Vinayak Yadawad [Fri, 8 Dec 2023 16:20:23 +0000 (21:50 +0530)]
nl80211: Use attribute NL80211_ATTR_BSSID to scan for specific BSSID
With changes to optimize scan for specific BSSID, there arises a
scenario where in nl80211_trigger_scan() is called with a scan
randomization enabled. A combination of NL80211_ATTR_MAC for BSSID and
scan randomization, which uses NL80211_ATTR_MAC for a different purpose,
results in invalid error for the scan request. To fix the issue use
attribute NL80211_ATTR_BSSID instead of NL80211_ATTR_MAC.
NL80211_ATTR_BSSID was introduced in kernel commit 2fa436b3a2a7
("nl80211: Use different attrs for BSSID and random MAC addr in scan
req") in 2016. Prior to that, only NL80211_ATTR_MAC could be used for
specifying the target BSSID. For backwards compatibility, add the
NL80211_ATTR_MAC attribute as well when not using a random MAC address.
Benjamin Berg [Mon, 20 Nov 2023 23:51:54 +0000 (01:51 +0200)]
tests: Test driver association ML link rejection flow
The underlying driver can reject only specific links in an association
request. In that case we will only ignore the corresponding BSS. Add a
test for this flow by simulating an association failure on the second
link specifically.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:53 +0000 (01:51 +0200)]
tests: Add some MLD association tests
Test ML association, automatic link discovery using ML probe requests
and marking BSSs as failed after an ML association failure, if the
corresponding link also rejected the association.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
tests: Update ML discovery test to also check probe requests
Also check that we can discover BSSs requests using ML probe requests.
Note that this requires a new enough mac80211 which parses the ML probe
request and reports the contained BSSs.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Tue, 28 Nov 2023 10:14:09 +0000 (12:14 +0200)]
AP MLD: Do not modify flags for link stations
All the station flags other than WPA_STA_SHORT_PREAMBLE are relevant
only for the MLD station and not to the link stations (as these flags
are related to the MLD state and not the link state).
As for the WPA_STA_SHORT_PREAMBLE, since the station is an EHT
station, it must have short preamble.
Thus, do not propagate the flags change for link stations to the driver.
Chaitanya Tata [Mon, 27 Nov 2023 19:21:01 +0000 (00:51 +0530)]
Fix MBO build with GAS dependency
On the default configuration if MBO only is enabled then build breaks as GAS
is not selected, if other features that auto-enable GAS are selected
then it works.
Mikelis Vuls [Mon, 4 Dec 2023 12:27:48 +0000 (12:27 +0000)]
EHT: Fix updating center freq segment 0 index for HE and VHT
Add additional check for 6 GHz operating class. Otherwise this results
in setting incorrect segment 0 index for 5 GHz 40 MHz channel 157-161,
which has the same center segment 0 index 159 as 6 GHz 320 MHz expected
channel.
Liangwei Dong [Fri, 17 Nov 2023 07:35:20 +0000 (15:35 +0800)]
Add QCA vendor command to query transmit power information
Add a new QCA subcommand QCA_NL80211_VENDOR_SUBCMD_REGULATORY_TPC_INFO
and related attributes qca_wlan_vendor_attr_tpc_links,
qca_wlan_vendor_attr_tpc definition to query transmit power information
on STA interface from the driver for a connected AP.
The information includes regulatory max transmit power limit, AP local
power constraint advertised from AP's Beacon and Probe Response frames.
For PSD power mode, the information includes PSD power levels for each
subchannel of operating bandwidth. The information is driver calculated
power limits based on current regulatory domain, AP local power
constraint and other IEs. The information will be set to target. Target
will decide final TX power based on this and chip specific power
conformance test limits (CTL), and SAR limits.
Chaitanya Tata [Mon, 27 Nov 2023 19:03:58 +0000 (00:33 +0530)]
Add an option to remove RRM and supported operating class indication
Removing radio measurements and supported operating class indication
might be needed to reduce binary size for a memory constrained system
that does not need more advanced features. However, removing these is
not recommended since they can help the AP manage the network and STA
steering.
