Jouni Malinen [Sat, 23 Dec 2023 15:30:18 +0000 (17:30 +0200)]
Limit throughput estimation for HE 40 MHz based on HT info
The current operating channel bandwidth in an HE BSS is determined with
the combination of elements, include the HT Operation element. Use HT
Operation element to check whether the 40 MHz case is enabled if the AP
claims to be capable of operating a 40 MHz BSS.
Michael-CY Lee [Fri, 22 Dec 2023 04:59:11 +0000 (12:59 +0800)]
ACS: Extend the 320 MHz support
There are bandwidth 320 MHz-1 and 320 MHz-2 channelization in EHT mode.
When using ACS, user might prefer one of the channelization or both, but
original ACS was unable to take such preference.
Another problem is that the original ACS returns only the ideal channel
but no 320 MHz channelization. The function acs_get_bw_center_chan()
also could not correctly return the center frequency of bandwidth 320
MHz that is decided by ACS.
For example, if ACS decide the ideal channel is channel 37 with
channelization 320 MHz-2 (center frequency 6265 MHz),
acs_get_bw_center_chan() returns 6105 MHz, which is 320 MHz-1.
Extend the support for 320 MHz so that ACS can choose the best channel
according to the user's preference. Also, after calling
acs_find_ideal_chan_mode(), the best channel and bandwidth can be
derived.
The changes are:
- bw_type ACS_BW320 is divided into ACS_BW320_1 and ACS_BW320_2
- in bandwidth 320 MHz, find the best channel and bandwidth according to
user's perference (320 MHz-1, 320 Mhz-2 or both are OK)
- before acs_find_ideal_chan_mode() returns, update bw320_offset in
iface->conf so that the best channel's channelization is recorded.
- get the best center frequency from bw320_offset
Co-developed-by: Money Wang <money.wang@mediatek.com> Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
Introduce a new configuration option, "eht_bw320_offset", which enables
devices to specify a preferred channelization for 320 MHz BSSs when
using automatic channel selection (ACS). This option is applicable only
when the channel is not already decided and the bandwidth is set to 320
MHz.
The value and meaning of the option:
0: auto-detected by ACS
1: 320 MHz-1
2: 320 MHz-2
Co-developed-by: Money Wang <money.wang@mediatek.com> Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
Michael-CY Lee [Fri, 22 Dec 2023 04:59:09 +0000 (12:59 +0800)]
ACS: Fix not selecting the best channel in the segment
Fix the following bugs about selecting the best channels in the segment:
1. If the 'update_best' once became false, it never becomes true again.
In other word, if one of the channels in the segment is not usable,
the remaining channels in the segment were never able to be the best
channel.
2. The primary channel in the segment might not be usable due to the
insufficient survey data. Therefore, it cannot be the best channel and
we cannot take its factor/weight into account.
Co-developed-by: Money Wang <money.wang@mediatek.com> Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
Jouni Malinen [Sat, 23 Dec 2023 13:20:24 +0000 (15:20 +0200)]
tests: Full validation of ACS selecting HT40- channel
Extend the previously used minimal test case with full validation of the
selected channel and connection since hostapd now has support for the
HT40- case as well.
Jouni Malinen [Sat, 23 Dec 2023 10:37:06 +0000 (12:37 +0200)]
tests: Try to keep GAS frames within gas_concurrent_scan capture
With UML time-travel, it was possible for a GAS frame to end up in the
capture file for the next test case and if that next case used tshark to
count the number of frames (which is done, e.g., in
gas_anqp_address3_assoc), the following test case could have indicated
failure even when everything worked correctly.
Jintao Lin [Mon, 18 Dec 2023 18:11:46 +0000 (18:11 +0000)]
dbus: Use PHY parameters from dbus or config for the GroupAdd command
Use the PHY parameters from configuration or the values passed in from
the dbus API for P2P dbus command GroupAdd instead of using the hard
coded values to be inline with the method provided with the
wpa_supplicant control interface.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Jintao Lin [Mon, 18 Dec 2023 18:11:46 +0000 (18:11 +0000)]
Fix P2P_GROUP_ADD handling of the persistent group parameters
The vht_center_freq2 parameter was in incorrect order in the call to
wpas_p2p_group_add_persistent(). This would have dropped the value when
adding a group based on a previously created persistent group ion the GO
side and that would have resulted in a failure to start the GO.
