Jouni Malinen [Sun, 23 Feb 2025 14:27:03 +0000 (16:27 +0200)]
nl80211: Debug print setsockopt() failures for NETLINK_EXT_ACK
Even though we explicitly ignore these errors, it is better to print
them into the debug log if for no other reason than to get rid of some
static analyzer warnings about unchecked reutrn values.
Jouni Malinen [Sun, 23 Feb 2025 14:21:45 +0000 (16:21 +0200)]
MLD: Try to avoid static analyzer warnings about tainted variable
*pos was already checked above, but some static analyzers might not
understand that construction when the 8-bit value from the buffer is
assigned after the checks, so check again explicitly to get rid of
incorrect error reports.
Jouni Malinen [Sun, 23 Feb 2025 14:14:50 +0000 (16:14 +0200)]
Use pointer to Action frame body instead of Category field
This will hopefully silence some incorrect static analyzer warnings
about out-of-bounds reads since mgmt->u.action.category is an u8 while
this is really getting a pointer to that location in the Action frame
body and not just the 8-bit Category field.
Jouni Malinen [Sun, 23 Feb 2025 10:44:50 +0000 (12:44 +0200)]
P2P2: Check ssid != NULL more consistently in wpas_p2p_invite()
The recently added !ssid check here could make static analyzers complain
about dereferencing ssid in the function, so instead of covering just
the special P2P2 case, check explicitly for ssid == NULL for all cases.
Jouni Malinen [Sun, 23 Feb 2025 10:41:16 +0000 (12:41 +0200)]
mka: Simplify dl_list entry freeing
There is no need to call both dl_list_empty() and dl_list_entry()
separately in this manner since dl_list_first() is for that exact
purpose. Simplify this and also make it easier for static analyzers.
Jouni Malinen [Sun, 23 Feb 2025 10:03:40 +0000 (12:03 +0200)]
Make eht_cap != NULL check explicit to help static analyzers
data->eht_enabled was used to avoid getting here with eht_cap == NULL,
but that was too complex for some static analyzers. Make this more
explicit to avoid false reports.
Jouni Malinen [Sun, 23 Feb 2025 09:59:47 +0000 (11:59 +0200)]
PASN: Make ssid != NULL check easier for static analyzers
wpas_pasn_sae_setup_pt() would dereference ssid so it cannot be NULL in
the call. That was already taken care of by removing WPA_KEY_MGMT_*SAE*
in the ssid == NULL case. Anyway, adding an explicit check for !ssid
here gets rid of incorrect static analyzer reports.
Jouni Malinen [Sun, 23 Feb 2025 09:56:16 +0000 (11:56 +0200)]
P2P: Initialize new_ssid explicitly to make this easier for analyzers
new_ssid_len == 0 was used to skip reference to new_ssid in
p2p_build_invitation_resp(). This was too complex for some static
analyzers to notice, so initialize new_ssid as well to avoid false
reports.
Jouni Malinen [Sun, 23 Feb 2025 09:53:36 +0000 (11:53 +0200)]
P2P: Make sure go_dev_addr is initialized
wpas_p2p_persistent_group() does not set go_dev_addr if the group is no
persistent. Initialize go_dev_addr explicitly to all zeroes before that
call to make sure it cannot be uninitialized here.
Jouni Malinen [Sun, 23 Feb 2025 09:36:03 +0000 (11:36 +0200)]
Check network configuration availability before use in MAC randomization
wpas_update_random_addr_disassoc() could call wpas_update_random_addr()
with ssid == NULL, so need to be more careful here when comparing the
pregenerated address.
Fixes: bdbb6e0035ae ("wpa_supplicant: Handle MAC address randomization changes for same ESS") Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Feb 2025 19:15:41 +0000 (21:15 +0200)]
OSEN: Remove all OSEN functionality
Passpoint spec v3.4 removed all OSU functionality, including OSEN. In
practice, this means that there is not going to any deployment or use of
the OSEN functionality in the future and as such, there is no need to
maintain this implementation.