Jun Yu [Wed, 29 Nov 2023 06:54:49 +0000 (06:54 +0000)]
Populate the new beacon hint event to wpa_msg()
Beacon hinting is a feature that can temporarily change the regulatory
rule flags on the channel where the radio hears the beacon. Add a new
event CTRL-EVENT-REGDOM-BEACON-HINT to notify the wpa_supplicant user
about an important update to the regulatory rules including which
frequencies are impacted, new power limit, and new rule flags.
Remi Pommarel [Fri, 1 Dec 2023 15:14:11 +0000 (16:14 +0100)]
mesh: Add for_each_sta implementation in wpa_auth_callbacks
The wpa_auth_callbacks for mesh was missing a for_each_sta
implementation. This is an issue with pmksa cache, as when a cache entry
expires the for_each_sta callback is called in order to clear the pmksa
reference for all sta that was using this entry. Not having a
for_each_sta callback will prevent this cleanup to happen then a sta
could still use this pmksa entry even after it has been freed.
This used after free was not a problem up until recently where
dpp_pkhash is now stored in pmksa entry and retreived later on causing
crash with below backtrace:
Jouni Malinen [Sat, 2 Dec 2023 18:31:16 +0000 (20:31 +0200)]
mesh: Fix PMKSA cache entry addition with external PMKSA management
The length of the PMK ended up getting lost when a PMKSA cache entry was
added based on externally managed information. Set the PMK length in SAE
context to get the correct length stored into the actual PMKSA cache
entry that gets created in this path.
Jaap Keuter [Thu, 30 Nov 2023 22:31:03 +0000 (23:31 +0100)]
trace: binutils replaces bfd_hostptr_t with uintptr_t
According to this message https://marc.info/?l=binutils&m=165363679302282
the type bfd_hostptr_t is dropped in favor of uintptr_t.
Replace the use of this type in the code.
tests: Add a unit test for RNR/basic ML element parsing
Going through everything to test parsing of the basic ML element and the
RNR element is not really feasible for MBSSID mode. As such, add a unit
test to excercise parsing the available links from the RNR, basic ML
element and MBSSID-Index element if present.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Mon, 27 Nov 2023 10:01:15 +0000 (12:01 +0200)]
Ignore missing set_secure_ranging_ctx callback for testing purposes
nl80211_set_secure_ranging_ctx() was already ignoring the operation, but
this is included only with CONFIG_DRIVER_NL80211_QCA=y. Make the default
case use same behavior based on the callback function not being defined.
This is needed to allow the following test cases to work:
pasn_owe_tm_kdk_secure_ltf pasn_sae_kdk_secure_ltf
nl80211: Remove links when stopping AP MLD in hostapd
There is an issue when starting a non-MLD AP on the same interface that
previous operated as an AP MLD. When the previous AP MLD got stopped,
links were not removed when using hostapd. Next non-MLD AP will fail to
start because some nl80211 operations still require link id (e.g., set
freq).
Remove links when AP MLD is stop to avoid such issue. This was already
done in the deinit_ap() handler when using wpa_supplicant, but hostapd
needs to do same.
Benjamin Berg [Mon, 20 Nov 2023 23:51:47 +0000 (01:51 +0200)]
tests: Fix some incorrect failure waiting calls
These were either sending the command to the wrong
hostapd/wpa_supplicant instance or using the wrong command. This
currently causes the wait to just immediately stop, but with future
commits it would start failing.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Ilan Peer [Mon, 20 Nov 2023 23:51:42 +0000 (01:51 +0200)]
AP: Handle re-association from a non-AP MLD
When processing a (Re)Association Request frame and no corresponding
station is found, try to find the station using the station MLD MAC
address from the Basic ML element, as it is possible that the station
is trying to re-associate but with a different link address (in such
a case the underlying driver would not perform address translations).
When sending the (Re)Association Response frame, use the addresses from
the (Re)Association Request frame and not the AP MLD MAC address, again,
to avoid the address translation done in the driver.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:40 +0000 (01:51 +0200)]
MLD: Use MLD MAC address for deauthentication
When connecting, pending_bssid is set to the main link that we are
authenticating/associating on. Later on, the MLD MAC address will be
stored in the bssid, but we may also try to deauthenticate before we are
connected and in that case, pending_bssid is not yet set to the MLD MAC
address.