Fix the function call to use the correct order for the parameters.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Jintao Lin [Thu, 21 Dec 2023 22:25:35 +0000 (22:25 +0000)]
dbus: Use current_bss to get correct group BSSID and frequency on client
When the P2P persistent group is provisioned out-of-band, i.e., add
persistent group with a known BSSID, SSID, passphrase, and frequency,
and start the group with GroupAdd dbus command, the group info fetched
on the cliend side has zero MAC address for BSSID and no value for
frequency. Fix this issue by getting that information from
wpa_s->current_bss instead of wpa_s->go_params.
Signed-off-by: Jintao Lin <jintaolin@chromium.org>
Vinayak Yadawad [Fri, 22 Dec 2023 05:45:40 +0000 (11:15 +0530)]
Support all PSK AKMs in case of AP mode PSK offload
Previously only the SHA-1 -based AKM was supported. Extend that to cover
all PSK AKMs so that the PSK configuration to the driver happens for all
the possible cases during AP start.
Ilan Peer [Wed, 13 Dec 2023 11:37:35 +0000 (13:37 +0200)]
tests: Modify the DSCP-to-TID mapping in QoS mapping tests
The cfg80211 default QoS mapping might be updated to align with the
recommendations in section 4 in RF C8325. Align the QoS mapping tests
accordingly. For now, allow both the previous and new mapping to pass
the test.
Ilan Peer [Fri, 22 Dec 2023 09:04:22 +0000 (11:04 +0200)]
AP: Add an additional TPE element when needed
If the regulatory client EIRP PSD values advertised by an AP that is a
standard power AP or indoor standard power AP are insufficient to ensure
that regulatory client limits on total EIRP are always met for all
transmission bandwidths within the bandwidth of the AP’s BSS, the AP
shall also send a TPE element in Beacon and Probe Response frames as
that depicts the regulatory client EIRP limit.
Ilan Peer [Fri, 22 Dec 2023 09:04:21 +0000 (11:04 +0200)]
AP: Add TPE element for Indoor standard power AP
According to IEEE P802.11-REVme/D4.0, E.2.7 (6 GHz band), two Transmit
Power Envelope (TPE) elements need to be included by Indoor Standard
Power (Indoor SP) APs. Extend the code to support this.
AP: Publish the correct PSD value in RNR TBTT information field
According to IEEE P802.11-REVme/D4.0, 9.4.2.169.2 (Neighbor AP
Information field), the 20 MHz PSD subfield in the TBTT Information
field is a signed value with valid range of -127 to +126, while +127
indicates "no maximum transmit power is specified". Fix the default
value advertised.
Fixes: 3db24e4eefc7 ("RNR: Define element format") Fixes: a7c152d6b806 ("RNR: Add data from neighbor database") Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Fri, 22 Dec 2023 09:04:18 +0000 (11:04 +0200)]
AP: Add configuration options for 6 GHz TPE Tx power
Add configuration options for setting the Tx Power value
in the Transmit Power Envelope for 6 GHz:
- The Tx power value for default client where the transmit
power interpretation is "Regulatory Client EIRP PSD"
- The Tx power value for subordinate client where the transmit
power interpretation is "Regulatory Client EIRP PSD"
Ilan Peer [Fri, 22 Dec 2023 09:04:17 +0000 (11:04 +0200)]
AP: Update the HE regulatory information AP types for the 6 GHz band
Update the HE regulatory information AP types based on IEEE
P802.11-REVme/D4.0. Set the default AP type to VLP. Check for valid
values when setting 'he_6ghz_reg_pwr_type' in the interface
configuration.
Johannes Berg [Fri, 22 Dec 2023 10:06:09 +0000 (12:06 +0200)]
ctrl_iface: Fix newline in print_ml()
We only print the newline if the AP MLD ID is present
(BASIC_MULTI_LINK_CTRL_PRES_AP_MLD_ID), fix that.
Fixes: e3e68668c1f6 ("ctrl_iface: Report RNR and ML in BSS command") Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Fri, 22 Dec 2023 14:54:15 +0000 (16:54 +0200)]
HS 2.0: Remove useless debug print in non-Hotspot 2.0 cases
It is not really helpful to get debug prints about Hotspot 2.0 frame
filtering when trying to connect a non-Hotspot 2.0 network. Remove this
debug print that was being printed for every connection that did not use
Hotspot 2.0.
