wpa_supplicant_node: wpa_supplicant_node: tkip

00001 /*
00002  * hostapd / TKIP countermeasures
00003  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
00004  *
00005  * This program is free software; you can redistribute it and/or modify
00006  * it under the terms of the GNU General Public License version 2 as
00007  * published by the Free Software Foundation.
00008  *
00009  * Alternatively, this software may be distributed under the terms of BSD
00010  * license.
00011  *
00012  * See README and COPYING for more details.
00013  */
00014 
00015 #include "utils/includes.h"
00016 
00017 #include "utils/common.h"
00018 #include "utils/eloop.h"
00019 #include "common/ieee802_11_defs.h"
00020 #include "hostapd.h"
00021 #include "sta_info.h"
00022 #include "ap_mlme.h"
00023 #include "wpa_auth.h"
00024 #include "tkip_countermeasures.h"
00025 
00026 
00027 static void ieee80211_tkip_countermeasures_stop(void *eloop_ctx,
00028                                                 void *timeout_ctx)
00029 {
00030         struct hostapd_data *hapd = eloop_ctx;
00031         hapd->tkip_countermeasures = 0;
00032         hapd->drv.set_countermeasures(hapd, 0);
00033         hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
00034                        HOSTAPD_LEVEL_INFO, "TKIP countermeasures ended");
00035 }
00036 
00037 
00038 static void ieee80211_tkip_countermeasures_start(struct hostapd_data *hapd)
00039 {
00040         struct sta_info *sta;
00041 
00042         hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211,
00043                        HOSTAPD_LEVEL_INFO, "TKIP countermeasures initiated");
00044 
00045         wpa_auth_countermeasures_start(hapd->wpa_auth);
00046         hapd->tkip_countermeasures = 1;
00047         hapd->drv.set_countermeasures(hapd, 1);
00048         wpa_gtk_rekey(hapd->wpa_auth);
00049         eloop_cancel_timeout(ieee80211_tkip_countermeasures_stop, hapd, NULL);
00050         eloop_register_timeout(60, 0, ieee80211_tkip_countermeasures_stop,
00051                                hapd, NULL);
00052         for (sta = hapd->sta_list; sta != NULL; sta = sta->next) {
00053                 hapd->drv.sta_deauth(hapd, sta->addr,
00054                                      WLAN_REASON_MICHAEL_MIC_FAILURE);
00055                 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
00056                                 WLAN_STA_AUTHORIZED);
00057                 hapd->drv.sta_remove(hapd, sta->addr);
00058         }
00059 }
00060 
00061 
00062 void michael_mic_failure(struct hostapd_data *hapd, const u8 *addr, int local)
00063 {
00064         time_t now;
00065 
00066         if (addr && local) {
00067                 struct sta_info *sta = ap_get_sta(hapd, addr);
00068                 if (sta != NULL) {
00069                         wpa_auth_sta_local_mic_failure_report(sta->wpa_sm);
00070                         hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211,
00071                                        HOSTAPD_LEVEL_INFO,
00072                                        "Michael MIC failure detected in "
00073                                        "received frame");
00074                         mlme_michaelmicfailure_indication(hapd, addr);
00075                 } else {
00076                         wpa_printf(MSG_DEBUG,
00077                                    "MLME-MICHAELMICFAILURE.indication "
00078                                    "for not associated STA (" MACSTR
00079                                    ") ignored", MAC2STR(addr));
00080                         return;
00081                 }
00082         }
00083 
00084         time(&now);
00085         if (now > hapd->michael_mic_failure + 60) {
00086                 hapd->michael_mic_failures = 1;
00087         } else {
00088                 hapd->michael_mic_failures++;
00089                 if (hapd->michael_mic_failures > 1)
00090                         ieee80211_tkip_countermeasures_start(hapd);
00091         }
00092         hapd->michael_mic_failure = now;
00093 }
tkip_countermeasures.c
