STA: Check driver capability to enable OCV when driver SME is used

When the driver SME is used, offloaded RSN handshakes like SA Query, GTK
rekeying, FT authentication, etc. would fail if wpa_supplicant enables
OCV in initial connection based on configuration but the driver doesn't
support OCV. To avoid such failures check the driver's capability for
enabling OCV when the driver SME used.

This commit also adds a capability flag for indicating OCV support
by the driver.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>

diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index dd17bcefa219a34ce414fc5f65149075be9e36f8..595677567103605bb1e00f4ac91d6c85560be1db 100644 (file)
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -2015,6 +2015,8 @@ struct wpa_driver_capa {
 #define WPA_DRIVER_FLAGS2_BEACON_RATE_HE       0x0000000000000020ULL
 /** Driver supports Beacon protection only in client mode */
 #define WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT 0x0000000000000040ULL
+/** Driver supports Operating Channel Validation */
+#define WPA_DRIVER_FLAGS2_OCV                  0x0000000000000080ULL
        u64 flags2;
 
 #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \

diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 1038ca74e817001d2a50252d39cf15895a5d0c9b..d2400bbd9c357105e8955e1e2092f9e1a65b7f28 100644 (file)
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -660,6 +660,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
        if (ext_feature_isset(ext_features, len,
                              NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
                capa->flags2 |= WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT;
+
+       if (ext_feature_isset(ext_features, len,
+                             NL80211_EXT_FEATURE_OPERATING_CHANNEL_VALIDATION))
+               capa->flags2 |= WPA_DRIVER_FLAGS2_OCV;
 }
 
 

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 9badce31887f8bcbfbec9fd5884a69f391726466..8384cce7536ed6635d6a38a443a0f6273ae883fe 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1656,7 +1656,9 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
        wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
                         wpas_get_ssid_pmf(wpa_s, ssid));
 #ifdef CONFIG_OCV
-       wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
+       if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
+           (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV))
+               wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
 #endif /* CONFIG_OCV */
        sae_pwe = wpa_s->conf->sae_pwe;
        if (ssid->sae_password_id && sae_pwe != 3)

diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 09a8658ff52cbc700a1ad6f5e64abb269d4ff700..e3ae77114680181e3fd550ced0cf4d0ccea2290f 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -991,7 +991,8 @@ fast_reauth=1
 # This is a countermeasure against multi-channel man-in-the-middle attacks.
 # Enabling this automatically also enables ieee80211w, if not yet enabled.
 # 0 = disabled (default)
-# 1 = enabled
+# 1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the
+#     driver indicates support for operating channel validation.
 #ocv=1
 #
 # auth_alg: list of allowed IEEE 802.11 authentication algorithms