Jouni Malinen [Sat, 16 Mar 2024 09:16:12 +0000 (11:16 +0200)]
eapol_test: Move Message-Authenticator attribute to be the first one
Even if this is not strictly speaking necessary for mitigating certain
RADIUS protocol attacks, be consistent with the RADIUS server behavior
and move the Message-Authenticator attribute to be the first attribute
in the message from RADIUS client.
Jouni Malinen [Sat, 16 Mar 2024 09:11:44 +0000 (11:11 +0200)]
RADIUS: Allow Message-Authenticator attribute as the first attribute
If a Message-Authenticator attribute was already added to a RADIUS
message, use that attribute instead of adding a new one when finishing
message building. This allows the Message-Authenticator attribute to be
placed as the first attribute in the message.
SAE: Clear rejected groups list on completing authentication
The rejected groups list is valid only during each individual SAE
authentication instance and it should not be maintained between separate
instances. In particular, it should not be maintained when roaming to
another AP since the APs might use different configuration for the
allowed SAE groups.
SAE: Clear rejected groups list on continuous failures
wpa_supplicant used to maintain the list of rejected groups for SAE over
multiple failed attempts. This could have some DoS issues, so clear this
list if SAE authentication attempts fails continuously.
SAE: Clear peer_rejected_groups when no element is included
When parsing a SAE Commit message, the temporary peer_rejected_groups
parameter was left to its old value in cases where the new SAE Commit
message did not include the Rejected Groups element. This could result
in unexpected behavior if a previously processed SAE Commit message
included a Rejected Groups element that claimed one of the enabled
groups to be rejected.
Explicitly clear the peer_rejected_groups value when parsing an SAE
Commit message without a Rejected Groups element to avoid rejecting the
new message based on some previously received incorrect information.
This avoids some potential denial-of-service issues during the lifetime
of the SAE temporary data.
SAE: Check for invalid Rejected Groups element length explicitly
Instead of practically ignoring an odd octet at the end of the element,
check for such invalid case explicitly. This is needed to avoid a
potential group downgrade attack.
Vendor command extension for Responder PM Mode bit in TWT SET Request
Use the existing QCA_WLAN_VENDOR_ATTR_TWT_SETUP_RESPONDER_PM_MODE
attribute for TWT setup request to configure the Responder PM Mode bit
in the control field of the TWT element or broadcast TWT schedule.
Add vendor flag to indicate unavailability mode in TWT responder mode
Add a flag attribute
QCA_WLAN_VENDOR_ATTR_TWT_SET_PARAM_UNAVAILABILITY_MODE into enum
qca_wlan_vendor_attr_twt_set_param to configure the TWT responder
unavailability outside of the SPs of its broadcast TWT schedule.
Chenming Huang [Fri, 31 May 2024 02:28:36 +0000 (07:58 +0530)]
SAE: Free password identifier if SAE commit is rejected due to it
Authentication rejection was found when doing fuzz testing even with a
valid SAE commit message when it was sent after a SAE commit message
that included an incorrect password identifier. The test steps for this
are as below:
1. Peer sends an abnormal commit message with incorrect password
identifier
2. APUT rejects as expected
3. Peer sends a valid commit message
4. APUT rejects again, which is not expected
In step 2, as the abnormal data fakes an empty password identifier
element, it passes sae_is_password_id_elem() checking. Memory is then
allocated for sae->tmp->pw_id. The authentication process then fails
due to no available password with this invalid password identifier.
In step 4, though the peer sends a valid commit message, APUT rejects
this SAE commit again due to no password identifier element (due to that
sae->tmp->pw_id being set), which is not expected.
Free the sae->tmp->pw_id field and set it to NULL when SAE commit
message processing fails due to an unknown password identifier so that
the bogus value is not used as a requirement for any consecutive SAE
commit from the same STA before the STA entry gets cleared.
Jouni Malinen [Tue, 18 Jun 2024 22:09:52 +0000 (01:09 +0300)]
SSID protection in 4-way handshake on AP
Add support for SSID protection in 4-way handshake based on the
mechanism added in IEEE 802.11REVme/D6.0. This is a mitigation against
CVE-2023-52424 (a.k.a. the SSID Confusion Attack).