Passpoint spec v3.4 removed all OSU functionality. In practice, this
means that there is not going to any deployment or use of the OSU
technology in the future and as such, there is no need to maintain this
OSU client implementation.
Jouni Malinen [Sat, 22 Feb 2025 18:12:35 +0000 (20:12 +0200)]
HS 2.0 server: Remove example OSU SPP server
Passpoint spec v3.4 removed all OSU functionality. In practice, this
means that there is not going to any deployment or use of the OSU
technology in the future and as such, there is no need to maintain this
example OSU server implementation.
Jouni Malinen [Sat, 22 Feb 2025 18:02:38 +0000 (20:02 +0200)]
Interworking: Prefer cred realm over realm in username for anonymous NAI
Commit 61b2ed701291 ("Interworking: Use anonymous NAI in EAP-TTLS Phase
1") introduced a mechanism for generating an anonymous NAI specifically
for EAP-TTLS Phase 1. However, it was implemented before Passpoint R2
rules were defined for this and the implementation was not updated to
match the rules. The implementation uses the realm from the
cred::username, if present, over the separate cred::realm parameter.
However, the current Passpoint spec mandates realm from
PPS/<X+>/Credential/Realm (i.e., cred::realm in wpa_supplicant
configuration) to be used for this.
Reorder the priorities for the first two options for constructing the
anonymous identity when generating a network profile from a credential,
i.e., use cred::realm, if set, regardless of whether cred::username
contains a realm. cred::username is used as-is in Phase 2 which means
the inner and outer identities can now be configured to use different
realms.
Jouni Malinen [Sat, 22 Feb 2025 17:01:16 +0000 (19:01 +0200)]
SAE: Multiple default password iteration
SAE was designed to protect against offline dictionary attacks and that
prevents clean implementation of the multiple-password design similarly
to what has been done with WPA2-Personal. SAE has a concept of multiple
passwords with an explicit password identifier to identify which
password a STA is using. However, that has unfortunately not been
deployed in STAs so far which makes it inconvenient to use multiple
passwords in a WPA3-Personal network since configuring passwords
separately for each STA MAC address is both inconvenient and unrealistic
if MAC address randomization is used.
Allow hostapd to be configured to iterate over a small number of default
SAE passwords (i.e., passwords that do not use a password identifier and
that are allowed for any STA MAC address). This allows more than a
single SAE password to be used in a network. However, this comes with
risk of STAs delaying connection attempts since they might consider this
type of behavior to be an active attack (which it strictly speaking is).
In any case, this seems to be the only realistic method for SAE
deployment with multiple passwords today and it seems to work with up to
five SAE passwords at least with STAs that use wpa_supplicant.
When enabled, hostapd will try to use default SAE passwords one by one
until success. Successful authentication locks the selected password
into use. Failed attempt tracks the STA's MAC address with the password
and causes other passwords to be attempted on next tries. This works
relatively well as long as the STA is willing to attempt SAE multiple
times when the AP is rejecting attempts with Status Code 1 (unspecified
failure), i.e., a different Status Code compared to the normal password
mismatch case with 15 (challenge fail). Another possibility would have
been to silently discard failed Confirm messages to make this look more
like a lost frame than any explicitly indicated error case. However,
that would result in longer delay for retry attemots at least with
wpa_supplicant implementation.
This functionality can be enabled by setting the new configuration
parameter sae_track_password to a nonzero value. It should be set based
on how many active STAs are expected to be used the network. Larger
values use a bit more memory (12 bytes for each additional tracked STA
for each configuured default SAE password) and slightly increased
processing steps. The actual default passwords are set with
sae_password.
For example, this would allow three SAE passwords to be used:
Jouni Malinen [Sat, 22 Feb 2025 09:48:28 +0000 (11:48 +0200)]
tests: Avoid leaving dpp_connector_privacy_default=1 to next test case
sigma_dut_ap_dpp_self_config_connector_privacy could end up leaving the
default DPP connector privacy setting modified for the following test
case. That would make dpp_network_intro_version_missing_req fail. Fix
this by explicitly clearing the modified configuration parameter.
