 	wpabuf_free(sta->mb_ies);
    314 #endif /* CONFIG_FST */
    315 
    316 	os_free(sta->ht_capabilities);
    317 	os_free(sta->vht_capabilities);
    318 	hostapd_free_psk_list(sta->psk);
    319 	os_free(sta->identity);
    320 	os_free(sta->radius_cui);
    321 	os_free(sta->remediation_url);
    322 	wpabuf_free(sta->hs20_deauth_req);
    323 	os_free(sta->hs20_session_info_url);
    324 
    325 #ifdef CONFIG_SAE
    326 	sae_clear_data(sta->sae);
    327 	os_free(sta->sae);
    328 #endif /* CONFIG_SAE */
    329 
    330 	mbo_ap_sta_free(sta);
    331 	os_free(sta->supp_op_classes);
    332 
    333 	os_free(sta);
    334 }
    335 
    336 
    337 void hostapd_free_stas(struct hostapd_data *hapd)
    338 {
    339 	struct sta_info *sta, *prev;
    340 
    341 	sta = hapd->sta_list;
    342 
    343 	while (sta) {
    344 		prev = sta;
    345 		if (sta->flags & WLAN_STA_AUTH) {
    346 			mlme_deauthenticate_indication(
    347 				hapd, sta, WLAN_REASON_UNSPECIFIED);
    348 		}
    349 		sta = sta->next;
    350 		wpa_printf(MSG_DEBUG, "Removing station " MACSTR,
    351 			   MAC2STR(prev->addr));
    352 		ap_free_sta(hapd, prev);
    353 	}
    354 }
    355 
    356 
    357 /**
    358  * ap_handle_timer - Per STA timer handler
    359  * @eloop_ctx: struct hostapd_data *
    360  * @timeout_ctx: struct sta_info *
    361  *
    362  * This function is called to check station activity and to remove inactive
    363  * stations.
    364  */
    365 void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
    366 {
    367 	struct hostapd_data *hapd = eloop_ctx;
    368 	struct sta_info *sta = timeout_ctx;
    369 	unsigned long next_time = 0;
    370 	int reason;
    371 
    372 	wpa_printf(MSG_DEBUG, "%s: %s: " MACSTR " flags=0x%x timeout_next=%d",
    373 		   hapd->conf->iface, __func__, MAC2STR(sta->addr), sta->flags,
    374 		   sta->timeout_next);
    375 	if (sta->timeout_next == STA_REMOVE) {
    376 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    377 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
    378 			       "local deauth request");
    379 		ap_free_sta(hapd, sta);
    380 		return;
    381 	}
    382 
    383 	if ((sta->flags & WLAN_STA_ASSOC) &&
    384 	    (sta->timeout_next == STA_NULLFUNC ||
    385 	     sta->timeout_next == STA_DISASSOC)) {
    386 		int inactive_sec;
    387 		/*
    388 		 * Add random value to timeout so that we don't end up bouncing
    389 		 * all stations at the same time if we have lots of associated
    390 		 * stations that are idle (but keep re-associating).
    391 		 */
    392 		int fuzz = os_random() % 20;
    393 		inactive_sec = hostapd_drv_get_inact_sec(hapd, sta->addr);
    394 		if (inactive_sec == -1) {
    395 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
    396 				"Check inactivity: Could not "
    397 				"get station info from kernel driver for "
    398 				MACSTR, MAC2STR(sta->addr));
    399 			/*
    400 			 * The driver may not support this functionality.
    401 			 * Anyway, try again after the next inactivity timeout,
    402 			 * but do not disconnect the station now.
    403 			 */
    404 			next_time = hapd->conf->ap_max_inactivity + fuzz;
    405 		} else if (inactive_sec == -ENOENT) {
    406 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
    407 				"Station " MACSTR " has lost its driver entry",
    408 				MAC2STR(sta->addr));
    409 
    410 			/* Avoid sending client probe on removed client */
    411 			sta->timeout_next = STA_DISASSOC;
    412 			goto skip_poll;
    413 		} else if (inactive_sec < hapd->conf->ap_max_inactivity) {
    414 			/* station activity detected; reset timeout state */
    415 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
    416 				"Station " MACSTR " has been active %is ago",
    417 				MAC2STR(sta->addr), inactive_sec);
    418 			sta->timeout_next = STA_NULLFUNC;
    419 			next_time = hapd->conf->ap_max_inactivity + fuzz -
    420 				inactive_sec;
    421 		} else {
    422 			wpa_msg(hapd->msg_ctx, MSG_DEBUG,
    423 				"Station " MACSTR " has been "
    424 				"inactive too long: %d sec, max allowed: %d",
    425 				MAC2STR(sta->addr), inactive_sec,
    426 				hapd->conf->ap_max_inactivity);
    427 
    428 			if (hapd->conf->skip_inactivity_poll)
    429 				sta->timeout_next = STA_DISASSOC;
    430 		}
    431 	}
    432 
    433 	if ((sta->flags & WLAN_STA_ASSOC) &&
    434 	    sta->timeout_next == STA_DISASSOC &&
    435 	    !(sta->flags & WLAN_STA_PENDING_POLL) &&
    436 	    !hapd->conf->skip_inactivity_poll) {
    437 		wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
    438 			" has ACKed data poll", MAC2STR(sta->addr));
    439 		/* data nullfunc frame poll did not produce TX errors; assume
    440 		 * station ACKed it */
    441 		sta->timeout_next = STA_NULLFUNC;
    442 		next_time = hapd->conf->ap_max_inactivity;
    443 	}
    444 
    445 skip_poll:
    446 	if (next_time) {
    447 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
    448 			   "for " MACSTR " (%lu seconds)",
    449 			   __func__, MAC2STR(sta->addr), next_time);
    450 		eloop_register_timeout(next_time, 0, ap_handle_timer, hapd,
    451 				       sta);
    452 		return;
    453 	}
    454 
    455 	if (sta->timeout_next == STA_NULLFUNC &&
    456 	    (sta->flags & WLAN_STA_ASSOC)) {
    457 		wpa_printf(MSG_DEBUG, "  Polling STA");
    458 		sta->flags |= WLAN_STA_PENDING_POLL;
    459 		hostapd_drv_poll_client(hapd, hapd->own_addr, sta->addr,
    460 					sta->flags & WLAN_STA_WMM);
    461 	} else if (sta->timeout_next != STA_REMOVE) {
    462 		int deauth = sta->timeout_next == STA_DEAUTH;
    463 
    464 		wpa_dbg(hapd->msg_ctx, MSG_DEBUG,
    465 			"Timeout, sending %s info to STA " MACSTR,
    466 			deauth ? "deauthentication" : "disassociation",
    467 			MAC2STR(sta->addr));
    468 
    469 		if (deauth) {
    470 			hostapd_drv_sta_deauth(
    471 				hapd, sta->addr,
    472 				WLAN_REASON_PREV_AUTH_NOT_VALID);
    473 		} else {
    474 			reason = (sta->timeout_next == STA_DISASSOC) ?
