Import of hostapd 0.4.9

2006-05-25 03:53:38 +00:00 · 2006-05-25 03:53:38 +00:00 · 62355884c5
commit 62355884c5
parent 473eede9de
23 changed files with 105 additions and 53 deletions
--- a/dist/hostapd/ChangeLog
+++ b/dist/hostapd/ChangeLog
@ -1,5 +1,12 @@
 ChangeLog for hostapd

+2006-05-06 - v0.4.9
+	* added a new configuration option, eapol_version, that can be used to
+	  set EAPOL version to 1 (default is 2) to work around broken client
+	  implementations that drop EAPOL frames which use version number 2
+	  [Bug 89]
+	* fixed EAP-MSCHAPv2 message length validation
+
 2006-02-08 - v0.4.8
 	* fixed stdarg use in hostapd_logger(): if both stdout and syslog
 	  logging was enabled, hostapd could trigger a segmentation fault in
--- a/dist/hostapd/README
+++ b/dist/hostapd/README
@ -92,9 +92,9 @@ Current hardware/software requirements:

 	madwifi driver for cards based on Atheros chip set (ar521x)
 	(http://sourceforge.net/projects/madwifi/)
-	Please note that you will need to modify the hostapd Makefile
-	to use correct path for madwifi driver root directory
-	(CFLAGS += -I../head line in Makefile).
+	Please note that you will need to add the correct path for
+	madwifi driver root directory in .config (see defconfig file for
+	an example: CFLAGS += -I<path>)

 	Prism54 driver for Intersil/Conexant Prism GT/Duette/Indigo
 	(http://www.prism54.org/)
--- a/dist/hostapd/common.h
+++ b/dist/hostapd/common.h
@ -145,6 +145,9 @@ static inline unsigned int wpa_swap_32(unsigned int v)
 		(a)[0] = ((u16) (val)) & 0xff;	\
 	} while (0)

+#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \
+			 (((u32) (a)[2]) << 8) | ((u32) (a)[3]))
+

 #ifndef ETH_ALEN
 #define ETH_ALEN 6
--- a/dist/hostapd/config.c
+++ b/dist/hostapd/config.c
@ -1,7 +1,7 @@
 /*
 * Host AP (software wireless LAN access point) user space daemon for
 * Host AP kernel driver / Configuration file
- * Copyright (c) 2003-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ * Copyright (c) 2003-2006, Jouni Malinen <jkmaline@cc.hut.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@ -29,6 +29,7 @@
 #include "sha1.h"
 #include "eap.h"
 #include "radius_client.h"
+#include "ieee802_1x.h"


 static struct hostapd_config *hostapd_config_defaults(void)
@ -60,6 +61,7 @@ static struct hostapd_config *hostapd_config_defaults(void)
 	conf->logger_stdout = (unsigned int) -1;

 	conf->auth_algs = HOSTAPD_AUTH_OPEN | HOSTAPD_AUTH_SHARED_KEY;
+	conf->eapol_version = EAPOL_VERSION;

 	conf->wpa_group_rekey = 600;
 	conf->wpa_gmk_rekey = 86400;
@ -765,6 +767,17 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 			conf->assoc_ap = 1;
 		} else if (strcmp(buf, "ieee8021x") == 0) {
 			conf->ieee802_1x = atoi(pos);
+		} else if (strcmp(buf, "eapol_version") == 0) {
+			conf->eapol_version = atoi(pos);
+			if (conf->eapol_version < 1 ||
+			    conf->eapol_version > 2) {
+				printf("Line %d: invalid EAPOL "
+				       "version (%d): '%s'.\n",
+				       line, conf->eapol_version, pos);
+				errors++;
+			} else
+				wpa_printf(MSG_DEBUG, "eapol_version=%d",
+					   conf->eapol_version);
 #ifdef EAP_SERVER
 		} else if (strcmp(buf, "eap_authenticator") == 0) {
 			conf->eap_server = atoi(pos);
--- a/dist/hostapd/config.h
+++ b/dist/hostapd/config.h
@ -57,6 +57,7 @@ struct hostapd_config {
 	char *dump_log_name; /* file name for state dump (SIGUSR1) */

