Vinayak Yadawad [Fri, 15 Dec 2023 12:09:27 +0000 (17:39 +0530)]
Handle PMKSA flush in the driver for SAE/OWE offload cases
For wpa_supplicant based SAE/OWE connection, the wpa_supplicant state
machine is aware of the PMKID created for a connection and this gets
removed when "REMOVE_NETWORK all" is called. However, when SAE/OWE
offload is enabled, wpa_supplicant is not aware of the PMKID generated
by the driver/firmware. So add PMKSA del indication to the driver from
remove_network context so that the driver can free PMKs associated with
the SSID.
Michael-CY Lee [Thu, 14 Dec 2023 02:08:47 +0000 (10:08 +0800)]
hostapd: Check the bridge if ioctl SIOCBRADDIF fails
If ioctl() returns EBUSY on the command SIOCBRADDIF, the interface might
have already been added to the bridge by an external operation (e.g.,
netifd in OpenWrt), and linux_br_add_if() should not indicate an error.
Check whether the interface is correctly brigded when ioctl()
returns EBUSY and if so, report success.
Signed-off-by: Michael-CY Lee <michael-cy.lee@mediatek.com>
Benjamin Berg [Wed, 13 Dec 2023 12:37:40 +0000 (14:37 +0200)]
Use the link BSSID to resolve current BSS for whether to roam check
Otherwise any new scan result (even manual ones if they do not set
use_id=X to a non-zero value), can cause a reconnect to the same BSS
when MLO is used. This is because the current BSS is not detected by
wpa_supplicant_need_to_roam() and it assumes that roaming is needed.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Tue, 12 Dec 2023 16:56:31 +0000 (18:56 +0200)]
AP: Fix setting MLD Parameters subfield in RNR element
In case the TBTT information is reporting about an AP in the same AP MLD
as the current AP, the AP MLD ID in the MLD Parameters subfield should
be set to 0.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Thu, 14 Dec 2023 18:59:42 +0000 (20:59 +0200)]
Fix HE enabling for IBSS and mesh
Earlier refactoring of ibss_mesh_setup_freq() ended up dropping the case
where HE would be enabled without VHT on the 2.4 GHz band. Add that back
to allow HE to be used on 2.4 GHz with IBSS and mesh.
hostapd configuration file update using control interface
Add support for reload_config hostapd_cli command as an alternative
mechanism for SIGHUP on the hostapd process.
When AP parameters such as ssid/encryption/password etc. are changed
externally in hostapd.conf, RELOAD_CONFIG cli will re-read the .conf,
update the in-memory contents and issue a change_beacon to update
beacon_ies.
For full config update, the following example sequence of commands can
be used:
Jouni Malinen [Thu, 14 Dec 2023 10:13:20 +0000 (12:13 +0200)]
tests: Increase timeout in go_neg_forced_freq_diff_than_bss_freq
It can take significant amount of time to find the peer in this type of
a case where an AP connection is forced on a different channel while
going through p2p_find on both devices.
Jouni Malinen [Thu, 14 Dec 2023 09:09:53 +0000 (11:09 +0200)]
tests: Wait longer in sigma_dut_ap_dpp_relay before timing out
DPP initiator will try three channels in this sequence and it can take
very close to the previously used five second timeout before being able
to try on the actual operating channel of the AP. This could result in
the test case failing unnecessarily. Increase the timeout to avoid this.
Jouni Malinen [Thu, 14 Dec 2023 09:02:12 +0000 (11:02 +0200)]
tests: Wait for group key handshake before testing Michael MIC failure
Avoid potential race condition in ap_cipher_tkip_countermeasures_ap by
sending the first test frame only after the AP has completed processing
the 4-way handshake and also wait a bit to allow the group key handshake
to be completed.
Johannes Berg [Tue, 12 Dec 2023 08:07:15 +0000 (09:07 +0100)]
tests: Reset WARN_ON_ONCE() state in the kernel
If a tests hits a WARN_ON_ONCE then the retriggering will make it appear
to pass, since the warning will not happen again. Make this more
reliable by resetting the states at the beginning of each test.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 12 Dec 2023 08:07:02 +0000 (09:07 +0100)]
tests: Query carrier before data test
The kernel has an asynchronous work to enable TX, which hasn't always
run by the time we get to TX tests. Do a sysfs read from the carrier
file before TX, on newer kernels this synchronises the needed state.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Sun, 10 Dec 2023 19:38:46 +0000 (21:38 +0200)]
tests: Skip memory read errors in read_process_memory()
It looks like the lifetime_in_memory test cases can hit a read failure
(Errno 5 - Input/output error) every now and then, so skip memory areas
that report that, but go through all readable process memory.