As such, use the ap_mld_addr instead of pending_bssid if n_mld_links is
non-zero. This is the sensible thing to do and expected behavior on
nl80211.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
For AP MLD, when BSSID configuration is specified without mld_addr, the
first link address is used as the MLD MAC address as well. Though IEEE
P802.11be allows this, the current implementation and the kernel aren't
happy about it. Better avoid this.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Mon, 20 Nov 2023 23:51:37 +0000 (01:51 +0200)]
scan: Include AP MLD ID in ML probe request if needed
According to IEEE P802.11be/D4.0, 35.3.4.2, the AP MLD ID must be
included in the Probe Request ML element in case it is sent to a
transmitted BSS in which case it should be set to 0. If it is sent to an
non-transmitted BSSID, the AP MLD ID should not be included.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
IEEE P802.11be/D4.0, 9.4.2.312.2.3 states that the AP MLD ID should only
be included in some ML probe responses. Beacon frames shouldn't include
AP MLD ID.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:35 +0000 (01:51 +0200)]
ML: Add basic handling of ML probe requests
This responds by simply embedding most of the IEs from the other links
into the ML element. This is not correct really, as inheritance rules
should be applied and an inheritance element may need to be added.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:34 +0000 (01:51 +0200)]
AP: MLO: Add helper to iterate all links of an AP MLD
Add a simple for_each_mld_link helper that sets first variable to the
hapd data for every link. It takes the interfaces and MLD ID as
arguments and two extra integers as scratch variables (for the interface
and bss offsets).
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:32 +0000 (01:51 +0200)]
AP: Split Probe Response frame IE generation into a separate function
To support ML probe request we will need to include IEs from the other
hapd instances in the response. Split the function to allow just
generating the per-instance IEs separately.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:28 +0000 (01:51 +0200)]
MLD: Ignore failed links from association attempt
If for some reason association fails and a link which has an error is
reported, add that specific link to the ignore list. After that,
immediately retrigger the connection code. In the usual case, we are
then going to reconnect to the same AP MLD but with that particular link
not being included in the connection.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:29 +0000 (01:51 +0200)]
nl80211: Add support to parse out link from error reply
The kernel may report the link that caused an error by setting
NLMSGERR_ATTR_OFFS pointing to the NL80211_ATTR_MLO_LINKS element
that was the reason for the error.
Parse this information if the optional struct nl80211_err_info is
passed to send_and_recv_msgs().
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:27 +0000 (01:51 +0200)]
MLD: Do not consider ignored BSSs for links when parsing RNR info
This avoids, e.g., trying to use a BSS that is rejected by mac80211 as a
link, which could fail the connection as a whole.
Note that this is not perfect. Ideally, the internal state would have a
more context sensitive ignore flag so that one could still use a BSS as
a link in some situation.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:26 +0000 (01:51 +0200)]
MLD: Return status code for links when rejecting association
When the TX link rejects the association, return a status code for all
requested links. For simplicity, just return "TX link not accepted" so
that clients may try to connect to other links. This could be improved
to explicitly reject each link if directly associating to the link will
not work either.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:25 +0000 (01:51 +0200)]
MLD: Also mark links as failed after association failure
Parse the link status values out of Multi-Link association response. If
the AP rejects ML association and marks the links as failed with a
reason code other than TX_LINK_NOT_ACCEPTED, also report these links to
wpas_connection_failed() and ignore them.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Mon, 20 Nov 2023 23:51:23 +0000 (01:51 +0200)]
AP: Add support for testing ML link removal
Add support for testing ML link removal to hostapd. While such support
should inherently be integrated with the underlining driver, simulate
the inclusion of the ML reconfiguration element in hostapd.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
wpa_supplicant: Remove duplicate logic in wpas_ml_element()
Parsing multiple RNR elements already exists in
wpa_bss_parse_basic_ml_element(), so wpas_ml_element() just duplicates
the same code. Combine the functionality of both these functions and
remove the duplicate.
Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Sat, 25 Nov 2023 09:13:42 +0000 (11:13 +0200)]
dbus: Increase XML buffer size for an interface introspection data
The current set of global configuration fields is getting close to the
previously used 15000 byte limit, so increase this size to 16000 and add
a note about the potential need to change this size when adding new
fields.
Benjamin Berg [Mon, 20 Nov 2023 23:51:18 +0000 (01:51 +0200)]
common: Simplify and avoid confusing defragmentation API
Three functions were provided for defragmentation. First
ieee802_11_defrag(), ieee802_11_defrag_mle() and then
ieee802_11_defrag_data() which would do the actual job. With
ieee802_11_defrag() picking the member in the elements struct for an
EID. The problem with this is, that for the Multi-Link element, there
are multiple entries in the elems struct depending on its type. As such,
remove the intermediate function and simply pass the correct members
directly.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This Presence Bitmap field is B4..B15 of the Multi-Link Control field
and the value used here is for that full 16-bit field, not just within
the Presence Bitmap field.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:16 +0000 (01:51 +0200)]
SME: Drop old disassoc_while_authenticating workaround
This workaround from commit 6d6f4bb87f33 ("nl80211: Work around mac80211
limitation on (re)auth when authenticated") pre-dates the code that
supresses the deauth or disconnect event from nl80211. Should this code
be called it would not actually work at this point, as important
internal state for the authentication attempt has already been lost.
Simply drop the code. This might also fix issues where we could get
into a bad state if a proper deauth/disconnect event happens while we
are authenticating or associating.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:15 +0000 (01:51 +0200)]
nl80211: Do a roundtrip to reset event supressions
With nl80211 we need to supress the kernel generated event for any
disconnect and deauthenticate. This code is a bit fragile, as it
assumes that an event will happen. Commit b898b655824a ("nl80211: Do
not ignore disconnect event in case of !drv->associated") changed this
to only disconnect when the driver knows it is associated (apparently
required for P2P), however, deauthentication may also occur without
being associated yet.
Looking at the issue, what we are really interested in is whether the
event belongs to a disconnect/deauth command that we have send
ourselves. Any event happening after the disconnect/deauth completes
should not be suppressed (or after the next connect/auth as that would
be sufficient). We therefore need to know from the event stream
whether events were generated before or after disconnect/deauth
command completion.
To do so, send a simple command on the nl_event socket. As this will
be returned back to us in the correct order with regard to the events.
We can therefore use it to safely reset our internal
ignore_next_local_{deauth,disconnect} variables.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Jouni Malinen [Fri, 24 Nov 2023 18:59:37 +0000 (20:59 +0200)]
tests: Set wpa_s->global for module tests
This is needed to avoid NULL pointer deferencing in
wpa_supplicant_ctrl_iface_msg_cb() if any of the functions called from
wpas_bssid_ignore_module_tests_() ends up using wpa_msg().
Vinayak Yadawad [Mon, 20 Nov 2023 12:39:33 +0000 (18:09 +0530)]
nl80211: Update port authorized indication for MLO address
Handling of port authorized event for STA currently handles the
connected BSSID. This needs additional handling to support the AP MLD
address in case of MLO connection. The connected_addr expected by
cfg80211_port_authorized() is mld_addr for ML connection case.
Nicolas Escande [Mon, 13 Nov 2023 08:55:55 +0000 (09:55 +0100)]
ACS: Add 320 MHz support for EHT
Enable support for ACS in the IEEE 802.11be/320 MHz case. To do so we
just:
- add channel definitions for the 320 MHz blocks of the 6 GHz band
- handle CONF_OPER_CHWIDTH_320MHZ in the different cases
- restrict 320 MHz to ieee80211be=1 only
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
EHT: Fix HE Channel Center Freq Seg0/Seg1 for 6 GHz 320 MHz cases
Fix for the HE Channel Center Freq Seg0/Seg1 within the HE 6GHz
Operation Information field. As downgrade of bandwidths for VHT and HE
when using puncturing is TODO for 320 MHz and/or if puncturing is
disabled and bandwidth is 320 MHz, the same rules as for 160 MHz should
be applied for Channel Center Freq Seg0/Seg1 within 6 GHz Operation
Information field.