    475 				WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
    476 				WLAN_REASON_PREV_AUTH_NOT_VALID;
    477 
    478 			hostapd_drv_sta_disassoc(hapd, sta->addr, reason);
    479 		}
    480 	}
    481 
    482 	switch (sta->timeout_next) {
    483 	case STA_NULLFUNC:
    484 		sta->timeout_next = STA_DISASSOC;
    485 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
    486 			   "for " MACSTR " (%d seconds - AP_DISASSOC_DELAY)",
    487 			   __func__, MAC2STR(sta->addr), AP_DISASSOC_DELAY);
    488 		eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer,
    489 				       hapd, sta);
    490 		break;
    491 	case STA_DISASSOC:
    492 	case STA_DISASSOC_FROM_CLI:
    493 		ap_sta_set_authorized(hapd, sta, 0);
    494 		sta->flags &= ~WLAN_STA_ASSOC;
    495 		ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
    496 		if (!sta->acct_terminate_cause)
    497 			sta->acct_terminate_cause =
    498 				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
    499 		accounting_sta_stop(hapd, sta);
    500 		ieee802_1x_free_station(hapd, sta);
    501 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    502 			       HOSTAPD_LEVEL_INFO, "disassociated due to "
    503 			       "inactivity");
    504 		reason = (sta->timeout_next == STA_DISASSOC) ?
    505 			WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY :
    506 			WLAN_REASON_PREV_AUTH_NOT_VALID;
    507 		sta->timeout_next = STA_DEAUTH;
    508 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
    509 			   "for " MACSTR " (%d seconds - AP_DEAUTH_DELAY)",
    510 			   __func__, MAC2STR(sta->addr), AP_DEAUTH_DELAY);
    511 		eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
    512 				       hapd, sta);
    513 		mlme_disassociate_indication(hapd, sta, reason);
    514 		break;
    515 	case STA_DEAUTH:
    516 	case STA_REMOVE:
    517 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    518 			       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
    519 			       "inactivity (timer DEAUTH/REMOVE)");
    520 		if (!sta->acct_terminate_cause)
    521 			sta->acct_terminate_cause =
    522 				RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT;
    523 		mlme_deauthenticate_indication(
    524 			hapd, sta,
    525 			WLAN_REASON_PREV_AUTH_NOT_VALID);
    526 		ap_free_sta(hapd, sta);
    527 		break;
    528 	}
    529 }
    530 
    531 
    532 static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx)
    533 {
    534 	struct hostapd_data *hapd = eloop_ctx;
    535 	struct sta_info *sta = timeout_ctx;
    536 
    537 	wpa_printf(MSG_DEBUG, "%s: Session timer for STA " MACSTR,
    538 		   hapd->conf->iface, MAC2STR(sta->addr));
    539 	if (!(sta->flags & WLAN_STA_AUTH)) {
    540 		if (sta->flags & WLAN_STA_GAS) {
    541 			wpa_printf(MSG_DEBUG, "GAS: Remove temporary STA "
    542 				   "entry " MACSTR, MAC2STR(sta->addr));
    543 			ap_free_sta(hapd, sta);
    544 		}
    545 		return;
    546 	}
    547 
    548 	hostapd_drv_sta_deauth(hapd, sta->addr,
    549 			       WLAN_REASON_PREV_AUTH_NOT_VALID);
    550 	mlme_deauthenticate_indication(hapd, sta,
    551 				       WLAN_REASON_PREV_AUTH_NOT_VALID);
    552 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    553 		       HOSTAPD_LEVEL_INFO, "deauthenticated due to "
    554 		       "session timeout");
    555 	sta->acct_terminate_cause =
    556 		RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT;
    557 	ap_free_sta(hapd, sta);
    558 }
    559 
    560 
    561 void ap_sta_replenish_timeout(struct hostapd_data *hapd, struct sta_info *sta,
    562 			      u32 session_timeout)
    563 {
    564 	if (eloop_replenish_timeout(session_timeout, 0,
    565 				    ap_handle_session_timer, hapd, sta) == 1) {
    566 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    567 			       HOSTAPD_LEVEL_DEBUG, "setting session timeout "
    568 			       "to %d seconds", session_timeout);
    569 	}
    570 }
    571 
    572 
    573 void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta,
    574 			    u32 session_timeout)
    575 {
    576 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    577 		       HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d "
    578 		       "seconds", session_timeout);
    579 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
    580 	eloop_register_timeout(session_timeout, 0, ap_handle_session_timer,
    581 			       hapd, sta);
    582 }
    583 
    584 
    585 void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta)
    586 {
    587 	eloop_cancel_timeout(ap_handle_session_timer, hapd, sta);
    588 }
    589 