Jouni Malinen [Sat, 22 Feb 2025 09:45:29 +0000 (11:45 +0200)]
tests: Avoid failure in IBSS testing due to old scan results
ibss_open_fixed_bssid could leave behind old BSS entries that would
survive to the next test case. ibss_vht_80p80 would fail to establish
the IBSS on the expected channel in such cases. Explicitly flush the BSS
entries from kernel to avoid this.
Jouni Malinen [Sat, 22 Feb 2025 09:25:31 +0000 (11:25 +0200)]
nl80211: Fix PASN auth alg check on big-endian CPUs
auth_type is set to a value that is already converted to host byte order
and as such the following comparison must not convert the defined value
to little-endian byte order.
Fixes: 58a96187eed8 ("nl80211: Allow PASN Authentication frames with random (foreign) MAC address") Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 22 Feb 2025 09:15:27 +0000 (11:15 +0200)]
MLD: Fix MLE parsing in for association on big-endian CPUs
The control variable is ANDed with ml_control in host byte order and as
such, the control variable should have been initialized without
conversion to little endian.
Fixes: 5af986c75af4 ("MLD: Also mark links as failed after association failure") Signed-off-by: Jouni Malinen <j@w1.fi>
Pooventhiran G [Wed, 12 Feb 2025 04:03:00 +0000 (09:33 +0530)]
AP MLD: Request MLO Group KDEs for a subset of links
While requesting GTK, IGTK, and BIGTK group KDEs, all link group key
data are fetched by default. Make the APIs flexible by requesting for a
subset of links which may as well be all links, and populate the keys as
KDE for only the requested links.
Signed-off-by: Pooventhiran G <quic_pooventh@quicinc.com>
Jouni Malinen [Sat, 15 Feb 2025 10:19:15 +0000 (12:19 +0200)]
tests: Fix owe_invalid_assoc_resp with mac80211_hwsim STRICT validation
mac80211 has started rejecting the association attempt based on some
HT/WMM information missing for the (Re)Association Response frame when
in STRICT validation mode and that broke this test case with
mac80211_hwsim due to the Association Response frame being constructed
without HT and WMM information in the test script. Disable HT for now to
avoid this.
Johannes Berg [Mon, 3 Feb 2025 20:45:30 +0000 (21:45 +0100)]
nl80211: Remove support for use_monitor
Using nl80211 for management and EAPOL TX/RX has been available in the
kernel for over a decade, including TX status for data frames starting
from kernel 3.3. Remove support for (cooked) monitor TX/RX, leaving a
simple non-RX monitor for unencrypted TX testing.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Mon, 3 Feb 2025 20:45:28 +0000 (21:45 +0100)]
tests: ap_pmf: Stop using use_monitor=1
There's no need for this anymore, all the tests work without it. This
was originally used to be able to inject unprotected Deauthentication
and Disassociation frames in cases where PMF was in use, but commit 9bedf90047d6 ("nl80211: Use monitor interface for sending no-encrypt
test frames") allowed this to be done without having to for AP
operations to use the monitor interface for EAPOL frames with
use_monitor=1.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Chenming Huang [Fri, 14 Feb 2025 06:08:37 +0000 (11:38 +0530)]
AP MLD: Set WLAN_STA_ASSOC flag before copying STA entry (SME-in-driver)
In SME offloaded cases, it was found that WLAN_STA_ASSOC flag is
not set on all STA entries. This is because STA entries are
copied before WLAN_STA_ASSOC flag is set in the assocation link.
To fix that, set WLAN_STA_ASSOC flag properly before calling
hostapd_process_assoc_ml_info() where flags are copied to STA
entries in other links.
Chenming Huang [Thu, 23 Jan 2025 02:07:39 +0000 (07:37 +0530)]
DPP: Send connection status result if disconnected during 4-way HS
Connection status result was reported during failed 4-way handshake if
that failure might have been due to an incorrect phassphrase/password.
