Shivani Baranwal [Thu, 15 Aug 2024 15:48:15 +0000 (21:18 +0530)]
Add QCA vendor subcommand to trigger Channel Usage Request
Add a new QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_CHAN_USAGE_REQ
to support Channel Usage Request. It carries channel usage information
for BSSs that are not infrastructure BSSs or an off channel TDLS direct
link.
Implementation and scheduling of Channel Usage frames are present in the
driver/firmware. One of the key reason for this is that the TSF
timestamp required to be filled in these frames is available only in the
firmware. So, this interface is used to configure the required
parameters to the driver/firmware for Channel Usage Request frame.
This uses attributes defined in enum
qca_wlan_vendor_attr_chan_usage_req.
Shivani Baranwal [Tue, 14 May 2024 06:12:59 +0000 (11:42 +0530)]
nl80211: NAN USD commands for offloading
Add driver nl80211 support for the NAN USD flush, publish, subscribe,
update publish, cancel publish and cancel subscribe commands for cases
where these operations are offloaded to the driver
(WPA_DRIVER_FLAGS2_NAN_OFFLOAD).
P2P2: Refactor GO Negotiation and Invitation processing
Add wrapper functions to process and prepare a response for GO
Negotiation and Invitation frames. Send the response Action frames in
handle_ functions. This is in preparation for encapsulating these
messages within PASN Authentication frames for P2P2.
PASN: Define PMKSA helper functions for initiator and responder
Define helper functions to init, add, get, remove, flush, and deinit
PMKSA cache for PASN initiator and responder. P2P devices can be in
a role of pairing initiator and responder. Hence define a cache for
each role separately.
Shivani Baranwal [Fri, 30 Aug 2024 16:41:17 +0000 (22:11 +0530)]
P2P2: Add a new method to P2P_CONNECT control interface command
Add a new method "pair" to indicate the connect request perform the
Wi-Fi Direct R2 methods like bootstrapping and pairing for connection.
This fixes control interface command parsing which expects method as
mandatory.
macsec_linux: Hardware offload requires Linux headers >= v5.7
Hardware offload in Linux macsec driver is enabled in compile time if
libnl version is >= v3.6. This is not sufficient for successful build
since enum 'macsec_offload' has been added to Linux header if_link.h
in kernels v5.6 and v5.7, see commits:
- https://github.com/torvalds/linux/commit/21114b7feec29e4425a3ac48a037569c016a46c8
- https://github.com/torvalds/linux/commit/76564261a7db80c5f5c624e0122a28787f266bdf
New libnl with older Linux headers is a valid combination. This is how
hostapd build failure has been detected by Buildroot autobuilder, see:
- http://autobuild.buildroot.net/results/b59d5bc5bd17683a3a1e3577c40c802e81911f84/
Extend compile time condition for the enablement of the macsec hardware
offload adding Linux headers version check.
Fixes: 40c139664439 ("macsec_linux: Add support for MACsec hardware offload") Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
Dan Harkins [Fri, 23 Aug 2024 17:50:36 +0000 (10:50 -0700)]
DPP: Support for provisioning SAE password identifiers (Enrollee)
DPP supports provisioning of SAE password identifiers to uniquely
identify a password if the enrollee indicates support for them. Indicate
Enrollee support for that and add the received value into the network
profile.
I put everything under defines for CONFIG_DPP3 as this is a bleeding
edge feature in DPP.
This was tested against my DPP reference implementation acting as the
Configurator.
Cermak Dominik [Thu, 29 Aug 2024 08:01:21 +0000 (08:01 +0000)]
nl80211: Pass "global" events to all interfaces
We got connection failures because of outdated channel information.
That's because the NL80211_CMD_REG_CHANGE event is important for all
interfaces.
Commit f13683720239 ("nl80211: Pass wiphy events to all affected
interfaces") skips the early termination for events directed to a wiphy,
but that doesn't cover the regulatory change event because it doesn't
have a wiphy set either. Therefore the early termination still kicks in
and from three interfaces, only one got the updated channel list.
Fix this by changing the early termination logic to only apply to events
directed either to a specific interface index for wdev.