 	int ieee802_1x; /* use IEEE 802.1X */
+	int eapol_version;
 	int eap_server; /* Use internal EAP server instead of external
 			 * RADIUS server */
 	struct hostapd_eap_user *eap_user;
--- a/dist/hostapd/crypto.c
+++ b/dist/hostapd/crypto.c
@ -12,9 +12,12 @@
 * See README and COPYING for more details.
 */

+#include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>

+#include <openssl/opensslv.h>
 #include <openssl/md4.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
--- a/dist/hostapd/driver_test.c
+++ b/dist/hostapd/driver_test.c
@ -67,7 +67,8 @@ test_driver_get_cli(struct test_driver_data *drv, struct sockaddr_un *from,

 	while (cli) {
 		if (cli->unlen == fromlen &&
-		    strncmp(cli->un.sun_path, from->sun_path, fromlen) == 0)
+		    strncmp(cli->un.sun_path, from->sun_path,
+			    fromlen - sizeof(cli->un.sun_family)) == 0)
 			return cli;
 		cli = cli->next;
 	}
@ -248,7 +249,8 @@ static void test_driver_assoc(struct test_driver_data *drv,
 	cli->next = drv->cli;
 	drv->cli = cli;
 	wpa_hexdump_ascii(MSG_DEBUG, "test_socket: ASSOC sun_path",
-			  cli->un.sun_path, cli->unlen);
+			  cli->un.sun_path,
+			  cli->unlen - sizeof(cli->un.sun_family));

 	snprintf(cmd, sizeof(cmd), "ASSOCRESP " MACSTR " 0",
 		 MAC2STR(drv->hapd->own_addr));
--- a/dist/hostapd/driver_wired.c
+++ b/dist/hostapd/driver_wired.c
@ -105,7 +105,8 @@ static void wired_possible_new_sta(struct hostapd_data *hapd, u8 *addr)
 }


-static void handle_data(struct hostapd_data *hapd, char *buf, size_t len)
+static void handle_data(struct hostapd_data *hapd, unsigned char *buf,
+			size_t len)
 {
 	struct ieee8023_hdr *hdr;
 	u8 *pos, *sa;
--- a/dist/hostapd/eap_mschapv2.c
+++ b/dist/hostapd/eap_mschapv2.c
@ -294,7 +294,7 @@ static void eap_mschapv2_process_response(struct eap_sm *sm,
 	resp = (struct eap_mschapv2_hdr *) respData;
 	pos = (u8 *) (resp + 1);

-	if (respDataLen < sizeof(resp) + 1 + 49 ||
+	if (respDataLen < sizeof(*resp) + 1 + 49 ||
 	    resp->op_code != MSCHAPV2_OP_RESPONSE ||
 	    pos[0] != 49) {
 		wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: Invalid response",
--- a/dist/hostapd/eap_pax.c
+++ b/dist/hostapd/eap_pax.c
@ -451,7 +451,7 @@ static void eap_pax_process(struct eap_sm *sm, void *priv,
 	struct eap_pax_hdr *resp;

 	if (sm->user == NULL || sm->user->password == NULL) {
-		wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Password not configured");
+		wpa_printf(MSG_INFO, "EAP-PAX: Password not configured");
 		data->state = FAILURE;
 		return;
 	}
--- a/dist/hostapd/eap_psk.c
+++ b/dist/hostapd/eap_psk.c
@ -393,7 +393,7 @@ static void eap_psk_process(struct eap_sm *sm, void *priv,
 	struct eap_psk_hdr *resp;