This functionality is disabled by default and can be enabled with
ssid_protection=1. Once there has been more testing of this to confirm
there is no significant interoperability issues, the goal is to be able
to change this to be enabled by default.
Jouni Malinen [Tue, 18 Jun 2024 22:07:36 +0000 (01:07 +0300)]
SSID protection in 4-way handshake on STA
Add support for SSID protection in 4-way handshake based on the
mechanism added in IEEE 802.11REVme/D6.0. This is a mitigation against
CVE-2023-52424 (a.k.a. the SSID Confusion Attack).
This functionality is disabled by default and can be enabled with
ssid_protection=1 in the network profile. Once there has been more
testing of this to confirm there is no significant interoperability
issues, the goal is to be able to change this to be enabled by default.
STA: Update scan results when BSS entry with current SSID is not found
wpa_supplicant might use a wrong BSS entry with the SSID different from
the current SSID of the current BSS while processing a roam event from
the driver when wpa_supplicant has a stale BSS entry with the old SSID
and the driver roams to the same BSS after it is restarted with a new
SSID.
To avoid this, update scan results from the driver when a BSS entry is
not found with the current SSID and try to fetch the BSS entry again
with the current SSID after this.
Also, with this change wpa_supplicant_get_new_bss() itself will update
the BSS table and search for the current BSS entry if it is not found in
the BSS table. So, remove the BSS table update and search logic from the
callers of wpa_supplicant_get_new_bss().
Once CCA is finished, Beacon frames need to be updated. The BCCA element
needs to be removed and the new color value shall be advertised in the
BSS Color Information field of the HE Operation element.
ACS: Handle scan start request failure with error code -EBUSY
Currently, if ACS scan request fails, states are cleared and returned.
However, in case of MLO, there is a possibilty of getting return value
of -EBUSY. In this case, ACS can retry the scan request after some time
similary to the HT40 scan.
Hence, retry the scan after 5 seconds if -EBUSY is returned. Maximum of
15 re-attempts are made before giving up.
AP MLD: Fix deferred first link BSS's authentication server init
Currently, RADIUS client, auth server, and 802.1X are copied from the
first link's BSS into the non-first link during its setup. However,
there could be a case where the first link is not initialized fully
because of ACS/HT40 SCAN/DFS. Hence, in such cases, NULL is getting
copied and later it leads to segmentation fault.
Initialize those on behalf of the first link in such case and update it
so that the next time other non-first link can use it.
Add a new QCA vendor attribute to set interface offload type
Userspace tools can use QCA_WLAN_VENDOR_ATTR_CONFIG_IF_OFFLOAD_TYPE to
configure the different below acceleration features (hardware, software)
on a per interface basis.
0 - No acceleration Packets are processed through the Linux kernel
networking stack.
1 - Software based acceleration: Packets are processed through the
shortcut forwarding engine (SFE) to bypass the Linux networking stack
for improved throughput performance. This option is applicable for AP,
STA, and Mesh mode and available for all radio designs. From the
performance aspect, this option consumes more CPU compared to the other
two options. Linux traffic control can be further applied with this
option to have more control on the traffic flows.
2 - Hybrid acceleration (software and hardware acceleration combined):
Packets are processed through both hardware and software in this case.
Packet classification is done by the hardware and then the packets are
delivered to software along with classification results as meta data.
Software can choose to do more classification/QoS based on use cases.
This is applicable for AP, STA, and Mesh modes and is available for all
radio designs. From the performance aspect, this option consumes
relatively less CPU compared to the SFE option above. Linux traffic
control rules cannot be applied with this option.
3 - Hardware based acceleration : Packets are processed through special
hardware (Direct Switch) rings which can directly forward the packets
between ethernet hardware and Wi-Fi hardware with very less software
involvement. This is applicable only for AP and STA modes; not
applicable for Mesh mode. From the performance aspect, this option
consumes very much less CPU compared to the other options. Linux traffic
control rules cannot be applied when this option is used. This option is
applicable only for specific radio designs. When this option is not
available, the default option (SFE) would be configured.