EHT: Fix conditions for including EHT Operation Information field
Include EHT Operation Information field only if the operating bandwidth
is 320 MHz or there is at least one punctured 20 MHz subchannel. This
behavior is defined in IEEE P802.11be/D4.0, 35.15.1 (Basic EHT BSS
operation).
Jouni Malinen [Fri, 24 Nov 2023 10:53:09 +0000 (12:53 +0200)]
MBSSID: Use BIGTK from the transmitted BSS for beacon protection
MBSSID shares a single Beacon frame with multiple BSSs. This implies
that the key used for beacon protection (BIGTK) needs to be shared. The
nontransmitted BSSs managed their own BIGTK previously and that resulted
in providing incorrect value to the stations associated with those BSSs.
Use the BIGTK from the transmitted BSS to fix this.
Jouni Malinen [Thu, 23 Nov 2023 21:13:51 +0000 (23:13 +0200)]
Prefer SAE over PSK in WPA3-Personal transition mode cases
Order scan results in a manner that prefers BSSs that support SAE over
ones that support PSK without SAE if the SNR of the SAE BSS is good or
at least at the same level as the SNR for the PSK BSS. This improves
likelihood of using SAE when the local network profile allows
WPA3-Personal transition mode and the ESS uses a mix BSSs with different
sets of AKMs.
Jouni Malinen [Thu, 23 Nov 2023 18:41:35 +0000 (20:41 +0200)]
OWE: Optimize transition mode AP scan with owe_only=1 STA configuration
Extend the optimization from commit 9c97126576b7 ("OWE: Optimize
transition mode scan to use known channels") to cover cases where the
STA is configued with OWE transition mode disabled, but the AP uses OWE
transition mode.
Ainy Kumari [Thu, 16 Nov 2023 02:47:10 +0000 (08:17 +0530)]
P2P: Do not skip updating BSS table when frequency is changed
BSS table is not updated when a non-P2P station runs a scan without P2P
IE in Probe Response frame, since that would remove P2P IE information.
However, this results also in not updating mandatory rates in Supported
Rates and BSS Membership Selectors element even though AP/GO changes
frequency from 2.4 GHz to 5 GHz band.
This is causing connection failure since BSS table has 1 Mbps as
mandatory rate for AP connection but minimum supported rate in 5 GHz
band is 6 Mbps.
To avoid connection failures in such cases, don't skip updating BSS
table when the BSS frequency is changed. This covers the most important
case addressed in commit ff57398fcab8 ("P2P: Do not drop P2P IEs from
BSS table on non-P2P scans") while still allowing other changes to be
taken into account if the GO were to actually change channels (or band,
which would be the most likely case needing the update).
Vinayak Yadawad [Wed, 22 Nov 2023 09:19:52 +0000 (14:49 +0530)]
Fix references to correct driver capability flag for PSK/OWE offloads
Fix references to the appropriate driver capability drv_flags2. The
initial version used the incorrect drv_flags value and by doing so,
ended up using incorrect driver capabilities (DEAUTH_TX_STATUS,
BSS_SELECT, TDLS_SUPPORT) which could result in incorrect OWE
functionality for both AP and STA cases.
Fixes: d984c7b29801 ("hostapd: Add support for OWE offload for STA/AP interface") Fixes: da364180fba6 ("hostapd: Support 4-way handshake offload for AP/P2P GO") Signed-off-by: Vinayak Yadawad <vinayak.yadawad@broadcom.com>
Jouni Malinen [Wed, 22 Nov 2023 17:39:45 +0000 (19:39 +0200)]
OpenSSL: Allow openssl_ciphers override with Suite B config on server
The openssl_ciphers parameter is a global data entry on the server
instead of the per-connection design on client. As such, hostapd needs
to make a local copy of the global value and use that whenever setting
per-connection parameters. This is needed particularly when testing
Suite B functionality where the Suite B specific parameters might end up
overriding the cipher list.