 	if (sm->user == NULL || sm->user->password == NULL) {
-		wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Password not configured");
+		wpa_printf(MSG_INFO, "EAP-PSK: Password not configured");
 		data->state = FAILURE;
 		return;
 	}
--- a/dist/hostapd/eloop.c
+++ b/dist/hostapd/eloop.c
@ -64,6 +64,7 @@ struct eloop_data {
 	int pending_terminate;

 	int terminate;
+	int reader_table_changed;
 };

 static struct eloop_data eloop;
@ -97,6 +98,7 @@ int eloop_register_read_sock(int sock,
 	eloop.readers = tmp;
 	if (sock > eloop.max_sock)
 		eloop.max_sock = sock;
+	eloop.reader_table_changed = 1;

 	return 0;
 }
@ -121,6 +123,7 @@ void eloop_unregister_read_sock(int sock)
 			sizeof(struct eloop_sock));
 	}
 	eloop.reader_count--;
+	eloop.reader_table_changed = 1;
 }


@ -348,12 +351,15 @@ void eloop_run(void)
 		if (res <= 0)
 			continue;

+		eloop.reader_table_changed = 0;
 		for (i = 0; i < eloop.reader_count; i++) {
 			if (FD_ISSET(eloop.readers[i].sock, rfds)) {
 				eloop.readers[i].handler(
 					eloop.readers[i].sock,
 					eloop.readers[i].eloop_data,
 					eloop.readers[i].user_data);
+				if (eloop.reader_table_changed)
+					break;
 			}
 		}
 	}
--- a/dist/hostapd/eloop.h
+++ b/dist/hostapd/eloop.h
@ -23,7 +23,9 @@
 #ifndef ELOOP_H
 #define ELOOP_H

-/* Magic number for eloop_cancel_timeout() */
+/**
+ * ELOOP_ALL_CTX - eloop_cancel_timeout() magic number to match all timeouts
+ */
 #define ELOOP_ALL_CTX (void *) -1

 /**
@ -133,7 +135,7 @@ void eloop_terminate(void);
 /**
 * eloop_destroy - Free any resources allocated for the event loop
 *
- * After calling eloop_destoy(), other eloop_* functions must not be called
+ * After calling eloop_destroy(), other eloop_* functions must not be called
 * before re-running eloop_init().
 */
 void eloop_destroy(void);
--- a/dist/hostapd/hostapd.conf
+++ b/dist/hostapd/hostapd.conf
@ -1,7 +1,7 @@
 ##### hostapd configuration file ##############################################
 # Empty lines and lines starting with # are ignored

-# AP netdevice name (without 'ap' prefix, i.e., wlan0 uses wlan0ap for
+# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
 # management frames); ath0 for madwifi
 interface=wlan0

@ -106,6 +106,14 @@ auth_algs=3
 # Require IEEE 802.1X authorization
 #ieee8021x=1

+# IEEE 802.1X/EAPOL version
+# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL
+# version 2. However, there are many client implementations that do not handle
+# the new version number correctly (they seem to drop the frames completely).
+# In order to make hostapd interoperate with these clients, the version number
+# can be set to the older version (1) with this configuration value.
+#eapol_version=2
+
 # Optional displayable message sent with EAP Request-Identity. The first \0
 # in this string will be converted to ASCII-0 (nul). This can be used to
 # separate network info (comma separated list of attribute=value pairs); see,
--- a/dist/hostapd/ieee802_1x.c
+++ b/dist/hostapd/ieee802_1x.c
@ -1,7 +1,7 @@
 /*
 * Host AP (software wireless LAN access point) user space daemon for
 * Host AP kernel driver / IEEE 802.1X Authenticator
- * Copyright (c) 2002-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ * Copyright (c) 2002-2006, Jouni Malinen <jkmaline@cc.hut.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@ -74,7 +74,7 @@ static void ieee802_1x_send(hostapd *hapd, struct sta_info *sta, u8 type,
 #endif

 	xhdr = (struct ieee802_1x_hdr *) buf;
-	xhdr->version = EAPOL_VERSION;
+	xhdr->version = hapd->conf->eapol_version;
 	xhdr->type = type;
 	xhdr->length = htons(datalen);

