1 /* 2 * wpa_supplicant - MBO 3 * 4 * Copyright(c) 2015 Intel Deutschland GmbH 5 * Contact Information: 6 * Intel Linux Wireless <ilw (at) linux.intel.com> 7 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 8 * 9 * This software may be distributed under the terms of the BSD license. 10 * See README for more details. 11 */ 12 13 #include "utils/includes.h" 14 15 #include "utils/common.h" 16 #include "common/ieee802_11_defs.h" 17 #include "common/gas.h" 18 #include "config.h" 19 #include "wpa_supplicant_i.h" 20 #include "driver_i.h" 21 #include "bss.h" 22 #include "scan.h" 23 24 /* type + length + oui + oui type */ 25 #define MBO_IE_HEADER 6 26 27 28 static int wpas_mbo_validate_non_pref_chan(u8 oper_class, u8 chan, u8 reason) 29 { 30 if (reason > MBO_NON_PREF_CHAN_REASON_INT_INTERFERENCE) 31 return -1; 32 33 /* Only checking the validity of the channel and oper_class */ 34 if (ieee80211_chan_to_freq(NULL, oper_class, chan) == -1) 35 return -1; 36 37 return 0; 38 } 39 40 41 const u8 * wpas_mbo_get_bss_attr(struct wpa_bss *bss, enum mbo_attr_id attr) 42 { 43 const u8 *mbo, *end; 44 45 if (!bss) 46 return NULL; 47 48 mbo = wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE); 49 if (!mbo) 50 return NULL; 51 52 end = mbo + 2 + mbo[1]; 53 mbo += MBO_IE_HEADER; 54 55 return get_ie(mbo, end - mbo, attr); 56 } 57 58 59 static void wpas_mbo_non_pref_chan_attr_body(struct wpa_supplicant *wpa_s, 60 struct wpabuf *mbo, 61 u8 start, u8 end) 62 { 63 u8 i; 64 65 wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].oper_class); 66 67 for (i = start; i < end; i++) 68 wpabuf_put_u8(mbo, wpa_s->non_pref_chan[i].chan); 69 70 wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].preference); 71 wpabuf_put_u8(mbo, wpa_s->non_pref_chan[start].reason); 72 } 73 74 75 static void wpas_mbo_non_pref_chan_attr(struct wpa_supplicant *wpa_s, 76 struct wpabuf *mbo, u8 start, u8 end) 77 { 78 size_t size = end - start + 3; 79 80 if (size + 2 > wpabuf_tailroom(mbo)) 81 return; 82 83 wpabuf_put_u8(mbo, MBO_ATTR_ID_NON_PREF_CHAN_REPORT); 84 wpabuf_put_u8(mbo, size); /* Length */ 85 86 wpas_mbo_non_pref_chan_attr_body(wpa_s, mbo, start, end); 87 } 88 89 90 static void wpas_mbo_non_pref_chan_subelem_hdr(struct wpabuf *mbo, u8 len) 91 { 92 wpabuf_put_u8(mbo, WLAN_EID_VENDOR_SPECIFIC); 93 wpabuf_put_u8(mbo, len); /* Length */ 94 wpabuf_put_be24(mbo, OUI_WFA); 95 wpabuf_put_u8(mbo, MBO_ATTR_ID_NON_PREF_CHAN_REPORT); 96 } 97 98 99 static void wpas_mbo_non_pref_chan_subelement(struct wpa_supplicant *wpa_s, 100 struct wpabuf *mbo, u8 start, 101 u8 end) 102 { 103 size_t size = end - start + 7; 104 105 if (size + 2 > wpabuf_tailroom(mbo)) 106 return; 107 108 wpas_mbo_non_pref_chan_subelem_hdr(mbo, size); 109 wpas_mbo_non_pref_chan_attr_body(wpa_s, mbo, start, end); 110 } 111 112 113 static void wpas_mbo_non_pref_chan_attrs(struct