AP MLD: Check SAE message length without depending on pointer arithemetic
The way this was checked previously used pointer arithmetic could result
in undefined behavior due to the pointer ending up pointing more than
one byte beyond the end of the buffer. Avoid this by checking the buffer
length before incrementing the pointer.
Fixes: bcbe80a66a9b ("AP: MLO: Handle Multi-Link element during authentication") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
AP MLD: Work around delayed STA entry addition for SAE confirm
The driver is expected to have an STA entry for a non-AP MLD ready to
translate the address fields for SAE confirm messages. However, there is
at least a theoretical race condition in a case where the peer sends the
SAE confirm message quickly enough for the driver translation mechanism
to not be available to update the SAE confirm message addresses. Work
around that by searching for the STA entry using the link address of the
non-AP MLD if no match is found based on the MLD MAC address.
AP MLD: Introduce MLD level control interface socket
With MLO, each link have socket created with "<ifname>_link<link id>"
under the control interface directory.
Introduce a MLD level socket "<ifname>" as well under the same control
interface directory. This socket can be used to pass the command to its
partner links directly instead of using the link level socket. Link ID
needs to be passed with the command in a prefix way. If no Link ID is
provided the first link ID is selected.
The structure of the command is -
"LINKID <link id> <COMMAND APPLICABALE FOR THE LINK>"
Directory looks something like this -
$ ls /var/run/hostapd/
wlan0
wlan0_link0
wlan0_link1
wlan0 here is the MLD level socket. Rest are each link level sockets.
This also helps to maintain backwards compatibility with applications
which looks for <ifname> under the control interface directory.
Create link based control sockets to access the link based commands
through hostapd_cli. This will create the link interfaces in the name of
<ifname>_link<X>
Example:
To fetch link 0 status from wlan0, below command can be used -
$ hostapd_cli -i wlan0 -l 0 status
On failure of link/interface selection, below error will be observed
$ hostapd_cli -i wlan0 -l 2 status
Failed to connect to hostapd - wpa_ctrl_open: No such file or directory
Jouni Malinen [Thu, 29 Aug 2024 17:21:31 +0000 (20:21 +0300)]
tests: Clear scan cache in wifi_display_parsing
This is needed to avoid false failures if an old BSS entry is still
present for dev[0]. This could happen, e.g., with the following test
case sequence: wpas_mesh_max_peering wifi_display_parsing
Jouni Malinen [Thu, 29 Aug 2024 13:14:43 +0000 (16:14 +0300)]
tests: Make rsn_override_mld_too_long_elems more robust
Wait longer for the disconnection event since the previous wait was
exactly the same length as the authentication timeout in wpa_supplicant
and as such, subject to race conditions.
This separates the control interface specific generation of a text event
message away from the main implementation of USD and makes it more
convenient to add support for other control interface mechanisms like
dbus.
Vinay Gannevaram [Wed, 14 Aug 2024 15:41:53 +0000 (21:11 +0530)]
QCA vendor interface to set the P2P mode configuration
Add the QCA_NL80211_VENDOR_SUBCMD_SET_P2P_MODE for setting the P2P mode
in which the P2P Group Owner (GO) should be brought up. These modes
include Wi-Fi Direct R1 only, Wi-Fi Direct R2 only, and P2P Connection
Compatibility Mode, which supports both R1 and R2. These modes are
defined in the enum qca_wlan_vendor_p2p_mode.
Add support for P2P2 bootstrapping with comeback mechanism using
Provision Discovery frames. Extend the control interface command
P2P_CONNECT to allow P2P2 bootstrapping handshake.
Parse the P2P IEs in functions that handle provision discovery request
and response. Process the frames based on the IEs received in the PD
frames. This makes it easier to extend PD for P2P2 cases.
P2P2: Process Element container attribute from NAN SDFs
Process the Element Container attribute from NAN SDF frames and check if
P2P attributes are present. Add a P2P peer device entry if the NAN SDF
frame has matching service and P2P capabilities.
NAN USD: Add publishChannelList option for Subscriber
Add frequency list to active NAN USD Subscriber to search for a
Publisher on multiple channels. This is the publish channel list used by
the Subscriber to periodically search for a service on these channels.
publishChannelList was already supported in the Publisher and this
commit extends that to the Subscriber.