@ -322,7 +322,7 @@ static void ieee802_1x_tx_key_one(hostapd *hapd, struct sta_info *sta,

 	/* This header is needed here for HMAC-MD5, but it will be regenerated
 	 * in ieee802_1x_send() */
-	hdr->version = EAPOL_VERSION;
+	hdr->version = hapd->conf->eapol_version;
 	hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
 	hdr->length = htons(len);
 	hmac_md5(sm->eapol_key_sign, sm->eapol_key_sign_len,
--- a/dist/hostapd/ms_funcs.c
+++ b/dist/hostapd/ms_funcs.c
@ -1,6 +1,6 @@
 /*
 * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759
- * Copyright (c) 2004-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ * Copyright (c) 2004-2006, Jouni Malinen <jkmaline@cc.hut.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
@ -26,7 +26,7 @@
 /**
 * challenge_hash - ChallengeHash() - RFC 2759, Sect. 8.2
 * @peer_challenge: 16-octet PeerChallenge (IN)
- * @auth_challenge: 16-octet AuthChallenge (IN)
+ * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
 * @username: 0-to-256-char UserName (IN)
 * @username_len: Length of username
 * @challenge: 8-octet Challenge (OUT)
@ -53,35 +53,35 @@ static void challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge,

 /**
 * nt_password_hash - NtPasswordHash() - RFC 2759, Sect. 8.3
- * @password: 0-to-256-unicode-char Password (IN)
+ * @password: 0-to-256-unicode-char Password (IN; ASCII)
 * @password_len: Length of password
 * @password_hash: 16-octet PasswordHash (OUT)
 */
 void nt_password_hash(const u8 *password, size_t password_len,
 		      u8 *password_hash)
 {
-	u8 *buf;
-	int i;
-	size_t len;
+	u8 buf[512], *pos;
+	size_t i, len;
+
+	if (password_len > 256)
+		return;

 	/* Convert password into unicode */
-	buf = malloc(password_len * 2);
-	if (buf == NULL)
-		return;
-	memset(buf, 0, password_len * 2);
-	for (i = 0; i < password_len; i++)
+	for (i = 0; i < password_len; i++) {
 		buf[2 * i] = password[i];
+		buf[2 * i + 1] = 0;
+	}

 	len = password_len * 2;
-	md4_vector(1, (const u8 **) &buf, &len, password_hash);
-	free(buf);
+	pos = buf;
+	md4_vector(1, (const u8 **) &pos, &len, password_hash);
 }


 /**
 * hash_nt_password_hash - HashNtPasswordHash() - RFC 2759, Sect. 8.4
 * @password_hash: 16-octet PasswordHash (IN)
- * @password_hash_hash: 16-octet PaswordHashHash (OUT)
+ * @password_hash_hash: 16-octet PasswordHashHash (OUT)
 */
 void hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash)
 {
@ -115,7 +115,7 @@ void challenge_response(const u8 *challenge, const u8 *password_hash,
 * @peer_hallenge: 16-octet PeerChallenge (IN)
 * @username: 0-to-256-char UserName (IN)
 * @username_len: Length of username
- * @password: 0-to-256-unicode-char Password (IN)
+ * @password: 0-to-256-unicode-char Password (IN; ASCII)
 * @password_len: Length of password
 * @response: 24-octet Response (OUT)
 */
@ -143,7 +143,8 @@ void generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge,
 * @auth_challenge: 16-octet AuthenticatorChallenge (IN)
 * @username: 0-to-256-char UserName (IN)
 * @username_len: Length of username
- * @response: 42-octet AuthenticatorResponse (OUT)
+ * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually
+ * encoded as a 42-octet ASCII string (S=<hexdump of response>)
 */
 void generate_authenticator_response(const u8 *password, size_t password_len,
 				     const u8 *peer_challenge,
@ -192,7 +193,7 @@ void generate_authenticator_response(const u8 *password, size_t password_len,
 /**
 * nt_challenge_response - NtChallengeResponse() - RFC 2433, Sect. A.5
 * @challenge: 8-octet Challenge (IN)
- * @password: 0-to-256-unicode-char Password (IN)
+ * @password: 0-to-256-unicode-char Password (IN; ASCII)
 * @password_len: Length of password
 * @response: 24-octet Response (OUT)
 */
@ -236,7 +237,7 @@ void get_master_key(const u8 *password_hash_hash, const u8 *nt_response,
 * get_asymetric_start_key - GetAsymetricStartKey() - RFC 3079, Sect. 3.4
 * @master_key: 16-octet MasterKey (IN)
 * @session_key: 8-to-16 octet SessionKey (OUT)
- * @session_key_len: SessionKeyLength (Length of session_key)
+ * @session_key_len: SessionKeyLength (Length of session_key) (IN)
 * @is_send: IsSend (IN, BOOLEAN)
 * @is_server: IsServer (IN, BOOLEAN)
 */
@ -303,8 +304,8 @@ void get_asymetric_start_key(const u8 *master_key, u8 *session_key,
 #define PWBLOCK_LEN 516