Jianmin Zhu [Tue, 7 May 2024 09:53:44 +0000 (02:53 -0700)]
Add vendor attributes to detect data stall for consecutive TX no ack
Add following vendor attributes to dynamically configure parameters to
detect data stall for consecutive TX no ack.
- QCA_WLAN_VENDOR_ATTR_CONFIG_CONSECUTIVE_TX_NO_ACK_DURATION
- QCA_WLAN_VENDOR_ATTR_CONFIG_CONSECUTIVE_TX_NO_ACK_THRESHOLD
Jouni Malinen [Wed, 29 May 2024 16:40:27 +0000 (19:40 +0300)]
WNM: Allow a specific BSS max idle period to be requested
Add a new wpa_supplicant network profile parameter max_idle that can be
used to specify a specific maximum idle period in units of 1000 TUs
(1.024 s) for associations.
Jouni Malinen [Wed, 29 May 2024 09:57:08 +0000 (12:57 +0300)]
WNM: Group rekeying skipping with BSS max idle period management
Allow hostapd to be configured to not disconnect a STA if the STA fails
to reply to a group key handshake when BSS max idle period management is
used. This might be needed for some STAs that use aggressive power
saving (e.g., battery powered IoT devices).
This is disabled by default since this can delayed group rekeying
slightly and also to maintain the previous behavior. The more relaxed
operation can be enabled with the new configuration parameter
no_disconnect_on_group_keyerror=1.
Jouni Malinen [Wed, 29 May 2024 09:41:51 +0000 (12:41 +0300)]
WNM: Configurable BSS Max Idle Period management on AP
Allow AP's behavior for BSS Max Idle Period management to be configured.
Previously, this was automatically enabled for all CONFIG_WNM_AP=y
builds. This can now be changed with the new hostapd configuration
parameter bss_max_idle:
0 = BSS Max Idle Period management disabled
1 = BSS Max Idle Period management enabled
(default and the previous behavior)
2 = BSS Max Idle Period management enabled with requirement for
protected keep-alive frames
Aditya Kodukula [Wed, 8 May 2024 01:04:31 +0000 (18:04 -0700)]
Add vendor attributes to configure TX/RX NSS and chains per band
Add attributes to QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION
vendor command to configure asymmetric TX/RX NSS and chains per band.
Also document driver's response when existing attributes to configure
TX/RX NSS and chains for all the bands 2.4 GHz and 5/6 GHz are used in
the same command.
Aditya Kodukula [Tue, 7 May 2024 19:48:42 +0000 (12:48 -0700)]
Add kernel documentation for nss and chain configuration vendor command
Add kernel documentation to the attributes used in the vendor command
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION to configure the NSS
and chains values used for transmitting and receiving the data.
mtk30479 [Wed, 24 Jan 2024 03:51:43 +0000 (11:51 +0800)]
P2P: Fix fast IP address allocation for invitation of a persistent group
Allocate static IPv4 address in EAPOL frames during 4-way handshake
instead of DHCP when using P2P invitation. wpa_s->current_bss needs to
be set for the P2P specific IP address assignment mechanism to be used
in wpa_supplicant_rsn_supp_set_config(). This worked for the initial P2P
connection, but not for some cases reinvoking a persistent group.
Since there is only one AP (P2P GO) in the P2P client case, the
conditions added in commit 4d3be9cdd143 ("Postpone updating of
wpa_s->current_bss till association event") are not needed and the
easiest approach for this is to allow current_bss to be set for
p2p_in_invitation cases. If the GO P2P Interface Address (BSSID) could
be determined for all the related cases, this could be addressed a bit
more cleanly by setting the go_bssid argument for
wpas_start_p2p_client(), but that can be left as a possible future step.
Signed-off-by: tzu-meng wang <tzu-meng.wang@mediatek.com>
Add a test case 'eht_mld_cohosted_connectivity' which creates two 2 link
AP MLDs and connect a 2 link MLD client to each one of them and test
data traffic.
Add test cases to test basic cohosted MLDs functionality. Add helper
functions to create the configuration file, start hostapd instance.