This is needed for a P2P2 seeker that is an active subscriber looking
for an advertiser on a list of publish channels.
Extend the NAN Subscribe and Publish methods to allow p2p=1 to be
specified to include P2P attributes in a P2P IE to be added into the NAN
Element Container attribute. In addition, use the P2P Device Address for
the NAN SDFs for the P2P cases.
Jouni Malinen [Fri, 23 Aug 2024 15:40:53 +0000 (18:40 +0300)]
RSNO: Check that RSNOE/RSNO2E/RSNXOE fit into RSN Override Link KDE
While these elements fit without issue in production use cases, it is
possible to override the elements for testing purposes and if such
overridden elements are overly long, they would nto fit into the maximum
length RSN Override Link KDE. This could result in difficult to debug
failure cases, so check for this explicitly and instead of sending out
the invalid M3, report the internal issue in the debug log and do not
send M3.
Jouni Malinen [Fri, 23 Aug 2024 07:07:19 +0000 (10:07 +0300)]
Allow IE overriding to use maximum element length
Elements can actually be 257 octets long (2 octets of header followed by
255 octets of payload). The maximum length for various IE override
testing parameters had somehow ended up being one octet too short to
cover the maximum. Increase this to allow the maximum element length to
be reached for testing purposes.
Shivam Rai [Mon, 5 Aug 2024 04:50:10 +0000 (10:20 +0530)]
PASN: Add a function to configure noauth variable
When the PASN implementation is used as a library for Wi-Fi Aware
applications there is need to allow the Responder to set the noauth
parameter to support opportunistic pairing method using PASN AKMP. Add
pasn_set_noauth() to address this.
Shivam Rai [Mon, 12 Aug 2024 06:09:46 +0000 (11:39 +0530)]
PASN: Add support to reject PASN auth 1 based on user input
When the PASN implementation is used as a library for Wi-Fi Aware
applications there is need to reject the PASN auth 1 frame based on the
user input. Add support to send PASN auth 2 with failure status for
auth 1 frame received to address this need.
Jouni Malinen [Thu, 22 Aug 2024 08:25:54 +0000 (11:25 +0300)]
DPP: Do not restrict SAE password length on Enrollee
The restriction of the passphrase length to 8..63 characters is only
applicable for WPA2-Personal (PSK). Remove this constraint when
processing a configuration object that includes SAE without PSK.
Jouni Malinen [Thu, 22 Aug 2024 08:20:20 +0000 (11:20 +0300)]
DPP: Do not restrict SAE password length on Configurator
The restriction of the passphrase length to 8..63 characters is only
applicable for WPA2-Personal (PSK). Remove this constraint when
provisioning a configuration object that includes SAE without PSK.
RSNO: Always enable SNonce cookie and RSN Override elements validation
Always set SNonce cookie and enable RSN Override elements validation
irrespective of the RSN Selection element usage in (Re)Association
Request frame when RSN overriding supported.
RSNO: Skip validating RSN Override elements with MLO when RSN overriding not used
STA needs to skip validating RSN Override elements when RSN overriding
is not used since AP will not send RSN Override elements in EAPOL-Key
message 3/4. This is handled correctly in non-MLO case but in MLO case
wpa_supplicant always validates RSN Override link KDEs. Fix validating
RSN Override elements in MLO case as well.
Jouni Malinen [Thu, 15 Aug 2024 17:39:03 +0000 (20:39 +0300)]
RSNO: Do not enforce SNonce cookie and RSN Selection match if RSNO not used
A STA that supports RSN overriding will always use the SNonce cookie. An
AP that does not advertise RSN overriding elements must not enforce that
SNonce cookie is used with RSN Selection element since a STA includes
the latter only when it sees the AP advertising RSN overriding elements.
QCA vendor interface for indicating supplicant support for RSN overriding
Add QCA_NL80211_VENDOR_SUBCMD_CONNECT_EXT to send additional information
such as RSN overriding support of the supplicant for the (re)association
attempts with NL80211_CMD_CONNECT.