 /**
- * encrypt_pw_block_with_password_hash - EncryptPwBlobkWithPasswordHash() - RFC 2759, Sect. 8.10
- * @password: 0-to-256-unicode-char Password (IN)
+ * encrypt_pw_block_with_password_hash - EncryptPwBlockWithPasswordHash() - RFC 2759, Sect. 8.10
+ * @password: 0-to-256-unicode-char Password (IN; ASCII)
 * @password_len: Length of password
 * @password_hash: 16-octet PasswordHash (IN)
 * @pw_block: 516-byte PwBlock (OUT)
@ -321,8 +322,13 @@ static void encrypt_pw_block_with_password_hash(

 	memset(pw_block, 0, PWBLOCK_LEN);
 	offset = (256 - password_len) * 2;
+	hostapd_get_rand(pw_block, offset);
 	for (i = 0; i < password_len; i++)
 		pw_block[offset + i * 2] = password[i];
+	/*
+	 * PasswordLength is 4 octets, but since the maximum password length is
+	 * 256, only first two (in little endian byte order) can be non-zero.
+	 */
 	pos = &pw_block[2 * 256];
 	WPA_PUT_LE16(pos, password_len * 2);
 	rc4(pw_block, PWBLOCK_LEN, password_hash, 16);
@ -331,9 +337,9 @@ static void encrypt_pw_block_with_password_hash(

 /**
 * new_password_encrypted_with_old_nt_password_hash - NewPasswordEncryptedWithOldNtPasswordHash() - RFC 2759, Sect. 8.9
- * @new_password: 0-to-256-unicode-char NewPassword (IN)
+ * @new_password: 0-to-256-unicode-char NewPassword (IN; ASCII)
 * @new_password_len: Length of new_password
- * @old_password: 0-to-256-unicode-char OldPassword (IN)
+ * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII)
 * @old_password_len: Length of old_password
 * @encrypted_pw_block: 516-octet EncryptedPwBlock (OUT)
 */
@ -367,9 +373,9 @@ static void nt_password_hash_encrypted_with_block(const u8 *password_hash,

 /**
 * old_nt_password_hash_encrypted_with_new_nt_password_hash - OldNtPasswordHashEncryptedWithNewNtPasswordHash() - RFC 2759, Sect. 8.12
- * @new_password: 0-to-256-unicode-char NewPassword (IN)
+ * @new_password: 0-to-256-unicode-char NewPassword (IN; ASCII)
 * @new_password_len: Length of new_password
- * @old_password: 0-to-256-unicode-char OldPassword (IN)
+ * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII)
 * @old_password_len: Length of old_password
 * @encrypted_password_ash: 16-octet EncryptedPasswordHash (OUT)
 */
--- a/dist/hostapd/ms_funcs.h
+++ b/dist/hostapd/ms_funcs.h
@ -46,5 +46,4 @@ void old_nt_password_hash_encrypted_with_new_nt_password_hash(
 	const u8 *old_password, size_t old_password_len,
 	u8 *encrypted_password_hash);