Client connectivity test case will be added via a subsequent commit.
eht_mld_cohosted_discovery: 2 co-hosted MLDs without non-MLD RNR. Basic
bring up and beacon, MLD RNR, scan validation.
eht_mld_cohosted_discovery_with_rnr: Same like eht_mld_cohosted_discovery
but additionally non-MLD RNR (rnr=1) is also enabled. Validate the non-MLD
RNR as well.
Update Probe Response template on BSS color change
When AP is beaconing only on the 6 GHz band and unsol_bcast_presp
interval is set, AP sends unsolicited broadcast Probe Response frames
for in-band discovery. hostapd sent the Probe Response template for this
frame only when setting a new Beacon frame template.
Extend this to update the Probe Response template during BSS color
change.
Signed-off-by: Rathees Kumar R Chinannan <quic_rrchinan@quicinc.com>
When AP is beaconing only on the 6 GHz band and unsol_bcast_presp
interval is set, AP sends unsolicited broadcast Probe Response frames
for in-band discovery. hostapd sent the Probe Response template for this
frame only when setting a new Beacon frame template.
Extend this to update the Probe Response template during channel switch.
Signed-off-by: Rathees Kumar R Chinannan <quic_rrchinan@quicinc.com>
More generic unsolicited broadcast Probe Response template setup
When AP is beaconing only on the 6 GHz band and unsol_bcast_presp
interval is set, AP sends unsolicited broadcast Probe Response frames
for in-band discovery. hostapd sent the Probe Response template for this
frame only when setting a new beacon.
As a preparation for extending this functionality to other cases, move
the generation of the unsolicited broadcast Probe Response template into
a more generic function and data structure.
Signed-off-by: Rathees Kumar R Chinannan <quic_rrchinan@quicinc.com>
Amith A [Mon, 8 Apr 2024 09:11:16 +0000 (14:41 +0530)]
Make selection of current opclass more generic for 20 MHz UNI-III channels
According to IEEE Std 802.11-2020, Operating classes Table E-2 (Europe)
and Table E-6 (China) map channels in the range 149 to 161 to the global
operating class 125, while Table E-1 (United States) maps these channels
to global operating classes 125 and 124 as well. The global operating
class 125 contains all channels from the global operating class 124 and
some additional channels.
Hence, to make the selection of the current operating class generic, use
operating class 125 for all 20 MHz channels in the range 149 to 161.
Signed-off-by: Amith A <quic_amitajit@quicinc.com>
Sriram R [Mon, 22 Apr 2024 17:08:42 +0000 (22:38 +0530)]
FILS: Add Operating Class and Primary Channel in FD for non-PSC chan
If a non-PSC 6 GHz channel with bandwidth higher than 20 MHz is
configured, duplicate beacons/FD/UBPR will be transmitted in other 20
MHz channels of the current configured bandwidth to aid in faster scan.
In such cases the duplicate FD needs to carry the Operating Class and
Primary Channel subfields for non-AP STAs to identify the primary
non-PSC.
IEEE Std 802.11-2020, 9.6.7.36 (FILS Discovery frame format):
"The Operating Class subfield specifies the operating class of the
Primary Channel of the transmitting AP (see 9.4.1.36).
The Primary Channel subfield is set to the channel number of the primary
channel (see 11.15.2) if the FILS Discovery frame is transmitted as a
non-HT duplicate PPDU; otherwise, the subfield is not present."
Hence, add the Operating Class and Primary Channel subfields if the
current channel is non-PSC and the channel bandwidth is 40 MHz or
higher.
Signed-off-by: Sriram R <quic_srirrama@quicinc.com> Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
nl80211: Update link bandwidth when receiving channel switch event
There is a chance that the driver has switched the channel width so we
should update the bandwidth, too, when receiving a channel switch event.
Otherwise, this may cause out of sync for bandwidth between i802_link
and hostapd_config.
AP MLD: Set link_id field in hostapd_freq_params when setting up AP
If not set, 0 is set by default and this could fail in the following
code path when link ID is not matching:
hostapd_drv_set_ap -> wpa_driver_nl80211_set_ap -> nl80211_set_channel
Add QCA vendor subcommand to suspend/resume AP interface
Add a new QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_AP_SUSPEND to
allow suspend and resume the AP interface. When an AP is suspended, it
disconnects all connected clients and stops all TX/RX operations on the
AP interface. The driver retains the AP configuration and on resume, all
AP operations are resumed with the same configuration.