wpa_supplicant *wpa_s, 114 struct wpabuf *mbo, int subelement) 115 { 116 u8 i, start = 0; 117 struct wpa_mbo_non_pref_channel *start_pref; 118 119 if (!wpa_s->non_pref_chan || !wpa_s->non_pref_chan_num) { 120 if (subelement) 121 wpas_mbo_non_pref_chan_subelem_hdr(mbo, 4); 122 return; 123 } 124 start_pref = &wpa_s->non_pref_chan[0]; 125 126 for (i = 1; i <= wpa_s->non_pref_chan_num; i++) { 127 struct wpa_mbo_non_pref_channel *non_pref = NULL; 128 129 if (i < wpa_s->non_pref_chan_num) 130 non_pref = &wpa_s->non_pref_chan[i]; 131 if (!non_pref || 132 non_pref->oper_class != start_pref->oper_class || 133 non_pref->reason != start_pref->reason || 134 non_pref->preference != start_pref->preference) { 135 if (subelement) 136 wpas_mbo_non_pref_chan_subelement(wpa_s, mbo, 137 start, i); 138 else 139 wpas_mbo_non_pref_chan_attr(wpa_s, mbo, start, 140 i); 141 142 if (!non_pref) 143 return; 144 145 start = i; 146 start_pref = non_pref; 147 } 148 } 149 } 150 151 152 int wpas_mbo_ie(struct wpa_supplicant *wpa_s, u8 *buf, size_t len) 153 { 154 struct wpabuf *mbo; 155 int res; 156 157 if (len < MBO_IE_HEADER + 3 + 7) 158 return 0; 159 160 /* Leave room for the MBO IE header */ 161 mbo = wpabuf_alloc(len - MBO_IE_HEADER); 162 if (!mbo) 163 return 0; 164 165 /* Add non-preferred channels attribute */ 166 wpas_mbo_non_pref_chan_attrs(wpa_s, mbo, 0); 167 168 /* 169 * Send cellular capabilities attribute even if AP does not advertise 170 * cellular capabilities. 171 */ 172 wpabuf_put_u8(mbo, MBO_ATTR_ID_CELL_DATA_CAPA); 173 wpabuf_put_u8(mbo, 1); 174 wpabuf_put_u8(mbo, wpa_s->conf->mbo_cell_capa); 175 176 res = mbo_add_ie(buf, len, wpabuf_head_u8(mbo), wpabuf_len(mbo)); 177 if (!res) 178 wpa_printf(MSG_ERROR, "Failed to add MBO IE"); 179 180 wpabuf_free(mbo); 181 return res; 182 } 183 184 185 static void wpas_mbo_send_wnm_notification(struct wpa_supplicant *wpa_s, 186 const u8 *data, size_t len) 187 { 188 struct wpabuf *buf; 189 int res; 190 191 /* 192 * Send WNM-Notification Request frame only in case of a change in 193 * non-preferred channels list during association, if the AP supports 194 * MBO. 195 */ 196 if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_bss || 197 !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE)) 198 return; 199 200 buf = wpabuf_alloc(4 + len); 201 if (!buf) 202 return; 203 204 wpabuf_put_u8(buf, WLAN_ACTION_WNM); 205 wpabuf_put_u8(buf, WNM_NOTIFICATION_REQ); 206 wpa_s->mbo_wnm_token++; 207 if (wpa_s->mbo_wnm_token == 0) 208 wpa_s->mbo_wnm_token++; 209 wpabuf_put_u8(buf, wpa_s->mbo_wnm_token); 210 wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); /* Type */ 211 212 wpabuf_put_data(buf, data, len); 213 214 res = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid, 215 wpa_s->own_addr, wpa_s->bssid, 216 wpabuf_head(buf), wpabuf_len(buf), 0); 217 if (res < 0) 218 wpa_printf(MSG_DEBUG, 219 "Failed to send WNM-Notification Request frame with non-preferred channel list"); 220 221 wpabuf_free(buf); 222 } 223 224 225 static void wpas_mbo_non_pref_chan_changed(struct wpa_supplicant *wpa_s) 226 { 227 struct wpabuf *buf; 228 229 buf = wpabuf_alloc(512); 230 if (!buf) 231 return; 232 233 wpas_mbo_non_pref_chan_attrs(wpa_s, buf, 1); 234 wpas_mbo_send_wnm_notification(wpa_s, wpabuf_head_u8(buf), 235 wpabuf_len(buf)); 236 wpabuf_free(buf); 237 } 238 239 240 static int wpa_non_pref_chan_is_eq(struct wpa_mbo_non_pref_channel *a, 241 struct wpa_mbo_non_pref_channel *b) 242 { 243 return a->oper_class == b->oper_class && a->chan == b->chan; 244 } 245 246 247 /* 248 * wpa_non_pref_chan_cmp - Compare two channels for sorting 249 * 250 * In MBO IE non-preferred channel subelement we can put many channels in an 251 * attribute if they are in the same operating class and have the same 252 * preference and reason. To make it easy for the functions that build 253 * the IE attributes and WNM Request subelements, save the channels sorted 254 * by their oper_class and reason. 255 */ 256 static int wpa_non_pref_chan_cmp(const void *_a, const void *_b) 257 { 258 const struct wpa_mbo_non_pref_channel *a = _a, *b = _b; 259 260 if (a->oper_class != b->oper_class) 261 return a->oper_class - b->oper_class; 262 if (a->reason != b->reason) 263 return a->reason - b->reason; 264 return a->preference - b->preference; 265 } 266 267 268 int wpas_mbo_update_non_pref_chan(struct wpa_supplicant *wpa_s, 269 const char *non_pref_chan) 270 { 271 char *cmd, *token, *context = NULL; 272 struct wpa_mbo_non_pref_channel *chans = NULL, *tmp_chans; 273 size_t num = 0, size = 0; 274 unsigned i; 275 276 wpa_printf(MSG_DEBUG, "MBO: Update non-preferred channels, non_pref_chan=%s", 277 non_pref_chan ? non_pref_chan : "N/A"); 278 279 /* 280 * The shortest channel configuration is 10 characters - commas, 3 281 * colons, and 4 values that one of them (oper_class) is 2 digits or 282 * more. 283 */ 284 if (!non_pref_chan || os_strlen(non_pref_chan) < 10) 285 goto update; 286 287 cmd = os_strdup(non_pref_chan); 288 if (!cmd) 289 return -1; 290 291 while ((token = str_token(cmd, " ", &context))) { 292 struct wpa_mbo_non_pref_channel *chan; 293 int ret; 294 unsigned int _oper_class; 295 unsigned int _chan; 296 unsigned int _preference; 297 unsigned int _reason; 298 299 if (num == size) { 300 size = size ? size * 2 : 1; 301 tmp_chans = os_realloc_array(chans, size, 302 sizeof(*chans)); 303 if (!tmp_chans) { 304 wpa_printf(MSG_ERROR, 305 "Couldn't reallocate non_pref_chan"); 306 goto fail; 307 } 308 chans = tmp_chans; 309 } 310 311 chan = &chans[num]; 312 313 ret = sscanf(token, "%u:%u:%u:%u", &_oper_class, 314 &_chan, &_preference, &_reason); 315 if (ret != 4 || 316 _oper_class > 255 || _chan > 255 || 317 _preference > 255 || _reason > 65535 ) { 318 wpa_printf(MSG_ERROR, "Invalid non-pref chan input %s", 319 token); 320 goto fail; 321 } 322 chan->oper_class = _oper_class; 323 chan->chan = _chan; 324 chan->preference = _preference; 325 chan->reason = _reason; 326 327 if (wpas_mbo_validate_non_pref_chan(chan->oper_class, 328 chan->chan, chan->reason)) { 329 wpa_printf(MSG_ERROR, 330 "Invalid non_pref_chan: oper class %d chan %d reason %d", 331 chan->oper_class, chan->chan, chan->reason); 332 goto fail; 333 } 334 335 for (i = 0; i < num; i++) 336 if (wpa_non_pref_chan_is_eq(chan, &chans[i])) 337 break; 338 if (i != num) { 339 wpa_printf(MSG_ERROR, 340 "oper class %d chan %d is duplicated", 341 chan->oper_class, chan->chan); 342 goto fail; 343 } 344 345 num++; 346 } 347 348 os_free(cmd); 349 350 if (chans) { 351 qsort(chans, num, sizeof(struct wpa_mbo_non_pref_channel), 352 wpa_non_pref_chan_cmp); 353 } 354 355 update: 356 os_free(wpa_s->non_pref_chan); 357 wpa_s->non_pref_chan = chans; 358 wpa_s->non_pref_chan_num = num; 359 wpas_mbo_non_pref_chan_changed(wpa_s); 360 361 return 0; 362 363 fail: 364 os_free(chans); 365 os_free(cmd); 366 return -1; 367 } 368 369 370 void wpas_mbo_scan_ie(struct wpa_supplicant *wpa_s, struct wpabuf *ie) 371 { 372 wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC); 373 wpabuf_put_u8(ie, 7); 374 wpabuf_put_be24(ie, OUI_WFA); 375 wpabuf_put_u8(ie, MBO_OUI_TYPE); 376 377 wpabuf_put_u8(ie, MBO_ATTR_ID_CELL_DATA_CAPA); 378 wpabuf_put_u8(ie, 1); 379 wpabuf_put_u8(ie, wpa_s->conf->mbo_cell_capa); 380 } 381 382 383 void wpas_mbo_ie_trans_req(struct wpa_supplicant *wpa_s, const u8 *mbo_ie, 384 size_t len) 385 { 386 const u8 *pos, *cell_pref = NULL, *reason = NULL; 387 u8 id, elen; 388 u16 disallowed_sec = 0; 389 390 if (len <= 4 || WPA_GET_BE24(mbo_ie) != OUI_WFA || 391 mbo_ie[3] != MBO_OUI_TYPE) 392 return; 393 394 pos = mbo_ie + 4; 395 len -= 4; 396 397 while (len >= 2) { 398 id = *pos++; 399 elen = *pos++; 400 len -= 2; 401 402 if (elen > len) 403 goto fail; 404 405 switch (id) { 406 case MBO_ATTR_ID_CELL_DATA_PREF: 407 if (elen != 1) 408 goto fail; 409 410 if (wpa_s->conf->mbo_cell_capa == 411 MBO_CELL_CAPA_AVAILABLE) 412 cell_pref = pos; 413 else 414 wpa_printf(MSG_DEBUG, 415 "MBO: Station does not support Cellular data connection"); 416 break; 417 case MBO_ATTR_ID_TRANSITION_REASON: 418 if (elen != 1) 419 goto fail; 420 421 reason = pos; 422 break; 423 case MBO_ATTR_ID_ASSOC_RETRY_DELAY: 424 if (elen != 2) 425 goto fail; 426 427 if (wpa_s->wnm_mode & 428 WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED) { 429 wpa_printf(MSG_DEBUG, 430 "MBO: Unexpected association retry delay, BSS is terminating"); 431 goto fail; 432 } else if (wpa_s->wnm_mode & 433 WNM_BSS_TM_REQ_DISASSOC_IMMINENT) { 434 disallowed_sec = WPA_GET_LE16(pos); 435 } else { 436 