4-eay handshake might fail for other reasons and if that is the case,
the connection status result is delayed unnecessarily long untile the 15
second timeout occurs.
Optimize this by sending out the connection status result in all
disconnection cases that happen before the 4-way handshake has been
completed successfully.
Chenming Huang [Thu, 14 Nov 2024 06:28:59 +0000 (11:58 +0530)]
AP MLD: Allow new link to be added through control interface
AP MLD link is added with the same interface name but current control
interface command "ADD" does not consider tjat AP MLD case yet.
Modify the logic here to support adding a new AP MLD link from the "ADD"
command, too, by adding a new hostapd_iface structure instead of just a
new BSS into the existing structure.
Make sure wpa_sm has correct PMK when PMKSA cache used by driver
The PMK corresponding to the PMKSA cache entry used by the driver is
updated to wpa_sm only when the authorized flag set in the association
event data. In cases where the authorized flag is not set, i.e., initial
association or roam indication with 4-way handshake not completed by the
driver, the PMK is not updated and may be left at the default value
based on not yet known AKM and group. That would result in issues for
SAE-EXT-KEY cases where groups 20 or 21 are used since the Key MIC
length of the EAPOL-Key frames depends on the used PMK length. In
particular, wpa_sm needs to know the correct PMK length to determine the
Key MIC field length and the offset of the Key Data Length field
correctly in the EAPOL-Key msg 1/4. Otherwise, wpa_sm may fail to parse
the EAPOL-Key msg 1/4.
Fix this by always setting the PMK from the PMKSA entry corresponding to
the PMKID used by the driver in the (Re)Association Request frame to
wpa_sm.
Chenming Huang [Thu, 13 Feb 2025 03:38:39 +0000 (09:08 +0530)]
AP MLD: Cancel ap_sta_assoc_timeout for partner links
An earlier commit implements a timeout handler to remove unassociated
sta entries. For AP MLD, when a non-AP MLD is associated, the timeout
handler needs to be removed in its partner links, too. The check for
WLAN_STA_ASSOC is supposed to skip such cases in ap_sta_assoc_timeout(),
but it is better to cancel this timeout altogether from all links.
Fixes: 07ee3e8b0eb4 ("Remove STA entries if association is not completed in 60 seconds") Signed-off-by: Chenming Huang <quic_chenhuan@quicinc.com>
Define a QCA vendor subcmd to set periodic probe response config
Define a QCA vendor subcmd to send periodic or on-demand
directed Probe Response frames to a connected peer.
This config command will include attributes as per enum
qca_wlan_vendor_attr_periodic_probe_rsp_cfg.
Attribute list includes:
QCA_WLAN_VENDOR_ATTR_PROBE_RESP_CFG_PEER_MAC_ADDR
QCA_WLAN_VENDOR_ATTR_PROBE_RESP_CFG_PERIOD
QCA_WLAN_VENDOR_ATTR_PROBE_RESP_CFG_COUNT
Meng Yuan [Wed, 8 Jan 2025 08:10:10 +0000 (16:10 +0800)]
P2P: Check IEs buffer before use more consistently
Commit cab963e9f887 ("AP: Split check_assoc_ies()") added check for
ies/ies_len before going through the P2P element. Add similar checks for
p2p_group_notif_assoc() to be consistent and avoid potential risk of
associated STA tracking for P2P groups dereferencing NULL pointers.
Jouni Malinen [Tue, 11 Feb 2025 20:48:07 +0000 (22:48 +0200)]
Simplify supported rates and BSS membership selectors generation
Use a common helper function to generate the complete list of supported
rates and BSS membership selectors so that building the Supported Rates
and BSS Membership Selectors and the Extended Supported Rates and BSS
Membersip Selectors elements can be generated without having to
duplicate the logic for determining the actual values for the
rates/selectors. The functions for building these elements are now
simply selecting the subset of the values from the output from the
helper function.
MBSSID: Correctly compute the Extended Supported Rates element length
A hardcoded value of 8 bytes was used as the length for the Extended
Supported Rates element. This approach can cause issues if any changes
are made to the function without updating the length accordingly.