    590 
    591 static void ap_handle_session_warning_timer(void *eloop_ctx, void *timeout_ctx)
    592 {
    593 #ifdef CONFIG_WNM
    594 	struct hostapd_data *hapd = eloop_ctx;
    595 	struct sta_info *sta = timeout_ctx;
    596 
    597 	wpa_printf(MSG_DEBUG, "%s: WNM: Session warning time reached for "
    598 		   MACSTR, hapd->conf->iface, MAC2STR(sta->addr));
    599 	if (sta->hs20_session_info_url == NULL)
    600 		return;
    601 
    602 	wnm_send_ess_disassoc_imminent(hapd, sta, sta->hs20_session_info_url,
    603 				       sta->hs20_disassoc_timer);
    604 #endif /* CONFIG_WNM */
    605 }
    606 
    607 
    608 void ap_sta_session_warning_timeout(struct hostapd_data *hapd,
    609 				    struct sta_info *sta, int warning_time)
    610 {
    611 	eloop_cancel_timeout(ap_handle_session_warning_timer, hapd, sta);
    612 	eloop_register_timeout(warning_time, 0, ap_handle_session_warning_timer,
    613 			       hapd, sta);
    614 }
    615 
    616 
    617 struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr)
    618 {
    619 	struct sta_info *sta;
    620 
    621 	sta = ap_get_sta(hapd, addr);
    622 	if (sta)
    623 		return sta;
    624 
    625 	wpa_printf(MSG_DEBUG, "  New STA");
    626 	if (hapd->num_sta >= hapd->conf->max_num_sta) {
    627 		/* FIX: might try to remove some old STAs first? */
    628 		wpa_printf(MSG_DEBUG, "no more room for new STAs (%d/%d)",
    629 			   hapd->num_sta, hapd->conf->max_num_sta);
    630 		return NULL;
    631 	}
    632 
    633 	sta = os_zalloc(sizeof(struct sta_info));
    634 	if (sta == NULL) {
    635 		wpa_printf(MSG_ERROR, "malloc failed");
    636 		return NULL;
    637 	}
    638 	sta->acct_interim_interval = hapd->conf->acct_interim_interval;
    639 	if (accounting_sta_get_id(hapd, sta) < 0) {
    640 		os_free(sta);
    641 		return NULL;
    642 	}
    643 
    644 	if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)) {
    645 		wpa_printf(MSG_DEBUG, "%s: register ap_handle_timer timeout "
    646 			   "for " MACSTR " (%d seconds - ap_max_inactivity)",
    647 			   __func__, MAC2STR(addr),
    648 			   hapd->conf->ap_max_inactivity);
    649 		eloop_register_timeout(hapd->conf->ap_max_inactivity, 0,
    650 				       ap_handle_timer, hapd, sta);
    651 	}
    652 
    653 	/* initialize STA info data */
    654 	os_memcpy(sta->addr, addr, ETH_ALEN);
    655 	sta->next = hapd->sta_list;
    656 	hapd->sta_list = sta;
    657 	hapd->num_sta++;
    658 	ap_sta_hash_add(hapd, sta);
    659 	ap_sta_remove_in_other_bss(hapd, sta);
    660 	sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
    661 	dl_list_init(&sta->ip6addr);
    662 
    663 	return sta;
    664 }
    665 
    666 
    667 static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta)
    668 {
    669 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
    670 
    671 	if (sta->ipaddr)
    672 		hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
    673 	ap_sta_ip6addr_del(hapd, sta);
    674 
    675 	wpa_printf(MSG_DEBUG, "%s: Removing STA " MACSTR " from kernel driver",
    676 		   hapd->conf->iface, MAC2STR(sta->addr));
    677 	if (hostapd_drv_sta_remove(hapd, sta->addr) &&
    678 	    sta->flags & WLAN_STA_ASSOC) {
    679 		wpa_printf(MSG_DEBUG, "%s: Could not remove station " MACSTR
    680 			   " from kernel driver",
    681 			   hapd->conf->iface, MAC2STR(sta->addr));
    682 		return -1;
    683 	}
    684 	sta->added_unassoc = 0;
    685 	return 0;
    686 }
    687 
    688 
    689 static void ap_sta_remove_in_other_bss(struct hostapd_data *hapd,
    690 				       struct sta_info *sta)
    691 {
    692 	struct hostapd_iface *iface = hapd->iface;
    693 	size_t i;
    694 
    695 	for (i = 0; i < iface->num_bss; i++) {
    696 		struct hostapd_data *bss = iface->bss[i];
    697 		struct sta_info *sta2;
    698 		/* bss should always be set during operation, but it may be
    699 		 * NULL during reconfiguration. Assume the STA is not
    700 		 * associated to another BSS in that case to avoid NULL pointer
    701 		 * dereferences. */
    702 		if (bss == hapd || bss == NULL)
    703 			continue;
    704 		sta2 = ap_get_sta(bss, sta->addr);
    705 		if (!sta2)
    706 			continue;
    707 
    708 		wpa_printf(MSG_DEBUG, "%s: disconnect old STA " MACSTR
    709 			   " association from another BSS %s",
    710 			   hapd->conf->iface, MAC2STR(sta2->addr),
    711 			   bss->conf->iface);
    712 		ap_sta_disconnect(bss, sta2, sta2->addr,
    713 				  WLAN_REASON_PREV_AUTH_NOT_VALID);
    714 	}
    715 }
    716 
    717 