wpa_printf(MSG_DEBUG, 437 "MBO: Association retry delay attribute not in disassoc imminent mode"); 438 } 439 440 break; 441 case MBO_ATTR_ID_AP_CAPA_IND: 442 case MBO_ATTR_ID_NON_PREF_CHAN_REPORT: 443 case MBO_ATTR_ID_CELL_DATA_CAPA: 444 case MBO_ATTR_ID_ASSOC_DISALLOW: 445 case MBO_ATTR_ID_TRANSITION_REJECT_REASON: 446 wpa_printf(MSG_DEBUG, 447 "MBO: Attribute %d should not be included in BTM Request frame", 448 id); 449 break; 450 default: 451 wpa_printf(MSG_DEBUG, "MBO: Unknown attribute id %u", 452 id); 453 return; 454 } 455 456 pos += elen; 457 len -= elen; 458 } 459 460 if (cell_pref) 461 wpa_msg(wpa_s, MSG_INFO, MBO_CELL_PREFERENCE "preference=%u", 462 *cell_pref); 463 464 if (reason) 465 wpa_msg(wpa_s, MSG_INFO, MBO_TRANSITION_REASON "reason=%u", 466 *reason); 467 468 if (disallowed_sec && wpa_s->current_bss) 469 wpa_bss_tmp_disallow(wpa_s, wpa_s->current_bss->bssid, 470 disallowed_sec); 471 472 return; 473 fail: 474 wpa_printf(MSG_DEBUG, "MBO IE parsing failed (id=%u len=%u left=%zu)", 475 id, elen, len); 476 } 477 478 479 size_t wpas_mbo_ie_bss_trans_reject(struct wpa_supplicant *wpa_s, u8 *pos, 480 size_t len, 481 enum mbo_transition_reject_reason reason) 482 { 483 u8 reject_attr[3]; 484 485 reject_attr[0] = MBO_ATTR_ID_TRANSITION_REJECT_REASON; 486 reject_attr[1] = 1; 487 reject_attr[2] = reason; 488 489 return mbo_add_ie(pos, len, reject_attr, sizeof(reject_attr)); 490 } 491 492 493 void wpas_mbo_update_cell_capa(struct wpa_supplicant *wpa_s, u8 mbo_cell_capa) 494 { 495 u8 cell_capa[7]; 496 497 if (wpa_s->conf->mbo_cell_capa == mbo_cell_capa) { 498 wpa_printf(MSG_DEBUG, 499 "MBO: Cellular capability already set to %u", 500 mbo_cell_capa); 501 return; 502 } 503 504 wpa_s->conf->mbo_cell_capa = mbo_cell_capa; 505 506 cell_capa[0] = WLAN_EID_VENDOR_SPECIFIC; 507 cell_capa[1] = 5; /* Length */ 508 WPA_PUT_BE24(cell_capa + 2, OUI_WFA); 509 cell_capa[5] = MBO_ATTR_ID_CELL_DATA_CAPA; 510 cell_capa[6] = mbo_cell_capa; 511 512 wpas_mbo_send_wnm_notification(wpa_s, cell_capa, 7); 513 wpa_supplicant_set_default_scan_ies(wpa_s); 514 } 515 516 517 struct wpabuf * mbo_build_anqp_buf(struct wpa_supplicant *wpa_s, 518 struct wpa_bss *bss) 519 { 520 struct wpabuf *anqp_buf; 521 u8 *len_pos; 522 523 if (!wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE)) { 524 wpa_printf(MSG_INFO, "MBO: " MACSTR 525 " does not support MBO - cannot request MBO ANQP elements from it", 526 MAC2STR(bss->bssid)); 527 return NULL; 528 } 529 530 anqp_buf = wpabuf_alloc(10); 531 if (!anqp_buf) 532 return NULL; 533 534 len_pos = gas_anqp_add_element(anqp_buf, ANQP_VENDOR_SPECIFIC); 535 wpabuf_put_be24(anqp_buf, OUI_WFA); 536 wpabuf_put_u8(anqp_buf, MBO_ANQP_OUI_TYPE); 537 538 wpabuf_put_u8(anqp_buf, MBO_ANQP_SUBTYPE_CELL_CONN_PREF); 539 gas_anqp_set_element_len(anqp_buf, len_pos); 540 541 return anqp_buf; 542 } 543