DFS: Change vht_capab according to user requested bandwidth
There are different CHAN_SWITCH flows for DFS and non-DFS channels.
Non-DFS one saves previous BW value in iface->conf, but DFS flow
replaces it with a new user requested value. Setting a non-DFS channel
after a DFS one with BW = 160 would have resulted in a mismatch between
the saved BW and vht_capab (if VHT160 was not included by default). This
would have led to a check fail in the hostapd_set_freq_params()
function.
Jouni Malinen [Sun, 10 Dec 2023 09:33:19 +0000 (11:33 +0200)]
tests: Wait for AP/GO event in addition to STA
Wait for AP/GO to complete processing before taking the next step in a
test instead of waiting just for STA. This avoids race conditions with
UML time-travel.
Jouni Malinen [Sun, 10 Dec 2023 14:32:35 +0000 (16:32 +0200)]
tests: Avoid race condition in ap_no_auth_ack
Avoid race condition with TX status reporting for the broadcast
Deauthentication frame. This could be delivered after the SET command
for ext_mgmt_frame_handled=1 and as such, could result in an
MGMT-TX-STATUS event that would confuse the next step in the test.
Jouni Malinen [Sun, 10 Dec 2023 10:37:58 +0000 (12:37 +0200)]
tests: Clear STA state at the end of ap_ft_reassoc_proto
Do not leave dev[0] in state where it is waiting for
NL80211_CMD_ASSOCIATE to complete since that might deliver an
ASSOC_TIMED_OUT event to the next test case.
Jouni Malinen [Sun, 10 Dec 2023 09:23:28 +0000 (11:23 +0200)]
P2P: Recover from successfully requested, but not started, listen
It is possible for the start_listen() callback to be called to request
the driver to start a driver operation and stop_listen() called
immediately after that (e.g., due to a request to transmit a P2P Public
Action frame) before the driver has had time to start ROC and send an
event to notify of that. Such a sequence could result in
p2p->pending_listen_freq being left to a nonzero value without getting a
call to p2p_listen_cb() to clear it. This would stop an ongoing P2P
listen operation since no following p2p_listen() call would start the
listen due to the pending command being assumed to be in effect.
Fix this by detecting this particular sequence and clearing
p2p->pending_listen_freq.
This was found with the p2p_listen_and_offchannel_tx test case with the
new kernel scheduled and UML time-travel.
Jouni Malinen [Sun, 10 Dec 2023 08:50:32 +0000 (10:50 +0200)]
tests: Make dpp_two_initiators more robust
This test case has a race condition between the first and second
initiated DPP exchange. New kernel scheduling with UML time-travel is
making the first exchange complete before the first one can be started.
Making this fully robust would likely need ext_mgmt_frame_handling=1 and
more complex test script, but as an initial workaround, split URI
parsing from dev[2] to happen before dev[1] is started so that only a
single DPP_AUTH_INIT command is needed during the race window.
In addition, detect the race condition and SKIP the test instead of
reporting FAIL.
Jouni Malinen [Sat, 9 Dec 2023 11:04:14 +0000 (13:04 +0200)]
tests: Wait for hostapd event in addition to wpa_supplicant
Wait for hostapd to complete processing before taking the next step in a
test instead of waiting just for wpa_supplicant. This avoids race
conditions with UML time-travel.
Jouni Malinen [Sat, 9 Dec 2023 14:48:27 +0000 (16:48 +0200)]
tests: Wait a bit after radio work start in dpp_listen()
Even though the radio work has started here, kernel might not have
started ROC (i.e., the REMAIN_ON_CHANNEL event has not yet been
received). Wait a bit to increase likelihood of everything being ready
for the following DPP operation.
Jouni Malinen [Sat, 9 Dec 2023 14:11:12 +0000 (16:11 +0200)]
tests: Avoid race condition in RRM beacon report tests
At least with UML time-travel, it is possible for the response frame to
be received before the TX status of the request is delivered. Such a
sequence resulted in run_req_beacon() dropping the response event and
the following step failing due to a missing event. Avoid this by caching
the received response in run_req_beacon() and returning them to the
caller.