Determine the length properly instead of hardcoding and incorporate it
into the Multiple BSSID element length calculation.
And since this will now happen while calculating length, there is no
need to call hostapd_eid_ext_supp_rates() in
ieee802_11_build_ap_params_mbssid().
MBSSID: Fix Non-Inheritance element length calculation
Commit 4bfc007b61e6 ("MBSSID: Fix Non-Inheritance element encoding")
added one octet while filling the data. However, this one octet is
missing during length calculation. Add it now.
Jouni Malinen [Tue, 11 Feb 2025 10:02:34 +0000 (12:02 +0200)]
GAS: Fix eloop timeout clearing on random MAC address error path
There is one error case (for failing to update random MAC address) that
uses gas_query_free() for a query that has started and as such, might
have registered eloop timeouts. However, eloop timeouts were canceled in
gas_query_done() and as such, that was skipped for this error case. That
could result in leaving behind timeouts pointing to freed memory.
Fix this by moving eloop_cancel_timeout() calls to gas_query_free() so
that they are covered for all cases.
Fixes: c267753ba2cc ("Add support for using random local MAC address") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Jouni Malinen [Sun, 9 Feb 2025 16:20:31 +0000 (18:20 +0200)]
EAP-pwd: Make code easier for static analyzers
resultbytelen cannot be 0 when resultbitlen != 0 and as such,
result[resultbytelen - 1] here cannot point to invalid index. However,
this is apparently too complex for static analyzers, so make this more
obvious to avoid false positives.
Jouni Malinen [Sun, 9 Feb 2025 16:17:39 +0000 (18:17 +0200)]
JSON: More explicit check for depth in arrays/objects
Invalid state here was detected based on the parent token being in
JSON_STARTED state, but to be clearer for static analyzers, also check
explicitly that depth is not 0.
Jouni Malinen [Sun, 9 Feb 2025 16:12:40 +0000 (18:12 +0200)]
SHA-PRF: Make code easier for static analyzers
pos cannot be 0 when buf_len_bits != 0 and as such, buf[pos - 1] here
cannot point to invalid index. However, this is apparently too complex
for static analyzers, so make this more obvious to avoid false
positives.
Jouni Malinen [Sun, 9 Feb 2025 16:11:00 +0000 (18:11 +0200)]
BSS: Clear wpa_bss pointers on bss entry removal
Reduce risk of unexpected behavior by clearing any struct wpa_supplicant
pointers to struct wpa_bss entries when such a BSS entry gets removed
from the BSS list.
朱海 [Wed, 31 Jan 2024 12:58:47 +0000 (20:58 +0800)]
P2P: Clear pending_listen_freq if listen failed
p2p_listen() use p2p->pending_listen_freq to check if there is a a
pending p2p_listen request. However, this value is not cleared when
failing to start listen operation, making extended listen not work
anymore.
P2P: Failed to request the driver to remain on channel (2412 MHz) for Listen state
p2p-dev-wlan0: Radio work 'p2p-listen'@0xa800d510 done in 0.005055 seconds
p2p-dev-wlan0: radio_work_free('p2p-listen'@0xa800d510: num_active_works --> 0
P2P: Previous Extended Listen operation had not been completed - try again
P2P: State LISTEN_ONLY -> IDLE
P2P: Extended Listen timeout
P2P: Going to listen(only) state
P2P: p2p_listen command pending already
Clear p2p->pending_listen_freq if the radio work to start the listen
operation fails.
Jouni Malinen [Sun, 9 Feb 2025 10:05:50 +0000 (12:05 +0200)]
wolfSSL: Include asn.h to fix build with some library configs
It looks like wolfssl/wolfcrypt/asn.h gets pulled in by some of the DPP
functionality when --enable-wpas-dpp, but it is not included without
that. Include asn.h explicitly now that it is needed for non-DPP cases
as well after commit 99239d08de3e ("wolfssl: Implement RSA-OAEP-SHA256
for EAP-AKA privacy protection").
