1 |
/* |
2 |
* hostapd / TKIP countermeasures |
3 |
* Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> |
4 |
* |
5 |
* This software may be distributed under the terms of the BSD license. |
6 |
* See README for more details. |
7 |
*/ |
8 |
|
9 |
#include "utils/includes.h" |
10 |
|
11 |
#include "utils/common.h" |
12 |
#include "utils/eloop.h" |
13 |
#include "common/ieee802_11_defs.h" |
14 |
#include "radius/radius.h" |
15 |
#include "hostapd.h" |
16 |
#include "sta_info.h" |
17 |
#include "ap_mlme.h" |
18 |
#include "wpa_auth.h" |
19 |
#include "ap_drv_ops.h" |
20 |
#include "tkip_countermeasures.h" |
21 |
|
22 |
|
23 |
static void ieee80211_tkip_countermeasures_stop(void *eloop_ctx, |
24 |
void *timeout_ctx) |
25 |
{ |
26 |
struct hostapd_data *hapd = eloop_ctx; |
27 |
hapd->tkip_countermeasures = 0; |
28 |
hostapd_drv_set_countermeasures(hapd, 0); |
29 |
hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, |
30 |
HOSTAPD_LEVEL_INFO, "TKIP countermeasures ended"); |
31 |
} |
32 |
|
33 |
|
34 |
static void ieee80211_tkip_countermeasures_start(struct hostapd_data *hapd) |
35 |
{ |
36 |
struct sta_info *sta; |
37 |
|
38 |
hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, |
39 |
HOSTAPD_LEVEL_INFO, "TKIP countermeasures initiated"); |
40 |
|
41 |
wpa_auth_countermeasures_start(hapd->wpa_auth); |
42 |
hapd->tkip_countermeasures = 1; |
43 |
hostapd_drv_set_countermeasures(hapd, 1); |
44 |
wpa_gtk_rekey(hapd->wpa_auth); |
45 |
eloop_cancel_timeout(ieee80211_tkip_countermeasures_stop, hapd, NULL); |
46 |
eloop_register_timeout(60, 0, ieee80211_tkip_countermeasures_stop, |
47 |
hapd, NULL); |
48 |
while ((sta = hapd->sta_list)) { |
49 |
sta->acct_terminate_cause = |
50 |
RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_RESET; |
51 |
if (sta->flags & WLAN_STA_AUTH) { |
52 |
mlme_deauthenticate_indication( |
53 |
hapd, sta, |
54 |
WLAN_REASON_MICHAEL_MIC_FAILURE); |
55 |
} |
56 |
hostapd_drv_sta_deauth(hapd, sta->addr, |
57 |
WLAN_REASON_MICHAEL_MIC_FAILURE); |
58 |
ap_free_sta(hapd, sta); |
59 |
} |
60 |
} |
61 |
|
62 |
|
63 |
void ieee80211_tkip_countermeasures_deinit(struct hostapd_data *hapd) |
64 |
{ |
65 |
eloop_cancel_timeout(ieee80211_tkip_countermeasures_stop, hapd, NULL); |
66 |
} |
67 |
|
68 |
|
69 |
int michael_mic_failure(struct hostapd_data *hapd, const u8 *addr, int local) |
70 |
{ |
71 |
struct os_time now; |
72 |
int ret = 0; |
73 |
|
74 |
if (addr && local) { |
75 |
struct sta_info *sta = ap_get_sta(hapd, addr); |
76 |
if (sta != NULL) { |
77 |
wpa_auth_sta_local_mic_failure_report(sta->wpa_sm); |
78 |
hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, |
79 |
HOSTAPD_LEVEL_INFO, |
80 |
"Michael MIC failure detected in " |
81 |
"received frame"); |
82 |
mlme_michaelmicfailure_indication(hapd, addr); |
83 |
} else { |
84 |
wpa_printf(MSG_DEBUG, |
85 |
"MLME-MICHAELMICFAILURE.indication " |
86 |
"for not associated STA (" MACSTR |
87 |
") ignored", MAC2STR(addr)); |
88 |
return ret; |
89 |
} |
90 |
} |
91 |
|
92 |
os_get_time(&now); |
93 |
if (now.sec > hapd->michael_mic_failure + 60) { |
94 |
hapd->michael_mic_failures = 1; |
95 |
} else { |
96 |
hapd->michael_mic_failures++; |
97 |
if (hapd->michael_mic_failures > 1) { |
98 |
ieee80211_tkip_countermeasures_start(hapd); |
99 |
ret = 1; |
100 |
} |
101 |
} |
102 |
hapd->michael_mic_failure = now.sec; |
103 |
|
104 |
return ret; |
105 |
} |