Ilan Peer [Thu, 21 Dec 2023 11:38:06 +0000 (13:38 +0200)]
AP: Use the MLD MAC address for SAE authentication failures and testing
In cases of SAE failure and testing, mgmt->sa was used for sending the
Authentication frame. Fix these to use the station address (which is
the MLD MAC address in cases of non-AP MLDs).
Ilan Peer [Thu, 21 Dec 2023 11:08:22 +0000 (13:08 +0200)]
AP: Add testing option to indicate an AP is disabled
Add a testing configuration such that the AP would be reported as
disabled in the RNR TBTT information MLD parameters included by other
affiliated APs of the AP MLD.
Ilan Peer [Thu, 21 Dec 2023 11:08:20 +0000 (13:08 +0200)]
MLD: Add support for disabled APs
An affiliated AP of an AP MLD can temporarily be disabled. Other
affiliated APs of the AP MLD indicate this in the Reduced Neighbor
Report (RNR) elements added to their Beacon and Probe Response frames.
When an affiliated AP is disabled, it should be included in the
association exchange, but can be activated only after it is enabled.
Add support identifying disabled APs and propagate the information
to the driver within the associate() callback.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Fri, 22 Dec 2023 08:57:04 +0000 (10:57 +0200)]
nl80211: Fix AP deinit path (link removal) in error cases
If the interface initialization fails, no links might be set when
calling the deinit functions. Those functions need to be prepared for
bss->n_links being 0.
Fixes: 859cbc396fc0 ("nl80211: Remove links when stopping AP MLD in hostapd") Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Fri, 22 Dec 2023 08:57:04 +0000 (10:57 +0200)]
nl80211: Fix AP deinit path in error cases
If the interface initialization fails, no links might be set when
calling the deinit functions. Those functions need to be prepared for
bss->flink being NULL.
Fixes: 47269be36e61 ("nl80211: Refactor i802_bss to support multiple links") Signed-off-by: Jouni Malinen <j@w1.fi>
mukul sharma [Mon, 18 Dec 2023 12:36:57 +0000 (18:06 +0530)]
Add QCA vendor command for reporting firmware page fault informatin
This is an event indicating to the user space firmware page fault
summary report that the driver has generated from firmware indications.
This summary report is used to analyze major cause of page faults and
associated debug information.
Add a new hostapd configuration parameter sae_password_file to read SAE
passwords (i.e., the entries that use the previously added sae_password
parameter) from a separate file.
sae_password_file uses the following format for storing passphrases:
Jouni Malinen [Thu, 21 Dec 2023 17:44:32 +0000 (19:44 +0200)]
PASN: Select the latest available BSS entry for a BSSID
This is needed to work around some issues that show up mainly in testing
scenarios when the same BSSID might be used with different
configurations and the scan results from the driver might include both
the old and new contents when two different SSIDs are used.
MLD STA: Update SAE PWE derivation in hunting-and-pecking loop case
Use AP MLD address instead of BSSID for PWE derivation during MLO
connection. This was already done for H2E in commit e869fdfeefa5
("wpa_supplicant: Use MLD address in SAE authentication"). While IEEE
P802.11be requires H2E to be used, there are deployed AP MLDs that do
not follow that requirement. This change to the hunting-and-pecking loop
case is needed for interoperability workarounds with such APs.
Currently while deciding to create a new Multiple BSSID element based on
the condition when the length reaches 255, the length value being used
is the total element length (including the length of the Element ID and
Length fields as well). However, the value in the length field denotes
the number of octets following it and excluding itself. Hence including
the total length is wrong. This leads to incorrect count of Multiple
BSSID elements.
And while filling the data, the length is considered porperly as it
should be hence we are filling more data in a single go and all data is
filled in MBSSID count which is less than originally calculated. This
ultimately leads to incorrect length calculation during nla_put() and
setting the beacon to the driver fails while putting the Multiple BSSID
element data into the netlink socket buffer.
Fix this issue by considering the length excluding the Element ID and
Length field sizes.
