path: root/src/fst
diff options
authorAnton Nayshtut <qca_antonn@qca.qualcomm.com>2015-11-10 13:51:07 (GMT)
committerJouni Malinen <j@w1.fi>2015-11-25 15:30:59 (GMT)
commitb47d05aa458ed7c7dfbfe09fc2a2af1f2fee7fc7 (patch)
tree191cd34a6401f0a79ed3c88ca5f5995df1472840 /src/fst
parent08e47376ec57733c2b06dac1e30ce362c1b0b30b (diff)
FST: Make FST peer connection check more permissive in hostapd
Modify the FST peer connection check so it won't skip peers without MB IEs making it more permissive for peers that didn't provide MB IEs during association request. This can be helpful, e.g., in cases where a STA's interface connected before it was added to the FST group. This allows the AP to receive FST Action frames and initiate session with a STA via STA's interface that doesn't expose MB IEs. The adjusted FST protocol is still safe, as it protects itself in many other ways (checking band info and it's accordance to the interfaces, Setup IDs, connection states of the interfaces involved, etc.) effectively avoiding all types of invalid situations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/fst')
6 files changed, 16 insertions, 10 deletions
diff --git a/src/fst/fst.c b/src/fst/fst.c
index 2880870..40430e2 100644
--- a/src/fst/fst.c
+++ b/src/fst/fst.c
@@ -160,7 +160,7 @@ void fst_global_del_ctrl(struct fst_ctrl_handle *h)
void fst_rx_action(struct fst_iface *iface, const struct ieee80211_mgmt *mgmt,
size_t len)
- if (fst_iface_is_connected(iface, mgmt->sa))
+ if (fst_iface_is_connected(iface, mgmt->sa, FALSE))
fst_session_on_action_rx(iface, mgmt, len);
diff --git a/src/fst/fst_ctrl_iface.c b/src/fst/fst_ctrl_iface.c
index d090718..98ece9f 100644
--- a/src/fst/fst_ctrl_iface.c
+++ b/src/fst/fst_ctrl_iface.c
@@ -749,7 +749,7 @@ int fst_ctrl_iface_mb_info(const u8 *addr, char *buf, size_t buflen)
foreach_fst_group(g) {
foreach_fst_group_iface(g, f) {
- if (fst_iface_is_connected(f, addr)) {
+ if (fst_iface_is_connected(f, addr, TRUE)) {
ret += print_band(num++, f, addr,
buf + ret, buflen - ret);
diff --git a/src/fst/fst_group.c b/src/fst/fst_group.c
index f2cd329..e0c055f 100644
--- a/src/fst/fst_group.c
+++ b/src/fst/fst_group.c
@@ -219,7 +219,8 @@ fst_group_get_new_iface_by_mbie_and_band_id(struct fst_group *g,
if (peer_addr &&
- fst_iface_is_connected(iface, peer_addr) &&
+ fst_iface_is_connected(iface, peer_addr,
+ TRUE) &&
band_id == fst_iface_get_band_id(iface)) {
os_memcpy(iface_peer_addr, peer_addr,
diff --git a/src/fst/fst_iface.c b/src/fst/fst_iface.c
index 5a92d2c..35e83cb 100644
--- a/src/fst/fst_iface.c
+++ b/src/fst/fst_iface.c
@@ -49,12 +49,13 @@ void fst_iface_delete(struct fst_iface *i)
-Boolean fst_iface_is_connected(struct fst_iface *iface, const u8 *addr)
+Boolean fst_iface_is_connected(struct fst_iface *iface, const u8 *addr,
+ Boolean mb_only)
struct fst_get_peer_ctx *ctx;
- const u8 *a = fst_iface_get_peer_first(iface, &ctx, TRUE);
+ const u8 *a = fst_iface_get_peer_first(iface, &ctx, mb_only);
- for (; a != NULL; a = fst_iface_get_peer_next(iface, &ctx, TRUE))
+ for (; a != NULL; a = fst_iface_get_peer_next(iface, &ctx, mb_only))
if (os_memcmp(addr, a, ETH_ALEN) == 0)
return TRUE;
diff --git a/src/fst/fst_iface.h b/src/fst/fst_iface.h
index 4670d89..0eb2732 100644
--- a/src/fst/fst_iface.h
+++ b/src/fst/fst_iface.h
@@ -123,7 +123,8 @@ static inline const u8 * fst_iface_get_peer_next(struct fst_iface *i,
return i->iface_obj.get_peer_next(i->iface_obj.ctx, ctx, mb_only);
-Boolean fst_iface_is_connected(struct fst_iface *iface, const u8 *addr);
+Boolean fst_iface_is_connected(struct fst_iface *iface, const u8 *addr,
+ Boolean mb_only);
void fst_iface_attach_mbie(struct fst_iface *i, struct wpabuf *mbie);
enum mb_band_id fst_iface_get_band_id(struct fst_iface *i);
diff --git a/src/fst/fst_session.c b/src/fst/fst_session.c
index 55fa694..f804b12 100644
--- a/src/fst/fst_session.c
+++ b/src/fst/fst_session.c
@@ -863,13 +863,15 @@ int fst_session_initiate_setup(struct fst_session *s)
return -EINVAL;
- if (!fst_iface_is_connected(s->data.old_iface, s->data.old_peer_addr)) {
+ if (!fst_iface_is_connected(s->data.old_iface, s->data.old_peer_addr,
+ FALSE)) {
fst_printf_session(s, MSG_ERROR,
"The preset old peer address is not connected");
return -EINVAL;
- if (!fst_iface_is_connected(s->data.new_iface, s->data.new_peer_addr)) {
+ if (!fst_iface_is_connected(s->data.new_iface, s->data.new_peer_addr,
+ FALSE)) {
fst_printf_session(s, MSG_ERROR,
"The preset new peer address is not connected");
return -EINVAL;
@@ -966,7 +968,8 @@ int fst_session_respond(struct fst_session *s, u8 status_code)
return -EINVAL;
- if (!fst_iface_is_connected(s->data.old_iface, s->data.old_peer_addr)) {
+ if (!fst_iface_is_connected(s->data.old_iface,
+ s->data.old_peer_addr, FALSE)) {
fst_printf_session(s, MSG_ERROR,
"The preset peer address is not in the peer list");
return -EINVAL;