    718 static void ap_sta_disassoc_cb_timeout(void *eloop_ctx, void *timeout_ctx)
    719 {
    720 	struct hostapd_data *hapd = eloop_ctx;
    721 	struct sta_info *sta = timeout_ctx;
    722 
    723 	wpa_printf(MSG_DEBUG, "%s: Disassociation callback for STA " MACSTR,
    724 		   hapd->conf->iface, MAC2STR(sta->addr));
    725 	ap_sta_remove(hapd, sta);
    726 	mlme_disassociate_indication(hapd, sta, sta->disassoc_reason);
    727 }
    728 
    729 
    730 void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta,
    731 			 u16 reason)
    732 {
    733 	wpa_printf(MSG_DEBUG, "%s: disassociate STA " MACSTR,
    734 		   hapd->conf->iface, MAC2STR(sta->addr));
    735 	sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
    736 	sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
    737 	ap_sta_set_authorized(hapd, sta, 0);
    738 	sta->timeout_next = STA_DEAUTH;
    739 	wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
    740 		   "for " MACSTR " (%d seconds - "
    741 		   "AP_MAX_INACTIVITY_AFTER_DISASSOC)",
    742 		   __func__, MAC2STR(sta->addr),
    743 		   AP_MAX_INACTIVITY_AFTER_DISASSOC);
    744 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
    745 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0,
    746 			       ap_handle_timer, hapd, sta);
    747 	accounting_sta_stop(hapd, sta);
    748 	ieee802_1x_free_station(hapd, sta);
    749 
    750 	sta->disassoc_reason = reason;
    751 	sta->flags |= WLAN_STA_PENDING_DISASSOC_CB;
    752 	eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
    753 	eloop_register_timeout(hapd->iface->drv_flags &
    754 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
    755 			       ap_sta_disassoc_cb_timeout, hapd, sta);
    756 }
    757 
    758 
    759 static void ap_sta_deauth_cb_timeout(void *eloop_ctx, void *timeout_ctx)
    760 {
    761 	struct hostapd_data *hapd = eloop_ctx;
    762 	struct sta_info *sta = timeout_ctx;
    763 
    764 	wpa_printf(MSG_DEBUG, "%s: Deauthentication callback for STA " MACSTR,
    765 		   hapd->conf->iface, MAC2STR(sta->addr));
    766 	ap_sta_remove(hapd, sta);
    767 	mlme_deauthenticate_indication(hapd, sta, sta->deauth_reason);
    768 }
    769 
    770 
    771 void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta,
    772 			   u16 reason)
    773 {
    774 	wpa_printf(MSG_DEBUG, "%s: deauthenticate STA " MACSTR,
    775 		   hapd->conf->iface, MAC2STR(sta->addr));
    776 	sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
    777 	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
    778 	ap_sta_set_authorized(hapd, sta, 0);
    779 	sta->timeout_next = STA_REMOVE;
    780 	wpa_printf(MSG_DEBUG, "%s: reschedule ap_handle_timer timeout "
    781 		   "for " MACSTR " (%d seconds - "
    782 		   "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
    783 		   __func__, MAC2STR(sta->addr),
    784 		   AP_MAX_INACTIVITY_AFTER_DEAUTH);
    785 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
    786 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
    787 			       ap_handle_timer, hapd, sta);
    788 	accounting_sta_stop(hapd, sta);
    789 	ieee802_1x_free_station(hapd, sta);
    790 
    791 	sta->deauth_reason = reason;
    792 	sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
    793 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
    794 	eloop_register_timeout(hapd->iface->drv_flags &
    795 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
    796 			       ap_sta_deauth_cb_timeout, hapd, sta);
    797 }
    798 
    799 
    800 #ifdef CONFIG_WPS
    801 int ap_sta_wps_cancel(struct hostapd_data *hapd,
    802 		      struct sta_info *sta, void *ctx)
    803 {
    804 	if (sta && (sta->flags & WLAN_STA_WPS)) {
    805 		ap_sta_deauthenticate(hapd, sta,
    806 				      WLAN_REASON_PREV_AUTH_NOT_VALID);
    807 		wpa_printf(MSG_DEBUG, "WPS: %s: Deauth sta=" MACSTR,
    808 			   __func__, MAC2STR(sta->addr));
    809 		return 1;
    810 	}
    811 
    812 	return 0;
    813 }
    814 #endif /* CONFIG_WPS */
    815 
    816 
    817 static int ap_sta_get_free_vlan_id(struct hostapd_data *hapd)
    818 {
    819 	struct hostapd_vlan *vlan;
    820 	int vlan_id = MAX_VLAN_ID + 2;
    821 
    822 retry:
    823 	for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
    824 		if (vlan->vlan_id == vlan_id) {
    825 			vlan_id++;
    826 			goto retry;
    827 		}
    828 	}
    829 	return vlan_id;
    830 }
    831 
    832 
    833 int ap_sta_set_vlan(struct hostapd_data *hapd, struct sta_info *sta,
    834 		    struct vlan_description *vlan_desc)
    835 {
    836 	struct hostapd_vlan *vlan = NULL, *wildcard_vlan = NULL;