This subcommand is also used in the event path to notify userspace about
AP suspended or resumed state changes.
This uses attributes defined in enum qca_wlan_vendor_attr_ap_suspend.
Wait for both peers to be connected before checking MESH_LINK_PROBE
behavior. Without this, it was possible for a MESH_LINK_PROBE command to
be issues before the specific peer had been added and that would result
in the nl80211 command failing.
tests: Fix autogo_chan_switch to not drop HT capability
This test case ended up dropping HT capability on channel switch which
is now resulting in mac80211 disconnecting. Avoid this by leaving HT
enabled. In addition, check the P2P Client events explicitly.
AP MLD: Add MLO Link KDE for each affiliated link in EAPOL-Key 3/4
Previously, MLO Link KDE was added only for each link that was
negotiated for the ML association. However, IEEE Std 802.11be/D5.0,
12.7.6.1 defines the MLO Link KDE to be included "for each affiliated
AP" which is not constrained by what the non-AP MLD might have requested
or what the negotiation outcome for this particular ML association is.
AP MLD: Do not store per-supplicant AP RSNE/RSNXE information
There is no need to store the AP MLD's RSNE/RSNXE within per-supplicant
data structure in struct wpa_state_machine since those elements are
available from the generic authenticator data in struct
wpa_authenticator.
AP MLD: Do not store per-supplicant AP link MAC address information
There is no need to store the AP MLD's link MAC addresses within
per-supplicant data structure in struct wpa_state_machine since those
MAC addresses are available from the generic authenticator data in
struct wpa_authenticator.
AP MLD: Do not store per-supplicant AP MLD MAC address information
There is no need to store the AP MLD MAC address within per-supplicant
data structure in struct wpa_state_machine since that MLD MAC address is
available from the generic authenticator data in struct
wpa_authenticator.
Lee Harding [Tue, 9 Apr 2024 22:06:38 +0000 (15:06 -0700)]
Allow Session-Timeout with PSK RADIUS during 4-way handshake
When the RADIUS response included a Session-Timeout attribute, but is
otherwise valid (an Access-Accept with a valid Tunnel-Password), the
association still failed due to the strict comparison of the accepted
value with HOSTAPD_ACL_ACCEPT. Apparently this combination wasn't
previously tested.
Extend this to allow a packet containing a valid Session-Timeout
attribute to be accepted by extending the "success" comparison to
include HOSTAPD_ACL_ACCEPT_TIMEOUT.
Fixes: 1c3438fec4ba ("RADIUS ACL/PSK check during 4-way handshake") Signed-off-by: Lee Harding <somerandomstring@gmail.com>
Fix center segment indexes in channel switch fallback to non-5 GHz cases
Hardcoded conversion for 5 GHz band was used, but this won't work for
other cases. Set the correct center segment indexes in channel switch
fallback for non-5GHz band.
Benjamin Berg [Wed, 17 Apr 2024 12:45:24 +0000 (15:45 +0300)]
P2P: Call normal SD query callback on RX/TX race
If the TX success response races with the RX frame then the state
machine was simply move to P2P_SD_DURING_FIND to continue the operation.
However, this does not take into account broadcast queries where the
callback handler updates the peer's sd_pending_bcast_queries.
Fix this by exporting the callback and calling it directly. This is
fine, as the operation is cancelled immediately afterwards, ensuring
that the callback is not called a second time.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Benjamin Berg [Mon, 8 Apr 2024 13:07:00 +0000 (16:07 +0300)]
ctrl_iface: Allow sending ML probe without AP MLD ID
If one sends a Probe Request frame to a non-TX BSSID, no AP MLD ID
should be included in the request. Permit mld_id to be -1 so that it is
not a required argument and can be left out.
Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Ilan Peer [Mon, 8 Apr 2024 13:06:59 +0000 (16:06 +0300)]
SME: MLD: Clear MLD state only after the deauthentication
In case of failure handling an Authentication frame from the AP MLD,
clear the MLD state only after the deauthentication is done. This allows
deauthentication process to use the AP MLD MAC address.
