From: Veerendranath Jakkam Date: Thu, 4 Feb 2021 18:33:20 +0000 (+0530) Subject: AP: Check driver's capability to enable OCV when driver SME is used X-Git-Tag: hostap_2_10~557 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f92f81dacfc0c36e72f1ed64ec5ac73fedbb1b7;p=thirdparty%2Fhostap.git AP: Check driver's capability to enable OCV when driver SME is used When the driver SME is used, offloaded handshakes which need Operating Channel Validation (OCV) such as SA Query procedure, etc. would fail if hostapd enables OCV based on configuration but the driver doesn't support OCV. To avoid this when driver SME is used, enable OCV from hostapd only when the driver indicates support for OCV. This commit also adds a capability flag to indicate whether driver SME is used in AP mode. Signed-off-by: Veerendranath Jakkam --- diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index 36d2df03e..a3d28efed 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1804,6 +1804,9 @@ own_ip_addr=127.0.0.1 # ocv: Operating Channel Validation # This is a countermeasure against multi-channel man-in-the-middle attacks. +# Enabling this depends on the driver's support for OCV when the driver SME is +# used. If hostapd SME is used, this will be enabled just based on this +# configuration. # Enabling this automatically also enables ieee80211w, if not yet enabled. # 0 = disabled (default) # 1 = enabled diff --git a/src/ap/hs20.c b/src/ap/hs20.c index 543fa335f..05e9b9d20 100644 --- a/src/ap/hs20.c +++ b/src/ap/hs20.c @@ -86,7 +86,9 @@ u8 * hostapd_eid_osen(struct hostapd_data *hapd, u8 *eid) capab |= WPA_CAPABILITY_MFPR; } #ifdef CONFIG_OCV - if (hapd->conf->ocv) + if (hapd->conf->ocv && + (hapd->iface->drv_flags2 & + (WPA_DRIVER_FLAGS2_AP_SME | WPA_DRIVER_FLAGS2_OCV))) capab |= WPA_CAPABILITY_OCVC; #endif /* CONFIG_OCV */ WPA_PUT_LE16(eid, capab); diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index f24ada266..c3b2e81e2 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -1515,6 +1515,12 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION)) _conf.beacon_prot = 0; +#ifdef CONFIG_OCV + if (!(hapd->iface->drv_flags2 & + (WPA_DRIVER_FLAGS2_AP_SME | WPA_DRIVER_FLAGS2_OCV))) + _conf.ocv = 0; +#endif /* CONFIG_OCV */ + _conf.secure_ltf = !!(hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF); _conf.secure_rtt = diff --git a/src/drivers/driver.h b/src/drivers/driver.h index 595677567..5b2c71ca0 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -2017,6 +2017,8 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT 0x0000000000000040ULL /** Driver supports Operating Channel Validation */ #define WPA_DRIVER_FLAGS2_OCV 0x0000000000000080ULL +/** Driver expects user space implementation of SME in AP mode */ +#define WPA_DRIVER_FLAGS2_AP_SME 0x0000000000000100ULL u64 flags2; #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index d2400bbd9..1b57c0e88 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -1390,6 +1390,7 @@ int wpa_driver_nl80211_capa(struct wpa_driver_nl80211_data *drv) if (!info.device_ap_sme) { drv->capa.flags |= WPA_DRIVER_FLAGS_DEAUTH_TX_STATUS; + drv->capa.flags2 |= WPA_DRIVER_FLAGS2_AP_SME; /* * No AP SME is currently assumed to also indicate no AP MLME