    837 	int old_vlan_id, vlan_id = 0, ret = 0;
    838 
    839 	if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED)
    840 		vlan_desc = NULL;
    841 
    842 	/* Check if there is something to do */
    843 	if (hapd->conf->ssid.per_sta_vif && !sta->vlan_id) {
    844 		/* This sta is lacking its own vif */
    845 	} else if (hapd->conf->ssid.dynamic_vlan == DYNAMIC_VLAN_DISABLED &&
    846 		   !hapd->conf->ssid.per_sta_vif && sta->vlan_id) {
    847 		/* sta->vlan_id needs to be reset */
    848 	} else if (!vlan_compare(vlan_desc, sta->vlan_desc)) {
    849 		return 0; /* nothing to change */
    850 	}
    851 
    852 	/* Now the real VLAN changed or the STA just needs its own vif */
    853 	if (hapd->conf->ssid.per_sta_vif) {
    854 		/* Assign a new vif, always */
    855 		/* find a free vlan_id sufficiently big */
    856 		vlan_id = ap_sta_get_free_vlan_id(hapd);
    857 		/* Get wildcard VLAN */
    858 		for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
    859 			if (vlan->vlan_id == VLAN_ID_WILDCARD)
    860 				break;
    861 		}
    862 		if (!vlan) {
    863 			hostapd_logger(hapd, sta->addr,
    864 				       HOSTAPD_MODULE_IEEE80211,
    865 				       HOSTAPD_LEVEL_DEBUG,
    866 				       "per_sta_vif missing wildcard");
    867 			vlan_id = 0;
    868 			ret = -1;
    869 			goto done;
    870 		}
    871 	} else if (vlan_desc && vlan_desc->notempty) {
    872 		for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
    873 			if (!vlan_compare(&vlan->vlan_desc, vlan_desc))
    874 				break;
    875 			if (vlan->vlan_id == VLAN_ID_WILDCARD)
    876 				wildcard_vlan = vlan;
    877 		}
    878 		if (vlan) {
    879 			vlan_id = vlan->vlan_id;
    880 		} else if (wildcard_vlan) {
    881 			vlan = wildcard_vlan;
    882 			vlan_id = vlan_desc->untagged;
    883 			if (vlan_desc->tagged[0]) {
    884 				/* Tagged VLAN configuration */
    885 				vlan_id = ap_sta_get_free_vlan_id(hapd);
    886 			}
    887 		} else {
    888 			hostapd_logger(hapd, sta->addr,
    889 				       HOSTAPD_MODULE_IEEE80211,
    890 				       HOSTAPD_LEVEL_DEBUG,
    891 				       "missing vlan and wildcard for vlan=%d%s",
    892 				       vlan_desc->untagged,
    893 				       vlan_desc->tagged[0] ? "+" : "");
    894 			vlan_id = 0;
    895 			ret = -1;
    896 			goto done;
    897 		}
    898 	}
    899 
    900 	if (vlan && vlan->vlan_id == VLAN_ID_WILDCARD) {
    901 		vlan = vlan_add_dynamic(hapd, vlan, vlan_id, vlan_desc);
    902 		if (vlan == NULL) {
    903 			hostapd_logger(hapd, sta->addr,
    904 				       HOSTAPD_MODULE_IEEE80211,
    905 				       HOSTAPD_LEVEL_DEBUG,
    906 				       "could not add dynamic VLAN interface for vlan=%d%s",
    907 				       vlan_desc ? vlan_desc->untagged : -1,
    908 				       (vlan_desc && vlan_desc->tagged[0]) ?
    909 				       "+" : "");
    910 			vlan_id = 0;
    911 			ret = -1;
    912 			goto done;
    913 		}
    914 
    915 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    916 			       HOSTAPD_LEVEL_DEBUG,
    917 			       "added new dynamic VLAN interface '%s'",
    918 			       vlan->ifname);
    919 	} else if (vlan && vlan->dynamic_vlan > 0) {
    920 		vlan->dynamic_vlan++;
    921 		hostapd_logger(hapd, sta->addr,
    922 			       HOSTAPD_MODULE_IEEE80211,
    923 			       HOSTAPD_LEVEL_DEBUG,
    924 			       "updated existing dynamic VLAN interface '%s'",
    925 			       vlan->ifname);
    926 	}
    927 done:
    928 	old_vlan_id = sta->vlan_id;
    929 	sta->vlan_id = vlan_id;
    930 	sta->vlan_desc = vlan ? &vlan->vlan_desc : NULL;
    931 
    932 	if (vlan_id != old_vlan_id && old_vlan_id)
    933 		vlan_remove_dynamic(hapd, old_vlan_id);
    934 
    935 	return ret;
    936 }
    937 
    938 
    939 int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta)
    940 {
    941 #ifndef CONFIG_NO_VLAN
    942 	const char *iface;
    943 	struct hostapd_vlan *vlan = NULL;
    944 	int ret;
    945 	int old_vlanid = sta->vlan_id_bound;
    946 
    947 	iface = hapd->conf->iface;
    948 	if (hapd->conf->ssid.vlan[0])
    949 		iface = hapd->conf->ssid.vlan;
    950 
    951 	if (sta->vlan_id > 0) {
    952 		for (vlan = hapd->conf->vlan; vlan; vlan = vlan->next) {
    953 			if (vlan->vlan_id == sta->vlan_id)
    954 				break;
    955 		}
    956 		if (vlan)
    957 			iface = vlan->ifname;
    958 	}
    959 
    960 	/*
    961 	 * Do not increment ref counters if the VLAN ID remains same, but do
    962 	 * not skip hostapd_drv_set_sta_vlan() as hostapd_drv_sta_remove() might
    963 	 * have been called before.