Use QCA_WLAN_VENDOR_FEATURE_RSN_OVERRIDE_STA only for indicating driver support
Use separate interfaces for indicating driver and supplicant RSN
overriding support. Modifying this interface is fine since this feature
is still under development.
Subsequent commit will define the interface for indicating supplicant
RSN overriding support to the driver.
wpa_auth_get_seqnum() for ML group rekeying needs to be skipped in the
same way as it is done for non-ML cases to avoid indicating old values
and resulting in group frames being dropped as replays. The simple check
for gsm->wpa_group_state != WPA_GROUP_SETKEYS (as is done for non-ML) is
not sufficient for this since the per-link Authenticator states are not
strictly synchronized and the state change happens in the middle of this
step.
Fixes: 137b85509248 ("MLO: Mechanism for fetching group key information for the links") Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
At present, group key update is not confined only on the association
link as originally intended. Hence, ensure now that the group key update
is only performed on the association link for non-AP MLDs.
This was missed during adding support for group rekeying for MLO.
Fixes: 12acda633b50 ("AP MLD: Support group rekeying for MLO") Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Jouni Malinen [Tue, 13 Aug 2024 09:55:16 +0000 (12:55 +0300)]
Fix GKeyDoneStations tracking for VLAN
The AP MLD change to use a helper function for this broke the design
that depends on the value for sm->group (i.e., the currently assigned
VLAN) being used instead of the sm->wpa_auth->group. Restore previous
behavior to fix GKeyDoneStations tracking when VLANs are used.
Fixes: 78adbf2c08f4 ("AP MLD: Mark GKeyDone completed for STAs in a helper function") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
nl80211: Add AP_VLAN interface to bridge after interface is up
In the current hostapd flow, AP_VLAN net device is added to a bridge
before the interface is brought up.
Interface up event is used in mac80211 layer for setting device context
in the driver. Vendor specific datapath offload configurations for net
device might also be set up in interface up event context. Adding
AP_VLAN interface to a bridge before the UP event could cause
inconsistent state for datapath offload context setup in a vendor
driver.
Change the sequence to add AP_VLAN interface to a bridge after the
interface is set up. This makes the interface up and bridge add sequence
for AP_VLAN to be consistent with that of a regular AP interface.
Jintao Lin [Fri, 9 Aug 2024 18:10:34 +0000 (18:10 +0000)]
nl80211: NULL pointer check for link before use
bss->flink could be NULL when wpa_driver_nl80211_del_beacon() is called
if wpa_driver_nl80211_drv_init() fails early through the 'failed' label
and jumps to wpa_driver_nl80211_deinit() with bss->flink unset.
Fixes: 47269be36e61 ("nl80211: Refactor i802_bss to support multiple links") Signed-off-by: Jintao Lin <jintaolin@chromium.org>
hostapd: Avoid channel selection across underlying hardware index
Currently, channel is selected from the current hw_mode. However, not
all channels under current hw_mode might be available for the current
operating underlying hardware.
Add logic to check if the selected channel falls under the current
operating hardware index and only if so, continue with the selected
channel.
hostapd: Fetch multiple radios information from the driver
When a driver consolidates several hardware components under a single
radio, it provides details about these components via the
NL80211_CMD_GET_WIPHY command.
Parse this information and store it. A subsequent change will use this
information for validation in certain scenarios.
nl80211: MLD: Fix is_shared_drv ops logic when num links is one
Whenever there is only one BSS left and if the number of links is one,
is_shared_drv() returns false assuming no one else is sharing the driver
interface. However, when the number of links is one, this does not
guarantee that the caller's link ID is the only active link ID. If this
is not the case and false is returned, the caller calls hapd_deinit()
which will free the driver interface. However, when the actual active
link_id reaches deinit path, this leads to dereferencing a NULL pointer
ultimately leading to segmentation fault.
To prevent this, pass the link ID into the is_drv_shared() ops and match
it with only with active link IDs. Only return false if they are same.