Share VLAN info in RRB when the driver advertises support for VLAN
offload (WPA_DRIVER_FLAGS_VLAN_OFFLOAD). sta->vlan_desc is unused in
this case, only sta->vlan_id is used. Skip the checks that are based on
sta->vlan_desc.
Signed-off-by: Sai Pratyusha Magam <quic_smagam@quicinc.com>
Jouni Malinen [Wed, 20 Dec 2023 19:30:00 +0000 (21:30 +0200)]
tests: Add more time for the Presence Announcements to be received
The previous timeout allowed only a single chirping round, and sometimes
not even that full round. That resulted in test failures for cases where
there was not really any incorrect behavior.
Jouni Malinen [Wed, 20 Dec 2023 17:21:52 +0000 (19:21 +0200)]
tests: Clean up PSK protocol tests to avoid issues
Stop dev[0] from trying to associate at the end of the test case to
reduce risk for leaving out some pending operations that could mess up
the following test case.
Jouni Malinen [Wed, 20 Dec 2023 16:21:10 +0000 (18:21 +0200)]
tests: Make flush_scan_cache() more robust
Handle the cases where the first attempt to start scan fails due to an
ongoing scan. Stop such scan and try again instead of failing the test
case immediately.
Jouni Malinen [Wed, 20 Dec 2023 10:46:05 +0000 (12:46 +0200)]
tests: Do not check TX status in dpp_qr_code_auth_neg_chan
This avoids race conditions with UML time-travel where some cases ended
up not reporting the DPP-TX-STATUS event and that resulted in discarding
events that are more important to verify for correct behavior.
Jouni Malinen [Tue, 19 Dec 2023 11:49:15 +0000 (13:49 +0200)]
tests: Wait for the dpp_init_enrollee_pkex thread to complete
One of the sigma_dut testing cases missed the t.join() call to make
surte the separate thread terminated. This could result in confusing
"unexpected stdout output" in a middle of an unrelated test case.
Jouni Malinen [Tue, 19 Dec 2023 11:03:20 +0000 (13:03 +0200)]
tests: Make p2p_service_discovery_restart more robust
Stop and restart P2P_FIND on dev[1] to avoid timing issues where the
wait on dev[1] makes the test case fail even though this was trying to
verify that dev[0] is reacting quickly enough.
Jouni Malinen [Mon, 18 Dec 2023 23:09:22 +0000 (01:09 +0200)]
nl80211: Remove send_and_recv_msgs()
This helper is of no real use anymore, so get rid of it. This completes
send_and_recv*() cleanup. What remains is the most generic
send_and_recv() and two wrappers for it to cover the most common simpler
cases.
Jouni Malinen [Mon, 18 Dec 2023 23:00:23 +0000 (01:00 +0200)]
nl80211: Add send_and_recv_cmd() helper
This is a variant for the most common case of send_and_recv() needs:
send a command without needing a special response handling. In addition,
move the helper functions into driver_nl80211.h since these are now
simple wrappers for the more flexible send_and_recv().
Jouni Malinen [Mon, 18 Dec 2023 22:20:16 +0000 (00:20 +0200)]
nl80211: Move control port attribute adding into more accurate location
This is independent of the NL80211_ATTR_SOCKET_OWNER use, so add these
attributes from a separate helper function that is called only from
locations that actually start an operation that uses EAPOL frames.
Jouni Malinen [Mon, 18 Dec 2023 21:45:09 +0000 (23:45 +0200)]
nl80211: Use bss->nl_connect unconditionally
Doing this based on driver support for control port RX or SAE seems like
undesired extra complexity. Just use this in all cases where the special
handle for a longer term operation, like connection or AP mode
operation, is needed.
Jouni Malinen [Mon, 18 Dec 2023 19:41:32 +0000 (21:41 +0200)]
nl80211: Use socket cb instead of global->nl_cb in send_and_recv()
This is a step towards cleaning up all the workarounds that have showed
up over the years and made the design difficult to understand. This
removes use of the separate registration of process_bss_event() as
NL_CB_VALID for the individual commands since the use of the appropriate
cb (i.e., the one from nl80211_init_bss() in these cases) will already
point to the correct handler.