Jouni Malinen [Sat, 9 Dec 2023 10:56:27 +0000 (12:56 +0200)]
tests: Make sigma_dut AP SAE tests more robust
Wait some time before requesting disconnection to allow hostapd to
complete 4-way handshake processing. Wait some time after disconnection
has been completed on the STA before trying to use SAE again with the AP
so that hostapd has a chance to complete disconnection with UML
time-travel.
Vinayak Yadawad [Fri, 8 Dec 2023 16:20:23 +0000 (21:50 +0530)]
nl80211: Use attribute NL80211_ATTR_BSSID to scan for specific BSSID
With changes to optimize scan for specific BSSID, there arises a
scenario where in nl80211_trigger_scan() is called with a scan
randomization enabled. A combination of NL80211_ATTR_MAC for BSSID and
scan randomization, which uses NL80211_ATTR_MAC for a different purpose,
results in invalid error for the scan request. To fix the issue use
attribute NL80211_ATTR_BSSID instead of NL80211_ATTR_MAC.
NL80211_ATTR_BSSID was introduced in kernel commit 2fa436b3a2a7
("nl80211: Use different attrs for BSSID and random MAC addr in scan
req") in 2016. Prior to that, only NL80211_ATTR_MAC could be used for
specifying the target BSSID. For backwards compatibility, add the
NL80211_ATTR_MAC attribute as well when not using a random MAC address.
Benjamin Berg [Mon, 20 Nov 2023 23:51:54 +0000 (01:51 +0200)]
tests: Test driver association ML link rejection flow
The underlying driver can reject only specific links in an association
request. In that case we will only ignore the corresponding BSS. Add a
test for this flow by simulating an association failure on the second
link specifically.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:53 +0000 (01:51 +0200)]
tests: Add some MLD association tests
Test ML association, automatic link discovery using ML probe requests
and marking BSSs as failed after an ML association failure, if the
corresponding link also rejected the association.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
tests: Update ML discovery test to also check probe requests
Also check that we can discover BSSs requests using ML probe requests.
Note that this requires a new enough mac80211 which parses the ML probe
request and reports the contained BSSs.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Ilan Peer [Tue, 28 Nov 2023 10:14:09 +0000 (12:14 +0200)]
AP MLD: Do not modify flags for link stations
All the station flags other than WPA_STA_SHORT_PREAMBLE are relevant
only for the MLD station and not to the link stations (as these flags
are related to the MLD state and not the link state).
As for the WPA_STA_SHORT_PREAMBLE, since the station is an EHT
station, it must have short preamble.
Thus, do not propagate the flags change for link stations to the driver.
Chaitanya Tata [Mon, 27 Nov 2023 19:21:01 +0000 (00:51 +0530)]
Fix MBO build with GAS dependency
On the default configuration if MBO only is enabled then build breaks as GAS
is not selected, if other features that auto-enable GAS are selected
then it works.
Mikelis Vuls [Mon, 4 Dec 2023 12:27:48 +0000 (12:27 +0000)]
EHT: Fix updating center freq segment 0 index for HE and VHT
Add additional check for 6 GHz operating class. Otherwise this results
in setting incorrect segment 0 index for 5 GHz 40 MHz channel 157-161,
which has the same center segment 0 index 159 as 6 GHz 320 MHz expected
channel.
Liangwei Dong [Fri, 17 Nov 2023 07:35:20 +0000 (15:35 +0800)]
Add QCA vendor command to query transmit power information
Add a new QCA subcommand QCA_NL80211_VENDOR_SUBCMD_REGULATORY_TPC_INFO
and related attributes qca_wlan_vendor_attr_tpc_links,
qca_wlan_vendor_attr_tpc definition to query transmit power information
on STA interface from the driver for a connected AP.
The information includes regulatory max transmit power limit, AP local
power constraint advertised from AP's Beacon and Probe Response frames.
For PSD power mode, the information includes PSD power levels for each
subchannel of operating bandwidth. The information is driver calculated
power limits based on current regulatory domain, AP local power
constraint and other IEs. The information will be set to target. Target
will decide final TX power based on this and chip specific power
conformance test limits (CTL), and SAR limits.
Chaitanya Tata [Mon, 27 Nov 2023 19:03:58 +0000 (00:33 +0530)]
Add an option to remove RRM and supported operating class indication
Removing radio measurements and supported operating class indication
might be needed to reduce binary size for a memory constrained system
that does not need more advanced features. However, removing these is
not recommended since they can help the AP manage the network and STA
steering.