-
 #endif /* MS_FUNCS_H */
--- a/dist/hostapd/radius.c
+++ b/dist/hostapd/radius.c
@ -257,11 +257,9 @@ static void radius_msg_dump_attr(struct radius_attr_hdr *hdr)
 		break;

 	case RADIUS_ATTR_INT32:
-		if (len == 4) {
-			u32 *val = (u32 *) pos;
-			printf("      Value: %u\n",
-			       (unsigned int) ntohl(*val));
-		} else
+		if (len == 4)
+			printf("      Value: %u\n", WPA_GET_BE32(pos));
+		else
 			printf("      Invalid INT32 length %d\n", len);
 		break;

@ -966,8 +964,8 @@ radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg,
 					    sent_msg->hdr->authenticator,
 					    secret, secret_len,
 					    &keys->recv_len);
-		free(key);
 	}
+	free(key);

 	return keys;
 }
--- a/dist/hostapd/radius_client.c
+++ b/dist/hostapd/radius_client.c
@ -662,9 +662,10 @@ u8 radius_client_get_id(struct radius_client_data *radius)
 			else
 				radius->msgs = entry->next;
 			remove = entry;
-		} else
+		} else {
 			remove = NULL;
-		prev = entry;
+			prev = entry;
+		}
 		entry = entry->next;

 		if (remove)
--- a/dist/hostapd/radius_server.c
+++ b/dist/hostapd/radius_server.c
@ -404,7 +404,7 @@ static int radius_server_request(struct radius_server_data *data,
 {
 	u8 *eap = NULL;
 	size_t eap_len;
-	int res, state_included;
+	int res, state_included = 0;
 	u8 statebuf[4], resp_id;
 	unsigned int state;
 	struct radius_session *sess;
--- a/dist/hostapd/tls_openssl.c
+++ b/dist/hostapd/tls_openssl.c
@ -1322,6 +1322,7 @@ static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12,
 	if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) {
 		tls_show_errors(MSG_DEBUG, __func__,
 				"Failed to parse PKCS12 file");
+		PKCS12_free(p12);
 		return -1;
 	}
 	wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data");
--- a/dist/hostapd/version.h
+++ b/dist/hostapd/version.h
@ -1,6 +1,6 @@
 #ifndef VERSION_H
 #define VERSION_H

-#define VERSION_STR "0.4.8"
+#define VERSION_STR "0.4.9"

 #endif /* VERSION_H */
--- a/dist/hostapd/wpa.c
+++ b/dist/hostapd/wpa.c
@ -1853,7 +1853,7 @@ static void wpa_send_eapol(struct hostapd_data *hapd, struct sta_info *sta,
 	if (hdr == NULL)
 		return;
 	memset(hdr, 0, len);
-	hdr->version = EAPOL_VERSION;
+	hdr->version = hapd->conf->eapol_version;
 	hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
 	hdr->length = htons(len  - sizeof(*hdr));
 	key = (struct wpa_eapol_key *) (hdr + 1);
@ -2662,10 +2662,11 @@ static int wpa_sm_sta_entry_alive(struct hostapd_data *hapd, u8 *addr)

 static void wpa_sm_step(struct wpa_state_machine *sm)
 {
-	struct hostapd_data *hapd = sm->hapd;
+	struct hostapd_data *hapd;
 	u8 addr[6];
 	if (sm == NULL || sm->sta == NULL || sm->sta->wpa_sm == NULL)
 		return;
+	hapd = sm->hapd;

 	memcpy(addr, sm->sta->addr, 6);
 	do {