Ilan Peer [Mon, 8 Apr 2024 13:06:57 +0000 (16:06 +0300)]
SME: MLD: Deauthenticate when failing to parse ML element
If parsing the basic ML element in the Authenticate frame fails,
instead of only disassociating, completely deauthenticate so all
state machines would be in a consistent state.
Ilan Peer [Mon, 8 Apr 2024 13:06:56 +0000 (16:06 +0300)]
wpa_supplicant: Do not roam to an associated link
When considering to roam to a different BSS and the connection
is an MLD connection, do not roam to a BSS which is already
included in the MLD connection.
Ilan Peer [Mon, 8 Apr 2024 13:06:55 +0000 (16:06 +0300)]
tests: Wait after removing a BSS
When a BSS is removed, the flow continues without actually
waiting for the AP to be stopped. This is racy in flows that
actually expect the AP to be stopped, e.g., test_ap_bss_add_remove().
Try to mitigate such cases by adding a short sleep after the
AP is removed.
Clear connect_without_scan on network profile removal
wpa_s->connect_without_scan could have been left pointing to invalid
network when a network profile was removed. It seems to be possible for
this to happen in some hwsim test case scenarios under specific timing,
but the exact reason for this is not clear. In any case, this pointer
needs to be cleared.
Check whether to skip a BSS in RNR with a shared helper
The functions that determine the length of the RNR information and that
build the actual RNR need to use the same conditions for skipping BSSs.
Use a shared helper function for this to avoid having to maintain two
copies of the same implementation and the risking those getting out of
sync.
RNR formation for co-location or MLO did not work as expected. Fix this.
For example, during co-location, if the BSS is also its ML partner
there is no need to include a separate TBTT for it.
Also, during co-location, if the BSS is not its partner but it is ML
capable, the TBTT length should be 16 bytes and it should include the
MLD Parameters for it in the RNR.
During co-location, for a given Neighbor AP (operating on a given
channel and op-class) if it has BSSs which are ML capable as well as
BSSs which are not, there should be two Neighbor AP Info present: one
indicating TBTT length as 13 bytes and one indicating TBTT info length
as 16 bytes.
Whenever a BSS was set up,hostapd flushed all stations via the flush()
driver operation which maps to NL80211_CMD_DEL_STATION in the nl80211
interface. However, in case of MLO, a station could have been connected
to other links by the time this link is coming up. Since link ID was not
passed to flush(), all those stations entries were also removed in the
driver which is wrong.
Include the link ID along with the command in AP MLD so that the driver
can use this link ID and flush only the stations that use the passed
link ID as one of their links.
Group rekeying was not supported for ML stations when non-association
link initiates a group rekey. Support this by arming the group key rekey
timer on one of the affiliated links and whenever this timer fires,
rekey group keys on all the affiliated links.
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com> Co-developed-by: Adil Saeed Musthafa <quic_adilm@quicinc.com> Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
AP MLD: Calculate ML KDE length separately for each link
Calculate links specific MLO GTK/IGTK/BIGTK KDE lengths based on
corresponding cipher and key instead of taking length of one link and
multiplying it by no of associated links. This is needed since the group
ciphers might be different between the affiliated links.
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com> Co-developed-by: Adil Saeed Musthafa <quic_adilm@quicinc.com> Signed-off-by: Adil Saeed Musthafa <quic_adilm@quicinc.com> Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
Make the code more readable by using a define for the PN length to avoid
potential confusion of this 6 octet length with the MAC address length.
In addition, Use ETH_ALEN more consistently for the latter.
Add required ML specific members in struct wpa_authenticator and struct
wpa_state_machine to maintain self and partner link information.
Maintain state machine object in all associated link stations and
destroy/remove references from the same whenever link stations are
getting removed.
Increase the wpa_group object reference count for all links in which ML
station is getting associated and release the same whenever link
stations are getting removed.
AP MLD: Skip association link processing in ML info
All links were iterated over during processing ML info in Association
Request frame. However, the association link info will not be present in
the ML info and hence the following debug print is observed during ML
association (assoc link is 1):
MLD: No link match for link_id=1
Skip processing for the association link to avoid this.
projects / thirdparty / hostap.git / log