Jun Yu [Wed, 29 Nov 2023 06:54:49 +0000 (06:54 +0000)]
Populate the new beacon hint event to wpa_msg()
Beacon hinting is a feature that can temporarily change the regulatory
rule flags on the channel where the radio hears the beacon. Add a new
event CTRL-EVENT-REGDOM-BEACON-HINT to notify the wpa_supplicant user
about an important update to the regulatory rules including which
frequencies are impacted, new power limit, and new rule flags.
Remi Pommarel [Fri, 1 Dec 2023 15:14:11 +0000 (16:14 +0100)]
mesh: Add for_each_sta implementation in wpa_auth_callbacks
The wpa_auth_callbacks for mesh was missing a for_each_sta
implementation. This is an issue with pmksa cache, as when a cache entry
expires the for_each_sta callback is called in order to clear the pmksa
reference for all sta that was using this entry. Not having a
for_each_sta callback will prevent this cleanup to happen then a sta
could still use this pmksa entry even after it has been freed.
This used after free was not a problem up until recently where
dpp_pkhash is now stored in pmksa entry and retreived later on causing
crash with below backtrace:
Jouni Malinen [Sat, 2 Dec 2023 18:31:16 +0000 (20:31 +0200)]
mesh: Fix PMKSA cache entry addition with external PMKSA management
The length of the PMK ended up getting lost when a PMKSA cache entry was
added based on externally managed information. Set the PMK length in SAE
context to get the correct length stored into the actual PMKSA cache
entry that gets created in this path.
Jaap Keuter [Thu, 30 Nov 2023 22:31:03 +0000 (23:31 +0100)]
trace: binutils replaces bfd_hostptr_t with uintptr_t
According to this message https://marc.info/?l=binutils&m=165363679302282
the type bfd_hostptr_t is dropped in favor of uintptr_t.
Replace the use of this type in the code.
tests: Add a unit test for RNR/basic ML element parsing
Going through everything to test parsing of the basic ML element and the
RNR element is not really feasible for MBSSID mode. As such, add a unit
test to excercise parsing the available links from the RNR, basic ML
element and MBSSID-Index element if present.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Jouni Malinen [Mon, 27 Nov 2023 10:01:15 +0000 (12:01 +0200)]
Ignore missing set_secure_ranging_ctx callback for testing purposes
nl80211_set_secure_ranging_ctx() was already ignoring the operation, but
this is included only with CONFIG_DRIVER_NL80211_QCA=y. Make the default
case use same behavior based on the callback function not being defined.
This is needed to allow the following test cases to work:
pasn_owe_tm_kdk_secure_ltf pasn_sae_kdk_secure_ltf
nl80211: Remove links when stopping AP MLD in hostapd
There is an issue when starting a non-MLD AP on the same interface that
previous operated as an AP MLD. When the previous AP MLD got stopped,
links were not removed when using hostapd. Next non-MLD AP will fail to
start because some nl80211 operations still require link id (e.g., set
freq).
Remove links when AP MLD is stop to avoid such issue. This was already
done in the deinit_ap() handler when using wpa_supplicant, but hostapd
needs to do same.
Benjamin Berg [Mon, 20 Nov 2023 23:51:47 +0000 (01:51 +0200)]
tests: Fix some incorrect failure waiting calls
These were either sending the command to the wrong
hostapd/wpa_supplicant instance or using the wrong command. This
currently causes the wait to just immediately stop, but with future
commits it would start failing.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Ilan Peer [Mon, 20 Nov 2023 23:51:42 +0000 (01:51 +0200)]
AP: Handle re-association from a non-AP MLD
When processing a (Re)Association Request frame and no corresponding
station is found, try to find the station using the station MLD MAC
address from the Basic ML element, as it is possible that the station
is trying to re-associate but with a different link address (in such
a case the underlying driver would not perform address translations).
When sending the (Re)Association Response frame, use the addresses from
the (Re)Association Request frame and not the AP MLD MAC address, again,
to avoid the address translation done in the driver.
Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Benjamin Berg [Mon, 20 Nov 2023 23:51:40 +0000 (01:51 +0200)]
MLD: Use MLD MAC address for deauthentication
When connecting, pending_bssid is set to the main link that we are
authenticating/associating on. Later on, the MLD MAC address will be
stored in the bssid, but we may also try to deauthenticate before we are
connected and in that case, pending_bssid is not yet set to the MLD MAC
address.
As such, use the ap_mld_addr instead of pending_bssid if n_mld_links is
non-zero. This is the sensible thing to do and expected behavior on
nl80211.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
projects / thirdparty / hostap.git / log
