Enable beacon protection only when driver indicates support

Enabling beacon protection will cause STA connection/AP setup failures
if the driver doesn't support beacon protection. To avoid this, check
the driver capability before enabling beacon protection.

This commit also adds a capability flag to indicate beacon protection
support in client mode only.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 1f4d33a76593793e6b6b32b44dcf1e9b0b0ca073..36d2df03eb02babf76b97a76f4cb4a0d39d46479 100644 (file)
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1786,7 +1786,8 @@ own_ip_addr=127.0.0.1
 #group_mgmt_cipher=AES-128-CMAC
 
 # Beacon Protection (management frame protection for Beacon frames)
-# This depends on management frame protection being enabled (ieee80211w != 0).
+# This depends on management frame protection being enabled (ieee80211w != 0)
+# and beacon protection support indication from the driver.
 # 0 = disabled (default)
 # 1 = enabled
 #beacon_prot=0

diff --git a/src/ap/ieee802_11_shared.c b/src/ap/ieee802_11_shared.c
index 4155c947ab094b32e4dab3ee30c40a2c5632494b..045310594b7e8fd0e6676d2980f07a39a60d02a9 100644 (file)
--- a/src/ap/ieee802_11_shared.c
+++ b/src/ap/ieee802_11_shared.c
@@ -425,7 +425,9 @@ static void hostapd_ext_capab_byte(struct hostapd_data *hapd, u8 *pos, int idx)
                                               * Identifiers Used Exclusively */
                }
 #endif /* CONFIG_SAE */
-               if (hapd->conf->beacon_prot)
+               if (hapd->conf->beacon_prot &&
+                   (hapd->iface->drv_flags &
+                    WPA_DRIVER_FLAGS_BEACON_PROTECTION))
                        *pos |= 0x10; /* Bit 84 - Beacon Protection Enabled */
                break;
        case 11: /* Bits 88-95 */
@@ -494,7 +496,8 @@ u8 * hostapd_eid_ext_capab(struct hostapd_data *hapd, u8 *eid)
            hostapd_sae_pw_id_in_use(hapd->conf))
                len = 11;
 #endif /* CONFIG_SAE */
-       if (len < 11 && hapd->conf->beacon_prot)
+       if (len < 11 && hapd->conf->beacon_prot &&
+           (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
                len = 11;
 #ifdef CONFIG_SAE_PK
        if (len < 12 && hapd->conf->wpa &&

diff --git a/src/ap/wnm_ap.c b/src/ap/wnm_ap.c
index be817978e88a02d13bd45c9003459d4efaf9f972..d32967e6cef66322bf726e818ab9952d8c262570 100644 (file)
--- a/src/ap/wnm_ap.c
+++ b/src/ap/wnm_ap.c
@@ -169,7 +169,9 @@ static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd,
                pos += igtk_elem_len;
                wpa_printf(MSG_DEBUG, "Pass 4 igtk_len = %d",
                           (int) igtk_elem_len);
-               if (hapd->conf->beacon_prot) {
+               if (hapd->conf->beacon_prot &&
+                   (hapd->iface->drv_flags &
+                    WPA_DRIVER_FLAGS_BEACON_PROTECTION)) {
                        res = wpa_wnmsleep_bigtk_subelem(sta->wpa_sm, pos);
                        if (res < 0)
                                goto fail;
@@ -537,7 +539,8 @@ static void wnm_beacon_protection_failure(struct hostapd_data *hapd,
 {
        struct sta_info *sta;
 
-       if (!hapd->conf->beacon_prot)
+       if (!hapd->conf->beacon_prot ||
+           !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
                return;
 
        sta = ap_get_sta(hapd, addr);

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index ebc35dd296ffc6299b3aa6a0a19ff5a8f92c0d05..f24ada266b74547614c0c39873061888997b6f1e 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -1512,6 +1512,9 @@ int hostapd_setup_wpa(struct hostapd_data *hapd)
        else
                _conf.extended_key_id = 0;
 
+       if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION))
+               _conf.beacon_prot = 0;
+
        _conf.secure_ltf =
                !!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF);
        _conf.secure_rtt =

diff --git a/src/drivers/driver.h b/src/drivers/driver.h
index 24fb877e588b33bcbeda48516ffb536c6c677c30..dd17bcefa219a34ce414fc5f65149075be9e36f8 100644 (file)
--- a/src/drivers/driver.h
+++ b/src/drivers/driver.h
@@ -2013,6 +2013,8 @@ struct wpa_driver_capa {
 #define WPA_DRIVER_FLAGS2_PROT_RANGE_NEG       0x0000000000000010ULL
 /** Driver supports Beacon frame TX rate configuration (HE rates) */
 #define WPA_DRIVER_FLAGS2_BEACON_RATE_HE       0x0000000000000020ULL
+/** Driver supports Beacon protection only in client mode */
+#define WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT 0x0000000000000040ULL
        u64 flags2;
 
 #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \

diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c
index 7eae0e325112b8b9f79d6bdd183cce7e1292b53e..1038ca74e817001d2a50252d39cf15895a5d0c9b 100644 (file)
--- a/src/drivers/driver_nl80211_capa.c
+++ b/src/drivers/driver_nl80211_capa.c
@@ -656,6 +656,10 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info,
        if (ext_feature_isset(ext_features, len,
                              NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
                info->drv->unsol_bcast_probe_resp = 1;
+
+       if (ext_feature_isset(ext_features, len,
+                             NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
+               capa->flags2 |= WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT;
 }
 
 

diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 77f363e00aa6676dd75a5ebdfc8f602db7fb4b02..09a8658ff52cbc700a1ad6f5e64abb269d4ff700 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -1492,8 +1492,11 @@ fast_reauth=1
 # 2: do not allow PFS to be used
 #dpp_pfs=0
 
-# Whether Beacon protection is enabled
-# This depends on management frame protection (ieee80211w) being enabled.
+# Whether beacon protection is enabled
+# This depends on management frame protection (ieee80211w) being enabled and
+# beacon protection support indication from the driver.
+# 0 = disabled (default)
+# 1 = enabled
 #beacon_prot=0
 
 # OWE DH Group

diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 798b5b461e7a722d2a2e973a6918d68dcde387bf..34e8b7a01f71c1af2bbd15f5fd173523aece3bb6 100644 (file)
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1473,7 +1473,10 @@ void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
                        conf.fils_cache_id =
                                wpa_bss_get_fils_cache_id(wpa_s->current_bss);
 #endif /* CONFIG_FILS */
-               conf.beacon_prot = ssid->beacon_prot;
+               if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION) ||
+                   (wpa_s->drv_flags2 &
+                    WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT))
+                       conf.beacon_prot = ssid->beacon_prot;
        }
 #ifdef CONFIG_PASN
 #ifdef CONFIG_TESTING_OPTIONS