Naveen S [Thu, 25 Apr 2024 10:15:23 +0000 (15:45 +0530)]
AP MLD: Handle garbage pointer after MLD interface is deleted
In function driver_nl80211_link_remove(), when there is no active links,
interface is removed. This will free the BSS pointer. A copy of the BSS
pointer is also stored in each of the affiliated links' hapd->drv_priv
member.
driver_nl80211_link_remove() is called via multiple paths, e.g., via
NL80211_CMD_STOP_AP and via driver_nl80211_ops. When called when
handling an nl80211 event, links will be removed and when count reaches
zero, the interface will be removed. However, core hostapd will be
unaware of this removal. Hence, if it tries to access its drv_priv
pointer, this can lead to segmentation fault at times since the pointer
is now pointing to freed memory.
Prevent this by adding a new notification event
(EVENT_MLD_INTERFACE_FREED). Whenever the interface is freed, this
notification will be sent. hostapd will process this notification and
will set all affliated links' hapd->drv_priv to NULL.
Signed-off-by: Naveen S <quic_naves@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Currently, a stop AP event is processed always on the first BSS in the
drv. However, with multi-link operation, it can come on any interface
and there is need to process it for the intended BSS. Also, the event
has a link ID attribute during MLO which is not used and still the event
is passed to the first link BSS.
Process the event for the intended BSS and for the intended link BSS
during MLO.
AP MLD: Handle driver events for interface enable/disable
When an interface is enabled, keys are reconfigured, if required, and
beaconing is started again. With MLO, this needs to be done for each of
the affiliated links. Before starting the beaconing, the link needs to
be added back first.
Similarly, when the interface is disabled, hostapd removes the keys and
set the BSS state to disabled. However, for an AP MLD interface, this
needs to be done for each of the affiliated link BSS.
Handle the interface enable/disable driver event for AP MLD.
hostapd: Refactor interface enable/disable into separate helper functions
Driver events for interface enable/disable are currently handled on
interface level with one hostapd_data instance under consideration. In
order to extend it for MLO, this needs to be done for each of the
affiliated links. Hence, refactor the code into a helper function which
can be used later.
No functionality change. Support for MLO will be added in a subsequent
change.
RSNO: Fix storing RSNE/RSNXE variants to wpa_sm from association event
Store the full set of AP's RSNE/RSNXE variants to wpa_sm while
processing association event. Commit 521374b9785a did this for the cases
that were needed for SME-in-wpa_supplicant cases, but forgot to update
the cases needed for SME-in-driver. Convert those to the updated
protocol design as well.
Fixes: 521374b9785a ("RSNO: Include all RSNE/RSNXE variants in EAPOL-Key message 3/4") Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Yu Zhang(Yuriy) [Thu, 1 Aug 2024 10:37:25 +0000 (18:37 +0800)]
WNM: Extend workaround for broken AP operating class behavior
Some APs do not advertise operating classes correctly for BSS Transition
Management. Try to determine the most likely operating frequency based
on the channel number (1..14 --> 2.4 GHz; 36..177 --> 5 GHz) if invalid
op_class == 255 is received in a BSS Transition Management Request. This
speeds up the following operating by avoiding a full scan due to an
unknown channel.
This extends the workaround that was added in commit 80ce804e8824 ("WNM:
Workaround for broken AP operating class behavior") for invalid
operating class 0 to cover another observed case with invalid operating
class 255.
nl80211: Sanitize link ID in mlme_event_ch_switch() for AP interface
During channel switch handling for AP MLD, if link ID is incorrect,
there is no point in proceeding till end and failing or returning from
there. Hence sanitize it in the initial time itself and return if it is
incorrect. Throw a warning print if it is not correct as well.
Aloka Dixit [Wed, 7 Aug 2024 18:34:52 +0000 (11:34 -0700)]
hostapd: Enable HE when EHT is set for channel switch
Channel switch operation fails if 'eht' option is given without 'he'
as hostapd_config_check() returns following error:
"Cannot set ieee80211be without ieee80211ax"
The issue is seen only when switching within/to DFS channels because
hostapd_switch_channel_fallback() does not set 'ieee80211ax' in
hostapd configuration unless 'he_enabled' is set for the new channel.
Set 'he_enabled' in struct hostapd_freq_params for channel switch
when EHT is enabled.
Signed-off-by: Aloka Dixit <quic_alokad@quicinc.com>
projects / thirdparty / hostap.git / log