    964 	 */
    965 	if (sta->vlan_id == old_vlanid)
    966 		goto skip_counting;
    967 
    968 	if (sta->vlan_id > 0 && vlan == NULL) {
    969 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    970 			       HOSTAPD_LEVEL_DEBUG, "could not find VLAN for "
    971 			       "binding station to (vlan_id=%d)",
    972 			       sta->vlan_id);
    973 		ret = -1;
    974 		goto done;
    975 	} else if (vlan && vlan->dynamic_vlan > 0) {
    976 		vlan->dynamic_vlan++;
    977 		hostapd_logger(hapd, sta->addr,
    978 			       HOSTAPD_MODULE_IEEE80211,
    979 			       HOSTAPD_LEVEL_DEBUG,
    980 			       "updated existing dynamic VLAN interface '%s'",
    981 			       iface);
    982 	}
    983 
    984 	/* ref counters have been increased, so mark the station */
    985 	sta->vlan_id_bound = sta->vlan_id;
    986 
    987 skip_counting:
    988 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    989 		       HOSTAPD_LEVEL_DEBUG, "binding station to interface "
    990 		       "'%s'", iface);
    991 
    992 	if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0)
    993 		wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA");
    994 
    995 	ret = hostapd_drv_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id);
    996 	if (ret < 0) {
    997 		hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
    998 			       HOSTAPD_LEVEL_DEBUG, "could not bind the STA "
    999 			       "entry to vlan_id=%d", sta->vlan_id);
   1000 	}
   1001 
   1002 	/* During 1x reauth, if the vlan id changes, then remove the old id. */
   1003 	if (old_vlanid > 0 && old_vlanid != sta->vlan_id)
   1004 		vlan_remove_dynamic(hapd, old_vlanid);
   1005 done:
   1006 
   1007 	return ret;
   1008 #else /* CONFIG_NO_VLAN */
   1009 	return 0;
   1010 #endif /* CONFIG_NO_VLAN */
   1011 }
   1012 
   1013 
   1014 #ifdef CONFIG_IEEE80211W
   1015 
   1016 int ap_check_sa_query_timeout(struct hostapd_data *hapd, struct sta_info *sta)
   1017 {
   1018 	u32 tu;
   1019 	struct os_reltime now, passed;
   1020 	os_get_reltime(&now);
   1021 	os_reltime_sub(&now, &sta->sa_query_start, &passed);
   1022 	tu = (passed.sec * 1000000 + passed.usec) / 1024;
   1023 	if (hapd->conf->assoc_sa_query_max_timeout < tu) {
   1024 		hostapd_logger(hapd, sta->addr,
   1025 			       HOSTAPD_MODULE_IEEE80211,
   1026 			       HOSTAPD_LEVEL_DEBUG,
   1027 			       "association SA Query timed out");
   1028 		sta->sa_query_timed_out = 1;
   1029 		os_free(sta->sa_query_trans_id);
   1030 		sta->sa_query_trans_id = NULL;
   1031 		sta->sa_query_count = 0;
   1032 		eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
   1033 		return 1;
   1034 	}
   1035 
   1036 	return 0;
   1037 }
   1038 
   1039 
   1040 static void ap_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
   1041 {
   1042 	struct hostapd_data *hapd = eloop_ctx;
   1043 	struct sta_info *sta = timeout_ctx;
   1044 	unsigned int timeout, sec, usec;
   1045 	u8 *trans_id, *nbuf;
   1046 
   1047 	wpa_printf(MSG_DEBUG, "%s: SA Query timer for STA " MACSTR
   1048 		   " (count=%d)",
   1049 		   hapd->conf->iface, MAC2STR(sta->addr), sta->sa_query_count);
   1050 
   1051 	if (sta->sa_query_count > 0 &&
   1052 	    ap_check_sa_query_timeout(hapd, sta))
   1053 		return;
   1054 
   1055 	nbuf = os_realloc_array(sta->sa_query_trans_id,
   1056 				sta->sa_query_count + 1,
   1057 				WLAN_SA_QUERY_TR_ID_LEN);
   1058 	if (nbuf == NULL)
   1059 		return;
   1060 	if (sta->sa_query_count == 0) {
   1061 		/* Starting a new SA Query procedure */
   1062 		os_get_reltime(&sta->sa_query_start);
   1063 	}
   1064 	trans_id = nbuf + sta->sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
   1065 	sta->sa_query_trans_id = nbuf;
   1066 	sta->sa_query_count++;
   1067 
   1068 	if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
   1069 		/*
   1070 		 * We don't really care which ID is used here, so simply
   1071 		 * hardcode this if the mostly theoretical os_get_random()
   1072 		 * failure happens.