Jouni Malinen [Sat, 8 Feb 2025 18:11:30 +0000 (20:11 +0200)]
drivers: RX-only configuration of the next TK during 4-way handshake
Introduce option for drivers to avoid race conditions with TK
configuration during 4-way handshake. The next pairwise TK is made
available to the driver interface before sending message 3 of the 4-way
handshake on the AP and after having received message 3 (but before
transmitting message 4) on the station. This allows the driver to
configure the next TK as an alternative RX-only key during the race
window and take the new TK fully into use once the 4-way handshake has
been fully completed. The alternative RX-only key must not be used for
TX and if a TK has already been configured, both that previously
configured TK and the next RX-only TK need to be allowed to decrypt
received frames (i.e., both needs to be tried before discarding a frame
as invalid). When taking the new TK fully into use, RX counters for it
must not be cleared. Unencrypted EAPOL frames must be allowed to be
received when only an RX-only TK is configured in the beginning of an
association.
This commit is only introducing the hostapd and wpa_supplicant internal
pieces for this functionality and this does not result in any changes to
the actual driver operations. This enables future commits to extend
driver wrappers (src/drivers/driver_*.c) to take this functionality into
use.
Jouni Malinen [Sat, 8 Feb 2025 16:00:06 +0000 (18:00 +0200)]
MLD: Fix Multi-Link element parsing for association failures
The Common Info and STA Info fields are supposed to be extensible and as
such, their length fields need to be verified to be large enough, but if
there are unknown extra fields after the known fields, those need to be
silently ignored instead of rejecting the element.
Fixes: 5af986c75af4 ("MLD: Also mark links as failed after association failure") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Jouni Malinen [Sat, 8 Feb 2025 10:55:42 +0000 (12:55 +0200)]
AP MLD: Fix STA Info field parsing in Basic Multi-Link element
The STA Info field is supposed to be extensible. Instead of determined
the length of known components and only accepting that length, make sure
that there is sufficient octets in the received field for whatever we
are parsing and ignore any potential unknown extensions at the end.
In addition, simplify some of the bounds checking by using pointers to
the end of the subelement and the MLE itself instead of trying to track
the remaining lengths and a pointer to the current location
consistently.
Fixes: 5f5db9366cde ("AP: MLO: Process Multi-Link element from (Re)Association Request frame") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Jouni Malinen [Sat, 8 Feb 2025 09:58:43 +0000 (11:58 +0200)]
AP MLD: Simplify MLD MAC Address parsing from Multi-Link element
There is no need to try to figure out the total expected length of the
Common Info field when we are interested in only the MLD MAC Address
field which is in the fixed header of this field in Basic Multi-Link
elements.
Jouni Malinen [Sat, 8 Feb 2025 09:53:49 +0000 (11:53 +0200)]
AP MLD: Fix Multi-Link element parsing in (Re)Association Request frame
The Common Info field in the Basic Multi-Link element is supposed to be
extensible with its Length field indicating the total length of the
field. Instead of only accepting that exact length, any larger value
needs to be accepted as well to support extensibility.
Fixes: 5f5db9366cde ("AP: MLO: Process Multi-Link element from (Re)Association Request frame") Fixes: e996704201e7 ("AP: Handle re-association from a non-AP MLD") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Mohan Kumar G [Wed, 22 Jan 2025 19:06:34 +0000 (00:36 +0530)]
EHT: Fix 6 GHz HE operation bandwidth for 320 MHz with puncturing
Channel width and center frequencies were updated incorrectly into the
HE Operation element when the AP is configured to use a 6 GHz 320 MHz
channel with a puncturing bitmap.
In hostapd_eid_he_operation(), punct_bitmap corresponds to 320 MHz while
oper_chwidth and seg0 are set for 160 MHz. When calculating legacy
bandwidth, punct_update_legacy_bw() uses only the first 160 MHz
puncturing bitmap and if the primary channel is in the second 160 MHz
segment, incorrect values are calculated for legacy bandwidth and center
frequencies.