Jouni Malinen [Mon, 18 Dec 2023 19:08:26 +0000 (21:08 +0200)]
nl80211: Accept NL80211_CMD_FRAME events in global context
This is a workaround for some race conditions where the hardcoded use of
global->nl_cb in send_and_recv() ends up getting events delivered
through unexpected context when they happen to arrive at the time when a
command is being processed.
Jouni Malinen [Mon, 18 Dec 2023 15:12:30 +0000 (17:12 +0200)]
tests: Make p2p_channel_avoid* more robust
Terminate the group explicitly before cleanup to avoid a race condition
between an automatically started scan to find the GO again and the scan
started to clear the scan cache.
Jouni Malinen [Mon, 18 Dec 2023 15:00:55 +0000 (17:00 +0200)]
tests: Avoid a race condition in DPP retry validation
Wait a bit to allow stopping of the DPP_LISTEN operation to be completed
before issuing the DPP_QR_CODE command that would send the frame that
these test cases expect to not get ACKed.
Jouni Malinen [Sun, 17 Dec 2023 19:55:10 +0000 (21:55 +0200)]
AP MLD: More careful checking of Multi-Link element length fields
Avoid potential read of one or two octets beyond the end of the
subelement when verifying that there is sufficient amount of data
included in each subelement/element within the MLE in Association
Request frames.
Jouni Malinen [Sun, 17 Dec 2023 19:53:52 +0000 (21:53 +0200)]
AP MLD: Skip unknown Multi-Link element subelements
Instead of rejecting the Multi-Link element, skip unknown subelements to
be less likely to cause interop issues for future. IEEE P802.11be/D5.0
allows other optional subelements to be included here.
Jouni Malinen [Sun, 17 Dec 2023 15:02:34 +0000 (17:02 +0200)]
tests: More robust sigma_dut_dpp_qr_mutual_init_enrollee_pending
Wait some time between the first DPP Authentication Response that
indicates the response is not yet available and the second DPP
Authentication Response to make this sequence a bit more realistic and
less likely to hit race conditions with UML time-travel.
Jouni Malinen [Sun, 17 Dec 2023 12:09:57 +0000 (14:09 +0200)]
Split ap_sta_set_authorized() into two steps
This function is both updating the hostapd-internal sta->flags value and
sending out the AP-STA-CONNECTED control interface message. When
authorizing a STA, the call to this function is followed by a driver
command to update the flags of the STA entry in the driver. That has a
race condition at least for UML time-travel since the AP-STA-CONNECTED
event is used as a message to wait for before running a connectivity
test or some other operation that depends on the data connection being
in working condition.
Split the function into two steps so that the driver STA entry update
can be done between those two steps for the cases where it matters for
the race condition. In other words, send the AP-STA-CONNECTED message
only after having authorized the STA in the driver.
Jouni Malinen [Sun, 17 Dec 2023 10:10:13 +0000 (12:10 +0200)]
PKCS#1: Do not use pointer value after freeing
The check for extra data was not dereferencing the pointer, but avoid
complaints about such uses by freeing the decrypted data only after the
check. The hexdump could have read freed memory, so that needs to be
before the freeing.
Fixes: 54ac6ff8c4a2 ("PKCS 1: Add function for checking v1.5 RSA signature") Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 17 Dec 2023 09:51:35 +0000 (11:51 +0200)]
TDLS: Avoid unnecessary copying of the Link Identifier element
This memcpy was causing warnings from static analyzers since it is being
misinterpreted as copying all the data into the lnkid.bssid[] array
instead of that and the following arrays. Since the copy is not needed
at all, just use the original pointer to get rid of these warnings.
Jouni Malinen [Sat, 16 Dec 2023 22:12:59 +0000 (00:12 +0200)]
More consistent sta pointer checks in handle_assoc()
Verify that sta is not NULL before calling
hostapd_process_assoc_ml_info() that references this parameter. In
theory, sta might be NULL here if addition of the STA entry failed in
the 60 GHz case.
Jouni Malinen [Sat, 16 Dec 2023 22:02:43 +0000 (00:02 +0200)]
ACS: Check whether iface->current_mode is NULL before use
This line seemed to trigger SIGSEGV in some code coverage testing cases.
It is not exactly clear how that was possible, but just in case, check
that iface->current_mode is set before using it here.
projects / thirdparty / hostap.git / log