   1073 		 */
   1074 		trans_id[0] = 0x12;
   1075 		trans_id[1] = 0x34;
   1076 	}
   1077 
   1078 	timeout = hapd->conf->assoc_sa_query_retry_timeout;
   1079 	sec = ((timeout / 1000) * 1024) / 1000;
   1080 	usec = (timeout % 1000) * 1024;
   1081 	eloop_register_timeout(sec, usec, ap_sa_query_timer, hapd, sta);
   1082 
   1083 	hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
   1084 		       HOSTAPD_LEVEL_DEBUG,
   1085 		       "association SA Query attempt %d", sta->sa_query_count);
   1086 
   1087 	ieee802_11_send_sa_query_req(hapd, sta->addr, trans_id);
   1088 }
   1089 
   1090 
   1091 void ap_sta_start_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
   1092 {
   1093 	ap_sa_query_timer(hapd, sta);
   1094 }
   1095 
   1096 
   1097 void ap_sta_stop_sa_query(struct hostapd_data *hapd, struct sta_info *sta)
   1098 {
   1099 	eloop_cancel_timeout(ap_sa_query_timer, hapd, sta);
   1100 	os_free(sta->sa_query_trans_id);
   1101 	sta->sa_query_trans_id = NULL;
   1102 	sta->sa_query_count = 0;
   1103 }
   1104 
   1105 #endif /* CONFIG_IEEE80211W */
   1106 
   1107 
   1108 void ap_sta_set_authorized(struct hostapd_data *hapd, struct sta_info *sta,
   1109 			   int authorized)
   1110 {
   1111 	const u8 *dev_addr = NULL;
   1112 	char buf[100];
   1113 #ifdef CONFIG_P2P
   1114 	u8 addr[ETH_ALEN];
   1115 	u8 ip_addr_buf[4];
   1116 #endif /* CONFIG_P2P */
   1117 
   1118 	if (!!authorized == !!(sta->flags & WLAN_STA_AUTHORIZED))
   1119 		return;
   1120 
   1121 	if (authorized)
   1122 		sta->flags |= WLAN_STA_AUTHORIZED;
   1123 	else
   1124 		sta->flags &= ~WLAN_STA_AUTHORIZED;
   1125 
   1126 #ifdef CONFIG_P2P
   1127 	if (hapd->p2p_group == NULL) {
   1128 		if (sta->p2p_ie != NULL &&
   1129 		    p2p_parse_dev_addr_in_p2p_ie(sta->p2p_ie, addr) == 0)
   1130 			dev_addr = addr;
   1131 	} else
   1132 		dev_addr = p2p_group_get_dev_addr(hapd->p2p_group, sta->addr);
   1133 
   1134 	if (dev_addr)
   1135 		os_snprintf(buf, sizeof(buf), MACSTR " p2p_dev_addr=" MACSTR,
   1136 			    MAC2STR(sta->addr), MAC2STR(dev_addr));
   1137 	else
   1138 #endif /* CONFIG_P2P */
   1139 		os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
   1140 
   1141 	if (hapd->sta_authorized_cb)
   1142 		hapd->sta_authorized_cb(hapd->sta_authorized_cb_ctx,
   1143 					sta->addr, authorized, dev_addr);
   1144 
   1145 	if (authorized) {
   1146 		char ip_addr[100];
   1147 		ip_addr[0] = '\0';
   1148 #ifdef CONFIG_P2P
   1149 		if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
   1150 			os_snprintf(ip_addr, sizeof(ip_addr),
   1151 				    " ip_addr=%u.%u.%u.%u",
   1152 				    ip_addr_buf[0], ip_addr_buf[1],
   1153 				    ip_addr_buf[2], ip_addr_buf[3]);
   1154 		}
   1155 #endif /* CONFIG_P2P */
   1156 
   1157 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s",
   1158 			buf, ip_addr);
   1159 
   1160 		if (hapd->msg_ctx_parent &&
   1161 		    hapd->msg_ctx_parent != hapd->msg_ctx)
   1162 			wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
   1163 					  AP_STA_CONNECTED "%s%s",
   1164 					  buf, ip_addr);
   1165 	} else {
   1166 		wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
   1167 
   1168 		if (hapd->msg_ctx_parent &&
   1169 		    hapd->msg_ctx_parent != hapd->msg_ctx)
   1170 			wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
   1171 					  AP_STA_DISCONNECTED "%s", buf);
   1172 	}
   1173 
   1174 #ifdef CONFIG_FST
   1175 	if (hapd->iface->fst) {
   1176 		if (authorized)
   1177 			fst_notify_peer_connected(hapd->iface->fst, sta->addr);
   1178 		else
   1179 			fst_notify_peer_disconnected(hapd->iface->fst,
   1180 						     sta->addr);
   1181 	}
   1182 #endif /* CONFIG_FST */
   1183 }
   1184 
   1185 
   1186 void ap_sta_disconnect(struct hostapd_data *hapd, struct sta_info *sta,
   1187 		       const u8 *addr, u16 reason)
   1188 {
   1189 	if (sta)
   1190 		wpa_printf(MSG_DEBUG, "%s: %s STA " MACSTR " reason=%u",
   1191 			   hapd->conf->iface, __func__, MAC2STR(sta->addr),
   1192 			   reason);
   1193 	else if (addr)
   1194 		wpa_printf(MSG_DEBUG, "%s: %s addr " MACSTR " reason=%u",
   1195 			   hapd->conf->iface, __func__, MAC2STR(addr),
   1196 			   reason);
   1197 
   1198 	if (sta == NULL && addr)