Fix this issue by using the EHT operating channel width and center
frequency to calculate legacy bandwidth when puncturing is enabled.
Fixes: 2552de375db5 ("EHT: Fix HE center frequency for EHT 320 MHz with puncturing") Signed-off-by: Mohan Kumar G <quic_mkumarg@quicinc.com>
Fix crash due to iteratively calling radio_remove_works()
Commit 3242793cb8df ("P2P: Remove pending p2p-listen radio work on
stopping listen") added removal of all pending p2p-listen radio works
when P2P listen is stopped. But in case where p2p-listen radio work is
pending with work->started=1 and radio_remove_works() is called (e.g.,
as part of interface disabling), there is an attempt to remove radio
work iteratively from wpas_stop_listen() causing a crash.
To avoid this, add check to avoid iterative calls to wpas_stop_listen().
Sunil Ravi [Tue, 4 Feb 2025 18:35:46 +0000 (18:35 +0000)]
nl80211: Fix compilation error due to uninitialized variable
nl_flags is not necessarily set here.
Fixes: 00c2c20d74ee ("hostapd: Maintain single wpa_driver_nl80211_data (drv) object across interfaces") Signed-off-by: Sunil Ravi <sunilravi@google.com>
Jouni Malinen [Wed, 5 Feb 2025 17:23:39 +0000 (19:23 +0200)]
RADIUS: Fix pending request dropping
A recent change to this moved the place where the processed RADIUS
request was removed from the pending list to happen after the message
handler had been called. This did not take into account possibility of
the handler adding a new pending request in the list and the prev_req
pointer not necessarily pointing to the correct entry anymore. As such,
some of the pending requests could have been lost and that would result
in not being able to process responses to those requests and also, to a
memory leak.
Fix this by determining prev_req at the point when the pending request
is being removed, i.e., after the handler function has already added a
new entry.
Fixes: 726432d7622c ("RADIUS: Drop pending request only when accepting the response") Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Ananya Gupta [Thu, 23 Jan 2025 14:59:42 +0000 (20:29 +0530)]
QCA vendor values for traffic types for browsing and aperiodic bursts
As part of flow classification enhancement, web browsing and aperiodic
bursty traffic will be detected. To enable this, add browsing and
aperiodic bursts types for traffic classification.
Kavita Kavita [Thu, 23 Jan 2025 09:07:30 +0000 (14:37 +0530)]
Add QCA vendor attribute to enable/disable link reconfiguration support
Add the attribute QCA_WLAN_VENDOR_ATTR_CONFIG_SETUP_LINK_RECONFIG_SUPPORT
to enable/disable link reconfiguration support in STA mode for testing
purposes.
Add QCA vendor command to trigger primary link migration
During MLO, the driver might select one of the link peers as the primary
link peer for doing one time operations/setup used at MLD peer level.
The primary link is not same as the association link. Now there can be
requirement to move the primary link from one link to other such as
during ML reconfiguration or user would like to configure this based on
its requirement such as load balancing.
Add a new vendor command QCA_NL80211_VENDOR_SUBCMD_PRI_LINK_MIGRATE to
trigger primary link migration from the userspace. Either just one ML
client or a bunch of clients can be migrated.
tests: Skip ap_wpa2_eap_fast_server_oom with wolfSSL
wolfSSL sends the session ticket extension on the first TLS handshake.
This causes the malloc error to be triggered on the first connection
instead of the second and the failure event is not registered in this
test case.
wolfSSL: Simplify option setting in tls_set_conn_flags()
Use one call to wolfSSL_set_options with all the relevant options
already set. In addition, use this function in
tls_connection_set_verify() instead of just tls_connection_set_params().
Without a call to wolfSSL_CTX_EnableOCSP(tls_ctx,
WOLFSSL_OCSP_URL_OVERRIDE); then the override URL would not be used. But
since we don't actually want to enable OCSP in this step, disable it
immediately after. The option will stay turned on.
Fully turn on OCSP stapling and do error checking on all calls.
projects / thirdparty / hostap.git / log