   1199 		sta = ap_get_sta(hapd, addr);
   1200 
   1201 	if (addr)
   1202 		hostapd_drv_sta_deauth(hapd, addr, reason);
   1203 
   1204 	if (sta == NULL)
   1205 		return;
   1206 	ap_sta_set_authorized(hapd, sta, 0);
   1207 	wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
   1208 	ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
   1209 	sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC);
   1210 	wpa_printf(MSG_DEBUG, "%s: %s: reschedule ap_handle_timer timeout "
   1211 		   "for " MACSTR " (%d seconds - "
   1212 		   "AP_MAX_INACTIVITY_AFTER_DEAUTH)",
   1213 		   hapd->conf->iface, __func__, MAC2STR(sta->addr),
   1214 		   AP_MAX_INACTIVITY_AFTER_DEAUTH);
   1215 	eloop_cancel_timeout(ap_handle_timer, hapd, sta);
   1216 	eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0,
   1217 			       ap_handle_timer, hapd, sta);
   1218 	sta->timeout_next = STA_REMOVE;
   1219 
   1220 	sta->deauth_reason = reason;
   1221 	sta->flags |= WLAN_STA_PENDING_DEAUTH_CB;
   1222 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
   1223 	eloop_register_timeout(hapd->iface->drv_flags &
   1224 			       WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS ? 2 : 0, 0,
   1225 			       ap_sta_deauth_cb_timeout, hapd, sta);
   1226 }
   1227 
   1228 
   1229 void ap_sta_deauth_cb(struct hostapd_data *hapd, struct sta_info *sta)
   1230 {
   1231 	if (!(sta->flags & WLAN_STA_PENDING_DEAUTH_CB)) {
   1232 		wpa_printf(MSG_DEBUG, "Ignore deauth cb for test frame");
   1233 		return;
   1234 	}
   1235 	sta->flags &= ~WLAN_STA_PENDING_DEAUTH_CB;
   1236 	eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta);
   1237 	ap_sta_deauth_cb_timeout(hapd, sta);
   1238 }
   1239 
   1240 
   1241 void ap_sta_disassoc_cb(struct hostapd_data *hapd, struct sta_info *sta)
   1242 {
   1243 	if (!(sta->flags & WLAN_STA_PENDING_DISASSOC_CB)) {
   1244 		wpa_printf(MSG_DEBUG, "Ignore disassoc cb for test frame");
   1245 		return;
   1246 	}
   1247 	sta->flags &= ~WLAN_STA_PENDING_DISASSOC_CB;
   1248 	eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta);
   1249 	ap_sta_disassoc_cb_timeout(hapd, sta);
   1250 }
   1251 
   1252 
   1253 void ap_sta_clear_disconnect_timeouts(struct hostapd_data *hapd,
   1254 				      struct sta_info *sta)
   1255 {
   1256 	if (eloop_cancel_timeout(ap_sta_deauth_cb_timeout, hapd, sta) > 0)
   1257 		wpa_printf(MSG_DEBUG,
   1258 			   "%s: Removed ap_sta_deauth_cb_timeout timeout for "
   1259 			   MACSTR,
   1260 			   hapd->conf->iface, MAC2STR(sta->addr));
   1261 	if (eloop_cancel_timeout(ap_sta_disassoc_cb_timeout, hapd, sta) > 0)
   1262 		wpa_printf(MSG_DEBUG,
   1263 			   "%s: Removed ap_sta_disassoc_cb_timeout timeout for "
   1264 			   MACSTR,
   1265 			   hapd->conf->iface, MAC2STR(sta->addr));
   1266 }
   1267 
   1268 
   1269 int ap_sta_flags_txt(u32 flags, char *buf, size_t buflen)
   1270 {
   1271 	int res;
   1272 
   1273 	buf[0] = '\0';
   1274 	res = os_snprintf(buf, buflen, "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
   1275 			  (flags & WLAN_STA_AUTH ? "[AUTH]" : ""),
   1276 			  (flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""),
   1277 			  (flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : ""),
   1278 			  (flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" :
   1279 			   ""),
   1280 			  (flags & WLAN_STA_SHORT_PREAMBLE ?
   1281 			   "[SHORT_PREAMBLE]" : ""),
   1282 			  (flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""),
   1283 			  (flags & WLAN_STA_WMM ? "[WMM]" : ""),
   1284 			  (flags & WLAN_STA_MFP ? "[MFP]" : ""),
   1285 			  (flags & WLAN_STA_WPS ? "[WPS]" : ""),
   1286 			  (flags & WLAN_STA_MAYBE_WPS ? "[MAYBE_WPS]" : ""),
   1287 			  (flags & WLAN_STA_WDS ? "[WDS]" : ""),
   1288 			  (flags & WLAN_STA_NONERP ? "[NonERP]" : ""),
   1289 			  (flags & WLAN_STA_WPS2 ? "[WPS2]" : ""),
   1290 			  (flags & WLAN_STA_GAS ? "[GAS]" : ""),
   1291 			  (flags & WLAN_STA_VHT ? "[VHT]" : ""),
   1292 			  (flags & WLAN_STA_VENDOR_VHT ? "[VENDOR_VHT]" : ""),
   1293 			  (flags & WLAN_STA_WNM_SLEEP_MODE ?
   1294 			   "[WNM_SLEEP_MODE]" : ""));
   1295 	if (os_snprintf_error(buflen, res))
   1296 		res = -1;
   1297 
   1298 	return res;
   1299 }
   1300